| Age | Commit message (Collapse) | Author |
|---|
|
In the "2x2 matrix" of these, I accidentally edited "row-wise" when I
should've edited "column-wise"... *sigh*
Reported-by: github.com/rbfnet
Fixes: #16349
Fixes: 110945ba0d2 ("ospfd: fix GR state location")
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
|
|
1. On P2MP interfaces, direct ack would include the same LSA multiple times
multiple packets are processed before the OSPF interfae direct LSA
acknowledgment event is processed. Now duplicates LSA in the same event
are suppressed.
2. On non-broadcast interfaces, direct acks for multiple neighbors would be
unicast to the same neighbor due to the multiple OSPF LS Update packets
being process prior to the OSPF interface direct ack event. Now, separate
direct acks are unicast to the neighbors requiring them.
3. The interface delayed acknowledgment timer runs would run continously
(every second as long as the interace is up). Now, the timer is set
when delayed acknowledgments are queued and all queued delayed
acknowledges are sent when it fires.
4. For non-broadcast interface delayed acknowledgments, the logic to send
to multiple neighbors wasn't working because the list was emptied while
building the packet for the first neighbor.
Signed-off-by: Acee Lindem <acee@lindem.com>
|
|
The current OSPF neighbor retransmission operates on a single per-neighbor
periodic timer that sends all LSAs on the list when it expires.
Additionally, since it skips the first retransmission of received LSAs so
that at least the retransmission interval (resulting in a delay of between
the retransmission interval and twice the interval. In environments where
the links are lossy on P2MP networks with "delay-reflood" configured (which
relies on neighbor retransmission in partial meshs), the implementation
is sub-optimal (to say the least).
This commit reimplements OSPF neighbor retransmission as follows:
1. A new data structure making use the application managed
typesafe.h doubly linked list implements an OSPF LSA
list where each node includes a timestamp.
2. The existing neighbor LS retransmission LSDB data structure
is augmented with a pointer to the list node on the LSA
list to faciliate O(1) removal when the LSA is acknowledged.
3. The neighbor LS retransmission timer is set to the expiration
timer of the LSA at the top of the list.
4. When the timer expires, LSAs are retransmitted that within
the window of the current time and a small delta (50 milli-secs
default). The LSAs that are retransmited are given an updated
retransmission time and moved to the end of the LSA list.
5. Configuration is added to set the "retransmission-window" to a
value other than 50 milliseconds.
6. Neighbor and interface LSA retransmission counters are added
to provide insight into the lossiness of the links. However,
these will increment quickly on non-fully meshed P2MP networks
with "delay-reflood" configured.
7. Added a topotest to exercise the implementation on a non-fully
meshed P2MP network with "delay-reflood" configured. The
alternative was to use existing mechanisms to instroduce loss
but these seem less determistic in a topotest.
Signed-off-by: Acee Lindem <acee@lindem.com>
|
|
```
=================================================================
==6717==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 1008 byte(s) in 14 object(s) allocated from:
0 0x7f9ea0dc7d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
1 0x7f9ea034d51f in json_object_new_object (/lib/x86_64-linux-gnu/libjson-c.so.3+0x351f)
2 0x564b56d0fed6 in show_ip_ospf_interface_common ospfd/ospf_vty.c:4011
3 0x564b56d1068c in show_ip_ospf_interface ospfd/ospf_vty.c:4285
4 0x7f9ea06fe1c0 in cmd_execute_command_real lib/command.c:1002
5 0x7f9ea06fe684 in cmd_execute_command lib/command.c:1060
6 0x7f9ea06feb03 in cmd_execute lib/command.c:1227
7 0x7f9ea08415b2 in vty_command lib/vty.c:616
8 0x7f9ea0841a5d in vty_execute lib/vty.c:1379
9 0x7f9ea084b367 in vtysh_read lib/vty.c:2374
10 0x7f9ea08350cd in event_call lib/event.c:2011
11 0x7f9ea0764386 in frr_run lib/libfrr.c:1217
12 0x564b56c25b18 in main ospfd/ospf_main.c:295
13 0x7f9e9fd5bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Indirect leak of 7168 byte(s) in 14 object(s) allocated from:
0 0x7f9ea0dc7d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
1 0x7f9ea0350fa4 in lh_table_new (/lib/x86_64-linux-gnu/libjson-c.so.3+0x6fa4)
Indirect leak of 1232 byte(s) in 14 object(s) allocated from:
0 0x7f9ea0dc7d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
1 0x7f9ea0350f82 in lh_table_new (/lib/x86_64-linux-gnu/libjson-c.so.3+0x6f82)
SUMMARY: AddressSanitizer: 9408 byte(s) leaked in 42 allocation(s).
***********************************************************************************
```
Fixes: e24ff4c275f0729f75be9f68d08be80ac1e0ec56 ("ospfd: Drop `interfaceIp` from `show ip ospf neigh json")
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
|
|
Deprecated. Now it's under interface field directly:
```
{
"interfaces":{
"enp3s0":{
"ifUp":true,
"ifIndex":2,
"mtuBytes":1500,
"bandwidthMbit":100,
"ifFlags":"<UP,LOWER_UP,BROADCAST,RUNNING,MULTICAST>",
"ospfEnabled":true,
"ipAddress":"192.168.10.19",
"ipAddressPrefixlen":24,
"ospfIfType":"Broadcast",
"localIfUsed":"192.168.10.255",
"area":"0.0.0.0",
"routerId":"100.100.100.100",
"networkType":"POINTOPOINT",
"cost":1000,
"transmitDelaySecs":1,
"state":"Point-To-Point",
"priority":1,
"opaqueCapable":true,
"mcastMemberOspfAllRouters":true,
"timerMsecs":10000,
"timerDeadSecs":40,
"timerWaitSecs":40,
"timerRetransmitSecs":5,
"timerHelloInMsecs":2924,
"nbrCount":0,
"nbrAdjacentCount":0,
"grHelloDelaySecs":10,
"prefixSuppression":false,
"nbrFilterPrefixList":"N\/A"
}
}
}
```
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
|
|
ospfd: add instance id for one command
|
|
Add the specific instance id for the command:
```
show ip ospf [{(1-65535)$instance|vrf <NAME|all>}] graceful-restart helper [detail] [json]
```
Signed-off-by: anlan_cs <anlan_cs@tom.com>
|
|
During fuzzing, Iggy Frankovic discovered that get_edge() function in ospf_te.c
could return null pointer, in particular when the link_id or advertised router
IP addresses are fuzzed. As the null pointer returned by get_edge() function is
not handlei by calling functions, this could cause ospfd crash.
This patch introduces new verification of returned pointer by get_edge()
function and stop the processing in case of null pointer. In addition, link ID
and advertiser router ID are validated before calling ls_find_edge_by_key() to
avoid the creation of a new edge with an invalid key.
CVE-2024-34088
Co-authored-by: Iggy Frankovic <iggyfran@amazon.com>
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
|
|
Iggy Frankovic discovered another ospfd crash when performing fuzzing of OSPF
LSA packets. The crash occurs in ospf_te_parse_ext_link() function when
attemping to read Segment Routing Adjacency SID subTLVs. The original code
doesn't check if the size of the Extended Link TLVs and subTLVs have the correct
length. In presence of erronous LSA, this will cause a buffer overflow and ospfd
crashes.
This patch introduces new verification of the subTLVs size for Extended Link
TLVs and subTLVs. Similar check has been also introduced for the Extended
Prefix TLV.
Co-authored-by: Iggy Frankovic <iggyfran@amazon.com>
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
|
|
Iggy Frankovic discovered another ospfd crash when performing fuzzing of OSPF
LSA packets. The crash occurs in ospf_te_parse_ri() function when attemping to
read Segment Routing subTLVs. The original code doesn't check if the size of
the SR subTLVs have the correct length. In presence of erronous LSA, this will
cause a buffer overflow and ospfd crash.
This patch introduces new verification of the subTLVs size for Router
Information TLV.
Co-authored-by: Iggy Frankovic <iggyfran@amazon.com>
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
|
|
If you had a situation where an operator turned on
ospfd with snmp but not ospf6d and agentx was configured
then you get into a situation where ospf6d would complain
that the config for agentx did not exist. Let's modify
the code to allow this situation to happen.
