On Mon, 2009-01-05 at 16:23 -0800, Stephen Hemminger wrote: > On Tue, 6 Jan 2009 00:53:09 +0100 > Christian Hammers <c...@debian.org> wrote: > > > [resent to quagga-dev as there was a space in the e-mail address and > > the mail did not show up in the mailing list archives -ch] > > > > On Sun, 04 Jan 2009, Ben Hutchings <b...@decadent.org.uk> wrote: > > > > Stephen, > > > > Debian 5.0 "lenny" will release with quagga 0.99.10. However we have > > a bug report that: > > > > "I try to add routes with "/sbin/ip" e.g. > > /sbin/ip ro add 62.116.121.19 dev br8 > > > > strace suggests the resulting netlink message never reaches zebra." > > > > and the proposed fix to the netlink filter: > > > > --- zebra/rt_netlink.c 2008-08-15 15:42:56.000000000 +0200 > > +++ zebra/rt_netlink.c 2008-08-15 15:43:19.000000000 +0200 > > @@ -1971,7 +1971,7 @@ > > /* 7*/ BPF_STMT(BPF_LD|BPF_ABS|BPF_B, > > sizeof(struct nlmsghdr) + offsetof(struct rtmsg, > > rtm_protocol)), > > /* 8*/ BPF_JUMP(BPF_JMP+ BPF_B, RTPROT_REDIRECT, 4, 0), > > - /* 9*/ BPF_JUMP(BPF_JMP+ BPF_B, RTPROT_KERNEL, 0, 1), > > + /* 9*/ BPF_JUMP(BPF_JMP+ BPF_B, RTPROT_KERNEL, 3, 0), > > /*10*/ BPF_JUMP(BPF_JMP+ BPF_B, RTPROT_ZEBRA, 0, 3), > > /*11*/ BPF_STMT(BPF_LD|BPF_ABS|BPF_H, offsetof(struct nlmsghdr, > > nlmsg_type)), > > /*12*/ BPF_JUMP(BPF_JMP|BPF_JEQ|BPF_K, htons(RTM_NEWROUTE), 0, 1), > > --- END --- > > > > This looks correct to me. Please can you confirm? > > > > Ben. > > > > I changed it around later versions and used a different (better method) that > handles all protocols > and filter based on nlmsg_pid. I haven't been getting lots of uptake on > quagga patches > so only post them about once a Vyatta release.
Yes, I saw the filter is quite different in 0.99.11. But we want to
make a minimal change to 0.99.10, which has:
/*
* Filter is equivalent to netlink_route_change
*
* if (h->nlmsg_type == RTM_DELROUTE || h->nlmsg_type == RTM_NEWROUTE) {
* if (rtm->rtm_type != RTM_UNICAST)
* return 0;
* if (rtm->rtm_flags & RTM_F_CLONED)
* return 0;
* if (rtm->rtm_protocol == RTPROT_REDIRECT)
* return 0;
* if (rtm->rtm_protocol == RTPROT_KERNEL)
* return 0;
* if (rtm->rtm_protocol == RTPROT_ZEBRA && h->nlmsg_type == RTM_NEWROUTE)
* return 0;
* }
* return 0xffff;
*/
struct sock_filter filter[] = {
/* 0*/ BPF_STMT(BPF_LD|BPF_ABS|BPF_H, offsetof(struct nlmsghdr,
nlmsg_type)),
/* 1*/ BPF_JUMP(BPF_JMP|BPF_JEQ|BPF_K, htons(RTM_DELROUTE), 1, 0),
/* 2*/ BPF_JUMP(BPF_JMP|BPF_JEQ|BPF_K, htons(RTM_NEWROUTE), 0, 11),
/* 3*/ BPF_STMT(BPF_LD|BPF_ABS|BPF_B,
sizeof(struct nlmsghdr) + offsetof(struct rtmsg, rtm_type)),
/* 4*/ BPF_JUMP(BPF_JMP|BPF_B, RTN_UNICAST, 0, 8),
/* 5*/ BPF_STMT(BPF_LD|BPF_ABS|BPF_B,
sizeof(struct nlmsghdr) + offsetof(struct rtmsg,
rtm_flags)),
/* 6*/ BPF_JUMP(BPF_JMP|BPF_JSET|BPF_K, RTM_F_CLONED, 6, 0),
/* 7*/ BPF_STMT(BPF_LD|BPF_ABS|BPF_B,
sizeof(struct nlmsghdr) + offsetof(struct rtmsg,
rtm_protocol)),
/* 8*/ BPF_JUMP(BPF_JMP+ BPF_B, RTPROT_REDIRECT, 4, 0),
/* 9*/ BPF_JUMP(BPF_JMP+ BPF_B, RTPROT_KERNEL, 0, 1),
/*10*/ BPF_JUMP(BPF_JMP+ BPF_B, RTPROT_ZEBRA, 0, 3),
/*11*/ BPF_STMT(BPF_LD|BPF_ABS|BPF_H, offsetof(struct nlmsghdr,
nlmsg_type)),
/*12*/ BPF_JUMP(BPF_JMP|BPF_JEQ|BPF_K, htons(RTM_NEWROUTE), 0, 1),
/*13*/ BPF_STMT(BPF_RET|BPF_K, 0), /* drop */
/*14*/ BPF_STMT(BPF_RET|BPF_K, 0xffff), /* keep */
};
The offsets for instruction 9 need to be 3, 0 to match the code in the
comment, don't they?
Ben.
--
Ben Hutchings
I say we take off; nuke the site from orbit. It's the only way to be sure.
signature.asc
Description: This is a digitally signed message part
