From: Donald Sharp Date: Wed, 20 May 2015 01:04:14 +0000 (-0700) Subject: When an incoming connection is received from a neighbor that is configured but X-Git-Tag: frr-2.0-rc1~1404 X-Git-Url: https://git.puffer.fish/?a=commitdiff_plain;h=2672319b698c713d44a8b3fc189e44c0915121c3;p=matthieu%2Ffrr.git When an incoming connection is received from a neighbor that is configured but is not activated for any address-family, the connection is accepted without taking further action. This causes the connection to hang in OpenSent on the neighbor and can in turn delay the connection setup. Fix to reject incoming connections when there is no address-family activated for the neighbor. --- diff --git a/bgpd/bgp_network.c b/bgpd/bgp_network.c index d2ccec0e70..9388bc397b 100644 --- a/bgpd/bgp_network.c +++ b/bgpd/bgp_network.c @@ -282,6 +282,16 @@ bgp_accept (struct thread *thread) return -1; } + /* Check that at least one AF is activated for the peer. */ + if (!peer_active (peer1)) + { + if (bgp_debug_neighbor_events(peer1)) + zlog_debug ("%s - incoming conn rejected - no AF activated for peer", + peer1->host); + close (bgp_sock); + return -1; + } + if (bgp_debug_neighbor_events(peer1)) zlog_debug ("[Event] BGP connection from host %s", inet_sutop (&su, buf));