bgpd: fix invalid ipv4-vpn nexthop for IPv6 peer

Given that two routers are connected each other and they have IPv6
addresses and they establish BGP peer with extended-nexthop capability
and one router tries to advertise locally-generated IPv4-VPN routes to
other router.

In this situation, bgpd on the router that tries to advertise IPv4-VPN
routes will be crashed with "invalid MP nexthop length (AFI IP6)".

This issue is happened because MP_REACH_NLRI path attribute is not
generated correctly when ipv4-vpn routes are advertised to IPv6 peer.
When IPv4 routes are leaked from VRF RIB, the nexthop of these routes
are also IPv4 address (0.0.0.0/0 or specific addresses). However,
bgp_packet_mpattr_start only covers the case of IPv6 nexthop (for IPv6
peer).

ipv4-unicast routes were not affected by this issue because the case of
IPv4 nexthop is covered in `else` block.

Signed-off-by: Ryoga Saito <ryoga.saito@linecorp.com>

diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c
index e9050c5aecd5facf52465b50331e63f9fb66c06c..b2d7bdcef4ed0af49c80c24f74ba9c9e9875ed4d 100644 (file)
--- a/bgpd/bgp_attr.c
+++ b/bgpd/bgp_attr.c
@@ -3887,13 +3887,6 @@ size_t bgp_packet_mpattr_start(struct stream *s, struct peer *peer, afi_t afi,
                } break;
                case SAFI_MPLS_VPN: {
                        if (attr->mp_nexthop_len
-                           == BGP_ATTR_NHLEN_IPV6_GLOBAL) {
-                               stream_putc(s, 24);
-                               stream_putl(s, 0); /* RD = 0, per RFC */
-                               stream_putl(s, 0);
-                               stream_put(s, &attr->mp_nexthop_global,
-                                          IPV6_MAX_BYTELEN);
-                       } else if (attr->mp_nexthop_len
                                   == BGP_ATTR_NHLEN_IPV6_GLOBAL_AND_LL) {
                                stream_putc(s, 48);
                                stream_putl(s, 0); /* RD = 0, per RFC */
@@ -3904,6 +3897,12 @@ size_t bgp_packet_mpattr_start(struct stream *s, struct peer *peer, afi_t afi,
                                stream_putl(s, 0);
                                stream_put(s, &attr->mp_nexthop_local,
                                           IPV6_MAX_BYTELEN);
+                       } else {
+                               stream_putc(s, 24);
+                               stream_putl(s, 0); /* RD = 0, per RFC */
+                               stream_putl(s, 0);
+                               stream_put(s, &attr->mp_nexthop_global,
+                                          IPV6_MAX_BYTELEN);
                        }
                } break;
                case SAFI_ENCAP: