Donald Sharp [Tue, 21 Nov 2023 13:08:29 +0000 (08:08 -0500)]
*: Let's use the native IFNAMSIZ instead of INTERFACE_NAMSIZ
INTERFACE_NAMSIZ is just a redefine of IFNAMSIZ and IFNAMSIZ
is the standard for interface name length on all platforms
that FRR currently compiles on.
Donatas Abraitis [Tue, 21 Nov 2023 08:40:58 +0000 (10:40 +0200)]
bgpd: Flush attrs only if we don't have to announce a conditional route
To avoid USE:
```
==587645==ERROR: AddressSanitizer: heap-use-after-free on address 0x604000074050 at pc 0x55b34337d96c bp 0x7ffda59bb4c0 sp 0x7ffda59bb4b0
READ of size 8 at 0x604000074050 thread T0
0 0x55b34337d96b in bgp_attr_flush bgpd/bgp_attr.c:1289
1 0x55b34368ef85 in bgp_conditional_adv_routes bgpd/bgp_conditional_adv.c:111
2 0x55b34368ff58 in bgp_conditional_adv_timer bgpd/bgp_conditional_adv.c:301
3 0x7f7d41cdf81c in event_call lib/event.c:1980
4 0x7f7d41c1da37 in frr_run lib/libfrr.c:1214
5 0x55b343371e22 in main bgpd/bgp_main.c:510
6 0x7f7d41517082 in __libc_start_main ../csu/libc-start.c:308
7 0x55b3433769fd in _start (/usr/lib/frr/bgpd+0x2e29fd)
0x604000074050 is located 0 bytes inside of 40-byte region [0x604000074050,0x604000074078)
freed by thread T0 here:
#0 0x7f7d4207540f in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:122
1 0x55b343396afd in community_free bgpd/bgp_community.c:41
2 0x55b343396afd in community_free bgpd/bgp_community.c:28
3 0x55b343397373 in community_intern bgpd/bgp_community.c:458
4 0x55b34337bed4 in bgp_attr_intern bgpd/bgp_attr.c:967
5 0x55b34368165b in bgp_advertise_attr_intern bgpd/bgp_advertise.c:106
6 0x55b3435277d7 in bgp_adj_out_set_subgroup bgpd/bgp_updgrp_adv.c:587
7 0x55b34368f36b in bgp_conditional_adv_routes bgpd/bgp_conditional_adv.c:125
8 0x55b34368ff58 in bgp_conditional_adv_timer bgpd/bgp_conditional_adv.c:301
9 0x7f7d41cdf81c in event_call lib/event.c:1980
10 0x7f7d41c1da37 in frr_run lib/libfrr.c:1214
11 0x55b343371e22 in main bgpd/bgp_main.c:510
12 0x7f7d41517082 in __libc_start_main ../csu/libc-start.c:308
previously allocated by thread T0 here:
#0 0x7f7d42075a06 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:153
1 0x7f7d41c3c28e in qcalloc lib/memory.c:105
2 0x55b3433976e8 in community_dup bgpd/bgp_community.c:514
3 0x55b34350273a in route_set_community bgpd/bgp_routemap.c:2589
4 0x7f7d41c96c06 in route_map_apply_ext lib/routemap.c:2690
5 0x55b34368f2d8 in bgp_conditional_adv_routes bgpd/bgp_conditional_adv.c:107
6 0x55b34368ff58 in bgp_conditional_adv_timer bgpd/bgp_conditional_adv.c:301
7 0x7f7d41cdf81c in event_call lib/event.c:1980
8 0x7f7d41c1da37 in frr_run lib/libfrr.c:1214
9 0x55b343371e22 in main bgpd/bgp_main.c:510
10 0x7f7d41517082 in __libc_start_main ../csu/libc-start.c:308
```
And also a crash:
```
(gdb) bt
0 raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
1 0x00007ff3b7048ce0 in core_handler (signo=6, siginfo=0x7ffc8cf724b0, context=<optimized out>)
at lib/sigevent.c:246
2 <signal handler called>
3 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
4 0x00007ff3b6bb8859 in __GI_abort () at abort.c:79
5 0x00007ff3b6c2326e in __libc_message (action=action@entry=do_abort,
fmt=fmt@entry=0x7ff3b6d4d298 "%s\n") at ../sysdeps/posix/libc_fatal.c:155
6 0x00007ff3b6c2b2fc in malloc_printerr (
str=str@entry=0x7ff3b6d4f628 "double free or corruption (fasttop)") at malloc.c:5347
7 0x00007ff3b6c2cc65 in _int_free (av=0x7ff3b6d82b80 <main_arena>, p=0x555c8fa70a10, have_lock=0)
at malloc.c:4266
8 0x0000555c8da94bd3 in community_free (com=0x7ffc8cf72e70) at bgpd/bgp_community.c:41
9 community_free (com=com@entry=0x7ffc8cf72e70) at bgpd/bgp_community.c:28
10 0x0000555c8da8afc1 in bgp_attr_flush (attr=attr@entry=0x7ffc8cf73040) at bgpd/bgp_attr.c:1290
11 0x0000555c8dbc0760 in bgp_conditional_adv_routes (peer=peer@entry=0x555c8fa627c0,
afi=afi@entry=AFI_IP, safi=SAFI_UNICAST, table=table@entry=0x555c8fa510b0, rmap=0x555c8fa71cb0,
update_type=UPDATE_TYPE_ADVERTISE) at bgpd/bgp_conditional_adv.c:111
12 0x0000555c8dbc0b75 in bgp_conditional_adv_timer (t=<optimized out>)
at bgpd/bgp_conditional_adv.c:301
13 0x00007ff3b705b84c in event_call (thread=thread@entry=0x7ffc8cf73440) at lib/event.c:1980
14 0x00007ff3b700bf98 in frr_run (master=0x555c8f27c090) at lib/libfrr.c:1214
15 0x0000555c8da85f05 in main (argc=<optimized out>, argv=0x7ffc8cf736a8) at bgpd/bgp_main.c:510
```
Donald Sharp [Fri, 17 Nov 2023 21:57:20 +0000 (16:57 -0500)]
zebra: Fix fpm multipath encap addition
The fpm code path in building a ecmp route for evpn has
a bug that caused it to not add the encap attribute to
the netlink message. See #f0f7b285b99dbd971400d33feea007232c0bd4a9
for the single path case being fixed.
David Lamparter [Tue, 29 Nov 2022 11:09:45 +0000 (12:09 +0100)]
lib: add common NHT update decode callback
All users of `ZEBRA_NEXTHOP_UPDATE` check the VRF and then call into
`zapi_nexthop_update_decode` before further processing. Begin moving
this into common code in lib/.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
David Lamparter [Mon, 20 Nov 2023 09:29:57 +0000 (10:29 +0100)]
lib: use LYD_VALIDATE_MULTI_ERROR only if available
LYD_VALIDATE_MULTI_ERROR was added in libyang 2.1.36. The currently
enforced minimum of libyang is 2.0.0. Stick an #ifdef around it.
Fixes: 51a2a4b3f471 ("lib: print all errors when validating a config") Cc: Igor Ryzhov <iryzhov@nfware.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
David Lamparter [Thu, 16 Nov 2023 13:14:10 +0000 (14:14 +0100)]
isisd: remove unused router_address fields
These were added in e38e0df01ad3 but never used anywhere. Also the code
grabs any random /32 or /128 that is directly connected to the adjacent
router, which may not even be an address of that router itself.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Direct leak of 40 byte(s) in 10 object(s) allocated from:
#0 0x7f1cde6a9b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
#1 0x562b8eff328d in babel_interface_address_add babeld/babel_interface.c:112
#2 0x7f1cde1772cb in zclient_read lib/zclient.c:4425
#3 0x7f1cde14729c in event_call lib/event.c:1980
#4 0x7f1cde08a3bf in frr_run lib/libfrr.c:1214
#5 0x562b8eff481b in main babeld/babel_main.c:202
#6 0x7f1cdd8acc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
SUMMARY: AddressSanitizer: 40 byte(s) leaked in 10 allocation(s).
***********************************************************************************
```
teletajp [Wed, 1 Nov 2023 09:25:07 +0000 (12:25 +0300)]
ospfd: fix show_ip_ospf_gr_helper
Fix for the command "show ip ospf vrf NAME graceful-restart helper".
FRR did not show information by vrf's name.
