relax loopback rule for networks

Fri, 04 Dec 2020 03:37:12 -0800 

In bgpd network inet static and network inet connected should skip
networks that use 127.0.0.1 as gateway. (This is to prevent network inet
static picking up reject routes like 224/4).
This does not really make sense for network inet rtlabel "theones".
Using rtlabels the operator is in control and can do the selection of
routes carefully. Similar to rtlabel is priority.

Because of this weaken the route exclusion when networks are selected and
only do it for static and connected filters.

OK?
-- 
:wq Claudio

Index: kroute.c
===================================================================
RCS file: /cvs/src/usr.sbin/bgpd/kroute.c,v
retrieving revision 1.239
diff -u -p -r1.239 kroute.c
--- kroute.c    1 Oct 2019 08:57:48 -0000       1.239
+++ kroute.c    4 Dec 2020 11:31:09 -0000
@@ -110,7 +110,7 @@ int kr6_delete(struct ktable *, struct k
 int    krVPN4_delete(struct ktable *, struct kroute_full *, u_int8_t);
 int    krVPN6_delete(struct ktable *, struct kroute_full *, u_int8_t);
 void   kr_net_delete(struct network *);
-int    kr_net_match(struct ktable *, struct network_config *, u_int16_t);
+int    kr_net_match(struct ktable *, struct network_config *, u_int16_t, int);
 struct network *kr_net_find(struct ktable *, struct network *);
 void   kr_net_clear(struct ktable *);
 void   kr_redistribute(int, struct ktable *, struct kroute *);
@@ -1318,7 +1318,8 @@ kr_net_redist_del(struct ktable *kt, str
 }
 
 int
-kr_net_match(struct ktable *kt, struct network_config *net, u_int16_t flags)
+kr_net_match(struct ktable *kt, struct network_config *net, u_int16_t flags,
+    int loopback)
 {
        struct network          *xn;
 
@@ -1330,10 +1331,16 @@ kr_net_match(struct ktable *kt, struct n
                        /* static match already redistributed */
                        continue;
                case NETWORK_STATIC:
+                       /* Skip networks with nexthop on loopback. */
+                       if (loopback)
+                               continue;
                        if (flags & F_STATIC)
                                break;
                        continue;
                case NETWORK_CONNECTED:
+                       /* Skip networks with nexthop on loopback. */
+                       if (loopback)
+                               continue;
                        if (flags & F_CONNECTED)
                                break;
                        continue;
@@ -1419,6 +1426,7 @@ kr_redistribute(int type, struct ktable 
 {
        struct network_config    net;
        u_int32_t                a;
+       int                      loflag = 0;
 
        bzero(&net, sizeof(net));
        net.prefix.aid = AID_INET;
@@ -1449,9 +1457,9 @@ kr_redistribute(int type, struct ktable 
            (a >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET)
                return;
 
-       /* Consider networks with nexthop loopback as not redistributable. */
+       /* Check if the nexthop is the loopback addr. */
        if (kr->nexthop.s_addr == htonl(INADDR_LOOPBACK))
-               return;
+               loflag = 1;
 
        /*
         * never allow 0.0.0.0/0 the default route can only be redistributed
@@ -1460,7 +1468,7 @@ kr_redistribute(int type, struct ktable 
        if (kr->prefix.s_addr == INADDR_ANY && kr->prefixlen == 0)
                return;
 
-       if (kr_net_match(kt, &net, kr->flags) == 0)
+       if (kr_net_match(kt, &net, kr->flags, loflag) == 0)
                /* no longer matches, if still present remove it */
                kr_net_redist_del(kt, &net, 1);
 }
@@ -1468,7 +1476,8 @@ kr_redistribute(int type, struct ktable 
 void
 kr_redistribute6(int type, struct ktable *kt, struct kroute6 *kr6)
 {
-       struct network_config    net;
+       struct network_config   net;
+       int                     loflag = 0;
 
        bzero(&net, sizeof(net));
        net.prefix.aid = AID_INET6;
@@ -1503,11 +1512,9 @@ kr_redistribute6(int type, struct ktable
            IN6_IS_ADDR_V4COMPAT(&kr6->prefix))
                return;
 
-       /*
-        * Consider networks with nexthop loopback as not redistributable.
-        */
+       /* Check if the nexthop is the loopback addr. */
        if (IN6_IS_ADDR_LOOPBACK(&kr6->nexthop))
-               return;
+               loflag = 1;
 
        /*
         * never allow ::/0 the default route can only be redistributed
@@ -1517,7 +1524,7 @@ kr_redistribute6(int type, struct ktable
            memcmp(&kr6->prefix, &in6addr_any, sizeof(struct in6_addr)) == 0)
                return;
 
-       if (kr_net_match(kt, &net, kr6->flags) == 0)
+       if (kr_net_match(kt, &net, kr6->flags, loflag) == 0)
                /* no longer matches, if still present remove it */
                kr_net_redist_del(kt, &net, 1);
 }

Reply via email to