]> git.proxmox.com Git - mirror_frr.git/blob - bgpd/bgp_mplsvpn.c
projects / mirror_frr.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #13649 from donaldsharp/unlock_the_node_or_else
[mirror_frr.git] / bgpd / bgp_mplsvpn.c
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /* MPLS-VPN
3 * Copyright (C) 2000 Kunihiro Ishiguro <kunihiro@zebra.org>
4 */
5
6 #include <zebra.h>
7
8 #include "command.h"
9 #include "prefix.h"
10 #include "log.h"
11 #include "memory.h"
12 #include "stream.h"
13 #include "queue.h"
14 #include "filter.h"
15 #include "mpls.h"
16 #include "json.h"
17 #include "zclient.h"
18
19 #include "bgpd/bgpd.h"
20 #include "bgpd/bgp_debug.h"
21 #include "bgpd/bgp_errors.h"
22 #include "bgpd/bgp_table.h"
23 #include "bgpd/bgp_route.h"
24 #include "bgpd/bgp_attr.h"
25 #include "bgpd/bgp_label.h"
26 #include "bgpd/bgp_mplsvpn.h"
27 #include "bgpd/bgp_packet.h"
28 #include "bgpd/bgp_vty.h"
29 #include "bgpd/bgp_vpn.h"
30 #include "bgpd/bgp_community.h"
31 #include "bgpd/bgp_ecommunity.h"
32 #include "bgpd/bgp_zebra.h"
33 #include "bgpd/bgp_nexthop.h"
34 #include "bgpd/bgp_nht.h"
35 #include "bgpd/bgp_evpn.h"
36 #include "bgpd/bgp_memory.h"
37
38 #ifdef ENABLE_BGP_VNC
39 #include "bgpd/rfapi/rfapi_backend.h"
40 #endif
41
42 /*
43 * Definitions and external declarations.
44 */
45 extern struct zclient *zclient;
46
47 extern int argv_find_and_parse_vpnvx(struct cmd_token **argv, int argc,
48 int *index, afi_t *afi)
49 {
50 int ret = 0;
51 if (argv_find(argv, argc, "vpnv4", index)) {
52 ret = 1;
53 if (afi)
54 *afi = AFI_IP;
55 } else if (argv_find(argv, argc, "vpnv6", index)) {
56 ret = 1;
57 if (afi)
58 *afi = AFI_IP6;
59 }
60 return ret;
61 }
62
63 uint32_t decode_label(mpls_label_t *label_pnt)
64 {
65 uint32_t l;
66 uint8_t *pnt = (uint8_t *)label_pnt;
67
68 l = ((uint32_t)*pnt++ << 12);
69 l |= (uint32_t)*pnt++ << 4;
70 l |= (uint32_t)((*pnt & 0xf0) >> 4);
71 return l;
72 }
73
74 void encode_label(mpls_label_t label, mpls_label_t *label_pnt)
75 {
76 uint8_t *pnt = (uint8_t *)label_pnt;
77 if (pnt == NULL)
78 return;
79 if (label == BGP_PREVENT_VRF_2_VRF_LEAK) {
80 *label_pnt = label;
81 return;
82 }
83 *pnt++ = (label >> 12) & 0xff;
84 *pnt++ = (label >> 4) & 0xff;
85 *pnt++ = ((label << 4) + 1) & 0xff; /* S=1 */
86 }
87
88 int bgp_nlri_parse_vpn(struct peer *peer, struct attr *attr,
89 struct bgp_nlri *packet)
90 {
91 struct prefix p;
92 uint8_t psize = 0;
93 uint8_t prefixlen;
94 uint16_t type;
95 struct rd_as rd_as;
96 struct rd_ip rd_ip;
97 struct prefix_rd prd = {0};
98 mpls_label_t label = {0};
99 afi_t afi;
100 safi_t safi;
101 bool addpath_capable;
102 uint32_t addpath_id;
103 int ret = 0;
104
105 /* Make prefix_rd */
106 prd.family = AF_UNSPEC;
107 prd.prefixlen = 64;
108
109 struct stream *data = stream_new(packet->length);
110 stream_put(data, packet->nlri, packet->length);
111 afi = packet->afi;
112 safi = packet->safi;
113 addpath_id = 0;
114
115 addpath_capable = bgp_addpath_encode_rx(peer, afi, safi);
116
117 #define VPN_PREFIXLEN_MIN_BYTES (3 + 8) /* label + RD */
118 while (STREAM_READABLE(data) > 0) {
119 /* Clear prefix structure. */
120 memset(&p, 0, sizeof(p));
121
122 if (addpath_capable) {
123 STREAM_GET(&addpath_id, data, BGP_ADDPATH_ID_LEN);
124 addpath_id = ntohl(addpath_id);
125 }
126
127 if (STREAM_READABLE(data) < 1) {
128 flog_err(
129 EC_BGP_UPDATE_RCV,
130 "%s [Error] Update packet error / VPN (truncated NLRI of size %u; no prefix length)",
131 peer->host, packet->length);
132 ret = BGP_NLRI_PARSE_ERROR_PACKET_LENGTH;
133 goto done;
134 }
135
136 /* Fetch prefix length. */
137 STREAM_GETC(data, prefixlen);
138 p.family = afi2family(packet->afi);
139 psize = PSIZE(prefixlen);
140
141 if (prefixlen < VPN_PREFIXLEN_MIN_BYTES * 8) {
142 flog_err(
143 EC_BGP_UPDATE_RCV,
144 "%s [Error] Update packet error / VPN (prefix length %d less than VPN min length)",
145 peer->host, prefixlen);
146 ret = BGP_NLRI_PARSE_ERROR_PREFIX_LENGTH;
147 goto done;
148 }
149
150 /* sanity check against packet data */
151 if (STREAM_READABLE(data) < psize) {
152 flog_err(
153 EC_BGP_UPDATE_RCV,
154 "%s [Error] Update packet error / VPN (prefix length %d exceeds packet size %u)",
155 peer->host, prefixlen, packet->length);
156 ret = BGP_NLRI_PARSE_ERROR_PACKET_OVERFLOW;
157 goto done;
158 }
159
160 /* sanity check against storage for the IP address portion */
161 if ((psize - VPN_PREFIXLEN_MIN_BYTES) > (ssize_t)sizeof(p.u)) {
162 flog_err(
163 EC_BGP_UPDATE_RCV,
164 "%s [Error] Update packet error / VPN (psize %d exceeds storage size %zu)",
165 peer->host,
166 prefixlen - VPN_PREFIXLEN_MIN_BYTES * 8,
167 sizeof(p.u));
168 ret = BGP_NLRI_PARSE_ERROR_PACKET_LENGTH;
169 goto done;
170 }
171
172 /* Sanity check against max bitlen of the address family */
173 if ((psize - VPN_PREFIXLEN_MIN_BYTES) > prefix_blen(&p)) {
174 flog_err(
175 EC_BGP_UPDATE_RCV,
176 "%s [Error] Update packet error / VPN (psize %d exceeds family (%u) max byte len %u)",
177 peer->host,
178 prefixlen - VPN_PREFIXLEN_MIN_BYTES * 8,
179 p.family, prefix_blen(&p));
180 ret = BGP_NLRI_PARSE_ERROR_PACKET_LENGTH;
181 goto done;
182 }
183
184 /* Copy label to prefix. */
185 if (STREAM_READABLE(data) < BGP_LABEL_BYTES) {
186 flog_err(
187 EC_BGP_UPDATE_RCV,
188 "%s [Error] Update packet error / VPN (truncated NLRI of size %u; no label)",
189 peer->host, packet->length);
190 ret = BGP_NLRI_PARSE_ERROR_PACKET_LENGTH;
191 goto done;
192 }
193
194 STREAM_GET(&label, data, BGP_LABEL_BYTES);
195 bgp_set_valid_label(&label);
196
197 /* Copy routing distinguisher to rd. */
198 if (STREAM_READABLE(data) < 8) {
199 flog_err(
200 EC_BGP_UPDATE_RCV,
201 "%s [Error] Update packet error / VPN (truncated NLRI of size %u; no RD)",
202 peer->host, packet->length);
203 ret = BGP_NLRI_PARSE_ERROR_PACKET_LENGTH;
204 goto done;
205 }
206 STREAM_GET(&prd.val, data, 8);
207
208 /* Decode RD type. */
209 type = decode_rd_type(prd.val);
210
211 switch (type) {
212 case RD_TYPE_AS:
213 decode_rd_as(&prd.val[2], &rd_as);
214 break;
215
216 case RD_TYPE_AS4:
217 decode_rd_as4(&prd.val[2], &rd_as);
218 break;
219
220 case RD_TYPE_IP:
221 decode_rd_ip(&prd.val[2], &rd_ip);
222 break;
223
224 #ifdef ENABLE_BGP_VNC
225 case RD_TYPE_VNC_ETH:
226 break;
227 #endif
228
229 default:
230 flog_err(EC_BGP_UPDATE_RCV, "Unknown RD type %d", type);
231 break; /* just report */
232 }
233
234 /* exclude label & RD */
235 p.prefixlen = prefixlen - VPN_PREFIXLEN_MIN_BYTES * 8;
236 STREAM_GET(p.u.val, data, psize - VPN_PREFIXLEN_MIN_BYTES);
237
238 if (attr) {
239 bgp_update(peer, &p, addpath_id, attr, packet->afi,
240 SAFI_MPLS_VPN, ZEBRA_ROUTE_BGP,
241 BGP_ROUTE_NORMAL, &prd, &label, 1, 0, NULL);
242 } else {
243 bgp_withdraw(peer, &p, addpath_id, packet->afi,
244 SAFI_MPLS_VPN, ZEBRA_ROUTE_BGP,
245 BGP_ROUTE_NORMAL, &prd, &label, 1, NULL);
246 }
247 }
248 /* Packet length consistency check. */
249 if (STREAM_READABLE(data) != 0) {
250 flog_err(
251 EC_BGP_UPDATE_RCV,
252 "%s [Error] Update packet error / VPN (%zu data remaining after parsing)",
253 peer->host, STREAM_READABLE(data));
254 return BGP_NLRI_PARSE_ERROR_PACKET_LENGTH;
255 }
256
257 goto done;
258
259 stream_failure:
260 flog_err(
261 EC_BGP_UPDATE_RCV,
262 "%s [Error] Update packet error / VPN (NLRI of size %u - length error)",
263 peer->host, packet->length);
264 ret = BGP_NLRI_PARSE_ERROR_PACKET_LENGTH;
265
266 done:
267 stream_free(data);
268 return ret;
269
270 #undef VPN_PREFIXLEN_MIN_BYTES
271 }
272
273 /*
274 * This function informs zebra of the label this vrf sets on routes
275 * leaked to VPN. Zebra should install this label in the kernel with
276 * an action of "pop label and then use this vrf's IP FIB to route the PDU."
277 *
278 * Sending this vrf-label association is qualified by a) whether vrf->vpn
279 * exporting is active ("export vpn" is enabled, vpn-policy RD and RT list
280 * are set) and b) whether vpn-policy label is set.
281 *
282 * If any of these conditions do not hold, then we send MPLS_LABEL_NONE
283 * for this vrf, which zebra interprets to mean "delete this vrf-label
284 * association."
285 */
286 void vpn_leak_zebra_vrf_label_update(struct bgp *bgp, afi_t afi)
287 {
288 mpls_label_t label = MPLS_LABEL_NONE;
289 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
290
291 if (bgp->vrf_id == VRF_UNKNOWN) {
292 if (debug) {
293 zlog_debug(
294 "%s: vrf %s: afi %s: vrf_id not set, can't set zebra vrf label",
295 __func__, bgp->name_pretty, afi2str(afi));
296 }
297 return;
298 }
299
300 if (vpn_leak_to_vpn_active(bgp, afi, NULL)) {
301 label = bgp->vpn_policy[afi].tovpn_label;
302 }
303
304 if (debug) {
305 zlog_debug("%s: vrf %s: afi %s: setting label %d for vrf id %d",
306 __func__, bgp->name_pretty, afi2str(afi), label,
307 bgp->vrf_id);
308 }
309
310 if (label == BGP_PREVENT_VRF_2_VRF_LEAK)
311 label = MPLS_LABEL_NONE;
312 zclient_send_vrf_label(zclient, bgp->vrf_id, afi, label, ZEBRA_LSP_BGP);
313 bgp->vpn_policy[afi].tovpn_zebra_vrf_label_last_sent = label;
314 }
315
316 /*
317 * If zebra tells us vrf has become unconfigured, tell zebra not to
318 * use this label to forward to the vrf anymore
319 */
320 void vpn_leak_zebra_vrf_label_withdraw(struct bgp *bgp, afi_t afi)
321 {
322 mpls_label_t label = MPLS_LABEL_NONE;
323 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
324
325 if (bgp->vrf_id == VRF_UNKNOWN) {
326 if (debug) {
327 zlog_debug(
328 "%s: vrf_id not set, can't delete zebra vrf label",
329 __func__);
330 }
331 return;
332 }
333
334 if (debug) {
335 zlog_debug("%s: deleting label for vrf %s (id=%d)", __func__,
336 bgp->name_pretty, bgp->vrf_id);
337 }
338
339 zclient_send_vrf_label(zclient, bgp->vrf_id, afi, label, ZEBRA_LSP_BGP);
340 bgp->vpn_policy[afi].tovpn_zebra_vrf_label_last_sent = label;
341 }
342
343 /*
344 * This function informs zebra of the srv6-function this vrf sets on routes
345 * leaked to VPN. Zebra should install this srv6-function in the kernel with
346 * an action of "End.DT4/6's IP FIB to route the PDU."
347 */
348 void vpn_leak_zebra_vrf_sid_update_per_af(struct bgp *bgp, afi_t afi)
349 {
350 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
351 enum seg6local_action_t act;
352 struct seg6local_context ctx = {};
353 struct in6_addr *tovpn_sid = NULL;
354 struct in6_addr *tovpn_sid_ls = NULL;
355 struct vrf *vrf;
356
357 if (bgp->vrf_id == VRF_UNKNOWN) {
358 if (debug)
359 zlog_debug("%s: vrf %s: afi %s: vrf_id not set, can't set zebra vrf label",
360 __func__, bgp->name_pretty, afi2str(afi));
361 return;
362 }
363
364 tovpn_sid = bgp->vpn_policy[afi].tovpn_sid;
365 if (!tovpn_sid) {
366 if (debug)
367 zlog_debug("%s: vrf %s: afi %s: sid not set", __func__,
368 bgp->name_pretty, afi2str(afi));
369 return;
370 }
371
372 if (debug)
373 zlog_debug("%s: vrf %s: afi %s: setting sid %pI6 for vrf id %d",
374 __func__, bgp->name_pretty, afi2str(afi), tovpn_sid,
375 bgp->vrf_id);
376
377 vrf = vrf_lookup_by_id(bgp->vrf_id);
378 if (!vrf)
379 return;
380
381 ctx.table = vrf->data.l.table_id;
382 act = afi == AFI_IP ? ZEBRA_SEG6_LOCAL_ACTION_END_DT4
383 : ZEBRA_SEG6_LOCAL_ACTION_END_DT6;
384 zclient_send_localsid(zclient, tovpn_sid, bgp->vrf_id, act, &ctx);
385
386 tovpn_sid_ls = XCALLOC(MTYPE_BGP_SRV6_SID, sizeof(struct in6_addr));
387 *tovpn_sid_ls = *tovpn_sid;
388 bgp->vpn_policy[afi].tovpn_zebra_vrf_sid_last_sent = tovpn_sid_ls;
389 }
390
391 /*
392 * This function informs zebra of the srv6-function this vrf sets on routes
393 * leaked to VPN. Zebra should install this srv6-function in the kernel with
394 * an action of "End.DT46's IP FIB to route the PDU."
395 */
396 void vpn_leak_zebra_vrf_sid_update_per_vrf(struct bgp *bgp)
397 {
398 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
399 enum seg6local_action_t act;
400 struct seg6local_context ctx = {};
401 struct in6_addr *tovpn_sid = NULL;
402 struct in6_addr *tovpn_sid_ls = NULL;
403 struct vrf *vrf;
404
405 if (bgp->vrf_id == VRF_UNKNOWN) {
406 if (debug)
407 zlog_debug(
408 "%s: vrf %s: vrf_id not set, can't set zebra vrf label",
409 __func__, bgp->name_pretty);
410 return;
411 }
412
413 tovpn_sid = bgp->tovpn_sid;
414 if (!tovpn_sid) {
415 if (debug)
416 zlog_debug("%s: vrf %s: sid not set", __func__,
417 bgp->name_pretty);
418 return;
419 }
420
421 if (debug)
422 zlog_debug("%s: vrf %s: setting sid %pI6 for vrf id %d",
423 __func__, bgp->name_pretty, tovpn_sid, bgp->vrf_id);
424
425 vrf = vrf_lookup_by_id(bgp->vrf_id);
426 if (!vrf)
427 return;
428
429 ctx.table = vrf->data.l.table_id;
430 act = ZEBRA_SEG6_LOCAL_ACTION_END_DT46;
431 zclient_send_localsid(zclient, tovpn_sid, bgp->vrf_id, act, &ctx);
432
433 tovpn_sid_ls = XCALLOC(MTYPE_BGP_SRV6_SID, sizeof(struct in6_addr));
434 *tovpn_sid_ls = *tovpn_sid;
435 bgp->tovpn_zebra_vrf_sid_last_sent = tovpn_sid_ls;
436 }
437
438 /*
439 * This function informs zebra of the srv6-function this vrf sets on routes
440 * leaked to VPN. Zebra should install this srv6-function in the kernel with
441 * an action of "End.DT4/6/46's IP FIB to route the PDU."
