frr (7.4-1) [PTS] [DDPO]
OLD: VCS is behind the version in the archive: 7.3.1-1 < 7.4-1.Hint: This git repository uses http. You might need to run git update-server-info to update the auxiliary info files.
- Git: https://github.com/FRRouting/frr.git -b debian/master
- Branch: debian/master
- Path: debian/changelog
- Browser: https://github.com/FRRouting/frr/tree/debian/master
- Last scan: 2021-01-25 02:25:04+00
- Next scan: 2021-01-26 06:03:00+00
- Debian changelog in Git:
frr (7.3.1-1) unstable; urgency=medium [ David Lamparter ] * allow cross-compile with sbuild --host [ Ondřej Surý ] * Add myself to Uploaders * Add d/gbp.conf * Update changelog for 7.3.1-1~1.gbp2292a4 release * Change the source format from git to quilt to use git-buildpackage * Don't install frr-doc texinfo images, they are gone (Closes: #955067) * Bump the dh_compat to 10 -- Ondřej Surý <ondrej@debian.org> Mon, 01 Jun 2020 08:41:03 +0200
- This branch is 704 commits ahead of tag frr-7.3.1
- Git log:
commit dd9387fc72b43a7c03af74a45808a1052f83dd3b Merge: 19d883663 b4cdd635b Author: David Lamparter <equinox@opensourcerouting.org> Date: Wed Jul 15 20:30:30 2020 +0200 Merge pull request #6673 from oerdnj/debian/master commit b4cdd635b54d7230cad47df7a70ed8035f795f42 Author: Ondřej Surý <ondrej@sury.org> Date: Fri Jul 3 12:46:45 2020 +0200 Make lsb-base a hard dependency Directly depend on lsb-base in Debian, so we the shims are only used on systems without LSB. Signed-off-by: Ondřej Surý <ondrej@sury.org> commit 2010cec08ed2e64f0b841537d70d3df3c7d2149a Author: Ondřej Surý <ondrej@sury.org> Date: Fri Jul 3 12:46:51 2020 +0200 Remove mention of pkg.frr.snmp build profile from debian/README.Debian The pkg.frr.snmp build profile is no longer present in the Debian build scripts, so this just cleans up the old documentation that mentions it. Signed-off-by: Ondřej Surý <ondrej@sury.org> commit 1ab0d9785a7e71cf56c89feef0d2cd1e38662c58 Author: Ondřej Surý <ondrej@sury.org> Date: Fri Jul 3 12:46:49 2020 +0200 Add missing lsof dependency The logrotate script for frr uses lsof, but the package didn't depend on the it. Signed-off-by: Ondřej Surý <ondrej@sury.org> commit 4b82120ace75f283dbd93762bb7413c1e5e1e1c3 Author: Ondřej Surý <ondrej@sury.org> Date: Fri Jul 3 12:46:48 2020 +0200 Remove unused debian/watchfrr.rc file The debian/watchfrr.rc file was not install, so we just remove the cruft. Signed-off-by: Ondřej Surý <ondrej@sury.org> commit 071a3c3fc5e8cc2aadd9c3a989a154f3540b3fbf Author: Ondřej Surý <ondrej@sury.org> Date: Fri Jul 3 12:46:46 2020 +0200 Use dh_installinit capabilities to install frr.tmpfile The debian/frr.conf was manually installed as systemd-tmpfiles configuration, but the dh_installinit now has capability to install it automatically if named debian/frr.tmpfile. Signed-off-by: Ondřej Surý <ondrej@sury.org> commit 19d88366346ccbfa1c6539e5056cca129782da70 Merge: d1312e009 649529592 Author: David Lamparter <equinox@opensourcerouting.org> Date: Mon Jun 1 14:09:44 2020 +0200 Merge pull request #6492 from oerdnj/debian/master commit 649529592533affa1c5d4f4b155d1396a52e9da9 Author: Ondřej Surý <Ondřej Surý ondrej@debian.org> Date: Mon Jun 1 08:41:07 2020 +0200 Update changelog for 7.3.1-1 release commit 5cb2b3c6f2fdadf8956349497b0544c3c5703544 Author: Ondřej Surý <Ondřej Surý ondrej@debian.org> Date: Mon Jun 1 08:41:00 2020 +0200 Bump the dh_compat to 10 commit cfde41c5da2b9b9402e7467e91f091d7ef0c0506 Author: Ondřej Surý <Ondřej Surý ondrej@debian.org> Date: Sun May 31 18:27:13 2020 +0200 Don't install frr-doc texinfo images, they are gone (Closes: #955067) commit c7707ca4298b4d50a7c8f2112ca37b9a8d67102f Author: Ondřej Surý <Ondřej Surý ondrej@debian.org> Date: Sun May 31 18:02:49 2020 +0200 Change the source format from git to quilt to use git-buildpackage commit b1d8018cd89e3bc9bfbf44a8f93a4108e16cdb17 Author: Ondřej Surý <Ondřej Surý ondrej@debian.org> Date: Sun May 31 17:46:50 2020 +0200 Update changelog for 7.3.1-1~1.gbp2292a4 release commit 2292a486bca61a8a444bdb3643a62e9d2852162b Author: Ondřej Surý <Ondřej Surý ondrej@debian.org> Date: Sun May 31 17:46:35 2020 +0200 Add d/gbp.conf commit cd900a5ebd47cfaca60bbeadab3102a3f0e5b99b Author: Ondřej Surý <Ondřej Surý ondrej@debian.org> Date: Sun May 31 17:44:28 2020 +0200 Add myself to Uploaders commit ae6480dbea5b025318329ee5ad00ec680a56cc03 Merge: d1312e009 a87315ebd Author: Ondřej Surý <Ondřej Surý ondrej@debian.org> Date: Sun May 31 17:42:18 2020 +0200 Merge tag 'frr-7.3.1' into debian/master FRRouting Release 7.3.1 commit d1312e009b62331d39d0b9e77997b2f42be66f46 Author: David Lamparter <equinox@diac24.net> Date: Mon Apr 6 19:28:56 2020 +0200 debian: make cross-compile work This allows e.g. "sbuild --host=arm64" to build packages for other architectures on, say, fat amd64 servers. As a side effect, the Debian build uses a separate builddir, which helps noting issues on that front. Signed-off-by: David Lamparter <equinox@diac24.net> commit 46bf67e739f5a14a3cf7f7a646ef2ee0059233b0 Author: David Lamparter <equinox@diac24.net> Date: Tue Feb 25 17:45:53 2020 +0100 debian: 7.3-1 Signed-off-by: David Lamparter <equinox@diac24.net> commit 1a3de6c6080052beba2c16da9f622bd8480c3812 Merge: 25321d069 c0038fca9 Author: David Lamparter <equinox@diac24.net> Date: Tue Feb 25 17:32:36 2020 +0100 Merge tag 'frr-7.3' into debian/master FRRouting Release 7.3 commit 25321d0695084c4d953e9af24b3776e34cef29b1 Author: David Lamparter <equinox@diac24.net> Date: Mon Jan 20 17:06:29 2020 +0100 debian: 7.2.1-1 Signed-off-by: David Lamparter <equinox@diac24.net> commit 6b56b84d8a14b184ba6aa7a9c107783e752675d3 Author: David Lamparter <equinox@diac24.net> Date: Mon Jan 20 16:57:10 2020 +0100 debian: 7.2.1 prep Just the odd housekeeping bits. Signed-off-by: David Lamparter <equinox@diac24.net> commit 83ab3638be67402a7e46a6d6fe542fa5916d3b45 Author: David Lamparter <equinox@diac24.net> Date: Mon Jan 20 16:53:55 2020 +0100 debian: remove outdated README content Signed-off-by: David Lamparter <equinox@diac24.net> commit 7eb5faa7e619291e6df08b50ac7601b40ff9c912 Merge: 3104f78b9 90446e3c3 Author: David Lamparter <equinox@diac24.net> Date: Mon Jan 20 16:20:09 2020 +0100 Merge tag 'frr-7.2.1' into debian/master FRRouting Release 7.2.1 commit 90446e3c3310001a7b84017fa4b237ea7914f45e Author: Martin Winter <mwinter@opensourcerouting.org> Date: Fri Jan 17 17:18:19 2020 +0100 FRRouting Release 7.2.1 (Maintenance Release) - BGPd - Fix Addpath issue - Do not apply eBGP policy for iBGP peers - Show `ip` and `fqdn` in json output for `show [ip] bgp <route> json` - Fix large route-distinguisher's format - Fix `no bgp listen range ...` configuration command - Autocomplete neighbor for clear bgp - Reflect the distance in RIB when it is changed for an arbitrary afi/safi - Notify "Peer De-configured" after entering 'no neighbor <neighbor> cmd - Fix per afi/safi addpath peer counting - Rework BGP dampening to be per AFI/SAFI - Do not send next-hop as :: in MP_REACH_NLRI if no link-local exists - Override peer's TTL only if peer-group is configured with TTL - Remove error message for unkown afi/safi combination - Keep the session down if maximum-prefix is reached - OSPFd - Fix BFD down not tearing down OSPF adjacency for point-to-point net - BFDd - Fix multiple VRF handling - VRF security improvement - PIMd - Fix rp crash - NHRPd - Make sure `no ip nhrp map <something>` works as expected - LDPd - Add missing sanity check in the parsing of label messages - Zebra - Use correct state when installing evpn macs - Capture dplane plugin flags - lib - Fix interface config when vrf changes - Fix Interface Infinite Loop Walk (for special interfaces such as bond) - snapcraft - fix missing vrrpd daemon - Others - Rename man pages (to avoid conflicts with other packages) - Various other fixes for code cleanup and memory leaks Signed-off-by: Martin Winter <mwinter@opensourcerouting.org> commit 3b08fde9dd27470c365203a7fa575d5397709a3d Merge: 7390ea4f6 97af7d892 Author: David Lamparter <equinox@opensourcerouting.org> Date: Thu Jan 16 22:24:27 2020 +0100 Merge pull request #5696 from qlyoung/stable-7.2-backport-more More 7.2 bugfix backports commit 97af7d892c916656cee1e64765c7f7a628912797 Author: Quentin Young <qlyoung@cumulusnetworks.com> Date: Sat Dec 21 20:19:47 2019 -0500 pimd: readd iph length checks Kernel might not hand us a bad packet, but better safe than sorry here. Validate the IP header length field. Also adds an additional check that the packet length is sufficient for an IGMP packet, and a check that we actually have enough for an ip header at all. Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com> commit ffae92d209a85c1d1b8714eb427ac4a73df73746 Author: Quentin Young <qlyoung@cumulusnetworks.com> Date: Sat Dec 21 21:02:15 2019 -0500 pimd: fix missing igmp mtrace length check We check that the IGMP message is sufficently sized for an mtrace query, but not a response, leading to uninitialized stack read. Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com> commit fe4cce36ff0d6802c814d44b0d4019e371aba7a9 Author: Quentin Young <qlyoung@cumulusnetworks.com> Date: Thu Dec 12 00:13:58 2019 -0500 ospfd: sizeof(pointer) -> sizeof(pointed-at) 14 years old eh? Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com> commit 2647deb6b49adc59ef6ef1427b740e6b94961198 Author: Quentin Young <qlyoung@cumulusnetworks.com> Date: Thu Dec 12 00:09:39 2019 -0500 ospfd: fix misplaced trust in ip header length We actually don't validate the IHL field, although it certainly looks like we do at a casual glance. This patch saves us from an assert in case we actually do get an IP packet with an incorrect header length field. Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com> commit 70b4d467fd0cfdea54cbef611ef2244274d0d03c Author: Quentin Young <qlyoung@cumulusnetworks.com> Date: Tue Dec 3 15:48:27 2019 -0500 bgpd: more attribute parsing cleanup & paranoia * Move VNC interning to the appropriate spot * Use existing bgp_attr_flush_encap to free encap sets * Assert that refcounts are correct before exiting to keep the demons contained in their fiery prison Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com> commit e926d43c14b58bbf30c7a8f17fb78131616dafe6 Author: Quentin Young <qlyoung@cumulusnetworks.com> Date: Tue Dec 3 16:01:19 2019 -0500 bgpd: remove bgp_attr_dup yeah Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com> commit ccce196df913171e8898d78ca6b8ac4d58623281 Author: Quentin Young <qlyoung@cumulusnetworks.com> Date: Tue Dec 3 13:12:25 2019 -0500 lib: fix heap buf overflow when adding prefix orf Don't lose your way Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com> commit 7c2d8181b867ef79ffdeb077f03d80d211aae4ab Author: Quentin Young <qlyoung@cumulusnetworks.com> Date: Tue Nov 26 14:42:40 2019 -0500 bgpd: clean up attribute parsing state before ret Early exits without appropriate cleanup were causing obscure double frees and other issues later on in the attribute parsing code. If we return anything except a hard attribute parse error, we have cleanup and refcounts to manage. Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com> commit ff9c00d2d5fe0d934a3acaaca8e88c61119bbfdf Author: Quentin Young <qlyoung@cumulusnetworks.com> Date: Tue Nov 26 14:42:26 2019 -0500 bgpd: ensure transit ptr is nulled on free Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com> commit 61dad26069acba48c7a1a94c7596e52031972f7e Author: Quentin Young <qlyoung@cumulusnetworks.com> Date: Sun Nov 24 02:02:54 2019 -0500 bgpd: fix bad bounds check for addpath in nlri If a peer advertised capability addpath in their OPEN, but sent us an UPDATE without an ADDPATH, we overflow a heap buffer. Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com> commit d8a9566e4b1a8b25545ded2a2b4dbbc013d334ac Author: Quentin Young <qlyoung@cumulusnetworks.com> Date: Thu Nov 21 18:55:59 2019 -0500 bgpd: fix heap buffer overflow in lcom -> str enc Spaces were not being accounted for in the heap buffer sizing, leading to a heap buffer overflow when encoding large communities to their string representations. This patch also uses safer functions to do the encoding instead of pointer math. Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com> commit 73b5d44168a1f7927bae7943fb9ec3dac953206d Author: Quentin Young <qlyoung@cumulusnetworks.com> Date: Thu Nov 21 19:01:55 2019 -0500 bgpd: use safe functions to work with ecom attrs Tons of insane just-so pointer math here where it is not needed. This is too smart. Use safer methods. Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com> commit f7704ce3b4f0f6511833b56ca0a5bd9148f63297 Author: Quentin Young <qlyoung@cumulusnetworks.com> Date: Thu Nov 21 19:00:11 2019 -0500 bgpd: remove extra ecom attr ptr increment Copy paste leads to invalid read of 1 byte off the heap when converting extended community attributes into strings. Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com> commit 7390ea4f6fc6d980af215b8d8b55eccb9a484ddb Merge: 9da756263 b74d522b7 Author: David Lamparter <equinox@opensourcerouting.org> Date: Thu Jan 16 14:30:57 2020 +0100 bgpd: [7.2] fix unaligned access to addpath id (#5693) bgpd: [7.2] fix unaligned access to addpath id commit 9da75626313daca848085c47c8570117f5db1dcb Merge: 206b53486 1efd38601 Author: Donald Sharp <sharpd@cumulusnetworks.com> Date: Thu Jan 16 07:17:59 2020 -0500 Merge pull request #5689 from ton31337/fix/addpath_adj_out_look_compare_id_7.2 bgpd: [7.2] add addpath ID to adj_out tree sort commit b74d522b7e378e0588876d38d61d32f8f99dc2c0 Author: Santosh P K <sapk@vmware.com> Date: Tue Jan 7 07:47:13 2020 -0800 bgpd: fix unaligned access to addpath id uint8_t * cannot be cast to uint32_t * unless the pointed-to address is aligned according to uint32_t's alignment rules. And it usually is not. Signed-off-by: Santosh P K <sapk@vmware.com> commit 206b53486b6aa4f4b245108521ae3097a833fc55 Merge: da6aa90ee 2a40b5782 Author: David Lamparter <equinox@opensourcerouting.org> Date: Thu Jan 16 11:39:21 2020 +0100 Stable 7.2 backport edible arrangement (#5687) Stable 7.2 backport edible arrangement commit 1efd386013d8c8baec6a156a0783959a611c492a Author: Mitchell Skiba <mskiba@amazon.com> Date: Thu Jan 9 11:46:13 2020 -0800 bgpd: add addpath ID to adj_out tree sort When withdrawing addpaths, adj_lookup was called to find the path that needed to be withdrawn. It would lookup in the RB tree based on subgroup pointer alone, often find the path with the wrong addpath ID, and return null. Only the path highest in the tree sent to the subgroup could be found, thus withdrawn. Adding the addpath ID to the sort criteria for the RB tree allows us to simplify the logic for adj_lookup, and address this problem. We are able to remove the logic around non-addpath subgroups because the addpath ID is consistently 0 for non-addpath adj_outs, so special logic to skip matching the addpath ID isn't required. (As a side note, addpath will also never use ID 0, so there won't be any ambiguity when looking at the structure content.) Signed-off-by: Mitchell Skiba <mskiba@amazon.com> commit da6aa90eef8d92a942ab7252311ffad01ef92a43 Merge: 19f741886 c44fc929c Author: Donatas Abraitis <donatas.abraitis@gmail.com> Date: Wed Jan 15 20:38:08 2020 +0200 Merge pull request #5685 from opensourcerouting/7.2/manpage-rename [7.2] doc: manpage rename commit 2a40b57822b912f735253affb57da371e908e0ab Author: Quentin Young <qlyoung@cumulusnetworks.com> Date: Wed Jan 15 13:00:34 2020 -0500 bgpd: fix memory leak when parsing capabilities Duplicated domain name capability messages cause memory leak. The amount of leaked memory is proportional to the size of the duplicated capabilities. This bug was introduced in 2015. To hit this, a BGP OPEN message must contain multiple FQDN capabilities. Memory is leaked when the hostname portion of the capability is of length 0, but the domainname portion is not, for any of the duplicated capabilities beyond the first one. https://tools.ietf.org/html/draft-walton-bgp-hostname-capability-00 Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com> commit 890a732c6baf6ffb4f10b27a5720809dc6fad51a Author: Quentin Young <qlyoung@cumulusnetworks.com> Date: Tue Jan 14 13:55:55 2020 -0500 zebra: bfd message handling cleanup foo Previous patches introduced various issues: - Removal of stream_free() to fix double free caused memleak - Patch for memleak was incomplete This should fix it hopefully. Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com> commit 3c21800a0c0bb381038fdb4203231a9a1d401b9e Author: Quentin Young <qlyoung@cumulusnetworks.com> Date: Thu Jan 9 18:50:18 2020 -0500 zebra: fix bfd deregister message memleak Removing double frees accidentally introduced a memleak Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com> commit 6ce6a18636950898e15eee644949c82ed3820ef5 Author: Quentin Young <qlyoung@cumulusnetworks.com> Date: Tue Jan 7 00:51:35 2020 -0500 bgpd: avoid memcmp(NULL, NULL) Undefined behavior Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com> commit 8629ea6839dcaf79b85e606248bd7dbd85b3b509 Author: Quentin Young <qlyoung@cumulusnetworks.com> Date: Mon Jan 6 20:09:23 2020 -0500 bgpd: fix unaligned access to addpath id uint8_t * cannot be cast to uint32_t * unless the pointed-to address is aligned according to uint32_t's alignment rules. And it usually is not. Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com> commit 0b60b95b1dfd1b8ecca3172c66ecb839b1afc05f Author: Quentin Young <qlyoung@cumulusnetworks.com> Date: Mon Jan 6 19:48:08 2020 -0500 zebra: fix ptm heap double free Don't need to free these, they're freed by the caller. Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com> commit 38fa03f4d8cd9ba0e3c6b3fc8f7fe45c38b4e41c Author: Quentin Young <qlyoung@cumulusnetworks.com> Date: Mon Jan 6 12:09:23 2020 -0500 zebra: free ptm message on error Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com> commit cd2541ad6614eb0e0893faa8c67f7b396fef6bc4 Author: Quentin Young <qlyoung@cumulusnetworks.com> Date: Fri Jan 3 16:39:57 2020 -0500 zebra: fix undefined bitshifts in netlink stuff Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com> commit df365916810a3516448dc1c80e25ea0472d38871 Author: Quentin Young <qlyoung@cumulusnetworks.com> Date: Fri Jan 3 21:22:44 2020 -0500 zebra: reject ingress packets that are too large There may be logic to prevent this ever happening earlier in the network read path, but it doesn't hurt to double check it here, because clearly deeper paths rely on this being the case. Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com> commit a4f1cc55843b5596044ab691c2fd21104afa9e7f Author: Quentin Young <qlyoung@cumulusnetworks.com> Date: Fri Jan 3 21:18:49 2020 -0500 zebra: fix multiple bfd buffer issues Whatever this BFD re-transmission function is had a few problems. 1. Used memcpy instead of the (more concise) stream APIs, which include bounds checking. 2. Did not sufficiently check packet sizes. Actually, 2) is mitigated but is still a problem, because the BFD header is 2 bytes larger than the "normal" ZAPI header, while the overall message size remains the same. So if the source message being duplicated is actually right up against the ZAPI_MAX_PACKET_SIZ, you still can't fit the whole message into your duplicated message. I have no idea what the intent was here but at least there's a warning if it happens now. Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com> commit b03575db49a43e070efd41fefba37bde24195610 Author: Quentin Young <qlyoung@cumulusnetworks.com> Date: Fri Jan 3 22:30:33 2020 -0500 zebra: null terminate interface name from wire We read an ifname from the wire but don't make sure its null terminated, fix it Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com> commit e5071ea5df853a4ba2f3a2b6576335f8cb722e25 Author: Quentin Young <qlyoung@cumulusnetworks.com> Date: Fri Jan 3 22:28:53 2020 -0500 zebra: fix iptable memleak, fix free funcs - Fix iptable freeing code to free malloc'd list - malloc iptable in zapi handler and use those functions to free it when done to fix a linked list memleak Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com> commit 8adba491619e117688980113f1664d09bfa14b6a Author: Quentin Young <qlyoung@cumulusnetworks.com> Date: Fri Jan 3 21:40:30 2020 -0500 zebra: ensure ipset name is null terminated We copy a fixed length buffer from the wire but don't ensure it is null terminated. Then print it as a c-string. Lul. Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com> commit c07005a0d853fb145a8c84cf4f631d4308fc751c Author: Quentin Young <qlyoung@cumulusnetworks.com> Date: Fri Jan 3 20:26:09 2020 -0500 zebra: disallow negative rtadv intvl, fix overflow - Disallow RA interval < 0 - Fix integer overflow issue converting interval to seconds from milliseconds - Add missing "m" to "ms" Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com> commit fdaa21d5fc4e8526b432f5c4d664f9139a97422b Author: Quentin Young <qlyoung@cumulusnetworks.com> Date: Fri Jan 3 19:25:38 2020 -0500 lib: fix ifindex comparison overflow Very small (negative!) ifindexes, when subtracted, can overflow. Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com> commit e4f8d198183e9be811e50a6785654518b6bad876 Author: Quentin Young <qlyoung@cumulusnetworks.com> Date: Fri Jan 3 02:12:58 2020 -0500 zebra: check pbr rule msg for correct afi further down we hash the src & dst ip, which asserts that the afi is one of the well known ones, given the field names i assume the correct afis here are af_inet[6] Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com> commit ebee520621d2c79b8550990314b7a216e870a121 Author: Quentin Young <qlyoung@cumulusnetworks.com> Date: Fri Jan 3 02:12:12 2020 -0500 zebra: use correct attr size for netlink enc a bool is not 4 bytes Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com> commit c44fc929c1dab3e5061bebca3f2a26fec92b737c Author: David Lamparter <equinox@diac24.net> Date: Wed Jan 15 12:22:26 2020 +0100 ospfclient: don't install man page ... we're not installing ospfclient (it's a demo/example program), so installing the man page is quite useless. Signed-off-by: David Lamparter <equinox@diac24.net> commit 1e4c5f65f2c0ece0f1f7e89b62023080748ad8bb Author: David Lamparter <equinox@diac24.net> Date: Wed Jan 15 00:00:32 2020 +0100 doc: rename man pages to frr-* The vrrpd one conflicts with the standalone vrrpd package; also we're installing daemons to /usr/lib/frr on some systems so they're not on PATH. Signed-off-by: David Lamparter <equinox@diac24.net> commit 19f741886c7033eab76c3697292fca31c3e25ce8 Merge: 14c7f156f 155138946 Author: Donald Sharp <sharpd@cumulusnetworks.com> Date: Tue Jan 7 14:00:03 2020 -0500 Merge pull request #5647 from LabNConsulting/working/lb/7.2/tt-update 7.2: bgp_l3vpn_to_bgp_vrf: allow for change in 'ip add show vrf' output format commit 14c7f156f270dca46c0dd33586b657e6e7b20692 Merge: 4103116ea 35bc21b6d Author: Donald Sharp <sharpd@cumulusnetworks.com> Date: Tue Jan 7 13:59:36 2020 -0500 Merge pull request #5569 from ton31337/fix/ebgp-requires-policy_with_ibgp_7.2 bgpd: [7.2] Do not apply eBGP policy for iBGP peers commit 4103116ea881f669c204cbaf4d4ea34b8e5f4917 Merge: 8fcdc6dee 4a8a84e08 Author: Donald Sharp <sharpd@cumulusnetworks.com> Date: Tue Jan 7 13:57:49 2020 -0500 Merge pull request #5544 from ton31337/fix/rr_do_not_show_fqdn_7.2 bgpd: [7.2] Show `ip` and `fqdn` in json output for `show [ip] bgp <route> json` commit 1551389468037046a5b1dedfeac7ced2bbd63fa4 Author: Lou Berger <lberger@labn.net> Date: Sun Sep 22 13:06:48 2019 -0400 topotest: bgp_l3vpn_to_bgp_vrf allow for different interface output Signed-off-by: Lou Berger <lberger@labn.net> commit 8fcdc6deee2a9f1b5f0fba6c01bfa21b994aca67 Merge: cda149a6e 4c22b3f0f Author: Donatas Abraitis <donatas.abraitis@gmail.com> Date: Tue Jan 7 11:11:55 2020 +0200 Merge pull request #5642 from slankdev/slankdev-bgpd-fix-large-rd-frr-7-2 bgpd: [7.2] fix large route-distinguisher's format commit 4c22b3f0f371307407a98e6548bf26d2aff984b6 Author: Hiroki Shirokura <slank.dev@gmail.com> Date: Sun Jan 5 22:56:14 2020 +0900 bgpd: fix large route-distinguisher's format This commit is about #5629 's issue. Before this commit, bgpd creates format string of bgp-route-distinguisher as int32, but correctly format is uint32. current bgpd's sh-run-cli generate int32 rd, so if user sets the rd as 1:4294967295(0x1:0xffffffff), sh-run cli generates 1: -1 as running-config. This commit fix that issue. Signed-off-by: Hiroki Shirokura <slank.dev@gmail.com> commit cda149a6e0915c35fba8a6f07110cbc57bd7e1c3 Merge: 74d22c3c5 cc1c2d4fd Author: Quentin Young <qlyoung@users.noreply.github.com> Date: Fri Dec 20 10:37:37 2019 -0500 Merge pull request #5575 from ton31337/fix/no_bgp_listen_range_peer-group_7.2 bgpd: [7.2] Make sure we can use `no bgp listen range ...` commit cc1c2d4fd50a14b646bf644dbaa60606f8bd30e4 Author: Donatas Abraitis <donatas.abraitis@gmail.com> Date: Thu Dec 19 22:09:47 2019 +0200 bgpd: Make sure we can use `no bgp listen range ...