If i have router ospf vrf red, vtysh's command
'show ip ospf vrf red graceful-restart helper' will not show anything.
But command 'show ip ospf vrf all graceful-restart helper' will work
normally. This fix fixes the display of information by vrf's name.
Example:
frr1# show ip ospf vrf vrf-1 graceful-restart helper
VRF Name: vrf-1
OSPF Router with ID (192.168.255.81)
Graceful restart helper support enabled.
Strict LSA check is enabled.
Helper supported for Planned and Unplanned Restarts.
Supported Graceful restart interval: 1800(in seconds).
Keelan10 [Wed, 15 Nov 2023 08:53:54 +0000 (12:53 +0400)]
babeld: Free IPv4 Memory in interface_reset
Release memory allocated for the IPv4 address during the interface reset.
The addition of `free(babel_ifp->ipv4)` ensures proper cleanup, preventing
potential memory leaks.
The ASan leak log for reference:
```
***********************************************************************************
Address Sanitizer Error detected in babel_topo1.test_babel_topo1/r2.asan.babeld.18864
Direct leak of 8 byte(s) in 2 object(s) allocated from:
#0 0x7f3f4531bb40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
#1 0x55c1806cb28d in babel_interface_address_add babeld/babel_interface.c:112
#2 0x7f3f44de9e29 in zclient_read lib/zclient.c:4425
#3 0x7f3f44db9dfa in event_call lib/event.c:1965
#4 0x7f3f44cfd3bf in frr_run lib/libfrr.c:1214
#5 0x55c1806cc81b in main babeld/babel_main.c:202
#6 0x7f3f4451fc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
SUMMARY: AddressSanitizer: 8 byte(s) leaked in 2 allocation(s).
***********************************************************************************
```
Keelan10 [Wed, 15 Nov 2023 07:50:09 +0000 (11:50 +0400)]
sharpd: Set Callback Function for Memory Cleanup
Implement a callback function for memory cleanup of sharp_nh_tracker.
Specifically, set `sharp_nh_tracker_free` as the deletion function for the `sg.nhs` list.
This ensures proper cleanup of resources when elements are removed.
The ASan leak log for reference:
```
***********************************************************************************
Address Sanitizer Error detected in zebra_nht_resolution.test_verify_nh_resolution/r1.asan.sharpd.32320
Direct leak of 64 byte(s) in 1 object(s) allocated from:
#0 0x7f4ee812ad28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
#1 0x7f4ee7b291cc in qcalloc lib/memory.c:105
#2 0x5582be672011 in sharp_nh_tracker_get sharpd/sharp_nht.c:36
#3 0x5582be680b42 in watch_nexthop_v4_magic sharpd/sharp_vty.c:139
#4 0x5582be680b42 in watch_nexthop_v4 sharpd/sharp_vty_clippy.c:192
#5 0x7f4ee7aac0b1 in cmd_execute_command_real lib/command.c:978
#6 0x7f4ee7aac575 in cmd_execute_command lib/command.c:1036
#7 0x7f4ee7aac9f4 in cmd_execute lib/command.c:1203
#8 0x7f4ee7bd50bb in vty_command lib/vty.c:594
#9 0x7f4ee7bd5566 in vty_execute lib/vty.c:1357
#10 0x7f4ee7bdde37 in vtysh_read lib/vty.c:2365
#11 0x7f4ee7bc8dfa in event_call lib/event.c:1965
#12 0x7f4ee7b0c3bf in frr_run lib/libfrr.c:1214
#13 0x5582be671252 in main sharpd/sharp_main.c:188
#14 0x7f4ee6f1bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
SUMMARY: AddressSanitizer: 64 byte(s) leaked in 1 allocation(s).
***********************************************************************************
```
Keelan10 [Tue, 14 Nov 2023 21:57:04 +0000 (01:57 +0400)]
zebra: Refactor memory allocation in zebra_rnh.c
Fix memory leaks by allocating `json_segs` conditionally on `nexthop->nh_srv6->seg6_segs`.
The previous code allocated memory even when not in use or attached to the JSON tree.
The ASan leak log for reference:
```
Direct leak of 3240 byte(s) in 45 object(s) allocated from:
#0 0x7f6e84a35d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
#1 0x7f6e83de9e6f in json_object_new_array (/lib/x86_64-linux-gnu/libjson-c.so.3+0x3e6f)
#2 0x564dcab5c1a6 in vty_show_ip_route zebra/zebra_vty.c:705
#3 0x564dcab5cc71 in do_show_route_helper zebra/zebra_vty.c:955
#4 0x564dcab5d418 in do_show_ip_route zebra/zebra_vty.c:1039
#5 0x564dcab63ee5 in show_route_magic zebra/zebra_vty.c:1878
#6 0x564dcab63ee5 in show_route zebra/zebra_vty_clippy.c:659
#7 0x7f6e843b6fb1 in cmd_execute_command_real lib/command.c:978
#8 0x7f6e843b7475 in cmd_execute_command lib/command.c:1036
#9 0x7f6e843b78f4 in cmd_execute lib/command.c:1203
#10 0x7f6e844dfe3b in vty_command lib/vty.c:594
#11 0x7f6e844e02e6 in vty_execute lib/vty.c:1357
#12 0x7f6e844e8bb7 in vtysh_read lib/vty.c:2365
#13 0x7f6e844d3b7a in event_call lib/event.c:1965
#14 0x7f6e844172b0 in frr_run lib/libfrr.c:1214
#15 0x564dcaa50e81 in main zebra/main.c:488
#16 0x7f6e837f7c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Indirect leak of 11520 byte(s) in 45 object(s) allocated from:
#0 0x7f6e84a35d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
#1 0x7f6e83de88c0 in array_list_new (/lib/x86_64-linux-gnu/libjson-c.so.3+0x28c0)
Indirect leak of 1080 byte(s) in 45 object(s) allocated from:
#0 0x7f6e84a35d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
#1 0x7f6e83de8897 in array_list_new (/lib/x86_64-linux-gnu/libjson-c.so.3+0x2897)
```
Donald Sharp [Tue, 14 Nov 2023 16:00:54 +0000 (11:00 -0500)]
lib: Prevent infinite loop in ospf
For some series of calls in FREEBSD setting the SO_RCVBUF size will
always fail under freebsd. This is no bueno since the
setsockopt_so_recvbuf call goes into an infinite loop.
(gdb) bt
0 setsockopt () at setsockopt.S:4
1 0x0000000083065870 in setsockopt_so_recvbuf (sock=15, size=0) at lib/sockopt.c:26
2 0x00000000002bd200 in ospf_ifp_sock_init (ifp=<optimized out>, ifp@entry=0x8d1dd500) at ospfd/ospf_network.c:290
3 0x00000000002ad1e0 in ospf_if_new (ospf=0x8eefc000, ifp=0x8d1dd500, p=0x8eecf1c0) at ospfd/ospf_interface.c:276
4 0x0000000000304ee0 in add_ospf_interface (co=0x8eecbe10, area=0x8d192100) at ospfd/ospfd.c:1115
5 0x00000000003050fc in ospf_network_run_interface (ospf=0x8eefc000, ifp=0x8d1dd500, p=0x80ff63f8, given_area=0x8d192100)
at ospfd/ospfd.c:1460
6 ospf_network_run (p=0x80ff63f8, area=0x8d192100) at ospfd/ospfd.c:1474
7 ospf_network_set (ospf=ospf@entry=0x8eefc000, p=p@entry=0x80ff63f8, area_id=..., df=<optimized out>) at ospfd/ospfd.c:1247
8 0x00000000002e876c in ospf_network_area (self=<optimized out>, vty=0x8eef3180, argc=<optimized out>, argv=<optimized out>)
at ospfd/ospf_vty.c:560
9 0x0000000083006f24 in cmd_execute_command_real (vline=vline@entry=0x8eee9100, vty=vty@entry=0x8eef3180, cmd=<optimized out>,
cmd@entry=0x0, up_level=<optimized out>) at lib/command.c:978
10 0x0000000083006b30 in cmd_execute_command (vline=0x8eee9100, vty=vty@entry=0x8eef3180, cmd=cmd@entry=0x0, vtysh=vtysh@entry=0)
at lib/command.c:1037
11 0x0000000083007044 in cmd_execute (vty=vty@entry=0x8eef3180, cmd=cmd@entry=0x8eefb000 "network 192.168.64.0/24 area 0.0.0.0",
matched=0x0, vtysh=0) at lib/command.c:1203
12 0x000000008307e9cc in vty_command (vty=0x8eef3180, buf=0x8eefb000 "network 192.168.64.0/24 area 0.0.0.0") at lib/vty.c:594
13 vty_execute (vty=vty@entry=0x8eef3180) at lib/vty.c:1357
14 0x000000008307ce40 in vtysh_read (thread=<optimized out>) at lib/vty.c:2365
15 0x0000000083073db0 in event_call (thread=thread@entry=0x80ff88a0) at lib/event.c:1965
16 0x000000008302c604 in frr_run (master=0x8d188140) at lib/libfrr.c:1214
17 0x000000000029c330 in main (argc=6, argv=<optimized out>) at ospfd/ospf_main.c:252
(gdb)
Force the setsockopt function to quit when the value we are passing no
longer makes any sense.
