From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Tue, 5 Sep 2023 12:41:57 +0000 (+0900)
Subject: network/ndisc: split out ndisc_router_process_icmp6_ratelimit()
X-Git-Tag: v255-rc1~575
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0f9a2b802bb0a67f4f707efb78bac847d7f2d654;p=thirdparty%2Fsystemd.git

network/ndisc: split out ndisc_router_process_icmp6_ratelimit()

Otherwise, if ndisc_router_process_default() return earlier, e.g.
when Network.ipv6_accept_ra_use_gateway is false, then the
ratelimit is not applied.
---

diff --git a/src/network/networkd-ndisc.c b/src/network/networkd-ndisc.c
index f24f1f30fc0..00eac3477d8 100644
--- a/src/network/networkd-ndisc.c
+++ b/src/network/networkd-ndisc.c
@@ -279,7 +279,6 @@ static int ndisc_request_address(Address *in, Link *link, sd_ndisc_router *rt) {
 
 static int ndisc_router_process_default(Link *link, sd_ndisc_router *rt) {
         usec_t lifetime_usec, timestamp_usec;
-        uint32_t icmp6_ratelimit = 0;
         struct in6_addr gateway;
         uint16_t lifetime_sec;
         unsigned preference;
@@ -360,20 +359,36 @@ static int ndisc_router_process_default(Link *link, sd_ndisc_router *rt) {
                         return log_link_warning_errno(link, r, "Could not request gateway: %m");
         }
 
-        r = sd_ndisc_router_get_icmp6_ratelimit(rt, &icmp6_ratelimit);
-        if (r < 0)
-                log_link_debug(link, "Failed to get default router preference from RA: %m");
+        return 0;
+}
 
-        if (icmp6_ratelimit > 0 && link->network->ipv6_accept_ra_use_icmp6_ratelimit) {
-                char buf[DECIMAL_STR_MAX(unsigned)];
+static int ndisc_router_process_icmp6_ratelimit(Link *link, sd_ndisc_router *rt) {
+        char buf[DECIMAL_STR_MAX(unsigned)];
+        uint32_t icmp6_ratelimit;
+        int r;
 
-                xsprintf(buf, "%u", icmp6_ratelimit);
+        assert(link);
+        assert(link->network);
+        assert(rt);
 
-                r = sysctl_write("net/ipv6/icmp/ratelimit", buf);
-                if (r < 0)
-                        log_link_warning_errno(link, r, "Could not configure icmp6 rate limit: %m");
+        if (!link->network->ipv6_accept_ra_use_icmp6_ratelimit)
+                return 0;
+
+        r = sd_ndisc_router_get_icmp6_ratelimit(rt, &icmp6_ratelimit);
+        if (r < 0) {
+                log_link_debug(link, "Failed to get ICMP6 ratelimit from RA, ignoring: %m");
+                return 0;
         }
 
+        if (icmp6_ratelimit == 0)
+                return 0;
+
+        xsprintf(buf, "%u", icmp6_ratelimit);
+
+        r = sysctl_write_ip_property(AF_INET6, NULL, "icmp/ratelimit", buf);
+        if (r < 0)
+                log_link_warning_errno(link, r, "Failed to apply ICMP6 ratelimit, ignoring: %m");
+
         return 0;
 }
 
@@ -1380,6 +1395,10 @@ static int ndisc_router_handler(Link *link, sd_ndisc_router *rt) {
         if (r < 0)
                 return r;
 
+        r = ndisc_router_process_icmp6_ratelimit(link, rt);
+        if (r < 0)
+                return r;
+
         r = ndisc_router_process_options(link, rt);
         if (r < 0)
                 return r;