netifd: Add rpfilter config support

Reverse path filtering config support; possible values are: 0: no source validation 1|strict: strict mode as packet will be dropped if the incoming interface is not the best reverse path 2|loose: loose mode as packet will be dropped if the source address is not reachable via any interface Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
author: Hans Dedecker <dedeckeh@gmail.com> 2014-11-13 15:57:58 +0000
committer: Steven Barth <steven@midlink.org> 2014-11-19 09:30:28 +0100
commit: f6f065d3997ccc8d42805529e4aad59b789579ad (patch)
tree: 2bbd1f2d4c4c594888c69f956a90f16d31d37413 /device.c
parent: b3a698e7b6c099203dcb4227a21813948b176e3b (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/device.c b/device.c
index 5d1dcac..d261e25 100644
--- a/device.c
+++ b/device.c
@@ -39,6 +39,7 @@ static const struct blobmsg_policy dev_attrs[__DEV_ATTR_MAX] = {
 	[DEV_ATTR_ENABLED] = { .name = "enabled", .type = BLOBMSG_TYPE_BOOL },
 	[DEV_ATTR_IPV6] = { .name = "ipv6", .type = BLOBMSG_TYPE_BOOL },
 	[DEV_ATTR_PROMISC] = { .name = "promisc", .type = BLOBMSG_TYPE_BOOL },
+	[DEV_ATTR_RPFILTER] = { .name = "rpfilter", .type = BLOBMSG_TYPE_STRING },
 };
 
 const struct uci_blob_param_list device_attr_list = {
@@ -154,6 +155,7 @@ device_merge_settings(struct device *dev, struct device_settings *n)
 		sizeof(n->macaddr));
 	n->ipv6 = s->flags & DEV_OPT_IPV6 ? s->ipv6 : os->ipv6;
 	n->promisc = s->flags & DEV_OPT_PROMISC ? s->promisc : os->promisc;
+	n->rpfilter = s->flags & DEV_OPT_RPFILTER ? s->rpfilter : os->rpfilter;
 	n->flags = s->flags | os->flags;
 }
 
@@ -197,6 +199,13 @@ device_init_settings(struct device *dev, struct blob_attr **tb)
 		s->flags |= DEV_OPT_PROMISC;
 	}
 
+	if ((cur = tb[DEV_ATTR_RPFILTER])) {
+		if (system_resolve_rpfilter(blobmsg_data(cur), &s->rpfilter))
+			s->flags |= DEV_OPT_RPFILTER;
+		else
+			DPRINTF("Failed to resolve rpfilter: %s\n", (char *) blobmsg_data(cur));
+	}
+
 	device_set_disabled(dev, disabled);
 }
 
@@ -734,6 +743,8 @@ device_dump_status(struct blob_buf *b, struct device *dev)
 			blobmsg_add_u8(b, "ipv6", st.ipv6);
 		if (st.flags & DEV_OPT_PROMISC)
 			blobmsg_add_u8(b, "promisc", st.promisc);
+		if (st.flags & DEV_OPT_RPFILTER)
+			blobmsg_add_u32(b, "rpfilter", st.rpfilter);
 	}
 
 	s = blobmsg_open_table(b, "statistics");
author	Hans Dedecker <dedeckeh@gmail.com>	2014-11-13 15:57:58 +0000
committer	Steven Barth <steven@midlink.org>	2014-11-19 09:30:28 +0100
commit	f6f065d3997ccc8d42805529e4aad59b789579ad (patch)
tree	2bbd1f2d4c4c594888c69f956a90f16d31d37413 /device.c
parent	b3a698e7b6c099203dcb4227a21813948b176e3b (diff)