I will add a documentation patch in attachment.

I will also add a patch that removes BGP ROLE MAX from consideration, as was discussed before in a private conversation. This will make the previous patch with Roles more reliable and secure in case new roles suddenly appear in the future.

However, after creating a documentation patch and consulting with the main RFC author, I ran into trouble.

TL;DR: What are the best ways to include AFI/SAFI channel check during attribute creation?

RFC 9234 specifically clarifies that it can only be applied on IPv4/IPv6 unicast sessions. On all other sessions the OTC attribute should be decoded from and also transferred to such sessions without any change.

The problem is how to include AFI/SAFI checks in the code:
1) If we have information about a channel (as in bgp_update_attrs), we can simply run the following check

proto/bgp/attrs.c

if (bgp_channel_is_role_applicable(c)) { ... }

proto/bpg/bgpd.h

static inline int bgp_channel_is_role_applicable(struct bgp_channel *c)

{ return (c->afi == BGP_AF_IPV4 || c->afi == BGP_AF_IPV6); }

static inline int bgp_cc_is_role_applicable(struct bgp_channel_config *c)

{ return (c->afi == BGP_AF_IPV4 || c->afi == BGP_AF_IPV6); }

2) However, in bgp_decode_attrs the AFI/SAFI information is only available after NLRI decoding. There is also a side approach with using bgp_find_update_afi, a static function from proto/bgp/packets.c to extract AFI/SAFI from a packet payload. The question is - what is the best way to extract AFI/SAFI information: apply OTC rules after NLRI is decoded (but where?) or change and reuse static bgp_find_update_afi (if possible) to get AFI/SAFI information before processing the OTC attribute?

3) But the biggest problem is with bgp_preexport. It uses bgp_proto, which doesn't use channel information when filtering routes with BGP specific rules. And I don't find a way to add this support to this filter. The question is - how to apply AFI/SAFI check for OTC attribute rules during bgp export and where is the best place to do so? Of course, if we want it to be like a predefined route-map.

On Thu, Jun 2, 2022 at 6:31 PM Ondrej Zajicek <santiago@crfreenet.org> wrote:

On Tue, May 31, 2022 at 02:38:07PM +0300, Eugene Bogomazov wrote:
> Hello,
>
> RFC 9234 provides a new mechanism for route leak detection and prevention.
>
> In the attachment you can find a patch which introduces this functionality
> for BIRD 2.0.9.

Hello

Thanks for the patch, i will check it soon. One issue i just noticed,
could you also add patch for documentation (doc/bird.sgml), documenting
these options?

--
Elen sila lumenn' omentielvo

Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
"To err is human -- to blame it on a computer is even more so."