On Thu, Feb 07, 2019 at 11:41:39AM +0100, Claudio Jeker wrote:
> At a2k19 David (dlg@) and I sat down and looked at BGP L3 MPLS VPN
> support. Now David wants to use this in production and realized that
> in his case it would be great to have more than one mpe(4) interface per
> rdomain. This way it is possible to write good firewall rules using
> interface names or groups.
>
> The definition of VPNs in bgpd was never super elegant. The 'depend on
> mpeX' config was a bit redundant and so after some discussions we decided
> to rework this part.
>
> L3 MPLS VPN are now configured like this:
>
> vpn "staff" on mpe1 {
> rd $ASN:1
> import-target rt $ASN:100
> export-target rt $ASN:101
> network 0/0
> }
>
> vpn "users" on mpe2 {
> rd $ASN:2
> import-target rt $ASN:200
> export-target rt $ASN:201
> network 0/0
> }
>
> Now in this example mpe1 and mpe2 can be in the same rdomain. The rdomain
> is now selected based on the rdomain of the mpe(4) interface. There are
> probably still some gotchas around this which can be tackled in a 2nd
> round.
>
> This diff does a lot of shuffling of code and especially affect network
> statements (since those are now per VPN and no longer per rdomain).
> The rewrite of the network code fixed also some other behaviour bugs which
> do not only affect VPN setups. In short conficts between 'network A.B.C.D/N'
> and 'network static' are now properly handled (with 'network A.B.C.D/N'
> having preference).
>
> Since this is a major change please test (or suffer later).
Reads good, works fine.
OK denis@
While testing, I noticed that import-target/export-target are not updated on
reload (problem not introduced by this diff though)
> --
> :wq Claudio
>
> Index: usr.sbin/bgpctl/bgpctl.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/bgpctl/bgpctl.c,v
> retrieving revision 1.228
> diff -u -p -r1.228 bgpctl.c
> --- usr.sbin/bgpctl/bgpctl.c 20 Jan 2019 23:30:15 -0000 1.228
> +++ usr.sbin/bgpctl/bgpctl.c 7 Feb 2019 10:11:19 -0000
> @@ -346,7 +346,7 @@ main(int argc, char *argv[])
> bzero(&net, sizeof(net));
> net.prefix = res->addr;
> net.prefixlen = res->prefixlen;
> - net.rtableid = tableid;
> + net.rd = res->rd;
> /* attribute sets are not supported */
> if (res->action == NETWORK_ADD) {
> imsg_compose(ibuf, IMSG_NETWORK_ADD, 0, 0, -1,
> @@ -927,7 +927,7 @@ show_fib_head(void)
> printf("flags: "
> "* = valid, B = BGP, C = Connected, S = Static, D = Dynamic\n");
> printf(" "
> - "N = BGP Nexthop reachable via this route R = redistributed\n");
> + "N = BGP Nexthop reachable via this route\n");
> printf(" r = reject route, b = blackhole route\n\n");
> printf("flags prio destination gateway\n");
> }
> @@ -969,11 +969,6 @@ show_fib_flags(u_int16_t flags)
> else
> printf(" ");
>
> - if (flags & F_REDISTRIBUTED)
> - printf("R");
> - else
> - printf(" ");
> -
> if (flags & F_REJECT && flags & F_BLACKHOLE)
> printf("f");
> else if (flags & F_REJECT)
> @@ -1983,7 +1978,7 @@ network_bulk(struct parse_result *res)
> errx(1, "bad prefix: %s", b);
> net.prefix = h;
> net.prefixlen = len;
> - net.rtableid = tableid;
> + net.rd = res->rd;
>
> if (res->action == NETWORK_BULK_ADD) {
> imsg_compose(ibuf, IMSG_NETWORK_ADD,
> @@ -2128,7 +2123,7 @@ network_mrt_dump(struct mrt_rib *mr, str
> net.prefix = ctl.prefix;
> net.prefixlen = ctl.prefixlen;
> net.type = NETWORK_MRTCLONE;
> - /* XXX rtableid */
> + /* XXX rd can't be set and will be 0 */
>
> imsg_compose(ibuf, IMSG_NETWORK_ADD, 0, 0, -1,
> &net, sizeof(net));
> Index: usr.sbin/bgpctl/parser.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/bgpctl/parser.c,v
> retrieving revision 1.89
> diff -u -p -r1.89 parser.c
> --- usr.sbin/bgpctl/parser.c 20 Jan 2019 23:30:15 -0000 1.89
> +++ usr.sbin/bgpctl/parser.c 7 Feb 2019 10:11:19 -0000
> @@ -58,6 +58,7 @@ enum token_type {
> PREPNBR,
> PREPSELF,
> WEIGHT,
> + RD,
> FAMILY,
> GETOPT,
> RTABLE,
> @@ -374,6 +375,11 @@ static const struct token t_network_show
> { ENDTOKEN, "", NONE, NULL}
> };
>
> +static const struct token t_rd[] = {
> + { RD, "", NONE, t_set},
> + { ENDTOKEN, "", NONE, NULL}
> +};
> +
> static const struct token t_set[] = {
> { NOTOKEN, "", NONE, NULL},
> { KEYWORD, "community", NONE, t_community},
> @@ -386,6 +392,7 @@ static const struct token t_set[] = {
> { KEYWORD, "pftable", NONE, t_pftable},
> { KEYWORD, "prepend-neighbor", NONE, t_prepnbr},
> { KEYWORD, "prepend-self", NONE, t_prepself},
> + { KEYWORD, "rd", NONE, t_rd},
> { KEYWORD, "weight", NONE, t_weight},
> { KEYWORD, "add", NETWORK_BULK_ADD, NULL},
> { KEYWORD, "delete", NETWORK_BULK_REMOVE, NULL},
> @@ -493,18 +500,14 @@ static struct parse_result res;
> const struct token *match_token(int *argc, char **argv[],
> const struct token []);
> void show_valid_args(const struct token []);
> -int parse_addr(const char *, struct bgpd_addr *);
> -int parse_asnum(const char *, size_t, u_int32_t *);
> -int parse_number(const char *, struct parse_result *,
> - enum token_type);
> -int parse_community(const char *, struct parse_result *);
> -int parsesubtype(const char *, u_int8_t *, u_int8_t *);
> -int parseextvalue(const char *, u_int32_t *);
> -u_int parseextcommunity(const char *, struct
> parse_result *);
> -int parse_largecommunity(const char *,
> - struct parse_result *);
> -int parse_nexthop(const char *, struct parse_result *);
> -int bgpctl_getopt(int *, char **[], int);
> +
> +int parse_addr(const char *, struct bgpd_addr *);
> +int parse_asnum(const char *, size_t, u_int32_t *);
> +int parse_number(const char *, struct parse_result *, enum token_type);
> +void parsecommunity(struct filter_community *c, int type, char *s);
> +int parseextcommunity(struct filter_community *c, const char *t, char *s);
> +int parse_nexthop(const char *, struct parse_result *);
> +int bgpctl_getopt(int *, char **[], int);
>
> struct parse_result *
> parse(int argc, char *argv[])
> @@ -675,8 +678,25 @@ match_token(int *argc, char **argv[], co
> }
> break;
> case COMMUNITY:
> - if (word != NULL && wordlen > 0 &&
> - parse_community(word, &res)) {
> + case LARGE_COMMUNITY:
> + if (word != NULL && wordlen > 0) {
> + int type = COMMUNITY_TYPE_BASIC;
> + char *p = strdup(word);
> +
> + if (p == NULL)
> + err(1, NULL);
> + if (table[i].type == LARGE_COMMUNITY)
> + type = COMMUNITY_TYPE_LARGE;
> + parsecommunity(&res.community,
> + COMMUNITY_TYPE_BASIC, p);
> + free(p);
> +
> + if ((fs = calloc(1, sizeof(*fs))) == NULL)
> + err(1, NULL);
> + fs->type = ACTION_SET_COMMUNITY;
> + fs->action.community = res.community;
> + TAILQ_INSERT_TAIL(&res.set, fs, entry);
> +
> match++;
> t = &table[i];
> }
> @@ -684,24 +704,62 @@ match_token(int *argc, char **argv[], co
> case EXTCOM_SUBTYPE:
> if (word != NULL && strncmp(word, table[i].keyword,
> wordlen) == 0) {
> - if (parsesubtype(word, &res.community.c.e.type,
> - &res.community.c.e.subtype) == 0)
> - errx(1, "Bad ext-community unknown "
> - "type");
> + res.ext_comm_subtype = table[i].keyword;
> match++;
> t = &table[i];
> }
> break;
> case EXTCOMMUNITY:
> - if (word != NULL && wordlen > 0 &&
> - parseextcommunity(word, &res)) {
> + if (word != NULL && wordlen > 0) {
> + char *p = strdup(word);
> +
> + if (p == NULL)
> + err(1, NULL);
> + parseextcommunity(&res.community,
> + res.ext_comm_subtype, p);
> + free(p);
> +
> + if ((fs = calloc(1, sizeof(*fs))) == NULL)
> + err(1, NULL);
> + fs->type = ACTION_SET_COMMUNITY;
> + fs->action.community = res.community;
> + TAILQ_INSERT_TAIL(&res.set, fs, entry);
> +
> match++;
> t = &table[i];
> }
> break;
> - case LARGE_COMMUNITY:
> - if (word != NULL && wordlen > 0 &&
> - parse_largecommunity(word, &res)) {
> + case RD:
> + if (word != NULL && wordlen > 0) {
> + char *p = strdup(word);
> + struct filter_community ext;
> + u_int64_t rd;
> +
> + if (p == NULL)
> + err(1, NULL);
> + parseextcommunity(&ext, "rt", p);
> + free(p);
> +
> + switch (ext.c.e.type) {
> + case EXT_COMMUNITY_TRANS_TWO_AS:
> + rd = (0ULL << 48);
> + rd |= (u_int64_t)ext.c.e.data1 << 32;
> + rd |= ext.c.e.data2 & 0xffffffff;
> + break;
> + case EXT_COMMUNITY_TRANS_IPV4:
> + rd = (1ULL << 48);
> + rd |= (u_int64_t)ext.c.e.data1 << 16;
> + rd |= ext.c.e.data2 & 0xffff;
> + break;
> + case EXT_COMMUNITY_TRANS_FOUR_AS:
> + rd = (2ULL << 48);
> + rd |= (u_int64_t)ext.c.e.data1 << 16;
> + rd |= ext.c.e.data2 & 0xffff;
> + break;
> + default:
> + errx(1, "bad encoding of rd");
> + }
> + res.rd = htobe64(rd);
> match++;
> t = &table[i];
> }
> @@ -823,11 +881,14 @@ show_valid_args(const struct token table
> case COMMUNITY:
> fprintf(stderr, " <community>\n");
> break;
> + case LARGE_COMMUNITY:
> + fprintf(stderr, " <large-community>\n");
> + break;
> case EXTCOMMUNITY:
> fprintf(stderr, " <extended-community>\n");
> break;
> - case LARGE_COMMUNITY:
> - fprintf(stderr, " <large-community>\n");
> + case RD:
> + fprintf(stderr, " <route-distinguisher>\n");
> break;
> case LOCALPREF:
> case MED:
> @@ -1035,95 +1096,118 @@ parse_number(const char *word, struct pa
> return (1);
> }
>
> -static u_int32_t
> -getcommunity(const char *s, int large, u_int8_t *flag)
> +static void
> +getcommunity(char *s, int large, u_int32_t *val, u_int8_t *flag)
> {
> int64_t max = USHRT_MAX;
> const char *errstr;
> - u_int32_t uval;
>
> + *flag = 0;
> + *val = 0;
> if (strcmp(s, "*") == 0) {
> *flag = COMMUNITY_ANY;
> - return (0);
> + return;
> + } else if (strcmp(s, "neighbor-as") == 0) {
> + *flag = COMMUNITY_NEIGHBOR_AS;
> + return;
> + } else if (strcmp(s, "local-as") == 0) {
> + *flag = COMMUNITY_LOCAL_AS;
> + return;
> }
> -
> if (large)
> max = UINT_MAX;
> -
> - uval = strtonum(s, 0, max, &errstr);
> + *val = strtonum(s, 0, max, &errstr);
> if (errstr)
> - errx(1, "Community is %s: %s", errstr, s);
> -
> - *flag = 0;
> - return (uval);
> + errx(1, "Community %s is %s (max: %llu)", s, errstr, max);
> }
>
> -int
> -parse_community(const char *word, struct parse_result *r)
> +static void
> +setcommunity(struct filter_community *c, u_int32_t as, u_int32_t data,
> + u_int8_t asflag, u_int8_t dataflag)
> {
> - struct filter_set *fs;
> - char *p;
> - u_int32_t as, type;
> - u_int8_t asflag, tflag;
> + memset(c, 0, sizeof(*c));
> + c->type = COMMUNITY_TYPE_BASIC;
> + c->dflag1 = asflag;
> + c->dflag2 = dataflag;
> + c->c.b.data1 = as;
> + c->c.b.data2 = data;
> +}
>
> - /* Well-known communities */
> - if (strcasecmp(word, "GRACEFUL_SHUTDOWN") == 0) {
> - as = COMMUNITY_WELLKNOWN;
> - type = COMMUNITY_GRACEFUL_SHUTDOWN;
> - goto done;
> - } else if (strcasecmp(word, "NO_EXPORT") == 0) {
> - as = COMMUNITY_WELLKNOWN;
> - type = COMMUNITY_NO_EXPORT;
> - goto done;
> - } else if (strcasecmp(word, "NO_ADVERTISE") == 0) {
> - as = COMMUNITY_WELLKNOWN;
> - type = COMMUNITY_NO_ADVERTISE;
> - goto done;
> - } else if (strcasecmp(word, "NO_EXPORT_SUBCONFED") == 0) {
> - as = COMMUNITY_WELLKNOWN;
> - type = COMMUNITY_NO_EXPSUBCONFED;
> - goto done;
> - } else if (strcasecmp(word, "NO_PEER") == 0) {
> - as = COMMUNITY_WELLKNOWN;
> - type = COMMUNITY_NO_PEER;
> - goto done;
> - } else if (strcasecmp(word, "BLACKHOLE") == 0) {
> - as = COMMUNITY_WELLKNOWN;
> - type = COMMUNITY_BLACKHOLE;
> - goto done;
> - }
> +static void
> +parselargecommunity(struct filter_community *c, char *s)
> +{
> + char *p, *q;
>
> - if ((p = strchr(word, ':')) == NULL) {
> - fprintf(stderr, "Bad community syntax\n");
> - return (0);
> - }
> + if ((p = strchr(s, ':')) == NULL)
> + errx(1, "Bad community syntax");
> *p++ = 0;
>
> - as = getcommunity(word, 0, &asflag);
> - type = getcommunity(p, 0, &tflag);
> + if ((q = strchr(p, ':')) == NULL)
> + errx(1, "Bad community syntax");
> + *q++ = 0;
> +
> + getcommunity(s, 1, &c->c.l.data1, &c->dflag1);
> + getcommunity(p, 1, &c->c.l.data2, &c->dflag2);
> + getcommunity(q, 1, &c->c.l.data3, &c->dflag3);
>
> -done:
> - if ((fs = calloc(1, sizeof(struct filter_set))) == NULL)
> - err(1, NULL);
> - fs->type = ACTION_SET_COMMUNITY;
> - fs->action.community.type = COMMUNITY_TYPE_BASIC;
> - fs->action.community.c.b.data1 = as;
> - fs->action.community.c.b.data2 = type;
> - fs->action.community.dflag1 = asflag;
> - fs->action.community.dflag2 = tflag;
> + c->type = COMMUNITY_TYPE_LARGE;
> +}
>
> - r->community = fs->action.community;
> +void
> +parsecommunity(struct filter_community *c, int type, char *s)
> +{
> + char *p;
> + u_int32_t as, data;
> + u_int8_t asflag, dataflag;
> +
> + if (type == COMMUNITY_TYPE_LARGE) {
> + parselargecommunity(c, s);
> + return;
> + }
>
> - TAILQ_INSERT_TAIL(&r->set, fs, entry);
> - return (1);
> + /* Well-known communities */
> + if (strcasecmp(s, "GRACEFUL_SHUTDOWN") == 0) {
> + setcommunity(c, COMMUNITY_WELLKNOWN,
> + COMMUNITY_GRACEFUL_SHUTDOWN, 0, 0);
> + return;
> + } else if (strcasecmp(s, "NO_EXPORT") == 0) {
> + setcommunity(c, COMMUNITY_WELLKNOWN,
> + COMMUNITY_NO_EXPORT, 0, 0);
> + return;
> + } else if (strcasecmp(s, "NO_ADVERTISE") == 0) {
> + setcommunity(c, COMMUNITY_WELLKNOWN,
> + COMMUNITY_NO_ADVERTISE, 0, 0);
> + return;
> + } else if (strcasecmp(s, "NO_EXPORT_SUBCONFED") == 0) {
> + setcommunity(c, COMMUNITY_WELLKNOWN,
> + COMMUNITY_NO_EXPSUBCONFED, 0, 0);
> + return;
> + } else if (strcasecmp(s, "NO_PEER") == 0) {
> + setcommunity(c, COMMUNITY_WELLKNOWN,
> + COMMUNITY_NO_PEER, 0, 0);
> + return;
> + } else if (strcasecmp(s, "BLACKHOLE") == 0) {
> + setcommunity(c, COMMUNITY_WELLKNOWN,
> + COMMUNITY_BLACKHOLE, 0, 0);
> + return;
> + }
> +
> + if ((p = strchr(s, ':')) == NULL)
> + errx(1, "Bad community syntax");
> + *p++ = 0;
> +
> + getcommunity(s, 0, &as, &asflag);
> + getcommunity(p, 0, &data, &dataflag);
> + setcommunity(c, as, data, asflag, dataflag);
> }
>
> -int
> -parsesubtype(const char *name, u_int8_t *type, u_int8_t *subtype)
> +static int
> +parsesubtype(const char *name, int *type, int *subtype)
> {
> const struct ext_comm_pairs *cp;
> int found = 0;
>
> +printf("%s: looking for %s\n", __func__, name);
> for (cp = iana_ext_comms; cp->subname != NULL; cp++) {
> if (strcmp(name, cp->subname) == 0) {
> if (found == 0) {
> @@ -1138,79 +1222,89 @@ parsesubtype(const char *name, u_int8_t
> return (found);
> }
>
> -int
> -parseextvalue(const char *s, u_int32_t *v)
> +static int
> +parseextvalue(int type, char *s, u_int32_t *v)
> {
> - const char *errstr;
> + const char *errstr;
> char *p;
> struct in_addr ip;
> - u_int32_t uvalh = 0, uval;
> + u_int32_t uvalh, uval;
>
> - if ((p = strchr(s, '.')) == NULL) {
> + if (type != -1) {
> + /* nothing */
> + } else if ((p = strchr(s, '.')) == NULL) {
> /* AS_PLAIN number (4 or 2 byte) */
> - uval = strtonum(s, 0, UINT_MAX, &errstr);
> - if (errstr) {
> - fprintf(stderr, "Bad ext-community: %s is %s\n", s,
> - errstr);
> - return (-1);
> - }
> - *v = uval;
> - if (uval <= USHRT_MAX)
> - return (EXT_COMMUNITY_TRANS_TWO_AS);
> + strtonum(s, 0, USHRT_MAX, &errstr);
> + if (errstr == NULL)
> + type = EXT_COMMUNITY_TRANS_TWO_AS;
> else
> - return (EXT_COMMUNITY_TRANS_FOUR_AS);
> + type = EXT_COMMUNITY_TRANS_FOUR_AS;
> } else if (strchr(p + 1, '.') == NULL) {
> /* AS_DOT number (4-byte) */
> + type = EXT_COMMUNITY_TRANS_FOUR_AS;
> + } else {
> + /* more than one dot -> IP address */
> + type = EXT_COMMUNITY_TRANS_IPV4;
> + }
> +
> + switch (type) {
> + case EXT_COMMUNITY_TRANS_TWO_AS:
> + uval = strtonum(s, 0, USHRT_MAX, &errstr);
> + if (errstr)
> + errx(1, "Bad ext-community %s is %s", s, errstr);
> + *v = uval;
> + break;
> + case EXT_COMMUNITY_TRANS_FOUR_AS:
> + if ((p = strchr(s, '.')) == NULL) {
> + uval = strtonum(s, 0, UINT_MAX, &errstr);
> + if (errstr)
> + errx(1, "Bad ext-community %s is %s", s,
> + errstr);
> + *v = uval;
> + break;
> + }
> *p++ = '\0';
> uvalh = strtonum(s, 0, USHRT_MAX, &errstr);
> - if (errstr) {
> - fprintf(stderr, "Bad ext-community: %s is %s\n", s,
> - errstr);
> - return (-1);
> - }
> + if (errstr)
> + errx(1, "Bad ext-community %s is %s", s, errstr);
> uval = strtonum(p, 0, USHRT_MAX, &errstr);
> - if (errstr) {
> - fprintf(stderr, "Bad ext-community: %s is %s\n", p,
> - errstr);
> - return (-1);
> - }
> + if (errstr)
> + errx(1, "Bad ext-community %s is %s", p, errstr);
> *v = uval | (uvalh << 16);
> - return (EXT_COMMUNITY_TRANS_FOUR_AS);
> - } else {
> - /* more than one dot -> IP address */
> - if (inet_aton(s, &ip) == 0) {
> - fprintf(stderr, "Bad ext-community: %s not parseable\n",
> - s);
> - return (-1);
> - }
> + break;
> + case EXT_COMMUNITY_TRANS_IPV4:
> + if (inet_aton(s, &ip) == 0)
> + errx(1, "Bad ext-community %s not parseable", s);
> *v = ntohl(ip.s_addr);
> - return (EXT_COMMUNITY_TRANS_IPV4);
> + break;
> + default:
> + errx(1, "%s: unexpected type %d", __func__, type);
> }
> - return (-1);
> + return (type);
> }
>
> -u_int
> -parseextcommunity(const char *word, struct parse_result *r)
> +int
> +parseextcommunity(struct filter_community *c, const char *t, char *s)
> {
> - struct filter_set *fs;
> - const struct ext_comm_pairs *cp;
> - const char *errstr;
> - u_int64_t ullval;
> - u_int32_t uval;
> - char *p, *ep;
> - int type;
> + const struct ext_comm_pairs *cp;
> + const char *errstr;
> + u_int64_t ullval;
> + u_int32_t uval;
> + char *p, *ep;
> + int type, subtype;
>
> - type = r->community.c.e.type;
> + if (parsesubtype(t, &type, &subtype) == 0)
> + errx(1, "Bad ext-community unknown type");
>
> switch (type) {
> - case 0xff:
> - if ((p = strchr(word, ':')) == NULL) {
> - fprintf(stderr, "Bad ext-community: %s\n", word);
> - return (0);
> - }
> + case EXT_COMMUNITY_TRANS_TWO_AS:
> + case EXT_COMMUNITY_TRANS_FOUR_AS:
> + case EXT_COMMUNITY_TRANS_IPV4:
> + case -1:
> + if ((p = strchr(s, ':')) == NULL)
> + errx(1, "Bad ext-community %s", s);
> *p++ = '\0';
> - if ((type = parseextvalue(word, &uval)) == -1)
> - return (0);
> + type = parseextvalue(type, s, &uval);
> switch (type) {
> case EXT_COMMUNITY_TRANS_TWO_AS:
> ullval = strtonum(p, 0, UINT_MAX, &errstr);
> @@ -1220,118 +1314,46 @@ parseextcommunity(const char *word, stru
> ullval = strtonum(p, 0, USHRT_MAX, &errstr);
> break;
> default:
> - fprintf(stderr, "parseextcommunity: unexpected "
> - "result\n");
> - return (0);
> - }
> - if (errstr) {
> - fprintf(stderr, "Bad ext-community: %s is %s\n", p,
> - errstr);
> - return (0);
> - }
> - switch (type) {
> - case EXT_COMMUNITY_TRANS_TWO_AS:
> - r->community.c.e.data1 = uval;
> - r->community.c.e.data2 = ullval;
> - break;
> - case EXT_COMMUNITY_TRANS_IPV4:
> - case EXT_COMMUNITY_TRANS_FOUR_AS:
> - r->community.c.e.data1 = uval;
> - r->community.c.e.data2 = ullval;
> - break;
> + errx(1, "parseextcommunity: unexpected result");
> }
> + if (errstr)
> + errx(1, "Bad ext-community %s is %s", p, errstr);
> + c->c.e.data1 = uval;
> + c->c.e.data2 = ullval;
> break;
> case EXT_COMMUNITY_TRANS_OPAQUE:
> case EXT_COMMUNITY_TRANS_EVPN:
> errno = 0;
> - ullval = strtoull(word, &ep, 0);
> - if (word[0] == '\0' || *ep != '\0') {
> - fprintf(stderr, "Bad ext-community: bad value\n");
> - return (0);
> - }
> - if (errno == ERANGE && ullval > EXT_COMMUNITY_OPAQUE_MAX) {
> - fprintf(stderr, "Bad ext-community: too big\n");
> - return (0);
> - }
> - r->community.c.e.data2 = ullval;
> + ullval = strtoull(s, &ep, 0);
> + if (s[0] == '\0' || *ep != '\0')
> + errx(1, "Bad ext-community bad value");
> + if (errno == ERANGE && ullval > EXT_COMMUNITY_OPAQUE_MAX)
> + errx(1, "Bad ext-community value too big");
> + c->c.e.data2 = ullval;
> break;
> case EXT_COMMUNITY_NON_TRANS_OPAQUE:
> - if (strcmp(word, "valid") == 0)
> - r->community.c.e.data2 = EXT_COMMUNITY_OVS_VALID;
> - else if (strcmp(word, "invalid") == 0)
> - r->community.c.e.data2 = EXT_COMMUNITY_OVS_INVALID;
> - else if (strcmp(word, "not-found") == 0)
> - r->community.c.e.data2 = EXT_COMMUNITY_OVS_NOTFOUND;
> - else {
> - fprintf(stderr, "Bad ext-community value: %s\n", word);
> - return (0);
> - }
> + if (strcmp(s, "valid") == 0)
> + c->c.e.data2 = EXT_COMMUNITY_OVS_VALID;
> + else if (strcmp(s, "invalid") == 0)
> + c->c.e.data2 = EXT_COMMUNITY_OVS_INVALID;
> + else if (strcmp(s, "not-found") == 0)
> + c->c.e.data2 = EXT_COMMUNITY_OVS_NOTFOUND;
> + else
> + errx(1, "Bad ext-community %s", s);
> break;
> }
> - r->community.c.e.type = type;
> + c->c.e.type = type;
> + c->c.e.subtype = subtype;
>
> /* verify type/subtype combo */
> for (cp = iana_ext_comms; cp->subname != NULL; cp++) {
> - if (cp->type == r->community.c.e.type &&
> - cp->subtype == r->community.c.e.subtype) {
> - r->community.type = COMMUNITY_TYPE_EXT;;
> - if ((fs = calloc(1, sizeof(struct filter_set))) == NULL)
> - err(1, NULL);
> -
> - fs->type = ACTION_SET_COMMUNITY;
> - memcpy(&fs->action.community, &r->community,
> - sizeof(struct filter_community));
> -
> - TAILQ_INSERT_TAIL(&r->set, fs, entry);
> - return (1);
> + if (cp->type == type && cp->subtype == subtype) {
> + c->type = COMMUNITY_TYPE_EXT;
> + return (0);
> }
> }
>
> - fprintf(stderr, "Bad ext-community: bad format for type\n");
> - return (0);
> -}
> -
> -int
> -parse_largecommunity(const char *word, struct parse_result *r)
> -{
> - struct filter_set *fs;
> - char *p, *po = strdup(word);
> - char *array[3] = { NULL, NULL, NULL };
> - char *val;
> - u_int32_t as, ld1, ld2;
> - u_int8_t asflag, ld1flag, ld2flag;
> - int i = 0;
> -
> - p = po;
> - while ((p != NULL) && (i < 3)) {
> - val = strsep(&p, ":");
> - array[i++] = val;
> - }
> -
> - if ((p != NULL) || !(array[0] && array[1] && array[2]))
> - errx(1, "Invalid Large-Community syntax");
> -
> - as = getcommunity(array[0], 1, &asflag);
> - ld1 = getcommunity(array[1], 1, &ld1flag);
> - ld2 = getcommunity(array[2], 1, &ld2flag);
> -
> - free(po);
> -
> - if ((fs = calloc(1, sizeof(struct filter_set))) == NULL)
> - err(1, NULL);
> - fs->type = ACTION_SET_COMMUNITY;
> - fs->action.community.type = COMMUNITY_TYPE_LARGE;
> - fs->action.community.c.l.data1 = as;
> - fs->action.community.c.l.data2 = ld1;
> - fs->action.community.c.l.data3 = ld2;
> - fs->action.community.dflag1 = asflag;
> - fs->action.community.dflag2 = ld1flag;
> - fs->action.community.dflag3 = ld2flag;
> -
> - r->community = fs->action.community;
> -
> - TAILQ_INSERT_TAIL(&r->set, fs, entry);
> - return (1);
> + errx(1, "Bad ext-community bad format for type");
> }
>
> int
> Index: usr.sbin/bgpctl/parser.h
> ===================================================================
> RCS file: /cvs/src/usr.sbin/bgpctl/parser.h,v
> retrieving revision 1.34
> diff -u -p -r1.34 parser.h
> --- usr.sbin/bgpctl/parser.h 20 Jan 2019 23:30:15 -0000 1.34
> +++ usr.sbin/bgpctl/parser.h 7 Feb 2019 10:11:19 -0000
> @@ -67,6 +67,8 @@ struct parse_result {
> char rib[PEER_DESCR_LEN];
> char shutcomm[SHUT_COMM_LEN];
> char *irr_outdir;
> + const char *ext_comm_subtype;
> + u_int64_t rd;
> int flags;
> int is_group;
> u_int8_t validation_state;
> Index: usr.sbin/bgpd/bgpd.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/bgpd/bgpd.c,v
> retrieving revision 1.207
> diff -u -p -r1.207 bgpd.c
> --- usr.sbin/bgpd/bgpd.c 20 Jan 2019 06:13:40 -0000 1.207
> +++ usr.sbin/bgpd/bgpd.c 7 Feb 2019 10:11:19 -0000
> @@ -173,7 +173,7 @@ main(int argc, char *argv[])
>
> if (cmd_opts & BGPD_OPT_VERBOSE)
> print_config(conf, &ribnames, &conf->networks, peer_l,
> - conf->filters, conf->mrt, &conf->rdomains);
> + conf->filters, conf->mrt, &conf->l3vpns);
> else
> fprintf(stderr, "configuration OK\n");
> exit(0);
> @@ -438,7 +438,7 @@ reconfigure(char *conffile, struct bgpd_
> struct filter_rule *r;
> struct listen_addr *la;
> struct rde_rib *rr;
> - struct rdomain *rd;
> + struct l3vpn *vpn;
> struct as_set *aset;
> struct prefixset *ps;
> struct prefixset_item *psi, *npsi;
> @@ -512,8 +512,7 @@ reconfigure(char *conffile, struct bgpd_
> }
>
> /* networks go via kroute to the RDE */
> - if (kr_net_reload(conf->default_tableid, &conf->networks))
> - return (-1);
> + kr_net_reload(conf->default_tableid, 0, &conf->networks);
>
> /* prefixsets for filters in the RDE */
> while ((ps = SIMPLEQ_FIRST(&conf->prefixsets)) != NULL) {
> @@ -627,43 +626,42 @@ reconfigure(char *conffile, struct bgpd_
> free(r);
> }
>
> - while ((rd = SIMPLEQ_FIRST(&conf->rdomains)) != NULL) {
> - SIMPLEQ_REMOVE_HEAD(&conf->rdomains, entry);
> - if (ktable_update(rd->rtableid, rd->descr, rd->flags,
> + while ((vpn = SIMPLEQ_FIRST(&conf->l3vpns)) != NULL) {
> + SIMPLEQ_REMOVE_HEAD(&conf->l3vpns, entry);
> + if (ktable_update(vpn->rtableid, vpn->descr, vpn->flags,
> conf->fib_priority) == -1) {
> log_warnx("failed to load rdomain %d",
> - rd->rtableid);
> + vpn->rtableid);
> return (-1);
> }
> /* networks go via kroute to the RDE */
> - if (kr_net_reload(rd->rtableid, &rd->net_l))
> - return (-1);
> + kr_net_reload(vpn->rtableid, vpn->rd, &vpn->net_l);
>
> - if (imsg_compose(ibuf_rde, IMSG_RECONF_RDOMAIN, 0, 0, -1,
> - rd, sizeof(*rd)) == -1)
> + if (imsg_compose(ibuf_rde, IMSG_RECONF_VPN, 0, 0, -1,
> + vpn, sizeof(*vpn)) == -1)
> return (-1);
>
> /* export targets */
> - if (imsg_compose(ibuf_rde, IMSG_RECONF_RDOMAIN_EXPORT, 0, 0,
> + if (imsg_compose(ibuf_rde, IMSG_RECONF_VPN_EXPORT, 0, 0,
> -1, NULL, 0) == -1)
> return (-1);
> - if (send_filterset(ibuf_rde, &rd->export) == -1)
> + if (send_filterset(ibuf_rde, &vpn->export) == -1)
> return (-1);
> - filterset_free(&rd->export);
> + filterset_free(&vpn->export);
>
> /* import targets */
> - if (imsg_compose(ibuf_rde, IMSG_RECONF_RDOMAIN_IMPORT, 0, 0,
> + if (imsg_compose(ibuf_rde, IMSG_RECONF_VPN_IMPORT, 0, 0,
> -1, NULL, 0) == -1)
> return (-1);
> - if (send_filterset(ibuf_rde, &rd->import) == -1)
> + if (send_filterset(ibuf_rde, &vpn->import) == -1)
> return (-1);
> - filterset_free(&rd->import);
> + filterset_free(&vpn->import);
>
> - if (imsg_compose(ibuf_rde, IMSG_RECONF_RDOMAIN_DONE, 0, 0,
> + if (imsg_compose(ibuf_rde, IMSG_RECONF_VPN_DONE, 0, 0,
> -1, NULL, 0) == -1)
> return (-1);
>
> - free(rd);
> + free(vpn);
> }
>
> /* send a drain message to know when all messages where processed */
> Index: usr.sbin/bgpd/bgpd.conf.5
> ===================================================================
> RCS file: /cvs/src/usr.sbin/bgpd/bgpd.conf.5,v
> retrieving revision 1.183
> diff -u -p -r1.183 bgpd.conf.5
> --- usr.sbin/bgpd/bgpd.conf.5 4 Feb 2019 20:32:23 -0000 1.183
> +++ usr.sbin/bgpd/bgpd.conf.5 7 Feb 2019 10:11:19 -0000
> @@ -558,37 +558,56 @@ See also the
> section.
> .Sh MPLS VPN CONFIGURATION
> .Xr bgpd 8
> -supports the setup and distribution of Virtual Private Networks.
> -It is possible to import and export prefixes between routing domains.
> -Each routing domain is specified by an
> -.Ic rdomain
> -section, which allows properties to be set specifically for that rdomain:
> +supports the setup and distribution of MPLS Virtual Private Networks.
> +A router can be configured to participate in a VPN by specifying a
> +.Ic vpn
> +section with a description for the VPN and an
> +.Xr mpe 4
> +interface.
> +.Pp
> +The vpn configuraion section allows properties to be set specifically
> +for that VPN:
> .Bd -literal -offset indent
> -rdomain 1 {
> - descr "a rdomain"
> - rd 65002:1
> +vpn "description" on mpe1 {
> + rd 65002:1
> import-target rt 65002:42
> export-target rt 65002:42
> network 192.168.1/24
> - depend on mpe0
> }
> .Ed
> .Pp
> -There are several routing domain properties:
> -.Pp
> -.Bl -tag -width Ds -compact
> -.It Ic depend on Ar interface
> -Routes added to the rdomain will use this interface as the outgoing
> interface.
> -Normally this will be an MPLS Provider Edge,
> -.Xr mpe 4 ,
> -interface that is part of the rdomain.
> -Local networks will be announced with the MPLS label specified on the
> interface.
> -.Pp
> -.It Ic descr Ar description
> -Add a description.
> The description is used when logging but has no further meaning to
> .Xr bgpd 8 .
> .Pp
> +The
> +.Xr mpe 4
> +interface will be used as the outgoing interface for routes to
> +the VPN, and local networks will be annouced with the MPLS label
> +specified on the interface.
> +The interface can provide VPN connectivity for another rdomain by
> +being configured in that rdomain.
> +The required rdomain must be configured on the interface before
> +.Xr bgpd 8
> +uses it.
> +Multiple VPNs may be connected to a single rdomain, including the rdomain
> that
> +.Xr bgpd 8
> +is running in.
> +.Pp
> +An example
> +.Xr hostname.if 8
> +configuration for an
> +.Xr mpe 4
> +interface providing connectivity to rdomain 1:
> +.Bd -literal -offset indent
> +rdomain 1
> +mplslabel 2000
> +inet 192.198.0.1 255.255.255.255
> +up
> +.Ed
> +.Pp
> +There are several VPN properties:
> +.Pp
> +.Bl -tag -width Ds -compact
> .It Ic export-target Ar subtype Ar as-number : Ns Ar local
> .It Ic export-target Ar subtype Ar IP : Ns Ar local
> Specify an extended community which will be attached to announced networks.
