[PATCH RFC v2 net-next 25/25] net: Enable kernel side filtering of route dumps

David Ahern Mon, 01 Oct 2018 17:29:33 -0700

From: David Ahern <dsah...@gmail.com>

Update parsing of route dump request to enable kernel side of filtering.


Signed-off-by: David Ahern <dsah...@gmail.com>
---
 net/ipv4/fib_frontend.c | 42 ++++++++++++++++++++++++++++++------------
 1 file changed, 30 insertions(+), 12 deletions(-)

diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c
index a3f4073e509a..d1ef1cb98139 100644
--- a/net/ipv4/fib_frontend.c
+++ b/net/ipv4/fib_frontend.c
@@ -806,7 +806,9 @@ int ip_valid_fib_dump_req(const struct nlmsghdr *nlh,
                          struct fib_dump_filter *filter,
                          struct netlink_ext_ack *extack)
 {
+       struct nlattr *tb[RTA_MAX + 1];
        struct rtmsg *rtm;
+       int err, i;
 
        if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*rtm))) {
                NL_SET_ERR_MSG(extack, "Invalid header");
@@ -814,21 +816,37 @@ int ip_valid_fib_dump_req(const struct nlmsghdr *nlh,
        }
 
        rtm = nlmsg_data(nlh);
-       if (rtm->rtm_dst_len || rtm->rtm_src_len  || rtm->rtm_tos   ||
-           rtm->rtm_table   || rtm->rtm_protocol || rtm->rtm_scope ||
-           rtm->rtm_type) {
-               NL_SET_ERR_MSG(extack,
-                              "Invalid values in header for dump request");
+       if (rtm->rtm_dst_len || rtm->rtm_src_len) {
+               NL_SET_ERR_MSG(extack, "Invalid values in header for dump 
request");
                return -EINVAL;
        }
 
-       if (rtm->rtm_flags & ~(RTM_F_CLONED | RTM_F_PREFIX)) {
-               NL_SET_ERR_MSG(extack, "Invalid flags for dump request");
-               return -EINVAL;
-       }
-       if (nlh->nlmsg_len != nlmsg_msg_size(sizeof(*rtm))) {
-               NL_SET_ERR_MSG(extack, "Invalid data after header");
-               return -EINVAL;
+       filter->flags    = rtm->rtm_flags;
+       filter->tos      = rtm->rtm_tos;
+       filter->protocol = rtm->rtm_protocol;
+       filter->scope    = rtm->rtm_scope;
+       filter->rt_type  = rtm->rtm_type;
+       filter->table_id = rtm->rtm_table;
+
+       err = nlmsg_parse(nlh, sizeof(*rtm), tb, RTA_MAX,
+                         rtm_ipv4_policy, extack);
+       if (err < 0)
+               return err;
+
+       for (i = 0; i <= RTA_MAX; ++i) {
+               if (!tb[i])
+                       continue;
+               switch (i) {
+               case RTA_TABLE:
+                       filter->table_id = nla_get_u32(tb[i]);
+                       break;
+               case RTA_OIF:
+                       filter->ifindex = nla_get_u32(tb[i]);
+                       break;
+               default:
+                       NL_SET_ERR_MSG(extack, "Unsupported attribute in dump 
request");
+                       return -EINVAL;
+               }
        }
 
        return 0;
-- 
2.11.0

[PATCH RFC v2 net-next 25/25] net: Enable kernel side filtering of route dumps

Reply via email to