When trying to run PIM on *bsd, the kernel expects to only
allow the pim kernel socket to work if we elevate priviledges.
So do so.
This commit gets us further in the startup of PIM on *bsd
but is not sufficient to get it fully started yet.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
If we attempt to register nexthops before we have the zebra
connection, they will not be installed. After we have noticed
that we are up, re-install them.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Allow some debug notification when we are unable to talk
to zebra due to the connection not being there yet.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
This change is a fixup to -
7b5e18 - bgpd: use IP address as tie breaker if the MM seq number is the
same
And is being done in response to review comments. This commit brings no
functional change; simply moves around code for easier maintanence.
Signed-off-by: Anuradha Karuppiah <anuradhak@cumulusnetworks.com>
When the remote mac is deleted by bgpd we can end up with an auto mac
entry in zebra if there are neighs referring to the mac. The remote sequence
number in the auto mac entry needs to be reset to 0 as the mac entry may
have been removed on all VTEPs (including the originating one).
Now if the MAC comes back on a remote VTEP it may be added with MM=0 which
will NOT be accepted if the remote seq was not reset in the previous step.
Ticket: CM-22707
Signed-off-by: Anuradha Karuppiah <anuradhak@cumulusnetworks.com>
Signed-off-by: Vivek Venkatraman <vivek@cumulusnetworks.com>
This is a fixup to commit -
f32ea5c07 - zebra: act on kernel notifications for remote neighbors
The original commit handled a race condition between kernel and zebra
that would result in an inconsistent state i.e.
kernel has an offload/remote neigh
zebra has a local neigh
The original commit missed setting the neigh to active when zebra
tried to resolve the inconsistency by modifying the local neigh to
remote neigh on hearing back its own kernel update. Fixed here.
Signed-off-by: Anuradha Karuppiah <anuradhak@cumulusnetworks.com>
Signed-off-by: Vivek Venkatraman <vivek@cumulusnetworks.com>
Ticket: CM-22700
Same sequence number handling is specified by RFC 7432 -
[
If two (or more) PEs advertise the same MAC address with the same
sequence number but different Ethernet segment identifiers, a PE that
receives these routes selects the route advertised by the PE with the
lowest IP address as the best route.
If the PE is the originator of the MAC route and it receives the same
MAC address with the same sequence number that it generated, it will
compare its own IP address with the IP address of the remote PE and
will select the lowest IP. If its own route is not the best one, it
will withdraw the route.
]
To implement that specification this commit uses nexthop IP as a tie
breaker between two paths of equal seq number with lower IP winning.
Now if a local path already exists with the same sequence number but higher
(local-VTEP) IP it is evicted (deleted and withdrawn from the peers) and
the winning new remote path is installed in zebra. This is existing code
and handled implicitly via evpn_route_select_install.
If a local path is rxed from zebra with the same sequence as the
current remote winner it is rejected (not installed in the bgp
routing tables) and zebra is asked to re-install the older/remote winner.
This is a race condition that can only happen if bgp's add and zebra's add
cross paths. Additional handling has been added in this commit via
evpn_cleanup_local_non_best_route to take care of the race condition.
Ticket: CM-22674
Reviewed By: CCR-7937
Signed-off-by: Anuradha Karuppiah <anuradhak@cumulusnetworks.com>
This is needed to install the remote dst when a more preferred local
path is removed.
Ticket: CM-22685
Reviewed By: CCR-7936
Signed-off-by: Anuradha Karuppiah <anuradhak@cumulusnetworks.com>
When events cross paths between bgp and zebra bgpd could end up with a
dangling local MAC entry. Consider the following sequence of events on
rack-1 -
1. MAC1 has MM sequence number 1 and points to rack-3
2. Now a packet is rxed locally on rack-1 and rack-2 (simultaneously) with
source-mac=MAC1.
3. This would cause rack-1 and rack-2 to set the MM seq to 2 and
simultaneously report the MAC as local.
4. Now let's say on rack-1 zebra's MACIP_ADD is in bgpd's queue. bgpd
accepts rack-3's update and sends a remote MACIP add to zebra with MM=2.
