// SPDX-License-Identifier: GPL-2.0-or-later /* * Copyright 2009-2016, LabN Consulting, L.L.C. */ /* * File: rfapi_import.c * Purpose: Handle import of routes from BGP to RFAPI */ #include "lib/zebra.h" #include "lib/prefix.h" #include "lib/agg_table.h" #include "lib/vty.h" #include "lib/memory.h" #include "lib/log.h" #include "lib/skiplist.h" #include "frrevent.h" #include "lib/stream.h" #include "lib/lib_errors.h" #include "bgpd/bgpd.h" #include "bgpd/bgp_ecommunity.h" #include "bgpd/bgp_attr.h" #include "bgpd/bgp_route.h" #include "bgpd/bgp_mplsvpn.h" /* prefix_rd2str() */ #include "bgpd/bgp_vnc_types.h" #include "bgpd/bgp_rd.h" #include "bgpd/rfapi/rfapi.h" #include "bgpd/rfapi/bgp_rfapi_cfg.h" #include "bgpd/rfapi/rfapi_backend.h" #include "bgpd/rfapi/rfapi_import.h" #include "bgpd/rfapi/rfapi_private.h" #include "bgpd/rfapi/rfapi_monitor.h" #include "bgpd/rfapi/rfapi_nve_addr.h" #include "bgpd/rfapi/rfapi_vty.h" #include "bgpd/rfapi/vnc_export_bgp.h" #include "bgpd/rfapi/vnc_export_bgp_p.h" #include "bgpd/rfapi/vnc_zebra.h" #include "bgpd/rfapi/vnc_import_bgp.h" #include "bgpd/rfapi/vnc_import_bgp_p.h" #include "bgpd/rfapi/rfapi_rib.h" #include "bgpd/rfapi/rfapi_encap_tlv.h" #include "bgpd/rfapi/vnc_debug.h" #ifdef HAVE_GLIBC_BACKTRACE /* for backtrace and friends */ #include #endif /* HAVE_GLIBC_BACKTRACE */ #undef DEBUG_MONITOR_MOVE_SHORTER #undef DEBUG_RETURNED_NHL #undef DEBUG_ROUTE_COUNTERS #undef DEBUG_ENCAP_MONITOR #undef DEBUG_L2_EXTRA #undef DEBUG_IT_NODES #undef DEBUG_BI_SEARCH /* * Allocated for each withdraw timer instance; freed when the timer * expires or is canceled */ struct rfapi_withdraw { struct rfapi_import_table *import_table; struct agg_node *node; struct bgp_path_info *info; safi_t safi; /* used only for bulk operations */ /* * For import table node reference count checking (i.e., debugging). * Normally when a timer expires, lockoffset should be 0. However, if * the timer expiration function is called directly (e.g., * rfapiExpireVpnNow), the node could be locked by a preceding * agg_route_top() or agg_route_next() in a loop, so we need to pass * this value in. */ int lockoffset; }; /* * DEBUG FUNCTION * It's evil and fiendish. It's compiler-dependent. * ? Might need LDFLAGS -rdynamic to produce all function names */ void rfapiDebugBacktrace(void) { #ifdef HAVE_GLIBC_BACKTRACE #define RFAPI_DEBUG_BACKTRACE_NENTRIES 200 void *buf[RFAPI_DEBUG_BACKTRACE_NENTRIES]; char **syms; size_t i; size_t size; size = backtrace(buf, RFAPI_DEBUG_BACKTRACE_NENTRIES); syms = backtrace_symbols(buf, size); for (i = 0; i < size && i < RFAPI_DEBUG_BACKTRACE_NENTRIES; ++i) { vnc_zlog_debug_verbose("backtrace[%2zu]: %s", i, syms[i]); } free(syms); #else #endif } /* * DEBUG FUNCTION * Count remote routes and compare with actively-maintained values. * Abort if they disagree. */ void rfapiCheckRouteCount(void) { struct bgp *bgp = bgp_get_default(); struct rfapi *h; struct rfapi_import_table *it; afi_t afi; assert(bgp); h = bgp->rfapi; assert(h); for (it = h->imports; it; it = it->next) { for (afi = AFI_IP; afi < AFI_MAX; ++afi) { struct agg_table *rt; struct agg_node *rn; int holddown_count = 0; int imported_count = 0; int remote_count = 0; rt = it->imported_vpn[afi]; for (rn = agg_route_top(rt); rn; rn = agg_route_next(rn)) { struct bgp_path_info *bpi; struct bgp_path_info *next; for (bpi = rn->info; bpi; bpi = next) { next = bpi->next; if (CHECK_FLAG(bpi->flags, BGP_PATH_REMOVED)) { ++holddown_count; } else { if (!RFAPI_LOCAL_BI(bpi)) { if (RFAPI_DIRECT_IMPORT_BI( bpi)) { ++imported_count; } else { ++remote_count; } } } } } if (it->holddown_count[afi] != holddown_count) { vnc_zlog_debug_verbose( "%s: it->holddown_count %d != holddown_count %d", __func__, it->holddown_count[afi], holddown_count); assert(0); } if (it->remote_count[afi] != remote_count) { vnc_zlog_debug_verbose( "%s: it->remote_count %d != remote_count %d", __func__, it->remote_count[afi], remote_count); assert(0); } if (it->imported_count[afi] != imported_count) { vnc_zlog_debug_verbose( "%s: it->imported_count %d != imported_count %d", __func__, it->imported_count[afi], imported_count); assert(0); } } } } #ifdef DEBUG_ROUTE_COUNTERS #define VNC_ITRCCK do {rfapiCheckRouteCount();} while (0) #else #define VNC_ITRCCK #endif /* * Validate reference count for a node in an import table * * Normally lockoffset is 0 for nodes in quiescent state. However, * agg_unlock_node will delete the node if it is called when * node->lock == 1, and we have to validate the refcount before * the node is deleted. In this case, we specify lockoffset 1. */ void rfapiCheckRefcount(struct agg_node *rn, safi_t safi, int lockoffset) { unsigned int count_bpi = 0; unsigned int count_monitor = 0; struct bgp_path_info *bpi; struct rfapi_monitor_encap *hme; struct rfapi_monitor_vpn *hmv; for (bpi = rn->info; bpi; bpi = bpi->next) ++count_bpi; if (rn->aggregate) { ++count_monitor; /* rfapi_it_extra */ switch (safi) { void *cursor; int rc; case SAFI_ENCAP: for (hme = RFAPI_MONITOR_ENCAP(rn); hme; hme = hme->next) ++count_monitor; break; case SAFI_MPLS_VPN: for (hmv = RFAPI_MONITOR_VPN(rn); hmv; hmv = hmv->next) ++count_monitor; if (RFAPI_MONITOR_EXTERIOR(rn)->source) { ++count_monitor; /* sl */ cursor = NULL; for (rc = skiplist_next( RFAPI_MONITOR_EXTERIOR(rn)->source, NULL, NULL, &cursor); !rc; rc = skiplist_next( RFAPI_MONITOR_EXTERIOR(rn)->source, NULL, NULL, &cursor)) { ++count_monitor; /* sl entry */ } } break; case SAFI_UNSPEC: case SAFI_UNICAST: case SAFI_MULTICAST: case SAFI_EVPN: case SAFI_LABELED_UNICAST: case SAFI_FLOWSPEC: case SAFI_MAX: assert(!"Passed in safi should be impossible"); } } if (count_bpi + count_monitor + lockoffset != agg_node_get_lock_count(rn)) { vnc_zlog_debug_verbose( "%s: count_bpi=%d, count_monitor=%d, lockoffset=%d, rn->lock=%d", __func__, count_bpi, count_monitor, lockoffset, agg_node_get_lock_count(rn)); assert(0); } } /* * Perform deferred rfapi_close operations that were queued * during callbacks. */ static wq_item_status rfapi_deferred_close_workfunc(struct work_queue *q, void *data) { struct rfapi_descriptor *rfd = data; struct rfapi *h = q->spec.data; assert(!(h->flags & RFAPI_INCALLBACK)); rfapi_close(rfd); vnc_zlog_debug_verbose("%s: completed deferred close on handle %p", __func__, rfd); return WQ_SUCCESS; } /* * Extract layer 2 option from Encap TLVS in BGP attrs */ int rfapiGetL2o(struct attr *attr, struct rfapi_l2address_option *l2o) { if (attr) { struct bgp_attr_encap_subtlv *pEncap; for (pEncap = bgp_attr_get_vnc_subtlvs(attr); pEncap; pEncap = pEncap->next) { if (pEncap->type == BGP_VNC_SUBTLV_TYPE_RFPOPTION) { if (pEncap->value[0] == RFAPI_VN_OPTION_TYPE_L2ADDR) { if (pEncap->value[1] == 14) { memcpy(l2o->macaddr.octet, pEncap->value + 2, ETH_ALEN); l2o->label = ((pEncap->value[10] >> 4) & 0x0f) + ((pEncap->value[9] << 4) & 0xff0) + ((pEncap->value[8] << 12) & 0xff000); l2o->local_nve_id = pEncap->value[12]; l2o->logical_net_id = (pEncap->value[15] & 0xff) + ((pEncap->value[14] << 8) & 0xff00) + ((pEncap->value[13] << 16) & 0xff0000); } return 0; } } } } return ENOENT; } /* * Extract the lifetime from the Tunnel Encap attribute of a route in * an import table */ int rfapiGetVncLifetime(struct attr *attr, uint32_t *lifetime) { struct bgp_attr_encap_subtlv *pEncap; *lifetime = RFAPI_INFINITE_LIFETIME; /* default to infinite */ if (attr) { for (pEncap = bgp_attr_get_vnc_subtlvs(attr); pEncap; pEncap = pEncap->next) { if (pEncap->type == BGP_VNC_SUBTLV_TYPE_LIFETIME) { /* lifetime */ if (pEncap->length == 4) { memcpy(lifetime, pEncap->value, 4); *lifetime = ntohl(*lifetime); return 0; } } } } return ENOENT; } /* * Look for UN address in Encap attribute */ int rfapiGetVncTunnelUnAddr(struct attr *attr, struct prefix *p) { struct bgp_attr_encap_subtlv *pEncap; bgp_encap_types tun_type = BGP_ENCAP_TYPE_MPLS;/*Default tunnel type*/ bgp_attr_extcom_tunnel_type(attr, &tun_type); if (tun_type == BGP_ENCAP_TYPE_MPLS) { if (!p) return 0; /* MPLS carries UN address in next hop */ rfapiNexthop2Prefix(attr, p); if (p->family != AF_UNSPEC) return 0; return ENOENT; } if (attr) { for (pEncap = attr->encap_subtlvs; pEncap; pEncap = pEncap->next) { if (pEncap->type == BGP_ENCAP_SUBTLV_TYPE_REMOTE_ENDPOINT) { /* un addr */ switch (pEncap->length) { case 8: if (p) { p->family = AF_INET; p->prefixlen = IPV4_MAX_BITLEN; memcpy(p->u.val, pEncap->value, 4); } return 0; case 20: if (p) { p->family = AF_INET6; p->prefixlen = IPV6_MAX_BITLEN; memcpy(p->u.val, pEncap->value, 16); } return 0; } } } } return ENOENT; } /* * Get UN address wherever it might be */ int rfapiGetUnAddrOfVpnBi(struct bgp_path_info *bpi, struct prefix *p) { /* If it's in this route's VNC attribute, we're done */ if (!rfapiGetVncTunnelUnAddr(bpi->attr, p)) return 0; /* * Otherwise, see if it's cached from a corresponding ENCAP SAFI * advertisement */ if (bpi->extra) { switch (bpi->extra->vnc.import.un_family) { case AF_INET: if (p) { p->family = bpi->extra->vnc.import.un_family; p->u.prefix4 = bpi->extra->vnc.import.un.addr4; p->prefixlen = IPV4_MAX_BITLEN; } return 0; case AF_INET6: if (p) { p->family = bpi->extra->vnc.import.un_family; p->u.prefix6 = bpi->extra->vnc.import.un.addr6; p->prefixlen = IPV6_MAX_BITLEN; } return 0; default: if (p) p->family = AF_UNSPEC; #ifdef DEBUG_ENCAP_MONITOR vnc_zlog_debug_verbose( "%s: bpi->extra->vnc.import.un_family is 0, no UN addr", __func__); #endif break; } } return ENOENT; } /* * Make a new bgp_path_info from gathered parameters */ static struct bgp_path_info *rfapiBgpInfoCreate(struct attr *attr, struct peer *peer, void *rfd, struct prefix_rd *prd, uint8_t type, uint8_t sub_type, uint32_t *label) { struct bgp_path_info *new; new = info_make(type, sub_type, 0, peer, attr, NULL); new->attr = bgp_attr_intern(attr); bgp_path_info_extra_get(new); if (prd) { new->extra->vnc.import.rd = *prd; new->extra->vnc.import.create_time = monotime(NULL); } if (label) encode_label(*label, &new->extra->label[0]); peer_lock(peer); return new; } /* * Frees bgp_path_info as used in import tables (parts are not * allocated exactly the way they are in the main RIBs) */ static void rfapiBgpInfoFree(struct bgp_path_info *goner) { if (!goner) return; if (goner->peer) { vnc_zlog_debug_verbose("%s: calling peer_unlock(%p), #%d", __func__, goner->peer, goner->peer->lock); peer_unlock(goner->peer); } bgp_attr_unintern(&goner->attr); if (goner->extra) bgp_path_info_extra_free(&goner->extra); XFREE(MTYPE_BGP_ROUTE, goner); } struct rfapi_import_table *rfapiMacImportTableGetNoAlloc(struct bgp *bgp, uint32_t lni) { struct rfapi *h; struct rfapi_import_table *it = NULL; uintptr_t lni_as_ptr = lni; h = bgp->rfapi; if (!h) return NULL; if (!h->import_mac) return NULL; if (skiplist_search(h->import_mac, (void *)lni_as_ptr, (void **)&it)) return NULL; return it; } struct rfapi_import_table *rfapiMacImportTableGet(struct bgp *bgp, uint32_t lni) { struct rfapi *h; struct rfapi_import_table *it = NULL; uintptr_t lni_as_ptr = lni; h = bgp->rfapi; assert(h); if (!h->import_mac) { /* default cmp is good enough for LNI */ h->import_mac = skiplist_new(0, NULL, NULL); } if (skiplist_search(h->import_mac, (void *)lni_as_ptr, (void **)&it)) { struct ecommunity *enew; struct ecommunity_val eval; afi_t afi; it = XCALLOC(MTYPE_RFAPI_IMPORTTABLE, sizeof(struct rfapi_import_table)); /* set RT list of new import table based on LNI */ memset((char *)&eval, 0, sizeof(eval)); eval.val[0] = 0; /* VNC L2VPN */ eval.val[1] = 2; /* VNC L2VPN */ eval.val[5] = (lni >> 16) & 0xff; eval.val[6] = (lni >> 8) & 0xff; eval.val[7] = (lni >> 0) & 0xff; enew = ecommunity_new(); ecommunity_add_val(enew, &eval, false, false); it->rt_import_list = enew; for (afi = AFI_IP; afi < AFI_MAX; ++afi) { it->imported_vpn[afi] = agg_table_init(); it->imported_encap[afi] = agg_table_init(); } it->l2_logical_net_id = lni; skiplist_insert(h->import_mac, (void *)lni_as_ptr, it); } assert(it); return it; } /* * Implement MONITOR_MOVE_SHORTER(original_node) from * RFAPI-Import-Event-Handling.txt * * Returns pointer to the list of moved monitors */ static struct rfapi_monitor_vpn * rfapiMonitorMoveShorter(struct agg_node *original_vpn_node, int lockoffset) { struct bgp_path_info *bpi; struct agg_node *par; struct rfapi_monitor_vpn *m; struct rfapi_monitor_vpn *mlast; struct rfapi_monitor_vpn *moved; int movecount = 0; int parent_already_refcounted = 0; RFAPI_CHECK_REFCOUNT(original_vpn_node, SAFI_MPLS_VPN, lockoffset); #ifdef DEBUG_MONITOR_MOVE_SHORTER { vnc_zlog_debug_verbose("%s: called with node pfx=%pFX", __func__, &original_vpn_node->p); } #endif /* * 1. If there is at least one bpi (either regular route or * route marked as withdrawn, with a pending timer) at * original_node with a valid UN address, we're done. Return. */ for (bpi = original_vpn_node->info; bpi; bpi = bpi->next) { struct prefix pfx; if (!rfapiGetUnAddrOfVpnBi(bpi, &pfx)) { #ifdef DEBUG_MONITOR_MOVE_SHORTER vnc_zlog_debug_verbose( "%s: have valid UN at original node, no change", __func__); #endif return NULL; } } /* * 2. Travel up the tree (toward less-specific prefixes) from * original_node to find the first node that has at least * one route (even if it is only a withdrawn route) with a * valid UN address. Call this node "Node P." */ for (par = agg_node_parent(original_vpn_node); par; par = agg_node_parent(par)) { for (bpi = par->info; bpi; bpi = bpi->next) { struct prefix pfx; if (!rfapiGetUnAddrOfVpnBi(bpi, &pfx)) { break; } } if (bpi) break; } if (par) { RFAPI_CHECK_REFCOUNT(par, SAFI_MPLS_VPN, 