diff options
| author | Donald Sharp <sharpd@cumulusnetworks.com> | 2015-06-11 18:19:59 +0200 |
|---|---|---|
| committer | Donald Sharp <sharpd@cumulusnetworks.com> | 2015-06-11 18:19:59 +0200 |
| commit | bf8b3d27623615c3b2a82d9f4867c70c8071a9be (patch) | |
| tree | d30097084516d017567b6acd7d310fe9f4636986 | |
| parent | Update the log message when we receive a non-link-local nexthop for better (diff) | |
| download | frr-bf8b3d27623615c3b2a82d9f4867c70c8071a9be.tar.xz frr-bf8b3d27623615c3b2a82d9f4867c70c8071a9be.zip | |
When a route-map configuration is used to set the nexthop to a value, make
sure that the value is acceptable. For example, if the route-map is setting
the IPv6 link-local nexthop, make sure the value is an IPv6 link-local
address.
| -rw-r--r-- | bgpd/bgp_routemap.c | 42 | ||||
| -rw-r--r-- | ripd/rip_routemap.c | 7 | ||||
| -rw-r--r-- | ripngd/ripng_routemap.c | 6 |
3 files changed, 54 insertions, 1 deletions
diff --git a/bgpd/bgp_routemap.c b/bgpd/bgp_routemap.c index 2628daeb7..fc0bb25a3 100644 --- a/bgpd/bgp_routemap.c +++ b/bgpd/bgp_routemap.c @@ -3633,7 +3633,14 @@ DEFUN (set_ip_nexthop, ret = str2sockunion (argv[0], &su); if (ret < 0) { - vty_out (vty, "%% Malformed Next-hop address%s", VTY_NEWLINE); + vty_out (vty, "%% Malformed nexthop address%s", VTY_NEWLINE); + return CMD_WARNING; + } + if (su.sin.sin_addr.s_addr == 0 || + IPV4_CLASS_DE(su.sin.sin_addr.s_addr)) + { + vty_out (vty, "%% nexthop address cannot be 0.0.0.0, multicast " + "or reserved%s", VTY_NEWLINE); return CMD_WARNING; } @@ -4413,6 +4420,24 @@ DEFUN (set_ipv6_nexthop_global, "IPv6 global address\n" "IPv6 address of next hop\n") { + struct in6_addr addr; + int ret; + + ret = inet_pton (AF_INET6, argv[0], &addr); + if (!ret) + { + vty_out (vty, "%% Malformed nexthop address%s", VTY_NEWLINE); + return CMD_WARNING; + } + if (IN6_IS_ADDR_UNSPECIFIED(&addr) || + IN6_IS_ADDR_LOOPBACK(&addr) || + IN6_IS_ADDR_MULTICAST(&addr) || + IN6_IS_ADDR_LINKLOCAL(&addr)) + { + vty_out (vty, "%% Invalid global nexthop address%s", VTY_NEWLINE); + return CMD_WARNING; + } + return bgp_route_set_add (vty, vty->index, "ipv6 next-hop global", argv[0]); } @@ -4450,6 +4475,21 @@ DEFUN (set_ipv6_nexthop_local, "IPv6 local address\n" "IPv6 address of next hop\n") { + struct in6_addr addr; + int ret; + + ret = inet_pton (AF_INET6, argv[0], &addr); + if (!ret) + { + vty_out (vty, "%% Malformed nexthop address%s", VTY_NEWLINE); + return CMD_WARNING; + } + if (!IN6_IS_ADDR_LINKLOCAL(&addr)) + { + vty_out (vty, "%% Invalid link-local nexthop address%s", VTY_NEWLINE); + return CMD_WARNING; + } + return bgp_route_set_add (vty, vty->index, "ipv6 next-hop local", argv[0]); } diff --git a/ripd/rip_routemap.c b/ripd/rip_routemap.c index e04e43d48..e7263ad7b 100644 --- a/ripd/rip_routemap.c +++ b/ripd/rip_routemap.c @@ -1044,6 +1044,13 @@ DEFUN (set_ip_nexthop, vty_out (vty, "%% Malformed next-hop address%s", VTY_NEWLINE); return CMD_WARNING; } + if (su.sin.sin_addr.s_addr == 0 || + IPV4_CLASS_DE(su.sin.sin_addr.s_addr)) + { + vty_out (vty, "%% nexthop address cannot be 0.0.0.0, multicast " + "or reserved%s", VTY_NEWLINE); + return CMD_WARNING; + } return rip_route_set_add (vty, vty->index, "ip next-hop", argv[0]); } diff --git a/ripngd/ripng_routemap.c b/ripngd/ripng_routemap.c index eae4566a6..9bda2e260 100644 --- a/ripngd/ripng_routemap.c +++ b/ripngd/ripng_routemap.c @@ -645,6 +645,12 @@ DEFUN (set_ipv6_nexthop_local, return CMD_WARNING; } + if (!IN6_IS_ADDR_LINKLOCAL(&su.sin6.sin6_addr)) + { + vty_out (vty, "%% Invalid link-local nexthop address%s", VTY_NEWLINE); + return CMD_WARNING; + } + return ripng_route_set_add (vty, vty->index, "ipv6 next-hop local", argv[0]); } |