I just straight up forgot checking VTYSH_PAGER at startup, and the
"terminal paginate" command is only installed to VIEW_NODE so it can't
be processed from vtysh.conf in CONFIG_NODE...
Signed-off-by: David Lamparter <equinox@diac24.net>
* Turn the "instance" YANG presence-container into a YANG list keyed
by the new "vrf" leaf. This is a backward incompatible change but
this should be ok for now.
* RIPng VRF instances can be configured even when the corresponding
VRF doesn't exist. And a RIPng VRF instance isn't deleted when
the corresponding VRF is deleted. For this to work, implement the
ripng_instance_enable() and ripng_instance_disable() functions
that are called to enable/disable RIPng routing instances when
necessary. A RIPng routing instance can be enabled only when the
corresponding VRF is enabled (this information comes from zebra
and depends on the underlying VRF backend). Routing instances are
stored in the new ripng_instances rb-tree (global variable).
* Add a vrf pointer to the ripng structure instead of storing vrf_id
only. This is much more convenient than using vrf_lookup_by_id()
every time we need to get the vrf pointer from the VRF ID. The
ripng->vrf pointer is updated whenever the VRF enable/disable hooks
are called.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
* Turn the "instance" YANG presence-container into a YANG list keyed
by the new "vrf" leaf. This is a backward incompatible change but
this should be ok for now.
* RIP VRF instances can be configured even when the corresponding
VRF doesn't exist. And a RIP VRF instance isn't deleted when
the corresponding VRF is deleted. For this to work, implement the
rip_instance_enable() and rip_instance_disable() functions that are
called to enable/disable RIP routing instances when necessary. A
RIP routing instance can be enabled only when the corresponding
VRF is enabled (this information comes from zebra and depends on
the underlying VRF backend). Routing instances are stored in the new
rip_instances rb-tree (global variable).
* Add a vrf pointer to the rip structure instead of storing vrf_id
only. This is much more convenient than using vrf_lookup_by_id()
every time we need to get the vrf pointer from the VRF ID. The
rip->vrf pointer is updated whenever the VRF enable/disable hooks
are called.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Allow the sharp daemon to understand and use nexthop-groups.
This commit is merely to allow sharpd to understand them
when accepted in a future commit
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
- no longer try to special-case a custom terminal length; the OS has
procedures for that (SIGWINCH & TIOCGWINSZ)
- only use a pager if requested by CLI command or VTYSH_PAGER. The
behaviour with VTYSH_PAGER set should be compatible to previous
versions.
Signed-off-by: David Lamparter <equinox@diac24.net>
When running ospf instances we should not attempt to reconnect
the default ospf instance on running a command.
This commit should be targeted enough because in the case
of normal operation we connect to everything we should
and only set the VTYSH_WAS_ACTIVE flag for those we
truly have lost connection too.
Before:
donna.cumulusnetworks.com# config t
donna.cumulusnetworks.com(config)# router ospf 100
Warning: connecting to ospfd...failed!
donna.cumulusnetworks.com(config-router)#
After:
donna.cumulusnetworks.com# conf t
donna.cumulusnetworks.com(config)# router ospf 100
donna.cumulusnetworks.com(config-router)# end
donna.cumulusnetworks.com#
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
When reading in config files and we have failures on multiple
lines actually note the actual failure lines and return them.
This fixes an issue where we stopped counting errors after
the first one and we got missleading line numbers that
did not correspond to the actual problem.
This is fixed:
sharpd@donna ~/frr> sudo /usr/lib/frr/pimd --log=stdout -A 127.0.0.1 -f /etc/frr/pimd.conf
2018/10/11 09:41:01 PIM: VRF Created: default(0)
2018/10/11 09:41:01 PIM: pim_vrf_enable: for default
2018/10/11 09:41:01 PIM: zclient_lookup_sched_now: zclient lookup immediate connection scheduled
2018/10/11 09:41:01 PIM: zclient_lookup_new: zclient lookup socket initialized
2018/10/11 09:41:01 PIM: pimd 6.1-dev starting: vty@2611
2018/10/11 09:41:01 PIM: [EC 100663304] ERROR: No such command on config line 2: inteface lo
2018/10/11 09:41:01 PIM: [EC 100663304] ERROR: No such command on config line 3: ip igmp
2018/10/11 09:41:01 PIM: [EC 100663304] ERROR: No such command on config line 4: ip igmp join 224.1.1.1 13.13.13.2
^C2018/10/11 09:45:09 PIM: Terminating on signal SIGINT
2018/10/11 09:45:09 PIM: VRF Deletion: default(0)
Fixes: #3161
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Whether or not RPKI is enabled during build shouldn't really influence
vtysh; the user can always manually install bgpd_rpki.so later and it
should work. This also means that the behaviour of "RPKI module not
loaded" is consistent regardless of whether it was a compile-time or
runtime decision.
