| Age | Commit message (Collapse) | Author |
|---|
|
bgpd: Treat the peer as not active due to BFD down only if established (backport #18562)
|
|
(backport #18562)
If we have `neighbor X bfd` and BFD status is DOWN and/or ADMIN_DOWN, and BGP
session is not yet established, we never allow the session to establish.
Let's fix this regression that was in 10.2.
Fixes: 1fb48f5 ("bgpd: Do not start BGP session if BFD profile is in shutdown state")
Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
|
|
isisd: fix srv6_sid memory leak (backport #18667)
|
|
Seen with isis_srv6_topo1 topotest.
> ==178793==ERROR: LeakSanitizer: detected memory leaks
>
> Direct leak of 56 byte(s) in 1 object(s) allocated from:
> #0 0x7f3f63cb4a57 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154
> #1 0x7f3f6366f8dd in qcalloc lib/memory.c:105
> #2 0x561b810c62b7 in isis_srv6_sid_alloc isisd/isis_srv6.c:243
> #3 0x561b8111f944 in isis_zebra_srv6_sid_notify isisd/isis_zebra.c:1534
> #4 0x7f3f637df9d7 in zclient_read lib/zclient.c:4845
> #5 0x7f3f637779b2 in event_call lib/event.c:2011
> #6 0x7f3f63642ff1 in frr_run lib/libfrr.c:1216
> #7 0x561b81018bf2 in main isisd/isis_main.c:360
> #8 0x7f3f63029d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
Fixes: 0af0f4616d ("isisd: Receive SRv6 SIDs notifications from zebra")
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
(cherry picked from commit 25c813ac382ba79270f40b85e168cdbcad499e2d)
|
|
Rpki testing and bug fix (backport #18649)
|
|
Looking at the gcov of the rpki code, I noticed
that there was some functionality that is not
covered in our test suites. Add the functionality.
Signed-off-by: Donald Sharp <donaldsharp72@gmail.com>
(cherry picked from commit dbff585b411edba20fc73b5e509ef9c1bc0697b2)
|
|
When attempting to check rpki status and the connection
has been turned off, let's check to see if we are connected
before we ask the rpki subsystem, else we will get a crash
in the rpki library.
Signed-off-by: Donald Sharp <donaldsharp72@gmail.com>
(cherry picked from commit dcf43ae009ffecf206fb8cf8896eb5cd616ba4e5)
|
|
babeld: fix incorrect type assignment in parse_request_subtlv (backport #18548)
|
|
parse_request_subtlv accesses type using fixed offset instead of current position.
Signed-off-by: zmw12306 <zmw12306@gmail.com>
(cherry picked from commit 1571607c6bcba8f6861bdb90f472fe534df78a80)
|
|
babeld: check valid babel port (backport #18583)
|
|
pimd: Fix memory leak on shutdown (backport #18526)
|
|
nhrpd: Add Hop Count Validation Before Forwarding in nhrp_peer_recv() (backport #18598)
|
|
Add checking for port == 6696.
Signed-off-by: zmw12306 <zmw12306@gmail.com>
(cherry picked from commit 6f88868f325f0269198fb8e0c00b40a7bbe0e53f)
|
|
According to [RFC 2332, Section 5.1], if an NHS receives a packet that it would normally forward and the hop count is zero, it must send an error indication back to the source and drop the packet.
Signed-off-by: zmw12306 <zmw12306@gmail.com>
(cherry picked from commit 7c877164820bfc1cd7f84b3f7529f716b0f897cd)
|
|
The gm_join_list has a setup where it attempts to only
create the list upon need and deletes it when the list
is empty. On interface shutdown it was calling the
function to empty the list but it was not empty so
the list was being left at the end. Just add a bit
of code to really clean up the list in the shutdown
case.
