In the unlikely event you are building with -Werror=undef, several
configure checks fail. Fix those.
Signed-off-by: Ruben Kerkhof <ruben@rubenkerkhof.com>
The "test" program uses =, not ==. A lot of shells accept == as an
extension, but not all do and it's technically out of spec.
Signed-off-by: David Lamparter <equinox@diac24.net>
Like gcov but better!
Also has a driveby fix for --enable-dev-build being mutually exclusive
with --enable-gcov...
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
With the pull of the 7.3 stabilization branch, update the
version number we will auto generate.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
These were setting = SAN_FLAGS, we want to add to the variable. Note
MSAN can't be used with any other sanitizer (except UBSan) but the
compiler will complain about that if you use it wrong so we don't need
to enforce it here.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Older versions of protobuf-c do not support version 3 of the
protocol. Add a check into the system to see if we have
version 3 available and if so, compile it in.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
This is pretty much just to get rid of the HAVE_CUMULUS. The
hook/module API is as "wtf" as it was before...
Signed-off-by: David Lamparter <equinox@diac24.net>
Hopefully at some point we can get rid of the --enable-datacenter switch
and just have the init script do magic. Should already work for Cumulus
as it is.
NB: the profile name can't be baked into the package. The whole point
is to make the package profile-agnostic; in theory at some point the
exact same package files should work on both, say, a Cumulus switch and
a Linux software BGP DFZ router.
Signed-off-by: David Lamparter <equinox@diac24.net>
getrusage, in a heavily stressed system, can account for
signficant running time due to process switching to the kernel.
Allow the end-operator to specify `--disable-cpu-time` to
avoid this call. Additionally we cause `show thread cpu` to
not show up if this is selected.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
We should test for `-fsanitize=memory` instead of `-fsanitize=thread`
when enabling memory sanitizer. While here, fix the error message.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
Linux FRR builds without libcap are massively slow due to the
signal-based UID/GID synchronization across threads. This disables the
automatic fallback to build without libcap; it can still be requested
with "--disable-capabilities" but if the option isn't given in either
direction and we can't find libcap that's an error now.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
This implements BMP. There's no fine-grained history here, the non-BMP
preparations are already split out from here so all that remains is BMP
proper.
Signed-off-by: David Lamparter <equinox@diac24.net>
The FRR community has run into an issue where keeping up our
CI system to work with solaris has become a fairly large burden.
We have also sent emails and asked around and have not found
anyone standing up saying that they are using Solaris.
Given the fact that we do not have any comprehensive testing
being done w/ solaris and the fact that we are getting a steady
stream of new features that will never work on solaris and
we cannot find anyone to say that they are using it. Let's
start the drawn out process of deprecating the code.
If in the mean-time someone comes forward with the fact that
they are using it we can then not deprecate it.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
After ~4 months of deprecation period [1], drop support for older
libyang versions that don't support embedded extensions.
In addition to support for embedded extensions, libyang 0.16-r3
contains several bug fixes and performance improvements compared
to libyang-0.16-r1. It was about time to update.
Fixes:
* Issue #3273
* Issue #3971
[1] See commit 68626e08.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
We can use `$ac_precious_vars` to get at autoconf's conception of which
environment variables are relevant. This makes "HOST_..." setup more
consistent for cross-compilation setups.
Fixes: #4006
Signed-off-by: David Lamparter <equinox@diac24.net>
* adds a `--with-clippy=...` option to use a prebuilt clippy binary
* limits the autoconf tests done for `--enable-clippy-only`
(e.g. no libyang)
Fixes: #3921Fixes: #4006
Signed-off-by: David Lamparter <equinox@diac24.net>
When the user specifies -N namespace allow it to influence the
frr_vtydir(DAEMON_VTY_DIR) to have namespace in it's path
like so: $frrstate_dir/<namespace>
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
If --ctl_socket is used this will override any other option and will
be used
If -N <namespace> is used, then we will setup the LDPD_SOCKET
in $frr_statedir/<namespace>/ldpd.sock
If neither option is used, then we will use $frr_statedir/ldpd.sock
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
When selecting to run bfdd with -N allow the namespace passed
in to be added to the $frr_statedir/<namespace name>/bfdd.sock
If --bfdctl is passed in that will override the -N option.
