From a94ff3f4abd11c515b5cd3be7b998490e5f75c2a Mon Sep 17 00:00:00 2001
From: Donatas Abraitis <donatas@opensourcerouting.org>
Date: Wed, 29 Jan 2025 23:03:06 +0200
Subject: [PATCH] bgpd: Do not start BGP session if BGP identifier is not set

If we have IPv6-only network and no IPv4 addresses at all, then by default
0.0.0.0 is created which is treated as malformed according to RFC 6286.

Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
(cherry picked from commit 739f2b566a8217acce84d4c21aaf033314f535bb)
---
 bgpd/bgp_fsm.c     |  1 +
 bgpd/bgp_network.c | 17 ++++++++++++++++-
 bgpd/bgpd.h        |  1 +
 3 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/bgpd/bgp_fsm.c b/bgpd/bgp_fsm.c
index 0b287c2fc48c..f5b0e4878406 100644
--- a/bgpd/bgp_fsm.c
+++ b/bgpd/bgp_fsm.c
@@ -604,6 +604,7 @@ const char *const peer_down_str[] = {
 	"Admin. shutdown (RTT)",
 	"Suppress Fib Turned On or Off",
 	"Password config change",
+	"Router ID is missing",
 };
 
 static void bgp_graceful_restart_timer_off(struct peer_connection *connection,
diff --git a/bgpd/bgp_network.c b/bgpd/bgp_network.c
index de57d91806e1..b9ac0c9daaa7 100644
--- a/bgpd/bgp_network.c
+++ b/bgpd/bgp_network.c
@@ -568,7 +568,7 @@ static void bgp_accept(struct event *thread)
 
 	/* Do not try to reconnect if the peer reached maximum
 	 * prefixes, restart timer is still running or the peer
-	 * is shutdown.
+	 * is shutdown, or BGP identifier is not set (0.0.0.0).
 	 */
 	if (BGP_PEER_START_SUPPRESSED(peer1)) {
 		if (bgp_debug_neighbor_events(peer1)) {
@@ -585,6 +585,14 @@ static void bgp_accept(struct event *thread)
 		return;
 	}
 
+	if (peer1->bgp->router_id.s_addr == INADDR_ANY) {
+		zlog_warn("[Event] Incoming BGP connection rejected from %s due missing BGP identifier, set it with `bgp router-id`",
+			  peer1->host);
+		peer1->last_reset = PEER_DOWN_ROUTER_ID_ZERO;
+		close(bgp_sock);
+		return;
+	}
+
 	if (bgp_debug_neighbor_events(peer1))
 		zlog_debug("[Event] connection from %s fd %d, active peer status %d fd %d",
 			   inet_sutop(&su, buf), bgp_sock, connection1->status,
@@ -770,6 +778,13 @@ int bgp_connect(struct peer_connection *connection)
 	assert(!CHECK_FLAG(connection->thread_flags, PEER_THREAD_READS_ON));
 	ifindex_t ifindex = 0;
 
+	if (peer->bgp->router_id.s_addr == INADDR_ANY) {
+		peer->last_reset = PEER_DOWN_ROUTER_ID_ZERO;
+		zlog_warn("%s: BGP identifier is missing for peer %s, set it with `bgp router-id`",
+			  __func__, peer->host);
+		return connect_error;
+	}
+
 	if (peer->conf_if && BGP_CONNECTION_SU_UNSPEC(connection)) {
 		if (bgp_debug_neighbor_events(peer))
 			zlog_debug("Peer address not learnt: Returning from connect");
diff --git a/bgpd/bgpd.h b/bgpd/bgpd.h
index fe62cb67167d..36faaaa0db00 100644
--- a/bgpd/bgpd.h
+++ b/bgpd/bgpd.h
@@ -1826,6 +1826,7 @@ struct peer {
 #define PEER_DOWN_RTT_SHUTDOWN          35U /* Automatically shutdown due to RTT */
 #define PEER_DOWN_SUPPRESS_FIB_PENDING	 36U /* Suppress fib pending changed */
 #define PEER_DOWN_PASSWORD_CHANGE	 37U /* neighbor password command */
+#define PEER_DOWN_ROUTER_ID_ZERO	 38U /* router-id is 0.0.0.0 */
 	/*
 	 * Remember to update peer_down_str in bgp_fsm.c when you add
 	 * a new value to the last_reset reason