Git log: commit d1312e009b62331d39d0b9e77997b2f42be66f46
Author: David Lamparter <equinox@diac24.net>
Date: Mon Apr 6 19:28:56 2020 +0200
debian: make cross-compile work
This allows e.g. "sbuild --host=arm64" to build packages for other
architectures on, say, fat amd64 servers. As a side effect, the Debian
build uses a separate builddir, which helps noting issues on that front.
Signed-off-by: David Lamparter <equinox@diac24.net>
commit 46bf67e739f5a14a3cf7f7a646ef2ee0059233b0
Author: David Lamparter <equinox@diac24.net>
Date: Tue Feb 25 17:45:53 2020 +0100
debian: 7.3-1
Signed-off-by: David Lamparter <equinox@diac24.net>
commit 1a3de6c6080052beba2c16da9f622bd8480c3812
Merge: 25321d069 c0038fca9
Author: David Lamparter <equinox@diac24.net>
Date: Tue Feb 25 17:32:36 2020 +0100
Merge tag 'frr-7.3' into debian/master
FRRouting Release 7.3
commit 25321d0695084c4d953e9af24b3776e34cef29b1
Author: David Lamparter <equinox@diac24.net>
Date: Mon Jan 20 17:06:29 2020 +0100
debian: 7.2.1-1
Signed-off-by: David Lamparter <equinox@diac24.net>
commit 6b56b84d8a14b184ba6aa7a9c107783e752675d3
Author: David Lamparter <equinox@diac24.net>
Date: Mon Jan 20 16:57:10 2020 +0100
debian: 7.2.1 prep
Just the odd housekeeping bits.
Signed-off-by: David Lamparter <equinox@diac24.net>
commit 83ab3638be67402a7e46a6d6fe542fa5916d3b45
Author: David Lamparter <equinox@diac24.net>
Date: Mon Jan 20 16:53:55 2020 +0100
debian: remove outdated README content
Signed-off-by: David Lamparter <equinox@diac24.net>
commit 7eb5faa7e619291e6df08b50ac7601b40ff9c912
Merge: 3104f78b9 90446e3c3
Author: David Lamparter <equinox@diac24.net>
Date: Mon Jan 20 16:20:09 2020 +0100
Merge tag 'frr-7.2.1' into debian/master
FRRouting Release 7.2.1
commit 90446e3c3310001a7b84017fa4b237ea7914f45e
Author: Martin Winter <mwinter@opensourcerouting.org>
Date: Fri Jan 17 17:18:19 2020 +0100
FRRouting Release 7.2.1
(Maintenance Release)
- BGPd
- Fix Addpath issue
- Do not apply eBGP policy for iBGP peers
- Show `ip` and `fqdn` in json output for `show [ip] bgp <route> json`
- Fix large route-distinguisher's format
- Fix `no bgp listen range ...` configuration command
- Autocomplete neighbor for clear bgp
- Reflect the distance in RIB when it is changed for an arbitrary afi/safi
- Notify "Peer De-configured" after entering 'no neighbor <neighbor> cmd
- Fix per afi/safi addpath peer counting
- Rework BGP dampening to be per AFI/SAFI
- Do not send next-hop as :: in MP_REACH_NLRI if no link-local exists
- Override peer's TTL only if peer-group is configured with TTL
- Remove error message for unkown afi/safi combination
- Keep the session down if maximum-prefix is reached
- OSPFd
- Fix BFD down not tearing down OSPF adjacency for point-to-point net
- BFDd
- Fix multiple VRF handling
- VRF security improvement
- PIMd
- Fix rp crash
- NHRPd
- Make sure `no ip nhrp map <something>` works as expected
- LDPd
- Add missing sanity check in the parsing of label messages
- Zebra
- Use correct state when installing evpn macs
- Capture dplane plugin flags
- lib
- Fix interface config when vrf changes
- Fix Interface Infinite Loop Walk (for special interfaces such as bond)
- snapcraft
- fix missing vrrpd daemon
- Others
- Rename man pages (to avoid conflicts with other packages)
- Various other fixes for code cleanup and memory leaks
Signed-off-by: Martin Winter <mwinter@opensourcerouting.org>
commit 3b08fde9dd27470c365203a7fa575d5397709a3d
Merge: 7390ea4f6 97af7d892
Author: David Lamparter <equinox@opensourcerouting.org>
Date: Thu Jan 16 22:24:27 2020 +0100
Merge pull request #5696 from qlyoung/stable-7.2-backport-more
More 7.2 bugfix backports
commit 97af7d892c916656cee1e64765c7f7a628912797
Author: Quentin Young <qlyoung@cumulusnetworks.com>
Date: Sat Dec 21 20:19:47 2019 -0500
pimd: readd iph length checks
Kernel might not hand us a bad packet, but better safe than sorry here.
Validate the IP header length field. Also adds an additional check that
the packet length is sufficient for an IGMP packet, and a check that we
actually have enough for an ip header at all.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
commit ffae92d209a85c1d1b8714eb427ac4a73df73746
Author: Quentin Young <qlyoung@cumulusnetworks.com>
Date: Sat Dec 21 21:02:15 2019 -0500
pimd: fix missing igmp mtrace length check
We check that the IGMP message is sufficently sized for an mtrace query,
but not a response, leading to uninitialized stack read.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
commit fe4cce36ff0d6802c814d44b0d4019e371aba7a9
Author: Quentin Young <qlyoung@cumulusnetworks.com>
Date: Thu Dec 12 00:13:58 2019 -0500
ospfd: sizeof(pointer) -> sizeof(pointed-at)
14 years old eh?
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
commit 2647deb6b49adc59ef6ef1427b740e6b94961198
Author: Quentin Young <qlyoung@cumulusnetworks.com>
Date: Thu Dec 12 00:09:39 2019 -0500
ospfd: fix misplaced trust in ip header length
We actually don't validate the IHL field, although it certainly looks
like we do at a casual glance.
