diff options
author | Ondrej Zajicek <santiago@crfreenet.org> | 2010-04-04 15:41:31 +0200 |
---|---|---|
committer | Ondrej Zajicek <santiago@crfreenet.org> | 2010-04-04 15:41:31 +0200 |
commit | c429d4a4ba2cc8778634461e8adea33e0f0ae022 (patch) | |
tree | 5cc8102345bf3ce872da92aca84fa63cf67c4e20 /nest | |
parent | d2d2b5d2ae43f608d03304d280367b658650138b (diff) |
Restrict export of device routes to the kernel protocol.
In usual configuration, such export is already restricted
with the aid of the direct protocol but there are some
races that can circumvent it. This makes it harder to
break kernel device routes. Also adds an option to
disable this restriction.
Diffstat (limited to 'nest')
-rw-r--r-- | nest/rt-table.c | 7 |
1 files changed, 0 insertions, 7 deletions
diff --git a/nest/rt-table.c b/nest/rt-table.c index 802ea5fd..87365742 100644 --- a/nest/rt-table.c +++ b/nest/rt-table.c @@ -167,8 +167,6 @@ do_rte_announce(struct announce_hook *a, int type UNUSED, net *net, rte *new, rt rte *old0 = old; int ok; - int fast_exit_hack = 0; - #ifdef CONFIG_PIPE /* The secondary direction of the pipe */ if (proto_is_pipe(p) && (p->table != a->table)) @@ -207,11 +205,6 @@ do_rte_announce(struct announce_hook *a, int type UNUSED, net *net, rte *new, rt else stats->exp_withdraws_received++; - /* Hack: This is here to prevent 'spurious withdraws' - for loopback addresses during reload. */ - if (fast_exit_hack) - return; - /* * This is a tricky part - we don't know whether route 'old' was * exported to protocol 'p' or was filtered by the export filter. |