Add additional error information on NETLINK failures

build.sh

@@ -0,0 +1,52 @@
+#!/bin/bash -e
+##########################################################################
+
+date=$(date +%y%m%d)
+version='2.0.7'
+
+git tag -a "burble-${version}-${date}" -m "burble.dn42 build ${version}/${date}"
+git push --tags
+
+# configure
+
+if [ ! -f configure ]
+then
+    autoreconf
+fi
+
+./configure \
+    --prefix=/usr \
+    --sysconfdir=/etc/bird \
+    --localstatedir=/var
+
+# make
+
+make -j4
+
+# create debian package
+
+echo "bird-$version for burble.dn42" > description-pak
+sudo checkinstall \
+    --default \
+    --type='debian' --install=no \
+    --pkgname='bird' \
+    --pkgversion="$version" \
+    --pkgrelease="burble-$date" \
+    --maintainer="simon@burble.com" \
+    --provides='bird' \
+    --strip \
+    --backup=no
+# reset perms
+sudo chown simon.simon *.deb
+    
+# upload
+
+pkg="bird_${version}-burble-${date}_amd64.deb"
+dstdir='minio/artifacts/bird'
+dst="${dstdir}/${date}/${pkg}"
+
+mc cp "$pkg" "$dst"
+mc cp "$dst" "${dstdir}/current/bird_${version}-burble_amd64.deb"
+
+##########################################################################
+# end of file

nest/proto.c

@@ -2156,3 +2156,33 @@ proto_iterate_named(struct symbol *sym, struct protocol *proto, struct proto *ol
     return NULL;
   }
 }
+
+/*
+ * jrb0001 fix to reload protocols on RPKI change
+ *
+ */
+
+
+void
+reload_all(void)
+{
+  log(L_INFO "Reloading all protocols.");
+  struct proto *p;
+  WALK_LIST(p, proto_list)
+  {
+    if (!p->disabled && p->proto_state == PS_UP)
+    {
+      log(L_INFO "Reloading protocol %s.", p->name);
+      struct channel *c;
+      WALK_LIST(c, p->channels)
+      {
+        if (channel_reloadable(c) && c->channel_state == CS_UP)
+        {
+          channel_request_reload(c);
+          channel_request_feeding(c);
+        }
+      }
+    }
+  }
+}
+

nest/protocol.h

@@ -630,6 +630,7 @@ void *channel_config_new(const struct channel_class *cc, const char *name, uint
 void *channel_config_get(const struct channel_class *cc, const char *name, uint net_type, struct proto_config *proto);
 int channel_reconfigure(struct channel *c, struct channel_config *cf);
 
+void reload_all(void);
 
 /* Moved from route.h to avoid dependency conflicts */
 static inline void rte_update(struct proto *p, const net_addr *n, rte *new) { rte_update2(p->main_channel, n, new, p->main_source); }

proto/bgp/packets.c

@@ -891,10 +891,10 @@ bgp_rx_open(struct bgp_conn *conn, byte *pkt, uint len)
 #define WITHDRAW(msg, args...) \
   ({ REPORT(msg, ## args); s->err_withdraw = 1; return; })
 
-#define BAD_AFI		"Unexpected AF <%u/%u> in UPDATE"
-#define BAD_NEXT_HOP	"Invalid NEXT_HOP attribute"
-#define NO_NEXT_HOP	"Missing NEXT_HOP attribute"
-#define NO_LABEL_STACK	"Missing MPLS stack"
+#define BAD_AFI		"Unexpected AF <%u/%u> in UPDATE."
+#define BAD_NEXT_HOP	"Invalid NEXT_HOP attribute %I (%s)."
+#define NO_NEXT_HOP	"Missing NEXT_HOP attribute."
+#define NO_LABEL_STACK	"Missing MPLS stack."
 
 
 static void
@@ -914,7 +914,7 @@ bgp_apply_next_hop(struct bgp_parse_state *s, rta *a, ip_addr gw, ip_addr ll)
       nbr = neigh_find(&p->p, ll, p->neigh->iface, 0);
 
     if (!nbr || (nbr->scope == SCOPE_HOST))
-      WITHDRAW(BAD_NEXT_HOP);
+      WITHDRAW(BAD_NEXT_HOP, gw, "missing or local neighbor");
 
     a->dest = RTD_UNICAST;
     a->nh.gw = nbr->addr;
@@ -924,7 +924,7 @@ bgp_apply_next_hop(struct bgp_parse_state *s, rta *a, ip_addr gw, ip_addr ll)
   else /* GW_RECURSIVE */
   {
     if (ipa_zero(gw))
-      WITHDRAW(BAD_NEXT_HOP);
+      WITHDRAW(BAD_NEXT_HOP, gw, "zero address");
 
     rtable *tab = ipa_is_ip4(gw) ? c->igp_table_ip4 : c->igp_table_ip6;
     s->hostentry = rt_get_hostentry(tab, gw, ll, c->c.table);
@@ -1086,16 +1086,16 @@ bgp_update_next_hop_ip(struct bgp_export_state *s, eattr *a, ea_list **to)
 
   /* Forbid zero next hop */
   if (ipa_zero(nh[0]) && ((len != 32) || ipa_zero(nh[1])))
-    WITHDRAW(BAD_NEXT_HOP);
+    WITHDRAW(BAD_NEXT_HOP, nh[0], "zero address");
 
   /* Forbid next hop equal to neighbor IP */
   if (ipa_equal(peer, nh[0]) || ((len == 32) && ipa_equal(peer, nh[1])))
-    WITHDRAW(BAD_NEXT_HOP);
+    WITHDRAW(BAD_NEXT_HOP, nh[0], "equals neighbor address");
 
   /* Forbid next hop with non-matching AF */
   if ((ipa_is_ip4(nh[0]) != bgp_channel_is_ipv4(s->channel)) &&
       !s->channel->ext_next_hop)
-    WITHDRAW(BAD_NEXT_HOP);
+    WITHDRAW(BAD_NEXT_HOP, nh[0], "wrong address family");
 
   /* Just check if MPLS stack */
   if (s->mpls && !bgp_find_attr(*to, BA_MPLS_LABEL_STACK))
@@ -1170,7 +1170,7 @@ bgp_decode_next_hop_ip(struct bgp_parse_state *s, byte *data, uint len, rta *a)
     ad->length = 16;
 
   if ((bgp_channel_is_ipv4(c) != ipa_is_ip4(nh[0])) && !c->ext_next_hop)
-    WITHDRAW(BAD_NEXT_HOP);
+    WITHDRAW(BAD_NEXT_HOP, nh[0], "wrong address family");
 
   // XXXX validate next hop
 
@@ -1251,7 +1251,7 @@ bgp_decode_next_hop_vpn(struct bgp_parse_state *s, byte *data, uint len, rta *a)
     bgp_parse_error(s, 9);
 
   if ((bgp_channel_is_ipv4(c) != ipa_is_ip4(nh[0])) && !c->ext_next_hop)
-    WITHDRAW(BAD_NEXT_HOP);
+    WITHDRAW(BAD_NEXT_HOP, nh[0], "wrong address family");
 
   // XXXX validate next hop
 

proto/rpki/packets.c

@@ -827,6 +827,8 @@ rpki_handle_end_of_data_pdu(struct rpki_cache *cache, const struct pdu_end_of_da
   cache->last_update = current_time();
   cache->serial_num = pdu->serial_num;
   rpki_cache_change_state(cache, RPKI_CS_ESTABLISHED);
+
+  reload_all();
 }
 
 /**

sysdep/linux/netlink.c

@@ -143,13 +143,28 @@ static struct nl_sock nl_scan = {.fd = -1};	/* Netlink socket for synchronous sc
 static struct nl_sock nl_req  = {.fd = -1};	/* Netlink socket for requests */
 
 static void
-nl_open_sock(struct nl_sock *nl)
+nl_open_sock(struct nl_sock *nl, int ext_ack)
 {
   if (nl->fd < 0)
     {
       nl->fd = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
       if (nl->fd < 0)
 	die("Unable to open rtnetlink socket: %m");
+
+#ifdef NETLINK_EXT_ACK
+
+      if (ext_ack)
+        {
+          /* enable extended ACK for more detailed error information */
+          const int ack_enable = 1;
+          int so_ok = setsockopt(nl->fd, SOL_NETLINK, NETLINK_EXT_ACK, (void *)&ack_enable, sizeof(ack_enable));
+          if (so_ok < 0)
+            /* failure isn't fatal, it will just mean less debug is available on errors */
+            log(L_WARN "nl_open_sock: Unable to set NETLINK_EXT_ACK: %m");
+        }
+
+#endif
+
       nl->seq = (u32) (current_time() TO_S); /* Or perhaps random_u32() ? */
       nl->rx_buffer = xmalloc(NL_RX_SIZE);
       nl->last_hdr = NULL;
@@ -160,8 +175,8 @@ nl_open_sock(struct nl_sock *nl)
 static void
 nl_open(void)
 {
-  nl_open_sock(&nl_scan);
-  nl_open_sock(&nl_req);
+  nl_open_sock(&nl_scan, 0);
+  nl_open_sock(&nl_req, 1);
 }
 
 static void
@@ -241,6 +256,7 @@ nl_get_reply(struct nl_sock *nl)
 }
 
 static struct tbf rl_netlink_err = TBF_DEFAULT_LOG_LIMITS;
+static void nl_parse_route(struct nl_parse_state *s, struct nlmsghdr *h);
 
 static int
 nl_error(struct nlmsghdr *h, int ignore_esrch)
@@ -256,7 +272,84 @@ nl_error(struct nlmsghdr *h, int ignore_esrch)
   e = (struct nlmsgerr *) NLMSG_DATA(h);
   ec = -e->error;
   if (ec && !(ignore_esrch && (ec == ESRCH)))
+    {
+
+#ifdef NETLINK_EXT_ACK
+
+    /* check if extended error info was provided */
+    if (h->nlmsg_flags & NLM_F_ACK_TLVS)
+      {
+        /* parse the returned route data */
+        struct nl_parse_state s;
+        memset(&s, 0, sizeof(struct nl_parse_state));
+
+        s.pool = nl_linpool;
+        s.scan = 1;  /* required to prevent nl_parse_route rejecting the route data */
+
+        nl_parse_route(&s, &e->msg);
+
+        /* scan eattrs to check if EA_KRT_PREFSRC was set */
+        int krt_prefsrc_found = 0;
+        ip_addr krt_prefsrc;
+
+        struct ea_list *eattrs = s.attrs->eattrs;
+        while(!krt_prefsrc_found && eattrs)
+          {
+            uint i;
+            eattr *attr = eattrs->attrs;
+            for(i=0; i < eattrs->count; i++,attr++)
+              {
+                if (attr->id == EA_KRT_PREFSRC)
+                  {
+                    memcpy(&krt_prefsrc, attr->u.ptr->data, sizeof(ip_addr));
+                    krt_prefsrc_found = 1;
+                    break;
+                  }
+              }
+            eattrs = eattrs->next;
+          }
+
+        /* walk the extended attributes to find the error message */
+        struct nlattr *attr;
+        uint offset = NLMSG_HDRLEN + 4 + NLMSG_ALIGN(e->msg.nlmsg_len);
+        const char *msg = NULL;
+
+        while(!msg && (offset < h->nlmsg_len))
+          {
+            attr = (struct nlattr *)(((char *)h) + offset);
+            if (attr->nla_type == NLMSGERR_ATTR_MSG)
+              {
+                msg = ((const char *)attr + sizeof(struct nlattr));
+                break;
+              }
+            offset += attr->nla_len;
+          }
+
+        if (msg)
+          {
+            if (krt_prefsrc_found)
+              {
+                log_rl(&rl_netlink_err, L_WARN "Netlink Error: %s (%s, net=%N, nexthop=%I, krt_prefsrc=%I)", strerror(ec), msg, s.net->n.addr, s.attrs->nh.gw, krt_prefsrc);
+              }
+            else
+              {
+                log_rl(&rl_netlink_err, L_WARN "Netlink Error: %s (%s, net=%N, nexthop=%I)", strerror(ec), msg, s.net->n.addr, s.attrs->nh.gw);
+              }
+
+            /* exit here */
+            lp_flush(nl_linpool);
+            return ec;
+          }
+
+        /* cleanup */
+        lp_flush(nl_linpool);
+      }
+
+#endif
+
+    /* default generic error if no other info available */
     log_rl(&rl_netlink_err, L_WARN "Netlink: %s", strerror(ec));
+  }
   return ec;
 }