In rde_update_dispatch() do the AFI check for IPv4 prefixes before extracting the prefix. This is similar to what the MP code does and is also more logical.
OK? -- :wq Claudio Index: rde.c =================================================================== RCS file: /cvs/src/usr.sbin/bgpd/rde.c,v retrieving revision 1.528 diff -u -p -r1.528 rde.c --- rde.c 24 Jun 2021 13:03:31 -0000 1.528 +++ rde.c 24 Jun 2021 15:00:10 -0000 @@ -1280,6 +1280,14 @@ rde_update_dispatch(struct rde_peer *pee /* withdraw prefix */ while (len > 0) { + if (peer->capa.mp[AID_INET] == 0) { + log_peer_warnx(&peer->conf, + "bad withdraw, %s disabled", aid2str(AID_INET)); + rde_update_err(peer, ERR_UPDATE, ERR_UPD_OPTATTR, + NULL, 0); + goto done; + } + if ((pos = nlri_get_prefix(p, len, &prefix, &prefixlen)) == -1) { /* @@ -1294,14 +1302,6 @@ rde_update_dispatch(struct rde_peer *pee p += pos; len -= pos; - if (peer->capa.mp[AID_INET] == 0) { - log_peer_warnx(&peer->conf, - "bad withdraw, %s disabled", aid2str(AID_INET)); - rde_update_err(peer, ERR_UPDATE, ERR_UPD_OPTATTR, - NULL, 0); - goto done; - } - rde_update_withdraw(peer, &prefix, prefixlen); } @@ -1393,6 +1393,14 @@ rde_update_dispatch(struct rde_peer *pee /* parse nlri prefix */ while (nlri_len > 0) { + if (peer->capa.mp[AID_INET] == 0) { + log_peer_warnx(&peer->conf, + "bad update, %s disabled", aid2str(AID_INET)); + rde_update_err(peer, ERR_UPDATE, ERR_UPD_OPTATTR, + NULL, 0); + goto done; + } + if ((pos = nlri_get_prefix(p, nlri_len, &prefix, &prefixlen)) == -1) { log_peer_warnx(&peer->conf, "bad nlri prefix"); @@ -1402,14 +1410,6 @@ rde_update_dispatch(struct rde_peer *pee } p += pos; nlri_len -= pos; - - if (peer->capa.mp[AID_INET] == 0) { - log_peer_warnx(&peer->conf, - "bad update, %s disabled", aid2str(AID_INET)); - rde_update_err(peer, ERR_UPDATE, ERR_UPD_OPTATTR, - NULL, 0); - goto done; - } if (rde_update_update(peer, &state, &prefix, prefixlen) == -1) goto done;