Hi David, On Tue, 03 Oct 2017 14:54:18 -0700 (PDT) David Miller <da...@davemloft.net> wrote:
> I don't see any inconsistency. When you insert using NLM_F_EXCL the > insertion fails if any existing rule matches or overlaps in any way > with the keys in the new rule. Please note that current situation is as follows: A: Generic (non /0), followed by specific that overlaps, ALLOWED # ip ru add from 0.0.0.0/1 iif eth2 pref 33 table 33 # ip ru add from 10.0.0.0/8 iif eth2 pref 33 table 33 A Reversed: Specific, followed by generic (non /0) that overlaps, ALLOWED # ip ru add from 10.0.0.0/8 iif eth2 pref 33 table 33 # ip ru add from 0.0.0.0/1 iif eth2 pref 33 table 33 B: 0.0.0.0/0, followed by specific that overlaps, ALLOWED # ip ru add from 0.0.0.0/0 iif eth2 pref 33 table 33 # ip ru add from 10.0.0.0/8 iif eth2 pref 33 table 33 B Reversed: Specific, followed by 0.0.0.0/0, FAILS # ip ru add from 10.0.0.0/8 iif eth2 pref 33 table 33 # ip ru add from 0.0.0.0/0 iif eth2 pref 33 table 33 (File exists) Is there any reason why 0.0.0.0/0 should be treated differently, meaning, insertion of 0.0.0.0/0 is order dependant (where other overlapping rules are allowed REGARDLESS order of insertion)? Please do note there is absolutely NO "overlapping" detection logic in 'fib4_rule_compare' whatsoever; just strict comparison of the FRA_SRC addresses. The only exception is if the new FRA_SRC address is 0.0.0.0/0 - which is considered "colliding" with ANY existing rule. The "treat /0 as a collision" existed way prior NLM_F_EXCL enforcement was introduced, as the single usecase of ->compare() was for DELRULE which had wildcard semantics. Alas for NEWRULE+NLM_F_EXCL it exposes the above anomaly. Best, Shmulik
