We're not calling any other termination functions to free allocated
memory when daemonizing except these two. There's no reason for such an
exception, and because of these calls we have the following libyang
warnings every time FRR is started:
```
MGMTD: libyang: String "15" not freed from the dictionary, refcount 2
MGMTD: libyang: String "200" not freed from the dictionary, refcount 2
MGMTD: libyang: String "mrib-then-urib" not freed from the dictionary, refcount 2
MGMTD: libyang: String "1000" not freed from the dictionary, refcount 2
MGMTD: libyang: String "10" not freed from the dictionary, refcount 2
MGMTD: libyang: String "5" not freed from the dictionary, refcount 2
```
Remove these calls to get rid of the unnecessary warnings.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
When a memory operation (malloc/free/... ) causes a crash
and the call to core_handler causes another crash then
instead of actually writing a core dump the alarm is
hit and the daemon in trouble will not cause a core dump.
Modify the shutdown code to just try to dump the buffers
and leave instead of cleaning up after itself.
Back Trace:
(gdb) bt
0 0x00007f17082ec056 in __lll_lock_wait_private () from /lib/x86_64-linux-gnu/libc.so.6
1 0x00007f17082fc8bd in ?? () from /lib/x86_64-linux-gnu/libc.so.6
2 0x00007f17082fee8f in free () from /lib/x86_64-linux-gnu/libc.so.6
3 0x00007f170866c2ea in qfree (mt=<optimized out>, ptr=<optimized out>) at lib/memory.c:141
4 0x00007f17086c156a in zlog_tls_free (arg=0x55584f816fb0) at lib/zlog.c:390
5 zlog_tls_buffer_fini () at lib/zlog.c:346
6 0x00007f1708695e5f in core_handler (signo=11, siginfo=0x7ffd173229f0, context=<optimized out>) at lib/sigevent.c:264
7 <signal handler called>
8 0x00007f17082fd7bc in ?? () from /lib/x86_64-linux-gnu/libc.so.6
9 0x00007f17082ff6e2 in calloc () from /lib/x86_64-linux-gnu/libc.so.6
10 0x00007f1708451e78 in lh_table_new () from /lib/x86_64-linux-gnu/libjson-c.so.5
11 0x00007f170844c979 in json_object_new_object () from /lib/x86_64-linux-gnu/libjson-c.so.5
12 0x000055584e002fd9 in evpn_show_all_routes (vty=vty@entry=0x55584fb5ea00, bgp=bgp@entry=0x55584f82c600, type=<optimized out>, json=json@entry=0x55584f998130, detail=<optimized out>,
self_orig=<optimized out>) at bgpd/bgp_evpn_vty.c:3192
13 0x000055584e009ed6 in show_bgp_l2vpn_evpn_route (self=<optimized out>, vty=0x55584fb5ea00, argc=6, argv=0x55584f998970) at bgpd/bgp_evpn_vty.c:5048
14 0x00007f170863af60 in cmd_execute_command_real (vline=vline@entry=0x55584fa87cb0, vty=vty@entry=0x55584fb5ea00, cmd=cmd@entry=0x0, up_level=up_level@entry=0, filter=FILTER_RELAXED)
at lib/command.c:1030
15 0x00007f170863b2be in cmd_execute_command (vline=vline@entry=0x55584fa87cb0, vty=vty@entry=0x55584fb5ea00, cmd=cmd@entry=0x0, vtysh=vtysh@entry=0) at lib/command.c:1089
16 0x00007f170863b550 in cmd_execute (vty=vty@entry=0x55584fb5ea00, cmd=cmd@entry=0x55584fb65160 "sh bgp l2vpn evpn route json", matched=matched@entry=0x0, vtysh=vtysh@entry=0)
at lib/command.c:1257
17 0x00007f17086acc77 in vty_command (vty=vty@entry=0x55584fb5ea00, buf=0x55584fb65160 "sh bgp l2vpn evpn route json") at lib/vty.c:503
18 0x00007f17086ad444 in vty_execute (vty=vty@entry=0x55584fb5ea00) at lib/vty.c:1266
19 0x00007f17086b06c8 in vtysh_read (thread=<optimized out>) at lib/vty.c:2165
20 0x00007f17086a798d in thread_call (thread=thread@entry=0x7ffd17325ce0) at lib/thread.c:2008
21 0x00007f1708660568 in frr_run (master=0x55584f22a120) at lib/libfrr.c:1223
22 0x000055584dfc8c96 in main (argc=<optimized out>, argv=<optimized out>) at bgpd/bgp_main.c:555
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
Split zebra's vrf_terminate() into disable() and delete() stages.
The former enqueues all events for the dplane thread.
Memory freeing is performed in the second stage.
Signed-off-by: Alexander Skorichenko <askorichenko@netgate.com>
When actions and notification are defined as descendants of other nodes,
they are not getting initialized, because the iterator skips them. Fix
the iterator to include them when traversing the schema.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
This adds specific width length modifiers in the form of wN and wfN
(where N is 8, 16, 32, or 64) which allow printing intN_t and
int_fastN_t without resorting to casts or PRI macros.
Reviewed by: imp, emaste
Differential Revision: https://reviews.freebsd.org/D41725
FRR changes only include printf(), scanf/strtol are not locally
implemented in FRR. Also added "(void) 0" to empty "else ..." to
avoid a compiler warning.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
(cherry picked from FreeBSD commit bce0bef3c6abab92c7ac8cc23b7cc632a382721e)
This is primarily intended for ldpd with its split-process architecture.
The LDE/LDPE subprocesses currently lose the extended zlog
functionality.
The zlog_live target already encapsulates all necessary bits for vtysh.
Reuse it for a relay function to be used in the main ldpd process.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
This is happening for Alpine Linux.
```
26 64.59 ./lib/sigevent.h:23:18: error: unknown type name 'sig_atomic_t'
26 64.59 23 | volatile sig_atomic_t caught; /* private member */
26 64.59 | ^~~~~~~~~~~~
26 64.60 In file included from ./lib/libfrr.h:12,
26 64.60 from ./lib/vty.h:28,
26 64.60 from ./lib/command.h:11,
26 64.60 from ./lib/debug.h:11,
26 64.60 from ./mgmtd/mgmt.h:12,
26 64.60 from mgmtd/mgmt_history.c:14:
26 64.60 ./lib/sigevent.h:23:18: error: unknown type name 'sig_atomic_t'
26 64.60 23 | volatile sig_atomic_t caught; /* private member */
26 64.60 | ^~~~~~~~~~~~
```
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
Add missing cli_cmp callback. Without it, interfaces are not sorted and
printed in order they were created.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Make errors look the same way as in regular non-mgmtd vty. We don't need
to show information about some internal request names.
Before:
```
ERROR: SET_CONFIG request failed, Error: YANG error(s):
Path: Data location "/frr-affinity-map:lib/affinity-maps/affinity-map[name='a']".
Error: Unique data leaf(s) "value" not satisfied in "/frr-affinity-map:lib/affinity-maps/affinity-map[name='b']" and "/frr-affinity-map:lib/affinity-maps/affinity-map[name='a']".
```
After:
```
% Configuration failed.
YANG error(s):
Path: Data location "/frr-affinity-map:lib/affinity-maps/affinity-map[name='b']".
Error: Unique data leaf(s) "value" not satisfied in "/frr-affinity-map:lib/affinity-maps/affinity-map[name='a']" and "/frr-affinity-map:lib/affinity-maps/affinity-map[name='b']".
```
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
When a node is top-level, we shouldn't stop the whole processing, we
should just skip this single node.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
`darr_avail` returns the available capacity excluding the already
existing terminating NULL byte. Take this into account when using
`darr_avail`. Otherwise, if the error length is a power of 2, the
capacity is never enough and the function stucks in an infinite loop.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
If the initial darr capacity is not enough for the output, the `ap` is
reused multiple times, which is wrong, because it may be altered by
`vsnprintf`. Make a copy of `ap` each time instead of reusing.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
By calling `ly_log_options` with `LY_LOSTORE`, the current code
effectively disables libyang logging and never enables it back. The call
is done to get the current logging options, but we don't really need
that. When looking for a schema node, we don't want neither to log nor
to store the error, so simply set the temporary options to 0.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
When a prefix-list entry is updated, current NB code calls the
replacement code multiple times, once per each updated field. It means
that when multiple fields of an entry are changed in a single commit,
the replacement is done with an interim state of a prefix-list instead
of a final one. To fix the issue, we should call the replacement code
once, after all fields of an entry are updated.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
When an access-list entry is updated, current NB code calls notification
hooks for each updated field. It means that when multiple fields of an
entry are changed in a single commit, the hooks are run with an interim
state of an access-list instead of a final one. To fix the issue, we
should call the hooks once, after all fields of an entry are updated.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Containers inside a choice's case must be treated as presence containers
as they can be explicitly created and deleted. They must have `create`
and `destroy` callbacks, otherwise the internal data they represent may
never be deleted.
The issue can be reproduced with the following steps:
- create an access-list with destination-network params
```
# access-list test seq 1 permit ip any 10.10.10.0 0.0.0.255
```
- delete the `destination-network` container
```
# mgmt delete-config /frr-filter:lib/access-list[name='test'][type='ipv4']/entry[sequence='1']/destination-network
# mgmt commit apply
MGMTD: No changes found to be committed!
```
As the `destination-network` container is non-presence, and all its
leafs are mandatory, mgmtd doesn't see any changes to be commited and
simply updates its YANG data tree without passing any updates to backend
daemons.
This commit fixes the issue by requiring `create` and `destroy`
callbacks for containers inside choice's cases.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
When ordering operations, destroys must always come before other
operations, to correctly cover the change of a "case" in a "choice".
The problem can be reproduced with the following commands:
```
access-list test seq 1 permit 10.0.0.0/8
access-list test seq 1 permit host 10.0.0.1
access-list test seq 1 permit 10.0.0.0/8
```
Before this commit, the order of changes would be the following:
- `access-list test seq 1 permit 10.0.0.0/8`
- `modify` for `ipv4-prefix`
- `access-list test seq 1 permit host 10.0.0.1`
- `destroy` for `ipv4-prefix`
- `modify` for `host`
- `access-list test seq 1 permit 10.0.0.0/8`
- `modify` for `ipv4-prefix`
- `destroy` for `host`
As `destroy` for `host` is called last, it rewrites the fields that were
filled by `modify` callback of `ipv4-prefix`. This commit fixes this
problem by always calling `destroy` callbacks first.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Notifications are sent by mgmtd for each session of a client, so they
should be processed once per each session.
Also, add session_id parameter to an async_notification callback as all
other callbacks have this parameter.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
When ordering the NB callbacks according to their priorities, if the
operation is "destroy" we should reverse the order, to destroy the
dependants before the dependencies.
This fixes the crash, that can be reproduced with the following steps:
```
frr# conf term file-lock
frr(config)# affinity-map map bit-position 10
frr(config)# interface test
frr(config-if)# link-params
frr(config-link-params)# affinity map
frr(config-link-params)# exit
frr(config-if)# exit
frr(config)# mgmt commit apply
frr(config)# no affinity-map map
frr(config)# interface test
frr(config-if)# link-params
frr(config-link-params)# no affinity map
frr(config-link-params)# exit
frr(config-if)# exit
frr(config)# mgmt commit apply
```
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Other objects depend on affinity-maps being created before them by using
leafref with require-instance true. Set the priority to ensure that.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Remove adding of line feeds when encondig. We're using these functions
only for encoding binary data for storing in YANG data tree.
According to RFC 7950, section 9.8.2:
```
9.8.2. Lexical Representation
Binary values are encoded with the base64 encoding scheme (see
Section 4 in [RFC4648]).
```
According to mentioned RFC 4648, section 3.1:
```
Implementations MUST NOT add line feeds to base-encoded data unless
the specification referring to this document explicitly directs base
encoders to add line feeds after a specific number of characters.
```
Therefore, line feeds must not be added to the encoded data.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Before this fix would always return empty results b/c there was no
libyang tree to print to output format.
Signed-off-by: Christian Hopps <chopps@labn.net>
Convert only when this is really needed, e.g. `match ip address prefix-list ...`.
Otherwise, we can't have mixed match clauses, like:
```
match ip address prefix-list p1
match evpn route-type prefix
```
This won't work, because the prefix is already converted, and we can't extract
route type, vni, etc. from the original EVPN prefix.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
Currently, YANG notification processing is done using a special type of
callbacks registered in backend clients. In this commit, we start using
regular northbound infrastructure instead, because it already has a
convenient way of registering xpath-specific callbacks without the need
for creating additional structures for each necessary notification. We
also now pass a notification data to the callback, instead of a plain
JSON. This allows to use regular YANG library functions for inspecting
notification fields, instead of manually parsing the JSON.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Current code assumes that notification is always sent in stripped JSON
format and therefore notification xpath starts at the third symbol of
notification data. Assuming JSON is more or less fine, because this
representation is internal to FRR, but the assumption about the xpath is
wrong, because it won't work for not top-level notifications. YANG
allows to define notification as a child for some data node deep into
the tree and in this case notification data contains not only the
notification node itself, but also all its parents.
To fix the issue, parse the notification data and get its xpath from its
schema node.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
When exiting from a level below the config node, like `router rip`,
vtysh executes a resync by sending "end" and "conf term [file-lock]"
commands to all the daemons. As statet in the description comment, it's
done "in case one of the daemons is somewhere else". I don't think this
actually ever happens, but even if it is, it is a bug in a daemon that
needs to be fixed. This resync was okay before the introduction of
mgmtd, but now it unlocks and locks back the datastores during the
configuration reading process, which can lead to a failure which is
explained in the previous commit.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
There exists cases where just honoring the FD_LIMIT size
as given to us by the operating system makes no sense.
Let's just make a switch to allow for this for things
like vtysh and ospfclient which will never have 1k files
open at any given time.
Fixes: #15315
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
We don't need to manually load built-in modules. This fixes the
following warning in mgmtd:
```
YANG model "ietf-yang-metadata@*" "*@*"not embedded, trying external file
```
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
mgmtd is supposed to only register CLI callbacks. If configuration
callbacks are registered, they are getting called on startup when mgmtd
reads config files, and they can use infrastructure that is not
initialized on mgmtd, or allocate some memory that is never freed.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
In a non-controlled startup, the rcu data structures were
not being created until after logging could happen. This
is bad. Move it so that the rcu data structures are
created first, before logging( HA! ) can happen.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
External libraries can re-enter the FRR code through a hook function. A
crash occurs when logging from this hook function if the library has
initiated a new pthread, as the FRR RCU context is not initialized for
this thread.
Add frr_pthread_non_controlled_startup() function to initialize a valid
RCU context within a FRR pthread context, originating from an external
pthread.
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
It's unlikely that an operator will ever set a fd
limit of over 100k. Let's warn the operator that
things are in a bit of a wonky state.
Fixes: #15280
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
Remove operational data check from CLI command. It never works in mgmtd
and it is not needed in backend daemons because it's done in
`lib_vrf_destroy` callback.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Currently, staticd configuration is tightly coupled with VRF existence.
Because of that, it has to use a hack in NB infrastructure to create a
VRF configuration when at least one static route is configured for this
VRF. This hack is incompatible with mgmtd, because mgmtd doesn't execute
configuration callbacks. Because of that, the configuration may become
out of sync between mgmtd and staticd. There are two main cases:
1. Create static route in a VRF. The VRF data node will be created
automatically in staticd by the NB hack, but not in mgmtd.
