]> git.proxmox.com Git - mirror_frr.git/blob - bgpd/bgp_mplsvpn.c
projects / mirror_frr.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #10447 from ton31337/fix/json_with_whitespaces
[mirror_frr.git] / bgpd / bgp_mplsvpn.c
1 /* MPLS-VPN
2 * Copyright (C) 2000 Kunihiro Ishiguro <kunihiro@zebra.org>
3 *
4 * This file is part of GNU Zebra.
5 *
6 * GNU Zebra is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2, or (at your option) any
9 * later version.
10 *
11 * GNU Zebra is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License along
17 * with this program; see the file COPYING; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
19 */
20
21 #include <zebra.h>
22
23 #include "command.h"
24 #include "prefix.h"
25 #include "log.h"
26 #include "memory.h"
27 #include "stream.h"
28 #include "queue.h"
29 #include "filter.h"
30 #include "mpls.h"
31 #include "json.h"
32 #include "zclient.h"
33
34 #include "bgpd/bgpd.h"
35 #include "bgpd/bgp_debug.h"
36 #include "bgpd/bgp_errors.h"
37 #include "bgpd/bgp_table.h"
38 #include "bgpd/bgp_route.h"
39 #include "bgpd/bgp_attr.h"
40 #include "bgpd/bgp_label.h"
41 #include "bgpd/bgp_mplsvpn.h"
42 #include "bgpd/bgp_packet.h"
43 #include "bgpd/bgp_vty.h"
44 #include "bgpd/bgp_vpn.h"
45 #include "bgpd/bgp_ecommunity.h"
46 #include "bgpd/bgp_zebra.h"
47 #include "bgpd/bgp_nexthop.h"
48 #include "bgpd/bgp_nht.h"
49 #include "bgpd/bgp_evpn.h"
50 #include "bgpd/bgp_memory.h"
51
52 #ifdef ENABLE_BGP_VNC
53 #include "bgpd/rfapi/rfapi_backend.h"
54 #endif
55
56 /*
57 * Definitions and external declarations.
58 */
59 extern struct zclient *zclient;
60
61 extern int argv_find_and_parse_vpnvx(struct cmd_token **argv, int argc,
62 int *index, afi_t *afi)
63 {
64 int ret = 0;
65 if (argv_find(argv, argc, "vpnv4", index)) {
66 ret = 1;
67 if (afi)
68 *afi = AFI_IP;
69 } else if (argv_find(argv, argc, "vpnv6", index)) {
70 ret = 1;
71 if (afi)
72 *afi = AFI_IP6;
73 }
74 return ret;
75 }
76
77 uint32_t decode_label(mpls_label_t *label_pnt)
78 {
79 uint32_t l;
80 uint8_t *pnt = (uint8_t *)label_pnt;
81
82 l = ((uint32_t)*pnt++ << 12);
83 l |= (uint32_t)*pnt++ << 4;
84 l |= (uint32_t)((*pnt & 0xf0) >> 4);
85 return l;
86 }
87
88 void encode_label(mpls_label_t label, mpls_label_t *label_pnt)
89 {
90 uint8_t *pnt = (uint8_t *)label_pnt;
91 if (pnt == NULL)
92 return;
93 if (label == BGP_PREVENT_VRF_2_VRF_LEAK) {
94 *label_pnt = label;
95 return;
96 }
97 *pnt++ = (label >> 12) & 0xff;
98 *pnt++ = (label >> 4) & 0xff;
99 *pnt++ = ((label << 4) + 1) & 0xff; /* S=1 */
100 }
101
102 int bgp_nlri_parse_vpn(struct peer *peer, struct attr *attr,
103 struct bgp_nlri *packet)
104 {
105 struct prefix p;
106 uint8_t psize = 0;
107 uint8_t prefixlen;
108 uint16_t type;
109 struct rd_as rd_as;
110 struct rd_ip rd_ip;
111 struct prefix_rd prd = {0};
112 mpls_label_t label = {0};
113 afi_t afi;
114 safi_t safi;
115 bool addpath_capable;
116 uint32_t addpath_id;
117 int ret = 0;
118
119 /* Make prefix_rd */
120 prd.family = AF_UNSPEC;
121 prd.prefixlen = 64;
122
123 struct stream *data = stream_new(packet->length);
124 stream_put(data, packet->nlri, packet->length);
125 afi = packet->afi;
126 safi = packet->safi;
127 addpath_id = 0;
128
129 addpath_capable = bgp_addpath_encode_rx(peer, afi, safi);
130
131 #define VPN_PREFIXLEN_MIN_BYTES (3 + 8) /* label + RD */
132 while (STREAM_READABLE(data) > 0) {
133 /* Clear prefix structure. */
134 memset(&p, 0, sizeof(struct prefix));
135
136 if (addpath_capable) {
137 STREAM_GET(&addpath_id, data, BGP_ADDPATH_ID_LEN);
138 addpath_id = ntohl(addpath_id);
139 }
140
141 if (STREAM_READABLE(data) < 1) {
142 flog_err(
143 EC_BGP_UPDATE_RCV,
144 "%s [Error] Update packet error / VPN (truncated NLRI of size %u; no prefix length)",
145 peer->host, packet->length);
146 ret = BGP_NLRI_PARSE_ERROR_PACKET_LENGTH;
147 goto done;
148 }
149
150 /* Fetch prefix length. */
151 STREAM_GETC(data, prefixlen);
152 p.family = afi2family(packet->afi);
153 psize = PSIZE(prefixlen);
154
155 if (prefixlen < VPN_PREFIXLEN_MIN_BYTES * 8) {
156 flog_err(
157 EC_BGP_UPDATE_RCV,
158 "%s [Error] Update packet error / VPN (prefix length %d less than VPN min length)",
159 peer->host, prefixlen);
160 ret = BGP_NLRI_PARSE_ERROR_PREFIX_LENGTH;
161 goto done;
162 }
163
164 /* sanity check against packet data */
165 if (STREAM_READABLE(data) < psize) {
166 flog_err(
167 EC_BGP_UPDATE_RCV,
168 "%s [Error] Update packet error / VPN (prefix length %d exceeds packet size %u)",
169 peer->host, prefixlen, packet->length);
170 ret = BGP_NLRI_PARSE_ERROR_PACKET_OVERFLOW;
171 goto done;
172 }
173
174 /* sanity check against storage for the IP address portion */
175 if ((psize - VPN_PREFIXLEN_MIN_BYTES) > (ssize_t)sizeof(p.u)) {
176 flog_err(
177 EC_BGP_UPDATE_RCV,
178 "%s [Error] Update packet error / VPN (psize %d exceeds storage size %zu)",
179 peer->host,
180 prefixlen - VPN_PREFIXLEN_MIN_BYTES * 8,
181 sizeof(p.u));
182 ret = BGP_NLRI_PARSE_ERROR_PACKET_LENGTH;
183 goto done;
184 }
185
186 /* Sanity check against max bitlen of the address family */
187 if ((psize - VPN_PREFIXLEN_MIN_BYTES) > prefix_blen(&p)) {
188 flog_err(
189 EC_BGP_UPDATE_RCV,
190 "%s [Error] Update packet error / VPN (psize %d exceeds family (%u) max byte len %u)",
191 peer->host,
192 prefixlen - VPN_PREFIXLEN_MIN_BYTES * 8,
193 p.family, prefix_blen(&p));
194 ret = BGP_NLRI_PARSE_ERROR_PACKET_LENGTH;
195 goto done;
196 }
197
198 /* Copy label to prefix. */
199 if (STREAM_READABLE(data) < BGP_LABEL_BYTES) {
200 flog_err(
201 EC_BGP_UPDATE_RCV,
202 "%s [Error] Update packet error / VPN (truncated NLRI of size %u; no label)",
203 peer->host, packet->length);
204 ret = BGP_NLRI_PARSE_ERROR_PACKET_LENGTH;
205 goto done;
206 }
207
208 STREAM_GET(&label, data, BGP_LABEL_BYTES);
209 bgp_set_valid_label(&label);
210
211 /* Copy routing distinguisher to rd. */
212 if (STREAM_READABLE(data) < 8) {
213 flog_err(
214 EC_BGP_UPDATE_RCV,
215 "%s [Error] Update packet error / VPN (truncated NLRI of size %u; no RD)",
216 peer->host, packet->length);
217 ret = BGP_NLRI_PARSE_ERROR_PACKET_LENGTH;
218 goto done;
219 }
220 STREAM_GET(&prd.val, data, 8);
221
222 /* Decode RD type. */
223 type = decode_rd_type(prd.val);
224
225 switch (type) {
226 case RD_TYPE_AS:
227 decode_rd_as(&prd.val[2], &rd_as);
228 break;
229
230 case RD_TYPE_AS4:
231 decode_rd_as4(&prd.val[2], &rd_as);
232 break;
233
234 case RD_TYPE_IP:
235 decode_rd_ip(&prd.val[2], &rd_ip);
236 break;
237
238 #ifdef ENABLE_BGP_VNC
239 case RD_TYPE_VNC_ETH:
240 break;
241 #endif
242
243 default:
244 flog_err(EC_BGP_UPDATE_RCV, "Unknown RD type %d", type);
245 break; /* just report */
246 }
247
248 /* exclude label & RD */
249 p.prefixlen = prefixlen - VPN_PREFIXLEN_MIN_BYTES * 8;
250 STREAM_GET(p.u.val, data, psize - VPN_PREFIXLEN_MIN_BYTES);
251
252 if (attr) {
253 bgp_update(peer, &p, addpath_id, attr, packet->afi,
254 SAFI_MPLS_VPN, ZEBRA_ROUTE_BGP,
255 BGP_ROUTE_NORMAL, &prd, &label, 1, 0, NULL);
256 } else {
257 bgp_withdraw(peer, &p, addpath_id, attr, packet->afi,
258 SAFI_MPLS_VPN, ZEBRA_ROUTE_BGP,
259 BGP_ROUTE_NORMAL, &prd, &label, 1, NULL);
260 }
261 }
262 /* Packet length consistency check. */
263 if (STREAM_READABLE(data) != 0) {
264 flog_err(
265 EC_BGP_UPDATE_RCV,
266 "%s [Error] Update packet error / VPN (%zu data remaining after parsing)",
267 peer->host, STREAM_READABLE(data));
268 return BGP_NLRI_PARSE_ERROR_PACKET_LENGTH;
269 }
270
271 goto done;
272
273 stream_failure:
274 flog_err(
275 EC_BGP_UPDATE_RCV,
276 "%s [Error] Update packet error / VPN (NLRI of size %u - length error)",
277 peer->host, packet->length);
278 ret = BGP_NLRI_PARSE_ERROR_PACKET_LENGTH;
279
280 done:
281 stream_free(data);
282 return ret;
283
284 #undef VPN_PREFIXLEN_MIN_BYTES
285 }
286
287 /*
288 * This function informs zebra of the label this vrf sets on routes
289 * leaked to VPN. Zebra should install this label in the kernel with
290 * an action of "pop label and then use this vrf's IP FIB to route the PDU."
291 *
292 * Sending this vrf-label association is qualified by a) whether vrf->vpn
293 * exporting is active ("export vpn" is enabled, vpn-policy RD and RT list
294 * are set) and b) whether vpn-policy label is set.
295 *
296 * If any of these conditions do not hold, then we send MPLS_LABEL_NONE
297 * for this vrf, which zebra interprets to mean "delete this vrf-label
298 * association."
299 */
300 void vpn_leak_zebra_vrf_label_update(struct bgp *bgp, afi_t afi)
301 {
302 mpls_label_t label = MPLS_LABEL_NONE;
303 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
304
305 if (bgp->vrf_id == VRF_UNKNOWN) {
306 if (debug) {
307 zlog_debug(
308 "%s: vrf %s: afi %s: vrf_id not set, can't set zebra vrf label",
309 __func__, bgp->name_pretty, afi2str(afi));
310 }
311 return;
312 }
313
314 if (vpn_leak_to_vpn_active(bgp, afi, NULL)) {
315 label = bgp->vpn_policy[afi].tovpn_label;
316 }
317
318 if (debug) {
319 zlog_debug("%s: vrf %s: afi %s: setting label %d for vrf id %d",
320 __func__, bgp->name_pretty, afi2str(afi), label,
321 bgp->vrf_id);
322 }
323
324 if (label == BGP_PREVENT_VRF_2_VRF_LEAK)
325 label = MPLS_LABEL_NONE;
326 zclient_send_vrf_label(zclient, bgp->vrf_id, afi, label, ZEBRA_LSP_BGP);
327 bgp->vpn_policy[afi].tovpn_zebra_vrf_label_last_sent = label;
328 }
329
330 /*
331 * If zebra tells us vrf has become unconfigured, tell zebra not to
332 * use this label to forward to the vrf anymore
333 */
334 void vpn_leak_zebra_vrf_label_withdraw(struct bgp *bgp, afi_t afi)
335 {
336 mpls_label_t label = MPLS_LABEL_NONE;
337 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
338
339 if (bgp->vrf_id == VRF_UNKNOWN) {
340 if (debug) {
341 zlog_debug(
342 "%s: vrf_id not set, can't delete zebra vrf label",
343 __func__);
344 }
345 return;
346 }
347
348 if (debug) {
349 zlog_debug("%s: deleting label for vrf %s (id=%d)", __func__,
350 bgp->name_pretty, bgp->vrf_id);
351 }
352
353 zclient_send_vrf_label(zclient, bgp->vrf_id, afi, label, ZEBRA_LSP_BGP);
354 bgp->vpn_policy[afi].tovpn_zebra_vrf_label_last_sent = label;
355 }
356
357 /*
358 * This function informs zebra of the srv6-function this vrf sets on routes
359 * leaked to VPN. Zebra should install this srv6-function in the kernel with
360 * an action of "End.DT4/6's IP FIB to route the PDU."
