Use a per-nexthop flag to indicate the presence of labels; add
some utility zapi encode/decode apis for nexthops; use the zapi
apis more consistently.
Signed-off-by: Mark Stapp <mjs@voltanet.io>
Rearrange the isisd northbound callbacks as following:
* isis_nb.h: prototypes of all northbound callbacks.
* isis_nb.c: definition of all northbound callbacks and their
associated YANG data paths.
* isis_nb_config.c: implementation of YANG configuration nodes.
* isis_nb_state.c: implementation of YANG state nodes.
* isis_nb_notifications.c: implementation of YANG notifications.
This should help to keep to code more organized and easier to
maintain.
No behavior changes intended.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Scenarios where this code change is required:
1. BFD is un-configured from BGP at remote end.
Neighbour BFD sends ADMIN_DOWN state, but BFD on local side will send
DOWN to BGP, resulting in BGP session DOWN.
Removing BFD session administratively shouldn't bring DOWN BGP session
at local or remote.
2. BFD is un-configured from BGP or shutdown locally.
BFD will send state DOWN to BGP resulting in BGP session DOWN.
(This is akin to saying do not use BFD for BGP)
Removing BFD session administratively shouldn't bring DOWN BGP session at
local or remote.
Signed-off-by: Sayed Mohd Saquib sayed.saquib@broadcom.com
Traffic Engineering parameters are correctly advertised in LSP when
'mpls-te on' CLI command is present in the startup config file.
However, if IS-IS is started without TE enable at startup and
'mpls-te on' command is issued after, TE link parameters are never
announced. The patch correct this issue.
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
RFC 5303 states:
If the system ID and Extended Local Circuit ID of the neighboring
system are known (in adjacency three-way state Initializing or
Up), the neighbor's system ID SHALL be reported in the Neighbor
System ID field, and the neighbor's Extended Local Circuit ID
SHALL be reported in the Neighbor Extended Local Circuit ID field.
There is nothing written about only setting the Extended circuit ID of the
adjacency only when we bring the three-way adjacency up.
In fact, we should always update it, to avoid the problem described in #4783.
Fixes: #4783
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
No need to check for circuit being null, we have
already de-refed it in every code path and
would have crashed before this point if it was.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The "abort_if_not_found" parameter of nb_running_get_entry()
should be set to true only when this function is called during the
NB_EV_APPLY phase of a northbound callback. Failure to respect this
can lead to crashes when multiple configuration changes are being
committed at the same time.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
The new "event-counters" grouping is almost a 1:1 copy of the same
grouping from the IETF IS-IS module, except for the "lan-dis-changes"
leaf which was skipped (more work needs to be done to support it).
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
The new "adjacency-state" grouping is almost a 1:1 copy of the
same grouping from the IETF IS-IS module, except for the "usage"
and "lastuptime" leafs that were skipped (more work needs to be
done to support those).
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
For all the places we have a zclient->interface_up convert
them to use the interface ifp_up callback instead.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Switch the zclient->interface_add functionality to have everyone
use the interface create callback in lib/if.c
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Start the conversion to allow zapi interface callbacks to be
controlled like vrf creation/destruction/change callbacks.
This will allow us to consolidate control into the interface.c
instead of having each daemon read the stream and react accordingly.
This will hopefully reduce a bunch of cut-n-paste stuff
Create 4 new callback functions that will be controlled by
lib/if.c
create -> A upper level protocol receives an interface creation event
The ifp is brand spanking newly created in the system.
up -> A upper level protocol receives a interface up event
This means the interface is up and ready to go.
down -> A upper level protocol receives a interface down
destroy -> A upper level protocol receives a destroy event
This means to delete the pointers associated with it.
At this point this is just boilerplate setup for future commits.
There is no new functionality.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Adding a lock to protect the global running configuration doesn't
help much since the FRR daemons are not prepared to process
configuration changes in a pthread that is not the main one (a
whole lot of new protections would be necessary to prevent race
conditions).
This means the lock added by commit 83981138 only adds more
complexity for no benefit. Remove it now to simplify the code.
All northbound clients, including the gRPC one, should either run
in the main pthread or use synchronization primitives to process
configuration transactions in the main pthread.
This reverts commit 83981138fe.
In preparation to Segment Routing:
- Update the management of Traffic Engineering subTLVs to the new tlvs parser
- Add Router Capability TLV 242 as per RFC 4971 & 7981
- Add Segment Routing subTLVs as per draft-isis-segment-routing-extension-25
Modified files:
- isis_tlvs.h: add new structure to manage TE subTLVs, TLV 242 & SR subTLVs
- isis_tlvs.c: add new functions (pack, copy, free, unpack & print) to process
TE subTLVs, Router Capability TLV and SR subTLVs
- isis_circuit.[c,h] & isis_lsp.[c,h]: update to new subTLVs & TLV processing
- isis_te.[c,h]: remove all old TE structures and managment functions,
and add hook call to set local and remote IP addresses as wellas update TE
parameters
- isis_zebra.[c,h]: add hook call when new interface is up
- isis_mt.[c,h], isis_pdu.c & isis_northbound.c: adjust to new TE subTLVs
- tests/isisd/test_fuzz_isis_tlv_tests.h.gz: adapte fuuz tests to new parser
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
The original check would always evaluate to false since
ISIS_PREFIX_SID_VALUE and ISIS_PREFIX_SID_LOCAL have different
values. Use !! to normalize the return value of the individual
checks to either 0 or 1, making the code do what was intended
(ensure the V/L flags are both 0 or 1).
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
This hook will be called whenever a route is added, updated or
deleted. It will be used, for instance, by the SR code to keep
Prefix-SIDs in sync with their associated routes.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
For better modularity, isis_zebra.c should only contain code used
to communicate with zebra. The management of route flags belongs
to isis_route.c.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
circuit deletion was being enforced by sending a fake IF_DOWN_FROM_Z
event for the circuit interface. This created a problem when the
circuit was enabled again, since isisd internal state machine was
expecting to see an IF_UP_FROM_Z that never came, as the interface
had not actually gone down.
As a consequence, disabling + re-enabling isis on an interface or
area would leave interfaces in a CONFIG state, and adjacencies were
not restored. Fix this by following the state machine and simply
disabling circuits rather than attempting to delete them forcefully.
Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
as part of the 'ip router isis TAG' command we were not validating
the MTU of the interface against the minimum LSP MTU of the area.
This could cause an assertion when the circuit is created in the
APPLY phase.
Fixes issue #4825
Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
Make isisd create BFD sessions over IPv6 when IS-IS is configured
for IPv6 operation only.
When IS-IS is enabled for both IPv4 and IPv6 on a given interface,
prefer creating a BFD session over IPv6 to avoid having two BFD
sessions protecting the same IS-IS adjacency.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
This unification allows us to write code that works for both IPv4 and
IPv6, reducing duplication.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
These null checks don't make sense because a) these two functions
are never called with a NULL IP address and b) the same pointers are
dereferenced later without any protection. Remove these NULL checks
to make the code less confusing.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
These fields were introduced by commit e38e0df01a, but they were
never put to any use. Remove them.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
We need to indent this command using one leading whitespace otherwise
vtysh will have problems to display it appropriately.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
The correct cast for these is (unsigned char), because "char" could be
signed and thus have some negative value. isalpha & co. expect an int
arg that is positive, i.e. 0-255. So we need to cast to (unsigned char)
when calling any of these.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Introducing a 3rd state for route_map_apply library function: RMAP_NOOP
Traditionally route map MATCH rule apis were designed to return
a binary response, consisting of either RMAP_MATCH or RMAP_NOMATCH.
(Route-map SET rule apis return RMAP_OKAY or RMAP_ERROR).
Depending on this response, the following statemachine decided the
course of action:
State1:
If match cmd returns RMAP_MATCH then, keep existing behaviour.
If routemap type is PERMIT, execute set cmds or call cmds if applicable,
otherwise PERMIT!
Else If routemap type is DENY, we DENYMATCH right away
State2:
If match cmd returns RMAP_NOMATCH, continue on to next route-map. If there
are no other rules or if all the rules return RMAP_NOMATCH, return DENYMATCH
We require a 3rd state because of the following situation:
The issue - what if, the rule api needs to abort or ignore a rule?:
"match evpn vni xx" route-map filter can be applied to incoming routes
regardless of whether the tunnel type is vxlan or mpls.
This rule should be N/A for mpls based evpn route, but applicable to only
vxlan based evpn route.
Also, this rule should be applicable for routes with VNI label only, and
not for routes without labels. For example, type 3 and type 4 EVPN routes
do not have labels, so, this match cmd should let them through.
Today, the filter produces either a match or nomatch response regardless of
whether it is mpls/vxlan, resulting in either permitting or denying the
route.. So an mpls evpn route may get filtered out incorrectly.
Eg: "route-map RM1 permit 10 ; match evpn vni 20" or
"route-map RM2 deny 20 ; match vni 20"
With the introduction of the 3rd state, we can abort this rule check safely.
How? The rules api can now return RMAP_NOOP to indicate
that it encountered an invalid check, and needs to abort just that rule,
but continue with other rules.
As a result we have a 3rd state:
State3:
If match cmd returned RMAP_NOOP
Then, proceed to other route-map, otherwise if there are no more
rules or if all the rules return RMAP_NOOP, then, return RMAP_PERMITMATCH.
Signed-off-by: Lakshman Krishnamoorthy <lkrishnamoor@vmware.com>
* Remove sanity checks that are already done by northbound;
* Show error message on circuit absence;
* Use a better idiom for the configuration display code;
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
Specify the ISIS BFD command in the YANG model and implement the
northbound callbacks.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
The `isisd` will receive a northbound version of the BFD command, so
this is the first step to implement it.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
For some reason, the compiler on OpenBSD on our CI boxes doesn't like
struct initializers with ".a.b = x, .a.c = y", generating a warning
about overwritten initializers...
Signed-off-by: David Lamparter <equinox@diac24.net>
We need to be calling snprintfrr() instead of snprintf() in places that
wrap snprintf in some user-exposed way; otherwise the extensions won't
be available for those functions.
Signed-off-by: David Lamparter <equinox@diac24.net>
Field vrf_id is replaced by the pointer of the struct vrf *.
For that all other code referencing to (interface)->vrf_id is replaced.
This work should not change the behaviour.
It is just a continuation work toward having an interface API handling
vrf pointer only.
some new generic functions are created in vrf:
vrf_to_id, vrf_to_name,
a zebra function is also created:
zvrf_info_lookup
an ospf function is also created:
ospf_lookup_by_vrf
it is to be noted that now that interface has a vrf pointer, some more
optimisations could be thought through all the rest of the code. as
example, many structure store the vrf_id. those structures could get
the exact vrf structure if inherited from an interface vrf context.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
the vrf_id parameter is replaced by struct vrf * parameter.
this impacts most of the daemons that look for an interface based on the
name and the vrf identifier.
Also, it fixes 2 lookup calls in zebra and sharpd, where the vrf_id was
ignored until now.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
The RFC states we can send only up to 16 v6 addresses in a hello packet
and cannot send sub tlv's of that type.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Introducing a 3rd state for route_map_apply library function: RMAP_NOOP
Traditionally route map MATCH rule apis were designed to return
a binary response, consisting of either RMAP_MATCH or RMAP_NOMATCH.
(Route-map SET rule apis return RMAP_OKAY or RMAP_ERROR).
Depending on this response, the following statemachine decided the
course of action:
Action: Apply route-map match and return the result (RMAP_MATCH/RMAP_NOMATCH)
State1: Receveived RMAP_MATCH
THEN: If Routemap type is PERMIT, execute other rules if applicable,
otherwise we PERMIT!
Else: If Routemap type is DENY, we DENYMATCH right away
State2: Received RMAP_NOMATCH, continue on to next route-map, otherwise,
return DENYMATCH by default if nothing matched.
With reference to PR 4078 (https://github.com/FRRouting/frr/pull/4078),
we require a 3rd state because of the following situation:
The issue - what if, the rule api needs to abort or ignore a rule?:
"match evpn vni xx" route-map filter can be applied to incoming routes
regardless of whether the tunnel type is vxlan or mpls.
This rule should be N/A for mpls based evpn route, but applicable to only
vxlan based evpn route.
Today, the filter produces either a match or nomatch response regardless of
whether it is mpls/vxlan, resulting in either permitting or denying the
route.. So an mpls evpn route may get filtered out incorrectly.
Eg: "route-map RM1 permit 10 ; match evpn vni 20" or
"route-map RM2 deny 20 ; match vni 20"
With the introduction of the 3rd state, we can abort this rule check safely.
How? The rules api can now return RMAP_NOOP (or another enum) to indicate
that it encountered an invalid check, and needs to abort just that rule,
but continue with other rules.
Question: Do we repurpose an existing enum RMAP_OKAY or RMAP_ERROR
as the 3rd state (or create a new enum like RMAP_NOOP)?
RMAP_OKAY and RMAP_ERROR are used to return the result of set cmd.
We chose to go with RMAP_NOOP (but open to ideas),
as a way to bypass the rmap filter
As a result we have a 3rd state:
State3: Received RMAP_NOOP
Then, proceed to other route-map, otherwise return RMAP_PERMITMATCH by default.
Signed-off-by:Lakshman Krishnamoorthy <lkrishnamoor@vmware.com>
`strcpy` is a dangerous function and should not be used. In this
particular place, there is no need for copying strings at all, so let's
just stick to referencing static strings.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
There is no need to redefine `struct isis_lsp *lsp` inside of the
if condition. Let's just remove it.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
the buffer to read from the socket when processing an incoming
packet was hardcoded to be of size 8192. If the mtu of the
interface is greater than that and hello padding is enabled
on that circuit, the hello message will be truncated, and this
will cause the adjacency establishment to fail. fix this by
using a large enough stack buffer instead
Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
This is necessary to avoid a name collision with std::for_each
from C++.
Fixes the compilation of the gRPC northbound module.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
It doesn't make much sense for a hash function to modify its argument,
so const the hash input.
BGP does it in a couple places, those cast away the const. Not great but
not any worse than it was.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
bfd cbit is a value carried out in bfd messages, that permit to keep or
not, the independence between control plane and dataplane. In other
words, while most of the cases plan to flush entries, when bfd goes
down, there are some cases where that bfd event should be ignored. this
is the case with non stop forwarding mechanisms where entries may be
kept. this is the case for BGP, when graceful restart capability is
used. If BFD event down happens, and bgp is in graceful restart mode, it
is wished to ignore the BFD event while waiting for the remote router to
restart.
The changes take into account the following:
- add a config flag across zebra layer so that daemon can set or not the
cbit capability.
- ability for daemons to read the remote bfd capability associated to a bfd
notification.
- in bfdd, according to the value, the cbit value is set
- in bfdd, the received value is retrived and stored in the bfd session
context.
- by default, the local cbit announced to remote is set to 1 while
preservation of the local path is not set.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
vrf_id parameter is added to the api of bfd_client_sendmsg().
this permits being registered to bfd from a separate vrf.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
The Sub-TLVs of the Extended IPv4 reachability TLV were not being
displayed as expected. Fix this.
Suggested-by: Christian Franke chris@opensourcerouting.org
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
This macro:
- Marks ZAPI callbacks for readability
- Standardizes argument names
- Makes it simple to add ZAPI arguments in the future
- Ensures proper types
- Looks better
- Shortens function declarations
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Historically, isisd has been carrying around its own red-black tree to
manage its LSP DB in. This replaces that with the newly-added
DECLARE_RBTREE_*. This allows completely removing the dict_* code.
Signed-off-by: David Lamparter <equinox@diac24.net>
The upcoming gRPC-based northbound plugin will run on a separate
pthread, and it will need to have access to the running configuration
global variable. Introduce a rw-lock to control concurrent access
to the running configuration. Add the lock inside the "nb_config"
structure so that it can be used to protect candidate configurations
as well (this might be necessary depending on the threading scheme
of future northbound plugins).
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Due to recent modification in northbound API, replace
yang_dnode_get_entry() call by nb_running_get_entry() call.
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
Solve issue #4032
- Change MPLS-TE from global to per Area
- Add new mpls_te_area structure to area in replacement of global variable
isisMPLS_TE
- Move mpls-te from global to instance in frr-isisd.yang
- Change code in isis_te.c, isis_northbound.c, isis_cli.c, isis_pdu.c,
isis_lsp.c and isis_zebra.c accordingly
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
zlog() should be part of the public logging API as it's useful in
the cases where the logging priority isn't known at compile time
(i.e. it depends on a variable).
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Introduce a hash table to keep track of user pointers associated
to configuration entries. The previous strategy was to embed
the user pointers inside libyang data nodes, but this solution
incurred a substantial performance overhead. The user pointers
embedded in candidate configurations could be lost while the
configuration was being edited, so they needed to be regenerated
before the candidate could be committed. This was done by the
nb_candidate_restore_priv_pointers() function, which was extremely
expensive for large configurations. The new hash table solves this
performance problem.
The yang_dnode_[gs]et_entry() functions were renamed and moved from
yang.[ch] to northbound.[ch], which is a more appropriate place
for them. This patch also introduces the nb_running_unset_entry()
function, the counterpart of nb_running_set_entry() (unsetting
user pointers was done automatically before, now it needs to be
done manually).
As a consequence of these changes, we shouldn't need support for
libyang private pointers anymore (-DENABLE_LYD_PRIV=ON). But it's
probably a good idea to keep requiring this feature as we might
need it in the future for other things (e.g. disable configuration
settings without removing them).
Fixes#4136.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
- Change MPLS-TE from global to per Area
- Add new mpls_te_area structure to area in replacement of global variable
isisMPLS_TE
- Move mpls-te frmo global to instance in frr-isisd.yang
- Change code in isis_te.c, isis_northbound.c, isis_cli.c, isis_pdu.c,
isis_lsp.c and isis_zebra.c accordingly
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
The rib process of handling routes has been unified a bit more
and as a result v6 LL routes are now showing up as a result
of a `redistribute connected`. Doing anything with these
routes is a policy decision that should be enforced by the
individual routing daemons not by zebra. As such add a bit
of code to isisd, ripngd and opsf6d to handle them. The bgp daemon
already handles this situation.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
isisd CLI has some housekeeping code that removes the
"frr-isisd:isis" container from the interface configuration when
IS-IS is disabled for both IPv4 and IPv6 in the corresponding
interface.
The problem is that the code was checking the values of the
"ipv4-routing" and "ipv6-routing" leafs without checking if the
parent "frr-isisd:isis" container was present. So, entering "no
ip[v6] router isis" twice would cause isisd to crash since the
"frr-isisd:isis" container wouldn't be present the second time the
command is processed. Fix this.
isisd aborted: vtysh -c "configure terminal" -c "interface eth99" -c "no ip router isis WORD"
isisd aborted: vtysh -c "configure terminal" -c "interface eth99" -c "no ipv6 router isis"
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Since LSP fragments are also on our lspdb dict, lsp_tick() needs to skip
over them after calling lsp_destroy(). Otherwise it ends up accessing
free'd memory.
