bgpd: Do not start BGP session if BGP identifier is not set

If we have IPv6-only network and no IPv4 addresses at all, then by default
0.0.0.0 is created which is treated as malformed according to RFC 6286.

Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
(cherry picked from commit 739f2b566a8217acce84d4c21aaf033314f535bb)

diff --git a/bgpd/bgp_fsm.c b/bgpd/bgp_fsm.c
index 1a30cb37f4da4fd5f7346e9a33bc5a1decd7acb8..c7b7f9e284893ac386a756de8301b20cce1dbe69 100644 (file)
--- a/bgpd/bgp_fsm.c
+++ b/bgpd/bgp_fsm.c
@@ -607,6 +607,7 @@ const char *const peer_down_str[] = {
        "Admin. shutdown (RTT)",
        "Suppress Fib Turned On or Off",
        "Password config change",
+       "Router ID is missing",
 };
 
 static void bgp_graceful_restart_timer_off(struct peer_connection *connection,

diff --git a/bgpd/bgp_network.c b/bgpd/bgp_network.c
index af5d815d30a51eef54c02cc01e848b397b38192c..3df4aa286eb3e62942679447f62416950aa716e5 100644 (file)
--- a/bgpd/bgp_network.c
+++ b/bgpd/bgp_network.c
@@ -571,7 +571,7 @@ static void bgp_accept(struct event *thread)
 
        /* Do not try to reconnect if the peer reached maximum
         * prefixes, restart timer is still running or the peer
-        * is shutdown.
+        * is shutdown, or BGP identifier is not set (0.0.0.0).
         */
        if (BGP_PEER_START_SUPPRESSED(peer1)) {
                if (bgp_debug_neighbor_events(peer1)) {
@@ -588,6 +588,14 @@ static void bgp_accept(struct event *thread)
                return;
        }
 
+       if (peer1->bgp->router_id.s_addr == INADDR_ANY) {
+               zlog_warn("[Event] Incoming BGP connection rejected from %s due missing BGP identifier, set it with `bgp router-id`",
+                         peer1->host);
+               peer1->last_reset = PEER_DOWN_ROUTER_ID_ZERO;
+               close(bgp_sock);
+               return;
+       }
+
        if (bgp_debug_neighbor_events(peer1))
                zlog_debug("[Event] connection from %s fd %d, active peer status %d fd %d",
                           inet_sutop(&su, buf), bgp_sock, connection1->status,
@@ -776,6 +784,13 @@ enum connect_result bgp_connect(struct peer_connection *connection)
        assert(!CHECK_FLAG(connection->thread_flags, PEER_THREAD_READS_ON));
        ifindex_t ifindex = 0;
 
+       if (peer->bgp->router_id.s_addr == INADDR_ANY) {
+               peer->last_reset = PEER_DOWN_ROUTER_ID_ZERO;
+               zlog_warn("%s: BGP identifier is missing for peer %s, set it with `bgp router-id`",
+                         __func__, peer->host);
+               return connect_error;
+       }
+
        if (peer->conf_if && BGP_CONNECTION_SU_UNSPEC(connection)) {
                if (bgp_debug_neighbor_events(peer))
                        zlog_debug("Peer address not learnt: Returning from connect");

diff --git a/bgpd/bgpd.h b/bgpd/bgpd.h
index 96a78e666249ae5f1a7a1744b92e6b4813c82182..ee904391c1ddd6f4e02acba4e267931ceaafe263 100644 (file)
--- a/bgpd/bgpd.h
+++ b/bgpd/bgpd.h
@@ -1863,6 +1863,7 @@ struct peer {
 #define PEER_DOWN_RTT_SHUTDOWN          35U /* Automatically shutdown due to RTT */
 #define PEER_DOWN_SUPPRESS_FIB_PENDING  36U /* Suppress fib pending changed */
 #define PEER_DOWN_PASSWORD_CHANGE       37U /* neighbor password command */
+#define PEER_DOWN_ROUTER_ID_ZERO        38U /* router-id is 0.0.0.0 */
        /*
         * Remember to update peer_down_str in bgp_fsm.c when you add
         * a new value to the last_reset reason