This patch saves us from an assert in case we actually do get an IP
packet with an incorrect header length field.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
commit 70b4d467fd0cfdea54cbef611ef2244274d0d03c
Author: Quentin Young <qlyoung@cumulusnetworks.com>
Date: Tue Dec 3 15:48:27 2019 -0500
bgpd: more attribute parsing cleanup & paranoia
* Move VNC interning to the appropriate spot
* Use existing bgp_attr_flush_encap to free encap sets
* Assert that refcounts are correct before exiting to keep the demons
contained in their fiery prison
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
commit e926d43c14b58bbf30c7a8f17fb78131616dafe6
Author: Quentin Young <qlyoung@cumulusnetworks.com>
Date: Tue Dec 3 16:01:19 2019 -0500
bgpd: remove bgp_attr_dup
yeah
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
commit ccce196df913171e8898d78ca6b8ac4d58623281
Author: Quentin Young <qlyoung@cumulusnetworks.com>
Date: Tue Dec 3 13:12:25 2019 -0500
lib: fix heap buf overflow when adding prefix orf
Don't lose your way
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
commit 7c2d8181b867ef79ffdeb077f03d80d211aae4ab
Author: Quentin Young <qlyoung@cumulusnetworks.com>
Date: Tue Nov 26 14:42:40 2019 -0500
bgpd: clean up attribute parsing state before ret
Early exits without appropriate cleanup were causing obscure double
frees and other issues later on in the attribute parsing code. If we
return anything except a hard attribute parse error, we have cleanup and
refcounts to manage.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
commit ff9c00d2d5fe0d934a3acaaca8e88c61119bbfdf
Author: Quentin Young <qlyoung@cumulusnetworks.com>
Date: Tue Nov 26 14:42:26 2019 -0500
bgpd: ensure transit ptr is nulled on free
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
commit 61dad26069acba48c7a1a94c7596e52031972f7e
Author: Quentin Young <qlyoung@cumulusnetworks.com>
Date: Sun Nov 24 02:02:54 2019 -0500
bgpd: fix bad bounds check for addpath in nlri
If a peer advertised capability addpath in their OPEN, but sent us an
UPDATE without an ADDPATH, we overflow a heap buffer.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
commit d8a9566e4b1a8b25545ded2a2b4dbbc013d334ac
Author: Quentin Young <qlyoung@cumulusnetworks.com>
Date: Thu Nov 21 18:55:59 2019 -0500
bgpd: fix heap buffer overflow in lcom -> str enc
Spaces were not being accounted for in the heap buffer sizing, leading
to a heap buffer overflow when encoding large communities to their
string representations.
This patch also uses safer functions to do the encoding instead of
pointer math.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
commit 73b5d44168a1f7927bae7943fb9ec3dac953206d
Author: Quentin Young <qlyoung@cumulusnetworks.com>
Date: Thu Nov 21 19:01:55 2019 -0500
bgpd: use safe functions to work with ecom attrs
Tons of insane just-so pointer math here where it is not needed. This is
too smart. Use safer methods.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
commit f7704ce3b4f0f6511833b56ca0a5bd9148f63297
Author: Quentin Young <qlyoung@cumulusnetworks.com>
Date: Thu Nov 21 19:00:11 2019 -0500
bgpd: remove extra ecom attr ptr increment
Copy paste leads to invalid read of 1 byte off the heap when converting
extended community attributes into strings.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
commit 7390ea4f6fc6d980af215b8d8b55eccb9a484ddb
Merge: 9da756263 b74d522b7
Author: David Lamparter <equinox@opensourcerouting.org>
Date: Thu Jan 16 14:30:57 2020 +0100
bgpd: [7.2] fix unaligned access to addpath id (#5693)
bgpd: [7.2] fix unaligned access to addpath id
commit 9da75626313daca848085c47c8570117f5db1dcb
Merge: 206b53486 1efd38601
Author: Donald Sharp <sharpd@cumulusnetworks.com>
Date: Thu Jan 16 07:17:59 2020 -0500
Merge pull request #5689 from ton31337/fix/addpath_adj_out_look_compare_id_7.2
bgpd: [7.2] add addpath ID to adj_out tree sort
commit b74d522b7e378e0588876d38d61d32f8f99dc2c0
Author: Santosh P K <sapk@vmware.com>
Date: Tue Jan 7 07:47:13 2020 -0800
bgpd: fix unaligned access to addpath id
uint8_t * cannot be cast to uint32_t * unless the
pointed-to address is aligned according to uint32_t's
alignment rules. And it usually is not.
Signed-off-by: Santosh P K <sapk@vmware.com>
commit 206b53486b6aa4f4b245108521ae3097a833fc55
Merge: da6aa90ee 2a40b5782
Author: David Lamparter <equinox@opensourcerouting.org>
Date: Thu Jan 16 11:39:21 2020 +0100
Stable 7.2 backport edible arrangement (#5687)
Stable 7.2 backport edible arrangement
commit 1efd386013d8c8baec6a156a0783959a611c492a
Author: Mitchell Skiba <mskiba@amazon.com>
Date: Thu Jan 9 11:46:13 2020 -0800
bgpd: add addpath ID to adj_out tree sort
When withdrawing addpaths, adj_lookup was called to find the path that
needed to be withdrawn. It would lookup in the RB tree based on subgroup
pointer alone, often find the path with the wrong addpath ID, and return
null. Only the path highest in the tree sent to the subgroup could be
found, thus withdrawn.
Adding the addpath ID to the sort criteria for the RB tree allows us to
simplify the logic for adj_lookup, and address this problem. We are able
to remove the logic around non-addpath subgroups because the addpath ID
is consistently 0 for non-addpath adj_outs, so special logic to skip
matching the addpath ID isn't required. (As a side note, addpath will
also never use ID 0, so there won't be any ambiguity when looking at the
structure content.)
Signed-off-by: Mitchell Skiba <mskiba@amazon.com>
commit da6aa90eef8d92a942ab7252311ffad01ef92a43
Merge: 19f741886 c44fc929c
Author: Donatas Abraitis <donatas.abraitis@gmail.com>
Date: Wed Jan 15 20:38:08 2020 +0200
Merge pull request #5685 from opensourcerouting/7.2/manpage-rename
[7.2] doc: manpage rename
commit 2a40b57822b912f735253affb57da371e908e0ab
Author: Quentin Young <qlyoung@cumulusnetworks.com>
Date: Wed Jan 15 13:00:34 2020 -0500
bgpd: fix memory leak when parsing capabilities
Duplicated domain name capability messages cause memory leak. The amount
of leaked memory is proportional to the size of the duplicated
capabilities. This bug was introduced in 2015.
To hit this, a BGP OPEN message must contain multiple FQDN capabilities.
Memory is leaked when the hostname portion of the capability is of
length 0, but the domainname portion is not, for any of the duplicated
capabilities beyond the first one.
https://tools.ietf.org/html/draft-walton-bgp-hostname-capability-00
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
commit 890a732c6baf6ffb4f10b27a5720809dc6fad51a
Author: Quentin Young <qlyoung@cumulusnetworks.com>
Date: Tue Jan 14 13:55:55 2020 -0500
zebra: bfd message handling cleanup foo
Previous patches introduced various issues:
- Removal of stream_free() to fix double free caused memleak
- Patch for memleak was incomplete
This should fix it hopefully.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
commit 3c21800a0c0bb381038fdb4203231a9a1d401b9e
Author: Quentin Young <qlyoung@cumulusnetworks.com>
Date: Thu Jan 9 18:50:18 2020 -0500
zebra: fix bfd deregister message memleak
Removing double frees accidentally introduced a memleak
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
commit 6ce6a18636950898e15eee644949c82ed3820ef5
Author: Quentin Young <qlyoung@cumulusnetworks.com>
Date: Tue Jan 7 00:51:35 2020 -0500
bgpd: avoid memcmp(NULL, NULL)
Undefined behavior
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
commit 8629ea6839dcaf79b85e606248bd7dbd85b3b509
Author: Quentin Young <qlyoung@cumulusnetworks.com>
Date: Mon Jan 6 20:09:23 2020 -0500
bgpd: fix unaligned access to addpath id
uint8_t * cannot be cast to uint32_t * unless the pointed-to address is
aligned according to uint32_t's alignment rules. And it usually is not.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
commit 0b60b95b1dfd1b8ecca3172c66ecb839b1afc05f
Author: Quentin Young <qlyoung@cumulusnetworks.com>
Date: Mon Jan 6 19:48:08 2020 -0500
zebra: fix ptm heap double free
Don't need to free these, they're freed by the caller.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
commit 38fa03f4d8cd9ba0e3c6b3fc8f7fe45c38b4e41c
Author: Quentin Young <qlyoung@cumulusnetworks.com>
Date: Mon Jan 6 12:09:23 2020 -0500
zebra: free ptm message on error
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
commit cd2541ad6614eb0e0893faa8c67f7b396fef6bc4
Author: Quentin Young <qlyoung@cumulusnetworks.com>
Date: Fri Jan 3 16:39:57 2020 -0500
zebra: fix undefined bitshifts in netlink stuff
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
commit df365916810a3516448dc1c80e25ea0472d38871
Author: Quentin Young <qlyoung@cumulusnetworks.com>
Date: Fri Jan 3 21:22:44 2020 -0500
zebra: reject ingress packets that are too large
There may be logic to prevent this ever happening earlier in the network
read path, but it doesn't hurt to double check it here, because clearly
deeper paths rely on this being the case.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
commit a4f1cc55843b5596044ab691c2fd21104afa9e7f
Author: Quentin Young <qlyoung@cumulusnetworks.com>
Date: Fri Jan 3 21:18:49 2020 -0500
zebra: fix multiple bfd buffer issues
Whatever this BFD re-transmission function is had a few problems.
1. Used memcpy instead of the (more concise) stream APIs, which include
bounds checking.
2. Did not sufficiently check packet sizes.
Actually, 2) is mitigated but is still a problem, because the BFD header
is 2 bytes larger than the "normal" ZAPI header, while the overall
message size remains the same. So if the source message being duplicated
is actually right up against the ZAPI_MAX_PACKET_SIZ, you still can't
fit the whole message into your duplicated message. I have no idea what
the intent was here but at least there's a warning if it happens now.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
commit b03575db49a43e070efd41fefba37bde24195610
Author: Quentin Young <qlyoung@cumulusnetworks.com>
Date: Fri Jan 3 22:30:33 2020 -0500
zebra: null terminate interface name from wire
We read an ifname from the wire but don't make sure its null terminated,
fix it
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
commit e5071ea5df853a4ba2f3a2b6576335f8cb722e25
Author: Quentin Young <qlyoung@cumulusnetworks.com>
Date: Fri Jan 3 22:28:53 2020 -0500
zebra: fix iptable memleak, fix free funcs
- Fix iptable freeing code to free malloc'd list
- malloc iptable in zapi handler and use those functions to free it when
done to fix a linked list memleak
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
commit 8adba491619e117688980113f1664d09bfa14b6a
Author: Quentin Young <qlyoung@cumulusnetworks.com>
Date: Fri Jan 3 21:40:30 2020 -0500
zebra: ensure ipset name is null terminated
We copy a fixed length buffer from the wire but don't ensure it is null
terminated. Then print it as a c-string. Lul.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
commit c07005a0d853fb145a8c84cf4f631d4308fc751c
Author: Quentin Young <qlyoung@cumulusnetworks.com>
Date: Fri Jan 3 20:26:09 2020 -0500
zebra: disallow negative rtadv intvl, fix overflow
- Disallow RA interval < 0
- Fix integer overflow issue converting interval to seconds from
milliseconds
- Add missing "m" to "ms"
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
commit fdaa21d5fc4e8526b432f5c4d664f9139a97422b
Author: Quentin Young <qlyoung@cumulusnetworks.com>
Date: Fri Jan 3 19:25:38 2020 -0500
lib: fix ifindex comparison overflow
Very small (negative!) ifindexes, when subtracted, can overflow.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
commit e4f8d198183e9be811e50a6785654518b6bad876
Author: Quentin Young <qlyoung@cumulusnetworks.com>
Date: Fri Jan 3 02:12:58 2020 -0500
zebra: check pbr rule msg for correct afi
further down we hash the src & dst ip, which asserts that the afi is one
of the well known ones, given the field names i assume the correct afis
here are af_inet[6]
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
commit ebee520621d2c79b8550990314b7a216e870a121
Author: Quentin Young <qlyoung@cumulusnetworks.com>
Date: Fri Jan 3 02:12:12 2020 -0500
zebra: use correct attr size for netlink enc
a bool is not 4 bytes
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
commit c44fc929c1dab3e5061bebca3f2a26fec92b737c
Author: David Lamparter <equinox@diac24.net>
Date: Wed Jan 15 12:22:26 2020 +0100
ospfclient: don't install man page
... we're not installing ospfclient (it's a demo/example program), so
installing the man page is quite useless.
