On Wed, Jan 22, 2014 at 06:29:57AM +0800, Kieran Devlin wrote:
> hope this time i get the part ?poke claudio@? right
>
>
> a. fix a bug.
> b. get rid of some junk in ?mask_rnhead?.
> c. forbid unprivileged user to insert ?genmask' into ?mask_rnhead'
>
> bug is in this line
> memcmp((caddr_t *)info.rti_info[RTAX_GENMASK] + 1, (caddr_t *)t->rn_key
> + 1, ((struct sockaddr *)t->rn_key)->sa_len)
> to make this right, at least, it should look like this
> memcmp((caddr_t *)info.rti_info[RTAX_GENMASK] + 1, (caddr_t *)t->rn_key
> + 1, ((struct sockaddr *)t->rn_key)->sa_len - 1)
> after doing this, the whole checking seems completely unnecessary, is
> expected result from ?rn_addmask?.
>
While your diff is probably right I prefer to just nuke genmask support.
So I propose the following two diffs (kernel, userland) to get rid of it.
I was thinking about genmask a bit and I see no reason to keep it around.
What do people think?
--
:wq Claudio
#### userland bits ####
Just remove all genmask / GENMASK references from userland code.
route(8) will no longer allow -genmask but route monitor will still
show GENMASK if something sets it.
route6d no longer needs to look for GENMASK sockaddrs since the kernel
will not allow them.
Index: sbin/route/keywords.h
===================================================================
RCS file: /cvs/src/sbin/route/keywords.h,v
retrieving revision 1.27
diff -u -p -r1.27 keywords.h
--- sbin/route/keywords.h 4 Sep 2010 08:06:09 -0000 1.27
+++ sbin/route/keywords.h 22 Jan 2014 03:05:51 -0000
@@ -1,4 +1,4 @@
-/* $OpenBSD: keywords.h,v 1.27 2010/09/04 08:06:09 blambert Exp $ */
+/* $OpenBSD$ */
/* WARNING! This file was generated by keywords.sh */
@@ -20,7 +20,6 @@ enum {
K_EXPIRE,
K_FLUSH,
K_GATEWAY,
- K_GENMASK,
K_GET,
K_HOPCOUNT,
K_HOST,
@@ -78,7 +77,6 @@ struct keytab keywords[] = {
{ "expire", K_EXPIRE },
{ "flush", K_FLUSH },
{ "gateway", K_GATEWAY },
- { "genmask", K_GENMASK },
{ "get", K_GET },
{ "hopcount", K_HOPCOUNT },
{ "host", K_HOST },
Index: sbin/route/keywords.sh
===================================================================
RCS file: /cvs/src/sbin/route/keywords.sh,v
retrieving revision 1.25
diff -u -p -r1.25 keywords.sh
--- sbin/route/keywords.sh 4 Sep 2010 08:06:09 -0000 1.25
+++ sbin/route/keywords.sh 22 Jan 2014 03:05:40 -0000
@@ -21,7 +21,6 @@ exec
expire
flush
gateway
-genmask
get
host
hopcount
Index: sbin/route/route.8
===================================================================
RCS file: /cvs/src/sbin/route/route.8,v
retrieving revision 1.71
diff -u -p -r1.71 route.8
--- sbin/route/route.8 27 May 2013 14:07:25 -0000 1.71
+++ sbin/route/route.8 22 Jan 2014 03:06:23 -0000
@@ -441,15 +441,6 @@ or
modifiers may be used to determine the interface name or interface address.
.Pp
The optional
-.Fl genmask
-modifier specifies that a cloning mask is present.
-This specifies the mask applied when determining if a child route should
-be created.
-It is only applicable to network routes with the
-.Dv RTF_CLONING
-flag set.
