diff options
| author | Quentin Young <qlyoung@users.noreply.github.com> | 2020-04-22 13:02:50 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-04-22 13:02:50 -0400 |
| commit | 86ac1facf38df2006ab73f30eae0301057fbcade (patch) | |
| tree | 1103fe17a84ff5558ad3a8c2589b682920555596 | |
| parent | c6615abb1a9861268e10e60e7e590a55522c5c88 (diff) | |
| parent | 3255e756a2e54d1a1d5fbca4c5212016a141af20 (diff) | |
Merge pull request #6242 from pguibert6WIND/flowspec_nlri_too_big
bgpd: handle fs nlri over 240 bytes
| -rw-r--r-- | bgpd/bgp_flowspec.c | 8 | ||||
| -rw-r--r-- | bgpd/bgp_flowspec_private.h | 1 |
2 files changed, 7 insertions, 2 deletions
diff --git a/bgpd/bgp_flowspec.c b/bgpd/bgp_flowspec.c index 9554638735..17c41636de 100644 --- a/bgpd/bgp_flowspec.c +++ b/bgpd/bgp_flowspec.c @@ -108,7 +108,7 @@ int bgp_nlri_parse_flowspec(struct peer *peer, struct attr *attr, return BGP_NLRI_PARSE_ERROR_FLOWSPEC_IPV6_NOT_SUPPORTED; } - if (packet->length >= FLOWSPEC_NLRI_SIZELIMIT) { + if (packet->length >= FLOWSPEC_NLRI_SIZELIMIT_EXTENDED) { flog_err(EC_BGP_FLOWSPEC_PACKET, "BGP flowspec nlri length maximum reached (%u)", packet->length); @@ -124,7 +124,11 @@ int bgp_nlri_parse_flowspec(struct peer *peer, struct attr *attr, return BGP_NLRI_PARSE_ERROR_PACKET_OVERFLOW; psize = *pnt++; - + if (psize >= FLOWSPEC_NLRI_SIZELIMIT) { + psize &= 0x0f; + psize = psize << 8; + psize |= *pnt++; + } /* When packet overflow occur return immediately. */ if (pnt + psize > lim) { flog_err( diff --git a/bgpd/bgp_flowspec_private.h b/bgpd/bgp_flowspec_private.h index dede4e03d3..cec244c165 100644 --- a/bgpd/bgp_flowspec_private.h +++ b/bgpd/bgp_flowspec_private.h @@ -20,6 +20,7 @@ #define _FRR_BGP_FLOWSPEC_PRIVATE_H #define FLOWSPEC_NLRI_SIZELIMIT 240 +#define FLOWSPEC_NLRI_SIZELIMIT_EXTENDED 4095 /* Flowspec raffic action bit*/ #define FLOWSPEC_TRAFFIC_ACTION_TERMINAL 1 |