This implements BMP. There's no fine-grained history here, the non-BMP
preparations are already split out from here so all that remains is BMP
proper.
Signed-off-by: David Lamparter <equinox@diac24.net>
Couple code paths end up trying to dereference vty->of which can be null
in one special case.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Add the ability to parse `router eigrp AS [vrf NAME]` and
modify eigrp_lookup to actually handle a vrf_id for us.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The correct cast for these is (unsigned char), because "char" could be
signed and thus have some negative value. isalpha & co. expect an int
arg that is positive, i.e. 0-255. So we need to cast to (unsigned char)
when calling any of these.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
VRF context blocks have a context-specific exit command in order to
explicitly force an exit to the top level config node. This command
exists because 'ip route' commands are accepted in both VRF_NODE and
CONFIG_NODE, so static routes intended to be accepted in CONFIG_NODE
that immediately follow a VRF_NODE block will be shoved into the
VRF_NODE block unless the VRF context is explicitly exited.
However, because this is a command that exits to CONFIG_NODE, vtysh -m
should be printing an `end` at the end of the context, since
frr-reload.py relies on this context ender to know when it's back in
CONFIG_NODE. But since this is the only explicit context exit command
that also exits to CONFIG_NODE we don't really have a good way of doing
this already. Hence this god-awful patch.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Now that multiple daemons understand nexthop-groups, we need
to ensure that vtysh doesn't double print out the individual
nexthops that are part of a nexthop-group.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
When using pam for authentication, the code just silently
fails and gives no indication to the end user what has gone
wrong. Try to increase messaging about what has gone wrong
by outputting some more data.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Use %% style for errors in log commands and switch
tabs to a single space in output. Also, remove un-needed
output for success.
Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
Add vtysh commands to add/del/clear/show filters across
all daemons and independently on each one. Add automake and
clippy boilerplate for those commands as well.
Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
Update show work-queue to use the execute_name() code
path when dispatching to a specific daemon.
Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
Add static function path for exectuting a command
on a client daemon via a string of its name only.
Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
Added a CLI "debug route-map" to enble route-map debugs
Added debugs for following triggers
1. Add/delete a route-map
2. Add/delete a sequence in route-map
3. Add/delete a match statement(dependency)
4. Update a dependency
5. Apply a route-map
Signed-off-by: Ameya Dharkar <adharkar@vmware.com>
When the user specifies -N namespace allow it to influence the
frr_vtydir(DAEMON_VTY_DIR) to have namespace in it's path
like so: $frrstate_dir/<namespace>
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Although the RFC states hostname length should be < 255 chars,
FRR allows infinite length technically. However, when you try
to set a hostname > 80 chars, you would immediately notice a crash.
RCA: Crash due to buffer overflow. Large buffer sprintf'd into smaller
buffer. Usage of sprintf function instead of snprintf which is safer.
Signed-off-by: Lakshman Krishnamoorthy <lkrishnamoor@vmware.com>
* Change 'begins_with' to 'frrstr_startswith' for consistency
* Add suffix checker, frrstr_endswith()
* Update vtysh to use the new function
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Each of Lua's major versions are incompatible with each other. Ubuntu,
at least, does not provide a single liblua.so or /usr/include/lua; all
SOs and headers are versioned, e.g. liblua5.3.so and
/usr/include/lua5.3. There's already an m4 macro in the GNU collection
to handle this situation, so let's use that.
This allows building with Lua enabled to work on platforms other than
Fedora.
* Move lib/lua.[ch] -> lib/frrlua.[ch] to prevent path conflicts
* Fix configure.ac search for proper CPP and linker flags
* Add Lua include path to AM_CPPFLAGS
* Update vtysh/extract.pl.in
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Merge commit to solve a bunch of conflicts with other PRs that were
merged in the previous weeks.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
I just straight up forgot checking VTYSH_PAGER at startup, and the
"terminal paginate" command is only installed to VIEW_NODE so it can't
be processed from vtysh.conf in CONFIG_NODE...
Signed-off-by: David Lamparter <equinox@diac24.net>
- some target_CFLAGS that needed to include AM_CFLAGS didn't do so
- libyang/sysrepo/sqlite3/confd CFLAGS + LIBS weren't used at all
- consistently use $(FOO_CFLAGS) instead of @FOO_CFLAGS@
- 2 dependencies were missing for clippy
Signed-off-by: David Lamparter <equinox@diac24.net>
* Turn the "instance" YANG presence-container into a YANG list keyed
by the new "vrf" leaf. This is a backward incompatible change but
this should be ok for now.
* RIPng VRF instances can be configured even when the corresponding
VRF doesn't exist. And a RIPng VRF instance isn't deleted when
the corresponding VRF is deleted. For this to work, implement the
ripng_instance_enable() and ripng_instance_disable() functions
that are called to enable/disable RIPng routing instances when
necessary. A RIPng routing instance can be enabled only when the
corresponding VRF is enabled (this information comes from zebra
and depends on the underlying VRF backend). Routing instances are
stored in the new ripng_instances rb-tree (global variable).
* Add a vrf pointer to the ripng structure instead of storing vrf_id
only. This is much more convenient than using vrf_lookup_by_id()
every time we need to get the vrf pointer from the VRF ID. The
ripng->vrf pointer is updated whenever the VRF enable/disable hooks
are called.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
* Turn the "instance" YANG presence-container into a YANG list keyed
by the new "vrf" leaf. This is a backward incompatible change but
this should be ok for now.
* RIP VRF instances can be configured even when the corresponding
VRF doesn't exist. And a RIP VRF instance isn't deleted when
the corresponding VRF is deleted. For this to work, implement the
rip_instance_enable() and rip_instance_disable() functions that are
called to enable/disable RIP routing instances when necessary. A
RIP routing instance can be enabled only when the corresponding
VRF is enabled (this information comes from zebra and depends on
the underlying VRF backend). Routing instances are stored in the new
rip_instances rb-tree (global variable).
* Add a vrf pointer to the rip structure instead of storing vrf_id
only. This is much more convenient than using vrf_lookup_by_id()
every time we need to get the vrf pointer from the VRF ID. The
rip->vrf pointer is updated whenever the VRF enable/disable hooks
are called.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Allow the sharp daemon to understand and use nexthop-groups.
This commit is merely to allow sharpd to understand them
when accepted in a future commit
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
- no longer try to special-case a custom terminal length; the OS has
procedures for that (SIGWINCH & TIOCGWINSZ)
- only use a pager if requested by CLI command or VTYSH_PAGER. The
behaviour with VTYSH_PAGER set should be compatible to previous
versions.
Signed-off-by: David Lamparter <equinox@diac24.net>
When running ospf instances we should not attempt to reconnect
the default ospf instance on running a command.
This commit should be targeted enough because in the case
of normal operation we connect to everything we should
and only set the VTYSH_WAS_ACTIVE flag for those we
truly have lost connection too.
Before:
donna.cumulusnetworks.com# config t
donna.cumulusnetworks.com(config)# router ospf 100
Warning: connecting to ospfd...failed!
donna.cumulusnetworks.com(config-router)#
After:
donna.cumulusnetworks.com# conf t
donna.cumulusnetworks.com(config)# router ospf 100
donna.cumulusnetworks.com(config-router)# end
donna.cumulusnetworks.com#
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
We weren't cleaning up some files (a whole lot of python foobar) and had
some files in the dist tarball that don't quite belong there.
Signed-off-by: David Lamparter <equinox@diac24.net>
Resolves issue with exit-vrf being placed at the end of zebra's portion
of a vrf block, but before other daemons' portions of the same config
block.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
We don't need termcap/tinfo/curses, those are just for libreadline. On
most modern systems, libreadline will pull in the appropriate libs it
needs on its own, so unconditionally adding them adds an extra unneeded
dependency for us.
Still need to try with curses/... for some systems, but only after bare
readline fails.
Signed-off-by: David Lamparter <equinox@diac24.net>
When reading in config files and we have failures on multiple
lines actually note the actual failure lines and return them.
This fixes an issue where we stopped counting errors after
the first one and we got missleading line numbers that
did not correspond to the actual problem.
