From 30c734fc73648e4c43af4f45e68ac2de3d7ddea1 Mon Sep 17 00:00:00 2001
From: "Ondrej Zajicek (work)" <santiago@crfreenet.org>
Date: Fri, 17 Feb 2017 22:54:06 +0100
Subject: [PATCH 1/6] Static: Fix bug in static route filter expressions

During reconfiguration, old and new filter expressions in static routes
are compared using i_same() function. When filter expressions contain
function calls, it is necessary that old filter expressions are the
second argument in i_same(), as it is internally modified by i_same().
Otherwise pointers to old (and freed) data appear in the config
structure.

Thanks to Lennert Buytenhek for tracking and reporting the bug.
---
 proto/static/static.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/proto/static/static.c b/proto/static/static.c
index 0c088cd7..849067b9 100644
--- a/proto/static/static.c
+++ b/proto/static/static.c
@@ -498,7 +498,8 @@ static_same_dest(struct static_route *x, struct static_route *y)
 static inline int
 static_same_rte(struct static_route *x, struct static_route *y)
 {
-  return static_same_dest(x, y) && i_same(x->cmds, y->cmds);
+  /* Note that i_same() requires arguments in (new, old) order */
+  return static_same_dest(x, y) && i_same(y->cmds, x->cmds);
 }
 
 

From 9be12a7d95d668a64922f935057c0b401b58ab75 Mon Sep 17 00:00:00 2001
From: "Ondrej Zajicek (work)" <santiago@crfreenet.org>
Date: Sun, 19 Feb 2017 11:25:16 +0100
Subject: [PATCH 2/6] Doc: Fix RIP example

Thanks to Steve Leung for the bugreport.
---
 doc/bird.sgml | 21 +++++++++++----------
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/doc/bird.sgml b/doc/bird.sgml
index 6af0e0f6..11fe2190 100644
--- a/doc/bird.sgml
+++ b/doc/bird.sgml
@@ -3806,16 +3806,17 @@ protocol rip [&lt;name&gt;] {
 
 <p><code>
 protocol rip {
-        debug all;
-        port 1520;
-        period 12;
-        garbage time 60;
-        interface "eth0" { metric 3; mode multicast; };
-        interface "eth*" { metric 2; mode broadcast; };
-        authentication cryptographic;
-        password "secret-shared-key" { algorithm hmac sha256; };
-        import filter { print "importing"; accept; };
-        export filter { print "exporting"; accept; };
+	import all;
+	export all;
+	interface "eth*" {
+		metric 2;
+		port 1520;
+		mode multicast;
+		update time 12;
+		timeout time 60;
+		authentication cryptographic;
+		password "secret" { algorithm hmac sha256; };
+	};
 }
 </code>
 

From 4e379bde60172823452cf96e9c0b6b1737c490f0 Mon Sep 17 00:00:00 2001
From: "Ondrej Zajicek (work)" <santiago@crfreenet.org>
Date: Sun, 19 Feb 2017 12:02:39 +0100
Subject: [PATCH 3/6] BGP: Update RFC references

---
 proto/bgp/attrs.c   | 7 +++----
 proto/bgp/bgp.h     | 6 +++---
 proto/bgp/packets.c | 2 +-
 3 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/proto/bgp/attrs.c b/proto/bgp/attrs.c
index 9d23374a..2b0a92dc 100644
--- a/proto/bgp/attrs.c
+++ b/proto/bgp/attrs.c
@@ -51,10 +51,9 @@
  * implementations that pass invalid AS_CONFED_* segments are
  * widespread.
  *
- * Error handling of AS4_* attributes is done as specified by
- * draft-ietf-idr-rfc4893bis-03. There are several possible
- * inconsistencies between AGGREGATOR and AS4_AGGREGATOR that are not
- * handled by that draft, these are logged and ignored (see
+ * Error handling of AS4_* attributes is done as specified by RFC 6793. There
+ * are several possible inconsistencies between AGGREGATOR and AS4_AGGREGATOR
+ * that are not handled by that RFC, these are logged and ignored (see
  * bgp_reconstruct_4b_attrs()).
  */
 