Fixes: #3533
Signed-off-by: David Lamparter <equinox@diac24.net>
To align with the change to avoid the keyword 'delete', rename
the isis northbound handlers to '_destroy'.
Signed-off-by: Mark Stapp <mjstapp@gmail.com>
Change the northbound lib operation from DELETE to DESTROY;
make the required changes in the users of the northbound, in
the cli, rip, ripng, and isis.
Signed-off-by: Mark Stapp <mjs@voltanet.io>
Some misc changes to resolve some c++ compilation errors.
The goal is only to permit an external module - a plugin,
for example - to see frr headers, not to support or encourage
contributions in c++. The changes include: avoiding use
of keywords like 'new', 'delete'; cleaning up implicit
type-casting from 'void *' in several places.
Signed-off-by: Mark Stapp <mjs@voltanet.io>
- some target_CFLAGS that needed to include AM_CFLAGS didn't do so
- libyang/sysrepo/sqlite3/confd CFLAGS + LIBS weren't used at all
- consistently use $(FOO_CFLAGS) instead of @FOO_CFLAGS@
- 2 dependencies were missing for clippy
Signed-off-by: David Lamparter <equinox@diac24.net>
The onlink attribute was being passed from upper level protocols
as an attribute of the route *not* the individual nexthop. When
we pass this data to the kernel, we treat the onlink as a attribute
of the nexthop. This commit modifies the code base to allow
us to pass the ONLINK attribute as an attribute of the nexthop.
This commit also fixes static routes that have multiple nexthops
some onlink and some not.
ip route 4.5.6.7/32 192.168.41.1 eveth1 onlink
ip route 4.5.6.7/32 192.168.42.2
S>* 4.5.6.7/32 [1/0] via 192.168.41.1, eveth1 onlink, 00:03:04
* via 192.168.42.2, eveth2, 00:03:04
sharpd@robot ~/frr2> sudo ip netns exec EVA ip route show
4.5.6.7 proto 196 metric 20
nexthop via 192.168.41.1 dev eveth1 weight 1 onlink
nexthop via 192.168.42.2 dev eveth2 weight 1
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Some daemons like ospfd and isisd have the ability to advertise a
default route to their peers only if one exists in the RIB. This
is what the "default-information originate" commands do when used
without the "always" parameter.
For that to work, these daemons use the ZEBRA_REDISTRIBUTE_DEFAULT_ADD
message to request default route information to zebra. The problem
is that this message didn't have an AFI parameter, so a default route
from any address-family would satisfy the requests from both daemons
(e.g. ::/0 would trigger ospfd to advertise a default route to its
peers, and 0.0.0.0/0 would trigger isisd to advertise a default route
to its IPv6 peers).
Fix this by adding an AFI parameter to the
ZEBRA_REDISTRIBUTE_DEFAULT_{ADD,DELETE} messages and making the
corresponding code changes.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
`isis network point-to-point` was being rejected from the configuration
file as it was being processed before the reception of the UP zebra
notification for the interface. This meant that the `circ_type` was set
at CIRCUIT_T_UNKNOWN, which led the northbound callback to fail. This
check was removed as it was not really necessary; when the zebra
notification is received, the correct circuit type will be enforced,
but now the point-to-point config will be saved and correctly applied
when zebra recognizes the interface as a broadcast one.
Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
isisd has both a circ_type and a circ_type_config variable to track
the network tpye of an interface. The former has no default, but the
latter defaults to broadcast. Adding that default makes sure that the
yang leaf won't be deleted, which is something that would not make
sense from an isisd perspective. We will need to add an operational
state leaf to match the potential difference between the configured
network type and the actual network type, since the latter might be
different based on the interface flags received from zebra.
Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
if we are using the transactional CLI, we might be trying to
delete an area that has not been actually created in isisd.
So rather than relying on isis_area_lookup, check the candidate
config for the presence of the corresponding area instance.
Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
also fix a minor issue with isis_config_write where we were
not incrementing the write variable, which is used to append
a new line at the end of the vty string
Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
As requested by the reviewers. Additionally, added a check when
setting a circuit on an interface to see if it is a loopback,
and in that case, set it to passive.
Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
Note that we do not return the actual tlv_type and offset
of the erroneous TLV. This is because unpacking tlvs currently
uses a chain of function calls, where the notification can only
be sent at the start of the chain, but the tlv_type and offset
information are only available at the end. Unless we change the
code to propagate those values, we have no way to feed them to
the notification. So these leafs are not generated.
Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
the original isisd code did not distinguish between
authentication_failure and authentication_type_failure, so
additional code had to be added to differentiate between the two
and to return the raw_pdu as requested by the IETF YANG model.
Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
Note that the original IETF YANG model also included
a requirement to throttle such notifications so that they would
not be sent more often than once every 5 seconds. I did not
implement any throttling mechanism yet, mostly because I am
not sure whether this limit should apply to the entire isis daemon,
to each area, to each neighbor etc.
Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
However it is not currently called anywhere, as I could not find a
place in the code where it felt appropriate.
Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
remove the return value and redundant validations from
isis_circuit_circ_type_set(), since they are no longer needed.
Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
Note that some of the validation checks that were previously
executed in the code have been moved to the YANG model.
Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
This is a simple command but with a complex callback, the only
one in isisd which uses the resource allocation API implemented
in the northbound (i.e. the PREPARE phase).
Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
These are complex commands to retrofit, partly due to the number of
different callbacks they touch. Additionally, in FRR adding
an interface to an IS-IS area that does not exist also creates that
area. To make sure that this behavior is kept, while at the same
time keeping the northbound api consistent, we need to take extra
care to call the appropriate callbacks to update the YANG tree.
Note that many callbacks rely on the existence of the corresponding
IS-IS area; when these callbacks are joined together in a single
transaction, we need to ensure that the area creation is performed
first, or the config will fail. For this reason, the isis instance
create callback has been given a slightly lower priority than the
others.
Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
We should update our neighbors list immediately when an adjacency
changes state, not when we run SPF.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
Also track when we received an LSP as do not reflood, as well as the
time when we last considered flooding it.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
Finding an LSP by its id is useful not only for the
`show isis database` command.
So move it out into its own function to make it reusable.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
We should really populate the neighbor list for the flooding
optimization from our local adjacency database and not from
a one-hop SPF.
If we use SPF, we may end up never exchanging information with
some neighbors since the bidirectional connection check for spf
fails, since LSPs did not get exchanged.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
To allow easier debugging of LSP transmission scheduling, add a debug
mode where all tx-queue insertions/deletions are logged.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
Add a function send_hello_sched so that the logic for scheduling a
hello is not replicated inconsistently into different locations.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
This reverts commit 48944eb65e.
We're using GNU C, not ISO C - and this commit triggers new (real)
warnings about {0} instead of bogus ones about {}.
Signed-off-by: David Lamparter <equinox@diac24.net>
A while ago all FRR configuration commands were converted to use the
QOBJ infrastructure to keep track of configuration objects. This
means the configuration lock isn't necessary anymore because the
QOBJ code detects when someones tries to edit a configuration object
that was deleted and react accordingly (log an error and abort the
command). The possibility of accessing dangling pointers doesn't
exist anymore since vty->index was removed.
Summary of the changes:
* remove the configuration lock and the vty_config_lockless() function.
* rename vty_config_unlock() to vty_config_exit() since we need to
clean up a few things when exiting from the configuration mode.
* rename vty_config_lock() to vty_config_enter() to remove code
duplication that existed between the three different "configuration"
commands (terminal, private and exclusive).
Configuration commands converted to the new northbound model don't
need the configuration lock either since the northbound API also
detects when someone tries to edit a configuration object that
doesn't exist anymore.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
When we run in non-mt mode, we should consider links which have either
working IPv4 or IPv6 active and look at the neighbors nlpids to judge
wether a link is usable.
Fixes: #3336
We should only update and reflood our own LSPs when the received LSP
is newer than the local copy.
In all other cases, we should simply acknowledge it or resend our own
LSP.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
Due to `lsp` getting shadowed, we would send each T0 its own LSP
whenever we actually wanted to flood a different LSP.
Fix this and set -Wshadow=local in my build environment. m(
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
When receiving an LSP with same sequence number but different
checksum as in the local database, we would always treat it as
newer than the local LSP.
That behavior is incorrect if the local LSP is indeed a purged
LSP waiting for age-out and the received one is not.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
It's been a year since we added the new optional parameters
to instantiation. Let's switch over to the new name.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Purged fragments would always be reoriginated by isisd. They
should only be purged once and never be reoriginated.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
When `first` would be initialized to the same value as `last`, the
function would return incorrect results.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
It turns out 50ms is actually too short to aggregate all changes
in some cases, so allow for 100ms.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
Introduce frr-interface.yang, which defines a model for managing FRR
interfaces.
Update the 'frr_yang_module_info' array of all daemons that will
implement this module.
Add automatically generated stub callbacks in if.c. These callbacks will
be implemented in the following commit.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
FRR_DAEMON_INFO should now contain an array of 'frr_yang_module_info'
structures describing the YANG modules implemented by the daemon.
