From e71e1bce19e4d0b1154139e4661902abf7330b26 Mon Sep 17 00:00:00 2001 From: Trey Aspelund Date: Fri, 4 Oct 2024 01:16:38 -0600 Subject: [PATCH] bgp: Don't apply ImportExportPolicy to withdrawn nlri Import/Export filters are meant to modify which advertised prefixes are allowed. For Import, this is simply an allow-list that accepts a subset of the advertised nlri in a received update. For Export, this is an allow-list that accepts a subset of the locally originated nlri. In neither case do you want to apply these filters to the list of withdrawn nlri, as this can result in stale routes if a legitimate withdrawal is not sent or received. Fixes: #330 Signed-off-by: Trey Aspelund --- bgp/src/session.rs | 2 -- 1 file changed, 2 deletions(-) diff --git a/bgp/src/session.rs b/bgp/src/session.rs index 3397d2bd..3d37d069 100644 --- a/bgp/src/session.rs +++ b/bgp/src/session.rs @@ -1896,7 +1896,6 @@ impl SessionRunner { .collect::>(); update.nlri.retain(|x| message_policy.contains(x)); - update.withdrawn.retain(|x| message_policy.contains(x)); }; let out = match self.shape_update(update, shaper_application)? { @@ -1982,7 +1981,6 @@ impl SessionRunner { .collect::>(); update.nlri.retain(|x| message_policy.contains(x)); - update.withdrawn.retain(|x| message_policy.contains(x)); }; self.update_rib(&update, id, peer_as);