-.Pp
-The optional
.Fl label
modifier specifies on route addition or modification that the route
should have the given
Index: sbin/route/route.c
===================================================================
RCS file: /cvs/src/sbin/route/route.c,v
retrieving revision 1.165
diff -u -p -r1.165 route.c
--- sbin/route/route.c 28 Oct 2013 15:05:35 -0000 1.165
+++ sbin/route/route.c 22 Jan 2014 03:07:15 -0000
@@ -62,7 +62,7 @@
const struct if_status_description
if_status_descriptions[] = LINK_STATE_DESCRIPTIONS;
-union sockunion so_dst, so_gate, so_mask, so_genmask, so_ifa, so_ifp,
so_label, so_src;
+union sockunion so_dst, so_gate, so_mask, so_ifa, so_ifp, so_label, so_src;
typedef union sockunion *sup;
pid_t pid;
@@ -532,11 +532,6 @@ newroute(int argc, char **argv)
usage(1+*argv);
getaddr(RTA_IFP, *++argv, NULL);
break;
- case K_GENMASK:
- if (!--argc)
- usage(1+*argv);
- getaddr(RTA_GENMASK, *++argv, NULL);
- break;
case K_GATEWAY:
if (!--argc)
usage(1+*argv);
@@ -828,9 +823,6 @@ getaddr(int which, char *s, struct hoste
case RTA_NETMASK:
su = &so_mask;
break;
- case RTA_GENMASK:
- su = &so_genmask;
- break;
case RTA_IFP:
su = &so_ifp;
afamily = AF_LINK;
@@ -852,7 +844,6 @@ getaddr(int which, char *s, struct hoste
getaddr(RTA_NETMASK, s, NULL);
break;
case RTA_NETMASK:
- case RTA_GENMASK:
su->sa.sa_len = 0;
}
return (0);
@@ -1172,7 +1163,6 @@ rtmsg(int cmd, int flags, int fmask, u_c
NEXTADDR(RTA_DST, so_dst);
NEXTADDR(RTA_GATEWAY, so_gate);
NEXTADDR(RTA_NETMASK, so_mask);
- NEXTADDR(RTA_GENMASK, so_genmask);
NEXTADDR(RTA_IFP, so_ifp);
NEXTADDR(RTA_IFA, so_ifa);
NEXTADDR(RTA_LABEL, so_label);
@@ -1532,7 +1522,6 @@ pmsg_addrs(char *cp, int addrs)
if (family != AF_UNSPEC)
switch (i) {
case RTA_NETMASK:
- case RTA_GENMASK:
sa->sa_family = family;
}
printf(" %s", routename(sa));
Index: share/man/man4/route.4
===================================================================
RCS file: /cvs/src/share/man/man4/route.4,v
retrieving revision 1.35
diff -u -p -r1.35 route.4
--- share/man/man4/route.4 17 Nov 2013 00:40:50 -0000 1.35
+++ share/man/man4/route.4 22 Jan 2014 03:08:19 -0000
@@ -397,7 +397,6 @@ Specifiers for which addresses are prese
#define RTA_DST 0x1 /* destination sockaddr present */
#define RTA_GATEWAY 0x2 /* gateway sockaddr present */
#define RTA_NETMASK 0x4 /* netmask sockaddr present */
-#define RTA_GENMASK 0x8 /* cloning mask sockaddr present */
#define RTA_IFP 0x10 /* interface name sockaddr present */
#define RTA_IFA 0x20 /* interface addr sockaddr present */
#define RTA_AUTHOR 0x40 /* sockaddr for author of redirect */
Index: share/man/man9/route.9
===================================================================
RCS file: /cvs/src/share/man/man9/route.9,v
retrieving revision 1.7
diff -u -p -r1.7 route.9
--- share/man/man9/route.9 20 Jan 2014 05:07:49 -0000 1.7
+++ share/man/man9/route.9 22 Jan 2014 03:10:23 -0000
@@ -92,7 +92,6 @@ struct rt_addrinfo {
#define RTAX_DST 0 /* destination sockaddr present */
#define RTAX_GATEWAY 1 /* gateway sockaddr present */
#define RTAX_NETMASK 2 /* netmask sockaddr present */
-#define RTAX_GENMASK 3 /* cloning mask sockaddr present */
#define RTAX_IFP 4 /* interface name sockaddr present */
#define RTAX_IFA 5 /* interface addr sockaddr present */
