From 3f35816136f1b57067d5ce426b031e4e3583085c Mon Sep 17 00:00:00 2001
From: Jan Moskyto Matejka <mq@ucw.cz>
Date: Thu, 21 Jan 2016 10:59:52 +0100
Subject: [PATCH] BSD: Explicitly dropping routes with mismatched AF's.

---
 nest/rt-fib.c         |  4 ++++
 sysdep/bsd/krt-sock.c | 28 ++++++++++++++++++++--------
 2 files changed, 24 insertions(+), 8 deletions(-)

diff --git a/nest/rt-fib.c b/nest/rt-fib.c
index 55387c5e..8021ea24 100644
--- a/nest/rt-fib.c
+++ b/nest/rt-fib.c
@@ -183,6 +183,8 @@ fib_rehash(struct fib *f, int step)
 static u32
 fib_hash(struct fib *f, const net_addr *a)
 {
+  ASSERT(f->addr_type == a->type);
+
   switch (f->addr_type)
   {
   case NET_IP4: return FIB_HASH(f, a, ip4);
@@ -232,6 +234,8 @@ fib_find(struct fib *f, const net_addr *a)
 static void
 fib_insert(struct fib *f, const net_addr *a, struct fib_node *e)
 {
+  ASSERT(f->addr_type == a->type);
+
   switch (f->addr_type)
   {
   case NET_IP4: FIB_INSERT(f, a, e, ip4); return;
diff --git a/sysdep/bsd/krt-sock.c b/sysdep/bsd/krt-sock.c
index 2a64e4e7..93c15e8e 100644
--- a/sysdep/bsd/krt-sock.c
+++ b/sysdep/bsd/krt-sock.c
@@ -344,6 +344,7 @@ krt_read_route(struct ks_msg *msg, struct krt_proto *p, int scan)
 {
   /* p is NULL iff KRT_SHARED_SOCKET and !scan */
 
+  int ipv6;
   rte *e;
   net *net;
   sockaddr dst, gate, mask;
@@ -372,15 +373,19 @@ krt_read_route(struct ks_msg *msg, struct krt_proto *p, int scan)
 
   switch (dst.sa.sa_family) {
     case AF_INET:
+      ipv6 = 0;
+      break;
     case AF_INET6:
-      /* We do not test family for RTA_NETMASK, because BSD sends us
-	 some strange values, but interpreting them as IPv4/IPv6 works */
-      mask.sa.sa_family = dst.sa.sa_family;
+      ipv6 = 1;
       break;
     default:
       SKIP("invalid DST");
   }
 
+  /* We do not test family for RTA_NETMASK, because BSD sends us
+     some strange values, but interpreting them as IPv4/IPv6 works */
+  mask.sa.sa_family = dst.sa.sa_family;
+
   idst  = ipa_from_sa(&dst);
   imask = ipa_from_sa(&mask);
   igate = (gate.sa.sa_family == dst.sa.sa_family) ? ipa_from_sa(&gate) : IPA_NONE;
@@ -389,27 +394,34 @@ krt_read_route(struct ks_msg *msg, struct krt_proto *p, int scan)
   if (!scan)
   {
     int table_id = msg->rtm.rtm_tableid;
-    p = (table_id < KRT_MAX_TABLES) ? krt_table_map[table_id][!ipa_is_ip4(idst)] : NULL;
+    p = (table_id < KRT_MAX_TABLES) ? krt_table_map[table_id][ipv6] : NULL;
 
     if (!p)
       SKIP("unknown table id %d\n", table_id);
   }
 #endif
+  if ((!ipv6) && (p->p.table->addr_type != NET_IP4))
+    SKIP("reading only IPv4 routes");
+  if (  ipv6  && (p->p.table->addr_type != NET_IP6))
+    SKIP("reading only IPv6 routes");
 
   int c = ipa_classify_net(idst);
   if ((c < 0) || !(c & IADDR_HOST) || ((c & IADDR_SCOPE_MASK) <= SCOPE_LINK))
     SKIP("strange class/scope\n");
 
   int pxlen;
-  if (ipa_is_ip4(imask))
-    pxlen = (flags & RTF_HOST) ? IP4_MAX_PREFIX_LENGTH : ip4_masklen(ipa_to_ip4(imask));
-  else
+  if (ipv6)
     pxlen = (flags & RTF_HOST) ? IP6_MAX_PREFIX_LENGTH : ip6_masklen(&ipa_to_ip6(imask));
+  else
+    pxlen = (flags & RTF_HOST) ? IP4_MAX_PREFIX_LENGTH : ip4_masklen(ipa_to_ip4(imask));
 
   if (pxlen < 0)
     { log(L_ERR "%s (%I) - netmask %I", errmsg, idst, imask); return; }
 
-  net_fill_ipa(&ndst, idst, pxlen);
+  if (ipv6)
+    net_fill_ip6(&ndst, ipa_to_ip6(idst), pxlen);
+  else
+    net_fill_ip4(&ndst, ipa_to_ip4(idst), pxlen);
 
   if ((flags & RTF_GATEWAY) && ipa_zero(igate))
     { log(L_ERR "%s (%N) - missing gateway", errmsg, ndst); return; }