vivek [Wed, 29 Nov 2017 07:40:30 +0000 (23:40 -0800)]
bgpd, zebra: Handle EVPN router MAC per next hop
Ensure that when EVPN routes are installed into zebra, the router MAC
is passed per next hop and appropriately handled. This is required for
proper multipath operation.
Donald Sharp [Thu, 3 May 2018 00:12:31 +0000 (20:12 -0400)]
pbrd: Fix nearly impossible truncation
Since we are writing into the name field which is PBR_MAP_NAMELEN
size, we are expecting this to field to be at max 100 bytes.
Newer compilers understand that the %s portion may be up to
100 bytes( because of the size of the string. The %u portion
is expected to be 10 bytes. So in `theory` there are situations
where we might truncate. The reality this is never going to
happen( who is going to create a nexthop group name that is
over say 30 characters? ). As such we are expecting the
calling function to subtract 10 from the size_t l before
we pass it in to get around this new gcc fun.
Fixes: #2163 Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Wed, 2 May 2018 20:50:37 +0000 (16:50 -0400)]
zebra: Add a few more breadcrumbs
re->status and re->flags both influence our decision states
for rib processing. Yet it's impossible to see them. Add
a tiny bit of code to allow us to look at them when things
are not behaving like we would expect.
Additionally dump the nexthop->flags at the same time for
the same reasons.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Mon, 30 Apr 2018 21:33:16 +0000 (17:33 -0400)]
pimd: Fix some msdp crashes when some fundamentals change
When the underlying networking subsystem is fundamentally
changed via some system controls. If we have msdp running
there exists a possibility that we need to stop some running
timers to prevent a crash.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Wed, 2 May 2018 03:35:53 +0000 (23:35 -0400)]
redhat, tools: Increase startup time out a bit
We have run across a few cases where the startup timeout is
ocurring on heavily loaded systems. This is especially true
in simulation environments where the hypervisor load is
extremely high.
Modify the code base to give ourselves more time to startup.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Wed, 2 May 2018 03:24:53 +0000 (23:24 -0400)]
zebra: Fix crash on *BSD
The zns->ns pointer is not created until we get a callback
from the kernel that a ns exists. This should potentially
fix a crash in the *BSD code path.
Fixes: #2152 Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Chirag Shah [Mon, 23 Apr 2018 22:21:33 +0000 (15:21 -0700)]
ospf6d: fix intra prefix ecmp
When there are multiple advertisers/paths to reach
Intra-Prefix route, if any path is removed,
re-added back, it does add to the same route node.
ospf6 intra prefix, first stored in oa->route_table
then as part of add cb, it would add to ospf6->route_table
which adds to FIB.
When copying a route with its paths & NHs from oa->table to
ospf6->table the path origin should not be modified otherwise
ospf6->table would not find existing node rather it appends
new node.
Use spf_table to fetch nexthops for a given advertisers/path,
to form effective nexthop list for a route.
Ticket:CM-16139
Testing Done:
R2 ---- R3
| |
R1 ---- R4
Inject Intra Ara Prefix LSA from R1 & R3, validate R2 and R4
having two origination point/paths to reach for a route.
Trigger link flap, frr restart or remove/readd R3's INP one of the
injection point.
Remove link between R4 to R1 and validate R3 carrying single
path to reach prefix.
Signed-off-by: Chirag Shah <chirag@cumulusnetworks.com>
Don Slice [Tue, 1 May 2018 21:13:51 +0000 (21:13 +0000)]
lib: allow hostname to begin with a letter or number
Customers have requested the ability to name their devices starting
with a number instead of a letter. This fix changes the check for
hostname to allow either a letter or a number.
Signed-off-by: Don Slice <dslice@cumulusnetworks.com>
Philippe Guibert [Tue, 24 Apr 2018 14:35:00 +0000 (16:35 +0200)]
bgpd: handle bgp pbr hash list destroy upon BGP destroy
Upon BGP destroy, the hash list related to PBR are removed.
The pbr_match entries, as well as the contained pbr_match_entries
entries.
Then the pbr_action entries. The order is important, since the former
are referencing pbr_action. So the references must be removed, prior to
remove pbr action.
Also, the zebra associated contexts are removed.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Philippe Guibert [Wed, 28 Mar 2018 12:51:57 +0000 (14:51 +0200)]
bgpd: handle FS redirect IP rule in PBR
If a new rule is identified, a new table identifier is created.
