Fix handling of install deny filters.

CHANGES

@@ -6,6 +6,7 @@ babeld-1.12 (unreleased)
     Thanks to Toke Høyland-Jørgensen.
   * Fix restoring of interface configuration to avoid unbounded memory
     consumption.  Thanks to andrew-hoff.
+  * Fix handling of deny filters in the install chain.
 
 30 March 2022: babeld-1.11
 

configuration.c

@@ -1549,14 +1549,24 @@ install_filter(const unsigned char *prefix, unsigned short plen,
 int
 finalise_config()
 {
-    struct filter *filter = calloc(1, sizeof(struct filter));
-    if(filter == NULL)
-        return -1;
+    struct filter *filter1, *filter2;
 
-    filter->proto = RTPROT_BABEL_LOCAL;
-    filter->plen_le = 128;
-    filter->src_plen_le = 128;
-    add_filter(filter, FILTER_TYPE_REDISTRIBUTE);
+    /* redistribute local allow */
+    filter1 = calloc(1, sizeof(struct filter));
+    if(filter1 == NULL)
+        return -1;
+    filter1->proto = RTPROT_BABEL_LOCAL;
+    filter1->plen_le = 128;
+    filter1->src_plen_le = 128;
+    add_filter(filter1, FILTER_TYPE_REDISTRIBUTE);
+
+    /* install allow */
+    filter2 = calloc(1, sizeof(struct filter));
+    if(filter2 == NULL)
+        return -1;
+    filter2->plen_le = 128;
+    filter2->src_plen_le = 128;
+    add_filter(filter2, FILTER_TYPE_INSTALL);
 
     while(interface_confs) {
         struct interface_conf *if_conf;

route.c

@@ -446,14 +446,18 @@ change_route(int operation, const struct babel_route *route, int metric,
     struct filter_result filter_result;
     unsigned char *pref_src = NULL;
     unsigned int ifindex = route->neigh->ifp->ifindex;
+    int m, table;
 
-    int m = install_filter(route->src->prefix, route->src->plen,
-                           route->src->src_prefix, route->src->src_plen,
-                           ifindex, &filter_result);
-    if (m < INFINITY)
-        pref_src = filter_result.pref_src;
+    m = install_filter(route->src->prefix, route->src->plen,
+                       route->src->src_prefix, route->src->src_plen,
+                       ifindex, &filter_result);
+    if(m >= INFINITY && operation == ROUTE_ADD) {
+        errno = EPERM;
+        return -1;
+    }
 
-    int table = filter_result.table ? filter_result.table : export_table;
+    pref_src = filter_result.pref_src;
+    table = filter_result.table ? filter_result.table : export_table;
 
     return kernel_route(operation, table, route->src->prefix, route->src->plen,
                         route->src->src_prefix, route->src->src_plen, pref_src,