Igor Ryzhov [Fri, 8 Oct 2021 21:22:31 +0000 (00:22 +0300)]
lib: set type for newly created interfaces
Currently, the ll_type is set only in `netlink_interface` which is
executed only during startup. If the interface is created when the FRR
is already running, the type is not stored.
Igor Ryzhov [Fri, 1 Oct 2021 14:25:57 +0000 (17:25 +0300)]
vtysh: fix node walkup
The current code executes either "exit" or "end" once - so vtysh switches
either to the parent node or straight to the config node. But sometimes,
we need to exit to the grandparent node, which is not the config node.
Another issue is that some nodes are completely missing in this long
checklist, for example, BFD peer and profile nodes.
Instead of doing all this special checking, we should just always exit
the exact number of times we need - it is stored in "tried" variable.
David Lamparter [Mon, 27 Sep 2021 08:33:33 +0000 (10:33 +0200)]
pimd: fix UAF/heap corruption in BSM code
This `XFREE()` call is in plainly in the wrong spot. `rp_all` (the
224.0.0.0/4 entry) isn't supposed to be free'd ever, and the
conditional above makes quite clear that it remains in use.
It may be possible to exploit this as a heap corruption bug, maybe even
as RCE. I haven't tried; I randomly noticed this while working on the
BSM code. Luckily this code is only run by the CLI for the clear
command, so the surface is very small.
Igor Ryzhov [Wed, 15 Sep 2021 19:45:23 +0000 (22:45 +0300)]
bgpd: fix memory leaks when using route-maps
There are places where we use route-maps using duplicated attributes and
neither intern nor flush them after the usage. If a route-map has set
rules for aspath/communities, they will be allocated and never freed.
We should always flush unneeded duplicated attributes.
introduced the idea of v6 LL using interface up/down events
instead of nexthop resolution to know when a peering should
happen or not. This above commit left a hole where if the remote
peer connected to this bgp, the bgp code would still believe
the peering is down. Modify the code to double check and
ensure that we have proper v6 LL resolution flags set.
Igor Ryzhov [Wed, 8 Sep 2021 18:06:44 +0000 (21:06 +0300)]
bgpd: fix default-originate route-map processing
When processing a route-map for default-originate, we actually want to
match by attributes in routes from the RIB, but set attributes in the
newly originated route. Currently, it's not the case. Instead, we
construct a dummy path combining attributes from both routes, and we end
up with multiple problems:
- match by as-path doesn't work
- communities from the matched RIB route are copied to the newly
originated route
- we corrupt the RIB routes
To fix the issue, we should use the new route-map API that allows using
separate match/set objects.
David Lamparter [Mon, 28 Jun 2021 14:29:56 +0000 (16:29 +0200)]
ospf6d: don't create Adv-ID:0.0.0.0 LSAs at start
When ospf6d comes up, it gets interface and address state before it
decides on its router ID. This results in a bunch of LSAs with
advertising router ID 0.0.0.0 in the LSDB. Not quite right.
There's a whole bunch of paths leading to this, so just drop the LSA in
ospf6_lsa_originate. The router-ID change causes everything to be
readvertised anyway (... but the delete doesn't catch the 0.0.0.0 stuff
because the router-ID is now different.)
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
ospfd: Summary LSA is not originated when process is reset
Problem Statement:
==================
Summary LSA is not originated when router-id is modified or process is reset
Root Cause Analysis:
====================
When router-id is modified or process is cleared, all the external LSAs are
flushed then LSA is re-originated using ospf_external_lsa_rid_change
When the LSAs are flushed, the aggregate flags are not reset.
Fix:
===============
Reset the aggregation flag when the LSAs
are flushed.
ospfd: Memory Leak seen at show_ip_ospf_neighbor_all_common.
Problem Statement:
==================
Memory Leak seen at show_ip_ospf_neighbor_all_common (ospf_vty.c:4635)
RCA:
=================
In function show_ip_ospf_neighbor_all_common, one child json object is not
added to the parent child object when there is no nbma neighbor. Hence
the memory leak.
Fix:
=================
Add the child object to the parent json object.
Igor Ryzhov [Thu, 2 Sep 2021 12:29:18 +0000 (15:29 +0300)]
bgpd: fix bgp_get_bound_name to handle views better
The vrf socket code needs a interface/vrf name to be passed
in, in order for it to properly bind to the correct vrf.
In the case where bgp is using a view based instance
the bgp_get_bound_name should handle views better and
not return anything to be bound to.
Fixes #9519. Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Donald Sharp [Thu, 2 Sep 2021 00:50:31 +0000 (20:50 -0400)]
bgpd: Do not randomly generate a vrf id for -Z
When FRR added the -Z parameter the bgp daemon was setting
a vrf identifier based upon a number starting at 1. This
caused issues when we upgraded the code to the outgoing
sockets to use vrf_bind always.
