Skip to content

Commit

Permalink
bgpd: Validate Addpath capability flags per AF
Browse files Browse the repository at this point in the history
Send/Receive:
         This field indicates whether the sender is (a) able to receive
         multiple paths from its peer (value 1), (b) able to send
         multiple paths to its peer (value 2), or (c) both (value 3) for
         the <AFI, SAFI>.

         If any other value is received, then the capability SHOULD be
         treated as not understood and ignored [RFC5492].

Signed-off-by: Donatas Abraitis <[email protected]>
  • Loading branch information
ton31337 committed Dec 17, 2023
1 parent a912f8f commit fb43728
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 2 deletions.
11 changes: 11 additions & 0 deletions bgpd/bgp_open.c
Original file line number Diff line number Diff line change
Expand Up @@ -680,6 +680,17 @@ static int bgp_capability_addpath(struct peer *peer,
iana_safi_t pkt_safi = stream_getc(s);
uint8_t send_receive = stream_getc(s);

/* If any other value (other than 1-3) is received, then
* the capability SHOULD be treated as not understood
* and ignored.
*/
if (send_receive > 3) {
flog_warn(EC_BGP_CAPABILITY_INVALID_DATA,
"Add Path: Received invalid send/receive value %u in Add Path capability",
send_receive);
continue;
}

if (bgp_debug_neighbor_events(peer))
zlog_debug("%s OPEN has %s capability for afi/safi: %s/%s%s%s",
peer->host,
Expand Down
16 changes: 14 additions & 2 deletions bgpd/bgp_packet.c
Original file line number Diff line number Diff line change
Expand Up @@ -3097,6 +3097,17 @@ static void bgp_dynamic_capability_addpath(uint8_t *pnt, int action,
pkt_afi = ntohs(bac.afi);
pkt_safi = safi_int2iana(bac.safi);

/* If any other value (other than 1-3) is received,
* then the capability SHOULD be treated as not
* understood and ignored.
*/
if (bac.flags > 3) {
flog_warn(EC_BGP_CAPABILITY_INVALID_LENGTH,
"Add Path: Received invalid send/receive value %u in Add Path capability",
bac.flags);
goto ignore;
}

if (bgp_debug_neighbor_events(peer))
zlog_debug("%s OPEN has %s capability for afi/safi: %s/%s%s%s",
peer->host,
Expand All @@ -3118,14 +3129,14 @@ static void bgp_dynamic_capability_addpath(uint8_t *pnt, int action,
peer->host,
iana_afi2str(pkt_afi),
iana_safi2str(pkt_safi));
continue;
goto ignore;
} else if (!peer->afc[afi][safi]) {
if (bgp_debug_neighbor_events(peer))
zlog_debug("%s Addr-family %s/%s(afi/safi) not enabled. Ignore the AddPath capability for this AFI/SAFI",
peer->host,
iana_afi2str(pkt_afi),
iana_safi2str(pkt_safi));
continue;
goto ignore;
}

if (CHECK_FLAG(bac.flags, BGP_ADDPATH_RX))
Expand All @@ -3142,6 +3153,7 @@ static void bgp_dynamic_capability_addpath(uint8_t *pnt, int action,
UNSET_FLAG(peer->af_cap[afi][safi],
PEER_CAP_ADDPATH_AF_TX_RCV);

ignore:
data += CAPABILITY_CODE_ADDPATH_LEN;
}
} else {
Expand Down

0 comments on commit fb43728

Please sign in to comment.