Add the show isis flex-algo command to display the elected Flex-Algo
definitions and states (enabled/disabled).
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Add an optional algorithm argument to "show isis route" command.
Signed-off-by: Eric Kinzie <ekinzie@labn.net>
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Add an optional algorithm argument to "show isis topology" command.
Signed-off-by: Eric Kinzie <ekinzie@labn.net>
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Add flex-algo information ID to the SPF extreme debug mode.
Signed-off-by: Eric Kinzie <ekinzie@labn.net>
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Append an optional parameter to "show isis route [prefix-sid]" that
formats the output as a JSON array.
Signed-off-by: Eric Kinzie <ekinzie@labn.net>
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Show Prefix-SIDs and labels for all available Flex-Algos.
Signed-off-by: Eric Kinzie <ekinzie@labn.net>
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
fix typo in indef fabricd comment
Fixes: 20bd27e2aa ("isisd, yang: add configuration model and callback stubs")
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Add affinity-map hooks to check the utilization of affinity-map in
flex-algo contexts before its deletion and to update local TLVs when the
affinity-map bit-position is updated.
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
As isis_route_verify_merge() builds a new route table, each (src,dst)
new node in the table is created by merging data from the same (src,dst)
pair present in all route tables. However, as it iterates over those
route nodes and copies SR data into the newly created node, it repeatedly
overwrites the isis_route_info pointer. This, in turn, pollutes the
isis_route_info structures in all of the other tables with partially
updated SR data.
After a route is deleted, this leaves pointers to freed memory in one
of the route trees.
Fixes: 26b0598f6b ("isisd: fix isis_route_merge_verify logic")
Signed-off-by: Eric Kinzie <ekinzie@labn.net>
Create a temporary "merge" route table that contains the routing
information from all algorithms and install the merge route table
into the FIB.
Signed-off-by: Hiroki Shirokura <hiroki.shirokura@linecorp.com>
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Take into account the flex-algo affinity constraints to compute the SPF
tree.
Signed-off-by: Hiroki Shirokura <hiroki.shirokura@linecorp.com>
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Deal with the packing and unpacking of following Flex-Algo
Sub-Sub-TLVs:
- Router Capability (already defined TLV 242)
- List of the Flex-Algo Definitions (Sub-TLV 26)
- Exclude admin group (Sub-Sub-TLV 1)
- Include-any admin group (Sub-Sub-TLV 2)
- Include-all admin group (Sub-Sub-TLV 3)
- Flags (for prefix-metric) (Sub-Sub-TLV 4)
This commit splits data into multiple router capability TLVs if needed
because a TLV cannot contains more than 255 bytes.
Note that the list of SR Algorithm (Sub-TLV 19) within Router Capability
(TLV 242) is already set in a previous commit.
Signed-off-by: Hiroki Shirokura <hiroki.shirokura@linecorp.com>
Signed-off-by: Eric Kinzie <ekinzie@labn.net>
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Add the support of ASLA with the following TLV:
- Extended IS Reachability (already defined TLV 22)
- Application-Specific Link Attributes (Sub-TLV 16)
(to enable the Flex-Algo flag on a link)
- Admin-group (Sub-Sub-TLV 3)
- Extended Admin-group (Sub-Sub-TLV 14)
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Add the frontend functions for the flex-algo configuration.
Signed-off-by: Hiroki Shirokura <hiroki.shirokura@linecorp.com>
Signed-off-by: Eric Kinzie <ekinzie@labn.net>
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Add the backend functions for the flex-algo configuration.
Signed-off-by: Hiroki Shirokura <hiroki.shirokura@linecorp.com>
Signed-off-by: Eric Kinzie <ekinzie@labn.net>
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Adds basic functionality to Flex-Algo for IS-IS wrapping lib/flex_algo.
The configuration interface will be added in the next commit.
Signed-off-by: Hiroki Shirokura <hiroki.shirokura@linecorp.com>
Signed-off-by: Eric Kinzie <ekinzie@labn.net>
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Define the IS-IS flex-algo structure in yang, the CLI configuration
commands and the skeletons of frontend and backend functions that are
called by the CLI code.
Signed-off-by: Hiroki Shirokura <hiroki.shirokura@linecorp.com>
Signed-off-by: Eric Kinzie <ekinzie@labn.net>
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Add the ability to configure a Segment-Routing prefix SID for a given
algorithm. For example:
> segment-routing prefix 10.10.10.10/32 algorithm 128 index 100
Signed-off-by: Hiroki Shirokura <hiroki.shirokura@linecorp.com>
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Add the ability to configure a Segment-Routing prefix SID for a given
algorithm. For example:
> segment-routing prefix 10.10.10.10/32 algorithm 128 index 100
Signed-off-by: Hiroki Shirokura <hiroki.shirokura@linecorp.com>
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Basically in frrouting source code principle,
the log string should not be a complicated abstraction
or streamlined for grep.
But for log format for the "TLV size does not match ..."
can be unified, which makes development easier.
> $ grep "TLV size does not match expected size for" isisd/isis_tlvs.c
> "TLV size does not match expected size for Administrative Group!\n");
> "TLV size does not match expected size for Local IPv6 address!\n");
> ...(snip)...
> "TLV size does not match expected size for Adjacency SID!\n");
> "TLV size does not match expected size for Adjacency SID!\n");
> "TLV size does not match expected size for Adjacency SID!\n");
> "TLV size does not match expected size for LAN-Adjacency SID!\n");
> "TLV size does not match expected size for LAN-Adjacency SID!\n");
> "TLV size does not match expected size for LAN-Adjacency SID!\n");
>
> $ grep "TLV size does not match expected size for" isisd/isis_tlvs.c | wc -l
> 25
Signed-off-by: Hiroki Shirokura <hiroki.shirokura@linecorp.com>
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Many of the enum definitions defined in isis_tlvs.h
are often extended at the end. The c/c++ allows
commas at the end of a list. This commit simplifies
the patching of later extensions.
Signed-off-by: Hiroki Shirokura <hiroki.shirokura@linecorp.com>
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Before this commit, there was only one sr psid info
included in route_info.
In fact, in RFC8667, Algorithm ID, which is a property of
Prefix-SID, has 8 bits of information. That is, each Prefix
can hold up to 256 Prefix-SIDs. This commit implements it.
The previously implemented single Prefix-SID will be
continued as Algorithm 0.
Signed-off-by: Hiroki Shirokura <hiroki.shirokura@linecorp.com>
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Prefix-SID nexthops and backup nexthops are stored respectively in
isis_route_info->nexthops and isis_route_info->backup->nexthops.
With Flex-Algo, there are multiple Prefix-SIDs for a single prefix in
different algorithms. Each of these Prefix-SIDs performs SPF calculation
with a separate contract and sets a nexthops, so it is necessary to
store a different set nexthops for each Prefix-SID.
Add a nexthops and backup nethops list into the Prefix-SID
isis_sr_psid_info struct and use these lists instead of the when needed
After this commit, the nexthops for each Prefix-SID is not
taken from route_info, but the nexthop set inside the
Prefix-SID is taken. This works for backup nexthops as well.
Signed-off-by: Hiroki Shirokura <hiroki.shirokura@linecorp.com>
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Refactor IP reachability lsp build to comply with checkpatch:
> WARNING: Too many leading tabs - consider code refactoring
No code logic change.
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
isis_tlvs_add_extended_ip_reach adds IS-IS Extended
IP reachability to the LSP. In this case, if the
pcfg argument is not NULL, you can add IGP
Prefix-SID as its sub tlv.
Before this commit, only one Prefix-SID can be added.
After this commit, the argument is not a single
pointer but an array of pointers, and multiple
Prefix-SIDs can be added.
This feature is necessary because Flex-Algo
requires multiple Prefix-SIDs for each Algorithm.
Signed-off-by: Hiroki Shirokura <hiroki.shirokura@linecorp.com>
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Before this commit, SR_ALGORITHM_COUNT was set to 2,
and each was hardcoded with router capability tlv.
When Flex-Algo is supported, SR-Algorithm may be
variably supported up to 256.
Signed-off-by: Hiroki Shirokura <hiroki.shirokura@linecorp.com>
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
SR Algorithms are independent of specific IGPs
such as IS-IS. This commit adds lib/sr to
aggregate IGP agnostic functions and constants.
Signed-off-by: Hiroki Shirokura <hiroki.shirokura@linecorp.com>
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
The information in prefix-sid has a new property
called algorithm id. This is used to identify
the algorithm that separates it in the same IGP
network. This is used in Flex-Algo.In all other
cases, the algorithm id is basically 0.
Signed-off-by: Hiroki Shirokura <hiroki.shirokura@linecorp.com>
Signed-off-by: Eric Kinzie <ekinzie@labn.net>
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
The information in prefix-sid has a new property
called algorithm id. This is used to identify
the algorithm that separates it in the same IGP
network. This is used in Flex-Algo.In all other
cases, the algorithm id is basically 0.
Signed-off-by: Hiroki Shirokura <hiroki.shirokura@linecorp.com>
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
The spftree has a new property called algorithm
which is id used to identify the algorithm that
separates it in the same IGP network. This is
used in Flex-Algo. In other cases than Flex-Algo,
the algorithm id is always zero.
Signed-off-by: Hiroki Shirokura <hiroki.shirokura@linecorp.com>
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Following the modification of the edge key in link state database
this patch updates the isis_te.c file to replace the old uint64_t edge key by
the new ls_edge_key structure.
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
When passing a prefix into a function let's pass by address instead
of pass by value. Let's save our stack space.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
If log-pdu-drops is configured, create an INFO log that displays the PDU type and drop counts when a PDU drop is detected.
Example logs:
2023/03/30 23:54:59.749 ISIS: [VAS9N-1JNNR] PDU drop detected of type: P2P IIH. 1 Total Drops; 0 L1 IIH drops; 0 L2 IIH drops; 1 P2P IIH drops; 0 L1 LSP drops; 0 L2 LSP drops; 0 FS LSP drops; 0 L1 CSNP drops; 0 L2 CSNP drops; 0 L1 PSNP drops; 0 L2 PSNP drops.
2023/03/30 23:54:59.848 ISIS: [VAS9N-1JNNR] PDU drop detected of type: P2P IIH. 2 Total Drops; 0 L1 IIH drops; 0 L2 IIH drops; 2 P2P IIH drops; 0 L1 LSP drops; 0 L2 LSP drops; 0 FS LSP drops; 0 L1 CSNP drops; 0 L2 CSNP drops; 0 L1 PSNP drops; 0 L2 PSNP drops.
Code changes:
Add a new PDU counter function that increments the drop counter and runs the logging functionality if log-pdu-drops is configured.
Signed-off-by: Isabella de Leon <ideleon@microsoft.com>
New config functionality:
r1# conf
r1(config)# router isis 1
r1(config-router)# log-
log-adjacency-changes Log changes in adjacency state
log-pdu-drops Log any dropped PDUs
r1(config-router)# log-pdu-drops
r1(config-router)# end
Signed-off-by: Isabella de Leon <ideleon@microsoft.com>
It is not possible to create an adjacency by using interface
addresses within the `169.254.0.0/24` pool.
When forging the IIH messages, the interface addresses from
that pool are not appended:
> Neither IPv4 nor IPv6 considered usable. Ignoring IIH
Using this network pool is possible on other IS-IS
implementations. Let us authorize to use such network
addresses.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Subnets may be incorrectly created in the IS-IS Traffic Engineering Database
(TED). Indeed, to be usable, the subnets advertised by IS-IS peers must be
adjusted to avoid misinterpretation. For example, consider R1 which is
connected to R2 with IP addresses 10.0.0.1/24 (R1) and 10.0.0.2/24 (R2).
R1 and R2 will advertize the prefix 10.0.0.0/24. By leaving the subnet with the
prefix 10.0.0.0/24 in the TED, it is not possible to determine whether
10.0.0.1 is attached to R1 or R2 or whether 10.0.0.3 exists.
So to avoid this, the subnet prefixes are adjusted with the IP addresses of the
local interface. But IS-IS can start to advertise the subnet when not all
adjacencies are up, especially when IPv4 and IPv6 are configured on the same
interface. This results in an uncorrected prefix, e.g. 10.0.0.0/24, remaining
in the TED when it should be removed.
This problem affects some isis-related tests such as the CSPF test.
This patch fixes this bug by removing the uncorrected prefix before adding the
the corrected version.
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
Adding a new drop counters section to "show isis summary".
New output:
Drop counters per PDU type:
P2P IIH: <count>
L2 LSP: <count>
L2 CSNP: <count>
L2 PSNP: <count>
...
Before:
r1# show isis summary
vrf : default
Process Id : 972
System Id : 0000.0000.0001
Up time : 00:00:48 ago
Number of areas : 1
Area TE:
Net: 49.0000.0000.0000.0001.00
TX counters per PDU type:
P2P IIH: 36
L2 LSP: 8
L2 CSNP: 12
L2 PSNP: 11
RX counters per PDU type:
P2P IIH: 37
L2 LSP: 17
L2 CSNP: 12
L2 PSNP: 6
Advertise high metrics: Disabled
...
After:
r1# show isis summary
vrf : default
Process Id : 972
System Id : 0000.0000.0001
Up time : 00:00:19 ago
Number of areas : 1
Area TE:
Net: 49.0000.0000.0000.0001.00
TX counters per PDU type:
P2P IIH: 16
L2 LSP: 2
L2 CSNP: 4
L2 PSNP: 6
LSP RXMT: 0
RX counters per PDU type:
P2P IIH: 16
L2 LSP: 5
L2 CSNP: 4
L2 PSNP: 2
Drop counters per PDU type:
P2P IIH: 2
Advertise high metrics: Disabled
...
Signed-off-by: Isabella de Leon <ideleon@microsoft.com>
Effectively a massive search and replace of
`struct thread` to `struct event`. Using the
term `thread` gives people the thought that
this event system is a pthread when it is not
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
This is a first in a series of commits, whose goal is to rename
the thread system in FRR to an event system. There is a continual
problem where people are confusing `struct thread` with a true
pthread. In reality, our entire thread.c is an event system.
In this commit rename the thread.[ch] files to event.[ch].
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
This path replaces isisd_format_id, sysid_print, snpa_print, rawlspid_print and
isonet_print functions by the new printfrr ISO System ID & Network Address
format facilities. It also updates the isisd code to the new iso_address
structure defined in lib/iso.h
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
Add a hash_clean_and_free() function as well as convert
the code to use it. This function also takes a double
pointer to the hash to set it NULL. Also it cleanly
does nothing if the pointer is NULL( as a bunch of
code tested for ).
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
Implement advertise-high-metrics set function - when advertise-high-metrics is configured, iterate through each isis interface and update each metric to its high metric value. When advertise-high-metrics is disabled, revert each interface's metric to its originally configured value.
Signed-off-by: Isabella de Leon <ideleon@microsoft.com>
New config and show functionality:
r1# conf
r1(config)# router isis 1
r1(config-router)#
advertise-high-metrics Advertise high metric value on all interfaces
area-password Configure the authentication password for an area
...
r1(config-router)# advertise-high-metrics
r1(config-router)# end
r1# show isis summary
...
Area 1:
Net: 49.0001.1720.1700.0002.00
TX counters per PDU type:
L2 IIH: 1
P2P IIH: 36
LSP RXMT: 0
RX counters per PDU type:
Advertise high metrics: Enabled
Level-2:
...
r1# conf
r1(config)# router isis 1
r1(config-router)# no advertise-high-metrics
r1(config-router)# end
r1# show isis summary
...
Area 1:
Net: 49.0001.1720.1700.0002.00
TX counters per PDU type:
L2 IIH: 1
P2P IIH: 45
LSP RXMT: 0
RX counters per PDU type:
Advertise high metrics: Disabled
Level-2:
...
r1#
Signed-off-by: Isabella de Leon <ideleon@microsoft.com>
New configuration to pad ISIS hello packets during adjacency formation only.
Signed-off-by: Diogo Oliveira <14191454+dorDiogo@users.noreply.github.com>
Before:
isisd generates its initial lsp before fully processing the written config. Ex: lsp_generate() is called in isis_instance_area_address_create(), before other configs that may affect the lsp are loaded in, like set-overload-bit.
After:
isisd generates its initial lsp as soon as the config is fully processed. This was done by utilizing the initialization config callbacks, similar to bgp's implementation.
Signed-off-by: Isabella de Leon <ideleon@microsoft.com>
Use the already existing mpls label code to store VNI
info for vxlan. VNI's are defined as labels just like mpls,
we should be using the same code for both.
This patch is the first part of that. Next we will need to
abstract the label code to not be so mpls specific. Currently
in this, we are just treating VXLAN as a label type and storing
it that way.
Signed-off-by: Stephen Worley <sworley@nvidia.com>
Add to the Extended IS Reachability TLV the support of Extended
Administrative-Groups (RFC7308)
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Apply the TE_EXT_MASK mask to display a 24 bits instead of a wrong 32
bits value that includes unrelated bits.
Fixes: 1b3f47d04c ("isisd: Update TLVs processing for TE, RI & SR")
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Passing a pre-formatted buffer in these places needs a `"%s"` in front
so it doesn't get formatted twice.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Use a larger storage to keep the `time_t` that is platform agnostic and
use the appropriated printing primitive.
Found by Coverity Scan (CID 1519793)
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
Fix the case area is NULL.
Fixes: acc0029779 ("isisd: fix potential access to NULL pointer in isis_route_update")
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
The IS-IS SR code was missing a use of `PROTO_NAME`, making fabricd
collide with the isisd CLI command.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Rather than running selected source files through the preprocessor and a
bunch of perl regex'ing to get the list of all DEFUNs, use the data
collected in frr.xref.
This not only eliminates issues we've been having with preprocessor
failures due to nonexistent header files, but is also much faster.
Where extract.pl would take 5s, this now finishes in 0.2s. And since
this is a non-parallelizable build step towards the end of the build
(dependent on a lot of other things being done already), the speedup is
actually noticeable.
Also files containing CLI no longer need to be listed in `vtysh_scan`
since the .xref data covers everything. `#ifndef VTYSH_EXTRACT_PL`
checks are equally obsolete.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Fix potential access to NULL pointer in isis_route_update even if it is
not related with the fast-reroute implementation.
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
If ISIS is running on an IPv6 only topology, the command "spf interval"
has no effect.
Only the IPv4 SPF tree timers are taken into account.
Base the next SPF scheduling on the last running SPF tree.
Fixes: be985ba059 ("isisd: make use of advanced concepts like arrays and loops")
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
When disabling and re-enabling the "mpls-te on" command, the LS TED
database is deleted but not re-created.
Cleanup the LS TED database instead of deleting it when disabling
"mpls-te".
Fixes: 1fa6385040.. ("isisd: Correct Valgrind errors")
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
If MPLS TE is enabled, the router encodes the local and remote interface
IP address in the "Extended Reachability" TLV.
> east-vm(config)# do show isis database detail east-vm.00-00
> Extended Reachability: 0007.e901.3333.00 (Metric: 10)
> Local Interface IP Address(es): 10.126.0.2
> Remote Interface IP Address(es): 10.126.0.3
> Maximum Bandwidth: 1.76258e+08 (Bytes/sec)
The remote interface is added when the circuit adjacency comes up after
setting MPLS TE. However, if MPLS TE is enabled after, the remote
address is not added. It happens after disabling and re-enabling the
MPLS TE.
> east-vm(config)# router isis 1
> east-vm(config-router)# no mpls on
> east-vm(config-router)# mpls on
> east-vm(config)# do show isis database detail east-vm.00-00
> Extended Reachability: 0007.e901.3333.00 (Metric: 10)
> Local Interface IP Address(es): 10.126.0.2
> Maximum Bandwidth: 1.76258e+08 (Bytes/sec)
Update the remote IPv4 and IPv6 of all adjacencies after enabling MPLS
TE.
Fixes: 1b3f47d04c ("isisd: Update TLVs processing for TE, RI & SR")
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
isis_ifp_down() may in some circumstances be called twice on a down
interface event.
Avoid applying fast-reroute on an already down interface.
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
When an IS-IS interface is coming down, fast-reroute may be triggered
twice: a first time after the detection of the interface down event and
a second time after the detection of the adjacency down (because of the
expiration of the ISIS Hello or BFD timers).
Avoid a BFD down event from running fast-reroute another time if the
interface was already detected down.
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Backup routes are sent to zebra by routing daemons such as isisd so that
the dataplane can pre-install them with a lower priority. When an
interface comes down, the associated primary routes are discarded by the
dataplane and the backup ones take over.
However, some dataplanes (e.g. Netlink ones) do not pre-install the
backup routes. Associated prefixes have no next-hop until SPF is
recomputed.
Apply fast-reroute as soon as an interface falls down by sending route
UPDATEs to zebra.
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Allow the nexthoplookup function to return the first nexthop found on
ifindex interface if the IP is unspecified.
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
When a adjacency falls down, the primary routes are not deleted on the
dataplane until the SPF is recomputed. Even the backup routes are
pre-installed on the dataplane, there is no fast-route optimization.
Reasons for an adjacency to come down are:
- BFD down
- Hello timer timeout
- User adjacency clear
Apply the backup route switchover for fast-reroute as soon an IS-IS
adjacency falls down before the first SPF re-computation. Pre-computed
backup routes are applied sooner.
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
There are lib debugs being set but never show up in
`show debug` commands because there was no way to show
that they were being used. Add a bit of infrastructure
to allow this and then use it for `debug route-map`
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
When fabricd is configured to use an interface and there will be
no peers out that interface, the log file is filling up with:
Oct 04 10:50:03 host2 fabricd[1444769]: [HHXDJ-1DA93] ISIS-Adj (1): Threeway state change Initializing to Up
Oct 04 10:50:03 host2 fabricd[1444769]: [R18GA-MS9R7] OpenFabric: Started initial synchronization with 1111.1111.1111 on enp1s0f1np1
Oct 04 10:50:06 host2 fabricd[1444769]: [HHXDJ-1DA93] ISIS-Adj (1): Threeway state change Up to Initializing
Oct 04 10:50:07 host2 fabricd[1444769]: [NT6J7-1RYRF] OpenFabric: Initial synchronization on enp1s0f1np1 timed out!
Oct 04 10:50:07 host2 fabricd[1444769]: [R18GA-MS9R7] OpenFabric: Started initial synchronization with 3333.3333.3333 on enp1s0f0np0
Oct 04 10:50:08 host2 fabricd[1444769]: [HHXDJ-1DA93] ISIS-Adj (1): Threeway state change Up to Initializing
Oct 04 10:50:11 host2 fabricd[1444769]: [NT6J7-1RYRF] OpenFabric: Initial synchronization on enp1s0f0np0 timed out!
Oct 04 10:50:11 host2 fabricd[1444769]: [HHXDJ-1DA93] ISIS-Adj (1): Threeway state change Initializing to Up
Oct 04 10:50:11 host2 fabricd[1444769]: [R18GA-MS9R7] OpenFabric: Started initial synchronization with 1111.1111.1111 on enp1s0f1np1
Oct 04 10:50:14 host2 fabricd[1444769]: [HHXDJ-1DA93] ISIS-Adj (1): Threeway state change Up to Initializing
Oct 04 10:50:15 host2 fabricd[1444769]: [NT6J7-1RYRF] OpenFabric: Initial synchronization on enp1s0f1np1 timed out!
Oct 04 10:50:16 host2 fabricd[1444769]: [R18GA-MS9R7] OpenFabric: Started initial synchronization with 1111.1111.1111 on enp1s0f1np1
Oct 04 10:50:18 host2 fabricd[1444769]: [HHXDJ-1DA93] ISIS-Adj (1): Threeway state change Initializing to Up
The `Threeway state change..` message is guarded by a debug, but the other 2 are not.