2. Delete VRF which has some static routes configured. The static route
configuration will be deleted from staticd by the NB hack, but not
from mgmtd.
To fix the problem, decouple configuration of static routes from VRF
configuration. Now it is possible to configure static routes even if the
VRF doesn't exist yet. Once the VRF is created, staticd applies all the
preconfigured routes.
This change also fixes the problem with static routes being preserved in
the system when staticd "control-plane-protocol" container is deleted
but the VRF is still configured.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Create a single registry of default port values that daemons
are using. Most of these are vty ports, but there are some
others for features like ospfapi and zebra FPM.
Signed-off-by: Mark Stapp <mjs@labn.net>
pahole reports that the hash_bucket has 2 4 byte holes
in the data structure. Let's reorganize this a bit
and save 8 bytes per hash_bucket instance.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
It allows people not familiar with libyang and FRR internals to use
mgmtd FE API by looking only at `mgmt_msg_native.h` header. We still use
the same values to avoid a lot of mapping code, and ensure that any
change doesn't slip unnoticed by using static asserts.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Fix reference bandwidth description. It is Kbps, not Mbps.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
- use `apply_finish` callback when possible to avoid multiple applies per commit
- move table range working to the CLI handler
- remove unnecessary conditional compilation
- remove unnecessary boolean conversion
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
When the daemon is partially mgmtd-converted, it receives configuration
from vty and mgmtmd simultaneosly. This configuration must be
synchronized.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
When duplicating nodes, we should always keep flags, especially the
LYD_NEW flag that indicates not validated data. This allows to select a
new choice's case without the need to explicitly remove the existing one.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Current denominators are not integers and some of them lose precision
because of that, for example, 1e-6 is actually stored as
9.9999999999999995e-07 and 1-e12 is stored as 9.9999999999999998e-13.
When multiplying by such denominators, we receive incorrect values.
Changing denominators to integers and using division instead of
multiplication improves precision and solves the problem.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
It shouldn't be set unless some affinity is configured. NB callbacks
set this flag correctly when necessary.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Use consistent `e_somepath` names for expanded versions of `somepath`.
Also remove all paths from `config.h` and put them into
`lib/config_paths.h` - this is to make more obvious when someone is
doing something probably not quite properly structured.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Both of these belong in `/var/lib`, not `/var/run`.
Rather hilariously, the history read in
`mgmt_history_read_cmt_record_index` was always failing, because it was
doing a `file_exists(MGMTD_COMMIT_FILE_PATH)` check. Which is the wrong
macro - it's `.../commit-%s.json`, including the unprocessed `%s`, which
would never exist.
I guess noone ever tried if this actually works. Cool.
On the plus side, this means I don't have to implement legacy
compatibility for this, since it never worked to begin with.
(SQLite3 DB location is also changed in this commit since it also uses
`DAEMON_DB_DIR`.)
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
These functions load daemon-specific persistent state from
`/var/lib/frr` and supersede open-coded variants of similar calls in
ospfd, ospf6d and isisd to save GR state and/or sequence numbers.
Unlike the open-coded variants, the save call correctly `fsync()`s the
saved data to ensure disk contents are consistent.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
This needs to be used for persistent state, which currently is misplaced
into `/var/run` / `/run` where it gets deleted across reboots.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
CLI for access/prefix list removal was using `nb_cli_apply_changes`
multiple times in the same command. It's fine for regular daemons but
not for mgmtd. Refactor the code to apply changes only once.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Currently, when editing a leaf-list, `nb_candidate_edit` expects to
receive it's xpath without a predicate and the value in a separate
argument, and then creates the full xpath. This hack is complicated,
because it depends on the operation and on the caller being a backend or
not. Instead, let's require to always include the predicate in a
leaf-list xpath. Update all the usages in the code accordingly.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Previously each container created all it's decendents before descending into
the children and repeating the process.
Signed-off-by: Christian Hopps <chopps@labn.net>
- initialize the necessary bit when creating if_link_params
- fix CLI description to mark extended as the default mode
- correctly set mode to extended when using the "no" form of the command
- handle the "show_defaults" parameter correctly in cli_show callback
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
When affinity mode is "standard", bit position cannot be greater than
31. Add a "must" statement to the YANG model to validate this, and
remove our custom validation code that does the same.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Change the type of affinity leaf-list in frr-zebra to a leafref with
"require-instance" property set to true. This change tells libyang to
automatically check that affinity-map exists before usage and doesn't
allow it to be deleted if it's referenced. It allows us to remove all
the manual code that is doing the same thing.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Add support of RPKI commands in the VRF configure context.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Add a config that specifies per-deamon log file names.
Move the handy generated list of daemon names from vtysh to lib;
edit the gitignore files to match.
Signed-off-by: Mark Stapp <mjs@labn.net>
When creating an initial tree trunk for oper data walk, if the xpath
represents a leaf, the leaf is created with an incorrect empty value.
If it doesn't actually exist in daemon's oper data, its value is not
overwritten later and an empty value is returned in the result.
For example, when requesting
`/frr-interface:lib/interface[name='eth0']/description`, the result is:
```
{
"frr-interface:lib": {
"interface": [
{
"name": "eth0",
"description": ""
}
]
}
}
```
instead of an empty JSON that it should be.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Like in RESTCONF GET request and NETCONF get-data request, make it
possible to request state-only, config-only, or all data.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Currently it's the same as get-tree request for the backend, but it is
going to be expanded in the following commits.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Technically changing a leaf from uint16 to uint32 is a NBC change; however,
increasing this to uint32 should not break anyone in reality.
Signed-off-by: Christian Hopps <chopps@labn.net>
Setting this variable to true makes NB ignore only configuration-related
callbacks. CLI-related callbacks are still loaded and executed, so
rename the variable to make it clearer.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Replace operation removes the current data node configuration and sets
the provided value. As current northbound code works only with one
xpath at a time, the operation only makes sense to clear the config of
a container without deleting it itself. However, the next step is to
allow passing JSON-encoded complex values to northbound operations which
will make replace operation much more useful.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Currently, there's a single operation type which doesn't return error
if the object doesn't exists. To be compatible with NETCONF/RESTCONF,
we should support differentiate between DELETE (fails when object
doesn't exist) and REMOVE (doesn't fail if the object doesn't exist).
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Currently, there's no difference between CREATE and MODIFY operations.
To be compatible with NETCONF/RESTCONF, add new CREATE_EXCL operation
that throws an error if the configuration data already exists.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Currently, nb_operation enum means two different things - edit operation
type (frontend part), and callback type (backend part). These types
overlap, but they are not identical. We need to add more operation
types to support NETCONF/RESTCONF integration, so it's better to have
separate enums to identify different entities.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
The maximum number of file descriptors in an fd set is limited by
FD_SETSIZE. This limitation is important because the libc macros
FD_SET(), FD_CLR() and FD_ISSET() will invoke a sigabort if the size of
the fd set given to them is above FD_SETSIZE.
We ran into such a sigabort with bgpd because snmp can return an fd set
of size higher than FD_SETSIZE when calling snmp_select_info(). An
unfortunate FD_ISSET() call later causes the following abort:
Received signal 6 at 1701115534 (si_addr 0xb94, PC 0x7ff289a16a7c); aborting...
/lib/x86_64-linux-gnu/libfrr.so.0(zlog_backtrace_sigsafe+0xb3) [0x7ff289d62bba]
/lib/x86_64-linux-gnu/libfrr.so.0(zlog_signal+0x1b4) [0x7ff289d62a1f]
/lib/x86_64-linux-gnu/libfrr.so.0(+0x102860) [0x7ff289da4860]
/lib/x86_64-linux-gnu/libc.so.6(+0x42520) [0x7ff2899c2520]
/lib/x86_64-linux-gnu/libc.so.6(pthread_kill+0x12c) [0x7ff289a16a7c]
/lib/x86_64-linux-gnu/libc.so.6(raise+0x16) [0x7ff2899c2476]
/lib/x86_64-linux-gnu/libc.so.6(abort+0xd3) [0x7ff2899a87f3]
/lib/x86_64-linux-gnu/libc.so.6(+0x896f6) [0x7ff289a096f6]
/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x2a) [0x7ff289ab676a]
/lib/x86_64-linux-gnu/libc.so.6(+0x1350c6) [0x7ff289ab50c6]
/lib/x86_64-linux-gnu/libc.so.6(+0x1366ab) [0x7ff289ab66ab]
/lib/x86_64-linux-gnu/libfrrsnmp.so.0(+0x36f5) [0x7ff2897736f5]
/lib/x86_64-linux-gnu/libfrrsnmp.so.0(+0x3c27) [0x7ff289773c27]
/lib/x86_64-linux-gnu/libfrr.so.0(thread_call+0x1c2) [0x7ff289dbe105]
/lib/x86_64-linux-gnu/libfrr.so.0(frr_run+0x257) [0x7ff289d56e69]
/usr/bin/bgpd(main+0x4f4) [0x560965c40488]
/lib/x86_64-linux-gnu/libc.so.6(+0x29d90) [0x7ff2899a9d90]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0x80) [0x7ff2899a9e40]
/usr/bin/bgpd(_start+0x25) [0x560965c3e965]
in thread agentx_timeout scheduled from /build/make-pkg/output/_packages/cp-routing/src/lib/agentx.c:122 agentx_events_update()
Also, the following error is logged by snmp just before the abort:
snmp[err]: Use snmp_sess_select_info2() for processing large file descriptors
snmp uses a custom struct netsnmp_large_fd_set to work above the limit
imposed by FD_SETSIZE. It is noteworthy that, when calling
snmp_select_info() instead of snmp_select_info2(), snmp uses the same
code working with its custom, large structs, and copy/paste the result
to a regular, libc compatible fd_set. So there should be no downside
working with snmp_select_info2() instead of snmp_select_info().
Replace every use of the libc file descriptors sets by snmp's extended
file descriptors sets in agentx to acommodate for the high number of
file descriptors that can come out of snmp. This should prevent the
abort seen above.
Signed-off-by: Edwin Brossette <edwin.brossette@6wind.com>
Add configure.ac tests for libyang functions, if not present supply the
functionality ourselves in yang.[ch]
Signed-off-by: Christian Hopps <chopps@labn.net>
Allow user to specify full YANG compatible XPath 1.0 predicates. This
allows for trimming results of generic queries using functions and other
non-key predicates from XPath 1.0
Signed-off-by: Christian Hopps <chopps@labn.net>
The thread system has been renamed, let's use the proper
terminology now in the show commands. Also realign
output a tiny bit for stuff that was missing.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
zebra_interface_vrf_update_read is orphan. Remove it.
Fixes: b580c52698 ("*: remove ZEBRA_INTERFACE_VRF_UPDATE")
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Practically no-one uses this and ioctls are pretty much
wrappered. Further wrappering could make this even better.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
The backtrace functionality has been abstracted over
to zlog_backtrace(). Now that every place uses this
move the inclusion for HAVE_GLIBC_BACKTRACE into
the appropriate files instead of having everyone
pay for this costly include.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
The only 2 places sendmmsg is used is in zlog_5424.c
and zlog_live.c. Why is the rest of the entire system
paying for this compilation?
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
A memory leak is detected when stopping the sharpd daemon
with a nexthop group configuration that includes nexthops.
The nexthop_hold structure and its attributes are not
freed. Fix it by adding the missing free function.
Fixes: 98cbbaea91 ("lib: Handle if up/down and vrf enable/disable events")
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Heard back from libyang folks that this is not something they consider part of
the API and/or are going to guarantee. So we cannot count on it. Expect keys at
any location on the child sibling list.
Signed-off-by: Christian Hopps <chopps@labn.net>
Allow user to leave keys off of a list entry node at the end of the xpath. This
will return all list entries. Previously there was no way to just get the list
entries. One had to leave off the last list entry node which would then return
all list nodes as well as all the siblings at the same level.
Signed-off-by: Christian Hopps <chopps@labn.net>
- yang_get_key_preds
- yang_lyd_new_list
A function like new_list was added recently to libyang,
this is a compat version.
Signed-off-by: Christian Hopps <chopps@labn.net>
There is no function that both sets the nhg id, and sets
the ZAPI_MESSAGE_NHG flag if the nhg id is valid.
Create a ZAPI API to do this, and apply the changes wherever
needed.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
- Add a new node `SRV6_ENCAP_NODE` to the CLI graph. This node allows
users to configure encapsulation parameters for SRv6, including the
source address of the outer encapsulating IPv6 header.
- Install a new CLI command `source-address` under the
`SRV6_ENCAP_NODE` node. This command is used to configure the source
address of the outer encapsulating IPv6 header.
- Install a new CLI command `no source-address` under the
`SRV6_ENCAP_NODE` node. This command is used to unset the
source address of the outer encapsulating IPv6 header and restore the
default source address.
Examples:
```
router# segment-routing
router(sr)# srv6
router(srv6)# encapsulation
router(srv6-encap)# source-address fc00:0:1::1
```
```
router# segment-routing
router(sr)# srv6
router(srv6)# encapsulation
router(srv6-encap)# no source-address
```
Signed-off-by: Carmine Scarpitta <carmine.scarpitta@uniroma2.it>
Add ability for the connected routes to know
if they are a prefix route or not.
sharpd@eva:/work/home/sharpd/frr1$ ip addr show dev dummy1
13: dummy1: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
link/ether aa:93:ce:ce:3f:62 brd ff:ff:ff:ff:ff:ff
inet 192.168.55.1/24 scope global noprefixroute dummy1
valid_lft forever preferred_lft forever
inet 192.168.56.1/24 scope global dummy1
valid_lft forever preferred_lft forever
inet6 fe80::a893:ceff:fece:3f62/64 scope link
valid_lft forever preferred_lft forever
sharpd@eva:/work/home/sharpd/frr1$ sudo vtysh -c "show int dummy1"
Interface dummy1 is up, line protocol is up
Link ups: 0 last: (never)
Link downs: 0 last: (never)
vrf: default
index 13 metric 0 mtu 1500 speed 0 txqlen 1000
flags: <UP,BROADCAST,RUNNING,NOARP>
Type: Ethernet
HWaddr: aa:93:ce:ce:3f:62
inet 192.168.55.1/24 noprefixroute
inet 192.168.56.1/24
inet6 fe80::a893:ceff:fece:3f62/64
Interface Type Other
Interface Slave Type None
protodown: off
sharpd@eva:/work/home/sharpd/frr1$ sudo vtysh -c "show ip route"
Codes: K - kernel route, C - connected, L - local, S - static,
R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
F - PBR, f - OpenFabric, t - Table-Direct,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
t - trapped, o - offload failure
K>* 0.0.0.0/0 [0/100] via 192.168.119.1, enp13s0, 00:00:08
K>* 169.254.0.0/16 [0/1000] is directly connected, virbr2 linkdown, 00:00:08
L>* 192.168.44.1/32 is directly connected, dummy2, 00:00:08
L>* 192.168.55.1/32 is directly connected, dummy1, 00:00:08
C>* 192.168.56.0/24 is directly connected, dummy1, 00:00:08
L>* 192.168.56.1/32 is directly connected, dummy1, 00:00:08
L>* 192.168.119.205/32 is directly connected, enp13s0, 00:00:08
sharpd@eva:/work/home/sharpd/frr1$ ip route show
default via 192.168.119.1 dev enp13s0 proto dhcp metric 100
169.254.0.0/16 dev virbr2 scope link metric 1000 linkdown
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
192.168.45.0/24 dev virbr2 proto kernel scope link src 192.168.45.1 linkdown
192.168.56.0/24 dev dummy1 proto kernel scope link src 192.168.56.1
192.168.119.0/24 dev enp13s0 proto kernel scope link src 192.168.119.205 metric 100
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown
sharpd@eva:/work/home/sharpd/frr1$ ip route show table 255
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
local 172.17.0.1 dev docker0 proto kernel scope host src 172.17.0.1
broadcast 172.17.255.255 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
local 192.168.44.1 dev dummy2 proto kernel scope host src 192.168.44.1
broadcast 192.168.44.255 dev dummy2 proto kernel scope link src 192.168.44.1
local 192.168.45.1 dev virbr2 proto kernel scope host src 192.168.45.1
broadcast 192.168.45.255 dev virbr2 proto kernel scope link src 192.168.45.1 linkdown
local 192.168.55.1 dev dummy1 proto kernel scope host src 192.168.55.1
broadcast 192.168.55.255 dev dummy1 proto kernel scope link src 192.168.55.1
local 192.168.56.1 dev dummy1 proto kernel scope host src 192.168.56.1
broadcast 192.168.56.255 dev dummy1 proto kernel scope link src 192.168.56.1
local 192.168.119.205 dev enp13s0 proto kernel scope host src 192.168.119.205
broadcast 192.168.119.255 dev enp13s0 proto kernel scope link src 192.168.119.205
local 192.168.122.1 dev virbr0 proto kernel scope host src 192.168.122.1
broadcast 192.168.122.255 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown
Fixes: #14952
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
No need to declare 'nexthop_group_nexthop_num_no_recurse()' as external.
