Merge commit '950775f6fa3d569a9d7cd05e33538d35e895d688' into haugesund

There were quite a lot of conflicts in flowspec validation code which ultimately led to some code being a bit rewritten, not only adapted from this or that branch, yet it is still in a limit of a merge.
2024-05-11 16:54:54 +00:00 · 2022-06-08 11:47:49 +02:00
parent 8fd3811d9d 950775f6fa
commit cae5979871
21 changed files with 303 additions and 241 deletions
--- a/proto/bgp/attrs.c
+++ b/proto/bgp/attrs.c
@@ -1715,8 +1715,20 @@ bgp_preexport(struct channel *c, rte *e)
    return 0;

  /* Reject flowspec that failed validation */
-  if ((e->attrs->dest == RTD_UNREACHABLE) && net_is_flow(e->net))
-    return -1;
+  if (net_is_flow(e->net))
+    switch (rt_get_flowspec_valid(e))
+    {
+      case FLOWSPEC_VALID:
+	break;
+      case FLOWSPEC_INVALID:
+	return -1;
+      case FLOWSPEC_UNKNOWN:
+ 	ASSUME((rt_get_source_attr(e) != RTS_BGP) ||
+	    !((struct bgp_channel *) SKIP_BACK(struct channel, in_req, e->sender->req))->base_table);
+	break;
+      case FLOWSPEC__MAX:
+	bug("This never happens.");
+    }

  /* IBGP route reflection, RFC 4456 */
  if (p->is_internal && src->is_internal && (p->local_as == src->local_as))
--- a/proto/bgp/bgp.h
+++ b/proto/bgp/bgp.h
@@ -519,7 +519,9 @@ struct rte_source *bgp_get_source(struct bgp_proto *p, u32 path_id);
 static inline int
 rta_resolvable(rta *a)
 {
-  return a->dest != RTD_UNREACHABLE;
+  eattr *nhea = ea_find(a->eattrs, &ea_gen_nexthop);
+  struct nexthop_adata *nhad = (void *) nhea->u.ptr;
+  return NEXTHOP_IS_REACHABLE(nhad) || (nhad->dest != RTD_UNREACHABLE);
 }


--- a/proto/bgp/packets.c
+++ b/proto/bgp/packets.c
@@ -968,7 +968,6 @@ bgp_apply_next_hop(struct bgp_parse_state *s, rta *a, ip_addr gw, ip_addr ll)

    ea_set_attr_u32(&a->eattrs, &ea_gen_igp_metric, 0, c->cf->cost);

-    a->dest = RTD_UNICAST;
    struct nexthop_adata nhad = {
      .nh = {
 	.gw = nbr->addr,
@@ -1003,8 +1002,7 @@ bgp_apply_mpls_labels(struct bgp_parse_state *s, rta *a, u32 lnum, u32 labels[ln
  {
    REPORT("Too many MPLS labels ($u)", lnum);

-    a->dest = RTD_UNREACHABLE;
-    ea_unset_attr(&a->eattrs, 0, &ea_gen_nexthop);
+    ea_set_dest(&a->eattrs, 0, RTD_UNREACHABLE);
    return;
  }

@@ -1092,17 +1090,14 @@ bgp_use_gateway(struct bgp_export_state *s)
  if (c->cf->next_hop_self && bgp_match_src(s, c->cf->next_hop_self))
    return NULL;

-  /* Unreachable */
-  if (ra->dest != RTD_UNICAST)
-    return NULL;
-
  eattr *nhea = ea_find(ra->eattrs, &ea_gen_nexthop);
  if (!nhea)
    return NULL;

  /* We need one valid global gateway */
  struct nexthop_adata *nhad = (struct nexthop_adata *) nhea->u.ptr;
-  if (!NEXTHOP_ONE(nhad) || ipa_zero(nhad->nh.gw) ||
+  if (!NEXTHOP_IS_REACHABLE(nhad) ||
+      !NEXTHOP_ONE(nhad) || ipa_zero(nhad->nh.gw) ||
      ipa_is_link_local(nhad->nh.gw))
    return NULL;