361 */
362 void vpn_leak_zebra_vrf_sid_update(struct bgp *bgp, afi_t afi)
363 {
364 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
365 enum seg6local_action_t act;
366 struct seg6local_context ctx = {};
367 struct in6_addr *tovpn_sid = NULL;
368 struct in6_addr *tovpn_sid_ls = NULL;
369 struct vrf *vrf;
370 char buf[256] = {0};
371
372 if (bgp->vrf_id == VRF_UNKNOWN) {
373 if (debug)
374 zlog_debug("%s: vrf %s: afi %s: vrf_id not set, can't set zebra vrf label",
375 __func__, bgp->name_pretty, afi2str(afi));
376 return;
377 }
378
379 tovpn_sid = bgp->vpn_policy[afi].tovpn_sid;
380 if (!tovpn_sid) {
381 if (debug)
382 zlog_debug("%s: vrf %s: afi %s: sid not set", __func__,
383 bgp->name_pretty, afi2str(afi));
384 return;
385 }
386
387 if (debug) {
388 inet_ntop(AF_INET6, tovpn_sid, buf, sizeof(buf));
389 zlog_debug("%s: vrf %s: afi %s: setting sid %s for vrf id %d",
390 __func__, bgp->name_pretty, afi2str(afi), buf,
391 bgp->vrf_id);
392 }
393
394 vrf = vrf_lookup_by_id(bgp->vrf_id);
395 if (!vrf)
396 return;
397
398 ctx.table = vrf->data.l.table_id;
399 act = afi == AFI_IP ? ZEBRA_SEG6_LOCAL_ACTION_END_DT4
400 : ZEBRA_SEG6_LOCAL_ACTION_END_DT6;
401 zclient_send_localsid(zclient, tovpn_sid, bgp->vrf_id, act, &ctx);
402
403 tovpn_sid_ls = XCALLOC(MTYPE_BGP_SRV6_SID, sizeof(struct in6_addr));
404 *tovpn_sid_ls = *tovpn_sid;
405 bgp->vpn_policy[afi].tovpn_zebra_vrf_sid_last_sent = tovpn_sid_ls;
406 }
407
408 /*
409 * If zebra tells us vrf has become unconfigured, tell zebra not to
410 * use this srv6-function to forward to the vrf anymore
411 */
412 void vpn_leak_zebra_vrf_sid_withdraw(struct bgp *bgp, afi_t afi)
413 {
414 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
415
416 if (bgp->vrf_id == VRF_UNKNOWN) {
417 if (debug)
418 zlog_debug("%s: vrf %s: afi %s: vrf_id not set, can't set zebra vrf label",
419 __func__, bgp->name_pretty, afi2str(afi));
420 return;
421 }
422
423 if (debug)
424 zlog_debug("%s: deleting sid for vrf %s afi (id=%d)", __func__,
425 bgp->name_pretty, bgp->vrf_id);
426
427 zclient_send_localsid(zclient,
428 bgp->vpn_policy[afi].tovpn_zebra_vrf_sid_last_sent,
429 bgp->vrf_id, ZEBRA_SEG6_LOCAL_ACTION_UNSPEC, NULL);
430 XFREE(MTYPE_BGP_SRV6_SID,
431 bgp->vpn_policy[afi].tovpn_zebra_vrf_sid_last_sent);
432 }
433
434 int vpn_leak_label_callback(
435 mpls_label_t label,
436 void *labelid,
437 bool allocated)
438 {
439 struct vpn_policy *vp = (struct vpn_policy *)labelid;
440 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
441
442 if (debug)
443 zlog_debug("%s: label=%u, allocated=%d",
444 __func__, label, allocated);
445
446 if (!allocated) {
447 /*
448 * previously-allocated label is now invalid
449 */
450 if (CHECK_FLAG(vp->flags, BGP_VPN_POLICY_TOVPN_LABEL_AUTO) &&
451 (vp->tovpn_label != MPLS_LABEL_NONE)) {
452
453 vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN,
454 vp->afi, bgp_get_default(), vp->bgp);
455 vp->tovpn_label = MPLS_LABEL_NONE;
456 vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN,
457 vp->afi, bgp_get_default(), vp->bgp);
458 }
459 return 0;
460 }
461
462 /*
463 * New label allocation
464 */
465 if (!CHECK_FLAG(vp->flags, BGP_VPN_POLICY_TOVPN_LABEL_AUTO)) {
466
467 /*
468 * not currently configured for auto label, reject allocation
469 */
470 return -1;
471 }
472
473 if (vp->tovpn_label != MPLS_LABEL_NONE) {
474 if (label == vp->tovpn_label) {
475 /* already have same label, accept but do nothing */
476 return 0;
477 }
478 /* Shouldn't happen: different label allocation */
479 flog_err(EC_BGP_LABEL,
480 "%s: %s had label %u but got new assignment %u",
481 __func__, vp->bgp->name_pretty, vp->tovpn_label,
482 label);
483 /* use new one */
484 }
485
486 vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN,
487 vp->afi, bgp_get_default(), vp->bgp);
488 vp->tovpn_label = label;
489 vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN,
490 vp->afi, bgp_get_default(), vp->bgp);
491
492 return 0;
493 }
494
495 static void sid_register(struct bgp *bgp, const struct in6_addr *sid,
496 const char *locator_name)
497 {
498 struct bgp_srv6_function *func;
499 func = XCALLOC(MTYPE_BGP_SRV6_FUNCTION,
500 sizeof(struct bgp_srv6_function));
501 func->sid = *sid;
502 snprintf(func->locator_name, sizeof(func->locator_name),
503 "%s", locator_name);
504 listnode_add(bgp->srv6_functions, func);
505 }
506
507 static bool sid_exist(struct bgp *bgp, const struct in6_addr *sid)
508 {
509 struct listnode *node;
510 struct bgp_srv6_function *func;
511
512 for (ALL_LIST_ELEMENTS_RO(bgp->srv6_functions, node, func))
513 if (sid_same(&func->sid, sid))
514 return true;
515 return false;
516 }
517
518 /*
519 * if index != 0: try to allocate as index-mode
520 * else: try to allocate as auto-mode
521 */
522 static uint32_t alloc_new_sid(struct bgp *bgp, uint32_t index,
523 struct in6_addr *sid_locator)
524 {
525 struct listnode *node;
526 struct prefix_ipv6 *chunk;
527 struct in6_addr sid_buf;
528 bool alloced = false;
529 int label = 0;
530
531 if (!bgp || !sid_locator)
532 return false;
533
534 for (ALL_LIST_ELEMENTS_RO(bgp->srv6_locator_chunks, node, chunk)) {
535 *sid_locator = chunk->prefix;
536 sid_buf = chunk->prefix;
537 if (index != 0) {
538 label = index << 12;
539 transpose_sid(&sid_buf, label, 64, 16);
540 if (sid_exist(bgp, &sid_buf))
541 return false;
542 alloced = true;
543 break;
544 }
545
546 for (size_t i = 1; i < 255; i++) {
547 label = i << 12;
548 transpose_sid(&sid_buf, label, 64, 16);
549 if (sid_exist(bgp, &sid_buf))
550 continue;
551 alloced = true;
552 break;
553 }
554 }
555
556 if (!alloced)
557 return 0;
558
559 sid_register(bgp, &sid_buf, bgp->srv6_locator_name);
560 return label;
561 }
562
563 void ensure_vrf_tovpn_sid(struct bgp *bgp_vpn, struct bgp *bgp_vrf, afi_t afi)
564 {
565 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
566 char buf[256];
567 struct in6_addr *tovpn_sid, *tovpn_sid_locator;
568 uint32_t tovpn_sid_index = 0, tovpn_sid_transpose_label;
569 bool tovpn_sid_auto = false;
570
571 if (debug)
572 zlog_debug("%s: try to allocate new SID for vrf %s: afi %s",
573 __func__, bgp_vrf->name_pretty, afi2str(afi));
574
575 /* skip when tovpn sid is already allocated on vrf instance */
576 if (bgp_vrf->vpn_policy[afi].tovpn_sid)
577 return;
578
579 /*
580 * skip when bgp vpn instance ins't allocated
581 * or srv6 locator chunk isn't allocated
582 */
583 if (!bgp_vpn || !bgp_vpn->srv6_locator_chunks)
584 return;
585
586 tovpn_sid_index = bgp_vrf->vpn_policy[afi].tovpn_sid_index;
587 tovpn_sid_auto = CHECK_FLAG(bgp_vrf->vpn_policy[afi].flags,
588 BGP_VPN_POLICY_TOVPN_SID_AUTO);
589
590 /* skip when VPN isn't configured on vrf-instance */
591 if (tovpn_sid_index == 0 && !tovpn_sid_auto)
592 return;
593
594 /* check invalid case both configured index and auto */
595 if (tovpn_sid_index != 0 && tovpn_sid_auto) {
596 zlog_err("%s: index-mode and auto-mode both selected. ignored.",
597 __func__);
598 return;
599 }
600
601 tovpn_sid_locator =
602 XCALLOC(MTYPE_BGP_SRV6_SID, sizeof(struct in6_addr));
603 tovpn_sid_transpose_label =
604 alloc_new_sid(bgp_vpn, tovpn_sid_index, tovpn_sid_locator);
605 if (tovpn_sid_transpose_label == 0) {
606 zlog_debug("%s: not allocated new sid for vrf %s: afi %s",
607 __func__, bgp_vrf->name_pretty, afi2str(afi));
608 return;
609 }
610
611 tovpn_sid = XCALLOC(MTYPE_BGP_SRV6_SID, sizeof(struct in6_addr));
612 *tovpn_sid = *tovpn_sid_locator;
613 transpose_sid(tovpn_sid, tovpn_sid_transpose_label,
614 BGP_PREFIX_SID_SRV6_TRANSPOSITION_OFFSET,
615 BGP_PREFIX_SID_SRV6_TRANSPOSITION_LENGTH);
616
617 if (debug) {
618 inet_ntop(AF_INET6, tovpn_sid, buf, sizeof(buf));
619 zlog_debug("%s: new sid %s allocated for vrf %s: afi %s",
620 __func__, buf, bgp_vrf->name_pretty,
621 afi2str(afi));
622 }
623
624 bgp_vrf->vpn_policy[afi].tovpn_sid = tovpn_sid;
625 bgp_vrf->vpn_policy[afi].tovpn_sid_locator = tovpn_sid_locator;
626 bgp_vrf->vpn_policy[afi].tovpn_sid_transpose_label =
627 tovpn_sid_transpose_label;
628 }
629
630 void transpose_sid(struct in6_addr *sid, uint32_t label, uint8_t offset,
631 uint8_t len)
632 {
633 for (uint8_t idx = 0; idx < len; idx++) {
634 uint8_t tidx = offset + idx;
635 sid->s6_addr[tidx / 8] &= ~(0x1 << (7 - tidx % 8));
636 if (label >> (19 - idx) & 0x1)
637 sid->s6_addr[tidx / 8] |= 0x1 << (7 - tidx % 8);
638 }
639 }
640
641 static bool ecom_intersect(struct ecommunity *e1, struct ecommunity *e2)
642 {
643 uint32_t i, j;
644
645 if (!e1 || !e2)
646 return false;
647 for (i = 0; i < e1->size; ++i) {
648 for (j = 0; j < e2->size; ++j) {
649 if (!memcmp(e1->val + (i * e1->unit_size),
650 e2->val + (j * e2->unit_size),
651 e1->unit_size)) {
652
653 return true;
654 }
655 }
656 }
657 return false;
658 }
659
660 static bool labels_same(struct bgp_path_info *bpi, mpls_label_t *label,
661 uint32_t n)
662 {
663 uint32_t i;
664
665 if (!bpi->extra) {
666 if (!n)
667 return true;
668 else
669 return false;
670 }
671
672 if (n != bpi->extra->num_labels)
673 return false;
674
675 for (i = 0; i < n; ++i) {
676 if (label[i] != bpi->extra->label[i])
677 return false;
678 }
679 return true;
680 }
681
682 /*
683 * make encoded route labels match specified encoded label set
684 */
685 static void setlabels(struct bgp_path_info *bpi,
686 mpls_label_t *label, /* array of labels */
687 uint32_t num_labels)
688 {
689 if (num_labels)
690 assert(label);
691 assert(num_labels <= BGP_MAX_LABELS);
692
693 if (!num_labels) {
694 if (bpi->extra)
695 bpi->extra->num_labels = 0;
696 return;
697 }
698
699 struct bgp_path_info_extra *extra = bgp_path_info_extra_get(bpi);
700 uint32_t i;
701
702 for (i = 0; i < num_labels; ++i) {
703 extra->label[i] = label[i];
704 if (!bgp_is_valid_label(&label[i])) {
705 bgp_set_valid_label(&extra->label[i]);
706 }
707 }
708 extra->num_labels = num_labels;
709 }
710
711 /*
712 * make encoded route SIDs match specified encoded sid set
713 */
714 static void setsids(struct bgp_path_info *bpi,
715 struct in6_addr *sid,
716 uint32_t num_sids)
717 {
718 uint32_t i;
719 struct bgp_path_info_extra *extra;
720
721 if (num_sids)
722 assert(sid);
723 assert(num_sids <= BGP_MAX_SIDS);
724
725 if (!num_sids) {
726 if (bpi->extra)
727 bpi->extra->num_sids = 0;
728 return;
729 }
730
731 extra = bgp_path_info_extra_get(bpi);
732 for (i = 0; i < num_sids; i++)
733 memcpy(&extra->sid[i].sid, &sid[i], sizeof(struct in6_addr));
734 extra->num_sids = num_sids;
735 }
736
737 static void unsetsids(struct bgp_path_info *bpi)
738 {
739 struct bgp_path_info_extra *extra;
740
741 extra = bgp_path_info_extra_get(bpi);
742 extra->num_sids = 0;
743 memset(extra->sid, 0, sizeof(extra->sid));
744 }
745
746 /*
747 * returns pointer to new bgp_path_info upon success
748 */
749 static struct bgp_path_info *
750 leak_update(struct bgp *bgp, /* destination bgp instance */
751 struct bgp_dest *bn, struct attr *new_attr, /* already interned */
752 afi_t afi, safi_t safi, struct bgp_path_info *source_bpi,
753 mpls_label_t *label, uint32_t num_labels, void *parent,
754 struct bgp *bgp_orig, struct prefix *nexthop_orig,
755 int nexthop_self_flag, int debug)
756 {
757 const struct prefix *p = bgp_dest_get_prefix(bn);
758 struct bgp_path_info *bpi;
759 struct bgp_path_info *bpi_ultimate;
760 struct bgp_path_info *new;
761 struct bgp_path_info_extra *extra;
762 uint32_t num_sids = 0;
763
764 if (new_attr->srv6_l3vpn || new_attr->srv6_vpn)
765 num_sids = 1;
766
767 if (debug)
768 zlog_debug(
769 "%s: entry: leak-to=%s, p=%pBD, type=%d, sub_type=%d",
770 __func__, bgp->name_pretty, bn, source_bpi->type,
771 source_bpi->sub_type);
772
773 /*
774 * Routes that are redistributed into BGP from zebra do not get
775 * nexthop tracking. However, if those routes are subsequently
776 * imported to other RIBs within BGP, the leaked routes do not
777 * carry the original BGP_ROUTE_REDISTRIBUTE sub_type. Therefore,
778 * in order to determine if the route we are currently leaking
779 * should have nexthop tracking, we must find the ultimate
780 * parent so we can check its sub_type.
781 *
782 * As of now, source_bpi may at most be a second-generation route
783 * (only one hop back to ultimate parent for vrf-vpn-vrf scheme).
784 * Using a loop here supports more complex intra-bgp import-export
785 * schemes that could be implemented in the future.
786 *
787 */
788 bpi_ultimate = bgp_get_imported_bpi_ultimate(source_bpi);
789
790 /*
791 * match parent
792 */
793 for (bpi = bgp_dest_get_bgp_path_info(bn); bpi; bpi = bpi->next) {
794 if (bpi->extra && bpi->extra->parent == parent)
795 break;
796 }
797
798 if (bpi) {
799 bool labelssame = labels_same(bpi, label, num_labels);
800
801 if (CHECK_FLAG(source_bpi->flags, BGP_PATH_REMOVED)
802 && CHECK_FLAG(bpi->flags, BGP_PATH_REMOVED)) {
803 if (debug) {
804 zlog_debug(
805 "%s: ->%s(s_flags: 0x%x b_flags: 0x%x): %pFX: Found route, being removed, not leaking",
806 __func__, bgp->name_pretty,
807 source_bpi->flags, bpi->flags, p);
808 }
809 return NULL;
810 }
811
812 if (attrhash_cmp(bpi->attr, new_attr) && labelssame
813 && !CHECK_FLAG(bpi->flags, BGP_PATH_REMOVED)) {
814
815 bgp_attr_unintern(&new_attr);
816 if (debug)
817 zlog_debug(
818 "%s: ->%s: %pBD: Found route, no change",
819 __func__, bgp->name_pretty, bn);
820 return NULL;
821 }
822
823 /* attr is changed */
824 bgp_path_info_set_flag(bn, bpi, BGP_PATH_ATTR_CHANGED);
825
826 /* Rewrite BGP route information. */
827 if (CHECK_FLAG(bpi->flags, BGP_PATH_REMOVED))
828 bgp_path_info_restore(bn, bpi);
829 else
830 bgp_aggregate_decrement(bgp, p, bpi, afi, safi);
831 bgp_attr_unintern(&bpi->attr);
832 bpi->attr = new_attr;
833 bpi->uptime = bgp_clock();
834
835 /*
836 * rewrite labels
837 */
838 if (!labelssame)
839 setlabels(bpi, label, num_labels);
840
841 /*
842 * rewrite sid
843 */
844 if (num_sids) {
845 if (new_attr->srv6_l3vpn) {
846 setsids(bpi, &new_attr->srv6_l3vpn->sid,
847 num_sids);
848
849 extra = bgp_path_info_extra_get(bpi);
850
851 extra->sid[0].loc_block_len =
852 new_attr->srv6_l3vpn->loc_block_len;
853 extra->sid[0].loc_node_len =
854 new_attr->srv6_l3vpn->loc_node_len;
855 extra->sid[0].func_len =
856 new_attr->srv6_l3vpn->func_len;
857 extra->sid[0].arg_len =
858 new_attr->srv6_l3vpn->arg_len;
859 extra->sid[0].transposition_len =
860 new_attr->srv6_l3vpn->transposition_len;
861 extra->sid[0].transposition_offset =
862 new_attr->srv6_l3vpn
863 ->transposition_offset;
864 } else if (new_attr->srv6_vpn)
865 setsids(bpi, &new_attr->srv6_vpn->sid,
866 num_sids);
867 } else
868 unsetsids(bpi);
869
870 if (nexthop_self_flag)
871 bgp_path_info_set_flag(bn, bpi, BGP_PATH_ANNC_NH_SELF);
872
873 struct bgp *bgp_nexthop = bgp;
874 int nh_valid;
875
876 if (bpi->extra && bpi->extra->bgp_orig)
877 bgp_nexthop = bpi->extra->bgp_orig;
878
879 /*
880 * No nexthop tracking for redistributed routes or for
881 * EVPN-imported routes that get leaked.
