Philippe Guibert [Wed, 25 May 2022 09:47:36 +0000 (11:47 +0200)]
isisd: add ISIS_MT_STANDARD define
This define is added to reflect more what the standard
topology means. Actually, the standard topology may
contain not only IPv4 protocol but also IPv6 protocol.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Martin Buck [Wed, 1 Jun 2022 09:58:52 +0000 (11:58 +0200)]
tools: Really fix all daemon shutdown without complaining about PID files
Fix daemon shutdown broken by f0cccaa6bf7dda71d0e1ad1b0406a9b453a84bb3. Now
we still don't complain about missing PID files but actually stop the
running daemons.
The previous fix was broken because it passed a new "--all" option to
daemon_stop which wasn't handled properly (it assumed $1 contains the
daemon name when at that time it acutally contained the "--all" option).
Plus, "--all" wasn't actually necessary, because we already passed
"--reallyall" from all_stop to daemon_stop after the daemon name.
So remove "--all" again and simply check for "--reallyall" in $2. This
should *really* fix #11317.
Signed-off-by: Martin Buck <mb-tmp-tvguho.pbz@gromit.dyndns.org>
Donald Sharp [Tue, 31 May 2022 16:19:27 +0000 (12:19 -0400)]
bgpd: Add ability to match `match peer <PEERGROUPNAME>`
Allow the end operator to match `match peer <PEERGROUPNAME>`
in a route-map. If the end operator defines interface
based peers and peer-groups that have names that overlap
the interface based peer will match first.
Fixes: #11316 Signed-off-by: Donald Sharp <sharpd@nvidia.com>
Martin Buck [Tue, 31 May 2022 12:16:34 +0000 (14:16 +0200)]
tools: Don't complain about missing PID files when stopping all damons
Since 1686b1d4864384ee508b58418f20970f2dff2587, we try to stop all daemons,
even those which are not (no longer) enabled in /etc/frr/daemons. But we
shouldn't complain about missing PID files for daemons which have never been
started and just silently ignore those.
Signed-off-by: Martin Buck <mb-tmp-tvguho.pbz@gromit.dyndns.org>
Trey Aspelund [Sat, 28 May 2022 07:10:51 +0000 (03:10 -0400)]
zebra: Update advertise-svi-ip MACIPs w/ new MAC
When the kernel was sending an RTM_NEWLINK updating the MAC of a known
SVI, Type-2 routes created by advertise-svi-ip were not getting updated
with the new address.
This adds removal of any old Type-2 routes (with old MAC) and creation
of new Type-2 routes (with new MAC) into RTM_NEWLINK processing.
Donald Sharp [Tue, 24 May 2022 17:33:35 +0000 (13:33 -0400)]
pimd: Allow the LPM match work properly with prefix lists and normal rp's
All rp_info's are being saved in the pim->rp_list and the non prefix-list
rp's are supposed to be saved in table pim->rp_table. What was happening,
though, is that all the plists were being stored at the 224.0.0.0/4 node
of the tree(irrelevant to the fact that we should not be looking up the
non-prefix list rp's in the table) and since we can have multiple prefix lists
and only one rp_info stored at the 224.0.0.0/4 node of the tree, there can be situations
where the 224.0.0.0/4 node can be overwritten due to the order entered.
As such there exists situations where command enter ordering will cause
what we match to, change in pim_rp_find_match_group.
Fixes:
a) Do not store prefix list based rp_info's in the pim->rp_table
b) In pim_rp_find_match_group, ensure that the node lookup does
not correspond to a prefix list based node.
c) When in the situation there are both:
ip pim rp 4.5.6.7 224.0.0.0/16
ip pim rp 5.6.67.8 prefix-list FOO
ip prefix-list FOO permit 224.0.1.0/24
and we receive a group for 224.0.1.5, we were comparing the
224.0.0.0/16 to the 224.0.0.0/4 of the 5.6.67.8 group, when
FRR should have been comparing to entry that matched in the prefix-list
Donatas Abraitis [Thu, 26 May 2022 11:03:02 +0000 (14:03 +0300)]
bgpd: Fix memory leak for BGP community alias in CLI
Before:
```
root@spine1-debian-11:~/frr# vtysh -c 'show memory bgpd | include Large Community'
Large Community : 100 40 4000 100 4000
Large Community value : 100 12 2400 100 2400
root@spine1-debian-11:~/frr# for x in $(seq 1 100); do vtysh -c 'conf' -c 'bgp community alias 123:123:123 testas' > /dev/null; done
root@spine1-debian-11:~/frr# vtysh -c 'show memory bgpd | include Large Community'
Large Community : 200 40 8000 200 8000
Large Community value : 200 12 4800 200 4800
root@spine1-debian-11:~/frr# for x in $(seq 1 100); do vtysh -c 'conf' -c 'bgp community alias 123:123:123 testas' > /dev/null; done
root@spine1-debian-11:~/frr# vtysh -c 'show memory bgpd | include Large Community'
Large Community : 300 40 12000 300 12000
Large Community value : 300 12 7200 300 7200
root@spine1-debian-11:~/frr#
```
After:
```
root@spine1-debian-11:~/frr# vtysh -c 'show memory bgpd | include Large Community'
Large Community : 0 40 0 1 56
Large Community display string: 0 8192 0 1 8200
Large Community value : 0 12 0 1 24
root@spine1-debian-11:~/frr# for x in $(seq 1 100); do vtysh -c 'conf' -c 'bgp community alias 123:123:123 testas' > /dev/null; done
root@spine1-debian-11:~/frr# vtysh -c 'show memory bgpd | include Large Community'
Large Community : 0 40 0 1 56
Large Community display string: 0 8192 0 1 8200
Large Community value : 0 12 0 1 24
root@spine1-debian-11:~/frr#
```
After we call [l]community_str2com(), we should free the memory.
