Check for possible bgpid collision on open. RFC 6286 defines that this

check needs to be done for iBGP sessions but not for eBGP sessions.
On conflict log an error and send a notification with ERR_OPEN_BGPID
suberror.
Reported by cjt (melissa_cjt at 163.com)
OK benno@

diff --git a/usr.sbin/bgpd/session.c b/usr.sbin/bgpd/session.c
index 6539101..fc11050 100644 (file)
--- a/usr.sbin/bgpd/session.c
+++ b/usr.sbin/bgpd/session.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: session.c,v 1.411 2021/02/16 08:29:16 claudio Exp $ */
+/*     $OpenBSD: session.c,v 1.412 2021/04/27 09:12:23 claudio Exp $ */
 
 /*
  * Copyright (c) 2003, 2004, 2005 Henning Brauer <henning@openbsd.org>
@@ -2179,6 +2179,16 @@ parse_open(struct peer *peer)
                return (-1);
        }
 
+       /* on iBGP sessions check for bgpid collision */
+       if (!peer->conf.ebgp && peer->remote_bgpid == conf->bgpid) {
+               log_peer_warnx(&peer->conf, "peer BGPID %u conflicts with ours",
+                   ntohl(bgpid));
+               session_notification(peer, ERR_OPEN, ERR_OPEN_BGPID,
+                   NULL, 0);
+               change_state(peer, STATE_IDLE, EVNT_RCVD_OPEN);
+               return (-1);
+       }
+
        if (capa_neg_calc(peer) == -1) {
                log_peer_warnx(&peer->conf,
                    "capability negotiation calculation failed");