Removing cisco NHRP authentication deletes all NHRP config on tunnel interface

aapostoliuk commented 1 month ago

Description

In the configuration mode, after command no ip nhrp authentication <value>, all the NHRP config under the tunnel interface will be deleted.

Version

FRRouting 10.2-dev (vyos) on Linux(6.6.36-amd64-vyos).
Copyright 1996-2005 Kunihiro Ishiguro, et al.
configured with:
    '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-option-checking' '--disable-silent-rules' '--libdir=${prefix}/lib/x86_64-linux-gnu' '--libexecdir=${prefix}/lib/x86_64-linux-gnu' '--disable-maintainer-mode' '--sbindir=/usr/lib/frr' '--with-vtysh-pager=/usr/bin/pager' '--libdir=/usr/lib/x86_64-linux-gnu/frr' '--with-moduledir=/usr/lib/x86_64-linux-gnu/frr/modules' '--disable-dependency-tracking' '--enable-rpki' '--enable-scripting' '--enable-pim6d' '--disable-grpc' '--with-libpam' '--enable-doc' '--enable-doc-html' '--enable-snmp' '--enable-fpm' '--disable-protobuf' '--disable-zeromq' '--enable-ospfapi' '--enable-bgp-vnc' '--enable-multipath=256' '--enable-user=frr' '--enable-group=frr' '--enable-vty-group=frrvty' '--enable-configfile-mask=0640' '--enable-logfile-mask=0640' 'build_alias=x86_64-linux-gnu' 'PYTHON=python3'

How to reproduce

Configuration:

interface tun100
 ip address 10.0.0.15/32
 ip nhrp authentication test123
 ip nhrp holdtime 450
 ip nhrp network-id 1
 ip nhrp nhs dynamic nbma 192.168.100.100
 ip nhrp registration no-unique
 ip nhrp shortcut
 no link-detect
 tunnel source eth0

Steps to reproduce

vyos# conf t
vyos(config)# interface tun100
vyos(config-if)# no ip nhrp authentication
% Command incomplete: no ip nhrp authentication
vyos(config-if)# no ip nhrp authentication test123
vyos(config-if)# do show run
Building configuration...

Current configuration:
!
frr version 10.2-dev
frr defaults traditional
hostname vyos
log syslog
log facility local7
service integrated-vtysh-config
!
ip route 10.0.0.0/24 10.0.0.1 200
!
interface tun100
 ip address 10.0.0.15/32
 no link-detect
exit
!
rpki
exit
!
end
vyos(config-if)#

Expected behavior

Expected: deleting only one line with authentication.

Actual behavior

All NHRP config lines are deleted under the tunnel interface. Results are in "How to reproduce" section.

Additional context

No response

Checklist

[X] I have searched the open issues for this bug.
[X] I have not included sensitive information in this report.

fett0 commented 1 month ago

@dleroy @volodymyrhuti this issues we found in the new authentication feature ,when it's removed .

volodymyrhuti commented 1 month ago

Hi guys! Thanks for the report. I should have some time to check this next week. I will let you know once I have updates.

aapostoliuk commented 1 month ago

@dleroy Thank you a lot. I have tested. The bug was fixed. There is only a cosmetic comment. It will be better to use the command to remove the authentication no ip nhrp authentication instead no ip nhrp authentication PASSWORD

volodymyrhuti commented 1 month ago

Regarding the no ... PASSWORD, this was requested by a maintainer, I believe https://github.com/FRRouting/frr/pull/14788#discussion_r1392069669 Should we close this issue as well? Assuming that feature is implemented well enough)

aapostoliuk commented 1 month ago

yes sure.

FRRouting / frr