If neither --bfdctl or -N is passed in then the default
of $frr_statedir/bfdd.sock is used.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
When using -z, allow that to override the zapi domain socket
path. If using -N add the namespace name to the path to
$frr_statedir/<namespace>/zserv.api. If you don't specify
the -N or -z option then it is $frr_statedir/zserv.api
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Each of Lua's major versions are incompatible with each other. Ubuntu,
at least, does not provide a single liblua.so or /usr/include/lua; all
SOs and headers are versioned, e.g. liblua5.3.so and
/usr/include/lua5.3. There's already an m4 macro in the GNU collection
to handle this situation, so let's use that.
This allows building with Lua enabled to work on platforms other than
Fedora.
* Move lib/lua.[ch] -> lib/frrlua.[ch] to prevent path conflicts
* Fix configure.ac search for proper CPP and linker flags
* Add Lua include path to AM_CPPFLAGS
* Update vtysh/extract.pl.in
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
libyang 1.0 introduced a few changes in the user types API, and
these changes made FRR incompatible with libyang 1.x. In order to
ease our migration from libyang 0.x to libyang 1.x, let's disable
our libyang custom user types temporarily so that FRR can work
with both libyang 0.x and libyang 1.x. This should be especially
helpful to the CI systems during the transition. Once the migration
to libyang 1.x is complete, this commit will be reverted.
Disabling our libyang custom user types should have only
minimal performance implications when processing configuration
transactions. The user types infrastructure should be more important
in the future to perform canonization of YANG data values when
necessary.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Manually tested rather extensively in addition to included unit tests,
should work as intended.
NB: The OpenBSD futex() code is "future"; it's not actually in OpenBSD
(yet?) and thus untested.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
If a person who is compiling FRR does not specify the
multipath number on configure we are defaulting to a ecmp of 1.
Let's change this to 16. In this day and age most everything
supports actual ecmp.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
There's no good reason to not have these options default to the
installation path of tools/watchfrr.sh. Doing so allows us to ditch
watchfrr_options from daemons/daemons.conf completely.
Fixes: #3652
Signed-off-by: David Lamparter <equinox@diac24.net>
The debian/ directory is distributed separately for tarballs in 3.0
(quilt) format. Including it in the dist tarball causes problems with
automake when the separately distributed debian directory is unpacked on
top of the dist tarball; the clean and correct thing to do here is to
not include the debian/ directory in dist tarballs.
Users have two choices for building FRR Debian packages:
- build straight off git
- build from a "frr.tar" + "frr-debian.tar"
The tarsource.sh tool does the right thing when invoked with the -D
("Debian") option.
Signed-off-by: David Lamparter <equinox@diac24.net>
Commit fdbd8086b1 removed the explicit -lconfd flag from
lib_confd_la_LIBADD in favor of using the CONFD_LIBS variable. The
problem, however, is that ConfD doesn't use pkg-config nor anything
similar, so CONFD_LIBS is not created automatically by autotools.
Fix this problem by manually assigning -lconfd to the CONFD_LIBS
variable in the configure script.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Compiling an empty C file with most headers included and -Wc++-compat
gives us a build error if we introduce some stupid C++-incompatible
change.
While this won't catch everything, it's a good start.
Signed-off-by: David Lamparter <equinox@diac24.net>
- some target_CFLAGS that needed to include AM_CFLAGS didn't do so
- libyang/sysrepo/sqlite3/confd CFLAGS + LIBS weren't used at all
- consistently use $(FOO_CFLAGS) instead of @FOO_CFLAGS@
- 2 dependencies were missing for clippy
Signed-off-by: David Lamparter <equinox@diac24.net>
Starting with libyang 0.16.74, we can load internally embedded yang
extensions instead of going through the file system/dlopen. Detect
support for this at build time and use if available.
NB: the fallback mechanism will go away in a short while.
Signed-off-by: David Lamparter <equinox@diac24.net>
On Mac OS, where we don't have objcopy, ./configure logs:
checking for objcopy... no
checking for .interp value to use... ./configure: line 22174: conftest.interp: No such file or directory
Signed-off-by: Ruben Kerkhof <ruben@rubenkerkhof.com>
./configure on Mac OS logs:
checking whether ranlib supports D option... error: /Library/Developer/CommandLineTools/usr/bin/ranlib: unknown option character `D' in: -D
Usage: /Library/Developer/CommandLineTools/usr/bin/ranlib [-sactfqLT] [-] archive [...]
no
This is quite noisy.
Signed-off-by: Ruben Kerkhof <ruben@rubenkerkhof.com>
./configure logs this on Mac OS:
checking whether ar supports D option... /Library/Developer/CommandLineTools/usr/bin/ar: illegal option -- D
usage: ar -d [-TLsv] archive file ...
ar -m [-TLsv] archive file ...
ar -m [-abiTLsv] position archive file ...
ar -p [-TLsv] archive [file ...]
ar -q [-cTLsv] archive file ...
ar -r [-cuTLsv] archive file ...
ar -r [-abciuTLsv] position archive file ...
ar -t [-TLsv] archive [file ...]
ar -x [-ouTLsv] archive [file ...]
no
This is quite noisy and we're only interested in the result of the
check, not the output.
Signed-off-by: Ruben Kerkhof <ruben@rubenkerkhof.com>
This option probably did not have enough of a please be careful
warning around it. Let's add a bit more.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
If CFLAGS contains something like `-fdebug-prefix-map=/build/path=.`, we
need to remove it from CONFIG_ARGS so it doesn't get baked into `show
version`. Otherwise, build becomes non-reproducible if the build path
changes. To avoid other things creeping in, let's just remove *FLAGS in
their entirety. (Not really reliable information anyway.)
With this commit, FRR build should be 100% reproducible.
Signed-off-by: David Lamparter <equinox@diac24.net>
This separates the init script used for the system (and called in the
systemd unit file) from the script that watchfrr uses to control
daemons. Mixing these two caused the entire thing to become a rather
huge spaghetti mess.
Note that there is a behaviour change in that the new script always
starts zebra regardless of zebra_enable.
Side changes:
- Ubuntu 12.04 removed from backports since it doesn't work anyway
- zebra is always started regardless of zebra_enable. To disable FRR,
the entire init script should be disabled through policy.
- no-watchfrr operation is no longer supported by the scripts in the
Debian packages. (This is intentional.)
Signed-off-by: David Lamparter <equinox@diac24.net>
The confd binary must be searched in the path given by the user and not
in the system standard directories. This is necessary because, the way
confd is distributed, multiple installations of confd (from different
versions) are possible. Users must choose at configure time which confd
installation they want to use.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
We only support:
* --enable-shared --disable-static --disable-static-bin
* --enable-shared --enable-static --disable-static-bin
* --enable-shared --enable-static --enable-static-bin
(The second option is not particularly useful.)
Signed-off-by: David Lamparter <equinox@diac24.net>
This fixes the longstanding GPL vs. OpenSSL licensing issue in our SNMP
code (and cuts down on its other dependencies a wee bit.)
In a way, net-snmp is really buggy here in what it says that we should
link against, but I don't know their application scenarios well enough
to say it should be changed at their end.
Signed-off-by: David Lamparter <equinox@diac24.net>
This plugin leverages the northbound API to integrate FRR with Sysrepo,
a YANG-based configuration and operational state data store.
The plugin is linked to the libsysrepo library and communicates with
the sysrepod daemon using GPB (Google Protocol Buffers) over AF_UNIX
sockets. The integration consists mostly of glue code that calls the
appropriate FRR northbound callbacks in response to events triggered
by the sysrepod daemon (e.g. request to change the configuration or to
fetch operational data).
To build the sysrepo plugin, provide the --enable-sysrepo option to the
configure script while building FRR (the libsysrepo library needs to be
installed in the system).
When installed, the sysrepo plugin will be available for all FRR daemons
and can be loaded using the -M (or --module) command line option.
Example: bgpd -M sysrepo.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
This plugin leverages the northbound API to integrate FRR with the ConfD
management agent.
The plugin is linked to the libconfd library and communicates with the
confd daemon using local TCP sockets. The integration consists mostly
of glue code that calls the appropriate FRR northbound callbacks in
response to events triggered by the confd daemon (e.g. request to change
the configuration or to fetch operational data).
By integrating FRR with the libconfd library, FRR can be managed using
all northbound interfaces provided by ConfD, including NETCONF, RESTCONF
and their Web API.
