| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
There is no need to check for failure of a ALLOC call
as that any failure to do so will result in a assert
happening. So we can safely remove all of this code.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |
|
|
|
|
|
| |
* Add log messages to indicate when we have run out of table IDs
* Increase minimum range size to 1000 to reduce risk of hitting this
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
|
| |
|
|
|
|
| |
Per request
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
|
| |
|
|
| |
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
|
| |
|
|
| |
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
|
| |
|
|
| |
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
|
| |
|
|
|
|
|
|
| |
The notification handler consecutive to an add/remove of a rule in zebra
is being added the FAIL_REMOVE flag. It is mapped on REMOVE flag
behaviour for now.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
| |
|
|
|
|
|
|
|
| |
The buffer size was insufficiently sized to hold the
entirety of the data being passed in.
Modify the nht code to use a bit bigger buffer.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |
|
|
|
|
|
|
|
| |
The range for sequence numbers needs to be limited
by the range we have currently choosen for rule
ranges.
Ticket: CM-20562
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |
|
|
|
|
| |
A null 4-byte long fwmark is encoded in pbr rule.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since we are writing into the name field which is PBR_MAP_NAMELEN
size, we are expecting this to field to be at max 100 bytes.
Newer compilers understand that the %s portion may be up to
100 bytes( because of the size of the string. The %u portion
is expected to be 10 bytes. So in `theory` there are situations
where we might truncate. The reality this is never going to
happen( who is going to create a nexthop group name that is
over say 30 characters? ). As such we are expecting the
calling function to subtract 10 from the size_t l before
we pass it in to get around this new gcc fun.
Fixes: #2163
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
1) addr will never be non-null because of the way we build the cli
at this point in time, but the SA system does not understand this,
add a bread crumb for it.
2) Fix a possible memory leak of the pbr_ifp
3) Fix possible integer overflow when bit shifting.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |\
| |
| | |
Pbrd extra
|
| | |
| |
| |
| |
| |
| |
| | |
Use a proper decode function for a interface state change.
Ticket: CM-20489
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| | |
| |
| |
| | |
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
The pbrm->installed variable was being used only in a couple
of places and it has no real bearing on whether or not
we should install a rule or not. Remove this value.
Ticket: CM-20429
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| | |
| |
| |
| |
| |
| |
| | |
While compact, collapsing the various debugs into simply `debug pbr` if
all debugs are on is potentially confusing to users.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
|
| | |
| |
| |
| |
| |
| | |
Dev docs say that CLI goes in _vty.c files
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
|
| | |
| |
| |
| |
| |
| |
| | |
When a rule is deleted properly notice it in pbr.
Ticket: CM-20394
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Somewhere along the way the ability to install multiple
pbr-policys for the same pbr-map was lost.
Add this back. There is a limitation in that we are limited
to 64 interfaces per pbr-policy.
Ticket: CM-20429
Signed-off-by: Donald Sharp sharpd@cumulusnetworks.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When a nexthop group is modified do not assume that it
is not installed. The creation of the pnhgc is enough
to set the installed to false. If we are reinstalling
it is not needed to set it as not installed.
When a pbrms is being installed/removed check to see if it
is already installed/deleted and do the right thing from
there.
Ticket: CM-20371
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
There exists several places we attempt to re-install the
same rule. Figure out when we need to not make an attempt
at doing anything and do it.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Prevent the creation of a v6 LL nexthop that does not include an interface
for proper resolution.
Ticket: CM-20276
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Coverity #1467828
Coverity #1467827
Coverity #1467826
Coverity #1467825
Coverity #1467824
Coverity #1467823
Coverity #1467822
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
|
| | |
| |
| |
| |
| |
| | |
Coverity #1467832
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Removing a non-existent pbr-policy caused a pbr_interface to leak.
Coverity #1467829
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
|
| |/
|
|
|
|
|
|
|
|
| |
A user could overflow the pbr_ifp->mapname buffer by entering a pbr-map
name longer than 100 characters.
Coverity #1467821
Coverity #1467821
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
|
| |
|
|
|
|
|
|
|
|
| |
PBR is hooked up to receive access-list commands automatically,
as are all daemons, add the bit of code to allow the PBR
daemon to safely receive the command and ignore it for the
moment.
Ticket: CM-20569
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |
|
|
|
|
|
|
|
| |
When the last match criteria was removed (dst-ip or src-ip), we were
not deleting the rule correctly for ipv6. This fix retains the
needed src-ip/dst-ip during the pbr_send_pbr_map process so the
appropriate information is available for the rule delete.
Signed-off-by: Don Slice <dslice@cumulusnetworks.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Since PBR is meant to be for small deployments, allowing
end users to arbitrarily change rule and table ranges
without some more careful thought on what is going on
and how to do it, sets us up for issues.
