Merge pull request #17834 from yuwata/network-ipv6-reject-type-route

network: handle IPv6 routes with reject type correctly
2020-12-04 12:19:35 +01:00 · 2020-12-04 12:19:35 +01:00 · a2c2421a05
parent 3a595c597a 452d86a532
commit a2c2421a05
4 changed files with 90 additions and 2 deletions
--- a/src/network/networkd-dhcp6.c
+++ b/src/network/networkd-dhcp6.c
@ -279,6 +279,7 @@ static int dhcp6_set_pd_route(Link *link, const union in_addr_union *prefix, con
        route->family = AF_INET6;
        route->dst = *prefix;
        route->dst_prefixlen = 64;
+        route->protocol = RTPROT_DHCP;

        r = route_configure(route, link, dhcp6_pd_route_handler, &ret);
        if (r < 0)
@ -826,6 +827,7 @@ static int dhcp6_set_unreachable_route(Link *link, const union in_addr_union *ad
        route->dst_prefixlen = prefixlen;
        route->table = link_get_dhcp_route_table(link);
        route->type = RTN_UNREACHABLE;
+        route->protocol = RTPROT_DHCP;

        r = route_configure(route, link, dhcp6_route_handler, &ret);
        if (r < 0)
--- a/src/network/networkd-route.c
+++ b/src/network/networkd-route.c
@ -575,6 +575,12 @@ static int route_add(Manager *manager, Link *link, const Route *in, const Multip
        return 0;
 }

+static bool route_type_is_reject(const Route *route) {
+        assert(route);
+
+        return IN_SET(route->type, RTN_UNREACHABLE, RTN_PROHIBIT, RTN_BLACKHOLE, RTN_THROW);
+}
+
 static int route_set_netlink_message(const Route *route, sd_netlink_message *req, Link *link) {
        unsigned flags;
        int r;
@ -660,7 +666,7 @@ static int route_set_netlink_message(const Route *route, sd_netlink_message *req
        if (r < 0)
                return log_link_error_errno(link, r, "Could not set route type: %m");

-        if (!IN_SET(route->type, RTN_UNREACHABLE, RTN_PROHIBIT, RTN_BLACKHOLE, RTN_THROW)) {
+        if (!route_type_is_reject(route)) {
                assert(link); /* Those routes must be attached to a specific link */

                r = sd_netlink_message_append_u32(req, RTA_OIF, link->ifindex);
@ -927,7 +933,7 @@ static int route_add_and_setup_timer(Link *link, const Route *route, const Multi
        assert(link);
        assert(route);

-        if (IN_SET(route->type, RTN_UNREACHABLE, RTN_PROHIBIT, RTN_BLACKHOLE, RTN_THROW))
+        if (route_type_is_reject(route))
                r = route_add(link->manager, NULL, route, NULL, &nr);
        else if (!m || m->ifindex == 0 || m->ifindex == link->ifindex)
                r = route_add(NULL, link, route, m, &nr);
@ -1576,6 +1582,12 @@ int manager_rtnl_process_route(sd_netlink *rtnl, sd_netlink_message *message, Ma
                }
        }

+        /* IPv6 routes with reject type are always assigned to the loopback interface. See kernel's
+         * fib6_nh_init() in net/ipv6/route.c. However, we'd like to manage them by Manager. Hence, set
+         * link to NULL here. */
+        if (route_type_is_reject(tmp))
+                link = NULL;
+
        if (ordered_set_isempty(multipath_routes))
                (void) process_route_one(m, link, type, tmp, NULL);
        else {
--- a/test/test-network/conf/25-route-static.network
+++ b/test/test-network/conf/25-route-static.network
@ -48,6 +48,18 @@ Destination=202.54.1.3
 Type=prohibit
 Destination=202.54.1.4

+[Route]
+Type=blackhole
+Destination=2001:1234:5678::2
+
+[Route]
+Type=unreachable
+Destination=2001:1234:5678::3
+
+[Route]
+Type=prohibit
+Destination=2001:1234:5678::4
+
 [Route]
 Type=local
 Destination=149.10.123.1
--- a/test/test-network/systemd-networkd-tests.py
+++ b/test/test-network/systemd-networkd-tests.py
@ -2216,6 +2216,21 @@ class NetworkdNetworkTests(unittest.TestCase, Utilities):
        print(output)
        self.assertRegex(output, 'prohibit 202.54.1.4 proto static')

