From: Daniel Walton <dwalton@cumulusnetworks.com>
Date: Wed, 4 Nov 2015 16:31:33 +0000 (+0000)
Subject: BGP ORF fails to filter prefixes correctly
X-Git-Tag: frr-2.0-rc1~1208
X-Git-Url: https://git.puffer.fish/?a=commitdiff_plain;h=40d2700de36db09416c361224b6b11ff9f94568f;p=mirror%2Ffrr.git

BGP ORF fails to filter prefixes correctly

Signed-off-by: Daniel Walton <dwalton@cumulusnetworks.com>
Reviewed-by:   Donald Sharp <sharpd@cumulusnetworks.com>

Ticket: CM-7145
---

diff --git a/bgpd/bgp_fsm.c b/bgpd/bgp_fsm.c
index 02dddadf99..5586be710f 100644
--- a/bgpd/bgp_fsm.c
+++ b/bgpd/bgp_fsm.c
@@ -174,6 +174,7 @@ peer_xfer_conn(struct peer *from_peer)
 	peer->afc_nego[afi][safi] = from_peer->afc_nego[afi][safi];
 	peer->afc_adv[afi][safi] = from_peer->afc_adv[afi][safi];
 	peer->afc_recv[afi][safi] = from_peer->afc_recv[afi][safi];
+	peer->orf_plist[afi][safi] = from_peer->orf_plist[afi][safi];
       }
 
   if (bgp_getsockname(peer) < 0)
diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c
index efac3bbbbe..f7336ea2f1 100644
--- a/bgpd/bgp_packet.c
+++ b/bgpd/bgp_packet.c
@@ -1780,6 +1780,8 @@ bgp_route_refresh_receive (struct peer *peer, bgp_size_t size)
   safi_t safi;
   struct stream *s;
   struct peer_af *paf;
+  struct update_group *updgrp;
+  struct peer *updgrp_peer;
 
   /* If peer does not have the capability, send notification. */
   if (! CHECK_FLAG (peer->cap, PEER_CAP_REFRESH_ADV))
@@ -1956,8 +1958,8 @@ bgp_route_refresh_receive (struct peer *peer, bgp_size_t size)
 		      break;
 		    }
 		}
-	      peer->orf_plist[afi][safi] =
-		prefix_list_lookup (afi, name);
+
+	      peer->orf_plist[afi][safi] = prefix_bgp_orf_lookup (afi, name);
 	    }
 	  stream_forward_getp (s, orf_len);
 	}
@@ -1972,14 +1974,23 @@ bgp_route_refresh_receive (struct peer *peer, bgp_size_t size)
   if (CHECK_FLAG (peer->af_sflags[afi][safi], PEER_STATUS_ORF_WAIT_REFRESH))
     UNSET_FLAG (peer->af_sflags[afi][safi], PEER_STATUS_ORF_WAIT_REFRESH);
 
-  /* If the peer is configured for default-originate clear the
-   * SUBGRP_STATUS_DEFAULT_ORIGINATE flag so that we will re-advertise the
-   * default
-   */
   paf = peer_af_find (peer, afi, safi);
-  if (paf && paf->subgroup &&
-      CHECK_FLAG (paf->subgroup->sflags, SUBGRP_STATUS_DEFAULT_ORIGINATE))
-    UNSET_FLAG (paf->subgroup->sflags, SUBGRP_STATUS_DEFAULT_ORIGINATE);
+  if (paf && paf->subgroup)
+    {
+      if (peer->orf_plist[afi][safi])
+        {
+          updgrp = PAF_UPDGRP(paf);
+          updgrp_peer = UPDGRP_PEER(updgrp);
+          updgrp_peer->orf_plist[afi][safi] = peer->orf_plist[afi][safi];
+        }
+
+      /* If the peer is configured for default-originate clear the
+       * SUBGRP_STATUS_DEFAULT_ORIGINATE flag so that we will re-advertise the
+       * default
+       */
+      if (CHECK_FLAG (paf->subgroup->sflags, SUBGRP_STATUS_DEFAULT_ORIGINATE))
+        UNSET_FLAG (paf->subgroup->sflags, SUBGRP_STATUS_DEFAULT_ORIGINATE);
+    }
 
   /* Perform route refreshment to the peer */
   bgp_announce_route (peer, afi, safi);
diff --git a/bgpd/bgp_route.c b/bgpd/bgp_route.c
index 59dd04a933..820c3cfd9a 100644
--- a/bgpd/bgp_route.c
+++ b/bgpd/bgp_route.c
@@ -1296,6 +1296,11 @@ subgroup_announce_check (struct bgp_info *ri, struct update_subgroup *subgrp,
       {
 	if (prefix_list_apply (peer->orf_plist[afi][safi], p) == PREFIX_DENY)
 	  {
+            if (bgp_debug_update(NULL, p, subgrp->update_group, 0))
+              zlog_debug ("%s [Update:SEND] %s/%d is filtered via ORF",
+                          peer->host,
+                          inet_ntop(p->family, &p->u.prefix, buf, SU_ADDRSTRLEN),
+                          p->prefixlen);
 	    return 0;
 	  }
       }
diff --git a/bgpd/bgp_updgrp.c b/bgpd/bgp_updgrp.c
index a280b55c11..c39c687823 100644
--- a/bgpd/bgp_updgrp.c
+++ b/bgpd/bgp_updgrp.c
@@ -151,6 +151,7 @@ conf_copy (struct peer *dst, struct peer *src, afi_t afi, safi_t safi)
   dst->cap = src->cap;
   dst->af_cap[afi][safi] = src->af_cap[afi][safi];
   dst->afc_nego[afi][safi] = src->afc_nego[afi][safi];
+  dst->orf_plist[afi][safi] = src->orf_plist[afi][safi];
   dst->local_as = src->local_as;
   dst->change_local_as = src->change_local_as;
   dst->shared_network = src->shared_network;
@@ -372,12 +373,14 @@ updgrp_hash_key_make (void *p)
 		     key);
 
   /*
-   * Every peer configured to be a lonesoul gets its own update group.
-   *
-   * Every route server client gets its own update group as well. Optimize
-   * later.
+   * There are certain peers that must get their own update-group:
+   * - lonesoul peers
+   * - route server clients
+   * - peers that negotiated ORF
    */
   if (CHECK_FLAG (peer->flags, PEER_FLAG_LONESOUL) ||
+      CHECK_FLAG (peer->af_cap[afi][safi], PEER_CAP_ORF_PREFIX_SM_RCV) ||
+      CHECK_FLAG (peer->af_cap[afi][safi], PEER_CAP_ORF_PREFIX_SM_OLD_RCV) ||
       CHECK_FLAG (peer->af_flags[afi][safi], PEER_FLAG_RSERVER_CLIENT))
     key = jhash_1word (jhash (peer->host, strlen (peer->host), SEED2), key);
 
@@ -488,6 +491,8 @@ updgrp_hash_cmp (const void *p1, const void *p2)
     return 0;
 
   if ((CHECK_FLAG (pe1->flags, PEER_FLAG_LONESOUL) ||
+       CHECK_FLAG (pe1->af_cap[afi][safi], PEER_CAP_ORF_PREFIX_SM_RCV) ||
+       CHECK_FLAG (pe1->af_cap[afi][safi], PEER_CAP_ORF_PREFIX_SM_OLD_RCV) ||
        CHECK_FLAG (pe1->af_flags[afi][safi], PEER_FLAG_RSERVER_CLIENT)) &&
       !sockunion_same (&pe1->su, &pe2->su))
     return 0;