The ConfD CDB API is used to handle configuration changes and the ConfD
Data Provider API is used to provide operational data, process RPCs and
send notifications. Support for configuration management using the ConfD
Data Provider API is not available at this point.
The ConfD optional 'get_object()' and 'get_next_object()' callbacks were
implemented for optimal performance when fetching operational data.
This plugins requires ConfD 6.5 or later since it uses the new leaf-list
API introduced in ConfD 6.5.
To install the plugin, the --enable-confd option should be given to the
configure script, specifying the location where ConfD is installed.
Example: ./configure --enable-confd=/root/confd-6.6
When installed, the confd plugin will be available for all FRR daemons
and can be loaded using the -M (or --module) command line option.
Example: zebra -M confd.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
If we use "./configure --with-pkg-extra-version=... && make dist", we
probably want the dist tarball to remember the extra version it was
configured with.
Use --without-pkg-extra-version to kill the tag.
Signed-off-by: David Lamparter <equinox@diac24.net>
We don't need termcap/tinfo/curses, those are just for libreadline. On
most modern systems, libreadline will pull in the appropriate libs it
needs on its own, so unconditionally adding them adds an extra unneeded
dependency for us.
Still need to try with curses/... for some systems, but only after bare
readline fails.
Signed-off-by: David Lamparter <equinox@diac24.net>
The -D option zeroes out timestamps in .a files and has become the
default on recent distributions to enable reproducible builds.
This also shuts up the "u ignored because D is default" warning that is
showing up on some distributions.
Signed-off-by: David Lamparter <equinox@diac24.net>
libunwind provides an alternate to backtrace() for printing out the call
stack of a particular location. It doesn't use the frame pointer, it
goes by the DWARF debug info. In most cases the traces have exactly the
same information, but there are some situations where libunwind traces
are better.
(On some platforms, the libc backtrace() also uses the DWARF debug info
[e.g.: ARM backtraces are impossible without it] but this is not the
case everywhere, especially not on BSD libexecinfo.)
Signed-off-by: David Lamparter <equinox@diac24.net>
This makes libfrr.so executable to print its version info. This is
useful if you need to check your libfrr.so matches your daemons.
Signed-off-by: David Lamparter <equinox@diac24.net>
This option can be used to get statically linked binaries.
Note: libfrr.la is removed from modules' library dependency list. This
is intentional and explained in a comment in lib/subdir.am.
Signed-off-by: David Lamparter <equinox@diac24.net>
FreeBSD supports pthread_set_name_np() too. Also, pthread_set_name_np()
returns void. And NetBSD has pthread_setname_np() with an extra arg...
Signed-off-by: David Lamparter <equinox@diac24.net>
Need this to get CMSG_SPACE/CMSG_LEN on Solaris.
Also, AC_GNU_SOURCE is deprecated, AC_USE_SYSTEM_EXTENSIONS does that.
Signed-off-by: David Lamparter <equinox@diac24.net>
Whether or not RPKI is enabled during build shouldn't really influence
vtysh; the user can always manually install bgpd_rpki.so later and it
should work. This also means that the behaviour of "RPKI module not
loaded" is consistent regardless of whether it was a compile-time or
runtime decision.
Signed-off-by: David Lamparter <equinox@diac24.net>
ASAN/MSAN/TSAN flags need to be in CFLAGS and LDFLAGS; the latter links
the correct compiler-dependent library. Also, the configure switch was
broken (--disable-... would enable the sanitizer.)
Signed-off-by: David Lamparter <equinox@diac24.net>
We were linking all libs and binaries against libprotobuf-c if the
option was enabled... that makes no sense at all.
Signed-off-by: David Lamparter <equinox@diac24.net>
Note: no more --with-rfp-path on configure - badly messing with the
build system like this really isn't how to do a conditional external
dependency.
Signed-off-by: David Lamparter <equinox@diac24.net>
The append_history function in lib readline appears to
not be universally available across all of the esoteric
platforms we may want to compile on. As such
provide a way to gracefully do nothing.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Auto-detect if pthread_condattr_setclock is available and if
it is not allow the code to compile around the issue.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
fabricd is built using the sources of isisd. To allow differentiation
in the code, -DFABRICD=1 is added to its preprocessor flags.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
- try pythonN.N-config after pythonN-config
- use "python-config --ldflags" instead of --libs
- add Python 3.6 to explicitly searched versions
- if linking fails, try with "-lz" added
Signed-off-by: David Lamparter <equinox@diac24.net>
doing things like `make CC="mmix-linux-musl-gcc"` breaks the hosttools/
cross-compilation setup pretty hard and just straight up should not be
done. These vars belong on `configure`, not `make`.
