| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\
| |
| | |
Flowspec complement : port support and policy routing per interface and plugin wrapper
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
On the case where an mp_unreach attribute is received, while there is no
mp_reach attribute too, it is not necessary to check for missing
attributes.
Fixes: 67495ddb2e5b ("bgpd: Fixes for recent well-known-attr check patch.")
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Sometimes at startup, BGP Flowspec may be allocated a routing table
identifier not in the range of the predefined table range.
This issue is due to the fact that BGP peering goes up, while the BGP
did not yet retrieve the Table Range allocator.
The fix is done so that BGP PBR entries are not installed while
routing table identifier range is not obtained. Once the routing table
identifier is obtained, parse the FS entries and check that all selected
entries are installed, and if not, install it.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Added following vty command:
[no] debug bgp pbr error
This permits dumping on the logs some errors related to PBR.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
On the case where an ecom from FS redirect is received, the ecom may be
with the format A.B.C.D:E. On this case, the printable format of the
Flowspec redirect VRF ecom value may use more bytes in the buffer
dedicated for that. The buffer that stores the ecommunity is increased.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
| | |
| |
| |
| |
| |
| |
| | |
By default, some debug traces were displayed. Those pbr traces are
hidden with 'debug bgp zebra' command.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
| | |
| |
| |
| |
| |
| |
| | |
The new enums for handling REMOVE failures are appended in the switch
case.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Currently, uninstall pbr rule is not handled by BGP notification
handler. So the uninstall update of the structure is done, immediately
after sending the request of uninstall to zebra.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
| | |
| |
| |
| |
| |
| |
| | |
In order to have a clean structure, a reset is done before using the
struct nexthop.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
There are cases where a redirect IP or redirect VRF stops the ecom
parsing, then ignores a subsequent rate value, letting passed value to
0. Consequently, a new table identifier may be elected, despite the
routing procedure is the same. This fix ignores the rate value in bpa
list.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
| | |
| |
| |
| |
| |
| |
| | |
The ecommunity was badly read. This fix ensures that all ecom are reads
and stored in local structure.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
policy routing is configurable via address-family ipv4 flowspec
subfamily node. This is then possible to restrict flowspec operation
through the BGP instance, to a single or some interfaces, but not all.
Two commands available:
[no] local-install [IFNAME]
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
| | |
| |
| |
| |
| |
| |
| | |
Once PBR rules installed, an information is printed in the main
show bgp ipv4 flowspec detail information.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
| | |
| |
| |
| |
| |
| |
| | |
Ability for BGP FS to convert some rules containining at least one
address and one port information into a pbr_match_entry rule.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Those 3 fields are read and written between zebra and bgpd.
This permits extending the ipset_entry structure.
Combinatories will be possible:
- filtering with one of the src/dst port.
- filtering with one of the range src/ range dst port
usage of src or dst is exclusive in a FS entry.
- filtering a port or a port range based on either src or dst port.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
When rule add transaction is sent from bgpd to zebra, the reference
context must not be incremented while the confirmation message of
install has not been sent back; unless if the transaction failed to be
sent.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
On some cases, the ecommunity flowspec for redirect vrf is not displayed
in all cases. On top of that, display the values if ecom can no be
decoded.
Also, sub_type and type are changed from int to u_int8_t, because the
values contains match the type and sub type of extended communities.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
| | |
| |
| |
| |
| |
| |
| | |
The debugging message in charge of showing if the route is added or
witdrawn is changed accordingly to reflect this status.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
| | |
| |
| |
| |
| |
| | |
notifications values from zebra related to pbr are dumped.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
| |\ \
| | |
| | | |
bgpd: Improve show commands for adjacent routes (advertised/received-routes)
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This commit tries to adapt a similar codeflow within the `show bgp [afi]
[safi] neighbor <neighbor> advertised-routes` command compared to its
`received-routes` and `filtered-routes` opponents. Some branching code
has been restructured to achieve this.
Additionally, this commit fixes a memory leak within `received-routes`
(and `filtered-routes`, although the issue has been present before the
previous commit!) where the previous implementation forgot to
deduplicate the BGP attributes.
When a user called `<...> received-routes route-map <RM-TEST>` and that
routemap changed any AS path or community parameters, the duplicated
memory for these parameters was never freed. This has been fixed by
ensuring to call `bgp_attr_undup()` accordingly.
Signed-off-by: Pascal Mathis <mail@pascalmathis.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This commit changes the behavior of `show bgp [afi] [safi] neighbor
<neighbor> received-routes [json]` to return all received prefixes
instead of filtering rejected/denied prefixes.
Compared to Cisco and Juniper products, this is the usual way how this
command is supposed to work, as `show bgp [afi] [safi] neighbor
<neighbor> routes` will already return all accepted prefixes.
Additionally, the new command `show bgp [afi] [safi] neighbor <neighbor>
filtered-routes` has been added, which returns a list of all prefixes
that got filtered away, so it can be roughly described as a subset of
"received prefixes - accepted prefixes".
As the already available `filtered_count` variable inside
`show_adj_route` has not been used before, the last output line
summarizing the amount of prefixes found was extended to also mention
the amount of filtered prefixes if present.
Signed-off-by: Pascal Mathis <mail@pascalmathis.com>
|
| |\ \ \
| | | |
| | | | |
sort vni's
|
| | | |/
| |/|
| | |
| | | |
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
This command should unset the label (instead of wrongly
setting to "auto")
Signed-off-by: G. Paul Ziemba <paulz@labn.net>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Added improved error message text to other places that could also
encounter the same condition. In testing found that in certain
case, duplicate error messages were previously issued. This fix
also removes the duplicates.
