proxmox-mirrors/mirror_frr
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_frr synced 2025-08-03 08:56:13 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #2698 from sworleys/Netlink-Filter-AFI

Browse Source 
zebra: Add address family filters
This commit is contained in:
Russ White 2018-07-23 17:45:44 -04:00 committed by GitHub
commit af9036b76d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 33 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
zebra/if_netlink.c
View File

@ -891,8 +891,12 @@ int netlink_interface_addr(struct nlmsghdr *h, ns_id_t ns_id, int startup)
zns = zebra_ns_lookup(ns_id);
ifa = NLMSG_DATA(h);
if (ifa->ifa_family != AF_INET && ifa->ifa_family != AF_INET6)
if (ifa->ifa_family != AF_INET && ifa->ifa_family != AF_INET6) {
zlog_warn(
"Invalid address family: %d received from kernel interface addr change: %d",
ifa->ifa_family, h->nlmsg_type);
return 0;
}
if (h->nlmsg_type != RTM_NEWADDR && h->nlmsg_type != RTM_DELADDR)
return 0;
@ -1114,6 +1118,14 @@ int netlink_link_change(struct nlmsghdr *h, ns_id_t ns_id, int startup)
return 0;
}
if (!(ifi->ifi_family == AF_UNSPEC || ifi->ifi_family == AF_BRIDGE
|| ifi->ifi_family == AF_INET6)) {
zlog_warn(
"Invalid address family: %d received from kernel link change: %d",
ifi->ifi_family, h->nlmsg_type);
return 0;
}
len = h->nlmsg_len - NLMSG_LENGTH(sizeof(struct ifinfomsg));
if (len < 0) {
zlog_err("%s: Message received from netlink is of a broken size %d %zu",

15
zebra/rt_netlink.c
View File

@ -740,6 +740,15 @@ int netlink_route_change(struct nlmsghdr *h, ns_id_t ns_id, int startup)
return 0;
}
if (!(rtm->rtm_family == AF_INET || rtm->rtm_family == AF_INET6
|| rtm->rtm_family == AF_ETHERNET
|| rtm->rtm_family == AF_MPLS)) {
zlog_warn(
"Invalid address family: %d received from kernel route change: %d",
rtm->rtm_family, h->nlmsg_type);
return 0;
}
/* Connected route. */
if (IS_ZEBRA_DEBUG_KERNEL)
zlog_debug("%s %s %s proto %s NS %u",
@ -2386,6 +2395,12 @@ int netlink_neigh_change(struct nlmsghdr *h, ns_id_t ns_id)
if (ndm->ndm_family == AF_INET || ndm->ndm_family == AF_INET6)
return netlink_ipneigh_change(h, len, ns_id);
else {
zlog_warn(
"Invalid address family: %d received from kernel neighbor change: %d",
ndm->ndm_family, h->nlmsg_type);
return 0;
}
return 0;
}

6
zebra/rule_netlink.c
View File

@ -204,8 +204,12 @@ int netlink_rule_change(struct nlmsghdr *h, ns_id_t ns_id, int startup)
}
frh = NLMSG_DATA(h);
if (frh->family != AF_INET && frh->family != AF_INET6)
if (frh->family != AF_INET && frh->family != AF_INET6) {
zlog_warn(
"Invalid address family: %d received from kernel rule change: %d",
frh->family, h->nlmsg_type);
return 0;
}
if (frh->action != FR_ACT_TO_TBL)
return 0;