Signed-off-by: David Lamparter <equinox@diac24.net>
The new_completion function was not declared the same
way the rl_attempted_completion_function pointer was.
The only difference was a 'const char *' -vs- 'char *'
So convert it over.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Extend extract.pl so it can deal with the isis source code being
compiled twice, once for isisd and once for fabricd.
Add the fabricd node and client to vtysh.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
If a command returns a nonzero exit status and VTYSH has a corresponding
command, VTYSH will skip executing its own version. If this happens in a
command that changes CLI nodes we get node desynchronization.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
* Add zlog_* function to log with a reference code
* Add ability to track reference cards for errors to ferr.[ch]
* Assign some reference code ranges
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
The definition of the interface commands in vtysh.c were outdated.
Currently, all daemons that call if_cmd_init() will have the "no interface
IFNAME" command and the "[no] description" commands as well, so there's
no need to define exceptions for these commands anymore.
To fix this, make extract.pl parse the if.c file so that vtysh can get the
interface commands from there automatically. Only the "interface IFNAME
[vrf NAME]" must be kept in vtysh.c because it changes the vty node and
thus needs special treatment.
Finally, make pimd and pbrd display interface descriptions on "sh run"
when they are configured.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
* Only zebra and pimd call vrf_cmd_init(), so these are the only daemons
that should receive VRF commands from vtysh;
* "netns NAME" and "no netns NAME" are available only in zebra, write
custom DEFSHs in vtysh to make it aware of that;
* Remove the "no vrf NAME" definition from vtysh.c and expose the
original command to vtysh by converting the DEFUN_NOSH to a simple
DEFUN. This command doesn't change the vty node so there's no need to
special case it.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Implement vty shell integration and allow `bfdd` to be configured
through FRR's vtysh.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
This is the start of separating out the static
handling code from zebra -> staticd. This will
help simplify the zebra code and isolate static
route handling to it's own code base.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The semantics for suppressing output received from daemons changed
slightly when pipe actions were introduced, causing raw autocomplete
output to be printed where it shouldn't have been.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
When we are iterating through the hash, keep count of how many
we've called and if we have finished calling the hash->size
iterator times, then short-circuit and stop looping over
the entire array.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
New version of clang are detecting function parameters that we should
not be casting as such. Fix these issues.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
* Fix potential NULL dereference
* Fix use of uninitialized value
* Fix leaking memory by not freeing regex_t
* Fix extra \n when using empty regex filter
* Clean up still-reachable hook memory
* Handle nonexistent pager
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
* Rewrite pager implementation
* Replace fprintf() with vty_out()
* Modify vty_out() for better vtysh support
* Remove static global outputfile var
* Remove fp argument from many vtysh functions
* Add some docs for stuff along the way
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
The fp pointer has already been dereferenced in all paths
leading to the test for non NULL. Since we never crash
we know it cannot be NULL.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
If vtysh was instructed to perform line-by-line processing on the output
of a command executed against a daemon and this output, as received by
vtysh, was not terminated with a newline, vtysh could print contents of
memory to its output device.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Functionality to let vtysh attempt to reconnect to daemons when
connection is lost (e.g. crash or restart).
Signed-off-by: Mladen Sablic <mladen.sablic@gmail.com>
The warning string which appears when the users executes 'no (enable)
password' was moved into command.h and declared as a constant named
'NO_PASSWD_CMD_WARNING'.
This avoids duplicate code and makes it easy to change the warning
message in all places at once.
Signed-off-by: Pascal Mathis <mail@pascalmathis.com>
Currently, "vtysh -c" interface does not provide a logic to parse
commands ending with '?' character. In consequence, the following behavior
is observed:
$ vtysh -c "show bgp ?"
