| Age | Commit message (Collapse) | Author |
|---|
|
The seg6local route dumped by 'show ipv6 route' makes think that the USP
flavor is supported, whereas it is not the case. This information is a
context information, and for End, the context information should be
empty.
> # show ipv6 route
> [..]
> I>* fc00:0:4::/128 [115/0] is directly connected, sr0, seg6local End USP, weight 1, 00:49:01
Fix this by suppressing the USP information from the output.
Fixes: e496b4203055 ("bgpd: prefix-sid srv6 l3vpn service tlv")
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
|
lib: crash handlers must be allowed on threads (backport #18060)
|
|
Blocking all signals on non-main threads is not the way to go, at least
the handlers for SIGSEGV, SIGBUS, SIGILL, SIGABRT and SIGFPE need to run
so we get backtraces. Otherwise the process just exits.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
(cherry picked from commit 13a6ac5b4ca8fc08b348f64de64a787982f24250)
|
|
We were hashing 4 bytes of the address. Even for IPv6 addresses.
Oops.
The reason this was done was to try to make it faster, but made a
complex maze out of everything. Time for a refactor.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
(cherry picked from commit 001fcfa1dd9f7dc2639b4f5c7a52ab59cc425452)
|
|
When reading in a nexthop from ZAPI, only set the fields that actually
have meaning. While it shouldn't happen to begin with, we can otherwise
carry padding garbage into the unused leftover union bytes.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
(cherry picked from commit 4a0e1419a69d07496c7adfb744beecd00e1efef2)
|
|
bgpd crashes when there is several entries in the prefix-list. No
backtrace is provided because the issue was catched from a code review.
Fixes: 856ca177c4 ("Added json formating support to show-...-neighbors-... bgp commands.")
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
(cherry picked from commit 8ccf60921b85893d301186a0f8156fb702da379f)
|
|
0x<address>FX was displayed instead of the prefix.
Fixes: b219dda129 ("lib: Convert usage of strings to %pFX and %pRN")
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
(cherry picked from commit b7e843d7e8afe57d3815dbb44e30307654e73711)
|
|
Without the fix:
```
show ip prefix-list test_1 10.20.30.96/27 first-match
<no result>
show ip prefix-list test_2 192.168.1.2/32 first-match
<no result>
```
With the fix:
```
ip prefix-list test_1 seq 10 permit 10.20.30.64/26 le 27
!
end
donatas# show ip prefix-list test_1 10.20.30.96/27
seq 10 permit 10.20.30.64/26 le 27 (hit count: 1, refcount: 0)
donatas# show ip prefix-list test_1 10.20.30.64/27
seq 10 permit 10.20.30.64/26 le 27 (hit count: 2, refcount: 0)
donatas# show ip prefix-list test_1 10.20.30.64/28
donatas# show ip prefix-list test_1 10.20.30.126/26
seq 10 permit 10.20.30.64/26 le 27 (hit count: 3, refcount: 0)
donatas# show ip prefix-list test_1 10.20.30.126/30
donatas#
```
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
(cherry picked from commit dd4c2acc2e871283256f6cea16ede6d2d7f72dfe)
|
|
After the change:
```
$ grep on-rib-process /etc/frr/frr.conf
zebra on-rib-process script script4
$ systemctl restart frr
$ vtysh -c 'show run' | grep on-rib-process
zebra on-rib-process script script4
```
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
(cherry picked from commit 1fe1f8d87c4ab46ae18536a2418c05ae5fd95185)
|
|
Include SID structure information in seg6local nexthop data structure.
Signed-off-by: Carmine Scarpitta <cscarpit@cisco.com>
|
|
This reverts commit 0e3c5e8e5907321b35201f0985c1d3f4a1b0e639.
(cherry picked from commit 6a36b9ef49bfce59a7e674df233265da6d275257)
|
|
They are managed under `frr-route-map`, not under `frr-bgp-route-map`.
Fixes: https://github.com/FRRouting/frr/issues/17055
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
(cherry picked from commit b9a9be492e8dde39a0040bd1140893ccab83c2be)
|
|
Prior to this commit stdout of a process started in a daemon mode was
attached to a calling process.
As a result a calling process hung for infinity.
Signed-off-by: Vladislav Odintsov <vlodintsov@k2.cloud>
(cherry picked from commit 0e3c5e8e5907321b35201f0985c1d3f4a1b0e639)
|
|
When a whole distribute-list is deleted (can be done only using API),
all its children must be cleaned up manually.
Fixes #16538
Signed-off-by: Igor Ryzhov <idryzhov@gmail.com>
(cherry picked from commit 8fad4f317ebd3de7677d7600e7a024f713b20d70)
|
|
The destroy callback must be executed only once on APPLY stage.
