bgpd: Free ->raw_data from Hard Notification message after we use it
==175785== 0 bytes in 1 blocks are definitely lost in loss record 1 of 88
==175785== at 0x483DD99: calloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==175785== by 0x492EB8E: qcalloc (in /usr/local/lib/libfrr.so.0.0.0)
==175785== by 0x269823: bgp_notify_decapsulate_hard_reset (in /usr/lib/frr/bgpd)
==175785== by 0x26C85D: bgp_notify_receive (in /usr/lib/frr/bgpd)
==175785== by 0x26E94E: bgp_process_packet (in /usr/lib/frr/bgpd)
==175785== by 0x4985349: thread_call (in /usr/local/lib/libfrr.so.0.0.0)
==175785== by 0x491D521: frr_run (in /usr/local/lib/libfrr.so.0.0.0)
==175785== by 0x1EBEE8: main (in /usr/lib/frr/bgpd)
==175785==
Louis Scalbert [Fri, 27 May 2022 08:42:53 +0000 (10:42 +0200)]
isisd: fix infinite loop when parsing LSPs
Fixing the crash:
> #0 0x0000560aa80f8e30 in lspdb_const_find (h=<error reading variable: Cannot access memory at address 0x7fff5e95efe8>, item=<error reading variable: Cannot access memory at address 0x7fff5e95efe0>) at ./isisd/isis_lsp.h:64
> #1 0x0000560aa80f8e9d in lspdb_find (h=0x560aaa1ed3b8, item=0x7fff5e95f050) at ./isisd/isis_lsp.h:64
> #2 0x0000560aa80f92f9 in lsp_search (head=0x560aaa1ed3b8, id=0x7fff5e95f200 "") at isisd/isis_lsp.c:100
> #3 0x0000560aa8113d69 in spf_adj_list_parse_tlv (spftree=0x560aaa1f09d0, adj_list=0x560aaa214480, id=0x560aad331a78 "", desig_is_id=0x0, pseudo_metric=0, metric=3, oldmetric=false, subtlvs=0x0) at isisd/isis_spf.c:1330
> #4 0x0000560aa811419d in spf_adj_list_parse_lsp (spftree=0x560aaa1f09d0, adj_list=0x560aaa214480, lsp=0x560aaa1f4e50, pseudo_nodeid=0x0, pseudo_metric=0) at isisd/isis_spf.c:1429
> #5 0x0000560aa81141fe in spf_adj_list_parse_lsp (spftree=0x560aaa1f09d0, adj_list=0x560aaa214480, lsp=0x560aaa1ff8e0, pseudo_nodeid=0x0, pseudo_metric=0) at isisd/isis_spf.c:1442
> #6 0x0000560aa81141fe in spf_adj_list_parse_lsp (spftree=0x560aaa1f09d0, adj_list=0x560aaa214480, lsp=0x560aaa1f4e50, pseudo_nodeid=0x0, pseudo_metric=0) at isisd/isis_spf.c:1442
> (...)
> #65507 0x0000560aa81141fe in spf_adj_list_parse_lsp (spftree=0x560aaa1f09d0, adj_list=0x560aaa214480, lsp=0x560aaa1ff8e0, pseudo_nodeid=0x0, pseudo_metric=0) at isisd/isis_spf.c:1442
> #65508 0x0000560aa81141fe in spf_adj_list_parse_lsp (spftree=0x560aaa1f09d0, adj_list=0x560aaa214480, lsp=0x560aaa1f4e50, pseudo_nodeid=0x0, pseudo_metric=0) at isisd/isis_spf.c:1442
> #65509 0x0000560aa81141fe in spf_adj_list_parse_lsp (spftree=0x560aaa1f09d0, adj_list=0x560aaa214480, lsp=0x560aaa1ff8e0, pseudo_nodeid=0x0, pseudo_metric=0) at isisd/isis_spf.c:1442
> #65510 0x0000560aa81141fe in spf_adj_list_parse_lsp (spftree=0x560aaa1f09d0, adj_list=0x560aaa214480, lsp=0x560aaa1f4e50, pseudo_nodeid=0x0, pseudo_metric=0) at isisd/isis_spf.c:1442
> #65511 0x0000560aa8114313 in isis_spf_build_adj_list (spftree=0x560aaa1f09d0, lsp=0x560aaa1f4e50) at isisd/isis_spf.c:1455
> #65512 0x0000560aa8114f09 in isis_run_spf (spftree=0x560aaa1f09d0) at isisd/isis_spf.c:1775
> #65513 0x0000560aa8115057 in isis_run_spf_with_protection (area=0x560aaa1ed3b0, spftree=0x560aaa1f09d0) at isisd/isis_spf.c:1801
> #65514 0x0000560aa8115311 in isis_run_spf_cb (thread=0x7fff5f15e5a0) at isisd/isis_spf.c:1859
> #65515 0x00007f90bac66dcc in thread_call (thread=0x7fff5f15e5a0) at lib/thread.c:2002
> #65516 0x00007f90bac013ee in frr_run (master=0x560aa9f5cb40) at lib/libfrr.c:1196
> #65517 0x0000560aa80e7da2 in main (argc=2, argv=0x7fff5f15e7b8, envp=0x7fff5f15e7d0) at isisd/isis_main.c:273
The fix is similar to the crash fix included in d9884a758c
("isisd: Prepare IS-IS for Link State support"). The fix was:
> diff --git a/isisd/isis_lsp.c b/isisd/isis_lsp.c
> index 94353a5bc8..92d329f035 100644
> --- a/isisd/isis_lsp.c
> +++ b/isisd/isis_lsp.c
> @@ -2166,7 +2178,7 @@ int isis_lsp_iterate_ip_reach(struct isis_lsp *lsp, int family, uint16_t mtid,
> if (lsp->hdr.seqno == 0 || lsp->hdr.rem_lifetime == 0)
> return LSP_ITER_CONTINUE;
>
> - /* Parse main LSP. */
> + /* Parse LSP */
> if (lsp->tlvs) {
> if (!fabricd && !pseudo_lsp && family == AF_INET
> && mtid == ISIS_MT_IPV4_UNICAST) {
> @@ -2236,13 +2248,17 @@ int isis_lsp_iterate_ip_reach(struct isis_lsp *lsp, int family, uint16_t mtid,
> }
> }
>
> - /* Parse LSP fragments. */
> - for (ALL_LIST_ELEMENTS_RO(lsp->lspu.frags, node, frag)) {
> - if (!frag->tlvs)
> - continue;
> + /* Parse LSP fragments if it is not a fragment itself */
> + if (!LSP_FRAGMENT(lsp->hdr.lsp_id))
> + for (ALL_LIST_ELEMENTS_RO(lsp->lspu.frags, node, frag)) {
> + if (!frag->tlvs)
> + continue;
>
> - isis_lsp_iterate_ip_reach(frag, family, mtid, cb, arg);
> - }
> + if (isis_lsp_iterate_ip_reach(frag, family, mtid, cb,
> + arg)
> + == LSP_ITER_STOP)
> + return LSP_ITER_STOP;
> + }
>
> return LSP_ITER_CONTINUE;
> }
Fixes: 7b36d36e0e ("isisd: make the SPF code more modular") Fixes: 5e56a50559 ("isisd: fix infinite loop when parsing LSPs") Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
(cherry picked from commit 8c8a5a02fa66523a96142083575e1eb7b0033667)
Donald Sharp [Tue, 28 Jun 2022 14:26:52 +0000 (10:26 -0400)]
lib: Allow downgrade of all caps when none are specified
Staticd when run tells privs.c that it does not need any
priviledges. The lib/privs.c code was not downgrading
any and all permissions it may have been given at startup.
Since we don't need any let's actually tell the system that
FRR does not need the capabilities anymore in the case
where a daemon does not ask for any cap's.
Sarita Patra [Wed, 29 Jun 2022 13:34:19 +0000 (06:34 -0700)]
pimd: Register stop message sent with mask 32
As per RFC 4601 section 4.9.4, For Register-Stops,
the Mask Len field contains full address length * 8
(e.g. 32 for IPv4 native encoding) (e.g. 128 for IPv6),
if the message is sent for a single group
Donald Sharp [Fri, 17 Jun 2022 15:23:31 +0000 (11:23 -0400)]
zebra: Fix rtadv startup when config read in is before interface up
When a interface is configured with this:
int eva
ipv6 nd ra-interval 5
no ipv6 nd suppress-ra
!
And then subsuquently the interface is created and brought up, FRR
would both error on joining the RA multicast address and never
properly work in this state.
Delay the startup of the join and start of the Router Advertisements
until after the ifindex has actually been found.
Donald Sharp [Sat, 18 Jun 2022 18:37:14 +0000 (14:37 -0400)]
isisd: Fix crash with xfrm interface type
When creating a xfrm interface FRR is crashing when configured
with isis. This is because the weird pattern of not allocating
list's until needed and then allowing the crash when we have
a usage pattern that was not expected. Just always allocate
the different lists that a circuit needs.
Donald Sharp [Fri, 17 Jun 2022 19:40:36 +0000 (15:40 -0400)]
tests: Increase time for zebra_seg6local to look for sharp routes
I have a test failure:
r1.vtysh_cmd(
"sharp install seg6local-routes {} nexthop-seg6local dum0 {} 1".format(
dest, context
)
)
test_func = partial(
check,
r1,
dest,
manifest["out"],
)
success, result = topotest.run_and_expect(test_func, None, count=5, wait=1)
> assert result is None, "Failed"
E AssertionError: Failed
E assert Generated JSON diff error report:
E
E > $: d2 has the following element at index 0 which is not present in d1:
E
E {
E "prefix": "1::1/128",
E "protocol": "sharp",
E "selected": true,...
E
The test output for 1::1/128:
{
"1::1/128":[
{
"prefix":"1::1/128",
"prefixLen":128,
"protocol":"sharp",
"vrfId":0,
"vrfName":"default",
"selected":true,
"destSelected":true,
"distance":150,
"metric":0,
"queued":true,
"table":254,
"internalStatus":8,
Notice that it is still queued after 5 seconds. Under extremely heavy system load
this is not long enough for convergence. Also the zebra.log shows thread starvation
as well as long running tasks
2022/06/17 15:30:02 ZEBRA: [PHJDC-499N2][EC 100663314] STARVATION: task dplane_incoming_request (55b3ce0fea8b) ran for 6369ms (cpu time 0ms)
2022/06/17 15:30:02 ZEBRA: [T83RR-8SM5G] zebra 8.4-dev starting: vty@2601
2022/06/17 15:30:02 ZEBRA: [YZRX4-ZXG0C][EC 100663315] Thread Starvation: {(thread *)0x55b3ce6c15b0 arg=0x0 timer r=-6.375 rib_sweep_route() &zrouter.sweeper from zebra/main.c:447} was scheduled to pop greater than 4s ago
Increasing the time to 25 seconds to give it a chance.
Sarita Patra [Fri, 24 Jun 2022 10:04:37 +0000 (03:04 -0700)]
pimd: fix invalid memory access join_timer_stop
Issue:
==16837== Invalid read of size 8
==16837== at 0x17971C: pim_neighbor_find (pim_neighbor.c:431)
==16837== by 0x186439: join_timer_stop (pim_upstream.c:348)
==16837== by 0x186794: pim_upstream_del (pim_upstream.c:231)
==16837== by 0x189A66: pim_upstream_terminate (pim_upstream.c:1951)
==16837== by 0x17111B: pim_instance_terminate (pim_instance.c:54)
==16837== by 0x17111B: pim_vrf_delete (pim_instance.c:172)
==16837== by 0x4F1D6C8: vrf_delete (vrf.c:264)
==16837== by 0x19006F: pim_terminate (pimd.c:160)
==16837== by 0x1B2E4D: pim_sigterm (pim_signals.c:51)
==16837== by 0x4F08FA2: frr_sigevent_process (sigevent.c:130)
==16837== by 0x4F1A2CC: thread_fetch (thread.c:1771)
==16837== by 0x4ED4F92: frr_run (libfrr.c:1197)
==16837== by 0x15D81A: main (pim_main.c:176)
Root Cause:
In the pim_terminate flow, the interface is deleted
before the pim_interface clean up. Because of this,
the pim_interface is having garbage value.
Fix:
Release the pim interface memory and then delete the
interface.
pimd: Querier to non-querier transition to be ignored
Fixing IGMPv2 ANVL Conformance issue 3.10
As per RFC 2236 section 3, when the leave message is received at a querier,
it starts sending Query messages for "last Member Query Interval*query count"
During this time there should not be any querier to non-querier
transition and the same router needs to send the remaning queries.
Currently the code is handling this scenario only when leave is receive
for a group and the query is received for the same group.
But we need to handle it irrespective of group since the querier
election is based on interface and not group.
Mark Stapp [Fri, 17 Jun 2022 15:47:55 +0000 (11:47 -0400)]
ospf6: permit route delete without nexthops
It's possible for ospf6 to decide to delete a route after it's
removed all of the route's nexthops. It's ok to delete a prefix
alone - be a little more forgiving when preparing a route delete.
Christian Hopps [Fri, 17 Jun 2022 06:04:51 +0000 (02:04 -0400)]
lib: cleanup red-herring memleaks in parent of daemonizing fork
- The parent of the daemonizing fork reports memleaks for the early
northbound allocations (libyang). If these were real memleaks these
would show up in the child as well; however, ignoring all memleaks in
the parent of the fork is too hard a sale. Instead, spend some CPU
cycles cleaning up the allocations in the parent after the fork and
immeidatley prior to exiting the parent after the daemonizing fork.
bgpd: Fix memory leak when setting [l]community at egress
```
==2209758== 7,791,480 (399,840 direct, 7,391,640 indirect) bytes in 9,996 blocks are definitely lost in loss record 102 of 103
==2209758== at 0x4C33B25: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==2209758== by 0x4EE264F: qcalloc (memory.c:116)
==2209758== by 0x22E62A: lcommunity_new (bgp_lcommunity.c:42)
==2209758== by 0x22E62A: lcommunity_dup (bgp_lcommunity.c:155)
==2209758== by 0x26F28F: route_set_lcommunity (bgp_routemap.c:2382)
==2209758== by 0x4EFF7EF: route_map_apply_ext (routemap.c:2663)
==2209758== by 0x250B3D: subgroup_announce_check (bgp_route.c:2202)
==2209758== by 0x27A195: subgroup_announce_table (bgp_updgrp_adv.c:690)
==2209758== by 0x27A509: subgroup_coalesce_timer (bgp_updgrp_adv.c:332)
==2209758== by 0x4F1C3FC: thread_call (thread.c:2002)
==2209758== by 0x4ED6D67: frr_run (libfrr.c:1196)
==2209758== by 0x1E921B: main (bgp_main.c:519)
```
To reproduce it's enough to have something like applied at egress:
On the other side doing:
```
spine1-debian-11# sharp install routes 100.100.100.1 nexthop 192.168.10.65 30
spine1-debian-11# sharp remove routes 100.100.100.1 30
spine1-debian-11# sharp install routes 100.100.100.1 nexthop 192.168.10.65 30
```
Before:
```
Large Community : 66 40 2816 66 2816
Large Community value : 66 variable 29728 66 29728
Large Community : 96 40 4096 96 4096
Large Community value : 96 variable 52048 96 52048
```
After:
```
Large Community : 28 40 1152 29 1192
Large Community value : 28 variable 1456 29 2200
Large Community : 28 40 1152 29 1192
Large Community value : 28 variable 1456 29 2200
```
bgpd: Withdraw implicitly old paths from VRFs when import/export list changes
If we overwrite import/export RT list via route-maps or even flush by using
`set extcommunity none`, then we must withdraw old paths from VRFs to avoid
stale paths.
