This is a backport to 0.99.17 of fixes to the following two bgpd CVEs: CVE-2010-1674 Fix crash due to extended-community parser error CVE-2010-1675 Fix denial of service (session reset) via a malformed AS_PATHLIMIT path attribute commit c2ee370efdf1e2143abfafbe472e662396949fb4 Author: Paul Jakma Date: Sun Dec 5 17:17:26 2010 +0000 bgpd/security: CVE-2010-1674 Fix crash due to extended-community parser error * bgp_attr.c: (bgp_attr_ext_communities) Certain extended-community attrs can leave attr->flag indicating ext-community is present, even though no extended-community object has been attached to the attr structure. Thus a null-pointer dereference can occur later. (bgp_attr_community) No bug fixed here, but tidy up flow so it has same form as previous. Problem and fix thanks to anonymous reporter. (cherry picked from commit 0c46638122f10019a12ae9668aec91691cf2e017) commit e41f28cdf76ee9e1132d645df07f0d4716909357 Author: Paul Jakma Date: Tue Jul 5 00:41:59 2011 +0400 bgpd: Remove AS Path limit/TTL functionality * draft-ietf-idr-as-pathlimit doesn't seem to have gone anywhere, and its author does not think it will make progress in IDR. Remove all support introduced for it, but leave stubs for the commands to avoid breaking any configurations. Basically reverts cecab5e9725792e60a5e4b473e238a14cd85815d. (cherry picked from commit c8f3fe3063cb9ff193b13011cfbda3e605395340) * Fixes CVE-2010-1675 denial of service (session reset) via a malformed AS_PATHLIMIT path attribute. Conflicts: bgpd/bgp_attr.c (caused by c8e7b895, resolved) bgpd/bgp_route.c (caused by type change in afi) diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c index 03a6dad..400babe 100644 --- a/bgpd/bgp_attr.c +++ b/bgpd/bgp_attr.c @@ -359,11 +359,6 @@ attrhash_key_make (void *p) key += attr->nexthop.s_addr; key += attr->med; key += attr->local_pref; - if (attr->pathlimit.as) - { - key += attr->pathlimit.ttl; - key += attr->pathlimit.as; - } if (attr->extra) { @@ -415,9 +410,7 @@ attrhash_cmp (const void *p1, const void *p2) && attr1->aspath == attr2->aspath && attr1->community == attr2->community && attr1->med == attr2->med - && attr1->local_pref == attr2->local_pref - && attr1->pathlimit.ttl == attr2->pathlimit.ttl - && attr1->pathlimit.as == attr2->pathlimit.as) + && attr1->local_pref == attr2->local_pref) { const struct attr_extra *ae1 = attr1->extra; const struct attr_extra *ae2 = attr2->extra; @@ -704,43 +697,6 @@ bgp_attr_flush (struct attr *attr) } } -/* Parse AS_PATHLIMIT attribute in an UPDATE */ -static int -bgp_attr_aspathlimit (struct peer *peer, bgp_size_t length, - struct attr *attr, u_char flag, u_char *startp) -{ - bgp_size_t total; - - total = length + (CHECK_FLAG (flag, BGP_ATTR_FLAG_EXTLEN) ? 4 : 3); - - if (!CHECK_FLAG(flag, BGP_ATTR_FLAG_TRANS) - || !CHECK_FLAG(flag, BGP_ATTR_FLAG_OPTIONAL)) - { - zlog (peer->log, LOG_ERR, - "AS-Pathlimit attribute flag isn't transitive %d", flag); - bgp_notify_send_with_data (peer, - BGP_NOTIFY_UPDATE_ERR, - BGP_NOTIFY_UPDATE_ATTR_FLAG_ERR, - startp, total); - return -1; - } - - if (length != 5) - { - zlog (peer->log, LOG_ERR, - "AS-Pathlimit length, %u, is not 5", length); - bgp_notify_send_with_data (peer, - BGP_NOTIFY_UPDATE_ERR, - BGP_NOTIFY_UPDATE_ATTR_FLAG_ERR, - startp, total); - return -1; - } - - attr->pathlimit.ttl = stream_getc (BGP_INPUT(peer)); - attr->pathlimit.as = stream_getl (BGP_INPUT(peer)); - attr->flag |= ATTR_FLAG_BIT (BGP_ATTR_AS_PATHLIMIT); - return 0; -} /* Get origin attribute of the update message. */ static int bgp_attr_origin (struct peer *peer, bgp_size_t length, @@ -1717,9 +1673,6 @@ bgp_attr_parse (struct peer *peer, struct attr *attr, bgp_size_t size, case BGP_ATTR_EXT_COMMUNITIES: ret = bgp_attr_ext_communities (peer, length, attr, flag); break; - case BGP_ATTR_AS_PATHLIMIT: - ret = bgp_attr_aspathlimit (peer, length, attr, flag, startp); - break; default: ret = bgp_attr_unknown (peer, attr, flag, type, length, startp); break; @@ -2274,24 +2227,6 @@ bgp_packet_attribute (struct bgp *bgp, struct peer *peer, stream_put_ipv4 (s, attr->extra->aggregator_addr.s_addr); } - /* AS-Pathlimit */ - if (attr->pathlimit.ttl) - { - u_int32_t as = attr->pathlimit.as; - - /* should already have been done in announce_check(), - * but just in case.. - */ - if (!as) - as = peer->local_as; - - stream_putc (s, BGP_ATTR_FLAG_OPTIONAL|BGP_ATTR_FLAG_TRANS); - stream_putc (s, BGP_ATTR_AS_PATHLIMIT); - stream_putc (s, 5); - stream_putc (s, attr->pathlimit.ttl); - stream_putl (s, as); - } - /* Unknown transit attribute. */ if (attr->extra && attr->extra->transit) stream_put (s, attr->extra->transit->val, attr->extra->transit->length); @@ -2503,16 +2438,6 @@ bgp_dump_routes_attr (struct stream *s, struct attr *attr, } #endif /* HAVE_IPV6 */ - /* AS-Pathlimit */ - if (attr->flag & ATTR_FLAG_BIT (BGP_ATTR_AS_PATHLIMIT)) - { - stream_putc (s, BGP_ATTR_FLAG_OPTIONAL|BGP_ATTR_FLAG_TRANS); - stream_putc (s, BGP_ATTR_AS_PATHLIMIT); - stream_putc (s, 5); - stream_putc (s, attr->pathlimit.ttl); - stream_putl (s, attr->pathlimit.as); - } - /* Return total size of attribute. */ len = stream_get_endp (s) - cp - 2; stream_putw_at (s, cp, len); diff --git a/bgpd/bgp_attr.h b/bgpd/bgp_attr.h index ed8753b..af9dcf5 100644 --- a/bgpd/bgp_attr.h +++ b/bgpd/bgp_attr.h @@ -110,12 +110,6 @@ struct attr u_int32_t med; u_int32_t local_pref; - /* AS-Pathlimit */ - struct { - u_int32_t as; - u_char ttl; - } pathlimit; - /* Path origin attribute */ u_char origin; }; diff --git a/bgpd/bgp_route.c b/bgpd/bgp_route.c index a92ca4e..c13d49d 100644 --- a/bgpd/bgp_route.c +++ b/bgpd/bgp_route.c @@ -910,19 +910,6 @@ bgp_announce_check (struct bgp_info *ri, struct peer *peer, struct prefix *p, } } - /* AS-Pathlimit check */ - if (ri->attr->pathlimit.ttl && peer_sort (peer) == BGP_PEER_EBGP) - /* Our ASN has not yet been pre-pended, that's done in packet_attribute - * on output. Hence the test here is for >=. - */ - if (aspath_count_hops (ri->attr->aspath) >= ri->attr->pathlimit.ttl) - { - if (BGP_DEBUG (filter, FILTER)) - zlog_info ("%s [Update:SEND] suppressed, AS-Pathlimit TTL %u exceeded", - peer->host, ri->attr->pathlimit.ttl); - return 0; - } - /* For modify attribute, copy it to temporary structure. */ bgp_attr_dup (attr, ri->attr); @@ -1027,39 +1014,6 @@ bgp_announce_check (struct bgp_info *ri, struct peer *peer, struct prefix *p, } #endif /* HAVE_IPV6 */ - /* AS-Pathlimit: Check ASN for private/confed */ - if (attr->pathlimit.ttl) - { - /* locally originated update */ - if (!attr->pathlimit.as) - attr->pathlimit.as = peer->local_as; - - /* if the AS_PATHLIMIT attribute is attached to a prefix by a - member of a confederation, then when the prefix is advertised outside - of the confederation boundary, then the AS number of the - confederation member inside of the AS_PATHLIMIT attribute should be - replaced by the confederation's AS number. */ - if (peer_sort (from) == BGP_PEER_CONFED - && peer_sort (peer) != BGP_PEER_CONFED) - attr->pathlimit.as = peer->local_as; - - /* Private ASN should be updated whenever announcement leaves - * private space. This is deliberately done after simple confed - * based update.. - */ - if (attr->pathlimit.as >= BGP_PRIVATE_AS_MIN - && attr->pathlimit.as <= BGP_PRIVATE_AS_MAX) - { - if (peer->local_as < BGP_PRIVATE_AS_MIN - || peer->local_as > BGP_PRIVATE_AS_MAX) - attr->pathlimit.as = peer->local_as; - /* Ours is private, try using theirs.. */ - else if (peer->as < BGP_PRIVATE_AS_MIN - || peer->local_as > BGP_PRIVATE_AS_MAX) - attr->pathlimit.as = peer->as; - } - } - /* If this is EBGP peer and remove-private-AS is set. */ if (peer_sort (peer) == BGP_PEER_EBGP && peer_af_flag_check (peer, afi, safi, PEER_FLAG_REMOVE_PRIVATE_AS) @@ -3239,14 +3193,6 @@ bgp_static_update_rsclient (struct peer *rsclient, struct prefix *p, attr.med = bgp_static->igpmetric; attr.flag |= ATTR_FLAG_BIT (BGP_ATTR_MULTI_EXIT_DISC); - if (bgp_static->ttl) - { - attr.flag |= ATTR_FLAG_BIT (BGP_ATTR_AS_PATHLIMIT); - attr.flag |= ATTR_FLAG_BIT (BGP_ATTR_ATOMIC_AGGREGATE); - attr.pathlimit.as = 0; - attr.pathlimit.ttl = bgp_static->ttl; - } - if (bgp_static->atomic) attr.flag |= ATTR_FLAG_BIT (BGP_ATTR_ATOMIC_AGGREGATE); @@ -3395,14 +3341,6 @@ bgp_static_update_main (struct bgp *bgp, struct prefix *p, attr.med = bgp_static->igpmetric; attr.flag |= ATTR_FLAG_BIT (BGP_ATTR_MULTI_EXIT_DISC); - if (bgp_static->ttl) - { - attr.flag |= ATTR_FLAG_BIT (BGP_ATTR_AS_PATHLIMIT); - attr.flag |= ATTR_FLAG_BIT (BGP_ATTR_ATOMIC_AGGREGATE); - attr.pathlimit.as = 0; - attr.pathlimit.ttl = bgp_static->ttl; - } - if (bgp_static->atomic) attr.flag |= ATTR_FLAG_BIT (BGP_ATTR_ATOMIC_AGGREGATE); @@ -3626,44 +3564,17 @@ bgp_static_withdraw_vpnv4 (struct bgp *bgp, struct prefix *p, u_int16_t afi, bgp_unlock_node (rn); } -static void -bgp_pathlimit_update_parents (struct bgp *bgp, struct bgp_node *rn, - int ttl_edge) -{ - struct bgp_node *parent = rn; - struct bgp_static *sp; - - /* Existing static changed TTL, search parents and adjust their atomic */ - while ((parent = parent->parent)) - if ((sp = parent->info)) - { - int sp_level = (sp->atomic ? 1 : 0); - ttl_edge ? sp->atomic++ : sp->atomic--; - - /* did we change state of parent whether atomic is set or not? */ - if (sp_level != (sp->atomic ? 1 : 0)) - { - bgp_static_update (bgp, &parent->p, sp, - rn->table->afi, rn->table->safi); - } - } -} - /* Configure static BGP network. When user don't run zebra, static route should be installed as valid. */ static int bgp_static_set (struct vty *vty, struct bgp *bgp, const char *ip_str, - u_int16_t afi, u_char safi, const char *rmap, int backdoor, - u_char ttl) + u_int16_t afi, u_char safi, const char *rmap, int backdoor) { int ret; struct prefix p; struct bgp_static *bgp_static; struct bgp_node *rn; u_char need_update = 0; - u_char ttl_change = 0; - u_char ttl_edge = (ttl ? 1 : 0); - u_char new = 0; /* Convert IP prefix string to struct prefix. */ ret = str2prefix (ip_str, &p); @@ -3692,21 +3603,10 @@ bgp_static_set (struct vty *vty, struct bgp *bgp, const char *ip_str, bgp_static = rn->info; /* Check previous routes are installed into BGP. */ - if (bgp_static->valid) - { - if (bgp_static->backdoor != backdoor - || bgp_static->ttl != ttl) - need_update = 1; - } + if (bgp_static->valid && bgp_static->backdoor != backdoor) + need_update = 1; - /* need to catch TTL set/unset transitions for handling of - * ATOMIC_AGGREGATE - */ - if ((bgp_static->ttl ? 