David Lamparter [Tue, 19 Sep 2023 19:03:24 +0000 (21:03 +0200)]
lib: constrain hash table "tabshift" both ways
The previous change to assume() did address the coverity warning about
one direction of the shift in HASH_KEY, let's constrain the other in
HASH_SIZE as well.
To be fair, the hash table *will* break at 1G entries, but at that point
we have other problems RAM-wise. (Could bump the thing to 64-bit, but
then we need better item hash functions too on every single user.)
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Donald Sharp [Thu, 14 Sep 2023 11:18:37 +0000 (07:18 -0400)]
pimd: Use a better name for oil_parent
Use oil_incoming_vif instead of oil_parent. I had
to go look this up as that I failed to remember that
the linux kernel calls this parent for some bizarre
reason.
David Lamparter [Sat, 16 Sep 2023 12:17:24 +0000 (14:17 +0200)]
ospf6d: fix uninitialized warnings
GCC 13.2.0 complains:
```
ospf6d/ospf6_intra.c:139:25: error: ‘json_arr’ may be used uninitialized [-Werror=maybe-uninitialized]
ospf6d/ospf6_intra.c:485:20: error: ‘json_arr’ may be used uninitialized [-Werror=maybe-uninitialized]
```
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
This patch includes:
* Implementation of RFC 5709 support in OSPF. Using
openssl library and FRR key-chain,
one can use SHA1, SHA256, SHA384, SHA512 and
keyed-MD5( backward compatibility with RFC 2328) HMAC algs.
* Updating documentation of OSPF
* add topotests for new HMAC algorithms
*** CID 1568129: Null pointer dereferences (REVERSE_INULL)
/isisd/isis_tlvs.c: 2813 in unpack_item_srv6_end_sid()
2807 sid->subsubtlvs = NULL;
2808 }
2809
2810 append_item(&subtlvs->srv6_end_sids, (struct isis_item *)sid);
2811 return 0;
2812 out:
>>> CID 1568129: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "sid" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
2813 if (sid)
2814 free_item_srv6_end_sid((struct isis_item *)sid);
2815 return 1;
2816 }
2817
2818 /* Functions related to TLVs 1 Area Addresses */
bgpd: Remove private ASNs after we modify the as-path with the route-map
If we modify as-path with route-map and prepend with private ASNs, then we
advertise a new as-path without stripping private ASNs. Let's fix this, and
remove private ASNs despite if they were sent by the origin or prepended locally.
Jonas Gorski [Thu, 14 Sep 2023 15:04:16 +0000 (17:04 +0200)]
tools: make --quiet actually suppress output
When calling daemon_stop() with --quiet and e.g. the pidfile is empty,
it won't return early since while "$fail" is set, "$2" is "--quiet", so
the if condition isn't met and it will continue executing, resulting
in error messages in the log:
> Sep 14 14:48:33 localhost watchfrr[2085]: [YFT0P-5Q5YX] Forked background command [pid 2086]: /usr/lib/frr/watchfrr.sh restart all
> Sep 14 14:48:33 localhost frrinit.sh[2075]: /usr/lib/frr/frrcommon.sh: line 216: kill: `': not a pid or valid job spec
> Sep 14 14:48:33 localhost frrinit.sh[2075]: /usr/lib/frr/frrcommon.sh: line 216: kill: `': not a pid or valid job spec
> Sep 14 14:48:33 localhost frrinit.sh[2075]: /usr/lib/frr/frrcommon.sh: line 216: kill: `': not a pid or valid job spec
Fix this by moving the --quiet check into the block to log_failure_msg(),
and also add the check to all other invocations of log_*_msg() to make
--quiet properly suppress output.
Fixes: 19a99d89f088 ("tools: suppress unuseful warnings during restarting frr") Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
Sadly, Coverity currently ignores assume() and says:
[...] right shifting by more than 31 bits has undefined behavior.
The shift amount, "33 - h->hh.tabshift", is 33.
Let's see if Coverity understands this can't happen...
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Philippe Guibert [Wed, 13 Sep 2023 09:36:23 +0000 (11:36 +0200)]
bgpd: fix forbiding 'redistribute table' usage on non default instances
The 'redistribute table' command can be used by configuration on a
non default BGP instance, but this command does not work for multiple
reasons:
- The route entries configured on a given table are always configured
from the default vrf. This constraint prevents from redistributing a
prefix from the default vrf to an other non default bgp instance.
- The importation of route entries requires 'ip import-table' on vrfs
and this command is not available
Fix this by preventing from configuring this kind of redistribution
on non default bgp instances.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
bgpd: Handle LLGR capability using dynamic capabilities
LLGR stale time is exchanged using OPEN messages. In order to
reduce stal time before doing an actual graceful restart + LLGR, it might be useful
to increase the time, but this is not possible without resetting the session.
With this change, it's possible to send dynamic capability with a new value, and
GR will respect a new reset time value when LLGR kicks in.
