Implement two new filters, max-as-len and max-as-seq. The first is limiting

the length of an AS path (matches if the path is longer then the specified
lenght) the second matches when a sequence of the same AS number is longer
then the specified length).
max-as-len is good to protect crappy comercial bgp boxes from other crappy
comercial bgp boxes. max-as-seq was a feature request from SwissIX and maybe
EuroIX to find and filter prepends.
Additinal testing and OK sthen@

1 files changed, 38 insertions, 1 deletions

diff --git a/usr.sbin/bgpd/rde_attr.c b/usr.sbin/bgpd/rde_attr.c
index 6b1dc839d8a..e38473ff8d8 100644
--- a/usr.sbin/bgpd/rde_attr.c
+++ b/usr.sbin/bgpd/rde_attr.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: rde_attr.c,v 1.83 2010/03/29 09:24:07 claudio Exp $ */
+/*	$OpenBSD: rde_attr.c,v 1.84 2010/05/17 16:08:20 claudio Exp $ */
 
 /*
  * Copyright (c) 2004 Claudio Jeker <claudio@openbsd.org>
@@ -971,6 +971,43 @@ aspath_match(struct aspath *a, enum as_spec type, u_int32_t as)
 	return (0);
 }
 
+int
+aspath_lenmatch(struct aspath *a, enum aslen_spec type, u_int aslen)
+{
+	u_int8_t	*seg;
+	u_int32_t	 as, lastas = 0;
+	u_int		 count = 0;
+	u_int16_t	 len, seg_size;
+	u_int8_t	 i, seg_type, seg_len;
+
+	if (type == ASLEN_MAX) {
+		if (aslen < aspath_count(a->data, a->len))
+			return (1);
+		else
+			return (0);
+	}
+
+	/* type == ASLEN_SEQ */
+	seg = a->data;
+	for (len = a->len; len > 0; len -= seg_size, seg += seg_size) {
+		seg_type = seg[0];
+		seg_len = seg[1];
+		seg_size = 2 + sizeof(u_int32_t) * seg_len;
+
+		for (i = 0; i < seg_len; i++) {
+			/* what should we do with AS_SET? */
+			as = aspath_extract(seg, i);
+			if (as == lastas) {
+				if (aslen < ++count)
+					return (1);
+			} else
+				count = 1;
+			lastas = as;
+		}
+	}
+	return (0);
+}
+
 /*
  * Functions handling communities and extended communities.
  */