These are easy to get subtly wrong, and doing so can cause
nondeterministic failures when racing in parallel builds.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
And again for the name. Why on earth would we centralize this, just so
people can forget to update it?
Signed-off-by: David Lamparter <equinox@diac24.net>
Same as before, instead of shoving this into a big central list we can
just put the parent node in cmd_node.
Signed-off-by: David Lamparter <equinox@diac24.net>
There is really no reason to not put this in the cmd_node.
And while we're add it, rename from pointless ".func" to ".config_write".
[v2: fix forgotten ldpd config_write]
Signed-off-by: David Lamparter <equinox@diac24.net>
The only nodes that have this as 0 don't have a "->func" anyway, so the
entire thing is really just pointless.
Signed-off-by: David Lamparter <equinox@diac24.net>
Fix some bad wording in a comment when deciding whether
to send a pbr map sequence to zebra.
Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
Separate out the `set *` and `no set *` commands into
different DEFPYs to make the logic of the code easier to
read.
Further, allow non-exlpicit no commands.
So `no set nexthop`, `no set nexthop-group`, and
`no set vrf` will now work without having to specify
anymore data. Before you had to match what was already
there explicitly.
Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
Implement the ability to replace any existing `set *` or
`match` with another one or adding more config without having
to first delete the original config already there.
Before, we needed to constantly execute a `no` command for everything
to remove the rule before making changes to it. With this
patch, you can replace configs on individual sequences much
easier.
Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
Properly free the string pointed to by `pbrms->nhgrp_name`
when we are removiing the config for a nexthop group
on a pbr map sequence.
Found via memleak:
==3152214== 4 bytes in 1 blocks are definitely lost in loss record 308 of 8,814
==3152214== at 0x483980B: malloc (vg_replace_malloc.c:309)
==3152214== by 0x4DC9F7E: strdup (in /usr/lib64/libc-2.30.so)
==3152214== by 0x48E373E: qstrdup (memory.c:122)
==3152214== by 0x408FE7: pbr_map_nexthop_group_magic (pbr_vty.c:264)
==3152214== by 0x408E04: pbr_map_nexthop_group (pbr_vty_clippy.c:347)
==3152214== by 0x48ACF72: cmd_execute_command_real (command.c:1073)
==3152214== by 0x48ACB3B: cmd_execute_command (command.c:1133)
==3152214== by 0x48AD063: cmd_execute (command.c:1288)
==3152214== by 0x493D8EE: vty_command (vty.c:526)
==3152214== by 0x493D397: vty_execute (vty.c:1293)
==3152214== by 0x493C4EC: vtysh_read (vty.c:2126)
==3152214== by 0x49319DC: thread_call (thread.c:1548)
Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
Actually delete the allocated pbr_nhg_cache object we just
released.
Found via memory leak:
==3078405== 136 bytes in 1 blocks are definitely lost in loss record 8,282 of 8,802
==3078405== at 0x483BB1A: calloc (vg_replace_malloc.c:762)
==3078405== by 0x48E35E8: qcalloc (memory.c:110)
==3078405== by 0x40EBA7: pbr_nhgc_alloc (pbr_nht.c:194)
==3078405== by 0x48CC0EB: hash_get (hash.c:148)
==3078405== by 0x40F825: pbr_nht_add_individual_nexthop (pbr_nht.c:534)
==3078405== by 0x409853: pbr_map_nexthop_magic (pbr_vty.c:400)
==3078405== by 0x4093F1: pbr_map_nexthop (pbr_vty_clippy.c:417)
==3078405== by 0x48ACF72: cmd_execute_command_real (command.c:1073)
==3078405== by 0x48ACB3B: cmd_execute_command (command.c:1133)
==3078405== by 0x48AD063: cmd_execute (command.c:1288)
==3078405== by 0x493D8EE: vty_command (vty.c:526)
==3078405== by 0x493D397: vty_execute (vty.c:1293)
Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
Add some more debug info for the sequence number we are
sending to zebra in pbr_send_pbr_map().
Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
We were doing a bunch of gotos in the set vrf configcode.
