summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Merge pull request #2142 from pguibert6WIND/fs_zebra_complementDonald Sharp2018-05-2923-137/+1240
|\ | | | | Flowspec complement : port support and policy routing per interface and plugin wrapper
| * bgpd: attributes presence checked when mpreach is presentPhilippe Guibert2018-05-251-1/+2
| | | | | | | | | | | | | | | | | | On the case where an mp_unreach attribute is received, while there is no mp_reach attribute too, it is not necessary to check for missing attributes. Fixes: 67495ddb2e5b ("bgpd: Fixes for recent well-known-attr check patch.") Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
| * bgpd: do not install BGP FS entries, while table range not obtainedPhilippe Guibert2018-05-254-6/+32
| | | | | | | | | | | | | | | | | | | | | | | | | | Sometimes at startup, BGP Flowspec may be allocated a routing table identifier not in the range of the predefined table range. This issue is due to the fact that BGP peering goes up, while the BGP did not yet retrieve the Table Range allocator. The fix is done so that BGP PBR entries are not installed while routing table identifier range is not obtained. Once the routing table identifier is obtained, parse the FS entries and check that all selected entries are installed, and if not, install it. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
| * bgpd: enhance debug bgp pbr error vty commandPhilippe Guibert2018-05-251-4/+37
| | | | | | | | | | | | | | | | | | Added following vty command: [no] debug bgp pbr error This permits dumping on the logs some errors related to PBR. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
| * bgpd: increase buffer size to store ecomunity as a stringPhilippe Guibert2018-05-251-1/+1
| | | | | | | | | | | | | | | | | | On the case where an ecom from FS redirect is received, the ecom may be with the format A.B.C.D:E. On this case, the printable format of the Flowspec redirect VRF ecom value may use more bytes in the buffer dedicated for that. The buffer that stores the ecommunity is increased. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
| * bgpd: brace zebra pbr tracesPhilippe Guibert2018-05-251-9/+16
| | | | | | | | | | | | | | By default, some debug traces were displayed. Those pbr traces are hidden with 'debug bgp zebra' command. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
| * bgpd: add ZAPI_XXX_FAIL_REMOVE flag in switchPhilippe Guibert2018-05-251-0/+4
| | | | | | | | | | | | | | The new enums for handling REMOVE failures are appended in the switch case. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
| * pbrd: add ZAPI_RULE_FAIL_REMOVE flag in switchPhilippe Guibert2018-05-251-0/+1
| | | | | | | | | | | | | | | | The notification handler consecutive to an add/remove of a rule in zebra is being added the FAIL_REMOVE flag. It is mapped on REMOVE flag behaviour for now. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
| * bgpd: upon uninstalling pbr rule, update local structurePhilippe Guibert2018-05-251-0/+2
| | | | | | | | | | | | | | | | Currently, uninstall pbr rule is not handled by BGP notification handler. So the uninstall update of the structure is done, immediately after sending the request of uninstall to zebra. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
| * zebra: add pbr objects fail_remove value into notificationPhilippe Guibert2018-05-252-4/+8
| | | | | | | | | | | | | | | | After PBR or BGP sends back a request for sending a rule/ipset/ipset entry/iptable delete, there may be issue in deleting it. A notification is sent back with a new value indicating that the removal failed. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
| * zebra: PBR show debugging IPSET/IPTABLE hooks declaredPhilippe Guibert2018-05-252-0/+5
| | | | | | | | | | | | | | | | This hook can be used if the plugin module wrap_script is used. This hook is called to dump the debugging status of this module, on the vty. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
| * zebra: PBR config and monitor IPSET/IPTABLE hooks declaredPhilippe Guibert2018-05-252-24/+125
| | | | | | | | | | | | | | | | | | | | The following PBR handlers: ipset, and iptables will prioritary call the hook from a possible plugin. If a plugin is attached, then it will return a positive value. That is why the return status is tested against 0 value, since that means that there are no plugin module plugged Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
| * bgpd: initialise nexthop structure, before filling in some attributesPhilippe Guibert2018-05-251-0/+1
| | | | | | | | | | | | | | In order to have a clean structure, a reset is done before using the struct nexthop. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
