Quentin Young [Fri, 29 Mar 2019 23:24:08 +0000 (19:24 -0400)]
bgpd: add support for MD5 auth on listen ranges
Co-authored-by: Donald Sharp <sharpd@cumulusnetworks.com> Co-authored-by: Quentin Young <qlyoung@cumulusnetworks.com> Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Quentin Young [Mon, 1 Apr 2019 18:16:54 +0000 (18:16 +0000)]
lib: add support for extended TCP MD5 auth
MD5 auth on TCP is supported for prefixes in recent versions of Linux;
add complementary support for FRR.
This is a reworked version of Donald's commit to keep library
compatibility and obviate the need for changes in daemons that don't
need to support this themselves.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
doc: update libyang build instructions to enable compiler optimizations
libyang defaults CMAKE_BUILD_TYPE to "Debug", which disables compiler
optimizations. We should instruct our users to build libyang in the
"Release" mode so that compiler optimizations are enabled and they
can benefit from the associated performance improvements.
Dmitrii Turlupov [Wed, 27 Mar 2019 12:27:36 +0000 (15:27 +0300)]
yang: priority of isis commands in interface configuration
Move down the "circuit-type" leaf in the isisd YANG module so that
"ip[v6] router isis" will be the first commands displayed in the
running configuration.
F. Aragon [Wed, 10 Apr 2019 17:08:50 +0000 (19:08 +0200)]
zebra: pseudowire event recovery (DoS fix)
When having a route recovery, because of the route installation
cycling and the next hop label check, it could happen that the PW
never gets recovered. The original code shows the intention of retrying,
but the code was missing. The fix includes the call to the timer programming
the recovery attempt.
Example for reproducing the issue:
|P1| <-> |P2| <-> |P3|
- Being P1, P2, P3 nodes, using IS-IS as IGP, and having a pseudowire
betwen P1 and P3 (P1, P2, P3 having configured LDP daemons).
- After 60 seconds, kill the IS-IS daemon in P2.
- Wait 30 seconds
- Launch again the IS-IS daemon in P2
- The bug/issue is that after P1 <-> P3 recovering connectivity sometimes
the PW is not recovered because the reason explained in the first paragraph.
Chirag Shah [Tue, 9 Apr 2019 19:30:15 +0000 (12:30 -0700)]
zebra: avoid removing node twice from rb_tree
In zebra terminate path, the node was attempted to remove
twice from the RB_TREE table. This lead to a crash during
zebra shutdown zebra_router_free_table already calls RB_REMOVE
to remove a node from rb tree table.
siginfo=0x7fffd9134a30, context=<optimized out>) at lib/sigevent.c:249
rbt=<optimized out>, t=<optimized out>) at lib/openbsd-tree.c:226
t=0x56296965ff50 <zebra_router_table_head_RB_INFO>) at lib/openbsd-tree.c:383
rbt=rbt@entry=0x562969669bd0 <zrouter+16>, elm=elm@entry=0x56296afcf810)
at lib/openbsd-tree.c:393
(elm=0x56296afcf810, head=0x562969669bd0 <zrouter+16>) at zebra/zebra_router.h:46
Singned-off-by: Chirag Shah <chirag@cumulusnetworks.com>
Donald Sharp [Tue, 9 Apr 2019 17:20:32 +0000 (13:20 -0400)]
pimd: Add JoinDesired(S,G) to deciding to set spt bit
The decision for Update_SPTbit(S,G, iif) includes a test
for JoinDesired(S,G) in section 4.2.2. When we were deciding
to update the spt bit we were not taking this into account.
This commit fixes this issue.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Mon, 8 Apr 2019 18:37:00 +0000 (14:37 -0400)]
pimd: Update state when receiving S,G join when in S,G RPT Prune state
When we receive a S,G join and the ifchannel is in S,G RPT Prune state,
pim should transition the ifchannel state to JOIN and transition the
pim_upstream state for the S,G stream.
