vivek [Sun, 4 Feb 2018 12:33:33 +0000 (12:33 +0000)]
*: PBR - netlink interaction and basic definitions
Implement netlink interactions for Policy Based Routing. This includes
APIs to install and uninstall rules and handle notifications from the
kernel related to rule addition or deletion. Various definitions are
added to facilitate this.
Signed-off-by: Vivek Venkatraman <vivek@cumulusnetworks.com> Reviewed-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Mon, 5 Feb 2018 15:40:09 +0000 (10:40 -0500)]
bgpd, lib, zebra: Switch to work_queue_free_and_null
The work_queue_free function free'd up the wq pointer but
did not set it too NULL. This of course causes situations
where we may use the work_queue after it is freed. Let's
modify the work_queue to set the pointer for you.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Tue, 6 Mar 2018 21:07:14 +0000 (16:07 -0500)]
lib: Increase zapi buffer size
The buffer size is currently 4k. Increase x4 times to allow for bigger
messages to be sent over the zapi.
The current size sufficient for most cases, but there are a couple
of cases with installing data to the kernel ip rules where we will
quickly hit this 4k size limit. I forsee flowspec getting close
to this limit as well.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Quentin Young [Tue, 6 Mar 2018 18:42:53 +0000 (13:42 -0500)]
ospfd: cancel SR thread at shutdown
Otherwise if it is scheduled the thread pointer will be accessed after
the shutdown task finishes accessing, having deleted the structure that
owns said pointer, which causes a heap UAF.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
The NS_DEFAULT value returns UNKNOWN in the case the vrf lite backend is
used, whereas this is wrong. This commit fixes the default value.
Also, it fixes the default value in the case NETNS support from system
is not ok, or some error can occur when reading default NS at startup.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
bgpd: permit bgp vrf socket creation on some cases
When VRF is not yet available at startup, the check for main socket
presence must be done. As the main socket creation is made in a separate
place from vrf socket for netns, ths main socket creation must not be
prevented when a BGP VRF relies on vrf lite mechanism.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Quentin Young [Mon, 5 Mar 2018 18:20:22 +0000 (13:20 -0500)]
tools: add LeakSanitizer suppressions list
Building FRR with AddressSanitizer is kind of annoying since
libpython3.5 leaks memory, clippy links libpython3.5 and clippy runs as
part of the build process. LeakSanitizer has a way to suppress leaks at
runtime by setting the LSAN_OPTIONS environment variable to contain a
file path to a suppression list:
LSAN_OPTIONS=suppressions=path/to/suppr.txt
This commit provides the file. Setting this environment variable to
before building should allow a clean build with ASAN enabled. The
relative path is there because LeakSanitizer looks at paths relative to
the binary it is sanitizing; clippy is in lib/ so the path is set
relative to lib/.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
This capability, when used, is mapped over linux sys_admin capability.
This is necessary from the daemon perspective, in order to handle NETNS
based VRFs, because calling setns() requires sys admin capability.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Chirag Shah [Tue, 27 Feb 2018 19:24:16 +0000 (11:24 -0800)]
ospf6d: assign zebra router-id to ospf6 instance
Store zebra router-id in global structure.
Before router ospf6 instance created,
zebra router-id callback called.
During ospf6 main execution zebra init happens,
but default instance does not execute until
cli replay 'router ospf6'.
Call ospf6_router_id_change during 'router ospf6'
to assign zebra router id to ospf6 instance.
Quentin Young [Wed, 28 Feb 2018 21:14:45 +0000 (16:14 -0500)]
lib: add mt-safe debugging facilities
The current strategy for fine-grained debugging across FRR is to use
static long int bitfields, in combination with helper macros that are
copy-pasted between daemons, to hold state on what debugging information
should be collected at any given time. This has a couple of problems:
* These bitfields are generally extern'd and accessed everywhere, so
they are not MT-safe or easy to make MT-safe
* Lots of code duplication from copy-pasting the DEBUG_* macros...
* Code duplication because of the "term" vs "conf" debugging concept
This patch aims to remedy that by providing some infrastructure to work
with debugs. The core concept of using bitfields has been retained, but
the number of these for each debug has been reduced to 1. This allows
easy use of lock-free methods for synchronizing access to debugging
info.
The helper macros have also been retained but they are now collected in
one place and perform exclusively atomic operations.
Finally there is a bit of code that allows daemons to register
callbacks, which I used to implement a command that will toggle all
debugging for any daemons that use these facilities.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Chirag Shah [Thu, 15 Feb 2018 03:02:11 +0000 (19:02 -0800)]
ospf6d: ECMP for external routes
The route being added check its origin matches,
with any of the existing path (list of paths).
Remove the existing path, add if its cost is
eqaual or less than any of the existing path.
For a given route and of existing path cost is lower
(better) than one being added, discard new route update.
The existing path cost is higher (lower) than one being
added, ospf6_route_add replaces existing with new route
info.
Compare cost between delete request and with existing
route.
Ticket:CM-16139
Signed-off-by: Chirag Shah <chirag@cumulusnetworks.com>
Donald Sharp [Thu, 1 Mar 2018 00:22:47 +0000 (19:22 -0500)]
lib, zebra: Add type and instance to nexthop update message
Add the originating routes type and instance to the nexthop
update message. This is necessary because there exist
scenarios where BGP needs to make a decision about the
originating route type and instance to know if it is
going to be doing a route replace to a route that would
resolve to itself.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Thu, 1 Mar 2018 00:16:51 +0000 (19:16 -0500)]
ospfd: Add vrf to nhlfe route add
So when a ospf SR is sending down routes to the kernel
ensure that the nexthop vrf_id is set appropriately.
Yes SR is in the default VRF. But for people who
run across this code in the future, they will know
to do the right thing from it.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Olivier Dugeon [Fri, 9 Feb 2018 11:06:35 +0000 (12:06 +0100)]
ospfd: Add json output for Segment Routing
- To ease checking the Segment Routing conformity in topotest,
add json output to 'show ip ospf database segment-routing' CLI.
- Update ospfd user guide accordingly
- Update OSPF-SR documentation with supported features and interoperability
Philippe Guibert [Fri, 16 Feb 2018 17:22:34 +0000 (18:22 +0100)]
zebra: prevent from discovering a NS with same NSID as previous one
This limitation ignores the creation of a new NS context, when an
already present NS is available with the same NSID. This limitation
removes confusion, so that only the first NS will be used for
configuration.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Philippe Guibert [Tue, 13 Feb 2018 09:48:48 +0000 (10:48 +0100)]
zebra: retrieve zns context from zvrf when netlink discovery
So as to get the correct NETNS where some discovery must be done and
populated, the zns pointer is directly retrieved from zvrf, instead of
checking that the VRF is a backend NETNS or not.
In the case where the interfaces are discovered before the VRF is enabled
( VRF-lite populate), then the default NS is retrieved.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Philippe Guibert [Mon, 29 Jan 2018 15:56:11 +0000 (16:56 +0100)]
ospfd: basic support for VRF NETNS backend
The change consists in taking into account of the VRF identifier upon
which the ospf socket is created. Moreover, if the VRF is a netns
backend, then it is not necessary to perform the bind operations to vrf
device.
Also, when a VRF instance is enabled, it informs ospf VRF, and automatically
OSPF VRF benefits from it. Reversely, when VRF instance is disabled,
then OSPF VRF will be disabled too.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Because socket creation is tightly linked with socket binding for vrf
lite, the proposal is made to extend socket creation APIs and to create
a new API called vrf_bind that applies to vrf lite. The passed interface
name is the interface that will be bound to the socket passed.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
That API can be used to wrap the ioctl call with various vrf instances.
This permits transparently doing the ioctl() call without taking into
consideration the vrf backend kind.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
zebra: adapt the vrf and logical router initialisation
The zebra daemon introduces the logical router initialisation.
Because right now, the usage of logical router and vrf NETNS is
exclusive, then the logical router and VRF are initialised accordingly.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
This split is introducing logicalrouter.[ch] as the file that contains
the vty commands to configure logical router feature. The split has as
consequence that the backend of logical router is linux_netns.c formerly
called ns.c. The same relationship exists between VRF and its backend
which may be linux_netns.c file.
The split is adapting ns and vrf fiels so as to :
- clarify header
- ensure that the daemon persepctive, the feature VRF or logical router
is called instead of calling directly ns.
- this implies that VRF will call NS apis, as logical router does.
Also, like it is done for default NS and default VRF, the associated VRF
is enabled first, before NETNS is enabled, so that zvrf->zns pointer is
valid when NETNS discovery applies.
