When displaying `show thread poll` data add the
function we are supposed to call when the poll
event happens.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
When adding a read/write poll event and we are using a developmental
build add a bit of code to ensure that we do not already have an read
or write event scheduled.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
If we have a case where have created a fd for i/o and we have
removed the handling thread but still have the fd in the poll
data structure, there existed a case where we would get
the handle this fd return from poll but we would immediately
do nothing with it because we didn't have a thread to hand
the event to.
This leads to an infinite loop. Prevent the infinite loop
from happening and log the problem.
We still need to find the cause of this happening. But
let's prevent the system from melting down in the mean time.
Fixes: #2796
Signed-off-by: David Lamparter <equinox@diac24.net>
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
This is mostly relevant for Solaris, where config.h sets up some #define
that affect overall header behaviour, so it needs to be before anything
else.
Signed-off-by: David Lamparter <equinox@diac24.net>
For some reason, the compiler on OpenBSD on our CI boxes doesn't like
struct initializers with ".a.b = x, .a.c = y", generating a warning
about overwritten initializers...
Signed-off-by: David Lamparter <equinox@diac24.net>
We need to be calling snprintfrr() instead of snprintf() in places that
wrap snprintf in some user-exposed way; otherwise the extensions won't
be available for those functions.
Signed-off-by: David Lamparter <equinox@diac24.net>
clippy can't process #ifdef or similar bits inside of an argument list
(e.g. within the braces of a DEFUN or DEFPY statement.) Improve error
reporting to catch these cases instead of generating broken C code.
Fixes: #3840
Signed-off-by: David Lamparter <equinox@diac24.net>
* adds a `--with-clippy=...` option to use a prebuilt clippy binary
* limits the autoconf tests done for `--enable-clippy-only`
(e.g. no libyang)
Fixes: #3921Fixes: #4006
Signed-off-by: David Lamparter <equinox@diac24.net>
Even when using the classic CLI mode (i.e. when --tcli is not
used), the northbound code still uses vty->candidate_config
to perform configuration changes. From the perspective of the
user, the running configuration is being edited directly, but
under the hood the northbound layer does a full configuration
transaction for each command. When the running configuration is
edited by a northbound client other than the CLI (e.g. kernel,
gRPC), vty->candidate_config might become outdated, and this can
lead to lots of weird problems. To fix this, always regenerate
vty->candidate_config before each configuration command when
using the classic CLI mode. When using the transactional CLI,
the user needs to update the candidate manually using the "update"
command, otherwise the "commit" command will fail with this error:
"% Candidate configuration needs to be updated before commit".
Fixes some problems reported by Don after moving an interface from
one VRF to another one while zebra is running.
Reported-by: Don Slice <dslice@cumulusnetworks.com>
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Field vrf_id is replaced by the pointer of the struct vrf *.
For that all other code referencing to (interface)->vrf_id is replaced.
This work should not change the behaviour.
It is just a continuation work toward having an interface API handling
vrf pointer only.
some new generic functions are created in vrf:
vrf_to_id, vrf_to_name,
a zebra function is also created:
zvrf_info_lookup
an ospf function is also created:
ospf_lookup_by_vrf
it is to be noted that now that interface has a vrf pointer, some more
optimisations could be thought through all the rest of the code. as
example, many structure store the vrf_id. those structures could get
the exact vrf structure if inherited from an interface vrf context.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
vrf_id parameter is replaced with struct vrf * parameter. It is
needed to create vrf structure before entering in the fuction.
an error is generated in case the vrf parameter is missing.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
there may be cases where the vrf is yet allocated from the vty, and the
discovery process did not make the relationship between the vrf_id and
the name of the vrf. For instance, by parsing an interface belonging to
vrf-id X, it is not sure that vrf-id X and vrfname XX are talking about
the same vrf. For that, lets allocate the vrf, and lets try to detect
there is a duplicate case in vrf, so that the merge can be done without
any impact for the user.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
the interface search is based on vrfs. As at startup, some interfaces
may be configured, there is need to have vrfs contexts present. A macro
is being appended with an extra parameter that permits create a vrf and
return the context. This macro is also used by some show routines, but
will not create vrfs, because that extra parameter will be set to false,
on that case.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Upon accessing interface NB API, the interface is created, if the vrf
is available. the commit does not change the behaviour, since at this
commit, this is not yet possible to have vrf contexts, while zebra did
not connect to daemons. However, that commit adds some work, so that it
will be possible to work on a vrf context, without having the vrf_id
completely resolved. for instance, if we suppose a vrf is created by
command 'vrf TOTO' in the starting configuration of a daemon, then 'interface
TITI vrf TOTO' will permit to create interface TITI within vrf TOTO.
the macro VRF_GET_INSTANCE will return the vrf context, if available or
not.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
the vrf_id parameter is replaced by struct vrf * parameter.
this impacts most of the daemons that look for an interface based on the
name and the vrf identifier.
Also, it fixes 2 lookup calls in zebra and sharpd, where the vrf_id was
ignored until now.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Added a CLI "debug route-map" to enble route-map debugs
Added debugs for following triggers
1. Add/delete a route-map
2. Add/delete a sequence in route-map
3. Add/delete a match statement(dependency)
4. Update a dependency
5. Apply a route-map
Signed-off-by: Ameya Dharkar <adharkar@vmware.com>
This version of container_of() should work on C++, by ditching the
unavailable builtins (at the cost of no longer checking for "const"
violations.)
Signed-off-by: David Lamparter <equinox@diac24.net>
vrf pointer is used as reference when calling if_get_by_name() function.
this will permit to create interfaces with an unknown vrf_id, since it
is only necessary to get the vrf structure to store the interfaces.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
On some compiler platforms the md5 setup function was
not returning anything. Place failure case on the bottom
to properly handle this situation.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Various compilers in our CI system were complaining about various
auto-conversions. Let's get these cleaned up a bit more.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
When the user specifies -N namespace allow it to influence the
frr_vtydir(DAEMON_VTY_DIR) to have namespace in it's path
like so: $frrstate_dir/<namespace>
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
When using -z, allow that to override the zapi domain socket
path. If using -N add the namespace name to the path to
$frr_statedir/<namespace>/zserv.api. If you don't specify
the -N or -z option then it is $frr_statedir/zserv.api
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
reallocarray() is walled behind stupid feature macros on various
platforms and doesn't quite gain us much in that particular use case.
Signed-off-by: David Lamparter <equinox@diac24.net>
This makes printfrr extensions available in most of our format strings.
snprintf() is the obvious exception.
Signed-off-by: David Lamparter <equinox@diac24.net>
[u]int64_t is the only type in the intX_t family that needs
special-casing for printf since the calling convention may differ
between 32-bit and 64-bit systems.
Adding the L specifier allows us to eschew the gnarly-looking PRIu64.
Signed-off-by: David Lamparter <equinox@diac24.net>
The get_route_map_delete_event function should return a value
even if we never get to that part of the function. Make sure
we know why we are here so it can be fixed appropriately in
the future.
Signed-off-by: Donald Sharp <sharpd@cumulusnetwork.com>
The zebra_size_t type needs to be owned by zclient.h since
it is part of the zapi protocol. Move it to where the
structure belongs.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
zebra.h had some defined flags that were being used
as part of the route encode/decode functionality. These
belong in the zclient.h code.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
We have some functions that are owned by log.c, so
move their declarations from zebra.h to log.h
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The iana_afi_t and iana_safi_t were being created in zebra.h
and zebra.h is a bit of a dumping ground. When the iana_afi2str and
iana_safi2str functions were created, it was correctly pointed out
that we should just use the internal afi_t and safi_t 2str functions
but to do that we would need to include prefix.h in zebra.h. Which
really is not the right thing to do. This tells us that we need
to break out this code into it's own header.
Move to iana_afi.h the enums and specific functions and remove
from zebra. Convert to using the afi2str and safi2str functions.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Modify the code such that we can auto turn the iana values of afi
and safi to pleasant to read strings.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Although the RFC states hostname length should be < 255 chars,
FRR allows infinite length technically. However, when you try
to set a hostname > 80 chars, you would immediately notice a crash.
RCA: Crash due to buffer overflow. Large buffer sprintf'd into smaller
buffer. Usage of sprintf function instead of snprintf which is safer.
Signed-off-by: Lakshman Krishnamoorthy <lkrishnamoor@vmware.com>
Say, more than one sequence of a route-map uses the same named entity
in its match clause. After that entity is removed from any one of the
route-map sequences, any further changes made to that entity doesn't
dynamically take effect.
A reference counter, that allows the named entity to keep a count of
the route-maps dependent on it, has been introduced to address this issue.
Signed-off-by: NaveenThanikachalam <nthanikachal@vmware.com>
When you have compiled FRR with a large multipath number
then encoding large ecmp routes between zebra and the
routing daemons. There exists a theoritical size
of multipath that will cause the encoding to be larger
than the ZEBRA_MAX_PACKET_SIZ. In the cases where
we have allocated streams that will encode routes
then let's ensure that whatever size we have will
auto-fit what we say we can send.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Add 'no log commands' cli and at the same time add a
--command-log-always to the daemon startup cli.
If --command-log-always is specified then all commands are
auto-logged and the 'no log commands' form of the command
is now ignored.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
gcc is complaing about this with --enable-dev and --enable-werror:
In function 'nb_log_callback',
inlined from 'nb_transaction_apply_finish' at lib/northbound.c:1106:4:
lib/northbound.c:777:2: error: '%s' directive argument is null [-Werror=format-overflow=]
777 | zlog_debug(
| ^~~~~~~~~~~
778 | "northbound callback: event [%s] op [%s] xpath [%s] value [%s]",
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
779 | nb_event_name(event), nb_operation_name(operation), xpath,
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
780 | value);
| ~~~~~~
CC lib/ringbuf.lo
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The vtypath_default variable had a possibility of being overwritten
due to size constraints. This fixes this issue.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Introducing a 3rd state for route_map_apply library function: RMAP_NOOP
Traditionally route map MATCH rule apis were designed to return
a binary response, consisting of either RMAP_MATCH or RMAP_NOMATCH.
(Route-map SET rule apis return RMAP_OKAY or RMAP_ERROR).
Depending on this response, the following statemachine decided the
course of action:
Action: Apply route-map match and return the result (RMAP_MATCH/RMAP_NOMATCH)
State1: Receveived RMAP_MATCH
THEN: If Routemap type is PERMIT, execute other rules if applicable,
otherwise we PERMIT!
Else: If Routemap type is DENY, we DENYMATCH right away
State2: Received RMAP_NOMATCH, continue on to next route-map, otherwise,
return DENYMATCH by default if nothing matched.
With reference to PR 4078 (https://github.com/FRRouting/frr/pull/4078),
we require a 3rd state because of the following situation:
The issue - what if, the rule api needs to abort or ignore a rule?:
"match evpn vni xx" route-map filter can be applied to incoming routes
regardless of whether the tunnel type is vxlan or mpls.
This rule should be N/A for mpls based evpn route, but applicable to only
vxlan based evpn route.
Today, the filter produces either a match or nomatch response regardless of
whether it is mpls/vxlan, resulting in either permitting or denying the
route.. So an mpls evpn route may get filtered out incorrectly.
Eg: "route-map RM1 permit 10 ; match evpn vni 20" or
"route-map RM2 deny 20 ; match vni 20"
With the introduction of the 3rd state, we can abort this rule check safely.
How? The rules api can now return RMAP_NOOP (or another enum) to indicate
that it encountered an invalid check, and needs to abort just that rule,
but continue with other rules.
Question: Do we repurpose an existing enum RMAP_OKAY or RMAP_ERROR
as the 3rd state (or create a new enum like RMAP_NOOP)?
RMAP_OKAY and RMAP_ERROR are used to return the result of set cmd.
We chose to go with RMAP_NOOP (but open to ideas),
as a way to bypass the rmap filter
As a result we have a 3rd state:
State3: Received RMAP_NOOP
Then, proceed to other route-map, otherwise return RMAP_PERMITMATCH by default.
Signed-off-by:Lakshman Krishnamoorthy <lkrishnamoor@vmware.com>
Separate out the debug_init api to have 2 functions:
1) Function to register a callback
2) Function to initiate the cli.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Allow multiple callers to initialize themselves to receive
callbacks for debug on/off operations.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The SO_MARK socket option was being used pre vrf to allow for the
separation of the front panel -vs- the management port. This
was facilitated by a ip rule. Since this is undocumented anywhere
in our system( other than old commits see
ed40466af8 ). We should remove this
because this will cause interference with people using rules
and are not aware of this offshoot of functionality.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Upon startup FRR reads in the MAX_FDS variable from
it's control files via the getrlimit call. We then
setup code to limit the poll data structure size to
that value. The OS also limits our FD's to that value
because that is what is set. Provide a methodology
that a interested end user can figure this data out.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The 'show thread cpu' command referenced a 'b' option. Which
is not parsed at all in the parse_filter function. As such
I do not know what this was referencing as that it has been
removed. Update the help strings to reflect this reality.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
* Change 'begins_with' to 'frrstr_startswith' for consistency
* Add suffix checker, frrstr_endswith()
* Update vtysh to use the new function
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Allow label ignoring when comparing nexthops. Specifically,
add another functon nexthop_same_no_labels() that shares
a path with nexthop_same() but doesn't check labels.
rib_delete() needs to ignore labels in this case.
Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
Refactor the gatway and source nexthop comparision into a
common code path that compares them explicitly based on
their address family.
Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
The functions nexthop_same() does not check the resolved
nexthops so I don't think this function is even needed
anymore.
Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
This is necessary to avoid a name collision with std::for_each
from C++.
Fixes the compilation of the gRPC northbound module.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Passing the struct route_table *ptr as const doesn't really help; if
anything it semantically would imply that the returned route_node is
const too since constness should propagate (but it doesn't in C.)
The right thing to do here - which actually helps the compiler optimize
the code too - is to tag functions with __attribute__((pure)). The
compiler does this automatically if it has the function body (and the
body of all called functions) available. That should cover most "static
inline" functions in headers, as well as functions in the same file.
However, this doesn't work (at least without LTO) for extern functions.
Hence, add "ext_pure" for this case. (Built-in "extern" to make lines
shorter.)
Signed-off-by: David Lamparter <equinox@diac24.net>
Working with a proper struct route_node gets us around a bunch of weird
casts here and makes the code slightly more robust.
Signed-off-by: David Lamparter <equinox@diac24.net>
Only noticed this when trying to add atomlists to the typesafe
datastructure tests... the atomic-specific test_atomlist doesn't use
init/fini :/
Signed-off-by: David Lamparter <equinox@diac24.net>
This is an 8-ary heap (cacheline optimized.) It works as a semi-sorted
kind of middle ground between unsorted and sorted datastructures; pop()
always returns the lowest item but ordering is only loosely enforced.
Signed-off-by: David Lamparter <equinox@diac24.net>
Turns out we need one of these. Same API as DECLARE_LIST, but deleting
random items is much faster.
Signed-off-by: David Lamparter <equinox@diac24.net>
The skiplist code was previously falling back to the del() code path for
a pop() on a skiplist. This is unneeded complexity, a pop() can be done
more efficiently.
Signed-off-by: David Lamparter <equinox@diac24.net>
VRRP doesn't install any routes, but should still have an array entry.
Also add a help string for VRRP to route_types.txt
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Add convenience functions to compute the Internet checksum of a data
block, including a pseudoheader.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
* Search for macvlan interfaces with the appropriate name and MAC
address when starting up a new VRRP instance
* Split VRRP socket into two; one for Tx, one for Rx
* Bind Tx socket to the macvlan subinterface so our VRRP advertisements
go out with the correct MAC address
* Send ARP requests from this macvlan subinterface
* Improve error messaging
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Compiling FRR w/ gcc 9.1 and --enable-werror generates some
issues that need to be cleaned up.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
1. listnode_add_sort_nodup - This API adds to list only if no duplicate
element available in the list. returns true/false
2. list_filter_out_nodes - This API deletes the nodes which satisfy the given
condition. condition is passed as a func ptr in
API. This function takes in node data(void ptr).
Signed-off-by: Saravanan K <saravanank@vmware.com>
It doesn't make much sense for a hash function to modify its argument,
so const the hash input.
BGP does it in a couple places, those cast away the const. Not great but
not any worse than it was.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Add an upspecified option to the AFI enum and update
switch statements using it in bgpd and pbrd.
Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
new vty command is added:
neighbor XXX bfd check-control-plane-failure
this command will enforce the check of bgp controlplane, when bfd
detects changes in the dataplane.
- at configuration, the cbit will be set if that command is executed
- at flapping time, if the command is configured and remote cbit is set
accordingly, then the bfd event will be ignored.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
bfd cbit is a value carried out in bfd messages, that permit to keep or
not, the independence between control plane and dataplane. In other
words, while most of the cases plan to flush entries, when bfd goes
down, there are some cases where that bfd event should be ignored. this
is the case with non stop forwarding mechanisms where entries may be
kept. this is the case for BGP, when graceful restart capability is
used. If BFD event down happens, and bgp is in graceful restart mode, it
is wished to ignore the BFD event while waiting for the remote router to
restart.
The changes take into account the following:
- add a config flag across zebra layer so that daemon can set or not the
cbit capability.
- ability for daemons to read the remote bfd capability associated to a bfd
notification.
- in bfdd, according to the value, the cbit value is set
- in bfdd, the received value is retrived and stored in the bfd session
context.
- by default, the local cbit announced to remote is set to 1 while
preservation of the local path is not set.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
A few of the functions in openbsd's RB tree implementation
needed to have const in their parameters.
Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
The CLI grammer sandbox needs to initialize the northbound subsystem
otherwise the running_config global variable won't be set, which
leads to crashes.
Fixes#4319.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
The route_map_event_hook callback was passing the `route_map_event_t`
to each individual interested party. No-one is ever using this data
so let's cut to the chase a bit and remove the pass through of data.
This is considered ok in that the routemap.c code came this way
originally and after 15+ years no-one is using this functionality.
Nor do I see any `easy` way to do anything useful with this data.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
From looking at a current PR: #4297, we see that routemap.c code
was not properly updating dependency information for some
route_map_event_t enum types. This has lead to dependancy
information not being updated properly. While at this time
I do not know whether or not we need to update the switch
for the missing types, I do know that if we add something in
the future we should make the person adding the code consider
this. So let's remove all `default:` switch statement handlers
from routemap.c when switching on an enum. Future time will
need to be spent to figure out what is needed to be done here.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Each of Lua's major versions are incompatible with each other. Ubuntu,
at least, does not provide a single liblua.so or /usr/include/lua; all
SOs and headers are versioned, e.g. liblua5.3.so and
/usr/include/lua5.3. There's already an m4 macro in the GNU collection
to handle this situation, so let's use that.
This allows building with Lua enabled to work on platforms other than
Fedora.
* Move lib/lua.[ch] -> lib/frrlua.[ch] to prevent path conflicts
* Fix configure.ac search for proper CPP and linker flags
* Add Lua include path to AM_CPPFLAGS
* Update vtysh/extract.pl.in
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
This fix aims to reduce the load on BGPD when certain
exisiting configurations are replayed.
Specifically, the fix prevents BGPD from processing
routes when the following already existing configurations
are replayed:
1) A match criteria is configured within a route-map.
2) When "call" is invoked within a route-map.
3) When a route-map is tied to a BGP neighbor.
Signed-off-by: NaveenThanikachalam <nthanikachal@vmware.com>
Route map library creates a hash table to save the dependency binding.
route-map LRM permit 1
call rLRM
Whenever there is change in child routemap(rLRM), it tries to
find the dependency mapping with the child route map MATCH event
and it fails.The handing of match add and match delete was missing
to get the correct dependency,here it's LRM.
This fix would correct the flow to get the correct dependency.
Signed-off-by: vishaldhingra <vdhingra@vmware.com>
vrf_id parameter is added to the api of bfd_client_sendmsg().
this permits being registered to bfd from a separate vrf.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
This is an extension to previous behavior, where the bind() operation
was performed only when vrf was not a netns backend kind. This was done
like that because usually the bind parameter is the vrf name itself, and
having an interface name with vrf name is an expectation so that the
bind operation works.
the bind() operation can be performed on whatever device provided that
that name is not null and there is an interface in the vrf that has the
same name as the parameter.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
libyang 1.0 introduced a few changes in the user types API, and
these changes made FRR incompatible with libyang 1.x. In order to
ease our migration from libyang 0.x to libyang 1.x, let's disable
our libyang custom user types temporarily so that FRR can work
with both libyang 0.x and libyang 1.x. This should be especially
helpful to the CI systems during the transition. Once the migration
to libyang 1.x is complete, this commit will be reverted.
Disabling our libyang custom user types should have only
minimal performance implications when processing configuration
transactions. The user types infrastructure should be more important
in the future to perform canonization of YANG data values when
necessary.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
This macro:
- Marks ZAPI callbacks for readability
- Standardizes argument names
- Makes it simple to add ZAPI arguments in the future
- Ensures proper types
- Looks better
- Shortens function declarations
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
The vrf_with_default_name vrf variable is set to NULL
and then tested to see if it is valid. Removing the
dead code.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
This converts the new table code to use the new hash
type provided by David.
