proxmox-mirrors/mirror_frr
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_frr synced 2025-04-29 21:37:08 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

bgpd: Wrap IPV4_CLASS_DE into ipv4_unicast_valid() helper

Browse Source 
Linux kernel allows (FreeBSD/OpenBSD too) using reserved class E IP ranges.

This is a preparation commit that ease the global switch to allow/deny
class E IP ranges in FRR.

https://datatracker.ietf.org/doc/html/draft-chen-ati-adaptive-ipv4-address-space

Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
This commit is contained in:
Donatas Abraitis 2022-06-06 10:47:27 +03:00
parent faa8c700e6
commit e24a6977ee
5 changed files with 29 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
bgpd/bgp_attr.c
View File

@ -1605,9 +1605,9 @@ enum bgp_attr_parse_ret bgp_attr_nexthop_valid(struct peer *peer,
in_addr_t nexthop_h; in_addr_t nexthop_h;
nexthop_h = ntohl(attr->nexthop.s_addr); nexthop_h = ntohl(attr->nexthop.s_addr);
if ((IPV4_NET0(nexthop_h) || IPV4_NET127(nexthop_h) if ((IPV4_NET0(nexthop_h) || IPV4_NET127(nexthop_h) ||
|| IPV4_CLASS_DE(nexthop_h)) !ipv4_unicast_valid(&attr->nexthop)) &&
&& !BGP_DEBUG(allow_martians, ALLOW_MARTIANS)) { !BGP_DEBUG(allow_martians, ALLOW_MARTIANS)) {
uint8_t data[7]; /* type(2) + length(1) + nhop(4) */ uint8_t data[7]; /* type(2) + length(1) + nhop(4) */
char buf[INET_ADDRSTRLEN]; char buf[INET_ADDRSTRLEN];

17
bgpd/bgp_route.c
View File

@ -3631,9 +3631,9 @@ bool bgp_update_martian_nexthop(struct bgp *bgp, afi_t afi, safi_t safi,
/* If NEXT_HOP is present, validate it. */ /* If NEXT_HOP is present, validate it. */
if (attr->flag & ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP)) { if (attr->flag & ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP)) {
if (attr->nexthop.s_addr == INADDR_ANY if (attr->nexthop.s_addr == INADDR_ANY ||
|| IPV4_CLASS_DE(ntohl(attr->nexthop.s_addr)) !ipv4_unicast_valid(&attr->nexthop) ||
|| bgp_nexthop_self(bgp, afi, type, stype, attr, dest)) bgp_nexthop_self(bgp, afi, type, stype, attr, dest))
return true; return true;
} }
@ -3650,11 +3650,12 @@ bool bgp_update_martian_nexthop(struct bgp *bgp, afi_t afi, safi_t safi,
switch (attr->mp_nexthop_len) { switch (attr->mp_nexthop_len) {
case BGP_ATTR_NHLEN_IPV4: case BGP_ATTR_NHLEN_IPV4:
case BGP_ATTR_NHLEN_VPNV4: case BGP_ATTR_NHLEN_VPNV4:
ret = (attr->mp_nexthop_global_in.s_addr == INADDR_ANY ret = (attr->mp_nexthop_global_in.s_addr ==
|| IPV4_CLASS_DE( INADDR_ANY ||
ntohl(attr->mp_nexthop_global_in.s_addr)) !ipv4_unicast_valid(
|| bgp_nexthop_self(bgp, afi, type, stype, attr, &attr->mp_nexthop_global_in) ||
dest)); bgp_nexthop_self(bgp, afi, type, stype, attr,
dest));
break; break;
case BGP_ATTR_NHLEN_IPV6_GLOBAL: case BGP_ATTR_NHLEN_IPV6_GLOBAL:

8
bgpd/bgp_routemap.c
View File

@ -4410,8 +4410,8 @@ DEFUN_YANG (set_evpn_gw_ip_ipv4,
return CMD_WARNING_CONFIG_FAILED; return CMD_WARNING_CONFIG_FAILED;
} }
if (su.sin.sin_addr.s_addr == 0 if (su.sin.sin_addr.s_addr == 0 ||
|| IPV4_CLASS_DE(ntohl(su.sin.sin_addr.s_addr))) { !ipv4_unicast_valid(&su.sin.sin_addr)) {
vty_out(vty, vty_out(vty,
"%% Gateway IP cannot be 0.0.0.0, multicast or reserved\n"); "%% Gateway IP cannot be 0.0.0.0, multicast or reserved\n");
return CMD_WARNING_CONFIG_FAILED; return CMD_WARNING_CONFIG_FAILED;
@ -4448,8 +4448,8 @@ DEFUN_YANG (no_set_evpn_gw_ip_ipv4,
return CMD_WARNING_CONFIG_FAILED; return CMD_WARNING_CONFIG_FAILED;
} }
if (su.sin.sin_addr.s_addr == 0 if (su.sin.sin_addr.s_addr == 0 ||
|| IPV4_CLASS_DE(ntohl(su.sin.sin_addr.s_addr))) { !ipv4_unicast_valid(&su.sin.sin_addr)) {
vty_out(vty, vty_out(vty,
"%% Gateway IP cannot be 0.0.0.0, multicast or reserved\n"); "%% Gateway IP cannot be 0.0.0.0, multicast or reserved\n");
return CMD_WARNING_CONFIG_FAILED; return CMD_WARNING_CONFIG_FAILED;

13
lib/prefix.h
View File

@ -508,6 +508,17 @@ extern char *esi_to_str(const esi_t *esi, char *buf, int size);
extern char *evpn_es_df_alg2str(uint8_t df_alg, char *buf, int buf_len); extern char *evpn_es_df_alg2str(uint8_t df_alg, char *buf, int buf_len);
extern void prefix_evpn_hexdump(const struct prefix_evpn *p); extern void prefix_evpn_hexdump(const struct prefix_evpn *p);
static inline bool ipv4_unicast_valid(const struct in_addr *addr)
{
in_addr_t ip = ntohl(addr->s_addr);
if (IPV4_CLASS_DE(ip))
return false;
return true;
}
static inline int ipv6_martian(const struct in6_addr *addr) static inline int ipv6_martian(const struct in6_addr *addr)
{ {
struct in6_addr localhost_addr; struct in6_addr localhost_addr;
@ -527,7 +538,7 @@ static inline int ipv4_martian(const struct in_addr *addr)
{ {
in_addr_t ip = ntohl(addr->s_addr); in_addr_t ip = ntohl(addr->s_addr);
if (IPV4_NET0(ip) || IPV4_NET127(ip) || IPV4_CLASS_DE(ip)) { if (IPV4_NET0(ip) || IPV4_NET127(ip) || !ipv4_unicast_valid(addr)) {
return 1; return 1;
} }
return 0; return 0;

2
lib/routemap_northbound.c
View File

@ -887,7 +887,7 @@ static int lib_route_map_entry_set_action_ipv4_address_modify(
* only implemented action. * only implemented action.
*/ */
yang_dnode_get_ipv4(&ia, args->dnode, NULL); yang_dnode_get_ipv4(&ia, args->dnode, NULL);
if (ia.s_addr == INADDR_ANY || IPV4_CLASS_DE(ntohl(ia.s_addr))) if (ia.s_addr == INADDR_ANY || !ipv4_unicast_valid(&ia))
return NB_ERR_VALIDATION; return NB_ERR_VALIDATION;
/* FALLTHROUGH */ /* FALLTHROUGH */
case NB_EV_PREPARE: case NB_EV_PREPARE: