Igor Ryzhov [Wed, 9 Feb 2022 22:23:41 +0000 (01:23 +0300)]
bgpd: fix aspath memleak on error in vnc_direct_bgp_add_nve
bgp_attr_default_set creates a new empty aspath. If family error happens,
this aspath is not freed. Move attr initialization after we checked the
family.
Tomi Salminen [Wed, 2 Feb 2022 09:19:09 +0000 (11:19 +0200)]
ospfd: Core in ospf_if_down during shutdown.
Skip marking routes as changed in ospf_if_down if there's now
new_table present, which might be the case when the instance is
being finished
The backtrace for the core was:
raise (sig=sig@entry=11) at ../sysdeps/unix/sysv/linux/raise.c:50
core_handler (signo=11, siginfo=0x7fffffffe170, context=<optimized out>) at lib/sigevent.c:262
<signal handler called>
route_top (table=0x0) at lib/table.c:401
ospf_if_down (oi=oi@entry=0x555555999090) at ospfd/ospf_interface.c:849
ospf_if_free (oi=0x555555999090) at ospfd/ospf_interface.c:339
ospf_finish_final (ospf=0x55555599c830) at ospfd/ospfd.c:749
ospf_deferred_shutdown_finish (ospf=0x55555599c830) at ospfd/ospfd.c:578
ospf_deferred_shutdown_check (ospf=<optimized out>) at ospfd/ospfd.c:627
ospf_finish (ospf=<optimized out>) at ospfd/ospfd.c:683
ospf_terminate () at ospfd/ospfd.c:653
sigint () at ospfd/ospf_main.c:109
quagga_sigevent_process () at lib/sigevent.c:130
thread_fetch (m=m@entry=0x5555556e45e0, fetch=fetch@entry=0x7fffffffe9b0) at lib/thread.c:1709
frr_run (master=0x5555556e45e0) at lib/libfrr.c:1174
main (argc=9, argv=0x7fffffffecb8) at ospfd/ospf_main.c:254
Igor Ryzhov [Sun, 23 Jan 2022 17:22:42 +0000 (20:22 +0300)]
zebra: fix cleanup of meta queues on vrf disable
Current code treats all metaqueues as lists of route_node structures.
However, some queues contain other structures that need to be cleaned up
differently. Casting the elements of those queues to struct route_node
and dereferencing them leads to a crash. The crash may be seen when
executing bgp_multi_vrf_topo2.
Fix the code by using the proper list element types.
Trey Aspelund [Fri, 14 Jan 2022 21:57:32 +0000 (21:57 +0000)]
bgpd: fix advertisedRoutes json key
'show bgp ... neighbor [routes|received-routes]' both incorrectly
used a json key of 'advertisedRoutes'.
This corrects the key to be 'receivedRoutes' for commands where
the displayed routes were received, not advertised.
before:
unet> r3 show ip bgp neigh 10.2.30.2 received-routes json | include Routes
"advertisedRoutes":{
after:
ub18# show ip bgp neighbors enp1s0 received-routes json | include Routes
"receivedRoutes":{
ub18# show ip bgp neighbors enp1s0 advertised-routes json | include Routes
"advertisedRoutes":{
Rafael Zalamena [Mon, 13 Dec 2021 20:21:56 +0000 (17:21 -0300)]
bgpd: fix aggregate route AS Path attribute
Always free the locally allocated attribute not the one we are using for
return. This fixes a memory leak and a crash when AS Path is set with
route-map.
Igor Ryzhov [Tue, 14 Dec 2021 13:28:08 +0000 (16:28 +0300)]
isisd: fix use after free
Pointers to the adjacency must be cleared only when the adjacency is
deleted. Otherwise, when the ISIS router is deleted later, the adjacency
is not deleted and a crash happens because of UAF.
Igor Ryzhov [Wed, 24 Nov 2021 12:01:41 +0000 (15:01 +0300)]
bfdd: fix detection timeout update
Per RFC 5880 section 6.8.12, the use of a Poll Sequence is not necessary
when the Detect Multiplier is changed. Currently, we update the Detection
Timeout only when a Poll Sequence is terminated, therefore we ignore the
Detect Multiplier change if it's not accompanied with RX/TX timer change.
To fix the problem, we should update the Detection Timeout on every
received packet.
Igor Ryzhov [Fri, 12 Nov 2021 16:32:06 +0000 (19:32 +0300)]
bgpd: fix source-address for BFD sessions when using update-source IFNAME
When "update-source IFNAME" is used for the neighbor, p->update_source
is set to NULL, so we can't use it as a source address and should use
the address from p->su_local.
Donald Sharp [Thu, 11 Nov 2021 18:25:35 +0000 (13:25 -0500)]
ospfd: Prevent use after free on shutdown
Running ospf_topo_vrf1 leads us to this valgrind issue:
==2386518== Invalid read of size 8
==2386518== at 0x4971520: route_top (table.c:401)
==2386518== by 0x181F08: ospf_interface_bfd_apply (ospf_bfd.c:126)
==2386518== by 0x182069: ospf_interface_disable_bfd (ospf_bfd.c:158)
==2386518== by 0x18BF51: ospf_del_if_params (ospf_interface.c:557)
==2386518== by 0x18C584: ospf_if_delete_hook (ospf_interface.c:712)
==2386518== by 0x490CA0B: hook_call_if_del (if.c:61)
==2386518== by 0x490D1F3: if_delete_retain (if.c:286)
==2386518== by 0x490D337: if_delete (if.c:309)
==2386518== by 0x490CDED: if_destroy_via_zapi (if.c:200)
==2386518== by 0x49940A9: zclient_interface_delete (zclient.c:2237)
==2386518== by 0x4998062: zclient_read (zclient.c:3969)
==2386518== by 0x4979529: thread_call (thread.c:1908)
==2386518== by 0x4919918: frr_run (libfrr.c:1164)
==2386518== by 0x181AC7: main (ospf_main.c:235)
==2386518== Address 0x5df39a0 is 0 bytes inside a block of size 56 free'd
==2386518== at 0x48399AB: free (vg_replace_malloc.c:538)
==2386518== by 0x492A03E: qfree (memory.c:141)
==2386518== by 0x4970C6F: route_table_free (table.c:141)
==2386518== by 0x4970A36: route_table_finish (table.c:61)
==2386518== by 0x18C543: ospf_if_delete_hook (ospf_interface.c:708)
==2386518== by 0x490CA0B: hook_call_if_del (if.c:61)
==2386518== by 0x490D1F3: if_delete_retain (if.c:286)
==2386518== by 0x490D337: if_delete (if.c:309)
==2386518== by 0x490CDED: if_destroy_via_zapi (if.c:200)
==2386518== by 0x49940A9: zclient_interface_delete (zclient.c:2237)
==2386518== by 0x4998062: zclient_read (zclient.c:3969)
==2386518== by 0x4979529: thread_call (thread.c:1908)
==2386518== by 0x4919918: frr_run (libfrr.c:1164)
==2386518== by 0x181AC7: main (ospf_main.c:235)
==2386518== Block was alloc'd at
==2386518== at 0x483AB65: calloc (vg_replace_malloc.c:760)
==2386518== by 0x4929EFC: qcalloc (memory.c:116)
==2386518== by 0x49709F8: route_table_init_with_delegate (table.c:53)
==2386518== by 0x49717F4: route_table_init (table.c:528)
==2386518== by 0x18C328: ospf_if_new_hook (ospf_interface.c:659)
==2386518== by 0x490C97D: hook_call_if_add (if.c:60)
==2386518== by 0x490CE85: if_create_name (if.c:223)
==2386518== by 0x490DF32: if_get_by_name (if.c:622)
==2386518== by 0x4993F73: zclient_interface_add (zclient.c:2186)
==2386518== by 0x4998062: zclient_read (zclient.c:3969)
==2386518== by 0x4979529: thread_call (thread.c:1908)
==2386518== by 0x4919918: frr_run (libfrr.c:1164)
==2386518== by 0x181AC7: main (ospf_main.c:235)
==2386518==
Fix the ordering to do the individual node tree cleanup after we delete
the data we care about.
FRR 8.1 brings a long list of enhancements and fixes with 1200 commits from
75 developers. Thanks to all contributers.
* New Features
- Lua hooks are now feature complete, with one hook available for use
(http://docs.frrouting.org/en/latest/scripting.html)
- Improvements to SRv6 (Segment Routing over IPv6)
(http://docs.frrouting.org/en/latest/zebra.html#segment-routing-ipv6)
- Improvements to Prefix-SID (Type 5)
- EVPN route type-5 gateway IP overlay Index
(http://docs.frrouting.org/en/latest/bgp.html#evpn-overlay-index-gateway-ip)
- OSPFv3 NSSA and NSSA totally stub areas
(http://docs.frrouting.org/en/latest/ospf6d.html#ospf6-area)
- OSPFv3 ASBR summarization
(http://docs.frrouting.org/en/latest/ospf6d.html#asbr-summarisation-support-in-ospfv3)
- OSPFv3 Graceful Restart
(http://docs.frrouting.org/en/latest/ospf6d.html#graceful-restart)
- OSPFv2 Graceful Restart (restarting mode added, helper was already implemented)
(http://docs.frrouting.org/en/latest/ospfd.html#graceful-restart)
* FRRouting 2021 GSOC Project
FRRouting's GSOC student implemented the infrastructure needed to add the
ability to call out to user provided Lua scripts from within FRR. Keep an eye
out for developments in this area.
And its presentation at Netdev 0x15:
https://www.youtube.com/watch?v=_8R1MYP7M48&t=1051s
Thank you @dlqs!
* Behavior Changes
- Every node in running config now has an explicit "exit" tag
- Link bandwidth in BGP is now correctly encoded according to IEEE 754.
To stay with old incorrect encoding use:
`neighbor PEER disable-link-bw-encoding-ieee`
* Changelog
alpine
Fix path for daemons file install
bgpd
Add "json" option to "show bgp as-path-access-list"
Add `disable-addpath-rx` knob
Add an ability to set extcommunity to none in route-maps
Add counter of displayed show bgp summary when filtering
Add knob to config cond-adv scanner period
Add route-map `match alias` command
Add rpki source address configuration
Add show bgp summary filter by neighbor or as
Add terse display option on show bgp summary
Allow for auto-completion of community alias's created
Bgp knob to teardown session immediately when peer is unreachable
Expand 'bgp default <afi>-<safi>' cmds
Extend evpn next hop tracking to type-1 and type-4 routes
Fix "no router bgp x vrf default"
Flowspec redirect vrf uses vrf table instead of allocated table id
Handle quick flaps of an evpn prefix properly
Initial batch of evpn lttng tracepoints
Limit processing to what is needed in rpki validation
Modify vrf/view display in show bgp summary
Set 4096 instead of 65535 as new max packet size for a new peer
Set extended msg size only if we advertised and received capability
Show bgp community alias in json community list output
Show bgp prefixes by community alias
Show max packet size per update-group
Split soft reconfigure table task into several jobs to not block vtysh
Store distance received from a redistribute statement
Update route-type-1 legend to match output
isis
Fix sending of lsp with null seqno
lib
Add "json" option to "show ip[v6] access-list"
Add "json" option to "show ip[v6] prefix-list"
Add "json" option to "show route-map"
Prevent grpc assert on missing yang node
nhrp
Clear cache when shortcuts are cleared
Fix corrupt address being shown for shortcuts with no cache entry
Set prefix correctly in resolution request
ospf6
Add debug commands for lsa all and route all
Add warning log for late hello packets
Add write-multiplier configuration
Don't update router-id if at least one adjacency is full
Extend the "redistribute" command with more options
Fix issue when displaying the redistribute command
Fix logging of border router routes
Json output for database dump show command
Link state id in lsa database json output
Send lsa update immediately when ospf instance is deleted
ospfd
Fix crash when creating vlink in unknown vrf
Gr conformance fix for hello packet dr election
Print extra lsa information in some log messages
Rfc conformance test case 25.23 issue fix
Show ip ospf route json does not shown metric and tag
Summary lsa is not originated when process is reset
pathd
Handle pcinitiated configuration, main thread
Handle pcinitiated messages, thread controller
Handle srp_id correctly
If pce ret no-path to pcreq don't retry pcreq nor delegate
pbrd
Add `match ip-protocol [tcp|udp]`
Add ability to set/unset src and dest ports
Nhg "add" edge case for last in table range
Start inclusion of src and dst ports for pbrd
pimd
Add tos/ttl check for igmp conformance
Allow join prune intervals to be as small as 5 seconds
Allow msdp group name 'default'
Fix register suppress timer code
Fix uaf/heap corruption in bsm code
Fix command "no ip msdp mesh-group member"
Igmp groups are not getting timeout
Igmp memberships are not querier specific
Igmp sockets need to be iface-bound too
Prevent uninited usage of nexthop
Support msdp global timers configuration
vtysh
Add cli timestamp '-t' flag
Add error code if daemon is not running
Fix searching commands in parent nodes
yang
Add msdp timer configuration
Fix bgp multicast prefix type
Mark a couple of prefix-list/access-list leafs as mandatory
Move multicast prefix type definition
Replace an empty pattern with a zero-length restriction
Rework pim msdp mesh group
Simplify msdp peer handling
zebra
Add "json" option to "show interface"
Various improvment to dataplane interface
Add message counts for `show zebra client`
Add nhg id to show ip route json
Add show command for ra interface lists
Fix ipv4 routes with ipv6 link local next hops install in fpm
Handle bridge mac address update in evpn contexts
Move individual lines to table in `show zebra client` command
Refresh vxlan evpn contexts, when bridge interface goes up
Update zl3vni when bridge link refreshed in other namespaces
* Contributers
Aaron Pereira <pereiraaa@vmware.com>
Abhinay Ramesh <rabhinay@vmware.com>
Abhishek Naik <bhini@amazon.com>
Adriano Marto Reis <adrianomarto@gmail.com>
Alexander Chernavin <achernavin@netgate.com>
Alexander Skorichenko <askorichenko@netgate.com>
Ameya Dharkar <adharkar@vmware.com>
Amol Lad <amol.lad@4rf.com>
anlan_cs <anlan_cs@tom.com>
Anuradha Karuppiah <anuradhak@nvidia.com>
Basha Mougamadou <b.mougamadou@criteo.com>
batmancn <batmanustc@gmail.com>
Chirag Shah <chirag@nvidia.com>
Christian Hopps <chopps@gmail.com>
Colin Sames <colin.sames@haw-hamburg.de>
David Lamparter <equinox@diac24.net>
Dmitrii Turlupov <dturlupov@factor-ts.ru>
Donald Lee <dlqs@gmx.com>
Donald Sharp <sharpd@nvidia.com>
Donatas Abraitis <donatas.abraitis@gmail.com>
Don Slice <dslice@nvidia.com>
Emanuele Di Pascale <emanuele@voltanet.io>
enigamict <mochienper@gmail.com>
ewlumpkin <ewlumpkin@gmail.com>
GalaxyGorilla <sascha@netdef.org>
github login name <ranjany@vmware.com>
gord_chen <gord_chen@edge-core.com>
G. Paul Ziemba <p-fbsd-bugs@ziemba.us>
Guillaume Solignac <guillaume.solignac@orange.com>
Hiroki Shirokura <slank.dev@gmail.com>
Igor Ryzhov <iryzhov@nfware.com>
Jafar Al-Gharaibeh <jafar@atcorp.com>
Javier Garcia <javier.garcia@voltanet.io>