The following test is 1 million routes installed and how
much memory we are using:
Old mem usage:
Memory statistics for zebra:
System allocator statistics:
Total heap allocated: 574 MiB
Holding block headers: 0 bytes
Used small blocks: 0 bytes
Used ordinary blocks: 536 MiB
Free small blocks: 33 MiB
Free ordinary blocks: 4600 KiB
Ordinary blocks: 0
Small blocks: 0
Holding blocks: 0
New Memory usage:
Memory statistics for zebra:
System allocator statistics:
Total heap allocated: 542 MiB
Holding block headers: 0 bytes
Used small blocks: 0 bytes
Used ordinary blocks: 506 MiB
Free small blocks: 3374 KiB
Free ordinary blocks: 33 MiB
Ordinary blocks: 0
Small blocks: 0
Holding blocks: 0
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
We should not be modifying the pointer for the prefix_hash_key
function, make it a const so that we can use it elsewhere.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The head of a list should not change for find functions. Probably
are others that should be considered but these changes can come
in as needed I believe.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
This converts the new table code to use the new hash
type provided by David.
The following test is 1 million routes installed and how
much memory we are using:
Old mem usage:
Memory statistics for zebra:
System allocator statistics:
Total heap allocated: 574 MiB
Holding block headers: 0 bytes
Used small blocks: 0 bytes
Used ordinary blocks: 536 MiB
Free small blocks: 33 MiB
Free ordinary blocks: 4600 KiB
Ordinary blocks: 0
Small blocks: 0
Holding blocks: 0
New Memory usage:
Memory statistics for zebra:
System allocator statistics:
Total heap allocated: 542 MiB
Holding block headers: 0 bytes
Used small blocks: 0 bytes
Used ordinary blocks: 506 MiB
Free small blocks: 3374 KiB
Free ordinary blocks: 33 MiB
Ordinary blocks: 0
Small blocks: 0
Holding blocks: 0
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
We should not be modifying the pointer for the prefix_hash_key
function, make it a const so that we can use it elsewhere.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The head of a list should not change for find functions. Probably
are others that should be considered but these changes can come
in as needed I believe.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Replaces the use of pqueue_* for the thread_master's timer list with an
instance of DECLARE_SKIPLIST_*.
Signed-off-by: David Lamparter <equinox@diac24.net>
Replaces the open-coded thread_list with a DECLARE_LIST instantiation.
Some function prototypes are actually identical to what was previously
open-coded.
Signed-off-by: David Lamparter <equinox@diac24.net>
These two are lock-free linked list implementations, the plain one is
primarily intended for queues while the sorted one is for general data
storage.
Signed-off-by: David Lamparter <equinox@diac24.net>
Typesafe red-black tree, built out of the OpenBSD implementation and the
macro soup layered on top. API compatible with skiplists & simple
lists.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
By the power of the C preprocessor, these macros provide type-safe
warppers for simple lists, skiplists and hash tables. Also, by changing
the instantiation macro, it is easily possible to switch between
algorithms; the code itself does not need to be changed since the API
is identical across all algorithms.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
The upcoming gRPC-based northbound plugin will run on a separate
pthread, and it will need to have access to the running configuration
global variable. Introduce a rw-lock to control concurrent access
to the running configuration. Add the lock inside the "nb_config"
structure so that it can be used to protect candidate configurations
as well (this might be necessary depending on the threading scheme
of future northbound plugins).
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
The ability to lock the running configuration to prevent other users
from changing it is a very important one. We already supported
the "configure exclusive" command but the lock was applied to
the CLI users only (other clients like ConfD could still commit
configuration transactions, ignoring the CLI lock). This commit
introduces a global lock for the running configuration that is
shared by all northbound clients, and provides a public API to
manipulate it. This way other northbound clients will also be able
to lock/unlock the running configuration if required (the upcoming
gRPC northbound plugin will have RPCs for that).
NOTE: this is a management-level lock for the running configuration,
not to be confused with low-level locks used to avoid data races.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Prevent IPv6 routes received via a ibgp session with one of its own interface
ip as nexthop from getting installed in the BGP table.
Implemented IPV6 HASH table, where we need to add any ipv6 address as they
gets configured and delete them from the HASH table as the ipv6 addresses
get unconfigured. The above hash table is used to verify if any route learned
via BGP has nexthop which is equal to one of its its connected ipv6 interface.
Signed-off-by: Biswajit Sadhu sadhub@vmware.com
Fixup in response to Jafar's review comments.
This is actually old code moved in from pimd to lib. But the fixup does
make sense.
Signed-off-by: Anuradha Karuppiah <anuradhak@cumulusnetworks.com>
These updates act as triggers to pimd to -
1. join the MDT for rxing VxLAN encapsulated BUM traffic
2. register the local-vtep-ip as a source for the MDT
Signed-off-by: Anuradha Karuppiah <anuradhak@cumulusnetworks.com>
IMET route is optional if the flood mode is PIM-SM and serves
no functional purpose. So this change limits type-3 route generation
to flood-mode=head-end-replication.
Signed-off-by: Anuradha Karuppiah <anuradhak@cumulusnetworks.com>
This solves a crash that happens if the "route-map" command is used
after "router rip" + "no router rip" + "router rip".
Once interface route-maps are converted to the new northbound model,
we'll be able to remove the if_rmap_ctx_list global list (which is
an ugly hack to make things work right now).
Bug found by the CLI fuzzer.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Found that zebra_rnh_apply_nht_rmap would set the
NEXTHOP_FLAG_ACTIVE if not blocked by the route-map, even
if the flag was not active prior to the check. This fix
changes the flag used to denote the nexthop is filtered so
that proper active state can be retained. Additionally,
found two cases where we would send invalid nexthops via
send_client, which would also cause this crash. All three
fixed in this commit.
Signed-off-by: Don Slice <dslice@cumulusnetworks.com>
The NEXTHOP_FLAG_FILTERED went away when we started treating
static routes like every other route in the system. This was
a special case for handling static route code that just didn't
get finished cleaning up.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Certain operations, like removing non-presence containers or
modifying list keys, are not considered to be valid from the
perspective of the northbound layer. This is because we want to
implement a minimum set of northbound configuration callbacks and
use them to process all possible configuration changes.
The removal of a np-container [1], for example, can be processed by
calling the "delete" callback of all of its child nodes (recursion
is used for np-container child nodes). Similarly, the modification
of a list key can be processed as if the corresponding list entry
was removed and readded with updated key values. This strategy saves
us the burden of implementing lots of extra configuration callbacks.
That said, the nb_operation_is_valid() function shouldn't be used
for anything other than checking which callbacks are valid for
which YANG nodes. Using it in the nb_candidate_edit() function
is inappropriate as we want as much flexibility as possible when
editing a candidate configuration. We should allow CLI commands,
for example, to remove np-containers (the northbound layer will then
figure out which callbacks need to be called when this candidate
is committed). Remove the check.
[1] We can't do the same for presence containers since they have a
"create" callback associated with them.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
flog() is a small wrapper around zlog() that can be useful in a
few places to reduce code duplication.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
zlog() should be part of the public logging API as it's useful in
the cases where the logging priority isn't known at compile time
(i.e. it depends on a variable).
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Move call to nb_db_init() from nb_init() to frr_init() so that only
the FRR daemons will initialize the northbound database. This should
fix a few warnings when running some unit tests.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Introduce a hash table to keep track of user pointers associated
to configuration entries. The previous strategy was to embed
the user pointers inside libyang data nodes, but this solution
incurred a substantial performance overhead. The user pointers
embedded in candidate configurations could be lost while the
configuration was being edited, so they needed to be regenerated
before the candidate could be committed. This was done by the
nb_candidate_restore_priv_pointers() function, which was extremely
expensive for large configurations. The new hash table solves this
performance problem.
The yang_dnode_[gs]et_entry() functions were renamed and moved from
yang.[ch] to northbound.[ch], which is a more appropriate place
for them. This patch also introduces the nb_running_unset_entry()
function, the counterpart of nb_running_set_entry() (unsetting
user pointers was done automatically before, now it needs to be
done manually).
As a consequence of these changes, we shouldn't need support for
libyang private pointers anymore (-DENABLE_LYD_PRIV=ON). But it's
probably a good idea to keep requiring this feature as we might
need it in the future for other things (e.g. disable configuration
settings without removing them).
Fixes#4136.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Manually tested rather extensively in addition to included unit tests,
should work as intended.
NB: The OpenBSD futex() code is "future"; it's not actually in OpenBSD
(yet?) and thus untested.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
After exceeding the max retry number for a thread,
we were passing the data rather than the work_queue_item
struct.
Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
MD5 auth on TCP is supported for prefixes in recent versions of Linux;
add complementary support for FRR.
This is a reworked version of Donald's commit to keep library
compatibility and obviate the need for changes in daemons that don't
need to support this themselves.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Split the "debug northbound" command into the following commands:
* debug northbound callbacks configuration
* debug northbound callbacks state
* debug northbound callbacks rpc
* debug northbound notifications
* debug northbound events
* debug northbound client confd
* debug northbound client sysrepo
If "debug northbound" is entered alone, all of its suboptions
are enabled.
This commit also adds code to debug state/rpc callbacks and
notifications (only configuration callbacks were logged before).
Use the debugging infrastructure from "lib/debug.h" in order to
benefit from its facilities (e.g. MT-safe debugging) and avoid
code duplication.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
The IFF_OUT_LOG macro is using BUFSIZE, which is the sizeof(logbuf)
but for some reason 8.0 clang SA is not happy with it. Just
make it happy.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Add a hash function to turn a nexthop group into a
32 bit unsigned hash key with jhash. We do not care to
hash any recursively resolved nexthops, just the group.
Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
Avoid tracking 0.0.0.0/32 nexthop with RIB.
When routes are aggregated,
the originate of the route becomes self.
Do not track nexthop self (0.0.0.0) with rib.
Ticket: CM-24248
Testing Done:
Before fix-
tor-11# show ip nht vrf all
VRF blue:
0.0.0.0
unresolved
Client list: bgp(fd 16)
VRF default:
VRF green:
VRF magenta:
0.0.0.0
unresolved
Client list: bgp(fd 16)
After fix-
tor-11# show ip nht vrf all
VRF blue:
VRF default:
VRF green:
VRF magenta:
Signed-off-by: Chirag Shah <chirag@cumulusnetworks.com>
Adjust the nexthop comparison api so that it calls the label-
comparison api. Adjust the label-comp api so that "no labels"
is "equal".
Signed-off-by: Mark Stapp <mjs@voltanet.io>
PR #3622 renamed the "delete" northbound callback to "destroy" in
order to make the libfrr headers compatible with C++. This commit
renames a few functions that still use "delete" instead of "destroy"
in their names.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Merge commit to solve a bunch of conflicts with other PRs that were
merged in the previous weeks.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
that routine does the same as listnode_add; in addition it creates the
linked list if needed.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
lists passed as parameter that are null, are accepted by the function.
I would even propose to silently return NULL in official
listnode_lookup() routine.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Problem found in bgpd where it wasn't learning interface address
information at startup due to the interface information becoming
available before the bgp instance was created. This issue was
caused by an earlier change that tried to make the interface
information discovery process more efficient but left this hole
for bgpd. For now, putting back in the previous method of
gathering interface info via the zclient_send_reg_requests call
and will revisit a more efficient way to get the info in the future.
Ticket: CM-23932
Signed-off-by: Don Slice <dslice@cumulusnetworks.com>
Add a few missing log entries to the macro to allow us to print
out the zapi message type, since they were missing.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Use the privs struct mutex more strictly, to ensure that the
privs are at the level the caller expects when the apis
return.
Signed-off-by: Mark Stapp <mjs@voltanet.io>
Privs escalation is process-wide, and a multi-threaded process
can deadlock. This adds a mutex and a counter to the privs
object, preventing multiple threads from making the privs
escalation system call.
Signed-off-by: Mark Stapp <mjs@voltanet.io>
Non-presence containers don't have "destroy" callbacks. So, once
a np-container is deleted, we need to call the "destroy" callbacks
of its child nodes instead.
This commit doesn't fix any real problem as of now since all
np-containers from the FRR YANG modules contain or one more mandatory
child nodes, so they can't be deleted (libyang will add missing
np-containers when validating data). Nevertheless, upcoming YANG
modules should benefit from this change.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
This is just a small refactoring to reduce code duplication. No
behavior changes intended.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
In the case of EVPN symmetric routing, the tenant VRF is associated with
a VNI that is used for routing and commonly referred to as the L3 VNI or
VRF VNI. Corresponding to this VNI is a VLAN and its associated L3 (IP)
interface (SVI). Overlay next hops (i.e., next hops for routes in the
tenant VRF) are reachable over this interface. Howver, in the model that
is supported in the implementation and commonly deployed, there is no
explicit Overlay IP address associated with the next hop in the tenant
VRF; the underlay IP is used if (since) the forwarding plane requires
a next hop IP. Therefore, the next hop has to be explicit flagged as
onlink to cause any next hop reachability checks in the forwarding plane
to be skipped.
https://tools.ietf.org/html/draft-ietf-bess-evpn-prefix-advertisement
section 4.4 provides additional description of the above constructs.
Use existing mechanism to specify the nexthops as onlink when installing
these routes from bgpd to zebra and get rid of a special flag that was
introduced for EVPN-sourced routes. Also, use the onlink flag during next
hop validation in zebra and eliminate other special checks.
Signed-off-by: Vivek Venkatraman <vivek@cumulusnetworks.com>
Reviewed-by: Anuradha Karuppiah <anuradhak@cumulusnetworks.com>
Reviewed-by: Donald Sharp <sharpd@cumulusnetworks.com>
After creating a libyang context, we need to hook up our callback to use
embedded built-in modules. I hadn't added this to the yang translator
code.
Also, ly_ctx_new fails if the search directory doesn't exist. Since
that's not a hard error for us, work around that and ignore inaccessible
YANG_MODELS_DIR. (This is needed for snap packages.)
Signed-off-by: David Lamparter <equinox@diac24.net>
an interface rmap context can be created from a custom name string,
instead of a vrf. This ability permits to handle several instances of
interface route map in the same vrf. The naming convention will be
transparent on what the name is for in the daemon code.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
so as to handle ri/ripng/eigrp multiple instances, the need is to
encapsulate if_rmap hash table into a container context self to each
instance. This work then reviews the if_rmap api, mainly by adding a
if_rmap_ctx context, that is passed for each exchange between library
and the daemon.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
When displaying the running configuration, we should use a single
space to indent commands when necessary (and not two spaces).
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
This patch adds support to nexthops of type NEXTHOP_TYPE_IFINDEX to
nexthop-groups. This should be especially useful when dealing with
p2p interfaces like tunnels that don't have IP addresses assigned
to them.
NOTE: nh->addr can be NULL now, so we should always perform a null
check before dereferencing this pointer.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Use a pointer to a sockunion instead of a full sockunion in the
nexthop_hold structure. This prepares the ground for the next commit,
which will make nexthop addresses optional (in this commit we assume
nh->addr will never be NULL, but this will change).
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
* command_graph.h: stop using "new" as a parameter name as that's a
reserved C++ keyword.
* module.h: avoid using C99 designated initializers since C++ doesn't
support them. This change hurts code readability quite considerably,
so we should try to find a better solution later.
* pw.h: remove unneeded empty structure to silence a C++ warning.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
C++ doesn't support implicit casts from void pointers like C
does. And the libfrr headers have some bits of code that rely on
implicit casts in order to work. To solve this problem, add a new
"static_cast" macro that performs explicit static casts when a C++
compiler is being used, or do nothing otherwise.
NOTE: since macros are only evaluated when they are used, there
might be other macros from libfrr that will need to use "static_cast"
as well. If a header is successfully compiled using a C++ compiler,
there's no guarantee that its macros are compatible with C++. We'll
only know about such macros when they are used by C++ code, then
we'll need to adapt them one by one in the future.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Two different definitions of "enum filter_type" exist in libfrr:
one in lib/filter.h and other in lib/command_match.h. Rename one
of them to resolve a conflict that happens when both headers are
included by the same file.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
These are necessary to use functions defined in these headers from C++.
Signed-off-by: David Lamparter <equinox@diac24.net>
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
C++ doesn't have ISO C11 stdatomic.h or "_Atomic inttype", so use
std::atomic instead to get the headers compatible.
Signed-off-by: David Lamparter <equinox@diac24.net>
Add a no-op conversion constructor to tell C++ that union prefixptr
accepts any of its member types.
Signed-off-by: David Lamparter <equinox@diac24.net>
Change the northbound lib operation from DELETE to DESTROY;
make the required changes in the users of the northbound, in
the cli, rip, ripng, and isis.
Signed-off-by: Mark Stapp <mjs@voltanet.io>
Some misc changes to resolve some c++ compilation errors.
The goal is only to permit an external module - a plugin,
for example - to see frr headers, not to support or encourage
contributions in c++. The changes include: avoiding use
of keywords like 'new', 'delete'; cleaning up implicit
type-casting from 'void *' in several places.
Signed-off-by: Mark Stapp <mjs@voltanet.io>
on interface search algorithm, at initialisation, when reading config
file, the vrf backend may not be yet known ( because zebra did not sync
yet with daemon). For that, avoid searching interface name in a separate
vrf. This change of behaviour is induced because the assumption is done
that at config startup, the user is not wrong with the interface
configuration to use. Every usage of vrf_get_backend() should then be
wisely adapted in order to handle that init state.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
other daemons need to sync with zebra to get to know which vrf backend
is available. in that time, there may be interface configuration
available. in that specific case, the vrf backend returned is not known.
A specific return value is sent back. This will be useful to know which
specific algorithm to apply.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Collapse the old static free function into the actual public
function that was using it (and the only user of it.)
Signed-off-by: Mark Stapp <mjs@voltanet.io>
This change is used to send configue changes for
advertise svi address as macip (type-2) route.
Ticket:CM-23782
Signed-off-by: Chirag Shah <chirag@cumulusnetworks.com>
Ask for all interface information after we have connected
to zebra and sent the initial hello.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Made the following changes.
1.Defined two apis in routemap-lib, one for increment and another for
decrement the applied counter.
2.Added a new configuration “show route-map-unused” to track all unused
routemaps.
3.called the corresponding route map update api when a route map attached
or detached from any redistribution list.
Signed-off-by: RajeshGirada <rgirada@vmware.com>
If tcp_l3mdev_accept = 0, then creating a socket for a vrf
for communication is allowed. On the other hand if it is =1
then the vrf_socket() code assumes that we have created
a listen socket in the default vrf. This is a bad assumption
in that it is perfectly valid to create a bgp instance like this:
router bgp 99 vrf BLUE
<configuration>
!
But not to create a default bgp instance. As such when BGP
would call the vrf_socket to create the listener for that vrf
the code was dissallowing it.
This code is incorrect behavior. If we are passing in a interface
to bind the socket to, it is not the correct behavior to just not
bind, especially if the interface passed in is not a vrf name.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
- some target_CFLAGS that needed to include AM_CFLAGS didn't do so
- libyang/sysrepo/sqlite3/confd CFLAGS + LIBS weren't used at all
- consistently use $(FOO_CFLAGS) instead of @FOO_CFLAGS@
- 2 dependencies were missing for clippy
Signed-off-by: David Lamparter <equinox@diac24.net>
Apparently 'f' means both OpenFabric and a Failed kernel
route installation.
Let's switch the 'f' for the failed kernel route installation
to 'r - rejected route'.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The onlink attribute was being passed from upper level protocols
as an attribute of the route *not* the individual nexthop. When
we pass this data to the kernel, we treat the onlink as a attribute
of the nexthop. This commit modifies the code base to allow
us to pass the ONLINK attribute as an attribute of the nexthop.
This commit also fixes static routes that have multiple nexthops
some onlink and some not.
ip route 4.5.6.7/32 192.168.41.1 eveth1 onlink
ip route 4.5.6.7/32 192.168.42.2
S>* 4.5.6.7/32 [1/0] via 192.168.41.1, eveth1 onlink, 00:03:04
* via 192.168.42.2, eveth2, 00:03:04
sharpd@robot ~/frr2> sudo ip netns exec EVA ip route show
4.5.6.7 proto 196 metric 20
nexthop via 192.168.41.1 dev eveth1 weight 1 onlink
nexthop via 192.168.42.2 dev eveth2 weight 1
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
When we are selecting nexthops for disply, abstract the notion
of what character we display to the end user about the status
of the nexthop.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
MACVLAN devices are typically used for applications such as VRR/VRRP that
require a second MAC address (virtual). These devices have a corresponding
SVI/VLAN device -
root@TORC11:~# ip addr show vlan1002
39: vlan1002@bridge: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9152 qdisc noqueue master vrf1 state UP group default
link/ether 00:02:00:00:00:2e brd ff:ff:ff:ff:ff:ff
inet6 2001:aa:1::2/64 scope global
valid_lft forever preferred_lft forever
root@TORC11:~# ip addr show vlan1002-v0
40: vlan1002-v0@vlan1002: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9152 qdisc noqueue master vrf1 state UP group default
link/ether 00:00:5e:00:01:01 brd ff:ff:ff:ff:ff:ff
inet6 2001:aa:1::a/64 metric 1024 scope global
valid_lft forever preferred_lft forever
root@TORC11:~#
The macvlan device is used primarily for RX (VR-IP/VR-MAC). And TX is via
the SVI. To acheive that functionality the macvlan network's metric
is set to a higher value.
Zebra currently ignores the devaddr metric sent by the kernel and hardcodes
it to 0. This commit eliminates that hardcoding. If the devaddr metric
is available (METRIC_MAX) it is used for setting up the connected route
otherwise we fallback to the dev/interface metric.
Setting the macvlan metric to a higher value ensures that zebra will always
select the connected route on the SVI (and subsequently use it for next hop
resolution etc.) -
root@TORC11:~# vtysh -c "show ip route vrf vrf1 2001:aa:1::/64"
Routing entry for 2001:aa:1::/64
Known via "connected", distance 0, metric 1024, vrf vrf1
Last update 11:30:56 ago
* directly connected, vlan1002-v0
Routing entry for 2001:aa:1::/64
Known via "connected", distance 0, metric 0, vrf vrf1, best
Last update 11:30:56 ago
* directly connected, vlan1002
root@TORC11:~#
Ticket: CM-23511
Signed-off-by: Anuradha Karuppiah <anuradhak@cumulusnetworks.com>
When a local neigh is added with a MAC that is remote or absent the
neigh is kept in zebra as local/in-active. But not propagated to bgpd.
Similarly when an inactive neigh is deleted the del-msg is not propagated
to bgpd.
Without this change bgp and zebra would fall out of sync as that
bgp would not know to rerun bestpath and for it to reinstall a
known remote path for the mac-ip in question. To fix this we
now propagate inactive neigh deletes to bgpd.
Ticket: CM-23018
Testing Done:
1. evpn-min
2. manually triggered the out-of-sync state and verified the fix
Signed-off-by: Anuradha Karuppiah <anuradhak@cumulusnetworks.com>
FRR log targets are independent, so "log syslog" must not disable
"log file" output.
Fixes: #3551
Fixes: 0204baa876
Signed-off-by: David Lamparter <equinox@diac24.net>
Starting with libyang 0.16.74, we can load internally embedded yang
extensions instead of going through the file system/dlopen. Detect
support for this at build time and use if available.
NB: the fallback mechanism will go away in a short while.
Signed-off-by: David Lamparter <equinox@diac24.net>
CC lib/frr_pthread.lo
lib/frr_pthread.c:128:40: error: too many arguments to function call, expected 1, have 3
ret = pthread_setname_np(fpt->thread, fpt->os_name, NULL);
~~~~~~~~~~~~~~~~~~ ^~~~~~~~~~~~~~~~~~
/Library/Developer/CommandLineTools/SDKs/MacOSX10.14.sdk/usr/include/pthread.h:512:1: note: 'pthread_setname_np' declared here
__API_AVAILABLE(macos(10.6), ios(3.2))
Mac OS does have pthread_setname_np, but we can't use it here since it
only accepts a single argument, the thread name, and thus only works for
the current thread.
Signed-off-by: Ruben Kerkhof <ruben@rubenkerkhof.com>
Now that all daemons receive the VRF backend from zebra, we can get
rid of vrf_is_mapped_on_netns() in favor of using the more convenient
vrf_is_backend_netns() function, which doesn't require any argument.
This commit also fixes the following problem:
debian(config)# ip route 50.0.0.0/8 blackhole vrf FAKE table 2
% table param only available when running on netns-based vrfs
Even when zebra was started with the --vrfwnetns, the error
above would be displayed since the VRF FAKE didn't exist, which
would make vrf_is_mapped_on_netns() return 0 incorrectly. Using
vrf_is_backend_netns() this problem doesn't happen anymore.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Add a new field in the ZEBRA_CAPABILITIES zapi message specifying
the VRF backend in use.
For simplicity, make the zclient code call vrf_configure_backend()
to apply the received value automatically instead of requiring
the daemons to do that themselves in their zebra_capabilities()
callbacks.
Additionally, call zebra_vrf_update_all() only after sending the
capabilities message to the client, so that it will know which VRF
backend is in use when processing the VRF messages.
This commit fixes a couple of bugs in the "interface" CLI command and
associated northbound callbacks, which behave differently depending
on the VRF backend in use. Before this commit, the vrf_backend
variable would always be set to VRF_BACKEND_NETNS in the client
daemons, even when zebra was started without the --vrfwnetns option.
This could lead to inconsistent behavior and subtle bugs under
specific circumstances.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
We can make use of the vty->config variable to know when the CLI
user is in the configuration mode or not. This is much simpler
than obtaining this information from the vty node, and also a more
robust solution (the three switch statements below, for example,
were out of sync).
Also, fix a bug where vty->config wasn't being unset in the
vty_config_exit() function (bug introduced by commit f344c66ea3).
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
The CLI code uses the vty->xpath[] array and the vty->xpath_index
variables to keep track of where the user is in the configuration
hierarchy. As such, we were resetting vty->xpath_index to zero
whenever the user exited from the configuration mode in order to
keep the index valid. We weren't doing this in the vty_stop_input()
function however, which is called when the user types ^C in the
terminal. This was leading to bugs like this:
zebra> en
zebra# conf t
zebra(config)# interface eth0
zebra(config-if)# ^C
zebra# conf t
zebra(config)# interface eth0
% Configuration failed.
Schema node not found.
YANG path: /frr-interface:lib/interface[name='eth0'][vrf='default']/frr-interface:lib
To fix this, do something more clever: instead of resetting the
XPath index whenever the user exits from the configuration mode,
do that when the user enters in the configuration mode. This way
the XPath index needs to be reset in a single place only, not to
mention it's a more robust solution.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
When lyd_validate() is used with the LYD_OPT_DATA option, full YANG
validation is performed. As a side-effect to this, default nodes are
created, which is not desirable when displaying operational data
since configuration nodes can also be created. Use LYD_OPT_GET
option to resolve this problem.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
One use case for the new yang_data_list_find() function is to find
input parameters in RPC northbound callbacks easily, without the
need to iterate over the input parameters manually.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Parameters should be const whenever possible to improve code
readability and remove the need to cast away the constness of
const arguments.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
In these two functions, we were using VRF_DEFAULT instead of the
VRF ID passed as a parameter when checking if the given client
subscribed to receive default routes or not. This prevented the
"default-originate" command from ospfd/isisd from working correctly
under specific circumstances.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Since commit 3a11599c, the FRR YANG modules are embedded inside the
binaries and no longer need to be loaded from the file system. This
way, it's impossible for the FRR binaries and YANG modules to be out
of sync anymore. As such, update the suggestions of the northbound
error codes.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Instead of aborting when an incomplete xpath is given to the
nb_oper_data_iterate() function, just return an error so that the
callers have a chance to treat this error. Aborting based on invalid
user input is never the right thing to do.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
When FRR is built without the --enable-config-rollbacks option,
the nb_db_transaction_save() function does nothing and the
"transaction_id" output parameter is left uninitialized. For
this reason, all northbound clients should initialize the
"transaction_id" argument before calling nb_candidate_commit() or
nb_candidate_commit_apply() (except when a NULL pointer is given,
which is the case of the confd and sysrepo plugins).
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
We are already handling all possible four cases from the "nb_event"
enumeration, so this problem can't happen in practice. Initialize the
"ref" variable to zero to silence the warning.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Some daemons like ospfd and isisd have the ability to advertise a
default route to their peers only if one exists in the RIB. This
is what the "default-information originate" commands do when used
without the "always" parameter.
For that to work, these daemons use the ZEBRA_REDISTRIBUTE_DEFAULT_ADD
message to request default route information to zebra. The problem
is that this message didn't have an AFI parameter, so a default route
from any address-family would satisfy the requests from both daemons
(e.g. ::/0 would trigger ospfd to advertise a default route to its
peers, and 0.0.0.0/0 would trigger isisd to advertise a default route
to its IPv6 peers).
Fix this by adding an AFI parameter to the
ZEBRA_REDISTRIBUTE_DEFAULT_{ADD,DELETE} messages and making the
corresponding code changes.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
It would be nice to have the ability to access the prefix data structure
address as a block of 4 uint32_t's. This will allow me to easily/quickly
update the v6 address by 1. This will be used in subsuquent commits.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The current invocation of frr_pthread_set_name was causing it reset the os_name.
There is no need for this, we now always create the pthread appropriately
to have both name and os_name. So convert this function to a simple
call through of the pthread call now.
Before(any of these changes):
sharpd@robot ~/frr1> ps -L -p 16895
PID LWP TTY TIME CMD
16895 16895 ? 00:01:39 bgpd
16895 16896 ? 00:00:54
16895 16897 ? 00:00:07 bgpd_ka
After:
sharpd@donna ~/frr1> ps -L -p 1752
PID LWP TTY TIME CMD
1752 1752 ? 00:00:00 bgpd
1752 1753 ? 00:00:00 bgpd_io
1752 1754 ? 00:00:00 bgpd_ka
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
When we start a thread we always call fpt_run and since
the last commit we know os_name is filled with something,
therefore we can just set the name on startup.
This creates this output now for zebra:
sharpd@donna ~/frr2> ps -L -p 25643
PID LWP TTY TIME CMD
25643 25643 ? 00:00:00 zebra
25643 25644 ? 00:00:00 Zebra dplane
25643 25684 ? 00:00:00 zebra_apic
sharpd@donna ~/frr2>
I removed the abstraction to frr_pthread_set_name because
it was snprintf'ing into the same buffer which was the
real bug here( the first character of os_name became null).
In the next commit I'll remove that api because
it is unneeded and was a horrible hack to get
this to work for the one place it was wanted.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
On call of frr_pthread_new, save the os_name if given,
if not given use the name passed in( shortening to fit
in available space ) and finally if the name was not
passed in use the default value.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
When using getrusage, we have multiple choices about what
to call for data gathering about this particular thread of execution.
RUSAGE_SELF -> This means gather all cpu run time for all pthreads associated
with this process.
RUSAGE_THREAD -> This means gather all cpu run time for this particular
pthread.
Clearly with data gathering for slow thread as well as `show thread cpu`
it would be preferable to gather only data about the current running
pthread. This probably was the original behavior of using RUSAGE_SELF
when we didn't have multiple pthreads. So it didn't matter so much.
Prior to this change, 10 iterations of 1 million routes install/remove
from zebra would give us this cpu time for the dataplane pthread:
Showing statistics for pthread Zebra dplane thread
--------------------------------------------------
CPU (user+system): Real (wall-clock):
Active Runtime(ms) Invoked Avg uSec Max uSecs Avg uSec Max uSecs Type Thread
0 280902.149 326541 860 2609982 550 2468910 E dplane_thread_loop
After this change we are seeing this:
Showing statistics for pthread Zebra dplane thread
--------------------------------------------------
CPU (user+system): Real (wall-clock):
Active Runtime(ms) Invoked Avg uSec Max uSecs Avg uSec Max uSecs Type Thread
0 58045.560 334944 173 277226 539 2502268 E dplane_thread_loop
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
This is the start of a series of commits that will allow FRR to
be integrated into mlag.
Zebra and Pim will both need mlag state for the router. As such we will
need to provide a abstract about this state through the zapi.
This is the start of the common header that both Pim and Zebra will
be using.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
FreeBSD's libc segfaults when vsnprintf() is called with a null
format string. Add a null check before calling vsnprintf() to
resolve this problem.
Fixes#3537
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Unlike the other interface zapi messages, ZEBRA_INTERFACE_VRF_UPDATE
identifies interfaces using ifindexes and not interface names. This
is a problem because zebra always sends ZEBRA_INTERFACE_DOWN
and ZEBRA_INTERFACE_DELETE messages before sending
ZEBRA_INTERFACE_VRF_UPDATE, and the ZEBRA_INTERFACE_DELETE callback
from all daemons set the interface index to IFINDEX_INTERNAL. Hence,
when decoding a ZEBRA_INTERFACE_VRF_UPDATE message, the interface
lookup would always fail since the corresponding interface lost
its ifindex. Example (ospfd):
OSPF: Zebra: Interface[rt1-eth2] state change to down.
OSPF: Zebra: interface delete rt1-eth2 vrf default[0] index 8 flags 11143 metric 0 mtu 1500
OSPF: [EC 100663301] INTERFACE_VRF_UPDATE: Cannot find IF 8 in VRF 0
To fix this problem, use interface names instead of ifindexes to
indentify interfaces like the other interface zapi messages do.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
a distribute_ctx context pointer is returned after initialisation to the
calling daemon. this context pointer will be further used to do
discussion with distribute service. Today, there is no specific problem
with old api, since the pointer is the same in all the memory process.
but the pointer will be different if we have multiple instances. Right
now, this is not the case, but if that happens, that work will be used
for that.
distribute-list initialisation is split in two. the vty initialisation
is done at global level, while the context initialisation is done for
each routing daemon instance.
babel daemon is being equipped with a routing returning the main babel
instance.
also, a delete routine is available when the daemon routing instance is
suppressed.
a list of contexts is used inside distribute_list. This will permit
distribute_list utility to handle in the same daemon to handle more than
one context. This will be very useful in the vrf context.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
in order to enforce the vrf_id to return, from a vrf name, a check is
done on the vrf_name_to_id callback.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
This commit is the last missing piece to complete BGP LU support in bgpd. To this moment, bgpd (and zebra) supported auto label assignment only for prefixes leaked from VRFs to vpn and for MPLS SR prefixes. This adds auto label assignment to other routes types in bgpd. The following enhancements have been made:
* bgp_route.c:bgp_process_main_one() now sets implicit-null local_label to all local, aggregate and redistributed routes.
* bgp_route.c:bgp_process_main_one() now will request a label from the label pool for any prefix that loses the label for some reason (for example, when the static label assignment config is removed)
* bgp_label.c:bgp_reg_dereg_for_label() now requests labels from label pool for routes which have no associated label index
* zebra_mpls.c:zebra_mpls_fec_register() now expects both label and label_index from the calling function, one of which must be set to MPLS_INVALID_LABEL or MPLS_INVALID_LABEL_INDEX, based on this it will decide how to register the provided FEC.
Signed-off-by: Anton Degtyarev <anton@cumulusnetworks.com>
The same issue with derived enum types that was already fixed
for yang_data_new_enum was still present here, so I simply
applied the same fix.
Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
Just copying th const char* of the xpath means that if we
are enqueing multiple changes from a buffer, the last xpath
addedd will overwrite all of the previous references.
Copying the xpath to a buffer simplifies the API when
retrofitting the commands.
Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
As suggested by Renato, add error codes that are specific
to the various phases of a northbound callback. These can
be used by the daemons when logging an error. The reasoning
is that validation errors typically mean that there is an
inconsistency in the configuration, a prepare error means
that we are running out of resources, and abort/apply errors
are bugs that need to be reported to the devs.
Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
I accidentally put MIT headers on these; the intent was ISC. It doesn't
really make a difference, but let's get it consistent.
Signed-off-by: David Lamparter <equinox@diac24.net>
Support an optional timeout/delay for use when a workqueue
determines that it is blocked, instead of retrying immediately.
Also, schedule as an 'event' instead of a 'timer' when using
a zero timeout value.
Signed-off-by: Mark Stapp <mjs@voltanet.io>
Reorder the numbering of the Zebra message flags and document
what each flag is supposed to do.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
We never used this information and it was merely stored.
Additionally this is not something that is a flag, it's
a status.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Newer versions of clang are failing on xpath length
not being sufficiently sized to hold all possible data
that could be thrown at it.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
YANG allows lists without keys for operational data, in which case
the list elements are uniquely identified using a positional index
(starting from one).
This commit does the following:
* Remove the need to implement the 'get_keys' and 'lookup_entry'
callbacks for keyless lists.
* Extend nb_oper_data_iter_list() so that it special-cases keyless
lists appropriately. Since both the CLI and the sysrepo plugin
use nb_oper_data_iterate() to fetch operational data, both these
northbound clients automatically gain the ability to understand
keyless lists without additional changes.
* Extend the confd plugin to special-case keyless lists as well. This
was a bit painful to implement given ConfD's clumsy API, but
keyless lists should work ok now.
* Update the "test_oper_data" unit test to test keyless YANG lists in
addition to regular lists.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
ConfD and Sysrepo implement configuration transactions using a
two-phase commit protocol (prepare + abort/apply). For network-wide
transactions to work, ConfD and Sysrepo move to the second phase of
the commit protocol only after receiving the results of the first
phase from all devices involved in the transaction. If all devices
succeed in the 'prepare' phase, then all of them move to the 'apply'
phase and the transaction is committed. On the other hand, if any
device fails in the 'prepare' phase, all of them move to 'abort'
phase and the transaction is aborted.
The confd and sysrepo plugins were implementing the full
two-phase commit protocol upon receiving a request to validate
the configuration changes and allocate all resources required to
apply them (first phase). The notifications to abort or apply the
changes (second phase) were being ignored since everything was being
done in the first phase for simplicity. This wasn't a problem for
single-device transactions, but it is for transactions involving
multiple devices. Rework the code a bit to do things properly and
fix this problem.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
The "show" command will be available in the configuration mode and
all configuration subnodes. It's used to display the section of
the candidate configuration being edited, instead of displaying
the entire candidate configuration like when "show configuration
candidate" is used. The goal is to add more convenience when editing
huge configurations.
When the transactional CLI mode is not used, the candidate
configuration and the running configuration are identical, hence in
this case we can say that the "show" command displays the section
of the running configuration being edited.
Example:
ripd(config)# show
Configuration:
!
frr version 6.1-dev
frr defaults traditional
!
interface eth0
ip rip split-horizon poisoned-reverse
ip rip authentication mode md5
ip rip authentication string supersecret
!
interface eth1
ip rip receive version 1
ip rip send version 1
!
router rip
allow-ecmp
route 10.0.1.0/24
route 10.0.2.0/24
!
end
ripd(config)#
ripd(config)#
ripd(config)# interface eth0
ripd(config-if)# show
!
interface eth0
ip rip split-horizon poisoned-reverse
ip rip authentication mode md5
ip rip authentication string supersecret
!
ripd(config-if)# exit
ripd(config)#
ripd(config)#
ripd(config)# router rip
ripd(config-router)# show
!
router rip
allow-ecmp
route 10.0.1.0/24
route 10.0.2.0/24
!
ripd(config-router)#
The "show" command only works for daemons converted to the new
northbound model. vtysh support will be implemented at a later
time as it will require some level of coordination between vtysh
and the FRR daemons.
Fixes#3148.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Confirmed commits allow the user to request an automatic rollback to
the previous configuration if the commit operation is not confirmed
within a number of minutes. This is particularly useful when the user
is accessing the CLI through the network (e.g. using SSH) and any
configuration change might cause an unexpected loss of connectivity
between the user and the managed device (e.g. misconfiguration of a
routing protocol). By using a confirmed commit, the user can rest
assured the connectivity will be restored after the given timeout
expires, avoiding the need to access the router physically to fix
the problem.
When "commit confirmed TIMEOUT" is used, a new "commit" command is
expected to confirm the previous commit before the given timeout
expires. If "commit confirmed TIMEOUT" is used while there's already
a confirmed-commit in progress, the confirmed-commit timeout is
reset to the new value.
In the current implementation, if other users perform commits while
there's a confirmed-commit in progress, all commits are rolled back
when the confirmed-commit timeout expires. It's recommended to use
the "configure exclusive" configuration mode to prevent unexpected
outcomes when using confirmed commits.
When an user exits from the configuration mode while there's a
confirmed-commit in progress, the commit is automatically rolled
back and the user is notified about it. In the future we might
want to prompt the user if he or she really wants to exit from the
configuration mode when there's a pending confirmed commit.
Needless to say, confirmed commit only work for configuration
commands converted to the new northbound model. vtysh support will
be implemented at a later time.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Introduce frr-ripngd.yang, which defines a model for managing the
FRR ripngd daemon.
Update the 'frr_yang_module_info' array of ripngd with the new
'frr-ripngd' module.
Add two new files (ripng_cli.[ch]) which should contain all ripngd
commands converted to the new northbound model. Centralizing all
commands in a single place will facilitate the process of moving
the CLI to a separate program in the future.
Add automatically generated stub callbacks in
ripng_northbound.c. These callbacks will be implemented gradually
in the following commits.
Add the confd.frr-ripngd.yang YANG module with annotations specific
to the ConfD daemon.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
This reverts commit 48944eb65e.
We're using GNU C, not ISO C - and this commit triggers new (real)
warnings about {0} instead of bogus ones about {}.
Signed-off-by: David Lamparter <equinox@diac24.net>
We sometimes store ifindex information in the NEXTHOP_TYPE_IPV[4|6]
so let's let us display that information as well when dumping
a nexthop.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
There are cases where the passed parameter for a vty command is either
an interface name or an ip address. Because the interface name can be a
number, and because the user may want to use a number to define an IP (
for instance 'ping 0' is valid from shell purpose), there is a choice
that needs to be done at frr level. either from the application point of
view, the interface name will be priorized, or each number will be
considered as an ip address. In that commit, the inet_aton procedure is
replaced with the inet_pton procedure that ignores ips with just a
number.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
The northbound infrastructure for operational data was subpar compared
to the infrastructure for configuration data. This commit addresses most
of the existing problems, making it possible to write operational-data
callbacks for more complex YANG models.
Summary of the changes:
* Add support for nested YANG lists.
* Add support for leaf-lists.
* Add support for leafs of type "empty".
* Introduce the "show yang operational-data XPATH" command, and write an
unit test for it. The main purpose of this command is to make it
easier to test the operational-data northbound callbacks.
* Introduce the nb_oper_data_iterate() function, that can be used
to iterate over operational data. Make the CLI and sysrepo use this
function.
* Since ConfD has a very peculiar API, it can't reuse the
nb_oper_data_iterate() like the other northbound clients. In this
case, adapt the existing ConfD callbacks to support the new features
(and make some performance improvements in the process).
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Prevent the confd plugin from subscribing to configuration changes on a
data tree that contains only state data.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
A YANG list that contains both configuration and state data must have
the following callbacks: create(), delete(), get_next(), get_keys()
and lookup_entry().
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
* Rename yang_snodes_iterate() to yang_snodes_iterate_subtree() and
expose it in the public API.
* Rename yang_module_snodes_iterate() to yang_snodes_iterate_module().
* Rename yang_all_snodes_iterate() to yang_snodes_iterate_all().
* Make it possible to stop the iteration at any time by returning
YANG_ITER_STOP in the iteration callbacks.
* Make the iteration callbacks accept only one user argument and not
two.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
In some cases it will be necessary to load all FRR native modules.
Examples:
* vtysh needs to load all YANG modules so that it can manipulate data
from all daemons.
* The gen_northbound_callbacks tool will need to load all YANG modules
since augmentations from one module can have an effect in the required
northbound callbacks of other modules.
The new yang_module_load_all() function provides this functionality.
As a side note, the "frr_native_modules" will need to be updated every
time we add a new YANG module to FRR.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
For convenience, make yang_dnode_free() remove the entire data tree and
not only the data node given as a parameter.
Also, add a null-pointer check on nb_config_replace() before calling
yang_dnode_free().
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
By default the data nodes created by yang_dnode_new() could contain
only configuration data (LYD_OPT_CONFIG). Add a 'config_only' option
to yang_dnode_new() so that it can create data nodes containing both
configuration and state data.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Prefetching the schema node when creating yang_data structures is
expensive, and in most cases we don't need that information. In that case,
fetch the schema information only when necessary to improve performance
when fetching operational data.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
A while ago all FRR configuration commands were converted to use the
QOBJ infrastructure to keep track of configuration objects. This
means the configuration lock isn't necessary anymore because the
QOBJ code detects when someones tries to edit a configuration object
that was deleted and react accordingly (log an error and abort the
command). The possibility of accessing dangling pointers doesn't
exist anymore since vty->index was removed.
Summary of the changes:
* remove the configuration lock and the vty_config_lockless() function.
* rename vty_config_unlock() to vty_config_exit() since we need to
clean up a few things when exiting from the configuration mode.
* rename vty_config_lock() to vty_config_enter() to remove code
duplication that existed between the three different "configuration"
commands (terminal, private and exclusive).
Configuration commands converted to the new northbound model don't
need the configuration lock either since the northbound API also
detects when someone tries to edit a configuration object that
doesn't exist anymore.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
When editing the candidate configuration, the northbound must ensure
that either all changes made by a command are accepted or none are.
This is done to prevent inconsistent states where only parts of a
command are applied in the event any error happens.
The previous API for converted commands, the nb_cli_cfg_change()
function, required callers to pass an array containing all changes
that needed to be applied in the candidate configuration. The
problem with this API is that it was very inconvenient for complex
commands, which change different configuration options depending
on several factors. This required users to manipulate the array
of configuration changes using low-level primitives, making it
complicated to implement some commands.
To solve this problem, introduce a new API based on the two following
functions:
- nb_cli_enqueue_change()
- nb_cli_apply_changes()
The first function is used to enqueue configuration changes, one
at time. Then the nb_cli_apply_changes() function is used to apply
all the enqueued configuration changes.
To implement this, a static-sized array was allocated in the "vty"
structure, along with a counter of enqueued changes. This eliminates
the need to declare an array of configuration changes in every
converted CLI command, simplifying things quite considerably.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Add the "abort_if_not_found" parameter to the yang_dnode_get_entry()
function instead of always aborting when an user pointer is not
found. This will make it possible, for example, to use this function
during the validation phase of a configuration transaction. Callers
will only need to check if the function returned NULL or not,
since new configuration objects (if any) won't be created until
the NB_EV_APPLY phase of the transaction.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
In some cases it might be desirable to obtain the schema name of
a libyang data node. Introduce the yang_dnode_get_schema_name()
function for this purpose.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
This fixes an infinite loop that happened every time the connection
to the confd daemon was lost. Deactivate the confd module when
that happens to fix the infinite loop. This is only a temporary
workaround, in the long term we need to add a connection retry timer
to reestablish the connection to the confd daemon once it's back.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
the netns discovery process executed when vrf backend is netns, allows
the zebra daemon to dynamically change the default vrf name value. This
option is disabled, when the zebra is forced to a default vrf value with
option -o.
PR=61513
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Acked-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
This bakes our YANG models straight into the library/daemons, so they
don't need to be loaded from /usr/share/yang. This makes the
installation quite a bit more robust, as well as gets us halfway to
running uninstalled. (The other half is baking in the extension type
module.)
The /usr/share/yang directory is still searched as a fallback, as well
as for the experimental YANG model translator. This is likely to stay
as is for the time being.
Signed-off-by: David Lamparter <equinox@diac24.net>
Display following Per MAC and Neigh's output:
If duplicate address detection is under process,
display detection start time and detection count.
If duplicate address detection detected an address
as duplicate, display detection time and duplicate
status.
Signed-off-by: Chirag Shah <chirag@cumulusnetworks.com>
Duplicate address detection configuration clis
under bgp l2vpn evpn config mode.
- Enabled/Disable (global knob) for feature.
- Configure cli for duplicate detection action
freeze and freze until time (auto-recovery).
Signed-off-by: Chirag Shah <chirag@cumulusnetworks.com>
if zebra is not started, then vrf identifiers are not available. This
prevents import/exportation to be available. This commit permits having
import/export available, even when zebra is not started.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
This commit introduces lib/id_alloc, which has facilities for both an ID number
allocator, and less efficient ID holding pools. The pools are meant to be a
temporary holding area for ID numbers meant to be re-used, and are implemented
as a linked-list stack.
The allocator itself is much more efficient with memory. Based on sizeof
values on my 64 bit desktop, the allocator requires around 155 KiB per
million IDs tracked.
IDs are ultimately tracked in a bit-map split into many "pages." The
allocator tracks a list of pages that have free bits, and which sections
of each page have free IDs, so there isn't any scanning required to find
a free ID. (The library utility ffs, or "Find First Set," is generally a
single CPU instruction.) At the moment, totally empty pages will not be
freed, so the memory utilization of this allocator will remain at the
high water mark.
The initial intended use case is for BGP's TX Addpath IDs to be pulled
from an allocator that tracks which IDs are in use, rather than a free
running counter. The allocator reserves ID #0 as a sentinel value for
an invalid ID numbers, and BGP will want ID #1 reserved as well. To
support this, the allocator allows for IDs to be explicitly reserved,
though be aware this is only practical to use with low numbered IDs
because the allocator must allocate pages in order.
Signed-off-by Mitchell Skiba <mskiba@amazon.com>
ipv6 distribute-list name picked up was not the correct one. the
parameter number is modified accordingly.
Also, the unconfiguration of distribute-list ipv6 was conflicting with
other daemon, thus making impossible the unconfigration. The command has
been split to be specific to ipv6 distribute-list.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
This duplicates itself N times since it's not wrappered in a vtysh
command. In lieu of doing that, just remove the message, it's not really
necessary.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
It's been a year since we added the new optional parameters
to instantiation. Let's switch over to the new name.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The frr-interface YANG module models interfaces using a YANG list keyed
by the interface name and the interface VRF. Interfaces can't be keyed
only by their name since interface names might not be globally unique
when the netns VRF backend is in use. When using the VRF-Lite backend,
however, interface names *must* be globally unique. In this case, we need
to validate the uniqueness of interface names inside the appropriate
northbound callback since this constraint can't be expressed in the
YANG language. We must also ensure that only inactive interfaces can be
removed, among other things we need to validate in the northbound layer.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Introduce frr-interface.yang, which defines a model for managing FRR
interfaces.
Update the 'frr_yang_module_info' array of all daemons that will
implement this module.
Add automatically generated stub callbacks in if.c. These callbacks will
be implemented in the following commit.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
This plugin leverages the northbound API to integrate FRR with Sysrepo,
a YANG-based configuration and operational state data store.
The plugin is linked to the libsysrepo library and communicates with
the sysrepod daemon using GPB (Google Protocol Buffers) over AF_UNIX
sockets. The integration consists mostly of glue code that calls the
appropriate FRR northbound callbacks in response to events triggered
by the sysrepod daemon (e.g. request to change the configuration or to
fetch operational data).
To build the sysrepo plugin, provide the --enable-sysrepo option to the
configure script while building FRR (the libsysrepo library needs to be
installed in the system).
When installed, the sysrepo plugin will be available for all FRR daemons
and can be loaded using the -M (or --module) command line option.
Example: bgpd -M sysrepo.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
This plugin leverages the northbound API to integrate FRR with the ConfD
management agent.
The plugin is linked to the libconfd library and communicates with the
confd daemon using local TCP sockets. The integration consists mostly
of glue code that calls the appropriate FRR northbound callbacks in
response to events triggered by the confd daemon (e.g. request to change
the configuration or to fetch operational data).
By integrating FRR with the libconfd library, FRR can be managed using
all northbound interfaces provided by ConfD, including NETCONF, RESTCONF
and their Web API.
The ConfD CDB API is used to handle configuration changes and the ConfD
Data Provider API is used to provide operational data, process RPCs and
send notifications. Support for configuration management using the ConfD
Data Provider API is not available at this point.
The ConfD optional 'get_object()' and 'get_next_object()' callbacks were
implemented for optimal performance when fetching operational data.
This plugins requires ConfD 6.5 or later since it uses the new leaf-list
API introduced in ConfD 6.5.
To install the plugin, the --enable-confd option should be given to the
configure script, specifying the location where ConfD is installed.
Example: ./configure --enable-confd=/root/confd-6.6
When installed, the confd plugin will be available for all FRR daemons
and can be loaded using the -M (or --module) command line option.
Example: zebra -M confd.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
* Cast when assigning should be to uint16_t
* Restored comment documenting strange behavior
* Further increased PREFIX_STRLEN to 80 chars
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
The CMD_SUCCESS_DAEMON case should be excluded from storing the command line
that we think failed.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
We weren't cleaning up some files (a whole lot of python foobar) and had
some files in the dist tarball that don't quite belong there.
Signed-off-by: David Lamparter <equinox@diac24.net>
The ->hash_cmp and linked list ->cmp functions were sometimes
being used interchangeably and this really is not a good
thing. So let's modify the hash_cmp function pointer to return
a boolean and convert everything to use the new syntax.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
libunwind provides an alternate to backtrace() for printing out the call
stack of a particular location. It doesn't use the frame pointer, it
goes by the DWARF debug info. In most cases the traces have exactly the
same information, but there are some situations where libunwind traces
are better.
(On some platforms, the libc backtrace() also uses the DWARF debug info
[e.g.: ARM backtraces are impossible without it] but this is not the
case everywhere, especially not on BSD libexecinfo.)
Signed-off-by: David Lamparter <equinox@diac24.net>
Allow the modification of whether or not we will allow
BUM flooding on the vxlan bridge. To do this allow
the upper level protocol to specify via the ZEBRA_VXLAN_FLOOD_CONTROL
zapi message.
If flooding is disabled then BUM traffic will not be forwarded
to other VTEP's.
Signed-off-by: Vivek Venkatraman <vivek@cumulusnetworks.com>
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
When reading in config files and we have failures on multiple
lines actually note the actual failure lines and return them.
This fixes an issue where we stopped counting errors after
the first one and we got missleading line numbers that
did not correspond to the actual problem.
This is fixed:
sharpd@donna ~/frr> sudo /usr/lib/frr/pimd --log=stdout -A 127.0.0.1 -f /etc/frr/pimd.conf
2018/10/11 09:41:01 PIM: VRF Created: default(0)
2018/10/11 09:41:01 PIM: pim_vrf_enable: for default
2018/10/11 09:41:01 PIM: zclient_lookup_sched_now: zclient lookup immediate connection scheduled
2018/10/11 09:41:01 PIM: zclient_lookup_new: zclient lookup socket initialized
2018/10/11 09:41:01 PIM: pimd 6.1-dev starting: vty@2611
2018/10/11 09:41:01 PIM: [EC 100663304] ERROR: No such command on config line 2: inteface lo
2018/10/11 09:41:01 PIM: [EC 100663304] ERROR: No such command on config line 3: ip igmp
2018/10/11 09:41:01 PIM: [EC 100663304] ERROR: No such command on config line 4: ip igmp join 224.1.1.1 13.13.13.2
^C2018/10/11 09:45:09 PIM: Terminating on signal SIGINT
2018/10/11 09:45:09 PIM: VRF Deletion: default(0)
Fixes: #3161
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Don't allocate threads in the stack, but use the standardized
`thread_get` and `thread_add_unused` to avoid creating corner cases in
the thread API.
This fixes a thread mutex memory leak in FreeBSD.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
Two important changes:
* Centralize the thread teardown procedure;
* Save and restore thread mutex context to avoid losing the memory
pointer;
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
The compiler.h header provides us with some useful macro's
that we are using in the system. We do not know exactly
where the CPP_NOTICE and CPP_WARN macros are used but
they can move around. Place this header early in the
build then.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
This cleans up watchfrr to be more "normal" like the other daemons in
terms of what it does in main(), i.e. using the full frr_*() call set.
Also, this changes the startup behaviour on watchfrr to stay attached on
the daemon's parent process until startup is really complete. This
should allow removing the "watchfrr.started" hack at some point.
Signed-off-by: David Lamparter <equinox@diac24.net>
This makes libfrr.so executable to print its version info. This is
useful if you need to check your libfrr.so matches your daemons.
Signed-off-by: David Lamparter <equinox@diac24.net>
This option can be used to get statically linked binaries.
Note: libfrr.la is removed from modules' library dependency list. This
is intentional and explained in a comment in lib/subdir.am.
Signed-off-by: David Lamparter <equinox@diac24.net>
Overview:
Coverity points a copy-paste error in the Red-Black tree implementation. The
RB tree code is based on the OpenBSD implementation, so at first glance, it
is a strong point for thinking twice before touching anything.
Details:
The code is an augmented RB tree implementation [1], which adds to RB trees
the possibility of using a callback on every node update for updating per-node
associated metainformation. The bug is clear once checking other places where
the callback is called.
Impact:
- FRR: no impact, because the "augmented" capability is not being used.
- OpenBSD [2]: it seems there is no impact, at least in the 'src' repository.
Additional observations:
- If the "augmented" capability is not used, the code could run faster (at
every operation on a node the callback is checked for not being NULL). May
be branch prediction could be enough for those extra operations being
negligible on most processors in use.
[1] http://kaba.hilvi.org/pastel-1.3.0/pastel/sys/redblacktree.htm
[2] GH mirror: https://github.com/openbsd/src/blob/master/sys/kern/subr_tree.c
Signed-off-by: F. Aragon <paco@voltanet.io>
Keep track of how often route-maps are applied and
how often each clause of a route-map is applied.
This change showed that `show route-map` was outputting
odd data so fix that output and add in the applied
times too.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Wrapper the get/set of the table->info pointer so that
people are not directly accessing this data.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
When entering a interface name and you fat-finger it
actually display some useful information about the vrf
we are in.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
When the "call" CLI is executed from with-in a route-map that is already in use,
there is a need to get the route-map clients to re-evalute the clauses defined
by both the parent route-map, as well as the child route-map.
The existing callbacks, add_hook() and delete_hook() can be used by the lib to
inform the clients when the "call" is configured and unconfigured.
Signed-off-by: NaveenThanikachalam <nthanikachal@vmware.com>
Redundant parentheses surrounding declarator removed.
Can be detected via static analysis with e.g.
./configure CFLAGS=-Wredundant-parens CC=clang
Signed-off-by: F. Aragon <paco@voltanet.io>
OS-level yield is generally a bad and possibly dangerous idea. If the
thread should be suspended, there should always be something to wait on,
or it turns into busy waiting. And if it's "just giving something else
the chance to run" - that's the kernel's job to determine, and the
kernel will do so while considering priorities, cgroups, and whatnot.
Let it do its job.
Signed-off-by: David Lamparter <equinox@diac24.net>
All I can see is an unneccessary complication. If there's some purpose
here it needs to be documented...
Signed-off-by: David Lamparter <equinox@diac24.net>
Corrections so that the BGP daemon can work with the label manager properly
through a label-manager proxy. Details:
- Correction so the BGP daemon behind a proxy label manager gets the range
correctly (-I added to the BGP daemon, to set the daemon instance id)
- For the BGP case, added an asynchronous label manager connect command so
the labels get recycled in case of a BGP daemon reconnection. With this,
BGPd and LDPd would behave similarly.
Signed-off-by: F. Aragon <paco@voltanet.io>
Allow at timer wheel creation time the ability to specify a
name for what we want the 'show thread cpu' to show up as.
Modify pim to note this.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Allow the user to specify a run name for display in
'show thread cpu' that is different than the function
name we are calling.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
FreeBSD supports pthread_set_name_np() too. Also, pthread_set_name_np()
returns void. And NetBSD has pthread_setname_np() with an extra arg...
Signed-off-by: David Lamparter <equinox@diac24.net>
Need this to get CMSG_SPACE/CMSG_LEN on Solaris.
Also, AC_GNU_SOURCE is deprecated, AC_USE_SYSTEM_EXTENSIONS does that.
Signed-off-by: David Lamparter <equinox@diac24.net>
config.h (or, transitively, zebra.h) must be the first include file
listed for autoconf things like _GNU_SOURCE and _POSIX_C_SOURCE to work
correctly.
Signed-off-by: David Lamparter <equinox@diac24.net>
ASAN/MSAN/TSAN flags need to be in CFLAGS and LDFLAGS; the latter links
the correct compiler-dependent library. Also, the configure switch was
broken (--disable-... would enable the sanitizer.)
Signed-off-by: David Lamparter <equinox@diac24.net>
Since we're now building through one large Makefile, we can easily put
things with their daemons and crossreference nicely.
Signed-off-by: David Lamparter <equinox@diac24.net>
Clang was thinking the random level could be negative. (And, no, I
couldn't figure that out by reading its output... trial and error this
was.)
Signed-off-by: David Lamparter <equinox@diac24.net>
Add a TAILQ_POP_FIRST so Clang understands it's the same item that is
getting removed from the list.
Signed-off-by: David Lamparter <equinox@diac24.net>
Auto-detect if pthread_condattr_setclock is available and if
it is not allow the code to compile around the issue.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The vty_prefix_list_install function was modifying the prefix to match the
specified prefix length and warning in the log file. Modify
code to use zlog_info as that a warn implies that something has
gone terribly wrong. Additionally display to the terminal as
well so that user can get immediate feedback from something
that they can correct.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Solution :
The following procedures would be performed :
1. Verify if the pid file for each daemon is present or not. If the file is not present, that means the
daemon is getting instantiated for the first time. So let it go ahead.
If the file is present proceed to point ‘2’.
2. Try fetching the properties of the pid file.
3. If it has RW lock, that means one instance of this the daemon is already running.
So stop moving ahead and do exit() else let it go ahead. Please note all above procedure happen at
the initial state of daemon’s instantiation, much before it starts any session with other
process/allocates resources etc.. and this verification do not have any impact of any
operations done later, if the verification succeeds.
Signed-off-by: bisdhdh sadhub@vmware.com
For OpenFabric operation, we need to be able to install routes via
interfaces without any IPv4 addresses configured. Introduce a flag
ZEBRA_FLAG_ONLINK which upper protocols can set on a route they send
towards zebra, to force the nexthops to be considered onlink.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
fabricd is built using the sources of isisd. To allow differentiation
in the code, -DFABRICD=1 is added to its preprocessor flags.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
The ZEBRA_IPV4_ROUTE_IPV6_NEXTHOP_ADD zapi message has no creators and
no handlers. Let's just remove.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Move the aggregate pointer from the route_node into agg_node
so that people using struct route_node will see a savings
in data size.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Add a abstraction for `struct route_node` and `struct route_table`
such that we can have an aggregate route_node and table. This
is because only bgp/rfapi and ripng use the aggregate data pointer
in `struct route_node`. For full route tables other routing
protocols and tables are paying a 8 byte overhead per node.
A full bgp table ends up being ~1.2 million routes in bgp
and zebra. This is not an insiginificant amount of data.
So create the data structures for this replacement, but
do not replace the aggregate pointer yet. This is because
later commits will convert rfapi and ripng over to this
new data, and finally we'll move the aggregate pointer.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Fix CLANG warning:
Report for if.c | 2 issues
===============================================
< WARNING: else is not generally useful after a break or return
< #390: FILE: /tmp/f1-28557/if.c:390:
Signed-off-by: Thibaut Collet <thibaut.collet@6wind.com>
Problem reported that some bgp and ospf json commands did not return
any json output at all if the bgp/ospf instance did not exist.
Additionally, some bgp and ospf json commands did not return any json
output if the instance existed but no neighbors were defined. This
fix makes these commands more consistent in returning empty braces for
json output and issue a message if not using json output. Additionally,
made the flag "use_json" a bool to make it consistent since previously,
it had been defined as an int, char, u_char, and bool at various places.
Ticket: CM-21040
Signed-off-by: Don Slice <dslice@cumulusnetworks.com>
This crash occurs only with netns implementation.
vrf meaning is different regarging its implementation (netns or
vrf-lite)
- With vrf-lite implementation vrf is a property of the interface that
can be changed as the speed or the state (iproute2 command: "ip link
set dev IF_NAME master VRF_NAME"). All interfaces of the system are in
the same netns and so interface name is unique.
- With netns implementation vrf is a characteristic of the interface
that CANNOT be changed: it is the id of the netns where the interface
is located. To change the vrf of an interface (iproute2 command to
move an interface "ip netns exec VRF_NAME1 ip link set dev IF_NAME
netns VRF_NAME2") the interface is deleted from the old vrf and
created in the new vrf.
Interface name is not unique, the same name can be present in the
different netns (typically the lo interface) and search of interface
must be done by the tuple (interface name, netns id).
Current tests on the vrf implementation (vrf-lite or netns) are not
sufficient. In some cases (for example when an interface is moved from
a vrf X to the default vrf and then move back to VRF X) we can have a
corruption message and then a crash of zebra.
To avoid this corruption test on the vrf implementation, needed when an
interface changes, has been rewritten:
- For all interface changes except deletion the if_get_by_name function,
that checks if an interface exists and creates or updates it if
needed, is changed:
* The vrf-lite implementation is unchanged: search of the interface
is based only on the name and update the vrf-id if needed.
* The netns implementation search of the interface is based on the
(name, vrf-id) tuple and interface is created if not found, the
vrf-id is never updated.
- deletion of an interface (reception of a RTM_DELLINK netlink message):
* The vrf-lite implementation is unchanged: the interface
information are cleared and the interface is moved to the default
vrf if it does not belong to (to allow vrf deletion)
* The netns implementation is changed: only the interface
information are cleared and the interface stays in its vrf to
avoid conflict with interface with the same name in the default
vrf.
This implementation reverts (partially or totally):
commit 393ec5424e ("zebra: fix missing node attribute set in ifp")
commit e9e9b1150f ("lib: create interface even if name is the same")
commit 9373219c67 ("zebra: improve logs when replacing interface to an
other netns")
Fixes: b53686c52a ("zebra: delete interface that disappeared")
Signed-off-by: Thibaut Collet <thibaut.collet@6wind.com>
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
To correct potential crash with netns implementation of vrf (see next
commit) it is necessary to allow any daemons to know the vrf
implementation whatever the vrf.
With current implementation the daemons do not know the vrf
implementation for the default vrf. For this vrf the returned vrf
implementation is always vrf-lite.
To solve this issue a netns name is set to the default vrf to just test
is presence to know the used implementation.
For zebra a netns name (if needed) is set in the vrf_init function just
before enabling the vrf. So this information is propagated to the other
daemons thanks the zapi message called when the vrf is enable at zebra
layer and override the default configuration (vrf-lite) of the daemon.
Signed-off-by: Thibaut Collet <thibaut.collet@6wind.com>
Sphinx actually does work with a parallel build, if the doctree creation
is a separate step (which the other builds will then just read
unmodified.) This can be done with the "dummy" target.
This also adds "-j6" to sphinx-build and adds a "--disable-doc-html"
switch on ./configure to turn on/off building HTML docs separately.
Also, HTML docs are now installed by "make install" to
/usr/share/doc/frr/html.
Signed-off-by: David Lamparter <equinox@diac24.net>
stdatomic.h does not have aliases for all of the useful gcc
atomic primitives; add them in for that path through
frratomic.h.
Signed-off-by: Mark Stapp <mjs@voltanet.io>
We have the fetch_and_xxx apis, which return the _old_ value;
adding the xxx_and_fetch versions, which return the new value.
Signed-off-by: Mark Stapp <mjs@voltanet.io>
If default VRF is used, with standard naming convention,
memory allocation can be avoided.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Prevent from creating vrf, if the default vrf name is the same as the
vrf to be created.
Also, prevent at startup from creating default vrf with a name already
used in vrf list.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
For the daemons that do not use vrf_init(), the call to the define
will return a default vrf if no other values has been overriden.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
The Vrf aliases can be known with a specific hook. That hook will then,
from zebra propagate the information to the relevant zapi clients.
The registration hook function is the same for all daemons.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
The get API is used each time the VRF_DEFAULT_NAME macro is used.
The set API is not yet used.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Linux 2.6.0 was released in December of 2003... I'm pretty sure we don't
need this Linux 2.4 support anymore.
Signed-off-by: David Lamparter <equinox@diac24.net>
The ZEBRA_IPV4_ROUTE_[ADD|DELETE] and ZEBRA_IPV6_ROUTE_[ADD|DELETE] functionality
has been deprecated for a year now, let's remove this code from the system.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Memory sizes of the vrf bit-map was insane for a system
with a moderate number of data on it:
Zebra:
VRF bit-map : 601 65536 39391944
Having a full 32bit integer bit space is problematically large,
switch over to a hash to store bit data. We do not need to waste
so much space.
VRF bit-map : 13 8 312
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The master->unused list was unbounded during normal operation.
A full BGP feed on my machine left 11k threads on the unused
list, taking up over 2mb of data. This seemed a bit excessive,
reduce to a limit of 10.
Also fix a crash that this exposed where we assumed that a thread
structure was not deleted.
Future committers can make this configurable? or modify
the value to something better for their system. I am
dubious of the value of this.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
This debug should be moved to an error situation since it's a
developmental escape that needs to be fixed.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
We are using a enum to drive a switch statement and we have
a default case statement that can never be entered because
we know all the enum states have been covered. Remove it
from the code as that it cannot happen.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
zlog_warn was being used to inform user of impossible situations
or for normal operations. Remove these from the code.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The smux.c code has not been able to compile for 2+ years
and no-one has noticed. Additionally net-snmp has marked
smux integration as deprecated for quite some time as well.
Since no-one has noticed and it's been broken and smux integration
is deprecated let's just remove this from the code base.
From looking at the code, it sure looks like SNMP could use
a decent cleanup.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
We were storing Poll data for the read and write
memory information in MTYPE_THREAD, so a show run
would not be able to show actual amount of memory
associated with the `struct thread`.
Remove unnecessary NULL checks on malloc.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Modify stream.c to have stream_new call one malloc call
instead of two. Also change stream_resize_orig to
use stream_resize_inplace and to send an error
to the developer to switch over.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Start setup for handling of stream_resize into old
and new functions.
Create a stream_resize_inplace function that takes
a double pointer to allow for a realloc operation
to return the possibly moved pointer.
Add a CONFDATE for removal as well.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Make the wart slightly less bad... also there is still a possible write
after free here. This needs to be fixed again, properly, by some
structure changes.
Signed-off-by: David Lamparter <equinox@diac24.net>
show error all was displaying 0 value for code, whereas real code value
was not displayed.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
The hash_get function when called and the alloc_func returns
a NULL value, we do not create a backet nor do we insert
anything into the hash. As such backet->data must always
be non-NULL.
Modify the description in hash_get to inform of this.
Additionally indicate that hash_walk and hash_iterate
cannot have a NULL backet->data value.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The CMSG_FIRSTHDR was broken on solaris pre version 9. Version 9
was released in May of 2002 and EOL'ed in 2014. Version 8 EOL'ed
in 2012. Remove special case code for a little used platform
that has not seen the light of day in a very long time.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Used as:
frr_elevate_privs(&my_privs) {
... code ...
}
and handles privilege raise/lower automatically in conjunction with the
C expression block. This makes it impossible to accidentally exit a
function with privileges raised (and then running a whole bunch of other
code with privs.)
Signed-off-by: David Lamparter <equinox@diac24.net>
* Use the correct license header
* Stop headers from including themselves
* Use uniform relative include conventions
* Ensure that sources include what they use
* Turn off clang-format around struct array blocks
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
The clippy code does not need to log the error messages
as errors as that it is only run as part of the build
itself and as long as we see the notifications we are good.
So convert zlog_err to zlog_notice so that we do not think
we have any zlog_err's in lib anymore
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Sometimes a error state is detected when we have added
new code to FRR, but not updated all the places that
we should have. Consider this a developmental escape
that needs to be fixed.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Add a new error code LIB_ERR_SYSTEM_CALL to the ferr subsystem.
Additionally convert LIB_ERR_VRF_SOCKET to a more generic
LIB_ERR_SOCKET.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
When we are logging a commands via the `log commands`
cli, use zlog_notice instead of zlog_err, since that
this is not an actual error situation.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com.
Add code to auto-create the ferr infrastructure as well as add
some initial error handling for vrf.c
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Simplify addition of new messages to the system by allow passage of
arrays of data, instead of one at a time.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
* Add zlog_* function to log with a reference code
* Add ability to track reference cards for errors to ferr.[ch]
* Assign some reference code ranges
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
The definition of the interface commands in vtysh.c were outdated.
Currently, all daemons that call if_cmd_init() will have the "no interface
IFNAME" command and the "[no] description" commands as well, so there's
no need to define exceptions for these commands anymore.
To fix this, make extract.pl parse the if.c file so that vtysh can get the
interface commands from there automatically. Only the "interface IFNAME
[vrf NAME]" must be kept in vtysh.c because it changes the vty node and
thus needs special treatment.
Finally, make pimd and pbrd display interface descriptions on "sh run"
when they are configured.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
* Only zebra and pimd call vrf_cmd_init(), so these are the only daemons
that should receive VRF commands from vtysh;
* "netns NAME" and "no netns NAME" are available only in zebra, write
custom DEFSHs in vtysh to make it aware of that;
* Remove the "no vrf NAME" definition from vtysh.c and expose the
original command to vtysh by converting the DEFUN_NOSH to a simple
DEFUN. This command doesn't change the vty node so there's no need to
special case it.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
There is no need to check for failure of a ALLOC call
as that any failure to do so will result in a assert
happening. So we can safely remove all of this code.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
When `bfdd` is enabled - which it is by default - re-route the PTM-BFD
messages to the FRR's internal BFD daemon instead of the external
PTM daemon.
This will help the migration of BFD implementations and avoid
duplicating code.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
Implement vty shell integration and allow `bfdd` to be configured
through FRR's vtysh.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
If malloc_usable_size() or malloc_size() are available, we can count
total usage of a particular MTYPE. (Without the functions, we don't
know how much to subtract on free.)
Signed-off-by: David Lamparter <equinox@diac24.net>
When calling route_map_finish, every place that we do we must
first set the deletion event to NULL, or we will create an infinite
loop, if we are using the delayed route-map application code.
As such we might as well just make the route_map_finish code
do this work, as that there is really no viable alternative here
and route_map_finish should only be called on shutdown.
This fixes an infinite loop in zebra on shutdown when there
are route-maps.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Take the source-prefix sub-TLV into consideration when running SPF
and support creation/deletion of dst-src routes as result.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
Modify stream_new in this way:
1) ALLOC allocations do not fail, they cause a crash so remove
if tests for it.
2) Modify usage of XCALLOC to XMALLOC and then hand set all the
relevant data in the stream pointer.
With this modification stream allocation of 10000000 streams at
10k bytes each reduced from on average 1.43 seconds to 0.65 seconds.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
When we issue this command, we are getting:
robot# show ip route vrf green json
{}
% VRF green not found
robot# show ip route vrf green
% VRF green not found
% VRF green not found
robot#
Fix the command so it only displays one line of output
for json or non-json output.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Fix ripd crash of null pointer.
when authenticate a rip packet,
the key pointer or the key string pointer may be null,
the code have to return then.
Signed-off-by: lyq140 <34637052+lyq140@users.noreply.github.com>
The `type` parameter was not being compared with `cmsg_type`, so the
result of this function was always a pointer to the first header
matching the level.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
When we read in a backup file, we should save the original
host.config so that we can put it back to the correct original
location after we read in the backup config.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Allow protocols to specify to zebra that they would like zebra
to use the distance passed down as part of determine sameness for
Route Replace semantics.
This will be used by the static daemon to allow it to have
backup static routes with greater distances.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
When I did a show ip route with `json` on a vrf when it didn't exist,
frr would output invalid json.
Signed-off-by: Nathan Van Gheem <nathan@cumulusnetworks.com>
Modify the unlock code for a route_node to return NULL on
pointer freed or to return the node itself again.
We'll need to go through the code and fix this pattern,
but this is a problem for another day. Get this fix in
place and we can make it a low hanging problem to fix.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Add some parameter names to functions in table.h to give a
clue as to what we expect people to pass in.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
On old compilers CPP_NOTICE should be a macro evaluating to an empty
statement, instead of being undefined.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
EVPN ND ext community support NA flag R-bit, to have proxy ND.
Set R-bit in EVPN NA if a given router is default gateway or there is a
local
router attached, which can be determine based on local neighbor entry.
Implement BGP ext community attribute to generate and parse R-bit and
pass along zebra to program neigh entry in kernel.
Upon receiving MAC/IP update with community type 0x06 and sub_type 0x08,
pass the R-bit to zebra to program neigh entry.
Set NTF_ROUTER in neigh entry and inform kernel to do proxy NA for EVPN.
Ref:
https://tools.ietf.org/html/draft-ietf-bess-evpn-na-flags-01
Ticket:CM-21712, CM-21711
Reviewed By:
Testing Done:
Configure Local vni enabled L3 Gateway, which would act as router,
checked
show evpn arp-cache vni x ip <ip of svi> on originated and remote VTEPs.
"Router" flag is set.
Signed-off-by: Chirag Shah <chirag@cumulusnetworks.com>
Add 'const' to prefix args to several zebra route update,
redistribution, and route owner notification apis.
Signed-off-by: Mark Stapp <mjs@voltanet.io>
This function should be called with a known vrf_id. All other cases, the
other API should be called.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Sometimes, the file under /var/run/netns may not be authorised to be
read ( because it is not read permission for frr user, for instance).
so it is good to know what happened.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Some values for icmp type/code can not be encoded like port source or
port destination. This is the case of 0 value that is authorized for
icmp.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
The flowspec fragment attribute is taken into account to be pushed in
BGP policy routing entries. Valid values are enumerate list of 1, 2, 4,
or 8 values. no combined value is supported yet.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
The packet length can be injected from fs entry with an enumerate list;
the negation of the value is also taken into account.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Those flags can be shared between BGP and Zebra. That is why
those flags are moved to common pbr.h header file.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
When in a dev build add a bit of code to track max
depth of a fifo and to allow zebra to report on it.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Previous correction (2c2d5cb397) was not enough,
so now it is ensured that the argument shift is not negative nor zero.
Signed-off-by: F. Aragon <paco@voltanet.io>
If your daemon does not need any special privileges
and you are compiling with HAVE_CAPABILIES, the
zprivs->change pointer will end up NULL due
to the way zprivs_caps_init. So as a check
let's add a NULL check for zprivs->change
and set it to a function that will do nothing.
This change prevents a crash if you raise privileges
when your daemon needs no special privileges.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The route_map_walk_update_list callback function
never uses the return code, so just remove it.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
route_map_clear_updated is only used by routemap.c,
don't expose it too be used by the outside world.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
route_map_mark_updated has a `int del_later` variable
that is passed in but never used. Just remove it.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Add the ability to specify the designated log level at startup.
--log-level <emergencies|alerts|critical|errors|warnings|notifications|informational|debugging>
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Remove the special case code to use syslog for Cumulus.
They can specify this via startup now instead of having
a special compile flag for this option.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
When we are starting a daemon, allow the user to specify:
--log <stdout|syslog|file:file_name>
This can be used on early startup to put the log files
where the end user wants them to show up.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The read in of cli was happening prior to thread
event handling for non-integrated configs. This
is interesting for 2 reasons:
1) Read-in of integrated configs was after thread
event loop startup, so we had a difference of behavior
2) Read-in can cause a series of events that cause
us to attempt to communicate with zebra. The zebra
zapi connection only happens after the thread event
loop has been started. This can cause data that
is being written down to zebra to be lost and
no real way to notice that this has happened and
to recover gracefully.
Modify the code to create a thread event for read
in of client config.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
If we fail to read in the config file and we have
specified a backup of the backup, attempt to
read that information.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
When reading the config file add an ability to know
if we have properly read in anything. So that a daemon
can make fallback plans.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
When we are iterating through the hash, keep count of how many
we've called and if we have finished calling the hash->size
iterator times, then short-circuit and stop looping over
the entire array.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Unfortunately user CFLAGS causes #define conflicts with #defines in
Python development headers, which causes build failures under certain
platforms when using -Werror.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
The current implementation of peer flags (e.g. shutdown, passive, ...)
only has partial support for overriding flags of a peer-group when the
peer is a member. Often settings might get lost if the user toys around
with the peer-group configuration, which can lead to disaster.
This commit introduces the same override implementation which was
previously integrated to support proper peer flag/attribute override on
the address-family level. The code is very similar and the global
attributes now use their separate state-arrays *flags_invert* and
*flags_override*.
The test suite for BGP peer attributes was extended to also check peer
global attributes, so that the newly introduced changes are covered. An
additional feature was added which allows to test an attribute with an
*interface-peer*, which can be configured by running `neighbor IF-TEST
interface`. This was introduced so that the dynamic runtime inversion of
the `extended-nexthop` flag, which is only enabled by default for
interface peers, can also be tested.
Last but not least, two small changes have been made to the current bgpd
implementation:
- The command `strict-capability-match` can now also be set on a
peer-group, it seems like this command slipped through while
implementing peer-groups in the very past.
- The macro `COND_FLAG` was introduced inside lib/zebra.h, which now
allows to either set or unset a flag based on a condition. The syntax
for using this macro is: `COND_FLAG(flag_variable, flag, condition)`
Signed-off-by: Pascal Mathis <mail@pascalmathis.com>
* Move configure flag propagations out of user flags
* Use AC_SUBST to transfer flag values to Automake
* Set default AM_CFLAGS and AM_CPPFLAGS in common.am and change child
Makefiles to modify these base variables
* Add flag override to turn off all sanitizers when building clippy
* Remove LSAN suppressions blacklist as it's no longer needed
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
With a new version of clang 6.0, the compiler is detecting more
issues where we may be possibly be truncating the output string.
Fix by increasing the size of the output string to make the compiler
happy.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Sometimes output would be mangled when filtering with include as a
result of the following bugs:
* Filters were applied per each call to vty_out() instead of buffering
until a line break and then applying
* Long output would sometimes be cut due to using the wrong buffer
pointer
Also remove the trailing \n as it should no longer be necessary to
ensure the vty prompt ends up on a new line.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
* Add function to move all data to the start of a vector by shifting
over contiguous empty slots
* Use this function to remove empty slots leftover after
frrstr_filter_vec
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
* Fix potential NULL dereference
* Fix use of uninitialized value
* Fix leaking memory by not freeing regex_t
* Fix extra \n when using empty regex filter
* Clean up still-reachable hook memory
* Handle nonexistent pager
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
An optimized version of this has already been implemented within graph.c
that assumes some specialized constraints for that code. It's generally
useful so this change implements a general purpose version of it.
This fixes cmd_make_strvec() that was broken by some code shuffling in
previous commits.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
* Rewrite pager implementation
* Replace fprintf() with vty_out()
* Modify vty_out() for better vtysh support
* Remove static global outputfile var
* Remove fp argument from many vtysh functions
* Add some docs for stuff along the way
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
This patch adds a CLI preprocessor function that activates when `|` is
found in the command. This is the start of adding support for some text
processing utilities intended for inline use. The first one implemented
here is `| include`, which provides grep-like filtering of command
output.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
This patch adds a hook point intended to allow subscribers to modify the
raw text of a CLI command before it is passed to the rest of the CLI
pipeline. To give access to the raw text of the command, a new function
for executing CLI has been defined whose only difference from
`cmd_execute_command` is that it accepts the command to execute as a
string rather than as a string vector.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
I see lots of the same code being copy-pasted and slightly tweaked for
string processing all over the codebase. Time to start aggregating these
pieces into something consistent and correct.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Programs that link to libnetsnmp must be compiled using a special set
of flags as specified by the "net-snmp-config --base-cflags" command
(whose output is stored in the SNMP_CFLAGS variable). The problem is
that "net-snmp-config --base-cflags" can output -std=c99 in addition to
other compiler flags in some platforms, and this breaks the build since
FRR souce code makes use of some GNU compiler extensions (e.g. allow
trailing commas in function parameter lists). In order to solve this
problem, append -std=gnu99 after SNMP_CFLAGS in all makefiles where this
variable is used. This way the -std=c99 flag will be overwritten when it's
present. Source files that don't link to libnetsnmp will be compiled using
either -std=gnu99 or -std=gnu11 depending on the compiler availability.
Fixes#1617.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
* Remove references to ospf source files from linklist.[ch]
* Remove documentation comments from hash.c and linklist.c
* Add comprehensive documentation comments to linklist.h and hash.h
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
* list_dup(): duplicates a linked list
* list_sort(): in-place sort of linked list w/ ascending quicksort
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
After PBR or BGP sends back a request for sending a rule/ipset/ipset
entry/iptable delete, there may be issue in deleting it. A notification
is sent back with a new value indicating that the removal failed.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Those 3 fields are read and written between zebra and bgpd.
This permits extending the ipset_entry structure.
Combinatories will be possible:
- filtering with one of the src/dst port.
- filtering with one of the range src/ range dst port
usage of src or dst is exclusive in a FS entry.
- filtering a port or a port range based on either src or dst port.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
The warning string which appears when the users executes 'no (enable)
password' was moved into command.h and declared as a constant named
'NO_PASSWD_CMD_WARNING'.
This avoids duplicate code and makes it easy to change the warning
message in all places at once.
Signed-off-by: Pascal Mathis <mail@pascalmathis.com>
When the user executes one of the commands 'no password' or 'no enable
password', a warning message gets shown to inform the user of the
security implications.
While the current implementation works, a warning message gets printed
once for each daemon, which can lead to seeing the same message many
times. This does not affect functionality, but looks like an error to
the user as it can be seen within issue #1432.
This commit only prints the warning message inside lib when vtysh
dispatch is not being used. Additionally, the warning message was copied
into the vtysh command handlers, so that they get printed exactly once.
Signed-off-by: Pascal Mathis <mail@pascalmathis.com>
The pull request #1545 from @donaldsharp introduced the command 'no
password' to remove an existing terminal connection password.
Additionally, warnings have been added to both 'no password' and 'no
enable password' to make the user aware of any security implications.
It seems that this specific pull request was never merged against master
and got lost. This commit is a cherry-pick of d4961273cb with fixed
conflicts and updated documentation.
Thanks to @donaldsharp and @pogojotz for the original PR.
Signed-off-by: Pascal Mathis <mail@pascalmathis.com>
For ipv6 host, the next hop is conevrted to ipv6 mapped address.
However, the remote rmac should still be programmed with the ipv4 address.
This is how the entries will look in the kernel for ipv6 hosts routing.
vrf routing table:
ipv6 -> ipv6_mapped remote vtep on l3vni SVI
neigh table:
ipv6_mapped remote vtep -> remote RMAC
bridge fdb:
remote rmac -> ipv4 vtep tunnel
Signed-off-by: Mitesh Kanjariya <mitesh@cumulusnetworks.com>
VRF static route commands adopt global static config if static config is
placed after a vrf context with no separator, workaround by always
writing static route config before vrf config
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Ensure that when EVPN routes are installed into zebra, the router MAC
is passed per next hop and appropriately handled. This is required for
proper multipath operation.
Ticket: CM-18999
Reviewed By:
Testing Done: Verified failed scenario, other manual tests
Signed-off-by: Vivek Venkatraman <vivek@cumulusnetworks.com>
stream_fifo is used as our standard internal message queue. Message
queues are useful in multithreaded environments. Up until now I have
been doing my own synchronization when using stream_fifo in this way;
this patch gets rid of the need for that boilerplate and decreases the
risk of locking mistakes when working with this datastructure.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
EVPN prefix depends on the EVPN route type.
Currently, in FRR we have a prefix_evpn/evpn_addr which relates to a evpn prefix.
We need to convert this to encompass an union of various EVPN route-types.
This diff handles the necessary code changes to adopt the new struct evpn_addr.
Signed-off-by: Mitesh Kanjariya <mitesh@cumulusnetworks.com>
Customers have requested the ability to name their devices starting
with a number instead of a letter. This fix changes the check for
hostname to allow either a letter or a number.
Signed-off-by: Don Slice <dslice@cumulusnetworks.com>
Add client proto and instance number in all msg (request and
responses) to/form a label manager. This is required for a
label manager acting as 'proxy' (i.e. relaying messages towards
another label manager) to correctly deliver responses to the
requesting clients.
Signed-off-by: Fredi Raspall <fredi@voltanet.io>
The API for filling in an IPTABLE_ADD and IPTABLE_DELETE message.
Also, the API is handling the notification callback, so as to know if
zebra managed to add or delete the relevant iptable entry.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
With the usage of a 32 bit number as a integer, but storing
non-signed values in it, we have cases where numbers greater
than 2 billion are being read in and stored and used before
lower value numbers, which of course is awful and mean.
Fixes: #2126
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Ensure that when EVPN routes are installed into zebra, the router MAC
is passed per next hop and appropriately handled. This is required for
proper multipath operation.
Ticket: CM-18999
Reviewed By:
Testing Done: Verified failed scenario, other manual tests
Signed-off-by: Vivek Venkatraman <vivek@cumulusnetworks.com>
When popping a stream from a stream_fifo, the stream->next pointer is
not NULL'd out. If this same stream is subsequently pushed onto a
stream_fifo (either the same one or a different one), because
stream_fifo's use tail insertion the ->next pointer is not updated and
thus will point to whatever the next stream in the first stream_fifo
was. stream_fifo_free does not check the count of the stream_fifo when
freeing its constituent elements, and instead walks the linked list.
Consequently it will continue walking into the first stream_fifo from
which the last stream was popped, freeing each stream contained there.
This leads to use-after-free errors.
This patch makes sure to set the ->next pointer to NULL when doing tail
insertion in stream_fifo_push and when popping a stream from a
stream_fifo.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
The addr value will never be null because of the way we do the
cli, but the SA system doesn't understand this. Add an assert
to make it happy.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The grammar sandbox has had the ability to dump individual commands as
DOT graphs, but now that generalized DOT support is present it's trivial
to extend this to entire submodes. This is quite useful for visualizing
the CLI space when debugging CLI errors.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
* Add general-purpose DFS traversal code
* Add ability to dump any graph to DOT language
* Add tests for graph datastructure
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Thread statistics are collected and stored in a hashtable shared across
threads, but while the hashtable itself is protected by a mutex, the
records themselves were not being updated safely. Change all thread
history collection to use atomic operations.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
For the last six years this source file has been using a type defined in
a header it did not include.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
* Add general-purpose DFS traversal code
* Add ability to dump any graph to DOT language
* Add tests for graph datastructure
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Zebra is starting to have some run-time capabilites that would be
useful to pass up to the higher level protocols so that they
can act in an appropriate manner when needed.
Send the ecmp value zebra is being run with and whether or not
we believe mpls is enabled in the kernel or not.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The mpls_label2str and mpls_str2label functions should not
be zebra exclusive functions. Move them to lib/mpls.c
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Properly notice when we get if up/down and vrf enable/disable
events and attempt to properly install nexthops as they
come in.
Ticket: CM20489
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Store Nexthop's as the incoming raw data. This will allow
us to separate the act of inputting the cli from the
act of instantiating the cli.
Ticket: CM-20489
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The delete was not properly deleting the nexthop from
the nexthop group and it was not properly setting the
nexthop's pointers to NULL.
Ticket: CM-20261
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Prevent the creation of a v6 LL nexthop that does not include an interface
for proper resolution.
Ticket: CM-20276
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The pbr_rule structure is derived from zebra_pbr_rule, and is
defined, so that a zclient will be able to encode the zebra_pbr_rule to
send ADD_RULE or DEL_RULE command. Also, the same structure can be used
by other daemons to derive a structure ( this will be the case for
zebra_pbr_rule).
Adding to this, an encoding function is defined, and will be used by
remote daemon to encode that message.
Those definitions are moved in new file pbr.h file.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Those messages permit a remote daemon to configure an iptable entry. A
structure is defined that maps to an iptable entry. More specifically,
this structure proposes to associate fwmark, and a table ID.
Adding to the configuration, the initialisation of iptables hash list is
done into zebra netnamespace. Also a hook for notifying the sender that
the iptables has been correctly set is done.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Once ipset entries are injected in the kernel, the relevant daemon is
informed with a zebra message sent back.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
ZEBRA IPSET defines are added for creating/deleting ipset contexts.
Ans also create ipset hash sets.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
IPset and IPset entries structures are introduced. Those entries reflect
the ipset structures and ipset hash sets that will be created on the
kernel.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
These asserts verify that the status correlates with the expected result
and fixes a clang-analyze warning.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
The PBR and PIM daemons, needed the ability to connect
to zebra. Unfortunately this connection also implied
an ability to redistribute to other valid protocols.
Add a additional hook to the route_types.pl script
to allow us to specify if the client type should
be redistributed at all.
Additionally cleanup the PIM code to not show up
as a protocol under the header for a 'show ip route'
command
Ticket: CM-20568
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
This list "table" is created in the case the netns backend for VRF is
used. This contains the mapping between the NSID value read from the
'ip netns list' and the ns id external used to create the VRF
value from vrf context. This mapping is
necessary in order to reserve default 0 value for vrf_default.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Because at startup, remote daemons attempt to create default VRF,
the VRF_ID may be set to unknown. In that case, an event will be
triggered later by zebra to inform remote daemon that the vrf id of that
VRF has changed to valid value. In that case, two instances of default
VRF must not be created. By looking first at vrf name, this avoids
having two instances.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
MPLS label pool backed by allocations from the zebra label manager.
A caller requests a label (e.g., in support of an "auto" label
specification in the CLI) via lp_get(), supplying a unique ID and
a callback function. The callback function is invoked at a later
time with the unique ID and a label value to inform the requestor
of the assigned label.
Requestors may release their labels back to the pool via lp_release().
The label pool is stocked with labels allocated by the zebra label
manager. The interaction with zebra is asynchronous so that bgpd
is not blocked while awaiting a label allocation from zebra.
The label pool implementation allows for bgpd operation before (or
without) zebra, and gracefully handles loss and reconnection of
zebra. Of course, before initial connection with zebra, no labels
are assigned to requestors. If the zebra connection is lost and
regained, callbacks to requestors will invalidate old assignments
and then assign new labels.
Signed-off-by: G. Paul Ziemba <paulz@labn.net>
This commit adds code to notify the compiler that we
will not be changing the arguments to nexthop2str
and we expect thre return to be treated the same.
Additionally we add some code to allow nexthops to
be hashed to be used in a hash.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
This is an implementation of PBR for FRR.
This implemenation uses a combination of rules and
tables to determine how packets will flow.
PBR introduces a new concept of 'nexthop-groups' to
specify a group of nexthops that will be used for
ecmp. Nexthop-groups are specified on the cli via:
nexthop-group DONNA
nexthop 192.168.208.1
nexthop 192.168.209.1
nexthop 192.168.210.1
!
PBR sees the nexthop-group and installs these as a default
route with these nexthops starting at table 10000
robot# show pbr nexthop-groups
Nexthop-Group: DONNA Table: 10001 Valid: 1 Installed: 1
Valid: 1 nexthop 192.168.209.1
Valid: 1 nexthop 192.168.210.1
Valid: 1 nexthop 192.168.208.1
I have also introduced the ability to specify a table
in a 'show ip route table XXX' to see the specified tables.
robot# show ip route table 10001
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, P - PIM, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
F - PBR,
> - selected route, * - FIB route
F>* 0.0.0.0/0 [0/0] via 192.168.208.1, enp0s8, 00:14:25
* via 192.168.209.1, enp0s9, 00:14:25
* via 192.168.210.1, enp0s10, 00:14:25
PBR tracks PBR-MAPS via the pbr-map command:
!
pbr-map EVA seq 10
match src-ip 4.3.4.0/24
set nexthop-group DONNA
!
pbr-map EVA seq 20
match dst-ip 4.3.5.0/24
set nexthop-group DONNA
!
pbr-maps can have 'match src-ip <prefix>' and 'match dst-ip <prefix>'
to affect decisions about incoming packets. Additionally if you
only have one nexthop to use for a pbr-map you do not need
to setup a nexthop-group and can specify 'set nexthop XXXX'.
To apply the pbr-map to an incoming interface you do this:
interface enp0s10
pbr-policy EVA
!
When a pbr-map is applied to interfaces it can be installed
into the kernel as a rule:
[sharpd@robot frr1]$ ip rule show
0: from all lookup local
309: from 4.3.4.0/24 iif enp0s10 lookup 10001
319: from all to 4.3.5.0/24 iif enp0s10 lookup 10001
1000: from all lookup [l3mdev-table]
32766: from all lookup main
32767: from all lookup default
[sharpd@robot frr1]$ ip route show table 10001
default proto pbr metric 20
nexthop via 192.168.208.1 dev enp0s8 weight 1
nexthop via 192.168.209.1 dev enp0s9 weight 1
nexthop via 192.168.210.1 dev enp0s10 weight 1
The linux kernel now will use the rules and tables to properly
apply these policies.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Signed-off-by: Don Slice <dslice@cumulusnetworks.com>
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Routes that have labels must be sent via a nexthop that also has labels.
This change notes whether any path in a nexthop update from zebra contains
labels. If so, then the nexthop is valid for routes that have labels.
If a nexthop update has no labeled paths, then any labeled routes
referencing the nexthop are marked not valid.
Add a route flag BGP_INFO_ANNC_NH_SELF that means "advertise myself
as nexthop when announcing" so that we can track our notion of the
nexthop without revealing it to peers.
Signed-off-by: G. Paul Ziemba <paulz@labn.net>
Do not complain about failure to create a namespace if we
do not have any such thing going on.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Static route commands are now installed inside the VRF nodes. This has
quietly broken top-level static routes in certain scenarios due to
walkup logic resolving a static route configuration command inside
VRF_NODE first if the command is issued while in a CLI node lower than
VRF_NODE. To fix this VRF_NODE needs a special exit command, as has been
done for many other nodes with the same issue, to explicitly change the
vrf context to the default VRF so that when walkup resolves against the
VRF node it will configure against the default VRF as desired.
Of course this is a hack on top of a hack and the CLI walkup
implementation needs to be rewritten.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
This work is derived from a work done by China-Telecom.
That initial work can be found in [0].
As the gap between frr and quagga is important, a reworks has been
done in the meantime.
The initial work consists of bringing the following:
- Bringing the client side of flowspec.
- the enhancement of address-family ipv4/ipv6 flowspec
- partial data path handling at reception has been prepared
- the support for ipv4 flowspec or ipv6 flowspec in BGP open messages,
and the internals of BGP has been done.
- the memory contexts necessary for flowspec has been provisioned
In addition to this work, the following has been done:
- the complement of adaptation for FS safi in bgp code
- the code checkstyle has been reworked so as to match frr checkstyle
- the processing of IPv6 FS NLRI is prevented
- the processing of FS NLRI is stopped ( temporary)
[0] https://github.com/chinatelecom-sdn-group/quagga_flowspec/
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Signed-off-by: jaydom <chinatelecom-sdn-group@github.com>
prefix structure is used to handle flowspec prefixes. A new AFI is
introduced: AF_FLOWSPEC. A sub structure named flowspec_prefix is
used in prefix to host the flowspec entry.
Reason to introduce that new kind is that prefixlen from prefix
structure is too short to all the flowspec needs, since NLRI can go over
0xff bytes.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
In BGP, doing policy-routing requires to use table identifiers.
Flowspec protocol will need to have that. 1 API from bgp zebra has been
done to get the table chunk.
Internally, onec flowspec is enabled, the BGP engine will try to
connect smoothly to the table manager. If zebra is not connected, it
will try to connect 10 seconds later. If zebra is connected, and it is
success, then a polling mechanism each 60 seconds is put in place. All
the internal mechanism has no impact on the BGP process.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
The library changes add 3 new messages to exchange between daemons and
ZEBRA.
- ZEBRA_TABLE_MANAGER_CONNECT,
- ZEBRA_GET_TABLE_CHUNK,
- ZEBRA_RELEASE_TABLE_CHUNK,
the need is that routing tables identifier are shared by various
services. For the current case, policy routing enhancements are planned
to be used in FRR. Poliy routing relies on routing tables identifiers
from kernels. It will be mainly used by the future policy based routing
daemon, but not only. In the flowspec case, the BGP will need also to
inject policy routing information into specific routing tables.
For that, the proposal is made to let zebra give the appropriate range
that is needed for all daemons.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
The following types are nonstandard:
- u_char
- u_short
- u_int
- u_long
- u_int8_t
- u_int16_t
- u_int32_t
Replace them with the C99 standard types:
- uint8_t
- unsigned short
- unsigned int
- unsigned long
- uint8_t
- uint16_t
- uint32_t
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Upon a 'ip netns del' event, the associated vrf with netns backend is
looked for, then the internal contexts are first disabled, then
suppressed.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
PR #1739 added code to leak routes between (default VRF) VPN safi and unicast RIBs in any VRF. That set of changes included temporary CLI including vpn-policy blocks to specify RD/RT/label/&c. After considerable discussion, we arrived at a consensus CLI shown below.
The code of this PR implements the vpn-specific parts of this syntax:
router bgp <as> [vrf <FOO>]
address-family <afi> unicast
rd (vpn|evpn) export (AS:NN | IP:nn)
label (vpn|evpn) export (0..1048575)
rt (vpn|evpn) (import|export|both) RTLIST...
nexthop vpn (import|export) (A.B.C.D | X:X::X:X)
route-map (vpn|evpn|vrf NAME) (import|export) MAP
[no] import|export [vpn|evpn|evpn8]
[no] import|export vrf NAME
User documentation of the vpn-specific parts of the above syntax is in PR #1937
Signed-off-by: G. Paul Ziemba <paulz@labn.net>
When we are signaling to a client from zebra that a nexthop
has changed, include the labels on the nexthop as well.
Upper level protocols need to know if the labels exist
in order to make intelligent decisions about what to do.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
When I use these functions and am programming on linux I
always have to pull up a man page for these two functions
since they exist in *BSD land only.
Modify the name of the size variable to destsize on
pass in to give me the small hint I need to know
what to do.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Add code to allow nexthops to be written by people who are
interested in writing their own nexthop line.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Expose to the world the nhgc_find command so that
interested parties can find a stored nexthop group.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Add a nexthop-group cli:
nexthop-group NAME
nexthop A
nexthop B
nexthop C
!
This will allow interested parties to hook into the cli for
nexthops. Users can add callback functions for add/delete
of a nexthop group as well as add/delete of each individual
nexthop.
Future work( PBR and static routes ) will take advantage
of this.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Vty commands that link netns context to a vrf is requiring some
privileges. The change consists in retrieving the privileges at the
vrf_cmd_init() called by the relevant daemon. Then use it.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Nobody uses it, but it's got the same definition. Move the parser
function into zclient.c and use it.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
* Add DEBUG*() macros
This set of macros allows you to write printf-like debugging lines that
automatically check whether a debug is on before printing. This should
eliminate the need for explicit checks in simple cases. For example:
if (SUCH_AND_SUCH_DEBUG_IS_ON) {
zlog_warn(...);
}
Becomes:
DEBUG(warn, such_and_such, ...);
Or, equivalently,
DEBUGE(such_and_such, ...);
The levels passed to DEBUG are expanded into the names of zlog_*
functions, so the same zlog levels are available. There's also a set of
macros that have the level built into them; DEBUGE for errors, DEBUGW
for warnings, etc. Good for brevity.
* Add singular setting macros
Change the 'SET' macros to accept a boolean indicating whether the
provided bits should be set or unset, and map on/off macros to them.
Helps condense code where you already have a boolean condition that
tells you what you want to do as you can avoid writing the branch.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Also modify `struct route_entry` to use nexthop_groups.
Move ALL_NEXTHOPS loop to nexthop_group.h
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Allow the calling daemon to pass down what table-id we
want to use to install the route. Useful for PBR.
The vrf id passed must be the VRF_DEFAULT else this
value is ignored.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The work_queue_free function free'd up the wq pointer but
did not set it too NULL. This of course causes situations
where we may use the work_queue after it is freed. Let's
modify the work_queue to set the pointer for you.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
If a interested party removes one of it's routes let
it know that it has happened as asked for.
Add a ZAPI_ROUTE_REMOVED to the send of the route_notify_owner
Add a ZAPI_ROUTE_REMOVE_FAIL to the send of the route_notify_owner
Add code in sharpd to notice this and to allow it to keep
track of routes removed for that invocation and give timing
results.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The buffer size is currently 4k. Increase x4 times to allow for bigger
messages to be sent over the zapi.
The current size sufficient for most cases, but there are a couple
of cases with installing data to the kernel ip rules where we will
quickly hit this 4k size limit. I forsee flowspec getting close
to this limit as well.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The NS_DEFAULT value returns UNKNOWN in the case the vrf lite backend is
used, whereas this is wrong. This commit fixes the default value.
Also, it fixes the default value in the case NETNS support from system
is not ok, or some error can occur when reading default NS at startup.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
The current strategy for fine-grained debugging across FRR is to use
static long int bitfields, in combination with helper macros that are
copy-pasted between daemons, to hold state on what debugging information
should be collected at any given time. This has a couple of problems:
* These bitfields are generally extern'd and accessed everywhere, so
they are not MT-safe or easy to make MT-safe
* Lots of code duplication from copy-pasting the DEBUG_* macros...
* Code duplication because of the "term" vs "conf" debugging concept
This patch aims to remedy that by providing some infrastructure to work
with debugs. The core concept of using bitfields has been retained, but
the number of these for each debug has been reduced to 1. This allows
easy use of lock-free methods for synchronizing access to debugging
info.
The helper macros have also been retained but they are now collected in
one place and perform exclusively atomic operations.
