mirror of
https://github.com/systemd/systemd.git
synced 2024-12-25 01:34:28 +03:00
Merge pull request #17834 from yuwata/network-ipv6-reject-type-route
network: handle IPv6 routes with reject type correctly
This commit is contained in:
commit
a2c2421a05
@ -279,6 +279,7 @@ static int dhcp6_set_pd_route(Link *link, const union in_addr_union *prefix, con
|
||||
route->family = AF_INET6;
|
||||
route->dst = *prefix;
|
||||
route->dst_prefixlen = 64;
|
||||
route->protocol = RTPROT_DHCP;
|
||||
|
||||
r = route_configure(route, link, dhcp6_pd_route_handler, &ret);
|
||||
if (r < 0)
|
||||
@ -826,6 +827,7 @@ static int dhcp6_set_unreachable_route(Link *link, const union in_addr_union *ad
|
||||
route->dst_prefixlen = prefixlen;
|
||||
route->table = link_get_dhcp_route_table(link);
|
||||
route->type = RTN_UNREACHABLE;
|
||||
route->protocol = RTPROT_DHCP;
|
||||
|
||||
r = route_configure(route, link, dhcp6_route_handler, &ret);
|
||||
if (r < 0)
|
||||
|
@ -575,6 +575,12 @@ static int route_add(Manager *manager, Link *link, const Route *in, const Multip
|
||||
return 0;
|
||||
}
|
||||
|
||||
static bool route_type_is_reject(const Route *route) {
|
||||
assert(route);
|
||||
|
||||
return IN_SET(route->type, RTN_UNREACHABLE, RTN_PROHIBIT, RTN_BLACKHOLE, RTN_THROW);
|
||||
}
|
||||
|
||||
static int route_set_netlink_message(const Route *route, sd_netlink_message *req, Link *link) {
|
||||
unsigned flags;
|
||||
int r;
|
||||
@ -660,7 +666,7 @@ static int route_set_netlink_message(const Route *route, sd_netlink_message *req
|
||||
if (r < 0)
|
||||
return log_link_error_errno(link, r, "Could not set route type: %m");
|
||||
|
||||
if (!IN_SET(route->type, RTN_UNREACHABLE, RTN_PROHIBIT, RTN_BLACKHOLE, RTN_THROW)) {
|
||||
if (!route_type_is_reject(route)) {
|
||||
assert(link); /* Those routes must be attached to a specific link */
|
||||
|
||||
r = sd_netlink_message_append_u32(req, RTA_OIF, link->ifindex);
|
||||
@ -927,7 +933,7 @@ static int route_add_and_setup_timer(Link *link, const Route *route, const Multi
|
||||
assert(link);
|
||||
assert(route);
|
||||
|
||||
if (IN_SET(route->type, RTN_UNREACHABLE, RTN_PROHIBIT, RTN_BLACKHOLE, RTN_THROW))
|
||||
if (route_type_is_reject(route))
|
||||
r = route_add(link->manager, NULL, route, NULL, &nr);
|
||||
else if (!m || m->ifindex == 0 || m->ifindex == link->ifindex)
|
||||
r = route_add(NULL, link, route, m, &nr);
|
||||
@ -1576,6 +1582,12 @@ int manager_rtnl_process_route(sd_netlink *rtnl, sd_netlink_message *message, Ma
|
||||
}
|
||||
}
|
||||
|
||||
/* IPv6 routes with reject type are always assigned to the loopback interface. See kernel's
|
||||
* fib6_nh_init() in net/ipv6/route.c. However, we'd like to manage them by Manager. Hence, set
|
||||
* link to NULL here. */
|
||||
if (route_type_is_reject(tmp))
|
||||
link = NULL;
|
||||
|
||||
if (ordered_set_isempty(multipath_routes))
|
||||
(void) process_route_one(m, link, type, tmp, NULL);
|
||||
else {
|
||||
|
@ -48,6 +48,18 @@ Destination=202.54.1.3
|
||||
Type=prohibit
|
||||
Destination=202.54.1.4
|
||||
|
||||
[Route]
|
||||
Type=blackhole
|
||||
Destination=2001:1234:5678::2
|
||||
|
||||
[Route]
|
||||
Type=unreachable
|
||||
Destination=2001:1234:5678::3
|
||||
|
||||
[Route]
|
||||
Type=prohibit
|
||||
Destination=2001:1234:5678::4
|
||||
|
||||
[Route]
|
||||
Type=local
|
||||
Destination=149.10.123.1
|
||||
|
@ -2216,6 +2216,21 @@ class NetworkdNetworkTests(unittest.TestCase, Utilities):
|
||||
print(output)
|
||||
self.assertRegex(output, 'prohibit 202.54.1.4 proto static')
|
||||
|
||||
print('### ip -6 route show type blackhole')
|
||||
output = check_output('ip -6 route show type blackhole')
|
||||
print(output)
|
||||
self.assertIn('blackhole 2001:1234:5678::2 dev lo proto static', output)
