| Age | Commit message (Collapse) | Author |
|---|
|
* bgpd: Fix 'show bgp ipv4/ipv6 neighbors' to show only v4 or v6 neighbors
* bgpd: Fix display issue when showing labeled-unicast routes
* bgpd: Fix incorrect # peers in 'show bgp ipv6 summary' output
* bgpd: Fix issue with remote-private-as in combination with local-as
* bgpd: Fix memory error when prepending to AS-path
* bgpd: Improve error handling when using maximum-prefix
* ldpd: Fix startup permissions error on OpenBSD
* ldpd: add support for FreeBSD IP_BINDANY
* ospfd: Fix incorrect display of millisecond time values
* tools: Fix incorrect systemd dependencies causing failure to start on boot
* vtysh: Fix unnecessary reconnection under multi-instance OSPF
* watchfrr: Fix multi-instance support when using new init script
* zebra: Fix a display bug in 'show ip route ... json'
* zebra: Fix compilation issue on OpenBSD
* zebra: Fix issue with missed selection of system-sourced routes
* zebra: Fix race condition in label manager
* zebra: Reliability improvements to pseudowire route recovery
* zebra: Tweak metric values for macvlan devices
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
|
|
[6.0] ldpd: *BSD fixes
|
|
Add yet another way to setsockopt a socket to listen to a foreign
address.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
|
|
OpenBSD doesn't define RTM_LOCK anymore:
https://marc.info/?l=openbsd-tech&m=153018811429193&w=2
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
|
|
We must open the PF_KEY socket before dropping privileges, otherwise the
socket creation will fail with permission problems.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
|
|
bgpd: [6.0] Do not send UPDATE message with maximum-prefix
|
|
When using maximum-prefix and count is overflow BGP
sends UPDATE message:
Apr 15 20:45:06 exit1-debian-9 bgpd[9818]: 192.168.0.2 [Error] Error parsing NLRI
Apr 15 20:45:06 exit1-debian-9 bgpd[9818]: %NOTIFICATION: sent to neighbor 192.168.0.2 3/10 (UPDATE Message Error/Invalid Network Field) 0 bytes
Signed-off-by: Donatas Abraitis <donatas.abraitis@gmail.com>
|
|
ton31337/feature/all_alias_for_force_next_self_host_6.0
bgpd: [6.0] Make sure `next-hop-self all` backward compatible with force
|
|
Signed-off-by: Donatas Abraitis <donatas.abraitis@gmail.com>
|
|
[6.0] bgpd: Incorrect number of peers count in "show bgp ipv6 summary" output
|
|
zebra: pseudowire event recovery (DoS fix) [6.0]
|
|
When having a route recovery, because of the route installation
cycling and the next hop label check, it could happen that the PW
never gets recovered. The original code shows the intention of retrying,
but the code was missing. The fix includes the call to the timer programming
the recovery attempt.
Example for reproducing the issue:
|P1| <-> |P2| <-> |P3|
- Being P1, P2, P3 nodes, using IS-IS as IGP, and having a pseudowire
betwen P1 and P3 (P1, P2, P3 having configured LDP daemons).
- After 60 seconds, kill the IS-IS daemon in P2.
- Wait 30 seconds
- Launch again the IS-IS daemon in P2
- The bug/issue is that after P1 <-> P3 recovering connectivity sometimes
the PW is not recovered because the reason explained in the first paragraph.
Signed-off-by: F. Aragon <paco@voltanet.io>
|
|
zebra: label manager race condition fix (6.0 branch)
|
|
This fix covers the case where two or more events are processed but only one
becoming effective. E.g. when mixing a synchronous label request from a LDP
deamon and an asynchronous request from a BGP daemon it could happen to the
BGP having the label chunk, but the LDP stuck waiting for the response.