% Unknown command.
With these changes, i'm extending FRR's parser to be able to handle
these commands, which allow a more friendly interaction with users
that rely on "vtysh -c" interface. The typical use-case here is for
scenarios in which the final users relie on external/their-own CLI and
require a friendly interface to FRR's vtysh cli.
$ vtysh -c "show bgp ?"
<cr>
A.B.C.D Network in the BGP routing table to
display
A.B.C.D/M IPv4 prefix
X:X::X:X Network in the BGP routing table to display
X:X::X:X/M IPv6 prefix
attribute-info List all bgp attribute information
cidr-only Display only routes with non-natural netmasks
community Display routes matching the communities
community-info List all bgp community information
...
Signed-off-by: Rodny Molina <rmolina@linkedin.com>
When the user executes one of the commands 'no password' or 'no enable
password', a warning message gets shown to inform the user of the
security implications.
While the current implementation works, a warning message gets printed
once for each daemon, which can lead to seeing the same message many
times. This does not affect functionality, but looks like an error to
the user as it can be seen within issue #1432.
This commit only prints the warning message inside lib when vtysh
dispatch is not being used. Additionally, the warning message was copied
into the vtysh command handlers, so that they get printed exactly once.
Signed-off-by: Pascal Mathis <mail@pascalmathis.com>
The pull request #1545 from @donaldsharp introduced the command 'no
password' to remove an existing terminal connection password.
Additionally, warnings have been added to both 'no password' and 'no
enable password' to make the user aware of any security implications.
It seems that this specific pull request was never merged against master
and got lost. This commit is a cherry-pick of d4961273cb with fixed
conflicts and updated documentation.
Thanks to @donaldsharp and @pogojotz for the original PR.
Signed-off-by: Pascal Mathis <mail@pascalmathis.com>
The range for sequence numbers needs to be limited
by the range we have currently choosen for rule
ranges.
Ticket: CM-20562
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Adding to mtracebis querying with group address. Same change
to vtysh mtrace command. Support for querying (S,G) and (*,G)
state in mtrace router code. Further improvments to mtrace router
code with closer complience to IETF draft. More references in
comments to the draft. Man page has been updated accordingly.
Signed-off-by: Mladen Sablic <mladen.sablic@gmail.com>
The grammar sandbox has had the ability to dump individual commands as
DOT graphs, but now that generalized DOT support is present it's trivial
to extend this to entire submodes. This is quite useful for visualizing
the CLI space when debugging CLI errors.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
How It's Made:
- vtysh -m is for frr-reload.py to know when a context ends. This is
done by executing commands against the CLI graph, checking for walkup,
and putting the appropriate context exit if walkup is necessary. Thus
the default case for walking up from a vrf context is fine, and
doesn't need a specific exit-vrf command. Remove that.
- exit-vrf needs to be explicitly printed at the end of vrf config
printing. We already do this.
- vtysh's special snowflake config prettiness logic needs to know that
exit-vrf goes with the vrf block and needs to be explicitly told not
place this in alphabetical order in that block. We also already do
this.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Need to explicitly exit this context otherwise we risk ambiguities
between global and vrf context commands
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
This is an implementation of PBR for FRR.
This implemenation uses a combination of rules and
tables to determine how packets will flow.
PBR introduces a new concept of 'nexthop-groups' to
specify a group of nexthops that will be used for
ecmp. Nexthop-groups are specified on the cli via:
nexthop-group DONNA
nexthop 192.168.208.1
nexthop 192.168.209.1
nexthop 192.168.210.1
!
