diff options
| author | anlan_cs <vic.lan@pica8.com> | 2023-05-10 22:04:33 +0800 |
|---|---|---|
| committer | Mergify <37929162+mergify[bot]@users.noreply.github.com> | 2023-05-22 11:25:56 +0000 |
| commit | 2d8eaf6668ed4bad9b126b662f61751b3e51c0d4 (patch) | |
| tree | 0a4bfa3be933e7e037edeb93159731924a43c143 /bfdd | |
| parent | d6c72a07aed870990de43d796c994e42d17f7a5c (diff) | |
bfdd: Fix malformed session with vrf
With this configuration:
```
bfd
peer 33:33::66 local-address 33:33::88 vrf vrf8 interface enp1s0
exit
!
exit
```
The bfd session can't be established with error:
```
bfdd[18663]: [YA0Q5-C0BPV] control-packet: wrong vrfid. [mhop:no peer:33:33::66 local:33:33::88 port:2 vrf:61]
```
The vrf check should use the carefully adjusted `vrfid`, which is
based on globally/reliable interface. We can't believe the
`bvrf->vrf->vrf_id` because the `/proc/sys/net/ipv4/udp_l3mdev_accept`
maybe is set "1" in VRF-lite backend even with security drawback.
Just correct the vrf check.
Signed-off-by: anlan_cs <vic.lan@pica8.com>
(cherry picked from commit b17c179664da7331a4669a1cf548e4e9c48a5477)
Diffstat (limited to 'bfdd')
| -rw-r--r-- | bfdd/bfd_packet.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/bfdd/bfd_packet.c b/bfdd/bfd_packet.c index 6397aa5747..603d220069 100644 --- a/bfdd/bfd_packet.c +++ b/bfdd/bfd_packet.c @@ -896,7 +896,7 @@ void bfd_recv_cb(struct thread *t) /* * We may have a situation where received packet is on wrong vrf */ - if (bfd && bfd->vrf && bfd->vrf != bvrf->vrf) { + if (bfd && bfd->vrf && bfd->vrf->vrf_id != vrfid) { cp_debug(is_mhop, &peer, &local, ifindex, vrfid, "wrong vrfid."); return; |