Donald Sharp [Thu, 6 Jun 2019 20:23:09 +0000 (16:23 -0400)]
pimd: Allow zlookup socket to drain
When pim is started and has nothing to talk to zebra about
over the zlookup socket and interface events are happening
then the zlookup socket is not being drained.
This eventually leads to a situation where the kernel send buffer
fills up and zebra is unable to write anything down the pipe.
At this time the zapi starts buffering data in `struct buffer`
which of course slowly fills up as pim has nothing to do.
As a bit of a hack allow the zlookup socket to wake up 1 time
a minute and ask for information about the default route
and do nothing with it. This will cause the socket buffers
to be drained and the system will be happy.
Long term we need to get rid of this synchronous/asynchronous
duality that pim has. This is on the radar but is not something
that could be fixed in an afternoon or a week of effort in my
opinion. Given time constraints right now. Let's put this
in place and then once we get pim completely async then
we can just remove the zlookup( I hope ) code.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Wed, 5 Jun 2019 01:38:11 +0000 (21:38 -0400)]
bfdd: Modify bfdd to quietly accept access-lists
The `access-list ...` command was causing bfdd to return
'unknown commands'. Make bfdd at least cognizant of
access-lists enough to not create strange error messages
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Thu, 30 May 2019 23:55:26 +0000 (19:55 -0400)]
*: Convert over to all -N namespace to change DAEMON_VTY_DIR
When the user specifies -N namespace allow it to influence the
frr_vtydir(DAEMON_VTY_DIR) to have namespace in it's path
like so: $frrstate_dir/<namespace>
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Philippe Guibert [Wed, 27 Mar 2019 10:13:38 +0000 (11:13 +0100)]
topotests: test bgp ipv6 vrf lite unnumbered with ipv6 rt advertisements
bgp ipv6 implies that routing advertisements be available for all vrf.
in the case of the vrf backend is network namespace, this should be
tested too. in addition to configure addresses per interface on a
separate vrf, the test also checks for BGP connectivity.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Philippe Guibert [Wed, 27 Mar 2019 10:13:38 +0000 (11:13 +0100)]
topotests: test bgp ipv6 unnumbered with ipv6 rt advertisements
bgp ipv6 implies that routing advertisements be available for all vrf.
in the case of the vrf backend is network namespace, this should be
tested too. in addition to configure addresses per interface on a
separate vrf, the test also checks for BGP connectivity.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Philippe Guibert [Wed, 27 Mar 2019 14:05:58 +0000 (15:05 +0100)]
zebra: keep rtadv_sock field in zrouter for optimisation
in the case the vrf backend is vrf-lite, there is no need to have
separate sockets. use a socket located in zrouter, so that when needing
the socket, a common API is used. that API will return the appropriate
socket value.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Philippe Guibert [Wed, 27 Mar 2019 09:25:13 +0000 (10:25 +0100)]
zebra: move rtadv service from zrouter to zvrf
when network namespace is used as vrf backend, there is need to have
separate contexts for rtadv contexts.
route advertisements have to look for appropriate interface based on
zvrf context.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Donald Sharp [Thu, 30 May 2019 23:38:00 +0000 (19:38 -0400)]
*: Convert to using frr_vtydir instead of DAEMON_VTY_DIR
In a variety of places we are using DAEMON_VTY_DIR, convert
to use frr_vtydir. This will allow us in a future commit
to have the -N namespace option be automatically used.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Thu, 30 May 2019 22:51:00 +0000 (18:51 -0400)]
lib: Allow -N to modify the zapi domain socket
When using -z, allow that to override the zapi domain socket
path. If using -N add the namespace name to the path to
$frr_statedir/<namespace>/zserv.api. If you don't specify
the -N or -z option then it is $frr_statedir/zserv.api
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Mon, 3 Jun 2019 19:11:17 +0000 (15:11 -0400)]
zebra: When displaying `show evpn arp-cache vni XX` add local and remote seq
Add the local and remote sequence number to the `show evpn arp-cache vni XX` command.
