The pull request #1545 from @donaldsharp introduced the command 'no
password' to remove an existing terminal connection password.
Additionally, warnings have been added to both 'no password' and 'no
enable password' to make the user aware of any security implications.
It seems that this specific pull request was never merged against master
and got lost. This commit is a cherry-pick of d4961273cb with fixed
conflicts and updated documentation.
Thanks to @donaldsharp and @pogojotz for the original PR.
Signed-off-by: Pascal Mathis <mail@pascalmathis.com>
The range for sequence numbers needs to be limited
by the range we have currently choosen for rule
ranges.
Ticket: CM-20562
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Adding to mtracebis querying with group address. Same change
to vtysh mtrace command. Support for querying (S,G) and (*,G)
state in mtrace router code. Further improvments to mtrace router
code with closer complience to IETF draft. More references in
comments to the draft. Man page has been updated accordingly.
Signed-off-by: Mladen Sablic <mladen.sablic@gmail.com>
The grammar sandbox has had the ability to dump individual commands as
DOT graphs, but now that generalized DOT support is present it's trivial
to extend this to entire submodes. This is quite useful for visualizing
the CLI space when debugging CLI errors.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
How It's Made:
- vtysh -m is for frr-reload.py to know when a context ends. This is
done by executing commands against the CLI graph, checking for walkup,
and putting the appropriate context exit if walkup is necessary. Thus
the default case for walking up from a vrf context is fine, and
doesn't need a specific exit-vrf command. Remove that.
- exit-vrf needs to be explicitly printed at the end of vrf config
printing. We already do this.
- vtysh's special snowflake config prettiness logic needs to know that
exit-vrf goes with the vrf block and needs to be explicitly told not
place this in alphabetical order in that block. We also already do
this.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Need to explicitly exit this context otherwise we risk ambiguities
between global and vrf context commands
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
This is an implementation of PBR for FRR.
This implemenation uses a combination of rules and
tables to determine how packets will flow.
PBR introduces a new concept of 'nexthop-groups' to
specify a group of nexthops that will be used for
ecmp. Nexthop-groups are specified on the cli via:
nexthop-group DONNA
nexthop 192.168.208.1
nexthop 192.168.209.1
nexthop 192.168.210.1
!
PBR sees the nexthop-group and installs these as a default
route with these nexthops starting at table 10000
robot# show pbr nexthop-groups
Nexthop-Group: DONNA Table: 10001 Valid: 1 Installed: 1
Valid: 1 nexthop 192.168.209.1
Valid: 1 nexthop 192.168.210.1
Valid: 1 nexthop 192.168.208.1
I have also introduced the ability to specify a table
in a 'show ip route table XXX' to see the specified tables.
robot# show ip route table 10001
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, P - PIM, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
F - PBR,
> - selected route, * - FIB route
F>* 0.0.0.0/0 [0/0] via 192.168.208.1, enp0s8, 00:14:25
* via 192.168.209.1, enp0s9, 00:14:25
* via 192.168.210.1, enp0s10, 00:14:25
PBR tracks PBR-MAPS via the pbr-map command:
!
pbr-map EVA seq 10
match src-ip 4.3.4.0/24
set nexthop-group DONNA
!
pbr-map EVA seq 20
match dst-ip 4.3.5.0/24
set nexthop-group DONNA
!
pbr-maps can have 'match src-ip <prefix>' and 'match dst-ip <prefix>'
to affect decisions about incoming packets. Additionally if you
only have one nexthop to use for a pbr-map you do not need
to setup a nexthop-group and can specify 'set nexthop XXXX'.
To apply the pbr-map to an incoming interface you do this:
interface enp0s10
pbr-policy EVA
!
When a pbr-map is applied to interfaces it can be installed
into the kernel as a rule:
[sharpd@robot frr1]$ ip rule show
0: from all lookup local
309: from 4.3.4.0/24 iif enp0s10 lookup 10001
319: from all to 4.3.5.0/24 iif enp0s10 lookup 10001
1000: from all lookup [l3mdev-table]
32766: from all lookup main
32767: from all lookup default
[sharpd@robot frr1]$ ip route show table 10001
default proto pbr metric 20
nexthop via 192.168.208.1 dev enp0s8 weight 1
nexthop via 192.168.209.1 dev enp0s9 weight 1
nexthop via 192.168.210.1 dev enp0s10 weight 1
The linux kernel now will use the rules and tables to properly
apply these policies.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Signed-off-by: Don Slice <dslice@cumulusnetworks.com>
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
If a daemon sent vtysh a response whose size satisfied
1 <= 4096 - (size % 4096) <= 2
vtysh would hang.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Static route commands are now installed inside the VRF nodes. This has
quietly broken top-level static routes in certain scenarios due to
walkup logic resolving a static route configuration command inside
VRF_NODE first if the command is issued while in a CLI node lower than
VRF_NODE. To fix this VRF_NODE needs a special exit command, as has been
done for many other nodes with the same issue, to explicitly change the
vrf context to the default VRF so that when walkup resolves against the
VRF node it will configure against the default VRF as desired.
Of course this is a hack on top of a hack and the CLI walkup
implementation needs to be rewritten.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
The following types are nonstandard:
- u_char
- u_short
- u_int
- u_long
- u_int8_t
- u_int16_t
- u_int32_t
Replace them with the C99 standard types:
- uint8_t
- unsigned short
- unsigned int
- unsigned long
- uint8_t
- uint16_t
- uint32_t
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
If a daemon is restarting, crashed, or otherwise in the process of
reconnecting to watchfrr and a user issues "write memory" or "write
file" the resulting config will not include the configuration of that
daemon. This is problematic because this output will overwrite the
previous config, potentially causing unintentional loss of configuration
stored only in the config file based upon timing.
This patch remedies that by making watchfrr check that all daemons are
up before attempting a configuration write, and updating vtysh so that
its failsafe respects this condition as well.
Note that this issue only manifests when using integrated config.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
PR #1739 added code to leak routes between (default VRF) VPN safi and unicast RIBs in any VRF. That set of changes included temporary CLI including vpn-policy blocks to specify RD/RT/label/&c. After considerable discussion, we arrived at a consensus CLI shown below.
The code of this PR implements the vpn-specific parts of this syntax:
router bgp <as> [vrf <FOO>]
address-family <afi> unicast
rd (vpn|evpn) export (AS:NN | IP:nn)
label (vpn|evpn) export (0..1048575)
rt (vpn|evpn) (import|export|both) RTLIST...
nexthop vpn (import|export) (A.B.C.D | X:X::X:X)
route-map (vpn|evpn|vrf NAME) (import|export) MAP
[no] import|export [vpn|evpn|evpn8]
[no] import|export vrf NAME
User documentation of the vpn-specific parts of the above syntax is in PR #1937
Signed-off-by: G. Paul Ziemba <paulz@labn.net>
The current strategy for fine-grained debugging across FRR is to use
static long int bitfields, in combination with helper macros that are
copy-pasted between daemons, to hold state on what debugging information
should be collected at any given time. This has a couple of problems:
* These bitfields are generally extern'd and accessed everywhere, so
they are not MT-safe or easy to make MT-safe
* Lots of code duplication from copy-pasting the DEBUG_* macros...
* Code duplication because of the "term" vs "conf" debugging concept
This patch aims to remedy that by providing some infrastructure to work
with debugs. The core concept of using bitfields has been retained, but
the number of these for each debug has been reduced to 1. This allows
easy use of lock-free methods for synchronizing access to debugging
info.
The helper macros have also been retained but they are now collected in
one place and perform exclusively atomic operations.
Finally there is a bit of code that allows daemons to register
callbacks, which I used to implement a command that will toggle all
debugging for any daemons that use these facilities.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
The logical router node goes from NS_NODE to LOGICALROUTER_NODE.
Vty commands are renamed accordingly.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
This commit is the implementation of weak multicast traceroute.
It consists of IGMP module dealing with mtrace type IGMP messages
and client program mtrace/mtracebis for initiating mtrace queries.
Signed-off-by: Mladen Sablic <mladen.sablic@gmail.com>
Add ability to set file destination for all vtysh output, with the
exception of tab-complete and similar meta output. This is useful for
inline recording of some information without exiting the shell.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
When printing responses from a client, vtysh searches through every
response it receives twice. Once is to look for the terminating
sequence and the other is to translate \n to \0, which is used with the
line processing callback capability. However:
* There's no need to search all of the output for the terminator, we can
just check the last 4 bytes.
* In most scenarios we won't have a callback. Therefore we don't need to
process the output and can just dump it.
Together these optimizations have a significant impact on the total
runtime of talkative CLI commands, such as `sh ip bgp json` which runs
roughly 1000% faster when dumping 1,000,000 routes.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Add a daemon that will allow us to test the zapi
as well as test route install/removal times from
the kernel.
The current commands are:
install route <starting ip address> nexthop <nexthop> (1-1000000)
This command starts installing at <starting ip address>/32
(1-100000) routes that it auto-increments by 1
Installation start time is noted in the log and finish
time is noted as well.
remove routes <starting ip address> (1-1000000)
This command removes routes at <starting ip address>/32
and removes (1-100000) routes created by the install route
command.
This code can be considered experimental and *is not*
something that should be run in a production environment.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The RPKI code can be turned on/off via configure switches.
If we have intentionally turned it off do not let vtysh
display that you can config it.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
This commit adds support for the RTR protocol to receive ROA
information from a RPKI cache server. That information can than be used
to validate the BGP origin AS of IP prefixes.
Both features are implemented using [rtrlib](http://rtrlib.realmv6.org/).
Signed-off-by: Marcel Röthke <marcel.roethke@haw-hamburg.de>
cmd_describe_command() returns NULL when there is no matched command, so
check the return value before trying to free it
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Commit 44f12f20 fixed the memory leak in the wrong way and introduced a
"uninitialized variable" warning.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
These are mostly trivial fixes for leaks in the error path of some functions.
The changes in bgpd/bgp_mpath.c deserves a bit of explanation though. In
the bgp_info_mpath_aggregate_update() function, we were allocating memory
for the lcomm variable but doing nothing with it. Since the code for
communities, extended communities and large communities is pretty much
the same in this function, it's clear that this was a copy and paste
error where most of the ext. community code was copied but not all of
it as it should have been.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Preexisting code to detect commands targeted at wrong instance didn't
work because a command applied to a disconnected vtysh_client counted as
a successful run overriding wrong instance error message
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
when warning about daemons that are not running, make sure to handle the
multi instance case
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
When entering 'show debugging' we were outputting a line
from vtysh and a line from an individual daemon to show
the fact we were debugging. A bit overkill.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Presently CLI entered for daemons which are not running is accepted
quietly, which can be confusing for users. This patch warns about it
when possible.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
I missed this in review; the old vtysh command should have been removed
when adding the new one.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
1. Change hostname_get to cmd_hostname_get
2. Change domainname_get to cmd_domainname_get
3. New API to set domainname
3. Provide a CLI command to set domainname
Signed-off-by: Mitesh Kanjariya <mitesh@cumulusnetworks.com>
Signed-off-by: Daniel Walton <dwalton@cumulusnetworks.com>
Today if we hit an error while apply the contents of file FOO that error
does not bubble up to a non-zero exit.
This results in some hardcoded watchfrr logging config ending up in the
integrated config otherwise.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Handle all instance base clis calling ospf_lookup_instance()
to return CMD_NOT_MY_INSTANCE in case of ospf is not found.
Signed-off-by: Chirag Shah <chirag@cumulusnetworks.com>
Multi-Instance OSPF configuration CLI would fail because
first client return error upon seeing qobj_index being 0.
With new marco generate new error code to return from each
instance (vtysh client) and if the command is intended for given
instance, its qobj_index would be nonzero and process the command
and push correct ospf context. Other instance would return the error.
On vtysh end, check all instance return an error log a message to a
file.
Testing Done:
Verfied various MI-OSPF configuration CLI with multi instances.
Signed-off-by: Chirag Shah <chirag@cumulusnetworks.com>
Pretty much all shell executed commands from vtysh were
not behaving correctly due to errors introduced in
switching to the new cli.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Put the "end" marker in the right places. This should fix the
frr-reload.py script because it depends on the output of vtysh -m.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
This reverts commit c14777c6bf.
clang 5 is not widely available enough for people to indent with. This
is particularly problematic when rebasing/adjusting branches.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Signed-off-by: Daniel Walton <dwalton@cumulusnetworks.com>
This allows frr-reload.py (or anything else that scripts via vtysh)
to know if the vtysh command worked or hit an error.
`password` and `enable password` commands got a bit broken in an earlier
commit, fix 'em up.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Pretty-prints variable autocompletions by breaking them up into multiple
lines, indenting them consistently and respecting the column width of
the terminal.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Implement configuration options for EVPN. The configuration options include
VNI configuration with RD and Import and Export Route Targets. Also, display
the EVPN configuration.
Signed-off-by: Vivek Venkatraman <vivek@cumulusnetworks.com>
Signed-off-by: Daniel Walton <dwalton@cumulusnetworks.com>
Adds the ability to name hash tables, and a new cli command that will
show various summary statistics for named hash tables.
Statistics computed are
- load factor
- full load factor (see comments)
- stddev of full load factor
Standard deviation is computed by storing the sum of squares of bucket
lengths. This is somewhat susceptible to overflow. On platforms where a
double is 32 bits, placing 65535 or more elements into a hash table
opens up the potential for overflow, depending on how they are arranged
in buckets (which depends on the hash function). For example, placing
65535 elements into one hash bucket would cause ssq overflow, but
distributing 40000000 elements evenly among 400000 buckets (100 elements
per bucket) would not.
These cases are extremely degenerate, so the vague possibility of
overflow in an informational command is deemed an acceptable tradeoff
for constant time calculation of variance without locks or compromising
efficiency of actual table operations.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
'do' is syntax sugar that allows the user to execute a command under
ENABLE_NODE when in another CLI node. If the user is already in
ENABLE_NODE, use of 'do' was previously disallowed. This patch allows it
because it makes it easier for us to hack around certain instances of
the node synchronization problem with vtysh.
Also included is a fix for one of these problems.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
If FRR is configured explicilty with --disable-user and
--disable-group, FRR_USER and FRR_GROUP will not be defined
and can be safely skipped in vtysh.
Signed-off-by: Jafar Al-Gharaibeh <jafar@atcorp.com>
I forgot to update this call when I changed
cmd_variable_handler_register to take an array...
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
The FSF's address changed, and we had a mixture of comment styles for
the GPL file header. (The style with * at the beginning won out with
580 to 141 in existing files.)
Note: I've intentionally left intact other "variations" of the copyright
header, e.g. whether it says "Zebra", "Quagga", "FRR", or nothing.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
This asks the connected daemons for their variable completions through a
hidden CLI command.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
This flag prevents from entering into evpn address-family node, when
calling command from vtysh.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Implement support for activating the labeled-unicast address family in
BGP and relevant configuration for this address family.
Signed-off-by: Don Slice <dslice@cumulusnetworks.com>
Preface with line identifying which daemon it applies to.
[Also fixes a missed "plugin" -> "module" replace.]
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
ldpd uses a hierarchical configuration model where all commands are
defined inside the "mpls ldp" node and its subnodes. The idea is to keep
all LDP configuration in a single place to keep things simple. With that
said, we can remove the "config-if" node from ldpd because we already
have a separate node ("config-ldp-af-if") for LDP-related interface
specific commands.
Example:
vtysh(config)# mpls ldp
vtysh(config-ldp)# address-family ipv4
vtysh(config-ldp-af)# interface eth1
vtysh(config-ldp-af-if)# discovery hello ?
holdtime Hello holdtime
interval Hello interval
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Please Note, I will be redoing this commit message with
more information.
Additionally I will rework the lib/* changes into their
own commits.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Centralise read_config/daemonize/dryrun/pidfile/vty_serv into libfrr.
This also makes multi-instance pid/config handling available as part of
the library. It's only wired up in ospfd, but the code is in lib/.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
The return value from cmd_complete_command is a VECTOR_INDEX, not TMP.
Use the appropriate vector_only_index_free().
Fixes#223.
Reported-by: https://github.com/k0ste
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
This provides DMVPN support and integrates to strongSwan. Please read
README.nhrpd and README.kernel for more details.
[DL: cherry-picked from dafa05e65fe4b3b3ed5525443f554215ba14f42c]
[DL: merge partially resolved, this commit will not build.]
Signed-off-by: Timo Teräs <timo.teras@iki.fi>
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Added the possibility to enter in evpn address-family in bgp node, by
using 'address-family l2vpn evpn' command.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Coverity: buffer_size: You might overrun the 108 byte destination string addr.sun_path by writing the maximum 4095 bytes from path.
Signed-off-by: Martin Winter <mwinter@opensourcerouting.org>
Harmony is restored to the world as bgp and vtysh
can now, again, stay in sync with each other.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Several places have paths and names that can change hardcoded, e.g. the
package name and the /var/run path. This fixes a few of them, there's
still some to do.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
This replaces Quagga -> FRR in most configure.ac settings as well as
a handful of preprocessor macros in the source code.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
When compiling vtysh with --enable-static and --disasble-shared
we get linker errors with duplicate function names.
This commit addresses this issue.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
(cherry picked from commit dd2ecdedf8)
When compiling vtysh with --enable-static and --disasble-shared
we get linker errors with duplicate function names.
This commit addresses this issue.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
These now generate warnings which will break the build with -Werror.
Note this may have enabled commands that should be disabled, or the
other way around...
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
This moves all install_element calls into the file where the DEFUNs are
located. This fixes several small related bugs:
- ospf6d wasn't installing a "no interface FOO" command
- zebra had a useless copy of "interface FOO"
- pimd's copy of "interface FOO" was not setting qobj_index, which means
"description LINE" commands would fail with an error
The next commit will do the actual act of making "foo_cmd" static.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Nice clang catch: ospfd/ospf_vty.c:6710:1: error: all paths through
this function will call itself [-Werror,-Winfinite-recursion]
(same in vtysh/vtysh.c)
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
when libreadline initialises itself, it also reads .inputrc, which may
result in keybindings being set up. This means the builtin help on the
'?' key can be overridden by that. Consistent availability of '?'
behaviour trumps .inputrc setup here, so let's initialise readline
first before binding that key (which means our keybinding wins).
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Fix the link-params submode to use the 'exit-link-params'
to indicate we are exiting a submode.
Fixup all the relevant bits.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Fix a few memory issues:
* Not freeing tab-completions upon input match failure
* Invalid write when null-terminating tab-completions
* Not freeing argv[] itself in additinon to elements
* Use XFREE() instead of free() as appropriate
* Not freeing final token of an [option] during parsing
Make a few minor changes to CLI internals:
* Improve documentation on matching & completion functions
* Only make one copy of cmd_token's when building argv,
instead of three
* Don't make a copy of the matching cmd_element
Make one major(ish) change to CLI internals:
* Change all pointers to struct cmd_element to const
Code outside of the core CLI units should never have an
occasion to modify the internal state of the command system.
Doing so could easily amount to having a CLI interface that
changes during runtime, and could conceivably lead to security
issues. Explicitly disallowing this removes any chance of
confusion.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Running vtysh as normal user won't have permissions to write
Quagga.conf. If we're connected to watchquagga, try "write integrated"
first. In all cases if something fails, try directly.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Also tag some commands as VTYSH_REALLYALL; these are absolutely
neccessary for correct vtysh operation and will cause "interesting"
breakage if not present on all daemons.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
As vtysh may hopefully be running as root from watchquagga here, let's
try to fix up ownership and permissions for Quagga.conf. Doing
chown/chmod instead of changing the process's user/group IDs has the
advantage of fixing up preexisting misconfigurations.
Note errors in chmod/chown will print a message but the config is
already written at that point.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
This new option is intended to be used both by watchquagga as well as
directly by users. It performs the collect-configuration operation and
writes out Quagga.conf, regardless of whether integrated-config is
enabled or not.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
vtysh has a very convoluted and confusing setup where it isn't even
clear which files are written where (since some filenames come
indirectly from loading config). Detangle.
This also removes writing vtysh.conf. The file is intended to be
manually edited since it has some vague security concerns (if PAM is
used).
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
With the way that vtysh works, it compiles in cli even
if there is no support in the protocols.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
While the DEFUN should match the list of clients registered in
vtysh, it seems better to handle the case explicitly instead of
relying on the client list and the DEFUN signature being in sync.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
Acked-by: Donald Sharp <sharpd@cumulusnetworks.com>
Triggered by a bugreport / patch by Gautam Kumar <gauta@amazon.com>,
this is a full rewrite vtysh_client_{config,execute}. (The patch didn't
quite apply anymore.)
vtysh_client_run() now has a buffering implementation that can be read
without losing one's sanity and/or requiring alcoholic beverages.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
This is a followup to commits 735e62 and 0b1442, where we forgot to apply
the same VIEW/ENABLE consolidation logic to vtysh. Also, we can't call
install_default() for the ENABLE node because some of the vty commands
installed by this function were already installed in the VIEW node before.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Only write to integrated config if integrated config is configured
explicitly or it is already in use.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
This feature adds an L3 & L2 VPN application that makes use of the VPN
and Encap SAFIs. This code is currently used to support IETF NVO3 style
operation. In NVO3 terminology it provides the Network Virtualization
Authority (NVA) and the ability to import/export IP prefixes and MAC
addresses from Network Virtualization Edges (NVEs). The code supports
per-NVE tables.
The NVE-NVA protocol used to communicate routing and Ethernet / Layer 2
(L2) forwarding information between NVAs and NVEs is referred to as the
Remote Forwarder Protocol (RFP). OpenFlow is an example RFP. For
general background on NVO3 and RFP concepts see [1]. For information on
Openflow see [2].
RFPs are integrated with BGP via the RF API contained in the new "rfapi"
BGP sub-directory. Currently, only a simple example RFP is included in
Quagga. Developers may use this example as a starting point to integrate
Quagga with an RFP of their choosing, e.g., OpenFlow. The RFAPI code
also supports the ability import/export of routing information between
VNC and customer edge routers (CEs) operating within a virtual
network. Import/export may take place between BGP views or to the
default zebera VRF.
BGP, with IP VPNs and Tunnel Encapsulation, is used to distribute VPN
information between NVAs. BGP based IP VPN support is defined in
RFC4364, BGP/MPLS IP Virtual Private Networks (VPNs), and RFC4659,
BGP-MPLS IP Virtual Private Network (VPN) Extension for IPv6 VPN . Use
of both the Encapsulation Subsequent Address Family Identifier (SAFI)
and the Tunnel Encapsulation Attribute, RFC5512, The BGP Encapsulation
Subsequent Address Family Identifier (SAFI) and the BGP Tunnel
Encapsulation Attribute, are supported. MAC address distribution does
not follow any standard BGB encoding, although it was inspired by the
early IETF EVPN concepts.
The feature is conditionally compiled and disabled by default.
Use the --enable-bgp-vnc configure option to enable.
The majority of this code was authored by G. Paul Ziemba
<paulz@labn.net>.
[1] http://tools.ietf.org/html/draft-ietf-nvo3-nve-nva-cp-req
[2] https://www.opennetworking.org/sdn-resources/technical-library
Now includes changes needed to merge with cmaster-next.
This is a rather large mechanical commit that splits up the memory types
defined in lib/memtypes.c and distributes them into *_memory.[ch] files
in the individual daemons.
The zebra change is slightly annoying because there is no nice place to
put the #include "zebra_memory.h" statement.
bgpd, ospf6d, isisd and some tests were reusing MTYPEs defined in the
library for its own use. This is bad practice and would break when the
memtype are made static.
Acked-by: Vincent JARDIN <vincent.jardin@6wind.com>
Acked-by: Donald Sharp <sharpd@cumulusnetworks.com>
[CF: rebased for cmaster-next]
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
We realize VRFs with linux netns by default. The main job is
to associate a VRF with a netns. Currently this is done by
the configuration:
[no] vrf N netns <netns-name>
This command is also available in vtysh and goes to only
zebra, because presently only zebra supports multiple VRF.
A file descriptor is added to "struct vrf". This is for the
associated netns file. Once the command "vrf N netns NAME"
is executed, the specified file is opened and the file
descriptor is stored in the VRF N. In this way the
association is formed.
In vrf_socket(), we first switch to the specified VRF by
using the stored file descriptor, and then can allocate
a socket which is working in the associated netns.
Signed-off-by: Feng Lu <lu.feng@6wind.com>
Reviewed-by: Alain Ritoux <alain.ritoux@6wind.com>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
(cherry picked from commit 55cfa2f190620f7c711944637659bc208970324d)
NOTE: I am squashing several commits together because they
do not independently compile and we need this ability to
do any type of sane testing on the patches. Since this
series builds together I am doing this. -DBS
This new structure is the basis to get new link parameters for
Traffic Engineering from Zebra/interface layer to OSPFD and ISISD
for the support of Traffic Engineering
* lib/if.[c,h]: link parameters struture and get/set functions
* lib/command.[c,h]: creation of a new link-node
* lib/zclient.[c,h]: modification to the ZBUS message to convey the
link parameters structure
* lib/zebra.h: New ZBUS message
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
Add support for IEEE 754 format
* lib/stream.[c,h]: Add stream_get{f,d} and stream_put{f,d}) demux and muxers to
safely convert between big-endian IEEE-754 single and double binary
format, as used in IETF RFCs, and C99. Implementation depends on host
using __STDC_IEC_559__, which should be everything we care about. Should
correctly error out otherwise.
* lib/network.[c,h]: Add ntohf and htonf converter
* lib/memtypes.c: Add new memeory type for Traffic Engineering support
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
Add link parameters support to Zebra
* zebra/interface.c:
- Add new link-params CLI commands
- Add new functions to set/get link parameters for interface
* zebra/redistribute.[c,h]: Add new function to propagate link parameters
to routing daemon (essentially OSPFD and ISISD) for Traffic Engineering.
* zebra/redistribute_null.c: Add new function
zebra_interface_parameters_update()
* zebra/zserv.[c,h]: Add new functions to send link parameters
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
Add support of new link-params CLI to vtysh
In vtysh_config.c/vtysh_config_parse_line(), it is not possible to continue
to use the ordered version for adding line i.e. config_add_line_uniq() to print
Interface CLI commands as it completely break the new LINK_PARAMS_NODE.
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
Update Traffic Engineering support for OSPFD
These patches update original code to RFC3630 (OSPF-TE) and add support of
RFC5392 (Inter-AS v2) & RFC7471 (TE metric extensions) and partial support
of RFC6827 (ASON - GMPLS).
* ospfd/ospf_dump.[c,h]: Add new dump functions for Traffic Engineering
* ospfd/ospf_opaque.[c,h]: Add new TLV code points for RFC5392
* ospfd/ospf_packet.c: Update checking of OSPF_OPTION
* ospfd/ospf_vty.[c,h]: Update ospf_str2area_id
* ospfd/ospf_zebra.c: Add new function ospf_interface_link_params() to get
Link Parameters information from the interface to populate Traffic Engineering
metrics
* ospfd/ospfd.[c,h]: Update OSPF_OPTION flags (T -> MT and new DN)
* ospfd/ospf_te.[c,h]: Major modifications to update the code to new
link parameters structure and new RFCs
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
tmp
lib/zebra.h has FILTER_X #define's. These do not belong there.
Put them in lib/filter.h where they belong.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
(cherry picked from commit 0490729cc033a3483fc6b0ed45085ee249cac779)
Ticket: CM-11910
Reviewed By: sharpd, routing-dev slack
Testing Done: Test with nothing in vtysh.conf, add no, remove it etc.
Even though we force integrated config to be the default, we do this by adding
a line to our default vtysh.conf which has integrated config enabled. When we
stopped printing integrated-config as part of wr mem or show running-config, we
broke quagga reload because it was explicitly looking for integrated config.
Furthermore, merely fixing quagga reload wouldn't work because subsequent saves
would result in config being saved to individual files since vtysh.conf no
longer forced the file to be integrated.
This patch fixes both issues. Makes integrated config the default in the code,
rather than via a shipped default file, and fixes quagga reload to look for
the "no integrated-vtysh-config" to deny attempting a reload.
Ticket: CM-11808
Reviewed By: CCR-4971
Testing Done: Usual stuff including doing show running with multiple daemons
Interface and VRF are both sections of the config that could possibly be
empty. This unnecessarily clutters the output of show running. This patch
fixes that by not displaying empty sections of interface, and vrf.
Routemaps have a genuine empty stanza and so we cannot add routemap to this
list. Unfortunately this means a "show running-config ospfd" may have empty
route-maps if the route-maps all correspond to BGP, for example. This
is not a concern for the entire "show running-config".
The trick in fixing this is on the vtysh side rather than on the client side.
The reason for this is that its quite tricky given the number of options to
ensure that a daemon never printed a section header unless there was something
to print. On the vtysh side, however, its easy to check if a section is
empty and not print it.
VPNv6 changes picked from upstream needed fixes and updates due to some
fundamental changes implemented by Cumulus (BGP update-groups, RFC 5549
and nexthop setting etc.) which aren't present upstream.
Signed-off-by: Vivek Venkatraman <vivek@cumulusnetworks.com>
Updates: 945c8fe, 8ecd326, bb86c60, 93b73df, f4c8985
This makes a whole bunch of vtysh functions static, fixes prototypes for
a few more, and masks user_free() and user_write_config() (both unused.)
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
(cherry picked from commit a9eb9063071437f5cde3b78adf273b428c49d378)
Add code to allow the show run command to accept and
display the pimd specific configuration.
Ticket: CM-11218
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Reviewed-by: Don Slice <dslice@cumulusnetworks.com>
Welcome pimd to the Quagga daemon zoo!
This is a merge of commit 77ae369 ("pimd: Log ifindex found for an
interface when zebra lib reports a new connected address."), with
the intermediate "reconnect" changes removed (c9adf00...d274381).
d274381 is replaced with b162ab7, which includes some changes. In
addition, 4 reconnect-related changes and 1 cosmetic one have been
bumped out.
The rebase command used to produce the branch that is merged here is:
git rebase --onto b162ab7 c9adf00 77ae369
Note that 3 patches had their author rewritten from
"Anonymous SR#108542 <>" (which is not a valid git author ID)
to: "Savannah SR#108542 <nbahr@atcorp.com>" (which is the e-mail address
listed in the associated Savannah ticket)
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Remove some dead code and fix char `\0` being
used as NULL.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Reviewed-by: Daniel Walton <dwalton@cumulusnetworks.com>
When a duplicate command is read in from a file,
there are cases where daemons return CMD_WARNING
this causes the command to not be send to subsuquent
daemons( if any ).
Allow the read in of commands to continue in this
situation.
Ticket: CM-10393
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Reviewed-by: Don Slice <dslice@cumulusnetworks.com>
When we encounter a problem loading a config file
quantify to the end user what has gone wrong,
with a combination of err output as well as
return codes.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Reviewed-by: Don Slice <dslice@cumulusnetworks.com>
Reviewed-by: Daniel Walton <dwalton@cumulusnetworks.com>
Reviewed-by: Dave Olson <olson@cumulusnetworks.com>
vtysh has a -C option to do a dry run of the quagga commands. However, the
program always returns 0 even when there's an error detected in the command.
Furthermore, it only parses vtysh.conf, not Quagga.conf.
This patch makes vtysh -C parse Quagga.conf also and return a non-zero
exit code so that network automation tools can catch this to flag errors in
syntax. This non-zero exit code along with printing the exact error with the
line number and offending line itself should help in fixing the error. But
this lack of proper error code requires the automation tools to go through
an additional hoop to validate the syntax.
Signed-off-by: Dinesh G Dutt <ddutt@cumulusnetworks.com>
When examining performance information it is nice to not
have to look at daemons who you are not interested in.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Reviewed-by: Don Slice <dslice@cumulusnetworks.com>
Introduce a new command "interface IFNAME vrf N" to configure an
interface in the non-default VRF.
Till now, only zebra uses this command. Other daemons will install
the command when they support multiple VRFs.
Signed-off-by: Feng Lu <lu.feng@6wind.com>
Reviewed-by: Alain Ritoux <alain.ritoux@6wind.com>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Acked-by: Vincent JARDIN <vincent.jardin@6wind.com>
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Conflicts:
zebra/interface.c
There exists a sequence of cli commands that are successfully read in by bgpd.conf, but
not by a consolidated Quagga.conf.
This issue stems from the fact that the consolidated config file attempts to match the
current node + 1 node up the tree, while the individual config file searches for matches
all the way up the tree.
Quagga.conf read-in relies on vtysh_cmd.c command parsing which puts all nodes
at CONFIG_NODE and if a match is found CMD_SUCCESS_DAEMON is returned. This signals to
the parser to call the appropriate daemon with the comamnd.
bgp as an example has three levels of config node's. If you are reading in a config node
at the 3rd level(say address-family ipv6) then transition to another node under bgp it will
not work in Quagga.conf because the code only looked up one node and was at CONFIG_BGP when it failed
to find a match.
Ticket: CM-7625
Reviewed by: CCR-3591
Testing: See Bug
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Reviewed-by: Daniel Walton <dwalton@cumulusnetworks.com>
When executing a 'show run' or 'write terminal' you see the
entire integrated config. You have no way of knowing what an
individual daemon is going to write until after you do a write
of config to disk if you are not using an integrated configuration.
This change allows the end-user to do such a thing.
Ticket: CM-7597
Reviewed-by: CCR-3561
Testing: See Bug
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Ticket: CM-7135
Reviewed-by: CCR-3367
Testing: See Bug
The commands 'show work-queues' and 'show thread cpu X' were missing
from vtysh but available from the telnet cli.
Ticket: CM-6926
Reviewed By: CCR-3328
Tested: See bug
Restrict Shell access to those people who intentionally turn it on.
As that it can be used as a exploit to elevate permissions
The vtysh commands:
service integrated-vtysh-config
hostname XXXX
were not being written to the /etc/quagga/Quagga.conf file with a wr mem
when service integrated-vtysh-config was issued. This patch fixes this
issue
VTYSH: Add support for marking a file with appropriate end of context
To support applying only differences to the existing config, this patch
enables supplying the appropriate end markers to a provided file (or
stdin). By end markers, I mean, adding "end" and "exit-address-family"
at the appropriate places in the configuration to ease finding the
differences with the running configuration.
