diff options
| author |   claudio <claudio@openbsd.org> | 2020-12-29 09:20:25 +0000 |
|---|---|---|
| committer | claudio <claudio@openbsd.org> | 2020-12-29 09:20:25 +0000 |
| commit | 97f2ad9b389f9eaba8da9a324c48028b3c7511a3 (patch) | |
| tree | c3cf2ab452fa24038ab9f8cf220f8a021ce9a37e | |
| parent | Adapt to replacement of sntrup4591761x25519-sha512@tinyssh.org with (diff) | |
| download | wireguard-openbsd-97f2ad9b389f9eaba8da9a324c48028b3c7511a3.tar.xz wireguard-openbsd-97f2ad9b389f9eaba8da9a324c48028b3c7511a3.zip | |
Only skip routes with a loopback gateway for network static and connected.
For network rtlabel and priority skip this check since there the operator
may actually want to distribute this network explicitly (even though it is
probably a reject or blackhole route).
Requested by dlg@ OK benno@
| -rw-r--r-- | usr.sbin/bgpd/kroute.c | 31 |
1 files changed, 19 insertions, 12 deletions
diff --git a/usr.sbin/bgpd/kroute.c b/usr.sbin/bgpd/kroute.c index b95f4f922cc..eab13d97871 100644 --- a/usr.sbin/bgpd/kroute.c +++ b/usr.sbin/bgpd/kroute.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kroute.c,v 1.239 2019/10/01 08:57:48 claudio Exp $ */ +/* $OpenBSD: kroute.c,v 1.240 2020/12/29 09:20:25 claudio Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -110,7 +110,7 @@ int kr6_delete(struct ktable *, struct kroute_full *, u_int8_t); int krVPN4_delete(struct ktable *, struct kroute_full *, u_int8_t); int krVPN6_delete(struct ktable *, struct kroute_full *, u_int8_t); void kr_net_delete(struct network *); -int kr_net_match(struct ktable *, struct network_config *, u_int16_t); +int kr_net_match(struct ktable *, struct network_config *, u_int16_t, int); struct network *kr_net_find(struct ktable *, struct network *); void kr_net_clear(struct ktable *); void kr_redistribute(int, struct ktable *, struct kroute *); @@ -1318,7 +1318,8 @@ kr_net_redist_del(struct ktable *kt, struct network_config *net, int dynamic) } int -kr_net_match(struct ktable *kt, struct network_config *net, u_int16_t flags) +kr_net_match(struct ktable *kt, struct network_config *net, u_int16_t flags, + int loopback) { struct network *xn; @@ -1330,10 +1331,16 @@ kr_net_match(struct ktable *kt, struct network_config *net, u_int16_t flags) /* static match already redistributed */ continue; case NETWORK_STATIC: + /* Skip networks with nexthop on loopback. */ + if (loopback) + continue; if (flags & F_STATIC) break; continue; case NETWORK_CONNECTED: + /* Skip networks with nexthop on loopback. */ + if (loopback) + continue; if (flags & F_CONNECTED) break; continue; @@ -1419,6 +1426,7 @@ kr_redistribute(int type, struct ktable *kt, struct kroute *kr) { struct network_config net; u_int32_t a; + int loflag = 0; bzero(&net, sizeof(net)); net.prefix.aid = AID_INET; @@ -1449,9 +1457,9 @@ kr_redistribute(int type, struct ktable *kt, struct kroute *kr) (a >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET) return; - /* Consider networks with nexthop loopback as not redistributable. */ + /* Check if the nexthop is the loopback addr. */ if (kr->nexthop.s_addr == htonl(INADDR_LOOPBACK)) - return; + loflag = 1; /* * never allow 0.0.0.0/0 the default route can only be redistributed @@ -1460,7 +1468,7 @@ kr_redistribute(int type, struct ktable *kt, struct kroute *kr) if (kr->prefix.s_addr == INADDR_ANY && kr->prefixlen == 0) return; - if (kr_net_match(kt, &net, kr->flags) == 0) + if (kr_net_match(kt, &net, kr->flags, loflag) == 0) /* no longer matches, if still present remove it */ kr_net_redist_del(kt, &net, 1); } @@ -1468,7 +1476,8 @@ kr_redistribute(int type, struct ktable *kt, struct kroute *kr) void kr_redistribute6(int type, struct ktable *kt, struct kroute6 *kr6) { - struct network_config net; + struct network_config net; + int loflag = 0; bzero(&net, sizeof(net)); net.prefix.aid = AID_INET6; @@ -1503,11 +1512,9 @@ kr_redistribute6(int type, struct ktable *kt, struct kroute6 *kr6) IN6_IS_ADDR_V4COMPAT(&kr6->prefix)) return; - /* - * Consider networks with nexthop loopback as not redistributable. - */ + /* Check if the nexthop is the loopback addr. */ if (IN6_IS_ADDR_LOOPBACK(&kr6->nexthop)) - return; + loflag = 1; /* * never allow ::/0 the default route can only be redistributed @@ -1517,7 +1524,7 @@ kr_redistribute6(int type, struct ktable *kt, struct kroute6 *kr6) memcmp(&kr6->prefix, &in6addr_any, sizeof(struct in6_addr)) == 0) return; - if (kr_net_match(kt, &net, kr6->flags) == 0) + if (kr_net_match(kt, &net, kr6->flags, loflag) == 0) /* no longer matches, if still present remove it */ kr_net_redist_del(kt, &net, 1); } |