On 2017 May 26 (Fri) at 20:01:00 +0200 (+0200), Peter Hessler wrote:
:Apropos of "I found it", I implemented support for RFC 7607. It's a
:super short RFC, but basically it forbids use of AS 0 anywhere.
:
:OK?
:
:
Fixed some denglish in an error message, mention the RFC in the man
page, and don't take down the session if we receive AS0 in the path.
Index: bgpd.8
===================================================================
RCS file: /cvs/openbsd/src/usr.sbin/bgpd/bgpd.8,v
retrieving revision 1.52
diff -u -p -u -p -r1.52 bgpd.8
--- bgpd.8 19 Feb 2017 11:38:24 -0000 1.52
+++ bgpd.8 26 May 2017 18:29:49 -0000
@@ -357,6 +357,16 @@ control socket
.Re
.Pp
.Rs
+.%A W. Kumari
+.%A R. Bush
+.%A H. Schiller
+.%A K. Patel
+.%D August 2015
+.%R RFC 7607
+.%T Codification of AS 0 Processing
+.Re
+.Pp
+.Rs
.%D August 2011
.%R draft-ietf-grow-mrt-17
.%T MRT routing information export format
Index: parse.y
===================================================================
RCS file: /cvs/openbsd/src/usr.sbin/bgpd/parse.y,v
retrieving revision 1.300
diff -u -p -u -p -r1.300 parse.y
--- parse.y 26 May 2017 14:08:51 -0000 1.300
+++ parse.y 26 May 2017 18:15:33 -0000
@@ -3661,6 +3661,11 @@ neighbor_consistent(struct peer *p)
return (-1);
}
+ if (p->conf.remote_as == 0) {
+ yyerror("peer AS may not be zero");
+ return (-1);
+ }
+
/* set default values if they where undefined */
p->conf.ebgp = (p->conf.remote_as != conf->as);
if (p->conf.announce_type == ANNOUNCE_UNDEF)
Index: rde_attr.c
===================================================================
RCS file: /cvs/openbsd/src/usr.sbin/bgpd/rde_attr.c,v
retrieving revision 1.97
diff -u -p -u -p -r1.97 rde_attr.c
--- rde_attr.c 24 Jan 2017 04:22:42 -0000 1.97
+++ rde_attr.c 26 May 2017 19:29:04 -0000
@@ -460,6 +460,9 @@ aspath_verify(void *data, u_int16_t len,
if (seg_size == 0)
/* empty aspath segments are not allowed */
return (AS_ERR_BAD);
+
+ if (aspath_extract(seg, 0) == 0)
+ return (AS_ERR_BAD);
}
return (error); /* aspath is valid but probably not loop free */
}
Index: session.c
===================================================================
RCS file: /cvs/openbsd/src/usr.sbin/bgpd/session.c,v
retrieving revision 1.359
diff -u -p -u -p -r1.359 session.c
--- session.c 13 Feb 2017 14:48:44 -0000 1.359
+++ session.c 5 May 2017 17:26:16 -0000
@@ -2017,6 +2017,14 @@ parse_open(struct peer *peer)
memcpy(&short_as, p, sizeof(short_as));
p += sizeof(short_as);
as = peer->short_as = ntohs(short_as);
+ if (as == 0) {
+ log_peer_warnx(&peer->conf,
+ "peer requests unacceptable AS %u", as);
+ session_notification(peer, ERR_OPEN, ERR_OPEN_AS,
+ NULL, 0);
+ change_state(peer, STATE_IDLE, EVNT_RCVD_OPEN);
+ return (-1);
+ }
memcpy(&oholdtime, p, sizeof(oholdtime));
p += sizeof(oholdtime);
@@ -2477,6 +2485,14 @@ parse_capabilities(struct peer *peer, u_
}
memcpy(&remote_as, capa_val, sizeof(remote_as));
*as = ntohl(remote_as);
+ if (*as == 0) {
+ log_peer_warnx(&peer->conf,
+ "peer requests unacceptable AS %u", *as);
+ session_notification(peer, ERR_OPEN,
ERR_OPEN_AS,
+ NULL, 0);
+ change_state(peer, STATE_IDLE, EVNT_RCVD_OPEN);
+ return (-1);
+ }
peer->capa.peer.as4byte = 1;
break;
default:
--
Madam, there's no such thing as a tough child -- if you parboil them
first for seven hours, they always come out tender.
-- W. C. Fields