882 */
883 if (bpi_ultimate->sub_type == BGP_ROUTE_REDISTRIBUTE ||
884 is_pi_family_evpn(bpi_ultimate))
885 nh_valid = 1;
886 else
887 /*
888 * TBD do we need to do anything about the
889 * 'connected' parameter?
890 */
891 nh_valid = bgp_find_or_add_nexthop(
892 bgp, bgp_nexthop, afi, safi, bpi, NULL, 0, p);
893
894 /*
895 * If you are using SRv6 VPN instead of MPLS, it need to check
896 * the SID allocation. If the sid is not allocated, the rib
897 * will be invalid.
898 */
899 if (bgp->srv6_enabled
900 && (!new_attr->srv6_l3vpn && !new_attr->srv6_vpn)) {
901 bgp_path_info_unset_flag(bn, bpi, BGP_PATH_VALID);
902 nh_valid = false;
903 }
904
905 if (debug)
906 zlog_debug("%s: nexthop is %svalid (in vrf %s)",
907 __func__, (nh_valid ? "" : "not "),
908 bgp_nexthop->name_pretty);
909
910 if (nh_valid)
911 bgp_path_info_set_flag(bn, bpi, BGP_PATH_VALID);
912
913 /* Process change. */
914 bgp_aggregate_increment(bgp, p, bpi, afi, safi);
915 bgp_process(bgp, bn, afi, safi);
916 bgp_dest_unlock_node(bn);
917
918 if (debug)
919 zlog_debug("%s: ->%s: %pBD Found route, changed attr",
920 __func__, bgp->name_pretty, bn);
921
922 return bpi;
923 }
924
925 if (CHECK_FLAG(source_bpi->flags, BGP_PATH_REMOVED)) {
926 if (debug) {
927 zlog_debug(
928 "%s: ->%s(s_flags: 0x%x): %pFX: New route, being removed, not leaking",
929 __func__, bgp->name_pretty,
930 source_bpi->flags, p);
931 }
932 return NULL;
933 }
934
935 new = info_make(ZEBRA_ROUTE_BGP, BGP_ROUTE_IMPORTED, 0,
936 bgp->peer_self, new_attr, bn);
937
938 if (nexthop_self_flag)
939 bgp_path_info_set_flag(bn, new, BGP_PATH_ANNC_NH_SELF);
940
941 bgp_path_info_extra_get(new);
942
943 /*
944 * rewrite sid
945 */
946 if (num_sids) {
947 if (new_attr->srv6_l3vpn) {
948 setsids(new, &new_attr->srv6_l3vpn->sid, num_sids);
949
950 extra = bgp_path_info_extra_get(new);
951
952 extra->sid[0].loc_block_len =
953 new_attr->srv6_l3vpn->loc_block_len;
954 extra->sid[0].loc_node_len =
955 new_attr->srv6_l3vpn->loc_node_len;
956 extra->sid[0].func_len = new_attr->srv6_l3vpn->func_len;
957 extra->sid[0].arg_len = new_attr->srv6_l3vpn->arg_len;
958 extra->sid[0].transposition_len =
959 new_attr->srv6_l3vpn->transposition_len;
960 extra->sid[0].transposition_offset =
961 new_attr->srv6_l3vpn->transposition_offset;
962 } else if (new_attr->srv6_vpn)
963 setsids(new, &new_attr->srv6_vpn->sid, num_sids);
964 } else
965 unsetsids(new);
966
967 if (num_labels)
968 setlabels(new, label, num_labels);
969
970 new->extra->parent = bgp_path_info_lock(parent);
971 bgp_dest_lock_node(
972 (struct bgp_dest *)((struct bgp_path_info *)parent)->net);
973 if (bgp_orig)
974 new->extra->bgp_orig = bgp_lock(bgp_orig);
975 if (nexthop_orig)
976 new->extra->nexthop_orig = *nexthop_orig;
977
978 /*
979 * nexthop tracking for unicast routes
980 */
981 struct bgp *bgp_nexthop = bgp;
982 int nh_valid;
983
984 if (new->extra->bgp_orig)
985 bgp_nexthop = new->extra->bgp_orig;
986
987 /*
988 * No nexthop tracking for redistributed routes because
989 * their originating protocols will do the tracking and
990 * withdraw those routes if the nexthops become unreachable
991 * This also holds good for EVPN-imported routes that get
992 * leaked.
993 */
994 if (bpi_ultimate->sub_type == BGP_ROUTE_REDISTRIBUTE ||
995 is_pi_family_evpn(bpi_ultimate))
996 nh_valid = 1;
997 else
998 /*
999 * TBD do we need to do anything about the
1000 * 'connected' parameter?
1001 */
1002 nh_valid = bgp_find_or_add_nexthop(bgp, bgp_nexthop, afi, safi,
1003 new, NULL, 0, p);
1004
1005 /*
1006 * If you are using SRv6 VPN instead of MPLS, it need to check
1007 * the SID allocation. If the sid is not allocated, the rib
1008 * will be invalid.
1009 */
1010 if (bgp->srv6_enabled
1011 && (!new->attr->srv6_l3vpn && !new->attr->srv6_vpn)) {
1012 bgp_path_info_unset_flag(bn, new, BGP_PATH_VALID);
1013 nh_valid = false;
1014 }
1015
1016 if (debug)
1017 zlog_debug("%s: nexthop is %svalid (in vrf %s)",
1018 __func__, (nh_valid ? "" : "not "),
1019 bgp_nexthop->name_pretty);
1020 if (nh_valid)
1021 bgp_path_info_set_flag(bn, new, BGP_PATH_VALID);
1022
1023 bgp_aggregate_increment(bgp, p, new, afi, safi);
1024 bgp_path_info_add(bn, new);
1025
1026 bgp_dest_unlock_node(bn);
1027 bgp_process(bgp, bn, afi, safi);
1028
1029 if (debug)
1030 zlog_debug("%s: ->%s: %pBD: Added new route", __func__,
1031 bgp->name_pretty, bn);
1032
1033 return new;
1034 }
1035
1036 /* cf vnc_import_bgp_add_route_mode_nvegroup() and add_vnc_route() */
1037 void vpn_leak_from_vrf_update(struct bgp *bgp_vpn, /* to */
1038 struct bgp *bgp_vrf, /* from */
1039 struct bgp_path_info *path_vrf) /* route */
1040 {
1041 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
1042 const struct prefix *p = bgp_dest_get_prefix(path_vrf->net);
1043 afi_t afi = family2afi(p->family);
1044 struct attr static_attr = {0};
1045 struct attr *new_attr = NULL;
1046 safi_t safi = SAFI_MPLS_VPN;
1047 mpls_label_t label_val;
1048 mpls_label_t label;
1049 struct bgp_dest *bn;
1050 const char *debugmsg;
1051 int nexthop_self_flag = 0;
1052
1053 if (debug)
1054 zlog_debug("%s: from vrf %s", __func__, bgp_vrf->name_pretty);
1055
1056 if (debug && bgp_attr_get_ecommunity(path_vrf->attr)) {
1057 char *s = ecommunity_ecom2str(
1058 bgp_attr_get_ecommunity(path_vrf->attr),
1059 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
1060
1061 zlog_debug("%s: %s path_vrf->type=%d, EC{%s}", __func__,
1062 bgp_vrf->name, path_vrf->type, s);
1063 XFREE(MTYPE_ECOMMUNITY_STR, s);
1064 }
1065
1066 if (!bgp_vpn)
1067 return;
1068
1069 if (!afi) {
1070 if (debug)
1071 zlog_debug("%s: can't get afi of prefix", __func__);
1072 return;
1073 }
1074
1075 /* Is this route exportable into the VPN table? */
1076 if (!is_route_injectable_into_vpn(path_vrf))
1077 return;
1078
1079 if (!vpn_leak_to_vpn_active(bgp_vrf, afi, &debugmsg)) {
1080 if (debug)
1081 zlog_debug("%s: %s skipping: %s", __func__,
1082 bgp_vrf->name, debugmsg);
1083 return;
1084 }
1085
1086 /* shallow copy */
1087 static_attr = *path_vrf->attr;
1088
1089 /*
1090 * route map handling
1091 */
1092 if (bgp_vrf->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_TOVPN]) {
1093 struct bgp_path_info info;
1094 route_map_result_t ret;
1095
1096 memset(&info, 0, sizeof(info));
1097 info.peer = bgp_vpn->peer_self;
1098 info.attr = &static_attr;
1099 ret = route_map_apply(
1100 bgp_vrf->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_TOVPN],
1101 p, &info);
1102 if (RMAP_DENYMATCH == ret) {
1103 bgp_attr_flush(&static_attr); /* free any added parts */
1104 if (debug)
1105 zlog_debug(
1106 "%s: vrf %s route map \"%s\" says DENY, returning",
1107 __func__, bgp_vrf->name_pretty,
1108 bgp_vrf->vpn_policy[afi]
1109 .rmap[BGP_VPN_POLICY_DIR_TOVPN]
1110 ->name);
1111 return;
1112 }
1113 }
1114
1115 if (debug && bgp_attr_get_ecommunity(&static_attr)) {
1116 char *s = ecommunity_ecom2str(
1117 bgp_attr_get_ecommunity(&static_attr),
1118 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
1119
1120 zlog_debug("%s: post route map static_attr.ecommunity{%s}",
1121 __func__, s);
1122 XFREE(MTYPE_ECOMMUNITY_STR, s);
1123 }
1124
1125 /*
1126 * Add the vpn-policy rt-list
1127 */
1128 struct ecommunity *old_ecom;
1129 struct ecommunity *new_ecom;
1130
1131 /* Export with the 'from' instance's export RTs. */
1132 /* If doing VRF-to-VRF leaking, strip existing RTs first. */
1133 old_ecom = bgp_attr_get_ecommunity(&static_attr);
1134 if (old_ecom) {
1135 new_ecom = ecommunity_dup(old_ecom);
1136 if (CHECK_FLAG(bgp_vrf->af_flags[afi][SAFI_UNICAST],
1137 BGP_CONFIG_VRF_TO_VRF_EXPORT))
1138 ecommunity_strip_rts(new_ecom);
1139 new_ecom = ecommunity_merge(new_ecom,
1140 bgp_vrf->vpn_policy[afi]
1141 .rtlist[BGP_VPN_POLICY_DIR_TOVPN]);
1142 if (!old_ecom->refcnt)
1143 ecommunity_free(&old_ecom);
1144 } else {
1145 new_ecom = ecommunity_dup(
1146 bgp_vrf->vpn_policy[afi]
1147 .rtlist[BGP_VPN_POLICY_DIR_TOVPN]);
1148 }
1149 bgp_attr_set_ecommunity(&static_attr, new_ecom);
1150 SET_FLAG(static_attr.flag, ATTR_FLAG_BIT(BGP_ATTR_EXT_COMMUNITIES));
1151
1152 if (debug && bgp_attr_get_ecommunity(&static_attr)) {
1153 char *s = ecommunity_ecom2str(
1154 bgp_attr_get_ecommunity(&static_attr),
1155 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
1156
1157 zlog_debug("%s: post merge static_attr.ecommunity{%s}",
1158 __func__, s);
1159 XFREE(MTYPE_ECOMMUNITY_STR, s);
1160 }
1161
1162 /* Nexthop */
1163 /* if policy nexthop not set, use 0 */
1164 if (CHECK_FLAG(bgp_vrf->vpn_policy[afi].flags,
1165 BGP_VPN_POLICY_TOVPN_NEXTHOP_SET)) {
1166 struct prefix *nexthop =
1167 &bgp_vrf->vpn_policy[afi].tovpn_nexthop;
1168
1169 switch (nexthop->family) {
1170 case AF_INET:
1171 /* prevent mp_nexthop_global_in <- self in bgp_route.c
1172 */
1173 static_attr.nexthop.s_addr = nexthop->u.prefix4.s_addr;
1174
1175 static_attr.mp_nexthop_global_in = nexthop->u.prefix4;
1176 static_attr.mp_nexthop_len = BGP_ATTR_NHLEN_IPV4;
1177 break;
1178
1179 case AF_INET6:
1180 static_attr.mp_nexthop_global = nexthop->u.prefix6;
1181 static_attr.mp_nexthop_len = BGP_ATTR_NHLEN_IPV6_GLOBAL;
1182 break;
1183
1184 default:
1185 assert(0);
1186 }
1187 } else {
1188 if (!CHECK_FLAG(bgp_vrf->af_flags[afi][SAFI_UNICAST],
1189 BGP_CONFIG_VRF_TO_VRF_EXPORT)) {
1190 if (afi == AFI_IP) {
1191 /*
1192 * For ipv4, copy to multiprotocol
1193 * nexthop field
1194 */
1195 static_attr.mp_nexthop_global_in =
1196 static_attr.nexthop;
1197 static_attr.mp_nexthop_len =
1198 BGP_ATTR_NHLEN_IPV4;
1199 /*
1200 * XXX Leave static_attr.nexthop
1201 * intact for NHT
1202 */
1203 static_attr.flag &=
1204 ~ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP);
1205 }
1206 } else {
1207 /* Update based on next-hop family to account for
1208 * RFC 5549 (BGP unnumbered) scenario. Note that
1209 * specific action is only needed for the case of
1210 * IPv4 nexthops as the attr has been copied
1211 * otherwise.
