Donald Sharp [Fri, 27 Jul 2018 14:02:34 +0000 (10:02 -0400)]
bgpd: Notice when we unlock if we should NULL pointer
The bi->net pointer that is being unlocked had a commit
that removed the `bi->net = NULL;` recently. This code
was preventing a use after free crash being experienced
in other code paths. While commit 37e679629f9 was fixing
a different code path crash.
Make the parent->net pointer aware it may be locked/freed
from multiple places and to not NULL the pointer to it
unless we have actually freed the data.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Fri, 27 Jul 2018 13:54:39 +0000 (09:54 -0400)]
lib: Modify route unlock code to return appropriate pointer
Modify the unlock code for a route_node to return NULL on
pointer freed or to return the node itself again.
We'll need to go through the code and fix this pattern,
but this is a problem for another day. Get this fix in
place and we can make it a low hanging problem to fix.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Wed, 25 Jul 2018 18:37:30 +0000 (14:37 -0400)]
pimd: RPT Prunes do not need to be figured for a *,G Prune
Packet sending in PIM is a two step process.
1) Gather data size of next G to be packed into a packet.
2) Write data
After 1 we need to ensure that the next G to pack will actually
fit in a packet. If it does not send what we've currently written
and start a new packet to send.
Because this was a 2 step process it is important to be consistent
in what you think you have packed -vs- what you think you should.
PIM has a bug where we were considering S,G RPT Prunes for a *,G
even when the *,G was being pruned. This lead to a situation where
we were figuring a write size of more data then what we actually wrote
into a packet. This would leave a 8 byte whole of 0's in the packet
due to the way we moved pointers around.
Fix the code so that we do not attempt to consider S,G rpt prunes
for a *,G prune when figuring out how much we should write in step 1.
Ticket: CM-21644 Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
bgpd: changes for crash seen in BGP on "no rt vpn" bug Id 2667
There is a default BGP VPN and BGP VRF instance in L3VPN configuration.
The routes are imported and exported between BGP VPN and BGP VRF.
Suppose there is one route in BGP VRF and exported to BGP VPN.
In BGP VPN there is bgp_info struct with bgp_info_extra struct has parent pointer pointing to the bgp_info of BGP VRF.
We take the lock for bgp_node and bgp_info of BGP VRF in the context of BGP VPN.
bgp_info has a back pointer to bgp_node via net.
Now when we have done "no rd vpn" in BGP VRF then in bgp_info_extra_free we have to free the parent resources.
In this context only unlocking is required. It should not set the BGP VRF (bgp_info->net) to NULL.
F. Aragon [Tue, 24 Jul 2018 16:21:57 +0000 (18:21 +0200)]
tests/isisd: fix warnings
Commit ae9c9aba changed isis_vertex_id_init() and isis_find_vertex()
parameters, so compiler reported warnings in the test (the actual data
passing through is the same because of the union used in the latest changes).
This commit fixes the warnings in the test.
Chirag Shah [Sat, 21 Jul 2018 18:08:51 +0000 (11:08 -0700)]
bgpd: Add evpn prefix to debug bgp updates prefix
Adding EVPN prefix of Type 2, 3 and 5 routes to bgp updates
prefix filters.
Ticket:CM-14476
Testing Done:
Configure multiple evpn options under 'debug bgp updates prefix'.
Below is the running-config output.
MAC-IP route with just MAC:
debug bgp updates prefix l2vpn evpn type macip mac
00:02:00:0a:0a:0a
MAC-IP route with MAC and IP:
debug bgp updates prefix l2vpn evpn type macip mac
00:02:00:00:00:0c ip 45.0.1.9
MAC-IP route with just MAC and IPv6:
debug bgp updates prefix l2vpn evpn type
macip mac 00:02:00:00:00:0a ip 2001:fee1:0:1::8
Type-3:
debug bgp updates prefix l2vpn evpn type multicast ip 27.0.1.19
Type-5:
debug bgp updates prefix l2vpn evpn type prefix
ip 2060:1:1:1::/64
Signed-off-by: Chirag Shah <chirag@cumulusnetworks.com>
Philippe Guibert [Fri, 20 Jul 2018 15:24:43 +0000 (17:24 +0200)]
bgpd: flowspec 'no local-install any' wrong order in show runni
When configuring an interface, the no local-install any command appears,
and leads to confusions. because the effect of that command differs if
it is executed after local-install <interfaces> or before executing
local-install <interfaces>, the proposal fix here is to suppress that
command from the vty available commands.
PR=59595 Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com> Acked-by: Alain Ritoux <alain.ritoux@6wind.com>
bgpd: flush remaining entry if bgp_pbr_match is equal
When adding an entry, a check is done in order to flush previously
configured entries. The whole parameters are checked so as to not remove
some entries that have ipset entries equal, but not iptable settings.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Philippe Guibert [Thu, 28 Jun 2018 15:26:22 +0000 (17:26 +0200)]
bgpd: flowspec pbr entries listed on the bgp information entry
Because one flowspec entry can create 1-N bgp pbr entries, the list is
now updated and visible. Also, because the bgp_extra structure is used,
this list is flushed when the bgp_extra structure is deleted.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Stephen Worley [Mon, 23 Jul 2018 22:33:53 +0000 (18:33 -0400)]
zebra: Add check for nexthop loop to prevent hanging
Bad nexthop messages from netlink were causing zebra
to hang here. Added a check to verify the length
of the nexthop so it doesn't keep trying to read.
Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
Christian Franke [Tue, 17 Jul 2018 19:14:54 +0000 (15:14 -0400)]
isisd: don't crash when isis_sock_init fails
When isis_sock_init fails in isis_circuit_up, isis_circuit_down would
be called to cancel timers which were scheduled. However
isis_circuit_down would immediately return, since the state had not been
changed to 'UP' yet.
Fix this by having isis_circuit_down always cancel all the timers.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
Philippe Guibert [Wed, 18 Jul 2018 15:58:45 +0000 (17:58 +0200)]
zebra: sometimes, it is not possible to assign a NSID to a vrf
This test case happens in scenarios with mininet, where external netns
may be impossible for the local instance to be modified. The error is
ignored and the netns parsed is ignored too.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Ticket:CM-21712, CM-21711
Reviewed By:
Testing Done:
Configure Local vni enabled L3 Gateway, which would act as router,
checked
show evpn arp-cache vni x ip <ip of svi> on originated and remote VTEPs.
"Router" flag is set.
Signed-off-by: Chirag Shah <chirag@cumulusnetworks.com>
doc: Update rpki.rst for how-to enable rpki module
It has not been properly documented yet how to enable the RPKI module with BGP when having installed FRR with RPKI support. This PR seeks to add a section to the user documentation about this. So users will not have to resolve to searching the internet and looking through the FROG mailing list threads for answers.
It was reported that "show ipv6 route vrf <vrfname>", "show ipv6 route
vrf <vrfname> ::/0 " or "show ipv6 route vrf <vrfname> json" all
displayed that the nexthop was in the default vrf. This was because
the kernel netlink messages would supply the RTA_OIF of the loopback
interface for the kernel-created default route for the vrf, where ipv4
did not supply any RTA_OIF. This fix suppresses the display if the
nexthop and route entry are in different vrfs and the nexthop is
NEXTHOP_TYPE_BLACKHOLE.
Ticket: CM-21722 Signed-off-by: Don Slice <dslice@cumulusnetworks.com>
projects / mirror / frr.git / log