442 */
443 void vpn_leak_zebra_vrf_sid_update(struct bgp *bgp, afi_t afi)
444 {
445 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
446
447 if (bgp->vpn_policy[afi].tovpn_sid)
448 return vpn_leak_zebra_vrf_sid_update_per_af(bgp, afi);
449
450 if (bgp->tovpn_sid)
451 return vpn_leak_zebra_vrf_sid_update_per_vrf(bgp);
452
453 if (debug)
454 zlog_debug("%s: vrf %s: afi %s: sid not set", __func__,
455 bgp->name_pretty, afi2str(afi));
456 }
457
458 /*
459 * If zebra tells us vrf has become unconfigured, tell zebra not to
460 * use this srv6-function to forward to the vrf anymore
461 */
462 void vpn_leak_zebra_vrf_sid_withdraw_per_af(struct bgp *bgp, afi_t afi)
463 {
464 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
465
466 if (bgp->vrf_id == VRF_UNKNOWN) {
467 if (debug)
468 zlog_debug("%s: vrf %s: afi %s: vrf_id not set, can't set zebra vrf label",
469 __func__, bgp->name_pretty, afi2str(afi));
470 return;
471 }
472
473 if (debug)
474 zlog_debug("%s: deleting sid for vrf %s afi (id=%d)", __func__,
475 bgp->name_pretty, bgp->vrf_id);
476
477 zclient_send_localsid(zclient,
478 bgp->vpn_policy[afi].tovpn_zebra_vrf_sid_last_sent,
479 bgp->vrf_id, ZEBRA_SEG6_LOCAL_ACTION_UNSPEC, NULL);
480 XFREE(MTYPE_BGP_SRV6_SID,
481 bgp->vpn_policy[afi].tovpn_zebra_vrf_sid_last_sent);
482 }
483
484 /*
485 * If zebra tells us vrf has become unconfigured, tell zebra not to
486 * use this srv6-function to forward to the vrf anymore
487 */
488 void vpn_leak_zebra_vrf_sid_withdraw_per_vrf(struct bgp *bgp)
489 {
490 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
491
492 if (bgp->vrf_id == VRF_UNKNOWN) {
493 if (debug)
494 zlog_debug(
495 "%s: vrf %s: vrf_id not set, can't set zebra vrf label",
496 __func__, bgp->name_pretty);
497 return;
498 }
499
500 if (debug)
501 zlog_debug("%s: deleting sid for vrf %s (id=%d)", __func__,
502 bgp->name_pretty, bgp->vrf_id);
503
504 zclient_send_localsid(zclient, bgp->tovpn_zebra_vrf_sid_last_sent,
505 bgp->vrf_id, ZEBRA_SEG6_LOCAL_ACTION_UNSPEC,
506 NULL);
507 XFREE(MTYPE_BGP_SRV6_SID, bgp->tovpn_zebra_vrf_sid_last_sent);
508 }
509
510 /*
511 * If zebra tells us vrf has become unconfigured, tell zebra not to
512 * use this srv6-function to forward to the vrf anymore
513 */
514 void vpn_leak_zebra_vrf_sid_withdraw(struct bgp *bgp, afi_t afi)
515 {
516 if (bgp->vpn_policy[afi].tovpn_zebra_vrf_sid_last_sent)
517 vpn_leak_zebra_vrf_sid_withdraw_per_af(bgp, afi);
518
519 if (bgp->tovpn_zebra_vrf_sid_last_sent)
520 vpn_leak_zebra_vrf_sid_withdraw_per_vrf(bgp);
521 }
522
523 int vpn_leak_label_callback(
524 mpls_label_t label,
525 void *labelid,
526 bool allocated)
527 {
528 struct vpn_policy *vp = (struct vpn_policy *)labelid;
529 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
530
531 if (debug)
532 zlog_debug("%s: label=%u, allocated=%d",
533 __func__, label, allocated);
534
535 if (!allocated) {
536 /*
537 * previously-allocated label is now invalid
538 */
539 if (CHECK_FLAG(vp->flags, BGP_VPN_POLICY_TOVPN_LABEL_AUTO) &&
540 (vp->tovpn_label != MPLS_LABEL_NONE)) {
541
542 vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN,
543 vp->afi, bgp_get_default(), vp->bgp);
544 vp->tovpn_label = MPLS_LABEL_NONE;
545 vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN,
546 vp->afi, bgp_get_default(), vp->bgp);
547 }
548 return 0;
549 }
550
551 /*
552 * New label allocation
553 */
554 if (!CHECK_FLAG(vp->flags, BGP_VPN_POLICY_TOVPN_LABEL_AUTO)) {
555
556 /*
557 * not currently configured for auto label, reject allocation
558 */
559 return -1;
560 }
561
562 if (vp->tovpn_label != MPLS_LABEL_NONE) {
563 if (label == vp->tovpn_label) {
564 /* already have same label, accept but do nothing */
565 return 0;
566 }
567 /* Shouldn't happen: different label allocation */
568 flog_err(EC_BGP_LABEL,
569 "%s: %s had label %u but got new assignment %u",
570 __func__, vp->bgp->name_pretty, vp->tovpn_label,
571 label);
572 /* use new one */
573 }
574
575 vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN,
576 vp->afi, bgp_get_default(), vp->bgp);
577 vp->tovpn_label = label;
578 vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN,
579 vp->afi, bgp_get_default(), vp->bgp);
580
581 return 0;
582 }
583
584 static void sid_register(struct bgp *bgp, const struct in6_addr *sid,
585 const char *locator_name)
586 {
587 struct bgp_srv6_function *func;
588 func = XCALLOC(MTYPE_BGP_SRV6_FUNCTION,
589 sizeof(struct bgp_srv6_function));
590 func->sid = *sid;
591 snprintf(func->locator_name, sizeof(func->locator_name),
592 "%s", locator_name);
593 listnode_add(bgp->srv6_functions, func);
594 }
595
596 static void sid_unregister(struct bgp *bgp, const struct in6_addr *sid)
597 {
598 struct listnode *node, *nnode;
599 struct bgp_srv6_function *func;
600
601 for (ALL_LIST_ELEMENTS(bgp->srv6_functions, node, nnode, func))
602 if (sid_same(&func->sid, sid)) {
603 listnode_delete(bgp->srv6_functions, func);
604 XFREE(MTYPE_BGP_SRV6_FUNCTION, func);
605 }
606 }
607
608 static bool sid_exist(struct bgp *bgp, const struct in6_addr *sid)
609 {
610 struct listnode *node;
611 struct bgp_srv6_function *func;
612
613 for (ALL_LIST_ELEMENTS_RO(bgp->srv6_functions, node, func))
614 if (sid_same(&func->sid, sid))
615 return true;
616 return false;
617 }
618
619 /*
620 * This function generates a new SID based on bgp->srv6_locator_chunks and
621 * index. The locator and generated SID are stored in arguments sid_locator
622 * and sid, respectively.
623 *
624 * if index != 0: try to allocate as index-mode
625 * else: try to allocate as auto-mode
626 */
627 static uint32_t alloc_new_sid(struct bgp *bgp, uint32_t index,
628 struct srv6_locator_chunk *sid_locator_chunk,
629 struct in6_addr *sid)
630 {
631 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
632 struct listnode *node;
633 struct srv6_locator_chunk *chunk;
634 bool alloced = false;
635 int label = 0;
636 uint8_t offset = 0;
637 uint8_t func_len = 0, shift_len = 0;
638 uint32_t index_max = 0;
639
640 if (!bgp || !sid_locator_chunk || !sid)
641 return false;
642
643 for (ALL_LIST_ELEMENTS_RO(bgp->srv6_locator_chunks, node, chunk)) {
644 if (chunk->function_bits_length >
645 BGP_PREFIX_SID_SRV6_MAX_FUNCTION_LENGTH) {
646 if (debug)
647 zlog_debug(
648 "%s: invalid SRv6 Locator chunk (%pFX): Function Length must be less or equal to %d",
649 __func__, &chunk->prefix,
650 BGP_PREFIX_SID_SRV6_MAX_FUNCTION_LENGTH);
651 continue;
652 }
653
654 index_max = (1 << chunk->function_bits_length) - 1;
655
656 if (index > index_max) {
657 if (debug)
658 zlog_debug(
659 "%s: skipped SRv6 Locator chunk (%pFX): Function Length is too short to support specified index (%u)",
660 __func__, &chunk->prefix, index);
661 continue;
662 }
663
664 *sid = chunk->prefix.prefix;
665 *sid_locator_chunk = *chunk;
666 offset = chunk->block_bits_length + chunk->node_bits_length;
667 func_len = chunk->function_bits_length;
668 shift_len = BGP_PREFIX_SID_SRV6_MAX_FUNCTION_LENGTH - func_len;
669
670 if (index != 0) {
671 label = index << shift_len;
672 if (label < MPLS_LABEL_UNRESERVED_MIN) {
673 if (debug)
674 zlog_debug(
675 "%s: skipped to allocate SRv6 SID (%pFX): Label (%u) is too small to use",
676 __func__, &chunk->prefix,
677 label);
678 continue;
679 }
680
681 transpose_sid(sid, label, offset, func_len);
682 if (sid_exist(bgp, sid))
683 continue;
684 alloced = true;
685 break;
686 }
687
688 for (uint32_t i = 1; i < index_max; i++) {
689 label = i << shift_len;
690 if (label < MPLS_LABEL_UNRESERVED_MIN) {
691 if (debug)
692 zlog_debug(
693 "%s: skipped to allocate SRv6 SID (%pFX): Label (%u) is too small to use",
694 __func__, &chunk->prefix,
695 label);
696 continue;
697 }
698 transpose_sid(sid, label, offset, func_len);
699 if (sid_exist(bgp, sid))
700 continue;
701 alloced = true;
702 break;
703 }
704 }
705
706 if (!alloced)
707 return 0;
708
709 sid_register(bgp, sid, bgp->srv6_locator_name);
710 return label;
711 }
712
713 void ensure_vrf_tovpn_sid_per_af(struct bgp *bgp_vpn, struct bgp *bgp_vrf,
714 afi_t afi)
715 {
716 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
717 struct srv6_locator_chunk *tovpn_sid_locator;
718 struct in6_addr *tovpn_sid;
719 uint32_t tovpn_sid_index = 0, tovpn_sid_transpose_label;
720 bool tovpn_sid_auto = false;
721
722 if (debug)
723 zlog_debug("%s: try to allocate new SID for vrf %s: afi %s",
724 __func__, bgp_vrf->name_pretty, afi2str(afi));
725
726 /* skip when tovpn sid is already allocated on vrf instance */
727 if (bgp_vrf->vpn_policy[afi].tovpn_sid)
728 return;
729
730 /*
731 * skip when bgp vpn instance ins't allocated
732 * or srv6 locator chunk isn't allocated
733 */
734 if (!bgp_vpn || !bgp_vpn->srv6_locator_chunks)
735 return;
736
737 tovpn_sid_index = bgp_vrf->vpn_policy[afi].tovpn_sid_index;
738 tovpn_sid_auto = CHECK_FLAG(bgp_vrf->vpn_policy[afi].flags,
739 BGP_VPN_POLICY_TOVPN_SID_AUTO);
740
741 /* skip when VPN isn't configured on vrf-instance */
742 if (tovpn_sid_index == 0 && !tovpn_sid_auto)
743 return;
744
745 /* check invalid case both configured index and auto */
746 if (tovpn_sid_index != 0 && tovpn_sid_auto) {
747 zlog_err("%s: index-mode and auto-mode both selected. ignored.",
748 __func__);
749 return;
750 }
751
752 tovpn_sid_locator = srv6_locator_chunk_alloc();
753 tovpn_sid = XCALLOC(MTYPE_BGP_SRV6_SID, sizeof(struct in6_addr));
754
755 tovpn_sid_transpose_label = alloc_new_sid(bgp_vpn, tovpn_sid_index,
756 tovpn_sid_locator, tovpn_sid);
757
758 if (tovpn_sid_transpose_label == 0) {
759 if (debug)
760 zlog_debug(
761 "%s: not allocated new sid for vrf %s: afi %s",
762 __func__, bgp_vrf->name_pretty, afi2str(afi));
763 srv6_locator_chunk_free(&tovpn_sid_locator);
764 XFREE(MTYPE_BGP_SRV6_SID, tovpn_sid);
765 return;
766 }
767
768 if (debug)
769 zlog_debug("%s: new sid %pI6 allocated for vrf %s: afi %s",
770 __func__, tovpn_sid, bgp_vrf->name_pretty,
771 afi2str(afi));
772
773 bgp_vrf->vpn_policy[afi].tovpn_sid = tovpn_sid;
774 bgp_vrf->vpn_policy[afi].tovpn_sid_locator = tovpn_sid_locator;
775 bgp_vrf->vpn_policy[afi].tovpn_sid_transpose_label =
776 tovpn_sid_transpose_label;
777 }
778
779 void ensure_vrf_tovpn_sid_per_vrf(struct bgp *bgp_vpn, struct bgp *bgp_vrf)
780 {
781 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
782 struct srv6_locator_chunk *tovpn_sid_locator;
783 struct in6_addr *tovpn_sid;
784 uint32_t tovpn_sid_index = 0, tovpn_sid_transpose_label;
785 bool tovpn_sid_auto = false;
786
787 if (debug)
788 zlog_debug("%s: try to allocate new SID for vrf %s", __func__,
789 bgp_vrf->name_pretty);
790
791 /* skip when tovpn sid is already allocated on vrf instance */
792 if (bgp_vrf->tovpn_sid)
793 return;
794
795 /*
796 * skip when bgp vpn instance ins't allocated
797 * or srv6 locator chunk isn't allocated
798 */
799 if (!bgp_vpn || !bgp_vpn->srv6_locator_chunks)
800 return;
801
802 tovpn_sid_index = bgp_vrf->tovpn_sid_index;
803 tovpn_sid_auto = CHECK_FLAG(bgp_vrf->vrf_flags, BGP_VRF_TOVPN_SID_AUTO);
804
805 /* skip when VPN isn't configured on vrf-instance */
806 if (tovpn_sid_index == 0 && !tovpn_sid_auto)
807 return;
808
809 /* check invalid case both configured index and auto */
810 if (tovpn_sid_index != 0 && tovpn_sid_auto) {
811 zlog_err("%s: index-mode and auto-mode both selected. ignored.",
812 __func__);
813 return;
814 }
815
816 tovpn_sid_locator = srv6_locator_chunk_alloc();
817 tovpn_sid = XCALLOC(MTYPE_BGP_SRV6_SID, sizeof(struct in6_addr));
818
819 tovpn_sid_transpose_label = alloc_new_sid(bgp_vpn, tovpn_sid_index,
820 tovpn_sid_locator, tovpn_sid);
821
822 if (tovpn_sid_transpose_label == 0) {
823 if (debug)
824 zlog_debug("%s: not allocated new sid for vrf %s",
825 __func__, bgp_vrf->name_pretty);
826 srv6_locator_chunk_free(&tovpn_sid_locator);
827 XFREE(MTYPE_BGP_SRV6_SID, tovpn_sid);
828 return;
829 }
830
831 if (debug)
832 zlog_debug("%s: new sid %pI6 allocated for vrf %s", __func__,
833 tovpn_sid, bgp_vrf->name_pretty);
834
835 bgp_vrf->tovpn_sid = tovpn_sid;
836 bgp_vrf->tovpn_sid_locator = tovpn_sid_locator;
837 bgp_vrf->tovpn_sid_transpose_label = tovpn_sid_transpose_label;
838 }
839
840 void ensure_vrf_tovpn_sid(struct bgp *bgp_vpn, struct bgp *bgp_vrf, afi_t afi)
841 {
842 /* per-af sid */
843 if (bgp_vrf->vpn_policy[afi].tovpn_sid_index != 0 ||
844 CHECK_FLAG(bgp_vrf->vpn_policy[afi].flags,
845 BGP_VPN_POLICY_TOVPN_SID_AUTO))
846 return ensure_vrf_tovpn_sid_per_af(bgp_vpn, bgp_vrf, afi);
847
848 /* per-vrf sid */
849 if (bgp_vrf->tovpn_sid_index != 0 ||
850 CHECK_FLAG(bgp_vrf->vrf_flags, BGP_VRF_TOVPN_SID_AUTO))
851 return ensure_vrf_tovpn_sid_per_vrf(bgp_vpn, bgp_vrf);
852 }
853
854 void delete_vrf_tovpn_sid_per_af(struct bgp *bgp_vpn, struct bgp *bgp_vrf,
855 afi_t afi)
856 {
857 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
858 uint32_t tovpn_sid_index = 0;
859 bool tovpn_sid_auto = false;
860
861 if (debug)
862 zlog_debug("%s: try to remove SID for vrf %s: afi %s", __func__,
863 bgp_vrf->name_pretty, afi2str(afi));
864
865 tovpn_sid_index = bgp_vrf->vpn_policy[afi].tovpn_sid_index;
866 tovpn_sid_auto = CHECK_FLAG(bgp_vrf->vpn_policy[afi].flags,
867 BGP_VPN_POLICY_TOVPN_SID_AUTO);
868
869 /* skip when VPN is configured on vrf-instance */
870 if (tovpn_sid_index != 0 || tovpn_sid_auto)
871 return;
872
873 srv6_locator_chunk_free(&bgp_vrf->vpn_policy[afi].tovpn_sid_locator);
874
875 if (bgp_vrf->vpn_policy[afi].tovpn_sid) {
876 sid_unregister(bgp_vpn, bgp_vrf->vpn_policy[afi].tovpn_sid);
877 XFREE(MTYPE_BGP_SRV6_SID, bgp_vrf->vpn_policy[afi].tovpn_sid);
878 }
879 bgp_vrf->vpn_policy[afi].tovpn_sid_transpose_label = 0;
880 }
881
882 void delete_vrf_tovpn_sid_per_vrf(struct bgp *bgp_vpn, struct bgp *bgp_vrf)
883 {
884 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
885 uint32_t tovpn_sid_index = 0;
886 bool tovpn_sid_auto = false;
887
888 if (debug)
889 zlog_debug("%s: try to remove SID for vrf %s", __func__,
890 bgp_vrf->name_pretty);
891
892 tovpn_sid_index = bgp_vrf->tovpn_sid_index;
893 tovpn_sid_auto =
894 CHECK_FLAG(bgp_vrf->vrf_flags, BGP_VPN_POLICY_TOVPN_SID_AUTO);
895
896 /* skip when VPN is configured on vrf-instance */
897 if (tovpn_sid_index != 0 || tovpn_sid_auto)
898 return;
899
900 srv6_locator_chunk_free(&bgp_vrf->tovpn_sid_locator);
901
902 if (bgp_vrf->tovpn_sid) {
903 sid_unregister(bgp_vpn, bgp_vrf->tovpn_sid);
904 XFREE(MTYPE_BGP_SRV6_SID, bgp_vrf->tovpn_sid);
905 }
906 bgp_vrf->tovpn_sid_transpose_label = 0;
907 }
908
909 void delete_vrf_tovpn_sid(struct bgp *bgp_vpn, struct bgp *bgp_vrf, afi_t afi)
910 {
911 delete_vrf_tovpn_sid_per_af(bgp_vpn, bgp_vrf, afi);
912 delete_vrf_tovpn_sid_per_vrf(bgp_vpn, bgp_vrf);
913 }
914
915 /*
916 * This function embeds upper `len` bits of `label` in `sid`,
917 * starting at offset `offset` as seen from the MSB of `sid`.
918 *
919 * e.g. Given that `label` is 0x12345 and `len` is 16,
920 * then `label` will be embedded in `sid` as follows:
921 *
922 * <---- len ----->
923 * label: 0001 0002 0003 0004 0005
924 * sid: .... 0001 0002 0003 0004
925 * <---- len ----->
926 * ^
927 * |
928 * offset from MSB
929 *
930 * e.g. Given that `label` is 0x12345 and `len` is 8,
931 * `label` will be embedded in `sid` as follows:
932 *
933 * <- len ->
934 * label: 0001 0002 0003 0004 0005
935 * sid: .... 0001 0002 0000 0000
936 * <- len ->
937 * ^
938 * |
939 * offset from MSB
940 */
941 void transpose_sid(struct in6_addr *sid, uint32_t label, uint8_t offset,
942 uint8_t len)
943 {
944 for (uint8_t idx = 0; idx < len; idx++) {
945 uint8_t tidx = offset + idx;
946 sid->s6_addr[tidx / 8] &= ~(0x1 << (7 - tidx % 8));
947 if (label >> (19 - idx) & 0x1)
948 sid->s6_addr[tidx / 8] |= 0x1 << (7 - tidx % 8);
949 }
950 }
951
952 static bool labels_same(struct bgp_path_info *bpi, mpls_label_t *label,
953 uint32_t n)
954 {
955 uint32_t i;
956
957 if (!bpi->extra) {
958 if (!n)
959 return true;
960 else
961 return false;
962 }
963
964 if (n != bpi->extra->num_labels)
965 return false;
966
967 for (i = 0; i < n; ++i) {
968 if (label[i] != bpi->extra->label[i])
969 return false;
970 }
971 return true;
972 }
973
974 /*
975 * make encoded route labels match specified encoded label set
976 */
977 static void setlabels(struct bgp_path_info *bpi,
978 mpls_label_t *label, /* array of labels */
979 uint32_t num_labels)
980 {
981 if (num_labels)
982 assert(label);
983 assert(num_labels <= BGP_MAX_LABELS);
984
985 if (!num_labels) {
986 if (bpi->extra)
987 bpi->extra->num_labels = 0;
988 return;
989 }
990
991 struct bgp_path_info_extra *extra = bgp_path_info_extra_get(bpi);
992 uint32_t i;
993
994 for (i = 0; i < num_labels; ++i) {
995 extra->label[i] = label[i];
996 if (!bgp_is_valid_label(&label[i])) {
997 bgp_set_valid_label(&extra->label[i]);
998 }
999 }
1000 extra->num_labels = num_labels;
1001 }
1002
1003 /*
1004 * make encoded route SIDs match specified encoded sid set
1005 */
1006 static void setsids(struct bgp_path_info *bpi,
1007 struct in6_addr *sid,
1008 uint32_t num_sids)
1009 {
1010 uint32_t i;
1011 struct bgp_path_info_extra *extra;
1012
1013 if (num_sids)
1014 assert(sid);
1015 assert(num_sids <= BGP_MAX_SIDS);
1016
1017 if (!num_sids) {
1018 if (bpi->extra)
1019 bpi->extra->num_sids = 0;
1020 return;
1021 }
1022
1023 extra = bgp_path_info_extra_get(bpi);
1024 for (i = 0; i < num_sids; i++)
1025 memcpy(&extra->sid[i].sid, &sid[i], sizeof(struct in6_addr));
1026 extra->num_sids = num_sids;
1027 }
1028
1029 static void unsetsids(struct bgp_path_info *bpi)
1030 {
1031 struct bgp_path_info_extra *extra;
1032
1033 extra = bgp_path_info_extra_get(bpi);
1034 extra->num_sids = 0;
1035 memset(extra->sid, 0, sizeof(extra->sid));
1036 }
1037
1038 static bool leak_update_nexthop_valid(struct bgp *to_bgp, struct bgp_dest *bn,
1039 struct attr *new_attr, afi_t afi,
1040 safi_t safi,
1041 struct bgp_path_info *source_bpi,
1042 struct bgp_path_info *bpi,
1043 struct bgp *bgp_orig,
1044 const struct prefix *p, int debug)
1045 {
1046 struct bgp_path_info *bpi_ultimate;
1047 struct bgp *bgp_nexthop;
1048 bool nh_valid;
1049
1050 bpi_ultimate = bgp_get_imported_bpi_ultimate(source_bpi);
1051
1052 if (bpi->extra && bpi->extra->bgp_orig)
1053 bgp_nexthop = bpi->extra->bgp_orig;
1054 else
1055 bgp_nexthop = bgp_orig;
1056
1057 /*
1058 * No nexthop tracking for redistributed routes, for
1059 * EVPN-imported routes that get leaked, or for routes
1060 * leaked between VRFs with accept-own community.
