diff options
Diffstat (limited to 'nest')
| -rw-r--r-- | nest/a-path.c | 1 | ||||
| -rw-r--r-- | nest/config.Y | 23 | ||||
| -rw-r--r-- | nest/proto.c | 175 | ||||
| -rw-r--r-- | nest/protocol.h | 69 | ||||
| -rw-r--r-- | nest/rt-table.c | 73 |
5 files changed, 304 insertions, 37 deletions
diff --git a/nest/a-path.c b/nest/a-path.c index 058b4344..63ac402e 100644 --- a/nest/a-path.c +++ b/nest/a-path.c @@ -15,7 +15,6 @@ #include "lib/string.h" #include "filter/filter.h" - // static inline void put_as(byte *data, u32 as) { put_u32(data, as); } // static inline u32 get_as(byte *data) { return get_u32(data); } diff --git a/nest/config.Y b/nest/config.Y index 2bc5a4ab..a75dd0c3 100644 --- a/nest/config.Y +++ b/nest/config.Y @@ -44,6 +44,7 @@ CF_DECLS CF_KEYWORDS(ROUTER, ID, PROTOCOL, TEMPLATE, PREFERENCE, DISABLED, DEBUG, ALL, OFF, DIRECT) CF_KEYWORDS(INTERFACE, IMPORT, EXPORT, FILTER, NONE, TABLE, STATES, ROUTES, FILTERS) +CF_KEYWORDS(LIMIT, ACTION, WARN, BLOCK, RESTART, DISABLE) CF_KEYWORDS(PASSWORD, FROM, PASSIVE, TO, ID, EVENTS, PACKETS, PROTOCOLS, INTERFACES) CF_KEYWORDS(PRIMARY, STATS, COUNT, FOR, COMMANDS, PREEXPORT, GENERATE, ROA, MAX, FLUSH) CF_KEYWORDS(LISTEN, BGP, V6ONLY, DUAL, ADDRESS, PORT, PASSWORDS, DESCRIPTION, SORTED) @@ -64,8 +65,9 @@ CF_ENUM(T_ENUM_ROA, ROA_, UNKNOWN, VALID, INVALID) %type <ro> roa_args %type <rot> roa_table_arg %type <sd> sym_args -%type <i> proto_start echo_mask echo_size debug_mask debug_list debug_flag mrtdump_mask mrtdump_list mrtdump_flag export_or_preexport roa_mode tab_sorted +%type <i> proto_start echo_mask echo_size debug_mask debug_list debug_flag mrtdump_mask mrtdump_list mrtdump_flag export_or_preexport roa_mode limit_action tab_sorted %type <ps> proto_patt proto_patt2 +%type <g> limit_spec CF_GRAMMAR @@ -183,6 +185,8 @@ proto_item: | MRTDUMP mrtdump_mask { this_proto->mrtdump = $2; } | IMPORT imexport { this_proto->in_filter = $2; } | EXPORT imexport { this_proto->out_filter = $2; } + | IMPORT LIMIT limit_spec { this_proto->in_limit = $3; } + | EXPORT LIMIT limit_spec { this_proto->out_limit = $3; } | TABLE rtable { this_proto->table = $2; } | ROUTER ID idval { this_proto->router_id = $3; } | DESCRIPTION TEXT { this_proto->dsc = $2; } @@ -195,6 +199,23 @@ imexport: | NONE { $$ = FILTER_REJECT; } ; +limit_action: + /* default */ { $$ = PLA_DISABLE; } + | ACTION WARN { $$ = PLA_WARN; } + | ACTION BLOCK { $$ = PLA_BLOCK; } + | ACTION RESTART { $$ = PLA_RESTART; } + | ACTION DISABLE { $$ = PLA_DISABLE; } + ; + +limit_spec: + expr limit_action { + struct proto_limit *l = cfg_allocz(sizeof(struct proto_limit)); + l->limit = $1; + l->action = $2; + $$ = l; + } + ; + rtable: SYM { if ($1->class != SYM_TABLE) cf_error("Table name expected"); diff --git a/nest/proto.c b/nest/proto.c index 802d5238..887d3e5e 100644 --- a/nest/proto.c +++ b/nest/proto.c @@ -34,11 +34,13 @@ static list flush_proto_list; static struct proto *initial_device_proto; static event *proto_flush_event; +static timer *proto_shutdown_timer; static char *p_states[] = { "DOWN", "START", "UP", "STOP" }; static char *c_states[] = { "HUNGRY", "FEEDING", "HAPPY", "FLUSHING" }; static void proto_flush_loop(void *); +static void proto_shutdown_loop(struct timer *); static void proto_rethink_goal(struct proto *p); static char *proto_state_name(struct proto *p); @@ -134,8 +136,6 @@ extern pool *rt_table_pool; * proto_add_announce_hook - connect protocol to a routing table * @p: protocol instance * @t: routing table to connect to - * @in: input filter - * @out: output filter * @stats: per-table protocol statistics * * This function creates a connection between the protocol instance @p @@ -155,8 +155,7 @@ extern pool *rt_table_pool; * automatically by the core code. */ struct announce_hook * -proto_add_announce_hook(struct proto *p, struct rtable *t, struct filter *in, - struct filter *out, struct proto_stats *stats) +proto_add_announce_hook(struct proto *p, struct rtable *t, struct proto_stats *stats) { struct announce_hook *h; @@ -166,8 +165,6 @@ proto_add_announce_hook(struct proto *p, struct rtable *t, struct filter *in, h = mb_allocz(rt_table_pool, sizeof(struct announce_hook)); h->table = t; h->proto = p; - h->in_filter = in; - h->out_filter = out; h->stats = stats; h->next = p->ahooks; @@ -409,11 +406,14 @@ proto_reconfigure(struct proto *p, struct proto_config *oc, struct proto_config if (p->proto->multitable) return 1; - /* Update filters in the main announce hook */ + /* Update filters and limits in the main announce hook + Note that this also resets limit state */ if (p->main_ahook) { p->main_ahook->in_filter = nc->in_filter; p->main_ahook->out_filter = nc->out_filter; + p->main_ahook->in_limit = nc->in_limit; + p->main_ahook->out_limit = nc->out_limit; } /* Update routes when filters changed. If the protocol in not UP, @@ -438,6 +438,7 @@ proto_reconfigure(struct proto *p, struct proto_config *oc, struct proto_config and we have to do regular protocol restart. */ log(L_INFO "Restarting protocol %s", p->name); p->disabled = 1; + p->down_code = PDC_CF_RESTART; proto_rethink_goal(p); p->disabled = 0; proto_rethink_goal(p); @@ -512,6 +513,7 @@ protos_commit(struct config *new, struct config *old, int force_reconfig, int ty log(L_INFO "Disabling protocol %s", p->name); PD(p, "Restarting"); + p->down_code = nc->disabled ? PDC_CF_DISABLE : PDC_CF_RESTART; p->cf_new = nc; } else @@ -519,9 +521,11 @@ protos_commit(struct config *new, struct config *old, int force_reconfig, int ty if (!shutting_down) log(L_INFO "Removing protocol %s", p->name); PD(p, "Unconfigured"); + p->down_code = PDC_CF_REMOVE; p->cf_new = NULL; } p->reconfiguring = 1; + config_add_obstacle(old); proto_rethink_goal(p); } @@ -704,6 +708,8 @@ protos_build(void) proto_pool = rp_new(&root_pool, "Protocols"); proto_flush_event = ev_new(proto_pool); proto_flush_event->hook = proto_flush_loop; + proto_shutdown_timer = tm_new(proto_pool); + proto_shutdown_timer->hook = proto_shutdown_loop; } static void @@ -769,14 +775,28 @@ proto_schedule_feed(struct proto *p, int initial) p->core_state = FS_FEEDING; p->refeeding = !initial; - /* Hack: reset exp_routes during refeed, and do not decrease it later */ + /* FIXME: This should be changed for better support of multitable protos */ if (!initial) - p->stats.exp_routes = 0; + { + struct announce_hook *ah; + for (ah = p->ahooks; ah; ah = ah->next) + proto_reset_limit(ah->out_limit); + + /* Hack: reset exp_routes during refeed, and do not decrease it later */ + p->stats.exp_routes = 0; + } /* Connect protocol to routing table */ if (initial && !p->proto->multitable) - p->main_ahook = proto_add_announce_hook(p, p->table, - p->cf->in_filter, p->cf->out_filter, &p->stats); + { + p->main_ahook = proto_add_announce_hook(p, p->table, &p->stats); + p->main_ahook->in_filter = p->cf->in_filter; + p->main_ahook->out_filter = p->cf->out_filter; + p->main_ahook->in_limit = p->cf->in_limit; + p->main_ahook->out_limit = p->cf->out_limit; + proto_reset_limit(p->main_ahook->in_limit); + proto_reset_limit(p->main_ahook->out_limit); + } proto_relink(p); p->attn->hook = initial ? proto_feed_initial : proto_feed_more; @@ -860,6 +880,44 @@ proto_schedule_flush(struct proto *p) proto_schedule_flush_loop(); } +/* Temporary hack to propagate restart to BGP */ +int proto_restart; + +static void +proto_shutdown_loop(struct timer *t UNUSED) +{ + struct proto *p, *p_next; + + WALK_LIST_DELSAFE(p, p_next, active_proto_list) + if (p->down_sched) + { + proto_restart = (p->down_sched == PDS_RESTART); + + p->disabled = 1; + proto_rethink_goal(p); + if (proto_restart) + { + p->disabled = 0; + proto_rethink_goal(p); + } + } +} + +static inline void +proto_schedule_down(struct proto *p, byte restart, byte code) +{ + /* Does not work for other states (even PS_START) */ + ASSERT(p->proto_state == PS_UP); + + /* Scheduled restart may change to shutdown, but not otherwise */ + if (p->down_sched == PDS_DISABLE) + return; + + p->down_sched = restart ? PDS_RESTART : PDS_DISABLE; + p->down_code = code; + tm_start_max(proto_shutdown_timer, restart ? 2 : 0); +} + /** * proto_request_feeding - request feeding routes to the protocol @@ -890,6 +948,62 @@ proto_request_feeding(struct proto *p) proto_schedule_feed(p, 0); } +static const char * +proto_limit_name(struct proto_limit *l) +{ + const char *actions[] = { + [PLA_WARN] = "warn", + [PLA_BLOCK] = "block", + [PLA_RESTART] = "restart", + [PLA_DISABLE] = "disable", + }; + + return actions[l->action]; +} + +/** + * proto_notify_limit: notify about limit hit and take appropriate action + * @ah: announce hook + * @l: limit being hit + * @rt_count: the number of routes + * + * The function is called by the route processing core when limit @l + * is breached. It activates the limit and tooks appropriate action + * according to @l->action. + */ +void +proto_notify_limit(struct announce_hook *ah, struct proto_limit *l, u32 rt_count) +{ + struct proto *p = ah->proto; + int dir = (ah->in_limit == l); + + if (l->state == PLS_BLOCKED) + return; + + /* For warning action, we want the log message every time we hit the limit */ + if (!l->state || ((l->action == PLA_WARN) && (rt_count == l->limit))) + log(L_WARN "Protocol %s hits route %s limit (%d), action: %s", + p->name, dir ? "import" : "export", l->limit, proto_limit_name(l)); + + switch (l->action) + { + case PLA_WARN: + l->state = PLS_ACTIVE; + break; + + case PLA_BLOCK: + l->state = PLS_BLOCKED; + break; + + case PLA_RESTART: + case PLA_DISABLE: + l->state = PLS_BLOCKED; + proto_schedule_down(p, l->action == PLA_RESTART, + dir ? PDC_IN_LIMIT_HIT : PDC_OUT_LIMIT_HIT); + break; + } +} + /** * proto_notify_state - notify core about protocol state change * @p: protocol the state of which has changed @@ -919,6 +1033,8 @@ proto_notify_state(struct proto *p, unsigned ps) switch (ps) { case PS_DOWN: + p->down_code = 0; + p->down_sched = 0; if ((cs == FS_FEEDING) || (cs == FS_HAPPY)) proto_schedule_flush(p); @@ -942,6 +1058,7 @@ proto_notify_state(struct proto *p, unsigned ps) proto_schedule_feed(p, 1); break; case PS_STOP: + p->down_sched = 0; if ((cs == FS_FEEDING) || (cs == FS_HAPPY)) proto_schedule_flush(p); break; @@ -994,6 +1111,16 @@ proto_show_stats(struct proto_stats *s) } void +proto_show_limit(struct proto_limit *l, const char *dsc) +{ + if (!l) + return; + + cli_msg(-1006, " %-16s%d%s", dsc, l->limit, l->state ? " [HIT]" : ""); + cli_msg(-1006, " Action: %s", proto_limit_name(l)); +} + +void proto_show_basic_info(struct proto *p) { // cli_msg(-1006, " Table: %s", p->table->name); @@ -1001,6 +1128,9 @@ proto_show_basic_info(struct proto *p) cli_msg(-1006, " Input filter: %s", filter_name(p->cf->in_filter)); cli_msg(-1006, " Output filter: %s", filter_name(p->cf->out_filter)); + proto_show_limit(p->cf->in_limit, "Import limit:"); + proto_show_limit(p->cf->out_limit, "Export limit:"); + if (p->proto_state != PS_DOWN) proto_show_stats(&p->stats); } @@ -1052,6 +1182,7 @@ proto_cmd_disable(struct proto *p, unsigned int arg UNUSED, int cnt UNUSED) log(L_INFO "Disabling protocol %s", p->name); p->disabled = 1; + p->down_code = PDC_CMD_DISABLE; proto_rethink_goal(p); cli_msg(-9, "%s: disabled", p->name); } @@ -1082,6 +1213,7 @@ proto_cmd_restart(struct proto *p, unsigned int arg UNUSED, int cnt UNUSED) log(L_INFO "Restarting protocol %s", p->name); p->disabled = 1; + p->down_code = PDC_CMD_RESTART; proto_rethink_goal(p); p->disabled = 0; proto_rethink_goal(p); @@ -1105,12 +1237,21 @@ proto_cmd_reload(struct proto *p, unsigned int dir, int cnt UNUSED) /* re-importing routes */ if (dir != CMD_RELOAD_OUT) - if (! (p->reload_routes && p->reload_routes(p))) - { - cli_msg(-8006, "%s: reload failed", p->name); - return; - } - + { + if (! (p->reload_routes && p->reload_routes(p))) + { + cli_msg(-8006, "%s: reload failed", p->name); + return; + } + + /* + * Should be done before reload_routes() hook? + * Perhaps, but these hooks work asynchronously. + */ + if (!p->proto->multitable) + proto_reset_limit(p->main_ahook->in_limit); + } + /* re-exporting routes */ if (dir != CMD_RELOAD_IN) proto_request_feeding(p); diff --git a/nest/protocol.h b/nest/protocol.h index 983ce75a..8a632715 100644 --- a/nest/protocol.h +++ b/nest/protocol.h @@ -94,13 +94,15 @@ struct proto_config { u32 router_id; /* Protocol specific router ID */ struct rtable_config *table; /* Table we're attached to */ struct filter *in_filter, *out_filter; /* Attached filters */ + struct proto_limit *in_limit; /* Limit for importing routes from protocol */ + struct proto_limit *out_limit; /* Limit for exporting routes to protocol */ /* Check proto_reconfigure() and proto_copy_config() after changing struct proto_config */ /* Protocol-specific data follow... */ }; - /* Protocol statistics */ +/* Protocol statistics */ struct proto_stats { /* Import - from protocol to core */ u32 imp_routes; /* Number of routes successfully imported to the (adjacent) routing table */ @@ -138,14 +140,16 @@ struct proto { u32 debug; /* Debugging flags */ u32 mrtdump; /* MRTDump flags */ unsigned preference; /* Default route preference */ - unsigned accept_ra_types; /* Which types of route announcements are accepted (RA_OPTIMAL or RA_ANY) */ - unsigned disabled; /* Manually disabled */ - unsigned proto_state; /* Protocol state machine (see below) */ - unsigned core_state; /* Core state machine (see below) */ - unsigned core_goal; /* State we want to reach (see below) */ - unsigned reconfiguring; /* We're shutting down due to reconfiguration */ - unsigned refeeding; /* We are refeeding (valid only if core_state == FS_FEEDING) */ - unsigned flushing; /* Protocol is flushed in current flush loop round */ + byte accept_ra_types; /* Which types of route announcements are accepted (RA_OPTIMAL or RA_ANY) */ + byte disabled; /* Manually disabled */ + byte proto_state; /* Protocol state machine (PS_*, see below) */ + byte core_state; /* Core state machine (FS_*, see below) */ + byte core_goal; /* State we want to reach (FS_*, see below) */ + byte reconfiguring; /* We're shutting down due to reconfiguration */ + byte refeeding; /* We are refeeding (valid only if core_state == FS_FEEDING) */ + byte flushing; /* Protocol is flushed in current flush loop round */ + byte down_sched; /* Shutdown is scheduled for later (PDS_*) */ + byte down_code; /* Reason for shutdown (PDC_* codes) */ u32 hash_key; /* Random key used for hashing of neighbors */ bird_clock_t last_state_change; /* Time of last state transition */ char *last_state_name_announced; /* Last state name we've announced to the user */ @@ -210,6 +214,18 @@ struct proto_spec { }; +#define PDS_DISABLE 1 /* Proto disable scheduled */ +#define PDS_RESTART 2 /* Proto restart scheduled */ + +#define PDC_CF_REMOVE 0x01 /* Removed in new config */ +#define PDC_CF_DISABLE 0x02 /* Disabled in new config */ +#define PDC_CF_RESTART 0x03 /* Restart due to reconfiguration */ +#define PDC_CMD_DISABLE 0x11 /* Result of disable command */ +#define PDC_CMD_RESTART 0x12 /* Result of restart command */ +#define PDC_IN_LIMIT_HIT 0x21 /* Route import limit reached */ +#define PDC_OUT_LIMIT_HIT 0x22 /* Route export limit reached - not implemented */ + + void *proto_new(struct proto_config *, unsigned size); void *proto_config_new(struct protocol *, unsigned size, int class); void proto_copy_config(struct proto_config *dest, struct proto_config *src); @@ -220,6 +236,7 @@ proto_copy_rest(struct proto_config *dest, struct proto_config *src, unsigned si { memcpy(dest + 1, src + 1, size - sizeof(struct proto_config)); } +void proto_show_limit(struct proto_limit *l, const char *dsc); void proto_show_basic_info(struct proto *p); void proto_cmd_show(struct proto *, unsigned int, int); @@ -348,6 +365,36 @@ void proto_notify_state(struct proto *p, unsigned state); extern struct proto_config *cf_dev_proto; + +/* + * Protocol limits + */ + +#define PLA_WARN 1 /* Issue log warning */ +#define PLA_BLOCK 2 /* Block new routes */ +#define PLA_RESTART 4 /* Force protocol restart */ +#define PLA_DISABLE 5 /* Shutdown and disable protocol */ + +#define PLS_INITIAL 0 /* Initial limit state after protocol start */ +#define PLS_ACTIVE 1 /* Limit was hit */ +#define PLS_BLOCKED 2 /* Limit is active and blocking new routes */ + +struct proto_limit { + u32 limit; /* Maximum number of prefixes */ + byte action; /* Action to take (PLA_*) */ + byte state; /* State of limit (PLS_*) */ +}; + +void proto_notify_limit(struct announce_hook *ah, struct proto_limit *l, u32 rt_count); + +static inline void +proto_reset_limit(struct proto_limit *l) +{ + if (l) + l->state = PLS_INITIAL; +} + + /* * Route Announcement Hook */ @@ -358,11 +405,13 @@ struct announce_hook { struct proto *proto; struct filter *in_filter; /* Input filter */ struct filter *out_filter; /* Output filter */ + struct proto_limit *in_limit; /* Input limit */ + struct proto_limit *out_limit; /* Output limit */ struct proto_stats *stats; /* Per-table protocol statistics */ struct announce_hook *next; /* Next hook for the same protocol */ }; -struct announce_hook *proto_add_announce_hook(struct proto *, struct rtable *, struct filter *, struct filter *, struct proto_stats *); +struct announce_hook *proto_add_announce_hook(struct proto *p, struct rtable *t, struct proto_stats *stats); struct announce_hook *proto_find_announce_hook(struct proto *p, struct rtable *t); #endif diff --git a/nest/rt-table.c b/nest/rt-table.c index eb8304f7..165f42bb 100644 --- a/nest/rt-table.c +++ b/nest/rt-table.c @@ -250,6 +250,53 @@ do_rt_notify(struct announce_hook *ah, net *net, rte *new, rte *old, ea_list *tm struct proto *p = ah->proto; struct proto_stats *stats = ah->stats; + + /* + * First, apply export limit. + * + * Export route limits has several problems. Because exp_routes + * counter is reset before refeed, we don't really know whether + * limit is breached and whether the update is new or not. Therefore + * the number of really exported routes may exceed the limit + * temporarily (routes exported before and new routes in refeed). + * + * Minor advantage is that if the limit is decreased and refeed is + * requested, the number of exported routes really decrease. + * + * Second problem is that with export limits, we don't know whether + * old was really exported (it might be blocked by limit). When a + * withdraw is exported, we announce it even when the previous + * update was blocked. This is not a big issue, but the same problem + * is in updating exp_routes counter. Therefore, to be consistent in + * increases and decreases of exp_routes, we count exported routes + * regardless of blocking by limits. + * + * Similar problem is in handling updates - when a new route is + * received and blocking is active, the route would be blocked, but + * when an update for the route will be received later, the update + * would be propagated (as old != NULL). Therefore, we have to block + * also non-new updates (contrary to import blocking). + */ + + struct proto_limit *l = ah->out_limit; + if (l && new) + { + if ((!old || refeed) && (stats->exp_routes >= l->limit)) + proto_notify_limit(ah, l, stats->exp_routes); + + if (l->state == PLS_BLOCKED) + { + stats->exp_routes++; /* see note above */ + stats->exp_updates_rejected++; + rte_trace_out(D_FILTERS, p, new, "rejected [limit]"); + new = NULL; + + if (!old) + return; + } + } + + if (new) stats->exp_updates_accepted++; else @@ -284,10 +331,8 @@ do_rt_notify(struct announce_hook *ah, net *net, rte *new, rte *old, ea_list *tm } else p->rt_notify(p, ah->table, net, new, old, new->attrs->eattrs); - } - static void rt_notify_basic(struct announce_hook *ah, net *net, rte *new, rte *old, ea_list *tmpa, int refeed) { @@ -632,6 +677,21 @@ rte_recalculate(struct announce_hook *ah, net *net, rte *new, ea_list *tmpa, str return; } + struct proto_limit *l = ah->in_limit; + if (l && !old && new) + { + if (stats->imp_routes >= l->limit) + proto_notify_limit(ah, l, stats->imp_routes); + + if (l->state == PLS_BLOCKED) + { + stats->imp_updates_ignored++; + rte_trace_in(D_FILTERS, p, new, "ignored [limit]"); + rte_free_quick(new); + return; + } + } + if (new) stats->imp_updates_accepted++; else @@ -911,10 +971,7 @@ void rte_dump(rte *e) { net *n = e->net; - if (n) - debug("%-1I/%2d ", n->n.prefix, n->n.pxlen); - else - debug("??? "); + debug("%-1I/%2d ", n->n.prefix, n->n.pxlen); debug("KF=%02x PF=%02x pref=%d lm=%d ", n->n.flags, e->pflags, e->pref, now-e->lastmod); rta_dump(e->attrs); if (e->attrs->proto->proto->dump_attrs) @@ -1923,14 +1980,14 @@ rt_show_net(struct cli *c, net *n, struct rt_show_data *d) d->net_counter++; for(e=n->routes; e; e=e->next) { - struct ea_list *tmpa, *old_tmpa; + struct ea_list *tmpa; struct proto *p0 = e->attrs->proto; struct proto *p1 = d->export_protocol; struct proto *p2 = d->show_protocol; d->rt_counter++; ee = e; rte_update_lock(); /* We use the update buffer for filtering */ - old_tmpa = tmpa = p0->make_tmp_attrs ? p0->make_tmp_attrs(e, rte_update_pool) : NULL; + tmpa = p0->make_tmp_attrs ? p0->make_tmp_attrs(e, rte_update_pool) : NULL; ok = (d->filter == FILTER_ACCEPT || f_run(d->filter, &e, &tmpa, rte_update_pool, FF_FORCE_TMPATTR) <= F_ACCEPT); if (p2 && p2 != p0) ok = 0; if (ok && d->export_mode) |