| Age | Commit message (Collapse) | Author |
|---|
|
This a convenience release/tag for house keeping. We currently don't plan to publish
binary packages with this release.
Changelog:
bfdd
Fix malformed session with vrf
Remove redundant nb destroy callbacks
bgpd
Aggregate-address memory leak fix
Bmp fix peer-up ports byte order
Check 7 bytes for long-lived graceful-restart capability
Conform bgp_packet.h with coding standards
Copy the password from the previous peer on peer_xfer_config()
Do not allow a `no router bgp xxx` when autoimport is happening
Do not allow l3vni changes when shutting down
Do not announce routes immediatelly on filter updates
Ensure stream received has enough data
Fix bgpd core when unintern attr
Fix crash for `show bgp ... neighbor received-routes detail|prefix`
Fix debug output for route-map names when using a unsuppress-map
Fix ecommunity parsing for as4
Fix for ain->attr corruption during path update
Fix lcom->str string length to correctly cover aliases
Increase buffer size used for dumping bgp to mrt files
Limit flowspec to no attribute means a implicit withdrawal
Make bgp_keepalives.c not use mtype_tmp
Prevent null pointer deref when outputting data
Treat withdraw variable as a bool
Use interface name instead of pointer value
Use the actual pointer type instead of a void
lib
Adjust only `any` flag for prefix-list entries if destroying
Destroy `any` flag when creating a prefix-list entry with prefix
Fix link state memory leak
Fix vtysh core when handling questionmark
On bfd peer shutdown actually stop event
ospf6d
Stop using mtype_tmp in some cases
ospfd, ospf6d
Add more logging details
ospfd, ospfclient
Do not just include .c files in another .c
ospfd
Cleanup some memory leaks on shutdown in ospf_apiserver.c
Fix for vitual-link crash in signal handler
Fix interface param type update
Fix memory leaks w/ `show ip ospf int x json` commands
Fix ospf_lsa memory leak
Fix ospf_ti_lfa drop of an entire table
Fixing summary origination after range configuration
Free up q_space in early return path
Log adjacency changes with neighbor ip in addition to neighbor id
Ospf opaque lsa stale processing fix and topotests.
Remove mtype_tmp
Respect loopback's cost that is set and set loopback costs to 0
pbrd
Fix mismatching in match src-dst
pimd
Fix use after free issue for ifp's moving vrfs
Pim not sending register packets after changing from non dr to dr
Process no-forward bsm packet
ripd
Fix memory leak for ripd's route-map
tests
Add test to validate 4-byte ecomm parsing
Check if prefix-lists with ipv6 any works fine
Check if route-map works correctly if modifying prefix-lists
tools
Fix list value remove in frr-reload
Fix missing remote-as configuration when reload
Make check flag really work for reload
vtysh
Give actual pam error messages
zebra
Cleanup ctx leak on shutdown and turn off event
Evpn handle del event for dup detected mac
Fix evpn dup detected local mac del event
Fix for heap-use-after-free in evpn
Fix race during shutdown
Install directly connected route after interface flap
Reduce creation and fix memory leak of frrscripting pointers
Unlock the route node when sending route notifications
Signed-off-by: Jafar Al-Gharaibeh <jafar@atcorp.com>
|
|
bgpd: Ensure stream received has enough data (backport #12454)
|
|
ospfd: fix interface param type update (backport #13612)
|
|
interface link update event needs
to be handle properly in ospf interface
cache.
Example:
When vrf (interface) is created its default type
would be set to BROADCAST because ifp->status
is not set to VRF.
Subsequent link event sets ifp->status to vrf,
ospf interface update need to compare current type
to new default type which would be VRF (OSPF_IFTYPE_LOOPBACK).
Since ospf type param was created in first add event,
ifp vrf link event didn't update ospf type param which
leads to treat vrf as non loopback interface.
Ticket:#3459451
Testing Done:
Running config suppose to bypass rendering default
network broadcast for loopback/vrf types.