PBR sees the nexthop-group and installs these as a default
route with these nexthops starting at table 10000
robot# show pbr nexthop-groups
Nexthop-Group: DONNA Table: 10001 Valid: 1 Installed: 1
Valid: 1 nexthop 192.168.209.1
Valid: 1 nexthop 192.168.210.1
Valid: 1 nexthop 192.168.208.1
I have also introduced the ability to specify a table
in a 'show ip route table XXX' to see the specified tables.
robot# show ip route table 10001
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, P - PIM, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
F - PBR,
> - selected route, * - FIB route
F>* 0.0.0.0/0 [0/0] via 192.168.208.1, enp0s8, 00:14:25
* via 192.168.209.1, enp0s9, 00:14:25
* via 192.168.210.1, enp0s10, 00:14:25
PBR tracks PBR-MAPS via the pbr-map command:
!
pbr-map EVA seq 10
match src-ip 4.3.4.0/24
set nexthop-group DONNA
!
pbr-map EVA seq 20
match dst-ip 4.3.5.0/24
set nexthop-group DONNA
!
pbr-maps can have 'match src-ip <prefix>' and 'match dst-ip <prefix>'
to affect decisions about incoming packets. Additionally if you
only have one nexthop to use for a pbr-map you do not need
to setup a nexthop-group and can specify 'set nexthop XXXX'.
To apply the pbr-map to an incoming interface you do this:
interface enp0s10
pbr-policy EVA
!
When a pbr-map is applied to interfaces it can be installed
into the kernel as a rule:
[sharpd@robot frr1]$ ip rule show
0: from all lookup local
309: from 4.3.4.0/24 iif enp0s10 lookup 10001
319: from all to 4.3.5.0/24 iif enp0s10 lookup 10001
1000: from all lookup [l3mdev-table]
32766: from all lookup main
32767: from all lookup default
[sharpd@robot frr1]$ ip route show table 10001
default proto pbr metric 20
nexthop via 192.168.208.1 dev enp0s8 weight 1
nexthop via 192.168.209.1 dev enp0s9 weight 1
nexthop via 192.168.210.1 dev enp0s10 weight 1
The linux kernel now will use the rules and tables to properly
apply these policies.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Signed-off-by: Don Slice <dslice@cumulusnetworks.com>
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
If a daemon sent vtysh a response whose size satisfied
1 <= 4096 - (size % 4096) <= 2
vtysh would hang.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Static route commands are now installed inside the VRF nodes. This has
quietly broken top-level static routes in certain scenarios due to
walkup logic resolving a static route configuration command inside
VRF_NODE first if the command is issued while in a CLI node lower than
VRF_NODE. To fix this VRF_NODE needs a special exit command, as has been
done for many other nodes with the same issue, to explicitly change the
vrf context to the default VRF so that when walkup resolves against the
VRF node it will configure against the default VRF as desired.
Of course this is a hack on top of a hack and the CLI walkup
implementation needs to be rewritten.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
The following types are nonstandard:
- u_char
- u_short
- u_int
- u_long
- u_int8_t
- u_int16_t
- u_int32_t
Replace them with the C99 standard types:
- uint8_t
- unsigned short
- unsigned int
- unsigned long
- uint8_t
- uint16_t
- uint32_t
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
If a daemon is restarting, crashed, or otherwise in the process of
reconnecting to watchfrr and a user issues "write memory" or "write
file" the resulting config will not include the configuration of that
daemon. This is problematic because this output will overwrite the
previous config, potentially causing unintentional loss of configuration
stored only in the config file based upon timing.
This patch remedies that by making watchfrr check that all daemons are
up before attempting a configuration write, and updating vtysh so that
its failsafe respects this condition as well.
Note that this issue only manifests when using integrated config.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
PR #1739 added code to leak routes between (default VRF) VPN safi and unicast RIBs in any VRF. That set of changes included temporary CLI including vpn-policy blocks to specify RD/RT/label/&c. After considerable discussion, we arrived at a consensus CLI shown below.
The code of this PR implements the vpn-specific parts of this syntax:
router bgp <as> [vrf <FOO>]
address-family <afi> unicast
rd (vpn|evpn) export (AS:NN | IP:nn)
label (vpn|evpn) export (0..1048575)
rt (vpn|evpn) (import|export|both) RTLIST...
nexthop vpn (import|export) (A.B.C.D | X:X::X:X)
route-map (vpn|evpn|vrf NAME) (import|export) MAP
[no] import|export [vpn|evpn|evpn8]
[no] import|export vrf NAME
User documentation of the vpn-specific parts of the above syntax is in PR #1937
Signed-off-by: G. Paul Ziemba <paulz@labn.net>
The current strategy for fine-grained debugging across FRR is to use
static long int bitfields, in combination with helper macros that are
copy-pasted between daemons, to hold state on what debugging information
should be collected at any given time. This has a couple of problems:
* These bitfields are generally extern'd and accessed everywhere, so
they are not MT-safe or easy to make MT-safe
* Lots of code duplication from copy-pasting the DEBUG_* macros...
* Code duplication because of the "term" vs "conf" debugging concept
This patch aims to remedy that by providing some infrastructure to work
with debugs. The core concept of using bitfields has been retained, but
the number of these for each debug has been reduced to 1. This allows
easy use of lock-free methods for synchronizing access to debugging
info.
The helper macros have also been retained but they are now collected in
one place and perform exclusively atomic operations.
Finally there is a bit of code that allows daemons to register
callbacks, which I used to implement a command that will toggle all
debugging for any daemons that use these facilities.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
The logical router node goes from NS_NODE to LOGICALROUTER_NODE.
Vty commands are renamed accordingly.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
This commit is the implementation of weak multicast traceroute.
It consists of IGMP module dealing with mtrace type IGMP messages
and client program mtrace/mtracebis for initiating mtrace queries.
Signed-off-by: Mladen Sablic <mladen.sablic@gmail.com>
Add ability to set file destination for all vtysh output, with the
exception of tab-complete and similar meta output. This is useful for
inline recording of some information without exiting the shell.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
When printing responses from a client, vtysh searches through every
response it receives twice. Once is to look for the terminating
sequence and the other is to translate \n to \0, which is used with the
line processing callback capability. However:
* There's no need to search all of the output for the terminator, we can
just check the last 4 bytes.
* In most scenarios we won't have a callback. Therefore we don't need to
process the output and can just dump it.
Together these optimizations have a significant impact on the total
runtime of talkative CLI commands, such as `sh ip bgp json` which runs
roughly 1000% faster when dumping 1,000,000 routes.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Add a daemon that will allow us to test the zapi
as well as test route install/removal times from
the kernel.
The current commands are:
install route <starting ip address> nexthop <nexthop> (1-1000000)
This command starts installing at <starting ip address>/32
(1-100000) routes that it auto-increments by 1
Installation start time is noted in the log and finish
time is noted as well.
remove routes <starting ip address> (1-1000000)
This command removes routes at <starting ip address>/32
and removes (1-100000) routes created by the install route
command.
This code can be considered experimental and *is not*
something that should be run in a production environment.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The RPKI code can be turned on/off via configure switches.
If we have intentionally turned it off do not let vtysh
display that you can config it.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
This commit adds support for the RTR protocol to receive ROA
information from a RPKI cache server. That information can than be used
to validate the BGP origin AS of IP prefixes.
Both features are implemented using [rtrlib](http://rtrlib.realmv6.org/).
Signed-off-by: Marcel Röthke <marcel.roethke@haw-hamburg.de>
cmd_describe_command() returns NULL when there is no matched command, so
check the return value before trying to free it
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Commit 44f12f20 fixed the memory leak in the wrong way and introduced a
"uninitialized variable" warning.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
These are mostly trivial fixes for leaks in the error path of some functions.
The changes in bgpd/bgp_mpath.c deserves a bit of explanation though. In
the bgp_info_mpath_aggregate_update() function, we were allocating memory
for the lcomm variable but doing nothing with it. Since the code for
communities, extended communities and large communities is pretty much
the same in this function, it's clear that this was a copy and paste
error where most of the ext. community code was copied but not all of
it as it should have been.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Preexisting code to detect commands targeted at wrong instance didn't
work because a command applied to a disconnected vtysh_client counted as
a successful run overriding wrong instance error message
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
when warning about daemons that are not running, make sure to handle the
multi instance case
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
When entering 'show debugging' we were outputting a line
from vtysh and a line from an individual daemon to show
the fact we were debugging. A bit overkill.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Presently CLI entered for daemons which are not running is accepted
quietly, which can be confusing for users. This patch warns about it
when possible.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
I missed this in review; the old vtysh command should have been removed
when adding the new one.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
1. Change hostname_get to cmd_hostname_get
2. Change domainname_get to cmd_domainname_get
3. New API to set domainname
3. Provide a CLI command to set domainname
Signed-off-by: Mitesh Kanjariya <mitesh@cumulusnetworks.com>
Signed-off-by: Daniel Walton <dwalton@cumulusnetworks.com>
Today if we hit an error while apply the contents of file FOO that error
does not bubble up to a non-zero exit.