In that table, add a default route when possible. If redirect IP rule is
identified, then add a default route to that IP address.
If redirect VRF is identified, nothing is done for now
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Philippe Guibert [Mon, 12 Mar 2018 11:56:06 +0000 (12:56 +0100)]
bgpd: hash_lookup for iptables
This commit is reading the installed2 value from bgp_pbr_match hash set.
Once value matches with the one received, the walk stops and the last
bgp_pbr_match structure is stored in a static entry, so that the entry
is obtained.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Philippe Guibert [Mon, 12 Mar 2018 08:38:53 +0000 (09:38 +0100)]
bgpd: handle configuration of iptables with zebra
The API for filling in an IPTABLE_ADD and IPTABLE_DELETE message.
Also, the API is handling the notification callback, so as to know if
zebra managed to add or delete the relevant iptable entry.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
bgpd: add function handling flowspec entries to pass to zebra
Add a policy-route API to handle flowspec entry.
The entry is analysed, converted, and
selected if it is possible to inject the flowspec entry in local policy
routing entries.
redirect IP and redirect VRF actions are handled. The former extracts
the IPv4 address to redirect traffic to. The latter calculates the
matching VRF to redirect traffic to.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
bgpd: add convert function from flowspec to pbr match
This utility function analyses flowspec nlri and converts it into
readable structures. The structure is based on bgp_pbr_match structure
previously defined.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
This structure is the model exchange between some bgp services like
flowspec and the policy routing service. This structure reflects what
the nlri entry means. To handle that structure, a dump routine is made
available. Also, a validation function is here to cancel a policy route
installation, whenever it is not possible to install the requested
policy routing.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
bgpd: support for policy-routing context used with flowspec
BGP flowspec will be able to inject or remove policy-routing contexts,
thanks to some protocols like flowspec. This commit adds some the APIS
necessary to create/delete policy routing contexts that will be injected
then into zebra.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Donald Sharp [Sun, 29 Apr 2018 16:40:12 +0000 (12:40 -0400)]
lib: Convert internal sequence number to int64_t
With the usage of a 32 bit number as a integer, but storing
non-signed values in it, we have cases where numbers greater
than 2 billion are being read in and stored and used before
lower value numbers, which of course is awful and mean.
Fixes: #2126 Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
G. Paul Ziemba [Mon, 9 Apr 2018 20:28:11 +0000 (13:28 -0700)]
bgpd: when showing routes, add nexthop vrf and announce-self flag
As part of recent vpn-vrf leaking changes, it is now possible for a
route to refer to a nexthop in a different vrf. There is also a new
route flag that means "when announcing this route, indicate myself
as the next-hop."
route_vty_out(): nexthops are appended with:
"@VRFID" (where VRFID is the numerical vrf id) when different from
the route's vrf;
"<" when the route's BGP_INFO_ANNC_NH_SELF is set
This change also shows the route table's vrf id in the table header.
route_vty_out_detail(): show nexthop's vrf and announce-nh-self flag if
appropriate.
Both functions are also augmented to add json elements nhVrfId, nhVrfName,
and announceNexthopSelf as appropriate.
The intent of these changes is to make it easier to understand/debug
the relationship between a route and its nexthops.
Donald Sharp [Fri, 27 Apr 2018 19:18:41 +0000 (15:18 -0400)]
*: Move sharpd from developmental build to have to explicity enable it
sharpd has started to see some use from our field engineers as
well as people attempting to build/test their environments
as a way of easily injecting a large number of routes.
Modify configure.ac to move sharpd from a development build
option to having to explicity enable it via `--enable-sharpd=yes`
in order for it to be built.
This will allow those who want to build it, to build it without
having to use the development build option.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Fri, 27 Apr 2018 18:53:46 +0000 (14:53 -0400)]
zebra: Add PBR and SHARP handling
We are missing some handling of PBR and SHARP protocols
for netlink operations w/ the linux kernel.