Direct leak of 40 byte(s) in 1 object(s) allocated from:
0 0x7f84850b83b7 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:77
1 0x7f8484c391c4 in qcalloc lib/memory.c:106
2 0x7f8484c1ad36 in list_new lib/linklist.c:49
3 0x55d982827252 in pim_if_gm_join_add pimd/pim_iface.c:1354
4 0x55d982852b59 in lib_interface_gmp_address_family_join_group_create pimd/pim_nb_config.c:4499
5 0x7f8484c6a5d3 in nb_callback_create lib/northbound.c:1512
6 0x7f8484c6a5d3 in nb_callback_configuration lib/northbound.c:1910
7 0x7f8484c6bb51 in nb_transaction_process lib/northbound.c:2042
8 0x7f8484c6c164 in nb_candidate_commit_apply lib/northbound.c:1381
9 0x7f8484c6c39f in nb_candidate_commit lib/northbound.c:1414
10 0x7f8484c6cf1c in nb_cli_classic_commit lib/northbound_cli.c:57
11 0x7f8484c72f67 in nb_cli_apply_changes_internal lib/northbound_cli.c:195
12 0x7f8484c73a2e in nb_cli_apply_changes lib/northbound_cli.c:251
13 0x55d9828bd30f in interface_ip_igmp_join_magic pimd/pim_cmd.c:5436
14 0x55d9828bd30f in interface_ip_igmp_join pimd/pim_cmd_clippy.c:6366
15 0x7f8484bb5cbd in cmd_execute_command_real lib/command.c:1003
16 0x7f8484bb5fdc in cmd_execute_command lib/command.c:1062
17 0x7f8484bb6508 in cmd_execute lib/command.c:1228
18 0x7f8484cfb6ec in vty_command lib/vty.c:626
19 0x7f8484cfbc3f in vty_execute lib/vty.c:1389
20 0x7f8484cff9f0 in vtysh_read lib/vty.c:2408
21 0x7f8484cec846 in event_call lib/event.c:1984
22 0x7f8484c1a10a in frr_run lib/libfrr.c:1246
23 0x55d9828fc765 in main pimd/pim_main.c:166
24 0x7f848470c249 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
(cherry picked from commit 521b58945ca5c8c75ccdb1f7f1cb9e2eb10ab83f)
|
|
pimd: Initialize gm proxy to false (backport #18567)
|
|
Signed-off-by: Nathan Bahr <nbahr@atcorp.com>
(cherry picked from commit 153d9ea3b99d07015191924866ae14bb0525365a)
|
|
lib: Return duplicate prefix-list entry test (backport #18494)
|
|
lib: Return duplicate ipv6 prefix-list entry test (backport #18561)
|
|
If we do e.g.:
ip prefix-list PL_LoopbackV4 permit 10.1.0.32/32
ip prefix-list PL_LoopbackV4 permit 10.1.0.32/32
ip prefix-list PL_LoopbackV4 permit 10.1.0.32/32
We end up, having duplicate records with a different sequence number only.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
(cherry picked from commit 8384d41144496019725c1e250abd0ceea854341f)
|
|
Fixes: 8384d41144496019725c1e250abd0ceea854341f ("lib: Return duplicate prefix-list entry test")
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
(cherry picked from commit 24ae7cd30a055dc17fc9d75762320e1359e005b2)
|
|
ospfd: Prune duplicate next-hop when installing into zebra route table. (backport #17906)
|
|
Duplicate next-hops are maintained for OSPF inter-area and AS
external routes in the OSPF routing table as long as they
correspond to LSAs for different adverting routers. The
intra-area route computation will not result in duplicate
next-hops.
Signed-off-by: Acee Lindem <acee@lindem.com>
(cherry picked from commit 1c55cf27a207323ab640a6e558c2e7001a3c0c6e)
|
|
OSPF topotest to test OSPF next-hop pruning on installation
into zebra routing table. Also fix multicast_pim_dr_nondr_test
topotest which had a duplicate OSPF route in the results.
Signed-off-by: Acee Lindem <acee@lindem.com>
X
(cherry picked from commit 1d96c58375baf7eeab65a614a89a5fc4cb7f7031)
|
|
bgpd: Retain the routes if we do a clear with N-bit set for Graceful-Restart (backport)
|
|
Related-to: b7c657d4e065f310fcf6454abae1a963c208c3b8 ("bgpd: Retain the routes if we do a clear with N-bit set for Graceful-Restart")
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
|
|
On receiving side we already did the job correctly, but the peer which initiates
the clear does not retain the other's routes. This commit fixes that.
Fixes: 20170775da3a3c5d41aba714d0c1d5a29b0da61c ("bgpd: Activate Graceful-Restart when receiving CEASE/HOLDTIME notifications")
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
|
|
ospf6d: Fix LSA memory leaks related to graceful restart (backport #18503)
|
|
Increase wait times to at least the minimum wait time accepted by
topotest.run_and_expect(). Also change poll interval to 1s, no point in
doings this more frequently.
