Louis Scalbert [Thu, 28 Apr 2022 16:32:20 +0000 (18:32 +0200)]
bgpd: fix VRF leaking with 'network import-check' (1/4)
If 'bgp network import-check' is defined on the source BGP session,
prefixes that are defined with the network command cannot be leaked to
the other VRFs BGP table even if they are present in the origin VRF RIB.
Always validate the nexthop of BGP static routes (i.e. defined with the
network statement) if 'network import-check' is defined on the source
BGP session and the prefix is present in source RIB.
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Igor Ryzhov [Wed, 24 Jan 2024 03:11:07 +0000 (05:11 +0200)]
zebra, build: disable irdp by default
IRDP client (rdisc) was deleted from iputils more than 2 years ago. It's
time to drop IRDP, but first let's stop building and including it in the
packages by default to see if anyone will be complaining.
Igor Ryzhov [Sat, 27 Jan 2024 23:18:10 +0000 (01:18 +0200)]
mgmtd: fix get-data transaction hangup
When no data requests were sent to the backends, return immediately,
instead of waiting for a timeout. This can happen if backends providing
the requested data are not connected to mgmtd.
David Lamparter [Thu, 25 Jan 2024 19:29:14 +0000 (20:29 +0100)]
build: homologize path handling
Use consistent `e_somepath` names for expanded versions of `somepath`.
Also remove all paths from `config.h` and put them into
`lib/config_paths.h` - this is to make more obvious when someone is
doing something probably not quite properly structured.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
David Lamparter [Thu, 25 Jan 2024 18:59:22 +0000 (19:59 +0100)]
lib, mgmtd: fix commit history location
Both of these belong in `/var/lib`, not `/var/run`.
Rather hilariously, the history read in
`mgmt_history_read_cmt_record_index` was always failing, because it was
doing a `file_exists(MGMTD_COMMIT_FILE_PATH)` check. Which is the wrong
macro - it's `.../commit-%s.json`, including the unprocessed `%s`, which
would never exist.
I guess noone ever tried if this actually works. Cool.
On the plus side, this means I don't have to implement legacy
compatibility for this, since it never worked to begin with.
(SQLite3 DB location is also changed in this commit since it also uses
`DAEMON_DB_DIR`.)
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
David Lamparter [Thu, 25 Jan 2024 18:37:26 +0000 (19:37 +0100)]
ospf6d: fix GR & auth seqno state location
Unfortunately, `ospf6d` is much worse than `ospfd` and `isisd` regarding
its state saving, due to the existence of the auth trailer code.
Again, this belongs in `/var/lib`, not `/var/run`.
Merge both state files into one, and add reconciliation code for the
auth seqno.
I'm gonna save my comment on the fact that `ospf6_auth_seqno_nvm_delete`
is not in fact used anywhere. Which is now a warning because it's
`static`. Well. It probably should be used somewhere, so leave it in.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
David Lamparter [Thu, 25 Jan 2024 17:09:17 +0000 (18:09 +0100)]
lib: create `frr_daemon_state_{load,save}`
These functions load daemon-specific persistent state from
`/var/lib/frr` and supersede open-coded variants of similar calls in
ospfd, ospf6d and isisd to save GR state and/or sequence numbers.
Unlike the open-coded variants, the save call correctly `fsync()`s the
saved data to ensure disk contents are consistent.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
David Lamparter [Wed, 24 Jan 2024 18:32:10 +0000 (19:32 +0100)]
build: untangle sysconfdir & localstatedir
`--sysconfdir` should be `/etc` and `--localstatedir` should be `/var`.
The package-specific subdirectory should be added by configure, not
given by the user, to match established behavior by other packages.
Note that `--bindir`, `--sbindir`, `--libdir` and `--libexecdir` have
different established/expected behavior due to distro specific
multi-arch support. That's why these are left unchanged.
The reason this is getting fixed now is that we need to use
`--localstatedir` for its actual value to put things in `/var/lib`. As
it is now, being overloaded for `/run`, the configured `/var` path
becomes inaccessible.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Igor Ryzhov [Thu, 25 Jan 2024 11:54:45 +0000 (13:54 +0200)]
mgmtd: fix commit request overwrite
There are places, where we can receive an existing commit transaction.
If we don't check that the request already exists, it gets overwritten
and we start having problems with transaction refcounters. Forbid having
multiple configuration sessions simultaneously.
Igor Ryzhov [Thu, 25 Jan 2024 11:51:58 +0000 (13:51 +0200)]
mgmtd: cleanup txn without scheduling
If the transaction is not cleaned up immediately, it can be still
referenced by some threds. If it's a commit thread and it's executed
before the actual cleanup, mgmtd crashes because of the missing
commit_cfg_req.
Igor Ryzhov [Fri, 26 Jan 2024 14:57:41 +0000 (16:57 +0200)]
lib: fix removing access/prefix lists
CLI for access/prefix list removal was using `nb_cli_apply_changes`
multiple times in the same command. It's fine for regular daemons but
not for mgmtd. Refactor the code to apply changes only once.
