| Age | Commit message (Collapse) | Author |
|---|
|
Testing done with:
```
for x in $(seq 1 100000); do vtysh -c 'conf' -c 'router bgp' -c 'bmp targets test' -c 'bmp connect localhost port 123 min-retry 100 max-retry 100 source-interface lo'; done
```
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
(cherry picked from commit 7d19cb59cf5b129f61f3c568899343b3f031f9b4)
|
|
Although trigger unknown, based on the backtrace in one of the internal
testing, we do see some delete in the Intf where we can have the peer
ifp pointer null and we try to dereference it while trying to install
the route leading to a crash
Skip updating the ifindex in such cases and since the nexthop is not
properly updated, BGP skips sending it to zebra.
BackTrace:
0 0x00007faef05e7ebc in ?? () from /lib/x86_64-linux-gnu/libc.so.6
1 0x00007faef0598fb2 in raise () from /lib/x86_64-linux-gnu/libc.so.6
2 0x00007faef09900dc in core_handler (signo=11, siginfo=0x7ffdde8cb4b0, context=<optimized out>) at lib/sigevent.c:274
3 <signal handler called>
4 0x00005560aad4b7d8 in update_ipv6nh_for_route_install (api_nh=0x7ffdde8cbe94, is_evpn=false, best_pi=0x5560b21187d0, pi=0x5560b21187d0, ifindex=0, nexthop=0x5560b03cb0dc,
nh_bgp=0x5560ace04df0, nh_othervrf=0) at bgpd/bgp_zebra.c:1273
5 bgp_zebra_announce_actual (dest=dest@entry=0x5560afcfa950, info=0x5560b21187d0, bgp=0x5560ace04df0) at bgpd/bgp_zebra.c:1521
6 0x00005560aad4bc85 in bgp_handle_route_announcements_to_zebra (e=<optimized out>) at bgpd/bgp_zebra.c:1896
7 0x00007faef09a1c0d in thread_call (thread=thread@entry=0x7ffdde8d7580) at lib/thread.c:2008
8 0x00007faef095a598 in frr_run (master=0x5560ac7e5190) at lib/libfrr.c:1223
9 0x00005560aac65db6 in main (argc=<optimized out>, argv=<optimized out>) at bgpd/bgp_main.c:557
(gdb) f 4
4 0x00005560aad4b7d8 in update_ipv6nh_for_route_install (api_nh=0x7ffdde8cbe94, is_evpn=false, best_pi=0x5560b21187d0, pi=0x5560b21187d0, ifindex=0, nexthop=0x5560b03cb0dc,
nh_bgp=0x5560ace04df0, nh_othervrf=0) at bgpd/bgp_zebra.c:1273
1273 in bgpd/bgp_zebra.c
(gdb) p pi->peer->ifp
$26 = (struct interface *) 0x0
Ticket :#4203904
Signed-off-by: Rajasekar Raja <rajasekarr@nvidia.com>
|
|
The below command is not successfull on an existing as dot peer
> no neighbor 10.0.0.2 remote-as 1.1
> % Create the peer-group or interface first
Handle the case where the remote-as argument can be an ASNUM.
Fixes: 8079a4138d61 ("lib, bgp: add initial support for asdot format")
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
|
If we receive an IPv6 prefix e.g.: 2001:db8:100::/64 with nextop: 0.0.0.0, and
mp_nexthop: fc00::2, we should not treat this with an invalid nexthop because
of 0.0.0.0. We MUST check for MP_REACH attribute also and decide later if we
have at least one a valid nexthop.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
(cherry picked from commit a0d2734e879f78fbef5f1815429de331b9940c73)
|
|
A redistribute cmd can have a route-map attached to it and adding the
match source-protocol to that route-map means BGP to filter which
protocol routes to accept among the bunch of routes zebra is sending.
Fixing this since this wasnt implemented earlier.
Ticket :#4119692
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
Signed-off-by: Rajasekar Raja <rajasekarr@nvidia.com>
(cherry picked from commit 68358c0f928eafe50c9e73b0cb6a443c03f2a33f)
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
(cherry picked from commit f93e5aa1663d9b375e0673f4eed367f9a009fa88)
|
|
When trying to connect to a BGP peer that does not respons, the 'show
bgp neighbors' command does not give any indication on the local and
remote addresses used:
> # show bgp neighbors
> BGP neighbor is 192.0.2.150, remote AS 65500, local AS 65500, internal link
> Local Role: undefined
> Remote Role: undefined
> BGP version 4, remote router ID 0.0.0.0, local router ID 192.0.2.1
> BGP state = Connect
> [..]
> Connections established 0; dropped 0
> Last reset 00:00:04, Waiting for peer OPEN (n/a)
> Internal BGP neighbor may be up to 255 hops away.
> BGP Connect Retry Timer in Seconds: 120
> Next connect timer due in 117 seconds
> Read thread: off Write thread: off FD used: 27
The addressing information (address and port) are only available
when TCP session is established, whereas this information is present
at the system level:
> root@ubuntu2204:~# netstat -pan | grep 192.0.2.1
> tcp 0 0 192.0.2.1:179 192.0.2.150:38060 SYN_RECV -
> tcp 0 1 192.0.2.1:46526 192.0.2.150:179 SYN_SENT 488310/bgpd
Add the display for outgoing BGP session, as the information in
the getsockname() API provides information for connected streams.
When getpeername() API does not give any information, use the peer
configuration (destination port is encoded in peer->port).
> # show bgp neighbors
> BGP neighbor is 192.0.2.150, remote AS 65500, local AS 65500, internal link
> Local Role: undefined
> Remote Role: undefined
> BGP version 4, remote router ID 0.0.0.0, local router ID 192.0.2.1
> BGP state = Connect
> [..]
> Connections established 0; dropped 0
> Last reset 00:00:16, Waiting for peer OPEN (n/a)
> Local host: 192.0.2.1, Local port: 46084
> Foreign host: 192.0.2.150, Foreign port: 179
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
(cherry picked from commit 78ce63952a99e572ccd7b56fac9a211c2641ca91)
|
|
When attempting to get the src and destination addresses of a given
connection, the API may return the NULL pointer, but further code
in bgp_zebra_nexthop_set() already does a check about the given
pointer.
Relaxing the error code for all the returned adressing.
Fixes: 1ff9a340588a ("bgpd: bgpd-fsm-fix.patch")
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
(cherry picked from commit ba7130309954fbe8d58854339ca43259149e603a)
|
|
Without this patch we set only the first path for the route (if multiple exist)
as LLGR stale and stop doing that for the rest of the paths, which is wrong.
Fixes: 1479ed2fb35f4a5ae1017201a7ee37ba2727163a ("bgpd: Implement LLGR helper mode")
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
|
|
We iterated over all bgp_path_info's, but once we remove the path, we didn't
check for other paths under the same bgp_dest.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
|
|
Before this patch, if we set something like:
```
bgp extcommunity-list expanded 1234 permit admin
```
In running config we have:
```
bgp extcommunity-list 1234 seq 5 permit admin
```
That leads to incorrect rendering, even more the line can't be deleted.
With this fix we treat numbered community-list only if it's inside the range
1-500, otherwise it's a non-numbered clist.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
(cherry picked from commit 4c1ee29116aff081f63b1fc7dad18cbfe1b8007f)
|
|
(9.1 backport) bgpd: add `bgp ipv6-auto-ra` command
|
|
bgpd: fix blank line in running-config with bmp listener cmd (backport #17278)
|
|
we have
(gdb) p *path->attr->aspath
$1 = {refcnt = 3, segments = 0x0, json = 0x0, str = 0x55723d0b7470 "", str_len = 0, asnotation = ASNOTATION_PLAIN}
It looks like this aspath is empty, resulting in a size 0 and NULL pointer for path->attr->aspath->segments which leads to the SIGSEGV
fixe: return 0 when segments is null.
Signed-off-by: Francois Dumontet <francois.dumontet@6wind.com>
(cherry picked from commit ee2f1b85cf95fcbfd0a54dc15b911f525e96b163)
|
|
Introduce a command to stop bgpd from enabling IPv6 router advertisement
messages sending on interfaces.
Signed-off-by: Mikhail Sokolovskiy <sokolmish@gmail.com>
|
|
An extra blank line is added in show running-config with BMP:
> ubuntu2204hwe(config)# router bgp 65500
> ubuntu2204hwe(config-router)# bmp targets tgt
> ubuntu2204hwe(config-bgp-bmp)# bmp monitor ipv4 unicast pre-policy
> ubuntu2204hwe(config-bgp-bmp)# bmp listener 192.0.2.100 port 44
> ubuntu2204hwe(config-bgp-bmp)# do show running-config
>
> router bgp 65500
> [..]
> bmp targets tgt
> bmp monitor ipv4 unicast pre-policy
> <-- blank line
> bmp listener 192.0.2.100 port 44
> exit
Remove the blank line.
Fixes: ed18356f1f2d ("bgpd/bmp: BMP implementation")
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
(cherry picked from commit 9a33ee18bfe2769e173911d69cee64b78143184b)
|
|
Fix the display of the local label in show bgp.