Signed-off-by: David Lamparter <equinox@diac24.net>
Sphinx actually does work with a parallel build, if the doctree creation
is a separate step (which the other builds will then just read
unmodified.) This can be done with the "dummy" target.
This also adds "-j6" to sphinx-build and adds a "--disable-doc-html"
switch on ./configure to turn on/off building HTML docs separately.
Also, HTML docs are now installed by "make install" to
/usr/share/doc/frr/html.
Signed-off-by: David Lamparter <equinox@diac24.net>
Linux 2.6.0 was released in December of 2003... I'm pretty sure we don't
need this Linux 2.4 support anymore.
Signed-off-by: David Lamparter <equinox@diac24.net>
The smux.c code has not been able to compile for 2+ years
and no-one has noticed. Additionally net-snmp has marked
smux integration as deprecated for quite some time as well.
Since no-one has noticed and it's been broken and smux integration
is deprecated let's just remove this from the code base.
From looking at the code, it sure looks like SNMP could use
a decent cleanup.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
If we don't have --disabled-doc and sphinx-build is not available
warn the user that sphinx-build is needed to build documentation
as shown in the last line of config summary example below
FRRouting configuration
------------------------------
FRR version : 5.1-dev
host operating system : linux-gnu
source code location : .
compiler : gcc -std=gnu11
compiler flags : -g -Os -fno-omit-frame-pointer -funwind-tables -Wall -Wextra -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wbad-function-cast -Wwrite-strings -Wno-unused-result -Wno-unused-parameter -Wno-missing-field-initializers -pthread
make : make
linker flags : -rdynamic -ldl -lm -lcrypt -ljson-c -lrt -lreadline -ltermcap -lm
state file directory : /var/run
config file directory : /usr/local/etc
example directory : /usr/local/etc
module directory : /usr/local/lib/frr/modules
user to run as : frr
group to run as : frr
group for vty sockets :
config file mask : 0600
log file mask : 0600
zebra protobuf enabled : no
The above user and group must have read/write access to the state file
directory and to the config files in the config file directory.
configure: WARNING: sphinx-build is missing but required to build documentation
Signed-off-by: Jafar Al-Gharaibeh <jafar@atcorp.com>
The CMSG_FIRSTHDR was broken on solaris pre version 9. Version 9
was released in May of 2002 and EOL'ed in 2014. Version 8 EOL'ed
in 2012. Remove special case code for a little used platform
that has not seen the light of day in a very long time.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Add BFD daemon to the build process and packaging instructions.
Currently the bfdd daemon does nothing, this is just to document how the
daemon insertion step occured.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
This is the start of separating out the static
handling code from zebra -> staticd. This will
help simplify the zebra code and isolate static
route handling to it's own code base.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Currently, make check runs the unit tests and reports pass/fail,
but we have no way to guage how much of the code is covered by
these tests. gcov provides those statistics on a per source
file basis, but requires special CFLAGS and LDFLAGS. Here, we
add the --enable-gcov configure option to setup those options
correctly. We also add a make target called check-coverage,
which runs the unit tests, runs gcov and uploads the data to
the codecov.io cloud service for display.
Finally, we include a Dockerfile-coverage which creates a
container image in alpine linux to run the tests. To create
the image:
$ docker build \
--build-arg commit=`git rev-parse HEAD` \
--build-arg token=<upload token from codecov.io> \
-t frr-gcov:latest \
-f docker/alpine/Dockerfile-coverage .
and to create and upload the report:
$ docker run -it --rm frr-gcov:latest
Testing done:
Created and uploaded a report from my fork using alpine linux 3.7.
Non-coverage alpine 3.7 build still works.