5. zebra updates the MAC entry from local=>remote.
6. bgpd now processes zebra's "stale local" making it the best path.
However zebra no longer has a local MAC entry.
At this point bgpd and zebra are effectively out of sync i.e. bgpd has a
local-MAC which is not present in the kernel or in zebra.
To handle this window zebra should send a local MAC delete to bgpd on
modifying its cache to remote.
Ticket: CM-22687
Reviewed By: CCR-7935
Signed-off-by: Anuradha Karuppiah <anuradhak@cumulusnetworks.com>
local mac add/del comes from zebra. the hidden commands help verify
various race conditions between bgp and zebra.
Ticket: CM-22687
Reviewed By: CCR-7939
Signed-off-by: Anuradha Karuppiah <anuradhak@cumulusnetworks.com>
Problems were reported with the name of the default vrf and the
default bgp instance being different, creating confusion. This
fix changes both to "default" for consistency.
Ticket: CM-21791
Signed-off-by: Don Slice <dslice@cumulusnetworks.com>
Reviewed-by: CCR-7658
Testing: manual testing and automated tests before pushing
Current clang has an issue with the pointer/target argument
to at least one atomic/intrinsic. A variable with '_Atomic'
generates a compile-time error. Use a cast as a workaround
here to allow use of clang for now.
Signed-off-by: Mark Stapp <mjs@voltanet.io>
When the rib code is informed that a table is closing/
going away, only try once to uninstall associated routes from
the fib/dataplane. The close path can be called multiple times
in some cases - zebra shutdown, e.g.
Signed-off-by: Mark Stapp <mjs@voltanet.io>
CONFDATE should not be used like this. Also, the extraversion is now
burned into tarballs anyway so this is no longer neccessary.
Signed-off-by: David Lamparter <equinox@diac24.net>
Both of these are testing/demo-style tools that don't make sense as part
of a normal installation. So don't install them.
NB: this is only the executables, libospfclient and the RFP code are not
affected.
Signed-off-by: David Lamparter <equinox@diac24.net>
This fixes the longstanding GPL vs. OpenSSL licensing issue in our SNMP
code (and cuts down on its other dependencies a wee bit.)
In a way, net-snmp is really buggy here in what it says that we should
link against, but I don't know their application scenarios well enough
to say it should be changed at their end.
Signed-off-by: David Lamparter <equinox@diac24.net>
clang-format always indent labels by default and that can't be changed
with any configuration option. Also, indented labels tend to improve
code readability, especially in long functions.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
These instructions are intended to be temporary until we have libyang
packages available for all supported platforms.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
As it can be seen below, this translator covers only ~13% of the
ietf-rip YANG module. Work must be done to increase that number.
ripd> en
ripd# conf t
ripd(config)# yang module-translator load /tmp/frr-ietf-translator.json
% Module translator "ietf" loaded successfully.
ripd(config)# do show yang module-translator
Family Module Deviations Coverage (%)
-----------------------------------------------------------------------
ietf ietf-interfaces frr-deviations-ietf-interfaces 3.92
ietf ietf-routing frr-deviations-ietf-routing 1.56
ietf ietf-rip frr-deviations-ietf-rip 13.60
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Implement the 'authentication-failure' and 'authentication-type-failure'
notifications defined in the frr-ripd YANG module.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
This command deletes all received routes from the RIP routing table.
It should be used with caution as it can create black holes in the
network until RIP reconverges. Very useful to make automated testing
(e.g. ANVL) more predictable, since the internal state of ripd can be
cleared after each test.
Implement the command using a YANG RPC so that it can be executed by
other northbound clients in addition to the CLI.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Support for fetching operational data is experimental at this point.
Locks must be introduced to ensure the rip->table routing table won't
be modified while we're iterating asynchronously over it (or iterating
from a separate pthread).
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Support for fetching operational data is experimental at this point.
Locks must be introduced to ensure the peer_list global variable won't
be modified while we're iterating asynchronously over it (or iterating
from a separate pthread).
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
The vty configuration lock is used to prevent inconsistencies when
multiple users are editing the configuration at the same time. The
pointer stored in vty->index might become invalid if the associated
configuration object is removed by another user in another CLI session.
