X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;f=bgpd%2Fbgp_flowspec.c;h=9554638735f163f68ec77a537806259d400c517a;hb=f94ed830df98218447f00b97f856de811bfcc4a2;hp=884c5aa51a182aab9ae5360a027b7bb4b810ba63;hpb=e6731bccbe06ec065ff69598031ea2684ba614dc;p=mirror_frr.git diff --git a/bgpd/bgp_flowspec.c b/bgpd/bgp_flowspec.c index 884c5aa51..955463873 100644 --- a/bgpd/bgp_flowspec.c +++ b/bgpd/bgp_flowspec.c @@ -18,10 +18,11 @@ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ -#include "math.h" - #include +#include + #include "prefix.h" +#include "lib_errors.h" #include "bgpd/bgpd.h" #include "bgpd/bgp_route.h" @@ -30,6 +31,7 @@ #include "bgpd/bgp_flowspec_private.h" #include "bgpd/bgp_ecommunity.h" #include "bgpd/bgp_debug.h" +#include "bgpd/bgp_errors.h" static int bgp_fs_nlri_validate(uint8_t *nlri_content, uint32_t len) { @@ -59,7 +61,8 @@ static int bgp_fs_nlri_validate(uint8_t *nlri_content, uint32_t len) len - offset, NULL, &error); break; case FLOWSPEC_TCP_FLAGS: - ret = bgp_flowspec_tcpflags_decode( + case FLOWSPEC_FRAGMENT: + ret = bgp_flowspec_bitmask_decode( BGP_FLOWSPEC_VALIDATE_ONLY, nlri_content + offset, len - offset, NULL, &error); @@ -71,12 +74,6 @@ static int bgp_fs_nlri_validate(uint8_t *nlri_content, uint32_t len) nlri_content + offset, len - offset, NULL, &error); break; - case FLOWSPEC_FRAGMENT: - ret = bgp_flowspec_fragment_type_decode( - BGP_FLOWSPEC_VALIDATE_ONLY, - nlri_content + offset, - len - offset, NULL, &error); - break; default: error = -1; break; @@ -96,7 +93,6 @@ int bgp_nlri_parse_flowspec(struct peer *peer, struct attr *attr, afi_t afi; safi_t safi; int psize = 0; - uint8_t rlen; struct prefix p; int ret; void *temp; @@ -108,14 +104,15 @@ int bgp_nlri_parse_flowspec(struct peer *peer, struct attr *attr, safi = packet->safi; if (afi == AFI_IP6) { - zlog_err("BGP flowspec IPv6 not supported"); - return -1; + flog_err(EC_LIB_DEVELOPMENT, "BGP flowspec IPv6 not supported"); + return BGP_NLRI_PARSE_ERROR_FLOWSPEC_IPV6_NOT_SUPPORTED; } if (packet->length >= FLOWSPEC_NLRI_SIZELIMIT) { - zlog_err("BGP flowspec nlri length maximum reached (%u)", + flog_err(EC_BGP_FLOWSPEC_PACKET, + "BGP flowspec nlri length maximum reached (%u)", packet->length); - return -1; + return BGP_NLRI_PARSE_ERROR_FLOWSPEC_NLRI_SIZELIMIT; } for (; pnt < lim; pnt += psize) { @@ -124,19 +121,23 @@ int bgp_nlri_parse_flowspec(struct peer *peer, struct attr *attr, /* All FlowSpec NLRI begin with length. */ if (pnt + 1 > lim) - return -1; + return BGP_NLRI_PARSE_ERROR_PACKET_OVERFLOW; - psize = rlen = *pnt++; + psize = *pnt++; /* When packet overflow occur return immediately. */ if (pnt + psize > lim) { - zlog_err("Flowspec NLRI length inconsistent ( size %u seen)", - psize); - return -1; + flog_err( + EC_BGP_FLOWSPEC_PACKET, + "Flowspec NLRI length inconsistent ( size %u seen)", + psize); + return BGP_NLRI_PARSE_ERROR_PACKET_OVERFLOW; } if (bgp_fs_nlri_validate(pnt, psize) < 0) { - zlog_err("Bad flowspec format or NLRI options not supported"); - return -1; + flog_err( + EC_BGP_FLOWSPEC_PACKET, + "Bad flowspec format or NLRI options not supported"); + return BGP_NLRI_PARSE_ERROR_FLOWSPEC_BAD_FORMAT; } p.family = AF_FLOWSPEC; p.prefixlen = 0; @@ -148,7 +149,7 @@ int bgp_nlri_parse_flowspec(struct peer *peer, struct attr *attr, if (BGP_DEBUG(flowspec, FLOWSPEC)) { char return_string[BGP_FLOWSPEC_NLRI_STRING_MAX]; - char local_string[BGP_FLOWSPEC_NLRI_STRING_MAX * 2]; + char local_string[BGP_FLOWSPEC_NLRI_STRING_MAX*2+16]; char ec_string[BGP_FLOWSPEC_NLRI_STRING_MAX]; char *s = NULL; @@ -188,10 +189,11 @@ int bgp_nlri_parse_flowspec(struct peer *peer, struct attr *attr, ZEBRA_ROUTE_BGP, BGP_ROUTE_NORMAL, NULL, NULL, 0, NULL); if (ret) { - zlog_err("Flowspec NLRI failed to be %s.", + flog_err(EC_BGP_FLOWSPEC_INSTALLATION, + "Flowspec NLRI failed to be %s.", attr ? "added" : "withdrawn"); - return -1; + return BGP_NLRI_PARSE_ERROR; } } - return 0; + return BGP_NLRI_PARSE_OK; }