FRR should never just randomly select a vrf identifier.
Let's just use VRF_DEFAULT when we are in a -Z environment.
It's a safe bet.
Fixes: #9519 Signed-off-by: Donald Sharp <sharpd@nvidia.com>
Donald Sharp [Wed, 1 Sep 2021 10:30:33 +0000 (06:30 -0400)]
ospf6d: Prevent crash of show ipv6 ospf data adv-router 0.0.0.0 linkstate-id 0.0.0.0
With this sequence of events:
eva# conf
eva(config)# router ospf6
eva(config-ospf6)# end
eva# show ipv6 ospf data adv-router 0.0.0.0 linkstate-id 0.0.0.0
OSPF6: Received signal 11 at 1630442431 (si_addr 0x0, PC 0x559dcfa3a656); aborting...
OSPF6: zlog_signal+0x18c 7fd2cc8229f77fff606775d0 /lib/libfrr.so.0 (mapped at 0x7fd2cc770000)
OSPF6: core_handler+0xe3 7fd2cc8616ad7fff606776f0 /lib/libfrr.so.0 (mapped at 0x7fd2cc770000)
OSPF6: funlockfile+0x50 7fd2cc74f1407fff60677840 /lib/x86_64-linux-gnu/libpthread.so.0 (mapped at 0x7fd2cc73b000)
OSPF6: ---- signal ----
OSPF6: ospf6_lsdb_type_show_wrapper+0x5d 559dcfa3a6567fff60677dd0 /usr/lib/frr/ospf6d (mapped at 0x559dcf9a5000)
OSPF6: show_ipv6_ospf6_database_adv_router_linkstate_id+0x1f9 559dcfa3c24a7fff60677e50 /usr/lib/frr/ospf6d (mapped at 0x559dcf9a5000)
ospfd: add dead-interval 40 if configured in show running
Problem Statement:
==================
When hello-interval is configured as 5, automatically dead interval becomes
4 times of hello i.e 20 seconds. But user wants the dead interval as
40 seconds and hello as 5 seconds. Therefore user configures it.
Now "ip ospf dead-interval 40" is not shown in "show running-config"
Therefore when user restarts the daemon, the dead interval goes back to
20 seconds and the neighbors are down.
Fix:
==================
If user configures dead-interval as 40, show it in show running config.
Quentin Young [Sun, 29 Aug 2021 23:33:34 +0000 (19:33 -0400)]
docker: build libyang2 along with FRR
Alpine images have been broken for some time because libyang2 is not
available in Alpine. This patch updates our Dockerfile to build a
libyang2 APK and install it into the image to satisfy FRR's libyang2
dependency.
Unfortunately, libyang2 erroneously includes an internal header from
glibc, making it dependent on glibc to build. FRR's official Docker
images are based on Alpine, which only offers musl libc. Until libyang2
fixes this problem, the libyang2 source that is installed in this image
is a patched version that is compatible with musl libc and not an
official version.
Modified the zapi send receive of the c-bit to only
be under the HAVE_BFDD. If you are using ptm-bfd
then the decoder function still expects this to be
sent down. This commit puts this behavior back
Martin Winter [Fri, 27 Aug 2021 08:32:04 +0000 (10:32 +0200)]
FRRouting Release 8.0.1
Bugfix Release
bgpd:
- associate correct nexthop when using peer link-local [9146]
- BGP dampening JSON fixes [9151]
- bgp_packet_process_error can access peer after deletion [9356]
- Call bgp_dest_unlock_node() inside bgp_adj_in_remove() [9168]
- Clear capabilities field when resetting a bgp neighbor [9263]
- Do not check for NULL values for vni_hash_cmp() [9171]
- Do not delete peer_af structure when deactivating peer-group from an
address-family [9145]
- Don't forget bgp_dest_unlock_node for bgp_static_set() [9160]
- Drop double-pointer for bgp_damp_info_free() [9230]
- Drop unnecessary chars for filtered reason [9152]
- Ensure v6 LL address is available before establishing peering [9141]
- Extended community bandwidth fixes [9407]
- Fix bgp routes filtering by [large]community-list [9358]
- Fix crash in "clear ip bgp dampening <prefix>" [9226]
- fix double free in dampening code (fixes crash in dampening) [9223]
- fix missing damp info free when cleaning bgp path [9245]
- fix missing list add in dampening [9233]
- fix update-source for ipv6 [9501]
- Fix rpki spacing to be 1 for indentation [9127]
- Force process networks on VRF creation [9136]
- hash compare functions never receive null values [9170]
- limit the length of opaque data sent to zebra [9311]
- Mark the node as the correct type for bgp ipv6 unicast [9221]
- nht unresolved with global address next-hop [9142]
- prevent routes loop through itself [9155]
- Reflect changes to pfxSnt when using default-originate [9149]
- Set extended msg size only if we advertised and received
