picnoir
/
Systemd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

network: fix the default mask for FirewallMark= 

And always send FRA_FWMASK if FirewallMark= is set.

C.f. b8964ed9fa

Partially fixes #16784.
This commit is contained in:
Yu Watanabe 2020-09-09 04:45:54 +09:00
parent c2d6fcb147
commit bd1000b4a0
2 changed files with 12 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/network/networkd-routing-policy-rule.c
View File

@ -540,9 +540,7 @@ int routing_policy_rule_configure(RoutingPolicyRule *rule, Link *link, link_netl
r = sd_netlink_message_append_u32(m, FRA_FWMARK, rule->fwmark);
if (r < 0)
return log_link_error_errno(link, r, "Could not append FRA_FWMARK attribute: %m");
}
if (rule->fwmask > 0) {
r = sd_netlink_message_append_u32(m, FRA_FWMASK, rule->fwmask);
if (r < 0)
return log_link_error_errno(link, r, "Could not append FRA_FWMASK attribute: %m");
@ -676,10 +674,13 @@ static int parse_fwmark_fwmask(const char *s, uint32_t *ret_fwmark, uint32_t *re
if (r < 0)
return r;
if (slash) {
r = safe_atou32(slash + 1, &fwmask);
if (r < 0)
return r;
if (fwmark > 0) {
if (slash) {
r = safe_atou32(slash + 1, &fwmask);
if (r < 0)
return r;
} else
fwmask = UINT32_MAX;
}
*ret_fwmark = fwmark;
@ -1239,9 +1240,11 @@ int routing_policy_serialize_rules(Set *rules, FILE *f) {
}
if (rule->fwmark != 0) {
fprintf(f, "%sfwmark=%"PRIu32"/%"PRIu32,
fprintf(f, "%sfwmark=%"PRIu32,
space ? " " : "",
rule->fwmark, rule->fwmask);
rule->fwmark);
if (rule->fwmask != UINT32_MAX)
fprintf(f, "/%"PRIu32, rule->fwmask);
space = true;
}

2
src/network/test-routing-policy-rule.c
View File

@ -67,7 +67,7 @@ int main(int argc, char **argv) {
test_rule_serialization("ignored values",
"RULE=something=to=ignore from=1.2.3.4/32 from=1.2.3.4/32"
" \t to=2.3.4.5/24 to=2.3.4.5/32 tos=5 fwmark=2 fwmark=1 table=10 table=20",
"RULE=family=AF_INET from=1.2.3.4/32 to=2.3.4.5/32 tos=5 fwmark=1/0 invert_rule=no table=20");
"RULE=family=AF_INET from=1.2.3.4/32 to=2.3.4.5/32 tos=5 fwmark=1 invert_rule=no table=20");
test_rule_serialization("ipv6",
"RULE=family=AF_INET6 from=1::2/64 to=2::3/64 invert_rule=yes table=6", NULL);