From 4c2876fb8d61cd3e2bf9668fdc10bd30140ef3af Mon Sep 17 00:00:00 2001
From: Philippe Guibert <philippe.guibert@6wind.com>
Date: Tue, 27 Nov 2018 13:35:28 +0100
Subject: [PATCH] bgpd: bgp pbr ignores bgp fs entries with 0.0.0.0 ips
 written.

when converting bgp fs entries to bgp pbr entries, the fields of the
flowspec are analysed. In the case src ip or dst ip is set to 0.0.0.0,
that field is ignored, thus preventing from injecting a rule that can
not be injected into the pbr. This can be done by avoiding mentioning
the field in the bitmask structure used to convert data to pbr entries.

PR=61620
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Acked-by: Emmanuel Vize <emmanuel.vize@6wind.com>
---
 bgpd/bgp_flowspec_util.c | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/bgpd/bgp_flowspec_util.c b/bgpd/bgp_flowspec_util.c
index cb71a64a85..c6386dcdb5 100644
--- a/bgpd/bgp_flowspec_util.c
+++ b/bgpd/bgp_flowspec_util.c
@@ -449,8 +449,17 @@ int bgp_flowspec_match_rules_fill(uint8_t *nlri_content, int len,
 				flog_err(EC_BGP_FLOWSPEC_PACKET,
 					 "%s: flowspec_ip_address error %d",
 					 __func__, error);
-			else
-				bpem->match_bitmask |= bitmask;
+			else {
+				/* if src or dst address is 0.0.0.0,
+				 * ignore that rule
+				 */
+				if (prefix->family == AF_INET
+				    && prefix->u.prefix4.s_addr == 0)
+					memset(prefix, 0,
+					       sizeof(struct prefix));
+				else
+					bpem->match_bitmask |= bitmask;
+			}
 			offset += ret;
 			break;
 		case FLOWSPEC_IP_PROTOCOL:
-- 
2.39.5