> r1# show bgp ipv4 labeled-unicast 172.16.2.2/32
> BGP routing table entry for 172.16.2.2/32, version 2
> Local label: 16 <---- MISSING
> Paths: (1 available, best #1, table default, vrf (null))
> Advertised to non peer-group peers:
> 192.168.1.2
> 65501
> 192.168.1.2 from 192.168.1.2 (172.16.2.2)
> Origin IGP, metric 0, valid, external, best (First path received)
> Remote label: 3
> Last update: Fri Oct 25 17:55:45 2024
Fixes: 67f67ba481 ("bgpd: Drop label_ntop/label_pton functions")
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
(cherry picked from commit e7b3276ace65d59edb4d614158d4f2959f12f868)
|
|
For consistency between RIB and BGP, the aigp comparison should
be made after the local route check in bgp bestpath selection.
Signed-off-by: Enke Chen <enchen@paloaltonetworks.com>
|
|
Include SID structure information when removing an SRv6 End.DT46 SID
from the forwarding plane.
Signed-off-by: Carmine Scarpitta <cscarpit@cisco.com>
|
|
Include SID structure information when removing an SRv6 End.DT4 or End.DT6 SID
from the forwarding plane.
Signed-off-by: Carmine Scarpitta <cscarpit@cisco.com>
|
|
Include SID structure information when installing an SRv6 End.DT46 SID
in the forwarding plane.
Signed-off-by: Carmine Scarpitta <cscarpit@cisco.com>
|
|
Include SID structure information when installing an SRv6 End.DT6 or End.DT4 SID
in the forwarding plane.
Signed-off-by: Carmine Scarpitta <cscarpit@cisco.com>
|
|
The value of 0 is accepted from peers, and can also be set by the
route-map "set aigp-metric igp-metric". For coonsistency, it should
be allowed in "set aigp-metric <value>" as well.
Signed-off-by: Enke Chen <enchen@paloaltonetworks.com>
(cherry picked from commit e07f38a43f0b176fcfb96403db71291c04f76cfb)
|
|
Fix several issues in sourcing AIGP attribute:
1) AIGP should not be set as default for a redistributed route or a
static network. It should be set by config instead.
2) AIGP sourced by "set aigp-metric igp-metric" in a route-map does
not set the correct value for a redistributed route.
3) When redistribute a connected route like loopback, the AGIP (with
value 0) is sourced by "set aigp-metric igp-metric", but the
attribute is not propagated as the attribute flag is not set.
Signed-off-by: Enke Chen <enchen@paloaltonetworks.com>
(cherry picked from commit f65356d8bb9a43b1725fafdbd30aba0de9d214fa)
|
|
The nexthop metric should be added to AIGP when calculating the
bestpath in bgp_path_info_cmp().
Signed-off-by: Enke Chen <enchen@paloaltonetworks.com>
(cherry picked from commit 081422e8e71085d3a3d4d2ff0bc1e1abaff0d52e)
|
|
bgpd: EVPN fix per rd specific type-2 json output (backport #16913)
|
|
They are managed under `frr-route-map`, not under `frr-bgp-route-map`.
Fixes: https://github.com/FRRouting/frr/issues/17055
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
(cherry picked from commit b9a9be492e8dde39a0040bd1140893ccab83c2be)
|
|
bgpd: Actually make ` --v6-with-v4-nexthops` it work (backport #16971)
|
|
Fix printfrr_bp for non initialized peers. For example:
> Sep 26 17:56:44 r1 bgpd[26295]: [GJPH1-W8PZV] Resetting peer (null)(Unknown) due to change in addpath config
Is now:
> Oct 02 14:00:59 r1 bgpd[12795]: [MNE5N-K0G4Z] Resetting peer 2.2.2.2 due to change in addpath config
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
(cherry picked from commit b56cfc6c808d330a85a06421c7fc5f5f9066938f)
|
|
It was using `-v` which is actually a _version_.
Fixes: 0435b31bb8ed55377f83d0e19bc085abc3c71b44 ("bgpd: Allow bgp to specify if it will allow v6 routing with v4 nexthops")
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
(cherry picked from commit 0495cac837ad0f6ff1082746c37e4a48c1068035)
|
|
Current Issue:
paths key is not there for
'show bgp l2vpn evpn route rd <rd-id> mac <mac> json' uses
evpn prefix as key for each path.
Replace the evpn prefix with "paths".
This aligned with overall EVPN RIB json output like
'show bgp l2vpn evpn route json'
'show bgp l2vpn evpn route rd <> type 2 json'
Fix:
paths key is added instead of prefix info.
Ticket:#4087461
Issue:4087461
Testing:
Before fix:
leaf22# show bgp l2vpn evpn route rd 6.0.0.17:2 mac 00:02:00:00:00:12 json
{
"prefix":"[2]:[0]:[48]:[00:02:00:00:00:12]",
"prefixLen":352,
"rd":"6.0.0.17:2",
"routeType":2,
"ethTag":0,
"macLen":48,
"mac":"00:02:00:00:00:12",
"advertisedTo":{
"220.20.0.33":{
"hostname":"spine21"
},
"220.21.0.33":{
"hostname":"spine22"
}
},
"[2]:[0]:[48]:[00:02:00:00:00:12]":[ <===== Prefix info instead of "paths" key
[
{
"vni":"101101",
"aspath":{
"string":"65202 65024",
"segments":[
{
"type":"as-sequence",
"list":[
65202,
65024
]
}
],
"length":2
},
"esi":"03:00:00:00:77:02:04:00:00:18",
"es_info":{
"localEs":true
},
"origin":"IGP",
"valid":true,
"version":5,
"bestpath":{
"bestpathFromAs":65202,
"overall":true,
"selectionReason":"Older Path"
},
"extendedCommunity":{
"string":"RT:65024:101101 ET:8"
},
"lastUpdate":{
"epoch":1726803218,
"string":"Fri Sep 20 03:33:38 2024\n"
},
"nexthops":[
{
"ip":"6.0.0.17",
"hostname":"spine21",
"afi":"ipv4",
"metric":0,
"accessible":true,
"used":true
}
],
"peer":{
"peerId":"220.20.0.33",
"routerId":"6.0.0.20",
"hostname":"spine21",
"type":"external"
}
}
],
[
{
"vni":"101101",
"aspath":{
"string":"65202 65024",
"segments":[
{
"type":"as-sequence",
"list":[
65202,
65024
]
}
],
"length":2
},
"esi":"03:00:00:00:77:02:04:00:00:18",
"es_info":{
"localEs":true
},
"origin":"IGP",
"valid":true,
"version":5,
"extendedCommunity":{
"string":"RT:65024:101101 ET:8"
},
"lastUpdate":{
"epoch":1726803218,
"string":"Fri Sep 20 03:33:38 2024\n"
},
"nexthops":[
{
"ip":"6.0.0.17",
"hostname":"spine22",
"afi":"ipv4",
"metric":0,
"accessible":true,
"used":true
}
],
"peer":{
"peerId":"220.21.0.33",
"routerId":"6.0.0.21",
"hostname":"spine22",
"type":"external"
}
}
]
],
"numPaths":2
}
After fix:
eaf22# show bgp l2vpn evpn route rd 6.0.0.17:2 mac 00:02:00:00:00:12 json
{
"prefix":"[2]:[0]:[48]:[00:02:00:00:00:12]",
"prefixLen":352,
"rd":"6.0.0.17:2",
"routeType":2,
"ethTag":0,
"macLen":48,
"mac":"00:02:00:00:00:12",
"advertisedTo":{
"220.20.0.33":{
"hostname":"spine21"
},
"220.21.0.33":{
"hostname":"spine22"
}
},
"paths":[
[
{
"vni":"101101",
"aspath":{
"string":"65202 65024",
"segments":[
{
"type":"as-sequence",
"list":[
65202,
65024
]
}
],
"length":2
},
"esi":"03:00:00:00:77:02:04:00:00:18",
"es_info":{
"localEs":true
},
"origin":"IGP",
"valid":true,
"version":3,
"bestpath":{
"bestpathFromAs":65202,
"overall":true,
"selectionReason":"Router ID"
},
"extendedCommunity":{
"string":"RT:65024:101101 ET:8"
},
"lastUpdate":{
"epoch":1727175046,
"string":"Tue Sep 24 10:50:46 2024\n"
},
"nexthops":[
{
"ip":"6.0.0.17",
"hostname":"spine21",
"afi":"ipv4",
"metric":0,
"accessible":true,
"used":true
}
],
"peer":{
"peerId":"220.20.0.33",
"routerId":"6.0.0.20",
"hostname":"spine21",
"type":"external"
}
}
],
[
{
"vni":"101101",
"aspath":{
"string":"65202 65024",
"segments":[
{
"type":"as-sequence",
"list":[
65202,
65024
]
}
],
"length":2
},
"esi":"03:00:00:00:77:02:04:00:00:18",
"es_info":{
"localEs":true
},
"origin":"IGP",
"valid":true,
"version":3,
"extendedCommunity":{
"string":"RT:65024:101101 ET:8"
},
"lastUpdate":{
"epoch":1727175046,
"string":"Tue Sep 24 10:50:46 2024\n"
},
"nexthops":[
{
"ip":"6.0.0.17",
"hostname":"spine22",
"afi":"ipv4",
"metric":0,
"accessible":true,
"used":true
}
],
"peer":{
"peerId":"220.21.0.33",
"routerId":"6.0.0.21",
"hostname":"spine22",
"type":"external"
}
}
]
],
"numPaths":2
}
Signed-off-by: Sindhu Parvathi Gopinathan's <sgopinathan@nvidia.com>
(cherry picked from commit ff008cee6b5b4945f6dd3e58b46b933d695c2865)
|
|
bgpd: fix, do not access peer->notify.data when it is null (backport #16546)
|
|
bgp crash on rt2 spotted when 2 commands
launched consequently:
T0: rr, config -> router bgp 65004 -> neighbor 192.168.12.2 password
8888
T1: rt2, snmpwalk -v 2c -c public 127.0.0.1 .1.3.6.1.4.1.7336.4.2.1
T2: rt2 bgp is crashed.
config rt2-bgp:
---------------
!
debug bgp updates
!
router bgp 65002
no bgp ebgp-requires-policy
no bgp network import-check
no bgp default ipv4-unicast
neighbor 192.168.12.4 remote-as external
neighbor 192.168.12.4 timers 1 3
neighbor 192.168.12.4 timers connect 1
neighbor 2001:db8::12:4 remote-as external
neighbor 2001:db8::12:4 timers 1 3
neighbor 2001:db8::12:4 timers connect 1
!
address-family ipv4 unicast
neighbor 192.168.12.4 activate
neighbor 192.168.12.4 addpath-tx-all-paths
exit-address-family
address-family ipv6 unicast
neighbor 2001:db8::12:4 activate
exit-address-family
!
agentx
!
config rt2-snmpd:
agentAddress 127.0.0.1,[::1]
group public_group v1 public
group public_group v2c public
access public_group "" any noauth prefix all all none
rocommunity public default
view all included .1
iquerySecName frr
rouser frr
master agentx
agentXSocket /etc/frr/agentx
agentXPerms 777 755 root frr
config rt2-zebra:
-----------------
!
interface r2-eth0
ip address 192.168.12.2/24
ipv6 address 2001:db8::12:2/64
!
config rr-bgpd:
---------------
!
debug bgp updates
!
router bgp 65004
no bgp ebgp-requires-policy
no bgp network import-check
no bgp default ipv4-unicast
neighbor 192.168.12.1 remote-as external
neighbor 192.168.12.1 timers 1 3
neighbor 192.168.12.1 timers connect 1
neighbor 192.168.12.2 remote-as external
neighbor 192.168.12.2 timers 1 3
neighbor 192.168.12.2 timers connect 1
neighbor 192.168.12.3 remote-as external
neighbor 192.168.12.3 timers 1 3
neighbor 192.168.12.3 timers connect 1
neighbor 2001:db8::12:1 remote-as external
neighbor 2001:db8::12:1 timers 1 3
neighbor 2001:db8::12:1 timers connect 1
neighbor 2001:db8::12:2 remote-as external
neighbor 2001:db8::12:2 timers 1 3
neighbor 2001:db8::12:2 timers connect 1
neighbor 2001:db8::12:3 remote-as external
neighbor 2001:db8::12:3 timers 1 3
neighbor 2001:db8::12:3 timers connect 1
!
address-family ipv4 unicast
neighbor 192.168.12.1 activate
neighbor 192.168.12.1 addpath-tx-all-paths
neighbor 192.168.12.1 route-server-client
neighbor 192.168.12.2 activate
neighbor 192.168.12.2 addpath-tx-all-paths
neighbor 192.168.12.2 route-server-client
neighbor 192.168.12.3 activate
neighbor 192.168.12.3 addpath-tx-all-paths
neighbor 192.168.12.3 route-server-client
exit-address-family
address-family ipv6 unicast
neighbor 2001:db8::12:1 activate
neighbor 2001:db8::12:1 route-server-client
neighbor 2001:db8::12:2 activate
neighbor 2001:db8::12:2 route-server-client
neighbor 2001:db8::12:3 activate
neighbor 2001:db8::12:3 route-server-client
exit-address-family
!
agentx
!
config rr-zebra:
----------------
!
interface rr-eth0
ip address 192.168.12.4/24
ipv6 address 2001:db8::12:4/64
!
Fixes: 2d8fff6b81bb ("bgpd: Implement BGP4V2-MIB(bgp4V2PeerErrorsTable)")
Signed-off-by: Dmytro Shytyi <dmytro.shytyi@6wind.com>
(cherry picked from commit d53460554552c288831524c60dd98c303cba7c26)
|
|
When 'no rpki' is requested and the rtrlib RPKI object was freed, bgpd
is crashing.
RPKI is configured in VRF red.
> ip l set red down
> ip l del red
> printf 'conf\n vrf red\n no rpki' | vtysh
> Core was generated by `/usr/bin/bgpd -A 127.0.0.1 -M snmp -M rpki -M bmp'.
