Chirag Shah [Mon, 7 May 2018 17:16:08 +0000 (10:16 -0700)]
ospf6d: Fix ABR brouter calculation corruption
During Intra brouter calculation, brouters will be
marked for remove. if one of the brouter is removed,
as part of its remove callback, ospf6_abr_examin_summary
is performed where marked for brouter would be removed.
Since refcount of next brouter node still higher, it will
retain one node with dangled next brouter pointer.
When intra brouter calculation iteration goes to next node,
where accessing free node causes a crash.
Ticket:CM-20807
Testing Done:
Configure multilple ABR routers between area 0 and area x, y.
Remove ospf6 configuration on area x, y abrs and check area 0
Intra brouter calculations.
Signed-off-by: Chirag Shah <chirag@cumulusnetworks.com>
Chirag Shah [Fri, 4 May 2018 02:39:07 +0000 (19:39 -0700)]
ospf6d: fix area border router duplicate
Avoid duplicate ABR brouter entry and
its nexthops.
The route lookup results in first element of the
route/redix node. In case of Intra and inter area
brouter, the first element always intra brouter.
the first element comparison results in always addition
of new element for inter area brouter in brouter table.
Now, iterate all elements of the route node and compare
for brouter origin, if it is same simply update its
nexthops to FIB.
brouter and brouter route nexthops should be merge to avoid
duplicate nexthops for the inter area routes.
Ticket:CM-20807
Signed-off-by: Chirag Shah <chirag@cumulusnetworks.com>
Quentin Young [Mon, 7 May 2018 17:25:10 +0000 (13:25 -0400)]
bgpd: fix maximum-prefix + peer-group
Attribute set on peer was being overridden when set on the peer-group.
This commit also adds a parallel flags array that indicates whether a
particular flag is sourced from the peer-group or is peer-specific. It
assumes the default state of all flags is unset. This looks to be true
except in the case of PEER_FLAG_SEND_COMMUNITY,
PEER_FLAG_SEND_EXT_COMMUNITY, and PEER_FLAG_SEND_LARGE_COMMUNITY; these
flags are set by default except when the user specifies to use
config-type = cisco. However the flag field can merely be flipped to
mean the negation of those options in a future commit.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
*: change struct evpn_addr to include a union of all evpn route types
EVPN prefix depends on the EVPN route type.
Currently, in FRR we have a prefix_evpn/evpn_addr which relates to a evpn prefix.
We need to convert this to encompass an union of various EVPN route-types.
This diff handles the necessary code changes to adopt the new struct evpn_addr.
Donald Sharp [Thu, 3 May 2018 00:12:31 +0000 (20:12 -0400)]
pbrd: Fix nearly impossible truncation
Since we are writing into the name field which is PBR_MAP_NAMELEN
size, we are expecting this to field to be at max 100 bytes.
Newer compilers understand that the %s portion may be up to
100 bytes( because of the size of the string. The %u portion
is expected to be 10 bytes. So in `theory` there are situations
where we might truncate. The reality this is never going to
happen( who is going to create a nexthop group name that is
over say 30 characters? ). As such we are expecting the
calling function to subtract 10 from the size_t l before
we pass it in to get around this new gcc fun.
Fixes: #2163 Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Wed, 2 May 2018 18:03:39 +0000 (14:03 -0400)]
bgpd: Handle multiple PREFIX_SID's at a time.
Handle multiple PREFIX_SID's at the same time. The draft clearly
states that multiple should be handled and we have a actual pcap
file that clearly has multiple PREFIX_SID's at the same time.
Fixes: #2153 Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Wed, 2 May 2018 20:50:37 +0000 (16:50 -0400)]
zebra: Add a few more breadcrumbs
re->status and re->flags both influence our decision states
for rib processing. Yet it's impossible to see them. Add
a tiny bit of code to allow us to look at them when things
are not behaving like we would expect.
