From 8ef655c24967c75d8ad214216813f9d3c2ae9db8 Mon Sep 17 00:00:00 2001 From: Donatas Abraitis Date: Fri, 1 Sep 2023 17:00:55 +0300 Subject: [PATCH 1/2] bgpd: Treat PMSI tunnel attribute as withdrawn if malformed https://datatracker.ietf.org/doc/html/rfc6514#page-10 states: A router that supports the PMSI Tunnel attribute considers this attribute to be malformed if either (a) it contains an undefined tunnel type in the Tunnel Type field of the attribute, or (b) the router cannot parse the Tunnel Identifier field of the attribute as a tunnel identifier of the tunnel types specified in the Tunnel Type field of the attribute. When a router that receives a BGP Update that contains the PMSI Tunnel attribute with its Partial bit set determines that the attribute is malformed, the router SHOULD treat this Update as though all the routes contained in this Update had been withdrawn. Signed-off-by: Donatas Abraitis --- bgpd/bgp_attr.c | 1 + 1 file changed, 1 insertion(+) diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c index 8c53191d680f..b14411a10c7a 100644 --- a/bgpd/bgp_attr.c +++ b/bgpd/bgp_attr.c @@ -1405,6 +1405,7 @@ bgp_attr_malformed(struct bgp_attr_parser_args *args, uint8_t subcode, case BGP_ATTR_LARGE_COMMUNITIES: case BGP_ATTR_ORIGINATOR_ID: case BGP_ATTR_CLUSTER_LIST: + case BGP_ATTR_PMSI_TUNNEL: case BGP_ATTR_ENCAP: case BGP_ATTR_OTC: return BGP_ATTR_PARSE_WITHDRAW; From e8cac071fb9106cbe235d3ff1f4dd9bfbd6c4cef Mon Sep 17 00:00:00 2001 From: Donatas Abraitis Date: Fri, 1 Sep 2023 17:10:12 +0300 Subject: [PATCH 2/2] bgpd: Treat as4-path (17) attribute as withdraw if malformed rfc7606 defines: Attributes 17 (AS4_PATH), 18 (AS4_AGGREGATOR), 22 (PMSI_TUNNEL), 23 (Tunnel Encapsulation Attribute), 26 (AIGP), 27 (PE Distinguisher Labels), and 29 (BGP-LS Attribute) do have error handling consistent with Section 8 and thus are not further discussed herein. Section 8 defines: The "treat-as-withdraw" approach is generally preferred and the "session reset" approach is discouraged. For any malformed attribute that is handled by the "attribute discard" instead of the "treat-as-withdraw" approach, it is critical to consider the potential impact of doing so. Signed-off-by: Donatas Abraitis --- bgpd/bgp_attr.c | 1 + 1 file changed, 1 insertion(+) diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c index b14411a10c7a..3b2270293717 100644 --- a/bgpd/bgp_attr.c +++ b/bgpd/bgp_attr.c @@ -1396,6 +1396,7 @@ bgp_attr_malformed(struct bgp_attr_parser_args *args, uint8_t subcode, */ case BGP_ATTR_ORIGIN: case BGP_ATTR_AS_PATH: + case BGP_ATTR_AS4_PATH: case BGP_ATTR_NEXT_HOP: case BGP_ATTR_MULTI_EXIT_DISC: case BGP_ATTR_LOCAL_PREF: