Page MenuHomeFreeBSD

netlink/route: make route deletion behavior match route(4) socket
AcceptedPublic

Authored by glebius on Aug 15 2024, 1:04 AM.
Tags
None
Referenced Files
F103929063: D46301.diff
Sun, Dec 1, 8:54 AM
Unknown Object (File)
Fri, Nov 29, 4:46 PM
Unknown Object (File)
Thu, Nov 14, 5:33 PM
Unknown Object (File)
Tue, Nov 12, 2:42 PM
Unknown Object (File)
Wed, Nov 6, 3:57 PM
Unknown Object (File)
Sep 25 2024, 9:14 AM
Unknown Object (File)
Sep 25 2024, 2:58 AM
Unknown Object (File)
Sep 10 2024, 7:29 AM

Details

Reviewers
melifaro
zlei
Group Reviewers
network
Summary

Deleting a route with help of route(8) command in pre-netlink times was a
two step action: first the route(8) would RTM_GET the route from the
kernel and then copy its parameters into the RTM_DEL request. This
allowed deletion of pinned (RTF_PINNED) routes, as the flag was carried
over. The flag enforced call into rt_delete_conditional() with prio=2
parameter.

With netlink(4) enabled route(8), we construct the NL_RTM_DELROUTE request
from scratch and this ends in rt_delete_conditional() being called with
prio=1, which effectively blocks deleting a pinned route.

Make the netlink(4) code provide RTM_F_FORCE flag for rib_del_route_px(),
which would end up with prio=2 for rt_delete_conditional(). The rationale
is here that netlink(4) path isn't something automatic, it is either an
explicit request from an operator with route(8) or some other routing
daemon, and the RTF_PINNED protection shall be bypassed for any call via
netlink(4).

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 59026
Build 55913: arc lint + arc unit

Event Timeline

I would really like to do EN for this to 14.1.

zlei added a subscriber: zlei.

Looks good to me.

This revision is now accepted and ready to land.Aug 21 2024, 2:13 AM

What else is needed to commit this patch?

I'm going to come up with a different version of this patch (likely using a new flag rtmsg->rtm_flags to signal RTM_F_FORCE) in a day or two. The current version allows all netlink customers to fully bypass PINNED route protection, which defeats its purpose.