> Index: usr.sbin/bgpd/bgpd.h
> ===================================================================
> RCS file: /cvs/src/usr.sbin/bgpd/bgpd.h,v
> retrieving revision 1.364
> diff -u -p -r1.364 bgpd.h
> --- usr.sbin/bgpd/bgpd.h 4 Feb 2019 18:53:10 -0000 1.364
> +++ usr.sbin/bgpd/bgpd.h 7 Feb 2019 10:11:19 -0000
> @@ -81,7 +81,6 @@
> #define F_BLACKHOLE 0x0100
> #define F_LONGER 0x0200
> #define F_MPLS 0x0400
> -#define F_REDISTRIBUTED 0x0800
> #define F_CTL_DETAIL 0x1000 /* only used by bgpctl */
> #define F_CTL_ADJ_IN 0x2000
> #define F_CTL_ADJ_OUT 0x4000
> @@ -231,8 +230,8 @@ struct listen_addr {
> TAILQ_HEAD(listen_addrs, listen_addr);
> TAILQ_HEAD(filter_set_head, filter_set);
>
> -struct rdomain;
> -SIMPLEQ_HEAD(rdomain_head, rdomain);
> +struct l3vpn;
> +SIMPLEQ_HEAD(l3vpn_head, l3vpn);
>
> struct network;
> TAILQ_HEAD(network_head, network);
> @@ -267,7 +266,7 @@ struct filter_rule;
> TAILQ_HEAD(filter_head, filter_rule);
>
> struct bgpd_config {
> - struct rdomain_head rdomains;
> + struct l3vpn_head l3vpns;
> struct network_head networks;
> struct filter_head *filters;
> struct listen_addrs *listen_addrs;
> @@ -411,7 +410,7 @@ struct network_config {
> struct filter_set_head attrset;
> struct rde_aspath *asp;
> char psname[SET_NAME_LEN];
> - u_int rtableid;
> + u_int64_t rd;
> u_int16_t rtlabel;
> enum network_type type;
> u_int8_t prefixlen;
> @@ -467,10 +466,10 @@ enum imsg_type {
> IMSG_RECONF_FILTER,
> IMSG_RECONF_LISTENER,
> IMSG_RECONF_CTRL,
> - IMSG_RECONF_RDOMAIN,
> - IMSG_RECONF_RDOMAIN_EXPORT,
> - IMSG_RECONF_RDOMAIN_IMPORT,
> - IMSG_RECONF_RDOMAIN_DONE,
> + IMSG_RECONF_VPN,
> + IMSG_RECONF_VPN_EXPORT,
> + IMSG_RECONF_VPN_IMPORT,
> + IMSG_RECONF_VPN_DONE,
> IMSG_RECONF_PREFIX_SET,
> IMSG_RECONF_PREFIX_SET_ITEM,
> IMSG_RECONF_AS_SET,
> @@ -567,15 +566,18 @@ enum suberr_cease {
> struct kroute_node;
> struct kroute6_node;
> struct knexthop_node;
> +struct kredist_node;
> RB_HEAD(kroute_tree, kroute_node);
> RB_HEAD(kroute6_tree, kroute6_node);
> RB_HEAD(knexthop_tree, knexthop_node);
> +RB_HEAD(kredist_tree, kredist_node);
>
> struct ktable {
> char descr[PEER_DESCR_LEN];
> struct kroute_tree krt;
> struct kroute6_tree krt6;
> struct knexthop_tree knt;
> + struct kredist_tree kredist;
> struct network_head krn;
> u_int rtableid;
> u_int nhtableid; /* rdomain id for nexthop lookup */
> @@ -1024,8 +1026,8 @@ struct as_set {
> int dirty;
> };
>
> -struct rdomain {
> - SIMPLEQ_ENTRY(rdomain) entry;
> +struct l3vpn {
> + SIMPLEQ_ENTRY(l3vpn) entry;
> char descr[PEER_DESCR_LEN];
> char ifmpe[IFNAMSIZ];
> struct filter_set_head import;
> @@ -1176,7 +1178,7 @@ void kr_nexthop_delete(u_int32_t, stru
> struct bgpd_config *);
> void kr_show_route(struct imsg *);
> void kr_ifinfo(char *);
> -int kr_net_reload(u_int, struct network_head *);
> +void kr_net_reload(u_int, u_int64_t, struct network_head *);
> int kr_reload(void);
> struct in6_addr *prefixlen2mask6(u_int8_t prefixlen);
>
> Index: usr.sbin/bgpd/config.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/bgpd/config.c,v
> retrieving revision 1.79
> diff -u -p -r1.79 config.c
> --- usr.sbin/bgpd/config.c 27 Dec 2018 20:23:24 -0000 1.79
> +++ usr.sbin/bgpd/config.c 7 Feb 2019 10:11:19 -0000
> @@ -39,7 +39,7 @@
> u_int32_t get_bgpid(void);
> int host_ip(const char *, struct bgpd_addr *, u_int8_t *);
> void free_networks(struct network_head *);
> -void free_rdomains(struct rdomain_head *);
> +void free_l3vpns(struct l3vpn_head *);
>
> struct bgpd_config *
> new_config(void)
> @@ -75,7 +75,7 @@ new_config(void)
>
> /* init the various list for later */
> TAILQ_INIT(&conf->networks);
> - SIMPLEQ_INIT(&conf->rdomains);
> + SIMPLEQ_INIT(&conf->l3vpns);
> SIMPLEQ_INIT(&conf->prefixsets);
> SIMPLEQ_INIT(&conf->originsets);
> RB_INIT(&conf->roa);
> @@ -101,16 +101,16 @@ free_networks(struct network_head *netwo
> }
>
> void
> -free_rdomains(struct rdomain_head *rdomains)
> +free_l3vpns(struct l3vpn_head *l3vpns)
> {
> - struct rdomain *rd;
> + struct l3vpn *vpn;
>
> - while ((rd = SIMPLEQ_FIRST(rdomains)) != NULL) {
> - SIMPLEQ_REMOVE_HEAD(rdomains, entry);
> - filterset_free(&rd->export);
> - filterset_free(&rd->import);
> - free_networks(&rd->net_l);
> - free(rd);
> + while ((vpn = SIMPLEQ_FIRST(l3vpns)) != NULL) {
> + SIMPLEQ_REMOVE_HEAD(l3vpns, entry);
> + filterset_free(&vpn->export);
> + filterset_free(&vpn->import);
> + free_networks(&vpn->net_l);
> + free(vpn);
> }
> }
>
> @@ -145,7 +145,7 @@ free_config(struct bgpd_config *conf)
> struct listen_addr *la;
> struct mrt *m;
>
> - free_rdomains(&conf->rdomains);
> + free_l3vpns(&conf->l3vpns);
> free_networks(&conf->networks);
> filterlist_free(conf->filters);
> free_prefixsets(&conf->prefixsets);
> @@ -250,9 +250,9 @@ merge_config(struct bgpd_config *xconf,
> TAILQ_INSERT_TAIL(&xconf->networks, n, entry);
> }
>
> - /* switch the rdomain configs, first remove the old ones */
> - free_rdomains(&xconf->rdomains);
> - SIMPLEQ_CONCAT(&xconf->rdomains, &conf->rdomains);
> + /* switch the l3vpn configs, first remove the old ones */
> + free_l3vpns(&xconf->l3vpns);
> + SIMPLEQ_CONCAT(&xconf->l3vpns, &conf->l3vpns);
>
> /*
> * merge new listeners:
> @@ -469,27 +469,42 @@ prepare_listeners(struct bgpd_config *co
> }
>
> int
> -get_mpe_label(struct rdomain *r)
> +get_mpe_config(const char *name, u_int *rdomain, u_int *label)
> {
> struct ifreq ifr;
> struct shim_hdr shim;
> int s;
>
> + *label = 0;
> + *rdomain = 0;
> +
> s = socket(AF_INET, SOCK_DGRAM, 0);
> if (s == -1)
> return (-1);
>
> bzero(&shim, sizeof(shim));
> bzero(&ifr, sizeof(ifr));
> - strlcpy(ifr.ifr_name, r->ifmpe, sizeof(ifr.ifr_name));
> + strlcpy(ifr.ifr_name, name, sizeof(ifr.ifr_name));
> ifr.ifr_data = (caddr_t)&shim;
>
> if (ioctl(s, SIOCGETLABEL, (caddr_t)&ifr) == -1) {
> close(s);
> return (-1);
> }
> +
> + ifr.ifr_data = NULL;
> + if (ioctl(s, SIOCGIFRDOMAIN, (caddr_t)&ifr) == -1) {
> + close(s);
> + return (-1);
> + }
> +
> close(s);
> - r->label = shim.shim_label;
> +
> + *rdomain = ifr.ifr_rdomainid;
> + *label = shim.shim_label;
> +
> + log_debug("%s: rdomain %u label %u", __func__, *rdomain, *label);
> +
> return (0);
> }
>
> Index: usr.sbin/bgpd/kroute.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/bgpd/kroute.c,v
> retrieving revision 1.229
> diff -u -p -r1.229 kroute.c
> --- usr.sbin/bgpd/kroute.c 18 Jan 2019 23:30:45 -0000 1.229
> +++ usr.sbin/bgpd/kroute.c 7 Feb 2019 10:11:19 -0000
> @@ -65,6 +65,14 @@ struct knexthop_node {
> void *kroute;
> };
>
> +struct kredist_node {
> + RB_ENTRY(kredist_node) entry;
> + struct bgpd_addr prefix;
> + u_int64_t rd;
> + u_int8_t prefixlen;
> + u_int8_t dynamic;
> +};
> +
> struct kif_kr {
> LIST_ENTRY(kif_kr) entry;
> struct kroute_node *kr;
> @@ -99,16 +107,16 @@ int kr6_delete(struct ktable *, struct k
> int krVPN4_delete(struct ktable *, struct kroute_full *, u_int8_t);
> int krVPN6_delete(struct ktable *, struct kroute_full *, u_int8_t);
> void kr_net_delete(struct network *);
> -struct network *kr_net_match(struct ktable *, struct kroute *);
> -struct network *kr_net_match6(struct ktable *, struct kroute6 *);
> +int kr_net_match(struct ktable *, struct network_config *, u_int16_t);
> struct network *kr_net_find(struct ktable *, struct network *);
> -int kr_redistribute(int, struct ktable *, struct kroute *);
> -int kr_redistribute6(int, struct ktable *, struct kroute6 *);
> +void kr_redistribute(int, struct ktable *, struct kroute *);
> +void kr_redistribute6(int, struct ktable *, struct kroute6 *);
> struct kroute_full *kr_tofull(struct kroute *);
> struct kroute_full *kr6_tofull(struct kroute6 *);
> int kroute_compare(struct kroute_node *, struct kroute_node *);
> int kroute6_compare(struct kroute6_node *, struct kroute6_node *);
> int knexthop_compare(struct knexthop_node *, struct knexthop_node *);
> +int kredist_compare(struct kredist_node *, struct kredist_node *);
> int kif_compare(struct kif_node *, struct kif_node *);
> void kr_fib_update_prio(u_int, u_int8_t);
>
> @@ -185,6 +193,9 @@ RB_GENERATE(kroute6_tree, kroute6_node,
> RB_PROTOTYPE(knexthop_tree, knexthop_node, entry, knexthop_compare)
> RB_GENERATE(knexthop_tree, knexthop_node, entry, knexthop_compare)
>
> +RB_PROTOTYPE(kredist_tree, kredist_node, entry, kredist_compare)
> +RB_GENERATE(kredist_tree, kredist_node, entry, kredist_compare)
> +
> RB_HEAD(kif_tree, kif_node) kit;
> RB_PROTOTYPE(kif_tree, kif_node, entry, kif_compare)
> RB_GENERATE(kif_tree, kif_node, entry, kif_compare)
> @@ -399,35 +410,6 @@ ktable_update(u_int rtableid, char *name
> return (0);
> }
>
> -void
> -ktable_preload(void)
> -{
> - struct ktable *kt;
> - u_int i;
> -
> - for (i = 0; i < krt_size; i++) {
> - if ((kt = ktable_get(i)) == NULL)
> - continue;
> - kt->state = RECONF_DELETE;
> - }
> -}
> -
> -void
> -ktable_postload(u_int8_t fib_prio)
> -{
> - struct ktable *kt;
> - u_int i;
> -
> - for (i = krt_size; i > 0; i--) {
> - if ((kt = ktable_get(i - 1)) == NULL)
> - continue;
> - if (kt->state == RECONF_DELETE)
> - ktable_free(i - 1, fib_prio);
> - else if (kt->state == RECONF_REINIT)
> - kt->fib_sync = kt->fib_conf;
> - }
> -}
> -
> int
> ktable_exists(u_int rtableid, u_int *rdomid)
> {
> @@ -1199,93 +1181,105 @@ kr_net_delete(struct network *n)
> free(n);
> }
>
> -struct network *
> -kr_net_match(struct ktable *kt, struct kroute *kr)
> +static int
> +kr_net_redist_add(struct ktable *kt, struct network_config *net,
> + struct filter_set_head *attr, int dynamic)
> +{
> + struct kredist_node *r, *xr;
> +
> + if ((r = calloc(1, sizeof(*r))) == NULL)
> + fatal("%s", __func__);
> + r->prefix = net->prefix;
> + r->prefixlen = net->prefixlen;
> + r->rd = net->rd;
> + r->dynamic = dynamic;
> +
> + xr = RB_INSERT(kredist_tree, &kt->kredist, r);
> + if (xr != NULL && dynamic != xr->dynamic) {
> + if (dynamic) {
> + /*
> + * ignore update, a non-dynamic announcement
> + * is already present.
> + */
> + free(r);
> + return 0;
> + }
> + /* non-dynamic announcments are preferred */
> + xr->dynamic = dynamic;
> + }
> +
> + if (send_network(IMSG_NETWORK_ADD, net, attr) == -1)
> + log_warnx("%s: faild to send network update", __func__);
> + return 1;
> +}
> +
> +static void
> +kr_net_redist_del(struct ktable *kt, struct network_config *net, int dynamic)
> {
> - struct network *xn;
> + struct kredist_node *r, node;
>
> - TAILQ_FOREACH(xn, &kt->krn, entry) {
> - if (xn->net.prefix.aid != AID_INET)
> - continue;
> - switch (xn->net.type) {
> - case NETWORK_DEFAULT:
> - if (xn->net.prefixlen == kr->prefixlen &&
> - xn->net.prefix.v4.s_addr == kr->prefix.s_addr)
> - /* static match already redistributed */
> - return (NULL);
> - break;
> - case NETWORK_STATIC:
> - if (kr->flags & F_STATIC)
> - return (xn);
> - break;
> - case NETWORK_CONNECTED:
> - if (kr->flags & F_CONNECTED)
> - return (xn);
> - break;
> - case NETWORK_RTLABEL:
> - if (kr->labelid == xn->net.rtlabel)
> - return (xn);
> - break;
> - case NETWORK_MRTCLONE:
> - /* can not happen */
> - break;
> - case NETWORK_PRIORITY:
> - if (kr->priority == xn->net.priority)
> - return (xn);
> - break;
> - case NETWORK_PREFIXSET:
> - /* must not happen */
> - log_warnx("%s: found a NETWORK_PREFIXSET, "
> - "please send a bug report", __func__);
> - break;
> - }
> + bzero(&node, sizeof(node));
> + node.prefix = net->prefix;
> + node.prefixlen = net->prefixlen;
> + node.rd = net->rd;
> +
> + r = RB_FIND(kredist_tree, &kt->kredist, &node);
> + if (r == NULL || dynamic != r->dynamic)
> + return;
> +
> + if (RB_REMOVE(kredist_tree, &kt->kredist, r) == NULL) {
> + log_warnx("%s: failed to remove network %s/%u", __func__,
> + log_addr(&node.prefix), node.prefixlen);
> + return;
> }
> - return (NULL);
> + free(r);
> +
> + if (send_network(IMSG_NETWORK_REMOVE, net, NULL) == -1)
> + log_warnx("%s: faild to send network update", __func__);
> }
>
> -struct network *
> -kr_net_match6(struct ktable *kt, struct kroute6 *kr6)
> +int
> +kr_net_match(struct ktable *kt, struct network_config *net, u_int16_t flags)
> {
> struct network *xn;
> + int matched = 0;
>
> TAILQ_FOREACH(xn, &kt->krn, entry) {
> - if (xn->net.prefix.aid != AID_INET6)
> + if (xn->net.prefix.aid != net->prefix.aid)
> continue;
> switch (xn->net.type) {
> case NETWORK_DEFAULT:
> - if (xn->net.prefixlen == kr6->prefixlen &&
> - memcmp(&xn->net.prefix.v6, &kr6->prefix,
> - sizeof(struct in6_addr)) == 0)
> - /* static match already redistributed */
> - return (NULL);
> - break;
> + /* static match already redistributed */
> + continue;
> case NETWORK_STATIC:
> - if (kr6->flags & F_STATIC)
> - return (xn);
> - break;
> + if (flags & F_STATIC)
> + break;
> + continue;
> case NETWORK_CONNECTED:
> - if (kr6->flags & F_CONNECTED)
> - return (xn);
> - break;
> + if (flags & F_CONNECTED)
> + break;
> + continue;
> case NETWORK_RTLABEL:
> - if (kr6->labelid == xn->net.rtlabel)
> - return (xn);
> - break;
> - case NETWORK_MRTCLONE:
> - /* can not happen */
> - break;
> + if (net->rtlabel == xn->net.rtlabel)
> + break;
> + continue;
> case NETWORK_PRIORITY:
> - if (kr6->priority == xn->net.priority)
> - return (xn);
> - break;
> + if (net->priority == xn->net.priority)
> + break;
> + continue;
> + case NETWORK_MRTCLONE:
> case NETWORK_PREFIXSET:
> /* must not happen */
> log_warnx("%s: found a NETWORK_PREFIXSET, "
> "please send a bug report", __func__);
> - break;
> + continue;
> }
> +
> + net->rd = xn->net.rd;
> + if (kr_net_redist_add(kt, net, &xn->net.attrset, 1))
> + matched = 1;
> }
> - return (NULL);
> + return matched;
> }
>
> struct network *
> @@ -1296,7 +1290,7 @@ kr_net_find(struct ktable *kt, struct ne
> TAILQ_FOREACH(xn, &kt->krn, entry) {
> if (n->net.type != xn->net.type ||
> n->net.prefixlen != xn->net.prefixlen ||
> - n->net.rtableid != xn->net.rtableid)
> + n->net.rd != xn->net.rd)
> continue;
> if (memcmp(&n->net.prefix, &xn->net.prefix,
> sizeof(n->net.prefix)) == 0)
> @@ -1305,26 +1299,21 @@ kr_net_find(struct ktable *kt, struct ne
> return (NULL);
> }
>
> -int
> -kr_net_reload(u_int rtableid, struct network_head *nh)
> +void
> +kr_net_reload(u_int rtableid, u_int64_t rd, struct network_head *nh)
> {
> struct network *n, *xn;
> struct ktable *kt;
>
> - if ((kt = ktable_get(rtableid)) == NULL) {
> - log_warnx("%s: non-existent rtableid %d", __func__, rtableid);
> - return (-1);
> - }
> -
> - TAILQ_FOREACH(n, &kt->krn, entry)
> - n->net.old = 1;
> + if ((kt = ktable_get(rtableid)) == NULL)
> + fatalx("%s: non-existent rtableid %d", __func__, rtableid);
>
> while ((n = TAILQ_FIRST(nh)) != NULL) {
> log_debug("%s: processing %s/%u", __func__,
> log_addr(&n->net.prefix), n->net.prefixlen);
> TAILQ_REMOVE(nh, n, entry);
> n->net.old = 0;
> - n->net.rtableid = rtableid;
> + n->net.rd = rd;
> xn = kr_net_find(kt, n);
> if (xn) {
> xn->net.old = 0;
> @@ -1334,44 +1323,33 @@ kr_net_reload(u_int rtableid, struct net
> } else
> TAILQ_INSERT_TAIL(&kt->krn, n, entry);
> }
> -
> - for (n = TAILQ_FIRST(&kt->krn); n != NULL; n = xn) {
> - xn = TAILQ_NEXT(n, entry);
> - if (n->net.old) {
> - if (n->net.type == NETWORK_DEFAULT)
> - if (send_network(IMSG_NETWORK_REMOVE, &n->net,
> - NULL))
> - return (-1);
> - TAILQ_REMOVE(&kt->krn, n, entry);
> - kr_net_delete(n);
> - }
> - }
> -
> - return (0);
> }
>
> -int
> +void
> kr_redistribute(int type, struct ktable *kt, struct kroute *kr)
> {
> - struct network *match;
> struct network_config net;
> u_int32_t a;
>
> + bzero(&net, sizeof(net));
> + net.prefix.aid = AID_INET;
> + net.prefix.v4.s_addr = kr->prefix.s_addr;
> + net.prefixlen = kr->prefixlen;
> + net.rtlabel = kr->labelid;
> + net.priority = kr->priority;
> +
> /* shortcut for removals */
> if (type == IMSG_NETWORK_REMOVE) {
> - if (!(kr->flags & F_REDISTRIBUTED))
> - return (0); /* no match, don't redistribute */
> - kr->flags &= ~F_REDISTRIBUTED;
> - match = NULL;
> - goto sendit;
> + kr_net_redist_del(kt, &net, 1);
> + return;
> }
>
> if (!(kr->flags & F_KERNEL))
> - return (0);
> + return;
>
> /* Dynamic routes are not redistributable. */
> if (kr->flags & F_DYNAMIC)
> - return (0);
> + return;
>
> /*
> * We consider the loopback net, multicast and experimental addresses
> @@ -1380,61 +1358,48 @@ kr_redistribute(int type, struct ktable
> a = ntohl(kr->prefix.s_addr);
> if (IN_MULTICAST(a) || IN_BADCLASS(a) ||
> (a >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET)
> - return (0);
> + return;
>
> /* Consider networks with nexthop loopback as not redistributable. */
> if (kr->nexthop.s_addr == htonl(INADDR_LOOPBACK))
> - return (0);
> + return;
>
> /*
> * never allow 0.0.0.0/0 the default route can only be redistributed
> * with announce default.
> */
> if (kr->prefix.s_addr == INADDR_ANY && kr->prefixlen == 0)
> - return (0);
> -
> - match = kr_net_match(kt, kr);
> - if (match == NULL) {
> - if (!(kr->flags & F_REDISTRIBUTED))
> - return (0); /* no match, don't redistribute */
> - /* route no longer matches but is redistributed, so remove */
> - kr->flags &= ~F_REDISTRIBUTED;
> - type = IMSG_NETWORK_REMOVE;
> - } else
> - kr->flags |= F_REDISTRIBUTED;
> -
> -sendit:
> - bzero(&net, sizeof(net));
> - net.prefix.aid = AID_INET;
> - net.prefix.v4.s_addr = kr->prefix.s_addr;
> - net.prefixlen = kr->prefixlen;
> - net.rtlabel = kr->labelid;
> - net.rtableid = kt->rtableid;
> + return;
>
> - return (send_network(type, &net, match ? &match->net.attrset : NULL));
> + if (kr_net_match(kt, &net, kr->flags) == 0)
> + /* no longer matches, if still present remove it */
> + kr_net_redist_del(kt, &net, 1);
> }
>
> -int
> +void
> kr_redistribute6(int type, struct ktable *kt, struct kroute6 *kr6)
> {
> - struct network *match;
> struct network_config net;
>
> + bzero(&net, sizeof(net));
> + net.prefix.aid = AID_INET6;
> + memcpy(&net.prefix.v6, &kr6->prefix, sizeof(struct in6_addr));
> + net.prefixlen = kr6->prefixlen;
> + net.rtlabel = kr6->labelid;
> + net.priority = kr6->priority;
> +
> /* shortcut for removals */
> if (type == IMSG_NETWORK_REMOVE) {
> - if (!(kr6->flags & F_REDISTRIBUTED))
> - return (0); /* no match, don't redistribute */
> - kr6->flags &= ~F_REDISTRIBUTED;
> - match = NULL;
> - goto sendit;
> + kr_net_redist_del(kt, &net, 1);
> + return;
> }
>
> if (!(kr6->flags & F_KERNEL))
> - return (0);
> + return;
>
> /* Dynamic routes are not redistributable. */
> if (kr6->flags & F_DYNAMIC)
> - return (0);
> + return;
>
> /*
> * We consider unspecified, loopback, multicast, link- and site-local,
> @@ -1447,13 +1412,13 @@ kr_redistribute6(int type, struct ktable
> IN6_IS_ADDR_SITELOCAL(&kr6->prefix) ||
> IN6_IS_ADDR_V4MAPPED(&kr6->prefix) ||
> IN6_IS_ADDR_V4COMPAT(&kr6->prefix))
> - return (0);
> + return;
>
> /*
> * Consider networks with nexthop loopback as not redistributable.
> */
> if (IN6_IS_ADDR_LOOPBACK(&kr6->nexthop))
> - return (0);
> + return;
>
> /*
> * never allow ::/0 the default route can only be redistributed
> @@ -1461,26 +1426,57 @@ kr_redistribute6(int type, struct ktable
> */
> if (kr6->prefixlen == 0 &&
> memcmp(&kr6->prefix, &in6addr_any, sizeof(struct in6_addr)) == 0)
> - return (0);
> + return;
>
> - match = kr_net_match6(kt, kr6);
> - if (match == NULL) {
> - if (!(kr6->flags & F_REDISTRIBUTED))
> - return (0); /* no match, don't redistribute */
> - /* route no longer matches but is redistributed, so remove */
> - kr6->flags &= ~F_REDISTRIBUTED;
> - type = IMSG_NETWORK_REMOVE;
> - } else
> - kr6->flags |= F_REDISTRIBUTED;
> -sendit:
> - bzero(&net, sizeof(net));
> - net.prefix.aid = AID_INET6;
> - memcpy(&net.prefix.v6, &kr6->prefix, sizeof(struct in6_addr));
> - net.prefixlen = kr6->prefixlen;
> - net.rtlabel = kr6->labelid;
> - net.rtableid = kt->rtableid;
> + if (kr_net_match(kt, &net, kr6->flags) == 0)
> + /* no longer matches, if still present remove it */
> + kr_net_redist_del(kt, &net, 1);
> +}
> +
> +void
> +ktable_preload(void)
> +{
> + struct ktable *kt;
> + struct network *n;
> + u_int i;
> +
> + for (i = 0; i < krt_size; i++) {
> + if ((kt = ktable_get(i)) == NULL)
> + continue;
> + kt->state = RECONF_DELETE;
> +
> + /* mark all networks as old */
> + TAILQ_FOREACH(n, &kt->krn, entry)
> + n->net.old = 1;
> + }
> +}
> +
> +void
> +ktable_postload(u_int8_t fib_prio)
> +{
> + struct ktable *kt;
> + struct network *n, *xn;
> + u_int i;
> +
> + for (i = krt_size; i > 0; i--) {
> + if ((kt = ktable_get(i - 1)) == NULL)
> + continue;
> + if (kt->state == RECONF_DELETE) {
> + ktable_free(i - 1, fib_prio);
> + continue;
> + } else if (kt->state == RECONF_REINIT)
> + kt->fib_sync = kt->fib_conf;
>
> - return (send_network(type, &net, match ? &match->net.attrset : NULL));
> + /* cleanup old networks */
> + TAILQ_FOREACH_SAFE(n, &kt->krn, entry, xn) {
> + if (n->net.old) {
> + TAILQ_REMOVE(&kt->krn, n, entry);
> + if (n->net.type == NETWORK_DEFAULT)
> + kr_net_redist_del(kt, &n->net, 0);
> + kr_net_delete(n);
> + }
> + }
> + }
> }
>
> int
> @@ -1503,9 +1499,8 @@ kr_reload(void)
>
> TAILQ_FOREACH(n, &kt->krn, entry)
> if (n->net.type == NETWORK_DEFAULT) {
> - if (send_network(IMSG_NETWORK_ADD, &n->net,
> - &n->net.attrset))
> - return (-1);
> + kr_net_redist_add(kt, &n->net,
> + &n->net.attrset, 0);
> } else
> hasdyn = 1;
>
> @@ -1640,13 +1635,53 @@ knexthop_compare(struct knexthop_node *a
> }
> break;
> default:
> - fatalx("knexthop_compare: unknown AF");
> + fatalx("%s: unknown AF", __func__);
> }
>
> return (0);
> }
>
> int
> +kredist_compare(struct kredist_node *a, struct kredist_node *b)
> +{
> + int i;
> +
> + if (a->prefix.aid != b->prefix.aid)
> + return (b->prefix.aid - a->prefix.aid);
> +
> + if (a->prefixlen < b->prefixlen)
> + return (-1);
> + if (a->prefixlen > b->prefixlen)
> + return (1);
> +
> + switch (a->prefix.aid) {
> + case AID_INET:
> + if (ntohl(a->prefix.v4.s_addr) < ntohl(b->prefix.v4.s_addr))
> + return (-1);
> + if (ntohl(a->prefix.v4.s_addr) > ntohl(b->prefix.v4.s_addr))
> + return (1);
> + break;
> + case AID_INET6:
> + for (i = 0; i < 16; i++) {
> + if (a->prefix.v6.s6_addr[i] < b->prefix.v6.s6_addr[i])
> + return (-1);
> + if (a->prefix.v6.s6_addr[i] > b->prefix.v6.s6_addr[i])
> + return (1);
> + }
> + break;
> + default:
> + fatalx("%s: unknown AF", __func__);
> + }
> +
> + if (a->rd < b->rd)
> + return (-1);
> + if (a->rd > b->rd)
> + return (1);
> +
> + return (0);
> +}
> +
> +int
> kif_compare(struct kif_node *a, struct kif_node *b)
> {
> return (b->k.ifindex - a->k.ifindex);
> @@ -3506,21 +3541,14 @@ dispatch_rtmsg_addr(struct rt_msghdr *rt
> changed = 1;
> kr->r.flags = flags;
>
> - if (rtlabel_changed) {
> - if (oflags & F_REDISTRIBUTED) {
> - kr->r.flags |= F_REDISTRIBUTED;
> - kr_redistribute(
> - IMSG_NETWORK_REMOVE, kt,
> - &kr->r);
> - }
> + if (rtlabel_changed)
> kr_redistribute(IMSG_NETWORK_ADD,
> kt, &kr->r);
> - }
>
> if ((oflags & F_CONNECTED) &&
> !(flags & F_CONNECTED)) {
> kif_kr_remove(kr);
> - kr_redistribute(IMSG_NETWORK_REMOVE,
> + kr_redistribute(IMSG_NETWORK_ADD,
> kt, &kr->r);
> }
> if ((flags & F_CONNECTED) &&
> @@ -3619,21 +3647,14 @@ add4:
> changed = 1;
> kr6->r.flags = flags;
>
> - if (rtlabel_changed) {
> - if (oflags & F_REDISTRIBUTED) {
> - kr6->r.flags |= F_REDISTRIBUTED;
> - kr_redistribute6(
> - IMSG_NETWORK_REMOVE, kt,
> - &kr6->r);
> - }
> + if (rtlabel_changed)
> kr_redistribute6(IMSG_NETWORK_ADD,
> kt, &kr6->r);
> - }
>
> if ((oflags & F_CONNECTED) &&
> !(flags & F_CONNECTED)) {
> kif_kr6_remove(kr6);
> - kr_redistribute6(IMSG_NETWORK_REMOVE,
> + kr_redistribute6(IMSG_NETWORK_ADD,
> kt, &kr6->r);
> }
> if ((flags & F_CONNECTED) &&
> Index: usr.sbin/bgpd/parse.y
> ===================================================================
> RCS file: /cvs/src/usr.sbin/bgpd/parse.y,v
> retrieving revision 1.369
> diff -u -p -r1.369 parse.y
> --- usr.sbin/bgpd/parse.y 4 Feb 2019 18:53:10 -0000 1.369
> +++ usr.sbin/bgpd/parse.y 7 Feb 2019 10:11:19 -0000
> @@ -91,7 +91,7 @@ static struct network_head *netconf;
> static struct peer *peer_l, *peer_l_old;
> static struct peer *curpeer;
> static struct peer *curgroup;
> -static struct rdomain *currdom;
> +static struct l3vpn *curvpn;
> static struct prefixset *curpset, *curoset;
> static struct prefixset_tree *curpsitree;
> static struct filter_head *filter_l;
> @@ -154,7 +154,6 @@ void optimize_filters(struct filter_he
> struct filter_rule *get_rule(enum action_types);
>
> int parsecommunity(struct filter_community *, int, char *);
> -int parsesubtype(char *, int *, int *);
> int parseextcommunity(struct filter_community *, char *,
> char *);
> static int new_as_set(char *);
> @@ -195,7 +194,7 @@ typedef struct {
> %}
>
> %token AS ROUTERID HOLDTIME YMIN LISTEN ON FIBUPDATE FIBPRIORITY RTABLE
> -%token RDOMAIN RD EXPORT EXPORTTRGT IMPORTTRGT
> +%token NONE UNICAST VPN RD EXPORT EXPORTTRGT IMPORTTRGT
> %token RDE RIB EVALUATE IGNORE COMPARE
> %token GROUP NEIGHBOR NETWORK
> %token EBGP IBGP
> @@ -223,7 +222,7 @@ typedef struct {
> %token <v.string> STRING
> %token <v.number> NUMBER
> %type <v.number> asnumber as4number as4number_any
> optnumber
> -%type <v.number> espah family restart origincode nettype
> +%type <v.number> espah family safi restart origincode
> nettype
> %type <v.number> yesno inout restricted validity
> %type <v.string> string
> %type <v.addr> address
> @@ -253,7 +252,7 @@ grammar : /* empty */
> | grammar roa_set '\n'
> | grammar origin_set '\n'
> | grammar conf_main '\n'
> - | grammar rdomain '\n'
> + | grammar l3vpn '\n'
> | grammar neighbor '\n'
> | grammar group '\n'
> | grammar filterrule '\n'
> @@ -1044,39 +1043,57 @@ optnumber : /* empty */ { $$ = 0; }
> | NUMBER
> ;
>
> -rdomain : RDOMAIN NUMBER {
> - if ($2 > RT_TABLEID_MAX) {
> - yyerror("rtable %llu too big: max %u", $2,
> - RT_TABLEID_MAX);
> - YYERROR;
> +l3vpn : VPN STRING ON STRING {
> + u_int rdomain, label;
> +
> + if (get_mpe_config($4, &rdomain, &label) == -1) {
> + yyerror("troubles getting config of %s", $4);
> + if ((cmd_opts & BGPD_OPT_NOACTION) == 0) {
> + free($4);
> + free($2);
> + YYERROR;
> + }
> }
> - if ((cmd_opts & BGPD_OPT_NOACTION) == 0 &&
> - ktable_exists($2, NULL) != 1) {
> - yyerror("rdomain %lld does not exist", $2);
> +
> + if (!(curvpn = calloc(1, sizeof(struct l3vpn))))
> + fatal(NULL);
> + strlcpy(curvpn->ifmpe, $4, IFNAMSIZ);
> +
> + if (strlcpy(curvpn->descr, $2,
> + sizeof(curvpn->descr)) >=
> + sizeof(curvpn->descr)) {
> + yyerror("descr \"%s\" too long: max %zu",
> + $2, sizeof(curvpn->descr) - 1);
> + free($2);
> + free($4);
> + free(curvpn);
> + curvpn = NULL;
> YYERROR;
> }
> - if (!(currdom = calloc(1, sizeof(struct rdomain))))
> - fatal(NULL);
> - currdom->rtableid = $2;
> - TAILQ_INIT(&currdom->import);
> - TAILQ_INIT(&currdom->export);
> - TAILQ_INIT(&currdom->net_l);
> - netconf = &currdom->net_l;
> - } '{' rdomainopts_l '}' {
> + free($2);
> + free($4);
> +
> + TAILQ_INIT(&curvpn->import);
> + TAILQ_INIT(&curvpn->export);
> + TAILQ_INIT(&curvpn->net_l);
> + curvpn->label = label;
> + curvpn->rtableid = rdomain;
> + netconf = &curvpn->net_l;
> + } '{' l3vpnopts_l '}' {
> /* insert into list */
> - SIMPLEQ_INSERT_TAIL(&conf->rdomains, currdom, entry);
> - currdom = NULL;
> + SIMPLEQ_INSERT_TAIL(&conf->l3vpns, curvpn, entry);
> + curvpn = NULL;
> netconf = &conf->networks;
> }
> ;
>
> -rdomainopts_l : /* empty */
> - | rdomainopts_l '\n'
> - | rdomainopts_l rdomainopts '\n'
> - | rdomainopts_l error '\n'
> +l3vpnopts_l : /* empty */
> + | l3vpnopts_l '\n'
> + | l3vpnopts_l l3vpnopts '\n'
> + | l3vpnopts_l error '\n'
> ;
>
> -rdomainopts : RD STRING {
> +l3vpnopts : RD STRING {
> struct filter_community ext;
> u_int64_t rd;
>
> @@ -1108,7 +1125,7 @@ rdomainopts : RD STRING {
> yyerror("bad encoding of rd");
> YYERROR;
> }
> - currdom->rd = htobe64(rd);
> + curvpn->rd = htobe64(rd);
> }
> | EXPORTTRGT STRING STRING {
> struct filter_set *set;
> @@ -1126,7 +1143,7 @@ rdomainopts : RD STRING {
> }
> free($3);
> free($2);
> - TAILQ_INSERT_TAIL(&currdom->export, set, entry);
> + TAILQ_INSERT_TAIL(&curvpn->export, set, entry);
> }
> | IMPORTTRGT STRING STRING {
> struct filter_set *set;
> @@ -1144,44 +1161,15 @@ rdomainopts : RD STRING {
> }
> free($3);
> free($2);
> - TAILQ_INSERT_TAIL(&currdom->import, set, entry);
> - }
> - | DESCR string {
> - if (strlcpy(currdom->descr, $2,
> - sizeof(currdom->descr)) >=
> - sizeof(currdom->descr)) {
> - yyerror("descr \"%s\" too long: max %zu",
> - $2, sizeof(currdom->descr) - 1);
> - free($2);
> - YYERROR;
> - }
> - free($2);
> + TAILQ_INSERT_TAIL(&curvpn->import, set, entry);
> }
> | FIBUPDATE yesno {
> if ($2 == 0)
> - currdom->flags |= F_RIB_NOFIBSYNC;
> + curvpn->flags |= F_RIB_NOFIBSYNC;
> else
> - currdom->flags &= ~F_RIB_NOFIBSYNC;
> + curvpn->flags &= ~F_RIB_NOFIBSYNC;
> }
> | network
> - | DEPEND ON STRING {
> - /* XXX this is a hack */
> - if ((cmd_opts & BGPD_OPT_NOACTION) == 0 &&
> - if_nametoindex($3) == 0) {
> - yyerror("interface %s does not exist", $3);
> - free($3);
> - YYERROR;
> - }
> - strlcpy(currdom->ifmpe, $3, IFNAMSIZ);
> - free($3);
> - /* XXX this is in the wrong place */
> - if ((cmd_opts & BGPD_OPT_NOACTION) == 0 &&
> - get_mpe_label(currdom)) {
> - yyerror("failed to get mpls label from %s",
> - currdom->ifmpe);
> - YYERROR;
> - }
> - }
> ;
>
> neighbor : { curpeer = new_peer(); }
> @@ -1350,30 +1338,23 @@ peeropts : REMOTEAS as4number {
> }
> curpeer->conf.min_holdtime = $3;
> }
> - | ANNOUNCE family STRING {
> + | ANNOUNCE family safi {
> u_int8_t aid, safi;
> - int8_t val = 1;
> + u_int16_t afi;
>
> - if (!strcmp($3, "none")) {
> - safi = SAFI_UNICAST;
> - val = 0;
> - } else if (!strcmp($3, "unicast")) {
> - safi = SAFI_UNICAST;
> - } else if (!strcmp($3, "vpn")) {
> - safi = SAFI_MPLSVPN;
> + if ($3 == SAFI_NONE) {
> + for (aid = 0; aid < AID_MAX; aid++) {
> + if (aid2afi(aid, &afi, &safi) == -1)
> + continue;
> + curpeer->conf.capabilities.mp[aid] = 0;
> + }
> } else {
> - yyerror("unknown/unsupported SAFI \"%s\"",
> - $3);
> - free($3);
> - YYERROR;
> - }
> - free($3);
> -
> - if (afi2aid($2, safi, &aid) == -1) {
> - yyerror("unknown AFI/SAFI pair");
> - YYERROR;
> + if (afi2aid($2, $3, &aid) == -1) {
> + yyerror("unknown AFI/SAFI pair");
> + YYERROR;
> + }
> + curpeer->conf.capabilities.mp[aid] = 1;
> }
> - curpeer->conf.capabilities.mp[aid] = val;
> }
> | ANNOUNCE CAPABILITIES yesno {
> curpeer->conf.announce_capa = $3;
> @@ -1717,6 +1698,11 @@ family : IPV4 { $$ = AFI_IPv4; }
> | IPV6 { $$ = AFI_IPv6; }
> ;
>
> +safi : NONE { $$ = SAFI_NONE; }
> + | UNICAST { $$ = SAFI_UNICAST; }
> + | VPN { $$ = SAFI_MPLSVPN; }
> + ;
> +
> nettype : STATIC { $$ = 1; },
> | CONNECTED { $$ = 0; }
> ;
> @@ -2880,6 +2866,7 @@ lookup(char *s)
> { "network", NETWORK},
> { "nexthop", NEXTHOP},
> { "no-modify", NOMODIFY},
> + { "none", NONE},
> { "on", ON},
> { "or-longer", LONGER},
> { "origin", ORIGIN},
> @@ -2900,7 +2887,6 @@ lookup(char *s)
> { "quick", QUICK},
> { "rd", RD},
> { "rde", RDE},
> - { "rdomain", RDOMAIN},
> { "refresh", REFRESH },
> { "reject", REJECT},
> { "remote-as", REMOTEAS},
> @@ -2924,7 +2910,9 @@ lookup(char *s)
> { "transit-as", TRANSITAS},
> { "transparent-as", TRANSPARENT},
> { "ttl-security", TTLSECURITY},
> + { "unicast", UNICAST},
> { "via", VIA},
> + { "vpn", VPN},
> { "weight", WEIGHT}
> };
> const struct keywords *p;
> @@ -3586,7 +3574,7 @@ parsecommunity(struct filter_community *
> return (0);
> }
>
> -int
> +static int
> parsesubtype(char *name, int *type, int *subtype)
> {
> const struct ext_comm_pairs *cp;
> Index: usr.sbin/bgpd/printconf.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/bgpd/printconf.c,v
> retrieving revision 1.127
> diff -u -p -r1.127 printconf.c
> --- usr.sbin/bgpd/printconf.c 4 Feb 2019 18:53:10 -0000 1.127
> +++ usr.sbin/bgpd/printconf.c 7 Feb 2019 10:11:19 -0000
> @@ -35,8 +35,8 @@ void print_community(struct filter_com
> void print_origin(u_int8_t);
> void print_set(struct filter_set_head *);
> void print_mainconf(struct bgpd_config *);
> -void print_rdomain_targets(struct filter_set_head *, const char *);
> -void print_rdomain(struct rdomain *);
> +void print_l3vpn_targets(struct filter_set_head *, const char *);
> +void print_l3vpn(struct l3vpn *);
> const char *print_af(u_int8_t);
> void print_network(struct network_config *, const char *);
> void print_as_sets(struct as_set_head *);
> @@ -378,7 +378,7 @@ print_mainconf(struct bgpd_config *conf)
> }
>
> void
> -print_rdomain_targets(struct filter_set_head *set, const char *tgt)
> +print_l3vpn_targets(struct filter_set_head *set, const char *tgt)
> {
> struct filter_set *s;
> TAILQ_FOREACH(s, set, entry) {
> @@ -389,27 +389,24 @@ print_rdomain_targets(struct filter_set_
> }
>
> void
> -print_rdomain(struct rdomain *r)
> +print_l3vpn(struct l3vpn *vpn)
> {
> struct network *n;
>
> - printf("rdomain %u {\n", r->rtableid);
> - if (*r->descr)
> - printf("\tdescr \"%s\"\n", r->descr);
> - if (r->flags & F_RIB_NOFIBSYNC)
> + printf("vpn \"%s\" on %s {\n", vpn->descr, vpn->ifmpe);
> + printf("\n\t%s\n", log_rd(vpn->rd));
> +
> + print_l3vpn_targets(&vpn->export, "export-target");
> + print_l3vpn_targets(&vpn->import, "import-target");
> +
> + if (vpn->flags & F_RIB_NOFIBSYNC)
> printf("\tfib-update no\n");
> else
> printf("\tfib-update yes\n");
> - printf("\tdepend on %s\n", r->ifmpe);
>
> - TAILQ_FOREACH(n, &r->net_l, entry)
> + TAILQ_FOREACH(n, &vpn->net_l, entry)
> print_network(&n->net, "\t");
>
> - printf("\n\t%s\n", log_rd(r->rd));
> -
> - print_rdomain_targets(&r->export, "export-target");
> - print_rdomain_targets(&r->import, "import-target");
> -
> printf("}\n");
> }
>
> @@ -958,12 +955,12 @@ void
> print_config(struct bgpd_config *conf, struct rib_names *rib_l,
> struct network_head *net_l, struct peer *peer_l,
> struct filter_head *rules_l, struct mrt_head *mrt_l,
> - struct rdomain_head *rdom_l)
> + struct l3vpn_head *vpns_l)
> {
> struct filter_rule *r;
> struct network *n;
> struct rde_rib *rr;
> - struct rdomain *rd;
> + struct l3vpn *vpn;
>
> print_mainconf(conf);
> print_roa(&conf->roa);
> @@ -972,10 +969,10 @@ print_config(struct bgpd_config *conf, s
> print_originsets(&conf->originsets);
> TAILQ_FOREACH(n, net_l, entry)
> print_network(&n->net, "");
> - if (!SIMPLEQ_EMPTY(rdom_l))
> + if (!SIMPLEQ_EMPTY(vpns_l))
> printf("\n");
> - SIMPLEQ_FOREACH(rd, rdom_l, entry)
> - print_rdomain(rd);
> + SIMPLEQ_FOREACH(vpn, vpns_l, entry)
> + print_l3vpn(vpn);
> printf("\n");
> SIMPLEQ_FOREACH(rr, rib_l, entry) {
> if (rr->flags & F_RIB_NOEVALUATE)
> Index: usr.sbin/bgpd/rde.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/bgpd/rde.c,v
> retrieving revision 1.461
> diff -u -p -r1.461 rde.c
> --- usr.sbin/bgpd/rde.c 21 Jan 2019 02:07:56 -0000 1.461
> +++ usr.sbin/bgpd/rde.c 7 Feb 2019 10:11:19 -0000
> @@ -75,7 +75,7 @@ void rde_dump_ctx_throttle(pid_t, int)
> void rde_dump_ctx_terminate(pid_t);
> void rde_dump_mrt_new(struct mrt *, pid_t, int);
>
> -int rde_rdomain_import(struct rde_aspath *, struct rdomain *);
> +int rde_l3vpn_import(struct rde_aspath *, struct l3vpn *);
> void rde_reload_done(void);
> static void rde_softreconfig_in_done(void *, u_int8_t);
> static void rde_softreconfig_out_done(void *, u_int8_t);
> @@ -124,7 +124,7 @@ struct rde_prefixset_head originsets_old
> struct rde_prefixset roa_old;
> struct as_set_head *as_sets_tmp, *as_sets_old;
> struct filter_head *out_rules, *out_rules_tmp;
> -struct rdomain_head *rdomains_l, *newdomains;
> +struct l3vpn_head *l3vpns_l, *newdomains;
> struct imsgbuf *ibuf_se;
> struct imsgbuf *ibuf_se_ctl;
> struct imsgbuf *ibuf_main;
> @@ -227,10 +227,10 @@ rde_main(int debug, int verbose)
> fatal(NULL);
> TAILQ_INIT(out_rules);
>
> - rdomains_l = calloc(1, sizeof(struct rdomain_head));
> - if (rdomains_l == NULL)
> + l3vpns_l = calloc(1, sizeof(struct l3vpn_head));
> + if (l3vpns_l == NULL)
> fatal(NULL);
> - SIMPLEQ_INIT(rdomains_l);
> + SIMPLEQ_INIT(l3vpns_l);
>
> if ((conf = calloc(1, sizeof(struct bgpd_config))) == NULL)
> fatal(NULL);
> @@ -675,7 +675,7 @@ rde_dispatch_imsg_parent(struct imsgbuf
> static struct rde_prefixset *last_prefixset;
> static struct as_set *last_as_set;
> static struct set_table *last_set;
> - static struct rdomain *rd;
> + static struct l3vpn *vpn;
> struct imsg imsg;
> struct mrt xmrt;
> struct rde_rib rn;
> @@ -764,7 +764,7 @@ rde_dispatch_imsg_parent(struct imsgbuf
> if (out_rules_tmp == NULL)
> fatal(NULL);
> TAILQ_INIT(out_rules_tmp);
> - newdomains = calloc(1, sizeof(struct rdomain_head));
> + newdomains = calloc(1, sizeof(struct l3vpn_head));
> if (newdomains == NULL)
> fatal(NULL);
> SIMPLEQ_INIT(newdomains);
> @@ -948,34 +948,34 @@ rde_dispatch_imsg_parent(struct imsgbuf
> set_prep(last_as_set->set);
> last_as_set = NULL;
> break;
> - case IMSG_RECONF_RDOMAIN:
> + case IMSG_RECONF_VPN:
