diff options
| author | Acee Lindem <acee@lindem.com> | 2024-04-17 20:14:56 +0000 |
|---|---|---|
| committer | Acee Lindem <acee@lindem.com> | 2024-04-18 15:32:58 +0000 |
| commit | 0ccad8a2b0b744d7ed64f53ab6e70a8d6aba69e6 (patch) | |
| tree | fce17b663806106750689e00ba161c42dd53b6fd /ospfd/ospf_packet.c | |
| parent | 84d1fb19e22a5f0d13d3bbb7c74e9948773e66f3 (diff) | |
ospfd: Add prefix-list filtering of OSPF neighbors on OSPF interface
This commit adds the capabiity to filter OSPF neighbors using a
prefix-list with rules matching the neighbor's IP source address.
Configuration, filtering, immediate neighbor pruning, topo-tests,
and documentation are included. The command is:
ip ospf neighbor-filter <prefix-list> [A.B.C.D]
Signed-off-by: Acee Lindem <acee@lindem.com>
Diffstat (limited to 'ospfd/ospf_packet.c')
| -rw-r--r-- | ospfd/ospf_packet.c | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/ospfd/ospf_packet.c b/ospfd/ospf_packet.c index 60479ddcd1..87aaccad92 100644 --- a/ospfd/ospf_packet.c +++ b/ospfd/ospf_packet.c @@ -23,6 +23,7 @@ #endif #include "vrf.h" #include "lib_errors.h" +#include "plist.h" #include "ospfd/ospfd.h" #include "ospfd/ospf_network.h" @@ -2747,6 +2748,20 @@ static enum ospf_read_return_enum ospf_read_helper(struct ospf *ospf) oi = ospf_if_lookup_recv_if(ospf, iph->ip_src, ifp); /* + * If a neighbor filter prefix-list is configured, apply it to the IP + * source address and ignore the packet if it doesn't match. + */ + if (oi && oi->nbr_filter) { + struct prefix ip_src_prefix = { AF_INET, IPV4_MAX_BITLEN, { 0 } }; + + ip_src_prefix.u.prefix4 = iph->ip_src; + if (prefix_list_apply(oi->nbr_filter, + (struct prefix *)&(ip_src_prefix)) != + PREFIX_PERMIT) + return OSPF_READ_CONTINUE; + } + + /* * ospf_verify_header() relies on a valid "oi" and thus can be called * only after the passive/backbone/other checks below are passed. * These checks in turn access the fields of unverified "ospfh" |