| Age | Commit message (Collapse) | Author |
|---|
|
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
(cherry picked from commit de90b70e65ac7750540a7a9d353d3b3bf4df6fe2)
|
|
draft-uttaro-idr-bgp-oad says:
Extended communities which are non-transitive across an AS boundary MAY be
advertised over an EBGP-OAD session if allowed by explicit policy configuration.
If allowed, all the members of the OAD SHOULD be configured to use the same
criteria.
For example, the Origin Validation State Extended Community, defined as
non-transitive in [RFC8097], can be advertised to peers in the same OAD.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
(cherry picked from commit f2759c46ceda2a5f13b40213381baf71997b6b87)
# Conflicts:
# bgpd/bgp_route.c
|
|
zebra: fix evpn svd hash avoid double free (backport #17991)
|
|
bgpd: fix route-distinguisher in vrf leak json cmd (backport #17992)
|
|
For auto configured value RD value comes as NULL,
switching back to original change will ensure to cover
for both auto and user configured RD value in JSON.
tor-11# show bgp vrf blue ipv4 unicast route-leak json
{
"vrf":"blue",
"afiSafi":"ipv4Unicast",
"importFromVrfs":[
"purple"
],
"importRts":"10.10.3.11:6",
"exportToVrfs":[
"purple"
],
"routeDistinguisher":"(null)", <<<<<
"exportRts":"10.10.3.11:10"
}
Signed-off-by: Chirag Shah <chirag@nvidia.com>
(cherry picked from commit 892704d07f5286464728720648ad392b485a9966)
|
|
Upon zebra shutdown hash_clean_and_free is called
where user free function is passed,
The free function should not call hash_release
which lead to double free of hash bucket.
Fix:
The fix is to avoid calling hash_release from
free function if its called from hash_clean_and_free
path.
10 0x00007f0422b7df1f in free () from /lib/x86_64-linux-gnu/libc.so.6
11 0x00007f0422edd779 in qfree (mt=0x7f0423047ca0 <MTYPE_HASH_BUCKET>,
ptr=0x55fc8bc81980) at ../lib/memory.c:130
12 0x00007f0422eb97e2 in hash_clean (hash=0x55fc8b979a60,
free_func=0x55fc8a529478 <svd_nh_del_terminate>) at
../lib/hash.c:290
13 0x00007f0422eb98a1 in hash_clean_and_free (hash=0x55fc8a675920
<svd_nh_table>, free_func=0x55fc8a529478 <svd_nh_del_terminate>) at
../lib/hash.c:305
14 0x000055fc8a5323a5 in zebra_vxlan_terminate () at
../zebra/zebra_vxlan.c:6099
15 0x000055fc8a4c9227 in zebra_router_terminate () at
../zebra/zebra_router.c:276
16 0x000055fc8a4413b3 in zebra_finalize (dummy=0x7fffb881c1d0) at
../zebra/main.c:269
17 0x00007f0422f44387 in event_call (thread=0x7fffb881c1d0) at
../lib/event.c:2011
18 0x00007f0422ecb6fa in frr_run (master=0x55fc8b733cb0) at
../lib/libfrr.c:1243
19 0x000055fc8a441987 in main (argc=14, argv=0x7fffb881c4a8) at
../zebra/main.c:584
Signed-off-by: Chirag Shah <chirag@nvidia.com>
(cherry picked from commit 1d4f5b9b19588d77d3eaf06440c26a8c974831a3)
|
|
bgpd: With suppress-fib-pending ensure withdrawal is sent (backport #17971)
|
|
When you have suppress-fib-pending turned on it is possible
to end up in a situation where the prefix is not withdrawn
from downstream peers.
Here is the timing that I believe is happening:
a) have 2 paths to a peer.
b) receive a withdrawal from 1 path, set BGP_NODE_FIB_INSTALL_PENDING
and send the route install to zebra.
c) receive a withdrawal from the other path.
d) At this point we have a dest->flags set BGP_NODE_FIB_INSTALL_PENDING
old_select the path_info going away, new_select is NULL
e) A bit further down we call group_announce_route() which calls
the code to see if we should advertise the path. It sees the
BGP_NODE_FIB_INSTALL_PENDING flag and says, nope.
f) the route is sent to zebra to withdraw, which unsets the
BGP_NODE_FIB_INSTALL_PENDING.
g) This function winds up and deletes the path_info. Dest now
has no path infos.
h) BGP receives the route install(from step b) and unsets the
BGP_NODE_FIB_INSTALL_PENDING flag
i) BGP receives the route removed from zebra (from step f) and
unsets the flag again.
We know if there is no new_select, let's go ahead and just
unset the PENDING flag to allow the withdrawal to go out
at the time when the second withdrawal is received.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
(cherry picked from commit 4e8eda74ec7d30ba84e7f53f077f4b896728505a)
|
|
tools: Fix frr-reload for ebgp-multihop TTL reconfiguration. (backport #17946)
|
|
In ebgp-multihop, there is a difference in reload behavior when TTL is
unspecified (meaning default 255) and when 255 is explicitly specified.
For example, when reloading with 'neighbor <neighbor> ebgp-multihop
255' in the config, the following difference is created. This commit
fixes that.
Lines To Delete
===============
router bgp 65001
no neighbor 10.0.0.4 ebgp-multihop
exit
Lines To Add
============
router bgp 65001
neighbor 10.0.0.4 ebgp-multihop 255
exit
The commit 767aaa3a8048 is not sufficient and frr-reload needs to be
fixed to handle both unspecified and specified cases.
Signed-off-by: Nobuhiro MIKI <nob@bobuhiro11.net>
(cherry picked from commit 594e917656da5502b302309aed3cf596df24713f)
|
|
opensourcerouting/fix/revert_4338e21aa2feba57ea7004c36362e5d8186340b8_10.0
Revert "bgpd: Handle Addpath capability using dynamic capabilities" (backport)
|
|
This reverts commit 05cf9d03b345393b8d63ffe9345c42debd8362b6.
TL;DR; Handling BGP AddPath capability is not trivial (possible) dynamically.
When the sender is AddPath-capable and sends NLRIs encoded with AddPath ID,
and at the same time the receiver sends AddPath capability "disable-addpath-rx"
(flag update) via dynamic capabilities, both peers are out of sync about the
AddPath state. The receiver thinks already he's not AddPath-capable anymore,
hence it tries to parse NLRIs as non-AddPath, while they are actually encoded
as AddPath.
AddPath capability itself does not provide (in RFC) any mechanism on backward
compatible way to handle NLRIs if they come mixed (AddPath + non-AddPath).
This explains why we have failures in our CI periodically.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
|
|
bgpd: Fix for local interface MAC cache issue in 'bgp mac hash' table (backport #17888)
|
|
Issue:
During FRR restart, we fail to add some of the local interface's MAC
to the 'bgp mac hash'. Not having local MAC in the hash table can cause
lookup issues while receiving EVPN RT-2.
Currently, we have code to add local MAC(bgp_mac_add_mac_entry) while handling
interface add/up events in BGP(bgp_ifp_up/bgp_ifp_create). But the code
'bgp_mac_add_mac_entry' in bgp_ifp_create is not getting invoked as it
is placed under a specific check(vrf->bgp link check).
Fix:
We can skip this check 'vrf->bgp link existence' as the tenant VRF might
not have BGP instance but still we want to cache the tenant VRF local
MACs. So keeping this check in bgp_ifp_create inline with bgp_ifp_up.
Ticket: #4204154
Signed-off-by: Krishnasamy R <krishnasamyr@nvidia.com>
(cherry picked from commit 016528364e686fb3b23a688707bd6ae6c5ea5f41)
|
|
bgpd: use igpmetric in bgp_aigp_metric_total() (backport #17813)
|
|
Use igpmetric from bgp_path_info in bgp_igp_metric_total() to be
consistent with all other cases, e.g., as in bgp_path_info_cmp().
