Except for special protocols (nowadays only the kernel syncer), don't
export host and link scope routes.
This commit is contained in:
parent
dff1f57917
commit
0da472d7e8
4 changed files with 15 additions and 13 deletions
|
@ -91,6 +91,7 @@ proto_new(struct proto_config *c, unsigned size)
|
||||||
p->table = c->table->table;
|
p->table = c->table->table;
|
||||||
p->in_filter = c->in_filter;
|
p->in_filter = c->in_filter;
|
||||||
p->out_filter = c->out_filter;
|
p->out_filter = c->out_filter;
|
||||||
|
p->min_scope = SCOPE_SITE;
|
||||||
c->proto = p;
|
c->proto = p;
|
||||||
return p;
|
return p;
|
||||||
}
|
}
|
||||||
|
|
|
@ -98,6 +98,7 @@ struct proto {
|
||||||
char *name; /* Name of this instance (== cf->name) */
|
char *name; /* Name of this instance (== cf->name) */
|
||||||
unsigned debug; /* Debugging flags */
|
unsigned debug; /* Debugging flags */
|
||||||
unsigned preference; /* Default route preference */
|
unsigned preference; /* Default route preference */
|
||||||
|
int min_scope; /* Minimal route scope accepted */
|
||||||
unsigned disabled; /* Manually disabled */
|
unsigned disabled; /* Manually disabled */
|
||||||
unsigned proto_state; /* Protocol state machine (see below) */
|
unsigned proto_state; /* Protocol state machine (see below) */
|
||||||
unsigned core_state; /* Core state machine (see below) */
|
unsigned core_state; /* Core state machine (see below) */
|
||||||
|
|
|
@ -102,7 +102,7 @@ rte_better(rte *new, rte *old)
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline void
|
static inline void
|
||||||
do_rte_announce(struct announce_hook *a, net *net, rte *new, rte *old, ea_list *tmpa)
|
do_rte_announce(struct announce_hook *a, net *net, rte *new, rte *old, ea_list *tmpa, int class)
|
||||||
{
|
{
|
||||||
struct proto *p = a->proto;
|
struct proto *p = a->proto;
|
||||||
rte *new0 = new;
|
rte *new0 = new;
|
||||||
|
@ -110,8 +110,9 @@ do_rte_announce(struct announce_hook *a, net *net, rte *new, rte *old, ea_list *
|
||||||
|
|
||||||
if (new)
|
if (new)
|
||||||
{
|
{
|
||||||
int ok = p->import_control ? p->import_control(p, &new, &tmpa, rte_update_pool) : 0;
|
int ok;
|
||||||
if (ok < 0 ||
|
if ((class & IADDR_SCOPE_MASK) < p->min_scope ||
|
||||||
|
(ok = p->import_control ? p->import_control(p, &new, &tmpa, rte_update_pool) : 0) < 0 ||
|
||||||
(!ok && (p->out_filter == FILTER_REJECT ||
|
(!ok && (p->out_filter == FILTER_REJECT ||
|
||||||
p->out_filter && f_run(p->out_filter, &new, &tmpa, rte_update_pool) > F_MODIFY)
|
p->out_filter && f_run(p->out_filter, &new, &tmpa, rte_update_pool) > F_MODIFY)
|
||||||
)
|
)
|
||||||
|
@ -142,11 +143,12 @@ static void
|
||||||
rte_announce(rtable *tab, net *net, rte *new, rte *old, ea_list *tmpa)
|
rte_announce(rtable *tab, net *net, rte *new, rte *old, ea_list *tmpa)
|
||||||
{
|
{
|
||||||
struct announce_hook *a;
|
struct announce_hook *a;
|
||||||
|
int class = ipa_classify(net->n.prefix);
|
||||||
|
|
||||||
WALK_LIST(a, tab->hooks)
|
WALK_LIST(a, tab->hooks)
|
||||||
{
|
{
|
||||||
ASSERT(a->proto->core_state == FS_HAPPY || a->proto->core_state == FS_FEEDING);
|
ASSERT(a->proto->core_state == FS_HAPPY || a->proto->core_state == FS_FEEDING);
|
||||||
do_rte_announce(a, net, new, old, tmpa);
|
do_rte_announce(a, net, new, old, tmpa, class);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -169,7 +171,7 @@ rt_feed_baby(struct proto *p)
|
||||||
{
|
{
|
||||||
struct proto *q = e->attrs->proto;
|
struct proto *q = e->attrs->proto;
|
||||||
ea_list *tmpa = q->make_tmp_attrs ? q->make_tmp_attrs(e, rte_update_pool) : NULL;
|
ea_list *tmpa = q->make_tmp_attrs ? q->make_tmp_attrs(e, rte_update_pool) : NULL;
|
||||||
do_rte_announce(h, n, e, NULL, tmpa);
|
do_rte_announce(h, n, e, NULL, tmpa, ipa_classify(n->n.prefix));
|
||||||
lp_flush(rte_update_pool);
|
lp_flush(rte_update_pool);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -195,15 +197,12 @@ rte_validate(rte *e)
|
||||||
n->n.prefix, n->n.pxlen, e->attrs->from, e->attrs->proto->name);
|
n->n.prefix, n->n.pxlen, e->attrs->from, e->attrs->proto->name);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
if ((c & IADDR_SCOPE_MASK) == SCOPE_HOST)
|
if ((c & IADDR_SCOPE_MASK) < e->attrs->proto->min_scope)
|
||||||
{
|
{
|
||||||
int s = e->attrs->source;
|
log(L_WARN "Ignoring %s scope route %I/%d received from %I via %s",
|
||||||
if (s != RTS_STATIC && s != RTS_DEVICE && s != RTS_STATIC_DEVICE)
|
ip_scope_text(c & IADDR_SCOPE_MASK),
|
||||||
{
|
n->n.prefix, n->n.pxlen, e->attrs->from, e->attrs->proto->name);
|
||||||
log(L_WARN "Ignoring host scope route %I/%d received from %I via %s",
|
return 0;
|
||||||
n->n.prefix, n->n.pxlen, e->attrs->from, e->attrs->proto->name);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return 1;
|
return 1;
|
||||||
|
|
|
@ -753,6 +753,7 @@ krt_init(struct proto_config *c)
|
||||||
struct krt_proto *p = proto_new(c, sizeof(struct krt_proto));
|
struct krt_proto *p = proto_new(c, sizeof(struct krt_proto));
|
||||||
|
|
||||||
p->p.rt_notify = krt_notify;
|
p->p.rt_notify = krt_notify;
|
||||||
|
p->p.min_scope = SCOPE_HOST;
|
||||||
return &p->p;
|
return &p->p;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue