Donald Sharp [Thu, 1 Dec 2016 15:49:22 +0000 (10:49 -0500)]
lib, zebra: Minimize display of link-params sub data
When link-params is configured it auto starts displaying
6000-02# conf t
dell-s6000-02(config)# int swp1
dell-s6000-02(config-if)# link-params
dell-s6000-02(config-link-params)# admin-grp 0x12345678
dell-s6000-02(config-link-params)# end
dell-s6000-02# show run
vivek [Sun, 4 Dec 2016 02:51:49 +0000 (21:51 -0500)]
bgpd: Remove nexthop for peer only for "real" peer
During connection establishment, there is a separate peer structure created
for the doppelganger (for incoming connection). When this is deleted after
the connection has established, take care to ensure that the nexthop entry
for the peer is not deleted.
vivek [Fri, 2 Dec 2016 13:22:21 +0000 (08:22 -0500)]
bgpd: Fix route node unlock when clearing adj-out
When clearing the adj-out for a subgroup (e.g., upon peer going down),
ensure that the adj-out is removed before unlocking the route node that
it points to, otherwise, there is a possibility that the route node may
be prematurely freed.
Donald Sharp [Fri, 2 Dec 2016 13:19:26 +0000 (08:19 -0500)]
ospfd: Fix json Crash with inactive timer
When nbr->t_inactivity is not active, and
you do a show json over the neighbor it
will crash ospfd. Fix the code so it
prints out -1 when the timer is inactive.
Ticket:CM-13835 Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com> Reviewed-by: Don Slice <dslice@cumulusnetworks.com> Reviewed-by: Daniel Walton <dwalton@cumulusnetworks.com>
(cherry picked from commit 78d8fcb9623ab4d9cebf6187a451448e056a84bf) Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
David Lamparter [Thu, 1 Dec 2016 16:18:57 +0000 (17:18 +0100)]
lib: replace MIT license with ISC
Since other parts (e.g. ldpd) use the ISC license, and the ISC license
is just a simplified form of the MIT license, just move things over and
reduce the number of different licenses we have in use here.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Renato Westphal [Mon, 28 Nov 2016 18:47:13 +0000 (16:47 -0200)]
bgpd: fix invalid memory access in peer_free()
We shoult not call bgp_unlock() before calling
bgp_delete_connected_nexthop() in the peer_free() function. Otherwise,
if bgp->lock reaches zero, bgp_free() is called and peer->bgp becomes
an invalid pointer in the bgp_delete_connected_nexthop() function.
To fix this, move the call to bgp_unlock() to the end of peer_free().
Bug exposed by commit 37d361e ("bgpd: plug several memleaks").
Signed-off-by: Renato Westphal <renato@opensourcerouting.org> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Donald Sharp [Thu, 1 Dec 2016 14:11:12 +0000 (09:11 -0500)]
bgpd: Fix crashes when no default bgp instance is configured.
The vnc code assumes that bgp must have a default instance.
This code change checks to make sure that we do before
proceeding. It makes no assurances that vnc will behave
correctly without a default instance.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Donald Sharp [Wed, 30 Nov 2016 13:23:12 +0000 (08:23 -0500)]
pimd: Fix large integer display of drpriority
When displaying drpriority you can enter unsigned
integer values from 1-2^32. The display was
turning the unsigned value into a signed value
and thus we were displaying the wrong value.
Ticket: CM-13787 Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com> Reviewed-by: David Ahern <dsa@cumulusnetworks.com>
(cherry picked from commit db17265f1025e3ec578998ad537c33b49ed33cde) Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Donald Sharp [Wed, 30 Nov 2016 13:23:11 +0000 (08:23 -0500)]
ospfd: Fix memory leak when not using json
When doing a show command under ospf, if
not using json we would have a small memory
leak in show_ip_ospf_common.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
(cherry picked from commit 50750712b1ac8364e290c67782eaf371025dc59e) Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Daniel Walton [Tue, 29 Nov 2016 17:47:12 +0000 (12:47 -0500)]
bgpd: fix "show ip bgp" column alignment
The "Weight" column is off:
BGP table version is 0, local router ID is 10.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, =
multipath,
i internal, r RIB-failure, S Stale, R Removed
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 4.1.1.2/32 9.9.9.2 0 32768 ?
*> 4.1.1.4/32 9.9.9.2 0 32768 ?