Finally there is a bit of code that allows daemons to register
callbacks, which I used to implement a command that will toggle all
debugging for any daemons that use these facilities.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Add the originating routes type and instance to the nexthop
update message. This is necessary because there exist
scenarios where BGP needs to make a decision about the
originating route type and instance to know if it is
going to be doing a route replace to a route that would
resolve to itself.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The addition of some rmac code snuck in the usage of a
stream_get instead of a STREAM_GET()
We need to be using STREAM_GET()
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Implement support for EVPN symmetric routing for IPv6 routes. The next hop
for EVPN routes is the IP address of the remote VTEP which is only an IPv4
address. This means that for IPv6 symmetric routing, there will be IPv6
destinations with IPv4 next hops. To make this work, the IPv4 next hops are
converted into IPv4-mapped IPv6 addresses.
As part of support, ensure that "L3" route-targets are not announced with
IPv6 link-local addresses so that they won't be installed in the routing
table.
Signed-off-by: Vivek Venkatraman vivek@cumulusnetworks.com
Reviewed-by: Mitesh Kanjariya mitesh@cumulusnetworks.com
Reviewed-by: Donald Sharp sharpd@cumulusnetworks.com
Because socket creation is tightly linked with socket binding for vrf
lite, the proposal is made to extend socket creation APIs and to create
a new API called vrf_bind that applies to vrf lite. The passed interface
name is the interface that will be bound to the socket passed.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
That API can be used to wrap the ioctl call with various vrf instances.
This permits transparently doing the ioctl() call without taking into
consideration the vrf backend kind.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
This split is introducing logicalrouter.[ch] as the file that contains
the vty commands to configure logical router feature. The split has as
consequence that the backend of logical router is linux_netns.c formerly
called ns.c. The same relationship exists between VRF and its backend
which may be linux_netns.c file.
The split is adapting ns and vrf fiels so as to :
- clarify header
- ensure that the daemon persepctive, the feature VRF or logical router
is called instead of calling directly ns.
- this implies that VRF will call NS apis, as logical router does.
Also, like it is done for default NS and default VRF, the associated VRF
is enabled first, before NETNS is enabled, so that zvrf->zns pointer is
valid when NETNS discovery applies.
Also, other_netns.c file is a stub handler that will be used for non
linux systems. As NETNS feature is only used by Linux, some BSD systems
may want to use the same backend API to benefit from NETNS. This is what
that file has been done.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
The vrf_sockunion_socket() wraps sockunion_socket() with vrf_id as
additional parameter. The creation of socket forces the user to
transparently move to new NETNS for doing the operation.
The vrf_getaddr_info() wraps getaddr_info() with vrf_id as additional
parameter. That API relies on the underlying system. Then there may be
need to switch to an other netns in that case too.
Also, the vrf_socket() implementation is simplified.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
For supporting vrf based on namespaces, it is possible that an interface
with the same index is present. This is the case for loopback
interfaces. For that, for each query, if the interface is not found
, matching the vrf identifier, then a new interface is created, when the
backens for VRF is NETNS.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
when the netns backend is selected for VRF, the default VRF is being
assigned a NSID. This avoids the need to handle the case where if the
incoming NSID was 0 for a non default VRF, then a specific handling had
to be done to keep 0 value for default VRF.
In most cases, as the first NETNS to get a NSID will be the default VRF,
most probably the default VRF will be assigned to 0, while the other
ones will have their value incremented. On some cases, where the NSID is
already assigned for NETNS, including default VRF, then the default VRF
value will be the one derived from the NSID of default VRF, thus keeping
consistency between VRF IDs and NETNS IDs.
Default NS is attempted to be created. Actually, some VMs may have the
netns feature, but the NS initialisation fails because that folder is
not present.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Two apis are provided so that the switch from one netns to an other one
is taken care.
Also an other API to know if the VRF has a NETNS backend or a VRF Lite
backend.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
The addition of the name of the netns in the vrf message introduces also
a limitation when the size of the netns is bigger than 15 bytes. Then
the netns are ignored by the library.
In addition to this, some sanity checks have been introduced. some
functions to create the netns from a call not coming from the vty is
being added with traces.
Also, the ns vty function is reentrant, if the context is already
created.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Show vrf command displays information on the vrf, if it is related to
vrf kernel or if it is related to netns.
When a vrf from kernel is detected, before creating a new vrf, a check
is done against an already present vrf, and if that vrf is not a vrf
mapped with a netns. If that is that case, then the creation is
rejected.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
The zebra netnamespace contexts are initialised, based on the callback
coming from the NS. Reversely, the list of ns is parsed to disable the
ns contexts.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
If vrf backend is netns, then the zebra will create its own
zebra_ns context for each new netns discovered. As consequence,
a routing table, and other contexts will be created for each
new namespace discovered. When it is enabled, a populate process
will be done, consisting in learning new interfaces and routes, and
addresses from other NETNS.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
In addition to have the possibility to create from vty vrf based on a
netns backend, the API will be made accessible from external, especially
for zebra that will handle the netns discovery part. This commit is
externalising following functions:
- netns_pathname
- ns_handler_create
- vrf_handler_create
Also, the VRF initialisation case when under NETNS backend is changed,
since the NS identifier may not be known at the configuration time,but
may be known later, under discovery process.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Upon following calls: interface poll, address poll, route poll, and
ICMPv6 handling, each new Namespace is being parsed. For that, the
socket operations need to switch from one NS to one other, to get the
necessary information.
As of now, there is a crash when dumping interfaces, through show
running-config.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Using the vrf backend kind, the vty command that configured netns
under vty will not be installed if the vrf backend is vrf lite
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
a vty command is added:
in addition to this command ( kept for future usage):
- [no] logical-router-id <ID> netns <NETNSNAME>
a new command is being placed under vrf subnode
- vrf <NAME>
[no] netns <NETNSNAME>
exit
This command permits to map a VRF with a Netnamespace.
The commit only handles the relationship between vrf and ns structures.
It adds 2 attributes to vrf structure:
- one defines the kind of vrf ( mapped under netns or vrf from kernel)
- the other is the opaque pointer to ns
The show running-config is handled by zebra daemon.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
The netns backend is chosen by VRF if a runtime flag named vrfwnetns is
selected when running zebra.
In the case the NETNS backend is chosen, in some case the VRFID value is
being assigned the value of the NSID. Within the perimeter of that work,
this is why the vrf_lookup_by_table function is extended with a new
parameter.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
The ZEBRA_FLAG_INTERNAL flag is used to signal to zebra that
the route being added, the nexthops for it can be recursively
resolved. This name keeps throwing me off when I read it
so let's rename to something that allows the developer to
understand what is going on.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
In the future we are going to have a rule_notify_owner
so make the distinction between the two types of notification
clearer.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The notification of the owner was not properly decoding
the prefix and as such we were not properly reading the
table it was installed into.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
This commit is the implementation of weak multicast traceroute.
It consists of IGMP module dealing with mtrace type IGMP messages
and client program mtrace/mtracebis for initiating mtrace queries.
Signed-off-by: Mladen Sablic <mladen.sablic@gmail.com>
Add the ability to pass in an afi to zebra. zebra_vrf keeps
track of the afi/label tuple and then does the right thing
before we call down. AF_MPLS does not care about v4 or v6
it just knows label and what device to use for lookup.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Modify mpls.h to rename MPLS_LABEL_ILLEGAL to be MPLS_LABEL_NONE.
Fix all pre-existing code that used MPLS_LABEL_ILLEGAL.
Modify the zapi vrf label message to use MPLS_LABEL_NONE as the
signal to remove label associated with a vrf.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Add the ability to pass the lsp owner type through the zapi
and in addition add a new label type for the sharp protocol
for testing.
Finally modify zebra_mpls.h to not have defaults specified
for the enum. That way when we add a new LSP type the
compile fails and the person doing the addition knows
where he has to touch shit.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Turns out we had 3 different ways to define labels
all of them overlapping with the same meanings.
Consolidate to 1. This one choosen is consistent
naming wise with what the *bsd and linux kernels
use.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
For L3VPN's we need to create a label associated with the specified
vrf to be installed into the kernel to allow a pop and lookup
operation.
The new api is:
zclient_send_vrf_label(struct zclient *zclient, vrf_id_t vrf_id,
mpls_label_t label);
For the specified vrf_id associate the specified label for
a pop and lookup operation for forwarding.
To setup a POP and Forward use MPLS_LABEL_IMPLICIT_NULL
If the same label is passed in we ignore the call.
If the label is different we update entry.
If the label is MPLS_LABEL_NONE we remove
the entry.
This sets up the api. Future commits will have the functionality
to actually install into the kernel.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The nh_resolve_via_default function is an accessor function
for NHT in zebra. Let's move this function to it's proper
place.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Create a zapi_nexthop_update_decode function that both
pim and bgp use to decode the message from zebra.
There probably could be further optimizations but I opted
to keep the code as similiar as is possible between the
originals because they both make some assumptions about
code flow that I do not fully understand yet.
The real goal here is that I want to create a new
user of the nexthop tracking code from a higher level
daemon and I see no need to re-implement this damn
code again for a 3rd time.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
* zebra/kernel_socket.c: include "rt.h" to provide the prototypes of
kernel_init() and kernel_terminate();
* lib/prefix.h: remove the deprecation warning whenever ETHER_ADDR_LEN
is used. isisd uses the ETHER_HDR_LEN constant which is defined in
terms of ETHER_ADDR_LEN in the *BSD system headers. So, when building
FRR on *BSD, we were getting several warnings because we were using
ETHER_ADDR_LEN indirectly;
* lib/command_lex.l, lib/defun_lex.l: ignore other harmless warnings;
* lib/spf_backoff.c: cast 'tv->tv_usec' to 'long int' before printing.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
None of these variables can actually be used before being initialized,
but unfortunately some old compilers are not smart enough to detect that.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
The PIM_NODE command is only being used to display
default vrf configuration. Move this into the
vrf display and remove PIM_NODE.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Some work on FRR's pthread wrapper.
* Provide a built-in way to synchronize thread startup
* Make utility functions take frr_pthread * instead of its integer ID
* Pass frr_pthread * as pthread start function argument
* Correct some comment styling
* Rename some variables to match naming conventions in the file
* Change parameter ordering in stop function prototype to follow the
convention in the other functions
* Default new frr_pthreads to using a vanilla event loop
For the last point, the original goal when designing the implementation
of pthreads into FRR was to be able to use the thread.c event based
system inside pthreads. This code essentially encapuslates all the
thread.c functionality into an easy to use pthread out of the box.
Creating a new frr_pthread with a null attributes field will cause the
created frr_pthread to run a thread.c event loop. The upshot of this is
that it is now possible to safely run existing functions in a pthread in
roughly 3 lines of code. It also serves as an example / starting point
for others.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Refine the notion of what FRR considers as "configured" VRF. It is no longer
based on user just typing "vrf FOO" but when something is actually configured
against that VRF. Right now, in zebra, the only configuration against a VRF
are static IP routes and EVPN L3 VNI. Whenever a configuration is removed,
check and clear the "configured" flag if there is no other configuration for
this VRF. When user attempts to configure a static route and the VRF doesn't
exist, a VRF is created; the VRF is only active when also defined in the
kernel.
Updates: 8b73ea7bd479030418ca06eef59d0648d913b620
Signed-off-by: Vivek Venkatraman <vivek@cumulusnetworks.com>
Reviewed-by: Donald Sharp <sharpd@cumulusnetworks.com>
Reviewed-by: Don Slice <dslice@cumulusnetworks.com>
Ticket: CM-10139, CM-18553
Reviewed By: CCR-7019
Testing Done:
1. Manual testing for L3 VNI and static routes - FRR restart, networking
restart etc.
2. 'vrf' smoke
<DETAILED DESCRIPTION (REPLACE)>
When shutting down, ensure that all VRFs including "configured" ones are
cleaned up properly.
Signed-off-by: Vivek Venkatraman <vivek@cumulusnetworks.com>
Reviewed-by: Donald Sharp <sharpd@cumulusnetworks.com>
Ticket: CM-19069
Reviewed By: CCR-7011
Testing Done: Manual verification of failed scenario
A VRF is active only when the corresponding VRF device is present in the
kernel. However, when the kernel VRF device is removed, the VRF container in
FRR should go away only if there is no user configuration for it. Otherwise,
when the VRF device is created again so that the VRF becomes active, FRR
cannot take the correct actions. Example configuration for the VRF includes
static routes and EVPN L3 VNI.
Note that a VRF is currently considered to be "configured" as soon as the
operator has issued the "vrf <name>" command in FRR. Such a configured VRF
is not deleted upon VRF device removal, it is only made inactive. A VRF that
is "configured" can be deleted only upon operator action and only if the VRF
has been deactivated i.e., the VRF device removed from the kernel. This is
an existing restriction.
To implement this change, the VRF disable and delete actions have been modified.
Signed-off-by: Vivek Venkatraman <vivek@cumulusnetworks.com>
Reviewed-by: Donald Sharp <sharpd@cumulusnetworks.com>
Reviewed-by: Mitesh Kanjariya <mkanjariya@cumulusnetworks.com>
Reviewed-by: Don Slice <dslice@cumulusnetworks.com>
Ticket: CM-18553, CM-18918, CM-10139
Reviewed By: CCR-7022
Testing Done:
1. vrf and pim-vrf automation tests
2. Multiple VRF delete and readd (ifdown, ifup-with-depends)
3. FRR stop, start, restart
4. Networking restart
5. Configuration delete and readd
Some of the above tests run in different sequences (manually).
In EVPN symmetric routing, not all subnets are presents everywhere.
We have multiple scenarios where a host might not get learned locally.
1. GARP miss
2. SVI down/up
3. Silent host
We need a mechanism to resolve such hosts. In order to achieve this,
we will be advertising a subnet route from a box and that box will help
in resolving the ARP to such hosts.
Signed-off-by: Mitesh Kanjariya <mitesh@cumulusnetworks.com>
1. Added default gw extended community
2. code modification to handle sticky-mac/default-gw-mac as they go together
3. show command support for newly added extended community
4. State in zebra to reflect if a mac/neigh is default gateway
5. show command enhancement to refelect the same in zebra commands
Ticket: CM-17428
Review: CCR-6580
Testing: Manual
Signed-off-by: Mitesh Kanjariya <mitesh@cumulusnetworks.com>
Abstract the code that sends the zapi message into zebra
for the turn on/off of nexthop tracking for a prefix.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The zclient->redist bitmap for vrf's was being set again
for the zclient_send_dereg_requests function. This should
be a unset on tear down.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
- Remove OSPD_SR route type
- Check that Segment Routing is enable only in default VRF
- Add comment for SRGB in lib/mpls.h
- Update documentation
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
Because the VRF_ID is mapped into 32 bit, and because when NETNS will be
the backend of VRF, then the NS identifier must also be encoded as 32
bit.
Also, the NS_UNKNOWN value is changed accordingly to UINT32_MAX.
Also, the NS_UNKNOWN and NS_DEFAULT values are removed from zebra_ns.h
and kept on ns.h header file.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
The number of vrf bitmap groups is increased so as to avoid consuming
too much memory. This fix is related to a fork memory that occured when
running pimd as daemon.
A check on memory consumed shows that the memory consumed goes from
33480ko to 46888ko with that change. This is less compared to if the
value of the bitmap groups is increased to 16 ( 852776ko).
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
This is a preparatory work for configuring vrf/frr over netns
vrf structure is being changed to 32 bit, and the VRF will have the
possibility to have a backend made up of NETNS.
Let's put some history.
Initially the 32 bit was because one wanted to map on vrf_id both the
VRFLITE and the NSID.
Initially, one would have liked to make zebra configure at the same time
both vrf lite and vrf from netns in a flat way. From the show
running perspective, one would have had both kind of vrfs, thatone
would configure on the same way.
however, it leads to inconsistencies in concepts, because it mixes vrf
vrf with vrf, and vrf is not always mapped with netns.
For instance, logical-router could also be used with netns. In that
case, it would not be possible to map vrf with netns.
There was an other reason why 32 bit is proposed. this is because
some systems handle NSID to 32 bits. As vrf lite exists only on
Linux, there are other systems that would like to use an other vrf
backend than vrf lite. The netns backend for vrf will be used for that
too. for instance, for windows or freebsd, some similar
netns concept exists; so it will be easier to reuse netns
backend for vrf, than reusing vrflite backend for vrf.
This commit is here to extend vrf_id to 32 bits. Following commits in a
second step will help in enable a VRF backend.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
This is an implementation of draft-ietf-ospf-segment-routing-extensions-24
and RFC7684 for Extended Link & Prefix Opaque LSA.
Look to doc/OSPF_SR.rst for implementation details & known limitations.
New files:
- ospfd/ospf_sr.h: Segment Routing structure definition (SubTLVs + SRDB)
- ospfd/ospf_sr.c: Main functions for Segment Routing support
- ospfd/ospf_ext.h: TLVs and SubTLVs definition for RFC7684
- ospfd/ospf_ext.c: RFC7684 Extended Link / Prefix implementation
- doc/OSPF-SRr.rst: Documentation
Modified Files:
- doc/ospfd.texi: Add new Segment Routing CLI command definition
- lib/command.h: Add new string command for Segment Routing CLI
- lib/mpls.h: Add default value for SRGB
- lib/route_types.txt: Add new OSPF Segment Routing route type
- ospfd/ospf_dump.[c,h]: Add OSPF SR debug
- ospfd/ospf_memory.[c,h]: Add new Segment Routing memory type
- ospfd/ospf_opaque.[c,h]: Add ospf_sr_init() starting function
- ospfd/ospf_ri.c: Add new functions to Set/Get Segment Routing TLVs
Add new ospf_router_info_lsa_upadte() to send Opaque LSA to ospf_sr.c()
- ospfd/ospf_ri.h: Add new Router Information SR SubTLVs
- ospfd/ospf_spf.c: Add new scheduler when running SPF to trigger
update of NHLFE
- ospfd/ospfd.h: Add new thread for Segment Routing scheduler
- ospfd/subdir.am: Add new files
- vtysh/Makefile.am: Add new ospf_sr.c file for vtysh
- zebra/kernel_netlink.c: Add new OSPF_SR route type
- zebra/rt_netlink.[c,h]: Add new OSPF_SR route type
- zebra/zebra_mpls.h: Add new OSPF_SR route type
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
There are some observed instances where we end up trying to cancel a rw
job based on a file descriptor that we don't have a reference on. The
specific cancel function for rw jobs assumes it's called with a file
descriptor that is valid within pollfds and will cause a segmentation
fault by buffer overrun if this is not the case.
Instead log it and move on. Since the fd does not exist this should
patch over the buggy behavior and provide additional information to help
in finding the root cause.
Reviewed-by: Donald Sharp <sharpd@cumulusnetworks.com>
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Modify if_lookup_by_index to accept a VRF_UNKNOWN
as a vrf_id. This will cause it to look in all
vrf's for the interface pointer.
Subsequently all if_XXXX functions that call this function
will also get this behavior.
VRF_UNKNOWN *should* not be used for interface creation
as that this will break some core assumptions.
This work is part of allowing vrf route leaking. Currently
it is possible to create a route in the linux kernel that has
a nexthop across vrf boundaries.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The zapi_ipv4_route, zapi_ipv6_route and zapi_ipv4_route_ipv6_nexthop
functions are deprecated. Add notice of when we can remove the
deprecated code from the system.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The constant to limit # of allowed cli tokens on any one line was
defined in multiple places, all inconsistent with each other. Fix.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
* Fix rare failure caused when end pointer is at end of buffer memory
and a call to ringbuf_get() is made that reads all of the data in the
buffer; start pointer was advanced past end pointer, causing some
special handling to be skipped
* Fix ringbuf_peek() moving start pointer
* Fix use after free
* Remove extraneous assignment
* Update relevant tests
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Peek functionality for ring buffers and associated tests.
Also:
* Slight optimization to avoid 0-byte memcpy() by changing > to >=
* Add rv checks for some ringbuf_[put|get] calls that were missing them
in the test
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
CLI config for enabling/disabling type-5 routes
router bgp <as> vrf <vrf>
address-family l2vpn evpn
[no] advertise <ipv4|ipv6|both>
loop through all the routes in VRF instance and advertise/withdraw
all ip routes as type-5 routes in default instance.
Signed-off-by: Mitesh Kanjariya <mitesh@cumulusnetworks.com>
The $Id: lines would allow code kept in cvs to substitute
the file version upon checkout. Since we are not using
cvs there is no need to keep these lines anymore.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
ptm_lib.c had no way to cleanup after itself when an
error was detected. This adds a function to cleanup
context in such a case.
A followup commit will use this new functionality.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Some of the deprecated stream.h macros see such little use that we may
as well just remove them and use the non-deprecated macros.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
When we remove a thread from a pqueue, use the saved
index to go to the correct spot immediately instead of
having to search the whole queue for it.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
This should be allowed:
robot(config)# ip prefix-list outbound_asp_routes seq 33 permit 1.1.1.0/24 le 24
% Invalid prefix range for 1.1.1.0/24, make sure: len < ge-value <= le-value
This commit fixes the issue:
robot(config)# ip prefix-list outbound_asp_routes seq 33 permit 1.1.1.0/24 le 23
% Invalid prefix range for 1.1.1.0/24, make sure: len < ge-value <= le-value
robot(config)# ip prefix-list outbound_asp_routes seq 33 permit 1.1.1.0/24 le 24
robot(config)# ip prefix-list outbound_asp_routes seq 33 permit 1.1.1.0/24 le 25
robot(config)#
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Add a daemon that will allow us to test the zapi
as well as test route install/removal times from
the kernel.
