On Fri, May 26, 2017 at 08:01:00PM +0200, Peter Hessler wrote:
> Apropos of "I found it", I implemented support for RFC 7607. It's a
> super short RFC, but basically it forbids use of AS 0 anywhere.
>
> OK?
>
hi. you probably want to add the rfc to the list in STANDARDS too,
after 7606.
jmc
>
> Index: parse.y
> ===================================================================
> RCS file: /cvs/openbsd/src/usr.sbin/bgpd/parse.y,v
> retrieving revision 1.300
> diff -u -p -u -p -r1.300 parse.y
> --- parse.y 26 May 2017 14:08:51 -0000 1.300
> +++ parse.y 26 May 2017 17:55:11 -0000
> @@ -3661,6 +3661,11 @@ neighbor_consistent(struct peer *p)
> return (-1);
> }
>
> + if (p->conf.remote_as == 0) {
> + yyerror("peer AS needs to be not zero");
> + return (-1);
> + }
> +
> /* set default values if they where undefined */
> p->conf.ebgp = (p->conf.remote_as != conf->as);
> if (p->conf.announce_type == ANNOUNCE_UNDEF)
> Index: rde.c
> ===================================================================
> RCS file: /cvs/openbsd/src/usr.sbin/bgpd/rde.c,v
> retrieving revision 1.361
> diff -u -p -u -p -r1.361 rde.c
> --- rde.c 25 Jan 2017 03:21:55 -0000 1.361
> +++ rde.c 26 May 2017 17:43:30 -0000
> @@ -1102,6 +1102,14 @@ rde_update_dispatch(struct imsg *imsg)
> /* shift to NLRI information */
> p += 2 + attrpath_len;
>
> + /* aspath must not contain AS 0 */
> + if (!aspath_loopfree(asp->aspath, 0)) {
> + log_peer_warnx(&peer->conf, "bad AS 0 in UPDATE");
> + rde_update_err(peer, ERR_UPDATE, ERR_UPD_ASPATH,
> + NULL, 0);
> + goto done;
> + }
> +
> /* aspath needs to be loop free nota bene this is not a hard error */
> if (peer->conf.ebgp && !aspath_loopfree(asp->aspath, conf->as))
> asp->flags |= F_ATTR_LOOP;
> Index: session.c
> ===================================================================
> RCS file: /cvs/openbsd/src/usr.sbin/bgpd/session.c,v
> retrieving revision 1.359
> diff -u -p -u -p -r1.359 session.c
> --- session.c 13 Feb 2017 14:48:44 -0000 1.359
> +++ session.c 5 May 2017 17:26:16 -0000
> @@ -2017,6 +2017,14 @@ parse_open(struct peer *peer)
> memcpy(&short_as, p, sizeof(short_as));
> p += sizeof(short_as);
> as = peer->short_as = ntohs(short_as);
> + if (as == 0) {
> + log_peer_warnx(&peer->conf,
> + "peer requests unacceptable AS %u", as);
> + session_notification(peer, ERR_OPEN, ERR_OPEN_AS,
> + NULL, 0);
> + change_state(peer, STATE_IDLE, EVNT_RCVD_OPEN);
> + return (-1);
> + }
>
> memcpy(&oholdtime, p, sizeof(oholdtime));
> p += sizeof(oholdtime);
> @@ -2477,6 +2485,14 @@ parse_capabilities(struct peer *peer, u_
> }
> memcpy(&remote_as, capa_val, sizeof(remote_as));
> *as = ntohl(remote_as);
> + if (*as == 0) {
> + log_peer_warnx(&peer->conf,
> + "peer requests unacceptable AS %u", *as);
> + session_notification(peer, ERR_OPEN,
> ERR_OPEN_AS,
> + NULL, 0);
> + change_state(peer, STATE_IDLE, EVNT_RCVD_OPEN);
> + return (-1);
> + }
> peer->capa.peer.as4byte = 1;
> break;
> default:
>
>
> --
> Taxes, n.:
> Of life's two certainties, the only one for which you can get
> an extension.
>
