BGP: Implement flowspec validation procedure

Implement flowspec validation procedure as described in RFC 8955 sec. 6 and RFC 9117. The Validation procedure enforces that only routers in the forwarding path for a network can originate flowspec rules for that network. The patch adds new mechanism for tracking inter-table dependencies, which is necessary as the flowspec validation depends on IP routes, and flowspec rules must be revalidated when best IP routes change. The validation procedure is disabled by default and requires that relevant IP table uses trie, as it uses interval queries for subnets.
author: Ondrej Zajicek (work) <santiago@crfreenet.org> 2021-12-20 20:25:35 +0100
committer: Ondrej Zajicek (work) <santiago@crfreenet.org> 2022-02-06 23:27:13 +0100
commit: 1f2eb2aca8e348fefc1822ec2adcad0cc97768d8 (patch)
tree: 11494fc2f2dbc8b7aeb2a4a172fec6d2263af4ab /proto/pipe
parent: 1ae42e522374ae60c23fe4c419c62b2209fbeea8 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/proto/pipe/pipe.c b/proto/pipe/pipe.c
index 3532f114..f991d09a 100644
--- a/proto/pipe/pipe.c
+++ b/proto/pipe/pipe.c
@@ -81,7 +81,10 @@ pipe_rt_notify(struct proto *P, struct channel *src_ch, net *n, rte *new, rte *o
 #ifdef CONFIG_BGP
       /* Hack to cleanup cached value */
       if (e->attrs->src->proto->proto == &proto_bgp)
+      {
 	e->u.bgp.stale = -1;
+	e->u.bgp.base_table = NULL;
+      }
 #endif
 
       src = a->src;
author	Ondrej Zajicek (work) <santiago@crfreenet.org>	2021-12-20 20:25:35 +0100
committer	Ondrej Zajicek (work) <santiago@crfreenet.org>	2022-02-06 23:27:13 +0100
commit	1f2eb2aca8e348fefc1822ec2adcad0cc97768d8 (patch)
tree	11494fc2f2dbc8b7aeb2a4a172fec6d2263af4ab /proto/pipe
parent	1ae42e522374ae60c23fe4c419c62b2209fbeea8 (diff)