diff options
author | Russ White <russ@riw.us> | 2018-07-23 23:45:44 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-07-23 23:45:44 +0200 |
commit | af9036b76d38132eedcfd0adba8a32377abb3fb6 (patch) | |
tree | 607476d74938631fb34a523df437435a3db6800e | |
parent | Merge pull request #2697 from mjstapp/routemap_const (diff) | |
parent | Remove not needed filters and fix typos (diff) | |
download | frr-af9036b76d38132eedcfd0adba8a32377abb3fb6.tar.xz frr-af9036b76d38132eedcfd0adba8a32377abb3fb6.zip |
Merge pull request #2698 from sworleys/Netlink-Filter-AFI
zebra: Add address family filters
-rw-r--r-- | zebra/if_netlink.c | 14 | ||||
-rw-r--r-- | zebra/rt_netlink.c | 15 | ||||
-rw-r--r-- | zebra/rule_netlink.c | 6 |
3 files changed, 33 insertions, 2 deletions
diff --git a/zebra/if_netlink.c b/zebra/if_netlink.c index 8f6e31cfa..2743f34cb 100644 --- a/zebra/if_netlink.c +++ b/zebra/if_netlink.c @@ -891,8 +891,12 @@ int netlink_interface_addr(struct nlmsghdr *h, ns_id_t ns_id, int startup) zns = zebra_ns_lookup(ns_id); ifa = NLMSG_DATA(h); - if (ifa->ifa_family != AF_INET && ifa->ifa_family != AF_INET6) + if (ifa->ifa_family != AF_INET && ifa->ifa_family != AF_INET6) { + zlog_warn( + "Invalid address family: %d received from kernel interface addr change: %d", + ifa->ifa_family, h->nlmsg_type); return 0; + } if (h->nlmsg_type != RTM_NEWADDR && h->nlmsg_type != RTM_DELADDR) return 0; @@ -1114,6 +1118,14 @@ int netlink_link_change(struct nlmsghdr *h, ns_id_t ns_id, int startup) return 0; } + if (!(ifi->ifi_family == AF_UNSPEC || ifi->ifi_family == AF_BRIDGE + || ifi->ifi_family == AF_INET6)) { + zlog_warn( + "Invalid address family: %d received from kernel link change: %d", + ifi->ifi_family, h->nlmsg_type); + return 0; + } + len = h->nlmsg_len - NLMSG_LENGTH(sizeof(struct ifinfomsg)); if (len < 0) { zlog_err("%s: Message received from netlink is of a broken size %d %zu", diff --git a/zebra/rt_netlink.c b/zebra/rt_netlink.c index 485abc3f1..b346247d4 100644 --- a/zebra/rt_netlink.c +++ b/zebra/rt_netlink.c @@ -740,6 +740,15 @@ int netlink_route_change(struct nlmsghdr *h, ns_id_t ns_id, int startup) return 0; } + if (!(rtm->rtm_family == AF_INET || rtm->rtm_family == AF_INET6 + || rtm->rtm_family == AF_ETHERNET + || rtm->rtm_family == AF_MPLS)) { + zlog_warn( + "Invalid address family: %d received from kernel route change: %d", + rtm->rtm_family, h->nlmsg_type); + return 0; + } + /* Connected route. */ if (IS_ZEBRA_DEBUG_KERNEL) zlog_debug("%s %s %s proto %s NS %u", @@ -2386,6 +2395,12 @@ int netlink_neigh_change(struct nlmsghdr *h, ns_id_t ns_id) if (ndm->ndm_family == AF_INET || ndm->ndm_family == AF_INET6) return netlink_ipneigh_change(h, len, ns_id); + else { + zlog_warn( + "Invalid address family: %d received from kernel neighbor change: %d", + ndm->ndm_family, h->nlmsg_type); + return 0; + } return 0; } diff --git a/zebra/rule_netlink.c b/zebra/rule_netlink.c index c7a8517e1..d683e92bc 100644 --- a/zebra/rule_netlink.c +++ b/zebra/rule_netlink.c @@ -204,8 +204,12 @@ int netlink_rule_change(struct nlmsghdr *h, ns_id_t ns_id, int startup) } frh = NLMSG_DATA(h); - if (frh->family != AF_INET && frh->family != AF_INET6) + if (frh->family != AF_INET && frh->family != AF_INET6) { + zlog_warn( + "Invalid address family: %d received from kernel rule change: %d", + frh->family, h->nlmsg_type); return 0; + } if (frh->action != FR_ACT_TO_TBL) return 0; |