matthieu/frr
1
0
Fork 0
forked from Mirror/frr
Code Pull requests Activity

staticd: reject route config with too many nexthops

Browse source 
Restrict the number of nexthops for a route to the compiled-in
limit. Be careful with the zapi route struct's array of nexthops
too.

Signed-off-by: Mark Stapp <mstapp@nvidia.com>
This commit is contained in:
Mark Stapp 2022-02-17 09:49:41 -05:00
parent abc246e193
commit 1f7ab1a2cc
2 changed files with 10 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
staticd/static_nb_config.c
View file

@ -115,7 +115,7 @@ static int static_path_list_tag_modify(struct nb_cb_modify_args *args)
} }
struct nexthop_iter { struct nexthop_iter {
int count; uint32_t count;
bool blackhole; bool blackhole;
}; };
@ -171,6 +171,11 @@ static bool static_nexthop_create(struct nb_cb_create_args *args)
args->errmsg, args->errmsg_len, args->errmsg, args->errmsg_len,
"Route cannot have blackhole and non-blackhole nexthops simultaneously"); "Route cannot have blackhole and non-blackhole nexthops simultaneously");
return NB_ERR_VALIDATION; return NB_ERR_VALIDATION;
} else if (iter.count > zebra_ecmp_count) {
snprintf(args->errmsg, args->errmsg_len,
"Route cannot have more than %d ECMP nexthops",
zebra_ecmp_count);
return NB_ERR_VALIDATION;
} }
break; break;
case NB_EV_PREPARE: case NB_EV_PREPARE:

4
staticd/static_zebra.c
View file

@ -414,6 +414,10 @@ extern void static_zebra_route_add(struct static_path *pn, bool install)
api.tableid = pn->table_id; api.tableid = pn->table_id;
} }
frr_each(static_nexthop_list, &pn->nexthop_list, nh) { frr_each(static_nexthop_list, &pn->nexthop_list, nh) {
/* Don't overrun the nexthop array */
if (nh_num == zebra_ecmp_count)
break;
api_nh = &api.nexthops[nh_num]; api_nh = &api.nexthops[nh_num];
if (nh->nh_vrf_id == VRF_UNKNOWN) if (nh->nh_vrf_id == VRF_UNKNOWN)
continue; continue;