mirror of
https://github.com/oxen-io/lokinet
synced 2023-12-14 06:53:00 +01:00
Merge pull request #1682 from majestrate/route-blackhole-linux-2021-06-25
[linux] route blackholing
This commit is contained in:
commit
a4b552a268
|
@ -112,6 +112,40 @@ namespace llarp::net
|
|||
return 0;
|
||||
}
|
||||
|
||||
struct nl_req
|
||||
{
|
||||
struct nlmsghdr n;
|
||||
struct rtmsg r;
|
||||
char buf[4096];
|
||||
};
|
||||
|
||||
/// add/remove a route blackhole
|
||||
int
|
||||
do_blackhole(int sock, int cmd, int flags, int af)
|
||||
{
|
||||
nl_req nl_request{};
|
||||
/* Initialize request structure */
|
||||
nl_request.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct rtmsg));
|
||||
nl_request.n.nlmsg_flags = NLM_F_REQUEST | flags;
|
||||
nl_request.n.nlmsg_type = cmd;
|
||||
nl_request.n.nlmsg_pid = getpid();
|
||||
nl_request.r.rtm_family = af;
|
||||
nl_request.r.rtm_table = RT_TABLE_LOCAL;
|
||||
nl_request.r.rtm_type = RTN_BLACKHOLE;
|
||||
nl_request.r.rtm_scope = RT_SCOPE_UNIVERSE;
|
||||
if (af == AF_INET)
|
||||
{
|
||||
uint32_t addr{};
|
||||
rtattr_add(&nl_request.n, sizeof(nl_request), /*RTA_NEWDST*/ RTA_DST, &addr, sizeof(addr));
|
||||
}
|
||||
else
|
||||
{
|
||||
uint128_t addr{};
|
||||
rtattr_add(&nl_request.n, sizeof(nl_request), /*RTA_NEWDST*/ RTA_DST, &addr, sizeof(addr));
|
||||
}
|
||||
return send(sock, &nl_request, sizeof(nl_request), 0);
|
||||
}
|
||||
|
||||
int
|
||||
do_route(
|
||||
int sock,
|
||||
|
@ -122,12 +156,7 @@ namespace llarp::net
|
|||
GatewayMode mode,
|
||||
int if_idx)
|
||||
{
|
||||
struct
|
||||
{
|
||||
struct nlmsghdr n;
|
||||
struct rtmsg r;
|
||||
char buf[4096];
|
||||
} nl_request{};
|
||||
nl_req nl_request{};
|
||||
|
||||
/* Initialize request structure */
|
||||
nl_request.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct rtmsg));
|
||||
|
@ -360,6 +389,32 @@ namespace llarp::net
|
|||
#endif
|
||||
}
|
||||
|
||||
void
|
||||
AddBlackhole()
|
||||
{
|
||||
LogInfo("adding route blackhole to drop all traffic");
|
||||
#if __linux__
|
||||
#ifndef ANDROID
|
||||
NLSocket sock;
|
||||
do_blackhole(sock.fd, RTM_NEWROUTE, NLM_F_CREATE | NLM_F_EXCL, AF_INET);
|
||||
do_blackhole(sock.fd, RTM_NEWROUTE, NLM_F_CREATE | NLM_F_EXCL, AF_INET6);
|
||||
#endif
|
||||
#endif
|
||||
}
|
||||
|
||||
void
|
||||
DelBlackhole()
|
||||
{
|
||||
LogInfo("remove route blackhole");
|
||||
#if __linux__
|
||||
#ifndef ANDROID
|
||||
NLSocket sock;
|
||||
do_blackhole(sock.fd, RTM_DELROUTE, 0, AF_INET);
|
||||
do_blackhole(sock.fd, RTM_DELROUTE, 0, AF_INET6);
|
||||
#endif
|
||||
#endif
|
||||
}
|
||||
|
||||
void
|
||||
AddDefaultRouteViaInterface(std::string ifname)
|
||||
{
|
||||
|
|
|
@ -25,4 +25,12 @@ namespace llarp::net
|
|||
void
|
||||
DelDefaultRouteViaInterface(std::string ifname);
|
||||
|
||||
/// add route blackhole for all traffic
|
||||
void
|
||||
AddBlackhole();
|
||||
|
||||
/// delete route blackhole for all traffic
|
||||
void
|
||||
DelBlackhole();
|
||||
|
||||
} // namespace llarp::net
|
||||
|
|
|
@ -91,6 +91,7 @@ namespace llarp
|
|||
if (gateway.h)
|
||||
net::DelRoute(ip.ToString(), gateway.ToString());
|
||||
}
|
||||
net::DelBlackhole();
|
||||
}
|
||||
|
||||
std::optional<huint32_t>
|
||||
|
@ -185,6 +186,8 @@ namespace llarp
|
|||
void
|
||||
RoutePoker::Up()
|
||||
{
|
||||
// black hole all routes by default
|
||||
net::AddBlackhole();
|
||||
// explicit route pokes for first hops
|
||||
m_Router->ForEachPeer(
|
||||
[&](auto session, auto) mutable { AddRoute(session->GetRemoteEndpoint().asIPv4()); },
|
||||
|
@ -204,6 +207,8 @@ namespace llarp
|
|||
// remove default route
|
||||
const auto ep = m_Router->hiddenServiceContext().GetDefault();
|
||||
net::DelDefaultRouteViaInterface(ep->GetIfName());
|
||||
// delete route blackhole
|
||||
net::DelBlackhole();
|
||||
}
|
||||
|
||||
} // namespace llarp
|
||||
|
|
Loading…
Reference in a new issue