Displayed 2 out of 2 total prefixes
Signed-off-by: Daniel Walton <dwalton@cumulusnetworks.com> Reviewed-by: Donald Sharp <sharpd@cumulusnetworks.com>
(cherry picked from commit 65c7395b07e8c592c847d4a1e22fc89ddf448341) Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Signed-off-by: Daniel Walton <dwalton@cumulusnetworks.com> Reviewed-by: Donald Sharp <sharpd@cumulusnetworks.com>
Ticket: CM-13712
(cherry picked from commit 367b138748e894bbfaae36d1cf7c90eafebfebc9) Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Renato Westphal [Mon, 28 Nov 2016 17:00:05 +0000 (15:00 -0200)]
bgpd: fix invalid memory access in peer_free()
We shoult not call bgp_unlock() before calling
bgp_delete_connected_nexthop() in the peer_free() function. Otherwise,
if bgp->lock reaches zero, bgp_free() is called and peer->bgp becomes
an invalid pointer in the bgp_delete_connected_nexthop() function.
To fix this, move the call to bgp_unlock() to the end of peer_free().
Bug exposed by commit 37d361e ("bgpd: plug several memleaks").
Renato Westphal [Sun, 30 Oct 2016 21:50:26 +0000 (19:50 -0200)]
zebra/lib: remove redundant fields from zebra_vrf
There's no need to duplicate the 'vrf_id' and 'name' fields from the 'vrf'
structure into the 'zebra_vrf' structure. Instead of that, add a back
pointer in 'zebra_vrf' that should point to the associated 'vrf' structure.
Additionally, modify the vrf callbacks to pass the whole vrf structure
as a parameter. This allow us to make further simplifications in the code.
Renato Westphal [Sun, 30 Oct 2016 00:44:06 +0000 (22:44 -0200)]
lib/zebra: put vrf_get() on a diet
Also, for some reason we had two functions to search a VRF by its name:
zebra_vrf_lookup_by_name() and zebra_vrf_list_lookup_by_name(). The first
one would loop through vrf_table and the other one through vrf_list. This
is not necessary anymore, so remove zebra_vrf_lookup_by_name() and rename
zebra_vrf_list_lookup_by_name() to zebra_vrf_lookup_by_name().
Renato Westphal [Sat, 29 Oct 2016 01:03:35 +0000 (23:03 -0200)]
lib: convert namespace code to use red-black trees
We definitely need to stop abusing the route table data structure when
it's not necessary. Convert the namespace code to use red-black trees
instead. This greatly improves code readability.
Renato Westphal [Fri, 28 Oct 2016 18:53:38 +0000 (16:53 -0200)]
lib: fix creation of pre-provisioned VRFs
If we configure a VRF that doesn't match any device in the kernel, we'll
fall in the first case of the vrf_get() function. In this function,
a vrf structure is callocated and it's vrf_id is never set explicitly,
which means it's set to zero (the vrf-id of the default VRF). When this
happens, commands like "router-id A.B.C.D vrf ..." will act on the
default VRF and not on the pre-provisioned VRF. To fix this, always
set the vrf_id of pre-provisioned VRFs to VRF_UNKNOWN.
Renato Westphal [Sat, 29 Oct 2016 00:32:07 +0000 (22:32 -0200)]
zebra/lib: move some code around
* move netlink code from zebra_nc.c to kernel_netlink.c;
* move vrf CLI commands from if.c/interface.c to vrf.c/zebra_vrf.c;
* move declaration of the 'ns' structure to a header file.
Renato Westphal [Fri, 18 Nov 2016 17:39:25 +0000 (15:39 -0200)]
ripngd: fix drop of multicast membership when the interface is down
When an interface is shut down, ripng_multicast_leave() is called after
ifp->flags is updated in ripng_interface_down(). So we shouldn't check
if the interface is up in order to proceed with the membership drop.
For consistency's sake, don't check for if_is_up() in
ripng_multicast_join() as well. In this case, this function is only
called when the interface is up, so the check was unnecessary.
Renato Westphal [Thu, 17 Nov 2016 18:33:09 +0000 (16:33 -0200)]
ripngd: implement the "clear ipv6 ripng" vty command
This command deletes all received routes from the RIPng routing table. It
should be used with caution as it can create black holes in the network
(until it reconverges). Very useful to make automated testing (e.g. ANVL)
more predictable.
