Store a parsed and built graph of the CLI nodes in vtysh, rather than
parsing and building that graph every time vtysh starts up.
This provides a 3x to 5x reduction in vtysh startup overhead:
`vtysh -c 'configure' -c 'interface lo' -c 'do show version'`
- before: 92.9M cycles, 1114 samples
- after: 16.5M cycles, 330 samples
This improvement is particularly visible for users scripting `vtysh -c`
calls, which notably includes topotests.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
There is entirely no point to these being conditional. And pull them up
so the upcoming pre-parse code can work on a clean slate.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
The command graph has its tail end nodes pointing at the
`struct cmd_element` rather than a `struct cmd_token`. This is a bit
weird to begin with, but becomes very annoying for the python bindings
where there is just no `struct cmd_element`.
Create a `CMD_ELEMENT_TKN` type for `cmd_token` instead, and replace the
tail end token in the python bindings with an instance of that.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Expose all of the struct members of cmd_token, and retrieve them
dynamically rather than copying them around. The problem with copying
them is that they can change as a result of merge(), and if there is an
existing wrapper object around it will not have its copy updated to
match.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
FORK_TKN's join node is already exposed, mirror to expose JOIN_TKN's
fork node.
(contains minor cleanup to make checkpatch.pl shut up)
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
The number of nodes in a graph will change as soon as cmd_graph_merge is
supported as an operation, therefore size this dynamically.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Use alloced=0 to indicate that the array used in a vector is not in fact
dynamically allocated memory (yet).
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Add definition of `TCP_MD5SIG_MAXKEYLEN` in the `sockopt.h` header so
users of it have the definition of the maximum key length for socket
authentication operations.
The following OSes reported failure in CI while building:
- NetBSD 8
- FreeBSD 11
- FreeBSD 12
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
Move flex_algo_delete() content into isis_instance_flex_algo_destroy()
because it is called only once.
Rename _flex_algo_delete to flex_algo_free()
Cosmetic change.
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Correct FRR startup counts on a daemon's vty socket to be open when the
parent process exits. The parent process waits for `frr_check_detach()`
to be called by the child before exiting. The problem is when the
`FRR_MANUAL_VTY_START` flag is set the vty socket was not opened but
`frr_check_detach()` was called anyway.
Instead add a bool option for `frr_check_detach()` to be called when the
socket is opened with `frr_vty_serv_start()`, and do so when "manually"
calling said function (i.e., when FRR_MANUAL_VTY_START is set).
The `FRR_MANUAL_VTY_START` flag is only set by mgmtd. The reason we
wait to open the vty socket is so that mgmtd can parse the various
daemon specific config files it has taken over, after the event loop has
started, but before we receive any possible new config from `vtysh`.
fixes#16362
Signed-off-by: Christian Hopps <chopps@labn.net>
Moved all existing global/vrf PIM config to the new subnode.
Existing configuration updated to be hidden and deprecated.
Both versions of configuration still work together.
Signed-off-by: Nathan Bahr <nbahr@atcorp.com>
According to draft-ietf-lsr-isis-srv6-extensions draft,
the End SID should be available in link state prefix
information.
Add the SID information in the link state prefix, by
getting the END SID from the locator TLV information.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
It's not immediately obvious what exactly the `frr_*dir` variables
exported from lib/libfrr.c are for. Add a little text each to clarify.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
1. On P2MP interfaces, direct ack would include the same LSA multiple times
multiple packets are processed before the OSPF interfae direct LSA
acknowledgment event is processed. Now duplicates LSA in the same event
are suppressed.
2. On non-broadcast interfaces, direct acks for multiple neighbors would be
unicast to the same neighbor due to the multiple OSPF LS Update packets
being process prior to the OSPF interface direct ack event. Now, separate
direct acks are unicast to the neighbors requiring them.
3. The interface delayed acknowledgment timer runs would run continously
(every second as long as the interace is up). Now, the timer is set
when delayed acknowledgments are queued and all queued delayed
acknowledges are sent when it fires.
4. For non-broadcast interface delayed acknowledgments, the logic to send
to multiple neighbors wasn't working because the list was emptied while
building the packet for the first neighbor.
Signed-off-by: Acee Lindem <acee@lindem.com>
Add a new start option "-K" to libfrr to denote a graceful start,
and use it in zebra and bgpd.
zebra will use this option to denote a planned FRR graceful restart
(supporting only bgpd currently) to wait for a route sync completion
from bgpd before cleaning up old stale routes from the FIB. An optional
timer provides an upper-bounds for this cleanup.
bgpd will use this option to denote either a planned FRR graceful
restart or a bgpd-only graceful restart, and this will drive the BGP
GR restarting router procedures.
Signed-off-by: Vivek Venkatraman <vivek@nvidia.com>
The current OSPF neighbor retransmission operates on a single per-neighbor
periodic timer that sends all LSAs on the list when it expires.
Additionally, since it skips the first retransmission of received LSAs so
that at least the retransmission interval (resulting in a delay of between
the retransmission interval and twice the interval. In environments where
the links are lossy on P2MP networks with "delay-reflood" configured (which
relies on neighbor retransmission in partial meshs), the implementation
is sub-optimal (to say the least).
This commit reimplements OSPF neighbor retransmission as follows:
1. A new data structure making use the application managed
typesafe.h doubly linked list implements an OSPF LSA
list where each node includes a timestamp.
2. The existing neighbor LS retransmission LSDB data structure
is augmented with a pointer to the list node on the LSA
list to faciliate O(1) removal when the LSA is acknowledged.
3. The neighbor LS retransmission timer is set to the expiration
timer of the LSA at the top of the list.
4. When the timer expires, LSAs are retransmitted that within
the window of the current time and a small delta (50 milli-secs
default). The LSAs that are retransmited are given an updated
retransmission time and moved to the end of the LSA list.
5. Configuration is added to set the "retransmission-window" to a
value other than 50 milliseconds.
6. Neighbor and interface LSA retransmission counters are added
to provide insight into the lossiness of the links. However,
these will increment quickly on non-fully meshed P2MP networks
with "delay-reflood" configured.
7. Added a topotest to exercise the implementation on a non-fully
meshed P2MP network with "delay-reflood" configured. The
alternative was to use existing mechanisms to instroduce loss
but these seem less determistic in a topotest.
Signed-off-by: Acee Lindem <acee@lindem.com>
TSAN doesn't understand the OS specific "fast" seqlock code. Use the
pthread mutex/condvar based path when TSAN is enabled.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
I lost an underscore somewhere along the way. Which never caused issues
because we don't use that function macro. It is, however, useful for
testing, so fix it.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Put some verbiage in place to warn people that we
are actively discouraging new development that uses
an older data structure.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
The following table is not compliant with caml format when displayed in
json:
> ttable_add_row(
> tt,
> "Vertex|Type|Metric|Next-Hop|Interface|Parent");
>
> ttable_json(tt, "ssdsss");
output observed:
> [..]
> {
> "Vertex":"r1",
> "Type":"",
> "Metric":0,
> "Next-Hop":"",
> "Interface":"",
> "Parent":""
> }
output expected:
> [..]
> {
> "vertex":"r1",
> "type":"",
> "metric":0,
> "nextHop":"",
> "interface":"",
> "parent":""
> }
Override the ttable_json() function with a new function which has an
extra paramter: this parameter will redefine the initial row value for
json:
> ttable_json_with_json_text(tt,
> "vertex|type|metric|nextHop|interface|parent");
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
In the near future, some daemons may only register SIDs. This may be
the case for the pathd daemon when creating SRv6 binding SIDs.
When a locator is getting deleted at ZEBRA level, the daemon may have
an easy way to find out the SIds to unregister to.
This commit proposes to add the locator name to the SID_SRV6_NOTIFY
message whenever possible. Only case when an allocation failure happens,
the locator will not be present. In all other places, the notify API
at procol levels has the locator name extra-parameter.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Signed-off-by: Carmine Scarpitta <cscarpit@cisco.com>
Add a new ZAPI command `ZEBRA_SRV6_SID_NOTIFY` used by zebra to send
asynchronous SRv6 SIDs notifications to zclients.
Signed-off-by: Carmine Scarpitta <cscarpit@cisco.com>
Add two new ZAPI operations: `ZEBRA_SRV6_MANAGER_GET_SRV6_SID` and
`ZEBRA_SRV6_MANAGER_RELEASE_SRV6_SID`. These APIs allow a daemon to get and
release an SRv6 SID, respectively.
Signed-off-by: Carmine Scarpitta <cscarpit@cisco.com>
Add a new ZAPI operation, ZEBRA_SRV6_MANAGER_GET_LOCATOR, which allows a
daemon to request information about a specific locator from the SRv6 SID
Manager.
Signed-off-by: Carmine Scarpitta <cscarpit@cisco.com>
Add a data structure to represent an SRv6 SID context and the related
management functions (allocate/free).
Signed-off-by: Carmine Scarpitta <cscarpit@cisco.com>
Add the CLI to choose the SID format of a locator. When the SID format
of a locator is changed, the SIDs allocated from that locator might no
longer be valid (for example, because the new format might involve a
different SID allocation schema). In such a case, it is necessary to
notify all the zclients so that they can withdraw/uninstall the old SIDs
that use the previous format and allocate/install/advertise the new SIDs
based on the new format.
Signed-off-by: Carmine Scarpitta <cscarpit@cisco.com>
If we do:
```
bfd
profile foo
shutdown
```
The session is dropped, but immediately established again because we don't
have a proper check on BFD.
If BFD is administratively shutdown, ignore starting the session.
Fixes: https://github.com/FRRouting/frr/issues/16186
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
When switching from nexthop to zapi_nexthop, the srte color
is copied. Do the same in reverse.
Fixes: 31f937fb43 ("lib, zebra: Add SR-TE policy infrastructure to zebra")
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
There are two ways of iterating over nexthops of a given
route entry.
- Either only the main nexthop are taken into account
(which is the case today when attempting to install an
LSP entry on a BGP connected labeled route.
- Or by taking into account nexthops that are resolved
and linked in nexthop->resolved of the previous nexthop
which has RECURSIVE flag set. This second case has to be
taken into account in the case where recursive routes may
be used to install an LSP entry.
Introduce a new API in nexthop that will parse over the
appropriate nexthop, if the nexthop-resolution flag is turned
on or not on the given VRF.
Use that API in the lsp_install() function so as to walk
over the appropriate nexthops.
Co-developed-by: Dmytro Shytyi <dmytro.shytyi@6wind.com>
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Signed-off-by: Dmytro Shytyi <dmytro.shytyi@6wind.com>
- `darr_free_free` to `darr_free` each element prior to `darr_free`
the array.
- `darr_free_func` to call `func` on each element prior to `darr_free`
the array.
Signed-off-by: Christian Hopps <chopps@labn.net>
lib/typesafe.h was supposed to be outside the _TYPESAFE_EXPAND_MACROS
guard, so that including lib/atomlist.h grabs all the typesafe container
macros.
(No effect on normal build, as _TYPESAFE_EXPAND_MACROS is never defined
there.)
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
The SR-TE color of nexthop should be displayed in all situations.
Fixes: 553c804846 ("zebra: fix JSON fields for 'show ip/ipv6 nht'")
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
The zebra_nexthop_vty_helper() and zebra_nexthop_json_helper()
functions could be very helpful to display nexthop information
from whatever daemon.
Move the core function in the nexthop_vty_helper() and the
nexthop_json_helper() function. The zebra API call remains
unchanged.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Similarly to recently fixed 'show ip[v6] prefix-list ...' - PR#15750,
json output is not valid for 'show ip[v6] access-list ... json' commands,
as it goes through all the running daemons and for each one it calls
'filter_show' creating a new json object. To aggreagate the output
and create a valid json that can later be parsed, the commands were
moved to vtysh and formatted accordingly
Signed-off-by: Piotr Suchy <piotrsuchy@proton.me>
If you had a situation where an operator turned on
ospfd with snmp but not ospf6d and agentx was configured
then you get into a situation where ospf6d would complain
that the config for agentx did not exist. Let's modify
the code to allow this situation to happen.
Fixes: #15896
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
In route-map: `match tag untagged`.
E.g. Cisco/Juniper allows that, but they use `match tag 0` instead.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
Didn't catch this one when adding the warning/error (with -Werror) for
missing this. Neither the CI nor I build with ZeroMQ enabled :(.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Using the same address with a different prefix length is not supported.
If we configure two identical addresses with different
netmasks 192.168.1.1/30 and then 192.168.1.1/29. Zebra sends
'192.168.1.1' with a prefix length of 29. However, the function
'zebra_interface_address_read()' reads '192.168.1.1/30' because the
prefix length is not checked.
Using 'same_prefix()' is more convenient.
Signed-off-by: Loïc Sang <loic.sang@6wind.com>
While clippy tries really, really hard to work under adverse conditions,
and this catches missing XREF_SETUP() on almost all CPU architectures,
this doesn't quite work on hppa. So, make it a warning on *all*
platforms (or error for --enable-dev-build) in order to catch it before
shipping off to Debian's buildd and blowing up there...
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
The gcc plugin wasn't warning about printing `suseconds_t` (which is
`time_t`, but in `struct timeval`.) It needs to be printed with a cast,
just like `time_t`. Luckily there is only one such usage.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Sections use a different syntax for Mach-O executables.
Fixes:
lib/bfd.c:35:1: error: argument to 'section' attribute is not valid for this target: mach-o section specifier requires a segment and section separated by a
comma
DEFINE_MTYPE_STATIC(LIB, BFD_INFO, "BFD info")
^
./lib/memory.h:140:2: note: expanded from macro 'DEFINE_MTYPE_STATIC'
DEFINE_MTYPE_ATTR(group, name, static, desc) \
^
./lib/memory.h:110:26: note: expanded from macro 'DEFINE_MTYPE_ATTR'
__attribute__((section(".data.mtypes"))) = { { \
^
1 error generated.
Signed-off-by: Ruben Kerkhof <ruben@rubenkerkhof.com>
Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
This can be used to get less cryptic error/warnings from GCC when
dealing with something typesafe container related.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Right where the zapi route flags are defined, there's a comment
asking that the flag-dumper-function also be updated.
Also apply clang-format's preferences, so next person won't have
to.
Signed-off-by: Mark Stapp <mjs@cisco.com>
In Linux, a network driver can set the interface flags IFF_UP and
IFF_RUNNING although the IFF_LOWER_UP flag is down, which means the
interface is ready but the carrier is down:
> These values contain interface state:
>
> ifinfomsg::if_flags & IFF_UP:
> Interface is admin up
> ifinfomsg::if_flags & IFF_RUNNING:
> Interface is in RFC2863 operational state UP or UNKNOWN. This is for
> backward compatibility, routing daemons, dhcp clients can use this
> flag to determine whether they should use the interface.
> ifinfomsg::if_flags & IFF_LOWER_UP:
> Driver has signaled netif_carrier_on()
However, FRR considers an interface is operational as soon it is up
(IFF_UP) and running (IFF_RUNNING), disregarding the IFF_LOWER_UP flag.
This can lead to a scenario where FRR starts adding routes through an
interface that is technically down at the carrier level, resulting in
kernel errors.
> Jan 02 18:07:18 dut-vm zebra[283731]: [WVJCK-PPMGD][EC 4043309093] netlink-dp (NS 0) error: Network is down, type=RTM_NEWNEXTHOP(104), seq=243, pid=3112881162
> Jan 02 18:07:18 dut-vm zebra[283731]: [X5XE1-RS0SW][EC 4043309074] Failed to install Nexthop (318[if 164]) into the kernel
> Jan 02 18:07:18 dut-vm zebra[283731]: [HSYZM-HV7HF] Extended Error: Carrier for nexthop device is down
> Jan 02 18:07:18 dut-vm zebra[283731]: [WVJCK-PPMGD][EC 4043309093] netlink-dp (NS 0) error: Network is down, type=RTM_NEWNEXTHOP(104), seq=245, pid=3112881162
> Jan 02 18:07:18 dut-vm zebra[283731]: [HSYZM-HV7HF] Extended Error: Nexthop id does not exist
> Jan 02 18:07:18 dut-vm zebra[283731]: [WVJCK-PPMGD][EC 4043309093] netlink-dp (NS 0) error: Invalid argument, type=RTM_NEWROUTE(24), seq=246, pid=3112881162
> Jan 02 18:07:18 dut-vm zebra[283731]: [X5XE1-RS0SW][EC 4043309074] Failed to install Nexthop (320[10.125.0.2 if 164]) into the kernel
> Jan 02 18:07:18 dut-vm zebra[283731]: [VYKYC-709DP] default(0:254):0.0.0.0/0: Route install failed
Consider an interface is operational when it has the IFF_UP, IFF_RUNNING
and IFF_LOWER_UP flags.
Link: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/networking/operstates.rst?h=v6.7-rc8#n29
Link: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/net/ipv4/nexthop.c?h=v6.7-rc8#n2886
Link: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/include/linux/netdevice.h?h=v6.7-rc8#n4198
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
c-ares has deprecated ares_gethostbyname() in version 1.28.0
Replace it with ares_getaddrinfo().
This fixes a build error on Fedora 40.
Signed-off-by: Andrew Cooks <acooks.at.bda@gmail.com>
ietf-key-chain depends on ietf-netconf-acm, and lib/ code sets up the
former, so ietf-netconf-acm needs to be embedded in the libfrr too.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
When usid is not used, the isis_srv6_topo1 test does not work.
The SID prefix allocated by isis is different when the usid
flags is set or not. When the flags is not transmitted to isis,
the SID allocated is supposed to be a 128 bit mask length SID,
which is not what the isis_srv6_topo1 test is supposed to obtain.
Fix this by exchanging the flags locator value in the zclient api.
Fixes: 9b7491e1fc ("lib: Add support for flags to the SRv6 locator")
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
In zebra_interface_nhg_reinstall zebra is checking that the
nhg is a singleton and not a blackhole nhg. This was originally
done with checking that the nexthop is a NEXTHOP_TYPE_IFINDEX,
NEXTHOP_TYPE_IPV4_IFINDEX and NEXTHOP_TYPE_IPV6_IFINDEX. This
was excluding NEXTHOP_TYPE_IPV4 and NEXTHOP_TYPE_IPV6. These
were both possible to be received and maintained from the upper
level protocol for when a route is being recursively resolved.
If we have gotten to this point in zebra_interface_nhg_reinstall
the nexthop group has already been installed at least once
and we *know* that it is actually a valid nexthop. What the
test is really trying to do is ensure that we are not reinstalling
a blackhole nexthop group( Which is not possible to even be
here by the way, but safety first! ). So let's change
to test for that instead.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
Change input/output arguments of the RPC callback from lists of
(xpath/value) tuples to YANG data trees.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Operational data should not be used on validation stage. Move the usage
to apply stage only.
Fixes#15707.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
If a command is not marked as `YANG`-converted, the current command
batching buffer is flushed before executing the command. We shouldn't
flush the buffer when executing an `exit` command. It should only be
flushed if the next command is not `YANG`-converted, which is checked by
the command itself, not the previous `exit`.
Fixes#15706.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
An extension of commit-8d8f12ba8e5cd11c189b8475b05539fa8415ccb9
Removing ifdef DEV_BUILD in stream_fifo_push as well to make the 'sh
zebra client' display the current I/O fifo along with max fifo items.
TICKET :#3390099
Signed-off-by: Rajasekar Raja <rajasekarr@nvidia.com>
Add a new condition var and mutex to serialize pthread startup.
When a new pthread is started, it will wait very early on for the
parent pthread to permit it to run. This ensures that that the
ordering between parent and child is predictable.
Signed-off-by: Mark Stapp <mjs@cisco.com>
An operator found a situation where zebra was
backing up in a significant way towards BGP
with EVPN changes taking up some serious amounts
of memory. The key lines that would have clued
us in on it were behind a dev build. Let's change
this.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
Add SRv6 Binding SID END.B6.Encaps nh6 str to lib.
It is used to display nh6 when one uses 'show ipv6 route'.
Signed-off-by: Dmytro Shytyi <dmytro.shytyi@6wind.com>
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
This extends non-broadcast support to point-to-multipoint networks.
Neighbors will be explicitly configured and polled in lieu of multicast
dicovery. Toptotests and documentation updates are included.
Additionally, the ospf neighbor commands have been greatly simplified taking
advantage of DEFPY() capabilities.
The AllOSPFRouters (224.0.0.5) is still joined for non-broadcast networks
since it is joined for NBMA networks. It seems this could be removed but
it should done be in a separate commit.
Signed-off-by: Acee Lindem <acee@lindem.com>
This operation basically implements support for RESTCONF operations. It
receives an xpath and a data tree in JSON/XML format, instead of a list
of (xpath, value) tuples as required by the current protobuf interface.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
BGP is now keeping a list of dests with the dest having a pointer
to the bgp_path_info that it will be working on.
1) When bgp receives a prefix, process it, add the bgp_dest of the
prefix into the new Fifo list if not present, update the flags (Ex:
earlier if the prefix was advertised and now it is a withdrawn),
increment the ref_count and DO NOT advertise the install/withdraw
to zebra yet.
2) Schedule an event to wake up to invoke the new function which will
walk the list one by one and installs/withdraws the routes into zebra.
a) if BUFFER_EMPTY, process the next item on the list
b) if BUFFER_PENDING, bail out and the callback in
zclient_flush_data() will invoke the same function when BUFFER_EMPTY
Changes
- rename old bgp_zebra_announce to bgp_zebra_announce_actual
- rename old bgp_zebra_withdrw to bgp_zebra_withdraw_actual
- Handle new fifo list cleanup in bgp_exit()
- New funcs: bgp_handle_route_announcements_to_zebra() and
bgp_zebra_route_install()
- Define a callback function to invoke
bgp_handle_route_announcements_to_zebra() when BUFFER_EMPTY in
zclient_flush_data()
The current change deals with bgp installing routes via
bgp_process_main_one()
Ticket: #3390099
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
Signed-off-by: Rajasekar Raja <rajasekarr@nvidia.com>
lib: don't define a `fallthrough` in c++ to avoid conflict with protobuf c++
check: add link libs required by some versions of grpc++ or it's dependent
linked libs
tests: don't fail the test due to known at exit memleaks
Signed-off-by: Christian Hopps <chopps@labn.net>
We're not calling any other termination functions to free allocated
memory when daemonizing except these two. There's no reason for such an
exception, and because of these calls we have the following libyang
warnings every time FRR is started:
```
MGMTD: libyang: String "15" not freed from the dictionary, refcount 2
MGMTD: libyang: String "200" not freed from the dictionary, refcount 2
MGMTD: libyang: String "mrib-then-urib" not freed from the dictionary, refcount 2
MGMTD: libyang: String "1000" not freed from the dictionary, refcount 2
MGMTD: libyang: String "10" not freed from the dictionary, refcount 2
MGMTD: libyang: String "5" not freed from the dictionary, refcount 2
```
Remove these calls to get rid of the unnecessary warnings.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
When a memory operation (malloc/free/... ) causes a crash
and the call to core_handler causes another crash then
instead of actually writing a core dump the alarm is
hit and the daemon in trouble will not cause a core dump.
Modify the shutdown code to just try to dump the buffers
and leave instead of cleaning up after itself.
Back Trace:
(gdb) bt
0 0x00007f17082ec056 in __lll_lock_wait_private () from /lib/x86_64-linux-gnu/libc.so.6
1 0x00007f17082fc8bd in ?? () from /lib/x86_64-linux-gnu/libc.so.6
2 0x00007f17082fee8f in free () from /lib/x86_64-linux-gnu/libc.so.6
3 0x00007f170866c2ea in qfree (mt=<optimized out>, ptr=<optimized out>) at lib/memory.c:141
4 0x00007f17086c156a in zlog_tls_free (arg=0x55584f816fb0) at lib/zlog.c:390
5 zlog_tls_buffer_fini () at lib/zlog.c:346
6 0x00007f1708695e5f in core_handler (signo=11, siginfo=0x7ffd173229f0, context=<optimized out>) at lib/sigevent.c:264
7 <signal handler called>
8 0x00007f17082fd7bc in ?? () from /lib/x86_64-linux-gnu/libc.so.6
9 0x00007f17082ff6e2 in calloc () from /lib/x86_64-linux-gnu/libc.so.6
10 0x00007f1708451e78 in lh_table_new () from /lib/x86_64-linux-gnu/libjson-c.so.5
11 0x00007f170844c979 in json_object_new_object () from /lib/x86_64-linux-gnu/libjson-c.so.5
12 0x000055584e002fd9 in evpn_show_all_routes (vty=vty@entry=0x55584fb5ea00, bgp=bgp@entry=0x55584f82c600, type=<optimized out>, json=json@entry=0x55584f998130, detail=<optimized out>,
self_orig=<optimized out>) at bgpd/bgp_evpn_vty.c:3192
13 0x000055584e009ed6 in show_bgp_l2vpn_evpn_route (self=<optimized out>, vty=0x55584fb5ea00, argc=6, argv=0x55584f998970) at bgpd/bgp_evpn_vty.c:5048
14 0x00007f170863af60 in cmd_execute_command_real (vline=vline@entry=0x55584fa87cb0, vty=vty@entry=0x55584fb5ea00, cmd=cmd@entry=0x0, up_level=up_level@entry=0, filter=FILTER_RELAXED)
at lib/command.c:1030
15 0x00007f170863b2be in cmd_execute_command (vline=vline@entry=0x55584fa87cb0, vty=vty@entry=0x55584fb5ea00, cmd=cmd@entry=0x0, vtysh=vtysh@entry=0) at lib/command.c:1089
16 0x00007f170863b550 in cmd_execute (vty=vty@entry=0x55584fb5ea00, cmd=cmd@entry=0x55584fb65160 "sh bgp l2vpn evpn route json", matched=matched@entry=0x0, vtysh=vtysh@entry=0)
at lib/command.c:1257
17 0x00007f17086acc77 in vty_command (vty=vty@entry=0x55584fb5ea00, buf=0x55584fb65160 "sh bgp l2vpn evpn route json") at lib/vty.c:503
18 0x00007f17086ad444 in vty_execute (vty=vty@entry=0x55584fb5ea00) at lib/vty.c:1266
19 0x00007f17086b06c8 in vtysh_read (thread=<optimized out>) at lib/vty.c:2165
20 0x00007f17086a798d in thread_call (thread=thread@entry=0x7ffd17325ce0) at lib/thread.c:2008
21 0x00007f1708660568 in frr_run (master=0x55584f22a120) at lib/libfrr.c:1223
22 0x000055584dfc8c96 in main (argc=<optimized out>, argv=<optimized out>) at bgpd/bgp_main.c:555
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
Split zebra's vrf_terminate() into disable() and delete() stages.
The former enqueues all events for the dplane thread.
Memory freeing is performed in the second stage.
Signed-off-by: Alexander Skorichenko <askorichenko@netgate.com>
When actions and notification are defined as descendants of other nodes,
they are not getting initialized, because the iterator skips them. Fix
the iterator to include them when traversing the schema.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
This adds specific width length modifiers in the form of wN and wfN
(where N is 8, 16, 32, or 64) which allow printing intN_t and
int_fastN_t without resorting to casts or PRI macros.
Reviewed by: imp, emaste
Differential Revision: https://reviews.freebsd.org/D41725
FRR changes only include printf(), scanf/strtol are not locally
implemented in FRR. Also added "(void) 0" to empty "else ..." to
avoid a compiler warning.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
(cherry picked from FreeBSD commit bce0bef3c6abab92c7ac8cc23b7cc632a382721e)
This is primarily intended for ldpd with its split-process architecture.
The LDE/LDPE subprocesses currently lose the extended zlog
functionality.
The zlog_live target already encapsulates all necessary bits for vtysh.
Reuse it for a relay function to be used in the main ldpd process.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
This is happening for Alpine Linux.
```
26 64.59 ./lib/sigevent.h:23:18: error: unknown type name 'sig_atomic_t'
26 64.59 23 | volatile sig_atomic_t caught; /* private member */
26 64.59 | ^~~~~~~~~~~~
26 64.60 In file included from ./lib/libfrr.h:12,
26 64.60 from ./lib/vty.h:28,
26 64.60 from ./lib/command.h:11,
26 64.60 from ./lib/debug.h:11,
26 64.60 from ./mgmtd/mgmt.h:12,
26 64.60 from mgmtd/mgmt_history.c:14:
26 64.60 ./lib/sigevent.h:23:18: error: unknown type name 'sig_atomic_t'
26 64.60 23 | volatile sig_atomic_t caught; /* private member */
26 64.60 | ^~~~~~~~~~~~
```
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
Add missing cli_cmp callback. Without it, interfaces are not sorted and
printed in order they were created.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Make errors look the same way as in regular non-mgmtd vty. We don't need
to show information about some internal request names.
Before:
```
ERROR: SET_CONFIG request failed, Error: YANG error(s):
Path: Data location "/frr-affinity-map:lib/affinity-maps/affinity-map[name='a']".
Error: Unique data leaf(s) "value" not satisfied in "/frr-affinity-map:lib/affinity-maps/affinity-map[name='b']" and "/frr-affinity-map:lib/affinity-maps/affinity-map[name='a']".
```
After:
```
% Configuration failed.
YANG error(s):
Path: Data location "/frr-affinity-map:lib/affinity-maps/affinity-map[name='b']".
Error: Unique data leaf(s) "value" not satisfied in "/frr-affinity-map:lib/affinity-maps/affinity-map[name='a']" and "/frr-affinity-map:lib/affinity-maps/affinity-map[name='b']".
```
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
When a node is top-level, we shouldn't stop the whole processing, we
should just skip this single node.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
`darr_avail` returns the available capacity excluding the already
existing terminating NULL byte. Take this into account when using
`darr_avail`. Otherwise, if the error length is a power of 2, the
capacity is never enough and the function stucks in an infinite loop.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
If the initial darr capacity is not enough for the output, the `ap` is
reused multiple times, which is wrong, because it may be altered by
`vsnprintf`. Make a copy of `ap` each time instead of reusing.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
By calling `ly_log_options` with `LY_LOSTORE`, the current code
effectively disables libyang logging and never enables it back. The call
is done to get the current logging options, but we don't really need
that. When looking for a schema node, we don't want neither to log nor
to store the error, so simply set the temporary options to 0.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
When a prefix-list entry is updated, current NB code calls the
replacement code multiple times, once per each updated field. It means
that when multiple fields of an entry are changed in a single commit,
the replacement is done with an interim state of a prefix-list instead
of a final one. To fix the issue, we should call the replacement code
once, after all fields of an entry are updated.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
When an access-list entry is updated, current NB code calls notification
hooks for each updated field. It means that when multiple fields of an
entry are changed in a single commit, the hooks are run with an interim
state of an access-list instead of a final one. To fix the issue, we
should call the hooks once, after all fields of an entry are updated.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Containers inside a choice's case must be treated as presence containers
as they can be explicitly created and deleted. They must have `create`
and `destroy` callbacks, otherwise the internal data they represent may
never be deleted.
The issue can be reproduced with the following steps:
- create an access-list with destination-network params
```
# access-list test seq 1 permit ip any 10.10.10.0 0.0.0.255
```
- delete the `destination-network` container
```
# mgmt delete-config /frr-filter:lib/access-list[name='test'][type='ipv4']/entry[sequence='1']/destination-network
# mgmt commit apply
MGMTD: No changes found to be committed!
```
As the `destination-network` container is non-presence, and all its
leafs are mandatory, mgmtd doesn't see any changes to be commited and
simply updates its YANG data tree without passing any updates to backend
daemons.
This commit fixes the issue by requiring `create` and `destroy`
callbacks for containers inside choice's cases.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
When ordering operations, destroys must always come before other
operations, to correctly cover the change of a "case" in a "choice".
The problem can be reproduced with the following commands:
```
access-list test seq 1 permit 10.0.0.0/8
access-list test seq 1 permit host 10.0.0.1
access-list test seq 1 permit 10.0.0.0/8
```
Before this commit, the order of changes would be the following:
- `access-list test seq 1 permit 10.0.0.0/8`
- `modify` for `ipv4-prefix`
- `access-list test seq 1 permit host 10.0.0.1`
- `destroy` for `ipv4-prefix`
- `modify` for `host`
- `access-list test seq 1 permit 10.0.0.0/8`
- `modify` for `ipv4-prefix`
- `destroy` for `host`
As `destroy` for `host` is called last, it rewrites the fields that were
filled by `modify` callback of `ipv4-prefix`. This commit fixes this
problem by always calling `destroy` callbacks first.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Notifications are sent by mgmtd for each session of a client, so they
should be processed once per each session.
Also, add session_id parameter to an async_notification callback as all
other callbacks have this parameter.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
When ordering the NB callbacks according to their priorities, if the
operation is "destroy" we should reverse the order, to destroy the
dependants before the dependencies.
This fixes the crash, that can be reproduced with the following steps:
```
frr# conf term file-lock
frr(config)# affinity-map map bit-position 10
frr(config)# interface test
frr(config-if)# link-params
frr(config-link-params)# affinity map
frr(config-link-params)# exit
frr(config-if)# exit
frr(config)# mgmt commit apply
frr(config)# no affinity-map map
frr(config)# interface test
frr(config-if)# link-params
frr(config-link-params)# no affinity map
frr(config-link-params)# exit
frr(config-if)# exit
frr(config)# mgmt commit apply
```
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Other objects depend on affinity-maps being created before them by using
leafref with require-instance true. Set the priority to ensure that.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Remove adding of line feeds when encondig. We're using these functions
only for encoding binary data for storing in YANG data tree.
According to RFC 7950, section 9.8.2:
```
9.8.2. Lexical Representation
Binary values are encoded with the base64 encoding scheme (see
Section 4 in [RFC4648]).
```
According to mentioned RFC 4648, section 3.1:
```
Implementations MUST NOT add line feeds to base-encoded data unless
the specification referring to this document explicitly directs base
encoders to add line feeds after a specific number of characters.
```
Therefore, line feeds must not be added to the encoded data.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Before this fix would always return empty results b/c there was no
libyang tree to print to output format.
Signed-off-by: Christian Hopps <chopps@labn.net>
Convert only when this is really needed, e.g. `match ip address prefix-list ...`.
Otherwise, we can't have mixed match clauses, like:
```
match ip address prefix-list p1
match evpn route-type prefix
```
This won't work, because the prefix is already converted, and we can't extract
route type, vni, etc. from the original EVPN prefix.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
Currently, YANG notification processing is done using a special type of
callbacks registered in backend clients. In this commit, we start using
regular northbound infrastructure instead, because it already has a
convenient way of registering xpath-specific callbacks without the need
for creating additional structures for each necessary notification. We
also now pass a notification data to the callback, instead of a plain
JSON. This allows to use regular YANG library functions for inspecting
notification fields, instead of manually parsing the JSON.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Current code assumes that notification is always sent in stripped JSON
format and therefore notification xpath starts at the third symbol of
notification data. Assuming JSON is more or less fine, because this
representation is internal to FRR, but the assumption about the xpath is
wrong, because it won't work for not top-level notifications. YANG
allows to define notification as a child for some data node deep into
the tree and in this case notification data contains not only the
notification node itself, but also all its parents.
To fix the issue, parse the notification data and get its xpath from its
schema node.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
When exiting from a level below the config node, like `router rip`,
vtysh executes a resync by sending "end" and "conf term [file-lock]"
commands to all the daemons. As statet in the description comment, it's
done "in case one of the daemons is somewhere else". I don't think this
actually ever happens, but even if it is, it is a bug in a daemon that
needs to be fixed. This resync was okay before the introduction of
mgmtd, but now it unlocks and locks back the datastores during the
configuration reading process, which can lead to a failure which is
explained in the previous commit.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
There exists cases where just honoring the FD_LIMIT size
as given to us by the operating system makes no sense.
Let's just make a switch to allow for this for things
like vtysh and ospfclient which will never have 1k files
open at any given time.
Fixes: #15315
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
We don't need to manually load built-in modules. This fixes the
following warning in mgmtd:
```
YANG model "ietf-yang-metadata@*" "*@*"not embedded, trying external file
```
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
mgmtd is supposed to only register CLI callbacks. If configuration
callbacks are registered, they are getting called on startup when mgmtd
reads config files, and they can use infrastructure that is not
initialized on mgmtd, or allocate some memory that is never freed.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
In a non-controlled startup, the rcu data structures were
not being created until after logging could happen. This
is bad. Move it so that the rcu data structures are
created first, before logging( HA! ) can happen.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
External libraries can re-enter the FRR code through a hook function. A
crash occurs when logging from this hook function if the library has
initiated a new pthread, as the FRR RCU context is not initialized for
this thread.
Add frr_pthread_non_controlled_startup() function to initialize a valid
RCU context within a FRR pthread context, originating from an external
pthread.
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
It's unlikely that an operator will ever set a fd
limit of over 100k. Let's warn the operator that
things are in a bit of a wonky state.
Fixes: #15280
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
Remove operational data check from CLI command. It never works in mgmtd
and it is not needed in backend daemons because it's done in
`lib_vrf_destroy` callback.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Currently, staticd configuration is tightly coupled with VRF existence.
Because of that, it has to use a hack in NB infrastructure to create a
VRF configuration when at least one static route is configured for this
VRF. This hack is incompatible with mgmtd, because mgmtd doesn't execute
configuration callbacks. Because of that, the configuration may become
out of sync between mgmtd and staticd. There are two main cases:
1. Create static route in a VRF. The VRF data node will be created
automatically in staticd by the NB hack, but not in mgmtd.
2. Delete VRF which has some static routes configured. The static route
configuration will be deleted from staticd by the NB hack, but not
from mgmtd.
To fix the problem, decouple configuration of static routes from VRF
configuration. Now it is possible to configure static routes even if the
VRF doesn't exist yet. Once the VRF is created, staticd applies all the
preconfigured routes.
This change also fixes the problem with static routes being preserved in
the system when staticd "control-plane-protocol" container is deleted
but the VRF is still configured.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Create a single registry of default port values that daemons
are using. Most of these are vty ports, but there are some
others for features like ospfapi and zebra FPM.
Signed-off-by: Mark Stapp <mjs@labn.net>
pahole reports that the hash_bucket has 2 4 byte holes
in the data structure. Let's reorganize this a bit
and save 8 bytes per hash_bucket instance.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
It allows people not familiar with libyang and FRR internals to use
mgmtd FE API by looking only at `mgmt_msg_native.h` header. We still use
the same values to avoid a lot of mapping code, and ensure that any
change doesn't slip unnoticed by using static asserts.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Fix reference bandwidth description. It is Kbps, not Mbps.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
- use `apply_finish` callback when possible to avoid multiple applies per commit
- move table range working to the CLI handler
- remove unnecessary conditional compilation
- remove unnecessary boolean conversion
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
When the daemon is partially mgmtd-converted, it receives configuration
from vty and mgmtmd simultaneosly. This configuration must be
synchronized.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
When duplicating nodes, we should always keep flags, especially the
LYD_NEW flag that indicates not validated data. This allows to select a
new choice's case without the need to explicitly remove the existing one.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Current denominators are not integers and some of them lose precision
because of that, for example, 1e-6 is actually stored as
9.9999999999999995e-07 and 1-e12 is stored as 9.9999999999999998e-13.
When multiplying by such denominators, we receive incorrect values.
Changing denominators to integers and using division instead of
multiplication improves precision and solves the problem.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