Issue: https://github.com/FRRouting/frr/issues/2442
Signed-off-by: Arthur Jones <arthur.jones@riverbed.com>
* Move configure flag propagations out of user flags
* Use AC_SUBST to transfer flag values to Automake
* Set default AM_CFLAGS and AM_CPPFLAGS in common.am and change child
Makefiles to modify these base variables
* Add flag override to turn off all sanitizers when building clippy
* Remove LSAN suppressions blacklist as it's no longer needed
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
The IFLA_INFO_SLAVE_KIND constant is always defined now that we imported
our own copies of the Linux kernel headers. Remove the preprocessor
checks since they aren't necessary anymore.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Documentation was not fully using Automake / Autoconf and therefore needs
modifications to support black magic VPATH builds.
* Convert Makefile's to Autoconf-controlled Makefile.in's
* Tweak loading of pygments lexer to handle runtime paths
* Update .gitignore's as necessary
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
sharpd has started to see some use from our field engineers as
well as people attempting to build/test their environments
as a way of easily injecting a large number of routes.
Modify configure.ac to move sharpd from a development build
option to having to explicity enable it via `--enable-sharpd=yes`
in order for it to be built.
This will allow those who want to build it, to build it without
having to use the development build option.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The building of pbrd from a configure compile option
was not properly setup. This should do that.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
This is an implementation of PBR for FRR.
This implemenation uses a combination of rules and
tables to determine how packets will flow.
PBR introduces a new concept of 'nexthop-groups' to
specify a group of nexthops that will be used for
ecmp. Nexthop-groups are specified on the cli via:
nexthop-group DONNA
nexthop 192.168.208.1
nexthop 192.168.209.1
nexthop 192.168.210.1
!
PBR sees the nexthop-group and installs these as a default
route with these nexthops starting at table 10000
robot# show pbr nexthop-groups
Nexthop-Group: DONNA Table: 10001 Valid: 1 Installed: 1
Valid: 1 nexthop 192.168.209.1
Valid: 1 nexthop 192.168.210.1
Valid: 1 nexthop 192.168.208.1
I have also introduced the ability to specify a table
in a 'show ip route table XXX' to see the specified tables.
robot# show ip route table 10001
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, P - PIM, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
F - PBR,
> - selected route, * - FIB route
F>* 0.0.0.0/0 [0/0] via 192.168.208.1, enp0s8, 00:14:25
* via 192.168.209.1, enp0s9, 00:14:25
* via 192.168.210.1, enp0s10, 00:14:25
PBR tracks PBR-MAPS via the pbr-map command:
!
pbr-map EVA seq 10
match src-ip 4.3.4.0/24
set nexthop-group DONNA
!
pbr-map EVA seq 20
match dst-ip 4.3.5.0/24
set nexthop-group DONNA
!
pbr-maps can have 'match src-ip <prefix>' and 'match dst-ip <prefix>'
to affect decisions about incoming packets. Additionally if you
only have one nexthop to use for a pbr-map you do not need
to setup a nexthop-group and can specify 'set nexthop XXXX'.
To apply the pbr-map to an incoming interface you do this:
interface enp0s10
pbr-policy EVA
!
When a pbr-map is applied to interfaces it can be installed
into the kernel as a rule:
[sharpd@robot frr1]$ ip rule show
0: from all lookup local
309: from 4.3.4.0/24 iif enp0s10 lookup 10001
319: from all to 4.3.5.0/24 iif enp0s10 lookup 10001
1000: from all lookup [l3mdev-table]
32766: from all lookup main
32767: from all lookup default
[sharpd@robot frr1]$ ip route show table 10001
default proto pbr metric 20
nexthop via 192.168.208.1 dev enp0s8 weight 1
nexthop via 192.168.209.1 dev enp0s9 weight 1
nexthop via 192.168.210.1 dev enp0s10 weight 1
The linux kernel now will use the rules and tables to properly
apply these policies.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Signed-off-by: Don Slice <dslice@cumulusnetworks.com>
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
For building dev packages for alpine, we provide a minimal APKBUILD
file and add a configure option for only numeric versions in the
VERSION variable as alpine does not allow non-numeric characters
in the version string.
These changes allow alpine to be built, but don't yet provide a
mechanism to build. Changes to do the build in docker are coming
soon...
Testing done:
Built alpine packages in local docker environment, packages
showed no "dev" in the package name. Also built CentOS packages
with numeric version disabled and the "dev" is still in the package
name.