VNI 1000111 #ARP (IPv4 and IPv6, local and remote) 15
IP Type State MAC Remote VTEP Seq #'s
fe80::202:ff:fe00:15 remote active 00:02:00:00:00:15 6.0.0.31 0/0
fe80::202:ff:fe00:8 local active 00:02:00:00:00:08 0/0
60.1.1.111 local active 00:02:00:00:00:08 0/0
2060:1:1:1::11 local active 00:e0:ec:38:49:a1 0/0
fe80::202:ff:fe00:11 remote active 00:02:00:00:00:11 6.0.0.30 0/0
2060:1:1:1::211 remote active 00:02:00:00:00:11 6.0.0.30 0/0
2060:1:1:1::121 remote active 00:02:00:00:00:0c 6.0.0.29 0/0
60.1.1.211 remote active 00:02:00:00:00:11 6.0.0.30 0/0
fe80::202:ff:fe00:c remote active 00:02:00:00:00:0c 6.0.0.29 0/0
60.1.1.11 local active 00:e0:ec:38:49:a1 0/0
fe80::2e0:ecff:fe38:49a1 local active 00:e0:ec:38:49:a1 0/0
60.1.1.221 remote active 00:02:00:00:00:15 6.0.0.31 0/0
2060:1:1:1::111 local active 00:02:00:00:00:08 0/0
2060:1:1:1::221 remote active 00:02:00:00:00:15 6.0.0.31 0/0
60.1.1.121 remote active 00:02:00:00:00:0c 6.0.0.29 0/0
The seq numbers are at 0/0 because we have had no mobility events.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Mon, 3 Jun 2019 14:39:23 +0000 (10:39 -0400)]
pimd: Add `clear ip mroute [vrf NAME] count` command to pim
When debugging a large number of mroutes and data is changing
fast it is sometimes hard to know what has actually changed.
Add a `clear ip mroute count` command that resets the last
data points gathered and allows you to see what has changed
since the last clear.
Output:
donna.cumulusnetworks.com# show ip mroute count
David Lamparter [Sun, 12 May 2019 19:11:19 +0000 (21:11 +0200)]
lib/printf: add %Ld/%Lu for int64_t/uint64_t
[u]int64_t is the only type in the intX_t family that needs
special-casing for printf since the calling convention may differ
between 32-bit and 64-bit systems.
Adding the L specifier allows us to eschew the gnarly-looking PRIu64.
Signed-off-by: David Lamparter <equinox@diac24.net>
Donald Sharp [Mon, 3 Jun 2019 14:44:23 +0000 (10:44 -0400)]
lib: Cleanup recent commit warn->werror issues in lib/routemap.c
The get_route_map_delete_event function should return a value
even if we never get to that part of the function. Make sure
we know why we are here so it can be fixed appropriately in
the future.
Signed-off-by: Donald Sharp <sharpd@cumulusnetwork.com>
Donald Sharp [Mon, 3 Jun 2019 14:09:22 +0000 (10:09 -0400)]
pimd: Convert strncpy to strlcpy in pim_cmd.c
A couple of places of strncpy snuck in due to my confusion
about if Quentin's earlier change had gotten in. Just some
code in flux. This should fix the issue/warnings in our
CI system.
Donald Sharp [Sat, 1 Jun 2019 01:47:30 +0000 (21:47 -0400)]
tools: On shutdown no need to flush from tools/frr.in script
Zebra already flushes routes on proper shutdown if you are not
using the -K option. If you are using the -K option then you
do not want the tools/frr script to flush routes.
If zebra crashes and we restart then load up will either delete
the routes or leave them depending on the -K option.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Although the RFC states hostname length should be < 255 chars,
FRR allows infinite length technically. However, when you try
to set a hostname > 80 chars, you would immediately notice a crash.
