This allows defining a CLI command like this:
`[no] some setting ![VALUE]`
with VALUE being optional for the "no" form, but required for the
positive form. It's just a `[...]` where the empty branch can only be
taken for commands starting with `no`.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Currently, in frr-reload we:
- store a list of single-line context keywords which needs to be
frequently updated,
- have a separate "if" clause for every node and subnode we have in FRR.
Instead, we can store the tree of all known FRR nodes. This tree needs
to be updated whenever we add a new node, which is not frequent. And,
most importantly, it allows us to write node-agnostic code and save more
than 250 LOC.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
As discussed in the weekly meeting today, this is what we're trying to
work with for the time being.
(Date calculator included as a bonus goodie ;)
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
The pathspace folder in /var/run needs the x permission for the group too
Otherwise vtysh fails when running it with groups frrvty and frr:
$ vtysh -N gateway
% Can't open configuration file /etc/frr/gateway/vtysh.conf due to 'Permission denied'.
vtysh_connect(/var/run/frr/gateway/zebra.vty): stat = Permission denied
Signed-off-by: Steffen Neubauer <s.neubauer@syseleven.de>
- Remove incorrect requirement for `service integrated-vtysh-config`
when producing a delta.
- Add `--test-reset` option which suppresses non-parseable lines from the
produced delta
- Use new features in common_config.py
Signed-off-by: Christian Hopps <chopps@labn.net>
Speedup (large topo): OLD: ~6 minutes NEW: ~1 second.
(when paired with common_config.py changes)
- Collect each "proc" support in parallel
- For each "proc" only call vtysh once with all commands
Bug fixes:
- output was broken, a dump of python "repr" format of str.
Signed-off-by: Christian Hopps <chopps@labn.net>
When using frr-reload.py to modify a bgp neighbors route-map
the code was doing this:
a) deleting the previous route-map: `no neighbor XX route-map YY (in|out)`
b) Adding the new route-map back in `neighbor XX route-may ZZ (in|out)`
Now imagine that we have an outgoing route-map that we are changing
and the reload is large because of a large number of lines in frr.conf
Item (a) will happen. BGP will immediately start sending all local
routes. At some point in time in the future (b) will be applied.
This of course causes a withdraw but for a short amount of time we
are leaking unintended routes. This is bad for several reasons
not 1) route churn upstream, 2) we might influence traffic to go the
wrong way. 3) if upstream has a maximum-prefix command the routes
being sent might trip its circuitry and shutdown the peer entirely
not even allowing you to get to (b).
Ticket: #2589685
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
Problem reported that frr-reload.py didn't handle the mac access-list
command correctly, causing reloads to fail. This fix adds the
support for the command as a single line context.
Signed-off-by: Don Slice <dslice@nvidia.com>
All of peers and respective configs are wiped out when
pee-group is removed.
In an attempt to remove peer-group and its associated peers
configs via frr-reload fails if the peer-group is removed first.
To pass the peer-group config removal via frr-reload following
steps are taken:
Find the bgp context to which peer-group belongs.
Find the peer-group associated peer(s) and store them in a list.
Remove the peers config lines from the pending list.
Move the peer-group deletion line to end of the pending list so
any remaining peer-group associated config can be removed successfully.
The above steps take 3 iterations over the pending list and scales
linearly.
Ticket:2656351
Reviewed By:CCR-11575
Testing Done:
Broken:
config:
router bgp 5544
neighbor PG1 peer-group
neighbor PG1 remote-as external
neighbor swp10 interface peer-group PG1
neighbor swp10 timers 3 9
failed frr-reload log:
2021-05-17 22:02:42,608 INFO: Executed "router bgp 5544 no neighbor
PG1 peer-group"
2021-05-17 22:02:42,708 INFO: Failed to execute router bgp 5544 no
neighbor PG1 remote-as external
2021-05-17 22:02:42,808 INFO: Failed to execute router bgp 5544 no
neighbor PG1 remote-as
2021-05-17 22:02:42,906 INFO: Failed to execute router bgp 5544 no
neighbor PG1
2021-05-17 22:02:43,007 INFO: Failed to execute router bgp 5544 no
neighbor
2021-05-17 22:02:43,106 INFO: Failed to execute router bgp 5544 no
2021-05-17 22:02:43,106 ERROR: "router bgp 5544 -- no" we failed to
remove this command
2021-05-17 22:02:43,107 ERROR: % Create the peer-group or interface
first
With fix:
2021-05-17 22:05:27,687 INFO: Executed "router bgp 5544 no neighbor
PG1 remote-as external"
2021-05-17 22:05:27,791 INFO: Executed "router bgp 5544 no neighbor
PG1 peer-group"
Signed-off-by: Chirag Shah <chirag@nvidia.com>
Compile with v2.0.0 tag of `libyang2` branch of:
https://github.com/CESNET/libyang
staticd init load time of 10k routes now 6s vs ly1 time of 150s
Signed-off-by: Christian Hopps <chopps@labn.net>
frr-reload no longer consolidates ip prefix-list "le 32" or "le 128"
rules when a "ge" is present, more accurately representing existing user
config and reflecting also what is accepted in CLI.
Signed-off-by: Wesley Coakley <wcoakley@nvidia.com>
Description:
Added a new show command("show ip zebra route dump") to dump all routes
with detailed information including nexthops,flags, status ..etc.
This helps for dubugging and added to support_bundle_command.conf.
Defined this command as a hidden command.
Signed-off-by: Rajesh Girada <rgirada@vmware.com>
When running valgrind there are some possible memory leaks.
These memory leaks we have absolutely no control over, mark
them as not worthy of being reported.
Finally move the valgrind suppressions file from bgpd/ to tools/
this is because this suppressions file can be used beyond bgpd
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
The previous method, using zassert.h and hoping nothing includes
assert.h (which, on glibc at least, just does "#undef assert" and puts
its own definition in...) was fragile - and actually broke undetected.
Just provide our own assert.h and control overriding by putting it in a
separate directory to add to the include path (or not.)
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
When I run frr-reload.py I am seeing this error:
Apr 21 06:23:51 eva frrinit.sh[3776992]: /usr/lib/frr/frr-reload.py:1094: SyntaxWarning: "is not" with a literal. Did you mean "!="?
Apr 21 06:23:51 eva frrinit.sh[3776992]: if line is not "exit-vrf":
fix
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
Most software doesn't overwrite its own config files; vtysh's 'wr mem'
may be confusing, so add a note to the config file explaining changes
made may be overwritten.
Signed-off-by: Quentin Young <qlyoung@nvidia.com>
Since all of these function pointers are entry points for YANG actions,
they're useful to have in the call graph.
Signed-off-by: David Lamparter <equinox@diac24.net>
Calling a function pointer embedded in a struct is quite common & having
this listed in the call graph is useful.
Signed-off-by: David Lamparter <equinox@diac24.net>
avoid issuing a [no] command if we are then issuing the affirmative
one. This avoids spurious requests for the default label ranges,
which might fail if something else is using those labels.
Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
Problems reported that in certain cases, frr-reload.py would
delete vrf static routes inadvertantly due to two different
reasons. First, vrf statics with null0 or Null0 nexthops would
fail the match since rendered as blackholes. This was already
fixed for non-vrf statics so added for vrf-based. Second,
frr-reload would fail to match due to different formats for
adding the command. If entered in the old way
"ip route x.x.x.x/x y.y.y.y vrf NAME" and rendered
in the new sway "vrf NAME\nip route x.x.x.x/x y.y.y.y" it would
fail to match do an inadvertant delete.
Ticket: 2570270
Signed-off-by: Don Slice <dslice@nvidia.com>
Currently pathd is missing from the deamon list in frrcommon
with this missing frrinit can't start pathd if it is added to
the deamon file. This commit adds it to the frrcommon deamon list
and updates the example deamon file.
Signed-off-by: Erik Kooistra <me@erikkooistra.nl>
These caused some function names to change, which frr-llvm-cg looks at
in order to improve callgraph accuracy.
Signed-off-by: David Lamparter <equinox@diac24.net>
As noted by Donald:
When FRR is starting all daemons (or restarting them all) FRR is reading
in the configuration 1 time for each daemon specified to run. This is
not a big deal if you have a very small configuration. But with large
configurations FRR is taking long enough that watchfrr is not
establishing connection to all the daemons and starting some over.
Modify the code so that vtysh is only read in at the end of a all
sequence. If we are restarting an individual daemon allow the read in of
the whole config.
Reported-by: Donald Sharp <sharpd@nvidia.com>
Signed-off-by: David Lamparter <equinox@diac24.net>
PIM Support Bundle commands are added in support_bundle_commands.conf file.
It will help us in debugging PIM test Failures.
Signed-off-by: Sai Gomathi <nsaigomathi@vmware.com>
Log vtysh message for a failed command.
Ticket:2556706
Reviewed By:
Testing Done:
frr reload fails to delete default bgp instance in presence of bgp vrf
instance(s), it captures vtysh message and logs in frr-reload.log
logs backend
2021-03-05 05:16:45,623 INFO: Failed to execute no router bgp 5544
2021-03-05 05:16:45,735 INFO: Failed to execute no router bgp
2021-03-05 05:16:45,846 INFO: Failed to execute no router
2021-03-05 05:16:45,846 ERROR: "no router" we failed to remove this
command
2021-03-05 05:16:45,847 ERROR: % Cannot delete default BGP instance.
Dependent VRF instances exist
Signed-off-by: Chirag Shah <chirag@nvidia.com>
if no form of the cli fails to execute, mark frr-reload
as failure so return code can be nonzero.
The similar approach is done for non no-form (add case) of the cli.
Ticket:CM-33345
Reviewed By:CCR-11287
Testing Done:
Signed-off-by: Chirag Shah <chirag@nvidia.com>
CI constantly fails to execute "show zebra fpm stats":
```
Execute: show zebra fpm stats
Traceback (most recent call last):
File "/usr/lib/frr/generate_support_bundle.py", line 55, in executeCommand
cmd_output = subprocess.check_output(cmd_exec_str, shell=True)
File "/usr/lib/python3.6/subprocess.py", line 356, in check_output
**kwargs).stdout
File "/usr/lib/python3.6/subprocess.py", line 438, in run
output=stdout, stderr=stderr)
subprocess.CalledProcessError: Command 'vtysh -c "show zebra fpm stats" ' returned non-zero exit status 1.
```
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Make the generate-support-bundle script and interactions more
python3-friendly, and use python3 explicitly.
Signed-off-by: Mark Stapp <mjs@voltanet.io>
Issue:
The rpki subcontext uses exit instead of end to exit.
This makes issues with frr-reload in the way that frr-reload never exits
rpki context until it reaches the next end statement. this also happens when
parsing the configuration from vtysh.
Fixes: #7887
Signed-off-by: Runar Borge <runar@borge.nu>
This is the best I can make the asm blocks in lib/xref.h look, so just
mute the warning. (It shouldn't come in relevant for other code.)
Signed-off-by: David Lamparter <equinox@diac24.net>
Fix the handling of multiple BFD profiles by adding the appropriated
code to push/pop contexts inside BFD configuration node.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
If frr.conf contains a prefix-list or access-list without a seq number,
frr-reload needs to be aware that it should not delete/add if the running
config contains a seq number.
Ticket: CM-32623
Signed-off-by: Don Slice <dslice@nvidia.com>
Since new workflow instructions state to run black against
python change and it found formatting changes required that
were not part of my change set, committing those changes
separately.
Signed-off-by: Don Slice <dslice@nvidia.com>
make sure that the order in which the pcep-related commands are
removed by frr-reload.py is the correct one, i.e., pce followed
by pce-config followed by pcc.
Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
on one hand, the default value for a peer preference was always being
displayed, and on the other there was some code in frr-reload.py which
was attempting to add a default value to match this behavior, and which
was incorrectly overriding a specified preference. Fix this by removing
this code and making pathd behave like other daemons in this respect,
i.e. not displaying the default value.
Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
a) Add some useful commands
b) Remove `show error all` this just dumps the error codes. If
we know the version we don't need this. Additionally this is
rather large.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
Add some missing commands ( I am sure that there are more useful ones to )
Cleanup to use the modern non-deprecated syntax in case anyone runs across
this.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
This new dynamic module makes pathd behave as a PCC for dynamic candidate path
using the external library pcpelib https://github.com/volta-networks/pceplib .
The candidate paths defined as dynamic will trigger computation requests to the
configured PCE, and the PCE response will be used to update the policy.
It supports multiple PCE. The one with smaller precedence will be elected
as the master PCE, and only if the connection repeatedly fails, the PCC will
switch to another PCE.
Example of configuration:
segment-routing
traffic-eng
pcep
pce-config CONF
source-address ip 10.10.10.10
sr-draft07
!
pce PCE1
config CONF
address ip 1.1.1.1
!
pce PCE2
config CONF
address ip 2.2.2.2
!
pcc
peer PCE1 precedence 10
peer PCE2 precedence 20
!
!
!
!
Co-authored-by: Brady Johnson <brady@voltanet.io>
Co-authored-by: Emanuele Di Pascale <emanuele@voltanet.io>
Co-authored-by: GalaxyGorilla <sascha@netdef.org>
Co-authored-by: Javier Garcia <javier.garcia@voltanet.io>
Co-authored-by: Renato Westphal <renato@opensourcerouting.org>
Co-authored-by: Sebastien Merle <sebastien@netdef.org>
Signed-off-by: Sebastien Merle <sebastien@netdef.org>
This new daemon manages Segment-Routing Traffic-Engineering
(SR-TE) Policies and installs them into zebra. It provides
the usual yang support and vtysh commands to define or change
SR-TE Policies.
In a nutshell SR-TE Policies provide the possibility to steer
traffic through a (possibly dynamic) list of Segment Routing
segments to the endpoint of the policy. This list of segments
is part of a Candidate Path which again belongs to the SR-TE
Policy. SR-TE Policies are uniquely identified by their color
and endpoint. The color can be used to e.g. match BGP
communities on incoming traffic.
There can be multiple Candidate Paths for a single
policy, the active Candidate Path is chosen according to
certain conditions of which the most important is its
preference. Candidate Paths can be explicit (fixed list of
segments) or dynamic (list of segment comes from e.g. PCEP, see
below).
Configuration example:
segment-routing
traffic-eng
segment-list SL
index 10 mpls label 1111
index 20 mpls label 2222
!
policy color 4 endpoint 10.10.10.4
name POL4
binding-sid 104
candidate-path preference 100 name exp explicit segment-list SL
candidate-path preference 200 name dyn dynamic
!
!
!
There is an important connection between dynamic Candidate
Paths and the overall topic of Path Computation. Later on for
pathd a dynamic module will be introduced that is capable
of communicating via the PCEP protocol with a PCE (Path
Computation Element) which again is capable of calculating
paths according to its local TED (Traffic Engineering Database).
This dynamic module will be able to inject the mentioned
dynamic Candidate Paths into pathd based on calculated paths
from a PCE.
https://tools.ietf.org/html/draft-ietf-spring-segment-routing-policy-06
Co-authored-by: Sebastien Merle <sebastien@netdef.org>
Co-authored-by: Renato Westphal <renato@opensourcerouting.org>
Co-authored-by: GalaxyGorilla <sascha@netdef.org>
Co-authored-by: Emanuele Di Pascale <emanuele@voltanet.io>
Signed-off-by: Sebastien Merle <sebastien@netdef.org>
In the case of some linux distros the /var/run dir is mounted
with tmpfs so in every reboot it's removed.
Then the frrcommon.sh will recreate it without 'x' perm
So no pid file cannot be created in /var/run/frr
Signed-off-by: Javier Garcia <rampxxxx@gmail.com>