Fixes: 98cda54a95 ("zebra: Add recursive functionality to NHE's")
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
When stopping a VRF, the linked list entries must be
removed too.
Fixes: 98cbbaea91 ("lib: Handle if up/down and vrf enable/disable events")
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
The nexthop_group_active_nexthop_num_no_recurse() function is no more
used. Let us remove the function call.
Fixes: 148813c22a ("zebra: zebra_nhg check each nexthop for active, not just number")
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Implement proper memory cleanup for SRv6 functions and locator chunks to prevent potential memory leaks.
The list callback deletion functions have been set.
The ASan leak log for reference:
```
***********************************************************************************
Address Sanitizer Error detected in bgp_srv6l3vpn_to_bgp_vrf.test_bgp_srv6l3vpn_to_bgp_vrf/r2.asan.bgpd.4180
=================================================================
==4180==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 544 byte(s) in 2 object(s) allocated from:
#0 0x7f8d176a0d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
#1 0x7f8d1709f238 in qcalloc lib/memory.c:105
#2 0x55d5dba6ee75 in sid_register bgpd/bgp_mplsvpn.c:591
#3 0x55d5dba6ee75 in alloc_new_sid bgpd/bgp_mplsvpn.c:712
#4 0x55d5dba6f3ce in ensure_vrf_tovpn_sid_per_af bgpd/bgp_mplsvpn.c:758
#5 0x55d5dba6fb94 in ensure_vrf_tovpn_sid bgpd/bgp_mplsvpn.c:849
#6 0x55d5dba7f975 in vpn_leak_postchange bgpd/bgp_mplsvpn.h:299
#7 0x55d5dba7f975 in vpn_leak_postchange_all bgpd/bgp_mplsvpn.c:3704
#8 0x55d5dbbb6c66 in bgp_zebra_process_srv6_locator_chunk bgpd/bgp_zebra.c:3164
#9 0x7f8d1716f08a in zclient_read lib/zclient.c:4459
#10 0x7f8d1713f034 in event_call lib/event.c:1974
#11 0x7f8d1708242b in frr_run lib/libfrr.c:1214
#12 0x55d5db99d19d in main bgpd/bgp_main.c:510
#13 0x7f8d160c5c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Direct leak of 296 byte(s) in 1 object(s) allocated from:
#0 0x7f8d176a0d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
#1 0x7f8d1709f238 in qcalloc lib/memory.c:105
#2 0x7f8d170b1d5f in srv6_locator_chunk_alloc lib/srv6.c:135
#3 0x55d5dbbb6a19 in bgp_zebra_process_srv6_locator_chunk bgpd/bgp_zebra.c:3144
#4 0x7f8d1716f08a in zclient_read lib/zclient.c:4459
#5 0x7f8d1713f034 in event_call lib/event.c:1974
#6 0x7f8d1708242b in frr_run lib/libfrr.c:1214
#7 0x55d5db99d19d in main bgpd/bgp_main.c:510
#8 0x7f8d160c5c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
***********************************************************************************
```
Signed-off-by: Keelan Cannoo <keelan.cannoo@icloud.com>
Move the command from 'lib' to 'vtysh' so we can properly format the
JSON output in a correct manner.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
Avoids calling VRF/interface/... handlers in library code more than
once. It's kinda surprising that this hasn't been blowing up already
for the VNC code, luckily these handlers are (mostly?) idempotent.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
... and use it instead of fiddling with the `.synchronous` field.
(Make it const while at it.)
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Replace `struct list *` with `DLIST(if_connected, ...)`.
NB: while converting this, I found multiple places using connected
prefixes assuming they were IPv4 without checking:
- vrrpd/vrrp.c: vrrp_socket()
- zebra/irdp_interface.c: irdp_get_prefix(), irdp_if_start(),
irdp_advert_off()
(these fixes are really hard to split off into separate commits as that
would require going back and reapplying the change but with the old list
handling)
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Without this if we enter something like `debug bgp updates in x.x.x.x prefix-list y`,
prefix-list can't be lookup up, because when we read the config, debug does not know
anything about this prefix-list.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
INTERFACE_NAMSIZ is just a redefine of IFNAMSIZ and IFNAMSIZ
is the standard for interface name length on all platforms
that FRR currently compiles on.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
Don't skip NB callbacks loading when ignore_cbs is set for a YANG
module. It allows us to use cli_show, cli_show_end and cli_cmp callbacks
in mgmtd and output configuration directly from it instead of backend
daemons.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
In the master branch a new MTYPE_SCRIPT_RES was created for
frrscript_get_results, lua_to decoders should use that
Signed-off-by: Donald Lee <dlqs@gmx.com>
zapi_nexthop_update_decode() is no longer called externally.
Also move the comment to zclient->nexthop_update where it now belongs.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
All users of `ZEBRA_NEXTHOP_UPDATE` check the VRF and then call into
`zapi_nexthop_update_decode` before further processing. Begin moving
this into common code in lib/.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
LYD_VALIDATE_MULTI_ERROR was added in libyang 2.1.36. The currently
enforced minimum of libyang is 2.0.0. Stick an #ifdef around it.
Fixes: 51a2a4b3f4 ("lib: print all errors when validating a config")
Cc: Igor Ryzhov <iryzhov@nfware.com>
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
For some series of calls in FREEBSD setting the SO_RCVBUF size will
always fail under freebsd. This is no bueno since the
setsockopt_so_recvbuf call goes into an infinite loop.
(gdb) bt
0 setsockopt () at setsockopt.S:4
1 0x0000000083065870 in setsockopt_so_recvbuf (sock=15, size=0) at lib/sockopt.c:26
2 0x00000000002bd200 in ospf_ifp_sock_init (ifp=<optimized out>, ifp@entry=0x8d1dd500) at ospfd/ospf_network.c:290
3 0x00000000002ad1e0 in ospf_if_new (ospf=0x8eefc000, ifp=0x8d1dd500, p=0x8eecf1c0) at ospfd/ospf_interface.c:276
4 0x0000000000304ee0 in add_ospf_interface (co=0x8eecbe10, area=0x8d192100) at ospfd/ospfd.c:1115
5 0x00000000003050fc in ospf_network_run_interface (ospf=0x8eefc000, ifp=0x8d1dd500, p=0x80ff63f8, given_area=0x8d192100)
at ospfd/ospfd.c:1460
6 ospf_network_run (p=0x80ff63f8, area=0x8d192100) at ospfd/ospfd.c:1474
7 ospf_network_set (ospf=ospf@entry=0x8eefc000, p=p@entry=0x80ff63f8, area_id=..., df=<optimized out>) at ospfd/ospfd.c:1247
8 0x00000000002e876c in ospf_network_area (self=<optimized out>, vty=0x8eef3180, argc=<optimized out>, argv=<optimized out>)
at ospfd/ospf_vty.c:560
9 0x0000000083006f24 in cmd_execute_command_real (vline=vline@entry=0x8eee9100, vty=vty@entry=0x8eef3180, cmd=<optimized out>,
cmd@entry=0x0, up_level=<optimized out>) at lib/command.c:978
10 0x0000000083006b30 in cmd_execute_command (vline=0x8eee9100, vty=vty@entry=0x8eef3180, cmd=cmd@entry=0x0, vtysh=vtysh@entry=0)
at lib/command.c:1037
11 0x0000000083007044 in cmd_execute (vty=vty@entry=0x8eef3180, cmd=cmd@entry=0x8eefb000 "network 192.168.64.0/24 area 0.0.0.0",
matched=0x0, vtysh=0) at lib/command.c:1203
12 0x000000008307e9cc in vty_command (vty=0x8eef3180, buf=0x8eefb000 "network 192.168.64.0/24 area 0.0.0.0") at lib/vty.c:594
13 vty_execute (vty=vty@entry=0x8eef3180) at lib/vty.c:1357
14 0x000000008307ce40 in vtysh_read (thread=<optimized out>) at lib/vty.c:2365
15 0x0000000083073db0 in event_call (thread=thread@entry=0x80ff88a0) at lib/event.c:1965
16 0x000000008302c604 in frr_run (master=0x8d188140) at lib/libfrr.c:1214
17 0x000000000029c330 in main (argc=6, argv=<optimized out>) at ospfd/ospf_main.c:252
(gdb)
Force the setsockopt function to quit when the value we are passing no
longer makes any sense.
Fixes: #14790
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
`nb_cli_apply_changes` can be called with base xpath which should be
prepended to xpaths of every change in a transaction. This base xpath is
respected by regular northbound CLI but not by mgmtd. This commit fixes
the problem.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Batch IDs are only used to verify that all messages were received and
processed by a backend. It's not necessary to do that as we use reliable
stream transport - messages can't be dropped or received out of order.
This commit also fixes possible race condition that can happen if
one backend process messages slower than other backends.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
- Cannot have 2 cmd_node's with same .node number. Install the mgmtd
client library debug nodes (client frontend and client backend) using
new unique node numbers. Fixes memleaks.
- Fix "debug mgmt client backend" to generate correct config (and not
for frontend).
Signed-off-by: Christian Hopps <chopps@labn.net>
mgmtd frees all non-NULL change->value variables at the end of every
commit. We shouldn't assign change->value with data returned by libyang
to prevent freeing of library-allocated memory.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Keep track of the last starting spot of where fd's were
being handled for read operations. Modify the io read
handler to cycle through the list of fd's that need
to be handled such that fd's at the front do not take
precedence for being handled all the time.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
Currently when io is ready inside of the event system
the first FD received is always preferred as the ones
that are handled first. This leads to results where
events associated with these first FD's are always handled
first.
In anticipation of a change to make this more fair
let's abstract the function handler.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
We cannot build on apple machines at all due
to our usage of some gcc extensions that will
probably never see the light of day again.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
The headers associated with netlink code
really only belong in those that need it.
Move these headers out of lib/zebra.h and
into more appropriate places. bgp's usage
of the RT_TABLE_XXX defines are probably not
appropriate and will be cleaned up in future
commits.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
This also avoids a bug in the workaround function if the set variable
wasn't set to NULL the Debug version of libyang would sigsegv.
Signed-off-by: Christian Hopps <chopps@labn.net>
- move from client id indexed array of uints for register info
per client to a u64 bitmask.
- add bit walking FOREACH macro
Walk the client IDs whose bits are set in a mask.
Signed-off-by: Christian Hopps <chopps@labn.net>
As with "prefixptr"/"prefixconstptr", this allows function prototypes to
say "just give me any sockaddr" typing-wise, without having the compiler
complain that a "struct sockaddr_in" is not a "struct sockaddr".
(Split off from other changes that start using this.)
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
About to use this for sockunion, which is not a prefix. `uniontype`
makes more sense, the macros are for defining transparent unions after
all.
(clang-format off thrown in as it otherwise wrecks formatting.)
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
These enum's have been around since 2005 and FRR
still does not have any users of these particular
values. After almost 20 years, let's simplify the
code slightly and remove them.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
buffer.h -> Bring up to our standard
if.h -> Bring up to our standard
workqueue.h -> expand documentation slightly
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
...so that multiple functions can be subscribed.
The create/destroy hooks are renamed to real/unreal because that's what
they *actually* signal.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Create Local routes in FRR:
S 0.0.0.0/0 [1/0] via 192.168.119.1, enp39s0, weight 1, 00:03:46
K>* 0.0.0.0/0 [0/100] via 192.168.119.1, enp39s0, 00:03:51
O 192.168.119.0/24 [110/100] is directly connected, enp39s0, weight 1, 00:03:46
C>* 192.168.119.0/24 is directly connected, enp39s0, 00:03:51
L>* 192.168.119.224/32 is directly connected, enp39s0, 00:03:51
O 192.168.119.229/32 [110/100] via 0.0.0.0, enp39s0 inactive, weight 1, 00:03:46
C>* 192.168.119.229/32 is directly connected, enp39s0, 00:03:46
Create ability to redistribute local routes.
Modify tests to support this change.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
Modify empty json object to take input obj
instead of allocating always one.
There are situation where in error condition or no data
case print empty json (`{}`) with already allocated
Signed-off-by: Chirag Shah <chirag@nvidia.com>
This was true when we had only a CLI for configuration. Now mgmtd has a
public frontend interface that can be used by external applications, and
they can send invalid requests that lead to errors.
This is still true for CLI though, so the same comment still stays in
`nb_cli_apply_changes_internal`.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
The routing table numbers are specific to linux builds, and the
RT_TABLE_xxx are usually defined in linux headers. The bsd builds
do not benefit from this definition: some RT_TABLE_xxx defines
are missing for those builds.
Fix this by appending RT_TABLE_LOCAL define for bsd headers.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Add a new kind of redistributed route that helps to import entries
that are not copied in the default routing table. Contrary to the
'redistribute table' feature, the entries are directly obtained from
the zebra appropriate routing table.
The 'table-direct' naming expresses the direct redistribution of
the routes, without having to copy the route entries in the default
routing table.
The distance value for this route is 14. Such route entries will
be prioritary compared to 'table' and 'ebgp' route entries type.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
The config is always applied fully, all batches are included. There's no
need to pass a list of applied batches as it always contains all of
them.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Also:
- replace all /* fallthrough */ comments with portable fallthrough;
pseudo keyword to accomodate both gcc and clang
- add missing break; statements as required by older versions of gcc
- cleanup some code to remove unnecessary fallthrough
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Running ping/traceroute/etc. (any kind of commands that use execute_command()
suffer with this kind of warnings.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
Currently when one interface changes its VRF, zebra will send these messages to
all daemons in *order*:
1) `ZEBRA_INTERFACE_DELETE` ( notify them delete from old VRF )
2) `ZEBRA_INTERFACE_VRF_UPDATE` ( notify them move from old to new VRF )
3) `ZEBRA_INTERFACE_ADD` ( notify them added into new VRF )
When daemons deal with `VRF_UPDATE`, they use
`zebra_interface_vrf_update_read()->if_lookup_by_name()`
to check the interface exist or not in old VRF. This check will always return
*NULL* because `DELETE` ( deleted from old VRF ) is already done, so can't
find this interface in old VRF.
