Age | Commit message (Collapse) | Author | Files | Lines |
|
Type: fix
When a VR is added, multicast accept routes are added which allow
inbound packets sent to the VRRP group address on the interface of the
VR so advertisements from peers can be received. If this is the first
VR added, also add a local forward route for the VRRP group address so
the packets will be processed by the VRRP input nodes.
When deciding whether to add/delete the local forward route, the total
number of VRs configured was being checked. If there are no VRs
configured initially and a VR is added for IPv4, this check would
correctly see that this was the first VR and add an IPv4 route. If an
IPv6 VR was configured subsequently, this check would find that a VR
was already configured and incorrectly decide that no route needed to
be added and IPv6 VRRP advertisements from peers would be dropped
as a result. The opposite would occur if you first added an IPv6 VR
followed by adding an IPv4 VR - whichever address family was added
first would work correctly and the other one would not work.
Since a route is needed for each address family, check on the per
address family count of VRs when deciding whether to add/delete the
local forward route instead of checking on the global count of VRs.
Change-Id: I851a7ef8a4f9e4e370d08b0832284a13387eb083
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Type: fix
The ARP/ND feature nodes reply to requests for a VR virtual IP address
when a VR is in the master state. If the VR is in the backup state, the
request is passed to the next node on the feature arc.
This can cause an incorrect response to be sent. If some other feature
(e.g. NAT) causes a virtual IP address to be configured as a "local"
address on the system, a later node on the feature arc may respond to
an ARP/ND request with the real MAC address of the interface.
RFC 5798 says that a router must respond to ARP/ND requests for VR
virtual IP addresses with the VR virtual MAC address. And it says a
router must not respond to ARP/ND requests for VR virtual IP addresses
when the VR is in the backup state. Ensure that ARP/ND requests for
VR virtual IP addresses are dropped when in the backup state rather
than allowing them to continue on the feature arc where another node
may end up responding.
In order to do this, enable/disable the feature nodes when leaving
or entering the init state instead of the master state.
Change-Id: I416f83e125cbf91deb90c3b6eb00ba3207de24ad
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Type: fix
A struct that is used as a hash key was being initialized in its
declaration. On CentOS 8 this caused some hash lookups to fail.
This seems to be caused by uninitialized padding.
Use clib_memset() to initialize the key with 0's to avoid the issue.
Change-Id: I00555c201a1ab34133971313ba14f20f4e867a30
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Type: fix
The v6 accept mode input feature was being declared with
the node added to ip4-multicast instead of ip6-multicast. Add to
the correct arc.
Change-Id: I08f6e5e7dde84a37687fa0af750a7a16fe537ea6
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Type: fix
When accept mode is enabled, a backup VR will configure the VR virtual
addresses locally and respond to packets sent to those addresses. This
did not work when the primary VR is the address owner and sends
advertisements using the virtual address as the source address. It
also did not work when NAT was configured on the interface with the
virtual address as the NAT pool address. In both cases, advertisements
from other VRs would arrive and be dropped because they appeared to
be spoofed - the source address would be an address that is
configured as an interface address on the instance receiving it.
When accept mode is enabled for a VR and the VR enters the master state,
add an input feature on ip[46]-multicast for the interface which looks
for VRRP advertisements, figures out whether they are for a VR which
is configured with accept mode and is in the master state and kicks
them straight to the VRRP nodes to avoid dropping them.
Change-Id: I240ba1ee0b3fd6d693de729698c1181dc71bb08b
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Fix of the top 11 python issues flagged as BLOCKER.
Ticket: VPP-1856
Type: fix
Change-Id: Icf4691e62f4a69d6ee196b6d6e2ab52d961b5c76
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
Type: fix
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
Change-Id: I8074db3623ee4b37ac70ce8ea0d1912b97e5c059
|
|
Type: fix
Fixes: 39e9428b90
VRRP unit tests fail sometimes for changes which have not touched any
code related to VRRP. There were some timing-related changes recently
which probably made the VRRP tests, which rely on a VR changing state
within a certain amount of time, start failing.
Set the VRRP tests to only run with the extended tests rather than
running by default. This is temporary so VRRP will not cause spurious
build failures while a proper solution is figured out.
Change-Id: I5826ea39b944dfb9b0ca4bdfa2ebbe86d269f935
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Type: fix
Ticket: VPP-1837
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I13c0e4771defaebccc976a6f6703493de29434dd
|
|
Type: fix
Fixes: 39e9428b90
Fix warnings about potential problems with an implicit type cast
and a null pointer dereference.
Change-Id: I8c8d220e79ba45b62ba783cfe53cb49eef175fc8
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Without this, _details_reply messages also end up defined;
which is not intended, as there are no _details_t_handler functions.
Type: fix
Fixes: 39e9428b90bc74d1bb15fc17759c8ef6ad712418
Change-Id: Id052b00b00623ca92e5ddce4cc5e1bdfbb1031db
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
Type: fix
Ticket: VPP-1837
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I0d164147173b452fee7e720e01e6a9991f43b64a
|
|
Type: feature
Add a new plugin to support HA using VRRPv3 (RFC 5798).
Change-Id: Iaa2c37e6172f8f41e9165f178f44d481f6e247b9
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|