Page MenuHomeFreeBSD
Differential D48650

routing: do not allow PINNED routes to be overridden
ClosedPublic
Actions

Authored by ae on Jan 24 2025, 9:01 AM.
Tags
None
Referenced Files
F112516618: D48650.id149865.diff
Wed, Mar 19, 5:01 AM
Unknown Object (File)
Sun, Mar 2, 10:57 AM
Unknown Object (File)
Tue, Feb 25, 1:03 PM
Unknown Object (File)
Feb 14 2025, 1:04 PM
Unknown Object (File)
Feb 13 2025, 12:11 AM
Unknown Object (File)
Feb 9 2025, 12:46 AM
Unknown Object (File)
Feb 4 2025, 6:40 AM
Unknown Object (File)
Jan 30 2025, 5:16 AM
View All 11 Files
Subscribers
asomers
glebius
imp
jlduran
markj
melifaro

Details

Reviewers
melifaro
glebius
Group Reviewers
network
Commits
rGb297093ebab6: routing: do not allow PINNED routes to be overriden
rG01ade56eba14: routing: do not allow PINNED routes to be overriden
rG361a8395f0b0: routing: do not allow PINNED routes to be overriden
Summary

First configured PINNED routes should have higher priority.
This also should fix test_routing_l3 that is broken after D47534.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

ae created this revision.Jan 24 2025, 9:01 AM
ae held this revision as a draft.
Herald added a reviewer: melifaro. · View Herald TranscriptJan 24 2025, 9:01 AM
Herald added subscribers: glebius, melifaro, imp. · View Herald Transcript
Harbormaster completed remote builds in B61972: Diff 149864.Jan 24 2025, 9:01 AM
ae updated this revision to Diff 149865.Jan 24 2025, 9:07 AM

Simplify the check.

Harbormaster completed remote builds in B61973: Diff 149865.Jan 24 2025, 9:07 AM
ae published this revision for review.Jan 24 2025, 9:08 AM
ae added reviewers: glebius, network.
jlduran added a subscriber: jlduran.Jan 24 2025, 2:53 PM

Thank you for taking a look at this!
Not only it fixes D47534, it also does not break D47585 (introduce a regression).

markj added subscribers: asomers, markj.Jan 24 2025, 3:37 PM

This change addresses the failing test, but there's a new failure in sys/netinet/fibs_test:same_ip_multiple_ifaces_fib0. The test creates two interfaces, then assigns the same IP address to each, with different masks. With this change, the second address assignment fails with EEXIST.

I'm not sure if that's actually a valid thing to do in practice; see https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=189089 . Maybe @asomers remembers?

asomers added a comment.Jan 24 2025, 4:46 PM
In D48650#1109739, @markj wrote:

This change addresses the failing test, but there's a new failure in sys/netinet/fibs_test:same_ip_multiple_ifaces_fib0. The test creates two interfaces, then assigns the same IP address to each, with different masks. With this change, the second address assignment fails with EEXIST.

I'm not sure if that's actually a valid thing to do in practice; see https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=189089 . Maybe @asomers remembers?

At the time I wrote that test, I was doing a bunch of changes to make multiple fibs work better. Not just for firewalls, but for applications. I'm sure that my then-employer didn't have a use case for assigning the same IP address to multiple interfaces on the same fib at the same time. I probably found the crash bug just through exploratory testing. And I think that the purpose of the test was just to ensure that the system didn't panic.

jlduran mentioned this in D48902: tests: Guard against testing without scapy.Feb 10 2025, 10:15 PM
This revision was not accepted when it landed; it landed in state Needs Review.Sun, Mar 2, 10:57 AM
Closed by commit rG361a8395f0b0: routing: do not allow PINNED routes to be overriden (authored by ae). · Explain Why
This revision was automatically updated to reflect the committed changes.
ae added a commit: rG361a8395f0b0: routing: do not allow PINNED routes to be overriden.
ae added a commit: rG01ade56eba14: routing: do not allow PINNED routes to be overriden.Tue, Mar 18, 9:11 AM
ae added a commit: rGb297093ebab6: routing: do not allow PINNED routes to be overriden.

Revision Contents
Changeset List

PathSize
sys/
net/
route/
2 lines

Diff 151745

View Options

sys/net/route/route_ctl.c

Loading...