lib: Update sysrepo code with the latest API changes
* sr_event_notif_send -> sr_notif_send
* sr_process_events -> sr_subscription_process_events
* sr_oper_get_items_subscribe -> sr_oper_get_subscribe
* Removed SR_SUBSCR_CTX_REUSE flag from the code at all
Donald Sharp [Wed, 8 Jun 2022 13:01:31 +0000 (09:01 -0400)]
babeld: Ignore sub-tlv's with mandatory bit set
RFC 8966 4.4
If the mandatory bit is set, then the
whole enclosing TLV MUST be silently ignored (except for updating the
parser state by a Router-Id, Next Hop, or Update TLV, as described in
the next section).
Donald Sharp [Wed, 8 Jun 2022 12:41:05 +0000 (08:41 -0400)]
babeld: Update to ignore unicast hellos
RFC 8966 requires a bit of work to make FRR forward compabitble with
it for the moment.
tl;dr -> Flags of hellos should be 0 except the main bit and
The Unicast Hello bit if set should cause the packet to be ignored.
Additionally FRR needs to ignore Hello packets with the interval field
set to 0.
Donald Sharp [Wed, 8 Jun 2022 20:51:48 +0000 (16:51 -0400)]
pimd: Fix pim_channel_oil_empty tests
The pim_channel_oil_empty() function was setting
the pimreg if it ever existed for NULL comparison
but of course the pimreg device is never pulled back
out again when it was needed to be when the pimreg
is not present.
Donald Sharp [Thu, 9 Jun 2022 14:29:04 +0000 (10:29 -0400)]
pimd: Show interface traffic even if interface is currently `down`
the `show ip pim interface [x] traffic` command was deciding
to skip display of interfaces if they happened to be down at
that moment. This of course does not make a bunch of sense
to limit the output for a interface that may have sent data
in the past.
This fixes this test crash:
rnode = <lib.topogen.TopoRouter object at 0x7fc755be3880>, dut = 'c1', input_dict = {'c1': {'c1-l1-eth2': ['helloTx', 'helloRx']}}, output_dict = {'c1': {}}
Donald Sharp [Wed, 8 Jun 2022 15:33:32 +0000 (11:33 -0400)]
pimd: pim_addr_cmp returns 0 for same not -1 or 1
The test for setting pimDesignatedRouterLocal was comparing
the result of pim_addr_cmp to non zero to say that the
pim_dr_addr and primary_address are the same. This is
not correct in that pim_addr_cmp returns 0 for being the
same, so the correct test is !pim_addr_cmp
pimd: Handle receive of (*,G) register stop with src addr as 0
PIM conformance test case 11.12 sends a register stop msg with
source address as 0. This should trigger a register stop for
all the upstreams. It is not happening as such because we are not
considering 0.0.0.0 source address for starg_handling.
Christian Hopps [Sat, 8 Jan 2022 21:57:10 +0000 (16:57 -0500)]
ospfd: api: fix recovery of LSA after restart of api client
Prior to this fix, restarting the client just failed b/c the code tried to
"refresh" the existing LSA being added, except that code checked for meta-data
to exist, which was deleted when the client disconnected previously (or had
never connected and the LSA state was picked up from the network).
Christian Hopps [Wed, 1 Jun 2022 19:25:35 +0000 (15:25 -0400)]
ospfd: api: add reachable router notifications
Reachable router information is used by OSPF opaque clients in order
to determine if the router advertising the opaque LSA data is
reachable (i.e., 2-way conectivity check).