Before fix:
vrf vrf1
vni 4001
exit-vrf
!
interface vrf1
ip ospf network broadcast
exit
After fix: (interface vrf1 is not displayed).
vrf vrf1
vni 4001
exit-vrf
Signed-off-by: Chirag Shah <chirag@nvidia.com>
(cherry picked from commit 0d005b2d5c294d9d0a8db9d8beca83b97e0fd8ff)
|
|
BGP_PREFIX_SID_SRV6_L3_SERVICE attributes must not
fully trust the length value specified in the nlri.
Always ensure that the amount of data we need to read
can be fullfilled.
Reported-by: Iggy Frankovic <iggyfran@amazon.com>
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
(cherry picked from commit 06431bfa7570f169637ebb5898f0b0cc3b010802)
|
|
bfdd: remove redundant nb destroy callbacks (backport #13645)
|
|
Fixes warning logs:
```
2023/05/29 20:11:50 BFD: [ZKB8W-3S2Q4][EC 100663330] unneeded 'destroy' callback for '/frr-bfdd:bfdd/bfd/profile/minimum-ttl'
2023/05/29 20:11:50 BFD: [ZKB8W-3S2Q4][EC 100663330] unneeded 'destroy' callback for '/frr-bfdd:bfdd/bfd/sessions/multi-hop/minimum-ttl'
```
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
(cherry picked from commit f7884aedf7a1249e3aae71b6a66c9a0f0915c4ef)
|
|
tools: fix list value remove in frr-reload (backport #13693)
|
|
There might be a time element(s) from
temporary list are removed more than once
which leads to valueError in certain python3
version.
commit-id 1543f58b5 did not handle valueError
properly. This caused regression where
prefix-list config leads to delete followed
by add.
The new fix should just pass the exception as
value removal from list_to_add or list_to_del
is best effort.
This allows prefix-list config has no change
then removes the lines from lines_to_del and
lines_to_add properly.
Ticket:#3490252
Testing:
Configure prefix-list in frr.conf and perform
multiple frr-reload. After first reload operatoin
subsequent ones should not result in delete followed
by add of the prefix-list but rather no-op operation.
(Pdb) lines_to_add
[(('ip prefix-list FOO permit 10.2.1.0/24',), None)]
(Pdb) lines_to_del
[(('ip prefix-list FOO seq 5 permit 10.2.1.0/24',), None),
(('ip prefix-list FOO seq 10 permit 10.2.1.0/24',), None)]
(Pdb) lines_to_del_to_del
[(('ip prefix-list FOO seq 5 permit 10.2.1.0/24',), None),
(('ip prefix-list FOO seq 10 permit 10.2.1.0/24',), None)]
(Pdb) lines_to_add_to_del
[(('ip prefix-list FOO permit 10.2.1.0/24',), None),
(('ip prefix-list FOO permit 10.2.1.0/24',), None)]
(Pdb) c
> /usr/lib/frr/frr-reload.py(1562)ignore_delete_re_add_lines()
-> return (lines_to_add, lines_to_del)
(Pdb) lines_to_add
[]
(Pdb) lines_to_del
[]
Signed-off-by: Chirag Shah <chirag@nvidia.com>
(cherry picked from commit 9845c09d61a7e509bfae369648cb5f9893455ac4)
|
|
zebra: Unlock the route node when sending route notifications (backport #13649)
|
|
When using a context to send route notifications to upper
level protocols, the code was using a locking function to
get the route node. There is no need for this to be locked
as such FRR should free it up.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
(cherry picked from commit 82c6e4fea54eb65e153e6bc45bb718367b0b5132)
|
|
lib: fix vtysh core when handling questionmark (backport #13637)
|
|
When issue vtysh command with ?, the initial buf size for the
element is 16. Then it would loop through each element in the cmd
output vector. If the required size for printing out the next
element is larger than the current buf size, realloc the buf memory
by doubling the current buf size regardless of the actual size
that's needed. This would cause vtysh core when the doubled size
is not enough for the next element.
