Skip to content
Permalink
Browse files

Merge pull request #2855 from donaldsharp/bgp_tough

Various Cleanups
  • Loading branch information...
eqvinox committed Aug 23, 2018
2 parents 82b410b + 03548ae commit 02e8981e2e0b9a8a34df43efd979e9fdc6773f6d
Showing with 25 additions and 1,591 deletions.
  1. +12 −28 bgpd/bgp_route.c
  2. +0 −11 bgpd/bgpd.c
  3. +3 −4 configure.ac
  4. +5 −110 doc/user/snmp.rst
  5. +3 −15 lib/buffer.c
  6. +1 −1 lib/if.c
  7. +0 −1,416 lib/smux.c
  8. +1 −4 lib/spf_backoff.c
  9. +0 −2 lib/subdir.am
@@ -38,6 +38,7 @@
#include "queue.h"
#include "memory.h"
#include "lib/json.h"
#include "lib_errors.h"

#include "bgpd/bgpd.h"
#include "bgpd/bgp_table.h"
@@ -353,14 +354,9 @@ static void bgp_pcount_adjust(struct bgp_node *rn, struct bgp_info *ri)
/* slight hack, but more robust against errors. */
if (ri->peer->pcount[table->afi][table->safi])
ri->peer->pcount[table->afi][table->safi]--;
else {
zlog_warn(
"%s: Asked to decrement 0 prefix count for peer %s",
__func__, ri->peer->host);
zlog_backtrace(LOG_WARNING);
zlog_warn("%s: Please report to Quagga bugzilla",
__func__);
}
else
flog_err(LIB_ERR_DEVELOPMENT,
"Asked to decrement 0 prefix count for peer");
} else if (BGP_INFO_COUNTABLE(ri)
&& !CHECK_FLAG(ri->flags, BGP_INFO_COUNTED)) {
SET_FLAG(ri->flags, BGP_INFO_COUNTED);
@@ -1054,8 +1050,8 @@ static enum filter_type bgp_input_filter(struct peer *peer, struct prefix *p,

#define FILTER_EXIST_WARN(F, f, filter) \
if (BGP_DEBUG(update, UPDATE_IN) && !(F##_IN(filter))) \
zlog_warn("%s: Could not find configured input %s-list %s!", \
peer->host, #f, F##_IN_NAME(filter));
zlog_debug("%s: Could not find configured input %s-list %s!", \
peer->host, #f, F##_IN_NAME(filter));

if (DISTRIBUTE_IN_NAME(filter)) {
FILTER_EXIST_WARN(DISTRIBUTE, distribute, filter);
@@ -1093,8 +1089,8 @@ static enum filter_type bgp_output_filter(struct peer *peer, struct prefix *p,

#define FILTER_EXIST_WARN(F, f, filter) \
if (BGP_DEBUG(update, UPDATE_OUT) && !(F##_OUT(filter))) \
zlog_warn("%s: Could not find configured output %s-list %s!", \
peer->host, #f, F##_OUT_NAME(filter));
zlog_debug("%s: Could not find configured output %s-list %s!", \
peer->host, #f, F##_OUT_NAME(filter));

if (DISTRIBUTE_OUT_NAME(filter)) {
FILTER_EXIST_WARN(DISTRIBUTE, distribute, filter);
@@ -9809,8 +9805,6 @@ static int bgp_peer_count_walker(struct thread *t)
pc->count[PCOUNT_ADJ_IN]++;

for (ri = rn->info; ri; ri = ri->next) {
char buf[SU_ADDRSTRLEN];

if (ri->peer != peer)
continue;

@@ -9832,22 +9826,12 @@ static int bgp_peer_count_walker(struct thread *t)
if (CHECK_FLAG(ri->flags, BGP_INFO_COUNTED)) {
pc->count[PCOUNT_COUNTED]++;
if (CHECK_FLAG(ri->flags, BGP_INFO_UNUSEABLE))
zlog_warn(
"%s [pcount] %s/%d is counted but flags 0x%x",
peer->host,
inet_ntop(rn->p.family,
&rn->p.u.prefix, buf,
SU_ADDRSTRLEN),
rn->p.prefixlen, ri->flags);
flog_err(LIB_ERR_DEVELOPMENT,
"Attempting to count but flags say it is unusable");
} else {
if (!CHECK_FLAG(ri->flags, BGP_INFO_UNUSEABLE))
zlog_warn(
"%s [pcount] %s/%d not counted but flags 0x%x",
peer->host,
inet_ntop(rn->p.family,
&rn->p.u.prefix, buf,
SU_ADDRSTRLEN),
rn->p.prefixlen, ri->flags);
flog_err(LIB_ERR_DEVELOPMENT,
"Not counted but flags say we should");
}
}
}
@@ -6631,17 +6631,6 @@ char *peer_uptime(time_t uptime2, char *buf, size_t len, uint8_t use_json,
time_t uptime1, epoch_tbuf;
struct tm *tm;

