diff --git a/net/frr/Makefile b/net/frr/Makefile index 44ccacf3c6..0f075c8e4a 100644 --- a/net/frr/Makefile +++ b/net/frr/Makefile @@ -7,16 +7,16 @@ include $(TOPDIR)/rules.mk PKG_NAME:=frr -PKG_VERSION:=7.5 -PKG_RELEASE:=5 -PKG_SOURCE_DATE:=2021-02-26 +PKG_VERSION:=7.5.1 +PKG_RELEASE:=1 +PKG_SOURCE_DATE:=2021-03-25 PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_DATE).tar.gz -PKG_SOURCE_VERSION:=13a8efb4b6e3c92e8b9361c9cb1e78a86b0194cf +PKG_SOURCE_VERSION:=18f209926fb659790926b82dd4e30727311d22aa PKG_SOURCE_URL:=https://codeload.github.com/FRRouting/frr/tar.gz/$(PKG_SOURCE_VERSION)? -PKG_HASH:=6e313edff69cd12444b53dbc5593892b280280b7735e620c00189a669f80bdcc +PKG_HASH:=a2e21ea5f5c73afda521280c7b1bab3e6734f78517e7cf1b86cbbc0e5f9856cc PKG_MAINTAINER:=Lucian Cristian PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_SOURCE_VERSION) @@ -164,6 +164,7 @@ define Host/Configure $(SED) 's/$$$$(MAKE) $$$$(AM_MAKEFLAGS) install-am/# $$$$(MAKE) $$$$(AM_MAKEFLAGS) install-am/' $(HOST_BUILD_DIR)/Makefile.in endef +#HOST_CPPFLAGS += -I$(STAGING_DIR_HOST)/include/libelf HOST_CONFIGURE_ARGS+= \ --enable-clippy-only @@ -177,6 +178,7 @@ CONFIGURE_ARGS+= \ --prefix=/usr \ --enable-shared \ --disable-static \ + --disable-pathd \ --enable-user=network \ --enable-group=network \ --disable-ospfclient \ diff --git a/net/frr/patches/052-nhrpd_support_for_multicast.patch b/net/frr/patches/052-nhrpd_support_for_multicast.patch index 6a78ad45f0..94db55f1a9 100644 --- a/net/frr/patches/052-nhrpd_support_for_multicast.patch +++ b/net/frr/patches/052-nhrpd_support_for_multicast.patch @@ -1,7 +1,7 @@ -From f9ff7bf497894b74fd02d54dc0f0a39981f7cc06 Mon Sep 17 00:00:00 2001 +From 6ea5d99456b14db5e82abc2461228bb37aa7556d Mon Sep 17 00:00:00 2001 From: Amol Lad Date: Wed, 17 Feb 2021 13:47:32 +1300 -Subject: [PATCH 1/6] nhrpd: Add support for forwarding multicast packets +Subject: [PATCH 01/14] nhrpd: Add support for forwarding multicast packets Forwarding multicast is a pre-requisite for allowing multicast based routing protocols such as OSPF to work with DMVPN @@ -13,14 +13,14 @@ Signed-off-by: Reuben Dowle --- nhrpd/linux.c | 11 +- nhrpd/nhrp_interface.c | 2 + - nhrpd/nhrp_multicast.c | 312 +++++++++++++++++++++++++++++++++++++++++ + nhrpd/nhrp_multicast.c | 307 +++++++++++++++++++++++++++++++++++++++++ nhrpd/nhrp_peer.c | 3 +- nhrpd/nhrp_vty.c | 63 +++++++++ nhrpd/nhrpd.h | 16 +++ nhrpd/os.h | 2 +- nhrpd/subdir.am | 1 + - 8 files changed, 403 insertions(+), 7 deletions(-) - create mode 100644 nhrpd/nhrp_multicast.c + 8 files changed, 398 insertions(+), 7 deletions(-) + create mode 100755 nhrpd/nhrp_multicast.c --- a/nhrpd/linux.c +++ b/nhrpd/linux.c @@ -32,7 +32,19 @@ Signed-off-by: Reuben Dowle #include #include #include -@@ -42,7 +43,7 @@ int os_socket(void) +@@ -31,6 +32,11 @@ + #include "os.h" + #include "netlink.h" + ++#ifndef HAVE_STRLCPY ++size_t strlcpy(char *__restrict dest, ++ const char *__restrict src, size_t destsize); ++#endif ++ + static int nhrp_socket_fd = -1; + + int os_socket(void) +@@ -42,7 +48,7 @@ int os_socket(void) } int os_sendmsg(const uint8_t *buf, size_t len, int ifindex, const uint8_t *addr, @@ -41,7 +53,7 @@ Signed-off-by: Reuben Dowle { struct sockaddr_ll lladdr; struct iovec iov = { -@@ -61,16 +62,16 @@ int os_sendmsg(const uint8_t *buf, size_ +@@ -61,16 +67,16 @@ int os_sendmsg(const uint8_t *buf, size_ memset(&lladdr, 0, sizeof(lladdr)); lladdr.sll_family = AF_PACKET; @@ -62,6 +74,15 @@ Signed-off-by: Reuben Dowle } int os_recvmsg(uint8_t *buf, size_t *len, int *ifindex, uint8_t *addr, +@@ -111,7 +117,7 @@ static int linux_configure_arp(const cha + { + struct ifreq ifr; + +- strncpy(ifr.ifr_name, iface, IFNAMSIZ - 1); ++ strlcpy(ifr.ifr_name, iface, IFNAMSIZ); + if (ioctl(nhrp_socket_fd, SIOCGIFFLAGS, &ifr)) + return -1; + --- a/nhrpd/nhrp_interface.c +++ b/nhrpd/nhrp_interface.c @@ -42,6 +42,7 @@ static int nhrp_if_new_hook(struct inter @@ -82,7 +103,7 @@ Signed-off-by: Reuben Dowle if (nifp->ipsec_profile) --- /dev/null +++ b/nhrpd/nhrp_multicast.c -@@ -0,0 +1,312 @@ +@@ -0,0 +1,309 @@ +/* NHRP Multicast Support + * Copyright (c) 2020-2021 4RF Limited + * @@ -115,10 +136,9 @@ Signed-off-by: Reuben Dowle + +DEFINE_MTYPE_STATIC(NHRPD, NHRP_MULTICAST, "NHRP Multicast") + -+static int netlink_mcast_nflog_group; ++int netlink_mcast_nflog_group; +static int netlink_mcast_log_fd = -1; +static struct thread *netlink_mcast_log_thread; -+static int nhrp_multicast_ip_count; + +struct mcast_ctx { + struct interface *ifp; @@ -133,19 +153,22 @@ Signed-off-by: Reuben Dowle + + addrlen = sockunion_get_addrlen(&p->vc->remote.nbma); + ret = os_sendmsg(zb->head, zbuf_used(zb), p->ifp->ifindex, -+ sockunion_get_addr(&p->vc->remote.nbma), -+ addrlen, addrlen == 4 ? 0x0800 : 0x86DD); ++ sockunion_get_addr(&p->vc->remote.nbma), addrlen, ++ addrlen == 4 ? ETH_P_IP : ETH_P_IPV6); + -+ debugf(NHRP_DEBUG_COMMON, "Multicast Packet: %s -> %s, ret = %d, size = %zu, addrlen = %zu", -+ sockunion2str(&p->vc->local.nbma, buf[0], sizeof(buf[0])), -+ sockunion2str(&p->vc->remote.nbma, buf[1], sizeof(buf[1])), -+ ret, zbuf_used(zb), addrlen); ++ debugf(NHRP_DEBUG_COMMON, ++ "Multicast Packet: %s -> %s, ret = %d, size = %zu, addrlen = %zu", ++ sockunion2str(&p->vc->local.nbma, buf[0], sizeof(buf[0])), ++ sockunion2str(&p->vc->remote.nbma, buf[1], sizeof(buf[1])), ret, ++ zbuf_used(zb), addrlen); +} + -+static void nhrp_multicast_forward_nbma(union sockunion *nbma_addr, struct interface *ifp, struct zbuf *pkt) ++static void nhrp_multicast_forward_nbma(union sockunion *nbma_addr, ++ struct interface *ifp, struct zbuf *pkt) +{ + struct nhrp_peer *p = nhrp_peer_get(ifp, nbma_addr); -+ if(p && p->online) { ++ ++ if (p && p->online) { + /* Send packet */ + nhrp_multicast_send(p, pkt); + } @@ -157,7 +180,8 @@ Signed-off-by: Reuben Dowle + struct mcast_ctx *ctx = (struct mcast_ctx *)pctx; + + if (c->cur.type == NHRP_CACHE_DYNAMIC && c->cur.peer) -+ nhrp_multicast_forward_nbma(&c->cur.peer->vc->remote.nbma, ctx->ifp, ctx->pkt); ++ nhrp_multicast_forward_nbma(&c->cur.peer->vc->remote.nbma, ++ ctx->ifp, ctx->pkt); +} + +static void nhrp_multicast_forward(struct nhrp_multicast *mcast, void *pctx) @@ -170,7 +194,8 @@ Signed-off-by: Reuben Dowle + + /* dynamic */ + if (sockunion_family(&mcast->nbma_addr) == AF_UNSPEC) { -+ nhrp_cache_foreach(ctx->ifp, nhrp_multicast_forward_cache, pctx); ++ nhrp_cache_foreach(ctx->ifp, nhrp_multicast_forward_cache, ++ pctx); + return; + } + @@ -182,50 +207,45 @@ Signed-off-by: Reuben Dowle +{ + struct nfgenmsg *nf; + struct rtattr *rta; -+ struct zbuf rtapl, pktpl; -+ struct interface *ifp; ++ struct zbuf rtapl; + uint32_t *out_ndx = NULL; + afi_t afi; + struct mcast_ctx ctx; + -+ debugf(NHRP_DEBUG_COMMON,"Inside %s\n", __func__); -+ + nf = znl_pull(zb, sizeof(*nf)); + if (!nf) + return; + -+ memset(&pktpl, 0, sizeof(pktpl)); ++ ctx.pkt = NULL; + while ((rta = znl_rta_pull(zb, &rtapl)) != NULL) { + switch (rta->rta_type) { + case NFULA_IFINDEX_OUTDEV: + out_ndx = znl_pull(&rtapl, sizeof(*out_ndx)); + break; + case NFULA_PAYLOAD: -+ pktpl = rtapl; ++ ctx.pkt = &rtapl; + break; + /* NFULA_HWHDR exists and is supposed to contain source + * hardware address. However, for ip_gre it seems to be + * the nexthop destination address if the packet matches -+ * route. */ ++ * route. ++ */ + } + } + -+ if (!out_ndx || !zbuf_used(&pktpl)) ++ if (!out_ndx || !ctx.pkt) + return; + -+ ifp = if_lookup_by_index(htonl(*out_ndx), VRF_DEFAULT); -+ if (!ifp) ++ ctx.ifp = if_lookup_by_index(htonl(*out_ndx), VRF_DEFAULT); ++ if (!ctx.ifp) + return; + -+ debugf(NHRP_DEBUG_COMMON,"Outgoing interface = %s\n", ifp->name); -+ -+ ctx = (struct mcast_ctx) { -+ .ifp = ifp, -+ .pkt = &pktpl, -+ }; ++ debugf(NHRP_DEBUG_COMMON, "Received multicast packet on %s len %zu\n", ++ ctx.ifp->name, zbuf_used(ctx.pkt)); + + for (afi = 0; afi < AFI_MAX; afi++) { -+ nhrp_multicast_foreach(ifp, afi, nhrp_multicast_forward, (void *)&ctx); ++ nhrp_multicast_foreach(ctx.ifp, afi, nhrp_multicast_forward, ++ (void *)&ctx); + } +} + @@ -281,7 +301,7 @@ Signed-off-by: Reuben Dowle + zbuf_free(zb); +} + -+static void netlink_mcast_set_nflog_group(struct interface *ifp, int nlgroup) ++void netlink_mcast_set_nflog_group(int nlgroup) +{ + if (netlink_mcast_log_fd >= 0) { + THREAD_OFF(netlink_mcast_log_thread); @@ -296,22 +316,24 @@ Signed-off-by: Reuben Dowle + return; + + netlink_mcast_log_register(netlink_mcast_log_fd, nlgroup); -+ thread_add_read(master, netlink_mcast_log_recv, 0, netlink_mcast_log_fd, ++ thread_add_read(master, netlink_mcast_log_recv, 0, ++ netlink_mcast_log_fd, + &netlink_mcast_log_thread); -+ debugf(NHRP_DEBUG_COMMON, "Register nflog group: %d", netlink_mcast_nflog_group); ++ debugf(NHRP_DEBUG_COMMON, "Register nflog group: %d", ++ netlink_mcast_nflog_group); + } +} + -+static int nhrp_multicast_free(struct interface *ifp, struct nhrp_multicast *mcast) ++static int nhrp_multicast_free(struct interface *ifp, ++ struct nhrp_multicast *mcast) +{ + list_del(&mcast->list_entry); + XFREE(MTYPE_NHRP_MULTICAST, mcast); -+ if (--nhrp_multicast_ip_count == 0) -+ netlink_mcast_set_nflog_group(ifp, 0); + return 0; +} + -+int nhrp_multicast_add(struct interface *ifp, afi_t afi, union sockunion *nbma_addr) ++int nhrp_multicast_add(struct interface *ifp, afi_t afi, ++ union sockunion *nbma_addr) +{ + struct nhrp_interface *nifp = ifp->info; + struct nhrp_multicast *mcast; @@ -326,24 +348,18 @@ Signed-off-by: Reuben Dowle + mcast = XMALLOC(MTYPE_NHRP_MULTICAST, sizeof(struct nhrp_multicast)); + + *mcast = (struct nhrp_multicast){ -+ .afi = afi, -+ .ifp = ifp, -+ .nbma_addr = *nbma_addr, ++ .afi = afi, .ifp = ifp, .nbma_addr = *nbma_addr, + }; + list_add_tail(&mcast->list_entry, &nifp->afi[afi].mcastlist_head); + -+ if (netlink_mcast_log_fd == -1) -+ netlink_mcast_set_nflog_group(ifp, MCAST_NFLOG_GROUP); -+ -+ nhrp_multicast_ip_count++; -+ + sockunion2str(nbma_addr, buf, sizeof(buf)); -+ debugf(NHRP_DEBUG_COMMON, "Adding multicast entry (%s) [%d]", buf, nhrp_multicast_ip_count); ++ debugf(NHRP_DEBUG_COMMON, "Adding multicast entry (%s)", buf); + + return NHRP_OK; +} + -+int nhrp_multicast_del(struct interface *ifp, afi_t afi, union sockunion *nbma_addr) ++int nhrp_multicast_del(struct interface *ifp, afi_t afi, ++ union sockunion *nbma_addr) +{ + struct nhrp_interface *nifp = ifp->info; + struct nhrp_multicast *mcast, *tmp; @@ -356,7 +372,7 @@ Signed-off-by: Reuben Dowle + continue; + + sockunion2str(nbma_addr, buf, sizeof(buf)); -+ debugf(NHRP_DEBUG_COMMON, "Deleting multicast entry (%s) [%d]", buf, nhrp_multicast_ip_count); ++ debugf(NHRP_DEBUG_COMMON, "Deleting multicast entry (%s)", buf); + + nhrp_multicast_free(ifp, mcast); + @@ -373,43 +389,86 @@ Signed-off-by: Reuben Dowle + afi_t afi; + + for (afi = 0; afi < AFI_MAX; afi++) { -+ debugf(NHRP_DEBUG_COMMON, "Cleaning up multicast entries (%d, %d)", !list_empty(&nifp->afi[afi].mcastlist_head), nhrp_multicast_ip_count); ++ debugf(NHRP_DEBUG_COMMON, ++ "Cleaning up multicast entries (%d)", ++ !list_empty(&nifp->afi[afi].mcastlist_head)); + + list_for_each_entry_safe( -+ mcast, tmp, &nifp->afi[afi].mcastlist_head, -+ list_entry) { ++ mcast, tmp, &nifp->afi[afi].mcastlist_head, list_entry) ++ { + nhrp_multicast_free(ifp, mcast); + } + } +} + +void nhrp_multicast_foreach(struct interface *ifp, afi_t afi, -+ void (*cb)(struct nhrp_multicast *, void *), -+ void *ctx) ++ void (*cb)(struct nhrp_multicast *, void *), ++ void *ctx) +{ + struct nhrp_interface *nifp = ifp->info; + struct nhrp_multicast *mcast; + + list_for_each_entry(mcast, &nifp->afi[afi].mcastlist_head, list_entry) + { -+ cb (mcast, ctx); ++ cb(mcast, ctx); + } +} --- a/nhrpd/nhrp_peer.c +++ b/nhrpd/nhrp_peer.c -@@ -337,7 +337,8 @@ void nhrp_peer_send(struct nhrp_peer *p, +@@ -337,7 +337,7 @@ void nhrp_peer_send(struct nhrp_peer *p, os_sendmsg(zb->head, zbuf_used(zb), p->ifp->ifindex, sockunion_get_addr(&p->vc->remote.nbma), - sockunion_get_addrlen(&p->vc->remote.nbma)); -+ sockunion_get_addrlen(&p->vc->remote.nbma), -+ ETH_P_NHRP); ++ sockunion_get_addrlen(&p->vc->remote.nbma), ETH_P_NHRP); zbuf_reset(zb); } --- a/nhrpd/nhrp_vty.c +++ b/nhrpd/nhrp_vty.c -@@ -569,6 +569,53 @@ DEFUN(if_no_nhrp_map, if_no_nhrp_map_cmd +@@ -187,6 +187,9 @@ static int nhrp_config_write(struct vty + if (netlink_nflog_group) { + vty_out(vty, "nhrp nflog-group %d\n", netlink_nflog_group); + } ++ if (netlink_mcast_nflog_group) ++ vty_out(vty, "nhrp multicast-nflog-group %d\n", ++ netlink_mcast_nflog_group); + + return 0; + } +@@ -257,6 +260,31 @@ DEFUN(no_nhrp_nflog_group, no_nhrp_nflog + return CMD_SUCCESS; + } + ++DEFUN(nhrp_multicast_nflog_group, nhrp_multicast_nflog_group_cmd, ++ "nhrp multicast-nflog-group (1-65535)", ++ NHRP_STR ++ "Specify NFLOG group number for Multicast Packets\n" ++ "NFLOG group number\n") ++{ ++ uint32_t nfgroup; ++ ++ nfgroup = strtoul(argv[2]->arg, NULL, 10); ++ netlink_mcast_set_nflog_group(nfgroup); ++ ++ return CMD_SUCCESS; ++} ++ ++DEFUN(no_nhrp_multicast_nflog_group, no_nhrp_multicast_nflog_group_cmd, ++ "no nhrp multicast-nflog-group [(1-65535)]", ++ NO_STR ++ NHRP_STR ++ "Specify NFLOG group number\n" ++ "NFLOG group number\n") ++{ ++ netlink_mcast_set_nflog_group(0); ++ return CMD_SUCCESS; ++} ++ + DEFUN(tunnel_protection, tunnel_protection_cmd, + "tunnel protection vici profile PROFILE [fallback-profile FALLBACK]", + "NHRP/GRE integration\n" +@@ -569,6 +597,53 @@ DEFUN(if_no_nhrp_map, if_no_nhrp_map_cmd return CMD_SUCCESS; } @@ -463,7 +522,49 @@ Signed-off-by: Reuben Dowle DEFUN(if_nhrp_nhs, if_nhrp_nhs_cmd, AFI_CMD " nhrp nhs nbma ", AFI_STR -@@ -1040,6 +1087,7 @@ static int interface_config_write(struct +@@ -644,8 +719,8 @@ static void show_ip_nhrp_cache(struct nh + + sockunion2str(&c->remote_addr, buf[0], sizeof(buf[0])); + if (c->cur.peer) +- sockunion2str(&c->cur.peer->vc->remote.nbma, +- buf[1], sizeof(buf[1])); ++ sockunion2str(&c->cur.peer->vc->remote.nbma, buf[1], ++ sizeof(buf[1])); + else + snprintf(buf[1], sizeof(buf[1]), "-"); + +@@ -704,8 +779,8 @@ static void show_ip_nhrp_nhs(struct nhrp + ctx->count++; + + if (reg && reg->peer) +- sockunion2str(®->peer->vc->remote.nbma, +- buf[0], sizeof(buf[0])); ++ sockunion2str(®->peer->vc->remote.nbma, buf[0], ++ sizeof(buf[0])); + else + snprintf(buf[0], sizeof(buf[0]), "-"); + sockunion2str(reg ? ®->proto_addr : &n->proto_addr, buf[1], +@@ -1018,7 +1093,8 @@ struct write_map_ctx { + const char *aficmd; + }; + +-static void interface_config_write_nhrp_map(struct nhrp_cache_config *c, void *data) ++static void interface_config_write_nhrp_map(struct nhrp_cache_config *c, ++ void *data) + { + struct write_map_ctx *ctx = data; + struct vty *vty = ctx->vty; +@@ -1030,7 +1106,8 @@ static void interface_config_write_nhrp_ + vty_out(vty, " %s nhrp map %s %s\n", ctx->aficmd, + sockunion2str(&c->remote_addr, buf[0], sizeof(buf[0])), + c->type == NHRP_CACHE_LOCAL +- ? "local" : sockunion2str(&c->nbma, buf[1], sizeof(buf[1]))); ++ ? "local" ++ : sockunion2str(&c->nbma, buf[1], sizeof(buf[1]))); + } + + static int interface_config_write(struct vty *vty) +@@ -1040,6 +1117,7 @@ static int interface_config_write(struct struct interface *ifp; struct nhrp_interface *nifp; struct nhrp_nhs *nhs; @@ -471,7 +572,18 @@ Signed-off-by: Reuben Dowle const char *aficmd; afi_t afi; char buf[SU_ADDRSTRLEN]; -@@ -1109,6 +1157,19 @@ static int interface_config_write(struct +@@ -1093,8 +1171,8 @@ static int interface_config_write(struct + .family = afi2family(afi), + .aficmd = aficmd, + }; +- nhrp_cache_config_foreach(ifp, interface_config_write_nhrp_map, +- &mapctx); ++ nhrp_cache_config_foreach( ++ ifp, interface_config_write_nhrp_map, &mapctx); + + list_for_each_entry(nhs, &ad->nhslist_head, + nhslist_entry) +@@ -1109,6 +1187,19 @@ static int interface_config_write(struct sizeof(buf)), nhs->nbma_fqdn); } @@ -485,13 +597,22 @@ Signed-off-by: Reuben Dowle + == AF_UNSPEC + ? "dynamic" + : sockunion2str( -+ &mcast->nbma_addr, buf, -+ sizeof(buf))); ++ &mcast->nbma_addr, ++ buf, sizeof(buf))); + } } vty_endframe(vty, "!\n"); -@@ -1163,6 +1224,8 @@ void nhrp_config_init(void) +@@ -1142,6 +1233,8 @@ void nhrp_config_init(void) + install_element(CONFIG_NODE, &no_nhrp_event_socket_cmd); + install_element(CONFIG_NODE, &nhrp_nflog_group_cmd); + install_element(CONFIG_NODE, &no_nhrp_nflog_group_cmd); ++ install_element(CONFIG_NODE, &nhrp_multicast_nflog_group_cmd); ++ install_element(CONFIG_NODE, &no_nhrp_multicast_nflog_group_cmd); + + /* interface specific commands */ + install_node(&nhrp_interface_node); +@@ -1163,6 +1256,8 @@ void nhrp_config_init(void) install_element(INTERFACE_NODE, &if_no_nhrp_reg_flags_cmd); install_element(INTERFACE_NODE, &if_nhrp_map_cmd); install_element(INTERFACE_NODE, &if_no_nhrp_map_cmd); @@ -502,15 +623,7 @@ Signed-off-by: Reuben Dowle } --- a/nhrpd/nhrpd.h +++ b/nhrpd/nhrpd.h -@@ -24,6 +24,7 @@ DECLARE_MGROUP(NHRPD) - - #define NHRP_VTY_PORT 2610 - #define NHRP_DEFAULT_CONFIG "nhrpd.conf" -+#define MCAST_NFLOG_GROUP 224 - - extern struct thread_master *master; - -@@ -259,6 +260,13 @@ struct nhrp_nhs { +@@ -259,6 +259,13 @@ struct nhrp_nhs { struct list_head reglist_head; }; @@ -524,7 +637,7 @@ Signed-off-by: Reuben Dowle struct nhrp_registration { struct list_head reglist_entry; struct thread *t_register; -@@ -304,6 +312,7 @@ struct nhrp_interface { +@@ -304,6 +311,7 @@ struct nhrp_interface { unsigned short mtu; unsigned int holdtime; struct list_head nhslist_head; @@ -532,16 +645,19 @@ Signed-off-by: Reuben Dowle } afi[AFI_MAX]; }; -@@ -345,6 +354,13 @@ void nhrp_nhs_foreach(struct interface * +@@ -345,6 +353,16 @@ void nhrp_nhs_foreach(struct interface * void *ctx); void nhrp_nhs_interface_del(struct interface *ifp); -+int nhrp_multicast_add(struct interface *ifp, afi_t afi, union sockunion *nbma_addr); -+int nhrp_multicast_del(struct interface *ifp, afi_t afi, union sockunion *nbma_addr); ++int nhrp_multicast_add(struct interface *ifp, afi_t afi, ++ union sockunion *nbma_addr); ++int nhrp_multicast_del(struct interface *ifp, afi_t afi, ++ union sockunion *nbma_addr); +void nhrp_multicast_interface_del(struct interface *ifp); +void nhrp_multicast_foreach(struct interface *ifp, afi_t afi, -+ void (*cb)(struct nhrp_multicast *, void *), -+ void *ctx); ++ void (*cb)(struct nhrp_multicast *, void *), ++ void *ctx); ++void netlink_mcast_set_nflog_group(int nlgroup); + void nhrp_route_update_nhrp(const struct prefix *p, struct interface *ifp); void nhrp_route_announce(int add, enum nhrp_cache_type type, @@ -733,7 +849,7 @@ Signed-off-by: Reuben Dowle ospf_nbr_self_reset(oi, oi->ospf->router_id); --- a/doc/user/nhrpd.rst +++ b/doc/user/nhrpd.rst -@@ -189,6 +189,34 @@ and +@@ -189,6 +189,37 @@ and https://git.alpinelinux.org/user/tteras/strongswan/log/?h=tteras git repositories for the patches. @@ -746,11 +862,14 @@ Signed-off-by: Reuben Dowle +protocols that use multicast (such as OSPF) to be supported in the DMVPN +network. + -+This support requires an NFLOG redirection rule to work: ++This support requires an iptables NFLOG rule to allow nhrpd to intercept ++multicast packets. A second iptables rule is also usually used to drop the ++original multicast packet. + + .. code-block:: shell + -+ iptables -I OUTPUT -d 224.0.0.0/24 -o gre1 -j NFLOG --nflog-group 2 ++ iptables -A OUTPUT -d 224.0.0.0/24 -o gre1 -j NFLOG --nflog-group 2 ++ iptables -A OUTPUT -d 224.0.0.0/24 -o gre1 -j DROP + +.. index:: nhrp multicast-nflog-group (1-65535) +.. clicmd:: nhrp multicast-nflog-group (1-65535) @@ -791,3 +910,55 @@ Signed-off-by: Reuben Dowle .. _showing-ospf-information: +--- a/nhrpd/netlink.h ++++ b/nhrpd/netlink.h +@@ -13,6 +13,7 @@ union sockunion; + struct interface; + + extern int netlink_nflog_group; ++extern int netlink_mcast_nflog_group; + extern int netlink_req_fd; + + void netlink_init(void); +--- a/ospfd/ospf_packet.c ++++ b/ospfd/ospf_packet.c +@@ -802,7 +802,13 @@ static int ospf_write(struct thread *thr + inet_ntoa(iph.ip_dst), iph.ip_id, iph.ip_off, + iph.ip_len, oi->ifp->name, oi->ifp->mtu); + +- if (ret < 0) ++ /* sendmsg will return EPERM if firewall is blocking sending. ++ * This is a normal situation when 'ip nhrp map multicast xxx' ++ * is being used to send multicast packets to DMVPN peers. In ++ * that case the original message is blocked with iptables rule ++ * causing the EPERM result ++ */ ++ if (ret < 0 && errno != EPERM) + flog_err( + EC_LIB_SOCKET, + "*** sendmsg in ospf_write failed to %s, id %d, off %d, len %d, interface %s, mtu %u: %s", +@@ -910,8 +916,11 @@ static void ospf_hello(struct ip *iph, s + + /* Compare network mask. */ + /* Checking is ignored for Point-to-Point and Virtual link. */ ++ /* Checking is also ignored for Point-to-Multipoint with /32 prefix */ + if (oi->type != OSPF_IFTYPE_POINTOPOINT +- && oi->type != OSPF_IFTYPE_VIRTUALLINK) ++ && oi->type != OSPF_IFTYPE_VIRTUALLINK ++ && !(oi->type == OSPF_IFTYPE_POINTOMULTIPOINT ++ && oi->address->prefixlen == IPV4_MAX_BITLEN)) + if (oi->address->prefixlen != p.prefixlen) { + flog_warn( + EC_OSPF_PACKET, +@@ -2439,6 +2448,11 @@ static int ospf_check_network_mask(struc + || oi->type == OSPF_IFTYPE_VIRTUALLINK) + return 1; + ++ /* Ignore mask check for max prefix length (32) */ ++ if (oi->type == OSPF_IFTYPE_POINTOMULTIPOINT ++ && oi->address->prefixlen == IPV4_MAX_BITLEN) ++ return 1; ++ + masklen2ip(oi->address->prefixlen, &mask); + + me.s_addr = oi->address->u.prefix4.s_addr & mask.s_addr; diff --git a/net/frr/patches/053-more_SA_fixes.patch b/net/frr/patches/053-more_SA_fixes.patch deleted file mode 100644 index 5d4aab1e08..0000000000 --- a/net/frr/patches/053-more_SA_fixes.patch +++ /dev/null @@ -1,96 +0,0 @@ -From bd9caa8f11d931db21f628ad61be042147861ad4 Mon Sep 17 00:00:00 2001 -From: Mark Stapp -Date: Fri, 26 Feb 2021 11:16:09 -0500 -Subject: [PATCH 1/3] lib: fix some misc SA warnings - -- clippy.c: fix valid memleak -- defun_lex.l: suppress warnings in generated code -- northbound_cli.c: suppress warning in eldritch libyang macro - -Signed-off-by: Quentin Young ---- - lib/clippy.c | 4 +++- - lib/defun_lex.l | 4 ++++ - lib/northbound_cli.c | 12 ++++++++++++ - 3 files changed, 19 insertions(+), 1 deletion(-) - ---- a/lib/clippy.c -+++ b/lib/clippy.c -@@ -51,7 +51,8 @@ int main(int argc, char **argv) - #if PY_VERSION_HEX >= 0x03040000 /* 3.4 */ - Py_SetStandardStreamEncoding("UTF-8", NULL); - #endif -- Py_SetProgramName(wconv(argv[0])); -+ wchar_t *name = wconv(argv[0]); -+ Py_SetProgramName(name); - PyImport_AppendInittab("_clippy", command_py_init); - - Py_Initialize(); -@@ -67,6 +68,8 @@ int main(int argc, char **argv) - fp = fopen(pyfile, "r"); - if (!fp) { - fprintf(stderr, "%s: %s\n", pyfile, strerror(errno)); -+ -+ free(name); - return 1; - } - } else { -@@ -85,6 +88,8 @@ int main(int argc, char **argv) - if (PyRun_AnyFile(fp, pyfile)) { - if (PyErr_Occurred()) - PyErr_Print(); -+ -+ free(name); - return 1; - } - Py_Finalize(); -@@ -93,6 +98,7 @@ int main(int argc, char **argv) - for (int i = 1; i < argc; i++) - free(wargv[i - 1]); - #endif -+ free(name); - free(wargv); - return 0; - } ---- a/lib/defun_lex.l -+++ b/lib/defun_lex.l -@@ -80,6 +80,8 @@ static void extendbuf(char **what, const - } - #define extend(x) extendbuf(&value, x) - -+#ifndef __clang_analyzer__ -+ - %} - - ID [A-Za-z0-9_]+ -@@ -157,6 +159,8 @@ SPECIAL [(),] - - %% - -+#endif /* __clang_analyzer__ */ -+ - static int yylex_clr(char **retbuf) - { - int rv = def_yylex(); ---- a/lib/northbound_cli.c -+++ b/lib/northbound_cli.c -@@ -595,7 +595,19 @@ void nb_cli_show_dnode_cmds(struct vty * - (*nb_node->cbs.cli_show_end)(vty, parent); - } - -+ /* -+ * There is a possible path in this macro that ends up -+ * dereferencing child->parent->parent. We just null checked -+ * child->parent by checking (ly_iter_next_up(child) != NULL) -+ * above. -+ * -+ * I am not sure whether it is possible for the other -+ * conditions within this macro guarding the problem -+ * dereference to be satisfied when child->parent == NULL. -+ */ -+#ifndef __clang_analyzer__ - LY_TREE_DFS_END(root, next, child); -+#endif - } - } - diff --git a/net/frr/patches/053-nhrpd_replace_socket.patch b/net/frr/patches/053-nhrpd_replace_socket.patch new file mode 100644 index 0000000000..9ee3db1a60 --- /dev/null +++ b/net/frr/patches/053-nhrpd_replace_socket.patch @@ -0,0 +1,82 @@ +From 354196c027e81affb05163a6c3676eef1ba06dd9 Mon Sep 17 00:00:00 2001 +From: Zoran Pericic +Date: Sat, 25 Jan 2020 19:38:39 +0100 +Subject: [PATCH] nhrp: Make vici socket path configurable +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +nhrp: Configure vici socket path using + +configure --with-vici-socket=/var/run/charon.vici + +If not specified default to /var/run/charon.vici + +Signed-off-by: Zoran Peričić +--- + configure.ac | 8 ++++++++ + doc/user/installation.rst | 4 ++++ + nhrpd/README.nhrpd | 3 ++- + nhrpd/vici.c | 2 +- + 4 files changed, 15 insertions(+), 2 deletions(-) + +--- a/configure.ac ++++ b/configure.ac +@@ -139,6 +139,13 @@ AC_ARG_WITH([yangmodelsdir], [AS_HELP_ST + ]) + AC_SUBST([yangmodelsdir]) + ++AC_ARG_WITH([vici-socket], [AS_HELP_STRING([--with-vici-socket=PATH], [vici-socket (/var/run/charon.vici)])], [ ++ vici_socket="$withval" ++], [ ++ vici_socket="/var/run/charon.vici" ++]) ++AC_DEFINE_UNQUOTED([VICI_SOCKET], ["$vici_socket"], [StrongSWAN vici socket path]) ++ + AC_ARG_ENABLE(tcmalloc, + AS_HELP_STRING([--enable-tcmalloc], [Turn on tcmalloc]), + [case "${enableval}" in +@@ -2480,6 +2487,7 @@ group for vty sockets : ${enable_vty_g + config file mask : ${enable_configfile_mask} + log file mask : ${enable_logfile_mask} + zebra protobuf enabled : ${enable_protobuf:-no} ++vici socket path : ${vici_socket} + + The above user and group must have read/write access to the state file + directory and to the config files in the config file directory." +--- a/doc/user/installation.rst ++++ b/doc/user/installation.rst +@@ -383,6 +383,10 @@ options to the configuration script. + Look for YANG modules in `dir` [`prefix`/share/yang]. Note that the FRR + YANG modules will be installed here. + ++.. option:: --with-vici-socket ++ ++ Set StrongSWAN vici interface socket path [/var/run/charon.vici]. ++ + Python dependency, documentation and tests + ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +--- a/nhrpd/README.nhrpd ++++ b/nhrpd/README.nhrpd +@@ -126,7 +126,8 @@ Integration with strongSwan + + Contrary to opennhrp, Quagga/NHRP has tight integration with IKE daemon. + Currently strongSwan is supported using the VICI protocol. strongSwan +-is connected using UNIX socket (hardcoded now as /var/run/charon.vici). ++is connected using UNIX socket (default /var/run/charon.vici use configure ++argument --with-vici-socket= to change). + Thus nhrpd needs to be run as user that can open that file. + + Currently, you will need patched strongSwan. The working tree is at: +--- a/nhrpd/vici.c ++++ b/nhrpd/vici.c +@@ -478,7 +478,7 @@ static int vici_reconnect(struct thread + if (vici->fd >= 0) + return 0; + +- fd = sock_open_unix("/var/run/charon.vici"); ++ fd = sock_open_unix(VICI_SOCKET); + if (fd < 0) { + debugf(NHRP_DEBUG_VICI, + "%s: failure connecting VICI socket: %s", __func__,