Re: route label of cloned routes

Tue, 15 Nov 2016 16:08:53 -0800 

On Tue, Nov 15, 2016 at 04:33:13PM +0000, Rivo Nurges wrote:
> PF allows to filter based on route labels. Cloned routes created by PMTU 
> don't inherit route labels and PF filtering fails.

We inherit the label for cloned routes, it makes sense to inherit
it also for dynamic routes.

> This patch will inherit route label from route it gets cloned.

The IPv6 part is missing.  I would like to commit this diff:

ok?

bluhm

Index: netinet/ip_icmp.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/ip_icmp.c,v
retrieving revision 1.154
diff -u -p -r1.154 ip_icmp.c
--- netinet/ip_icmp.c   14 Nov 2016 03:51:53 -0000      1.154
+++ netinet/ip_icmp.c   15 Nov 2016 23:35:18 -0000
@@ -951,11 +951,14 @@ icmp_mtudisc_clone(struct in_addr dst, u
        if ((rt->rt_flags & RTF_HOST) == 0) {
                struct rtentry *nrt;
                struct rt_addrinfo info;
+               struct sockaddr_rtlabel sa_rl;
 
                memset(&info, 0, sizeof(info));
+               info.rti_flags = RTF_GATEWAY | RTF_HOST | RTF_DYNAMIC;
                info.rti_info[RTAX_DST] = sintosa(&sin);
                info.rti_info[RTAX_GATEWAY] = rt->rt_gateway;
-               info.rti_flags = RTF_GATEWAY | RTF_HOST | RTF_DYNAMIC;
+               info.rti_info[RTAX_LABEL] =
+                   rtlabel_id2sa(rt->rt_labelid, &sa_rl);
 
                error = rtrequest(RTM_ADD, &info, RTP_DEFAULT, &nrt, rtableid);
                if (error) {
Index: netinet6/icmp6.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet6/icmp6.c,v
retrieving revision 1.191
diff -u -p -r1.191 icmp6.c
--- netinet6/icmp6.c    9 Nov 2016 09:04:48 -0000       1.191
+++ netinet6/icmp6.c    15 Nov 2016 23:43:25 -0000
@@ -1912,14 +1912,17 @@ icmp6_mtudisc_clone(struct sockaddr *dst
 
        /* If we didn't get a host route, allocate one */
        if ((rt->rt_flags & RTF_HOST) == 0) {
-               struct rt_addrinfo info;
                struct rtentry *nrt;
+               struct rt_addrinfo info;
+               struct sockaddr_rtlabel sa_rl;
                int s;
 
-               bzero(&info, sizeof(info));
+               memset(&info, 0, sizeof(info));
                info.rti_flags = RTF_GATEWAY | RTF_HOST | RTF_DYNAMIC;
                info.rti_info[RTAX_DST] = dst;
                info.rti_info[RTAX_GATEWAY] = rt->rt_gateway;
+               info.rti_info[RTAX_LABEL] =
+                   rtlabel_id2sa(rt->rt_labelid, &sa_rl);
 
                s = splsoftnet();
                error = rtrequest(RTM_ADD, &info, rt->rt_priority, &nrt,

Reply via email to