shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2025-03-21 02:50:18 +03:00
Code

network: ndisc: do not drop all prefixes when a prefix matches a blacklist

Browse Source 
Fixes #13767.
This commit is contained in:
Yu Watanabe 2019-10-14 02:00:47 +09:00
parent c94f7809e3
commit 55d3fdcf5e
1 changed files with 19 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
src/network/networkd-ndisc.c
View File

@ -546,6 +546,7 @@ static int ndisc_router_process_options(Link *link, sd_ndisc_router *rt) {
int r;
assert(link);
assert(link->network);
assert(rt);
r = sd_ndisc_router_option_rewind(rt);
@ -564,8 +565,24 @@ static int ndisc_router_process_options(Link *link, sd_ndisc_router *rt) {
switch (type) {
case SD_NDISC_OPTION_PREFIX_INFORMATION: {
union in_addr_union a;
uint8_t flags;
r = sd_ndisc_router_prefix_get_address(rt, &a.in6);
if (r < 0)
return log_link_error_errno(link, r, "Failed to get prefix address: %m");
if (set_contains(link->network->ndisc_black_listed_prefix, &a.in6)) {
if (DEBUG_LOGGING) {
_cleanup_free_ char *b = NULL;
(void) in_addr_to_string(AF_INET6, &a, &b);
log_link_debug(link, "Prefix '%s' is black listed, ignoring", strna(b));
}
break;
}
r = sd_ndisc_router_prefix_get_flags(rt, &flags);
if (r < 0)
return log_link_warning_errno(link, r, "Failed to get RA prefix flags: %m");
@ -602,46 +619,6 @@ static int ndisc_router_process_options(Link *link, sd_ndisc_router *rt) {
return 0;
}
static int ndisc_prefix_is_black_listed(Link *link, sd_ndisc_router *rt) {
int r;
assert(link);
assert(link->network);
assert(rt);
for (r = sd_ndisc_router_option_rewind(rt); ; r = sd_ndisc_router_option_next(rt)) {
union in_addr_union a;
uint8_t type;
if (r < 0)
return log_link_warning_errno(link, r, "Failed to iterate through options: %m");
if (r == 0) /* EOF */
return false;
r = sd_ndisc_router_option_get_type(rt, &type);
if (r < 0)
return log_link_warning_errno(link, r, "Failed to get RA option type: %m");
if (type != SD_NDISC_OPTION_PREFIX_INFORMATION)
continue;
r = sd_ndisc_router_prefix_get_address(rt, &a.in6);
if (r < 0)
return log_link_error_errno(link, r, "Failed to get prefix address: %m");
if (set_contains(link->network->ndisc_black_listed_prefix, &a.in6)) {
if (DEBUG_LOGGING) {
_cleanup_free_ char *b = NULL;
(void) in_addr_to_string(AF_INET6, &a, &b);
log_link_debug(link, "Prefix '%s' is black listed, ignoring", strna(b));
}
return true;
}
}
}
static int ndisc_router_handler(Link *link, sd_ndisc_router *rt) {
uint64_t flags;
int r;
@ -666,10 +643,8 @@ static int ndisc_router_handler(Link *link, sd_ndisc_router *rt) {
}
}
if (ndisc_prefix_is_black_listed(link, rt) == 0) {
(void) ndisc_router_process_default(link, rt);
(void) ndisc_router_process_options(link, rt);
}
(void) ndisc_router_process_default(link, rt);
(void) ndisc_router_process_options(link, rt);
return r;
}