Merge pull request #9164 from pguibert6WIND/flowspec_vrflite_shortcut

bgpd: flowspec redirect vrf uses vrf table instead of allocated table id

bgpd/bgp_pbr.c

@@ -2292,6 +2292,7 @@ static void bgp_pbr_policyroute_add_to_zebra_unit(struct bgp *bgp,
 	struct bgp_pbr_rule *bpr;
 	bool bpr_found = false;
 	bool bpme_found = false;
+	struct vrf *vrf = NULL;
 
 	if (!bpf)
 		return;
@@ -2313,6 +2314,8 @@ static void bgp_pbr_policyroute_add_to_zebra_unit(struct bgp *bgp,
 	bpa = hash_get(bgp->pbr_action_hash, &temp3,
 		       bgp_pbr_action_alloc_intern);
 
+	if (nh)
+		vrf = vrf_lookup_by_id(nh->vrf_id);
 	if (bpa->fwmark == 0) {
 		/* drop is handled by iptable */
 		if (nh && nh->type == NEXTHOP_TYPE_BLACKHOLE) {
@@ -2320,7 +2323,14 @@ static void bgp_pbr_policyroute_add_to_zebra_unit(struct bgp *bgp,
 			bpa->installed = true;
 		} else {
 			bpa->fwmark = bgp_zebra_tm_get_id();
-			bpa->table_id = bpa->fwmark;
+			/* if action is redirect-vrf, then
+			 * use directly table_id of vrf
+			 */
+			if (nh && vrf && !vrf_is_backend_netns()
+			    && bpf->vrf_id != vrf->vrf_id)
+				bpa->table_id = vrf->data.l.table_id;
+			else
+				bpa->table_id = bpa->fwmark;
 			bpa->installed = false;
 		}
 		bpa->bgp = bgp;

bgpd/bgp_zebra.c

@@ -3316,6 +3316,13 @@ void bgp_zebra_announce_default(struct bgp *bgp, struct nexthop *nh,
 		    && nh->type != NEXTHOP_TYPE_IPV6)
 	    || nh->vrf_id == VRF_UNKNOWN)
 		return;
+
+	/* in vrf-lite, no default route has to be announced
+	 * the table id of vrf is directly used to divert traffic
+	 */
+	if (!vrf_is_backend_netns() && bgp->vrf_id != nh->vrf_id)
+		return;
+
 	memset(&p, 0, sizeof(struct prefix));
 	if (afi != AFI_IP && afi != AFI_IP6)
 		return;