]> git.proxmox.com Git - mirror_frr.git/blob - bgpd/bgp_mplsvpn.c
projects / mirror_frr.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
bgpd: fix prefix VRF leaking with 'network import-check' (2/5)
[mirror_frr.git] / bgpd / bgp_mplsvpn.c
1 /* MPLS-VPN
2 * Copyright (C) 2000 Kunihiro Ishiguro <kunihiro@zebra.org>
3 *
4 * This file is part of GNU Zebra.
5 *
6 * GNU Zebra is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2, or (at your option) any
9 * later version.
10 *
11 * GNU Zebra is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License along
17 * with this program; see the file COPYING; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
19 */
20
21 #include <zebra.h>
22
23 #include "command.h"
24 #include "prefix.h"
25 #include "log.h"
26 #include "memory.h"
27 #include "stream.h"
28 #include "queue.h"
29 #include "filter.h"
30 #include "mpls.h"
31 #include "json.h"
32 #include "zclient.h"
33
34 #include "bgpd/bgpd.h"
35 #include "bgpd/bgp_debug.h"
36 #include "bgpd/bgp_errors.h"
37 #include "bgpd/bgp_table.h"
38 #include "bgpd/bgp_route.h"
39 #include "bgpd/bgp_attr.h"
40 #include "bgpd/bgp_label.h"
41 #include "bgpd/bgp_mplsvpn.h"
42 #include "bgpd/bgp_packet.h"
43 #include "bgpd/bgp_vty.h"
44 #include "bgpd/bgp_vpn.h"
45 #include "bgpd/bgp_community.h"
46 #include "bgpd/bgp_ecommunity.h"
47 #include "bgpd/bgp_zebra.h"
48 #include "bgpd/bgp_nexthop.h"
49 #include "bgpd/bgp_nht.h"
50 #include "bgpd/bgp_evpn.h"
51 #include "bgpd/bgp_memory.h"
52
53 #ifdef ENABLE_BGP_VNC
54 #include "bgpd/rfapi/rfapi_backend.h"
55 #endif
56
57 /*
58 * Definitions and external declarations.
59 */
60 extern struct zclient *zclient;
61
62 extern int argv_find_and_parse_vpnvx(struct cmd_token **argv, int argc,
63 int *index, afi_t *afi)
64 {
65 int ret = 0;
66 if (argv_find(argv, argc, "vpnv4", index)) {
67 ret = 1;
68 if (afi)
69 *afi = AFI_IP;
70 } else if (argv_find(argv, argc, "vpnv6", index)) {
71 ret = 1;
72 if (afi)
73 *afi = AFI_IP6;
74 }
75 return ret;
76 }
77
78 uint32_t decode_label(mpls_label_t *label_pnt)
79 {
80 uint32_t l;
81 uint8_t *pnt = (uint8_t *)label_pnt;
82
83 l = ((uint32_t)*pnt++ << 12);
84 l |= (uint32_t)*pnt++ << 4;
85 l |= (uint32_t)((*pnt & 0xf0) >> 4);
86 return l;
87 }
88
89 void encode_label(mpls_label_t label, mpls_label_t *label_pnt)
90 {
91 uint8_t *pnt = (uint8_t *)label_pnt;
92 if (pnt == NULL)
93 return;
94 if (label == BGP_PREVENT_VRF_2_VRF_LEAK) {
95 *label_pnt = label;
96 return;
97 }
98 *pnt++ = (label >> 12) & 0xff;
99 *pnt++ = (label >> 4) & 0xff;
100 *pnt++ = ((label << 4) + 1) & 0xff; /* S=1 */
101 }
102
103 int bgp_nlri_parse_vpn(struct peer *peer, struct attr *attr,
104 struct bgp_nlri *packet)
105 {
106 struct prefix p;
107 uint8_t psize = 0;
108 uint8_t prefixlen;
109 uint16_t type;
110 struct rd_as rd_as;
111 struct rd_ip rd_ip;
112 struct prefix_rd prd = {0};
113 mpls_label_t label = {0};
114 afi_t afi;
115 safi_t safi;
116 bool addpath_capable;
117 uint32_t addpath_id;
118 int ret = 0;
119
120 /* Make prefix_rd */
121 prd.family = AF_UNSPEC;
122 prd.prefixlen = 64;
123
124 struct stream *data = stream_new(packet->length);
125 stream_put(data, packet->nlri, packet->length);
126 afi = packet->afi;
127 safi = packet->safi;
128 addpath_id = 0;
129
130 addpath_capable = bgp_addpath_encode_rx(peer, afi, safi);
131
132 #define VPN_PREFIXLEN_MIN_BYTES (3 + 8) /* label + RD */
133 while (STREAM_READABLE(data) > 0) {
134 /* Clear prefix structure. */
135 memset(&p, 0, sizeof(p));
136
137 if (addpath_capable) {
138 STREAM_GET(&addpath_id, data, BGP_ADDPATH_ID_LEN);
139 addpath_id = ntohl(addpath_id);
140 }
141
142 if (STREAM_READABLE(data) < 1) {
143 flog_err(
144 EC_BGP_UPDATE_RCV,
145 "%s [Error] Update packet error / VPN (truncated NLRI of size %u; no prefix length)",
146 peer->host, packet->length);
147 ret = BGP_NLRI_PARSE_ERROR_PACKET_LENGTH;
148 goto done;
149 }
150
151 /* Fetch prefix length. */
152 STREAM_GETC(data, prefixlen);
153 p.family = afi2family(packet->afi);
154 psize = PSIZE(prefixlen);
155
156 if (prefixlen < VPN_PREFIXLEN_MIN_BYTES * 8) {
157 flog_err(
158 EC_BGP_UPDATE_RCV,
159 "%s [Error] Update packet error / VPN (prefix length %d less than VPN min length)",
160 peer->host, prefixlen);
161 ret = BGP_NLRI_PARSE_ERROR_PREFIX_LENGTH;
162 goto done;
163 }
164
165 /* sanity check against packet data */
166 if (STREAM_READABLE(data) < psize) {
167 flog_err(
168 EC_BGP_UPDATE_RCV,
169 "%s [Error] Update packet error / VPN (prefix length %d exceeds packet size %u)",
170 peer->host, prefixlen, packet->length);
171 ret = BGP_NLRI_PARSE_ERROR_PACKET_OVERFLOW;
172 goto done;
173 }
174
175 /* sanity check against storage for the IP address portion */
176 if ((psize - VPN_PREFIXLEN_MIN_BYTES) > (ssize_t)sizeof(p.u)) {
177 flog_err(
178 EC_BGP_UPDATE_RCV,
179 "%s [Error] Update packet error / VPN (psize %d exceeds storage size %zu)",
180 peer->host,
181 prefixlen - VPN_PREFIXLEN_MIN_BYTES * 8,
182 sizeof(p.u));
183 ret = BGP_NLRI_PARSE_ERROR_PACKET_LENGTH;
184 goto done;
185 }
186
187 /* Sanity check against max bitlen of the address family */
188 if ((psize - VPN_PREFIXLEN_MIN_BYTES) > prefix_blen(&p)) {
189 flog_err(
190 EC_BGP_UPDATE_RCV,
191 "%s [Error] Update packet error / VPN (psize %d exceeds family (%u) max byte len %u)",
192 peer->host,
193 prefixlen - VPN_PREFIXLEN_MIN_BYTES * 8,
194 p.family, prefix_blen(&p));
195 ret = BGP_NLRI_PARSE_ERROR_PACKET_LENGTH;
196 goto done;
197 }
198
199 /* Copy label to prefix. */
200 if (STREAM_READABLE(data) < BGP_LABEL_BYTES) {
201 flog_err(
202 EC_BGP_UPDATE_RCV,
203 "%s [Error] Update packet error / VPN (truncated NLRI of size %u; no label)",
204 peer->host, packet->length);
205 ret = BGP_NLRI_PARSE_ERROR_PACKET_LENGTH;
206 goto done;
207 }
208
209 STREAM_GET(&label, data, BGP_LABEL_BYTES);
210 bgp_set_valid_label(&label);
211
212 /* Copy routing distinguisher to rd. */
213 if (STREAM_READABLE(data) < 8) {
214 flog_err(
215 EC_BGP_UPDATE_RCV,
216 "%s [Error] Update packet error / VPN (truncated NLRI of size %u; no RD)",
217 peer->host, packet->length);
218 ret = BGP_NLRI_PARSE_ERROR_PACKET_LENGTH;
219 goto done;
220 }
221 STREAM_GET(&prd.val, data, 8);
222
223 /* Decode RD type. */
224 type = decode_rd_type(prd.val);
225
226 switch (type) {
227 case RD_TYPE_AS:
228 decode_rd_as(&prd.val[2], &rd_as);
229 break;
230
231 case RD_TYPE_AS4:
232 decode_rd_as4(&prd.val[2], &rd_as);
233 break;
234
235 case RD_TYPE_IP:
236 decode_rd_ip(&prd.val[2], &rd_ip);
237 break;
238
239 #ifdef ENABLE_BGP_VNC
240 case RD_TYPE_VNC_ETH:
241 break;
242 #endif
243
244 default:
245 flog_err(EC_BGP_UPDATE_RCV, "Unknown RD type %d", type);
246 break; /* just report */
247 }
248
249 /* exclude label & RD */
250 p.prefixlen = prefixlen - VPN_PREFIXLEN_MIN_BYTES * 8;
251 STREAM_GET(p.u.val, data, psize - VPN_PREFIXLEN_MIN_BYTES);
252
253 if (attr) {
254 bgp_update(peer, &p, addpath_id, attr, packet->afi,
255 SAFI_MPLS_VPN, ZEBRA_ROUTE_BGP,
256 BGP_ROUTE_NORMAL, &prd, &label, 1, 0, NULL);
257 } else {
258 bgp_withdraw(peer, &p, addpath_id, attr, packet->afi,
259 SAFI_MPLS_VPN, ZEBRA_ROUTE_BGP,
260 BGP_ROUTE_NORMAL, &prd, &label, 1, NULL);
261 }
262 }
263 /* Packet length consistency check. */
264 if (STREAM_READABLE(data) != 0) {
265 flog_err(
266 EC_BGP_UPDATE_RCV,
267 "%s [Error] Update packet error / VPN (%zu data remaining after parsing)",
268 peer->host, STREAM_READABLE(data));
269 return BGP_NLRI_PARSE_ERROR_PACKET_LENGTH;
270 }
271
272 goto done;
273
274 stream_failure:
275 flog_err(
276 EC_BGP_UPDATE_RCV,
277 "%s [Error] Update packet error / VPN (NLRI of size %u - length error)",
278 peer->host, packet->length);
279 ret = BGP_NLRI_PARSE_ERROR_PACKET_LENGTH;
280
281 done:
282 stream_free(data);
283 return ret;
284
285 #undef VPN_PREFIXLEN_MIN_BYTES
286 }
287
288 /*
289 * This function informs zebra of the label this vrf sets on routes
290 * leaked to VPN. Zebra should install this label in the kernel with
291 * an action of "pop label and then use this vrf's IP FIB to route the PDU."
292 *
293 * Sending this vrf-label association is qualified by a) whether vrf->vpn
294 * exporting is active ("export vpn" is enabled, vpn-policy RD and RT list
295 * are set) and b) whether vpn-policy label is set.
296 *
297 * If any of these conditions do not hold, then we send MPLS_LABEL_NONE
298 * for this vrf, which zebra interprets to mean "delete this vrf-label
299 * association."
300 */
301 void vpn_leak_zebra_vrf_label_update(struct bgp *bgp, afi_t afi)
302 {
303 mpls_label_t label = MPLS_LABEL_NONE;
304 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
305
306 if (bgp->vrf_id == VRF_UNKNOWN) {
307 if (debug) {
308 zlog_debug(
309 "%s: vrf %s: afi %s: vrf_id not set, can't set zebra vrf label",
310 __func__, bgp->name_pretty, afi2str(afi));
311 }
312 return;
313 }
314
315 if (vpn_leak_to_vpn_active(bgp, afi, NULL)) {
316 label = bgp->vpn_policy[afi].tovpn_label;
317 }
318
319 if (debug) {
320 zlog_debug("%s: vrf %s: afi %s: setting label %d for vrf id %d",
321 __func__, bgp->name_pretty, afi2str(afi), label,
322 bgp->vrf_id);
323 }
324
325 if (label == BGP_PREVENT_VRF_2_VRF_LEAK)
326 label = MPLS_LABEL_NONE;
327 zclient_send_vrf_label(zclient, bgp->vrf_id, afi, label, ZEBRA_LSP_BGP);
328 bgp->vpn_policy[afi].tovpn_zebra_vrf_label_last_sent = label;
329 }
330
331 /*
332 * If zebra tells us vrf has become unconfigured, tell zebra not to
333 * use this label to forward to the vrf anymore
334 */
335 void vpn_leak_zebra_vrf_label_withdraw(struct bgp *bgp, afi_t afi)
336 {
337 mpls_label_t label = MPLS_LABEL_NONE;
338 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
339
340 if (bgp->vrf_id == VRF_UNKNOWN) {
341 if (debug) {
342 zlog_debug(
343 "%s: vrf_id not set, can't delete zebra vrf label",
344 __func__);
345 }
346 return;
347 }
348
349 if (debug) {
350 zlog_debug("%s: deleting label for vrf %s (id=%d)", __func__,
351 bgp->name_pretty, bgp->vrf_id);
352 }
353
354 zclient_send_vrf_label(zclient, bgp->vrf_id, afi, label, ZEBRA_LSP_BGP);
355 bgp->vpn_policy[afi].tovpn_zebra_vrf_label_last_sent = label;
356 }
357
358 /*
359 * This function informs zebra of the srv6-function this vrf sets on routes
360 * leaked to VPN. Zebra should install this srv6-function in the kernel with
361 * an action of "End.DT4/6's IP FIB to route the PDU."
362 */
363 void vpn_leak_zebra_vrf_sid_update_per_af(struct bgp *bgp, afi_t afi)
364 {
365 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
366 enum seg6local_action_t act;
367 struct seg6local_context ctx = {};
368 struct in6_addr *tovpn_sid = NULL;
369 struct in6_addr *tovpn_sid_ls = NULL;
370 struct vrf *vrf;
371
372 if (bgp->vrf_id == VRF_UNKNOWN) {
373 if (debug)
374 zlog_debug("%s: vrf %s: afi %s: vrf_id not set, can't set zebra vrf label",
375 __func__, bgp->name_pretty, afi2str(afi));
376 return;
377 }
378
379 tovpn_sid = bgp->vpn_policy[afi].tovpn_sid;
380 if (!tovpn_sid) {
381 if (debug)
382 zlog_debug("%s: vrf %s: afi %s: sid not set", __func__,
383 bgp->name_pretty, afi2str(afi));
384 return;
385 }
386
387 if (debug)
388 zlog_debug("%s: vrf %s: afi %s: setting sid %pI6 for vrf id %d",
389 __func__, bgp->name_pretty, afi2str(afi), tovpn_sid,
390 bgp->vrf_id);
391
392 vrf = vrf_lookup_by_id(bgp->vrf_id);
393 if (!vrf)
394 return;
395
396 ctx.table = vrf->data.l.table_id;
397 act = afi == AFI_IP ? ZEBRA_SEG6_LOCAL_ACTION_END_DT4
398 : ZEBRA_SEG6_LOCAL_ACTION_END_DT6;
399 zclient_send_localsid(zclient, tovpn_sid, bgp->vrf_id, act, &ctx);
400
401 tovpn_sid_ls = XCALLOC(MTYPE_BGP_SRV6_SID, sizeof(struct in6_addr));
402 *tovpn_sid_ls = *tovpn_sid;
403 bgp->vpn_policy[afi].tovpn_zebra_vrf_sid_last_sent = tovpn_sid_ls;
404 }
405
406 /*
407 * This function informs zebra of the srv6-function this vrf sets on routes
408 * leaked to VPN. Zebra should install this srv6-function in the kernel with
409 * an action of "End.DT46's IP FIB to route the PDU."
410 */
411 void vpn_leak_zebra_vrf_sid_update_per_vrf(struct bgp *bgp)
412 {
413 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
414 enum seg6local_action_t act;
415 struct seg6local_context ctx = {};
416 struct in6_addr *tovpn_sid = NULL;
417 struct in6_addr *tovpn_sid_ls = NULL;
418 struct vrf *vrf;
419
420 if (bgp->vrf_id == VRF_UNKNOWN) {
421 if (debug)
422 zlog_debug(
423 "%s: vrf %s: vrf_id not set, can't set zebra vrf label",
424 __func__, bgp->name_pretty);
425 return;
426 }
427
428 tovpn_sid = bgp->tovpn_sid;
429 if (!tovpn_sid) {
430 if (debug)
431 zlog_debug("%s: vrf %s: sid not set", __func__,
432 bgp->name_pretty);
433 return;
434 }
435
436 if (debug)
437 zlog_debug("%s: vrf %s: setting sid %pI6 for vrf id %d",
438 __func__, bgp->name_pretty, tovpn_sid, bgp->vrf_id);
439
440 vrf = vrf_lookup_by_id(bgp->vrf_id);
441 if (!vrf)
442 return;
443
444 ctx.table = vrf->data.l.table_id;
445 act = ZEBRA_SEG6_LOCAL_ACTION_END_DT46;
446 zclient_send_localsid(zclient, tovpn_sid, bgp->vrf_id, act, &ctx);
447
448 tovpn_sid_ls = XCALLOC(MTYPE_BGP_SRV6_SID, sizeof(struct in6_addr));
449 *tovpn_sid_ls = *tovpn_sid;
450 bgp->tovpn_zebra_vrf_sid_last_sent = tovpn_sid_ls;
451 }
452
453 /*
454 * This function informs zebra of the srv6-function this vrf sets on routes
455 * leaked to VPN. Zebra should install this srv6-function in the kernel with
456 * an action of "End.DT4/6/46's IP FIB to route the PDU."
457 */
458 void vpn_leak_zebra_vrf_sid_update(struct bgp *bgp, afi_t afi)
459 {
460 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
461
462 if (bgp->vpn_policy[afi].tovpn_sid)
463 return vpn_leak_zebra_vrf_sid_update_per_af(bgp, afi);
464
465 if (bgp->tovpn_sid)
466 return vpn_leak_zebra_vrf_sid_update_per_vrf(bgp);
467
468 if (debug)
469 zlog_debug("%s: vrf %s: afi %s: sid not set", __func__,
470 bgp->name_pretty, afi2str(afi));
471 }
472
473 /*
474 * If zebra tells us vrf has become unconfigured, tell zebra not to
475 * use this srv6-function to forward to the vrf anymore
476 */
477 void vpn_leak_zebra_vrf_sid_withdraw_per_af(struct bgp *bgp, afi_t afi)
478 {
479 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
480
481 if (bgp->vrf_id == VRF_UNKNOWN) {
482 if (debug)
483 zlog_debug("%s: vrf %s: afi %s: vrf_id not set, can't set zebra vrf label",
484 __func__, bgp->name_pretty, afi2str(afi));
485 return;
486 }
487
488 if (debug)
489 zlog_debug("%s: deleting sid for vrf %s afi (id=%d)", __func__,
490 bgp->name_pretty, bgp->vrf_id);
491
492 zclient_send_localsid(zclient,
493 bgp->vpn_policy[afi].tovpn_zebra_vrf_sid_last_sent,
494 bgp->vrf_id, ZEBRA_SEG6_LOCAL_ACTION_UNSPEC, NULL);
495 XFREE(MTYPE_BGP_SRV6_SID,
496 bgp->vpn_policy[afi].tovpn_zebra_vrf_sid_last_sent);
497 }
498
499 /*
500 * If zebra tells us vrf has become unconfigured, tell zebra not to
501 * use this srv6-function to forward to the vrf anymore
502 */
503 void vpn_leak_zebra_vrf_sid_withdraw_per_vrf(struct bgp *bgp)
504 {
505 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
506
507 if (bgp->vrf_id == VRF_UNKNOWN) {
508 if (debug)
509 zlog_debug(
510 "%s: vrf %s: vrf_id not set, can't set zebra vrf label",
511 __func__, bgp->name_pretty);
512 return;
513 }
514
515 if (debug)
516 zlog_debug("%s: deleting sid for vrf %s (id=%d)", __func__,
517 bgp->name_pretty, bgp->vrf_id);
518
519 zclient_send_localsid(zclient, bgp->tovpn_zebra_vrf_sid_last_sent,
520 bgp->vrf_id, ZEBRA_SEG6_LOCAL_ACTION_UNSPEC,
521 NULL);
522 XFREE(MTYPE_BGP_SRV6_SID, bgp->tovpn_zebra_vrf_sid_last_sent);
523 }
524
525 /*
526 * If zebra tells us vrf has become unconfigured, tell zebra not to
527 * use this srv6-function to forward to the vrf anymore
528 */
529 void vpn_leak_zebra_vrf_sid_withdraw(struct bgp *bgp, afi_t afi)
530 {
531 if (bgp->vpn_policy[afi].tovpn_zebra_vrf_sid_last_sent)
532 vpn_leak_zebra_vrf_sid_withdraw_per_af(bgp, afi);
533
534 if (bgp->tovpn_zebra_vrf_sid_last_sent)
535 vpn_leak_zebra_vrf_sid_withdraw_per_vrf(bgp);
536 }
537
538 int vpn_leak_label_callback(
539 mpls_label_t label,
540 void *labelid,
541 bool allocated)
542 {
543 struct vpn_policy *vp = (struct vpn_policy *)labelid;
544 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
545
546 if (debug)
547 zlog_debug("%s: label=%u, allocated=%d",
548 __func__, label, allocated);
549
550 if (!allocated) {
551 /*
552 * previously-allocated label is now invalid
553 */
554 if (CHECK_FLAG(vp->flags, BGP_VPN_POLICY_TOVPN_LABEL_AUTO) &&
555 (vp->tovpn_label != MPLS_LABEL_NONE)) {
556
557 vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN,
558 vp->afi, bgp_get_default(), vp->bgp);
559 vp->tovpn_label = MPLS_LABEL_NONE;
560 vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN,
561 vp->afi, bgp_get_default(), vp->bgp);
562 }
563 return 0;
564 }
565
566 /*
567 * New label allocation
568 */
569 if (!CHECK_FLAG(vp->flags, BGP_VPN_POLICY_TOVPN_LABEL_AUTO)) {
570
571 /*
572 * not currently configured for auto label, reject allocation
573 */
574 return -1;
575 }
576
577 if (vp->tovpn_label != MPLS_LABEL_NONE) {
578 if (label == vp->tovpn_label) {
579 /* already have same label, accept but do nothing */
580 return 0;
581 }
582 /* Shouldn't happen: different label allocation */
583 flog_err(EC_BGP_LABEL,
584 "%s: %s had label %u but got new assignment %u",
585 __func__, vp->bgp->name_pretty, vp->tovpn_label,
586 label);
587 /* use new one */
588 }
589
590 vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN,
591 vp->afi, bgp_get_default(), vp->bgp);
592 vp->tovpn_label = label;
593 vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN,
594 vp->afi, bgp_get_default(), vp->bgp);
595
596 return 0;
597 }
598
599 static void sid_register(struct bgp *bgp, const struct in6_addr *sid,
600 const char *locator_name)
601 {
602 struct bgp_srv6_function *func;
603 func = XCALLOC(MTYPE_BGP_SRV6_FUNCTION,
604 sizeof(struct bgp_srv6_function));
605 func->sid = *sid;
606 snprintf(func->locator_name, sizeof(func->locator_name),
607 "%s", locator_name);
608 listnode_add(bgp->srv6_functions, func);
609 }
610
611 static void sid_unregister(struct bgp *bgp, const struct in6_addr *sid)
612 {
613 struct listnode *node, *nnode;
614 struct bgp_srv6_function *func;
615
616 for (ALL_LIST_ELEMENTS(bgp->srv6_functions, node, nnode, func))
617 if (sid_same(&func->sid, sid)) {
618 listnode_delete(bgp->srv6_functions, func);
619 XFREE(MTYPE_BGP_SRV6_FUNCTION, func);
620 }
621 }
622
623 static bool sid_exist(struct bgp *bgp, const struct in6_addr *sid)
624 {
625 struct listnode *node;
626 struct bgp_srv6_function *func;
627
628 for (ALL_LIST_ELEMENTS_RO(bgp->srv6_functions, node, func))
629 if (sid_same(&func->sid, sid))
630 return true;
631 return false;
632 }
633
634 /*
635 * This function generates a new SID based on bgp->srv6_locator_chunks and
636 * index. The locator and generated SID are stored in arguments sid_locator
637 * and sid, respectively.
638 *
639 * if index != 0: try to allocate as index-mode
640 * else: try to allocate as auto-mode
641 */
642 static uint32_t alloc_new_sid(struct bgp *bgp, uint32_t index,
643 struct srv6_locator_chunk *sid_locator_chunk,
644 struct in6_addr *sid)
645 {
646 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
647 struct listnode *node;
648 struct srv6_locator_chunk *chunk;
649 bool alloced = false;
650 int label = 0;
651 uint8_t offset = 0;
652 uint8_t func_len = 0, shift_len = 0;
653 uint32_t index_max = 0;
654
655 if (!bgp || !sid_locator_chunk || !sid)
656 return false;
657
658 for (ALL_LIST_ELEMENTS_RO(bgp->srv6_locator_chunks, node, chunk)) {
659 if (chunk->function_bits_length >
660 BGP_PREFIX_SID_SRV6_MAX_FUNCTION_LENGTH) {
661 if (debug)
662 zlog_debug(
663 "%s: invalid SRv6 Locator chunk (%pFX): Function Length must be less or equal to %d",
664 __func__, &chunk->prefix,
665 BGP_PREFIX_SID_SRV6_MAX_FUNCTION_LENGTH);
666 continue;
667 }
668
669 index_max = (1 << chunk->function_bits_length) - 1;
670
671 if (index > index_max) {
672 if (debug)
673 zlog_debug(
674 "%s: skipped SRv6 Locator chunk (%pFX): Function Length is too short to support specified index (%u)",
675 __func__, &chunk->prefix, index);
676 continue;
677 }
678
679 *sid = chunk->prefix.prefix;
680 *sid_locator_chunk = *chunk;
681 offset = chunk->block_bits_length + chunk->node_bits_length;
682 func_len = chunk->function_bits_length;
683 shift_len = BGP_PREFIX_SID_SRV6_MAX_FUNCTION_LENGTH - func_len;
684
685 if (index != 0) {
686 label = index << shift_len;
687 if (label < MPLS_LABEL_UNRESERVED_MIN) {
688 if (debug)
689 zlog_debug(
690 "%s: skipped to allocate SRv6 SID (%pFX): Label (%u) is too small to use",
691 __func__, &chunk->prefix,
692 label);
693 continue;
694 }
695
696 transpose_sid(sid, label, offset, func_len);
697 if (sid_exist(bgp, sid))
698 continue;
699 alloced = true;
700 break;
701 }
702
703 for (uint32_t i = 1; i < index_max; i++) {
704 label = i << shift_len;
705 if (label < MPLS_LABEL_UNRESERVED_MIN) {
706 if (debug)
707 zlog_debug(
708 "%s: skipped to allocate SRv6 SID (%pFX): Label (%u) is too small to use",
709 __func__, &chunk->prefix,
710 label);
711 continue;
712 }
713 transpose_sid(sid, label, offset, func_len);
714 if (sid_exist(bgp, sid))
715 continue;
716 alloced = true;
717 break;
718 }
719 }
720
721 if (!alloced)
722 return 0;
723
724 sid_register(bgp, sid, bgp->srv6_locator_name);
725 return label;
726 }
727
728 void ensure_vrf_tovpn_sid_per_af(struct bgp *bgp_vpn, struct bgp *bgp_vrf,
729 afi_t afi)
730 {
731 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
732 struct srv6_locator_chunk *tovpn_sid_locator;
733 struct in6_addr *tovpn_sid;
734 uint32_t tovpn_sid_index = 0, tovpn_sid_transpose_label;
735 bool tovpn_sid_auto = false;
736
737 if (debug)
738 zlog_debug("%s: try to allocate new SID for vrf %s: afi %s",
739 __func__, bgp_vrf->name_pretty, afi2str(afi));
740
741 /* skip when tovpn sid is already allocated on vrf instance */
742 if (bgp_vrf->vpn_policy[afi].tovpn_sid)
743 return;
744
745 /*
746 * skip when bgp vpn instance ins't allocated
747 * or srv6 locator chunk isn't allocated
748 */
749 if (!bgp_vpn || !bgp_vpn->srv6_locator_chunks)
750 return;
751
752 tovpn_sid_index = bgp_vrf->vpn_policy[afi].tovpn_sid_index;
753 tovpn_sid_auto = CHECK_FLAG(bgp_vrf->vpn_policy[afi].flags,
754 BGP_VPN_POLICY_TOVPN_SID_AUTO);
755
756 /* skip when VPN isn't configured on vrf-instance */
757 if (tovpn_sid_index == 0 && !tovpn_sid_auto)
758 return;
759
760 /* check invalid case both configured index and auto */
761 if (tovpn_sid_index != 0 && tovpn_sid_auto) {
762 zlog_err("%s: index-mode and auto-mode both selected. ignored.",
763 __func__);
764 return;
765 }
766
767 tovpn_sid_locator = srv6_locator_chunk_alloc();
768 tovpn_sid = XCALLOC(MTYPE_BGP_SRV6_SID, sizeof(struct in6_addr));
769
770 tovpn_sid_transpose_label = alloc_new_sid(bgp_vpn, tovpn_sid_index,
771 tovpn_sid_locator, tovpn_sid);
772
773 if (tovpn_sid_transpose_label == 0) {
774 if (debug)
775 zlog_debug(
776 "%s: not allocated new sid for vrf %s: afi %s",
777 __func__, bgp_vrf->name_pretty, afi2str(afi));
778 srv6_locator_chunk_free(&tovpn_sid_locator);
779 XFREE(MTYPE_BGP_SRV6_SID, tovpn_sid);
780 return;
781 }
782
783 if (debug)
784 zlog_debug("%s: new sid %pI6 allocated for vrf %s: afi %s",
785 __func__, tovpn_sid, bgp_vrf->name_pretty,
786 afi2str(afi));
787
788 bgp_vrf->vpn_policy[afi].tovpn_sid = tovpn_sid;
789 bgp_vrf->vpn_policy[afi].tovpn_sid_locator = tovpn_sid_locator;
790 bgp_vrf->vpn_policy[afi].tovpn_sid_transpose_label =
791 tovpn_sid_transpose_label;
792 }
793
794 void ensure_vrf_tovpn_sid_per_vrf(struct bgp *bgp_vpn, struct bgp *bgp_vrf)
795 {
796 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
797 struct srv6_locator_chunk *tovpn_sid_locator;
798 struct in6_addr *tovpn_sid;
799 uint32_t tovpn_sid_index = 0, tovpn_sid_transpose_label;
800 bool tovpn_sid_auto = false;
801
802 if (debug)
803 zlog_debug("%s: try to allocate new SID for vrf %s", __func__,
804 bgp_vrf->name_pretty);
805
806 /* skip when tovpn sid is already allocated on vrf instance */
807 if (bgp_vrf->tovpn_sid)
808 return;
809
810 /*
811 * skip when bgp vpn instance ins't allocated
812 * or srv6 locator chunk isn't allocated
813 */
814 if (!bgp_vpn || !bgp_vpn->srv6_locator_chunks)
815 return;
816
817 tovpn_sid_index = bgp_vrf->tovpn_sid_index;
818 tovpn_sid_auto = CHECK_FLAG(bgp_vrf->vrf_flags, BGP_VRF_TOVPN_SID_AUTO);
819
820 /* skip when VPN isn't configured on vrf-instance */
821 if (tovpn_sid_index == 0 && !tovpn_sid_auto)
822 return;
823
824 /* check invalid case both configured index and auto */
825 if (tovpn_sid_index != 0 && tovpn_sid_auto) {
826 zlog_err("%s: index-mode and auto-mode both selected. ignored.",
827 __func__);
828 return;
829 }
830
831 tovpn_sid_locator = srv6_locator_chunk_alloc();
832 tovpn_sid = XCALLOC(MTYPE_BGP_SRV6_SID, sizeof(struct in6_addr));
833
834 tovpn_sid_transpose_label = alloc_new_sid(bgp_vpn, tovpn_sid_index,
835 tovpn_sid_locator, tovpn_sid);
836
837 if (tovpn_sid_transpose_label == 0) {
838 if (debug)
839 zlog_debug("%s: not allocated new sid for vrf %s",
840 __func__, bgp_vrf->name_pretty);
841 srv6_locator_chunk_free(&tovpn_sid_locator);
842 XFREE(MTYPE_BGP_SRV6_SID, tovpn_sid);
843 return;
844 }
845
846 if (debug)
847 zlog_debug("%s: new sid %pI6 allocated for vrf %s", __func__,
848 tovpn_sid, bgp_vrf->name_pretty);
849
850 bgp_vrf->tovpn_sid = tovpn_sid;
851 bgp_vrf->tovpn_sid_locator = tovpn_sid_locator;
852 bgp_vrf->tovpn_sid_transpose_label = tovpn_sid_transpose_label;
853 }
854
855 void ensure_vrf_tovpn_sid(struct bgp *bgp_vpn, struct bgp *bgp_vrf, afi_t afi)
856 {
857 /* per-af sid */
858 if (bgp_vrf->vpn_policy[afi].tovpn_sid_index != 0 ||
859 CHECK_FLAG(bgp_vrf->vpn_policy[afi].flags,
860 BGP_VPN_POLICY_TOVPN_SID_AUTO))
861 return ensure_vrf_tovpn_sid_per_af(bgp_vpn, bgp_vrf, afi);
862
863 /* per-vrf sid */
864 if (bgp_vrf->tovpn_sid_index != 0 ||
865 CHECK_FLAG(bgp_vrf->vrf_flags, BGP_VRF_TOVPN_SID_AUTO))
866 return ensure_vrf_tovpn_sid_per_vrf(bgp_vpn, bgp_vrf);
867 }
868
869 void delete_vrf_tovpn_sid_per_af(struct bgp *bgp_vpn, struct bgp *bgp_vrf,
870 afi_t afi)
871 {
872 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
873 uint32_t tovpn_sid_index = 0;
874 bool tovpn_sid_auto = false;
875
876 if (debug)
877 zlog_debug("%s: try to remove SID for vrf %s: afi %s", __func__,
878 bgp_vrf->name_pretty, afi2str(afi));
879
880 tovpn_sid_index = bgp_vrf->vpn_policy[afi].tovpn_sid_index;
881 tovpn_sid_auto = CHECK_FLAG(bgp_vrf->vpn_policy[afi].flags,
882 BGP_VPN_POLICY_TOVPN_SID_AUTO);
883
884 /* skip when VPN is configured on vrf-instance */
885 if (tovpn_sid_index != 0 || tovpn_sid_auto)
886 return;
887
888 srv6_locator_chunk_free(&bgp_vrf->vpn_policy[afi].tovpn_sid_locator);
889
890 if (bgp_vrf->vpn_policy[afi].tovpn_sid) {
891 sid_unregister(bgp_vpn, bgp_vrf->vpn_policy[afi].tovpn_sid);
892 XFREE(MTYPE_BGP_SRV6_SID, bgp_vrf->vpn_policy[afi].tovpn_sid);
893 }
894 bgp_vrf->vpn_policy[afi].tovpn_sid_transpose_label = 0;
895 }
896
897 void delete_vrf_tovpn_sid_per_vrf(struct bgp *bgp_vpn, struct bgp *bgp_vrf)
898 {
899 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
900 uint32_t tovpn_sid_index = 0;
901 bool tovpn_sid_auto = false;
902
903 if (debug)
904 zlog_debug("%s: try to remove SID for vrf %s", __func__,
905 bgp_vrf->name_pretty);
906
907 tovpn_sid_index = bgp_vrf->tovpn_sid_index;
908 tovpn_sid_auto =
909 CHECK_FLAG(bgp_vrf->vrf_flags, BGP_VPN_POLICY_TOVPN_SID_AUTO);
910
911 /* skip when VPN is configured on vrf-instance */
912 if (tovpn_sid_index != 0 || tovpn_sid_auto)
913 return;
914
915 srv6_locator_chunk_free(&bgp_vrf->tovpn_sid_locator);
916
917 if (bgp_vrf->tovpn_sid) {
918 sid_unregister(bgp_vpn, bgp_vrf->tovpn_sid);
919 XFREE(MTYPE_BGP_SRV6_SID, bgp_vrf->tovpn_sid);
920 }
921 bgp_vrf->tovpn_sid_transpose_label = 0;
922 }
923
924 void delete_vrf_tovpn_sid(struct bgp *bgp_vpn, struct bgp *bgp_vrf, afi_t afi)
925 {
926 delete_vrf_tovpn_sid_per_af(bgp_vpn, bgp_vrf, afi);
927 delete_vrf_tovpn_sid_per_vrf(bgp_vpn, bgp_vrf);
928 }
929
930 /*
931 * This function embeds upper `len` bits of `label` in `sid`,
932 * starting at offset `offset` as seen from the MSB of `sid`.
933 *
934 * e.g. Given that `label` is 0x12345 and `len` is 16,
935 * then `label` will be embedded in `sid` as follows:
936 *
937 * <---- len ----->
938 * label: 0001 0002 0003 0004 0005
939 * sid: .... 0001 0002 0003 0004
940 * <---- len ----->
941 * ^
942 * |
943 * offset from MSB
944 *
945 * e.g. Given that `label` is 0x12345 and `len` is 8,
946 * `label` will be embedded in `sid` as follows:
947 *
948 * <- len ->
949 * label: 0001 0002 0003 0004 0005
950 * sid: .... 0001 0002 0000 0000
951 * <- len ->
952 * ^
953 * |
954 * offset from MSB
955 */
956 void transpose_sid(struct in6_addr *sid, uint32_t label, uint8_t offset,
957 uint8_t len)
958 {
959 for (uint8_t idx = 0; idx < len; idx++) {
960 uint8_t tidx = offset + idx;
961 sid->s6_addr[tidx / 8] &= ~(0x1 << (7 - tidx % 8));
962 if (label >> (19 - idx) & 0x1)
963 sid->s6_addr[tidx / 8] |= 0x1 << (7 - tidx % 8);
964 }
965 }
966
967 static bool labels_same(struct bgp_path_info *bpi, mpls_label_t *label,
968 uint32_t n)
969 {
970 uint32_t i;
971
972 if (!bpi->extra) {
973 if (!n)
974 return true;
975 else
976 return false;
977 }
978
979 if (n != bpi->extra->num_labels)
980 return false;
981
982 for (i = 0; i < n; ++i) {
983 if (label[i] != bpi->extra->label[i])
984 return false;
985 }
986 return true;
987 }
988
989 /*
990 * make encoded route labels match specified encoded label set
991 */
992 static void setlabels(struct bgp_path_info *bpi,
993 mpls_label_t *label, /* array of labels */
994 uint32_t num_labels)
995 {
996 if (num_labels)
997 assert(label);
998 assert(num_labels <= BGP_MAX_LABELS);
999
1000 if (!num_labels) {
1001 if (bpi->extra)
1002 bpi->extra->num_labels = 0;
1003 return;
1004 }
1005
1006 struct bgp_path_info_extra *extra = bgp_path_info_extra_get(bpi);
1007 uint32_t i;
1008
1009 for (i = 0; i < num_labels; ++i) {
1010 extra->label[i] = label[i];
1011 if (!bgp_is_valid_label(&label[i])) {
1012 bgp_set_valid_label(&extra->label[i]);
1013 }
1014 }
1015 extra->num_labels = num_labels;
1016 }
1017
1018 /*
1019 * make encoded route SIDs match specified encoded sid set
1020 */
1021 static void setsids(struct bgp_path_info *bpi,
1022 struct in6_addr *sid,
1023 uint32_t num_sids)
1024 {
1025 uint32_t i;
1026 struct bgp_path_info_extra *extra;
1027
1028 if (num_sids)
1029 assert(sid);
1030 assert(num_sids <= BGP_MAX_SIDS);
1031
1032 if (!num_sids) {
1033 if (bpi->extra)
1034 bpi->extra->num_sids = 0;
1035 return;
1036 }
1037
1038 extra = bgp_path_info_extra_get(bpi);
1039 for (i = 0; i < num_sids; i++)
1040 memcpy(&extra->sid[i].sid, &sid[i], sizeof(struct in6_addr));
1041 extra->num_sids = num_sids;
1042 }
1043
1044 static void unsetsids(struct bgp_path_info *bpi)
1045 {
1046 struct bgp_path_info_extra *extra;
1047
1048 extra = bgp_path_info_extra_get(bpi);
1049 extra->num_sids = 0;
1050 memset(extra->sid, 0, sizeof(extra->sid));
1051 }
1052
1053 static bool leak_update_nexthop_valid(struct bgp *to_bgp, struct bgp_dest *bn,
1054 struct attr *new_attr, afi_t afi,
1055 safi_t safi,
1056 struct bgp_path_info *source_bpi,
1057 struct bgp_path_info *bpi,
1058 struct bgp *bgp_orig,
1059 const struct prefix *p, int debug)
1060 {
1061 struct bgp_path_info *bpi_ultimate;
1062 struct bgp *bgp_nexthop;
1063 struct bgp_table *table;
1064 bool nh_valid;
1065
1066 bpi_ultimate = bgp_get_imported_bpi_ultimate(source_bpi);
1067 table = bgp_dest_table(bpi_ultimate->net);
1068
1069 if (bpi->extra && bpi->extra->bgp_orig)
1070 bgp_nexthop = bpi->extra->bgp_orig;
1071 else
1072 bgp_nexthop = bgp_orig;
1073
1074 /*
1075 * No nexthop tracking for redistributed routes,
1076 * for static (i.e. coming from the bgp network statement or for
1077 * EVPN-imported routes that get leaked.
1078 */
1079 if (bpi_ultimate->sub_type == BGP_ROUTE_REDISTRIBUTE ||
1080 is_pi_family_evpn(bpi_ultimate))
1081 nh_valid = 1;
1082 else if (bpi_ultimate->type == ZEBRA_ROUTE_BGP &&
1083 bpi_ultimate->sub_type == BGP_ROUTE_STATIC && table &&
1084 (table->safi == SAFI_UNICAST ||
1085 table->safi == SAFI_LABELED_UNICAST)) {
1086 /* Routes from network statement */
1087 if (CHECK_FLAG(bgp_nexthop->flags, BGP_FLAG_IMPORT_CHECK))
1088 nh_valid = bgp_find_or_add_nexthop(
1089 to_bgp, bgp_nexthop, afi, safi, bpi_ultimate,
1090 NULL, 0, p);
1091 else
1092 nh_valid = 1;
1093 } else
1094 /*
1095 * TBD do we need to do anything about the
1096 * 'connected' parameter?
1097 */
1098 nh_valid = bgp_find_or_add_nexthop(to_bgp, bgp_nexthop, afi,
1099 safi, bpi, NULL, 0, p);
1100
1101 /*
1102 * If you are using SRv6 VPN instead of MPLS, it need to check
1103 * the SID allocation. If the sid is not allocated, the rib
1104 * will be invalid.
1105 */
1106 if (to_bgp->srv6_enabled &&
1107 (!new_attr->srv6_l3vpn && !new_attr->srv6_vpn)) {
1108 nh_valid = false;
1109 }
1110
1111 if (debug)
1112 zlog_debug("%s: %pFX nexthop is %svalid (in vrf %s)", __func__,
1113 p, (nh_valid ? "" : "not "),
1114 bgp_nexthop->name_pretty);
1115
1116 return nh_valid;
1117 }
1118
1119 /*
1120 * returns pointer to new bgp_path_info upon success
1121 */
1122 static struct bgp_path_info *
1123 leak_update(struct bgp *to_bgp, struct bgp_dest *bn,
1124 struct attr *new_attr, /* already interned */
1125 afi_t afi, safi_t safi, struct bgp_path_info *source_bpi,
1126 mpls_label_t *label, uint32_t num_labels, struct bgp *bgp_orig,
1127 struct prefix *nexthop_orig, int nexthop_self_flag, int debug)
1128 {
1129 const struct prefix *p = bgp_dest_get_prefix(bn);
1130 struct bgp_path_info *bpi;
1131 struct bgp_path_info *new;
1132 struct bgp_path_info_extra *extra;
1133 uint32_t num_sids = 0;
1134 void *parent = source_bpi;
1135
1136 if (new_attr->srv6_l3vpn || new_attr->srv6_vpn)
1137 num_sids = 1;
1138
1139 if (debug)
1140 zlog_debug(
1141 "%s: entry: leak-to=%s, p=%pBD, type=%d, sub_type=%d",
1142 __func__, to_bgp->name_pretty, bn, source_bpi->type,
1143 source_bpi->sub_type);
1144
1145 /*
1146 * Routes that are redistributed into BGP from zebra do not get
1147 * nexthop tracking. However, if those routes are subsequently
1148 * imported to other RIBs within BGP, the leaked routes do not
1149 * carry the original BGP_ROUTE_REDISTRIBUTE sub_type. Therefore,
1150 * in order to determine if the route we are currently leaking
1151 * should have nexthop tracking, we must find the ultimate
1152 * parent so we can check its sub_type.
1153 *
1154 * As of now, source_bpi may at most be a second-generation route
1155 * (only one hop back to ultimate parent for vrf-vpn-vrf scheme).
1156 * Using a loop here supports more complex intra-bgp import-export
1157 * schemes that could be implemented in the future.
1158 *
1159 */
1160
1161 /*
1162 * match parent
1163 */
1164 for (bpi = bgp_dest_get_bgp_path_info(bn); bpi; bpi = bpi->next) {
1165 if (bpi->extra && bpi->extra->parent == parent)
1166 break;
1167 }
1168
1169 if (bpi) {
1170 bool labelssame = labels_same(bpi, label, num_labels);
1171
1172 if (CHECK_FLAG(source_bpi->flags, BGP_PATH_REMOVED)
1173 && CHECK_FLAG(bpi->flags, BGP_PATH_REMOVED)) {
1174 if (debug) {
1175 zlog_debug(
1176 "%s: ->%s(s_flags: 0x%x b_flags: 0x%x): %pFX: Found route, being removed, not leaking",
1177 __func__, to_bgp->name_pretty,
1178 source_bpi->flags, bpi->flags, p);
1179 }
1180 return NULL;
1181 }
1182
1183 if (attrhash_cmp(bpi->attr, new_attr) && labelssame
1184 && !CHECK_FLAG(bpi->flags, BGP_PATH_REMOVED)) {
1185
1186 bgp_attr_unintern(&new_attr);
1187 if (debug)
1188 zlog_debug(
1189 "%s: ->%s: %pBD: Found route, no change",
1190 __func__, to_bgp->name_pretty, bn);
1191 return NULL;
1192 }
1193
1194 /* If the RT was changed via extended communities as an
1195 * import/export list, we should withdraw implicitly the old
1196 * path from VRFs.
1197 * For instance, RT list was modified using route-maps:
1198 * route-map test permit 10
1199 * set extcommunity rt none
1200 */
1201 if (CHECK_FLAG(bpi->attr->flag,
1202 ATTR_FLAG_BIT(BGP_ATTR_EXT_COMMUNITIES)) &&
1203 CHECK_FLAG(new_attr->flag,
1204 ATTR_FLAG_BIT(BGP_ATTR_EXT_COMMUNITIES))) {
1205 if (!ecommunity_cmp(
1206 bgp_attr_get_ecommunity(bpi->attr),
1207 bgp_attr_get_ecommunity(new_attr))) {
1208 vpn_leak_to_vrf_withdraw(to_bgp, bpi);
1209 bgp_aggregate_decrement(to_bgp, p, bpi, afi,
1210 safi);
1211 bgp_path_info_delete(bn, bpi);
1212 }
1213 }
1214
1215 /* attr is changed */
1216 bgp_path_info_set_flag(bn, bpi, BGP_PATH_ATTR_CHANGED);
1217
1218 /* Rewrite BGP route information. */
1219 if (CHECK_FLAG(bpi->flags, BGP_PATH_REMOVED))
1220 bgp_path_info_restore(bn, bpi);
1221 else
1222 bgp_aggregate_decrement(to_bgp, p, bpi, afi, safi);
1223 bgp_attr_unintern(&bpi->attr);
1224 bpi->attr = new_attr;
1225 bpi->uptime = monotime(NULL);
1226
1227 /*
1228 * rewrite labels
1229 */
1230 if (!labelssame)
1231 setlabels(bpi, label, num_labels);
1232
1233 /*
1234 * rewrite sid
1235 */
1236 if (num_sids) {
1237 if (new_attr->srv6_l3vpn) {
1238 setsids(bpi, &new_attr->srv6_l3vpn->sid,
1239 num_sids);
1240
1241 extra = bgp_path_info_extra_get(bpi);
1242
1243 extra->sid[0].loc_block_len =
1244 new_attr->srv6_l3vpn->loc_block_len;
1245 extra->sid[0].loc_node_len =
1246 new_attr->srv6_l3vpn->loc_node_len;
1247 extra->sid[0].func_len =
1248 new_attr->srv6_l3vpn->func_len;
1249 extra->sid[0].arg_len =
1250 new_attr->srv6_l3vpn->arg_len;
1251 extra->sid[0].transposition_len =
1252 new_attr->srv6_l3vpn->transposition_len;
1253 extra->sid[0].transposition_offset =
1254 new_attr->srv6_l3vpn
1255 ->transposition_offset;
1256 } else if (new_attr->srv6_vpn)
1257 setsids(bpi, &new_attr->srv6_vpn->sid,
1258 num_sids);
1259 } else
1260 unsetsids(bpi);
1261
1262 if (nexthop_self_flag)
1263 bgp_path_info_set_flag(bn, bpi, BGP_PATH_ANNC_NH_SELF);
1264
1265 if (CHECK_FLAG(source_bpi->flags, BGP_PATH_ACCEPT_OWN))
1266 bgp_path_info_set_flag(bn, bpi, BGP_PATH_ACCEPT_OWN);
1267
1268 if (leak_update_nexthop_valid(to_bgp, bn, new_attr, afi, safi,
1269 source_bpi, bpi, bgp_orig, p,
1270 debug))
1271 bgp_path_info_set_flag(bn, bpi, BGP_PATH_VALID);
1272 else
1273 bgp_path_info_unset_flag(bn, bpi, BGP_PATH_VALID);
1274
1275 /* Process change. */
1276 bgp_aggregate_increment(to_bgp, p, bpi, afi, safi);
1277 bgp_process(to_bgp, bn, afi, safi);
1278 bgp_dest_unlock_node(bn);
1279
1280 if (debug)
1281 zlog_debug("%s: ->%s: %pBD Found route, changed attr",
1282 __func__, to_bgp->name_pretty, bn);
1283
1284 return bpi;
1285 }
1286
1287 if (CHECK_FLAG(source_bpi->flags, BGP_PATH_REMOVED)) {
1288 if (debug) {
1289 zlog_debug(
1290 "%s: ->%s(s_flags: 0x%x): %pFX: New route, being removed, not leaking",
1291 __func__, to_bgp->name_pretty,
1292 source_bpi->flags, p);
1293 }
1294 return NULL;
1295 }
1296
1297 new = info_make(ZEBRA_ROUTE_BGP, BGP_ROUTE_IMPORTED, 0,
1298 to_bgp->peer_self, new_attr, bn);
1299
1300 if (source_bpi->peer) {
1301 extra = bgp_path_info_extra_get(new);
1302 extra->peer_orig = peer_lock(source_bpi->peer);
1303 }
1304
1305 if (nexthop_self_flag)
1306 bgp_path_info_set_flag(bn, new, BGP_PATH_ANNC_NH_SELF);
1307
1308 if (CHECK_FLAG(source_bpi->flags, BGP_PATH_ACCEPT_OWN))
1309 bgp_path_info_set_flag(bn, new, BGP_PATH_ACCEPT_OWN);
1310
1311 bgp_path_info_extra_get(new);
1312
1313 /*
1314 * rewrite sid
1315 */
1316 if (num_sids) {
1317 if (new_attr->srv6_l3vpn) {
1318 setsids(new, &new_attr->srv6_l3vpn->sid, num_sids);
1319
1320 extra = bgp_path_info_extra_get(new);
1321
1322 extra->sid[0].loc_block_len =
1323 new_attr->srv6_l3vpn->loc_block_len;
1324 extra->sid[0].loc_node_len =
1325 new_attr->srv6_l3vpn->loc_node_len;
1326 extra->sid[0].func_len = new_attr->srv6_l3vpn->func_len;
1327 extra->sid[0].arg_len = new_attr->srv6_l3vpn->arg_len;
1328 extra->sid[0].transposition_len =
1329 new_attr->srv6_l3vpn->transposition_len;
1330 extra->sid[0].transposition_offset =
1331 new_attr->srv6_l3vpn->transposition_offset;
1332 } else if (new_attr->srv6_vpn)
1333 setsids(new, &new_attr->srv6_vpn->sid, num_sids);
1334 } else
1335 unsetsids(new);
1336
1337 if (num_labels)
1338 setlabels(new, label, num_labels);
1339
1340 new->extra->parent = bgp_path_info_lock(parent);
1341 bgp_dest_lock_node(
1342 (struct bgp_dest *)((struct bgp_path_info *)parent)->net);
1343 if (bgp_orig)
1344 new->extra->bgp_orig = bgp_lock(bgp_orig);
1345 if (nexthop_orig)
1346 new->extra->nexthop_orig = *nexthop_orig;
1347
1348 if (leak_update_nexthop_valid(to_bgp, bn, new_attr, afi, safi,
1349 source_bpi, new, bgp_orig, p, debug))
1350 bgp_path_info_set_flag(bn, new, BGP_PATH_VALID);
1351 else
1352 bgp_path_info_unset_flag(bn, new, BGP_PATH_VALID);
1353
1354 bgp_aggregate_increment(to_bgp, p, new, afi, safi);
1355 bgp_path_info_add(bn, new);
1356
1357 bgp_dest_unlock_node(bn);
1358 bgp_process(to_bgp, bn, afi, safi);
1359
1360 if (debug)
1361 zlog_debug("%s: ->%s: %pBD: Added new route", __func__,
1362 to_bgp->name_pretty, bn);
1363
1364 return new;
1365 }
1366
1367 /* cf vnc_import_bgp_add_route_mode_nvegroup() and add_vnc_route() */
1368 void vpn_leak_from_vrf_update(struct bgp *to_bgp, /* to */
1369 struct bgp *from_bgp, /* from */
1370 struct bgp_path_info *path_vrf) /* route */
1371 {
1372 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
1373 const struct prefix *p = bgp_dest_get_prefix(path_vrf->net);
1374 afi_t afi = family2afi(p->family);
1375 struct attr static_attr = {0};
1376 struct attr *new_attr = NULL;
1377 safi_t safi = SAFI_MPLS_VPN;
1378 mpls_label_t label_val;
1379 mpls_label_t label;
1380 struct bgp_dest *bn;
1381 const char *debugmsg;
1382 int nexthop_self_flag = 0;
1383
1384 if (debug)
1385 zlog_debug("%s: from vrf %s", __func__, from_bgp->name_pretty);
1386
1387 if (debug && bgp_attr_get_ecommunity(path_vrf->attr)) {
1388 char *s = ecommunity_ecom2str(
1389 bgp_attr_get_ecommunity(path_vrf->attr),
1390 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
1391
1392 zlog_debug("%s: %s path_vrf->type=%d, EC{%s}", __func__,
1393 from_bgp->name, path_vrf->type, s);
1394 XFREE(MTYPE_ECOMMUNITY_STR, s);
1395 }
1396
1397 if (!to_bgp)
1398 return;
1399
1400 if (!afi) {
1401 if (debug)
1402 zlog_debug("%s: can't get afi of prefix", __func__);
1403 return;
1404 }
1405
1406 /* Is this route exportable into the VPN table? */
1407 if (!is_route_injectable_into_vpn(path_vrf))
1408 return;
1409
1410 if (!vpn_leak_to_vpn_active(from_bgp, afi, &debugmsg)) {
1411 if (debug)
1412 zlog_debug("%s: %s skipping: %s", __func__,
1413 from_bgp->name, debugmsg);
1414 return;
1415 }
1416
1417 /* shallow copy */
1418 static_attr = *path_vrf->attr;
1419
1420 /*
1421 * route map handling
1422 */
1423 if (from_bgp->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_TOVPN]) {
1424 struct bgp_path_info info;
1425 route_map_result_t ret;
1426
1427 memset(&info, 0, sizeof(info));
1428 info.peer = to_bgp->peer_self;
1429 info.attr = &static_attr;
1430 ret = route_map_apply(from_bgp->vpn_policy[afi]
1431 .rmap[BGP_VPN_POLICY_DIR_TOVPN],
1432 p, &info);
1433 if (RMAP_DENYMATCH == ret) {
1434 bgp_attr_flush(&static_attr); /* free any added parts */
1435 if (debug)
1436 zlog_debug(
1437 "%s: vrf %s route map \"%s\" says DENY, returning",
1438 __func__, from_bgp->name_pretty,
1439 from_bgp->vpn_policy[afi]
1440 .rmap[BGP_VPN_POLICY_DIR_TOVPN]
1441 ->name);
1442 return;
1443 }
1444 }
1445
1446 if (debug && bgp_attr_get_ecommunity(&static_attr)) {
1447 char *s = ecommunity_ecom2str(
1448 bgp_attr_get_ecommunity(&static_attr),
1449 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
1450
1451 zlog_debug("%s: post route map static_attr.ecommunity{%s}",
1452 __func__, s);
1453 XFREE(MTYPE_ECOMMUNITY_STR, s);
1454 }
1455
1456 /*
1457 * Add the vpn-policy rt-list
1458 */
1459 struct ecommunity *old_ecom;
1460 struct ecommunity *new_ecom;
1461
1462 /* Export with the 'from' instance's export RTs. */
1463 /* If doing VRF-to-VRF leaking, strip existing RTs first. */
1464 old_ecom = bgp_attr_get_ecommunity(&static_attr);
1465 if (old_ecom) {
1466 new_ecom = ecommunity_dup(old_ecom);
1467 if (CHECK_FLAG(from_bgp->af_flags[afi][SAFI_UNICAST],
1468 BGP_CONFIG_VRF_TO_VRF_EXPORT))
1469 ecommunity_strip_rts(new_ecom);
1470 new_ecom = ecommunity_merge(
1471 new_ecom, from_bgp->vpn_policy[afi]
1472 .rtlist[BGP_VPN_POLICY_DIR_TOVPN]);
1473 if (!old_ecom->refcnt)
1474 ecommunity_free(&old_ecom);
1475 } else {
1476 new_ecom = ecommunity_dup(
1477 from_bgp->vpn_policy[afi]
1478 .rtlist[BGP_VPN_POLICY_DIR_TOVPN]);
1479 }
1480 bgp_attr_set_ecommunity(&static_attr, new_ecom);
1481
1482 if (debug && bgp_attr_get_ecommunity(&static_attr)) {
1483 char *s = ecommunity_ecom2str(
1484 bgp_attr_get_ecommunity(&static_attr),
1485 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
1486
1487 zlog_debug("%s: post merge static_attr.ecommunity{%s}",
1488 __func__, s);
1489 XFREE(MTYPE_ECOMMUNITY_STR, s);
1490 }
1491
1492 community_strip_accept_own(&static_attr);
1493
1494 /* Nexthop */
1495 /* if policy nexthop not set, use 0 */
1496 if (CHECK_FLAG(from_bgp->vpn_policy[afi].flags,
1497 BGP_VPN_POLICY_TOVPN_NEXTHOP_SET)) {
1498 struct prefix *nexthop =
1499 &from_bgp->vpn_policy[afi].tovpn_nexthop;
1500
1501 switch (nexthop->family) {
1502 case AF_INET:
1503 /* prevent mp_nexthop_global_in <- self in bgp_route.c
1504 */
1505 static_attr.nexthop.s_addr = nexthop->u.prefix4.s_addr;
1506
1507 static_attr.mp_nexthop_global_in = nexthop->u.prefix4;
1508 static_attr.mp_nexthop_len = BGP_ATTR_NHLEN_IPV4;
1509 break;
1510
1511 case AF_INET6:
1512 static_attr.mp_nexthop_global = nexthop->u.prefix6;
1513 static_attr.mp_nexthop_len = BGP_ATTR_NHLEN_IPV6_GLOBAL;
1514 break;
1515
1516 default:
1517 assert(0);
1518 }
1519 } else {
1520 if (!CHECK_FLAG(from_bgp->af_flags[afi][SAFI_UNICAST],
1521 BGP_CONFIG_VRF_TO_VRF_EXPORT)) {
1522 if (afi == AFI_IP &&
1523 !BGP_ATTR_NEXTHOP_AFI_IP6(path_vrf->attr)) {
1524 /*
1525 * For ipv4, copy to multiprotocol
1526 * nexthop field
1527 */
1528 static_attr.mp_nexthop_global_in =
1529 static_attr.nexthop;
1530 static_attr.mp_nexthop_len =
1531 BGP_ATTR_NHLEN_IPV4;
1532 /*
1533 * XXX Leave static_attr.nexthop
1534 * intact for NHT
1535 */
1536 static_attr.flag &=
1537 ~ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP);
1538 }
1539 } else {
1540 /* Update based on next-hop family to account for
1541 * RFC 5549 (BGP unnumbered) scenario. Note that
1542 * specific action is only needed for the case of
1543 * IPv4 nexthops as the attr has been copied
1544 * otherwise.
1545 */
1546 if (afi == AFI_IP
1547 && !BGP_ATTR_NEXTHOP_AFI_IP6(path_vrf->attr)) {
1548 static_attr.mp_nexthop_global_in.s_addr =
1549 static_attr.nexthop.s_addr;
1550 static_attr.mp_nexthop_len =
1551 BGP_ATTR_NHLEN_IPV4;
1552 static_attr.flag |=
1553 ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP);
1554 }
1555 }
1556 nexthop_self_flag = 1;
1557 }
1558
1559 label_val = from_bgp->vpn_policy[afi].tovpn_label;
1560 if (label_val == MPLS_LABEL_NONE) {
1561 encode_label(MPLS_LABEL_IMPLICIT_NULL, &label);
1562 } else {
1563 encode_label(label_val, &label);
1564 }
1565
1566 /* Set originator ID to "me" */
1567 SET_FLAG(static_attr.flag, ATTR_FLAG_BIT(BGP_ATTR_ORIGINATOR_ID));
1568 static_attr.originator_id = to_bgp->router_id;
1569
1570 /* Set SID for SRv6 VPN */
1571 if (from_bgp->vpn_policy[afi].tovpn_sid_locator) {
1572 struct srv6_locator_chunk *locator =
1573 from_bgp->vpn_policy[afi].tovpn_sid_locator;
1574 encode_label(
1575 from_bgp->vpn_policy[afi].tovpn_sid_transpose_label,
1576 &label);
1577 static_attr.srv6_l3vpn = XCALLOC(MTYPE_BGP_SRV6_L3VPN,
1578 sizeof(struct bgp_attr_srv6_l3vpn));
1579 static_attr.srv6_l3vpn->sid_flags = 0x00;
1580 static_attr.srv6_l3vpn->endpoint_behavior =
1581 afi == AFI_IP
1582 ? (CHECK_FLAG(locator->flags, SRV6_LOCATOR_USID)
1583 ? SRV6_ENDPOINT_BEHAVIOR_END_DT4_USID
1584 : SRV6_ENDPOINT_BEHAVIOR_END_DT4)
1585 : (CHECK_FLAG(locator->flags, SRV6_LOCATOR_USID)
1586 ? SRV6_ENDPOINT_BEHAVIOR_END_DT6_USID
1587 : SRV6_ENDPOINT_BEHAVIOR_END_DT6);
1588 static_attr.srv6_l3vpn->loc_block_len =
1589 from_bgp->vpn_policy[afi]
1590 .tovpn_sid_locator->block_bits_length;
1591 static_attr.srv6_l3vpn->loc_node_len =
1592 from_bgp->vpn_policy[afi]
1593 .tovpn_sid_locator->node_bits_length;
1594 static_attr.srv6_l3vpn->func_len =
1595 from_bgp->vpn_policy[afi]
1596 .tovpn_sid_locator->function_bits_length;
1597 static_attr.srv6_l3vpn->arg_len =
1598 from_bgp->vpn_policy[afi]
1599 .tovpn_sid_locator->argument_bits_length;
1600 static_attr.srv6_l3vpn->transposition_len =
1601 from_bgp->vpn_policy[afi]
1602 .tovpn_sid_locator->function_bits_length;
1603 static_attr.srv6_l3vpn->transposition_offset =
1604 from_bgp->vpn_policy[afi]
1605 .tovpn_sid_locator->block_bits_length +
1606 from_bgp->vpn_policy[afi]
1607 .tovpn_sid_locator->node_bits_length;
1608 ;
1609 memcpy(&static_attr.srv6_l3vpn->sid,
1610 &from_bgp->vpn_policy[afi]
1611 .tovpn_sid_locator->prefix.prefix,
1612 sizeof(struct in6_addr));
1613 } else if (from_bgp->tovpn_sid_locator) {
1614 struct srv6_locator_chunk *locator =
1615 from_bgp->tovpn_sid_locator;
1616 encode_label(from_bgp->tovpn_sid_transpose_label, &label);
1617 static_attr.srv6_l3vpn =
1618 XCALLOC(MTYPE_BGP_SRV6_L3VPN,
1619 sizeof(struct bgp_attr_srv6_l3vpn));
1620 static_attr.srv6_l3vpn->sid_flags = 0x00;
1621 static_attr.srv6_l3vpn->endpoint_behavior =
1622 CHECK_FLAG(locator->flags, SRV6_LOCATOR_USID)
1623 ? SRV6_ENDPOINT_BEHAVIOR_END_DT46_USID
1624 : SRV6_ENDPOINT_BEHAVIOR_END_DT46;
1625 static_attr.srv6_l3vpn->loc_block_len =
1626 from_bgp->tovpn_sid_locator->block_bits_length;
1627 static_attr.srv6_l3vpn->loc_node_len =
1628 from_bgp->tovpn_sid_locator->node_bits_length;
1629 static_attr.srv6_l3vpn->func_len =
1630 from_bgp->tovpn_sid_locator->function_bits_length;
1631 static_attr.srv6_l3vpn->arg_len =
1632 from_bgp->tovpn_sid_locator->argument_bits_length;
1633 static_attr.srv6_l3vpn->transposition_len =
1634 from_bgp->tovpn_sid_locator->function_bits_length;
1635 static_attr.srv6_l3vpn->transposition_offset =
1636 from_bgp->tovpn_sid_locator->block_bits_length +
1637 from_bgp->tovpn_sid_locator->node_bits_length;
1638 memcpy(&static_attr.srv6_l3vpn->sid,
1639 &from_bgp->tovpn_sid_locator->prefix.prefix,
1640 sizeof(struct in6_addr));
1641 }
1642
1643
1644 new_attr = bgp_attr_intern(
1645 &static_attr); /* hashed refcounted everything */
1646 bgp_attr_flush(&static_attr); /* free locally-allocated parts */
1647
1648 if (debug && bgp_attr_get_ecommunity(new_attr)) {
1649 char *s = ecommunity_ecom2str(bgp_attr_get_ecommunity(new_attr),
1650 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
1651
1652 zlog_debug("%s: new_attr->ecommunity{%s}", __func__, s);
1653 XFREE(MTYPE_ECOMMUNITY_STR, s);
1654 }
1655
1656 /* Now new_attr is an allocated interned attr */
1657
1658 bn = bgp_afi_node_get(to_bgp->rib[afi][safi], afi, safi, p,
1659 &(from_bgp->vpn_policy[afi].tovpn_rd));
1660
1661 struct bgp_path_info *new_info;
1662
1663 new_info =
1664 leak_update(to_bgp, bn, new_attr, afi, safi, path_vrf, &label,
1665 1, from_bgp, NULL, nexthop_self_flag, debug);
1666
1667 /*
1668 * Routes actually installed in the vpn RIB must also be
1669 * offered to all vrfs (because now they originate from
1670 * the vpn RIB).
1671 *
1672 * Acceptance into other vrfs depends on rt-lists.
1673 * Originating vrf will not accept the looped back route
1674 * because of loop checking.
1675 */
1676 if (new_info)
1677 vpn_leak_to_vrf_update(from_bgp, new_info, NULL);
1678 }
1679
1680 void vpn_leak_from_vrf_withdraw(struct bgp *to_bgp, /* to */
1681 struct bgp *from_bgp, /* from */
1682 struct bgp_path_info *path_vrf) /* route */
1683 {
1684 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
1685 const struct prefix *p = bgp_dest_get_prefix(path_vrf->net);
1686 afi_t afi = family2afi(p->family);
1687 safi_t safi = SAFI_MPLS_VPN;
1688 struct bgp_path_info *bpi;
1689 struct bgp_dest *bn;
1690 const char *debugmsg;
1691
1692 if (debug) {
1693 zlog_debug(
1694 "%s: entry: leak-from=%s, p=%pBD, type=%d, sub_type=%d",
1695 __func__, from_bgp->name_pretty, path_vrf->net,
1696 path_vrf->type, path_vrf->sub_type);
1697 }
1698
1699 if (!to_bgp)
1700 return;
1701
1702 if (!afi) {
1703 if (debug)
1704 zlog_debug("%s: can't get afi of prefix", __func__);
1705 return;
1706 }
1707
1708 /* Is this route exportable into the VPN table? */
1709 if (!is_route_injectable_into_vpn(path_vrf))
1710 return;
1711
1712 if (!vpn_leak_to_vpn_active(from_bgp, afi, &debugmsg)) {
1713 if (debug)
1714 zlog_debug("%s: skipping: %s", __func__, debugmsg);
1715 return;
1716 }
1717
1718 if (debug)
1719 zlog_debug("%s: withdrawing (path_vrf=%p)", __func__, path_vrf);
1720
1721 bn = bgp_afi_node_get(to_bgp->rib[afi][safi], afi, safi, p,
1722 &(from_bgp->vpn_policy[afi].tovpn_rd));
1723
1724 if (!bn)
1725 return;
1726 /*
1727 * vrf -> vpn
1728 * match original bpi imported from
1729 */
1730 for (bpi = bgp_dest_get_bgp_path_info(bn); bpi; bpi = bpi->next) {
1731 if (bpi->extra && bpi->extra->parent == path_vrf) {
1732 break;
1733 }
1734 }
1735
1736 if (bpi) {
1737 /* withdraw from looped vrfs as well */
1738 vpn_leak_to_vrf_withdraw(to_bgp, bpi);
1739
1740 bgp_aggregate_decrement(to_bgp, p, bpi, afi, safi);
1741 bgp_path_info_delete(bn, bpi);
1742 bgp_process(to_bgp, bn, afi, safi);
1743 }
1744 bgp_dest_unlock_node(bn);
1745 }
1746
1747 void vpn_leak_from_vrf_withdraw_all(struct bgp *to_bgp, struct bgp *from_bgp,
1748 afi_t afi)
1749 {
1750 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
1751 struct bgp_dest *pdest;
1752 safi_t safi = SAFI_MPLS_VPN;
1753
1754 /*
1755 * Walk vpn table, delete bpi with bgp_orig == from_bgp
1756 */
1757 for (pdest = bgp_table_top(to_bgp->rib[afi][safi]); pdest;
1758 pdest = bgp_route_next(pdest)) {
1759
1760 struct bgp_table *table;
1761 struct bgp_dest *bn;
1762 struct bgp_path_info *bpi;
1763
1764 /* This is the per-RD table of prefixes */
1765 table = bgp_dest_get_bgp_table_info(pdest);
1766
1767 if (!table)
1768 continue;
1769
1770 for (bn = bgp_table_top(table); bn; bn = bgp_route_next(bn)) {
1771 bpi = bgp_dest_get_bgp_path_info(bn);
1772 if (debug && bpi) {
1773 zlog_debug("%s: looking at prefix %pBD",
1774 __func__, bn);
1775 }
1776
1777 for (; bpi; bpi = bpi->next) {
1778 if (debug)
1779 zlog_debug("%s: type %d, sub_type %d",
1780 __func__, bpi->type,
1781 bpi->sub_type);
1782 if (bpi->sub_type != BGP_ROUTE_IMPORTED)
1783 continue;
1784 if (!bpi->extra)
1785 continue;
1786 if ((struct bgp *)bpi->extra->bgp_orig ==
1787 from_bgp) {
1788 /* delete route */
1789 if (debug)
1790 zlog_debug("%s: deleting it",
1791 __func__);
1792 /* withdraw from leak-to vrfs as well */
1793 vpn_leak_to_vrf_withdraw(to_bgp, bpi);
1794 bgp_aggregate_decrement(
1795 to_bgp, bgp_dest_get_prefix(bn),
1796 bpi, afi, safi);
1797 bgp_path_info_delete(bn, bpi);
1798 bgp_process(to_bgp, bn, afi, safi);
1799 }
1800 }
1801 }
1802 }
1803 }
1804
1805 void vpn_leak_from_vrf_update_all(struct bgp *to_bgp, struct bgp *from_bgp,
1806 afi_t afi)
1807 {
1808 struct bgp_dest *bn;
1809 struct bgp_path_info *bpi;
1810 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
1811
1812 if (debug)
1813 zlog_debug("%s: entry, afi=%d, vrf=%s", __func__, afi,
1814 from_bgp->name_pretty);
1815
1816 for (bn = bgp_table_top(from_bgp->rib[afi][SAFI_UNICAST]); bn;
1817 bn = bgp_route_next(bn)) {
1818
1819 if (debug)
1820 zlog_debug("%s: node=%p", __func__, bn);
1821
1822 for (bpi = bgp_dest_get_bgp_path_info(bn); bpi;
1823 bpi = bpi->next) {
1824 if (debug)
1825 zlog_debug(
1826 "%s: calling vpn_leak_from_vrf_update",
1827 __func__);
1828 vpn_leak_from_vrf_update(to_bgp, from_bgp, bpi);
1829 }
1830 }
1831 }
1832
1833 static struct bgp *bgp_lookup_by_rd(struct bgp_path_info *bpi,
1834 struct prefix_rd *rd, afi_t afi)
1835 {
1836 struct listnode *node, *nnode;
1837 struct bgp *bgp;
1838
1839 if (!rd)
1840 return NULL;
1841
1842 /* If ACCEPT_OWN is not enabled for this path - return. */
1843 if (!CHECK_FLAG(bpi->flags, BGP_PATH_ACCEPT_OWN))
1844 return NULL;
1845
1846 for (ALL_LIST_ELEMENTS(bm->bgp, node, nnode, bgp)) {
1847 if (bgp->inst_type != BGP_INSTANCE_TYPE_VRF)
1848 continue;
1849
1850 if (!CHECK_FLAG(bgp->vpn_policy[afi].flags,
1851 BGP_VPN_POLICY_TOVPN_RD_SET))
1852 continue;
1853
1854 /* Check if we have source VRF by RD value */
1855 if (memcmp(&bgp->vpn_policy[afi].tovpn_rd.val, rd->val,
1856 ECOMMUNITY_SIZE) == 0)
1857 return bgp;
1858 }
1859
1860 return NULL;
1861 }
1862
1863 static bool vpn_leak_to_vrf_update_onevrf(struct bgp *to_bgp, /* to */
1864 struct bgp *from_bgp, /* from */
1865 struct bgp_path_info *path_vpn,
1866 struct prefix_rd *prd)
1867 {
1868 const struct prefix *p = bgp_dest_get_prefix(path_vpn->net);
1869 afi_t afi = family2afi(p->family);
1870
1871 struct attr static_attr = {0};
1872 struct attr *new_attr = NULL;
1873 struct bgp_dest *bn;
1874 safi_t safi = SAFI_UNICAST;
1875 const char *debugmsg;
1876 struct prefix nexthop_orig;
1877 mpls_label_t *pLabels = NULL;
1878 uint32_t num_labels = 0;
1879 int nexthop_self_flag = 1;
1880 struct bgp_path_info *bpi_ultimate = NULL;
1881 int origin_local = 0;
1882 struct bgp *src_vrf;
1883
1884 int debug = BGP_DEBUG(vpn, VPN_LEAK_TO_VRF);
1885
1886 /*
1887 * For VRF-2-VRF route-leaking,
1888 * the source will be the originating VRF.
1889 *
1890 * If ACCEPT_OWN mechanism is enabled, then we SHOULD(?)
1891 * get the source VRF (BGP) by looking at the RD.
1892 */
1893 struct bgp *src_bgp = bgp_lookup_by_rd(path_vpn, prd, afi);
1894
1895 if (path_vpn->extra && path_vpn->extra->bgp_orig)
1896 src_vrf = path_vpn->extra->bgp_orig;
1897 else if (src_bgp)
1898 src_vrf = src_bgp;
1899 else
1900 src_vrf = from_bgp;
1901
1902 bn = bgp_afi_node_get(to_bgp->rib[afi][safi], afi, safi, p, NULL);
1903
1904 if (!vpn_leak_from_vpn_active(to_bgp, afi, &debugmsg)) {
1905 if (debug)
1906 zlog_debug("%s: skipping: %s", __func__, debugmsg);
1907 return false;
1908 }
1909
1910 /* Check for intersection of route targets */
1911 if (!ecommunity_include(
1912 to_bgp->vpn_policy[afi].rtlist[BGP_VPN_POLICY_DIR_FROMVPN],
1913 bgp_attr_get_ecommunity(path_vpn->attr))) {
1914 if (debug)
1915 zlog_debug(
1916 "from vpn (%s) to vrf (%s), skipping after no intersection of route targets",
1917 from_bgp->name_pretty, to_bgp->name_pretty);
1918 return false;
1919 }
1920
1921 /* A route MUST NOT ever be accepted back into its source VRF, even if
1922 * it carries one or more RTs that match that VRF.
1923 */
1924 if (prd && memcmp(&prd->val, &to_bgp->vpn_policy[afi].tovpn_rd.val,
1925 ECOMMUNITY_SIZE) == 0) {
1926 if (debug)
1927 zlog_debug(
1928 "%s: skipping import, match RD (%pRD) of src VRF (%s) and the prefix (%pFX)",
1929 __func__, prd, to_bgp->name_pretty, p);
1930
1931 return false;
1932 }
1933
1934 if (debug)
1935 zlog_debug("%s: updating RD %pRD, %pFX to vrf %s", __func__,
1936 prd, p, to_bgp->name_pretty);
1937
1938 /* shallow copy */
1939 static_attr = *path_vpn->attr;
1940
1941 struct ecommunity *old_ecom;
1942 struct ecommunity *new_ecom;
1943
1944 /* If doing VRF-to-VRF leaking, strip RTs. */
1945 old_ecom = bgp_attr_get_ecommunity(&static_attr);
1946 if (old_ecom && CHECK_FLAG(to_bgp->af_flags[afi][safi],
1947 BGP_CONFIG_VRF_TO_VRF_IMPORT)) {
1948 new_ecom = ecommunity_dup(old_ecom);
1949 ecommunity_strip_rts(new_ecom);
1950 bgp_attr_set_ecommunity(&static_attr, new_ecom);
1951
1952 if (new_ecom->size == 0) {
1953 ecommunity_free(&new_ecom);
1954 bgp_attr_set_ecommunity(&static_attr, NULL);
1955 }
1956
1957 if (!old_ecom->refcnt)
1958 ecommunity_free(&old_ecom);
1959 }
1960
1961 community_strip_accept_own(&static_attr);
1962
1963 /*
1964 * Nexthop: stash and clear
1965 *
1966 * Nexthop is valid in context of VPN core, but not in destination vrf.
1967 * Stash it for later label resolution by vrf ingress path and then
1968 * overwrite with 0, i.e., "me", for the sake of vrf advertisement.
1969 */
1970 uint8_t nhfamily = NEXTHOP_FAMILY(path_vpn->attr->mp_nexthop_len);
1971
1972 memset(&nexthop_orig, 0, sizeof(nexthop_orig));
1973 nexthop_orig.family = nhfamily;
1974
1975 switch (nhfamily) {
1976 case AF_INET:
1977 /* save */
1978 nexthop_orig.u.prefix4 = path_vpn->attr->mp_nexthop_global_in;
1979 nexthop_orig.prefixlen = IPV4_MAX_BITLEN;
1980
1981 if (CHECK_FLAG(to_bgp->af_flags[afi][safi],
1982 BGP_CONFIG_VRF_TO_VRF_IMPORT)) {
1983 static_attr.nexthop.s_addr =
1984 nexthop_orig.u.prefix4.s_addr;
1985
1986 static_attr.mp_nexthop_global_in =
1987 path_vpn->attr->mp_nexthop_global_in;
1988 static_attr.mp_nexthop_len =
1989 path_vpn->attr->mp_nexthop_len;
1990 }
1991 static_attr.flag |= ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP);
1992 break;
1993 case AF_INET6:
1994 /* save */
1995 nexthop_orig.u.prefix6 = path_vpn->attr->mp_nexthop_global;
1996 nexthop_orig.prefixlen = IPV6_MAX_BITLEN;
1997
1998 if (CHECK_FLAG(to_bgp->af_flags[afi][safi],
1999 BGP_CONFIG_VRF_TO_VRF_IMPORT)) {
2000 static_attr.mp_nexthop_global = nexthop_orig.u.prefix6;
2001 }
2002 break;
2003 }
2004
2005 /*
2006 * route map handling
2007 */
2008 if (to_bgp->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_FROMVPN]) {
2009 struct bgp_path_info info;
2010 route_map_result_t ret;
2011
2012 memset(&info, 0, sizeof(info));
2013 info.peer = to_bgp->peer_self;
2014 info.attr = &static_attr;
2015 info.extra = path_vpn->extra; /* Used for source-vrf filter */
2016 ret = route_map_apply(to_bgp->vpn_policy[afi]
2017 .rmap[BGP_VPN_POLICY_DIR_FROMVPN],
2018 p, &info);
2019 if (RMAP_DENYMATCH == ret) {
2020 bgp_attr_flush(&static_attr); /* free any added parts */
2021 if (debug)
2022 zlog_debug(
2023 "%s: vrf %s vpn-policy route map \"%s\" says DENY, returning",
2024 __func__, to_bgp->name_pretty,
2025 to_bgp->vpn_policy[afi]
2026 .rmap[BGP_VPN_POLICY_DIR_FROMVPN]
2027 ->name);
2028 return false;
2029 }
2030 /*
2031 * if route-map changed nexthop, don't nexthop-self on output
2032 */
2033 if (!CHECK_FLAG(static_attr.rmap_change_flags,
2034 BATTR_RMAP_NEXTHOP_UNCHANGED))
2035 nexthop_self_flag = 0;
2036 }
2037
2038 new_attr = bgp_attr_intern(&static_attr);
2039 bgp_attr_flush(&static_attr);
2040
2041 bn = bgp_afi_node_get(to_bgp->rib[afi][safi], afi, safi, p, NULL);
2042
2043 /*
2044 * ensure labels are copied
2045 *
2046 * However, there is a special case: if the route originated in
2047 * another local VRF (as opposed to arriving via VPN), then the
2048 * nexthop is reached by hairpinning through this router (me)
2049 * using IP forwarding only (no LSP). Therefore, the route
2050 * imported to the VRF should not have labels attached. Note
2051 * that nexthop tracking is also involved: eliminating the
2052 * labels for these routes enables the non-labeled nexthops
2053 * from the originating VRF to be considered valid for this route.
2054 */
2055 if (!CHECK_FLAG(to_bgp->af_flags[afi][safi],
2056 BGP_CONFIG_VRF_TO_VRF_IMPORT)) {
2057 /* work back to original route */
2058 bpi_ultimate = bgp_get_imported_bpi_ultimate(path_vpn);
2059
2060 /*
2061 * if original route was unicast,
2062 * then it did not arrive over vpn
2063 */
2064 if (bpi_ultimate->net) {
2065 struct bgp_table *table;
2066
2067 table = bgp_dest_table(bpi_ultimate->net);
2068 if (table && (table->safi == SAFI_UNICAST))
2069 origin_local = 1;
2070 }
2071
2072 /* copy labels */
2073 if (!origin_local && path_vpn->extra
2074 && path_vpn->extra->num_labels) {
2075 num_labels = path_vpn->extra->num_labels;
2076 if (num_labels > BGP_MAX_LABELS)
2077 num_labels = BGP_MAX_LABELS;
2078 pLabels = path_vpn->extra->label;
2079 }
2080 }
2081
2082 if (debug)
2083 zlog_debug("%s: pfx %pBD: num_labels %d", __func__,
2084 path_vpn->net, num_labels);
2085
2086 leak_update(to_bgp, bn, new_attr, afi, safi, path_vpn, pLabels,
2087 num_labels, src_vrf, &nexthop_orig, nexthop_self_flag,
2088 debug);
2089 return true;
2090 }
2091
2092 bool vpn_leak_to_vrf_update(struct bgp *from_bgp,
2093 struct bgp_path_info *path_vpn,
2094 struct prefix_rd *prd)
2095 {
2096 struct listnode *mnode, *mnnode;
2097 struct bgp *bgp;
2098 bool leak_success = false;
2099
2100 int debug = BGP_DEBUG(vpn, VPN_LEAK_TO_VRF);
2101
2102 if (debug)
2103 zlog_debug("%s: start (path_vpn=%p)", __func__, path_vpn);
2104
2105 /* Loop over VRFs */
2106 for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp)) {
2107
2108 if (!path_vpn->extra
2109 || path_vpn->extra->bgp_orig != bgp) { /* no loop */
2110 leak_success |= vpn_leak_to_vrf_update_onevrf(
2111 bgp, from_bgp, path_vpn, prd);
2112 }
2113 }
2114 return leak_success;
2115 }
2116
2117 void vpn_leak_to_vrf_withdraw(struct bgp *from_bgp, /* from */
2118 struct bgp_path_info *path_vpn) /* route */
2119 {
2120 const struct prefix *p;
2121 afi_t afi;
2122 safi_t safi = SAFI_UNICAST;
2123 struct bgp *bgp;
2124 struct listnode *mnode, *mnnode;
2125 struct bgp_dest *bn;
2126 struct bgp_path_info *bpi;
2127 const char *debugmsg;
2128
2129 int debug = BGP_DEBUG(vpn, VPN_LEAK_TO_VRF);
2130
2131 if (debug)
2132 zlog_debug("%s: entry: p=%pBD, type=%d, sub_type=%d", __func__,
2133 path_vpn->net, path_vpn->type, path_vpn->sub_type);
2134
2135 if (debug)
2136 zlog_debug("%s: start (path_vpn=%p)", __func__, path_vpn);
2137
2138 if (!path_vpn->net) {
2139 #ifdef ENABLE_BGP_VNC
2140 /* BGP_ROUTE_RFP routes do not have path_vpn->net set (yet) */
2141 if (path_vpn->type == ZEBRA_ROUTE_BGP
2142 && path_vpn->sub_type == BGP_ROUTE_RFP) {
2143
2144 return;
2145 }
2146 #endif
2147 if (debug)
2148 zlog_debug(
2149 "%s: path_vpn->net unexpectedly NULL, no prefix, bailing",
2150 __func__);
2151 return;
2152 }
2153
2154 p = bgp_dest_get_prefix(path_vpn->net);
2155 afi = family2afi(p->family);
2156
2157 /* Loop over VRFs */
2158 for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp)) {
2159 if (!vpn_leak_from_vpn_active(bgp, afi, &debugmsg)) {
2160 if (debug)
2161 zlog_debug("%s: skipping: %s", __func__,
2162 debugmsg);
2163 continue;
2164 }
2165
2166 /* Check for intersection of route targets */
2167 if (!ecommunity_include(
2168 bgp->vpn_policy[afi]
2169 .rtlist[BGP_VPN_POLICY_DIR_FROMVPN],
2170 bgp_attr_get_ecommunity(path_vpn->attr))) {
2171
2172 continue;
2173 }
2174
2175 if (debug)
2176 zlog_debug("%s: withdrawing from vrf %s", __func__,
2177 bgp->name_pretty);
2178
2179 bn = bgp_afi_node_get(bgp->rib[afi][safi], afi, safi, p, NULL);
2180
2181 for (bpi = bgp_dest_get_bgp_path_info(bn); bpi;
2182 bpi = bpi->next) {
2183 if (bpi->extra
2184 && (struct bgp_path_info *)bpi->extra->parent
2185 == path_vpn) {
2186 break;
2187 }
2188 }
2189
2190 if (bpi) {
2191 if (debug)
2192 zlog_debug("%s: deleting bpi %p", __func__,
2193 bpi);
2194 bgp_aggregate_decrement(bgp, p, bpi, afi, safi);
2195 bgp_path_info_delete(bn, bpi);
2196 bgp_process(bgp, bn, afi, safi);
2197 }
2198 bgp_dest_unlock_node(bn);
2199 }
2200 }
2201
2202 void vpn_leak_to_vrf_withdraw_all(struct bgp *to_bgp, afi_t afi)
2203 {
2204 struct bgp_dest *bn;
2205 struct bgp_path_info *bpi;
2206 safi_t safi = SAFI_UNICAST;
2207 int debug = BGP_DEBUG(vpn, VPN_LEAK_TO_VRF);
2208
2209 if (debug)
2210 zlog_debug("%s: entry", __func__);
2211 /*
2212 * Walk vrf table, delete bpi with bgp_orig in a different vrf
2213 */
2214 for (bn = bgp_table_top(to_bgp->rib[afi][safi]); bn;
2215 bn = bgp_route_next(bn)) {
2216
2217 for (bpi = bgp_dest_get_bgp_path_info(bn); bpi;
2218 bpi = bpi->next) {
2219 if (bpi->extra && bpi->extra->bgp_orig != to_bgp &&
2220 bpi->extra->parent &&
2221 is_pi_family_vpn(bpi->extra->parent)) {
2222
2223 /* delete route */
2224 bgp_aggregate_decrement(to_bgp,
2225 bgp_dest_get_prefix(bn),
2226 bpi, afi, safi);
2227 bgp_path_info_delete(bn, bpi);
2228 bgp_process(to_bgp, bn, afi, safi);
2229 }
2230 }
2231 }
2232 }
2233
2234 void vpn_leak_to_vrf_update_all(struct bgp *to_bgp, struct bgp *vpn_from,
2235 afi_t afi)
2236 {
2237 struct bgp_dest *pdest;
2238 safi_t safi = SAFI_MPLS_VPN;
2239
2240 assert(vpn_from);
2241
2242 /*
2243 * Walk vpn table
2244 */
2245 for (pdest = bgp_table_top(vpn_from->rib[afi][safi]); pdest;
2246 pdest = bgp_route_next(pdest)) {
2247 struct bgp_table *table;
2248 struct bgp_dest *bn;
2249 struct bgp_path_info *bpi;
2250
2251 /* This is the per-RD table of prefixes */
2252 table = bgp_dest_get_bgp_table_info(pdest);
2253
2254 if (!table)
2255 continue;
2256
2257 for (bn = bgp_table_top(table); bn; bn = bgp_route_next(bn)) {
2258
2259 for (bpi = bgp_dest_get_bgp_path_info(bn); bpi;
2260 bpi = bpi->next) {
2261
2262 if (bpi->extra &&
2263 bpi->extra->bgp_orig == to_bgp)
2264 continue;
2265
2266 vpn_leak_to_vrf_update_onevrf(to_bgp, vpn_from,
2267 bpi, NULL);
2268 }
2269 }
2270 }
2271 }
2272
2273 /*
2274 * This function is called for definition/deletion/change to a route-map
2275 */
2276 static void vpn_policy_routemap_update(struct bgp *bgp, const char *rmap_name)
2277 {
2278 int debug = BGP_DEBUG(vpn, VPN_LEAK_RMAP_EVENT);
2279 afi_t afi;
2280 struct route_map *rmap;
2281
2282 if (bgp->inst_type != BGP_INSTANCE_TYPE_DEFAULT
2283 && bgp->inst_type != BGP_INSTANCE_TYPE_VRF) {
2284
2285 return;
2286 }
2287
2288 rmap = route_map_lookup_by_name(rmap_name); /* NULL if deleted */
2289
2290 for (afi = 0; afi < AFI_MAX; ++afi) {
2291
2292 if (bgp->vpn_policy[afi].rmap_name[BGP_VPN_POLICY_DIR_TOVPN]
2293 && !strcmp(rmap_name,
2294 bgp->vpn_policy[afi]
2295 .rmap_name[BGP_VPN_POLICY_DIR_TOVPN])) {
2296
2297 if (debug)
2298 zlog_debug(
2299 "%s: rmap \"%s\" matches vrf-policy tovpn for as %d afi %s",
2300 __func__, rmap_name, bgp->as,
2301 afi2str(afi));
2302
2303 vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN, afi,
2304 bgp_get_default(), bgp);
2305 if (debug)
2306 zlog_debug("%s: after vpn_leak_prechange",
2307 __func__);
2308
2309 /* in case of definition/deletion */
2310 bgp->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_TOVPN] =
2311 rmap;
2312
2313 vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN, afi,
2314 bgp_get_default(), bgp);
2315
2316 if (debug)
2317 zlog_debug("%s: after vpn_leak_postchange",
2318 __func__);
2319 }
2320
2321 if (bgp->vpn_policy[afi].rmap_name[BGP_VPN_POLICY_DIR_FROMVPN]
2322 && !strcmp(rmap_name,
2323 bgp->vpn_policy[afi]
2324 .rmap_name[BGP_VPN_POLICY_DIR_FROMVPN])) {
2325
2326 if (debug) {
2327 zlog_debug("%s: rmap \"%s\" matches vrf-policy fromvpn for as %d afi %s",
2328 __func__, rmap_name, bgp->as,
2329 afi2str(afi));
2330 }
2331
2332 vpn_leak_prechange(BGP_VPN_POLICY_DIR_FROMVPN, afi,
2333 bgp_get_default(), bgp);
2334
2335 /* in case of definition/deletion */
2336 bgp->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_FROMVPN] =
2337 rmap;
2338
2339 vpn_leak_postchange(BGP_VPN_POLICY_DIR_FROMVPN, afi,
2340 bgp_get_default(), bgp);
2341 }
2342 }
2343 }
2344
2345 /* This API is used during router-id change, reflect VPNs
2346 * auto RD and RT values and readvertise routes to VPN table.
2347 */
2348 void vpn_handle_router_id_update(struct bgp *bgp, bool withdraw,
2349 bool is_config)
2350 {
2351 afi_t afi;
2352 int debug = (BGP_DEBUG(vpn, VPN_LEAK_TO_VRF)
2353 | BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF));
2354 char *vname;
2355 const char *export_name;
2356 char buf[RD_ADDRSTRLEN];
2357 struct bgp *bgp_import;
2358 struct listnode *node;
2359 struct ecommunity *ecom;
2360 enum vpn_policy_direction idir, edir;
2361
2362 /*
2363 * Router-id change that is not explicitly configured
2364 * (a change from zebra, frr restart for example)
2365 * should not replace a configured vpn RD/RT.
2366 */
2367 if (!is_config) {
2368 if (debug)
2369 zlog_debug("%s: skipping non explicit router-id change",
2370 __func__);
2371 return;
2372 }
2373
2374 if (bgp->inst_type != BGP_INSTANCE_TYPE_DEFAULT
2375 && bgp->inst_type != BGP_INSTANCE_TYPE_VRF)
2376 return;
2377
2378 export_name = bgp->name ? bgp->name : VRF_DEFAULT_NAME;
2379 idir = BGP_VPN_POLICY_DIR_FROMVPN;
2380 edir = BGP_VPN_POLICY_DIR_TOVPN;
2381
2382 for (afi = 0; afi < AFI_MAX; ++afi) {
2383 if (!vpn_leak_to_vpn_active(bgp, afi, NULL))
2384 continue;
2385
2386 if (withdraw) {
2387 vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN,
2388 afi, bgp_get_default(), bgp);
2389 if (debug)
2390 zlog_debug("%s: %s after to_vpn vpn_leak_prechange",
2391 __func__, export_name);
2392
2393 /* Remove import RT from VRFs */
2394 ecom = bgp->vpn_policy[afi].rtlist[edir];
2395 for (ALL_LIST_ELEMENTS_RO(bgp->vpn_policy[afi].
2396 export_vrf, node, vname)) {
2397 if (strcmp(vname, VRF_DEFAULT_NAME) == 0)
2398 bgp_import = bgp_get_default();
2399 else
2400 bgp_import = bgp_lookup_by_name(vname);
2401 if (!bgp_import)
2402 continue;
2403
2404 ecommunity_del_val(
2405 bgp_import->vpn_policy[afi]
2406 .rtlist[idir],
2407 (struct ecommunity_val *)ecom->val);
2408 }
2409 } else {
2410 /* New router-id derive auto RD and RT and export
2411 * to VPN
2412 */
2413 form_auto_rd(bgp->router_id, bgp->vrf_rd_id,
2414 &bgp->vrf_prd_auto);
2415 bgp->vpn_policy[afi].tovpn_rd = bgp->vrf_prd_auto;
2416 prefix_rd2str(&bgp->vpn_policy[afi].tovpn_rd, buf,
2417 sizeof(buf));
2418
2419 /* free up pre-existing memory if any and allocate
2420 * the ecommunity attribute with new RD/RT
2421 */
2422 if (bgp->vpn_policy[afi].rtlist[edir])
2423 ecommunity_free(
2424 &bgp->vpn_policy[afi].rtlist[edir]);
2425 bgp->vpn_policy[afi].rtlist[edir] = ecommunity_str2com(
2426 buf, ECOMMUNITY_ROUTE_TARGET, 0);
2427
2428 /* Update import_vrf rt_list */
2429 ecom = bgp->vpn_policy[afi].rtlist[edir];
2430 for (ALL_LIST_ELEMENTS_RO(bgp->vpn_policy[afi].
2431 export_vrf, node, vname)) {
2432 if (strcmp(vname, VRF_DEFAULT_NAME) == 0)
2433 bgp_import = bgp_get_default();
2434 else
2435 bgp_import = bgp_lookup_by_name(vname);
2436 if (!bgp_import)
2437 continue;
2438 if (bgp_import->vpn_policy[afi].rtlist[idir])
2439 bgp_import->vpn_policy[afi].rtlist[idir]
2440 = ecommunity_merge(
2441 bgp_import->vpn_policy[afi]
2442 .rtlist[idir], ecom);
2443 else
2444 bgp_import->vpn_policy[afi].rtlist[idir]
2445 = ecommunity_dup(ecom);
2446 }
2447
2448 /* Update routes to VPN */
2449 vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN,
2450 afi, bgp_get_default(),
2451 bgp);
2452 if (debug)
2453 zlog_debug("%s: %s after to_vpn vpn_leak_postchange",
2454 __func__, export_name);
2455 }
2456 }
2457 }
2458
2459 void vpn_policy_routemap_event(const char *rmap_name)
2460 {
2461 int debug = BGP_DEBUG(vpn, VPN_LEAK_RMAP_EVENT);
2462 struct listnode *mnode, *mnnode;
2463 struct bgp *bgp;
2464
2465 if (debug)
2466 zlog_debug("%s: entry", __func__);
2467
2468 if (bm->bgp == NULL) /* may be called during cleanup */
2469 return;
2470
2471 for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp))
2472 vpn_policy_routemap_update(bgp, rmap_name);
2473 }
2474
2475 void vrf_import_from_vrf(struct bgp *to_bgp, struct bgp *from_bgp,
2476 afi_t afi, safi_t safi)
2477 {
2478 const char *export_name;
2479 enum vpn_policy_direction idir, edir;
2480 char *vname, *tmp_name;
2481 char buf[RD_ADDRSTRLEN];
2482 struct ecommunity *ecom;
2483 bool first_export = false;
2484 int debug;
2485 struct listnode *node;
2486 bool is_inst_match = false;
2487
2488 export_name = to_bgp->name ? to_bgp->name : VRF_DEFAULT_NAME;
2489 idir = BGP_VPN_POLICY_DIR_FROMVPN;
2490 edir = BGP_VPN_POLICY_DIR_TOVPN;
2491
2492 debug = (BGP_DEBUG(vpn, VPN_LEAK_TO_VRF) |
2493 BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF));
2494
2495 /*
2496 * Cross-ref both VRFs. Also, note if this is the first time
2497 * any VRF is importing from "import_vrf".
2498 */
2499 vname = (from_bgp->name ? XSTRDUP(MTYPE_TMP, from_bgp->name)
2500 : XSTRDUP(MTYPE_TMP, VRF_DEFAULT_NAME));
2501
2502 /* Check the import_vrf list of destination vrf for the source vrf name,
2503 * insert otherwise.
2504 */
2505 for (ALL_LIST_ELEMENTS_RO(to_bgp->vpn_policy[afi].import_vrf,
2506 node, tmp_name)) {
2507 if (strcmp(vname, tmp_name) == 0) {
2508 is_inst_match = true;
2509 break;
2510 }
2511 }
2512 if (!is_inst_match)
2513 listnode_add(to_bgp->vpn_policy[afi].import_vrf,
2514 vname);
2515 else
2516 XFREE(MTYPE_TMP, vname);
2517
2518 /* Check if the source vrf already exports to any vrf,
2519 * first time export requires to setup auto derived RD/RT values.
2520 * Add the destination vrf name to export vrf list if it is
2521 * not present.
2522 */
2523 is_inst_match = false;
2524 vname = XSTRDUP(MTYPE_TMP, export_name);
2525 if (!listcount(from_bgp->vpn_policy[afi].export_vrf)) {
2526 first_export = true;
2527 } else {
2528 for (ALL_LIST_ELEMENTS_RO(from_bgp->vpn_policy[afi].export_vrf,
2529 node, tmp_name)) {
2530 if (strcmp(vname, tmp_name) == 0) {
2531 is_inst_match = true;
2532 break;
2533 }
2534 }
2535 }
2536 if (!is_inst_match)
2537 listnode_add(from_bgp->vpn_policy[afi].export_vrf,
2538 vname);
2539 else
2540 XFREE(MTYPE_TMP, vname);
2541
2542 /* Update import RT for current VRF using export RT of the VRF we're
2543 * importing from. First though, make sure "import_vrf" has that
2544 * set.
2545 */
2546 if (first_export) {
2547 form_auto_rd(from_bgp->router_id, from_bgp->vrf_rd_id,
2548 &from_bgp->vrf_prd_auto);
2549 from_bgp->vpn_policy[afi].tovpn_rd = from_bgp->vrf_prd_auto;
2550 SET_FLAG(from_bgp->vpn_policy[afi].flags,
2551 BGP_VPN_POLICY_TOVPN_RD_SET);
2552 prefix_rd2str(&from_bgp->vpn_policy[afi].tovpn_rd,
2553 buf, sizeof(buf));
2554 from_bgp->vpn_policy[afi].rtlist[edir] =
2555 ecommunity_str2com(buf, ECOMMUNITY_ROUTE_TARGET, 0);
2556 SET_FLAG(from_bgp->af_flags[afi][safi],
2557 BGP_CONFIG_VRF_TO_VRF_EXPORT);
2558 from_bgp->vpn_policy[afi].tovpn_label =
2559 BGP_PREVENT_VRF_2_VRF_LEAK;
2560 }
2561 ecom = from_bgp->vpn_policy[afi].rtlist[edir];
2562 if (to_bgp->vpn_policy[afi].rtlist[idir])
2563 to_bgp->vpn_policy[afi].rtlist[idir] =
2564 ecommunity_merge(to_bgp->vpn_policy[afi]
2565 .rtlist[idir], ecom);
2566 else
2567 to_bgp->vpn_policy[afi].rtlist[idir] = ecommunity_dup(ecom);
2568 SET_FLAG(to_bgp->af_flags[afi][safi], BGP_CONFIG_VRF_TO_VRF_IMPORT);
2569
2570 if (debug) {
2571 const char *from_name;
2572 char *ecom1, *ecom2;
2573
2574 from_name = from_bgp->name ? from_bgp->name :
2575 VRF_DEFAULT_NAME;
2576
2577 ecom1 = ecommunity_ecom2str(
2578 to_bgp->vpn_policy[afi].rtlist[idir],
2579 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
2580
2581 ecom2 = ecommunity_ecom2str(
2582 to_bgp->vpn_policy[afi].rtlist[edir],
2583 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
2584
2585 zlog_debug(
2586 "%s from %s to %s first_export %u import-rt %s export-rt %s",
2587 __func__, from_name, export_name, first_export, ecom1,
2588 ecom2);
2589
2590 ecommunity_strfree(&ecom1);
2591 ecommunity_strfree(&ecom2);
2592 }
2593
2594 /* Does "import_vrf" first need to export its routes or that
2595 * is already done and we just need to import those routes
2596 * from the global table?
2597 */
2598 if (first_export)
2599 vpn_leak_postchange(edir, afi, bgp_get_default(), from_bgp);
2600 else
2601 vpn_leak_postchange(idir, afi, bgp_get_default(), to_bgp);
2602 }
2603
2604 void vrf_unimport_from_vrf(struct bgp *to_bgp, struct bgp *from_bgp,
2605 afi_t afi, safi_t safi)
2606 {
2607 const char *export_name, *tmp_name;
2608 enum vpn_policy_direction idir, edir;
2609 char *vname;
2610 struct ecommunity *ecom = NULL;
2611 struct listnode *node;
2612 int debug;
2613
2614 export_name = to_bgp->name ? to_bgp->name : VRF_DEFAULT_NAME;
2615 tmp_name = from_bgp->name ? from_bgp->name : VRF_DEFAULT_NAME;
2616 idir = BGP_VPN_POLICY_DIR_FROMVPN;
2617 edir = BGP_VPN_POLICY_DIR_TOVPN;
2618
2619 debug = (BGP_DEBUG(vpn, VPN_LEAK_TO_VRF) |
2620 BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF));
2621
2622 /* Were we importing from "import_vrf"? */
2623 for (ALL_LIST_ELEMENTS_RO(to_bgp->vpn_policy[afi].import_vrf, node,
2624 vname)) {
2625 if (strcmp(vname, tmp_name) == 0)
2626 break;
2627 }
2628
2629 /*
2630 * We do not check in the cli if the passed in bgp
2631 * instance is actually imported into us before
2632 * we call this function. As such if we do not
2633 * find this in the import_vrf list than
2634 * we just need to return safely.
2635 */
2636 if (!vname)
2637 return;
2638
2639 if (debug)
2640 zlog_debug("%s from %s to %s", __func__, tmp_name, export_name);
2641
2642 /* Remove "import_vrf" from our import list. */
2643 listnode_delete(to_bgp->vpn_policy[afi].import_vrf, vname);
2644 XFREE(MTYPE_TMP, vname);
2645
2646 /* Remove routes imported from "import_vrf". */
2647 /* TODO: In the current logic, we have to first remove all
2648 * imported routes and then (if needed) import back routes
2649 */
2650 vpn_leak_prechange(idir, afi, bgp_get_default(), to_bgp);
2651
2652 if (to_bgp->vpn_policy[afi].import_vrf->count == 0) {
2653 if (!to_bgp->vpn_policy[afi].rmap[idir])
2654 UNSET_FLAG(to_bgp->af_flags[afi][safi],
2655 BGP_CONFIG_VRF_TO_VRF_IMPORT);
2656 if (to_bgp->vpn_policy[afi].rtlist[idir])
2657 ecommunity_free(&to_bgp->vpn_policy[afi].rtlist[idir]);
2658 } else {
2659 ecom = from_bgp->vpn_policy[afi].rtlist[edir];
2660 if (ecom)
2661 ecommunity_del_val(to_bgp->vpn_policy[afi].rtlist[idir],
2662 (struct ecommunity_val *)ecom->val);
2663 vpn_leak_postchange(idir, afi, bgp_get_default(), to_bgp);
2664 }
2665
2666 /*
2667 * What?
2668 * So SA is assuming that since the ALL_LIST_ELEMENTS_RO
2669 * below is checking for NULL that export_vrf can be
2670 * NULL, consequently it is complaining( like a cabbage )
2671 * that we could dereference and crash in the listcount(..)
2672 * check below.
2673 * So make it happy, under protest, with liberty and justice
2674 * for all.
2675 */
2676 assert(from_bgp->vpn_policy[afi].export_vrf);
2677
2678 /* Remove us from "import_vrf's" export list. If no other VRF
2679 * is importing from "import_vrf", cleanup appropriately.
2680 */
2681 for (ALL_LIST_ELEMENTS_RO(from_bgp->vpn_policy[afi].export_vrf,
2682 node, vname)) {
2683 if (strcmp(vname, export_name) == 0)
2684 break;
2685 }
2686
2687 /*
2688 * If we have gotten to this point then the vname must
2689 * exist. If not, we are in a world of trouble and
2690 * have slag sitting around.
2691 *
2692 * import_vrf and export_vrf must match in having
2693 * the in/out names as appropriate.
2694 * export_vrf list could have been cleaned up
2695 * as part of no router bgp source instnace.
2696 */
2697 if (!vname)
2698 return;
2699
2700 listnode_delete(from_bgp->vpn_policy[afi].export_vrf, vname);
2701 XFREE(MTYPE_TMP, vname);
2702
2703 if (!listcount(from_bgp->vpn_policy[afi].export_vrf)) {
2704 vpn_leak_prechange(edir, afi, bgp_get_default(), from_bgp);
2705 ecommunity_free(&from_bgp->vpn_policy[afi].rtlist[edir]);
2706 UNSET_FLAG(from_bgp->af_flags[afi][safi],
2707 BGP_CONFIG_VRF_TO_VRF_EXPORT);
2708 memset(&from_bgp->vpn_policy[afi].tovpn_rd, 0,
2709 sizeof(struct prefix_rd));
2710 UNSET_FLAG(from_bgp->vpn_policy[afi].flags,
2711 BGP_VPN_POLICY_TOVPN_RD_SET);
2712 from_bgp->vpn_policy[afi].tovpn_label = MPLS_LABEL_NONE;
2713
2714 }
2715 }
2716
2717 /* For testing purpose, static route of MPLS-VPN. */
2718 DEFUN (vpnv4_network,
2719 vpnv4_network_cmd,
2720 "network A.B.C.D/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575)",
2721 "Specify a network to announce via BGP\n"
2722 "IPv4 prefix\n"
2723 "Specify Route Distinguisher\n"
2724 "VPN Route Distinguisher\n"
2725 "VPN NLRI label (tag)\n"
2726 "VPN NLRI label (tag)\n"
2727 "Label value\n")
2728 {
2729 int idx_ipv4_prefixlen = 1;
2730 int idx_ext_community = 3;
2731 int idx_label = 5;
2732 return bgp_static_set_safi(
2733 AFI_IP, SAFI_MPLS_VPN, vty, argv[idx_ipv4_prefixlen]->arg,
2734 argv[idx_ext_community]->arg, argv[idx_label]->arg, NULL, 0,
2735 NULL, NULL, NULL, NULL);
2736 }
2737
2738 DEFUN (vpnv4_network_route_map,
2739 vpnv4_network_route_map_cmd,
2740 "network A.B.C.D/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575) route-map RMAP_NAME",
2741 "Specify a network to announce via BGP\n"
2742 "IPv4 prefix\n"
2743 "Specify Route Distinguisher\n"
2744 "VPN Route Distinguisher\n"
2745 "VPN NLRI label (tag)\n"
2746 "VPN NLRI label (tag)\n"
2747 "Label value\n"
2748 "route map\n"
2749 "route map name\n")
2750 {
2751 int idx_ipv4_prefixlen = 1;
2752 int idx_ext_community = 3;
2753 int idx_label = 5;
2754 int idx_word_2 = 7;
2755 return bgp_static_set_safi(
2756 AFI_IP, SAFI_MPLS_VPN, vty, argv[idx_ipv4_prefixlen]->arg,
2757 argv[idx_ext_community]->arg, argv[idx_label]->arg,
2758 argv[idx_word_2]->arg, 0, NULL, NULL, NULL, NULL);
2759 }
2760
2761 /* For testing purpose, static route of MPLS-VPN. */
2762 DEFUN (no_vpnv4_network,
2763 no_vpnv4_network_cmd,
2764 "no network A.B.C.D/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575)",
2765 NO_STR
2766 "Specify a network to announce via BGP\n"
2767 "IPv4 prefix\n"
2768 "Specify Route Distinguisher\n"
2769 "VPN Route Distinguisher\n"
2770 "VPN NLRI label (tag)\n"
2771 "VPN NLRI label (tag)\n"
2772 "Label value\n")
2773 {
2774 int idx_ipv4_prefixlen = 2;
2775 int idx_ext_community = 4;
2776 int idx_label = 6;
2777 return bgp_static_unset_safi(AFI_IP, SAFI_MPLS_VPN, vty,
2778 argv[idx_ipv4_prefixlen]->arg,
2779 argv[idx_ext_community]->arg,
2780 argv[idx_label]->arg, 0, NULL, NULL, NULL);
2781 }
2782
2783 DEFUN (vpnv6_network,
2784 vpnv6_network_cmd,
2785 "network X:X::X:X/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575) [route-map RMAP_NAME]",
2786 "Specify a network to announce via BGP\n"
2787 "IPv6 prefix <network>/<length>, e.g., 3ffe::/16\n"
2788 "Specify Route Distinguisher\n"
2789 "VPN Route Distinguisher\n"
2790 "VPN NLRI label (tag)\n"
2791 "VPN NLRI label (tag)\n"
2792 "Label value\n"
2793 "route map\n"
2794 "route map name\n")
2795 {
2796 int idx_ipv6_prefix = 1;
2797 int idx_ext_community = 3;
2798 int idx_label = 5;
2799 int idx_word_2 = 7;
2800 if (argc == 8)
2801 return bgp_static_set_safi(
2802 AFI_IP6, SAFI_MPLS_VPN, vty, argv[idx_ipv6_prefix]->arg,
2803 argv[idx_ext_community]->arg, argv[idx_label]->arg,
2804 argv[idx_word_2]->arg, 0, NULL, NULL, NULL, NULL);
2805 else
2806 return bgp_static_set_safi(
2807 AFI_IP6, SAFI_MPLS_VPN, vty, argv[idx_ipv6_prefix]->arg,
2808 argv[idx_ext_community]->arg, argv[idx_label]->arg,
2809 NULL, 0, NULL, NULL, NULL, NULL);
2810 }
2811
2812 /* For testing purpose, static route of MPLS-VPN. */
2813 DEFUN (no_vpnv6_network,
2814 no_vpnv6_network_cmd,
2815 "no network X:X::X:X/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575)",
2816 NO_STR
2817 "Specify a network to announce via BGP\n"
2818 "IPv6 prefix <network>/<length>, e.g., 3ffe::/16\n"
2819 "Specify Route Distinguisher\n"
2820 "VPN Route Distinguisher\n"
2821 "VPN NLRI label (tag)\n"
2822 "VPN NLRI label (tag)\n"
2823 "Label value\n")
2824 {
2825 int idx_ipv6_prefix = 2;
2826 int idx_ext_community = 4;
2827 int idx_label = 6;
2828 return bgp_static_unset_safi(AFI_IP6, SAFI_MPLS_VPN, vty,
2829 argv[idx_ipv6_prefix]->arg,
2830 argv[idx_ext_community]->arg,
2831 argv[idx_label]->arg, 0, NULL, NULL, NULL);
2832 }
2833
2834 int bgp_show_mpls_vpn(struct vty *vty, afi_t afi, struct prefix_rd *prd,
2835 enum bgp_show_type type, void *output_arg, int tags,
2836 bool use_json)
2837 {
2838 struct bgp *bgp;
2839 struct bgp_table *table;
2840
2841 bgp = bgp_get_default();
2842 if (bgp == NULL) {
2843 if (!use_json)
2844 vty_out(vty, "No BGP process is configured\n");
2845 else
2846 vty_out(vty, "{}\n");
2847 return CMD_WARNING;
2848 }
2849 table = bgp->rib[afi][SAFI_MPLS_VPN];
2850 return bgp_show_table_rd(vty, bgp, SAFI_MPLS_VPN, table, prd, type,
2851 output_arg, use_json);
2852 }
2853
2854 DEFUN (show_bgp_ip_vpn_all_rd,
2855 show_bgp_ip_vpn_all_rd_cmd,
2856 "show bgp "BGP_AFI_CMD_STR" vpn all [rd <ASN:NN_OR_IP-ADDRESS:NN|all>] [json]",
2857 SHOW_STR
2858 BGP_STR
2859 BGP_VPNVX_HELP_STR
2860 "Display VPN NLRI specific information\n"
2861 "Display VPN NLRI specific information\n"
2862 "Display information for a route distinguisher\n"
2863 "VPN Route Distinguisher\n"
2864 "All VPN Route Distinguishers\n"
2865 JSON_STR)
2866 {
2867 int ret;
2868 struct prefix_rd prd;
2869 afi_t afi;
2870 int idx = 0;
2871
2872 if (argv_find_and_parse_afi(argv, argc, &idx, &afi)) {
2873 /* Constrain search if user supplies RD && RD != "all" */
2874 if (argv_find(argv, argc, "rd", &idx)
2875 && strcmp(argv[idx + 1]->arg, "all")) {
2876 ret = str2prefix_rd(argv[idx + 1]->arg, &prd);
2877 if (!ret) {
2878 vty_out(vty,
2879 "%% Malformed Route Distinguisher\n");
2880 return CMD_WARNING;
2881 }
2882 return bgp_show_mpls_vpn(vty, afi, &prd,
2883 bgp_show_type_normal, NULL, 0,
2884 use_json(argc, argv));
2885 } else {
2886 return bgp_show_mpls_vpn(vty, afi, NULL,
2887 bgp_show_type_normal, NULL, 0,
2888 use_json(argc, argv));
2889 }
2890 }
2891 return CMD_SUCCESS;
2892 }
2893
2894 ALIAS(show_bgp_ip_vpn_all_rd,
2895 show_bgp_ip_vpn_rd_cmd,
2896 "show bgp "BGP_AFI_CMD_STR" vpn rd <ASN:NN_OR_IP-ADDRESS:NN|all> [json]",
2897 SHOW_STR
2898 BGP_STR
2899 BGP_VPNVX_HELP_STR
2900 "Display VPN NLRI specific information\n"
2901 "Display information for a route distinguisher\n"
2902 "VPN Route Distinguisher\n"
2903 "All VPN Route Distinguishers\n"
2904 JSON_STR)
2905
2906 #ifdef KEEP_OLD_VPN_COMMANDS
2907 DEFUN (show_ip_bgp_vpn_rd,
2908 show_ip_bgp_vpn_rd_cmd,
2909 "show ip bgp "BGP_AFI_CMD_STR" vpn rd <ASN:NN_OR_IP-ADDRESS:NN|all>",
2910 SHOW_STR
2911 IP_STR
2912 BGP_STR
2913 BGP_AFI_HELP_STR
2914 BGP_AF_MODIFIER_STR
2915 "Display information for a route distinguisher\n"
2916 "VPN Route Distinguisher\n"
2917 "All VPN Route Distinguishers\n")
2918 {
2919 int idx_ext_community = argc - 1;
2920 int ret;
2921 struct prefix_rd prd;
2922 afi_t afi;
2923 int idx = 0;
2924
2925 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
2926 if (!strcmp(argv[idx_ext_community]->arg, "all"))
2927 return bgp_show_mpls_vpn(vty, afi, NULL,
2928 bgp_show_type_normal, NULL, 0,
2929 0);
2930 ret = str2prefix_rd(argv[idx_ext_community]->arg, &prd);
2931 if (!ret) {
2932 vty_out(vty, "%% Malformed Route Distinguisher\n");
2933 return CMD_WARNING;
2934 }
2935 return bgp_show_mpls_vpn(vty, afi, &prd, bgp_show_type_normal,
2936 NULL, 0, 0);
2937 }
2938 return CMD_SUCCESS;
2939 }
2940
2941 DEFUN (show_ip_bgp_vpn_all,
2942 show_ip_bgp_vpn_all_cmd,
2943 "show [ip] bgp <vpnv4|vpnv6>",
2944 SHOW_STR
2945 IP_STR
2946 BGP_STR
2947 BGP_VPNVX_HELP_STR)
2948 {
2949 afi_t afi;
2950 int idx = 0;
2951
2952 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi))
2953 return bgp_show_mpls_vpn(vty, afi, NULL, bgp_show_type_normal,
2954 NULL, 0, 0);
2955 return CMD_SUCCESS;
2956 }
2957
2958 DEFUN (show_ip_bgp_vpn_all_tags,
2959 show_ip_bgp_vpn_all_tags_cmd,
2960 "show [ip] bgp <vpnv4|vpnv6> all tags",
2961 SHOW_STR
2962 IP_STR
2963 BGP_STR
2964 BGP_VPNVX_HELP_STR
2965 "Display information about all VPNv4/VPNV6 NLRIs\n"
2966 "Display BGP tags for prefixes\n")
2967 {
2968 afi_t afi;
2969 int idx = 0;
2970
2971 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi))
2972 return bgp_show_mpls_vpn(vty, afi, NULL, bgp_show_type_normal,
2973 NULL, 1, 0);
2974 return CMD_SUCCESS;
2975 }
2976
2977 DEFUN (show_ip_bgp_vpn_rd_tags,
2978 show_ip_bgp_vpn_rd_tags_cmd,
2979 "show [ip] bgp <vpnv4|vpnv6> rd <ASN:NN_OR_IP-ADDRESS:NN|all> tags",
2980 SHOW_STR
2981 IP_STR
2982 BGP_STR
2983 BGP_VPNVX_HELP_STR
2984 "Display information for a route distinguisher\n"
2985 "VPN Route Distinguisher\n"
2986 "All VPN Route Distinguishers\n"
2987 "Display BGP tags for prefixes\n")
2988 {
2989 int idx_ext_community = 5;
2990 int ret;
2991 struct prefix_rd prd;
2992 afi_t afi;
2993 int idx = 0;
2994
2995 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
2996 if (!strcmp(argv[idx_ext_community]->arg, "all"))
2997 return bgp_show_mpls_vpn(vty, afi, NULL,
2998 bgp_show_type_normal, NULL, 1,
2999 0);
3000 ret = str2prefix_rd(argv[idx_ext_community]->arg, &prd);
3001 if (!ret) {
3002 vty_out(vty, "%% Malformed Route Distinguisher\n");
3003 return CMD_WARNING;
3004 }
3005 return bgp_show_mpls_vpn(vty, afi, &prd, bgp_show_type_normal,
3006 NULL, 1, 0);
3007 }
3008 return CMD_SUCCESS;
3009 }
3010
3011 DEFUN (show_ip_bgp_vpn_all_neighbor_routes,
3012 show_ip_bgp_vpn_all_neighbor_routes_cmd,
3013 "show [ip] bgp <vpnv4|vpnv6> all neighbors A.B.C.D routes [json]",
3014 SHOW_STR
3015 IP_STR
3016 BGP_STR
3017 BGP_VPNVX_HELP_STR
3018 "Display information about all VPNv4/VPNv6 NLRIs\n"
3019 "Detailed information on TCP and BGP neighbor connections\n"
3020 "Neighbor to display information about\n"
3021 "Display routes learned from neighbor\n"
3022 JSON_STR)
3023 {
3024 int idx_ipv4 = 6;
3025 union sockunion su;
3026 struct peer *peer;
3027 int ret;
3028 bool uj = use_json(argc, argv);
3029 afi_t afi;
3030 int idx = 0;
3031
3032 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
3033 ret = str2sockunion(argv[idx_ipv4]->arg, &su);
3034 if (ret < 0) {
3035 if (uj) {
3036 json_object *json_no = NULL;
3037 json_no = json_object_new_object();
3038 json_object_string_add(json_no, "warning",
3039 "Malformed address");
3040 vty_out(vty, "%s\n",
3041 json_object_to_json_string(json_no));
3042 json_object_free(json_no);
3043 } else
3044 vty_out(vty, "Malformed address: %s\n",
3045 argv[idx_ipv4]->arg);
3046 return CMD_WARNING;
3047 }
3048
3049 peer = peer_lookup(NULL, &su);
3050 if (!peer || !peer->afc[afi][SAFI_MPLS_VPN]) {
3051 if (uj) {
3052 json_object *json_no = NULL;
3053 json_no = json_object_new_object();
3054 json_object_string_add(
3055 json_no, "warning",
3056 "No such neighbor or address family");
3057 vty_out(vty, "%s\n",
3058 json_object_to_json_string(json_no));
3059 json_object_free(json_no);
3060 } else
3061 vty_out(vty,
3062 "%% No such neighbor or address family\n");
3063 return CMD_WARNING;
3064 }
3065
3066 return bgp_show_mpls_vpn(vty, afi, NULL, bgp_show_type_neighbor,
3067 &su, 0, uj);
3068 }
3069 return CMD_SUCCESS;
3070 }
3071
3072 DEFUN (show_ip_bgp_vpn_rd_neighbor_routes,
3073 show_ip_bgp_vpn_rd_neighbor_routes_cmd,
3074 "show [ip] bgp <vpnv4|vpnv6> rd <ASN:NN_OR_IP-ADDRESS:NN|all> neighbors A.B.C.D routes [json]",
3075 SHOW_STR
3076 IP_STR
3077 BGP_STR
3078 BGP_VPNVX_HELP_STR
3079 "Display information for a route distinguisher\n"
3080 "VPN Route Distinguisher\n"
3081 "All VPN Route Distinguishers\n"
3082 "Detailed information on TCP and BGP neighbor connections\n"
3083 "Neighbor to display information about\n"
3084 "Display routes learned from neighbor\n"
3085 JSON_STR)
3086 {
3087 int idx_ext_community = 5;
3088 int idx_ipv4 = 7;
3089 int ret;
3090 union sockunion su;
3091 struct peer *peer;
3092 struct prefix_rd prd;
3093 bool prefix_rd_all = false;
3094 bool uj = use_json(argc, argv);
3095 afi_t afi;
3096 int idx = 0;
3097
3098 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
3099 if (!strcmp(argv[idx_ext_community]->arg, "all"))
3100 prefix_rd_all = true;
3101 else {
3102 ret = str2prefix_rd(argv[idx_ext_community]->arg, &prd);
3103 if (!ret) {
3104 if (uj) {
3105 json_object *json_no = NULL;
3106 json_no = json_object_new_object();
3107 json_object_string_add(
3108 json_no, "warning",
3109 "Malformed Route Distinguisher");
3110 vty_out(vty, "%s\n",
3111 json_object_to_json_string(
3112 json_no));
3113 json_object_free(json_no);
3114 } else
3115 vty_out(vty,
3116 "%% Malformed Route Distinguisher\n");
3117 return CMD_WARNING;
3118 }
3119 }
3120
3121 ret = str2sockunion(argv[idx_ipv4]->arg, &su);
3122 if (ret < 0) {
3123 if (uj) {
3124 json_object *json_no = NULL;
3125 json_no = json_object_new_object();
3126 json_object_string_add(json_no, "warning",
3127 "Malformed address");
3128 vty_out(vty, "%s\n",
3129 json_object_to_json_string(json_no));
3130 json_object_free(json_no);
3131 } else
3132 vty_out(vty, "Malformed address: %s\n",
3133 argv[idx_ext_community]->arg);
3134 return CMD_WARNING;
3135 }
3136
3137 peer = peer_lookup(NULL, &su);
3138 if (!peer || !peer->afc[afi][SAFI_MPLS_VPN]) {
3139 if (uj) {
3140 json_object *json_no = NULL;
3141 json_no = json_object_new_object();
3142 json_object_string_add(
3143 json_no, "warning",
3144 "No such neighbor or address family");
3145 vty_out(vty, "%s\n",
3146 json_object_to_json_string(json_no));
3147 json_object_free(json_no);
3148 } else
3149 vty_out(vty,
3150 "%% No such neighbor or address family\n");
3151 return CMD_WARNING;
3152 }
3153
3154 if (prefix_rd_all)
3155 return bgp_show_mpls_vpn(vty, afi, NULL,
3156 bgp_show_type_neighbor, &su, 0,
3157 uj);
3158 else
3159 return bgp_show_mpls_vpn(vty, afi, &prd,
3160 bgp_show_type_neighbor, &su, 0,
3161 uj);
3162 }
3163 return CMD_SUCCESS;
3164 }
3165
3166 DEFUN (show_ip_bgp_vpn_all_neighbor_advertised_routes,
3167 show_ip_bgp_vpn_all_neighbor_advertised_routes_cmd,
3168 "show [ip] bgp <vpnv4|vpnv6> all neighbors A.B.C.D advertised-routes [json]",
3169 SHOW_STR
3170 IP_STR
3171 BGP_STR
3172 BGP_VPNVX_HELP_STR
3173 "Display information about all VPNv4/VPNv6 NLRIs\n"
3174 "Detailed information on TCP and BGP neighbor connections\n"
3175 "Neighbor to display information about\n"
3176 "Display the routes advertised to a BGP neighbor\n"
3177 JSON_STR)
3178 {
3179 int idx_ipv4 = 6;
3180 int ret;
3181 struct peer *peer;
3182 union sockunion su;
3183 bool uj = use_json(argc, argv);
3184 afi_t afi;
3185 int idx = 0;
3186
3187 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
3188 ret = str2sockunion(argv[idx_ipv4]->arg, &su);
3189 if (ret < 0) {
3190 if (uj) {
3191 json_object *json_no = NULL;
3192 json_no = json_object_new_object();
3193 json_object_string_add(json_no, "warning",
3194 "Malformed address");
3195 vty_out(vty, "%s\n",
3196 json_object_to_json_string(json_no));
3197 json_object_free(json_no);
3198 } else
3199 vty_out(vty, "Malformed address: %s\n",
3200 argv[idx_ipv4]->arg);
3201 return CMD_WARNING;
3202 }
3203 peer = peer_lookup(NULL, &su);
3204 if (!peer || !peer->afc[afi][SAFI_MPLS_VPN]) {
3205 if (uj) {
3206 json_object *json_no = NULL;
3207 json_no = json_object_new_object();
3208 json_object_string_add(
3209 json_no, "warning",
3210 "No such neighbor or address family");
3211 vty_out(vty, "%s\n",
3212 json_object_to_json_string(json_no));
3213 json_object_free(json_no);
3214 } else
3215 vty_out(vty,
3216 "%% No such neighbor or address family\n");
3217 return CMD_WARNING;
3218 }
3219 return show_adj_route_vpn(vty, peer, NULL, AFI_IP,
3220 SAFI_MPLS_VPN, uj);
3221 }
3222 return CMD_SUCCESS;
3223 }
3224
3225 DEFUN (show_ip_bgp_vpn_rd_neighbor_advertised_routes,
3226 show_ip_bgp_vpn_rd_neighbor_advertised_routes_cmd,
3227 "show [ip] bgp <vpnv4|vpnv6> rd <ASN:NN_OR_IP-ADDRESS:NN|all> neighbors A.B.C.D advertised-routes [json]",
3228 SHOW_STR
3229 IP_STR
3230 BGP_STR
3231 BGP_VPNVX_HELP_STR
3232 "Display information for a route distinguisher\n"
3233 "VPN Route Distinguisher\n"
3234 "All VPN Route Distinguishers\n"
3235 "Detailed information on TCP and BGP neighbor connections\n"
3236 "Neighbor to display information about\n"
3237 "Display the routes advertised to a BGP neighbor\n"
3238 JSON_STR)
3239 {
3240 int idx_ext_community = 5;
3241 int idx_ipv4 = 7;
3242 int ret;
3243 struct peer *peer;
3244 struct prefix_rd prd;
3245 union sockunion su;
3246 bool uj = use_json(argc, argv);
3247 afi_t afi;
3248 int idx = 0;
3249
3250 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
3251 ret = str2sockunion(argv[idx_ipv4]->arg, &su);
3252 if (ret < 0) {
3253 if (uj) {
3254 json_object *json_no = NULL;
3255 json_no = json_object_new_object();
3256 json_object_string_add(json_no, "warning",
3257 "Malformed address");
3258 vty_out(vty, "%s\n",
3259 json_object_to_json_string(json_no));
3260 json_object_free(json_no);
3261 } else
3262 vty_out(vty, "Malformed address: %s\n",
3263 argv[idx_ext_community]->arg);
3264 return CMD_WARNING;
3265 }
3266 peer = peer_lookup(NULL, &su);
3267 if (!peer || !peer->afc[afi][SAFI_MPLS_VPN]) {
3268 if (uj) {
3269 json_object *json_no = NULL;
3270 json_no = json_object_new_object();
3271 json_object_string_add(
3272 json_no, "warning",
3273 "No such neighbor or address family");
3274 vty_out(vty, "%s\n",
3275 json_object_to_json_string(json_no));
3276 json_object_free(json_no);
3277 } else
3278 vty_out(vty,
3279 "%% No such neighbor or address family\n");
3280 return CMD_WARNING;
3281 }
3282
3283 if (!strcmp(argv[idx_ext_community]->arg, "all"))
3284 return show_adj_route_vpn(vty, peer, NULL, AFI_IP,
3285 SAFI_MPLS_VPN, uj);
3286 ret = str2prefix_rd(argv[idx_ext_community]->arg, &prd);
3287 if (!ret) {
3288 if (uj) {
3289 json_object *json_no = NULL;
3290 json_no = json_object_new_object();
3291 json_object_string_add(
3292 json_no, "warning",
3293 "Malformed Route Distinguisher");
3294 vty_out(vty, "%s\n",
3295 json_object_to_json_string(json_no));
3296 json_object_free(json_no);
3297 } else
3298 vty_out(vty,
3299 "%% Malformed Route Distinguisher\n");
3300 return CMD_WARNING;
3301 }
3302
3303 return show_adj_route_vpn(vty, peer, &prd, AFI_IP,
3304 SAFI_MPLS_VPN, uj);
3305 }
3306 return CMD_SUCCESS;
3307 }
3308 #endif /* KEEP_OLD_VPN_COMMANDS */
3309
3310 void bgp_mplsvpn_init(void)
3311 {
3312 install_element(BGP_VPNV4_NODE, &vpnv4_network_cmd);
3313 install_element(BGP_VPNV4_NODE, &vpnv4_network_route_map_cmd);
3314 install_element(BGP_VPNV4_NODE, &no_vpnv4_network_cmd);
3315
3316 install_element(BGP_VPNV6_NODE, &vpnv6_network_cmd);
3317 install_element(BGP_VPNV6_NODE, &no_vpnv6_network_cmd);
3318
3319 install_element(VIEW_NODE, &show_bgp_ip_vpn_all_rd_cmd);
3320 install_element(VIEW_NODE, &show_bgp_ip_vpn_rd_cmd);
3321 #ifdef KEEP_OLD_VPN_COMMANDS
3322 install_element(VIEW_NODE, &show_ip_bgp_vpn_rd_cmd);
3323 install_element(VIEW_NODE, &show_ip_bgp_vpn_all_cmd);
3324 install_element(VIEW_NODE, &show_ip_bgp_vpn_all_tags_cmd);
3325 install_element(VIEW_NODE, &show_ip_bgp_vpn_rd_tags_cmd);
3326 install_element(VIEW_NODE, &show_ip_bgp_vpn_all_neighbor_routes_cmd);
3327 install_element(VIEW_NODE, &show_ip_bgp_vpn_rd_neighbor_routes_cmd);
3328 install_element(VIEW_NODE,
3329 &show_ip_bgp_vpn_all_neighbor_advertised_routes_cmd);
3330 install_element(VIEW_NODE,
3331 &show_ip_bgp_vpn_rd_neighbor_advertised_routes_cmd);
3332 #endif /* KEEP_OLD_VPN_COMMANDS */
3333 }
3334
3335 vrf_id_t get_first_vrf_for_redirect_with_rt(struct ecommunity *eckey)
3336 {
3337 struct listnode *mnode, *mnnode;
3338 struct bgp *bgp;
3339 afi_t afi = AFI_IP;
3340
3341 if (eckey->unit_size == IPV6_ECOMMUNITY_SIZE)
3342 afi = AFI_IP6;
3343
3344 for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp)) {
3345 struct ecommunity *ec;
3346
3347 if (bgp->inst_type != BGP_INSTANCE_TYPE_VRF)
3348 continue;
3349
3350 ec = bgp->vpn_policy[afi].import_redirect_rtlist;
3351
3352 if (ec && eckey->unit_size != ec->unit_size)
3353 continue;
3354
3355 if (ecommunity_include(ec, eckey))
3356 return bgp->vrf_id;
3357 }
3358 return VRF_UNKNOWN;
3359 }
3360
3361 /*
3362 * The purpose of this function is to process leaks that were deferred
3363 * from earlier per-vrf configuration due to not-yet-existing default
3364 * vrf, in other words, configuration such as:
3365 *
3366 * router bgp MMM vrf FOO
3367 * address-family ipv4 unicast
3368 * rd vpn export 1:1
3369 * exit-address-family
3370 *
3371 * router bgp NNN
3372 * ...
3373 *
3374 * This function gets called when the default instance ("router bgp NNN")
3375 * is created.
3376 */
3377 void vpn_leak_postchange_all(void)
3378 {
3379 struct listnode *next;
3380 struct bgp *bgp;
3381 struct bgp *bgp_default = bgp_get_default();
3382
3383 assert(bgp_default);
3384
3385 /* First, do any exporting from VRFs to the single VPN RIB */
3386 for (ALL_LIST_ELEMENTS_RO(bm->bgp, next, bgp)) {
3387
3388 if (bgp->inst_type != BGP_INSTANCE_TYPE_VRF)
3389 continue;
3390
3391 vpn_leak_postchange(
3392 BGP_VPN_POLICY_DIR_TOVPN,
3393 AFI_IP,
3394 bgp_default,
3395 bgp);
3396
3397 vpn_leak_postchange(
3398 BGP_VPN_POLICY_DIR_TOVPN,
3399 AFI_IP6,
3400 bgp_default,
3401 bgp);
3402 }
3403
3404 /* Now, do any importing to VRFs from the single VPN RIB */
3405 for (ALL_LIST_ELEMENTS_RO(bm->bgp, next, bgp)) {
3406
3407 if (bgp->inst_type != BGP_INSTANCE_TYPE_VRF)
3408 continue;
3409
3410 vpn_leak_postchange(
3411 BGP_VPN_POLICY_DIR_FROMVPN,
3412 AFI_IP,
3413 bgp_default,
3414 bgp);
3415
3416 vpn_leak_postchange(
3417 BGP_VPN_POLICY_DIR_FROMVPN,
3418 AFI_IP6,
3419 bgp_default,
3420 bgp);
3421 }
3422 }
3423
3424 /* When a bgp vrf instance is unconfigured, remove its routes
3425 * from the VPN table and this vrf could be importing routes from other
3426 * bgp vrf instnaces, unimport them.
3427 * VRF X and VRF Y are exporting routes to each other.
3428 * When VRF X is deleted, unimport its routes from all target vrfs,
3429 * also VRF Y should unimport its routes from VRF X table.
3430 * This will ensure VPN table is cleaned up appropriately.
3431 */
3432 void bgp_vpn_leak_unimport(struct bgp *from_bgp)
3433 {
3434 struct bgp *to_bgp;
3435 const char *tmp_name;
3436 char *vname;
3437 struct listnode *node, *next;
3438 safi_t safi = SAFI_UNICAST;
3439 afi_t afi;
3440 bool is_vrf_leak_bind;
3441 int debug;
3442
3443 if (from_bgp->inst_type != BGP_INSTANCE_TYPE_VRF)
3444 return;
3445
3446 debug = (BGP_DEBUG(vpn, VPN_LEAK_TO_VRF) |
3447 BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF));
3448
3449 tmp_name = from_bgp->name ? from_bgp->name : VRF_DEFAULT_NAME;
3450
3451 for (afi = 0; afi < AFI_MAX; ++afi) {
3452 /* vrf leak is for IPv4 and IPv6 Unicast only */
3453 if (afi != AFI_IP && afi != AFI_IP6)
3454 continue;
3455
3456 for (ALL_LIST_ELEMENTS_RO(bm->bgp, next, to_bgp)) {
3457 if (from_bgp == to_bgp)
3458 continue;
3459
3460 /* Unimport and remove source vrf from the
3461 * other vrfs import list.
3462 */
3463 struct vpn_policy *to_vpolicy;
3464
3465 is_vrf_leak_bind = false;
3466 to_vpolicy = &(to_bgp->vpn_policy[afi]);
3467 for (ALL_LIST_ELEMENTS_RO(to_vpolicy->import_vrf, node,
3468 vname)) {
3469 if (strcmp(vname, tmp_name) == 0) {
3470 is_vrf_leak_bind = true;
3471 break;
3472 }
3473 }
3474 /* skip this bgp instance as there is no leak to this
3475 * vrf instance.
3476 */
3477 if (!is_vrf_leak_bind)
3478 continue;
3479
3480 if (debug)
3481 zlog_debug("%s: unimport routes from %s to_bgp %s afi %s import vrfs count %u",
3482 __func__, from_bgp->name_pretty,
3483 to_bgp->name_pretty, afi2str(afi),
3484 to_vpolicy->import_vrf->count);
3485
3486 vrf_unimport_from_vrf(to_bgp, from_bgp, afi, safi);
3487
3488 /* readd vrf name as unimport removes import vrf name
3489 * from the destination vrf's import list where the
3490 * `import vrf` configuration still exist.
3491 */
3492 vname = XSTRDUP(MTYPE_TMP, tmp_name);
3493 listnode_add(to_bgp->vpn_policy[afi].import_vrf,
3494 vname);
3495 SET_FLAG(to_bgp->af_flags[afi][safi],
3496 BGP_CONFIG_VRF_TO_VRF_IMPORT);
3497
3498 /* If to_bgp exports its routes to the bgp vrf
3499 * which is being deleted, un-import the
3500 * to_bgp routes from VPN.
3501 */
3502 for (ALL_LIST_ELEMENTS_RO(to_bgp->vpn_policy[afi]
3503 .export_vrf, node,
3504 vname)) {
3505 if (strcmp(vname, tmp_name) == 0) {
3506 vrf_unimport_from_vrf(from_bgp, to_bgp,
3507 afi, safi);
3508 break;
3509 }
3510 }
3511 }
3512 }
3513 return;
3514 }
3515
3516 /* When a router bgp is configured, there could be a bgp vrf
3517 * instance importing routes from this newly configured
3518 * bgp vrf instance. Export routes from configured
3519 * bgp vrf to VPN.
3520 * VRF Y has import from bgp vrf x,
3521 * when a bgp vrf x instance is created, export its routes
3522 * to VRF Y instance.
3523 */
3524 void bgp_vpn_leak_export(struct bgp *from_bgp)
3525 {
3526 afi_t afi;
3527 const char *export_name;
3528 char *vname;
3529 struct listnode *node, *next;
3530 struct ecommunity *ecom;
3531 enum vpn_policy_direction idir, edir;
3532 safi_t safi = SAFI_UNICAST;
3533 struct bgp *to_bgp;
3534 int debug;
3535
3536 debug = (BGP_DEBUG(vpn, VPN_LEAK_TO_VRF) |
3537 BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF));
3538
3539 idir = BGP_VPN_POLICY_DIR_FROMVPN;
3540 edir = BGP_VPN_POLICY_DIR_TOVPN;
3541
3542 export_name = from_bgp->name ? from_bgp->name : VRF_DEFAULT_NAME;
3543
3544 for (afi = 0; afi < AFI_MAX; ++afi) {
3545 /* vrf leak is for IPv4 and IPv6 Unicast only */
3546 if (afi != AFI_IP && afi != AFI_IP6)
3547 continue;
3548
3549 for (ALL_LIST_ELEMENTS_RO(bm->bgp, next, to_bgp)) {
3550 if (from_bgp == to_bgp)
3551 continue;
3552
3553 /* bgp instance has import list, check to see if newly
3554 * configured bgp instance is the list.
3555 */
3556 struct vpn_policy *to_vpolicy;
3557
3558 to_vpolicy = &(to_bgp->vpn_policy[afi]);
3559 for (ALL_LIST_ELEMENTS_RO(to_vpolicy->import_vrf,
3560 node, vname)) {
3561 if (strcmp(vname, export_name) != 0)
3562 continue;
3563
3564 if (debug)
3565 zlog_debug("%s: found from_bgp %s in to_bgp %s import list, import routes.",
3566 __func__,
3567 export_name, to_bgp->name_pretty);
3568
3569 ecom = from_bgp->vpn_policy[afi].rtlist[edir];
3570 /* remove import rt, it will be readded
3571 * as part of import from vrf.
3572 */
3573 if (ecom)
3574 ecommunity_del_val(
3575 to_vpolicy->rtlist[idir],
3576 (struct ecommunity_val *)
3577 ecom->val);
3578 vrf_import_from_vrf(to_bgp, from_bgp,
3579 afi, safi);
3580 break;
3581
3582 }
3583 }
3584 }
3585 }
FRRouting mirror