diff options
40 files changed, 1043 insertions, 426 deletions
diff --git a/Makefile.am b/Makefile.am index 3b8deb5884..4316964303 100644 --- a/Makefile.am +++ b/Makefile.am @@ -83,7 +83,6 @@ rc_SCRIPTS = \ endif EXTRA_DIST += \ - SERVICES \ aclocal.m4 \ update-autotools \ m4/README.txt \ @@ -9,7 +9,7 @@ See doc/user/bugs.rst for information on how to report bugs. See doc/developer/workflow.rst for information on contributing. -Free RRRouting is free software. See the file COPYING for copying conditions. +See the file COPYING for copying conditions. Public email discussion can be found at https://lists.frrouting.org/listinfo diff --git a/SERVICES b/SERVICES deleted file mode 100644 index f7f92a736b..0000000000 --- a/SERVICES +++ /dev/null @@ -1,24 +0,0 @@ -# As long as this software is in alpha testing it is not yet included -# in /etc/services files. This means that you may need to add the following -# lines into your /etc/services file on your hosts. -# -# --- Please add this to your /etc/services --- - -# -# GNU Zebra services -# - -zebrasrv 2600/tcp -zebra 2601/tcp -ripd 2602/tcp -ripng 2603/tcp -ospfd 2604/tcp -bgpd 2605/tcp -ospf6d 2606/tcp -ospfapi 2607/tcp -isisd 2608/tcp -babeld 2609/tcp -nhrpd 2610/tcp -pimd 2611/tcp -ldpd 2612/tcp -eigrpd 2613/tcp diff --git a/bgpd/bgp_clist.c b/bgpd/bgp_clist.c index d1bc7f6e53..7cf1477549 100644 --- a/bgpd/bgp_clist.c +++ b/bgpd/bgp_clist.c @@ -512,7 +512,7 @@ static int lcommunity_regexp_match(struct lcommunity *com, regex_t *reg) if (com == NULL || com->size == 0) str = ""; else - str = lcommunity_str(com); + str = lcommunity_str(com, false); /* Regular expression match. */ if (regexec(reg, str, 0, NULL, 0) == 0) @@ -986,13 +986,8 @@ int lcommunity_list_set(struct community_list_handler *ch, const char *name, entry->any = (str ? 0 : 1); entry->u.lcom = lcom; entry->reg = regex; - if (lcom) - entry->config = lcommunity_lcom2str( - lcom, LCOMMUNITY_FORMAT_COMMUNITY_LIST); - else if (regex) - entry->config = XSTRDUP(MTYPE_COMMUNITY_LIST_CONFIG, str); - else - entry->config = NULL; + entry->config = + (regex ? XSTRDUP(MTYPE_COMMUNITY_LIST_CONFIG, str) : NULL); /* Do not put duplicated community entry. */ if (community_list_dup_check(list, entry)) diff --git a/bgpd/bgp_ecommunity.c b/bgpd/bgp_ecommunity.c index 85b9ffd8ca..99fe80f055 100644 --- a/bgpd/bgp_ecommunity.c +++ b/bgpd/bgp_ecommunity.c @@ -52,6 +52,11 @@ struct ecommunity *ecommunity_new(void) sizeof(struct ecommunity)); } +void ecommunity_strfree(char **s) +{ + XFREE(MTYPE_ECOMMUNITY_STR, *s); +} + /* Allocate ecommunities. */ void ecommunity_free(struct ecommunity **ecom) { diff --git a/bgpd/bgp_ecommunity.h b/bgpd/bgp_ecommunity.h index 88bdb5e2ae..2f59308d65 100644 --- a/bgpd/bgp_ecommunity.h +++ b/bgpd/bgp_ecommunity.h @@ -156,6 +156,7 @@ extern void ecommunity_unintern(struct ecommunity **); extern unsigned int ecommunity_hash_make(void *); extern struct ecommunity *ecommunity_str2com(const char *, int, int); extern char *ecommunity_ecom2str(struct ecommunity *, int, int); +extern void ecommunity_strfree(char **s); extern int ecommunity_match(const struct ecommunity *, const struct ecommunity *); extern char *ecommunity_str(struct ecommunity *); diff --git a/bgpd/bgp_evpn.c b/bgpd/bgp_evpn.c index ee53beb191..74a4f66098 100644 --- a/bgpd/bgp_evpn.c +++ b/bgpd/bgp_evpn.c @@ -452,6 +452,8 @@ static void form_auto_rt(struct bgp *bgp, vni_t vni, struct list *rtl) struct ecommunity_val eval; struct ecommunity *ecomadd; + if (bgp->advertise_autort_rfc8365) + vni |= EVPN_AUTORT_VXLAN; encode_route_target_as((bgp->as & 0xFFFF), vni, &eval); ecomadd = ecommunity_new(); @@ -3233,6 +3235,41 @@ static void bgp_evpn_handle_export_rt_change_for_vrf(struct bgp *bgp_vrf) } /* + * Handle autort change for a given VNI. + */ +static void update_autort_vni(struct hash_backet *backet, struct bgp *bgp) +{ + struct bgpevpn *vpn = backet->data; + struct listnode *node, *nnode; + struct ecommunity *ecom; + + if (!vpn) { + zlog_warn("%s: VNI hash entry for VNI not found", __PRETTY_FUNCTION__); + return; + } + + if (!is_import_rt_configured(vpn)) { + if (is_vni_live(vpn)) + bgp_evpn_uninstall_routes(bgp, vpn); + bgp_evpn_unmap_vni_from_its_rts(bgp, vpn); + for (ALL_LIST_ELEMENTS(vpn->import_rtl, node, nnode, ecom)) + ecommunity_free(&ecom); + list_delete_all_node(vpn->import_rtl); + bgp_evpn_derive_auto_rt_import(bgp, vpn); + if (is_vni_live(vpn)) + bgp_evpn_install_routes(bgp, vpn); + } + if (!is_export_rt_configured(vpn)) { + for (ALL_LIST_ELEMENTS(vpn->export_rtl, node, nnode, ecom)) + ecommunity_free(&ecom); + list_delete_all_node(vpn->export_rtl); + bgp_evpn_derive_auto_rt_export(bgp, vpn); + if (is_vni_live(vpn)) + bgp_evpn_handle_export_rt_change(bgp, vpn); + } +} + +/* * Public functions. */ @@ -3343,6 +3380,8 @@ void evpn_rt_delete_auto(struct bgp *bgp, vni_t vni, struct list *rtl) struct ecommunity *ecom, *ecom_auto; struct ecommunity_val eval; + if (bgp->advertise_autort_rfc8365) + vni |= EVPN_AUTORT_VXLAN; encode_route_target_as((bgp->as & 0xFFFF), vni, &eval); ecom_auto = ecommunity_new(); @@ -3503,6 +3542,17 @@ void bgp_evpn_handle_router_id_update(struct bgp *bgp, int withdraw) } /* + * Handle change to auto-RT algorithm - update and advertise local routes. + */ +void bgp_evpn_handle_autort_change(struct bgp *bgp) +{ + hash_iterate(bgp->vnihash, + (void (*)(struct hash_backet *, + void*))update_autort_vni, + bgp); +} + +/* * Handle change to export RT - update and advertise local routes. */ int bgp_evpn_handle_export_rt_change(struct bgp *bgp, struct bgpevpn *vpn) diff --git a/bgpd/bgp_evpn.h b/bgpd/bgp_evpn.h index dd8d6e2e8e..8e954159c0 100644 --- a/bgpd/bgp_evpn.h +++ b/bgpd/bgp_evpn.h @@ -25,6 +25,7 @@ #include "bgpd.h" #define EVPN_ROUTE_STRLEN 200 /* Must be >> MAC + IPv6 strings. */ +#define EVPN_AUTORT_VXLAN 0x10000000 static inline int is_evpn_enabled(void) { diff --git a/bgpd/bgp_evpn_private.h b/bgpd/bgp_evpn_private.h index 1efde3a719..39a08e7036 100644 --- a/bgpd/bgp_evpn_private.h +++ b/bgpd/bgp_evpn_private.h @@ -395,6 +395,7 @@ extern void bgp_evpn_unconfigure_import_rt_for_vrf(struct bgp *bgp_vrf, struct ecommunity *ecomdel); extern int bgp_evpn_handle_export_rt_change(struct bgp *bgp, struct bgpevpn *vpn); +extern void bgp_evpn_handle_autort_change(struct bgp *bgp); extern void bgp_evpn_handle_vrf_rd_change(struct bgp *bgp_vrf, int withdraw); extern void bgp_evpn_handle_rd_change(struct bgp *bgp, struct bgpevpn *vpn, int withdraw); diff --git a/bgpd/bgp_evpn_vty.c b/bgpd/bgp_evpn_vty.c index fd3c229472..e920bbb212 100644 --- a/bgpd/bgp_evpn_vty.c +++ b/bgpd/bgp_evpn_vty.c @@ -2513,6 +2513,24 @@ static void evpn_unset_advertise_all_vni(struct bgp *bgp) bgp_zebra_advertise_all_vni(bgp, bgp->advertise_all_vni); bgp_evpn_cleanup_on_disable(bgp); } + +/* + * EVPN - use RFC8365 to auto-derive RT + */ +static void evpn_set_advertise_autort_rfc8365(struct bgp *bgp) +{ + bgp->advertise_autort_rfc8365 = 1; + bgp_evpn_handle_autort_change(bgp); +} + +/* + * EVPN - don't use RFC8365 to auto-derive RT + */ +static void evpn_unset_advertise_autort_rfc8365(struct bgp *bgp) +{ + bgp->advertise_autort_rfc8365 = 0; + bgp_evpn_handle_autort_change(bgp); +} #endif /* HAVE_CUMULUS */ static void write_vni_config(struct vty *vty, struct bgpevpn *vpn) @@ -2666,6 +2684,35 @@ DEFUN (no_bgp_evpn_advertise_all_vni, return CMD_SUCCESS; } +DEFUN (bgp_evpn_advertise_autort_rfc8365, + bgp_evpn_advertise_autort_rfc8365_cmd, + "autort rfc8365-compatible", + "Auto-derivation of RT\n" + "Auto-derivation of RT using RFC8365\n") +{ + struct bgp *bgp = VTY_GET_CONTEXT(bgp); + + if (!bgp) + return CMD_WARNING; + evpn_set_advertise_autort_rfc8365(bgp); + return CMD_SUCCESS; +} + +DEFUN (no_bgp_evpn_advertise_autort_rfc8365, + no_bgp_evpn_advertise_autort_rfc8365_cmd, + "no autort rfc8365-compatible", + NO_STR + "Auto-derivation of RT\n" + "Auto-derivation of RT using RFC8365\n") +{ + struct bgp *bgp = VTY_GET_CONTEXT(bgp); + + if (!bgp) + return CMD_WARNING; + evpn_unset_advertise_autort_rfc8365(bgp); + return CMD_SUCCESS; +} + DEFUN (bgp_evpn_default_originate, bgp_evpn_default_originate_cmd, "default-originate <ipv4 | ipv6>", @@ -4389,6 +4436,9 @@ void bgp_config_write_evpn_info(struct vty *vty, struct bgp *bgp, afi_t afi, if (bgp->advertise_all_vni) vty_out(vty, " advertise-all-vni\n"); + if (bgp->advertise_autort_rfc8365) + vty_out(vty, " autort rfc8365-compatible\n"); + if (bgp->advertise_gw_macip) vty_out(vty, " advertise-default-gw\n"); @@ -4476,6 +4526,8 @@ void bgp_ethernetvpn_init(void) #if defined(HAVE_CUMULUS) install_element(BGP_EVPN_NODE, &bgp_evpn_advertise_all_vni_cmd); install_element(BGP_EVPN_NODE, &no_bgp_evpn_advertise_all_vni_cmd); + install_element(BGP_EVPN_NODE, &bgp_evpn_advertise_autort_rfc8365_cmd); + install_element(BGP_EVPN_NODE, &no_bgp_evpn_advertise_autort_rfc8365_cmd); install_element(BGP_EVPN_NODE, &bgp_evpn_advertise_default_gw_cmd); install_element(BGP_EVPN_NODE, &no_bgp_evpn_advertise_default_gw_cmd); install_element(BGP_EVPN_NODE, &bgp_evpn_advertise_type5_cmd); diff --git a/bgpd/bgp_flowspec.c b/bgpd/bgp_flowspec.c index 5db7e37089..6eb1e39884 100644 --- a/bgpd/bgp_flowspec.c +++ b/bgpd/bgp_flowspec.c @@ -166,6 +166,9 @@ int bgp_nlri_parse_flowspec(struct peer *peer, struct attr *attr, BGP_FLOWSPEC_NLRI_STRING_MAX, "EC{%s}", s == NULL ? "none" : s); + + if (s) + ecommunity_strfree(&s); } snprintf(local_string, BGP_FLOWSPEC_NLRI_STRING_MAX, "FS Rx %s %s %s %s", withdraw ? diff --git a/bgpd/bgp_lcommunity.c b/bgpd/bgp_lcommunity.c index 09b3a8718a..33f4d139b8 100644 --- a/bgpd/bgp_lcommunity.c +++ b/bgpd/bgp_lcommunity.c @@ -160,15 +160,6 @@ struct lcommunity *lcommunity_dup(struct lcommunity *lcom) return new; } -/* Retrun string representation of communities attribute. */ -char *lcommunity_str(struct lcommunity *lcom) -{ - if (!lcom->str) - lcom->str = - lcommunity_lcom2str(lcom, LCOMMUNITY_FORMAT_DISPLAY); - return lcom->str; -} - /* Merge two Large Communities Attribute structure. */ struct lcommunity *lcommunity_merge(struct lcommunity *lcom1, struct lcommunity *lcom2) @@ -186,6 +177,80 @@ struct lcommunity *lcommunity_merge(struct lcommunity *lcom1, return lcom1; } +static void set_lcommunity_string(struct lcommunity *lcom, bool make_json) +{ + int i; + int len; + bool first = 1; + char *str_buf; + char *str_pnt; + uint8_t *pnt; + uint32_t global, local1, local2; + json_object *json_lcommunity_list = NULL; + json_object *json_string = NULL; + +#define LCOMMUNITY_STR_DEFAULT_LEN 32 + + if (!lcom) + return; + + if (make_json) { + lcom->json = json_object_new_object(); + json_lcommunity_list = json_object_new_array(); + } + + if (lcom->size == 0) { + str_buf = XMALLOC(MTYPE_LCOMMUNITY_STR, 1); + str_buf[0] = '\0'; + + if (make_json) { + json_object_string_add(lcom->json, "string", ""); + json_object_object_add(lcom->json, "list", + json_lcommunity_list); + } + + lcom->str = str_buf; + return; + } + + str_buf = str_pnt = + XMALLOC(MTYPE_LCOMMUNITY_STR, + (LCOMMUNITY_STR_DEFAULT_LEN * lcom->size) + 1); + + for (i = 0; i < lcom->size; i++) { + if (first) + first = 0; + else + *str_pnt++ = ' '; + + pnt = lcom->val + (i * LCOMMUNITY_SIZE); + pnt = ptr_get_be32(pnt, &global); + pnt = ptr_get_be32(pnt, &local1); + pnt = ptr_get_be32(pnt, &local2); + (void)pnt; + + len = sprintf(str_pnt, "%u:%u:%u", global, local1, local2); + if (make_json) { + json_string = json_object_new_string(str_pnt); + json_object_array_add(json_lcommunity_list, + json_string); + } + + str_pnt += len; + } + + str_buf = + XREALLOC(MTYPE_LCOMMUNITY_STR, str_buf, str_pnt - str_buf + 1); + + if (make_json) { + json_object_string_add(lcom->json, "string", str_buf); + json_object_object_add(lcom->json, "list", + json_lcommunity_list); + } + + lcom->str = str_buf; +} + /* Intern Large Communities Attribute. */ struct lcommunity *lcommunity_intern(struct lcommunity *lcom) { @@ -201,8 +266,7 @@ struct lcommunity *lcommunity_intern(struct lcommunity *lcom) find->refcnt++; if (!find->str) - find->str = - lcommunity_lcom2str(find, LCOMMUNITY_FORMAT_DISPLAY); + set_lcommunity_string(find, false); return find; } @@ -225,6 +289,21 @@ void lcommunity_unintern(struct lcommunity **lcom) } } +/* Retrun string representation of communities attribute. */ +char *lcommunity_str(struct lcommunity *lcom, bool make_json) +{ + if (!lcom) + return NULL; + + if (make_json && !lcom->json && lcom->str) + XFREE(MTYPE_LCOMMUNITY_STR, lcom->str); + + if (!lcom->str) + set_lcommunity_string(lcom, make_json); + + return lcom->str; +} + /* Utility function to make hash key. */ unsigned int lcommunity_hash_make(void *arg) { @@ -388,59 +467,6 @@ int lcommunity_include(struct lcommunity *lcom, uint8_t *ptr) return 0; } -/* Convert large community attribute to string. - The large coms will be in 65535:65531:0 format. -*/ -char *lcommunity_lcom2str(struct lcommunity *lcom, int format) -{ - int i; - uint8_t *pnt; -#define LCOMMUNITY_STR_DEFAULT_LEN 40 - int str_size; - int str_pnt; - char *str_buf; - int len = 0; - int first = 1; - uint32_t globaladmin, localdata1, localdata2; - - if (lcom->size == 0) { - str_buf = XMALLOC(MTYPE_LCOMMUNITY_STR, 1); - str_buf[0] = '\0'; - return str_buf; - } - - /* Prepare buffer. */ - str_buf = XMALLOC(MTYPE_LCOMMUNITY_STR, LCOMMUNITY_STR_DEFAULT_LEN + 1); - str_size = LCOMMUNITY_STR_DEFAULT_LEN + 1; - str_pnt = 0; - - for (i = 0; i < lcom->size; i++) { - /* Make it sure size is enough. */ - while (str_pnt + LCOMMUNITY_STR_DEFAULT_LEN >= str_size) { - str_size *= 2; - str_buf = XREALLOC(MTYPE_LCOMMUNITY_STR, str_buf, - str_size); - } - - /* Space between each value. */ - if (!first) - str_buf[str_pnt++] = ' '; - - pnt = lcom->val + (i * LCOMMUNITY_SIZE); - - pnt = ptr_get_be32(pnt, &globaladmin); - pnt = ptr_get_be32(pnt, &localdata1); - pnt = ptr_get_be32(pnt, &localdata2); - (void)pnt; /* consume value */ - - len = sprintf(str_buf + str_pnt, "%u:%u:%u", globaladmin, - localdata1, localdata2); - str_pnt += len; - first = 0; - } - return str_buf; -} - int lcommunity_match(const struct lcommunity *lcom1, const struct lcommunity *lcom2) { diff --git a/bgpd/bgp_lcommunity.h b/bgpd/bgp_lcommunity.h index 78841accf3..c88a016396 100644 --- a/bgpd/bgp_lcommunity.h +++ b/bgpd/bgp_lcommunity.h @@ -21,10 +21,7 @@ #ifndef _QUAGGA_BGP_LCOMMUNITY_H #define _QUAGGA_BGP_LCOMMUNITY_H -/* Extended communities attribute string format. */ -#define LCOMMUNITY_FORMAT_ROUTE_MAP 0 -#define LCOMMUNITY_FORMAT_COMMUNITY_LIST 1 -#define LCOMMUNITY_FORMAT_DISPLAY 2 +#include "lib/json.h" /* Large Communities value is twelve octets long. */ #define LCOMMUNITY_SIZE 12 @@ -40,6 +37,9 @@ struct lcommunity { /* Large Communities value. */ uint8_t *val; + /* Large Communities as a json object */ + json_object *json; + /* Human readable format string. */ char *str; }; @@ -65,10 +65,9 @@ extern void lcommunity_unintern(struct lcommunity **); extern unsigned int lcommunity_hash_make(void *); extern struct hash *lcommunity_hash(void); extern struct lcommunity *lcommunity_str2com(const char *); -extern char *lcommunity_lcom2str(struct lcommunity *, int); extern int lcommunity_match(const struct lcommunity *, const struct lcommunity *); -extern char *lcommunity_str(struct lcommunity *); +extern char *lcommunity_str(struct lcommunity *, bool make_json); extern int lcommunity_include(struct lcommunity *lcom, uint8_t *ptr); extern void lcommunity_del_val(struct lcommunity *lcom, uint8_t *ptr); #endif /* _QUAGGA_BGP_LCOMMUNITY_H */ diff --git a/bgpd/bgp_mplsvpn.c b/bgpd/bgp_mplsvpn.c index 55365df299..bcc448119c 100644 --- a/bgpd/bgp_mplsvpn.c +++ b/bgpd/bgp_mplsvpn.c @@ -565,10 +565,11 @@ leak_update( if (nexthop_self_flag) bgp_info_set_flag(bn, new, BGP_INFO_ANNC_NH_SELF); + bgp_info_extra_get(new); + if (num_labels) setlabels(new, label, num_labels); - bgp_info_extra_get(new); new->extra->parent = bgp_info_lock(parent); if (bgp_orig) @@ -582,7 +583,7 @@ leak_update( struct bgp *bgp_nexthop = bgp; int nh_valid; - if (new->extra && new->extra->bgp_orig) + if (new->extra->bgp_orig) bgp_nexthop = new->extra->bgp_orig; /* diff --git a/bgpd/bgp_route.c b/bgpd/bgp_route.c index 997d708baf..7bfeee9669 100644 --- a/bgpd/bgp_route.c +++ b/bgpd/bgp_route.c @@ -6509,7 +6509,7 @@ void route_vty_out(struct vty *vty, struct prefix *p, struct bgp_info *binfo, ? true : false; bool nexthop_othervrf = false; - vrf_id_t nexthop_vrfid; + vrf_id_t nexthop_vrfid = VRF_DEFAULT; const char *nexthop_vrfname = "Default"; if (json_paths) @@ -7414,7 +7414,6 @@ void route_vty_out_detail(struct vty *vty, struct bgp *bgp, struct prefix *p, json_object *json_cluster_list = NULL; json_object *json_cluster_list_list = NULL; json_object *json_ext_community = NULL; - json_object *json_lcommunity = NULL; json_object *json_last_update = NULL; json_object *json_pmsi = NULL; json_object *json_nexthop_global = NULL; @@ -8041,13 +8040,12 @@ void route_vty_out_detail(struct vty *vty, struct bgp *bgp, struct prefix *p, /* Line 6 display Large community */ if (attr->flag & ATTR_FLAG_BIT(BGP_ATTR_LARGE_COMMUNITIES)) { if (json_paths) { - json_lcommunity = json_object_new_object(); - json_object_string_add(json_lcommunity, - "string", - attr->lcommunity->str); + if (!attr->lcommunity->json) + lcommunity_str(attr->lcommunity, true); + json_object_lock(attr->lcommunity->json); json_object_object_add(json_path, "largeCommunity", - json_lcommunity); + attr->lcommunity->json); } else { vty_out(vty, " Large Community: %s\n", attr->lcommunity->str); diff --git a/bgpd/bgp_routemap.c b/bgpd/bgp_routemap.c index 63400f7d31..8c92f7ff32 100644 --- a/bgpd/bgp_routemap.c +++ b/bgpd/bgp_routemap.c @@ -338,9 +338,8 @@ static route_map_result_t route_match_ip_address(void *rule, void *object) { struct access_list *alist; - /* struct prefix_ipv4 match; */ - if (type == RMAP_BGP) { + if (type == RMAP_BGP && prefix->family == AF_INET) { alist = access_list_lookup(AFI_IP, (char *)rule); if (alist == NULL) return RMAP_NOMATCH; @@ -382,7 +381,7 @@ static route_map_result_t route_match_ip_next_hop(void *rule, struct bgp_info *bgp_info; struct prefix_ipv4 p; - if (type == RMAP_BGP) { + if (type == RMAP_BGP && prefix->family == AF_INET) { bgp_info = object; p.family = AF_INET; p.prefix = bgp_info->attr->nexthop; @@ -430,7 +429,7 @@ static route_map_result_t route_match_ip_route_source(void *rule, struct peer *peer; struct prefix_ipv4 p; - if (type == RMAP_BGP) { + if (type == RMAP_BGP && prefix->family == AF_INET) { bgp_info = object; peer = bgp_info->peer; @@ -478,7 +477,7 @@ route_match_ip_address_prefix_list(void *rule, struct prefix *prefix, { struct prefix_list *plist; - if (type == RMAP_BGP) { + if (type == RMAP_BGP && prefix->family == AF_INET) { plist = prefix_list_lookup(AFI_IP, (char *)rule); if (plist == NULL) return RMAP_NOMATCH; @@ -515,7 +514,7 @@ route_match_ip_next_hop_prefix_list(void *rule, struct prefix *prefix, struct bgp_info *bgp_info; struct prefix_ipv4 p; - if (type == RMAP_BGP) { + if (type == RMAP_BGP && prefix->family == AF_INET) { bgp_info = object; p.family = AF_INET; p.prefix = bgp_info->attr->nexthop; @@ -558,7 +557,7 @@ route_match_ip_route_source_prefix_list(void *rule, struct prefix *prefix, struct peer *peer; struct prefix_ipv4 p; - if (type == RMAP_BGP) { + if (type == RMAP_BGP && prefix->family == AF_INET) { bgp_info = object; peer = bgp_info->peer; @@ -2239,7 +2238,7 @@ static route_map_result_t route_match_ipv6_address(void *rule, { struct access_list *alist; - if (type == RMAP_BGP) { + if (type == RMAP_BGP && prefix->family == AF_INET6) { alist = access_list_lookup(AFI_IP6, (char *)rule); if (alist == NULL) return RMAP_NOMATCH; @@ -2326,7 +2325,7 @@ route_match_ipv6_address_prefix_list(void *rule, struct prefix *prefix, { struct prefix_list *plist; - if (type == RMAP_BGP) { + if (type == RMAP_BGP && prefix->family == AF_INET6) { plist = prefix_list_lookup(AFI_IP6, (char *)rule); if (plist == NULL) return RMAP_NOMATCH; diff --git a/bgpd/bgp_rpki.c b/bgpd/bgp_rpki.c index 75ba1609d0..a23d5d03c4 100644 --- a/bgpd/bgp_rpki.c +++ b/bgpd/bgp_rpki.c @@ -25,6 +25,9 @@ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ +/* If rtrlib compiled with ssh support, don`t fail build */ +#define LIBSSH_LEGACY_0_4 + #include <zebra.h> #include <pthread.h> #include <time.h> diff --git a/bgpd/bgp_vty.c b/bgpd/bgp_vty.c index b8c81232bb..35477ba164 100644 --- a/bgpd/bgp_vty.c +++ b/bgpd/bgp_vty.c @@ -10859,7 +10859,7 @@ static void lcommunity_show_all_iterator(struct hash_backet *backet, lcom = (struct lcommunity *)backet->data; vty_out(vty, "[%p] (%ld) %s\n", (void *)lcom, lcom->refcnt, - lcommunity_str(lcom)); + lcommunity_str(lcom, false)); } /* Show BGP's community internal data. */ @@ -13606,6 +13606,24 @@ DEFUN (no_ip_community_list_expanded_all, return CMD_SUCCESS; } +/* Return configuration string of community-list entry. */ +static const char *community_list_config_str(struct community_entry *entry) +{ + const char *str; + + if (entry->any) + str = ""; + else { + if (entry->style == COMMUNITY_LIST_STANDARD) + str = community_str(entry->u.com, false); + else if (entry->style == LARGE_COMMUNITY_LIST_STANDARD) + str = lcommunity_str(entry->u.lcom, false); + else + str = entry->config; + } + return str; +} + static void community_list_show(struct vty *vty, struct community_list *list) { struct community_entry *entry; @@ -13631,9 +13649,7 @@ static void community_list_show(struct vty *vty, struct community_list *list) else vty_out(vty, " %s %s\n", community_direct_str(entry->direct), - entry->style == COMMUNITY_LIST_STANDARD - ? community_str(entry->u.com, false) - : entry->config); + community_list_config_str(entry)); } } @@ -13985,9 +14001,7 @@ static void lcommunity_list_show(struct vty *vty, struct community_list *list) else vty_out(vty, " %s %s\n", community_direct_str(entry->direct), - entry->style == EXTCOMMUNITY_LIST_STANDARD - ? entry->u.ecom->str - : entry->config); + community_list_config_str(entry)); } } @@ -14222,9 +14236,7 @@ static void extcommunity_list_show(struct vty *vty, struct community_list *list) else vty_out(vty, " %s %s\n", community_direct_str(entry->direct), - entry->style == EXTCOMMUNITY_LIST_STANDARD - ? entry->u.ecom->str - : entry->config); + community_list_config_str(entry)); } } @@ -14275,22 +14287,6 @@ DEFUN (show_ip_extcommunity_list_arg, return CMD_SUCCESS; } -/* Return configuration string of community-list entry. */ -static const char *community_list_config_str(struct community_entry *entry) -{ - const char *str; - - if (entry->any) - str = ""; - else { - if (entry->style == COMMUNITY_LIST_STANDARD) - str = community_str(entry->u.com, false); - else - str = entry->config; - } - return str; -} - /* Display community-list and extcommunity-list configuration. */ static int community_list_config_write(struct vty *vty) { diff --git a/bgpd/bgp_zebra.c b/bgpd/bgp_zebra.c index 52a246387e..4a909d8cdc 100644 --- a/bgpd/bgp_zebra.c +++ b/bgpd/bgp_zebra.c @@ -2391,12 +2391,25 @@ static void bgp_zebra_process_label_chunk( uint8_t response_keep; uint32_t first; uint32_t last; + uint8_t proto; + unsigned short instance; s = zclient->ibuf; + STREAM_GETC(s, proto); + STREAM_GETW(s, instance); STREAM_GETC(s, response_keep); STREAM_GETL(s, first); STREAM_GETL(s, last); + if (zclient->redist_default != proto) { + zlog_err("Got LM msg with wrong proto %u", proto); + return; + } + if (zclient->instance != instance) { + zlog_err("Got LM msg with wrong instance %u", proto); + return; + } + if (first > last || first < MPLS_LABEL_UNRESERVED_MIN || last > MPLS_LABEL_UNRESERVED_MAX) { diff --git a/bgpd/bgpd.h b/bgpd/bgpd.h index 1ad6a5c9c8..340851e8d9 100644 --- a/bgpd/bgpd.h +++ b/bgpd/bgpd.h @@ -481,6 +481,9 @@ struct bgp { /* EVPN enable - advertise local VNIs and their MACs etc. */ int advertise_all_vni; + /* EVPN - use RFC 8365 to auto-derive RT */ + int advertise_autort_rfc8365; + /* Hash table of Import RTs to EVIs */ struct hash *import_rt_hash; diff --git a/doc/Makefile.am b/doc/Makefile.am index 8fa057424a..19561c031d 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -198,6 +198,7 @@ EXTRA_DIST = frr-sphinx.mk \ user/conf.py \ user/eigrpd.rst \ user/filter.rst \ + user/getting-started.rst \ user/glossary.rst \ user/index.rst \ user/installation.rst \ @@ -217,6 +218,7 @@ EXTRA_DIST = frr-sphinx.mk \ user/routemap.rst \ user/routeserver.rst \ user/rpki.rst \ + user/setup.rst \ user/sharp.rst \ user/snmp.rst \ user/snmptrap.rst \ diff --git a/doc/developer/building-frr-on-ubuntu1804.rst b/doc/developer/building-frr-on-ubuntu1804.rst index 17edb7ef4f..d9fc37c172 100644 --- a/doc/developer/building-frr-on-ubuntu1804.rst +++ b/doc/developer/building-frr-on-ubuntu1804.rst @@ -1,17 +1,56 @@ Ubuntu 18.04LTS =============================================== -Install required packages +Install dependencies ------------------------- +Required packages +^^^^^^^^^^^^^^^^^ -Add packages: +:: + + sudo apt-get install \ + git \ + autoconf \ + automake \ + libtool \ + make \ + gawk \ + libreadline-dev \ + texinfo \ + pkg-config \ + libpam0g-dev \ + libjson-c-dev \ + bison \ + flex \ + python-pytest \ + libc-ares-dev \ + python3-dev \ + libsystemd-dev \ + python-ipaddr \ + python3-sphinx + +Optional packages +^^^^^^^^^^^^^^^^^ + +Dependencies for additional functionality can be installed as-desired. + +Protobuf +~~~~~~~~ :: - apt-get install git autoconf automake libtool make gawk libreadline-dev \ - texinfo pkg-config libpam0g-dev libjson-c-dev bison flex \ - python-pytest libc-ares-dev python3-dev libsystemd-dev python-ipaddr \ - python3-sphinx + sudo apt-get install \ + protobuf-c-compiler \ + libprotobuf-c-dev + +ZeroMQ +~~~~~~ + +:: + + sudo apt-get install \ + libzmq5 \ + libzmq3-dev Get FRR, compile it and install it (from Git) --------------------------------------------- @@ -30,15 +69,21 @@ Add frr groups and user --gecos "FRR suite" --shell /sbin/nologin frr sudo usermod -a -G frrvty frr -Download Source, configure and compile it +Download source ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -(You may prefer different options on configure statement. These are just -an example.) - :: git clone https://github.com/frrouting/frr.git frr + +Configure +^^^^^^^^^ +Options below are provided as an example. + +.. seealso:: *Installation* section of user guide + +:: + cd frr ./bootstrap.sh ./configure \ @@ -62,6 +107,23 @@ an example.) --enable-systemd=yes \ --with-pkg-git-version \ --with-pkg-extra-version=-MyOwnFRRVersion + +If optional packages were installed, the associated feature may now be +enabled. + +.. option:: --enable-protobuf + +Enable support for protobuf transport + +.. option:: --enable-zeromq + +Enable support for ZeroMQ transport + +Compile +^^^^^^^ + +:: + make make check sudo make install @@ -69,6 +131,21 @@ an example.) Create empty FRR configuration files ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Although not strictly necessary, it's good practice to create empty +configuration files _before_ starting FRR. This assures that the permissions +are correct. If the files are not already present, FRR will create them. + +It's also important to consider _which_ files to create. FRR supports writing +configuration to a monolithic file, ``/etc/frr/frr.conf``, which is not +recommended +.. seealso:: *VTYSH* section of user guide + +The presence of ``/etc/frr/frr.conf`` on startup implicitly configures FRR to +ignore daemon-specific configuration files. + +Daemon-specific configuration +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + :: sudo install -m 755 -o frr -g frr -d /var/log/frr @@ -83,7 +160,15 @@ Create empty FRR configuration files sudo install -m 640 -o frr -g frr /dev/null /etc/frr/pimd.conf sudo install -m 640 -o frr -g frr /dev/null /etc/frr/ldpd.conf sudo install -m 640 -o frr -g frr /dev/null /etc/frr/nhrpd.conf - sudo install -m 640 -o frr -g frrvty /dev/null /etc/frr/vtysh.conf + +Monolithic configuration +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +:: + + sudo install -m 755 -o frr -g frr -d /var/log/frr + sudo install -m 775 -o frr -g frrvty -d /etc/frr + sudo install -m 640 -o frr -g frr /dev/null /etc/frr/frr.conf Enable IPv4 & IPv6 forwarding ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -101,7 +186,22 @@ other settings) # based on Router Advertisements for this host net.ipv6.conf.all.forwarding=1 -Enable MPLS Forwarding (with Linux Kernel >= 4.5) +Add MPLS kernel modules +^^^^^^^^^^^^^^^^^^^^^^^ + +Ubuntu 18.04 ships with kernel 4.15. MPLS modules are present by default. +To enable, add the following lines to ``/etc/modules-load.d/modules.conf``: + +:: + + # Load MPLS Kernel Modules + mpls_router + mpls_iptunnel + +**Reboot** or use ``sysctl -p`` to apply the same config to the running +system + +Enable MPLS Forwarding ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Edit ``/etc/sysctl.conf`` and the following lines. Make sure to add a @@ -116,20 +216,6 @@ MPLS net.mpls.conf.eth2.input=1 net.mpls.platform_labels=100000 -Add MPLS kernel modules -^^^^^^^^^^^^^^^^^^^^^^^ - -Add the following lines to ``/etc/modules-load.d/modules.conf``: - -:: - - # Load MPLS Kernel Modules - mpls-router - mpls-iptunnel - -**Reboot** or use ``sysctl -p`` to apply the same config to the running -system - Install the systemd service (if rebooted from last step, change directory back to frr directory) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ diff --git a/doc/user/getting-started.rst b/doc/user/getting-started.rst new file mode 100644 index 0000000000..4ef293c711 --- /dev/null +++ b/doc/user/getting-started.rst @@ -0,0 +1,9 @@ +*************** +Getting Started +*************** + +.. toctree:: + :maxdepth: 2 + + installation + setup diff --git a/doc/user/index.rst b/doc/user/index.rst index f20ff8ec2b..7118022df7 100644 --- a/doc/user/index.rst +++ b/doc/user/index.rst @@ -5,7 +5,7 @@ FRRouting User Guide :maxdepth: 2 overview - installation + getting-started basic vtysh filter diff --git a/doc/user/installation.rst b/doc/user/installation.rst index 700a727d8f..7a430fdf98 100644 --- a/doc/user/installation.rst +++ b/doc/user/installation.rst @@ -1,8 +1,7 @@ .. _installation: -************ Installation -************ +============ .. index:: How to install FRR .. index:: Installation @@ -10,46 +9,73 @@ Installation .. index:: Building the system .. index:: Making FRR -Several distributions provide packages for FRR. Check your distribution's -repositories to find out if a suitable version is available. +This section covers the basics of building, installing and setting up FRR. -FRR depends on various libraries depending on your operating system. +From Packages +------------- -After installing these dependencies, change to the frr source directory and -issue the following commands: +The project publishes packages for Red Hat, Centos, Debian and Ubuntu on the +`GitHub releases <https://github.com/FRRouting/frr/releases>`_. page. External +contributors offer packages for many other platforms including \*BSD, Alpine, +Gentoo, Docker, and others. There is currently no documentation on how to use +those but we hope to add it soon. -:: +From Snapcraft +-------------- - $ ./bootstrap.sh - $ ./configure - $ make - $ make install +In addition to traditional packages the project also builds and publishes +universal Snap images, available at https://snapcraft.io/frr. +From Source +----------- -.. _configure-the-software: +Building FRR from source is the best way to ensure you have the latest features +and bug fixes. Details for each supported platform, including dependency +package listings, permissions, and other gotchas, are in the developer's +documentation. This section provides a brief overview on the process. -Configure the Software -====================== +Getting the Source +^^^^^^^^^^^^^^^^^^ +FRR's source is available on the project +`GitHub page <https://github.com/FRRouting/frr>`_. -.. _the-configure-script: +.. code-block:: shell -The Configure Script --------------------- + git clone https://github.com/FRRouting/frr.git -.. index:: Configuration options +When building from Git there are several branches to choose from. The +``master`` branch is the primary development branch. It should be considered +unstable. Each release has its own branch named ``stable/X.X``, where ``X.X`` +is the release version. -.. index:: Options for configuring +In addition, release tarballs are published on the GitHub releases page +`here <https://github.com/FRRouting/frr/releases>`_. -.. index:: Build options +Configuration +^^^^^^^^^^^^^ +.. index:: Configuration options +.. index:: Options for configuring +.. index:: Build options .. index:: Distribution configuration - .. index:: Options to `./configure` -FRR has an excellent configure script which automatically detects most -host configurations. There are several additional configure options to -customize the build to include or exclude specific features and dependencies. +FRR has an excellent configure script which automatically detects most host +configurations. There are several additional configure options to customize the +build to include or exclude specific features and dependencies. + +First, update the build system. Change into your FRR source directory and issue: + +.. code-block:: shell + + ./bootstrap.sh + +This will install any missing build scripts and update the Autotools +configuration. Once this is done you can move on to choosing your configuration +options from the list below. + +.. _frr-configuration: .. program:: configure @@ -202,10 +228,9 @@ options to the configuration script. .. _least-privilege-support: Least-Privilege Support ------------------------ +""""""""""""""""""""""" .. index:: FRR Least-Privileges - .. index:: FRR Privileges Additionally, you may configure zebra to drop its elevated privileges @@ -240,112 +265,54 @@ only Linux), FRR will retain only minimal capabilities required and will only raise these capabilities for brief periods. On systems without libcap, FRR will run as the user specified and only raise its UID to 0 for brief periods. -.. _linux-notes: - Linux Notes ------------ - -.. index:: Configuring FRR +""""""""""" .. index:: Building on Linux boxes - .. index:: Linux configurations -There are several options available only to GNU/Linux systems [#]_. -If you use GNU/Linux, make sure that the current kernel configuration is what -you want. FRR will run with any kernel configuration but some recommendations -do exist. - - -- :makevar:`CONFIG_NETLINK` - Kernel/User Netlink socket. This is a brand new feature which enables an - advanced interface between the Linux kernel and zebra (:ref:`kernel-interface`). -- :makevar:`CONFIG_RTNETLINK` - Routing messages. - This makes it possible to receive Netlink routing messages. If you - specify this option, *zebra* can detect routing information - updates directly from the kernel (:ref:`kernel-interface`). -- :makevar:`CONFIG_IP_MULTICAST` - IP: multicasting. - This option should be specified when you use *ripd* (:ref:`rip`) or - *ospfd* (:ref:`ospfv2`) because these protocols use multicast. - -IPv6 support has been added in GNU/Linux kernel version 2.2. If you -try to use the FRR IPv6 feature on a GNU/Linux kernel, please -make sure the following libraries have been installed. Please note that -these libraries will not be needed when you uses GNU C library 2.1 -or upper. - -- inet6-apps - - The `inet6-apps` package includes basic IPv6 related libraries such - as `inet_ntop` and `inet_pton`. Some basic IPv6 programs such - as *ping*, *ftp*, and *inetd* are also - included. The `inet-apps` can be found at - `ftp://ftp.inner.net/pub/ipv6/ <ftp://ftp.inner.net/pub/ipv6/>`_. - -- net-tools - - The `net-tools` package provides an IPv6 enabled interface and routing - utility. It contains *ifconfig*, *route*, *netstat*, and other tools. - `net-tools` may be found at http://www.tazenda.demon.co.uk/phil/net-tools/. - -.. _build-the-software: - -Build the Software -================== - -After configuring the software, you will need to compile it for your system. -Simply issue the command *make* in the root of the source directory and the -software will be compiled. Cliff Notes versions of different compilation -examples can be found in the Developer's Manual Appendix. If you have *any* -problems at this stage, please send a bug report :ref:`bug-reports`. - -:: - - $ ./bootstrap.sh - $ ./configure <appropriate to your system> - $ make - +There are several options available only to GNU/Linux systems. If you use +GNU/Linux, make sure that the current kernel configuration is what you want. +FRR will run with any kernel configuration but some recommendations do exist. -Install the Software -==================== +:makevar:`CONFIG_NETLINK` + Kernel/User Netlink socket. This is a enables an advanced interface between + the Linux kernel and *zebra* (:ref:`kernel-interface`). -Installing the software to your system consists of copying the compiled -programs and supporting files to a standard location. After the -installation process has completed, these files have been copied -from your work directory to :file:`/usr/local/bin`, and :file:`/usr/local/etc`. +:makevar:`CONFIG_RTNETLINK` + This makes it possible to receive Netlink routing messages. If you specify + this option, *zebra* can detect routing information updates directly from + the kernel (:ref:`kernel-interface`). -To install the FRR suite, issue the following command at your shell -prompt::: +:makevar:`CONFIG_IP_MULTICAST` + This option enables IP multicast and should be specified when you use *ripd* + (:ref:`rip`) or *ospfd* (:ref:`ospfv2`) because these protocols use + multicast. - $ make install +Building +^^^^^^^^ -FRR daemons have their own terminal interface or VTY. After -installation, you have to setup each beast's port number to connect to -them. Please add the following entries to :file:`/etc/services`. +Once you have chosen your configure options, run the configure script and pass +the options you chose: -:: +.. code-block:: shell - zebrasrv 2600/tcp # zebra service - zebra 2601/tcp # zebra vty - ripd 2602/tcp # RIPd vty - ripngd 2603/tcp # RIPngd vty - ospfd 2604/tcp # OSPFd vty - bgpd 2605/tcp # BGPd vty - ospf6d 2606/tcp # OSPF6d vty - ospfapi 2607/tcp # ospfapi - isisd 2608/tcp # ISISd vty - nhrpd 2610/tcp # nhrpd vty - pimd 2611/tcp # PIMd vty + ./configure \ + --prefix=/usr \ + --enable-exampledir=/usr/share/doc/frr/examples/ \ + --localstatedir=/var/run/frr \ + --sbindir=/usr/lib/frr \ + --sysconfdir=/etc/frr \ + --enable-pimd \ + --enable-watchfrr \ + ... +After configuring the software, you are ready to build and install it for your +system. -If you use a FreeBSD