Intermittently zebra and kernel are out of sync
when interface flaps and the add's/dels are in
same processing queue and zebra assumes no change in nexthop.
Hence we need to bring in a reinstall to kernel
of the nexthops and routes to sync their states.
Upon interface flap kernel would have deleted NHGs
associated to a interface (the one flapped),
zebra retains NHGs for 3 mins even though upper
layer protocol removes the nexthops (associated NHG).
As part of interface address add ,
re-add singleton NHGs associated to interface.
Ticket: #3173663
Issue: 3173663
Signed-off-by: Ashwini Reddy <ashred@nvidia.com>
Signed-off-by: Chirag Shah <chirag@nvidia.com>
When the user specifies `--command-log-always` in CLI arguments then also log
commands executed from loading the config file.
Signed-off-by: Christian Hopps <chopps@labn.net>
A particular flex-algo algorithm may remain in disabled state after
configuring it if its flex-algo definition is being spread in the area.
It happens sometimes that, in isis_sr_flex_algo_topo1 topotest, r3
flex-algo 203 is disabled on test8. It depends on the following
sequence on r3:
1. a LSP containing the flex-algo 203 definition is received from
either r1 or r2 (or both).
2. the local LSP is rebuilt by lsp_build() because of the flex-algo 203
configuration
3. isis_run_spf() recomputes the algo 203 SPF tree
A 1. 2. 3. sequence results in a working test whereas 2. 1. 3. is not
working. The second case issue is because of an inconsistent flex-algo
definition state between the following:
- in lsp_build(), isis_flex_algo_elected_supported_local_fad() returns
false because no flex-algo definition is known.
- in isis_run_spf(), isis_flex_algo_elected_supported() returns true
because a flex-algo definition is found.
Set a flex-algo state lsp_build() depending on flex-algo definition
existence that is used later in isis_run_spf().
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Free flex-algorithm database memory when an IS-IS area is destroyed.
Fixes: 735fb37db1 ("lib: add library for igp flexible-algorithm")
Fixes: 7f198e063c ("isisd: add isis flex-algo base interface")
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Clarify flex-algo MTYPE by creating a specific MTYPE definition to the
database of flex-algo information.
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
When using ls_stream2ted() function to parse Opaque Link State message to local
TED, in case of vertex or subnet deletion, the function return a pointer to the
deleted ls_element instead of NULL. This could lead into a potential pointer
corruption when caller try to access to the deleted ls_element.
This patch ensure that the ls_element pointer return by ls_stream2ted()
function is NULL when the message event is a delete operation for vertex and
subnet. Note that edge deletion was correctly handled.
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
In function ls_find_subnet(), prefix argument is directly copied into
subnet.key structure to find corresponding subnet in RB Tree. This could leadr
to a memory corruption. Function prefix_copy() must be used instead.
This patch replaces the direct prefix copy by a call to prefix_copy() function
to avoid this memory issue.
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
The typesafe hash _member() didn't check tabshift/count before
proceeding to look at the hash table, leading it to dereference a NULL
pointer when the hash table is in fact empty.
Test case added to tests/lib/test_typelist.
Note this function is not currently used anywhere. Only lib/cspf.c uses
_member(), but it does so on a RB-tree rather than a hash.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Looking at the coverity report, it complains that tabshift could be
zero, resulting in a uint32_t shifted by 33 (which is undefined.)
As I was confused by the "+ 1", in addition to the SA assume(), leave
some breadcumbs for next time this comes up.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
The error condition handled both failure to open
and a fstat failure. Just double check that the close
is appropriate to call.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
Add a function that returns a JSON-C structure containing a representation
of a termtable. This is intended to be a quick way to implement JSON
output to CLI commands.
Signed-off-by: Eric Kinzie <ekinzie@labn.net>
Define the IS-IS flex-algo structure in yang, the CLI configuration
commands and the skeletons of frontend and backend functions that are
called by the CLI code.
Signed-off-by: Hiroki Shirokura <hiroki.shirokura@linecorp.com>
Signed-off-by: Eric Kinzie <ekinzie@labn.net>
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Add a library to deal with Flexible Algorithm that will be common to
IS-IS and OSPF. The functions enables to deal with:
- Affinity-maps
- Extended Admin Group (RFC7308)
- Flex-Algo structures that contains the flex-algo configurations
Signed-off-by: Hiroki Shirokura <hiroki.shirokura@linecorp.com>
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
SR Algorithms are independent of specific IGPs
such as IS-IS. This commit adds lib/sr to
aggregate IGP agnostic functions and constants.
Signed-off-by: Hiroki Shirokura <hiroki.shirokura@linecorp.com>
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Previously was using an API that returned the root of the data tree given the
users input xpath value, and then used it like it was the leaf node (last not
first). So basically this CLI command only worked when one requested the root
node of the model.
Signed-off-by: Christian Hopps <chopps@labn.net>
Add a wrapper around lys_find_xpath which has an unfortunate API
returning an allocated set of schema nodes when we only ever expect and
want one.
Another libyang function `lys_find_path` returns a single node; however,
that function can assert/abort on invalid path values so is unsuitable
for user input.
Replace previous uses of `lys_find_path` with new API when dealing with
possible invalid path values (i.e., from a user).
Signed-off-by: Christian Hopps <chopps@labn.net>
kttps://datatracker.ietf.org/doc/html/draft-ietf-idr-node-target-ext-comm
unet> sh r1 vtysh -c 'sh ip bgp nei 192.168.1.2 adver'
BGP table version is 1, local router ID is 192.168.1.1, vrf id 0
Default local pref 100, local AS 65001
Status codes: s suppressed, d damped, h history, * valid, > best, = multipath,
i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 10.10.10.10/32 0.0.0.0 0 32768 i
Total number of prefixes 1
unet> sh r1 vtysh -c 'sh ip bgp nei 192.168.1.3 adver'
BGP table version is 1, local router ID is 192.168.1.1, vrf id 0
Default local pref 100, local AS 65001
Status codes: s suppressed, d damped, h history, * valid, > best, = multipath,
i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 10.10.10.10/32 0.0.0.0 0 32768 i
Total number of prefixes 1
unet> sh r2 vtysh -c 'show ip bgp 10.10.10.10/32'
% Network not in table
unet> sh r3 vtysh -c 'show ip bgp 10.10.10.10/32'
BGP routing table entry for 10.10.10.10/32, version 1
Paths: (1 available, best #1, table default)
Advertised to non peer-group peers:
192.168.1.1
65001
192.168.1.1 from 192.168.1.1 (192.168.1.1)
Origin IGP, metric 0, valid, external, best (First path received)
Extended Community: NT:192.168.1.3 NT:192.168.1.4
Last update: Tue Apr 11 23:19:33 2023
unet>
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
An L3VPN network can be configured on the main BGP instance,
with an SRv6 SID. By declaring a network, a seg6local route
is created but remains invalid.
The below BGP VPN configuration the default VRF has been
used:
> router bgp 1
> address-family ipv6 unicast
> sid vpn export auto
> rd vpn export 1:30
> rt vpn both 77:77
> import vpn
> export vpn
> network 2001:7::/64
> exit-address-family
The below seg6local route has been added:
> # show ipv6 route
> [..]
> B 2001:db8:2:2:300::/128 [20/0] is directly connected, unknown inactive, seg6local End.DT6 table 254, seg6 ::, weight 1, 00:00:07
>
When creating the seg6local route, an interface is used as nexthop.
The interface index is obtained from the vrf identifier. This is
true when using VRF interfaces, but is wrong when using the lo
interface which usually has the '1' ifindex whereas the vrf id for
the default VRF is 0.
Get the appropriate index from the vrf identifier.
The below seg6local route is visible:
> # show ipv6 route
> [..]
> B>* 2001:db8:1:1:300::/128 [20/0] is directly connected, lo, seg6local End.DT6 table 254, seg6 ::, weight 1, 00:00:15
>
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
- nice correspondence between new YANG grouping and shared library code.
- fixes bug with RIPNG use, certainly didn't work before.
- removes rip header from shared library code
- still has uses RIP_NODE/RIPNG_NODE as required by CLI foo.
Signed-off-by: Christian Hopps <chopps@labn.net>
The original uin64_t for the edge key in link state is not always appropriate
with IPv6 addresses. In some cases, 2 different edge with 2 different IPv6
addresses could conduct to the same key. The resulting TED is wrong in this
case.
This patch replace the uint64_t edge key by a dedicated structure. The
resulting key of the edge is:
- the local IPv4 address of the corresponding link
- the local IPv6 address if no IPv4 address is configured on the link
- the local + remote link ID for unnumbered address
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
When passing a prefix into a function let's pass by address instead
of pass by value. Let's save our stack space.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
When cleaning `ripd`, it should free `ctx->name` of `struct if_rmap_ctx`,
not `ctx` itself. Otherwise, it will lead to memory leak.
Signed-off-by: anlan_cs <vic.lan@pica8.com>
Currently the process of the `route-map` configuration for `per-vrf-rip`
is wrong.
There are two problems:
1. `ctx->name` for `if_rmap_ctx` is not initialized in `if_rmap_ctx_create()`.
2. The global `if_rmap_ctx_list` is wrongly used for `per-vrf-rip`.
So, two changes for it:
1. Correctly initializes `ctx->name`.
2. Use specific `if_rmap_ctx` for `per-vrf-rip`, not global one.
Note, this related implementation for `route-map` is only for `ripd`.
Before:
```
anlan(config)# route rip vrf vrf1
anlan(config-router)# route-map aa in lan
anlan(config-router)# do show run
!
router rip
route-map aa in lan
exit
!
```
After:
```
anlan(config)# route rip vrf vrf1
anlan(config-router)# route-map aa in lan
anlan(config-router)# do show run
!
router rip vrf vrf1
route-map aa in lan
exit
!
```
Signed-off-by: anlan_cs <vic.lan@pica8.com>
When daemons transition to mgmtd they should stop reading their split config
files, and let mgmtd do that, otherwise things can get out of sync.
Signed-off-by: Christian Hopps <chopps@labn.net>
The safi has no 0 value which it is set to as part of the
initialization. Let's just set it to a sensible value.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
event_add_XXXX functions have no failure path where
if you pass in a double event pointer that it could
return without setting the pointer. As such these
asserts make no sense and are unnecessary
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
While C compilers will generally process strings across lines, we really
don't want that. I rather treat this as the indication of the typo it
probably is warn about it than support this odd C edge case.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
The token value can be NULL if we run into something that failed to
parse. Throw a Python exception rather than SEGV.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
All the event changes exposed a bunch of places where
we were not properly following our standards. Just
clean them up in one big fell swoop.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
Effectively a massive search and replace of
`struct thread` to `struct event`. Using the
term `thread` gives people the thought that
this event system is a pthread when it is not
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
This is a first in a series of commits, whose goal is to rename
the thread system in FRR to an event system. There is a continual
problem where people are confusing `struct thread` with a true
pthread. In reality, our entire thread.c is an event system.
In this commit rename the thread.[ch] files to event.[ch].
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
During code inspection, it was noticed that the ipv4_prefix_table
as well as the ipv6_prefix_table are always created on map creation.
There are no paths where they are not created, thus testing for
them adds a bit of code that will always be true. Let's just
remove these extraneous tests.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
We have 2 competing versions of likely and unlikely
in babeld and nhrpd. Standardize onto lower case
versions and consolidate in the code.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
This commit contains fixes for the following issues found
- 'mgmt commit check' issued through 'vtysh -f' was actually commtting the changeset.
- On config validation failure backend, mgmtd was not passing the correct error-reason
to frontend.