` Fixes: ``` exit1-debian-9(config-router)# no bgp listen range 192.168.10.0/24 peer-group TEST % Peer-group does not exist exit1-debian-9(config-router)# ``` Closes https://github.com/FRRouting/frr/issues/5570 Signed-off-by: Donatas Abraitis <donatas.abraitis@gmail.com> commit 35bc21b6d192652ffefca4594479165568ad3cbd Author: Donatas Abraitis <donatas.abraitis@gmail.com> Date: Thu Dec 19 10:51:13 2019 +0200 bgpd: Do not apply eBGP policy for iBGP peers Treat iBGP peers as they have a policy applied. Signed-off-by: Donatas Abraitis <donatas.abraitis@gmail.com> commit 5ac9d549f1f58205365fd9cf93dc09f3781d7ae1 Author: Donatas Abraitis <donatas.abraitis@gmail.com> Date: Thu Dec 19 10:53:05 2019 +0200 tests: Test if eBGP policy is not applied to iBGP peers Signed-off-by: Donatas Abraitis <donatas.abraitis@gmail.com> commit 74d22c3c5cc44e9cd269efa41a5ce05168dee7bb Merge: 6e8671aec 703f86574 Author: Quentin Young <qlyoung@users.noreply.github.com> Date: Thu Dec 19 11:00:50 2019 -0500 Merge pull request #5562 from mjstapp/fix_test_typelist_7_2 [7.2] tests: fix endian bug in test_typelist commit 703f865749fda58ce6e88bd9239506df59e8c4e2 Author: Mark Stapp <mjs@voltanet.io> Date: Wed Dec 18 10:52:08 2019 -0500 tests: fix endian bug in test_typelist [7.2 version] Fix a byte-swapping bug that appeared on big-endian arch but wasn't visible on little-endian. Signed-off-by: Mark Stapp <mjs@voltanet.io> commit 4a8a84e084b35ca2bedf571202821366bca73e11 Author: Donatas Abraitis <donatas.abraitis@gmail.com> Date: Fri Dec 6 22:03:50 2019 +0200 bgpd: Show `ip` and `fqdn` in json output for `show [ip] bgp <route> json` This should keep backward compatibility when bgp show-hostname is enabled/disabled. Also show the real originator IP instead of showing fqdn of the route reflector. Signed-off-by: Donatas Abraitis <donatas.abraitis@gmail.com> commit 0a50c3a0bd6a46f19fd69f7f7a00483acef19afa Author: Donatas Abraitis <donatas.abraitis@gmail.com> Date: Fri Dec 6 22:44:36 2019 +0200 tests: Test if `ip` and `fqdn` are included in `show [ip] bgp json` Signed-off-by: Donatas Abraitis <donatas.abraitis@gmail.com> commit 6e8671aecfc02e323a7990766f5ca69ce84c02f3 Merge: ae0dc1ec5 847222cce Author: Donald Sharp <sharpd@cumulusnetworks.com> Date: Tue Dec 10 17:14:46 2019 -0500 Merge pull request #5518 from mjstapp/fix_evpn_state_7_2 [7.2] zebra: use correct state when installing evpn macs commit 847222cced5f8063058df5b4effaf2d23e8bbdc4 Author: Mark Stapp <mjs@voltanet.io> Date: Tue Dec 10 10:10:56 2019 -0500 zebra: use correct state when installing evpn macs [7.2 version] Use correct state/flags when installing EVPN macs; when we converted from raw netlink to the zebra dataplane, a state value got lost. Signed-off-by: Mark Stapp <mjs@voltanet.io> commit ae0dc1ec50ff12019aefca76257987865111b5ea Merge: 81cd7aa1a c6982533b Author: Renato Westphal <renato@opensourcerouting.org> Date: Mon Dec 9 10:32:53 2019 -0300 Merge pull request #5505 from m-varasteh/fix-if_update_to_new_vrf lib: set entry to xpath in if_update_to_new_vrf commit c6982533ba5769a590d089fa1eebf17a7ec0277b Author: Mahdi Varasteh <mahdy.varasteh@gmail.com> Date: Sun Dec 8 16:33:14 2019 +0330 lib: set entry to xpath in if_update_to_new_vrf when vrf is changed, we change the interface running configuration without using northbound layer. it causes the nb_running_get_entry to fail Signed-off-by: Mahdi Varasteh <mahdy.varasteh@gmail.com> commit 81cd7aa1a7d89bf2900e7c49ea6f8341d76ac011 Merge: 367dc5b43 86def7e58 Author: Jafar Al-Gharaibeh <Jafaral@users.noreply.github.com> Date: Thu Dec 5 23:01:41 2019 -0600 Merge pull request #5480 from mjstapp/fix_dplane_prov_flags_7_2 [7.2] zebra: capture dplane plugin flags commit 86def7e58bfdd312fc0ecd2774c0a50b9cda3d06 Author: Mark Stapp <mjs@voltanet.io> Date: Thu Dec 5 16:33:51 2019 -0500 zebra: capture dplane plugin flags [7.2 version] The flags can be important - like "threaded" - so we need to actually capture them when plugins are registered. Signed-off-by: Mark Stapp <mjs@voltanet.io> commit 367dc5b43d9a992638b274d56b41e02161964e7e Merge: 7ff88745c 8caad8e50 Author: Donald Sharp <sharpd@cumulusnetworks.com> Date: Wed Dec 4 14:13:13 2019 -0500 Merge pull request #5469 from k0ste/stable_7.2_backports [7.2] bgpd: Autocomplete neighbor for clear bgp commit 8caad8e501cb83582492fa16da05b11bc1b08ec8 Author: Donatas Abraitis <donatas.abraitis@gmail.com> Date: Wed Nov 27 21:44:46 2019 +0200 bgpd: Autocomplete neighbor for clear bgp Signed-off-by: Donatas Abraitis <donatas.abraitis@gmail.com> (cherry picked from commit 453c92f6e2a981d024ec3433e804c02bd70f2a13) commit 7ff88745c19c2eb78a728b936509b07d1b5d5c72 Merge: 6fb64ab41 e48a264e5 Author: David Lamparter <equinox@opensourcerouting.org> Date: Wed Dec 4 01:48:37 2019 +0100 [7.2]bgpd: Prevent crash in bgp_table_range_lookup (#5454) [7.2]bgpd: Prevent crash in bgp_table_range_lookup Co-authored-by: Mark Stapp <mjs@voltanet.io> commit e48a264e5c598a63c794c4024e3d70013af9d798 Author: Mark Stapp <mjs@voltanet.io> Date: Mon Nov 11 12:22:38 2019 -0500 ospfd,eigrpd: don't take address of packed struct member Use a local variable to avoid trying to take the address of a packed struct member - an address from