7 files changed, 328 insertions, 10 deletions
diff --git a/bgpd/bgpd.c b/bgpd/bgpd.c
index edf90d3dd8..efb2c00fa5 100644
--- a/bgpd/bgpd.c
+++ b/bgpd/bgpd.c
@@ -3988,6 +3988,7 @@ int bgp_delete(struct bgp *bgp)
 	uint32_t a_ann_cnt = 0, a_l2_cnt = 0, a_l3_cnt = 0;
 	struct bgp *bgp_to_proc = NULL;
 	struct bgp *bgp_to_proc_next = NULL;
+	struct bgp *bgp_default = bgp_get_default();
 
 	assert(bgp);
 
@@ -4041,13 +4042,26 @@ int bgp_delete(struct bgp *bgp)
 	bgp_soft_reconfig_table_task_cancel(bgp, NULL, NULL);
 
 	/* make sure we withdraw any exported routes */
-	vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN, AFI_IP, bgp_get_default(),
-			   bgp);
-	vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN, AFI_IP6, bgp_get_default(),
-			   bgp);
+	vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN, AFI_IP, bgp_default, bgp);
+	vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN, AFI_IP6, bgp_default, bgp);
 
 	bgp_vpn_leak_unimport(bgp);
 
+	/*
+	 * Release SRv6 SIDs, like it's done in `vpn_leak_postchange()`
+	 * and bgp_sid_vpn_export_cmd/af_sid_vpn_export_cmd commands.
+	 */
+	bgp->tovpn_sid_index = 0;
+	UNSET_FLAG(bgp->vrf_flags, BGP_VRF_TOVPN_SID_AUTO);
+	delete_vrf_tovpn_sid_per_vrf(bgp_default, bgp);
+	for (afi = AFI_IP; afi < AFI_MAX; afi++) {
+		bgp->vpn_policy[afi].tovpn_sid_index = 0;
+		UNSET_FLAG(bgp->vpn_policy[afi].flags, BGP_VPN_POLICY_TOVPN_SID_AUTO);
+		delete_vrf_tovpn_sid_per_af(bgp_default, bgp, afi);
+
+		vpn_leak_zebra_vrf_sid_withdraw(bgp, afi);
+	}
+
 	bgp_vpn_release_label(bgp, AFI_IP, true);
 	bgp_vpn_release_label(bgp, AFI_IP6, true);
 
diff --git a/lib/privs.c b/lib/privs.c
index b0809bf690..e7df383e5d 100644
--- a/lib/privs.c
+++ b/lib/privs.c
@@ -210,10 +210,11 @@ int zprivs_change_caps(zebra_privs_ops_t op)
 {
 	cap_flag_value_t cflag;
 
-	/* should be no possibility of being called without valid caps */
-	assert(zprivs_state.syscaps_p && zprivs_state.caps);
-	if (!(zprivs_state.syscaps_p && zprivs_state.caps))
-		exit(1);
+	/* Called without valid caps - just return. Not every daemon needs
+	 * privs.
+	 */
+	if (zprivs_state.syscaps_p == NULL || zprivs_state.caps == NULL)
+		return 0;
 
 	if (op == ZPRIVS_RAISE)
 		cflag = CAP_SET;
diff --git a/staticd/static_vty.c b/staticd/static_vty.c
index ed2805d3ea..f93e81e8dc 100644
--- a/staticd/static_vty.c
+++ b/staticd/static_vty.c
@@ -1273,8 +1273,8 @@ DEFPY_YANG(no_srv6_sid, no_srv6_sid_cmd,
 {
 	char xpath[XPATH_MAXLEN + 37];
 
-	snprintf(xpath, sizeof(xpath), FRR_STATIC_SRV6_INFO_KEY_XPATH, "frr-staticd:staticd",
-		 "staticd", VRF_DEFAULT_NAME);
+	snprintf(xpath, sizeof(xpath), FRR_STATIC_SRV6_SID_KEY_XPATH, "frr-staticd:staticd",
+		 "staticd", VRF_DEFAULT_NAME, sid_str);
 
 	nb_cli_enqueue_change(vty, xpath, NB_OP_DESTROY, NULL);
 
diff --git a/tests/topotests/bgp_srv6_sid_reachability/test_bgp_srv6_sid_reachability.py b/tests/topotests/bgp_srv6_sid_reachability/test_bgp_srv6_sid_reachability.py
index cf590ad01d..5c0b909517 100755
--- a/tests/topotests/bgp_srv6_sid_reachability/test_bgp_srv6_sid_reachability.py
+++ b/tests/topotests/bgp_srv6_sid_reachability/test_bgp_srv6_sid_reachability.py
@@ -159,6 +159,36 @@ def test_sid_reachable_again_bgp_update():
     check_ping("c11", "192.168.2.1", True, 10, 1)
 