+        print('### ip -6 route show type blackhole')
+        output = check_output('ip -6 route show type blackhole')
+        print(output)
+        self.assertIn('blackhole 2001:1234:5678::2 dev lo proto static', output)
+
+        print('### ip -6 route show type unreachable')
+        output = check_output('ip -6 route show type unreachable')
+        print(output)
+        self.assertIn('unreachable 2001:1234:5678::3 dev lo proto static', output)
+
+        print('### ip -6 route show type prohibit')
+        output = check_output('ip -6 route show type prohibit')
+        print(output)
+        self.assertIn('prohibit 2001:1234:5678::4 dev lo proto static', output)
+
        print('### ip route show 192.168.10.1')
        output = check_output('ip route show 192.168.10.1')
        print(output)
@ -2242,6 +2257,7 @@ class NetworkdNetworkTests(unittest.TestCase, Utilities):

        copy_unit_to_networkd_unit_path('25-address-static.network')
        check_output(*networkctl_cmd, 'reload', env=env)
+        time.sleep(1)
        self.wait_online(['dummy98:routable'])

        # check all routes managed by Manager are removed
@ -2260,8 +2276,24 @@ class NetworkdNetworkTests(unittest.TestCase, Utilities):
        print(output)
        self.assertEqual(output, '')

+        print('### ip -6 route show type blackhole')
+        output = check_output('ip -6 route show type blackhole')
+        print(output)
+        self.assertEqual(output, '')
+
+        print('### ip -6 route show type unreachable')
+        output = check_output('ip -6 route show type unreachable')
+        print(output)
+        self.assertEqual(output, '')
+
+        print('### ip -6 route show type prohibit')
+        output = check_output('ip -6 route show type prohibit')
+        print(output)
+        self.assertEqual(output, '')
+
        remove_unit_from_networkd_path(['25-address-static.network'])
        check_output(*networkctl_cmd, 'reload', env=env)
+        time.sleep(1)
        self.wait_online(['dummy98:routable'])

        # check all routes managed by Manager are reconfigured
@ -2280,6 +2312,21 @@ class NetworkdNetworkTests(unittest.TestCase, Utilities):
        print(output)
        self.assertRegex(output, 'prohibit 202.54.1.4 proto static')

+        print('### ip -6 route show type blackhole')
+        output = check_output('ip -6 route show type blackhole')
+        print(output)
+        self.assertIn('blackhole 2001:1234:5678::2 dev lo proto static', output)
+
+        print('### ip -6 route show type unreachable')
+        output = check_output('ip -6 route show type unreachable')
+        print(output)
+        self.assertIn('unreachable 2001:1234:5678::3 dev lo proto static', output)
+
+        print('### ip -6 route show type prohibit')
+        output = check_output('ip -6 route show type prohibit')
+        print(output)
+        self.assertIn('prohibit 2001:1234:5678::4 dev lo proto static', output)
+
        rc = call("ip link del dummy98")
        self.assertEqual(rc, 0)
        time.sleep(2)
@ -2300,6 +2347,21 @@ class NetworkdNetworkTests(unittest.TestCase, Utilities):
        print(output)
        self.assertEqual(output, '')

+        print('### ip -6 route show type blackhole')
+        output = check_output('ip -6 route show type blackhole')
+        print(output)
+        self.assertEqual(output, '')
+
+        print('### ip -6 route show type unreachable')
+        output = check_output('ip -6 route show type unreachable')
+        print(output)
+        self.assertEqual(output, '')
+
+        print('### ip -6 route show type prohibit')
+        output = check_output('ip -6 route show type prohibit')
+        print(output)
+        self.assertEqual(output, '')
+
    @expectedFailureIfRTA_VIAIsNotSupported()
    def test_route_via_ipv6(self):
        copy_unit_to_networkd_unit_path('25-route-via-ipv6.network', '12-dummy.netdev')