From cc8cf421d4feb6ce29abc78f08d95084ae7f166b Mon Sep 17 00:00:00 2001 From: Ronan Dalton Date: Fri, 13 Sep 2024 17:01:14 +1200 Subject: [PATCH] lib/route: unset locked ext flag in neigh msg The kernel does not allow setting the NTF_EXT_LOCKED neigh ext flag from userspace, so unset it in requests. This would avoid the error that would occur when an FDB entry with the locked flag is retrieved from the kernel, modified, and accidentally send back to the kernel without unsetting the locked flag first. In addition, only send the ext flags if at least one is set. --- lib/route/neigh.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/lib/route/neigh.c b/lib/route/neigh.c index 66d6768e..d1f9d4c5 100644 --- a/lib/route/neigh.c +++ b/lib/route/neigh.c @@ -777,8 +777,15 @@ static int build_neigh_msg(struct rtnl_neigh *tmpl, int cmd, int flags, if (tmpl->ce_mask & NEIGH_ATTR_NHID) NLA_PUT_U32(msg, NDA_NH_ID, tmpl->n_nhid); - if (tmpl->ce_mask & NEIGH_ATTR_EXT_FLAGS) - NLA_PUT_U32(msg, NDA_FLAGS_EXT, tmpl->n_ext_flags); + if (tmpl->ce_mask & NEIGH_ATTR_EXT_FLAGS) { + /* The kernel does not allow setting the locked flag from + * userspace, so unset it in the request. */ + uint32_t ext_flags = tmpl->n_ext_flags & + ~(uint32_t)NTF_EXT_LOCKED; + + if (ext_flags) + NLA_PUT_U32(msg, NDA_FLAGS_EXT, tmpl->n_ext_flags); + } *result = msg; return 0;