Issue in IPv4 prefix length verification for RFC8950 #130
Comments
|
I guess it's worthwhile to add (regression) test scenarios to E.g. AS1 could try to announce 1.0.0.0/8 which should be accepted and 1.0.0.0/25 which should be rejected with cause 13. |
agbcix
changed the title
pierky
added a commit
that referenced
this issue
Mar 26, 2024
From @agbcix > When a peer is configured for RFC8950 support, the prefix length is checked for the IPv6 limits only. > This will permit too long IPv4 (up to /48) prefixes and will reject short IPv4 (< /12) prefixes. > I guess it's worthwhile to add (regression) test scenarios to tests/live_tests/scenarios/rfc8950/base.py. > E.g. AS1 could try to announce 1.0.0.0/8 which should be accepted and 1.0.0.0/25 which should be rejected with cause 13.
|
Thanks a lot for reporting this bug. It is being addressed in the issue130_ipv4_prefix_length_check_with_rfc8950 branch, where I've also merged your proposed solution with a change to avoid code duplication. |
|
I've just merged the branch into master and triggered the CI/CD pipeline. If everything goes well, we'll have v1.22.1 out with the fix in a couple of hours or in the worst case by tomorrow. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When a peer is configured for RFC8950 support, the prefix length is checked for the IPv6 limits only.
This will permit too long IPv4 (up to /48) prefixes and will reject short IPv4 (< /12) prefixes.
The text was updated successfully, but these errors were encountered: