fix #4810: update to current stable 8.5 branch

frr 8.5.1 has a critical bug evpn bug with Type-3 EVPN route This is fixed with https://github.com/FRRouting/frr/pull/14094 Not included in the currently newest tag 8.5.2, but already in stable/8.5 branch. Also includes a fix for a grave BGP issue, where a corrupted attribute 23 (Tunnel Encapsulation) will cause a session reset, thus allowing bad actors to cause potential outages from a distance. For details see: https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling Signed-off-by: Alexandre Derumier <aderumier@odiso.com> [ mention newly added BGP fix & reword ] Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com> update submodule to current stable/8.5 state Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2025-04-28 18:23:28 +00:00 · 2023-08-23 16:26:13 +02:00 · 2023-08-23 16:26:13 +02:00 · d0ce3ccdfd
commit d0ce3ccdfd
parent 3ceac3ba71
4 changed files with 1 additions and 120 deletions
--- a/debian/patches/frr/0001-zebra-fix-evpn-dup-detected.patch
+++ b/debian/patches/frr/0001-zebra-fix-evpn-dup-detected.patch
@ -1,46 +0,0 @@
 From bd65a991901f43e14b557fd5057130b4bee81df2 Mon Sep 17 00:00:00 2001
 From: Chirag Shah <chirag@nvidia.com>
 Date: Sat, 22 Oct 2022 16:00:14 -0700
 Subject: [PATCH] zebra:fix evpn dup detected local mac del event
 The current local mac delete event send to flag with force
 always which breaks the duplicate detected MACs where
 it requires to be resynced from bgpd to earlier state.
 Ticket:#3233019
 Issue:3233019
 Signed-off-by: Chirag Shah <chirag@nvidia.com>
 (cherry picked from commit 89844a967858d34de99bad8dcb410b4ab4e1dece)
 ---
 zebra/zebra_evpn_mac.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)
 diff --git a/zebra/zebra_evpn_mac.c b/zebra/zebra_evpn_mac.c
 index cebdb978add..25bdc9a877c 100644
 --- a/zebra/zebra_evpn_mac.c
 +++ b/zebra/zebra_evpn_mac.c
@@ -1044,12 +1044,11 @@ int zebra_evpn_macip_send_msg_to_client(vni_t vni,
 		char flag_buf[MACIP_BUF_SIZE];
 		zlog_debug(
 -			"Send MACIP %s f %s MAC %pEA IP %pIA seq %u L2-VNI %u ESI %s to %s",
 +			"Send MACIP %s f %s state %u MAC %pEA IP %pIA seq %u L2-VNI %u ESI %s to %s",
 			(cmd == ZEBRA_MACIP_ADD) ? "Add" : "Del",
 			zclient_evpn_dump_macip_flags(flags, flag_buf,
 						      sizeof(flag_buf)),
 -			macaddr, ip, seq, vni,
 -			es ? es->esi_str : "-",
 +			state, macaddr, ip, seq, vni, es ? es->esi_str : "-",
 			zebra_route_string(client->proto));
 	}
@@ -2451,7 +2450,7 @@ int zebra_evpn_del_local_mac(struct zebra_evpn *zevpn, struct zebra_mac *mac,
 	/* Remove MAC from BGP. */
 	zebra_evpn_mac_send_del_to_client(zevpn->vni, &mac->macaddr, mac->flags,
 -					  false /* force */);
 +					  clear_static /* force */);
 	zebra_evpn_es_mac_deref_entry(mac);
--- a/debian/patches/frr/0002-zebra-evpn-handle-del-event.patch
+++ b/debian/patches/frr/0002-zebra-evpn-handle-del-event.patch
@ -1,71 +0,0 @@
 From b6e64012549d7e2a5cf1f8ad67544c75998aa5fb Mon Sep 17 00:00:00 2001
 From: Chirag Shah <chirag@nvidia.com>
 Date: Tue, 30 Nov 2021 20:42:01 -0800
 Subject: [PATCH] zebra: evpn handle del event for dup detected mac
 Upon receiving local mobility event for MAC + NEIGH,
 both are detected as duplicate upon hitting DAD threshold.
