Previous correction (2c2d5cb397) was not enough,
so now it is ensured that the argument shift is not negative nor zero.
Signed-off-by: F. Aragon <paco@voltanet.io>
Add the ability to specify the designated log level at startup.
--log-level <emergencies|alerts|critical|errors|warnings|notifications|informational|debugging>
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
When we are starting a daemon, allow the user to specify:
--log <stdout|syslog|file:file_name>
This can be used on early startup to put the log files
where the end user wants them to show up.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Sometimes output would be mangled when filtering with include as a
result of the following bugs:
* Filters were applied per each call to vty_out() instead of buffering
until a line break and then applying
* Long output would sometimes be cut due to using the wrong buffer
pointer
Also remove the trailing \n as it should no longer be necessary to
ensure the vty prompt ends up on a new line.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
* Add function to move all data to the start of a vector by shifting
over contiguous empty slots
* Use this function to remove empty slots leftover after
frrstr_filter_vec
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
* Fix potential NULL dereference
* Fix use of uninitialized value
* Fix leaking memory by not freeing regex_t
* Fix extra \n when using empty regex filter
* Clean up still-reachable hook memory
* Handle nonexistent pager
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
An optimized version of this has already been implemented within graph.c
that assumes some specialized constraints for that code. It's generally
useful so this change implements a general purpose version of it.
This fixes cmd_make_strvec() that was broken by some code shuffling in
previous commits.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
* Rewrite pager implementation
* Replace fprintf() with vty_out()
* Modify vty_out() for better vtysh support
* Remove static global outputfile var
* Remove fp argument from many vtysh functions
* Add some docs for stuff along the way
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
This patch adds a CLI preprocessor function that activates when `|` is
found in the command. This is the start of adding support for some text
processing utilities intended for inline use. The first one implemented
here is `| include`, which provides grep-like filtering of command
output.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
This patch adds a hook point intended to allow subscribers to modify the
raw text of a CLI command before it is passed to the rest of the CLI
pipeline. To give access to the raw text of the command, a new function
for executing CLI has been defined whose only difference from
`cmd_execute_command` is that it accepts the command to execute as a
string rather than as a string vector.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
I see lots of the same code being copy-pasted and slightly tweaked for
string processing all over the codebase. Time to start aggregating these
pieces into something consistent and correct.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
The warning string which appears when the users executes 'no (enable)
password' was moved into command.h and declared as a constant named
'NO_PASSWD_CMD_WARNING'.
This avoids duplicate code and makes it easy to change the warning
message in all places at once.
Signed-off-by: Pascal Mathis <mail@pascalmathis.com>
When the user executes one of the commands 'no password' or 'no enable
password', a warning message gets shown to inform the user of the
security implications.
While the current implementation works, a warning message gets printed
once for each daemon, which can lead to seeing the same message many
times. This does not affect functionality, but looks like an error to
the user as it can be seen within issue #1432.
This commit only prints the warning message inside lib when vtysh
dispatch is not being used. Additionally, the warning message was copied
into the vtysh command handlers, so that they get printed exactly once.
Signed-off-by: Pascal Mathis <mail@pascalmathis.com>
The pull request #1545 from @donaldsharp introduced the command 'no
password' to remove an existing terminal connection password.
Additionally, warnings have been added to both 'no password' and 'no
enable password' to make the user aware of any security implications.
It seems that this specific pull request was never merged against master
and got lost. This commit is a cherry-pick of d4961273cb with fixed
conflicts and updated documentation.
Thanks to @donaldsharp and @pogojotz for the original PR.
Signed-off-by: Pascal Mathis <mail@pascalmathis.com>
VRF static route commands adopt global static config if static config is
placed after a vrf context with no separator, workaround by always
writing static route config before vrf config
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Customers have requested the ability to name their devices starting
with a number instead of a letter. This fix changes the check for
hostname to allow either a letter or a number.
Signed-off-by: Don Slice <dslice@cumulusnetworks.com>
The grammar sandbox has had the ability to dump individual commands as
DOT graphs, but now that generalized DOT support is present it's trivial
to extend this to entire submodes. This is quite useful for visualizing
the CLI space when debugging CLI errors.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
This is an implementation of PBR for FRR.
This implemenation uses a combination of rules and
tables to determine how packets will flow.
PBR introduces a new concept of 'nexthop-groups' to
specify a group of nexthops that will be used for
ecmp. Nexthop-groups are specified on the cli via:
nexthop-group DONNA
nexthop 192.168.208.1
nexthop 192.168.209.1
nexthop 192.168.210.1
!
PBR sees the nexthop-group and installs these as a default
route with these nexthops starting at table 10000
robot# show pbr nexthop-groups
Nexthop-Group: DONNA Table: 10001 Valid: 1 Installed: 1
Valid: 1 nexthop 192.168.209.1
Valid: 1 nexthop 192.168.210.1
Valid: 1 nexthop 192.168.208.1
I have also introduced the ability to specify a table
in a 'show ip route table XXX' to see the specified tables.
robot# show ip route table 10001
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, P - PIM, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
F - PBR,
> - selected route, * - FIB route
F>* 0.0.0.0/0 [0/0] via 192.168.208.1, enp0s8, 00:14:25
* via 192.168.209.1, enp0s9, 00:14:25
* via 192.168.210.1, enp0s10, 00:14:25
PBR tracks PBR-MAPS via the pbr-map command:
!
pbr-map EVA seq 10
match src-ip 4.3.4.0/24
set nexthop-group DONNA
!
pbr-map EVA seq 20
match dst-ip 4.3.5.0/24
set nexthop-group DONNA
!
pbr-maps can have 'match src-ip <prefix>' and 'match dst-ip <prefix>'
to affect decisions about incoming packets. Additionally if you
only have one nexthop to use for a pbr-map you do not need
to setup a nexthop-group and can specify 'set nexthop XXXX'.
To apply the pbr-map to an incoming interface you do this:
interface enp0s10
pbr-policy EVA
!
When a pbr-map is applied to interfaces it can be installed
into the kernel as a rule:
[sharpd@robot frr1]$ ip rule show
0: from all lookup local
309: from 4.3.4.0/24 iif enp0s10 lookup 10001
319: from all to 4.3.5.0/24 iif enp0s10 lookup 10001
1000: from all lookup [l3mdev-table]
32766: from all lookup main
32767: from all lookup default
[sharpd@robot frr1]$ ip route show table 10001
default proto pbr metric 20
nexthop via 192.168.208.1 dev enp0s8 weight 1
nexthop via 192.168.209.1 dev enp0s9 weight 1
nexthop via 192.168.210.1 dev enp0s10 weight 1
The linux kernel now will use the rules and tables to properly
apply these policies.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Signed-off-by: Don Slice <dslice@cumulusnetworks.com>
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
This work is derived from a work done by China-Telecom.
That initial work can be found in [0].
As the gap between frr and quagga is important, a reworks has been
done in the meantime.
The initial work consists of bringing the following:
- Bringing the client side of flowspec.
- the enhancement of address-family ipv4/ipv6 flowspec
- partial data path handling at reception has been prepared
- the support for ipv4 flowspec or ipv6 flowspec in BGP open messages,
and the internals of BGP has been done.
- the memory contexts necessary for flowspec has been provisioned
In addition to this work, the following has been done:
- the complement of adaptation for FS safi in bgp code
- the code checkstyle has been reworked so as to match frr checkstyle
- the processing of IPv6 FS NLRI is prevented
- the processing of FS NLRI is stopped ( temporary)
[0] https://github.com/chinatelecom-sdn-group/quagga_flowspec/
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Signed-off-by: jaydom <chinatelecom-sdn-group@github.com>
PR #1739 added code to leak routes between (default VRF) VPN safi and unicast RIBs in any VRF. That set of changes included temporary CLI including vpn-policy blocks to specify RD/RT/label/&c. After considerable discussion, we arrived at a consensus CLI shown below.
The code of this PR implements the vpn-specific parts of this syntax:
router bgp <as> [vrf <FOO>]
address-family <afi> unicast
rd (vpn|evpn) export (AS:NN | IP:nn)
label (vpn|evpn) export (0..1048575)
rt (vpn|evpn) (import|export|both) RTLIST...
nexthop vpn (import|export) (A.B.C.D | X:X::X:X)
route-map (vpn|evpn|vrf NAME) (import|export) MAP
[no] import|export [vpn|evpn|evpn8]
[no] import|export vrf NAME
User documentation of the vpn-specific parts of the above syntax is in PR #1937
Signed-off-by: G. Paul Ziemba <paulz@labn.net>
This split is introducing logicalrouter.[ch] as the file that contains
the vty commands to configure logical router feature. The split has as
consequence that the backend of logical router is linux_netns.c formerly
called ns.c. The same relationship exists between VRF and its backend
which may be linux_netns.c file.
