summaryrefslogtreecommitdiff
path: root/proto
diff options
context:
space:
mode:
authorOndrej Zajicek (work) <santiago@crfreenet.org>2018-01-16 04:14:49 +0100
committerOndrej Zajicek (work) <santiago@crfreenet.org>2018-01-16 04:14:49 +0100
commit3831b619661d08d935fd78656732cd2f339ff811 (patch)
treead0f9f78f36b04b7b2c70d6b8c32fbd615e72a4f /proto
parent4db4ac7243bf54187029abda0b42cc9d29757d13 (diff)
BGP: Require explicit import and export policies for EBGP channels
To comply with RFC 8212 requirements.
Diffstat (limited to 'proto')
-rw-r--r--proto/bgp/bgp.c17
-rw-r--r--proto/bgp/config.Y2
2 files changed, 19 insertions, 0 deletions
diff --git a/proto/bgp/bgp.c b/proto/bgp/bgp.c
index 8da5b0aa..9db26050 100644
--- a/proto/bgp/bgp.c
+++ b/proto/bgp/bgp.c
@@ -99,6 +99,7 @@
* <item> <rfc id="7947"> - Internet Exchange BGP Route Server
* <item> <rfc id="8092"> - BGP Large Communities Attribute
* <item> <rfc id="8203"> - BGP Administrative Shutdown Communication
+ * <item> <rfc id="8212"> - Default EBGP Route Propagation Behavior without Policies
* </itemize>
*/
@@ -113,6 +114,7 @@
#include "nest/cli.h"
#include "nest/locks.h"
#include "conf/conf.h"
+#include "filter/filter.h"
#include "lib/socket.h"
#include "lib/resource.h"
#include "lib/string.h"
@@ -1621,6 +1623,7 @@ bgp_postconfig(struct proto_config *CF)
{
struct bgp_config *cf = (void *) CF;
int internal = (cf->local_as == cf->remote_as);
+ int interior = internal || cf->confederation_member;
/* Do not check templates at all */
if (cf->c.class == SYM_TEMPLATE)
@@ -1677,6 +1680,20 @@ bgp_postconfig(struct proto_config *CF)
struct bgp_channel_config *cc;
WALK_LIST(cc, CF->channels)
{
+ /* Handle undefined import filter */
+ if (cc->c.in_filter == FILTER_UNDEF)
+ if (interior)
+ cc->c.in_filter = FILTER_ACCEPT;
+ else
+ cf_error("EBGP requires explicit import policy");
+
+ /* Handle undefined export filter */
+ if (cc->c.out_filter == FILTER_UNDEF)
+ if (interior)
+ cc->c.out_filter = FILTER_REJECT;
+ else
+ cf_error("EBGP requires explicit export policy");
+
/* Disable after error incompatible with restart limit action */
if ((cc->c.in_limit.action == PLA_RESTART) && cf->disable_after_error)
cc->c.in_limit.action = PLA_DISABLE;
diff --git a/proto/bgp/config.Y b/proto/bgp/config.Y
index 4e819eb7..04e6d666 100644
--- a/proto/bgp/config.Y
+++ b/proto/bgp/config.Y
@@ -163,6 +163,8 @@ bgp_channel_start: bgp_afi
/* New channel */
if (!BGP_CC->desc)
{
+ BGP_CC->c.in_filter = FILTER_UNDEF;
+ BGP_CC->c.out_filter = FILTER_UNDEF;
BGP_CC->c.ra_mode = RA_UNDEF;
BGP_CC->afi = $1;
BGP_CC->desc = desc;