diff options
-rw-r--r-- | nest/rt-table.c | 29 | ||||
-rw-r--r-- | proto/pipe/pipe.c | 25 |
2 files changed, 44 insertions, 10 deletions
diff --git a/nest/rt-table.c b/nest/rt-table.c index 186a2dc..a8d0fee 100644 --- a/nest/rt-table.c +++ b/nest/rt-table.c @@ -403,6 +403,26 @@ rte_recalculate(rtable *table, net *net, struct proto *p, struct proto *src, rte { if (old->attrs->proto == src) { + /* If there is the same route in the routing table but from + * a different sender, then there are two paths from the + * source protocol to this routing table through transparent + * pipes, which is not allowed. + * + * We log that and ignore the route. If it is withdraw, we + * ignore it completely (there might be 'spurious withdraws', + * see FIXME in do_rte_announce()) + */ + if (old->sender != p) + { + if (new) + { + log(L_ERR "Pipe collision detected when sending %I/%d to table %s", + net->n.prefix, net->n.pxlen, table->name); + rte_free_quick(new); + } + return; + } + if (new && rte_same(old, new)) { /* No changes, ignore the new route */ @@ -597,11 +617,12 @@ rte_update(rtable *table, net *net, struct proto *p, struct proto *src, rte *new new->sender = p; struct filter *filter = p->in_filter; - /* Do not filter routes going to the secondary side of the pipe, - that should only go through export filter. - FIXME Make a better check whether p is really a pipe. */ - if (p->table != table) + /* Do not filter routes going through the pipe, + they are filtered in the export filter only. */ +#ifdef CONFIG_PIPE + if (p->proto == &proto_pipe) filter = FILTER_ACCEPT; +#endif p->stats.imp_updates_received++; if (!rte_validate(new)) diff --git a/proto/pipe/pipe.c b/proto/pipe/pipe.c index e57c9ef..c117f3b 100644 --- a/proto/pipe/pipe.c +++ b/proto/pipe/pipe.c @@ -31,7 +31,7 @@ #include "pipe.h" static void -pipe_send(struct pipe_proto *p, rtable *dest, net *n, rte *new, rte *old, ea_list *attrs) +pipe_send(struct pipe_proto *p, rtable *src_table, rtable *dest, net *n, rte *new, rte *old, ea_list *attrs) { struct proto *src; net *nn; @@ -80,9 +80,9 @@ pipe_send(struct pipe_proto *p, rtable *dest, net *n, rte *new, rte *old, ea_lis src = old->attrs->proto; } - dest->pipe_busy = 1; + src_table->pipe_busy = 1; rte_update(dest, nn, &p->p, (p->mode == PIPE_OPAQUE) ? &p->p : src, e); - dest->pipe_busy = 0; + src_table->pipe_busy = 0; } static void @@ -91,7 +91,7 @@ pipe_rt_notify_pri(struct proto *P, net *net, rte *new, rte *old, ea_list *attrs struct pipe_proto *p = (struct pipe_proto *) P; DBG("PIPE %c> %I/%d\n", (new ? '+' : '-'), net->n.prefix, net->n.pxlen); - pipe_send(p, p->peer, net, new, old, attrs); + pipe_send(p, p->p.table, p->peer, net, new, old, attrs); } static void @@ -100,7 +100,7 @@ pipe_rt_notify_sec(struct proto *P, net *net, rte *new, rte *old, ea_list *attrs struct pipe_proto *p = ((struct pipe_proto *) P)->phantom; DBG("PIPE %c< %I/%d\n", (new ? '+' : '-'), net->n.prefix, net->n.pxlen); - pipe_send(p, p->p.table, net, new, old, attrs); + pipe_send(p, p->peer, p->p.table, net, new, old, attrs); } static int @@ -134,7 +134,20 @@ pipe_start(struct proto *P) ph->p.rt_notify = pipe_rt_notify_sec; ph->p.proto_state = PS_UP; ph->p.core_state = ph->p.core_goal = FS_HAPPY; - ph->p.in_filter = ph->p.out_filter = FILTER_ACCEPT; /* We do all filtering on the local end */ + + /* + * Routes should be filtered in the do_rte_announce() (export + * filter for protocols). Reverse direction is handled by putting + * specified import filter to out_filter field of the phantom + * protocol. + * + * in_filter fields are not important, there is an exception in + * rte_update() to ignore it for pipes. We cannot just set + * P->in_filter to FILTER_ACCEPT, because that would break other + * things (reconfiguration, show-protocols command). + */ + ph->p.in_filter = FILTER_ACCEPT; + ph->p.out_filter = P->in_filter; /* * Connect the phantom protocol to the peer routing table, but |