1061 */
1062 if (bpi_ultimate->sub_type == BGP_ROUTE_REDISTRIBUTE ||
1063 is_pi_family_evpn(bpi_ultimate) ||
1064 CHECK_FLAG(bpi_ultimate->flags, BGP_PATH_ACCEPT_OWN))
1065 nh_valid = true;
1066 else
1067 /*
1068 * TBD do we need to do anything about the
1069 * 'connected' parameter?
1070 */
1071 nh_valid = bgp_find_or_add_nexthop(to_bgp, bgp_nexthop, afi,
1072 safi, bpi, NULL, 0, p);
1073
1074 /*
1075 * If you are using SRv6 VPN instead of MPLS, it need to check
1076 * the SID allocation. If the sid is not allocated, the rib
1077 * will be invalid.
1078 */
1079 if (to_bgp->srv6_enabled &&
1080 (!new_attr->srv6_l3vpn && !new_attr->srv6_vpn)) {
1081 nh_valid = false;
1082 }
1083
1084 if (debug)
1085 zlog_debug("%s: %pFX nexthop is %svalid (in %s)", __func__, p,
1086 (nh_valid ? "" : "not "), bgp_nexthop->name_pretty);
1087
1088 return nh_valid;
1089 }
1090
1091 /*
1092 * returns pointer to new bgp_path_info upon success
1093 */
1094 static struct bgp_path_info *
1095 leak_update(struct bgp *to_bgp, struct bgp_dest *bn,
1096 struct attr *new_attr, /* already interned */
1097 afi_t afi, safi_t safi, struct bgp_path_info *source_bpi,
1098 mpls_label_t *label, uint32_t num_labels, struct bgp *bgp_orig,
1099 struct prefix *nexthop_orig, int nexthop_self_flag, int debug)
1100 {
1101 const struct prefix *p = bgp_dest_get_prefix(bn);
1102 struct bgp_path_info *bpi;
1103 struct bgp_path_info *new;
1104 struct bgp_path_info_extra *extra;
1105 uint32_t num_sids = 0;
1106 struct bgp_path_info *parent = source_bpi;
1107
1108 if (new_attr->srv6_l3vpn || new_attr->srv6_vpn)
1109 num_sids = 1;
1110
1111 if (debug)
1112 zlog_debug(
1113 "%s: entry: leak-to=%s, p=%pBD, type=%d, sub_type=%d",
1114 __func__, to_bgp->name_pretty, bn, source_bpi->type,
1115 source_bpi->sub_type);
1116
1117 /*
1118 * Routes that are redistributed into BGP from zebra do not get
1119 * nexthop tracking, unless MPLS allocation per nexthop is
1120 * performed. In the default case nexthop tracking does not apply,
1121 * if those routes are subsequently imported to other RIBs within
1122 * BGP, the leaked routes do not carry the original
1123 * BGP_ROUTE_REDISTRIBUTE sub_type. Therefore, in order to determine
1124 * if the route we are currently leaking should have nexthop
1125 * tracking, we must find the ultimate parent so we can check its
1126 * sub_type.
1127 *
1128 * As of now, source_bpi may at most be a second-generation route
1129 * (only one hop back to ultimate parent for vrf-vpn-vrf scheme).
1130 * Using a loop here supports more complex intra-bgp import-export
1131 * schemes that could be implemented in the future.
1132 *
1133 */
1134
1135 /*
1136 * match parent
1137 */
1138 for (bpi = bgp_dest_get_bgp_path_info(bn); bpi; bpi = bpi->next) {
1139 if (bpi->extra && bpi->extra->parent == parent)
1140 break;
1141 }
1142
1143 if (bpi) {
1144 bool labelssame = labels_same(bpi, label, num_labels);
1145
1146 if (CHECK_FLAG(source_bpi->flags, BGP_PATH_REMOVED)
1147 && CHECK_FLAG(bpi->flags, BGP_PATH_REMOVED)) {
1148 if (debug) {
1149 zlog_debug(
1150 "%s: ->%s(s_flags: 0x%x b_flags: 0x%x): %pFX: Found route, being removed, not leaking",
1151 __func__, to_bgp->name_pretty,
1152 source_bpi->flags, bpi->flags, p);
1153 }
1154 return NULL;
1155 }
1156
1157 if (attrhash_cmp(bpi->attr, new_attr) && labelssame
1158 && !CHECK_FLAG(bpi->flags, BGP_PATH_REMOVED)) {
1159
1160 bgp_attr_unintern(&new_attr);
1161 if (debug)
1162 zlog_debug(
1163 "%s: ->%s: %pBD: Found route, no change",
1164 __func__, to_bgp->name_pretty, bn);
1165 return NULL;
1166 }
1167
1168 /* If the RT was changed via extended communities as an
1169 * import/export list, we should withdraw implicitly the old
1170 * path from VRFs.
1171 * For instance, RT list was modified using route-maps:
1172 * route-map test permit 10
1173 * set extcommunity rt none
1174 */
1175 if (CHECK_FLAG(bpi->attr->flag,
1176 ATTR_FLAG_BIT(BGP_ATTR_EXT_COMMUNITIES)) &&
1177 CHECK_FLAG(new_attr->flag,
1178 ATTR_FLAG_BIT(BGP_ATTR_EXT_COMMUNITIES))) {
1179 if (!ecommunity_cmp(
1180 bgp_attr_get_ecommunity(bpi->attr),
1181 bgp_attr_get_ecommunity(new_attr))) {
1182 vpn_leak_to_vrf_withdraw(bpi);
1183 bgp_aggregate_decrement(to_bgp, p, bpi, afi,
1184 safi);
1185 bgp_path_info_delete(bn, bpi);
1186 }
1187 }
1188
1189 /* attr is changed */
1190 bgp_path_info_set_flag(bn, bpi, BGP_PATH_ATTR_CHANGED);
1191
1192 /* Rewrite BGP route information. */
1193 if (CHECK_FLAG(bpi->flags, BGP_PATH_REMOVED))
1194 bgp_path_info_restore(bn, bpi);
1195 else
1196 bgp_aggregate_decrement(to_bgp, p, bpi, afi, safi);
1197 bgp_attr_unintern(&bpi->attr);
1198 bpi->attr = new_attr;
1199 bpi->uptime = monotime(NULL);
1200
1201 /*
1202 * rewrite labels
1203 */
1204 if (!labelssame)
1205 setlabels(bpi, label, num_labels);
1206
1207 /*
1208 * rewrite sid
1209 */
1210 if (num_sids) {
1211 if (new_attr->srv6_l3vpn) {
1212 setsids(bpi, &new_attr->srv6_l3vpn->sid,
1213 num_sids);
1214
1215 extra = bgp_path_info_extra_get(bpi);
1216
1217 extra->sid[0].loc_block_len =
1218 new_attr->srv6_l3vpn->loc_block_len;
1219 extra->sid[0].loc_node_len =
1220 new_attr->srv6_l3vpn->loc_node_len;
1221 extra->sid[0].func_len =
1222 new_attr->srv6_l3vpn->func_len;
1223 extra->sid[0].arg_len =
1224 new_attr->srv6_l3vpn->arg_len;
1225 extra->sid[0].transposition_len =
1226 new_attr->srv6_l3vpn->transposition_len;
1227 extra->sid[0].transposition_offset =
1228 new_attr->srv6_l3vpn
1229 ->transposition_offset;
1230 } else if (new_attr->srv6_vpn)
1231 setsids(bpi, &new_attr->srv6_vpn->sid,
1232 num_sids);
1233 } else
1234 unsetsids(bpi);
1235
1236 if (nexthop_self_flag)
1237 bgp_path_info_set_flag(bn, bpi, BGP_PATH_ANNC_NH_SELF);
1238
1239 if (CHECK_FLAG(source_bpi->flags, BGP_PATH_ACCEPT_OWN))
1240 bgp_path_info_set_flag(bn, bpi, BGP_PATH_ACCEPT_OWN);
1241
1242 if (leak_update_nexthop_valid(to_bgp, bn, new_attr, afi, safi,
1243 source_bpi, bpi, bgp_orig, p,
1244 debug))
1245 bgp_path_info_set_flag(bn, bpi, BGP_PATH_VALID);
1246 else
1247 bgp_path_info_unset_flag(bn, bpi, BGP_PATH_VALID);
1248
1249 /* Process change. */
1250 bgp_aggregate_increment(to_bgp, p, bpi, afi, safi);
1251 bgp_process(to_bgp, bn, afi, safi);
1252 bgp_dest_unlock_node(bn);
1253
1254 if (debug)
1255 zlog_debug("%s: ->%s: %pBD Found route, changed attr",
1256 __func__, to_bgp->name_pretty, bn);
1257
1258 return bpi;
1259 }
1260
1261 if (CHECK_FLAG(source_bpi->flags, BGP_PATH_REMOVED)) {
1262 if (debug) {
1263 zlog_debug(
1264 "%s: ->%s(s_flags: 0x%x): %pFX: New route, being removed, not leaking",
1265 __func__, to_bgp->name_pretty,
1266 source_bpi->flags, p);
1267 }
1268 return NULL;
1269 }
1270
1271 new = info_make(ZEBRA_ROUTE_BGP, BGP_ROUTE_IMPORTED, 0,
1272 to_bgp->peer_self, new_attr, bn);
1273
1274 if (source_bpi->peer) {
1275 extra = bgp_path_info_extra_get(new);
1276 extra->peer_orig = peer_lock(source_bpi->peer);
1277 }
1278
1279 if (nexthop_self_flag)
1280 bgp_path_info_set_flag(bn, new, BGP_PATH_ANNC_NH_SELF);
1281
1282 if (CHECK_FLAG(source_bpi->flags, BGP_PATH_ACCEPT_OWN))
1283 bgp_path_info_set_flag(bn, new, BGP_PATH_ACCEPT_OWN);
1284
1285 bgp_path_info_extra_get(new);
1286
1287 /*
1288 * rewrite sid
1289 */
1290 if (num_sids) {
1291 if (new_attr->srv6_l3vpn) {
1292 setsids(new, &new_attr->srv6_l3vpn->sid, num_sids);
1293
1294 extra = bgp_path_info_extra_get(new);
1295
1296 extra->sid[0].loc_block_len =
1297 new_attr->srv6_l3vpn->loc_block_len;
1298 extra->sid[0].loc_node_len =
1299 new_attr->srv6_l3vpn->loc_node_len;
1300 extra->sid[0].func_len = new_attr->srv6_l3vpn->func_len;
1301 extra->sid[0].arg_len = new_attr->srv6_l3vpn->arg_len;
1302 extra->sid[0].transposition_len =
1303 new_attr->srv6_l3vpn->transposition_len;
1304 extra->sid[0].transposition_offset =
1305 new_attr->srv6_l3vpn->transposition_offset;
1306 } else if (new_attr->srv6_vpn)
1307 setsids(new, &new_attr->srv6_vpn->sid, num_sids);
1308 } else
1309 unsetsids(new);
1310
1311 if (num_labels)
1312 setlabels(new, label, num_labels);
1313
1314 new->extra->parent = bgp_path_info_lock(parent);
1315 bgp_dest_lock_node(
1316 (struct bgp_dest *)parent->net);
1317 if (bgp_orig)
1318 new->extra->bgp_orig = bgp_lock(bgp_orig);
1319 if (nexthop_orig)
1320 new->extra->nexthop_orig = *nexthop_orig;
1321
1322 if (leak_update_nexthop_valid(to_bgp, bn, new_attr, afi, safi,
1323 source_bpi, new, bgp_orig, p, debug))
1324 bgp_path_info_set_flag(bn, new, BGP_PATH_VALID);
1325 else
1326 bgp_path_info_unset_flag(bn, new, BGP_PATH_VALID);
1327
1328 bgp_aggregate_increment(to_bgp, p, new, afi, safi);
1329 bgp_path_info_add(bn, new);
1330
1331 bgp_dest_unlock_node(bn);
1332 bgp_process(to_bgp, bn, afi, safi);
1333
1334 if (debug)
1335 zlog_debug("%s: ->%s: %pBD: Added new route", __func__,
1336 to_bgp->name_pretty, bn);
1337
1338 return new;
1339 }
1340
1341 void bgp_mplsvpn_path_nh_label_unlink(struct bgp_path_info *pi)
1342 {
1343 struct bgp_label_per_nexthop_cache *blnc;
1344
1345 if (!pi)
1346 return;
1347
1348 blnc = pi->label_nexthop_cache;
1349
1350 if (!blnc)
1351 return;
1352
1353 LIST_REMOVE(pi, label_nh_thread);
1354 pi->label_nexthop_cache->path_count--;
1355 pi->label_nexthop_cache = NULL;
1356
1357 if (LIST_EMPTY(&(blnc->paths)))
1358 bgp_label_per_nexthop_free(blnc);
1359 }
1360
1361 /* Called upon reception of a ZAPI Message from zebra, about
1362 * a new available label.
1363 */
1364 static int bgp_mplsvpn_get_label_per_nexthop_cb(mpls_label_t label,
1365 void *context, bool allocated)
1366 {
1367 struct bgp_label_per_nexthop_cache *blnc = context;
1368 mpls_label_t old_label;
1369 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
1370 struct bgp_path_info *pi;
1371 struct bgp_table *table;
1372
1373 old_label = blnc->label;
1374
1375 if (debug)
1376 zlog_debug("%s: label=%u, allocated=%d, nexthop=%pFX", __func__,
1377 label, allocated, &blnc->nexthop);
1378 if (allocated)
1379 /* update the entry with the new label */
1380 blnc->label = label;
1381 else
1382 /*
1383 * previously-allocated label is now invalid
1384 * eg: zebra deallocated the labels and notifies it
1385 */
1386 blnc->label = MPLS_INVALID_LABEL;
1387
1388 if (old_label == blnc->label)
1389 return 0; /* no change */
1390
1391 /* update paths */
1392 if (blnc->label != MPLS_INVALID_LABEL)
1393 bgp_zebra_send_nexthop_label(
1394 ZEBRA_MPLS_LABELS_ADD, blnc->label, blnc->nh->ifindex,
1395 blnc->nh->vrf_id, ZEBRA_LSP_BGP, &blnc->nexthop);
1396
1397 LIST_FOREACH (pi, &(blnc->paths), label_nh_thread) {
1398 if (!pi->net)
1399 continue;
1400 table = bgp_dest_table(pi->net);
1401 if (!table)
1402 continue;
1403 vpn_leak_from_vrf_update(blnc->to_bgp, table->bgp, pi);
1404 }
1405
1406 return 0;
1407 }
1408
1409 /* Get a per label nexthop value:
1410 * - Find and return a per label nexthop from the cache
1411 * - else allocate a new per label nexthop cache entry and request a
1412 * label to zebra. Return MPLS_INVALID_LABEL
1413 */
1414 static mpls_label_t _vpn_leak_from_vrf_get_per_nexthop_label(
1415 struct bgp_path_info *pi, struct bgp *to_bgp, struct bgp *from_bgp,
1416 afi_t afi, safi_t safi)
1417 {
1418 struct bgp_nexthop_cache *bnc = pi->nexthop;
1419 struct bgp_label_per_nexthop_cache *blnc;
1420 struct bgp_label_per_nexthop_cache_head *tree;
1421 struct prefix *nh_pfx = NULL;
1422 struct prefix nh_gate = {0};
1423
1424 /* extract the nexthop from the BNC nexthop cache */
1425 switch (bnc->nexthop->type) {
1426 case NEXTHOP_TYPE_IPV4:
1427 case NEXTHOP_TYPE_IPV4_IFINDEX:
1428 /* the nexthop is recursive */
1429 nh_gate.family = AF_INET;
1430 nh_gate.prefixlen = IPV4_MAX_BITLEN;
1431 IPV4_ADDR_COPY(&nh_gate.u.prefix4, &bnc->nexthop->gate.ipv4);
1432 nh_pfx = &nh_gate;
1433 break;
1434 case NEXTHOP_TYPE_IPV6:
1435 case NEXTHOP_TYPE_IPV6_IFINDEX:
1436 /* the nexthop is recursive */
1437 nh_gate.family = AF_INET6;
1438 nh_gate.prefixlen = IPV6_MAX_BITLEN;
1439 IPV6_ADDR_COPY(&nh_gate.u.prefix6, &bnc->nexthop->gate.ipv6);
1440 nh_pfx = &nh_gate;
1441 break;
1442 case NEXTHOP_TYPE_IFINDEX:
1443 /* the nexthop is direcly connected */
1444 nh_pfx = &bnc->prefix;
1445 break;
1446 case NEXTHOP_TYPE_BLACKHOLE:
1447 assert(!"Blackhole nexthop. Already checked by the caller.");
1448 }
1449
1450 /* find or allocate a nexthop label cache entry */
1451 tree = &from_bgp->mpls_labels_per_nexthop[family2afi(nh_pfx->family)];
1452 blnc = bgp_label_per_nexthop_find(tree, nh_pfx);
1453 if (!blnc) {
1454 blnc = bgp_label_per_nexthop_new(tree, nh_pfx);
1455 blnc->to_bgp = to_bgp;
1456 /* request a label to zebra for this nexthop
1457 * the response from zebra will trigger the callback
1458 */
1459 bgp_lp_get(LP_TYPE_NEXTHOP, blnc,
1460 bgp_mplsvpn_get_label_per_nexthop_cb);
1461 }
1462
1463 if (pi->label_nexthop_cache == blnc)
1464 /* no change */
1465 return blnc->label;
1466
1467 /* Unlink from any existing nexthop cache. Free the entry if unused.