Finally, slightly improve the topology diagram to also include area numbers.
Signed-off-by: Martin Buck <mb-tmp-tvguho.pbz@gromit.dyndns.org>
(cherry picked from commit b73e3ae69dfd2050dc061b81040a4748d8992ddd)
|
|
Fixes leaks reported by ospf6_gr_topo1 topotest.
Signed-off-by: Martin Buck <mb-tmp-tvguho.pbz@gromit.dyndns.org>
(cherry picked from commit 0db0e7fbd7c6d6c5ba32c741385bc1b2d1acfa77)
|
|
opensourcerouting/fix/backport_9a26a56c5188fd1c95e244932bc17f97b9051935_10.2
bgpd: Fix holdtime not working properly when busy
|
|
Commit: cc9f21da2218d95567eff1501482ce58e6600f54
Modified the bgp_fsm code to dissallow the extension
of the hold time when the system is under extremely
heavy load. This was a attempt to remove the return
code but it was too aggressive and messed up this bit
of code.
Put the behavior back that was introduced in:
d0874d195d0127009a7d9c06920c52c95319eff9
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
|
|
opensourcerouting/fix/backport_4ee47bfc83e1977458a6049c653019d6b7576320_10.2
bgpd: fix `set evpn gateway-ip ipv[46]` route-map
|
|
The `route_set_evpn_gateway_ip` function copies `gw_ip->ip.addr` in the
route's gateway ip. In a nutshell, this skips the `ipa_type` field,
writing the actual IP in the IP type. This later rightfully trips
asserts about unknown IP types.
The following route-map...
```
route-map test permit 10
set evpn gateway-ip ipv4 1.1.1.1
```
...will make the following gateway IP in the route:
```
(gdb) p/x a1->evpn_overlay->gw_ip
$11 = {ipa_type = 0x1010101, ip = {addr = 0x0, addrbytes = {
0x0 <repeats 16 times>}, _v4_addr = {s_addr = 0x0}, _v6_addr = {
__in6_u = {__u6_addr8 = {0x0 <repeats 16 times>}, __u6_addr16 = {0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, __u6_addr32 = {0x0, 0x0, 0x0,
0x0}}}}}
```
We do indeed see the IP Address in the `ipa_type` field.
Fix by starting the memcpy at the root of `struct ipaddr` instead of
skipping the `ipa_type` field.
Fixes: d0a4ee6010a ("bgpd: Add "set evpn gateway-ip" clause for route-map")
Signed-off-by: Tuetuopay <tuetuopay@me.com>
(cherry picked from commit 0b0e7015971a788c14dd1dc9b5bac8cb66175c29)
|
|
zebra: Do not flush an existing vni configuration trying to remove wrong vni (backport #18108)
|
|
Before:
```
pc.donatas.net(config)# do sh run | include vni
vni 1
pc.donatas.net(config)# no vni 2
pc.donatas.net(config)# do sh run | include vni
pc.donatas.net(config)#
```
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
(cherry picked from commit 44fe3981ee388f7c60ab2635309bce34774116e1)
|
|
lib: Create VRF if needed (backport #18430)
|
|
When creating a control plane protocol through NB, create the vrf
if needed instead of only looking up and asserting if it doesn't
exist yet.
Fixes 18429.
Signed-off-by: Nathan Bahr <nbahr@atcorp.com>
(cherry picked from commit b6ae01f907c071be6cd197df0f3ca6fe9baa631a)
|
|
ospf6d: Disable and delete OSPFv3 areas that no longer have interfaces or configuration. (backport #18393)
|
|
configuration.
This fix will delete an OSPFv3 area when all the interfaces and
configuration (ranges, NSSA ranges, stub area, NSSA area, filter-list,
import-list and export-list) have been removed. The changes provides
a general solution to https://github.com/FRRouting/frr/issues/18324.
