bgpd: add AFI/SAFI check for RFC 9234

RFC 9234 mandates that role rules apply only to IPv4/IPv6 unicast bgp
sessions. If the OTC attribute appears in other sessions, it will remain
untouched.

Signed-off-by: Eugene Bogomazov <eb@qrator.net>

diff --git a/bgpd/bgp_route.c b/bgpd/bgp_route.c
index 90e3f880587b95f84af02912943829fe27cc4bd7..b7b069fbed16ffc750b2ee9f6e5966a7548410be 100644 (file)
--- a/bgpd/bgp_route.c
+++ b/bgpd/bgp_route.c
@@ -1598,6 +1598,11 @@ static bool bgp_otc_egress(struct peer *peer, struct attr *attr)
        return false;
 }
 
+static bool bgp_check_role_applicability(afi_t afi, safi_t safi)
+{
+       return ((afi == AFI_IP || afi == AFI_IP6) && safi == SAFI_UNICAST);
+}
+
 static int bgp_input_modifier(struct peer *peer, const struct prefix *p,
                              struct attr *attr, afi_t afi, safi_t safi,
                              const char *rmap_name, mpls_label_t *label,
@@ -2202,7 +2207,8 @@ bool subgroup_announce_check(struct bgp_dest *dest, struct bgp_path_info *pi,
                        memset(&attr->mp_nexthop_local, 0, IPV6_MAX_BYTELEN);
        }
 
-       if (bgp_otc_egress(peer, attr))
+       if (bgp_check_role_applicability(afi, safi) &&
+           bgp_otc_egress(peer, attr))
                return false;
 
        bgp_peer_remove_private_as(bgp, afi, safi, peer, attr);
@@ -4001,12 +4007,12 @@ int bgp_update(struct peer *peer, const struct prefix *p, uint32_t addpath_id,
                goto filtered;
        }
 
-       if (bgp_otc_filter(peer, &new_attr)) {
+       if (bgp_check_role_applicability(afi, safi) &&
+           bgp_otc_filter(peer, &new_attr)) {
                reason = "failing otc validation";
                bgp_attr_flush(&new_attr);
                goto filtered;
        }
-
        /* The flag BGP_NODE_FIB_INSTALL_PENDING is for the following
         * condition :
         * Suppress fib is enabled