Igor Ryzhov [Wed, 14 Apr 2021 10:08:18 +0000 (13:08 +0300)]
lib: fix access-list deletion
Problems with the current implementation:
* Delete hook is called before the deletion of the access-list from the
master list, which means that daemons processing this hook successfully
find this access-list, store a pointer to it in their structures, and
right after that the access-list is freed. Daemons end up having stale
pointer to the freed structure.
* Route-maps are not notified of the deletion.
Philippe Guibert [Wed, 17 Mar 2021 17:12:26 +0000 (18:12 +0100)]
nhrp, zebra, lib: enforce usage of zapi_neigh_ip structure
zapi_nbr structure is renamed to zapi_neigh_ip.
Initially used to set a neighbor ip entry for gre interfaces, this
structure is used to get events from the zebra layer to nhrp layer.
The ndm state has been added, as it is needed on both sides.
The zebra dplane layer is slightly modified.
Also, to clarify what ZEBRA_NEIGH_ADD/DEL means, a rename is done:
it is called now ZEBRA_NEIGH_IP_ADD/DEL, and it signified that this
zapi interface permits to set link operations by associating ip
addresses to link addresses.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Igor Ryzhov [Mon, 12 Apr 2021 11:17:30 +0000 (14:17 +0300)]
bfdd: fix nb cli show with defaults
The idea of the "with-defaults" flag is to show the default values for
parameters that were not configured by the user. But bfdd incorrectly
shows the default values for all parameters, including the
user-configured ones.
Igor Ryzhov [Thu, 8 Apr 2021 12:43:07 +0000 (15:43 +0300)]
lib: fix interface nb stale pointers
The first change in this commit is the processing of the VRF termination.
When we terminate the VRF, we should not delete the underlying interfaces,
because there may be pointers to them in the northbound configuration. We
should move them to the default VRF instead.
Because of the first change, the VRF interface itself is also not deleted
when deleting the VRF. It should be handled in netlink_link_change. This
is done by the second change.
The idea is to find out prefixes including specific BGP table version and
above.
Let's say I have a converged network and suddently I noticed a couple of
prefixes seems hijacked.
I want to look what new prefixes arrived with a specific BGP table version.
```
exit1-debian-9# show ip bgp version 8
BGP table version is 9, local router ID is 192.168.100.1, vrf id 0
Default local pref 100, local AS 65534
Status codes: s suppressed, d damped, h history, * valid, > best, = multipath,
i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes: i - IGP, e - EGP, ? - incomplete
bgpd: Show RPKI short state in `show bgp <afi> <safi>`
Just to be more informant, copying from Cisco.
```
exit1-debian-9# sh ip bgp
BGP table version is 4, local router ID is 192.168.100.1, vrf id 0
Default local pref 100, local AS 65534
Status codes: s suppressed, d damped, h history, * valid, > best, = multipath,
i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
David Lamparter [Fri, 9 Apr 2021 18:38:56 +0000 (20:38 +0200)]
pceplib: add missing endian.h and config.h
endian.h supplies be*toh() and htobe*() functions. This fixes the build
on musl libc. On other systems it seems endian.h comes in transitively
from some other header.
(Also, all .c files should have config.h or zebra.h as the first
include, even if it works without that it's b0rked and only works due to
luck.)
Tested-by: Lucian Cristian <lucian.cristian@gmail.com> Signed-off-by: David Lamparter <equinox@diac24.net>
Igor Ryzhov [Fri, 9 Apr 2021 16:42:23 +0000 (19:42 +0300)]
lib, doc: add "route-map NAME optimization" command
Currently we have a "route-map optimization" command which is entered
from inside the route-map entry but actually applies to the whole
route-map. In addition, this command is not shown in the running-config
and not stored to the startup-config during "write".
Let's add a new command on the config node level to control this setting
and show it in the running-config to make possible to save it during
"write".
The old command is saved for the backward compatibility but hidden and
marked as deprecated.