Let's guard those with debugs since the log will be filled up rather quickly
with any sort of aggressive timers.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
Before:
r1# conf
r1(config)# router isis <area-tag>
r1(config-router)# set-overload-bit
<cr>
r1(config-router)# end
After:
r1# conf
r1(config)# router isis <area-tag>
r1(config-router)# set-overload-bit
<cr>
on-startup Set overload bit on startup
r1(config-router)# set-overload-bit on-startup
(0-86400) Set overload time in seconds
r1(config-router)# set-overload-bit on-startup 300
r1(config-router)# end
Signed-off-by: Isabella de Leon <ideleon@microsoft.com>
==2623619==
==2623619== 6 bytes in 1 blocks are definitely lost in loss record 3 of 75
==2623619== at 0x483877F: malloc (vg_replace_malloc.c:307)
==2623619== by 0x4B55E4A: strdup (strdup.c:42)
==2623619== by 0x493C992: qstrdup (memory.c:128)
==2623619== by 0x1A9212: isis_instance_fast_reroute_level_1_remote_lfa_prefix_list_modify (isis_nb_config.c:1599)
==2623619== by 0x494837C: nb_callback_modify (northbound.c:1083)
==2623619== by 0x4948C6E: nb_callback_configuration (northbound.c:1352)
==2623619== by 0x494919D: nb_transaction_process (northbound.c:1473)
==2623619== by 0x4947DA9: nb_candidate_commit_apply (northbound.c:906)
==2623619== by 0x4947EBA: nb_candidate_commit (northbound.c:938)
==2623619== by 0x494EB9E: nb_cli_classic_commit (northbound_cli.c:64)
==2623619== by 0x494F3DC: nb_cli_apply_changes_internal (northbound_cli.c:250)
==2623619== by 0x494F4E2: nb_cli_apply_changes (northbound_cli.c:268)
==2623619== by 0x1BEF0F: isis_frr_remote_lfa_plist_magic (isis_cli.c:1899)
==2623619== by 0x1B7636: isis_frr_remote_lfa_plist (isis_cli_clippy.c:3406)
==2623619== by 0x48EBA75: cmd_execute_command_real (command.c:997)
==2623619== by 0x48EBD4E: cmd_execute_command_strict (command.c:1108)
==2623619== by 0x48EC1E6: command_config_read_one_line (command.c:1268)
==2623619== by 0x48EC35B: config_from_file (command.c:1313)
==2623619== by 0x4999CC1: vty_read_file (vty.c:2347)
==2623619== by 0x499A4AF: vty_read_config (vty.c:2567)
==2623619== by 0x4924B12: frr_config_read_in (libfrr.c:984)
==2623619== by 0x498F5E3: thread_call (thread.c:2008)
==2623619== by 0x49253DA: frr_run (libfrr.c:1198)
==2623619== by 0x14FC53: main (isis_main.c:273)
Fix this memory leak
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
Runing most of isisd tests with --valgrind-memleaks give many memory errors.
This is due to the way isisd is stopped: performing a "no router isis XXX"
through CLI solves most of them. Indeed, isis_finish() doesn't call
isis_area_destroy() leaving many allocated memory unfreed.
This patch adds call to appropriate delete function or XFREE() when necessary to
properly free all alocated memory before terminating isisd.
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
The php value is defined in yang but not properly set.
Fixes: 8f6c893629 ("isisd: add segment-routing CLI commands")
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
When creating a xfrm interface FRR is crashing when configured
with isis. This is because the weird pattern of not allocating
list's until needed and then allowing the crash when we have
a usage pattern that was not expected. Just always allocate
the different lists that a circuit needs.
(gdb) bt
(gdb)
Fixes#11432
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
Only the multi-topology command can use 'ipv4-unicast' keyword to
configure standard topology.
The remaining code: dump from show commands, and yang definition,
uses 'standard' keyword instead.
The test have not been modified. The change would consists in
modifying test_fuzz_isis_tlv_tests.h.gz:
- replacing ipv4-unicast occurences with standard
\x69\x70\x76\x34\x2d\x75\x6e\x69\x63\x61\x73\x74
with
\x73\x74\x61\x6e\x64\x61\x72\x64
- align the buffer length by removing 4 bytes per occurence
Instead, a specific isis_mtid2str_fake() routing has been
put in place in isis_tlvs.c file.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
This define is added to reflect more what the standard
topology means. Actually, the standard topology may
contain not only IPv4 protocol but also IPv6 protocol.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
When Segment Routing is disabled, if isisd received LSP with Segment Routing
information, in particular prefix SIDs, it installs corresponding MPLS entries
while it should not as SR is disabled.
This patch adds extra control to verify if SR is enabled or not before
configuring MPLS LFIB & IP FIB with prefix SIDs and adjust SR & TI-LFA
tests accordingly.
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
If ISIS is running on an IPv6 only topology, the command "spf interval"
has no effect.
Only the IPv4 SPF tree timers are taken into account.
Base the next SPF scheduling on the last running SPF tree.
Fixes: be985ba059 ("isisd: make use of advanced concepts like arrays and loops")
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
isis_ifp_down() may in some circumstances be called twice on a down
interface event.
Avoid applying fast-reroute on an already down interface.
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
When an IS-IS interface is coming down, fast-reroute may be triggered
twice: a first time after the detection of the interface down event and
a second time after the detection of the adjacency down (because of the
expiration of the ISIS Hello or BFD timers).
Avoid a BFD down event from running fast-reroute another time if the
interface was already detected down.
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Backup routes are sent to zebra by routing daemons such as isisd so that
the dataplane can pre-install them with a lower priority. When an
interface comes down, the associated primary routes are discarded by the
dataplane and the backup ones take over.
However, some dataplanes (e.g. Netlink ones) do not pre-install the
backup routes. Associated prefixes have no next-hop until SPF is
recomputed.
Apply fast-reroute as soon as an interface falls down by sending route
UPDATEs to zebra.
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Allow the nexthoplookup function to return the first nexthop found on
ifindex interface if the IP is unspecified.
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
When a adjacency falls down, the primary routes are not deleted on the
dataplane until the SPF is recomputed. Even the backup routes are
pre-installed on the dataplane, there is no fast-route optimization.
Reasons for an adjacency to come down are:
- BFD down
- Hello timer timeout
- User adjacency clear
Apply the backup route switchover for fast-reroute as soon an IS-IS
adjacency falls down before the first SPF re-computation. Pre-computed
backup routes are applied sooner.
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Memory is allocated for a `struct prefix_ipv6` but
it was directly copied into a `struct prefix` via
direct pointer copy, which leads to a read past
end of memory. Fix by using prefix_copy
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
Firstly, *keep no change* for `hash_get()` with NULL
`alloc_func`.
Only focus on cases with non-NULL `alloc_func` of
`hash_get()`.
Since `hash_get()` with non-NULL `alloc_func` parameter
shall not fail, just ignore the returned value of it.
The returned value must not be NULL.
So in this case, remove the unnecessary checking NULL
or not for the returned value and add `void` in front
of it.
Importantly, also *keep no change* for the two cases with
non-NULL `alloc_func` -
1) Use `assert(<returned_data> == <searching_data>)` to
ensure it is a created node, not a found node.
Refer to `isis_vertex_queue_insert()` of isisd, there
are many examples of this case in isid.
2) Use `<returned_data> != <searching_data>` to judge it
is a found node, then free <searching_data>.
Refer to `aspath_intern()` of bgpd, there are many
examples of this case in bgpd.
Here, <returned_data> is the returned value from `hash_get()`,
and <searching_data> is the data, which is to be put into
hash table.
Signed-off-by: anlan_cs <vic.lan@pica8.com>
That commit aim is to fix an invalid isis access to sptree when
lpd is stopping. isisd is running.
lpd and isisd are running. isis is L1 type configured.
isis_ldp_rlfa_handle_client_close function try to clear
uninitialized spftree.
Expected behavior: isisd not crashing and running.
isis_ldp_rlfa_handle_client_close not trying to clear spftree
that are not initializes due tio the configuration.
Fix: test the configured area's type avoiding to deleted
an unconfigured sptree. function isis_rlfa_handle_client_close
will be aligned on spftree_area_del function
Signed-off-by: Francois Dumontet <francois.dumontet@6wind.com>
In addition to turning on isis bfd debugging traces, the internal
bfd messaging debug is also enabled. Reversely, when isis bfd traces
are off, the internal messaging debug traces are off too.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
When lsp-mtu is configured larger than interface mtu and the interface
is brought up, the ISIS code would crash. When other vendors have this
misconfiguration they just continue ISIS running and allow the LSP
packets to be created but not sent. When the misconfiguration is corrected
the LSP packets start being sent. This change creates that same behavior
in FRR.
The startup issue I am hitting is when the isis lsp-mtu is larger that the interfaces mtu.
We run into this case when we are in the process of changing the mtu on a tunnel.
I issue a shutdown/no shutdown on the interface, because the tunnel MTU is smaller
than the lsp-mtu, it is considered an error and calls circuit_if_del. This deletes
part of the circuit information, which includes the circuit->ip_addr list. Later on we get
an address update from zebra and try to add the interface address to this list and crash.
2022/04/07 20:19:52.032 ISIS: [GTRPJ-X68CG] CSM_EVENT for tun_gw2: IF_UP_FROM_Z
calls isis_circuit_if_add
this initialize the circuit->ip_addrs
isis_circuit_up
has the mtu check circuit->area->lsp_mtu > isis_circuit_pdu_size(circuit) and fails
returns ISIS_ERROR
on failure call isis_circuit_if_del
this deletes the circiut->ip_addrs list <----
2022/04/07 20:19:52.032 ZEBRA: [NXYHN-ZKW2V] zebra_if_addr_update_ctx: INTF_ADDR_ADD: ifindex 3, addr 192.168.0.1/24
message to isisd to add address
isis_zebra_if_address_add
isis_circuit_add_addr
circuit->ip_addr we try to add the ip address to the list, but it was deleted above and isisd crashes
Signed-off-by: Lynne Morrison <lynne.morrison@ibm.com>
This has already been a requirement for Solaris, it is still a
requirement for some of the autoconf feature checks to work correctly,
and it will be a requirement for `-fms-extensions`.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
The commands:
router isis 1
mpls-te on
no mpls-te on
mpls-te on
no mpls-te on
!
Will crash
Valgrind gives us this:
==652336== Invalid read of size 8
==652336== at 0x49AB25C: typed_rb_min (typerb.c:495)
==652336== by 0x4943B54: vertices_const_first (link_state.h:424)
==652336== by 0x493DCE4: vertices_first (link_state.h:424)
==652336== by 0x493DADC: ls_ted_del_all (link_state.c:1010)
==652336== by 0x47E77B: isis_instance_mpls_te_destroy (isis_nb_config.c:1871)
==652336== by 0x495BE20: nb_callback_destroy (northbound.c:1131)
==652336== by 0x495B5AC: nb_callback_configuration (northbound.c:1356)
==652336== by 0x4958127: nb_transaction_process (northbound.c:1473)
==652336== by 0x4958275: nb_candidate_commit_apply (northbound.c:906)
==652336== by 0x49585B8: nb_candidate_commit (northbound.c:938)
==652336== by 0x495CE4A: nb_cli_classic_commit (northbound_cli.c:64)
==652336== by 0x495D6C5: nb_cli_apply_changes_internal (northbound_cli.c:250)
==652336== Address 0x6f928e0 is 272 bytes inside a block of size 320 free'd
==652336== at 0x48399AB: free (vg_replace_malloc.c:538)
==652336== by 0x494BA30: qfree (memory.c:141)
==652336== by 0x493D99D: ls_ted_del (link_state.c:997)
==652336== by 0x493DC20: ls_ted_del_all (link_state.c:1018)
==652336== by 0x47E77B: isis_instance_mpls_te_destroy (isis_nb_config.c:1871)
==652336== by 0x495BE20: nb_callback_destroy (northbound.c:1131)
==652336== by 0x495B5AC: nb_callback_configuration (northbound.c:1356)
==652336== by 0x4958127: nb_transaction_process (northbound.c:1473)
==652336== by 0x4958275: nb_candidate_commit_apply (northbound.c:906)
==652336== by 0x49585B8: nb_candidate_commit (northbound.c:938)
==652336== by 0x495CE4A: nb_cli_classic_commit (northbound_cli.c:64)
==652336== by 0x495D6C5: nb_cli_apply_changes_internal (northbound_cli.c:250)
==652336== Block was alloc'd at
==652336== at 0x483AB65: calloc (vg_replace_malloc.c:760)
==652336== by 0x494B6F8: qcalloc (memory.c:116)
==652336== by 0x493D7D2: ls_ted_new (link_state.c:967)
==652336== by 0x47E4DD: isis_instance_mpls_te_create (isis_nb_config.c:1832)
==652336== by 0x495BB29: nb_callback_create (northbound.c:1034)
==652336== by 0x495B547: nb_callback_configuration (northbound.c:1348)
==652336== by 0x4958127: nb_transaction_process (northbound.c:1473)
==652336== by 0x4958275: nb_candidate_commit_apply (northbound.c:906)
==652336== by 0x49585B8: nb_candidate_commit (northbound.c:938)
==652336== by 0x495CE4A: nb_cli_classic_commit (northbound_cli.c:64)
==652336== by 0x495D6C5: nb_cli_apply_changes_internal (northbound_cli.c:250)
==652336== by 0x495D23E: nb_cli_apply_changes (northbound_cli.c:268)
Let's null out the pointer. After this change. Valgrind no longer reports issues
and isisd no longer crashes.
Fixes: #10939
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
When using bfd on a single level, one may access a null pointer
list. Prevent from using it.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
isis_tlvs.c would fail at multiple places if incorrect TLVs were
received causing stream assertion violations.
This patch fixes the issues by adding missing length checks, missing
consumed length updates and handling malformed Segment Routing subTLVs.
Signed-off-by: Juraj Vijtiuk <juraj.vijtiuk@sartura.hr>
Small adjustments by Igor Ryzhov:
- fix incorrect replacement of srgb by srlb on lines 3052 and 3054
- add length check for ISIS_SUBTLV_ALGORITHM
- fix conflict in fuzzing data during rebase
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Default metric is not correctly propagated to Link State client due to a
missing flag on Link State Attributes. This patch correct the problem.
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
VRF name should not be printed in the config since 574445ec. The update
was done for NB config output but I missed it for regular vty output.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
lib/zclient.h was missing from #includes so compiler
was rightly complaining about undefined structure.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
Currently, it is possible to rename the default VRF either by passing
`-o` option to zebra or by creating a file in `/var/run/netns` and
binding it to `/proc/self/ns/net`.
In both cases, only zebra knows about the rename and other daemons learn
about it only after they connect to zebra. This is a problem, because
daemons may read their config before they connect to zebra. To handle
this rename after the config is read, we have some special code in every
single daemon, which is not very bad but not desirable in my opinion.
But things are getting worse when we need to handle this in northbound
layer as we have to manually rewrite the config nodes. This approach is
already hacky, but still works as every daemon handles its own NB
structures. But it is completely incompatible with the central
management daemon architecture we are aiming for, as mgmtd doesn't even
have a connection with zebra to learn from it. And it shouldn't have it,
because operational state changes should never affect configuration.
To solve the problem and simplify the code, I propose to expand the `-o`
option to all daemons. By using the startup option, we let daemons know
about the rename before they read their configs so we don't need any
special code to deal with it. There's an easy way to pass the option to
all daemons by using `frr_global_options` variable.
Unfortunately, the second way of renaming by creating a file in
`/var/run/netns` is incompatible with the new mgmtd architecture.
Theoretically, we could force daemons to read their configs only after
they connect to zebra, but it means adding even more code to handle a
very specific use-case. And anyway this won't work for mgmtd as it
doesn't have a connection with zebra. So I had to remove this option.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Pointers to the adjacency must be cleared only when the adjacency is
deleted. Otherwise, when the ISIS router is deleted later, the adjacency
is not deleted and a crash happens because of UAF.
Fixes#10209.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
YANG leaf means "enable" while CLI command is "disable".
So we should use "no" when the leaf is "true", not "false".
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Add Link State TED features to isis_te.c and new CLI to export LS TED and
show LS TED to IS-IS.
IS-IS LSPs are parse each time a new LSP event occurs in order to update
accordingly the Link State Traffic Engineering Database. LS TED could be
exported through the ZAPI Opaque message (see sharpd as example).
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
In order to provide Link State Traffic Engineering features to IS-IS, this
patch adds some modifications to base IS-IS:
- Solve bug in lsp iterate function to avoid infinite loop in isis_lsp.c by
adding condition to recurse call
- Add new trigger event to parse LSP in isis_lsp.c
- Add new TE debug flag to track Traffic Engineering events in isisd.[c,h]
- Correct small bug in isis_tlvs.c where delay and min/max delay are not
correctly handle
- Handle Opaque LSA Traffic Engineering Zebra API in isis_zebra.[c,h]
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
- Add advertisement of Global IPv6 address in IIH pdu
- Add new CLI to set IPv6 Router ID
- Add advertisement of IPv6 Router ID
- Correctly advertise IPv6 local and neighbor addresses in Extended IS and MT
Reachability TLVs
- Correct output of Neighbor IPv6 address in 'show isis database detail'
- Manage IPv6 addresses advertisement and corresponiding Adjacency SID when
IS-IS is not using Multi-Topology by introducing a new ISIS_MT_DISABLE
value for mtid (== 4096 i.e. first reserved flag set to 1)
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
Since f60a1188 we store a pointer to the VRF in the interface structure.
There's no need anymore to store a separate vrf_id field.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
We should always treat the VRF interface as a loopback. Currently, this
is not the case, because in some old pre-VRF code we use if_is_loopback
instead of if_is_loopback_or_vrf. To avoid any future problems, the
proposal is to rename if_is_loopback_or_vrf to if_is_loopback and use it
everywhere. if_is_loopback is renamed to if_is_loopback_exact in case
it's ever needed, but currently it's not used anywhere.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
These variables are only assigned with time() which returns time_t.
This should also fix occasional CI build failures because of comparisons
of signed and unsigned integers.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
We don't need to scan through all configured areas to find the circuit
associated with the interface. It is always stored in ifp->info.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Currently, we have a lot of checks in CLI and NB layer to prevent
incompatible IS-types of circuits and areas. All these checks become
completely meaningless when the interface is moved between VRFs. If the
area IS-type is different in the new VRF, previously done checks mean
nothing and we still end up with incorrect circuit IS type. To actually
prevent incorrect IS type, all checks must be done in the processing
code.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
We can simply check whether the circuit exists already – if it exists,
then we forbid the area-tag modification.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
We have checks on NB validation stage to prevent configuring LDP sync on
interfaces in non-default VRFs. These checks are completely useless,
because the interface can be easily moved to another VRF after
configuring LDP sync. Instead, the check must be done in the actual code
to cover the case when the interface is moved between VRFs.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Currently, we have some checks in the CLI and NB layer to "protect" from
setting loopback interfaces into non-passive mode. These checks are not
correct, because we can not rely on operational data during config
reading and validation stage as this data doesn't exist yet. There's
nothing wrong in allowing "incorrect" configuration – it is already
correctly handled by the actual code.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
In previous releases, it was not possible to configure ISIS on an
interfaces without configuring the ISIS router first. Therefore, we had
to delete the ISIS config from all interfaces when the router config was
deleted. This is fixed since version 8.0 – interface and router configs
are completely separate and don't depend on each other, so now we can
remove this hack and preserve the interface config when the router
config is deleted.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
isis_tlvs.c would fail at multiple places if incorrect
TLVs were received in unpack_item_ext_subtlvs(),
causing stream assertion violations.
