bgpd: fix invalid ipv4-vpn nexthop for IPv6 peer

Given that two routers are connected each other and they have IPv6
addresses and they establish BGP peer with extended-nexthop capability
and one router tries to advertise locally-generated IPv4-VPN routes to
other router.

In this situation, bgpd on the router that tries to advertise IPv4-VPN
routes will be crashed with "invalid MP nexthop length (AFI IP6)".

This issue is happened because MP_REACH_NLRI path attribute is not
generated correctly when ipv4-vpn routes are advertised to IPv6 peer.
When IPv4 routes are leaked from VRF RIB, the nexthop of these routes
are also IPv4 address (0.0.0.0/0 or specific addresses). However,
bgp_packet_mpattr_start only covers the case of IPv6 nexthop (for IPv6
peer).

ipv4-unicast routes were not affected by this issue because the case of
IPv4 nexthop is covered in `else` block.

Signed-off-by: Ryoga Saito <[email protected]>
(cherry picked from commit 63e7ddb)

bgpd/bgp_attr.c

@@ -3736,13 +3736,6 @@ size_t bgp_packet_mpattr_start(struct stream *s, struct peer *peer, afi_t afi,
 		} break;
 		case SAFI_MPLS_VPN: {
 			if (attr->mp_nexthop_len
-			    == BGP_ATTR_NHLEN_IPV6_GLOBAL) {
-				stream_putc(s, 24);
-				stream_putl(s, 0); /* RD = 0, per RFC */
-				stream_putl(s, 0);
-				stream_put(s, &attr->mp_nexthop_global,
-					   IPV6_MAX_BYTELEN);
-			} else if (attr->mp_nexthop_len
 				   == BGP_ATTR_NHLEN_IPV6_GLOBAL_AND_LL) {
 				stream_putc(s, 48);
 				stream_putl(s, 0); /* RD = 0, per RFC */
@@ -3753,6 +3746,12 @@ size_t bgp_packet_mpattr_start(struct stream *s, struct peer *peer, afi_t afi,
 				stream_putl(s, 0);
 				stream_put(s, &attr->mp_nexthop_local,
 					   IPV6_MAX_BYTELEN);
+			} else {
+				stream_putc(s, 24);
+				stream_putl(s, 0); /* RD = 0, per RFC */
+				stream_putl(s, 0);
+				stream_put(s, &attr->mp_nexthop_global,
+					   IPV6_MAX_BYTELEN);
 			}
 		} break;
 		case SAFI_ENCAP: