git.ipfire.org Git - thirdparty/bird.git/commit

author	Eric Long <i@hack3r.moe>
	Wed, 16 Oct 2024 19:32:36 +0000 (21:32 +0200)
committer	Ondrej Zajicek <santiago@crfreenet.org>
	Wed, 16 Oct 2024 19:32:36 +0000 (21:32 +0200)
commit	072821e55e2a3bd0fb3ffee3099375927dc902e8
tree	8127d4498e664c9344673e29fa3b841a1f82c32f	tree
parent	6f9ccfae9edba40975f9709a516ecf3784616e68	commit \| diff

Flowspec: Fix IPv6 prefix when offset is not multiple of 8

Current implementation handles flowspec prefix length and offset only
in bytes, but RFC 8956 (Dissemination of Flow Specification Rules for
IPv6) Section 3.1 [1] and example in Section 3.8.2 [2] states the
pattern should begin right after offset *bits*.

For example, pattern "::1:1234:5678:9800:0/60-104" is currently
serialized as "02 68 3c 01 12 34 56 78 98", but it should shift its
pattern 4 more bits to the left: "02 68 3c 11 23 45 67 89 80".

This patch implements shifting left/right for IPv6 type and use it to
correct the behaviour. Test data are replaced with the correct ones.

Minor changes and test vectors done by committer.

[1]: https://www.rfc-editor.org/rfc/rfc8956.html#section-3.1
[2]: https://www.rfc-editor.org/rfc/rfc8956.html#section-3.8.2

lib/flowspec.c		diff \| blob \| blame \| history
lib/flowspec_test.c		diff \| blob \| blame \| history
lib/ip.c		diff \| blob \| blame \| history
lib/ip.h		diff \| blob \| blame \| history
lib/ip_test.c		diff \| blob \| blame \| history