David Lamparter [Fri, 9 Apr 2021 17:56:05 +0000 (19:56 +0200)]
build: don't link pathd/path_main.c twice
Can't have things duplicate in libpath.a and pathd directly, they'll
crash into eath other on linking. No idea why this doesn't error out in
our CI builds, but it definitely breaks LTO builds.
Signed-off-by: David Lamparter <equinox@diac24.net>
Quentin Young [Fri, 9 Apr 2021 17:13:45 +0000 (13:13 -0400)]
tools: add note to users re: frr.conf overwrite
Most software doesn't overwrite its own config files; vtysh's 'wr mem'
may be confusing, so add a note to the config file explaining changes
made may be overwritten.
Quentin Young [Tue, 16 Feb 2021 23:05:38 +0000 (18:05 -0500)]
*: remove *.conf.sample files
Most of these are many, many years out of date. All of them vary
randomly in quality. They show up by default in packages where they
aren't really useful now that we use integrated config. Remove them.
Quentin Young [Fri, 9 Apr 2021 16:55:33 +0000 (12:55 -0400)]
doc: describe acceptable commit messages
Update workflow.rst to state that commit messages consisting solely of
program output, or that otherwise fail to adequately summarize the
changes being made, are unacceptable.
Philippe Guibert [Fri, 26 Feb 2021 09:04:25 +0000 (10:04 +0100)]
zebra: move neighbor table configuration to dplane contexts
Instead of directly configuring the neighbor table after read from zapi
interface, a zebra dplane context is prepared to host the interface and
the family where the neighbor table is updated. Also, some other fields
are hosted: app_probes, ucast_probes, and mcast_probes. More information
on those fields can be found on ip-ntable configuration.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Philippe Guibert [Thu, 25 Feb 2021 10:12:34 +0000 (11:12 +0100)]
zebra, lib: handle NEIGH_ADD/DELETE to zebra dataplane framework
EVPN neighbor operations were already done in the zebra dataplane
framework. Now that NHRP is able to use zebra to perform neighbor IP
operations (by programming link IP operations), handle this operation
under dataplane framework:
- assign two new operations NEIGH_IP_INSTALL and NEIGH_IP_DELETE; this
is reserved for GRE like interfaces:
example: ip neigh add A.B.C.D lladdr E.F.G.H
- use 'struct ipaddr' to store and encode the link ip address
- reuse dplane_neigh_info, and create an union with mac address
- reuse the protocol type and use it for neighbor operations; this
permits to store the daemon originating this neighbor operation.
a new route type is created: ZEBRA_ROUTE_NEIGH.
- the netlink level functions will handle a pointer, and a type; the
type indicates the family of the pointer: AF_INET or AF_INET6 if the
link type is an ip address, mac address otherwise.
- to keep backward compatibility with old queries, as no extension was
done, an option NEIGH_NO_EXTENSION has been put in place
- also, 2 new state flags are used: NUD_PERMANENT and NUD_FAILED.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Philippe Guibert [Thu, 25 Feb 2021 14:06:23 +0000 (15:06 +0100)]
zebra: fixes NDA_DST in netlink_neigh_update() function
When netlink_neigh_update() is called, the link registration was
failing, due to bad request length.
Also, the query was failing if NDA_DST was an ipv6 address.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Philippe Guibert [Fri, 13 Dec 2019 17:09:11 +0000 (18:09 +0100)]
nhrp, lib, zebra: add/del neighbor entry possible from nhrp
a zebra api is extended to offer ability to add or remove neighbor
entry from daemon. Also this extension makes possible to add neigh
entry, not only between IPs and macs, but also between IPs and NBMA IPs.
This API supports configuring ipv6/ipv4 entries with ipv4/ipv6 lladdr.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Philippe Guibert [Thu, 12 Dec 2019 15:08:26 +0000 (16:08 +0100)]
nhrpd: link layer registration to notifications
neighbor notifications are done in zebra. so, instead of relying on
nhrp, rely on zebra by using zebra api interface.
