staticd: reject route config with too many nexthops

Restrict the number of nexthops for a route to the compiled-in limit. Be careful with the zapi route struct's array of nexthops too. Signed-off-by: Mark Stapp <mstapp@nvidia.com>
author: Mark Stapp <mstapp@nvidia.com> 2022-02-17 09:49:41 -0500
committer: Mark Stapp <mstapp@nvidia.com> 2022-02-17 09:56:40 -0500
commit: 1f7ab1a2cc2a7079c9dd2cb791fc6ba3b9c5a6aa (patch)
tree: d3c70b3f028898d934faf1e1ca82e7d6400aa37e /staticd/static_nb_config.c
parent: abc246e19345cbd2bc74c7dc50dac0b9cf2addf8 (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/staticd/static_nb_config.c b/staticd/static_nb_config.c
index d1b2c9eaa6..9ccffe53d9 100644
--- a/staticd/static_nb_config.c
+++ b/staticd/static_nb_config.c
@@ -115,7 +115,7 @@ static int static_path_list_tag_modify(struct nb_cb_modify_args *args)
 }
 
 struct nexthop_iter {
-	int count;
+	uint32_t count;
 	bool blackhole;
 };
 
@@ -171,6 +171,11 @@ static bool static_nexthop_create(struct nb_cb_create_args *args)
 				args->errmsg, args->errmsg_len,
 				"Route cannot have blackhole and non-blackhole nexthops simultaneously");
 			return NB_ERR_VALIDATION;
+		} else if (iter.count > zebra_ecmp_count) {
+			snprintf(args->errmsg, args->errmsg_len,
+				"Route cannot have more than %d ECMP nexthops",
+				 zebra_ecmp_count);
+			return NB_ERR_VALIDATION;
 		}
 		break;
 	case NB_EV_PREPARE:
author	Mark Stapp <mstapp@nvidia.com>	2022-02-17 09:49:41 -0500
committer	Mark Stapp <mstapp@nvidia.com>	2022-02-17 09:56:40 -0500
commit	1f7ab1a2cc2a7079c9dd2cb791fc6ba3b9c5a6aa (patch)
tree	d3c70b3f028898d934faf1e1ca82e7d6400aa37e /staticd/static_nb_config.c
parent	abc246e19345cbd2bc74c7dc50dac0b9cf2addf8 (diff)