bgpd: check sockopt returns in rpki_create_socket

Check (g|s)etsockopt returns in rpki_create_socket(). Coverity scanner
issues 1575916 and 1575924.

Fixes: a951752d4a ("bgpd: create cache server socket in vrf")
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>

bgpd: fix memory leak in rpki_create_socket

Fix memory leak in rpki_create_socket. Coverity scanner issue 1575914.

Fixes: a951752 ("bgpd: create cache server socket in vrf")
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>

bgpd: fix res validity in rpki_create_socket

Fix coverity scanner issue 1575912 where res pointer is supposed to
valid in:

> socket = vrf_socket(res->ai_family, ...)

but is checked for validity a few lines later.

Note that vrf_getaddrinfo returns an error code if getaddrinfo() fails
to allocate res and in this case, rpki_create_socket() returns.

Fixes: a951752 ("bgpd: create cache server socket in vrf")
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>

bgpd: fix deference before check in rpki_create_socket

Fix deference before check coverity scanner issue 1575918 in
rpki_create_socket()

Fixes: a951752d4a ("bgpd: create cache server socket in vrf")
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>

bgpd: fix potential null pointers in rpki

Fix potential NULL pointer in RPKI code. Coverity scanner issues: 1575911
1575913, 1575915, 1575917, 1575919 to 1575923, 1575925 and 1575926.

Fixes: 1420189c11 ("bgpd: add support of rpki in vrf configure context")
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>

Merge pull request #15179 from donaldsharp/zebra_neigh_update

Zebra neigh update

Merge pull request #15193 from idryzhov/fix-bgp-rmap-probability

bgpd: fix route-map match probability deconfiguration callback

Merge pull request #15194 from idryzhov/dist-list-fixes

distribute-list fixes and improvements

ripngd: use correct autocompletion for distribute-list commands

Currently, we always use access-list autocompletion, even if configuring
prefix-lists. We should differentiate. Also, fix missing "IPv6"
docstring and use correct address family.

Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>

ripd: use correct autocompletion for distribute-list commands

Currently, we always use access-list autocompletion, even if configuring
prefix-lists. We should differentiate.

Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>

eigrpd: use correct autocompletion for distribute-list commands

Currently, we always use access-list autocompletion, even if configuring
prefix-lists. We should differentiate. Also, use address-family-specific
autocompletion.

Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>

babeld: use correct autocompletion for distribute-list commands

Currently, we always use access-list autocompletion, even if configuring
prefix-lists. We should differentiate.

Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>

lib: add address-family-specific autocompletion for prefix-lists

Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>

lib: remove global list of distribute-lists

It's not needed anymore, all daemons always pass context.

Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>

babeld: pass distribute ctx to distribute-list functions

Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>

eigrpd: convert distribute-list configuration to northbound

Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>

bgpd: fix route-map match probability deconfiguration callback

Add missing break. Currently, lib_route_map_entry_match_destroy is
called on every commit stage, but it should run only on APPLY.

Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>

sharpd: Allow sharpd to listen to neighbor events

Signed-off-by: Donald Sharp <sharpd@nvidia.com>

lib, nhrpd: Move neighbor reg/unreg to lib/zclient.c

This is needed to be generic.  Let's make it so.

Signed-off-by: Donald Sharp <sharpd@nvidia.com>

*: Rename ZEBRA_NHRP_NEIGH_XXX to ZEBRA_NEIGH_XXX

This does not need to be nhrp specific.

Signed-off-by: Donald Sharp <sharpd@nvidia.com>

Merge pull request #15185 from LabNConsulting/chopps/distlist

add northbound support to distribute-list code.

Merge pull request #15052 from louis-6wind/rpki-vrf-92

bgpd: add VRF support to RPKI

ripngd: use new distribute-list northbound code.

Signed-off-by: Christian Hopps <chopps@labn.net>

ripd: use new distribute-list northbound code.

