From 623b3ab5c8f521b336bf6405c69d0a40cc743163 Mon Sep 17 00:00:00 2001
From: zmw12306 <zmw12306@gmail.com>
Date: Mon, 7 Apr 2025 16:13:45 -0400
Subject: [PATCH] nhrpd: Add Hop Count Validation Before Forwarding in
 nhrp_peer_recv()

According to [RFC 2332, Section 5.1], if an NHS receives a packet that it would normally forward and the hop count is zero, it must send an error indication back to the source and drop the packet.

Signed-off-by: zmw12306 <zmw12306@gmail.com>
(cherry picked from commit 7c877164820bfc1cd7f84b3f7529f716b0f897cd)
---
 nhrpd/nhrp_peer.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/nhrpd/nhrp_peer.c b/nhrpd/nhrp_peer.c
index fa11980c18..97932795a3 100644
--- a/nhrpd/nhrp_peer.c
+++ b/nhrpd/nhrp_peer.c
@@ -1355,6 +1355,11 @@ void nhrp_peer_recv(struct nhrp_peer *p, struct zbuf *zb)
 		}
 		break;
 	case NHRP_ROUTE_NBMA_NEXTHOP:
+		if (hdr->hop_count == 0) {
+			nhrp_packet_send_error(&pp, NHRP_ERROR_HOP_COUNT_EXCEEDED, 0);
+			info = "hop count exceeded";
+			goto drop;
+		}
 		nhrp_peer_forward(peer, &pp);
 		break;
 	case NHRP_ROUTE_BLACKHOLE:
-- 
2.39.5