RCA: Crash due to buffer overflow. Large buffer sprintf'd into smaller
buffer. Usage of sprintf function instead of snprintf which is safer.
bgpd: Filtering received EVPN routes based on VNI does not work
Issue1: When "neighbor X.X.X.X route-map RM-VNI-FILTER in" is configured under evpn address-family,
all the received routes are dropped regardless of whether the route has a matching vni or not.
Issue2: Routes with 2 labels are not filtered correctly
Issue3: Interpreting the label based on tunnel type, vxlan was not done correctly.
Vxlan label has 24 bits, whereas, MPLS label is 20 bits long
Fix1: The handler bgp_update() that services the received route ignored the route's label while deciding whether to filter it or not. As part of the fix, the handler now uses the label info to make the decision about whether to filter the route or not.
Fix2: route_match_vni() now tries to match both the labels within the route, not just the one.
lib: Changes made to dependencies of a r-map do not take effect.
Say, more than one sequence of a route-map uses the same named entity
in its match clause. After that entity is removed from any one of the
route-map sequences, any further changes made to that entity doesn't
dynamically take effect.
A reference counter, that allows the named entity to keep a count of
the route-maps dependent on it, has been introduced to address this issue.
Donald Sharp [Fri, 31 May 2019 12:51:07 +0000 (08:51 -0400)]
lib, zebra: Ensure route encoding has enough space
When you have compiled FRR with a large multipath number
then encoding large ecmp routes between zebra and the
routing daemons. There exists a theoritical size
of multipath that will cause the encoding to be larger
than the ZEBRA_MAX_PACKET_SIZ. In the cases where
we have allocated streams that will encode routes
then let's ensure that whatever size we have will
auto-fit what we say we can send.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
lib: Introducing a 3rd state for route-map match cmd: RMAP_NOOP
Introducing a 3rd state for route_map_apply library function: RMAP_NOOP
Traditionally route map MATCH rule apis were designed to return
a binary response, consisting of either RMAP_MATCH or RMAP_NOMATCH.
(Route-map SET rule apis return RMAP_OKAY or RMAP_ERROR).
Depending on this response, the following statemachine decided the
course of action:
Action: Apply route-map match and return the result (RMAP_MATCH/RMAP_NOMATCH)
State1: Receveived RMAP_MATCH
THEN: If Routemap type is PERMIT, execute other rules if applicable,
otherwise we PERMIT!
Else: If Routemap type is DENY, we DENYMATCH right away
State2: Received RMAP_NOMATCH, continue on to next route-map, otherwise,
return DENYMATCH by default if nothing matched.
With reference to PR 4078 (https://github.com/FRRouting/frr/pull/4078),
we require a 3rd state because of the following situation:
The issue - what if, the rule api needs to abort or ignore a rule?:
"match evpn vni xx" route-map filter can be applied to incoming routes
regardless of whether the tunnel type is vxlan or mpls.
This rule should be N/A for mpls based evpn route, but applicable to only
vxlan based evpn route.
Today, the filter produces either a match or nomatch response regardless of
whether it is mpls/vxlan, resulting in either permitting or denying the
route.. So an mpls evpn route may get filtered out incorrectly.
Eg: "route-map RM1 permit 10 ; match evpn vni 20" or
"route-map RM2 deny 20 ; match vni 20"
With the introduction of the 3rd state, we can abort this rule check safely.
How? The rules api can now return RMAP_NOOP (or another enum) to indicate
that it encountered an invalid check, and needs to abort just that rule,
but continue with other rules.
Question: Do we repurpose an existing enum RMAP_OKAY or RMAP_ERROR
as the 3rd state (or create a new enum like RMAP_NOOP)?
RMAP_OKAY and RMAP_ERROR are used to return the result of set cmd.
We chose to go with RMAP_NOOP (but open to ideas),
as a way to bypass the rmap filter
As a result we have a 3rd state:
State3: Received RMAP_NOOP
Then, proceed to other route-map, otherwise return RMAP_PERMITMATCH by default.
projects / mirror / frr.git / log