| * bgpd: traffic rate value is ignored for searching bpaPhilippe Guibert2018-05-251-3/+1
| | | | | | | | | | | | | | | | | | | | There are cases where a redirect IP or redirect VRF stops the ecom parsing, then ignores a subsequent rate value, letting passed value to 0. Consequently, a new table identifier may be elected, despite the routing procedure is the same. This fix ignores the rate value in bpa list. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
| * bgpd: handle more than one ext. communityPhilippe Guibert2018-05-251-3/+3
| | | | | | | | | | | | | | The ecommunity was badly read. This fix ensures that all ecom are reads and stored in local structure. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
| * bgpd: add vty command to restrict FS policy routing to a defined interfacePhilippe Guibert2018-05-257-1/+228
| | | | | | | | | | | | | | | | | | | | | | policy routing is configurable via address-family ipv4 flowspec subfamily node. This is then possible to restrict flowspec operation through the BGP instance, to a single or some interfaces, but not all. Two commands available: [no] local-install [IFNAME] Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
| * bgpd: display if FS entry is installed in PBR or notPhilippe Guibert2018-05-255-8/+50
| | | | | | | | | | | | | | Once PBR rules installed, an information is printed in the main show bgp ipv4 flowspec detail information. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
| * bgpd: pbr support for port redirectingPhilippe Guibert2018-05-252-29/+235
| | | | | | | | | | | | | | Ability for BGP FS to convert some rules containining at least one address and one port information into a pbr_match_entry rule. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
| * bgpd: add 3 fields to ipset_entry : src,dst port, and protoPhilippe Guibert2018-05-252-0/+12
| | | | | | | | | | | | | | | | | | | | | | | | Those 3 fields are read and written between zebra and bgpd. This permits extending the ipset_entry structure. Combinatories will be possible: - filtering with one of the src/dst port. - filtering with one of the range src/ range dst port usage of src or dst is exclusive in a FS entry. - filtering a port or a port range based on either src or dst port. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
| * bgpd: do not account twice references to rule contextPhilippe Guibert2018-05-251-3/+7
| | | | | | | | | | | | | | | | | | When rule add transaction is sent from bgpd to zebra, the reference context must not be incremented while the confirmation message of install has not been sent back; unless if the transaction failed to be sent. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
| * bgpd: add missing ecommunity flowspec to displayPhilippe Guibert2018-05-251-19/+24
| | | | | | | | | | | | | | | | | | | | On some cases, the ecommunity flowspec for redirect vrf is not displayed in all cases. On top of that, display the values if ecom can no be decoded. Also, sub_type and type are changed from int to u_int8_t, because the values contains match the type and sub type of extended communities. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
| * zebra: update comment when calling pbr southbound interfacePhilippe Guibert2018-05-251-7/+2
| | | | | | | | | | | | Some documentation is updated. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
| * bgpd: improve flowspec update of route to NH/VRFPhilippe Guibert2018-05-251-2/+4
| | | | | | | | | | | | | | The debugging message in charge of showing if the route is added or witdrawn is changed accordingly to reflect this status. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
| * bgpd: add notify value in zlog notification message for pbrPhilippe Guibert2018-05-251-6/+6
| | | | | | | | | | | | notifications values from zebra related to pbr are dumped. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
| * zebra: handle iptable list of interfacesPhilippe Guibert2018-05-253-3/+55
| | | | | | | | | | | | | | | | | | Upon reception of an iptable_add or iptable_del, a list of interface indexes may be passed in the zapi interface. The list is converted in interface name so that it is ready to be passed to be programmed to the underlying system. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
| * zebra: add 3 fields to ipset_entry : src,dst port, and protoPhilippe Guibert2018-05-254-7/+94
| | | | | | | | | | | | | | | | | | | | | | | | Those 3 fields are read and written between zebra and bgpd. This permits extending the ipset_entry structure. Combinatories will be possible: - filtering with one of the src/dst port. - filtering with one of the range src/ range dst port usage of src or dst is exclusive in a FS entry. - filtering a port or a port range based on either src or dst port. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
