Revision 421838ff

View differences:

nest/rt-table.c
165 165
    }
166 166
}
167 167

  
168
static inline int
169
rte_validate(rte *e)
170
{
171
  int c;
172
  net *n = e->net;
173

  
174
  ASSERT(!ipa_nonzero(ipa_and(n->n.prefix, ipa_not(ipa_mkmask(n->n.pxlen)))));
175
  if (n->n.pxlen)
176
    {
177
      c = ipa_classify(n->n.prefix);
178
      if (c < 0 || !(c & IADDR_HOST))
179
	{
180
	  if (!ipa_nonzero(n->n.prefix) && n->n.pxlen <= 1)
181
	    return 1;		/* Default route and half-default route is OK */
182
	  log(L_WARN "Ignoring bogus route %I/%d received from %I via %s",
183
	      n->n.prefix, n->n.pxlen, e->attrs->from, e->attrs->proto->name);
184
	  return 0;
185
	}
186
      if ((c & IADDR_SCOPE_MASK) == SCOPE_HOST)
187
	{
188
	  int s = e->attrs->source;
189
	  if (s != RTS_STATIC && s != RTS_DEVICE && s != RTS_STATIC_DEVICE)
190
	    {
191
	      log(L_WARN "Ignoring host scope route %I/%d received from %I via %s",
192
		  n->n.prefix, n->n.pxlen, e->attrs->from, e->attrs->proto->name);
193
	      return 0;
194
	    }
195
	}
196
    }
197
  return 1;
198
}
199

  
168 200
void
169 201
rte_free(rte *e)
170 202
{
......
187 219
  rte *old = NULL;
188 220
  rte **k, *r, *s;
189 221

  
190
  if (new && p->in_filter && f_run(p->in_filter, new, NULL) != F_ACCEPT)
222
  if (new)
191 223
    {
192
      rte_free(new);
193
      return;
224
      if (!rte_validate(new) || p->in_filter && f_run(p->in_filter, new, NULL) != F_ACCEPT)
225
	{
226
	  rte_free(new);
227
	  return;
228
	}
229
      if (!(new->attrs->aflags & RTAF_CACHED)) /* Need to copy attributes */
230
	new->attrs = rta_lookup(new->attrs);
194 231
    }
195 232

  
196
  if (new && !(new->attrs->aflags & RTAF_CACHED)) /* Need to copy attributes */
197
    new->attrs = rta_lookup(new->attrs);
198

  
199 233
  k = &net->routes;			/* Find and remove original route from the same protocol */
200 234
  while (old = *k)
201 235
    {

Also available in: Unified diff