5 files changed, 116 insertions, 35 deletions

diff --git a/bgpd/bgp_nb_config.c b/bgpd/bgp_nb_config.c
index a15cb7cad3..eca7093fcd 100644
--- a/bgpd/bgp_nb_config.c
+++ b/bgpd/bgp_nb_config.c
@@ -3033,9 +3033,17 @@ int bgp_neighbors_neighbor_update_source_interface_modify(
 	struct bgp *bgp;
 	const char *peer_str, *source_str;
 	struct peer *peer;
+	struct prefix p;
 
 	switch (args->event) {
 	case NB_EV_VALIDATE:
+		source_str = yang_dnode_get_string(args->dnode, NULL);
+		if (str2prefix(source_str, &p)) {
+			snprintf(args->errmsg, args->errmsg_len,
+				 "Invalid update-source, remove prefix length");
+			return NB_ERR_VALIDATION;
+		}
+		break;
 	case NB_EV_PREPARE:
 	case NB_EV_ABORT:
 		return NB_OK;
@@ -5071,9 +5079,17 @@ int bgp_neighbors_unnumbered_neighbor_update_source_interface_modify(
 	struct bgp *bgp;
 	const char *peer_str, *source_str;
 	struct peer *peer;
+	struct prefix p;
 
 	switch (args->event) {
 	case NB_EV_VALIDATE:
+		source_str = yang_dnode_get_string(args->dnode, NULL);
+		if (str2prefix(source_str, &p)) {
+			snprintf(args->errmsg, args->errmsg_len,
+				 "Invalid update-source, remove prefix length");
+			return NB_ERR_VALIDATION;
+		}
+		break;
 	case NB_EV_PREPARE:
 	case NB_EV_ABORT:
 		return NB_OK;
@@ -6962,9 +6978,17 @@ int bgp_peer_groups_peer_group_update_source_interface_modify(
 	struct bgp *bgp;
 	const char *peer_str, *source_str;
 	struct peer *peer;
+	struct prefix p;
 
 	switch (args->event) {
 	case NB_EV_VALIDATE:
+		source_str = yang_dnode_get_string(args->dnode, NULL);
+		if (str2prefix(source_str, &p)) {
+			snprintf(args->errmsg, args->errmsg_len,
+				 "Invalid update-source, remove prefix length");
+			return NB_ERR_VALIDATION;
+		}
+		break;
 	case NB_EV_PREPARE:
 	case NB_EV_ABORT:
 		return NB_OK;
diff --git a/bgpd/bgp_vty.c b/bgpd/bgp_vty.c
index fb4fae833d..6977223b83 100644
--- a/bgpd/bgp_vty.c
+++ b/bgpd/bgp_vty.c
@@ -4795,27 +4795,18 @@ DEFUN_YANG(neighbor_activate,
 {
 	int idx_peer = 1;
 	char base_xpath[XPATH_MAXLEN];
-	char abs_xpath[XPATH_MAXLEN];
-	char nbr_xpath[XPATH_MAXLEN];
 	char af_xpath[XPATH_MAXLEN];
 	afi_t afi = bgp_node_afi(vty);
 	safi_t safi = bgp_node_safi(vty);
 
 	snprintf(af_xpath, sizeof(af_xpath), FRR_BGP_AF_XPATH,
 		 yang_afi_safi_value2identity(afi, safi));
-
-	if (peer_and_group_lookup_nb(vty, argv[idx_peer]->arg, nbr_xpath,
-				     sizeof(nbr_xpath), af_xpath)
+	if (peer_and_group_lookup_nb(vty, argv[idx_peer]->arg, base_xpath,
+				     sizeof(base_xpath), af_xpath)
 	    < 0)
 		return CMD_WARNING_CONFIG_FAILED;
 
-	snprintf(base_xpath, sizeof(base_xpath), "%s%s", VTY_CURR_XPATH,
-		 nbr_xpath + 1);
-
-	snprintf(abs_xpath, sizeof(abs_xpath), "%s%s/enabled", VTY_CURR_XPATH,
-		 nbr_xpath + 1);
-
-	nb_cli_enqueue_change(vty, abs_xpath, NB_OP_MODIFY, "true");
+	nb_cli_enqueue_change(vty, "./enabled", NB_OP_MODIFY, "true");
 
 	return nb_cli_apply_changes(vty, base_xpath);
 }
@@ -6944,7 +6935,6 @@ DEFUN_YANG (neighbor_update_source,
 	    < 0)
 		return CMD_WARNING_CONFIG_FAILED;
 
-	// NOTE: Check source_str prefix address
 	if (str2sockunion(argv[idx_peer_2]->arg, &su) == 0)
 		nb_cli_enqueue_change(vty, "./update-source/ip", NB_OP_MODIFY,
 				      argv[idx_peer_2]->arg);
@@ -6965,28 +6955,15 @@ DEFUN_YANG (no_neighbor_update_source,
 {
 	int idx_peer = 2;
 	char base_xpath[XPATH_MAXLEN];
-	char abs_xpath_ip[XPATH_MAXLEN];
-	char abs_xpath_intf[XPATH_MAXLEN];
 
 	if (peer_and_group_lookup_nb(vty, argv[idx_peer]->arg, base_xpath,
 				     sizeof(base_xpath), NULL)
 	    < 0)
 		return CMD_WARNING_CONFIG_FAILED;
 
-	snprintf(abs_xpath_ip, sizeof(abs_xpath_ip), "%s%s/update-source/ip",
-		 VTY_CURR_XPATH, base_xpath + 1);
-	snprintf(abs_xpath_intf, sizeof(abs_xpath_intf),
-		 "%s%s/update-source/interface", VTY_CURR_XPATH,
-		 base_xpath + 1);
-
-	if (yang_dnode_exists(vty->candidate_config->dnode, abs_xpath_ip)) {
-		nb_cli_enqueue_change(vty, "./update-source/ip", NB_OP_DESTROY,
-				      NULL);
-	} else if (yang_dnode_exists(vty->candidate_config->dnode,
-				     abs_xpath_intf)) {
-		nb_cli_enqueue_change(vty, "./update-source/interface",
-				      NB_OP_DESTROY, NULL);
-	}
+	nb_cli_enqueue_change(vty, "./update-source/ip", NB_OP_DESTROY, NULL);
+	nb_cli_enqueue_change(vty, "./update-source/interface", NB_OP_DESTROY,
+			      NULL);
 
 	return nb_cli_apply_changes(vty, base_xpath);
 }
diff --git a/doc/user/basic.rst b/doc/user/basic.rst
index e85e1842b3..0bdcccaf74 100644
--- a/doc/user/basic.rst
+++ b/doc/user/basic.rst
@@ -25,10 +25,35 @@ forms the initial command set for a routing beast as it is starting.
 
 Config files are generally found in |INSTALL_PREFIX_ETC|.
 
-Each of the daemons has its own config file. The daemon name plus ``.conf`` is
-the default config file name. For example, zebra's default config file name is
-:file:`zebra.conf`. You can specify a config file using the :option:`-f` or
-:option:`--config_file` options when starting the daemon.
+Config Methods
+^^^^^^^^^^^^^^
+
+There are two ways of configuring FRR.
+
+Traditionally each of the daemons had its own config file. The daemon name plus
+``.conf`` was the default config file name. For example, zebra's default config
+file was :file:`zebra.conf`. This method is deprecated.
+
+Because of the amount of config files this creates, and the tendency of one
+daemon to rely on others for certain functionality, most deployments now use
+"integrated" configuration. In this setup all configuration goes into a single
+file, typically :file:`/etc/frr/frr.conf`. When starting up FRR using an init
+script or systemd, ``vtysh`` is invoked to read the config file and send the
+appropriate portions to only the daemons interested in them. Running
+configuration updates are persisted back to this single file using ``vtysh``.
+This is the recommended method. To use this method, add the following line to
+:file:`/etc/frr/vtysh.conf`:
+
+.. code-block:: frr
+
+   service integrated-vtysh-config
+
+If you installed from source or used a package, this is probably already
+present.
+
+If desired, you can specify a config file using the :option:`-f` or
+:option:`--config_file` options when starting a daemon.
+
 
 .. _basic-config-commands:
 
diff --git a/doc/user/installation.rst b/doc/user/installation.rst
index 5d5dfa5cc5..382d71b71f 100644
--- a/doc/user/installation.rst
+++ b/doc/user/installation.rst
@@ -31,8 +31,11 @@ From Source
 
 Building FRR from source is the best way to ensure you have the latest features
 and bug fixes. Details for each supported platform, including dependency
-package listings, permissions, and other gotchas, are in the developer's
-documentation. This section provides a brief overview on the process.
+package listings, permissions, and other gotchas, are in the `developer's
+documentation
+<http://docs.frrouting.org/projects/dev-guide/en/latest/building.html>`_. This
+section provides a brief overview on the process.
+
 
 Getting the Source
 ^^^^^^^^^^^^^^^^^^
diff --git a/doc/user/vrrp.rst b/doc/user/vrrp.rst
index 33582ee446..8ab050e9a0 100644
--- a/doc/user/vrrp.rst
+++ b/doc/user/vrrp.rst
@@ -507,3 +507,55 @@ VRRP is automatically activated. Global defaults, if set, are applied.
 
 You can then edit this configuration with **vtysh** as needed, and commit it by
 writing to the configuration file.
+
+
+Troubleshooting
+---------------
+
+My virtual routers are not seeing each others' advertisements
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Check:
+- Is your kernel at least 5.1?
+- Did you set the macvlan devices to ``bridge`` mode?
+- If using IPv4 virtual addresses, does the parent of the macvlan devices have
+  an IPv4 address?
+- If using IPv6 virtual addresses, is ``addrgenmode`` correctly set to
+  ``random`` and not the default ``eui64``?
+- Is a firewall (``iptables``) or policy (``ip rule``) dropping multicast
+  traffic?
+- Do you have unusual ``sysctls`` enabled that could affect the operation of
+  multicast traffic?
+- Are you running in ESXi? See below.
+
+
+My master router is not forwarding traffic
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+There's several possible causes here. If you're sure your configuration is
+otherwise correct, the following sysctl likely needs to be turned on:
+
+.. code-block:: console
+
+   sysctl -w net.ipv4.conf.eth0.ignore_routes_with_linkdown=1
+
+Without this setting, it's possible to create topologies in which virtual
+routers holding mastership status will not forward traffic.
+
+Issue reference: https://github.com/FRRouting/frr/issues/7391
+
+
+My router is running in ESXi and VRRP isn't working
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+By default, ESXi traffic security settings don't allow traffic to egress a VNIC
+that does not have the MAC address assigned to the VNIC. This breaks VRRP,
+since virtual MACs are the basis of the protocol.
+
+On ESXi before 6.7, you need to enable Promiscuous Mode in the ESXi settings.
+This is a significant security issue in some deployments so make sure you
+understand what you're doing. On 6.7 and later, you can use the MAC Learning
+feature instead, explained `here
+<https://www.virtuallyghetto.com/2018/04/native-mac-learning-in-vsphere-6-7-removes-the-need-for-promiscuous-mode-for-nested-esxi.html>`_.
+
+Issue reference: https://github.com/FRRouting/frr/issues/5386