> Program terminated with signal SIGSEGV, Segmentation fault.
> #0 __pthread_kill_implementation (no_tid=0, signo=11, threadid=140411103615424) at ./nptl/pthread_kill.c:44
> 44 ./nptl/pthread_kill.c: No such file or directory.
> [Current thread is 1 (Thread 0x7fb401f419c0 (LWP 190226))]
> (gdb) bt
> #0 __pthread_kill_implementation (no_tid=0, signo=11, threadid=140411103615424) at ./nptl/pthread_kill.c:44
> #1 __pthread_kill_internal (signo=11, threadid=140411103615424) at ./nptl/pthread_kill.c:78
> #2 __GI___pthread_kill (threadid=140411103615424, signo=signo@entry=11) at ./nptl/pthread_kill.c:89
> #3 0x00007fb4021ad476 in __GI_raise (sig=11) at ../sysdeps/posix/raise.c:26
> #4 0x00007fb4025ce22b in core_handler (signo=11, siginfo=0x7fff831b2d70, context=0x7fff831b2c40) at lib/sigevent.c:248
> #5 <signal handler called>
> #6 rtr_mgr_remove_group (config=0x55fe8789f750, preference=11) at /build/make-pkg/output/source/DIST_RTRLIB/rtrlib/rtrlib/rtr_mgr.c:607
> #7 0x00007fb40145f518 in rpki_delete_all_cache_nodes (rpki_vrf=0x55fe8789f4f0) at bgpd/bgp_rpki.c:442
> #8 0x00007fb401463098 in no_rpki_magic (self=0x7fb40146bba0 <no_rpki_cmd>, vty=0x55fe877f5130, argc=2, argv=0x55fe877fccd0) at bgpd/bgp_rpki.c:1732
> #9 0x00007fb40145c09a in no_rpki (self=0x7fb40146bba0 <no_rpki_cmd>, vty=0x55fe877f5130, argc=2, argv=0x55fe877fccd0) at ./bgpd/bgp_rpki_clippy.c:37
> #10 0x00007fb402527abc in cmd_execute_command_real (vline=0x55fe877fd150, vty=0x55fe877f5130, cmd=0x0, up_level=0) at lib/command.c:984
> #11 0x00007fb402527c35 in cmd_execute_command (vline=0x55fe877fd150, vty=0x55fe877f5130, cmd=0x0, vtysh=0) at lib/command.c:1043
> #12 0x00007fb4025281e5 in cmd_execute (vty=0x55fe877f5130, cmd=0x55fe877fb8c0 "no rpki\n", matched=0x0, vtysh=0) at lib/command.c:1209
> #13 0x00007fb4025f0aed in vty_command (vty=0x55fe877f5130, buf=0x55fe877fb8c0 "no rpki\n") at lib/vty.c:615
> #14 0x00007fb4025f2a11 in vty_execute (vty=0x55fe877f5130) at lib/vty.c:1378
> #15 0x00007fb4025f513d in vtysh_read (thread=0x7fff831b5fa0) at lib/vty.c:2373
> #16 0x00007fb4025e9611 in event_call (thread=0x7fff831b5fa0) at lib/event.c:2011
> #17 0x00007fb402566976 in frr_run (master=0x55fe871a14a0) at lib/libfrr.c:1212
> #18 0x000055fe857829fa in main (argc=9, argv=0x7fff831b6218) at bgpd/bgp_main.c:549
Fixes: 8156765abe ("bgpd: Add `no rpki` command")
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
(cherry picked from commit 4e053d65f1c7edbcc3391026300388513d4c31b0)
There is also an issue when doing "rpki reset" and then "no rpki".
