aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins/vrrp
AgeCommit message (Collapse)AuthorFilesLines
2020-09-21vrrp: set up multicast for both address familiesMatthew Smith1-2/+14
Type: fix When a VR is added, multicast accept routes are added which allow inbound packets sent to the VRRP group address on the interface of the VR so advertisements from peers can be received. If this is the first VR added, also add a local forward route for the VRRP group address so the packets will be processed by the VRRP input nodes. When deciding whether to add/delete the local forward route, the total number of VRs configured was being checked. If there are no VRs configured initially and a VR is added for IPv4, this check would correctly see that this was the first VR and add an IPv4 route. If an IPv6 VR was configured subsequently, this check would find that a VR was already configured and incorrectly decide that no route needed to be added and IPv6 VRRP advertisements from peers would be dropped as a result. The opposite would occur if you first added an IPv6 VR followed by adding an IPv4 VR - whichever address family was added first would work correctly and the other one would not work. Since a route is needed for each address family, check on the per address family count of VRs when deciding whether to add/delete the local forward route instead of checking on the global count of VRs. Change-Id: I851a7ef8a4f9e4e370d08b0832284a13387eb083 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2020-09-04vrrp: improve RFC compliance for ARP/NDMatthew Smith2-38/+48
Type: fix The ARP/ND feature nodes reply to requests for a VR virtual IP address when a VR is in the master state. If the VR is in the backup state, the request is passed to the next node on the feature arc. This can cause an incorrect response to be sent. If some other feature (e.g. NAT) causes a virtual IP address to be configured as a "local" address on the system, a later node on the feature arc may respond to an ARP/ND request with the real MAC address of the interface. RFC 5798 says that a router must respond to ARP/ND requests for VR virtual IP addresses with the VR virtual MAC address. And it says a router must not respond to ARP/ND requests for VR virtual IP addresses when the VR is in the backup state. Ensure that ARP/ND requests for VR virtual IP addresses are dropped when in the backup state rather than allowing them to continue on the feature arc where another node may end up responding. In order to do this, enable/disable the feature nodes when leaving or entering the init state instead of the master state. Change-Id: I416f83e125cbf91deb90c3b6eb00ba3207de24ad Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2020-08-07vrrp: change init of vrrp key in VR lookupMatthew Smith1-5/+7
Type: fix A struct that is used as a hash key was being initialized in its declaration. On CentOS 8 this caused some hash lookups to fail. This seems to be caused by uninitialized padding. Use clib_memset() to initialize the key with 0's to avoid the issue. Change-Id: I00555c201a1ab34133971313ba14f20f4e867a30 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2020-07-02vrrp: fix feature declaration for v6 accept-modeMatthew Smith1-1/+1
Type: fix The v6 accept mode input feature was being declared with the node added to ip4-multicast instead of ip6-multicast. Add to the correct arc. Change-Id: I08f6e5e7dde84a37687fa0af750a7a16fe537ea6 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2020-06-27vrrp: backup processes priority 255 advertisementMatthew Smith2-1/+381
Type: fix When accept mode is enabled, a backup VR will configure the VR virtual addresses locally and respond to packets sent to those addresses. This did not work when the primary VR is the address owner and sends advertisements using the virtual address as the source address. It also did not work when NAT was configured on the interface with the virtual address as the NAT pool address. In both cases, advertisements from other VRs would arrive and be dropped because they appeared to be spoofed - the source address would be an address that is configured as an interface address on the instance receiving it. When accept mode is enabled for a VR and the VR enters the master state, add an input feature on ip[46]-multicast for the interface which looks for VRRP advertisements, figures out whether they are for a VR which is configured with accept mode and is in the master state and kicks them straight to the VRRP nodes to avoid dropping them. Change-Id: I240ba1ee0b3fd6d693de729698c1181dc71bb08b Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2020-04-06misc: fix python sonarcloud BLOCKER level issuesPaul Vinciguerra1-4/+5
Fix of the top 11 python issues flagged as BLOCKER. Ticket: VPP-1856 Type: fix Change-Id: Icf4691e62f4a69d6ee196b6d6e2ab52d961b5c76 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2020-04-03ip: remove vl_api_address_family_t byte order swapJakub Grajciar1-4/+4
Type: fix Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com> Change-Id: I8074db3623ee4b37ac70ce8ea0d1912b97e5c059
2020-03-12vrrp: unit tests do not run by defaultMatthew Smith1-1/+3
Type: fix Fixes: 39e9428b90 VRRP unit tests fail sometimes for changes which have not touched any code related to VRRP. There were some timing-related changes recently which probably made the VRRP tests, which rely on a VR changing state within a certain amount of time, start failing. Set the VRRP tests to only run with the extended tests rather than running by default. This is temporary so VRRP will not cause spurious build failures while a proper solution is figured out. Change-Id: I5826ea39b944dfb9b0ca4bdfa2ebbe86d269f935 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2020-02-28vrrp: fix api-related coverity warningsDave Barach2-1/+11
Type: fix Ticket: VPP-1837 Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I13c0e4771defaebccc976a6f6703493de29434dd
2020-02-21vrrp: fix coverity errorsMatthew Smith2-1/+12
Type: fix Fixes: 39e9428b90 Fix warnings about potential problems with an implicit type cast and a null pointer dereference. Change-Id: I8c8d220e79ba45b62ba783cfe53cb49eef175fc8 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2020-02-18vrrp: do not define _details as autoreplyVratko Polak1-4/+3
Without this, _details_reply messages also end up defined; which is not intended, as there are no _details_t_handler functions. Type: fix Fixes: 39e9428b90bc74d1bb15fc17759c8ef6ad712418 Change-Id: Id052b00b00623ca92e5ddce4cc5e1bdfbb1031db Signed-off-by: Vratko Polak <vrpolak@cisco.com>
2020-02-14vrrp dns: fix coverity warningsDave Barach2-1/+8
Type: fix Ticket: VPP-1837 Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I0d164147173b452fee7e720e01e6a9991f43b64a
2020-02-13vrrp: add plugin providing vrrp supportMatthew Smith17-0/+6872
Type: feature Add a new plugin to support HA using VRRPv3 (RFC 5798). Change-Id: Iaa2c37e6172f8f41e9165f178f44d481f6e247b9 Signed-off-by: Matthew Smith <mgsmith@netgate.com>