From: Ryoga Saito Date: Thu, 27 Oct 2022 01:17:50 +0000 (+0900) Subject: bgpd: Fix the condition whether nexthop is changed X-Git-Tag: frr-8.4~10^2 X-Git-Url: https://git.puffer.fish/?a=commitdiff_plain;h=c0c6fe2bd428b7f80d46a6775b1c85bc6c095f75;p=mirror%2Ffrr.git bgpd: Fix the condition whether nexthop is changed Given that the following topology, route server MUST not modify NEXT_HOP attribute because route server isn't in the actual routing path. This behavior is required to comply RFC7947 (Router A) <-(eBGP peer)-> (Route Server) <-(eBGP peer)-> (Router B) RFC7947 says as follows: > As the route server does not participate in the actual routing of > traffic, the NEXT_HOP attribute MUST be passed unmodified to the route > server clients, similar to the "third-party" next-hop > feature described in Section 5.1.3. of [RFC4271]. However, current FRR is violating RFC7947 in some cases. If routers and route server established BGP peer over IPv6 connection and routers advertise ipv4-vpn routes through route server, route server will modify NEXT_HOP attribute in these advertisements. This is because the condition to check whether NEXT_HOP attribute should be changed or not is wrong. We should use (afi, safi) as the key to check, but (nhafi, safi) is actually used. This causes the RFC7947 violation. Signed-off-by: Ryoga Saito (cherry picked from commit 5b786189bc60b07c62569a324754b4b49fe61f8e) --- diff --git a/bgpd/bgp_updgrp_packet.c b/bgpd/bgp_updgrp_packet.c index 88a81f255d..344aea16f5 100644 --- a/bgpd/bgp_updgrp_packet.c +++ b/bgpd/bgp_updgrp_packet.c @@ -527,7 +527,7 @@ struct stream *bpacket_reformat_for_peer(struct bpacket *pkt, && !CHECK_FLAG(vec->flags, BPKT_ATTRVEC_FLAGS_RMAP_NH_UNCHANGED) && !peer_af_flag_check( - peer, nhafi, paf->safi, + peer, paf->afi, paf->safi, PEER_FLAG_NEXTHOP_UNCHANGED)) { /* NOTE: not handling case where NH has new AFI */