diff options
| author | Claudio Jeker <claudio@cvs.openbsd.org> | 2004-02-26 14:00:34 +0000 |
|---|---|---|
| committer | Claudio Jeker <claudio@cvs.openbsd.org> | 2004-02-26 14:00:34 +0000 |
| commit | 11a180c99e46f36231edf3068b2a427969f69411 (patch) | |
| tree | 8230d636d704aeee6f6653ca69945b4673fda63b /usr.sbin/bgpd/rde_attr.c | |
| parent | 8f7a65223ef60cf679511eed6084ba0d67d363e2 (diff) | |
Implement "enforce neighbor-as yes|no" which is by default on for ebgp
neighbors. While doing that check also that the nexthop is valid (not class D
or E and not in 127/8 range). Kill some TODO and XXX and rename the british
neighbour to neighbor as used everywhere else. OK henning@
Diffstat (limited to 'usr.sbin/bgpd/rde_attr.c')
| -rw-r--r-- | usr.sbin/bgpd/rde_attr.c | 30 |
1 files changed, 20 insertions, 10 deletions
diff --git a/usr.sbin/bgpd/rde_attr.c b/usr.sbin/bgpd/rde_attr.c index 9cb130fa201..cc6bc77f53d 100644 --- a/usr.sbin/bgpd/rde_attr.c +++ b/usr.sbin/bgpd/rde_attr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rde_attr.c,v 1.14 2004/02/24 15:44:33 claudio Exp $ */ +/* $OpenBSD: rde_attr.c,v 1.15 2004/02/26 14:00:33 claudio Exp $ */ /* * Copyright (c) 2004 Claudio Jeker <claudio@openbsd.org> @@ -19,6 +19,8 @@ #include <sys/types.h> #include <sys/queue.h> +#include <netinet/in.h> + #include <stdlib.h> #include <stdio.h> #include <string.h> @@ -59,7 +61,8 @@ attr_init(struct attr_flags *a) } int -attr_parse(u_char *p, u_int16_t len, struct attr_flags *a, int ebgp) +attr_parse(u_char *p, u_int16_t len, struct attr_flags *a, int ebgp, + enum enforce_as enforce_as, u_int16_t remote_as) { u_int32_t tmp32; u_int16_t attr_len; @@ -108,7 +111,10 @@ attr_parse(u_char *p, u_int16_t len, struct attr_flags *a, int ebgp) return (-1); WFLAG(a->wflags, F_ATTR_ASPATH); a->aspath = aspath_create(p, attr_len); - /* XXX enforce remote-as == left most AS if not disabled */ + if (enforce_as == ENFORCE_AS_ON && + remote_as != aspath_neighbor(a->aspath)) + return (-1); + plen += attr_len; break; case ATTR_NEXTHOP: @@ -118,7 +124,14 @@ attr_parse(u_char *p, u_int16_t len, struct attr_flags *a, int ebgp) return (-1); WFLAG(a->wflags, F_ATTR_NEXTHOP); UPD_READ(&a->nexthop, p, plen, 4); /* network byte order */ - /* XXX check if the nexthop is a valid IP address */ + /* + * Check if the nexthop is a valid IP address. We consider + * multicast, experimental and loopback addresses as invalid. + */ + tmp32 = ntohl(a->nexthop); + if (IN_MULTICAST(tmp32) || IN_BADCLASS(tmp32) || + (tmp32 & 0x7f000000) == 0x7f000000) + return (-1); break; case ATTR_MED: if (attr_len != 4) @@ -480,10 +493,6 @@ attr_optfree(struct attr_flags *attr) /* aspath specific functions */ -/* TODO - * aspath regexp search, - * aspath to string converter - */ static u_int16_t aspath_extract(void *, int); /* @@ -642,6 +651,7 @@ void aspath_destroy(struct aspath *aspath) { /* only the aspath needs to be freed */ + if (aspath == NULL) return; free(aspath); } @@ -681,11 +691,11 @@ aspath_count(struct aspath *aspath) } u_int16_t -aspath_neighbour(struct aspath *aspath) +aspath_neighbor(struct aspath *aspath) { /* * Empty aspath is OK -- internal as route. - * But what is the neighbour? For now let's return 0 that + * But what is the neighbor? For now let's return 0 that * should not break anything. */ |