proxmox-mirrors/mirror_frr
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_frr synced 2025-08-09 20:22:36 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #15037 from opensourcerouting/fix/validate_send_receive_flags

Browse Source 
bgpd: Validate Addpath capability flags per AF
This commit is contained in:
Donald Sharp 2023-12-18 08:54:22 -05:00 committed by GitHub
commit b3e5ee5e44
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 25 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
bgpd/bgp_open.c
View File

@ -680,6 +680,17 @@ static int bgp_capability_addpath(struct peer *peer,
iana_safi_t pkt_safi = stream_getc(s); iana_safi_t pkt_safi = stream_getc(s);
uint8_t send_receive = stream_getc(s); uint8_t send_receive = stream_getc(s);
/* If any other value (other than 1-3) is received, then
* the capability SHOULD be treated as not understood
* and ignored.
*/
if (!send_receive || send_receive > 3) {
flog_warn(EC_BGP_CAPABILITY_INVALID_DATA,
"Add Path: Received invalid send/receive value %u in Add Path capability",
send_receive);
continue;
}
if (bgp_debug_neighbor_events(peer)) if (bgp_debug_neighbor_events(peer))
zlog_debug("%s OPEN has %s capability for afi/safi: %s/%s%s%s", zlog_debug("%s OPEN has %s capability for afi/safi: %s/%s%s%s",
peer->host, peer->host,

16
bgpd/bgp_packet.c
View File

@ -3097,6 +3097,17 @@ static void bgp_dynamic_capability_addpath(uint8_t *pnt, int action,
pkt_afi = ntohs(bac.afi); pkt_afi = ntohs(bac.afi);
pkt_safi = safi_int2iana(bac.safi); pkt_safi = safi_int2iana(bac.safi);
/* If any other value (other than 1-3) is received,
* then the capability SHOULD be treated as not
* understood and ignored.
*/
if (!bac.flags || bac.flags > 3) {
flog_warn(EC_BGP_CAPABILITY_INVALID_LENGTH,
"Add Path: Received invalid send/receive value %u in Add Path capability",
bac.flags);
goto ignore;
}
if (bgp_debug_neighbor_events(peer)) if (bgp_debug_neighbor_events(peer))
zlog_debug("%s OPEN has %s capability for afi/safi: %s/%s%s%s", zlog_debug("%s OPEN has %s capability for afi/safi: %s/%s%s%s",
peer->host, peer->host,
@ -3118,14 +3129,14 @@ static void bgp_dynamic_capability_addpath(uint8_t *pnt, int action,
peer->host, peer->host,
iana_afi2str(pkt_afi), iana_afi2str(pkt_afi),
iana_safi2str(pkt_safi)); iana_safi2str(pkt_safi));
continue; goto ignore;
} else if (!peer->afc[afi][safi]) { } else if (!peer->afc[afi][safi]) {
if (bgp_debug_neighbor_events(peer)) if (bgp_debug_neighbor_events(peer))
zlog_debug("%s Addr-family %s/%s(afi/safi) not enabled. Ignore the AddPath capability for this AFI/SAFI", zlog_debug("%s Addr-family %s/%s(afi/safi) not enabled. Ignore the AddPath capability for this AFI/SAFI",
peer->host, peer->host,
iana_afi2str(pkt_afi), iana_afi2str(pkt_afi),
iana_safi2str(pkt_safi)); iana_safi2str(pkt_safi));
continue; goto ignore;
} }
if (CHECK_FLAG(bac.flags, BGP_ADDPATH_RX)) if (CHECK_FLAG(bac.flags, BGP_ADDPATH_RX))
@ -3142,6 +3153,7 @@ static void bgp_dynamic_capability_addpath(uint8_t *pnt, int action,
UNSET_FLAG(peer->af_cap[afi][safi], UNSET_FLAG(peer->af_cap[afi][safi],
PEER_CAP_ADDPATH_AF_TX_RCV); PEER_CAP_ADDPATH_AF_TX_RCV);
ignore:
data += CAPABILITY_CODE_ADDPATH_LEN; data += CAPABILITY_CODE_ADDPATH_LEN;
} }
} else { } else {