This array will be used by frr_init() function to load all YANG modules
and initialize the northbound callbacks during the daemon initialization.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
When there is a stream of events coming in, where IS-IS learns
about a lot of updates, IS-IS would regenerate its LSPs before
the updates have been processed completely.
This causes suboptimal convergence because the intermediate state
will be flooded. Only after the configured `lsp_gen_interval`, a
new update with the correct and final state will be generated.
Resolve this by holding off LSP generation while there are still
events coming in.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
lsp_l1_refresh and lsp_l2_refresh are identical apart from the
hardcoded IS-IS level they are referring to. So merge them and
pass the level as part of the argument.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
For debugging the timing of LSP generation, it is useful to know
which event caused a regeneration to be scheduled. Therefore, add
this information to the debug log.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
For debugging the scheduling of SPF, it is useful to see from
where an SPF run is scheduled. So add this information to the
log.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
The ->hash_cmp and linked list ->cmp functions were sometimes
being used interchangeably and this really is not a good
thing. So let's modify the hash_cmp function pointer to return
a boolean and convert everything to use the new syntax.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
IS-IS would ignore any area lsp-mtu setting configured after initial
creation of the LSP since move to the new tlv serialized/deserializer.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
isisd would crash when lsp fragments aged out, since they got freed
correctly, but were not removed from LSP0's linked list of fragments.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
rawlspid_print(), which uses a fixed-width 8-byte input, has been replaced with
a call to isis_format_id(), allowing giving the input size.
Signed-off-by: F. Aragon <paco@voltanet.io>
Since we're now building through one large Makefile, we can easily put
things with their daemons and crossreference nicely.
Signed-off-by: David Lamparter <equinox@diac24.net>
With this commit, fabricd can run without any IPv4 addresses configured
except on loopback. There are two changes to achieve this:
a) If a circuit has no IPv4 address configured, fabricd will resort to
advertise the routers loopback IP in the OpenFabric hellos.
b) All the routes from OpenFabric are sent with ZEBRA_FLAG_ONLINK set,
so that zebra will install them into the fib without checking whether
the nexthop is reachable
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
Have fabricd send out a CSNP whenever a circuit scoped LSP is received,
and log a warning if the CSNP showed resynchronization was necessary.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
The OpenFabric draft prescribes that any IS-IS PDUs not needed for
OpenFabric operation MUST be ignored. So this commit makes fabricd
ignore any LAN IIHs and any L1 LSPs.
Also the draft specifies that any reachabilities given as narrow-metric
TLVs SHALL be ignored, so adhere to that too.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
Implement RFC 6232, optionally allowing to flood isisd's NET and
hostname in purges it originates.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
Extend isisd's TLV parser to support the Prefix-SID subtlv as per
draft-ietf-isis-segment-routing-extensions-19
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
Add a command `debug openfabric flooding` to allow verification of
correct operation of the OpenFabric flooding optimization algorithm.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
Regular IS-IS will flood any LSP updates out to all circuits except the
one where it was received on. This is done in `lsp_flood`.
Change `lsp_flood` for fabricd to use the optimized flooding algorithm
instead.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
OpenFabric uses a list of neighbors and neighbors neighbors to calculate
a set of designated reflooders.
While the draft prescribes that these lists should be built whenever an
LSP needs to be flooded, this implementation opted to build them only
when we ran an spf, given that they will only change when the topology
changes.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
OpenFabric requires knowledge of the first two hops on each path
calculated by spf to implement its flooding optimization. Extend the
hopcount-spf to build such a datastructure.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
OpenFabric makes use of flooding scope LSPs to reduce the amount of
reflooding caused by the update process. Implement transmission and
reception of such PDUs.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
Before this commit, isisd/fabricd maintained a bitfield for each LSP
to track the SRM bit for each circuit, which specifies whether an LSP
needs to be sent on that circuit. Every second, it would scan over all
LSPs in `lsp_tick` and queue them up for transmission accordingly.
This design has two drawbacks: a) it scales poorly b) it adds
unacceptable latency to the update process: each router takes a random
amount of time between 0 and 1 seconds to forward an update. In a
network with a diamter of 10, it might already take 10 seconds for an
update to traverse the network.
To mitigate this, a new design was chosen. Instead of tracking SRM in a
bitfield, have one tx_queue per circuit and declare that an LSP is in
that queue if and only if it would have SRM set for that circuit.
This way, we can track SRM similarly as we did before, however, on
insertion into the LSP queue, we can add a timer for (re)transmission,
alleviating the need for a periodic scan with LSP tick and reducing the
latency for forwarding of updates.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
To avoid passing of traffic via leaf nodes in the fabric, OpenFabric
specifies that all links towards tier 0 nodes should be advertised with
a very high metric.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
If an OpenFabric router doesn't have its tier number configured
manually, try to execute the fabric locality calculation algorithm
whenever we have run spf.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
While OpenFabric calculates most tier numbers automatically by the
fabric locality calculation algorithm, that algorithm requires two
systems to be manually configured as tier 0, so it has reference points.
