From: Donatas Abraitis Date: Mon, 15 Aug 2022 18:41:15 +0000 (+0300) Subject: bgpd: Treat as withdraw if we receive as path with AS_SET / AS_CONFED_SET X-Git-Tag: base_8.4~125^2 X-Git-Url: https://git.puffer.fish/?a=commitdiff_plain;h=1bd367634e79000ef32d5c1bc5e06490de2b4f84;p=matthieu%2Ffrr.git bgpd: Treat as withdraw if we receive as path with AS_SET / AS_CONFED_SET For now, only if the knob is enabled. Later this gonna be (most likely) removed and routes with AS_SET / AS_CONFED_SET will be denied by default. Signed-off-by: Donatas Abraitis --- diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c index 0135acec8f..d91c717f37 100644 --- a/bgpd/bgp_attr.c +++ b/bgpd/bgp_attr.c @@ -1515,6 +1515,19 @@ static int bgp_attr_aspath(struct bgp_attr_parser_args *args) 0); } + /* Conformant BGP speakers SHOULD NOT send BGP + * UPDATE messages containing AS_SET or AS_CONFED_SET. Upon receipt of + * such messages, conformant BGP speakers SHOULD use the "Treat-as- + * withdraw" error handling behavior as per [RFC7606]. + */ + if (peer->bgp->reject_as_sets && aspath_check_as_sets(attr->aspath)) { + flog_err(EC_BGP_ATTR_MAL_AS_PATH, + "AS_SET and AS_CONFED_SET are deprecated from %pBP", + peer); + return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_MAL_AS_PATH, + 0); + } + /* Set aspath attribute flag. */ attr->flag |= ATTR_FLAG_BIT(BGP_ATTR_AS_PATH); @@ -1595,6 +1608,19 @@ static int bgp_attr_as4_path(struct bgp_attr_parser_args *args, 0); } + /* Conformant BGP speakers SHOULD NOT send BGP + * UPDATE messages containing AS_SET or AS_CONFED_SET. Upon receipt of + * such messages, conformant BGP speakers SHOULD use the "Treat-as- + * withdraw" error handling behavior as per [RFC7606]. + */ + if (peer->bgp->reject_as_sets && aspath_check_as_sets(attr->aspath)) { + flog_err(EC_BGP_ATTR_MAL_AS_PATH, + "AS_SET and AS_CONFED_SET are deprecated from %pBP", + peer); + return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_MAL_AS_PATH, + 0); + } + /* Set aspath attribute flag. */ attr->flag |= ATTR_FLAG_BIT(BGP_ATTR_AS4_PATH);