> if (imsg.hdr.len - IMSG_HEADER_SIZE !=
> - sizeof(struct rdomain))
> - fatalx("IMSG_RECONF_RDOMAIN bad len");
> - if ((rd = malloc(sizeof(struct rdomain))) == NULL)
> + sizeof(struct l3vpn))
> + fatalx("IMSG_RECONF_VPN bad len");
> + if ((vpn = malloc(sizeof(struct l3vpn))) == NULL)
> fatal(NULL);
> - memcpy(rd, imsg.data, sizeof(struct rdomain));
> - TAILQ_INIT(&rd->import);
> - TAILQ_INIT(&rd->export);
> - SIMPLEQ_INSERT_TAIL(newdomains, rd, entry);
> + memcpy(vpn, imsg.data, sizeof(struct l3vpn));
> + TAILQ_INIT(&vpn->import);
> + TAILQ_INIT(&vpn->export);
> + SIMPLEQ_INSERT_TAIL(newdomains, vpn, entry);
> break;
> - case IMSG_RECONF_RDOMAIN_EXPORT:
> - if (rd == NULL) {
> + case IMSG_RECONF_VPN_EXPORT:
> + if (vpn == NULL) {
> log_warnx("rde_dispatch_imsg_parent: "
> - "IMSG_RECONF_RDOMAIN_EXPORT unexpected");
> + "IMSG_RECONF_VPN_EXPORT unexpected");
> break;
> }
> - parent_set = &rd->export;
> + parent_set = &vpn->export;
> break;
> - case IMSG_RECONF_RDOMAIN_IMPORT:
> - if (rd == NULL) {
> + case IMSG_RECONF_VPN_IMPORT:
> + if (vpn == NULL) {
> log_warnx("rde_dispatch_imsg_parent: "
> - "IMSG_RECONF_RDOMAIN_IMPORT unexpected");
> + "IMSG_RECONF_VPN_IMPORT unexpected");
> break;
> }
> - parent_set = &rd->import;
> + parent_set = &vpn->import;
> break;
> - case IMSG_RECONF_RDOMAIN_DONE:
> + case IMSG_RECONF_VPN_DONE:
> parent_set = NULL;
> break;
> case IMSG_RECONF_DRAIN:
> @@ -2530,7 +2530,7 @@ rde_dump_mrt_new(struct mrt *mrt, pid_t
> * kroute specific functions
> */
> int
> -rde_rdomain_import(struct rde_aspath *asp, struct rdomain *rd)
> +rde_l3vpn_import(struct rde_aspath *asp, struct l3vpn *rd)
> {
> struct filter_set *s;
>
> @@ -2548,7 +2548,7 @@ rde_send_kroute(struct rib *rib, struct
> struct bgpd_addr addr;
> struct prefix *p;
> struct rde_aspath *asp;
> - struct rdomain *rd;
> + struct l3vpn *vpn;
> enum imsg_type type;
>
> /*
> @@ -2588,8 +2588,8 @@ rde_send_kroute(struct rib *rib, struct
> /* not Loc-RIB, no update for VPNs */
> break;
>
> - SIMPLEQ_FOREACH(rd, rdomains_l, entry) {
> - if (!rde_rdomain_import(asp, rd))
> + SIMPLEQ_FOREACH(vpn, l3vpns_l, entry) {
> + if (!rde_l3vpn_import(asp, vpn))
> continue;
> /* must send exit_nexthop so that correct MPLS tunnel
> * is chosen
> @@ -2599,8 +2599,8 @@ rde_send_kroute(struct rib *rib, struct
> &prefix_nexthop(p)->exit_nexthop,
> sizeof(kr.nexthop));
> /* XXX not ideal but this will change */
> - kr.ifindex = if_nametoindex(rd->ifmpe);
> - if (imsg_compose(ibuf_main, type, rd->rtableid, 0, -1,
> + kr.ifindex = if_nametoindex(vpn->ifmpe);
> + if (imsg_compose(ibuf_main, type, vpn->rtableid, 0, -1,
> &kr, sizeof(kr)) == -1)
> fatal("%s %d imsg_compose error", __func__,
> __LINE__);
> @@ -2881,7 +2881,7 @@ rde_send_nexthop(struct bgpd_addr *next,
> void
> rde_reload_done(void)
> {
> - struct rdomain *rd;
> + struct l3vpn *vpn;
> struct rde_peer *peer;
> struct filter_head *fh;
> u_int16_t rid;
> @@ -2923,15 +2923,15 @@ rde_reload_done(void)
> peerself->conf.remote_masklen = 32;
> peerself->short_as = conf->short_as;
>
> - /* apply new set of rdomain, sync will be done later */
> - while ((rd = SIMPLEQ_FIRST(rdomains_l)) != NULL) {
> - SIMPLEQ_REMOVE_HEAD(rdomains_l, entry);
> - filterset_free(&rd->import);
> - filterset_free(&rd->export);
> - free(rd);
> + /* apply new set of l3vpn, sync will be done later */
> + while ((vpn = SIMPLEQ_FIRST(l3vpns_l)) != NULL) {
> + SIMPLEQ_REMOVE_HEAD(l3vpns_l, entry);
> + filterset_free(&vpn->import);
> + filterset_free(&vpn->export);
> + free(vpn);
> }
> - free(rdomains_l);
> - rdomains_l = newdomains;
> + free(l3vpns_l);
> + l3vpns_l = newdomains;
> /* XXX WHERE IS THE SYNC ??? */
>
> /* check if roa changed */
> @@ -3687,7 +3687,7 @@ void
> network_add(struct network_config *nc, int flagstatic)
> {
> struct filterstate state;
> - struct rdomain *rd;
> + struct l3vpn *vpn;
> struct rde_aspath *asp;
> struct filter_set_head *vpnset = NULL;
> in_addr_t prefix4;
> @@ -3695,44 +3695,44 @@ network_add(struct network_config *nc, i
> u_int8_t vstate;
> u_int16_t i;
>
> - if (nc->rtableid != conf->default_tableid) {
> - SIMPLEQ_FOREACH(rd, rdomains_l, entry) {
> - if (rd->rtableid != nc->rtableid)
> + if (nc->rd != 0) {
> + SIMPLEQ_FOREACH(vpn, l3vpns_l, entry) {
> + if (vpn->rd != nc->rd)
> continue;
> switch (nc->prefix.aid) {
> case AID_INET:
> prefix4 = nc->prefix.v4.s_addr;
> bzero(&nc->prefix, sizeof(nc->prefix));
> nc->prefix.aid = AID_VPN_IPv4;
> - nc->prefix.vpn4.rd = rd->rd;
> + nc->prefix.vpn4.rd = vpn->rd;
> nc->prefix.vpn4.addr.s_addr = prefix4;
> nc->prefix.vpn4.labellen = 3;
> nc->prefix.vpn4.labelstack[0] =
> - (rd->label >> 12) & 0xff;
> + (vpn->label >> 12) & 0xff;
> nc->prefix.vpn4.labelstack[1] =
> - (rd->label >> 4) & 0xff;
> + (vpn->label >> 4) & 0xff;
> nc->prefix.vpn4.labelstack[2] =
> - (rd->label << 4) & 0xf0;
> + (vpn->label << 4) & 0xf0;
> nc->prefix.vpn4.labelstack[2] |= BGP_MPLS_BOS;
> - vpnset = &rd->export;
> + vpnset = &vpn->export;
> break;
> case AID_INET6:
> memcpy(&prefix6, &nc->prefix.v6.s6_addr,
> sizeof(struct in6_addr));
> memset(&nc->prefix, 0, sizeof(nc->prefix));
> nc->prefix.aid = AID_VPN_IPv6;
> - nc->prefix.vpn6.rd = rd->rd;
> + nc->prefix.vpn6.rd = vpn->rd;
> memcpy(&nc->prefix.vpn6.addr.s6_addr, &prefix6,
> sizeof(struct in6_addr));
> nc->prefix.vpn6.labellen = 3;
> nc->prefix.vpn6.labelstack[0] =
> - (rd->label >> 12) & 0xff;
> + (vpn->label >> 12) & 0xff;
> nc->prefix.vpn6.labelstack[1] =
> - (rd->label >> 4) & 0xff;
> + (vpn->label >> 4) & 0xff;
> nc->prefix.vpn6.labelstack[2] =
> - (rd->label << 4) & 0xf0;
> + (vpn->label << 4) & 0xf0;
> nc->prefix.vpn6.labelstack[2] |= BGP_MPLS_BOS;
> - vpnset = &rd->export;
> + vpnset = &vpn->export;
> break;
> default:
> log_warnx("unable to VPNize prefix");
> @@ -3741,10 +3741,11 @@ network_add(struct network_config *nc, i
> }
> break;
> }
> - if (rd == NULL) {
> + if (vpn == NULL) {
> log_warnx("network_add: "
> - "prefix %s/%u in non-existing rdomain %u",
> - log_addr(&nc->prefix), nc->prefixlen, nc->rtableid);
> + "prefix %s/%u in non-existing l3vpn %s",
> + log_addr(&nc->prefix), nc->prefixlen,
> + log_rd(nc->rd));
> return;
> }
> }
> @@ -3789,29 +3790,29 @@ network_add(struct network_config *nc, i
> void
> network_delete(struct network_config *nc)
> {
> - struct rdomain *rd;
> + struct l3vpn *vpn;
> in_addr_t prefix4;
> struct in6_addr prefix6;
> u_int32_t i;
>
> - if (nc->rtableid) {
> - SIMPLEQ_FOREACH(rd, rdomains_l, entry) {
> - if (rd->rtableid != nc->rtableid)
> + if (nc->rd) {
> + SIMPLEQ_FOREACH(vpn, l3vpns_l, entry) {
> + if (vpn->rd != nc->rd)
> continue;
> switch (nc->prefix.aid) {
> case AID_INET:
> prefix4 = nc->prefix.v4.s_addr;
> bzero(&nc->prefix, sizeof(nc->prefix));
> nc->prefix.aid = AID_VPN_IPv4;
> - nc->prefix.vpn4.rd = rd->rd;
> + nc->prefix.vpn4.rd = vpn->rd;
> nc->prefix.vpn4.addr.s_addr = prefix4;
> nc->prefix.vpn4.labellen = 3;
> nc->prefix.vpn4.labelstack[0] =
> - (rd->label >> 12) & 0xff;
> + (vpn->label >> 12) & 0xff;
> nc->prefix.vpn4.labelstack[1] =
> - (rd->label >> 4) & 0xff;
> + (vpn->label >> 4) & 0xff;
> nc->prefix.vpn4.labelstack[2] =
> - (rd->label << 4) & 0xf0;
> + (vpn->label << 4) & 0xf0;
> nc->prefix.vpn4.labelstack[2] |= BGP_MPLS_BOS;
> break;
> case AID_INET6:
> @@ -3819,16 +3820,16 @@ network_delete(struct network_config *nc
> sizeof(struct in6_addr));
> memset(&nc->prefix, 0, sizeof(nc->prefix));
> nc->prefix.aid = AID_VPN_IPv6;
> - nc->prefix.vpn6.rd = rd->rd;
> + nc->prefix.vpn6.rd = vpn->rd;
> memcpy(&nc->prefix.vpn6.addr.s6_addr, &prefix6,
> sizeof(struct in6_addr));
> nc->prefix.vpn6.labellen = 3;
> nc->prefix.vpn6.labelstack[0] =
> - (rd->label >> 12) & 0xff;
> + (vpn->label >> 12) & 0xff;
> nc->prefix.vpn6.labelstack[1] =
> - (rd->label >> 4) & 0xff;
> + (vpn->label >> 4) & 0xff;
> nc->prefix.vpn6.labelstack[2] =
> - (rd->label << 4) & 0xf0;
> + (vpn->label << 4) & 0xf0;
> nc->prefix.vpn6.labelstack[2] |= BGP_MPLS_BOS;
> break;
> default:
> Index: usr.sbin/bgpd/session.h
> ===================================================================
> RCS file: /cvs/src/usr.sbin/bgpd/session.h,v
> retrieving revision 1.128
> diff -u -p -r1.128 session.h
> --- usr.sbin/bgpd/session.h 20 Jan 2019 23:27:48 -0000 1.128
> +++ usr.sbin/bgpd/session.h 7 Feb 2019 10:11:19 -0000
> @@ -248,7 +248,7 @@ int carp_demote_set(char *, int);
> int merge_config(struct bgpd_config *, struct bgpd_config *,
> struct peer *);
> int prepare_listeners(struct bgpd_config *);
> -int get_mpe_label(struct rdomain *);
> +int get_mpe_config(const char *, u_int *, u_int *);
>
> /* control.c */
> int control_check(char *);
> @@ -285,7 +285,7 @@ int pfkey_init(struct bgpd_sysdep *);
> /* printconf.c */
> void print_config(struct bgpd_config *, struct rib_names *,
> struct network_head *, struct peer *, struct filter_head *,
> - struct mrt_head *, struct rdomain_head *);
> + struct mrt_head *, struct l3vpn_head *);
>
> /* rde.c */
> void rde_main(int, int);
>
