Donald Sharp [Tue, 24 May 2022 17:33:35 +0000 (13:33 -0400)]
pimd: Allow the LPM match work properly with prefix lists and normal rp's
All rp_info's are being saved in the pim->rp_list and the non prefix-list
rp's are supposed to be saved in table pim->rp_table. What was happening,
though, is that all the plists were being stored at the 224.0.0.0/4 node
of the tree(irrelevant to the fact that we should not be looking up the
non-prefix list rp's in the table) and since we can have multiple prefix lists
and only one rp_info stored at the 224.0.0.0/4 node of the tree, there can be situations
where the 224.0.0.0/4 node can be overwritten due to the order entered.
As such there exists situations where command enter ordering will cause
what we match to, change in pim_rp_find_match_group.
Fixes:
a) Do not store prefix list based rp_info's in the pim->rp_table
b) In pim_rp_find_match_group, ensure that the node lookup does
not correspond to a prefix list based node.
c) When in the situation there are both:
ip pim rp 4.5.6.7 224.0.0.0/16
ip pim rp 5.6.67.8 prefix-list FOO
ip prefix-list FOO permit 224.0.1.0/24
and we receive a group for 224.0.1.5, we were comparing the
224.0.0.0/16 to the 224.0.0.0/4 of the 5.6.67.8 group, when
FRR should have been comparing to entry that matched in the prefix-list
Donatas Abraitis [Thu, 26 May 2022 11:03:02 +0000 (14:03 +0300)]
bgpd: Fix memory leak for BGP community alias in CLI
Before:
```
root@spine1-debian-11:~/frr# vtysh -c 'show memory bgpd | include Large Community'
Large Community : 100 40 4000 100 4000
Large Community value : 100 12 2400 100 2400
root@spine1-debian-11:~/frr# for x in $(seq 1 100); do vtysh -c 'conf' -c 'bgp community alias 123:123:123 testas' > /dev/null; done
root@spine1-debian-11:~/frr# vtysh -c 'show memory bgpd | include Large Community'
Large Community : 200 40 8000 200 8000
Large Community value : 200 12 4800 200 4800
root@spine1-debian-11:~/frr# for x in $(seq 1 100); do vtysh -c 'conf' -c 'bgp community alias 123:123:123 testas' > /dev/null; done
root@spine1-debian-11:~/frr# vtysh -c 'show memory bgpd | include Large Community'
Large Community : 300 40 12000 300 12000
Large Community value : 300 12 7200 300 7200
root@spine1-debian-11:~/frr#
```
After:
```
root@spine1-debian-11:~/frr# vtysh -c 'show memory bgpd | include Large Community'
Large Community : 0 40 0 1 56
Large Community display string: 0 8192 0 1 8200
Large Community value : 0 12 0 1 24
root@spine1-debian-11:~/frr# for x in $(seq 1 100); do vtysh -c 'conf' -c 'bgp community alias 123:123:123 testas' > /dev/null; done
root@spine1-debian-11:~/frr# vtysh -c 'show memory bgpd | include Large Community'
Large Community : 0 40 0 1 56
Large Community display string: 0 8192 0 1 8200
Large Community value : 0 12 0 1 24
root@spine1-debian-11:~/frr#
```
After we call [l]community_str2com(), we should free the memory.
Donatas Abraitis [Wed, 25 May 2022 16:07:40 +0000 (19:07 +0300)]
github: Use pull_request_target as a target
And drop checkout action - not needed.
Due to the dangers inherent to automatic processing of PRs, GitHub’s standard
pull_request workflow trigger by default prevents write permissions and
secrets access to the target repository. However, in some scenarios such
access is needed to properly process the PR.
To this end the pull_request_target workflow trigger was introduced.
Philippe Guibert [Mon, 23 May 2022 08:21:16 +0000 (10:21 +0200)]
zebra: avoid pbr iptable added twice when used with flowspec
The usage of zebra dplane makes the job asyncronous which implies
that a given job will try to add an iptable, while the second job
will not know that its iptable is the same as the former one.
The below exabgp rules stand for two bgp flowspec rules sent to
the bgp device:
This rule creates a single iptable, but in fact, the same iptable
name is appended twice. This results in duplicated entries in the
iptables context. This also results in contexts not flushed, when
BGP session or 'flush' operation is performed.
iptables-save:
[..]
-A PREROUTING -m set --match-set match0x55baf4c25cb0 src,src -g match0x55baf4c25cb0
-A PREROUTING -m set --match-set match0x55baf4c25cb0 src,src -g match0x55baf4c25cb0
-A match0x55baf4c25cb0 -j MARK --set-xmark 0x100/0xffffffff
-A match0x55baf4c25cb0 -j ACCEPT
-A match0x55baf4c25cb0 -j MARK --set-xmark 0x100/0xffffffff
-A match0x55baf4c25cb0 -j ACCEPT
[..]