The current commands are:
install route <starting ip address> nexthop <nexthop> (1-1000000)
This command starts installing at <starting ip address>/32
(1-100000) routes that it auto-increments by 1
Installation start time is noted in the log and finish
time is noted as well.
remove routes <starting ip address> (1-1000000)
This command removes routes at <starting ip address>/32
and removes (1-100000) routes created by the install route
command.
This code can be considered experimental and *is not*
something that should be run in a production environment.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Allow the higher level protocol to specify if it would
like to receive notifications about it's routes that
it has installed.
I've purposely made it part of zclient_new_notify because
we need to track the routes on a per daemon basis only.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Provide ZAPI code that can pass to an upper level protocol
what happened to it's route on install.
There are these notifications:
1) ZAPI_ROUTE_FAIL_INSTALL - The route attempted to be
installed did not work.
2) ZAPI_ROUTE_BETTER_ADMIN_WON - A route that was installed
has become un-installed due to another routing protocol
installing a better admin distance
3) ZAPI_ROUTE_INSTALLED - The route specified has been installed
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Define JSON_C_TO_STRING_NOSLASHESCAPE used for
escaping forward slash.
Disply json output for
'show ip ospf route [vrf all] json'
Ticket:CM-18659
Reviewed By:
Testing Done:
Configure multiple non-default VRF, inject external routes
via redistribute to ospf area.
checked show ip ospf route vrf all /json based output.
Signed-off-by: Chirag Shah <chirag@cumulusnetworks.com>
Add write callback.
Add error callback.
Add frrzmq_check_events() function to check for edge triggered things
that may have happened after a zmq_send() call or so.
Update ZMQ tests.
Signed-off-by: ßingen <bingen@voltanet.io>
The safi encode/decode is using 2 bytes, which
may cause problems on some platforms. Let's assume
that a safi is a uint8_t and work accordingly.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
This code modifies zebra to use the STREAM_GET functionality.
This will allow zebra to continue functioning in the case of
bad input data from higher level protocols instead of crashing.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Currently when stream reads fail, for any reason, we assert.
While a *great* debugging tool, Asserting on production code
is not a good thing. So this is the start of a conversion over
to a series of STREAM_GETX functions that do not assert and
allow the developer a way to program this gracefully and still
clean up.
Current code is something like this( taken from redistribute.c
because this is dead simple ):
afi = stream_getc(client->ibuf);
type = stream_getc(client->ibuf);
instance = stream_getw(client->ibuf);
This code has several issues:
1) There is no failure mode for the stream read other than assert.
if afi fails to be read the code stops.
2) stream_getX functions cannot be converted to a failure mode
because it is impossible to tell a failure from good data
with this api.
So this new code will convert to this:
STREAM_GETC(client->ibuf, afi);
STREAM_GETC(client->ibuf, type);
STREAM_GETW(client->ibuf, instance);
....
stream_failure:
return;
We've created a stream_getc2( which does not assert ),
but we need a way to allow clean failure mode handling.
This is done by macro'ing stream_getX2 functions with
the equivalent all uppercase STREAM_GETX functions that
include a goto.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
This commit adds support for the RTR protocol to receive ROA
information from a RPKI cache server. That information can than be used
to validate the BGP origin AS of IP prefixes.
Both features are implemented using [rtrlib](http://rtrlib.realmv6.org/).
Signed-off-by: Marcel Röthke <marcel.roethke@haw-hamburg.de>
When we have a v4 or v6 prefix list, only
apply it via a match when the address families
are the same.
Fixes: #1339
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
When using a non-integrated config and starting up
of a protocol daemon, we were not properly handling
all possible cases and as such when an user hit
an actual error they were getting (null) listed
for the message string.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
This function is only called with non-blocking sockets [1], so there's
no need to worry about setting O_NONBLOCK and unsetting it later if the
given fd was a blocking socket. This saves us 4 syscalls per connect,
which is not much but is something.
Also, remove an outdated comment about the return values of this
function. It returns a 'connect_result' enum now, whose values are
self-explanatory (connect_error, connect_success and connect_in_progress).
This also fixes a coverity scan warning where we weren't checking the
return value of the fcntl() syscall.
[1] bgp_connect() and pim_msdp_sock_connect().
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
These are mostly trivial fixes for leaks in the error path of some functions.
The changes in bgpd/bgp_mpath.c deserves a bit of explanation though. In
the bgp_info_mpath_aggregate_update() function, we were allocating memory
for the lcomm variable but doing nothing with it. Since the code for
communities, extended communities and large communities is pretty much
the same in this function, it's clear that this was a copy and paste
error where most of the ext. community code was copied but not all of
it as it should have been.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Note: I had to remove one assert in clidef.py in order to fix a build
error when using a preprocessor string (FRR_IP_REDIST_STR_ZEBRA) inside
a DEFPY command. This should be revisited later.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
When displaying thread cpu data, display unsigned instead
of signed data when we get really really really large
numbers of invocations.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
When free'ing memory associated with the wgraph, also
free memory malloced during the initialization.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
route_node_set is only called by route_node_get
which calls apply_mask. There is no need to do
this again.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
There is no need to generate a hash key *if* the hash_alloc_function
is NULL and the hash is empty.
This changed showed a measurable increase in performance for
table hash lookup for tables that were meant to be empty in
bgp( the distance commands ).
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
When free'ing the workqueue if you have items
on the workqueue you should free the memory associated
with it.
Additionally move the work_queue_item_remove function
to allow for static to be awesome
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
We expect that the index value passed in for argv_find
should be initially set to 0. This way if the cli
ever changes there is no need to modify the initial
value.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
This improves code readability and also future-proofs our codebase
against new changes in the data structure used to store interfaces.
The FOR_ALL_INTERFACES_ADDRESSES macro was also moved to lib/ but
for now only babeld is using it.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
If the p1 and p2 arguments pointed to identical strings ending with
a non-numeric character (e.g. "lo"), this function would return -1
instead of 0 as one would expect. This inconsistency didn't matter
for sorted linked-lists but for red-black trees it's a major source
of problems.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Performance tests showed that, when running on a system with a large
number of interfaces, some daemons would spend a considerable amount
of time in the if_lookup_by_index() function. Introduce a new rb-tree
to solve this problem.
With this change, we need to use the if_set_index() function whenever
we want to change the ifindex of an interface. This is necessary to
ensure that the 'ifaces_by_index' rb-tree is updated accordingly. The
return value of all insert/remove operations in the interface rb-trees
is checked to ensure that an error is logged if a corruption is
detected.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
IFINDEX_DELETED is not necessary anymore as we moved from a global
list of interfaces to a list of interfaces per VRF.
This reverts commit 84361d615.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
This is an important optimization for users running FRR on systems with
a large number of interfaces (e.g. thousands of tunnels). Red-black
trees scale much better than sorted linked-lists and also store the
elements in an ordered way (contrary to hash tables).
This is a big patch but the interesting bits are all in lib/if.[ch].
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Make use of strnlen() and strlcpy() so we can get rid of these
convoluted if_*_by_name_len() functions.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
The compiler cannot guess that rise() will not return here.
One should help.
Warning:
Access to field 'file' results in a dereference of a null pointer
(loaded from variable 'error')
aka error->file while error is NULL.
Signed-off-by: Vincent Jardin <vincent.jardin@6wind.com>
Currenlty, this function is used only by:
- unit test of csv.c (see its main() section)
- ptm_lib.c
In case of ptm, it is safe to return NULL because:
csv_encode_record() -> return NULL
_ptm_lib_encode_header() -> return NULL
the only consumer of the return value is: ptm_lib_init_msg()
that checks the NULL return.
Warning:
Access to field 'field_len' results in a dereference of a null
pointer (loaded from variable 'fld')
Signed-off-by: Vincent Jardin <vincent.jardin@6wind.com>
We should assume match OK only when neither nhl1
and neither nhl2 are NULL.
If both are NULL, it means match NOK.
Clang Warning:
Access to field 'num_labels' results in a dereference of a null
pointer (loaded from variable 'nhl1')
Signed-off-by: Vincent Jardin <vincent.jardin@6wind.com>
Let's assert(NULL) if the datastructure is not set.
The code assumes that the pointer is always non NULL. So, let's enforce
this semantic.
Signed-off-by: Vincent Jardin <vincent.jardin@6wind.com>
list_free is occassionally being used to delete the
list and accidently not deleting all the nodes.
We keep running across this usage pattern. Let's
remove the temptation and only allow list_delete
to handle list deletion.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Convert the list_delete(struct list *) function to use
struct list **. This is to allow the list pointer to be nulled.
I keep running into uses of this list_delete function where we
forget to set the returned pointer to NULL and attempt to use
it and then experience a crash, usually after the developer
has long since left the building.
Let's make the api explicit in it setting the list pointer
to null.
Cynical Prediction: This code will expose a attempt
to use the NULL'ed list pointer in some obscure bit
of code.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Current cleanup is for unset values or variables that are not used anymore.
Regarding ospfd/ospf_vty.c: argv_find()
we'll never get it NULL, so get coststr = argv[idx]->arg;
The word Multiplier has been abbreviated to 'Mul' in
the output. This apparently is causing people
angst. Write word out.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
list_delete does not set the list pointer to NULL
Thus when we accidently use it later we happily write
off into lala land instead of crashing imediately
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Somehow F_SETLK was failing for me a couple of days ago, and not being
able to see the errno value was frustrating.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
This is a fallout from PR #1022 (zapi consolidation). In the early days,
the client daemons would allocate enough memory to send all nexthops
to zebra. Then zebra would add all nexthops to the RIB and respect
MULTIPATH_NUM only when installing the routes in the kernel. Now things
are different and the client daemons can send at most MULTIPATH_NUM
nexthops to zebra, and failure to respect that will result in a buffer
overflow. The MULTIPATH_NUM limit in the new zebra API is a small price
we pay to avoid allocating memory for each route sent to zebra.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Signed-off-by: Daniel Walton <dwalton@cumulusnetworks.com>
This fixes the following
cel-redxp-10# show debugging
Debugging Information for zebra:
Zebra debugging status:
Debugging Information for bgpd:
BGP debugging status:
Debugging Information for watchfrr:
% Command incomplete.
% Command incomplete.
cel-redxp-10#
This fixes the broken indentation of several foreach loops throughout
the code.
From clang's documentation[1]:
ForEachMacros: A vector of macros that should be interpreted as foreach
loops instead of as function calls.
[1] http://clang.llvm.org/docs/ClangFormatStyleOptions.html
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Signed-off-by: Daniel Walton <dwalton@cumulusnetworks.com>
VARIABLE tokens must be all uppercase, this allows us to support WORD
tokens that begin with an uppercase letter. The "Null0" keyword is an
example of where this is needed.
The only VARIABLE we had that wasn't already all uppercase was
ASN:nn_or_IP-address:nn
When matching user input against a CLI graph, we keep a stack of tokens
matched. Stack size was limited to 64, making the effective number of
tokens that could be entered on a line 64. This is too limiting in some
circumstances, so bump it to 256 (and document it).
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Tentative thread-safety support for zlog. Functions designed to be
called from signal handlers are not mt-safe.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
There exists situations where it is possible to have duplicate
nexthops passed from a higher level protocol into zebra.
This code notices this duplication of nexthops and marks
the duplicates as DUPLICATE so we don't attempt to install
it into the kernel.
This is important on *BSD as I understand it because passing
duplicate nexthops will cause the route to be rejected.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
1) Some hash key functions where converting pointers
directly to a 32 bit value via downcasting. Pointers
are 64 bit on a majority of our platforms.
2) Some hashes were being created with 256 entries,
downsize the hash creation size to more appropriate
values.
3) Add hash names to hash creation so we can watch
the hash via 'show debugging hashtable'
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
There are 3 different implementations of is_prefix.
Standardize on is_prefix_default and fix it's implementation.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Signed-off-by: Daniel Walton <dwalton@cumulusnetworks.com>
If the user configures some command that is already in the config we
should return CMD_WARNING instead of CMD_WARNING_CONFIG_FAILED
Create a new function prefix_list_apply_which_prefix which
will return a pointer to the matching prefix that caused
the acceptance/denial.
This change will be used in future commits.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
There are a variety of cli's associated with the
'set metric ...' command. The problem that we
are experiencing is that not all the daemons
support all the varieties of the set metric
and the returned of NULL during the XXX_compile
phase for these unsupported commands is causing
issues. Modify the code base to only return
NULL if we encounter a true parsing issue.
Else we need to keep track if this metric
applies to us or not.
In the case of rip or ripngd if the metric
passed to us is greater than 16 just turn
it internally into a MAX_METRIC.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
vty_frame() can be used to reduce the amount of output produced by "show
running-config" and "write ...". It buffers output in struct vty->frame
(1024 bytes) and outputs it when vty_out is called. If vty_out isn't
called, it can be removed with vty_endframe() later.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
1. Change hostname_get to cmd_hostname_get
2. Change domainname_get to cmd_domainname_get
3. New API to set domainname
3. Provide a CLI command to set domainname
Signed-off-by: Mitesh Kanjariya <mitesh@cumulusnetworks.com>
This allows running the daemons inside of Linux network namespaces
without messing with an additional mount/fs namespace (or a ton of
options).
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
This uses zmq_getsockopt(ZMQ_FD) to create a libfrr read event, which
then wraps zmq_poll and calls an user-specified ZeroMQ read handler.
It's wrapped in a separate library in order to make ZeroMQ support an
installation-time option instead of build-time.
Extended to support per-message and per-fragment callbacks as discussed
with Bingen in PR #566.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
This provides an API to pass around extra information for errors, more
than a simple return value can carry. This is particularly used for the
Cap'n Proto interface to be able to report more useful errors.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
blackhole support was horribly broken. cleanup by removing blackhole
stuff from ZEBRA_FLAG_*
introduces support for "prohibit" routes (Linux/netlink only)
also clean up blackhole options on "ip route" vty commands.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
FLAG_BLACKHOLE is used for different things in different places. remove
it from the zclient API, instead indicate blackholes as proper nexthops
inside the message.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Specifically, gcc 4.2.1 on OpenBSD 6.0 warns about these; they're bogus
(gcc 4.2, being rather old, isn't quite as "intelligent" as newer
versions; the newer ones apply more logic and less warnings.)
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
In certain situations, the CLI matcher would not handle ambiguous
commands properly. If it found an ambiguous result in a lower subgraph,
the ambiguous result would not correctly propagate up to previous frames
in the resolution DFS as ambiguous; instead it would propagate up as a
non-match, which could subsequently be overridden by a partial match.
Example CLI space:
show ip route summary
show ip route supernet-only
show ipv6 route summary
Entering `show ip route su` would result in an ambiguous resolution for
the `show ip route` subgraph but would propagate up to the `show ip`
subgraph as a no-match, allowing `ip` to partial-match `ipv6` and
execute that command.
In this example entering `show ip route summary` would disambiguate the
`show ip` subgraph. So this bug would only appear when entering input
that caused ambiguities in at least two parallel subgraphs.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Add the RMAP_COMPILE_SUCCESS and switch over to using it.
Refactoring allows a removal of a if statement to just
use the switch statement already in place. Additionally
the reworking cleans up memory freeing in a couple of spots.
In one spot we no longer will leak memory too.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Set default hostname in frr to unix hostname.
Provide APIs to get the hostname/domaninanme
Use this APIs where needed
Signed-off-by: Mitesh Kanjariya <mitesh@cumulusnetworks.com>
If we assign MULTIPATH_NUM to be 256, this causes issues
for us since 256 is bigger than a u_char. So let's make
the api's multipath_num to be a u_int16_t and pass it
around as a word.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Some differences compared to the old API:
* Now the redistributed routes are sent using address-family
independent messages (ZEBRA_REDISTRIBUTE_ROUTE_ADD and
ZEBRA_REDISTRIBUTE_ROUTE_DEL). This allows us to unify the ipv4/ipv6
zclient callbacks in the client daemons and thus remove a lot of
duplicate code;
* Now zebra sends all nexthops of the redistributed routes to the client
daemons, not only the first one. This shouldn't have any noticeable
performance implications and will allow us to remove an ugly exception
we had for ldpd (which needs to know all nexthops of the redistributed
routes). The other client daemons can simply ignore the nexthops if
they want or consult just the first one (e.g. ospfd/ospf6d/ripd/ripngd).
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
With prefix_ptr or prefix_ls, there can still be stuff in a struct
prefix that we shouldn't hash.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Also fixes misuse of vector_slot() - that one doesn't check for access
beyond end of vector...
And print node names in grammar sandbox "printall".
Fixes: #543
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Register add/delete hooks with the prefix list code to properly change
ospf6_area's prefix list in/out pointers.
There are 2 other uncached uses of prefix lists in the ASBR route-map
code and the interface code; these should probably be cached too. (To
be fixed another day...)
Fixes: #453
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
if we're using --terminal, the daemon may in some cases exit fast enough
for the parent to see this; this resulted in a confusing/bogus "failed
to start, exited 0" message.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
adds a new all-daemon "debug memstats-at-exit" command. Also saves
memstats to a file in /tmp, useful if a long-running daemon is having
weird issues (e.g. in a user install).
Fixes: #437
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
As noticed in 657cde1, the zapi_ipv[4|6]_route functions are broken in
many ways and that's the reason that many client daemons (e.g. ospfd,
isisd) need to send handcrafted messages to zebra.
The zapi_route() function introduced by Donald solves the problem
by providing a consistent way to send ipv4/ipv6 routes to zebra with
nexthops of any type, in all possible combinations including IPv4 routes
with IPv6 nexthops (for BGP unnumbered routes).
This patch goes a bit further and creates two new address-family
independent ZAPI message types that the client daemons can
use to advertise route information to zebra: ZEBRA_ROUTE_ADD and
ZEBRA_ROUTE_DELETE. The big advantage of having address-family independent
messages is that it allows us to remove a lot of duplicate code in zebra
and in the client daemons.
This patch also introduces the zapi_route_decode() function. It will be
used by zebra to decode route messages sent by the client daemons using
zclient_route_send(), which calls zapi_route_encode().
Later on we'll use this same pair of encode/decode functions to
send/receive redistributed routes from zebra to the client daemons,
taking the idea of removing code duplication to the next level.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
This patch introduces the following changes to the zapi_route structure
and associated code:
* Use a fixed-size array to store the nexthops instead of a pointer. This
makes the zapi_route() function much easier to use when we have multiple
nexthops to send. It's also much more efficient to put everything on
the stack rather than allocating an array in the heap every time we
need to send a route to zebra;
* Use the new 'zapi_nexthop' structure. This will allow the client daemons
to send labeled routes without having to allocate memory for the labels
(the 'nexthop' structure was designed to be memory efficient and doesn't
have room for MPLS labels, only a pointer). Also, 'zapi_nexthop' is more
compact and more clean from an API perspective;
* Embed the route prefix inside the zapi_route structure. Since the
route's prefix is sent along with its nexthops and attributes, it makes
sense to pack everything inside the same structure.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
route_node->lock is "const" if --enable-dev-build is used. This is done
to deter people from messing with internals of the route_table...
unfortunately, the inline'd route_[un]lock_node runs into this.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Change all callers of IPV4_ADDR_SAME() to pass a pointer to a struct in_addr
Use assignment and comparison instead of memcpy() and memcmp(). Avoids function
calls. Faster.
Signed-off-by: Jorge Boncompte <jbonor@gmail.com>
Convert the work queue implementation to not use the generic linked list
to mantain the item list and use instead a simple queue from queue.h that
does not allocate memory for each node.
Signed-off-by: Jorge Boncompte <jbonor@gmail.com>
The simple queue implementation in OpenBSD and FreeBSD are called diferently,
standardize in the use of the FreeBSD version and map the missing names only
if we compile on OpenBSD.
Signed-off-by: Jorge Boncompte <jbonor@gmail.com>
This allows modules to register their own additional hooks on interface
creation/deletion.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Start creating a counterpart to frr_init and frr_late_init.
Unfortunately, some daemons don't do any exit handling, this doesn't
change that just yet.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Allow registering callbacks with a priority value used to order them
relative to each other. Plus a reverse variant that just flips the
direction on priorities.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
The specific code here needs to establish an absolute order of more
specific to less specific possible matches in a prefix list. This is
indirectly checked by an assert on insertion, because the "next best"
entry is required to be consistent even when joining multiple chains
of candidates.
Unfortunately, trie_install_fn() would insert entries too far ahead in
the chain if another entry with higher sequence number was seen. This
breaks the trie and (rightfully) triggers the assertion failure on
insert.
Fixes: #937
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
c9c8d0d ("lib: close stdin/out/err in non-terminal case") overshot its
goal and closes stdin/stdout/stderr even when a daemon is running in
foreground. That means stdout logging & exit memory reporting are both
broken.
Reported-by: Lou Berger <lberger@labn.net>
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
ospfd crashes upon configuring multi-instance ospf
i.e 'router ospf x'.
ospfd can return CMD_NOT_MY_INSTANCE which
is not supported in lib/commands
Support two of the error codes
CMD_NOT_MY_INSTANCE and CMD_WARNING_CONFIG_FAILED
Signed-off-by: Chirag Shah <chirag@cumulusnetworks.com>
