* [PATCH] iproute: disallow ip rule del without parameters
@ 2016-08-24 20:43 Andrey Jr. Melnikov
2016-08-29 17:53 ` Stephen Hemminger
0 siblings, 1 reply; 4+ messages in thread
From: Andrey Jr. Melnikov @ 2016-08-24 20:43 UTC (permalink / raw)
To: Stephen Hemminger; +Cc: netdev
Disallow run `ip rule del` without any parameter to avoid delete any first
rule from table.
Signed-off-by: Andrey Jr. Melnikov <temnota.am@gmail.com>
---
diff --git a/ip/iprule.c b/ip/iprule.c
index 8f24206..70562c5 100644
--- a/ip/iprule.c
+++ b/ip/iprule.c
@@ -346,6 +346,11 @@ static int iprule_modify(int cmd, int argc, char **argv)
req.r.rtm_type = RTN_UNICAST;
}
+ if (cmd == RTM_DELRULE && argc == 0) {
+ fprintf(stderr, "\"ip rule del\" requires arguments.\n");
+ return -1;
+ }
+
while (argc > 0) {
if (strcmp(*argv, "not") == 0) {
req.r.rtm_flags |= FIB_RULE_INVERT;
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] iproute: disallow ip rule del without parameters
2016-08-24 20:43 [PATCH] iproute: disallow ip rule del without parameters Andrey Jr. Melnikov
@ 2016-08-29 17:53 ` Stephen Hemminger
2016-08-30 11:51 ` Michal Kubecek
0 siblings, 1 reply; 4+ messages in thread
From: Stephen Hemminger @ 2016-08-29 17:53 UTC (permalink / raw)
To: Andrey Jr. Melnikov; +Cc: Stephen Hemminger, netdev
On Wed, 24 Aug 2016 23:43:00 +0300
"Andrey Jr. Melnikov" <temnota.am@gmail.com> wrote:
> Disallow run `ip rule del` without any parameter to avoid delete any first
> rule from table.
>
> Signed-off-by: Andrey Jr. Melnikov <temnota.am@gmail.com>
> ---
>
> diff --git a/ip/iprule.c b/ip/iprule.c
> index 8f24206..70562c5 100644
> --- a/ip/iprule.c
> +++ b/ip/iprule.c
> @@ -346,6 +346,11 @@ static int iprule_modify(int cmd, int argc, char **argv)
> req.r.rtm_type = RTN_UNICAST;
> }
>
> + if (cmd == RTM_DELRULE && argc == 0) {
> + fprintf(stderr, "\"ip rule del\" requires arguments.\n");
> + return -1;
> + }
> +
> while (argc > 0) {
> if (strcmp(*argv, "not") == 0) {
> req.r.rtm_flags |= FIB_RULE_INVERT;
Actually ip rule delete without arguments deletes all rules.
Which could be a bug or feature depending on the user.
I can imagine somebody is doing something like deleting all rules
and putting in new ones for PBR.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] iproute: disallow ip rule del without parameters
2016-08-29 17:53 ` Stephen Hemminger
@ 2016-08-30 11:51 ` Michal Kubecek
2016-09-01 16:05 ` Stephen Hemminger
0 siblings, 1 reply; 4+ messages in thread
From: Michal Kubecek @ 2016-08-30 11:51 UTC (permalink / raw)
To: Stephen Hemminger; +Cc: Andrey Jr. Melnikov, Stephen Hemminger, netdev
On Mon, Aug 29, 2016 at 10:53:25AM -0700, Stephen Hemminger wrote:
> On Wed, 24 Aug 2016 23:43:00 +0300
> "Andrey Jr. Melnikov" <temnota.am@gmail.com> wrote:
>
> > Disallow run `ip rule del` without any parameter to avoid delete any first
> > rule from table.
...
> Actually ip rule delete without arguments deletes all rules.
> Which could be a bug or feature depending on the user.
> I can imagine somebody is doing something like deleting all rules
> and putting in new ones for PBR.
We have "ip rule flush" for that, don't we?
Michal Kubecek
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] iproute: disallow ip rule del without parameters
2016-08-30 11:51 ` Michal Kubecek
@ 2016-09-01 16:05 ` Stephen Hemminger
0 siblings, 0 replies; 4+ messages in thread
From: Stephen Hemminger @ 2016-09-01 16:05 UTC (permalink / raw)
To: Michal Kubecek; +Cc: Andrey Jr. Melnikov, Stephen Hemminger, netdev
On Tue, 30 Aug 2016 13:51:56 +0200
Michal Kubecek <mkubecek@suse.cz> wrote:
> On Mon, Aug 29, 2016 at 10:53:25AM -0700, Stephen Hemminger wrote:
> > On Wed, 24 Aug 2016 23:43:00 +0300
> > "Andrey Jr. Melnikov" <temnota.am@gmail.com> wrote:
> >
> > > Disallow run `ip rule del` without any parameter to avoid delete any first
> > > rule from table.
> ...
> > Actually ip rule delete without arguments deletes all rules.
> > Which could be a bug or feature depending on the user.
> > I can imagine somebody is doing something like deleting all rules
> > and putting in new ones for PBR.
>
> We have "ip rule flush" for that, don't we?
>
> Michal Kubecek
I went ahead and applied this, seemed better to give error than deleting
all rules.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2016-09-01 16:05 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-08-24 20:43 [PATCH] iproute: disallow ip rule del without parameters Andrey Jr. Melnikov
2016-08-29 17:53 ` Stephen Hemminger
2016-08-30 11:51 ` Michal Kubecek
2016-09-01 16:05 ` Stephen Hemminger
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.