capability [9257]
- Stop prepending peer-as if self-originated and last AS
configured [9398]
- Unlock bgp_dest for bgp_distance_unset if distance does not
match [9161]
- Use strict AS4 capability when processing parsing/generating
pkts [9266]
- per-peer dampening revert [9320]
fabricd:
- fix running config [9132]
isisd:
- argv fixes [9177]
- fix extra space in the mpls-te config output [9139]
- fix setting of the attached bit [9147]
- fix uninitialized variable when searching for LSP [9137]
- update interface_link_params callback to check for change [9173]
lib:
- fix interface configuration after vrf change [9172]
- fix prefix-list duplication check [9425]
- remove vrf-interface config when removing the VRF [9122]
- Scan lib/resolver.c only when c-ares is installed [9415]
- Preserve user-configured VRF on netns deletion [9277]
nhrp:
- fix display of nhs command [9279]
ospf6d:
- always generate default route for stubs [9154]
- Check the cost only when asbr_present for ECMP routes [9359]
- consistent checksum JSON output [9119]
- fix argument processing in the "area ... range" command [9296]
- fix backlink check [9125]
- fix route-map config changed, not getting applied on all types of
routes [9118]
- fix "show ipv6 ospf6 neighbor" command [9121]
- Max aged LSAs are not getting deleted from DB [9117]
- redistribute command minor fixes [9124]
- Release last dbdesc packet after router dead interval [9134]
- Drop LSA with bad seqnumber [9123]
- use per-vrf router id instead of one global [9140]
ospfd:
- don't exit when VRF socket is not created [9208]
- explicitly exit from the router configuration node [9421]
- fix external lsa handling in opaque capabilities
enable/disable [9135]
- fix initialization when vrf doesn't exist yet [9423]
- fix "no ip ospf passive" command [9268]
- fix ospfd crash while giving 'clear ip ospf neighbor' [9153]
- ospf redistribute originating LSA internal connected routes [9392]
- show ip ospf route json does not shown metric and tag [9130]
- Summarised External LSA is not flushed in one scenario [9433]
- update interface_link_params callback to check for
change [9173]
pathd:
- a couple of cli/doc fixes [9329]
- don't use localtime [9156]
- fix pcep node-entering commands [9409]
pimd:
- fix IGMP VRF handling and PIM RP Prefix-list matching [9186]
- make show ip mroute output consistent [9386]
- memory leak fix and issue fix [9297]
ripd:
- fix authentication key length [9267]
staticd:
- fix bug of Null0 wrongly converted into blackhole in running config
[9144]
tools:
- add mac access-list context to frr-reload.py [9131]
- limit bgp route-maps to direct changes only during reload [9138]
- make frr-reload recognize pbr table range lines as single-line
contexts [9133]
vtysh:
- another take at "enable" in vtysh user mode [9183]
- Handle end/enable commands better when in -u for vtysh [9128]
- fix exit from link-params and pseudowire nodes [9157]
zebra:
- bugfix of error quit of zebra, due to no nexthop ACTIVE [9275]
- clean up nhg allocations in error path [9387]
- fix a couple of coverity warnings [9169]
- fix ifp pointer for groups/recursives [9150]
- Fix pseudowires with backup nexthops [9174]
- Prevent memory leak if route is rejected early [9351]
- remove checks for src address existence when using "set src" [9278]
- Remove unrelated info from evpn rmac json output [9129]
- trigger remove all access vlans info for access port [9159]
- Preserve user-configured VRF on netns deletion [9277]
build:
- fix LDFLAGS confusion & gcov [9158]
doc:
- bump sphinx version to 4.0.2, remove deprecated API, fix developer
docs not built [9270]
- fix bgp user doc colons [9276]
- Fix code-block display for example shell commands [9274]
- move ospf6 area commands to the appropriate section [9377]
- Replace typo BANDIWDTH to BANDWIDTH [9406]
redhat:
- Install frr.conf only if no per daemon config exists[9349]
snapcraft:
- Snap update to 18.04 base [9430]
Signed-off-by: Martin Winter <mwinter@opensourcerouting.org>
Philippe Guibert [Tue, 17 Aug 2021 14:43:37 +0000 (16:43 +0200)]
bgpd: imported evpn rt5 routes copy igpmetric
when doing BGP over an IGP platform, the expectation is that
the path calculation for a given prefix takes into account the
igpmetric given by IGP.