Signed-off-by: Christian Hopps <chopps@labn.net>

lib: enable multiple instance support with distribute lists

Signed-off-by: Christian Hopps <chopps@labn.net>

lib: add northbound support to distribute-list code.

Signed-off-by: Christian Hopps <chopps@labn.net>

Merge pull request #15176 from LabNConsulting/chopps/mgmtd-northbound-fixes

Chopps/mgmtd northbound fixes

Merge pull request #15125 from pguibert6WIND/srte_pcep_session_json

Dump PCEP session in json format

Merge pull request #15184 from donaldsharp/zebra_touchups

Zebra touchups

lib: cleanup yang lint warnings

Signed-off-by: Christian Hopps <chopps@labn.net>

Merge pull request #15178 from donaldsharp/update_unnumbered_doc

doc: Update bgp unnumbered documentation

Merge pull request #15183 from donaldsharp/zebra_nhg_worms

zebra: Fix NEXTHOP_GROUP_FPM define value

zebra: use break instead of goto

There is a goto statement that would be better served
with a break statement.  Let's try to minimize this
in the code.

Signed-off-by: Donald Sharp <sharpd@nvidia.com>

zebra: Remove function that just calls another function

Why not just call the one function?

Signed-off-by: Donald Sharp <sharpd@nvidia.com>

zebra: Fix NEXTHOP_GROUP_FPM define value

The NEXTHOP_GROUP_FPM #define conflicts with
NEXTHOP_GROUP_KEEP_AROUND.  Not ideal let's fix
this.

Signed-off-by: Donald Sharp <sharpd@nvidia.com>

doc: Update bgp unnumbered documentation

Mention the limitations of this type of peering
in bgp.

Signed-off-by: Donald Sharp <sharpd@nvidia.com>

mgmtd: remove heavy duplication in mgmtd config read

Previously each container created all it's decendents before descending into
the children and repeating the process.

Signed-off-by: Christian Hopps <chopps@labn.net>

lib: better conditionalize leaf-list predicate xpath addition

If we're in the backend we already have the predicate added by mgmtd -- don't
add it again.

Signed-off-by: Christian Hopps <chopps@labn.net>

lib: libyang logging temp off to avoid unwanted log message

We don't want libyang logging when an schema path doesn't exist
since this is an acceptable outcome.

Signed-off-by: Christian Hopps <chopps@labn.net>

Merge pull request #15175 from idryzhov/affinity-map-fixes

Merge pull request #15168 from mjstapp/daemon_logs

lib,vtysh: add per-daemon log file config

zebra: fix default value for affinity-mode

- initialize the necessary bit when creating if_link_params
- fix CLI description to mark extended as the default mode
- correctly set mode to extended when using the "no" form of the command
- handle the "show_defaults" parameter correctly in cli_show callback

Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>

zebra: remove unnecessary checks from CLI

First, any data tree validation in CLI handler is not correct, because
this code won't be called when the change is done through any other
frontend. Second, these checks are not necessary at all, because NB
layer handles the change between admin-grp/affinity automatically.

Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>

zebra: fix link-params admin-grp config output

- it was not printed at all because of the incorrect `yang_dnode_exist`
  check
- the intended output was "admin-group" instead of "admin-grp" used in
  the actual CLI command

Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>

zebra: rework affinity-map update hook

Don't use config tree when updating internal daemon state. Everything
needed is already stored in internal structures.

Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>

lib: make affinity-map value mandatory

There can't be an affinity map without a bit position.

Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>

lib: validate affinity-map bit position using the yang model

When affinity mode is "standard", bit position cannot be greater than
31. Add a "must" statement to the YANG model to validate this, and
remove our custom validation code that does the same.

Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>

lib: make affinity-map value unique in the yang model

It allows us to remove the code that does the same thing manually.

Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>

lib: validate affinity-map reference using yang model

Change the type of affinity leaf-list in frr-zebra to a leafref with
"require-instance" property set to true. This change tells libyang to
automatically check that affinity-map exists before usage and doesn't
allow it to be deleted if it's referenced. It allows us to remove all
the manual code that is doing the same thing.

Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>

Merge pull request #15172 from donaldsharp/evpn_mh_bridge_fix

tests: Fix test_evpn_mh.py to correctly call bridge program

pathd: add 'show sr-te pcep session json' support

Add support to dump sr-te pcep session in json output.

> ubuntu2204# show sr-te pcep session
> PCE q
>  PCE IP 192.0.2.40 port 4189
>  PCC IP 192.0.2.10 port 4189
>  PCC MSD 10
>  Session Status UP
>  Precedence 10, best candidate
>  Confidence normal
>  Timer: KeepAlive config 30, pce-negotiated 70
>  Timer: DeadTimer config 120, pce-negotiated 120
>  Timer: PcRequest 30
>  Timer: SessionTimeout Interval 30
>  Timer: Delegation Timeout 10
>  No TCP MD5 Auth
>  PCE SR Version draft07
>  Next PcReq ID 5
>  Next PLSP  ID 2
>  Connected for 171 seconds, since 2023-10-28 09:36:44 UTC
>  PCC Capabilities: [PCC Initiated LSPs] [Stateful PCE] [SR TE PST]
>  PCE Capabilities: [Stateful PCE] [SR TE PST]
>  PCEP Message Statistics
>                         Sent   Rcvd
>          Message Open:     2      1
>     Message KeepAlive:     1      6
>         Message PcReq:     4      0
>         Message PcRep:     0      0
>        Message Notify:     4      0
>         Message Error:     0      5
>         Message Close:     0      0
>        Message Report:     5      0
>        Message Update:     0      1
>      Message Initiate:     0      0
>      Message StartTls:     0      0
>     Message Erroneous:     0      0
>                 Total:    16     13
> PCEP Sessions => Configured 1 ; Connected 1
> ubuntu2204# show sr-te pcep session  json
> {
>   "pcepSessions":[
>     {
>       "pceName":"q",
>       "pceAddress":"192.0.2.40",
>       "pcePort":4189,
>       "pccAddress":"192.0.2.10",
>       "pccPort":4189,
>       "pccMsd":10,
>       "sessionStatus":"UP",
>       "bestMultiPce":true,
>       "precedence":10,
>       "confidence":"normal",
>       "keepaliveConfig":30,
>       "deadTimerConfig":120,
>       "pccPcepRequestTimerConfig":30,
>       "sessionTimeoutIntervalSec":30,
>       "delegationTimeout":10,
>       "tcpMd5Authentication":false,
>       "draft07":true,
>       "draft16AndRfc8408":false,
>       "nextPcRequestId":5,
>       "nextPLspId":2,
>       "sessionKeepalivePceNegotiatedSec":70,
>       "sessionDeadTimerPceNegotiatedSec":120,
>       "sessionConnectionDurationSec":177,
>       "sessionConnectionStartTimeUTC":"2023-10-28 09:36:44",
>       "pccCapabilities":" [PCC Initiated LSPs] [Stateful PCE] [SR TE PST]",
>       "pceCapabilities":" [Stateful PCE] [SR TE PST]",
>       "messageStatisticsReceived":{
>         "messageOpen":1,
>         "messageKeepalive":6,
>         "messagePcReq":0,
>         "messagePcRep":0,
>         "messageNotify":0,
>         "messageError":5,
>         "messageClose":0,
>         "messageReport":0,
>         "messageUpdate":1,
>         "messageInitiate":0,
>         "messageStartTls":0,
>         "messageErroneous":0,
>         "total":13
>       },
>       "messageStatisticsSent":{
>         "messageOpen":2,
>         "messageKeepalive":1,
>         "messagePcReq":4,
>         "messagePcRep":0,
>         "messageNotify":4,
>         "messageError":0,
>         "messageClose":0,
>         "messageReport":5,
>         "messageUpdate":0,
>         "messageInitiate":0,
>         "messageStartTls":0,
>         "messageErrneous":0,
>         "total":16
>       }
>     }
>   ],
>   "pcepSessionsConfigured":1,
>   "pcepSessionsConnected":1
> }

Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>

pceplib: add json string option to subgroup counter

The created counters in pceplib library are structures with
a string attribute which is used for further display. This
string information is not formatted for json output.

