bgpd: fix ipv4-mapped ipv6 on non 6pe

0325116 ("bgpd: fix 6vpe nexthop") enforced sending an IPv4-mapped IPv6 address as nexthop when the BGP session is on IPv4 and address family IPv6. This is not always correct. In some cases, sending an IPv6 global address is valid on an IPv4 session: - MP-BGP is used and the sending router has an IPv4 and a global IPv6 address on the interface towards the peer. - nexthop is set by a route-map, nexthop-self... - router that is sending the UPDATE is a route-reflector or a route-server IPv4-mapped IPv6 nexthop should be limited to the 6PE /6vPE cases where the prefix is reachable via an IPv4 only MPLS backbone. Do not replace the global IPv6 address when sending UPDATE in the cases described above. Also only set the IPv4-mapped IPv6 address as nexthop when only a link-local IPv6 address or no IPv6 address is found on the interface towards the peer. It assumes a 6PE router has a no configured IPv6 address on the interface. Fixes: 0325116 ("bgpd: fix 6vpe nexthop") Signed-off-by: Louis Scalbert <[email protected]>
louis-6wind · Mar 26, 2024 · 93407c0 · 93407c0
1 parent 6ee9610
commit 93407c0
Showing 1 changed file with 20 additions and 5 deletions.
diff --git a/bgpd/bgp_updgrp_packet.c b/bgpd/bgp_updgrp_packet.c
@@ -525,11 +525,26 @@ struct stream *bpacket_reformat_for_peer(struct bpacket *pkt,
 
 		if (peer->nexthop.v4.s_addr != INADDR_ANY &&
 		    (IN6_IS_ADDR_UNSPECIFIED(mod_v6nhg) ||
-		     (peer->connection->su.sa.sa_family == AF_INET &&
-		      paf->afi == AFI_IP6))) {
-			/* set a IPv4 mapped IPv6 address if no global IPv6
-			 * address is found or if announcing IPv6 prefix
-			 * over an IPv4 BGP session.
+		     (IN6_IS_ADDR_LINKLOCAL(mod_v6nhg) &&
+		      peer->connection->su.sa.sa_family == AF_INET &&
+		      paf->afi == AFI_IP6 && !route_map_sets_nh &&
+		      !peer_af_flag_check(peer, paf->afi, paf->safi,
+					  PEER_FLAG_NEXTHOP_UNCHANGED) &&
+		      !CHECK_FLAG(vec->flags,
+				  BPKT_ATTRVEC_FLAGS_RMAP_NH_UNCHANGED) &&
+			  !CHECK_FLAG(vec->flags,
+					  PEER_FLAG_NEXTHOP_SELF) &&
+		      !peer_af_flag_check(peer, paf->afi, paf->safi,
+					  PEER_FLAG_REFLECTOR_CLIENT) &&
+		      !peer_af_flag_check(peer, paf->afi, paf->safi,
+					  PEER_FLAG_RSERVER_CLIENT)))) {
+			/* set a IPv4 mapped IPv6 address
+			 * - if no global IPv6 address is found
+			 * - or if a Link-Local is found (because no global is present)
+			 *   and the announced prefix is IPv6 over an IPv4 BGP session
+			 *   and no specific instructions for nexthop override or unchanged
+			 *   and not a route-reflector
+			 *   and not a route-server
 			 */
 			ipv4_to_ipv4_mapped_ipv6(mod_v6nhg, peer->nexthop.v4);
 			gnh_modified = 1;