Signed-off-by: Acee Lindem <acee@lindem.com>
(cherry picked from commit 04994891fe164b4d5a2819d3bc90e5346f94dc53)
|
|
bgpd: Backport recent changes for 10.2 regarding EVPN pointer changes
|
|
bgp_update is a very expensive call. Calling evpn_overlay_free
even when we have no evpn data to free is not trivial. Let's
limit the call into this function until we actually have data to
free.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
|
|
The code is just arbitrarily checking to see if there are any
mac addresses associated with a prefix. This makes no
sense from the perspective that it can only happen as
an evpn route. Let's not make non-evpn people pay
the price to check this data.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
|
|
bgpd: Fixed crash upon bgp network import-check command (backport #18387)
|
|
BT:
```
3 <signal handler called>
4 0x00005616837546fc in bgp_static_update (bgp=bgp@entry=0x5616865eac50, p=0x561686639e40,
bgp_static=0x561686639f50, afi=afi@entry=AFI_IP6, safi=safi@entry=SAFI_UNICAST) at ../bgpd/bgp_route.c:7232
5 0x0000561683754ad0 in bgp_static_add (bgp=0x5616865eac50) at ../bgpd/bgp_table.h:413
6 0x0000561683785e2e in no_bgp_network_import_check (self=<optimized out>, vty=0x5616865e04c0,
argc=<optimized out>, argv=<optimized out>) at ../bgpd/bgp_vty.c:4609
7 0x00007fdbcc294820 in cmd_execute_command_real (vline=vline@entry=0x561686663000,
```
The program encountered a SEG FAULT when attempting to access pi->extra->vrfleak->bgp_orig because
pi->extra->vrfleak was NULL.
```
(gdb) p pi->extra->vrfleak
$1 = (struct bgp_path_info_extra_vrfleak *) 0x0
(gdb) p pi->extra->vrfleak->bgp_orig
Cannot access memory at address 0x8
```
Added NOT NULL check on pi->extra->vrfleak before accessing pi->extra->vrfleak->bgp_orig
to prevent the segmentation fault.
Signed-off-by: Manpreet Kaur <manpreetk@nvidia.com>
(cherry picked from commit bc1008b970541c090e36fc1d50c720df822fcb99)
|
|
zebra: ensure proper return for failure for Sid allocation (backport #18360)
|
|
The functions alloc_srv6_sid_func_explicit/dynamic expect to return bool
but we have places where we return a -1 or NULL which the caller is
assuming as a True/Valid and ending up allocating Sid
Without Fix:
2025/03/10 21:44:04.295350 ZEBRA: [XWV20-TGK70] alloc_srv6_sid_func_explicit: trying to allocate explicit SID function 65088 from block fcbb:bbbb::/32
2025/03/10 21:44:04.295351 ZEBRA: [MM61M-TQZNP] alloc_srv6_sid_func_explicit: elib s 10000 e 20000 wlib s 1000 ewlib s 30000 e 1000 SID_FUNC 65088
2025/03/10 21:44:04.295352 ZEBRA: [QGHMB-SWNFW] alloc_srv6_sid_func_explicit: function 65088 is outside ELIB [10000/20000] and EWLIB alloc ranges [30000/1000]
2025/03/10 21:44:04.295367 ZEBRA: [H0GZA-NNSWJ] get_srv6_sid_explicit: allocated explicit SRv6 SID fcbb:bbbb:1:fe40:: for context End.X nh6 2001::2
2025/03/10 21:44:04.295368 ZEBRA: [XBBYD-T1Q7P] srv6_manager_get_sid_internal: got new SRv6 SID for ctx End.X nh6 2001::2: sid_value=fcbb:bbbb:1:fe40:: (func=65088) (proto=4, instance=0, sessionId=0), notifying all clients
With Fix:
2025/03/10 22:04:25.052235 ZEBRA: [MM61M-TQZNP] alloc_srv6_sid_func_explicit: elib s 30000 e 31000 wlib s 31000 ewlib s 30000 e 31000 SID_FUNC 65056
2025/03/10 22:04:25.052236 ZEBRA: [YHMRC-EMYNX] alloc_srv6_sid_func_explicit: function 65056 is outside ELIB [30000/31000] and EWLIB alloc ranges [30000/31000]
2025/03/10 22:04:25.052254 ZEBRA: [XSG8X-Q2XJX] get_srv6_sid_explicit: invalid SM request arguments: failed to allocate SID function 65056 from block fcbb:bbbb::/32
2025/03/10 22:04:25.052257 ZEBRA: [YC52T-427SJ] srv6_manager_get_sid_internal: not got SRv6 SID for ctx End.DT6 vrf_id 4, sid_value=fcbb:bbbb:1:fe20::, locator_name=MAIN
root@rajasekarr:/tmp/topotests/static_srv6_sids.test_static_srv6_sids/r1#
Ticket :#
Signed-off-by: Rajasekar Raja <rajasekarr@nvidia.com>
(cherry picked from commit 5a63cf4c0d1e7b84f59003877599c6575ba08a25)
|
|
Changelog:
bgpd
Allow bfd to work if peer known but interface address not yet
Apply route-map for aggregate before attribute comparison
