X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;f=bgpd%2Fbgp_flowspec_util.c;h=c6386dcdb56df55dab52f963dbfe97d9b565b28f;hb=c52e2ecf95a9be318912caacc0851d9307e679f7;hp=1b874276613c2a32150578c30a3a173761e2cbff;hpb=262c829d7e86dbec3b35472cf861c433683cec82;p=mirror_frr.git

diff --git a/bgpd/bgp_flowspec_util.c b/bgpd/bgp_flowspec_util.c
index 1b8742766..c6386dcdb 100644
--- a/bgpd/bgp_flowspec_util.c
+++ b/bgpd/bgp_flowspec_util.c
@@ -21,11 +21,13 @@
 #include "zebra.h"
 
 #include "prefix.h"
+#include "lib_errors.h"
 
 #include "bgp_table.h"
 #include "bgp_flowspec_util.h"
 #include "bgp_flowspec_private.h"
 #include "bgp_pbr.h"
+#include "bgp_errors.h"
 
 static void hex2bin(uint8_t *hex, int *bin)
 {
@@ -66,16 +68,16 @@ static int bgp_flowspec_call_non_opaque_decode(uint8_t *nlri_content, int len,
 			     len,
 			     mval, error);
 	if (*error < 0)
-		zlog_err("%s: flowspec_op_decode error %d",
-			 __func__, *error);
+		flog_err(EC_BGP_FLOWSPEC_PACKET,
+			 "%s: flowspec_op_decode error %d", __func__, *error);
 	else
 		*match_num = *error;
 	return ret;
 }
 
-static bool bgp_flowspec_contains_prefix(struct prefix *pfs,
-					 struct prefix *input,
-					 int prefix_check)
+bool bgp_flowspec_contains_prefix(struct prefix *pfs,
+				 struct prefix *input,
+				 int prefix_check)
 {
 	uint32_t offset = 0;
 	int type;
@@ -444,10 +446,20 @@ int bgp_flowspec_match_rules_fill(uint8_t *nlri_content, int len,
 					len - offset,
 					prefix, &error);
 			if (error < 0)
-				zlog_err("%s: flowspec_ip_address error %d",
+				flog_err(EC_BGP_FLOWSPEC_PACKET,
+					 "%s: flowspec_ip_address error %d",
 					 __func__, error);
-			else
-				bpem->match_bitmask |= bitmask;
+			else {
+				/* if src or dst address is 0.0.0.0,
+				 * ignore that rule
+				 */
+				if (prefix->family == AF_INET
+				    && prefix->u.prefix4.s_addr == 0)
+					memset(prefix, 0,
+					       sizeof(struct prefix));
+				else
+					bpem->match_bitmask |= bitmask;
+			}
 			offset += ret;
 			break;
 		case FLOWSPEC_IP_PROTOCOL:
@@ -538,8 +550,10 @@ int bgp_flowspec_match_rules_fill(uint8_t *nlri_content, int len,
 					len - offset,
 					&bpem->tcpflags, &error);
 			if (error < 0)
-				zlog_err("%s: flowspec_tcpflags_decode error %d",
-					 __func__, error);
+				flog_err(
+					EC_BGP_FLOWSPEC_PACKET,
+					"%s: flowspec_tcpflags_decode error %d",
+					__func__, error);
 			else
 				bpem->match_tcpflags_num = error;
 			/* contains the number of slots used */
@@ -552,36 +566,18 @@ int bgp_flowspec_match_rules_fill(uint8_t *nlri_content, int len,
 					len - offset, &bpem->fragment,
 					&error);
 			if (error < 0)
-				zlog_err("%s: flowspec_fragment_type_decode error %d",
-					 __func__, error);
+				flog_err(
+					EC_BGP_FLOWSPEC_PACKET,
+					"%s: flowspec_fragment_type_decode error %d",
+					__func__, error);
 			else
 				bpem->match_fragment_num = error;
 			offset += ret;
 			break;
 		default:
-			zlog_err("%s: unknown type %d\n", __func__, type);
+			flog_err(EC_LIB_DEVELOPMENT, "%s: unknown type %d\n",
+				 __func__, type);
 		}
 	}
 	return error;
 }
-
-
-struct bgp_node *bgp_flowspec_get_match_per_ip(afi_t afi,
-					       struct bgp_table *rib,
-					       struct prefix *match,
-					       int prefix_check)
-{
-	struct bgp_node *rn;
-	struct prefix *prefix;
-
-	for (rn = bgp_table_top(rib); rn; rn = bgp_route_next(rn)) {
-		prefix = &rn->p;
-
-		if (prefix->family != AF_FLOWSPEC)
-			continue;
-
-		if (bgp_flowspec_contains_prefix(prefix, match, prefix_check))
-			return rn;
-	}
-	return NULL;
-}