1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2025-01-26 10:03:40 +03:00

Merge pull request #1948 from teg/networkd-fixes

sd-ndisc: drop packets from invalid source addresses
This commit is contained in:
David Herrmann 2015-11-19 01:45:19 +01:00
commit 25422154e8
3 changed files with 16 additions and 20 deletions

View File

@ -508,6 +508,9 @@ static int ndisc_router_advertisment_recv(sd_event_source *s, int fd, uint32_t r
return 0;
}
if (!in_addr_is_link_local(AF_INET6, (const union in_addr_union*) &router.in6.sin6_addr))
return 0;
if (ra->nd_ra_type != ND_ROUTER_ADVERT)
return 0;

View File

@ -626,6 +626,9 @@ void link_check_ready(Link *link) {
!link->dhcp4_configured && !link->dhcp6_configured))
return;
if (link_ipv6_accept_ra_enabled(link) && !link->ndisc_configured)
return;
SET_FOREACH(a, link->addresses, i)
if (!address_is_ready(a))
return;
@ -1923,7 +1926,6 @@ static int link_set_ipv6_privacy_extensions(Link *link) {
static int link_set_ipv6_accept_ra(Link *link) {
const char *p = NULL;
const char *v;
int r;
/* Make this a NOP if IPv6 is not available */
@ -1936,16 +1938,12 @@ static int link_set_ipv6_accept_ra(Link *link) {
if (!link->network)
return 0;
if (link_ipv6_accept_ra_enabled(link))
v = "1";
else
v = "0";
p = strjoina("/proc/sys/net/ipv6/conf/", link->ifname, "/accept_ra");
r = write_string_file(p, v, WRITE_STRING_FILE_VERIFY_ON_FAILURE);
/* We handle router advertisments ourselves, tell the kernel to GTFO */
r = write_string_file(p, "0", WRITE_STRING_FILE_VERIFY_ON_FAILURE);
if (r < 0)
log_link_warning_errno(link, r, "Cannot configure kernel IPv6 accept_ra for interface: %m");
log_link_warning_errno(link, r, "Cannot disable kernel IPv6 accept_ra for interface: %m");
return 0;
}
@ -2006,7 +2004,6 @@ static int link_set_ipv6_hop_limit(Link *link) {
return 0;
}
/*
static int link_drop_foreign_config(Link *link) {
Address *address;
Route *route;
@ -2014,6 +2011,7 @@ static int link_drop_foreign_config(Link *link) {
int r;
SET_FOREACH(address, link->addresses_foreign, i) {
/* we consider IPv6LL addresses to be managed by the kernel */
if (address->family == AF_INET6 && in_addr_is_link_local(AF_INET6, &address->in_addr) == 1)
continue;
@ -2023,6 +2021,7 @@ static int link_drop_foreign_config(Link *link) {
}
SET_FOREACH(route, link->routes_foreign, i) {
/* do not touch routes managed by the kernel */
if (route->protocol == RTPROT_KERNEL)
continue;
@ -2033,7 +2032,6 @@ static int link_drop_foreign_config(Link *link) {
return 0;
}
*/
static int link_configure(Link *link) {
int r;
@ -2042,11 +2040,9 @@ static int link_configure(Link *link) {
assert(link->network);
assert(link->state == LINK_STATE_PENDING);
/*
r = link_drop_foreign_config(link);
if (r < 0)
return r;
*/
r = link_set_bridge_fdb(link);
if (r < 0)

View File

@ -26,7 +26,7 @@
#include "sd-ndisc.h"
#include "networkd-link.h"
/*
static int ndisc_netlink_handler(sd_netlink *rtnl, sd_netlink_message *m, void *userdata) {
_cleanup_link_unref_ Link *link = userdata;
int r;
@ -77,6 +77,7 @@ static void ndisc_prefix_autonomous_handler(sd_ndisc *nd, const struct in6_addr
if (in_addr_is_null(AF_INET6, (const union in_addr_union *) &link->network->ipv6_token) == 0)
memcpy(((char *)&address->in_addr.in6) + 8, ((char *)&link->network->ipv6_token) + 8, 8);
else {
/* see RFC4291 section 2.5.1 */
address->in_addr.in6.__in6_u.__u6_addr8[8] = link->mac.ether_addr_octet[0];
address->in_addr.in6.__in6_u.__u6_addr8[8] ^= 1 << 1;
address->in_addr.in6.__in6_u.__u6_addr8[9] = link->mac.ether_addr_octet[1];
@ -139,12 +140,11 @@ static void ndisc_prefix_onlink_handler(sd_ndisc *nd, const struct in6_addr *pre
link->ndisc_messages ++;
}
*/
static void ndisc_router_handler(sd_ndisc *nd, uint8_t flags, const struct in6_addr *gateway, unsigned lifetime, int pref, void *userdata) {
_cleanup_route_free_ Route *route = NULL;
Link *link = userdata;
/* usec_t time_now; */
usec_t time_now;
int r;
assert(link);
@ -163,8 +163,6 @@ static void ndisc_router_handler(sd_ndisc *nd, uint8_t flags, const struct in6_a
log_link_warning_errno(link, r, "Starting DHCPv6 client on NDisc request failed: %m");
}
return;
/*
if (!gateway)
return;
@ -191,7 +189,6 @@ static void ndisc_router_handler(sd_ndisc *nd, uint8_t flags, const struct in6_a
}
link->ndisc_messages ++;
*/
}
static void ndisc_handler(sd_ndisc *nd, int event, void *userdata) {
@ -245,8 +242,8 @@ int ndisc_configure(Link *link) {
r = sd_ndisc_set_callback(link->ndisc_router_discovery,
ndisc_router_handler,
NULL,
NULL,
ndisc_prefix_onlink_handler,
ndisc_prefix_autonomous_handler,
ndisc_handler,
link);