Also, completely manual configuration is possible.
To support this, introduce appropriate CLI commands and flood the
configured information.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
To flood the tier calculated by the fabric locality detection,
OpenFabric makes use of TLV 150, defined in
draft-shen-isis-spine-leaf-ext-06, so add support for that TLV.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
By moving the spf datastructures to a header, fabricd can access the
results of the spf run for flooding optimization or fabric locality
calculation.
While this was deemed a sensible choice in this case, when compared with
the option of adding a lot of OpenFabric specific code to isis_spf.c,
the datastructures should still not be accessed randomly all over the
code base. To make this more clear, the new header was called
isis_spf_private.h (Think of a friend class)
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
OpenFabric uses an spf with the metric for all links set to one,
both for flooding optimization and for fabric locality detection.
So extend isisd's spf code to allow running it with such a metric
and have it run whenever normal spf runs.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
OpenFabric changes IS-IS's initial database synchronization. While
regular IS-IS will simultaneuously exchange LSPs with all neighboring
routers during startup, this is considered too much churn for a densely
connected fabric.
To mitigate this, OpenFabric prescribes that a router should only
bring up an adjacency with a single neighbor and perform a full
synchronization with that neighbor, before bringing up further
adjacencies.
This is implemented by having a field `initial_sync_state` in the
fabricd datastructure which tracks whether an initial sync is still
pending, currently in progress, or complete.
When an initial sync is pending, the state will transition to the
in-progress state when the first IIH is received.
During this state, all IIHs from other routers are ignored. Any
IIHs transmitted on any link other than the one to the router with
which we are performing the initial sync will always report the far
end as DOWN in their threeway handshake state, avoiding the formation of
additional adjacencies.
The state will be left if all the SRM and SSN flags on the
initial-sync circuit are cleared (meaning that initial sync has
completed). This is checked in `lsp_tick`. When this condition occurrs,
we progress to the initial-sync-complete state, allowing other
adjacencies to form.
The state can also be left if the initial synchronization is taking too
long to succeed, for whatever reason. In that case, we fall back to the
initial-sync-pending state and will reattempt initial synchronization
with a different neighbor.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
OpenFabric specifies that it should always be run with wide metrics via
P2P links and only as Level-2. Implement this as default and remove all
the knobs from fabricd which allow other configuration.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
The 'no ip router isis' command would incorrectly output the afi if the
area to delete does not exist. Make it output the area name instead.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
Remove isis_vty.c and create three new files isis_vty_common.c,
isis_vty_fabricd.c and isis_vty_isisd.c which are built into both
daemons, only fabricd and only isisd, respectively.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
fabricd is built using the sources of isisd. To allow differentiation
in the code, -DFABRICD=1 is added to its preprocessor flags.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
The Vrf aliases can be known with a specific hook. That hook will then,
from zebra propagate the information to the relevant zapi clients.
The registration hook function is the same for all daemons.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
* Use the correct license header
* Stop headers from including themselves
* Use uniform relative include conventions
* Ensure that sources include what they use
* Turn off clang-format around struct array blocks
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
There is no need to check for failure of a ALLOC call
as that any failure to do so will result in a assert
happening. So we can safely remove all of this code.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
This fixes multiple issues and inefficiencies regarding the usage of
route_tables in isis_route.c and removes some memory leaks.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
Take the source-prefix sub-TLV into consideration when running SPF
and support creation/deletion of dst-src routes as result.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
Instead of using the address family to determine which spftree structure
should be used, specify it explicitly. With the advent of ipv6 dst-src
routing, the tree cannot be uniquely determined from the family.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
Have an array of spftrees instead of a separate spftree and an
spftree6 for which all the code gets duplicated.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
This addresses two issues for L1L2 operation:
a) If an L1 route has ROUTE_ACTIVE unset and an L2 route for the same
destination has ROUTE_ACTIVE set, isisd would still put the L1 route
into the merged table. This causes the route for the destination to
get uninstalled from zebra until the next SPF run, which is incorrect.
To fix this, look at the ROUTE_ACTIVE flag and allow L2 routes to win
against L1 routes, when the L1 has ROUTE_ACTIVE unset.
b) If an L1 route wins against an existing L2 route, the ZEBRA_SYNCED
flag would remain on the L2 route. This leads to the problem that when
the L1 route disappears again, the L2 doesn't get reinstalled, since
isisd assumes it's already in the RIB because ZEBRA_SYNCED is set.
Solve this by clearing ZEBRA_SYNCED on L2 routes, if they lose against
an L1 route.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
There was an off-by-one error in redist_delete, so that routes redistributed
into level-2 could never be withdrawn.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