 Duplicated detected ( freezed) MAC + NEIGH are not known
 to bgpd.
 If locally learnt MAC + NEIGH are deleted in kernel,
 the MAC is marked as AUTO after sending delete event
 to bgpd.
 Bgpd only reinstalls best route for MAC_IP route (NEIGH)
 but not for MAC event.
 This puts a situation where MAC is AUTO state and
 associated neigh as remote.
 Fix:
 DUPLICATE + LOCAL MAC deletion, set MAC delete request
 as reinstall from bgpd.
 Ticket:#2873307
 Reviewed By:
 Testing Done:
 Freeze MAC + two NEIGHs in local mobility event.
 Delete MAC and NEIGH from kerenl.
 bgp rsync remote mac route which puts MAC to remote state.
 Signed-off-by: Chirag Shah <chirag@nvidia.com>
 (cherry picked from commit ad7685de2871996469d370192af7afafc234a3ca)
 ---
 zebra/zebra_evpn_mac.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)
 diff --git a/zebra/zebra_evpn_mac.c b/zebra/zebra_evpn_mac.c
 index a2fe9fd00ba..cebdb978add 100644
 --- a/zebra/zebra_evpn_mac.c
 +++ b/zebra/zebra_evpn_mac.c
@@ -1347,16 +1347,26 @@ int zebra_evpn_mac_send_add_to_client(vni_t vni, const struct ethaddr *macaddr,
 int zebra_evpn_mac_send_del_to_client(vni_t vni, const struct ethaddr *macaddr,
 				      uint32_t flags, bool force)
 {
 +	int state = ZEBRA_NEIGH_ACTIVE;
 +
 	if (!force) {
 		if (CHECK_FLAG(flags, ZEBRA_MAC_LOCAL_INACTIVE)
 		    && !CHECK_FLAG(flags, ZEBRA_MAC_ES_PEER_ACTIVE))
 			/* the host was not advertised - nothing  to delete */
 			return 0;
 +
 +		/* MAC is LOCAL and DUP_DETECTED, this local mobility event
 +		 * is not known to bgpd. Upon receiving local delete
 +		 * ask bgp to reinstall the best route (remote entry).
 +		 */
 +		if (CHECK_FLAG(flags, ZEBRA_MAC_LOCAL) &&
 +		    CHECK_FLAG(flags, ZEBRA_MAC_DUPLICATE))
 +			state = ZEBRA_NEIGH_INACTIVE;
 	}
 	return zebra_evpn_macip_send_msg_to_client(
 -		vni, macaddr, NULL, 0 /* flags */, 0 /* seq */,
 -		ZEBRA_NEIGH_ACTIVE, NULL, ZEBRA_MACIP_DEL);
 +		vni, macaddr, NULL, 0 /* flags */, 0 /* seq */, state, NULL,
 +		ZEBRA_MACIP_DEL);
 }
 /*
--- a/debian/patches/series
+++ b/debian/patches/series
@ -1,4 +1,2 @@
 frr/0001-zebra-fix-evpn-dup-detected.patch
 frr/0002-zebra-evpn-handle-del-event.patch
 pve/0001-enable-bgp-daemon.patch
 pve/0002-bgpd-add-an-option-for-RT-auto-derivation-to-force-A.patch
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit 7a2b85ae52b354248fa9da04100efba0ec6c70c9
+Subproject commit 1622c2ece2f68e034b43fb037503514c2195aba5
		`@ -1 +1 @@`
			`Subproject commit 7a2b85ae52b354248fa9da04100efba0ec6c70c9`				`Subproject commit 1622c2ece2f68e034b43fb037503514c2195aba5`