diff --git a/bgpd/bgp_attr.h b/bgpd/bgp_attr.h index 3340822d58fe..aa10015b04b8 100644 --- a/bgpd/bgp_attr.h +++ b/bgpd/bgp_attr.h @@ -476,21 +476,16 @@ extern enum bgp_attr_parse_ret bgp_attr_nexthop_valid(struct peer *peer, extern uint32_t bgp_attr_get_color(struct attr *attr); -static inline bool bgp_rmap_nhop_changed(uint32_t out_rmap_flags, - uint32_t in_rmap_flags) +static inline bool bgp_rmap_nhop_changed(uint32_t out_rmap_flags) { return ((CHECK_FLAG(out_rmap_flags, BATTR_RMAP_NEXTHOP_PEER_ADDRESS) || CHECK_FLAG(out_rmap_flags, BATTR_RMAP_NEXTHOP_UNCHANGED) || CHECK_FLAG(out_rmap_flags, BATTR_RMAP_IPV4_NHOP_CHANGED) || CHECK_FLAG(out_rmap_flags, BATTR_RMAP_VPNV4_NHOP_CHANGED) || - CHECK_FLAG(out_rmap_flags, - BATTR_RMAP_VPNV6_GLOBAL_NHOP_CHANGED) || - CHECK_FLAG(out_rmap_flags, - BATTR_RMAP_IPV6_GLOBAL_NHOP_CHANGED) || - CHECK_FLAG(out_rmap_flags, - BATTR_RMAP_IPV6_PREFER_GLOBAL_CHANGED) || - CHECK_FLAG(out_rmap_flags, BATTR_RMAP_IPV6_LL_NHOP_CHANGED) || - CHECK_FLAG(in_rmap_flags, BATTR_RMAP_NEXTHOP_UNCHANGED)) + CHECK_FLAG(out_rmap_flags, BATTR_RMAP_VPNV6_GLOBAL_NHOP_CHANGED) || + CHECK_FLAG(out_rmap_flags, BATTR_RMAP_IPV6_GLOBAL_NHOP_CHANGED) || + CHECK_FLAG(out_rmap_flags, BATTR_RMAP_IPV6_PREFER_GLOBAL_CHANGED) || + CHECK_FLAG(out_rmap_flags, BATTR_RMAP_IPV6_LL_NHOP_CHANGED)) ? true : false); } diff --git a/bgpd/bgp_route.c b/bgpd/bgp_route.c index 60b9a081f6ef..9f29610f44ce 100644 --- a/bgpd/bgp_route.c +++ b/bgpd/bgp_route.c @@ -2755,11 +2755,8 @@ bool subgroup_announce_check(struct bgp_dest *dest, struct bgp_path_info *pi, * example, * it is configured as 'peer-address'. */ - if (!bgp_rmap_nhop_changed(attr->rmap_change_flags, - piattr->rmap_change_flags) - && !transparent - && !CHECK_FLAG(peer->af_flags[afi][safi], - PEER_FLAG_NEXTHOP_UNCHANGED)) { + if (!bgp_rmap_nhop_changed(attr->rmap_change_flags) && !transparent && + !CHECK_FLAG(peer->af_flags[afi][safi], PEER_FLAG_NEXTHOP_UNCHANGED)) { /* We can reset the nexthop, if setting (or forcing) it to * 'self' */ if (CHECK_FLAG(peer->af_flags[afi][safi], diff --git a/tests/topotests/bgp_nexthop_unchanged_outbound/__init__.py b/tests/topotests/bgp_nexthop_unchanged_outbound/__init__.py new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/tests/topotests/bgp_nexthop_unchanged_outbound/r1/frr.conf b/tests/topotests/bgp_nexthop_unchanged_outbound/r1/frr.conf new file mode 100644 index 000000000000..4514d971faae --- /dev/null +++ b/tests/topotests/bgp_nexthop_unchanged_outbound/r1/frr.conf @@ -0,0 +1,14 @@ +! +interface lo + ip address 172.16.1.1/32 +! +interface r1-eth0 + ip address 192.168.1.1/24 +! +router bgp 65001 + no bgp ebgp-requires-policy + neighbor 192.168.1.2 remote-as external + address-family ipv4 unicast + redistribute connected + exit-address-family +! diff --git a/tests/topotests/bgp_nexthop_unchanged_outbound/r2/frr.conf b/tests/topotests/bgp_nexthop_unchanged_outbound/r2/frr.conf new file mode 100644 index 000000000000..705cb618096b --- /dev/null +++ b/tests/topotests/bgp_nexthop_unchanged_outbound/r2/frr.conf @@ -0,0 +1,19 @@ +! +interface r2-eth0 + ip address 192.168.1.2/24 +! +interface r2-eth1 + ip address 10.0.0.2/24 +! +route-map r1 permit 10 + set ip next-hop unchanged +! +router bgp 65002 + no bgp ebgp-requires-policy + neighbor 192.168.1.1 remote-as external + neighbor 10.0.0.3 remote-as internal + address-family ipv4 unicast + neighbor 192.168.1.1 route-map r1 in + neighbor 10.0.0.3 next-hop-self + exit-address-family +! diff --git a/tests/topotests/bgp_nexthop_unchanged_outbound/r3/frr.conf b/tests/topotests/bgp_nexthop_unchanged_outbound/r3/frr.conf new file mode 100644 index 000000000000..a4f44d51a24a --- /dev/null +++ b/tests/topotests/bgp_nexthop_unchanged_outbound/r3/frr.conf @@ -0,0 +1,8 @@ +! +interface r3-eth0 + ip address 10.0.0.3/24 +! +router bgp 65002 + no bgp ebgp-requires-policy + neighbor 10.0.0.2 remote-as internal +! diff --git a/tests/topotests/bgp_nexthop_unchanged_outbound/test_bgp_nexthop_unchanged_outbound.py b/tests/topotests/bgp_nexthop_unchanged_outbound/test_bgp_nexthop_unchanged_outbound.py new file mode 100644 index 000000000000..2e7302a0a15c --- /dev/null +++ b/tests/topotests/bgp_nexthop_unchanged_outbound/test_bgp_nexthop_unchanged_outbound.py @@ -0,0 +1,97 @@ +#!/usr/bin/env python +# SPDX-License-Identifier: ISC + +# Copyright (c) 2026 by +# Donatas Abraitis +# + +""" +Test that an inbound route-map with "set ip next-hop unchanged" does NOT +prevent next-hop-self from taking effect on an iBGP peer. +""" + +import os +import sys +import json +import pytest + +pytestmark = [pytest.mark.bgpd] + +CWD = os.path.dirname(os.path.realpath(__file__)) +sys.path.append(os.path.join(CWD, "../")) + +# pylint: disable=C0413 +from lib import topotest +from lib.topogen import Topogen, get_topogen + + +def build_topo(tgen): + for routern in range(1, 4): + tgen.add_router("r{}".format(routern)) + + # R1 -- R2 link + switch = tgen.add_switch("s1") + switch.add_link(tgen.gears["r1"]) + switch.add_link(tgen.gears["r2"]) + + # R2 -- R3 link + switch = tgen.add_switch("s2") + switch.add_link(tgen.gears["r2"]) + switch.add_link(tgen.gears["r3"]) + + +def setup_module(mod): + tgen = Topogen(build_topo, mod.__name__) + tgen.start_topology() + + router_list = tgen.routers() + + for rname, router in router_list.items(): + router.load_frr_config(os.path.join(CWD, "{}/frr.conf".format(rname))) + + tgen.start_router() + + +def teardown_module(mod): + tgen = get_topogen() + tgen.stop_topology() + + +def test_bgp_nexthop_unchanged_outbound(): + tgen = get_topogen() + + if tgen.routers_have_failure(): + pytest.skip(tgen.errors) + + r3 = tgen.gears["r3"] + + def _bgp_converge(): + output = json.loads(r3.vtysh_cmd("show ip bgp summary json")) + expected = { + "ipv4Unicast": { + "peers": { + "10.0.0.2": {"state": "Established"}, + } + } + } + return topotest.json_cmp(output, expected) + + _, result = topotest.run_and_expect(_bgp_converge, None, count=60, wait=0.5) + assert result is None, "BGP did not converge on r3" + + def _bgp_nexthop_is_r2(): + output = json.loads(r3.vtysh_cmd("show ip bgp 172.16.1.1/32 json")) + expected = {"paths": [{"nexthops": [{"ip": "10.0.0.2"}]}]} + return topotest.json_cmp(output, expected) + + _, result = topotest.run_and_expect(_bgp_nexthop_is_r2, None, count=60, wait=0.5) + assert result is None, ( + "Nexthop on r3 for 172.16.1.1/32 is not R2's address (10.0.0.2). " + "Inbound 'set ip next-hop unchanged' on R2 must not prevent " + "next-hop-self from taking effect on the iBGP session to R3." + ) + + +if __name__ == "__main__": + args = ["-s"] + sys.argv[1:] + sys.exit(pytest.main(args))