From: Claudio Jeker <cjeker@diehard.n-r-g.com>
Subject: Re: bgpd: flowspec & unknown AFI/SAFI are not VPNv6
To: Denis Fondras <denis@openbsd.org>
Cc: tech@openbsd.org
Date: Sat, 4 Jan 2025 17:55:24 +0100

On Sat, Jan 04, 2025 at 09:17:03AM +0100, Denis Fondras wrote:
> On Sat, Jan 04, 2025 at 08:01:05AM +0100, Claudio Jeker wrote:
> > On Fri, Jan 03, 2025 at 08:42:39PM +0100, Denis Fondras wrote:
> > > On Fri, Jan 03, 2025 at 08:21:58PM +0100, Claudio Jeker wrote:
> > > > 
> > > > I doubt that code is reachable but I think the error message should be
> > > > "bad withdraw prefix" since this is an error path for the case that
> > > > ibuf_skip fails.
> > > > 
> > > 
> > > Index: rde.c
> > > ===================================================================
> > > RCS file: /cvs/src/usr.sbin/bgpd/rde.c,v
> > > diff -u -p -r1.646 rde.c
> > > --- rde.c	12 Dec 2024 20:19:03 -0000	1.646
> > > +++ rde.c	3 Jan 2025 19:41:44 -0000
> > > @@ -1598,7 +1598,7 @@ rde_update_dispatch(struct rde_peer *pee
> > >  				if (ibuf_skip(&unreachbuf,
> > >  				    ibuf_size(&unreachbuf)) == -1) {
> > >  					log_peer_warnx(&peer->conf,
> > > -					    "bad VPNv6 withdraw prefix");
> > > +					    "bad withdraw prefix");
> > >  					rde_update_err(peer, ERR_UPDATE,
> > >  					    ERR_UPD_OPTATTR, &unreachbuf);
> > >  					goto done;
> > > @@ -1778,7 +1778,7 @@ rde_update_dispatch(struct rde_peer *pee
> > >  				if (ibuf_skip(&reachbuf,
> > >  				    ibuf_size(&reachbuf)) == -1) {
> > >  					log_peer_warnx(&peer->conf,
> > > -					    "bad VPNv6 withdraw prefix");
> > > +					    "bad withdraw prefix");
> > >  					rde_update_err(peer, ERR_UPDATE,
> > >  					    ERR_UPD_OPTATTR, &reachbuf);
> > >  					goto done;
> > 
> > ok.
> > 
> 
> And I did the same erroneous copy/paste :(
> 
> Index: rde.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/bgpd/rde.c,v
> diff -u -p -r1.646 rde.c
> --- rde.c	12 Dec 2024 20:19:03 -0000	1.646
> +++ rde.c	4 Jan 2025 08:15:32 -0000
> @@ -1598,7 +1598,7 @@ rde_update_dispatch(struct rde_peer *pee
>  				if (ibuf_skip(&unreachbuf,
>  				    ibuf_size(&unreachbuf)) == -1) {
>  					log_peer_warnx(&peer->conf,
> -					    "bad VPNv6 withdraw prefix");
> +					    "bad withdraw prefix");
>  					rde_update_err(peer, ERR_UPDATE,
>  					    ERR_UPD_OPTATTR, &unreachbuf);
>  					goto done;
> @@ -1778,7 +1778,7 @@ rde_update_dispatch(struct rde_peer *pee
>  				if (ibuf_skip(&reachbuf,
>  				    ibuf_size(&reachbuf)) == -1) {
>  					log_peer_warnx(&peer->conf,
> -					    "bad VPNv6 withdraw prefix");
> +					    "bad nlri prefix");
>  					rde_update_err(peer, ERR_UPDATE,
>  					    ERR_UPD_OPTATTR, &reachbuf);
>  					goto done;

Indeed. This is better.

-- 
:wq Claudio