Fixes: #14790 Signed-off-by: Donald Sharp <sharpd@nvidia.com>
Direct leak of 80 byte(s) in 2 object(s) allocated from:
#0 0x7fd0a4b95d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
#1 0x7fd0a45932ff in qcalloc lib/memory.c:105
#2 0x562b630b44cc in aspath_dup bgpd/bgp_aspath.c:689
#3 0x562b62f48498 in route_set_aspath_prepend bgpd/bgp_routemap.c:2283
#4 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
#5 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
#6 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
#7 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
#8 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
#9 0x562b62f6ae90 in subgroup_coalesce_timer bgpd/bgp_updgrp_adv.c:368
#10 0x7fd0a463322a in event_call lib/event.c:1970
#11 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
#12 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
#13 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Direct leak of 80 byte(s) in 2 object(s) allocated from:
#0 0x7fd0a4b95d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
#1 0x7fd0a45932ff in qcalloc lib/memory.c:105
#2 0x562b630b44cc in aspath_dup bgpd/bgp_aspath.c:689
#3 0x562b62f48498 in route_set_aspath_prepend bgpd/bgp_routemap.c:2283
#4 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
#5 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
#6 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
#7 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
#8 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
#9 0x562b62f5b844 in updgrp_policy_update_walkcb bgpd/bgp_updgrp.c:1685
#10 0x562b62f59442 in update_group_walkcb bgpd/bgp_updgrp.c:1721
#11 0x7fd0a455a7aa in hash_walk lib/hash.c:270
#12 0x562b62f64a48 in update_group_af_walk bgpd/bgp_updgrp.c:2062
#13 0x562b62f6508c in update_group_walk bgpd/bgp_updgrp.c:2071
#14 0x562b62f6520c in update_group_policy_update bgpd/bgp_updgrp.c:1769
#15 0x562b62f4c2be in bgp_route_map_process_update bgpd/bgp_routemap.c:4501
#16 0x562b62f4d81a in bgp_route_map_process_update_cb bgpd/bgp_routemap.c:4683
#17 0x7fd0a45ed7e8 in route_map_walk_update_list lib/routemap.c:870
#18 0x562b62f337a2 in bgp_route_map_update_timer bgpd/bgp_routemap.c:4695
#19 0x7fd0a463322a in event_call lib/event.c:1970
#20 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
#21 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
#22 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Indirect leak of 64 byte(s) in 2 object(s) allocated from:
#0 0x7fd0a4b95b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
#1 0x7fd0a459301f in qmalloc lib/memory.c:100
#2 0x562b630b313f in aspath_make_str_count bgpd/bgp_aspath.c:551
#3 0x562b630b3ecf in aspath_str_update bgpd/bgp_aspath.c:659
#4 0x562b630b88b7 in aspath_prepend bgpd/bgp_aspath.c:1484
#5 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
#6 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
#7 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
#8 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
#9 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
#10 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
#11 0x562b62f6ae90 in subgroup_coalesce_timer bgpd/bgp_updgrp_adv.c:368
#12 0x7fd0a463322a in event_call lib/event.c:1970
#13 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
#14 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
#15 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Indirect leak of 64 byte(s) in 2 object(s) allocated from:
#0 0x7fd0a4b95b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
#1 0x7fd0a459301f in qmalloc lib/memory.c:100
#2 0x562b630b313f in aspath_make_str_count bgpd/bgp_aspath.c:551
#3 0x562b630b3ecf in aspath_str_update bgpd/bgp_aspath.c:659
#4 0x562b630b88b7 in aspath_prepend bgpd/bgp_aspath.c:1484
#5 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
#6 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
#7 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
#8 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
#9 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
