Merge pull request #18558 from spoignant-proton/master

bgpd: flowspec: remove sizelimit check applied to the wrong length field (issue 18557)
2025-04-07 03:27:02 +03:00 · 2025-04-07 03:27:02 +03:00 · 5e092d0e25
parent 259ffe1dfe 2cee5567bc
commit 5e092d0e25
3 changed files with 0 additions and 9 deletions
--- a/bgpd/bgp_flowspec.c
+++ b/bgpd/bgp_flowspec.c
@ -105,13 +105,6 @@ int bgp_nlri_parse_flowspec(struct peer *peer, struct attr *attr,
 	if (!attr)
 		withdraw = true;

-	if (packet->length >= FLOWSPEC_NLRI_SIZELIMIT_EXTENDED) {
-		flog_err(EC_BGP_FLOWSPEC_PACKET,
-			 "BGP flowspec nlri length maximum reached (%u)",
-			 packet->length);
-		return BGP_NLRI_PARSE_ERROR_FLOWSPEC_NLRI_SIZELIMIT;
-	}
-
 	for (; pnt < lim; pnt += psize) {
 		/* Clear prefix structure. */
 		memset(&p, 0, sizeof(p));
--- a/bgpd/bgp_flowspec_private.h
+++ b/bgpd/bgp_flowspec_private.h
@ -7,7 +7,6 @@
 #define _FRR_BGP_FLOWSPEC_PRIVATE_H

 #define FLOWSPEC_NLRI_SIZELIMIT			240
-#define FLOWSPEC_NLRI_SIZELIMIT_EXTENDED		4095

 /* Flowspec raffic action bit*/
 #define FLOWSPEC_TRAFFIC_ACTION_TERMINAL	1
--- a/bgpd/bgp_route.h
+++ b/bgpd/bgp_route.h
@ -88,7 +88,6 @@ enum bgp_show_adj_route_type {
 #define BGP_NLRI_PARSE_ERROR_EVPN_TYPE4_SIZE -9
 #define BGP_NLRI_PARSE_ERROR_EVPN_TYPE5_SIZE -10
 #define BGP_NLRI_PARSE_ERROR_FLOWSPEC_IPV6_NOT_SUPPORTED -11
-#define BGP_NLRI_PARSE_ERROR_FLOWSPEC_NLRI_SIZELIMIT -12
 #define BGP_NLRI_PARSE_ERROR_FLOWSPEC_BAD_FORMAT -13
 #define BGP_NLRI_PARSE_ERROR_ADDRESS_FAMILY -14
 #define BGP_NLRI_PARSE_ERROR_EVPN_TYPE1_SIZE -15