Fixes #16528
Signed-off-by: Igor Ryzhov <idryzhov@gmail.com>
(cherry picked from commit 2b12d62e38bf41648b2703b5a5c48e47eb01edc7)
|
|
Correct FRR startup counts on a daemon's vty socket to be open when the
parent process exits. The parent process waits for `frr_check_detach()`
to be called by the child before exiting. The problem is when the
`FRR_MANUAL_VTY_START` flag is set the vty socket was not opened but
`frr_check_detach()` was called anyway.
Instead add a bool option for `frr_check_detach()` to be called when the
socket is opened with `frr_vty_serv_start()`, and do so when "manually"
calling said function (i.e., when FRR_MANUAL_VTY_START is set).
The `FRR_MANUAL_VTY_START` flag is only set by mgmtd. The reason we
wait to open the vty socket is so that mgmtd can parse the various
daemon specific config files it has taken over, after the event loop has
started, but before we receive any possible new config from `vtysh`.
fixes #16362
Signed-off-by: Christian Hopps <chopps@labn.net>
(cherry picked from commit be9a6fc0ea8180a4aaa558c5402ea543427e2e7e)
|
|
Additionally, print `errmsg_if_any` in successful debug messages
if non-NULL.
fixes #16386 #16043
Signed-off-by: Christian Hopps <chopps@labn.net>
(cherry picked from commit 7afd7d99f2fa39be073625c630d46f96e5dd66a5)
|
|
lib: fix copy srte_color from zapi_nexthop structure (backport #16191)
|
|
Signed-off-by: Christian Hopps <chopps@labn.net>
(cherry picked from commit 07090ccf5a3c81f650faef914a646f0e31a26fc8)
|
|
When switching from nexthop to zapi_nexthop, the srte color
is copied. Do the same in reverse.
Fixes: 31f937fb43f4 ("lib, zebra: Add SR-TE policy infrastructure to zebra")
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
(cherry picked from commit 49bc1b6c21e8da0da82746373a7257aeb2c9fa4a)
|
|
We're not calling any other termination functions to free allocated
memory when daemonizing except these two. There's no reason for such an
exception, and because of these calls we have the following libyang
warnings every time FRR is started:
```
MGMTD: libyang: String "15" not freed from the dictionary, refcount 2
MGMTD: libyang: String "200" not freed from the dictionary, refcount 2
MGMTD: libyang: String "mrib-then-urib" not freed from the dictionary, refcount 2
MGMTD: libyang: String "1000" not freed from the dictionary, refcount 2
MGMTD: libyang: String "10" not freed from the dictionary, refcount 2
MGMTD: libyang: String "5" not freed from the dictionary, refcount 2
```
Remove these calls to get rid of the unnecessary warnings.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
(cherry picked from commit a564710c34bdae8a0f0630f50b5718f0757d8edc)
|
|
c-ares has deprecated ares_gethostbyname() in version 1.28.0
Replace it with ares_getaddrinfo().
This fixes a build error on Fedora 40.
Signed-off-by: Andrew Cooks <acooks.at.bda@gmail.com>
(cherry picked from commit 89a2e4d8257a91d115fa29e02261c33312da5cba)
|
|
ares_process(...) has been deprecated.
Replace it with ares_process_fd(...)
Signed-off-by: Andrew Cooks <acooks.at.bda@gmail.com>
(cherry picked from commit 4540fa0a3e702f577d378b3fa1f5f26591a0a5ad)
|
|
In zebra_interface_nhg_reinstall zebra is checking that the
nhg is a singleton and not a blackhole nhg. This was originally
done with checking that the nexthop is a NEXTHOP_TYPE_IFINDEX,
NEXTHOP_TYPE_IPV4_IFINDEX and NEXTHOP_TYPE_IPV6_IFINDEX. This
was excluding NEXTHOP_TYPE_IPV4 and NEXTHOP_TYPE_IPV6. These
were both possible to be received and maintained from the upper
level protocol for when a route is being recursively resolved.
If we have gotten to this point in zebra_interface_nhg_reinstall
the nexthop group has already been installed at least once
and we *know* that it is actually a valid nexthop. What the
test is really trying to do is ensure that we are not reinstalling
a blackhole nexthop group( Which is not possible to even be
here by the way, but safety first! ). So let's change
to test for that instead.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
(cherry picked from commit 29c1ff446e581fc403d155fd1d00b7c944cba56a)
|
|
If a command is not marked as `YANG`-converted, the current command
batching buffer is flushed before executing the command. We shouldn't
flush the buffer when executing an `exit` command. It should only be
flushed if the next command is not `YANG`-converted, which is checked by
the command itself, not the previous `exit`.
