BSD: Reject routes are not cloned/connected routes

Likewise, if we change from a reject to a non reject route
we need to remove it rather than changing it as some BSD
kernels preserve the RTF_GATEWAY flag.

diff --git a/src/if-bsd.c b/src/if-bsd.c
index 1177ee358ac2dffd83e121b7079ab9186ef3b48b..02347e3a103734a6cf206f75d6e957e235ae182e 100644 (file)
--- a/src/if-bsd.c
+++ b/src/if-bsd.c
@@ -761,7 +761,7 @@ if_route(unsigned char cmd, const struct rt *rt)
                        rtm->rtm_flags |= RTF_HOST;
                /* Network routes are cloning or connected if supported.
                 * All other routes are static. */
-               if (gateway_unspec) {
+               if (gateway_unspec && !(rtm->rtm_flags & RTF_REJECT)) {
 #ifdef RTF_CLONING
                        rtm->rtm_flags |= RTF_CLONING;
 #endif

diff --git a/src/route.c b/src/route.c
index 7861546efdd9c7bdc1ef40cfdb13a385c10ae2b3..4904d1b71a6a9e6d9e7bd7b9e260dcca5cfe1e18 100644 (file)
--- a/src/route.c
+++ b/src/route.c
@@ -597,7 +597,7 @@ rt_add(rb_tree_t *kroutes, struct rt *nrt, struct rt *ort)
            sa_cmp(&krt->rt_dest, &nrt->rt_dest) == 0 &&
            rt_cmp_netmask(krt, nrt) == 0 &&
            sa_cmp(&krt->rt_gateway, &nrt->rt_gateway) == 0 &&
-           rt_cmp_mtu(krt, nrt) == 0)
+           (nrt->rt_ifp->flags & IFF_LOOPBACK || rt_cmp_mtu(krt, nrt) == 0))
        {
 #ifdef HAVE_ROUTE_LIFETIME
                if (rt_cmp_lifetime(krt, nrt) == 0) {
@@ -622,6 +622,10 @@ rt_add(rb_tree_t *kroutes, struct rt *nrt, struct rt *ort)
        if (change && krt != NULL && krt->rt_flags & RTF_CLONING)
                change = false;
 #endif
+       /* Reject routes have a gateway, non reject routes don't.
+        * BSD kernels at least preserve RTF_GATEWAY so we need to punt it. */
+       if (change && krt->rt_flags & RTF_REJECT && !(nrt->rt_flags & RTF_REJECT))
+               change = false;
 
        if (change) {
                if (if_route(RTM_CHANGE, nrt) != -1) {