1 : 0) != ttl_edge) - ttl_change = 1; - bgp_static->backdoor = backdoor; - bgp_static->ttl = ttl; if (rmap) { @@ -3733,9 +3633,6 @@ bgp_static_set (struct vty *vty, struct bgp *bgp, const char *ip_str, bgp_static->valid = 0; bgp_static->igpmetric = 0; bgp_static->igpnexthop.s_addr = 0; - bgp_static->ttl = ttl; - ttl_change = ttl_edge; - new = 1; if (rmap) { @@ -3747,39 +3644,6 @@ bgp_static_set (struct vty *vty, struct bgp *bgp, const char *ip_str, rn->info = bgp_static; } - /* ".. sites that choose to advertise the - * AS_PATHLIMIT path attribute SHOULD advertise the ATOMIC_AGGREGATE on - * all less specific covering prefixes as well as the more specific - * prefixes." - * - * So: - * Prefix that has just had pathlimit set/unset: - * - Must bump ATOMIC refcount on all parents. - * - * To catch less specific prefixes: - * - Must search children for ones with TTL, bump atomic refcount - * (we dont care if we're deleting a less specific prefix..) - */ - if (ttl_change) - { - /* Existing static changed TTL, search parents and adjust their atomic */ - bgp_pathlimit_update_parents (bgp, rn, ttl_edge); - } - - if (new) - { - struct bgp_node *child; - struct bgp_static *sc; - - /* New static, search children and bump this statics atomic.. */ - child = bgp_lock_node (rn); /* route_next_until unlocks it.. */ - while ((child = bgp_route_next_until (child, rn))) - { - if ((sc = child->info) && sc->ttl) - bgp_static->atomic++; - } - } - /* If BGP scan is not enabled, we should install this route here. */ if (! bgp_flag_check (bgp, BGP_FLAG_IMPORT_CHECK)) { @@ -3833,9 +3697,6 @@ bgp_static_unset (struct vty *vty, struct bgp *bgp, const char *ip_str, bgp_static = rn->info; - /* decrement atomic in parents, see bgp_static_set */ - bgp_pathlimit_update_parents (bgp, rn, 0); - /* Update BGP RIB. */ if (! bgp_static->backdoor) bgp_static_withdraw (bgp, &p, afi, safi); @@ -4032,23 +3893,10 @@ DEFUN (bgp_network, "Specify a network to announce via BGP\n" "IP prefix /, e.g., 35.0.0.0/8\n") { - u_char ttl = 0; - - if (argc == 2) - VTY_GET_INTEGER_RANGE ("Pathlimit TTL", ttl, argv[1], 1, 255); - return bgp_static_set (vty, vty->index, argv[0], - AFI_IP, bgp_node_safi (vty), NULL, 0, ttl); + AFI_IP, bgp_node_safi (vty), NULL, 0); } -ALIAS (bgp_network, - bgp_network_ttl_cmd, - "network A.B.C.D/M pathlimit <0-255>", - "Specify a network to announce via BGP\n" - "IP prefix /, e.g., 35.0.0.0/8\n" - "AS-Path hopcount limit attribute\n" - "AS-Pathlimit TTL, in number of AS-Path hops\n") - DEFUN (bgp_network_route_map, bgp_network_route_map_cmd, "network A.B.C.D/M route-map WORD", @@ -4058,7 +3906,7 @@ DEFUN (bgp_network_route_map, "Name of the route map\n") { return bgp_static_set (vty, vty->index, argv[0], - AFI_IP, bgp_node_safi (vty), argv[1], 0, 0); + AFI_IP, bgp_node_safi (vty), argv[1], 0); } DEFUN (bgp_network_backdoor, @@ -4068,24 +3916,10 @@ DEFUN (bgp_network_backdoor, "IP prefix /, e.g., 35.0.0.0/8\n" "Specify a BGP backdoor route\n") { - u_char ttl = 0; - - if (argc == 2) - VTY_GET_INTEGER_RANGE ("Pathlimit TTL", ttl, argv[1], 1, 255); - return bgp_static_set (vty, vty->index, argv[0], AFI_IP, SAFI_UNICAST, - NULL, 1, ttl); + NULL, 1); } -ALIAS (bgp_network_backdoor, - bgp_network_backdoor_ttl_cmd, - "network A.B.C.D/M backdoor pathlimit <0-255>", - "Specify a network to announce via BGP\n" - "IP prefix /, e.g., 35.0.0.0/8\n" - "Specify a BGP backdoor route\n" - "AS-Path hopcount limit attribute\n" - "AS-Pathlimit TTL, in number of AS-Path hops\n") - DEFUN (bgp_network_mask, bgp_network_mask_cmd, "network A.B.C.D mask A.B.C.D", @@ -4096,10 +3930,6 @@ DEFUN (bgp_network_mask, { int ret; char prefix_str[BUFSIZ]; - u_char ttl = 0; - - if (argc == 3) - VTY_GET_INTEGER_RANGE ("Pathlimit TTL", ttl, argv[2], 1, 255); ret = netmask_str2prefix_str (argv[0], argv[1], prefix_str); if (! ret) @@ -4109,19 +3939,9 @@ DEFUN (bgp_network_mask, } return bgp_static_set (vty, vty->index, prefix_str, - AFI_IP, bgp_node_safi (vty), NULL, 0, ttl); + AFI_IP, bgp_node_safi (vty), NULL, 0); } -ALIAS (bgp_network_mask, - bgp_network_mask_ttl_cmd, - "network A.B.C.D mask A.B.C.D pathlimit <0-255>", - "Specify a network to announce via BGP\n" - "Network number\n" - "Network mask\n" - "Network mask\n" - "AS-Path hopcount limit attribute\n" - "AS-Pathlimit TTL, in number of AS-Path hops\n") - DEFUN (bgp_network_mask_route_map, bgp_network_mask_route_map_cmd, "network A.B.C.D mask A.B.C.D route-map WORD", @@ -4143,7 +3963,7 @@ DEFUN (bgp_network_mask_route_map, } return bgp_static_set (vty, vty->index, prefix_str, - AFI_IP, bgp_node_safi (vty), argv[2], 0, 0); + AFI_IP, bgp_node_safi (vty), argv[2], 0); } DEFUN (bgp_network_mask_backdoor, @@ -4157,11 +3977,7 @@ DEFUN (bgp_network_mask_backdoor, { int ret; char prefix_str[BUFSIZ]; - u_char ttl = 0; - if (argc == 3) - VTY_GET_INTEGER_RANGE ("Pathlimit TTL", ttl, argv[2], 1, 255); - ret = netmask_str2prefix_str (argv[0], argv[1], prefix_str); if (! ret) { @@ -4170,20 +3986,9 @@ DEFUN (bgp_network_mask_backdoor, } return bgp_static_set (vty, vty->index, prefix_str, AFI_IP, SAFI_UNICAST, - NULL, 1, ttl); + NULL, 1); } -ALIAS (bgp_network_mask_backdoor, - bgp_network_mask_backdoor_ttl_cmd, - "network A.B.C.D mask A.B.C.D backdoor pathlimit <0-255>", - "Specify a network to announce via BGP\n" - "Network number\n" - "Network mask\n" - "Network mask\n" - "Specify a BGP backdoor route\n" - "AS-Path hopcount limit attribute\n" - "AS-Pathlimit TTL, in number of AS-Path hops\n") - DEFUN (bgp_network_mask_natural, bgp_network_mask_natural_cmd, "network A.B.C.D", @@ -4192,10 +3997,6 @@ DEFUN (bgp_network_mask_natural, { int ret; char prefix_str[BUFSIZ]; - u_char ttl = 0; - - if (argc == 2) - VTY_GET_INTEGER_RANGE ("Pathlimit TTL", ttl, argv[1], 1, 255); ret = netmask_str2prefix_str (argv[0], NULL, prefix_str); if (! ret) @@ -4205,17 +4006,9 @@ DEFUN (bgp_network_mask_natural, } return bgp_static_set (vty, vty->index, prefix_str, - AFI_IP, bgp_node_safi (vty), NULL, 0, ttl); + AFI_IP, bgp_node_safi (vty), NULL, 0); } -ALIAS (bgp_network_mask_natural, - bgp_network_mask_natural_ttl_cmd, - "network A.B.C.D pathlimit <0-255>", - "Specify a network to announce via BGP\n" - "Network number\n" - "AS-Path hopcount limit attribute\n" - "AS-Pathlimit TTL, in number of AS-Path hops\n") - DEFUN (bgp_network_mask_natural_route_map, bgp_network_mask_natural_route_map_cmd, "network A.B.C.D route-map WORD", @@ -4235,7 +4028,7 @@ DEFUN (bgp_network_mask_natural_route_map, } return bgp_static_set (vty, vty->index, prefix_str, - AFI_IP, bgp_node_safi (vty), argv[1], 0, 0); + AFI_IP, bgp_node_safi (vty), argv[1], 0); } DEFUN (bgp_network_mask_natural_backdoor, @@ -4247,10 +4040,6 @@ DEFUN (bgp_network_mask_natural_backdoor, { int ret; char prefix_str[BUFSIZ]; - u_char ttl = 0; - - if (argc == 2) - VTY_GET_INTEGER_RANGE ("Pathlimit TTL", ttl, argv[1], 1, 255); ret = netmask_str2prefix_str (argv[0], NULL, prefix_str); if (! ret) @@ -4260,18 +4049,9 @@ DEFUN (bgp_network_mask_natural_backdoor, } return bgp_static_set (vty, vty->index, prefix_str, AFI_IP, SAFI_UNICAST, - NULL, 1, ttl); + NULL, 1); } -ALIAS (bgp_network_mask_natural_backdoor, - bgp_network_mask_natural_backdoor_ttl_cmd, - "network A.B.C.D backdoor pathlimit (1-255>", - "Specify a network to announce via BGP\n" - "Network number\n" - "Specify a BGP backdoor route\n" - "AS-Path hopcount limit attribute\n" - "AS-Pathlimit TTL, in number of AS-Path hops\n") - DEFUN (no_bgp_network, no_bgp_network_cmd, "no network A.B.C.D/M", @@ -4284,15 +4064,6 @@ DEFUN (no_bgp_network, } ALIAS (no_bgp_network, - no_bgp_network_ttl_cmd, - "no network A.B.C.D/M pathlimit <0-255>", - NO_STR - "Specify a network to announce via BGP\n" - "IP prefix /, e.g., 35.0.0.0/8\n" - "AS-Path hopcount limit attribute\n" - "AS-Pathlimit TTL, in number of AS-Path hops\n") - -ALIAS (no_bgp_network, no_bgp_network_route_map_cmd, "no network A.B.C.D/M route-map WORD", NO_STR @@ -4309,16 +4080,6 @@ ALIAS (no_bgp_network, "IP prefix /, e.g., 35.0.0.0/8\n" "Specify a BGP backdoor route\n") -ALIAS (no_bgp_network, - no_bgp_network_backdoor_ttl_cmd, - "no network A.B.C.D/M backdoor pathlimit <0-255>", - NO_STR - "Specify a network to announce via BGP\n" - "IP prefix /, e.g., 35.0.0.0/8\n" - "Specify a BGP backdoor route\n" - "AS-Path hopcount limit attribute\n" - "AS-Pathlimit TTL, in number of AS-Path hops\n") - DEFUN (no_bgp_network_mask, no_bgp_network_mask_cmd, "no network A.B.C.D mask A.B.C.D", @@ -4342,17 +4103,6 @@ DEFUN (no_bgp_network_mask, bgp_node_safi (vty)); } -ALIAS (no_bgp_network, - no_bgp_network_mask_ttl_cmd, - "no network A.B.C.D mask A.B.C.D pathlimit <0-255>", - NO_STR - "Specify a network to announce via BGP\n" - "Network number\n" - "Network mask\n" - "Network mask\n" - "AS-Path hopcount limit attribute\n" - "AS-Pathlimit TTL, in number of AS-Path hops\n") - ALIAS (no_bgp_network_mask, no_bgp_network_mask_route_map_cmd, "no network A.B.C.D mask A.B.C.D route-map WORD", @@ -4374,18 +4124,6 @@ ALIAS (no_bgp_network_mask, "Network mask\n" "Specify a BGP backdoor route\n") -ALIAS (no_bgp_network_mask, - no_bgp_network_mask_backdoor_ttl_cmd, - "no network A.B.C.D mask A.B.C.D backdoor pathlimit <0-255>", - NO_STR - "Specify a network to announce via BGP\n" - "Network number\n" - "Network mask\n" - "Network mask\n" - "Specify a BGP backdoor route\n" - "AS-Path hopcount limit attribute\n" - "AS-Pathlimit TTL, in number of AS-Path hops\n") - DEFUN (no_bgp_network_mask_natural, no_bgp_network_mask_natural_cmd, "no network A.B.C.D", @@ -4424,25 +4162,6 @@ ALIAS (no_bgp_network_mask_natural, "Network number\n" "Specify a BGP backdoor route\n") -ALIAS (no_bgp_network_mask_natural, - no_bgp_network_mask_natural_ttl_cmd, - "no network A.B.C.D pathlimit <0-255>", - NO_STR - "Specify a network to announce via BGP\n" - "Network number\n" - "AS-Path hopcount limit attribute\n" - "AS-Pathlimit TTL, in number of AS-Path hops\n") - -ALIAS (no_bgp_network_mask_natural, - no_bgp_network_mask_natural_backdoor_ttl_cmd, - "no network A.B.C.D backdoor pathlimit <0-255>", - NO_STR - "Specify a network to announce via BGP\n" - "Network number\n" - "Specify a BGP backdoor route\n" - "AS-Path hopcount limit attribute\n" - "AS-Pathlimit TTL, in number of AS-Path hops\n") - #ifdef HAVE_IPV6 DEFUN (ipv6_bgp_network, ipv6_bgp_network_cmd, @@ -4450,23 +4169,10 @@ DEFUN (ipv6_bgp_network, "Specify a network to announce via BGP\n" "IPv6 prefix /\n") { - u_char ttl = 0; - - if (argc == 2) - VTY_GET_INTEGER_RANGE ("Pathlimit TTL", ttl, argv[1], 1, 255); - return bgp_static_set (vty, vty->index, argv[0], AFI_IP6, SAFI_UNICAST, - NULL, 0, ttl); + NULL, 0); } -ALIAS (ipv6_bgp_network, - ipv6_bgp_network_ttl_cmd, - "network X:X::X:X/M pathlimit <0-255>", - "Specify a network to announce via BGP\n" - "IPv6 prefix /\n" - "AS-Path hopcount limit attribute\n" - "AS-Pathlimit TTL, in number of AS-Path hops\n") - DEFUN (ipv6_bgp_network_route_map, ipv6_bgp_network_route_map_cmd, "network X:X::X:X/M route-map WORD", @@ -4476,7 +4182,7 @@ DEFUN (ipv6_bgp_network_route_map, "Name of the route map\n") { return bgp_static_set (vty, vty->index, argv[0], AFI_IP6, - bgp_node_safi (vty), argv[1], 0, 0); + bgp_node_safi (vty), argv[1], 0); } DEFUN (no_ipv6_bgp_network, @@ -4498,15 +4204,6 @@ ALIAS (no_ipv6_bgp_network, "Route-map to modify the attributes\n" "Name of the route map\n") -ALIAS (no_ipv6_bgp_network, - no_ipv6_bgp_network_ttl_cmd, - "no network X:X::X:X/M pathlimit <0-255>", - NO_STR - "Specify a network to announce via BGP\n" - "IPv6 prefix /\n" - "AS-Path hopcount limit attribute\n" - "AS-Pathlimit TTL, in number of AS-Path hops\n") - ALIAS (ipv6_bgp_network, old_ipv6_bgp_network_cmd, "ipv6 bgp network X:X::X:X/M", @@ -4524,6 +4221,127 @@ ALIAS (no_ipv6_bgp_network, "Specify a network to announce via BGP\n" "IPv6 prefix /, e.g., 3ffe::/16\n") #endif /* HAVE_IPV6 */ + +/* stubs for removed AS-Pathlimit commands, kept for config compatibility */ +ALIAS_DEPRECATED (bgp_network, + bgp_network_ttl_cmd, + "network A.B.C.D/M pathlimit <0-255>", + "Specify a