Update obsolete RFC 5575 to newer RFCs 8955 / 8956

author Ondrej Zajicek <santiago@crfreenet.org>

Tue, 4 Feb 2025 15:07:09 +0000 (16:07 +0100)

committer Ondrej Zajicek <santiago@crfreenet.org>

Tue, 4 Feb 2025 15:07:09 +0000 (16:07 +0100)
author Ondrej Zajicek <santiago@crfreenet.org>
Tue, 4 Feb 2025 15:07:09 +0000 (16:07 +0100)
committer Ondrej Zajicek <santiago@crfreenet.org>
Tue, 4 Feb 2025 15:07:09 +0000 (16:07 +0100)
diff --git a/conf/flowspec.Y b/conf/flowspec.Y

index 102fed45558cac84742e29d63cc7b75823c03ee8..0709a45b12acce9e4110641b58ec4850d28a2549 100644 (file)
--- a/conf/flowspec.Y
+++ b/conf/flowspec.Y
@@ -1,5 +1,5 @@
  /*
- *     BIRD -- Flow specification (RFC 5575) grammar
+ *     BIRD -- Flow specification (RFC 8955) grammar
   *
   *     (c) 2016 CZ.NIC z.s.p.o.
   *
diff --git a/doc/bird.conf.example2 b/doc/bird.conf.example2

index 0f9b471467423ac6184d6d99717c5417a17e065e..115f410f700dbd79ca8341db269b36c59aaa95d6 100644 (file)
--- a/doc/bird.conf.example2
+++ b/doc/bird.conf.example2
@@ -78,7 +78,7 @@ protocol static statvpn6 {
         route 10:20 2001:db8:20:11::/64 via 2001:db8:1:1::10 mpls 200/220;
  }
  
-# RFC 5575 flow specification
+# RFC 8955 flow specification
  protocol static flowstat4 {
         flow4;
  
@@ -124,6 +124,7 @@ protocol static flowstat4 {
         };
  }
  
+# RFC 8956 flow specification
  protocol static flowstat6 {
         flow6;
  
@@ -135,7 +136,7 @@ protocol static flowstat6 {
                 dport = 50;
                 tcp flags 0x03/0x0f, !0/0xff || 0x33/0x33;
                 fragment !is_fragment || !first_fragment;
-               label 0xaaaa/0xaaaa && 0x33/0x33;
+               label > 1111 && != 1234;
         };
  
         route flow6 {
diff --git a/lib/flowspec.c b/lib/flowspec.c

index 6bf1f14bb274183ee7f2bc852cd522ecfb917932..eaaffb148a26123ebe39ea2a43f2c06dee277bca 100644 (file)
--- a/lib/flowspec.c
+++ b/lib/flowspec.c
@@ -1,5 +1,5 @@
  /*
- *     BIRD Library -- Flow specification (RFC 5575)
+ *     BIRD Library -- Flow specification (RFC 8955)
   *
   *     (c) 2016 CZ.NIC z.s.p.o.
   *
@@ -9,7 +9,7 @@
  /**
   * DOC: Flow specification (flowspec)
   *
- * Flowspec are rules (RFC 5575) for firewalls disseminated using BGP protocol.
+ * Flowspec are rules (RFC 8955) for firewalls disseminated using BGP protocol.
   * The |flowspec.c| is a library for handling flowspec binary streams and
   * flowspec data structures. You will find there functions for validation
   * incoming flowspec binary streams, iterators for jumping over components,
diff --git a/lib/flowspec.h b/lib/flowspec.h

index 91a2671bbd6aac82448c351aaf496348418653f4..8ff968ed2a85d35136200890012e19500bc41fac 100644 (file)
--- a/lib/flowspec.h
+++ b/lib/flowspec.h
@@ -1,5 +1,5 @@
  /*
- *     BIRD Library -- Flow specification (RFC 5575)
+ *     BIRD Library -- Flow specification (RFC 8955)
   *
   *     (c) 2016 CZ.NIC z.s.p.o.
   *
diff --git a/lib/flowspec_test.c b/lib/flowspec_test.c

index df2a719493fa956482db966261b5231847e2144f..1fd1a0b9912c3977d93dde8317efec94b86f90c2 100644 (file)
--- a/lib/flowspec_test.c
+++ b/lib/flowspec_test.c
@@ -1,5 +1,5 @@
  /*
- *     BIRD Library -- Flow specification (RFC 5575) Tests
+ *     BIRD Library -- Flow specification (RFC 8955) Tests
   *
   *     (c) 2016 CZ.NIC z.s.p.o.
   *
diff --git a/proto/bgp/bgp.c b/proto/bgp/bgp.c

index c18a73feb21b63b5a90c6a401710b0f4938d3c40..405be13f183ef08ac939e87d2ddabfa2b25ca94c 100644 (file)
--- a/proto/bgp/bgp.c
+++ b/proto/bgp/bgp.c
@@ -86,7 +86,6 @@
   * RFC 5065 - AS confederations for BGP
   * RFC 5082 - Generalized TTL Security Mechanism
   * RFC 5492 - Capabilities Advertisement with BGP
- * RFC 5575 - Dissemination of Flow Specification Rules
   * RFC 5668 - 4-Octet AS Specific BGP Extended Community
   * RFC 6286 - AS-Wide Unique BGP Identifier
   * RFC 6608 - Subcodes for BGP Finite State Machine Error
@@ -101,6 +100,8 @@
   * RFC 8212 - Default EBGP Route Propagation Behavior without Policies
   * RFC 8654 - Extended Message Support for BGP
   * RFC 8950 - Advertising IPv4 NLRI with an IPv6 Next Hop
+ * RFC 8955 - Dissemination of Flow Specification Rules
+ * RFC 8956 - Dissemination of Flow Specification Rules for IPv6
   * RFC 9072 - Extended Optional Parameters Length for BGP OPEN Message
   * RFC 9117 - Revised Validation Procedure for BGP Flow Specifications
   * RFC 9234 - Route Leak Prevention and Detection Using Roles
diff --git a/proto/bgp/packets.c b/proto/bgp/packets.c

index 8b78cc13215d8c969c6549b93ab1c5493aaed0ad..b5e0a30c814c9d6e49a8101c6c4b14f61229ea4f 100644 (file)
--- a/proto/bgp/packets.c
+++ b/proto/bgp/packets.c
@@ -1484,7 +1484,7 @@ bgp_decode_next_hop_none(struct bgp_parse_state *s UNUSED, byte *data UNUSED, ui
    /*
     * Although we expect no next hop and RFC 7606 7.11 states that attribute
     * MP_REACH_NLRI with unexpected next hop length is considered malformed,
-   * FlowSpec RFC 5575 4 states that next hop shall be ignored on receipt.
+   * FlowSpec RFC 8955 4 states that next hop shall be ignored on receipt.
     */
  
    return;
author	Ondrej Zajicek <santiago@crfreenet.org>
	Tue, 4 Feb 2025 15:07:09 +0000 (16:07 +0100)
committer	Ondrej Zajicek <santiago@crfreenet.org>
	Tue, 4 Feb 2025 15:07:09 +0000 (16:07 +0100)
conf/flowspec.Y		patch \| blob \| blame \| history
doc/bird.conf.example2		patch \| blob \| blame \| history
lib/flowspec.c		patch \| blob \| blame \| history
lib/flowspec.h		patch \| blob \| blame \| history
lib/flowspec_test.c		patch \| blob \| blame \| history
proto/bgp/bgp.c		patch \| blob \| blame \| history
proto/bgp/packets.c		patch \| blob \| blame \| history