| Commit message (Collapse) | Author | Age | Files | Lines |
|\
| |
| | |
Flowspec complement : port support and policy routing per interface and plugin wrapper
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
On the case where an mp_unreach attribute is received, while there is no
mp_reach attribute too, it is not necessary to check for missing
attributes.
Fixes: 67495ddb2e5b ("bgpd: Fixes for recent well-known-attr check patch.")
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Sometimes at startup, BGP Flowspec may be allocated a routing table
identifier not in the range of the predefined table range.
This issue is due to the fact that BGP peering goes up, while the BGP
did not yet retrieve the Table Range allocator.
The fix is done so that BGP PBR entries are not installed while
routing table identifier range is not obtained. Once the routing table
identifier is obtained, parse the FS entries and check that all selected
entries are installed, and if not, install it.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Added following vty command:
[no] debug bgp pbr error
This permits dumping on the logs some errors related to PBR.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
On the case where an ecom from FS redirect is received, the ecom may be
with the format A.B.C.D:E. On this case, the printable format of the
Flowspec redirect VRF ecom value may use more bytes in the buffer
dedicated for that. The buffer that stores the ecommunity is increased.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
| |
| |
| |
| |
| |
| |
| | |
By default, some debug traces were displayed. Those pbr traces are
hidden with 'debug bgp zebra' command.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
| |
| |
| |
| |
| |
| |
| | |
The new enums for handling REMOVE failures are appended in the switch
case.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
The notification handler consecutive to an add/remove of a rule in zebra
is being added the FAIL_REMOVE flag. It is mapped on REMOVE flag
behaviour for now.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
Currently, uninstall pbr rule is not handled by BGP notification
handler. So the uninstall update of the structure is done, immediately
after sending the request of uninstall to zebra.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
After PBR or BGP sends back a request for sending a rule/ipset/ipset
entry/iptable delete, there may be issue in deleting it. A notification
is sent back with a new value indicating that the removal failed.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
This hook can be used if the plugin module wrap_script is used.
This hook is called to dump the debugging status of this module, on the
vty.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The following PBR handlers: ipset, and iptables will prioritary
call the hook from a possible plugin.
If a plugin is attached, then it will return a positive value.
That is why the return status is tested against 0 value, since that
means that there are no plugin module plugged
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
| |
| |
| |
| |
| |
| |
| | |
In order to have a clean structure, a reset is done before using the
struct nexthop.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
There are cases where a redirect IP or redirect VRF stops the ecom
parsing, then ignores a subsequent rate value, letting passed value to
0. Consequently, a new table identifier may be elected, despite the
routing procedure is the same. This fix ignores the rate value in bpa
list.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
| |
| |
| |
| |
| |
| |
| | |
The ecommunity was badly read. This fix ensures that all ecom are reads
and stored in local structure.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
policy routing is configurable via address-family ipv4 flowspec
subfamily node. This is then possible to restrict flowspec operation
through the BGP instance, to a single or some interfaces, but not all.
Two commands available:
[no] local-install [IFNAME]
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
| |
| |
| |
| |
| |
| |
| | |
Once PBR rules installed, an information is printed in the main
show bgp ipv4 flowspec detail information.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
| |
| |
| |
| |
| |
| |
| | |
Ability for BGP FS to convert some rules containining at least one
address and one port information into a pbr_match_entry rule.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Those 3 fields are read and written between zebra and bgpd.
This permits extending the ipset_entry structure.
Combinatories will be possible:
- filtering with one of the src/dst port.
- filtering with one of the range src/ range dst port
usage of src or dst is exclusive in a FS entry.
- filtering a port or a port range based on either src or dst port.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When rule add transaction is sent from bgpd to zebra, the reference
context must not be incremented while the confirmation message of
install has not been sent back; unless if the transaction failed to be
sent.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
On some cases, the ecommunity flowspec for redirect vrf is not displayed
in all cases. On top of that, display the values if ecom can no be
decoded.
Also, sub_type and type are changed from int to u_int8_t, because the
values contains match the type and sub type of extended communities.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
| |
| |
| |
| |
| |
| | |
Some documentation is updated.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
| |
| |
| |
| |
| |
| |
| | |
The debugging message in charge of showing if the route is added or
witdrawn is changed accordingly to reflect this status.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
| |
| |
| |
| |
| |
| | |
notifications values from zebra related to pbr are dumped.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Upon reception of an iptable_add or iptable_del, a list of interface
indexes may be passed in the zapi interface. The list is converted in
interface name so that it is ready to be passed to be programmed to the
underlying system.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Those 3 fields are read and written between zebra and bgpd.
This permits extending the ipset_entry structure.
Combinatories will be possible:
- filtering with one of the src/dst port.
- filtering with one of the range src/ range dst port
usage of src or dst is exclusive in a FS entry.
- filtering a port or a port range based on either src or dst port.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Two new vty show functions available:
show pbr ipset <NAME>
show pbr iptables <NAME>
Those function dump the underlying "kernel" contexts. It relies on the
zebra pbr contexts. This helps then to know which zebra pbr
context has been configured since those contexts are mainly configured
by BGP Flowspec.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
When a mark is set, incoming traffic having that mark set can be
redirected to a specific table identifier. This work is done through
netlink.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
In cast the removal of an iptable or an ipset pbr context is done,
then a notification is sent back to the relevant daemon that sent the
message.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
Upon the remote daemon leaving, some contexts may have to be flushed.
