From 6902e8cf1857f0c71918e8944fa5aae1ad08f65d Mon Sep 17 00:00:00 2001
From: Philippe Guibert <philippe.guibert@6wind.com>
Date: Mon, 6 Apr 2020 17:15:09 +0200
Subject: [PATCH] bgpd: handle fs nlri over 240 bytes

the nlri flowspec above 240 bytes size was not handled.
Over 240 bytes, the length is 2 bytes length, and a calculation must be
done to obtain the real length. This commit handles it appropriately.

Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
---
 bgpd/bgp_flowspec.c | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/bgpd/bgp_flowspec.c b/bgpd/bgp_flowspec.c
index 9554638735f1..3e73b195ad0e 100644
--- a/bgpd/bgp_flowspec.c
+++ b/bgpd/bgp_flowspec.c
@@ -108,13 +108,6 @@ int bgp_nlri_parse_flowspec(struct peer *peer, struct attr *attr,
 		return BGP_NLRI_PARSE_ERROR_FLOWSPEC_IPV6_NOT_SUPPORTED;
 	}
 
-	if (packet->length >= FLOWSPEC_NLRI_SIZELIMIT) {
-		flog_err(EC_BGP_FLOWSPEC_PACKET,
-			 "BGP flowspec nlri length maximum reached (%u)",
-			 packet->length);
-		return BGP_NLRI_PARSE_ERROR_FLOWSPEC_NLRI_SIZELIMIT;
-	}
-
 	for (; pnt < lim; pnt += psize) {
 		/* Clear prefix structure. */
 		memset(&p, 0, sizeof(struct prefix));
@@ -124,7 +117,11 @@ int bgp_nlri_parse_flowspec(struct peer *peer, struct attr *attr,
 			return BGP_NLRI_PARSE_ERROR_PACKET_OVERFLOW;
 
 		psize = *pnt++;
-
+		if (psize >= FLOWSPEC_NLRI_SIZELIMIT) {
+			psize &= 0x0f;
+			psize = psize << 8;
+			psize |= *pnt++;
+		}
 		/* When packet overflow occur return immediately. */
 		if (pnt + psize > lim) {
 			flog_err(