summaryrefslogtreecommitdiff
path: root/ospfd/ospf_packet.c
diff options
context:
space:
mode:
Diffstat (limited to 'ospfd/ospf_packet.c')
-rw-r--r--ospfd/ospf_packet.c15
1 files changed, 15 insertions, 0 deletions
diff --git a/ospfd/ospf_packet.c b/ospfd/ospf_packet.c
index 60479ddcd1..87aaccad92 100644
--- a/ospfd/ospf_packet.c
+++ b/ospfd/ospf_packet.c
@@ -23,6 +23,7 @@
#endif
#include "vrf.h"
#include "lib_errors.h"
+#include "plist.h"
#include "ospfd/ospfd.h"
#include "ospfd/ospf_network.h"
@@ -2747,6 +2748,20 @@ static enum ospf_read_return_enum ospf_read_helper(struct ospf *ospf)
oi = ospf_if_lookup_recv_if(ospf, iph->ip_src, ifp);
/*
+ * If a neighbor filter prefix-list is configured, apply it to the IP
+ * source address and ignore the packet if it doesn't match.
+ */
+ if (oi && oi->nbr_filter) {
+ struct prefix ip_src_prefix = { AF_INET, IPV4_MAX_BITLEN, { 0 } };
+
+ ip_src_prefix.u.prefix4 = iph->ip_src;
+ if (prefix_list_apply(oi->nbr_filter,
+ (struct prefix *)&(ip_src_prefix)) !=
+ PREFIX_PERMIT)
+ return OSPF_READ_CONTINUE;
+ }
+
+ /*
* ospf_verify_header() relies on a valid "oi" and thus can be called
* only after the passive/backbone/other checks below are passed.
* These checks in turn access the fields of unverified "ospfh"