0xPop

Cargo.toml

@@ -57,11 +57,11 @@ serde_repr = "0.1"
 anyhow = "1.0.82"
 hyper = "0.14.28"
 serde_json = "1.0.116"
-libnet = { git = "https://github.com/oxidecomputer/netadm-sys", branch = "main" }
 percent-encoding = "2.3.1"
+libnet = { git = "https://github.com/oxidecomputer/netadm-sys", branch = "compile-macos" }
 reqwest = { version = "0.11", features = ["json", "stream", "rustls-tls"] }
 progenitor = { git = "https://github.com/oxidecomputer/progenitor", branch = "main" }
-clap = { version = "4.5.4", features = ["derive", "unstable-styles"] }
+clap = { version = "4.5.4", features = ["derive", "unstable-styles", "env"] }
 tabwriter = { version = "1", features = ["ansi_formatting"] }
 colored = "2.1"
 ctrlc = { version = "3.4.4", features = ["termination"] }
@@ -86,14 +86,17 @@ omicron-common = { git = "https://github.com/oxidecomputer/omicron", branch= "ma
 internal-dns = { git = "https://github.com/oxidecomputer/omicron", branch = "main"}
 uuid = { version = "1.8", features = ["serde", "v4"] }
 smf = { git = "https://github.com/illumos/smf-rs", branch = "main" }
+libc = "0.2"
+itertools = "0.12"
+rhai = { version = "1", features = ["metadata", "sync"] }
 
 [workspace.dependencies.opte-ioctl]
 git = "https://github.com/oxidecomputer/opte"
-branch = "master"
+rev = "7ee353a470ea59529ee1b34729681da887aa88ce"
 
 [workspace.dependencies.oxide-vpc]
 git = "https://github.com/oxidecomputer/opte"
-branch = "master"
+rev = "7ee353a470ea59529ee1b34729681da887aa88ce"
 
 [workspace.dependencies.dpd-client]
 git = "https://github.com/oxidecomputer/dendrite"
@@ -104,3 +107,6 @@ package = "dpd-client"
 git = "https://github.com/oxidecomputer/dendrite"
 branch = "main"
 package = "common"
+
+[patch."https://github.com/oxidecomputer/netadm-sys"]
+libnet = { git = "https://www.github.com/oxidecomputer/netadm-sys.git", branch = "main" }

bfd/src/sm.rs

@@ -438,15 +438,7 @@ impl State for Down {
         db: rdb::Db,
         counters: Arc<SessionCounters>,
     ) -> Result<(Box<dyn State>, BfdEndpoint)> {
-        match self.peer {
-            IpAddr::V4(addr) => db.disable_nexthop4(addr),
-            IpAddr::V6(addr) => {
-                warn!(
-                    self.log,
-                    "{addr} is down but active mode ipv6 not implemented yet"
-                )
-            }
-        }
+        db.disable_nexthop(self.peer);
         loop {
             // Get an incoming message
             let (_addr, msg) = match self.recv(
@@ -605,15 +597,7 @@ impl State for Up {
         db: rdb::Db,
         counters: Arc<SessionCounters>,
     ) -> Result<(Box<dyn State>, BfdEndpoint)> {
-        match self.peer {
-            IpAddr::V4(addr) => db.enable_nexthop4(addr),
-            IpAddr::V6(addr) => {
-                warn!(
-                    self.log,
-                    "{addr} is up but active mode ipv6 not implemented yet"
-                )
-            }
-        }
+        db.enable_nexthop(self.peer);
         loop {
             // Get an incoming message
             let (_addr, msg) = match self.recv(

bgp/Cargo.toml

@@ -17,6 +17,9 @@ sled.workspace = true
 anyhow.workspace = true
 mg-common.workspace = true
 chrono.workspace = true
+libc.workspace = true
+socket2.workspace = true
+rhai.workspace = true
 
 [dev-dependencies]
 pretty-hex.workspace = true

bgp/policy/policy-check0.rhai

@@ -0,0 +1,14 @@
+fn open(message, asn, addr) {
+    if !message.has_capability(CapabilityCode::FourOctetAs) {
+        return CheckerResult::Drop;
+    }
+    CheckerResult::Accept
+}
+
+fn update(message, asn, addr) {
+    // drop no-export community
+    if message.has_community(0xFFFFFF01) {
+        return CheckerResult::Drop;
+    }
+    CheckerResult::Accept
+}

bgp/policy/policy-shape0.rhai

@@ -0,0 +1,13 @@
+fn open(message, asn, addr) {
+    if asn == 100 {
+        message.add_four_octet_as(74);
+    }
+    message.emit()
+}
+
+fn update(message, asn, addr) {
+    if asn == 100 {
+        message.add_community(1701);
+    }
+    message.emit()
+}

bgp/policy/shape-prefix0.rhai

@@ -0,0 +1,11 @@
+fn open(message, asn, addr) {
+    message.emit()
+}
+
+fn update(message, asn, addr) {
+    if asn == 65402 {
+        // Apply a filter on both NLRI elements and withdraw elements
+        message.prefix_filter(|prefix| prefix.within("10.128.0.0/16"));
+    }
+    message.emit()
+}

bgp/src/clock.rs

@@ -23,20 +23,28 @@ pub struct Clock {
 
 pub struct ClockTimers {
     /// How long to wait between connection attempts.
-    pub connect_retry_timer: Timer,
+    pub connect_retry_timer: Mutex<Timer>,
+
+    /// Configured keepliave timer interval. May be distinct from actual
+    /// keepalive interval depending on session parameter negotiation.
+    pub keepalive_configured_interval: Mutex<Duration>,
 
     /// Time between sending keepalive messages.
-    pub keepalive_timer: Timer,
+    pub keepalive_timer: Mutex<Timer>,
+
+    /// Configured hold timer interval. May be distinct from actual keepalive
+    /// interval depending on session parameter negotiation.
+    pub hold_configured_interval: Mutex<Duration>,
 
     /// How long to keep a session alive between keepalive, update and/or
     /// notification messages.
-    pub hold_timer: Timer,
+    pub hold_timer: Mutex<Timer>,
 
     /// Amount of time that a peer is held in the idle state.
-    pub idle_hold_timer: Timer,
+    pub idle_hold_timer: Mutex<Timer>,
 
     /// Interval to wait before sending out an open message.
-    pub delay_open_timer: Timer,
+    pub delay_open_timer: Mutex<Timer>,
 }
 
 impl Clock {
@@ -53,11 +61,13 @@ impl Clock {
     ) -> Self {
         let shutdown = Arc::new(AtomicBool::new(false));
         let timers = Arc::new(ClockTimers {
-            connect_retry_timer: Timer::new(connect_retry_interval),
-            keepalive_timer: Timer::new(keepalive_interval),
-            hold_timer: Timer::new(hold_interval),
-            idle_hold_timer: Timer::new(idle_hold_interval),
-            delay_open_timer: Timer::new(delay_open_interval),
+            connect_retry_timer: Mutex::new(Timer::new(connect_retry_interval)),
+            keepalive_configured_interval: Mutex::new(keepalive_interval),
+            keepalive_timer: Mutex::new(Timer::new(keepalive_interval)),
+            hold_configured_interval: Mutex::new(hold_interval),
+            hold_timer: Mutex::new(Timer::new(hold_interval)),
+            idle_hold_timer: Mutex::new(Timer::new(idle_hold_interval)),
+            delay_open_timer: Mutex::new(Timer::new(delay_open_interval)),
         });
         let join_handle = Arc::new(Self::run(
             resolution,
@@ -98,35 +108,35 @@ impl Clock {
     ) {
         Self::step(
             resolution,
-            &timers.connect_retry_timer,
+            &timers.connect_retry_timer.lock().unwrap(),
             FsmEvent::ConnectRetryTimerExpires,
             s.clone(),
             &log,
         );
         Self::step(
             resolution,
-            &timers.keepalive_timer,
+            &timers.keepalive_timer.lock().unwrap(),
             FsmEvent::KeepaliveTimerExpires,
             s.clone(),
             &log,
         );
         Self::step(
             resolution,
-            &timers.hold_timer,
+            &timers.hold_timer.lock().unwrap(),
             FsmEvent::HoldTimerExpires,
             s.clone(),
             &log,
         );
         Self::step(
             resolution,
-            &timers.idle_hold_timer,
+            &timers.idle_hold_timer.lock().unwrap(),
             FsmEvent::IdleHoldTimerExpires,
             s.clone(),
             &log,
         );
         Self::step(
             resolution,
-            &timers.delay_open_timer,
+            &timers.delay_open_timer.lock().unwrap(),
             FsmEvent::DelayOpenTimerExpires,
             s.clone(),
             &log,

bgp/src/connection.rs

@@ -12,6 +12,15 @@ use std::sync::mpsc::Sender;
 use std::sync::{Arc, Mutex};
 use std::time::Duration;
 
+#[cfg(target_os = "linux")]
+pub const MAX_MD5SIG_KEYLEN: usize = libc::TCP_MD5SIG_MAXKEYLEN;
+
+#[cfg(target_os = "illumos")]
+pub const MAX_MD5SIG_KEYLEN: usize = 80;
+
+#[cfg(target_os = "macos")]
+pub const MAX_MD5SIG_KEYLEN: usize = 80;
+
 /// Implementors of this trait listen to and accept BGP connections.
 pub trait BgpListener<Cnx: BgpConnection> {
     /// Bind to an address and listen for connections.
@@ -48,6 +57,8 @@ pub trait BgpConnection: Send + Clone {
         &self,
         event_tx: Sender<FsmEvent<Self>>,
         timeout: Duration,
+        min_ttl: Option<u8>,
+        md5_key: Option<String>,
     ) -> Result<(), Error>
     where
         Self: Sized;
@@ -61,4 +72,12 @@ pub trait BgpConnection: Send + Clone {
 
     // Return the local address being used for the connection.
     fn local(&self) -> Option<SocketAddr>;
+
+    fn set_min_ttl(&self, ttl: u8) -> Result<(), Error>;
+
+    fn set_md5_sig(
+        &self,
+        keylen: u16,
+        key: [u8; MAX_MD5SIG_KEYLEN],
+    ) -> Result<(), Error>;
 }

bgp/src/connection_channel.rs

@@ -7,7 +7,7 @@
 /// code in this file is to implement BgpListener and BgpConnection such that
 /// the core functionality of the BGP upper-half in `session.rs` may be tested
 /// rapidly using a simulated network.
-use crate::connection::{BgpConnection, BgpListener};
+use crate::connection::{BgpConnection, BgpListener, MAX_MD5SIG_KEYLEN};
 use crate::error::Error;
 use crate::messages::Message;
 use crate::session::FsmEvent;
@@ -159,6 +159,8 @@ impl BgpConnection for BgpConnectionChannel {
         &self,
         event_tx: Sender<FsmEvent<Self>>,
         timeout: Duration,
+        _ttl_sec: Option<u8>,
+        _md5_key: Option<String>,
     ) -> Result<(), Error> {
         debug!(self.log, "[{}] connecting", self.peer);
         let (local, remote) = channel();
@@ -209,6 +211,18 @@ impl BgpConnection for BgpConnectionChannel {
     fn local(&self) -> Option<SocketAddr> {
         Some(self.addr)
     }
+
+    fn set_min_ttl(&self, _ttl: u8) -> Result<(), Error> {
+        Ok(())
+    }
+
+    fn set_md5_sig(
+        &self,
+        _keylen: u16,
+        _key: [u8; MAX_MD5SIG_KEYLEN],
+    ) -> Result<(), Error> {
+        Ok(())
+    }
 }
 
 impl BgpConnectionChannel {