- 'mgmt rollback ...' was reverting the change on backend, but config on mgmtd daemon
remains intact
Signed-off-by: Pushpasis Sarkar <pushpasis@gmail.com>
This commmit introduces Staticd as a backend client for the MGMTd
framework. All the static commands will be diverted to the MGMT
daemon and will use the transactional model to make changes to the
internal state. Similar mechanism can be used by other daemons to use
the MGMT framework in the future.
This commit includes the following functionalities in the changeset:
1. Diverts all the staticd (config only) commands to MGMTd.
2. Enrolls staticd as a backend client to use the MGMT framework.
3. Modify the staticd NB config handlers so that they can be compiled
into a library and loaded in the MGMTd process context.
Co-authored-by: Pushpasis Sarkar <pushpasis@gmail.com>
Co-authored-by: Abhinay Ramesh <rabhinay@vmware.com>
Co-authored-by: Ujwal P <ujwalp@vmware.com>
Signed-off-by: Yash Ranjan <ranjany@vmware.com>
This commit introduces the MGMT Transaction framework that takes
management requests from one (or more) frontend client sessions,
translates them into transactions and drives them to completion
in co-oridination with one (or more) backend client daemons
involved in the request.
This commit includes the following functionalities in the changeset:
1. Introduces the actual Transaction module. Commands added related to
transaction are:
a. show mgmt transaction all
2. Adds support for commit rollback feature which stores upto the 10
commit buffers. Each commit has a commit-id which can be used to
rollback to the exact configuration state.
Commands supported for this feature are:
a. show mgmt commit-history
b. mgmt rollback commit-id COMMIT_ID
3. Add hidden commands to enable record various performance metrics:
a. mgmt performance-measurement
b. mgmt reset-statistic
Co-authored-by: Pushpasis Sarkar <pushpasis@gmail.com>
Co-authored-by: Abhinay Ramesh <rabhinay@vmware.com>
Co-authored-by: Ujwal P <ujwalp@vmware.com>
Signed-off-by: Yash Ranjan <ranjany@vmware.com>
This commit introduces the MGMT Backend Interface which can be used
by back-end management client daemons like BGPd, Staticd, Zebra to
connect with new FRR Management daemon (MGMTd) and utilize the new
FRR Management Framework to let any Frontend clients to retrieve any
operational data or manipulate any configuration data owned by the
individual Backend daemon component.
This commit includes the following functionalities in the changeset:
1. Add new Backend server for Backend daemons connect to.
2. Add a C-based Backend client library which can be used by daemons
to communicate with MGMTd via the Backend interface.
3. Maintain a backend adapter for each connection from an appropriate
Backend client to facilitate client requests and track one or more
transactions initiated from Frontend client sessions that involves
the backend client component.
4. Add the following commands to inspect various Backend client
related information
a. show mgmt backend-adapter all
b. show mgmt backend-yang-xpath-registry
c. show mgmt yang-xpath-subscription
Co-authored-by: Pushpasis Sarkar <pushpasis@gmail.com>
Co-authored-by: Abhinay Ramesh <rabhinay@vmware.com>
Co-authored-by: Ujwal P <ujwalp@vmware.com>
Signed-off-by: Yash Ranjan <ranjany@vmware.com>
This commit introduces the Frontend Interface which can be used
by front-end management clients like Netconf server, Restconf
Server and CLI to interact with new FRR Management daemon (MGMTd)
to access and sometimes modify FRR management data.
This commit includes the following functionalities in the changeset:
1. Add new Frontend server for clients connect to.
2. Add a C-based Frontend client library which can be used by Frontend
clients to communicate with MGMTd via the Frontend interface.
3. Maintain a frontend adapter for each connection from an appropriate
Frontend client to facilitate client requests and track one or more
client sessions across it.
4. Define the protobuf message format for messages to be exchanged
between MGMTd Frontend module and the Frontend client.
5. This changeset also introduces an instance of MGMT Frontend client
embedded within the lib/vty module that can be leveraged by any FRR
daemon to connect to MGMTd's Frontend interface. The same has been
integrated with and initialized within the MGMTd daemon's process
context to implement a bunch of 'set-config', 'commit-apply',
'get-config' and 'get-data' commands via VTYSH
Co-authored-by: Pushpasis Sarkar <pushpasis@gmail.com>
Co-authored-by: Abhinay Ramesh <rabhinay@vmware.com>
Co-authored-by: Ujwal P <ujwalp@vmware.com>
Signed-off-by: Yash Ranjan <ranjany@vmware.com>
Features added in this commit:
1. Bringup/shutdown new management daemon 'mgmtd' along with FRR.
2. Support for Startup, Candidate and Running DBs.
3. Lock/Unlock DS feature using pthread lock.
4. Load config from a JSON file onto candidate DS.
5. Save config to a JSON file from running/candidate DS.
6. Dump candidate or running DS contents on the terminal or a file in
JSON/XML format.
7. Maintaining commit history (Full rollback support to be added in
future commits).
8. Addition of debug commands.
Co-authored-by: Yash Ranjan <ranjany@vmware.com>
Co-authored-by: Abhinay Ramesh <rabhinay@vmware.com>
Co-authored-by: Ujwal P <ujwalp@vmware.com>
Signed-off-by: Pushpasis Sarkar <pushpasis@gmail.com>
Like for IP addresses, this patch add a new format for printfrr collection to
print ISO System ID and Network address a.k.a IS-IS system ID & Network.
This new format is added to the library instead of isisd because other daemons
and tools need to print ISO System ID & Network Address.
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
Add a hash_clean_and_free() function as well as convert
the code to use it. This function also takes a double
pointer to the hash to set it NULL. Also it cleanly
does nothing if the pointer is NULL( as a bunch of
code tested for ).
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
There are some specific edge-cases when is a need to run FRR and another FRR
and/or another BGP implementation on the same box. Relaxing 127.0.0.0/8 for
this case might be reasonable.
An example below peering via 127.0.0.0/8 between FRR and GoBGP:
```
% ss -ntlp | grep 179
LISTEN 0 4096 127.0.0.1:179 0.0.0.0:*
LISTEN 0 128 127.0.0.2:179 0.0.0.0:*
% grep 127.0.0.2 /etc/frr/daemons
bgpd_options=" -A 127.0.0.1 -l 127.0.0.2"
% grep local /etc/gobgp/config.toml
local-address-list = ["127.0.0.1"]
donatas-pc# sh ip bgp summary
IPv4 Unicast Summary (VRF default):
BGP router identifier 192.168.10.17, local AS number 65001 vrf-id 0
BGP table version 0
RIB entries 0, using 0 bytes of memory
Peers 1, using 725 KiB of memory
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd PfxSnt Desc
127.0.0.1 4 65002 7 7 0 0 0 00:02:02 0 0 N/A
Total number of neighbors 1
donatas-pc#
```
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
Due to the wrong input argv id, "argv[idx_word]->arg"
fetched in-correctly and it clears all the route-maps instead of
specific one.
Now correct argv id is passed to clear the given route-map counters.
Also, use RMAP_NAME which allows to show list of configured
route-maps in the system.
After Fix:-
Ticket:#3407773
Issue:3407773
Testing: UT done
Before:
TORC11# clear route-map counters
<cr>
WORD route-map name
After:
TORC11# clear route-map counters
<cr>
RMAP_NAME route-map name
my-as
Signed-off-by: Chirag Shah <chirag@nvidia.com>
Signed-off-by: Sindhu Parvathi Gopinathan's <sgopinathan@nvidia.com>
When deleting a bfd peer during shutdown, let's ensure
that any scheduled events are actually stopped.
==7759== Invalid read of size 4
==7759== at 0x48BF700: _bfd_sess_valid (bfd.c:419)
==7759== by 0x48BF700: _bfd_sess_send (bfd.c:470)
==7759== by 0x492F79C: thread_call (thread.c:2008)
==7759== by 0x48E9BD7: frr_run (libfrr.c:1223)
==7759== by 0x1C739B: main (bgp_main.c:550)
==7759== Address 0xfb687a4 is 4 bytes inside a block of size 272 free'd
==7759== at 0x48369AB: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==7759== by 0x48BFA5A: bfd_sess_free (bfd.c:535)
==7759== by 0x2B7034: bgp_peer_remove_bfd (bgp_bfd.c:339)
==7759== by 0x29FF8A: peer_free (bgpd.c:1160)
==7759== by 0x29FF8A: peer_unlock_with_caller (bgpd.c:1192)
==7759== by 0x2A0506: peer_delete (bgpd.c:2633)
==7759== by 0x208190: bgp_stop (bgp_fsm.c:1639)
==7759== by 0x20C082: bgp_event_update (bgp_fsm.c:2751)
==7759== by 0x492F79C: thread_call (thread.c:2008)
==7759== by 0x48E9BD7: frr_run (libfrr.c:1223)
==7759== by 0x1C739B: main (bgp_main.c:550)
==7759== Block was alloc'd at
==7759== at 0x4837B65: calloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==7759== by 0x48F53AF: qcalloc (memory.c:116)
==7759== by 0x48BF98D: bfd_sess_new (bfd.c:397)
==7759== by 0x2B76DC: bgp_peer_configure_bfd (bgp_bfd.c:298)
==7759== by 0x2B76DC: bgp_peer_configure_bfd (bgp_bfd.c:279)
==7759== by 0x29BA06: peer_group2peer_config_copy (bgpd.c:2803)
==7759== by 0x2A3D96: peer_create_bind_dynamic_neighbor (bgpd.c:4107)
==7759== by 0x2A4195: peer_lookup_dynamic_neighbor (bgpd.c:4239)
==7759== by 0x21AB72: bgp_accept (bgp_network.c:422)
==7759== by 0x492F79C: thread_call (thread.c:2008)
==7759== by 0x48E9BD7: frr_run (libfrr.c:1223)
==7759== by 0x1C739B: main (bgp_main.c:550)
tl;dr -> Effectively, in this test setup we have 300 dynamic bgp
sessions all of which are using bfd. When a peer collision is detected
or we remove the peers, if an event has been scheduled but not actually
executed yet the event event was not actually being stopped, leaving
the bsp pointer on the thread->arg and causing a crash when it is
executed.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
Before this patch, if we destroy `any` flag for a prefix-list entry, we always
set destination as 0.0.0.0/0 and/or ::/0.
This means that, if we switch from `ip prefix-list r1-2 seq 5 deny any` to
`ip prefix-list r1-2 seq 5 permit 10.10.10.10/32` we will have
`permit any` eventually, which broke ACLs.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
Reading in prefix-lists is reading in the specified
prefix list and validating that the prefix is unique
2 times. This makes no sense. Relax the requirement
that a prefix list can limit this as well as completely
remove this check. Validation then just becomes
does this prefix-list specified actually make sense
and that is taken care of by the the cli code.
Reading in prefix-lists was looking for duplicate prefixes
2 times instead of doing it just one time. Let's just
not do it at all.
By doing this change, The code changes from never
completing for a 27k long prefix-list to taking
just under 30 seconds, with 4 daemons processing
this data.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
The old initialization/config API is deprecated in Python 3.11. Make
clippy use the new one added in 3.8 if it's that version or newer.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
a) Make it legible what type of message is being passed
back and forth instead of having to guess it from
the insufficient debugs
b) Make it explicit which bgp instance is sending this
data
c) Cleanup bgp_zebra_update to have a cleaner api
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
In current code, some ASNUMs with redundant zero are legal,
e.g. "1.01", "01.1", "1.001", "001.1", and more. They should
be forbidden.
Signed-off-by: anlan_cs <vic.lan@pica8.com>
Pass context argument by value on initialization to be clear that the
value is used/saved but not a pointer to the value. Previously the
northbound code was incorrectly holding a pointer to stack allocated
context structs.
However, the structure definition also had some musings (ifdef'd out
code) and a comment that might be taken to imply that user data could
follow the structure and thus be maintained by the code; it won't; so it
can't; so get rid of the disabled misleading code/text from the
structure definition.
The common use case worked b/c the transaction which cached the pointer
was created and freed inside a single function
call (`nb_condidate_commit`) that executed below the stack allocation.
All other use cases (grpc, confd, sysrepo, and -- coming soon -- mgmtd)
were bugs.
Signed-off-by: Christian Hopps <chopps@labn.net>
The l2vpn afi was not being properly displayed
when a show run was being issued. Add a
afi2str_lower function and use it.
Fixes: #12867
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
Currently we unconditionally send a prefix through the optimized
route-map codepath if the v4 and v6 LPM tables have been allocated and
optimization has not been disabled.
However prefixes from address-families that are not IPv4/IPv6 unicast
always fail the optimized route-map index lookup, because they occur on
an LPM tree that is IPv4 or IPv6 specific.
e.g.
Even if you have an empty permit route-map clause, Type-3 EVPN routes
are always denied:
```
--config
route-map soo-foo permit 10
--logs
2023/02/17 19:38:42 BGP: [KZK58-6T4Y6] No best match sequence for pfx: [3]:[0]:[32]:[2.2.2.2] in route-map: soo-foo, result: no match
2023/02/17 19:38:42 BGP: [H5AW4-JFYQC] Route-map: soo-foo, prefix: [3]:[0]:[32]:[2.2.2.2], result: deny
```
There is some existing code that creates an AF_INET/AF_INET6 prefix
using the IP/prefix information from a Type-2/5 EVPN route, which
allowed only these two route-types to successfully attempt an LPM lookup
in the route-map optimization trees via the converted prefix.
This commit does 3 things:
1) Reverts to non-optimized route-map lookup for prefixes that are not
AF_INET or AF_INET6.
2) Cleans up the route-map code so that the AF check is part of the
index lookup + the EVPN RT-2/5 -> AF_INET/6 prefix conversion occurs
outside the index lookup.
3) Adds "debug route-map detail" logs to indicate when we attempt to
convert an AF_EVPN prefix into an AF_INET/6 prefix + when we fallback
to a non-optimized lookup.
Additional functionality for optimized lookups of prefixes from other
address-families can be added prior to the index lookup, similar to how
the existing EVPN conversion works today.
New behavior:
```
2023/02/17 21:44:27 BGP: [WYP1M-NE4SY] Converted EVPN prefix [5]:[0]:[32]:[192.0.2.7] into 192.0.2.7/32 for optimized route-map lookup
2023/02/17 21:44:27 BGP: [MT1SJ-WEJQ1] Best match route-map: soo-foo, sequence: 10 for pfx: 192.0.2.7/32, result: match
2023/02/17 21:44:27 BGP: [H5AW4-JFYQC] Route-map: soo-foo, prefix: 192.0.2.7/32, result: permit
2023/02/17 21:44:27 BGP: [WYP1M-NE4SY] Converted EVPN prefix [2]:[0]:[48]:[aa:bb:cc:00:22:22]:[32]:[20.0.0.2] into 20.0.0.2/32 for optimized route-map lookup
2023/02/17 21:44:27 BGP: [MT1SJ-WEJQ1] Best match route-map: soo-foo, sequence: 10 for pfx: 20.0.0.2/32, result: match
2023/02/17 21:44:27 BGP: [H5AW4-JFYQC] Route-map: soo-foo, prefix: 20.0.0.2/32, result: permit
2023/02/17 21:44:27 BGP: [KHG7H-RH4PN] Unable to convert EVPN prefix [3]:[0]:[32]:[2.2.2.2] into IPv4/IPv6 prefix. Falling back to non-optimized route-map lookup
2023/02/17 21:44:27 BGP: [MT1SJ-WEJQ1] Best match route-map: soo-foo, sequence: 10 for pfx: [3]:[0]:[32]:[2.2.2.2], result: match
2023/02/17 21:44:27 BGP: [H5AW4-JFYQC] Route-map: soo-foo, prefix: [3]:[0]:[32]:[2.2.2.2], result: permit
```
Signed-off-by: Trey Aspelund <taspelund@nvidia.com>
Commit d7c6467ba2 added the
ability to specify non pretty printing but unfortunately
forgot to use the option variable to make the whole
thing work.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
Implement: https://datatracker.ietf.org/doc/html/draft-abraitis-bgp-version-capability
Tested with GoBGP:
```
% ./gobgp neighbor 192.168.10.124
BGP neighbor is 192.168.10.124, remote AS 65001
BGP version 4, remote router ID 200.200.200.202
BGP state = ESTABLISHED, up for 00:01:49
BGP OutQ = 0, Flops = 0
Hold time is 3, keepalive interval is 1 seconds
Configured hold time is 90, keepalive interval is 30 seconds
Neighbor capabilities:
multiprotocol:
ipv4-unicast: advertised and received
ipv6-unicast: advertised
route-refresh: advertised and received
extended-nexthop: advertised
Local: nlri: ipv4-unicast, nexthop: ipv6
UnknownCapability(6): received
UnknownCapability(9): received
graceful-restart: advertised and received
Local: restart time 10 sec
ipv6-unicast
ipv4-unicast
Remote: restart time 120 sec, notification flag set
ipv4-unicast, forward flag set
4-octet-as: advertised and received
add-path: received
Remote:
ipv4-unicast: receive
enhanced-route-refresh: received
long-lived-graceful-restart: advertised and received
Local:
ipv6-unicast, restart time 10 sec
ipv4-unicast, restart time 20 sec
Remote:
ipv4-unicast, restart time 0 sec, forward flag set
fqdn: advertised and received
Local:
name: donatas-pc, domain:
Remote:
name: spine1-debian-11, domain:
software-version: advertised and received
Local:
GoBGP/3.10.0
Remote:
FRRouting/8.5-dev-MyOwnFRRVersion-gdc92f44a45-dirt
cisco-route-refresh: received
Message statistics:
```
FRR side:
```
root@spine1-debian-11:~# vtysh -c 'show bgp neighbor 192.168.10.17 json' | \
> jq '."192.168.10.17".neighborCapabilities.softwareVersion.receivedSoftwareVersion'
"GoBGP/3.10.0"
root@spine1-debian-11:~#
```
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
Make the htonll/ntohll functions compile time determined
since we have MACROS to determine endianess and bonus
points it makes it more readable.
Signed-off-by: Stephen Worley <sworley@nvidia.com>
I don't believe label can be NULL in any calling path
but SA thinks so so let's just assert here to be safe
anyway and make it happy.
Signed-off-by: Stephen Worley <sworley@nvidia.com>
Add the ability for sharpd to install vni labels for testing.
This patch is just for testing/dev work purposes with evpn.
It adds some code to vty for nexthop-groups so we can explicitly
add a label to nexthops and then let sharpd encode them to zebra.
Signed-off-by: Stephen Worley <sworley@nvidia.com>
Add the ability to specify the label type along with the labels
you are passing to zebra in zapi_nexthop. This is needed as we
abstract the label code to be re-used by evpn as well as mpls.
Protocols need to be able to set the type of label they have attached.
Signed-off-by: Stephen Worley <sworley@nvidia.com>
Use the already existing mpls label code to store VNI
info for vxlan. VNI's are defined as labels just like mpls,
we should be using the same code for both.
This patch is the first part of that. Next we will need to
abstract the label code to not be so mpls specific. Currently
in this, we are just treating VXLAN as a label type and storing
it that way.
Signed-off-by: Stephen Worley <sworley@nvidia.com>
Add a function nexthop_group_has_label() for determining
if even a single nexthop in the group has a label on it.
Signed-off-by: Stephen Worley <sworley@nvidia.com>
Change the bool to a uint32_t and setup a flag to test
for and set against. Future commits will allow
a debug detail which should be used by match/set statements
to give further context of what is going on.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
Use the defines for distance that are in zebra.h. We could
easily have a cluster where we don't agree with ourselves. So
let's convert zebra to use the defines in zebra.h
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