diff --git a/proto/bgp/bgp.h b/proto/bgp/bgp.h
index d028bef4..bf933554 100644
--- a/proto/bgp/bgp.h
+++ b/proto/bgp/bgp.h
@@ -48,7 +48,7 @@ struct bgp_config {
   int passive;				/* Do not initiate outgoing connection */
   int interpret_communities;		/* Hardwired handling of well-known communities */
   int secondary;			/* Accept also non-best routes (i.e. RA_ACCEPTED) */
-  int add_path;				/* Use ADD-PATH extension [draft] */
+  int add_path;				/* Use ADD-PATH extension [RFC7911] */
   int allow_local_as;			/* Allow that number of local ASNs in incoming AS_PATHs */
   int gr_mode;				/* Graceful restart mode (BGP_GR_*) */
   int setkey;				/* Set MD5 password to system SA/SP database */
@@ -104,7 +104,7 @@ struct bgp_conn {
   int start_state;			/* protocol start_state snapshot when connection established */
   u8 peer_refresh_support;		/* Peer supports route refresh [RFC2918] */
   u8 peer_as4_support;			/* Peer supports 4B AS numbers [RFC4893] */
-  u8 peer_add_path;			/* Peer supports ADD-PATH [draft] */
+  u8 peer_add_path;			/* Peer supports ADD-PATH [RFC7911] */
   u8 peer_enhanced_refresh_support;	/* Peer supports enhanced refresh [RFC7313] */
   u8 peer_gr_aware;
   u8 peer_gr_able;
@@ -310,7 +310,7 @@ void bgp_log_error(struct bgp_proto *p, u8 class, char *msg, unsigned code, unsi
 #define BA_EXT_COMMUNITY	0x10	/* [RFC4360] */
 #define BA_AS4_PATH             0x11    /* [RFC4893] */
 #define BA_AS4_AGGREGATOR       0x12
-#define BA_LARGE_COMMUNITY	0x20	/* [draft-ietf-idr-large-community] */
+#define BA_LARGE_COMMUNITY	0x20	/* [RFC8092] */
 
 /* BGP connection states */
 
diff --git a/proto/bgp/packets.c b/proto/bgp/packets.c
index 3e816839..d100b7d0 100644
--- a/proto/bgp/packets.c
+++ b/proto/bgp/packets.c
@@ -856,7 +856,7 @@ bgp_parse_capabilities(struct bgp_conn *conn, byte *opt, int len)
 	    conn->advertised_as = get_u32(opt + 2);
 	  break;
 
-	case 69: /* ADD-PATH capability, draft */
+	case 69: /* ADD-PATH capability, RFC 7911 */
 	  if (cl % 4)
 	    goto err;
 	  for (i = 0; i < cl; i += 4)

From 1950a479c020d1972b6007d8ea0f66e3d4f8564a Mon Sep 17 00:00:00 2001
From: "Ondrej Zajicek (work)" <santiago@crfreenet.org>
Date: Thu, 23 Feb 2017 16:32:07 +0100
Subject: [PATCH 4/6] BGP: Allow exchanging LOCAL_PREF with eBGP peers

Adds option 'allow bgp_local_pref' to override the usual restriction of
LOCAL_PREF on eBGP sessions.

Thanks to Lennert Buytenhek for the patch.
---
 doc/bird.sgml      |  8 ++++++++
 proto/bgp/attrs.c  | 20 +++++++++++++++-----
 proto/bgp/bgp.h    |  1 +
 proto/bgp/config.Y |  1 +
 4 files changed, 25 insertions(+), 5 deletions(-)

diff --git a/doc/bird.sgml b/doc/bird.sgml
index 11fe2190..dd4472ae 100644
--- a/doc/bird.sgml
+++ b/doc/bird.sgml
@@ -2043,6 +2043,14 @@ using the following configuration parameters:
 	TX direction. When active, all available routes accepted by the export
 	filter are advertised to the neighbor. Default: off.
 