Additionally add a bread crumb for new developers( or existing )
to know to fixup the rt_netlink.c when we start handling new
route types to hand to the kernel.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Quentin Young [Wed, 25 Apr 2018 21:16:55 +0000 (17:16 -0400)]
lib: fix heap corruption in stream_fifo_free
When popping a stream from a stream_fifo, the stream->next pointer is
not NULL'd out. If this same stream is subsequently pushed onto a
stream_fifo (either the same one or a different one), because
stream_fifo's use tail insertion the ->next pointer is not updated and
thus will point to whatever the next stream in the first stream_fifo
was. stream_fifo_free does not check the count of the stream_fifo when
freeing its constituent elements, and instead walks the linked list.
Consequently it will continue walking into the first stream_fifo from
which the last stream was popped, freeing each stream contained there.
This leads to use-after-free errors.
This patch makes sure to set the ->next pointer to NULL when doing tail
insertion in stream_fifo_push and when popping a stream from a
stream_fifo.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Donald Sharp [Wed, 25 Apr 2018 14:23:22 +0000 (10:23 -0400)]
bgpd: Prevent vrf 2 vrf route leaking from going offbox.
The vrf 2 vrf route leaking auto-derives RD and RT and
installs the routes into the appropriate vpn table.
These routes when a operator configured ipv[4|6] vpn
neighbors were showing up off box. The RD and RT
values choosen are localy significant but globaly
useless and may cause confusion.
Put a special bit of code in to notice that we
should not be advertising these routes off box.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Tue, 17 Apr 2018 13:21:24 +0000 (09:21 -0400)]
bgpd: Eliminate loop over afi's for vpn vrf leaking commands
The loop over all afi's implies that these commands actually need
to loop over all afi's to check the vpn policy. We know the
appropriate afi based upon the node we are in. So just return
the correct afi to look at and then just apply it.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Don Slice [Wed, 11 Apr 2018 20:41:43 +0000 (20:41 +0000)]
bgpd: disallow importing a vrf into itself
Prior to this fix, you could configure importing a vrf from inside
the same vrf. This can lead to unexpected behavior in the leaking
process. This fix disallows that behavior.
Ticket: CM-20539 Signed-off-by: Don Slice <dslice@cumulusnetworks.com>
Don Slice [Wed, 11 Apr 2018 16:12:39 +0000 (16:12 +0000)]
bgpd: fix crash on "no import vrf" if no default bgp instance
Tripped over a crash running the cli_crawler that occurred when the
sequence was doing "import vrf NAME" and "no import vrf NAME" inside
a vrf but a default bgp instance had not been created. This fix
auto-creates the default instance if the "import vrf NAME" is
entered and a default instance does not exist.
Ticket: CM-20532 Signed-off-by: Don Slice <dslice@cumulusnetworks.com> Reviewed-by: Donald Sharp <sharpd@cumulusnetworks.com>
Don Slice [Tue, 10 Apr 2018 15:00:18 +0000 (15:00 +0000)]
bgpd: fix import vrf route-map issues
Prior to this fix, the import vrf route-map command only worked
if the route-map existed prior to the command. Additionally, if
the import vrf route-map command was issued without an existing
route-map, the imported prefixes were not removed. This fix
resolves both of thes mis-behaviors. bgp-smoke run with same
failures as base.
Ticket: CM-20459 Signed-off-by: Don Slice <dslice@cumulusnetworks.com> Reviewed-by: CCR-7358
Don Slice [Sun, 8 Apr 2018 15:35:21 +0000 (15:35 +0000)]
bgpd: fix incorrect config when importing vrf default
Found that when doing "import vrf default" in another vrf, an
extra line was added to the configuration in error. This fix
resolves that incorrect configuration. Manual testing will be
attached to the defect.
Ticket: CM-20467 Signed-off-by: Don Slice <dslice@cumulustnetworks.com>
Reviewed by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Mon, 16 Apr 2018 14:49:45 +0000 (10:49 -0400)]
bgpd: Use correct memory type
The usage of MTYPE_ECOMMUNITY for the free in ecommunity_del_val
caused the ref counts for the ecommunity to be incorrect.
Use MTYPE_ECOMMUNITY_VAL since that is what we are deleting.
Ticket: CM-20602 Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Tue, 17 Apr 2018 12:21:03 +0000 (08:21 -0400)]
bgpd: Add some vrf <-> vrf code comments
Note that when we are importing vrf EVA into vrf DONNA
we must keep track of all the vrfs EVA is being
exported into and we must also keep track of all the vrf's
that DONNA is receiving data from as well.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
projects / mirror / frr.git / log