Donald Sharp [Thu, 23 Feb 2023 18:29:32 +0000 (13:29 -0500)]
bgpd: Flowspec overflow issue
According to the flowspec RFC 8955 a flowspec nlri is <length, <nlri data>>
Specifying 0 as a length makes BGP get all warm on the inside. Which
in this case is not a good thing at all. Prevent warmth, stay cold
on the inside.
Reported-by: Iggy Frankovic <iggyfran@amazon.com> Signed-off-by: Donald Sharp <sharpd@nvidia.com>
(cherry picked from commit 0b999c886e241c52bd1f7ef0066700e4b618ebb3)
Donald Sharp [Tue, 28 Jun 2022 14:26:52 +0000 (10:26 -0400)]
lib: Allow downgrade of all caps when none are specified
Staticd when run tells privs.c that it does not need any
priviledges. The lib/privs.c code was not downgrading
any and all permissions it may have been given at startup.
Since we don't need any let's actually tell the system that
FRR does not need the capabilities anymore in the case
where a daemon does not ask for any cap's.
David Lamparter [Mon, 25 Apr 2022 12:07:41 +0000 (14:07 +0200)]
build: fix new gcc 11.2 warnings
Some recent improvement in GCC triggers 2 new warnings, and they're
actual bugs (reading beyond end of prefix_ipv6 by accessing it as
prefix, which is larger.) Luckily it's only in sharpd.
Donald Sharp [Sat, 26 Mar 2022 20:20:53 +0000 (16:20 -0400)]
lib: Ensure order of operations is expected with SECONDS
These 3 values:
ONE_DAY_SECOND
ONE_WEEK_SECOND
ONE_YEAR_SECOND
Are defined based upon the number of seconds. Unfortunately doing math
on these values say something like:
days = t->tv_sec / ONE_DAY_SECOND;
Once you go over about a day causes the order of operations to cause the multiplication
to get messed up:
204 if (!t)
(gdb) n
207 w = d = h = m = ms = 0;
(gdb) set t->tv_sec = ONE_DAY_SECOND + 30
(gdb) n
208 memset(buf, 0, size);
(gdb)
210 us = t->tv_usec;
(gdb)
211 if (us >= 1000) {
(gdb)
212 ms = us / 1000;
(gdb)
213 us %= 1000;
(gdb)
217 if (ms >= 1000) {
(gdb)
222 if (t->tv_sec > ONE_WEEK_SECOND) {
(gdb)
227 if (t->tv_sec > ONE_DAY_SECOND) {
(gdb)
228 d = t->tv_sec / ONE_DAY_SECOND;
(gdb) n
229 t->tv_sec -= d * ONE_DAY_SECOND;
(gdb) n
232 if (t->tv_sec >= HOUR_IN_SECONDS) {
(gdb) p d
$6 = 2073600
(gdb) p t->tv_sec
$7 = -179158953570
(gdb)
Converting to adding paranthesis around around the ONE_DAY_SECOND causes
the order of operations to work as expected.
Donatas Abraitis [Thu, 24 Mar 2022 10:00:57 +0000 (12:00 +0200)]
bgpd: Turn off thread when running `no bmp targets X`
Avoid use-after-free and prevent from crashing:
```
(gdb) bt
0 raise (sig=<optimized out>) at ../sysdeps/unix/sysv/linux/raise.c:50
1 0x00007f2a15c2c30d in core_handler (signo=11, siginfo=0x7fffb915e630, context=<optimized out>) at lib/sigevent.c:261
2 <signal handler called>
3 0x00007f2a156201e4 in bmp_stats (thread=<optimized out>) at bgpd/bgp_bmp.c:1330
4 0x00007f2a15c3d553 in thread_call (thread=thread@entry=0x7fffb915ebf0) at lib/thread.c:2001
5 0x00007f2a15bfa570 in frr_run (master=0x55c43a393ae0) at lib/libfrr.c:1196
6 0x000055c43930627c in main (argc=<optimized out>, argv=<optimized out>) at bgpd/bgp_main.c:519
(gdb)
```
Igor Ryzhov [Wed, 9 Feb 2022 23:51:49 +0000 (02:51 +0300)]
tools: fix frr-reload context keywords
There are singline-line commands inside `router bgp` that start with
`vnc ` or `bmp `. Those commands are currently treated as node-entering
commands. We need to specify such commands more precisely.
