Donald Sharp [Fri, 27 Apr 2018 19:18:41 +0000 (15:18 -0400)]
*: Move sharpd from developmental build to have to explicity enable it
sharpd has started to see some use from our field engineers as
well as people attempting to build/test their environments
as a way of easily injecting a large number of routes.
Modify configure.ac to move sharpd from a development build
option to having to explicity enable it via `--enable-sharpd=yes`
in order for it to be built.
This will allow those who want to build it, to build it without
having to use the development build option.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Fri, 27 Apr 2018 18:53:46 +0000 (14:53 -0400)]
zebra: Add PBR and SHARP handling
We are missing some handling of PBR and SHARP protocols
for netlink operations w/ the linux kernel.
Additionally add a bread crumb for new developers( or existing )
to know to fixup the rt_netlink.c when we start handling new
route types to hand to the kernel.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Quentin Young [Wed, 25 Apr 2018 21:16:55 +0000 (17:16 -0400)]
lib: fix heap corruption in stream_fifo_free
When popping a stream from a stream_fifo, the stream->next pointer is
not NULL'd out. If this same stream is subsequently pushed onto a
stream_fifo (either the same one or a different one), because
stream_fifo's use tail insertion the ->next pointer is not updated and
thus will point to whatever the next stream in the first stream_fifo
was. stream_fifo_free does not check the count of the stream_fifo when
freeing its constituent elements, and instead walks the linked list.
Consequently it will continue walking into the first stream_fifo from
which the last stream was popped, freeing each stream contained there.
This leads to use-after-free errors.
This patch makes sure to set the ->next pointer to NULL when doing tail
insertion in stream_fifo_push and when popping a stream from a
stream_fifo.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Donald Sharp [Wed, 25 Apr 2018 14:23:22 +0000 (10:23 -0400)]
bgpd: Prevent vrf 2 vrf route leaking from going offbox.
The vrf 2 vrf route leaking auto-derives RD and RT and
installs the routes into the appropriate vpn table.
These routes when a operator configured ipv[4|6] vpn
neighbors were showing up off box. The RD and RT
values choosen are localy significant but globaly
useless and may cause confusion.
Put a special bit of code in to notice that we
should not be advertising these routes off box.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Tue, 17 Apr 2018 13:21:24 +0000 (09:21 -0400)]
bgpd: Eliminate loop over afi's for vpn vrf leaking commands
The loop over all afi's implies that these commands actually need
to loop over all afi's to check the vpn policy. We know the
appropriate afi based upon the node we are in. So just return
the correct afi to look at and then just apply it.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Don Slice [Wed, 11 Apr 2018 20:41:43 +0000 (20:41 +0000)]
bgpd: disallow importing a vrf into itself
Prior to this fix, you could configure importing a vrf from inside
the same vrf. This can lead to unexpected behavior in the leaking
process. This fix disallows that behavior.
Ticket: CM-20539 Signed-off-by: Don Slice <dslice@cumulusnetworks.com>
Don Slice [Wed, 11 Apr 2018 16:12:39 +0000 (16:12 +0000)]
bgpd: fix crash on "no import vrf" if no default bgp instance
Tripped over a crash running the cli_crawler that occurred when the
sequence was doing "import vrf NAME" and "no import vrf NAME" inside
a vrf but a default bgp instance had not been created. This fix
auto-creates the default instance if the "import vrf NAME" is
entered and a default instance does not exist.
Ticket: CM-20532 Signed-off-by: Don Slice <dslice@cumulusnetworks.com> Reviewed-by: Donald Sharp <sharpd@cumulusnetworks.com>
Don Slice [Tue, 10 Apr 2018 15:00:18 +0000 (15:00 +0000)]
bgpd: fix import vrf route-map issues
Prior to this fix, the import vrf route-map command only worked
if the route-map existed prior to the command. Additionally, if
the import vrf route-map command was issued without an existing
route-map, the imported prefixes were not removed. This fix
resolves both of thes mis-behaviors. bgp-smoke run with same
failures as base.
Ticket: CM-20459 Signed-off-by: Don Slice <dslice@cumulusnetworks.com> Reviewed-by: CCR-7358
Don Slice [Sun, 8 Apr 2018 15:35:21 +0000 (15:35 +0000)]
bgpd: fix incorrect config when importing vrf default
Found that when doing "import vrf default" in another vrf, an
extra line was added to the configuration in error. This fix
resolves that incorrect configuration. Manual testing will be
attached to the defect.
Ticket: CM-20467 Signed-off-by: Don Slice <dslice@cumulustnetworks.com>
Reviewed by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Mon, 16 Apr 2018 14:49:45 +0000 (10:49 -0400)]
bgpd: Use correct memory type
The usage of MTYPE_ECOMMUNITY for the free in ecommunity_del_val
caused the ref counts for the ecommunity to be incorrect.