newer than 2.2.8, the above entries are already -added to :file:`/etc/services` so there is no need to add it. If you -specify a port number when starting the daemon, these entries may not be -needed. +.. code-block:: shell -You may need to make changes to the config files in -|INSTALL_PREFIX_ETC|. :ref:`config-commands`. + make && sudo make install -.. [#] GNU/Linux has very flexible kernel configuration features. +If everything finishes successfully, FRR should be installed. You should now +skip to the section on :ref:`basic-setup`. diff --git a/doc/user/overview.rst b/doc/user/overview.rst index 38d55d68ad..eb24970bee 100644 --- a/doc/user/overview.rst +++ b/doc/user/overview.rst @@ -20,6 +20,8 @@ can use FRR library as your program's client user interface. FRR is distributed under the GNU General Public License. +FRR is a fork of `Quagga <http://www.quagga.net/>`_. + .. _about-frr: About FRR @@ -235,7 +237,8 @@ How to get FRR The official FRR website is located at |PACKAGE_URL| and contains further information, as well as links to additional resources. -FRR is a fork of `Quagga <http://www.quagga.net/>`_. +Several distributions provide packages for FRR. Check your distribution's +repositories to find out if a suitable version is available. Mailing Lists ============= diff --git a/doc/user/setup.rst b/doc/user/setup.rst new file mode 100644 index 0000000000..9971c43c5e --- /dev/null +++ b/doc/user/setup.rst @@ -0,0 +1,155 @@ +.. _basic-setup: + +Basic Setup +============ + +After installing FRR, some basic configuration must be completed before it is +ready to use. + +Daemons File +------------ +After a fresh install, starting FRR will do nothing. This is because daemons +must be explicitly enabled by editing a file in your configuration directory. +This file is usually located at :file:`/etc/frr/daemons` and determines which +daemons are activated when issuing a service start / stop command via init or +systemd. The file initially looks like this: + +:: + + zebra=no + bgpd=no + ospfd=no + ospf6d=no + ripd=no + ripngd=no + isisd=no + pimd=no + ldpd=no + nhrpd=no + eigrpd=no + babeld=no + sharpd=no + pbrd=no + +To enable a particular daemon, simply change the corresponding 'no' to 'yes'. +Subsequent service restarts should start the daemon. + +Daemons Configuration File +-------------------------- +There is another file that controls the default options passed to daemons when +starting FRR as a service. This file is located in your configuration +directory, usually at :file:`/etc/frr/daemons.conf`. + +This file has several parts. Here is an example: + +:: + + # + # If this option is set the /etc/init.d/frr script automatically loads + # the config via "vtysh -b" when the servers are started. + # Check /etc/pam.d/frr if you intend to use "vtysh"! + # + vtysh_enable=yes + zebra_options=" -r -s 90000000 --daemon -A 127.0.0.1" + bgpd_options=" --daemon -A 127.0.0.1" + ospfd_options=" --daemon -A 127.0.0.1" + ospf6d_options=" --daemon -A ::1" + ripd_options=" --daemon -A 127.0.0.1" + ripngd_options=" --daemon -A ::1" + isisd_options=" --daemon -A 127.0.0.1" + pimd_options=" --daemon -A 127.0.0.1" + ldpd_options=" --daemon -A 127.0.0.1" + nhrpd_options=" --daemon -A 127.0.0.1" + eigrpd_options=" --daemon -A 127.0.0.1" + babeld_options=" --daemon -A 127.0.0.1" + sharpd_options=" --daemon -A 127.0.0.1" + pbrd_options=" --daemon -A 127.0.0.1" + + # The list of daemons to watch is automatically generated by the init script. + watchfrr_enable=yes + watchfrr_options=(-d -r /usr/sbin/servicebBfrrbBrestartbB%s -s /usr/sbin/servicebBfrrbBstartbB%s -k /usr/sbin/servicebBfrrbBstopbB%s -b bB) + + # If valgrind_enable is 'yes' the frr daemons will be started via valgrind. + # The use case for doing so is tracking down memory leaks, etc in frr. + valgrind_enable=no + valgrind=/usr/bin/valgrind + +Breaking this file down: + +:: + + vtysh_enable=yes + +As the comment says, this causes :ref:`VTYSH <vty-shell>` to apply +configuration when starting the daemons. This is useful for a variety of +reasons touched on in the VTYSH documentation and should generally be enabled. + +:: + + zebra_options=" -r -s 90000000 --daemon -A 127.0.0.1" + bgpd_options=" --daemon -A 127.0.0.1" + ... + +The next set of lines controls what options are passed to daemons when started +from the service script. Usually daemons will have ``--daemon`` and ``-A +<address>`` specified in order to daemonize and listen for VTY commands on a +particular address. + +:: + + # The list of daemons to watch is automatically generated by the init script. + watchfrr_enable=yes + watchfrr_options=(-d -r /usr/sbin/servicebBfrrbBrestartbB%s -s /usr/sbin/servicebBfrrbBstartbB%s -k /usr/sbin/servicebBfrrbBstopbB%s -b bB) + +Options for the ``watchfrr``, the watchdog daemon. + +:: + + valgrind_enable=no + valgrind=/usr/bin/valgrind + +Whether or not to start FRR daemons under Valgrind. This is primarily useful +for gathering information for bug reports and for developers. +``valgrind_enable`` should be ``no`` for production use. + +Services +-------- +FRR daemons have their own terminal interface or VTY. After installation, it's +a good idea to setup each daemon's port number to connect to them. To do this +add the following entries to :file:`/etc/services`. + +:: + + zebrasrv 2600/tcp # zebra service + zebra 2601/tcp # zebra vty + ripd 2602/tcp # RIPd vty + ripngd 2603/tcp # RIPngd vty + ospfd 2604/tcp # OSPFd vty + bgpd 2605/tcp # BGPd vty + ospf6d 2606/tcp # OSPF6d vty + ospfapi 2607/tcp # ospfapi + isisd 2608/tcp # ISISd vty + babeld 2609/tcp # BABELd vty + nhrpd 2610/tcp # nhrpd vty + pimd 2611/tcp # PIMd vty + ldpd 2612/tcp # LDPd vty + eigprd 2613/tcp # EIGRPd vty + + +If you use a FreeBSD newer than 2.2.8, the above entries are already added to +:file:`/etc/services` so there is no need to add it. If you specify a port +number when starting the daemon, these entries may not be needed. + +You may need to make changes to the config files in |INSTALL_PREFIX_ETC|. + +systemd +------- +Although not installed when installing from source, FRR provides a service file +for use with ``systemd``. It is located in :file:`tools/frr.service` in the Git +repository. If ``systemctl status frr.service`` indicates that the FRR service +is not found, copy the service file from the Git repository into your preferred +location. A good place is usually ``/etc/systemd/system/``. + +After issuing a ``systemctl daemon-reload``, you should be able to start the +FRR service via ``systemctl start frr``. If this fails, or no daemons are +started. check the ``journalctl`` logs for an indication of what went wrong. diff --git a/lib/command.c b/lib/command.c index 69e301fcfa..0fa6bde334 100644 --- a/lib/command.c +++ b/lib/command.c @@ -1960,19 +1960,17 @@ DEFUN (no_config_password, bool warned = false; if (host.password) { - vty_out(vty, - "Please be aware that removing the password is a security risk and " - "you should think twice about this command\n"); - warned = true; + if (!vty_shell_serv(vty)) { + vty_out(vty, NO_PASSWD_CMD_WARNING); + warned = true; + } XFREE(MTYPE_HOST, host.password); } host.password = NULL; if (host.password_encrypt) { - if (!warned) - vty_out(vty, - "Please be aware that removing the password is a security risk " - "and you should think twice about this command\n"); + if (!warned && !vty_shell_serv(vty)) + vty_out(vty, NO_PASSWD_CMD_WARNING); XFREE(MTYPE_HOST, host.password_encrypt); } host.password_encrypt = NULL; @@ -2044,19 +2042,17 @@ DEFUN (no_config_enable_password, bool warned = false; if (host.enable) { - vty_out(vty, - "Please be aware that removing the password is a security risk and " - "you should think twice about this command\n"); - warned = true; + if (!vty_shell_serv(vty)) { + vty_out(vty, NO_PASSWD_CMD_WARNING); + warned = true; + } XFREE(MTYPE_HOST, host.enable); } host.enable = NULL; if (host.enable_encrypt) { - if (!warned) - vty_out(vty, - "Please be aware that removing the password is a security risk " - "and you should think twice about this command\n"); + if (!warned && !vty_shell_serv(vty)) + vty_out(vty, NO_PASSWD_CMD_WARNING); XFREE(MTYPE_HOST, host.enable_encrypt); } host.enable_encrypt = NULL; diff --git a/lib/command.h b/lib/command.h index 9ba53e0907..8d9c39b0ea 100644 --- a/lib/command.h +++ b/lib/command.h @@ -376,6 +376,10 @@ struct cmd_node { #define CONF_BACKUP_EXT ".sav" +/* Command warnings. */ +#define NO_PASSWD_CMD_WARNING \ + "Please be aware that removing the password is a security risk and you should think twice about this command.