Igor Ryzhov [Wed, 9 Feb 2022 22:23:41 +0000 (01:23 +0300)]
bgpd: fix aspath memleak on error in vnc_direct_bgp_add_nve
bgp_attr_default_set creates a new empty aspath. If family error happens,
this aspath is not freed. Move attr initialization after we checked the
family.
Tomi Salminen [Wed, 2 Feb 2022 09:19:09 +0000 (11:19 +0200)]
ospfd: Core in ospf_if_down during shutdown.
Skip marking routes as changed in ospf_if_down if there's now
new_table present, which might be the case when the instance is
being finished
The backtrace for the core was:
raise (sig=sig@entry=11) at ../sysdeps/unix/sysv/linux/raise.c:50
core_handler (signo=11, siginfo=0x7fffffffe170, context=<optimized out>) at lib/sigevent.c:262
<signal handler called>
route_top (table=0x0) at lib/table.c:401
ospf_if_down (oi=oi@entry=0x555555999090) at ospfd/ospf_interface.c:849
ospf_if_free (oi=0x555555999090) at ospfd/ospf_interface.c:339
ospf_finish_final (ospf=0x55555599c830) at ospfd/ospfd.c:749
ospf_deferred_shutdown_finish (ospf=0x55555599c830) at ospfd/ospfd.c:578
ospf_deferred_shutdown_check (ospf=<optimized out>) at ospfd/ospfd.c:627
ospf_finish (ospf=<optimized out>) at ospfd/ospfd.c:683
ospf_terminate () at ospfd/ospfd.c:653
sigint () at ospfd/ospf_main.c:109
quagga_sigevent_process () at lib/sigevent.c:130
thread_fetch (m=m@entry=0x5555556e45e0, fetch=fetch@entry=0x7fffffffe9b0) at lib/thread.c:1709
frr_run (master=0x5555556e45e0) at lib/libfrr.c:1174
main (argc=9, argv=0x7fffffffecb8) at ospfd/ospf_main.c:254
Igor Ryzhov [Sun, 23 Jan 2022 17:22:42 +0000 (20:22 +0300)]
zebra: fix cleanup of meta queues on vrf disable
Current code treats all metaqueues as lists of route_node structures.
However, some queues contain other structures that need to be cleaned up
differently. Casting the elements of those queues to struct route_node
and dereferencing them leads to a crash. The crash may be seen when
executing bgp_multi_vrf_topo2.
Fix the code by using the proper list element types.
Trey Aspelund [Fri, 14 Jan 2022 21:57:32 +0000 (21:57 +0000)]
bgpd: fix advertisedRoutes json key
'show bgp ... neighbor [routes|received-routes]' both incorrectly
used a json key of 'advertisedRoutes'.
This corrects the key to be 'receivedRoutes' for commands where
the displayed routes were received, not advertised.
before:
unet> r3 show ip bgp neigh 10.2.30.2 received-routes json | include Routes
"advertisedRoutes":{
after:
ub18# show ip bgp neighbors enp1s0 received-routes json | include Routes
"receivedRoutes":{
ub18# show ip bgp neighbors enp1s0 advertised-routes json | include Routes
"advertisedRoutes":{
Rafael Zalamena [Mon, 13 Dec 2021 20:21:56 +0000 (17:21 -0300)]
bgpd: fix aggregate route AS Path attribute
Always free the locally allocated attribute not the one we are using for
return. This fixes a memory leak and a crash when AS Path is set with
route-map.
Igor Ryzhov [Tue, 14 Dec 2021 13:28:08 +0000 (16:28 +0300)]
isisd: fix use after free
Pointers to the adjacency must be cleared only when the adjacency is
deleted. Otherwise, when the ISIS router is deleted later, the adjacency
is not deleted and a crash happens because of UAF.
Igor Ryzhov [Wed, 24 Nov 2021 12:01:41 +0000 (15:01 +0300)]
bfdd: fix detection timeout update
Per RFC 5880 section 6.8.12, the use of a Poll Sequence is not necessary
when the Detect Multiplier is changed. Currently, we update the Detection
Timeout only when a Poll Sequence is terminated, therefore we ignore the
Detect Multiplier change if it's not accompanied with RX/TX timer change.
To fix the problem, we should update the Detection Timeout on every
received packet.
Igor Ryzhov [Fri, 12 Nov 2021 16:32:06 +0000 (19:32 +0300)]
bgpd: fix source-address for BFD sessions when using update-source IFNAME
When "update-source IFNAME" is used for the neighbor, p->update_source
is set to NULL, so we can't use it as a source address and should use
the address from p->su_local.
Donald Sharp [Thu, 11 Nov 2021 18:25:35 +0000 (13:25 -0500)]
ospfd: Prevent use after free on shutdown
Running ospf_topo_vrf1 leads us to this valgrind issue:
==2386518== Invalid read of size 8
==2386518== at 0x4971520: route_top (table.c:401)
==2386518== by 0x181F08: ospf_interface_bfd_apply (ospf_bfd.c:126)
==2386518== by 0x182069: ospf_interface_disable_bfd (ospf_bfd.c:158)
==2386518== by 0x18BF51: ospf_del_if_params (ospf_interface.c:557)
==2386518== by 0x18C584: ospf_if_delete_hook (ospf_interface.c:712)
==2386518== by 0x490CA0B: hook_call_if_del (if.c:61)
==2386518== by 0x490D1F3: if_delete_retain (if.c:286)
==2386518== by 0x490D337: if_delete (if.c:309)
==2386518== by 0x490CDED: if_destroy_via_zapi (if.c:200)
==2386518== by 0x49940A9: zclient_interface_delete (zclient.c:2237)
==2386518== by 0x4998062: zclient_read (zclient.c:3969)
==2386518== by 0x4979529: thread_call (thread.c:1908)
==2386518== by 0x4919918: frr_run (libfrr.c:1164)
==2386518== by 0x181AC7: main (ospf_main.c:235)
==2386518== Address 0x5df39a0 is 0 bytes inside a block of size 56 free'd
==2386518== at 0x48399AB: free (vg_replace_malloc.c:538)
==2386518== by 0x492A03E: qfree (memory.c:141)
==2386518== by 0x4970C6F: route_table_free (table.c:141)
==2386518== by 0x4970A36: route_table_finish (table.c:61)
==2386518== by 0x18C543: ospf_if_delete_hook (ospf_interface.c:708)
==2386518== by 0x490CA0B: hook_call_if_del (if.c:61)
==2386518== by 0x490D1F3: if_delete_retain (if.c:286)
==2386518== by 0x490D337: if_delete (if.c:309)
==2386518== by 0x490CDED: if_destroy_via_zapi (if.c:200)
==2386518== by 0x49940A9: zclient_interface_delete (zclient.c:2237)
==2386518== by 0x4998062: zclient_read (zclient.c:3969)
==2386518== by 0x4979529: thread_call (thread.c:1908)
==2386518== by 0x4919918: frr_run (libfrr.c:1164)
==2386518== by 0x181AC7: main (ospf_main.c:235)
==2386518== Block was alloc'd at
==2386518== at 0x483AB65: calloc (vg_replace_malloc.c:760)
==2386518== by 0x4929EFC: qcalloc (memory.c:116)
==2386518== by 0x49709F8: route_table_init_with_delegate (table.c:53)
==2386518== by 0x49717F4: route_table_init (table.c:528)
==2386518== by 0x18C328: ospf_if_new_hook (ospf_interface.c:659)
==2386518== by 0x490C97D: hook_call_if_add (if.c:60)
==2386518== by 0x490CE85: if_create_name (if.c:223)
==2386518== by 0x490DF32: if_get_by_name (if.c:622)
==2386518== by 0x4993F73: zclient_interface_add (zclient.c:2186)
==2386518== by 0x4998062: zclient_read (zclient.c:3969)
==2386518== by 0x4979529: thread_call (thread.c:1908)
==2386518== by 0x4919918: frr_run (libfrr.c:1164)
==2386518== by 0x181AC7: main (ospf_main.c:235)
==2386518==
Fix the ordering to do the individual node tree cleanup after we delete
the data we care about.
FRR 8.1 brings a long list of enhancements and fixes with 1200 commits from
75 developers. Thanks to all contributers.
* New Features
- Lua hooks are now feature complete, with one hook available for use
(http://docs.frrouting.org/en/latest/scripting.html)
- Improvements to SRv6 (Segment Routing over IPv6)
(http://docs.frrouting.org/en/latest/zebra.html#segment-routing-ipv6)
- Improvements to Prefix-SID (Type 5)
- EVPN route type-5 gateway IP overlay Index
(http://docs.frrouting.org/en/latest/bgp.html#evpn-overlay-index-gateway-ip)
- OSPFv3 NSSA and NSSA totally stub areas
(http://docs.frrouting.org/en/latest/ospf6d.html#ospf6-area)
- OSPFv3 ASBR summarization
(http://docs.frrouting.org/en/latest/ospf6d.html#asbr-summarisation-support-in-ospfv3)
- OSPFv3 Graceful Restart
(http://docs.frrouting.org/en/latest/ospf6d.html#graceful-restart)
- OSPFv2 Graceful Restart (restarting mode added, helper was already implemented)
(http://docs.frrouting.org/en/latest/ospfd.html#graceful-restart)
* FRRouting 2021 GSOC Project
FRRouting's GSOC student implemented the infrastructure needed to add the
ability to call out to user provided Lua scripts from within FRR. Keep an eye
out for developments in this area.
And its presentation at Netdev 0x15:
https://www.youtube.com/watch?v=_8R1MYP7M48&t=1051s
Thank you @dlqs!
* Behavior Changes
- Every node in running config now has an explicit "exit" tag
- Link bandwidth in BGP is now correctly encoded according to IEEE 754.
To stay with old incorrect encoding use:
`neighbor PEER disable-link-bw-encoding-ieee`
* Changelog
alpine
Fix path for daemons file install
bgpd
Add "json" option to "show bgp as-path-access-list"
Add `disable-addpath-rx` knob
Add an ability to set extcommunity to none in route-maps
Add counter of displayed show bgp summary when filtering
Add knob to config cond-adv scanner period
Add route-map `match alias` command
Add rpki source address configuration
Add show bgp summary filter by neighbor or as
Add terse display option on show bgp summary
Allow for auto-completion of community alias's created
Bgp knob to teardown session immediately when peer is unreachable
Expand 'bgp default <afi>-<safi>' cmds
Extend evpn next hop tracking to type-1 and type-4 routes
Fix "no router bgp x vrf default"
Flowspec redirect vrf uses vrf table instead of allocated table id
Handle quick flaps of an evpn prefix properly
Initial batch of evpn lttng tracepoints
Limit processing to what is needed in rpki validation
Modify vrf/view display in show bgp summary
Set 4096 instead of 65535 as new max packet size for a new peer
Set extended msg size only if we advertised and received capability
Show bgp community alias in json community list output
Show bgp prefixes by community alias
Show max packet size per update-group
Split soft reconfigure table task into several jobs to not block vtysh
Store distance received from a redistribute statement
Update route-type-1 legend to match output
isis
Fix sending of lsp with null seqno
lib
Add "json" option to "show ip[v6] access-list"
Add "json" option to "show ip[v6] prefix-list"
Add "json" option to "show route-map"
Prevent grpc assert on missing yang node
nhrp
Clear cache when shortcuts are cleared
Fix corrupt address being shown for shortcuts with no cache entry
Set prefix correctly in resolution request
ospf6
Add debug commands for lsa all and route all
Add warning log for late hello packets
Add write-multiplier configuration
Don't update router-id if at least one adjacency is full
Extend the "redistribute" command with more options
Fix issue when displaying the redistribute command
Fix logging of border router routes
Json output for database dump show command
Link state id in lsa database json output
Send lsa update immediately when ospf instance is deleted
ospfd