the ip header in these cases. Signed-off-by: Mark Stapp <mjs@voltanet.io> commit 4093d1ede9a6ddaf14324e01ba114b731723c159 Author: Donald Sharp <sharpd@cumulusnetworks.com> Date: Mon Dec 2 09:37:47 2019 -0500 bgpd: Prevent crash in bgp_table_range_lookup The function bgp_table_range_lookup attempts to walk down the table node data structures to find a list of matching nodes. We need to guard against the current node from not matching and not having anything in the child nodes. Add a bit of code to guard against this. Traceback that lead me down this path: Nov 24 12:22:38 frr bgpd[20257]: Received signal 11 at 1574616158 (si_addr 0x2, PC 0x46cdc3); aborting... Nov 24 12:22:38 frr bgpd[20257]: Backtrace for 11 stack frames: Nov 24 12:22:38 frr bgpd[20257]: /lib64/libfrr.so.0(zlog_backtrace_sigsafe+0x67) [0x7fd1ad445957] Nov 24 12:22:38 frr bgpd[20257]: /lib64/libfrr.so.0(zlog_signal+0x113) [0x7fd1ad445db3]1ad445957] Nov 24 12:22:38 frr bgpd[20257]: /lib64/libfrr.so.0(+0x70e65) [0x7fd1ad465e65]ad445db3]1ad445957] Nov 24 12:22:38 frr bgpd[20257]: /lib64/libpthread.so.0(+0xf5f0) [0x7fd1abd605f0]45db3]1ad445957] Nov 24 12:22:38 frr bgpd[20257]: /usr/lib/frr/bgpd(bgp_table_range_lookup+0x63) [0x46cdc3]445957] Nov 24 12:22:38 frr bgpd[20257]: /usr/lib64/frr/modules/bgpd_rpki.so(+0x4f0d) [0x7fd1a934ff0d]57] Nov 24 12:22:38 frr bgpd[20257]: /lib64/libfrr.so.0(thread_call+0x60) [0x7fd1ad4736e0]934ff0d]57] Nov 24 12:22:38 frr bgpd[20257]: /lib64/libfrr.so.0(frr_run+0x128) [0x7fd1ad443ab8]e0]934ff0d]57] Nov 24 12:22:38 frr bgpd[20257]: /usr/lib/frr/bgpd(main+0x2e3) [0x41c043]1ad443ab8]e0]934ff0d]57] Nov 24 12:22:38 frr bgpd[20257]: /lib64/libc.so.6(__libc_start_main+0xf5) [0x7fd1ab9a5505]f0d]57] Nov 24 12:22:38 frr bgpd[20257]: /usr/lib/frr/bgpd() [0x41d9bb]main+0xf5) [0x7fd1ab9a5505]f0d]57] Nov 24 12:22:38 frr bgpd[20257]: in thread bgpd_sync_callback scheduled from bgpd/bgp_rpki.c:351#012; aborting... Nov 24 12:22:38 frr watchfrr[6779]: [EC 268435457] bgpd state -> down : read returned EOF Nov 24 12:22:38 frr zebra[5952]: [EC 4043309116] Client 'bgp' encountered an error and is shutting down. Nov 24 12:22:38 frr zebra[5952]: zebra/zebra_ptm.c:1345 failed to find process pid registration Nov 24 12:22:38 frr zebra[5952]: client 15 disconnected. 0 bgp routes removed from the rib I am not really 100% sure what we are really trying to do with this function, but we must guard against child nodes not having any data. Fixes: #5440 Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com> commit 6fb64ab413008e38c04f0f3a0334472aeaaf5a1a Merge: d49e8f75b 7e599e703 Author: Donatas Abraitis <donatas.abraitis@gmail.com> Date: Mon Dec 2 09:59:37 2019 +0200 Merge pull request #5447 from donaldsharp/7.2_bgp_show_json_mem_leak [7.2]bgpd: Fix memory leak in json output of show commands commit 7e599e7035bd5118cdd245c9e8318ecc6264e42e Author: Donald Sharp <sharpd@cumulusnetworks.com> Date: Sun Dec 1 09:29:32 2019 -0500 bgpd: Fix memory leak in json output of show commands When dumping a large bit of table data via bgp_show_table and if there is no information to display for a particular `struct bgp_node *` the data allocated via json_object_new_array() is leaked. Not a big deal on small tables but if you have a full bgp feed and issue a show command that does not match any of the route nodes ( say `vtysh -c "show bgp ipv4 large-community-list FOO"`) then we will leak memory. Before code change and issuing the above show bgp large-community-list command 15-20 times: Memory statistics for bgpd: System allocator statistics: Total heap allocated: > 2GB Holding block headers: 0 bytes Used small blocks: 0 bytes Used ordinary blocks: > 2GB Free small blocks: 31 MiB Free ordinary blocks: 616 KiB Ordinary blocks: 0 Small blocks: 0 Holding blocks: 0 After: Memory statistics for bgpd: System allocator statistics: Total heap allocated: 924 MiB Holding block headers: 0 bytes Used small blocks: 0 bytes Used ordinary blocks: 558 MiB Free small blocks: 26 MiB Free ordinary blocks: 340 MiB Ordinary blocks: 0 Small blocks: 0 Holding blocks: 0 Please note the 340mb of free ordinary blocks is from the fact I issued a `show bgp ipv4 uni json` command and generated a large amount of data. Fixes: #5445 Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com> commit d49e8f75bd46879c799375f304506dbc5d26230f Merge: e8afcca0e c05c48621 Author: Donald Sharp <sharpd@cumulusnetworks.com> Date: Thu Nov 21 10:00:32 2019 -0500 Merge pull request #5391 from opensourcerouting/bfd-vrf-fix [7.2] bfdd: fix multiple VRF handling commit e8afcca0e7a6c34c4c6dcff39506b951c4bfe408 Merge: fd87438fd ea2bdae8c Author: Donald Sharp <sharpd@cumulusnetworks.com> Date: Thu Nov 21 09:59:08 2019 -0500 Merge pull request #5392 from ton31337/fix/update_rib_on_bgp_distance_changes_7.2 bgpd: [7.2] Reflect the distance in RIB when it is changed for an arbitrary afi/safi commit fd87438fd982d7bb169cf7a60eb41cc99467a690 Merge: a34be0bd0 bf799e10d Author: Donald Sharp <sharpd@cumulusnetworks.com> Date: Thu Nov 21 09:57:48 2019 -0500 Merge pull request #5395 from ton31337/fix/send_BGP_NOTIFY_CEASE_PEER_UNCONFIG_after_no_neighbor_7.2 bgpd: [7.2] Notify "Peer De-configured" after entering 'no neighbor <neighbor> cmd' commit bf799e10dc843d6a0144b9c31985ed57fbdf7c19 Author: Donatas Abraitis <donatas.abraitis@gmail.com> Date: Tue Nov 5 14:33:31 2019 +0200 bgpd: Notify "Peer De-configured" after entering 'no neighbor <neighbor> cmd' Before changes: ~# vtysh -c 'show ip bgp neighbors 192.168.0.2 json' | \ jq '."192.168.0.2".lastNotificationReason' null After changes: ~# vtysh -c 'show ip bgp neighbors 192.168.0.2 json' | \ jq '."192.168.0.2".lastNotificationReason' "Cease/Peer Unconfigured" Signed-off-by: Donatas Abraitis <donatas.abraitis@gmail.com> commit ea2bdae8cc989b872e318fb53877a7d25fbae92c Author: Donatas Abraitis <donatas.abraitis@gmail.com> Date: Thu Oct 31 11:17:45 2019 +0200 tests: Test if `distance bgp (1-255) (1-255) (1-255)` works Signed-off-by: Donatas Abraitis <donatas.abraitis@gmail.com> commit 51fda29c991dfbf752547bdfd2c16de8ec9d263c Author: Donatas Abraitis <donatas.abraitis@gmail.com> Date: Thu Oct 31 09:53:18 2019 +0200 bgpd: Reflect the distance in RIB when it is changed for an arbitrary afi/safi debian-9# show ip route 192.168.255.2/32 longer-prefixes Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP, F - PBR, f - OpenFabric, > - selected route, * - FIB route, q - queued route, r - rejected route B>* 192.168.255.2/32 [20/0] via 192.168.0.1, eth1, 00:15:22 debian-9# conf debian-9(config)# router bgp 100 debian-9(config-router)# address-family ipv4 debian-9(config-router-af)# distance bgp 123 123 123 debian-9(config-router-af)# do show ip route 192.168.255.2/32 longer-prefixes Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP, F - PBR, f - OpenFabric, > - selected route, * - FIB route, q - queued route, r - rejected route B>* 192.168.255.2/32 [123/0] via 192.168.0.1, eth1, 00:00:09 debian-9(config-router-af)# no distance bgp debian-9(config-router-af)# do show ip route 192.168.255.2/32 longer-prefixes Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP, F - PBR, f - OpenFabric, > - selected route, * - FIB route, q - queued route, r - rejected route B>* 192.168.255.2/32 [20/0] via 192.168.0.1, eth1, 00:00:02 debian-9(config-router-af)# Signed-off-by: Donatas Abraitis <donatas.abraitis@gmail.com> commit a34be0bd0ef400793a2dc857887f151b9655fe13 Merge: 776ff7971 5bc971f37 Author: Donatas Abraitis <donatas.abraitis@gmail.com> Date: Wed Nov 20 20:36:41 2019 +0200 Merge pull request #5387 from donaldsharp/7.2_cherrys [7.2] cherrys commit c05c48621c94582bce6ddb6e3f316f8a010c9bb0 Author: Rafael Zalamena <rzalamena@opensourcerouting.org> Date: Wed Nov 20 15:10:10 2019 -0300 bfdd: fix multiple VRF handling Use the interface VRF information instead of relying on the VRF specific socket information. Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org> commit 5bc971f375be8bd70049980febd80751a721e4e2 Author: Quentin Young <qlyoung@cumulusnetworks.com> Date: Tue Nov 19 21:47:40 2019 -0500 pimd: fix bsm buflen check to include pim hdr Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com> commit bf55cd5f47c5d30f1f3067cd9373a9c43ce7a069 Author: Donald Sharp <sharpd@cumulusnetworks.com> Date: Tue Nov 19 19:36:19 2019 -0500 pimd: Various buffer overflow reads and crashes A variety of buffer overflow reads and crashes that could occur if you fed bad info into pim. 1) When type is setup incorrectly we were printing the first 8 bytes of the pim_parse_addr_source, but the min encoding length is 4 bytes. As such we will read beyond end of buffer. 2) The RP(pim, grp) macro can return a NULL value Do not automatically assume that we can deref the data. 3) BSM parsing was not properly sanitizing data input from wire and we could enter into situations where we would read beyond the end of the buffer. Prevent this from happening, we are probably left in a bad way. 4) The received bit length cannot be greater than 32 bits, refuse to allow it to happen. Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com> commit 11e1660b74272ba3d76839ddcd106ebab52e662f Author: Donald Sharp <sharpd@cumulusnetworks.com> Date: Tue Nov 19 08:22:50 2019 -0500 pimd: Fix possible read beyond end of data received If a register packet is received that is less than the PIM_MSG_REGISTER_LEN in size we can have a possible situation where the data being checksummed is just random data from the buffer we read into. 2019/11/18 21:45:46 warnings: PIM: int pim_if_add_vif(struct interface *, _Bool, _Bool): could not get address for interface fuzziface ifindex=0 ==27636== Invalid read of size 4 ==27636== at 0x4E6EB0D: in_cksum (checksum.c:28) ==27636== by 0x4463CC: pim_pim_packet (pim_pim.c:194) ==27636== by 0x40E2B4: main (pim_main.c:117) ==27636== Address 0x771f818 is 0 bytes after a block of size 24 alloc'd ==27636== at 0x4C2FB0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==27636== by 0x40E261: main (pim_main.c:112) ==27636== Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>