From 497b686a49452c0ed51b377eefbc0bd987e1b5a7 Mon Sep 17 00:00:00 2001 From: Matthew Smith Date: Tue, 9 Jul 2019 12:59:44 -0500 Subject: [PATCH] bgpd: honor max prefix timer on inbound sessions When using the maximum-prefix restart option with a BGP peer, if the peer exceeds the limit of prefixes, bgpd causes the connection to be closed and sets a timer. It will not attempt to connect to that peer until the timer expires. But if the peer attempts to connect to it before the timer expires, it accepts the connection and starts exchanging routes again. When accepting a connection from a peer, reject the connection if the max prefix restart timer is set. Signed-off-by: Matthew Smith --- bgpd/bgp_network.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/bgpd/bgp_network.c b/bgpd/bgp_network.c index 8e18ed7529..1dadf00e8f 100644 --- a/bgpd/bgp_network.c +++ b/bgpd/bgp_network.c @@ -440,6 +440,17 @@ static int bgp_accept(struct thread *thread) return -1; } + /* Check whether max prefix restart timer is set for the peer */ + if (peer1->t_pmax_restart) { + if (bgp_debug_neighbor_events(peer1)) + zlog_debug( + "%s - incoming conn rejected - " + "peer max prefix timer is active", + peer1->host); + close(bgp_sock); + return -1; + } + if (bgp_debug_neighbor_events(peer1)) zlog_debug("[Event] BGP connection from host %s fd %d", inet_sutop(&su, buf), bgp_sock);