Commit f9f2e280 authored by Ondřej Zajíček's avatar Ondřej Zajíček

KRT: Forbid path merging on BSD

We support ECMP routes only on Linux. Exported routes are checked in
krt_capable(), but a route generated during path merging avoids this
check.
parent 768d0132
...@@ -32,6 +32,8 @@ static inline struct ifa * kif_get_primary_ip(struct iface *i) { return NULL; } ...@@ -32,6 +32,8 @@ static inline struct ifa * kif_get_primary_ip(struct iface *i) { return NULL; }
/* Kernel routes */ /* Kernel routes */
#define KRT_ALLOW_MERGE_PATHS 1
#define EA_KRT_PREFSRC EA_CODE(EAP_KRT, 0x10) #define EA_KRT_PREFSRC EA_CODE(EAP_KRT, 0x10)
#define EA_KRT_REALM EA_CODE(EAP_KRT, 0x11) #define EA_KRT_REALM EA_CODE(EAP_KRT, 0x11)
......
...@@ -19,6 +19,8 @@ CF_DECLS ...@@ -19,6 +19,8 @@ CF_DECLS
CF_KEYWORDS(KERNEL, PERSIST, SCAN, TIME, LEARN, DEVICE, ROUTES, GRACEFUL, RESTART, KRT_SOURCE, KRT_METRIC, MERGE, PATHS) CF_KEYWORDS(KERNEL, PERSIST, SCAN, TIME, LEARN, DEVICE, ROUTES, GRACEFUL, RESTART, KRT_SOURCE, KRT_METRIC, MERGE, PATHS)
%type <i> kern_mp_limit
CF_GRAMMAR CF_GRAMMAR
/* Kernel syncer protocol */ /* Kernel syncer protocol */
...@@ -32,6 +34,11 @@ CF_ADDTO(kern_proto, kern_proto_start proto_name '{') ...@@ -32,6 +34,11 @@ CF_ADDTO(kern_proto, kern_proto_start proto_name '{')
CF_ADDTO(kern_proto, kern_proto proto_item ';') CF_ADDTO(kern_proto, kern_proto proto_item ';')
CF_ADDTO(kern_proto, kern_proto kern_item ';') CF_ADDTO(kern_proto, kern_proto kern_item ';')
kern_mp_limit:
/* empty */ { $$ = KRT_DEFAULT_ECMP_LIMIT; }
| LIMIT expr { $$ = $2; if (($2 <= 0) || ($2 > 255)) cf_error("Merge paths limit must be in range 1-255"); }
;
kern_item: kern_item:
PERSIST bool { THIS_KRT->persist = $2; } PERSIST bool { THIS_KRT->persist = $2; }
| SCAN TIME expr { | SCAN TIME expr {
...@@ -42,13 +49,18 @@ kern_item: ...@@ -42,13 +49,18 @@ kern_item:
THIS_KRT->learn = $2; THIS_KRT->learn = $2;
#ifndef KRT_ALLOW_LEARN #ifndef KRT_ALLOW_LEARN
if ($2) if ($2)
cf_error("Learning of kernel routes not supported in this configuration"); cf_error("Learning of kernel routes not supported on this platform");
#endif #endif
} }
| DEVICE ROUTES bool { THIS_KRT->devroutes = $3; } | DEVICE ROUTES bool { THIS_KRT->devroutes = $3; }
| GRACEFUL RESTART bool { THIS_KRT->graceful_restart = $3; } | GRACEFUL RESTART bool { THIS_KRT->graceful_restart = $3; }
| MERGE PATHS bool { THIS_KRT->merge_paths = $3 ? KRT_DEFAULT_ECMP_LIMIT : 0; } | MERGE PATHS bool kern_mp_limit {
| MERGE PATHS bool LIMIT expr { THIS_KRT->merge_paths = $3 ? $5 : 0; if (($5 <= 0) || ($5 > 255)) cf_error("Merge paths limit must be in range 1-255"); } THIS_KRT->merge_paths = $3 ? $4 : 0;
#ifndef KRT_ALLOW_LEARN
if ($3)
cf_error("Path merging not supported on this platform");
#endif
}
; ;
/* Kernel interface protocol */ /* Kernel interface protocol */
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment