Commit Graph

20841 Commits

Author SHA1 Message Date
Donatas Abraitis
1da90d136a
Merge pull request #7054 from qlyoung/fix-bgp-mplsvpn-nlri-missing-length-checks
bgpd: fix mplsvpn nlri garbage heap read
2020-09-05 08:17:15 +03:00
Renato Westphal
dcdaabcede
Merge pull request #7046 from qlyoung/fix-various-integer-issues
Fix various integer signedness / overflow issues
2020-09-04 22:33:48 -03:00
Renato Westphal
c7b5a0ae3a
Merge pull request #7055 from qlyoung/fix-bgp-localpref-overflow
bgpd: fix asserting read of localpref
2020-09-04 18:56:46 -03:00
Renato Westphal
b686742e2b
Merge pull request #6934 from Niral-Networks/niral_dev_vrf_isis_core_pr4
isisd, yang, doc : Support for different VRF in ISIS.
2020-09-04 18:44:56 -03:00
Renato Westphal
4c13526b07
Merge pull request #6971 from volta-networks/fix_ldp_no_config
ldpd: Fix issue when starting up LDP with no configuration.
2020-09-04 16:39:16 -03:00
Donatas Abraitis
08194f561e
Merge pull request #6589 from NaveenThanikachalam/gr_fixes
bgpd: GR fixes
2020-09-04 18:39:26 +03:00
lynne
955357174f ldpd: Fix issue when starting up LDP with no configuration.
LDP would mark all routes as learned on a non-ldp interface.  Then
when LDP was configured the labels were not updated correctly.  This
commit fixes issues 6841 and 6842.

Signed-off-by: Lynne Morrison <lynne@voltanet.io>
2020-09-04 09:24:47 -04:00
Donatas Abraitis
f6af4aecf4
Merge pull request #6826 from pjdruddy/bgp-auth-vrf-frr
Bgp auth vrf frr
2020-09-04 16:03:47 +03:00
Donald Sharp
80334e5acf
Merge pull request #7053 from mjstapp/fix_ospf6_intf_sa
ospf6d: fix SA warning
2020-09-04 06:47:07 -04:00
Donald Sharp
dc01e6f3f4
Merge pull request #7052 from mjstapp/fix_stream_get_data
lib: remove unused stream_get_data api
2020-09-03 20:45:05 -04:00
Donald Sharp
0022cda07d
Merge pull request #6891 from opensourcerouting/feature/sr-te-bgpd
bgpd: Add support for SR-TE Policies in route-maps
2020-09-03 14:52:30 -04:00
Quentin Young
763a5d3c2d bgpd: use stream_rewind_getp() to remove overflow
Passing a negative argument to a size_t parameter creates an overflow
condition

Signed-off-by: Quentin Young <qlyoung@nvidia.com>
2020-09-03 14:23:57 -04:00
Quentin Young
06cf2c0c36 lib: add stream_rewind_getp()
stream_forward_getp() cannot be used with negative numbers due to the
size_t argument, we'll end up doing overflow arithmetic.

Signed-off-by: Quentin Young <qlyoung@nvidia.com>
2020-09-03 14:23:54 -04:00
Quentin Young
ad61f7780e bgpd: fix asserting read of localpref
Attribute may not be long enough to contain a localpref value, resulting
in an assert on stream size. Gracefully handle this case instead.

Signed-off-by: Quentin Young <qlyoung@nvidia.com>
2020-09-03 14:10:33 -04:00
Quentin Young
506dbcc86b bgpd: fix mplsvpn nlri garbage heap read
NLRI parsing for mpls vpn was missing several length checks that could
easily result in garbage heap reads past the end of nlri->packet.

Convert the whole function to use stream APIs for automatic bounds
checking...

Signed-off-by: Quentin Young <qlyoung@nvidia.com>
2020-09-03 14:06:30 -04:00
Martin Winter
0c7b459c2c
Merge pull request #6926 from kuldeepkash/dynamic_route_leak
tests: Add bgp_vrf_dynamic_route_leak test suite
2020-09-03 19:03:22 +02:00
Mark Stapp
f6d11a9bf6 ospf6d: fix SA warning
Fix an SA issue in ospf6_interface.c.

