Re: OpenBGPD Flaps, 32bit ASn in the wild.

Thu, 29 Jan 2009 08:54:26 -0800 

On 2009-01-29, Toni Mueller <openbsd-m...@oeko.net> wrote:
> Hi,
>
> On Sat, 10.01.2009 at 12:11:03 -0600, tico <t...@raapid.net> wrote:
>> http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/bgpd/rde.c
>
> looking at CVS, it seems that multiple patches are needed, right?
>
> And we get the joy of threading them together ourselves, understanding
> OpenBGPd's code in the process... maybe.

This should work, but I run -current everywhere, I have no 4.4 boxes
to test it on.

Incidentally this looks like the same approach suggested by the
draft RFC4893bis

Index: rde.c
===================================================================
RCS file: /cvs/src/usr.sbin/bgpd/rde.c,v
retrieving revision 1.232
diff -u -p -r1.232 rde.c
--- rde.c       15 Jun 2008 10:03:46 -0000      1.232
+++ rde.c       29 Jan 2009 16:51:04 -0000
@@ -1,4 +1,4 @@
-/*     $OpenBSD: rde.c,v 1.232 2008/06/15 10:03:46 claudio Exp $ */
+/*     $OpenBSD: rde.c,v 1.234 2008/12/28 15:19:21 claudio Exp $ */
 
 /*
  * Copyright (c) 2003, 2004 Henning Brauer <henn...@openbsd.org>
@@ -797,8 +797,10 @@ rde_update_dispatch(struct imsg *imsg)
                /*
                 * if either ATTR_NEW_AGGREGATOR or ATTR_NEW_ASPATH is present
                 * try to fixup the attributes.
+                * XXX do not fixup if F_ATTR_LOOP is set.
                 */
-               if (asp->flags & F_ATTR_AS4BYTE_NEW)
+               if (asp->flags & F_ATTR_AS4BYTE_NEW &&
+                   !(asp->flags & F_ATTR_LOOP))
                        rde_as4byte_fixup(peer, asp);
 
                /* enforce remote AS if requested */
@@ -1347,10 +1349,17 @@ bad_flags:
                    ATTR_PARTIAL))
                        goto bad_flags;
                if (aspath_verify(p, attr_len, 1) != 0) {
-                       /* XXX draft does not specify how to handle errors */
-                       rde_update_err(peer, ERR_UPDATE, ERR_UPD_ASPATH,
-                           NULL, 0);
-                       return (-1);
+                       /*
+                        * XXX
+                        * XXX RFC does not specify how to handle errors.
+                        * XXX Instead of dropping the session because of a
+                        * XXX bad path just mark the full update as not
+                        * XXX loop-free the update is no longer eligible and
+                        * XXX will not be considered for routing or
+                        * XXX redistribution. Something better is needed.
+                        */
+                       a->flags |= F_ATTR_LOOP;
+                       goto optattr;
                }
                a->flags |= F_ATTR_AS4BYTE_NEW;
                goto optattr;

Reply via email to