Add an intermediate helper structure that is used to walk the list of
ipset entries, and look for associated name.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Those messages permit a remote daemon to configure an iptable entry. A
structure is defined that maps to an iptable entry. More specifically,
this structure proposes to associate fwmark, and a table ID.
Adding to the configuration, the initialisation of iptables hash list is
done into zebra netnamespace. Also a hook for notifying the sender that
the iptables has been correctly set is done.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
PBR rule is being added a 32 bit value that can be used to record a rule
in the kernel, by using a fwmark information.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Once ipset entries are injected in the kernel, the relevant daemon is
informed with a zebra message sent back.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
ZEBRA IPSET defines are added for creating/deleting ipset contexts.
Ans also create ipset hash sets.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
IPset and IPset entries structures are introduced. Those entries reflect
the ipset structures and ipset hash sets that will be created on the
kernel.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Zebra did not have a handler for tunnels in v6 for
some reason. Add code to handle the broadcast address
for both addition and deletion.
This appears to fix the crash. There might still need
to be some work to make the code `work` properly for
this type of tunnel.
Fixes: #2063
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
This list "table" is created in the case the netns backend for VRF is
used. This contains the mapping between the NSID value read from the
'ip netns list' and the ns id external used to create the VRF
value from vrf context. This mapping is
necessary in order to reserve default 0 value for vrf_default.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
EVPN owns the remote neigh entries which are programed in the kernel.
This entries should not age out and the only way to delete should be
from EVPN. We should program these entries with NUD_NOARP instead of
NUD_REACHABLE to avoid aging of this macs.
Signed-off-by: Mitesh Kanjariya <mitesh@cumulusnetworks.com>
There can be a race condition between kernel and frr as follows.
Frr sends remote neigh notification.
At the (almost) same time kernel might send a notification saying
neigh is local.
After processing this notifications, the state in frr is local while
state in kernel is remote. This causes kernel and frr to be out of sync.
This problem will be avoided if FRR acts on the kernel notifications for
remote neighbors. When FRR sees a remote neighbor notification for a
neighbor which it thinks is local, FRR will change the neigh state to remote.
Ticket: CM-19923/CM-18830
Review: CCR-7222
Testing: Manual
Signed-off-by: Vivek Venkatraman <vivek@cumulusnetworks.com>
[zebra/zebra_vxlan.c:5779] -> [zebra/zebra_vxlan.c:5778]:
(warning) Either the condition 'if(svi_if_zif&&svi_if_link)'
is redundant or there is possible null pointer dereference: svi_if_zif.
Signed-off-by: Ilya Shipitsin <chipitsine@gmail.com>
Background:
v6 does not have route replace semantics. If you want to add a nexthop
to an existing route, you just send RTM_NEWROUTE and the new nexthop.
If you want to delete a nexthop you should just send RTM_DELROUTE
with the removed nexthop.
This leads to situations where if zebra is processing a route
and has lost track of intermediate nexthops( yes this sucks )
then v6 routes will get out of sync when we try to implement
route replace semantics.
So notice when we are doing a route delete and the route is
not being updated, just send the prefix and tell it too delete.
Ticket: CM-20391
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
This commit does 2 things:
1) When receiving a route from the kernel, display the incoming
table as part of the debug, to facilatate knowing what we are
talking about as part of the debug.
2) When displaying nexthop information for routes we were sending
to the kernel, no need to display the route information every time
Display the route then the individual nexthops for what we are doing.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Notice when someone deletes a neighbor entry we've put in for
rfc-5549 gets deleted by some evil evil person. When this happens
notice and push it back in, immediately.
Ticket: CM-18612
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The code to reinstall self originated routes was not behaving
correctly. For some reason we were looking for self originated
routes from the kernel to be of type KERNEL. This was probably
missed when we started installing the route types. We should
depend on the self originated flag that we determine from
the callback from the kernel.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com.
When the last match criteria was removed (dst-ip or src-ip), we were
not deleting the rule correctly for ipv6. This fix retains the
needed src-ip/dst-ip during the pbr_send_pbr_map process so the
appropriate information is available for the rule delete.
Signed-off-by: Don Slice <dslice@cumulusnetworks.com>
When we have a PBR installed as a table, we need to notice
when a nexthop changes and rethink the routes for the pbr
tables.
Add code to nexthop tracking to notice the pbr watched
nexthop has changed in some manner. If it is a pbr route
that depends on the nexthop then just enqueue it for
rethinking.
This is a bit of a hammer, we know that only pbr routes
are going to be installing routes in weird non-standard
tables as such we need to only handle nexthop changes
for nexthops that are actually changing that we care
about and to only requeue for route nodes we have
route entries for from PBR
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Holdem statics display the dest (and mask, if present) string that the
user entered instead of converting to CIDR notation and applying the
mask. They need to do the latter.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Adds support for V4 GoAway flag as described in
https://www.ietf.org/id/draft-bz-v4goawayflag-00.txt
This option allows advertising neighbors to indicate to recipients that
they should disable IPv4 on the link.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Add some additional debug information to the netlink debug
messages so we can see the table we are installing to as
well as the nexthop's vrf.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The header length needs to be subtracted from the handling
side of the zapi in zebra. This is because we refigure the
header data structure. The receive side doesn't care
about the total header length so no need to subtract there.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
In BGP, doing policy-routing requires to use table identifiers.
Flowspec protocol will need to have that. 1 API from bgp zebra has been
done to get the table chunk.
Internally, onec flowspec is enabled, the BGP engine will try to
connect smoothly to the table manager. If zebra is not connected, it
will try to connect 10 seconds later. If zebra is connected, and it is
success, then a polling mechanism each 60 seconds is put in place. All
the internal mechanism has no impact on the BGP process.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
This commit is connecting the table manager with remote daemons by
handling the queries.
As the function is similar in many points with label allocator, a
function has been renamed.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
The range is given from table manager from zebra daemon.
There are 2 ranges available for table identifier:
- [1;252] and [256;0xffffffff]
If the wished size enters in the first range, then the start and end
range of table identifier is given within the first range.
Otherwise, the second range is given, and an appropriate range is given.
Note that for now, the case of the VRF table identifier used is not
taken into account. Meaning that there may be overlapping. There are two
cases to handle:
- case a vrf lite is allocated after the zebra and various other daemons
started.
- case a vrf lite is initialised and the daemons then start
The second case is easy to handle. For the former case, I am not so
sure.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Prevent zebra from crashing for when the nexthop vrf has
changed in some manner and the lookup fails.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
There are many callpaths to get to static_install_route. The nexthops
each have their own vrf that may or may not be up yet. If it is
allow the installation.
Doing this check here to avoid having to add this all over the place.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
When a interface is moved from one vrf to another, we get a callback
to move the static routes. Extend the work to look at all static
routes across all vrf's since we allow static route leaking now.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
When a user enables and disables a vrf, we were not
properly cleaning up the static routes leaving us
in a state where we would crash by looking at anything
in zebra.
On disable of a vrf -> Search through all static routes
and if the nexthop vrf is the disabled vrf uninstall it.
Additionally uninstall all static routes in that zvrf
On enable of a vrf -> Search through all static routes
and if the nexthop vrf is the enabled vrf install it.
Additionally install all the static routes in that zvrf.
Ticket: CM-19768
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
There were a few cases where we were not properly de-registering
the static nexthops passed to us. This was important when
the static route was being removed for whatever reason that
we did not leave slag for the nexthop tracking.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The following types are nonstandard:
- u_char
- u_short
- u_int
- u_long
- u_int8_t
- u_int16_t
- u_int32_t
Replace them with the C99 standard types:
- uint8_t
- unsigned short
- unsigned int
- unsigned long
- uint8_t
- uint16_t
- uint32_t
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
When moving interfaces to an other place, like other netns, the
remaining interface is still present, with inactive status.
Now, that interface is deleted from the list, if the interface appears
on an other netns. If not, the interface is kept.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
The table id of the vrf is being given to us as part
of the vrf creation netlink callback. Unfortunately it
was being set in the zvrf *after* the vrf_enable callback.
This didn't used to matter until we started having config data
stored on the side that we needed to act on when the vrf
came up enough to start working.
So when we were storing static routes and installing them
they were being pushed into the default table for non-default
vrf's.
Ticket: CM-19141
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Upon a 'ip netns del' event, the associated vrf with netns backend is
looked for, then the internal contexts are first disabled, then
suppressed.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
The vrf netns usage makes a crash, when deleting vrf, due to the hash
list of rules not initialised for non default VRF.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Because vrf with netns backend may be used, the correct zns must be
found prior any modifications.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
When we are removing a rule from the zns->rules_hash, free up
the rule from the hash and free the memory.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
When we get a rule that is supposed to replace
an existing rule, make it look like a rule replace
semantics.
Install new rule, then delete the old original rule.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
This patch fixes two bugs with respect to static route configuration
inside vrf contexts:
* Entering a negative form of a static route created the static route.
* Once created, static routes could not be deleted.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
When a route_delete is received allow the deletion
to occur in the passed in tableid if the vrf is VRF_DEFAULT.
This now matches route_add behavior in rib_add_multipath
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Ensure that we have properly decoded the zapi_route sent to us
and if we cannot decode, log and move on.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
When we have a case where the user re-enters the same
ip route line, we need to delete the memory we just
malloc'ed.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
PR #1739 added code to leak routes between (default VRF) VPN safi and unicast RIBs in any VRF. That set of changes included temporary CLI including vpn-policy blocks to specify RD/RT/label/&c. After considerable discussion, we arrived at a consensus CLI shown below.
The code of this PR implements the vpn-specific parts of this syntax:
router bgp <as> [vrf <FOO>]
address-family <afi> unicast
rd (vpn|evpn) export (AS:NN | IP:nn)
label (vpn|evpn) export (0..1048575)
rt (vpn|evpn) (import|export|both) RTLIST...
nexthop vpn (import|export) (A.B.C.D | X:X::X:X)
route-map (vpn|evpn|vrf NAME) (import|export) MAP
[no] import|export [vpn|evpn|evpn8]
[no] import|export vrf NAME
User documentation of the vpn-specific parts of the above syntax is in PR #1937
Signed-off-by: G. Paul Ziemba <paulz@labn.net>
When figuring out whom to call and if we actually can legally
call into the handler array actually use the number of elements
in the array instead of the size of the array.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
When specifying a ip route:
ip route 4.3.2.0/24 192.168.201.1 vrf DONNA
Accept DONNA even if it has not been created yet.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
If a user enters a route inside a non kernel existant vrf:
vrf BLOOP
ip route 4.3.2.0/24 192.168.201.1
!
They should be able to enter it over and over and over and
over and over no matter how futile it is.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Currently if I try to use a nexthop-vrf that has
not been specified yet we get a failure from the cli.
Add code to zebra so that if we fail to find the nexthop-vrf
we auto create it, instead of failing the install.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Add to the function prototypes the names of variables
to hopefully make it easier for people to program against
this header.
Signed-off-by: Donald Sharp<sharpd@cumulusnetworks.com>
When we are signaling to a client from zebra that a nexthop
has changed, include the labels on the nexthop as well.
Upper level protocols need to know if the labels exist
in order to make intelligent decisions about what to do.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The application of a label to a route entry needs to
look at all non-recursive nexthops to be attached to
instead of just the first one.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
the rib_wib_table function was uncalled by anyone remove
and additionally remove it's static function it called.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
When we receive an arbitrary table over the netlink bus
save it for later perusal and sweep any routes that
we may have created from an earlier run.
The current redistribute code is limited to
ZEBRA_KERNEL_TABLE_MAX. I left this alone for the
moment because I believe it needs to be converted
to a RB tree instead of a flat array. Which is more
work for the future. Additionally this proposed
change might necessitate some cli changes or rethinks.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
It is possible for clients to install routes into tables
that they desire. Modify the code to delete these routes
from these tables as well.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
When zebra detects that the originator has dissapeared
delete all rules associated with that client.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
There were several places where when I am attempting
to debug zebra functionality that I would really
like to have the ability to know what vrf I think
I am operating on.
Add the vrf_id to a bunch of zlog_debug messages
to help figure out issues when they happen.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Vty commands that link netns context to a vrf is requiring some
privileges. The change consists in retrieving the privileges at the
vrf_cmd_init() called by the relevant daemon. Then use it.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
In order to create the netns context, the zebra parser at startup needs
to have its privileges raised.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Nobody uses it, but it's got the same definition. Move the parser
function into zclient.c and use it.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Group send and receive functions together, change handlers to take a
message instead of looking at ->ibuf and ->obuf, allow zebra to read
multiple packets off the wire at a time.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
A lot of the handler functions that are called directly from the ZAPI
input processing code take different argument sets where they don't need
to. These functions are called from only one place and all have the same
fundamental information available to them to do their work. There is no
need to specialize what information is passed to them; it is cleaner and
easier to understand when they all accept the same base set of
information and extract what they need inline.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Formalize the ZAPI header by documenting it in code and providing it to
message handlers free of charge to reduce complexity.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
All of the ZAPI message handlers return an integer that means different
things to each of them, but nobody ever reads these integers, so this is
technical debt that we can just eliminate outright.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
musl-libc is a lightweight libc used by alpine linux:
https://www.musl-libc.org/
AFAICT, this is the only change to the source needed to get
basic frr support compiling on musl.
Two changes in one patch, get ethhdr from netinet/if_ether.h
and replace the only __caddr_t I could find in the source base
with caddr_t.
Testing done:
Compiled apk packages using a docker environment (patches
coming soon) also compiled redhat and debian using a similar
docker environment (RFC patches for those changes are queued
up too)...
Issue: https://github.com/FRRouting/frr/issues/1859
Signed-off-by: Arthur Jones <arthur.jones@riverbed.com>
Every place we need to pass around the rule structure
we need to pass around the ifp as well. Move it into
the structure. This will also allow us to notify up
to higher level protocols that this worked properly
or not better too.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Keep track of rules written into the kernel. This will
allow us to delete them on shutdown if we are not cleaned
up properly.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Allow the add/delete to go through a intermediary function in
zebra_pbr.c instead of directly to the underlying os call. This
will allow future refinements to track the data a bit better
so that on shutdown we can delete the rules.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
1) use uint32_t instead of u_int32_t as we are supposed to
2) Consolidate priority into the rule.
3) Cleanup the api from this.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Implement netlink interactions for Policy Based Routing. This includes
APIs to install and uninstall rules and handle notifications from the
kernel related to rule addition or deletion. Various definitions are
added to facilitate this.
Signed-off-by: Vivek Venkatraman <vivek@cumulusnetworks.com>
Reviewed-by: Donald Sharp <sharpd@cumulusnetworks.com>
Also modify `struct route_entry` to use nexthop_groups.
Move ALL_NEXTHOPS loop to nexthop_group.h
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Allow the calling daemon to pass down what table-id we
want to use to install the route. Useful for PBR.
The vrf id passed must be the VRF_DEFAULT else this
value is ignored.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The work_queue_free function free'd up the wq pointer but
did not set it too NULL. This of course causes situations
where we may use the work_queue after it is freed. Let's
modify the work_queue to set the pointer for you.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
If a interested party removes one of it's routes let
it know that it has happened as asked for.
Add a ZAPI_ROUTE_REMOVED to the send of the route_notify_owner
Add a ZAPI_ROUTE_REMOVE_FAIL to the send of the route_notify_owner
Add code in sharpd to notice this and to allow it to keep
track of routes removed for that invocation and give timing
results.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Move setting vrf loopback flag on ifp after
zebra vrf type is set (ziftype).
Zebra connected not to announce unnumbered for
VRF interface (similar to loopback).
Ticket:CM-19914
Signed-off-by: Chirag Shah <chirag@cumulusnetworks.com
When zebra is being configed we allow for static routes
to be entered. This presents a problem for when a vrf
is cli configed but not kernel configed yet.
Modify zebra to notice that when a static route is
entered and either the nexthop vrf or the vrf
is not fully configed, to save that config to the
side.
When vrf's become active( kernel configed ) parse
through the list of saved to the side static routes
and determine if any of them can be installed.
Additionally modify the cli to output the saved
to the side cli, so that we can properly handle
a wr mem.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
When you have individual 'ip route..' commands
under a VRF allow them to be displayed properly
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Add the originating routes type and instance to the nexthop
update message. This is necessary because there exist
scenarios where BGP needs to make a decision about the
originating route type and instance to know if it is
going to be doing a route replace to a route that would
resolve to itself.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
When decoding and creating the appropriate data structures
for a nexthop, use the passed in vrf.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Implement support for EVPN symmetric routing for IPv6 routes. The next hop
for EVPN routes is the IP address of the remote VTEP which is only an IPv4
address. This means that for IPv6 symmetric routing, there will be IPv6
destinations with IPv4 next hops. To make this work, the IPv4 next hops are
converted into IPv4-mapped IPv6 addresses.
As part of support, ensure that "L3" route-targets are not announced with
IPv6 link-local addresses so that they won't be installed in the routing
table.
Signed-off-by: Vivek Venkatraman vivek@cumulusnetworks.com
Reviewed-by: Mitesh Kanjariya mitesh@cumulusnetworks.com
Reviewed-by: Donald Sharp sharpd@cumulusnetworks.com
This limitation ignores the creation of a new NS context, when an
already present NS is available with the same NSID. This limitation
removes confusion, so that only the first NS will be used for
configuration.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
So as to get the correct NETNS where some discovery must be done and
populated, the zns pointer is directly retrieved from zvrf, instead of
checking that the VRF is a backend NETNS or not.
In the case where the interfaces are discovered before the VRF is enabled
( VRF-lite populate), then the default NS is retrieved.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Because socket creation is tightly linked with socket binding for vrf
lite, the proposal is made to extend socket creation APIs and to create
a new API called vrf_bind that applies to vrf lite. The passed interface
name is the interface that will be bound to the socket passed.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
That API can be used to wrap the ioctl call with various vrf instances.
This permits transparently doing the ioctl() call without taking into
consideration the vrf backend kind.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
The zebra daemon introduces the logical router initialisation.
Because right now, the usage of logical router and vrf NETNS is
exclusive, then the logical router and VRF are initialised accordingly.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
A new API is available for interface ioctl operations on Linux:
vrf_if_ioctl. This is the unified API that permits doing ioctl
operations on a per interface basis.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
When interfaces are located on different NETNS ( different VRF), then a
switch from netns context is necessary when calling setns(). The VRF
apis to switch and switch back are called, so that the ioctl will work
accordingly.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
The assert appears in zebra_mpls.c when checking default zebra_vrf.
It appears that when the mpls entries are flushed, it gets the default
vrf which is already flushed by vrf_terminate() function. In order to
avoid that assert to trigger a crash, the mpls flush is called before
vrf termination.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
this is a static analysis performed by c-lang scan-build tool that
demonstrated this issue. This commit is handling the fix.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
when the netns backend is selected for VRF, the default VRF is being
assigned a NSID. This avoids the need to handle the case where if the
incoming NSID was 0 for a non default VRF, then a specific handling had
to be done to keep 0 value for default VRF.
In most cases, as the first NETNS to get a NSID will be the default VRF,
most probably the default VRF will be assigned to 0, while the other
ones will have their value incremented. On some cases, where the NSID is
already assigned for NETNS, including default VRF, then the default VRF
value will be the one derived from the NSID of default VRF, thus keeping
consistency between VRF IDs and NETNS IDs.
Default NS is attempted to be created. Actually, some VMs may have the
netns feature, but the NS initialisation fails because that folder is
not present.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
upon zebra initialisation, and upon further netnamespace creation, the
the netnamespaces are created and a vrf associated to the netnamespace
is created. By convention, the name of the netns will be the same as the
VRF.
Add a stub routine that returns a fake ns identifier, in case netlink (
linux machines) is not available.
Also, upon each newly discovered NETNS, a NSID id being generated,
either by relying on kernel NSID feature, or by generating locally the
NSID ( see previous commit for more information).
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
A NS identifier is collected by netlink. This identifier is a 32 bit
identifier that is either generated by the kernel (if not set) or
manually set by a set netlink command. The commit here is getting the
NSID from the newly created NS. If the linux option to create or get a
new NSID from the kernel does not exist, then the NSID is locally
genrated.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
The addition of the name of the netns in the vrf message introduces also
a limitation when the size of the netns is bigger than 15 bytes. Then
the netns are ignored by the library.
In addition to this, some sanity checks have been introduced. some
functions to create the netns from a call not coming from the vty is
being added with traces.
Also, the ns vty function is reentrant, if the context is already
created.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Show vrf command displays information on the vrf, if it is related to
vrf kernel or if it is related to netns.
When a vrf from kernel is detected, before creating a new vrf, a check
is done against an already present vrf, and if that vrf is not a vrf
mapped with a netns. If that is that case, then the creation is
rejected.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
The zebra netnamespace contexts are initialised, based on the callback
coming from the NS. Reversely, the list of ns is parsed to disable the
ns contexts.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
If vrf backend is netns, then the zebra will create its own
zebra_ns context for each new netns discovered. As consequence,
a routing table, and other contexts will be created for each
new namespace discovered. When it is enabled, a populate process
will be done, consisting in learning new interfaces and routes, and
addresses from other NETNS.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
This commit is also a fix that avoids a VRF to be attached to the wrong
namespace context, at creation time. Because the VRF, at creation time
does not know yet the namespace where it will get its information.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
For each route to be added or deleted, instead of applying directly to
default namespaces, when a vrf is mapped to a namespace, then the
correct zns must be found out.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Upon following calls: interface poll, address poll, route poll, and
ICMPv6 handling, each new Namespace is being parsed. For that, the
socket operations need to switch from one NS to one other, to get the
necessary information.
As of now, there is a crash when dumping interfaces, through show
running-config.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
a vty command is added:
in addition to this command ( kept for future usage):
- [no] logical-router-id <ID> netns <NETNSNAME>
a new command is being placed under vrf subnode
- vrf <NAME>
[no] netns <NETNSNAME>
exit
This command permits to map a VRF with a Netnamespace.
The commit only handles the relationship between vrf and ns structures.
It adds 2 attributes to vrf structure:
- one defines the kind of vrf ( mapped under netns or vrf from kernel)
- the other is the opaque pointer to ns
The show running-config is handled by zebra daemon.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
The netns backend is chosen by VRF if a runtime flag named vrfwnetns is
selected when running zebra.
In the case the NETNS backend is chosen, in some case the VRFID value is
being assigned the value of the NSID. Within the perimeter of that work,
this is why the vrf_lookup_by_table function is extended with a new
parameter.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
The ZEBRA_FLAG_INTERNAL flag is used to signal to zebra that
the route being added, the nexthops for it can be recursively
resolved. This name keeps throwing me off when I read it
so let's rename to something that allows the developer to
understand what is going on.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The 'struct route_entry *old' and 'struct route_entry *new' can sometimes
be the same route type( for a route replace ), so when we are checking
to see if a new owner has taken over, don't tell the owner it is
replacing it self.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com.
Add a bit more detail to tell us what we are sending
up to a protocol so we can debug it better in the
future.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Some of the tables are no longer stored in the zvrf
and in the zns now. On shutdown zns is cleaned up
after vrf( and rightly so!) As such we should not
attempt to count the information if we don't have
a zvrf.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
With the ability of zebra to handle random tables,
add code to display those tables via the
show <ip|ipv6> route table (1-...) [json] command.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The linux kernel allows a vast expanse of tables to be used.
It would be useful for zebra to track these tables if they
are being used.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The other_tables data structure does not belong to a vrf.
It belongs to the zns. This is because each vrf does not
need to have copies of each of other_tables.
Additionally move the array into a RB_TREE. This will allow
us to sort quickly and easily expand the number of tables
we can support to beyond the ZEBRA_KERNEL_TABLE_MAX define.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Problem seen when a prefix was learned with nexthops from multiple
route sources (static and ospf in this case) and the link to that
nexthop flaps. The nht entry was incorrectly deleted so when the
link came back up the static was not re-installed correctly.
Ticket: CM-19675
Signed-off-by: Don Slice <dslice@cumulusnetworks.com>
When a BGP-labeled route is resolved into an LDP-labeled IGP route,
zebra would install it with no labels in the kernel. This patch implements
recursive MPLS labels, i.e. make zebra install all labels from the route's
nexthop chain (the labels from the top-level nexthop being installed in
the top of the MPLS label stack). Multiple recursion levels are supported.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
If you were to configure a v4 and v6 vrf pop and forward label
that both happened to be the same, unconfiguring one would
remove them both.
This fixes that issue by noticing if we should remove it or
not based upon v4 or v6 having the same label or not.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Add the ability to pass in an afi to zebra. zebra_vrf keeps
track of the afi/label tuple and then does the right thing
before we call down. AF_MPLS does not care about v4 or v6
it just knows label and what device to use for lookup.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
1) Add asserts in a couple of spots to show we
never expect prefix to be bad.
2) Fix some bfd code where out_ctxt will
always be NULL.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Asymmetric routing is an ideal choice when all VLANs are cfged on all leafs.
It simplifies the routing configuration and
eliminates potential need for advertising subnet routes.
However, we need to reach the Internet or global destinations
or to do subnet-based routing between PODs or DCs.
This requires EVPN type-5 routes but those routes require L3 VNI configuration.
This task is to support EVPN type-5 routes for prefix-based routing in
conjunction with asymmetric routing within the POD/DC.
It is done by providing an option to use the L3 VNI only for prefix routes,
so that type-2 routes (host routes) will only use the L2 VNI.
Signed-off-by: Mitesh Kanjariya <mitesh@cumulusnetworks.com>
is_vni_l3 was removed as a part of PR1700. However, it seems to be used in master.
Causing the breakage. Made the changes to not use the API anymore.
Signed-off-by: Mitesh Kanjariya <mitesh@cumulusnetworks.com>
removed an additional field 'local-tunnel-ip' from l2vnis o/p
Ticket: CM-19670
Review: CCR-7167
Testing: Verified that the output is proper
Signed-off-by: Mitesh Kanjariya <mitesh@cumulusnetworks.com>
Modify mpls.h to rename MPLS_LABEL_ILLEGAL to be MPLS_LABEL_NONE.
Fix all pre-existing code that used MPLS_LABEL_ILLEGAL.
Modify the zapi vrf label message to use MPLS_LABEL_NONE as the
signal to remove label associated with a vrf.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Add the ability to pass the lsp owner type through the zapi
and in addition add a new label type for the sharp protocol
for testing.
Finally modify zebra_mpls.h to not have defaults specified
for the enum. That way when we add a new LSP type the
compile fails and the person doing the addition knows
where he has to touch shit.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Turns out we had 3 different ways to define labels
all of them overlapping with the same meanings.
Consolidate to 1. This one choosen is consistent
naming wise with what the *bsd and linux kernels
use.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Add the ability for the nexthops to be a NEXTHOP_TYPE_IFINDEX.
Since we are using this code for L3vpn pop and forward operations
and we know that the lo or vrf device name must exist we
trust that it is correct.
Update display to show the correct data with a 'show mpls table'
Update the mpls install into the kernel to treat
NEXTHOP_TYPE_IFINDEX as special and we do not need
to pass in the nexthop label.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
For L3VPN's we need to create a label associated with the specified
vrf to be installed into the kernel to allow a pop and lookup
operation.
The new api is:
zclient_send_vrf_label(struct zclient *zclient, vrf_id_t vrf_id,
mpls_label_t label);
For the specified vrf_id associate the specified label for
a pop and lookup operation for forwarding.
To setup a POP and Forward use MPLS_LABEL_IMPLICIT_NULL
If the same label is passed in we ignore the call.
If the label is different we update entry.
If the label is MPLS_LABEL_NONE we remove
the entry.
This sets up the api. Future commits will have the functionality
to actually install into the kernel.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The nh_resolve_via_default function is an accessor function
for NHT in zebra. Let's move this function to it's proper
place.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Fix the read in of vrf routes on a start or restart that caused
the nexthop_vrf to be assumed to be the default vrf.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The encoding of the nexthop update made some distinctions
between nexthop types that it does not need to.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
* zebra/kernel_socket.c: include "rt.h" to provide the prototypes of
kernel_init() and kernel_terminate();
* lib/prefix.h: remove the deprecation warning whenever ETHER_ADDR_LEN
is used. isisd uses the ETHER_HDR_LEN constant which is defined in
terms of ETHER_ADDR_LEN in the *BSD system headers. So, when building
FRR on *BSD, we were getting several warnings because we were using
ETHER_ADDR_LEN indirectly;
* lib/command_lex.l, lib/defun_lex.l: ignore other harmless warnings;
* lib/spf_backoff.c: cast 'tv->tv_usec' to 'long int' before printing.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
The v6 code had the same issue with how it handled
nexthop-vrf and nexthop when it was entered on the
same line. This fixes that issue.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
When a rib_unlink() event is directly called for a
route_entry we need to see if the dest->selected_fib
is the same and just unset the dest->selected_fib.
This was happening for redistributed table 10 routes
into BGP.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Zebra stores routes coming from the kernel for non-default
tables. This information on shutdown was being leaked
because we never cleaned it up. Allow for this to happen
now.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The error handling of the nexthop vrf and the vrf
for what was specified on the cli was not as clean
as it should have been.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
If src happens to point at all 0's due to not initializing
it and if the address passed in is not a v6 address then
we would not set src in the AF_INET6 call and would
fail the (src.ipv4.s_addr && inet_pton(AF_INET...)
call. Thus causing us to return a NULL and make
the routemap code think there was an issue.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The nexthop_vrf should be looked up as appropriate,
If the nexthop_vrf was specified use that, else
use the vrf context of what was passed in.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The code change to switch from stream_getX to STREAM_GETX added
a goto statement to be handled for a failure case. The failure
case was properly handled but the normal case was not tested
properly and there exists a situation where we would free
the out_ctxt 2 times. Prevent that from happening.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Currently, while processing kernel messages related to VNIs
we first check if VNI is L3 - this is a hash lookup
later, we do the lookup again to find the L3-VNI.
This is non-optimal.
Made changed to make sure we only do the lookup once.
Signed-off-by: Mitesh Kanjariya <mitesh@cumulusnetworks.com>
The dest->selected_fib assignment needs to happen
after the install and should be controlled by
the southbound api return of success or failure.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The route_node that we are working on is going to be interesting
to the kernel_route_rib_pass_fail. So I am setting up the
code to allow me to pass it. This will be done in a subsuquent
commit.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Refine the notion of what FRR considers as "configured" VRF. It is no longer
based on user just typing "vrf FOO" but when something is actually configured
against that VRF. Right now, in zebra, the only configuration against a VRF
are static IP routes and EVPN L3 VNI. Whenever a configuration is removed,
check and clear the "configured" flag if there is no other configuration for
this VRF. When user attempts to configure a static route and the VRF doesn't
exist, a VRF is created; the VRF is only active when also defined in the
kernel.
Updates: 8b73ea7bd479030418ca06eef59d0648d913b620
Signed-off-by: Vivek Venkatraman <vivek@cumulusnetworks.com>
Reviewed-by: Donald Sharp <sharpd@cumulusnetworks.com>
Reviewed-by: Don Slice <dslice@cumulusnetworks.com>
Ticket: CM-10139, CM-18553
Reviewed By: CCR-7019
Testing Done:
1. Manual testing for L3 VNI and static routes - FRR restart, networking
restart etc.
2. 'vrf' smoke
<DETAILED DESCRIPTION (REPLACE)>
When a VRF gets deleted - e.g., networking restart or ifdown of the VRF - but
has associated FRR configuration, additional cleanup of all dynamic data pertaining
to this VRF is necessary. This includes the routing tables, next hop tables,
temporary queues for this VRF etc. Only the FRR configuration for this VRF must
be retained.
Signed-off-by: Vivek Venkatraman <vivek@cumulusnetworks.com>
Reviewed-by: Don Slice <dslice@cumulusnetworks.com>
Reviewed-by: Mitesh Kanjariya <mitesh@cumulusnetworks.com>
Reviewed-by: Donald Sharp <sharpd@cumulusnetworks.com>
Ticket: CM-19148
Reviewed By: CCR-7030
Testing Done:
1. Manual testing - This scenario and EVPN configuration
2. Various smoke tests - vrf, bgp, pim, l3-smoke
Only check on L3-VNI SVI status when uninstalling remote next hops.
Signed-off-by: Vivek Venkatraman <vivek@cumulusnetworks.com>
Ticket: CM-19036
Reviewed By: None
Testing Done:
1. Networking restart
2. VxLAN interface disable/enable
3. VRF delete and readd
A VRF is active only when the corresponding VRF device is present in the
kernel. However, when the kernel VRF device is removed, the VRF container in
FRR should go away only if there is no user configuration for it. Otherwise,
when the VRF device is created again so that the VRF becomes active, FRR
cannot take the correct actions. Example configuration for the VRF includes
static routes and EVPN L3 VNI.
Note that a VRF is currently considered to be "configured" as soon as the
operator has issued the "vrf <name>" command in FRR. Such a configured VRF
is not deleted upon VRF device removal, it is only made inactive. A VRF that
is "configured" can be deleted only upon operator action and only if the VRF
has been deactivated i.e., the VRF device removed from the kernel. This is
an existing restriction.
To implement this change, the VRF disable and delete actions have been modified.
Signed-off-by: Vivek Venkatraman <vivek@cumulusnetworks.com>
Reviewed-by: Donald Sharp <sharpd@cumulusnetworks.com>
Reviewed-by: Mitesh Kanjariya <mkanjariya@cumulusnetworks.com>
Reviewed-by: Don Slice <dslice@cumulusnetworks.com>
Ticket: CM-18553, CM-18918, CM-10139
Reviewed By: CCR-7022
Testing Done:
1. vrf and pim-vrf automation tests
2. Multiple VRF delete and readd (ifdown, ifup-with-depends)
3. FRR stop, start, restart
4. Networking restart
5. Configuration delete and readd
Some of the above tests run in different sequences (manually).
Kernel can delete a frr installed remote RMAC on a L3-VNI.
We should re-add if such a siatuation occurs
as we are the owner of the RMAC.
This behavor is same for remote MACs as well and was missing for RMACs.
Ticket: CM-18762
Review: CCR-6992
Testing: Manual
Signed-off-by: Mitesh Kanjariya <mitesh@cumulusnetworks.com>
0. move all global EVPN details to 'show evpn [json]' command
1. change "VRF" to "Tenant VRF" in 'show evpn vni'
2. change 'show vrf vni' command to tabular form
and add l3-vni related params to the output
3. show evpn rmac should show refcount only in detailed output
4. show evpn next-hop should show refcount only in detailed output
5. move VRF in 'show evpn l3vni' to the end
6. add num rmacs and num nexthops to show evpn l3vni
7. remove "info" from 'show bgp vrf <> l3vni info'
8. show evpn vni <vni> should show l2vni details or l3 vni details
9. show evpn vni should show both L2 and L3 VNIs
10. show bgp l2vpn evpn - shows all global bgp l2vpn evpn details
11. show bgp l2vpn evpn vni - will show both l2 and l3 vnis
12. show bgp l2vpn evpn vni - should show both l2 and l3 vnis
13. follow camel notation for all json keys
Signed-off-by: Mitesh Kanjariya <mitesh@cumulusnetworks.com>
In EVPN symmetric routing, not all subnets are presents everywhere.
We have multiple scenarios where a host might not get learned locally.
1. GARP miss
2. SVI down/up
3. Silent host
We need a mechanism to resolve such hosts. In order to achieve this,
we will be advertising a subnet route from a box and that box will help
in resolving the ARP to such hosts.
Signed-off-by: Mitesh Kanjariya <mitesh@cumulusnetworks.com>
1. Added default gw extended community
2. code modification to handle sticky-mac/default-gw-mac as they go together
3. show command support for newly added extended community
4. State in zebra to reflect if a mac/neigh is default gateway
5. show command enhancement to refelect the same in zebra commands
Ticket: CM-17428
Review: CCR-6580
Testing: Manual
Signed-off-by: Mitesh Kanjariya <mitesh@cumulusnetworks.com>
- Remove OSPD_SR route type
- Check that Segment Routing is enable only in default VRF
- Add comment for SRGB in lib/mpls.h
- Update documentation
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
When a nexthop is resolved via a label based nexthop, copy
the labels into the newly created recursive nexthop.
Please note that this does not fix the case where we
have a label based nexthop that is recursively resolved
through *another* nexthop that is also label based.
In this case we need to create a new label stack
for those routes.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
The function zserv_create_header was exactly the same
as zclient_create_header. Let's just have one in the
system.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
On some places, macro NS_DEFAULT was not used. This commit is replacind
on some identified places where 0 can be replaced with NS_DEFAULT macro.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
On some places of code, the VRF_DEFAULT define was not used. This commit
is ensuring that the macros is well used.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Because the VRF_ID is mapped into 32 bit, and because when NETNS will be
the backend of VRF, then the NS identifier must also be encoded as 32
bit.
Also, the NS_UNKNOWN value is changed accordingly to UINT32_MAX.
Also, the NS_UNKNOWN and NS_DEFAULT values are removed from zebra_ns.h
and kept on ns.h header file.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
This is a preparatory work for configuring vrf/frr over netns
vrf structure is being changed to 32 bit, and the VRF will have the
possibility to have a backend made up of NETNS.
Let's put some history.
Initially the 32 bit was because one wanted to map on vrf_id both the
VRFLITE and the NSID.
Initially, one would have liked to make zebra configure at the same time
both vrf lite and vrf from netns in a flat way. From the show
running perspective, one would have had both kind of vrfs, thatone
would configure on the same way.
however, it leads to inconsistencies in concepts, because it mixes vrf
vrf with vrf, and vrf is not always mapped with netns.
For instance, logical-router could also be used with netns. In that
case, it would not be possible to map vrf with netns.
There was an other reason why 32 bit is proposed. this is because
some systems handle NSID to 32 bits. As vrf lite exists only on
Linux, there are other systems that would like to use an other vrf
backend than vrf lite. The netns backend for vrf will be used for that
too. for instance, for windows or freebsd, some similar
netns concept exists; so it will be easier to reuse netns
backend for vrf, than reusing vrflite backend for vrf.
This commit is here to extend vrf_id to 32 bits. Following commits in a
second step will help in enable a VRF backend.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
During VRF change handling, the connected route for the interface should be
installed only if the interface is up. Otherwise, we end up with duplicate
connected routes which can lead to other problems.
Signed-off-by: Vivek Venkatraman <vivek@cumulusnetworks.com>
Reviewed-by: Don Slice <dslice@cumulusnetworks.com>
Ticket: CM-19364
Reviewed By: CCR-7099
Testing Done: Manual verification
This is an implementation of draft-ietf-ospf-segment-routing-extensions-24
and RFC7684 for Extended Link & Prefix Opaque LSA.
Look to doc/OSPF_SR.rst for implementation details & known limitations.
New files:
- ospfd/ospf_sr.h: Segment Routing structure definition (SubTLVs + SRDB)
- ospfd/ospf_sr.c: Main functions for Segment Routing support
- ospfd/ospf_ext.h: TLVs and SubTLVs definition for RFC7684
- ospfd/ospf_ext.c: RFC7684 Extended Link / Prefix implementation
- doc/OSPF-SRr.rst: Documentation
Modified Files:
- doc/ospfd.texi: Add new Segment Routing CLI command definition
- lib/command.h: Add new string command for Segment Routing CLI
- lib/mpls.h: Add default value for SRGB
- lib/route_types.txt: Add new OSPF Segment Routing route type
- ospfd/ospf_dump.[c,h]: Add OSPF SR debug
- ospfd/ospf_memory.[c,h]: Add new Segment Routing memory type
- ospfd/ospf_opaque.[c,h]: Add ospf_sr_init() starting function
- ospfd/ospf_ri.c: Add new functions to Set/Get Segment Routing TLVs
Add new ospf_router_info_lsa_upadte() to send Opaque LSA to ospf_sr.c()
- ospfd/ospf_ri.h: Add new Router Information SR SubTLVs
- ospfd/ospf_spf.c: Add new scheduler when running SPF to trigger
update of NHLFE
- ospfd/ospfd.h: Add new thread for Segment Routing scheduler
- ospfd/subdir.am: Add new files
- vtysh/Makefile.am: Add new ospf_sr.c file for vtysh
- zebra/kernel_netlink.c: Add new OSPF_SR route type
- zebra/rt_netlink.[c,h]: Add new OSPF_SR route type
- zebra/zebra_mpls.h: Add new OSPF_SR route type
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
When we receive a read failure in handling a FPM read
let's add a bit more information to what we think has
gone wrong, in a hope that debugging will be a bit easier.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Allow this to work:
vrf DONNA
ip route 4.3.2.1/32 192.168.1.5 nexthop-vrf EVA
The static route code was not properly telling the
nexthop resolution code what vrf to use.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
In order for routes to be leaked the ifindex must be sent
down into the kernel over the netlink protocol. So
send it( we always figure it out ) when we add the
route.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Move the code that generates the 'show run' output for
'ip route' to be controlled by the vrf config generation
code. Since it really belongs there.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Move the NS/VRF initialization code for zebra to an earlier
point in startup. In the future we will have code that
will want to install_element into a VRF_NODE from zebra_vty.c
Signed-off-by: Donald Sharp <sahrpd@cumulusnetworks.com>
If the vrf for the nexthop is different than the vrf the
route is in, display the nexthops vrf.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
When we are handling nexthops in zebra, use the appropriate
vrf to figure out if the nexthops are active or not.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Add to the rib_add function the ability to pass in the nexthops
vrf.
Additionally when we decode the netlink message from the linux
kernel, properly figure out the nexthops vrf_id.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
With VRF route-leaking we need to know what vrf
the nexthops are in compared to this vrf. This
code adds the nh_vrf_id to the route entry and
sets it up correctly for the non-route-leaking
case.
The assumption here is that future commits
will make the nh_vrf_id *different* than
the vrf_id.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
There are certain interfaces that when brought up and we receive
the netlink notification about it, the speed of the interface is
not set correctly. This creates a one-shot thread that will
wait 15 seconds and then requery the speed and if it is different
it will renotify the running daemons.
The kernel should notify us on speed changes, unfortunately this
is not done currently via a netlink message as you would think.
As I understand it there is some in-fighting about the proper
way to approach this issue and due to the way the kernel release
cycle works we are a ways off from getting this fixed. This
is a `hack` to make us work correctly while we wait for the
true answer.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The rn can not have an rn->info pointer and as
such the dest may be NULL. Don't assign
the old_fib pointer if so. This is ok
because we know RNODE_FOREACH... will not
iterate if dest is NULL.
Fixes: #1575
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
EVPN is only enabled when user configures advertise-all-vni.
All VNIs (L2 and L3) should be cleared upon removal of this config.
Signed-off-by: Mitesh Kanjariya <mitesh@cumulusnetworks.com>
For EVPN type-5 route the NH in the NLRI is set to the local tunnel ip.
This information has to be obtained from kernel notification.
We need to pass this info from zebra to bgp in l3vni call flow.
This patch doesn't handle the tunnel-ip change.
Signed-off-by: Mitesh Kanjariya <mitesh@cumulusnetworks.com>
When a remote VTEP next hop entry (for symmetric routing) becomes
stale, reinstall it. This makes the behavior the same as what is
done for remote host next hops (for asymmetric routing and ARP
suppression).
Signed-off-by: Vivek Venkatraman <vivek@cumulusnetworks.com>
Upon a l3vni delete (no vni under a vrf) is executed,
we should uninstall all the RMACs and NHs associated with the l3vni.
This is because by the time we get a route delete in zebra
l3vni is already deleted and we dont have refernce to RMACs and NHs
Signed-off-by: Mitesh Kanjariya <mitesh@cumulusnetworks.com>
It is technically possible to attempt to use a NULL pointer.
Remove this from happening.
Additionally cleanup code indentation a small bit.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
When displaying a specific route and if it has a tag
and if we have turned on realm support notify the user
that a tag value of (1-255) is installed into the kernel
with the realm set.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Linux has the ability to support a concept of 'realms'.
This concept allows you to mark routes with a realm id
value of 1-255. If you have marked the realm
of a route then you can use the tc program to
apply policy to the routes.
This commit adds the ability of FRR to interpret
a tag from (1-255) as a realm when installing into
the kernel. Please note that at this point in time
there is no way to set policy from within FRR. This
must be done outside of it.
The normal methodology for setting tags is valid here
via a route-map.
Finally this is only applied if the --enable-realms configure
option is applied.
Signed-off-by: Kaloyan Kovachev <kkovachev@varna.net>
As netlink is available for all linux systems ( old linux distributions
are not considered), this commit removes the ipv6 ioctl support for
linux.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
It is possible to configure IPv6 addresses from interfaces by using
netlink socket, intead of using standard sockets.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
zserv.c had a grab bag of function declarations that
did not belong in it. Move those to where they better
belong.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
zserv.c has become a bit of a dumping ground for zebra cli.
I'd like to focus the zserv.c code into it's core functionality
which is handling the zapi interface.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The zebrad initialization does not need to be part of cli
initialization and should be done separately.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
If the frr.conf file contains bgp unnumbered peering but the associated
interfaces do not have the commands "no ipv6 nd suppress-ra" and
"ipv6 nd ra-interval 10" configured, when frr-reload.py is issued the
interface commands are removed from the running config, causing peers to
got down and stay down after a link flap. This situation can occur if
the frr.conf file is created manually or via automation (like ansible)
but a subsequent "wr mem" has not been performed.
This fix changes the behavior so that the interface ipv6 nd ra commands
created by bgp are not displayed. Therefore, when the above condition
occurs, there is no difference between the running and stored configs
and peers work fine.
Ticket: CM-18702
Signed-off-by: Don Slice <dslice@cumulusnetworks.com>
Reviewed-by: CCR-7004
Testing-done: Manual testing successful. L3-smoke has no new failures
The $Id: lines would allow code kept in cvs to substitute
the file version upon checkout. Since we are not using
cvs there is no need to keep these lines anymore.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The KAME flag should not be used to turn on/of v6 forwarding on
*bsd systems. Create a configure #define to better describe
what we are doing and the why of it.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The SELECTED_FIB flag was placed upon the entry that we
have inserted into the kernel. Remove this flag and replace
with a `rib_dest_t` *selected_fib. Just keep track of the
selected_fib as we modify it. This removes allot of
FOREACH_RE loops as that we do not need to find the
entry anymore.
At this point in time I think this is a very minor performance
boost. Most `rib_dest_t` structures do not typically carry
more than 1 route_entry, but the minute you start having more
than one entry you can and will start having significant processing
time spent finding the selected_fib.
A future commit may re-order the route entries and possibly
keep more pointers on `rib_dest_t` to avoid lookup. This
is a bit tricky because of the FIB_OVERRIDE code.
Signed-off-by Donald Sharp <sharpd@cumulusnetworks.com>
When we get a STREAM_GET failure of some sort we
need to handle the failure case here and safely
free up stored memory/context and return gracefully.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Some of the deprecated stream.h macros see such little use that we may
as well just remove them and use the non-deprecated macros.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
In some circumstances zebra and ldpd would display a pseudowire as UP
when in reality it's not (example: MTU mismatch between the two ends). Fix
this to avoid confusion.
Reported-by: ßingen <bingen@voltanet.io>
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
When doing a route replace, on openbsd we were not
marking the old lsp as no longer installed, while
on linux we were. Move the abstraction up a layer.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Setup a interface such that the add/del of lsp's from
the kernel can have a callback for success/failure.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
When a route is installed or deleted into the kernel allow a
callback mechanism to handle the success/failure of
the kernel call.
This separation is to allow us to do these things:
1) In the future create a true pthread to handle route
install/deletes. This way we can schedule these
events in a smarter fashion
2) Allow us to use a common southbound api for route
install and deletion.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
zebra_find_client needs to match on instance as well so
protocols like ospfd will work correctly for notification.
Modify the zebra_find_client code to accept the instance
number and to pass it in appropriately.
Signed-off-by: Doanld Sharp <sharpd@cumulusnetworks.com>
Add a daemon that will allow us to test the zapi
as well as test route install/removal times from
the kernel.
The current commands are:
install route <starting ip address> nexthop <nexthop> (1-1000000)
This command starts installing at <starting ip address>/32
(1-100000) routes that it auto-increments by 1
Installation start time is noted in the log and finish
time is noted as well.
remove routes <starting ip address> (1-1000000)
This command removes routes at <starting ip address>/32
and removes (1-100000) routes created by the install route
command.
This code can be considered experimental and *is not*
something that should be run in a production environment.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
When we are installing into the kernel, not the
change points for notification to a higher level
protocol and make it happen
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Allow the higher level protocol to specify if it would
like to receive notifications about it's routes that
it has installed.
I've purposely made it part of zclient_new_notify because
we need to track the routes on a per daemon basis only.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Provide ZAPI code that can pass to an upper level protocol
what happened to it's route on install.
There are these notifications:
1) ZAPI_ROUTE_FAIL_INSTALL - The route attempted to be
installed did not work.
2) ZAPI_ROUTE_BETTER_ADMIN_WON - A route that was installed
has become un-installed due to another routing protocol
installing a better admin distance
3) ZAPI_ROUTE_INSTALLED - The route specified has been installed
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The rib_uninstall_kernel for non-UNICAST routes when
it is marking a route as no-longer installed should
actually mark it as uninstalled.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Rework of do_show_ip_route caused the 'show ip rpf'
cli to stop working. This put's it back into working
order.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The v6 linux kernel netlink code doees not have
route replace semantics. So if we are in that
situation, do a delete/add to get the correct
results.
Fixes: #1461
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
When the kernel installs/updates a lsp the return code for
success is a 0. The code was interpreting the 0 as a failure
case for the Install/Update code paths. This caused upon
a true deletion zebra loosing knowledge of the lsp
but the kernel still had it installed.
Failure:
mpls label bind 10.50.4.11/32 4444
!
line vty
!
end
robot.cumulusnetworks.com# conf t
robot.cumulusnetworks.com(config)# no mpls lsp 6666 10.50.11.1 3933
robot.cumulusnetworks.com(config)# exit
robot.cumulusnetworks.com# show mpls table 6666
robot.cumulusnetworks.com# exit
sharpd@robot ~/frr4> ip -f mpls route show
6666 as to 3933 via inet 10.50.11.1 dev enp0s10 proto static
With Fix:
sharpd@robot ~/frr4> ip -f mpls route show
6666 as to 3933 via inet 10.50.11.1 dev enp0s10 proto static
sharpd@robot ~/frr4> sudo vtysh
Hello, this is FRRouting (version 3.1-dev).
Copyright 1996-2005 Kunihiro Ishiguro, et al.
robot.cumulusnetworks.com# conf t
robot.cumulusnetworks.com(config)# no mpls lsp 6666 10.50.11.1 3933
robot.cumulusnetworks.com(config)# end
robot.cumulusnetworks.com# show mpls table 6666
robot.cumulusnetworks.com# exit
sharpd@robot ~/frr4> ip -f mpls route show
sharpd@robot ~/frr4>
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The LSP_FLAG_CHANGED and LSP_FLAG_INSTALLED flags
should be handled in the common call function
for adding/updating/removing a lsp to/from the kernel.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The SET_FLAG(nexthop->flags, NEXTHOP_FLAG_FIB)
is already taken care of in zebra_rib.c. There
is no need for this to be handled by rt_socket.c.
rt_netlink.c does not do a SET_FLAG(nexthop->flags, NEXTHOP_FLAG_FIB)
for route installation. Please note it does do it for a mpls
labeled route installation, which will be fixed in a future
commit.
Remove some dead code from 2002 as well.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
When we are modifying the kernel there could
be multiple modules/hooks involved in this
process. As such let the caller set
the appropriate flags for success/failure.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The flags value is not used for unregister events. Let's purposefully
not send anything and purposefully not accept non 0 for it.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
This code modifies zebra to use the STREAM_GET functionality.
This will allow zebra to continue functioning in the case of
bad input data from higher level protocols instead of crashing.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
1) Write zserv api commands( one of each type ) to the side. This will allow
us to use them as input for a fuzzer.
2) Add -c <file to pass to zapi read process> into zebra as a run-time
option of we've turned on fuzzing.
While in and of itself these are not terribly useful( you still need
an external fuzzer ), they provide an infrastructure to allow
tools like afl to test the zapi.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Problems reported with zebra nht oscillating when a nexthop is resolved
using the same address to reach the nexthop (for example, 10.0.0.8 is
resolved via 10.0.0.8/32.) This fix removes this attempt to resolve
thru itself unless the route being resolved is also a host route.
This fix also walks up the tree looking for a less specific route to
reach the nexthop if needed. Smoke testing completed successfully.
Ticket: CM-8192
Signed-off-by: Don Slice <dslice@cumulusnetworks.com>
Reviewed-by: CCR-6583
Testing done: Manual testing successful, bgp-min completed successfully
l3-smoke completed with two test changes required.
The original clippy implementation used if VTYSH_EXTRACT_PL
was defined or not to know to include as part of the creation
of vtysh.
Follow their lead here.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Add the ability to match a specific prefix-length in zebra.
This command behaves in the same manner that the v4 version
of the command behaves.
Fixes: #1398
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The linux kernel passes the IFLA_IFALIAS value. Allow
zebra to read and set the description appropriately.
Currently I don't set the value down into the kernel.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The function clear_nhlfe_installed is to be called
when we get a install failure of some sort for
a lsp change. Since an install failure can happen
in both linux and openBSD moving the function call
northbound is a good idea.
I've also added it to the kernel_del_lsp for completeness
on failure as well, even though neither linux or openBSD
currently can fail a uninstall.
This still leaves the hole where if we have multiple
nhlfes and have an install failure we are not quite
doing the right thing by just blanketly calling
clear_nhlfe_installed.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Allow the end user to specify how many packets we want
to process at one time coming down the zapi, before
we yield and let other things process.
This is a Hidden command because it is not necessarily
something that we want end users to be able to play with
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Store the number of packets we should process at
one time in `struct zebra_t`. A future commit
will allow the user to control this via
a hidden cli.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Allow the user to modify the work-queue processing hold time
from 10ms to a value from (0-10000). Make the command hidden
as that it's a semi-dangerous command and it could cause
issues.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Problem reported with not deleting LSPs from the zebra kernal mpls table
when a delete occurred in bgp. Found that we were exiting the delete
process incorrectly due to not being able to derive the route_type from
the best_nhlre on the lsp while deleting. Since this info was only
needed for route installation, removed this early exit in the case of
deleting the lsp.
Signed-off-by: Don Slice <dslice@cumulusnetworks.com>
Ticket: CM-18309
Reviewed By: CCR-6781
Testing Done: Manual testing looks good. mpls tests successful
These are mostly trivial fixes for leaks in the error path of some functions.
The changes in bgpd/bgp_mpath.c deserves a bit of explanation though. In
the bgp_info_mpath_aggregate_update() function, we were allocating memory
for the lcomm variable but doing nothing with it. Since the code for
communities, extended communities and large communities is pretty much
the same in this function, it's clear that this was a copy and paste
error where most of the ext. community code was copied but not all of
it as it should have been.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Now it's possible to specify multiple options when viewing the RIB or
FIB.
Example: 'show ip route 192.168.0.0/16 longer-prefixes tag 10 ospf'
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Note: I had to remove one assert in clidef.py in order to fix a build
error when using a preprocessor string (FRR_IP_REDIST_STR_ZEBRA) inside
a DEFPY command. This should be revisited later.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
This is the definitive solution to avoid build issues on old Linux
systems, where the system kernel headers might not contain some constants
or macros used by FRR (e.g. MPLS_IPTUNNEL_DST, introduced on 2015).
This is the same strategy adopted by other projects, like iproute2,
libnl, lldpd, strongswan, etc. These header files don't need to be in
sync with upstream, they only need to be updated when necessary (e.g. if
we want to use a new feature introduced by a recent kernel).
Fixes#962 using the solution suggested by David Lamparter.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
The zebra_client_read functionality was reading 1 message
from a peer at a time. Modify the code so that we can
read up to 10 at a time.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The zserv command handlers make an already long function
even longer. Isolate this code so that we can rearrange
the zebra_client_read function.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The ptm code when it encountered an error situation
was not fully reading all the data in the stream
meant for it. Ensure that this is read.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
This improves code readability and also future-proofs our codebase
against new changes in the data structure used to store interfaces.
The FOR_ALL_INTERFACES_ADDRESSES macro was also moved to lib/ but
for now only babeld is using it.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Performance tests showed that, when running on a system with a large
number of interfaces, some daemons would spend a considerable amount
of time in the if_lookup_by_index() function. Introduce a new rb-tree
to solve this problem.
With this change, we need to use the if_set_index() function whenever
we want to change the ifindex of an interface. This is necessary to
ensure that the 'ifaces_by_index' rb-tree is updated accordingly. The
return value of all insert/remove operations in the interface rb-trees
is checked to ensure that an error is logged if a corruption is
detected.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
This is an important optimization for users running FRR on systems with
a large number of interfaces (e.g. thousands of tunnels). Red-black
trees scale much better than sorted linked-lists and also store the
elements in an ordered way (contrary to hash tables).
This is a big patch but the interesting bits are all in lib/if.[ch].
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Make use of strnlen() and strlcpy() so we can get rid of these
convoluted if_*_by_name_len() functions.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
This was causing some weird prefixes to pop up in my log files. One
alternate solution would be to call apply_mask() on the prefix, but
memcpy() is faster and just enough in this case.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
* use %u instead of %d, we don't want to print negative labels;
* increase the size of label_buf to accommodate the worst case scenarios;
* use strlcat() instead of strcat() as a security best practice.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
MAC entries are internally created for purposes such as when a local
neighbor is learnt but the MAC itself is not yet learnt. Such MACs are
not "real", so ensure they are not counted for UI output.
Signed-off-by: Vivek Venkatraman <vivek@cumulusnetworks.com>
Ticket: CM-17991
Reviewed By: None
Testing Done: Manual, evpn-smoke
Fix following flaws that resulted in EVPN with L3 multi-tenancy (i.e.,
EVPN dealing with VxLAN routing in the presence of tenant VRFs) not
working properly:
1. EVPN enable ("advertise-all-vni") is a global command, ensure it is
accordingly processed. The config is maintained against the default VRF.
2. There was an incorrect attempt to derive the L3 VRF for L2 interfaces
- the VRF only applies for L3 interfaces, though the code may initialize
to the default value in other cases.
3. Functions to map (port, VLAN) to SVI or vice versa were incorrect -
particularly, zvni_map_svi() since it was looking in the L3 VRF for
"matching" L2 interface which it would never find. Fix.
In addition, since the 'zebra_vrf *' parameter is not relevant in most
places, it has been removed.
Signed-off-by: Vivek Venkatraman <vivek@cumulusnetworks.com>
Reviewed-by: Mitesh Kanjariya <mitesh@cumulusnetworks.com>
Reviewed-by: Donald Sharp <sharpd@cumulusnetworks.com>
Ticket: CM-17840
Reviewed By: CCR-6685
Testing Done: evpn-smoke, various manual tests
Problem reported when a table entry originated by rdnbrd was moved from one
interface to another on the same switch. Both would be deleted, leaving
no imported entry in the table. Modified zebra_add_import_table_entry to
used rib_add_multipath as well as correct the call to delete a duplicate
entry to include the nexthop associated with the route_entry.
Ticket: CM-18154
Signed-off-by: Don Slice <dslice@cumulusnetworks.com>
Reviewed By: CCR-6731
Testing Done: Manual testing successful, deb given to submitter, bgp-smoke
had no new failures
list_free is occassionally being used to delete the
list and accidently not deleting all the nodes.
We keep running across this usage pattern. Let's
remove the temptation and only allow list_delete
to handle list deletion.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Convert the list_delete(struct list *) function to use
struct list **. This is to allow the list pointer to be nulled.
I keep running into uses of this list_delete function where we
forget to set the returned pointer to NULL and attempt to use
it and then experience a crash, usually after the developer
has long since left the building.
Let's make the api explicit in it setting the list pointer
to null.
Cynical Prediction: This code will expose a attempt
to use the NULL'ed list pointer in some obscure bit
of code.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The zebra_ptm_finish() code was being called before the
client_list deletion. The client_list deletion is
attempting to call the ptm daemon and shut down the connection.
We should not be doing this *after* we shut down memory associated
with it as that we were writing into memory in random spots
in this case.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The adata pointer was not properly being set to
0 before being used. In addition notice malloc
failure and hard exit. If we have no memory on
startup something terrible has gone wrong and
we were going to crash shortly here anyways.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Current cleanup is for unset values or variables that are not used anymore.
Regarding ospfd/ospf_vty.c: argv_find()
we'll never get it NULL, so get coststr = argv[idx]->arg;
irdp is crashing because it assumes that people have
configured it in a certain way. Ensure that this
'way' is honored at least enough so that we don't
crash.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
This is a continuation of 915902cb82. Basically the netlink
read of messages up from the kernel is now noticing the proper
owner of the route. As such when rib_delete was being called
as part of the upcall from the kernel we were not noticing that
we were the originator and not diss-allowing the rib_delete
from happening. This restores this behavior that we were getting
pre-915902cb82cfd
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
While u_char is technically a uint8_t in size I would
like to treat and think about the admin distance
as an actual integer value from 0-255, instead
of a char.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
For ZEBRA_ROUTE_KERNEL types:
The metric/priority of the route received from the kernel
is a 32 bit number. We are going to interpret the high
order byte as the Admin Distance and the low order 3 bytes
as the metric.
This will allow us to do two things:
1) Allow the creation of kernel routes that can be
overridden by zebra.
2) Allow the old behavior for 'most' kernel route types
if a user enters 'ip route ...' v4 routes get a metric
of 0 and v6 routes get a metric of 1024. Both of these
values will end up with a admin distance of 0, which
will cause them to win for the purposes of zebra.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
If we have already scheduled a node to be on the meta_queue, there is no
need to schedule it up again.
On startup we are calling rib_update() multiple times per connected route.
Due to the multiple ways we can get callbacks for adding a connected route
I decided it was best to just improve meta_queue performance as opposed
to trying to figure out all the different ways across all the platforms
that we can decide that a connected route has changed. This appears
to solve the issue with a very large # of interfaces coming up
at the same time on startup.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Both function were very similar, and as we know code duplication is not
good. As an example, in the past couple of weeks some fixes were made
on rib_add() but not on rib_add_multipath(), causing known bugs to still
exist in a different form.
Instead of merging the two functions into one, let's make rib_add()
call rib_add_multipath() with the appropriate parameters. This way we
remove the code duplication but still keep the easy-to-use rib_add()
function for single-path routes.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Fixes the following bug:
% ip route add 50.0.0.0/8 nexthop via 10.0.1.2 nexthop via 10.0.2.2
% ip route replace 50.0.0.0/8 nexthop via 10.0.1.3 nexthop via 10.0.2.3
% ip route replace 50.0.0.0/8 nexthop via 10.0.1.4 nexthop via 10.0.2.4
%
% vtysh -c "show ip route"
[snip]
K * 50.0.0.0/8 [0/0] via 10.0.1.4, rt1-eth1, 00:00:00
* via 10.0.2.4, rt1-eth2, 00:00:00
K * 50.0.0.0/8 [0/0] via 10.0.1.3, rt1-eth1, 00:00:10
* via 10.0.2.3, rt1-eth2, 00:00:10
K>* 50.0.0.0/8 [0/0] via 10.0.1.2, rt1-eth1, 00:00:24
* via 10.0.2.2, rt1-eth2, 00:00:24
Commit a3d18ce6 fixed a similar problem for single-path routes.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Commit f19435a8 fixed rib_add() but didn't fix rib_add_multipath().
While here, remove the unnecessary 'same->table == re->table' check as
it always evaluate to true.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
On shutdown we were deleting the linked list that
kept the zclient connections, but we were not
freeing the data pointed at by the link list.
This modification allows the normal cleanup of the
linked list to cleanup the zclient data structure.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Static routes were not keeping track of uptime appopriately and
as such we were not properly displaying uptime.
Fixes: #1196
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
This fixes the broken indentation of several foreach loops throughout
the code.
From clang's documentation[1]:
ForEachMacros: A vector of macros that should be interpreted as foreach
loops instead of as function calls.
[1] http://clang.llvm.org/docs/ClangFormatStyleOptions.html
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Display uptime for all route types instead of just for RIP,
OSPFv2, ISIS, NHRP, TABLE? and BGP routes.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Add the ability for person issuing 'show ip route...' commands
to see if we've suppressed adding a nexthop to the kernel.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Signed-off-by: Daniel Walton <dwalton@cumulusnetworks.com>
Reviewed-by: Donald Sharp <sharpd@cumulusnetworks.com>
This fixes route redistribution for VRFs
There exists situations where it is possible to have duplicate
nexthops passed from a higher level protocol into zebra.