Signed-off-by: Mark Stapp <mjs@voltanet.io>
2020-09-03 12:57:36 -04:00
Mark Stapp
f845960b3f lib: remove unused stream_get_data api
Signed-off-by: Mark Stapp <mjs@voltanet.io>
2020-09-03 12:37:55 -04:00
Mark Stapp
09209b4858
Merge pull request #7043 from donaldsharp/bgp_features_speedup
tests: Speed up bgp_features topotests by a lot
2020-09-03 08:14:46 -04:00
Santosh P K
371ded520b
Merge pull request #6987 from Niral-Networks/acl_fix
lib, ospf : Fix when redist is performed with route-map using access-list
2020-09-03 09:51:21 +05:30
Quentin Young
e6464fdc18 lib: remove overflow arithmetic from hash stats
Signed values get converted to unsigned for addition, so when the value
to adjust a stats variable for hash tables was negative this resulted in
overflow arithmetic, which we generally don't want.

Signed-off-by: Quentin Young <qlyoung@nvidia.com>
2020-09-02 16:54:41 -04:00
Quentin Young
e9faf4be72 bgpd: make flag values explicitly unsigned
When using these flag #defines, by default their types are integers but
they are always used in conjunction with unsigned integers, which
introduces some implicit conversions that really ought to be avoided.

Signed-off-by: Quentin Young <qlyoung@nvidia.com>
2020-09-02 16:54:41 -04:00
Quentin Young
e117b7c528 lib: explicitly cast -1 to uid_t
We should be explicit about what's happening here

Signed-off-by: Quentin Young <qlyoung@nvidia.com>
2020-09-02 16:54:38 -04:00
Donald Sharp
4e2286abc8 tests: Speed up bgp_features topotests by a lot
Initial run of topotests on my machine takes ~210 seconds
With these changes we are at ~40 seconds

Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
2020-09-02 15:47:14 -04:00
Donald Sharp
842b9211ac
Merge pull request #6997 from opensourcerouting/cisco-acl-name
lib,yang: allow cisco access lists to use names plus fixes
2020-09-02 08:26:57 -04:00
Donald Sharp
b0d39af982
Merge pull request #7027 from Niral-Networks/niral_dev_vrf_ospf6
ospf6d : Preparing for ospf6d VRF support.
2020-09-02 08:25:09 -04:00
Donald Sharp
4223956546
Merge pull request #7033 from mjstapp/fix_pbr_nhg_sa
pbrd: fix SA warnings in nhg map
2020-09-02 08:20:21 -04:00
Kaushik
e641623d90 ospfd : Fix in lsa refresh when redist is done with route-map using access-list.
1. Minor change in distribute-list update timer based on lsa flag.

Co-authored-by: harios <hari@niralnetworks.com>
Signed-off-by: Kaushik <kaushik@niralnetworks.com>
2020-09-02 02:44:25 -07:00
Mark Stapp
ceb987a877
Merge pull request #7010 from wesleycoakley/pbrd-more-selective
pbrd: be more selective about route updates
2020-09-01 14:54:18 -04:00
Mark Stapp
9d0b324d5f pbrd: fix SA warning in nhg map
Fix SA warnings in nhg map functions.

Signed-off-by: Mark Stapp <mjs@voltanet.io>
2020-09-01 14:23:40 -04:00
Wesley Coakley
4bf97ce180 pbrd: nh "valid" semantics in nexthop tracking
Signed-off-by: Wesley Coakley <wcoakley@nvidia.com>
2020-09-01 12:34:48 -04:00
Kuldeep Kashyap
985195f2b4 tests: Add bgp_vrf_dynamic_route_leak test suite
1. Added test to verify bgp vrf dynamic route leak functionality
2. Total execution time is ~8 mins
3. Added kernel version check, these script would be run for kernel version >= 4.19

Signed-off-by: Kuldeep Kashyap <kashyapk@vmware.com>
2020-09-01 16:11:24 +00:00
Kuldeep Kashyap
bc0a514728 tests: Add f/w support for bgp_vrf_dynamic_route_leak tests automation
1. Adding f/w support for bgp_vrf_dynamic_route_leak tests automation

Signed-off-by: Kuldeep Kashyap <kashyapk@vmware.com>
2020-09-01 15:48:10 +00:00
Wesley Coakley
c59f754dd4 pbrd: be more selective about route updates
Given a received nexthop update, only send down an update to the
relevant nexthop group. Avoid sending down superfluous updates