#10 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
#11 0x562b62f5b844 in updgrp_policy_update_walkcb bgpd/bgp_updgrp.c:1685
#12 0x562b62f59442 in update_group_walkcb bgpd/bgp_updgrp.c:1721
#13 0x7fd0a455a7aa in hash_walk lib/hash.c:270
#14 0x562b62f64a48 in update_group_af_walk bgpd/bgp_updgrp.c:2062
#15 0x562b62f6508c in update_group_walk bgpd/bgp_updgrp.c:2071
#16 0x562b62f6520c in update_group_policy_update bgpd/bgp_updgrp.c:1769
#17 0x562b62f4c2be in bgp_route_map_process_update bgpd/bgp_routemap.c:4501
#18 0x562b62f4d81a in bgp_route_map_process_update_cb bgpd/bgp_routemap.c:4683
#19 0x7fd0a45ed7e8 in route_map_walk_update_list lib/routemap.c:870
#20 0x562b62f337a2 in bgp_route_map_update_timer bgpd/bgp_routemap.c:4695
#21 0x7fd0a463322a in event_call lib/event.c:1970
#22 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
#23 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
#24 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Indirect leak of 48 byte(s) in 2 object(s) allocated from:
#0 0x7fd0a4b95d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
#1 0x7fd0a45932ff in qcalloc lib/memory.c:105
#2 0x562b630b280d in assegment_new bgpd/bgp_aspath.c:105
#3 0x562b630b28f7 in assegment_dup bgpd/bgp_aspath.c:145
#4 0x562b630b29e8 in assegment_dup_all bgpd/bgp_aspath.c:162
#5 0x562b630b8895 in aspath_prepend bgpd/bgp_aspath.c:1483
#6 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
#7 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
#8 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
#9 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
#10 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
#11 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
#12 0x562b62f5b844 in updgrp_policy_update_walkcb bgpd/bgp_updgrp.c:1685
#13 0x562b62f59442 in update_group_walkcb bgpd/bgp_updgrp.c:1721
#14 0x7fd0a455a7aa in hash_walk lib/hash.c:270
#15 0x562b62f64a48 in update_group_af_walk bgpd/bgp_updgrp.c:2062
#16 0x562b62f6508c in update_group_walk bgpd/bgp_updgrp.c:2071
#17 0x562b62f6520c in update_group_policy_update bgpd/bgp_updgrp.c:1769
#18 0x562b62f4c2be in bgp_route_map_process_update bgpd/bgp_routemap.c:4501
#19 0x562b62f4d81a in bgp_route_map_process_update_cb bgpd/bgp_routemap.c:4683
#20 0x7fd0a45ed7e8 in route_map_walk_update_list lib/routemap.c:870
#21 0x562b62f337a2 in bgp_route_map_update_timer bgpd/bgp_routemap.c:4695
#22 0x7fd0a463322a in event_call lib/event.c:1970
#23 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
#24 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
#25 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Indirect leak of 48 byte(s) in 2 object(s) allocated from:
#0 0x7fd0a4b95d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
#1 0x7fd0a45932ff in qcalloc lib/memory.c:105
#2 0x562b630b280d in assegment_new bgpd/bgp_aspath.c:105
#3 0x562b630b28f7 in assegment_dup bgpd/bgp_aspath.c:145
#4 0x562b630b29e8 in assegment_dup_all bgpd/bgp_aspath.c:162
#5 0x562b630b8895 in aspath_prepend bgpd/bgp_aspath.c:1483
#6 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
#7 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
#8 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
#9 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
#10 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
#11 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
#12 0x562b62f6ae90 in subgroup_coalesce_timer bgpd/bgp_updgrp_adv.c:368
#13 0x7fd0a463322a in event_call lib/event.c:1970
#14 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
#15 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
#16 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Indirect leak of 16 byte(s) in 2 object(s) allocated from:
#0 0x7fd0a4b95b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
#1 0x7fd0a459301f in qmalloc lib/memory.c:100
#2 0x562b630b2879 in assegment_data_new bgpd/bgp_aspath.c:83
#3 0x562b630b2879 in assegment_new bgpd/bgp_aspath.c:108
#4 0x562b630b28f7 in assegment_dup bgpd/bgp_aspath.c:145