Send `VRF_UPDATE` is redundant and unuseful. `DELETE` and `ADD` are enough,
they will deal with RB tree, so don't send this `VRF_UPDATE` message when
vrf changes.
Since all daemons have good mechanism to deal with changing vrf, and don't
use this `VRF_UPDATE` mechanism. So, it is safe to completely remove
all the code with `VRF_UPDATE`.
Signed-off-by: anlan_cs <anlan_cs@tom.com>
The code doesn't work at all. It tries to use libyang operation
metadata in a regular (not diff) data tree, and regular data trees
don't provide this data. Also, for destroy operations, it searches
for nodes in the running config, which may not have the deleted nodes
if we're not using implicit commits.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
There is no match mechanism to match one community from the
incoming community-list. Add the 'any' keyword to the 'match
route-map' command of communit-list and large-community-list.
> match community-list AAA any
> match large-community-list AAA any
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
I believe coverity is complaining that the current code does not handle the
realloc fail case, in which case the original pointer is not freed, but NULL is
returned. The code assert()s it's not failed but that is not strong enough it
needs to abort which XREALLOC does and is a better integration into FRR-inrfa
anyway.
Signed-off-by: Christian Hopps <chopps@labn.net>
When the configuration node is entered in file-lock mode, candidate
and running datastores are locked. Any configuration change is followed
by an implicit commit which leads to a crash of mgmtd, because double
lock is prohibited by an assert. When working in file-lock mode, we
shouldn't do implicit commits which is disabled by allowing pending
configuration changes.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Coverity is complaining that vty->state could be VTY_PASSFD here. It
can't, it really shouldn't, and if it actually is then something went
seriously wrong somewhere earlier so assert()ing out is the best thing
to do.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
When deleting a duplicated prefix list entry don't announce the change
to route map listeners, otherwise they will be removing rules that
shouldn't be removed causing the prefix that still exist in the
prefix-list to be not evaluated anymore.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
Append zebra and lib to use muliple SRv6 segs SIDs, and keep one
seg SID for bgpd and sharpd.
Note: bgpd and sharpd compilation relies on the lib and zebra files,
i.e if we separate this: lib or zebra or bgpd or sharpd in different
commits - this will not compile.
Signed-off-by: Dmytro Shytyi <dmytro.shytyi@6wind.com>
Mostly to make coverity happy, no compiler/linker should produce broken
ELF files like this (and if it does we can't process it anyway...)
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
I think I originally had some other code at the tail end of that
function, but that's not the case anymore, and dropping out of the
function with a straight "return -1" is more useful than trucking on
with an invalid fd.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Mostly to make coverity happy, if dup() fails we're f*cked already.
(Still useful to have a better error message...)
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
The previous change to assume() did address the coverity warning about
one direction of the shift in HASH_KEY, let's constrain the other in
HASH_SIZE as well.
To be fair, the hash table *will* break at 1G entries, but at that point
we have other problems RAM-wise. (Could bump the thing to 64-bit, but
then we need better item hash functions too on every single user.)
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
BGP Link-State prefixes are special prefixes that contains a lot of
data.
Extend the length of the prefix string buffer in order to display
properly this type of prefixes with the next commits.
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Add the ability to store link-state prefixes in the BGP table.
Store a raw copy of the BGP link state NLRI TLVs as received in the
packet in 'p.u.prefix_linkstate.ptr'.
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Add to the library the link-state type of prefixes.
Link-state prefixes contain much more data than the current prefixes and
they only make sense for BGP Link-State. Storing all the data in "struct
prefix" is not relevant because it would increase the memory usage of
all daemons. Instead a pointer to a structure that contains all the
information is used. Printing link-state prefixes can be delegated to a
hook function.
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Typesafe hash tables do this:
assume((tabshift) >= 2 && (tabshift) <= 33);
(val) >> (33 - (tabshift));
Sadly, Coverity currently ignores assume() and says:
[...] right shifting by more than 31 bits has undefined behavior.
The shift amount, "33 - h->hh.tabshift", is 33.
Let's see if Coverity understands this can't happen...
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
When installing a local SID in the Linux kernel, `lcblock_len` and
`lcnode_fn_len` Netlink attributes are optional. When omitted, the
kernel uses the default values: lcblock_len=32 and lcnode_fn_len=16.
Let's use the same default values in FRR.
Signed-off-by: Carmine Scarpitta <carmine.scarpitta@uniroma2.it>
`struct seg6local_context` contains a `struct seg6local_flavors_info`
that carries SRv6 flavors information. The `seg6local_flavors_info`
data structure contains a field `flv_ops` that indicates which flavors
are enabled for the `seg6local` nexthop. `flv_ops` is a bit-map where
each bit indicates if a particular SRv6 flavor is enabled (bit set to
1) or not (bit set to 0).
This commit defines some macros that can be used to manipulate the SRv6
flavors bit-map:
* CHECK_SRV6_FLV_OP(OPS,OP) - check if a particular flavor is enabled;
* SET_SRV6_FLV_OP(OPS,OP) - enable a particular flavor (OP);
* UNSET_SRV6_FLV_OP(OPS,OP) - disable a particular flavor (OP);
* RESET_SRV6_FLV_OP(OPS) - disable all SRv6 flavors.
Signed-off-by: Carmine Scarpitta <carmine.scarpitta@uniroma2.it>
The RFC 8986 defines the SRv6 Network Programming concept and specifies
the base set of SRv6 behaviors that enables the creation of
interoperable overlays with underlay optimization. In addition, the RFC
8986 introduces the concept of "flavors", additional operations that can
modify or extend the existing SRv6 behaviors.
In the Linux kernel and in FRR, an SRv6 SID is implemented as a route
associated with a `seg6local` nexthop. A `seg6local` nexthop represents
an SRv6 behavior bound to a SID.
The Linux kernel already supports the ability to add a set of flavors
to a `seg6local` nexthop to modify or extend the associated behavior.
This commit aligns the `seg6local` nexthop implementation of FRR to the
Linux kernel. It extends the `seg6local` nexthop implementation by
adding a struct `seg6local_flavors_info` that encodes the SRv6
flavors information.
Currently, the `seg6local_flavors_info` data structure has three
members:
- `tlv_ops` indicates which flavors are enabled for the `seg6local`
nexthop;
- `lcblock_len`is the length of the Locator-Block part of the SID;
- `lcnode_func_len` is the length of the combined Node and Function
parts of the SID.
`lcblock_len` and `lcnode_func_len` define the SID structure. They are
required for some behaviors (e.g. NEXT-C-SID and REPLACE-C-SID). For
other flavors (e.g. PSP, USP, USD) these parameters are not required and
can be omitted.
Signed-off-by: Carmine Scarpitta <carmine.scarpitta@uniroma2.it>
The RFC 8986 defines the SRv6 Network Programming concept and specifies
the base set of SRv6 behaviors that enables the creation of
interoperable overlays with underlay optimization. In addition, the RFC
8986 introduces the concept of "flavors", additional operations that can
modify or extend the existing SRv6 behaviors.
This commit adds a new enum type `seg6local_flavor_op` to represent the
SRv6 flavors operations. Currently we define the following flavor
operations:
- PSP (defined in RFC 8986 section #4.16.1)
- USP (defined in RFC 8986 section #4.16.2)
- USD (defined in RFC 8986 section #4.16.3)
- NEXT-C-SID (defined in draft-ietf-spring-srv6-srh-compression-03 #4.1)
Signed-off-by: Carmine Scarpitta <carmine.scarpitta@uniroma2.it>
Add more SRv6 endpoint behaviors that are required for implementing
IS-IS SRv6 extensions (RFC 9352).
