When creating a xfrm interface FRR is crashing when configured
with isis. This is because the weird pattern of not allocating
list's until needed and then allowing the crash when we have
a usage pattern that was not expected. Just always allocate
the different lists that a circuit needs.
(gdb) bt
(gdb)
Fixes#11432
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
isis_ifp_down() may in some circumstances be called twice on a down
interface event.
Avoid applying fast-reroute on an already down interface.
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
When an IS-IS interface is coming down, fast-reroute may be triggered
twice: a first time after the detection of the interface down event and
a second time after the detection of the adjacency down (because of the
expiration of the ISIS Hello or BFD timers).
Avoid a BFD down event from running fast-reroute another time if the
interface was already detected down.
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Backup routes are sent to zebra by routing daemons such as isisd so that
the dataplane can pre-install them with a lower priority. When an
interface comes down, the associated primary routes are discarded by the
dataplane and the backup ones take over.
However, some dataplanes (e.g. Netlink ones) do not pre-install the
backup routes. Associated prefixes have no next-hop until SPF is
recomputed.
Apply fast-reroute as soon as an interface falls down by sending route
UPDATEs to zebra.
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
When a adjacency falls down, the primary routes are not deleted on the
dataplane until the SPF is recomputed. Even the backup routes are
pre-installed on the dataplane, there is no fast-route optimization.
Reasons for an adjacency to come down are:
- BFD down
- Hello timer timeout
- User adjacency clear
Apply the backup route switchover for fast-reroute as soon an IS-IS
adjacency falls down before the first SPF re-computation. Pre-computed
backup routes are applied sooner.
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
When lsp-mtu is configured larger than interface mtu and the interface
is brought up, the ISIS code would crash. When other vendors have this
misconfiguration they just continue ISIS running and allow the LSP
packets to be created but not sent. When the misconfiguration is corrected
the LSP packets start being sent. This change creates that same behavior
in FRR.
The startup issue I am hitting is when the isis lsp-mtu is larger that the interfaces mtu.
We run into this case when we are in the process of changing the mtu on a tunnel.
I issue a shutdown/no shutdown on the interface, because the tunnel MTU is smaller
than the lsp-mtu, it is considered an error and calls circuit_if_del. This deletes
part of the circuit information, which includes the circuit->ip_addr list. Later on we get
an address update from zebra and try to add the interface address to this list and crash.
2022/04/07 20:19:52.032 ISIS: [GTRPJ-X68CG] CSM_EVENT for tun_gw2: IF_UP_FROM_Z
calls isis_circuit_if_add
this initialize the circuit->ip_addrs
isis_circuit_up
has the mtu check circuit->area->lsp_mtu > isis_circuit_pdu_size(circuit) and fails
returns ISIS_ERROR
on failure call isis_circuit_if_del
this deletes the circiut->ip_addrs list <----
2022/04/07 20:19:52.032 ZEBRA: [NXYHN-ZKW2V] zebra_if_addr_update_ctx: INTF_ADDR_ADD: ifindex 3, addr 192.168.0.1/24
message to isisd to add address
isis_zebra_if_address_add
isis_circuit_add_addr
circuit->ip_addr we try to add the ip address to the list, but it was deleted above and isisd crashes
Signed-off-by: Lynne Morrison <lynne.morrison@ibm.com>
VRF name should not be printed in the config since 574445ec. The update
was done for NB config output but I missed it for regular vty output.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
- Add advertisement of Global IPv6 address in IIH pdu
- Add new CLI to set IPv6 Router ID
- Add advertisement of IPv6 Router ID
- Correctly advertise IPv6 local and neighbor addresses in Extended IS and MT
Reachability TLVs
- Correct output of Neighbor IPv6 address in 'show isis database detail'
- Manage IPv6 addresses advertisement and corresponiding Adjacency SID when
IS-IS is not using Multi-Topology by introducing a new ISIS_MT_DISABLE
value for mtid (== 4096 i.e. first reserved flag set to 1)
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
Since f60a1188 we store a pointer to the VRF in the interface structure.
There's no need anymore to store a separate vrf_id field.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
We should always treat the VRF interface as a loopback. Currently, this
is not the case, because in some old pre-VRF code we use if_is_loopback
instead of if_is_loopback_or_vrf. To avoid any future problems, the
proposal is to rename if_is_loopback_or_vrf to if_is_loopback and use it
everywhere. if_is_loopback is renamed to if_is_loopback_exact in case
it's ever needed, but currently it's not used anywhere.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
We don't need to scan through all configured areas to find the circuit
associated with the interface. It is always stored in ifp->info.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Currently, we have a lot of checks in CLI and NB layer to prevent
incompatible IS-types of circuits and areas. All these checks become
completely meaningless when the interface is moved between VRFs. If the
area IS-type is different in the new VRF, previously done checks mean
nothing and we still end up with incorrect circuit IS type. To actually
prevent incorrect IS type, all checks must be done in the processing
code.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
When writing the config from the NB-converted daemon, we must not rely
on the operational data. This commit changes the output of the interface
configuration to use only config data. As the code is the same for all
daemons, move it to the lib and remove all the duplicated code.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
There is a possibility that the same line can be matched as a command in
some node and its parent node. In this case, when reading the config,
this line is always executed as a command of the child node.
For example, with the following config:
```
router ospf
network 193.168.0.0/16 area 0
!
mpls ldp
discovery hello interval 111
!
```
Line `mpls ldp` is processed as command `mpls ldp-sync` inside the
`router ospf` node. This leads to a complete loss of `mpls ldp` node
configuration.
To eliminate this issue and all possible similar issues, let's print an
explicit "exit" at the end of every node config.