Fixes #15706.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
(cherry picked from commit 57811a53ba65f755cb2ff9cdc682b8a249144ffa)
|
|
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
(cherry picked from commit 988d4444d44814fa3325795154911f420319ac76)
|
|
lib: don't define a `fallthrough` in c++ to avoid conflict with protobuf c++
check: add link libs required by some versions of grpc++ or it's dependent
linked libs
tests: don't fail the test due to known at exit memleaks
Signed-off-by: Christian Hopps <chopps@labn.net>
(cherry picked from commit 043a4183c2f10e6117695dec7a0373c1b0a63808)
|
|
Split zebra's vrf_terminate() into disable() and delete() stages.
The former enqueues all events for the dplane thread.
Memory freeing is performed in the second stage.
Signed-off-by: Alexander Skorichenko <askorichenko@netgate.com>
(cherry picked from commit 444ce317b2af491b5cdc321286772627a5d4c8ea)
|
|
This is happening for Alpine Linux.
```
26 64.59 ./lib/sigevent.h:23:18: error: unknown type name 'sig_atomic_t'
26 64.59 23 | volatile sig_atomic_t caught; /* private member */
26 64.59 | ^~~~~~~~~~~~
26 64.60 In file included from ./lib/libfrr.h:12,
26 64.60 from ./lib/vty.h:28,
26 64.60 from ./lib/command.h:11,
26 64.60 from ./lib/debug.h:11,
26 64.60 from ./mgmtd/mgmt.h:12,
26 64.60 from mgmtd/mgmt_history.c:14:
26 64.60 ./lib/sigevent.h:23:18: error: unknown type name 'sig_atomic_t'
26 64.60 23 | volatile sig_atomic_t caught; /* private member */
26 64.60 | ^~~~~~~~~~~~
```
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
(cherry picked from commit f03b0bfaa4225182064d7749808b49760a618d29)
|
|
Add missing cli_cmp callback. Without it, interfaces are not sorted and
printed in order they were created.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
(cherry picked from commit 18da7369490af6bfb88431ad3f2c3a2934865f17)
|
|
When a node is top-level, we shouldn't stop the whole processing, we
should just skip this single node.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
(cherry picked from commit 8287fbe453d150a5e129ed204d89a4dce9b6982f)
|
|
`darr_avail` returns the available capacity excluding the already
existing terminating NULL byte. Take this into account when using
`darr_avail`. Otherwise, if the error length is a power of 2, the
capacity is never enough and the function stucks in an infinite loop.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
(cherry picked from commit cb6032d6b3d9fc1198f61ac343ec22b456a8896e)
|
|
If the initial darr capacity is not enough for the output, the `ap` is
reused multiple times, which is wrong, because it may be altered by
`vsnprintf`. Make a copy of `ap` each time instead of reusing.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
(cherry picked from commit ee0c1cc1e4b87bde73f1eba3212ab93b1c379c6c)
|
|
lib: fix access/prefix-list entry update (backport #15427)
|
|
lib: Do not convert EVPN prefixes into IPv4/IPv6 if not needed (backport #15377)
|
|
When a prefix-list entry is updated, current NB code calls the
replacement code multiple times, once per each updated field. It means
that when multiple fields of an entry are changed in a single commit,
the replacement is done with an interim state of a prefix-list instead
of a final one. To fix the issue, we should call the replacement code
once, after all fields of an entry are updated.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
(cherry picked from commit 0bc2ab8598fa1418d3a45499e4f047622d21d6b4)
|
|
When an access-list entry is updated, current NB code calls notification
hooks for each updated field. It means that when multiple fields of an
entry are changed in a single commit, the hooks are run with an interim
state of an access-list instead of a final one. To fix the issue, we
should call the hooks once, after all fields of an entry are updated.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
(cherry picked from commit a9460ae713a43285a972070d925ce38eaa5e363a)
|
|
By calling `ly_log_options` with `LY_LOSTORE`, the current code
effectively disables libyang logging and never enables it back. The call
is done to get the current logging options, but we don't really need
that. When looking for a schema node, we don't want neither to log nor
to store the error, so simply set the temporary options to 0.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
(cherry picked from commit 3cd6ddaec6fd41ac84ef23595ffc7e3d18334839)
|
|
Containers inside a choice's case must be treated as presence containers
as they can be explicitly created and deleted. They must have `create`
and `destroy` callbacks, otherwise the internal data they represent may
never be deleted.
