The previous commit has added a routing leak update when a nexthop
update is received from zebra. It indirectly calls
bgp_find_or_add_nexthop() in which a static route triggers a nexthop
cache entry registration that triggers a nexthop update from zebra.
Do not register again the nexthop cache entry if the BGP_STATIC_ROUTE is
already set.
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Louis Scalbert [Fri, 29 Apr 2022 12:26:04 +0000 (14:26 +0200)]
bgpd: fix VRF leaking with 'network import-check' (3/4)
If 'bgp network import-check' is defined on the source BGP session,
prefixes that are defined with the network command cannot be leaked to
the other VRFs BGP table even if they are present in the origin VRF RIB
if the 'rt import' statement is defined after the 'network <prefix>'
ones.
When a prefix nexthop is updated, update the prefix route leaking. The
current state of nexthop validation is now stored in the attributes of
the bgp path info. Attributes are compared with the previous ones at
route leaking update so that a nexthop validation change now triggers
the update of destination VRF BGP table.
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Louis Scalbert [Thu, 28 Apr 2022 16:32:20 +0000 (18:32 +0200)]
bgpd: fix VRF leaking with 'network import-check' (1/4)
If 'bgp network import-check' is defined on the source BGP session,
prefixes that are defined with the network command cannot be leaked to
the other VRFs BGP table even if they are present in the origin VRF RIB.
Always validate the nexthop of BGP static routes (i.e. defined with the
network statement) if 'network import-check' is defined on the source
BGP session and the prefix is present in source RIB.
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Igor Ryzhov [Wed, 24 Jan 2024 03:11:07 +0000 (05:11 +0200)]
zebra, build: disable irdp by default
IRDP client (rdisc) was deleted from iputils more than 2 years ago. It's
time to drop IRDP, but first let's stop building and including it in the
packages by default to see if anyone will be complaining.
Igor Ryzhov [Sat, 27 Jan 2024 23:18:10 +0000 (01:18 +0200)]
mgmtd: fix get-data transaction hangup
When no data requests were sent to the backends, return immediately,
instead of waiting for a timeout. This can happen if backends providing
the requested data are not connected to mgmtd.
David Lamparter [Thu, 25 Jan 2024 19:29:14 +0000 (20:29 +0100)]
build: homologize path handling
Use consistent `e_somepath` names for expanded versions of `somepath`.
Also remove all paths from `config.h` and put them into
`lib/config_paths.h` - this is to make more obvious when someone is
doing something probably not quite properly structured.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
David Lamparter [Thu, 25 Jan 2024 18:59:22 +0000 (19:59 +0100)]
lib, mgmtd: fix commit history location
Both of these belong in `/var/lib`, not `/var/run`.
Rather hilariously, the history read in
`mgmt_history_read_cmt_record_index` was always failing, because it was
doing a `file_exists(MGMTD_COMMIT_FILE_PATH)` check. Which is the wrong
macro - it's `.../commit-%s.json`, including the unprocessed `%s`, which
would never exist.
I guess noone ever tried if this actually works. Cool.
On the plus side, this means I don't have to implement legacy
compatibility for this, since it never worked to begin with.
(SQLite3 DB location is also changed in this commit since it also uses
`DAEMON_DB_DIR`.)
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
David Lamparter [Thu, 25 Jan 2024 18:37:26 +0000 (19:37 +0100)]
ospf6d: fix GR & auth seqno state location
Unfortunately, `ospf6d` is much worse than `ospfd` and `isisd` regarding
its state saving, due to the existence of the auth trailer code.
Again, this belongs in `/var/lib`, not `/var/run`.
Merge both state files into one, and add reconciliation code for the
auth seqno.
I'm gonna save my comment on the fact that `ospf6_auth_seqno_nvm_delete`
is not in fact used anywhere. Which is now a warning because it's
`static`. Well. It probably should be used somewhere, so leave it in.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
David Lamparter [Thu, 25 Jan 2024 17:09:17 +0000 (18:09 +0100)]
lib: create `frr_daemon_state_{load,save}`
These functions load daemon-specific persistent state from
`/var/lib/frr` and supersede open-coded variants of similar calls in
ospfd, ospf6d and isisd to save GR state and/or sequence numbers.
Unlike the open-coded variants, the save call correctly `fsync()`s the
saved data to ensure disk contents are consistent.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
David Lamparter [Wed, 24 Jan 2024 18:32:10 +0000 (19:32 +0100)]
build: untangle sysconfdir & localstatedir
`--sysconfdir` should be `/etc` and `--localstatedir` should be `/var`.
The package-specific subdirectory should be added by configure, not
given by the user, to match established behavior by other packages.
Note that `--bindir`, `--sbindir`, `--libdir` and `--libexecdir` have
different established/expected behavior due to distro specific
multi-arch support. That's why these are left unchanged.
The reason this is getting fixed now is that we need to use
`--localstatedir` for its actual value to put things in `/var/lib`. As
it is now, being overloaded for `/run`, the configured `/var` path
becomes inaccessible.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Igor Ryzhov [Thu, 25 Jan 2024 11:54:45 +0000 (13:54 +0200)]
mgmtd: fix commit request overwrite
There are places, where we can receive an existing commit transaction.