1212 */
1213 if (afi == AFI_IP
1214 && !BGP_ATTR_NEXTHOP_AFI_IP6(path_vrf->attr)) {
1215 static_attr.mp_nexthop_global_in.s_addr =
1216 static_attr.nexthop.s_addr;
1217 static_attr.mp_nexthop_len =
1218 BGP_ATTR_NHLEN_IPV4;
1219 static_attr.flag |=
1220 ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP);
1221 }
1222 }
1223 nexthop_self_flag = 1;
1224 }
1225
1226 label_val = bgp_vrf->vpn_policy[afi].tovpn_label;
1227 if (label_val == MPLS_LABEL_NONE) {
1228 encode_label(MPLS_LABEL_IMPLICIT_NULL, &label);
1229 } else {
1230 encode_label(label_val, &label);
1231 }
1232
1233 /* Set originator ID to "me" */
1234 SET_FLAG(static_attr.flag, ATTR_FLAG_BIT(BGP_ATTR_ORIGINATOR_ID));
1235 static_attr.originator_id = bgp_vpn->router_id;
1236
1237 /* Set SID for SRv6 VPN */
1238 if (bgp_vrf->vpn_policy[afi].tovpn_sid_locator) {
1239 encode_label(bgp_vrf->vpn_policy[afi].tovpn_sid_transpose_label,
1240 &label);
1241 static_attr.srv6_l3vpn = XCALLOC(MTYPE_BGP_SRV6_L3VPN,
1242 sizeof(struct bgp_attr_srv6_l3vpn));
1243 static_attr.srv6_l3vpn->sid_flags = 0x00;
1244 static_attr.srv6_l3vpn->endpoint_behavior = 0xffff;
1245 static_attr.srv6_l3vpn->loc_block_len =
1246 BGP_PREFIX_SID_SRV6_LOCATOR_BLOCK_LENGTH;
1247 static_attr.srv6_l3vpn->loc_node_len =
1248 BGP_PREFIX_SID_SRV6_LOCATOR_NODE_LENGTH;
1249 static_attr.srv6_l3vpn->func_len =
1250 BGP_PREFIX_SID_SRV6_FUNCTION_LENGTH;
1251 static_attr.srv6_l3vpn->arg_len =
1252 BGP_PREFIX_SID_SRV6_ARGUMENT_LENGTH;
1253 static_attr.srv6_l3vpn->transposition_len =
1254 BGP_PREFIX_SID_SRV6_TRANSPOSITION_LENGTH;
1255 static_attr.srv6_l3vpn->transposition_offset =
1256 BGP_PREFIX_SID_SRV6_TRANSPOSITION_OFFSET;
1257 memcpy(&static_attr.srv6_l3vpn->sid,
1258 bgp_vrf->vpn_policy[afi].tovpn_sid_locator,
1259 sizeof(struct in6_addr));
1260 }
1261
1262
1263 new_attr = bgp_attr_intern(
1264 &static_attr); /* hashed refcounted everything */
1265 bgp_attr_flush(&static_attr); /* free locally-allocated parts */
1266
1267 if (debug && bgp_attr_get_ecommunity(new_attr)) {
1268 char *s = ecommunity_ecom2str(bgp_attr_get_ecommunity(new_attr),
1269 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
1270
1271 zlog_debug("%s: new_attr->ecommunity{%s}", __func__, s);
1272 XFREE(MTYPE_ECOMMUNITY_STR, s);
1273 }
1274
1275 /* Now new_attr is an allocated interned attr */
1276
1277 bn = bgp_afi_node_get(bgp_vpn->rib[afi][safi], afi, safi, p,
1278 &(bgp_vrf->vpn_policy[afi].tovpn_rd));
1279
1280 struct bgp_path_info *new_info;
1281
1282 new_info = leak_update(bgp_vpn, bn, new_attr, afi, safi, path_vrf,
1283 &label, 1, path_vrf, bgp_vrf, NULL,
1284 nexthop_self_flag, debug);
1285
1286 /*
1287 * Routes actually installed in the vpn RIB must also be
1288 * offered to all vrfs (because now they originate from
1289 * the vpn RIB).
1290 *
1291 * Acceptance into other vrfs depends on rt-lists.
1292 * Originating vrf will not accept the looped back route
1293 * because of loop checking.
1294 */
1295 if (new_info)
1296 vpn_leak_to_vrf_update(bgp_vrf, new_info);
1297 }
1298
1299 void vpn_leak_from_vrf_withdraw(struct bgp *bgp_vpn, /* to */
1300 struct bgp *bgp_vrf, /* from */
1301 struct bgp_path_info *path_vrf) /* route */
1302 {
1303 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
1304 const struct prefix *p = bgp_dest_get_prefix(path_vrf->net);
1305 afi_t afi = family2afi(p->family);
1306 safi_t safi = SAFI_MPLS_VPN;
1307 struct bgp_path_info *bpi;
1308 struct bgp_dest *bn;
1309 const char *debugmsg;
1310
1311 if (debug) {
1312 zlog_debug(
1313 "%s: entry: leak-from=%s, p=%pBD, type=%d, sub_type=%d",
1314 __func__, bgp_vrf->name_pretty, path_vrf->net,
1315 path_vrf->type, path_vrf->sub_type);
1316 }
1317
1318 if (!bgp_vpn)
1319 return;
1320
1321 if (!afi) {
1322 if (debug)
1323 zlog_debug("%s: can't get afi of prefix", __func__);
1324 return;
1325 }
1326
1327 /* Is this route exportable into the VPN table? */
1328 if (!is_route_injectable_into_vpn(path_vrf))
1329 return;
1330
1331 if (!vpn_leak_to_vpn_active(bgp_vrf, afi, &debugmsg)) {
1332 if (debug)
1333 zlog_debug("%s: skipping: %s", __func__, debugmsg);
1334 return;
1335 }
1336
1337 if (debug)
1338 zlog_debug("%s: withdrawing (path_vrf=%p)", __func__, path_vrf);
1339
1340 bn = bgp_afi_node_get(bgp_vpn->rib[afi][safi], afi, safi, p,
1341 &(bgp_vrf->vpn_policy[afi].tovpn_rd));
1342
1343 if (!bn)
1344 return;
1345 /*
1346 * vrf -> vpn
1347 * match original bpi imported from
1348 */
1349 for (bpi = bgp_dest_get_bgp_path_info(bn); bpi; bpi = bpi->next) {
1350 if (bpi->extra && bpi->extra->parent == path_vrf) {
1351 break;
1352 }
1353 }
1354
1355 if (bpi) {
1356 /* withdraw from looped vrfs as well */
1357 vpn_leak_to_vrf_withdraw(bgp_vpn, bpi);
1358
1359 bgp_aggregate_decrement(bgp_vpn, p, bpi, afi, safi);
1360 bgp_path_info_delete(bn, bpi);
1361 bgp_process(bgp_vpn, bn, afi, safi);
1362 }
1363 bgp_dest_unlock_node(bn);
1364 }
1365
1366 void vpn_leak_from_vrf_withdraw_all(struct bgp *bgp_vpn, /* to */
1367 struct bgp *bgp_vrf, /* from */
1368 afi_t afi)
1369 {
1370 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
1371 struct bgp_dest *pdest;
1372 safi_t safi = SAFI_MPLS_VPN;
1373
1374 /*
1375 * Walk vpn table, delete bpi with bgp_orig == bgp_vrf
1376 */
1377 for (pdest = bgp_table_top(bgp_vpn->rib[afi][safi]); pdest;
1378 pdest = bgp_route_next(pdest)) {
1379
1380 struct bgp_table *table;
1381 struct bgp_dest *bn;
1382 struct bgp_path_info *bpi;
1383
1384 /* This is the per-RD table of prefixes */
1385 table = bgp_dest_get_bgp_table_info(pdest);
1386
1387 if (!table)
1388 continue;
1389
1390 for (bn = bgp_table_top(table); bn; bn = bgp_route_next(bn)) {
1391 bpi = bgp_dest_get_bgp_path_info(bn);
1392 if (debug && bpi) {
1393 zlog_debug("%s: looking at prefix %pBD",
1394 __func__, bn);
1395 }
1396
1397 for (; bpi; bpi = bpi->next) {
1398 if (debug)
1399 zlog_debug("%s: type %d, sub_type %d",
1400 __func__, bpi->type,
1401 bpi->sub_type);
1402 if (bpi->sub_type != BGP_ROUTE_IMPORTED)
1403 continue;
1404 if (!bpi->extra)
1405 continue;
1406 if ((struct bgp *)bpi->extra->bgp_orig
1407 == bgp_vrf) {
1408 /* delete route */
1409 if (debug)
1410 zlog_debug("%s: deleting it",
1411 __func__);
1412 /* withdraw from leak-to vrfs as well */
1413 vpn_leak_to_vrf_withdraw(bgp_vpn, bpi);
1414 bgp_aggregate_decrement(
1415 bgp_vpn,
1416 bgp_dest_get_prefix(bn), bpi,
1417 afi, safi);
1418 bgp_path_info_delete(bn, bpi);
1419 bgp_process(bgp_vpn, bn, afi, safi);
1420 }
1421 }
1422 }
1423 }
1424 }
1425
1426 void vpn_leak_from_vrf_update_all(struct bgp *bgp_vpn, /* to */
1427 struct bgp *bgp_vrf, /* from */
1428 afi_t afi)
1429 {
1430 struct bgp_dest *bn;
1431 struct bgp_path_info *bpi;
1432 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
1433
1434 if (debug)
1435 zlog_debug("%s: entry, afi=%d, vrf=%s", __func__, afi,
1436 bgp_vrf->name_pretty);
1437
1438 for (bn = bgp_table_top(bgp_vrf->rib[afi][SAFI_UNICAST]); bn;
1439 bn = bgp_route_next(bn)) {
1440
1441 if (debug)
1442 zlog_debug("%s: node=%p", __func__, bn);
1443
1444 for (bpi = bgp_dest_get_bgp_path_info(bn); bpi;
1445 bpi = bpi->next) {
1446 if (debug)
1447 zlog_debug(
1448 "%s: calling vpn_leak_from_vrf_update",
1449 __func__);
1450 vpn_leak_from_vrf_update(bgp_vpn, bgp_vrf, bpi);
1451 }
1452 }
1453 }
1454
1455 static void
1456 vpn_leak_to_vrf_update_onevrf(struct bgp *bgp_vrf, /* to */
1457 struct bgp *bgp_vpn, /* from */
1458 struct bgp_path_info *path_vpn) /* route */
1459 {
1460 const struct prefix *p = bgp_dest_get_prefix(path_vpn->net);
1461 afi_t afi = family2afi(p->family);
1462
1463 struct attr static_attr = {0};
1464 struct attr *new_attr = NULL;
1465 struct bgp_dest *bn;
1466 safi_t safi = SAFI_UNICAST;
1467 const char *debugmsg;
1468 struct prefix nexthop_orig;
1469 mpls_label_t *pLabels = NULL;
1470 uint32_t num_labels = 0;
1471 int nexthop_self_flag = 1;
1472 struct bgp_path_info *bpi_ultimate = NULL;
1473 int origin_local = 0;
1474 struct bgp *src_vrf;
1475
1476 int debug = BGP_DEBUG(vpn, VPN_LEAK_TO_VRF);
1477
1478 if (!vpn_leak_from_vpn_active(bgp_vrf, afi, &debugmsg)) {
1479 if (debug)
1480 zlog_debug("%s: skipping: %s", __func__, debugmsg);
1481 return;
1482 }
1483
1484 /* Check for intersection of route targets */
1485 if (!ecom_intersect(
1486 bgp_vrf->vpn_policy[afi].rtlist[BGP_VPN_POLICY_DIR_FROMVPN],
1487 bgp_attr_get_ecommunity(path_vpn->attr))) {
1488 if (debug)
1489 zlog_debug(
1490 "from vpn to vrf %s, skipping after no intersection of route targets",
1491 bgp_vrf->name_pretty);
1492 return;
1493 }
1494
1495 if (debug)
1496 zlog_debug("%s: updating %pFX to vrf %s", __func__, p,
1497 bgp_vrf->name_pretty);
1498
1499 /* shallow copy */
1500 static_attr = *path_vpn->attr;
1501
1502 struct ecommunity *old_ecom;
1503 struct ecommunity *new_ecom;
1504
1505 /* If doing VRF-to-VRF leaking, strip RTs. */
1506 old_ecom = bgp_attr_get_ecommunity(&static_attr);
1507 if (old_ecom && CHECK_FLAG(bgp_vrf->af_flags[afi][safi],
1508 BGP_CONFIG_VRF_TO_VRF_IMPORT)) {
1509 new_ecom = ecommunity_dup(old_ecom);
1510 ecommunity_strip_rts(new_ecom);
1511 bgp_attr_set_ecommunity(&static_attr, new_ecom);
1512
1513 if (new_ecom->size == 0) {
1514 UNSET_FLAG(static_attr.flag,
1515 ATTR_FLAG_BIT(BGP_ATTR_EXT_COMMUNITIES));
1516 ecommunity_free(&new_ecom);
1517 bgp_attr_set_ecommunity(&static_attr, NULL);
1518 }
1519
1520 if (!old_ecom->refcnt)
1521 ecommunity_free(&old_ecom);
1522 }
1523
1524 /*
1525 * Nexthop: stash and clear
1526 *
1527 * Nexthop is valid in context of VPN core, but not in destination vrf.
1528 * Stash it for later label resolution by vrf ingress path and then
1529 * overwrite with 0, i.e., "me", for the sake of vrf advertisement.
1530 */
1531 uint8_t nhfamily = NEXTHOP_FAMILY(path_vpn->attr->mp_nexthop_len);
1532
1533 memset(&nexthop_orig, 0, sizeof(nexthop_orig));
1534 nexthop_orig.family = nhfamily;
1535
1536 switch (nhfamily) {
1537 case AF_INET:
1538 /* save */
1539 nexthop_orig.u.prefix4 = path_vpn->attr->mp_nexthop_global_in;
1540 nexthop_orig.prefixlen = IPV4_MAX_BITLEN;
1541
1542 if (CHECK_FLAG(bgp_vrf->af_flags[afi][safi],
1543 BGP_CONFIG_VRF_TO_VRF_IMPORT)) {
1544 static_attr.nexthop.s_addr =
1545 nexthop_orig.u.prefix4.s_addr;
1546
1547 static_attr.mp_nexthop_global_in =
1548 path_vpn->attr->mp_nexthop_global_in;
1549 static_attr.mp_nexthop_len =
1550 path_vpn->attr->mp_nexthop_len;
1551 }
1552 static_attr.flag |= ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP);
1553 break;
1554 case AF_INET6:
1555 /* save */
1556 nexthop_orig.u.prefix6 = path_vpn->attr->mp_nexthop_global;
1557 nexthop_orig.prefixlen = IPV6_MAX_BITLEN;
1558
1559 if (CHECK_FLAG(bgp_vrf->af_flags[afi][safi],
1560 BGP_CONFIG_VRF_TO_VRF_IMPORT)) {
1561 static_attr.mp_nexthop_global = nexthop_orig.u.prefix6;
1562 }
1563 break;
1564 }
1565
1566 /*
1567 * route map handling
1568 */
1569 if (bgp_vrf->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_FROMVPN]) {
1570 struct bgp_path_info info;
1571 route_map_result_t ret;
1572
1573 memset(&info, 0, sizeof(info));
1574 info.peer = bgp_vrf->peer_self;
1575 info.attr = &static_attr;
1576 info.extra = path_vpn->extra; /* Used for source-vrf filter */
1577 ret = route_map_apply(bgp_vrf->vpn_policy[afi]
1578 .rmap[BGP_VPN_POLICY_DIR_FROMVPN],
1579 p, &info);
1580 if (RMAP_DENYMATCH == ret) {
1581 bgp_attr_flush(&static_attr); /* free any added parts */
1582 if (debug)
1583 zlog_debug(
1584 "%s: vrf %s vpn-policy route map \"%s\" says DENY, returning",
1585 __func__, bgp_vrf->name_pretty,
1586 bgp_vrf->vpn_policy[afi]
1587 .rmap[BGP_VPN_POLICY_DIR_FROMVPN]
1588 ->name);
1589 return;
1590 }
1591 /*
1592 * if route-map changed nexthop, don't nexthop-self on output
1593 */
1594 if (!CHECK_FLAG(static_attr.rmap_change_flags,
1595 BATTR_RMAP_NEXTHOP_UNCHANGED))
1596 nexthop_self_flag = 0;
1597 }
1598
1599 new_attr = bgp_attr_intern(&static_attr);
1600 bgp_attr_flush(&static_attr);
1601
1602 bn = bgp_afi_node_get(bgp_vrf->rib[afi][safi], afi, safi, p, NULL);
1603
1604 /*
1605 * ensure labels are copied
1606 *
1607 * However, there is a special case: if the route originated in
1608 * another local VRF (as opposed to arriving via VPN), then the
1609 * nexthop is reached by hairpinning through this router (me)
1610 * using IP forwarding only (no LSP). Therefore, the route
1611 * imported to the VRF should not have labels attached. Note
1612 * that nexthop tracking is also involved: eliminating the
1613 * labels for these routes enables the non-labeled nexthops
1614 * from the originating VRF to be considered valid for this route.