Signed-off-by: Enke Chen <enchen@paloaltonetworks.com>
(cherry picked from commit b89e66a3bcd5644278f34ec5899b071066e102a1)
|
|
bgpd: fix crash in displaying json orf prefix-list (backport #17807)
|
|
bgpd crashes when there is several entries in the prefix-list. No
backtrace is provided because the issue was catched from a code review.
Fixes: 856ca177c4 ("Added json formating support to show-...-neighbors-... bgp commands.")
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
(cherry picked from commit 8ccf60921b85893d301186a0f8156fb702da379f)
|
|
0x<address>FX was displayed instead of the prefix.
Fixes: b219dda129 ("lib: Convert usage of strings to %pFX and %pRN")
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
(cherry picked from commit b7e843d7e8afe57d3815dbb44e30307654e73711)
|
|
isisd: Allow full `no` form for `domain-password` and `area-password` (backport #17725)
|
|
bgpd: fix a bug in peer_allowas_in_set() (backport #17780)
|
|
Before:
```
LR1.wue3(config)# router isis VyOS
LR1.wue3(config-router)# no area-password clear
% Unknown command: no area-password clear
LR1.wue3(config-router)# no area-password clear foo
% Unknown command: no area-password clear foo
LR1.wue3(config-router)#
```
Closes https://github.com/FRRouting/frr/issues/17722
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
(cherry picked from commit a696547d6c78d4140649f96d6bef9a335fe5dfa5)
|
|
Fix a bug in peer_allowas_in_set() so that the config takes effect
for peer-group members.
Signed-off-by: Enke Chen <enchen@paloaltonetworks.com>
(cherry picked from commit bcd10177940223d86cbcfbe1818b2a0b29e0552b)
|
|
tools: Add missing rpki keyword to vrf in frr-reload (backport #17750)
|
|
When reloading the following configuration:
```
vrf red
rpki
rpki cache tcp 172.65.0.2 8282 preference 1
exit
exit-vrf
```
frr-reload.py does not properly enter the `rpki` context
within a `vrf`. Because of this, it fails to apply RPKI
configurations.
Signed-off-by: Jonathan Voss <jvoss@onvox.net>
(cherry picked from commit 975ee8ed6eb22f68538f3446b29ca34d65bec72f)
|
|
isisd: Show correct level information for `show isis interface detail json` (backport #17732)
|
|
Having this configuration:
```
!
interface r1-eth0
ip address 10.0.0.1/30
ip router isis 1
isis priority 44 level-1
isis priority 88 level-2
isis csnp-interval 90 level-1
isis csnp-interval 99 level-2
isis psnp-interval 70 level-1
isis psnp-interval 50 level-2
isis hello-interval level-1 120
isis hello-interval level-2 150
!
interface r1-eth1
ip address 10.0.0.10/30
ip router isis 1
!
interface lo
ip address 192.0.2.1/32
ip router isis 1
isis passive
!
router isis 1
net 49.0000.0000.0000.0001.00
metric-style wide
```
Produces:
```
{
"areas":[
{
"area":"1",
"circuits":[
{
"circuit":2,
"interface":{
"name":"r1-eth0",
"state":"Up",
"is-passive":"active",
"circuit-id":"0x2",
"type":"lan",
"level":"L1L2",
"snpa":"6e28.9c92.da5e",
"levels":[
{
"level":"L1",
"metric":10,
"active-neighbors":1,
"hello-interval":120,
"holddown":{
"count":10,
"pad":"yes"
},
"cnsp-interval":90,
"psnp-interval":70,
"lan":{
"priority":44,
"is-dis":"no"
}
},
{
"level":"L2",
"metric":10,
"active-neighbors":1,
"hello-interval":120, <<<<<<<<<<<<<<<<<<
"holddown":{
"count":10,
"pad":"yes"
},
"cnsp-interval":90, <<<<<<<<<<<<<<<<<<
"psnp-interval":70, <<<<<<<<<<<<<<<<<<
"lan":{
"priority":44, <<<<<<<<<<<<<<<<<<
"is-dis":"no"
}
}
],
...
```
Fixes: 9fee4d4c6038ef6b14e9f509d6b04d189660c4cd ("isisd: Add json to show isis interface command.")