#define RTAX_AUTHOR 6 /* sockaddr for author of redirect */
Index: usr.sbin/route6d/route6d.c
===================================================================
RCS file: /cvs/src/usr.sbin/route6d/route6d.c,v
retrieving revision 1.60
diff -u -p -r1.60 route6d.c
--- usr.sbin/route6d/route6d.c 7 Jan 2014 19:23:13 -0000 1.60
+++ usr.sbin/route6d/route6d.c 22 Jan 2014 00:22:13 -0000
@@ -2487,13 +2487,13 @@ void
rt_entry(struct rt_msghdr *rtm, int again)
{
struct sockaddr_in6 *sin6_dst, *sin6_gw, *sin6_mask;
- struct sockaddr_in6 *sin6_genmask, *sin6_ifp;
+ struct sockaddr_in6 *sin6_ifp;
char *rtmp, *ifname = NULL;
struct riprt *rrt, *orrt;
struct netinfo6 *np;
int s;
- sin6_dst = sin6_gw = sin6_mask = sin6_genmask = sin6_ifp = 0;
+ sin6_dst = sin6_gw = sin6_mask = sin6_ifp = 0;
if ((rtm->rtm_flags & RTF_UP) == 0 || rtm->rtm_flags &
(RTF_CLONING|RTF_XRESOLVE|RTF_LLINFO|RTF_BLACKHOLE)) {
return; /* not interested in the link route */
@@ -2526,10 +2526,6 @@ rt_entry(struct rt_msghdr *rtm, int agai
if (rtm->rtm_addrs & RTA_NETMASK) {
sin6_mask = (struct sockaddr_in6 *)rtmp;
rtmp += ROUNDUP(sin6_mask->sin6_len);
- }
- if (rtm->rtm_addrs & RTA_GENMASK) {
- sin6_genmask = (struct sockaddr_in6 *)rtmp;
- rtmp += ROUNDUP(sin6_genmask->sin6_len);
}
if (rtm->rtm_addrs & RTA_IFP) {
sin6_ifp = (struct sockaddr_in6 *)rtmp;
#### kernel bits ####
Remove rt_genmask and always force cloned routes to be host routes.
It keeps the RTAX_GENMASK and RTA_GENMASK defines but rtsock.c will return
EINVAL for any message that passes a genmask in.
Index: net/route.c
===================================================================
RCS file: /cvs/src/sys/net/route.c,v
retrieving revision 1.149
diff -u -p -r1.149 route.c
--- net/route.c 10 Jan 2014 14:29:08 -0000 1.149
+++ net/route.c 22 Jan 2014 03:16:11 -0000
@@ -813,8 +813,7 @@ rtrequest1(int req, struct rt_addrinfo *
info->rti_flags = rt->rt_flags & ~(RTF_CLONING | RTF_STATIC);
info->rti_flags |= RTF_CLONED;
info->rti_info[RTAX_GATEWAY] = rt->rt_gateway;
- if ((info->rti_info[RTAX_NETMASK] = rt->rt_genmask) == NULL)
- info->rti_flags |= RTF_HOST;
+ info->rti_flags |= RTF_HOST;
info->rti_info[RTAX_LABEL] =
rtlabel_id2sa(rt->rt_labelid, &sa_rl2);
/* FALLTHROUGH */
Index: net/route.h
===================================================================
RCS file: /cvs/src/sys/net/route.h,v
retrieving revision 1.85
diff -u -p -r1.85 route.h
--- net/route.h 20 Jan 2014 22:44:41 -0000 1.85
+++ net/route.h 22 Jan 2014 03:16:11 -0000
@@ -104,7 +104,6 @@ struct rtentry {
int rt_refcnt; /* # held references */
struct ifnet *rt_ifp; /* the answer: interface to use */
struct ifaddr *rt_ifa; /* the answer: interface addr to use */
- struct sockaddr *rt_genmask; /* for generation of cloned routes */
caddr_t rt_llinfo; /* pointer to link level info cache or
to an MPLS structure */
struct rt_kmetrics rt_rmx; /* metrics used by rx'ing protocols */
Index: net/rtsock.c
===================================================================
RCS file: /cvs/src/sys/net/rtsock.c,v
retrieving revision 1.136
diff -u -p -r1.136 rtsock.c
--- net/rtsock.c 21 Jan 2014 10:08:02 -0000 1.136
+++ net/rtsock.c 22 Jan 2014 03:16:11 -0000
@@ -560,25 +560,11 @@ route_output(struct mbuf *m, ...)
if (info.rti_info[RTAX_DST] == NULL ||
info.rti_info[RTAX_DST]->sa_family >= AF_MAX ||
(info.rti_info[RTAX_GATEWAY] != NULL &&
- info.rti_info[RTAX_GATEWAY]->sa_family >= AF_MAX)) {
+ info.rti_info[RTAX_GATEWAY]->sa_family >= AF_MAX) ||
+ info.rti_info[RTAX_GENMASK] != NULL) {
error = EINVAL;
goto flush;
}
- if (info.rti_info[RTAX_GENMASK] != NULL) {
- struct radix_node *t;
- t = rn_addmask(info.rti_info[RTAX_GENMASK], 0, 1);
- if (t && info.rti_info[RTAX_GENMASK]->sa_len >=
- ((struct sockaddr *)t->rn_key)->sa_len &&
- memcmp((caddr_t *)info.rti_info[RTAX_GENMASK] + 1,
- (caddr_t *)t->rn_key + 1,
- ((struct sockaddr *)t->rn_key)->sa_len) - 1)
- info.rti_info[RTAX_GENMASK] =
- (struct sockaddr *)(t->rn_key);
- else {
- error = ENOBUFS;
- goto flush;
- }
- }
#ifdef MPLS
info.rti_mpls = rtm->rtm_mpls;
#endif
@@ -595,7 +581,6 @@ route_output(struct mbuf *m, ...)
rt_setmetrics(rtm->rtm_inits, &rtm->rtm_rmx,
&saved_nrt->rt_rmx);
saved_nrt->rt_refcnt--;
- saved_nrt->rt_genmask = info.rti_info[RTAX_GENMASK];
/* write back the priority the kernel used */
rtm->rtm_priority = saved_nrt->rt_priority & RTP_MASK;
rtm->rtm_index = saved_nrt->rt_ifp->if_index;
@@ -701,7 +686,6 @@ report:
info.rti_info[RTAX_DST] = rt_key(rt);
info.rti_info[RTAX_GATEWAY] = rt->rt_gateway;
info.rti_info[RTAX_NETMASK] = rt_mask(rt);
- info.rti_info[RTAX_GENMASK] = rt->rt_genmask;
if (rt->rt_labelid) {
bzero(&sa_rt, sizeof(sa_rt));
@@ -868,8 +852,6 @@ report:
rtm->rtm_flags = rt->rt_flags;
if (rt->rt_ifa && rt->rt_ifa->ifa_rtrequest)
rt->rt_ifa->ifa_rtrequest(RTM_ADD, rt);
- if (info.rti_info[RTAX_GENMASK])
- rt->rt_genmask = info.rti_info[RTAX_GENMASK];
if (info.rti_info[RTAX_LABEL] != NULL) {
char *rtlabel = ((struct sockaddr_rtlabel *)
info.rti_info[RTAX_LABEL])->sr_label;
@@ -1059,7 +1041,7 @@ again:
for (i = 0; i < RTAX_MAX; i++) {
struct sockaddr *sa;
- if ((sa = rtinfo->rti_info[i]) == 0)
+ if ((sa = rtinfo->rti_info[i]) == NULL)
continue;
rtinfo->rti_addrs |= (1 << i);
dlen = ROUNDUP(sa->sa_len);
@@ -1280,7 +1262,6 @@ sysctl_dumpentry(struct radix_node *rn,
info.rti_info[RTAX_DST] = rt_key(rt);
info.rti_info[RTAX_GATEWAY] = rt->rt_gateway;
info.rti_info[RTAX_NETMASK] = rt_mask(rt);
- info.rti_info[RTAX_GENMASK] = rt->rt_genmask;
if (rt->rt_ifp) {
info.rti_info[RTAX_IFP] =
TAILQ_FIRST(&rt->rt_ifp->if_addrlist)->ifa_addr;
Index: netinet/if_ether.c
===================================================================
RCS file: /cvs/src/sys/netinet/if_ether.c,v
retrieving revision 1.117
diff -u -p -r1.117 if_ether.c
--- netinet/if_ether.c 10 Jan 2014 14:29:08 -0000 1.117
+++ netinet/if_ether.c 22 Jan 2014 03:16:11 -0000
@@ -1121,8 +1121,6 @@ db_show_radix_node(struct radix_node *rn
db_printf(" ifa=%p\n", rt->rt_ifa);
db_print_ifa(rt->rt_ifa);
- db_printf(" genmask="); db_print_sa(rt->rt_genmask);
-
db_printf(" gwroute=%p llinfo=%p\n", rt->rt_gwroute, rt->rt_llinfo);
db_print_llinfo(rt->rt_llinfo);
return (0);