Donald Sharp [Fri, 26 Jan 2024 14:26:30 +0000 (09:26 -0500)]
sharpd: Add ability to turn off watching of redistribution
Wanted to do some testing of redistribute without having
to restart sharpd over and over. Added ability to
turn off the `sharp watch redistribute XX` functionality.
When "no bgp network import-check" is set, it is impossible to
successfully import the static routes into the BGP VPN table. The prefix
is present in the table but is not marked as valid. This issue applies
regardless of whether or not routes are present in the router's RIB.
Always mark as valid the nexthops of BGP static routes when "no bgp
network import-check" is set.
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com> Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Donald Sharp [Sun, 21 Jan 2024 01:25:59 +0000 (20:25 -0500)]
zebra: Combine 2 debugs into 1 for NHG Detail
When debugging NHG detail there is a whole bunch
of lines surrounding the nexthop group. Let's
clean these up since they are extremely chatty and
spawn several lines.
Donald Sharp [Sun, 21 Jan 2024 02:32:36 +0000 (21:32 -0500)]
zebra: Cleanup dest assignment
dest was shadowing dest inside of an if statement additionally
both legs needed dest to be assigned. Let's clean this up a
slight bit and use it appropriately
Donald Sharp [Wed, 24 Jan 2024 13:50:38 +0000 (08:50 -0500)]
pceplib: Fix code not building properly
The series of pceplib tests are not being run at the moment
due to them not even building. Apparently adding the `libcunit1`
debian package is enough to get them to build in our system.
While weird, let's get this building at least for people that
have this and `--enable-werror` turned on.
Philippe Guibert [Wed, 24 Jan 2024 08:10:17 +0000 (09:10 +0100)]
pceplib: fix compilation error
The following compilation error happens, with pcep test files.
> In file included from pceplib/test/pcep_utils_counters_test.c:31:
> pceplib/test/pcep_utils_counters_test.c: In function 'test_create_subgroup_counter':
> pceplib/test/pcep_utils_counters_test.c:127:25: error: too few arguments to function 'create_subgroup_counter'
> 127 | CU_ASSERT_FALSE(create_subgroup_counter(subgroup, counter_id + 1,
> | ^~~~~~~~~~~~~~~~~~~~~~~
> In file included from pceplib/test/pcep_utils_counters_test.c:33:
> ./pceplib/pcep_utils_counters.h:163:6: note: declared here
> 163 | bool create_subgroup_counter(struct counters_subgroup *subgroup,
> | ^~~~~~~~~~~~~~~~~~~~~~~
> Makefile:10948: recipe for target 'pceplib/test/pceplib_test_pcep_utils_tests-pcep_utils_counters_test.o' failed
> make[3]: *** [pceplib/test/pceplib_test_pcep_utils_tests-pcep_utils_counters_test.o] Error 1
> make[3]: *** Waiting for unfinished jobs....
There is a missing parameter.
Fixes: 09047d2bf614 ("pceplib: add json string option to subgroup counter") Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Issue:
Previously, the PBR common was updated for every rule update or deletion
example:
let say we have three rule 11, 12, 13 and if we are removing rule 12. in the current code
we are making the entire map "valid" to false.
pbr-map MAP1 seq 11
match src-ip 90.1.1.2/32
set nexthop 20.1.1.2 swp1
pbr-map MAP1 seq 12
match src-ip 90.1.1.3/32
set nexthop 20.1.1.2 swp1
pbr-map MAP1 seq 13
match src-ip 90.1.1.4/32
set nexthop 20.1.1.2 swp1
no pbr-map MAP1 seq 12 ==> turns whole map valid to false.
r1(config)# end
r1# show pbr map
pbr-map MAP1 valid: no
Seq: 11 rule: 310
Installed: yes Reason: Valid
SRC IP Match: 90.1.1.2/32
nexthop 20.1.1.2 swp1
Installed: yes Tableid: 10002
Seq: 13 rule: 312
Installed: yes Reason: Valid
SRC IP Match: 90.1.1.4/32
nexthop 20.1.1.2 swp1
Installed: yes Tableid: 10004
Fix:
Now, the PBR common will only be updated when the last rule is being deleted.
This change ensures that we only send a delete request to Zebra once, and only
set the valid and installed flags to false when the last rule is deleted.
This optimizes the handling of PBR rules and reduces unnecessary interactions with Zebra
Igor Ryzhov [Tue, 23 Jan 2024 00:09:25 +0000 (02:09 +0200)]
lib: remove leaf-list xpath hack from northbound
Currently, when editing a leaf-list, `nb_candidate_edit` expects to
receive it's xpath without a predicate and the value in a separate
argument, and then creates the full xpath. This hack is complicated,
because it depends on the operation and on the caller being a backend or
not. Instead, let's require to always include the predicate in a
leaf-list xpath. Update all the usages in the code accordingly.
