From: Donald Sharp Date: Fri, 22 Feb 2019 15:20:51 +0000 (-0500) Subject: isisd, ospf6d, ripngd: Do not allow v6 LL's to be `redist connected` in X-Git-Tag: 7.1_pulled~129^2 X-Git-Url: https://git.puffer.fish/?a=commitdiff_plain;h=refs%2Fpull%2F3764%2Fhead;p=mirror%2Ffrr.git isisd, ospf6d, ripngd: Do not allow v6 LL's to be `redist connected` in The rib process of handling routes has been unified a bit more and as a result v6 LL routes are now showing up as a result of a `redistribute connected`. Doing anything with these routes is a policy decision that should be enforced by the individual routing daemons not by zebra. As such add a bit of code to isisd, ripngd and opsf6d to handle them. The bgp daemon already handles this situation. Signed-off-by: Donald Sharp --- diff --git a/isisd/isis_zebra.c b/isisd/isis_zebra.c index dfe74e325e..79d79f8911 100644 --- a/isisd/isis_zebra.c +++ b/isisd/isis_zebra.c @@ -362,6 +362,10 @@ static int isis_zebra_read(int command, struct zclient *zclient, if (zapi_route_decode(zclient->ibuf, &api) < 0) return -1; + if (api.prefix.family == AF_INET6 + && IN6_IS_ADDR_LINKLOCAL(&api.prefix.u.prefix6)) + return 0; + /* * Avoid advertising a false default reachability. (A default * route installed by IS-IS gets redistributed from zebra back diff --git a/ospf6d/ospf6_zebra.c b/ospf6d/ospf6_zebra.c index 54f1735e7a..abdc82a738 100644 --- a/ospf6d/ospf6_zebra.c +++ b/ospf6d/ospf6_zebra.c @@ -226,6 +226,9 @@ static int ospf6_zebra_read_route(int command, struct zclient *zclient, if (CHECK_FLAG(api.message, ZAPI_MESSAGE_SRCPFX)) return 0; + if (IN6_IS_ADDR_LINKLOCAL(&api.prefix.u.prefix6)) + return 0; + ifindex = api.nexthops[0].ifindex; nexthop = &api.nexthops[0].gate.ipv6; diff --git a/ripngd/ripng_zebra.c b/ripngd/ripng_zebra.c index 28a57f25d0..c68c066f0c 100644 --- a/ripngd/ripng_zebra.c +++ b/ripngd/ripng_zebra.c @@ -126,6 +126,9 @@ static int ripng_zebra_read_route(int command, struct zclient *zclient, if (CHECK_FLAG(api.message, ZAPI_MESSAGE_SRCPFX)) return 0; + if (IN6_IS_ADDR_LINKLOCAL(&api.prefix.u.prefix6)) + return 0; + nexthop = api.nexthops[0].gate.ipv6; ifindex = api.nexthops[0].ifindex;