proxmox-mirrors/mirror_frr
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_frr synced 2025-08-07 22:29:23 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Enable "bgp network import-check exact" by default. Without this it is

Browse Source 
very easy to blackhole routes.

Signed-off-by: Daniel Walton <dwalton@cumulusnetworks.com>
Reviewed-by:   Donald Sharp <sharpd@cumulusnetworks.com>

Ticket: CM-6649
This commit is contained in:
Daniel Walton 2015-10-20 21:57:09 +00:00
parent 8e0d00896f
commit 5623e905f2
4 changed files with 11 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
bgpd/bgp_nht.c
View File

@ -175,14 +175,14 @@ bgp_find_or_add_nexthop (struct bgp *bgp, afi_t afi, struct bgp_info *ri,
SET_FLAG(bnc->flags, BGP_STATIC_ROUTE); SET_FLAG(bnc->flags, BGP_STATIC_ROUTE);
/* If we're toggling the type, re-register */ /* If we're toggling the type, re-register */
if ((bgp_flag_check(bgp, BGP_FLAG_IMPORT_CHECK_EXACT_MATCH)) && if ((bgp_flag_check(bgp, BGP_FLAG_IMPORT_CHECK)) &&
!CHECK_FLAG(bnc->flags, BGP_STATIC_ROUTE_EXACT_MATCH)) !CHECK_FLAG(bnc->flags, BGP_STATIC_ROUTE_EXACT_MATCH))
{ {
SET_FLAG(bnc->flags, BGP_STATIC_ROUTE_EXACT_MATCH); SET_FLAG(bnc->flags, BGP_STATIC_ROUTE_EXACT_MATCH);
UNSET_FLAG(bnc->flags, BGP_NEXTHOP_REGISTERED); UNSET_FLAG(bnc->flags, BGP_NEXTHOP_REGISTERED);
UNSET_FLAG(bnc->flags, BGP_NEXTHOP_VALID); UNSET_FLAG(bnc->flags, BGP_NEXTHOP_VALID);
} }
else if ((!bgp_flag_check(bgp, BGP_FLAG_IMPORT_CHECK_EXACT_MATCH)) && else if ((!bgp_flag_check(bgp, BGP_FLAG_IMPORT_CHECK)) &&
CHECK_FLAG(bnc->flags, BGP_STATIC_ROUTE_EXACT_MATCH)) CHECK_FLAG(bnc->flags, BGP_STATIC_ROUTE_EXACT_MATCH))
{ {
UNSET_FLAG(bnc->flags, BGP_STATIC_ROUTE_EXACT_MATCH); UNSET_FLAG(bnc->flags, BGP_STATIC_ROUTE_EXACT_MATCH);

29
bgpd/bgp_vty.c
View File

@ -2153,45 +2153,26 @@ DEFUN (no_bgp_default_show_hostname,
/* "bgp import-check" configuration. */ /* "bgp import-check" configuration. */
DEFUN (bgp_network_import_check, DEFUN (bgp_network_import_check,
bgp_network_import_check_cmd, bgp_network_import_check_cmd,
"bgp network import-check {exact}", "bgp network import-check",
"BGP specific commands\n" "BGP specific commands\n"
"BGP network command\n" "BGP network command\n"
"Check BGP network route exists in IGP\n" "Check BGP network route exists in IGP\n")
"Match route precisely")
{ {
struct bgp *bgp; struct bgp *bgp;
int trigger = 0;
bgp = vty->index; bgp = vty->index;
if (!bgp_flag_check(bgp, BGP_FLAG_IMPORT_CHECK)) if (!bgp_flag_check(bgp, BGP_FLAG_IMPORT_CHECK))
{ {
bgp_flag_set (bgp, BGP_FLAG_IMPORT_CHECK); bgp_flag_set (bgp, BGP_FLAG_IMPORT_CHECK);
trigger = 1;
}
if (argv[0] != NULL)
{
if (!bgp_flag_check(bgp, BGP_FLAG_IMPORT_CHECK_EXACT_MATCH))
{
bgp_flag_set (bgp, BGP_FLAG_IMPORT_CHECK_EXACT_MATCH);
trigger = 1;
}
}
else if (bgp_flag_check(bgp, BGP_FLAG_IMPORT_CHECK_EXACT_MATCH))
{
bgp_flag_unset (bgp, BGP_FLAG_IMPORT_CHECK_EXACT_MATCH);
trigger = 1;
}
if (trigger)
bgp_static_redo_import_check(bgp); bgp_static_redo_import_check(bgp);
}
return CMD_SUCCESS; return CMD_SUCCESS;
} }
DEFUN (no_bgp_network_import_check, DEFUN (no_bgp_network_import_check,
no_bgp_network_import_check_cmd, no_bgp_network_import_check_cmd,
"no bgp network import-check {exact}", "no bgp network import-check",
NO_STR NO_STR
"BGP specific commands\n" "BGP specific commands\n"
"BGP network command\n" "BGP network command\n"
@ -2203,9 +2184,9 @@ DEFUN (no_bgp_network_import_check,
if (bgp_flag_check(bgp, BGP_FLAG_IMPORT_CHECK)) if (bgp_flag_check(bgp, BGP_FLAG_IMPORT_CHECK))
{ {
bgp_flag_unset (bgp, BGP_FLAG_IMPORT_CHECK); bgp_flag_unset (bgp, BGP_FLAG_IMPORT_CHECK);
bgp_flag_unset (bgp, BGP_FLAG_IMPORT_CHECK_EXACT_MATCH);
bgp_static_redo_import_check(bgp); bgp_static_redo_import_check(bgp);
} }
return CMD_SUCCESS; return CMD_SUCCESS;
} }