Signed-off-by: David Lamparter <equinox@diac24.net>
commit 1e4c5f65f2c0ece0f1f7e89b62023080748ad8bb
Author: David Lamparter <equinox@diac24.net>
Date: Wed Jan 15 00:00:32 2020 +0100
doc: rename man pages to frr-*
The vrrpd one conflicts with the standalone vrrpd package; also we're
installing daemons to /usr/lib/frr on some systems so they're not on
PATH.
Signed-off-by: David Lamparter <equinox@diac24.net>
commit 19f741886c7033eab76c3697292fca31c3e25ce8
Merge: 14c7f156f 155138946
Author: Donald Sharp <sharpd@cumulusnetworks.com>
Date: Tue Jan 7 14:00:03 2020 -0500
Merge pull request #5647 from LabNConsulting/working/lb/7.2/tt-update
7.2: bgp_l3vpn_to_bgp_vrf: allow for change in 'ip add show vrf' output format
commit 14c7f156f270dca46c0dd33586b657e6e7b20692
Merge: 4103116ea 35bc21b6d
Author: Donald Sharp <sharpd@cumulusnetworks.com>
Date: Tue Jan 7 13:59:36 2020 -0500
Merge pull request #5569 from ton31337/fix/ebgp-requires-policy_with_ibgp_7.2
bgpd: [7.2] Do not apply eBGP policy for iBGP peers
commit 4103116ea881f669c204cbaf4d4ea34b8e5f4917
Merge: 8fcdc6dee 4a8a84e08
Author: Donald Sharp <sharpd@cumulusnetworks.com>
Date: Tue Jan 7 13:57:49 2020 -0500
Merge pull request #5544 from ton31337/fix/rr_do_not_show_fqdn_7.2
bgpd: [7.2] Show `ip` and `fqdn` in json output for `show [ip] bgp <route> json`
commit 1551389468037046a5b1dedfeac7ced2bbd63fa4
Author: Lou Berger <lberger@labn.net>
Date: Sun Sep 22 13:06:48 2019 -0400
topotest: bgp_l3vpn_to_bgp_vrf allow for different interface output
Signed-off-by: Lou Berger <lberger@labn.net>
commit 8fcdc6deee2a9f1b5f0fba6c01bfa21b994aca67
Merge: cda149a6e 4c22b3f0f
Author: Donatas Abraitis <donatas.abraitis@gmail.com>
Date: Tue Jan 7 11:11:55 2020 +0200
Merge pull request #5642 from slankdev/slankdev-bgpd-fix-large-rd-frr-7-2
bgpd: [7.2] fix large route-distinguisher's format
commit 4c22b3f0f371307407a98e6548bf26d2aff984b6
Author: Hiroki Shirokura <slank.dev@gmail.com>
Date: Sun Jan 5 22:56:14 2020 +0900
bgpd: fix large route-distinguisher's format
This commit is about #5629 's issue.
Before this commit, bgpd creates format string of
bgp-route-distinguisher as int32, but correctly format
is uint32. current bgpd's sh-run-cli generate int32 rd,
so if user sets the rd as 1:4294967295(0x1:0xffffffff),
sh-run cli generates 1: -1 as running-config. This
commit fix that issue.
Signed-off-by: Hiroki Shirokura <slank.dev@gmail.com>
commit cda149a6e0915c35fba8a6f07110cbc57bd7e1c3
Merge: 74d22c3c5 cc1c2d4fd
Author: Quentin Young <qlyoung@users.noreply.github.com>
Date: Fri Dec 20 10:37:37 2019 -0500
Merge pull request #5575 from ton31337/fix/no_bgp_listen_range_peer-group_7.2
bgpd: [7.2] Make sure we can use `no bgp listen range ...`
commit cc1c2d4fd50a14b646bf644dbaa60606f8bd30e4
Author: Donatas Abraitis <donatas.abraitis@gmail.com>
Date: Thu Dec 19 22:09:47 2019 +0200
bgpd: Make sure we can use `no bgp listen range ...`
Fixes:
```
exit1-debian-9(config-router)# no bgp listen range 192.168.10.0/24 peer-group TEST
% Peer-group does not exist
exit1-debian-9(config-router)#
```
Closes https://github.com/FRRouting/frr/issues/5570
Signed-off-by: Donatas Abraitis <donatas.abraitis@gmail.com>
commit 35bc21b6d192652ffefca4594479165568ad3cbd
Author: Donatas Abraitis <donatas.abraitis@gmail.com>
Date: Thu Dec 19 10:51:13 2019 +0200
bgpd: Do not apply eBGP policy for iBGP peers
Treat iBGP peers as they have a policy applied.
Signed-off-by: Donatas Abraitis <donatas.abraitis@gmail.com>
commit 5ac9d549f1f58205365fd9cf93dc09f3781d7ae1
Author: Donatas Abraitis <donatas.abraitis@gmail.com>
Date: Thu Dec 19 10:53:05 2019 +0200
tests: Test if eBGP policy is not applied to iBGP peers
Signed-off-by: Donatas Abraitis <donatas.abraitis@gmail.com>
commit 74d22c3c5cc44e9cd269efa41a5ce05168dee7bb
Merge: 6e8671aec 703f86574
Author: Quentin Young <qlyoung@users.noreply.github.com>
Date: Thu Dec 19 11:00:50 2019 -0500
Merge pull request #5562 from mjstapp/fix_test_typelist_7_2
[7.2] tests: fix endian bug in test_typelist
commit 703f865749fda58ce6e88bd9239506df59e8c4e2
Author: Mark Stapp <mjs@voltanet.io>
Date: Wed Dec 18 10:52:08 2019 -0500
tests: fix endian bug in test_typelist
[7.2 version] Fix a byte-swapping bug that appeared on
big-endian arch but wasn't visible on little-endian.
Signed-off-by: Mark Stapp <mjs@voltanet.io>
commit 4a8a84e084b35ca2bedf571202821366bca73e11
Author: Donatas Abraitis <donatas.abraitis@gmail.com>
Date: Fri Dec 6 22:03:50 2019 +0200
bgpd: Show `ip` and `fqdn` in json output for `show [ip] bgp <route> json`
This should keep backward compatibility when bgp show-hostname is
enabled/disabled.
Also show the real originator IP instead of showing fqdn of the route
reflector.
