diff options
| author | Claudio Jeker <claudio@cvs.openbsd.org> | 2024-09-04 15:06:37 +0000 |
|---|---|---|
| committer | Claudio Jeker <claudio@cvs.openbsd.org> | 2024-09-04 15:06:37 +0000 |
| commit | 3ced8ba769ed9b363c934d4b46389d6cda9e1c18 (patch) | |
| tree | 356afb828a1401aa5452cc1b72fefca74f7781a7 /usr.sbin/bgpd | |
| parent | b2f22f56a291e7af6e6003b74e551b7127e05483 (diff) | |
Qualifying nexthops via BGP does not properly work since nexthops need
to be rechecked when a BGP route is added (or changed).
We need to revalidate nexthops on inserts (kroute_insert) and
on change (krX_change but only for AID_INET and AID_INET6 -- no nexthops
in the other tables) the nexthop needs to be updated.
Only validate nexthops if 'nexthop qualify via bgp' is enabled. For route
changes the code can depend on the F_NEXTHOP flag.
Fix for: https://github.com/openbgpd-portable/openbgpd-portable/issues/81
OK tb@
Diffstat (limited to 'usr.sbin/bgpd')
| -rw-r--r-- | usr.sbin/bgpd/bgpd.c | 8 | ||||
| -rw-r--r-- | usr.sbin/bgpd/bgpd.h | 3 | ||||
| -rw-r--r-- | usr.sbin/bgpd/kroute.c | 13 |
3 files changed, 19 insertions, 5 deletions
diff --git a/usr.sbin/bgpd/bgpd.c b/usr.sbin/bgpd/bgpd.c index e997d680259..bb0e19d01a8 100644 --- a/usr.sbin/bgpd/bgpd.c +++ b/usr.sbin/bgpd/bgpd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bgpd.c,v 1.266 2024/09/04 13:30:10 claudio Exp $ */ +/* $OpenBSD: bgpd.c,v 1.267 2024/09/04 15:06:36 claudio Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -1182,6 +1182,12 @@ bgpd_oknexthop(struct kroute_full *kf) } int +bgpd_has_bgpnh(void) +{ + return ((cflags & BGPD_FLAG_NEXTHOP_BGP) != 0); +} + +int control_setup(struct bgpd_config *conf) { int fd, restricted; diff --git a/usr.sbin/bgpd/bgpd.h b/usr.sbin/bgpd/bgpd.h index 78e245b5d26..c558d636b44 100644 --- a/usr.sbin/bgpd/bgpd.h +++ b/usr.sbin/bgpd/bgpd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: bgpd.h,v 1.495 2024/08/14 19:09:51 claudio Exp $ */ +/* $OpenBSD: bgpd.h,v 1.496 2024/09/04 15:06:36 claudio Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -1416,6 +1416,7 @@ void send_imsg_session(int, pid_t, void *, uint16_t); int send_network(int, struct network_config *, struct filter_set_head *); int bgpd_oknexthop(struct kroute_full *); +int bgpd_has_bgpnh(void); void set_pollfd(struct pollfd *, struct imsgbuf *); int handle_pollfd(struct pollfd *, struct imsgbuf *); diff --git a/usr.sbin/bgpd/kroute.c b/usr.sbin/bgpd/kroute.c index 6da5986faec..a806ae8a094 100644 --- a/usr.sbin/bgpd/kroute.c +++ b/usr.sbin/bgpd/kroute.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kroute.c,v 1.309 2024/01/09 13:41:32 claudio Exp $ */ +/* $OpenBSD: kroute.c,v 1.310 2024/09/04 15:06:36 claudio Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -511,6 +511,9 @@ kr4_change(struct ktable *kt, struct kroute_full *kf) else kr->flags &= ~F_REJECT; + if (kr->flags & F_NEXTHOP) + knexthop_update(kt, kf); + if (send_rtmsg(RTM_CHANGE, kt, kf)) kr->flags |= F_BGPD_INSERTED; } @@ -549,6 +552,9 @@ kr6_change(struct ktable *kt, struct kroute_full *kf) else kr6->flags &= ~F_REJECT; + if (kr6->flags & F_NEXTHOP) + knexthop_update(kt, kf); + if (send_rtmsg(RTM_CHANGE, kt, kf)) kr6->flags |= F_BGPD_INSERTED; } @@ -1719,13 +1725,14 @@ kroute_insert(struct ktable *kt, struct kroute_full *kf) break; } - /* XXX this is wrong for nexthop validated via BGP */ - if (!(kf->flags & F_BGPD)) { + if (bgpd_has_bgpnh() || !(kf->flags & F_BGPD)) { RB_FOREACH(n, knexthop_tree, KT2KNT(kt)) if (prefix_compare(&kf->prefix, &n->nexthop, kf->prefixlen) == 0) knexthop_validate(kt, n); + } + if (!(kf->flags & F_BGPD)) { /* redistribute multipath routes only once */ if (!multipath) kr_redistribute(IMSG_NETWORK_ADD, kt, kf); |