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
|
|
```
0 0xb50b9f898028 in __sanitizer_print_stack_trace (/home/ubuntu/frr-public/frr_public_private-libfuzzer/bgpd/.libs/bgpd+0x368028) (BuildId: 3292703ed7958b20076550c967f879db8dc27ca7)
1 0xb50b9f7ed8e4 in fuzzer::PrintStackTrace() (/home/ubuntu/frr-public/frr_public_private-libfuzzer/bgpd/.libs/bgpd+0x2bd8e4) (BuildId: 3292703ed7958b20076550c967f879db8dc27ca7)
2 0xb50b9f7d4d9c in fuzzer::Fuzzer::CrashCallback() (/home/ubuntu/frr-public/frr_public_private-libfuzzer/bgpd/.libs/bgpd+0x2a4d9c) (BuildId: 3292703ed7958b20076550c967f879db8dc27ca7)
3 0xe0d12d7469cc (linux-vdso.so.1+0x9cc) (BuildId: 1a77697e9d723fe22246cfd7641b140c427b7e11)
4 0xe0d12c88f1fc in __pthread_kill_implementation nptl/pthread_kill.c:43:17
5 0xe0d12c84a678 in gsignal signal/../sysdeps/posix/raise.c:26:13
6 0xe0d12c83712c in abort stdlib/abort.c:79:7
7 0xe0d12d214724 in _zlog_assert_failed /home/ubuntu/frr-public/frr_public_private-libfuzzer/lib/zlog.c:789:2
8 0xe0d12d1285e4 in stream_get /home/ubuntu/frr-public/frr_public_private-libfuzzer/lib/stream.c:324:3
9 0xb50b9f8e47c4 in bgp_attr_encap /home/ubuntu/frr-public/frr_public_private-libfuzzer/bgpd/bgp_attr.c:2758:3
10 0xb50b9f8dcd38 in bgp_attr_parse /home/ubuntu/frr-public/frr_public_private-libfuzzer/bgpd/bgp_attr.c:3783:10
11 0xb50b9faf74b4 in bgp_update_receive /home/ubuntu/frr-public/frr_public_private-libfuzzer/bgpd/bgp_packet.c:2383:20
12 0xb50b9faf1dcc in bgp_process_packet /home/ubuntu/frr-public/frr_public_private-libfuzzer/bgpd/bgp_packet.c:4075:11
13 0xb50b9f8c90d0 in LLVMFuzzerTestOneInput /home/ubuntu/frr-public/frr_public_private-libfuzzer/bgpd/bgp_main.c:582:3
```
Reported-by: Iggy Frankovic <iggyfran@amazon.com>
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
(cherry picked from commit 0998b38e4d61179441f90dd7e7fd6a3a8b7bd8c5)
|
|
RFC 8212 should be restricted for eBGP peers.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
|
|
When the packet is malformed it can use whatever values it wants. Let's check
what the real data we have in a stream instead of relying on malformed values.
Reported-by: Iggy Frankovic <iggyfran@amazon.com>
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
(cherry picked from commit 9929486d6bdb28469a5b626a17d5bc9991c83ce3)
|
|
Fixes: 79563af564ad0fe5b9c8d95bf080d570f87b1859 ("bgpd: Get 1 or 2 octets for Sub-TLV length (Tunnel Encap attr)")
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
(cherry picked from commit 34b209f0ae2caca0d1ebcde9d4095375ac31b562)
|
|
bgpd: Set last reset reason to admin shutdown if it was manually (backport #16242)
|
|
version
If we receive CAPABILITY message (software-version), we SHOULD check if we really
have enough data before doing memcpy(), that could also lead to buffer overflow.
(data + len > end) is not enough, because after this check we do data++ and later
memcpy(..., data, len). That means we have one more byte.
Hit this through fuzzing by
```
0 0xaaaaaadf872c in __asan_memcpy (/home/ubuntu/frr-public/frr_public_private-libfuzzer/bgpd/.libs/bgpd+0x35872c) (BuildId: 9c6e455d0d9a20f5a4d2f035b443f50add9564d7)
1 0xaaaaab06bfbc in bgp_dynamic_capability_software_version /home/ubuntu/frr-public/frr_public_private-libfuzzer/bgpd/bgp_packet.c:3713:3
2 0xaaaaab05ccb4 in bgp_capability_msg_parse /home/ubuntu/frr-public/frr_public_private-libfuzzer/bgpd/bgp_packet.c:3839:4
3 0xaaaaab05c074 in bgp_capability_receive /home/ubuntu/frr-public/frr_public_private-libfuzzer/bgpd/bgp_packet.c:3980:9
4 0xaaaaab05e48c in bgp_process_packet /home/ubuntu/frr-public/frr_public_private-libfuzzer/bgpd/bgp_packet.c:4109:11
5 0xaaaaaae36150 in LLVMFuzzerTestOneInput /home/ubuntu/frr-public/frr_public_private-libfuzzer/bgpd/bgp_main.c:582:3
```
Hit this again by Iggy \m/
Reported-by: Iggy Frankovic <iggyfran@amazon.com>
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
(cherry picked from commit 5d7af51c4f7980507135babd94d392ca179c1bf7)
|
|
Before:
```
Neighbor EstdCnt DropCnt ResetTime Reason
127.0.0.1 0 0 never Waiting for peer OPEN (n/a)
```
After:
```
Neighbor EstdCnt DropCnt ResetTime Reason
127.0.0.1 0 0 never Waiting for peer OPEN (n/a)
```
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
(cherry picked from commit b5bd626a82b2541bee8e3120139e19ba05e444c8)
|
|
Before this patch, we always printed the last reason "Waiting for OPEN", but
if it's a manual shutdown, then we technically are not waiting for OPEN.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
(cherry picked from commit c25c7e929d550c2faca3af74a29593b8c0b75db3)
|
|
bgpd: Fix logging message when receiving a software version capability (backport #16033)
|
|
Without this patch we MUST follow this sequence:
```
no match peer 10.0.0.1
match peer 2a01::1
```
Otherwise, both IPv4/IPv6 values are set/compiled, thus when printing the
configuration in show running, we see the first one (IPv4).