Signed-off-by: Donatas Abraitis <donatas.abraitis@gmail.com>
commit 0a50c3a0bd6a46f19fd69f7f7a00483acef19afa
Author: Donatas Abraitis <donatas.abraitis@gmail.com>
Date: Fri Dec 6 22:44:36 2019 +0200
tests: Test if `ip` and `fqdn` are included in `show [ip] bgp json`
Signed-off-by: Donatas Abraitis <donatas.abraitis@gmail.com>
commit 6e8671aecfc02e323a7990766f5ca69ce84c02f3
Merge: ae0dc1ec5 847222cce
Author: Donald Sharp <sharpd@cumulusnetworks.com>
Date: Tue Dec 10 17:14:46 2019 -0500
Merge pull request #5518 from mjstapp/fix_evpn_state_7_2
[7.2] zebra: use correct state when installing evpn macs
commit 847222cced5f8063058df5b4effaf2d23e8bbdc4
Author: Mark Stapp <mjs@voltanet.io>
Date: Tue Dec 10 10:10:56 2019 -0500
zebra: use correct state when installing evpn macs
[7.2 version] Use correct state/flags when installing EVPN macs;
when we converted from raw netlink to the zebra dataplane, a
state value got lost.
Signed-off-by: Mark Stapp <mjs@voltanet.io>
commit ae0dc1ec50ff12019aefca76257987865111b5ea
Merge: 81cd7aa1a c6982533b
Author: Renato Westphal <renato@opensourcerouting.org>
Date: Mon Dec 9 10:32:53 2019 -0300
Merge pull request #5505 from m-varasteh/fix-if_update_to_new_vrf
lib: set entry to xpath in if_update_to_new_vrf
commit c6982533ba5769a590d089fa1eebf17a7ec0277b
Author: Mahdi Varasteh <mahdy.varasteh@gmail.com>
Date: Sun Dec 8 16:33:14 2019 +0330
lib: set entry to xpath in if_update_to_new_vrf
when vrf is changed, we change the interface running configuration
without using northbound layer. it causes the nb_running_get_entry to fail
Signed-off-by: Mahdi Varasteh <mahdy.varasteh@gmail.com>
commit 81cd7aa1a7d89bf2900e7c49ea6f8341d76ac011
Merge: 367dc5b43 86def7e58
Author: Jafar Al-Gharaibeh <Jafaral@users.noreply.github.com>
Date: Thu Dec 5 23:01:41 2019 -0600
Merge pull request #5480 from mjstapp/fix_dplane_prov_flags_7_2
[7.2] zebra: capture dplane plugin flags
commit 86def7e58bfdd312fc0ecd2774c0a50b9cda3d06
Author: Mark Stapp <mjs@voltanet.io>
Date: Thu Dec 5 16:33:51 2019 -0500
zebra: capture dplane plugin flags
[7.2 version]
The flags can be important - like "threaded" - so we need to
actually capture them when plugins are registered.
Signed-off-by: Mark Stapp <mjs@voltanet.io>
commit 367dc5b43d9a992638b274d56b41e02161964e7e
Merge: 7ff88745c 8caad8e50
Author: Donald Sharp <sharpd@cumulusnetworks.com>
Date: Wed Dec 4 14:13:13 2019 -0500
Merge pull request #5469 from k0ste/stable_7.2_backports
[7.2] bgpd: Autocomplete neighbor for clear bgp
commit 8caad8e501cb83582492fa16da05b11bc1b08ec8
Author: Donatas Abraitis <donatas.abraitis@gmail.com>
Date: Wed Nov 27 21:44:46 2019 +0200
bgpd: Autocomplete neighbor for clear bgp
Signed-off-by: Donatas Abraitis <donatas.abraitis@gmail.com>
(cherry picked from commit 453c92f6e2a981d024ec3433e804c02bd70f2a13)
commit 7ff88745c19c2eb78a728b936509b07d1b5d5c72
Merge: 6fb64ab41 e48a264e5
Author: David Lamparter <equinox@opensourcerouting.org>
Date: Wed Dec 4 01:48:37 2019 +0100
[7.2]bgpd: Prevent crash in bgp_table_range_lookup (#5454)
[7.2]bgpd: Prevent crash in bgp_table_range_lookup
Co-authored-by: Mark Stapp <mjs@voltanet.io>
commit e48a264e5c598a63c794c4024e3d70013af9d798
Author: Mark Stapp <mjs@voltanet.io>
Date: Mon Nov 11 12:22:38 2019 -0500
ospfd,eigrpd: don't take address of packed struct member
Use a local variable to avoid trying to take the address
of a packed struct member - an address from the ip header
in these cases.
Signed-off-by: Mark Stapp <mjs@voltanet.io>
commit 4093d1ede9a6ddaf14324e01ba114b731723c159
Author: Donald Sharp <sharpd@cumulusnetworks.com>
Date: Mon Dec 2 09:37:47 2019 -0500
bgpd: Prevent crash in bgp_table_range_lookup
The function bgp_table_range_lookup attempts to walk down
the table node data structures to find a list of matching
nodes. We need to guard against the current node from
not matching and not having anything in the child nodes.
Add a bit of code to guard against this.
Traceback that lead me down this path:
Nov 24 12:22:38 frr bgpd[20257]: Received signal 11 at 1574616158 (si_addr 0x2, PC 0x46cdc3); aborting...
Nov 24 12:22:38 frr bgpd[20257]: Backtrace for 11 stack frames:
Nov 24 12:22:38 frr bgpd[20257]: /lib64/libfrr.so.0(zlog_backtrace_sigsafe+0x67) [0x7fd1ad445957]
Nov 24 12:22:38 frr bgpd[20257]: /lib64/libfrr.so.0(zlog_signal+0x113) [0x7fd1ad445db3]1ad445957]
Nov 24 12:22:38 frr bgpd[20257]: /lib64/libfrr.so.0(+0x70e65) [0x7fd1ad465e65]ad445db3]1ad445957]
Nov 24 12:22:38 frr bgpd[20257]: /lib64/libpthread.so.0(+0xf5f0) [0x7fd1abd605f0]45db3]1ad445957]
Nov 24 12:22:38 frr bgpd[20257]: /usr/lib/frr/bgpd(bgp_table_range_lookup+0x63) [0x46cdc3]445957]
Nov 24 12:22:38 frr bgpd[20257]: /usr/lib64/frr/modules/bgpd_rpki.so(+0x4f0d) [0x7fd1a934ff0d]57]
Nov 24 12:22:38 frr bgpd[20257]: /lib64/libfrr.so.0(thread_call+0x60) [0x7fd1ad4736e0]934ff0d]57]
Nov 24 12:22:38 frr bgpd[20257]: /lib64/libfrr.so.0(frr_run+0x128) [0x7fd1ad443ab8]e0]934ff0d]57]
Nov 24 12:22:38 frr bgpd[20257]: /usr/lib/frr/bgpd(main+0x2e3) [0x41c043]1ad443ab8]e0]934ff0d]57]
Nov 24 12:22:38 frr bgpd[20257]: /lib64/libc.so.6(__libc_start_main+0xf5) [0x7fd1ab9a5505]f0d]57]
Nov 24 12:22:38 frr bgpd[20257]: /usr/lib/frr/bgpd() [0x41d9bb]main+0xf5) [0x7fd1ab9a5505]f0d]57]
Nov 24 12:22:38 frr bgpd[20257]: in thread bgpd_sync_callback scheduled from bgpd/bgp_rpki.c:351#012; aborting...