Fix crash when creating vlink in unknown vrf
Gr conformance fix for hello packet dr election
Print extra lsa information in some log messages
Rfc conformance test case 25.23 issue fix
Show ip ospf route json does not shown metric and tag
Summary lsa is not originated when process is reset
pathd
Handle pcinitiated configuration, main thread
Handle pcinitiated messages, thread controller
Handle srp_id correctly
If pce ret no-path to pcreq don't retry pcreq nor delegate
pbrd
Add `match ip-protocol [tcp|udp]`
Add ability to set/unset src and dest ports
Nhg "add" edge case for last in table range
Start inclusion of src and dst ports for pbrd
pimd
Add tos/ttl check for igmp conformance
Allow join prune intervals to be as small as 5 seconds
Allow msdp group name 'default'
Fix register suppress timer code
Fix uaf/heap corruption in bsm code
Fix command "no ip msdp mesh-group member"
Igmp groups are not getting timeout
Igmp memberships are not querier specific
Igmp sockets need to be iface-bound too
Prevent uninited usage of nexthop
Support msdp global timers configuration
vtysh
Add cli timestamp '-t' flag
Add error code if daemon is not running
Fix searching commands in parent nodes
yang
Add msdp timer configuration
Fix bgp multicast prefix type
Mark a couple of prefix-list/access-list leafs as mandatory
Move multicast prefix type definition
Replace an empty pattern with a zero-length restriction
Rework pim msdp mesh group
Simplify msdp peer handling
zebra
Add "json" option to "show interface"
Various improvment to dataplane interface
Add message counts for `show zebra client`
Add nhg id to show ip route json
Add show command for ra interface lists
Fix ipv4 routes with ipv6 link local next hops install in fpm
Handle bridge mac address update in evpn contexts
Move individual lines to table in `show zebra client` command
Refresh vxlan evpn contexts, when bridge interface goes up
Update zl3vni when bridge link refreshed in other namespaces
* Contributers
Aaron Pereira <pereiraaa@vmware.com>
Abhinay Ramesh <rabhinay@vmware.com>
Abhishek Naik <bhini@amazon.com>
Adriano Marto Reis <adrianomarto@gmail.com>
Alexander Chernavin <achernavin@netgate.com>
Alexander Skorichenko <askorichenko@netgate.com>
Ameya Dharkar <adharkar@vmware.com>
Amol Lad <amol.lad@4rf.com>
anlan_cs <anlan_cs@tom.com>
Anuradha Karuppiah <anuradhak@nvidia.com>
Basha Mougamadou <b.mougamadou@criteo.com>
batmancn <batmanustc@gmail.com>
Chirag Shah <chirag@nvidia.com>
Christian Hopps <chopps@gmail.com>
Colin Sames <colin.sames@haw-hamburg.de>
David Lamparter <equinox@diac24.net>
Dmitrii Turlupov <dturlupov@factor-ts.ru>
Donald Lee <dlqs@gmx.com>
Donald Sharp <sharpd@nvidia.com>
Donatas Abraitis <donatas.abraitis@gmail.com>
Don Slice <dslice@nvidia.com>
Emanuele Di Pascale <emanuele@voltanet.io>
enigamict <mochienper@gmail.com>
ewlumpkin <ewlumpkin@gmail.com>
GalaxyGorilla <sascha@netdef.org>
github login name <ranjany@vmware.com>
gord_chen <gord_chen@edge-core.com>
G. Paul Ziemba <p-fbsd-bugs@ziemba.us>
Guillaume Solignac <guillaume.solignac@orange.com>
Hiroki Shirokura <slank.dev@gmail.com>
Igor Ryzhov <iryzhov@nfware.com>
Jafar Al-Gharaibeh <jafar@atcorp.com>
Javier Garcia <javier.garcia@voltanet.io>
John W. O'Brien <john@saltant.com>
Kantesh Mundaragi <kmundaragi@vmware.com>
Karen Schoener <karen@voltanet.io>
Kaushik <kaushiknath.null@gmail.com>
Kuldeep Kashyap <kashyapk@vmware.com>
Lars Seipel <ls@slrz.net>
Lou Berger <lberger@labn.net>
Louis Scalbert <louis.scalbert@6wind.com>
lynne <lynne@voltanet.io>
Mark Stapp <mstapp@nvidia.com>
Martin Buck <mb-tmp-tvguho.pbz@gromit.dyndns.org>
Martin Winter <mwinter@opensourcerouting.org>
Mobashshera Rasool <mrasool@vmware.com>
