Report the routes metric in IPFORWARDMETRIC1 and return
-1 for the other metrics as required by the IP-FORWARD-MIB.
inetCidrRouteMetric2 OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"An alternate routing metric for this route. The
semantics of this metric are determined by the routing-
protocol specified in the route's inetCidrRouteProto
value. If this metric is not used, its value should be
set to -1."
DEFVAL { -1 }
::= { inetCidrRouteEntry 13 }
I've included metric2 but it's the same for all of them.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
(cherry picked from commit e41ae0acc1)
The snmp walk of the zebra rib was skipping entries
because in_addr_cmp was replaced with a prefix_cmp
which worked slightly differently causing parts
of the zebra rib tree to be skipped.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
(cherry picked from commit ecd9d441b0)
When sending down a babel route do not remove then
add it back. Just send down the change. This
change will not cause packets to be dropped now.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
(cherry picked from commit 63e2c092a3)
Babel was thinking it was talking to the kernel for
route installation instead of zebra. Pass down the
metric instead.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
(cherry picked from commit b4c88abe9f)
When parsing the SR-Algorithm TLV in the OSPF Router Information Opaque
LSA, assure that not more than the maximum number of supported
algorithms are copied from the TLV.
Signed-off-by: Acee Lindem <acee@lindem.com>
(cherry picked from commit 0dc969185f)
A double-free crash happens when a subTLV of the "Router Capability"
TLV is not readable and a previous "Router Capability" TLV was read.
rcap was supposed to be freed later by isis_free_tlvs() ->
free_tlv_router_cap(). In 78774bbcd5 ("isisd: add isis flex-algo lsp
advertisement"), this was not the case because rcap was not saved to
tlvs->router_cap when the function returned early because of a subTLV
length issue.
Always set tlvs->router_cap to free the memory.
Note that this patch has the consequence that in case of subTLV error,
the previously read "Router Capability" subTLVs are kept in memory.
Fixes: 49efc80d34 ("isisd: Ensure rcap is freed in error case")
Fixes: 78774bbcd5 ("isisd: add isis flex-algo lsp advertisement")
Reported-by: Iggy Frankovic <iggyfran@amazon.com>
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
(cherry picked from commit d61758140d)
When an NHRP peer was forwarding a message, it was copying all
extensions from the originally received packet. The authentication
extension must be regenerated hop by hop per RFC2332.
This fix checks for the auth extension when copying extensions
and omits the original packet auth and instead regenerates a new auth extension.
Fix bug #16507
Signed-off-by: Denys Haryachyy <garyachy@gmail.com>
(cherry picked from commit 8e3c278bbc)
- bgpd
- Fix as-path exclude modify crash
- Fix, do not access peer->notify.data when it is null
- Fix crash at no rpki
- Ignore RFC8212 for BGP Confederations
- Fix for CVE-2024-44070
- Relax OAD (One-Administration-Domain) for RFC8212
- Fix "bgp as-pah access-list" with "set aspath exclude" set/unset issues
- Check if we have really enough data before doing memcpy for FQDN capability
- Check if we have really enough data before doing memcpy for software version
- Set last reset reason to admin shutdown if it was manually
- Fix do not use api.backup_nexthop in ZAPI message
- isisd
- Fix crash when reading asla
- Add missing `exit` statement
- Fix update link params after circuit is up
- Fix crash at flex-algo without mpls-te
- Fix memory handling in isis_adj_process_threeway()
- Fix crash when calculating the neighbor spanning tree based on the fragmented LSP
- Fix crash when obtaining the next hop to calculate LFA on LAN links
- Fix memory leaks when the transition of neighbor state from non-UP to DOWN
- fix crash when displaying asla in json
- pimd
- Fix crash in pimd
- Fix msdp setting of sa->rp
- Fix crash on non-existent interface
- nhrpd
- Fix sending /32 shortcut
- mgmtd
- Don't add implicit state data when reading config from file
- Fix too early daemon detach of mgmtd
- ripd
- Fix show run output for distribute-list
- lib
- Fix distribute-list deletion
- Fix crash on distribute-list delete
- Fix incorrect use of error checking macro
- yang
- Added missed prefix to the yang file
- ospfd
- Fix internal ldp-sync state flags when feature is disabled
- ldpd
- Fix wrong gtsm count
- ripd
- Change the start value of sequence 1 to 0
- zebra
- Fix evpn mh bond member proto reinstall
- Fix to avoid two Vrfs with same table ids
- Fix missing static routes
- Ensure non-equal id's are not same nhg's
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
In build() stage of abuild, it does `apk index ...` where frr* packages
are unsigned. We don't sign them here, and thus we need to specify `--allow-untrusted`.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
In build() stage of abuild, it does `apk index ...` where libyang* packages
are unsigned. We don't sign them here, and thus we need to specify `--allow-untrusted`.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
isisd is crashing when reading a ASLA sub-TLV with Application
Identifier Bit Mask length greater than 1 octet.