Do not ignore auto generated vrf instances when deleting
Do not start bgp session if bgp identifier is not set
Do not try to uninstall bfd session if the peer is not established
Don't reuse nexthop variable in loop/switch
Fix a bug in peer_allowas_in_set()
Fix add label support to evpn ad routes
Fix bfd with update-source in peer-group
Fix bgp label evpn cid 1636504
Fix bgp orf prefix-list json prefix
Fix bgp peer solo option
Fix bgp vrf instance creation from implicit
Fix crash in bgp_labelpool
Fix crash in displaying json orf prefix-list
Fix deadlock in bgp_keepalive and master pthreads
Fix duplicate bgp instance created with unified config
Fix for local interface mac cache issue in 'bgp mac hash' table
Fix import vrf creates multiple bgp instances
Fix incorrect json in bgp_show_table_rd
Fix memory leak in bgp_aggregate_install()
Fix route-distinguisher in vrf leak json cmd
Fix static analyzer issues around bgp pointer
Fix table-map option
Fix vty output of evpn route-target as4
Fix wrong pthread event cancelling
Remove dmed check not required in bestpath selection
Request srv6 locator after zebra connection
Reset bgp session only if it was a real bfd down event
Respect allowas-in value from the source vrf's peer
Simplify bgp_evpn_process_rt1 with label
Update source address for bfd session
Use igpmetric in bgp_aigp_metric_total()
When bgp notices a change to shared_network inform bfd of it
When removing the prefix list drop the pointer
With suppress-fib-pending ensure withdrawal is sent
Revert: Handle addpath capability using dynamic capabilities"
Revert: Reinstall aggregated routes if using route-maps and it was changed"
isisd
Add helper function to request srv6 locator information
Allow full `no` form for `domain-password` and `area-password`
Correct edge insertion into ted
Request srv6 locator after zebra connection
Show correct level information for `show isis interface detail json`
lib
Clean up nexthop hashing mess
Crash handlers must be allowed on threads
Fix false context information for srv6 route
Guard against padding garbage in zapi read
Nb: call child destroy cbs when yang container is deleted
mgmtd
Prevent use after free
nhrpd
Fix dont consider incomplete l2 entry
ospf6d
Fix use after free of router in ospfv3 abr route calculation.
pbrd
Initialize structs used in hash_lookup
pimd
Always write cand-rp group config even when rp is inactive
Close autorp socket when not needed
During prefix-list update, behave as pim_upstream_notjoined state (conformance issue)
Explicitly ensure the rp src is bsr
Fix autorp group joins
Fix bsr rps timing out
Fix dr election race on startup
Fix for data packet loss when fhr is lhr and rp
Fix for fhr mroute taking longer to age out
Fix memory leak and assign allocation type
Fix pim vrf support (send register/register stop in vrf)
Fix pim6 mld vrf support (use recvmsg() pktinfo)
Fix vrf binding of autorp and mroute socket
tests
Add a test that shows the v6 recursive nexthop problem
Bgp_srv6_sid_reachability should give more time
Bgp_srv6l3vpn_to_bgp_vrf3 needs more time
Check if allow as-in works when importing between local vrfs
tools
Add missing formats keyword to segment-routing in frr-reload
Add missing rpki keyword to vrf in frr-reload
Fix frr-reload for ebgp-multihop ttl reconfiguration.
zebra
Ensure dplane does not send work back to master at wrong time
Evpn svd hash avoid double free
Fix leaked nhe
Fix resetting valid flags for nhg dependents
Guard against junk in nexthop->rmap_src
Include resolving nexthops in nhg hash
Signed-off-by: Jafar Al-Gharaibeh <jafar@atcorp.com>
|
|
pimd: Fix PIM6 MLD VRF support (use recvmsg() pktinfo) (backport #18315)
|
|
When receiving MLD messages, prefer pktinfo over msghdr.msg_name for
determining the source interface. The latter is just the VRF master
interface in case of VRF and we need the true interface the packet was
received on instead.
Signed-off-by: Martin Buck <mb-tmp-tvguho.pbz@gromit.dyndns.org>
(cherry picked from commit 374c8dc4dbc8a560036fecdfb3213f690099b869)
|