Use MTYPE_ECOMMUNITY_VAL since that is what we are deleting.
Ticket: CM-20602 Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Tue, 17 Apr 2018 12:21:03 +0000 (08:21 -0400)]
bgpd: Add some vrf <-> vrf code comments
Note that when we are importing vrf EVA into vrf DONNA
we must keep track of all the vrfs EVA is being
exported into and we must also keep track of all the vrf's
that DONNA is receiving data from as well.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Wed, 11 Apr 2018 12:56:44 +0000 (08:56 -0400)]
tests: Fix crash in test_mp_attr
Some recent changes in BGP now require that the
peer's nexthop have a valid ifp when we are looking
at:
case BGP_ATTR_NHLEN_IPV6_GLOBAL_AND_LL:
case BGP_ATTR_NHLEN_VPNV6_GLOBAL_AND_LL:
This assumption makes sense for this type of Nexthop Attribute.
So for the test let's jimmy up a `fake` enough interface pointer
so that the actual test we can focus on what we are actually
testing.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
bgpd: Handle connected routes and IPv6 link-local nexthops for route leaking
Connected routes redistributed into BGP as well as IPv4 routes with IPv6
link-local next hops (RFC 5549) need information about the associated
interface in BGP if they are candidates to be leaked into another VRF. In
the absence of route leaking, this was not necessary. Introduce the
appropriate mechanism and ensure this is used during route install (in
the target VRF).
Ticket: CM-20343, CM-20382
Testing done:
1. Manually verified failed scenarios and some additional ones - logs
in the tickets.
2. Ran bgp-min and evpn-min - results are good.
3. Ran vrf smoke - has some failures, but none which look new
bgpd: Fix route-leak/L3VPN delete of redistributed routes
Ensure that when a route redistributed into a VRF is subsequently
deleted, it is properly removed from the VPN table (if exported)
so that it can be removed from other VRFs and withdrawn from
L3VPN peers.
vivek [Thu, 29 Mar 2018 05:13:05 +0000 (22:13 -0700)]
bgpd: Enhance loop checking for VRF to VPN route export
The VRF routes exported to the global VPN table must not be
imported routes. It is not necessary to check if they originate
in the global VPN instance as that doesn't hold good for VRF-to-
VRF route-leaking. Merely checking that they are not imported
should handle both L3VPN and VRF-to-VRF route-leaking use cases.
vivek [Thu, 29 Mar 2018 05:11:30 +0000 (22:11 -0700)]
bgpd: Fix peer determination from parent for imported routes
When routes are imported into a VRF from the global VPN table, the
parent instance is either the default instance in the case of L3VPN or
the source VRF in the case of VRF-to-VRF route leaking. Hence, obtain
the source peer by just looking at the parent route information.
vivek [Tue, 27 Mar 2018 00:24:47 +0000 (17:24 -0700)]
bgpd: Fixes for VRF route leaking
Implement fixes for route leaking between VRFs through BGP, especially for
the scenario where routes are leaked from a VRF X to multiple other VRFs.
This include making sure that import and export happen via the global VPN
table, setting RD correctly and proper handling for multiple import/export.
Ticket: CM-20256 Signed-off-by: Vivek Venkatraman <vivek@cumulusnetworks.com> Reviewed-by: Donald Sharp <sharpd@cumulusnetworks.com>
vivek [Tue, 27 Mar 2018 00:11:39 +0000 (17:11 -0700)]
bgpd: Auto RD definitions and encoding
Setup a per-VRF identifier to use along with the Router Id to build the
RD. Define a function to encode the RD. Code is brought over from EVPN
and EVPN code has been modified to use the generic function.
vivek [Tue, 27 Mar 2018 00:04:24 +0000 (17:04 -0700)]
bgpd: Fix params/checks for route leaking and L3VPN
When routes are injected into the VPN table and then leaked into candidate
VRFs, the source should be the default instance. Also, the loop check when
withdrawing routes from a VRF should be that the route's origin isn't that
VRF; this handles VRF route leaking also and is consistent with checks in
other places.
Donald Sharp [Sat, 24 Mar 2018 22:55:30 +0000 (18:55 -0400)]
bgpd: Handle when the import vrf has not been created.
When the `import vrf XXX` command is entered under
an afi/safi for bgp and the XXX vrf bgp instance
does not yet exist, auto-create it using the same
ASN that the we are importing into.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Adding to mtracebis querying with group address. Same change
to vtysh mtrace command. Support for querying (S,G) and (*,G)
state in mtrace router code. Further improvments to mtrace router
code with closer complience to IETF draft. More references in
comments to the draft. Man page has been updated accordingly.
Donald Sharp [Fri, 20 Apr 2018 14:18:47 +0000 (10:18 -0400)]
pbrd: Fix a couple SA issues
1) addr will never be non-null because of the way we build the cli
at this point in time, but the SA system does not understand this,
add a bread crumb for it.