1468 */
1469 bgp_mplsvpn_path_nh_label_unlink(pi);
1470
1471 /* updates NHT pi list reference */
1472 LIST_INSERT_HEAD(&(blnc->paths), pi, label_nh_thread);
1473 pi->label_nexthop_cache = blnc;
1474 pi->label_nexthop_cache->path_count++;
1475 blnc->last_update = monotime(NULL);
1476
1477 /* then add or update the selected nexthop */
1478 if (!blnc->nh)
1479 blnc->nh = nexthop_dup(bnc->nexthop, NULL);
1480 else if (!nexthop_same(bnc->nexthop, blnc->nh)) {
1481 nexthop_free(blnc->nh);
1482 blnc->nh = nexthop_dup(bnc->nexthop, NULL);
1483 if (blnc->label != MPLS_INVALID_LABEL) {
1484 bgp_zebra_send_nexthop_label(
1485 ZEBRA_MPLS_LABELS_REPLACE, blnc->label,
1486 bnc->nexthop->ifindex, bnc->nexthop->vrf_id,
1487 ZEBRA_LSP_BGP, &blnc->nexthop);
1488 }
1489 }
1490
1491 return blnc->label;
1492 }
1493
1494 /* Filter out all the cases where a per nexthop label is not possible:
1495 * - return an invalid label when the nexthop is invalid
1496 * - return the per VRF label when the per nexthop label is not supported
1497 * Otherwise, find or request a per label nexthop.
1498 */
1499 static mpls_label_t vpn_leak_from_vrf_get_per_nexthop_label(
1500 afi_t afi, safi_t safi, struct bgp_path_info *pi, struct bgp *from_bgp,
1501 struct bgp *to_bgp)
1502 {
1503 struct bgp_path_info *bpi_ultimate = bgp_get_imported_bpi_ultimate(pi);
1504 struct bgp *bgp_nexthop = NULL;
1505 bool nh_valid;
1506 afi_t nh_afi;
1507 bool is_bgp_static_route;
1508
1509 is_bgp_static_route = bpi_ultimate->sub_type == BGP_ROUTE_STATIC &&
1510 bpi_ultimate->type == ZEBRA_ROUTE_BGP;
1511
1512 if (is_bgp_static_route == false && afi == AFI_IP &&
1513 CHECK_FLAG(pi->attr->flag, ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP)) &&
1514 (pi->attr->nexthop.s_addr == INADDR_ANY ||
1515 !ipv4_unicast_valid(&pi->attr->nexthop))) {
1516 /* IPv4 nexthop in standard BGP encoding format.
1517 * Format of address is not valid (not any, not unicast).
1518 * Fallback to the per VRF label.
1519 */
1520 bgp_mplsvpn_path_nh_label_unlink(pi);
1521 return from_bgp->vpn_policy[afi].tovpn_label;
1522 }
1523
1524 if (is_bgp_static_route == false && afi == AFI_IP &&
1525 pi->attr->mp_nexthop_len == BGP_ATTR_NHLEN_IPV4 &&
1526 (pi->attr->mp_nexthop_global_in.s_addr == INADDR_ANY ||
1527 !ipv4_unicast_valid(&pi->attr->mp_nexthop_global_in))) {
1528 /* IPv4 nexthop is in MP-BGP encoding format.
1529 * Format of address is not valid (not any, not unicast).
1530 * Fallback to the per VRF label.
1531 */
1532 bgp_mplsvpn_path_nh_label_unlink(pi);
1533 return from_bgp->vpn_policy[afi].tovpn_label;
1534 }
1535
1536 if (is_bgp_static_route == false && afi == AFI_IP6 &&
1537 (pi->attr->mp_nexthop_len == BGP_ATTR_NHLEN_IPV6_GLOBAL ||
1538 pi->attr->mp_nexthop_len == BGP_ATTR_NHLEN_IPV6_GLOBAL_AND_LL) &&
1539 (IN6_IS_ADDR_UNSPECIFIED(&pi->attr->mp_nexthop_global) ||
1540 IN6_IS_ADDR_LOOPBACK(&pi->attr->mp_nexthop_global) ||
1541 IN6_IS_ADDR_MULTICAST(&pi->attr->mp_nexthop_global))) {
1542 /* IPv6 nexthop is in MP-BGP encoding format.
1543 * Format of address is not valid
1544 * Fallback to the per VRF label.
1545 */
1546 bgp_mplsvpn_path_nh_label_unlink(pi);
1547 return from_bgp->vpn_policy[afi].tovpn_label;
1548 }
1549
1550 /* Check the next-hop reachability.
1551 * Get the bgp instance where the bgp_path_info originates.
1552 */
1553 if (pi->extra && pi->extra->bgp_orig)
1554 bgp_nexthop = pi->extra->bgp_orig;
1555 else
1556 bgp_nexthop = from_bgp;
1557
1558 nh_afi = BGP_ATTR_NH_AFI(afi, pi->attr);
1559 nh_valid = bgp_find_or_add_nexthop(from_bgp, bgp_nexthop, nh_afi, safi,
1560 pi, NULL, 0, NULL);
1561
1562 if (!nh_valid && is_bgp_static_route &&
1563 !CHECK_FLAG(from_bgp->flags, BGP_FLAG_IMPORT_CHECK)) {
1564 /* "network" prefixes not routable, but since 'no bgp network
1565 * import-check' is configured, they are always valid in the BGP
1566 * table. Fallback to the per-vrf label
1567 */
1568 bgp_mplsvpn_path_nh_label_unlink(pi);
1569 return from_bgp->vpn_policy[afi].tovpn_label;
1570 }
1571
1572 if (!nh_valid || !pi->nexthop || pi->nexthop->nexthop_num == 0 ||
1573 !pi->nexthop->nexthop) {
1574 /* invalid next-hop:
1575 * do not send the per-vrf label
1576 * otherwise, when the next-hop becomes valid,
1577 * we will have 2 BGP updates:
1578 * - one with the per-vrf label
1579 * - the second with the per-nexthop label
1580 */
1581 bgp_mplsvpn_path_nh_label_unlink(pi);
1582 return MPLS_INVALID_LABEL;
1583 }
1584
1585 if (pi->nexthop->nexthop_num > 1 ||
1586 pi->nexthop->nexthop->type == NEXTHOP_TYPE_BLACKHOLE) {
1587 /* Blackhole or ECMP routes
1588 * is not compatible with per-nexthop label.
1589 * Fallback to per-vrf label.
1590 */
1591 bgp_mplsvpn_path_nh_label_unlink(pi);
1592 return from_bgp->vpn_policy[afi].tovpn_label;
1593 }
1594
1595 return _vpn_leak_from_vrf_get_per_nexthop_label(pi, to_bgp, from_bgp,
1596 afi, safi);
1597 }
1598
1599 /* cf vnc_import_bgp_add_route_mode_nvegroup() and add_vnc_route() */
1600 void vpn_leak_from_vrf_update(struct bgp *to_bgp, /* to */
1601 struct bgp *from_bgp, /* from */
1602 struct bgp_path_info *path_vrf) /* route */
1603 {
1604 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
1605 const struct prefix *p = bgp_dest_get_prefix(path_vrf->net);
1606 afi_t afi = family2afi(p->family);
1607 struct attr static_attr = {0};
1608 struct attr *new_attr = NULL;
1609 safi_t safi = SAFI_MPLS_VPN;
1610 mpls_label_t label_val;
1611 mpls_label_t label;
1612 struct bgp_dest *bn;
1613 const char *debugmsg;
1614 int nexthop_self_flag = 0;
1615
1616 if (debug)
1617 zlog_debug("%s: from vrf %s", __func__, from_bgp->name_pretty);
1618
1619 if (debug && bgp_attr_get_ecommunity(path_vrf->attr)) {
1620 char *s = ecommunity_ecom2str(
1621 bgp_attr_get_ecommunity(path_vrf->attr),
1622 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
1623
1624 zlog_debug("%s: %s path_vrf->type=%d, EC{%s}", __func__,
1625 from_bgp->name, path_vrf->type, s);
1626 XFREE(MTYPE_ECOMMUNITY_STR, s);
1627 }
1628
1629 if (!to_bgp)
1630 return;
1631
1632 if (!afi) {
1633 if (debug)
1634 zlog_debug("%s: can't get afi of prefix", __func__);
1635 return;
1636 }
1637
1638 /* Is this route exportable into the VPN table? */
1639 if (!is_route_injectable_into_vpn(path_vrf))
1640 return;
1641
1642 if (!vpn_leak_to_vpn_active(from_bgp, afi, &debugmsg)) {
1643 if (debug)
1644 zlog_debug("%s: %s skipping: %s", __func__,
1645 from_bgp->name, debugmsg);
1646 return;
1647 }
1648
1649 /* shallow copy */
1650 static_attr = *path_vrf->attr;
1651
1652 /*
1653 * route map handling
1654 */
1655 if (from_bgp->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_TOVPN]) {
1656 struct bgp_path_info info;
1657 route_map_result_t ret;
1658
1659 memset(&info, 0, sizeof(info));
1660 info.peer = to_bgp->peer_self;
1661 info.attr = &static_attr;
1662 ret = route_map_apply(from_bgp->vpn_policy[afi]
1663 .rmap[BGP_VPN_POLICY_DIR_TOVPN],
1664 p, &info);
1665 if (RMAP_DENYMATCH == ret) {
1666 bgp_attr_flush(&static_attr); /* free any added parts */
1667 if (debug)
1668 zlog_debug(
1669 "%s: vrf %s route map \"%s\" says DENY, returning",
1670 __func__, from_bgp->name_pretty,
1671 from_bgp->vpn_policy[afi]
1672 .rmap[BGP_VPN_POLICY_DIR_TOVPN]
1673 ->name);
1674 return;
1675 }
1676 }
1677
1678 if (debug && bgp_attr_get_ecommunity(&static_attr)) {
1679 char *s = ecommunity_ecom2str(
1680 bgp_attr_get_ecommunity(&static_attr),
1681 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
1682
1683 zlog_debug("%s: post route map static_attr.ecommunity{%s}",
1684 __func__, s);
1685 XFREE(MTYPE_ECOMMUNITY_STR, s);
1686 }
1687
1688 /*
1689 * Add the vpn-policy rt-list
1690 */
1691 struct ecommunity *old_ecom;
1692 struct ecommunity *new_ecom;
1693
1694 /* Export with the 'from' instance's export RTs. */
1695 /* If doing VRF-to-VRF leaking, strip existing RTs first. */
1696 old_ecom = bgp_attr_get_ecommunity(&static_attr);
1697 if (old_ecom) {
1698 new_ecom = ecommunity_dup(old_ecom);
1699 if (CHECK_FLAG(from_bgp->af_flags[afi][SAFI_UNICAST],
1700 BGP_CONFIG_VRF_TO_VRF_EXPORT))
1701 ecommunity_strip_rts(new_ecom);
1702 new_ecom = ecommunity_merge(
1703 new_ecom, from_bgp->vpn_policy[afi]
1704 .rtlist[BGP_VPN_POLICY_DIR_TOVPN]);
1705 if (!old_ecom->refcnt)
1706 ecommunity_free(&old_ecom);
1707 } else {
1708 new_ecom = ecommunity_dup(
1709 from_bgp->vpn_policy[afi]
1710 .rtlist[BGP_VPN_POLICY_DIR_TOVPN]);
1711 }
1712 bgp_attr_set_ecommunity(&static_attr, new_ecom);
1713
1714 if (debug && bgp_attr_get_ecommunity(&static_attr)) {
1715 char *s = ecommunity_ecom2str(
1716 bgp_attr_get_ecommunity(&static_attr),
1717 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
1718
1719 zlog_debug("%s: post merge static_attr.ecommunity{%s}",
1720 __func__, s);
1721 XFREE(MTYPE_ECOMMUNITY_STR, s);
1722 }
1723
1724 community_strip_accept_own(&static_attr);
1725
1726 /* Nexthop */
1727 /* if policy nexthop not set, use 0 */
1728 if (CHECK_FLAG(from_bgp->vpn_policy[afi].flags,
1729 BGP_VPN_POLICY_TOVPN_NEXTHOP_SET)) {
1730 struct prefix *nexthop =
1731 &from_bgp->vpn_policy[afi].tovpn_nexthop;
1732
1733 switch (nexthop->family) {
1734 case AF_INET:
1735 /* prevent mp_nexthop_global_in <- self in bgp_route.c
1736 */
1737 static_attr.nexthop.s_addr = nexthop->u.prefix4.s_addr;
1738
1739 static_attr.mp_nexthop_global_in = nexthop->u.prefix4;
1740 static_attr.mp_nexthop_len = BGP_ATTR_NHLEN_IPV4;
1741 break;
1742
1743 case AF_INET6:
1744 static_attr.mp_nexthop_global = nexthop->u.prefix6;
1745 static_attr.mp_nexthop_len = BGP_ATTR_NHLEN_IPV6_GLOBAL;
1746 break;
1747
1748 default:
1749 assert(0);
1750 }
1751 } else {
1752 if (!CHECK_FLAG(from_bgp->af_flags[afi][SAFI_UNICAST],
1753 BGP_CONFIG_VRF_TO_VRF_EXPORT)) {
1754 if (afi == AFI_IP &&
1755 !BGP_ATTR_NEXTHOP_AFI_IP6(path_vrf->attr)) {
1756 /*
1757 * For ipv4, copy to multiprotocol
1758 * nexthop field
1759 */
1760 static_attr.mp_nexthop_global_in =
1761 static_attr.nexthop;
1762 static_attr.mp_nexthop_len =
1763 BGP_ATTR_NHLEN_IPV4;
1764 /*
1765 * XXX Leave static_attr.nexthop
1766 * intact for NHT
1767 */
1768 static_attr.flag &=
1769 ~ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP);
1770 }
1771 } else {
1772 /* Update based on next-hop family to account for
1773 * RFC 5549 (BGP unnumbered) scenario. Note that
1774 * specific action is only needed for the case of
1775 * IPv4 nexthops as the attr has been copied
1776 * otherwise.
1777 */
1778 if (afi == AFI_IP
1779 && !BGP_ATTR_NEXTHOP_AFI_IP6(path_vrf->attr)) {
1780 static_attr.mp_nexthop_global_in.s_addr =
1781 static_attr.nexthop.s_addr;
1782 static_attr.mp_nexthop_len =
1783 BGP_ATTR_NHLEN_IPV4;
1784 static_attr.flag |=
1785 ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP);
1786 }
1787 }
1788 nexthop_self_flag = 1;
1789 }
1790
1791 if (CHECK_FLAG(from_bgp->vpn_policy[afi].flags,
1792 BGP_VPN_POLICY_TOVPN_LABEL_PER_NEXTHOP))
1793 /* per nexthop label mode */
1794 label_val = vpn_leak_from_vrf_get_per_nexthop_label(
1795 afi, safi, path_vrf, from_bgp, to_bgp);
1796 else
1797 /* per VRF label mode */
1798 label_val = from_bgp->vpn_policy[afi].tovpn_label;
1799
1800 if (label_val == MPLS_INVALID_LABEL &&
1801 CHECK_FLAG(from_bgp->vpn_policy[afi].flags,
1802 BGP_VPN_POLICY_TOVPN_LABEL_PER_NEXTHOP)) {
1803 /* no valid label for the moment
1804 * when the 'bgp_mplsvpn_get_label_per_nexthop_cb' callback gets
1805 * a valid label value, it will call the current function again.
1806 */
1807 if (debug)
1808 zlog_debug(
1809 "%s: %s skipping: waiting for a valid per-label nexthop.",
1810 __func__, from_bgp->name_pretty);
1811 return;
1812 }
1813 if (label_val == MPLS_LABEL_NONE)
1814 encode_label(MPLS_LABEL_IMPLICIT_NULL, &label);
1815 else
1816 encode_label(label_val, &label);
1817
1818 /* Set originator ID to "me" */
1819 SET_FLAG(static_attr.flag, ATTR_FLAG_BIT(BGP_ATTR_ORIGINATOR_ID));
1820 static_attr.originator_id = to_bgp->router_id;
1821
1822 /* Set SID for SRv6 VPN */
1823 if (from_bgp->vpn_policy[afi].tovpn_sid_locator) {
1824 struct srv6_locator_chunk *locator =
1825 from_bgp->vpn_policy[afi].tovpn_sid_locator;
1826 encode_label(
1827 from_bgp->vpn_policy[afi].tovpn_sid_transpose_label,
1828 &label);
1829 static_attr.srv6_l3vpn = XCALLOC(MTYPE_BGP_SRV6_L3VPN,
1830 sizeof(struct bgp_attr_srv6_l3vpn));
1831 static_attr.srv6_l3vpn->sid_flags = 0x00;
1832 static_attr.srv6_l3vpn->endpoint_behavior =
1833 afi == AFI_IP
1834 ? (CHECK_FLAG(locator->flags, SRV6_LOCATOR_USID)
1835 ? SRV6_ENDPOINT_BEHAVIOR_END_DT4_USID
1836 : SRV6_ENDPOINT_BEHAVIOR_END_DT4)
1837 : (CHECK_FLAG(locator->flags, SRV6_LOCATOR_USID)
1838 ? SRV6_ENDPOINT_BEHAVIOR_END_DT6_USID
1839 : SRV6_ENDPOINT_BEHAVIOR_END_DT6);
1840 static_attr.srv6_l3vpn->loc_block_len =
1841 from_bgp->vpn_policy[afi]
1842 .tovpn_sid_locator->block_bits_length;
1843 static_attr.srv6_l3vpn->loc_node_len =
1844 from_bgp->vpn_policy[afi]
1845 .tovpn_sid_locator->node_bits_length;
1846 static_attr.srv6_l3vpn->func_len =
1847 from_bgp->vpn_policy[afi]
1848 .tovpn_sid_locator->function_bits_length;
1849 static_attr.srv6_l3vpn->arg_len =
1850 from_bgp->vpn_policy[afi]
1851 .tovpn_sid_locator->argument_bits_length;
1852 static_attr.srv6_l3vpn->transposition_len =
1853 from_bgp->vpn_policy[afi]
1854 .tovpn_sid_locator->function_bits_length;
1855 static_attr.srv6_l3vpn->transposition_offset =
1856 from_bgp->vpn_policy[afi]
1857 .tovpn_sid_locator->block_bits_length +
1858 from_bgp->vpn_policy[afi]
1859 .tovpn_sid_locator->node_bits_length;
1860 ;
1861 memcpy(&static_attr.srv6_l3vpn->sid,
1862 &from_bgp->vpn_policy[afi]
1863 .tovpn_sid_locator->prefix.prefix,
1864 sizeof(struct in6_addr));
1865 } else if (from_bgp->tovpn_sid_locator) {
1866 struct srv6_locator_chunk *locator =
1867 from_bgp->tovpn_sid_locator;
1868 encode_label(from_bgp->tovpn_sid_transpose_label, &label);
1869 static_attr.srv6_l3vpn =
1870 XCALLOC(MTYPE_BGP_SRV6_L3VPN,
1871 sizeof(struct bgp_attr_srv6_l3vpn));
1872 static_attr.srv6_l3vpn->sid_flags = 0x00;
1873 static_attr.srv6_l3vpn->endpoint_behavior =
1874 CHECK_FLAG(locator->flags, SRV6_LOCATOR_USID)
1875 ? SRV6_ENDPOINT_BEHAVIOR_END_DT46_USID
1876 : SRV6_ENDPOINT_BEHAVIOR_END_DT46;
1877 static_attr.srv6_l3vpn->loc_block_len =
1878 from_bgp->tovpn_sid_locator->block_bits_length;
1879 static_attr.srv6_l3vpn->loc_node_len =
1880 from_bgp->tovpn_sid_locator->node_bits_length;
1881 static_attr.srv6_l3vpn->func_len =
1882 from_bgp->tovpn_sid_locator->function_bits_length;
1883 static_attr.srv6_l3vpn->arg_len =
1884 from_bgp->tovpn_sid_locator->argument_bits_length;
1885 static_attr.srv6_l3vpn->transposition_len =
1886 from_bgp->tovpn_sid_locator->function_bits_length;
1887 static_attr.srv6_l3vpn->transposition_offset =
1888 from_bgp->tovpn_sid_locator->block_bits_length +
1889 from_bgp->tovpn_sid_locator->node_bits_length;
1890 memcpy(&static_attr.srv6_l3vpn->sid,
1891 &from_bgp->tovpn_sid_locator->prefix.prefix,
1892 sizeof(struct in6_addr));
1893 }
1894
1895
1896 new_attr = bgp_attr_intern(
1897 &static_attr); /* hashed refcounted everything */
1898 bgp_attr_flush(&static_attr); /* free locally-allocated parts */
1899
1900 if (debug && bgp_attr_get_ecommunity(new_attr)) {
1901 char *s = ecommunity_ecom2str(bgp_attr_get_ecommunity(new_attr),
1902 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
1903
1904 zlog_debug("%s: new_attr->ecommunity{%s}", __func__, s);
1905 XFREE(MTYPE_ECOMMUNITY_STR, s);
1906 }
1907
1908 /* Now new_attr is an allocated interned attr */
1909
1910 bn = bgp_afi_node_get(to_bgp->rib[afi][safi], afi, safi, p,
1911 &(from_bgp->vpn_policy[afi].tovpn_rd));
1912
1913 struct bgp_path_info *new_info;
1914
1915 new_info =
1916 leak_update(to_bgp, bn, new_attr, afi, safi, path_vrf, &label,
1917 1, from_bgp, NULL, nexthop_self_flag, debug);
1918
1919 /*
1920 * Routes actually installed in the vpn RIB must also be
1921 * offered to all vrfs (because now they originate from
1922 * the vpn RIB).