Nov 24 12:22:38 frr watchfrr[6779]: [EC 268435457] bgpd state -> down : read returned EOF
Nov 24 12:22:38 frr zebra[5952]: [EC 4043309116] Client 'bgp' encountered an error and is shutting down.
Nov 24 12:22:38 frr zebra[5952]: zebra/zebra_ptm.c:1345 failed to find process pid registration
Nov 24 12:22:38 frr zebra[5952]: client 15 disconnected. 0 bgp routes removed from the rib
I am not really 100% sure what we are really trying to do with this function, but we must
guard against child nodes not having any data.
Fixes: #5440
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
commit 6fb64ab413008e38c04f0f3a0334472aeaaf5a1a
Merge: d49e8f75b 7e599e703
Author: Donatas Abraitis <donatas.abraitis@gmail.com>
Date: Mon Dec 2 09:59:37 2019 +0200
Merge pull request #5447 from donaldsharp/7.2_bgp_show_json_mem_leak
[7.2]bgpd: Fix memory leak in json output of show commands
commit 7e599e7035bd5118cdd245c9e8318ecc6264e42e
Author: Donald Sharp <sharpd@cumulusnetworks.com>
Date: Sun Dec 1 09:29:32 2019 -0500
bgpd: Fix memory leak in json output of show commands
When dumping a large bit of table data via bgp_show_table
and if there is no information to display for a particular
`struct bgp_node *` the data allocated via json_object_new_array()
is leaked. Not a big deal on small tables but if you have a full
bgp feed and issue a show command that does not match any of
the route nodes ( say `vtysh -c "show bgp ipv4 large-community-list FOO"`)
then we will leak memory.
Before code change and issuing the above show bgp large-community-list command 15-20 times:
Memory statistics for bgpd:
System allocator statistics:
Total heap allocated: > 2GB
Holding block headers: 0 bytes
Used small blocks: 0 bytes
Used ordinary blocks: > 2GB
Free small blocks: 31 MiB
Free ordinary blocks: 616 KiB
Ordinary blocks: 0
Small blocks: 0
Holding blocks: 0
After:
Memory statistics for bgpd:
System allocator statistics:
Total heap allocated: 924 MiB
Holding block headers: 0 bytes
Used small blocks: 0 bytes
Used ordinary blocks: 558 MiB
Free small blocks: 26 MiB
Free ordinary blocks: 340 MiB
Ordinary blocks: 0
Small blocks: 0
Holding blocks: 0
Please note the 340mb of free ordinary blocks is from the fact I issued a
`show bgp ipv4 uni json` command and generated a large amount of data.
Fixes: #5445
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
commit d49e8f75bd46879c799375f304506dbc5d26230f
Merge: e8afcca0e c05c48621
Author: Donald Sharp <sharpd@cumulusnetworks.com>
Date: Thu Nov 21 10:00:32 2019 -0500
Merge pull request #5391 from opensourcerouting/bfd-vrf-fix
[7.2] bfdd: fix multiple VRF handling
commit e8afcca0e7a6c34c4c6dcff39506b951c4bfe408
Merge: fd87438fd ea2bdae8c
Author: Donald Sharp <sharpd@cumulusnetworks.com>
Date: Thu Nov 21 09:59:08 2019 -0500
Merge pull request #5392 from ton31337/fix/update_rib_on_bgp_distance_changes_7.2
bgpd: [7.2] Reflect the distance in RIB when it is changed for an arbitrary afi/safi
commit fd87438fd982d7bb169cf7a60eb41cc99467a690
Merge: a34be0bd0 bf799e10d
Author: Donald Sharp <sharpd@cumulusnetworks.com>
Date: Thu Nov 21 09:57:48 2019 -0500
Merge pull request #5395 from ton31337/fix/send_BGP_NOTIFY_CEASE_PEER_UNCONFIG_after_no_neighbor_7.2
bgpd: [7.2] Notify "Peer De-configured" after entering 'no neighbor <neighbor> cmd'
commit bf799e10dc843d6a0144b9c31985ed57fbdf7c19
Author: Donatas Abraitis <donatas.abraitis@gmail.com>
Date: Tue Nov 5 14:33:31 2019 +0200
bgpd: Notify "Peer De-configured" after entering 'no neighbor <neighbor> cmd'
Before changes:
~# vtysh -c 'show ip bgp neighbors 192.168.0.2 json' | \
jq '."192.168.0.2".lastNotificationReason'
null
After changes:
~# vtysh -c 'show ip bgp neighbors 192.168.0.2 json' | \
jq '."192.168.0.2".lastNotificationReason'
"Cease/Peer Unconfigured"
Signed-off-by: Donatas Abraitis <donatas.abraitis@gmail.com>
commit ea2bdae8cc989b872e318fb53877a7d25fbae92c
Author: Donatas Abraitis <donatas.abraitis@gmail.com>
Date: Thu Oct 31 11:17:45 2019 +0200
tests: Test if `distance bgp (1-255) (1-255) (1-255)` works
Signed-off-by: Donatas Abraitis <donatas.abraitis@gmail.com>
commit 51fda29c991dfbf752547bdfd2c16de8ec9d263c
Author: Donatas Abraitis <donatas.abraitis@gmail.com>
Date: Thu Oct 31 09:53:18 2019 +0200
bgpd: Reflect the distance in RIB when it is changed for an arbitrary afi/safi
debian-9# show ip route 192.168.255.2/32 longer-prefixes
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
F - PBR, f - OpenFabric,
> - selected route, * - FIB route, q - queued route, r - rejected route
B>* 192.168.255.2/32 [20/0] via 192.168.0.1, eth1, 00:15:22
debian-9# conf
debian-9(config)# router bgp 100
debian-9(config-router)# address-family ipv4
debian-9(config-router-af)# distance bgp 123 123 123
debian-9(config-router-af)# do show ip route 192.168.255.2/32 longer-prefixes
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
F - PBR, f - OpenFabric,
> - selected route, * - FIB route, q - queued route, r - rejected route
B>* 192.168.255.2/32 [123/0] via 192.168.0.1, eth1, 00:00:09
debian-9(config-router-af)# no distance bgp
debian-9(config-router-af)# do show ip route 192.168.255.2/32 longer-prefixes
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
F - PBR, f - OpenFabric,
