diff options
| -rw-r--r-- | bgpd/bgp_filter.c | 61 | ||||
| -rw-r--r-- | bgpd/bgp_route.c | 2 | ||||
| -rw-r--r-- | pimd/pim_igmp.c | 7 |
3 files changed, 48 insertions, 22 deletions
diff --git a/bgpd/bgp_filter.c b/bgpd/bgp_filter.c index ae9d805b05..592ceef80c 100644 --- a/bgpd/bgp_filter.c +++ b/bgpd/bgp_filter.c @@ -391,16 +391,25 @@ static int as_list_dup_check(struct as_list *aslist, struct as_filter *new) return 0; } -DEFUN (ip_as_path, - ip_as_path_cmd, - "ip as-path access-list WORD <deny|permit> LINE...", - IP_STR - "BGP autonomous system path filter\n" - "Specify an access list name\n" - "Regular expression access list name\n" - "Specify packets to reject\n" - "Specify packets to forward\n" - "A regular-expression to match the BGP AS paths\n") +static int config_bgp_aspath_validate(const char *regstr) +{ + char valid_chars[] = "1234567890_^|[,{}() ]$*+.?-\\"; + + if (strspn(regstr, valid_chars) == strlen(regstr)) + return 1; + + return 0; +} + +DEFUN(ip_as_path, ip_as_path_cmd, + "ip as-path access-list WORD <deny|permit> LINE...", + IP_STR + "BGP autonomous system path filter\n" + "Specify an access list name\n" + "Regular expression access list name\n" + "Specify packets to reject\n" + "Specify packets to forward\n" + "A regular-expression (1234567890_^|[,{}() ]$*+.?-\\) to match the BGP AS paths\n") { int idx = 0; enum as_filter_type type; @@ -428,6 +437,12 @@ DEFUN (ip_as_path, return CMD_WARNING_CONFIG_FAILED; } + if (!config_bgp_aspath_validate(regstr)) { + vty_out(vty, "Invalid character in as-path access-list %s\n", + regstr); + return CMD_WARNING_CONFIG_FAILED; + } + asfilter = as_filter_make(regex, regstr, type); XFREE(MTYPE_TMP, regstr); @@ -444,17 +459,15 @@ DEFUN (ip_as_path, return CMD_SUCCESS; } -DEFUN (no_ip_as_path, - no_ip_as_path_cmd, - "no ip as-path access-list WORD <deny|permit> LINE...", - NO_STR - IP_STR - "BGP autonomous system path filter\n" - "Specify an access list name\n" - "Regular expression access list name\n" - "Specify packets to reject\n" - "Specify packets to forward\n" - "A regular-expression to match the BGP AS paths\n") +DEFUN(no_ip_as_path, no_ip_as_path_cmd, + "no ip as-path access-list WORD <deny|permit> LINE...", + NO_STR IP_STR + "BGP autonomous system path filter\n" + "Specify an access list name\n" + "Regular expression access list name\n" + "Specify packets to reject\n" + "Specify packets to forward\n" + "A regular-expression (1234567890_^|[,{}() ]$*+.?-\\) to match the BGP AS paths\n") { int idx = 0; enum as_filter_type type; @@ -488,6 +501,12 @@ DEFUN (no_ip_as_path, argv_find(argv, argc, "LINE", &idx); regstr = argv_concat(argv, argc, idx); + if (!config_bgp_aspath_validate(regstr)) { + vty_out(vty, "Invalid character in as-path access-list %s\n", + regstr); + return CMD_WARNING_CONFIG_FAILED; + } + regex = bgp_regcomp(regstr); if (!regex) { vty_out(vty, "can't compile regexp %s\n", regstr); diff --git a/bgpd/bgp_route.c b/bgpd/bgp_route.c index b6b05434d4..e59bcae783 100644 --- a/bgpd/bgp_route.c +++ b/bgpd/bgp_route.c @@ -9391,7 +9391,7 @@ DEFUN (show_ip_bgp_regexp, BGP_AFI_HELP_STR BGP_SAFI_WITH_LABEL_HELP_STR "Display routes matching the AS path regular expression\n" - "A regular-expression to match the BGP AS paths\n") + "A regular-expression (1234567890_^|[,{}() ]$*+.?-\\) to match the BGP AS paths\n") { afi_t afi = AFI_IP6; safi_t safi = SAFI_UNICAST; diff --git a/pimd/pim_igmp.c b/pimd/pim_igmp.c index 5e1aecc3a3..31f18ce2e1 100644 --- a/pimd/pim_igmp.c +++ b/pimd/pim_igmp.c @@ -303,6 +303,13 @@ static int igmp_recv_query(struct igmp_sock *igmp, int query_version, return -1; } + if (!pim_if_connected_to_source(ifp, from)) { + if (PIM_DEBUG_IGMP_PACKETS) + zlog_debug("Recv IGMP query on interface: %s from a non-connected source: %s", + ifp->name, from_str); + return 0; + } + /* * RFC 3376 defines some guidelines on operating in backwards * compatibility with older versions of IGMP but there are some gaps in |