Message ID | 20160824204252.2melotzdx6ftzgaq@ppc.Dlink |
---|---|
State | Accepted, archived |
Delegated to: | stephen hemminger |
Headers | show |
On Wed, 24 Aug 2016 23:43:00 +0300 "Andrey Jr. Melnikov" <temnota.am@gmail.com> wrote: > Disallow run `ip rule del` without any parameter to avoid delete any first > rule from table. > > Signed-off-by: Andrey Jr. Melnikov <temnota.am@gmail.com> > --- > > diff --git a/ip/iprule.c b/ip/iprule.c > index 8f24206..70562c5 100644 > --- a/ip/iprule.c > +++ b/ip/iprule.c > @@ -346,6 +346,11 @@ static int iprule_modify(int cmd, int argc, char **argv) > req.r.rtm_type = RTN_UNICAST; > } > > + if (cmd == RTM_DELRULE && argc == 0) { > + fprintf(stderr, "\"ip rule del\" requires arguments.\n"); > + return -1; > + } > + > while (argc > 0) { > if (strcmp(*argv, "not") == 0) { > req.r.rtm_flags |= FIB_RULE_INVERT; Actually ip rule delete without arguments deletes all rules. Which could be a bug or feature depending on the user. I can imagine somebody is doing something like deleting all rules and putting in new ones for PBR.
On Mon, Aug 29, 2016 at 10:53:25AM -0700, Stephen Hemminger wrote: > On Wed, 24 Aug 2016 23:43:00 +0300 > "Andrey Jr. Melnikov" <temnota.am@gmail.com> wrote: > > > Disallow run `ip rule del` without any parameter to avoid delete any first > > rule from table. ... > Actually ip rule delete without arguments deletes all rules. > Which could be a bug or feature depending on the user. > I can imagine somebody is doing something like deleting all rules > and putting in new ones for PBR. We have "ip rule flush" for that, don't we? Michal Kubecek
On Tue, 30 Aug 2016 13:51:56 +0200 Michal Kubecek <mkubecek@suse.cz> wrote: > On Mon, Aug 29, 2016 at 10:53:25AM -0700, Stephen Hemminger wrote: > > On Wed, 24 Aug 2016 23:43:00 +0300 > > "Andrey Jr. Melnikov" <temnota.am@gmail.com> wrote: > > > > > Disallow run `ip rule del` without any parameter to avoid delete any first > > > rule from table. > ... > > Actually ip rule delete without arguments deletes all rules. > > Which could be a bug or feature depending on the user. > > I can imagine somebody is doing something like deleting all rules > > and putting in new ones for PBR. > > We have "ip rule flush" for that, don't we? > > Michal Kubecek I went ahead and applied this, seemed better to give error than deleting all rules.
diff --git a/ip/iprule.c b/ip/iprule.c index 8f24206..70562c5 100644 --- a/ip/iprule.c +++ b/ip/iprule.c @@ -346,6 +346,11 @@ static int iprule_modify(int cmd, int argc, char **argv) req.r.rtm_type = RTN_UNICAST; } + if (cmd == RTM_DELRULE && argc == 0) { + fprintf(stderr, "\"ip rule del\" requires arguments.\n"); + return -1; + } + while (argc > 0) { if (strcmp(*argv, "not") == 0) { req.r.rtm_flags |= FIB_RULE_INVERT;
Disallow run `ip rule del` without any parameter to avoid delete any first rule from table. Signed-off-by: Andrey Jr. Melnikov <temnota.am@gmail.com> ---