bgpd: Limit flowspec to no attribute means a implicit withdrawal

All other parsing functions done from bgp_nlri_parse() assume no attributes == an implicit withdrawal. Let's move bgp_nlri_parse_flowspec() into the same alignment. Reported-by: Matteo Memelli <mmemelli@amazon.it> Signed-off-by: Donald Sharp <sharpd@nvidia.com>
author: Donald Sharp <sharpd@nvidia.com> 2023-04-05 14:57:05 -0400
committer: Donald Sharp <sharpd@nvidia.com> 2023-04-06 07:13:30 -0400
commit: cfd04dcb3e689754a72507d086ba3b9709fc5ed8 (patch)
tree: 60f7390c37e14f6a754c5eb505808f5a1db91748 /bgpd/bgp_flowspec.c
parent: 78745b8700f25187995ef010ff7486eb4c53296d (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/bgpd/bgp_flowspec.c b/bgpd/bgp_flowspec.c
index f9debe43cd..5e1be21402 100644
--- a/bgpd/bgp_flowspec.c
+++ b/bgpd/bgp_flowspec.c
@@ -98,6 +98,13 @@ int bgp_nlri_parse_flowspec(struct peer *peer, struct attr *attr,
 	afi = packet->afi;
 	safi = packet->safi;
 
+	/*
+	 * All other AFI/SAFI's treat no attribute as a implicit
+	 * withdraw.  Flowspec should as well.
+	 */
+	if (!attr)
+		withdraw = 1;
+
 	if (packet->length >= FLOWSPEC_NLRI_SIZELIMIT_EXTENDED) {
 		flog_err(EC_BGP_FLOWSPEC_PACKET,
 			 "BGP flowspec nlri length maximum reached (%u)",
author	Donald Sharp <sharpd@nvidia.com>	2023-04-05 14:57:05 -0400
committer	Donald Sharp <sharpd@nvidia.com>	2023-04-06 07:13:30 -0400
commit	cfd04dcb3e689754a72507d086ba3b9709fc5ed8 (patch)
tree	60f7390c37e14f6a754c5eb505808f5a1db91748 /bgpd/bgp_flowspec.c
parent	78745b8700f25187995ef010ff7486eb4c53296d (diff)