matthieu/frr
1
0
Fork 0
forked from Mirror/frr
Code Pull requests Activity

bgpd: Add some FLowspec specific Error Codes.

Browse source 
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
This commit is contained in:
Donald Sharp 2018-06-19 14:57:19 -04:00 committed by Quentin Young
parent 02705213b1
commit 4f3be6672f
5 changed files with 49 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
bgpd/bgp_errors.c
View file

@ -279,6 +279,18 @@ static struct ferr_ref ferr_bgp_err[] = {
.description = "BGP configuration has AS and process name mismatch",
.suggestion = "Correct the configuration so that the BGP AS number and instance\nname are consistent"
},
{
.code = BGP_ERR_FLOWSPEC_PACKET,
.title = "BGP Flowspec packet processing error",
.description = "The BGP flowspec subsystem has detected a error in the send or receive of a packet",
.suggestion = "Gather log files from both sides of the peering relationship and open an issue"
},
{
.code = BGP_ERR_FLOWSPEC_INSTALLATION,
.title = "BGP Flowspec Installation/removal Error",
.description = "The BGP flowspec subsystem has detected that there was a failure for installation/removal/modification of Flowspec from the dataplane",
.suggestion = "Gather log files from the router and open an issue, Restart FRR"
},
{
.code = END_FERR,
}

2
bgpd/bgp_errors.h
View file

@ -70,6 +70,8 @@ enum bgp_ferr_refs {
BGP_ERR_MULTI_INSTANCE,
BGP_ERR_EVPN_AS_MISMATCH,
BGP_ERR_EVPN_INSTANCE_MISMATCH,
BGP_ERR_FLOWSPEC_PACKET,
BGP_ERR_FLOWSPEC_INSTALLATION,
};
extern void bgp_error_init(void);

19
bgpd/bgp_flowspec.c
View file

@ -31,6 +31,7 @@
#include "bgpd/bgp_flowspec_private.h"
#include "bgpd/bgp_ecommunity.h"
#include "bgpd/bgp_debug.h"
#include "bgpd/bgp_errors.h"
static int bgp_fs_nlri_validate(uint8_t *nlri_content, uint32_t len)
{
@ -109,8 +110,9 @@ int bgp_nlri_parse_flowspec(struct peer *peer, struct attr *attr,
}
if (packet->length >= FLOWSPEC_NLRI_SIZELIMIT) {
zlog_err("BGP flowspec nlri length maximum reached (%u)",
packet->length);
zlog_ferr(BGP_ERR_FLOWSPEC_PACKET,
"BGP flowspec nlri length maximum reached (%u)",
packet->length);
return -1;
}
@ -126,12 +128,14 @@ int bgp_nlri_parse_flowspec(struct peer *peer, struct attr *attr,
/* When packet overflow occur return immediately. */
if (pnt + psize > lim) {
zlog_err("Flowspec NLRI length inconsistent ( size %u seen)",
psize);
zlog_ferr(BGP_ERR_FLOWSPEC_PACKET,
"Flowspec NLRI length inconsistent ( size %u seen)",
psize);
return -1;
}
if (bgp_fs_nlri_validate(pnt, psize) < 0) {
zlog_err("Bad flowspec format or NLRI options not supported");
zlog_ferr(BGP_ERR_FLOWSPEC_PACKET,
"Bad flowspec format or NLRI options not supported");
return -1;
}
p.family = AF_FLOWSPEC;
@ -184,8 +188,9 @@ int bgp_nlri_parse_flowspec(struct peer *peer, struct attr *attr,
ZEBRA_ROUTE_BGP, BGP_ROUTE_NORMAL,
NULL, NULL, 0, NULL);
if (ret) {
zlog_err("Flowspec NLRI failed to be %s.",
attr ? "added" : "withdrawn");
zlog_ferr(BGP_ERR_FLOWSPEC_INSTALLATION,
"Flowspec NLRI failed to be %s.",
attr ? "added" : "withdrawn");
return -1;
}
}

21
bgpd/bgp_flowspec_util.c
View file

@ -27,6 +27,7 @@
#include "bgp_flowspec_util.h"
#include "bgp_flowspec_private.h"
#include "bgp_pbr.h"
#include "bgp_errors.h"
static void hex2bin(uint8_t *hex, int *bin)
{
@ -67,8 +68,9 @@ static int bgp_flowspec_call_non_opaque_decode(uint8_t *nlri_content, int len,
len,
mval, error);
if (*error < 0)
zlog_err("%s: flowspec_op_decode error %d",
__func__, *error);
zlog_ferr(BGP_ERR_FLOWSPEC_PACKET,
"%s: flowspec_op_decode error %d",
__func__, *error);
else
*match_num = *error;
return ret;
@ -445,8 +447,9 @@ int bgp_flowspec_match_rules_fill(uint8_t *nlri_content, int len,
len - offset,
prefix, &error);
if (error < 0)
zlog_err("%s: flowspec_ip_address error %d",
__func__, error);
zlog_ferr(BGP_ERR_FLOWSPEC_PACKET,
"%s: flowspec_ip_address error %d",
__func__, error);
else
bpem->match_bitmask |= bitmask;
offset += ret;
@ -539,8 +542,9 @@ int bgp_flowspec_match_rules_fill(uint8_t *nlri_content, int len,
len - offset,
&bpem->tcpflags, &error);
if (error < 0)
zlog_err("%s: flowspec_tcpflags_decode error %d",
__func__, error);
zlog_ferr(BGP_ERR_FLOWSPEC_PACKET,
"%s: flowspec_tcpflags_decode error %d",
__func__, error);
else
bpem->match_tcpflags_num = error;
/* contains the number of slots used */
@ -553,8 +557,9 @@ int bgp_flowspec_match_rules_fill(uint8_t *nlri_content, int len,
len - offset, &bpem->fragment,
&error);
if (error < 0)
zlog_err("%s: flowspec_fragment_type_decode error %d",
__func__, error);
zlog_ferr(BGP_ERR_FLOWSPEC_PACKET,
"%s: flowspec_fragment_type_decode error %d",
__func__, error);
else
bpem->match_fragment_num = error;
offset += ret;

16
bgpd/bgp_pbr.c
View file

@ -33,6 +33,7 @@
#include "bgpd/bgp_zebra.h"
#include "bgpd/bgp_mplsvpn.h"
#include "bgpd/bgp_flowspec_private.h"
#include "bgpd/bgp_errors.h"
DEFINE_MTYPE_STATIC(BGPD, PBR_MATCH_ENTRY, "PBR match entry")
DEFINE_MTYPE_STATIC(BGPD, PBR_MATCH, "PBR match")
@ -652,8 +653,9 @@ static int bgp_pbr_build_and_validate_entry(struct prefix *p,
action_count++;
if (action_count > ACTIONS_MAX_NUM) {
if (BGP_DEBUG(pbr, PBR_ERROR))
zlog_err("%s: flowspec actions exceeds limit (max %u)",
__func__, action_count);
zlog_ferr(BGP_ERR_FLOWSPEC_PACKET,
"%s: flowspec actions exceeds limit (max %u)",
__func__, action_count);
break;
}
api_action = &api->actions[action_count - 1];
@ -2250,15 +2252,17 @@ void bgp_pbr_update_entry(struct bgp *bgp, struct prefix *p,
if (!bgp_zebra_tm_chunk_obtained()) {
if (BGP_DEBUG(pbr, PBR_ERROR))
zlog_err("%s: table chunk not obtained yet",
__func__);
zlog_ferr(BGP_ERR_TABLE_CHUNK,
"%s: table chunk not obtained yet",
__func__);
return;
}
if (bgp_pbr_build_and_validate_entry(p, info, &api) < 0) {
if (BGP_DEBUG(pbr, PBR_ERROR))
zlog_err("%s: cancel updating entry %p in bgp pbr",
__func__, info);
zlog_ferr(BGP_ERR_FLOWSPEC_INSTALLATION,
"%s: cancel updating entry %p in bgp pbr",
__func__, info);
return;
}
bgp_pbr_handle_entry(bgp, info, &api, nlri_update);