1615 */
1616 if (!CHECK_FLAG(bgp_vrf->af_flags[afi][safi],
1617 BGP_CONFIG_VRF_TO_VRF_IMPORT)) {
1618 /* work back to original route */
1619 bpi_ultimate = bgp_get_imported_bpi_ultimate(path_vpn);
1620
1621 /*
1622 * if original route was unicast,
1623 * then it did not arrive over vpn
1624 */
1625 if (bpi_ultimate->net) {
1626 struct bgp_table *table;
1627
1628 table = bgp_dest_table(bpi_ultimate->net);
1629 if (table && (table->safi == SAFI_UNICAST))
1630 origin_local = 1;
1631 }
1632
1633 /* copy labels */
1634 if (!origin_local && path_vpn->extra
1635 && path_vpn->extra->num_labels) {
1636 num_labels = path_vpn->extra->num_labels;
1637 if (num_labels > BGP_MAX_LABELS)
1638 num_labels = BGP_MAX_LABELS;
1639 pLabels = path_vpn->extra->label;
1640 }
1641 }
1642
1643 if (debug)
1644 zlog_debug("%s: pfx %pBD: num_labels %d", __func__,
1645 path_vpn->net, num_labels);
1646
1647 /*
1648 * For VRF-2-VRF route-leaking,
1649 * the source will be the originating VRF.
1650 */
1651 if (path_vpn->extra && path_vpn->extra->bgp_orig)
1652 src_vrf = path_vpn->extra->bgp_orig;
1653 else
1654 src_vrf = bgp_vpn;
1655
1656 leak_update(bgp_vrf, bn, new_attr, afi, safi, path_vpn, pLabels,
1657 num_labels, path_vpn, /* parent */
1658 src_vrf, &nexthop_orig, nexthop_self_flag, debug);
1659 }
1660
1661 void vpn_leak_to_vrf_update(struct bgp *bgp_vpn, /* from */
1662 struct bgp_path_info *path_vpn) /* route */
1663 {
1664 struct listnode *mnode, *mnnode;
1665 struct bgp *bgp;
1666
1667 int debug = BGP_DEBUG(vpn, VPN_LEAK_TO_VRF);
1668
1669 if (debug)
1670 zlog_debug("%s: start (path_vpn=%p)", __func__, path_vpn);
1671
1672 /* Loop over VRFs */
1673 for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp)) {
1674
1675 if (!path_vpn->extra
1676 || path_vpn->extra->bgp_orig != bgp) { /* no loop */
1677 vpn_leak_to_vrf_update_onevrf(bgp, bgp_vpn, path_vpn);
1678 }
1679 }
1680 }
1681
1682 void vpn_leak_to_vrf_withdraw(struct bgp *bgp_vpn, /* from */
1683 struct bgp_path_info *path_vpn) /* route */
1684 {
1685 const struct prefix *p;
1686 afi_t afi;
1687 safi_t safi = SAFI_UNICAST;
1688 struct bgp *bgp;
1689 struct listnode *mnode, *mnnode;
1690 struct bgp_dest *bn;
1691 struct bgp_path_info *bpi;
1692 const char *debugmsg;
1693
1694 int debug = BGP_DEBUG(vpn, VPN_LEAK_TO_VRF);
1695
1696 if (debug)
1697 zlog_debug("%s: entry: p=%pBD, type=%d, sub_type=%d", __func__,
1698 path_vpn->net, path_vpn->type, path_vpn->sub_type);
1699
1700 if (debug)
1701 zlog_debug("%s: start (path_vpn=%p)", __func__, path_vpn);
1702
1703 if (!path_vpn->net) {
1704 #ifdef ENABLE_BGP_VNC
1705 /* BGP_ROUTE_RFP routes do not have path_vpn->net set (yet) */
1706 if (path_vpn->type == ZEBRA_ROUTE_BGP
1707 && path_vpn->sub_type == BGP_ROUTE_RFP) {
1708
1709 return;
1710 }
1711 #endif
1712 if (debug)
1713 zlog_debug(
1714 "%s: path_vpn->net unexpectedly NULL, no prefix, bailing",
1715 __func__);
1716 return;
1717 }
1718
1719 p = bgp_dest_get_prefix(path_vpn->net);
1720 afi = family2afi(p->family);
1721
1722 /* Loop over VRFs */
1723 for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp)) {
1724 if (!vpn_leak_from_vpn_active(bgp, afi, &debugmsg)) {
1725 if (debug)
1726 zlog_debug("%s: skipping: %s", __func__,
1727 debugmsg);
1728 continue;
1729 }
1730
1731 /* Check for intersection of route targets */
1732 if (!ecom_intersect(bgp->vpn_policy[afi]
1733 .rtlist[BGP_VPN_POLICY_DIR_FROMVPN],
1734 bgp_attr_get_ecommunity(path_vpn->attr))) {
1735
1736 continue;
1737 }
1738
1739 if (debug)
1740 zlog_debug("%s: withdrawing from vrf %s", __func__,
1741 bgp->name_pretty);
1742
1743 bn = bgp_afi_node_get(bgp->rib[afi][safi], afi, safi, p, NULL);
1744
1745 for (bpi = bgp_dest_get_bgp_path_info(bn); bpi;
1746 bpi = bpi->next) {
1747 if (bpi->extra
1748 && (struct bgp_path_info *)bpi->extra->parent
1749 == path_vpn) {
1750 break;
1751 }
1752 }
1753
1754 if (bpi) {
1755 if (debug)
1756 zlog_debug("%s: deleting bpi %p", __func__,
1757 bpi);
1758 bgp_aggregate_decrement(bgp, p, bpi, afi, safi);
1759 bgp_path_info_delete(bn, bpi);
1760 bgp_process(bgp, bn, afi, safi);
1761 }
1762 bgp_dest_unlock_node(bn);
1763 }
1764 }
1765
1766 void vpn_leak_to_vrf_withdraw_all(struct bgp *bgp_vrf, /* to */
1767 afi_t afi)
1768 {
1769 struct bgp_dest *bn;
1770 struct bgp_path_info *bpi;
1771 safi_t safi = SAFI_UNICAST;
1772 int debug = BGP_DEBUG(vpn, VPN_LEAK_TO_VRF);
1773
1774 if (debug)
1775 zlog_debug("%s: entry", __func__);
1776 /*
1777 * Walk vrf table, delete bpi with bgp_orig in a different vrf
1778 */
1779 for (bn = bgp_table_top(bgp_vrf->rib[afi][safi]); bn;
1780 bn = bgp_route_next(bn)) {
1781
1782 for (bpi = bgp_dest_get_bgp_path_info(bn); bpi;
1783 bpi = bpi->next) {
1784 if (bpi->extra
1785 && bpi->extra->bgp_orig != bgp_vrf
1786 && bpi->extra->parent
1787 && is_pi_family_vpn(bpi->extra->parent)) {
1788
1789 /* delete route */
1790 bgp_aggregate_decrement(bgp_vrf,
1791 bgp_dest_get_prefix(bn),
1792 bpi, afi, safi);
1793 bgp_path_info_delete(bn, bpi);
1794 bgp_process(bgp_vrf, bn, afi, safi);
1795 }
1796 }
1797 }
1798 }
1799
1800 void vpn_leak_to_vrf_update_all(struct bgp *bgp_vrf, /* to */
1801 struct bgp *bgp_vpn, /* from */
1802 afi_t afi)
1803 {
1804 struct bgp_dest *pdest;
1805 safi_t safi = SAFI_MPLS_VPN;
1806
1807 assert(bgp_vpn);
1808
1809 /*
1810 * Walk vpn table
1811 */
1812 for (pdest = bgp_table_top(bgp_vpn->rib[afi][safi]); pdest;
1813 pdest = bgp_route_next(pdest)) {
1814 struct bgp_table *table;
1815 struct bgp_dest *bn;
1816 struct bgp_path_info *bpi;
1817
1818 /* This is the per-RD table of prefixes */
1819 table = bgp_dest_get_bgp_table_info(pdest);
1820
1821 if (!table)
1822 continue;
1823
1824 for (bn = bgp_table_top(table); bn; bn = bgp_route_next(bn)) {
1825
1826 for (bpi = bgp_dest_get_bgp_path_info(bn); bpi;
1827 bpi = bpi->next) {
1828
1829 if (bpi->extra
1830 && bpi->extra->bgp_orig == bgp_vrf)
1831 continue;
1832
1833 vpn_leak_to_vrf_update_onevrf(bgp_vrf, bgp_vpn,
1834 bpi);
1835 }
1836 }
1837 }
1838 }
1839
1840 /*
1841 * This function is called for definition/deletion/change to a route-map
1842 */
1843 static void vpn_policy_routemap_update(struct bgp *bgp, const char *rmap_name)
1844 {
1845 int debug = BGP_DEBUG(vpn, VPN_LEAK_RMAP_EVENT);
1846 afi_t afi;
1847 struct route_map *rmap;
1848
1849 if (bgp->inst_type != BGP_INSTANCE_TYPE_DEFAULT
1850 && bgp->inst_type != BGP_INSTANCE_TYPE_VRF) {
1851
1852 return;
1853 }
1854
1855 rmap = route_map_lookup_by_name(rmap_name); /* NULL if deleted */
1856
1857 for (afi = 0; afi < AFI_MAX; ++afi) {
1858
1859 if (bgp->vpn_policy[afi].rmap_name[BGP_VPN_POLICY_DIR_TOVPN]
1860 && !strcmp(rmap_name,
1861 bgp->vpn_policy[afi]
1862 .rmap_name[BGP_VPN_POLICY_DIR_TOVPN])) {
1863
1864 if (debug)
1865 zlog_debug(
1866 "%s: rmap \"%s\" matches vrf-policy tovpn for as %d afi %s",
1867 __func__, rmap_name, bgp->as,
1868 afi2str(afi));
1869
1870 vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN, afi,
1871 bgp_get_default(), bgp);
1872 if (debug)
1873 zlog_debug("%s: after vpn_leak_prechange",
1874 __func__);
1875
1876 /* in case of definition/deletion */
1877 bgp->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_TOVPN] =
1878 rmap;
1879
1880 vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN, afi,
1881 bgp_get_default(), bgp);
1882
1883 if (debug)
1884 zlog_debug("%s: after vpn_leak_postchange",
1885 __func__);
1886 }
1887
1888 if (bgp->vpn_policy[afi].rmap_name[BGP_VPN_POLICY_DIR_FROMVPN]
1889 && !strcmp(rmap_name,
1890 bgp->vpn_policy[afi]
1891 .rmap_name[BGP_VPN_POLICY_DIR_FROMVPN])) {
1892
1893 if (debug) {
1894 zlog_debug("%s: rmap \"%s\" matches vrf-policy fromvpn for as %d afi %s",
1895 __func__, rmap_name, bgp->as,
1896 afi2str(afi));
1897 }
1898
1899 vpn_leak_prechange(BGP_VPN_POLICY_DIR_FROMVPN, afi,
1900 bgp_get_default(), bgp);
1901
1902 /* in case of definition/deletion */
1903 bgp->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_FROMVPN] =
1904 rmap;
1905
1906 vpn_leak_postchange(BGP_VPN_POLICY_DIR_FROMVPN, afi,
1907 bgp_get_default(), bgp);
1908 }
1909 }
1910 }
1911
1912 /* This API is used during router-id change, reflect VPNs
1913 * auto RD and RT values and readvertise routes to VPN table.
1914 */
1915 void vpn_handle_router_id_update(struct bgp *bgp, bool withdraw,
1916 bool is_config)
1917 {
1918 afi_t afi;
1919 int debug = (BGP_DEBUG(vpn, VPN_LEAK_TO_VRF)
1920 | BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF));
1921 char *vname;
1922 const char *export_name;
1923 char buf[RD_ADDRSTRLEN];
1924 struct bgp *bgp_import;
1925 struct listnode *node;
1926 struct ecommunity *ecom;
1927 vpn_policy_direction_t idir, edir;
1928
1929 /*
1930 * Router-id change that is not explicitly configured
1931 * (a change from zebra, frr restart for example)
1932 * should not replace a configured vpn RD/RT.
1933 */
1934 if (!is_config) {
1935 if (debug)
1936 zlog_debug("%s: skipping non explicit router-id change",
1937 __func__);
1938 return;
1939 }
1940
1941 if (bgp->inst_type != BGP_INSTANCE_TYPE_DEFAULT
1942 && bgp->inst_type != BGP_INSTANCE_TYPE_VRF)
1943 return;
1944
1945 export_name = bgp->name ? bgp->name : VRF_DEFAULT_NAME;
1946 idir = BGP_VPN_POLICY_DIR_FROMVPN;
1947 edir = BGP_VPN_POLICY_DIR_TOVPN;
1948
1949 for (afi = 0; afi < AFI_MAX; ++afi) {
1950 if (!vpn_leak_to_vpn_active(bgp, afi, NULL))
1951 continue;
1952
1953 if (withdraw) {
1954 vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN,
1955 afi, bgp_get_default(), bgp);
1956 if (debug)
1957 zlog_debug("%s: %s after to_vpn vpn_leak_prechange",
1958 __func__, export_name);
1959
1960 /* Remove import RT from VRFs */
1961 ecom = bgp->vpn_policy[afi].rtlist[edir];
1962 for (ALL_LIST_ELEMENTS_RO(bgp->vpn_policy[afi].
1963 export_vrf, node, vname)) {
1964 if (strcmp(vname, VRF_DEFAULT_NAME) == 0)
1965 bgp_import = bgp_get_default();
1966 else
1967 bgp_import = bgp_lookup_by_name(vname);
1968 if (!bgp_import)
1969 continue;
1970
1971 ecommunity_del_val(
1972 bgp_import->vpn_policy[afi]
1973 .rtlist[idir],
1974 (struct ecommunity_val *)ecom->val);
1975 }
1976 } else {
1977 /* New router-id derive auto RD and RT and export
1978 * to VPN
1979 */
1980 form_auto_rd(bgp->router_id, bgp->vrf_rd_id,
1981 &bgp->vrf_prd_auto);
1982 bgp->vpn_policy[afi].tovpn_rd = bgp->vrf_prd_auto;
1983 prefix_rd2str(&bgp->vpn_policy[afi].tovpn_rd, buf,
1984 sizeof(buf));
1985 bgp->vpn_policy[afi].rtlist[edir] =
1986 ecommunity_str2com(buf,
1987 ECOMMUNITY_ROUTE_TARGET, 0);
1988
1989 /* Update import_vrf rt_list */
1990 ecom = bgp->vpn_policy[afi].rtlist[edir];
1991 for (ALL_LIST_ELEMENTS_RO(bgp->vpn_policy[afi].