\n" + /* IPv4 only machine should not accept IPv6 address for peer's IP address. So we replace VTY command string like below. */ #define NEIGHBOR_ADDR_STR "Neighbor address\nIPv6 address\n" diff --git a/lib/stream.c b/lib/stream.c index c4edd3d5bf..aba4c20166 100644 --- a/lib/stream.c +++ b/lib/stream.c @@ -21,6 +21,7 @@ #include <zebra.h> #include <stddef.h> +#include <pthread.h> #include "stream.h" #include "memory.h" @@ -1101,6 +1102,7 @@ struct stream_fifo *stream_fifo_new(void) struct stream_fifo *new; new = XCALLOC(MTYPE_STREAM_FIFO, sizeof(struct stream_fifo)); + pthread_mutex_init(&new->mtx, NULL); return new; } @@ -1115,7 +1117,16 @@ void stream_fifo_push(struct stream_fifo *fifo, struct stream *s) fifo->tail = s; fifo->tail->next = NULL; - fifo->count++; + atomic_fetch_add_explicit(&fifo->count, 1, memory_order_release); +} + +void stream_fifo_push_safe(struct stream_fifo *fifo, struct stream *s) +{ + pthread_mutex_lock(&fifo->mtx); + { + stream_fifo_push(fifo, s); + } + pthread_mutex_unlock(&fifo->mtx); } /* Delete first stream from fifo. */ @@ -1131,7 +1142,8 @@ struct stream *stream_fifo_pop(struct stream_fifo *fifo) if (fifo->head == NULL) fifo->tail = NULL; - fifo->count--; + atomic_fetch_sub_explicit(&fifo->count, 1, + memory_order_release); /* ensure stream is scrubbed of references to this fifo */ s->next = NULL; @@ -1140,12 +1152,37 @@ struct stream *stream_fifo_pop(struct stream_fifo *fifo) return s; } -/* Return first fifo entry. */ +struct stream *stream_fifo_pop_safe(struct stream_fifo *fifo) +{ + struct stream *ret; + + pthread_mutex_lock(&fifo->mtx); + { + ret = stream_fifo_pop(fifo); + } + pthread_mutex_unlock(&fifo->mtx); + + return ret; +} + struct stream *stream_fifo_head(struct stream_fifo *fifo) { return fifo->head; } +struct stream *stream_fifo_head_safe(struct stream_fifo *fifo) +{ + struct stream *ret; + + pthread_mutex_lock(&fifo->mtx); + { + ret = stream_fifo_head(fifo); + } + pthread_mutex_unlock(&fifo->mtx); + + return ret; +} + void stream_fifo_clean(struct stream_fifo *fifo) { struct stream *s; @@ -1156,11 +1193,26 @@ void stream_fifo_clean(struct stream_fifo *fifo) stream_free(s); } fifo->head = fifo->tail = NULL; - fifo->count = 0; + atomic_store_explicit(&fifo->count, 0, memory_order_release); +} + +void stream_fifo_clean_safe(struct stream_fifo *fifo) +{ + pthread_mutex_lock(&fifo->mtx); + { + stream_fifo_clean(fifo); + } + pthread_mutex_unlock(&fifo->mtx); +} + +size_t stream_fifo_count_safe(struct stream_fifo *fifo) +{ + return atomic_load_explicit(&fifo->count, memory_order_acquire); } void stream_fifo_free(struct stream_fifo *fifo) { stream_fifo_clean(fifo); + pthread_mutex_destroy(&fifo->mtx); XFREE(MTYPE_STREAM_FIFO, fifo); } diff --git a/lib/stream.h b/lib/stream.h index cc74e22a67..e5d325e43e 100644 --- a/lib/stream.h +++ b/lib/stream.h @@ -22,6 +22,9 @@ #ifndef _ZEBRA_STREAM_H #define _ZEBRA_STREAM_H +#include <pthread.h> + +#include "frratomic.h" #include "mpls.h" #include "prefix.h" @@ -107,7 +110,11 @@ struct stream { /* First in first out queue structure. */ struct stream_fifo { - size_t count; + /* lock for mt-safe operations */ + pthread_mutex_t mtx; + + /* number of streams in this fifo */ + _Atomic size_t count; struct stream *head; struct stream *tail; @@ -240,12 +247,94 @@ extern int stream_empty(struct stream *); /* is the stream empty? */ /* deprecated */ extern uint8_t *stream_pnt(struct stream *); -/* Stream fifo. */ +/* + * Operations on struct stream_fifo. + * + * Each function has a safe variant, which ensures that the operation performed + * is atomic with respect to the operations performed by all other safe + * variants. In other words, the safe variants lock the stream_fifo's mutex + * before performing their action. These are provided for convenience when + * using stream_fifo in a multithreaded context, to alleviate the need for the + * caller to implement their own synchronization around the stream_fifo. + * + * The following functions do not have safe variants. The caller must ensure + * that these operations are performed safely in a multithreaded context: + * - stream_fifo_new + * - stream_fifo_free + */ + +/* + * Create a new stream_fifo. + * + * Returns: + * newly created stream_fifo + */ extern struct stream_fifo *stream_fifo_new(void); + +/* + * Push a stream onto a stream_fifo. + * + * fifo + * the stream_fifo to push onto + * + * s + * the stream to push onto the stream_fifo + */ extern void stream_fifo_push(struct stream_fifo *fifo, struct stream *s); +extern void stream_fifo_push_safe(struct stream_fifo *fifo, struct stream *s); + +/* + * Pop a stream off a stream_fifo. + * + * fifo + * the stream_fifo to pop from + * + * Returns: + * the next stream in the stream_fifo + */ extern struct stream *stream_fifo_pop(struct stream_fifo *fifo); +extern struct stream *stream_fifo_pop_safe(struct stream_fifo *fifo); + +/* + * Retrieve the next stream from a stream_fifo without popping it. + * + * fifo + * the stream_fifo to operate on + * + * Returns: + * the next stream that would be returned from stream_fifo_pop + */ extern struct stream *stream_fifo_head(struct stream_fifo *fifo); +extern struct stream *stream_fifo_head_safe(struct stream_fifo *fifo); + +/* + * Remove all streams from a stream_fifo. + * + * fifo + * the stream_fifo to clean + */ extern void stream_fifo_clean(struct stream_fifo *fifo); +extern void stream_fifo_clean_safe(struct stream_fifo *fifo); + +/* + * Retrieve number of streams on a stream_fifo. + * + * fifo + * the stream_fifo to retrieve the count for + * + * Returns: + * the number of streams on the stream_fifo + */ +extern size_t stream_fifo_count_safe(struct stream_fifo *fifo); + +/* + * Free a stream_fifo. + * + * Calls stream_fifo_clean, then deinitializes the stream_fifo and frees it. + * + * fifo + * the stream_fifo to free + */ extern void stream_fifo_free(struct stream_fifo *fifo); /* This is here because "<< 24" is particularly problematic in C. diff --git a/lib/zclient.c b/lib/zclient.c index 05bd907589..0f7cf350db 100644 --- a/lib/zclient.c +++ b/lib/zclient.c @@ -1237,9 +1237,8 @@ stream_failure: return 0; } -static void zapi_encode_prefix(struct stream *s, - struct prefix *p, - uint8_t family) +static void zapi_encode_prefix(struct stream *s, struct prefix *p, + uint8_t family) { struct prefix any; @@ -1254,8 +1253,7 @@ static void zapi_encode_prefix(struct stream *s, stream_put(s, &p->u.prefix, prefix_blen(p)); } -int zapi_pbr_rule_encode(uint8_t cmd, struct stream *s, - struct pbr_rule *zrule) +int zapi_pbr_rule_encode(uint8_t cmd, struct stream *s, struct pbr_rule *zrule) { stream_reset(s); zclient_create_header(s, cmd, zrule->vrf_id); @@ -1271,11 +1269,11 @@ int zapi_pbr_rule_encode(uint8_t cmd, struct stream *s, zapi_encode_prefix(s, &(zrule->filter.src_ip), zrule->filter.src_ip.family); - stream_putw(s, zrule->filter.src_port); /* src port */ + stream_putw(s, zrule->filter.src_port); /* src port */ zapi_encode_prefix(s, &(zrule->filter.dst_ip), zrule->filter.src_ip.family); - stream_putw(s, zrule->filter.dst_port); /* dst port */ - stream_putw(s, zrule->filter.fwmark); /* fwmark */ + stream_putw(s, zrule->filter.dst_port); /* dst port */ + stream_putw(s, zrule->filter.fwmark); /* fwmark */ stream_putl(s, zrule->action.table); stream_putl(s, zrule->ifindex); @@ -1323,8 +1321,8 @@ bool zapi_rule_notify_decode(struct stream *s, uint32_t *seqno, STREAM_GETL(s, ifi); if (zclient_debug) - zlog_debug("%s: %u %u %u %u", __PRETTY_FUNCTION__, - seq, prio, uni, ifi); + zlog_debug("%s: %u %u %u %u", __PRETTY_FUNCTION__, seq, prio, + uni, ifi); *seqno = seq; *priority = prio; *unique = uni; @@ -1336,9 +1334,8 @@ stream_failure: return false; } -bool zapi_ipset_notify_decode(struct stream *s, - uint32_t *unique, - enum zapi_ipset_notify_owner *note) +bool zapi_ipset_notify_decode(struct stream *s, uint32_t *unique, + enum zapi_ipset_notify_owner *note) { uint32_t uni; @@ -1356,10 +1353,9 @@ stream_failure: return false; } -bool zapi_ipset_entry_notify_decode(struct stream *s, - uint32_t *unique, - char *ipset_name, - enum zapi_ipset_entry_notify_owner *note) +bool zapi_ipset_entry_notify_decode(struct stream *s, uint32_t *unique, + char *ipset_name, + enum zapi_ipset_entry_notify_owner *note) { uint32_t uni; @@ -1367,8 +1363,7 @@ bool zapi_ipset_entry_notify_decode(struct stream *s, STREAM_GETL(s, uni); - STREAM_GET(ipset_name, s, - ZEBRA_IPSET_NAME_SIZE); + STREAM_GET(ipset_name, s, ZEBRA_IPSET_NAME_SIZE); if (zclient_debug) zlog_debug("%s: %u", __PRETTY_FUNCTION__, uni); @@ -1414,7 +1409,7 @@ struct nexthop *nexthop_from_zapi_nexthop(struct zapi_nexthop *znh) */ if (znh->label_num) { nexthop_add_labels(n, ZEBRA_LSP_NONE, znh->label_num, - znh->labels); + znh->labels); } return n; @@ -1475,7 +1470,7 @@ bool zapi_nexthop_update_decode(struct stream *s, struct zapi_route *nhr) if (nhr->nexthops[i].label_num) STREAM_GET(&nhr->nexthops[i].labels[0], s, nhr->nexthops[i].label_num - * sizeof(mpls_label_t)); + * sizeof(mpls_label_t)); } return true; @@ -1898,8 +1893,9 @@ struct connected *zebra_interface_address_read(int type, struct stream *s, zlog_warn( "warning: interface %s address %s " "with peer flag set, but no peer address!", - ifp->name, prefix2str(ifc->address, buf, - sizeof buf)); + ifp->name, + prefix2str(ifc->address, buf, + sizeof buf)); UNSET_FLAG(ifc->flags, ZEBRA_IFA_PEER); } } @@ -2065,7 +2061,7 @@ int lm_label_manager_connect(struct zclient *zclient) uint8_t result; if (zclient_debug) - zlog_debug("Connecting to Label Manager"); + zlog_debug("Connecting to Label Manager (LM)"); if (zclient->sock < 0) return -1; @@ -2085,33 +2081,45 @@ int lm_label_manager_connect(struct zclient *zclient) ret = writen(zclient->sock, s->data, stream_get_endp(s)); if (ret < 0) { - zlog_err("%s: can't write to zclient->sock", __func__); + zlog_err("Can't write to zclient sock"); close(zclient->sock); zclient->sock = -1; return -1; } if (ret == 0) { - zlog_err("%s: zclient->sock connection closed", __func__); + zlog_err("Zclient sock closed"); close(zclient->sock); zclient->sock = -1; return -1; } if (zclient_debug) - zlog_debug("%s: Label manager connect request (%d bytes) sent", - __func__, ret); + zlog_debug("LM connect request sent (%d bytes)", ret); /* read response */ if (zclient_read_sync_response(zclient, ZEBRA_LABEL_MANAGER_CONNECT) != 0) return -1; - /* result */ s = zclient->ibuf; + + /* read instance and proto */ + uint8_t proto = stream_getc(s); + uint16_t instance = stream_getw(s); + + /* sanity */ + if (proto != zclient->redist_default) + zlog_err( + "Wrong proto (%u) in LM connect response. Should be %u", + proto, zclient->redist_default); + if (instance != zclient->instance) + zlog_err( + "Wrong instId (%u) in LM connect