| * zebra: pbr vty show command for ipset and iptablesPhilippe Guibert2018-05-253-0/+226
| | | | | | | | | | | | | | | | | | | | | | | | | | Two new vty show functions available: show pbr ipset <NAME> show pbr iptables <NAME> Those function dump the underlying "kernel" contexts. It relies on the zebra pbr contexts. This helps then to know which zebra pbr context has been configured since those contexts are mainly configured by BGP Flowspec. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
| * zebra: add netlink rule support for fwmark optionPhilippe Guibert2018-05-252-0/+8
| | | | | | | | | | | | | | | | When a mark is set, incoming traffic having that mark set can be redirected to a specific table identifier. This work is done through netlink. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
| * zebra: handle notification in case pbr ipset, or iptables is removedPhilippe Guibert2018-05-251-3/+13
| | | | | | | | | | | | | | | | In cast the removal of an iptable or an ipset pbr context is done, then a notification is sent back to the relevant daemon that sent the message. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
| * zebra: cleanup zebra policy contextPhilippe Guibert2018-05-251-0/+36
| | | | | | | | | | | | | | | | Upon the remote daemon leaving, some contexts may have to be flushed. This commit does the change. IPset and IPSet Entries and iptables are flushed. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
| * zebra: ipset and ipset entry deletion remove entry from hash list tooPhilippe Guibert2018-05-251-4/+6
| | | | | | | | | | | | | | This commit is a fix that removes the structure from the hash list, instead of just removing that structure. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
| * zebra: rework pbr ipset entryPhilippe Guibert2018-05-253-2/+8
| | | | | | | | | | | | | | | | Add ns_id into zebra_pbr ipset This is important so that each ipset entry knows on which NETNS the ipset entry must be inkected Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
* | Merge pull request #2307 from opensourcerouting/master-isis-tlv-copy-fixJafar Al-Gharaibeh2018-05-291-1/+1
|\ \ | | | | | | isisd: fix bug in tlv_copy of empty MT-router-info
| * | isisd: fix bug in tlv_copy of empty MT-router-infoChristian Franke2018-05-281-1/+1
| | |
* | | Merge pull request #2266 from chiragshah6/ospfv3_devJafar Al-Gharaibeh2018-05-293-32/+270
|\ \ \ | | | | | | | | ospf6d: Fix inter area prefix
| * | | ospf6d: Fix inter area prefixChirag Shah2018-05-213-32/+270
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Inter Area Prefix LSA ECMP is not working properly. Two ABRs advertising IAP routes to backbone, not installed with correct cost or if ABR restarted the route is removed from backbone. The current implementation ABR was not suppressing IAP update for prefix cost is not better or route is not installed. The better cost or path route was overwritten with non optimal cost. This caused a loop with nexthops pointing each other at backbone and non-backbone routers. Consider to only send BEST/installed route's IAP notification at ABRs. When receiving IAP update from multiple ABRs, preserve multiple advertising routers under the prefix route node. Upon LSA maxage only remove the advertising route's which is impacted and update route's nexthops and update FIB. Testing Done: Top to Bottom is part of area 0 on the Right, and from Left side in area 1. Top and Bottom act as ABRs. H1 route is sent as Inter-Area Prefix to Right. Trigger multiple triggers for ABR routes. 1) Shutting down link between, top to right to eliminate nhs 2) Restart frr at Top. 3) Restart frr at Right. +-----------+ . | ,'| Top |`. / . | \ ,' ,'+.----------+`. `. / / ` `. \ ', ,' ,' ,' \ `. . - / ` `. ', `, ,` ,` ,' \ \ \ ' - ` `. `, `, +--------+ +--`--`--`--+ +---'---'--'+ +--------+ | | | | | | | | | H1 ------ Left | | Right ------ H2 | | | | | | | | | +--------+ +-----------+ +----.--,-,-+ +--------+ `. ` \ - / / \ `. ` ,' .` ` ' . \ / / ' `. \ `. ` / ,' \ ` . ,` / / `. `. . / / / \ . \ ,' ' / ' '--'--------+,'.` `.| - / ' mid1 |/ | - +-----------+ Signed-off-by: Chirag Shah <chirag@cumulusnetworks.com>
* | | | Merge pull request #2312 from opensourcerouting/master-malloc-0-fixDonald Sharp2018-05-291-1/+4
|\ \ \ \ | | | | | | | | | | lib: make allocators work for allocation sizes of 0
| * | | | lib: make allocators work for allocation sizes of 0Christian Franke2018-05-291-1/+4
|/ / / / | | | | | | | | | | | | | | | | Fixes: #2155 Signed-off-by: Christian Franke <chris@opensourcerouting.org>
* | | | Merge pull request #2310 from opensourcerouting/master-gitignore-pytest-cacheQuentin Young2018-05-291-0/+1
