baozhen-H3C [Wed, 6 Nov 2024 12:17:03 +0000 (20:17 +0800)]
isisd: fix crash when switching P2P after shutdowning LAN circuit
When shutdown a LAN-type circuit, and if the current device is not the DIS (assuming it is a level-1 device), the isis_circuit_down() function will not call the isis_dr_resign() function to clear the circuit->u.bc.run_dr_elect[0] bit (this bit is set on interfaces in the isis_run_dr() function). After switching the link to a P2P type, since u.p2p and u.bc form a union, and circuit->u.bc.snpa = "\000\000\000\000\000" and circuit->u.bc.run_dr_elect = "\001", this results in circuit->u.p2p.neighbor = 0x1000000000000. Consequently, the value of adj->sysid accesses a wild pointer, causing the current crash.
The backtrace is as follows:
(gdb) bt
#0 0x00007fbd30e55fe1 in raise () from /lib/x86_64-linux-gnu/libpthread.so.0
#1 0x00007fbd30f76b29 in core_handler (signo=11, siginfo=0x7ffc60b7a270,
context=0x7ffc60b7a140) at ../lib/sigevent.c:261
#2 <signal handler called>
#3 0x00007fbd30dddba4 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#4 0x0000562aec46617f in isis_spf_run_lfa (area=0x562aee3a56d0, spftree=0x562aee3a51a0)
at ../isisd/isis_lfa.c:2403
#5 0x0000562aec483854 in isis_run_spf_with_protection (area=0x562aee3a56d0,
spftree=0x562aee3a51a0) at ../isisd/isis_spf.c:1891
#6 0x0000562aec483b05 in isis_run_spf_cb (thread=0x7ffc60b7b000)
at ../isisd/isis_spf.c:1953
#7 0x00007fbd30f900bb in thread_call (thread=0x7ffc60b7b000) at ../lib/thread.c:1990
#8 0x00007fbd30f2897b in frr_run (master=0x562aee0833c0) at ../lib/libfrr.c:1198
#9 0x0000562aec454d6d in main (argc=5, argv=0x7ffc60b7b228, envp=0x7ffc60b7b258)
at ../isisd/isis_main.c:273
(gdb) f 4
#4 0x0000562aec46617f in isis_spf_run_lfa (area=0x562aee3a56d0, spftree=0x562aee3a51a0)
at ../isisd/isis_lfa.c:2403
2403 ../isisd/isis_lfa.c: No such file or directory.
(gdb) p circuit->u.p2p.neighbor
$1 = (struct isis_adjacency *) 0x1000000000000
(gdb) p adj->sysid
Cannot access memory at address 0x1000000000006
(gdb) p circuit->u.bc
$2 = {snpa = "\000\000\000\000\000", run_dr_elect = "\001", t_run_dr = {0x0, 0x0},
t_send_lan_hello = {0x0, 0x0}, adjdb = {0x0, 0x0}, lan_neighs = {0x0, 0x0},
is_dr = "\000", l1_desig_is = "\000\000\000\000\000\000",
l2_desig_is = "\000\000\000\000\000\000", t_refresh_pseudo_lsp = {0x0, 0x0}}
(gdb)
The backtrace provided above pertains to version 8.5.4, but it seems that the same issue exists in the code of the master branch as well.
Andrew Cooks [Wed, 6 Nov 2024 01:06:31 +0000 (11:06 +1000)]
ospf6d: remove redundant null ptr check
Fix defect flagged by Coverity:
*** CID 1599957: Null pointer dereferences (REVERSE_INULL)
/ospf6d/ospf6_intra.c: 581 in ospf6_link_lsa_get_prefix_str()
575 int buflen, int pos)
576 {
577 struct ospf6_link_lsa *link_lsa = lsa_after_header(lsa->header);
578 struct ospf6_prefix *prefix = nth_prefix(lsa->header, pos);
579 struct in6_addr in6 = { 0 };
580
>>> CID 1599957: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "lsa" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
581 if (!lsa || !prefix || !buf || buflen < (1 + INET6_ADDRSTRLEN))
582 return NULL;
583
584 /* position zero is used for the lladdr in the body of the LSA */
585 if (pos == 0) {
586 inet_ntop(AF_INET6, &link_lsa->linklocal_addr, buf, buflen);
The check for lsa being not-null happens in ospf6_lsdb_show() and
first dereference happens in ospf6_lsa_show_summary()
Signed-off-by: Andrew Cooks <acooks.at.bda@gmail.com>
Acee [Tue, 5 Nov 2024 15:03:28 +0000 (10:03 -0500)]
ospfd: Fix assert in LSA refresh interval setting
Under certain timing conditions, the current logic asserts in
ospf_lsa_refresh_delay(). While this isn't readily reproducible,
the only explanation is that the conversion from struct timeval
to milliseconds is 0 due to rounding off the microseconds.
