Embed Prefix-SID information inside SPF data structures so that
Prefix-SIDs can be installed together with their associated routes
at the end of the SPF algorithm. This is different from the current
implementation where Prefix-SIDs are parsed and processed separately,
which is vastly suboptimal.
Advantages of the new code:
* No need to parse the LSPDB an additional time to detect and process
SR-related changes;
* Routes are installed with their Prefix-SID labels in the same ZAPI
message. This can prevent packet dropping for a few milliseconds
after each SPF run if there are BGP-labeled routes (e.g. L3VPN) that
recurse on IGP labeled routes;
* Much easier to support Anycast-SIDs, as the SPF code will naturally
figure out the best nexthops and use only them (that can't be done
in any reasonable way if the Prefix-SID Sub-TVLs are processed
separately);
* Less code to maintain and reduced memory footprint;
The "show isis segment-routing prefix-sids" command was removed as
it doesn't make sense anymore now that "show isis route" exists.
Prefix-SIDs are a property of routes, so what was done was to extend
the "show isis route" command with a new "prefix-sid" option that
changes the output table to show the Prefix-SID information associated
to each route.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
This is preparatory change for the upcoming SR Prefix-SID
refactoring.
Since Prefix-SID information will be stored inside IS-IS routes
(instead of being maintained separately), it will be necessary to
have local routes in order to store local Prefix-SID information.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
When both old and new-style TLVs exist for a particular prefix, give
precedence to the new-style TLV (like JUNOS does) when generating
routes from the SPT. This changes the current behavior which is to
generate a route for both TLVs, whereas the first is overwritten by
the second in a non-deterministic order (i.e. either the old-style
or the new-style TLV can "win" depending on how the SPF TENTative
list is arranged).
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Change thread_cancel to take a ** to an event, NULL-check
before dereferencing, and NULL the caller's pointer. Update
many callers to use the new signature.
Signed-off-by: Mark Stapp <mjs@voltanet.io>
Interface area-tag is not supposed to be modified once defined, but the
necessary check is currently broken, because the circuit is never in
init_circ_list if the area-tag is already configured for the interface.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
TI-LFA is a modern fast-reroute (FRR) solution that leverages Segment
Routing to pre-compute backup nexthops for all destinations in the
network, helping to reduce traffic restoration times whenever a
failure occurs. The backup nexthops are expected to be installed
in the FIB so that they can be activated as soon as a failure
is detected, making sub-50ms recovery possible (assuming an
hierarchical FIB).
TI-LFA is a huge step forward compared to prior IP-FRR solutions,
like classic LFA and Remote LFA, as it guarantees 100% coverage
for all destinations. This is possible thanks to the source routing
capabilities of SR, which allows the backup nexthops to steer traffic
around the failures (using as many SIDs as necessary). In addition
to that, the repair paths always follow the post-convergence SPF
tree, which prevents transient congestions and suboptimal routing
from happening.
Deploying TI-LFA is very simple as it only requires a single
configuration command for each interface that needs to be protected
(both link protection and node protection are available). In addition
to IPv4 and IPv6 routes, SR Prefix-SIDs and Adj-SIDs are also
protected by the backup nexthops computed by the TI-LFA algorithms.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
We have this pattern in the code base:
if (thread)
THREAD_OFF(thread);
If we look at THREAD_OFF we check to see if thread
is non-null too. So we have a double check.
This is unnecessary. Convert to just using THREAD_OFF
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
The code in isisd uses `circuit->area->isis` all the time
but we know that circuit now has a valid `circuit->isis` pointer
so let's use that and cleanup the long dereference.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
There are code paths where we were not always setting the
circuit->isis on creation. Fix that up so it will always
happen.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
Lookup in C_STATE_NA must be made before the new circuit creation, or it
will be leaked if the isis instance is not found. All other lookups are
unnecessary - we just need to remember the previously used instance.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
* add files to vtysh_scan when building only fabricd
* don't add isisd/fabricd commands when daemon build is disabled
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
An adjacency should be removed when the holdtimer expires, but if the
system is overloaded we may end up doing it late. In the meanwhile vtysh
will display an incorrect value in the show isis neighbor output, due to
an overflow of the unsigned variable used to display the Holdtime, e.g.:
pe1# show isis neighbor
Area test:
System Id Interface L state Holdtime SNPA
Spirent-1 2.201 1 Down 26 2020.2020.2020
Spirent-1 2.203 1 Up 21 2020.2020.2020
Spirent-1 2.204 1 Up 18446744073709551615 2020.2020.2020
Spirent-1 2.207 1 Up 18446744073709551615 2020.2020.2020
Spirent-1 2.208 1 Up 18446744073709551615 2020.2020.2020
Spirent-1 2.209 1 Up 0 2020.2020.2020
Spirent-1 2.210 1 Up 18446744073709551615 2020.2020.2020
pe2 12.200 1 Up 30 2020.2020.2020
Guard against that by printing an "Expiring" message instead.
Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
There is no need to call isis_adj_state_change_hook once per level
in isis_adj_state_change, we can just do it once at the end.
Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
suppress route-event logs that are uninformative and add more info to
the ones that matter, i.e. hints on what changed in a route update. The
suppressed logs can be enabled by defining EXTREME_DEBUG to 1, similarly
to what is done elsewhere in isisd (e.g. in isis_spf.c)
Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
Currently, when the is-type of an area is changed and its circuits resign,
we are not resetting the DIS flag. Consequently, if the area type is reverted
we are not running the DR election and not regenerating the pseudonode LSP.
Also adding event debug logs for circuit commence/resign.
Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
1. Added isis with different vrf and it's dependecies.
2. Added new vrf leaf in yang.
3. A minor change for IF_DOWN_FROM_Z passing argrument is
replaced with ifp pointer in api "isis_if_delete_hook()".
4. Minor fix in the isisd spf unit test.
Co-authored-by: Kaushik <kaushik@niralnetworks.com>"
Signed-off-by: harios_niral <hari@niralnetworks.com>
RFC 7490 says:
"The reverse SPF computes the cost from each remote node to root. This
is achieved by running the normal SPF algorithm but using the link
cost in the direction from the next hop back towards root in place of
the link cost in the direction away from root towards the next hop".
Support for reverse SPF will be necessary later as it's one of the
algorithms used to compute R-LFA/TI-LFA repair paths.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Now that the IS-IS SPF code is more modular, write some unit tests
for it.
This commit includes a new test program called "test_isis_spf" which
can load any test topology (there are 13 different ones available)
and run SPF on any desired node. In the future this same test program
and topologies will also be used to test reverse SPF and TI-LFA.
The "test_common.c" file contains helper functions used to parse the
topology descriptions from "test_topologies.c" into LSP databases
that can be used as an input to the SPF code.
This commit also introduces the F_ISIS_UNIT_TEST flag which is used
to prevent the IS-IS code from scheduling any event when running
under the context of an unit test.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
The goal of modularizing the SPF code is to make it possible for
isisd to run SPF in the behalf of other nodes in the network, which
is going to be necessary later when implementing the R-LFA/TI-LFA
solutions. On top of that, a modularized SPF opens the door for
much needed unit testing.
Summary of the changes:
* Change the isis_spf_preload_tent() function to use the local LSP
as an input (as per the ISO specification) instead of populating
the TENT based on the list of local interfaces;
* Introduce the "isis_spf_adj" structure to represent an SPF
adjacency. SPF adjacencies are inferred from the LSPDB, different
from normal adjacencies formed using IIH messages;
* Introduce the F_SPFTREE_NO_ROUTES flag to control whether the
SPT should create routes or not;
* Introduce the F_SPFTREE_NO_ADJACENCIES flag to specify whether
IS-IS adjacency information is available or not. When running SPF
in the behalf of other nodes, or under the context of an unit test,
no adjacency information will be present.
* On isis_area_create(), move some code around so that the area's isis
backpointer is set as early as possible.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Introduce the "show isis route" command to display the routes
associated to an SPF tree. Different from the "show ip route" command,
"show isis route" displays the L1 and L2 routes separately (and not
the best routes only).
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
* Bring back some consts that were removed;
* Replace ALL_LIST_ELEMENTS by ALL_LIST_ELEMENTS_RO whenever
possible;
* Fix some CLI return values;
* Remove some unnecessary initializations.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
This is mostly a cosmetic change to make the code more modular,
more elegant and easier to understand.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Iterating over all IP or IS reachability information from a given
LSP isn't a trivial task. That information is scattered throughout
different TLV types, and which ones need to be used depend on
multiple variables (e.g. the SPF tree address family, MT-ID,
etc). This not to mention that an LSP might consist of multiple
fragments.
Introduce the following two LSP iteration function to facilitate
obtaining IP/IS reachability information from a given LSP:
* isis_lsp_iterate_ip_reach()
* isis_lsp_iterate_is_reach()
These functions will be used extensively by the upcoming TI-LFA
code.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Always fill the buffer provided by the user to prevent unexpected
results and make the function fully reentrant.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
1. Created a structure "isis master".
2. All the changes are related to handle ISIS with different vrf.
3. A new variable added in structure "isis" to store the vrf name.
4. The display commands for isis is changed to support different VRFs.
Signed-off-by: Kaushik <kaushik@niralnetworks.com>
Don't use the same starting time for all SPF trees otherwise the
results won't be accurate (they will accumulate instead of being
computed separately).
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
This should simplify all code that needs to iterate over all
adjacencies of a given area (iterating over all adjacencies of all
circuits is cumbersome).
While here, repurpose isis_adj_exists() into a lookup function,
making it more generally useful.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
The global isis structure can't be created/destroyed using the CLI,
so there's no need to define a QOBJ for it.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Make that function accept an IS-IS area pointer instead of an
area name, making it more in line with the rest of the code base
(*delete() functions shouldn't perform lookups internally).
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Some commands were using IS-IS while others were using ISIS. Fix
this inconsistency (prefer the former option for obvious reasons).
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
This fixes a problem where "show isis summary" could display
inconsistent information about the IPv6 dst-src SPT when
"ipv6-dstsrc" wasn't explicitly configured.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
A recent refactoring changed how isisd parses SR information from
the LSPDB and introduced a regression that prevents Prefix-SIDs to
work over unnumbered interfaces. Fix this.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
DEFPY_YANG will allow the CLI to identify which commands are
YANG-modeled or not before executing them. This is going to be
useful for the upcoming configuration back-off timer work that
needs to commit pending configuration changes before executing a
command that isn't YANG-modeled.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
constants are int-typed, so adding something to an uint8_t yields an
int. Nevermind the fact that varargs calling conventions require
upcasting everything smaller than an int to an int anyways...
Signed-off-by: David Lamparter <equinox@diac24.net>
Remove mid-string line breaks, cf. workflow doc:
.. [#tool_style_conflicts] For example, lines over 80 characters are allowed
for text strings to make it possible to search the code for them: please
see `Linux kernel style (breaking long lines and strings)
<https://www.kernel.org/doc/html/v4.10/process/coding-style.html#breaking-long-lines-and-strings>`_
and `Issue #1794 <https://github.com/FRRouting/frr/issues/1794>`_.
Scripted commit, idempotent to running:
```
python3 tools/stringmangle.py --unwrap `git ls-files | egrep '\.[ch]$'`
```
Signed-off-by: David Lamparter <equinox@diac24.net>
no need to check cicuit->area, as all code paths leading there
had already dereferenced it.
Fixes CID 1496314
Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
BFD profiles can now be used on the interface level like this:
interface eth1
ip router isis 1
isis bfd
isis bfd profile default
Here the 'default' profile needs to be specified as usual in the
bfdd configuration.
Signed-off-by: GalaxyGorilla <sascha@netdef.org>
the code in isis_spf_add2tent was asserting in case the vertex
we were trying to add was already present in the path or tent
trees. This however CAN happen if the user accidentally configures
the system Id of the area to the same value of an estabished
neighbor. Handle this more gracefully by logging and returning,
to prevent crashes.
Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
Unfortunately as the topotests show a fast recovery after failure
detection due to BFD is currently not possible because of the following
issue:
There are multiple scheduling mechanisms within isisd to prevent
overload situations. Regarding our problem these two are important:
* scheduler for regenerating ISIS Link State PDUs scheduler for managing
* consecutive SPF calculations
In fact both schedulers are coupled, the first one triggers the second
one, which again is triggered by isis_adj_state_change (which again is
triggered by a BFD 'down' message). The re-calculation of SPF paths
finally triggers updates in zebra for the RIB.
Both schedulers work as a throttle, e.g. they allow the regeneration of
Link State PDUs or a re-calculation for SPF paths only once within a
certain time interval which is configurable (and by default different!).
This means that a request can go through the first scheduler but might
still be 'stuck' at the second one for a while. Or a request can be
'stuck' at the first scheduler even though the second one is ready. This
also explains the 'random' behaviour one can observe testing since a
'fast' recovery is only possible if both schedulers are ready to process
this request.
Note that the solution in this commit is 'thread safe' in the sense that
both schedulers use the same thread master such that the introduced
flags are only used exactly one time (and one after another) for a
'fast' execution.
Further there are some irritating comments and logs which I partially
removed. They seems to be not valid anymore due to changes in thread
management (or they were never valid in the first place).
Signed-off-by: GalaxyGorilla <sascha@netdef.org>
if we shutdown an interface isisd will delete the adjacencies
on the corresponding circuit, but it will not log the change.
Fix it to make sure that each change is logged. Also specify
the level of the adjacency in the log message, while we are at it.
Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
1. The socket() call replaced with vrf_socket() in open_packet_socket().
2. One new isisd privileges is added in zebra_capabilities_t [].
Signed-off-by: Kaushik <kaushik@niralnetworks.com>
For Segment Routing, isis_tlvs.c may failed if incorrect or maformed TLVs
are sent to the FRR router. This patch improve detection of such subTLVs error
and skip them, in particular for SRGB, SRLB and MSD subTLVs.
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
Initial attempt to connect to the Label Manager used an infinite loop with
a sleep statement which block isisd until Label Manager connection fire up.
This commit changes the way Label Manager connection is established and uses
a `thread_add_timer()` call to re-attempt to establish the connection in case
of failure (zebra or label manager not ready).
New variables are added to the SRDB in order to control the request of SRGB
and SRLB to the Label Manager to start Segment Routing in a safe way.
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
Segment Routing Local Block (SRLB) is part of RFC8667. This change introduces
the possibility for isisd to advertize SRLB in LSP. Base and Range of SRLB
could be configured through CLI or Yang.
Adjacency-SID are now using this SRLB for label allocation. SRLB could also
be used for SID-Binding (e.g. LDP to SR).
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
before the last commit, it was possible under some
circumstances to call isis_circuit_af_set on a circuit
with a NULL area, e.g. if the circuit was deconfigured
due to a validation error. While this should not happen
now, let's add an explicit check to avoid crashing if
a regression is introduced.
Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
if we are not able to bring a circuit up due to some config
issue, e.g. a low MTU compared to the area lsp-mtu, we should
not remove the configuration, as this will push out of sync
with the YANG state and create more issues down the line.
Instead, keeping the circuit state at C_STATE_CONF should be
sufficient.
For the specific case of the MTU mismatch above, this also means
that when we receive a new IF_UP_FROM_Z when the MTU is changed
we will be able to bring the circuit up as we should.
Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
there are some paths, e.g. when an established neighbor
sends us hellos with a different IS level, where we go
from adj_state UP to INIT. In such cases we might not
update our SPFs or the circuit state, as the state change
function was only testing for the UP and DOWN cases.
Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
On some cases (protocol convergence down or daemon exit) we'll have the
interface pointer in the circuit as `NULL`, so don't attempt to access
it.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
we were not correctly checking the MPLS-TE status of the area when
adding an IP address to a circuit, and this was preventing the local
address TLV to be populated after an interfaced flap.
Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
The northbound configuration callbacks should now print error
messages to the provided buffer (args->errmsg) instead of logging
them directly. This will allow the northbound layer to forward the
error messages to the northbound clients in addition to logging them.
NOTE: many callbacks are returning errors without providing any
error message. This needs to be fixed long term.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
if mpls-te is enabled in the area, on creating a circuit we
must refresh the link params - else interfaces that are enabled
for IS-IS after configuring 'mpls-te on' will not correctly
advertise link parameters.
Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
Now that the "frr-interface" list has a "state" container, move the
IS-IS interface state nodes underneath it using a new augmentation.
Also, update the IS-IS SR topotest to account for this change. Make
use of symlinks where possible to avoid having multiple files with
the same content.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Add a null check to solve the problem (circuit->u.bc.adjdb[level - 1]
is guaranteed to be non-null only on L1/L2 areas).
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
* Regroup fonctions to install label for Prefix and Adjacency SID
* Change 'replace_semantics' variable name by 'make_before_break' in
sr_prefix_reinstall() function and adjust comments
* Call directly lsp_regenerate_schedule() from isis_nb_config.c when MSD
is updated
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
* Rename functions following rules: isis_sr_XXX is kept for external functions
and isis_sr prefix remove for static ones
* Rename local_label & remote_label variables by input_label & output_label
* Change parameter order (to follow other functions) in sr_node_srgb_update()
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
* Rename RB-TREE variable from tree_sr_XXX to srdb_XXX
* Replace parse_flags by an enum and rename it srdb_state which reflects
more the role of this flag: determined the state of SR-Node and SR-Prefix
stored in the SRDB: VALIDATED, NEW, MODIFIED, UNCHANGED
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
This change modify the way IS-IS is connected to the Label Manager:
- Add emission of Hello Message prior to the connection as per
modification introduced by PR #5925
- Add 'session_id' as per modification introduced by PR #6224
- Add Doxygen documentation to Label Manager functions
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
Update label enforcement due to modification in zapi message:
zapi_nexthop_label becomes zapi_nexthop as per PR #5813
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
This is an implementation of the IS-IS SR draft [1] for FRR.
The following features are supported:
* IPv4 and IPv6 Prefix-SIDs;
* IPv4 and IPv6 Adj-SIDs and LAN-Adj-SIDs;
* Index and absolute labels;
* The no-php and explicit-null Prefix-SID flags;
* Full integration with the Label Manager.
Known limitations:
* No support for Anycast-SIDs;
* No support for the SID/Label Binding TLV (required for LDP interop).
* No support for persistent Adj-SIDs;
* No support for multiple SRGBs.
[1] draft-ietf-isis-segment-routing-extensions-25
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
In the name of consistency, these commands are very similar to the
ospfd SR configuration commands.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Most definitions were borrowed from the IETF IS-IS SR YANG module,
with a few adaptations. Of particular notice are the following:
* No support for the configuration of multiple SRGBs.
* No distinction between local and connected Prefix-SIDs, both are
configured the same way.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
isisd implements an optimization that allows multiple routes to
share the same nexthop (using a refcount) in order to save memory.
Now that SR support is coming, however, it will be necessary to
embed additional SR-related information inside the isis_nexthop
structure. But this can only be done if the nexthops aren't shared
among routes anymore.
Removing this memory optimization should have minimal impact since
the isis_nexthop structure is really small. On large networks with
thousands of routes, the memory saving would be in the order of a
few kilobytes. Not something we should be concerned about nowadays.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
The new log_uptime() function logs an UNIX timestamp to a buffer
provided by the user. It's very flexibile and can be used in a
variety of contexts, different from vty_out_timestr() which is too
tied to the VTY code.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
The 'isis_adj_ip_enabled_hook' hook will be called whenever
an adjacency goes from zero to one or more IPv4 or IPv6
addresses. Conversely, the 'isis_adj_ip_disabled_hook' hook will
be called whenever an adjacency goes from one or more IPv4/IPv6
addresses to no addresses at all.
These hooks will be used by the upcoming SR code to add/delete
Adj-SIDs depending on the IP addresses present in the remote
adjacencies.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
These are easy to get subtly wrong, and doing so can cause
nondeterministic failures when racing in parallel builds.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Since this command is modeled using YANG, it's already displayed
as part of the call to nb_cli_show_dnode_cmds(). Calling the
'isis_circuit_config_write' hook was only making that command
to be displayed twice.
The aforementioned hook is still necessary for fabricd, which wasn't
converted to the new northbound model yet.
Fixes#6281.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Having a fixed set of parameters for each northbound callback isn't a
good idea since it makes it difficult to add new parameters whenever
that becomes necessary, as several hundreds or thousands of existing
callbacks need to be updated accordingly.
To remediate this issue, this commit changes the signature of all
northbound callbacks to have a single parameter: a pointer to a
'nb_cb_x_args' structure (where x is different for each type
of callback). These structures encapsulate all real parameters
(both input and output) the callbacks need to have access to. And
adding a new parameter to a given callback is as simple as adding
a new field to the corresponding 'nb_cb_x_args' structure, without
needing to update any instance of that callback in any daemon.
This commit includes a .cocci semantic patch that can be used to
update old code to the new format automatically.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Replace sprintf with snprintf where straightforward to do so.
- sprintf's into local scope buffers of known size are replaced with the
equivalent snprintf call
- snprintf's into local scope buffers of known size that use the buffer
size expression now use sizeof(buffer)
- sprintf(buf + strlen(buf), ...) replaced with snprintf() into temp
buffer followed by strlcat
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
When we call isis_adj_state_change with ISIS_ADJ_DOWN
we free the pointer, but we were still using the pointer
after it was freed. Cleanup the api to prevent this.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Replace all `random()` calls with a function called `frr_weak_random()`
and make it clear that it is only supposed to be used for weak random
applications.
Use the annotation described by the Coverity Scan documentation to
ignore `random()` call warnings.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
And again for the name. Why on earth would we centralize this, just so
people can forget to update it?
Signed-off-by: David Lamparter <equinox@diac24.net>
Same as before, instead of shoving this into a big central list we can
just put the parent node in cmd_node.
Signed-off-by: David Lamparter <equinox@diac24.net>
There is really no reason to not put this in the cmd_node.
And while we're add it, rename from pointless ".func" to ".config_write".
[v2: fix forgotten ldpd config_write]
Signed-off-by: David Lamparter <equinox@diac24.net>
The only nodes that have this as 0 don't have a "->func" anyway, so the
entire thing is really just pointless.
Signed-off-by: David Lamparter <equinox@diac24.net>
for some reason, when issuing a 'no metric-style' command we were
setting the metric-style to narrow, even though the default is
actually wide. Use NULL to avoid similar problems in the future.
Likewise, the 'no is-type' command was still trying to implement
the old logic of applying a different default for the first area.
In practice this had no effect because the value would now be the
same in both cases, but it's better to remove useless code anyway.
Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
Yang constraints enforced by the northbound callbacks require that
the maximum lifetime be >= than (refresh interval + 300). When we are
moving from one config to another through frr-reload.py, we issue
a number of vtysh -c commands ('no lsp-refresh-interval level-1 500',
'no max-lsp-lifetime level-1 1000'), which reset these parameters to their
default values, respectively 900 and 1200. Depending on the actual
values in the current config, the order in which these commands are sent
might be the wrong one, in that we hit an invalid intermediate state and
make vtysh (and by extension frr-reload.py) return an error.
As a workaround, let's add a one-liner command that sets all these
inter-related parameters in one go, and make isisd display them as a
single line too, so that the diff will be computed as a single command.
The old individual commands are kept to ensure backwards compatibility.
Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
once again, for both hello-multiplier and hello-interval
the order in which the number and level were shown in the
cli_show methods was inverted compared to the vtysh command,
which created issues with frr-reload.py.
Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
Line break at the end of the message is implicit for zlog_* and flog_*,
don't put it in the string. Mid-message line breaks are currently
unsupported. (LF is "end of message" in syslog.)
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Some logging systems are, er, "allergic" to tabs in log messages.
(RFC5424: "The syslog application SHOULD avoid octet values below 32")
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
User is reporting:
2020/03/21 03:12:36 ISIS: isis_send_pdu_bcast: sock_buff size 8192 is less than output pdu size 9014 on circuit em0
2020/03/21 03:12:36 ISIS: [EC 67108865] ISIS-Adj (1): Send L2 IIH on em0 failed
MTU's can frequently hit 9k in size, we have buffer limits
that prevent this from being fully used and creating errors.
Modify the code to allow for up to 16k mtu
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
the vtysh command to set the isis metric on an interface
is 'isis metric level-1 X', but when showing the running
config we were displaying it as 'isis metric X level-1'.
This would confuse frr-reload.py when attempting to apply
a config file populated with the correct command; on the
other hand, using the show command format would return an
error when running vtysh -C on the file.
Fix this by making the show command return the same format
as the vtysh setting command.
Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
Add a common api that formats a time interval into a string
with different output for short and longer intervals. We do
this in several places, for cli/ui output.
Signed-off-by: Mark Stapp <mjs@voltanet.io>
when zebra detects that an interface is gone, notify the circuit but do
not disable it - the interface is still configured until it isn't.
Without this fix, removing the interface in the kernel and then removing
the circuit from the configuration would cause an assertion in isis_csm.c:78
Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
The vrrpd one conflicts with the standalone vrrpd package; also we're
installing daemons to /usr/lib/frr on some systems so they're not on
PATH.
Signed-off-by: David Lamparter <equinox@diac24.net>
Currently isisd has this strange (legacy) behavior where the
first area is created by default with level-1-2, while every
other subsequent area uses the default defined in the yang model,
which is level-1. This is a source of confusion when trying to
configure the daemon programatically, either with frr-reload
or using the transactional cli. Given how rare having multiple
IS-IS instances is anyway, the easiest solution is to remove
this behavior and default to level-1-2 for every area.
Note that this does not affect fabricd, which continues using
exclusively level-2-only areas.
Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
When you call into lsp_update with confusion, the lsp is purged
and we do not do anything with the created tlv's from parsing
the incoming data. To prevent the tlv's from being leaked
note confusion and delete the unneeded data.
Fixes: #5496
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
when deleting an isis interface config with 'no [ip|ipv6] router isis'
we are destroying the isis yang container for that interface, but the
actual circuit struct is kept, and so are the flgs determining whether
that circuit is configured for ipv4 and/or ipv6. This caused issues
when removing and re-adding configuration, as the area counters for
ip circuits were not correctly updated and the topology was never
populated.
Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
Use a per-nexthop flag to indicate the presence of labels; add
some utility zapi encode/decode apis for nexthops; use the zapi
apis more consistently.
Signed-off-by: Mark Stapp <mjs@voltanet.io>
Rearrange the isisd northbound callbacks as following:
* isis_nb.h: prototypes of all northbound callbacks.
* isis_nb.c: definition of all northbound callbacks and their
associated YANG data paths.
* isis_nb_config.c: implementation of YANG configuration nodes.
* isis_nb_state.c: implementation of YANG state nodes.
* isis_nb_notifications.c: implementation of YANG notifications.
This should help to keep to code more organized and easier to
maintain.
No behavior changes intended.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Scenarios where this code change is required:
1. BFD is un-configured from BGP at remote end.
Neighbour BFD sends ADMIN_DOWN state, but BFD on local side will send
DOWN to BGP, resulting in BGP session DOWN.
Removing BFD session administratively shouldn't bring DOWN BGP session
at local or remote.
2. BFD is un-configured from BGP or shutdown locally.
BFD will send state DOWN to BGP resulting in BGP session DOWN.
(This is akin to saying do not use BFD for BGP)
Removing BFD session administratively shouldn't bring DOWN BGP session at
local or remote.
Signed-off-by: Sayed Mohd Saquib sayed.saquib@broadcom.com
Traffic Engineering parameters are correctly advertised in LSP when
'mpls-te on' CLI command is present in the startup config file.
However, if IS-IS is started without TE enable at startup and
'mpls-te on' command is issued after, TE link parameters are never
announced. The patch correct this issue.
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
RFC 5303 states:
If the system ID and Extended Local Circuit ID of the neighboring
system are known (in adjacency three-way state Initializing or
Up), the neighbor's system ID SHALL be reported in the Neighbor
System ID field, and the neighbor's Extended Local Circuit ID
SHALL be reported in the Neighbor Extended Local Circuit ID field.
There is nothing written about only setting the Extended circuit ID of the
adjacency only when we bring the three-way adjacency up.
In fact, we should always update it, to avoid the problem described in #4783.
Fixes: #4783
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
No need to check for circuit being null, we have
already de-refed it in every code path and
would have crashed before this point if it was.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The "abort_if_not_found" parameter of nb_running_get_entry()
should be set to true only when this function is called during the
NB_EV_APPLY phase of a northbound callback. Failure to respect this
can lead to crashes when multiple configuration changes are being
committed at the same time.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
The new "event-counters" grouping is almost a 1:1 copy of the same
grouping from the IETF IS-IS module, except for the "lan-dis-changes"
leaf which was skipped (more work needs to be done to support it).
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
The new "adjacency-state" grouping is almost a 1:1 copy of the
same grouping from the IETF IS-IS module, except for the "usage"
and "lastuptime" leafs that were skipped (more work needs to be
done to support those).
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
For all the places we have a zclient->interface_up convert
them to use the interface ifp_up callback instead.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Switch the zclient->interface_add functionality to have everyone
use the interface create callback in lib/if.c
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Start the conversion to allow zapi interface callbacks to be
controlled like vrf creation/destruction/change callbacks.
This will allow us to consolidate control into the interface.c
instead of having each daemon read the stream and react accordingly.
This will hopefully reduce a bunch of cut-n-paste stuff
Create 4 new callback functions that will be controlled by
lib/if.c
create -> A upper level protocol receives an interface creation event
The ifp is brand spanking newly created in the system.
up -> A upper level protocol receives a interface up event
This means the interface is up and ready to go.
down -> A upper level protocol receives a interface down
destroy -> A upper level protocol receives a destroy event
This means to delete the pointers associated with it.
At this point this is just boilerplate setup for future commits.
There is no new functionality.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Adding a lock to protect the global running configuration doesn't
help much since the FRR daemons are not prepared to process
configuration changes in a pthread that is not the main one (a
whole lot of new protections would be necessary to prevent race
conditions).
This means the lock added by commit 83981138 only adds more
complexity for no benefit. Remove it now to simplify the code.
All northbound clients, including the gRPC one, should either run
in the main pthread or use synchronization primitives to process
configuration transactions in the main pthread.
This reverts commit 83981138fe.
In preparation to Segment Routing:
- Update the management of Traffic Engineering subTLVs to the new tlvs parser
- Add Router Capability TLV 242 as per RFC 4971 & 7981
- Add Segment Routing subTLVs as per draft-isis-segment-routing-extension-25
Modified files:
- isis_tlvs.h: add new structure to manage TE subTLVs, TLV 242 & SR subTLVs
- isis_tlvs.c: add new functions (pack, copy, free, unpack & print) to process
TE subTLVs, Router Capability TLV and SR subTLVs
- isis_circuit.[c,h] & isis_lsp.[c,h]: update to new subTLVs & TLV processing
- isis_te.[c,h]: remove all old TE structures and managment functions,
and add hook call to set local and remote IP addresses as wellas update TE
parameters
- isis_zebra.[c,h]: add hook call when new interface is up
- isis_mt.[c,h], isis_pdu.c & isis_northbound.c: adjust to new TE subTLVs
- tests/isisd/test_fuzz_isis_tlv_tests.h.gz: adapte fuuz tests to new parser
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
The original check would always evaluate to false since
ISIS_PREFIX_SID_VALUE and ISIS_PREFIX_SID_LOCAL have different
values. Use !! to normalize the return value of the individual
checks to either 0 or 1, making the code do what was intended
(ensure the V/L flags are both 0 or 1).
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
This hook will be called whenever a route is added, updated or
deleted. It will be used, for instance, by the SR code to keep
Prefix-SIDs in sync with their associated routes.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
For better modularity, isis_zebra.c should only contain code used
to communicate with zebra. The management of route flags belongs
to isis_route.c.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
circuit deletion was being enforced by sending a fake IF_DOWN_FROM_Z
event for the circuit interface. This created a problem when the
circuit was enabled again, since isisd internal state machine was
expecting to see an IF_UP_FROM_Z that never came, as the interface
had not actually gone down.
As a consequence, disabling + re-enabling isis on an interface or
area would leave interfaces in a CONFIG state, and adjacencies were
not restored. Fix this by following the state machine and simply
disabling circuits rather than attempting to delete them forcefully.
Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
as part of the 'ip router isis TAG' command we were not validating
the MTU of the interface against the minimum LSP MTU of the area.
This could cause an assertion when the circuit is created in the
APPLY phase.
Fixes issue #4825
Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
Make isisd create BFD sessions over IPv6 when IS-IS is configured
for IPv6 operation only.
When IS-IS is enabled for both IPv4 and IPv6 on a given interface,
prefer creating a BFD session over IPv6 to avoid having two BFD
sessions protecting the same IS-IS adjacency.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
This unification allows us to write code that works for both IPv4 and
IPv6, reducing duplication.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
These null checks don't make sense because a) these two functions
are never called with a NULL IP address and b) the same pointers are
dereferenced later without any protection. Remove these NULL checks
to make the code less confusing.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
These fields were introduced by commit e38e0df01a, but they were
never put to any use. Remove them.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
We need to indent this command using one leading whitespace otherwise
vtysh will have problems to display it appropriately.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
The correct cast for these is (unsigned char), because "char" could be
signed and thus have some negative value. isalpha & co. expect an int
arg that is positive, i.e. 0-255. So we need to cast to (unsigned char)
when calling any of these.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Introducing a 3rd state for route_map_apply library function: RMAP_NOOP
Traditionally route map MATCH rule apis were designed to return
a binary response, consisting of either RMAP_MATCH or RMAP_NOMATCH.
(Route-map SET rule apis return RMAP_OKAY or RMAP_ERROR).
Depending on this response, the following statemachine decided the
course of action:
State1:
If match cmd returns RMAP_MATCH then, keep existing behaviour.
If routemap type is PERMIT, execute set cmds or call cmds if applicable,
otherwise PERMIT!
Else If routemap type is DENY, we DENYMATCH right away
State2:
If match cmd returns RMAP_NOMATCH, continue on to next route-map. If there
are no other rules or if all the rules return RMAP_NOMATCH, return DENYMATCH
We require a 3rd state because of the following situation:
The issue - what if, the rule api needs to abort or ignore a rule?:
"match evpn vni xx" route-map filter can be applied to incoming routes
regardless of whether the tunnel type is vxlan or mpls.
This rule should be N/A for mpls based evpn route, but applicable to only
vxlan based evpn route.
Also, this rule should be applicable for routes with VNI label only, and
not for routes without labels. For example, type 3 and type 4 EVPN routes
do not have labels, so, this match cmd should let them through.
Today, the filter produces either a match or nomatch response regardless of
whether it is mpls/vxlan, resulting in either permitting or denying the
route.. So an mpls evpn route may get filtered out incorrectly.
Eg: "route-map RM1 permit 10 ; match evpn vni 20" or
"route-map RM2 deny 20 ; match vni 20"
With the introduction of the 3rd state, we can abort this rule check safely.
How? The rules api can now return RMAP_NOOP to indicate
that it encountered an invalid check, and needs to abort just that rule,
but continue with other rules.
As a result we have a 3rd state:
State3:
If match cmd returned RMAP_NOOP
Then, proceed to other route-map, otherwise if there are no more
rules or if all the rules return RMAP_NOOP, then, return RMAP_PERMITMATCH.
Signed-off-by: Lakshman Krishnamoorthy <lkrishnamoor@vmware.com>
* Remove sanity checks that are already done by northbound;
* Show error message on circuit absence;
* Use a better idiom for the configuration display code;
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
Specify the ISIS BFD command in the YANG model and implement the
northbound callbacks.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
The `isisd` will receive a northbound version of the BFD command, so
this is the first step to implement it.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
For some reason, the compiler on OpenBSD on our CI boxes doesn't like
struct initializers with ".a.b = x, .a.c = y", generating a warning
about overwritten initializers...
Signed-off-by: David Lamparter <equinox@diac24.net>
We need to be calling snprintfrr() instead of snprintf() in places that
wrap snprintf in some user-exposed way; otherwise the extensions won't
be available for those functions.
Signed-off-by: David Lamparter <equinox@diac24.net>
Field vrf_id is replaced by the pointer of the struct vrf *.
For that all other code referencing to (interface)->vrf_id is replaced.
This work should not change the behaviour.
It is just a continuation work toward having an interface API handling
vrf pointer only.
some new generic functions are created in vrf:
vrf_to_id, vrf_to_name,
a zebra function is also created:
zvrf_info_lookup
an ospf function is also created:
ospf_lookup_by_vrf
it is to be noted that now that interface has a vrf pointer, some more
optimisations could be thought through all the rest of the code. as
example, many structure store the vrf_id. those structures could get
the exact vrf structure if inherited from an interface vrf context.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
the vrf_id parameter is replaced by struct vrf * parameter.
this impacts most of the daemons that look for an interface based on the
name and the vrf identifier.
Also, it fixes 2 lookup calls in zebra and sharpd, where the vrf_id was
ignored until now.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
The RFC states we can send only up to 16 v6 addresses in a hello packet
and cannot send sub tlv's of that type.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Introducing a 3rd state for route_map_apply library function: RMAP_NOOP
Traditionally route map MATCH rule apis were designed to return
a binary response, consisting of either RMAP_MATCH or RMAP_NOMATCH.
(Route-map SET rule apis return RMAP_OKAY or RMAP_ERROR).
Depending on this response, the following statemachine decided the
course of action:
Action: Apply route-map match and return the result (RMAP_MATCH/RMAP_NOMATCH)
State1: Receveived RMAP_MATCH
THEN: If Routemap type is PERMIT, execute other rules if applicable,
otherwise we PERMIT!
Else: If Routemap type is DENY, we DENYMATCH right away
State2: Received RMAP_NOMATCH, continue on to next route-map, otherwise,
return DENYMATCH by default if nothing matched.
With reference to PR 4078 (https://github.com/FRRouting/frr/pull/4078),
we require a 3rd state because of the following situation:
The issue - what if, the rule api needs to abort or ignore a rule?:
"match evpn vni xx" route-map filter can be applied to incoming routes
regardless of whether the tunnel type is vxlan or mpls.
This rule should be N/A for mpls based evpn route, but applicable to only
vxlan based evpn route.
Today, the filter produces either a match or nomatch response regardless of
whether it is mpls/vxlan, resulting in either permitting or denying the
route.. So an mpls evpn route may get filtered out incorrectly.
Eg: "route-map RM1 permit 10 ; match evpn vni 20" or
"route-map RM2 deny 20 ; match vni 20"
With the introduction of the 3rd state, we can abort this rule check safely.
How? The rules api can now return RMAP_NOOP (or another enum) to indicate
that it encountered an invalid check, and needs to abort just that rule,
but continue with other rules.
Question: Do we repurpose an existing enum RMAP_OKAY or RMAP_ERROR
as the 3rd state (or create a new enum like RMAP_NOOP)?
RMAP_OKAY and RMAP_ERROR are used to return the result of set cmd.
We chose to go with RMAP_NOOP (but open to ideas),
as a way to bypass the rmap filter
As a result we have a 3rd state:
State3: Received RMAP_NOOP
Then, proceed to other route-map, otherwise return RMAP_PERMITMATCH by default.
Signed-off-by:Lakshman Krishnamoorthy <lkrishnamoor@vmware.com>
`strcpy` is a dangerous function and should not be used. In this
particular place, there is no need for copying strings at all, so let's
just stick to referencing static strings.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
There is no need to redefine `struct isis_lsp *lsp` inside of the
if condition. Let's just remove it.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
the buffer to read from the socket when processing an incoming
packet was hardcoded to be of size 8192. If the mtu of the
interface is greater than that and hello padding is enabled
on that circuit, the hello message will be truncated, and this
will cause the adjacency establishment to fail. fix this by
using a large enough stack buffer instead
Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
This is necessary to avoid a name collision with std::for_each
from C++.
Fixes the compilation of the gRPC northbound module.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
It doesn't make much sense for a hash function to modify its argument,
so const the hash input.
BGP does it in a couple places, those cast away the const. Not great but
not any worse than it was.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
bfd cbit is a value carried out in bfd messages, that permit to keep or
not, the independence between control plane and dataplane. In other
words, while most of the cases plan to flush entries, when bfd goes
down, there are some cases where that bfd event should be ignored. this
is the case with non stop forwarding mechanisms where entries may be
kept. this is the case for BGP, when graceful restart capability is
used. If BFD event down happens, and bgp is in graceful restart mode, it
is wished to ignore the BFD event while waiting for the remote router to
restart.
The changes take into account the following:
- add a config flag across zebra layer so that daemon can set or not the
cbit capability.
- ability for daemons to read the remote bfd capability associated to a bfd
notification.
- in bfdd, according to the value, the cbit value is set
- in bfdd, the received value is retrived and stored in the bfd session
context.
- by default, the local cbit announced to remote is set to 1 while
preservation of the local path is not set.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
vrf_id parameter is added to the api of bfd_client_sendmsg().
this permits being registered to bfd from a separate vrf.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
The Sub-TLVs of the Extended IPv4 reachability TLV were not being
displayed as expected. Fix this.
Suggested-by: Christian Franke chris@opensourcerouting.org
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
This macro:
- Marks ZAPI callbacks for readability
- Standardizes argument names
- Makes it simple to add ZAPI arguments in the future
- Ensures proper types
- Looks better
- Shortens function declarations
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Historically, isisd has been carrying around its own red-black tree to
manage its LSP DB in. This replaces that with the newly-added
DECLARE_RBTREE_*. This allows completely removing the dict_* code.
Signed-off-by: David Lamparter <equinox@diac24.net>
The upcoming gRPC-based northbound plugin will run on a separate
pthread, and it will need to have access to the running configuration
global variable. Introduce a rw-lock to control concurrent access
to the running configuration. Add the lock inside the "nb_config"
structure so that it can be used to protect candidate configurations
as well (this might be necessary depending on the threading scheme
of future northbound plugins).
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Due to recent modification in northbound API, replace
yang_dnode_get_entry() call by nb_running_get_entry() call.
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
Solve issue #4032
- Change MPLS-TE from global to per Area
- Add new mpls_te_area structure to area in replacement of global variable
isisMPLS_TE
- Move mpls-te from global to instance in frr-isisd.yang
- Change code in isis_te.c, isis_northbound.c, isis_cli.c, isis_pdu.c,
isis_lsp.c and isis_zebra.c accordingly
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
zlog() should be part of the public logging API as it's useful in
the cases where the logging priority isn't known at compile time
(i.e. it depends on a variable).
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Introduce a hash table to keep track of user pointers associated
to configuration entries. The previous strategy was to embed
the user pointers inside libyang data nodes, but this solution
incurred a substantial performance overhead. The user pointers
embedded in candidate configurations could be lost while the
configuration was being edited, so they needed to be regenerated
before the candidate could be committed. This was done by the
nb_candidate_restore_priv_pointers() function, which was extremely
expensive for large configurations. The new hash table solves this
performance problem.
The yang_dnode_[gs]et_entry() functions were renamed and moved from
yang.[ch] to northbound.[ch], which is a more appropriate place
for them. This patch also introduces the nb_running_unset_entry()
function, the counterpart of nb_running_set_entry() (unsetting
user pointers was done automatically before, now it needs to be
done manually).
As a consequence of these changes, we shouldn't need support for
libyang private pointers anymore (-DENABLE_LYD_PRIV=ON). But it's
probably a good idea to keep requiring this feature as we might
need it in the future for other things (e.g. disable configuration
settings without removing them).
Fixes#4136.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
- Change MPLS-TE from global to per Area
- Add new mpls_te_area structure to area in replacement of global variable
isisMPLS_TE
- Move mpls-te frmo global to instance in frr-isisd.yang
- Change code in isis_te.c, isis_northbound.c, isis_cli.c, isis_pdu.c,
isis_lsp.c and isis_zebra.c accordingly
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
The rib process of handling routes has been unified a bit more
and as a result v6 LL routes are now showing up as a result
of a `redistribute connected`. Doing anything with these
routes is a policy decision that should be enforced by the
individual routing daemons not by zebra. As such add a bit
of code to isisd, ripngd and opsf6d to handle them. The bgp daemon
already handles this situation.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
isisd CLI has some housekeeping code that removes the
"frr-isisd:isis" container from the interface configuration when
IS-IS is disabled for both IPv4 and IPv6 in the corresponding
interface.
The problem is that the code was checking the values of the
"ipv4-routing" and "ipv6-routing" leafs without checking if the
parent "frr-isisd:isis" container was present. So, entering "no
ip[v6] router isis" twice would cause isisd to crash since the
"frr-isisd:isis" container wouldn't be present the second time the
command is processed. Fix this.
isisd aborted: vtysh -c "configure terminal" -c "interface eth99" -c "no ip router isis WORD"
isisd aborted: vtysh -c "configure terminal" -c "interface eth99" -c "no ipv6 router isis"
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Since LSP fragments are also on our lspdb dict, lsp_tick() needs to skip
over them after calling lsp_destroy(). Otherwise it ends up accessing
free'd memory.
Fixes: #3533
Signed-off-by: David Lamparter <equinox@diac24.net>
To align with the change to avoid the keyword 'delete', rename
the isis northbound handlers to '_destroy'.
Signed-off-by: Mark Stapp <mjstapp@gmail.com>
Change the northbound lib operation from DELETE to DESTROY;
make the required changes in the users of the northbound, in
the cli, rip, ripng, and isis.
Signed-off-by: Mark Stapp <mjs@voltanet.io>
Some misc changes to resolve some c++ compilation errors.
The goal is only to permit an external module - a plugin,
for example - to see frr headers, not to support or encourage
contributions in c++. The changes include: avoiding use
of keywords like 'new', 'delete'; cleaning up implicit
type-casting from 'void *' in several places.
Signed-off-by: Mark Stapp <mjs@voltanet.io>
- some target_CFLAGS that needed to include AM_CFLAGS didn't do so
- libyang/sysrepo/sqlite3/confd CFLAGS + LIBS weren't used at all
- consistently use $(FOO_CFLAGS) instead of @FOO_CFLAGS@
- 2 dependencies were missing for clippy
Signed-off-by: David Lamparter <equinox@diac24.net>
The onlink attribute was being passed from upper level protocols
as an attribute of the route *not* the individual nexthop. When
we pass this data to the kernel, we treat the onlink as a attribute
of the nexthop. This commit modifies the code base to allow
us to pass the ONLINK attribute as an attribute of the nexthop.
This commit also fixes static routes that have multiple nexthops
some onlink and some not.
ip route 4.5.6.7/32 192.168.41.1 eveth1 onlink
ip route 4.5.6.7/32 192.168.42.2
S>* 4.5.6.7/32 [1/0] via 192.168.41.1, eveth1 onlink, 00:03:04
* via 192.168.42.2, eveth2, 00:03:04
sharpd@robot ~/frr2> sudo ip netns exec EVA ip route show
4.5.6.7 proto 196 metric 20
nexthop via 192.168.41.1 dev eveth1 weight 1 onlink
nexthop via 192.168.42.2 dev eveth2 weight 1
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Some daemons like ospfd and isisd have the ability to advertise a
default route to their peers only if one exists in the RIB. This
is what the "default-information originate" commands do when used
without the "always" parameter.
For that to work, these daemons use the ZEBRA_REDISTRIBUTE_DEFAULT_ADD
message to request default route information to zebra. The problem
is that this message didn't have an AFI parameter, so a default route
from any address-family would satisfy the requests from both daemons
(e.g. ::/0 would trigger ospfd to advertise a default route to its
peers, and 0.0.0.0/0 would trigger isisd to advertise a default route
to its IPv6 peers).
Fix this by adding an AFI parameter to the
ZEBRA_REDISTRIBUTE_DEFAULT_{ADD,DELETE} messages and making the
corresponding code changes.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
`isis network point-to-point` was being rejected from the configuration
file as it was being processed before the reception of the UP zebra
notification for the interface. This meant that the `circ_type` was set
at CIRCUIT_T_UNKNOWN, which led the northbound callback to fail. This
check was removed as it was not really necessary; when the zebra
notification is received, the correct circuit type will be enforced,
but now the point-to-point config will be saved and correctly applied
when zebra recognizes the interface as a broadcast one.
Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
isisd has both a circ_type and a circ_type_config variable to track
the network tpye of an interface. The former has no default, but the
latter defaults to broadcast. Adding that default makes sure that the
yang leaf won't be deleted, which is something that would not make
sense from an isisd perspective. We will need to add an operational
state leaf to match the potential difference between the configured
network type and the actual network type, since the latter might be
different based on the interface flags received from zebra.
Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
if we are using the transactional CLI, we might be trying to
delete an area that has not been actually created in isisd.
So rather than relying on isis_area_lookup, check the candidate
config for the presence of the corresponding area instance.
Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
also fix a minor issue with isis_config_write where we were
not incrementing the write variable, which is used to append
a new line at the end of the vty string
Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
As requested by the reviewers. Additionally, added a check when
setting a circuit on an interface to see if it is a loopback,
and in that case, set it to passive.
Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
Note that we do not return the actual tlv_type and offset
of the erroneous TLV. This is because unpacking tlvs currently
uses a chain of function calls, where the notification can only
be sent at the start of the chain, but the tlv_type and offset
information are only available at the end. Unless we change the
code to propagate those values, we have no way to feed them to
the notification. So these leafs are not generated.
Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
the original isisd code did not distinguish between
authentication_failure and authentication_type_failure, so
additional code had to be added to differentiate between the two
and to return the raw_pdu as requested by the IETF YANG model.
Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
Note that the original IETF YANG model also included
a requirement to throttle such notifications so that they would
not be sent more often than once every 5 seconds. I did not
implement any throttling mechanism yet, mostly because I am
not sure whether this limit should apply to the entire isis daemon,
to each area, to each neighbor etc.
Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
However it is not currently called anywhere, as I could not find a
place in the code where it felt appropriate.
Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
remove the return value and redundant validations from
isis_circuit_circ_type_set(), since they are no longer needed.
Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