The split is adapting ns and vrf fiels so as to :
- clarify header
- ensure that the daemon persepctive, the feature VRF or logical router
is called instead of calling directly ns.
- this implies that VRF will call NS apis, as logical router does.
Also, like it is done for default NS and default VRF, the associated VRF
is enabled first, before NETNS is enabled, so that zvrf->zns pointer is
valid when NETNS discovery applies.
Also, other_netns.c file is a stub handler that will be used for non
linux systems. As NETNS feature is only used by Linux, some BSD systems
may want to use the same backend API to benefit from NETNS. This is what
that file has been done.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
The PIM_NODE command is only being used to display
default vrf configuration. Move this into the
vrf display and remove PIM_NODE.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
This commit adds support for the RTR protocol to receive ROA
information from a RPKI cache server. That information can than be used
to validate the BGP origin AS of IP prefixes.
Both features are implemented using [rtrlib](http://rtrlib.realmv6.org/).
Signed-off-by: Marcel Röthke <marcel.roethke@haw-hamburg.de>
Convert the list_delete(struct list *) function to use
struct list **. This is to allow the list pointer to be nulled.
I keep running into uses of this list_delete function where we
forget to set the returned pointer to NULL and attempt to use
it and then experience a crash, usually after the developer
has long since left the building.
Let's make the api explicit in it setting the list pointer
to null.
Cynical Prediction: This code will expose a attempt
to use the NULL'ed list pointer in some obscure bit
of code.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
1) Some hash key functions where converting pointers
directly to a 32 bit value via downcasting. Pointers
are 64 bit on a majority of our platforms.
2) Some hashes were being created with 256 entries,
downsize the hash creation size to more appropriate
values.
3) Add hash names to hash creation so we can watch
the hash via 'show debugging hashtable'
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
1. Change hostname_get to cmd_hostname_get
2. Change domainname_get to cmd_domainname_get
3. New API to set domainname
3. Provide a CLI command to set domainname
Signed-off-by: Mitesh Kanjariya <mitesh@cumulusnetworks.com>
Also fixes misuse of vector_slot() - that one doesn't check for access
beyond end of vector...
And print node names in grammar sandbox "printall".
Fixes: #543
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
adds a new all-daemon "debug memstats-at-exit" command. Also saves
memstats to a file in /tmp, useful if a long-running daemon is having
weird issues (e.g. in a user install).
Fixes: #437
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
ospfd crashes upon configuring multi-instance ospf
i.e 'router ospf x'.
ospfd can return CMD_NOT_MY_INSTANCE which
is not supported in lib/commands
Support two of the error codes
CMD_NOT_MY_INSTANCE and CMD_WARNING_CONFIG_FAILED
Signed-off-by: Chirag Shah <chirag@cumulusnetworks.com>
1. Added support to create mac filters
2. Enabled route-map commands for EVPN address family
3. Provision to add mac filters under match clause in route-maps
Ticket: CM-16349
Review: CCR-6190
Unit-test: Manual (logs attached to ticket)
Signed-off-by: Mitesh Kanjariya <mitesh@cumulusnetworks.com>
Adds an array of descriptive names for each CLI node, plus a runtime
check to make sure folks don't forget to update it.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
This reverts commit c14777c6bf.
clang 5 is not widely available enough for people to indent with. This
is particularly problematic when rebasing/adjusting branches.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Signed-off-by: Daniel Walton <dwalton@cumulusnetworks.com>
This allows frr-reload.py (or anything else that scripts via vtysh)
to know if the vtysh command worked or hit an error.
Pretty-prints variable autocompletions by breaking them up into multiple
lines, indenting them consistently and respecting the column width of
the terminal.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Implement configuration options for EVPN. The configuration options include
VNI configuration with RD and Import and Export Route Targets. Also, display
the EVPN configuration.
Signed-off-by: Vivek Venkatraman <vivek@cumulusnetworks.com>
Signed-off-by: Daniel Walton <dwalton@cumulusnetworks.com>
Adds the ability to name hash tables, and a new cli command that will
show various summary statistics for named hash tables.