This results in some hardcoded watchfrr logging config ending up in the
integrated config otherwise.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Handle all instance base clis calling ospf_lookup_instance()
to return CMD_NOT_MY_INSTANCE in case of ospf is not found.
Signed-off-by: Chirag Shah <chirag@cumulusnetworks.com>
Multi-Instance OSPF configuration CLI would fail because
first client return error upon seeing qobj_index being 0.
With new marco generate new error code to return from each
instance (vtysh client) and if the command is intended for given
instance, its qobj_index would be nonzero and process the command
and push correct ospf context. Other instance would return the error.
On vtysh end, check all instance return an error log a message to a
file.
Testing Done:
Verfied various MI-OSPF configuration CLI with multi instances.
Signed-off-by: Chirag Shah <chirag@cumulusnetworks.com>
Pretty much all shell executed commands from vtysh were
not behaving correctly due to errors introduced in
switching to the new cli.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Put the "end" marker in the right places. This should fix the
frr-reload.py script because it depends on the output of vtysh -m.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
This reverts commit c14777c6bf.
clang 5 is not widely available enough for people to indent with. This
is particularly problematic when rebasing/adjusting branches.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Signed-off-by: Daniel Walton <dwalton@cumulusnetworks.com>
This allows frr-reload.py (or anything else that scripts via vtysh)
to know if the vtysh command worked or hit an error.
`password` and `enable password` commands got a bit broken in an earlier
commit, fix 'em up.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Pretty-prints variable autocompletions by breaking them up into multiple
lines, indenting them consistently and respecting the column width of
the terminal.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Implement configuration options for EVPN. The configuration options include
VNI configuration with RD and Import and Export Route Targets. Also, display
the EVPN configuration.
Signed-off-by: Vivek Venkatraman <vivek@cumulusnetworks.com>
Signed-off-by: Daniel Walton <dwalton@cumulusnetworks.com>
Adds the ability to name hash tables, and a new cli command that will
show various summary statistics for named hash tables.
Statistics computed are
- load factor
- full load factor (see comments)
- stddev of full load factor
Standard deviation is computed by storing the sum of squares of bucket
lengths. This is somewhat susceptible to overflow. On platforms where a
double is 32 bits, placing 65535 or more elements into a hash table
opens up the potential for overflow, depending on how they are arranged
in buckets (which depends on the hash function). For example, placing
65535 elements into one hash bucket would cause ssq overflow, but
distributing 40000000 elements evenly among 400000 buckets (100 elements
per bucket) would not.
These cases are extremely degenerate, so the vague possibility of
overflow in an informational command is deemed an acceptable tradeoff
for constant time calculation of variance without locks or compromising
efficiency of actual table operations.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
'do' is syntax sugar that allows the user to execute a command under
ENABLE_NODE when in another CLI node. If the user is already in
ENABLE_NODE, use of 'do' was previously disallowed. This patch allows it
because it makes it easier for us to hack around certain instances of
the node synchronization problem with vtysh.
Also included is a fix for one of these problems.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
If FRR is configured explicilty with --disable-user and
--disable-group, FRR_USER and FRR_GROUP will not be defined
and can be safely skipped in vtysh.
Signed-off-by: Jafar Al-Gharaibeh <jafar@atcorp.com>
I forgot to update this call when I changed
cmd_variable_handler_register to take an array...
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
The FSF's address changed, and we had a mixture of comment styles for
the GPL file header. (The style with * at the beginning won out with
580 to 141 in existing files.)
Note: I've intentionally left intact other "variations" of the copyright
header, e.g. whether it says "Zebra", "Quagga", "FRR", or nothing.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
This asks the connected daemons for their variable completions through a
hidden CLI command.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
This flag prevents from entering into evpn address-family node, when
calling command from vtysh.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Implement support for activating the labeled-unicast address family in
BGP and relevant configuration for this address family.
Signed-off-by: Don Slice <dslice@cumulusnetworks.com>
Preface with line identifying which daemon it applies to.
[Also fixes a missed "plugin" -> "module" replace.]