Ticket: CM-24513 Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Nitin Soni [Thu, 28 Mar 2019 05:49:03 +0000 (22:49 -0700)]
bgpd: new show cmd - bgp l2vpn evpn route vni all detail
This command is added to provide detailed information. It will be
useful in troubleshooting as we will be able to dump all detailed info
using a single command.
"net show bgp evpn route vni <all|id> [detail]". Additional filtering
can be done by providing vtep ip.
Command will display the detailed content for all vni and macs as
displayed by "net show bgp evpn route vni <> mac <> ip <>" for a single
vni, mac, ip.
Ticket: CM-24397 Signed-off-by: Nitin Soni <nsoni@cumulusnetworks.com>
Reviewed-by:
Testing-Done:
Stephen Worley [Tue, 9 Apr 2019 14:35:11 +0000 (10:35 -0400)]
zebra: Fix late memset of pbr rule in rule_netlink
We were memsetting zebra_pbr_rule struct after
we had already put some information in it. Also updated
the init of the struct to use braces instead of a
memset.
Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
Quentin Young [Mon, 8 Apr 2019 17:05:45 +0000 (17:05 +0000)]
ospfd: fix behavior of +/-metric
OSPFD uses -1 as a sentinel value for uninitialized metrics. When
applying a route map with a +/-metric to redistributed routes, we were
using -1 as our base value to increment or decrement on, which meant
that if you set e.g. +10, you would end up with a redistributed route of
metric 9.
This patch also removes an off-by-one sanity check that would cause a
set metric +1 or set metric 0 to result in a metric value of 20 :-)
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Donald Sharp [Sun, 7 Apr 2019 00:08:34 +0000 (20:08 -0400)]
bgpd: Remove extra alloc function bgp_path_info_new
The bgp_path_info_new function whenever it was called
pretty much duplicated the info_make function call. So
convert over to using it and remove the bgp_path_info_new
function so people are not tempted.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Sat, 6 Apr 2019 23:56:06 +0000 (19:56 -0400)]
ospfd: rn may be null
rn is not set the first time through the do {} while (); loop
As such we need to protect against it from being null( although
highly unlikely to ever happen given the ospf code base.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Sat, 6 Apr 2019 23:53:55 +0000 (19:53 -0400)]
bgpd: pi->peer assignment exists no need for null check
The creation of a new `struct bgp_path_info` requires a legitimate
peer being passed in for creation. There exists no code paths
where this is not true. As such checking pi->peer for null convinces
SA that it might happen.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Stephen Worley [Tue, 2 Apr 2019 17:57:48 +0000 (13:57 -0400)]
lib: Add hash function for nexthop groups
Add a hash function to turn a nexthop group into a
32 bit unsigned hash key with jhash. We do not care to
hash any recursively resolved nexthops, just the group.
Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
Donald Sharp [Thu, 4 Apr 2019 18:28:31 +0000 (14:28 -0400)]
zebra: Allow specification of v[4|6] addrs on some commands
The `show ipv[4|6] <nht|import-check> ...` commands are starting
to produce a bunch of output due to multiple daemons now
using the code. Allow the specification of a v4 or v6 address
to allow the show command to only display the interesting nht.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Fri, 5 Apr 2019 12:40:51 +0000 (08:40 -0400)]
pimd: Initiate *,G S,G RPT Prune in some cases
On the LHR after we decide that traffic is flowing and
we set the SPT bit for the S,G *and* the incoming IIF
of the S,G is different than the incoming IIF of the *,G
we should immediately send the *,G S,G RPT Prune as
a triggered response instead of waiting for the next
cycle.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Wed, 3 Apr 2019 15:21:37 +0000 (11:21 -0400)]
pimd: Add a flag PIM_NEXTHOP_ANSWER_RECEIVED
Track whether or not we have received an answer from
our query to do nexthop tracking. This allows us to
go straight to doing a synchronous query for our
RPF.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Tue, 2 Apr 2019 13:40:41 +0000 (09:40 -0400)]
pimd: Tracking of RPF is *separate* from the lookup
Start the separation of tracking a Destination from the act
of looking it up. The cojoining of these two concepts led
to a bunch of code that had to think about both problems leading
to weird situations and code paths. Simplify the code by making
pim_ecmp_nexthop_search a static function and we only ever
call pim_ecmp_nexthop_lookup when we need to do a RPF().