Given e.g.
ldpd <-------->
(sync label request)
Zebra (label proxy) <--> Zebra (shared label manager)
bgpd <-------->
(async label request)
Sequence:
LDP label request ----->
Zebra (label proxy FW) ----> Zebra (LM)
BGP label request ----->
Zebra (label proxy FW) ----> Zebra (LM)
<---- Zebra (LM) RP LDP
<---- Zebra (LM) RP BGP
Signed-off-by: F. Aragon <paco@voltanet.io>
|
|
bgpd: [6.0] Remove private AS numbers if local-as is defined
|
|
When using remove-private-AS together with local-as
aspath_remove_private_asns() is called before bgp_packet_attribute().
In this case, private AS will always appear in front of change_local_as.
Signed-off-by: Donatas Abraitis <donatas.abraitis@gmail.com>
|
|
bfdd, nhrpd, pimd: When deleting an interface clean up
|
|
When we delete an interface, we need to set the interface
ifindex to an internal value so that we don't end up in
a state where the re-addition of the same ifindex, due to
a rename operation, causes an infinite loop.
Fixes:#4007
Fix-Suggested-by: Saravanan K
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
|
[6.0] bgpd: fix show bgp labeled_unicast
|
|
while labeled_unicast routes should be fetched in the
unicast table, we cannot set the safi to SAFI_UNICAST
else the peer afc checks and subgroup retrieval will fail
Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
|
|
[6.0] redhat: switch to new init script
|
|
The "declare -p watchfrr_options" call is just to support backwards
compatibility. If it fails, silently ignore that.
Signed-off-by: David Lamparter <equinox@diac24.net>
|
|
bgpd: [6.0] Add peer action for PEER_FLAG_IFPEER_V6ONLY flag
|
|
Drop the special versions of frr.init/frr.service/daemons from redhat/
and use the generic versions instead.
Tested-by: Liam McBirnie <liam.mcbirnie@boeing.com>
Signed-off-by: David Lamparter <equinox@diac24.net>
|
|
Connected 6.0
|
|
ospfd: [6.0] fix some json timer output
|
|
System Routes if received over the netlink bus in a
specific pattern that causes an update operation for that
route in zebra can leave the dest->selected_fib pointer NULL,
while having the ZEBRA_FLAG_SELECTED flag set. Specifically
one way to achieve this is to do this:
`ip addr del 4.5.6.7/32 dev swp1 ; ip addr add 4.5.6.7/32 dev swp1 metric 9`
Why is this a big deal?
Because nexthop tracking is looking at ZEBRA_FLAG_SELECTED to
know if we can use a route, while nexthop active checking uses
dest->selected_fib.
So imagine we have bgp registering a nexthop. nexthop tracking in
the above case will be able to choose the 4.5.6.7/32 route
if that is what the nexthop is, due to the ZEBRA_FLAG_SELECTED being
properly set. BGP then allows the peers connection to come up and we
install routes with a 4.5.6.7 nexthop. The rib processing for route
installation will then look at the 4.5.6.7 route see no
dest->selected_fib and then start walking up the tree to resolve
the route. In our case we could easily hit the default route and be
unable to resolve the route. Which then becomes inactive in the
rib so we never attempt to install it.
This commit fixes this problem because when the rib_process decides
that we need to update the fib( ie replace old w/ new ), the
replacement with new was not setting the `dest->selected_fib` pointer
to the new route_entry, when the route was a system route.