Christian Hopps [Sat, 15 Jan 2022 11:13:43 +0000 (06:13 -0500)]
ospfd: add all_rtrs route table when opaque enabled
The reachable router table is used by OSPF opaque clients in order to
determine if the router advertising the opaque LSA data is
reachable (i.e., 2-way conectivity check).
isisd: replace ipv4-unicast with standard in config and oper contexts
Only the multi-topology command can use 'ipv4-unicast' keyword to
configure standard topology.
The remaining code: dump from show commands, and yang definition,
uses 'standard' keyword instead.
The test have not been modified. The change would consists in
modifying test_fuzz_isis_tlv_tests.h.gz:
- replacing ipv4-unicast occurences with standard
\x69\x70\x76\x34\x2d\x75\x6e\x69\x63\x61\x73\x74
with
\x73\x74\x61\x6e\x64\x61\x72\x64
- align the buffer length by removing 4 bytes per occurence
Instead, a specific isis_mtid2str_fake() routing has been
put in place in isis_tlvs.c file.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
David Lamparter [Wed, 1 Jun 2022 15:10:11 +0000 (17:10 +0200)]
ospf6d: fix rx/tx buffer sizes
OSPFv3 packets can be fragmented and up to 64k long, regardless of
interface MTU. Trying to size these buffers to MTU is just plain wrong.
To not make this a super intrusive change during the 8.3 release freeze,
just code this into ospf6_iobuf_size().
Since the buffer is now always 64k, don't waste time zeroing the entire
thing in receive; instead just zero kind of a "sled" of 128 bytes after
the buffer as a security precaution.
Fixes: #11298 Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Philippe Guibert [Wed, 25 May 2022 09:47:36 +0000 (11:47 +0200)]
isisd: add ISIS_MT_STANDARD define
This define is added to reflect more what the standard
topology means. Actually, the standard topology may
contain not only IPv4 protocol but also IPv6 protocol.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Martin Buck [Wed, 1 Jun 2022 09:58:52 +0000 (11:58 +0200)]
tools: Really fix all daemon shutdown without complaining about PID files
Fix daemon shutdown broken by f0cccaa6bf7dda71d0e1ad1b0406a9b453a84bb3. Now
we still don't complain about missing PID files but actually stop the
running daemons.
The previous fix was broken because it passed a new "--all" option to
daemon_stop which wasn't handled properly (it assumed $1 contains the
daemon name when at that time it acutally contained the "--all" option).
Plus, "--all" wasn't actually necessary, because we already passed
"--reallyall" from all_stop to daemon_stop after the daemon name.
So remove "--all" again and simply check for "--reallyall" in $2. This
should *really* fix #11317.
Signed-off-by: Martin Buck <mb-tmp-tvguho.pbz@gromit.dyndns.org>
Donald Sharp [Tue, 31 May 2022 16:19:27 +0000 (12:19 -0400)]
bgpd: Add ability to match `match peer <PEERGROUPNAME>`
Allow the end operator to match `match peer <PEERGROUPNAME>`
in a route-map. If the end operator defines interface
based peers and peer-groups that have names that overlap
the interface based peer will match first.
Fixes: #11316 Signed-off-by: Donald Sharp <sharpd@nvidia.com>
Martin Buck [Tue, 31 May 2022 12:16:34 +0000 (14:16 +0200)]
tools: Don't complain about missing PID files when stopping all damons
Since 1686b1d4864384ee508b58418f20970f2dff2587, we try to stop all daemons,
even those which are not (no longer) enabled in /etc/frr/daemons. But we
shouldn't complain about missing PID files for daemons which have never been
started and just silently ignore those.
Signed-off-by: Martin Buck <mb-tmp-tvguho.pbz@gromit.dyndns.org>
projects / matthieu / frr.git / log