From: Yu Watanabe Date: Mon, 5 Oct 2020 21:20:39 +0000 (+0900) Subject: network: specify all known attributes when removing routing policy rules X-Git-Tag: v247-rc1~117^2~121 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d08ed5a1fde2c7cfdfd7425005ef50a121c60bfd;p=thirdparty%2Fsystemd.git network: specify all known attributes when removing routing policy rules Otherwise, routing_policy_rule_remove() may removes unintended rule. --- diff --git a/src/network/networkd-routing-policy-rule.c b/src/network/networkd-routing-policy-rule.c index f35ab3e3dba..588c36f306c 100644 --- a/src/network/networkd-routing-policy-rule.c +++ b/src/network/networkd-routing-policy-rule.c @@ -337,6 +337,116 @@ static int routing_policy_rule_add_foreign(Manager *m, RoutingPolicyRule *rule, return routing_policy_rule_add_internal(m, &m->rules_foreign, rule, rule->family, ret); } +static int routing_policy_rule_set_netlink_message(RoutingPolicyRule *rule, sd_netlink_message *m, Link *link) { + int r; + + assert(rule); + assert(m); + assert(link); + + if (in_addr_is_null(rule->family, &rule->from) == 0) { + r = netlink_message_append_in_addr_union(m, FRA_SRC, rule->family, &rule->from); + if (r < 0) + return log_link_error_errno(link, r, "Could not append FRA_SRC attribute: %m"); + + r = sd_rtnl_message_routing_policy_rule_set_rtm_src_prefixlen(m, rule->from_prefixlen); + if (r < 0) + return log_link_error_errno(link, r, "Could not set source prefix length: %m"); + } + + if (in_addr_is_null(rule->family, &rule->to) == 0) { + r = netlink_message_append_in_addr_union(m, FRA_DST, rule->family, &rule->to); + if (r < 0) + return log_link_error_errno(link, r, "Could not append FRA_DST attribute: %m"); + + r = sd_rtnl_message_routing_policy_rule_set_rtm_dst_prefixlen(m, rule->to_prefixlen); + if (r < 0) + return log_link_error_errno(link, r, "Could not set destination prefix length: %m"); + } + + r = sd_netlink_message_append_u32(m, FRA_PRIORITY, rule->priority); + if (r < 0) + return log_link_error_errno(link, r, "Could not append FRA_PRIORITY attribute: %m"); + + if (rule->tos > 0) { + r = sd_rtnl_message_routing_policy_rule_set_tos(m, rule->tos); + if (r < 0) + return log_link_error_errno(link, r, "Could not set IP rule TOS: %m"); + } + + if (rule->table < 256) { + r = sd_rtnl_message_routing_policy_rule_set_table(m, rule->table); + if (r < 0) + return log_link_error_errno(link, r, "Could not set IP rule table: %m"); + } else { + r = sd_rtnl_message_routing_policy_rule_set_table(m, RT_TABLE_UNSPEC); + if (r < 0) + return log_link_error_errno(link, r, "Could not set IP rule table: %m"); + + r = sd_netlink_message_append_u32(m, FRA_TABLE, rule->table); + if (r < 0) + return log_link_error_errno(link, r, "Could not append FRA_TABLE attribute: %m"); + } + + if (rule->fwmark > 0) { + r = sd_netlink_message_append_u32(m, FRA_FWMARK, rule->fwmark); + if (r < 0) + return log_link_error_errno(link, r, "Could not append FRA_FWMARK attribute: %m"); + + r = sd_netlink_message_append_u32(m, FRA_FWMASK, rule->fwmask); + if (r < 0) + return log_link_error_errno(link, r, "Could not append FRA_FWMASK attribute: %m"); + } + + if (rule->iif) { + r = sd_netlink_message_append_string(m, FRA_IIFNAME, rule->iif); + if (r < 0) + return log_link_error_errno(link, r, "Could not append FRA_IIFNAME attribute: %m"); + } + + if (rule->oif) { + r = sd_netlink_message_append_string(m, FRA_OIFNAME, rule->oif); + if (r < 0) + return log_link_error_errno(link, r, "Could not append FRA_OIFNAME attribute: %m"); + } + + r = sd_netlink_message_append_u8(m, FRA_IP_PROTO, rule->protocol); + if (r < 0) + return log_link_error_errno(link, r, "Could not append FRA_IP_PROTO attribute: %m"); + + if (rule->sport.start != 0 || rule->sport.end != 0) { + r = sd_netlink_message_append_data(m, FRA_SPORT_RANGE, &rule->sport, sizeof(rule->sport)); + if (r < 0) + return log_link_error_errno(link, r, "Could not append FRA_SPORT_RANGE attribute: %m"); + } + + if (rule->dport.start != 0 || rule->dport.end != 0) { + r = sd_netlink_message_append_data(m, FRA_DPORT_RANGE, &rule->dport, sizeof(rule->dport)); + if (r < 0) + return log_link_error_errno(link, r, "Could not append FRA_DPORT_RANGE attribute: %m"); + } + + if (rule->uid_range.start != UID_INVALID && rule->uid_range.end != UID_INVALID) { + r = sd_netlink_message_append_data(m, FRA_UID_RANGE, &rule->uid_range, sizeof(rule->uid_range)); + if (r < 0) + return log_link_error_errno(link, r, "Could not append FRA_UID_RANGE attribute: %m"); + } + + if (rule->invert_rule) { + r = sd_rtnl_message_routing_policy_rule_set_flags(m, FIB_RULE_INVERT); + if (r < 0) + return log_link_error_errno(link, r, "Could not append FIB_RULE_INVERT attribute: %m"); + } + + if (rule->suppress_prefixlen >= 0) { + r = sd_netlink_message_append_u32(m, FRA_SUPPRESS_PREFIXLEN, (uint32_t) rule->suppress_prefixlen); + if (r < 0) + return log_link_error_errno(link, r, "Could not append FRA_SUPPRESS_PREFIXLEN attribute: %m"); + } + + return 0; +} + static int routing_policy_rule_remove_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) { int r; @@ -382,25 +492,9 @@ static int routing_policy_rule_remove(RoutingPolicyRule *rule, Link *link) { if (r < 0) return log_link_error_errno(link, r, "Could not allocate RTM_DELRULE message: %m"); - if (in_addr_is_null(rule->family, &rule->from) == 0) { - r = netlink_message_append_in_addr_union(m, FRA_SRC, rule->family, &rule->from); - if (r < 0) - return log_link_error_errno(link, r, "Could not append FRA_SRC attribute: %m"); - - r = sd_rtnl_message_routing_policy_rule_set_rtm_src_prefixlen(m, rule->from_prefixlen); - if (r < 0) - return log_link_error_errno(link, r, "Could not set source prefix length: %m"); - } - - if (in_addr_is_null(rule->family, &rule->to) == 0) { - r = netlink_message_append_in_addr_union(m, FRA_DST, rule->family, &rule->to); - if (r < 0) - return log_link_error_errno(link, r, "Could not append FRA_DST attribute: %m"); - - r = sd_rtnl_message_routing_policy_rule_set_rtm_dst_prefixlen(m, rule->to_prefixlen); - if (r < 0) - return log_link_error_errno(link, r, "Could not set destination prefix length: %m"); - } + r = routing_policy_rule_set_netlink_message(rule, m, link); + if (r < 0) + return r; r = netlink_call_async(link->manager->rtnl, NULL, m, routing_policy_rule_remove_handler, @@ -468,105 +562,9 @@ static int routing_policy_rule_configure_internal(RoutingPolicyRule *rule, int f if (r < 0) return log_link_error_errno(link, r, "Could not allocate RTM_NEWRULE message: %m"); - if (in_addr_is_null(rule->family, &rule->from) == 0) { - r = netlink_message_append_in_addr_union(m, FRA_SRC, rule->family, &rule->from); - if (r < 0) - return log_link_error_errno(link, r, "Could not append FRA_SRC attribute: %m"); - - r = sd_rtnl_message_routing_policy_rule_set_rtm_src_prefixlen(m, rule->from_prefixlen); - if (r < 0) - return log_link_error_errno(link, r, "Could not set source prefix length: %m"); - } - - if (in_addr_is_null(rule->family, &rule->to) == 0) { - r = netlink_message_append_in_addr_union(m, FRA_DST, rule->family, &rule->to); - if (r < 0) - return log_link_error_errno(link, r, "Could not append FRA_DST attribute: %m"); - - r = sd_rtnl_message_routing_policy_rule_set_rtm_dst_prefixlen(m, rule->to_prefixlen); - if (r < 0) - return log_link_error_errno(link, r, "Could not set destination prefix length: %m"); - } - - r = sd_netlink_message_append_u32(m, FRA_PRIORITY, rule->priority); - if (r < 0) - return log_link_error_errno(link, r, "Could not append FRA_PRIORITY attribute: %m"); - - if (rule->tos > 0) { - r = sd_rtnl_message_routing_policy_rule_set_tos(m, rule->tos); - if (r < 0) - return log_link_error_errno(link, r, "Could not set IP rule TOS: %m"); - } - - if (rule->table < 256) { - r = sd_rtnl_message_routing_policy_rule_set_table(m, rule->table); - if (r < 0) - return log_link_error_errno(link, r, "Could not set IP rule table: %m"); - } else { - r = sd_rtnl_message_routing_policy_rule_set_table(m, RT_TABLE_UNSPEC); - if (r < 0) - return log_link_error_errno(link, r, "Could not set IP rule table: %m"); - - r = sd_netlink_message_append_u32(m, FRA_TABLE, rule->table); - if (r < 0) - return log_link_error_errno(link, r, "Could not append FRA_TABLE attribute: %m"); - } - - if (rule->fwmark > 0) { - r = sd_netlink_message_append_u32(m, FRA_FWMARK, rule->fwmark); - if (r < 0) - return log_link_error_errno(link, r, "Could not append FRA_FWMARK attribute: %m"); - - r = sd_netlink_message_append_u32(m, FRA_FWMASK, rule->fwmask); - if (r < 0) - return log_link_error_errno(link, r, "Could not append FRA_FWMASK attribute: %m"); - } - - if (rule->iif) { - r = sd_netlink_message_append_string(m, FRA_IIFNAME, rule->iif); - if (r < 0) - return log_link_error_errno(link, r, "Could not append FRA_IIFNAME attribute: %m"); - } - - if (rule->oif) { - r = sd_netlink_message_append_string(m, FRA_OIFNAME, rule->oif); - if (r < 0) - return log_link_error_errno(link, r, "Could not append FRA_OIFNAME attribute: %m"); - } - - r = sd_netlink_message_append_u8(m, FRA_IP_PROTO, rule->protocol); + r = routing_policy_rule_set_netlink_message(rule, m, link); if (r < 0) - return log_link_error_errno(link, r, "Could not append FRA_IP_PROTO attribute: %m"); - - if (rule->sport.start != 0 || rule->sport.end != 0) { - r = sd_netlink_message_append_data(m, FRA_SPORT_RANGE, &rule->sport, sizeof(rule->sport)); - if (r < 0) - return log_link_error_errno(link, r, "Could not append FRA_SPORT_RANGE attribute: %m"); - } - - if (rule->dport.start != 0 || rule->dport.end != 0) { - r = sd_netlink_message_append_data(m, FRA_DPORT_RANGE, &rule->dport, sizeof(rule->dport)); - if (r < 0) - return log_link_error_errno(link, r, "Could not append FRA_DPORT_RANGE attribute: %m"); - } - - if (rule->uid_range.start != UID_INVALID && rule->uid_range.end != UID_INVALID) { - r = sd_netlink_message_append_data(m, FRA_UID_RANGE, &rule->uid_range, sizeof(rule->uid_range)); - if (r < 0) - return log_link_error_errno(link, r, "Could not append FRA_UID_RANGE attribute: %m"); - } - - if (rule->invert_rule) { - r = sd_rtnl_message_routing_policy_rule_set_flags(m, FIB_RULE_INVERT); - if (r < 0) - return log_link_error_errno(link, r, "Could not append FIB_RULE_INVERT attribute: %m"); - } - - if (rule->suppress_prefixlen >= 0) { - r = sd_netlink_message_append_u32(m, FRA_SUPPRESS_PREFIXLEN, (uint32_t) rule->suppress_prefixlen); - if (r < 0) - return log_link_error_errno(link, r, "Could not append FRA_SUPPRESS_PREFIXLEN attribute: %m"); - } + return r; r = netlink_call_async(link->manager->rtnl, NULL, m, routing_policy_rule_handler,