This is fixed:
sharpd@donna ~/frr> sudo /usr/lib/frr/pimd --log=stdout -A 127.0.0.1 -f /etc/frr/pimd.conf
2018/10/11 09:41:01 PIM: VRF Created: default(0)
2018/10/11 09:41:01 PIM: pim_vrf_enable: for default
2018/10/11 09:41:01 PIM: zclient_lookup_sched_now: zclient lookup immediate connection scheduled
2018/10/11 09:41:01 PIM: zclient_lookup_new: zclient lookup socket initialized
2018/10/11 09:41:01 PIM: pimd 6.1-dev starting: vty@2611
2018/10/11 09:41:01 PIM: [EC 100663304] ERROR: No such command on config line 2: inteface lo
2018/10/11 09:41:01 PIM: [EC 100663304] ERROR: No such command on config line 3: ip igmp
2018/10/11 09:41:01 PIM: [EC 100663304] ERROR: No such command on config line 4: ip igmp join 224.1.1.1 13.13.13.2
^C2018/10/11 09:45:09 PIM: Terminating on signal SIGINT
2018/10/11 09:45:09 PIM: VRF Deletion: default(0)
Fixes: #3161
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The existing commands "ip as-path", "ip community list", "ip extcommunity
list" & "ip largecommunity list" is used to configure both for ipv4 and
ipv6. So the prefix "ip" is removed from these commands.
All the configuration, show related configuration, show running config
& boot up with write memory is also verified with the provided fix.
Signed-off-by: Sarita Patra <saritap@vmware.com>
Whether or not RPKI is enabled during build shouldn't really influence
vtysh; the user can always manually install bgpd_rpki.so later and it
should work. This also means that the behaviour of "RPKI module not
loaded" is consistent regardless of whether it was a compile-time or
runtime decision.
Signed-off-by: David Lamparter <equinox@diac24.net>
Since we're now building through one large Makefile, we can easily put
things with their daemons and crossreference nicely.
Signed-off-by: David Lamparter <equinox@diac24.net>
Note: no more --with-rfp-path on configure - badly messing with the
build system like this really isn't how to do a conditional external
dependency.
Signed-off-by: David Lamparter <equinox@diac24.net>
The new_completion function was not declared the same
way the rl_attempted_completion_function pointer was.
The only difference was a 'const char *' -vs- 'char *'
So convert it over.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The append_history function in lib readline appears to
not be universally available across all of the esoteric
platforms we may want to compile on. As such
provide a way to gracefully do nothing.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Remove isis_vty.c and create three new files isis_vty_common.c,
isis_vty_fabricd.c and isis_vty_isisd.c which are built into both
daemons, only fabricd and only isisd, respectively.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
Extend extract.pl so it can deal with the isis source code being
compiled twice, once for isisd and once for fabricd.
Add the fabricd node and client to vtysh.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
If a command returns a nonzero exit status and VTYSH has a corresponding
command, VTYSH will skip executing its own version. If this happens in a
command that changes CLI nodes we get node desynchronization.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
* Add zlog_* function to log with a reference code
* Add ability to track reference cards for errors to ferr.[ch]
* Assign some reference code ranges
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
The definition of the interface commands in vtysh.c were outdated.
Currently, all daemons that call if_cmd_init() will have the "no interface
IFNAME" command and the "[no] description" commands as well, so there's
no need to define exceptions for these commands anymore.
To fix this, make extract.pl parse the if.c file so that vtysh can get the
interface commands from there automatically. Only the "interface IFNAME
[vrf NAME]" must be kept in vtysh.c because it changes the vty node and
thus needs special treatment.
Finally, make pimd and pbrd display interface descriptions on "sh run"
when they are configured.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
* Only zebra and pimd call vrf_cmd_init(), so these are the only daemons
that should receive VRF commands from vtysh;
* "netns NAME" and "no netns NAME" are available only in zebra, write
custom DEFSHs in vtysh to make it aware of that;
* Remove the "no vrf NAME" definition from vtysh.c and expose the
original command to vtysh by converting the DEFUN_NOSH to a simple
DEFUN. This command doesn't change the vty node so there's no need to
special case it.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Implement vty shell integration and allow `bfdd` to be configured
through FRR's vtysh.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
If `ip igmp query-max-respone-time ` is specified allow it
to show up before `ip igmp query-interval ` since there
are order dependancies that may show up.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com.
