OpenBGPD: next-hop rewriting for IPv6 blackhole filtering requests

[pierky]

When using blackhole_filtering.policy_ipv6 = rewrite-next-hop, the IPv6 address configured in rewrite_next_hop_ipv6 seems to be set correctly in the route that leaves the route server but actually it is not included into the BGP UPDATE and instead it is replaced with the route server's address.

After REUSE_INSTANCES=1 nosetests -vs tests/live_tests/scenarios/global/test_openbgpd6.py -m test_071_blackholed_prefixes_as_seen_by_enabled_clients_BLACKHOLE:

bgpctl -n show rib detail out neighbor 2001:db8:1:1::11 2a02:0:3::1/128

BGP routing table entry for 2a02:0:3::1/128
    2
    Nexthop 2001:db8:1:1::66 (via 2001:db8:1:1::66) from
2001:db8:1:1::21 (192.0.2.21)
    Origin IGP, metric 0, localpref 100, weight 0, external, valid, best
    Last update: 00:00:27 ago
    Communities: NO_EXPORT BLACKHOLE

From the output of tcpdump on AS1_1:

 Multi-Protocol Reach NLRI (14), length: 55, Flags [O]:
     AFI: IPv6 (2), SAFI: Unicast (1)
     nexthop: 2001:db8:1:1::2, nh-length: 16, no SNPA
     2a02:0:3::2/128
     2a02:0:3::1/128

bgpd.conf.txt bgpd-vdn.txt

[pierky]

It seems that this issue is due to a bug in OpenBGPD: https://marc.info/?l=openbsd-bugs&m=149065338712338&w=2 I'll update this as soon as I have tested the patch.

[pierky]

The problem herein reported was due to a bug in OpenBGP < OpenBSD 6.1, fixed with https://github.com/openbsd/src/commit/f1385c8f4f9b9e193ff65d9f2039862d3e230a45 OpenBSD 6.1 works fine. ARouteServer handles this case by producing a compatibility error when the target version is 6.0.