Re: route label of cloned routes

[Claudio Jeker]

On Wed, Nov 16, 2016 at 01:08:11AM +0100, Alexander Bluhm wrote:
> On Tue, Nov 15, 2016 at 04:33:13PM +0000, Rivo Nurges wrote:
> > PF allows to filter based on route labels. Cloned routes created by PMTU 
> > don't inherit route labels and PF filtering fails.
> 
> We inherit the label for cloned routes, it makes sense to inherit
> it also for dynamic routes.
> 

Indeed.

> > This patch will inherit route label from route it gets cloned.
> 
> The IPv6 part is missing.  I would like to commit this diff:
> 
> ok?
> 

OK claudio@

> bluhm
> 
> Index: netinet/ip_icmp.c
> ===================================================================
> RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/ip_icmp.c,v
> retrieving revision 1.154
> diff -u -p -r1.154 ip_icmp.c
> --- netinet/ip_icmp.c 14 Nov 2016 03:51:53 -0000      1.154
> +++ netinet/ip_icmp.c 15 Nov 2016 23:35:18 -0000
> @@ -951,11 +951,14 @@ icmp_mtudisc_clone(struct in_addr dst, u
>       if ((rt->rt_flags & RTF_HOST) == 0) {
>               struct rtentry *nrt;
>               struct rt_addrinfo info;
> +             struct sockaddr_rtlabel sa_rl;
>  
>               memset(&info, 0, sizeof(info));
> +             info.rti_flags = RTF_GATEWAY | RTF_HOST | RTF_DYNAMIC;
>               info.rti_info[RTAX_DST] = sintosa(&sin);
>               info.rti_info[RTAX_GATEWAY] = rt->rt_gateway;
> -             info.rti_flags = RTF_GATEWAY | RTF_HOST | RTF_DYNAMIC;
> +             info.rti_info[RTAX_LABEL] =
> +                 rtlabel_id2sa(rt->rt_labelid, &sa_rl);
>  
>               error = rtrequest(RTM_ADD, &info, RTP_DEFAULT, &nrt, rtableid);
>               if (error) {
> Index: netinet6/icmp6.c
> ===================================================================
> RCS file: /data/mirror/openbsd/cvs/src/sys/netinet6/icmp6.c,v
> retrieving revision 1.191
> diff -u -p -r1.191 icmp6.c
> --- netinet6/icmp6.c  9 Nov 2016 09:04:48 -0000       1.191
> +++ netinet6/icmp6.c  15 Nov 2016 23:43:25 -0000
> @@ -1912,14 +1912,17 @@ icmp6_mtudisc_clone(struct sockaddr *dst
>  
>       /* If we didn't get a host route, allocate one */
>       if ((rt->rt_flags & RTF_HOST) == 0) {
> -             struct rt_addrinfo info;
>               struct rtentry *nrt;
> +             struct rt_addrinfo info;
> +             struct sockaddr_rtlabel sa_rl;
>               int s;
>  
> -             bzero(&info, sizeof(info));
> +             memset(&info, 0, sizeof(info));
>               info.rti_flags = RTF_GATEWAY | RTF_HOST | RTF_DYNAMIC;
>               info.rti_info[RTAX_DST] = dst;
>               info.rti_info[RTAX_GATEWAY] = rt->rt_gateway;
> +             info.rti_info[RTAX_LABEL] =
> +                 rtlabel_id2sa(rt->rt_labelid, &sa_rl);
>  
>               s = splsoftnet();
>               error = rtrequest(RTM_ADD, &info, rt->rt_priority, &nrt,
> 

-- 
:wq Claudio