We should not be modifying the pointer for the prefix_hash_key
function, make it a const so that we can use it elsewhere.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The head of a list should not change for find functions. Probably
are others that should be considered but these changes can come
in as needed I believe.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Replaces the use of pqueue_* for the thread_master's timer list with an
instance of DECLARE_SKIPLIST_*.
Signed-off-by: David Lamparter <equinox@diac24.net>
Replaces the open-coded thread_list with a DECLARE_LIST instantiation.
Some function prototypes are actually identical to what was previously
open-coded.
Signed-off-by: David Lamparter <equinox@diac24.net>
These two are lock-free linked list implementations, the plain one is
primarily intended for queues while the sorted one is for general data
storage.
Signed-off-by: David Lamparter <equinox@diac24.net>
Typesafe red-black tree, built out of the OpenBSD implementation and the
macro soup layered on top. API compatible with skiplists & simple
lists.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
By the power of the C preprocessor, these macros provide type-safe
warppers for simple lists, skiplists and hash tables. Also, by changing
the instantiation macro, it is easily possible to switch between
algorithms; the code itself does not need to be changed since the API
is identical across all algorithms.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
The upcoming gRPC-based northbound plugin will run on a separate
pthread, and it will need to have access to the running configuration
global variable. Introduce a rw-lock to control concurrent access
to the running configuration. Add the lock inside the "nb_config"
structure so that it can be used to protect candidate configurations
as well (this might be necessary depending on the threading scheme
of future northbound plugins).
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
The ability to lock the running configuration to prevent other users
from changing it is a very important one. We already supported
the "configure exclusive" command but the lock was applied to
the CLI users only (other clients like ConfD could still commit
configuration transactions, ignoring the CLI lock). This commit
introduces a global lock for the running configuration that is
shared by all northbound clients, and provides a public API to
manipulate it. This way other northbound clients will also be able
to lock/unlock the running configuration if required (the upcoming
gRPC northbound plugin will have RPCs for that).
NOTE: this is a management-level lock for the running configuration,
not to be confused with low-level locks used to avoid data races.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Prevent IPv6 routes received via a ibgp session with one of its own interface
ip as nexthop from getting installed in the BGP table.
Implemented IPV6 HASH table, where we need to add any ipv6 address as they
gets configured and delete them from the HASH table as the ipv6 addresses
get unconfigured. The above hash table is used to verify if any route learned
via BGP has nexthop which is equal to one of its its connected ipv6 interface.
Signed-off-by: Biswajit Sadhu sadhub@vmware.com
Fixup in response to Jafar's review comments.
This is actually old code moved in from pimd to lib. But the fixup does
make sense.
Signed-off-by: Anuradha Karuppiah <anuradhak@cumulusnetworks.com>
These updates act as triggers to pimd to -
1. join the MDT for rxing VxLAN encapsulated BUM traffic
2. register the local-vtep-ip as a source for the MDT
Signed-off-by: Anuradha Karuppiah <anuradhak@cumulusnetworks.com>
IMET route is optional if the flood mode is PIM-SM and serves
no functional purpose. So this change limits type-3 route generation
to flood-mode=head-end-replication.
Signed-off-by: Anuradha Karuppiah <anuradhak@cumulusnetworks.com>
This solves a crash that happens if the "route-map" command is used
after "router rip" + "no router rip" + "router rip".
Once interface route-maps are converted to the new northbound model,
we'll be able to remove the if_rmap_ctx_list global list (which is
an ugly hack to make things work right now).
Bug found by the CLI fuzzer.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Found that zebra_rnh_apply_nht_rmap would set the
NEXTHOP_FLAG_ACTIVE if not blocked by the route-map, even
if the flag was not active prior to the check. This fix
changes the flag used to denote the nexthop is filtered so
that proper active state can be retained. Additionally,
found two cases where we would send invalid nexthops via
send_client, which would also cause this crash. All three
fixed in this commit.
Signed-off-by: Don Slice <dslice@cumulusnetworks.com>
The NEXTHOP_FLAG_FILTERED went away when we started treating
static routes like every other route in the system. This was
a special case for handling static route code that just didn't
get finished cleaning up.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Certain operations, like removing non-presence containers or
modifying list keys, are not considered to be valid from the
perspective of the northbound layer. This is because we want to
implement a minimum set of northbound configuration callbacks and
use them to process all possible configuration changes.
The removal of a np-container [1], for example, can be processed by
calling the "delete" callback of all of its child nodes (recursion
is used for np-container child nodes). Similarly, the modification
of a list key can be processed as if the corresponding list entry
was removed and readded with updated key values. This strategy saves
us the burden of implementing lots of extra configuration callbacks.
That said, the nb_operation_is_valid() function shouldn't be used
for anything other than checking which callbacks are valid for
which YANG nodes. Using it in the nb_candidate_edit() function
is inappropriate as we want as much flexibility as possible when
editing a candidate configuration. We should allow CLI commands,
for example, to remove np-containers (the northbound layer will then
figure out which callbacks need to be called when this candidate
is committed). Remove the check.
[1] We can't do the same for presence containers since they have a
"create" callback associated with them.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
flog() is a small wrapper around zlog() that can be useful in a
few places to reduce code duplication.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
zlog() should be part of the public logging API as it's useful in
the cases where the logging priority isn't known at compile time
(i.e. it depends on a variable).
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Move call to nb_db_init() from nb_init() to frr_init() so that only
the FRR daemons will initialize the northbound database. This should
fix a few warnings when running some unit tests.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Introduce a hash table to keep track of user pointers associated
to configuration entries. The previous strategy was to embed
the user pointers inside libyang data nodes, but this solution
incurred a substantial performance overhead. The user pointers
embedded in candidate configurations could be lost while the
configuration was being edited, so they needed to be regenerated
before the candidate could be committed. This was done by the
nb_candidate_restore_priv_pointers() function, which was extremely
expensive for large configurations. The new hash table solves this
performance problem.
The yang_dnode_[gs]et_entry() functions were renamed and moved from
yang.[ch] to northbound.[ch], which is a more appropriate place
for them. This patch also introduces the nb_running_unset_entry()
function, the counterpart of nb_running_set_entry() (unsetting
user pointers was done automatically before, now it needs to be
done manually).
As a consequence of these changes, we shouldn't need support for
libyang private pointers anymore (-DENABLE_LYD_PRIV=ON). But it's
probably a good idea to keep requiring this feature as we might
need it in the future for other things (e.g. disable configuration
settings without removing them).
Fixes#4136.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Manually tested rather extensively in addition to included unit tests,
should work as intended.
NB: The OpenBSD futex() code is "future"; it's not actually in OpenBSD
(yet?) and thus untested.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
After exceeding the max retry number for a thread,
we were passing the data rather than the work_queue_item
struct.
Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
MD5 auth on TCP is supported for prefixes in recent versions of Linux;
add complementary support for FRR.
This is a reworked version of Donald's commit to keep library
compatibility and obviate the need for changes in daemons that don't
need to support this themselves.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Split the "debug northbound" command into the following commands:
* debug northbound callbacks configuration
* debug northbound callbacks state
* debug northbound callbacks rpc
* debug northbound notifications
* debug northbound events
* debug northbound client confd
* debug northbound client sysrepo
If "debug northbound" is entered alone, all of its suboptions
are enabled.
This commit also adds code to debug state/rpc callbacks and
notifications (only configuration callbacks were logged before).
Use the debugging infrastructure from "lib/debug.h" in order to
benefit from its facilities (e.g. MT-safe debugging) and avoid
code duplication.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
The IFF_OUT_LOG macro is using BUFSIZE, which is the sizeof(logbuf)
but for some reason 8.0 clang SA is not happy with it. Just
make it happy.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Add a hash function to turn a nexthop group into a
32 bit unsigned hash key with jhash. We do not care to
hash any recursively resolved nexthops, just the group.
Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
Avoid tracking 0.0.0.0/32 nexthop with RIB.