1923 *
1924 * Acceptance into other vrfs depends on rt-lists.
1925 * Originating vrf will not accept the looped back route
1926 * because of loop checking.
1927 */
1928 if (new_info)
1929 vpn_leak_to_vrf_update(from_bgp, new_info, NULL);
1930 else
1931 bgp_dest_unlock_node(bn);
1932 }
1933
1934 void vpn_leak_from_vrf_withdraw(struct bgp *to_bgp, /* to */
1935 struct bgp *from_bgp, /* from */
1936 struct bgp_path_info *path_vrf) /* route */
1937 {
1938 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
1939 const struct prefix *p = bgp_dest_get_prefix(path_vrf->net);
1940 afi_t afi = family2afi(p->family);
1941 safi_t safi = SAFI_MPLS_VPN;
1942 struct bgp_path_info *bpi;
1943 struct bgp_dest *bn;
1944 const char *debugmsg;
1945
1946 if (debug) {
1947 zlog_debug(
1948 "%s: entry: leak-from=%s, p=%pBD, type=%d, sub_type=%d",
1949 __func__, from_bgp->name_pretty, path_vrf->net,
1950 path_vrf->type, path_vrf->sub_type);
1951 }
1952
1953 if (!to_bgp)
1954 return;
1955
1956 if (!afi) {
1957 if (debug)
1958 zlog_debug("%s: can't get afi of prefix", __func__);
1959 return;
1960 }
1961
1962 /* Is this route exportable into the VPN table? */
1963 if (!is_route_injectable_into_vpn(path_vrf))
1964 return;
1965
1966 if (!vpn_leak_to_vpn_active(from_bgp, afi, &debugmsg)) {
1967 if (debug)
1968 zlog_debug("%s: skipping: %s", __func__, debugmsg);
1969 return;
1970 }
1971
1972 if (debug)
1973 zlog_debug("%s: withdrawing (path_vrf=%p)", __func__, path_vrf);
1974
1975 bn = bgp_afi_node_get(to_bgp->rib[afi][safi], afi, safi, p,
1976 &(from_bgp->vpn_policy[afi].tovpn_rd));
1977
1978 if (!bn)
1979 return;
1980 /*
1981 * vrf -> vpn
1982 * match original bpi imported from
1983 */
1984 for (bpi = bgp_dest_get_bgp_path_info(bn); bpi; bpi = bpi->next) {
1985 if (bpi->extra && bpi->extra->parent == path_vrf) {
1986 break;
1987 }
1988 }
1989
1990 if (bpi) {
1991 /* withdraw from looped vrfs as well */
1992 vpn_leak_to_vrf_withdraw(bpi);
1993
1994 bgp_aggregate_decrement(to_bgp, p, bpi, afi, safi);
1995 bgp_path_info_delete(bn, bpi);
1996 bgp_process(to_bgp, bn, afi, safi);
1997 }
1998 bgp_dest_unlock_node(bn);
1999 }
2000
2001 void vpn_leak_from_vrf_withdraw_all(struct bgp *to_bgp, struct bgp *from_bgp,
2002 afi_t afi)
2003 {
2004 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
2005 struct bgp_dest *pdest;
2006 safi_t safi = SAFI_MPLS_VPN;
2007
2008 /*
2009 * Walk vpn table, delete bpi with bgp_orig == from_bgp
2010 */
2011 for (pdest = bgp_table_top(to_bgp->rib[afi][safi]); pdest;
2012 pdest = bgp_route_next(pdest)) {
2013
2014 struct bgp_table *table;
2015 struct bgp_dest *bn;
2016 struct bgp_path_info *bpi;
2017
2018 /* This is the per-RD table of prefixes */
2019 table = bgp_dest_get_bgp_table_info(pdest);
2020
2021 if (!table)
2022 continue;
2023
2024 for (bn = bgp_table_top(table); bn; bn = bgp_route_next(bn)) {
2025 bpi = bgp_dest_get_bgp_path_info(bn);
2026 if (debug && bpi) {
2027 zlog_debug("%s: looking at prefix %pBD",
2028 __func__, bn);
2029 }
2030
2031 for (; bpi; bpi = bpi->next) {
2032 if (debug)
2033 zlog_debug("%s: type %d, sub_type %d",
2034 __func__, bpi->type,
2035 bpi->sub_type);
2036 if (bpi->sub_type != BGP_ROUTE_IMPORTED)
2037 continue;
2038 if (!bpi->extra)
2039 continue;
2040 if ((struct bgp *)bpi->extra->bgp_orig ==
2041 from_bgp) {
2042 /* delete route */
2043 if (debug)
2044 zlog_debug("%s: deleting it",
2045 __func__);
2046 /* withdraw from leak-to vrfs as well */
2047 vpn_leak_to_vrf_withdraw(bpi);
2048 bgp_aggregate_decrement(
2049 to_bgp, bgp_dest_get_prefix(bn),
2050 bpi, afi, safi);
2051 bgp_path_info_delete(bn, bpi);
2052 bgp_process(to_bgp, bn, afi, safi);
2053 bgp_mplsvpn_path_nh_label_unlink(
2054 bpi->extra->parent);
2055 }
2056 }
2057 }
2058 }
2059 }
2060
2061 void vpn_leak_from_vrf_update_all(struct bgp *to_bgp, struct bgp *from_bgp,
2062 afi_t afi)
2063 {
2064 struct bgp_dest *bn;
2065 struct bgp_path_info *bpi;
2066 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
2067
2068 if (debug)
2069 zlog_debug("%s: entry, afi=%d, vrf=%s", __func__, afi,
2070 from_bgp->name_pretty);
2071
2072 for (bn = bgp_table_top(from_bgp->rib[afi][SAFI_UNICAST]); bn;
2073 bn = bgp_route_next(bn)) {
2074
2075 if (debug)
2076 zlog_debug("%s: node=%p", __func__, bn);
2077
2078 for (bpi = bgp_dest_get_bgp_path_info(bn); bpi;
2079 bpi = bpi->next) {
2080 if (debug)
2081 zlog_debug(
2082 "%s: calling vpn_leak_from_vrf_update",
2083 __func__);
2084 vpn_leak_from_vrf_update(to_bgp, from_bgp, bpi);
2085 }
2086 }
2087 }
2088
2089 static struct bgp *bgp_lookup_by_rd(struct bgp_path_info *bpi,
2090 struct prefix_rd *rd, afi_t afi)
2091 {
2092 struct listnode *node, *nnode;
2093 struct bgp *bgp;
2094
2095 if (!rd)
2096 return NULL;
2097
2098 /* If ACCEPT_OWN is not enabled for this path - return. */
2099 if (!CHECK_FLAG(bpi->flags, BGP_PATH_ACCEPT_OWN))
2100 return NULL;
2101
2102 for (ALL_LIST_ELEMENTS(bm->bgp, node, nnode, bgp)) {
2103 if (bgp->inst_type != BGP_INSTANCE_TYPE_VRF)
2104 continue;
2105
2106 if (!CHECK_FLAG(bgp->vpn_policy[afi].flags,
2107 BGP_VPN_POLICY_TOVPN_RD_SET))
2108 continue;
2109
2110 /* Check if we have source VRF by RD value */
2111 if (memcmp(&bgp->vpn_policy[afi].tovpn_rd.val, rd->val,
2112 ECOMMUNITY_SIZE) == 0)
2113 return bgp;
2114 }
2115
2116 return NULL;
2117 }
2118
2119 static bool vpn_leak_to_vrf_update_onevrf(struct bgp *to_bgp, /* to */
2120 struct bgp *from_bgp, /* from */
2121 struct bgp_path_info *path_vpn,
2122 struct prefix_rd *prd)
2123 {
2124 const struct prefix *p = bgp_dest_get_prefix(path_vpn->net);
2125 afi_t afi = family2afi(p->family);
2126
2127 struct attr static_attr = {0};
2128 struct attr *new_attr = NULL;
2129 struct bgp_dest *bn;
2130 safi_t safi = SAFI_UNICAST;
2131 const char *debugmsg;
2132 struct prefix nexthop_orig;
2133 mpls_label_t *pLabels = NULL;
2134 uint32_t num_labels = 0;
2135 int nexthop_self_flag = 1;
2136 struct bgp_path_info *bpi_ultimate = NULL;
2137 int origin_local = 0;
2138 struct bgp *src_vrf;
2139 struct interface *ifp;
2140 char rd_buf[RD_ADDRSTRLEN];
2141 int debug = BGP_DEBUG(vpn, VPN_LEAK_TO_VRF);
2142
2143 if (!vpn_leak_from_vpn_active(to_bgp, afi, &debugmsg)) {
2144 if (debug)
2145 zlog_debug(
2146 "%s: from vpn (%s) to vrf (%s), skipping: %s",
2147 __func__, from_bgp->name_pretty,
2148 to_bgp->name_pretty, debugmsg);
2149 return false;
2150 }
2151
2152 /*
2153 * For VRF-2-VRF route-leaking,
2154 * the source will be the originating VRF.
2155 *
2156 * If ACCEPT_OWN mechanism is enabled, then we SHOULD(?)
2157 * get the source VRF (BGP) by looking at the RD.
2158 */
2159 struct bgp *src_bgp = bgp_lookup_by_rd(path_vpn, prd, afi);
2160
2161 if (path_vpn->extra && path_vpn->extra->bgp_orig)
2162 src_vrf = path_vpn->extra->bgp_orig;
2163 else if (src_bgp)
2164 src_vrf = src_bgp;
2165 else
2166 src_vrf = from_bgp;
2167
2168 /* Check for intersection of route targets */
2169 if (!ecommunity_include(
2170 to_bgp->vpn_policy[afi].rtlist[BGP_VPN_POLICY_DIR_FROMVPN],
2171 bgp_attr_get_ecommunity(path_vpn->attr))) {
2172 if (debug)
2173 zlog_debug(
2174 "from vpn (%s) to vrf (%s), skipping after no intersection of route targets",
2175 from_bgp->name_pretty, to_bgp->name_pretty);
2176 return false;
2177 }
2178
2179 rd_buf[0] = '\0';
2180 if (debug && prd)
2181 prefix_rd2str(prd, rd_buf, sizeof(rd_buf), to_bgp->asnotation);
2182
2183 /* A route MUST NOT ever be accepted back into its source VRF, even if
2184 * it carries one or more RTs that match that VRF.
2185 */
2186 if (CHECK_FLAG(path_vpn->flags, BGP_PATH_ACCEPT_OWN) && prd &&
2187 memcmp(&prd->val, &to_bgp->vpn_policy[afi].tovpn_rd.val,
2188 ECOMMUNITY_SIZE) == 0) {
2189 if (debug)
2190 zlog_debug(
2191 "%s: skipping import, match RD (%s) of src VRF (%s) and the prefix (%pFX)",
2192 __func__, rd_buf, to_bgp->name_pretty, p);
2193 return false;
2194 }
2195
2196 if (debug)
2197 zlog_debug("%s: updating RD %s, %pFX to %s", __func__, rd_buf,
2198 p, to_bgp->name_pretty);
2199
2200 /* shallow copy */
2201 static_attr = *path_vpn->attr;
2202
2203 struct ecommunity *old_ecom;
2204 struct ecommunity *new_ecom;
2205
2206 /* If doing VRF-to-VRF leaking, strip RTs. */
2207 old_ecom = bgp_attr_get_ecommunity(&static_attr);
2208 if (old_ecom && CHECK_FLAG(to_bgp->af_flags[afi][safi],
2209 BGP_CONFIG_VRF_TO_VRF_IMPORT)) {
2210 new_ecom = ecommunity_dup(old_ecom);
2211 ecommunity_strip_rts(new_ecom);
2212 bgp_attr_set_ecommunity(&static_attr, new_ecom);
2213
2214 if (new_ecom->size == 0) {
2215 ecommunity_free(&new_ecom);
2216 bgp_attr_set_ecommunity(&static_attr, NULL);
2217 }
2218
2219 if (!old_ecom->refcnt)
2220 ecommunity_free(&old_ecom);
2221 }
2222
2223 community_strip_accept_own(&static_attr);
2224
2225 /*
2226 * Nexthop: stash and clear
2227 *
2228 * Nexthop is valid in context of VPN core, but not in destination vrf.
2229 * Stash it for later label resolution by vrf ingress path and then
2230 * overwrite with 0, i.e., "me", for the sake of vrf advertisement.
2231 */
2232 uint8_t nhfamily = NEXTHOP_FAMILY(path_vpn->attr->mp_nexthop_len);
2233
2234 memset(&nexthop_orig, 0, sizeof(nexthop_orig));
2235 nexthop_orig.family = nhfamily;
2236
2237 /* If the path has accept-own community and the source VRF
2238 * is valid, reset next-hop to self, to allow importing own
2239 * routes between different VRFs on the same node.
2240 * Set the nh ifindex to VRF's interface, not the real interface.
2241 * Let the kernel to decide with double lookup the real next-hop
2242 * interface when installing the route.
2243 */
2244 if (src_bgp) {
2245 subgroup_announce_reset_nhop(nhfamily, &static_attr);
2246 ifp = if_get_vrf_loopback(src_vrf->vrf_id);
2247 if (ifp)
2248 static_attr.nh_ifindex = ifp->ifindex;
2249 }
2250
2251 switch (nhfamily) {
2252 case AF_INET:
2253 /* save */
2254 nexthop_orig.u.prefix4 = path_vpn->attr->mp_nexthop_global_in;
2255 nexthop_orig.prefixlen = IPV4_MAX_BITLEN;
2256
2257 if (CHECK_FLAG(to_bgp->af_flags[afi][safi],
2258 BGP_CONFIG_VRF_TO_VRF_IMPORT)) {
2259 static_attr.nexthop.s_addr =
2260 nexthop_orig.u.prefix4.s_addr;
2261
2262 static_attr.mp_nexthop_global_in =
2263 path_vpn->attr->mp_nexthop_global_in;
2264 static_attr.mp_nexthop_len =
2265 path_vpn->attr->mp_nexthop_len;
2266 }
2267 static_attr.flag |= ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP);
2268 break;
2269 case AF_INET6:
2270 /* save */
2271 nexthop_orig.u.prefix6 = path_vpn->attr->mp_nexthop_global;
2272 nexthop_orig.prefixlen = IPV6_MAX_BITLEN;
2273
2274 if (CHECK_FLAG(to_bgp->af_flags[afi][safi],
2275 BGP_CONFIG_VRF_TO_VRF_IMPORT)) {
2276 static_attr.mp_nexthop_global = nexthop_orig.u.prefix6;
2277 }
2278 break;
2279 }
2280
2281 /*
2282 * route map handling
2283 */
2284 if (to_bgp->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_FROMVPN]) {
2285 struct bgp_path_info info;
2286 route_map_result_t ret;
2287
2288 memset(&info, 0, sizeof(info));
2289 info.peer = to_bgp->peer_self;
2290 info.attr = &static_attr;
2291 info.extra = path_vpn->extra; /* Used for source-vrf filter */
2292 ret = route_map_apply(to_bgp->vpn_policy[afi]
2293 .rmap[BGP_VPN_POLICY_DIR_FROMVPN],
2294 p, &info);
2295 if (RMAP_DENYMATCH == ret) {
2296 bgp_attr_flush(&static_attr); /* free any added parts */
2297 if (debug)
2298 zlog_debug(
2299 "%s: vrf %s vpn-policy route map \"%s\" says DENY, returning",
2300 __func__, to_bgp->name_pretty,
2301 to_bgp->vpn_policy[afi]
2302 .rmap[BGP_VPN_POLICY_DIR_FROMVPN]
2303 ->name);
2304 return false;
2305 }
2306 /*
2307 * if route-map changed nexthop, don't nexthop-self on output
2308 */
2309 if (!CHECK_FLAG(static_attr.rmap_change_flags,
2310 BATTR_RMAP_NEXTHOP_UNCHANGED))
2311 nexthop_self_flag = 0;
2312 }
2313
2314 new_attr = bgp_attr_intern(&static_attr);
2315 bgp_attr_flush(&static_attr);
2316
2317 bn = bgp_afi_node_get(to_bgp->rib[afi][safi], afi, safi, p, NULL);
2318
2319 /*
2320 * ensure labels are copied
2321 *
2322 * However, there is a special case: if the route originated in
2323 * another local VRF (as opposed to arriving via VPN), then the
2324 * nexthop is reached by hairpinning through this router (me)
2325 * using IP forwarding only (no LSP). Therefore, the route
2326 * imported to the VRF should not have labels attached. Note
2327 * that nexthop tracking is also involved: eliminating the
2328 * labels for these routes enables the non-labeled nexthops
2329 * from the originating VRF to be considered valid for this route.