If we don't check that the request already exists, it gets overwritten
and we start having problems with transaction refcounters. Forbid having
multiple configuration sessions simultaneously.
Igor Ryzhov [Thu, 25 Jan 2024 11:51:58 +0000 (13:51 +0200)]
mgmtd: cleanup txn without scheduling
If the transaction is not cleaned up immediately, it can be still
referenced by some threds. If it's a commit thread and it's executed
before the actual cleanup, mgmtd crashes because of the missing
commit_cfg_req.
Igor Ryzhov [Fri, 26 Jan 2024 14:57:41 +0000 (16:57 +0200)]
lib: fix removing access/prefix lists
CLI for access/prefix list removal was using `nb_cli_apply_changes`
multiple times in the same command. It's fine for regular daemons but
not for mgmtd. Refactor the code to apply changes only once.
Donald Sharp [Fri, 26 Jan 2024 14:26:30 +0000 (09:26 -0500)]
sharpd: Add ability to turn off watching of redistribution
Wanted to do some testing of redistribute without having
to restart sharpd over and over. Added ability to
turn off the `sharp watch redistribute XX` functionality.
When "no bgp network import-check" is set, it is impossible to
successfully import the static routes into the BGP VPN table. The prefix
is present in the table but is not marked as valid. This issue applies
regardless of whether or not routes are present in the router's RIB.
Always mark as valid the nexthops of BGP static routes when "no bgp
network import-check" is set.
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com> Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Donald Sharp [Sun, 21 Jan 2024 01:25:59 +0000 (20:25 -0500)]
zebra: Combine 2 debugs into 1 for NHG Detail
When debugging NHG detail there is a whole bunch
of lines surrounding the nexthop group. Let's
clean these up since they are extremely chatty and
spawn several lines.
Donald Sharp [Sun, 21 Jan 2024 02:32:36 +0000 (21:32 -0500)]
zebra: Cleanup dest assignment
dest was shadowing dest inside of an if statement additionally
both legs needed dest to be assigned. Let's clean this up a
slight bit and use it appropriately
Donald Sharp [Wed, 24 Jan 2024 13:50:38 +0000 (08:50 -0500)]
pceplib: Fix code not building properly
The series of pceplib tests are not being run at the moment
due to them not even building. Apparently adding the `libcunit1`
debian package is enough to get them to build in our system.
While weird, let's get this building at least for people that
have this and `--enable-werror` turned on.
Philippe Guibert [Wed, 24 Jan 2024 08:10:17 +0000 (09:10 +0100)]
pceplib: fix compilation error
The following compilation error happens, with pcep test files.
> In file included from pceplib/test/pcep_utils_counters_test.c:31:
> pceplib/test/pcep_utils_counters_test.c: In function 'test_create_subgroup_counter':
> pceplib/test/pcep_utils_counters_test.c:127:25: error: too few arguments to function 'create_subgroup_counter'
> 127 | CU_ASSERT_FALSE(create_subgroup_counter(subgroup, counter_id + 1,
> | ^~~~~~~~~~~~~~~~~~~~~~~
> In file included from pceplib/test/pcep_utils_counters_test.c:33:
> ./pceplib/pcep_utils_counters.h:163:6: note: declared here
> 163 | bool create_subgroup_counter(struct counters_subgroup *subgroup,
> | ^~~~~~~~~~~~~~~~~~~~~~~
> Makefile:10948: recipe for target 'pceplib/test/pceplib_test_pcep_utils_tests-pcep_utils_counters_test.o' failed
> make[3]: *** [pceplib/test/pceplib_test_pcep_utils_tests-pcep_utils_counters_test.o] Error 1
> make[3]: *** Waiting for unfinished jobs....
There is a missing parameter.
Fixes: 09047d2bf614 ("pceplib: add json string option to subgroup counter") Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Issue:
Previously, the PBR common was updated for every rule update or deletion
example:
let say we have three rule 11, 12, 13 and if we are removing rule 12. in the current code
we are making the entire map "valid" to false.
pbr-map MAP1 seq 11
match src-ip 90.1.1.2/32
set nexthop 20.1.1.2 swp1
pbr-map MAP1 seq 12
match src-ip 90.1.1.3/32
set nexthop 20.1.1.2 swp1
pbr-map MAP1 seq 13
match src-ip 90.1.1.4/32
set nexthop 20.1.1.2 swp1
no pbr-map MAP1 seq 12 ==> turns whole map valid to false.
r1(config)# end
r1# show pbr map
pbr-map MAP1 valid: no
Seq: 11 rule: 310
Installed: yes Reason: Valid
SRC IP Match: 90.1.1.2/32
nexthop 20.1.1.2 swp1
Installed: yes Tableid: 10002
Seq: 13 rule: 312
Installed: yes Reason: Valid
SRC IP Match: 90.1.1.4/32
nexthop 20.1.1.2 swp1
Installed: yes Tableid: 10004
Fix:
Now, the PBR common will only be updated when the last rule is being deleted.
This change ensures that we only send a delete request to Zebra once, and only
set the valid and installed flags to false when the last rule is deleted.
This optimizes the handling of PBR rules and reduces unnecessary interactions with Zebra
projects / matthieu / frr.git / log