| Message ID | 20230824125355.2762457-1-jo@mein.io |
|---|---|
| State | Under Review |
| Delegated to: | Jo-Philipp Wich |
| Headers | show |
| Series | [RFC,netifd,1/2] interface-ip: mask out host bits in IPv4 route targets | expand |
Hi Jo, Le jeu. 24 août 2023 à 08:55, Jo-Philipp Wich <jo@mein.io> a écrit : > > The kernel will reject attempts to install routes with target addresses > having host bits set with an "Invalid prefix for given prefix length" > error. > > A route configuration like the one below will silently fail to apply: > > config route > option interface lan > option target 10.40.40.1/24 > > Attempting to do the same with iproute2 will fail as well: > > # ip route add 10.40.40.1/24 dev br-lan > Error: Invalid prefix for given prefix length. > > However, for IPv6 route targets with set host bits are allowed: > > # ip -6 route add 3000::1/64 via fe80::1234:5678:9abcd:ef01 dev br-lan > # ip -6 route list 3000::1/64 > 3000::/64 via fe80::1234:5678:9abc:def1 dev br-lan metric 1024 pref medium > > In order to stay consistent here, and to avoid unecessary configuration > pitfalls, make netifd more lenient and simply mask out excess host bits > while parsing IPv4 route configuration. > > Signed-off-by: Jo-Philipp Wich <jo@mein.io> > --- > interface-ip.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/interface-ip.c b/interface-ip.c > index a06a514..fee29a9 100644 > --- a/interface-ip.c > +++ b/interface-ip.c > @@ -441,6 +441,10 @@ interface_ip_add_route(struct interface *iface, struct blob_attr *attr, bool v6) > DPRINTF("Failed to parse route target: %s\n", (char *) blobmsg_data(cur)); > goto error; > } > + > + /* Mask out IPv4 host bits to avoid "Invalid prefix for given prefix length" */ > + if (af == AF_INET && route->mask < 32) > + route->addr.in.s_addr &= ((1u << route->mask) - 1); Maybe print a warning / info message if the route was fixed Etienne
diff --git a/interface-ip.c b/interface-ip.c index a06a514..fee29a9 100644 --- a/interface-ip.c +++ b/interface-ip.c @@ -441,6 +441,10 @@ interface_ip_add_route(struct interface *iface, struct blob_attr *attr, bool v6) DPRINTF("Failed to parse route target: %s\n", (char *) blobmsg_data(cur)); goto error; } + + /* Mask out IPv4 host bits to avoid "Invalid prefix for given prefix length" */ + if (af == AF_INET && route->mask < 32) + route->addr.in.s_addr &= ((1u << route->mask) - 1); } if ((cur = tb[ROUTE_GATEWAY]) != NULL) {
The kernel will reject attempts to install routes with target addresses having host bits set with an "Invalid prefix for given prefix length" error. A route configuration like the one below will silently fail to apply: config route option interface lan option target 10.40.40.1/24 Attempting to do the same with iproute2 will fail as well: # ip route add 10.40.40.1/24 dev br-lan Error: Invalid prefix for given prefix length. However, for IPv6 route targets with set host bits are allowed: # ip -6 route add 3000::1/64 via fe80::1234:5678:9abcd:ef01 dev br-lan # ip -6 route list 3000::1/64 3000::/64 via fe80::1234:5678:9abc:def1 dev br-lan metric 1024 pref medium In order to stay consistent here, and to avoid unecessary configuration pitfalls, make netifd more lenient and simply mask out excess host bits while parsing IPv4 route configuration. Signed-off-by: Jo-Philipp Wich <jo@mein.io> --- interface-ip.c | 4 ++++ 1 file changed, 4 insertions(+)