From 2b8d8fe92a0fd5c0e019677c13028e0a456ea8f2 Mon Sep 17 00:00:00 2001 From: Beniamino Galvani Date: Mon, 29 Apr 2024 11:30:34 +0200 Subject: [PATCH 1/2] platform: don't set RTM_F_LOOKUP_TABLE for IPv6 RTM_F_LOOKUP_TABLE is only needed for IPv4. IPv6 dumps with the flag are rejected in strict mode. --- src/libnm-platform/nm-linux-platform.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/libnm-platform/nm-linux-platform.c b/src/libnm-platform/nm-linux-platform.c index 5b595a9b71..fd23612fd6 100644 --- a/src/libnm-platform/nm-linux-platform.c +++ b/src/libnm-platform/nm-linux-platform.c @@ -337,6 +337,11 @@ struct _ifla_vf_vlan_info { #define BRIDGE_VLAN_INFO_RANGE_END (1 << 4) /* VLAN is end of vlan range */ #endif +/* Appeared in kernel 4.2 dated August 2015 */ +#ifndef RTM_F_LOOKUP_TABLE +#define RTM_F_LOOKUP_TABLE 0x1000 /* set rtm_table to FIB lookup result */ +#endif + /*****************************************************************************/ #define PSCHED_TIME_UNITS_PER_SEC 1000000 @@ -10307,7 +10312,7 @@ ip_route_get(NMPlatform *platform, .r.rtm_family = addr_family, .r.rtm_tos = 0, .r.rtm_dst_len = IS_IPv4 ? 32 : 128, - .r.rtm_flags = 0x1000 /* RTM_F_LOOKUP_TABLE */, + .r.rtm_flags = IS_IPv4 ? RTM_F_LOOKUP_TABLE : 0, }; nm_clear_pointer(&route, nmp_object_unref); From 185932a1a2d8df7b3d61154e77523ea4bef5c33b Mon Sep 17 00:00:00 2001 From: Beniamino Galvani Date: Sun, 28 Apr 2024 23:22:56 +0200 Subject: [PATCH 2/2] platform: enable strict check on netlink socket dumps In the future we might want to specify filters when requesting netlink dumps; this requires that strict check is enabled on the socket. When enabling strict check, we need to pass a full struct in the netlink message, otherwise kernel ignores it. This commit doesn't change behavior. --- src/libnm-platform/nm-linux-platform.c | 37 +++++++++++++++++++++----- src/libnm-platform/nm-netlink.c | 1 + 2 files changed, 32 insertions(+), 6 deletions(-) diff --git a/src/libnm-platform/nm-linux-platform.c b/src/libnm-platform/nm-linux-platform.c index fd23612fd6..8836f3d70b 100644 --- a/src/libnm-platform/nm-linux-platform.c +++ b/src/libnm-platform/nm-linux-platform.c @@ -7789,17 +7789,42 @@ _nl_msg_new_dump_rtnl(NMPObjectType obj_type, int preferred_addr_family) g_return_val_if_reached(NULL); } break; case NMP_OBJECT_TYPE_LINK: + { + struct ifinfomsg ifm = {}; + + if (nlmsg_append_struct(nlmsg, &ifm) < 0) + g_return_val_if_reached(NULL); + break; + } case NMP_OBJECT_TYPE_IP4_ADDRESS: case NMP_OBJECT_TYPE_IP6_ADDRESS: - case NMP_OBJECT_TYPE_IP4_ROUTE: - case NMP_OBJECT_TYPE_IP6_ROUTE: - case NMP_OBJECT_TYPE_ROUTING_RULE: { - const struct rtgenmsg gmsg = { - .rtgen_family = preferred_addr_family, + struct ifaddrmsg ifm = { + .ifa_family = preferred_addr_family, }; - if (nlmsg_append_struct(nlmsg, &gmsg) < 0) + if (nlmsg_append_struct(nlmsg, &ifm) < 0) + g_return_val_if_reached(NULL); + break; + } + case NMP_OBJECT_TYPE_IP4_ROUTE: + case NMP_OBJECT_TYPE_IP6_ROUTE: + { + struct rtmsg rtm = { + .rtm_family = preferred_addr_family, + }; + + if (nlmsg_append_struct(nlmsg, &rtm) < 0) + g_return_val_if_reached(NULL); + break; + } + case NMP_OBJECT_TYPE_ROUTING_RULE: + { + struct fib_rule_hdr frh = { + .family = preferred_addr_family, + }; + + if (nlmsg_append_struct(nlmsg, &frh) < 0) g_return_val_if_reached(NULL); } break; default: diff --git a/src/libnm-platform/nm-netlink.c b/src/libnm-platform/nm-netlink.c index 6d15312882..5bbbcc8474 100644 --- a/src/libnm-platform/nm-netlink.c +++ b/src/libnm-platform/nm-netlink.c @@ -1152,6 +1152,7 @@ nl_socket_new(struct nl_sock **out_sk, i_val = 1; (void) setsockopt(sk->s_fd, SOL_NETLINK, NETLINK_EXT_ACK, &i_val, sizeof(i_val)); + (void) setsockopt(sk->s_fd, SOL_NETLINK, NETLINK_GET_STRICT_CHK, &i_val, sizeof(i_val)); if (NM_FLAGS_HAS(flags, NL_SOCKET_FLAGS_PASSCRED)) { err = nl_socket_set_passcred(sk, 1);