bgpd: Skip route-map LPM optimisation for AF_FLOWSPEC

[ton31337]

No description provided.

[ton31337]

@Mergifyio backport stable/10.6 stable/10.5 stable/10.4 stable/10.3 stable/10.2

[mergify]

backport stable/10.6 stable/10.5 stable/10.4 stable/10.3 stable/10.2

✅ Backports have been created

Details

• #22098 bgpd: Skip route-map LPM optimisation for AF_FLOWSPEC (backport #22083) has been created for branch stable/10.6
• #22099 bgpd: Skip route-map LPM optimisation for AF_FLOWSPEC (backport #22083) has been created for branch stable/10.5
• #22100 bgpd: Skip route-map LPM optimisation for AF_FLOWSPEC (backport #22083) has been created for branch stable/10.4
• #22101 bgpd: Skip route-map LPM optimisation for AF_FLOWSPEC (backport #22083) has been created for branch stable/10.3
• #22102 bgpd: Skip route-map LPM optimisation for AF_FLOWSPEC (backport #22083) has been created for branch stable/10.2 but encountered conflicts

Cherry-pick of 6038df7 has failed:

On branch mergify/bp/stable/10.2/pr-22083
Your branch is up to date with 'origin/stable/10.2'.

You are currently cherry-picking commit 6038df722.
  (fix conflicts and run "git cherry-pick --continue")
  (use "git cherry-pick --skip" to skip this patch)
  (use "git cherry-pick --abort" to cancel the cherry-pick operation)

Unmerged paths:
  (use "git add <file>..." to mark resolution)
	both modified:   lib/routemap.c

no changes added to commit (use "git add" and/or "git commit -a")

To fix up this pull request, you can check it out locally. See documentation: https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/checking-out-pull-requests-locally

[greptile-apps]

Greptile Summary

This single-line condition change in route_map_apply_ext fixes a silent route-map match bypass for AF_FLOWSPEC routes by generalizing the existing AF_EVPN guard. Previously, only AF_EVPN fell through to the linear (full-sequence) walk; any other non-IPv4/IPv6 family — including AF_FLOWSPEC — incorrectly entered the LPM optimisation path, where route_map_get_index blindly used map->ipv6_prefix_table for the lookup and could evict IPv4 prefix-list clauses, silently failing to evaluate them.

• Root cause addressed: route_map_get_index uses map->ipv6_prefix_table as a fallback for any non-AF_INET family (line 1893–1894), but AF_FLOWSPEC prefixes are never indexed into that trie, so LPM lookups always miss and route-map clauses are skipped.
• Fix is correctly generalised: The new condition prefix->family != AF_INET && prefix->family != AF_INET6 replaces the narrower == AF_EVPN check, meaning any present or future non-IPv4/IPv6 address family automatically gets the safe linear walk without needing a separate code change.

Confidence Score: 5/5

Safe to merge — the change is a minimal, targeted guard that restores correct route-map evaluation for AF_FLOWSPEC without touching the LPM path used by IPv4/IPv6.

The changed condition is small and surgical: it widens an existing family-bypass guard from AF_EVPN-only to all non-IPv4/IPv6 families. The LPM optimisation path for AF_INET/AF_INET6 is completely unchanged. The linear-walk path being restored for AF_FLOWSPEC was already in place and tested for AF_EVPN, so there is no new code to worry about. The accompanying comment clearly documents the reasoning.

No files require special attention. The only change is in lib/routemap.c at the family-dispatch branch in route_map_apply_ext.

Important Files Changed

Filename	Overview
lib/routemap.c	Broadens the LPM optimization bypass from AF_EVPN-only to all non-AF_INET/AF_INET6 families, fixing silent match failures for AF_FLOWSPEC routes

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[route_map_apply_ext called] --> B{prefix->family}
    B -->|AF_INET or AF_INET6| C[skip_match_clause = true\nroute_map_get_index LPM lookup]
    B -->|AF_EVPN / AF_FLOWSPEC\nor any other family| D[index = map->head\nlinear walk, all clauses evaluated]
    C --> E{index found?}
    E -->|Yes| F[Loop: first clause skipped\nLPM already matched it]
    E -->|No| G[RMAP_DENYMATCH or RMAP_PERMITMATCH\nbased on match_ret]
    D --> H[Loop: every clause\nmatched explicitly]
    F --> I[Apply set actions, continue / permit / deny]
    H --> I

Loading

_{Reviews (1): Last reviewed commit: "bgpd: Skip route-map LPM optimisation fo..." | Re-trigger Greptile}

[nick-bouliane]

lgtm