Signed-off-by: Yuan Yuan <yyuanam@amazon.com>
(cherry picked from commit f8aa257997a6a6f69ec5d5715ab04d7cbfae1d1c)
|
|
bgpd: fix bgpd core when unintern attr (backport #13634)
|
|
When the remote peer is neither EBGP nor confed, aspath is the
shadow copy of attr->aspath in bgp_packet_attribute(). Striping
AS4_PATH should not be done on the aspath directly, since
that would lead to bgpd core dump when unintern the attr.
Signed-off-by: Yuan Yuan <yyuanam@amazon.com>
(cherry picked from commit 32af4995aae647cf9d7c70347ec37b57279ea807)
|
|
vtysh: Give actual pam error messages (backport #13608)
|
|
Code was was written where the pam error message put out
was the result from a previous call to the pam modules
instead of the current call to the pam module.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
(cherry picked from commit 8495b425bd056d405704df9e756560942d6815c1)
|
|
bfdd: Fix malformed session with vrf (backport #13506)
|
|
With this configuration:
```
bfd
peer 33:33::66 local-address 33:33::88 vrf vrf8 interface enp1s0
exit
!
exit
```
The bfd session can't be established with error:
```
bfdd[18663]: [YA0Q5-C0BPV] control-packet: wrong vrfid. [mhop:no peer:33:33::66 local:33:33::88 port:2 vrf:61]
```
The vrf check should use the carefully adjusted `vrfid`, which is
based on globally/reliable interface. We can't believe the
`bvrf->vrf->vrf_id` because the `/proc/sys/net/ipv4/udp_l3mdev_accept`
maybe is set "1" in VRF-lite backend even with security drawback.
Just correct the vrf check.
Signed-off-by: anlan_cs <vic.lan@pica8.com>
(cherry picked from commit b17c179664da7331a4669a1cf548e4e9c48a5477)
|
|
ospfd: OSPF opaque LSA stale processing fix and topotests. (backport #13489)
|
|
1. Fix OSPF opaque LSA processing to preserve the stale opaque
LSAs in the Link State Database for 60 seconds consistent with
what is done for other LSA types.
2. Add a topotest that tests for cases where ospfd is restarted
and a stale OSPF opaque LSA exists in the OSPF routing domain
both when the LSA is purged and when the LSA is reoriginagted
with a more recent instance.
Signed-off-by: Acee <aceelindem@gmail.com>
(cherry picked from commit 4e7eb1e62ce54ebcf78622682de962fdeff20b80)
|
|
ospfd: Respect loopback's cost that is set and set loopback costs to 0 (backport #13485)
|
|
When setting an loopback's cost, set the value to 0, unless the operator
has assigned a value for the loopback's cost.
RFC states:
If the state of the interface is Loopback, add a Type 3
link (stub network) as long as this is not an interface
to an unnumbered point-to-point network. The Link ID
should be set to the IP interface address, the Link Data
set to the mask 0xffffffff (indicating a host route),
and the cost set to 0.
FRR is going to allow this to be overridden if the operator specifically
sets a value too.
Fixes: #13472
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
(cherry picked from commit dd2bc4fb406cc9284d35ef623ebb8838cb158bc8)
|
|
zebra: Reduce creation and fix memory leak of frrscripting pointers (backport #13445)
|
|
There are two issues being addressed:
a) The ZEBRA_ON_RIB_PROCESS_HOOK_CALL script point
was creating a fs pointer per dplane ctx in
rib_process_dplane_results().
b) The fs pointer was not being deleted and directly
leaked.
For (a) Move the creation of the fs to outside
the do while loop.
For (b) At function end ensure that the pointer
is actually deleted.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
(cherry picked from commit d8be1399720ca36485b6a2209b143679b01b83cb)
|
|
ospfd: Fix memory leaks w/ `show ip ospf int X json` commands (backport #13436)
|
|
FRR has a memory leak in the case when int X does not
exist and a memory leak when int X does exist. Fix
these
Fixes: #13434
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
(cherry picked from commit 74e21732db129f7287d5ab227e45f305c5dbf34e)
|
|
pimd: PIM not sending register packets after changing from non DR to DR (backport #13020)
|
|
When the router is non dr for an interface, it installs mroute to drop
the packets from directly connected source. This was done to avoid packets
coming to cpu as nocache hit. Later when it gets change from non-DR to DR,
these entries are not cleared. So the packets are still dropped.
This causes register packets not getting generated.
So cleaning up the mroute entries and channel oil without
upstream reference which was created to drop.
Co-authored-by: Saravanan K <saravanank@vmware.com>
Signed-off-by: Sai Gomathi N <nsaigomathi@vmware.com>
(cherry picked from commit 1c883aef96013753f5467ba5e5028dee0f0a82c5)
|
|
zebra: EVPN handle duplicate detected local mac delete event (backport #13330)
|
|
The current local mac delete event send to flag with force
always which breaks the duplicate detected MACs where
it requires to be resynced from bgpd to earlier state.
Ticket:#3233019
Issue:3233019
Signed-off-by: Chirag Shah <chirag@nvidia.com>
(cherry picked from commit 89844a967858d34de99bad8dcb410b4ab4e1dece)
|
|
Upon receiving local mobility event for MAC + NEIGH,
both are detected as duplicate upon hitting DAD threshold.
Duplicated detected ( freezed) MAC + NEIGH are not known
to bgpd.
If locally learnt MAC + NEIGH are deleted in kernel,
the MAC is marked as AUTO after sending delete event
to bgpd.
Bgpd only reinstalls best route for MAC_IP route (NEIGH)
but not for MAC event.
This puts a situation where MAC is AUTO state and
associated neigh as remote.
Fix:
DUPLICATE + LOCAL MAC deletion, set MAC delete request
as reinstall from bgpd.
Ticket:#2873307
Reviewed By:
Testing Done:
Freeze MAC + two NEIGHs in local mobility event.
Delete MAC and NEIGH from kerenl.
bgp rsync remote mac route which puts MAC to remote state.
Signed-off-by: Chirag Shah <chirag@nvidia.com>
(cherry picked from commit ad7685de2871996469d370192af7afafc234a3ca)
|
|
bgpd: Fix lcom->str string length to correctly cover aliases (backport #13341)
|
|
If you have a very large number of large communities whose
string length happened to be greater than BUFSIZ FRR's bgpd
would crash. This is because bgpd would write beyond
the end of the string.
Originally the code auto-calculated the string size appropriately
but commit ed0e57e3f079352714c3a3a8a5b0dddf4aadfe1d modified
the string length to be a hard coded BUFSIZ. When a route-map
like this is added:
route-map LARGE-OUT permit 10
set large-community 4635:0:0 4635:1:906 4635:1:2906 4635:1:4515 4635:1:4594 4635:1:4641 4635:1:4760 4635:1:7979 4635:1:9253 4635:1:9293 4635:1:9304 4635:1:9908 4635:1:13335 4635:1:16265 4635:1:17924 4635:1:18013 4635:1:20940 4635:1:22822 4635:1:24429 4635:1:24482 4635:1:32590 4635:1:32934 4635:1:36692 4635:1:38008 4635:1:38819 4635:1:41378 4635:1:45753 4635:1:46489 4635:1:49544 4635:1:51847 4635:1:54574 4635:1:54994 4635:1:55720 4635:1:56059 4635:1:57724 4635:1:65021 4635:1:134823 4635:1:136907 4635:1:146961 24115:0:24115 24115:1:906 24115:1:2906 24115:1:4515 24115:1:4594 24115:1:4641 24115:1:4760 24115:1:7979 24115:1:9253 24115:1:9293 24115:1:9304 24115:1:9908 24115:1:13335 24115:1:16265 24115:1:17924 24115:1:18013 24115:1:20940 24115:1:22822 24115:1:24429 24115:1:24482 24115:1:32590 24115:1:32934 24115:1:36692 24115:1:38008 24115:1:38819 24115:1:41378 24115:1:45753 24115:1:46489 24115:1:49544 24115:1:51847 24115:1:54574 24115:1:54994 24115:1:55720 24115:1:56059 24115:1:57724 24115:1:65021 24115:1:134823 24115:1:136907 24115:1:100000 24115:1:100001 24115:1:100002
exit
BGP would have issues and crash.
Modify the code to correctly determine the string length of the communities
and to also double check if the string has an alias and ensure that the
string is still sufficiently large enough. If not auto size it again.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
(cherry picked from commit 8cb4892c0669d916557d693b878420faec8e6e2a)
|
|
bgpd: Fix for ain->attr corruption during path update (backport #13329)
|
|
1. Consider a established L2VPN EVPN BGP peer with soft-reconfiguartion
inbound configured
2. When the interface of this directly connected BGP peer is shutdown,
bgp_soft_reconfig_table_update() is called, which memsets the evpn buffer
and calls bgp_update() with received attributes stored in ain table(ain->attr).
In bgp_update(), evpn_overlay attribute in ain->attr (which is an interned
attr) was modified by doing a memcpy
3. Above action causes 2 attributes in the attrhash (which were previously different)
to match!
4. Later during fsm change event of the peer, bgp_adj_in_remove() is called
to clean up the ain->attr. But, because 2 attrs in attrhash match, it causes
BGP to assert in bgp_attr_unintern()
Signed-off-by: Pooja Jagadeesh Doijode <pdoijode@nvidia.com>
(cherry picked from commit 6e076ba5231cba2e22dcbdc48a9c13df046a2e47)
|
|
tools: fix missing remote-as configuration when reload (backport #13302)
|
|
The check flag of `found_pg_cmd` is already there, but not used.
So, make it really work for reload.
Signed-off-by: anlan_cs <vic.lan@pica8.com>
(cherry picked from commit 9ea17a5d4978eb3d8ab3d192dd1cc8abf3e414e2)
|
|
From commit `411d1a2`, `bgp_delete_nbr_remote_as_line()` is added to
remove some specific bgp neighbors. But, when reloading the following
configuration, it will wrongly remove some good ones:
`neighbor 66.66.66.6 remote-as internal`:
```
router bgp 66
bgp router-id 172.16.204.6
neighbor ANLAN peer-group
neighbor ANLAN remote-as internal
neighbor 66.66.66.6 remote-as internal <- LOST
neighbor 66.66.66.60 peer-group ANLAN
```
The reason is that "66.66.66.6" is included in "66.66.66.60" literally,
then it is mistakenly thought to be a match. Just fix it with
excat match.
Signed-off-by: anlan_cs <vic.lan@pica8.com>
(cherry picked from commit a70895e83ae49b15f13e0801e0743d788b0cb595)
|
|
bgpd: Fix crash for `show bgp ... neighbor received-routes detail|PREFIX (backport #13301)
|
|
BGP: Received signal 11 at 1681287514 (si_addr 0x8, PC 0x559ab42eb1d9); aborting...