0); } /* * If no less-specific routes, try to use the 0/0 node */ if (!par) { const struct prefix *p; /* this isn't necessarily 0/0 */ par = agg_route_table_top(original_vpn_node); if (par) p = agg_node_get_prefix(par); /* * If we got the top node but it wasn't 0/0, * ignore it */ if (par && p->prefixlen) { agg_unlock_node(par); /* maybe free */ par = NULL; } if (par) { ++parent_already_refcounted; } } /* * Create 0/0 node if it isn't there */ if (!par) { struct prefix pfx_default; const struct prefix *p = agg_node_get_prefix(original_vpn_node); memset(&pfx_default, 0, sizeof(pfx_default)); pfx_default.family = p->family; /* creates default node if none exists */ par = agg_node_get(agg_get_table(original_vpn_node), &pfx_default); ++parent_already_refcounted; } /* * 3. Move each of the monitors found at original_node to Node P. * These are "Moved Monitors." * */ /* * Attach at end so that the list pointer we return points * only to the moved routes */ for (m = RFAPI_MONITOR_VPN(par), mlast = NULL; m; mlast = m, m = m->next) ; if (mlast) { moved = mlast->next = RFAPI_MONITOR_VPN(original_vpn_node); } else { moved = RFAPI_MONITOR_VPN_W_ALLOC(par) = RFAPI_MONITOR_VPN(original_vpn_node); } if (RFAPI_MONITOR_VPN( original_vpn_node)) /* check agg, so not allocated */ RFAPI_MONITOR_VPN_W_ALLOC(original_vpn_node) = NULL; /* * update the node pointers on the monitors */ for (m = moved; m; m = m->next) { ++movecount; m->node = par; } RFAPI_CHECK_REFCOUNT(par, SAFI_MPLS_VPN, parent_already_refcounted - movecount); while (movecount > parent_already_refcounted) { agg_lock_node(par); ++parent_already_refcounted; } while (movecount < parent_already_refcounted) { /* unlikely, but code defensively */ agg_unlock_node(par); --parent_already_refcounted; } RFAPI_CHECK_REFCOUNT(original_vpn_node, SAFI_MPLS_VPN, movecount + lockoffset); while (movecount--) { agg_unlock_node(original_vpn_node); } #ifdef DEBUG_MONITOR_MOVE_SHORTER { vnc_zlog_debug_verbose("%s: moved to node pfx=%pFX", __func__, &par->p); } #endif return moved; } /* * Implement MONITOR_MOVE_LONGER(new_node) from * RFAPI-Import-Event-Handling.txt */ static void rfapiMonitorMoveLonger(struct agg_node *new_vpn_node) { struct rfapi_monitor_vpn *monitor; struct rfapi_monitor_vpn *mlast; struct bgp_path_info *bpi; struct agg_node *par; const struct prefix *new_vpn_node_p = agg_node_get_prefix(new_vpn_node); RFAPI_CHECK_REFCOUNT(new_vpn_node, SAFI_MPLS_VPN, 0); /* * Make sure we have at least one valid route at the new node */ for (bpi = new_vpn_node->info; bpi; bpi = bpi->next) { struct prefix pfx; if (!rfapiGetUnAddrOfVpnBi(bpi, &pfx)) break; } if (!bpi) { vnc_zlog_debug_verbose( "%s: no valid routes at node %p, so not attempting moves", __func__, new_vpn_node); return; } /* * Find first parent node that has monitors */ for (par = agg_node_parent(new_vpn_node); par; par = agg_node_parent(par)) { if (RFAPI_MONITOR_VPN(par)) break; } if (!par) { vnc_zlog_debug_verbose( "%s: no parent nodes with monitors, done", __func__); return; } /* * Check each of these monitors to see of their longest-match * is now the updated node. Move any such monitors to the more- * specific updated node */ for (mlast = NULL, monitor = RFAPI_MONITOR_VPN(par); monitor;) { /* * If new longest match for monitor prefix is the new * route's prefix, move monitor to new route's prefix */ if (prefix_match(new_vpn_node_p, &monitor->p)) { /* detach */ if (mlast) { mlast->next = monitor->next; } else { RFAPI_MONITOR_VPN_W_ALLOC(par) = monitor->next; } /* attach */ monitor->next = RFAPI_MONITOR_VPN(new_vpn_node); RFAPI_MONITOR_VPN_W_ALLOC(new_vpn_node) = monitor; monitor->node = new_vpn_node; agg_lock_node(new_vpn_node); /* incr refcount */ monitor = mlast ? mlast->next : RFAPI_MONITOR_VPN(par); RFAPI_CHECK_REFCOUNT(par, SAFI_MPLS_VPN, 1); /* decr refcount after we're done with par as this might * free it */ agg_unlock_node(par); continue; } mlast = monitor; monitor = monitor->next; } RFAPI_CHECK_REFCOUNT(new_vpn_node, SAFI_MPLS_VPN, 0); } static void rfapiBgpInfoChainFree(struct bgp_path_info *bpi) { struct bgp_path_info *next; while (bpi) { /* * If there is a timer waiting to delete this bpi, cancel * the timer and delete immediately */ if (CHECK_FLAG(bpi->flags, BGP_PATH_REMOVED) && bpi->extra->vnc.import.timer) { struct rfapi_withdraw *wcb = EVENT_ARG(bpi->extra->vnc.import.timer); XFREE(MTYPE_RFAPI_WITHDRAW, wcb); EVENT_OFF(bpi->extra->vnc.import.timer); } next = bpi->next; bpi->next = NULL; rfapiBgpInfoFree(bpi); bpi = next; } } static void rfapiImportTableFlush(struct rfapi_import_table *it) { afi_t afi; /* * Free ecommunity */ ecommunity_free(&it->rt_import_list); it->rt_import_list = NULL; for (afi = AFI_IP; afi < AFI_MAX; ++afi) { struct agg_node *rn; struct agg_table *at; at = it->imported_vpn[afi]; if (at) { for (rn = agg_route_top(at); rn; rn = agg_route_next(rn)) { /* * Each route_node has: * aggregate: points to rfapi_it_extra with * monitor chain(s) * info: points to chain of bgp_path_info */ /* free bgp_path_info and its children */ rfapiBgpInfoChainFree(rn->info); rn->info = NULL; rfapiMonitorExtraFlush(SAFI_MPLS_VPN, rn); } agg_table_finish(at); } if (at) { at = it->imported_encap[afi]; for (rn = agg_route_top(at); rn; rn = agg_route_next(rn)) { /* free bgp_path_info and its children */ rfapiBgpInfoChainFree(rn->info); rn->info = NULL; rfapiMonitorExtraFlush(SAFI_ENCAP, rn); } agg_table_finish(at); } } if (it->monitor_exterior_orphans) { skiplist_free(it->monitor_exterior_orphans); } } void rfapiImportTableRefDelByIt(struct bgp *bgp, struct rfapi_import_table *it_target) { struct rfapi *h; struct rfapi_import_table *it; struct rfapi_import_table *prev = NULL; assert(it_target); h = bgp->rfapi; assert(h); for (it = h->imports; it; prev = it, it = it->next) { if (it == it_target) break; } assert(it); assert(it->refcount); it->refcount -= 1; if (!it->refcount) { if (prev) { prev->next = it->next; } else { h->imports = it->next; } rfapiImportTableFlush(it); XFREE(MTYPE_RFAPI_IMPORTTABLE, it); } } #ifdef RFAPI_REQUIRE_ENCAP_BEEC /* * Look for magic BGP Encapsulation Extended Community value * Format in RFC 5512 Sect. 4.5 */ static int rfapiEcommunitiesMatchBeec(struct ecommunity *ecom, bgp_encap_types type) { int i; if (!ecom) return 0; for (i = 0; i < (ecom->size * ECOMMUNITY_SIZE); i += ECOMMUNITY_SIZE) { uint8_t *ep; ep = ecom->val + i; if (ep[0] == ECOMMUNITY_ENCODE_OPAQUE && ep[1] == ECOMMUNITY_OPAQUE_SUBTYPE_ENCAP && ep[6] == ((type && 0xff00) >> 8) && ep[7] == (type & 0xff)) { return 1; } } return 0; } #endif int rfapiEcommunitiesIntersect(struct ecommunity *e1, struct ecommunity *e2) { uint32_t i, j; if (!e1 || !e2) return 0; { char *s1, *s2; s1 = ecommunity_ecom2str(e1, ECOMMUNITY_FORMAT_DISPLAY, 0); s2 = ecommunity_ecom2str(e2, ECOMMUNITY_FORMAT_DISPLAY, 0); vnc_zlog_debug_verbose("%s: e1[%s], e2[%s]", __func__, s1, s2); XFREE(MTYPE_ECOMMUNITY_STR, s1); XFREE(MTYPE_ECOMMUNITY_STR, s2); } for (i = 0; i < e1->size; ++i) { for (j = 0; j < e2->size; ++j) { if (!memcmp(e1->val + (i * ECOMMUNITY_SIZE), e2->val + (j * ECOMMUNITY_SIZE), ECOMMUNITY_SIZE)) { return 1; } } } return 0; } int rfapiEcommunityGetLNI(struct ecommunity *ecom, uint32_t *lni) { if (ecom) { uint32_t i; for (i = 0; i < ecom->size; ++i) { uint8_t *p = ecom->val + (i * ECOMMUNITY_SIZE); if ((*(p + 0) == 0x00) && (*(p + 1) == 0x02)) { *lni = (*(p + 5) << 16) | (*(p + 6) << 8) | (*(p + 7)); return 0; } } } return ENOENT; } int rfapiEcommunityGetEthernetTag(struct ecommunity *ecom, uint16_t *tag_id) { struct bgp *bgp = bgp_get_default(); *tag_id = 0; /* default to untagged */ if (ecom) { uint32_t i; for (i = 0; i < ecom->size; ++i) { as_t as = 0; int encode = 0; const uint8_t *p = ecom->val + (i * ECOMMUNITY_SIZE); /* High-order octet of type. */ encode = *p++; if (*p++ == ECOMMUNITY_ROUTE_TARGET) { if (encode == ECOMMUNITY_ENCODE_AS4) { p = ptr_get_be32(p, &as); } else if (encode == ECOMMUNITY_ENCODE_AS) { as = (*p++ << 8); as |= (*p++); p += 2; /* skip next two, tag/vid always in lowest bytes */ } if (as == bgp->as) { *tag_id = *p++ << 8; *tag_id |= (*p++); return 0; } } } } return ENOENT; } static int rfapiVpnBiNhEqualsPt(struct bgp_path_info *bpi, struct rfapi_ip_addr *hpt) { uint8_t family; if (!hpt || !bpi) return 0; family = BGP_MP_NEXTHOP_FAMILY(bpi->attr->mp_nexthop_len); if (hpt->addr_family != family) return 0; switch (family) { case AF_INET: if (bpi->attr->mp_nexthop_global_in.s_addr != hpt->addr.v4.s_addr) return 0; break; case AF_INET6: if (IPV6_ADDR_CMP(&bpi->attr->mp_nexthop_global, &hpt->addr.v6)) return 0; break; default: return 0; } return 1; } /* * Compare 2 VPN BIs. Return true if they have the same VN and UN addresses */ static int rfapiVpnBiSamePtUn(struct bgp_path_info *bpi1, struct bgp_path_info *bpi2) { struct prefix pfx_un1; struct prefix pfx_un2; if (!bpi1 || !bpi2) return 0; /* * VN address comparisons */ if (BGP_MP_NEXTHOP_FAMILY(bpi1->attr->mp_nexthop_len) != BGP_MP_NEXTHOP_FAMILY(bpi2->attr->mp_nexthop_len)) { return 0; } switch (BGP_MP_NEXTHOP_FAMILY(bpi1->attr->mp_nexthop_len)) { case AF_INET: if (bpi1->attr->mp_nexthop_global_in.s_addr != bpi2->attr->mp_nexthop_global_in.s_addr) return 0; break; case AF_INET6: if (IPV6_ADDR_CMP(&bpi1->attr->mp_nexthop_global, &bpi2->attr->mp_nexthop_global)) return 0; break; default: return 0; } memset(&pfx_un1, 0, sizeof(pfx_un1)); memset(&pfx_un2, 0, sizeof(pfx_un2)); /* * UN address comparisons */ if (rfapiGetVncTunnelUnAddr(bpi1->attr, &pfx_un1)) { if (bpi1->extra) { pfx_un1.family = bpi1->extra->vnc.import.un_family; switch (bpi1->extra->vnc.import.un_family) { case AF_INET: pfx_un1.u.prefix4 = bpi1->extra->vnc.import.un.addr4; break; case AF_INET6: pfx_un1.u.prefix6 = bpi1->extra->vnc.import.un.addr6; break; default: pfx_un1.family = AF_UNSPEC; break; } } } if (rfapiGetVncTunnelUnAddr(bpi2->attr, &pfx_un2)) { if (bpi2->extra) { pfx_un2.family = bpi2->extra->vnc.import.un_family; switch (bpi2->extra->vnc.import.un_family) { case AF_INET: pfx_un2.u.prefix4 = bpi2->extra->vnc.import.un.addr4; break; case AF_INET6: pfx_un2.u.prefix6 = bpi2->extra->vnc.import.un.addr6; break; default: pfx_un2.family = AF_UNSPEC; break; } } } if (pfx_un1.family == AF_UNSPEC || pfx_un2.family == AF_UNSPEC) return 0; if (pfx_un1.family != pfx_un2.family) return 0; switch (pfx_un1.family) { case AF_INET: if (!IPV4_ADDR_SAME(&pfx_un1.u.prefix4, &pfx_un2.u.prefix4)) return 0; break; case AF_INET6: if (!IPV6_ADDR_SAME(&pfx_un1.u.prefix6, &pfx_un2.u.prefix6)) return 0; break; } return 1; } uint8_t rfapiRfpCost(struct attr *attr) { if (attr->flag & ATTR_FLAG_BIT(BGP_ATTR_LOCAL_PREF)) { if (attr->local_pref > 255) { return 0; } return 255 - attr->local_pref; } return 255; } /*------------------------------------------ * rfapi_extract_l2o * * Find Layer 2 options in an option chain * * input: * pHop option chain * * output: * l2o layer 2 options extracted * * return value: * 0 OK * 1 no options found * --------------------------------------------*/ int rfapi_extract_l2o( struct bgp_tea_options *pHop, /* chain of options */ struct rfapi_l2address_option *l2o) /* return extracted value */ { struct bgp_tea_options *p; for (p = pHop; p; p = p->next) { if ((p->type == RFAPI_VN_OPTION_TYPE_L2ADDR) && (p->length >= 8)) { char *v = p->value; memcpy(&l2o->macaddr, v, 6); l2o->label = ((v[6] << 12) & 0xff000) + ((v[7] << 4) & 0xff0) + ((v[8] >> 4) & 0xf); l2o->local_nve_id = (uint8_t)v[10]; l2o->logical_net_id = (v[11] << 16) + (v[12] << 8) + (v[13] << 0); return 0; } } return 1; } static struct rfapi_next_hop_entry * rfapiRouteInfo2NextHopEntry(struct rfapi_ip_prefix *rprefix, struct bgp_path_info *bpi, /* route to encode */ uint32_t lifetime, /* use this in nhe */ struct agg_node *rn) /* req for L2 eth addr */ { struct rfapi_next_hop_entry *new; int have_vnc_tunnel_un = 0; const struct prefix *p = agg_node_get_prefix(rn); #ifdef DEBUG_ENCAP_MONITOR vnc_zlog_debug_verbose("%s: entry, bpi %p, rn %p", __func__, bpi, rn); #endif new = XCALLOC(MTYPE_RFAPI_NEXTHOP, sizeof(struct rfapi_next_hop_entry)); new->prefix = *rprefix; if (bpi->extra && decode_rd_type(bpi->extra->vnc.import.rd.val) == RD_TYPE_VNC_ETH) { /* ethernet */ struct rfapi_vn_option *vo; vo = XCALLOC(MTYPE_RFAPI_VN_OPTION, sizeof(struct rfapi_vn_option)); vo->type = RFAPI_VN_OPTION_TYPE_L2ADDR; memcpy(&vo->v.l2addr.macaddr, &p->u.prefix_eth.octet, ETH_ALEN); /* only low 3 bytes of this are significant */ (void)rfapiEcommunityGetLNI(bgp_attr_get_ecommunity(bpi->attr), &vo->v.l2addr.logical_net_id); (void)rfapiEcommunityGetEthernetTag( bgp_attr_get_ecommunity(bpi->attr), &vo->v.l2addr.tag_id); /* local_nve_id comes from lower byte of RD type */ vo->v.l2addr.local_nve_id = bpi->extra->vnc.import.rd.val[1]; /* label comes from MP_REACH_NLRI label */ vo->v.l2addr.label = decode_label(&bpi->extra->label[0]); new->vn_options = vo; /* * If there is an auxiliary prefix (i.e., host IP address), * use it as the nexthop prefix instead of the query prefix */ if (bpi->extra->vnc.import.aux_prefix.family) { rfapiQprefix2Rprefix(&bpi->extra->vnc.import.aux_prefix, &new->prefix); } } bgp_encap_types tun_type = BGP_ENCAP_TYPE_MPLS; /*Default*/ new->prefix.cost = rfapiRfpCost(bpi->attr); struct bgp_attr_encap_subtlv *pEncap; switch (BGP_MP_NEXTHOP_FAMILY(bpi->attr->mp_nexthop_len)) { case AF_INET: new->vn_address.addr_family = AF_INET; new->vn_address.addr.v4 = bpi->attr->mp_nexthop_global_in; break; case AF_INET6: new->vn_address.addr_family = AF_INET6; new->vn_address.addr.v6 = bpi->attr->mp_nexthop_global; break; default: zlog_warn("%s: invalid vpn nexthop length: %d", __func__, bpi->attr->mp_nexthop_len); rfapi_free_next_hop_list(new); return NULL; } for (pEncap = bgp_attr_get_vnc_subtlvs(bpi->attr); pEncap; pEncap = pEncap->next) { switch (pEncap->type) { case BGP_VNC_SUBTLV_TYPE_LIFETIME: /* use configured lifetime, not attr lifetime */ break; default: zlog_warn("%s: unknown VNC option type %d", __func__, pEncap->type); break; } } bgp_attr_extcom_tunnel_type(bpi->attr, &tun_type); if (tun_type == BGP_ENCAP_TYPE_MPLS) { struct prefix p; /* MPLS carries UN address in next hop */ rfapiNexthop2Prefix(bpi->attr, &p); if (p.family != AF_UNSPEC) { rfapiQprefix2Raddr(&p, &new->un_address); have_vnc_tunnel_un = 1; } } for (pEncap = bpi->attr->encap_subtlvs; pEncap; pEncap = pEncap->next) { switch (pEncap->type) { case BGP_ENCAP_SUBTLV_TYPE_REMOTE_ENDPOINT: /* * Overrides ENCAP UN address, if any */ switch (pEncap->length) { case 8: new->un_address.addr_family = AF_INET; memcpy(&new->un_address.addr.v4, pEncap->value, 4); have_vnc_tunnel_un = 1; break; case 20: new->un_address.addr_family = AF_INET6; memcpy(&new->un_address.addr.v6, pEncap->value, 16); have_vnc_tunnel_un = 1; break; default: zlog_warn( "%s: invalid tunnel subtlv UN addr length (%d) for bpi %p", __func__, pEncap->length, bpi); } break; default: zlog_warn("%s: unknown Encap Attribute option type %d", __func__, pEncap->type); break; } } new->un_options = rfapi_encap_tlv_to_un_option(bpi->attr); #ifdef DEBUG_ENCAP_MONITOR vnc_zlog_debug_verbose("%s: line %d: have_vnc_tunnel_un=%d", __func__, __LINE__, have_vnc_tunnel_un); #endif if (!have_vnc_tunnel_un && bpi->extra) { /* * use cached UN address from ENCAP route */ new->un_address.addr_family = bpi->extra->vnc.import.un_family; switch (new->un_address.addr_family) { case AF_INET: new->un_address.addr.v4 = bpi->extra->vnc.import.un.addr4; break; case AF_INET6: new->un_address.addr.v6 = bpi->extra->vnc.import.un.addr6; break; default: zlog_warn("%s: invalid UN addr family (%d) for bpi %p", __func__, new->un_address.addr_family, bpi); rfapi_free_next_hop_list(new); return NULL; } } new->lifetime = lifetime; return new; } int rfapiHasNonRemovedRoutes(struct agg_node *rn) { struct bgp_path_info *bpi; for (bpi = rn->info; bpi; bpi = bpi->next) { struct prefix pfx; if (!CHECK_FLAG(bpi->flags, BGP_PATH_REMOVED) && (bpi->extra && !rfapiGetUnAddrOfVpnBi(bpi, &pfx))) { return 1; } } return 0; } #ifdef DEBUG_IT_NODES /* * DEBUG FUNCTION */ void rfapiDumpNode(struct agg_node *rn) { struct bgp_path_info *bpi; vnc_zlog_debug_verbose("%s: rn=%p", __func__, rn); for (bpi = rn->info; bpi; bpi = bpi->next) { struct prefix pfx; int ctrc = rfapiGetUnAddrOfVpnBi(bpi, &pfx); int nr; if (!CHECK_FLAG(bpi->flags, BGP_PATH_REMOVED) && (bpi->extra && !ctrc)) { nr = 1; } else { nr = 0; } vnc_zlog_debug_verbose( " bpi=%p, nr=%d, flags=0x%x, extra=%p, ctrc=%d", bpi, nr, bpi->flags, bpi->extra, ctrc); } } #endif static int rfapiNhlAddNodeRoutes( struct agg_node *rn, /* in */ struct rfapi_ip_prefix *rprefix, /* in */ uint32_t lifetime, /* in */ int removed, /* in */ struct rfapi_next_hop_entry **head, /* in/out */ struct rfapi_next_hop_entry **tail, /* in/out */ struct rfapi_ip_addr *exclude_vnaddr, /* omit routes to same NVE */ struct agg_node *rfd_rib_node, /* preload this NVE rib node */ struct prefix *pfx_target_original) /* query target */ { struct bgp_path_info *bpi; struct rfapi_next_hop_entry *new; struct prefix pfx_un; struct skiplist *seen_nexthops; int count = 0; const struct prefix *p = agg_node_get_prefix(rn); int is_l2 = (p->family == AF_ETHERNET); if (rfd_rib_node) { struct agg_table *atable = agg_get_table(rfd_rib_node); struct rfapi_descriptor *rfd; if (atable) { rfd = agg_get_table_info(atable); if (rfapiRibFTDFilterRecentPrefix(rfd, rn, pfx_target_original)) return 0; } } seen_nexthops = skiplist_new(0, vnc_prefix_cmp, prefix_free_lists); for (bpi = rn->info; bpi; bpi = bpi->next) { struct prefix pfx_vn; struct prefix *newpfx; if (removed && !CHECK_FLAG(bpi->flags, BGP_PATH_REMOVED)) { #ifdef DEBUG_RETURNED_NHL vnc_zlog_debug_verbose( "%s: want holddown, this route not holddown, skip", __func__); #endif continue; } if (!removed && CHECK_FLAG(bpi->flags, BGP_PATH_REMOVED)) { continue; } if (!bpi->extra) { continue; } /* * Check for excluded VN address */ if (rfapiVpnBiNhEqualsPt(bpi, exclude_vnaddr)) continue; /* * Check for VN address (nexthop) copied already */ if (is_l2) { /* L2 routes: semantic nexthop in aux_prefix; VN addr * ain't it */ pfx_vn = bpi->extra->vnc.import.aux_prefix; } else { rfapiNexthop2Prefix(bpi->attr, &pfx_vn); } if (!skiplist_search(seen_nexthops, &pfx_vn, NULL)) { #ifdef DEBUG_RETURNED_NHL vnc_zlog_debug_verbose( "%s: already put VN/nexthop %pFX, skip", __func__, &pfx_vn); #endif continue; } if (rfapiGetUnAddrOfVpnBi(bpi, &pfx_un)) { #ifdef DEBUG_ENCAP_MONITOR vnc_zlog_debug_verbose( "%s: failed to get UN address of this VPN bpi", __func__); #endif continue; } newpfx = prefix_new(); *newpfx = pfx_vn; skiplist_insert(seen_nexthops, newpfx, newpfx); new = rfapiRouteInfo2NextHopEntry(rprefix, bpi, lifetime, rn); if (new) { if (rfapiRibPreloadBi(rfd_rib_node, &pfx_vn, &pfx_un, lifetime, bpi)) { /* duplicate filtered by RIB */ rfapi_free_next_hop_list(new); new = NULL; } } if (new) { if (*tail) { (*tail)->next = new; } else { *head = new; } *tail = new; ++count; } } skiplist_free(seen_nexthops); return count; } /* * Breadth-first * * omit_node is meant for the situation where we are adding a subtree * of a parent of some original requested node. The response already * contains the original requested node, and we don't want to duplicate * its routes in the list, so we skip it if the right or left node * matches (of course, we still travel down its child subtrees). */ static int rfapiNhlAddSubtree( struct agg_node *rn, /* in */ uint32_t lifetime, /* in */ struct rfapi_next_hop_entry **head, /* in/out */ struct rfapi_next_hop_entry **tail, /* in/out */ struct agg_node *omit_node, /* in */ struct rfapi_ip_addr *exclude_vnaddr, /* omit routes to same NVE */ struct agg_table *rfd_rib_table, /* preload here */ struct prefix *pfx_target_original) /* query target */ { struct rfapi_ip_prefix rprefix; int rcount = 0; /* FIXME: need to find a better way here to work without sticking our * hands in node->link */ if (agg_node_left(rn) && agg_node_left(rn) != omit_node) { if (agg_node_left(rn)->info) { const struct prefix *p = agg_node_get_prefix(agg_node_left(rn)); int count = 0; struct agg_node *rib_rn = NULL; rfapiQprefix2Rprefix(p, &rprefix); if (rfd_rib_table) rib_rn = agg_node_get(rfd_rib_table, p); count = rfapiNhlAddNodeRoutes( agg_node_left(rn), &rprefix, lifetime, 0, head, tail, exclude_vnaddr, rib_rn, pfx_target_original); if (!count) { count = rfapiNhlAddNodeRoutes( agg_node_left(rn), &rprefix, lifetime, 1, head, tail, exclude_vnaddr, rib_rn, pfx_target_original); } rcount += count; if (rib_rn) agg_unlock_node(rib_rn); } } if (agg_node_right(rn) && agg_node_right(rn) != omit_node) { if (agg_node_right(rn)->info) { const struct prefix *p = agg_node_get_prefix(agg_node_right(rn)); int count = 0; struct agg_node *rib_rn = NULL; rfapiQprefix2Rprefix(p, &rprefix); if (rfd_rib_table) rib_rn = agg_node_get(rfd_rib_table, p); count = rfapiNhlAddNodeRoutes( agg_node_right(rn), &rprefix, lifetime, 0, head, tail, exclude_vnaddr, rib_rn, pfx_target_original); if (!count) { count = rfapiNhlAddNodeRoutes( agg_node_right(rn), &rprefix, lifetime, 1, head, tail, exclude_vnaddr, rib_rn, pfx_target_original); } rcount += count; if (rib_rn) agg_unlock_node(rib_rn); } } if (agg_node_left(rn)) { rcount += rfapiNhlAddSubtree( agg_node_left(rn), lifetime, head, tail, omit_node, exclude_vnaddr, rfd_rib_table, pfx_target_original); } if (agg_node_right(rn)) { rcount += rfapiNhlAddSubtree( agg_node_right(rn), lifetime, head, tail, omit_node, exclude_vnaddr, rfd_rib_table, pfx_target_original); } return rcount; } /* * Implementation of ROUTE_LIST(node) from RFAPI-Import-Event-Handling.txt * * Construct an rfapi nexthop list based on the routes attached to * the specified node. * * If there are any routes that do NOT have BGP_PATH_REMOVED set, * return those only. If there are ONLY routes with BGP_PATH_REMOVED, * then return those, and also include all the non-removed routes from the * next less-specific node (i.e., this node's parent) at the end. */ struct rfapi_next_hop_entry *rfapiRouteNode2NextHopList( struct agg_node *rn, uint32_t lifetime, /* put into nexthop entries */ struct rfapi_ip_addr *exclude_vnaddr, /* omit routes to same NVE */ struct agg_table *rfd_rib_table, /* preload here */ struct prefix *pfx_target_original) /* query target */ { struct rfapi_ip_prefix rprefix; struct rfapi_next_hop_entry *answer = NULL; struct rfapi_next_hop_entry *last = NULL; struct agg_node *parent; const struct prefix *p = agg_node_get_prefix(rn); int count = 0; struct agg_node *rib_rn; #ifdef DEBUG_RETURNED_NHL vnc_zlog_debug_verbose("%s: called with node pfx=%rRN", __func__, rn); rfapiDebugBacktrace(); #endif rfapiQprefix2Rprefix(p, &rprefix); rib_rn = rfd_rib_table ? agg_node_get(rfd_rib_table, p) : NULL; /* * Add non-withdrawn routes at this node */ count = rfapiNhlAddNodeRoutes(rn, &rprefix, lifetime, 0, &answer, &last, exclude_vnaddr, rib_rn, pfx_target_original); /* * If the list has at least one entry, it's finished */ if (count) { count += rfapiNhlAddSubtree(rn, lifetime, &answer, &last, NULL, exclude_vnaddr, rfd_rib_table, pfx_target_original); vnc_zlog_debug_verbose("%s: %d nexthops, answer=%p", __func__, count, answer); #ifdef DEBUG_RETURNED_NHL rfapiPrintNhl(NULL, answer); #endif if (rib_rn) agg_unlock_node(rib_rn); return answer; } /* * Add withdrawn routes at this node */ count = rfapiNhlAddNodeRoutes(rn, &rprefix, lifetime, 1, &answer, &last, exclude_vnaddr, rib_rn, pfx_target_original); if (rib_rn) agg_unlock_node(rib_rn); // rfapiPrintNhl(NULL, answer); /* * walk up the tree until we find a node with non-deleted * routes, then add them */ for (parent = agg_node_parent(rn); parent; parent = agg_node_parent(parent)) { if (rfapiHasNonRemovedRoutes(parent)) { break; } } /* * Add non-withdrawn routes from less-specific prefix */ if (parent) { const struct prefix *p = agg_node_get_prefix(parent); rib_rn = rfd_rib_table ? agg_node_get(rfd_rib_table, p) : NULL; rfapiQprefix2Rprefix(p, &rprefix); count += rfapiNhlAddNodeRoutes(parent, &rprefix, lifetime, 0, &answer, &last, exclude_vnaddr, rib_rn, pfx_target_original); count += rfapiNhlAddSubtree(parent, lifetime, &answer, &last, rn, exclude_vnaddr, rfd_rib_table, pfx_target_original); if (rib_rn) agg_unlock_node(rib_rn); } else { /* * There is no parent with non-removed routes. Still need to * add subtree of original node if it contributed routes to the * answer. */ if (count) count += rfapiNhlAddSubtree(rn, lifetime, &answer, &last, rn, exclude_vnaddr, rfd_rib_table, pfx_target_original); } vnc_zlog_debug_verbose("%s: %d nexthops, answer=%p", __func__, count, answer); #ifdef DEBUG_RETURNED_NHL rfapiPrintNhl(NULL, answer); #endif return answer; } /* * Construct nexthop list of all routes in table */ struct rfapi_next_hop_entry *rfapiRouteTable2NextHopList( struct agg_table *rt, uint32_t lifetime, /* put into nexthop entries */ struct rfapi_ip_addr *exclude_vnaddr, /* omit routes to same NVE */ struct agg_table *rfd_rib_table, /* preload this NVE rib table */ struct prefix *pfx_target_original) /* query target */ { struct agg_node *rn; struct rfapi_next_hop_entry *biglist = NULL; struct rfapi_next_hop_entry *nhl; struct rfapi_next_hop_entry *tail = NULL; int count = 0; for (rn = agg_route_top(rt); rn; rn = agg_route_next(rn)) { nhl = rfapiRouteNode2NextHopList(rn, lifetime, exclude_vnaddr, rfd_rib_table, pfx_target_original); if (!tail) { tail = biglist = nhl; if (tail) count = 1; } else { tail->next = nhl; } if (tail) { while (tail->next) { ++count; tail = tail->next; } } } vnc_zlog_debug_verbose("%s: returning %d routes", __func__, count); return biglist; } struct rfapi_next_hop_entry *rfapiEthRouteNode2NextHopList( struct agg_node *rn, struct rfapi_ip_prefix *rprefix, uint32_t lifetime, /* put into nexthop entries */ struct rfapi_ip_addr *exclude_vnaddr, /* omit routes to same NVE */ struct agg_table *rfd_rib_table, /* preload NVE rib table */ struct prefix *pfx_target_original) /* query target */ { int count = 0; struct rfapi_next_hop_entry *answer = NULL; struct rfapi_next_hop_entry *last = NULL; struct agg_node *rib_rn; rib_rn = rfd_rib_table ? agg_node_get(rfd_rib_table, agg_node_get_prefix(rn)) : NULL; count = rfapiNhlAddNodeRoutes(rn, rprefix, lifetime, 0, &answer, &last, NULL, rib_rn, pfx_target_original); #ifdef DEBUG_ENCAP_MONITOR vnc_zlog_debug_verbose("%s: node %p: %d non-holddown routes", __func__, rn, count); #endif if (!count) { count = rfapiNhlAddNodeRoutes(rn, rprefix, lifetime, 1, &answer, &last, exclude_vnaddr, rib_rn, pfx_target_original); vnc_zlog_debug_verbose("%s: node %p: %d holddown routes", __func__, rn, count); } if (rib_rn) agg_unlock_node(rib_rn); #ifdef DEBUG_RETURNED_NHL rfapiPrintNhl(NULL, answer); #endif return answer; } /* * Construct nexthop list of all routes in table */ struct rfapi_next_hop_entry *rfapiEthRouteTable2NextHopList( uint32_t logical_net_id, struct rfapi_ip_prefix *rprefix, uint32_t lifetime, /* put into nexthop entries */ struct rfapi_ip_addr *exclude_vnaddr, /* omit routes to same NVE */ struct agg_table *rfd_rib_table, /* preload NVE rib node */ struct prefix *pfx_target_original) /* query target */ { struct rfapi_import_table *it; struct bgp *bgp = bgp_get_default(); struct agg_table *rt; struct agg_node *rn; struct rfapi_next_hop_entry *biglist = NULL; struct rfapi_next_hop_entry *nhl; struct rfapi_next_hop_entry *tail = NULL; int count = 0; it = rfapiMacImportTableGet(bgp, logical_net_id); rt = it->imported_vpn[AFI_L2VPN]; for (rn = agg_route_top(rt); rn; rn = agg_route_next(rn)) { nhl = rfapiEthRouteNode2NextHopList( rn, rprefix, lifetime, exclude_vnaddr, rfd_rib_table, pfx_target_original); if (!tail) { tail = biglist = nhl; if (tail) count = 1; } else { tail->next = nhl; } if (tail) { while (tail->next) { ++count; tail = tail->next; } } } vnc_zlog_debug_verbose("%s: returning %d routes", __func__, count); return biglist; } /* * Insert a new bpi to the imported route table node, * keeping the list of BPIs sorted best route first */ static void rfapiBgpInfoAttachSorted(struct agg_node *rn, struct bgp_path_info *info_new, afi_t afi, safi_t safi) { struct bgp *bgp; struct bgp_path_info *prev; struct bgp_path_info *next; char pfx_buf[PREFIX2STR_BUFFER]; bgp = bgp_get_default(); /* assume 1 instance for now */ if (VNC_DEBUG(IMPORT_BI_ATTACH)) { vnc_zlog_debug_verbose("%s: info_new->peer=%p", __func__, info_new->peer); vnc_zlog_debug_verbose("%s: info_new->peer->su_remote=%p", __func__, info_new->peer->su_remote); } for (prev = NULL, next = rn->info; next; prev = next, next = next->next) { enum bgp_path_selection_reason reason; if (!bgp || (!CHECK_FLAG(info_new->flags, BGP_PATH_REMOVED) && CHECK_FLAG(next->flags, BGP_PATH_REMOVED)) || bgp_path_info_cmp_compatible(bgp, info_new, next, pfx_buf, afi, safi, &reason) == -1) { /* -1 if 1st is better */ break; } } vnc_zlog_debug_verbose("%s: prev=%p, next=%p", __func__, prev, next); if (prev) { prev->next = info_new; } else { rn->info = info_new; } info_new->prev = prev; info_new->next = next; if (next) next->prev = info_new; bgp_attr_intern(info_new->attr); } static void rfapiBgpInfoDetach(struct agg_node *rn, struct bgp_path_info *bpi) { /* * Remove the route (doubly-linked) */ // bgp_attr_unintern (&bpi->attr); if (bpi->next) bpi->next->prev = bpi->prev; if (bpi->prev) bpi->prev->next = bpi->next; else rn->info = bpi->next; } /* * For L3-indexed import tables */ static int rfapi_bi_peer_rd_cmp(const void *b1, const void *b2) { const struct bgp_path_info *bpi1 = b1; const struct bgp_path_info *bpi2 = b2; /* * Compare peers */ if (bpi1->peer < bpi2->peer) return -1; if (bpi1->peer > bpi2->peer) return 1; /* * compare RDs */ return vnc_prefix_cmp( (const struct prefix *)&bpi1->extra->vnc.import.rd, (const struct prefix *)&bpi2->extra->vnc.import.rd); } /* * For L2-indexed import tables * The BPIs in these tables should ALWAYS have an aux_prefix set because * they arrive via IPv4 or IPv6 advertisements. */ static int rfapi_bi_peer_rd_aux_cmp(const void *b1, const void *b2) { const struct bgp_path_info *bpi1 = b1; const struct bgp_path_info *bpi2 = b2; int rc; /* * Compare peers */ if (bpi1->peer < bpi2->peer) return -1; if (bpi1->peer > bpi2->peer) return 1; /* * compare RDs */ rc = vnc_prefix_cmp((struct prefix *)&bpi1->extra->vnc.import.rd, (struct prefix *)&bpi2->extra->vnc.import.rd); if (rc) { return rc; } /* * L2 import tables can have multiple entries with the * same MAC address, same RD, but different L3 addresses. * * Use presence of aux_prefix with AF=ethernet and prefixlen=1 * as magic value to signify explicit wildcarding of the aux_prefix. * This magic value will not appear in bona fide bpi entries in * the import table, but is allowed in the "fake" bpi used to * probe the table when searching. (We have to test both b1 and b2 * because there is no guarantee of the order the test key and * the real key will be passed) */ if ((bpi1->extra->vnc.import.aux_prefix.family == AF_ETHERNET && (bpi1->extra->vnc.import.aux_prefix.prefixlen == 1)) || (bpi2->extra->vnc.import.aux_prefix.family == AF_ETHERNET && (bpi2->extra->vnc.import.aux_prefix.prefixlen == 1))) { /* * wildcard aux address specified */ return 0; } return vnc_prefix_cmp(&bpi1->extra->vnc.import.aux_prefix, &bpi2->extra->vnc.import.aux_prefix); } /* * Index on RD and Peer */ static void rfapiItBiIndexAdd(struct agg_node *rn, /* Import table VPN node */ struct bgp_path_info *bpi) /* new BPI */ { struct skiplist *sl; const struct prefix *p; assert(rn); assert(bpi); assert(bpi->extra); vnc_zlog_debug_verbose("%s: bpi %p, peer %p, rd %pRDP", __func__, bpi, bpi->peer, &bpi->extra->vnc.import.rd); sl = RFAPI_RDINDEX_W_ALLOC(rn); if (!sl) { p = agg_node_get_prefix(rn); if (AF_ETHERNET == p->family) { sl = skiplist_new(0, rfapi_bi_peer_rd_aux_cmp, NULL); } else { sl = skiplist_new(0, rfapi_bi_peer_rd_cmp, NULL); } RFAPI_IT_EXTRA_GET(rn)->u.vpn.idx_rd = sl; agg_lock_node(rn); /* for skiplist */ } assert(!skiplist_insert(sl, (void *)bpi, (void *)bpi)); agg_lock_node(rn); /* for skiplist entry */ /* NB: BPIs in import tables are not refcounted */ } static void rfapiItBiIndexDump(struct agg_node *rn) { struct skiplist *sl; void *cursor = NULL; struct bgp_path_info *k; struct bgp_path_info *v; int rc; sl = RFAPI_RDINDEX(rn); if (!sl) return; for (rc = skiplist_next(sl, (void **)&k, (void **)&v, &cursor); !rc; rc = skiplist_next(sl, (void **)&k, (void **)&v, &cursor)) { char buf[RD_ADDRSTRLEN]; char buf_aux_pfx[PREFIX_STRLEN]; prefix_rd2str( &k->extra->vnc.import.rd, buf, sizeof(buf), bgp_get_asnotation(k->peer ? k->peer->bgp : NULL)); if (k->extra->vnc.import.aux_prefix.family) { prefix2str(&k->extra->vnc.import.aux_prefix, buf_aux_pfx, sizeof(buf_aux_pfx)); } else strlcpy(buf_aux_pfx, "(none)", sizeof(buf_aux_pfx)); vnc_zlog_debug_verbose("bpi %p, peer %p, rd %s, aux_prefix %s", k, k->peer, buf, buf_aux_pfx); } } static struct bgp_path_info *rfapiItBiIndexSearch( struct agg_node *rn, /* Import table VPN node */ struct prefix_rd *prd, struct peer *peer, const struct prefix *aux_prefix) /* optional L3 addr for L2 ITs */ { struct skiplist *sl; int rc; struct bgp_path_info bpi_fake = {0}; struct bgp_path_info_extra bpi_extra = {0}; struct bgp_path_info *bpi_result; sl = RFAPI_RDINDEX(rn); if (!sl) return NULL; #ifdef DEBUG_BI_SEARCH { char buf_aux_pfx[PREFIX_STRLEN]; if (aux_prefix) { prefix2str(aux_prefix, buf_aux_pfx, sizeof(buf_aux_pfx)); } else strlcpy(buf_aux_pfx, "(nil)", sizeof(buf_aux_pfx)); vnc_zlog_debug_verbose( "%s want prd=%pRDP, peer=%p, aux_prefix=%s", __func__, prd, peer, buf_aux_pfx); rfapiItBiIndexDump(rn); } #endif /* threshold is a WAG */ if (sl->count < 3) { #ifdef DEBUG_BI_SEARCH vnc_zlog_debug_verbose("%s: short list algorithm", __func__); #endif /* if short list, linear search might be faster */ for (bpi_result = rn->info; bpi_result; bpi_result = bpi_result->next) { #ifdef DEBUG_BI_SEARCH vnc_zlog_debug_verbose( "%s: bpi has prd=%pRDP, peer=%p", __func__, &bpi_result->extra->vnc.import.rd, bpi_result->peer); #endif if (peer == bpi_result->peer && !prefix_cmp((struct prefix *)&bpi_result->extra ->vnc.import.rd, (struct prefix *)prd)) { #ifdef DEBUG_BI_SEARCH vnc_zlog_debug_verbose( "%s: peer and RD same, doing aux_prefix check", __func__); #endif if (!aux_prefix || !prefix_cmp( aux_prefix, &bpi_result->extra->vnc.import .aux_prefix)) { #ifdef DEBUG_BI_SEARCH vnc_zlog_debug_verbose("%s: match", __func__); #endif break; } } } return bpi_result; } bpi_fake.peer = peer; bpi_fake.extra = &bpi_extra; bpi_fake.extra->vnc.import.rd = *prd; if (aux_prefix) { bpi_fake.extra->vnc.import.aux_prefix = *aux_prefix; } else { /* wildcard */ bpi_fake.extra->vnc.import.aux_prefix.family = AF_ETHERNET; bpi_fake.extra->vnc.import.aux_prefix.prefixlen = 1; } rc = skiplist_search(sl, (void *)&bpi_fake, (void *)&bpi_result); if (rc) { #ifdef DEBUG_BI_SEARCH vnc_zlog_debug_verbose("%s: no match", __func__); #endif return NULL; } #ifdef DEBUG_BI_SEARCH vnc_zlog_debug_verbose("%s: matched bpi=%p", __func__, bpi_result); #endif return bpi_result; } static void rfapiItBiIndexDel(struct agg_node *rn, /* Import table VPN node */ struct bgp_path_info *bpi) /* old BPI */ { struct skiplist *sl; int rc; vnc_zlog_debug_verbose("%s: bpi %p, peer %p, rd %pRDP", __func__, bpi, bpi->peer, &bpi->extra->vnc.import.rd); sl = RFAPI_RDINDEX(rn); assert(sl); rc = skiplist_delete(sl, (void *)(bpi), (void *)bpi); if (rc) { rfapiItBiIndexDump(rn); } assert(!rc); agg_unlock_node(rn); /* for skiplist entry */ /* NB: BPIs in import tables are not refcounted */ } /* * Add a backreference at the ENCAP node to the VPN route that * refers to it */ static void rfapiMonitorEncapAdd(struct rfapi_import_table *import_table, struct prefix *p, /* VN address */ struct agg_node *vpn_rn, /* VPN node */ struct bgp_path_info *vpn_bpi) /* VPN bpi/route */ { afi_t afi = family2afi(p->family); struct agg_node *rn; struct rfapi_monitor_encap *m; assert(afi); rn = agg_node_get(import_table->imported_encap[afi], p); /* locks rn */ assert(rn); m = XCALLOC(MTYPE_RFAPI_MONITOR_ENCAP, sizeof(struct rfapi_monitor_encap)); m->node = vpn_rn; m->bpi = vpn_bpi; m->rn = rn; /* insert to encap node's list */ m->next = RFAPI_MONITOR_ENCAP(rn); if (m->next) m->next->prev = m; RFAPI_MONITOR_ENCAP_W_ALLOC(rn) = m; /* for easy lookup when deleting vpn route */ vpn_bpi->extra->vnc.import.hme = m; vnc_zlog_debug_verbose( "%s: it=%p, vpn_bpi=%p, afi=%d, encap rn=%p, setting vpn_bpi->extra->vnc.import.hme=%p", __func__, import_table, vpn_bpi, afi, rn, m); RFAPI_CHECK_REFCOUNT(rn, SAFI_ENCAP, 0); bgp_attr_intern(vpn_bpi->attr); } static void rfapiMonitorEncapDelete(struct bgp_path_info *vpn_bpi) { /* * Remove encap monitor */ vnc_zlog_debug_verbose("%s: vpn_bpi=%p", __func__, vpn_bpi); if (vpn_bpi->extra) { struct rfapi_monitor_encap *hme = vpn_bpi->extra->vnc.import.hme; if (hme) { vnc_zlog_debug_verbose("%s: hme=%p", __func__, hme); /* Refcount checking takes too long here */ // RFAPI_CHECK_REFCOUNT(hme->rn, SAFI_ENCAP, 0); if (hme->next) hme->next->prev = hme->prev; if (hme->prev) hme->prev->next = hme->next; else RFAPI_MONITOR_ENCAP_W_ALLOC(hme->rn) = hme->next; /* Refcount checking takes too long here */ // RFAPI_CHECK_REFCOUNT(hme->rn, SAFI_ENCAP, 1); /* see if the struct rfapi_it_extra is empty and can be * freed */ rfapiMonitorExtraPrune(SAFI_ENCAP, hme->rn); agg_unlock_node(hme->rn); /* decr ref count */ XFREE(MTYPE_RFAPI_MONITOR_ENCAP, hme); vpn_bpi->extra->vnc.import.hme = NULL; } } } /* * Timer callback for withdraw */ static void rfapiWithdrawTimerVPN(struct event *t) { struct rfapi_withdraw *wcb = EVENT_ARG(t); struct bgp_path_info *bpi = wcb->info; struct bgp *bgp = bgp_get_default(); const struct prefix *p; struct rfapi_monitor_vpn *moved; afi_t afi; bool early_exit = false; if (bgp == NULL) { vnc_zlog_debug_verbose( "%s: NULL BGP pointer, assume shutdown race condition!!!", __func__); early_exit = true; } if (bgp && CHECK_FLAG(bgp->flags, BGP_FLAG_DELETE_IN_PROGRESS)) { vnc_zlog_debug_verbose( "%s: BGP delete in progress, assume shutdown race condition!!!", __func__); early_exit = true; } /* This callback is responsible for the withdraw object's memory */ if (early_exit) { XFREE(MTYPE_RFAPI_WITHDRAW, wcb); return; } assert(wcb->node); assert(bpi); assert(wcb->import_table); assert(bpi->extra); RFAPI_CHECK_REFCOUNT(wcb->node, SAFI_MPLS_VPN, wcb->lockoffset); vnc_zlog_debug_verbose("%s: removing bpi %p at prefix %pRN", __func__, bpi, wcb->node); /* * Remove the route (doubly-linked) */ if (CHECK_FLAG(bpi->flags, BGP_PATH_VALID) && VALID_INTERIOR_TYPE(bpi->type)) RFAPI_MONITOR_EXTERIOR(wcb->node)->valid_interior_count--; p = agg_node_get_prefix(wcb->node); afi = family2afi(p->family); wcb->import_table->holddown_count[afi] -= 1; /* keep count consistent */ rfapiItBiIndexDel(wcb->node, bpi); rfapiBgpInfoDetach(wcb->node, bpi); /* with removed bpi */ vnc_import_bgp_exterior_del_route_interior(bgp, wcb->import_table, wcb->node, bpi); /* * If VNC is configured to send response remove messages, AND * if the removed route had a UN address, do response removal * processing. */ if (!