1992 export_vrf, node, vname)) {
1993 if (strcmp(vname, VRF_DEFAULT_NAME) == 0)
1994 bgp_import = bgp_get_default();
1995 else
1996 bgp_import = bgp_lookup_by_name(vname);
1997 if (!bgp_import)
1998 continue;
1999 if (bgp_import->vpn_policy[afi].rtlist[idir])
2000 bgp_import->vpn_policy[afi].rtlist[idir]
2001 = ecommunity_merge(
2002 bgp_import->vpn_policy[afi]
2003 .rtlist[idir], ecom);
2004 else
2005 bgp_import->vpn_policy[afi].rtlist[idir]
2006 = ecommunity_dup(ecom);
2007 }
2008
2009 /* Update routes to VPN */
2010 vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN,
2011 afi, bgp_get_default(),
2012 bgp);
2013 if (debug)
2014 zlog_debug("%s: %s after to_vpn vpn_leak_postchange",
2015 __func__, export_name);
2016 }
2017 }
2018 }
2019
2020 void vpn_policy_routemap_event(const char *rmap_name)
2021 {
2022 int debug = BGP_DEBUG(vpn, VPN_LEAK_RMAP_EVENT);
2023 struct listnode *mnode, *mnnode;
2024 struct bgp *bgp;
2025
2026 if (debug)
2027 zlog_debug("%s: entry", __func__);
2028
2029 if (bm->bgp == NULL) /* may be called during cleanup */
2030 return;
2031
2032 for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp))
2033 vpn_policy_routemap_update(bgp, rmap_name);
2034 }
2035
2036 void vrf_import_from_vrf(struct bgp *to_bgp, struct bgp *from_bgp,
2037 afi_t afi, safi_t safi)
2038 {
2039 const char *export_name;
2040 vpn_policy_direction_t idir, edir;
2041 char *vname, *tmp_name;
2042 char buf[RD_ADDRSTRLEN];
2043 struct ecommunity *ecom;
2044 bool first_export = false;
2045 int debug;
2046 struct listnode *node;
2047 bool is_inst_match = false;
2048
2049 export_name = to_bgp->name ? to_bgp->name : VRF_DEFAULT_NAME;
2050 idir = BGP_VPN_POLICY_DIR_FROMVPN;
2051 edir = BGP_VPN_POLICY_DIR_TOVPN;
2052
2053 debug = (BGP_DEBUG(vpn, VPN_LEAK_TO_VRF) |
2054 BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF));
2055
2056 /*
2057 * Cross-ref both VRFs. Also, note if this is the first time
2058 * any VRF is importing from "import_vrf".
2059 */
2060 vname = (from_bgp->name ? XSTRDUP(MTYPE_TMP, from_bgp->name)
2061 : XSTRDUP(MTYPE_TMP, VRF_DEFAULT_NAME));
2062
2063 /* Check the import_vrf list of destination vrf for the source vrf name,
2064 * insert otherwise.
2065 */
2066 for (ALL_LIST_ELEMENTS_RO(to_bgp->vpn_policy[afi].import_vrf,
2067 node, tmp_name)) {
2068 if (strcmp(vname, tmp_name) == 0) {
2069 is_inst_match = true;
2070 break;
2071 }
2072 }
2073 if (!is_inst_match)
2074 listnode_add(to_bgp->vpn_policy[afi].import_vrf,
2075 vname);
2076 else
2077 XFREE(MTYPE_TMP, vname);
2078
2079 /* Check if the source vrf already exports to any vrf,
2080 * first time export requires to setup auto derived RD/RT values.
2081 * Add the destination vrf name to export vrf list if it is
2082 * not present.
2083 */
2084 is_inst_match = false;
2085 vname = XSTRDUP(MTYPE_TMP, export_name);
2086 if (!listcount(from_bgp->vpn_policy[afi].export_vrf)) {
2087 first_export = true;
2088 } else {
2089 for (ALL_LIST_ELEMENTS_RO(from_bgp->vpn_policy[afi].export_vrf,
2090 node, tmp_name)) {
2091 if (strcmp(vname, tmp_name) == 0) {
2092 is_inst_match = true;
2093 break;
2094 }
2095 }
2096 }
2097 if (!is_inst_match)
2098 listnode_add(from_bgp->vpn_policy[afi].export_vrf,
2099 vname);
2100 else
2101 XFREE(MTYPE_TMP, vname);
2102
2103 /* Update import RT for current VRF using export RT of the VRF we're
2104 * importing from. First though, make sure "import_vrf" has that
2105 * set.
2106 */
2107 if (first_export) {
2108 form_auto_rd(from_bgp->router_id, from_bgp->vrf_rd_id,
2109 &from_bgp->vrf_prd_auto);
2110 from_bgp->vpn_policy[afi].tovpn_rd = from_bgp->vrf_prd_auto;
2111 SET_FLAG(from_bgp->vpn_policy[afi].flags,
2112 BGP_VPN_POLICY_TOVPN_RD_SET);
2113 prefix_rd2str(&from_bgp->vpn_policy[afi].tovpn_rd,
2114 buf, sizeof(buf));
2115 from_bgp->vpn_policy[afi].rtlist[edir] =
2116 ecommunity_str2com(buf, ECOMMUNITY_ROUTE_TARGET, 0);
2117 SET_FLAG(from_bgp->af_flags[afi][safi],
2118 BGP_CONFIG_VRF_TO_VRF_EXPORT);
2119 from_bgp->vpn_policy[afi].tovpn_label =
2120 BGP_PREVENT_VRF_2_VRF_LEAK;
2121 }
2122 ecom = from_bgp->vpn_policy[afi].rtlist[edir];
2123 if (to_bgp->vpn_policy[afi].rtlist[idir])
2124 to_bgp->vpn_policy[afi].rtlist[idir] =
2125 ecommunity_merge(to_bgp->vpn_policy[afi]
2126 .rtlist[idir], ecom);
2127 else
2128 to_bgp->vpn_policy[afi].rtlist[idir] = ecommunity_dup(ecom);
2129 SET_FLAG(to_bgp->af_flags[afi][safi], BGP_CONFIG_VRF_TO_VRF_IMPORT);
2130
2131 if (debug) {
2132 const char *from_name;
2133 char *ecom1, *ecom2;
2134
2135 from_name = from_bgp->name ? from_bgp->name :
2136 VRF_DEFAULT_NAME;
2137
2138 ecom1 = ecommunity_ecom2str(
2139 to_bgp->vpn_policy[afi].rtlist[idir],
2140 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
2141
2142 ecom2 = ecommunity_ecom2str(
2143 to_bgp->vpn_policy[afi].rtlist[edir],
2144 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
2145
2146 zlog_debug(
2147 "%s from %s to %s first_export %u import-rt %s export-rt %s",
2148 __func__, from_name, export_name, first_export, ecom1,
2149 ecom2);
2150
2151 ecommunity_strfree(&ecom1);
2152 ecommunity_strfree(&ecom2);
2153 }
2154
2155 /* Does "import_vrf" first need to export its routes or that
2156 * is already done and we just need to import those routes
2157 * from the global table?
2158 */
2159 if (first_export)
2160 vpn_leak_postchange(edir, afi, bgp_get_default(), from_bgp);
2161 else
2162 vpn_leak_postchange(idir, afi, bgp_get_default(), to_bgp);
2163 }
2164
2165 void vrf_unimport_from_vrf(struct bgp *to_bgp, struct bgp *from_bgp,
2166 afi_t afi, safi_t safi)
2167 {
2168 const char *export_name, *tmp_name;
2169 vpn_policy_direction_t idir, edir;
2170 char *vname;
2171 struct ecommunity *ecom = NULL;
2172 struct listnode *node;
2173 int debug;
2174
2175 export_name = to_bgp->name ? to_bgp->name : VRF_DEFAULT_NAME;
2176 tmp_name = from_bgp->name ? from_bgp->name : VRF_DEFAULT_NAME;
2177 idir = BGP_VPN_POLICY_DIR_FROMVPN;
2178 edir = BGP_VPN_POLICY_DIR_TOVPN;
2179
2180 debug = (BGP_DEBUG(vpn, VPN_LEAK_TO_VRF) |
2181 BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF));
2182
2183 /* Were we importing from "import_vrf"? */
2184 for (ALL_LIST_ELEMENTS_RO(to_bgp->vpn_policy[afi].import_vrf, node,
2185 vname)) {
2186 if (strcmp(vname, tmp_name) == 0)
2187 break;
2188 }
2189
2190 /*
2191 * We do not check in the cli if the passed in bgp
2192 * instance is actually imported into us before
2193 * we call this function. As such if we do not
2194 * find this in the import_vrf list than
2195 * we just need to return safely.
2196 */
2197 if (!vname)
2198 return;
2199
2200 if (debug)
2201 zlog_debug("%s from %s to %s", __func__, tmp_name, export_name);
2202
2203 /* Remove "import_vrf" from our import list. */
2204 listnode_delete(to_bgp->vpn_policy[afi].import_vrf, vname);
2205 XFREE(MTYPE_TMP, vname);
2206
2207 /* Remove routes imported from "import_vrf". */
2208 /* TODO: In the current logic, we have to first remove all
2209 * imported routes and then (if needed) import back routes
2210 */
2211 vpn_leak_prechange(idir, afi, bgp_get_default(), to_bgp);
2212
2213 if (to_bgp->vpn_policy[afi].import_vrf->count == 0) {
2214 if (!to_bgp->vpn_policy[afi].rmap[idir])
2215 UNSET_FLAG(to_bgp->af_flags[afi][safi],
2216 BGP_CONFIG_VRF_TO_VRF_IMPORT);
2217 if (to_bgp->vpn_policy[afi].rtlist[idir])
2218 ecommunity_free(&to_bgp->vpn_policy[afi].rtlist[idir]);
2219 } else {
2220 ecom = from_bgp->vpn_policy[afi].rtlist[edir];
2221 if (ecom)
2222 ecommunity_del_val(to_bgp->vpn_policy[afi].rtlist[idir],
2223 (struct ecommunity_val *)ecom->val);
2224 vpn_leak_postchange(idir, afi, bgp_get_default(), to_bgp);
2225 }
2226
2227 /*
2228 * What?
2229 * So SA is assuming that since the ALL_LIST_ELEMENTS_RO
2230 * below is checking for NULL that export_vrf can be
2231 * NULL, consequently it is complaining( like a cabbage )
2232 * that we could dereference and crash in the listcount(..)
2233 * check below.
2234 * So make it happy, under protest, with liberty and justice
2235 * for all.
2236 */
2237 assert(from_bgp->vpn_policy[afi].export_vrf);
2238
2239 /* Remove us from "import_vrf's" export list. If no other VRF
2240 * is importing from "import_vrf", cleanup appropriately.
2241 */
2242 for (ALL_LIST_ELEMENTS_RO(from_bgp->vpn_policy[afi].export_vrf,
2243 node, vname)) {
2244 if (strcmp(vname, export_name) == 0)
2245 break;
2246 }
2247
2248 /*
2249 * If we have gotten to this point then the vname must
2250 * exist. If not, we are in a world of trouble and
2251 * have slag sitting around.
2252 *
2253 * import_vrf and export_vrf must match in having
2254 * the in/out names as appropriate.
2255 * export_vrf list could have been cleaned up
2256 * as part of no router bgp source instnace.
2257 */
2258 if (!vname)
2259 return;
2260
2261 listnode_delete(from_bgp->vpn_policy[afi].export_vrf, vname);
2262 XFREE(MTYPE_TMP, vname);
2263
2264 if (!listcount(from_bgp->vpn_policy[afi].export_vrf)) {
2265 vpn_leak_prechange(edir, afi, bgp_get_default(), from_bgp);
2266 ecommunity_free(&from_bgp->vpn_policy[afi].rtlist[edir]);
2267 UNSET_FLAG(from_bgp->af_flags[afi][safi],
2268 BGP_CONFIG_VRF_TO_VRF_EXPORT);
2269 memset(&from_bgp->vpn_policy[afi].tovpn_rd, 0,
2270 sizeof(struct prefix_rd));
2271 UNSET_FLAG(from_bgp->vpn_policy[afi].flags,
2272 BGP_VPN_POLICY_TOVPN_RD_SET);
2273 from_bgp->vpn_policy[afi].tovpn_label = MPLS_LABEL_NONE;
2274
2275 }
2276 }
2277
2278 /* For testing purpose, static route of MPLS-VPN. */
2279 DEFUN (vpnv4_network,
2280 vpnv4_network_cmd,
2281 "network A.B.C.D/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575)",
2282 "Specify a network to announce via BGP\n"
2283 "IPv4 prefix\n"
2284 "Specify Route Distinguisher\n"
2285 "VPN Route Distinguisher\n"
2286 "VPN NLRI label (tag)\n"
2287 "VPN NLRI label (tag)\n"
2288 "Label value\n")
2289 {
2290 int idx_ipv4_prefixlen = 1;
2291 int idx_ext_community = 3;
2292 int idx_label = 5;
2293 return bgp_static_set_safi(
2294 AFI_IP, SAFI_MPLS_VPN, vty, argv[idx_ipv4_prefixlen]->arg,
2295 argv[idx_ext_community]->arg, argv[idx_label]->arg, NULL, 0,
2296 NULL, NULL, NULL, NULL);
2297 }
2298
2299 DEFUN (vpnv4_network_route_map,
2300 vpnv4_network_route_map_cmd,
2301 "network A.B.C.D/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575) route-map WORD",
2302 "Specify a network to announce via BGP\n"
2303 "IPv4 prefix\n"
2304 "Specify Route Distinguisher\n"
2305 "VPN Route Distinguisher\n"
2306 "VPN NLRI label (tag)\n"
2307 "VPN NLRI label (tag)\n"
2308 "Label value\n"
2309 "route map\n"
2310 "route map name\n")
2311 {
2312 int idx_ipv4_prefixlen = 1;
2313 int idx_ext_community = 3;
2314 int idx_label = 5;
2315 int idx_word_2 = 7;
2316 return bgp_static_set_safi(
2317 AFI_IP, SAFI_MPLS_VPN, vty, argv[idx_ipv4_prefixlen]->arg,
2318 argv[idx_ext_community]->arg, argv[idx_label]->arg,
2319 argv[idx_word_2]->arg, 0, NULL, NULL, NULL, NULL);
2320 }
2321
2322 /* For testing purpose, static route of MPLS-VPN. */
2323 DEFUN (no_vpnv4_network,
2324 no_vpnv4_network_cmd,
2325 "no network A.B.C.D/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575)",
2326 NO_STR
2327 "Specify a network to announce via BGP\n"
2328 "IPv4 prefix\n"
2329 "Specify Route Distinguisher\n"
2330 "VPN Route Distinguisher\n"
2331 "VPN NLRI label (tag)\n"
2332 "VPN NLRI label (tag)\n"
2333 "Label value\n")
2334 {
2335 int idx_ipv4_prefixlen = 2;
2336 int idx_ext_community = 4;
2337 int idx_label = 6;
2338 return bgp_static_unset_safi(AFI_IP, SAFI_MPLS_VPN, vty,
2339 argv[idx_ipv4_prefixlen]->arg,
2340 argv[idx_ext_community]->arg,
2341 argv[idx_label]->arg, 0, NULL, NULL, NULL);
2342 }
2343
2344 DEFUN (vpnv6_network,
2345 vpnv6_network_cmd,
2346 "network X:X::X:X/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575) [route-map WORD]",
2347 "Specify a network to announce via BGP\n"
2348 "IPv6 prefix <network>/<length>, e.g., 3ffe::/16\n"
2349 "Specify Route Distinguisher\n"
2350 "VPN Route Distinguisher\n"
2351 "VPN NLRI label (tag)\n"
2352 "VPN NLRI label (tag)\n"
2353 "Label value\n"
2354 "route map\n"
2355 "route map name\n")
2356 {
2357 int idx_ipv6_prefix = 1;
2358 int idx_ext_community = 3;
2359 int idx_label = 5;
2360 int idx_word_2 = 7;
2361 if (argc == 8)
2362 return bgp_static_set_safi(
2363 AFI_IP6, SAFI_MPLS_VPN, vty, argv[idx_ipv6_prefix]->arg,
2364 argv[idx_ext_community]->arg, argv[idx_label]->arg,
2365 argv[idx_word_2]->arg, 0, NULL, NULL, NULL, NULL);
2366 else
2367 return bgp_static_set_safi(
2368 AFI_IP6, SAFI_MPLS_VPN, vty, argv[idx_ipv6_prefix]->arg,
2369 argv[idx_ext_community]->arg, argv[idx_label]->arg,
2370 NULL, 0, NULL, NULL, NULL, NULL);
2371 }
2372
2373 /* For testing purpose, static route of MPLS-VPN. */
2374 DEFUN (no_vpnv6_network,
2375 no_vpnv6_network_cmd,
2376 "no network X:X::X:X/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575)",
2377 NO_STR
2378 "Specify a network to announce via BGP\n"
2379 "IPv6 prefix <network>/<length>, e.g., 3ffe::/16\n"
2380 "Specify Route Distinguisher\n"
2381 "VPN Route Distinguisher\n"
2382 "VPN NLRI label (tag)\n"
2383 "VPN NLRI label (tag)\n"
2384 "Label value\n")
2385 {
2386 int idx_ipv6_prefix = 2;
2387 int idx_ext_community = 4;
2388 int idx_label = 6;
2389 return bgp_static_unset_safi(AFI_IP6, SAFI_MPLS_VPN, vty,
2390 argv[idx_ipv6_prefix]->arg,
2391 argv[idx_ext_community]->arg,
2392 argv[idx_label]->arg, 0, NULL, NULL, NULL);
2393 }
2394
2395 int bgp_show_mpls_vpn(struct vty *vty, afi_t afi, struct prefix_rd *prd,
2396 enum bgp_show_type type, void *output_arg, int tags,
2397 bool use_json)
2398 {
2399 struct bgp *bgp;
2400 struct bgp_table *table;
2401
2402 bgp = bgp_get_default();
2403 if (bgp == NULL) {
2404 if (!use_json)
2405 vty_out(vty, "No BGP process is configured\n");
2406 else
2407 vty_out(vty, "{}\n");
2408 return CMD_WARNING;
2409 }
2410 table = bgp->rib[afi][SAFI_MPLS_VPN];
2411 return bgp_show_table_rd(vty, bgp, SAFI_MPLS_VPN, table, prd, type,
2412 output_arg, use_json);
2413 }
2414
2415 DEFUN (show_bgp_ip_vpn_all_rd,
2416 show_bgp_ip_vpn_all_rd_cmd,
2417 "show bgp "BGP_AFI_CMD_STR" vpn all [rd <ASN:NN_OR_IP-ADDRESS:NN|all>] [json]",
2418 SHOW_STR
2419 BGP_STR
2420 BGP_VPNVX_HELP_STR
2421 "Display VPN NLRI specific information\n"
2422 "Display VPN NLRI specific information\n"
2423 "Display information for a route distinguisher\n"
2424 "VPN Route Distinguisher\n"
2425 "All VPN Route Distinguishers\n"
2426 JSON_STR)
2427 {
2428 int ret;
2429 struct prefix_rd prd;
2430 afi_t afi;
2431 int idx = 0;
2432
2433 if (argv_find_and_parse_afi(argv, argc, &idx, &afi)) {
2434 /* Constrain search if user supplies RD && RD != "all" */
2435 if (argv_find(argv, argc, "rd", &idx)
2436 && strcmp(argv[idx + 1]->arg, "all")) {
2437 ret = str2prefix_rd(argv[idx + 1]->arg, &prd);
2438 if (!ret) {
2439 vty_out(vty,
2440 "%% Malformed Route Distinguisher\n");
2441 return CMD_WARNING;
2442 }
2443 return bgp_show_mpls_vpn(vty, afi, &prd,
2444 bgp_show_type_normal, NULL, 0,
2445 use_json(argc, argv));
2446 } else {
2447 return bgp_show_mpls_vpn(vty, afi, NULL,
2448 bgp_show_type_normal, NULL, 0,
2449 use_json(argc, argv));
2450 }
2451 }
2452 return CMD_SUCCESS;
2453 }
2454
2455 ALIAS(show_bgp_ip_vpn_all_rd,
2456 show_bgp_ip_vpn_rd_cmd,
2457 "show bgp "BGP_AFI_CMD_STR" vpn rd <ASN:NN_OR_IP-ADDRESS:NN|all> [json]",
2458 SHOW_STR
2459 BGP_STR
2460 BGP_VPNVX_HELP_STR
2461 "Display VPN NLRI specific information\n"
2462 "Display information for a route distinguisher\n"
2463 "VPN Route Distinguisher\n"
2464 "All VPN Route Distinguishers\n"
2465 JSON_STR)
2466
2467 #ifdef KEEP_OLD_VPN_COMMANDS
2468 DEFUN (show_ip_bgp_vpn_rd,
2469 show_ip_bgp_vpn_rd_cmd,
2470 "show ip bgp "BGP_AFI_CMD_STR" vpn rd <ASN:NN_OR_IP-ADDRESS:NN|all>",
2471 SHOW_STR
2472 IP_STR
2473 BGP_STR
2474 BGP_AFI_HELP_STR
2475 "Address Family modifier\n"
2476 "Display information for a route distinguisher\n"
2477 "VPN Route Distinguisher\n"
2478 "All VPN Route Distinguishers\n")
2479 {
2480 int idx_ext_community = argc - 1;
2481 int ret;
2482 struct prefix_rd prd;
2483 afi_t afi;
2484 int idx = 0;
2485
2486 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
2487 if (!strcmp(argv[idx_ext_community]->arg, "all"))
2488 return bgp_show_mpls_vpn(vty, afi, NULL,
2489 bgp_show_type_normal, NULL, 0,
2490 0);
2491 ret = str2prefix_rd(argv[idx_ext_community]->arg, &prd);
2492 if (!ret) {
2493 vty_out(vty, "%% Malformed Route Distinguisher\n");
2494 return CMD_WARNING;
2495 }
2496 return bgp_show_mpls_vpn(vty, afi, &prd, bgp_show_type_normal,
2497 NULL, 0, 0);
2498 }
2499 return CMD_SUCCESS;
2500 }
2501
2502 DEFUN (show_ip_bgp_vpn_all,
2503 show_ip_bgp_vpn_all_cmd,
2504 "show [ip] bgp <vpnv4|vpnv6>",
2505 SHOW_STR
2506 IP_STR
2507 BGP_STR
2508 BGP_VPNVX_HELP_STR)
2509 {
2510 afi_t afi;
2511 int idx = 0;
2512
2513 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi))
2514 return bgp_show_mpls_vpn(vty, afi, NULL, bgp_show_type_normal,
2515 NULL, 0, 0);
2516 return CMD_SUCCESS;
2517 }
2518
2519 DEFUN (show_ip_bgp_vpn_all_tags,
2520 show_ip_bgp_vpn_all_tags_cmd,
2521 "show [ip] bgp <vpnv4|vpnv6> all tags",
2522 SHOW_STR
2523 IP_STR
2524 BGP_STR
2525 BGP_VPNVX_HELP_STR
2526 "Display information about all VPNv4/VPNV6 NLRIs\n"
2527 "Display BGP tags for prefixes\n")
2528 {
2529 afi_t afi;
2530 int idx = 0;
2531
2532 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi))
2533 return bgp_show_mpls_vpn(vty, afi, NULL, bgp_show_type_normal,
2534 NULL, 1, 0);
2535 return CMD_SUCCESS;
2536 }
2537
2538 DEFUN (show_ip_bgp_vpn_rd_tags,
2539 show_ip_bgp_vpn_rd_tags_cmd,
2540 "show [ip] bgp <vpnv4|vpnv6> rd <ASN:NN_OR_IP-ADDRESS:NN|all> tags",
2541 SHOW_STR
2542 IP_STR
2543 BGP_STR
2544 BGP_VPNVX_HELP_STR
2545 "Display information for a route distinguisher\n"
2546 "VPN Route Distinguisher\n"
2547 "All VPN Route Distinguishers\n"
2548 "Display BGP tags for prefixes\n")
2549 {
2550 int idx_ext_community = 5;
2551 int ret;
2552 struct prefix_rd prd;
2553 afi_t afi;
2554 int idx = 0;
2555
2556 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
2557 if (!strcmp(argv[idx_ext_community]->arg, "all"))
2558 return bgp_show_mpls_vpn(vty, afi, NULL,
2559 bgp_show_type_normal, NULL, 1,
2560 0);
2561 ret = str2prefix_rd(argv[idx_ext_community]->arg, &prd);
2562 if (!ret) {
2563 vty_out(vty, "%% Malformed Route Distinguisher\n");
2564 return CMD_WARNING;
2565 }
2566 return bgp_show_mpls_vpn(vty, afi, &prd, bgp_show_type_normal,
2567 NULL, 1, 0);
2568 }
2569 return CMD_SUCCESS;
2570 }
2571
2572 DEFUN (show_ip_bgp_vpn_all_neighbor_routes,
2573 show_ip_bgp_vpn_all_neighbor_routes_cmd,
2574 "show [ip] bgp <vpnv4|vpnv6> all neighbors A.B.C.D routes [json]",
2575 SHOW_STR
2576 IP_STR
2577 BGP_STR
2578 BGP_VPNVX_HELP_STR
2579 "Display information about all VPNv4/VPNv6 NLRIs\n"
2580 "Detailed information on TCP and BGP neighbor connections\n"
2581 "Neighbor to display information about\n"
2582 "Display routes learned from neighbor\n"
2583 JSON_STR)
2584 {
2585 int idx_ipv4 = 6;
2586 union sockunion su;
2587 struct peer *peer;
2588 int ret;
2589 bool uj = use_json(argc, argv);
2590 afi_t afi;
2591 int idx = 0;
2592
2593 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
2594 ret = str2sockunion(argv[idx_ipv4]->arg, &su);
2595 if (ret < 0) {
2596 if (uj) {
2597 json_object *json_no = NULL;
2598 json_no = json_object_new_object();
2599 json_object_string_add(json_no, "warning",
2600 "Malformed address");
2601 vty_out(vty, "%s\n",
2602 json_object_to_json_string(json_no));
2603 json_object_free(json_no);
2604 } else
2605 vty_out(vty, "Malformed address: %s\n",
2606 argv[idx_ipv4]->arg);
2607 return CMD_WARNING;
2608 }
2609
2610 peer = peer_lookup(NULL, &su);
2611 if (!peer || !peer->afc[afi][SAFI_MPLS_VPN]) {
2612 if (uj) {
2613 json_object *json_no = NULL;
2614 json_no = json_object_new_object();
2615 json_object_string_add(
2616 json_no, "warning",
2617 "No such neighbor or address family");
2618 vty_out(vty, "%s\n",
2619 json_object_to_json_string(json_no));
2620 json_object_free(json_no);
2621 } else
2622 vty_out(vty,
2623 "%% No such neighbor or address family\n");
2624 return CMD_WARNING;
2625 }
2626
2627 return bgp_show_mpls_vpn(vty, afi, NULL, bgp_show_type_neighbor,
2628 &su, 0, uj);
2629 }
2630 return CMD_SUCCESS;
2631 }
2632
2633 DEFUN (show_ip_bgp_vpn_rd_neighbor_routes,
2634 show_ip_bgp_vpn_rd_neighbor_routes_cmd,
2635 "show [ip] bgp <vpnv4|vpnv6> rd <ASN:NN_OR_IP-ADDRESS:NN|all> neighbors A.B.C.D routes [json]",
2636 SHOW_STR
2637 IP_STR
2638 BGP_STR
2639 BGP_VPNVX_HELP_STR
2640 "Display information for a route distinguisher\n"
2641 "VPN Route Distinguisher\n"
2642 "All VPN Route Distinguishers\n"
2643 "Detailed information on TCP and BGP neighbor connections\n"
2644 "Neighbor to display information about\n"
2645 "Display routes learned from neighbor\n"
2646 JSON_STR)
2647 {
2648 int idx_ext_community = 5;
2649 int idx_ipv4 = 7;
2650 int ret;
2651 union sockunion su;
2652 struct peer *peer;
2653 struct prefix_rd prd;
2654 bool prefix_rd_all = false;
2655 bool uj = use_json(argc, argv);
2656 afi_t afi;
2657 int idx = 0;
2658
2659 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
2660 if (!strcmp(argv[idx_ext_community]->arg, "all"))
2661 prefix_rd_all = true;
2662 else {
2663 ret = str2prefix_rd(argv[idx_ext_community]->arg, &prd);
2664 if (!ret) {
2665 if (uj) {
2666 json_object *json_no = NULL;
2667 json_no = json_object_new_object();
2668 json_object_string_add(
2669 json_no, "warning",
2670 "Malformed Route Distinguisher");
2671 vty_out(vty, "%s\n",
2672 json_object_to_json_string(
2673 json_no));
2674 json_object_free(json_no);
2675 } else
2676 vty_out(vty,
2677 "%% Malformed Route Distinguisher\n");
2678 return CMD_WARNING;
2679 }
2680 }
2681
2682 ret = str2sockunion(argv[idx_ipv4]->arg, &su);
2683 if (ret < 0) {
2684 if (uj) {
2685 json_object *json_no = NULL;
2686 json_no = json_object_new_object();
2687 json_object_string_add(json_no, "warning",
2688 "Malformed address");
2689 vty_out(vty, "%s\n",
2690 json_object_to_json_string(json_no));
2691 json_object_free(json_no);
2692 } else
2693 vty_out(vty, "Malformed address: %s\n",
2694 argv[idx_ext_community]->arg);
2695 return CMD_WARNING;
2696 }
2697
2698 peer = peer_lookup(NULL, &su);
2699 if (!peer || !peer->afc[afi][SAFI_MPLS_VPN]) {
2700 if (uj) {
2701 json_object *json_no = NULL;
2702 json_no = json_object_new_object();
2703 json_object_string_add(
2704 json_no, "warning",
2705 "No such neighbor or address family");
2706 vty_out(vty, "%s\n",
2707 json_object_to_json_string(json_no));
2708 json_object_free(json_no);
2709 } else
2710 vty_out(vty,
2711 "%% No such neighbor or address family\n");
2712 return CMD_WARNING;
2713 }
2714
2715 if (prefix_rd_all)
2716 return bgp_show_mpls_vpn(vty, afi, NULL,
2717 bgp_show_type_neighbor, &su, 0,
2718 uj);
2719 else
2720 return bgp_show_mpls_vpn(vty, afi, &prd,
2721 bgp_show_type_neighbor, &su, 0,
2722 uj);
2723 }
2724 return CMD_SUCCESS;
2725 }
2726
2727 DEFUN (show_ip_bgp_vpn_all_neighbor_advertised_routes,
2728 show_ip_bgp_vpn_all_neighbor_advertised_routes_cmd,
2729 "show [ip] bgp <vpnv4|vpnv6> all neighbors A.B.C.D advertised-routes [json]",
2730 SHOW_STR
2731 IP_STR
2732 BGP_STR
2733 BGP_VPNVX_HELP_STR
2734 "Display information about all VPNv4/VPNv6 NLRIs\n"
2735 "Detailed information on TCP and BGP neighbor connections\n"
2736 "Neighbor to display information about\n"
2737 "Display the routes advertised to a BGP neighbor\n"
2738 JSON_STR)
2739 {
2740 int idx_ipv4 = 6;
2741 int ret;
2742 struct peer *peer;
2743 union sockunion su;
2744 bool uj = use_json(argc, argv);
2745 afi_t afi;
2746 int idx = 0;
2747
2748 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
2749 ret = str2sockunion(argv[idx_ipv4]->arg, &su);
2750 if (ret < 0) {
2751 if (uj) {
2752 json_object *json_no = NULL;
2753 json_no = json_object_new_object();
2754 json_object_string_add(json_no, "warning",
2755 "Malformed address");
2756 vty_out(vty, "%s\n",
2757 json_object_to_json_string(json_no));
2758 json_object_free(json_no);
2759 } else
2760 vty_out(vty, "Malformed address: %s\n",
2761 argv[idx_ipv4]->arg);
2762 return CMD_WARNING;
2763 }
2764 peer = peer_lookup(NULL, &su);
2765 if (!peer || !peer->afc[afi][SAFI_MPLS_VPN]) {
2766 if (uj) {
2767 json_object *json_no = NULL;
2768 json_no = json_object_new_object();
2769 json_object_string_add(
2770 json_no, "warning",
2771 "No such neighbor or address family");
2772 vty_out(vty, "%s\n",
2773 json_object_to_json_string(json_no));
2774 json_object_free(json_no);
2775 } else
2776 vty_out(vty,
2777 "%% No such neighbor or address family\n");
2778 return CMD_WARNING;
2779 }
2780 return show_adj_route_vpn(vty, peer, NULL, AFI_IP,
2781 SAFI_MPLS_VPN, uj);
2782 }
2783 return CMD_SUCCESS;
2784 }
2785
2786 DEFUN (show_ip_bgp_vpn_rd_neighbor_advertised_routes,
2787 show_ip_bgp_vpn_rd_neighbor_advertised_routes_cmd,
2788 "show [ip] bgp <vpnv4|vpnv6> rd <ASN:NN_OR_IP-ADDRESS:NN|all> neighbors A.B.C.D advertised-routes [json]",
2789 SHOW_STR
2790 IP_STR
2791 BGP_STR
2792 BGP_VPNVX_HELP_STR
2793 "Display information for a route distinguisher\n"
2794 "VPN Route Distinguisher\n"
2795 "All VPN Route Distinguishers\n"
2796 "Detailed information on TCP and BGP neighbor connections\n"
2797 "Neighbor to display information about\n"
2798 "Display the routes advertised to a BGP neighbor\n"
2799 JSON_STR)
2800 {
2801 int idx_ext_community = 5;
2802 int idx_ipv4 = 7;
2803 int ret;
2804 struct peer *peer;
2805 struct prefix_rd prd;
2806 union sockunion su;
2807 bool uj = use_json(argc, argv);
2808 afi_t afi;
2809 int idx = 0;
2810
2811 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
2812 ret = str2sockunion(argv[idx_ipv4]->arg, &su);
2813 if (ret < 0) {
2814 if (uj) {
2815 json_object *json_no = NULL;
2816 json_no = json_object_new_object();
2817 json_object_string_add(json_no, "warning",
2818 "Malformed address");
2819 vty_out(vty, "%s\n",
2820 json_object_to_json_string(json_no));
2821 json_object_free(json_no);
2822 } else
2823 vty_out(vty, "Malformed address: %s\n",
2824 argv[idx_ext_community]->arg);
2825 return CMD_WARNING;
2826 }
2827 peer = peer_lookup(NULL, &su);
2828 if (!peer || !peer->afc[afi][SAFI_MPLS_VPN]) {
2829 if (uj) {
2830 json_object *json_no = NULL;
2831 json_no = json_object_new_object();
2832 json_object_string_add(
2833 json_no, "warning",
2834 "No such neighbor or address family");
2835 vty_out(vty, "%s\n",
2836 json_object_to_json_string(json_no));
2837 json_object_free(json_no);
2838 } else
2839 vty_out(vty,
2840 "%% No such neighbor or address family\n");
2841 return CMD_WARNING;
2842 }
2843
2844 if (!strcmp(argv[idx_ext_community]->arg, "all"))
2845 return show_adj_route_vpn(vty, peer, NULL, AFI_IP,
2846 SAFI_MPLS_VPN, uj);
2847 ret = str2prefix_rd(argv[idx_ext_community]->arg, &prd);
2848 if (!ret) {
2849 if (uj) {
2850 json_object *json_no = NULL;
2851 json_no = json_object_new_object();
2852 json_object_string_add(
2853 json_no, "warning",
2854 "Malformed Route Distinguisher");
2855 vty_out(vty, "%s\n",
2856 json_object_to_json_string(json_no));
2857 json_object_free(json_no);
2858 } else
2859 vty_out(vty,
2860 "%% Malformed Route Distinguisher\n");
2861 return CMD_WARNING;
2862 }
2863
2864 return show_adj_route_vpn(vty, peer, &prd, AFI_IP,
2865 SAFI_MPLS_VPN, uj);
2866 }
2867 return CMD_SUCCESS;
2868 }
2869 #endif /* KEEP_OLD_VPN_COMMANDS */
2870
2871 void bgp_mplsvpn_init(void)
2872 {
2873 install_element(BGP_VPNV4_NODE, &vpnv4_network_cmd);
2874 install_element(BGP_VPNV4_NODE, &vpnv4_network_route_map_cmd);
2875 install_element(BGP_VPNV4_NODE, &no_vpnv4_network_cmd);
2876
2877 install_element(BGP_VPNV6_NODE, &vpnv6_network_cmd);
2878 install_element(BGP_VPNV6_NODE, &no_vpnv6_network_cmd);
2879
2880 install_element(VIEW_NODE, &show_bgp_ip_vpn_all_rd_cmd);
2881 install_element(VIEW_NODE, &show_bgp_ip_vpn_rd_cmd);
2882 #ifdef KEEP_OLD_VPN_COMMANDS
2883 install_element(VIEW_NODE, &show_ip_bgp_vpn_rd_cmd);
2884 install_element(VIEW_NODE, &show_ip_bgp_vpn_all_cmd);
2885 install_element(VIEW_NODE, &show_ip_bgp_vpn_all_tags_cmd);
2886 install_element(VIEW_NODE, &show_ip_bgp_vpn_rd_tags_cmd);
2887 install_element(VIEW_NODE, &show_ip_bgp_vpn_all_neighbor_routes_cmd);
2888 install_element(VIEW_NODE, &show_ip_bgp_vpn_rd_neighbor_routes_cmd);
2889 install_element(VIEW_NODE,
2890 &show_ip_bgp_vpn_all_neighbor_advertised_routes_cmd);
2891 install_element(VIEW_NODE,
2892 &show_ip_bgp_vpn_rd_neighbor_advertised_routes_cmd);
2893 #endif /* KEEP_OLD_VPN_COMMANDS */
2894 }
2895
2896 vrf_id_t get_first_vrf_for_redirect_with_rt(struct ecommunity *eckey)
2897 {
2898 struct listnode *mnode, *mnnode;
2899 struct bgp *bgp;
2900 afi_t afi = AFI_IP;
2901
2902 if (eckey->unit_size == IPV6_ECOMMUNITY_SIZE)
2903 afi = AFI_IP6;
2904
2905 for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp)) {
2906 struct ecommunity *ec;
2907
2908 if (bgp->inst_type != BGP_INSTANCE_TYPE_VRF)
2909 continue;
2910
2911 ec = bgp->vpn_policy[afi].import_redirect_rtlist;
2912
2913 if (ec && eckey->unit_size != ec->unit_size)
2914 continue;
2915
2916 if (ecom_intersect(ec, eckey))
2917 return bgp->vrf_id;
2918 }
2919 return VRF_UNKNOWN;
2920 }
2921
2922 /*
2923 * The purpose of this function is to process leaks that were deferred
2924 * from earlier per-vrf configuration due to not-yet-existing default
2925 * vrf, in other words, configuration such as:
2926 *
2927 * router bgp MMM vrf FOO
2928 * address-family ipv4 unicast
2929 * rd vpn export 1:1
2930 * exit-address-family
2931 *
2932 * router bgp NNN
2933 * ...
2934 *
2935 * This function gets called when the default instance ("router bgp NNN")
2936 * is created.
2937 */
2938 void vpn_leak_postchange_all(void)
2939 {
2940 struct listnode *next;
2941 struct bgp *bgp;
2942 struct bgp *bgp_default = bgp_get_default();
2943
2944 assert(bgp_default);
2945
2946 /* First, do any exporting from VRFs to the single VPN RIB */
2947 for (ALL_LIST_ELEMENTS_RO(bm->bgp, next, bgp)) {
2948
2949 if (bgp->inst_type != BGP_INSTANCE_TYPE_VRF)
2950 continue;
2951
2952 vpn_leak_postchange(
2953 BGP_VPN_POLICY_DIR_TOVPN,
2954 AFI_IP,
2955 bgp_default,
2956 bgp);
2957
2958 vpn_leak_postchange(
2959 BGP_VPN_POLICY_DIR_TOVPN,
2960 AFI_IP6,
2961 bgp_default,
2962 bgp);
2963 }
2964
2965 /* Now, do any importing to VRFs from the single VPN RIB */
2966 for (ALL_LIST_ELEMENTS_RO(bm->bgp, next, bgp)) {
2967
2968 if (bgp->inst_type != BGP_INSTANCE_TYPE_VRF)
2969 continue;
2970
2971 vpn_leak_postchange(
2972 BGP_VPN_POLICY_DIR_FROMVPN,
2973 AFI_IP,
2974 bgp_default,
2975 bgp);
2976
2977 vpn_leak_postchange(
2978 BGP_VPN_POLICY_DIR_FROMVPN,
2979 AFI_IP6,
2980 bgp_default,
2981 bgp);
2982 }
2983 }
2984
2985 /* When a bgp vrf instance is unconfigured, remove its routes
2986 * from the VPN table and this vrf could be importing routes from other
2987 * bgp vrf instnaces, unimport them.
2988 * VRF X and VRF Y are exporting routes to each other.
2989 * When VRF X is deleted, unimport its routes from all target vrfs,
2990 * also VRF Y should unimport its routes from VRF X table.
2991 * This will ensure VPN table is cleaned up appropriately.
2992 */
2993 void bgp_vpn_leak_unimport(struct bgp *from_bgp)
2994 {
2995 struct bgp *to_bgp;
2996 const char *tmp_name;
2997 char *vname;
2998 struct listnode *node, *next;
2999 safi_t safi = SAFI_UNICAST;
3000 afi_t afi;
3001 bool is_vrf_leak_bind;
3002 int debug;
3003
3004 if (from_bgp->inst_type != BGP_INSTANCE_TYPE_VRF)
3005 return;
3006
3007 debug = (BGP_DEBUG(vpn, VPN_LEAK_TO_VRF) |
3008 BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF));
3009
3010 tmp_name = from_bgp->name ? from_bgp->name : VRF_DEFAULT_NAME;
3011
3012 for (afi = 0; afi < AFI_MAX; ++afi) {
3013 /* vrf leak is for IPv4 and IPv6 Unicast only */
3014 if (afi != AFI_IP && afi != AFI_IP6)
3015 continue;
3016
3017 for (ALL_LIST_ELEMENTS_RO(bm->bgp, next, to_bgp)) {
3018 if (from_bgp == to_bgp)
3019 continue;
3020
3021 /* Unimport and remove source vrf from the
3022 * other vrfs import list.
3023 */
3024 struct vpn_policy *to_vpolicy;
3025
3026 is_vrf_leak_bind = false;
3027 to_vpolicy = &(to_bgp->vpn_policy[afi]);
3028 for (ALL_LIST_ELEMENTS_RO(to_vpolicy->import_vrf, node,
3029 vname)) {
3030 if (strcmp(vname, tmp_name) == 0) {
3031 is_vrf_leak_bind = true;
3032 break;
3033 }
3034 }
3035 /* skip this bgp instance as there is no leak to this
3036 * vrf instance.
3037 */
3038 if (!is_vrf_leak_bind)
3039 continue;
3040
3041 if (debug)
3042 zlog_debug("%s: unimport routes from %s to_bgp %s afi %s import vrfs count %u",
3043 __func__, from_bgp->name_pretty,
3044 to_bgp->name_pretty, afi2str(afi),
3045 to_vpolicy->import_vrf->count);
3046
3047 vrf_unimport_from_vrf(to_bgp, from_bgp, afi, safi);
3048
3049 /* readd vrf name as unimport removes import vrf name
3050 * from the destination vrf's import list where the
3051 * `import vrf` configuration still exist.
3052 */
3053 vname = XSTRDUP(MTYPE_TMP, tmp_name);
3054 listnode_add(to_bgp->vpn_policy[afi].import_vrf,
3055 vname);
3056 SET_FLAG(to_bgp->af_flags[afi][safi],
3057 BGP_CONFIG_VRF_TO_VRF_IMPORT);
3058
3059 /* If to_bgp exports its routes to the bgp vrf
3060 * which is being deleted, un-import the
3061 * to_bgp routes from VPN.
3062 */
3063 for (ALL_LIST_ELEMENTS_RO(to_bgp->vpn_policy[afi]
3064 .export_vrf, node,
3065 vname)) {
3066 if (strcmp(vname, tmp_name) == 0) {
3067 vrf_unimport_from_vrf(from_bgp, to_bgp,
3068 afi, safi);
3069 break;
3070 }
3071 }
3072 }
3073 }
3074 return;
3075 }
3076
3077 /* When a router bgp is configured, there could be a bgp vrf
3078 * instance importing routes from this newly configured
3079 * bgp vrf instance. Export routes from configured
3080 * bgp vrf to VPN.
3081 * VRF Y has import from bgp vrf x,
3082 * when a bgp vrf x instance is created, export its routes
3083 * to VRF Y instance.
3084 */
3085 void bgp_vpn_leak_export(struct bgp *from_bgp)
3086 {
3087 afi_t afi;
3088 const char *export_name;
3089 char *vname;
3090 struct listnode *node, *next;
3091 struct ecommunity *ecom;
3092 vpn_policy_direction_t idir, edir;
3093 safi_t safi = SAFI_UNICAST;
3094 struct bgp *to_bgp;
3095 int debug;
3096
3097 debug = (BGP_DEBUG(vpn, VPN_LEAK_TO_VRF) |
3098 BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF));
3099
3100 idir = BGP_VPN_POLICY_DIR_FROMVPN;
3101 edir = BGP_VPN_POLICY_DIR_TOVPN;
3102
3103 export_name = from_bgp->name ? from_bgp->name : VRF_DEFAULT_NAME;
3104
3105 for (afi = 0; afi < AFI_MAX; ++afi) {
3106 /* vrf leak is for IPv4 and IPv6 Unicast only */
3107 if (afi != AFI_IP && afi != AFI_IP6)
3108 continue;
3109
3110 for (ALL_LIST_ELEMENTS_RO(bm->bgp, next, to_bgp)) {
3111 if (from_bgp == to_bgp)
3112 continue;
3113
3114 /* bgp instance has import list, check to see if newly
3115 * configured bgp instance is the list.
3116 */
3117 struct vpn_policy *to_vpolicy;
3118
3119 to_vpolicy = &(to_bgp->vpn_policy[afi]);
3120 for (ALL_LIST_ELEMENTS_RO(to_vpolicy->import_vrf,
3121 node, vname)) {
3122 if (strcmp(vname, export_name) != 0)
3123 continue;
3124
3125 if (debug)
3126 zlog_debug("%s: found from_bgp %s in to_bgp %s import list, import routes.",
3127 __func__,
3128 export_name, to_bgp->name_pretty);
3129
3130 ecom = from_bgp->vpn_policy[afi].rtlist[edir];
3131 /* remove import rt, it will be readded
3132 * as part of import from vrf.
3133 */
3134 if (ecom)
3135 ecommunity_del_val(
3136 to_vpolicy->rtlist[idir],
3137 (struct ecommunity_val *)
3138 ecom->val);
3139 vrf_import_from_vrf(to_bgp, from_bgp,
3140 afi, safi);
3141 break;
3142
3143 }
3144 }
3145 }
3146 }
FRRouting mirror