From: Claudio Jeker <cjeker@diehard.n-r-g.com>
Subject: bgpd: RFC7606 handling of ORIGIN
To: tech@openbsd.org
Date: Thu, 25 Jan 2024 12:01:24 +0100

Adjust our code to treat-as-withdraw any UPDATE that includes a bad origin
value. This is what is suggested in RFC7606.

-- 
:wq Claudio

Index: rde.c
===================================================================
RCS file: /cvs/src/usr.sbin/bgpd/rde.c,v
diff -u -p -r1.618 rde.c
--- rde.c	25 Jan 2024 09:46:12 -0000	1.618
+++ rde.c	25 Jan 2024 10:57:49 -0000
@@ -1983,8 +1983,14 @@ rde_attr_parse(struct ibuf *buf, struct 
 		if (ibuf_get_n8(&attrbuf, &a->origin) == -1)
 			goto bad_len;
 		if (a->origin > ORIGIN_INCOMPLETE) {
-			rde_update_err(peer, ERR_UPDATE, ERR_UPD_ORIGIN,
-			    &attrbuf);
+			/*
+			 * mark update as bad and withdraw all routes as per
+			 * RFC 7606
+			 */
+			a->flags |= F_ATTR_PARSE_ERR;
+			log_peer_warnx(&peer->conf, "bad ORIGIN %u, "
+			    "path invalidated and prefix withdrawn",
+			    a->origin);
 			return (-1);
 		}
 		a->flags |= F_ATTR_ORIGIN;