From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sun, 16 Feb 2025 20:26:25 +0000 (+0900)
Subject: network/routing-policy-rule: assume FRA_PROTOCOL attribute is always set
X-Git-Tag: v258-rc1~1307^2~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=49625caaa911eee439b3c0cf86f099326911554b;p=thirdparty%2Fsystemd.git

network/routing-policy-rule: assume FRA_PROTOCOL attribute is always set

Since kernel v4.17 (1b71af6053af1bd2f849e9fda4f71c1e3f145dcf), the
attribute is always set in each netlink message for routing policy rule.
Now, our base line is v5.4. Hence, we can drop the workaround.
---

diff --git a/README b/README
index 2f89fffe0b2..346f1aad42c 100644
--- a/README
+++ b/README
@@ -39,7 +39,8 @@ REQUIREMENTS:
                      ≥ 4.11 for nsfs NS_GET_NSTYPE
                      ≥ 4.13 for TIOCGPTPEER
                      ≥ 4.15 for cgroup-bpf device hook and cpu controller in cgroup v2
-                     ≥ 4.17 for cgroup-bpf socket address hooks and /sys/power/resume_offset
+                     ≥ 4.17 for cgroup-bpf socket address hooks, /sys/power/resume_offset,
+                            and FRA_PROTOCOL attribute for fib rules
                      ≥ 4.20 for PSI (used by systemd-oomd)
                      ≥ 5.2 for cgroup freezer and new mount API
                      ≥ 5.3 for bounded loops in BPF program, keyring namespacing,
diff --git a/src/network/networkd-routing-policy-rule.c b/src/network/networkd-routing-policy-rule.c
index 2cac730a417..9811f60dcb5 100644
--- a/src/network/networkd-routing-policy-rule.c
+++ b/src/network/networkd-routing-policy-rule.c
@@ -1059,26 +1059,6 @@ int link_request_static_routing_policy_rules(Link *link) {
         return 0;
 }
 
-static const RoutingPolicyRule kernel_rules[] = {
-        { .family = AF_INET,  .priority_set = true, .priority = 0,     .table = RT_TABLE_LOCAL,   .action = FR_ACT_TO_TBL, .uid_range.start = UID_INVALID, .uid_range.end = UID_INVALID, .suppress_prefixlen = -1, .suppress_ifgroup = -1, },
-        { .family = AF_INET,  .priority_set = true, .priority = 1000,  .table = RT_TABLE_UNSPEC,  .action = FR_ACT_TO_TBL, .uid_range.start = UID_INVALID, .uid_range.end = UID_INVALID, .suppress_prefixlen = -1, .suppress_ifgroup = -1, .l3mdev = true },
-        { .family = AF_INET,  .priority_set = true, .priority = 32766, .table = RT_TABLE_MAIN,    .action = FR_ACT_TO_TBL, .uid_range.start = UID_INVALID, .uid_range.end = UID_INVALID, .suppress_prefixlen = -1, .suppress_ifgroup = -1, },
-        { .family = AF_INET,  .priority_set = true, .priority = 32767, .table = RT_TABLE_DEFAULT, .action = FR_ACT_TO_TBL, .uid_range.start = UID_INVALID, .uid_range.end = UID_INVALID, .suppress_prefixlen = -1, .suppress_ifgroup = -1, },
-        { .family = AF_INET6, .priority_set = true, .priority = 0,     .table = RT_TABLE_LOCAL,   .action = FR_ACT_TO_TBL, .uid_range.start = UID_INVALID, .uid_range.end = UID_INVALID, .suppress_prefixlen = -1, .suppress_ifgroup = -1, },
-        { .family = AF_INET6, .priority_set = true, .priority = 1000,  .table = RT_TABLE_UNSPEC,  .action = FR_ACT_TO_TBL, .uid_range.start = UID_INVALID, .uid_range.end = UID_INVALID, .suppress_prefixlen = -1, .suppress_ifgroup = -1, .l3mdev = true },
-        { .family = AF_INET6, .priority_set = true, .priority = 32766, .table = RT_TABLE_MAIN,    .action = FR_ACT_TO_TBL, .uid_range.start = UID_INVALID, .uid_range.end = UID_INVALID, .suppress_prefixlen = -1, .suppress_ifgroup = -1, },
-};
-
-static bool routing_policy_rule_is_created_by_kernel(const RoutingPolicyRule *rule) {
-        assert(rule);
-
-        FOREACH_ELEMENT(i, kernel_rules)
-                if (routing_policy_rule_equal(rule, i, i->family, i->priority))
-                        return true;
-
-        return false;
-}
-
 int manager_rtnl_process_rule(sd_netlink *rtnl, sd_netlink_message *message, Manager *m) {
         int r;
 
@@ -1258,16 +1238,10 @@ int manager_rtnl_process_rule(sd_netlink *rtnl, sd_netlink_message *message, Man
                 return 0;
         }
 
-        /* If FRA_PROTOCOL is supported by kernel, then the attribute is always appended. If the received
-         * message does not have FRA_PROTOCOL, then we need to adjust the protocol of the rule. That requires
-         * all properties compared in the routing_policy_rule_compare_func(), hence it must be done after
-         * reading them. */
+        /* The kernel always sets the FRA_PROTOCOL attribute, and it is necessary for comparing rules.
+         * Hence, -ENODATA here is critical. */
         r = sd_netlink_message_read_u8(message, FRA_PROTOCOL, &tmp->protocol);
-        if (r == -ENODATA)
-                /* As .network files does not have setting to specify protocol, we can assume the
-                 * protocol of the received rule is RTPROT_KERNEL or RTPROT_STATIC. */
-                tmp->protocol = routing_policy_rule_is_created_by_kernel(tmp) ? RTPROT_KERNEL : RTPROT_STATIC;
-        else if (r < 0) {
+        if (r < 0) {
                 log_warning_errno(r, "rtnl: could not get FRA_PROTOCOL attribute, ignoring: %m");
                 return 0;
         }