Also, other_netns.c file is a stub handler that will be used for non
linux systems. As NETNS feature is only used by Linux, some BSD systems
may want to use the same backend API to benefit from NETNS. This is what
that file has been done.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Philippe Guibert [Thu, 22 Feb 2018 18:10:32 +0000 (19:10 +0100)]
zebra: handle some ioctl operations for VRF
A new API is available for interface ioctl operations on Linux:
vrf_if_ioctl. This is the unified API that permits doing ioctl
operations on a per interface basis.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Philippe Guibert [Mon, 29 Jan 2018 15:14:46 +0000 (16:14 +0100)]
zebra: speed ioctl read() with interfaces from various NETNS
When interfaces are located on different NETNS ( different VRF), then a
switch from netns context is necessary when calling setns(). The VRF
apis to switch and switch back are called, so that the ioctl will work
accordingly.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Philippe Guibert [Tue, 30 Jan 2018 14:30:10 +0000 (15:30 +0100)]
bgpd: do not start BGP VRF peer connection, if VRF not unknown
Upon starting a BGP VRF instance, the server socket is not created,
because the VRF ID is not known, and then underlying VRF backend is not
ready yet. Because of that, the peer connection attempt will not be
started before.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Philippe Guibert [Fri, 26 Jan 2018 11:25:34 +0000 (12:25 +0100)]
bgpd: server socket is created for all enabled VRF
Upon creation of BGP instances, server socket may or may not be created.
In the case of VRF instances, if the VRF backend relies on NETNS, then
a new server socket will be created for each BGP VRF instance. If the
VRF backend relies on VRF LITE, then only one server socket will be
enough. Moreover, At startup, with BGP VRF configuration, a server
socket may not be created if VRF is not the default one or VRF is not
recognized yet.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Philippe Guibert [Wed, 20 Dec 2017 11:37:18 +0000 (12:37 +0100)]
bgpd: bgp support for netns
The change contained in this commit does the following:
- discovery of vrf id from zebra daemon, and adaptation of bgp contexts
with BGP.
The list of network addresses contain a reference to the bgp context
supporting the vrf.
The bgp context contains a vrf pointer that gives information about
the netns path in case the vrf is a netns path.
Only some contexts are impacted, namely socket creation, and retrieval
of local IP settings. ( this requires vrf identifier).
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Philippe Guibert [Fri, 26 Jan 2018 11:28:27 +0000 (12:28 +0100)]
lib: add two APIs to handle socket operations with VRF NETNS
The vrf_sockunion_socket() wraps sockunion_socket() with vrf_id as
additional parameter. The creation of socket forces the user to
transparently move to new NETNS for doing the operation.
The vrf_getaddr_info() wraps getaddr_info() with vrf_id as additional
parameter. That API relies on the underlying system. Then there may be
need to switch to an other netns in that case too.
Also, the vrf_socket() implementation is simplified.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Philippe Guibert [Wed, 24 Jan 2018 18:06:06 +0000 (19:06 +0100)]
zebra: fix assert mpls when terminating zebra
The assert appears in zebra_mpls.c when checking default zebra_vrf.
It appears that when the mpls entries are flushed, it gets the default
vrf which is already flushed by vrf_terminate() function. In order to
avoid that assert to trigger a crash, the mpls flush is called before
vrf termination.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Philippe Guibert [Tue, 19 Dec 2017 11:44:44 +0000 (12:44 +0100)]
lib: create interface even if name is the same
For supporting vrf based on namespaces, it is possible that an interface
with the same index is present. This is the case for loopback
interfaces. For that, for each query, if the interface is not found
, matching the vrf identifier, then a new interface is created, when the
backens for VRF is NETNS.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Philippe Guibert [Tue, 16 Jan 2018 12:59:58 +0000 (13:59 +0100)]
zebra: upon startup, a NSID is assigned to default netns
when the netns backend is selected for VRF, the default VRF is being
assigned a NSID. This avoids the need to handle the case where if the
incoming NSID was 0 for a non default VRF, then a specific handling had
to be done to keep 0 value for default VRF.
In most cases, as the first NETNS to get a NSID will be the default VRF,
most probably the default VRF will be assigned to 0, while the other
ones will have their value incremented. On some cases, where the NSID is
already assigned for NETNS, including default VRF, then the default VRF
value will be the one derived from the NSID of default VRF, thus keeping
consistency between VRF IDs and NETNS IDs.
Default NS is attempted to be created. Actually, some VMs may have the
netns feature, but the NS initialisation fails because that folder is
not present.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Philippe Guibert [Wed, 13 Dec 2017 10:04:31 +0000 (11:04 +0100)]
zebra: collect and get netnamespaces information
upon zebra initialisation, and upon further netnamespace creation, the
the netnamespaces are created and a vrf associated to the netnamespace
is created. By convention, the name of the netns will be the same as the
VRF.
Add a stub routine that returns a fake ns identifier, in case netlink (
linux machines) is not available.
Also, upon each newly discovered NETNS, a NSID id being generated,
either by relying on kernel NSID feature, or by generating locally the
NSID ( see previous commit for more information).
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
projects / mirror_frr.git / log