proxmox-mirrors/mirror_frr
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_frr synced 2025-11-02 21:58:04 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

bgpd: Limit flowspec to no attribute means a implicit withdrawal

Browse Source 
All other parsing functions done from bgp_nlri_parse() assume
no attributes == an implicit withdrawal.  Let's move
bgp_nlri_parse_flowspec() into the same alignment.

Reported-by: Matteo Memelli <mmemelli@amazon.it>
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
This commit is contained in:
Donald Sharp 2023-04-05 14:57:05 -04:00
parent 78745b8700
commit cfd04dcb3e
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
bgpd/bgp_flowspec.c
View File

@ -98,6 +98,13 @@ int bgp_nlri_parse_flowspec(struct peer *peer, struct attr *attr,
afi = packet->afi;
safi = packet->safi;
/*
* All other AFI/SAFI's treat no attribute as a implicit
* withdraw. Flowspec should as well.
*/
if (!attr)
withdraw = 1;
if (packet->length >= FLOWSPEC_NLRI_SIZELIMIT_EXTENDED) {
flog_err(EC_BGP_FLOWSPEC_PACKET,
"BGP flowspec nlri length maximum reached (%u)",