2330 */
2331 if (!CHECK_FLAG(to_bgp->af_flags[afi][safi],
2332 BGP_CONFIG_VRF_TO_VRF_IMPORT)) {
2333 /* work back to original route */
2334 bpi_ultimate = bgp_get_imported_bpi_ultimate(path_vpn);
2335
2336 /*
2337 * if original route was unicast,
2338 * then it did not arrive over vpn
2339 */
2340 if (bpi_ultimate->net) {
2341 struct bgp_table *table;
2342
2343 table = bgp_dest_table(bpi_ultimate->net);
2344 if (table && (table->safi == SAFI_UNICAST))
2345 origin_local = 1;
2346 }
2347
2348 /* copy labels */
2349 if (!origin_local && path_vpn->extra
2350 && path_vpn->extra->num_labels) {
2351 num_labels = path_vpn->extra->num_labels;
2352 if (num_labels > BGP_MAX_LABELS)
2353 num_labels = BGP_MAX_LABELS;
2354 pLabels = path_vpn->extra->label;
2355 }
2356 }
2357
2358 if (debug)
2359 zlog_debug("%s: pfx %pBD: num_labels %d", __func__,
2360 path_vpn->net, num_labels);
2361
2362 if (!leak_update(to_bgp, bn, new_attr, afi, safi, path_vpn, pLabels,
2363 num_labels, src_vrf, &nexthop_orig, nexthop_self_flag,
2364 debug))
2365 bgp_dest_unlock_node(bn);
2366
2367 return true;
2368 }
2369
2370 bool vpn_leak_to_vrf_update(struct bgp *from_bgp,
2371 struct bgp_path_info *path_vpn,
2372 struct prefix_rd *prd)
2373 {
2374 struct listnode *mnode, *mnnode;
2375 struct bgp *bgp;
2376 bool leak_success = false;
2377
2378 int debug = BGP_DEBUG(vpn, VPN_LEAK_TO_VRF);
2379
2380 if (debug)
2381 zlog_debug("%s: start (path_vpn=%p)", __func__, path_vpn);
2382
2383 /* Loop over VRFs */
2384 for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp)) {
2385
2386 if (!path_vpn->extra
2387 || path_vpn->extra->bgp_orig != bgp) { /* no loop */
2388 leak_success |= vpn_leak_to_vrf_update_onevrf(
2389 bgp, from_bgp, path_vpn, prd);
2390 }
2391 }
2392 return leak_success;
2393 }
2394
2395 void vpn_leak_to_vrf_withdraw(struct bgp_path_info *path_vpn)
2396 {
2397 const struct prefix *p;
2398 afi_t afi;
2399 safi_t safi = SAFI_UNICAST;
2400 struct bgp *bgp;
2401 struct listnode *mnode, *mnnode;
2402 struct bgp_dest *bn;
2403 struct bgp_path_info *bpi;
2404 const char *debugmsg;
2405
2406 int debug = BGP_DEBUG(vpn, VPN_LEAK_TO_VRF);
2407
2408 if (debug)
2409 zlog_debug("%s: entry: p=%pBD, type=%d, sub_type=%d", __func__,
2410 path_vpn->net, path_vpn->type, path_vpn->sub_type);
2411
2412 if (debug)
2413 zlog_debug("%s: start (path_vpn=%p)", __func__, path_vpn);
2414
2415 if (!path_vpn->net) {
2416 #ifdef ENABLE_BGP_VNC
2417 /* BGP_ROUTE_RFP routes do not have path_vpn->net set (yet) */
2418 if (path_vpn->type == ZEBRA_ROUTE_BGP
2419 && path_vpn->sub_type == BGP_ROUTE_RFP) {
2420
2421 return;
2422 }
2423 #endif
2424 if (debug)
2425 zlog_debug(
2426 "%s: path_vpn->net unexpectedly NULL, no prefix, bailing",
2427 __func__);
2428 return;
2429 }
2430
2431 p = bgp_dest_get_prefix(path_vpn->net);
2432 afi = family2afi(p->family);
2433
2434 /* Loop over VRFs */
2435 for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp)) {
2436 if (!vpn_leak_from_vpn_active(bgp, afi, &debugmsg)) {
2437 if (debug)
2438 zlog_debug("%s: from %s, skipping: %s",
2439 __func__, bgp->name_pretty,
2440 debugmsg);
2441 continue;
2442 }
2443
2444 /* Check for intersection of route targets */
2445 if (!ecommunity_include(
2446 bgp->vpn_policy[afi]
2447 .rtlist[BGP_VPN_POLICY_DIR_FROMVPN],
2448 bgp_attr_get_ecommunity(path_vpn->attr))) {
2449
2450 continue;
2451 }
2452
2453 if (debug)
2454 zlog_debug("%s: withdrawing from vrf %s", __func__,
2455 bgp->name_pretty);
2456
2457 bn = bgp_afi_node_get(bgp->rib[afi][safi], afi, safi, p, NULL);
2458
2459 for (bpi = bgp_dest_get_bgp_path_info(bn); bpi;
2460 bpi = bpi->next) {
2461 if (bpi->extra
2462 && (struct bgp_path_info *)bpi->extra->parent
2463 == path_vpn) {
2464 break;
2465 }
2466 }
2467
2468 if (bpi) {
2469 if (debug)
2470 zlog_debug("%s: deleting bpi %p", __func__,
2471 bpi);
2472 bgp_aggregate_decrement(bgp, p, bpi, afi, safi);
2473 bgp_path_info_delete(bn, bpi);
2474 bgp_process(bgp, bn, afi, safi);
2475 }
2476 bgp_dest_unlock_node(bn);
2477 }
2478 }
2479
2480 void vpn_leak_to_vrf_withdraw_all(struct bgp *to_bgp, afi_t afi)
2481 {
2482 struct bgp_dest *bn;
2483 struct bgp_path_info *bpi;
2484 safi_t safi = SAFI_UNICAST;
2485 int debug = BGP_DEBUG(vpn, VPN_LEAK_TO_VRF);
2486
2487 if (debug)
2488 zlog_debug("%s: entry", __func__);
2489 /*
2490 * Walk vrf table, delete bpi with bgp_orig in a different vrf
2491 */
2492 for (bn = bgp_table_top(to_bgp->rib[afi][safi]); bn;
2493 bn = bgp_route_next(bn)) {
2494
2495 for (bpi = bgp_dest_get_bgp_path_info(bn); bpi;
2496 bpi = bpi->next) {
2497 if (bpi->extra && bpi->extra->bgp_orig != to_bgp &&
2498 bpi->extra->parent &&
2499 is_pi_family_vpn(bpi->extra->parent)) {
2500
2501 /* delete route */
2502 bgp_aggregate_decrement(to_bgp,
2503 bgp_dest_get_prefix(bn),
2504 bpi, afi, safi);
2505 bgp_path_info_delete(bn, bpi);
2506 bgp_process(to_bgp, bn, afi, safi);
2507 }
2508 }
2509 }
2510 }
2511
2512 void vpn_leak_to_vrf_update_all(struct bgp *to_bgp, struct bgp *vpn_from,
2513 afi_t afi)
2514 {
2515 struct bgp_dest *pdest;
2516 safi_t safi = SAFI_MPLS_VPN;
2517
2518 assert(vpn_from);
2519
2520 /*
2521 * Walk vpn table
2522 */
2523 for (pdest = bgp_table_top(vpn_from->rib[afi][safi]); pdest;
2524 pdest = bgp_route_next(pdest)) {
2525 struct bgp_table *table;
2526 struct bgp_dest *bn;
2527 struct bgp_path_info *bpi;
2528
2529 /* This is the per-RD table of prefixes */
2530 table = bgp_dest_get_bgp_table_info(pdest);
2531
2532 if (!table)
2533 continue;
2534
2535 for (bn = bgp_table_top(table); bn; bn = bgp_route_next(bn)) {
2536
2537 for (bpi = bgp_dest_get_bgp_path_info(bn); bpi;
2538 bpi = bpi->next) {
2539
2540 if (bpi->extra &&
2541 bpi->extra->bgp_orig == to_bgp)
2542 continue;
2543
2544 vpn_leak_to_vrf_update_onevrf(to_bgp, vpn_from,
2545 bpi, NULL);
2546 }
2547 }
2548 }
2549 }
2550
2551 /*
2552 * This function is called for definition/deletion/change to a route-map
2553 */
2554 static void vpn_policy_routemap_update(struct bgp *bgp, const char *rmap_name)
2555 {
2556 int debug = BGP_DEBUG(vpn, VPN_LEAK_RMAP_EVENT);
2557 afi_t afi;
2558 struct route_map *rmap;
2559
2560 if (bgp->inst_type != BGP_INSTANCE_TYPE_DEFAULT
2561 && bgp->inst_type != BGP_INSTANCE_TYPE_VRF) {
2562
2563 return;
2564 }
2565
2566 rmap = route_map_lookup_by_name(rmap_name); /* NULL if deleted */
2567
2568 for (afi = 0; afi < AFI_MAX; ++afi) {
2569
2570 if (bgp->vpn_policy[afi].rmap_name[BGP_VPN_POLICY_DIR_TOVPN]
2571 && !strcmp(rmap_name,
2572 bgp->vpn_policy[afi]
2573 .rmap_name[BGP_VPN_POLICY_DIR_TOVPN])) {
2574
2575 if (debug)
2576 zlog_debug(
2577 "%s: rmap \"%s\" matches vrf-policy tovpn for as %d afi %s",
2578 __func__, rmap_name, bgp->as,
2579 afi2str(afi));
2580
2581 vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN, afi,
2582 bgp_get_default(), bgp);
2583 if (debug)
2584 zlog_debug("%s: after vpn_leak_prechange",
2585 __func__);
2586
2587 /* in case of definition/deletion */
2588 bgp->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_TOVPN] =
2589 rmap;
2590
2591 vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN, afi,
2592 bgp_get_default(), bgp);
2593
2594 if (debug)
2595 zlog_debug("%s: after vpn_leak_postchange",
2596 __func__);
2597 }
2598
2599 if (bgp->vpn_policy[afi].rmap_name[BGP_VPN_POLICY_DIR_FROMVPN]
2600 && !strcmp(rmap_name,
2601 bgp->vpn_policy[afi]
2602 .rmap_name[BGP_VPN_POLICY_DIR_FROMVPN])) {
2603
2604 if (debug) {
2605 zlog_debug("%s: rmap \"%s\" matches vrf-policy fromvpn for as %d afi %s",
2606 __func__, rmap_name, bgp->as,
2607 afi2str(afi));
2608 }
2609
2610 vpn_leak_prechange(BGP_VPN_POLICY_DIR_FROMVPN, afi,
2611 bgp_get_default(), bgp);
2612
2613 /* in case of definition/deletion */
2614 bgp->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_FROMVPN] =
2615 rmap;
2616
2617 vpn_leak_postchange(BGP_VPN_POLICY_DIR_FROMVPN, afi,
2618 bgp_get_default(), bgp);
2619 }
2620 }
2621 }
2622
2623 /* This API is used during router-id change, reflect VPNs
2624 * auto RD and RT values and readvertise routes to VPN table.
2625 */
2626 void vpn_handle_router_id_update(struct bgp *bgp, bool withdraw,
2627 bool is_config)
2628 {
2629 afi_t afi;
2630 int debug = (BGP_DEBUG(vpn, VPN_LEAK_TO_VRF)
2631 | BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF));
2632 char *vname;
2633 const char *export_name;
2634 char buf[RD_ADDRSTRLEN];
2635 struct bgp *bgp_import;
2636 struct listnode *node;
2637 struct ecommunity *ecom;
2638 enum vpn_policy_direction idir, edir;
2639
2640 /*
2641 * Router-id change that is not explicitly configured
2642 * (a change from zebra, frr restart for example)
2643 * should not replace a configured vpn RD/RT.
2644 */
2645 if (!is_config) {
2646 if (debug)
2647 zlog_debug("%s: skipping non explicit router-id change",
2648 __func__);
2649 return;
2650 }
2651
2652 if (bgp->inst_type != BGP_INSTANCE_TYPE_DEFAULT
2653 && bgp->inst_type != BGP_INSTANCE_TYPE_VRF)
2654 return;
2655
2656 export_name = bgp->name ? bgp->name : VRF_DEFAULT_NAME;
2657 idir = BGP_VPN_POLICY_DIR_FROMVPN;
2658 edir = BGP_VPN_POLICY_DIR_TOVPN;
2659
2660 for (afi = 0; afi < AFI_MAX; ++afi) {
2661 if (!vpn_leak_to_vpn_active(bgp, afi, NULL))
2662 continue;
2663
2664 if (withdraw) {
2665 vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN,
2666 afi, bgp_get_default(), bgp);
2667 if (debug)
2668 zlog_debug("%s: %s after to_vpn vpn_leak_prechange",
2669 __func__, export_name);
2670
2671 /* Remove import RT from VRFs */
2672 ecom = bgp->vpn_policy[afi].rtlist[edir];
2673 for (ALL_LIST_ELEMENTS_RO(bgp->vpn_policy[afi].
2674 export_vrf, node, vname)) {
2675 if (strcmp(vname, VRF_DEFAULT_NAME) == 0)
2676 bgp_import = bgp_get_default();
2677 else
2678 bgp_import = bgp_lookup_by_name(vname);
2679 if (!bgp_import)
2680 continue;
2681
2682 ecommunity_del_val(
2683 bgp_import->vpn_policy[afi]
2684 .rtlist[idir],
2685 (struct ecommunity_val *)ecom->val);
2686 }
2687 } else {
2688 /* New router-id derive auto RD and RT and export
2689 * to VPN
2690 */
2691 form_auto_rd(bgp->router_id, bgp->vrf_rd_id,
2692 &bgp->vrf_prd_auto);
2693 bgp->vpn_policy[afi].tovpn_rd = bgp->vrf_prd_auto;
2694 prefix_rd2str(&bgp->vpn_policy[afi].tovpn_rd, buf,
2695 sizeof(buf), bgp->asnotation);
2696
2697 /* free up pre-existing memory if any and allocate
2698 * the ecommunity attribute with new RD/RT
2699 */
2700 if (bgp->vpn_policy[afi].rtlist[edir])
2701 ecommunity_free(
2702 &bgp->vpn_policy[afi].rtlist[edir]);
2703 bgp->vpn_policy[afi].rtlist[edir] = ecommunity_str2com(
2704 buf, ECOMMUNITY_ROUTE_TARGET, 0);
2705
2706 /* Update import_vrf rt_list */
2707 ecom = bgp->vpn_policy[afi].rtlist[edir];
2708 for (ALL_LIST_ELEMENTS_RO(bgp->vpn_policy[afi].
2709 export_vrf, node, vname)) {
2710 if (strcmp(vname, VRF_DEFAULT_NAME) == 0)
2711 bgp_import = bgp_get_default();
2712 else
2713 bgp_import = bgp_lookup_by_name(vname);
2714 if (!bgp_import)
2715 continue;
2716 if (bgp_import->vpn_policy[afi].rtlist[idir])
2717 bgp_import->vpn_policy[afi].rtlist[idir]
2718 = ecommunity_merge(
2719 bgp_import->vpn_policy[afi]
2720 .rtlist[idir], ecom);
2721 else
2722 bgp_import->vpn_policy[afi].rtlist[idir]
2723 = ecommunity_dup(ecom);
2724 }
2725
2726 /* Update routes to VPN */
2727 vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN,
2728 afi, bgp_get_default(),
2729 bgp);
2730 if (debug)
2731 zlog_debug("%s: %s after to_vpn vpn_leak_postchange",
2732 __func__, export_name);
2733 }
2734 }
2735 }
2736
2737 void vpn_policy_routemap_event(const char *rmap_name)
2738 {
2739 int debug = BGP_DEBUG(vpn, VPN_LEAK_RMAP_EVENT);
2740 struct listnode *mnode, *mnnode;
2741 struct bgp *bgp;
2742
2743 if (debug)
2744 zlog_debug("%s: entry", __func__);
2745
2746 if (bm->bgp == NULL) /* may be called during cleanup */
2747 return;
2748
2749 for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp))
2750 vpn_policy_routemap_update(bgp, rmap_name);
2751 }
2752
2753 void vrf_import_from_vrf(struct bgp *to_bgp, struct bgp *from_bgp,
2754 afi_t afi, safi_t safi)
2755 {
2756 const char *export_name;
2757 enum vpn_policy_direction idir, edir;
2758 char *vname, *tmp_name;
2759 char buf[RD_ADDRSTRLEN];
2760 struct ecommunity *ecom;
2761 bool first_export = false;
2762 int debug;
2763 struct listnode *node;
2764 bool is_inst_match = false;
2765
2766 export_name = to_bgp->name ? to_bgp->name : VRF_DEFAULT_NAME;
2767 idir = BGP_VPN_POLICY_DIR_FROMVPN;
2768 edir = BGP_VPN_POLICY_DIR_TOVPN;
2769
2770 debug = (BGP_DEBUG(vpn, VPN_LEAK_TO_VRF) |
2771 BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF));
2772
2773 /*
2774 * Cross-ref both VRFs. Also, note if this is the first time
2775 * any VRF is importing from "import_vrf".
2776 */
2777 vname = (from_bgp->name ? XSTRDUP(MTYPE_TMP, from_bgp->name)
2778 : XSTRDUP(MTYPE_TMP, VRF_DEFAULT_NAME));
2779
2780 /* Check the import_vrf list of destination vrf for the source vrf name,
2781 * insert otherwise.
2782 */
2783 for (ALL_LIST_ELEMENTS_RO(to_bgp->vpn_policy[afi].import_vrf,
2784 node, tmp_name)) {
2785 if (strcmp(vname, tmp_name) == 0) {
2786 is_inst_match = true;
2787 break;
2788 }
2789 }
2790 if (!is_inst_match)
2791 listnode_add(to_bgp->vpn_policy[afi].import_vrf,
2792 vname);
2793 else
2794 XFREE(MTYPE_TMP, vname);
2795
2796 /* Check if the source vrf already exports to any vrf,
2797 * first time export requires to setup auto derived RD/RT values.
2798 * Add the destination vrf name to export vrf list if it is
2799 * not present.
2800 */
2801 is_inst_match = false;
2802 vname = XSTRDUP(MTYPE_TMP, export_name);
2803 if (!listcount(from_bgp->vpn_policy[afi].export_vrf)) {
2804 first_export = true;
2805 } else {
2806 for (ALL_LIST_ELEMENTS_RO(from_bgp->vpn_policy[afi].export_vrf,
2807 node, tmp_name)) {
2808 if (strcmp(vname, tmp_name) == 0) {
2809 is_inst_match = true;
2810 break;
2811 }
2812 }
2813 }
2814 if (!is_inst_match)
2815 listnode_add(from_bgp->vpn_policy[afi].export_vrf,
2816 vname);
2817 else
2818 XFREE(MTYPE_TMP, vname);
2819
2820 /* Update import RT for current VRF using export RT of the VRF we're
2821 * importing from. First though, make sure "import_vrf" has that
2822 * set.
2823 */
2824 if (first_export) {
2825 form_auto_rd(from_bgp->router_id, from_bgp->vrf_rd_id,
2826 &from_bgp->vrf_prd_auto);
2827 from_bgp->vpn_policy[afi].tovpn_rd = from_bgp->vrf_prd_auto;
2828 SET_FLAG(from_bgp->vpn_policy[afi].flags,
2829 BGP_VPN_POLICY_TOVPN_RD_SET);
2830 prefix_rd2str(&from_bgp->vpn_policy[afi].tovpn_rd, buf,
2831 sizeof(buf), from_bgp->asnotation);
2832 from_bgp->vpn_policy[afi].rtlist[edir] =
2833 ecommunity_str2com(buf, ECOMMUNITY_ROUTE_TARGET, 0);
2834 SET_FLAG(from_bgp->af_flags[afi][safi],
2835 BGP_CONFIG_VRF_TO_VRF_EXPORT);
2836 from_bgp->vpn_policy[afi].tovpn_label =
2837 BGP_PREVENT_VRF_2_VRF_LEAK;
2838 }
2839 ecom = from_bgp->vpn_policy[afi].rtlist[edir];
2840 if (to_bgp->vpn_policy[afi].rtlist[idir])
2841 to_bgp->vpn_policy[afi].rtlist[idir] =
2842 ecommunity_merge(to_bgp->vpn_policy[afi]
2843 .rtlist[idir], ecom);
2844 else
2845 to_bgp->vpn_policy[afi].rtlist[idir] = ecommunity_dup(ecom);
2846 SET_FLAG(to_bgp->af_flags[afi][safi], BGP_CONFIG_VRF_TO_VRF_IMPORT);
2847
2848 if (debug) {
2849 const char *from_name;
2850 char *ecom1, *ecom2;
2851
2852 from_name = from_bgp->name ? from_bgp->name :
2853 VRF_DEFAULT_NAME;
2854
2855 ecom1 = ecommunity_ecom2str(
2856 to_bgp->vpn_policy[afi].rtlist[idir],
2857 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
2858
2859 ecom2 = ecommunity_ecom2str(
2860 to_bgp->vpn_policy[afi].rtlist[edir],
2861 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
2862
2863 zlog_debug(
2864 "%s from %s to %s first_export %u import-rt %s export-rt %s",
2865 __func__, from_name, export_name, first_export, ecom1,
2866 ecom2);
2867
2868 ecommunity_strfree(&ecom1);
2869 ecommunity_strfree(&ecom2);
2870 }
2871
2872 /* Does "import_vrf" first need to export its routes or that
2873 * is already done and we just need to import those routes
2874 * from the global table?
