Use `args->errmsg` instead of just `zlog_info` for registering the error
so the users don't need to check their log files.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
We can make the Linux kernel send an ARP/NDP request by adding
a neighbour with the 'NUD_INCOMPLETE' state and the 'NTF_USE' flag.
This commit adds new dataplane operation as well as new zapi message
to allow other daemons send ARP/NDP requests.
Signed-off-by: Jakub Urbańczyk <xthaid@gmail.com>
There are situations where POLLERR will be returned. But
since we were not handling it. Thread processing effectively
is turned into an infinite loop, which is bad.
Modify the code so that if we receive a POLLERR we turn it
into a read event to be handled as an error from the handler
function.
This was discovered in pim:
Thread statistics for pimd:
Showing poll FD's for main
--------------------------
Count: 14/1024
0 fd: 9 events: 1 revents: 0 mroute_read
1 fd: 12 events: 1 revents: 0 vty_accept
2 fd: 13 events: 1 revents: 0 vtysh_accept
3 fd: 11 events: 1 revents: 0 zclient_read
4 fd: 15 events: 1 revents: 0 mroute_read
5 fd: 16 events: 1 revents: 0 mroute_read
6 fd: 17 events: 1 revents: 0 pim_sock_read
7 fd: 19 events: 1 revents: 0 pim_sock_read
8 fd: 21 events: 1 revents: 0 pim_igmp_read
9 fd: 22 events: 1 revents: 0 pim_sock_read
10 fd: 23 events: 1 revents: 0 pim_sock_read
11 fd: 20 events: 1 revents: 0 vtysh_read
12 fd: 18 events: 1 revents: 0 pim_sock_read
13 fd: 24 events: 0 revents: 0
strace was showing this line over and over and over:
poll([{fd=9, events=POLLIN}, {fd=12, events=POLLIN}, {fd=13, events=POLLIN}, {fd=11, events=POLLIN}, {fd=15, events=POLLIN}, {fd=16, events=POLLIN}, {fd=17, events=POLLIN}, {fd=19, events=POLLIN}, {fd=21, events=POLLIN}, {fd=22, events=POLLIN}, {fd=23, events=POLLIN}, {fd=20, events=POLLIN}, {fd=18, events=POLLIN}, {fd=6, events=POLLIN}], 14, 20) = 1 ([{fd=21, revents=POLLERR}])
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Somewhere along the way the indentation for comments got
all messed up. Let's make it follow our standards and
also look right too.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
For the sake of Segment Routing (SR) and Traffic Engineering (TE)
Policies there's a need for additional infrastructure within zebra.
The infrastructure in this PR is supposed to manage such policies
in terms of installing binding SIDs and LSPs. Also it is capable of
managing MPLS labels using the label manager, keeping track of
nexthops (for resolving labels) and notifying interested parties about
changes of a policy/LSP state. Further it enables a route map mechanism
for BGP and SR-TE colors such that learned BGP routes can be mapped
onto SR-TE Policies.
This PR does not introduce any usable features by now, it is just
infrastructure for other upcoming PRs which will introduce 'pathd',
a new SR-TE daemon.
Co-authored-by: Renato Westphal <renato@opensourcerouting.org>
Co-authored-by: GalaxyGorilla <sascha@netdef.org>
Signed-off-by: Sebastien Merle <sebastien@netdef.org>
1. BGP informs zebra if a MAC-IP is a SYNC path and if it active on the
ES peer.
2. Zebra sends paths that are "local-inactive" with the proxy flag to
BGP.
Signed-off-by: Anuradha Karuppiah <anuradhak@cumulusnetworks.com>
The `struct evpn_ead_addr` structure had a prefix length
associated with it. This value was only ever set never
used. Remove this from our system. The other
nice thing about this change is that it puts back
the sizeof struct route_node to 192 bytes.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
1. Local ethernet segments are configured in zebra by attaching a
local-es-id and sys-mac to a access interface -
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
!
interface hostbond1
evpn mh es-id 1
evpn mh es-sys-mac 00:00:00:00:01:11
!
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
This info is then sent to BGP and used for the generation of EAD-per-ES
routes.
2. Access VLANs associated with an (ES) access port are translated into
ES-EVI objects and sent to BGP. This is used by BGP for the
generation of EAD-EVI routes.
3. Remote ESs are imported by BGP and sent to zebra. A list of VTEPs
is maintained per-remote ES in zebra. This list is used for the creation
of the L2-NHG that is used for forwarding traffic.
4. MAC entries with a non-zero ESI destination use the L2-NHG associated
with the ESI for forwarding traffic over the VxLAN overlay.
Please see zebra_evpn_mh.h for the datastruct organization details.
Signed-off-by: Anuradha Karuppiah <anuradhak@cumulusnetworks.com>
This is the base patch that brings in support for Type-1 routes.
It includes support for -
- Ethernet Segment (ES) management
- EAD route handling
- MAC-IP (Type-2) routes with a non-zero ESI i.e. Aliasing for
active-active multihoming
- Initial infra for consistency checking. Consistency checking
is a fundamental feature for active-active solutions like MLAG.
We will try to levarage the info in the EAD-ES/EAD-EVI routes to
detect inconsitencies in access config across VTEPs attached to
the same Ethernet Segment.
Functionality Overview -
========================
1. Ethernet segments are created in zebra and associated with
access VLANs. zebra sends that info as ES and ES-EVI objects to BGP.
2. BGP advertises EAD-ES and EAD-EVI routes for the locally attached
ethernet segments.
3. Similarly BGP processes EAD-ES and EAD-EVI routes from peers
and translates them into ES-VTEP objects which are then sent to zebra
as remote ESs.
4. Each ES in zebra is associated with a list of active VTEPs which
is then translated into a L2-NHG (nexthop group). This is the ES
"Alias" entry
5. MAC-IP routes with a non-zero ESI use the alias entry created in
(4.) to forward traffic i.e. a MAC-ECMP is done to these remote-ES
destinations.
EAD route management (route table and key) -
============================================
1. Local EAD-ES routes
a. route-table: per-ES route-table
key: {RD=ES-RD, ESI, ET=0xffffffff, VTEP-IP)
b. route-table: per-VNI route-table
Not added
c. route-table: global route-table
key: {RD=ES-RD, ESI, ET=0xffffffff)
2. Remote EAD-ES routes
a. route-table: per-ES route-table
Not added
b. route-table: per-VNI route-table
key: {RD=ES-RD, ESI, ET=0xffffffff, VTEP-IP)
c. route-table: global route-table
key: {RD=ES-RD, ESI, ET=0xffffffff)
3. Local EAD-EVI routes
a. route-table: per-ES route-table
Not added
b. route-table: per-VNI route-table
key: {RD=0, ESI, ET=0, VTEP-IP)
c. route-table: global route-table
key: {RD=L2-VNI-RD, ESI, ET=0)
4. Remote EAD-EVI routes
a. route-table: per-ES route-table
Not added
b. route-table: per-VNI route-table
key: {RD=0, ESI, ET=0, VTEP-IP)
c. route-table: global route-table
key: {RD=L2-VNI-RD, ESI, ET=0)
Please refer to bgp_evpn_mh.h for info on how the data-structures are
organized.
Signed-off-by: Anuradha Karuppiah <anuradhak@cumulusnetworks.com>
This api was earlier present in the daemon code but as multiple daemons
need it moving it to lib will avoid unnecessary copy-paste.
Signed-off-by: Anuradha Karuppiah <anuradhak@cumulusnetworks.com>
In the global evpn routing table RD is part of the key. However in the
per-VNI routing table the key doesn't include the RD and we need more
than the ESI to distinguish between EAD routes from different VTEPs
attached to the same Ethernet Segment.
This commit also includes other definitions needed for managing an
ESI.
Signed-off-by: Anuradha Karuppiah <anuradhak@cumulusnetworks.com>
In most cases this memory is pre-allocated along with the base element.
Similarly it is stored in the base element to allow efficient del
without lookup (main reason for using DLL vs. SLL).
So (in most cases) there should be no need to manage the element/data
and listnode memories separately.
Signed-off-by: Anuradha Karuppiah <anuradhak@cumulusnetworks.com>
New macros have been added for the following -
1. to efficiently iterate and execute functions on already set bits
2. to check if a bit is in use
3. to check if a bitfield has been initialized (this is to safetly
handle cases where the bitfield is freed and re-allocated).
4. to check if two bitfields have the same bits set
Signed-off-by: Anuradha Karuppiah <anuradhak@cumulusnetworks.com>
Revert "zebra: support for macvlan interfaces"
This reverts commit bf69e212fd.
Revert "doc: add some documentation about bgp evpn netns support"
This reverts commit 89b97c33d7.
Revert "zebra: dynamically detect vxlan link interfaces in other netns"
This reverts commit de0ebb2540.
Revert "bgpd: sanity check when updating nexthop from bgp to zebra"
This reverts commit ee9633ed87.
Revert "lib, zebra: reuse and adapt ns_list walk functionality"
This reverts commit c4d466c830.
Revert "zebra: local mac entries populated in correct netnamespace"
This reverts commit 4042454891.
Revert "zebra: when parsing local entry against dad, retrieve config"
This reverts commit 3acc394bc5.
Revert "bgpd: evpn nexthop can be changed by default"
This reverts commit a2342a2412.
Revert "zebra: zvni_map_to_vlan() adaptation for all namespaces"
This reverts commit db81d18647.
Revert "zebra: add ns_id attribute to mac structure"
This reverts commit 388d5b438e.
Revert "zebra: bridge layer2 information records ns_id where bridge is"
This reverts commit b5b453a2d6.
Revert "zebra, lib: new API to get absolute netns val from relative netns val"
This reverts commit b6ebab34f6.
Revert "zebra, lib: store relative default ns id in each namespace"
This reverts commit 9d3555e06c.
Revert "zebra, lib: add an internal API to get relative default nsid in other ns"
This reverts commit 97c9e7533b.
Revert "zebra: map vxlan interface to bridge interface with correct ns id"
This reverts commit 7c990878f2.
Revert "zebra: fdb and neighbor table are read for all zns"
This reverts commit f8ed2c5420.
Revert "zebra: zvni_map_to_svi() adaptation for other network namespaces"
This reverts commit 2a9dccb647.
Revert "zebra: display interface slave type"
This reverts commit fc3141393a.
Revert "zebra: zvni_from_svi() adaptation for other network namespaces"
This reverts commit 6fe516bd4b.
Revert "zebra: importation of bgp evpn rt5 from vni with other netns"
This reverts commit 28254125d0.
Revert "lib, zebra: update interface name at netlink creation"
This reverts commit 1f7a68a2ff.
Signed-off-by: Pat Ruddy <pat@voltanet.io>
When you make a change to a route-map or a prefix-list it depends on, note
that the route-map needs to be reprocessed for the change.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Added a macro to validate the v4 mapped v6 address.
Modified bgp receive & send updates for v4 mapped v6 address as
nexthop and installing it as recursive nexthop in RIB.
Minor change in fpm while sending the routes for nexthop as
v4 mapped v6 address.
Signed-off-by: Kaushik <kaushik@niralnetworks.com>
When using the default CLI mode, the northbound layer needs to create
a separate transaction to process each YANG-modeled command since
they are supposed to be applied immediately (there's no candidate
configuration nor the "commit" command like in the transactional
CLI). The problem is that configuration transactions have an overhead
associated to them, in big part because of the use of some heavy
libyang functions like `lyd_validate()` and `lyd_diff()`. As of
now this overhead is substantial and doesn't scale well when large
numbers of transactions need to be performed in sequence.
As an example, loading 50k prefix-lists using a single transaction
takes about 2 seconds on a modern CPU. Loading the same 50k
prefix-lists using 50k transactions can take more than an hour
to complete (which is unacceptable by any standard). To fix this
problem, some heavy optimization work needs to be done on libyang and
on the FRR northbound itself too (e.g. perform partial configuration
diffs whenever possible). This, however, should be a long term
effort since these optimizations shouldn't be trivial to implement
and we're far from having the performance numbers we need.
In the meanwhile, this commit introduces a simple but efficient
workaround to alleviate the issue. In short, a new back-off timer
was introduced in the CLI to monitor and detect when too many
YANG-modeled commands are being received at the same time. When
a certain threshold is reached (100 YANG-modeled commands within
one second), the northbound starts to group all subsequent commands
into a single large transaction, which allows them to be processed
much faster (e.g. seconds and not hours). It's essentially a
protection mechanism that creates dynamically-sized transactions
when necessary to prevent performance issues from happening. This
mechanism is enabled both when parsing configuration files and when
reading commands from a terminal.
The downside of this optimization is that, if several YANG-modeled
commands are grouped into the same transaction and at least one of
them fails, the whole transaction is rejected. This is undesirable
since users don't expect transactional behavior when that's not
enabled explicitly. To minimize this issue, the CLI will log all
commands that were rejected whenever that happens, to make the
user aware of what happened and have enough information to fix
the problem. Commands that fail due to parsing errors or CLI-level
validations in general are rejected separately.
Again, this proposed workaround is intended to be temporary. The
goal is to provided a quick fix to issues like #6658 while we work
on better long-term solutions.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
DEFPY_YANG will allow the CLI to identify which commands are
YANG-modeled or not before executing them. This is going to be
useful for the upcoming configuration back-off timer work that
needs to commit pending configuration changes before executing a
command that isn't YANG-modeled.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
BGP Yang is using sub modules and at present FRR is not processing
submodules in embedded framework yang
Signed-off-by: VishalDhingra <vdhingra@vmware.com>
Move pim and igmp yang files registery to appropriate makefiles.
In yang directory makefile move under `PIMD`
Remove pimd yang files from library makefile instead move them
to pimd makefile.
Signed-off-by: Chirag Shah <chirag@cumulusnetworks.com>
This adds -N and --netns options to watchfrr, allowing it to start
daemons with -N and switching network namespaces respectively.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Currently, all DEFPY commands are translated into one-liners in
vtysh_cmd.c. After the patch, DEFPY commands are correctly indented just
like DEFUN/ALIAS commands.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
... this didn't work on NetBSD. Like, at all. It returns a positive
error code from posix_fallocate() and then we bang our head against a
brick wall trying to write to the mmap'd buffer.
Signed-off-by: David Lamparter <equinox@diac24.net>
Merge the cisco style access list with zebra's logic so we can mix both
types of rules while keeping the commands.
With this the cisco style limitation of having 'destination-*' only for
specific number ranges no longer exist for users of YANG/northbound (the
CLI still has this limitation).
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
Initial changes to support a nexthop with multiple backups. Lib
changes to hold a small array in each primary, zapi message
changes to support sending multiple backups, and daemon
changes to show commands to support multiple backups. The config
input for multiple backup indices is not present here.
Signed-off-by: Mark Stapp <mjs@voltanet.io>
* add a vrf sub-command `[no] ipv6 router-id X:X::X:X`.
* add command `[no] ipv6 router-id X:X::X:X [vrf NAME]` for backward
compatibility.
* add a vrf sub-command `[no] ip router-id A.B.C.D` and make the old
one without `ip` an alias for it.
* add a command `[no] ip router-id A.B.C.D [vrf NAME]` for backward
comptibility and make the old one without `ip` an alias for it.
* add command `show ip router-id [vrf NAME]` and make
the old one without `ip` an alias for it.
* add command `show ipv6 router-id [vrf NAME]`.
* add ZAPI commands `ZEBRA_ROUTER_ID_V6_ADD`,
`ZEBRA_ROUTER_ID_V6_DELETE` and `ZEBRA_ROUTER_ID_V6_UPDATE`
for deamons to get notified of the IPv6 router-id.
* update zebra documentation.
Signed-off-by: Sebastien Merle <sebastien@netdef.org>
Include any installed backups when updating the local kernel
after processing an async notification. This includes routes'
nexthops and LSPs' nhlfes.
Add the 'b' character to the route show display and header to
indicate backup nexthops.
Signed-off-by: Mark Stapp <mjs@voltanet.io>
1. Modifies the data structs to make the distance, tag and table-id
property of a route, i.e created a hireachical data struct to save
route and nexthop information.
2. Backend northbound implementation
Signed-off-by: VishalDhingra <vdhingra@vmware.com>
Extend PBR maps to discriminate by Differentiated Services Code Point and / or
Explicit Congestion Notification fields. These fields are used in the IP header
for classifying network traffic.
0 1 2 3 4 5 6 7
+-----+-----+-----+-----+-----+-----+-----+-----+
| DS FIELD, DSCP | ECN FIELD |
+-----+-----+-----+-----+-----+-----+-----+-----+
DSCP: differentiated services codepoint
ECN: Explicit Congestion Notification
Signed-off-by: Wesley Coakley <wcoakley@nvidia.com>
Signed-off-by: Saurav Kumar Paul <saurav@cumulusnetworks.com>
While iteratively looking for a best match route-map index amongst
a list of potential best match route-map indices, if a candidate
best match index is already found, disregard the value returned by
the function route_map_apply_match() if it returns either RMAP_NOOP
or RMAP_NOMATCH in the following iterations.
This is because if a best match route-map index is found then, the
return value must always be set to RMAP_MATCH.
Signed-off-by: NaveenThanikachalam <nthanikachal@vmware.com>
Remove mid-string line breaks, cf. workflow doc:
.. [#tool_style_conflicts] For example, lines over 80 characters are allowed
for text strings to make it possible to search the code for them: please
see `Linux kernel style (breaking long lines and strings)
<https://www.kernel.org/doc/html/v4.10/process/coding-style.html#breaking-long-lines-and-strings>`_
and `Issue #1794 <https://github.com/FRRouting/frr/issues/1794>`_.
Scripted commit, idempotent to running:
```
python3 tools/stringmangle.py --unwrap `git ls-files | egrep '\.[ch]$'`
```
Signed-off-by: David Lamparter <equinox@diac24.net>
BFD profiles can now be used on the interface level like this:
interface eth1
ip router isis 1
isis bfd
isis bfd profile default
Here the 'default' profile needs to be specified as usual in the
bfdd configuration.
Signed-off-by: GalaxyGorilla <sascha@netdef.org>
It is possible that the same VRF exists in one daemon and doesn't exist
in another. In this case, "no vrf NAME" command execution will stop on
the first daemon without the VRF and it won't be possible to delete the
VRF from other daemons.
Such behavior can be reproduced with the following steps:
```
# ip link add test type vrf table 1
# vtysh -c "conf t" -c "vrf test" -c "ip route 1.1.1.1/32 blackhole"
# vtysh -c "show run"
...
vrf test
ip route 1.1.1.1/32 blackhole
exit-vrf
!
...
# ip link del test
# vtysh -c "conf t" -c "no vrf test"
% VRF test does not exist
# vtysh -c "show run"
...
vrf test
ip route 1.1.1.1/32 blackhole
exit-vrf
!
...
```
This commit fixes the issue by returning success from "no vrf" command
when VRF doesn't exist.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Block signals in child/additional pthreads; frr daemons generally
expect that only the main thread will handle signals.
Signed-off-by: Mark Stapp <mjs@voltanet.io>
Route map entries are not getting a chance to call `description` string
deallocation on shutdown or when the parent entry is destroyed, so lets
add a code to handle this in the `route_map_index_delete` function.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
rpki vrf subnode is instantiated under the vrf subnode.
It it to be noted that this commit contains a change in vtysh.
Actually, the output of bgp daemon from show running-config is extracted
in vtysh, and reengineered ( hence the vtysh_config.c change done). This
permits having a subnode under vrf sub node.
Also, add vrf node support to bgpd, as rpki command can not be found
under vrf node.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
a missing '!' operator was making any STREAM_GETF fail
when in fact it should have succeeded. As a consequence
of this, for example, many link-params of an interface
were not being read and populated.
Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
A new config option `--disable-version-build-config`
allows you to show short version string by dropping
"configured with:" and all of its build configs
Signed-off-by: Jafar Al-Gharaibeh <jafar@atcorp.com>
Unfortunately, the way the frr-format plugin is set up, snprintf() with
PRId64 can generate false warnings :|. Easy workaround is to use
snprintfrr().
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Add the proper handling for cases where user forgets or doesn't have the
pointer needed to call the library function.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
A couple of daemons take/use no capabilities/privs; allow cleanup
of the privs/capabilities library module even if a daemon has no
caps.
Signed-off-by: Mark Stapp <mjs@voltanet.io>
Fix a number of library and daemon issues so that daemons can
call frr_fini() during normal termination. Without this,
temporary logging files are left behind in /var/tmp/frr/.
Signed-off-by: Mark Stapp <mjs@voltanet.io>
... it contains our pid, so doing it before fork leads to littering
buffers since we try to clean up with the forked pid...
Fixes: #6541
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Start modifying the OPAQUE zapi message to include optional
unicast destination zapi client info. Add a 'decode' api and
opaque msg struct to encapsulate that optional info.
Signed-off-by: Mark Stapp <mjs@voltanet.io>
Change name of an opaque zapi api to 'decode' to align with the
other zapi message parsing apis. Missed that in the original
opaque commits.
Signed-off-by: Mark Stapp <mjs@voltanet.io>
We can avoid a big amount of `snprintf` by using relative XPath in
`nb_cli_apply_changes`.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
`acl_get_seq` should be able to get the sequence number from candidate
configuration without needing to commit anything midway.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
Lets just use them directly to avoid extra code and to be extra clear
that we are using those callbacks.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
Some tests expect that a prefix list structure is gone after all its
entries are removed, so lets keep that behaviour.
NOTE: users using YANG/northbound directly without CLI won't be
affected.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
Changes:
- Move the `TODO` to the appropriated place and hint how to resolve
it.
- Apply mask to prefix when storing it in the data structures. We
can't just add a validation for it otherwise it will break old
CLIs.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
Changes:
- Refactor list entry deletion to use a function that properly notifies
route map on deletion (fixes a heap-use-after-free).
- Prefix list entry wild card sets `le` to maximum IP mask value and
`any` is a boolean.
- Fix prefix list trie removal order (in `prefix_list_entry_update_start`).
- Let only the `any` callback change the value of field `any`.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
- Show the correct cisco style access list extended information.
- `assert` action so static analyzer doesn't complain about possible
NULL usage.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
After the commands started working I noticed that prefix lists were
still not working and displaying incorrect information in
`show ip prefix-list`.
Turns out `any` must be set to `0` when a prefix is set and the prefix
entry **must** be installed in the prefix list head.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
Based on the function `prefix_list_entry_add` and
`prefix_list_entry_delete` it was created two functions to replicate
its functionality without the assumption we are always alocating a new
prefix list entry.
Since the prefix list entry is stored in the YANG private data
structures, we want to avoid the allocation/free of memory that is
hold by the schema.
Every time a prefix list entry values change we must call
`prefix_list_entry_update_start` to uninstall the entry from prefix
list internal structures and then call
`prefix_list_entry_update_finish` to put them back.
The variable `installed` in the prefix list entry tracks the
installation status of the internal structure. It is possible that a
user unconfigures or forgets to add a `prefix` value and so we can't
install the entry until then.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
Copy & paste mistake: MAC commands need `X:X:X:X:X:X` and not
`X:X::X:X/M` types. Also, MAC access-list don't use `exact-match`.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
Implement the commands `no ... remark LINE` for cisco and zebra style
access lists to match `ipX prefix-list description LINE` command set.
It useful when you just want to go through the command history and
prepend a `no` to a `remark` or `description` command. Example:
```
access-list foo remark just another acl
!
! ...
!
! Suddenly we decide we no longer think that remark is useful,
! lets press up key to find that line in history and append `no`:
no access-list foo remark just another acl
```
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
Bump the size of the buffers so the new compilers don't complain about
possible truncation:
```
lib/filter_cli.c: In function ‘ipv6_prefix_list_magic.isra.0’:
lib/filter_cli.c:1336:5: error: ‘%lld’ directive output may be truncated writing between 1 and 20 bytes into a region of size between 16 and 527 [-Werror=format-truncation=]
1336 | "%s/entry[sequence='%" PRId64 "']", xpath, sseq);
| ^~~~~~~~~~~~~~~~~~~~~~
lib/filter_cli.c:1336:25: note: format string is defined here
1336 | "%s/entry[sequence='%" PRId64 "']", xpath, sseq);
lib/filter_cli.c:1336:5: note: directive argument in the range [-9223372036854775803, 9223372036854775807]
1336 | "%s/entry[sequence='%" PRId64 "']", xpath, sseq);
| ^~~~~~~~~~~~~~~~~~~~~~
```
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
Changes:
- Use `description` on CLI but `remark` on YANG like access-list (also
because `description` is a reserved word).
- Rename YANG model field and northbound code.
- Fix wrong sequence type get.
- Fix wrong action XPath in action callback.
- Fix wrong concat in (ipv6|mac) access-list.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
Use northbound to write the configuration from now on. While here, fix
how `exact-match` configuration is being created.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
Look up next sequence number by checking XPath instead of trying to
access unallocated context data structures.
This only applies for creation, on destroy the data structures must be
there.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
Changes:
- Remove unused variable.
- Make prototypes static like the declaration.
- Fix new compilers complaint about uninitialized values.
- Fix new compilers complaint about small buffer for `snprintf` concatenation.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
Don't auto remove filter main access list data structure, it has to be
done manually (or via northbound).
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
All userdata pointers need to be rekeyed to their new xpaths, not just
the one associated with the dnode being moved.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Recent rework of access lists to allow sequence numbers
accidently introduced the inability to delete some
access lists.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Add a zapi message type designed to carry opaque data. Add
'send' api, and prototype for client handler function. Also
add registration/unreg messages, so that clients can 'subscribe'
to receive these messages as they're passing through zebra.
Signed-off-by: Mark Stapp <mjs@voltanet.io>
Add utilities that init and deinit a stream_fifo - this lets us
use an on-stack fifo in some places, avoiding malloc'ing. Also
add const to some apis (no functional changes there).
Signed-off-by: Mark Stapp <mjs@voltanet.io>
Provide a way for the data plane to indicate pseudowire
status (such as: not forwarding, AC failure).
On a data plane pseudowire install failure, data plane
sets the pseudowire status.
Zebra relays the pseudowire status to LDP.
LDP includes the pseudowire status in the LDP notification
to the LDP peer.
Signed-off-by: Karen Schoener <karen@voltanet.io>
Implement the infrastructure for other protocols daemon (e.g. `bgpd`,
`ospfd`, `isisd` etc...) to communicate to BFD daemon which profile
they want to use with their peers.
It was also added the ability for protocols to change profile while
running (no need to remove the registration and then register again).
The protocols message building function was rewritten to support
multiple arguments through `struct bfd_session_arg`, so we can
implement new features without the need of changing function
prototypes. The old function was also rewritten to keep
compatibility.
The profile message part is only available for BFD daemon at the
moment.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
Each northbound callback has a set of valid return values, some of
which might depend on the transaction phase. The valid return values
for each callback are documented in the northbound main header.
Add some code to detect when a callback returns an unexpected value
and log the occurrence. This should help us to identify and fix
such problems.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
The northbound configuration callbacks should now print error
messages to the provided buffer (args->errmsg) instead of logging
them directly. This will allow the northbound layer to forward the
error messages to the northbound clients in addition to logging them.
NOTE: many callbacks are returning errors without providing any
error message. This needs to be fixed long term.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Instead of returning only error codes (e.g. NB_ERR_VALIDATION)
to the northbound clients, do better than that and also return
a human-readable error message. This should make FRR more
automation-friendly since operators won't need to dig into system
logs to find out what went wrong in the case of an error.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
The new northbound context structure contains information about
the client performing a configuration transaction. This information
will be made available to all configuration callbacks through the
args->context parameter.
The usefulness of this structure comes from the fact that it can be
used as a communication channel (both input and output) between the
northbound callbacks and the northbound clients. This can be done
through its "client_data" field which contains client-specific data.
This should cover some very specific scenarios where a northbound
callback should perform an action only if the configuration change
is coming from a given client. An example would be sending a PCEP
response to a PCE when an SR-TE policy is created or modified
through the PCEP northbound client (for that to happen, the
northbound callbacks need to have access to the PCEP request ID,
which needs to be available).
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
`debug zebra packet detail` dumps the full message whereas
it had been dropping exactly 10 bytes, the size of the zebra header
Signed-off-by: Wesley Coakley <wcoakley@cumulusnetworks.com>
Revise new `show pbr` keys to be consistent with existing
json in other daemons
target->nexthop
id->tableId (where relevant)
isValid->valid
isInstalled->installed
Signed-off-by: Wesley Coakley <wcoakley@cumulusnetworks.com>
Increased the verbosity of the json keys and flattened the returned
structure by removing superfluous keys.
Signed-off-by: Wesley Coakley <wcoakley@cumulusnetworks.com>
The route-map optimization is not equipped to match IPv6 next-hop
criteria while evaluating IPv4 routes with IPv6 next-hops.
Similary, it is also not equipped to match IPv4 next-hop criteria
while evaluating IPv6 routes with IPv4 next-hops.
This change addresses these issues.
Signed-off-by: NaveenThanikachalam <nthanikachal@vmware.com>
in the CLI we state that the bandwidth of a link is
in Megabits per second, but when converting it to
Bytes per second for TE purposes we were treating
it as Kilobits. Fix the conversion error.
Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
the interface name was not present in the hook in charge of updating the
interface context to the registered hook service. For that, update the
name before informing it.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
the walk routine is used by vxlan service to identify some contexts in
each specific network namespace, when vrf netns backend is used. that
walk mechanism is extended with some additional paramters to the walk
routine.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
when receiving a netlink API for an interface in a namespace, this
interface may come with LINK_NSID value, which means that the interface
has its link in an other namespace. Unfortunately, the link_nsid value
is self to that namespace, and there is a need to know what is its
associated nsid value from the default namespace point of view.
The information collected previously on each namespace, can then be
compared with that value to check if the link belongs to the default
namespace or not.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
to be able to retrieve the network namespace identifier for each
namespace, the ns id is stored in each ns context. For default
namespace, the netns id is the same as that value.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
as remind, the netns identifiers are local to a namespace. that is to
say that for instance, a vrf <vrfx> will have a netns id value in one
netns, and have an other netns id value in one other netns.
There is a need for zebra daemon to collect some cross information, like
the LINK_NETNSID information from interfaces having link layer in an
other network namespace. For that, it is needed to have a global
overview instead of a relative overview per namespace.
The first brick of this change is an API that sticks to netlink API,
that uses NETNSA_TARGET_NSID. from a given vrf vrfX, and a new vrf
created vrfY, the API returns the value of nsID from vrfX, inside the
new vrf vrfY.
The brick also gets the ns id value of default namespace in each other
namespace. An additional value in ns.h is offered, that permits to
retrieve the default namespace context.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
With vrf-lite mechanisms, it is possible to create layer 3 vnis by
creating a bridge interface in default vr, by creating a vxlan interface
that is attached to that bridge interface, then by moving the vxlan
interface to the wished vrf.
With vrf-netns mechanism, it is slightly different since bridged
interfaces can not be separated in different network namespaces. To make
it work, the setup consists in :
- creating a vxlan interface on default vrf.
- move the vxlan interface to the wished vrf ( with an other netns)
- create a bridge interface in the wished vrf
- attach the vxlan interface to that bridged interface
from that point, if BGP is enabled to advertise vnis in default vrf,
then vxlan interfaces are discovered appropriately in other vrfs,
provided that the link interface still resides in the vrf where l2vpn is
advertised.
to import ipv4 entries from a separate vrf, into the l2vpn, the
configuration of vni in the dedicated vrf + the advertisement of ipv4
entries in bgp vrf will import the entries in the bgp l2vpn.
the modification consists in parsing the vxlan interfaces in all network
namespaces, where the link resides in the same network namespace as the
bgp core instance where bgp l2vpn is enabled.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Synchronous GRPC services are called from arbitrary threads. This makes
access to anything outside the GRPC module unsafe. We need to convert
the plugin to use the async model that allows us to control our own
threads.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
start grpc thread with frr_pthread library
callbacks to integrate with rcu infrastructure.
If a thread is created using native pthread callbacks
and if zlog is used then it leads to crash.
Signed-off-by: Chirag Shah <chirag@cumulusnetworks.com>
Some CPP compilers don't support these designated initializers, since
we're just zero initializing don't need em
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Based on work originally by Mark Stapp <mjs@voltanet.io>.
Make it possible to iterate the typesafe lists in a const
context, as well as find items from them.
Signed-off-by: Mark Stapp <mjs@voltanet.io>
[above signoff was for the original version before modification]
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
This is an implementation of the IS-IS SR draft [1] for FRR.
The following features are supported:
* IPv4 and IPv6 Prefix-SIDs;
* IPv4 and IPv6 Adj-SIDs and LAN-Adj-SIDs;
* Index and absolute labels;
* The no-php and explicit-null Prefix-SID flags;
* Full integration with the Label Manager.
Known limitations:
* No support for Anycast-SIDs;
* No support for the SID/Label Binding TLV (required for LDP interop).
* No support for persistent Adj-SIDs;
* No support for multiple SRGBs.
[1] draft-ietf-isis-segment-routing-extensions-25
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Parameters should be const whenever possible to improve code
readability and remove the need to cast away the constness of
const arguments.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
All custom "exit-*" commands that exit from a YANG-modeled
CLI node need to use cmd_exit() to ensure the CLI xpath index
(vty->xpath_index) will be updated accordingly.
Fixes#6316.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
This reverts commit d741915ecd.
This is because it breaks this behavior:
router ospf6
<commands>
!
int enp39s0
<more commands>
!
This is a very legal set of commands and completely destroys the
ability to do this.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
These are easy to get subtly wrong, and doing so can cause
nondeterministic failures when racing in parallel builds.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