The code got complex enough that just returning is easier to read.
Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
Properly handle the case where we are sent the same `set vrf`
configs for a pbr map repeatedly. If we are sent the same
config, we return successfully without doing anyting.
If the config is different and its not a [no], then return failure
as we did before since we don't support atomic replace yet.
Before, we would fail anytime even if the config sent was the same
as is already there. This would cause frr-reload to mark as a
failure when it tried to re-apply the same config.
Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
It's been a year search and destroy.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Implement the [no] version of `pbr table range`. We had the command
but were doing nothing with it.
This just calls the set_table_range API again using the defaults.
Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
The vrrpd one conflicts with the standalone vrrpd package; also we're
installing daemons to /usr/lib/frr on some systems so they're not on
PATH.
Signed-off-by: David Lamparter <equinox@diac24.net>
Change the pbr map validity state to indicate yes/no
rather than 1/0 in the `show pbr map` command.
Humans aren't robots, so don't use binary.
Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
We were using a mix of spaces and tabsin show pbr map vty output.
Tabs can be inconsistent depending on the system settings.
Using spaces is a safer option for more consistent output.
Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
Refactor the pbr_map and pbr_map_sequence vty output
into some functions to make the code a bit easier to read.
Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
Consolidate the rule_notify_owner() debugs based on type
into one call, making use of zapi_rule_notify_owner2str()
to do so.
Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
We were missing some newlines in handling vty outputs
for the `set nexthop*` commands. Add them in there.
Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
The vty description for the `set match dst-ip` command was
using "src ip" in its description. Change it to use "dst ip".
Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
Also don't silently fail when we attempt to atomically change
a match MARK to a new one.
We would overwrite the frist one but never actually install it.
Change it to explicitly fail if a config is already present for
now.
Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
Currently pbrd does not support the abilitity to make atomic
changes to a config.
ex)
`match src-ip 1.1.1.1/32`
`match src-ip 1.1.1.0/24`
We would overwrite the first one but never actually install it.
In the `set nexthop commands` we explicitly fail if there is
already a `set nexthop` config present. This patch extends the
match src/dest-ip configs to do the same.
In the future we should make all these commands atomic but for
now its better to not fail silently at the very least.
Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
Don't treat a remove failure as a successful remove.
This can cause us to get out of sync with the kernel.
Pbrd makes decisions on rule handling based on its installed
state so this needs to be as close to accurate as possible.
Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
Only remove the interface from the pbr_map after we get
a callback from zapi that every sequence using that interface
has been removed.
Before, if we created a map with multiple sequences and put that on an interface,
then removed it from that interface, it would fail to mark the sequences after
the first one as uninstalled.
This was because we failed to lookup the other ones after we removed
the interface from the pbr_map.
This patch adds a conditional to only delete the interface from the pbr
map if all its sequneces using that interface have been uninstalled.
This patch extends the work done in 38e9ccde2f
Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
`set vrf NAME` allows the pbr map to point to an arbitrary vrf table.
`set vrf unchanged` will use the interface's vrf for table lookup.
Further, add functionality for pbr to respond to interface events
such as interface vrf changes & interface creation/deletion.
Ex)
ubuntu_nh# show pbr map
pbr-map TEST valid: 1
Seq: 1 rule: 300 Installed: 3(1) Reason: Valid
SRC Match: 3.3.3.3/32
VRF Unchanged (use interface vrf)
pbr-map TEST2 valid: 1
Seq: 2 rule: 301 Installed: 3(2) Reason: Valid
SRC Match: 4.4.4.4/32
VRF Lookup: vrf-red
root@ubuntu_nh:/home# ip rule show
0: from all lookup local
300: from 3.3.3.3 iif dummy2 lookup main
300: from 3.3.3.3 iif dummyVRF lookup 1111
301: from 4.4.4.4 iif dummy1 lookup 1111
301: from 4.4.4.4 iif dummy3 lookup 1111
Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com-
Reduce the api for deleting nexthops and the containing
group to just one call rather than having a special case
and handling it separately.
Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
The pbr->nhg callback is used exclusively for individual nexthops
set through `set nexthop`. If an actuall "tracked" nexthop_group is
used, only the `pbrms->nhgrp_name` is set. Thus this delete does
nothing.
Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
Don't bother tracking ipv6 link locals to determine if a map
should be installed. Every interface has a route of `fe80::/64`
so its just going to return the arbitrarily first one it finds
when it resolves it and hands it back to us.
Instead, just track the interface we specify along with it.
Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
Current autocompletion works only for simple "vrf NAME" case.
This commit expands it also for the following cases:
- "nexthop-vrf NAME" in staticd
- usage of $varname in many daemons
All daemons are updated to use single varname "$vrf_name".
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
The code should be looking for both v4 and v6 nexthop types
instead of v4 nexthop types 2 times.
Found by Coverity SA
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
For all the places we have a zclient->interface_up convert
them to use the interface ifp_up callback instead.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Switch the zclient->interface_add functionality to have everyone
use the interface create callback in lib/if.c
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Start the conversion to allow zapi interface callbacks to be
controlled like vrf creation/destruction/change callbacks.
This will allow us to consolidate control into the interface.c
instead of having each daemon read the stream and react accordingly.
This will hopefully reduce a bunch of cut-n-paste stuff
Create 4 new callback functions that will be controlled by
lib/if.c
create -> A upper level protocol receives an interface creation event
The ifp is brand spanking newly created in the system.
up -> A upper level protocol receives a interface up event
This means the interface is up and ready to go.
down -> A upper level protocol receives a interface down
destroy -> A upper level protocol receives a destroy event
This means to delete the pointers associated with it.
At this point this is just boilerplate setup for future commits.
There is no new functionality.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
In pbrd we did not care if the nexthop interface nexthop tracking
sent us back did not match the one specified with `nexthop [GATEWAY]
[INTERFACE]`. This happened if the gateway was resolvable via a
different interface and the inteface we specified in the config was
unnumbered (no ipv4 address on it) since the default route gets forced
onlink when it gets into zebra.
This patch adds a check to not install the rule if the interface we got
back was different from the specified.
This patch also reworks the nexthop update path to make it a little more
clear what its doing.
Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
Adds support to specify marks in pbr-map match clause.
Marks should be provided as decimal (unsigned int).
Currently supported on Linux only. Attempting to configure
marks on other platform will result in:
"pbr marks are not supported on this platform"
Signed-off-by: Marcin Matlag <marcin.matlag@gmail.com>
Signed-off-by: Jafar Al-Gharaibeh <jafar@atcorp.com>
The sample configuration files for pbrd, sharpd and staticd
where all the same. Add some bit of color to help new people
get rolling on these three daemons.
Signed-off-by: Donald Sharp <sharpd@cumulusnetwork.com>
The creation of a nexthop group results in a callback with
just the nexthop group name. At this point in time we
do not have any nexthop information so there is nothing to
install.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Add a file that exposes functions which modify nexthop groups.
Nexthop groups are techincally immutable but there are a
few special cases where we need direct access to add/remove
nexthops after the group has been made. This file provides a
way to expose those functions in a way that makes it clear
this is a private/hidden api.
Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
Update pbrd to properly handle nexthop tracking.
When we get a notification that a change happened on a nexthop,
re-install it if its still valid.
Before, we were running over all routes and re-queueing them if they
were PBR routes. This commit removes that and puts all the processing
in PBR instead.
Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
When we copy a new nexthop to cache and track, set its
next and prev pointers to NULL. We don't want those since
this is to be treated as a single nexthop.Other nexthops that
aren't in a group could hash to this nexthop so it doesn't
make sense to keep those pointers in the cache.
Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
It doesn't make much sense for a hash function to modify its argument,
so const the hash input.
BGP does it in a couple places, those cast away the const. Not great but
not any worse than it was.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Add an upspecified option to the AFI enum and update
switch statements using it in bgpd and pbrd.
Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
This macro:
- Marks ZAPI callbacks for readability
- Standardizes argument names
- Makes it simple to add ZAPI arguments in the future
- Ensures proper types
- Looks better
- Shortens function declarations
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
It is possible, that a connected lookup from
zebra_interface_address_read is null. Protect and Serve
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Fix bug in the code that compares IPv6 addresses. If memcmp()
returns 0 then the two addresses are equal.
Because of this problem, hash_release() could return NULL in a few
places, leading to the following crashes (found by the CLI fuzzer):
pbrd aborted: vtysh -c "configure terminal" -c "pbr-map WORD seq 100" -c "no set nexthop 2001:db8::1"
pbrd aborted: vtysh -c "configure terminal" -c "nexthop-group NHGROUP" -c "no nexthop 2001:db8::1"
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
When displaying the running configuration, we should use a single
space to indent commands when necessary (and not two spaces).
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
In addition to nexthop groups, pbrd also supports the "set nexthop"
command to specify the nexthop of a PBR map. This adds convenience
when multiple nexthops aren't necessary.
Change this command to support interface nexthops (without IP
addresses) like nexthop groups do. At the end of the command, call
pbr_nht_nexthop_interface_update() otherwise the interface nexthop
won't be validated until we receive an interface up/down notification
from zebra through the zapi protocol.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Now that nexthop groups can contain interface nexthops, make the
necessary adjustments in pbrd to handle them appropriately.
For normal IP nexthops, pbrd uses the NHT callbacks to validate
these nexthops (i.e. check if they are reachable). NHT can't be
used for interface nexthops though. To work around this issue,
use the interface event callbacks from the zclient API to validate
interface nexthops (an interface nexthop is valid only if the
corresponding interface is up and running).
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Commit ff9799c31 broke the detection of nexthop groups that contain
both v4 and v6 nexthops. Move the switch statement back to the
ALL_NEXTHOPS loop to fix this issue.
Further, make pbr_nht_which_afi() return AFI_MAX only if all
nexthops from the group are either NEXTHOP_TYPE_IFINDEX or
NEXTHOP_TYPE_BLACKHOLE.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
When we have a pbr-policy applied to an interface and the
rule is installed and then deleted, we would not properly
clean up the bit field for the pmi as well as not note
the rule as properly deleted.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
When changing policy on an interface, only delete the old_pbrm
if it is different than the current, this covers the case:
current config:
int swp1
pbr-policy DONNA
To a config entered of:
int swp1
pbr-policy EVA
Additionally there is no need to reinstall if we enter the same
pbr-policy two times in a row.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
- some target_CFLAGS that needed to include AM_CFLAGS didn't do so
- libyang/sysrepo/sqlite3/confd CFLAGS + LIBS weren't used at all
- consistently use $(FOO_CFLAGS) instead of @FOO_CFLAGS@
- 2 dependencies were missing for clippy
Signed-off-by: David Lamparter <equinox@diac24.net>
This reverts commit 48944eb65e.
We're using GNU C, not ISO C - and this commit triggers new (real)
warnings about {0} instead of bogus ones about {}.
Signed-off-by: David Lamparter <equinox@diac24.net>
It's been a year since we added the new optional parameters
to instantiation. Let's switch over to the new name.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Introduce frr-interface.yang, which defines a model for managing FRR
interfaces.
Update the 'frr_yang_module_info' array of all daemons that will
implement this module.
Add automatically generated stub callbacks in if.c. These callbacks will
be implemented in the following commit.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
FRR_DAEMON_INFO should now contain an array of 'frr_yang_module_info'
structures describing the YANG modules implemented by the daemon.
This array will be used by frr_init() function to load all YANG modules
and initialize the northbound callbacks during the daemon initialization.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
The ->hash_cmp and linked list ->cmp functions were sometimes
being used interchangeably and this really is not a good
thing. So let's modify the hash_cmp function pointer to return
a boolean and convert everything to use the new syntax.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Since we're now building through one large Makefile, we can easily put
things with their daemons and crossreference nicely.
Signed-off-by: David Lamparter <equinox@diac24.net>
The Vrf aliases can be known with a specific hook. That hook will then,
from zebra propagate the information to the relevant zapi clients.
The registration hook function is the same for all daemons.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
The definition of the interface commands in vtysh.c were outdated.
Currently, all daemons that call if_cmd_init() will have the "no interface
IFNAME" command and the "[no] description" commands as well, so there's
no need to define exceptions for these commands anymore.
To fix this, make extract.pl parse the if.c file so that vtysh can get the
interface commands from there automatically. Only the "interface IFNAME
[vrf NAME]" must be kept in vtysh.c because it changes the vty node and
thus needs special treatment.
Finally, make pimd and pbrd display interface descriptions on "sh run"
when they are configured.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
There is no need to check for failure of a ALLOC call
as that any failure to do so will result in a assert
happening. So we can safely remove all of this code.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
* Add log messages to indicate when we have run out of table IDs
* Increase minimum range size to 1000 to reduce risk of hitting this
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
The notification handler consecutive to an add/remove of a rule in zebra
is being added the FAIL_REMOVE flag. It is mapped on REMOVE flag
behaviour for now.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
The buffer size was insufficiently sized to hold the
entirety of the data being passed in.
Modify the nht code to use a bit bigger buffer.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The range for sequence numbers needs to be limited
by the range we have currently choosen for rule
ranges.
Ticket: CM-20562
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Since we are writing into the name field which is PBR_MAP_NAMELEN
size, we are expecting this to field to be at max 100 bytes.
Newer compilers understand that the %s portion may be up to
100 bytes( because of the size of the string. The %u portion
is expected to be 10 bytes. So in `theory` there are situations
where we might truncate. The reality this is never going to
happen( who is going to create a nexthop group name that is
over say 30 characters? ). As such we are expecting the
calling function to subtract 10 from the size_t l before
we pass it in to get around this new gcc fun.
Fixes: #2163
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
1) addr will never be non-null because of the way we build the cli
at this point in time, but the SA system does not understand this,
add a bread crumb for it.
2) Fix a possible memory leak of the pbr_ifp
3) Fix possible integer overflow when bit shifting.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
A user could overflow the pbr_ifp->mapname buffer by entering a pbr-map
name longer than 100 characters.
Coverity #1467821
Coverity #1467821
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
The pbrm->installed variable was being used only in a couple
of places and it has no real bearing on whether or not
we should install a rule or not. Remove this value.
Ticket: CM-20429
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
While compact, collapsing the various debugs into simply `debug pbr` if
all debugs are on is potentially confusing to users.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Somewhere along the way the ability to install multiple
pbr-policys for the same pbr-map was lost.
Add this back. There is a limitation in that we are limited
to 64 interfaces per pbr-policy.
Ticket: CM-20429
Signed-off-by: Donald Sharp sharpd@cumulusnetworks.com>
When a nexthop group is modified do not assume that it
is not installed. The creation of the pnhgc is enough
to set the installed to false. If we are reinstalling
it is not needed to set it as not installed.
When a pbrms is being installed/removed check to see if it
is already installed/deleted and do the right thing from
there.
Ticket: CM-20371
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
There exists several places we attempt to re-install the
same rule. Figure out when we need to not make an attempt
at doing anything and do it.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Prevent the creation of a v6 LL nexthop that does not include an interface
for proper resolution.
Ticket: CM-20276
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
PBR is hooked up to receive access-list commands automatically,
as are all daemons, add the bit of code to allow the PBR
daemon to safely receive the command and ignore it for the
moment.
Ticket: CM-20569
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
When the last match criteria was removed (dst-ip or src-ip), we were
not deleting the rule correctly for ipv6. This fix retains the
needed src-ip/dst-ip during the pbr_send_pbr_map process so the
appropriate information is available for the rule delete.
Signed-off-by: Don Slice <dslice@cumulusnetworks.com>
Since PBR is meant to be for small deployments, allowing
end users to arbitrarily change rule and table ranges
without some more careful thought on what is going on
and how to do it, sets us up for issues.
At this time remove these knobs.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
When a command is attempted to be configed and it
fails to be installed, indicate via vtysh return
codes that we did not accept the command
Ticket: CM-20216
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
When displaying a pbr map sequence for a show run do not use the
vty_frame construct. We should display the config even if we
do not have much to display.
Ticket: CM-20196
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The linux kernel puts the vrf rule at 1000, since pbr
rules need to be before this rule, don't allow us to go
beyond.
Ticket: CM-19946
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
If an interface is in the process of coming up or
partially deconfigured, prevent pbrd from crashing
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
If the match src-ip or dst-ip command entered has already
been received and it's the same prefix, we are done and
do not need to do anything more.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
When removing either the match dst or match src of a previously
valid pbr map, we would just try to re-install the rule which
was rejected. This fix deletes the old rule before we re-apply
the new rule.
Signed-off-by: Don Slice <dslice@cumulusnetworks.com>
If there are no PBR interfaces configured and we do a 'show run', pbrd
crashes with a NPD when it tries to dereference ifp->info.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
When we are entering 'set nexthop' and 'set nexthop-group'
ensure that the cli only allows one of these to happen
at a time.
Ticket: CM-20125
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The pbr_events.c file was a mistake in that it overly complicated
the code and made it hard to think about what was happening.
Remove all the events and just do the work where needed.
Additionally rethink the sending of the pbr map to
zebra and only send one notification at a time instead
of having the sending function attempt to figure out
what to do.
Clean up some of the no form of commands to make them
work properly.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Signed-off-by: Don Slice <dslice@cumulusnetworks.com>
This is an implementation of PBR for FRR.
This implemenation uses a combination of rules and
tables to determine how packets will flow.
PBR introduces a new concept of 'nexthop-groups' to
specify a group of nexthops that will be used for
ecmp. Nexthop-groups are specified on the cli via:
nexthop-group DONNA
nexthop 192.168.208.1
nexthop 192.168.209.1
nexthop 192.168.210.1
!
PBR sees the nexthop-group and installs these as a default
route with these nexthops starting at table 10000
robot# show pbr nexthop-groups
Nexthop-Group: DONNA Table: 10001 Valid: 1 Installed: 1
Valid: 1 nexthop 192.168.209.1
Valid: 1 nexthop 192.168.210.1
Valid: 1 nexthop 192.168.208.1
I have also introduced the ability to specify a table
in a 'show ip route table XXX' to see the specified tables.
robot# show ip route table 10001
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, P - PIM, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
F - PBR,
> - selected route, * - FIB route
F>* 0.0.0.0/0 [0/0] via 192.168.208.1, enp0s8, 00:14:25
* via 192.168.209.1, enp0s9, 00:14:25
* via 192.168.210.1, enp0s10, 00:14:25
PBR tracks PBR-MAPS via the pbr-map command:
!
pbr-map EVA seq 10
match src-ip 4.3.4.0/24
set nexthop-group DONNA
!
pbr-map EVA seq 20
match dst-ip 4.3.5.0/24
set nexthop-group DONNA
!
pbr-maps can have 'match src-ip <prefix>' and 'match dst-ip <prefix>'
to affect decisions about incoming packets. Additionally if you
only have one nexthop to use for a pbr-map you do not need
to setup a nexthop-group and can specify 'set nexthop XXXX'.
To apply the pbr-map to an incoming interface you do this:
interface enp0s10
pbr-policy EVA
!
When a pbr-map is applied to interfaces it can be installed
into the kernel as a rule:
[sharpd@robot frr1]$ ip rule show
0: from all lookup local
309: from 4.3.4.0/24 iif enp0s10 lookup 10001
319: from all to 4.3.5.0/24 iif enp0s10 lookup 10001
1000: from all lookup [l3mdev-table]
32766: from all lookup main
32767: from all lookup default
[sharpd@robot frr1]$ ip route show table 10001
default proto pbr metric 20
nexthop via 192.168.208.1 dev enp0s8 weight 1
nexthop via 192.168.209.1 dev enp0s9 weight 1
nexthop via 192.168.210.1 dev enp0s10 weight 1
The linux kernel now will use the rules and tables to properly
apply these policies.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Signed-off-by: Don Slice <dslice@cumulusnetworks.com>
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
