Martin Winter [Tue, 8 Jan 2019 09:30:08 +0000 (01:30 -0800)]
FRRouting Release 4.0.1
Changes since 4.0:
- Security Issue (Denial of Service): Fix BGP Attribute 255 (experimental
VNC) handling
- Fix for large AS paths
- Add json support to "show ip route" command
- bgpd: fix rpki segfault
- bgpd: fix rpki validation for ipv6
- Fix for crash with p2p interfaces on *BSD
- Fix for crash with some IPv6 tunnels
- Run WatchFRR by default on systems with systemd
- isisd: Fixed the way isis reads from bpf
- Add backport to build FRR on Sonic Debian
Signed-off-by: Martin Winter <mwinter@opensourcerouting.org>
Donald Sharp [Wed, 3 Oct 2018 16:27:57 +0000 (12:27 -0400)]
lib: Include compiler.h as early as is possible in the build
The compiler.h header provides us with some useful macro's
that we are using in the system. We do not know exactly
where the CPP_NOTICE and CPP_WARN macros are used but
they can move around. Place this header early in the
build then.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
If a cache server was added after rpki was started it's tr_socket would
not be initialized. This would lead to a segfault if the rtr manager
ever decides to switch to that socket or if rpki support is stopped.
Renato Westphal [Fri, 29 Jun 2018 21:40:38 +0000 (18:40 -0300)]
zebra: silence harmless log message on *BSD
The SIOCGIFMEDIA ioctl returns EINVAL when a virtual interface is
given (e.g. tunnel interfaces). This was making zebra produce lots of
irrelevant log messages during startup, which were a source of concern
for many users. Silence these log messages since they can't be avoided
and are harmless.
Donald Sharp [Thu, 17 May 2018 11:58:02 +0000 (07:58 -0400)]
redhat: Make watchfrr the default
With systemd being the default on more systems now, lets
configure watchfrr to start else systemd systems on
redhat will not stay up for more than 1 minute.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Mon, 9 Apr 2018 18:16:00 +0000 (14:16 -0400)]
zebra: Only send down pertinent information on RTM_DELROUTE
Background:
v6 does not have route replace semantics. If you want to add a nexthop
to an existing route, you just send RTM_NEWROUTE and the new nexthop.
If you want to delete a nexthop you should just send RTM_DELROUTE
with the removed nexthop.
This leads to situations where if zebra is processing a route
and has lost track of intermediate nexthops( yes this sucks )
then v6 routes will get out of sync when we try to implement
route replace semantics.
So notice when we are doing a route delete and the route is
not being updated, just send the prefix and tell it too delete.
Ticket: CM-20391 Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Mon, 16 Apr 2018 22:42:40 +0000 (18:42 -0400)]
zebra: Allow blackhole route deletion for prefixes
With the recent change to just pass the prefix in
for the RTM_DELROUTE, for blackhole routes we
had stopped modifying the req.rtm_type to
be the appropriate type for blackhole routes.
Since we are just deleting on the route, and
zebra is never going to really install the same
route multiple times then we do not need
to specify the req.r.rtm_type for the deletion
command.
Ticket: CM-20616 Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Arthur Jones [Mon, 19 Mar 2018 17:04:00 +0000 (10:04 -0700)]
redhat: enable dist tarball to build in a chroot
When building the rpms, we can use a chroot (in my case docker) to
ensure that the BuildRequires are complete. This test failed with
errors like:
checking for CARES... no
configure: error: trying to build nhrpd, but libcares not found. install c-ares and its -dev headers.
error: Bad exit status from /var/tmp/rpm-tmp.FewvLf (%build)
This is due to a couple missing BuildRequires in the spec file. Here, we
add those in for all RPM builds.
Testing done:
Ran a docker build on CentOS7 which succeeded. Loaded the modules onto
CentOS6 to make sure they were at least valid there, that succeeded.
Issue: https://github.com/FRRouting/frr/issues/1930 Signed-off-by: Arthur Jones <arthur.jones@riverbed.com>
ipinlnd [Wed, 14 Mar 2018 19:26:48 +0000 (22:56 +0330)]
isisd: Fixed the way isis reads from bpf
With this fix, we parse the bpf to process every packet read
Signed-off-by: Ali Rezaee nlndipi@hotmail.com
(cherry picked from commit b9347997d6be2ba45bbad97ab8a2ee8c670f37b0) Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
Rafael Zalamena [Wed, 7 Feb 2018 18:26:25 +0000 (16:26 -0200)]
isis: use descriptor polling instead of time
Allow other supported Operating Systems (OS) to use file descriptor
polling, instead of doing timed fd checks. This should improve
performance greatly on modern OSes (e.g. that support polling on
filtered sockets).
The known OS that doesn't support this is FreeBSD < 5.0, but even then
FRR doesn't compile in these versions. OSes using DLPI method (e.g
Solaris) does not support select()/poll()ing fds as well, so it will be
disabled for it.
Quentin Young [Mon, 5 Mar 2018 18:20:22 +0000 (13:20 -0500)]
tools: add LeakSanitizer suppressions list
Building FRR with AddressSanitizer is kind of annoying since
libpython3.5 leaks memory, clippy links libpython3.5 and clippy runs as
part of the build process. LeakSanitizer has a way to suppress leaks at
runtime by setting the LSAN_OPTIONS environment variable to contain a
file path to a suppression list:
LSAN_OPTIONS=suppressions=path/to/suppr.txt
This commit provides the file. Setting this environment variable to
before building should allow a clean build with ASAN enabled. The
relative path is there because LeakSanitizer looks at paths relative to
the binary it is sanitizing; clippy is in lib/ so the path is set
relative to lib/.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Donald Sharp [Wed, 7 Mar 2018 16:39:56 +0000 (11:39 -0500)]
*: Make code use a consisten definition of labels
Turns out we had 3 different ways to define labels
all of them overlapping with the same meanings.
Consolidate to 1. This one choosen is consistent
naming wise with what the *bsd and linux kernels
use.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Quentin Young [Tue, 6 Mar 2018 18:42:53 +0000 (13:42 -0500)]
ospfd: cancel SR thread at shutdown
Otherwise if it is scheduled the thread pointer will be accessed after
the shutdown task finishes accessing, having deleted the structure that
owns said pointer, which causes a heap UAF.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Quentin Young [Wed, 21 Feb 2018 17:01:34 +0000 (12:01 -0500)]
bgpd: fix incorrect keepalive timer evaluation
Incorrect check for sentinel value effectively caused peers to sometimes
use the keepalive timer value of other peers, which sometimes led to
hold timer expiry.
Signed-off-by: Quentin Young <qlyoung@qlyoung.net>
Olivier Dugeon [Fri, 9 Feb 2018 11:13:07 +0000 (12:13 +0100)]
ospfd: Fix ospfd crash
- ospfd/ospf_opaque.c: Update issue #1652 by introducing a new
function 'free_opaque_info_owner()' to clean list of callback owner
and call this function in appropriate place where 'listdelete_and_null'
is not used.
- ospfd/ospf_packet.c: In case of crash, ospfd is not been able to
flush LSA. In case of self Opaque LSA, when restarting, ospfd crash
during the resynchronisation process with its neighbor due to an
empty list of LSA to flood. Just add a control on the list count
in 'ospf_ls_upd_queue_send()' to escape the function and avoid the
problem.
Olivier Dugeon [Fri, 9 Feb 2018 11:06:35 +0000 (12:06 +0100)]
ospfd: Add json output for Segment Routing
- To ease checking the Segment Routing conformity in topotest,
add json output to 'show ip ospf database segment-routing' CLI.
- Update ospfd user guide accordingly
- Update OSPF-SR documentation with supported features and interoperability
Olivier Dugeon [Mon, 19 Feb 2018 09:17:41 +0000 (10:17 +0100)]
OSPFD: Fix Segment Routing Lan Adjacency TLVs
- Lan Adjacency TLVs was incorrectly formatted due to an error in
TLV size computation. Add new macro to fix this issue
- Update SR link nexthop when it corresponds to an LAN Adj SID. The nexthop
is set to the router id in the TLVi (as per draft), but we need the neighbor
IP address to set the corresponding MPLS LFIB entry
Olivier Dugeon [Mon, 5 Feb 2018 19:24:17 +0000 (20:24 +0100)]
OSPFd: Fix Opaque LSA filtering in Segment Routing
Opaque LSA were incorrectly filtered. LSA Type 1 with a
router id set to 4.x.x.x or 7.x.x.x. or 8.x.x.x are not correctly
filtered and pass to Segment Routing as wrong Opaque LSA of type
Router Information, Extended Prefix respectively Extended Link.
- Add Opaque LSA check to the filter
The CLI command 'segment-routing prefix' didn't check if a same prefix
already exist in SRDB resulting to multiple entries in the SRDB for the
same prefix.
- Update prefix intead of adding a new one if already present in the SRDB
projects / matthieu / frr.git / log