This commit addresses this issue, by checking that an iptable
context is not already being processed. A flag is added in the
original iptable context, and a check is done if the iptable
context is not already being processed for install or uinstall.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Donald Sharp [Tue, 24 May 2022 13:15:40 +0000 (09:15 -0400)]
tests: Allow cspf_topo1 to function correctly at scale
The cspf_topo1 test is comparing the adj-sid value that is
assigned dynamically based upon bring up order. Under very
large scale this order changes causing the test to fail.
Since the adj-sid is dynamically allocated and appears to
be tested elsewhere, let's remove it from the grab all check.
Donald Sharp [Mon, 23 May 2022 12:16:56 +0000 (08:16 -0400)]
tests: pbr_topo1 sometimes fails under really heavy load
This test is sometimes failing under severe load. Give some time
for the linux rule installation to actually be registered by the
system before declaring failure.
Donald Sharp [Thu, 19 May 2022 23:28:43 +0000 (19:28 -0400)]
tests: Allow a bit longer for bfd topo tests to synchronize
Allowing only 4 seconds for a bfd test to synchronize is going
to run into problems on extremely loaded systems. The test
system should value it actually converged over it actually
converged in a reasonable time, especially on test systems
that are loaded because of many multiples of tests running
at the same time. If it is important to actually test
that something got done by the RFC, the CI system as it
is currently written is not the correct place for this.
Donald Sharp [Thu, 19 May 2022 19:54:59 +0000 (15:54 -0400)]
tests: Ensure routes are not queued when calling verify_rib
Lots of tests call verify_rib that takes a list of routes that
need to be verified in some fashion. This verify_rib functionality
will try up to 12 seconds before failing the check that zebra
has the route and has installed it.
Unfortunately the verify_rib code was not looking to see if
the route was queued for installation and was then allowing
tests to immediately do subsuquent steps that depended on
that route actually being installed sometimes causing tests
to fail.
Write a bit of additional code that looks at the queued
status and allows the test to wait a bit longer for zebra
to finish processing before allowing the test to move on
to the next bit.
Donald Sharp [Tue, 17 May 2022 20:08:01 +0000 (16:08 -0400)]
ospf6d: Remove double check of default prefix
The ospf6_is_valid_summary_addr function is checking
to see if a prefix is the default and also then double
comparing it against the v6 prefix part. No need to do this.
David Lamparter [Thu, 22 Apr 2021 09:04:52 +0000 (11:04 +0200)]
bgpd: implement SendHoldTimer
As described by
https://www.ietf.org/archive/id/draft-spaghetti-idr-bgp-sendholdtimer-04.html
Since this replicates the HoldTime check on the receiver that is already
part of the protocol, I do not believe it necessary to wait for IETF
progress on this draft. It's just replicating an existing element of
the protocol at the other side of the session.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Donald Sharp [Wed, 18 May 2022 18:29:16 +0000 (14:29 -0400)]
bgpd: Allow nht to work when connection succeeds
Originally commit: 8761cd6ddb5437767625f58c8e9cc3ccda7887ab
implemented the ability for LL nexthop tracking to be
interface based. During some more testing the code
to make the interface event happen was noticed to
not properly run in some cases. This was because
it was originally assumed that the connect could
not succeed. Testing has shown that the connect
can succeed and FRR needs to handle the nht tracking
in this case too.
Chirag Shah [Tue, 17 May 2022 05:52:54 +0000 (22:52 -0700)]
zebra: add netlink tunnel msg to dump routine
This patch parses vxlan vnifilter rtm tunnel
message which contains vni mapping to vxlan device.
The new notifications are RTM_NEWTUNNEL,
RTM_DELTUNNEL, and RTM_GETTUNNEL.
Chirag Shah [Sun, 13 Feb 2022 01:02:03 +0000 (17:02 -0800)]
zebra: netlink registry rtm tunnel notif
The kernel supports l3vxlan device to have (l3vni)
vni filter similar to vlan filtering on bridge device.
To receive netlink notification, FRR to register
for new netlink RTNLGRP_TUNNEL message.
This message required to register via additional
socket option as it's beyond bitmap size.
Sai Gomathi N [Thu, 24 Mar 2022 08:53:59 +0000 (01:53 -0700)]
pim6d: Add 'debug pimv6 nht' and 'debug pimv6 nht detial'
Implementing debug pimv6 nht command for PIMv6 nexthop tracking.
It will display information about RPF lookups and information about when a nexthop changes.
debug pimv6 nht detial for for PIMv6 nexthop in detail.This is not enabled by default.
Signed-off-by: Sai Gomathi N <nsaigomathi@vmware.com>
Donald Sharp [Sat, 14 May 2022 20:26:27 +0000 (16:26 -0400)]
bgpd: Fix coverity SA issue with copying over prefix data
in bgp_nlri_parse_ip there is a `sanity` check to ensure
that the prefix length as specified by the packet
will fit inside of a `struct prefix` correctly. The problem
here of course is that this is only v4 / v6 unicast/multicast
parsing and the bytes will never be more than 16, but we are copying
into a part of the struct prefix that is only 16 bytes, but with
this check the length may be up to 47 bytes( but not really possible ).
Limit the size check to at most 16 bytes (since we are only handling
v4 or v6 addresses here )
projects / mirror / frr.git / log