Add a second option in the create_subgroup_counter() creation
API to provide the json attribute output.

Create a json naming compatible with caml format for each
subgroup counter used.

Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>

tests: Fix test_evpn_mh.py to correctly call bridge program

Getting this error:

2024-01-17 19:05:20,688 WARNING: torm11: Router(torm11): proc failed: rc 255 pid 2436134
args: /usr/bin/nsenter --mount=/proc/2435168/ns/mnt --net=/proc/2435168/ns/net --uts=/proc/2435168/ns/uts -F /bin/bash -c /sbin/bridge vlan add vid 1000 dev bridge
stdout: RTNETLINK answers: Operation not supported
stderr: *empty*

As I understand it the correct thing to do here is pass in:
bridge vlan add vid 1000 dev bridge self

Signed-off-by: Donald Sharp <sharpd@nvidia.com>

doc: add doc for daemon-specific log cli

Add doc for the daemon-specific log file cli

Signed-off-by: Mark Stapp <mjs@labn.net>

topotests: add vrf test to bgp_rpki_topo1

Add vrf test to bgp_rpki_topo1

Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>

bgpd: add show bgp rpki prefix-count command

Add "show bgp rpki prefix-count" command to show the number of received
prefixes from RPKI cache servers.

Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>

doc: add information for per vrf rpki commands

Add documentation for per VRF RPKI commands

Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>

doc: remove rpki ssh local server public key

It is not used anymore.

Fixes: 2a5f5ec00f ("bgpd: Drop SSH public key for RPKI CLI option")
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>

doc: fix rpki ipv4 address family example

Fix RPKI IPv4 address family example.

Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>

doc: use documentation range in rpki manual

Use documentation range in rpki manual

Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>

bgpd: add vrf name to some rpki logs

Add VRF name to some rpki logs

Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>

bgpd: set rpki validation state in vrf table

Set the RPKI validation state in the VRF BGP table. It allows applying
a route-maps with "match rpki <state>" on a VRF neighbor.

Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>

bgpd: show per vrf rpki configuration in show run

Show per VRF RPKI configuration in "show run".

Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>

bgpd: add support of rpki in vrf configure context

Add support of RPKI commands in the VRF configure context.

Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>

bgpd: add support of vrf to rpki in enable mode

Add a "vrf <vrfname>" argument to "show rpki" and "rpki" commands in
enable mode

Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>

bgpd: create cache server socket in vrf

Create cache server socket in vrf

Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>

bgpd: start or stop rpki at vrf creation or deletion

Start or stop a RPKI cache servers in VRF when they are created or
deleted.

Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>

bgpd: add a hook to inform a vrf is enabled/disabled

Add a hook to call a future callback function when bgpd knows from zebra
about the activation of de-activation of a VRF. It will be used by the
RPKI module in next commits.

Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>

bgpd: remove rpki config command from enable node

Remove rpki config command from enable node. It cannot work.

Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>

bgpd: move rpki variables in a per vrf fist

RPKI stores its data in global variables. It does not allow specific
date per VRF.

Move global variable to a new structure named rpki_vrf and maintain a
per VRF list of rpki_vrf. The changes are cosmetic because only the
default VRF is supported yet.

Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>

Merge pull request #15166 from LabNConsulting/chopps/fix-munet

tests: fix munet accessing missing attribute

lib,vtysh: add per-daemon log file config

Add a config that specifies per-deamon log file names.
Move the handy generated list of daemon names from vtysh to lib;
edit the gitignore files to match.