2875 */
2876 if (first_export)
2877 vpn_leak_postchange(edir, afi, bgp_get_default(), from_bgp);
2878 else
2879 vpn_leak_postchange(idir, afi, bgp_get_default(), to_bgp);
2880 }
2881
2882 void vrf_unimport_from_vrf(struct bgp *to_bgp, struct bgp *from_bgp,
2883 afi_t afi, safi_t safi)
2884 {
2885 const char *export_name, *tmp_name;
2886 enum vpn_policy_direction idir, edir;
2887 char *vname;
2888 struct ecommunity *ecom = NULL;
2889 struct listnode *node;
2890 int debug;
2891
2892 export_name = to_bgp->name ? to_bgp->name : VRF_DEFAULT_NAME;
2893 tmp_name = from_bgp->name ? from_bgp->name : VRF_DEFAULT_NAME;
2894 idir = BGP_VPN_POLICY_DIR_FROMVPN;
2895 edir = BGP_VPN_POLICY_DIR_TOVPN;
2896
2897 debug = (BGP_DEBUG(vpn, VPN_LEAK_TO_VRF) |
2898 BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF));
2899
2900 /* Were we importing from "import_vrf"? */
2901 for (ALL_LIST_ELEMENTS_RO(to_bgp->vpn_policy[afi].import_vrf, node,
2902 vname)) {
2903 if (strcmp(vname, tmp_name) == 0)
2904 break;
2905 }
2906
2907 /*
2908 * We do not check in the cli if the passed in bgp
2909 * instance is actually imported into us before
2910 * we call this function. As such if we do not
2911 * find this in the import_vrf list than
2912 * we just need to return safely.
2913 */
2914 if (!vname)
2915 return;
2916
2917 if (debug)
2918 zlog_debug("%s from %s to %s", __func__, tmp_name, export_name);
2919
2920 /* Remove "import_vrf" from our import list. */
2921 listnode_delete(to_bgp->vpn_policy[afi].import_vrf, vname);
2922 XFREE(MTYPE_TMP, vname);
2923
2924 /* Remove routes imported from "import_vrf". */
2925 /* TODO: In the current logic, we have to first remove all
2926 * imported routes and then (if needed) import back routes
2927 */
2928 vpn_leak_prechange(idir, afi, bgp_get_default(), to_bgp);
2929
2930 if (to_bgp->vpn_policy[afi].import_vrf->count == 0) {
2931 if (!to_bgp->vpn_policy[afi].rmap[idir])
2932 UNSET_FLAG(to_bgp->af_flags[afi][safi],
2933 BGP_CONFIG_VRF_TO_VRF_IMPORT);
2934 if (to_bgp->vpn_policy[afi].rtlist[idir])
2935 ecommunity_free(&to_bgp->vpn_policy[afi].rtlist[idir]);
2936 } else {
2937 ecom = from_bgp->vpn_policy[afi].rtlist[edir];
2938 if (ecom)
2939 ecommunity_del_val(to_bgp->vpn_policy[afi].rtlist[idir],
2940 (struct ecommunity_val *)ecom->val);
2941 vpn_leak_postchange(idir, afi, bgp_get_default(), to_bgp);
2942 }
2943
2944 /*
2945 * What?
2946 * So SA is assuming that since the ALL_LIST_ELEMENTS_RO
2947 * below is checking for NULL that export_vrf can be
2948 * NULL, consequently it is complaining( like a cabbage )
2949 * that we could dereference and crash in the listcount(..)
2950 * check below.
2951 * So make it happy, under protest, with liberty and justice
2952 * for all.
2953 */
2954 assert(from_bgp->vpn_policy[afi].export_vrf);
2955
2956 /* Remove us from "import_vrf's" export list. If no other VRF
2957 * is importing from "import_vrf", cleanup appropriately.
2958 */
2959 for (ALL_LIST_ELEMENTS_RO(from_bgp->vpn_policy[afi].export_vrf,
2960 node, vname)) {
2961 if (strcmp(vname, export_name) == 0)
2962 break;
2963 }
2964
2965 /*
2966 * If we have gotten to this point then the vname must
2967 * exist. If not, we are in a world of trouble and
2968 * have slag sitting around.
2969 *
2970 * import_vrf and export_vrf must match in having
2971 * the in/out names as appropriate.
2972 * export_vrf list could have been cleaned up
2973 * as part of no router bgp source instnace.
2974 */
2975 if (!vname)
2976 return;
2977
2978 listnode_delete(from_bgp->vpn_policy[afi].export_vrf, vname);
2979 XFREE(MTYPE_TMP, vname);
2980
2981 if (!listcount(from_bgp->vpn_policy[afi].export_vrf)) {
2982 vpn_leak_prechange(edir, afi, bgp_get_default(), from_bgp);
2983 ecommunity_free(&from_bgp->vpn_policy[afi].rtlist[edir]);
2984 UNSET_FLAG(from_bgp->af_flags[afi][safi],
2985 BGP_CONFIG_VRF_TO_VRF_EXPORT);
2986 memset(&from_bgp->vpn_policy[afi].tovpn_rd, 0,
2987 sizeof(struct prefix_rd));
2988 UNSET_FLAG(from_bgp->vpn_policy[afi].flags,
2989 BGP_VPN_POLICY_TOVPN_RD_SET);
2990 from_bgp->vpn_policy[afi].tovpn_label = MPLS_LABEL_NONE;
2991
2992 }
2993 }
2994
2995 /* For testing purpose, static route of MPLS-VPN. */
2996 DEFUN (vpnv4_network,
2997 vpnv4_network_cmd,
2998 "network A.B.C.D/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575)",
2999 "Specify a network to announce via BGP\n"
3000 "IPv4 prefix\n"
3001 "Specify Route Distinguisher\n"
3002 "VPN Route Distinguisher\n"
3003 "VPN NLRI label (tag)\n"
3004 "VPN NLRI label (tag)\n"
3005 "Label value\n")
3006 {
3007 int idx_ipv4_prefixlen = 1;
3008 int idx_ext_community = 3;
3009 int idx_label = 5;
3010 return bgp_static_set_safi(
3011 AFI_IP, SAFI_MPLS_VPN, vty, argv[idx_ipv4_prefixlen]->arg,
3012 argv[idx_ext_community]->arg, argv[idx_label]->arg, NULL, 0,
3013 NULL, NULL, NULL, NULL);
3014 }
3015
3016 DEFUN (vpnv4_network_route_map,
3017 vpnv4_network_route_map_cmd,
3018 "network A.B.C.D/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575) route-map RMAP_NAME",
3019 "Specify a network to announce via BGP\n"
3020 "IPv4 prefix\n"
3021 "Specify Route Distinguisher\n"
3022 "VPN Route Distinguisher\n"
3023 "VPN NLRI label (tag)\n"
3024 "VPN NLRI label (tag)\n"
3025 "Label value\n"
3026 "route map\n"
3027 "route map name\n")
3028 {
3029 int idx_ipv4_prefixlen = 1;
3030 int idx_ext_community = 3;
3031 int idx_label = 5;
3032 int idx_word_2 = 7;
3033 return bgp_static_set_safi(
3034 AFI_IP, SAFI_MPLS_VPN, vty, argv[idx_ipv4_prefixlen]->arg,
3035 argv[idx_ext_community]->arg, argv[idx_label]->arg,
3036 argv[idx_word_2]->arg, 0, NULL, NULL, NULL, NULL);
3037 }
3038
3039 /* For testing purpose, static route of MPLS-VPN. */
3040 DEFUN (no_vpnv4_network,
3041 no_vpnv4_network_cmd,
3042 "no network A.B.C.D/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575)",
3043 NO_STR
3044 "Specify a network to announce via BGP\n"
3045 "IPv4 prefix\n"
3046 "Specify Route Distinguisher\n"
3047 "VPN Route Distinguisher\n"
3048 "VPN NLRI label (tag)\n"
3049 "VPN NLRI label (tag)\n"
3050 "Label value\n")
3051 {
3052 int idx_ipv4_prefixlen = 2;
3053 int idx_ext_community = 4;
3054 int idx_label = 6;
3055 return bgp_static_unset_safi(AFI_IP, SAFI_MPLS_VPN, vty,
3056 argv[idx_ipv4_prefixlen]->arg,
3057 argv[idx_ext_community]->arg,
3058 argv[idx_label]->arg, 0, NULL, NULL, NULL);
3059 }
3060
3061 DEFUN (vpnv6_network,
3062 vpnv6_network_cmd,
3063 "network X:X::X:X/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575) [route-map RMAP_NAME]",
3064 "Specify a network to announce via BGP\n"
3065 "IPv6 prefix <network>/<length>, e.g., 3ffe::/16\n"
3066 "Specify Route Distinguisher\n"
3067 "VPN Route Distinguisher\n"
3068 "VPN NLRI label (tag)\n"
3069 "VPN NLRI label (tag)\n"
3070 "Label value\n"
3071 "route map\n"
3072 "route map name\n")
3073 {
3074 int idx_ipv6_prefix = 1;
3075 int idx_ext_community = 3;
3076 int idx_label = 5;
3077 int idx_word_2 = 7;
3078 if (argc == 8)
3079 return bgp_static_set_safi(
3080 AFI_IP6, SAFI_MPLS_VPN, vty, argv[idx_ipv6_prefix]->arg,
3081 argv[idx_ext_community]->arg, argv[idx_label]->arg,
3082 argv[idx_word_2]->arg, 0, NULL, NULL, NULL, NULL);
3083 else
3084 return bgp_static_set_safi(
3085 AFI_IP6, SAFI_MPLS_VPN, vty, argv[idx_ipv6_prefix]->arg,
3086 argv[idx_ext_community]->arg, argv[idx_label]->arg,
3087 NULL, 0, NULL, NULL, NULL, NULL);
3088 }
3089
3090 /* For testing purpose, static route of MPLS-VPN. */
3091 DEFUN (no_vpnv6_network,
3092 no_vpnv6_network_cmd,
3093 "no network X:X::X:X/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575)",
3094 NO_STR
3095 "Specify a network to announce via BGP\n"
3096 "IPv6 prefix <network>/<length>, e.g., 3ffe::/16\n"
3097 "Specify Route Distinguisher\n"
3098 "VPN Route Distinguisher\n"
3099 "VPN NLRI label (tag)\n"
3100 "VPN NLRI label (tag)\n"
3101 "Label value\n")
3102 {
3103 int idx_ipv6_prefix = 2;
3104 int idx_ext_community = 4;
3105 int idx_label = 6;
3106 return bgp_static_unset_safi(AFI_IP6, SAFI_MPLS_VPN, vty,
3107 argv[idx_ipv6_prefix]->arg,
3108 argv[idx_ext_community]->arg,
3109 argv[idx_label]->arg, 0, NULL, NULL, NULL);
3110 }
3111
3112 int bgp_show_mpls_vpn(struct vty *vty, afi_t afi, struct prefix_rd *prd,
3113 enum bgp_show_type type, void *output_arg, int tags,
3114 bool use_json)
3115 {
3116 struct bgp *bgp;
3117 struct bgp_table *table;
3118 uint16_t show_flags = 0;
3119
3120 if (use_json)
3121 SET_FLAG(show_flags, BGP_SHOW_OPT_JSON);
3122
3123 bgp = bgp_get_default();
3124 if (bgp == NULL) {
3125 if (!use_json)
3126 vty_out(vty, "No BGP process is configured\n");
3127 else
3128 vty_out(vty, "{}\n");
3129 return CMD_WARNING;
3130 }
3131 table = bgp->rib[afi][SAFI_MPLS_VPN];
3132 return bgp_show_table_rd(vty, bgp, SAFI_MPLS_VPN, table, prd, type,
3133 output_arg, show_flags);
3134 }
3135
3136 DEFUN (show_bgp_ip_vpn_all_rd,
3137 show_bgp_ip_vpn_all_rd_cmd,
3138 "show bgp "BGP_AFI_CMD_STR" vpn all [rd <ASN:NN_OR_IP-ADDRESS:NN|all>] [json]",
3139 SHOW_STR
3140 BGP_STR
3141 BGP_VPNVX_HELP_STR
3142 "Display VPN NLRI specific information\n"
3143 "Display VPN NLRI specific information\n"
3144 "Display information for a route distinguisher\n"
3145 "VPN Route Distinguisher\n"
3146 "All VPN Route Distinguishers\n"
3147 JSON_STR)
3148 {
3149 int ret;
3150 struct prefix_rd prd;
3151 afi_t afi;
3152 int idx = 0;
3153
3154 if (argv_find_and_parse_afi(argv, argc, &idx, &afi)) {
3155 /* Constrain search if user supplies RD && RD != "all" */
3156 if (argv_find(argv, argc, "rd", &idx)
3157 && strcmp(argv[idx + 1]->arg, "all")) {
3158 ret = str2prefix_rd(argv[idx + 1]->arg, &prd);
3159 if (!ret) {
3160 vty_out(vty,
3161 "%% Malformed Route Distinguisher\n");
3162 return CMD_WARNING;
3163 }
3164 return bgp_show_mpls_vpn(vty, afi, &prd,
3165 bgp_show_type_normal, NULL, 0,
3166 use_json(argc, argv));
3167 } else {
3168 return bgp_show_mpls_vpn(vty, afi, NULL,
3169 bgp_show_type_normal, NULL, 0,
3170 use_json(argc, argv));
3171 }
3172 }
3173 return CMD_SUCCESS;
3174 }
3175
3176 ALIAS(show_bgp_ip_vpn_all_rd,
3177 show_bgp_ip_vpn_rd_cmd,
3178 "show bgp "BGP_AFI_CMD_STR" vpn rd <ASN:NN_OR_IP-ADDRESS:NN|all> [json]",
3179 SHOW_STR
3180 BGP_STR
3181 BGP_VPNVX_HELP_STR
3182 "Display VPN NLRI specific information\n"
3183 "Display information for a route distinguisher\n"
3184 "VPN Route Distinguisher\n"
3185 "All VPN Route Distinguishers\n"
3186 JSON_STR)
3187
3188 #ifdef KEEP_OLD_VPN_COMMANDS
3189 DEFUN (show_ip_bgp_vpn_rd,
3190 show_ip_bgp_vpn_rd_cmd,
3191 "show ip bgp "BGP_AFI_CMD_STR" vpn rd <ASN:NN_OR_IP-ADDRESS:NN|all>",
3192 SHOW_STR
3193 IP_STR
3194 BGP_STR
3195 BGP_AFI_HELP_STR
3196 BGP_AF_MODIFIER_STR
3197 "Display information for a route distinguisher\n"
3198 "VPN Route Distinguisher\n"
3199 "All VPN Route Distinguishers\n")
3200 {
3201 int idx_ext_community = argc - 1;
3202 int ret;
3203 struct prefix_rd prd;
3204 afi_t afi;
3205 int idx = 0;
3206
3207 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
3208 if (!strcmp(argv[idx_ext_community]->arg, "all"))
3209 return bgp_show_mpls_vpn(vty, afi, NULL,
3210 bgp_show_type_normal, NULL, 0,
3211 0);
3212 ret = str2prefix_rd(argv[idx_ext_community]->arg, &prd);
3213 if (!ret) {
3214 vty_out(vty, "%% Malformed Route Distinguisher\n");
3215 return CMD_WARNING;
3216 }
3217 return bgp_show_mpls_vpn(vty, afi, &prd, bgp_show_type_normal,
3218 NULL, 0, 0);
3219 }
3220 return CMD_SUCCESS;
3221 }
3222
3223 DEFUN (show_ip_bgp_vpn_all,
3224 show_ip_bgp_vpn_all_cmd,
3225 "show [ip] bgp <vpnv4|vpnv6>",
3226 SHOW_STR
3227 IP_STR
3228 BGP_STR
3229 BGP_VPNVX_HELP_STR)
3230 {
3231 afi_t afi;
3232 int idx = 0;
3233
3234 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi))
3235 return bgp_show_mpls_vpn(vty, afi, NULL, bgp_show_type_normal,
3236 NULL, 0, 0);
3237 return CMD_SUCCESS;
3238 }
3239
3240 DEFUN (show_ip_bgp_vpn_all_tags,
3241 show_ip_bgp_vpn_all_tags_cmd,
3242 "show [ip] bgp <vpnv4|vpnv6> all tags",
3243 SHOW_STR
3244 IP_STR
3245 BGP_STR
3246 BGP_VPNVX_HELP_STR
3247 "Display information about all VPNv4/VPNV6 NLRIs\n"
3248 "Display BGP tags for prefixes\n")
3249 {
3250 afi_t afi;
3251 int idx = 0;
3252
3253 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi))
3254 return bgp_show_mpls_vpn(vty, afi, NULL, bgp_show_type_normal,
3255 NULL, 1, 0);
3256 return CMD_SUCCESS;
3257 }
3258
3259 DEFUN (show_ip_bgp_vpn_rd_tags,
3260 show_ip_bgp_vpn_rd_tags_cmd,
3261 "show [ip] bgp <vpnv4|vpnv6> rd <ASN:NN_OR_IP-ADDRESS:NN|all> tags",
3262 SHOW_STR
3263 IP_STR
3264 BGP_STR
3265 BGP_VPNVX_HELP_STR
3266 "Display information for a route distinguisher\n"
3267 "VPN Route Distinguisher\n"
3268 "All VPN Route Distinguishers\n"
3269 "Display BGP tags for prefixes\n")
3270 {
3271 int idx_ext_community = 5;
3272 int ret;
3273 struct prefix_rd prd;
3274 afi_t afi;
3275 int idx = 0;
3276
3277 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
3278 if (!strcmp(argv[idx_ext_community]->arg, "all"))
3279 return bgp_show_mpls_vpn(vty, afi, NULL,
3280 bgp_show_type_normal, NULL, 1,
3281 0);
3282 ret = str2prefix_rd(argv[idx_ext_community]->arg, &prd);
3283 if (!ret) {
3284 vty_out(vty, "%% Malformed Route Distinguisher\n");
3285 return CMD_WARNING;
3286 }
3287 return bgp_show_mpls_vpn(vty, afi, &prd, bgp_show_type_normal,
3288 NULL, 1, 0);
3289 }
3290 return CMD_SUCCESS;
3291 }
3292
3293 DEFUN (show_ip_bgp_vpn_all_neighbor_routes,
3294 show_ip_bgp_vpn_all_neighbor_routes_cmd,
3295 "show [ip] bgp <vpnv4|vpnv6> all neighbors A.B.C.D routes [json]",
3296 SHOW_STR
3297 IP_STR
3298 BGP_STR
3299 BGP_VPNVX_HELP_STR
3300 "Display information about all VPNv4/VPNv6 NLRIs\n"
3301 "Detailed information on TCP and BGP neighbor connections\n"
3302 "Neighbor to display information about\n"
3303 "Display routes learned from neighbor\n"
3304 JSON_STR)
3305 {
3306 int idx_ipv4 = 6;
3307 union sockunion su;
3308 struct peer *peer;
3309 int ret;
3310 bool uj = use_json(argc, argv);
3311 afi_t afi;
3312 int idx = 0;
3313
3314 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
3315 ret = str2sockunion(argv[idx_ipv4]->arg, &su);
3316 if (ret < 0) {
3317 if (uj) {
3318 json_object *json_no = NULL;
3319 json_no = json_object_new_object();
3320 json_object_string_add(json_no, "warning",
3321 "Malformed address");
3322 vty_out(vty, "%s\n",
3323 json_object_to_json_string(json_no));
3324 json_object_free(json_no);
3325 } else
3326 vty_out(vty, "Malformed address: %s\n",
3327 argv[idx_ipv4]->arg);
3328 return CMD_WARNING;
3329 }
3330
3331 peer = peer_lookup(NULL, &su);
3332 if (!peer || !peer->afc[afi][SAFI_MPLS_VPN]) {
3333 if (uj) {
3334 json_object *json_no = NULL;
3335 json_no = json_object_new_object();
3336 json_object_string_add(
3337 json_no, "warning",
3338 "No such neighbor or address family");
3339 vty_out(vty, "%s\n",
3340 json_object_to_json_string(json_no));
3341 json_object_free(json_no);
3342 } else
3343 vty_out(vty,
3344 "%% No such neighbor or address family\n");
3345 return CMD_WARNING;
3346 }
3347
3348 return bgp_show_mpls_vpn(vty, afi, NULL, bgp_show_type_neighbor,
3349 &su, 0, uj);
3350 }
3351 return CMD_SUCCESS;
3352 }
3353
3354 DEFUN (show_ip_bgp_vpn_rd_neighbor_routes,
3355 show_ip_bgp_vpn_rd_neighbor_routes_cmd,
