Define the IS-IS flex-algo structure in yang, the CLI configuration
commands and the skeletons of frontend and backend functions that are
called by the CLI code.
Signed-off-by: Hiroki Shirokura <hiroki.shirokura@linecorp.com>
Signed-off-by: Eric Kinzie <ekinzie@labn.net>
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
It was being used for -b only; we should be able to use it for -f as
well.
This also merges the codepaths for -b and -f since they have no real
functional difference.
Signed-off-by: Quentin Young <qlyoung@nvidia.com>
To handle multi-instance daemons (ospf, e.g.), each forked
vtysh handles all of the instances of a daemon type.
Signed-off-by: Mark Stapp <mstapp@nvidia.com>
When using -b flag to apply config to all running daemons, fork a copy
of vtysh for each daemon we need to configure instead of doing them one
at a time. This is about N times faster when you have N daemons.
Signed-off-by: Quentin Young <qlyoung@nvidia.com>
mergeme
Effectively a massive search and replace of
`struct thread` to `struct event`. Using the
term `thread` gives people the thought that
this event system is a pthread when it is not
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
Features added in this commit:
1. Bringup/shutdown new management daemon 'mgmtd' along with FRR.
2. Support for Startup, Candidate and Running DBs.
3. Lock/Unlock DS feature using pthread lock.
4. Load config from a JSON file onto candidate DS.
5. Save config to a JSON file from running/candidate DS.
6. Dump candidate or running DS contents on the terminal or a file in
JSON/XML format.
7. Maintaining commit history (Full rollback support to be added in
future commits).
8. Addition of debug commands.
Co-authored-by: Yash Ranjan <ranjany@vmware.com>
Co-authored-by: Abhinay Ramesh <rabhinay@vmware.com>
Co-authored-by: Ujwal P <ujwalp@vmware.com>
Signed-off-by: Pushpasis Sarkar <pushpasis@gmail.com>
A new keyword permits changing the BGP as-notation output:
- [no] router bgp <> [vrf BLABLA] [as-notation [<dot|plain|dot+>]]
At the BGP instance creation, the output will inherit the way the
BGP instance is declared. For instance, the 'router bgp 1.1'
command will configure the output in the dot format. However, if
the client wants to choose an alternate output, he will have to
add the extra command: 'router bgp 1.1 as-notation dot+'.
Also, if the user wants to have plain format, even if the BGP
instance is declared in dot format, the keyword can also be used
for that.
The as-notation output is only taken into account at the BGP
instance creation. In the case where VPN instances are used,
a separate instance may be dynamically created. In that case,
the real as-notation format will be taken into acccount at the
first configuration.
Linking the as-notation format with the BGP instance makes sense,
as the operators want to keep consistency of what they configure.
One technical reason why to link the as-notation output with the
BGP instance creation is that the as-path segment lists stored
in the BGP updates use a string representation to handle aspath
operations (by using regexp for instance). Changing on the fly
the output needs to regenerate this string representation to the
correct format. Linking the configuration to the BGP instance
creation avoids refreshing the BGP updates. A similar mechanism
is put in place in junos too.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
AS number can be defined as an unsigned long number, or
two uint16 values separated by a period (.). The possible
valus are:
- usual 32 bit values : [1;2^32 -1]
- <1.65535>.<0.65535> for dot notation
- <0.65535>.<0.65535> for dot+ notation.
The 0.0 value is forbidden when configuring BGP instances
or peer configurations.
A new ASN type is added for parsing in the vty.
The following commands use that new identifier:
- router bgp ..
- bgp confederation ..
- neighbor <> remote-as <>
- neighbor <> local-as <>
- clear ip bgp <>
- route-map / set as-path <>
An asn library is available in lib/ and provides some
services:
- convert an as string into an as number.
- parse an as path list string and extract a number.
- convert an as number into a string.
