On Wed, Sep 24, 2008 at 08:50:47PM +0200, Claudio Jeker wrote:
...
> > So the problems I see are the following:
> > 1) the "(inet|inet6)" parameter either doesn't work, doesn't work
> > consistently, or at the very least doesn't work as described in the man
> > page for bgpd.conf(5) IMHO.
> > 2) the parser for the filter section in bgpd.conf doesn't detect an IPv4
> > prefix versus an IPv6 prefix. (Why else would 0.0.0.0/0 match
> > _anything_ in IPv6 land?)
> > 3) it doesn't appear (though I haven't tested this theory much) that
> > bgpd will default the prefixlen to equal the CIDR mask.
> >
>
> I would say that's a bug. Your first version should just work.
> I'll have a look at it.
>
Here we go. Try this diff, untested but compiles :)
The problem was that for IPv6 prefixes
deny from any prefix 0.0.0.0/0
was essentially
deny from any
And so everything IPv6 related was dropped :(
--
:wq Claudio
Index: rde_filter.c
===================================================================
RCS file: /cvs/src/usr.sbin/bgpd/rde_filter.c,v
retrieving revision 1.54
diff -u -p -r1.54 rde_filter.c
--- rde_filter.c 15 Jun 2008 10:19:21 -0000 1.54
+++ rde_filter.c 24 Sep 2008 19:01:10 -0000
@@ -283,8 +283,11 @@ rde_filter_match(struct filter_rule *f,
return (0);
}
- if (f->match.prefix.addr.af != 0 &&
- f->match.prefix.addr.af == prefix->af) {
+ if (f->match.prefix.addr.af != 0) {
+ if (f->match.prefix.addr.af != prefix->af)
+ /* don't use IPv4 rules for IPv6 and vice versa */
+ return (0);
+
if (prefix_compare(prefix, &f->match.prefix.addr,
f->match.prefix.len))
return (0);