This is the start of separating out the static
handling code from zebra -> staticd. This will
help simplify the zebra code and isolate static
route handling to it's own code base.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The semantics for suppressing output received from daemons changed
slightly when pipe actions were introduced, causing raw autocomplete
output to be printed where it shouldn't have been.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
When we are iterating through the hash, keep count of how many
we've called and if we have finished calling the hash->size
iterator times, then short-circuit and stop looping over
the entire array.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
* Move configure flag propagations out of user flags
* Use AC_SUBST to transfer flag values to Automake
* Set default AM_CFLAGS and AM_CPPFLAGS in common.am and change child
Makefiles to modify these base variables
* Add flag override to turn off all sanitizers when building clippy
* Remove LSAN suppressions blacklist as it's no longer needed
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
With a new version of clang 6.0, the compiler is detecting more
issues where we may be possibly be truncating the output string.
Fix by increasing the size of the output string to make the compiler
happy.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
New version of clang are detecting function parameters that we should
not be casting as such. Fix these issues.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
* Fix potential NULL dereference
* Fix use of uninitialized value
* Fix leaking memory by not freeing regex_t
* Fix extra \n when using empty regex filter
* Clean up still-reachable hook memory
* Handle nonexistent pager
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
* Rewrite pager implementation
* Replace fprintf() with vty_out()
* Modify vty_out() for better vtysh support
* Remove static global outputfile var
* Remove fp argument from many vtysh functions
* Add some docs for stuff along the way
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
The fp pointer has already been dereferenced in all paths
leading to the test for non NULL. Since we never crash
we know it cannot be NULL.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
If vtysh was instructed to perform line-by-line processing on the output
of a command executed against a daemon and this output, as received by
vtysh, was not terminated with a newline, vtysh could print contents of
memory to its output device.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Functionality to let vtysh attempt to reconnect to daemons when
connection is lost (e.g. crash or restart).
Signed-off-by: Mladen Sablic <mladen.sablic@gmail.com>
The warning string which appears when the users executes 'no (enable)
password' was moved into command.h and declared as a constant named
'NO_PASSWD_CMD_WARNING'.
This avoids duplicate code and makes it easy to change the warning
message in all places at once.
Signed-off-by: Pascal Mathis <mail@pascalmathis.com>
Currently, "vtysh -c" interface does not provide a logic to parse
commands ending with '?' character. In consequence, the following behavior
is observed:
$ vtysh -c "show bgp ?"
% Unknown command.
With these changes, i'm extending FRR's parser to be able to handle
these commands, which allow a more friendly interaction with users
that rely on "vtysh -c" interface. The typical use-case here is for
scenarios in which the final users relie on external/their-own CLI and
require a friendly interface to FRR's vtysh cli.
$ vtysh -c "show bgp ?"
<cr>
A.B.C.D Network in the BGP routing table to
display
A.B.C.D/M IPv4 prefix
X:X::X:X Network in the BGP routing table to display
X:X::X:X/M IPv6 prefix
attribute-info List all bgp attribute information
cidr-only Display only routes with non-natural netmasks
community Display routes matching the communities
community-info List all bgp community information
...
Signed-off-by: Rodny Molina <rmolina@linkedin.com>
When the user executes one of the commands 'no password' or 'no enable
password', a warning message gets shown to inform the user of the
security implications.
While the current implementation works, a warning message gets printed
once for each daemon, which can lead to seeing the same message many
times. This does not affect functionality, but looks like an error to
the user as it can be seen within issue #1432.
This commit only prints the warning message inside lib when vtysh
dispatch is not being used. Additionally, the warning message was copied
into the vtysh command handlers, so that they get printed exactly once.
Signed-off-by: Pascal Mathis <mail@pascalmathis.com>
The pull request #1545 from @donaldsharp introduced the command 'no
password' to remove an existing terminal connection password.
Additionally, warnings have been added to both 'no password' and 'no
enable password' to make the user aware of any security implications.
It seems that this specific pull request was never merged against master
and got lost. This commit is a cherry-pick of d4961273cb with fixed
conflicts and updated documentation.
Thanks to @donaldsharp and @pogojotz for the original PR.
Signed-off-by: Pascal Mathis <mail@pascalmathis.com>
The range for sequence numbers needs to be limited
by the range we have currently choosen for rule
ranges.
Ticket: CM-20562
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
In order to be able to configure flowspec from vtysh, the bgp_vty
flowspec file is added into vtysh files to parse.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Adding to mtracebis querying with group address. Same change
to vtysh mtrace command. Support for querying (S,G) and (*,G)
state in mtrace router code. Further improvments to mtrace router
code with closer complience to IETF draft. More references in
comments to the draft. Man page has been updated accordingly.
Signed-off-by: Mladen Sablic <mladen.sablic@gmail.com>
The grammar sandbox has had the ability to dump individual commands as
DOT graphs, but now that generalized DOT support is present it's trivial
to extend this to entire submodes. This is quite useful for visualizing
the CLI space when debugging CLI errors.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
How It's Made:
- vtysh -m is for frr-reload.py to know when a context ends. This is
done by executing commands against the CLI graph, checking for walkup,
and putting the appropriate context exit if walkup is necessary. Thus
the default case for walking up from a vrf context is fine, and
doesn't need a specific exit-vrf command. Remove that.
- exit-vrf needs to be explicitly printed at the end of vrf config
printing. We already do this.
- vtysh's special snowflake config prettiness logic needs to know that
exit-vrf goes with the vrf block and needs to be explicitly told not
place this in alphabetical order in that block. We also already do
this.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Need to explicitly exit this context otherwise we risk ambiguities
between global and vrf context commands
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
This is an implementation of PBR for FRR.
This implemenation uses a combination of rules and
tables to determine how packets will flow.
PBR introduces a new concept of 'nexthop-groups' to
specify a group of nexthops that will be used for
ecmp. Nexthop-groups are specified on the cli via:
nexthop-group DONNA
nexthop 192.168.208.1
nexthop 192.168.209.1
nexthop 192.168.210.1
!
PBR sees the nexthop-group and installs these as a default
route with these nexthops starting at table 10000
robot# show pbr nexthop-groups
Nexthop-Group: DONNA Table: 10001 Valid: 1 Installed: 1
Valid: 1 nexthop 192.168.209.1
Valid: 1 nexthop 192.168.210.1
Valid: 1 nexthop 192.168.208.1
I have also introduced the ability to specify a table
in a 'show ip route table XXX' to see the specified tables.
robot# show ip route table 10001
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, P - PIM, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
F - PBR,
> - selected route, * - FIB route
F>* 0.0.0.0/0 [0/0] via 192.168.208.1, enp0s8, 00:14:25
* via 192.168.209.1, enp0s9, 00:14:25
* via 192.168.210.1, enp0s10, 00:14:25
PBR tracks PBR-MAPS via the pbr-map command:
!
pbr-map EVA seq 10
match src-ip 4.3.4.0/24
set nexthop-group DONNA
!
pbr-map EVA seq 20
match dst-ip 4.3.5.0/24
set nexthop-group DONNA
!
pbr-maps can have 'match src-ip <prefix>' and 'match dst-ip <prefix>'
to affect decisions about incoming packets. Additionally if you
only have one nexthop to use for a pbr-map you do not need
to setup a nexthop-group and can specify 'set nexthop XXXX'.
To apply the pbr-map to an incoming interface you do this:
interface enp0s10
pbr-policy EVA
!
When a pbr-map is applied to interfaces it can be installed
into the kernel as a rule:
[sharpd@robot frr1]$ ip rule show
0: from all lookup local
309: from 4.3.4.0/24 iif enp0s10 lookup 10001
319: from all to 4.3.5.0/24 iif enp0s10 lookup 10001
1000: from all lookup [l3mdev-table]
32766: from all lookup main
32767: from all lookup default
[sharpd@robot frr1]$ ip route show table 10001
default proto pbr metric 20
nexthop via 192.168.208.1 dev enp0s8 weight 1
nexthop via 192.168.209.1 dev enp0s9 weight 1
nexthop via 192.168.210.1 dev enp0s10 weight 1
The linux kernel now will use the rules and tables to properly
apply these policies.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Signed-off-by: Don Slice <dslice@cumulusnetworks.com>
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
If a daemon sent vtysh a response whose size satisfied
1 <= 4096 - (size % 4096) <= 2
vtysh would hang.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
