David Lamparter [Thu, 8 Apr 2021 11:35:09 +0000 (13:35 +0200)]
lib: correctly exit CLI nodes on file config load
The (legacy) code for reading split configs tries to execute config
commands in parent nodes, but doesn't call the node_exit function when
it goes up to a parent node. This breaks BGP RPKI setup (and extended
syslog, which is in the next commit.)
Doing this correctly is a slight bit involved since the node_exit
callbacks should only be called if the command is actually executed on a
parent node.
Signed-off-by: David Lamparter <equinox@diac24.net>
David Lamparter [Sat, 10 Apr 2021 19:02:06 +0000 (21:02 +0200)]
lib: fix possible assert() fail in zlog_fd()
If the last message in a batched logging operation isn't printed due to
priority, this skips the code that flushes prepared messages through
writev() and can trigger the assert() at the end of zlog_fd().
Since any logmsg above info priority triggers a buffer flush, running
into this situation requires a log file target configured for info
priority, at least 1 message of info priority buffered, a debug message
buffered after that, and then a buffer flush (explicit or due to buffer
full).
I haven't seen this chain of events happen in the wild, but it needs
fixing anyway.
Signed-off-by: David Lamparter <equinox@diac24.net>
ospf6d: Do not delete external table when configure max-path
Issue: When maximum-path is configured in ospf6 view, the
function ospf6_restart_spf deletes the external table as well
which is not required since that stores the redistribute routes.
Specifying watchfrr as CMD instead of ENTRYPOINT allows one to easily
override this command when starting a docker container. This allows
simple, manual testing via (e.g.) bash. With ENTRYPOINT only the
container will simply explode with an exit code if watchfrr exits.
For instance one could start a shell session in this container via:
```
docker run --name test --rm -i -t <frr-container> bash
```
The default behavior (`docker run <frr-container>` with no command
specified) is not changed.
Introduced the idea of the bgp unnumbered peers using interface up/down
events to track the bgp peers nexthop. This code was not properly
working when a connection was received from a peer in some circumstances.
Effectively the connection from a peer was immediately skipping state transitions
and FRR was never properly tracking the peers nexthop. When we receive the
connection attempt, let's track the nexthop now.
David Lamparter [Thu, 15 Apr 2021 04:26:45 +0000 (06:26 +0200)]
lib: disable ASAN redzone around xref_p/xref_array
The "xref_p" variables are placed in the "xref_array" section
specifically so they're next to each other and we get an array at the
end. The ASAN redzone that is inserted around global variables is
breaks that since it'd be inserted before and after each of the array
items. So disable the ASAN redzone for these variables (and only these
variables, nothing else should be affected.)
Signed-off-by: David Lamparter <equinox@diac24.net>
Igor Ryzhov [Wed, 14 Apr 2021 10:08:18 +0000 (13:08 +0300)]
lib: fix access-list deletion
Problems with the current implementation:
* Delete hook is called before the deletion of the access-list from the
master list, which means that daemons processing this hook successfully
find this access-list, store a pointer to it in their structures, and
right after that the access-list is freed. Daemons end up having stale
pointer to the freed structure.
* Route-maps are not notified of the deletion.
Philippe Guibert [Wed, 17 Mar 2021 17:12:26 +0000 (18:12 +0100)]
nhrp, zebra, lib: enforce usage of zapi_neigh_ip structure
zapi_nbr structure is renamed to zapi_neigh_ip.
Initially used to set a neighbor ip entry for gre interfaces, this
structure is used to get events from the zebra layer to nhrp layer.
The ndm state has been added, as it is needed on both sides.
The zebra dplane layer is slightly modified.
Also, to clarify what ZEBRA_NEIGH_ADD/DEL means, a rename is done:
it is called now ZEBRA_NEIGH_IP_ADD/DEL, and it signified that this
zapi interface permits to set link operations by associating ip
addresses to link addresses.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
ospfd: install Type-7 when NSSA area is configured after redistribution
Currently, if NSSA area is configured before redistribution is enabled,
Type-7 LSA's are installed and flooded. But if NSSA area is configured
after redistribution is enabled, Type-7 LSA's are not installed.
With this change, when NSSA area is configured, schedule a task that
scans for external LSA's. If they exist, install Type-7 and flood to
all NSSA Areas.
There already was an attempt to fix this problem in 0f321812f where
ospf_asbr_nssa_redist_task() was triggered in ospf_abr_task_timer().
This turns out to be incorrect place for this operation because it's
a one-off operation needed only after "area <ID> nssa" execution. And
ospf_abr_task_timer() is a periodic operation. Triggering
ospf_asbr_nssa_redist_task() in ospf_abr_task_timer() caused a problem
that was fixed in 945eec2b6 making the problem with NSSA area
configured after redistribution actual again.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Igor Ryzhov [Mon, 12 Apr 2021 11:17:30 +0000 (14:17 +0300)]
bfdd: fix nb cli show with defaults
The idea of the "with-defaults" flag is to show the default values for
parameters that were not configured by the user. But bfdd incorrectly
shows the default values for all parameters, including the
user-configured ones.
Igor Ryzhov [Thu, 8 Apr 2021 12:43:07 +0000 (15:43 +0300)]
lib: fix interface nb stale pointers
The first change in this commit is the processing of the VRF termination.
When we terminate the VRF, we should not delete the underlying interfaces,
because there may be pointers to them in the northbound configuration. We
should move them to the default VRF instead.
Because of the first change, the VRF interface itself is also not deleted
when deleting the VRF. It should be handled in netlink_link_change. This
is done by the second change.
The idea is to find out prefixes including specific BGP table version and
above.
Let's say I have a converged network and suddently I noticed a couple of
prefixes seems hijacked.
I want to look what new prefixes arrived with a specific BGP table version.
```
exit1-debian-9# show ip bgp version 8
BGP table version is 9, local router ID is 192.168.100.1, vrf id 0
Default local pref 100, local AS 65534
Status codes: s suppressed, d damped, h history, * valid, > best, = multipath,
i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes: i - IGP, e - EGP, ? - incomplete
bgpd: Show RPKI short state in `show bgp <afi> <safi>`
Just to be more informant, copying from Cisco.
```
exit1-debian-9# sh ip bgp
BGP table version is 4, local router ID is 192.168.100.1, vrf id 0
Default local pref 100, local AS 65534
Status codes: s suppressed, d damped, h history, * valid, > best, = multipath,
i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
projects / mirror / frr.git / log