nguggarigoud <nguggarigoud@vmware.com>
Nikhil Kelapure <nikhil.kelapure@broadcom.com>
Olivier Dugeon <olivier.dugeon@orange.com>
Ondřej Surý <ondrej@sury.org>
Pat Ruddy <pat@voltanet.io>
Pavel Ivashchenko <pivashchenko@nfware.com>
Philippe Guibert <philippe.guibert@6wind.com>
Prerana GB <prerana@vmware.com>
Quentin Young <qlyoung@nvidia.com>
Rafael Zalamena <rzalamena@opensourcerouting.org>
Renato Westphal <renato@opensourcerouting.org>
Reuben Dowle <reuben.dowle@4rf.com>
rgirada <rgirada@vmware.com>
Ryoga <contact@proelbtn.com>
Sai Gomathi <nsaigomathi@vmware.com>
schylar <schylarutley@hotmail.com>
Soman K.S <somanks@gmail.com>
Steffen Neubauer <s.neubauer@syseleven.de>
Stephen Worley <sworley@nvidia.com>
Takemasa Imada <takemasa.imada@gmail.com>
Tomáš Szaniszlo <tomaxuser@gmail.com>
Trey Aspelund <taspelund@nvidia.com>
vivek <vivek@cumulusnetworks.com>
Wesley Coakley <wcoakley@nvidia.com>
Xiao Liang <shaw.leon@gmail.com>
Yaroslav Fedoriachenko <yar.fed99@gmail.com>
Yash Ranjan <ranjany@vmware.com>
Yuan Yuan <yyuanam@amazon.com>
zyxwvu Shi <shiyuchen.syc@bytedance.com>
Donald Sharp [Thu, 4 Nov 2021 12:01:14 +0000 (08:01 -0400)]
zebra: Send up ifindex for redistribution when appropriate
Currently the NEXTHOP_TYPE_IPV4 and NEXTHOP_TYPE_IPV6 are
not sending up the resolved ifindex for the route. This
is causing upper level protocols that have something like
this:
route-map FOO permit 10
match interface swp13
!
router ospf
redistribute static
!
ip route 4.5.6.7/32 10.10.10.10
where 10.10.10.10 resolves to interface swp13. The route-map
will never match in this case.
Since FRR has the resolved nexthop interface, FRR might as
well send it up to be selected on by the upper level protocol
as needed.
Rafael Zalamena [Tue, 2 Nov 2021 21:54:23 +0000 (18:54 -0300)]
bgpd: fix BFD configuration update on TTL change
When altering the TTL of a eBGP peer also update the BFD
configuration. This was only working when the configuration happened
after the peer connection had been established.
pimd: In Prune Pending state, the holdtime change is not taking effect
Problem Statement:
In Prune pending state, when Join is received, and there is hold timer change
the Expiry timer is not getting updated with new Hold timer.
Root Cause:
When thread_add_timer function is called and the thread is already in the list
the thread api just returns, it does not modify the timer value.
So when we want to change the timer, we need to first call THREAD_OFF and then
call thread_add_timer.
The Expiry timer thread is not cancelled in PIM_IFJOIN_PRUNE_PENDING state,
therefore the timer change is not taking effect.
Hiroki Shirokura [Mon, 25 Oct 2021 23:36:14 +0000 (23:36 +0000)]
lib: fix srv6 route hardcode with BGP
zclient_send_localsid is called by various routing protocol daemons. To set the
srv6 endpoint function. Fix a hard-coded error in the initial implementation.
Before this PR, the srv6 function will be registered to zebra as a BGP route
even if isisd executes zclient_send_localsid.
Abhishek Naik [Tue, 19 Oct 2021 23:45:26 +0000 (23:45 +0000)]
bgpd: Reset dynamic peer counter
Dynamic peer count is inconsistent in
"show bgp summary json" and "show bgp summary failed json" due to
dynamic peer counter 'dn_count' being reused without resetting
Igor Ryzhov [Mon, 18 Oct 2021 14:16:35 +0000 (17:16 +0300)]
ospfd: fix crash when creating vlink in unknown vrf
if_create_name crashes when vrf_id is VRF_UNKNOWN:
```
nfware# conf t
nfware(config)# router ospf vrf doesnt-exist
nfware(config-router)# area 1.1.1.1 virtual-link 2.2.2.2
vtysh: error reading from ospfd: Success (0)Warning: closing connection to ospfd because of an I/O error!
```
projects / mirror / frr.git / log