/* Check buffer length. */
if (len < BGP_UPTIME_LEN) {
if (!use_json) {
zlog_warn("peer_uptime (): buffer shortage %lu",
(unsigned long)len);
/* XXX: should return status instead of buf... */
snprintf(buf, len, "<error> ");
}
return buf;
}

/* If there is no connection has been done before print `never'. */
if (uptime2 == 0) {
if (use_json) {
@@ -382,7 +382,7 @@ AC_ARG_ENABLE(bgp-vnc,
AC_ARG_WITH(rfp-path,
AS_HELP_STRING([--with-rfp-path[=DIR]],[path to replaced stub RFP used with BGP VNC]))
AC_ARG_ENABLE(snmp,
AS_HELP_STRING([--enable-snmp=ARG], [enable SNMP support (smux or agentx)]))
AS_HELP_STRING([--enable-snmp], [enable SNMP support for agentx]))
AC_ARG_ENABLE(zeromq,
AS_HELP_STRING([--enable-zeromq], [enable ZeroMQ handler (libfrrzmq)]))
AC_ARG_WITH(libpam,
@@ -1496,14 +1496,13 @@ int main(void);
yes)
SNMP_METHOD=agentx
;;
smux|agentx)
agentx)
SNMP_METHOD="${enable_snmp}"
;;
*)
AC_MSG_ERROR([--enable-snmp given with an unknown method (${enable_snmp}). Use smux or agentx])
AC_MSG_ERROR([--enable-snmp given with an unknown method (${enable_snmp}). Use yes or agentx])
;;
esac
AH_TEMPLATE([SNMP_SMUX], [Use SNMP SMUX to interface with snmpd])
AH_TEMPLATE([SNMP_AGENTX], [Use SNMP AgentX to interface with snmpd])
AC_DEFINE_UNQUOTED(AS_TR_CPP(SNMP_${SNMP_METHOD}),,SNMP method to interface with snmpd)
fi
@@ -7,8 +7,8 @@ SNMP Support
:abbr:`SNMP (Simple Network Managing Protocol)` is a widely implemented feature
for collecting network information from router and/or host. FRR itself does
not support SNMP agent (server daemon) functionality but is able to connect to
a SNMP agent using the SMUX protocol (:rfc:`1227`) or the AgentX protocol
(:rfc:`2741`) and make the routing protocol MIBs available through it.
a SNMP agent using the the AgentX protocol (:rfc:`2741`) and make the
routing protocol MIBs available through it.

Note that SNMP Support needs to be enabled at compile-time and loaded as module
on daemon startup. Refer to :ref:`loadable-module-support` on the latter.
@@ -18,16 +18,10 @@ on daemon startup. Refer to :ref:`loadable-module-support` on the latter.
Getting and installing an SNMP agent
====================================

There are several SNMP agent which support SMUX or AgentX. We recommend to use
The supported SNMP agent is AgentX. We recommend to use
the latest version of `net-snmp` which was formerly known as `ucd-snmp`. It is
free and open software and available at `http://www.net-snmp.org/ <http://www.net-snmp.org/>`_
and as binary package for most Linux distributions. `net-snmp` has to be
compiled with `--with-mib-modules=agentx` to be able to accept connections from
FRR using AgentX protocol or with `--with-mib-modules=smux` to use SMUX
protocol.

Nowadays, SMUX is a legacy protocol. The AgentX protocol should be preferred
for any new deployment. Both protocols have the same coverage.
and as binary package for most Linux distributions.

.. _agentx-configuration:

@@ -42,7 +36,7 @@ master SNMP agent (snmpd) and each of the FRR daemons must be configured. In
:file:`/etc/snmp/snmpd.conf`, the ``master agentx`` directive should be added.
In each of the FRR daemons, ``agentx`` command will enable AgentX support.

:file:`/etc/snmp/snmpd.conf`:
:file:`/etc/snmp/zebra.conf`:

::

@@ -97,105 +91,6 @@ need to configure FRR to use another transport, you can configure it through
agentXSocket tcp:192.168.15.12:705


.. _smux-configuration:

SMUX configuration
==================

To enable SMUX protocol support, FRR must have been build with the
:option:`--enable-snmp` option.

A separate connection has then to be established between the SNMP agent (snmpd)
and each of the FRR daemons. This connections each use different OID numbers
and passwords. Be aware that this OID number is not the one that is used in
queries by clients, it is solely used for the intercommunication of the
daemons.

In the following example the ospfd daemon will be connected to the snmpd daemon
using the password "frr_ospfd". For testing it is recommending to take exactly
the below snmpd.conf as wrong access restrictions can be hard to debug.