Statistics computed are
- load factor
- full load factor (see comments)
- stddev of full load factor
Standard deviation is computed by storing the sum of squares of bucket
lengths. This is somewhat susceptible to overflow. On platforms where a
double is 32 bits, placing 65535 or more elements into a hash table
opens up the potential for overflow, depending on how they are arranged
in buckets (which depends on the hash function). For example, placing
65535 elements into one hash bucket would cause ssq overflow, but
distributing 40000000 elements evenly among 400000 buckets (100 elements
per bucket) would not.
These cases are extremely degenerate, so the vague possibility of
overflow in an informational command is deemed an acceptable tradeoff
for constant time calculation of variance without locks or compromising
efficiency of actual table operations.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Adds a function that calculates various statistics on our implementation
of a hash table. These are useful for evaluating performance.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
'do' is syntax sugar that allows the user to execute a command under
ENABLE_NODE when in another CLI node. If the user is already in
ENABLE_NODE, use of 'do' was previously disallowed. This patch allows it
because it makes it easier for us to hack around certain instances of
the node synchronization problem with vtysh.
Also included is a fix for one of these problems.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
I keep getting people asking me about what to do
when this error is generated when they are programming
new cli. Maybe this is a bit better bread-crumb?
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The FSF's address changed, and we had a mixture of comment styles for
the GPL file header. (The style with * at the beginning won out with
580 to 141 in existing files.)
Note: I've intentionally left intact other "variations" of the copyright
header, e.g. whether it says "Zebra", "Quagga", "FRR", or nothing.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
This asks the connected daemons for their variable completions through a
hidden CLI command.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Shows known values in the appropriate naming domain when the user hits
<?> or <Tab>. This patch only works in the telnet CLI, the next patch
adds vtysh support.
Included completions:
- interface names
- route-map names
- prefix-list names
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Fills token->varname based on context. WORD tokens use the WORD - if it
isn't actually "WORD". Other than that, a preceding constant token is
used as name.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Put core CLI graph stuff in lib/command_graph.[ch] and consistently
prefix all function names with "cmd_".
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
struct cmd_token now has a "varname" field which is derived from the
DEFUN's string definition. It can be manually specified with "$name"
after some token, e.g. "foo WORD$var". A later commit adds code to
automatically fill the value if nothing is specified.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
The CLI changes now make it impossible for numbers
outside the range specified in the cli to make it to
this code. No need to check for it again.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Cyclic graphs ftw
Also remove graph pretty printer from permutations.c 'cause it's not
really needed anymore
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Implement support for activating the labeled-unicast address family in
BGP and relevant configuration for this address family.
Signed-off-by: Don Slice <dslice@cumulusnetworks.com>
This reverts commit 039dc61292.
The patch actually made the situation worse since the return value from
cmd_complete_command_real() was now inconsistently allocated from
different memory stat pools.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Please Note, I will be redoing this commit message with
more information.
Additionally I will rework the lib/* changes into their
own commits.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
... no need to have struct zlog generally-exposed.
A few files get to include log_int.h because they use zlog/vzlog.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
The protocols enum serves no purpose other than adding potential for
bugs and making it complicated to add a new protocol... nuke.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Start centralising startup & option parsing into the library.
FRR_DAEMON_INFO is a bit weird, but it will become useful later (e.g.
for killing the ZLOG_* enum, and having the daemon name available)
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Merge the parsed graph into the existing one as a separate step. This
makes it possible to merge identical subgraphs, which is used e.g. in
bgpd for <A.B.C.D|X:X::X:X|WORD> neighbor names.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
sync() has a HUGE impact on systems that perform actual I/O, i.e. real
servers...
Also, we were leaking a fd on each config write ever since
c5e69a0 "lib/vty: add separate output fd support to VTYs"
(by myself :( ...)
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
sync() has a HUGE impact on systems that perform actual I/O, i.e. real
servers...
Also, we were leaking a fd on each config write ever since
c5e69a0 "lib/vty: add separate output fd support to VTYs"
(by myself :( ...)
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
To make it possible for testcli to get a clean memory management bill.
(Note: XFREE() is NULL-safe, just like free().)
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
command.c had:
DEFINE_MTYPE_STATIC(LIB, CMD_TOKENS, "Command desc")
while command_match.c had:
DEFINE_MTYPE_STATIC(LIB, CMD_TOKENS, "Command Tokens")
... which means that there are 2 distinct MTYPE_CMD_TOKENS.