Signed-off-by: Wesley Coakley <wcoakley@nvidia.com>
2020-09-01 11:11:43 -04:00
Olivier Dugeon
2e5b029865
Merge pull request #7003 from GalaxyGorilla/ospf_ti_lfa_prep
ospfd: use a new vertex list for every SPF run
2020-09-01 16:39:29 +02:00
Russ White
edec686a2a
Merge pull request #7016 from donaldsharp/pbr_vrf_is_burf
Pbr vrf is burf
2020-09-01 10:31:20 -04:00
Russ White
c2ce62e502
Merge pull request #7023 from donaldsharp/eigrp_fixups
Eigrp fixups
2020-09-01 10:20:32 -04:00
Mark Stapp
5529b39211
Merge pull request #7028 from xThaid/netlink_buff
zebra: increase netlink receive buffer size
2020-09-01 08:43:13 -04:00
Kaushik
c5d28568c6 ospf6d : Preparing for ospf6d VRF support.
1. Removed the VRF_DEFAULT dependency from ospf6d.
2. The dependency on show command still exist
   will be fixed when the ospf6 master is available.

Co-authored-by: Harios <hari@niralnetworks.com>
Signed-off-by: Kaushik <kaushik@niralnetworks.com>
2020-09-01 03:02:46 -07:00
Jakub Urbańczyk
97f8514460 zebra: increase netlink receive buffer size
Signed-off-by: Jakub Urbańczyk <xthaid@gmail.com>
2020-09-01 11:35:16 +02:00
Pat Ruddy
318c1fa36f tests: topotest for bgp authentication
18 tests which cover
authenticated passord session extablishment
password removal
wrong password
over default, default prefix-based, vrf, vrf prefix-based, multi-vrf and
multi-vrf prefix-based configurations

Signed-off-by: Pat Ruddy <pat@voltanet.io>
2020-09-01 09:42:39 +01:00
Pat Ruddy
2734ff6bd8 bgpd: do not clear password if peer is dynamic
When deleting a dynamic peer, unsetting md5 password would cause
it to be unset on the listener allowing unauthenticated connections
from any peer in the range.
Check for dynamic peers in peer delete and avoid this.

Signed-off-by: Pat Ruddy <pat@voltanet.io>
2020-09-01 09:42:39 +01:00
Pat Ruddy
a4faae3aac bgpd: associate listener with the appropriate bgp instance
When setting authentication on a BGP peer in a VRF the listener is
looked up from a global list. However there is no check that the
listener is the one associated with the VRF being configured. This
can result in the wrong listener beiong configured with a password,
leaving the intended listener in an open authentication state.
To simplify this lookup stash a pointer to the bgp instance in
the listener on creating (in the same way as is done for NS-based
VRFS).

Signed-off-by: Pat Ruddy <pat@voltanet.io>
2020-09-01 09:42:26 +01:00
harios_niral
9375b5aa24 topotests : Topotest for different VRF in isisd
1. Topotest for isis-vrf is added for ipv4 and ipv6.
2. Test case for checking isis topology.
3. Test case for checking zebra isis routes.
4. Test case for checking linux vrf routes.
5. 2 new API's written in topotest/lib for checking vrf routes.

Co-authored-by: Kaushik <kaushik@niralnetworks.com>"
Signed-off-by: harios_niral <hari@niralnetworks.com>
2020-09-01 00:56:44 -07:00
harios_niral
65251ce80f doc, yang, isisd : Support for different VRF in isisd
1. Added isis with different vrf and it's dependecies.
2. Added new vrf leaf in yang.
3. A minor change for IF_DOWN_FROM_Z passing argrument is
   replaced with ifp pointer in api "isis_if_delete_hook()".
4. Minor fix in the isisd spf unit test.

Co-authored-by: Kaushik <kaushik@niralnetworks.com>"
Signed-off-by: harios_niral <hari@niralnetworks.com>
2020-09-01 00:48:05 -07:00
Donald Sharp
fb41c4f32d eigrpd: make show ip eigrp vrf all neighbor work correctly
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
2020-08-31 14:42:09 -04:00
Donald Sharp
b1d26a4003 eigrpd: Make show ip eigrp vrf all interfaces work correctly
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
2020-08-31 14:41:32 -04:00
Quentin Young
ddffdcf728
Merge pull request #7025 from opensourcerouting/silence-cli-warning
lib: silence overly verbose CLI warning
2020-08-31 14:03:25 -04:00
Renato Westphal
1bd4306909 lib: silence overly verbose CLI warning
When not using the transactional CLI mode, do not display a
warning when a YANG-modeled commmand doesn't perform any effective
configuration change.

Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
2020-08-31 11:59:54 -03:00
Donald Sharp
10b3a32521 eigrpd: Fix show ip eigrp vrf all topology to actually work
Fix multiple forms of this command to behave appropriately
when `vrf all` is specified.

Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
2020-08-31 08:46:17 -04:00