Donald Sharp [Thu, 5 Sep 2024 13:11:04 +0000 (09:11 -0400)]
zebra: Don't display the vrf if not using namespace based vrfs
Currently when doing a `show ip route table XXXX`, zebra is displaying
the current default vrf as the vrf we are in. We are displaying a
table not a vrf. This is only true if you are not using namespace
based vrf's, so modify the output to display accordingly.
Donald Sharp [Mon, 30 Sep 2024 16:41:06 +0000 (12:41 -0400)]
zebra: Delay some processing until after startup is finished
Currently zebra starts the graceful restart timer as well as
allows connections from clients before all data is read in
from the kernel as well as the possiblity of allowing client
connections before this happens as well.
Let's move the graceful restart timer start till after this is
done as well as not allowing client connections till then as well.
Donald Sharp [Mon, 28 Oct 2024 21:52:54 +0000 (17:52 -0400)]
lib: Remove counter and a function
The `alloc` counter was tracking the current active
number of events in the system and if it went to
0 when freeing a new one it would assert. This
assert is a duplicate of what would happen with the
XFREE in the same situation. As such it is not
necessary.
Also remove the `event_master_free_unused` function
from the system.
Donald Sharp [Mon, 28 Oct 2024 21:51:04 +0000 (17:51 -0400)]
bgpd: Remove call into event_master_free_unused
This call was originally put into place to help reduce
memory problems associated with bgp having a bajillion
events under load and then we would have a bunch of events
ready to be used on the unused list. In the meantime
code was put into place that limited the depth of the
unused list to 10 elements. This call has now become
unnecessary. Let's just remove it.
The ability for the wheel code to display the name of what
wheel was actually being run was removed from the system.
Since we can no longer do this and it's been 4 years since it's
been in, let's just remove this bit of dead code.
anlan_cs [Thu, 31 Oct 2024 14:44:05 +0000 (22:44 +0800)]
zebra: fix missing kernel routes
The `rib_update_handle_kernel_route_down_possibility()` didn't consider
the kernel routes ( blackhole ) without interface. When some other
interfaces are down, these kernel routes will be wrongly removed.
Donald Sharp [Wed, 30 Oct 2024 20:09:01 +0000 (16:09 -0400)]
bgpd: Move RFC 8212 check for inbound before filter in bgp_update
Currently the code to check to see if any input filters are
applicable is *before* the RFC 8212 check to see if we have
any filters at all. As such we have already tested for this,
so let's move this check for RFC 8212 to immediately before
the input filter test.
Donald Sharp [Wed, 30 Oct 2024 19:44:12 +0000 (15:44 -0400)]
bgpd: Refactor bgp_update some for nexthop reachability
The nexthop reachability code was cut-n-pasted 2 times
with just a tiny bit of difference. If we ever change
that it becomes `fun` to keep them in sync. Since this
is more important than full on speed of code let's abstract
and get bgp_update() to be a bit easier to maintain.
Donald Sharp [Wed, 30 Oct 2024 17:11:35 +0000 (13:11 -0400)]
bgpd: In bgp_update() for mac addrs ensure we are dealing with evpn
The code is just arbitrarily checking to see if there are any
mac addresses associated with a prefix. This makes no
sense from the perspective that it can only happen as
an evpn route. Let's not make non-evpn people pay
the price to check this data.
Donald Sharp [Wed, 30 Oct 2024 16:48:35 +0000 (12:48 -0400)]
bgpd: In bgp_update try to optimize is_loop_check variable
The variable is_loop_check is being set and then later
we test against it multiple times. Move the setting
of whether or not to check for as loops to where it
is tested against and stop testing it multiple times.
Donald Sharp [Wed, 30 Oct 2024 15:14:56 +0000 (11:14 -0400)]
bgpd: Only set bgp_labels in bgp_update if we have num_labels
In the interest of speeding up code, there is no point in
attempting to see if a label is usable if the number of labels
passed in is 0. Since that is a much much quicker test than
the bgp_is_valid_label() call, let's test that first.
Additionally, there is no point in walking the label[] array
passed in unless we are in the if statement, so move it inside.
Donald Sharp [Wed, 30 Oct 2024 15:05:11 +0000 (11:05 -0400)]
bgpd: allowas_in and aspath_loop_count only used in one if statement
In bgp_update(), the two variables allowas_in and aspath_loop_count
are only used when peer->change_local_as is true. Move the retrieval
of the allowas_in data to inside the if statement to save some
(very) small amount of time in bgp_update not gathering this
data unless the particular peer has this set.