Additionally dump the nexthop->flags at the same time for
the same reasons.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Mon, 30 Apr 2018 21:33:16 +0000 (17:33 -0400)]
pimd: Fix some msdp crashes when some fundamentals change
When the underlying networking subsystem is fundamentally
changed via some system controls. If we have msdp running
there exists a possibility that we need to stop some running
timers to prevent a crash.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Wed, 2 May 2018 03:35:53 +0000 (23:35 -0400)]
redhat, tools: Increase startup time out a bit
We have run across a few cases where the startup timeout is
ocurring on heavily loaded systems. This is especially true
in simulation environments where the hypervisor load is
extremely high.
Modify the code base to give ourselves more time to startup.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Wed, 2 May 2018 03:24:53 +0000 (23:24 -0400)]
zebra: Fix crash on *BSD
The zns->ns pointer is not created until we get a callback
from the kernel that a ns exists. This should potentially
fix a crash in the *BSD code path.
Fixes: #2152 Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Chirag Shah [Mon, 23 Apr 2018 22:21:33 +0000 (15:21 -0700)]
ospf6d: fix intra prefix ecmp
When there are multiple advertisers/paths to reach
Intra-Prefix route, if any path is removed,
re-added back, it does add to the same route node.
ospf6 intra prefix, first stored in oa->route_table
then as part of add cb, it would add to ospf6->route_table
which adds to FIB.
When copying a route with its paths & NHs from oa->table to
ospf6->table the path origin should not be modified otherwise
ospf6->table would not find existing node rather it appends
new node.
Use spf_table to fetch nexthops for a given advertisers/path,
to form effective nexthop list for a route.
Ticket:CM-16139
Testing Done:
R2 ---- R3
| |
R1 ---- R4
Inject Intra Ara Prefix LSA from R1 & R3, validate R2 and R4
having two origination point/paths to reach for a route.
Trigger link flap, frr restart or remove/readd R3's INP one of the
injection point.
Remove link between R4 to R1 and validate R3 carrying single
path to reach prefix.
Signed-off-by: Chirag Shah <chirag@cumulusnetworks.com>
Don Slice [Tue, 1 May 2018 21:13:51 +0000 (21:13 +0000)]
lib: allow hostname to begin with a letter or number
Customers have requested the ability to name their devices starting
with a number instead of a letter. This fix changes the check for
hostname to allow either a letter or a number.
Signed-off-by: Don Slice <dslice@cumulusnetworks.com>
Philippe Guibert [Tue, 24 Apr 2018 14:35:00 +0000 (16:35 +0200)]
bgpd: handle bgp pbr hash list destroy upon BGP destroy
Upon BGP destroy, the hash list related to PBR are removed.
The pbr_match entries, as well as the contained pbr_match_entries
entries.
Then the pbr_action entries. The order is important, since the former
are referencing pbr_action. So the references must be removed, prior to
remove pbr action.
Also, the zebra associated contexts are removed.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Philippe Guibert [Wed, 28 Mar 2018 12:51:57 +0000 (14:51 +0200)]
bgpd: handle FS redirect IP rule in PBR
If a new rule is identified, a new table identifier is created.
In that table, add a default route when possible. If redirect IP rule is
identified, then add a default route to that IP address.
If redirect VRF is identified, nothing is done for now
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Philippe Guibert [Mon, 12 Mar 2018 11:56:06 +0000 (12:56 +0100)]
bgpd: hash_lookup for iptables
This commit is reading the installed2 value from bgp_pbr_match hash set.
Once value matches with the one received, the walk stops and the last
bgp_pbr_match structure is stored in a static entry, so that the entry
is obtained.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Philippe Guibert [Mon, 12 Mar 2018 08:38:53 +0000 (09:38 +0100)]
bgpd: handle configuration of iptables with zebra
The API for filling in an IPTABLE_ADD and IPTABLE_DELETE message.
Also, the API is handling the notification callback, so as to know if
zebra managed to add or delete the relevant iptable entry.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
bgpd: add function handling flowspec entries to pass to zebra
Add a policy-route API to handle flowspec entry.