:file:`/etc/snmp/snmpd.conf`:

::

#
# example access restrictions setup
#
com2sec readonly default public
group MyROGroup v1 readonly
view all included .1 80
access MyROGroup "" any noauth exact all none none
#
# the following line is relevant for FRR
#
smuxpeer .1.3.6.1.4.1.3317.1.2.5 frr_ospfd

:file:`/etc/frr/ospf`:

::

! ... the rest of ospfd.conf has been omitted for clarity ...
!
smux peer .1.3.6.1.4.1.3317.1.2.5 frr_ospfd
!


After restarting snmpd and frr, a successful connection can be verified in the
syslog and by querying the SNMP daemon:

::

snmpd[12300]: [smux_accept] accepted fd 12 from 127.0.0.1:36255
snmpd[12300]: accepted smux peer: \\
oid GNOME-PRODUCT-ZEBRA-MIB::ospfd, frr-0.96.5

# snmpwalk -c public -v1 localhost .1.3.6.1.2.1.14.1.1
OSPF-MIB::ospfRouterId.0 = IpAddress: 192.168.42.109


Be warned that the current version (5.1.1) of the Net-SNMP daemon writes a line
for every SNMP connect to the syslog which can lead to enormous log file sizes.
If that is a problem you should consider to patch snmpd and comment out the
troublesome `snmp_log()` line in the function `netsnmp_agent_check_packet()` in
`agent/snmp_agent.c`.

MIB and command reference
=========================

The following OID numbers are used for the interprocess communication of snmpd and
the FRR daemons with SMUX only.::

. (OIDs below .iso.org.dod.internet.private.enterprises)
zebra .1.3.6.1.4.1.3317.1.2.1 .gnome.gnomeProducts.zebra.zserv
bgpd .1.3.6.1.4.1.3317.1.2.2 .gnome.gnomeProducts.zebra.bgpd
ripd .1.3.6.1.4.1.3317.1.2.3 .gnome.gnomeProducts.zebra.ripd
ospfd .1.3.6.1.4.1.3317.1.2.5 .gnome.gnomeProducts.zebra.ospfd
ospf6d .1.3.6.1.4.1.3317.1.2.6 .gnome.gnomeProducts.zebra.ospf6d


Sadly, SNMP has not been implemented in all daemons yet. The following
OID numbers are used for querying the SNMP daemon by a client:::

zebra .1.3.6.1.2.1.4.24 .iso.org.dot.internet.mgmt.mib-2.ip.ipForward
ospfd .1.3.6.1.2.1.14 .iso.org.dot.internet.mgmt.mib-2.ospf
bgpd .1.3.6.1.2.1.15 .iso.org.dot.internet.mgmt.mib-2.bgp
ripd .1.3.6.1.2.1.23 .iso.org.dot.internet.mgmt.mib-2.rip2
ospf6d .1.3.6.1.3.102 .iso.org.dod.internet.experimental.ospfv3


The following syntax is understood by the FRR daemons for configuring SNMP
using SMUX:

.. index:: smux peer OID
.. clicmd:: smux peer OID
.. index:: no smux peer OID
.. clicmd:: no smux peer OID
.. index:: smux peer OID PASSWORD
.. clicmd:: smux peer OID PASSWORD
.. index:: no smux peer OID PASSWORD
.. clicmd:: no smux peer OID PASSWORD

Here is the syntax for using AgentX:

.. index:: agentx
@@ -274,19 +274,12 @@ buffer_status_t buffer_flush_window(struct buffer *b, int fd, int width,
if (!b->head)
return BUFFER_EMPTY;

if (height < 1) {
zlog_warn(
"%s called with non-positive window height %d, forcing to 1",
__func__, height);
if (height < 1)
height = 1;
} else if (height >= 2)
else if (height >= 2)
height--;
if (width < 1) {
zlog_warn(
"%s called with non-positive window width %d, forcing to 1",
__func__, width);
if (width < 1)
width = 1;
}

/* For erase and more data add two to b's buffer_data count.*/
if (b->head->next == NULL) {
@@ -334,11 +327,6 @@ buffer_status_t buffer_flush_window(struct buffer *b, int fd, int width,
{
iov_alloc *= 2;
if (iov != small_iov) {
zlog_warn(
"%s: growing iov array to %d; "
"width %d, height %d, size %lu",
__func__, iov_alloc, width, height,
(unsigned long)b->size);
iov = XREALLOC(MTYPE_TMP, iov,
iov_alloc * sizeof(*iov));
} else {
@@ -1141,7 +1141,7 @@ const char *if_link_type_str(enum zebra_link_type llt)
llts(ZEBRA_LLT_IEEE802154, "IEEE 802.15.4");
llts(ZEBRA_LLT_IEEE802154_PHY, "IEEE 802.15.4 Phy");
default:
zlog_warn("Unknown value %d", llt);
flog_err(LIB_ERR_DEVELOPMENT, "Unknown value %d", llt);
return "Unknown type!";
#undef llts
}
Oops, something went wrong.

0 comments on commit 02e8981

Please sign in to comment.
You can’t perform that action at this time.