Donald Sharp [Wed, 30 Oct 2024 14:15:42 +0000 (10:15 -0400)]
lib: Replace usage of in6addr_cmp with memcmp
memcmp will return and act exactly the same as in6addr_cmp
but it does it significantly faster than how in6addr_cmp
does it. Let this be a lesson for implementing something
that is a duplicate of what is provided by the c library.
Donatas Abraitis [Thu, 31 Oct 2024 08:47:48 +0000 (10:47 +0200)]
zebra: Add missing new line for help string
```
-A, --asic-offload FRR is interacting with an asic underneath the linux kernel
--v6-with-v4-nexthops Underlying dataplane supports v6 routes with v4 nexthops -s, --nl-bufsize Set netlink receive buffer size
```
Fixes: 1f5611c06d1c243b42279748788f0627793ead9c ("zebra: Allow zebra cli to accept v6 routes with v4 nexthops") Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
Donatas Abraitis [Wed, 30 Oct 2024 12:15:36 +0000 (14:15 +0200)]
doc: Create html_context before setting READTHEDOCS
Traceback (most recent call last):
File "/home/docs/checkouts/readthedocs.org/user_builds/frrouting/envs/latest/lib/python3.11/site-packages/sphinx/config.py", line 529, in eval_config_file
exec(code, namespace) # NoQA: S102
^^^^^^^^^^^^^^^^^^^^^
File "/home/docs/checkouts/readthedocs.org/user_builds/frrouting/checkouts/latest/doc/user/conf.py", line 77, in <module>
html_context["READTHEDOCS"] = True
^^^^^^^^^^^^
NameError: name 'html_context' is not defined
Nathan Bahr [Mon, 28 Oct 2024 18:55:49 +0000 (18:55 +0000)]
zebra: Add ability to import alternate tables into the MRIB
Expanded the cli command to include an mrib flag for importing to
the main table MRIB instead of the main table URIB.
Piped through specifying the safi through the import table functions
rather than hardcoding to SAFI_UNICAST.
Import still only import routes from the URIB subtable, only added the
ability to import into the main table MRIB.
Joshua Muthii [Tue, 29 Oct 2024 16:08:14 +0000 (12:08 -0400)]
nhrpd: Modify NHRP authentication feature logging
Modified nhrp_connection_authorized(). Initially, when writing debug
information about incoming NHRP packets with authentication enabled,
the nhrp_connection_authorized() function would print the
passphrase of the incoming packet as if it were a null terminated
string. This meant that if the passphrase on the incoming packet
had non ASCII-complient bytes in it, it would attempt to print those
bytes anyway. There was also no check that the size of the passphrase in
the incoming packet matched the size of the passphrase on the interface.
The changes in this commit log the passphrase on the incoming packet as
well as the passphrase on interface in HEX to avoid issues with ASCII.
It also performs a check that accounts for the sizes of the two different
passphrases
Moved CISCO_PASS_LENGTH_LEN from nhrp_vty.c to nhrp_protocol.h
for easier access to the macro in other files
Joshua Muthii [Tue, 29 Oct 2024 16:05:59 +0000 (12:05 -0400)]
nhrpd: Add topotest for retrying resolution request
Modified nhrp_topo topotest to test for newly added resolution
request retry feature. Changes to the topotest include adding a spoke to the
existing nhrp_topo topotest so that a topology with two spokes and hub
can be used to create shortcuts and test the sending/resending of
resolution requests and responses between spoke and hub. The resolution
request retry feature was tested by blocking incoming resolution requests on a
receiving nodes to stop the creation of a successful shortcut - which
then triggered the sending spoke to retry sending resolution requests
Liam Brady [Tue, 29 Oct 2024 12:50:17 +0000 (08:50 -0400)]
tests: respect RLIMIT_CORE hard limit
In the case that the RLIMIT_CORE hard limit cannot
be raised on a system, do not fail due to an exception.
Instead, attempt to increase the soft limit to as large
a value as possible (e.g. to the set hard limit).
Donald Sharp [Sat, 26 Oct 2024 01:56:14 +0000 (21:56 -0400)]
zebra: When installing a mroute, allow it to flow
Currently the mroute code was not allowing the mroute
to be sent to the dataplane. This leaves us with a
situation where the routes being installed where never
being set as installed and additionally nht against
the mrib would not work if the route came into existence
after the nexthop tracking was asked for.
Turns out all the pieces where there to let this work.
Modify the code to pass it to the dplane and to send
it back up as having worked.
projects / mirror / frr.git / log