summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFilip Tehlar <ftehlar@cisco.com>2017-02-03 10:17:49 +0100
committerFlorin Coras <florin.coras@gmail.com>2017-02-07 15:29:29 +0000
commita6bce494e6f2117029e2760d0d15bfd212aca3ec (patch)
tree49fde903aaa69afac1a7253750495c2c11167749
parent614ac5da53bca8c8fad5733e6749ec8753c52f28 (diff)
LISP: reject remote mappings that have as locators local IPs
Change-Id: Ifaf46554e45557ebf82009d9c46a9e905a46f884 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
-rw-r--r--src/vnet/api_errno.h3
-rw-r--r--src/vnet/lisp-cp/control.c27
2 files changed, 29 insertions, 1 deletions
diff --git a/src/vnet/api_errno.h b/src/vnet/api_errno.h
index 192bfaa4bc2..32880232ec9 100644
--- a/src/vnet/api_errno.h
+++ b/src/vnet/api_errno.h
@@ -94,7 +94,8 @@ _(CANNOT_ENABLE_DISABLE_FEATURE, -100, "Cannot enable/disable feature") \
_(BFD_EEXIST, -101, "Duplicate BFD object") \
_(BFD_ENOENT, -102, "No such BFD object") \
_(BFD_EINUSE, -103, "BFD object in use") \
-_(BFD_NOTSUPP, -104, "BFD feature not supported")
+_(BFD_NOTSUPP, -104, "BFD feature not supported") \
+_(LISP_RLOC_LOCAL, -105, "RLOC address is local")
typedef enum
{
diff --git a/src/vnet/lisp-cp/control.c b/src/vnet/lisp-cp/control.c
index 8d37cabc05c..cc73dfc5f02 100644
--- a/src/vnet/lisp-cp/control.c
+++ b/src/vnet/lisp-cp/control.c
@@ -993,6 +993,20 @@ mapping_delete_timer (lisp_cp_main_t * lcm, u32 mi)
timing_wheel_delete (&lcm->wheel, mi);
}
+static int
+is_local_ip (lisp_cp_main_t * lcm, ip_address_t * addr)
+{
+ fib_node_index_t fei;
+ fib_prefix_t prefix;
+ fib_entry_flag_t flags;
+
+ ip_address_to_fib_prefix (addr, &prefix);
+
+ fei = fib_table_lookup (0, &prefix);
+ flags = fib_entry_get_flags (fei);
+ return (FIB_ENTRY_FLAG_LOCAL & flags);
+}
+
/**
* Adds/removes/updates mapping. Does not program forwarding.
*
@@ -1016,6 +1030,7 @@ vnet_lisp_add_del_mapping (gid_address_t * eid, locator_t * rlocs, u8 action,
lisp_cp_main_t *lcm = vnet_lisp_cp_get_main ();
u32 mi, ls_index = 0, dst_map_index;
mapping_t *old_map;
+ locator_t *loc;
if (vnet_lisp_enable_disable_status () == 0)
{
@@ -1023,6 +1038,18 @@ vnet_lisp_add_del_mapping (gid_address_t * eid, locator_t * rlocs, u8 action,
return VNET_API_ERROR_LISP_DISABLED;
}
+ /* check if none of the locators match localy configured address */
+ vec_foreach (loc, rlocs)
+ {
+ ip_prefix_t *p = &gid_address_ippref (&loc->address);
+ if (is_local_ip (lcm, &ip_prefix_addr (p)))
+ {
+ clib_warning ("RLOC %U matches a local address!",
+ format_gid_address, &loc->address);
+ return VNET_API_ERROR_LISP_RLOC_LOCAL;
+ }
+ }
+
if (res_map_index)
res_map_index[0] = ~0;