From bc2d12c4ba4a9e3456936e0e6f61edffd2bd142b Mon Sep 17 00:00:00 2001 From: claudio Date: Tue, 9 May 2023 13:11:19 +0000 Subject: [PATCH] Properly handle references for nexthops and labels in filterset_copy() Up until recently filterset_copy() was only used in the parent process where none of those references exist but by using filterset_copy() in the RDE to populate per-peer output filters the code needs to handle such references. Without this rules like 'match to any set nexthop X' will cause internal corruption on config reloads and session resets. Bug report from Marko Cupac (marko.cupac (at) mimar.rs) OK tb@ --- usr.sbin/bgpd/rde_filter.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/usr.sbin/bgpd/rde_filter.c b/usr.sbin/bgpd/rde_filter.c index 4c0b570079d..f0e9b17fec7 100644 --- a/usr.sbin/bgpd/rde_filter.c +++ b/usr.sbin/bgpd/rde_filter.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rde_filter.c,v 1.135 2023/04/19 13:23:33 claudio Exp $ */ +/* $OpenBSD: rde_filter.c,v 1.136 2023/05/09 13:11:19 claudio Exp $ */ /* * Copyright (c) 2004 Claudio Jeker @@ -583,6 +583,12 @@ filterset_copy(struct filter_set_head *source, struct filter_set_head *dest) if ((t = malloc(sizeof(struct filter_set))) == NULL) fatal(NULL); memcpy(t, s, sizeof(struct filter_set)); + if (t->type == ACTION_RTLABEL_ID) + rtlabel_ref(t->action.id); + else if (t->type == ACTION_PFTABLE_ID) + pftable_ref(t->action.id); + else if (t->type == ACTION_SET_NEXTHOP_REF) + nexthop_ref(t->action.nh_ref); TAILQ_INSERT_TAIL(dest, t, entry); } } -- 2.20.1