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
(cherry picked from commit 360a0d6f4ca68fda0eb5d64a8633018a3b5a4a1d)
|
|
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
|
|
opensourcerouting/fix/backport_b6dcf618777bb7a11176617d647e16ab64f49b7b_10.0
bgpd: Fix `enforce-first-as` per peer-group removal (backport)
|
|
If we do `no neighbor PG enforce-first-as`, it wasn't working because the flag
was inherited incorrectly for the members of the peer-group.
Fixes: 322462920e2a2c8b73191c6eb5157d64cf4a593e ("bgpd: Enable enforce-first-as by default")
Closes: https://github.com/FRRouting/frr/issues/17702
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
|
|
opensourcerouting/fix/backport_b0800bfdf04b4fcf48504737ebfe4ba7f05268d3
bgpd: Validate only affected RPKI prefixes instead of a full RIB (backport)
|
|
bgpd: fix memory leak when reconfiguring a route distinguisher (backport #17669)
|
|
Before this fix, if rpki_sync_socket_rtr socket returns EAGAIN, then ALL routes
in the RIB are revalidated which takes lots of CPU and some unnecessary traffic,
e.g. if using BMP servers. With a full feed it would waste 50-80Mbps.
Instead we should try to drain an existing pipe (another end), and revalidate
only affected prefixes.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
|
|
A memory leak happens when reconfiguring an already configured route
distinguisher on an L3VPN BGP instance. Fix this by freeing the previous
route distinguisher.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
(cherry picked from commit 0dd96287dda22b79ef6d7424f4e1a8dc92959f92)
|
|
bgpd: Fix memory leak when creating BMP connection with a source interface (backport #17675)
|
|
Testing done with:
```
for x in $(seq 1 100000); do vtysh -c 'conf' -c 'router bgp' -c 'bmp targets test' -c 'bmp connect localhost port 123 min-retry 100 max-retry 100 source-interface lo'; done
```
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
(cherry picked from commit 7d19cb59cf5b129f61f3c568899343b3f031f9b4)
|
|
lib: Take ge/le into consideration when checking the prefix with the prefix-list (backport #17615)
|
|
Without the fix:
```
show ip prefix-list test_1 10.20.30.96/27 first-match
<no result>
show ip prefix-list test_2 192.168.1.2/32 first-match
<no result>
```
With the fix:
```
ip prefix-list test_1 seq 10 permit 10.20.30.64/26 le 27
!
end
donatas# show ip prefix-list test_1 10.20.30.96/27
seq 10 permit 10.20.30.64/26 le 27 (hit count: 1, refcount: 0)
donatas# show ip prefix-list test_1 10.20.30.64/27
seq 10 permit 10.20.30.64/26 le 27 (hit count: 2, refcount: 0)
donatas# show ip prefix-list test_1 10.20.30.64/28
donatas# show ip prefix-list test_1 10.20.30.126/26
seq 10 permit 10.20.30.64/26 le 27 (hit count: 3, refcount: 0)
donatas# show ip prefix-list test_1 10.20.30.126/30
donatas#
```
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
(cherry picked from commit dd4c2acc2e871283256f6cea16ede6d2d7f72dfe)
|
|
opensourcerouting/fix/backport_9b0b9282d317a9aeab36d9a8b08a35fe9a172c4b_10.0
bgpd: Fix bgp core with a possible Intf delete (backport)
|
|
Although trigger unknown, based on the backtrace in one of the internal
testing, we do see some delete in the Intf where we can have the peer
ifp pointer null and we try to dereference it while trying to install
the route leading to a crash
Skip updating the ifindex in such cases and since the nexthop is not
properly updated, BGP skips sending it to zebra.