This commit does the change. IPset and IPSet Entries and iptables are
flushed.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
| |
| |
| |
| |
| |
| |
| | |
This commit is a fix that removes the structure from the hash list,
instead of just removing that structure.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
Add ns_id into zebra_pbr ipset
This is important so that each ipset entry knows on which NETNS the
ipset entry must be inkected
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
|\ \
| | |
| | | |
isisd: fix bug in tlv_copy of empty MT-router-info
|
| | | |
|
|\ \ \
| | | |
| | | | |
ospf6d: Fix inter area prefix
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Inter Area Prefix LSA ECMP is not working properly.
Two ABRs advertising IAP routes to backbone, not installed
with correct cost or if ABR restarted the route is removed
from backbone.
The current implementation ABR was not suppressing IAP update
for prefix cost is not better or route is not installed.
The better cost or path route was overwritten with non optimal
cost. This caused a loop with nexthops pointing each other
at backbone and non-backbone routers.
Consider to only send BEST/installed route's IAP notification
at ABRs.
When receiving IAP update from multiple ABRs, preserve multiple
advertising routers under the prefix route node.
Upon LSA maxage only remove the advertising route's which is
impacted and update route's nexthops and update FIB.
Testing Done:
Top to Bottom is part of area 0 on the Right, and
from Left side in area 1.
Top and Bottom act as ABRs.
H1 route is sent as Inter-Area Prefix to Right.
Trigger multiple triggers for ABR routes.
1) Shutting down link between, top to right to eliminate nhs
2) Restart frr at Top.
3) Restart frr at Right.
+-----------+
. |
,'| Top |`.
/ . | \
,' ,'+.----------+`. `.
/ / ` `. \ ',
,' ,' ,' \ `. .
- / ` `. ', `,
,` ,` ,' \ \ \
' - ` `. `, `,
+--------+ +--`--`--`--+ +---'---'--'+ +--------+
| | | | | | | |
| H1 ------ Left | | Right ------ H2 |
| | | | | | | |
+--------+ +-----------+ +----.--,-,-+ +--------+
`. ` \ - / /
\ `. ` ,' .` `
' . \ / / '
`. \ `. ` / ,'
\ ` . ,` / /
`. `. . / / /
\ . \ ,' ' /
' '--'--------+,'.`
`.| - /
' mid1 |/
| -
+-----------+
Signed-off-by: Chirag Shah <chirag@cumulusnetworks.com>
|
|\ \ \ \
| | | | |
| | | | | |
lib: make allocators work for allocation sizes of 0
|
|/ / / /
| | | |
| | | |
| | | |
| | | | |
Fixes: #2155
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
|
|\ \ \ \
| |_|/ /
|/| | | |
tests: add pytest cache to gitignore
|
|/ / / |
|
|\ \ \
| | | |
| | | | |
bgpd: Improve show commands for adjacent routes (advertised/received-routes)
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This commit tries to adapt a similar codeflow within the `show bgp [afi]
[safi] neighbor <neighbor> advertised-routes` command compared to its
`received-routes` and `filtered-routes` opponents. Some branching code
has been restructured to achieve this.
Additionally, this commit fixes a memory leak within `received-routes`
(and `filtered-routes`, although the issue has been present before the
previous commit!) where the previous implementation forgot to
deduplicate the BGP attributes.
When a user called `<...> received-routes route-map <RM-TEST>` and that
routemap changed any AS path or community parameters, the duplicated
memory for these parameters was never freed. This has been fixed by
ensuring to call `bgp_attr_undup()` accordingly.
Signed-off-by: Pascal Mathis <mail@pascalmathis.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This commit changes the behavior of `show bgp [afi] [safi] neighbor
<neighbor> received-routes [json]` to return all received prefixes
instead of filtering rejected/denied prefixes.
Compared to Cisco and Juniper products, this is the usual way how this
command is supposed to work, as `show bgp [afi] [safi] neighbor
<neighbor> routes` will already return all accepted prefixes.
Additionally, the new command `show bgp [afi] [safi] neighbor <neighbor>
filtered-routes` has been added, which returns a list of all prefixes
that got filtered away, so it can be roughly described as a subset of
"received prefixes - accepted prefixes".
As the already available `filtered_count` variable inside
`show_adj_route` has not been used before, the last output line
summarizing the amount of prefixes found was extended to also mention
the amount of filtered prefixes if present.
Signed-off-by: Pascal Mathis <mail@pascalmathis.com>
|
|\ \ \ \
| | | | |
| | | | | |
zebra: netlink cleanups
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Fix the code so that we would actually start receiving
RULE netlink notifications.
The Kernel expects the long long to be a bit field
value, while the newer netlink message types are
an enum. So we need to convert the message type
number to a bit position and set that value.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The snl variable is no longer needed to be passed around, so
remove it from the calling path.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Move where we check for non-kernel netlink messages to
a slightly earlier spot. This will allow in subsuquent
commits the removal of an extra parameter that needs to
be passed around.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The BPF filter was an exclusion list of netlink messages
we did not want to receive from our self. The problem
with this is that the exclusion list was and will be
ever growing. So switch the test around to an inclusion
list since it is shorter and not growing. Right
now this is RTM_NEWADDR and RTM_DELADDR.
Change some of the debug messages to error messages
so that when something slips through and it is unexpected
during development we will see the problem.
Also try to improve the documentation about what
the filter is doing and leave some breadcrumbs for
future developers to know where to change code
when new functionality is added.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
|\ \ \ \
| | | | |
| | | | | |
*: remove update-autotools
|
| |/ / /
| | | |
| | | |
| | | | |
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
|