> - selected route, * - FIB route, q - queued route, r - rejected route
B>* 192.168.255.2/32 [20/0] via 192.168.0.1, eth1, 00:00:02
debian-9(config-router-af)#
Signed-off-by: Donatas Abraitis <donatas.abraitis@gmail.com>
commit a34be0bd0ef400793a2dc857887f151b9655fe13
Merge: 776ff7971 5bc971f37
Author: Donatas Abraitis <donatas.abraitis@gmail.com>
Date: Wed Nov 20 20:36:41 2019 +0200
Merge pull request #5387 from donaldsharp/7.2_cherrys
[7.2] cherrys
commit c05c48621c94582bce6ddb6e3f316f8a010c9bb0
Author: Rafael Zalamena <rzalamena@opensourcerouting.org>
Date: Wed Nov 20 15:10:10 2019 -0300
bfdd: fix multiple VRF handling
Use the interface VRF information instead of relying on the VRF specific
socket information.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
commit 5bc971f375be8bd70049980febd80751a721e4e2
Author: Quentin Young <qlyoung@cumulusnetworks.com>
Date: Tue Nov 19 21:47:40 2019 -0500
pimd: fix bsm buflen check to include pim hdr
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
commit bf55cd5f47c5d30f1f3067cd9373a9c43ce7a069
Author: Donald Sharp <sharpd@cumulusnetworks.com>
Date: Tue Nov 19 19:36:19 2019 -0500
pimd: Various buffer overflow reads and crashes
A variety of buffer overflow reads and crashes
that could occur if you fed bad info into pim.
1) When type is setup incorrectly we were printing the first 8 bytes
of the pim_parse_addr_source, but the min encoding length is
4 bytes. As such we will read beyond end of buffer.
2) The RP(pim, grp) macro can return a NULL value
Do not automatically assume that we can deref
the data.
3) BSM parsing was not properly sanitizing data input from wire
and we could enter into situations where we would read beyond
the end of the buffer. Prevent this from happening, we are
probably left in a bad way.
4) The received bit length cannot be greater than 32 bits,
refuse to allow it to happen.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
commit 11e1660b74272ba3d76839ddcd106ebab52e662f
Author: Donald Sharp <sharpd@cumulusnetworks.com>
Date: Tue Nov 19 08:22:50 2019 -0500
pimd: Fix possible read beyond end of data received
If a register packet is received that is less than the PIM_MSG_REGISTER_LEN
in size we can have a possible situation where the data being
checksummed is just random data from the buffer we read into.
2019/11/18 21:45:46 warnings: PIM: int pim_if_add_vif(struct interface *, _Bool, _Bool): could not get address for interface fuzziface ifindex=0
==27636== Invalid read of size 4
==27636== at 0x4E6EB0D: in_cksum (checksum.c:28)
==27636== by 0x4463CC: pim_pim_packet (pim_pim.c:194)
==27636== by 0x40E2B4: main (pim_main.c:117)
==27636== Address 0x771f818 is 0 bytes after a block of size 24 alloc'd
==27636== at 0x4C2FB0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==27636== by 0x40E261: main (pim_main.c:112)
==27636==
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
commit cc2ce7e67951cfba8822bcfff24ca495acc4525a
Author: Donald Sharp <sharpd@cumulusnetworks.com>
Date: Tue Nov 19 15:46:42 2019 -0500
zebra: Router Advertisement socket mess up
The code for when a new vrf is created to properly handle
router advertisement for it is messed up in several ways:
1) Generation of the zrouter data structure should set the rtadv
socket to -1 so that we don't accidently close someone elses
open file descriptor
2) When you created a new zvrf instance *after* bootup we are XCALLOC'ing
the data structure so the zvrf->fd was 0. The shutdown code was looking
for the >= 0 to know if the fd existed (since fd 0 is valid!)
This sequence of events would cause zebra to consume 100% of the
cpu:
Run zebra by itself ( no other programs )
ip link add vrf1 type vrf table 1003
ip link del vrf vrf1
vtysh -c "configure" -c "no interface vrf1"
This commit fixes this issue.
Fixes: #5376
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
commit 776ff7971fd984f0db5a970a869a7d0fc5503007
Merge: 1bee0d4bd c1018b453
Author: Donald Sharp <sharpd@cumulusnetworks.com>
Date: Tue Nov 19 17:47:24 2019 -0500
Merge pull request #5374 from opensourcerouting/snap-vrrpd-7.2
snapcraft: Add vrrpd to the snapcraft package [7.2]
commit c1018b4538582b6b3fca69e41a0594715c0cc513
Author: Martin Winter <mwinter@opensourcerouting.org>
Date: Sat Nov 9 16:27:04 2019 +0100
snapcraft: Add vrrpd to the snapcraft package
Signed-off-by: Martin Winter <mwinter@opensourcerouting.org>
commit 1bee0d4bd7f1cf164f3201b7b935842562110147
Merge: 2baa9d6aa 5d0eedd41
Author: Donald Sharp <sharpd@cumulusnetworks.com>
Date: Tue Nov 19 07:41:17 2019 -0500
Merge pull request #5365 from ton31337/fix/addpath_total_peer_update_7.2
bgpd: [7.2] Fix per afi/safi addpath peer counting
commit 5d0eedd41035dedf998f9a6132b23ca7c6e13adc
Author: Mitch Skiba <mskiba@amazon.com>
Date: Thu Nov 14 19:28:23 2019 +0000
bgpd: Fix per afi/safi addpath peer counting
The total_peercount table was created as a short cut for queries about
if addpath was enabled at all on a particular afi/safi. However, the
values weren't updated, so BGP would act as if addpath wasn't enabled
when determining if updates should be sent out. The error in behavior
was much more noticeable in tx-all than best-per-as, since changes in
what is sent by best-per-as would often trigger updates even if addpath
wasn't enabled.