2) Fix a possible memory leak of the pbr_ifp
3) Fix possible integer overflow when bit shifting.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Quentin Young [Mon, 23 Apr 2018 02:10:54 +0000 (22:10 -0400)]
zebra: cleanup for zapi_msg.c split
* Rename client_connect and client_close hooks to zapi_client_connect
and zapi_client_close
* Remove some more unnecessary headers
* Fix a copy-paste error in zapi_msg.[ch] header comments
* Fix an inclusion comment in zserv.c
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Quentin Young [Sun, 22 Apr 2018 21:03:52 +0000 (17:03 -0400)]
zebra: use hooks for client lifecycle callbacks
zserv.c was using hardcoded callbacks to clean up various components
when a client disconnected. Ergo zserv.c had to know about all these
unrelated components that it should not care about. We have hooks now,
let's use the proper thing instead.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Quentin Young [Sun, 22 Apr 2018 20:01:20 +0000 (16:01 -0400)]
zebra: clean up zapi organization
zserv.c has become something of a dumping ground for everything vaguely
related to ZAPI and really needs some love. This change splits out the
code fo building and consuming ZAPI messages into a separate source
file, leaving the actual session and client lifecycle code in zserv.c.
Unfortunately since the #include situation in Zebra has not been paid
much attention I was forced to fix the headers in a lot of other source
files. This is a net improvement overall though.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Quentin Young [Fri, 20 Apr 2018 18:34:46 +0000 (14:34 -0400)]
lib: add ability to dump cli mode graph
The grammar sandbox has had the ability to dump individual commands as
DOT graphs, but now that generalized DOT support is present it's trivial
to extend this to entire submodes. This is quite useful for visualizing
the CLI space when debugging CLI errors.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Quentin Young [Fri, 20 Apr 2018 21:27:16 +0000 (17:27 -0400)]
lib: fix data race in thread history collection
Thread statistics are collected and stored in a hashtable shared across
threads, but while the hashtable itself is protected by a mutex, the
records themselves were not being updated safely. Change all thread
history collection to use atomic operations.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
G. Paul Ziemba [Sun, 22 Apr 2018 03:04:29 +0000 (20:04 -0700)]
bgpd: bugfix: vpn-vrf leak: set origin bgp to origin vrf for vrf-vpn-vrf
bgp route extra->bgp_orig for routes leaked vpn->vrf should be set
to original extra->bgp_orig if it is set, not vpn's bgp instance.
The initial leak is OK because it goes through a loopback path
in the vrf->vpn leaking code, but it is possible later re-leaks (e.g.,
if the destination vrf's leak configuration is changed) could
set the wrong extra->bgp_orig and break the route's nexthop.
Donald Sharp [Sat, 21 Apr 2018 23:59:25 +0000 (19:59 -0400)]
bgpd: The deletion of a bgp route does not need to send some data
When sending a bgp route down to zebra for deletion, the
ZEBRA_FLAG_ALLOW_RECURSION and ZEBRA_FLAG_IBGP flags
are not needed in zebra. So remove the setting
of the api.flags. If we remove this data from being
passed down we no longer need the peer data structure.
Remove the lookup of the peer data structure and the setting
of the flags as that peer was NULL in some evpn symmetric
routing cases for shutdown of bgp.
Ticket: CM-20720 Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Chirag Shah [Thu, 19 Apr 2018 19:26:20 +0000 (12:26 -0700)]
ospf6d: fix ospf6 asbr crash
Durig ospf6 instance cleanup all border routers
are removed from the db then external LSAs removal
from DB is triggered. During the time, external route
path would not be valid as brouters along with its
rechability have vanished.
For a given external route removal check if no more
paths available simple remove the route from route db.
Ticket:CM-20669
Testing Done:
Bring up ASBR configuration with ECMP paths to a route.
Bring down the ospf6 instance and validate route is removed
from the DB.
Signed-off-by: Chirag Shah <chirag@cumulusnetworks.com>
Don Slice [Thu, 19 Apr 2018 21:04:05 +0000 (21:04 +0000)]
zebra: resolve issue when changing import-table route-map config
When changing from "ip import-table 10 route-map rdn" to "ip
import-table 10" without a route-map, routes would be deleted
and not reinstalled. This fix resolves that problem.
Signed-off-by: Don Slice <dslice@cumulusnetworks.com>
Arthur Jones [Wed, 18 Apr 2018 17:18:00 +0000 (10:18 -0700)]
alpine build docs: Document docker images and alpine packages
https://hub.docker.com/r/ajones17/frr/ contains pre-built docker
images and alpine packages for the master branch of frr. Document
this continuous delivery system on the alpine build page.
Issue: https://github.com/FRRouting/frr/issues/2087 Signed-of-by: Arthur Jones <arthur.jones@riverbed.com>
projects / matthieu / frr.git / log