network to announce via BGP\n" + "IP prefix /, e.g., 35.0.0.0/8\n" + "AS-Path hopcount limit attribute\n" + "AS-Pathlimit TTL, in number of AS-Path hops\n") +ALIAS_DEPRECATED (bgp_network_backdoor, + bgp_network_backdoor_ttl_cmd, + "network A.B.C.D/M backdoor pathlimit <0-255>", + "Specify a network to announce via BGP\n" + "IP prefix /, e.g., 35.0.0.0/8\n" + "Specify a BGP backdoor route\n" + "AS-Path hopcount limit attribute\n" + "AS-Pathlimit TTL, in number of AS-Path hops\n") +ALIAS_DEPRECATED (bgp_network_mask, + bgp_network_mask_ttl_cmd, + "network A.B.C.D mask A.B.C.D pathlimit <0-255>", + "Specify a network to announce via BGP\n" + "Network number\n" + "Network mask\n" + "Network mask\n" + "AS-Path hopcount limit attribute\n" + "AS-Pathlimit TTL, in number of AS-Path hops\n") +ALIAS_DEPRECATED (bgp_network_mask_backdoor, + bgp_network_mask_backdoor_ttl_cmd, + "network A.B.C.D mask A.B.C.D backdoor pathlimit <0-255>", + "Specify a network to announce via BGP\n" + "Network number\n" + "Network mask\n" + "Network mask\n" + "Specify a BGP backdoor route\n" + "AS-Path hopcount limit attribute\n" + "AS-Pathlimit TTL, in number of AS-Path hops\n") +ALIAS_DEPRECATED (bgp_network_mask_natural, + bgp_network_mask_natural_ttl_cmd, + "network A.B.C.D pathlimit <0-255>", + "Specify a network to announce via BGP\n" + "Network number\n" + "AS-Path hopcount limit attribute\n" + "AS-Pathlimit TTL, in number of AS-Path hops\n") +ALIAS_DEPRECATED (bgp_network_mask_natural_backdoor, + bgp_network_mask_natural_backdoor_ttl_cmd, + "network A.B.C.D backdoor pathlimit (1-255>", + "Specify a network to announce via BGP\n" + "Network number\n" + "Specify a BGP backdoor route\n" + "AS-Path hopcount limit attribute\n" + "AS-Pathlimit TTL, in number of AS-Path hops\n") +ALIAS_DEPRECATED (no_bgp_network, + no_bgp_network_ttl_cmd, + "no network A.B.C.D/M pathlimit <0-255>", + NO_STR + "Specify a network to announce via BGP\n" + "IP prefix /, e.g., 35.0.0.0/8\n" + "AS-Path hopcount limit attribute\n" + "AS-Pathlimit TTL, in number of AS-Path hops\n") +ALIAS_DEPRECATED (no_bgp_network, + no_bgp_network_backdoor_ttl_cmd, + "no network A.B.C.D/M backdoor pathlimit <0-255>", + NO_STR + "Specify a network to announce via BGP\n" + "IP prefix /, e.g., 35.0.0.0/8\n" + "Specify a BGP backdoor route\n" + "AS-Path hopcount limit attribute\n" + "AS-Pathlimit TTL, in number of AS-Path hops\n") +ALIAS_DEPRECATED (no_bgp_network, + no_bgp_network_mask_ttl_cmd, + "no network A.B.C.D mask A.B.C.D pathlimit <0-255>", + NO_STR + "Specify a network to announce via BGP\n" + "Network number\n" + "Network mask\n" + "Network mask\n" + "AS-Path hopcount limit attribute\n" + "AS-Pathlimit TTL, in number of AS-Path hops\n") +ALIAS_DEPRECATED (no_bgp_network_mask, + no_bgp_network_mask_backdoor_ttl_cmd, + "no network A.B.C.D mask A.B.C.D backdoor pathlimit <0-255>", + NO_STR + "Specify a network to announce via BGP\n" + "Network number\n" + "Network mask\n" + "Network mask\n" + "Specify a BGP backdoor route\n" + "AS-Path hopcount limit attribute\n" + "AS-Pathlimit TTL, in number of AS-Path hops\n") +ALIAS_DEPRECATED (no_bgp_network_mask_natural, + no_bgp_network_mask_natural_ttl_cmd, + "no network A.B.C.D pathlimit <0-255>", + NO_STR + "Specify a network to announce via BGP\n" + "Network number\n" + "AS-Path hopcount limit attribute\n" + "AS-Pathlimit TTL, in number of AS-Path hops\n") +ALIAS_DEPRECATED (no_bgp_network_mask_natural, + no_bgp_network_mask_natural_backdoor_ttl_cmd, + "no network A.B.C.D backdoor pathlimit <0-255>", + NO_STR + "Specify a network to announce via BGP\n" + "Network number\n" + "Specify a BGP backdoor route\n" + "AS-Path hopcount limit attribute\n" + "AS-Pathlimit TTL, in number of AS-Path hops\n") +ALIAS_DEPRECATED (ipv6_bgp_network, + ipv6_bgp_network_ttl_cmd, + "network X:X::X:X/M pathlimit <0-255>", + "Specify a network to announce via BGP\n" + "IPv6 prefix /\n" + "AS-Path hopcount limit attribute\n" + "AS-Pathlimit TTL, in number of AS-Path hops\n") +ALIAS_DEPRECATED (no_ipv6_bgp_network, + no_ipv6_bgp_network_ttl_cmd, + "no network X:X::X:X/M pathlimit <0-255>", + NO_STR + "Specify a network to announce via BGP\n" + "IPv6 prefix /\n" + "AS-Path hopcount limit attribute\n" + "AS-Pathlimit TTL, in number of AS-Path hops\n") /* Aggreagete address: @@ -6130,17 +5948,6 @@ route_vty_out_detail (struct vty *vty, struct bgp *bgp, struct prefix *p, vty_out (vty, "%s", VTY_NEWLINE); } - /* 7: AS Pathlimit */ - if (attr->flag & ATTR_FLAG_BIT(BGP_ATTR_AS_PATHLIMIT)) - { - - vty_out (vty, " AS-Pathlimit: %u", - attr->pathlimit.ttl); - if (attr->pathlimit.as) - vty_out (vty, " (%u)", attr->pathlimit.as); - vty_out (vty, "%s", VTY_NEWLINE); - } - if (binfo->extra && binfo->extra->damp_info) bgp_damp_info_vty (vty, binfo); @@ -11547,8 +11354,6 @@ bgp_config_write_network (struct vty *vty, struct bgp *bgp, { if (bgp_static->backdoor) vty_out (vty, " backdoor"); - if (bgp_static->ttl) - vty_out (vty, " pathlimit %u", bgp_static->ttl); } vty_out (vty, "%s", VTY_NEWLINE); @@ -11637,12 +11442,6 @@ bgp_route_init (void) install_element (BGP_NODE, &bgp_network_backdoor_cmd); install_element (BGP_NODE, &bgp_network_mask_backdoor_cmd); install_element (BGP_NODE, &bgp_network_mask_natural_backdoor_cmd); - install_element (BGP_NODE, &bgp_network_ttl_cmd); - install_element (BGP_NODE, &bgp_network_mask_ttl_cmd); - install_element (BGP_NODE, &bgp_network_mask_natural_ttl_cmd); - install_element (BGP_NODE, &bgp_network_backdoor_ttl_cmd); - install_element (BGP_NODE, &bgp_network_mask_backdoor_ttl_cmd); - install_element (BGP_NODE, &bgp_network_mask_natural_backdoor_ttl_cmd); install_element (BGP_NODE, &no_bgp_network_cmd); install_element (BGP_NODE, &no_bgp_network_mask_cmd); install_element (BGP_NODE, &no_bgp_network_mask_natural_cmd); @@ -11652,12 +11451,6 @@ bgp_route_init (void) install_element (BGP_NODE, &no_bgp_network_backdoor_cmd); install_element (BGP_NODE, &no_bgp_network_mask_backdoor_cmd); install_element (BGP_NODE, &no_bgp_network_mask_natural_backdoor_cmd); - install_element (BGP_NODE, &no_bgp_network_ttl_cmd); - install_element (BGP_NODE, &no_bgp_network_mask_ttl_cmd); - install_element (BGP_NODE, &no_bgp_network_mask_natural_ttl_cmd); - install_element (BGP_NODE, &no_bgp_network_backdoor_ttl_cmd); - install_element (BGP_NODE, &no_bgp_network_mask_backdoor_ttl_cmd); - install_element (BGP_NODE, &no_bgp_network_mask_natural_backdoor_ttl_cmd); install_element (BGP_NODE, &aggregate_address_cmd); install_element (BGP_NODE, &aggregate_address_mask_cmd); @@ -11687,23 +11480,13 @@ bgp_route_init (void) install_element (BGP_IPV4_NODE, &bgp_network_route_map_cmd); install_element (BGP_IPV4_NODE, &bgp_network_mask_route_map_cmd); install_element (BGP_IPV4_NODE, &bgp_network_mask_natural_route_map_cmd); - install_element (BGP_IPV4_NODE, &bgp_network_ttl_cmd); - install_element (BGP_IPV4_NODE, &bgp_network_mask_ttl_cmd); - install_element (BGP_IPV4_NODE, &bgp_network_mask_natural_ttl_cmd); - install_element (BGP_IPV4_NODE, &bgp_network_backdoor_ttl_cmd); - install_element (BGP_IPV4_NODE, &bgp_network_mask_backdoor_ttl_cmd); - install_element (BGP_IPV4_NODE, &bgp_network_mask_natural_backdoor_ttl_cmd); install_element (BGP_IPV4_NODE, &no_bgp_network_cmd); + install_element (BGP_IPV4_NODE, &no_bgp_network_cmd); install_element (BGP_IPV4_NODE, &no_bgp_network_mask_cmd); install_element (BGP_IPV4_NODE, &no_bgp_network_mask_natural_cmd); install_element (BGP_IPV4_NODE, &no_bgp_network_route_map_cmd); install_element (BGP_IPV4_NODE, &no_bgp_network_mask_route_map_cmd); install_element (BGP_IPV4_NODE, &no_bgp_network_mask_natural_route_map_cmd); - install_element (BGP_IPV4_NODE, &no_bgp_network_ttl_cmd); - install_element (BGP_IPV4_NODE, &no_bgp_network_mask_ttl_cmd); - install_element (BGP_IPV4_NODE, &no_bgp_network_mask_natural_ttl_cmd); - install_element (BGP_IPV4_NODE, &no_bgp_network_backdoor_ttl_cmd); - install_element (BGP_IPV4_NODE, &no_bgp_network_mask_backdoor_ttl_cmd); - install_element (BGP_IPV4_NODE, &no_bgp_network_mask_natural_backdoor_ttl_cmd); install_element (BGP_IPV4_NODE, &no_bgp_network_cmd); + install_element (BGP_IPV4_NODE, &aggregate_address_cmd); install_element (BGP_IPV4_NODE, &aggregate_address_mask_cmd); install_element (BGP_IPV4_NODE, &aggregate_address_summary_only_cmd); @@ -11732,24 +11515,12 @@ bgp_route_init (void) install_element (BGP_IPV4M_NODE, &bgp_network_route_map_cmd); install_element (BGP_IPV4M_NODE, &bgp_network_mask_route_map_cmd); install_element (BGP_IPV4M_NODE, &bgp_network_mask_natural_route_map_cmd); - install_element (BGP_IPV4M_NODE, &bgp_network_ttl_cmd); - install_element (BGP_IPV4M_NODE, &bgp_network_mask_ttl_cmd); - install_element (BGP_IPV4M_NODE, &bgp_network_mask_natural_ttl_cmd); - install_element (BGP_IPV4M_NODE, &bgp_network_backdoor_ttl_cmd); - install_element (BGP_IPV4M_NODE, &bgp_network_mask_backdoor_ttl_cmd); - install_element (BGP_IPV4M_NODE, &bgp_network_mask_natural_backdoor_ttl_cmd); install_element (BGP_IPV4_NODE, &no_bgp_network_cmd); install_element (BGP_IPV4M_NODE, &no_bgp_network_cmd); install_element (BGP_IPV4M_NODE, &no_bgp_network_mask_cmd); install_element (BGP_IPV4M_NODE, &no_bgp_network_mask_natural_cmd); install_element (BGP_IPV4M_NODE, &no_bgp_network_route_map_cmd); install_element (BGP_IPV4M_NODE, &no_bgp_network_mask_route_map_cmd); install_element (BGP_IPV4M_NODE, &no_bgp_network_mask_natural_route_map_cmd); - install_element (BGP_IPV4M_NODE, &no_bgp_network_ttl_cmd); - install_element (BGP_IPV4M_NODE, &no_bgp_network_mask_ttl_cmd); - install_element (BGP_IPV4M_NODE, &no_bgp_network_mask_natural_ttl_cmd); - install_element (BGP_IPV4M_NODE, &no_bgp_network_backdoor_ttl_cmd); - install_element (BGP_IPV4M_NODE, &no_bgp_network_mask_backdoor_ttl_cmd); - install_element (BGP_IPV4M_NODE, &no_bgp_network_mask_natural_backdoor_ttl_cmd); install_element (BGP_IPV4_NODE, &no_bgp_network_cmd); install_element (BGP_IPV4M_NODE, &aggregate_address_cmd); install_element (BGP_IPV4M_NODE, &aggregate_address_mask_cmd); install_element (BGP_IPV4M_NODE, &aggregate_address_summary_only_cmd); @@ -11970,10 +11741,8 @@ bgp_route_init (void) /* New config IPv6 BGP commands. */ install_element (BGP_IPV6_NODE, &ipv6_bgp_network_cmd); install_element (BGP_IPV6_NODE, &ipv6_bgp_network_route_map_cmd); - install_element (BGP_IPV6_NODE, &ipv6_bgp_network_ttl_cmd); install_element (BGP_IPV6_NODE, &no_ipv6_bgp_network_cmd); install_element (BGP_IPV6_NODE, &no_ipv6_bgp_network_route_map_cmd); - install_element (BGP_IPV6_NODE, &no_ipv6_bgp_network_ttl_cmd); install_element (BGP_IPV6_NODE, &ipv6_aggregate_address_cmd); install_element (BGP_IPV6_NODE, &ipv6_aggregate_address_summary_only_cmd); @@ -12292,6 +12061,52 @@ bgp_route_init (void) install_element (BGP_IPV4_NODE, &bgp_damp_set3_cmd); install_element (BGP_IPV4_NODE, &bgp_damp_unset_cmd); install_element (BGP_IPV4_NODE, &bgp_damp_unset2_cmd); + + /* Deprecated AS-Pathlimit commands */ + install_element (BGP_NODE, &bgp_network_ttl_cmd); + install_element (BGP_NODE, &bgp_network_mask_ttl_cmd); + install_element (BGP_NODE, &bgp_network_mask_natural_ttl_cmd); + install_element (BGP_NODE, &bgp_network_backdoor_ttl_cmd); + install_element (BGP_NODE, &bgp_network_mask_backdoor_ttl_cmd); + install_element (BGP_NODE, &bgp_network_mask_natural_backdoor_ttl_cmd); + + install_element (BGP_NODE, &no_bgp_network_ttl_cmd); + install_element (BGP_NODE, &no_bgp_network_mask_ttl_cmd); + install_element (BGP_NODE, &no_bgp_network_mask_natural_ttl_cmd); + install_element (BGP_NODE, &no_bgp_network_backdoor_ttl_cmd); + install_element (BGP_NODE, &no_bgp_network_mask_backdoor_ttl_cmd); + install_element (BGP_NODE, &no_bgp_network_mask_natural_backdoor_ttl_cmd); + + install_element (BGP_IPV4_NODE, &bgp_network_ttl_cmd); + install_element (BGP_IPV4_NODE, &bgp_network_mask_ttl_cmd); + install_element (BGP_IPV4_NODE, &bgp_network_mask_natural_ttl_cmd); + install_element (BGP_IPV4_NODE, &bgp_network_backdoor_ttl_cmd); + install_element (BGP_IPV4_NODE, &bgp_network_mask_backdoor_ttl_cmd); + install_element (BGP_IPV4_NODE, &bgp_network_mask_natural_backdoor_ttl_cmd); + + install_element (BGP_IPV4_NODE, &no_bgp_network_ttl_cmd); + install_element (BGP_IPV4_NODE, &no_bgp_network_mask_ttl_cmd); + install_element (BGP_IPV4_NODE, &no_bgp_network_mask_natural_ttl_cmd); + install_element (BGP_IPV4_NODE, &no_bgp_network_backdoor_ttl_cmd); + install_element (BGP_IPV4_NODE, &no_bgp_network_mask_backdoor_ttl_cmd); + install_element (BGP_IPV4_NODE, &no_bgp_network_mask_natural_backdoor_ttl_cmd); + + install_element (BGP_IPV4M_NODE, &bgp_network_ttl_cmd); + install_element (BGP_IPV4M_NODE, &bgp_network_mask_ttl_cmd); + install_element (BGP_IPV4M_NODE, &bgp_network_mask_natural_ttl_cmd); + install_element (BGP_IPV4M_NODE, &bgp_network_backdoor_ttl_cmd); + install_element (BGP_IPV4M_NODE, &bgp_network_mask_backdoor_ttl_cmd); + install_element (BGP_IPV4M_NODE, &bgp_network_mask_natural_backdoor_ttl_cmd); + + install_element (BGP_IPV4M_NODE, &no_bgp_network_ttl_cmd); + install_element (BGP_IPV4M_NODE, &no_bgp_network_mask_ttl_cmd); + install_element (BGP_IPV4M_NODE, &no_bgp_network_mask_natural_ttl_cmd); + install_element (BGP_IPV4M_NODE, &no_bgp_network_backdoor_ttl_cmd); + install_element (BGP_IPV4M_NODE, &no_bgp_network_mask_backdoor_ttl_cmd); + install_element (BGP_IPV4M_NODE, &no_bgp_network_mask_natural_backdoor_ttl_cmd); + + install_element (BGP_IPV6_NODE, &ipv6_bgp_network_ttl_cmd); + install_element (BGP_IPV6_NODE, &no_ipv6_bgp_network_ttl_cmd); } void diff --git a/bgpd/bgp_route.h b/bgpd/bgp_route.h index 5eed348..3e52859 100644 --- a/bgpd/bgp_route.h +++ b/bgpd/bgp_route.h @@ -116,9 +116,6 @@ struct bgp_static /* MPLS label. */ u_char tag[3]; - - /* AS-Pathlimit TTL */ - u_char ttl; }; /* Flags which indicate a route is unuseable in some form */ diff --git a/bgpd/bgp_routemap.c b/bgpd/bgp_routemap.c index aa7dbce..81ff48d 100644 --- a/bgpd/bgp_routemap.c +++ b/bgpd/bgp_routemap.c @@ -92,107 +92,15 @@ o Cisco route-map origin : Done tag : (This will not be implemented by bgpd) weight : Done - pathlimit : Done o Local extention set ipv6 next-hop global: Done set ipv6 next-hop local : Done - set pathlimit ttl : Done set as-path exclude : Done - match pathlimit as : Done */ -/* Compiles either AS or TTL argument. It is amused the VTY code - * has already range-checked the values to be suitable as TTL or ASN - */ -static void * -route_pathlimit_compile (const char *arg) -{ - unsigned long tmp; - u_int32_t *val; - char *endptr = NULL; - - /* TTL or AS value shoud be integer. */ - if (! all_digit (arg)) - return NULL; - - tmp = strtoul (arg, &endptr, 10); - if (*endptr != '\0' || tmp == ULONG_MAX || tmp > UINT32_MAX) - return NULL; - - if (!(val = XMALLOC (MTYPE_ROUTE_MAP_COMPILED, sizeof (u_int32_t)))) - return NULL; - - *val = tmp; - - return val; -} - -static void -route_pathlimit_free (void *rule) -{ - XFREE (MTYPE_ROUTE_MAP_COMPILED, rule); -} - -static route_map_result_t -route_match_pathlimit_as (void *rule, struct prefix *prefix, route_map_object_t type, - void *object) -{ - struct bgp_info *info = object; - struct attr *attr = info->attr; - uint32_t as = *(uint32_t *)rule; - - if (type != RMAP_BGP) - return RMAP_NOMATCH; - - if (!attr->pathlimit.as) - return RMAP_NOMATCH; - - if (as == attr->pathlimit.as) - return RMAP_MATCH; - - return RMAP_NOMATCH; -} - -/* 'match pathlimit as' */ -struct route_map_rule_cmd route_match_pathlimit_as_cmd = -{ - "pathlimit as", - route_match_pathlimit_as, - route_pathlimit_compile, - route_pathlimit_free -}; - -/* Set pathlimit TTL. */ -static route_map_result_t -route_set_pathlimit_ttl (void *rule, struct prefix *prefix, - route_map_object_t type, void *object) -{ - struct bgp_info *info = object; - struct attr *attr = info->attr; - u_char ttl = *(uint32_t *)rule; - - if (type == RMAP_BGP) - { - attr->flag |= ATTR_FLAG_BIT (BGP_ATTR_AS_PATHLIMIT); - attr->pathlimit.ttl = ttl; - attr->pathlimit.as = 0; - } - - return RMAP_OKAY; -} - -/* Set local preference rule structure. */ -struct route_map_rule_cmd route_set_pathlimit_ttl_cmd = -{ - "pathlimit ttl", - route_set_pathlimit_ttl, - route_pathlimit_compile, - route_pathlimit_free, -}; - /* 'match peer (A.B.C.D|X:X::X:X)' */ /* Compares the peer specified in the 'match peer' clause with the peer @@ -3743,17 +3651,17 @@ ALIAS (no_set_originator_id, "BGP originator ID attribute\n" "IP address of originator\n") -DEFUN (set_pathlimit_ttl, +DEFUN_DEPRECATED (set_pathlimit_ttl, set_pathlimit_ttl_cmd, "set pathlimit ttl <1-255>", SET_STR "BGP AS-Pathlimit attribute\n" "Set AS-Path Hop-count TTL\n") { - return bgp_route_set_add (vty, vty->index, "pathlimit ttl", argv[0]); + return CMD_SUCCESS; } -DEFUN (no_set_pathlimit_ttl, +DEFUN_DEPRECATED (no_set_pathlimit_ttl, no_set_pathlimit_ttl_cmd, "no set pathlimit ttl", NO_STR @@ -3761,10 +3669,7 @@ DEFUN (no_set_pathlimit_ttl, "BGP AS-Pathlimit attribute\n" "Set AS-Path Hop-count TTL\n") { - if (argc == 0) - return bgp_route_set_delete (vty, vty->index, "pathlimit ttl", NULL); - - return bgp_route_set_delete (vty, vty->index, "pathlimit ttl", argv[0]); + return CMD_SUCCESS; } ALIAS (no_set_pathlimit_ttl, @@ -3775,17 +3680,17 @@ ALIAS (no_set_pathlimit_ttl, "BGP AS-Pathlimit attribute\n" "Set AS-Path Hop-count TTL\n") -DEFUN (match_pathlimit_as, +DEFUN_DEPRECATED (match_pathlimit_as, match_pathlimit_as_cmd, "match pathlimit as <1-65535>", MATCH_STR "BGP AS-Pathlimit attribute\n" "Match Pathlimit AS number\n") { - return bgp_route_match_add (vty, vty->index, "pathlimit as", argv[0]); + return CMD_SUCCESS; } -DEFUN (no_match_pathlimit_as, +DEFUN_DEPRECATED (no_match_pathlimit_as, no_match_pathlimit_as_cmd, "no match pathlimit as", NO_STR @@ -3793,10 +3698,7 @@ DEFUN (no_match_pathlimit_as, "BGP AS-Pathlimit attribute\n" "Match Pathlimit AS number\n") { - if (argc == 0) - return bgp_route_match_delete (vty, vty->index, "pathlimit as", NULL); - - return bgp_route_match_delete (vty, vty->index, "pathlimit as", argv[0]); + return CMD_SUCCESS; } ALIAS (no_match_pathlimit_as, @@ -3959,10 +3861,9 @@ bgp_route_map_init (void) install_element (RMAP_NODE, &no_set_ipv6_nexthop_local_val_cmd); #endif /* HAVE_IPV6 */ - /* AS-Pathlimit */ - route_map_install_match (&route_match_pathlimit_as_cmd); - route_map_install_set (&route_set_pathlimit_ttl_cmd); - + /* AS-Pathlimit: functionality removed, commands kept for + * compatibility. + */ install_element (RMAP_NODE, &set_pathlimit_ttl_cmd); install_element (RMAP_NODE, &no_set_pathlimit_ttl_cmd); install_element (RMAP_NODE, &no_set_pathlimit_ttl_val_cmd); diff --git a/doc/bgpd.texi b/doc/bgpd.texi index 40156b7..e746330 100644 --- a/doc/bgpd.texi +++ b/doc/bgpd.texi @@ -149,29 +149,6 @@ routes if they aren't present in their IGP routing tables; @code{bgpd} doesn't care about IGP routes when announcing its routes. @end deffn -@deffn {BGP} {network @var{A.B.C.D/M} pathlimit <0-255>} {} -This command configures a route to be originated into BGP, just as with the -previous command, but additionally sets an AS-Pathlimit TTL to be advertised -on the route. See draft-ietf-idr-as-pathlimit. - -Specifying a TTL of 0 can be used to remove pathlimit from a previously -configured network statement. - -Note that when advertising prefixes with AS-Pathlimit set, all less-specific -prefixes advertised SHOULD also have the Atomic-Aggregate attribute set. -Failure to do so increases the risks of accidental routing loops occuring. - -This implementation will try to automatically set Atomic-Aggregate as -appropriate on any less-specific prefixes originated by the same speaker, -however it will not (and often can not) do so where @b{other} speakers in -the AS are originating more specifics. - -Hence the system administrator must take care to ensure that all -less-specific prefixes originated carry atomic-aggregate as appropriate, by -manually configuring speakers originating less-specifics to set -Atomic-Aggregate on those advertisements! -@end deffn - @deffn {BGP} {no network @var{A.B.C.D/M}} {} @end deffn diff --git a/doc/routemap.texi b/doc/routemap.texi index 9ac001c..db3e72d 100644 --- a/doc/routemap.texi +++ b/doc/routemap.texi @@ -155,10 +155,6 @@ Matches the specified @var{metric}. Matches the specified @var{community_list} @end deffn -@deffn {Route-map Command} {match pathlimit as @var{ASN}} {} -Matches the specified AS-Pathlimit @var{ASN}. -@end deffn - @node Route Map Set Command @section Route Map Set Command @@ -194,16 +190,6 @@ Set the BGP-4+ global IPv6 nexthop address. Set the BGP-4+ link local IPv6 nexthop address. @end deffn -@deffn {Route-map Command} {set pathlimit ttl @var{ttl}} {} -Sets the specified AS-Pathlimit @var{ttl} on the route. This will also cause -the AS to be set to the local AS. - -Note that the AS-Pathlimit RFC specifies that speakers advertising this -attribute should set Atomic-aggregate on all less specific routes. Setting -AS-Pathlimit by route-map does not do this, the user must do so themselves, -as they wish. -@end deffn - @node Route Map Call Command @section Route Map Call Command diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c index 3996afd..03a6dad 100644 --- a/bgpd/bgp_attr.c +++ b/bgpd/bgp_attr.c @@ -1235,13 +1235,16 @@ bgp_attr_community (struct peer *peer, bgp_size_t length, attr->community = NULL; return 0; } - else - { - attr->community = - community_parse ((u_int32_t *)stream_pnt (peer->ibuf), length); - stream_forward_getp (peer->ibuf, length); - } + + attr->community = + community_parse ((u_int32_t *)stream_pnt (peer->ibuf), length); + + /* XXX: fix community_parse to use stream API and remove this */ + stream_forward_getp (peer->ibuf, length); + if (!attr->community) + return -1; + attr->flag |= ATTR_FLAG_BIT (BGP_ATTR_COMMUNITIES); return 0; @@ -1478,13 +1481,18 @@ bgp_attr_ext_communities (struct peer *peer, bgp_size_t length, { if (attr->extra) attr->extra->ecommunity = NULL; + /* Empty extcomm doesn't seem to be invalid per se */ + return 0; } - else - { - (bgp_attr_extra_get (attr))->ecommunity = - ecommunity_parse ((u_int8_t *)stream_pnt (peer->ibuf), length); - stream_forward_getp (peer->ibuf, length); - } + + (bgp_attr_extra_get (attr))->ecommunity = + ecommunity_parse ((u_int8_t *)stream_pnt (peer->ibuf), length); + /* XXX: fix ecommunity_parse to use stream API */ + stream_forward_getp (peer->ibuf, length); + + if (!attr->extra->ecommunity) + return -1; + attr->flag |= ATTR_FLAG_BIT (BGP_ATTR_EXT_COMMUNITIES); return 0;