diff options
| author |   jmatthew <jmatthew@openbsd.org> | 2020-08-13 04:58:22 +0000 |
|---|---|---|
| committer | jmatthew <jmatthew@openbsd.org> | 2020-08-13 04:58:22 +0000 |
| commit | 4c63d617cbdbc2c44ee77e078a057f32495b5bc5 (patch) | |
| tree | 4953de7834c775da38bd12d6669802dfcf9aabf5 /sys/net/rtsock.c | |
| parent | Use rtm_miss() rather than the simpler rtm_send() to send route delete (diff) | |
| download | wireguard-openbsd-4c63d617cbdbc2c44ee77e078a057f32495b5bc5.tar.xz wireguard-openbsd-4c63d617cbdbc2c44ee77e078a057f32495b5bc5.zip | |
Add a ROUTE_FLAGFILTER socket option for routing sockets, allowing
filtering out messages for routes with flags matching any bit in a mask.
This allows routing daemons to opt out of receiving messages for L2 and
broadcast route entries, which they currently discard.
ok dlg@ sthen@ deraadt@
Diffstat (limited to 'sys/net/rtsock.c')
| -rw-r--r-- | sys/net/rtsock.c | 23 |
1 files changed, 19 insertions, 4 deletions
diff --git a/sys/net/rtsock.c b/sys/net/rtsock.c index 9d4ccadd4e2..fa84ddc25e5 100644 --- a/sys/net/rtsock.c +++ b/sys/net/rtsock.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rtsock.c,v 1.299 2020/06/24 22:03:42 cheloha Exp $ */ +/* $OpenBSD: rtsock.c,v 1.300 2020/08/13 04:58:22 jmatthew Exp $ */ /* $NetBSD: rtsock.c,v 1.18 1996/03/29 00:32:10 cgd Exp $ */ /* @@ -145,6 +145,7 @@ struct rtpcb { struct refcnt rop_refcnt; struct timeout rop_timeout; unsigned int rop_msgfilter; + unsigned int rop_flagfilter; unsigned int rop_flags; u_int rop_rtableid; unsigned short rop_proto; @@ -402,6 +403,12 @@ route_ctloutput(int op, struct socket *so, int level, int optname, else rop->rop_priority = prio; break; + case ROUTE_FLAGFILTER: + if (m == NULL || m->m_len != sizeof(unsigned int)) + error = EINVAL; + else + rop->rop_flagfilter = *mtod(m, unsigned int *); + break; default: error = ENOPROTOOPT; break; @@ -421,6 +428,10 @@ route_ctloutput(int op, struct socket *so, int level, int optname, m->m_len = sizeof(unsigned int); *mtod(m, unsigned int *) = rop->rop_priority; break; + case ROUTE_FLAGFILTER: + m->m_len = sizeof(unsigned int); + *mtod(m, unsigned int *) = rop->rop_flagfilter; + break; default: error = ENOPROTOOPT; break; @@ -516,9 +527,13 @@ next: /* filter messages that the process does not want */ rtm = mtod(m, struct rt_msghdr *); /* but RTM_DESYNC can't be filtered */ - if (rtm->rtm_type != RTM_DESYNC && rop->rop_msgfilter != 0 && - !(rop->rop_msgfilter & (1 << rtm->rtm_type))) - goto next; + if (rtm->rtm_type != RTM_DESYNC) { + if (rop->rop_msgfilter != 0 && + !(rop->rop_msgfilter & (1 << rtm->rtm_type))) + goto next; + if (ISSET(rop->rop_flagfilter, rtm->rtm_flags)) + goto next; + } switch (rtm->rtm_type) { case RTM_IFANNOUNCE: case RTM_DESYNC: |