bgpd: discard traffic when at least traffic-rate 0 is observed

when multiple action rules are analysed in the BGP flowspec entry, if at
least the traffic-rate set to 0 is seen, then immediately create a rule
with drop rule. Previously this was not the case in case a forwarding
rule was seen.

Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>

diff --git a/bgpd/bgp_pbr.c b/bgpd/bgp_pbr.c
index 8852e46686277959d70f1111da5ba10bfd000033..2d50d1c9ead98649503fe4549c5bdccfe4e30f29 100644 (file)
--- a/bgpd/bgp_pbr.c
+++ b/bgpd/bgp_pbr.c
@@ -698,6 +698,7 @@ int bgp_pbr_build_and_validate_entry(struct prefix *p,
        int valid_prefix = 0;
        afi_t afi = AFI_IP;
        struct bgp_pbr_entry_action *api_action_redirect_ip = NULL;
+       bool discard_action_found = false;
 
        /* extract match from flowspec entries */
        ret = bgp_flowspec_match_rules_fill((uint8_t *)p->u.prefix_flowspec.ptr,
@@ -805,10 +806,22 @@ int bgp_pbr_build_and_validate_entry(struct prefix *p,
                                                                 api_action);
                                if (ret != 0)
                                        continue;
+                               if ((api_action->action == ACTION_TRAFFICRATE) &&
+                                   api->actions[i].u.r.rate == 0)
+                                       discard_action_found = true;
                        }
                        api->action_num++;
                }
        }
+       /* if ECOMMUNITY_TRAFFIC_RATE = 0 as action
+        * then reduce the API action list to that action
+        */
+       if (api->action_num > 1 && discard_action_found) {
+               api->action_num = 1;
+               memset(&api->actions[0], 0,
+                      sizeof(struct bgp_pbr_entry_action));
+               api->actions[0].action = ACTION_TRAFFICRATE;
+       }
 
        /* validate if incoming matc/action is compatible
         * with our policy routing engine