(bgp->rfapi_cfg->flags & BGP_VNC_CONFIG_RESPONSE_REMOVAL_DISABLE)) { int has_valid_duplicate = 0; struct bgp_path_info *bpii; /* * First check if there are any OTHER routes at this node * that have the same nexthop and a valid UN address. If * there are (e.g., from other peers), then the route isn't * really gone, so skip sending a response removal message. */ for (bpii = wcb->node->info; bpii; bpii = bpii->next) { if (rfapiVpnBiSamePtUn(bpi, bpii)) { has_valid_duplicate = 1; break; } } vnc_zlog_debug_verbose("%s: has_valid_duplicate=%d", __func__, has_valid_duplicate); if (!has_valid_duplicate) { rfapiRibPendingDeleteRoute(bgp, wcb->import_table, afi, wcb->node); } } rfapiMonitorEncapDelete(bpi); /* * If there are no VPN monitors at this VPN Node A, * we are done */ if (!RFAPI_MONITOR_VPN(wcb->node)) { vnc_zlog_debug_verbose("%s: no VPN monitors at this node", __func__); goto done; } /* * rfapiMonitorMoveShorter only moves monitors if there are * no remaining valid routes at the current node */ moved = rfapiMonitorMoveShorter(wcb->node, 1); if (moved) { rfapiMonitorMovedUp(wcb->import_table, wcb->node, moved->node, moved); } done: /* * Free VPN bpi */ rfapiBgpInfoFree(bpi); wcb->info = NULL; /* * If route count at this node has gone to 0, withdraw exported prefix */ if (!wcb->node->info) { /* see if the struct rfapi_it_extra is empty and can be freed */ rfapiMonitorExtraPrune(SAFI_MPLS_VPN, wcb->node); vnc_direct_bgp_del_prefix(bgp, wcb->import_table, wcb->node); vnc_zebra_del_prefix(bgp, wcb->import_table, wcb->node); } else { /* * nexthop change event * vnc_direct_bgp_add_prefix() will recompute the VN addr * ecommunity */ vnc_direct_bgp_add_prefix(bgp, wcb->import_table, wcb->node); } RFAPI_CHECK_REFCOUNT(wcb->node, SAFI_MPLS_VPN, 1 + wcb->lockoffset); agg_unlock_node(wcb->node); /* decr ref count */ XFREE(MTYPE_RFAPI_WITHDRAW, wcb); } /* * This works for multiprotocol extension, but not for plain ol' * unicast IPv4 because that nexthop is stored in attr->nexthop */ void rfapiNexthop2Prefix(struct attr *attr, struct prefix *p) { assert(p); assert(attr); memset(p, 0, sizeof(struct prefix)); switch (p->family = BGP_MP_NEXTHOP_FAMILY(attr->mp_nexthop_len)) { case AF_INET: p->u.prefix4 = attr->mp_nexthop_global_in; p->prefixlen = IPV4_MAX_BITLEN; break; case AF_INET6: p->u.prefix6 = attr->mp_nexthop_global; p->prefixlen = IPV6_MAX_BITLEN; break; default: vnc_zlog_debug_verbose("%s: Family is unknown = %d", __func__, p->family); } } void rfapiUnicastNexthop2Prefix(afi_t afi, struct attr *attr, struct prefix *p) { if (afi == AFI_IP) { p->family = AF_INET; p->prefixlen = IPV4_MAX_BITLEN; p->u.prefix4 = attr->nexthop; } else { rfapiNexthop2Prefix(attr, p); } } static int rfapiAttrNexthopAddrDifferent(struct prefix *p1, struct prefix *p2) { if (!p1 || !p2) { vnc_zlog_debug_verbose("%s: p1 or p2 is NULL", __func__); return 1; } /* * Are address families the same? */ if (p1->family != p2->family) { return 1; } switch (p1->family) { case AF_INET: if (IPV4_ADDR_SAME(&p1->u.prefix4, &p2->u.prefix4)) return 0; break; case AF_INET6: if (IPV6_ADDR_SAME(&p1->u.prefix6, &p2->u.prefix6)) return 0; break; default: assert(1); } return 1; } static void rfapiCopyUnEncap2VPN(struct bgp_path_info *encap_bpi, struct bgp_path_info *vpn_bpi) { if (!vpn_bpi || !vpn_bpi->extra) { zlog_warn("%s: no vpn bpi attr/extra, can't copy UN address", __func__); return; } switch (BGP_MP_NEXTHOP_FAMILY(encap_bpi->attr->mp_nexthop_len)) { case AF_INET: /* * instrumentation to debug segfault of 091127 */ vnc_zlog_debug_verbose("%s: vpn_bpi=%p", __func__, vpn_bpi); vnc_zlog_debug_verbose("%s: vpn_bpi->extra=%p", __func__, vpn_bpi->extra); vpn_bpi->extra->vnc.import.un_family = AF_INET; vpn_bpi->extra->vnc.import.un.addr4 = encap_bpi->attr->mp_nexthop_global_in; break; case AF_INET6: vpn_bpi->extra->vnc.import.un_family = AF_INET6; vpn_bpi->extra->vnc.import.un.addr6 = encap_bpi->attr->mp_nexthop_global; break; default: zlog_warn("%s: invalid encap nexthop length: %d", __func__, encap_bpi->attr->mp_nexthop_len); vpn_bpi->extra->vnc.import.un_family = AF_UNSPEC; break; } } /* * returns 0 on success, nonzero on error */ static int rfapiWithdrawEncapUpdateCachedUn(struct rfapi_import_table *import_table, struct bgp_path_info *encap_bpi, struct agg_node *vpn_rn, struct bgp_path_info *vpn_bpi) { if (!encap_bpi) { /* * clear cached UN address */ if (!vpn_bpi || !vpn_bpi->extra) { zlog_warn( "%s: missing VPN bpi/extra, can't clear UN addr", __func__); return 1; } vpn_bpi->extra->vnc.import.un_family = AF_UNSPEC; memset(&vpn_bpi->extra->vnc.import.un, 0, sizeof(vpn_bpi->extra->vnc.import.un)); if (CHECK_FLAG(vpn_bpi->flags, BGP_PATH_VALID)) { if (rfapiGetVncTunnelUnAddr(vpn_bpi->attr, NULL)) { UNSET_FLAG(vpn_bpi->flags, BGP_PATH_VALID); if (VALID_INTERIOR_TYPE(vpn_bpi->type)) RFAPI_MONITOR_EXTERIOR(vpn_rn) ->valid_interior_count--; /* signal interior route withdrawal to * import-exterior */ vnc_import_bgp_exterior_del_route_interior( bgp_get_default(), import_table, vpn_rn, vpn_bpi); } } } else { if (!vpn_bpi) { zlog_warn("%s: missing VPN bpi, can't clear UN addr", __func__); return 1; } rfapiCopyUnEncap2VPN(encap_bpi, vpn_bpi); if (!CHECK_FLAG(vpn_bpi->flags, BGP_PATH_VALID)) { SET_FLAG(vpn_bpi->flags, BGP_PATH_VALID); if (VALID_INTERIOR_TYPE(vpn_bpi->type)) RFAPI_MONITOR_EXTERIOR(vpn_rn) ->valid_interior_count++; /* signal interior route withdrawal to import-exterior */ vnc_import_bgp_exterior_add_route_interior( bgp_get_default(), import_table, vpn_rn, vpn_bpi); } } return 0; } static void rfapiWithdrawTimerEncap(struct event *t) { struct rfapi_withdraw *wcb = EVENT_ARG(t); struct bgp_path_info *bpi = wcb->info; int was_first_route = 0; struct rfapi_monitor_encap *em; struct skiplist *vpn_node_sl = skiplist_new(0, NULL, NULL); assert(wcb->node); assert(bpi); assert(wcb->import_table); RFAPI_CHECK_REFCOUNT(wcb->node, SAFI_ENCAP, 0); if (wcb->node->info == bpi) was_first_route = 1; /* * Remove the route/bpi and free it */ rfapiBgpInfoDetach(wcb->node, bpi); rfapiBgpInfoFree(bpi); if (!was_first_route) goto done; for (em = RFAPI_MONITOR_ENCAP(wcb->node); em; em = em->next) { /* * Update monitoring VPN BPIs with new encap info at the * head of the encap bpi chain (which could be NULL after * removing the expiring bpi above) */ if (rfapiWithdrawEncapUpdateCachedUn(wcb->import_table, wcb->node->info, em->node, em->bpi)) continue; /* * Build a list of unique VPN nodes referenced by these * monitors. * Use a skiplist for speed. */ skiplist_insert(vpn_node_sl, em->node, em->node); } /* * for each VPN node referenced in the ENCAP monitors: */ struct agg_node *rn; while (!skiplist_first(vpn_node_sl, (void **)&rn, NULL)) { if (!wcb->node->info) { struct rfapi_monitor_vpn *moved; moved = rfapiMonitorMoveShorter(rn, 0); if (moved) { // rfapiDoRouteCallback(wcb->import_table, // moved->node, moved); rfapiMonitorMovedUp(wcb->import_table, rn, moved->node, moved); } } else { // rfapiDoRouteCallback(wcb->import_table, rn, NULL); rfapiMonitorItNodeChanged(wcb->import_table, rn, NULL); } skiplist_delete_first(vpn_node_sl); } done: RFAPI_CHECK_REFCOUNT(wcb->node, SAFI_ENCAP, 1); agg_unlock_node(wcb->node); /* decr ref count */ XFREE(MTYPE_RFAPI_WITHDRAW, wcb); skiplist_free(vpn_node_sl); } /* * Works for both VPN and ENCAP routes; timer_service_func is different * in each case */ static void rfapiBiStartWithdrawTimer(struct rfapi_import_table *import_table, struct agg_node *rn, struct bgp_path_info *bpi, afi_t afi, safi_t safi, void (*timer_service_func)(struct event *)) { uint32_t lifetime; struct rfapi_withdraw *wcb; if (CHECK_FLAG(bpi->flags, BGP_PATH_REMOVED)) { /* * Already on the path to being withdrawn, * should already have a timer set up to * delete it. */ vnc_zlog_debug_verbose( "%s: already being withdrawn, do nothing", __func__); return; } rfapiGetVncLifetime(bpi->attr, &lifetime); vnc_zlog_debug_verbose("%s: VNC lifetime is %u", __func__, lifetime); /* * withdrawn routes get to hang around for a while */ SET_FLAG(bpi->flags, BGP_PATH_REMOVED); /* set timer to remove the route later */ lifetime = rfapiGetHolddownFromLifetime(lifetime); vnc_zlog_debug_verbose("%s: using timeout %u", __func__, lifetime); /* * Stash import_table, node, and info for use by timer * service routine, which is supposed to free the wcb. */ wcb = XCALLOC(MTYPE_RFAPI_WITHDRAW, sizeof(struct rfapi_withdraw)); wcb->node = rn; wcb->info = bpi; wcb->import_table = import_table; bgp_attr_intern(bpi->attr); if (VNC_DEBUG(VERBOSE)) { vnc_zlog_debug_verbose( "%s: wcb values: node=%p, info=%p, import_table=%p (bpi follows)", __func__, wcb->node, wcb->info, wcb->import_table); rfapiPrintBi(NULL, bpi); } assert(bpi->extra); if (lifetime > UINT32_MAX / 1001) { /* sub-optimal case, but will probably never happen */ bpi->extra->vnc.import.timer = NULL; event_add_timer(bm->master, timer_service_func, wcb, lifetime, &bpi->extra->vnc.import.timer); } else { static uint32_t jitter; uint32_t lifetime_msec; /* * the goal here is to spread out the timers so they are * sortable in the skip list */ if (++jitter >= 1000) jitter = 0; lifetime_msec = (lifetime * 1000) + jitter; bpi->extra->vnc.import.timer = NULL; event_add_timer_msec(bm->master, timer_service_func, wcb, lifetime_msec, &bpi->extra->vnc.import.timer); } /* re-sort route list (BGP_PATH_REMOVED routes are last) */ if (((struct bgp_path_info *)rn->info)->next) { rfapiBgpInfoDetach(rn, bpi); rfapiBgpInfoAttachSorted(rn, bpi, afi, safi); } } typedef void(rfapi_bi_filtered_import_f)(struct rfapi_import_table *table, int action, struct peer *peer, void *rfd, const struct prefix *prefix, const struct prefix *aux_prefix, afi_t afi, struct prefix_rd *prd, struct attr *attr, uint8_t type, uint8_t sub_type, uint32_t *label); static void rfapiExpireEncapNow(struct rfapi_import_table *it, struct agg_node *rn, struct bgp_path_info *bpi) { struct rfapi_withdraw *wcb; struct event t; /* * pretend we're an expiring timer */ wcb = XCALLOC(MTYPE_RFAPI_WITHDRAW, sizeof(struct rfapi_withdraw)); wcb->info = bpi; wcb->node = rn; wcb->import_table = it; memset(&t, 0, sizeof(t)); t.arg = wcb; rfapiWithdrawTimerEncap(&t); /* frees wcb */ } static int rfapiGetNexthop(struct attr *attr, struct prefix *prefix) { switch (BGP_MP_NEXTHOP_FAMILY(attr->mp_nexthop_len)) { case AF_INET: prefix->family = AF_INET; prefix->prefixlen = IPV4_MAX_BITLEN; prefix->u.prefix4 = attr->mp_nexthop_global_in; break; case AF_INET6: prefix->family = AF_INET6; prefix->prefixlen = IPV6_MAX_BITLEN; prefix->u.prefix6 = attr->mp_nexthop_global; break; default: vnc_zlog_debug_verbose("%s: unknown attr->mp_nexthop_len %d", __func__, attr->mp_nexthop_len); return EINVAL; } return 0; } /* * import a bgp_path_info if its route target list intersects with the * import table's route target list */ static void rfapiBgpInfoFilteredImportEncap( struct rfapi_import_table *import_table, int action, struct peer *peer, void *rfd, /* set for looped back routes */ const struct prefix *p, const struct prefix *aux_prefix, /* Unused for encap routes */ afi_t afi, struct prefix_rd *prd, struct attr *attr, /* part of bgp_path_info */ uint8_t type, /* part of bgp_path_info */ uint8_t sub_type, /* part of bgp_path_info */ uint32_t *label) /* part of bgp_path_info */ { struct agg_table *rt = NULL; struct agg_node *rn; struct bgp_path_info *info_new; struct bgp_path_info *bpi; struct bgp_path_info *next; char buf[BUFSIZ]; struct prefix p_firstbpi_old; struct prefix p_firstbpi_new; int replacing = 0; const char *action_str = NULL; struct prefix un_prefix; struct bgp *bgp; bgp = bgp_get_default(); /* assume 1 instance for now */ switch (action) { case FIF_ACTION_UPDATE: action_str = "update"; break; case FIF_ACTION_WITHDRAW: action_str = "withdraw"; break; case FIF_ACTION_KILL: action_str = "kill"; break; default: assert(0); break; } vnc_zlog_debug_verbose( "%s: entry: %s: prefix %s/%d", __func__, action_str, inet_ntop(p->family, &p->u.prefix, buf, sizeof(buf)), p->prefixlen); memset(&p_firstbpi_old, 0, sizeof(p_firstbpi_old)); memset(&p_firstbpi_new, 0, sizeof(p_firstbpi_new)); if (action == FIF_ACTION_UPDATE) { /* * Compare rt lists. If no intersection, don't import this route * On a withdraw, peer and RD are sufficient to determine if * we should act. */ if (!attr || !bgp_attr_get_ecommunity(attr)) { vnc_zlog_debug_verbose( "%s: attr, extra, or ecommunity missing, not importing", __func__); return; } #ifdef RFAPI_REQUIRE_ENCAP_BEEC if (!rfapiEcommunitiesMatchBeec( bgp_attr_get_ecommunity(attr))) { vnc_zlog_debug_verbose( "%s: it=%p: no match for BGP Encapsulation ecommunity", __func__, import_table); return; } #endif if (!rfapiEcommunitiesIntersect( import_table->rt_import_list, bgp_attr_get_ecommunity(attr))) { vnc_zlog_debug_verbose( "%s: it=%p: no ecommunity intersection", __func__, import_table); return; } /* * Updates must also have a nexthop address */ memset(&un_prefix, 0, sizeof(un_prefix)); /* keep valgrind happy */ if (rfapiGetNexthop(attr, &un_prefix)) { vnc_zlog_debug_verbose("%s: missing nexthop address", __func__); return; } } /* * Figure out which radix tree the route would go into */ switch (afi) { case AFI_IP: case AFI_IP6: rt = import_table->imported_encap[afi]; break; case AFI_UNSPEC: case AFI_L2VPN: case AFI_MAX: flog_err(EC_LIB_DEVELOPMENT, "%s: bad afi %d", __func__, afi); return; } /* * agg_node_lookup returns a node only if there is at least * one route attached. */ rn = agg_node_lookup(rt, p); #ifdef DEBUG_ENCAP_MONITOR vnc_zlog_debug_verbose("%s: initial encap lookup(it=%p) rn=%p", __func__, import_table, rn); #endif if (rn) { RFAPI_CHECK_REFCOUNT(rn, SAFI_ENCAP, 1); agg_unlock_node(rn); /* undo lock in agg_node_lookup */ /* * capture nexthop of first bpi */ if (rn->info) { rfapiNexthop2Prefix( ((struct bgp_path_info *)(rn->info))->attr, &p_firstbpi_old); } for (bpi = rn->info; bpi; bpi = bpi->next) { /* * Does this bgp_path_info refer to the same route * as we are trying to add? */ vnc_zlog_debug_verbose("%s: comparing BPI %p", __func__, bpi); /* * Compare RDs * * RD of import table bpi is in * bpi->extra->vnc.import.rd RD of info_orig is in prd */ if (!bpi->extra) { vnc_zlog_debug_verbose("%s: no bpi->extra", __func__); continue; } if (prefix_cmp( (struct prefix *)&bpi->extra->vnc.import.rd, (struct prefix *)prd)) { vnc_zlog_debug_verbose("%s: prd does not match", __func__); continue; } /* * Compare peers */ if (bpi->peer != peer) { vnc_zlog_debug_verbose( "%s: peer does not match", __func__); continue; } vnc_zlog_debug_verbose("%s: found matching bpi", __func__); /* Same route. Delete this bpi, replace with new one */ if (action == FIF_ACTION_WITHDRAW) { vnc_zlog_debug_verbose( "%s: withdrawing at prefix %pRN", __func__, rn); rfapiBiStartWithdrawTimer( import_table, rn, bpi, afi, SAFI_ENCAP, rfapiWithdrawTimerEncap); } else { vnc_zlog_debug_verbose( "%s: %s at prefix %pRN", __func__, ((action == FIF_ACTION_KILL) ? "killing" : "replacing"), rn); /* * If this route is waiting to be deleted * because of * a previous withdraw, we must cancel its * timer. */ if (CHECK_FLAG(bpi->flags, BGP_PATH_REMOVED) && bpi->extra->vnc.import.timer) { struct rfapi_withdraw *wcb = EVENT_ARG( bpi->extra->vnc.import.timer); XFREE(MTYPE_RFAPI_WITHDRAW, wcb); EVENT_OFF(bpi->extra->vnc.import.timer); } if (action == FIF_ACTION_UPDATE) { rfapiBgpInfoDetach(rn, bpi); rfapiBgpInfoFree(bpi); replacing = 1; } else { /* * Kill: do export stuff when removing * bpi */ struct rfapi_withdraw *wcb; struct event t; /* * pretend we're an expiring timer */ wcb = XCALLOC( MTYPE_RFAPI_WITHDRAW, sizeof(struct rfapi_withdraw)); wcb->info = bpi; wcb->node = rn; wcb->import_table = import_table; memset(&t, 0, sizeof(t)); t.arg = wcb; rfapiWithdrawTimerEncap( &t); /* frees wcb */ } } break; } } if (rn) RFAPI_CHECK_REFCOUNT(rn, SAFI_ENCAP, replacing ? 