From 0f12b4ad02a9560d20e5483b630ababad182582b Mon Sep 17 00:00:00 2001
From: claudio <claudio@openbsd.org>
Date: Tue, 25 May 2021 14:18:44 +0000
Subject: [PATCH] Instead of the old way of prefix withdraw on a bad AS4_PATH
 treat it with prefix withdraw as required by RFC6793. Also update the
 documentation to reference RFC6793 instead of the older 4893. OK sthen@

---
 usr.sbin/bgpd/bgpd.8 | 20 ++++++++++----------
 usr.sbin/bgpd/rde.c  | 28 ++++++----------------------
 2 files changed, 16 insertions(+), 32 deletions(-)

diff --git a/usr.sbin/bgpd/bgpd.8 b/usr.sbin/bgpd/bgpd.8
index 1a7a7acd79f..eb5082eb880 100644
--- a/usr.sbin/bgpd/bgpd.8
+++ b/usr.sbin/bgpd/bgpd.8
@@ -1,4 +1,4 @@
-.\" $OpenBSD: bgpd.8,v 1.66 2021/04/27 11:34:58 claudio Exp $
+.\" $OpenBSD: bgpd.8,v 1.67 2021/05/25 14:18:44 claudio Exp $
 .\"
 .\" Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: April 27 2021 $
+.Dd $Mdocdate: May 25 2021 $
 .Dt BGPD 8
 .Os
 .Sh NAME
@@ -317,14 +317,6 @@ has been started.
 .Re
 .Pp
 .Rs
-.%A Q. Vohra
-.%A E. Chen
-.%D May 2007
-.%R RFC 4893
-.%T BGP Support for Four-octet AS Number Space
-.Re
-.Pp
-.Rs
 .%A V. Gill
 .%A J. Heasley
 .%A D. Meyer
@@ -352,6 +344,14 @@ has been started.
 .Re
 .Pp
 .Rs
+.%A Q. Vohra
+.%A E. Chen
+.%D Dec 2012
+.%R RFC 6793
+.%T BGP Support for Four-Octet Autonomous System (AS) Number Space
+.Re
+.Pp
+.Rs
 .%A E. Chen
 .%A J. Scudder
 .%A P. Mohapatra
diff --git a/usr.sbin/bgpd/rde.c b/usr.sbin/bgpd/rde.c
index 0c36005cff7..3c88cde1d89 100644
--- a/usr.sbin/bgpd/rde.c
+++ b/usr.sbin/bgpd/rde.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: rde.c,v 1.520 2021/05/06 09:18:54 claudio Exp $ */
+/*	$OpenBSD: rde.c,v 1.521 2021/05/25 14:18:44 claudio Exp $ */
 
 /*
  * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -1918,27 +1918,11 @@ bad_flags:
 			goto bad_flags;
 		if ((error = aspath_verify(p, attr_len, 1,
 		    rde_no_as_set(peer))) != 0) {
-			/*
-			 * XXX RFC does not specify how to handle errors.
-			 * XXX Instead of dropping the session because of a
-			 * XXX bad path just mark the full update as having
-			 * XXX a parse error which makes the update no longer
-			 * XXX eligible and will not be considered for routing
-			 * XXX or redistribution.
-			 * XXX We follow draft-ietf-idr-optional-transitive
-			 * XXX by looking at the partial bit.
-			 * XXX Consider soft errors similar to a partial attr.
-			 */
-			if (flags & ATTR_PARTIAL || error == AS_ERR_SOFT) {
-				a->flags |= F_ATTR_PARSE_ERR;
-				log_peer_warnx(&peer->conf, "bad AS4_PATH, "
-				    "path invalidated and prefix withdrawn");
-				goto optattr;
-			} else {
-				rde_update_err(peer, ERR_UPDATE, ERR_UPD_ASPATH,
-				    NULL, 0);
-				return (-1);
-			}
+			/* As per RFC6793 use "attribute discard" here. */
+			log_peer_warnx(&peer->conf, "bad AS4_PATH, "
+			    "attribute discarded");
+			plen += attr_len;
+			break;
 		}
 		a->flags |= F_ATTR_AS4BYTE_NEW;
 		goto optattr;
-- 
2.20.1