Commit graph

500 commits

Author SHA1 Message Date
Ondrej Zajicek (work)
78ddfd2600 Trie: Clarify handling of less-common net types
For convenience, Trie functions generally accept as input values not only
NET_IPx types of nets, but also NET_VPNx and NET_ROAx types. But returned
values are always NET_IPx types.
2021-12-02 03:35:29 +01:00
Ondrej Zajicek (work)
14fc24f3a5 Trie: Implement longest-prefix-match queries and walks
The prefix trie now supports longest-prefix-match query by function
trie_match_longest_ipX() and it can be extended to iteration over all
covering prefixes for a given prefix (from longest to shortest) using
TRIE_WALK_TO_ROOT_IPx() macro.
2021-11-26 03:26:36 +01:00
Ondrej Zajicek (work)
062e69bf52 Trie: Implement trie walking code
Trie walking allows enumeration of prefixes in a trie in the usual
lexicographic order. Optionally, trie enumeration can be restricted
to a chosen subnet (and its descendants).
2021-11-19 18:04:32 +01:00
Ondrej Zajicek (work)
71c18d9f53 Trie: Simplify network matching code
Introduce ipX_prefix_equal() and use it to simplify network matching code.
2021-11-13 21:11:18 +01:00
Ondrej Zajicek (work)
067f69a56d Filter: Add prefix trie benchmarks
Add trie tests intended as benchmarks that use external datasets
instead of generated prefixes. As datasets are not included, they
are commented out by default.
2021-09-25 16:06:43 +02:00
Ondrej Zajicek (work)
e709dc09e6 Filter: Improve prefix trie tests
Add tests explicitly matching insides and outsides of trie and update
tests to do testing of both IPv4 and IPv6 tries.
2021-09-25 16:06:43 +02:00
Ondrej Zajicek (work)
dd61278c9d Filter: Update trie documentation 2021-09-25 16:06:43 +02:00
Ondrej Zajicek (work)
562a2b8c29 Filter: Fix trie test
Generated prefixes must be valid.
2021-09-25 16:06:43 +02:00
Ondrej Zajicek (work)
13225f1dbf Filter: Faster prefix sets
Use 16-way (4bit) branching in prefix trie instead of basic binary
branching. The change makes IPv4 prefix sets almost 3x faster, but
with more memory consumption and much more complicated algorithm.

Together with a previous filter change, it makes IPv4 prefix sets
about ~4.3x faster and slightly smaller (on my test data).
2021-09-25 16:06:43 +02:00
Ondrej Zajicek (work)
abc9ccc5cb Flowspec: Label field should use numeric operator and not bitmask operator 2021-05-18 20:23:08 +02:00
Ondrej Zajicek (work)
dd8481cc1c Flowspec: Do not use comma for bitmask operators
For numeric operators, comma is used for disjunction in expressions like
"10, 20, 30..40". But for bitmask operators, comma is used for
conjunction in a way that does not really make much sense. Use always
explicit logical operators (&& and ||) to connect bitmask operators.

Thanks to Matt Corallo for the bugreport.
2021-05-18 19:54:18 +02:00
Trisha Biswas
e5468d1685 Filter: Add MPLS label route attribute
Add support to set or read outgoing MPLS labels using filters. Currently
this supports the addition of one label per route for the first next hop.

Minor changes by committer.
2021-05-17 17:50:04 +02:00
Ondrej Zajicek (work)
94abefc00b Filter: Update 'gw' to handle IPv6 link-local addresses
When a link-local address is set, use the existing iface for scope.

Thanks to Marcel Krüger for the bugreport.
2021-03-15 18:37:18 +01:00
Ondrej Zajicek (work)
d06a875b04 Filter: Recursive filter iteration code
Add macros for recursive filter iteration that allows to examine
all instructions reachable from a filter.
2021-02-07 19:21:42 +01:00
Ondrej Zajicek (work)
9e2635505a Filter: Fix return on top-level
Broken detection of top-level case caused crash when return was called
from top-of-stack position. It should behave as reject/accept.

Thanks to Damian Zaremba for the bugreport.
2020-12-28 15:23:28 +01:00
Ondrej Zajicek (work)
8cc5bb09e3 Filter: Add 'weight' route attribute
Add 'weight' route attribute that allows to get and set ECMP weight of
nexthops. Similar to 'gw' attribute, it is limited to the first nexthop,
but it is useful for handling BGP multipath, where an ECMP route is
merged from multiple regular routes.
2020-12-02 05:02:26 +01:00
Ondrej Zajicek (work)
30b8468269 Minor cleanups with cfg_allocz()
Also fixes some more failed asserts due to add_tail().
2020-11-24 04:09:11 +01:00
Kazuki Yamaguchi
a948cf9a5c Filter: Improve handling of sets in BGP path masks
Compare the content of PM_ASN_SET in path masks. A reconfiguration
was not properly triggering a reload of affected protocols when the
members of a set in a path mask change.

