summaryrefslogtreecommitdiff
path: root/proto/bgp
diff options
context:
space:
mode:
authorOndrej Zajicek (work) <santiago@crfreenet.org>2020-03-03 17:45:16 +0100
committerOndrej Zajicek (work) <santiago@crfreenet.org>2020-03-03 17:45:16 +0100
commit78e4a123bb937bb45f7eaebb0ea475095443bfd0 (patch)
tree41a4c48f916cb88b32fb462446c8be2fe28b1132 /proto/bgp
parent757cab18d6427d9246618ce48c158f2b05183838 (diff)
BGP: Handle flowspec rules without dst part
The RFC 5575 does not explicitly reject flowspec rules without dst part, it just requires dst part in validation procedure for feasibility, which we do not implement anyway. Thus flow without dst prefix is syntactically valid, but unfeasible (if feasibilty testing is done). Thanks to Alex D. for the bugreport.
Diffstat (limited to 'proto/bgp')
-rw-r--r--proto/bgp/packets.c28
1 files changed, 14 insertions, 14 deletions
diff --git a/proto/bgp/packets.c b/proto/bgp/packets.c
index ed878e41..ee031c05 100644
--- a/proto/bgp/packets.c
+++ b/proto/bgp/packets.c
@@ -1824,15 +1824,15 @@ bgp_decode_nlri_flow4(struct bgp_parse_state *s, byte *pos, uint len, rta *a)
bgp_parse_error(s, 1);
}
- if (data[0] != FLOW_TYPE_DST_PREFIX)
- {
- log(L_REMOTE "%s: No dst prefix at first pos", s->proto->p.name);
- bgp_parse_error(s, 1);
- }
+ ip4_addr px = IP4_NONE;
+ uint pxlen = 0;
/* Decode dst prefix */
- ip4_addr px = flow_read_ip4_part(data);
- uint pxlen = data[1];
+ if (data[0] == FLOW_TYPE_DST_PREFIX)
+ {
+ px = flow_read_ip4_part(data);
+ pxlen = flow_read_pxlen(data);
+ }
/* Prepare the flow */
net_addr *n = alloca(sizeof(struct net_addr_flow4) + flen);
@@ -1912,15 +1912,15 @@ bgp_decode_nlri_flow6(struct bgp_parse_state *s, byte *pos, uint len, rta *a)
bgp_parse_error(s, 1);
}
- if (data[0] != FLOW_TYPE_DST_PREFIX)
- {
- log(L_REMOTE "%s: No dst prefix at first pos", s->proto->p.name);
- bgp_parse_error(s, 1);
- }
+ ip6_addr px = IP6_NONE;
+ uint pxlen = 0;
/* Decode dst prefix */
- ip6_addr px = flow_read_ip6_part(data);
- uint pxlen = data[1];
+ if (data[0] == FLOW_TYPE_DST_PREFIX)
+ {
+ px = flow_read_ip6_part(data);
+ pxlen = flow_read_pxlen(data);
+ }
/* Prepare the flow */
net_addr *n = alloca(sizeof(struct net_addr_flow6) + flen);