* [PATCH net-next] net: Set strict_start_type for routes and rules
@ 2019-05-22 19:07 David Ahern
2019-05-23 0:55 ` David Miller
0 siblings, 1 reply; 2+ messages in thread
From: David Ahern @ 2019-05-22 19:07 UTC (permalink / raw)
To: davem; +Cc: netdev, David Ahern
From: David Ahern <dsahern@gmail.com>
New userspace on an older kernel can send unknown and unsupported
attributes resulting in an incompelete config which is almost
always wrong for routing (few exceptions are passthrough settings
like the protocol that installed the route).
Set strict_start_type in the policies for IPv4 and IPv6 routes and
rules to detect new, unsupported attributes and fail the route add.
Signed-off-by: David Ahern <dsahern@gmail.com>
---
include/net/fib_rules.h | 1 +
net/ipv4/fib_frontend.c | 1 +
net/ipv6/route.c | 1 +
3 files changed, 3 insertions(+)
diff --git a/include/net/fib_rules.h b/include/net/fib_rules.h
index b473df5b9512..eba8465e1d86 100644
--- a/include/net/fib_rules.h
+++ b/include/net/fib_rules.h
@@ -103,6 +103,7 @@ struct fib_rule_notifier_info {
};
#define FRA_GENERIC_POLICY \
+ [FRA_UNSPEC] = { .strict_start_type = FRA_DPORT_RANGE + 1 }, \
[FRA_IIFNAME] = { .type = NLA_STRING, .len = IFNAMSIZ - 1 }, \
[FRA_OIFNAME] = { .type = NLA_STRING, .len = IFNAMSIZ - 1 }, \
[FRA_PRIORITY] = { .type = NLA_U32 }, \
diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c
index b298255f6fdb..7325c0265c5b 100644
--- a/net/ipv4/fib_frontend.c
+++ b/net/ipv4/fib_frontend.c
@@ -645,6 +645,7 @@ int ip_rt_ioctl(struct net *net, unsigned int cmd, struct rtentry *rt)
}
const struct nla_policy rtm_ipv4_policy[RTA_MAX + 1] = {
+ [RTA_UNSPEC] = { .strict_start_type = RTA_DPORT + 1 },
[RTA_DST] = { .type = NLA_U32 },
[RTA_SRC] = { .type = NLA_U32 },
[RTA_IIF] = { .type = NLA_U32 },
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index 7a014ca877ed..c302a3832582 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -4221,6 +4221,7 @@ void rt6_mtu_change(struct net_device *dev, unsigned int mtu)
}
static const struct nla_policy rtm_ipv6_policy[RTA_MAX+1] = {
+ [RTA_UNSPEC] = { .strict_start_type = RTA_DPORT + 1 },
[RTA_GATEWAY] = { .len = sizeof(struct in6_addr) },
[RTA_PREFSRC] = { .len = sizeof(struct in6_addr) },
[RTA_OIF] = { .type = NLA_U32 },
--
2.11.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH net-next] net: Set strict_start_type for routes and rules
2019-05-22 19:07 [PATCH net-next] net: Set strict_start_type for routes and rules David Ahern
@ 2019-05-23 0:55 ` David Miller
0 siblings, 0 replies; 2+ messages in thread
From: David Miller @ 2019-05-23 0:55 UTC (permalink / raw)
To: dsahern; +Cc: netdev, dsahern
From: David Ahern <dsahern@kernel.org>
Date: Wed, 22 May 2019 12:07:43 -0700
> From: David Ahern <dsahern@gmail.com>
>
> New userspace on an older kernel can send unknown and unsupported
> attributes resulting in an incompelete config which is almost
> always wrong for routing (few exceptions are passthrough settings
> like the protocol that installed the route).
>
> Set strict_start_type in the policies for IPv4 and IPv6 routes and
> rules to detect new, unsupported attributes and fail the route add.
>
> Signed-off-by: David Ahern <dsahern@gmail.com>
Applied.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-05-23 0:55 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-05-22 19:07 [PATCH net-next] net: Set strict_start_type for routes and rules David Ahern
2019-05-23 0:55 ` David Miller
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.