Page MenuHomeFreeBSD
Differential D28549

Fix blackhole/reject routes.
AcceptedPublic
Actions

Authored by melifaro on Feb 8 2021, 11:34 PM.
Tags
None
Referenced Files
F87358723: D28549.id.diff
Tue, Jul 2, 2:29 AM
F87358619: D28549.id.diff
Tue, Jul 2, 2:27 AM
Unknown Object (File)
Tue, Jun 25, 11:44 PM
Unknown Object (File)
Apr 30 2024, 7:10 AM
Unknown Object (File)
Apr 30 2024, 7:10 AM
Unknown Object (File)
Apr 29 2024, 11:42 PM
Unknown Object (File)
Apr 22 2024, 10:12 AM
Unknown Object (File)
Jan 13 2024, 2:06 AM
View All 14 Files
Subscribers
ae
donner
imp
zarychtam_plan-b.pwste.edu.pl

Details

Reviewers
donner
Group Reviewers
network
Summary

Traditionally *BSD routing stack required to supply some
interface data for blackhole/reject routes. This lead to
varieties of hacks in routing daemons when inserting such routes.
With the recent routeing stack changes, gateway sockaddr without
RTF_GATEWAY started to be treated differently, purely as link
identifier.

This change broke net/bird, which installs blackhole routes with
127.0.0.1 gateway without RTF_GATEWAY flags.

Fix this by automatically constructing necessary gateway data at
rtsock level if RTF_REJECT/RTF_BLACKHOLE is set.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 36820
Build 33709: arc lint + arc unit

Event Timeline

melifaro created this revision.Feb 8 2021, 11:34 PM
Herald added subscribers: ae, imp. · View Herald TranscriptFeb 8 2021, 11:34 PM
melifaro requested review of this revision.Feb 8 2021, 11:34 PM
Harbormaster completed remote builds in B36820: Diff 83573.Feb 8 2021, 11:34 PM
donner added a subscriber: donner.Feb 9 2021, 7:35 AM
donner added inline comments.
sys/net/rtsock.c
571

Why do you check here. that setting both flags together is an error? If it's about blackholing, just check for the RTF_BLACKHOLE. If RTF_REJECT uses the same approach, compare against zero.

Given, that you check the flags before calling again, I'd leave out the test here.

zarychtam_plan-b.pwste.edu.pl added a subscriber: zarychtam_plan-b.pwste.edu.pl.Feb 9 2021, 2:31 PM
melifaro added inline comments.Feb 9 2021, 11:31 PM
sys/net/rtsock.c
571

Not sure I fully understand the comment, but let me clarify:

Handling for blackhole and reject is almost identical: both don't care about the gateway and use loopback as an address.
However, blackhole and reject are mutually exclusive: the former instructs to drop the packet, the latter - to drop the packet and send ICMP error message.

Handling similarity is the reason for using single function and jump based on either of these.
Mutual exclusiveness is the reason for having the check here rejecting reject+blackhole combination.

I hope it provides a bit more clarity.

donner accepted this revision as: donner.Feb 10 2021, 5:41 AM
donner added inline comments.
sys/net/rtsock.c
571

I'm only surprised, that this input parameter check is part of this function, instead of part of the calling routine. So the test for the flags are split over the code.

This revision is now accepted and ready to land.Feb 10 2021, 5:41 AM

Revision Contents
Changeset List

PathSize
sys/
net/
57 lines

Diff 83573

View Options

sys/net/rtsock.c

Loading...