Linux kernel allows (FreeBSD/OpenBSD too) using reserved class E IP ranges.
This is a preparation commit that ease the global switch to allow/deny
class E IP ranges in FRR.
https://datatracker.ietf.org/doc/html/draft-chen-ati-adaptive-ipv4-address-space
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
in_addr_t nexthop_h;
nexthop_h = ntohl(attr->nexthop.s_addr);
- if ((IPV4_NET0(nexthop_h) || IPV4_NET127(nexthop_h)
- || IPV4_CLASS_DE(nexthop_h))
- && !BGP_DEBUG(allow_martians, ALLOW_MARTIANS)) {
+ if ((IPV4_NET0(nexthop_h) || IPV4_NET127(nexthop_h) ||
+ !ipv4_unicast_valid(&attr->nexthop)) &&
+ !BGP_DEBUG(allow_martians, ALLOW_MARTIANS)) {
uint8_t data[7]; /* type(2) + length(1) + nhop(4) */
char buf[INET_ADDRSTRLEN];
/* If NEXT_HOP is present, validate it. */
if (attr->flag & ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP)) {
- if (attr->nexthop.s_addr == INADDR_ANY
- || IPV4_CLASS_DE(ntohl(attr->nexthop.s_addr))
- || bgp_nexthop_self(bgp, afi, type, stype, attr, dest))
+ if (attr->nexthop.s_addr == INADDR_ANY ||
+ !ipv4_unicast_valid(&attr->nexthop) ||
+ bgp_nexthop_self(bgp, afi, type, stype, attr, dest))
return true;
}
switch (attr->mp_nexthop_len) {
case BGP_ATTR_NHLEN_IPV4:
case BGP_ATTR_NHLEN_VPNV4:
- ret = (attr->mp_nexthop_global_in.s_addr == INADDR_ANY
- || IPV4_CLASS_DE(
- ntohl(attr->mp_nexthop_global_in.s_addr))
- || bgp_nexthop_self(bgp, afi, type, stype, attr,
- dest));
+ ret = (attr->mp_nexthop_global_in.s_addr ==
+ INADDR_ANY ||
+ !ipv4_unicast_valid(
+ &attr->mp_nexthop_global_in) ||
+ bgp_nexthop_self(bgp, afi, type, stype, attr,
+ dest));
break;
case BGP_ATTR_NHLEN_IPV6_GLOBAL:
return CMD_WARNING_CONFIG_FAILED;
}
- if (su.sin.sin_addr.s_addr == 0
- || IPV4_CLASS_DE(ntohl(su.sin.sin_addr.s_addr))) {
+ if (su.sin.sin_addr.s_addr == 0 ||
+ !ipv4_unicast_valid(&su.sin.sin_addr)) {
vty_out(vty,
"%% Gateway IP cannot be 0.0.0.0, multicast or reserved\n");
return CMD_WARNING_CONFIG_FAILED;
return CMD_WARNING_CONFIG_FAILED;
}
- if (su.sin.sin_addr.s_addr == 0
- || IPV4_CLASS_DE(ntohl(su.sin.sin_addr.s_addr))) {
+ if (su.sin.sin_addr.s_addr == 0 ||
+ !ipv4_unicast_valid(&su.sin.sin_addr)) {
vty_out(vty,
"%% Gateway IP cannot be 0.0.0.0, multicast or reserved\n");
return CMD_WARNING_CONFIG_FAILED;
extern char *evpn_es_df_alg2str(uint8_t df_alg, char *buf, int buf_len);
extern void prefix_evpn_hexdump(const struct prefix_evpn *p);
+static inline bool ipv4_unicast_valid(const struct in_addr *addr)
+{
+
+ in_addr_t ip = ntohl(addr->s_addr);
+
+ if (IPV4_CLASS_DE(ip))
+ return false;
+
+ return true;
+}
+
static inline int ipv6_martian(const struct in6_addr *addr)
{
struct in6_addr localhost_addr;
{
in_addr_t ip = ntohl(addr->s_addr);
- if (IPV4_NET0(ip) || IPV4_NET127(ip) || IPV4_CLASS_DE(ip)) {
+ if (IPV4_NET0(ip) || IPV4_NET127(ip) || !ipv4_unicast_valid(addr)) {
return 1;
}
return 0;
* only implemented action.
*/
yang_dnode_get_ipv4(&ia, args->dnode, NULL);
- if (ia.s_addr == INADDR_ANY || IPV4_CLASS_DE(ntohl(ia.s_addr)))
+ if (ia.s_addr == INADDR_ANY || !ipv4_unicast_valid(&ia))
return NB_ERR_VALIDATION;
/* FALLTHROUGH */
case NB_EV_PREPARE: