There is really no reason to not put this in the cmd_node.
And while we're add it, rename from pointless ".func" to ".config_write".
[v2: fix forgotten ldpd config_write]
Signed-off-by: David Lamparter <equinox@diac24.net>
The only nodes that have this as 0 don't have a "->func" anyway, so the
entire thing is really just pointless.
Signed-off-by: David Lamparter <equinox@diac24.net>
Separate out the `set *` and `no set *` commands into
different DEFPYs to make the logic of the code easier to
read.
Further, allow non-exlpicit no commands.
So `no set nexthop`, `no set nexthop-group`, and
`no set vrf` will now work without having to specify
anymore data. Before you had to match what was already
there explicitly.
Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
Implement the ability to replace any existing `set *` or
`match` with another one or adding more config without having
to first delete the original config already there.
Before, we needed to constantly execute a `no` command for everything
to remove the rule before making changes to it. With this
patch, you can replace configs on individual sequences much
easier.
Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
We were doing a bunch of gotos in the set vrf configcode.
The code got complex enough that just returning is easier to read.
Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
Properly handle the case where we are sent the same `set vrf`
configs for a pbr map repeatedly. If we are sent the same
config, we return successfully without doing anyting.
If the config is different and its not a [no], then return failure
as we did before since we don't support atomic replace yet.
Before, we would fail anytime even if the config sent was the same
as is already there. This would cause frr-reload to mark as a
failure when it tried to re-apply the same config.
Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
Implement the [no] version of `pbr table range`. We had the command
but were doing nothing with it.
This just calls the set_table_range API again using the defaults.
Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
Change the pbr map validity state to indicate yes/no
rather than 1/0 in the `show pbr map` command.
Humans aren't robots, so don't use binary.
Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
We were using a mix of spaces and tabsin show pbr map vty output.
Tabs can be inconsistent depending on the system settings.
Using spaces is a safer option for more consistent output.
Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
Refactor the pbr_map and pbr_map_sequence vty output
into some functions to make the code a bit easier to read.
Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
We were missing some newlines in handling vty outputs
for the `set nexthop*` commands. Add them in there.
Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
The vty description for the `set match dst-ip` command was
using "src ip" in its description. Change it to use "dst ip".
Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
Also don't silently fail when we attempt to atomically change
a match MARK to a new one.
We would overwrite the frist one but never actually install it.
Change it to explicitly fail if a config is already present for
now.
Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
Currently pbrd does not support the abilitity to make atomic
changes to a config.
ex)
`match src-ip 1.1.1.1/32`
`match src-ip 1.1.1.0/24`
We would overwrite the first one but never actually install it.
In the `set nexthop commands` we explicitly fail if there is
already a `set nexthop` config present. This patch extends the
match src/dest-ip configs to do the same.
In the future we should make all these commands atomic but for
now its better to not fail silently at the very least.
Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
`set vrf NAME` allows the pbr map to point to an arbitrary vrf table.
`set vrf unchanged` will use the interface's vrf for table lookup.
Further, add functionality for pbr to respond to interface events
such as interface vrf changes & interface creation/deletion.
Ex)
ubuntu_nh# show pbr map
pbr-map TEST valid: 1
Seq: 1 rule: 300 Installed: 3(1) Reason: Valid
SRC Match: 3.3.3.3/32
VRF Unchanged (use interface vrf)
pbr-map TEST2 valid: 1
Seq: 2 rule: 301 Installed: 3(2) Reason: Valid
SRC Match: 4.4.4.4/32
VRF Lookup: vrf-red
root@ubuntu_nh:/home# ip rule show
0: from all lookup local
300: from 3.3.3.3 iif dummy2 lookup main
300: from 3.3.3.3 iif dummyVRF lookup 1111
301: from 4.4.4.4 iif dummy1 lookup 1111
301: from 4.4.4.4 iif dummy3 lookup 1111
Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com-
Don't bother tracking ipv6 link locals to determine if a map
should be installed. Every interface has a route of `fe80::/64`
so its just going to return the arbitrarily first one it finds
when it resolves it and hands it back to us.
Instead, just track the interface we specify along with it.
Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
Current autocompletion works only for simple "vrf NAME" case.
This commit expands it also for the following cases:
- "nexthop-vrf NAME" in staticd
- usage of $varname in many daemons
All daemons are updated to use single varname "$vrf_name".
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Adds support to specify marks in pbr-map match clause.
Marks should be provided as decimal (unsigned int).
Currently supported on Linux only. Attempting to configure
marks on other platform will result in:
"pbr marks are not supported on this platform"
Signed-off-by: Marcin Matlag <marcin.matlag@gmail.com>
Signed-off-by: Jafar Al-Gharaibeh <jafar@atcorp.com>
Add a file that exposes functions which modify nexthop groups.
Nexthop groups are techincally immutable but there are a
few special cases where we need direct access to add/remove
nexthops after the group has been made. This file provides a
way to expose those functions in a way that makes it clear
this is a private/hidden api.
Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
When displaying the running configuration, we should use a single
space to indent commands when necessary (and not two spaces).
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
In addition to nexthop groups, pbrd also supports the "set nexthop"
command to specify the nexthop of a PBR map. This adds convenience
when multiple nexthops aren't necessary.
Change this command to support interface nexthops (without IP
addresses) like nexthop groups do. At the end of the command, call
pbr_nht_nexthop_interface_update() otherwise the interface nexthop
won't be validated until we receive an interface up/down notification
from zebra through the zapi protocol.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
When changing policy on an interface, only delete the old_pbrm
if it is different than the current, this covers the case:
current config:
int swp1
pbr-policy DONNA
To a config entered of:
int swp1
pbr-policy EVA
Additionally there is no need to reinstall if we enter the same
pbr-policy two times in a row.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The definition of the interface commands in vtysh.c were outdated.
Currently, all daemons that call if_cmd_init() will have the "no interface
IFNAME" command and the "[no] description" commands as well, so there's
no need to define exceptions for these commands anymore.
To fix this, make extract.pl parse the if.c file so that vtysh can get the
interface commands from there automatically. Only the "interface IFNAME
[vrf NAME]" must be kept in vtysh.c because it changes the vty node and
thus needs special treatment.
Finally, make pimd and pbrd display interface descriptions on "sh run"
when they are configured.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
* Add log messages to indicate when we have run out of table IDs
* Increase minimum range size to 1000 to reduce risk of hitting this
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
The buffer size was insufficiently sized to hold the
entirety of the data being passed in.
Modify the nht code to use a bit bigger buffer.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The range for sequence numbers needs to be limited
by the range we have currently choosen for rule
ranges.
Ticket: CM-20562
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Since we are writing into the name field which is PBR_MAP_NAMELEN
size, we are expecting this to field to be at max 100 bytes.
Newer compilers understand that the %s portion may be up to
100 bytes( because of the size of the string. The %u portion
is expected to be 10 bytes. So in `theory` there are situations
where we might truncate. The reality this is never going to
happen( who is going to create a nexthop group name that is
over say 30 characters? ). As such we are expecting the
calling function to subtract 10 from the size_t l before
we pass it in to get around this new gcc fun.
Fixes: #2163
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
1) addr will never be non-null because of the way we build the cli
at this point in time, but the SA system does not understand this,
add a bread crumb for it.
2) Fix a possible memory leak of the pbr_ifp
3) Fix possible integer overflow when bit shifting.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
A user could overflow the pbr_ifp->mapname buffer by entering a pbr-map
name longer than 100 characters.
Coverity #1467821
Coverity #1467821
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Somewhere along the way the ability to install multiple
pbr-policys for the same pbr-map was lost.
Add this back. There is a limitation in that we are limited
to 64 interfaces per pbr-policy.
Ticket: CM-20429
Signed-off-by: Donald Sharp sharpd@cumulusnetworks.com>
Prevent the creation of a v6 LL nexthop that does not include an interface
for proper resolution.
Ticket: CM-20276
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
When the last match criteria was removed (dst-ip or src-ip), we were
not deleting the rule correctly for ipv6. This fix retains the
needed src-ip/dst-ip during the pbr_send_pbr_map process so the
appropriate information is available for the rule delete.
Signed-off-by: Don Slice <dslice@cumulusnetworks.com>
Since PBR is meant to be for small deployments, allowing
end users to arbitrarily change rule and table ranges
without some more careful thought on what is going on
and how to do it, sets us up for issues.
At this time remove these knobs.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
When a command is attempted to be configed and it
fails to be installed, indicate via vtysh return
codes that we did not accept the command
Ticket: CM-20216
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
When displaying a pbr map sequence for a show run do not use the
vty_frame construct. We should display the config even if we
do not have much to display.
Ticket: CM-20196
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The linux kernel puts the vrf rule at 1000, since pbr
rules need to be before this rule, don't allow us to go
beyond.
Ticket: CM-19946
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
If an interface is in the process of coming up or
partially deconfigured, prevent pbrd from crashing
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
If the match src-ip or dst-ip command entered has already
been received and it's the same prefix, we are done and
do not need to do anything more.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
When we are entering 'set nexthop' and 'set nexthop-group'
ensure that the cli only allows one of these to happen
at a time.
Ticket: CM-20125
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The pbr_events.c file was a mistake in that it overly complicated
the code and made it hard to think about what was happening.
Remove all the events and just do the work where needed.
Additionally rethink the sending of the pbr map to
zebra and only send one notification at a time instead
of having the sending function attempt to figure out
what to do.
Clean up some of the no form of commands to make them
work properly.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Signed-off-by: Don Slice <dslice@cumulusnetworks.com>
This is an implementation of PBR for FRR.
This implemenation uses a combination of rules and
tables to determine how packets will flow.
PBR introduces a new concept of 'nexthop-groups' to
specify a group of nexthops that will be used for
ecmp. Nexthop-groups are specified on the cli via:
nexthop-group DONNA
nexthop 192.168.208.1
nexthop 192.168.209.1
nexthop 192.168.210.1
!
PBR sees the nexthop-group and installs these as a default
route with these nexthops starting at table 10000
robot# show pbr nexthop-groups
Nexthop-Group: DONNA Table: 10001 Valid: 1 Installed: 1
Valid: 1 nexthop 192.168.209.1
Valid: 1 nexthop 192.168.210.1
Valid: 1 nexthop 192.168.208.1
I have also introduced the ability to specify a table
in a 'show ip route table XXX' to see the specified tables.
robot# show ip route table 10001
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, P - PIM, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
F - PBR,
> - selected route, * - FIB route
F>* 0.0.0.0/0 [0/0] via 192.168.208.1, enp0s8, 00:14:25
* via 192.168.209.1, enp0s9, 00:14:25
* via 192.168.210.1, enp0s10, 00:14:25
PBR tracks PBR-MAPS via the pbr-map command:
!
pbr-map EVA seq 10
match src-ip 4.3.4.0/24
set nexthop-group DONNA
!
pbr-map EVA seq 20
match dst-ip 4.3.5.0/24
set nexthop-group DONNA
!
pbr-maps can have 'match src-ip <prefix>' and 'match dst-ip <prefix>'
to affect decisions about incoming packets. Additionally if you
only have one nexthop to use for a pbr-map you do not need
to setup a nexthop-group and can specify 'set nexthop XXXX'.
To apply the pbr-map to an incoming interface you do this:
interface enp0s10
pbr-policy EVA
!
When a pbr-map is applied to interfaces it can be installed
into the kernel as a rule:
[sharpd@robot frr1]$ ip rule show
0: from all lookup local
309: from 4.3.4.0/24 iif enp0s10 lookup 10001
319: from all to 4.3.5.0/24 iif enp0s10 lookup 10001
1000: from all lookup [l3mdev-table]
32766: from all lookup main
32767: from all lookup default
[sharpd@robot frr1]$ ip route show table 10001
default proto pbr metric 20
nexthop via 192.168.208.1 dev enp0s8 weight 1
nexthop via 192.168.209.1 dev enp0s9 weight 1
nexthop via 192.168.210.1 dev enp0s10 weight 1
The linux kernel now will use the rules and tables to properly
apply these policies.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Signed-off-by: Don Slice <dslice@cumulusnetworks.com>
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