Issue: https://github.com/FRRouting/frr/issues/1859
Signed-off-by: Arthur Jones <arthur.jones@riverbed.com>
This commit is the implementation of weak multicast traceroute.
It consists of IGMP module dealing with mtrace type IGMP messages
and client program mtrace/mtracebis for initiating mtrace queries.
Signed-off-by: Mladen Sablic <mladen.sablic@gmail.com>
Linux has the ability to support a concept of 'realms'.
This concept allows you to mark routes with a realm id
value of 1-255. If you have marked the realm
of a route then you can use the tc program to
apply policy to the routes.
This commit adds the ability of FRR to interpret
a tag from (1-255) as a realm when installing into
the kernel. Please note that at this point in time
there is no way to set policy from within FRR. This
must be done outside of it.
The normal methodology for setting tags is valid here
via a route-map.
Finally this is only applied if the --enable-realms configure
option is applied.
Signed-off-by: Kaloyan Kovachev <kkovachev@varna.net>
The KAME flag should not be used to turn on/of v6 forwarding on
*bsd systems. Create a configure #define to better describe
what we are doing and the why of it.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Add a daemon that will allow us to test the zapi
as well as test route install/removal times from
the kernel.
The current commands are:
install route <starting ip address> nexthop <nexthop> (1-1000000)
This command starts installing at <starting ip address>/32
(1-100000) routes that it auto-increments by 1
Installation start time is noted in the log and finish
time is noted as well.
remove routes <starting ip address> (1-1000000)
This command removes routes at <starting ip address>/32
and removes (1-100000) routes created by the install route
command.
This code can be considered experimental and *is not*
something that should be run in a production environment.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Debian build systems use debian subdir for building and having a debian
dir in the source package causes issues.
Moving it to debianpkg avoids the issue and allows us to ship debian
package files in the source distribution
Signed-off-by: Martin Winter <mwinter@opensourcerouting.org>
Testing-done: ran 'make dist', unpacked elsewhere, built from result
Adjusted target to build the .orig.tar.gz accordingly, since it must
exclude the debian/ subdirectory. Allows for building any backport from
only a tarball.
Signed-off-by: Silas McCroskey <smccroskey@cumulusnetworks.com>
Signed-off-by: Martin Winter <mwinter@opensourcerouting.org>
This commit adds support for the RTR protocol to receive ROA
information from a RPKI cache server. That information can than be used
to validate the BGP origin AS of IP prefixes.
Both features are implemented using [rtrlib](http://rtrlib.realmv6.org/).
Signed-off-by: Marcel Röthke <marcel.roethke@haw-hamburg.de>
1) Write zserv api commands( one of each type ) to the side. This will allow
us to use them as input for a fuzzer.
2) Add -c <file to pass to zapi read process> into zebra as a run-time
option of we've turned on fuzzing.
While in and of itself these are not terribly useful( you still need
an external fuzzer ), they provide an infrastructure to allow
tools like afl to test the zapi.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Turn on '-g3 and -O0' for compilation. Additionally
document the --enable-dev-build flag in our documentation.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
When building a dev build, modify the compiler options
to be "-g -O0" to allow for better debugging.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Certain platforms( ARM comes to mind ) in order
to get a proper stack trace on crash you need
to compile with this value. Since it only
slightly increases the size of the binary for
other platforms, I would consider it worthwhile
to include this directive.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
This uses zmq_getsockopt(ZMQ_FD) to create a libfrr read event, which
then wraps zmq_poll and calls an user-specified ZeroMQ read handler.
It's wrapped in a separate library in order to make ZeroMQ support an
installation-time option instead of build-time.
Extended to support per-message and per-fragment callbacks as discussed
with Bingen in PR #566.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
This adds "@tcp" as new choice on the -z option present in zebra and the
protocol daemons. The --enable-tcp-zebra option on configure is no
longer needed, both UNIX and TCP socket support is always available.
Note that @tcp should not be used by default (e.g. in an init script),
and --enable-tcp-zebra should never have been in any distro package
builds, because
**** TCP-ZEBRA IS A SECURITY PROBLEM ****
It allows arbitrary local users to mess with the routing table and
inject bogus data -- and also ZAPI is not designed to be robust against
attacks.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
This also fixes a build problem where using #include
"ldpd/ldp_vty_cmds_clippy.c" results in the Makefile dependency tracking
having both
ldp_vty_cmds.c: ldp_vty_cmds_clippy.c
ldp_vty_cmds.c: ../ldpd/ldp_vty_cmds_clippy.c
(because, if it's included as "ldpd/..", it uses the "-I.." include path
in gcc, so the gcc -MD dependency output is "../ldpd/...")
