Philippe Guibert [Mon, 23 May 2022 08:21:16 +0000 (10:21 +0200)]
zebra: avoid pbr iptable added twice when used with flowspec
The usage of zebra dplane makes the job asyncronous which implies
that a given job will try to add an iptable, while the second job
will not know that its iptable is the same as the former one.
The below exabgp rules stand for two bgp flowspec rules sent to
the bgp device:
This rule creates a single iptable, but in fact, the same iptable
name is appended twice. This results in duplicated entries in the
iptables context. This also results in contexts not flushed, when
BGP session or 'flush' operation is performed.
iptables-save:
[..]
-A PREROUTING -m set --match-set match0x55baf4c25cb0 src,src -g match0x55baf4c25cb0
-A PREROUTING -m set --match-set match0x55baf4c25cb0 src,src -g match0x55baf4c25cb0
-A match0x55baf4c25cb0 -j MARK --set-xmark 0x100/0xffffffff
-A match0x55baf4c25cb0 -j ACCEPT
-A match0x55baf4c25cb0 -j MARK --set-xmark 0x100/0xffffffff
-A match0x55baf4c25cb0 -j ACCEPT
[..]
This commit addresses this issue, by checking that an iptable
context is not already being processed. A flag is added in the
original iptable context, and a check is done if the iptable
context is not already being processed for install or uinstall.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Donald Sharp [Thu, 19 May 2022 23:28:43 +0000 (19:28 -0400)]
tests: Allow a bit longer for bfd topo tests to synchronize
Allowing only 4 seconds for a bfd test to synchronize is going
to run into problems on extremely loaded systems. The test
system should value it actually converged over it actually
converged in a reasonable time, especially on test systems
that are loaded because of many multiples of tests running
at the same time. If it is important to actually test
that something got done by the RFC, the CI system as it
is currently written is not the correct place for this.
Donald Sharp [Thu, 19 May 2022 19:54:59 +0000 (15:54 -0400)]
tests: Ensure routes are not queued when calling verify_rib
Lots of tests call verify_rib that takes a list of routes that
need to be verified in some fashion. This verify_rib functionality
will try up to 12 seconds before failing the check that zebra
has the route and has installed it.
Unfortunately the verify_rib code was not looking to see if
the route was queued for installation and was then allowing
tests to immediately do subsuquent steps that depended on
that route actually being installed sometimes causing tests
to fail.
Write a bit of additional code that looks at the queued
status and allows the test to wait a bit longer for zebra
to finish processing before allowing the test to move on
to the next bit.
Donald Sharp [Tue, 17 May 2022 20:08:01 +0000 (16:08 -0400)]
ospf6d: Remove double check of default prefix
The ospf6_is_valid_summary_addr function is checking
to see if a prefix is the default and also then double
comparing it against the v6 prefix part. No need to do this.
David Lamparter [Thu, 22 Apr 2021 09:04:52 +0000 (11:04 +0200)]
bgpd: implement SendHoldTimer
As described by
https://www.ietf.org/archive/id/draft-spaghetti-idr-bgp-sendholdtimer-04.html
Since this replicates the HoldTime check on the receiver that is already
part of the protocol, I do not believe it necessary to wait for IETF
progress on this draft. It's just replicating an existing element of
the protocol at the other side of the session.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Donald Sharp [Wed, 18 May 2022 18:29:16 +0000 (14:29 -0400)]
bgpd: Allow nht to work when connection succeeds
Originally commit: 8761cd6ddb5437767625f58c8e9cc3ccda7887ab
implemented the ability for LL nexthop tracking to be
interface based. During some more testing the code
to make the interface event happen was noticed to
not properly run in some cases. This was because
it was originally assumed that the connect could
not succeed. Testing has shown that the connect
can succeed and FRR needs to handle the nht tracking
in this case too.
Chirag Shah [Tue, 17 May 2022 05:52:54 +0000 (22:52 -0700)]
zebra: add netlink tunnel msg to dump routine
This patch parses vxlan vnifilter rtm tunnel
message which contains vni mapping to vxlan device.
The new notifications are RTM_NEWTUNNEL,
RTM_DELTUNNEL, and RTM_GETTUNNEL.
Chirag Shah [Sun, 13 Feb 2022 01:02:03 +0000 (17:02 -0800)]
zebra: netlink registry rtm tunnel notif
The kernel supports l3vxlan device to have (l3vni)
vni filter similar to vlan filtering on bridge device.
To receive netlink notification, FRR to register
for new netlink RTNLGRP_TUNNEL message.
This message required to register via additional
socket option as it's beyond bitmap size.
Sai Gomathi N [Thu, 24 Mar 2022 08:53:59 +0000 (01:53 -0700)]
pim6d: Add 'debug pimv6 nht' and 'debug pimv6 nht detial'
Implementing debug pimv6 nht command for PIMv6 nexthop tracking.
It will display information about RPF lookups and information about when a nexthop changes.
debug pimv6 nht detial for for PIMv6 nexthop in detail.This is not enabled by default.
