From 5a78f2bcb0d1135fceb4ef62f9f7f6487c8c35ea Mon Sep 17 00:00:00 2001 From: Eugene Bogomazov Date: Wed, 22 Jun 2022 12:47:22 +0300 Subject: [PATCH] bgpd: add AFI/SAFI check for RFC 9234 RFC 9234 mandates that role rules apply only to IPv4/IPv6 unicast bgp sessions. If the OTC attribute appears in other sessions, it will remain untouched. Signed-off-by: Eugene Bogomazov --- bgpd/bgp_route.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/bgpd/bgp_route.c b/bgpd/bgp_route.c index 90e3f88058..b7b069fbed 100644 --- a/bgpd/bgp_route.c +++ b/bgpd/bgp_route.c @@ -1598,6 +1598,11 @@ static bool bgp_otc_egress(struct peer *peer, struct attr *attr) return false; } +static bool bgp_check_role_applicability(afi_t afi, safi_t safi) +{ + return ((afi == AFI_IP || afi == AFI_IP6) && safi == SAFI_UNICAST); +} + static int bgp_input_modifier(struct peer *peer, const struct prefix *p, struct attr *attr, afi_t afi, safi_t safi, const char *rmap_name, mpls_label_t *label, @@ -2202,7 +2207,8 @@ bool subgroup_announce_check(struct bgp_dest *dest, struct bgp_path_info *pi, memset(&attr->mp_nexthop_local, 0, IPV6_MAX_BYTELEN); } - if (bgp_otc_egress(peer, attr)) + if (bgp_check_role_applicability(afi, safi) && + bgp_otc_egress(peer, attr)) return false; bgp_peer_remove_private_as(bgp, afi, safi, peer, attr); @@ -4001,12 +4007,12 @@ int bgp_update(struct peer *peer, const struct prefix *p, uint32_t addpath_id, goto filtered; } - if (bgp_otc_filter(peer, &new_attr)) { + if (bgp_check_role_applicability(afi, safi) && + bgp_otc_filter(peer, &new_attr)) { reason = "failing otc validation"; bgp_attr_flush(&new_attr); goto filtered; } - /* The flag BGP_NODE_FIB_INSTALL_PENDING is for the following * condition : * Suppress fib is enabled -- 2.39.5