diff options
| author | Martin Pieuchot <mpi@cvs.openbsd.org> | 2014-07-29 12:18:42 +0000 |
|---|---|---|
| committer | Martin Pieuchot <mpi@cvs.openbsd.org> | 2014-07-29 12:18:42 +0000 |
| commit | 65bec93bcec0083b289219fcf3518d1992185999 (patch) | |
| tree | a9c9017dffae5672d7b105e8faafe60d39c346f3 | |
| parent | d0e10dcabf3908f4d4cc49c891cc17fa5804019f (diff) | |
Revert the checks about RTF_LOCAL routes.
Even if in the end we would like to be more strict about what userland
can do with kernel-managed route entries, most of the tools out there
are not yet ready for this. Since RTF_LOCAL routes are for the moment
just like RTF_LLINFO routes without expire timer, allow userland tools
to remove/modify them. In case they are missing, the good old cloning
mechanism will recreate what you need.
bluhm@ and deraadt@ agree.
| -rw-r--r-- | sys/net/route.c | 10 | ||||
| -rw-r--r-- | sys/net/route.h | 4 | ||||
| -rw-r--r-- | sys/net/rtsock.c | 11 |
3 files changed, 5 insertions, 20 deletions
diff --git a/sys/net/route.c b/sys/net/route.c index 1f8f7635b89..a8b6dd36433 100644 --- a/sys/net/route.c +++ b/sys/net/route.c @@ -1,4 +1,4 @@ -/* $OpenBSD: route.c,v 1.174 2014/07/12 18:44:22 tedu Exp $ */ +/* $OpenBSD: route.c,v 1.175 2014/07/29 12:18:41 mpi Exp $ */ /* $NetBSD: route.c,v 1.14 1996/02/13 22:00:46 christos Exp $ */ /* @@ -787,14 +787,6 @@ rtrequest1(int req, struct rt_addrinfo *info, u_int8_t prio, } #endif - /* - * Since RTP_LOCAL cannot be set by userland, make - * sure that local routes are only modified by the - * kernel. - */ - if (rt->rt_flags & RTF_LOCAL && prio != RTP_LOCAL) - senderr(EINVAL); - if ((rn = rnh->rnh_deladdr(info->rti_info[RTAX_DST], info->rti_info[RTAX_NETMASK], rnh, rn)) == NULL) senderr(ESRCH); diff --git a/sys/net/route.h b/sys/net/route.h index 1523a56da1d..94299336e5f 100644 --- a/sys/net/route.h +++ b/sys/net/route.h @@ -1,4 +1,4 @@ -/* $OpenBSD: route.h,v 1.94 2014/05/09 09:23:56 mpi Exp $ */ +/* $OpenBSD: route.h,v 1.95 2014/07/29 12:18:41 mpi Exp $ */ /* $NetBSD: route.h,v 1.9 1996/02/13 22:00:49 christos Exp $ */ /* @@ -142,7 +142,7 @@ struct rtentry { /* mask of RTF flags that are allowed to be modified by RTM_CHANGE */ #define RTF_FMASK \ (RTF_PROTO1 | RTF_PROTO2 | RTF_PROTO3 | RTF_BLACKHOLE | \ - RTF_REJECT | RTF_STATIC | RTF_MPLS) + RTF_REJECT | RTF_STATIC | RTF_MPLS | RTF_LOCAL | RTF_BROADCAST) /* Routing priorities used by the different routing protocols */ #define RTP_NONE 0 /* unset priority use sane default */ diff --git a/sys/net/rtsock.c b/sys/net/rtsock.c index 834238dbcba..6ac074a7421 100644 --- a/sys/net/rtsock.c +++ b/sys/net/rtsock.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rtsock.c,v 1.149 2014/07/12 18:44:22 tedu Exp $ */ +/* $OpenBSD: rtsock.c,v 1.150 2014/07/29 12:18:41 mpi Exp $ */ /* $NetBSD: rtsock.c,v 1.18 1996/03/29 00:32:10 cgd Exp $ */ /* @@ -533,20 +533,13 @@ route_output(struct mbuf *m, ...) } - /* Do not let userland play with kernel-only flags. */ - if ((rtm->rtm_flags & (RTF_LOCAL|RTF_BROADCAST)) != 0) { - error = EINVAL; - goto fail; - } - /* make sure that kernel-only bits are not set */ rtm->rtm_priority &= RTP_MASK; rtm->rtm_flags &= ~(RTF_DONE|RTF_CLONED); rtm->rtm_fmask &= RTF_FMASK; if (rtm->rtm_priority != 0) { - if (rtm->rtm_priority > RTP_MAX || - rtm->rtm_priority == RTP_LOCAL) { + if (rtm->rtm_priority > RTP_MAX) { error = EINVAL; goto fail; } |