BGP: /lib/libfrr.so.0(zlog_backtrace_sigsafe+0x71) [0x7f4356b19af1]
BGP: /lib/libfrr.so.0(zlog_signal+0xf9) [0x7f4356b19cf9]
BGP: /lib/libfrr.so.0(+0xf5af5) [0x7f4356b4baf5]
BGP: /lib/x86_64-linux-gnu/libpthread.so.0(+0x14420) [0x7f43568ab420]
BGP: /usr/lib/frr/bgpd(prefix_rd2str+0x29) [0x559ab42eb1d9]
BGP: /usr/lib/frr/bgpd(route_vty_out_detail_header+0x7ca) [0x559ab43061ba]
BGP: /usr/lib/frr/bgpd(+0x1771a6) [0x559ab430a1a6]
BGP: /usr/lib/frr/bgpd(+0x177f06) [0x559ab430af06]
BGP: /usr/lib/frr/bgpd(+0x178c8b) [0x559ab430bc8b]
BGP: /usr/lib/frr/bgpd(+0x179e7e) [0x559ab430ce7e]
BGP: /lib/libfrr.so.0(+0x9417e) [0x7f4356aea17e]
BGP: /lib/libfrr.so.0(cmd_execute_command+0x111) [0x7f4356aea321]
BGP: /lib/libfrr.so.0(cmd_execute+0xd0) [0x7f4356aea4c0]
BGP: /lib/libfrr.so.0(+0x10d5de) [0x7f4356b635de]
BGP: /lib/libfrr.so.0(+0x10d81d) [0x7f4356b6381d]
BGP: /lib/libfrr.so.0(+0x110b03) [0x7f4356b66b03]
BGP: /lib/libfrr.so.0(event_call+0x81) [0x7f4356b5df91]
BGP: /lib/libfrr.so.0(frr_run+0xe8) [0x7f4356b11b58]
BGP: /usr/lib/frr/bgpd(main+0x385) [0x559ab4281d55]
BGP: /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf3) [0x7f43566c9083]
BGP: /usr/lib/frr/bgpd(_start+0x2e) [0x559ab428437e]
BGP: in thread vtysh_read scheduled from lib/vty.c:2833 vty_event()
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
(cherry picked from commit ea5a8e4d5846778611fe1fd6e395bf3cbb33ebaa)
|
|
pimd: Process no-forward BSM packet (backport #13244)
|
|
Topology Used:
=============
Cisco---FRR4----FRR2
Initially PIM nbr is down between FRR4----FRR2 from FRR2 side
Cisco is sending BSR packet to FRR4.
Problem Statement:
=================
No shutdown the PIM neighbor on FRR2 towards FRR4.
FRR2, receives BSR packet immediately as the new neighbor
comes up. This BSR packet is having no-forward bit set.
FRR2 is not able to process the BSR packet, and drop the
BSR packet.
Root Cause:
==========
When PIMD comes up, we start BSM timer for 60 seconds.
Here, the value accept_nofwd_bsm is setting to false.
FRR2, when receives no-forward BSR packet, it is getting
accept_nofwd_bsm value as false.
So, it drops, the no-forward BSM packet.
Fix:
===
Set accept_nofwd_bsm as false after first BSM packet received.
Signed-off-by: Sarita Patra <saritap@vmware.com>
(cherry picked from commit 8b462d557905200d98c7a8965b3d223637c3c5dd)
|
|
lib: link state leak fix (backport #13193)
|
|
ospfd: Fix ospf_lsa memory leak (backport #13269)
|
|
zebra: fix race during shutdown
|
|
zebra: Mark connected route as installed after interface flap event (backport #13249)
|
|
Free link message data when a delete event is recorded.
Signed-off-by: Keelan Cannoo <keelan.cannoo@icloud.com>
(cherry picked from commit c123d2dee012620b8f43711062a10c49b9247a9c)
|
|
Free translated LSA when LSA installation fails
Signed-off-by: Keelan Cannoo <keelan.cannoo@icloud.com>
(cherry picked from commit c0ccfbfd45514251bb1f91ec9138dca138f88f57)
|
|
Issue:
After vlan flap, zebra was not marking the selected/best route as installed.
As a result, when a static route was configured with nexthop as directly
connected interface's(vlan) IP, the static route was not being installed
in the kernel since its nexthop was unresolved. The nexthop was marked
unresolved because zebra failed to mark the best route as installed after
interface flap.
This was happening because, in dplane_route_update_internal() if the old and
new context type, and nexthop group id are the same, then zebra doesn't send
down a route replace request to kernel. But, the installed (ROUTE_ENTRY_INSTALLED)
flag is set when zebra receives a response from kernel. Since the
request to kernel was being skipped for the route entry, installed flag
was not being set
Fix:
In dplane_route_update_internal() if the old and new context type, and
nexthop group id are the same, then before returning, installed flag will
be set on the route-entry if it's not set already.
Signed-off-by: Pooja Jagadeesh Doijode <pdoijode@nvidia.com>
(cherry picked from commit e25a0b138a196c7daf389989ebffbd09d345cd53)
|