When routes are aggregated,
the originate of the route becomes self.
Do not track nexthop self (0.0.0.0) with rib.
Ticket: CM-24248
Testing Done:
Before fix-
tor-11# show ip nht vrf all
VRF blue:
0.0.0.0
unresolved
Client list: bgp(fd 16)
VRF default:
VRF green:
VRF magenta:
0.0.0.0
unresolved
Client list: bgp(fd 16)
After fix-
tor-11# show ip nht vrf all
VRF blue:
VRF default:
VRF green:
VRF magenta:
Signed-off-by: Chirag Shah <chirag@cumulusnetworks.com>
Adjust the nexthop comparison api so that it calls the label-
comparison api. Adjust the label-comp api so that "no labels"
is "equal".
Signed-off-by: Mark Stapp <mjs@voltanet.io>
PR #3622 renamed the "delete" northbound callback to "destroy" in
order to make the libfrr headers compatible with C++. This commit
renames a few functions that still use "delete" instead of "destroy"
in their names.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Merge commit to solve a bunch of conflicts with other PRs that were
merged in the previous weeks.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
that routine does the same as listnode_add; in addition it creates the
linked list if needed.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
lists passed as parameter that are null, are accepted by the function.
I would even propose to silently return NULL in official
listnode_lookup() routine.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Problem found in bgpd where it wasn't learning interface address
information at startup due to the interface information becoming
available before the bgp instance was created. This issue was
caused by an earlier change that tried to make the interface
information discovery process more efficient but left this hole
for bgpd. For now, putting back in the previous method of
gathering interface info via the zclient_send_reg_requests call
and will revisit a more efficient way to get the info in the future.
Ticket: CM-23932
Signed-off-by: Don Slice <dslice@cumulusnetworks.com>
Add a few missing log entries to the macro to allow us to print
out the zapi message type, since they were missing.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Use the privs struct mutex more strictly, to ensure that the
privs are at the level the caller expects when the apis
return.
Signed-off-by: Mark Stapp <mjs@voltanet.io>
Privs escalation is process-wide, and a multi-threaded process
can deadlock. This adds a mutex and a counter to the privs
object, preventing multiple threads from making the privs
escalation system call.
Signed-off-by: Mark Stapp <mjs@voltanet.io>
Non-presence containers don't have "destroy" callbacks. So, once
a np-container is deleted, we need to call the "destroy" callbacks
of its child nodes instead.
This commit doesn't fix any real problem as of now since all
np-containers from the FRR YANG modules contain or one more mandatory
child nodes, so they can't be deleted (libyang will add missing
np-containers when validating data). Nevertheless, upcoming YANG
modules should benefit from this change.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
This is just a small refactoring to reduce code duplication. No
behavior changes intended.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
In the case of EVPN symmetric routing, the tenant VRF is associated with
a VNI that is used for routing and commonly referred to as the L3 VNI or
VRF VNI. Corresponding to this VNI is a VLAN and its associated L3 (IP)
interface (SVI). Overlay next hops (i.e., next hops for routes in the
tenant VRF) are reachable over this interface. Howver, in the model that
is supported in the implementation and commonly deployed, there is no
explicit Overlay IP address associated with the next hop in the tenant
VRF; the underlay IP is used if (since) the forwarding plane requires
a next hop IP. Therefore, the next hop has to be explicit flagged as
onlink to cause any next hop reachability checks in the forwarding plane
to be skipped.
https://tools.ietf.org/html/draft-ietf-bess-evpn-prefix-advertisement
section 4.4 provides additional description of the above constructs.
Use existing mechanism to specify the nexthops as onlink when installing
these routes from bgpd to zebra and get rid of a special flag that was
introduced for EVPN-sourced routes. Also, use the onlink flag during next
hop validation in zebra and eliminate other special checks.
Signed-off-by: Vivek Venkatraman <vivek@cumulusnetworks.com>
Reviewed-by: Anuradha Karuppiah <anuradhak@cumulusnetworks.com>
Reviewed-by: Donald Sharp <sharpd@cumulusnetworks.com>
