From 96303c25eee69596877a186a6c179559b9d0f947 Mon Sep 17 00:00:00 2001
From: Stephen Hemminger <stephen@networkplumber.org>
Date: Mon, 12 Mar 2018 13:58:17 -0700
Subject: [PATCH 1/2] Revert "iproute: "list/flush/save default" selected all
 of the routes"

This reverts commit 9135c4d6037ff9f1818507bac0049fc44db8c3d2.

Debian maintainer found that basic command:
	# ip route flush all
No longer worked as expected which breaks user scripts and
expectations. It no longer flushed all IPv4 routes.

Reported-by: Luca Boccassi <bluca@debian.org>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
---
 ip/iproute.c | 65 +++++++++++++++-------------------------------------
 lib/utils.c  | 13 +++++++++++
 2 files changed, 32 insertions(+), 46 deletions(-)

diff --git a/ip/iproute.c b/ip/iproute.c
index bf886fda..32c93ed5 100644
--- a/ip/iproute.c
+++ b/ip/iproute.c
@@ -191,42 +191,20 @@ static int filter_nlmsg(struct nlmsghdr *n, struct rtattr **tb, int host_len)
 		return 0;
 	if ((filter.tos^r->rtm_tos)&filter.tosmask)
 		return 0;
-	if (filter.rdst.family) {
-		if (r->rtm_family != filter.rdst.family ||
-		    filter.rdst.bitlen > r->rtm_dst_len)
-			return 0;
-	} else if (filter.rdst.flags & PREFIXLEN_SPECIFIED) {
-		if (filter.rdst.bitlen > r->rtm_dst_len)
-			return 0;
-	}
-	if (filter.mdst.family) {
-		if (r->rtm_family != filter.mdst.family ||
-		    (filter.mdst.bitlen >= 0 &&
-		     filter.mdst.bitlen < r->rtm_dst_len))
-			return 0;
-	} else if (filter.mdst.flags & PREFIXLEN_SPECIFIED) {
-		if (filter.mdst.bitlen >= 0 &&
-		    filter.mdst.bitlen < r->rtm_dst_len)
-			return 0;
-	}
-	if (filter.rsrc.family) {
-		if (r->rtm_family != filter.rsrc.family ||
-		    filter.rsrc.bitlen > r->rtm_src_len)
-			return 0;
-	} else if (filter.rsrc.flags & PREFIXLEN_SPECIFIED) {
-		if (filter.rsrc.bitlen > r->rtm_src_len)
-			return 0;
-	}
-	if (filter.msrc.family) {
-		if (r->rtm_family != filter.msrc.family ||
-		    (filter.msrc.bitlen >= 0 &&
-		     filter.msrc.bitlen < r->rtm_src_len))
-			return 0;
-	} else if (filter.msrc.flags & PREFIXLEN_SPECIFIED) {
-		if (filter.msrc.bitlen >= 0 &&
-		    filter.msrc.bitlen < r->rtm_src_len)
-			return 0;
-	}
+	if (filter.rdst.family &&
+	    (r->rtm_family != filter.rdst.family || filter.rdst.bitlen > r->rtm_dst_len))
+		return 0;
+	if (filter.mdst.family &&
+	    (r->rtm_family != filter.mdst.family ||
+	     (filter.mdst.bitlen >= 0 && filter.mdst.bitlen < r->rtm_dst_len)))
+		return 0;
+	if (filter.rsrc.family &&
+	    (r->rtm_family != filter.rsrc.family || filter.rsrc.bitlen > r->rtm_src_len))
+		return 0;
+	if (filter.msrc.family &&
+	    (r->rtm_family != filter.msrc.family ||
+	     (filter.msrc.bitlen >= 0 && filter.msrc.bitlen < r->rtm_src_len)))
+		return 0;
 	if (filter.rvia.family) {
 		int family = r->rtm_family;
 
@@ -243,9 +221,7 @@ static int filter_nlmsg(struct nlmsghdr *n, struct rtattr **tb, int host_len)
 
 	if (tb[RTA_DST])
 		memcpy(&dst.data, RTA_DATA(tb[RTA_DST]), (r->rtm_dst_len+7)/8);
-	if (filter.rsrc.family || filter.msrc.family ||
-	    filter.rsrc.flags & PREFIXLEN_SPECIFIED ||
-	    filter.msrc.flags & PREFIXLEN_SPECIFIED) {
+	if (filter.rsrc.family || filter.msrc.family) {
 		if (tb[RTA_SRC])
 			memcpy(&src.data, RTA_DATA(tb[RTA_SRC]), (r->rtm_src_len+7)/8);
 	}
@@ -265,18 +241,15 @@ static int filter_nlmsg(struct nlmsghdr *n, struct rtattr **tb, int host_len)
 			memcpy(&prefsrc.data, RTA_DATA(tb[RTA_PREFSRC]), host_len/8);
 	}
 
