diff --git a/bgpd/bgp_errors.c b/bgpd/bgp_errors.c index d3498e44a9..6cad8049a0 100644 --- a/bgpd/bgp_errors.c +++ b/bgpd/bgp_errors.c @@ -279,6 +279,18 @@ static struct ferr_ref ferr_bgp_err[] = { .description = "BGP configuration has AS and process name mismatch", .suggestion = "Correct the configuration so that the BGP AS number and instance\nname are consistent" }, + { + .code = BGP_ERR_FLOWSPEC_PACKET, + .title = "BGP Flowspec packet processing error", + .description = "The BGP flowspec subsystem has detected a error in the send or receive of a packet", + .suggestion = "Gather log files from both sides of the peering relationship and open an issue" + }, + { + .code = BGP_ERR_FLOWSPEC_INSTALLATION, + .title = "BGP Flowspec Installation/removal Error", + .description = "The BGP flowspec subsystem has detected that there was a failure for installation/removal/modification of Flowspec from the dataplane", + .suggestion = "Gather log files from the router and open an issue, Restart FRR" + }, { .code = END_FERR, } diff --git a/bgpd/bgp_errors.h b/bgpd/bgp_errors.h index 31915cc069..4bfb7af879 100644 --- a/bgpd/bgp_errors.h +++ b/bgpd/bgp_errors.h @@ -70,6 +70,8 @@ enum bgp_ferr_refs { BGP_ERR_MULTI_INSTANCE, BGP_ERR_EVPN_AS_MISMATCH, BGP_ERR_EVPN_INSTANCE_MISMATCH, + BGP_ERR_FLOWSPEC_PACKET, + BGP_ERR_FLOWSPEC_INSTALLATION, }; extern void bgp_error_init(void); diff --git a/bgpd/bgp_flowspec.c b/bgpd/bgp_flowspec.c index b578370db7..b586e86a24 100644 --- a/bgpd/bgp_flowspec.c +++ b/bgpd/bgp_flowspec.c @@ -31,6 +31,7 @@ #include "bgpd/bgp_flowspec_private.h" #include "bgpd/bgp_ecommunity.h" #include "bgpd/bgp_debug.h" +#include "bgpd/bgp_errors.h" static int bgp_fs_nlri_validate(uint8_t *nlri_content, uint32_t len) { @@ -109,8 +110,9 @@ int bgp_nlri_parse_flowspec(struct peer *peer, struct attr *attr, } if (packet->length >= FLOWSPEC_NLRI_SIZELIMIT) { - zlog_err("BGP flowspec nlri length maximum reached (%u)", - packet->length); + zlog_ferr(BGP_ERR_FLOWSPEC_PACKET, + "BGP flowspec nlri length maximum reached (%u)", + packet->length); return -1; } @@ -126,12 +128,14 @@ int bgp_nlri_parse_flowspec(struct peer *peer, struct attr *attr, /* When packet overflow occur return immediately. */ if (pnt + psize > lim) { - zlog_err("Flowspec NLRI length inconsistent ( size %u seen)", - psize); + zlog_ferr(BGP_ERR_FLOWSPEC_PACKET, + "Flowspec NLRI length inconsistent ( size %u seen)", + psize); return -1; } if (bgp_fs_nlri_validate(pnt, psize) < 0) { - zlog_err("Bad flowspec format or NLRI options not supported"); + zlog_ferr(BGP_ERR_FLOWSPEC_PACKET, + "Bad flowspec format or NLRI options not supported"); return -1; } p.family = AF_FLOWSPEC; @@ -184,8 +188,9 @@ int bgp_nlri_parse_flowspec(struct peer *peer, struct attr *attr, ZEBRA_ROUTE_BGP, BGP_ROUTE_NORMAL, NULL, NULL, 0, NULL); if (ret) { - zlog_err("Flowspec NLRI failed to be %s.", - attr ? "added" : "withdrawn"); + zlog_ferr(BGP_ERR_FLOWSPEC_INSTALLATION, + "Flowspec NLRI failed to be %s.", + attr ? "added" : "withdrawn"); return -1; } } diff --git a/bgpd/bgp_flowspec_util.c b/bgpd/bgp_flowspec_util.c index 8286838dbb..c7432773b9 100644 --- a/bgpd/bgp_flowspec_util.c +++ b/bgpd/bgp_flowspec_util.c @@ -27,6 +27,7 @@ #include "bgp_flowspec_util.h" #include "bgp_flowspec_private.h" #include "bgp_pbr.h" +#include "bgp_errors.h" static void hex2bin(uint8_t *hex, int *bin) { @@ -67,8 +68,9 @@ static int bgp_flowspec_call_non_opaque_decode(uint8_t *nlri_content, int len, len, mval, error); if (*error < 0) - zlog_err("%s: flowspec_op_decode error %d", - __func__, *error); + zlog_ferr(BGP_ERR_FLOWSPEC_PACKET, + "%s: flowspec_op_decode error %d", + __func__, *error); else *match_num = *error; return ret; @@ -445,8 +447,9 @@ int bgp_flowspec_match_rules_fill(uint8_t *nlri_content, int len, len - offset, prefix, &error); if (error < 0) - zlog_err("%s: flowspec_ip_address error %d", - __func__, error); + zlog_ferr(BGP_ERR_FLOWSPEC_PACKET, + "%s: flowspec_ip_address error %d", + __func__, error); else bpem->match_bitmask |= bitmask; offset += ret; @@ -539,8 +542,9 @@ int bgp_flowspec_match_rules_fill(uint8_t *nlri_content, int len, len - offset, &bpem->tcpflags, &error); if (error < 0) - zlog_err("%s: flowspec_tcpflags_decode error %d", - __func__, error); + zlog_ferr(BGP_ERR_FLOWSPEC_PACKET, + "%s: flowspec_tcpflags_decode error %d", + __func__, error); else bpem->match_tcpflags_num = error; /* contains the number of slots used */ @@ -553,8 +557,9 @@ int bgp_flowspec_match_rules_fill(uint8_t *nlri_content, int len, len - offset, &bpem->fragment, &error); if (error < 0) - zlog_err("%s: flowspec_fragment_type_decode error %d", - __func__, error); + zlog_ferr(BGP_ERR_FLOWSPEC_PACKET, + "%s: flowspec_fragment_type_decode error %d", + __func__, error); else bpem->match_fragment_num = error; offset += ret; diff --git a/bgpd/bgp_pbr.c b/bgpd/bgp_pbr.c index de475d2dcd..fd1e209b0a 100644 --- a/bgpd/bgp_pbr.c +++ b/bgpd/bgp_pbr.c @@ -33,6 +33,7 @@ #include "bgpd/bgp_zebra.h" #include "bgpd/bgp_mplsvpn.h" #include "bgpd/bgp_flowspec_private.h" +#include "bgpd/bgp_errors.h" DEFINE_MTYPE_STATIC(BGPD, PBR_MATCH_ENTRY, "PBR match entry") DEFINE_MTYPE_STATIC(BGPD, PBR_MATCH, "PBR match") @@ -652,8 +653,9 @@ static int bgp_pbr_build_and_validate_entry(struct prefix *p, action_count++; if (action_count > ACTIONS_MAX_NUM) { if (BGP_DEBUG(pbr, PBR_ERROR)) - zlog_err("%s: flowspec actions exceeds limit (max %u)", - __func__, action_count); + zlog_ferr(BGP_ERR_FLOWSPEC_PACKET, + "%s: flowspec actions exceeds limit (max %u)", + __func__, action_count); break; } api_action = &api->actions[action_count - 1]; @@ -2250,15 +2252,17 @@ void bgp_pbr_update_entry(struct bgp *bgp, struct prefix *p, if (!bgp_zebra_tm_chunk_obtained()) { if (BGP_DEBUG(pbr, PBR_ERROR)) - zlog_err("%s: table chunk not obtained yet", - __func__); + zlog_ferr(BGP_ERR_TABLE_CHUNK, + "%s: table chunk not obtained yet", + __func__); return; } if (bgp_pbr_build_and_validate_entry(p, info, &api) < 0) { if (BGP_DEBUG(pbr, PBR_ERROR)) - zlog_err("%s: cancel updating entry %p in bgp pbr", - __func__, info); + zlog_ferr(BGP_ERR_FLOWSPEC_INSTALLATION, + "%s: cancel updating entry %p in bgp pbr", + __func__, info); return; } bgp_pbr_handle_entry(bgp, info, &api, nlri_update);