Donatas Abraitis [Wed, 25 May 2022 16:07:40 +0000 (19:07 +0300)]
github: Use pull_request_target as a target
And drop checkout action - not needed.
Due to the dangers inherent to automatic processing of PRs, GitHub’s standard
pull_request workflow trigger by default prevents write permissions and
secrets access to the target repository. However, in some scenarios such
access is needed to properly process the PR.
To this end the pull_request_target workflow trigger was introduced.
isisd: Stop fulfill MPLS table when SR is disabled
When Segment Routing is disabled, if isisd received LSP with Segment Routing
information, in particular prefix SIDs, it installs corresponding MPLS entries
while it should not as SR is disabled.
This patch adds extra control to verify if SR is enabled or not before
configuring MPLS LFIB & IP FIB with prefix SIDs and adjust SR & TI-LFA
tests accordingly.
Philippe Guibert [Mon, 23 May 2022 08:21:16 +0000 (10:21 +0200)]
zebra: avoid pbr iptable added twice when used with flowspec
The usage of zebra dplane makes the job asyncronous which implies
that a given job will try to add an iptable, while the second job
will not know that its iptable is the same as the former one.
The below exabgp rules stand for two bgp flowspec rules sent to
the bgp device:
This rule creates a single iptable, but in fact, the same iptable
name is appended twice. This results in duplicated entries in the
iptables context. This also results in contexts not flushed, when
BGP session or 'flush' operation is performed.
iptables-save:
[..]
-A PREROUTING -m set --match-set match0x55baf4c25cb0 src,src -g match0x55baf4c25cb0
-A PREROUTING -m set --match-set match0x55baf4c25cb0 src,src -g match0x55baf4c25cb0
-A match0x55baf4c25cb0 -j MARK --set-xmark 0x100/0xffffffff
-A match0x55baf4c25cb0 -j ACCEPT
-A match0x55baf4c25cb0 -j MARK --set-xmark 0x100/0xffffffff
-A match0x55baf4c25cb0 -j ACCEPT
[..]
This commit addresses this issue, by checking that an iptable
context is not already being processed. A flag is added in the
original iptable context, and a check is done if the iptable
context is not already being processed for install or uinstall.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Donald Sharp [Tue, 24 May 2022 13:15:40 +0000 (09:15 -0400)]
tests: Allow cspf_topo1 to function correctly at scale
The cspf_topo1 test is comparing the adj-sid value that is
assigned dynamically based upon bring up order. Under very
large scale this order changes causing the test to fail.
Since the adj-sid is dynamically allocated and appears to
be tested elsewhere, let's remove it from the grab all check.
Donald Sharp [Mon, 23 May 2022 12:16:56 +0000 (08:16 -0400)]
tests: pbr_topo1 sometimes fails under really heavy load
This test is sometimes failing under severe load. Give some time
for the linux rule installation to actually be registered by the
system before declaring failure.
Donald Sharp [Thu, 19 May 2022 23:28:43 +0000 (19:28 -0400)]
tests: Allow a bit longer for bfd topo tests to synchronize
Allowing only 4 seconds for a bfd test to synchronize is going
to run into problems on extremely loaded systems. The test
system should value it actually converged over it actually
converged in a reasonable time, especially on test systems
that are loaded because of many multiples of tests running
at the same time. If it is important to actually test
that something got done by the RFC, the CI system as it
is currently written is not the correct place for this.
Donald Sharp [Thu, 19 May 2022 19:54:59 +0000 (15:54 -0400)]
tests: Ensure routes are not queued when calling verify_rib
Lots of tests call verify_rib that takes a list of routes that
need to be verified in some fashion. This verify_rib functionality
will try up to 12 seconds before failing the check that zebra
has the route and has installed it.
Unfortunately the verify_rib code was not looking to see if
the route was queued for installation and was then allowing
tests to immediately do subsuquent steps that depended on
that route actually being installed sometimes causing tests
to fail.
Write a bit of additional code that looks at the queued
status and allows the test to wait a bit longer for zebra
to finish processing before allowing the test to move on
to the next bit.
Donald Sharp [Tue, 17 May 2022 20:08:01 +0000 (16:08 -0400)]
ospf6d: Remove double check of default prefix
The ospf6_is_valid_summary_addr function is checking
to see if a prefix is the default and also then double
comparing it against the v6 prefix part. No need to do this.
anlan_cs [Thu, 19 May 2022 01:55:33 +0000 (21:55 -0400)]
zebra: remove one unnecessary check for l3vni nb
The parent node of "vrf" MUST be non-NULL, so the check is unnecessary and
misleading. Otherwise, there will be a branch of NULL parent node, it makes
no sense, remove it.
projects / mirror_frr.git / log