diff options
| author |   claudio <claudio@openbsd.org> | 2008-12-28 15:19:21 +0000 |
|---|---|---|
| committer | claudio <claudio@openbsd.org> | 2008-12-28 15:19:21 +0000 |
| commit | ca293aa516d7fcadc3ebe90da6c4536fcf99f6a3 (patch) | |
| tree | c8731aca369cf880775c2363a935260ff80d12f4 /usr.sbin/ospf6d/database.c | |
| parent | Make blitter ``go the other way'' when scrolling down. (diff) | |
| download | wireguard-openbsd-ca293aa516d7fcadc3ebe90da6c4536fcf99f6a3.tar.xz wireguard-openbsd-ca293aa516d7fcadc3ebe90da6c4536fcf99f6a3.zip | |
Add a ugly workaround for the problem where an invalid AS4_PATH is passed
over mulitple hops and causes bgpd to close the connection. This is what
the RFC requires us to do but the result is a DoS against all OpenBGPD
routers when somebody injects such a bad optional transitive attribute
because the intermediate routers don't give a damn about it.
As a result we now ignore such bad prefixes and don't allow them in the
decision process. The handling of optional transitive attributes needs to
be rethinked because all of them can be abused in such a way.
Idea OK by a few + henning@, tested myself against my crappy regress test
suite that needs way more work.
Diffstat (limited to 'usr.sbin/ospf6d/database.c')
0 files changed, 0 insertions, 0 deletions