|
||||
|
||||
print('### ip -6 route show type unreachable')
|
||||
output = check_output('ip -6 route show type unreachable')
|
||||
print(output)
|
||||
self.assertIn('unreachable 2001:1234:5678::3 dev lo proto static', output)
|
||||
|
||||
print('### ip -6 route show type prohibit')
|
||||
output = check_output('ip -6 route show type prohibit')
|
||||
print(output)
|
||||
self.assertIn('prohibit 2001:1234:5678::4 dev lo proto static', output)
|
||||
|
||||
print('### ip route show 192.168.10.1')
|
||||
output = check_output('ip route show 192.168.10.1')
|
||||
print(output)
|
||||
@ -2242,6 +2257,7 @@ class NetworkdNetworkTests(unittest.TestCase, Utilities):
|
||||
|
||||
copy_unit_to_networkd_unit_path('25-address-static.network')
|
||||
check_output(*networkctl_cmd, 'reload', env=env)
|
||||
time.sleep(1)
|
||||
self.wait_online(['dummy98:routable'])
|
||||
|
||||
# check all routes managed by Manager are removed
|
||||
@ -2260,8 +2276,24 @@ class NetworkdNetworkTests(unittest.TestCase, Utilities):
|
||||
print(output)
|
||||
self.assertEqual(output, '')
|
||||
|
||||
print('### ip -6 route show type blackhole')
|
||||
output = check_output('ip -6 route show type blackhole')
|
||||
print(output)
|
||||
self.assertEqual(output, '')
|
||||
|
||||
print('### ip -6 route show type unreachable')
|
||||
output = check_output('ip -6 route show type unreachable')
|
||||
print(output)
|
||||
self.assertEqual(output, '')
|
||||
|
||||
print('### ip -6 route show type prohibit')
|
||||
output = check_output('ip -6 route show type prohibit')
|
||||
print(output)
|
||||
self.assertEqual(output, '')
|
||||
|
||||
remove_unit_from_networkd_path(['25-address-static.network'])
|
||||
check_output(*networkctl_cmd, 'reload', env=env)
|
||||
time.sleep(1)
|
||||
self.wait_online(['dummy98:routable'])
|
||||
|
||||
# check all routes managed by Manager are reconfigured
|
||||
@ -2280,6 +2312,21 @@ class NetworkdNetworkTests(unittest.TestCase, Utilities):
|
||||
print(output)
|
||||
self.assertRegex(output, 'prohibit 202.54.1.4 proto static')
|
||||
|
||||
print('### ip -6 route show type blackhole')
|
||||
output = check_output('ip -6 route show type blackhole')
|
||||
print(output)
|
||||
self.assertIn('blackhole 2001:1234:5678::2 dev lo proto static', output)
|
||||
|
||||
print('### ip -6 route show type unreachable')
|
||||
output = check_output('ip -6 route show type unreachable')
|
||||
print(output)
|
||||
self.assertIn('unreachable 2001:1234:5678::3 dev lo proto static', output)
|
||||
|
||||
print('### ip -6 route show type prohibit')
|
||||
output = check_output('ip -6 route show type prohibit')
|
||||
print(output)
|
||||
self.assertIn('prohibit 2001:1234:5678::4 dev lo proto static', output)
|
||||
|
||||
rc = call("ip link del dummy98")
|
||||
self.assertEqual(rc, 0)
|
||||
time.sleep(2)
|
||||
@ -2300,6 +2347,21 @@ class NetworkdNetworkTests(unittest.TestCase, Utilities):
|
||||
print(output)
|
||||
self.assertEqual(output, '')
|
||||
|
||||
print('### ip -6 route show type blackhole')
|
||||
output = check_output('ip -6 route show type blackhole')
|
||||
print(output)
|
||||
self.assertEqual(output, '')
|
||||
|
||||
print('### ip -6 route show type unreachable')
|
||||
output = check_output('ip -6 route show type unreachable')
|
||||
print(output)
|
||||
self.assertEqual(output, '')
|
||||
|
||||
print('### ip -6 route show type prohibit')
|
||||
output = check_output('ip -6 route show type prohibit')
|
||||
print(output)
|
||||
self.assertEqual(output, '')
|
||||
|
||||
@expectedFailureIfRTA_VIAIsNotSupported()
|
||||
def test_route_via_ipv6(self):
|
||||
copy_unit_to_networkd_unit_path('25-route-via-ipv6.network', '12-dummy.netdev')
|
||||
|
Loading…
Reference in New Issue
Block a user