Also, the bgp tests forge an as_zero_path, and to do that,
an API to relax the possibility to have a 0 as value is
specifically called from the tests.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Add the affinity-map global command to zebra. The syntax is:
> affinity-map NAME bit-position (0-1023)
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
The files converted in this commit either had some random misspelling or
formatting weirdness that made them escape automated replacement, or
have a particularly "weird" licensing setup (e.g. dual-licensed.)
This also marks a bunch of "public domain" files as SPDX License "NONE".
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
We do use non-constant/literal format strings in a few places for more
or less valid reasons; put `ignored "-Wformat-nonliteral"` around those
so we can have the warning enabled for everywhere else.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
When running the build in a separate build directory, redirecting output
into a file can error out if the directory does not exist yet. Some
places already had `mkdir -p` calls, but not all.
Make all occurences of this consistently use `@$(MKDIR_P)`.
(Extension of PR #12575 to catch more places.)
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
The build failed if two conditions are met at the same time:
1. Configure with `--disable-dependency-tracking`
2. Set an indenpendent build directory
```
anlan@host:~/frr/build$ make
make: Entering directory '/home/anlan/frr/build'
true
/usr/bin/perl ../vtysh/daemons.pl zebra bgpd ripd ripngd ospfd ospf6d isisd fabricd nhrpd ldpd babeld eigrpd pimd pim6d pbrd staticd bfdd vrrpd pathd > vtysh/vtysh_daemons.h
/bin/bash: line 1: vtysh/vtysh_daemons.h: No such file or directory
make: *** [Makefile:17644: vtysh/vtysh_daemons.h] Error 1
make: Leaving directory '/home/anlan/frr/build'
```
`~/frr/` is source directory, `~/frr/build/` is the specified build
directory.
So, just create necessary directory - `vtysh/`.
Signed-off-by: anlan_cs <vic.lan@pica8.com>
The code is double checking the VTYSH_HISTFILE env variable,
additionally clang-15 when running SA over it doesn't fully
understand the code pattern. Reduce the double check to
one check to reduce program run-time (ha!) and make SA happy.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
When multiple daemons report a exit line for the same
node, vtysh was just dropping the previous pointer.
Ensure that we free it first.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
The rl_callback_handler_install function manual says this:
Set up the terminal for Readline I/O and display the initial expanded value of prompt.
Save the value of lhandler to use as a handler function to call when a complete line
of input has been entered. The handler function receives the text of the line as an
argument. As with readline(), the handler function should free the line when it is
finished with it.
Adding a free removes this memory leak that I am seeing with address sanitizer enabled;
SUMMARY: AddressSanitizer: 99 byte(s) leaked in 5 allocation(s).:
2022-12-05 07:50:57,231 INFO: topolog.r7: vtysh result:
Hello, this is FRRouting (version 8.5-dev).
Copyright 1996-2005 Kunihiro Ishiguro, et al.
r7# clear log cmdline-targets
r7# conf t
r7(config)# log file staticd.log debug
r7(config)# log commands
r7(config)# log timestamp precision 3
r7(config)#
=================================================================
==976989==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 99 byte(s) in 5 object(s) allocated from:
#0 0x49cadd in malloc (/usr/bin/vtysh+0x49cadd)
#1 0x7fc57135d8e8 in xmalloc build/shlib/./xmalloc.c:59:10
SUMMARY: AddressSanitizer: 99 byte(s) leaked in 5 allocation(s).
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
Add "show motd" commad.
The vtysh user can call the "show motd" command to re-show the welcome message.
This is necessary if the user saves frequently used commands in motd.
Signed-off-by: Sergei Rozhkov <gh@zserg.ru>
When any `service ...` line is entered and there are multiple
daemons running prevent this from being displayed multiple times.
Fixes: #5475
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
Rather than running selected source files through the preprocessor and a
bunch of perl regex'ing to get the list of all DEFUNs, use the data
collected in frr.xref.
This not only eliminates issues we've been having with preprocessor
failures due to nonexistent header files, but is also much faster.
Where extract.pl would take 5s, this now finishes in 0.2s. And since
this is a non-parallelizable build step towards the end of the build
(dependent on a lot of other things being done already), the speedup is
actually noticeable.