Fixes: #15896
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
|
|
ospfd: fix the bug where ip_ospf_dead-interval_minimal_hello-multiplier did not reset hello timer
|
|
not reset hello timer
Signed-off-by: Bing Shui <652023330037@smail.nju.edu.cn>
|
|
vtysh: Show `ip ospf network ...` even if it's not the same as the interface type
|
|
ospfd: OSPFAPI Server options to limit to local connections and per-instance TCP
|
|
This commit include OSPFAPI Server options to:
1. Allow specification of the OSPFAPI server local address.
2. Allow different OSPFAPI server TCP ports to be specified for different
OSPF instances in /etc/services.
Signed-off-by: Acee Lindem <acee@lindem.com>
|
|
ospfd: Add prefix-list filtering of OSPF neighbors on OSPF interface
|
|
type
ospfv3 shows this unconditionally, and ospfv2 does not show `ip ospf network ...` if the type of the interface matches the specified network.
Fixes: https://github.com/FRRouting/frr/issues/15817
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
|
|
This reverts commit 438ef98701e9922e81a451f87ad053268a1a557e.
The previous code was correct even if the coverity scanner was
complaining.
Fixes: https://github.com/FRRouting/frr/issues/15680
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
|
|
This commit adds the capabiity to filter OSPF neighbors using a
prefix-list with rules matching the neighbor's IP source address.
Configuration, filtering, immediate neighbor pruning, topo-tests,
and documentation are included. The command is:
ip ospf neighbor-filter <prefix-list> [A.B.C.D]
Signed-off-by: Acee Lindem <acee@lindem.com>
|
|
Signed-off-by: Bing Shui <652023330037@smail.nju.edu.cn>
|
|
Signed-off-by: Bing Shui <652023330037@smail.nju.edu.cn>
|
|
ospfd, ospf6d: Remove deprecated JSON fields
|
|
ospfd/ospf_sr.c: In function ‘show_sr_node.part.5’:
ospfd/ospf_sr.c:2745:32: warning: ‘%u’ directive output may be truncated writing between 1 and 10 bytes into a region of size 2 [-Wformat-truncation=]
snprintf(tmp, sizeof(tmp), "%u", i);
^~
ospfd/ospf_sr.c:2745:31: note: directive argument in the range [0, 2147483646]
snprintf(tmp, sizeof(tmp), "%u", i);
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
|
|
restartSupoort
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
|
|
This extends non-broadcast support to point-to-multipoint networks.
Neighbors will be explicitly configured and polled in lieu of multicast
dicovery. Toptotests and documentation updates are included.
Additionally, the ospf neighbor commands have been greatly simplified taking
advantage of DEFPY() capabilities.
The AllOSPFRouters (224.0.0.5) is still joined for non-broadcast networks
since it is joined for NBMA networks. It seems this could be removed but
it should done be in a separate commit.
Signed-off-by: Acee Lindem <acee@lindem.com>
|
|
LabNConsulting/acee/ospf-link-flap-ase-route-change
ospfd: Assure OSPF AS External routes are installed after link flap
|
|
OSPF intra/inter area routes were previously marked to assure they
are re-installed after a fast link flap in the commit:
commit effee18744ad3e1777614f58350d74fb718d3211
Author: Donald Sharp <sharpd@nvidia.com>
Date: Mon May 24 13:45:29 2021 -0400
ospfd: Fix quick interface down up event handling in ospf
This commit extends this fix to OSPF AS External routes as well.
Signed-off-by: Acee <aceelindem@gmail.com>
|
|
With this fix, OSPF LS Updates sent in response to OSPF LS Requests during the DB Exchange process will be sent as unicasts. Unless the timing of multiple database exchanges coincides, there is little chance that the LSAs in the LS Update are required by OSPF routers other than the one which elicited the LS Update.
This is somewhat ambigous in RFC 2328 and two errata have been filed for clarification:
https://www.rfc-editor.org/errata/eid7850
https://www.rfc-editor.org/errata/eid7851
FRR OSPFv3 (ospf6d) already does it correctly - see ospf6_lsupdate_send_neighbor(struct event *thread). Also, if there is any doubt, one can refer to the C++ code at ospf.org (John Moy's seminal OSPF reference implementation).