3356 "show [ip] bgp <vpnv4|vpnv6> rd <ASN:NN_OR_IP-ADDRESS:NN|all> neighbors A.B.C.D routes [json]",
3357 SHOW_STR
3358 IP_STR
3359 BGP_STR
3360 BGP_VPNVX_HELP_STR
3361 "Display information for a route distinguisher\n"
3362 "VPN Route Distinguisher\n"
3363 "All VPN Route Distinguishers\n"
3364 "Detailed information on TCP and BGP neighbor connections\n"
3365 "Neighbor to display information about\n"
3366 "Display routes learned from neighbor\n"
3367 JSON_STR)
3368 {
3369 int idx_ext_community = 5;
3370 int idx_ipv4 = 7;
3371 int ret;
3372 union sockunion su;
3373 struct peer *peer;
3374 struct prefix_rd prd;
3375 bool prefix_rd_all = false;
3376 bool uj = use_json(argc, argv);
3377 afi_t afi;
3378 int idx = 0;
3379
3380 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
3381 if (!strcmp(argv[idx_ext_community]->arg, "all"))
3382 prefix_rd_all = true;
3383 else {
3384 ret = str2prefix_rd(argv[idx_ext_community]->arg, &prd);
3385 if (!ret) {
3386 if (uj) {
3387 json_object *json_no = NULL;
3388 json_no = json_object_new_object();
3389 json_object_string_add(
3390 json_no, "warning",
3391 "Malformed Route Distinguisher");
3392 vty_out(vty, "%s\n",
3393 json_object_to_json_string(
3394 json_no));
3395 json_object_free(json_no);
3396 } else
3397 vty_out(vty,
3398 "%% Malformed Route Distinguisher\n");
3399 return CMD_WARNING;
3400 }
3401 }
3402
3403 ret = str2sockunion(argv[idx_ipv4]->arg, &su);
3404 if (ret < 0) {
3405 if (uj) {
3406 json_object *json_no = NULL;
3407 json_no = json_object_new_object();
3408 json_object_string_add(json_no, "warning",
3409 "Malformed address");
3410 vty_out(vty, "%s\n",
3411 json_object_to_json_string(json_no));
3412 json_object_free(json_no);
3413 } else
3414 vty_out(vty, "Malformed address: %s\n",
3415 argv[idx_ext_community]->arg);
3416 return CMD_WARNING;
3417 }
3418
3419 peer = peer_lookup(NULL, &su);
3420 if (!peer || !peer->afc[afi][SAFI_MPLS_VPN]) {
3421 if (uj) {
3422 json_object *json_no = NULL;
3423 json_no = json_object_new_object();
3424 json_object_string_add(
3425 json_no, "warning",
3426 "No such neighbor or address family");
3427 vty_out(vty, "%s\n",
3428 json_object_to_json_string(json_no));
3429 json_object_free(json_no);
3430 } else
3431 vty_out(vty,
3432 "%% No such neighbor or address family\n");
3433 return CMD_WARNING;
3434 }
3435
3436 if (prefix_rd_all)
3437 return bgp_show_mpls_vpn(vty, afi, NULL,
3438 bgp_show_type_neighbor, &su, 0,
3439 uj);
3440 else
3441 return bgp_show_mpls_vpn(vty, afi, &prd,
3442 bgp_show_type_neighbor, &su, 0,
3443 uj);
3444 }
3445 return CMD_SUCCESS;
3446 }
3447
3448 DEFUN (show_ip_bgp_vpn_all_neighbor_advertised_routes,
3449 show_ip_bgp_vpn_all_neighbor_advertised_routes_cmd,
3450 "show [ip] bgp <vpnv4|vpnv6> all neighbors A.B.C.D advertised-routes [json]",
3451 SHOW_STR
3452 IP_STR
3453 BGP_STR
3454 BGP_VPNVX_HELP_STR
3455 "Display information about all VPNv4/VPNv6 NLRIs\n"
3456 "Detailed information on TCP and BGP neighbor connections\n"
3457 "Neighbor to display information about\n"
3458 "Display the routes advertised to a BGP neighbor\n"
3459 JSON_STR)
3460 {
3461 int idx_ipv4 = 6;
3462 int ret;
3463 struct peer *peer;
3464 union sockunion su;
3465 bool uj = use_json(argc, argv);
3466 afi_t afi;
3467 int idx = 0;
3468
3469 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
3470 ret = str2sockunion(argv[idx_ipv4]->arg, &su);
3471 if (ret < 0) {
3472 if (uj) {
3473 json_object *json_no = NULL;
3474 json_no = json_object_new_object();
3475 json_object_string_add(json_no, "warning",
3476 "Malformed address");
3477 vty_out(vty, "%s\n",
3478 json_object_to_json_string(json_no));
3479 json_object_free(json_no);
3480 } else
3481 vty_out(vty, "Malformed address: %s\n",
3482 argv[idx_ipv4]->arg);
3483 return CMD_WARNING;
3484 }
3485 peer = peer_lookup(NULL, &su);
3486 if (!peer || !peer->afc[afi][SAFI_MPLS_VPN]) {
3487 if (uj) {
3488 json_object *json_no = NULL;
3489 json_no = json_object_new_object();
3490 json_object_string_add(
3491 json_no, "warning",
3492 "No such neighbor or address family");
3493 vty_out(vty, "%s\n",
3494 json_object_to_json_string(json_no));
3495 json_object_free(json_no);
3496 } else
3497 vty_out(vty,
3498 "%% No such neighbor or address family\n");
3499 return CMD_WARNING;
3500 }
3501 return show_adj_route_vpn(vty, peer, NULL, AFI_IP,
3502 SAFI_MPLS_VPN, uj);
3503 }
3504 return CMD_SUCCESS;
3505 }
3506
3507 DEFUN (show_ip_bgp_vpn_rd_neighbor_advertised_routes,
3508 show_ip_bgp_vpn_rd_neighbor_advertised_routes_cmd,
3509 "show [ip] bgp <vpnv4|vpnv6> rd <ASN:NN_OR_IP-ADDRESS:NN|all> neighbors A.B.C.D advertised-routes [json]",
3510 SHOW_STR
3511 IP_STR
3512 BGP_STR
3513 BGP_VPNVX_HELP_STR
3514 "Display information for a route distinguisher\n"
3515 "VPN Route Distinguisher\n"
3516 "All VPN Route Distinguishers\n"
3517 "Detailed information on TCP and BGP neighbor connections\n"
3518 "Neighbor to display information about\n"
3519 "Display the routes advertised to a BGP neighbor\n"
3520 JSON_STR)
3521 {
3522 int idx_ext_community = 5;
3523 int idx_ipv4 = 7;
3524 int ret;
3525 struct peer *peer;
3526 struct prefix_rd prd;
3527 union sockunion su;
3528 bool uj = use_json(argc, argv);
3529 afi_t afi;
3530 int idx = 0;
3531
3532 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
3533 ret = str2sockunion(argv[idx_ipv4]->arg, &su);
3534 if (ret < 0) {
3535 if (uj) {
3536 json_object *json_no = NULL;
3537 json_no = json_object_new_object();
3538 json_object_string_add(json_no, "warning",
3539 "Malformed address");
3540 vty_out(vty, "%s\n",
3541 json_object_to_json_string(json_no));
3542 json_object_free(json_no);
3543 } else
3544 vty_out(vty, "Malformed address: %s\n",
3545 argv[idx_ext_community]->arg);
3546 return CMD_WARNING;
3547 }
3548 peer = peer_lookup(NULL, &su);
3549 if (!peer || !peer->afc[afi][SAFI_MPLS_VPN]) {
3550 if (uj) {
3551 json_object *json_no = NULL;
3552 json_no = json_object_new_object();
3553 json_object_string_add(
3554 json_no, "warning",
3555 "No such neighbor or address family");
3556 vty_out(vty, "%s\n",
3557 json_object_to_json_string(json_no));
3558 json_object_free(json_no);
3559 } else
3560 vty_out(vty,
3561 "%% No such neighbor or address family\n");
3562 return CMD_WARNING;
3563 }
3564
3565 if (!strcmp(argv[idx_ext_community]->arg, "all"))
3566 return show_adj_route_vpn(vty, peer, NULL, AFI_IP,
3567 SAFI_MPLS_VPN, uj);
3568 ret = str2prefix_rd(argv[idx_ext_community]->arg, &prd);
3569 if (!ret) {
3570 if (uj) {
3571 json_object *json_no = NULL;
3572 json_no = json_object_new_object();
3573 json_object_string_add(
3574 json_no, "warning",
3575 "Malformed Route Distinguisher");
3576 vty_out(vty, "%s\n",
3577 json_object_to_json_string(json_no));
3578 json_object_free(json_no);
3579 } else
3580 vty_out(vty,
3581 "%% Malformed Route Distinguisher\n");
3582 return CMD_WARNING;
3583 }
3584
3585 return show_adj_route_vpn(vty, peer, &prd, AFI_IP,
3586 SAFI_MPLS_VPN, uj);
3587 }
3588 return CMD_SUCCESS;
3589 }
3590 #endif /* KEEP_OLD_VPN_COMMANDS */
3591
3592 void bgp_mplsvpn_init(void)
3593 {
3594 install_element(BGP_VPNV4_NODE, &vpnv4_network_cmd);
3595 install_element(BGP_VPNV4_NODE, &vpnv4_network_route_map_cmd);
3596 install_element(BGP_VPNV4_NODE, &no_vpnv4_network_cmd);
3597
3598 install_element(BGP_VPNV6_NODE, &vpnv6_network_cmd);
3599 install_element(BGP_VPNV6_NODE, &no_vpnv6_network_cmd);
3600
3601 install_element(VIEW_NODE, &show_bgp_ip_vpn_all_rd_cmd);
3602 install_element(VIEW_NODE, &show_bgp_ip_vpn_rd_cmd);
3603 #ifdef KEEP_OLD_VPN_COMMANDS
3604 install_element(VIEW_NODE, &show_ip_bgp_vpn_rd_cmd);
3605 install_element(VIEW_NODE, &show_ip_bgp_vpn_all_cmd);
3606 install_element(VIEW_NODE, &show_ip_bgp_vpn_all_tags_cmd);
3607 install_element(VIEW_NODE, &show_ip_bgp_vpn_rd_tags_cmd);
3608 install_element(VIEW_NODE, &show_ip_bgp_vpn_all_neighbor_routes_cmd);
3609 install_element(VIEW_NODE, &show_ip_bgp_vpn_rd_neighbor_routes_cmd);
3610 install_element(VIEW_NODE,
3611 &show_ip_bgp_vpn_all_neighbor_advertised_routes_cmd);
3612 install_element(VIEW_NODE,
3613 &show_ip_bgp_vpn_rd_neighbor_advertised_routes_cmd);
3614 #endif /* KEEP_OLD_VPN_COMMANDS */
3615 }
3616
3617 vrf_id_t get_first_vrf_for_redirect_with_rt(struct ecommunity *eckey)
3618 {
3619 struct listnode *mnode, *mnnode;
3620 struct bgp *bgp;
3621 afi_t afi = AFI_IP;
3622
3623 if (eckey->unit_size == IPV6_ECOMMUNITY_SIZE)
3624 afi = AFI_IP6;
3625
3626 for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp)) {
3627 struct ecommunity *ec;
3628
3629 if (bgp->inst_type != BGP_INSTANCE_TYPE_VRF)
3630 continue;
3631
3632 ec = bgp->vpn_policy[afi].import_redirect_rtlist;
3633
3634 if (ec && eckey->unit_size != ec->unit_size)
3635 continue;
3636
3637 if (ecommunity_include(ec, eckey))
3638 return bgp->vrf_id;
3639 }
3640 return VRF_UNKNOWN;
3641 }
3642
3643 /*
3644 * The purpose of this function is to process leaks that were deferred
3645 * from earlier per-vrf configuration due to not-yet-existing default
3646 * vrf, in other words, configuration such as:
3647 *
3648 * router bgp MMM vrf FOO
3649 * address-family ipv4 unicast
3650 * rd vpn export 1:1
3651 * exit-address-family
3652 *
3653 * router bgp NNN
3654 * ...
3655 *
3656 * This function gets called when the default instance ("router bgp NNN")
3657 * is created.
3658 */
3659 void vpn_leak_postchange_all(void)
3660 {
3661 struct listnode *next;
3662 struct bgp *bgp;
3663 struct bgp *bgp_default = bgp_get_default();
3664
3665 assert(bgp_default);
3666
3667 /* First, do any exporting from VRFs to the single VPN RIB */
3668 for (ALL_LIST_ELEMENTS_RO(bm->bgp, next, bgp)) {
3669
3670 if (bgp->inst_type != BGP_INSTANCE_TYPE_VRF)
3671 continue;
3672
3673 vpn_leak_postchange(
3674 BGP_VPN_POLICY_DIR_TOVPN,
3675 AFI_IP,
3676 bgp_default,
3677 bgp);
3678
3679 vpn_leak_postchange(
3680 BGP_VPN_POLICY_DIR_TOVPN,
3681 AFI_IP6,
3682 bgp_default,
3683 bgp);
3684 }
3685
3686 /* Now, do any importing to VRFs from the single VPN RIB */
3687 for (ALL_LIST_ELEMENTS_RO(bm->bgp, next, bgp)) {
3688
3689 if (bgp->inst_type != BGP_INSTANCE_TYPE_VRF)
3690 continue;
3691
3692 vpn_leak_postchange(
3693 BGP_VPN_POLICY_DIR_FROMVPN,
3694 AFI_IP,
3695 bgp_default,
3696 bgp);
3697
3698 vpn_leak_postchange(
3699 BGP_VPN_POLICY_DIR_FROMVPN,
3700 AFI_IP6,
3701 bgp_default,
3702 bgp);
3703 }
3704 }
3705
3706 /* When a bgp vrf instance is unconfigured, remove its routes
3707 * from the VPN table and this vrf could be importing routes from other
3708 * bgp vrf instnaces, unimport them.
3709 * VRF X and VRF Y are exporting routes to each other.
3710 * When VRF X is deleted, unimport its routes from all target vrfs,
3711 * also VRF Y should unimport its routes from VRF X table.
3712 * This will ensure VPN table is cleaned up appropriately.
3713 */
3714 void bgp_vpn_leak_unimport(struct bgp *from_bgp)
3715 {
3716 struct bgp *to_bgp;
3717 const char *tmp_name;
3718 char *vname;
3719 struct listnode *node, *next;
3720 safi_t safi = SAFI_UNICAST;
3721 afi_t afi;
3722 bool is_vrf_leak_bind;
3723 int debug;
3724
3725 if (from_bgp->inst_type != BGP_INSTANCE_TYPE_VRF)
3726 return;
3727
3728 debug = (BGP_DEBUG(vpn, VPN_LEAK_TO_VRF) |
3729 BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF));
3730
3731 tmp_name = from_bgp->name ? from_bgp->name : VRF_DEFAULT_NAME;
3732
3733 for (afi = 0; afi < AFI_MAX; ++afi) {
3734 /* vrf leak is for IPv4 and IPv6 Unicast only */
3735 if (afi != AFI_IP && afi != AFI_IP6)
3736 continue;
3737
3738 for (ALL_LIST_ELEMENTS_RO(bm->bgp, next, to_bgp)) {
3739 if (from_bgp == to_bgp)
3740 continue;
3741
3742 /* Unimport and remove source vrf from the
3743 * other vrfs import list.
3744 */
3745 struct vpn_policy *to_vpolicy;
3746
3747 is_vrf_leak_bind = false;
3748 to_vpolicy = &(to_bgp->vpn_policy[afi]);
3749 for (ALL_LIST_ELEMENTS_RO(to_vpolicy->import_vrf, node,
3750 vname)) {
3751 if (strcmp(vname, tmp_name) == 0) {
3752 is_vrf_leak_bind = true;
3753 break;
3754 }
3755 }
3756 /* skip this bgp instance as there is no leak to this
3757 * vrf instance.
3758 */
3759 if (!is_vrf_leak_bind)
3760 continue;
3761
3762 if (debug)
3763 zlog_debug("%s: unimport routes from %s to_bgp %s afi %s import vrfs count %u",
3764 __func__, from_bgp->name_pretty,
3765 to_bgp->name_pretty, afi2str(afi),
3766 to_vpolicy->import_vrf->count);
3767
3768 vrf_unimport_from_vrf(to_bgp, from_bgp, afi, safi);
3769
3770 /* readd vrf name as unimport removes import vrf name
3771 * from the destination vrf's import list where the
3772 * `import vrf` configuration still exist.
3773 */
3774 vname = XSTRDUP(MTYPE_TMP, tmp_name);
3775 listnode_add(to_bgp->vpn_policy[afi].import_vrf,
3776 vname);
3777 SET_FLAG(to_bgp->af_flags[afi][safi],
3778 BGP_CONFIG_VRF_TO_VRF_IMPORT);
3779
3780 /* If to_bgp exports its routes to the bgp vrf
3781 * which is being deleted, un-import the
3782 * to_bgp routes from VPN.
3783 */
3784 for (ALL_LIST_ELEMENTS_RO(to_bgp->vpn_policy[afi]
3785 .export_vrf, node,
3786 vname)) {
3787 if (strcmp(vname, tmp_name) == 0) {
3788 vrf_unimport_from_vrf(from_bgp, to_bgp,
3789 afi, safi);
3790 break;
3791 }
3792 }
3793 }
3794 }
3795 return;
3796 }
3797
3798 /* When a router bgp is configured, there could be a bgp vrf
3799 * instance importing routes from this newly configured
3800 * bgp vrf instance. Export routes from configured
3801 * bgp vrf to VPN.
3802 * VRF Y has import from bgp vrf x,
3803 * when a bgp vrf x instance is created, export its routes
3804 * to VRF Y instance.
3805 */
3806 void bgp_vpn_leak_export(struct bgp *from_bgp)
3807 {
3808 afi_t afi;
3809 const char *export_name;
3810 char *vname;
3811 struct listnode *node, *next;
3812 struct ecommunity *ecom;
3813 enum vpn_policy_direction idir, edir;
3814 safi_t safi = SAFI_UNICAST;
3815 struct bgp *to_bgp;
3816 int debug;
3817
3818 debug = (BGP_DEBUG(vpn, VPN_LEAK_TO_VRF) |
3819 BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF));
3820
3821 idir = BGP_VPN_POLICY_DIR_FROMVPN;
3822 edir = BGP_VPN_POLICY_DIR_TOVPN;
3823
3824 export_name = from_bgp->name ? from_bgp->name : VRF_DEFAULT_NAME;
3825
3826 for (afi = 0; afi < AFI_MAX; ++afi) {
3827 /* vrf leak is for IPv4 and IPv6 Unicast only */
3828 if (afi != AFI_IP && afi != AFI_IP6)
3829 continue;
3830
3831 for (ALL_LIST_ELEMENTS_RO(bm->bgp, next, to_bgp)) {
3832 if (from_bgp == to_bgp)
3833 continue;
3834
3835 /* bgp instance has import list, check to see if newly
3836 * configured bgp instance is the list.
3837 */
3838 struct vpn_policy *to_vpolicy;
3839
3840 to_vpolicy = &(to_bgp->vpn_policy[afi]);
3841 for (ALL_LIST_ELEMENTS_RO(to_vpolicy->import_vrf,
3842 node, vname)) {
3843 if (strcmp(vname, export_name) != 0)
3844 continue;
3845
3846 if (debug)
3847 zlog_debug("%s: found from_bgp %s in to_bgp %s import list, import routes.",
3848 __func__,
3849 export_name, to_bgp->name_pretty);
3850
3851 ecom = from_bgp->vpn_policy[afi].rtlist[edir];
3852 /* remove import rt, it will be readded
3853 * as part of import from vrf.
3854 */
3855 if (ecom)
3856 ecommunity_del_val(
3857 to_vpolicy->rtlist[idir],
3858 (struct ecommunity_val *)
3859 ecom->val);
3860 vrf_import_from_vrf(to_bgp, from_bgp,
3861 afi, safi);
3862 break;
3863
3864 }
3865 }
3866 }
3867 }
FRRouting mirror