Merge pull request #13310 from opensourcerouting/feature/bgpd_node_target_extended_co...

[mirror_frr.git] / bgpd / bgp_route.c

diff --git a/bgpd/bgp_route.c b/bgpd/bgp_route.c
index 40ecdbb670dc9c9532787007324dbe7b7fc7d4fd..f2ee50ee19766a1f0ca167a6f907d44d18093bfc 100644 (file)
--- a/bgpd/bgp_route.c
+++ b/bgpd/bgp_route.c
@@ -4173,6 +4173,21 @@ void bgp_update(struct peer *peer, const struct prefix *p, uint32_t addpath_id,
                goto filtered;
        }
 
+       /* If the route has Node Target Extended Communities, check
+        * if it's allowed to be installed locally.
+        */
+       if ((attr->flag & ATTR_FLAG_BIT(BGP_ATTR_EXT_COMMUNITIES))) {
+               struct ecommunity *ecomm = bgp_attr_get_ecommunity(attr);
+
+               if (ecommunity_lookup(ecomm, ECOMMUNITY_ENCODE_IP,
+                                     ECOMMUNITY_NODE_TARGET) &&
+                   !ecommunity_node_target_match(ecomm, &peer->local_id)) {
+                       reason =
+                               "Node-Target Extended Communities do not contain own BGP Identifier;";
+                       goto filtered;
+               }
+       }
+
        /* RFC 8212 to prevent route leaks.
         * This specification intends to improve this situation by requiring the
         * explicit configuration of both BGP Import and Export Policies for any