Ticket: CM-24203
Signed-off-by: Donald Sharp <sharpd@cumulusnetworkscom>
|
|
Fix a few json output values: a few are in seconds, not msecs,
and one is a number-per-second, not a duration. [6.0 version]
Signed-off-by: Mark Stapp <mjs@voltanet.io>
|
|
The `show ip route A.B.C.D json` command was only displaying
the last route entry looked at and we would drop the data
associated with other route entries. This fixes the issue:
robot# show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
F - PBR, f - OpenFabric,
> - selected route, * - FIB route
K>* 0.0.0.0/0 [0/100] via 192.168.201.1, enp3s0, 00:13:31
C>* 4.50.50.50/32 is directly connected, lo, 00:13:31
D 10.0.0.1/32 [150/0] via 192.168.201.1, enp3s0, 00:09:46
S>* 10.0.0.1/32 [1/0] via 192.168.201.1, enp3s0, 00:10:04
C>* 192.168.201.0/24 is directly connected, enp3s0, 00:13:31
robot# show ip route 10.0.0.1 json
{
"10.0.0.1\/32":[
{
"prefix":"10.0.0.1\/32",
"protocol":"sharp",
"distance":150,
"metric":0,
"internalStatus":0,
"internalFlags":1,
"uptime":"00:09:50",
"nexthops":[
{
"flags":1,
"ip":"192.168.201.1",
"afi":"ipv4",
"interfaceIndex":2,
"interfaceName":"enp3s0",
"active":true
}
]
},
{
"prefix":"10.0.0.1\/32",
"protocol":"static",
"selected":true,
"distance":1,
"metric":0,
"internalStatus":0,
"internalFlags":2064,
"uptime":"00:10:08",
"nexthops":[
{
"flags":3,
"fib":true,
"ip":"192.168.201.1",
"afi":"ipv4",
"interfaceIndex":2,
"interfaceName":"enp3s0",
"active":true
}
]
}
]
}
robot#
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
|
The dest->selected_fib should be reported in json output
so that we can debug subtle conditions a bit better in the
future.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
|
In a VRR/VRRP setup we can have connected routes with different costs.
So this change eliminates suppressing metric display for connected routes.
Sample output -
root@TORC11:~# vtysh -c "show ipv6 route vrf vrf1"
Codes: K - kernel route, C - connected, S - static, R - RIPng,
O - OSPFv3, I - IS-IS, B - BGP, N - NHRP, T - Table,
v - VNC, V - VNC-Direct, A - Babel, D - SHARP, F - PBR,
> - selected route, * - FIB route
VRF vrf1:
K * ::/0 [255/8192] unreachable (ICMP unreachable), 00:00:36
C * 2001:aa:1::/64 [0/100] is directly connected, vlan1002-v0, 00:00:36
C>* 2001:aa:1::/64 [0/90] is directly connected, vlan1002, 00:00:36
Signed-off-by: Anuradha Karuppiah <anuradhak@cumulusnetworks.com>
|
|
MACVLAN devices are typically used for applications such as VRR/VRRP that
require a second MAC address (virtual). These devices have a corresponding
SVI/VLAN device -
root@TORC11:~# ip addr show vlan1002
39: vlan1002@bridge: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9152 qdisc noqueue master vrf1 state UP group default
link/ether 00:02:00:00:00:2e brd ff:ff:ff:ff:ff:ff
inet6 2001:aa:1::2/64 scope global
valid_lft forever preferred_lft forever
root@TORC11:~# ip addr show vlan1002-v0
40: vlan1002-v0@vlan1002: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9152 qdisc noqueue master vrf1 state UP group default
link/ether 00:00:5e:00:01:01 brd ff:ff:ff:ff:ff:ff
inet6 2001:aa:1::a/64 metric 1024 scope global
valid_lft forever preferred_lft forever
root@TORC11:~#
The macvlan device is used primarily for RX (VR-IP/VR-MAC). And TX is via
the SVI. To acheive that functionality the macvlan network's metric
is set to a higher value.
Zebra currently ignores the devaddr metric sent by the kernel and hardcodes
it to 0. This commit eliminates that hardcoding. If the devaddr metric
is available (METRIC_MAX) it is used for setting up the connected route
otherwise we fallback to the dev/interface metric.