Also files containing CLI no longer need to be listed in `vtysh_scan`
since the .xref data covers everything. `#ifndef VTYSH_EXTRACT_PL`
checks are equally obsolete.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
vtysh show running-config is showing:
frr version 8.3.1_git
frr defaults traditional
hostname test
log file /etc/frr/frr.log informational
log timestamp precision 3
domainname
service integrated-vtysh-config
domainname should not be printed in this case at all. If the
host has no search/domainname configured, frr_reload.py
crashes on invalid config from `vtysh show running-config`
Basically the same change as commit a7141b8
Signed-off-by: Nico Berlee <nico.berlee@on2it.net>
RFC4364 describes peerings between multiple AS domains, to ease
the continuity of VPN services across multiple SPs. This commit
implements a sub-set of IETF option b) described in chapter 10 b.
The ASBR to ASBR approach is taken, with an EBGP peering between
the two routers. The EBGP peering must be directly connected to
the outgoing interface used. In those conditions, the next hop
is directly connected, and there is no need to have a transport
label to convey the VPN label. A new vty command is added on a
per interface basis:
This command if enabled, will permit to convey BGP VPN labels
without any transport labels (i.e. with implicit-null label).
restriction:
this command is used only for EBGP directly connected peerings.
Other use cases are not covered.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
If we have `end` at the end of the frr.conf, then we never execute
XFRR_end_configuration command, and start/end markers do not work.
This leads to for example waiting BGP configuration parsing thread to hang,
and the peers are in shutdown state until the timer expires.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
It will be used to allow/deny using IPv4 reserved ranges (Class E) for Zebra
(configuring interface address) or BGP (allow next-hop to be from this range).
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
Description:
SonarQube detects the following behaviour as a vulanarability.
When authenticating users using PAM, it is strongly recommended to
check the validity of the account (not locked, not expired ...),
otherwise it leads to unauthorized access to resources.
pam_acct_mgmt() should be called for account validity after
calling pam_authenticate().
Signed-off-by: Rajesh Girada <rgirada@vmware.com>
vtysh_client_execute() expects just a string without a newline; the
newline is passed through and ends up in logging output where newlines
are not quite wanted.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Currently the PIM6d component is getting displayed under
"show ip prefix-list" instead of "show ipv6 prefix-list".
Fixed it.
Signed-off-by: Mobashshera Rasool <mrasool@vmware.com>
The vtysh live logs don't try to buffer messages when vtysh isn't
reading them fast enough. Either the kernel has space and can accept
messages without delay, or it doesn't and we continue on.
While this is intentional (otherwise slow vtysh could block a routing
daemon), at least give the user an indication if messages were dropped.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Create a thread_master and funnel readline terminal I/O through it.
This allows processing other input in parallel, e.g. log messages.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Add the ability to inspect the timers and when they will pop
per daemon:
sharpd@eva ~/frr (thread_return_null)> vtysh -c "show thread timers"
Thread timers for zebra:
Showing timers for default
--------------------------
rtadv_timer 00:00:00.520
if_zebra_speed_update 00:00:02.745
if_zebra_speed_update 00:00:02.745
if_zebra_speed_update 00:00:02.745
if_zebra_speed_update 00:00:02.745
if_zebra_speed_update 00:00:02.745
if_zebra_speed_update 00:00:02.745
if_zebra_speed_update 00:00:02.746
if_zebra_speed_update 00:00:02.744
if_zebra_speed_update 00:00:02.745
Showing timers for Zebra dplane thread
--------------------------------------
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
Problem Statement:
==================
As of now there is no support for ospf6 authentication.
To support ospf6 authentication need to have keychain support for
managing the auth key.
RCA:
====
New support
Fix:
====
Enabling keychain for ospf6 authentication feature.
Risk:
=====
Low risk
Tests Executed:
===============
Have verified the support for ospf6 auth trailer feature.
