Issue in IPv4 prefix length verification for RFC8950

pierky / arouteserver

A tool to automatically build (and test) feature-rich configurations for BGP route servers.

https://arouteserver.readthedocs.org/

GNU General Public License v3.0

284 stars 46 forks source link

Issue in IPv4 prefix length verification for RFC8950 #130

Closed agbcix closed 5 months ago

agbcix commented 5 months ago

When a peer is configured for RFC8950 support, the prefix length is checked for the IPv6 limits only. This will permit too long IPv4 (up to /48) prefixes and will reject short IPv4 (< /12) prefixes.

agbcix commented 5 months ago

I guess it's worthwhile to add (regression) test scenarios to tests/live_tests/scenarios/rfc8950/base.py.

E.g. AS1 could try to announce 1.0.0.0/8 which should be accepted and 1.0.0.0/25 which should be rejected with cause 13.

pierky commented 5 months ago

Thanks a lot for reporting this bug. It is being addressed in the issue130_ipv4_prefix_length_check_with_rfc8950 branch, where I've also merged your proposed solution with a change to avoid code duplication.

pierky commented 5 months ago

I've just merged the branch into master and triggered the CI/CD pipeline. If everything goes well, we'll have v1.22.1 out with the fix in a couple of hours or in the worst case by tomorrow. Thanks for reporting the issue and proposing the fix!