+	<tag><label id="bgp-allow-local-pref">allow bgp_local_pref <m/switch/</tag>
+	A standard BGP implementation do not send the Local Preference attribute
+	to eBGP neighbors and ignore this attribute if received from eBGP
+	neighbors, as per <rfc id="4271">.  When this option is enabled on an
+	eBGP session, this attribute will be sent to and accepted from the peer,
+	which is useful for example if you have a setup like in <rfc id="7938">.
+	The option does not affect iBGP sessions. Default: off.
+
 	<tag><label id="bgp-allow-local-as">allow local as [<m/number/]</tag>
 	BGP prevents routing loops by rejecting received routes with the local
 	AS number in the AS path. This option allows to loose or disable the
diff --git a/proto/bgp/attrs.c b/proto/bgp/attrs.c
index 2b0a92dc..b9e2490d 100644
--- a/proto/bgp/attrs.c
+++ b/proto/bgp/attrs.c
@@ -306,7 +306,7 @@ static struct attr_desc bgp_attr_table[] = {
     bgp_check_next_hop, bgp_format_next_hop },
   { "med", 4, BAF_OPTIONAL, EAF_TYPE_INT, 1,					/* BA_MULTI_EXIT_DISC */
     NULL, NULL },
-  { "local_pref", 4, BAF_TRANSITIVE, EAF_TYPE_INT, 0,				/* BA_LOCAL_PREF */
+  { "local_pref", 4, BAF_TRANSITIVE, EAF_TYPE_INT, 1,				/* BA_LOCAL_PREF */
     NULL, NULL },
   { "atomic_aggr", 0, BAF_TRANSITIVE, EAF_TYPE_OPAQUE, 1,			/* BA_ATOMIC_AGGR */
     NULL, NULL },
@@ -821,8 +821,13 @@ bgp_get_bucket(struct bgp_proto *p, net *n, ea_list *attrs, int originate)
       code = EA_ID(a->id);
       if (ATTR_KNOWN(code))
 	{
-	  if (!bgp_attr_table[code].allow_in_ebgp && !p->is_internal)
-	    continue;
+	  if (!p->is_internal)
+	    {
+	      if (!bgp_attr_table[code].allow_in_ebgp)
+		continue;
+	      if ((code == BA_LOCAL_PREF) && !p->cf->allow_local_pref)
+		continue;
+	    }
 	  /* The flags might have been zero if the attr was added by filters */
 	  a->flags = (a->flags & BAF_PARTIAL) | bgp_attr_table[code].expected_flags;
 	  if (code < 32)
@@ -1776,8 +1781,13 @@ bgp_decode_attrs(struct bgp_conn *conn, byte *attr, uint len, struct linpool *po
 	    { errcode = 5; goto err; }
 	  if ((desc->expected_flags ^ flags) & (BAF_OPTIONAL | BAF_TRANSITIVE))
 	    { errcode = 4; goto err; }
-	  if (!desc->allow_in_ebgp && !bgp->is_internal)
-	    continue;
+	  if (!bgp->is_internal)
+	    {
+	      if (!desc->allow_in_ebgp)
+		continue;
+	      if ((code == BA_LOCAL_PREF) && !bgp->cf->allow_local_pref)
+		continue;
+	    }
 	  if (desc->validate)
 	    {
 	      errcode = desc->validate(bgp, z, l);
diff --git a/proto/bgp/bgp.h b/proto/bgp/bgp.h
index bf933554..e47a0eb1 100644
--- a/proto/bgp/bgp.h
+++ b/proto/bgp/bgp.h
@@ -50,6 +50,7 @@ struct bgp_config {
   int secondary;			/* Accept also non-best routes (i.e. RA_ACCEPTED) */
   int add_path;				/* Use ADD-PATH extension [RFC7911] */
   int allow_local_as;			/* Allow that number of local ASNs in incoming AS_PATHs */
+  int allow_local_pref;			/* Allow LOCAL_PREF in EBGP sessions */
   int gr_mode;				/* Graceful restart mode (BGP_GR_*) */
   int setkey;				/* Set MD5 password to system SA/SP database */
   unsigned gr_time;			/* Graceful restart timeout */
diff --git a/proto/bgp/config.Y b/proto/bgp/config.Y
index 32ae88a3..55c602f1 100644
--- a/proto/bgp/config.Y
+++ b/proto/bgp/config.Y
@@ -126,6 +126,7 @@ bgp_proto:
  | bgp_proto ADD PATHS RX ';' { BGP_CFG->add_path = ADD_PATH_RX; }
  | bgp_proto ADD PATHS TX ';' { BGP_CFG->add_path = ADD_PATH_TX; }
  | bgp_proto ADD PATHS bool ';' { BGP_CFG->add_path = $4 ? ADD_PATH_FULL : 0; }
+ | bgp_proto ALLOW BGP_LOCAL_PREF bool ';' { BGP_CFG->allow_local_pref = $4; }
  | bgp_proto ALLOW LOCAL AS ';' { BGP_CFG->allow_local_as = -1; }
  | bgp_proto ALLOW LOCAL AS expr ';' { BGP_CFG->allow_local_as = $5; }
  | bgp_proto GRACEFUL RESTART bool ';' { BGP_CFG->gr_mode = $4; }

From 27f6ba651ebb07201f7964c8f14a254267f0f26a Mon Sep 17 00:00:00 2001
From: "Ondrej Zajicek (work)" <santiago@crfreenet.org>
Date: Sat, 11 Mar 2017 16:21:28 +0100
Subject: [PATCH 5/6] BGP: Fix bug in ADD_PATH

When a BGP session with ADD_PATH is restarted and the neighbor do not
announce ADD_PATH capability during reconnect, the accept_ra_types is
still set to RA_ANY.