Signed-off-by: Acee Lindem <acee@lindem.com>
|
|
add ietf-key-chain YANG module support
|
|
Signed-off-by: Christian Hopps <chopps@labn.net>
|
|
When an AS-external-route is deleted on our system and later added again
with a new metric, then the ospfd would first send a LS-update to remove
the old route and later another LS-update to add the route with the new
metric again.
But when this metric-change happens with no time inbetween the ospfd
recognizes this as the same route and does not send any LS-update.
With the change made here, the ospfd will interpret this route as a
different route, when the metric has changed.
Signed-off-by: Alexander Rose <alexander.rose@secunet.com>
|
|
ospfd: Solved crash in OSPF TE parsing
|
|
Iggy Frankovic discovered an ospfd crash when perfomring fuzzing of OSPF LSA
packets. The crash occurs in ospf_te_parse_te() function when attemping to
create corresponding egde from TE Link parameters. If there is no local
address, an edge is created but without any attributes. During parsing, the
function try to access to this attribute fields which has not been created
causing an ospfd crash.
The patch simply check if the te parser has found a valid local address. If not
found, we stop the parser which avoid the crash.
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
|
|
ospfd: Add deprecation cycle for `router-info X [A.B.C.D]` command
|
|
ospfd: fix cli shown in running config when turning off ldp-sync
|
|
SA finds this:
error 14-Feb-2024 14:52:24 ospfd/ospf_te.c:3962:2: warning: Value stored to 'sub' is never read [deadcode.DeadStores]
error 14-Feb-2024 14:52:24 sub = 0;
error 14-Feb-2024 14:52:24 ^ ~
error 14-Feb-2024 14:52:24 1 warning generated.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
|
|
LDP-Sync is automatically enabled on interfaces when turned on in
router ospf context. The user can remove ldp-sync from running
on an interface, by issuing a "no ip ospd mpls ldp-sync" command.
To remove all ldp-sync interface commands the user must delete
ldp-sync at the router level. The code was not correctly removing
the config. This PR fixes that issue. Now the extra cli
ldp-sync commands are removed when ldp-sync is disabled.
Signed-off-by: Lynne Morrison <lynne.morrison@ibm.com>
|
|
When dumping ospf database with json output, decode Extended Link and Extended
Prefix TLVs and sub-TLVs.
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
|
|
When dumping ospf database with json output, decode Router Information TLVs
and sub-TLVs.
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
|
|
When dumping ospf database with json output, decode Traffic Engineering TLVs
and sub-TLVs.
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
|
|
Instead of output bulk of data with json output, prepare json context to decode
opaque TLVs and sub-TLVs.
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
|
|
Specifying an area is not relevant anymore. Use it for some time as a hidden
command to avoid breaking the scripts.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
|
|
ospfd: can not delete "segment-routing node-msd" when SR if off
|
|
frr-reload.py will walk through all config contexts and prepend no to the CLI
command. This requires that the vtysh shell code accepts a full command.
To Reproduce
vtysh -c "conf t" -c "router ospf" -c "router-info area"
vtysh -c "conf t" -c "router ospf" -c "no router-info area"
% Unknown command: no router-info area
vtysh -c "conf t" -c "router ospf" -c "no router-info"
Signed-off-by: Christian Breunig <christian@breunig.cc>
|
|
This fixes the initial implementation of commit 7743f2f8c00 ("OSPFd: Update
Segment Routing PR following review") where it wsa not possible to remove
the "segment-routing node-msd" CLI nodes via vtysh once segment-routing got
disabled.
Closes #14910
Signed-off-by: Christian Breunig <christian@breunig.cc>
|
|
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
|
|
Create a single registry of default port values that daemons
are using. Most of these are vty ports, but there are some
others for features like ospfapi and zebra FPM.
Signed-off-by: Mark Stapp <mjs@labn.net>
|
|
This belongs in `/var/lib`, not `/var/run`.
Use library facility to load/save, support previous path as fallback,
and do proper fsync().
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
|
|
clang-format doesn't understand FRR_DAEMON_INFO is a long macro where
laying out items semantically makes sense.
(Also use only one `FRR_DAEMON_INFO(` in isisd so editors don't get
confused with the mismatching `( ( )`.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
|
