summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRuss White <russ@riw.us>2018-07-23 23:45:44 +0200
committerGitHub <noreply@github.com>2018-07-23 23:45:44 +0200
commitaf9036b76d38132eedcfd0adba8a32377abb3fb6 (patch)
tree607476d74938631fb34a523df437435a3db6800e
parentMerge pull request #2697 from mjstapp/routemap_const (diff)
parentRemove not needed filters and fix typos (diff)
downloadfrr-af9036b76d38132eedcfd0adba8a32377abb3fb6.tar.xz
frr-af9036b76d38132eedcfd0adba8a32377abb3fb6.zip
Merge pull request #2698 from sworleys/Netlink-Filter-AFI
zebra: Add address family filters
-rw-r--r--zebra/if_netlink.c14
-rw-r--r--zebra/rt_netlink.c15
-rw-r--r--zebra/rule_netlink.c6
3 files changed, 33 insertions, 2 deletions
diff --git a/zebra/if_netlink.c b/zebra/if_netlink.c
index 8f6e31cfa..2743f34cb 100644
--- a/zebra/if_netlink.c
+++ b/zebra/if_netlink.c
@@ -891,8 +891,12 @@ int netlink_interface_addr(struct nlmsghdr *h, ns_id_t ns_id, int startup)
zns = zebra_ns_lookup(ns_id);
ifa = NLMSG_DATA(h);
- if (ifa->ifa_family != AF_INET && ifa->ifa_family != AF_INET6)
+ if (ifa->ifa_family != AF_INET && ifa->ifa_family != AF_INET6) {
+ zlog_warn(
+ "Invalid address family: %d received from kernel interface addr change: %d",
+ ifa->ifa_family, h->nlmsg_type);
return 0;
+ }
if (h->nlmsg_type != RTM_NEWADDR && h->nlmsg_type != RTM_DELADDR)
return 0;
@@ -1114,6 +1118,14 @@ int netlink_link_change(struct nlmsghdr *h, ns_id_t ns_id, int startup)
return 0;
}
+ if (!(ifi->ifi_family == AF_UNSPEC || ifi->ifi_family == AF_BRIDGE
+ || ifi->ifi_family == AF_INET6)) {
+ zlog_warn(
+ "Invalid address family: %d received from kernel link change: %d",
+ ifi->ifi_family, h->nlmsg_type);
+ return 0;
+ }
+
len = h->nlmsg_len - NLMSG_LENGTH(sizeof(struct ifinfomsg));
if (len < 0) {
zlog_err("%s: Message received from netlink is of a broken size %d %zu",
diff --git a/zebra/rt_netlink.c b/zebra/rt_netlink.c
index 485abc3f1..b346247d4 100644
--- a/zebra/rt_netlink.c
+++ b/zebra/rt_netlink.c
@@ -740,6 +740,15 @@ int netlink_route_change(struct nlmsghdr *h, ns_id_t ns_id, int startup)
return 0;
}
+ if (!(rtm->rtm_family == AF_INET || rtm->rtm_family == AF_INET6
+ || rtm->rtm_family == AF_ETHERNET
+ || rtm->rtm_family == AF_MPLS)) {
+ zlog_warn(
+ "Invalid address family: %d received from kernel route change: %d",
+ rtm->rtm_family, h->nlmsg_type);
+ return 0;
+ }
+
/* Connected route. */
if (IS_ZEBRA_DEBUG_KERNEL)
zlog_debug("%s %s %s proto %s NS %u",
@@ -2386,6 +2395,12 @@ int netlink_neigh_change(struct nlmsghdr *h, ns_id_t ns_id)
if (ndm->ndm_family == AF_INET || ndm->ndm_family == AF_INET6)
return netlink_ipneigh_change(h, len, ns_id);
+ else {
+ zlog_warn(
+ "Invalid address family: %d received from kernel neighbor change: %d",
+ ndm->ndm_family, h->nlmsg_type);
+ return 0;
+ }
return 0;
}
diff --git a/zebra/rule_netlink.c b/zebra/rule_netlink.c
index c7a8517e1..d683e92bc 100644
--- a/zebra/rule_netlink.c
+++ b/zebra/rule_netlink.c
@@ -204,8 +204,12 @@ int netlink_rule_change(struct nlmsghdr *h, ns_id_t ns_id, int startup)
}
frh = NLMSG_DATA(h);
- if (frh->family != AF_INET && frh->family != AF_INET6)
+ if (frh->family != AF_INET && frh->family != AF_INET6) {
+ zlog_warn(
+ "Invalid address family: %d received from kernel rule change: %d",
+ frh->family, h->nlmsg_type);
return 0;
+ }
if (frh->action != FR_ACT_TO_TBL)
return 0;