Signed-off-by: Sai Gomathi N <nsaigomathi@vmware.com>
Donald Sharp [Sat, 14 May 2022 20:26:27 +0000 (16:26 -0400)]
bgpd: Fix coverity SA issue with copying over prefix data
in bgp_nlri_parse_ip there is a `sanity` check to ensure
that the prefix length as specified by the packet
will fit inside of a `struct prefix` correctly. The problem
here of course is that this is only v4 / v6 unicast/multicast
parsing and the bytes will never be more than 16, but we are copying
into a part of the struct prefix that is only 16 bytes, but with
this check the length may be up to 47 bytes( but not really possible ).
Limit the size check to at most 16 bytes (since we are only handling
v4 or v6 addresses here )
Donald Sharp [Mon, 16 May 2022 19:20:12 +0000 (15:20 -0400)]
ospf6d: Ensure the ospf6 interface hello timer pops in all cases
If a end users does something like this:
int enp39s0
ipv6 ospf6 hello-interval 65535
And then the timer pops and we send the hello and immediately
if the end user does this:
ipv6 ospf6 hello-interval 5
The timer is not being reset and FRR waits the full 65k seconds
before sending the hello again, which then immediately sets
the next hello to go out in 5 seconds.
When FRR receives the new timer value, look at how much time
is left on the timer in seconds. If this value is greater
than the new hello timer, stop the timer and set it too that
value.
This should fix a CI system test failure found, where the
system is testing setting timer from things like 12 seconds
to 65k seconds then back down to 12 and that the ospf6 neighbor
relationship stays up.
The code was also changed from thread_add_event to thread_add_timer
in all cases. I am not sure what would happen if a show command
comes in for a thread timer remaining with an event instead of a timer
just make it consistent.
This was chased down because the support bundle showed this:
r0# show ipv6 ospf6 vrf all interface
r0-r1-eth0 is up, type BROADCAST
Interface ID: 6
Internet Address:
inet6: fe80::a4ea:d3ff:fe35:cef1/64
inet6: fd00::1/64
Instance ID 0, Interface MTU 1500 (autodetect: 1500)
MTU mismatch detection: enabled
Area ID 0.0.0.0, Cost 10
State DR, Transmit Delay 1 sec, Priority 1
Timer intervals configured:
Hello 12(65480.960), Dead 48, Retransmit 5
And looking at the test code is doing stuff like this:
2022/05/16 17:08:15 OSPF6: [M7Q4P-46WDR] vty[5]@(config)# interface r1-r0-eth0
Donald Sharp [Mon, 16 May 2022 15:06:29 +0000 (11:06 -0400)]
ospf6d: Give time left in hello timer for `show ipv6 ospf6 int`
When running `show ipv6 ospf6 interface` the hello timer period
is shown, but there is no indication on how much time is left
on the timer. Add a clue:
sharpd@eva ~/frr5 (master)> vtysh -c "show ipv6 ospf6 int"
enp39s0 is up, type BROADCAST
Interface ID: 2
Internet Address:
inet : 192.168.119.224/24
inet6: 2603:6080:602:509e:9a14:998:b154:9e9/64
Instance ID 0, Interface MTU 1500 (autodetect: 1500)
MTU mismatch detection: enabled
Area ID 0.0.0.0, Cost 1000
State DR, Transmit Delay 1 sec, Priority 1
Timer intervals configured:
Hello 10(2.652), Dead 40, Retransmit 5
DR: 192.168.122.1 BDR: 0.0.0.0
Number of I/F scoped LSAs is 1
0 Pending LSAs for LSUpdate in Time 00:00:00 [thread off]
0 Pending LSAs for LSAck in Time 00:00:00 [thread off]
Authentication Trailer is disabled
Kuldeep Kashyap [Mon, 16 May 2022 10:28:02 +0000 (03:28 -0700)]
tests: Fix for test_pim_dr_nondr_with_ospf_topo2 test failure
This test is failing intermittently because sometimes igmp
local join is not getting deleted. I did split the joins means
trying to delete igmp local joins one by one. I tried running
tests multiple times and it seems to be working fine with
current changes.
There was an issue found during debugging this test failure,
which was raised already:
Issue# https://github.com/FRRouting/frr/issues/11105
anlan_cs [Sat, 14 May 2022 01:02:11 +0000 (21:02 -0400)]
zebra: remove unnecessary check for "zevpn_vrf"
The global vrf in zebra is always non-NULL. In general, it is bound to
default vrf by `zebra_vrf_init()`, at other times bound to some specific
vrf. Anyway, non-NULL.
So remove all redundant checkings for the returned value of
`zebra_vrf_get_evpn()`.
Additionally, remove the unnecessary check for `zvrf` in
`zebra_vxlan_cleanup_tables()`.
Donald Sharp [Thu, 5 May 2022 15:21:20 +0000 (11:21 -0400)]
bgpd: Add a bit of debug to give us data about how an update group is formed
The creation of the update group is a tiny bit of a black box and is hard
to figure out by hand if it is correct. Add a bit of code so that FRR
operators/developers can determine if the update group categorization
makes us happy.
projects / mirror / frr.git / log