bgpd: handle fs nlri over 240 bytes

the nlri flowspec above 240 bytes size was not handled.
Over 240 bytes, the length is 2 bytes length, and a calculation must be
done to obtain the real length. This commit handles it appropriately.

Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>

diff --git a/bgpd/bgp_flowspec.c b/bgpd/bgp_flowspec.c
index 9554638735f163f68ec77a537806259d400c517a..17c41636de81c9c16b6d7db1f1a593dfbadee72a 100644 (file)
--- a/bgpd/bgp_flowspec.c
+++ b/bgpd/bgp_flowspec.c
@@ -108,7 +108,7 @@ int bgp_nlri_parse_flowspec(struct peer *peer, struct attr *attr,
                return BGP_NLRI_PARSE_ERROR_FLOWSPEC_IPV6_NOT_SUPPORTED;
        }
 
-       if (packet->length >= FLOWSPEC_NLRI_SIZELIMIT) {
+       if (packet->length >= FLOWSPEC_NLRI_SIZELIMIT_EXTENDED) {
                flog_err(EC_BGP_FLOWSPEC_PACKET,
                         "BGP flowspec nlri length maximum reached (%u)",
                         packet->length);
@@ -124,7 +124,11 @@ int bgp_nlri_parse_flowspec(struct peer *peer, struct attr *attr,
                        return BGP_NLRI_PARSE_ERROR_PACKET_OVERFLOW;
 
                psize = *pnt++;
-
+               if (psize >= FLOWSPEC_NLRI_SIZELIMIT) {
+                       psize &= 0x0f;
+                       psize = psize << 8;
+                       psize |= *pnt++;
+               }
                /* When packet overflow occur return immediately. */
                if (pnt + psize > lim) {
                        flog_err(

diff --git a/bgpd/bgp_flowspec_private.h b/bgpd/bgp_flowspec_private.h
index dede4e03d3a4c42aabc66da660486241f0d2d48d..cec244c1651660e5702010ee2be5750d1f91f410 100644 (file)
--- a/bgpd/bgp_flowspec_private.h
+++ b/bgpd/bgp_flowspec_private.h
@@ -20,6 +20,7 @@
 #define _FRR_BGP_FLOWSPEC_PRIVATE_H
 
 #define FLOWSPEC_NLRI_SIZELIMIT                        240
+#define FLOWSPEC_NLRI_SIZELIMIT_EXTENDED               4095
 
 /* Flowspec raffic action bit*/
 #define FLOWSPEC_TRAFFIC_ACTION_TERMINAL       1