From: Theo Buehler <tb@theobuehler.org>
Subject: Re: bgpd: better limit the maximum number of SPAS in a ASPA record
To: tech@openbsd.org
Date: Mon, 11 May 2026 16:33:15 +0200

On Mon, May 11, 2026 at 02:29:06PM +0200, Claudio Jeker wrote:
> The MAX_ASPA_SPAS_COUNT handling in bgpd has 2 minor issues.
> 
> The merged ASPA table in the rtr process could in theory become bigger
> than MAX_ASPA_SPAS_COUNT. This is in itself not an issue, the RDE can
> handle that but we want to ensure the message can not overflow the imsg
> maximum buffer size. Using the same MAX_ASPA_SPAS_COUNT limit there makes
> sense. Also log if this happens, which may be annoying since the merged
> table is not persisted and so the warning will pop up over and over again
> until the issue is fixed. Since MAX_ASPA_SPAS_COUNT is magnitues bigger
> than what is around I do not bother to make this better right now.
> 
> merge_aspa_set() in parse.y does the MAX_ASPA_SPAS_COUNT wrong and is off
> by 1 afaik. Write this like all other MAX_ASPA_SPAS_COUNT checks and put
> MAX_ASPA_SPAS_COUNT on the right hand side of the comparison.

ok tb