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
ldpd uses a hierarchical configuration model where all commands are
defined inside the "mpls ldp" node and its subnodes. The idea is to keep
all LDP configuration in a single place to keep things simple. With that
said, we can remove the "config-if" node from ldpd because we already
have a separate node ("config-ldp-af-if") for LDP-related interface
specific commands.
Example:
vtysh(config)# mpls ldp
vtysh(config-ldp)# address-family ipv4
vtysh(config-ldp-af)# interface eth1
vtysh(config-ldp-af-if)# discovery hello ?
holdtime Hello holdtime
interval Hello interval
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Please Note, I will be redoing this commit message with
more information.
Additionally I will rework the lib/* changes into their
own commits.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Centralise read_config/daemonize/dryrun/pidfile/vty_serv into libfrr.
This also makes multi-instance pid/config handling available as part of
the library. It's only wired up in ospfd, but the code is in lib/.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
The return value from cmd_complete_command is a VECTOR_INDEX, not TMP.
Use the appropriate vector_only_index_free().
Fixes#223.
Reported-by: https://github.com/k0ste
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
This provides DMVPN support and integrates to strongSwan. Please read
README.nhrpd and README.kernel for more details.
[DL: cherry-picked from dafa05e65fe4b3b3ed5525443f554215ba14f42c]
[DL: merge partially resolved, this commit will not build.]
Signed-off-by: Timo Teräs <timo.teras@iki.fi>
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Added the possibility to enter in evpn address-family in bgp node, by
using 'address-family l2vpn evpn' command.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Coverity: buffer_size: You might overrun the 108 byte destination string addr.sun_path by writing the maximum 4095 bytes from path.
Signed-off-by: Martin Winter <mwinter@opensourcerouting.org>
Harmony is restored to the world as bgp and vtysh
can now, again, stay in sync with each other.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Several places have paths and names that can change hardcoded, e.g. the
package name and the /var/run path. This fixes a few of them, there's
still some to do.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
This replaces Quagga -> FRR in most configure.ac settings as well as
a handful of preprocessor macros in the source code.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
When compiling vtysh with --enable-static and --disasble-shared
we get linker errors with duplicate function names.
This commit addresses this issue.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
(cherry picked from commit dd2ecdedf8)
When compiling vtysh with --enable-static and --disasble-shared
we get linker errors with duplicate function names.
This commit addresses this issue.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
These now generate warnings which will break the build with -Werror.
Note this may have enabled commands that should be disabled, or the
other way around...
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
This moves all install_element calls into the file where the DEFUNs are
located. This fixes several small related bugs:
- ospf6d wasn't installing a "no interface FOO" command
- zebra had a useless copy of "interface FOO"
- pimd's copy of "interface FOO" was not setting qobj_index, which means
"description LINE" commands would fail with an error
The next commit will do the actual act of making "foo_cmd" static.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Nice clang catch: ospfd/ospf_vty.c:6710:1: error: all paths through
this function will call itself [-Werror,-Winfinite-recursion]
(same in vtysh/vtysh.c)
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
when libreadline initialises itself, it also reads .inputrc, which may
result in keybindings being set up. This means the builtin help on the
'?' key can be overridden by that. Consistent availability of '?'
behaviour trumps .inputrc setup here, so let's initialise readline
first before binding that key (which means our keybinding wins).
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Fix the link-params submode to use the 'exit-link-params'
to indicate we are exiting a submode.
Fixup all the relevant bits.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Fix a few memory issues:
* Not freeing tab-completions upon input match failure
* Invalid write when null-terminating tab-completions
* Not freeing argv[] itself in additinon to elements
* Use XFREE() instead of free() as appropriate
* Not freeing final token of an [option] during parsing
Make a few minor changes to CLI internals:
* Improve documentation on matching & completion functions
* Only make one copy of cmd_token's when building argv,
instead of three
* Don't make a copy of the matching cmd_element
Make one major(ish) change to CLI internals:
* Change all pointers to struct cmd_element to const
Code outside of the core CLI units should never have an
occasion to modify the internal state of the command system.