Consequently, the code originally used in nhrp for netlink neighor
notification is no more used.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Philippe Guibert [Thu, 12 Dec 2019 15:06:59 +0000 (16:06 +0100)]
zebra: link layer config and notification, implementation in zebra
zebra implements zebra api for configuring link layer information. that
can be an arp entry (for ipv4) or ipv6 neighbor discovery entry. This
can also be an ipv4/ipv6 entry associated to an underlay ipv4 address,
as it is used in gre point to multipoint interfaces.
this api will also be used as monitoring. an hash list is instantiated
into zebra (this is the vrf bitmap). each client interested in those entries
in a specific vrf, will listen for following messages: entries added, removed,
or who-has messages.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Philippe Guibert [Thu, 12 Dec 2019 15:05:14 +0000 (16:05 +0100)]
lib: link layer neighbor registration and notification, define API msgs
This patch implements new zapi api to get neighbor information that zebra knows
and that other daemons may need to know. Actually, nhrp daemons is
interested in getting the neighbor information on gre interfaces, and
the API will be used for that.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Philippe Guibert [Tue, 16 Jul 2019 13:21:29 +0000 (15:21 +0200)]
nhrpd: lookup appropriate ipsec path
lookup appropriate ipsec path. there are systems where the path where
the charon.vici file is not in standard paths. For that, 'ipsec
--piddir' may help in solving the path.
result of ipsec --piddir is as follow for example:
'
/etc/ike/ipsec.d/run
'
Note that the assumption is done that even if there are several
instances of strongswan across the vrfs, the charon.vici path file is
the same across vrfs. Consequently, as there is a thread per vrf that
performs vici initialisation, and file path retrieval is part of the
vici initialisation procedure, in order to avoid intempestive system
calls, use a boolean 'vici_charon_filepath_done' to avoid doing
unnecessary calls.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Rafael Zalamena [Fri, 9 Apr 2021 13:54:23 +0000 (10:54 -0300)]
ospfd: fix crash on interface/vrf removal
The interface parameters deletion must be called before
`route_table_finish` due to the usage of the route data structures to
search neighbors in the same interface. If the route info is removed
before that we get the following crash:
```
6 0x00007f5c6ed50394 in core_handler at lib/sigevent.c:255
7 <signal handler called>
8 ospf_interface_bfd_apply (ifp=<optimized out>) at ospfd/ospf_bfd.c:130
9 0x000055d4c306d076 in ospf_interface_disable_bfd at ospfd/ospf_bfd.c:159
10 0x000055d4c3071781 in ospf_del_if_params at ospfd/ospf_interface.c:553
11 0x000055d4c3071900 in ospf_if_delete_hook at ospfd/ospf_interface.c:704
12 0x00007f5c6ed17935 in hook_call_if_del at lib/if.c:59
13 if_delete_retain at lib/if.c:290
14 0x00007f5c6ed19bc5 in if_delete at lib/if.c:313
15 0x00007f5c6ed19d88 in if_terminate at lib/if.c:1067
16 0x00007f5c6ed63a04 in vrf_delete at lib/vrf.c:297
17 0x00007f5c6ed76784 in zclient_vrf_delete at lib/zclient.c:1974
18 zclient_read at lib/zclient.c:3686
19 0x00007f5c6ed60f85 in thread_call at lib/thread.c:1815
20 0x00007f5c6ed20228 in frr_run at lib/libfrr.c:1149
21 0x000055d4c306bc70 in main at ospfd/ospf_main.c:233
```
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
Current behavior has an EVPN_ENABLED check for both standard and 'no'
forms of 'advertise-svi-ip' and 'advertise-default-gw'. This prevents a
user from removing either command from running config if
'advertise-all-vni' is not present.
This commit removes/adjusts the EVPN_ENABLED checks to always allow the
'no' command so config doesn't get stuck.
projects / mirror_frr.git / log