Commands converted to the new northbound model don't use vty->index,
but vty->xpath_index and the vty->xpath array. The nb_cli_cfg_change()
function uses the VTY_CHECK_XPATH macro to check if the configuration
object being edited still exists and returns an error if it doesn't.
Now that all ripd commands were converted to the new northbound model,
remove the ripd vty lock because it's not necessary anymore.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
We can now leverage the new northbound API to perform a full configuration
reload in ripd without the need for external help (i.e. frr-reload.py).
When vty_read_config() is called with the 'config' parameter set to
NULL, it performs a new configuration transaction where the running
configuration is *replaced* by the provided configuration file. With that
said, we don't need to do anything other than calling this function in
the SIGHUP handler of all FRR daemons. If a daemon hasn't been converted
to the new northbound model, vty_read_config() will simply *merge*
the configuration file into the running configuration.
The calls to rip_clean() and rip_reset() in the SIGUP handler were
changing configuration variables directly, bypassing the northbound
layer. Configuration variables should be changed only by the northbound
callbacks, and failure to respect that inevitably leads to inconsistencies
and crashes. Fix this.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Now that "router rip" and all underlying commands were converted to the
new northbound model, there's no need to use the qobj infrastructure to
keep track of the 'rip' global variable anymore.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Trivial conversion. Use the northbound 'apply_finish()' callback so
we'll call rip_event() only once even if we change the three RIP timers
at the same time.
Convert the timers to uint32_t to match their representation in the
YANG model.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Trivial conversion. Remove the rip->route routing table and associated
code because this variable was used only to show the running
configuration.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Trivial conversion. As usual, combine multiple DEFUNs into a single
DEFPY for simplicity.
As a bonus of the northbound conversion, this commit fixes the
redistribution of certain protocols into ripd. The 'redist_type' array
used by the "redistribute" commands was terribly outdated, which was
preventing the CLI to parse correctly certain protocols like isis
and babel.
Remove the route_map hooks installed by rip_route_map_init() since they
were redundant (rip_init() already takes care of that).
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
In ripd, the "passive-interface default" command has the following
behavior:
* All interfaces are converted to the passive mode;
* The "passive-interface IFNAME" command becomes a no-operation and
"passive-interface IFNAME" statements are removed from the running
configuration.
* The "no passive-interface IFNAME" can be used to remove interfaces
from the passive mode.
This command was modeled using the following YANG data nodes in the
frr-ripd module:
leaf passive-default {
type boolean;
default "false";
description
"Control whether interfaces are in the passive mode
by default or not.";
}
leaf-list passive-interface {
when "../passive-default = 'false'";
type string {
length "1..16";
}
description
"A list of interfaces where the sending of RIP packets
is disabled.";
}
leaf-list non-passive-interface {
when "../passive-default = 'true'";
type string {
length "1..16";
}
description
"A list of interfaces where the sending of RIP packets
is enabled.";
}
The 'when' statements guarantee that the list of passive interfaces
is cleared when the "passive-interface default" command is entered
(likewise, they guarantee that the list of non-passive interfaces is
cleared when the "passive-interface default" command is removed). This
matches exactly the behavior we want to model.
Finally, move the 'passive_default' global variable into the
'rip' structure where it belongs. This fixed the bug where the
"passive-interface default" command was being retained after a "no router
rip" + "router rip".
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Remove the rip_offset_list_set() and rip_offset_list_unset() functions
since they set/unset multiple configuration options at the same time. The
northbound callbacks need to set/unset configuration options individually.
The frr-ripd YANG module models the "offset-list" command using a list
keyed by the 'interface' and 'direction' leafs. One important detail is
that the IFNAME parameter is optional, and when it's not present it means
we want to match all interfaces. This is modeled using an interface name
of '*' since key lists are mandatory by definition in YANG.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
The frr-ripd YANG module models the ripd "network" command using two
separate leaf-lists for simplicity: one leaf-list for interfaces and
another leaf-list for actual networks. In the 'cli_show' callbacks,
display the "network" command for entries of both leaf-lists.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
