Revert the checks about RTF_LOCAL routes.

Even if in the end we would like to be more strict about what userland
can do with kernel-managed route entries, most of the tools out there
are not yet ready for this.  Since RTF_LOCAL routes are for the moment
just like RTF_LLINFO routes without expire timer, allow userland tools
to remove/modify them.  In case they are missing, the good old cloning
mechanism will recreate what you need.

bluhm@ and deraadt@ agree.

diff --git a/sys/net/route.c b/sys/net/route.c
index 1f8f763..a8b6dd3 100644 (file)
--- a/sys/net/route.c
+++ b/sys/net/route.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: route.c,v 1.174 2014/07/12 18:44:22 tedu Exp $        */
+/*     $OpenBSD: route.c,v 1.175 2014/07/29 12:18:41 mpi Exp $ */
 /*     $NetBSD: route.c,v 1.14 1996/02/13 22:00:46 christos Exp $      */
 
 /*
@@ -787,14 +787,6 @@ rtrequest1(int req, struct rt_addrinfo *info, u_int8_t prio,
                }
 #endif
 
-               /*
-                * Since RTP_LOCAL cannot be set by userland, make
-                * sure that local routes are only modified by the
-                * kernel.
-                */
-               if (rt->rt_flags & RTF_LOCAL && prio != RTP_LOCAL)
-                       senderr(EINVAL);
-
                if ((rn = rnh->rnh_deladdr(info->rti_info[RTAX_DST],
                    info->rti_info[RTAX_NETMASK], rnh, rn)) == NULL)
                        senderr(ESRCH);

diff --git a/sys/net/route.h b/sys/net/route.h
index 1523a56..9429933 100644 (file)
--- a/sys/net/route.h
+++ b/sys/net/route.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: route.h,v 1.94 2014/05/09 09:23:56 mpi Exp $  */
+/*     $OpenBSD: route.h,v 1.95 2014/07/29 12:18:41 mpi Exp $  */
 /*     $NetBSD: route.h,v 1.9 1996/02/13 22:00:49 christos Exp $       */
 
 /*
@@ -142,7 +142,7 @@ struct rtentry {
 /* mask of RTF flags that are allowed to be modified by RTM_CHANGE */
 #define RTF_FMASK      \
     (RTF_PROTO1 | RTF_PROTO2 | RTF_PROTO3 | RTF_BLACKHOLE | \
-     RTF_REJECT | RTF_STATIC | RTF_MPLS)
+     RTF_REJECT | RTF_STATIC | RTF_MPLS | RTF_LOCAL | RTF_BROADCAST)
 
 /* Routing priorities used by the different routing protocols */
 #define RTP_NONE       0       /* unset priority use sane default */

diff --git a/sys/net/rtsock.c b/sys/net/rtsock.c
index 834238d..6ac074a 100644 (file)
--- a/sys/net/rtsock.c
+++ b/sys/net/rtsock.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: rtsock.c,v 1.149 2014/07/12 18:44:22 tedu Exp $       */
+/*     $OpenBSD: rtsock.c,v 1.150 2014/07/29 12:18:41 mpi Exp $        */
 /*     $NetBSD: rtsock.c,v 1.18 1996/03/29 00:32:10 cgd Exp $  */
 
 /*
@@ -533,20 +533,13 @@ route_output(struct mbuf *m, ...)
        }
 
 
-       /* Do not let userland play with kernel-only flags. */
-       if ((rtm->rtm_flags & (RTF_LOCAL|RTF_BROADCAST)) != 0) {
-               error = EINVAL;
-               goto fail;
-       }
-
        /* make sure that kernel-only bits are not set */
        rtm->rtm_priority &= RTP_MASK;
        rtm->rtm_flags &= ~(RTF_DONE|RTF_CLONED);
        rtm->rtm_fmask &= RTF_FMASK;
 
        if (rtm->rtm_priority != 0) {
-               if (rtm->rtm_priority > RTP_MAX ||
-                   rtm->rtm_priority == RTP_LOCAL) {
+               if (rtm->rtm_priority > RTP_MAX) {
                        error = EINVAL;
                        goto fail;
                }