From aff07ee7ed1136ed9879c9b6dec6875962a7610f Mon Sep 17 00:00:00 2001 From: Simon Marsh Date: Mon, 3 Jun 2019 18:28:51 +0100 Subject: [PATCH 1/2] Add patch from JRB0001 to reload protocols on RPKI change --- nest/proto.c | 24 ++++++++++++++++++++++++ nest/protocol.h | 1 + proto/rpki/packets.c | 2 ++ 3 files changed, 27 insertions(+) diff --git a/nest/proto.c b/nest/proto.c index d4a333d0..d6ba0266 100644 --- a/nest/proto.c +++ b/nest/proto.c @@ -1968,3 +1968,27 @@ proto_get_named(struct symbol *sym, struct protocol *pr) return p; } + +void +reload_all(void) +{ + log(L_INFO "Reloading all protocols."); + struct proto *p; + WALK_LIST(p, proto_list) + { + if (!p->disabled && p->proto_state == PS_UP) + { + log(L_INFO "Reloading protocol %s.", p->name); + struct channel *c; + WALK_LIST(c, p->channels) + { + if (channel_reloadable(c) && c->channel_state == CS_UP) + { + channel_request_reload(c); + channel_request_feeding(c); + } + } + } + } +} + diff --git a/nest/protocol.h b/nest/protocol.h index 6c04071b..ed06561f 100644 --- a/nest/protocol.h +++ b/nest/protocol.h @@ -624,6 +624,7 @@ void *channel_config_new(const struct channel_class *cc, const char *name, uint void *channel_config_get(const struct channel_class *cc, const char *name, uint net_type, struct proto_config *proto); int channel_reconfigure(struct channel *c, struct channel_config *cf); +void reload_all(void); /* Moved from route.h to avoid dependency conflicts */ static inline void rte_update(struct proto *p, const net_addr *n, rte *new) { rte_update2(p->main_channel, n, new, p->main_source); } diff --git a/proto/rpki/packets.c b/proto/rpki/packets.c index 59a5efaf..16c1efc7 100644 --- a/proto/rpki/packets.c +++ b/proto/rpki/packets.c @@ -817,6 +817,8 @@ rpki_handle_end_of_data_pdu(struct rpki_cache *cache, const struct pdu_end_of_da cache->last_update = current_time(); cache->serial_num = pdu->serial_num; rpki_cache_change_state(cache, RPKI_CS_ESTABLISHED); + + reload_all(); } /** From a9f967f2abab1ed149a8e8faa6b622f3b059936b Mon Sep 17 00:00:00 2001 From: Simon Marsh Date: Mon, 3 Jun 2019 18:30:39 +0100 Subject: [PATCH 2/2] Add patch from JRB0001 to provide more verbose error logging on bad next hop. --- proto/bgp/packets.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/proto/bgp/packets.c b/proto/bgp/packets.c index 26716573..b7cca08b 100644 --- a/proto/bgp/packets.c +++ b/proto/bgp/packets.c @@ -774,10 +774,10 @@ bgp_rx_open(struct bgp_conn *conn, byte *pkt, uint len) #define WITHDRAW(msg, args...) \ ({ REPORT(msg, ## args); s->err_withdraw = 1; return; }) -#define BAD_AFI "Unexpected AF <%u/%u> in UPDATE" -#define BAD_NEXT_HOP "Invalid NEXT_HOP attribute" -#define NO_NEXT_HOP "Missing NEXT_HOP attribute" -#define NO_LABEL_STACK "Missing MPLS stack" +#define BAD_AFI "Unexpected AF <%u/%u> in UPDATE." +#define BAD_NEXT_HOP "Invalid NEXT_HOP attribute %I (%s)." +#define NO_NEXT_HOP "Missing NEXT_HOP attribute." +#define NO_LABEL_STACK "Missing MPLS stack." static void @@ -797,7 +797,7 @@ bgp_apply_next_hop(struct bgp_parse_state *s, rta *a, ip_addr gw, ip_addr ll) nbr = neigh_find(&p->p, ll, p->neigh->iface, 0); if (!nbr || (nbr->scope == SCOPE_HOST)) - WITHDRAW(BAD_NEXT_HOP); + WITHDRAW(BAD_NEXT_HOP, gw, "missing or local neighbor"); a->dest = RTD_UNICAST; a->nh.gw = nbr->addr; @@ -806,7 +806,7 @@ bgp_apply_next_hop(struct bgp_parse_state *s, rta *a, ip_addr gw, ip_addr ll) else /* GW_RECURSIVE */ { if (ipa_zero(gw)) - WITHDRAW(BAD_NEXT_HOP); + WITHDRAW(BAD_NEXT_HOP, gw, "zero address"); rtable *tab = ipa_is_ip4(gw) ? c->igp_table_ip4 : c->igp_table_ip6; s->hostentry = rt_get_hostentry(tab, gw, ll, c->c.table); @@ -967,16 +967,16 @@ bgp_update_next_hop_ip(struct bgp_export_state *s, eattr *a, ea_list **to) /* Forbid zero next hop */ if (ipa_zero(nh[0]) && ((len != 32) || ipa_zero(nh[1]))) - WITHDRAW(BAD_NEXT_HOP); + WITHDRAW(BAD_NEXT_HOP, nh[0], "zero address"); /* Forbid next hop equal to neighbor IP */ if (ipa_equal(peer, nh[0]) || ((len == 32) && ipa_equal(peer, nh[1]))) - WITHDRAW(BAD_NEXT_HOP); + WITHDRAW(BAD_NEXT_HOP, nh[0], "equals neighbor address"); /* Forbid next hop with non-matching AF */ if ((ipa_is_ip4(nh[0]) != bgp_channel_is_ipv4(s->channel)) && !s->channel->ext_next_hop) - WITHDRAW(BAD_NEXT_HOP); + WITHDRAW(BAD_NEXT_HOP, nh[0], "wrong address family"); /* Just check if MPLS stack */ if (s->mpls && !bgp_find_attr(*to, BA_MPLS_LABEL_STACK)) @@ -1048,7 +1048,7 @@ bgp_decode_next_hop_ip(struct bgp_parse_state *s, byte *data, uint len, rta *a) ad->length = 16; if ((bgp_channel_is_ipv4(c) != ipa_is_ip4(nh[0])) && !c->ext_next_hop) - WITHDRAW(BAD_NEXT_HOP); + WITHDRAW(BAD_NEXT_HOP, nh[0], "wrong address family"); // XXXX validate next hop @@ -1129,7 +1129,7 @@ bgp_decode_next_hop_vpn(struct bgp_parse_state *s, byte *data, uint len, rta *a) bgp_parse_error(s, 9); if ((bgp_channel_is_ipv4(c) != ipa_is_ip4(nh[0])) && !c->ext_next_hop) - WITHDRAW(BAD_NEXT_HOP); + WITHDRAW(BAD_NEXT_HOP, nh[0], "wrong address family"); // XXXX validate next hop