Peter Hessler(phess...@openbsd.org) on 2017.05.26 21:40:49 +0200: > On 2017 May 26 (Fri) at 20:01:00 +0200 (+0200), Peter Hessler wrote: > :Apropos of "I found it", I implemented support for RFC 7607. It's a > :super short RFC, but basically it forbids use of AS 0 anywhere. > : > :OK? > : > : > > Fixed some denglish in an error message, mention the RFC in the man > page, and don't take down the session if we receive AS0 in the path. > > > Index: bgpd.8 > =================================================================== > RCS file: /cvs/openbsd/src/usr.sbin/bgpd/bgpd.8,v > retrieving revision 1.52 > diff -u -p -u -p -r1.52 bgpd.8 > --- bgpd.8 19 Feb 2017 11:38:24 -0000 1.52 > +++ bgpd.8 26 May 2017 18:29:49 -0000 > @@ -357,6 +357,16 @@ control socket > .Re > .Pp > .Rs > +.%A W. Kumari > +.%A R. Bush > +.%A H. Schiller > +.%A K. Patel > +.%D August 2015 > +.%R RFC 7607 > +.%T Codification of AS 0 Processing
diff is ok, but please consider this: i think we should limit the list to the features we support so that users can check if a certain something should work or not. this is not a feature, this is a protocol clarification/stability issue. otherwise the list gets longer and useless. if you leave this out, put a /* rfc 7607 */ comment next to the aspath_extract() below. > +.Re > +.Pp > +.Rs > .%D August 2011 > .%R draft-ietf-grow-mrt-17 > .%T MRT routing information export format > Index: parse.y > =================================================================== > RCS file: /cvs/openbsd/src/usr.sbin/bgpd/parse.y,v > retrieving revision 1.300 > diff -u -p -u -p -r1.300 parse.y > --- parse.y 26 May 2017 14:08:51 -0000 1.300 > +++ parse.y 26 May 2017 18:15:33 -0000 > @@ -3661,6 +3661,11 @@ neighbor_consistent(struct peer *p) > return (-1); > } > > + if (p->conf.remote_as == 0) { > + yyerror("peer AS may not be zero"); > + return (-1); > + } > + > /* set default values if they where undefined */ > p->conf.ebgp = (p->conf.remote_as != conf->as); > if (p->conf.announce_type == ANNOUNCE_UNDEF) > Index: rde_attr.c > =================================================================== > RCS file: /cvs/openbsd/src/usr.sbin/bgpd/rde_attr.c,v > retrieving revision 1.97 > diff -u -p -u -p -r1.97 rde_attr.c > --- rde_attr.c 24 Jan 2017 04:22:42 -0000 1.97 > +++ rde_attr.c 26 May 2017 19:29:04 -0000 > @@ -460,6 +460,9 @@ aspath_verify(void *data, u_int16_t len, > if (seg_size == 0) > /* empty aspath segments are not allowed */ > return (AS_ERR_BAD); > + > + if (aspath_extract(seg, 0) == 0) > + return (AS_ERR_BAD); > } > return (error); /* aspath is valid but probably not loop free */ > } > Index: session.c > =================================================================== > RCS file: /cvs/openbsd/src/usr.sbin/bgpd/session.c,v > retrieving revision 1.359 > diff -u -p -u -p -r1.359 session.c > --- session.c 13 Feb 2017 14:48:44 -0000 1.359 > +++ session.c 5 May 2017 17:26:16 -0000 > @@ -2017,6 +2017,14 @@ parse_open(struct peer *peer) > memcpy(&short_as, p, sizeof(short_as)); > p += sizeof(short_as); > as = peer->short_as = ntohs(short_as); > + if (as == 0) { > + log_peer_warnx(&peer->conf, > + "peer requests unacceptable AS %u", as); > + session_notification(peer, ERR_OPEN, ERR_OPEN_AS, > + NULL, 0); > + change_state(peer, STATE_IDLE, EVNT_RCVD_OPEN); > + return (-1); > + } > > memcpy(&oholdtime, p, sizeof(oholdtime)); > p += sizeof(oholdtime); > @@ -2477,6 +2485,14 @@ parse_capabilities(struct peer *peer, u_ > } > memcpy(&remote_as, capa_val, sizeof(remote_as)); > *as = ntohl(remote_as); > + if (*as == 0) { > + log_peer_warnx(&peer->conf, > + "peer requests unacceptable AS %u", *as); > + session_notification(peer, ERR_OPEN, > ERR_OPEN_AS, > + NULL, 0); > + change_state(peer, STATE_IDLE, EVNT_RCVD_OPEN); > + return (-1); > + } > peer->capa.peer.as4byte = 1; > break; > default: > > > > > -- > Madam, there's no such thing as a tough child -- if you parboil them > first for seven hours, they always come out tender. > -- W. C. Fields >