CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2021/06/18 11:55:22
Modified files:
usr.sbin/bgpd : Tag: OPENBSD_6_9 rde.c
Log message:
During bgpd(8) config reloads prefixes of the wrong address family
could leak to peers resulting in session resets.
Original commit in -current:
revision 1.525
date: 2021/06/17 08:43:06; author: claudio; state: Exp; lines: +31 -9;
commitid: Rrf7ysc$
In Rev 1.511 I moved peer related checks from inside up_generate_updates()
to rde_generate_updates() but forgot to add the same checks to
rde_softreconfig_out(). As a result a config reload could result in
prefixes for a not-negotiated address family to leak into the Adj-RIB-Out.
Adjust both rde_generate_updates() and rde_softreconfig_out() to use the
same filter logic.
Also adjust rde_up_flush_upcall() to pass the peer as argument instead of
using prefix_peer(). The up_generate_updates() call there does not need
any filtering since the walker runs on the Adj-RIB-Out and just withdraws
everything.
OK job@ on a previous diff
This is errata/6.9/009_bgpd.patch.sig.