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
(cherry picked from commit edfc03614f0c5e14cffde25afae111908cb3bf30)
|
|
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
(cherry picked from commit d50730ba48e337c6424ed7daba241d762060415d)
|
|
bgp_llgr topotest sometimes fails at step 8:
> topo: STEP 8: 'Check if we can see 172.16.1.2/32 after R4 (dynamic peer) was killed'
R4 neighbor is deleted on R2 because it fails to re-connect:
> 14:33:40.128048 BGP: [HKWM3-ZC5QP] 192.168.3.1 fd -1 went from Established to Clearing
> 14:33:40.128154 BGP: [MJ1TJ-HEE3V] 192.168.3.1(r4) graceful restart timer expired
> 14:33:40.128158 BGP: [ZTA2J-YRKGY] 192.168.3.1(r4) graceful restart stalepath timer stopped
> 14:33:40.128162 BGP: [H917J-25EWN] 192.168.3.1(r4) Long-lived stale timer (IPv4 Unicast) started for 20 sec
> 14:33:40.128168 BGP: [H5X66-NXP9S] 192.168.3.1(r4) Long-lived set stale community (LLGR_STALE) for: 172.16.1.2/32
> 14:33:40.128220 BGP: [H5X66-NXP9S] 192.168.3.1(r4) Long-lived set stale community (LLGR_STALE) for: 192.168.3.0/24
> [...]
> 14:33:41.138869 BGP: [RGGAC-RJ6WG] 192.168.3.1 [Event] Connect failed 111(Connection refused)
> 14:33:41.138906 BGP: [ZWCSR-M7FG9] 192.168.3.1 [FSM] TCP_connection_open_failed (Connect->Active), fd 23
> 14:33:41.138912 BGP: [JA9RP-HSD1K] 192.168.3.1 (dynamic neighbor) deleted (bgp_connect_fail)
> 14:33:41.139126 BGP: [P98A2-2RDFE] 192.168.3.1(r4) graceful restart stalepath timer stopped
af8496af08 ("bgpd: Do not delete BGP dynamic peers if graceful restart
kicks in") forgot to modify bgp_connect_fail()
Do not delete the peer in bgp_connect_fail() if Non-Stop-Forwarding is
in progress.
Fixes: af8496af08 ("bgpd: Do not delete BGP dynamic peers if graceful restart kicks in")
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
(cherry picked from commit e446308d76b4ac8f26149db982bf5ed5ac93d5f5)
|
|
bgpd: Ignore validating the attribute flags if path-attribute is configured (backport #15895)
|
|
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
(cherry picked from commit e411988a86f1b719fb16ec4c30499bfc650b4ea7)
|
|
If entering `no set as-path prepend 1 2 3`, it's warned as unknown command.
Now fixed, and the following combinations work fine:
```
no set as-path prepend
no set as-path prepend last-as
no set as-path prepend last-as 1
no set as-path prepend 1
no set as-path prepend 1 2
```
Fixes: https://github.com/FRRouting/frr/issues/15912
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
(cherry picked from commit e069a1c8d52bb6e7808303df488d7ce912e4f652)
|
|
E.g. Cisco sends AIGP attribute as transitive, but it's wrong. Hence, the session
is teared down, because of this bgp_attr_flag_invalid() test.
Relax this check if we have `neighbor X path-attribute <discard|treat-as-withdraw>`
configured.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
(cherry picked from commit 714e5be9a0804c0da2c9429bead274bbaefc9939)
|
|
When BGP receives an SRV6_LOCATOR_ADD message from zebra, it calls the
`bgp_zebra_process_srv6_locator_add()` function to process the message.
`bgp_zebra_process_srv6_locator_add()` decodes the message first, and
then if the pointer to the default BGP instance is NULL (i.e. the
default BGP instance is not configured yet), it returns early without
doing anything and without using the decoded message information.
This commit fixes the order of the operations executed by
`bgp_zebra_process_srv6_locator_add()`. We first ensure that the default
BGP instance is ready and we return early if it is not. Then, we decode
the message and do something with the information contained in it.
Signed-off-by: Carmine Scarpitta <cscarpit@cisco.com>
(cherry picked from commit bdc2c7bc5473b5582419702211c22e5d29bf0631)
|