Renato Westphal [Wed, 16 Nov 2016 18:14:45 +0000 (16:14 -0200)]
ripngd: implement optional heuristic suggested by RFC 2080
RFC 2080 - Section 2.4.2:
"If the new metric is the same as the old one, examine the timeout for the
existing route. If it is at least halfway to the expiration point, switch
to the new route. This heuristic is optional, but highly recommended".
Implement this optional heuristic only when ECMP is disabled globally ("no
allow-ecmp"), otherwise all routes with the same metric should be used.
Renato Westphal [Sat, 12 Nov 2016 21:34:37 +0000 (19:34 -0200)]
ripd: minor code simplification
* Simplify the RIP_TIMER_OFF macro and use it on more places;
* Be more explicit when creating the RIP UDP socket - cosmetic change
since socket(AF_INET,SOCK_DGRAM,0) defaults to UDP on every known
UNIX/Linux platform.
Renato Westphal [Sat, 12 Nov 2016 21:11:13 +0000 (19:11 -0200)]
ripd: make use of the IP_MULTICAST_LOOP sockoption
We still need to check for self-generated packets on rip_read() because
ripd may also send broadcast packets. But using IP_MULTICAST_LOOP on the
ripd socket will at least prevent us from receiving a lot unnecessary
multicast packets when RIPv2 is being used, thus improving performance.
Renato Westphal [Sat, 12 Nov 2016 20:39:51 +0000 (18:39 -0200)]
pimd/zebra: fix setting of IP_MULTICAST_LOOP on OpenBSD
Linux, FreeBSD and NetBSD (and possibly others too) accept both uint8_t
and int for the IP_MULTICAST_LOOP sockoption. OpenBSD, in the other hand,
accepts only uint8_t. To make setting IP_MULTICAST_LOOP work on every
supported platform, always pass a uint8_t variable as a parameter.
Renato Westphal [Fri, 11 Nov 2016 22:19:13 +0000 (20:19 -0200)]
ripd: fix race condition on input processing
In the early days of ripd, we supported running RIP on secondary IP
addresses. To do that, everytime we needed to send a multicast packet,
we would create a new temporary socket for each of the interface's
addresses and call bind() to change the source IP of the outgoing packets.
The problem with these temporary sockets is that they are more specific
than the global RIP socket (bound to INADDR_ANY). Then, even though these
sockets only exist for a short amount of time, they can receive some RIP
packets that were supposed to be received on the global RIP socket. And
since we never read from the temporary sockets, these packets are dropped.
Since we don't support secondary addresses anymore, the simplest way to
fix this problem is to stop using temporary sockets for sending multicast
packets. We are already setting IP_MULTICAST_IF before sending each
multicast packet, and in this case the primary address of the selected
interface is used as the source IP of the outgoing packets, which is
exactly what we want.
If we decide to reintroduce support for secondary addresses in the future,
we should try one of the following:
* Use IP_SENDSRCADDR/IP_PKTINFO to set the source address of the outgoing
multicast packets;
* Create one permanent UDP socket for each possible interface address,
and enable reading on all sockets.
Fixes the following IxANVL RIP tests: 7.10 and 14.1.
Renato Westphal [Thu, 10 Nov 2016 17:35:47 +0000 (15:35 -0200)]
ripd: fix the "neighbor" command.
We can't use if_lookup_prefix() in rip_update_process() because this
function uses prefix_cmp() internally to try matching an interface
address to a static neighbor's address.
Since prefix_cmp() tries to match exact prefixes, if_lookup_prefix()
was always returning NULL.
What we really need here is to use prefix_match(), which checks if
one prefix includes the other (e.g. one /24 interface including a /32
static neighbor's address). The fix then is to replace the call to
if_lookup_prefix() and use if_lookup_address() instead, which uses
prefix_match() internally.
Renato Westphal [Thu, 10 Nov 2016 15:15:43 +0000 (13:15 -0200)]
ripd: add "none" option to the "ip rip receive version" command
RFC 2453 says (section 5.1):
"(...) For completeness, routers should also implement a receive control
switch which would determine whether to accept, RIP-1 only, RIP-2 only,
both, or none. It should also be configurable on a per-interface basis".
For the "ip rip send version" command, we don't need to implement the
"none" option because there's already the "passive-interface" command
for that.
