From e29e7a328bed6de67147632e166763cbebc8c77b Mon Sep 17 00:00:00 2001 From: mpi Date: Tue, 29 Jul 2014 12:18:41 +0000 Subject: [PATCH] Revert the checks about RTF_LOCAL routes. Even if in the end we would like to be more strict about what userland can do with kernel-managed route entries, most of the tools out there are not yet ready for this. Since RTF_LOCAL routes are for the moment just like RTF_LLINFO routes without expire timer, allow userland tools to remove/modify them. In case they are missing, the good old cloning mechanism will recreate what you need. bluhm@ and deraadt@ agree. --- sys/net/route.c | 10 +--------- sys/net/route.h | 4 ++-- sys/net/rtsock.c | 11 ++--------- 3 files changed, 5 insertions(+), 20 deletions(-) diff --git a/sys/net/route.c b/sys/net/route.c index 1f8f7635b89..a8b6dd36433 100644 --- a/sys/net/route.c +++ b/sys/net/route.c @@ -1,4 +1,4 @@ -/* $OpenBSD: route.c,v 1.174 2014/07/12 18:44:22 tedu Exp $ */ +/* $OpenBSD: route.c,v 1.175 2014/07/29 12:18:41 mpi Exp $ */ /* $NetBSD: route.c,v 1.14 1996/02/13 22:00:46 christos Exp $ */ /* @@ -787,14 +787,6 @@ rtrequest1(int req, struct rt_addrinfo *info, u_int8_t prio, } #endif - /* - * Since RTP_LOCAL cannot be set by userland, make - * sure that local routes are only modified by the - * kernel. - */ - if (rt->rt_flags & RTF_LOCAL && prio != RTP_LOCAL) - senderr(EINVAL); - if ((rn = rnh->rnh_deladdr(info->rti_info[RTAX_DST], info->rti_info[RTAX_NETMASK], rnh, rn)) == NULL) senderr(ESRCH); diff --git a/sys/net/route.h b/sys/net/route.h index 1523a56da1d..94299336e5f 100644 --- a/sys/net/route.h +++ b/sys/net/route.h @@ -1,4 +1,4 @@ -/* $OpenBSD: route.h,v 1.94 2014/05/09 09:23:56 mpi Exp $ */ +/* $OpenBSD: route.h,v 1.95 2014/07/29 12:18:41 mpi Exp $ */ /* $NetBSD: route.h,v 1.9 1996/02/13 22:00:49 christos Exp $ */ /* @@ -142,7 +142,7 @@ struct rtentry { /* mask of RTF flags that are allowed to be modified by RTM_CHANGE */ #define RTF_FMASK \ (RTF_PROTO1 | RTF_PROTO2 | RTF_PROTO3 | RTF_BLACKHOLE | \ - RTF_REJECT | RTF_STATIC | RTF_MPLS) + RTF_REJECT | RTF_STATIC | RTF_MPLS | RTF_LOCAL | RTF_BROADCAST) /* Routing priorities used by the different routing protocols */ #define RTP_NONE 0 /* unset priority use sane default */ diff --git a/sys/net/rtsock.c b/sys/net/rtsock.c index 834238dbcba..6ac074a7421 100644 --- a/sys/net/rtsock.c +++ b/sys/net/rtsock.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rtsock.c,v 1.149 2014/07/12 18:44:22 tedu Exp $ */ +/* $OpenBSD: rtsock.c,v 1.150 2014/07/29 12:18:41 mpi Exp $ */ /* $NetBSD: rtsock.c,v 1.18 1996/03/29 00:32:10 cgd Exp $ */ /* @@ -533,20 +533,13 @@ route_output(struct mbuf *m, ...) } - /* Do not let userland play with kernel-only flags. */ - if ((rtm->rtm_flags & (RTF_LOCAL|RTF_BROADCAST)) != 0) { - error = EINVAL; - goto fail; - } - /* make sure that kernel-only bits are not set */ rtm->rtm_priority &= RTP_MASK; rtm->rtm_flags &= ~(RTF_DONE|RTF_CLONED); rtm->rtm_fmask &= RTF_FMASK; if (rtm->rtm_priority != 0) { - if (rtm->rtm_priority > RTP_MAX || - rtm->rtm_priority == RTP_LOCAL) { + if (rtm->rtm_priority > RTP_MAX) { error = EINVAL; goto fail; } -- 2.20.1