pim_ecmp_nexthop_lookup will now attempt to find a stored pnc
and if it finds one it will report on the answer from it.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Wed, 3 Apr 2019 01:15:21 +0000 (21:15 -0400)]
pimd: Determining if we are the RP should happen always
When creating new RP information from a `ip pim rp A.B.C.D/M A.B.C.D`
we should determine if we are the RP even if we can or cannot
determine if we have a path to the RP via RPF.
This is because we should determine if we are the RP based upon a
connected ip address match not whether or not we have a path to
the RPF. We would normally think this is not important but
RPF is inherently asynchronous and we can have a state where
we have registered for nht but have not received the actual
path back yet from zebra.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
F. Aragon [Fri, 5 Apr 2019 13:26:14 +0000 (15:26 +0200)]
zebra: label manager race condition fix
This fix covers the case where two or more events are processed but only one
becoming effective. E.g. when mixing a synchronous label request from a LDP
deamon and an asynchronous request from a BGP daemon it could happen to the
BGP having the label chunk, but the LDP stuck waiting for the response.
Donald Sharp [Thu, 4 Apr 2019 16:19:50 +0000 (12:19 -0400)]
staticd: Allow reinstall of static nexthops on vrf restart
When staticd receives notification that a vrf that it is using
is back up into a state that can be used, go through and
mark all the si data structures nexthops as not installed.
This will allow us to complete the loop and reinstall routes
that need to be fully resolved.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Thu, 4 Apr 2019 12:45:20 +0000 (08:45 -0400)]
zebra: Make rnh only send response once on first registration
The current code path of registration does this:
a) Lookup or create the rnh
b) register the client with the rnh for callback
If this is a new rnh send a response to the client that
only includes the rnh data that it has (nothing so no path)
If this is a existing rnh send the actual path to the client,
if it exists.
c) If a new client or a flag has changed refigure and send result
to all clients.
This is problematic in that suppose the rnh is new. Clients
will receive two answers:
1) A call back with no nexthops
2) A call back with the resolved # of nexthops
Imagine pim who depends on nht to handle this, pim will create
a mroute( because it does a hard lookup of the rpf as it is registering
the nexthop ), then it will receive the first callback causing
it to tear down the mroute and then receive the second callback
causing it to put it right back.. This is obviously not very
good for mroutes.
This code moves the send to the new client till after the new
client has connected, thus only allowing one callback to the new
client with the actual answer.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Move &rpki_cmd from VIEW to ENABLE. A non-enabled session could
enter into the rpki command node and exit into glocalb config mode
without having to enable.
Move &show_rpki* from ENABLE to VIEW. Allow non-enabled user to
view cache state and prefix table state.
Signed-off-by: David Teach <dteach@routeviews.org>
Adrian Ban [Tue, 2 Apr 2019 15:25:50 +0000 (17:25 +0200)]
staticd: Fix static routes that are not added in RIB after Null0 or vrf routes
When you add a static route like:
ip route 10.0.0.0/24 Null0
ip route 192.168.7.0/24 99.99.99.99 nexthop-vrf EVA
all routes after this command will be ignored by staticd and are not inserted in RIB.
This is the cause of return instead of continue in the for loop in static_nht_update_safi() function that is stopping the search in the routes list and is returning in the previous function without calling static_zebra_route_add() function.
Donald Sharp [Mon, 1 Apr 2019 16:31:28 +0000 (12:31 -0400)]
pimd: Limit lookup of neighbor since we know we have one
When a new pim neighbor comes up, we need to go through and
mark nexthops that we have received from zebra for reachability
tracking so we can refigure stuff. If we pass in the new neighbor
we can limit the search to those nexthops out the interface that
the new neighbor has come up.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
projects / matthieu / frr.git / log