From ce6b2a559f15b1970c4cea4c826f3c4f67bc9835 Mon Sep 17 00:00:00 2001 From: eddie barlev Date: Mon, 5 Aug 2024 10:56:56 +0300 Subject: [PATCH 1/2] Use configured local address over the one that is taken from the BGP session. This is needed in cases when using VRFs over GENEVE Tunnels where we bind the listening address to one internal IP for security reasons. Without this fix the local address was overridden with the listening address resulting in wrong nexthop advertisement. --- pkg/server/server.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/pkg/server/server.go b/pkg/server/server.go index 8888f39ab..69e2c837b 100644 --- a/pkg/server/server.go +++ b/pkg/server/server.go @@ -879,6 +879,9 @@ func (s *BgpServer) toConfig(peer *peer, getAdvertised bool) *oc.Neighbor { if state == bgp.BGP_FSM_ESTABLISHED { peer.fsm.lock.RLock() conf.Transport.State.LocalAddress, conf.Transport.State.LocalPort = peer.fsm.LocalHostPort() + if conf.Transport.Config.LocalAddress != "0.0.0.0" { + conf.Transport.State.LocalAddress = conf.Transport.Config.LocalAddress + } _, conf.Transport.State.RemotePort = peer.fsm.RemoteHostPort() buf, _ := peer.fsm.recvOpen.Serialize() // need to copy all values here @@ -1616,6 +1619,10 @@ func (s *BgpServer) handleFSMMessage(peer *peer, e *fsmMsg) { // exclude zone info ipaddr, _ := net.ResolveIPAddr("ip", laddr) peer.fsm.peerInfo.LocalAddress = ipaddr.IP + if peer.fsm.pConf.Transport.Config.LocalAddress != "0.0.0.0" { + peer.fsm.peerInfo.LocalAddress = net.ParseIP(peer.fsm.pConf.Transport.Config.LocalAddress) + peer.fsm.pConf.Transport.State.LocalAddress = peer.fsm.pConf.Transport.Config.LocalAddress + } neighborAddress := peer.fsm.pConf.State.NeighborAddress peer.fsm.lock.Unlock() deferralExpiredFunc := func(family bgp.RouteFamily) func() { From 8a30a7a1c9979d75bee776e920fe537a541a00cc Mon Sep 17 00:00:00 2001 From: eddie barlev Date: Sun, 29 Sep 2024 18:00:01 +0300 Subject: [PATCH 2/2] improve PR 2827 by replacing hardcoded IP 0.0.0.0 with netip.IPv4Unspecified() call --- pkg/server/server.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/pkg/server/server.go b/pkg/server/server.go index 69e2c837b..65f1b26bb 100644 --- a/pkg/server/server.go +++ b/pkg/server/server.go @@ -21,6 +21,7 @@ import ( "errors" "fmt" "net" + "net/netip" "reflect" "strconv" "sync" @@ -879,7 +880,7 @@ func (s *BgpServer) toConfig(peer *peer, getAdvertised bool) *oc.Neighbor { if state == bgp.BGP_FSM_ESTABLISHED { peer.fsm.lock.RLock() conf.Transport.State.LocalAddress, conf.Transport.State.LocalPort = peer.fsm.LocalHostPort() - if conf.Transport.Config.LocalAddress != "0.0.0.0" { + if conf.Transport.Config.LocalAddress != netip.IPv4Unspecified().String() { conf.Transport.State.LocalAddress = conf.Transport.Config.LocalAddress } _, conf.Transport.State.RemotePort = peer.fsm.RemoteHostPort() @@ -1619,7 +1620,7 @@ func (s *BgpServer) handleFSMMessage(peer *peer, e *fsmMsg) { // exclude zone info ipaddr, _ := net.ResolveIPAddr("ip", laddr) peer.fsm.peerInfo.LocalAddress = ipaddr.IP - if peer.fsm.pConf.Transport.Config.LocalAddress != "0.0.0.0" { + if peer.fsm.pConf.Transport.Config.LocalAddress != netip.IPv4Unspecified().String() { peer.fsm.peerInfo.LocalAddress = net.ParseIP(peer.fsm.pConf.Transport.Config.LocalAddress) peer.fsm.pConf.Transport.State.LocalAddress = peer.fsm.pConf.Transport.Config.LocalAddress }