Commit c7846fdc authored by Julien Muchembled's avatar Julien Muchembled

Fix babeld-only setup so that 'lo' only accepts configured ipv4 and not the whole assigned range

When 10.42.3.1/24 was configured on 'lo', the kernel accepted packets to
any ip of 10.42.3.0/24, instead of only 10.42.3.1
parent f0851225
...@@ -285,13 +285,12 @@ def main(): ...@@ -285,13 +285,12 @@ def main():
ipv4 = dot4(x | (n < 31)) ipv4 = dot4(x | (n < 31))
config.openvpn_args += '--ifconfig', \ config.openvpn_args += '--ifconfig', \
ipv4, dot4((1<<32) - (1<<32-n)) ipv4, dot4((1<<32) - (1<<32-n))
ipv4 = ipv4, n
if not isinstance(tunnel_manager, tunnel.TunnelManager): if not isinstance(tunnel_manager, tunnel.TunnelManager):
ip4('addr', "%s/%s" % ipv4, ip4('addr', ipv4, 'dev', config.main_interface)
'dev', config.main_interface)
if config.main_interface == "lo": if config.main_interface == "lo":
ip4('route', 'unreachable', "%s/%s" % (dot4(x), n), ip4('route', 'unreachable', "%s/%s" % (dot4(x), n),
'proto', 'static') 'proto', 'static')
ipv4 = ipv4, n
else: else:
logging.warning( logging.warning(
"IPv4 payload disabled due to wrong network parameters") "IPv4 payload disabled due to wrong network parameters")
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment