1 files changed, 36 insertions, 2 deletions

diff --git a/bgpd/bgp_flowspec_util.c b/bgpd/bgp_flowspec_util.c
index cb71a64a85..cd5bec6267 100644
--- a/bgpd/bgp_flowspec_util.c
+++ b/bgpd/bgp_flowspec_util.c
@@ -23,6 +23,7 @@
 #include "prefix.h"
 #include "lib_errors.h"
 
+#include "bgp_route.h"
 #include "bgp_table.h"
 #include "bgp_flowspec_util.h"
 #include "bgp_flowspec_private.h"
@@ -449,8 +450,17 @@ int bgp_flowspec_match_rules_fill(uint8_t *nlri_content, int len,
 				flog_err(EC_BGP_FLOWSPEC_PACKET,
 					 "%s: flowspec_ip_address error %d",
 					 __func__, error);
-			else
-				bpem->match_bitmask |= bitmask;
+			else {
+				/* if src or dst address is 0.0.0.0,
+				 * ignore that rule
+				 */
+				if (prefix->family == AF_INET
+				    && prefix->u.prefix4.s_addr == 0)
+					memset(prefix, 0,
+					       sizeof(struct prefix));
+				else
+					bpem->match_bitmask |= bitmask;
+			}
 			offset += ret;
 			break;
 		case FLOWSPEC_IP_PROTOCOL:
@@ -572,3 +582,27 @@ int bgp_flowspec_match_rules_fill(uint8_t *nlri_content, int len,
 	}
 	return error;
 }
+
+/* return 1 if FS entry invalid or no NH IP */
+int bgp_flowspec_get_first_nh(struct bgp *bgp, struct bgp_path_info *pi,
+			      struct prefix *p)
+{
+	struct bgp_pbr_entry_main api;
+	int i;
+	struct bgp_node *rn = pi->net;
+	struct bgp_pbr_entry_action *api_action;
+
+	memset(&api, 0, sizeof(struct bgp_pbr_entry_main));
+	if (bgp_pbr_build_and_validate_entry(&rn->p, pi, &api) < 0)
+		return 1;
+	for (i = 0; i < api.action_num; i++) {
+		api_action = &api.actions[i];
+		if (api_action->action != ACTION_REDIRECT_IP)
+			continue;
+		p->family = AF_INET;
+		p->prefixlen = IPV4_MAX_BITLEN;
+		p->u.prefix4 = api_action->u.zr.redirect_ip_v4;
+		return 0;
+	}
+	return 1;
+}