(The description text being different does not matter, even with the
same text it'd be 2 distinct types.)
command_match.c allocates token->arg in command_match_r() while
command.c frees it in del_cmd_token(). Therefore with each command
being executed, the allocation count goes up on one, down on the other.
=> clean up parser allocation counting. Also, use separate MTYPEs for
the different fields in struct cmd_token.
Fixes: #108 / ee9216cf ("lib, ripngd: clean up merge leftovers")
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Cc: Quentin Young <qlyoung@cumulusnetworks.com>
Also adds "grammar access <node>" to test/dump an existing command node
(e.g. BGP_NODE).
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Completions are checked for token and docstring equality before
deduplicating. Put an ifdef guard around checking docstrings because
many of them are inconsistent and may confuse users in a release build.
It is a good idea to enable VTYSH_DEBUG when adding new CLI in the
future to help check docstrings.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
This replaces Quagga -> FRR in most configure.ac settings as well as
a handful of preprocessor macros in the source code.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
If <Tab> processing finds that there is only 1 candidate, but that
candidate is not a WORD_TKN that we can tab-complete on, the status
would remain at CMD_COMPLETE_FULL_MATCH, but the resulting list of
possible completions is empty.
This then SEGVs in lib/vty.c where it tries to access the first element
of the list, assuming FULL_MATCH always has 1 element there...
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Cc: Quentin Young <qlyoung@cumulusnetworks.com>
These now generate warnings which will break the build with -Werror.
Note this may have enabled commands that should be disabled, or the
other way around...
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
This contains bgp memory leak fixes as well as cleanups to VRF/namespace
handling and has been run through extended testing in Cumulus' testbed:
Tested-by: Donald Sharp <sharpd@cumulusnetworks.com>
struct cmd_element items are static global variables, they are never
allocated, copied or freed.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
The function prototype for command_parse_format() is better left in
command.h, so that the bison-generated header file doesn't need to be
included for that.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
This moves all install_element calls into the file where the DEFUNs are
located. This fixes several small related bugs:
- ospf6d wasn't installing a "no interface FOO" command
- zebra had a useless copy of "interface FOO"
- pimd's copy of "interface FOO" was not setting qobj_index, which means
"description LINE" commands would fail with an error
The next commit will do the actual act of making "foo_cmd" static.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Fix a few memory issues:
* Not freeing tab-completions upon input match failure
* Invalid write when null-terminating tab-completions
* Not freeing argv[] itself in additinon to elements
* Use XFREE() instead of free() as appropriate
* Not freeing final token of an [option] during parsing
Make a few minor changes to CLI internals:
* Improve documentation on matching & completion functions
* Only make one copy of cmd_token's when building argv,
instead of three
* Don't make a copy of the matching cmd_element
Make one major(ish) change to CLI internals:
* Change all pointers to struct cmd_element to const
Code outside of the core CLI units should never have an
occasion to modify the internal state of the command system.
Doing so could easily amount to having a CLI interface that
changes during runtime, and could conceivably lead to security
issues. Explicitly disallowing this removes any chance of
confusion.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Each token now knows whether it is part of a hidden
or deprecated command. Command completion logic hides
such tokens when generating completions. Command
matching logic works as before and will still match on
hidden and deprecated commands.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
This silences the following warning from watchquagga:
"Can't save to configuration file, using vtysh."
which otherwise appears when doing a "write file" in vtysh when no
integrated-config is in use.
Also make "show memory" available in watchquagga.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
- Do not allow tab-completion on anything except words
- Rewrite cmd_make_strvec to use strsep
- Remove a few trailing whitespaces
- Remove cmd_complete_command_lib
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
* command.h: (struct cmd_node) Add a hash, so duplicate installs of
a cmd_element to a command node can be detected. To help catch
strays from the VIEW/ENABLE node consolidation particularly
(installs to VIEW automatically install to ENABLE too now).
* command.c: (cmd_hash_{key,cmp}) helpers for the hash - just directly
on the pointer value is sufficient to catch the main problem.
(install_node) setup the hash for the command node.
(install_element) check for duplicate installs.
The assert on the cmd_parse_format seems misplaced.
(install_default_basic) separate the basic, VIEW, node default commands
to here.
(cmd_init) get rid of dupes, given consolidation.
(cmd_terminate) clean up the node command hash.
Not done: The (struct cmd_node)'s vector could be replaced with the
cmd hash, however much of the command parser depends heavily on the
vector and it's a lot of work to change. A vector_lookup_value could
also work, particularly if vector could be backed by a hash.
