Donald Sharp [Fri, 14 May 2021 13:46:36 +0000 (09:46 -0400)]
pimd: Fix rare crash situation
When running pim on an interface and that interface has
state and we move that interface into a different vrf
there exists a call path where we have not created the pimreg
device yet. Prevent a crash in this rare situation.
Ticket: #2552763 Signed-off-by: Donald Sharp <sharpd@nvidia.com>
When browsing or parsing OSPF LSA TLVs, we need to use the LSA length which is
part of the LSA header. This length, encoded in 16 bits, must be first
converted to host byte order with ntohs() function. However, Coverity Scan
considers that ntohs() function return TAINTED data. Thus, when the length is
used to control for() loop, Coverity Scan marks this part of the code as defect
with "Untrusted Loop Bound" due to the usage of Tainted variable. Similar
problems occur when browsing sub-TLV where length is extracted with ntohs().
To overcome this limitation, a size attribute has been added to the ospf_lsa
structure. The size is set when lsa->data buffer is allocated. In addition,
when an OSPF packet is received, the size of the payload is controlled before
contains is processed. For OSPF LSA, this allow a secure buffer allocation.
Thus, new size attribute contains the exact buffer allocation allowing a
strict control during TLV browsing.
This patch adds extra control to bound for() loop during TLV browsing to
avoid potential problem as suggested by Coverity Scan. Controls are based
on new size attribute of the ospf_lsa structure to avoid any ambiguity.
Fredi Raspall [Sun, 2 May 2021 15:13:11 +0000 (17:13 +0200)]
isisd: clear the N-flag in ext. reachability TLVs
If the n-flag-clear option is set in the configuration of a prefix
segment, clear the flag in the extended ip reachability TLVs.
RFCs 7794 and 8667 are not too strict on the setting / clearing the
N-flag in prefix SIDs. However, if there exists a cmd line option
to clear it, it should be cleared in the TLVs announced, as other
vendors do.
Igor Ryzhov [Fri, 7 May 2021 14:05:40 +0000 (17:05 +0300)]
ospf6d: always free redistribute config
When the ospf6 instance in unknown VRF is deleted, the redistribution
config is not freed, because it is not registered in zebra. We should
always free the config regardless of zebra registration status.
Igor Ryzhov [Mon, 17 May 2021 22:24:22 +0000 (01:24 +0300)]
ospf6d: fix "default-information originate" in non-existing vrf
If the default route redistribution is configured in OSPF6 router before
the VRF is created, then this is not currently registered in zebra after
the VRF creation.
Igor Ryzhov [Mon, 17 May 2021 22:23:35 +0000 (01:23 +0300)]
ospfd: fix "default-information originate" in non-existing vrf
If the default route redistribution is configured in OSPF router before
the VRF is created, then this is not currently registered in zebra after
the VRF creation.
Igor Ryzhov [Mon, 17 May 2021 16:35:57 +0000 (19:35 +0300)]
ripngd: fix interface wakeup after shutdown
RIPNG schedules a call to `ripng_interface_wakeup` in 1 second after
receiving the interface UP event from zebra. The function is called even
if the interface was shut down during this interval.
This is incorrect and also leads to a crash in the following scenario:
```
vtysh -c "conf" -c "router ripng vrf red" -c "network enp2s0"
ip link add red type vrf table 1
ip link set enp2s0 vrf red
ip link set enp2s0 down
ip link set enp2s0 up && sleep 2 && ip link del red
```
Igor Ryzhov [Mon, 17 May 2021 16:34:02 +0000 (19:34 +0300)]
ripd: fix interface wakeup after shutdown
RIP schedules a call to `rip_interface_wakeup` in 1 second after
receiving the interface UP event from zebra. The function is called even
if the interface was shut down during this interval.
This is incorrect and also leads to a crash in the following scenario:
```
vtysh -c "conf" -c "router rip vrf red" -c "network enp2s0"
ip link add red type vrf table 1
ip link set enp2s0 vrf red
ip link set enp2s0 down
ip link set enp2s0 up && ip link del red
```
bgpd: recalc peer's sort after changing confed peers
Currently, when AS number of an existing BGP neighbor is added in a BGP
confederation, AS_CONFED_SEQUENCE segment attribute will be missing in
prefixes advertised to the neighbor. Also, receiving prefixes from the
neighbor will be withdrawn because of "Malformed AS path from A.B.C.D".
Mark Stapp [Tue, 11 May 2021 19:57:39 +0000 (15:57 -0400)]
lib,zebra: Use a flag to track down status for connected addrs
Track 'down' state of connected addresses with a new flag. We
may have multiple addresses on an interface that share a prefix;
in those cases, we need to determine when the first address
is valid, to install a connected route, and similarly detect
when the last address goes 'down', to remove the connected
route.
Donald Sharp [Wed, 5 May 2021 03:48:17 +0000 (23:48 -0400)]
zebra: Consolidate on 1 function netlink_parse_rattr_nested
if_netlink.c created it's on nested parsing #define which
is identical to netlink_parse_rtattr_nested. Consolidate
on one instead of having this duality.
Donald Sharp [Wed, 5 May 2021 03:43:47 +0000 (23:43 -0400)]
zebra: memset the `struct rtattr *tb[SIZE]` in setting function
In order to parse the netlink message into the
`struct rtattr *tb[size]` it is assumed that the buffer is
memset to 0 before the parsing. As such if you attempt
to read a value that was not returned in the message
you will not crash when you test for it.
The code has places were we memset it and places where we don't.
This *will* lead to crashes when the kernel changes. In
our parsing routines let's have them memset instead of having
to remember to do it pre pass in to the parser.
lynne [Tue, 4 May 2021 15:06:49 +0000 (11:06 -0400)]
ospf6d: Limit the number of interface addresses being supported
The code had no limits on addresses configured on an interface running
ospf6d. The code would crash when more than 100 addresses were added.
This change limits the number of interface address to 100 if mtu is set
to the default value. If the mtu is set to a jumbo packet size or larger
we will support 200 interface addresses.
Martin Buck [Mon, 10 May 2021 20:48:32 +0000 (22:48 +0200)]
ospf6d: Send MAXAGE LS update for received old self-originated LSAs
Fixes OSPFv3-26.13 ANVL RFC conformance bug #8576 by improving the bugfix
for #7030 from 4c63a76a. That commit changed handling of received old
non-MAXAGE LSAs with a MAXAGE counterpart in the LSDB from "add all LSAs to
LSDB and flood non-self-originated ones" to "add & flood only
non-self-originated LSAs and ignore self-originated LSAs". The new behaviour
is similar but adds sending a MAXAGE LS Update for received self-originated
LSAs to remove the old LSAs from the network, resulting in "add & flood
non-self-originated LSAs, don't add but send MAXAGE LS Update for
self-originated LSAs". The missing MAXAGE LS Update is what OSPFv3-26.13
ANVL complained about.
Signed-off-by: Martin Buck <mb-tmp-tvguho.pbz@gromit.dyndns.org>
Neal Shrader [Thu, 6 May 2021 18:51:06 +0000 (14:51 -0400)]
bgpd: scope evpn specific path selection to type-2 routes
For EVPN routes, there is specific logic in place for path selection
surrounding MAC Mobility. For pure type-5 routes, if a route is
advertised with a MED, this is ignored since it ultimately falls inside
of the EVPN specific path selection logic, and ultimately selects the
lower IP address. This change ensures only type-2 routes fall into the
EVPN BGP path selection.
Javier Garcia [Thu, 22 Apr 2021 14:09:54 +0000 (16:09 +0200)]
pathd. Pathd TED support . Documentation update - [part 4/4]
- As an example of pathd and igp (ospfd) config:
! igp ospfv2 snippet
interface eth0
ip ospf network point-to-point
!
router ospf$
mpls-te on
mpls-te export
...
!pathd snippet
segment-routing
traffic-eng
mpls-te on
mpls-te import ospfv2
segment-list sl-1
index 10 nai adjacency 10.1.2.11 10.1.2.1
index 20 nai adjacency 10.1.20.1 10.1.20.2
index 30 nai adjacency 10.2.5.2 10.2.5.5
!
policy color 5 endpoint 10.10.10.5
name five
binding-sid 5555
candidate-path preference 600 name cp51 explicit segment-list sl-1
candidate-path preference 500 name cp52-dyn dynamic
Signed-off-by: Javier Garcia <javier.garcia@voltanet.io>
Javier Garcia [Thu, 22 Apr 2021 14:04:42 +0000 (16:04 +0200)]
pathd. TED support . Validation of candidate path - [part 2/4]
- Explicit segment list nai will be resolved to corresponded sid.
- Dynamic segment list (from pce) will be validated.
- If segment list could not be resolved or validated won't be used.
- Now this new config is supported
segment-list sl-1
index 10 nai prefix 10.1.2.1/32 iface 1
index 30 nai adjacency 10.2.5.2 10.2.5.5
index 40 nai prefix 10.10.10.5/32 algorithm 0
Signed-off-by: Javier Garcia <javier.garcia@voltanet.io>
projects / mirror / frr.git / log