proxmox-mirrors/mirror_frr
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_frr synced 2025-05-24 11:56:33 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

bgpd: Validate Addpath capability flags per AF

Browse Source 
Send/Receive:
         This field indicates whether the sender is (a) able to receive
         multiple paths from its peer (value 1), (b) able to send
         multiple paths to its peer (value 2), or (c) both (value 3) for
         the <AFI, SAFI>.

         If any other value is received, then the capability SHOULD be
         treated as not understood and ignored [RFC5492].

Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
This commit is contained in:
Donatas Abraitis 2023-12-17 15:13:57 +02:00
parent a912f8fab7
commit 0f05e56bed
2 changed files with 25 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
bgpd/bgp_open.c
View File

@ -680,6 +680,17 @@ static int bgp_capability_addpath(struct peer *peer,
iana_safi_t pkt_safi = stream_getc(s); iana_safi_t pkt_safi = stream_getc(s);
uint8_t send_receive = stream_getc(s); uint8_t send_receive = stream_getc(s);
/* If any other value (other than 1-3) is received, then
* the capability SHOULD be treated as not understood
* and ignored.
*/
if (!send_receive || send_receive > 3) {
flog_warn(EC_BGP_CAPABILITY_INVALID_DATA,
"Add Path: Received invalid send/receive value %u in Add Path capability",
send_receive);
continue;
}
if (bgp_debug_neighbor_events(peer)) if (bgp_debug_neighbor_events(peer))
zlog_debug("%s OPEN has %s capability for afi/safi: %s/%s%s%s", zlog_debug("%s OPEN has %s capability for afi/safi: %s/%s%s%s",
peer->host, peer->host,

16
bgpd/bgp_packet.c
View File

@ -3097,6 +3097,17 @@ static void bgp_dynamic_capability_addpath(uint8_t *pnt, int action,
pkt_afi = ntohs(bac.afi); pkt_afi = ntohs(bac.afi);
pkt_safi = safi_int2iana(bac.safi); pkt_safi = safi_int2iana(bac.safi);
/* If any other value (other than 1-3) is received,
* then the capability SHOULD be treated as not
* understood and ignored.
*/
if (!bac.flags || bac.flags > 3) {
flog_warn(EC_BGP_CAPABILITY_INVALID_LENGTH,
"Add Path: Received invalid send/receive value %u in Add Path capability",
bac.flags);
goto ignore;
}
if (bgp_debug_neighbor_events(peer)) if (bgp_debug_neighbor_events(peer))
zlog_debug("%s OPEN has %s capability for afi/safi: %s/%s%s%s", zlog_debug("%s OPEN has %s capability for afi/safi: %s/%s%s%s",
peer->host, peer->host,
@ -3118,14 +3129,14 @@ static void bgp_dynamic_capability_addpath(uint8_t *pnt, int action,
peer->host, peer->host,
iana_afi2str(pkt_afi), iana_afi2str(pkt_afi),
iana_safi2str(pkt_safi)); iana_safi2str(pkt_safi));
continue; goto ignore;
} else if (!peer->afc[afi][safi]) { } else if (!peer->afc[afi][safi]) {
if (bgp_debug_neighbor_events(peer)) if (bgp_debug_neighbor_events(peer))
zlog_debug("%s Addr-family %s/%s(afi/safi) not enabled. Ignore the AddPath capability for this AFI/SAFI", zlog_debug("%s Addr-family %s/%s(afi/safi) not enabled. Ignore the AddPath capability for this AFI/SAFI",
peer->host, peer->host,
iana_afi2str(pkt_afi), iana_afi2str(pkt_afi),
iana_safi2str(pkt_safi)); iana_safi2str(pkt_safi));
continue; goto ignore;
} }
if (CHECK_FLAG(bac.flags, BGP_ADDPATH_RX)) if (CHECK_FLAG(bac.flags, BGP_ADDPATH_RX))
@ -3142,6 +3153,7 @@ static void bgp_dynamic_capability_addpath(uint8_t *pnt, int action,
UNSET_FLAG(peer->af_cap[afi][safi], UNSET_FLAG(peer->af_cap[afi][safi],
PEER_CAP_ADDPATH_AF_TX_RCV); PEER_CAP_ADDPATH_AF_TX_RCV);
ignore:
data += CAPABILITY_CODE_ADDPATH_LEN; data += CAPABILITY_CODE_ADDPATH_LEN;
} }
} else { } else {