Renato Westphal [Thu, 10 Nov 2016 14:55:09 +0000 (12:55 -0200)]
ripd: implement the "ip rip v2-broadcast" CLI command
This command allows ripd to send v2 updates as broadcast packets instead
of multicast packets. Useful as a technique to help with RIPv1/v2
interop issues.
Renato Westphal [Thu, 24 Nov 2016 23:28:03 +0000 (21:28 -0200)]
isisd: fix loss of packets after circuit is brought up
The last parameter of THREAD_TIMER_ON() is the timeout, and we were
using circuit->fd for that. So, when a circuit was brought up, isisd
would miss all received packets on this circuit for quite a few seconds,
slowing down the convergence process.
To fix this, use the same logic we use in isis_receive() to calculate
this timeout.
This bug doesn't happen on Linux, which uses a different method to read
packets from the network.
Fixes the following ANVL tests on FreeBSD: ISIS-17.1, ISIS-18.6 (and
probably others too).
David Lamparter [Tue, 15 Nov 2016 02:18:43 +0000 (11:18 +0900)]
build: chop down complicated CFLAGS logic
Other packages don't have --with-cflags; we don't need it either. The
user can specify CFLAGS= in the environment or on ./configure and that
would work perfectly fine. If only it weren't for autoconf being an
idiot and adding its own "-g -O2" ... so we work around that.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Problem reported that in certain configs, when a router is initially
booted and the link is bounced, we can end up with a bogus static route
in the table. This was due to the assumption in zebra_rnh that a static
route would not be recursively resolved through another static route with
a different next-hop. This fix changes this assumption. Tested manually
and bgp-min, ospf-min, and vrf-min run with no new failures.
Ticket: CM-13328 Signed-off-by: Don Slice Reviewed-by: CCR-5338
David Lamparter [Wed, 9 Nov 2016 13:42:47 +0000 (14:42 +0100)]
lib: add minimal no-config VTY mode
This silences the following warning from watchquagga:
"Can't save to configuration file, using vtysh."
which otherwise appears when doing a "write file" in vtysh when no
integrated-config is in use.
Also make "show memory" available in watchquagga.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Donald Sharp [Wed, 9 Nov 2016 15:22:22 +0000 (10:22 -0500)]
watchquagga: Signal when we are actually up and running
When Quagga is starting up, it is returning immediately.
This is leaving us in a state where systemd believes
Quagga is up and running, while the sytem might actually
not have restarted the code yet.
Modify the code so that when watchquagga starts up
it doesn't start communicating with systemd until
such time that it detects that all daemons are
running.
Additionally modify watchquagga to touch a
file in /var/run/quagga/ that the /usr/lib/quagga/quagga
script looks for for 10 seconds. If it finds this
Quagga started file then we know watchquagga
has successfully communicated with all daemons.
If after 10 seconds we haven't communicated
with Quagga, continue on for the start and let the
normal start failure code work.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
David Lamparter [Tue, 8 Nov 2016 22:36:16 +0000 (23:36 +0100)]
vtysh: funnel integrated write through watchquagga
Running vtysh as normal user won't have permissions to write
Quagga.conf. If we're connected to watchquagga, try "write integrated"
first. In all cases if something fails, try directly.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
David Lamparter [Tue, 8 Nov 2016 18:41:48 +0000 (19:41 +0100)]
vtysh: add watchquagga to target list
Also tag some commands as VTYSH_REALLYALL; these are absolutely
neccessary for correct vtysh operation and will cause "interesting"
breakage if not present on all daemons.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
David Lamparter [Wed, 9 Nov 2016 13:15:34 +0000 (14:15 +0100)]
watchquagga: add "write integrated"
This new command - available for internal use by vtysh and explicit
usage by users - calls "vtysh -w" from watchquagga. This ensures vtysh
is run with privileges to actually write the integrated-config file.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
David Lamparter [Tue, 8 Nov 2016 22:36:01 +0000 (23:36 +0100)]
vtysh: set config file permissions
As vtysh may hopefully be running as root from watchquagga here, let's
try to fix up ownership and permissions for Quagga.conf. Doing
chown/chmod instead of changing the process's user/group IDs has the
advantage of fixing up preexisting misconfigurations.
Note errors in chmod/chown will print a message but the config is
already written at that point.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
projects / mirror / frr.git / log