#5 0x562b630b29e8 in assegment_dup_all bgpd/bgp_aspath.c:162
#6 0x562b630b8895 in aspath_prepend bgpd/bgp_aspath.c:1483
#7 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
#8 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
#9 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
#10 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
#11 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
#12 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
#13 0x562b62f6ae90 in subgroup_coalesce_timer bgpd/bgp_updgrp_adv.c:368
#14 0x7fd0a463322a in event_call lib/event.c:1970
#15 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
#16 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
#17 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Indirect leak of 16 byte(s) in 2 object(s) allocated from:
#0 0x7fd0a4b95b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
#1 0x7fd0a459301f in qmalloc lib/memory.c:100
#2 0x562b630b2879 in assegment_data_new bgpd/bgp_aspath.c:83
#3 0x562b630b2879 in assegment_new bgpd/bgp_aspath.c:108
#4 0x562b630b28f7 in assegment_dup bgpd/bgp_aspath.c:145
#5 0x562b630b29e8 in assegment_dup_all bgpd/bgp_aspath.c:162
#6 0x562b630b8895 in aspath_prepend bgpd/bgp_aspath.c:1483
#7 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
#8 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
#9 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
#10 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
#11 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
#12 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
#13 0x562b62f5b844 in updgrp_policy_update_walkcb bgpd/bgp_updgrp.c:1685
#14 0x562b62f59442 in update_group_walkcb bgpd/bgp_updgrp.c:1721
#15 0x7fd0a455a7aa in hash_walk lib/hash.c:270
#16 0x562b62f64a48 in update_group_af_walk bgpd/bgp_updgrp.c:2062
#17 0x562b62f6508c in update_group_walk bgpd/bgp_updgrp.c:2071
#18 0x562b62f6520c in update_group_policy_update bgpd/bgp_updgrp.c:1769
#19 0x562b62f4c2be in bgp_route_map_process_update bgpd/bgp_routemap.c:4501
#20 0x562b62f4d81a in bgp_route_map_process_update_cb bgpd/bgp_routemap.c:4683
#21 0x7fd0a45ed7e8 in route_map_walk_update_list lib/routemap.c:870
#22 0x562b62f337a2 in bgp_route_map_update_timer bgpd/bgp_routemap.c:4695
#23 0x7fd0a463322a in event_call lib/event.c:1970
#24 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
#25 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
#26 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
SUMMARY: AddressSanitizer: 416 byte(s) leaked in 16 allocation(s).
***********************************************************************************
Problem Statement:
========================
Mentioning few of the leaks here:
=3843268== 6 bytes in 3 blocks are still reachable in loss record 1 of 29
==3843268== at 0x483C855: malloc (vg_replace_malloc.c:381)
==3843268== by 0x489ED0E: qmalloc (memory.c:106)
==3843268== by 0x48DE8DB: redist_add_instance (zclient.c:125)
==3843268== by 0x48DF561: zclient_init (zclient.c:647)
==3843268== by 0x14FFA3: pim_zebra_init (pim_zebra.c:527)
==3843268== by 0x11D021: main (pim6_main.c:178)
==3843268==
==3843268== 24 bytes in 1 blocks are still reachable in loss record 2 of 29
==3843268== at 0x484147B: calloc (vg_replace_malloc.c:1328)
==3843268== by 0x489EE03: qcalloc (memory.c:111)
==3843268== by 0x4878DDE: buffer_new (buffer.c:72)
==3843268== by 0x48DE7BF: zclient_new (zclient.c:75)
==3843268== by 0x14FF1D: pim_zebra_init (pim_zebra.c:516)
==3843268== by 0x11D021: main (pim6_main.c:178)
==3843268==
==3843268== 24 bytes in 1 blocks are still reachable in loss record 3 of 29
==3843268== at 0x484147B: calloc (vg_replace_malloc.c:1328)
==3843268== by 0x489EE03: qcalloc (memory.c:111)
==3843268== by 0x4878DDE: buffer_new (buffer.c:72)
==3843268== by 0x48DE7BF: zclient_new (zclient.c:75)
==3843268== by 0x150A3D: zclient_lookup_new (pim_zlookup.c:131)
==3843268== by 0x11D021: main (pim6_main.c:178)
RCA:
=======================
Memory is allocated when the daemon started but
it is not freed when terminated.