 
+def test_sid_unreachable_no_router():
+    get_topogen().gears["r2"].vtysh_cmd(
+        """
+        configure terminal
+        no router bgp 65002 vrf vrf10
+        """
+    )
+    check_ping("c11", "192.168.2.1", False, 10, 1)
+
+
+def test_sid_reachable_again_no_router():
+    get_topogen().gears["r2"].vtysh_cmd(
+        """
+        configure terminal
+        router bgp 65002 vrf vrf10
+        bgp router-id 192.0.2.2
+        !
+         address-family ipv4 unicast
+          redistribute connected
+          sid vpn export 1
+          rd vpn export 65002:10
+          rt vpn both 0:10
+          import vpn
+          export vpn
+         exit-address-family
+        """
+    )
+    check_ping("c11", "192.168.2.1", True, 10, 1)
+
+
 if __name__ == "__main__":
     args = ["-s"] + sys.argv[1:]
     sys.exit(pytest.main(args))
diff --git a/tests/topotests/static_srv6_sids/expected_srv6_sids_sid_delete_1.json b/tests/topotests/static_srv6_sids/expected_srv6_sids_sid_delete_1.json
new file mode 100644
index 0000000000..e1a2a16afe
--- /dev/null
+++ b/tests/topotests/static_srv6_sids/expected_srv6_sids_sid_delete_1.json
@@ -0,0 +1,107 @@
+{
+	"fcbb:bbbb:1:fe10::/64": [
+		{
+			"prefix": "fcbb:bbbb:1:fe10::/64",
+			"prefixLen": 64,
+			"protocol": "static",
+			"vrfId": 0,
+			"vrfName": "default",
+			"selected": true,
+			"destSelected": true,
+			"distance": 1,
+			"metric": 0,
+			"installed": true,
+			"table": 254,
+			"internalStatus": 16,
+			"internalFlags": 9,
+			"internalNextHopNum": 1,
+			"internalNextHopActiveNum": 1,
+			"nexthops": [
+				{
+					"flags": 3,
+					"fib": true,
+					"directlyConnected": true,
+					"interfaceName": "Vrf10",
+					"active": true,
+					"weight": 1,
+					"seg6local": {
+						"action": "End.DT4"
+					},
+					"seg6localContext": {
+						"table": 10
+					}
+				}
+			]
+		}
+	],
+	"fcbb:bbbb:1:fe20::/64": [
+		{
+			"prefix": "fcbb:bbbb:1:fe20::/64",
+			"prefixLen": 64,
+			"protocol": "static",
+			"vrfId": 0,
+			"vrfName": "default",
+			"selected": true,
+			"destSelected": true,
+			"distance": 1,
+			"metric": 0,
+			"installed": true,
+			"table": 254,
+			"internalStatus": 16,
+			"internalFlags": 9,
+			"internalNextHopNum": 1,
+			"internalNextHopActiveNum": 1,
+			"nexthops": [
+				{
+					"flags": 3,
+					"fib": true,
+					"directlyConnected": true,
+					"interfaceName": "Vrf20",
+					"active": true,
+					"weight": 1,
+					"seg6local": {
+						"action": "End.DT6"
+					},
+					"seg6localContext": {
+						"table": 20
+					}
+				}
+			]
+		}
+	],
+	"fcbb:bbbb:1:fe30::/64": [
+		{
+			"prefix": "fcbb:bbbb:1:fe30::/64",
+			"prefixLen": 64,
+			"protocol": "static",
+			"vrfId": 0,
+			"vrfName": "default",
+			"selected": true,
+			"destSelected": true,
+			"distance": 1,
+			"metric": 0,
+			"installed": true,
+			"table": 254,
+			"internalStatus": 16,
+			"internalFlags": 9,
+			"internalNextHopNum": 1,
+			"internalNextHopActiveNum": 1,
+			"nexthops": [
+				{
+					"flags": 3,
+					"fib": true,
+					"directlyConnected": true,
+					"interfaceName": "Vrf30",
+					"active": true,
+					"weight": 1,
+					"seg6local": {
+						"action": "End.DT46"
+					},
+					"seg6localContext": {
+						"table": 30
+					}
+				}
+			]
+		}
+	]
+}
+\ No newline at end of file
diff --git a/tests/topotests/static_srv6_sids/expected_srv6_sids_sid_delete_2.json b/tests/topotests/static_srv6_sids/expected_srv6_sids_sid_delete_2.json
new file mode 100644
index 0000000000..b5801d354b
--- /dev/null
+++ b/tests/topotests/static_srv6_sids/expected_srv6_sids_sid_delete_2.json
@@ -0,0 +1,72 @@
+{
+	"fcbb:bbbb:1:fe10::/64": [
+		{
+			"prefix": "fcbb:bbbb:1:fe10::/64",
+			"prefixLen": 64,
+			"protocol": "static",
+			"vrfId": 0,
+			"vrfName": "default",
+			"selected": true,
+			"destSelected": true,
+			"distance": 1,
+			"metric": 0,
+			"installed": true,
+			"table": 254,
+			"internalStatus": 16,
+			"internalFlags": 9,
+			"internalNextHopNum": 1,
+			"internalNextHopActiveNum": 1,
+			"nexthops": [
+				{
+					"flags": 3,
+					"fib": true,
+					"directlyConnected": true,
+					"interfaceName": "Vrf10",
+					"active": true,
+					"weight": 1,
+					"seg6local": {
+						"action": "End.DT4"
+					},
+					"seg6localContext": {
+						"table": 10
+					}
+				}
+			]
+		}
+	],
+	"fcbb:bbbb:1:fe30::/64": [
+		{
+			"prefix": "fcbb:bbbb:1:fe30::/64",
+			"prefixLen": 64,
+			"protocol": "static",
+			"vrfId": 0,
+			"vrfName": "default",
+			"selected": true,
+			"destSelected": true,
+			"distance": 1,
+			"metric": 0,
+			"installed": true,
+			"table": 254,
+			"internalStatus": 16,
+			"internalFlags": 9,
+			"internalNextHopNum": 1,
+			"internalNextHopActiveNum": 1,
+			"nexthops": [
+				{
+					"flags": 3,
+					"fib": true,
+					"directlyConnected": true,
+					"interfaceName": "Vrf30",
+					"active": true,
+					"weight": 1,
+					"seg6local": {
+						"action": "End.DT46"
+					},
+					"seg6localContext": {
+						"table": 30
+					}
+				}
+			]
+		}
+	]
+}
+\ No newline at end of file
diff --git a/tests/topotests/static_srv6_sids/test_static_srv6_sids.py b/tests/topotests/static_srv6_sids/test_static_srv6_sids.py
index 453a30af48..cdcc6fd29e 100755
--- a/tests/topotests/static_srv6_sids/test_static_srv6_sids.py
+++ b/tests/topotests/static_srv6_sids/test_static_srv6_sids.py
@@ -78,6 +78,100 @@ def test_srv6_static_sids():
     check_srv6_static_sids(router, "expected_srv6_sids.json")
 