Donald Sharp [Tue, 12 Sep 2023 17:05:05 +0000 (13:05 -0400)]
tests: snmp tests sometimes fail with `Unable to bind`
the snmp tests are using zebra.conf to setup the
address that they are binding to and immediately
after that they are starting snmpd. If snmpd
starts up *before* zebra has installed the address
the bind on the address will fail. Causing the entire
test to fail. Modify the snmpd.conf for all our
snmp tests to bind to all addresses. Things still
work and we no longer have an issue.
Louis Scalbert [Mon, 11 Sep 2023 16:33:23 +0000 (18:33 +0200)]
bgpd: fix vpn import from local vrf with no retain
The BGP "no retain" VPN option avoids storing VPN prefixes that are not
imported in the incoming BGP table (aka. Adj RIB in). When a VPN import
policy is changed, BGP does a soft clear so that a prefix refresh is
requested from the peers. However, the import from local VPN prefixes
is never requested.
Fix this issue by requesting a local import refresh.
Fixes: a486300b26 ("bgpd: implement retain route-target all behaviour") Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Add a new topotest `isis_srv6_topo1` for verifying SRv6 functionalities
in IS-IS (RFC 9352).
This topotest consists of nine tests:
* Network convergence after applying SRv6 configuration
* Disable SRv6 Locator on zebra on r1
* Enable SRv6 Locator on zebra on r1
* Disable SRv6 Locator on ISIS on r1
* Enable SRv6 Locator on ISIS on r1
* Disable SRv6 on ISIS on r1
* Enable SRv6 on ISIS on r1
* Disable SRv6 on zebra on r1
* Enable SRv6 on zebra on r1
The function `sid_exist` verifies if a given SRv6 SID has already been
allocated for a given IS-IS area. This commit extends `sid_exist` to
also consider adjacency SIDs when checking for the existence of the SID.
An SRv6 adjacency SID is a SID that is associated with a particular
adjacency. Adjacency SIDs are advertised using the SRv6 End.X SID
Sub-TLV (RFC 9352 section #8.1) or SRv6 LAN End.X SID Sub-TLV (RFC 9352
section #8.2).
This commit defines the following Adj SIDs management functions:
* srv6_endx_sid_add_single: add a new SRv6 Adjacency SID
* srv6_endx_sid_del: delete an SRv6 Adjacency SID
* isis_srv6_endx_sid_find: lookup SRv6 End.X SID by type
It also attaches some callbacks to the hooks isis_adj_state_change_hook,
isis_adj_ip_enabled_hook, isis_adj_ip_disabled_hook, which are
responsible for installing/removing an SRv6 Adjacency SID automatically
when the state of an IS-IS adjacency changes.
An SRv6 adjacency SID is a SID that is associated with a particular
adjacency. Adjacency SIDs are advertised using the SRv6 End.X SID
Sub-TLV (RFC 9352 section #8.1) or SRv6 LAN End.X SID Sub-TLV (RFC 9352
section #8.2).
This commit defines a data structure `srv6_adjacency` for storing
information about an SRv6 Adjacency SID. This data structure will be
used to support SRv6 Adjacency SIDs functionalities in future commits.
We need to allocate memory SRv6 SID Structure Sub-Sub-TLV in
isis_srv6.c. MTYPE_ISIS_SUBSUBTLV is statically defined in isis_tlvs.c
and therefore is not visible in isis_srv6.c. Let's make
MTYPE_ISIS_SUBSUBTLV non-static to provide visibility to the external
world..
Add SRv6 End.X SID Sub-TLV and SRv6 LAN End.X SID Sub-TLV codepoints
(defined in "IS-IS Sub-TLVs for TLVs Advertising Neighbor Information"
IANA registry). These codepoints will be used in future commits to
pack/unpack corresponding Sub-TLVs.
SRv6 End.X SID Sub-TLV (RFC 9352 section #8.1) and SRv6 LAN End.X SID
Sub-TLV (RFC 9352 section #8.2) contain a `flag` field. Currently, three
flags are defined:
* B-Flag: Backup flag
* S-Flag: Set flag
* P-Flag: Persistent flag
This commit defines three constants representing these flags.
isisd: Add SRv6 End.X SID to IS ext reach Sub-TLVs
Add SRv6 End.X SID Sub-TLV and SRv6 LAN End.X SID Sub-TLV to the
Extended IS Reachability Sub-TLVs data structure and perform proper
initialization/free when the Sub-TLVs data structure is
allocated/destroyed.
According to RFC 9352 section #5, the SRv6 Locators associated with
algorithms 0 and 1 should be also advertised in a Prefix Reachability
TLV (236 or 237) to allow legacy routers (i.e., routers that do not
support SRv6) installing a forwarding entry for algorithms 0 and 1 SRv6
traffic.
This commits extend IS-IS to advertise SRv6 Locators in IPv6
Reachability TLV.
Add a function to build an SRv6 SID Structure Sub-Sub-TLV (RFC 9352
section #9) to advertise the structure of a specific SRv6 End SID passed
as an argument.
projects / mirror / frr.git / log