John W. O'Brien <john@saltant.com>
Kantesh Mundaragi <kmundaragi@vmware.com>
Karen Schoener <karen@voltanet.io>
Kaushik <kaushiknath.null@gmail.com>
Kuldeep Kashyap <kashyapk@vmware.com>
Lars Seipel <ls@slrz.net>
Lou Berger <lberger@labn.net>
Louis Scalbert <louis.scalbert@6wind.com>
lynne <lynne@voltanet.io>
Mark Stapp <mstapp@nvidia.com>
Martin Buck <mb-tmp-tvguho.pbz@gromit.dyndns.org>
Martin Winter <mwinter@opensourcerouting.org>
Mobashshera Rasool <mrasool@vmware.com>
nguggarigoud <nguggarigoud@vmware.com>
Nikhil Kelapure <nikhil.kelapure@broadcom.com>
Olivier Dugeon <olivier.dugeon@orange.com>
Ondřej Surý <ondrej@sury.org>
Pat Ruddy <pat@voltanet.io>
Pavel Ivashchenko <pivashchenko@nfware.com>
Philippe Guibert <philippe.guibert@6wind.com>
Prerana GB <prerana@vmware.com>
Quentin Young <qlyoung@nvidia.com>
Rafael Zalamena <rzalamena@opensourcerouting.org>
Renato Westphal <renato@opensourcerouting.org>
Reuben Dowle <reuben.dowle@4rf.com>
rgirada <rgirada@vmware.com>
Ryoga <contact@proelbtn.com>
Sai Gomathi <nsaigomathi@vmware.com>
schylar <schylarutley@hotmail.com>
Soman K.S <somanks@gmail.com>
Steffen Neubauer <s.neubauer@syseleven.de>
Stephen Worley <sworley@nvidia.com>
Takemasa Imada <takemasa.imada@gmail.com>
Tomáš Szaniszlo <tomaxuser@gmail.com>
Trey Aspelund <taspelund@nvidia.com>
vivek <vivek@cumulusnetworks.com>
Wesley Coakley <wcoakley@nvidia.com>
Xiao Liang <shaw.leon@gmail.com>
Yaroslav Fedoriachenko <yar.fed99@gmail.com>
Yash Ranjan <ranjany@vmware.com>
Yuan Yuan <yyuanam@amazon.com>
zyxwvu Shi <shiyuchen.syc@bytedance.com>
Donald Sharp [Thu, 4 Nov 2021 12:01:14 +0000 (08:01 -0400)]
zebra: Send up ifindex for redistribution when appropriate
Currently the NEXTHOP_TYPE_IPV4 and NEXTHOP_TYPE_IPV6 are
not sending up the resolved ifindex for the route. This
is causing upper level protocols that have something like
this:
route-map FOO permit 10
match interface swp13
!
router ospf
redistribute static
!
ip route 4.5.6.7/32 10.10.10.10
where 10.10.10.10 resolves to interface swp13. The route-map
will never match in this case.
Since FRR has the resolved nexthop interface, FRR might as
well send it up to be selected on by the upper level protocol
as needed.
Rafael Zalamena [Tue, 2 Nov 2021 21:54:23 +0000 (18:54 -0300)]
bgpd: fix BFD configuration update on TTL change
When altering the TTL of a eBGP peer also update the BFD
configuration. This was only working when the configuration happened
after the peer connection had been established.
pimd: In Prune Pending state, the holdtime change is not taking effect
Problem Statement:
In Prune pending state, when Join is received, and there is hold timer change
the Expiry timer is not getting updated with new Hold timer.
Root Cause:
When thread_add_timer function is called and the thread is already in the list
the thread api just returns, it does not modify the timer value.
So when we want to change the timer, we need to first call THREAD_OFF and then
call thread_add_timer.
The Expiry timer thread is not cancelled in PIM_IFJOIN_PRUNE_PENDING state,
therefore the timer change is not taking effect.
Hiroki Shirokura [Mon, 25 Oct 2021 23:36:14 +0000 (23:36 +0000)]
lib: fix srv6 route hardcode with BGP
zclient_send_localsid is called by various routing protocol daemons. To set the
srv6 endpoint function. Fix a hard-coded error in the initial implementation.
Before this PR, the srv6 function will be registered to zebra as a BGP route
even if isisd executes zclient_send_localsid.
Abhishek Naik [Tue, 19 Oct 2021 23:45:26 +0000 (23:45 +0000)]
bgpd: Reset dynamic peer counter
Dynamic peer count is inconsistent in
"show bgp summary json" and "show bgp summary failed json" due to
dynamic peer counter 'dn_count' being reused without resetting
Igor Ryzhov [Mon, 18 Oct 2021 14:16:35 +0000 (17:16 +0300)]
ospfd: fix crash when creating vlink in unknown vrf
if_create_name crashes when vrf_id is VRF_UNKNOWN:
```
nfware# conf t
nfware(config)# router ospf vrf doesnt-exist
nfware(config-router)# area 1.1.1.1 virtual-link 2.2.2.2
vtysh: error reading from ospfd: Success (0)Warning: closing connection to ospfd because of an I/O error!
```
Rafael Zalamena [Mon, 4 Oct 2021 21:10:58 +0000 (18:10 -0300)]
lib: prevent gRPC assert on missing YANG node
`yang_dnode_get` will `assert` if no YANG node/model exist, so lets test for
its existence first before trying to access it.
This `assert` is only acceptable for internal FRR usage otherwise we
might miss typos or unmatching YANG models nodes/leaves. For gRPC usage
we should let users attempt to use non existing models without
`assert`ing.
In startup, zebra would dump interface information from Kernel in 3
steps w/o lock: step1, get interface information; step2, get interface
ipv4 address; step3, get interface ipv6 address.
If any interface gets added after step1, but before step2/3, zebra
would get extra interface addresses in step2/3 that has not been added
into zebra in step1. Returning error in the referenced interface lookup
would cause the startup interface retrieval to be incomplete.
Igor Ryzhov [Fri, 8 Oct 2021 21:22:31 +0000 (00:22 +0300)]
lib: set type for newly created interfaces
Currently, the ll_type is set only in `netlink_interface` which is
executed only during startup. If the interface is created when the FRR
is already running, the type is not stored.
Igor Ryzhov [Tue, 5 Oct 2021 10:27:39 +0000 (13:27 +0300)]
yang: replace an empty pattern with a zero-length restriction
No functional difference, but `length "0"` is more comprehensible.
Suggested-by: Christian Hopps <chopps@labn.net> Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
(cherry picked from commit 405ebe45cf111376fe33bad45b4ec836e0157d9f)
rgirada [Tue, 5 Oct 2021 07:52:36 +0000 (00:52 -0700)]
ospf6d: ospf6d is crashing upon receiving duplicated Grace LSA.
Description:
When grace lsa received, DUT is adding
the copy of the lsas to all nbrs retransmission list as part of
flooding procedure and subsequently incrementing the rmt counter in
the original the LSA. This counter is supposed to be decremented
when ack is received by nbr and the lsa will be removed from retransmission list.
But in our current scenario,
Step-1:
When GR helper is disabled, if DUT receives the grace lsa
it adds the lsa copy to nbrs retransmission list but original
LSA will be discarded since GR helper disabled.
Step-2:
GR helper enabled and DUT receives the grace lsa, as part
of flooding process all nbrs have same copy of lsa in their
corresponding rmt list which was added in step -1 due to this
the corresponding rmt counter in the original lsa is not getting
incremented.
Step-3:
If the same copy of the grace lsa received by DUT, It considers
as implicit ack from nbr if the same copy of the lsa exits in its
rmt list and subsequently decrement the rmt counter.
Since counter is zero (because of step-1 and 2) , it is asserting while decrement.
Mark Stapp [Mon, 9 Aug 2021 15:57:17 +0000 (11:57 -0400)]
lib: avoid double-free in zmq wrapper callbacks
There were paths where the zmq wrapper lib could call user
callbacks that would free the internal context struct, but the
context was then used in the lib code. Use a boolean to avoid
freeing the context within an application callback.
Restore logic that frees the context within the 'cancel' api.
Mark Stapp [Mon, 9 Aug 2021 15:55:15 +0000 (11:55 -0400)]
lib: clear caller's pointer when freeing context struct
The zeromq lib wrapper uses an internal context struct to help
interact with the libfrr event mechanism. When freeing that
context struct, ensure the caller's pointer is also cleared.
projects / mirror / frr.git / log