The ->hash_cmp and linked list ->cmp functions were sometimes
being used interchangeably and this really is not a good
thing. So let's modify the hash_cmp function pointer to return
a boolean and convert everything to use the new syntax.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Do a straight conversion of `struct bgp_info` to `struct bgp_path_info`.
This commit will setup the rename of variables as well.
This is being done because `struct bgp_info` is not descriptive
of what this data actually is. It is path information for routes
that we keep to build the actual routes nexthops plus some extra
information.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
There were checks for null pointer after being dereferenced. Checks have
been removed (we've discussed the no need of adding assert()'s because
of similar code not requiring them).
Signed-off-by: F. Aragon <paco@voltanet.io>
When adding an entry, a check is done in order to flush previously
configured entries. The whole parameters are checked so as to not remove
some entries that have ipset entries equal, but not iptable settings.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Instead of relying on jhash_1word for some parameters that are not 32
bit size, the jash(pointer, len) function is used.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Because one flowspec entry can create 1-N bgp pbr entries, the list is
now updated and visible. Also, because the bgp_extra structure is used,
this list is flushed when the bgp_extra structure is deleted.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
This commit removes various parts of the bgpd implementation code which
are unused/useless, e.g. unused functions, unused variable
initializations, unused structs, ...
Signed-off-by: Pascal Mathis <mail@pascalmathis.com>
Some values for icmp type/code can not be encoded like port source or
port destination. This is the case of 0 value that is authorized for
icmp.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
As the other enumerate list, icmp type and code are handled as the other
combinations. The icmp type and code options are the last options to be
injected into PBR. If icmp type is present only, all the filtering will
apply to this icmp type. if icmp code is present only, then all the
combination will be done with icmp type ranging from 0 to 255 values.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
The recursive algorithm was taking into account the fact that all the
bpof structures were filled in. Because the dscp value was not given,
the pkt_len parsing could not be achieved. Now the iteration takes into
account each type according to the previous one, thus guaranting all
parameters to be parsed.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
The flowspec fragment attribute is taken into account to be pushed in
BGP policy routing entries. Valid values are enumerate list of 1, 2, 4,
or 8 values. no combined value is supported yet.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
As fragment bitmask and tcpflags bitmask in flowspec protocol is encoded
in the same way, it is not necessary to differentiate those two fields.
Moreover, it overrides the initial fragment limit set to 1. It is now
possible to handle multiple framgent values.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
The packet length can be injected from fs entry with an enumerate list;
the negation of the value is also taken into account.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
So as to add or remove entries with flowspec or operations like tcp
flags or dscp enum list, a mechanism is put in place that adds
recursivity.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
If one dscp value or an enumerate list of or values of dscp are
provided, then the bgp pbr entries created will take into account the
dscp values.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Before adding/removing to zebra, flowspec entries parses the list of
combinations or avaialble and creates contexts in order to be injected
to zebra.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
tcp flags combinations ( or enumerates) are hosted in a structure that
will be analysed later, when wanting to inject that information to
zebra.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
The flowspec enumerate list can either be and values or or values.
In the latter case, a list is created that will be used later.
Also, the API supports the check for both and or or operations. This API
does not permit to handle both and and or operations at the same time.
The list will have to be either and or or. An other API retrieves the
operator unary value that is used: and or or. or 0 is the two operators
are used at the same time.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Because the Flowspec entries are parsed first, then injected to Zebra,
there are cases where the install feedback from zebra is not received.
This leads to unnecessary add route events, whereas one should be
enough.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Those flags can be shared between BGP and Zebra. That is why
those flags are moved to common pbr.h header file.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
To handle FS params between FS RIB and BGP PBR entities, a structure
intermediate named bgp_pbr_filter is used, and contains all filtering
information that was before passed as a parameter.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
To know which entry is set/unset, a debug handler is present, that
displays which entry is injected/removed to/from zebra.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
It is possible for flowspec entries containing ICMP rule to insert PBR
entries based on ICMP type and ICMP code.
Flowspec ICMP filtering can either have icmp type or icmp code or both.
Not all combinations are permitted:
- if icmp code is provided, then it is not possible to derive the
correct icmp value. This will not be installed
- range of ICMP is authorised or list of ICMP, but not both.
- on receiving a list of ICMPtype/code, each ICMP type is attempted to
be associated to ICMP code. If not found, then ICMPtype is combined
with all known ICMP code values associated to that ICMP type.
- if a specific ICMP type/code is needed, despite the ICMP code/type
combination does not exist, then it is possible to do it by forging a
FS ICMP type/code specific for that.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
The if statement had a second instance of the same variable
to test as part of the statement.
Found by SA.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Sometimes at startup, BGP Flowspec may be allocated a routing table
identifier not in the range of the predefined table range.
This issue is due to the fact that BGP peering goes up, while the BGP
did not yet retrieve the Table Range allocator.
The fix is done so that BGP PBR entries are not installed while
routing table identifier range is not obtained. Once the routing table
identifier is obtained, parse the FS entries and check that all selected
entries are installed, and if not, install it.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Currently, uninstall pbr rule is not handled by BGP notification
handler. So the uninstall update of the structure is done, immediately
after sending the request of uninstall to zebra.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
There are cases where a redirect IP or redirect VRF stops the ecom
parsing, then ignores a subsequent rate value, letting passed value to
0. Consequently, a new table identifier may be elected, despite the
routing procedure is the same. This fix ignores the rate value in bpa
list.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
The ecommunity was badly read. This fix ensures that all ecom are reads
and stored in local structure.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
policy routing is configurable via address-family ipv4 flowspec
subfamily node. This is then possible to restrict flowspec operation
through the BGP instance, to a single or some interfaces, but not all.
Two commands available:
[no] local-install [IFNAME]
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Once PBR rules installed, an information is printed in the main
show bgp ipv4 flowspec detail information.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Ability for BGP FS to convert some rules containining at least one
address and one port information into a pbr_match_entry rule.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Upon BGP destroy, the hash list related to PBR are removed.
The pbr_match entries, as well as the contained pbr_match_entries
entries.
Then the pbr_action entries. The order is important, since the former
are referencing pbr_action. So the references must be removed, prior to
remove pbr action.
Also, the zebra associated contexts are removed.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
A table chunk of 100000 is allocated from zebra, and when needed in
flowspec, the table identifier is extracted from that chunk.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
If a new rule is identified, a new table identifier is created.
In that table, add a default route when possible. If redirect IP rule is
identified, then add a default route to that IP address.
If redirect VRF is identified, nothing is done for now
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
once an iprule has been created, a notification is sent back, and the
context of bgp_action is searched.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
This commit is reading the installed2 value from bgp_pbr_match hash set.
Once value matches with the one received, the walk stops and the last
bgp_pbr_match structure is stored in a static entry, so that the entry
is obtained.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Once the bgp flowspec entry is validated, then that means that zebra is
able to handle the entries.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Add a policy-route API to handle flowspec entry.
The entry is analysed, converted, and
selected if it is possible to inject the flowspec entry in local policy
routing entries.
redirect IP and redirect VRF actions are handled. The former extracts
the IPv4 address to redirect traffic to. The latter calculates the
matching VRF to redirect traffic to.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
This structure is the model exchange between some bgp services like
flowspec and the policy routing service. This structure reflects what
the nlri entry means. To handle that structure, a dump routine is made
available. Also, a validation function is here to cancel a policy route
installation, whenever it is not possible to install the requested
policy routing.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
bgp structure is being extended with hash sets that will be used by
flowspec to give policy routing facilities.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
BGP flowspec will be able to inject or remove policy-routing contexts,
thanks to some protocols like flowspec. This commit adds some the APIS
necessary to create/delete policy routing contexts that will be injected
then into zebra.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
