From: Donatas Abraitis Date: Fri, 10 May 2019 14:01:39 +0000 (+0300) Subject: bgpd: Move inbound policy check outside bgp_input_modifier() X-Git-Tag: base_7.2~368^2 X-Git-Url: https://git.puffer.fish/?a=commitdiff_plain;h=a8b72dc69e06f78ec3cdad52448c478689a94a86;p=matthieu%2Ffrr.git bgpd: Move inbound policy check outside bgp_input_modifier() Signed-off-by: Donatas Abraitis --- diff --git a/bgpd/bgp_route.c b/bgpd/bgp_route.c index fc6798fdfc..02cb72209f 100644 --- a/bgpd/bgp_route.c +++ b/bgpd/bgp_route.c @@ -1219,20 +1219,6 @@ static int bgp_input_modifier(struct peer *peer, struct prefix *p, } } - /* RFC 8212 to prevent route leaks. - * This specification intends to improve this situation by requiring the - * explicit configuration of both BGP Import and Export Policies for any - * External BGP (EBGP) session such as customers, peers, or - * confederation boundaries for all enabled address families. Through - * codification of the aforementioned requirement, operators will - * benefit from consistent behavior across different BGP - * implementations. - */ - if (peer->bgp->ebgp_requires_policy - == DEFAULT_EBGP_POLICY_ENABLED) - if (!bgp_inbound_policy_exists(peer, filter)) - return RMAP_DENY; - /* Route map apply. */ if (rmap) { memset(&rmap_path, 0, sizeof(struct bgp_path_info)); @@ -3049,6 +3035,22 @@ int bgp_update(struct peer *peer, struct prefix *p, uint32_t addpath_id, goto filtered; } + /* RFC 8212 to prevent route leaks. + * This specification intends to improve this situation by requiring the + * explicit configuration of both BGP Import and Export Policies for any + * External BGP (EBGP) session such as customers, peers, or + * confederation boundaries for all enabled address families. Through + * codification of the aforementioned requirement, operators will + * benefit from consistent behavior across different BGP + * implementations. + */ + if (peer->bgp->ebgp_requires_policy == DEFAULT_EBGP_POLICY_ENABLED) + if (!bgp_inbound_policy_exists(peer, + &peer->filter[afi][safi])) { + reason = "inbound policy missing"; + goto filtered; + } + bgp_attr_dup(&new_attr, attr); /* Apply incoming route-map.