At this time remove these knobs.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |
|
|
|
|
|
|
|
| |
When a command is attempted to be configed and it
fails to be installed, indicate via vtysh return
codes that we did not accept the command
Ticket: CM-20216
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |
|
|
|
|
|
|
|
| |
When displaying a pbr map sequence for a show run do not use the
vty_frame construct. We should display the config even if we
do not have much to display.
Ticket: CM-20196
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |
|
|
|
|
|
|
|
| |
The linux kernel puts the vrf rule at 1000, since pbr
rules need to be before this rule, don't allow us to go
beyond.
Ticket: CM-19946
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |
|
|
|
|
|
| |
If an interface is in the process of coming up or
partially deconfigured, prevent pbrd from crashing
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |
|
|
|
|
|
|
| |
If the match src-ip or dst-ip command entered has already
been received and it's the same prefix, we are done and
do not need to do anything more.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |
|
|
|
|
|
|
|
| |
When removing either the match dst or match src of a previously
valid pbr map, we would just try to re-install the rule which
was rejected. This fix deletes the old rule before we re-apply
the new rule.
Signed-off-by: Don Slice <dslice@cumulusnetworks.com>
|
| |
|
|
| |
Signed-off-by: Don Slice <dslice@cumulusnetworks.com>
|
| |
|
|
| |
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
|
| |
|
|
|
|
|
| |
If there are no PBR interfaces configured and we do a 'show run', pbrd
crashes with a NPD when it tries to dereference ifp->info.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
|
| |
|
|
|
|
|
|
|
| |
When we are entering 'set nexthop' and 'set nexthop-group'
ensure that the cli only allows one of these to happen
at a time.
Ticket: CM-20125
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The pbr_events.c file was a mistake in that it overly complicated
the code and made it hard to think about what was happening.
Remove all the events and just do the work where needed.
Additionally rethink the sending of the pbr map to
zebra and only send one notification at a time instead
of having the sending function attempt to figure out
what to do.
Clean up some of the no form of commands to make them
work properly.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Signed-off-by: Don Slice <dslice@cumulusnetworks.com>
|
| |
|
|
|
|
| |
There are a bunch of CI warnings that need to be cleaned up.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
|
|
This is an implementation of PBR for FRR.
This implemenation uses a combination of rules and
tables to determine how packets will flow.
PBR introduces a new concept of 'nexthop-groups' to
specify a group of nexthops that will be used for
ecmp. Nexthop-groups are specified on the cli via:
nexthop-group DONNA
nexthop 192.168.208.1
nexthop 192.168.209.1
nexthop 192.168.210.1
!
PBR sees the nexthop-group and installs these as a default
route with these nexthops starting at table 10000
robot# show pbr nexthop-groups
Nexthop-Group: DONNA Table: 10001 Valid: 1 Installed: 1
Valid: 1 nexthop 192.168.209.1
Valid: 1 nexthop 192.168.210.1
Valid: 1 nexthop 192.168.208.1
I have also introduced the ability to specify a table
in a 'show ip route table XXX' to see the specified tables.
robot# show ip route table 10001
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, P - PIM, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
F - PBR,
> - selected route, * - FIB route
F>* 0.0.0.0/0 [0/0] via 192.168.208.1, enp0s8, 00:14:25
* via 192.168.209.1, enp0s9, 00:14:25
* via 192.168.210.1, enp0s10, 00:14:25
PBR tracks PBR-MAPS via the pbr-map command:
!
pbr-map EVA seq 10
match src-ip 4.3.4.0/24
set nexthop-group DONNA
!
pbr-map EVA seq 20
match dst-ip 4.3.5.0/24
set nexthop-group DONNA
!
pbr-maps can have 'match src-ip <prefix>' and 'match dst-ip <prefix>'
to affect decisions about incoming packets. Additionally if you
only have one nexthop to use for a pbr-map you do not need
to setup a nexthop-group and can specify 'set nexthop XXXX'.
To apply the pbr-map to an incoming interface you do this:
interface enp0s10
pbr-policy EVA
!
When a pbr-map is applied to interfaces it can be installed
into the kernel as a rule:
[sharpd@robot frr1]$ ip rule show
0: from all lookup local
309: from 4.3.4.0/24 iif enp0s10 lookup 10001
319: from all to 4.3.5.0/24 iif enp0s10 lookup 10001
1000: from all lookup [l3mdev-table]
32766: from all lookup main
32767: from all lookup default
[sharpd@robot frr1]$ ip route show table 10001
default proto pbr metric 20
nexthop via 192.168.208.1 dev enp0s8 weight 1
nexthop via 192.168.209.1 dev enp0s9 weight 1
nexthop via 192.168.210.1 dev enp0s10 weight 1
The linux kernel now will use the rules and tables to properly
apply these policies.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Signed-off-by: Don Slice <dslice@cumulusnetworks.com>
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
|