Signed-off-by: Don Slice <dslice@cumulusnetworks.com>
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Problem reported due to tab completion showing all possible peers
in every vrf, but when neighbor in wrong vrf entered "no such
neighbor" is the error message. Making it slightly more clear
with "no such neighbor in the view/vrf" to clue the user that they
may have specified the wrong vrf.
Signed-off-by: Don Slice <dslice@cumulusnetworks.com>
|
| |\ \
| | |
| | | |
Evpn SA/CI issues found
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Move the list_delete_and_null of the virt->vrfs code to
the actual deletion function to ensure proper lifecycle.
This assumption allows us to know that irt->vrfs is always
true so remove the NULL check on it.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The irt->vnis list was being freed on going down,
but actually delete it from the deletion function. Then
we can know that the irt->vnis is a valid list anywhere
we have a irt pointer.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
The attr->ecommunity may be null coming into the function
at this point. Ensure that it is.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |\ \ \
| | | |
| | | | |
bgpd: Fix use of uninitialized variable
|
| | |/ /
| | |
| | |
| | | |
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |\ \ \
| | | |
| | | | |
*: remove -r from daemons except zebra
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This option is only implemented by 4 daemons:
- BGPD
- RIPD
- RIPNGD
- Zebra
Manpages and documentation say that the option causes routes to not be
uninstalled from zebra when the daemon terminates. This is true for RIPD
and RIPNGD. This is not true for BGPD; in that daemon it only prevents
transmission of Cease / Peer Unconfig NOTIFICATION messages to peers.
Moreover, when any daemon disconnects from Zebra, all of its routes are
uninstalled from Zebra and the kernel regardless of this option,
rendering the option largely vestigial.
It is still useful in Zebra, where it prevents all routes from being
uninstalled when Zebra shuts down, so it is left there.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
|
| |/ /
| |
| |
| |
| |
| |
| |
| | |
There exists code paths where the rn was being used after free.
This eliminates these code paths.
Fixes: CM-21019
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |\ \
| | |
| | | |
bgpd: fix NHT free when nht_info is null (fixes crash)
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Lou Berger <lberger@labn.net>
|
| |\ \ \
| | | |
| | | | |
bgpd: Respect AFI/SAFI when hard-clearing a peer
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The current implementation does not respect the AFI+SAFI combination of
a peer when executing a non-soft (hard) clear. An example would be the
command `clear bgp ipv4 unicast *`, which will clear all BGP peers, even
those that do not have IPv4-Unicast activated.
This commit fixes that behavior by applying the same rules to both soft
and hard clear commands, so that peers without a matching AFI+SAFI
combination will be no longer modified.
Additionally, this commit adds warning messages to all `clear bgp
[<afi>] [<safi>] <target>` commands when no matching peers with the given
AFI+SAFI combination could be found.
Both existing and new warning messages have been extended to also
mention the AFI+SAFI combination that is missing, which is more helpful
to the user than a generic expression 'No peer configured'.
Signed-off-by: Pascal Mathis <mail@pascalmathis.com>
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |\ \ \ \
| |_|_|/
|/| | | |
3 SA issues fixed.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The creation of a temporary string for the ecommunity
was being leaked when debugging is enabled. Write
a bit of code to prevent this.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The bgp_info_extra_get call gets the extra pointer, which
is also needed for the setlabels() call, so move the call
to above the setlabels.
Also remove an unnecessary test of a pointer since we
have already dereferenced it by the time we are testing
for it's existence.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |\ \ \ \
| | | | |
| | | | | |
bgpd: add an option for RT auto-derivation to use RFC 8635.
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
RFC 8635 explains how RT auto-derivation should be done in section
5.1.2.1 [1]. In addition to encoding the VNI in the lowest bytes, a
3-bit field is used to encode a namespace. For VXLAN, we have to put 1
in this field. This is needed for proper interoperability with RT
auto-derivation in JunOS. Since this would break existing setup, an
additional option, "autort rfc8365-compatible" is used.
[1]: https://tools.ietf.org/html/rfc8365#section-5.1.2.1
Signed-off-by: Vincent Bernat <vincent@bernat.im>
|
| |\ \ \ \ \
| |_|/ / /
|/| | | | |
Ubuntu 18.04 fixes
|
| | | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
bgpd: Improve JSON support for large communities
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
The current implementation of building JSON output is greatly different
for large communities compared to standard communities. This is mainly
noticeable by the missing 'list' attribute, which usually offers an
array of all communities present on a BGP route.
This commit adds the missing functionality of properly returning a
'list' attribute in JSON output and also tries a similar approach like
the standard communities are using to implement this feature.
Additionally, the 'format' specifier has been completely removed from
large communities string/JSON rendering, as the official RFC8092 specifies that
there is only one canonical representation:
> The canonical representation of BGP Large Communities is three
> separate unsigned integers in decimal notation in the following
> order: Global Administrator, Local Data 1, Local Data 2. Numbers
> MUST NOT contain leading zeros; a zero value MUST be represented with
> a single zero. Each number is separated from the next by a single
> colon. For example: 64496:4294967295:2, 64496:0:0.
As the 'format' specifier has not been used/checked and only one
canonical representation exists per today, there was no reason to keep
the 'format' parameter in the function signature.
Last but not least, the struct attribute 'community_entry.config' is no
longer being used for large communities and instead 'lcommunity_str' is
being called to maintain a similar approach to standard communities.
As a side effect, this also fixed a memory leak inside 'community_entry_free'
which did not free the allocated memory for the 'config' attribute when
dealing with a large community.
Signed-off-by: Pascal Mathis <mail@pascalmathis.com>
|