Thanks to Lennert Buytenhek for the bugreport
---
 proto/bgp/packets.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/proto/bgp/packets.c b/proto/bgp/packets.c
index d100b7d0..ab87bdcc 100644
--- a/proto/bgp/packets.c
+++ b/proto/bgp/packets.c
@@ -1037,8 +1037,13 @@ bgp_rx_open(struct bgp_conn *conn, byte *pkt, uint len)
   p->gr_ready = p->cf->gr_mode && conn->peer_gr_able;
   p->ext_messages = p->cf->enable_extended_messages && conn->peer_ext_messages_support;
 
+  /* Update RA mode */
   if (p->add_path_tx)
     p->p.accept_ra_types = RA_ANY;
+  else if (p->cf->secondary)
+    p->p.accept_ra_types = RA_ACCEPTED;
+  else
+    p->p.accept_ra_types = RA_OPTIMAL;
 
   DBG("BGP: Hold timer set to %d, keepalive to %d, AS to %d, ID to %x, AS4 session to %d\n", conn->hold_time, conn->keepalive_time, p->remote_as, p->remote_id, p->as4_session);
 

From 33b6c292c3e3a8972d0b9f43d156aae50db65720 Mon Sep 17 00:00:00 2001
From: "Ondrej Zajicek (work)" <santiago@crfreenet.org>
Date: Tue, 14 Mar 2017 12:56:47 +0100
Subject: [PATCH 6/6] BGP: Allow to specify interface for regular sessions

This may be useful if multple interfaces share the same network range.

Thanks to Fritz Grimpen for the original patch.
---
 doc/bird.sgml   |  5 +++--
 proto/bgp/bgp.c | 12 ++++++------
 2 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/doc/bird.sgml b/doc/bird.sgml
index dd4472ae..ffd28964 100644
--- a/doc/bird.sgml
+++ b/doc/bird.sgml
@@ -1883,8 +1883,9 @@ using the following configuration parameters:
 	<tag><label id="bgp-iface">interface <m/string/</tag>
 	Define interface we should use for link-local BGP IPv6 sessions.
 	Interface can also be specified as a part of <cf/neighbor address/
-	(e.g., <cf/neighbor fe80::1234%eth0 as 65000;/). It is an error to use
-	this parameter for non link-local sessions.
+	(e.g., <cf/neighbor fe80::1234%eth0 as 65000;/). The option may also be
+	used for non link-local sessions when it is necessary to explicitly
+	specify an interface, but only for direct (not multihop) sessions.
 
 	<tag><label id="bgp-direct">direct</tag>
 	Specify that the neighbor is directly connected. The IP address of the
diff --git a/proto/bgp/bgp.c b/proto/bgp/bgp.c
index 0f1c9446..f706e76e 100644
--- a/proto/bgp/bgp.c
+++ b/proto/bgp/bgp.c
@@ -790,7 +790,7 @@ bgp_find_proto(sock *sk)
       {
 	struct bgp_proto *p = (struct bgp_proto *) pc->proto;
 	if (ipa_equal(p->cf->remote_ip, sk->daddr) &&
-	    (!ipa_is_link_local(sk->daddr) || (p->cf->iface == sk->iface)))
+	    (!p->cf->iface || (p->cf->iface == sk->iface)))
 	  return p;
       }
 
@@ -1324,11 +1324,8 @@ bgp_check_config(struct bgp_config *c)
   if (!c->remote_as)
     cf_error("Remote AS number must be set");
 
-  // if (ipa_is_link_local(c->remote_ip) && !c->iface)
-  //   cf_error("Link-local neighbor address requires specified interface");
-
-  if (!ipa_is_link_local(c->remote_ip) != !c->iface)
-    cf_error("Link-local address and interface scope must be used together");
+  if (ipa_is_link_local(c->remote_ip) && !c->iface)
+    cf_error("Link-local neighbor address requires specified interface");
 
   if (!(c->capabilities && c->enable_as4) && (c->remote_as > 0xFFFF))
     cf_error("Neighbor AS number out of range (AS4 not available)");
@@ -1346,6 +1343,9 @@ bgp_check_config(struct bgp_config *c)
 		      ipa_is_link_local(c->source_addr)))
     cf_error("Multihop BGP cannot be used with link-local addresses");
 
+  if (c->multihop && c->iface)
+    cf_error("Multihop BGP cannot be bound to interface");
+
   if (c->multihop && c->check_link)
     cf_error("Multihop BGP cannot depend on link state");