Signed-off-by: Abhinay Ramesh <rabhinay@vmware.com>
When both ripd and eigrpd run at the same time, all key configuration in
key chain node is duplicated. This change adds a concept of nested nodes
into vtysh to fix the issue.
Before:
```
key chain test
key 1
key-string 1
exit
key 1
key-string 1
exit
exit
!
```
After:
```
key chain test
key 1
key-string 1
exit
exit
!
```
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
i.e. to whoever cares, since some unique IDs (from libfrr) are valid
everywhere but some others (from the daemons) only apply to specific
daemons.
(Default handling aborts on first error, so configuring any unique IDs
that don't exist on the first daemon vtysh connects to just failed
before this.)
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
After `<daemon_name> is not running` message vtysh does not return
error. For example if you disable ospf in `/etc/frr/daemons` and run
`vtysh -c configure -c "router ospf"` it prints the message to stderr,
but returns 0.
This commit will make vtysh return error when not in interractive mode.
But if you run commands from vtysh, you will still be able to enter
views and exit them if daemon is not running.
Signed-off-by: Yaroslav Fedoriachenko <yar.fed99@gmail.com>
A simple strcmp-based sorting done by `config_add_line_uniq` breaks the
correct advanced sorting of static routes done by staticd. We don't
actually need to check vrf node commands for uniqueness as all commands
are daemon specific, so let's use simple `config_add_line` that doesn't
sort commands.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
When extract.pl dies, it was dieing in a manner that provided
absolutely no useful data as to what went wrong. Let's add
a tiny bit of debug code. So we can see what is going wrong.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
No need to have special processing for every single node. Just always
use "exit" the necessary number of times - it works for all nodes.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
"[no] netns NAME" commands are part of the lib, but they are actually
zebra-only:
- they are using vrf_netns_handler_create and its description clearly
says that it "should be called from zebra only"
- vtysh sends these commands only to zebra
- only zebra outputs the netns related config
- zebra notifies other daemons about netns attachment
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
There is a possibility that the same line can be matched as a command in
some node and its parent node. In this case, when reading the config,
this line is always executed as a command of the child node.
For example, with the following config:
```
router ospf
network 193.168.0.0/16 area 0
!
mpls ldp
discovery hello interval 111
!
```
Line `mpls ldp` is processed as command `mpls ldp-sync` inside the
`router ospf` node. This leads to a complete loss of `mpls ldp` node
configuration.
To eliminate this issue and all possible similar issues, let's print an
explicit "exit" at the end of every node config.
This commit also changes indentation for a couple of existing exit
commands so that all existing commands are on the same level as their
corresponding node-entering commands.
Fixes#9206.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
pce-config, pce and pcc node-entering commands in vtysh include no-form,
which is incorrect. Currently, when user passes a no-form command like
`no pcc`, vtysh enters the node while pathd deletes the node and this
leads to a desynchronization.
Regular and no-form commands should be defined separately to fix this.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Recent change in d1b287e only fixed the problem for 3-letter words.
We were still displaying error for longer words starting with "ena":
```
nfware> enac
% Command not allowed: enable
nfware> enad
% Command not allowed: enable
nfware> enaena
% Command not allowed: enable
```
If we don't allow "enable" command in user mode, why add it at all?
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
vtysh was unable to distinguish between end and ena. The
code can now do so:
sharpd@eva ~/frr5 (master)> sudo vtysh/vtysh -u sharpd
Hello, this is FRRouting (version 8.1-dev).
Copyright 1996-2005 Kunihiro Ishiguro, et al.
eva> e
% Ambiguous command: e
eva> en
% Command not allowed: enable
eva> ena
% Command not allowed: enable
eva> enab
% Command not allowed: enable
eva> enabl
% Command not allowed: enable
eva> enable
% Command not allowed: enable
eva> enb
% Unknown command: enb
eva> enc
% Unknown command: enc
eva> end
% Unknown command: end
eva> ene
% Unknown command: ene
eva> quit
Fixes: #2296
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