Signed-off-by: Mitchell Skiba <mskiba@amazon.com>
commit 2baa9d6aa16274c47569f42f1639a0be742668f7
Merge: 609eb01c4 a77bc2368
Author: Jafar Al-Gharaibeh <Jafaral@users.noreply.github.com>
Date: Mon Nov 18 22:04:30 2019 -0600
Merge pull request #5362 from donaldsharp/72_pim_crash_rp
[7.2] pim crash rp
commit 3104f78b9543ce04acd15e73921d79cd2ec64df0
Author: David Lamparter <equinox@diac24.net>
Date: Mon Nov 18 23:48:18 2019 +0100
debian: sync up with 7.2-1 unstable
Signed-off-by: David Lamparter <equinox@diac24.net>
commit 797963a8722571a5015216467dd87af83429097f
Merge: 47336e4d0 b606b4e7f
Author: David Lamparter <equinox@diac24.net>
Date: Mon Nov 18 23:42:12 2019 +0100
Merge tag 'frr-7.2' into debian/experimental
FRRouting Release 7.2
commit a77bc2368bd62501c4a04cfa014f3c2a44f9c196
Author: Donald Sharp <sharpd@cumulusnetworks.com>
Date: Mon Nov 18 11:43:52 2019 -0500
pimd: Create pimreg interface when we start any interface config
When you configure interface configuration without explicitly
configuring pim on that interface, we were not creating the pimreg
interface and as such we would crash in an attempted register
since the pimreg device is non-existent.
The crash is this:
==8823== Invalid read of size 8
==8823== at 0x468614: pim_channel_add_oif (pim_oil.c:392)
==8823== by 0x46D0F1: pim_register_join (pim_register.c:61)
==8823== by 0x449AB3: pim_mroute_msg_nocache (pim_mroute.c:242)
==8823== by 0x449AB3: pim_mroute_msg (pim_mroute.c:661)
==8823== by 0x449AB3: mroute_read (pim_mroute.c:707)
==8823== by 0x4FC0676: thread_call (thread.c:1549)
==8823== by 0x4EF3A2F: frr_run (libfrr.c:1064)
==8823== by 0x40DCB5: main (pim_main.c:162)
==8823== Address 0xc8 is not stack'd, malloc'd or (recently) free'd
pim_register_join calls pim_channel_add_oif with:
pim_channel_add_oif(up->channel_oil, pim->regiface,
PIM_OIF_FLAG_PROTO_PIM);
We just need to make srue pim->regiface exists once we start configuring
pim.
Fixes: #5358
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
commit 71533999cb8daed43ed01baa92d6b45510203751
Author: Donald Sharp <sharpd@cumulusnetworks.com>
Date: Mon Nov 18 10:48:49 2019 -0500
pimd: Dissallow obvious addresses from being the RP
When configuring a RP, dissallow the choice of 0.0.0.0 or
255.255.255.255 as the address as that they make no sense
what so ever.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
commit 609eb01c4492e45c7f1b41ef5c9ac0459b21f69c
Merge: 87512c02b 38078904a
Author: Sri Mohana Singamsetty <srimohans@gmail.com>
Date: Fri Nov 15 15:39:14 2019 -0800
Merge pull request #5336 from opensourcerouting/ldpd-buffer-overflow-7.2
[7.2] ldpd: add missing sanity check in the parsing of label messages
commit 87512c02b15afbda6e893646e87471a3b9f49dad
Merge: 4875c110d fb01148a1
Author: Donald Sharp <sharpd@cumulusnetworks.com>
Date: Fri Nov 15 07:34:58 2019 -0500
Merge pull request #5347 from ton31337/fix/bgp_dampening_per_afi_safi_7.2
bgpd: [7.2] Rework BGP dampening to be per AFI/SAFI
commit fb01148a1de8770668dba57a4e2f4d6bf83e23aa
Author: Donatas Abraitis <donatas.abraitis@gmail.com>
Date: Tue Nov 12 13:23:24 2019 +0200
doc: Append documentation for `bgp dampening` command
Signed-off-by: Donatas Abraitis <donatas.abraitis@gmail.com>
commit 72a0f11da263bd81550487204593a88cd4b9be74
Author: Donatas Abraitis <donatas.abraitis@gmail.com>
Date: Sun Nov 10 20:13:20 2019 +0200
bgpd: Rework BGP dampening to be per AFI/SAFI
Before we had:
!
router bgp 65031
bgp dampening 1 2 3 4
!
exit2-debian-9(config)# router bgp 65031
exit2-debian-9(config-router)# address-family ipv4 multicast
exit2-debian-9(config-router-af)# bgp dampening 5 6 7 8
exit2-debian-9(config-router-af)# end
exit2-debian-9# show running-config
!
router bgp 65031
bgp dampening 1 2 3 4
!
After fix:
!
router bgp 65031
neighbor 192.168.1.2 remote-as 100
!
address-family ipv4 unicast
bgp dampening 1 2 3 4
exit-address-family
!
address-family ipv4 multicast
bgp dampening 5 6 7 8
exit-address-family
!
exit2-debian-9# show ip bgp ipv4 unicast dampening parameters
Half-life time: 1 min
Reuse penalty: 2
Suppress penalty: 3
Max suppress time: 4 min
Max suppress penalty: 32
exit2-debian-9# show ip bgp ipv4 multicast dampening parameters
Half-life time: 5 min
Reuse penalty: 6
Suppress penalty: 7
Max suppress time: 8 min
Max suppress penalty: 18
Signed-off-by: Donatas Abraitis <donatas.abraitis@gmail.com>
commit 38078904aa3c2013dd18f2a19bd3b3ba27b43991
Author: Renato Westphal <renato@opensourcerouting.org>
Date: Wed Nov 13 21:51:06 2019 -0300
ldpd: add missing sanity check in the parsing of label messages
Validate that the FEC prefix length is within the allowed limit
(depending on the FEC address family) in order to prevent possible
buffer overflows.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