7
bgpd/bgpd.c
View File

@ -2698,6 +2698,7 @@ bgp_create (as_t *as, const char *name)
bgp->stalepath_time = BGP_DEFAULT_STALEPATH_TIME; bgp->stalepath_time = BGP_DEFAULT_STALEPATH_TIME;
bgp->dynamic_neighbors_limit = BGP_DYNAMIC_NEIGHBORS_LIMIT_DEFAULT; bgp->dynamic_neighbors_limit = BGP_DYNAMIC_NEIGHBORS_LIMIT_DEFAULT;
bgp->dynamic_neighbors_count = 0; bgp->dynamic_neighbors_count = 0;
bgp_flag_set (bgp, BGP_FLAG_IMPORT_CHECK);
bgp->as = *as; bgp->as = *as;
@ -6792,10 +6793,8 @@ bgp_config_write (struct vty *vty)
} }
/* BGP network import check. */ /* BGP network import check. */
if (bgp_flag_check (bgp, BGP_FLAG_IMPORT_CHECK_EXACT_MATCH)) if (!bgp_flag_check (bgp, BGP_FLAG_IMPORT_CHECK))
vty_out (vty, " bgp network import-check exact%s", VTY_NEWLINE); vty_out (vty, " no bgp network import-check%s", VTY_NEWLINE);
else if (bgp_flag_check (bgp, BGP_FLAG_IMPORT_CHECK))
vty_out (vty, " bgp network import-check%s", VTY_NEWLINE);
/* BGP flag dampening. */ /* BGP flag dampening. */
if (CHECK_FLAG (bgp->af_flags[AFI_IP][SAFI_UNICAST], if (CHECK_FLAG (bgp->af_flags[AFI_IP][SAFI_UNICAST],

3
bgpd/bgpd.h
View File

@ -255,8 +255,7 @@ struct bgp
#define BGP_FLAG_DISABLE_NH_CONNECTED_CHK (1 << 16) #define BGP_FLAG_DISABLE_NH_CONNECTED_CHK (1 << 16)
#define BGP_FLAG_MULTIPATH_RELAX_NO_AS_SET (1 << 17) #define BGP_FLAG_MULTIPATH_RELAX_NO_AS_SET (1 << 17)
#define BGP_FLAG_FORCE_STATIC_PROCESS (1 << 18) #define BGP_FLAG_FORCE_STATIC_PROCESS (1 << 18)
#define BGP_FLAG_IMPORT_CHECK_EXACT_MATCH (1 << 19) #define BGP_FLAG_SHOW_HOSTNAME (1 << 19)
#define BGP_FLAG_SHOW_HOSTNAME (1 << 20)
/* BGP Per AF flags */ /* BGP Per AF flags */
u_int16_t af_flags[AFI_MAX][SAFI_MAX]; u_int16_t af_flags[AFI_MAX][SAFI_MAX];