bgpd: fallback proto icmp/v6 to appropriate l3 filter

if match protocol is icmp, then this protocol will be filtered with afi
= ipv4. however, if afi = ipv6, then the icmp protocol will fall back to
icmpv6.
note that this patch has also been done to simplify the policy routing,
as BGP will only handle TCP/UDP/ICMP(v4 or v6) protocols.

Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>

2 files changed, 6 insertions, 1 deletions

diff --git a/bgpd/bgp_pbr.c b/bgpd/bgp_pbr.c
index 945a2e494a..32b57aa96d 100644
--- a/bgpd/bgp_pbr.c
+++ b/bgpd/bgp_pbr.c
@@ -536,6 +536,7 @@ static int bgp_pbr_validate_policy_route(struct bgp_pbr_entry_main *api)
 	if (api->match_protocol_num == 1 &&
 	    api->protocol[0].value != PROTOCOL_UDP &&
 	    api->protocol[0].value != PROTOCOL_ICMP &&
+	    api->protocol[0].value != PROTOCOL_ICMPV6 &&
 	    api->protocol[0].value != PROTOCOL_TCP) {
 		if (BGP_DEBUG(pbr, PBR))
 			zlog_debug("BGP: match protocol operations:protocol (%d) not supported. ignoring",
@@ -2694,8 +2695,11 @@ static void bgp_pbr_handle_entry(struct bgp *bgp, struct bgp_path_info *path,
 		bpf.type = api->type;
 	memset(&nh, 0, sizeof(struct nexthop));
 	nh.vrf_id = VRF_UNKNOWN;
-	if (api->match_protocol_num)
+	if (api->match_protocol_num) {
 		proto = (uint8_t)api->protocol[0].value;
+		if (api->afi == AF_INET6 && proto == IPPROTO_ICMPV6)
+			proto = IPPROTO_ICMP;
+	}
 	/* if match_port is selected, then either src or dst port will be parsed
 	 * but not both at the same time
 	 */
diff --git a/bgpd/bgp_pbr.h b/bgpd/bgp_pbr.h
index dc2bb7260e..379ac40672 100644
--- a/bgpd/bgp_pbr.h
+++ b/bgpd/bgp_pbr.h
@@ -125,6 +125,7 @@ struct bgp_pbr_entry_main {
 #define PROTOCOL_UDP 17
 #define PROTOCOL_TCP 6
 #define PROTOCOL_ICMP 1
+#define PROTOCOL_ICMPV6 58
 	struct bgp_pbr_match_val protocol[BGP_PBR_MATCH_VAL_MAX];
 	struct bgp_pbr_match_val src_port[BGP_PBR_MATCH_VAL_MAX];
 	struct bgp_pbr_match_val dst_port[BGP_PBR_MATCH_VAL_MAX];