From 3255e756a2e54d1a1d5fbca4c5212016a141af20 Mon Sep 17 00:00:00 2001 From: Philippe Guibert Date: Mon, 6 Apr 2020 17:15:09 +0200 Subject: [PATCH] bgpd: handle fs nlri over 240 bytes the nlri flowspec above 240 bytes size was not handled. Over 240 bytes, the length is 2 bytes length, and a calculation must be done to obtain the real length. This commit handles it appropriately. Signed-off-by: Philippe Guibert --- bgpd/bgp_flowspec.c | 8 ++++++-- bgpd/bgp_flowspec_private.h | 1 + 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/bgpd/bgp_flowspec.c b/bgpd/bgp_flowspec.c index 9554638735f1..17c41636de81 100644 --- a/bgpd/bgp_flowspec.c +++ b/bgpd/bgp_flowspec.c @@ -108,7 +108,7 @@ int bgp_nlri_parse_flowspec(struct peer *peer, struct attr *attr, return BGP_NLRI_PARSE_ERROR_FLOWSPEC_IPV6_NOT_SUPPORTED; } - if (packet->length >= FLOWSPEC_NLRI_SIZELIMIT) { + if (packet->length >= FLOWSPEC_NLRI_SIZELIMIT_EXTENDED) { flog_err(EC_BGP_FLOWSPEC_PACKET, "BGP flowspec nlri length maximum reached (%u)", packet->length); @@ -124,7 +124,11 @@ int bgp_nlri_parse_flowspec(struct peer *peer, struct attr *attr, return BGP_NLRI_PARSE_ERROR_PACKET_OVERFLOW; psize = *pnt++; - + if (psize >= FLOWSPEC_NLRI_SIZELIMIT) { + psize &= 0x0f; + psize = psize << 8; + psize |= *pnt++; + } /* When packet overflow occur return immediately. */ if (pnt + psize > lim) { flog_err( diff --git a/bgpd/bgp_flowspec_private.h b/bgpd/bgp_flowspec_private.h index dede4e03d3a4..cec244c16516 100644 --- a/bgpd/bgp_flowspec_private.h +++ b/bgpd/bgp_flowspec_private.h @@ -20,6 +20,7 @@ #define _FRR_BGP_FLOWSPEC_PRIVATE_H #define FLOWSPEC_NLRI_SIZELIMIT 240 +#define FLOWSPEC_NLRI_SIZELIMIT_EXTENDED 4095 /* Flowspec raffic action bit*/ #define FLOWSPEC_TRAFFIC_ACTION_TERMINAL 1