Also, update the printing code to so that it can display sets in a path
mask.
2020-06-28 15:37:01 +02:00
Kazuki Yamaguchi
4ef0a96639 Filter: Fix comparison of BGP path mask
Add a missing return statement. Path masks with the same length were all
considered the same. Comparing two with different length would cause
out-of-bounds memory access.
2020-06-28 15:33:26 +02:00
Ondrej Zajicek (work)
ec430a7fee Nest: Implement BGP path mask loop operator
Implement regex-like '+' operator in BGP path masks to match previous
path mask item multiple times. This is useful as ASNs may appear
multiple times in paths due to path prepending for traffic engineering
purposes.
2020-05-18 16:25:08 +02:00
Ondrej Zajicek (work)
82bfee76f0 Filter: Remove quitbird command
No need for this debug filter command and it can be abused from CLI.
2020-05-02 02:47:18 +02:00
Maria Matejka
d65a926a67 Filter: Don't alloc varargs array if its length would be zero 2020-05-01 15:19:12 +02:00
Maria Matejka
30ba7c1661 Filter: Removed forgotten dead code 2020-05-01 15:19:12 +02:00
Maria Matejka
124d860f64 Filter: fixed omitted overflow check in EC constructor 2020-04-28 16:21:06 +02:00
Maria Matejka
fd9f0c0640 Configuration strings are constant.
This is merely a const propagation. There was no problem in there.
2020-04-09 15:37:14 +02:00
Ondrej Zajicek (work)
c9d11e6230 Filter: Remove mixed address tests and fix formatting 2020-03-26 04:59:15 +01:00
Ondrej Zajicek (work)
2755002890 Filter: Optimize IPv4 prefix sets
Use separate IPv4 and IPv6 implementation of prefix sets. Just this
change makes IPv4 prefix sets 60% smaller and 50% faster.
2020-03-26 03:57:48 +01:00
Ondrej Zajicek (work)
ef8c45749c Filter: Fix typecheck for AND/OR.
Do not apply dynamic type check for second argument of AND/OR, as it is
not evaluated immediately like regular argument would be.

Thanks to Mikael for the bugreport.
2020-01-07 01:24:30 +01:00
Ondrej Zajicek (work)
3dabf7b8d0 Test: Improve filter_test
Initial parsing of test.conf must be done directly in filter_test main,
while reconfiguration is handled as a regular test. Also fix several
minor issues in test code.
2019-12-17 00:01:53 +01:00
Maria Matejka
d3aa4f2aed Filter: fix filter comparison test 2019-12-12 15:42:46 +01:00
Ondrej Zajicek (work)
dfb3eb7716 Filter: Fix function comparison
Check the SYM_FLAG_SAME in new symbols. The old code checked that
in old symbols (f2).
2019-12-10 18:53:16 +01:00
Ondrej Zajicek (work)
ff2ca10cba Filter: Add support for src/dst accessors for Flowspec and SADR 2019-12-09 04:23:01 +01:00
Ondrej Zajicek (work)
10c4cd9677 Filter: Add type info for more instructions 2019-11-05 15:30:20 +01:00
Ondrej Zajicek (work)
87512e9751 Filter: Improve typecheck error messages 2019-11-05 15:30:16 +01:00
Ondrej Zajicek (work)
c00c20a799 Filter: Better constant promotion
We use constant promotion from IPv4 to Router-ID values, as they have
same literals. Instead of ad-hoc code in filter instructions, add
constant promotion code to parse-time typecheck code.
2019-11-05 15:28:47 +01:00
Ondrej Zajicek (work)
26194bd684 Filter: Improved parse-time typechecks 2019-11-05 15:28:47 +01:00
Ondrej Zajicek
6fbcd8914a Filter: Parse-time typechecks
Most expressions can be type-validated in parse time. It is not
strong enough to eliminate runtime checks, but at least one gets
errors immediately during reconfigure.
2019-11-05 15:28:47 +01:00
Ondrej Zajicek (work)
0edf0c8cd9 Support for address family constants
We already had them defined on BGP level, but they are more general.
2019-11-03 22:25:44 +01:00
Ondrej Zajicek (work)
ea0917bcba Filter: Fix eval command 2019-09-24 00:18:48 +02:00
Maria Matejka
3f477ccb03 Filters: Function body comparison result now used.
Function bodies were compared in post-parse time, yet the result was not
used and the functions were incorrectly considered the same as before.

Now the result is used to reload affected protocols.
2019-09-23 14:03:26 +02:00
Ondrej Zajicek (work)
452e90ba72 Filter: Fix crash with 'where' filters and function calls
The old 'where' code computed size value incorrectly, which leads
to invalid instruction lines and filter errors or crashes.
2019-09-10 13:45:18 +02:00
Maria Matejka
dfe63ed84d Filter: Fixing empty block and never-executed-statement bug 2019-08-13 16:45:27 +02:00
Ondrej Zajicek (work)
9f3e098320 Filter: Allow to use set constants / expressions in path masks
Allow to not only use set literals in path masks, but also existing
set constants or set expressions.
2019-08-06 18:54:19 +02:00
Ondrej Zajicek (work)
ef113c6f72 Filter: Allow to use sets in path masks 2019-08-06 16:58:13 +02:00
Maria Matejka
2de1e2062e Conf: Fixed symbol redefinition 2019-07-30 14:28:40 +02:00
Maria Matejka
efd7c87b5b Filter: further split of print & die to FI_PRINT, FI_FLUSH and FI_DIE 2019-07-15 15:46:36 +02:00
Maria Matejka
3782454e8d Filter: Simpler filter context allocation 2019-07-15 15:46:36 +02:00
Maria Matejka
f634adc7dc Filter: FID_MEMBER debug string is a C constant string 2019-07-15 15:17:04 +02:00
Maria Matejka
c0999a149c Filter: Converted FI_PRINT and FI_PATHMASK_CONSTRUCT to VARARG 2019-07-15 15:12:18 +02:00
Maria Matejka
c29d73a06a Filter: fixed excessive stack allocation in functions with args but no local vars 2019-07-15 15:06:52 +02:00