Igor Ryzhov [Tue, 23 Jan 2024 00:32:22 +0000 (02:32 +0200)]
pimd: fix crash when configuring ssmpingd
Command: `ip ssmpingd 1.1.1.1`
Backtrace:
```
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
0x00007fd1d3b02859 in __GI_abort () at abort.c:79
0x00007fd1d3e323e1 in yang_dnode_xpath_get_canon (dnode=<optimized out>, xpath_fmt=<optimized out>, ap=<optimized out>) at lib/yang_wrappers.c:61
0x00007fd1d3e34f41 in yang_dnode_get_ipv4 (addr=addr@entry=0x7ffc368554d4, dnode=<optimized out>, xpath_fmt=xpath_fmt@entry=0x5556af8680d4 "./source-addr") at lib/yang_wrappers.c:826
0x00005556af8216d3 in routing_control_plane_protocols_control_plane_protocol_pim_address_family_ssm_pingd_source_ip_create (args=0x7ffc36855530) at pimd/pim_nb_config.c:925
0x00007fd1d3dec13f in nb_callback_create (nb_node=0x5556b197ea40, nb_node=0x5556b197ea40, errmsg_len=8192, errmsg=0x7ffc36855a90 "", resource=0x5556b18fa6f8, dnode=0x5556b1ad7a10, event=NB_EV_APPLY, context=0x5556b1ad75c0) at lib/northbound.c:1260
nb_callback_configuration (context=0x5556b1ad75c0, event=NB_EV_APPLY, change=<optimized out>, errmsg=0x7ffc36855a90 "", errmsg_len=8192) at lib/northbound.c:1648
0x00007fd1d3deca6c in nb_transaction_process (event=event@entry=NB_EV_APPLY, transaction=transaction@entry=0x5556b1ad75c0, errmsg=errmsg@entry=0x7ffc36855a90 "", errmsg_len=errmsg_len@entry=8192) at lib/northbound.c:1779
0x00007fd1d3decdd6 in nb_candidate_commit_apply (transaction=0x5556b1ad75c0, save_transaction=save_transaction@entry=true, transaction_id=transaction_id@entry=0x0, errmsg=errmsg@entry=0x7ffc36855a90 "", errmsg_len=errmsg_len@entry=8192) at lib/northbound.c:1129
0x00007fd1d3decf15 in nb_candidate_commit (context=..., candidate=<optimized out>, save_transaction=save_transaction@entry=true, comment=comment@entry=0x0, transaction_id=transaction_id@entry=0x0, errmsg=0x7ffc36855a90 "", errmsg_len=8192) at lib/northbound.c:1162
0x00007fd1d3ded4af in nb_cli_classic_commit (vty=vty@entry=0x5556b1ada2a0) at lib/northbound_cli.c:50
0x00007fd1d3df025f in nb_cli_apply_changes_internal (vty=vty@entry=0x5556b1ada2a0, xpath_base=xpath_base@entry=0x7ffc36859b50 ".", clear_pending=clear_pending@entry=false) at lib/northbound_cli.c:177
0x00007fd1d3df06ad in nb_cli_apply_changes (vty=vty@entry=0x5556b1ada2a0, xpath_base_fmt=xpath_base_fmt@entry=0x0) at lib/northbound_cli.c:233
0x00005556af80fdd5 in pim_process_ssmpingd_cmd (vty=0x5556b1ada2a0, operation=NB_OP_CREATE, src_str=0x5556b1ad9630 "1.1.1.1") at pimd/pim_cmd_common.c:3423
0x00007fd1d3da7b0e in cmd_execute_command_real (vline=vline@entry=0x5556b1ac9520, vty=vty@entry=0x5556b1ada2a0, cmd=cmd@entry=0x0, up_level=up_level@entry=0) at lib/command.c:982
0x00007fd1d3da7cb1 in cmd_execute_command (vline=vline@entry=0x5556b1ac9520, vty=vty@entry=0x5556b1ada2a0, cmd=0x0, vtysh=vtysh@entry=0) at lib/command.c:1040
0x00007fd1d3da7e50 in cmd_execute (vty=vty@entry=0x5556b1ada2a0, cmd=cmd@entry=0x5556b1ae0a30 "ip ssmpingd 1.1.1.1", matched=matched@entry=0x0, vtysh=vtysh@entry=0) at lib/command.c:1207
0x00007fd1d3e278be in vty_command (vty=vty@entry=0x5556b1ada2a0, buf=<optimized out>) at lib/vty.c:591
0x00007fd1d3e27afd in vty_execute (vty=0x5556b1ada2a0) at lib/vty.c:1354
0x00007fd1d3e2bb23 in vtysh_read (thread=<optimized out>) at lib/vty.c:2362
0x00007fd1d3e22254 in event_call (thread=thread@entry=0x7ffc3685cd80) at lib/event.c:2003
0x00007fd1d3dce9e8 in frr_run (master=0x5556b183c830) at lib/libfrr.c:1218
0x00005556af803653 in main (argc=6, argv=<optimized out>, envp=<optimized out>) at pimd/pim_main.c:162
```
projects / matthieu / frr.git / log