From 0f001a82a862df4dfd105264f75b901927b7597a Mon Sep 17 00:00:00 2001 From: Louis Scalbert Date: Thu, 28 Apr 2022 18:32:20 +0200 Subject: [PATCH] bgpd: fix prefix VRF leaking with 'network import-check' (1/5) If 'network import-check' is defined on the source BGP session, prefixes that are stated in the network command cannot be leaked to the other VRFs BGP table even if they are present in the origin VRF RIB. Always validate the nexthop of BGP static routes (i.e. defined with the network statement) if 'network import-check' is defined on the source BGP session and the prefix is present in source RIB. It fixes the issue when the 'rt import' statement is defined after the 'network' ones. Signed-off-by: Louis Scalbert --- bgpd/bgp_mplsvpn.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/bgpd/bgp_mplsvpn.c b/bgpd/bgp_mplsvpn.c index 7a1bbe2efd..eb0d9d2826 100644 --- a/bgpd/bgp_mplsvpn.c +++ b/bgpd/bgp_mplsvpn.c @@ -1084,7 +1084,11 @@ static bool leak_update_nexthop_valid(struct bgp *to_bgp, struct bgp_dest *bn, (table->safi == SAFI_UNICAST || table->safi == SAFI_LABELED_UNICAST)) { /* Routes from network statement */ - if (!CHECK_FLAG(bgp_nexthop->flags, BGP_FLAG_IMPORT_CHECK)) + if (CHECK_FLAG(bgp_nexthop->flags, BGP_FLAG_IMPORT_CHECK)) + nh_valid = bgp_find_or_add_nexthop( + to_bgp, bgp_nexthop, afi, safi, bpi_ultimate, + NULL, 0, p); + else nh_valid = 1; } else /* -- 2.39.5