matthieu/frr
1
0
Fork 0
forked from Mirror/frr
Code Pull requests Activity

bgpd: Add some FLowspec specific Error Codes.

Browse source 
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
This commit is contained in:
Donald Sharp 2018-06-19 14:57:19 -04:00 committed by Quentin Young
parent 02705213b1
commit 4f3be6672f
5 changed files with 49 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
bgpd/bgp_errors.c
View file

@ -279,6 +279,18 @@ static struct ferr_ref ferr_bgp_err[] = {
.description = "BGP configuration has AS and process name mismatch", .description = "BGP configuration has AS and process name mismatch",
.suggestion = "Correct the configuration so that the BGP AS number and instance\nname are consistent" .suggestion = "Correct the configuration so that the BGP AS number and instance\nname are consistent"
}, },
{
.code = BGP_ERR_FLOWSPEC_PACKET,
.title = "BGP Flowspec packet processing error",
.description = "The BGP flowspec subsystem has detected a error in the send or receive of a packet",
.suggestion = "Gather log files from both sides of the peering relationship and open an issue"
},
{
.code = BGP_ERR_FLOWSPEC_INSTALLATION,
.title = "BGP Flowspec Installation/removal Error",
.description = "The BGP flowspec subsystem has detected that there was a failure for installation/removal/modification of Flowspec from the dataplane",
.suggestion = "Gather log files from the router and open an issue, Restart FRR"
},
{ {
.code = END_FERR, .code = END_FERR,
} }

2
bgpd/bgp_errors.h
View file

@ -70,6 +70,8 @@ enum bgp_ferr_refs {
BGP_ERR_MULTI_INSTANCE, BGP_ERR_MULTI_INSTANCE,
BGP_ERR_EVPN_AS_MISMATCH, BGP_ERR_EVPN_AS_MISMATCH,
BGP_ERR_EVPN_INSTANCE_MISMATCH, BGP_ERR_EVPN_INSTANCE_MISMATCH,
BGP_ERR_FLOWSPEC_PACKET,
BGP_ERR_FLOWSPEC_INSTALLATION,
}; };
extern void bgp_error_init(void); extern void bgp_error_init(void);

19
bgpd/bgp_flowspec.c
View file

@ -31,6 +31,7 @@
#include "bgpd/bgp_flowspec_private.h" #include "bgpd/bgp_flowspec_private.h"
#include "bgpd/bgp_ecommunity.h" #include "bgpd/bgp_ecommunity.h"
#include "bgpd/bgp_debug.h" #include "bgpd/bgp_debug.h"
#include "bgpd/bgp_errors.h"
static int bgp_fs_nlri_validate(uint8_t *nlri_content, uint32_t len) static int bgp_fs_nlri_validate(uint8_t *nlri_content, uint32_t len)
{ {
@ -109,8 +110,9 @@ int bgp_nlri_parse_flowspec(struct peer *peer, struct attr *attr,
} }
if (packet->length >= FLOWSPEC_NLRI_SIZELIMIT) { if (packet->length >= FLOWSPEC_NLRI_SIZELIMIT) {
zlog_err("BGP flowspec nlri length maximum reached (%u)", zlog_ferr(BGP_ERR_FLOWSPEC_PACKET,
packet->length); "BGP flowspec nlri length maximum reached (%u)",
packet->length);
return -1; return -1;
} }
@ -126,12 +128,14 @@ int bgp_nlri_parse_flowspec(struct peer *peer, struct attr *attr,
/* When packet overflow occur return immediately. */ /* When packet overflow occur return immediately. */
if (pnt + psize > lim) { if (pnt + psize > lim) {
zlog_err("Flowspec NLRI length inconsistent ( size %u seen)", zlog_ferr(BGP_ERR_FLOWSPEC_PACKET,
psize); "Flowspec NLRI length inconsistent ( size %u seen)",
psize);
return -1; return -1;
} }
if (bgp_fs_nlri_validate(pnt, psize) < 0) { if (bgp_fs_nlri_validate(pnt, psize) < 0) {
zlog_err("Bad flowspec format or NLRI options not supported"); zlog_ferr(BGP_ERR_FLOWSPEC_PACKET,
"Bad flowspec format or NLRI options not supported");
return -1; return -1;
} }
p.family = AF_FLOWSPEC; p.family = AF_FLOWSPEC;
@ -184,8 +188,9 @@ int bgp_nlri_parse_flowspec(struct peer *peer, struct attr *attr,
ZEBRA_ROUTE_BGP, BGP_ROUTE_NORMAL, ZEBRA_ROUTE_BGP, BGP_ROUTE_NORMAL,
NULL, NULL, 0, NULL); NULL, NULL, 0, NULL);
if (ret) { if (ret) {
zlog_err("Flowspec NLRI failed to be %s.", zlog_ferr(BGP_ERR_FLOWSPEC_INSTALLATION,
attr ? "added" : "withdrawn"); "Flowspec NLRI failed to be %s.",
attr ? "added" : "withdrawn");
return -1; return -1;
} }
} }

21
bgpd/bgp_flowspec_util.c
View file

@ -27,6 +27,7 @@
#include "bgp_flowspec_util.h" #include "bgp_flowspec_util.h"
#include "bgp_flowspec_private.h" #include "bgp_flowspec_private.h"
#include "bgp_pbr.h" #include "bgp_pbr.h"
#include "bgp_errors.h"
static void hex2bin(uint8_t *hex, int *bin) static void hex2bin(uint8_t *hex, int *bin)
{ {
@ -67,8 +68,9 @@ static int bgp_flowspec_call_non_opaque_decode(uint8_t *nlri_content, int len,
len, len,
mval, error); mval, error);
if (*error < 0) if (*error < 0)
zlog_err("%s: flowspec_op_decode error %d", zlog_ferr(BGP_ERR_FLOWSPEC_PACKET,
__func__, *error); "%s: flowspec_op_decode error %d",
__func__, *error);
else else
*match_num = *error; *match_num = *error;
return ret; return ret;
@ -445,8 +447,9 @@ int bgp_flowspec_match_rules_fill(uint8_t *nlri_content, int len,
len - offset, len - offset,
prefix, &error); prefix, &error);
if (error < 0) if (error < 0)
zlog_err("%s: flowspec_ip_address error %d", zlog_ferr(BGP_ERR_FLOWSPEC_PACKET,
__func__, error); "%s: flowspec_ip_address error %d",
__func__, error);
else else
bpem->match_bitmask |= bitmask; bpem->match_bitmask |= bitmask;
offset += ret; offset += ret;
@ -539,8 +542,9 @@ int bgp_flowspec_match_rules_fill(uint8_t *nlri_content, int len,
len - offset, len - offset,
&bpem->tcpflags, &error); &bpem->tcpflags, &error);
if (error < 0) if (error < 0)
zlog_err("%s: flowspec_tcpflags_decode error %d", zlog_ferr(BGP_ERR_FLOWSPEC_PACKET,
__func__, error); "%s: flowspec_tcpflags_decode error %d",
__func__, error);
else else
bpem->match_tcpflags_num = error; bpem->match_tcpflags_num = error;
/* contains the number of slots used */ /* contains the number of slots used */
@ -553,8 +557,9 @@ int bgp_flowspec_match_rules_fill(uint8_t *nlri_content, int len,
len - offset, &bpem->fragment, len - offset, &bpem->fragment,
&error); &error);
if (error < 0) if (error < 0)
zlog_err("%s: flowspec_fragment_type_decode error %d", zlog_ferr(BGP_ERR_FLOWSPEC_PACKET,
__func__, error); "%s: flowspec_fragment_type_decode error %d",
__func__, error);
else else
bpem->match_fragment_num = error; bpem->match_fragment_num = error;
offset += ret; offset += ret;

16
bgpd/bgp_pbr.c
View file

@ -33,6 +33,7 @@
#include "bgpd/bgp_zebra.h" #include "bgpd/bgp_zebra.h"
#include "bgpd/bgp_mplsvpn.h" #include "bgpd/bgp_mplsvpn.h"
#include "bgpd/bgp_flowspec_private.h" #include "bgpd/bgp_flowspec_private.h"
#include "bgpd/bgp_errors.h"
DEFINE_MTYPE_STATIC(BGPD, PBR_MATCH_ENTRY, "PBR match entry") DEFINE_MTYPE_STATIC(BGPD, PBR_MATCH_ENTRY, "PBR match entry")
DEFINE_MTYPE_STATIC(BGPD, PBR_MATCH, "PBR match") DEFINE_MTYPE_STATIC(BGPD, PBR_MATCH, "PBR match")
@ -652,8 +653,9 @@ static int bgp_pbr_build_and_validate_entry(struct prefix *p,
action_count++; action_count++;
if (action_count > ACTIONS_MAX_NUM) { if (action_count > ACTIONS_MAX_NUM) {
if (BGP_DEBUG(pbr, PBR_ERROR)) if (BGP_DEBUG(pbr, PBR_ERROR))
zlog_err("%s: flowspec actions exceeds limit (max %u)", zlog_ferr(BGP_ERR_FLOWSPEC_PACKET,
__func__, action_count); "%s: flowspec actions exceeds limit (max %u)",
__func__, action_count);
break; break;
} }
api_action = &api->actions[action_count - 1]; api_action = &api->actions[action_count - 1];
@ -2250,15 +2252,17 @@ void bgp_pbr_update_entry(struct bgp *bgp, struct prefix *p,
if (!bgp_zebra_tm_chunk_obtained()) { if (!bgp_zebra_tm_chunk_obtained()) {
if (BGP_DEBUG(pbr, PBR_ERROR)) if (BGP_DEBUG(pbr, PBR_ERROR))
zlog_err("%s: table chunk not obtained yet", zlog_ferr(BGP_ERR_TABLE_CHUNK,
__func__); "%s: table chunk not obtained yet",
__func__);
return; return;
} }
if (bgp_pbr_build_and_validate_entry(p, info, &api) < 0) { if (bgp_pbr_build_and_validate_entry(p, info, &api) < 0) {
if (BGP_DEBUG(pbr, PBR_ERROR)) if (BGP_DEBUG(pbr, PBR_ERROR))
zlog_err("%s: cancel updating entry %p in bgp pbr", zlog_ferr(BGP_ERR_FLOWSPEC_INSTALLATION,
__func__, info); "%s: cancel updating entry %p in bgp pbr",
__func__, info);
return; return;
} }
bgp_pbr_handle_entry(bgp, info, &api, nlri_update); bgp_pbr_handle_entry(bgp, info, &api, nlri_update);