From 6913cb1b20a76f68f185f4ae65349a358bd4b372 Mon Sep 17 00:00:00 2001
From: Stephen Worley <sworley@cumulusnetworks.com>
Date: Mon, 9 Sep 2019 17:20:17 -0400
Subject: [PATCH] zebra: Don't resolve to diff interface if given

If the nexthop is of type `GATEWAY_IFINDEX` then the nexthop
should not resolve to a nexthop that has a different ifindex
from the one given.

Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
---
 zebra/zebra_nhg.c | 33 +++++++++++++++++++++++++++++----
 1 file changed, 29 insertions(+), 4 deletions(-)

diff --git a/zebra/zebra_nhg.c b/zebra/zebra_nhg.c
index ee2956d3ea..35df02a19a 100644
--- a/zebra/zebra_nhg.c
+++ b/zebra/zebra_nhg.c
@@ -122,6 +122,33 @@ static void nexthop_set_resolved(afi_t afi, const struct nexthop *newhop,
 	_nexthop_add(&nexthop->resolved, resolved_hop);
 }
 
+/* Checks if nexthop we are trying to resolve to is valid */
+static bool nexthop_valid_resolve(const struct nexthop *nexthop,
+				  const struct nexthop *resolved)
+{
+	/* Can't resolve to a recursive nexthop */
+	if (CHECK_FLAG(resolved->flags, NEXTHOP_FLAG_RECURSIVE))
+		return false;
+
+	switch (nexthop->type) {
+	case NEXTHOP_TYPE_IPV4_IFINDEX:
+	case NEXTHOP_TYPE_IPV6_IFINDEX:
+		/* If the nexthop we are resolving to does not match the
+		 * ifindex for the nexthop the route wanted, its not valid.
+		 */
+		if (nexthop->ifindex != resolved->ifindex)
+			return false;
+		break;
+	case NEXTHOP_TYPE_IPV4:
+	case NEXTHOP_TYPE_IPV6:
+	case NEXTHOP_TYPE_IFINDEX:
+	case NEXTHOP_TYPE_BLACKHOLE:
+		break;
+	}
+
+	return true;
+}
+
 /*
  * Given a nexthop we need to properly recursively resolve
  * the route.  As such, do a table lookup to find and match
@@ -287,8 +314,7 @@ static int nexthop_active(afi_t afi, struct route_entry *re,
 				if (!CHECK_FLAG(match->status,
 						ROUTE_ENTRY_INSTALLED))
 					continue;
-				if (CHECK_FLAG(newhop->flags,
-					       NEXTHOP_FLAG_RECURSIVE))
+				if (!nexthop_valid_resolve(nexthop, newhop))
 					continue;
 
 				SET_FLAG(nexthop->flags,
@@ -308,8 +334,7 @@ static int nexthop_active(afi_t afi, struct route_entry *re,
 				if (!CHECK_FLAG(match->status,
 						ROUTE_ENTRY_INSTALLED))
 					continue;
-				if (CHECK_FLAG(newhop->flags,
-					       NEXTHOP_FLAG_RECURSIVE))
+				if (!nexthop_valid_resolve(nexthop, newhop))
 					continue;
 
 				SET_FLAG(nexthop->flags,
-- 
2.39.5