The issue can be reproduced with the following steps:
- create an access-list with destination-network params
```
# access-list test seq 1 permit ip any 10.10.10.0 0.0.0.255
```
- delete the `destination-network` container
```
# mgmt delete-config /frr-filter:lib/access-list[name='test'][type='ipv4']/entry[sequence='1']/destination-network
# mgmt commit apply
MGMTD: No changes found to be committed!
```
As the `destination-network` container is non-presence, and all its
leafs are mandatory, mgmtd doesn't see any changes to be commited and
simply updates its YANG data tree without passing any updates to backend
daemons.
This commit fixes the issue by requiring `create` and `destroy`
callbacks for containers inside choice's cases.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
(cherry picked from commit 0b905f740459291bca12e552aea4975fb46e9d98)
|
|
When ordering operations, destroys must always come before other
operations, to correctly cover the change of a "case" in a "choice".
The problem can be reproduced with the following commands:
```
access-list test seq 1 permit 10.0.0.0/8
access-list test seq 1 permit host 10.0.0.1
access-list test seq 1 permit 10.0.0.0/8
```
Before this commit, the order of changes would be the following:
- `access-list test seq 1 permit 10.0.0.0/8`
- `modify` for `ipv4-prefix`
- `access-list test seq 1 permit host 10.0.0.1`
- `destroy` for `ipv4-prefix`
- `modify` for `host`
- `access-list test seq 1 permit 10.0.0.0/8`
- `modify` for `ipv4-prefix`
- `destroy` for `host`
As `destroy` for `host` is called last, it rewrites the fields that were
filled by `modify` callback of `ipv4-prefix`. This commit fixes this
problem by always calling `destroy` callbacks first.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
(cherry picked from commit 38b85e0c2bc555b8827dbd2cb6515b6febf548b4)
|
|
Notifications are sent by mgmtd for each session of a client, so they
should be processed once per each session.
Also, add session_id parameter to an async_notification callback as all
other callbacks have this parameter.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
(cherry picked from commit 13359c5cc9b8fd84c62b30443e063d96e9a73034)
|
|
Convert only when this is really needed, e.g. `match ip address prefix-list ...`.
Otherwise, we can't have mixed match clauses, like:
```
match ip address prefix-list p1
match evpn route-type prefix
```
This won't work, because the prefix is already converted, and we can't extract
route type, vni, etc. from the original EVPN prefix.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
(cherry picked from commit 439b739495e86912c8b9ec36b84e55311c549ba0)
|
|
When ordering the NB callbacks according to their priorities, if the
operation is "destroy" we should reverse the order, to destroy the
dependants before the dependencies.
This fixes the crash, that can be reproduced with the following steps:
```
frr# conf term file-lock
frr(config)# affinity-map map bit-position 10
frr(config)# interface test
frr(config-if)# link-params
frr(config-link-params)# affinity map
frr(config-link-params)# exit
frr(config-if)# exit
frr(config)# mgmt commit apply
frr(config)# no affinity-map map
frr(config)# interface test
frr(config-if)# link-params
frr(config-link-params)# no affinity map
frr(config-link-params)# exit
frr(config-if)# exit
frr(config)# mgmt commit apply
```
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
(cherry picked from commit 01f371a677dc52ff888b14360f6ffd63b91f3845)
|
|
Other objects depend on affinity-maps being created before them by using
leafref with require-instance true. Set the priority to ensure that.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
(cherry picked from commit 323caf1d7013c4787b30ee34b3c53dd4bf0a92aa)
|
|
Signed-off-by: Christian Hopps <chopps@labn.net>
(cherry picked from commit 4a93d171c2e3ec1ff6c4fc553d6acf42e035e0d4)
|
|
- call the new notification hooks when backends call the old notification
posting API.
Signed-off-by: Christian Hopps <chopps@labn.net>
(cherry picked from commit 1d4ea437e4a4fced3fce6e441952fdea8d94af80)
|
|
Before this fix would always return empty results b/c there was no
libyang tree to print to output format.
Signed-off-by: Christian Hopps <chopps@labn.net>
(cherry picked from commit dff28248c3c1dee0d1c9f9225dab66224c6aac54)
|
|
Signed-off-by: Christian Hopps <chopps@labn.net>
(cherry picked from commit b8e07049a8ee684eaa8df48bef6e7bfbc853644d)
|
|
lib, ospfclient, vtysh: Allow for a minimum fd poll size
|
|
Currently, YANG notification processing is done using a special type of
callbacks registered in backend clients. In this commit, we start using
regular northbound infrastructure instead, because it already has a
convenient way of registering xpath-specific callbacks without the need
for creating additional structures for each necessary notification. We
also now pass a notification data to the callback, instead of a plain
JSON. This allows to use regular YANG library functions for inspecting
notification fields, instead of manually parsing the JSON.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
|