This is true with prefixes obtained in a given BGP instance where
peering occurs. For instance, ipv4 unicast entries or l2vpn evpn
entries work this way. The igpmetric is obtained through nexthop
tracking, like below:
however, for imported EVPN RT5 entries, the igpmetric was not
copied from the parent path info. Fix it. In this way, the
imported route entries use the igpmetric of the parent pi.
David Lamparter [Tue, 18 May 2021 11:55:48 +0000 (13:55 +0200)]
pimd: fix PtP address handling
When we have a "192.0.2.1 peer 192.0.2.2/32" address on an interface, we
need to (a) recognize the local address as being on the link for our own
packets, and (b) do the IGMP socket lookup with the proper local address
rather than the peer prefix.
Fixes: efe6f18 ("pimd: fix IGMP receive handling") Cc: Nathan Bahr <nbahr@atcorp.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
(cherry picked from commit a2810d30256e8de250b9e0fdc274fc4852c7877c)
David Lamparter [Tue, 20 Apr 2021 04:11:57 +0000 (06:11 +0200)]
lib, pimd: add address match mode to prefix lists
... the PIM code is kinda misusing prefix lists to match addresses.
Considering the weird semantics of access-lists, I can't fault it.
However, prefix lists aren't great at matching addresses by default,
since they try to match the prefix length too. So, here's an "address
match mode" for prefix lists to get that to work more reasonably.
ospfd: Summarised External LSA is not flushed in one scenario
Fix CI Failure test_ospf_type5_summary_tc45_p0
Problem Statement:
==================
Summarised LSA is not flushed in OSPFv2 in below scenario:
1. Configure summary-address in ospfv2
2. redistribute static and connected.
3. Check the LSAs are received on neighbor.
4. Now remove all OSPFv2 configs, so neighbor will still have the summarised LSA.
5. Configure router ospf with redistribute static and connected.
6. Check the DB, summarised LSA is present although the configuration is not present.
7. Now configure the summary-address and remove the configuration after sometime.
8. The summarised LSA will be still present.
RCA:
==================
When self originated LSA is received from the neighbor and that
LSA is summarised one, the LSA is refreshed but a flag is not set
due to which it was not able to remove it later.
Fix:
==================
Set the originated flag when refreshing summarised LSA.
Igor Ryzhov [Tue, 10 Aug 2021 18:46:37 +0000 (21:46 +0300)]
lib: fix prefix-list duplication check
Currently, when we check the new prefix-list entry for duplication, we
only take filled in fields into account and ignore optional fields.
For example, if we already have `ip prefix-list A 0.0.0.0/0 le 32` and
we try to add `ip prefix-list A 0.0.0.0/0`, it is treated as duplicate.
We should always compare all prefix-list fields when doing the check.
Igor Ryzhov [Thu, 12 Aug 2021 12:49:54 +0000 (15:49 +0300)]
ospfd: fix initialization when vrf doesn't exist yet
There are a couple of things that are not initialized if the OSPF router
is created in a non-existent VRF:
- ospf_lsa_maxage_walker
- ospf_lsa_refresh_walker
- ospf_opaque_type11_lsa_init
Rearrange some code to always initialize them and make it easier to find
similar problems in the future.
Igor Ryzhov [Thu, 12 Aug 2021 16:07:53 +0000 (19:07 +0300)]
bgpd: fix segfault when re-adding "match evpn default-route" rule
When using "match evpn default-route" rule, match_arg is NULL and strcmp
is not happy with that. There's already a special function named rulecmp
that handles such situations.
Igor Ryzhov [Tue, 17 Aug 2021 12:36:55 +0000 (15:36 +0300)]
ospfd: explicitly exit from the router node
There's a new "mpls ldp-sync" command added to the OSPF router node in
FRR 8.0. This change broke the following config:
```
router ospf
!
mpls ldp
discovery hello interval 10
!
```
The config was broken because the "mpls ldp" line is now treated as an
"mpls ldp-sync" line inside the router node. We must explicitly print
"exit" at the end of OSPF router node to fix the issue.
Igor Ryzhov [Wed, 11 Aug 2021 14:46:31 +0000 (17:46 +0300)]
vtysh, pathd: fix pcep node-entering commands
pce-config, pce and pcc node-entering commands in vtysh include no-form,
which is incorrect. Currently, when user passes a no-form command like
`no pcc`, vtysh enters the node while pathd deletes the node and this
leads to a desynchronization.
Regular and no-form commands should be defined separately to fix this.
Don Slice [Wed, 11 Aug 2021 12:45:23 +0000 (08:45 -0400)]
bgpd: Stop prepending peer-as if self-originated and lastas configured
Problem seen where if "set aspath-prepend last-as" configured and
applied outbound, we prepend the peer's asn which causes our self-
originated routes to be denied.
projects / mirror / frr.git / log