This commit also changes indentation for a couple of existing exit
commands so that all existing commands are on the same level as their
corresponding node-entering commands.
Fixes#9206.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
The only difference in daemons' interface node definition is the config
write function. No need to define the node in every daemon, just pass
the callback as an argument to a library function and define the node
there.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
isis_circuit_enable can be called for an already enabled circuit. In this
case we would add the circuit to the area multiple times.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Compile with v2.0.0 tag of `libyang2` branch of:
https://github.com/CESNET/libyang
staticd init load time of 10k routes now 6s vs ly1 time of 150s
Signed-off-by: Christian Hopps <chopps@labn.net>
YANG model and CLI commands allow user to configure LDP-sync per area.
But the actual implementation is incorrect - all commands are changing
the config for the whole VRF instead of a single area. This commit fixes
this issue by actually implementing per area configuration.
Fixes#8578.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Currently we don't allow to configure the interface before the area is
configured. This approach has the following issues:
1. The area config can be deleted even when we have an interface config
relying on it. The code is not ready for that - we'll have a whole
bunch of stale pointers if user does that.
2. The code doesn't correctly process the event of changing the VRF for
an interface. There is no mechanism to ensure that the area exists
in the new VRF so currently the circuit still stays in the old VRF.
This commit allows an arbitrary order of area/interface configuration.
There is no more need to configure the area before configuring the
interface.
This change fixes both the issues.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Call from isis_circuit_create works only if we enable isis on an already
existing interface. If we configure isis on a pseudo interface and then
actually create it - this call doesn't work.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Necessary structures for snmp-id generation are currently stored in
`struct isis`. When we generate the new circuit ID, we always use the
instance from the default VRF. When we free the circuit ID, we use the
instance from the circuit VRF. This causes the following problems:
1. If there is no instance in the default VRF, this code doesn't work.
2. When circuit in non-default VRF is deleted, the ID is not actually
freed.
This is fixed by using global structures instead. The code itself is
moved to isis_snmp.c and linked to the main code using hooks. We should
not call SNMP-related code when the SNMP module is not loaded at all.
More than that, we don't allow to activate the circuit if we failed to
generate the SNMP ID. Even if SNMP support is completely disabled! This
check is removed.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Convert most DEFINE_MTYPE into the _STATIC variant, and move the
remaining non-static ones to appropriate places.
Signed-off-by: David Lamparter <equinox@diac24.net>
Add support for read only mib objects from RFC4444.
Signed-off-by: Lynne Morrison <lynne@voltanet.io>
Signed-off-by: Karen Schoener <karen@voltanet.io>
The fields in the broadcast/p2p union struct in an isis circuit are
initialized when the circuit goes up, but currently this step is
skipped if the interface is passive. This can create problems if the
circuit type (referred to as network type in the config) changes from
broadcast to point-to-point. We can end up with the p2p neighbor
pointer pointing at some garbage left by the broadcast struct in the
union, which would then cause a segfault the first time we would
dereference it - for example when building the lsp, or computing the
SPF tree.
compressed backtrace of a possible crash:
#0 0x0000555555579a9c in lsp_build at frr/isisd/isis_lsp.c:1114
#1 0x000055555557a516 in lsp_regenerate at frr/isisd/isis_lsp.c:1301
#2 0x000055555557aa25 in lsp_refresh at frr/isisd/isis_lsp.c:1381
#3 0x00007ffff7b2622c in thread_call at frr/lib/thread.c:1549
#4 0x00007ffff7ad6df4 in frr_run at frr/lib/libfrr.c:1098
#5 0x000055555556b67f in main at frr/isisd/isis_main.c:272
isis_lsp.c:
1112 case CIRCUIT_T_P2P: {
1113 struct isis_adjacency *nei = circuit->u.p2p.neighbor;
1114 if (nei && nei->adj_state == ISIS_ADJ_UP
Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
Replace all lib/thread cancel macros, use thread_cancel()
everywhere. Only the THREAD_OFF macro and thread_cancel() api are
supported. Also adjust thread_cancel_async() to NULL caller's pointer (if
present).
Signed-off-by: Mark Stapp <mjs@voltanet.io>
The code in isisd uses `circuit->area->isis` all the time
but we know that circuit now has a valid `circuit->isis` pointer
so let's use that and cleanup the long dereference.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
There are code paths where we were not always setting the
circuit->isis on creation. Fix that up so it will always
happen.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
1. Added isis with different vrf and it's dependecies.
2. Added new vrf leaf in yang.
3. A minor change for IF_DOWN_FROM_Z passing argrument is
replaced with ifp pointer in api "isis_if_delete_hook()".
4. Minor fix in the isisd spf unit test.
Co-authored-by: Kaushik <kaushik@niralnetworks.com>"
Signed-off-by: harios_niral <hari@niralnetworks.com>
1. Created a structure "isis master".
2. All the changes are related to handle ISIS with different vrf.
3. A new variable added in structure "isis" to store the vrf name.
4. The display commands for isis is changed to support different VRFs.
Signed-off-by: Kaushik <kaushik@niralnetworks.com>
Remove mid-string line breaks, cf. workflow doc:
.. [#tool_style_conflicts] For example, lines over 80 characters are allowed
for text strings to make it possible to search the code for them: please
see `Linux kernel style (breaking long lines and strings)
<https://www.kernel.org/doc/html/v4.10/process/coding-style.html#breaking-long-lines-and-strings>`_
and `Issue #1794 <https://github.com/FRRouting/frr/issues/1794>`_.
Scripted commit, idempotent to running:
```
python3 tools/stringmangle.py --unwrap `git ls-files | egrep '\.[ch]$'`
```
Signed-off-by: David Lamparter <equinox@diac24.net>