Signed-off-by: Carmine Scarpitta <carmine.scarpitta@uniroma2.it>
... by converting the hash table to a typesafe hash.
Honestly I was just looking around for things to convert to the typesafe
hash table code, but then I noticed that cpu_record_clear() deletes
items from inside the hash_iterate() callback :(
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
This is noted in doc/developer/lists.rst, but judging by the previous
commit that's not where people look for this thing. Let's try a comment
in the header file.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
This reverts commit 72eae2c3cb.
`frr_each_const(X, ...)` is not needed since it is the same as
`frr_each(X_const, ...)`.
The fact that it wasn't properly set up for clang-format, and that then
work-arounded with "clang-format off" is all the more reason to not do
this.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
This adds formatted input/output of binary integer numbers to the
printf(), scanf(), and strtol() families, including their wide-character
counterparts.
Reviewed by: imp, emaste
Differential Revision: https://reviews.freebsd.org/D41511
FRR changes only include printf(), scanf/strtol are not locally
implemented in FRR.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
(cherry picked from FreeBSD commit d9dc1603d6e48cca84cad3ebe859129131b8387c)
This has already been done for most files that have the Foundation as
the only listed copyright holder. Do it now for files that list
multiple copyright holders, but have the Foundation copyright in its own
section.
Sponsored by: The FreeBSD Foundation
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
(cherry picked from FreeBSD commit 5b5fa75acff11d871d0c90045f8c1a58fed85365)
Add the txqlen attribute to the common interface struct. Capture
the value in zebra, and distribute it through the interface lib
module's zapi messaging.
Signed-off-by: Mark Stapp <mjs@labn.net>
Previously when updating vertices, edges and subnets, when no update was required
due to existing value matching the new one, memory associated with the new object
was not being freed leading to memory leaks. This commit fixes memory leak by
freeing memory associated with new object when update is unnecessary.
The ASan leak log for reference:
```
Direct leak of 312 byte(s) in 3 object(s) allocated from:
#0 0x7faf3afbfa37 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154
#1 0x7faf3ab5dbcf in qcalloc ../lib/memory.c:105
#2 0x7faf3ab42e00 in ls_parse_prefix ../lib/link_state.c:1323
#3 0x7faf3ab43c87 in ls_parse_msg ../lib/link_state.c:1373
#4 0x7faf3ab476a5 in ls_stream2ted ../lib/link_state.c:1885
#5 0x564e045046aa in sharp_opaque_handler ../sharpd/sharp_zebra.c:792
#6 0x7faf3aca35a9 in zclient_read ../lib/zclient.c:4410
#7 0x7faf3ac47474 in event_call ../lib/event.c:1979
#8 0x7faf3ab318b4 in frr_run ../lib/libfrr.c:1213
#9 0x564e044fdc6f in main ../sharpd/sharp_main.c:177
#10 0x7faf3a6f4d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
SUMMARY: AddressSanitizer: 312 byte(s) leaked in 3 allocation(s).
```
Signed-off-by: Keelan Cannoo <keelan.cannoo@icloud.com>
This is based on @donaldsharp's work
The current code base is the struct bgp_node data structure.
The problem with this is that it creates a bunch of
extra data per route_node.
The table structure generates ‘holder’ nodes
that are never going to receive bgp routes,
and now the memory of those nodes is allocated
as if they are a full bgp_node.
After splitting up the bgp_node into bgp_dest and route_node,
the memory of ‘holder’ node which does not have any bgp data
will be allocated as the route_node, not the bgp_node,
and the memory usage is reduced.
The memory usage of BGP node will be reduced from 200B to 96B.
The total memory usage optimization of this part is ~16.00%.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
Signed-off-by: Yuqing Zhao <xiaopanghu99@163.com>
This commit ensures proper cleanup by clearing the `algo->pdst` pointer if it points to a path that is being deleted.
It addresses memory leaks by freeing memory held by `algo->pdst` that might not have been released during the cleanup of processed paths.
The ASan leak log for reference:
```
Direct leak of 96 byte(s) in 1 object(s) allocated from:
#0 0x7fbffcec9a37 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154
#1 0x7fbffca67a81 in qcalloc ../lib/memory.c:105
#2 0x7fbffc9d1a54 in cpath_new ../lib/cspf.c:44
#3 0x7fbffc9d2829 in cspf_init ../lib/cspf.c:256
#4 0x7fbffc9d295d in cspf_init_v4 ../lib/cspf.c:287
#5 0x5601dcd34d3f in show_sharp_cspf_magic ../sharpd/sharp_vty.c:1262
#6 0x5601dcd2c2be in show_sharp_cspf sharpd/sharp_vty_clippy.c:1869
#7 0x7fbffc9afd61 in cmd_execute_command_real ../lib/command.c:993
#8 0x7fbffc9b00ee in cmd_execute_command ../lib/command.c:1052
#9 0x7fbffc9b0dc0 in cmd_execute ../lib/command.c:1218
#10 0x7fbffcb611c7 in vty_command ../lib/vty.c:591
#11 0x7fbffcb660ac in vty_execute ../lib/vty.c:1354
#12 0x7fbffcb6c4aa in vtysh_read ../lib/vty.c:2362
#13 0x7fbffcb51324 in event_call ../lib/event.c:1979
#14 0x7fbffca3b872 in frr_run ../lib/libfrr.c:1213
#15 0x5601dcd11c6f in main ../sharpd/sharp_main.c:177
#16 0x7fbffc5ffd8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
Indirect leak of 40 byte(s) in 1 object(s) allocated from:
#0 0x7fbffcec9a37 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154
#1 0x7fbffca67a81 in qcalloc ../lib/memory.c:105
#2 0x7fbffca3c108 in list_new ../lib/linklist.c:49
#3 0x7fbffc9d1acc in cpath_new ../lib/cspf.c:47
#4 0x7fbffc9d2829 in cspf_init ../lib/cspf.c:256
#5 0x7fbffc9d295d in cspf_init_v4 ../lib/cspf.c:287
#6 0x5601dcd34d3f in show_sharp_cspf_magic ../sharpd/sharp_vty.c:1262
#7 0x5601dcd2c2be in show_sharp_cspf sharpd/sharp_vty_clippy.c:1869
#8 0x7fbffc9afd61 in cmd_execute_command_real ../lib/command.c:993
#9 0x7fbffc9b00ee in cmd_execute_command ../lib/command.c:1052
#10 0x7fbffc9b0dc0 in cmd_execute ../lib/command.c:1218
#11 0x7fbffcb611c7 in vty_command ../lib/vty.c:591
#12 0x7fbffcb660ac in vty_execute ../lib/vty.c:1354
#13 0x7fbffcb6c4aa in vtysh_read ../lib/vty.c:2362
#14 0x7fbffcb51324 in event_call ../lib/event.c:1979
#15 0x7fbffca3b872 in frr_run ../lib/libfrr.c:1213
#16 0x5601dcd11c6f in main ../sharpd/sharp_main.c:177
#17 0x7fbffc5ffd8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
```
Signed-off-by: Keelan Cannoo <keelan.cannoo@icloud.com>
PBR configuration may specify "set nexthop blackhole" which,
for linux dataplanes, is implemented as a table with a blackhole
route.
Other dataplanes might implement this action as an explicit
packet-filtering "drop" action instead of a route. This new flag
PBR_ACTION_DROP is now set when a rule has "set nexthop blackhole"
as an aid to other dataplanes.
Signed-off-by: G. Paul Ziemba <paulz@labn.net>