1 : 0); if (action == FIF_ACTION_WITHDRAW || action == FIF_ACTION_KILL) return; info_new = rfapiBgpInfoCreate(attr, peer, rfd, prd, type, sub_type, NULL); if (rn) { if (!replacing) agg_lock_node(rn); /* incr ref count for new BPI */ } else { rn = agg_node_get(rt, p); } vnc_zlog_debug_verbose("%s: (afi=%d, rn=%p) inserting at prefix %pRN", __func__, afi, rn, rn); rfapiBgpInfoAttachSorted(rn, info_new, afi, SAFI_ENCAP); /* * Delete holddown routes from same NVE. See details in * rfapiBgpInfoFilteredImportVPN() */ for (bpi = info_new->next; bpi; bpi = next) { struct prefix pfx_un; int un_match = 0; next = bpi->next; if (!CHECK_FLAG(bpi->flags, BGP_PATH_REMOVED)) continue; /* * We already match the VN address (it is the prefix * of the route node) */ if (!rfapiGetNexthop(bpi->attr, &pfx_un) && prefix_same(&pfx_un, &un_prefix)) { un_match = 1; } if (!un_match) continue; vnc_zlog_debug_verbose( "%s: removing holddown bpi matching NVE of new route", __func__); if (bpi->extra->vnc.import.timer) { struct rfapi_withdraw *wcb = EVENT_ARG(bpi->extra->vnc.import.timer); XFREE(MTYPE_RFAPI_WITHDRAW, wcb); EVENT_OFF(bpi->extra->vnc.import.timer); } rfapiExpireEncapNow(import_table, rn, bpi); } rfapiNexthop2Prefix(((struct bgp_path_info *)(rn->info))->attr, &p_firstbpi_new); /* * If the nexthop address of the selected Encap route (i.e., * the UN address) has changed, then we must update the VPN * routes that refer to this Encap route and possibly force * rfapi callbacks. */ if (rfapiAttrNexthopAddrDifferent(&p_firstbpi_old, &p_firstbpi_new)) { struct rfapi_monitor_encap *m; struct rfapi_monitor_encap *mnext; struct agg_node *referenced_vpn_prefix; /* * Optimized approach: build radix tree on the fly to * hold list of VPN nodes referenced by the ENCAP monitors * * The nodes in this table correspond to prefixes of VPN routes. * The "info" pointer of the node points to a chain of * struct rfapi_monitor_encap, each of which refers to a * specific VPN node. */ struct agg_table *referenced_vpn_table; referenced_vpn_table = agg_table_init(); /* * iterate over the set of monitors at this ENCAP node. */ #ifdef DEBUG_ENCAP_MONITOR vnc_zlog_debug_verbose("%s: examining monitors at rn=%p", __func__, rn); #endif for (m = RFAPI_MONITOR_ENCAP(rn); m; m = m->next) { const struct prefix *p; /* * For each referenced bpi/route, copy the ENCAP route's * nexthop to the VPN route's cached UN address field * and set * the address family of the cached UN address field. */ rfapiCopyUnEncap2VPN(info_new, m->bpi); if (!CHECK_FLAG(m->bpi->flags, BGP_PATH_VALID)) { SET_FLAG(m->bpi->flags, BGP_PATH_VALID); if (VALID_INTERIOR_TYPE(m->bpi->type)) RFAPI_MONITOR_EXTERIOR(m->node) ->valid_interior_count++; vnc_import_bgp_exterior_add_route_interior( bgp, import_table, m->node, m->bpi); } /* * Build a list of unique VPN nodes referenced by these * monitors * * There could be more than one VPN node here with a * given * prefix. Those are currently in an unsorted linear * list * per prefix. */ p = agg_node_get_prefix(m->node); referenced_vpn_prefix = agg_node_get(referenced_vpn_table, p); assert(referenced_vpn_prefix); for (mnext = referenced_vpn_prefix->info; mnext; mnext = mnext->next) { if (mnext->node == m->node) break; } if (mnext) { /* * already have an entry for this VPN node */ agg_unlock_node(referenced_vpn_prefix); } else { mnext = XCALLOC( MTYPE_RFAPI_MONITOR_ENCAP, sizeof(struct rfapi_monitor_encap)); mnext->node = m->node; mnext->next = referenced_vpn_prefix->info; referenced_vpn_prefix->info = mnext; } } /* * for each VPN node referenced in the ENCAP monitors: */ for (referenced_vpn_prefix = agg_route_top(referenced_vpn_table); referenced_vpn_prefix; referenced_vpn_prefix = agg_route_next(referenced_vpn_prefix)) { while ((m = referenced_vpn_prefix->info)) { struct agg_node *n; rfapiMonitorMoveLonger(m->node); for (n = m->node; n; n = agg_node_parent(n)) { // rfapiDoRouteCallback(import_table, n, // NULL); } rfapiMonitorItNodeChanged(import_table, m->node, NULL); referenced_vpn_prefix->info = m->next; agg_unlock_node(referenced_vpn_prefix); XFREE(MTYPE_RFAPI_MONITOR_ENCAP, m); } } agg_table_finish(referenced_vpn_table); } RFAPI_CHECK_REFCOUNT(rn, SAFI_ENCAP, 0); } static void rfapiExpireVpnNow(struct rfapi_import_table *it, struct agg_node *rn, struct bgp_path_info *bpi, int lockoffset) { struct rfapi_withdraw *wcb; struct event t; /* * pretend we're an expiring timer */ wcb = XCALLOC(MTYPE_RFAPI_WITHDRAW, sizeof(struct rfapi_withdraw)); wcb->info = bpi; wcb->node = rn; wcb->import_table = it; wcb->lockoffset = lockoffset; memset(&t, 0, sizeof(t)); t.arg = wcb; rfapiWithdrawTimerVPN(&t); /* frees wcb */ } /* * import a bgp_path_info if its route target list intersects with the * import table's route target list */ void rfapiBgpInfoFilteredImportVPN( struct rfapi_import_table *import_table, int action, struct peer *peer, void *rfd, /* set for looped back routes */ const struct prefix *p, const struct prefix *aux_prefix, /* AFI_L2VPN: optional IP */ afi_t afi, struct prefix_rd *prd, struct attr *attr, /* part of bgp_path_info */ uint8_t type, /* part of bgp_path_info */ uint8_t sub_type, /* part of bgp_path_info */ uint32_t *label) /* part of bgp_path_info */ { struct agg_table *rt = NULL; struct agg_node *rn; struct agg_node *n; struct bgp_path_info *info_new; struct bgp_path_info *bpi; struct bgp_path_info *next; char buf[BUFSIZ]; struct prefix vn_prefix; struct prefix un_prefix; int un_prefix_valid = 0; struct agg_node *ern; int replacing = 0; int original_had_routes = 0; struct prefix original_nexthop; const char *action_str = NULL; int is_it_ce = 0; struct bgp *bgp; bgp = bgp_get_default(); /* assume 1 instance for now */ switch (action) { case FIF_ACTION_UPDATE: action_str = "update"; break; case FIF_ACTION_WITHDRAW: action_str = "withdraw"; break; case FIF_ACTION_KILL: action_str = "kill"; break; default: assert(0); break; } if (import_table == bgp->rfapi->it_ce) is_it_ce = 1; vnc_zlog_debug_verbose("%s: entry: %s%s: prefix %s/%d: it %p, afi %s", __func__, (is_it_ce ? "CE-IT " : ""), action_str, rfapi_ntop(p->family, &p->u.prefix, buf, BUFSIZ), p->prefixlen, import_table, afi2str(afi)); VNC_ITRCCK; /* * Compare rt lists. If no intersection, don't import this route * On a withdraw, peer and RD are sufficient to determine if * we should act. */ if (action == FIF_ACTION_UPDATE) { if (!attr || !bgp_attr_get_ecommunity(attr)) { vnc_zlog_debug_verbose( "%s: attr, extra, or ecommunity missing, not importing", __func__); return; } if ((import_table != bgp->rfapi->it_ce) && !rfapiEcommunitiesIntersect( import_table->rt_import_list, bgp_attr_get_ecommunity(attr))) { vnc_zlog_debug_verbose( "%s: it=%p: no ecommunity intersection", __func__, import_table); return; } memset(&vn_prefix, 0, sizeof(vn_prefix)); /* keep valgrind happy */ if (rfapiGetNexthop(attr, &vn_prefix)) { /* missing nexthop address would be a bad, bad thing */ vnc_zlog_debug_verbose("%s: missing nexthop", __func__); return; } } /* * Figure out which radix tree the route would go into */ switch (afi) { case AFI_IP: case AFI_IP6: case AFI_L2VPN: rt = import_table->imported_vpn[afi]; break; case AFI_UNSPEC: case AFI_MAX: flog_err(EC_LIB_DEVELOPMENT, "%s: bad afi %d", __func__, afi); return; } /* clear it */ memset(&original_nexthop, 0, sizeof(original_nexthop)); /* * agg_node_lookup returns a node only if there is at least * one route attached. */ rn = agg_node_lookup(rt, p); vnc_zlog_debug_verbose("%s: rn=%p", __func__, rn); if (rn) { RFAPI_CHECK_REFCOUNT(rn, SAFI_MPLS_VPN, 1); agg_unlock_node(rn); /* undo lock in agg_node_lookup */ if (rn->info) original_had_routes = 1; if (VNC_DEBUG(VERBOSE)) { vnc_zlog_debug_verbose("%s: showing IT node on entry", __func__); rfapiShowItNode(NULL, rn); /* debug */ } /* * Look for same route (will have same RD and peer) */ bpi = rfapiItBiIndexSearch(rn, prd, peer, aux_prefix); if (bpi) { /* * This was an old test when we iterated over the * BPIs linearly. Since we're now looking up with * RD and peer, comparing types should not be * needed. Changed to assertion. * * Compare types. Doing so prevents a RFP-originated * route from matching an imported route, for example. */ if (VNC_DEBUG(VERBOSE) && bpi->type != type) /* should be handled by RDs, but warn for now */ zlog_warn("%s: type mismatch! (bpi=%d, arg=%d)", __func__, bpi->type, type); vnc_zlog_debug_verbose("%s: found matching bpi", __func__); /* * In the special CE table, withdrawals occur without * holddown */ if (import_table == bgp->rfapi->it_ce) { vnc_direct_bgp_del_route_ce(bgp, rn, bpi); if (action == FIF_ACTION_WITHDRAW) action = FIF_ACTION_KILL; } if (action == FIF_ACTION_WITHDRAW) { int washolddown = CHECK_FLAG(bpi->flags, BGP_PATH_REMOVED); vnc_zlog_debug_verbose( "%s: withdrawing at prefix %pRN%s", __func__, rn, (washolddown ? " (already being withdrawn)" : "")); VNC_ITRCCK; if (!washolddown) { rfapiBiStartWithdrawTimer( import_table, rn, bpi, afi, SAFI_MPLS_VPN, rfapiWithdrawTimerVPN); RFAPI_UPDATE_ITABLE_COUNT( bpi, import_table, afi, -1); import_table->holddown_count[afi] += 1; } VNC_ITRCCK; } else { vnc_zlog_debug_verbose( "%s: %s at prefix %pRN", __func__, ((action == FIF_ACTION_KILL) ? "killing" : "replacing"), rn); /* * If this route is waiting to be deleted * because of * a previous withdraw, we must cancel its * timer. */ if (CHECK_FLAG(bpi->flags, BGP_PATH_REMOVED) && bpi->extra->vnc.import.timer) { struct rfapi_withdraw *wcb = EVENT_ARG( bpi->extra->vnc.import.timer); XFREE(MTYPE_RFAPI_WITHDRAW, wcb); EVENT_OFF(bpi->extra->vnc.import.timer); import_table->holddown_count[afi] -= 1; RFAPI_UPDATE_ITABLE_COUNT( bpi, import_table, afi, 1); } /* * decrement remote count (if route is remote) * because * we are going to remove it below */ RFAPI_UPDATE_ITABLE_COUNT(bpi, import_table, afi, -1); if (action == FIF_ACTION_UPDATE) { replacing = 1; /* * make copy of original nexthop so we * can see if it changed */ rfapiGetNexthop(bpi->attr, &original_nexthop); /* * remove bpi without doing any export * processing */ if (CHECK_FLAG(bpi->flags, BGP_PATH_VALID) && VALID_INTERIOR_TYPE(bpi->type)) RFAPI_MONITOR_EXTERIOR(rn) ->valid_interior_count--; rfapiItBiIndexDel(rn, bpi); rfapiBgpInfoDetach(rn, bpi); rfapiMonitorEncapDelete(bpi); vnc_import_bgp_exterior_del_route_interior( bgp, import_table, rn, bpi); rfapiBgpInfoFree(bpi); } else { /* Kill */ /* * remove bpi and do export processing */ import_table->holddown_count[afi] += 1; rfapiExpireVpnNow(import_table, rn, bpi, 0); } } } } if (rn) RFAPI_CHECK_REFCOUNT(rn, SAFI_MPLS_VPN, replacing ? 1 : 0); if (action == FIF_ACTION_WITHDRAW || action == FIF_ACTION_KILL) { VNC_ITRCCK; return; } info_new = rfapiBgpInfoCreate(attr, peer, rfd, prd, type, sub_type, label); /* * lookup un address in encap table */ ern = agg_node_match(import_table->imported_encap[afi], &vn_prefix); if (ern) { rfapiCopyUnEncap2VPN(ern->info, info_new); agg_unlock_node(ern); /* undo lock in route_note_match */ } else { /* Not a big deal, just means VPN route got here first */ vnc_zlog_debug_verbose("%s: no encap route for vn addr %pFX", __func__, &vn_prefix); info_new->extra->vnc.import.un_family = AF_UNSPEC; } if (rn) { if (!replacing) agg_lock_node(rn); } else { /* * No need to increment reference count, so only "get" * if the node is not there already */ rn = agg_node_get(rt, p); } /* * For ethernet routes, if there is an accompanying IP address, * save it in the bpi */ if ((AFI_L2VPN == afi) && aux_prefix) { vnc_zlog_debug_verbose("%s: setting BPI's aux_prefix", __func__); info_new->extra->vnc.import.aux_prefix = *aux_prefix; } vnc_zlog_debug_verbose("%s: inserting bpi %p at prefix %pRN #%d", __func__, info_new, rn, agg_node_get_lock_count(rn)); rfapiBgpInfoAttachSorted(rn, info_new, afi, SAFI_MPLS_VPN); rfapiItBiIndexAdd(rn, info_new); if (!rfapiGetUnAddrOfVpnBi(info_new, NULL)) { if (VALID_INTERIOR_TYPE(info_new->type)) RFAPI_MONITOR_EXTERIOR(rn)->valid_interior_count++; SET_FLAG(info_new->flags, BGP_PATH_VALID); } RFAPI_UPDATE_ITABLE_COUNT(info_new, import_table, afi, 1); vnc_import_bgp_exterior_add_route_interior(bgp, import_table, rn, info_new); if (import_table == bgp->rfapi->it_ce) vnc_direct_bgp_add_route_ce(bgp, rn, info_new); if (VNC_DEBUG(VERBOSE)) { vnc_zlog_debug_verbose("%s: showing IT node", __func__); rfapiShowItNode(NULL, rn); /* debug */ } rfapiMonitorEncapAdd(import_table, &vn_prefix, rn, info_new); if (!rfapiGetUnAddrOfVpnBi(info_new, &un_prefix)) { /* * if we have a valid UN address (either via Encap route * or via tunnel attribute), then we should attempt * to move any monitors at less-specific nodes to this node */ rfapiMonitorMoveLonger(rn); un_prefix_valid = 1; } /* * 101129 Enhancement: if we add a route (implication: it is not * in holddown), delete all other routes from this nve at this * node that are in holddown, regardless of peer. * * Reasons it's OK to do that: * * - if the holddown route being deleted originally came from BGP VPN, * it is already gone from BGP (implication of holddown), so there * won't be any added inconsistency with the BGP RIB. * * - once a fresh route is added at a prefix, any routes in holddown * at that prefix will not show up in RFP responses, so deleting * the holddown routes won't affect the contents of responses. * * - lifetimes are supposed to be consistent, so there should not * be a case where the fresh route has a shorter lifetime than * the holddown route, so we don't expect the fresh route to * disappear and complete its holddown time before the existing * holddown routes time out. Therefore, we won't have a situation * where we expect the existing holddown routes to be hidden and * then to reappear sometime later (as holddown routes) in a * RFP response. * * Among other things, this would enable us to skirt the problem * of local holddown routes that refer to NVE descriptors that * have already been closed (if the same NVE triggers a subsequent * rfapi_open(), the new peer is different and doesn't match the * peer of the holddown route, so the stale holddown route still * hangs around until it times out instead of just being replaced * by the fresh route). */ /* * We know that the new bpi will have been inserted before any routes * in holddown, so we can skip any that came before it */ for (bpi = info_new->next; bpi; bpi = next) { struct prefix pfx_vn; struct prefix pfx_un; int un_match = 0; int remote_peer_match = 0; next = bpi->next; /* * Must be holddown */ if (!CHECK_FLAG(bpi->flags, BGP_PATH_REMOVED)) continue; /* * Must match VN address (nexthop of VPN route) */ if (rfapiGetNexthop(bpi->attr, &pfx_vn)) continue; if (!prefix_same(&pfx_vn, &vn_prefix)) continue; if (un_prefix_valid && /* new route UN addr */ !rfapiGetUnAddrOfVpnBi(bpi, &pfx_un) && /* old route UN addr */ prefix_same(&pfx_un, &un_prefix)) { /* compare */ un_match = 1; } if (!RFAPI_LOCAL_BI(bpi) && !RFAPI_LOCAL_BI(info_new) && sockunion_same(&bpi->peer->su, &info_new->peer->su)) { /* old & new are both remote, same peer */ remote_peer_match = 1; } if (!un_match && !remote_peer_match) continue; vnc_zlog_debug_verbose( "%s: removing holddown bpi matching NVE of new route", __func__); if (bpi->extra->vnc.import.timer) { struct rfapi_withdraw *wcb = EVENT_ARG(bpi->extra->vnc.import.timer); XFREE(MTYPE_RFAPI_WITHDRAW, wcb); EVENT_OFF(bpi->extra->vnc.import.timer); } rfapiExpireVpnNow(import_table, rn, bpi, 0); } if (!original_had_routes) { /* * We went from 0 usable routes to 1 usable route. Perform the * "Adding a Route" export process. */ vnc_direct_bgp_add_prefix(bgp, import_table, rn); vnc_zebra_add_prefix(bgp, import_table, rn); } else { /* * Check for nexthop change event * Note: the prefix_same() test below detects two situations: * 1. route is replaced, new route has different nexthop * 2. new route is added (original_nexthop is 0) */ struct prefix new_nexthop; rfapiGetNexthop(attr, &new_nexthop); if (!prefix_same(&original_nexthop, &new_nexthop)) { /* * nexthop change event * vnc_direct_bgp_add_prefix() will recompute VN addr * ecommunity */ vnc_direct_bgp_add_prefix(bgp, import_table, rn); } } if (!(bgp->rfapi_cfg->flags & BGP_VNC_CONFIG_CALLBACK_DISABLE)) { for (n = rn; n; n = agg_node_parent(n)) { // rfapiDoRouteCallback(import_table, n, NULL); } rfapiMonitorItNodeChanged(import_table, rn, NULL); } RFAPI_CHECK_REFCOUNT(rn, SAFI_MPLS_VPN, 0); VNC_ITRCCK; } static void rfapiBgpInfoFilteredImportBadSafi( struct rfapi_import_table *import_table, int action, struct peer *peer, void *rfd, /* set for looped back routes */ const struct prefix *p, const struct prefix *aux_prefix, /* AFI_L2VPN: optional IP */ afi_t afi, struct prefix_rd *prd, struct attr *attr, /* part of bgp_path_info */ uint8_t type, /* part of bgp_path_info */ uint8_t sub_type, /* part of bgp_path_info */ uint32_t *label) /* part of bgp_path_info */ { vnc_zlog_debug_verbose("%s: Error, bad safi", __func__); } static rfapi_bi_filtered_import_f * rfapiBgpInfoFilteredImportFunction(safi_t safi) { switch (safi) { case SAFI_MPLS_VPN: return rfapiBgpInfoFilteredImportVPN; case SAFI_ENCAP: return rfapiBgpInfoFilteredImportEncap; case SAFI_UNSPEC: case SAFI_UNICAST: case SAFI_MULTICAST: case SAFI_EVPN: case SAFI_LABELED_UNICAST: case SAFI_FLOWSPEC: case SAFI_MAX: /* not expected */ flog_err(EC_LIB_DEVELOPMENT, "%s: bad safi %d", __func__, safi); return rfapiBgpInfoFilteredImportBadSafi; } assert(!"Reached end of function when we were not expecting to"); } void rfapiProcessUpdate(struct peer *peer, void *rfd, /* set when looped from RFP/RFAPI */ const struct prefix *p, struct prefix_rd *prd, struct attr *attr, afi_t afi, safi_t safi, uint8_t type, uint8_t sub_type, uint32_t *label) { struct bgp *bgp; struct rfapi *h; struct rfapi_import_table *it; int has_ip_route = 1; uint32_t lni = 0; bgp = bgp_get_default(); /* assume 1 instance for now */ assert(bgp); h = bgp->rfapi; assert(h); /* * look at high-order byte of RD. FF means MAC * address is present (VNC L2VPN) */ if ((safi == SAFI_MPLS_VPN) && (decode_rd_type(prd->val) == RD_TYPE_VNC_ETH)) { struct prefix pfx_mac_buf; struct prefix pfx_nexthop_buf; int rc; /* * Set flag if prefix and nexthop are the same - don't * add the route to normal IP-based import tables */ if (!rfapiGetNexthop(attr, &pfx_nexthop_buf)) { if (!prefix_cmp(&pfx_nexthop_buf, p)) { has_ip_route = 0; } } memset(&pfx_mac_buf, 0, sizeof(pfx_mac_buf)); pfx_mac_buf.family = AF_ETHERNET; pfx_mac_buf.prefixlen = 48; memcpy(&pfx_mac_buf.u.prefix_eth.octet, prd->val + 2, 6); /* * Find rt containing LNI (Logical Network ID), which * _should_ always be present when mac address is present */ rc = rfapiEcommunityGetLNI(bgp_attr_get_ecommunity(attr), &lni); vnc_zlog_debug_verbose( "%s: rfapiEcommunityGetLNI returned %d, lni=%d, attr=%p", __func__, rc, lni, attr); if (!rc) { it = rfapiMacImportTableGet(bgp, lni); rfapiBgpInfoFilteredImportVPN( it, FIF_ACTION_UPDATE, peer, rfd, &pfx_mac_buf, /* prefix */ p, /* aux prefix: IP addr */ AFI_L2VPN, prd, attr, type, sub_type, label); } } if (!has_ip_route) return; /* * Iterate over all import tables; do a filtered import * for the afi/safi combination */ for (it = h->imports; it; it = it->next) { (*rfapiBgpInfoFilteredImportFunction(safi))( it, FIF_ACTION_UPDATE, peer, rfd, p, /* prefix */ NULL, afi, prd, attr, type, sub_type, label); } if (safi == SAFI_MPLS_VPN) { vnc_direct_bgp_rh_add_route(bgp, afi, p, peer, attr); rfapiBgpInfoFilteredImportVPN( bgp->rfapi->it_ce, FIF_ACTION_UPDATE, peer, rfd, p, /* prefix */ NULL, afi, prd, attr, type, sub_type, label); } } void rfapiProcessWithdraw(struct peer *peer, void *rfd, const struct prefix *p, struct prefix_rd *prd, struct attr *attr, afi_t afi, safi_t safi, uint8_t type, int kill) { struct bgp *bgp; struct rfapi *h; struct rfapi_import_table *it; bgp = bgp_get_default(); /* assume 1 instance for now */ assert(bgp); h = bgp->rfapi; assert(h); /* * look at high-order byte of RD. FF means MAC * address is present (VNC L2VPN) */ if (h->import_mac != NULL && safi == SAFI_MPLS_VPN && decode_rd_type(prd->val) == RD_TYPE_VNC_ETH) { struct prefix pfx_mac_buf; void *cursor = NULL; int rc; memset(&pfx_mac_buf, 0, sizeof(pfx_mac_buf)); pfx_mac_buf.family = AF_ETHERNET; pfx_mac_buf.prefixlen = 48; memcpy(&pfx_mac_buf.u.prefix_eth, prd->val + 2, 6); /* * withdraw does not contain attrs, so we don't have * access to the route's LNI, which would ordinarily * select the specific mac-based import table. Instead, * we must iterate over all mac-based tables and rely * on the RD to match. * * If this approach is too slow, add an index where * key is {RD, peer} and value is the import table */ for (rc = skiplist_next(h->import_mac, NULL, (void **)&it, &cursor); rc == 0; rc = skiplist_next(h->import_mac, NULL, (void **)&it, &cursor)) { #ifdef DEBUG_L2_EXTRA vnc_zlog_debug_verbose( "%s: calling rfapiBgpInfoFilteredImportVPN(it=%p, afi=AFI_L2VPN)", __func__, it); #endif rfapiBgpInfoFilteredImportVPN( it, (kill ? FIF_ACTION_KILL : FIF_ACTION_WITHDRAW), peer, rfd, &pfx_mac_buf, /* prefix */ p, /* aux_prefix: IP */ AFI_L2VPN, prd, attr, type, 0, NULL); /* sub_type & label unused for withdraw */ } } /* * XXX For the case where the withdraw involves an L2 * route with no IP information, we rely on the lack * of RT-list intersection to filter out the withdraw * from the IP-based import tables below */ /* * Iterate over all import tables; do a filtered import * for the afi/safi combination */ for (it = h->imports; it; it = it->next) { (*rfapiBgpInfoFilteredImportFunction(safi))( it, (kill ? FIF_ACTION_KILL : FIF_ACTION_WITHDRAW), peer, rfd, p, /* prefix */ NULL, afi, prd, attr, type, 0, NULL); /* sub_type & label unused for withdraw */ } /* TBD the deletion should happen after the lifetime expires */ if (safi == SAFI_MPLS_VPN) vnc_direct_bgp_rh_del_route(bgp, afi, p, peer); if (safi == SAFI_MPLS_VPN) { rfapiBgpInfoFilteredImportVPN( bgp->rfapi->it_ce, (kill ? FIF_ACTION_KILL : FIF_ACTION_WITHDRAW), peer, rfd, p, /* prefix */ NULL, afi, prd, attr, type, 0, NULL); /* sub_type & label unused for withdraw */ } } /* * TBD optimized withdraw timer algorithm for case of many * routes expiring at the same time due to peer drop. */ /* * 1. Visit all BPIs in all ENCAP import tables. * * a. If a bpi's peer is the failed peer, remove the bpi. * b. If the removed ENCAP bpi was first in the list of * BPIs at this ENCAP node, loop over all monitors * at this node: * * (1) for each ENCAP monitor, loop over all its * VPN node monitors and set their RFAPI_MON_FLAG_NEEDCALLBACK * flags. * * 2. Visit all BPIs in all VPN import tables. * a. If a bpi's peer is the failed peer, remove the bpi. * b. loop over all the VPN node monitors and set their * RFAPI_MON_FLAG_NEEDCALLBACK flags * c. If there are no BPIs left at this VPN node, * */ /* surprise, this gets called from peer_delete(), from rfapi_close() */ static void rfapiProcessPeerDownRt(struct peer *peer, struct rfapi_import_table *import_table, afi_t afi, safi_t safi) { struct agg_node *rn; struct bgp_path_info *bpi; struct agg_table *rt = NULL; void (*timer_service_func)(struct event *) = NULL; assert(afi == AFI_IP || afi == AFI_IP6); VNC_ITRCCK; switch (safi) { case SAFI_MPLS_VPN: rt = import_table->imported_vpn[afi]; timer_service_func = rfapiWithdrawTimerVPN; break; case SAFI_ENCAP: rt = import_table->imported_encap[afi]; timer_service_func = rfapiWithdrawTimerEncap; break; case SAFI_UNSPEC: case SAFI_UNICAST: case SAFI_MULTICAST: case SAFI_EVPN: case SAFI_LABELED_UNICAST: case SAFI_FLOWSPEC: case SAFI_MAX: /* Suppress uninitialized variable warning */ rt = NULL; timer_service_func = NULL; assert(0); } for (rn = agg_route_top(rt); rn; rn = agg_route_next(rn)) { for (bpi = rn->info; bpi; bpi = bpi->next) { if (bpi->peer == peer) { if (CHECK_FLAG(bpi->flags, BGP_PATH_REMOVED)) { /* already in holddown, skip */ continue; } if (safi == SAFI_MPLS_VPN) { RFAPI_UPDATE_ITABLE_COUNT( bpi, import_table, afi, -1); import_table->holddown_count[afi] += 1; } rfapiBiStartWithdrawTimer(import_table, rn, bpi, afi, safi, timer_service_func); } } } VNC_ITRCCK; } /* * This gets called when a peer connection drops. We have to remove * all the routes from this peer. * * Current approach is crude. TBD Optimize by setting fewer timers and * grouping withdrawn routes so we can generate callbacks more * efficiently. */ void rfapiProcessPeerDown(struct peer *peer) { struct bgp *bgp; struct rfapi *h; struct rfapi_import_table *it; /* * If this peer is a "dummy" peer structure atached to a RFAPI * nve_descriptor, we don't need to walk the import tables * because the routes are already withdrawn by rfapi_close() */ if (CHECK_FLAG(peer->flags, PEER_FLAG_IS_RFAPI_HD)) return; /* * 1. Visit all BPIs in all ENCAP import tables. * Start withdraw timer on the BPIs that match peer. * * 2. Visit All BPIs in all VPN import tables. * Start withdraw timer on the BPIs that match peer. */ bgp = bgp_get_default(); /* assume 1 instance for now */ if (!bgp) return; h = bgp->rfapi; assert(h); for (it = h->imports; it; it = it->next) { rfapiProcessPeerDownRt(peer, it, AFI_IP, SAFI_ENCAP); rfapiProcessPeerDownRt(peer, it, AFI_IP6, SAFI_ENCAP); rfapiProcessPeerDownRt(peer, it, AFI_IP, SAFI_MPLS_VPN); rfapiProcessPeerDownRt(peer, it, AFI_IP6, SAFI_MPLS_VPN); } if (h->it_ce) { rfapiProcessPeerDownRt(peer, h->it_ce, AFI_IP, SAFI_MPLS_VPN); rfapiProcessPeerDownRt(peer, h->it_ce, AFI_IP6, SAFI_MPLS_VPN); } } /* * Import an entire RIB (for an afi/safi) to an import table RIB, * filtered according to the import table's RT list * * TBD: does this function need additions to match rfapiProcessUpdate() * for, e.g., L2 handling? */ static void rfapiBgpTableFilteredImport(struct bgp *bgp, struct rfapi_import_table *it, afi_t afi, safi_t safi) { struct bgp_dest *dest1; struct bgp_dest *dest2; /* Only these SAFIs have 2-level RIBS */ assert(safi == SAFI_MPLS_VPN || safi == SAFI_ENCAP); /* * Now visit all the rd nodes and the nodes of all the * route tables attached to them, and import the routes * if they have matching route targets */ for (dest1 = bgp_table_top(bgp->rib[afi][safi]); dest1; dest1 = bgp_route_next(dest1)) { if (bgp_dest_has_bgp_path_info_data(dest1)) { for (dest2 = bgp_table_top( bgp_dest_get_bgp_table_info(dest1)); dest2; dest2 = bgp_route_next(dest2)) { struct bgp_path_info *bpi; for (bpi = bgp_dest_get_bgp_path_info(dest2); bpi; bpi = bpi->next) { uint32_t label = 0; if (CHECK_FLAG(bpi->flags, BGP_PATH_REMOVED)) continue; if (bpi->extra) label = decode_label( &bpi->extra->label[0]); (*rfapiBgpInfoFilteredImportFunction( safi))( it, /* which import table */ FIF_ACTION_UPDATE, bpi->peer, NULL, bgp_dest_get_prefix(dest2), NULL, afi, (struct prefix_rd *) bgp_dest_get_prefix( dest1), bpi->attr, bpi->type, bpi->sub_type, &label); } } } } } /* per-bgp-instance rfapi data */ struct rfapi *bgp_rfapi_new(struct bgp *bgp) { struct rfapi *h; afi_t afi; struct rfapi_rfp_cfg *cfg = NULL; struct rfapi_rfp_cb_methods *cbm = NULL; assert(bgp->rfapi_cfg == NULL); h = XCALLOC(MTYPE_RFAPI, sizeof(struct rfapi)); for (afi = AFI_IP; afi < AFI_MAX; afi++) { h->un[afi] = agg_table_init(); } /* * initialize the ce import table */ h->it_ce = XCALLOC(MTYPE_RFAPI_IMPORTTABLE, sizeof(struct rfapi_import_table)); h->it_ce->imported_vpn[AFI_IP] = agg_table_init(); h->it_ce->imported_vpn[AFI_IP6] = agg_table_init(); h->it_ce->imported_encap[AFI_IP] = agg_table_init(); h->it_ce->imported_encap[AFI_IP6] = agg_table_init(); rfapiBgpTableFilteredImport(bgp, h->it_ce, AFI_IP, SAFI_MPLS_VPN); rfapiBgpTableFilteredImport(bgp, h->it_ce, AFI_IP6, SAFI_MPLS_VPN); /* * Set up work queue for deferred rfapi_close operations */ h->deferred_close_q = work_queue_new(bm->master, "rfapi deferred close"); h->deferred_close_q->spec.workfunc = rfapi_deferred_close_workfunc; h->deferred_close_q->spec.data = h; h->rfp = rfp_start(bm->master, &cfg, &cbm); bgp->rfapi_cfg = bgp_rfapi_cfg_new(cfg); if (cbm != NULL) { h->rfp_methods = *cbm; } return h; } void bgp_rfapi_destroy(struct bgp *bgp, struct rfapi *h) { afi_t afi; if (bgp == NULL || h == NULL) return; if (h->resolve_nve_nexthop) { skiplist_free(h->resolve_nve_nexthop); h->resolve_nve_nexthop = NULL; } rfapiImportTableFlush(h->it_ce); if (h->import_mac) { struct rfapi_import_table *it; void *cursor; int rc; for (cursor = NULL, rc = skiplist_next(h->import_mac, NULL, (void **)&it, &cursor); !rc; rc = skiplist_next(h->import_mac, NULL, (void **)&it, &cursor)) { rfapiImportTableFlush(it); XFREE(MTYPE_RFAPI_IMPORTTABLE, it); } skiplist_free(h->import_mac); h->import_mac = NULL; } work_queue_free_and_null(&h->deferred_close_q); if (h->rfp != NULL) rfp_stop(h->rfp); for (afi = AFI_IP; afi < AFI_MAX; afi++) { agg_table_finish(h->un[afi]); } XFREE(MTYPE_RFAPI_IMPORTTABLE, h->it_ce); XFREE(MTYPE_RFAPI, h); } struct rfapi_import_table * rfapiImportTableRefAdd(struct bgp *bgp, struct ecommunity *rt_import_list, struct rfapi_nve_group_cfg *rfg) { struct rfapi *h; struct rfapi_import_table *it; afi_t afi; h = bgp->rfapi; assert(h); for (it = h->imports; it; it = it->next) { if (ecommunity_cmp(it->rt_import_list, rt_import_list)) break; } vnc_zlog_debug_verbose("%s: matched it=%p", __func__, it); if (!it) { it = XCALLOC(MTYPE_RFAPI_IMPORTTABLE, sizeof(struct rfapi_import_table)); it->next = h->imports; h->imports = it; it->rt_import_list = ecommunity_dup(rt_import_list); it->rfg = rfg; it->monitor_exterior_orphans = skiplist_new(0, NULL, prefix_free_lists); /* * fill import route tables from RIBs * * Potential area for optimization. If this occurs when * tables are large (e.g., the operator adds a nve group * with a new RT list to a running system), it could take * a while. * */ for (afi = AFI_IP; afi < AFI_MAX; ++afi) { it->imported_vpn[afi] = agg_table_init(); it->imported_encap[afi] = agg_table_init(); rfapiBgpTableFilteredImport(bgp, it, afi, SAFI_MPLS_VPN); rfapiBgpTableFilteredImport(bgp, it, afi, SAFI_ENCAP); vnc_import_bgp_exterior_redist_enable_it(bgp, afi, it); } } it->refcount += 1; return it; } /* * skiplist element free function */ static void delete_rem_pfx_na_free(void *na) { uint32_t *pCounter = ((struct rfapi_nve_addr *)na)->info; *pCounter += 1; XFREE(MTYPE_RFAPI_NVE_ADDR, na); } /* * Common deleter for IP and MAC import tables */ static void rfapiDeleteRemotePrefixesIt( struct bgp *bgp, struct rfapi_import_table *it, struct prefix *un, struct prefix *vn, struct prefix *p, int delete_active, int delete_holddown, uint32_t *pARcount, uint32_t *pAHcount, uint32_t *pHRcount, uint32_t *pHHcount, struct skiplist *uniq_active_nves, struct skiplist *uniq_holddown_nves) { afi_t afi; #ifdef DEBUG_L2_EXTRA { char buf_pfx[PREFIX_STRLEN]; if (p) { prefix2str(p, buf_pfx, sizeof(buf_pfx)); } else { buf_pfx[0] = '*'; buf_pfx[1] = 0; } vnc_zlog_debug_verbose( "%s: entry, p=%s, delete_active=%d, delete_holddown=%d", __func__, buf_pfx, delete_active, delete_holddown); } #endif for (afi = AFI_IP; afi < AFI_MAX; ++afi) { struct agg_table *rt; struct agg_node *rn; if (p && (family2afi(p->family) != afi)) { continue; } rt = it->imported_vpn[afi]; if (!rt) continue; vnc_zlog_debug_verbose("%s: scanning rt for afi=%d", __func__, afi); for (rn = agg_route_top(rt); rn; rn = agg_route_next(rn)) { struct bgp_path_info *bpi; struct bgp_path_info *next; const struct prefix *rn_p = agg_node_get_prefix(rn); if (p && VNC_DEBUG(IMPORT_DEL_REMOTE)) vnc_zlog_debug_any("%s: want %pFX, have %pRN", __func__, p, rn); if (p && prefix_cmp(p, rn_p)) continue; vnc_zlog_debug_verbose("%s: rn pfx=%pRN", __func__, rn); /* TBD is this valid for afi == AFI_L2VPN? */ RFAPI_CHECK_REFCOUNT(rn, SAFI_MPLS_VPN, 1); for (bpi = rn->info; bpi; bpi = next) { next = bpi->next; struct prefix qpt; struct prefix qct; int qpt_valid = 0; int qct_valid = 0; int is_active = 0; vnc_zlog_debug_verbose("%s: examining bpi %p", __func__, bpi); if (!rfapiGetNexthop(bpi->attr, &qpt)) qpt_valid = 1; if (vn) { if (!qpt_valid || !prefix_match(vn, &qpt)) { #ifdef DEBUG_L2_EXTRA vnc_zlog_debug_verbose( "%s: continue at vn && !qpt_valid || !prefix_match(vn, &qpt)", __func__); #endif continue; } } if (!rfapiGetUnAddrOfVpnBi(bpi, &qct)) qct_valid = 1; if (un) { if (!qct_valid || !prefix_match(un, &qct)) { #ifdef DEBUG_L2_EXTRA vnc_zlog_debug_verbose( "%s: continue at un && !qct_valid || !prefix_match(un, &qct)", __func__); #endif continue; } } /* * Blow bpi away */ /* * If this route is waiting to be deleted * because of * a previous withdraw, we must cancel its * timer. */ if (CHECK_FLAG(bpi->flags, BGP_PATH_REMOVED)) { if (!delete_holddown) continue; if (bpi->extra->vnc.import.timer) { struct rfapi_withdraw *wcb = EVENT_ARG( bpi->extra->vnc .import .timer); wcb->import_table ->holddown_count[afi] -= 1; RFAPI_UPDATE_ITABLE_COUNT( bpi, wcb->import_table, afi, 1); XFREE(MTYPE_RFAPI_WITHDRAW, wcb); EVENT_OFF(bpi->extra->vnc.import .timer); } } else { if (!delete_active) continue; is_active = 1; } vnc_zlog_debug_verbose( "%s: deleting bpi %p (qct_valid=%d, qpt_valid=%d, delete_holddown=%d, delete_active=%d)", __func__, bpi, qct_valid, qpt_valid, delete_holddown, delete_active); /* * add nve to list */ if (qct_valid && qpt_valid) { struct rfapi_nve_addr na; struct rfapi_nve_addr *nap; memset(&na, 0, sizeof(na)); assert(!rfapiQprefix2Raddr(&qct, &na.un)); assert(!rfapiQprefix2Raddr(&qpt, &na.vn)); if (skiplist_search( (is_active ? uniq_active_nves : uniq_holddown_nves), &na, (void **)&nap)) { char line[BUFSIZ]; nap = XCALLOC( MTYPE_RFAPI_NVE_ADDR, sizeof(struct rfapi_nve_addr)); *nap = na; nap->info = is_active ? pAHcount : pHHcount; skiplist_insert( (is_active ? uniq_active_nves : uniq_holddown_nves), nap, nap); rfapiNveAddr2Str(nap, line, BUFSIZ); } } vnc_direct_bgp_rh_del_route(bgp, afi, rn_p, bpi->peer); RFAPI_UPDATE_ITABLE_COUNT(bpi, it, afi, -1); it->holddown_count[afi] += 1; rfapiExpireVpnNow(it, rn, bpi, 1); vnc_zlog_debug_verbose( "%s: incrementing count (is_active=%d)", __func__, is_active); if (is_active) ++*pARcount; else ++*pHRcount; } } } } /* * For use by the "clear vnc prefixes" command */ /*------------------------------------------ * rfapiDeleteRemotePrefixes * * UI helper: For use by the "clear vnc prefixes" command * * input: * un if set, tunnel must match this prefix * vn if set, nexthop prefix must match this prefix * p if set, prefix must match this prefix * it if set, only look in this import table * * output * pARcount number of active routes deleted * pAHcount number of active nves deleted * pHRcount number of holddown routes deleted * pHHcount number of holddown nves deleted * * return value: * void --------------------------------------------*/ void rfapiDeleteRemotePrefixes(struct prefix *un, struct prefix *vn, struct prefix *p, struct rfapi_import_table *arg_it, int delete_active, int delete_holddown, uint32_t *pARcount, uint32_t *pAHcount, uint32_t *pHRcount, uint32_t *pHHcount) { struct bgp *bgp; struct rfapi *h; struct rfapi_import_table *it; uint32_t deleted_holddown_route_count = 0; uint32_t deleted_active_route_count = 0; uint32_t deleted_holddown_nve_count = 0; uint32_t deleted_active_nve_count = 0; struct skiplist *uniq_holddown_nves; struct skiplist *uniq_active_nves; VNC_ITRCCK; bgp = bgp_get_default(); /* assume 1 instance for now */ /* If no bgp instantiated yet, no vnc prefixes exist */ if (!bgp) return; h = bgp->rfapi; assert(h); uniq_holddown_nves = skiplist_new(0, rfapi_nve_addr_cmp, delete_rem_pfx_na_free); uniq_active_nves = skiplist_new(0, rfapi_nve_addr_cmp, delete_rem_pfx_na_free); /* * Iterate over all import tables; do a filtered import * for the afi/safi combination */ if (arg_it) it = arg_it; else it = h->imports; for (; it;) { vnc_zlog_debug_verbose( "%s: calling rfapiDeleteRemotePrefixesIt() on (IP) import %p", __func__, it); rfapiDeleteRemotePrefixesIt( bgp, it, un, vn, p, delete_active, delete_holddown, &deleted_active_route_count, &deleted_active_nve_count, &deleted_holddown_route_count, &deleted_holddown_nve_count, uniq_active_nves, uniq_holddown_nves); if (arg_it) it = NULL; else it = it->next; } /* * Now iterate over L2 import tables */ if (h->import_mac && !(p && (p->family != AF_ETHERNET))) { void *cursor = NULL; int rc; for (cursor = NULL, rc = skiplist_next(h->import_mac, NULL, (void **)&it, &cursor); !rc; rc = skiplist_next(h->import_mac, NULL, (void **)&it, &cursor)) { vnc_zlog_debug_verbose( "%s: calling rfapiDeleteRemotePrefixesIt() on import_mac %p", __func__, it); rfapiDeleteRemotePrefixesIt( bgp, it, un, vn, p, delete_active, delete_holddown, &deleted_active_route_count, &deleted_active_nve_count, &deleted_holddown_route_count, &deleted_holddown_nve_count, uniq_active_nves, uniq_holddown_nves); } } /* * our custom element freeing function above counts as it deletes */ skiplist_free(uniq_holddown_nves); skiplist_free(uniq_active_nves); if (pARcount) *pARcount = deleted_active_route_count; if (pAHcount) *pAHcount = deleted_active_nve_count; if (pHRcount) *pHRcount = deleted_holddown_route_count; if (pHHcount) *pHHcount = deleted_holddown_nve_count; VNC_ITRCCK; } /*------------------------------------------ * rfapiCountRemoteRoutes * * UI helper: count VRF routes from BGP side * * input: * * output * pALRcount count of active local routes * pARRcount count of active remote routes * pHRcount count of holddown routes * pIRcount count of direct imported routes * * return value: * void --------------------------------------------*/ void rfapiCountAllItRoutes(int *pALRcount, /* active local routes */ int *pARRcount, /* active remote routes */ int *pHRcount, /* holddown routes */ int *pIRcount) /* imported routes */ { struct bgp *bgp; struct rfapi *h; struct rfapi_import_table *it; afi_t afi; int total_active_local = 0; int total_active_remote = 0; int total_holddown = 0; int total_imported = 0; bgp = bgp_get_default(); /* assume 1 instance for now */ assert(bgp); h = bgp->rfapi; assert(h); /* * Iterate over all import tables; do a filtered import * for the afi/safi combination */ for (it = h->imports; it; it = it->next) { for (afi = AFI_IP; afi < AFI_MAX; ++afi) { total_active_local += it->local_count[afi]; total_active_remote += it->remote_count[afi]; total_holddown += it->holddown_count[afi]; total_imported += it->imported_count[afi]; } } void *cursor; int rc; if (h->import_mac) { for (cursor = NULL, rc = skiplist_next(h->import_mac, NULL, (void **)&it, &cursor); !rc; rc = skiplist_next(h->import_mac, NULL, (void **)&it, &cursor)) { total_active_local += it->local_count[AFI_L2VPN]; total_active_remote += it->remote_count[AFI_L2VPN]; total_holddown += it->holddown_count[AFI_L2VPN]; total_imported += it->imported_count[AFI_L2VPN]; } } if (pALRcount) { *pALRcount = total_active_local; } if (pARRcount) { *pARRcount = total_active_remote; } if (pHRcount) { *pHRcount = total_holddown; } if (pIRcount) { *pIRcount = total_imported; } } /*------------------------------------------ * rfapiGetHolddownFromLifetime * * calculate holddown value based on lifetime * * input: * lifetime lifetime * * return value: * Holddown value based on lifetime, holddown_factor, * and RFAPI_LIFETIME_INFINITE_WITHDRAW_DELAY * --------------------------------------------*/ /* hold down time maxes out at RFAPI_LIFETIME_INFINITE_WITHDRAW_DELAY */ uint32_t rfapiGetHolddownFromLifetime(uint32_t lifetime) { uint32_t factor; struct bgp *bgp; bgp = bgp_get_default(); if (bgp && bgp->rfapi_cfg) factor = bgp->rfapi_cfg->rfp_cfg.holddown_factor; else factor = RFAPI_RFP_CFG_DEFAULT_HOLDDOWN_FACTOR; if (factor < 100 || lifetime < RFAPI_LIFETIME_INFINITE_WITHDRAW_DELAY) lifetime = lifetime * factor / 100; if (lifetime < RFAPI_LIFETIME_INFINITE_WITHDRAW_DELAY) return lifetime; else return RFAPI_LIFETIME_INFINITE_WITHDRAW_DELAY; }