| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
Used as a bool, treated as a bool. Make it a bool
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
|
| |
|
|
|
|
|
|
|
| |
All other parsing functions done from bgp_nlri_parse() assume
no attributes == an implicit withdrawal. Let's move
bgp_nlri_parse_flowspec() into the same alignment.
Reported-by: Matteo Memelli <mmemelli@amazon.it>
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
|
| |
|
|
|
|
|
|
|
|
| |
According to the flowspec RFC 8955 a flowspec nlri is <length, <nlri data>>
Specifying 0 as a length makes BGP get all warm on the inside. Which
in this case is not a good thing at all. Prevent warmth, stay cold
on the inside.
Reported-by: Iggy Frankovic <iggyfran@amazon.com>
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
|
| |
|
|
|
|
| |
It's not used at all.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
|
| |
|
|
|
|
| |
Done with a combination of regex'ing and banging my head against a wall.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
|
| |
|
|
|
|
|
|
|
| |
These two functions always return 0. As such any and all
tests against this make no sense. Remove the return 0
to a void and follow the chain, logically, to remove all
the dead code.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
|
| |
|
|
|
|
|
| |
Wrong: memset(&a, 0, sizeof(struct ...));
Good: memset(&a, 0, sizeof(a));
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
|
| |
|
|
|
|
| |
This is an extra work before moving attr->ecommunity to attra_extra struct.
Signed-off-by: Donatas Abraitis <donatas.abraitis@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
in ipv6 flowspec, a new type is defined to be able to do filtering rules
based on 20 bits flow label field as depicted in [0]. The change include
the decoding by flowspec, and the addition of a new attribute in policy
routing rule, so that the data is ready to be sent to zebra.
The commit also includes a check on fragment option, since dont fragment
bit does not exist in ipv6, the value should always be set to 0,
otherwise the flowspec rule becomes invalid.
[0] https://tools.ietf.org/html/draft-ietf-idr-flow-spec-v6-09
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
| |
|
|
|
|
|
|
|
|
| |
as per [0], ipv6 adress format introduces an ipv6 offset that needs to
be extracted too. The change include the validation, decoding for
further usage with policy-routing and decoding for dumping.
[0] https://tools.ietf.org/html/draft-ietf-idr-flow-spec-v6-09
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
| |
|
|
|
|
|
|
|
|
| |
until now, the assumption was done in bgp flowspec code that the
information contained was an ipv4 flowspec prefix. now that it is
possible to handle ipv4 or ipv6 flowspec prefixes, that information is
stored in prefix_flowspec attribute. Also, some unlocking is done in
order to process ipv4 and ipv6 flowspec entries.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
| |
|
|
|
|
|
|
| |
the nlri flowspec above 240 bytes size was not handled.
Over 240 bytes, the length is 2 bytes length, and a calculation must be
done to obtain the real length. This commit handles it appropriately.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
| |
|
|
|
|
|
|
|
|
| |
When using maximum-prefix and count is overflow BGP
sends UPDATE message:
Apr 15 20:45:06 exit1-debian-9 bgpd[9818]: 192.168.0.2 [Error] Error parsing NLRI
Apr 15 20:45:06 exit1-debian-9 bgpd[9818]: %NOTIFICATION: sent to neighbor 192.168.0.2 3/10 (UPDATE Message Error/Invalid Network Field) 0 bytes
Signed-off-by: Donatas Abraitis <donatas.abraitis@gmail.com>
|
| |
|
|
| |
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
|
| |
|
|
| |
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
|
| |
|
|
| |
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
|
| |
|
|
|
|
|
|
| |
config.h (or, transitively, zebra.h) must be the first include file
listed for autoconf things like _GNU_SOURCE and _POSIX_C_SOURCE to work
correctly.
Signed-off-by: David Lamparter <equinox@diac24.net>
|
| |
|
|
|
|
|
|
|
|
| |
e.g.
pimd/pim_oil.c: In function ‘pim_channel_oil_dump’:
pimd/pim_oil.c:51:19: error: ‘%d’ directive writing between 1 and 11 bytes into a region of size 10 [-Werror=format-overflow=]
Build on gcc-8.2.0 is warning-free after this patch.
Signed-off-by: David Lamparter <equinox@diac24.net>
|
| |
|
|
| |
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
|
| |
|
|
| |
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |
|
|
| |
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |
|
|
|
|
|
|
| |
This commit removes various parts of the bgpd implementation code which
are unused/useless, e.g. unused functions, unused variable
initializations, unused structs, ...
Signed-off-by: Pascal Mathis <mail@pascalmathis.com>
|
| |
|
|
|
|
|
|
|
| |
As fragment bitmask and tcpflags bitmask in flowspec protocol is encoded
in the same way, it is not necessary to differentiate those two fields.
Moreover, it overrides the initial fragment limit set to 1. It is now
possible to handle multiple framgent values.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
| |
|
|
|
|
|
|
|
| |
With a new version of clang 6.0, the compiler is detecting more
issues where we may be possibly be truncating the output string.
Fix by increasing the size of the output string to make the compiler
happy.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |
|
|
|
|
|
|
| |
The creation of a temporary string for the ecommunity
was being leaked when debugging is enabled. Write
a bit of code to prevent this.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |
|
|
|
|
|
|
| |
The json format is returd when requested from the two commands:
- show bgp ipv4 flowspec
- show bgp ipv4 flowspec detail
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
| |
|
|
|
|
|
|
| |
It is possible to enhance debug bgp flowspec feature by using vty
command. This command, if enabled, will dump the match/set couple of
information received on NLRI.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
| |
|
|
|
|
|
|
|
| |
The changes introduce validation of NLRI FS entries at incoming, before
being pushed in FIB. Note that the so called validation only checks for
validity of the incoming flowspec nlri format, and not the validation as
per RFC5575.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
|
|
This work is derived from a work done by China-Telecom.
That initial work can be found in [0].
As the gap between frr and quagga is important, a reworks has been
done in the meantime.
The initial work consists of bringing the following:
- Bringing the client side of flowspec.
- the enhancement of address-family ipv4/ipv6 flowspec
- partial data path handling at reception has been prepared
- the support for ipv4 flowspec or ipv6 flowspec in BGP open messages,
and the internals of BGP has been done.
- the memory contexts necessary for flowspec has been provisioned
In addition to this work, the following has been done:
- the complement of adaptation for FS safi in bgp code
- the code checkstyle has been reworked so as to match frr checkstyle
- the processing of IPv6 FS NLRI is prevented
- the processing of FS NLRI is stopped ( temporary)
[0] https://github.com/chinatelecom-sdn-group/quagga_flowspec/
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Signed-off-by: jaydom <chinatelecom-sdn-group@github.com>
|
