diff options
| author | Ondrej Zajicek (work) <santiago@crfreenet.org> | 2016-08-30 12:43:46 +0200 |
|---|---|---|
| committer | Ondrej Zajicek (work) <santiago@crfreenet.org> | 2016-08-30 12:43:46 +0200 |
| commit | f9f2e280ea4fa1af19d8ce9e54abeb495694c0d5 (patch) | |
| tree | 414ba7e802a16c5d33519f6e1f54891880771413 /sysdep | |
| parent | 768d013267bd2a52bab70ba6d413f49365fb31e3 (diff) | |
KRT: Forbid path merging on BSD
We support ECMP routes only on Linux. Exported routes are checked in
krt_capable(), but a route generated during path merging avoids this
check.
Diffstat (limited to 'sysdep')
| -rw-r--r-- | sysdep/linux/krt-sys.h | 2 | ||||
| -rw-r--r-- | sysdep/unix/krt.Y | 18 |
2 files changed, 17 insertions, 3 deletions
diff --git a/sysdep/linux/krt-sys.h b/sysdep/linux/krt-sys.h index 7fd5f139..076870f5 100644 --- a/sysdep/linux/krt-sys.h +++ b/sysdep/linux/krt-sys.h @@ -32,6 +32,8 @@ static inline struct ifa * kif_get_primary_ip(struct iface *i) { return NULL; } /* Kernel routes */ +#define KRT_ALLOW_MERGE_PATHS 1 + #define EA_KRT_PREFSRC EA_CODE(EAP_KRT, 0x10) #define EA_KRT_REALM EA_CODE(EAP_KRT, 0x11) diff --git a/sysdep/unix/krt.Y b/sysdep/unix/krt.Y index e036081d..2ef6e3c4 100644 --- a/sysdep/unix/krt.Y +++ b/sysdep/unix/krt.Y @@ -19,6 +19,8 @@ CF_DECLS CF_KEYWORDS(KERNEL, PERSIST, SCAN, TIME, LEARN, DEVICE, ROUTES, GRACEFUL, RESTART, KRT_SOURCE, KRT_METRIC, MERGE, PATHS) +%type <i> kern_mp_limit + CF_GRAMMAR /* Kernel syncer protocol */ @@ -32,6 +34,11 @@ CF_ADDTO(kern_proto, kern_proto_start proto_name '{') CF_ADDTO(kern_proto, kern_proto proto_item ';') CF_ADDTO(kern_proto, kern_proto kern_item ';') +kern_mp_limit: + /* empty */ { $$ = KRT_DEFAULT_ECMP_LIMIT; } + | LIMIT expr { $$ = $2; if (($2 <= 0) || ($2 > 255)) cf_error("Merge paths limit must be in range 1-255"); } + ; + kern_item: PERSIST bool { THIS_KRT->persist = $2; } | SCAN TIME expr { @@ -42,13 +49,18 @@ kern_item: THIS_KRT->learn = $2; #ifndef KRT_ALLOW_LEARN if ($2) - cf_error("Learning of kernel routes not supported in this configuration"); + cf_error("Learning of kernel routes not supported on this platform"); #endif } | DEVICE ROUTES bool { THIS_KRT->devroutes = $3; } | GRACEFUL RESTART bool { THIS_KRT->graceful_restart = $3; } - | MERGE PATHS bool { THIS_KRT->merge_paths = $3 ? KRT_DEFAULT_ECMP_LIMIT : 0; } - | MERGE PATHS bool LIMIT expr { THIS_KRT->merge_paths = $3 ? $5 : 0; if (($5 <= 0) || ($5 > 255)) cf_error("Merge paths limit must be in range 1-255"); } + | MERGE PATHS bool kern_mp_limit { + THIS_KRT->merge_paths = $3 ? $4 : 0; +#ifndef KRT_ALLOW_LEARN + if ($3) + cf_error("Path merging not supported on this platform"); +#endif + } ; /* Kernel interface protocol */ |