... all of which causes the build to try to build it twice (at the same
time) and fail rather stupidly.
With a non-recursive build, the two paths are identical and everything
just works.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Ditch version.texi, put PACKAGE_VERSION in defines.texi instead.
Also add a PACKAGE_URL variable and fix some leftover outdated URLs.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
zebra.h includes route_types.h, which means almost all of our Makefile
targets have a dependency on route_types.h. While BUILT_SOURCES ensures
that this dependency is fulfilled on a "make all", this doesn't work
when building specific targets (e.g. "make lib/libfrr.la").
There seems to be no good way to add a dependency on everything, so the
best fix for this is to just generate the file during ./configure.
(The Makefile rule is still there, so if route_types.txt is changed,
route_types.h will be rebuilt.)
This only affects "initial" builds from a clean directory and/or builds
with --disable-dependency-tracking; other than that gcc will output
Makefile dependencies during compilation so that route_types.h will
become a dependency for all output files.
gitversion.h has the same problem on a smaller scope.
command_lex.h & command_parse.h *don't* have the problem because they're
only used in specific files, and these files have the dependency
explicitly listed in the Makefile. Hence, they can also be removed from
BUILT_SOURCES.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
- SIGTSTP appropriately suspends the foreground terminal
- SIGINT causes the daemon to exit, regardless of -d
- SIGQUIT causes the daemon to daemonize, regardless of -d
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Adds a function that calculates various statistics on our implementation
of a hash table. These are useful for evaluating performance.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
The xml2cli.pl script was useful years ago when the vty code was very
rudimentary. This is not the case anymore, so convert all ldpd CLI
commands to use DEFUNs directly and get rid of the XML interface.
The benefits are:
* Consistency with the other daemons;
* One less build dependency (the LibXML perl module);
* Easier to add new commands.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Adds "DEFPY()" which invokes an additional layer of preprocessing, so
that we get pre-parsed and named function arguments for the CLI.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Wraps the command parsing code for Python, so we can use it to do fancy
preprocessing and replace extract.pl.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
In OpenBSD pledge is a mitigation mechanism used to restrict the syscalls
a program can use, enforcing its correct behavior.
In this port of OpenBSD's ldpd(8), it's hard to run under the same
tight pledge promises because of libfrr and additional components we
introduced, like a zclient in lde. Since ldpd is already privsep'ed,
removing the pledge calls shouldn't be a big compromise security-wise.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
pcreposix_regexec doesn't exist (anymore?), it's just regexec. Also, if
the user specifies --enable-pcreposix, not finding it is a fatal error.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
zebra_mpls_null.c should contain only dummy replacements for
platform-specific functions that may not be available on some systems
(e.g. add/delete LSPs in the kernel).
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
This is a direct copy of:
https://github.com/boutier/quagga-merge
From the branch babel-merge
I copied the babeld directory into FRR and then fixed up everything to
compile.
Babeld at this point in time when run will more than likely crash and burn
in it's interfactions with zebra.
I might have messed up the cli, which will need to be looked at
extract.pl.in and vtysh.c need to be fixed up. Additionally we probably
need to work on DEFUN_NOSH conversion in babeld as well
This code comes from:
Matthieu Boutier <boutier@irif.fr>
Juliusz Chroboczek <jch@irif.fr>
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Compile in DataCenter Defaults if --enable-datacenter
is configured instead of --enable-cumulus
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Rename HAVE_POLL to HAVE_POLL_CALL, when compiling with
snmp and poll enabled this was causing issues.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Rename HAVE_POLL to HAVE_POLL_CALL, when compiling with
snmp and poll enabled this was causing issues.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The build system for mpls is a bit convoluted. We need
a way to handle builds across multiple platforms. This,
I believe addresses this issue.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Funnily enough, "gnu11" is gcc's default in 5.x if you don't specify
anything, yet there is no "AC_PROG_CC_C11" in autoconf.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
