Found that zebra_rnh_apply_nht_rmap would set the
NEXTHOP_FLAG_ACTIVE if not blocked by the route-map, even
if the flag was not active prior to the check. This fix
changes the flag used to denote the nexthop is filtered so
that proper active state can be retained. Additionally,
found two cases where we would send invalid nexthops via
send_client, which would also cause this crash. All three
fixed in this commit.
Signed-off-by: Don Slice <dslice@cumulusnetworks.com>
The NEXTHOP_FLAG_FILTERED went away when we started treating
static routes like every other route in the system. This was
a special case for handling static route code that just didn't
get finished cleaning up.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Certain operations, like removing non-presence containers or
modifying list keys, are not considered to be valid from the
perspective of the northbound layer. This is because we want to
implement a minimum set of northbound configuration callbacks and
use them to process all possible configuration changes.
The removal of a np-container [1], for example, can be processed by
calling the "delete" callback of all of its child nodes (recursion
is used for np-container child nodes). Similarly, the modification
of a list key can be processed as if the corresponding list entry
was removed and readded with updated key values. This strategy saves
us the burden of implementing lots of extra configuration callbacks.
That said, the nb_operation_is_valid() function shouldn't be used
for anything other than checking which callbacks are valid for
which YANG nodes. Using it in the nb_candidate_edit() function
is inappropriate as we want as much flexibility as possible when
editing a candidate configuration. We should allow CLI commands,
for example, to remove np-containers (the northbound layer will then
figure out which callbacks need to be called when this candidate
is committed). Remove the check.
[1] We can't do the same for presence containers since they have a
"create" callback associated with them.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
flog() is a small wrapper around zlog() that can be useful in a
few places to reduce code duplication.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
zlog() should be part of the public logging API as it's useful in
the cases where the logging priority isn't known at compile time
(i.e. it depends on a variable).
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Move call to nb_db_init() from nb_init() to frr_init() so that only
the FRR daemons will initialize the northbound database. This should
fix a few warnings when running some unit tests.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
MD5 auth on TCP is supported for prefixes in recent versions of Linux;
add complementary support for FRR.
This is a reworked version of Donald's commit to keep library
compatibility and obviate the need for changes in daemons that don't
need to support this themselves.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Split the "debug northbound" command into the following commands:
* debug northbound callbacks configuration
* debug northbound callbacks state
* debug northbound callbacks rpc
* debug northbound notifications
* debug northbound events
* debug northbound client confd
* debug northbound client sysrepo
If "debug northbound" is entered alone, all of its suboptions
are enabled.
This commit also adds code to debug state/rpc callbacks and
notifications (only configuration callbacks were logged before).
Use the debugging infrastructure from "lib/debug.h" in order to
benefit from its facilities (e.g. MT-safe debugging) and avoid
code duplication.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
The IFF_OUT_LOG macro is using BUFSIZE, which is the sizeof(logbuf)
but for some reason 8.0 clang SA is not happy with it. Just
make it happy.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Add a hash function to turn a nexthop group into a
32 bit unsigned hash key with jhash. We do not care to
hash any recursively resolved nexthops, just the group.
Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
Avoid tracking 0.0.0.0/32 nexthop with RIB.
When routes are aggregated,
the originate of the route becomes self.
Do not track nexthop self (0.0.0.0) with rib.
Ticket: CM-24248
Testing Done:
Before fix-
tor-11# show ip nht vrf all
VRF blue:
0.0.0.0
unresolved
Client list: bgp(fd 16)
VRF default:
VRF green:
VRF magenta:
0.0.0.0
unresolved
Client list: bgp(fd 16)
After fix-
tor-11# show ip nht vrf all
VRF blue:
VRF default:
VRF green:
VRF magenta:
Signed-off-by: Chirag Shah <chirag@cumulusnetworks.com>
Adjust the nexthop comparison api so that it calls the label-
comparison api. Adjust the label-comp api so that "no labels"
is "equal".
Signed-off-by: Mark Stapp <mjs@voltanet.io>
PR #3622 renamed the "delete" northbound callback to "destroy" in
order to make the libfrr headers compatible with C++. This commit
renames a few functions that still use "delete" instead of "destroy"
in their names.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Merge commit to solve a bunch of conflicts with other PRs that were
merged in the previous weeks.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
that routine does the same as listnode_add; in addition it creates the
linked list if needed.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
lists passed as parameter that are null, are accepted by the function.
I would even propose to silently return NULL in official
listnode_lookup() routine.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Problem found in bgpd where it wasn't learning interface address
information at startup due to the interface information becoming
available before the bgp instance was created. This issue was
caused by an earlier change that tried to make the interface
information discovery process more efficient but left this hole
for bgpd. For now, putting back in the previous method of
gathering interface info via the zclient_send_reg_requests call
and will revisit a more efficient way to get the info in the future.
Ticket: CM-23932
Signed-off-by: Don Slice <dslice@cumulusnetworks.com>
Add a few missing log entries to the macro to allow us to print
out the zapi message type, since they were missing.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Use the privs struct mutex more strictly, to ensure that the
privs are at the level the caller expects when the apis
return.
Signed-off-by: Mark Stapp <mjs@voltanet.io>
Privs escalation is process-wide, and a multi-threaded process
can deadlock. This adds a mutex and a counter to the privs
object, preventing multiple threads from making the privs
escalation system call.
Signed-off-by: Mark Stapp <mjs@voltanet.io>
Non-presence containers don't have "destroy" callbacks. So, once
a np-container is deleted, we need to call the "destroy" callbacks
of its child nodes instead.
This commit doesn't fix any real problem as of now since all
np-containers from the FRR YANG modules contain or one more mandatory
child nodes, so they can't be deleted (libyang will add missing
np-containers when validating data). Nevertheless, upcoming YANG
modules should benefit from this change.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
