mirror of
https://github.com/FRRouting/frr.git
synced 2025-04-30 13:37:17 +02:00
2cee5567bc
Section 4.1 of RFC8955 defines how the length field of flowspec NLRIs is encoded. The method use implies a maximum length of 4095 for a single flowspec NLRI. However, in bgp_flowspec.c, we check the length attribute of the bgp_nlri structure against this maximum value, which actually is the *total* length of all NLRI included in the considered MP_REACH_NLRI path attribute. Due to this confusion, frr would reject valid announces that contain many flowspec NLRIs, when their cummulative length exceeds 4095, and close the session. The proposed change removes that check entirely. Indeed, there is no need to check the length field of each invidual NLRI because the method employed make it impossible to encode a length greater than 4095. Signed-off-by: Stephane Poignant <stephane.poignant@proton.ch>
33 lines
928 B
C
33 lines
928 B
C
// SPDX-License-Identifier: GPL-2.0-or-later
|
|
/* BGP Flowspec header . private structs and defines
|
|
* Copyright (C) 2018 6WIND
|
|
*/
|
|
|
|
#ifndef _FRR_BGP_FLOWSPEC_PRIVATE_H
|
|
#define _FRR_BGP_FLOWSPEC_PRIVATE_H
|
|
|
|
#define FLOWSPEC_NLRI_SIZELIMIT 240
|
|
|
|
/* Flowspec raffic action bit*/
|
|
#define FLOWSPEC_TRAFFIC_ACTION_TERMINAL 1
|
|
#define FLOWSPEC_TRAFFIC_ACTION_SAMPLE 0
|
|
#define FLOWSPEC_TRAFFIC_ACTION_DISTRIBUTE 1
|
|
|
|
/* Flow Spec Component Types */
|
|
#define NUM_OF_FLOWSPEC_MATCH_TYPES 12
|
|
#define FLOWSPEC_DEST_PREFIX 1
|
|
#define FLOWSPEC_SRC_PREFIX 2
|
|
#define FLOWSPEC_IP_PROTOCOL 3
|
|
#define FLOWSPEC_PORT 4
|
|
#define FLOWSPEC_DEST_PORT 5
|
|
#define FLOWSPEC_SRC_PORT 6
|
|
#define FLOWSPEC_ICMP_TYPE 7
|
|
#define FLOWSPEC_ICMP_CODE 8
|
|
#define FLOWSPEC_TCP_FLAGS 9
|
|
#define FLOWSPEC_PKT_LEN 10
|
|
#define FLOWSPEC_DSCP 11
|
|
#define FLOWSPEC_FRAGMENT 12
|
|
#define FLOWSPEC_FLOW_LABEL 13 /* For IPv6 only */
|
|
|
|
#endif /* _FRR_BGP_FLOWSPEC_PRIVATE_H */
|