diff options
author | Filip Tehlar <ftehlar@cisco.com> | 2017-02-03 10:17:49 +0100 |
---|---|---|
committer | Florin Coras <florin.coras@gmail.com> | 2017-02-07 15:29:29 +0000 |
commit | a6bce494e6f2117029e2760d0d15bfd212aca3ec (patch) | |
tree | 49fde903aaa69afac1a7253750495c2c11167749 | |
parent | 614ac5da53bca8c8fad5733e6749ec8753c52f28 (diff) |
LISP: reject remote mappings that have as locators local IPs
Change-Id: Ifaf46554e45557ebf82009d9c46a9e905a46f884
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
-rw-r--r-- | src/vnet/api_errno.h | 3 | ||||
-rw-r--r-- | src/vnet/lisp-cp/control.c | 27 |
2 files changed, 29 insertions, 1 deletions
diff --git a/src/vnet/api_errno.h b/src/vnet/api_errno.h index 192bfaa4bc2..32880232ec9 100644 --- a/src/vnet/api_errno.h +++ b/src/vnet/api_errno.h @@ -94,7 +94,8 @@ _(CANNOT_ENABLE_DISABLE_FEATURE, -100, "Cannot enable/disable feature") \ _(BFD_EEXIST, -101, "Duplicate BFD object") \ _(BFD_ENOENT, -102, "No such BFD object") \ _(BFD_EINUSE, -103, "BFD object in use") \ -_(BFD_NOTSUPP, -104, "BFD feature not supported") +_(BFD_NOTSUPP, -104, "BFD feature not supported") \ +_(LISP_RLOC_LOCAL, -105, "RLOC address is local") typedef enum { diff --git a/src/vnet/lisp-cp/control.c b/src/vnet/lisp-cp/control.c index 8d37cabc05c..cc73dfc5f02 100644 --- a/src/vnet/lisp-cp/control.c +++ b/src/vnet/lisp-cp/control.c @@ -993,6 +993,20 @@ mapping_delete_timer (lisp_cp_main_t * lcm, u32 mi) timing_wheel_delete (&lcm->wheel, mi); } +static int +is_local_ip (lisp_cp_main_t * lcm, ip_address_t * addr) +{ + fib_node_index_t fei; + fib_prefix_t prefix; + fib_entry_flag_t flags; + + ip_address_to_fib_prefix (addr, &prefix); + + fei = fib_table_lookup (0, &prefix); + flags = fib_entry_get_flags (fei); + return (FIB_ENTRY_FLAG_LOCAL & flags); +} + /** * Adds/removes/updates mapping. Does not program forwarding. * @@ -1016,6 +1030,7 @@ vnet_lisp_add_del_mapping (gid_address_t * eid, locator_t * rlocs, u8 action, lisp_cp_main_t *lcm = vnet_lisp_cp_get_main (); u32 mi, ls_index = 0, dst_map_index; mapping_t *old_map; + locator_t *loc; if (vnet_lisp_enable_disable_status () == 0) { @@ -1023,6 +1038,18 @@ vnet_lisp_add_del_mapping (gid_address_t * eid, locator_t * rlocs, u8 action, return VNET_API_ERROR_LISP_DISABLED; } + /* check if none of the locators match localy configured address */ + vec_foreach (loc, rlocs) + { + ip_prefix_t *p = &gid_address_ippref (&loc->address); + if (is_local_ip (lcm, &ip_prefix_addr (p))) + { + clib_warning ("RLOC %U matches a local address!", + format_gid_address, &loc->address); + return VNET_API_ERROR_LISP_RLOC_LOCAL; + } + } + if (res_map_index) res_map_index[0] = ~0; |