Doing so could easily amount to having a CLI interface that
changes during runtime, and could conceivably lead to security
issues. Explicitly disallowing this removes any chance of
confusion.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Running vtysh as normal user won't have permissions to write
Quagga.conf. If we're connected to watchquagga, try "write integrated"
first. In all cases if something fails, try directly.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Also tag some commands as VTYSH_REALLYALL; these are absolutely
neccessary for correct vtysh operation and will cause "interesting"
breakage if not present on all daemons.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
As vtysh may hopefully be running as root from watchquagga here, let's
try to fix up ownership and permissions for Quagga.conf. Doing
chown/chmod instead of changing the process's user/group IDs has the
advantage of fixing up preexisting misconfigurations.
Note errors in chmod/chown will print a message but the config is
already written at that point.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
This new option is intended to be used both by watchquagga as well as
directly by users. It performs the collect-configuration operation and
writes out Quagga.conf, regardless of whether integrated-config is
enabled or not.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
vtysh has a very convoluted and confusing setup where it isn't even
clear which files are written where (since some filenames come
indirectly from loading config). Detangle.
This also removes writing vtysh.conf. The file is intended to be
manually edited since it has some vague security concerns (if PAM is
used).
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
With the way that vtysh works, it compiles in cli even
if there is no support in the protocols.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
While the DEFUN should match the list of clients registered in
vtysh, it seems better to handle the case explicitly instead of
relying on the client list and the DEFUN signature being in sync.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
Acked-by: Donald Sharp <sharpd@cumulusnetworks.com>
Triggered by a bugreport / patch by Gautam Kumar <gauta@amazon.com>,
this is a full rewrite vtysh_client_{config,execute}. (The patch didn't
quite apply anymore.)
vtysh_client_run() now has a buffering implementation that can be read
without losing one's sanity and/or requiring alcoholic beverages.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
This is a followup to commits 735e62 and 0b1442, where we forgot to apply
the same VIEW/ENABLE consolidation logic to vtysh. Also, we can't call
install_default() for the ENABLE node because some of the vty commands
installed by this function were already installed in the VIEW node before.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Only write to integrated config if integrated config is configured
explicitly or it is already in use.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
This feature adds an L3 & L2 VPN application that makes use of the VPN
and Encap SAFIs. This code is currently used to support IETF NVO3 style
operation. In NVO3 terminology it provides the Network Virtualization
Authority (NVA) and the ability to import/export IP prefixes and MAC
addresses from Network Virtualization Edges (NVEs). The code supports
per-NVE tables.
The NVE-NVA protocol used to communicate routing and Ethernet / Layer 2
(L2) forwarding information between NVAs and NVEs is referred to as the
Remote Forwarder Protocol (RFP). OpenFlow is an example RFP. For
general background on NVO3 and RFP concepts see [1]. For information on
Openflow see [2].
RFPs are integrated with BGP via the RF API contained in the new "rfapi"
BGP sub-directory. Currently, only a simple example RFP is included in
Quagga. Developers may use this example as a starting point to integrate
Quagga with an RFP of their choosing, e.g., OpenFlow. The RFAPI code
also supports the ability import/export of routing information between
VNC and customer edge routers (CEs) operating within a virtual
network. Import/export may take place between BGP views or to the
default zebera VRF.
BGP, with IP VPNs and Tunnel Encapsulation, is used to distribute VPN
information between NVAs. BGP based IP VPN support is defined in
RFC4364, BGP/MPLS IP Virtual Private Networks (VPNs), and RFC4659,
BGP-MPLS IP Virtual Private Network (VPN) Extension for IPv6 VPN . Use
of both the Encapsulation Subsequent Address Family Identifier (SAFI)
and the Tunnel Encapsulation Attribute, RFC5512, The BGP Encapsulation
Subsequent Address Family Identifier (SAFI) and the BGP Tunnel
Encapsulation Attribute, are supported. MAC address distribution does
not follow any standard BGB encoding, although it was inspired by the
early IETF EVPN concepts.
The feature is conditionally compiled and disabled by default.
Use the --enable-bgp-vnc configure option to enable.
The majority of this code was authored by G. Paul Ziemba
<paulz@labn.net>.
[1] http://tools.ietf.org/html/draft-ietf-nvo3-nve-nva-cp-req
[2] https://www.opennetworking.org/sdn-resources/technical-library
Now includes changes needed to merge with cmaster-next.