 
+def test_srv6_static_sids_sid_delete():
+    """
+    Remove the static SID and verify it gets removed
+    """
+    tgen = get_topogen()
+    if tgen.routers_have_failure():
+        pytest.skip(tgen.errors)
+    router = tgen.gears["r1"]
+
+    def _check_srv6_static_sids(router, expected_route_file):
+        logger.info("checking zebra srv6 static sids")
+        output = json.loads(router.vtysh_cmd("show ipv6 route static json"))
+        expected = open_json_file("{}/{}".format(CWD, expected_route_file))
+        return topotest.json_cmp(output, expected)
+
+    def check_srv6_static_sids(router, expected_file):
+        func = functools.partial(_check_srv6_static_sids, router, expected_file)
+        _, result = topotest.run_and_expect(func, None, count=15, wait=1)
+        assert result is None, "Failed"
+
+    router.vtysh_cmd(
+        """
+        configure terminal
+         segment-routing
+          srv6
+           static-sids
+            no sid fcbb:bbbb:1::/48
+        """
+    )
+
+    # FOR DEVELOPER:
+    # If you want to stop some specific line and start interactive shell,
+    # please use tgen.mininet_cli() to start it.
+
+    logger.info("Test for srv6 sids configuration")
+    check_srv6_static_sids(router, "expected_srv6_sids_sid_delete_1.json")
+
+    router.vtysh_cmd(
+        """
+        configure terminal
+         segment-routing
+          srv6
+           static-sids
+            no sid fcbb:bbbb:1:fe20::/64 locator MAIN behavior uDT6 vrf Vrf20
+        """
+    )
+
+    # FOR DEVELOPER:
+    # If you want to stop some specific line and start interactive shell,
+    # please use tgen.mininet_cli() to start it.
+
+    logger.info("Test for srv6 sids configuration")
+    check_srv6_static_sids(router, "expected_srv6_sids_sid_delete_2.json")
+
+
+def test_srv6_static_sids_sid_readd():
+    """
+    Re-add the static SID and verify the routing table
+    """
+    tgen = get_topogen()
+    if tgen.routers_have_failure():
+        pytest.skip(tgen.errors)
+    router = tgen.gears["r1"]
+
+    def _check_srv6_static_sids(router, expected_route_file):
+        logger.info("checking zebra srv6 static sids")
+        output = json.loads(router.vtysh_cmd("show ipv6 route static json"))
+        expected = open_json_file("{}/{}".format(CWD, expected_route_file))
+        return topotest.json_cmp(output, expected)
+
+    def check_srv6_static_sids(router, expected_file):
+        func = functools.partial(_check_srv6_static_sids, router, expected_file)
+        _, result = topotest.run_and_expect(func, None, count=15, wait=1)
+        assert result is None, "Failed"
+
+    router.vtysh_cmd(
+        """
+        configure terminal
+         segment-routing
+          srv6
+           static-sids
+            sid fcbb:bbbb:1::/48 locator MAIN behavior uN
+            sid fcbb:bbbb:1:fe20::/64 locator MAIN behavior uDT6 vrf Vrf20
+        """
+    )
+
+    # FOR DEVELOPER:
+    # If you want to stop some specific line and start interactive shell,
+    # please use tgen.mininet_cli() to start it.
+
+    logger.info("Test for srv6 sids configuration")
+    check_srv6_static_sids(router, "expected_srv6_sids.json")
+
+
 if __name__ == "__main__":
     args = ["-s"] + sys.argv[1:]
     sys.exit(pytest.main(args))