|\ \ \ \ | |_|/ / |/| | | tests: add pytest cache to gitignore
| * | | tests: add pytest cache to gitignoreChristian Franke2018-05-281-0/+1
|/ / /
* | | Merge pull request #2248 from ppmathis/enhancement/bgp-adjacent-routesJafar Al-Gharaibeh2018-05-272-59/+78
|\ \ \ | | | | | | | | bgpd: Improve show commands for adjacent routes (advertised/received-routes)
| * | | bgpd: Fix memleak, adapt adv- to recv-routes codePascal Mathis2018-05-161-20/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit tries to adapt a similar codeflow within the `show bgp [afi] [safi] neighbor <neighbor> advertised-routes` command compared to its `received-routes` and `filtered-routes` opponents. Some branching code has been restructured to achieve this. Additionally, this commit fixes a memory leak within `received-routes` (and `filtered-routes`, although the issue has been present before the previous commit!) where the previous implementation forgot to deduplicate the BGP attributes. When a user called `<...> received-routes route-map <RM-TEST>` and that routemap changed any AS path or community parameters, the duplicated memory for these parameters was never freed. This has been fixed by ensuring to call `bgp_attr_undup()` accordingly. Signed-off-by: Pascal Mathis <mail@pascalmathis.com>
| * | | bgpd: Implement new adjacent route show commandsPascal Mathis2018-05-162-42/+61
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit changes the behavior of `show bgp [afi] [safi] neighbor <neighbor> received-routes [json]` to return all received prefixes instead of filtering rejected/denied prefixes. Compared to Cisco and Juniper products, this is the usual way how this command is supposed to work, as `show bgp [afi] [safi] neighbor <neighbor> routes` will already return all accepted prefixes. Additionally, the new command `show bgp [afi] [safi] neighbor <neighbor> filtered-routes` has been added, which returns a list of all prefixes that got filtered away, so it can be roughly described as a subset of "received prefixes - accepted prefixes". As the already available `filtered_count` variable inside `show_adj_route` has not been used before, the last output line summarizing the amount of prefixes found was extended to also mention the amount of filtered prefixes if present. Signed-off-by: Pascal Mathis <mail@pascalmathis.com>
* | | | Merge pull request #2283 from donaldsharp/ignore_some_moreRuss White2018-05-278-114/+160
|\ \ \ \ | | | | | | | | | | zebra: netlink cleanups
| * | | | zebra: Fix RULE notification netlink messagesDonald Sharp2018-05-241-5/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix the code so that we would actually start receiving RULE netlink notifications. The Kernel expects the long long to be a bit field value, while the newer netlink message types are an enum. So we need to convert the message type number to a bit position and set that value. Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
| * | | | zebra: Remove unnecessary function parameterDonald Sharp2018-05-248-67/+46
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The snl variable is no longer needed to be passed around, so remove it from the calling path. Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
| * | | | zebra: Move where we check for non-kernel netlink messagesDonald Sharp2018-05-241-6/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Move where we check for non-kernel netlink messages to a slightly earlier spot. This will allow in subsuquent commits the removal of an extra parameter that needs to be passed around. Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
| * | | | zebra: Ignore most netlink notifications from ourselvesDonald Sharp2018-05-241-39/+88
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The BPF filter was an exclusion list of netlink messages we did not want to receive from our self. The problem with this is that the exclusion list was and will be ever growing. So switch the test around to an inclusion list since it is shorter and not growing. Right now this is RTM_NEWADDR and RTM_DELADDR. Change some of the debug messages to error messages so that when something slips through and it is unexpected during development we will see the problem. Also try to improve the documentation about what the filter is doing and leave some breadcrumbs for future developers to know where to change code when new functionality is added. Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
* | | | Merge pull request #2291 from qlyoung/top-cleanupRuss White2018-05-273-30/+0
|\ \ \ \ | | | | | | | | | | *: remove update-autotools
| * | | | *: remove update-autotoolsQuentin Young2018-05-253-30/+0
| |/ / / | | | | | | | | | | | | Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>