The entry is analysed, converted, and
selected if it is possible to inject the flowspec entry in local policy
routing entries.
redirect IP and redirect VRF actions are handled. The former extracts
the IPv4 address to redirect traffic to. The latter calculates the
matching VRF to redirect traffic to.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
bgpd: add convert function from flowspec to pbr match
This utility function analyses flowspec nlri and converts it into
readable structures. The structure is based on bgp_pbr_match structure
previously defined.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
This structure is the model exchange between some bgp services like
flowspec and the policy routing service. This structure reflects what
the nlri entry means. To handle that structure, a dump routine is made
available. Also, a validation function is here to cancel a policy route
installation, whenever it is not possible to install the requested
policy routing.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
bgpd: support for policy-routing context used with flowspec
BGP flowspec will be able to inject or remove policy-routing contexts,
thanks to some protocols like flowspec. This commit adds some the APIS
necessary to create/delete policy routing contexts that will be injected
then into zebra.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Donald Sharp [Sun, 29 Apr 2018 16:40:12 +0000 (12:40 -0400)]
lib: Convert internal sequence number to int64_t
With the usage of a 32 bit number as a integer, but storing
non-signed values in it, we have cases where numbers greater
than 2 billion are being read in and stored and used before
lower value numbers, which of course is awful and mean.
Fixes: #2126 Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
G. Paul Ziemba [Mon, 9 Apr 2018 20:28:11 +0000 (13:28 -0700)]
bgpd: when showing routes, add nexthop vrf and announce-self flag
As part of recent vpn-vrf leaking changes, it is now possible for a
route to refer to a nexthop in a different vrf. There is also a new
route flag that means "when announcing this route, indicate myself
as the next-hop."
route_vty_out(): nexthops are appended with:
"@VRFID" (where VRFID is the numerical vrf id) when different from
the route's vrf;
"<" when the route's BGP_INFO_ANNC_NH_SELF is set
This change also shows the route table's vrf id in the table header.
route_vty_out_detail(): show nexthop's vrf and announce-nh-self flag if
appropriate.
Both functions are also augmented to add json elements nhVrfId, nhVrfName,
and announceNexthopSelf as appropriate.
The intent of these changes is to make it easier to understand/debug
the relationship between a route and its nexthops.
Donald Sharp [Fri, 27 Apr 2018 19:18:41 +0000 (15:18 -0400)]
*: Move sharpd from developmental build to have to explicity enable it
sharpd has started to see some use from our field engineers as
well as people attempting to build/test their environments
as a way of easily injecting a large number of routes.
Modify configure.ac to move sharpd from a development build
option to having to explicity enable it via `--enable-sharpd=yes`
in order for it to be built.
This will allow those who want to build it, to build it without
having to use the development build option.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Fri, 27 Apr 2018 18:53:46 +0000 (14:53 -0400)]
zebra: Add PBR and SHARP handling
We are missing some handling of PBR and SHARP protocols
for netlink operations w/ the linux kernel.
Additionally add a bread crumb for new developers( or existing )
to know to fixup the rt_netlink.c when we start handling new
route types to hand to the kernel.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Quentin Young [Wed, 25 Apr 2018 21:16:55 +0000 (17:16 -0400)]
lib: fix heap corruption in stream_fifo_free
When popping a stream from a stream_fifo, the stream->next pointer is
not NULL'd out. If this same stream is subsequently pushed onto a
stream_fifo (either the same one or a different one), because
stream_fifo's use tail insertion the ->next pointer is not updated and
thus will point to whatever the next stream in the first stream_fifo
was. stream_fifo_free does not check the count of the stream_fifo when
freeing its constituent elements, and instead walks the linked list.
Consequently it will continue walking into the first stream_fifo from
which the last stream was popped, freeing each stream contained there.
This leads to use-after-free errors.
This patch makes sure to set the ->next pointer to NULL when doing tail
insertion in stream_fifo_push and when popping a stream from a
stream_fifo.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Donald Sharp [Wed, 25 Apr 2018 14:23:22 +0000 (10:23 -0400)]
bgpd: Prevent vrf 2 vrf route leaking from going offbox.
The vrf 2 vrf route leaking auto-derives RD and RT and
installs the routes into the appropriate vpn table.
These routes when a operator configured ipv[4|6] vpn
neighbors were showing up off box. The RD and RT
values choosen are localy significant but globaly
useless and may cause confusion.
Put a special bit of code in to notice that we
should not be advertising these routes off box.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
projects / mirror_frr.git / log