Signed-off-by: Mark Stapp <mjs@labn.net>

Merge pull request #15162 from opensourcerouting/fix/aspath4_set_flag

bgpd: Set capability received flag only after sanity checks

tests: fix munet accessing missing attribute

Signed-off-by: Christian Hopps <chopps@labn.net>

tests: Adopt tests for AS4 handling

When received malformed AS4 capability, it should return -1 (notification send),
and the received flag SHOULD NOT be set.

Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>

bgpd: Send notification if AS4 capability failed to parse (malformed)

Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>

bgpd: Set role capability received flag only if parsed correctly

If we receive a malformed packet, we might end-up with a bad state.

Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>

bgpd: Set hostname capability received flag only if parsed correctly

If we receive a malformed packet, we might end-up with a bad state.

Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>

bgpd: Set ADD-PATH capability received flag only if parsed correctly

If we receive a malformed packet, we might end-up with a bad state.

Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>

bgpd: Set AS4 capability received flag only if parsed correctly

If we receive a malformed packet, we might end-up with a bad state.

Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>

Merge pull request #15160 from vjardin/doc_typo

doc: typo, fix end of line

Merge pull request #15161 from LabNConsulting/chopps/munet-0-13-12

import munet 0.13.12

tests: import munet 0.13.12

Signed-off-by: Christian Hopps <chopps@labn.net>

tests: set environment variable munet 0.13.12 will use

Signed-off-by: Christian Hopps <chopps@labn.net>

doc: typo, fix end of line

Signed-off-by: Vincent Jardin <vjardin@free.fr>

Merge pull request #15154 from idryzhov/mgmt-get-data

mgmtd get-data request expansion

Merge pull request #15156 from LabNConsulting/chopps/yang-mtu-32

yang: lib: interface MTUs can be larger than uint16

Merge pull request #15034 from louis-6wind/topotest-rpki

bgpd, topotests: add bgp_rpki_topo1 and RPKI fixes

tests: add tests for mgmt get-data exact node request

Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>

lib, mgmtd: add ability to request the exact node in get-data request

RESTCONF expects to receive the exact node as a result, not the whole
data tree.

Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>

lib: fix oper data leaf creation

When creating an initial tree trunk for oper data walk, if the xpath
represents a leaf, the leaf is created with an incorrect empty value.
If it doesn't actually exist in daemon's oper data, its value is not
overwritten later and an empty value is returned in the result.

For example, when requesting
`/frr-interface:lib/interface[name='eth0']/description`, the result is:
```
{
  "frr-interface:lib": {
    "interface": [
      {
        "name": "eth0",
        "description": ""
      }
    ]
  }
}
```
instead of an empty JSON that it should be.

Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>

tests: add tests for mgmt get-data with config

Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>

lib, mgmtd: add ability to set content type in get-data request

Like in RESTCONF GET request and NETCONF get-data request, make it
possible to request state-only, config-only, or all data.

Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>

Merge pull request #15150 from LabNConsulting/chopps/config-file-integrated

doc: update config file doc for integrated requirement

lib, mgmtd: add separate get-data request for the frontend

Currently it's the same as get-tree request for the backend, but it is
going to be expanded in the following commits.

Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>

vtysh, mgmtd: send interface commands to mgmtd

Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>

mgmtd: add option to specify netns as the vrf backend

mgmtd has to know if netns is used as the vrf backend to correctly
process interface names in northbound.

Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>

lib: fix yang_lyd_trim_xpath

We should traverse all top-level siblings, not only the first one.

Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>

Merge pull request #15151 from idryzhov/mgmtd-vrf

mgmtd: remove full vrf initialization

yang: lib: interface MTUs can be larger than uint16

Technically changing a leaf from uint16 to uint32 is a NBC change; however,
increasing this to uint32 should not break anyone in reality.

Signed-off-by: Christian Hopps <chopps@labn.net>