Setting the macvlan metric to a higher value ensures that zebra will always
select the connected route on the SVI (and subsequently use it for next hop
resolution etc.) -
root@TORC11:~# vtysh -c "show ip route vrf vrf1 2001:aa:1::/64"
Routing entry for 2001:aa:1::/64
Known via "connected", distance 0, metric 1024, vrf vrf1
Last update 11:30:56 ago
* directly connected, vlan1002-v0
Routing entry for 2001:aa:1::/64
Known via "connected", distance 0, metric 0, vrf vrf1, best
Last update 11:30:56 ago
* directly connected, vlan1002
root@TORC11:~#
Ticket: CM-23511
Signed-off-by: Anuradha Karuppiah <anuradhak@cumulusnetworks.com>
|
|
ospfd: When converting to ms divide by 1000
|
|
When converting to miliseconds divide by 1000 not
the other way around.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
|
[6.0] bgpd: 'show bgp [ipv4|ipv6] neighbors' displays all address family neighbors
|
|
peer_flag_modify() will always return BGP_ERR_INVALID_FLAG because
the action was not defined for PEER_FLAG_IFPEER_V6ONLY flag.
```
global PEER_FLAG_IFPEER_V6ONLY = 16384;
global BGP_ERR_INVALID_FLAG = -2;
probe process("/usr/lib/frr/bgpd").statement("peer_flag_modify@/root/frr/bgpd/bgpd.c:3975")
{
if ($flag == PEER_FLAG_IFPEER_V6ONLY && $action->type == 0)
printf("action not found for the flag PEER_FLAG_IFPEER_V6ONLY\n");
}
probe process("/usr/lib/frr/bgpd").function("peer_flag_modify").return
{
if ($return == BGP_ERR_INVALID_FLAG)
printf("return BGP_ERR_INVALID_FLAG\n");
}
```
produces:
action not found for the flag PEER_FLAG_IFPEER_V6ONLY
return BGP_ERR_INVALID_FLAG
$ vtysh -c 'conf t' -c 'router bgp 20' -c 'neighbor eth1 interface v6only remote-as external'
Signed-off-by: Donatas Abraitis <donatas.abraitis@gmail.com>
|
|
- Display only ipv4 neighbors when 'show bgp ipv4 neighbors' command is
issued.
- Display only ipv6 neighbors when 'show bgp ipv6 neighbors'
command is issued.
- Take the address family of the peer address into account, while
displaying the neighbors.
Signed-off-by: Kiran Kella <kiran.kella@broadcom.com>
|
|
[6.0] doc: VTYSH_PAGER docs + new FRR theme
|
|
[6.0] tools: fix new init script wrt. multi-instance
|
|
TBH when I looked at watchfrr I didn't see any MI support and hence
assumed this just didn't work to begin with. However, it actually does
(transparently to watchfrr, by just using "ospfd-1" as daemon name.)
So, fix this up and make it work again.
(Also remove 2 extraneous \n in messages.)
Signed-off-by: David Lamparter <equinox@diac24.net>
|
|
Signed-off-by: David Lamparter <equinox@diac24.net>
|
|
Signed-off-by: David Lamparter <equinox@diac24.net>
|
|
[6.0] vtysh: Don't attempt to reconnect the non-instanced ospf process
|
|
https://github.com/AkhileshSamineni/frr into show_bgp_ipv6_summary_fix
|
|
Fix : Now the peers count displays the number of neighbors activated per afi/safi.
Signed-off-by: Akhilesh Samineni <akhilesh.samineni@broadcom.com>
|
|
Fix : Now the peers count displays the number of neighbors activated per afi/safi.
Signed-off-by: Akhilesh Samineni <akhilesh.samineni@broadcom.com>
|
|
When running ospf instances we should not attempt to reconnect
the default ospf instance on running a command.
This commit should be targeted enough because in the case
of normal operation we connect to everything we should
and only set the VTYSH_WAS_ACTIVE flag for those we
truly have lost connection too.
Before:
donna.cumulusnetworks.com# config t
donna.cumulusnetworks.com(config)# router ospf 100
Warning: connecting to ospfd...failed!
donna.cumulusnetworks.com(config-router)#
After:
donna.cumulusnetworks.com# conf t
donna.cumulusnetworks.com(config)# router ospf 100
donna.cumulusnetworks.com(config-router)# end
donna.cumulusnetworks.com#
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
|
[6.0] bgpd: fix as-path prepend heap uaf
|
|
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
|
|
[6.0.3] tools: fix systemd dependency graph
|