response. Should be %u", + instance, zclient->instance); + + /* result code */ result = stream_getc(s); if (zclient_debug) - zlog_debug( - "%s: Label Manager connect response received, result %u", - __func__, result); + zlog_debug("LM connect-response received, result %u", result); return (int)result; } @@ -2124,10 +2132,8 @@ int lm_label_manager_connect(struct zclient *zclient) * @param chunk_size Amount of labels requested * @result 0 on success, -1 otherwise */ -int zclient_send_get_label_chunk( - struct zclient *zclient, - uint8_t keep, - uint32_t chunk_size) +int zclient_send_get_label_chunk(struct zclient *zclient, uint8_t keep, + uint32_t chunk_size) { struct stream *s; @@ -2141,6 +2147,10 @@ int zclient_send_get_label_chunk( stream_reset(s); zclient_create_header(s, ZEBRA_GET_LABEL_CHUNK, VRF_DEFAULT); + /* proto */ + stream_putc(s, zclient->redist_default); + /* instance */ + stream_putw(s, zclient->instance); stream_putc(s, keep); stream_putl(s, chunk_size); @@ -2180,6 +2190,10 @@ int lm_get_label_chunk(struct zclient *zclient, uint8_t keep, s = zclient->obuf; stream_reset(s); zclient_create_header(s, ZEBRA_GET_LABEL_CHUNK, VRF_DEFAULT); + /* proto */ + stream_putc(s, zclient->redist_default); + /* instance */ + stream_putw(s, zclient->instance); /* keep */ stream_putc(s, keep); /* chunk size */ @@ -2189,26 +2203,39 @@ int lm_get_label_chunk(struct zclient *zclient, uint8_t keep, ret = writen(zclient->sock, s->data, stream_get_endp(s)); if (ret < 0) { - zlog_err("%s: can't write to zclient->sock", __func__); + zlog_err("Can't write to zclient sock"); close(zclient->sock); zclient->sock = -1; return -1; } if (ret == 0) { - zlog_err("%s: zclient->sock connection closed", __func__); + zlog_err("Zclient sock closed"); close(zclient->sock); zclient->sock = -1; return -1; } if (zclient_debug) - zlog_debug("%s: Label chunk request (%d bytes) sent", __func__, - ret); + zlog_debug("Label chunk request (%d bytes) sent", ret); /* read response */ if (zclient_read_sync_response(zclient, ZEBRA_GET_LABEL_CHUNK) != 0) return -1; + /* parse response */ s = zclient->ibuf; + + /* read proto and instance */ + uint8_t proto = stream_getc(s); + uint16_t instance = stream_getw(s); + + /* sanities */ + if (proto != zclient->redist_default) + zlog_err("Wrong proto (%u) in get chunk response. Should be %u", + proto, zclient->redist_default); + if (instance != zclient->instance) + zlog_err("Wrong instId (%u) in get chunk response Should be %u", + instance, zclient->instance); + /* keep */ response_keep = stream_getc(s); /* start and end labels */ @@ -2218,19 +2245,18 @@ int lm_get_label_chunk(struct zclient *zclient, uint8_t keep, /* not owning this response */ if (keep != response_keep) { zlog_err( - "%s: Invalid Label chunk: %u - %u, keeps mismatch %u != %u", - __func__, *start, *end, keep, response_keep); + "Invalid Label chunk: %u - %u, keeps mismatch %u != %u", + *start, *end, keep, response_keep); } /* sanity */ if (*start > *end || *start < MPLS_LABEL_UNRESERVED_MIN || *end > MPLS_LABEL_UNRESERVED_MAX) { - zlog_err("%s: Invalid Label chunk: %u - %u", __func__, *start, - *end); + zlog_err("Invalid Label chunk: %u - %u", *start, *end); return -1; } if (zclient_debug) - zlog_debug("Label Chunk assign: %u - %u (%u) ", *start, *end, + zlog_debug("Label Chunk assign: %u - %u (%u)", *start, *end, response_keep); return 0; @@ -2251,7 +2277,7 @@ int lm_release_label_chunk(struct zclient *zclient, uint32_t start, struct stream *s; if (zclient_debug) - zlog_debug("Releasing Label Chunk"); + zlog_debug("Releasing Label Chunk %u - %u", start, end); if (zclient->sock < 0) return -1; @@ -2261,6 +2287,10 @@ int lm_release_label_chunk(struct zclient *zclient, uint32_t start, stream_reset(s); zclient_create_header(s, ZEBRA_RELEASE_LABEL_CHUNK, VRF_DEFAULT); + /* proto */ + stream_putc(s, zclient->redist_default); + /* instance */ + stream_putw(s, zclient->instance); /* start */ stream_putl(s, start); /* end */ @@ -2271,13 +2301,13 @@ int lm_release_label_chunk(struct zclient *zclient, uint32_t start, ret = writen(zclient->sock, s->data, stream_get_endp(s)); if (ret < 0) { - zlog_err("%s: can't write to zclient->sock", __func__); + zlog_err("Can't write to zclient sock"); close(zclient->sock); zclient->sock = -1; return -1; } if (ret == 0) { - zlog_err("%s: zclient->sock connection closed", __func__); + zlog_err("Zclient sock connection closed"); close(zclient->sock); zclient->sock = -1; return -1; @@ -2325,8 +2355,7 @@ int tm_table_manager_connect(struct zclient *zclient) return -1; if (zclient_debug) - zlog_debug("%s: Table manager connect request sent", - __func__); + zlog_debug("%s: Table manager connect request sent", __func__); /* read response */ if (zclient_read_sync_response(zclient, ZEBRA_TABLE_MANAGER_CONNECT) @@ -2789,7 +2818,7 @@ static int zclient_read(struct thread *thread) case ZEBRA_GET_LABEL_CHUNK: if (zclient->label_chunk) (*zclient->label_chunk)(command, zclient, length, - vrf_id); + vrf_id); break; case ZEBRA_IPSET_NOTIFY_OWNER: if (zclient->ipset_notify_owner) diff --git a/pbrd/pbr_nht.c b/pbrd/pbr_nht.c index 5be96e86d0..a4a9233f72 100644 --- a/pbrd/pbr_nht.c +++ b/pbrd/pbr_nht.c @@ -470,18 +470,6 @@ void pbr_nht_change_group(const char *name) pbr_nht_install_nexthop_group(pnhgc, nhgc->nhg); } -/* - * Since we are writing into the name field which is PBR_MAP_NAMELEN - * size, we are expecting this to field to be at max 100 bytes. - * Newer compilers understand that the %s portion may be up to - * 100 bytes( because of the size of the string. The %u portion - * is expected to be 10 bytes. So in `theory` there are situations - * where we might truncate. The reality this is never going to - * happen( who is going to create a nexthop group name that is - * over say 30 characters? ). As such we are expecting the - * calling function to subtract 10 from the size_t l before - * we pass it in to get around this new gcc fun. - */ char *pbr_nht_nexthop_make_name(char *name, size_t l, uint32_t seqno, char *buffer) { @@ -497,7 +485,7 @@ void pbr_nht_add_individual_nexthop(struct pbr_map_sequence *pbrms) struct pbr_nexthop_cache lookup; memset(&find, 0, sizeof(find)); - pbr_nht_nexthop_make_name(pbrms->parent->name, PBR_MAP_NAMELEN - 10, + pbr_nht_nexthop_make_name(pbrms->parent->name, PBR_NHC_NAMELEN, pbrms->seqno, find.name); if (!pbrms->internal_nhg_name) pbrms->internal_nhg_name = XSTRDUP(MTYPE_TMP, find.name); diff --git a/pbrd/pbr_nht.h b/pbrd/pbr_nht.h index 2cfb076f00..e6fdbfd04c 100644 --- a/pbrd/pbr_nht.h +++ b/pbrd/pbr_nht.h @@ -25,8 +25,10 @@ #include "pbr_map.h" +#define PBR_NHC_NAMELEN PBR_MAP_NAMELEN + 10 + struct pbr_nexthop_group_cache { - char name[PBR_MAP_NAMELEN]; + char name[PBR_NHC_NAMELEN]; uint32_t table_id; diff --git a/pbrd/pbr_vty.c b/pbrd/pbr_vty.c index b7d2b1a928..7e0e8d632b 100644 --- a/pbrd/pbr_vty.c +++ b/pbrd/pbr_vty.c @@ -269,7 +269,7 @@ DEFPY(pbr_map_nexthop, pbr_map_nexthop_cmd, if (pbrms->nhg) nh = nexthop_exists(pbrms->nhg, &nhop); else { - char buf[PBR_MAP_NAMELEN]; + char buf[PBR_NHC_NAMELEN]; if (no) { vty_out(vty, "No nexthops to delete"); @@ -280,7 +280,7 @@ DEFPY(pbr_map_nexthop, pbr_map_nexthop_cmd, pbrms->internal_nhg_name = XSTRDUP(MTYPE_TMP, pbr_nht_nexthop_make_name(pbrms->parent->name, - PBR_MAP_NAMELEN - 10, + PBR_NHC_NAMELEN, pbrms->seqno, buf)); nh = NULL; diff --git a/redhat/frr.spec.in b/redhat/frr.spec.in index 8632a4fb2f..362be27a5f 100644 --- a/redhat/frr.spec.in +++ b/redhat/frr.spec.in @@ -534,7 +534,7 @@ rm -rf %{buildroot} %defattr(-,root,root) %doc */*.sample* AUTHORS COPYING %doc doc/mpls -%doc ChangeLog NEWS README SERVICES +%doc ChangeLog NEWS README %if 0%{?frr_user:1} %dir %attr(751,%frr_user,%frr_user) %{_sysconfdir} %dir %attr(750,%frr_user,%frr_user) /var/log/frr diff --git a/vtysh/vtysh.c b/vtysh/vtysh.c index 785a16fba3..30de9d7711 100644 --- a/vtysh/vtysh.c +++ b/vtysh/vtysh.c @@ -341,6 +341,7 @@ static int vtysh_execute_func(const char *line, int pager) if (user_mode) { if (strncmp("en", vector_slot(vline, 0), 2) == 0) { + cmd_free_strvec(vline); fprintf(stdout, "%% Command not allowed: enable\n"); return CMD_WARNING; } @@ -2424,6 +2425,8 @@ DEFUNSH(VTYSH_ALL, no_vtysh_config_password, no_vtysh_password_cmd, "no password", NO_STR "Modify the terminal connection password\n") { + vty_out(vty, NO_PASSWD_CMD_WARNING); + return CMD_SUCCESS; } @@ -2442,6 +2445,8 @@ DEFUNSH(VTYSH_ALL, no_vtysh_config_enable_password, "Modify enable password parameters\n" "Assign the privileged level password\n") { + vty_out(vty, NO_PASSWD_CMD_WARNING); + return CMD_SUCCESS; } diff --git a/zebra/label_manager.c b/zebra/label_manager.c index 190ac1e57f..f3fa3ba94e 100644 --- a/zebra/label_manager.c +++ b/zebra/label_manager.c @@ -50,7 +50,6 @@ DEFINE_MTYPE_STATIC(LBL_MGR, LM_CHUNK, "Label Manager Chunk"); * it will be a proxy to relay messages to external label manager * This zclient thus is to connect to it */ -static struct stream *ibuf; static struct stream *obuf; static struct zclient *zclient; bool lm_is_external; @@ -60,7 +59,7 @@ static void delete_label_chunk(void *val) XFREE(MTYPE_LM_CHUNK, val); } -static int relay_response_back(struct zserv *zserv) +static int relay_response_back(void) { int ret = 0; struct stream *src, *dst; @@ -69,49 +68,72 @@ static int relay_response_back(struct zserv *zserv) uint8_t version; vrf_id_t vrf_id; uint16_t resp_cmd; + uint8_t proto; + const char *proto_str; + unsigned short instance; + struct zserv *zserv; + /* input buffer with msg from label manager */ src = zclient->ibuf; - dst = obuf; stream_reset(src); + /* parse header */ ret = zclient_read_header(src, zclient->sock, &size, &marker, &version, &vrf_id, &resp_cmd); if (ret < 0 && errno != EAGAIN) { - zlog_err("%s: Error reading Label Manager response: %s", - __func__, strerror(errno)); + zlog_err("Error reading Label Manager response: %s", + strerror(errno)); return -1; } - zlog_debug("%s: Label Manager response received, %d bytes", __func__, - size); + zlog_debug("Label Manager response received, %d bytes", size); if (size == 0) return -1; - /* send response back */ + /* Get the 'proto' field of the message */ + proto = stream_getc(src); + + /* Get the 'instance' field of the message */ + instance = stream_getw(src); + + proto_str = zebra_route_string(proto); + + /* lookup the client to relay the msg to */ + zserv = zebra_find_client(proto, instance); + if (!zserv) { + zlog_err( + "Error relaying LM response: can't find client %s, instance %u", + proto_str, instance); + return -1; + } + zlog_debug("Found client to relay LM response to client %s instance %u", + proto_str, instance); + + /* copy msg into output buffer */ + dst = obuf; stream_copy(dst, src); - ret = writen(zserv->sock, src->data, stream_get_endp(src)); + + /* send response back */ + ret = writen(zserv->sock, dst->data, stream_get_endp(dst)); if (ret <= 0) { - zlog_err("%s: Error sending Label Manager response back: %s", - __func__, strerror(errno)); + zlog_err("Error relaying LM response to %s instance %u: %s", + proto_str, instance, strerror(errno)); return -1; } - zlog_debug("%s: Label Manager response (%d bytes) sent back", __func__, - ret); + zlog_debug("Relayed LM response (%d bytes) to %s instance %u", ret, + proto_str, instance); return 0; } static int lm_zclient_read(struct thread *t) { - struct zserv *zserv; int ret; - /* Get socket to zebra. */ - zserv = THREAD_ARG(t); zclient->t_read = NULL; /* read response and send it back */ - ret = relay_response_back(zserv); + ret = relay_response_back(); return ret; } @@ -125,6 +147,10 @@ static int reply_error(int cmd, struct zserv *zserv, vrf_id_t vrf_id) zclient_create_header(s, cmd, vrf_id); + /* proto */ + stream_putc(s, zserv->proto); + /* instance */ + stream_putw(s, zserv->instance); /* result */ stream_putc(s, 1); @@ -148,38 +174,73 @@ static int reply_error(int cmd, struct zserv *zserv, vrf_id_t vrf_id) * @return 0 on success, -1 otherwise */ int zread_relay_label_manager_request(int cmd, struct zserv *zserv, - vrf_id_t vrf_id) + struct stream *msg, vrf_id_t vrf_id) { - struct stream *src, *dst; + struct stream *dst; int ret = 0; + uint8_t proto; + const char *proto_str; + unsigned short instance; if (zclient->sock < 0) { - zlog_err( - "%s: Error relaying label chunk request: no zclient socket", - __func__); + zlog_err("Unable to relay LM request: no socket"); reply_error(cmd, zserv, vrf_id); return -1; } + /* peek msg to get proto and instance id. This zebra, which acts as + * a proxy needs to have such values for each client in order to + * relay responses back to it. + */ + + /* Get the 'proto' field of incoming msg */ + proto = stream_getc(msg); + + /* Get the 'instance' field of incoming msg */ + instance = stream_getw(msg); + + /* stringify proto */ + proto_str = zebra_route_string(proto); + + /* check & set client proto if unset */ + if (zserv->proto && zserv->proto != proto) { + zlog_warn("Client proto(%u) != msg proto(%u)", zserv->proto, + proto); + return -1; + } + + /* check & set client instance if unset */ + if (zserv->instance && zserv->instance != instance) { + zlog_err("Client instance(%u) != msg instance(%u)", + zserv->instance, instance); + return -1; + } + + /* recall proto and instance */ + zserv->instance = instance; + zserv->proto = proto; + /* in case there's any incoming message enqueued, read and forward it */ while (ret == 0) - ret = relay_response_back(zserv); + ret = relay_response_back(); - /* Send request to external label manager */ - src = ibuf; + /* get the msg buffer used toward the 'master' Label Manager */ dst = zclient->obuf; - stream_copy(dst, src); + /* copy the message */ + stream_copy(dst, msg); + /* Send request to external label manager */ ret = writen(zclient->sock, dst->data, stream_get_endp(dst)); if (ret <= 0) { - zlog_err("%s: Error relaying label chunk request: %s", __func__, - strerror(errno)); + zlog_err("Error relaying LM request from %s instance %u: %s", + proto_str, instance, strerror(errno)); reply_error(cmd, zserv, vrf_id); return -1; } - zlog_debug("%s: Label chunk request relayed. %d bytes sent", __func__, - ret); + zlog_debug("Relayed LM request (%d bytes) from %s instance %u", ret, + proto_str, instance); + /* Release label chunk has no response */ if (cmd == ZEBRA_RELEASE_LABEL_CHUNK) @@ -187,7 +248,7 @@ int zread_relay_label_manager_request(int cmd, struct zserv *zserv, /* make sure we listen to the response */ if (!zclient->t_read) - thread_add_read(zclient->master, lm_zclient_read, zserv, + thread_add_read(zclient->master, lm_zclient_read, NULL, zclient->sock, &zclient->t_read); return 0; @@ -276,7 +337,7 @@ void label_manager_init(char *lm_zserv_path) { /* this is an actual label manager */ if (!lm_zserv_path) { - zlog_debug("Initializing own label manager"); + zlog_debug("Initializing internal label manager"); lm_is_external = false; lbl_mgr.lc_list = list_new(); lbl_mgr.lc_list->del = delete_label_chunk; @@ -287,7 +348,6 @@ void label_manager_init(char *lm_zserv_path) lm_zclient_init(lm_zserv_path); } - ibuf = stream_new(ZEBRA_MAX_PACKET_SIZ); obuf = stream_new(ZEBRA_MAX_PACKET_SIZ); hook_register(zapi_client_close, release_daemon_label_chunks); @@ -393,6 +453,5 @@ int release_label_chunk(uint8_t proto, unsigned short instance, uint32_t start, void label_manager_close() { list_delete_and_null(&lbl_mgr.lc_list); - stream_free(ibuf); stream_free(obuf); } diff --git a/zebra/label_manager.h b/zebra/label_manager.h index b998372224..3e3def5f98 100644 --- a/zebra/label_manager.h +++ b/zebra/label_manager.h @@ -64,7 +64,7 @@ struct label_manager { bool lm_is_external; int zread_relay_label_manager_request(int cmd, struct zserv *zserv, - vrf_id_t vrf_id); + struct stream *msg, vrf_id_t vrf_id); void label_manager_init(char *lm_zserv_path); struct label_manager_chunk *assign_label_chunk(uint8_t proto, unsigned short instance, diff --git a/zebra/zapi_msg.c b/zebra/zapi_msg.c index 6bd12391db..9a18cc22f0 100644 --- a/zebra/zapi_msg.c +++ b/zebra/zapi_msg.c @@ -887,6 +887,10 @@ static int zsend_assign_label_chunk_response(struct zserv *client, zclient_create_header(s, ZEBRA_GET_LABEL_CHUNK, vrf_id); if (lmc) { + /* proto */ + stream_putc(s, lmc->proto); + /* instance */ + stream_putw(s, lmc->instance); /* keep */ stream_putc(s, lmc->keep); /* start and end labels */ @@ -912,6 +916,12 @@ static int zsend_label_manager_connect_response(struct zserv *client, zclient_create_header(s, ZEBRA_LABEL_MANAGER_CONNECT, vrf_id); + /* proto */ + stream_putc(s, client->proto); + + /* instance */ + stream_putw(s, client->instance); + /* result */ stream_putc(s, result); @@ -2397,6 +2407,26 @@ static void zread_label_manager_connect(struct zserv *client, stream_failure: return; } +static int msg_client_id_mismatch(const char *op, struct zserv *client, + uint8_t proto, unsigned int instance) +{ + if (proto != client->proto) { + zlog_err("%s: msg vs client proto mismatch, client=%u msg=%u", + op, client->proto, proto); + /* TODO: fail when BGP sets proto and instance */ + /* return 1; */ + } + + if (instance != client->instance) { + zlog_err( + "%s: msg vs client instance mismatch, client=%u msg=%u", + op, client->instance, instance); + /* TODO: fail when BGP sets proto and instance */ + /* return 1; */ + } + + return 0; +} static void zread_get_label_chunk(struct zserv *client, struct stream *msg, vrf_id_t vrf_id) @@ -2405,21 +2435,32 @@ static void zread_get_label_chunk(struct zserv *client, struct stream *msg, uint8_t keep; uint32_t size; struct label_manager_chunk *lmc; + uint8_t proto; + unsigned short instance; /* Get input stream. */ s = msg; /* Get data. */ + STREAM_GETC(s, proto); + STREAM_GETW(s, instance); STREAM_GETC(s, keep); STREAM_GETL(s, size); + /* detect client vs message (proto,instance) mismatch */ + if (msg_client_id_mismatch("Get-label-chunk", client, proto, instance)) + return; + lmc = assign_label_chunk(client->proto, client->instance, keep, size); if (!lmc) - zlog_err("%s: Unable to assign Label Chunk of size %u", - __func__, size); + zlog_err( + "Unable to assign Label Chunk of size %u to %s instance %u", + size, zebra_route_string(client->proto), + client->instance); else - zlog_debug("Assigned Label Chunk %u - %u to %u", lmc->start, - lmc->end, keep); + zlog_debug("Assigned Label Chunk %u - %u to %s instance %u", + lmc->start, lmc->end, + zebra_route_string(client->proto), client->instance); /* send response back */ zsend_assign_label_chunk_response(client, vrf_id, lmc); @@ -2431,14 +2472,23 @@ static void zread_release_label_chunk(struct zserv *client, struct stream *msg) { struct stream *s; uint32_t start, end; + uint8_t proto; + unsigned short instance; /* Get input stream. */ s = msg; /* Get data. */ + STREAM_GETC(s, proto); + STREAM_GETW(s, instance); STREAM_GETL(s, start); STREAM_GETL(s, end); + /* detect client vs message (proto,instance) mismatch */ + if (msg_client_id_mismatch("Release-label-chunk", client, proto, + instance)) + return; + release_label_chunk(client->proto, client->instance, start, end); stream_failure: @@ -2452,7 +2502,7 @@ static void zread_label_manager_request(ZAPI_HANDLER_ARGS) /* external label manager */ if (lm_is_external) - zread_relay_label_manager_request(hdr->command, client, + zread_relay_label_manager_request(hdr->command, client, msg, zvrf_id(zvrf)); /* this is a label manager */ else { |