-	if ((filter.rdst.family || filter.rdst.flags & PREFIXLEN_SPECIFIED) &&
-	    inet_addr_match(&dst, &filter.rdst, filter.rdst.bitlen))
+	if (filter.rdst.family && inet_addr_match(&dst, &filter.rdst, filter.rdst.bitlen))
 		return 0;
-	if ((filter.mdst.family || filter.mdst.flags & PREFIXLEN_SPECIFIED) &&
+	if (filter.mdst.family && filter.mdst.bitlen >= 0 &&
 	    inet_addr_match(&dst, &filter.mdst, r->rtm_dst_len))
 		return 0;
 
-	if ((filter.rsrc.family || filter.rsrc.flags & PREFIXLEN_SPECIFIED) &&
-	    inet_addr_match(&src, &filter.rsrc, filter.rsrc.bitlen))
+	if (filter.rsrc.family && inet_addr_match(&src, &filter.rsrc, filter.rsrc.bitlen))
 		return 0;
-	if ((filter.msrc.family || filter.msrc.flags & PREFIXLEN_SPECIFIED) &&
-	    filter.msrc.bitlen >= 0 &&
+	if (filter.msrc.family && filter.msrc.bitlen >= 0 &&
 	    inet_addr_match(&src, &filter.msrc, r->rtm_src_len))
 		return 0;
 
diff --git a/lib/utils.c b/lib/utils.c
index 379739d6..87b609f2 100644
--- a/lib/utils.c
+++ b/lib/utils.c
@@ -681,6 +681,19 @@ int get_prefix_1(inet_prefix *dst, char *arg, int family)
 	char *slash;
 	int err, bitlen, flags;
 
+	memset(dst, 0, sizeof(*dst));
+
+	if (strcmp(arg, "default") == 0 ||
+	    strcmp(arg, "any") == 0 ||
+	    strcmp(arg, "all") == 0) {
+		if ((family == AF_DECnet) || (family == AF_MPLS))
+			return -1;
+		dst->family = family;
+		dst->bytelen = 0;
+		dst->bitlen = 0;
+		return 0;
+	}
+
 	slash = strchr(arg, '/');
 	if (slash)
 		*slash = 0;

From 7696f1097f79be2ce5984a8a16103fd17391cac2 Mon Sep 17 00:00:00 2001
From: Alexander Zubkov <green@msu.ru>
Date: Sun, 18 Mar 2018 17:50:25 +0100
Subject: [PATCH 2/2] treat "default" and "all"/"any" addresses differenty

Debian maintainer found that basic command:
	# ip route flush all
No longer worked as expected which breaks user scripts and
expectations. It no longer flushed all IPv4 routes.

Recently behavior of "default" prefix parameter was corrected. But at
the same time behavior of "all"/"any" was altered too, because they
were the same branch of the code. As those parameters mean different,
they need to be treated differently in code too. This patch reflects
the difference.

Also after mentioned change, address parsing code was changed more
and address family was set explicitly even for "all"/"any" addresses.
And that broke matching conditions further. This patch fixes that too
and returns AF_UNSPEC to "all"/"any" address.

Now "default" is treated as top-level prefix (for example 0.0.0.0/0 in
IPv4) and "all"/"any" always matches anything in exact, root and match
modes.

Reported-by: Luca Boccassi <bluca@debian.org>
Signed-off-by: Alexander Zubkov <green@msu.ru>
---
 lib/utils.c | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/lib/utils.c b/lib/utils.c
index 87b609f2..4fe4ac1e 100644
--- a/lib/utils.c
+++ b/lib/utils.c
@@ -560,14 +560,23 @@ static int __get_addr_1(inet_prefix *addr, const char *name, int family)
 {
 	memset(addr, 0, sizeof(*addr));
 
-	if (strcmp(name, "default") == 0 ||
-	    strcmp(name, "all") == 0 ||
-	    strcmp(name, "any") == 0) {
+	if (strcmp(name, "default") == 0) {
 		if ((family == AF_DECnet) || (family == AF_MPLS))
 			return -1;
 		addr->family = (family != AF_UNSPEC) ? family : AF_INET;
 		addr->bytelen = af_byte_len(addr->family);
 		addr->bitlen = -2;
+		addr->flags |= PREFIXLEN_SPECIFIED;
+		return 0;
+	}
+
+	if (strcmp(name, "all") == 0 ||
+	    strcmp(name, "any") == 0) {
+		if ((family == AF_DECnet) || (family == AF_MPLS))
+			return -1;
+		addr->family = AF_UNSPEC;
+		addr->bytelen = 0;
+		addr->bitlen = -2;
 		return 0;
 	}
 
@@ -708,7 +717,7 @@ int get_prefix_1(inet_prefix *dst, char *arg, int family)
 
 	bitlen = af_bit_len(dst->family);
 
-	flags = PREFIXLEN_SPECIFIED;
+	flags = 0;
 	if (slash) {
 		unsigned int plen;
 
@@ -719,12 +728,11 @@ int get_prefix_1(inet_prefix *dst, char *arg, int family)
 		if (plen > bitlen)
 			return -1;
 
+		flags |= PREFIXLEN_SPECIFIED;
 		bitlen = plen;
 	} else {
 		if (dst->bitlen == -2)
 			bitlen = 0;
-		else
-			flags = 0;
 	}
 
 	dst->flags |= flags;