From 3caff6ca60390aa5962b4aa3b66c50fc8b8006b9 Mon Sep 17 00:00:00 2001 From: Donald Sharp Date: Tue, 19 May 2015 18:29:15 -0700 Subject: [PATCH] Include loopback IP addresses in martian NEXTHOP check --- bgpd/bgp_nexthop.c | 54 ---------------------------------------------- bgpd/bgp_nexthop.h | 1 - bgpd/bgp_route.c | 14 ++++++++---- 3 files changed, 10 insertions(+), 59 deletions(-) diff --git a/bgpd/bgp_nexthop.c b/bgpd/bgp_nexthop.c index 7f516379bf..40b719fe31 100644 --- a/bgpd/bgp_nexthop.c +++ b/bgpd/bgp_nexthop.c @@ -92,45 +92,6 @@ bnc_free (struct bgp_nexthop_cache *bnc) XFREE (MTYPE_BGP_NEXTHOP_CACHE, bnc); } -/* If nexthop exists on connected network return 1. */ -int -bgp_nexthop_onlink (afi_t afi, struct attr *attr) -{ - struct bgp_node *rn; - - /* Lookup the address is onlink or not. */ - if (afi == AFI_IP) - { - rn = bgp_node_match_ipv4 (bgp_connected_table[AFI_IP], &attr->nexthop); - if (rn) - { - bgp_unlock_node (rn); - return 1; - } - } -#ifdef HAVE_IPV6 - else if (afi == AFI_IP6) - { - if (attr->extra->mp_nexthop_len == BGP_ATTR_NHLEN_IPV6_GLOBAL_AND_LL) - return 1; - else if (attr->extra->mp_nexthop_len == BGP_ATTR_NHLEN_IPV6_GLOBAL) - { - if (IN6_IS_ADDR_LINKLOCAL (&attr->extra->mp_nexthop_global)) - return 1; - - rn = bgp_node_match_ipv6 (bgp_connected_table[AFI_IP6], - &attr->extra->mp_nexthop_global); - if (rn) - { - bgp_unlock_node (rn); - return 1; - } - } - } -#endif /* HAVE_IPV6 */ - return 0; -} - /* Reset and free all BGP nexthop cache. */ static void bgp_nexthop_cache_reset (struct bgp_table *table) @@ -241,18 +202,9 @@ bgp_connected_add (struct connected *ifc) { struct prefix p; struct prefix *addr; - struct interface *ifp; struct bgp_node *rn; struct bgp_connected_ref *bc; - ifp = ifc->ifp; - - if (! ifp) - return; - - if (if_is_loopback (ifp)) - return; - addr = ifc->address; if (addr->family == AF_INET) @@ -311,15 +263,9 @@ bgp_connected_delete (struct connected *ifc) { struct prefix p; struct prefix *addr; - struct interface *ifp; struct bgp_node *rn; struct bgp_connected_ref *bc; - ifp = ifc->ifp; - - if (if_is_loopback (ifp)) - return; - addr = ifc->address; if (addr->family == AF_INET) diff --git a/bgpd/bgp_nexthop.h b/bgpd/bgp_nexthop.h index ffa726dad4..5485bb2c13 100644 --- a/bgpd/bgp_nexthop.h +++ b/bgpd/bgp_nexthop.h @@ -63,7 +63,6 @@ extern void bgp_connected_add (struct connected *c); extern void bgp_connected_delete (struct connected *c); extern int bgp_multiaccess_check_v4 (struct in_addr, struct peer *); extern int bgp_config_write_scan_time (struct vty *); -extern int bgp_nexthop_onlink (afi_t, struct attr *); extern int bgp_nexthop_self (struct attr *); extern void bgp_address_init (void); extern struct bgp_nexthop_cache *bnc_new(void); diff --git a/bgpd/bgp_route.c b/bgpd/bgp_route.c index 1a8fb3562b..530009d62d 100644 --- a/bgpd/bgp_route.c +++ b/bgpd/bgp_route.c @@ -2711,16 +2711,22 @@ bgp_update_main (struct peer *peer, struct prefix *p, u_int32_t addpath_id, /* IPv4 unicast next hop check. */ if (afi == AFI_IP && safi == SAFI_UNICAST) { - /* Next hop must not be 0.0.0.0 nor Class D/E address. Next hop - must not be my own address. */ + /* Next hop must not be 0.0.0.0 nor Class D/E address. */ if (new_attr.nexthop.s_addr == 0 - || IPV4_CLASS_DE (ntohl (new_attr.nexthop.s_addr)) - || bgp_nexthop_self (&new_attr)) + || IPV4_CLASS_DE (ntohl (new_attr.nexthop.s_addr))) { reason = "martian next-hop;"; bgp_attr_flush (&new_attr); goto filtered; } + + /* Next hop must not be my own address. */ + if (bgp_nexthop_self (&new_attr)) + { + reason = "local IP next-hop;"; + bgp_attr_flush (&new_attr); + goto filtered; + } } attr_new = bgp_attr_intern (&new_attr); -- 2.39.5