diff options
| author | Yves-Alexis Perez <corsac@debian.org> | 2015-06-01 14:46:30 +0200 |
|---|---|---|
| committer | Yves-Alexis Perez <corsac@debian.org> | 2015-06-01 14:46:30 +0200 |
| commit | fc556ec2bc92a9d476c11406fad2c33db8bf7cb0 (patch) | |
| tree | 7360889e50de867d72741213d534a756c73902c8 /src/libhydra | |
| parent | 83b8aebb19fe6e49e13a05d4e8f5ab9a06177642 (diff) | |
| download | vyos-strongswan-fc556ec2bc92a9d476c11406fad2c33db8bf7cb0.tar.gz vyos-strongswan-fc556ec2bc92a9d476c11406fad2c33db8bf7cb0.zip | |
Imported Upstream version 5.3.1
Diffstat (limited to 'src/libhydra')
4 files changed, 36 insertions, 10 deletions
diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c index 03e44e510..f22e07d95 100644 --- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c +++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c @@ -1822,7 +1822,7 @@ METHOD(kernel_ipsec_t, update_sa, status_t, struct xfrm_replay_state *replay = NULL; struct xfrm_replay_state_esn *replay_esn = NULL; struct xfrm_lifetime_cur *lifetime = NULL; - u_int32_t replay_esn_len; + u_int32_t replay_esn_len = 0; status_t status = FAILED; /* if IPComp is used, we first update the IPComp SA */ diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c index a431e49b7..1515b01cc 100644 --- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c +++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c @@ -1551,6 +1551,26 @@ static void rt_entry_destroy(rt_entry_t *this) } /** + * Check if the route received with RTM_NEWROUTE is usable based on its type. + */ +static bool route_usable(struct nlmsghdr *hdr) +{ + struct rtmsg *msg; + + msg = NLMSG_DATA(hdr); + switch (msg->rtm_type) + { + case RTN_BLACKHOLE: + case RTN_UNREACHABLE: + case RTN_PROHIBIT: + case RTN_THROW: + return FALSE; + default: + return TRUE; + } +} + +/** * Parse route received with RTM_NEWROUTE. The given rt_entry_t object will be * reused if not NULL. * @@ -1700,6 +1720,10 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest, rt_entry_t *other; uintptr_t table; + if (!route_usable(current)) + { + continue; + } route = parse_route(current, route); table = (uintptr_t)route->table; diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c index a9adfe091..b0e3103d3 100644 --- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c +++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c @@ -83,6 +83,11 @@ struct private_netlink_socket_t { u_int retries; /** + * Buffer size for received Netlink messages + */ + u_int buflen; + + /** * Use parallel netlink queries */ bool parallel; @@ -161,7 +166,7 @@ static bool write_msg(private_netlink_socket_t *this, struct nlmsghdr *msg) * Read a single Netlink message from socket, return 0 on error, -1 on timeout */ static ssize_t read_msg(private_netlink_socket_t *this, - char buf[4096], size_t buflen, bool block) + char *buf, size_t buflen, bool block) { ssize_t len; @@ -236,20 +241,17 @@ static bool queue(private_netlink_socket_t *this, struct nlmsghdr *buf) static bool read_and_queue(private_netlink_socket_t *this, bool block) { struct nlmsghdr *hdr; - union { - struct nlmsghdr hdr; - char bytes[4096]; - } buf; + char buf[this->buflen]; ssize_t len; - len = read_msg(this, buf.bytes, sizeof(buf.bytes), block); + len = read_msg(this, buf, sizeof(buf), block); if (len == -1) { return TRUE; } if (len) { - hdr = &buf.hdr; + hdr = (struct nlmsghdr*)buf; while (NLMSG_OK(hdr, len)) { if (!queue(this, hdr)) @@ -568,6 +570,8 @@ netlink_socket_t *netlink_socket_create(int protocol, enum_name_t *names, .entries = hashtable_create(hashtable_hash_ptr, hashtable_equals_ptr, 4), .protocol = protocol, .names = names, + .buflen = lib->settings->get_int(lib->settings, + "%s.plugins.kernel-netlink.buflen", 4096, lib->ns), .timeout = lib->settings->get_int(lib->settings, "%s.plugins.kernel-netlink.timeout", 0, lib->ns), .retries = lib->settings->get_int(lib->settings, diff --git a/src/libhydra/plugins/kernel_netlink/tests.c b/src/libhydra/plugins/kernel_netlink/tests.c index 136b34d29..52985b438 100644 --- a/src/libhydra/plugins/kernel_netlink/tests.c +++ b/src/libhydra/plugins/kernel_netlink/tests.c @@ -33,9 +33,7 @@ static bool test_runner_init(bool init) { if (init) { - dbg_default_set_level(0); lib->processor->set_threads(lib->processor, 8); - dbg_default_set_level(1); } else { |