The duplicate check could be disabled in releases - but useful in
development. It's a little extra overhead at startup. The command
initialisation overhead is already something that bites in
micro-benchmarks - makes it easy for other implementations to show
how much faster they are with benchmarks where other load is low
enough that startup time is a factor.
This is a followup to commits 735e62 and 0b1442, where we forgot to apply
the same VIEW/ENABLE consolidation logic to vtysh. Also, we can't call
install_default() for the ENABLE node because some of the vty commands
installed by this function were already installed in the VIEW node before.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
If a command is put into the VIEW_NODE, it is going into the
ENABLE_NODE as well. This is especially true for show commands.
As such if a command is in both consolidate it down to VIEW_NODE.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
If you are in VIEW_NODE, the command should exist in ENABLE_NODE
as well. This is being done to reduce chances of code being
added to one but not the other NODE.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The RESTRICTED_NODE command is not used, introduces code
complexity and provides no additional levels of security.
The only way to get into RESTRICTED_NODE is to add, under
vty configuration the command 'anonymous restricted', and
then telnet to a daemon, provide a password, then type
'enable' and fail to enter the password three times.
Then the user can enter a very limited set of commands to
monitor bgp and only bgp behavior.
This commit removes both the RESTRICTED_NODE usage as well
as the lib/* usage of the code
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Since not all duplicate commands can be caught during graph
construction, do a linear search over all commands before
installing.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
This adds 64-bit random identifiers as "safe pointers" which are also
type-tracked / can have type-specific extension methods.
This will be used by both the CLI (to keep safe references while in
config editing mode) as well as the Cap'n Proto code (to hand out
pointers to the user in a safe way and add per-type handlers)
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
When a command is complete and <cr> appears in tab- or
?-completions, make sure it appears first
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
This feature adds an L3 & L2 VPN application that makes use of the VPN
and Encap SAFIs. This code is currently used to support IETF NVO3 style
operation. In NVO3 terminology it provides the Network Virtualization
Authority (NVA) and the ability to import/export IP prefixes and MAC
addresses from Network Virtualization Edges (NVEs). The code supports
per-NVE tables.
The NVE-NVA protocol used to communicate routing and Ethernet / Layer 2
(L2) forwarding information between NVAs and NVEs is referred to as the
Remote Forwarder Protocol (RFP). OpenFlow is an example RFP. For
general background on NVO3 and RFP concepts see [1]. For information on
Openflow see [2].
RFPs are integrated with BGP via the RF API contained in the new "rfapi"
BGP sub-directory. Currently, only a simple example RFP is included in
Quagga. Developers may use this example as a starting point to integrate
Quagga with an RFP of their choosing, e.g., OpenFlow. The RFAPI code
also supports the ability import/export of routing information between
VNC and customer edge routers (CEs) operating within a virtual
network. Import/export may take place between BGP views or to the
default zebera VRF.
BGP, with IP VPNs and Tunnel Encapsulation, is used to distribute VPN
information between NVAs. BGP based IP VPN support is defined in
RFC4364, BGP/MPLS IP Virtual Private Networks (VPNs), and RFC4659,
BGP-MPLS IP Virtual Private Network (VPN) Extension for IPv6 VPN . Use
of both the Encapsulation Subsequent Address Family Identifier (SAFI)
and the Tunnel Encapsulation Attribute, RFC5512, The BGP Encapsulation
Subsequent Address Family Identifier (SAFI) and the BGP Tunnel
Encapsulation Attribute, are supported. MAC address distribution does
not follow any standard BGB encoding, although it was inspired by the
early IETF EVPN concepts.
The feature is conditionally compiled and disabled by default.
Use the --enable-bgp-vnc configure option to enable.
The majority of this code was authored by G. Paul Ziemba
<paulz@labn.net>.
[1] http://tools.ietf.org/html/draft-ietf-nvo3-nve-nva-cp-req
[2] https://www.opennetworking.org/sdn-resources/technical-library
Now includes changes needed to merge with cmaster-next.
Signed-off-by: Daniel Walton <dwalton@cumulusnetworks.com>
Reviewed-by: Donald Sharp <sharpd@cumulusnetworks.com>
Reviewed-by: Don Slice <dslice@cumulusnetworks.com>
Reviewed-by: Sam Tannous <stannous@cumulusnetworks.com>
Ticket:
