proxmox-mirrors/mirror_frr
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_frr synced 2025-08-06 00:41:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

BGP: Only accept prefixes for negotiated address families

Browse Source 
When handling a received Update message, only process and store the
prefixes if the corresponding address family has been negotiated with
the peer. Prior to this change, the receive processing only checked
whether the address family was locally configured, trusting to the peer
to not advertise prefixes for an address family that has not been
negotiated. Most implementations conform to this but a misbehavior could
result in processing and memory overhead.

Signed-off-by: Vivek Venkatraman <vivek@cumulusnetworks.com>
Reviewed-by:   Donald Sharp <sharpd@cumulusnetworks.com>
Reviewed-by:   Daniel Walton <dwalton@cumulusnetworks.com>

Ticket: CM-5594
Reviewed By: CCR-3946
Testing Done: Sanity test (good case)
This commit is contained in:
vivek 2016-01-07 22:14:38 -08:00
parent a656dafaf2
commit 4b150ae78a
1 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
bgpd/bgp_packet.c
View File

@ -1499,9 +1499,10 @@ bgp_update_receive (struct peer *peer, bgp_size_t size)
}
}
/* NLRI is processed only when the peer is configured specific
Address Family and Subsequent Address Family. */
if (peer->afc[AFI_IP][SAFI_UNICAST])
/* NLRI is processed only when the the corresponding address-family
* has been negotiated with the peer.
*/
if (peer->afc_nego[AFI_IP][SAFI_UNICAST])
{
if (withdraw.length)
bgp_nlri_parse (peer, NULL, &withdraw);
@ -1538,7 +1539,7 @@ bgp_update_receive (struct peer *peer, bgp_size_t size)
zlog_debug ("rcvd End-of-RIB for IPv4 Unicast from %s", peer->host);
}
}
if (peer->afc[AFI_IP][SAFI_MULTICAST])
if (peer->afc_nego[AFI_IP][SAFI_MULTICAST])
{
if (mp_update.length
&& mp_update.afi == AFI_IP
@ -1572,7 +1573,7 @@ bgp_update_receive (struct peer *peer, bgp_size_t size)
zlog_debug ("rcvd End-of-RIB for IPv4 Multicast from %s", peer->host);
}
}
if (peer->afc[AFI_IP6][SAFI_UNICAST])
if (peer->afc_nego[AFI_IP6][SAFI_UNICAST])
{
if (mp_update.length
&& mp_update.afi == AFI_IP6
@ -1605,7 +1606,7 @@ bgp_update_receive (struct peer *peer, bgp_size_t size)
zlog_debug ("rcvd End-of-RIB for IPv6 Unicast from %s", peer->host);
}
}
if (peer->afc[AFI_IP6][SAFI_MULTICAST])
if (peer->afc_nego[AFI_IP6][SAFI_MULTICAST])
{
if (mp_update.length
&& mp_update.afi == AFI_IP6
@ -1639,7 +1640,7 @@ bgp_update_receive (struct peer *peer, bgp_size_t size)
zlog_debug ("rcvd End-of-RIB for IPv6 Multicast from %s", peer->host);
}
}
if (peer->afc[AFI_IP][SAFI_MPLS_VPN])
if (peer->afc_nego[AFI_IP][SAFI_MPLS_VPN])
{
if (mp_update.length
&& mp_update.afi == AFI_IP