BackTrace:
0 0x00007faef05e7ebc in ?? () from /lib/x86_64-linux-gnu/libc.so.6
1 0x00007faef0598fb2 in raise () from /lib/x86_64-linux-gnu/libc.so.6
2 0x00007faef09900dc in core_handler (signo=11, siginfo=0x7ffdde8cb4b0, context=<optimized out>) at lib/sigevent.c:274
3 <signal handler called>
4 0x00005560aad4b7d8 in update_ipv6nh_for_route_install (api_nh=0x7ffdde8cbe94, is_evpn=false, best_pi=0x5560b21187d0, pi=0x5560b21187d0, ifindex=0, nexthop=0x5560b03cb0dc,
nh_bgp=0x5560ace04df0, nh_othervrf=0) at bgpd/bgp_zebra.c:1273
5 bgp_zebra_announce_actual (dest=dest@entry=0x5560afcfa950, info=0x5560b21187d0, bgp=0x5560ace04df0) at bgpd/bgp_zebra.c:1521
6 0x00005560aad4bc85 in bgp_handle_route_announcements_to_zebra (e=<optimized out>) at bgpd/bgp_zebra.c:1896
7 0x00007faef09a1c0d in thread_call (thread=thread@entry=0x7ffdde8d7580) at lib/thread.c:2008
8 0x00007faef095a598 in frr_run (master=0x5560ac7e5190) at lib/libfrr.c:1223
9 0x00005560aac65db6 in main (argc=<optimized out>, argv=<optimized out>) at bgpd/bgp_main.c:557
(gdb) f 4
4 0x00005560aad4b7d8 in update_ipv6nh_for_route_install (api_nh=0x7ffdde8cbe94, is_evpn=false, best_pi=0x5560b21187d0, pi=0x5560b21187d0, ifindex=0, nexthop=0x5560b03cb0dc,
nh_bgp=0x5560ace04df0, nh_othervrf=0) at bgpd/bgp_zebra.c:1273
1273 in bgpd/bgp_zebra.c
(gdb) p pi->peer->ifp
$26 = (struct interface *) 0x0
Ticket :#4203904
Signed-off-by: Rajasekar Raja <rajasekarr@nvidia.com>
|
|
opensourcerouting/fix/backport_12a9ca4de6c781b061cccdf3e793346e23558901_10.0
bgpd: fix unconfigure asdot neighbor (backport)
|
|
The below command is not successfull on an existing as dot peer
> no neighbor 10.0.0.2 remote-as 1.1
> % Create the peer-group or interface first
Handle the case where the remote-as argument can be an ASNUM.
Fixes: 8079a4138d61 ("lib, bgp: add initial support for asdot format")
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
|
pimd: Fix access-list memory leak in pimd (backport #17518)
|
|
zebra: separate zebra ZAPI server open and accept (backport #17313)
|
|
Reset access-lists in pimd on terminate
Signed-off-by: Corey Siltala <csiltala@atcorp.com>
(cherry picked from commit d21a993f16dc23df6a1f1a7c81e9f562446437a0)
|
|
Separate zebra's ZAPI server socket handling into two phases:
an early phase that opens the socket, and a later phase that
starts listening for client connections.
Signed-off-by: Mark Stapp <mjs@cisco.com>
(cherry picked from commit 506097a1b96974c261411edd25330ceaf90fa3db)
|
|
bgpd: fix use single whitespace when displaying flowspec entries (backport #17510)
|
|
There is an extra space in the 'Displayed' line of show bgp command,
that should not be present.
Fix this by being consistent with the output of the other address
families.
Fixes: ("a1baf9e84f71") bgpd: Use single whitespace when displaying show bgp summary
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
(cherry picked from commit 561debab5430ac85e8e42e839312d213479a767a)
|
|
bgpd: fix version attribute is an int, not a string (backport #17506)
|
|
The json display of the version attribute is originally an
integer. It has changed, most probably mistakenly.
> {
> "vrfId": 7,
> "vrfName": "vrf1",
> "tableVersion": 3,
> "routerId": "192.0.2.1",
> "defaultLocPrf": 100,
> "localAS": 65500,
> "routes": {
> "172.31.0.1/32": {
> "prefix": "172.31.0.1/32",
> "version": "1", <--- int or string ??
Let us fix it, by using the integer display instead.
Fixes: f9f2d188e398 ("bgpd: fix 'json detail' output structure")
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
(cherry picked from commit c5d7815cccb92c192ca6b752843b8b827a607b53)
|