Signed-off-by: Juraj Vijtiuk <juraj.vijtiuk@sartura.hr>
The problem is related to startup configuration, which is not operational
on default vrf name.
To reproduce the issue, run the two daemons:
zebra -o vrf0 &
isisd -f /tmp/isisd.conf
router isis 1
lsp-gen-interval 2
net 10.0000.0000.0000.0000.0000.0000.0000.0000.0000.00
metric-style wide
redistribute ipv4 connected level-2
redistribute ipv6 connected level-2
The obtained show running-config looks like below:
router isis 1 vrf default
lsp-gen-interval 2
net 10.0000.0000.0000.0000.0000.0000.0000.0000.0000.00
metric-style wide
redistribute ipv4 connected level-2
redistribute ipv6 connected level-2
The default vrf name is obtained by zebra daemon. While isis is not
connected to zebra, i.e. at startup, when loading a startup configuration,
the macro VRF_DEFAULT_NAME is used and returns 'default'.
But because zebra connected and forces to a new default vrf name, the
configuration is not seen as the default one, and further attempts to
configure the isis instance via 'router isis 1' will trigger creation
of an other instance.
To handle this situation, at vrf_enable() event, which is called for
each default vrf name change, the associated isis instance is updated
with th new vrf name. The same is done for NB yang path.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
When writing the config from the NB-converted daemon, we must not rely
on the operational data. This commit changes the output of the interface
configuration to use only config data. As the code is the same for all
daemons, move it to the lib and remove all the duplicated code.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
This removes a giant `switch { }` block from lib/zclient.c and
harmonizes all zclient callback function types to be the same (some had
a subset of the args, some had a void return, now they all have
ZAPI_CALLBACK_ARGS and int return.)
Apart from getting rid of the giant switch, this is a minor security
benefit since the function pointers are now in a `const` array, so they
can't be overwritten by e.g. heap overflows for code execution anymore.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Convert a signed value to a time_t before addition
so that we can compare unsigned (time_t) to unsigned.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
To ensure this, add a const modifier to functions' arguments. Would be
great do this initially and avoid this large code change, but better
late than never.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
FRR should only ever use the appropriate THREAD_ON/THREAD_OFF
semantics. This is espacially true for the functions we
end up calling the thread for.
Signed-off-by: Donatas Abraitis <donatas.abraitis@gmail.com>
Currently, it is possible to configure IPv6 protocols for IPv4
redistribution and vice versa in CLI. The YANG model doesn't allow this
so the user receives the following error:
```
nfware(config-router)# redistribute ipv4 ospf6 level-1
% Failed to edit configuration.
YANG error(s):
Invalid enumeration value "ospf6".
Invalid enumeration value "ospf6".
Invalid enumeration value "ospf6".
YANG path: Schema location /frr-isisd:isis/instance/redistribute/ipv4/protocol.
```
Let's make CLI more user-friendly and allow only supported protocols in
redistribution commands.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
FRR should only ever use the appropriate THREAD_ON/THREAD_OFF
semantics. This is espacially true for the functions we
end up calling the thread for.
Signed-off-by: Donatas Abraitis <donatas.abraitis@gmail.com>
Just use time_t, instead of downgrading time_t to a 32 bit value.
We should be using time_t instead of 32 bit unsigned values.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
There is a possibility that the same line can be matched as a command in
some node and its parent node. In this case, when reading the config,
this line is always executed as a command of the child node.
For example, with the following config:
```
router ospf
network 193.168.0.0/16 area 0
!
mpls ldp
discovery hello interval 111
!
```
Line `mpls ldp` is processed as command `mpls ldp-sync` inside the
`router ospf` node. This leads to a complete loss of `mpls ldp` node
configuration.
To eliminate this issue and all possible similar issues, let's print an
explicit "exit" at the end of every node config.
This commit also changes indentation for a couple of existing exit
commands so that all existing commands are on the same level as their
corresponding node-entering commands.
Fixes#9206.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
The only difference in daemons' interface node definition is the config
write function. No need to define the node in every daemon, just pass
the callback as an argument to a library function and define the node
there.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
like the other automake variables, setting `xyz_LDFLAGS` causes
`AM_LDFLAGS` to be ignored for `xyz`. For some reason I had in my mind
that automake doesn't do this for LDFLAGS, but... it does. (Which is
consistent with `_CFLAGS` and co.)
So, all the libraries and modules have been ignoring `AM_LDFLAGS` (which
includes `SAN_FLAGS` too). Set up new `LIB_LDFLAGS` and
`MODULE_LDFLAGS` to handle all of this correctly (and move these bits to
a central location.)
Fixes: #9034
Fixes: 0c4285d77e ("build: properly split CFLAGS from AC_CFLAGS")
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
There are two problems with the current code for processing the attached
bit:
- we should process it when acting both a level-1-only and level-1-2
- we should add the default route when we don't have L2 adjacensies, not
when we don't have other routers configured on the device
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Current code related to setting of the attached bit checks for existence
of L2 adjacencies in other routers configured on the device. This makes
no sense. We should check for L2 adjacencies in the same router where we
have L1 adjacencies.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Adding defensive code to the interface_link_params zebra callback
to check if the link params changed before taking action.
Signed-off-by: Karen Schoener <karen@voltanet.io>
There are two checks done when configuring ldp-sync on an interface:
- interface is not a loopback
- interface is in the default VRF
Both checks are incorrectly done using the operational data.
The second check can be done using only config data - do that.
The first check can't be done using only configurational data, but it's
not necessary. LDP sync code doesn't operate on loopback interfaces
already. There's no harm in allowing this to be configured.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Don't rely on operational data to validate that configuration is applied
to the default VRF. The VRF name is stored in the config - use it instead.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