This code notices this duplication of nexthops and marks
the duplicates as DUPLICATE so we don't attempt to install
it into the kernel.
This is important on *BSD as I understand it because passing
duplicate nexthops will cause the route to be rejected.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
* Reuse route_distance() on rib_add_multipath() and on rib_add();
* Set the admin distance of LDP and BGP MPLS LSPs.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Set the default admin distance for some route types
more appropriately. The route_distance function
would return 0 for array items not configured, which
is not the right thing to do.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
When we get a route install for a route that needs to be recursively
resolved allow the blackhole to be considered and used if it is
available.
This allows bgp to install a route that will be blackholed.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
So the current code for a blackhole route assumed that you
would never want a recursively resolved blackhole to work.
Suppose you have this setup:
1) ip route 192.0.2.1/32 Null0
2) BGP installed with a route-map that rewrites the
nexthop to 192.0.2.1.
Zebra will end up with a recursive nexthop that resolves
to the blackhole.
The original rib install function assumed that we would never
want the ability to recursively resolve a blackhole route.
Instead just handle the blackhole as part of the nexthop_num = 1
case.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
We should only be operating RIB_UPDATE_IF_CHANGE on
types that zebra has control of. We assume that
the calling routing protocol is going to take care
of their own route changes based upon the interface
state change.
Also try to re-organize the code a tiny bit to allow
it to fit better within a tabed world.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
RNODE_FOREACH_RE... function calls were not properly being
indented when we switched over to the new format. Let's fix
this issue.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
There is no need to retrieve the zvrf *unless* we are doing
debugs. So move the retrieval under the debug statement.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
With unnumbered interfaces on Linux we have the same IP address configured
on several different interfaces and hence multiple connected routes for
the same prefix.
With that said, add an exception in rib_add() to allow zebra to keep
track of all connected routes. We don't need to worry about the bugs
reported in a3d18ce because connected routes are always added from the
connected_up() function, and connected_update() already takes care of
handling duplicate addresses per interface.
Fixes#1112.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
With the change to make zebra pass routes to the kernel
with the 'correct' proto name, it caused zebra to
not properly recognize them on startup again
the next time such that the route would not
be deleted.
Modify rt_netlink.c to notice that we have a
self originated route and to properly mark
the type of route it was.
Modify rib_table_sweep to mark the nexthops
as active so that when we go to delete the
self originated routes it would properly
delete from the kernel.
Fixes: #1061
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
If we configure a static route pointing to null0 and zebra displays
it with the 'blackhole' keyword in the running configuration, the
frr-reload.py script will have issues. Fix this by introducing the
'static_blackhole_type' enum.
Fixes#1091.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Link-local routes are unique in the sense that they all have the same
prefix but have different nexthops (local interfaces). Add an exception
in rib_add() to allows us to keep track of all of them.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Fixes the following bugs:
1)
% ip -6 route add 5000::/64 via 3000::2
% ip -6 route replace 5000::/64 via 3000::2
% ip -6 route replace 5000::/64 via 3000::2
% ip -6 route replace 5000::/64 via 3000::2
% ip -6 route replace 5000::/64 via 3000::2
%
% vtysh -c "show ipv6 route"
[snip]
K * 5000::/64 [0/1024] via 3000::2, rt1-eth0
K * 5000::/64 [0/1024] via 3000::2, rt1-eth0
K * 5000::/64 [0/1024] via 3000::2, rt1-eth0
K * 5000::/64 [0/1024] via 3000::2, rt1-eth0
K>* 5000::/64 [0/1024] via 3000::2, rt1-eth0
2)
% ip -6 route add 7000::/64 via 3000::2
% ip -6 route replace 7000::/64 via 3000::3
% ip -6 ro | grep 7000
7000::/64 via 3000::3 dev rt1-eth0 metric 1024 pref medium
%
% vtysh -c "show ipv6 route"
[snip]
K * 7000::/64 [0/1024] via 3000::3, rt1-eth0
K>* 7000::/64 [0/1024] via 3000::2, rt1-eth0
NOTE: the check for ROUTE_ENTRY_REMOVED was redundant as it was already
performed at the beginning of the loop.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
This reference counter was introduced in 2001, apparently to solve a
problem with connected routes being added/removed multiple times. The RIB
code changed a lot since then, and giving the current callers of rib_add()
and rib_delete() it's safe to assume that we don't need this anymore.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
If we've set the bh_type to something besides BLACKHOLE_UNSPEC
due to the received route type being RTN_BLACKHOLE,
RTN_UNREACHABLE or RTN_PROHIBIT then just trust that
the nexthop is just what it is and set accordingly.
Fixes: #1082
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Now that all rib functions are afi/safi independent,
allow import-table to work with v6 routes too.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
There are 3 different implementations of is_prefix.
Standardize on is_prefix_default and fix it's implementation.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The connected_down_ipv[4|6] functions are basically identical.
Refactor into one common interface.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The connected_up_ipv[4|6] functions were almost identical.
Combine the forces for the goodness of mankind
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Using the previously-added vty_frame() support, this gets rid of all the
pointless empty "interface XYZ" blocks that get added for any interface
that shows up in the system (e.g. dummys, tunnels, etc.)
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
support processing of RTN_BLACKHOLE et al. from kernel and dump them
into appropriate blackhole rib entries.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
blackhole support was horribly broken. cleanup by removing blackhole
stuff from ZEBRA_FLAG_*
introduces support for "prohibit" routes (Linux/netlink only)
also clean up blackhole options on "ip route" vty commands.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
support configuring a point-to-point address on systems using ioctl
/ struct ifaliasreq. error out when interface/address type mismatch.
tested on FreeBSD 8.0-RELEASE.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
add a few bits to properly set a pointopoint address via netlink. the
structures have all the neccessary support, just need to send the proper
message bits to the kernel.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
meh. forgot to even look at the interface deletion path. this doesn't
really work well when looking for the local address in the subnet list
which has the connected prefix in it... loop ensues.
fix by using the connected prefix when looking at the list of connected
prefixes. duh.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
add a connected_check_ptp function which does the same as
connected_check, but takes an additional peer prefix argument.
also fix related prefixlen mixup in PtP addresses (the local part of a
PtP address always is /32, but previously the peer mask got copied.)
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
This warning is at odds with how the world works. Also, the code is
correct on all platforms we care about.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Specifically, gcc 4.2.1 on OpenBSD 6.0 warns about these; they're bogus
(gcc 4.2, being rather old, isn't quite as "intelligent" as newer
versions; the newer ones apply more logic and less warnings.)
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
1) Various socket close issues
2) Ensure afi passed is usable
3) Fix some reads beyond buffer and reads after free
4) Ensure some failure modes are handled properly
5) Memory Leak(s) fix
6) There is no 6.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Add the RMAP_COMPILE_SUCCESS and switch over to using it.
Refactoring allows a removal of a if statement to just
use the switch statement already in place. Additionally
the reworking cleans up memory freeing in a couple of spots.
In one spot we no longer will leak memory too.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Some differences compared to the old API:
* Now the redistributed routes are sent using address-family
independent messages (ZEBRA_REDISTRIBUTE_ROUTE_ADD and
ZEBRA_REDISTRIBUTE_ROUTE_DEL). This allows us to unify the ipv4/ipv6
zclient callbacks in the client daemons and thus remove a lot of
duplicate code;
* Now zebra sends all nexthops of the redistributed routes to the client
daemons, not only the first one. This shouldn't have any noticeable
performance implications and will allow us to remove an ugly exception
we had for ldpd (which needs to know all nexthops of the redistributed
routes). The other client daemons can simply ignore the nexthops if
they want or consult just the first one (e.g. ospfd/ospf6d/ripd/ripngd).
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
As noticed in 657cde1, the zapi_ipv[4|6]_route functions are broken in
many ways and that's the reason that many client daemons (e.g. ospfd,
isisd) need to send handcrafted messages to zebra.
The zapi_route() function introduced by Donald solves the problem
by providing a consistent way to send ipv4/ipv6 routes to zebra with
nexthops of any type, in all possible combinations including IPv4 routes
with IPv6 nexthops (for BGP unnumbered routes).
This patch goes a bit further and creates two new address-family
independent ZAPI message types that the client daemons can
use to advertise route information to zebra: ZEBRA_ROUTE_ADD and
ZEBRA_ROUTE_DELETE. The big advantage of having address-family independent
messages is that it allows us to remove a lot of duplicate code in zebra
and in the client daemons.
This patch also introduces the zapi_route_decode() function. It will be
used by zebra to decode route messages sent by the client daemons using
zclient_route_send(), which calls zapi_route_encode().
Later on we'll use this same pair of encode/decode functions to
send/receive redistributed routes from zebra to the client daemons,
taking the idea of removing code duplication to the next level.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Route attributes like tag, distance and metric are irrelevant when we
want to delete a route from a client daemon. The same can be said about
the nexthops of the route. Only the IP prefix and client protocol are
enough to identify the route we want to remove, considering that zebra
maintains at most one route from each client daemon for each prefix. Once
rib_delete() is called, it deletes the selected route with all of its
nexthops.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
This is the v6 counterpart of commit c963c20.
Fixes a bug where ipv6 routes received from babeld were being ignored.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
