diff options
| author | Rafael Zalamena <rzalamena@users.noreply.github.com> | 2022-07-22 16:12:17 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-07-22 16:12:17 +0200 |
| commit | b8443f7ad39ce0429f53c286d04a84b6faaeef83 (patch) | |
| tree | cbe8317eb6858926883caf6fd2bae15a4b0f2b76 /bfdd | |
| parent | Merge pull request #11662 from opensourcerouting/fix/call_hooks_when_replacin... (diff) | |
| parent | topotests: add bfd_vrflite_topo1 test (diff) | |
| download | frr-b8443f7ad39ce0429f53c286d04a84b6faaeef83.tar.xz frr-b8443f7ad39ce0429f53c286d04a84b6faaeef83.zip | |
Merge pull request #11565 from pguibert6WIND/bfd_vrf_lite_support
bfdd: allow l3vrf bfd sessions without udp leaking
Diffstat (limited to 'bfdd')
| -rw-r--r-- | bfdd/bfd.c | 66 | ||||
| -rw-r--r-- | bfdd/bfd_packet.c | 45 |
2 files changed, 77 insertions, 34 deletions
diff --git a/bfdd/bfd.c b/bfdd/bfd.c index 483beb1b1..a16192635 100644 --- a/bfdd/bfd.c +++ b/bfdd/bfd.c @@ -1950,40 +1950,38 @@ static int bfd_vrf_enable(struct vrf *vrf) if (bglobal.debug_zebra) zlog_debug("VRF enable add %s id %u", vrf->name, vrf->vrf_id); - if (vrf->vrf_id == VRF_DEFAULT || - vrf_get_backend() == VRF_BACKEND_NETNS) { - if (!bvrf->bg_shop) - bvrf->bg_shop = bp_udp_shop(vrf); - if (!bvrf->bg_mhop) - bvrf->bg_mhop = bp_udp_mhop(vrf); - if (!bvrf->bg_shop6) - bvrf->bg_shop6 = bp_udp6_shop(vrf); - if (!bvrf->bg_mhop6) - bvrf->bg_mhop6 = bp_udp6_mhop(vrf); - if (!bvrf->bg_echo) - bvrf->bg_echo = bp_echo_socket(vrf); - if (!bvrf->bg_echov6) - bvrf->bg_echov6 = bp_echov6_socket(vrf); - - if (!bvrf->bg_ev[0] && bvrf->bg_shop != -1) - thread_add_read(master, bfd_recv_cb, bvrf, - bvrf->bg_shop, &bvrf->bg_ev[0]); - if (!bvrf->bg_ev[1] && bvrf->bg_mhop != -1) - thread_add_read(master, bfd_recv_cb, bvrf, - bvrf->bg_mhop, &bvrf->bg_ev[1]); - if (!bvrf->bg_ev[2] && bvrf->bg_shop6 != -1) - thread_add_read(master, bfd_recv_cb, bvrf, - bvrf->bg_shop6, &bvrf->bg_ev[2]); - if (!bvrf->bg_ev[3] && bvrf->bg_mhop6 != -1) - thread_add_read(master, bfd_recv_cb, bvrf, - bvrf->bg_mhop6, &bvrf->bg_ev[3]); - if (!bvrf->bg_ev[4] && bvrf->bg_echo != -1) - thread_add_read(master, bfd_recv_cb, bvrf, - bvrf->bg_echo, &bvrf->bg_ev[4]); - if (!bvrf->bg_ev[5] && bvrf->bg_echov6 != -1) - thread_add_read(master, bfd_recv_cb, bvrf, - bvrf->bg_echov6, &bvrf->bg_ev[5]); - } + if (!bvrf->bg_shop) + bvrf->bg_shop = bp_udp_shop(vrf); + if (!bvrf->bg_mhop) + bvrf->bg_mhop = bp_udp_mhop(vrf); + if (!bvrf->bg_shop6) + bvrf->bg_shop6 = bp_udp6_shop(vrf); + if (!bvrf->bg_mhop6) + bvrf->bg_mhop6 = bp_udp6_mhop(vrf); + if (!bvrf->bg_echo) + bvrf->bg_echo = bp_echo_socket(vrf); + if (!bvrf->bg_echov6) + bvrf->bg_echov6 = bp_echov6_socket(vrf); + + if (!bvrf->bg_ev[0] && bvrf->bg_shop != -1) + thread_add_read(master, bfd_recv_cb, bvrf, bvrf->bg_shop, + &bvrf->bg_ev[0]); + if (!bvrf->bg_ev[1] && bvrf->bg_mhop != -1) + thread_add_read(master, bfd_recv_cb, bvrf, bvrf->bg_mhop, + &bvrf->bg_ev[1]); + if (!bvrf->bg_ev[2] && bvrf->bg_shop6 != -1) + thread_add_read(master, bfd_recv_cb, bvrf, bvrf->bg_shop6, + &bvrf->bg_ev[2]); + if (!bvrf->bg_ev[3] && bvrf->bg_mhop6 != -1) + thread_add_read(master, bfd_recv_cb, bvrf, bvrf->bg_mhop6, + &bvrf->bg_ev[3]); + if (!bvrf->bg_ev[4] && bvrf->bg_echo != -1) + thread_add_read(master, bfd_recv_cb, bvrf, bvrf->bg_echo, + &bvrf->bg_ev[4]); + if (!bvrf->bg_ev[5] && bvrf->bg_echov6 != -1) + thread_add_read(master, bfd_recv_cb, bvrf, bvrf->bg_echov6, + &bvrf->bg_ev[5]); + if (vrf->vrf_id != VRF_DEFAULT) { bfdd_zclient_register(vrf->vrf_id); bfdd_sessions_enable_vrf(vrf); diff --git a/bfdd/bfd_packet.c b/bfdd/bfd_packet.c index 26c7174f6..82b3f09b0 100644 --- a/bfdd/bfd_packet.c +++ b/bfdd/bfd_packet.c @@ -876,6 +876,14 @@ void bfd_recv_cb(struct thread *t) "no session found"); return; } + /* + * We may have a situation where received packet is on wrong vrf + */ + if (bfd && bfd->vrf && bfd->vrf != bvrf->vrf) { + cp_debug(is_mhop, &peer, &local, ifindex, vrfid, + "wrong vrfid."); + return; + } /* Ensure that existing good sessions are not overridden. */ if (!cp->discrs.remote_discr && bfd->ses_state != PTM_BFD_DOWN && @@ -1208,10 +1216,41 @@ int bp_set_tos(int sd, uint8_t value) return 0; } +static bool bp_set_reuse_addr(int sd) +{ + int one = 1; + + if (setsockopt(sd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)) == -1) { + zlog_warn("set-reuse-addr: setsockopt(SO_REUSEADDR, %d): %s", + one, strerror(errno)); + return false; + } + return true; +} + +static bool bp_set_reuse_port(int sd) +{ + int one = 1; + + if (setsockopt(sd, SOL_SOCKET, SO_REUSEPORT, &one, sizeof(one)) == -1) { + zlog_warn("set-reuse-port: setsockopt(SO_REUSEPORT, %d): %s", + one, strerror(errno)); + return false; + } + return true; +} + + static void bp_set_ipopts(int sd) { int rcvttl = BFD_RCV_TTL_VAL; + if (!bp_set_reuse_addr(sd)) + zlog_fatal("set-reuse-addr: failed"); + + if (!bp_set_reuse_port(sd)) + zlog_fatal("set-reuse-port: failed"); + if (bp_set_ttl(sd, BFD_TTL_VAL) != 0) zlog_fatal("set-ipopts: TTL configuration failed"); @@ -1453,6 +1492,12 @@ static void bp_set_ipv6opts(int sd) int ipv6_pktinfo = BFD_IPV6_PKT_INFO_VAL; int ipv6_only = BFD_IPV6_ONLY_VAL; + if (!bp_set_reuse_addr(sd)) + zlog_fatal("set-reuse-addr: failed"); + + if (!bp_set_reuse_port(sd)) + zlog_fatal("set-reuse-port: failed"); + if (bp_set_ttlv6(sd, BFD_TTL_VAL) == -1) zlog_fatal( "set-ipv6opts: setsockopt(IPV6_UNICAST_HOPS, %d): %s", |