From: Ondrej Zajicek Date: Tue, 4 Feb 2025 15:07:09 +0000 (+0100) Subject: Update obsolete RFC 5575 to newer RFCs 8955 / 8956 X-Git-Tag: v3.1.0~38^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=deec84ca33d33c367e4f647d784889c05eda38ae;p=thirdparty%2Fbird.git Update obsolete RFC 5575 to newer RFCs 8955 / 8956 --- diff --git a/conf/flowspec.Y b/conf/flowspec.Y index 102fed455..0709a45b1 100644 --- a/conf/flowspec.Y +++ b/conf/flowspec.Y @@ -1,5 +1,5 @@ /* - * BIRD -- Flow specification (RFC 5575) grammar + * BIRD -- Flow specification (RFC 8955) grammar * * (c) 2016 CZ.NIC z.s.p.o. * diff --git a/doc/bird.conf.example2 b/doc/bird.conf.example2 index 0f9b47146..115f410f7 100644 --- a/doc/bird.conf.example2 +++ b/doc/bird.conf.example2 @@ -78,7 +78,7 @@ protocol static statvpn6 { route 10:20 2001:db8:20:11::/64 via 2001:db8:1:1::10 mpls 200/220; } -# RFC 5575 flow specification +# RFC 8955 flow specification protocol static flowstat4 { flow4; @@ -124,6 +124,7 @@ protocol static flowstat4 { }; } +# RFC 8956 flow specification protocol static flowstat6 { flow6; @@ -135,7 +136,7 @@ protocol static flowstat6 { dport = 50; tcp flags 0x03/0x0f, !0/0xff || 0x33/0x33; fragment !is_fragment || !first_fragment; - label 0xaaaa/0xaaaa && 0x33/0x33; + label > 1111 && != 1234; }; route flow6 { diff --git a/lib/flowspec.c b/lib/flowspec.c index 6bf1f14bb..eaaffb148 100644 --- a/lib/flowspec.c +++ b/lib/flowspec.c @@ -1,5 +1,5 @@ /* - * BIRD Library -- Flow specification (RFC 5575) + * BIRD Library -- Flow specification (RFC 8955) * * (c) 2016 CZ.NIC z.s.p.o. * @@ -9,7 +9,7 @@ /** * DOC: Flow specification (flowspec) * - * Flowspec are rules (RFC 5575) for firewalls disseminated using BGP protocol. + * Flowspec are rules (RFC 8955) for firewalls disseminated using BGP protocol. * The |flowspec.c| is a library for handling flowspec binary streams and * flowspec data structures. You will find there functions for validation * incoming flowspec binary streams, iterators for jumping over components, diff --git a/lib/flowspec.h b/lib/flowspec.h index 91a2671bb..8ff968ed2 100644 --- a/lib/flowspec.h +++ b/lib/flowspec.h @@ -1,5 +1,5 @@ /* - * BIRD Library -- Flow specification (RFC 5575) + * BIRD Library -- Flow specification (RFC 8955) * * (c) 2016 CZ.NIC z.s.p.o. * diff --git a/lib/flowspec_test.c b/lib/flowspec_test.c index df2a71949..1fd1a0b99 100644 --- a/lib/flowspec_test.c +++ b/lib/flowspec_test.c @@ -1,5 +1,5 @@ /* - * BIRD Library -- Flow specification (RFC 5575) Tests + * BIRD Library -- Flow specification (RFC 8955) Tests * * (c) 2016 CZ.NIC z.s.p.o. * diff --git a/proto/bgp/bgp.c b/proto/bgp/bgp.c index c18a73feb..405be13f1 100644 --- a/proto/bgp/bgp.c +++ b/proto/bgp/bgp.c @@ -86,7 +86,6 @@ * RFC 5065 - AS confederations for BGP * RFC 5082 - Generalized TTL Security Mechanism * RFC 5492 - Capabilities Advertisement with BGP - * RFC 5575 - Dissemination of Flow Specification Rules * RFC 5668 - 4-Octet AS Specific BGP Extended Community * RFC 6286 - AS-Wide Unique BGP Identifier * RFC 6608 - Subcodes for BGP Finite State Machine Error @@ -101,6 +100,8 @@ * RFC 8212 - Default EBGP Route Propagation Behavior without Policies * RFC 8654 - Extended Message Support for BGP * RFC 8950 - Advertising IPv4 NLRI with an IPv6 Next Hop + * RFC 8955 - Dissemination of Flow Specification Rules + * RFC 8956 - Dissemination of Flow Specification Rules for IPv6 * RFC 9072 - Extended Optional Parameters Length for BGP OPEN Message * RFC 9117 - Revised Validation Procedure for BGP Flow Specifications * RFC 9234 - Route Leak Prevention and Detection Using Roles diff --git a/proto/bgp/packets.c b/proto/bgp/packets.c index 8b78cc132..b5e0a30c8 100644 --- a/proto/bgp/packets.c +++ b/proto/bgp/packets.c @@ -1484,7 +1484,7 @@ bgp_decode_next_hop_none(struct bgp_parse_state *s UNUSED, byte *data UNUSED, ui /* * Although we expect no next hop and RFC 7606 7.11 states that attribute * MP_REACH_NLRI with unexpected next hop length is considered malformed, - * FlowSpec RFC 5575 4 states that next hop shall be ignored on receipt. + * FlowSpec RFC 8955 4 states that next hop shall be ignored on receipt. */ return;