Fix:
=======================
Freeing the memory when daemon goes down.
CID 1570969 Overrun
/bgpd/bgp_snmp_bgp4v2.c: 534 in bgp4v2PathAttrLookup()
/bgpd/bgp_snmp_bgp4v2.c: 575 in bgp4v2PathAttrLookup()
/bgpd/bgp_snmp_bgp4v2.c: 514 in bgp4v2PathAttrLookup()
>>> CID 1570969: (OVERRUN)
>>> Overrunning array "bgp->rib" of 4 64-byte elements at element index 4 (byte offset 319) using index "afi" (which evaluates to 4).
Donald Sharp [Mon, 13 Nov 2023 15:26:48 +0000 (10:26 -0500)]
bgpd: Used %pBD instead of %pRN
Let's use the natural data structure in bgp for the prefix display
instead of a bunch of places where we call a translator function.
The %pBD does this and actually ensures data is correct.
Also fix a few spots in bgp_zebra.c where the cast to a NULL
pointer causes the catcher functionality to not work and fix
the resulting crash that resulted.
Igor Ryzhov [Sat, 11 Nov 2023 00:13:17 +0000 (02:13 +0200)]
lib, mgmtd: respect base xpath in mgmtd
`nb_cli_apply_changes` can be called with base xpath which should be
prepended to xpaths of every change in a transaction. This base xpath is
respected by regular northbound CLI but not by mgmtd. This commit fixes
the problem.
Igor Ryzhov [Fri, 20 Oct 2023 21:51:01 +0000 (00:51 +0300)]
mgmtd, lib: remove batch ids from all messages
Batch IDs are only used to verify that all messages were received and
processed by a backend. It's not necessary to do that as we use reliable
stream transport - messages can't be dropped or received out of order.
This commit also fixes possible race condition that can happen if
one backend process messages slower than other backends.
Igor Ryzhov [Sun, 12 Nov 2023 00:57:25 +0000 (02:57 +0200)]
bgpd: fix build error
I recieve the following error with GCC 9.4.0:
```
In file included from /usr/include/string.h:495,
from ./lib/zebra.h:23,
from bgpd/bgp_snmp_bgp4v2.c:7:
In function ‘memset’,
inlined from ‘bgp4v2PathAttrLookup’ at bgpd/bgp_snmp_bgp4v2.c:605:3,
inlined from ‘bgp4v2PathAttrTable’ at bgpd/bgp_snmp_bgp4v2.c:747:9:
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:71:10: error: ‘__builtin_memset’ offset [9, 20] from the object at ‘paddr’ is out of the bounds of referenced subobject ‘_v4_addr’ with type ‘struct in_addr’ at offset 4 [-Werror=array-bounds]
71 | return __builtin___memset_chk (__dest, __ch, __len, __bos0 (__dest));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```
Christian Hopps [Sat, 11 Nov 2023 19:56:26 +0000 (20:56 +0100)]
tools: suppress some reachable external lib "leaks"
- These are just normal reachable allocs from inside external library code;
however, when running valgrind with memleak types "all" in order to find FRR
specific leaks (from memory.h) these are the only other reported leaks. Makes
easier checking and fixing.
Christian Hopps [Sat, 11 Nov 2023 18:21:17 +0000 (19:21 +0100)]
lib: mgmtd: fix debug cli commands and memleaks
- Cannot have 2 cmd_node's with same .node number. Install the mgmtd
client library debug nodes (client frontend and client backend) using
new unique node numbers. Fixes memleaks.
- Fix "debug mgmt client backend" to generate correct config (and not
for frontend).
Igor Ryzhov [Sat, 11 Nov 2023 00:06:11 +0000 (02:06 +0200)]
lib: fix possible freeing of libyang data
mgmtd frees all non-NULL change->value variables at the end of every
commit. We shouldn't assign change->value with data returned by libyang
to prevent freeing of library-allocated memory.
projects / matthieu / frr.git / log