Set a limit of 8 bytes in accordance with RFC9479 and check that the
received value does not exceed the limit.
Reported-by: Iggy Frankovic <iggyfran@amazon.com>
Link: https://www.rfc-editor.org/rfc/rfc9479.html#name-application-identifier-bit-
Fixes: 5749ac83a8 ("isisd: add ASLA support")
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
(cherry picked from commit f1bc6c5d81)
If the link-params are set when the circuit not yet up, the link-params
are never updated.
isis_link_params_update() is called from isis_circuit_up() but returns
immediately because circuit->state != C_STATE_UP. circuit->state is
updated in isis_csm_state_change after isis_circuit_up().
> struct isis_circuit *isis_csm_state_change(enum isis_circuit_event event,
> struct isis_circuit *circuit,
> void *arg)
> {
> [...]
> if (isis_circuit_up(circuit) != ISIS_OK) {
> isis_circuit_deconfigure(circuit, area);
> break;
> }
> circuit->state = C_STATE_UP;
> isis_event_circuit_state_change(circuit, circuit->area,
> 1);
Do not return isis_link_params_update() if circuit->state != C_STATE_UP.
Fixes: 0fdd8b2b11 ("isisd: update link params after circuit is up")
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
(cherry picked from commit 6ce6b7a856)
Fix show nhrp shortcut json
Fixes: 87b9e98203 ("nhrpd: add json support to show nhrp vty commands")
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
(cherry picked from commit 7028e39986)
Fully check the NHRP convergence after setting nhs1 down. Otherwise the
ping may pass because the previous shortcut is still present.
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
(cherry picked from commit 9aa78070e0)
After setting down nhs1, the test is checking that nhc1 routing table
matches routes in nhc1/nhrp_route.json. It is incorrect because it
checks that the NHRP route to nhs1 is still present but it should have
disappeared.
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
(cherry picked from commit df630bbc3e)
Rename router variables in nhrp_redundancy to match the actual name.
Cosmetic change to help debugging.
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
(cherry picked from commit 551c3290ed)
The expected prefix should be 5.5.5.0/24 otherwise the hosts behind NHRP
client 1 nhc1 (aka. r5) are not reachable via NHRP.
The issue was not seen in the FRR official CI because the tests were
skipped because iptables were missing in CI machines.
It solves the 16690 issue.
Fixes: https://github.com/FRRouting/frr/issues/16690
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
(cherry picked from commit cfb057ae3c)
This test was killing bgp on r1 and r2
and then immediately testing that the
default route transitioned. Unfortunately
the test was written that under load the
system might be in a bad state. Let's
modify the code to check for a bgp version
change and then that the bgp state has
come back up
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
(cherry picked from commit 598d9a1f17)
Test fails:
test_func = partial(
topotest.router_json_cmp,
router,
"show ip ospf vrf {0}-ospf-cust1 json".format(rname),
expected,
)
_, diff = topotest.run_and_expect(test_func, None, count=10, wait=0.5)
assertmsg = '"{}" JSON output mismatches'.format(rname)
> assert diff is None, assertmsg
E AssertionError: "r1" JSON output mismatches
E assert Generated JSON diff error report:
E
E > $->r1-ospf-cust1->areas->0.0.0.0->nbrFullAdjacentCounter: output has element with value '1' but in expected it has value '2'
/home/sharpd/frr2/tests/topotests/ospf_netns_vrf/test_ospf_netns_vrf.py:239: AssertionError
Support bundle has this data:
r1# show ip ospf vrf all neighbor
% 2024/08/28 14:55:54.763
VRF Name: r1-ospf-cust1
Neighbor ID Pri State Up Time Dead Time Address Interface RXmtL RqstL DBsmL
10.0.255.3 1 Full/DR 10.547s 39.456s 10.0.3.1 r1-eth1:10.0.3.2 0 0 0
10.0.255.2 1 Full/Backup 0.543s 38.378s 10.0.3.3 r1-eth1:10.0.3.2 1 0 0
So immediately after the test fails this test, the neighbor comes up.
Let's give the test a bit more time for failure to not happen
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
(cherry picked from commit d58c44cebe)
Giving only 5 seconds to pass bgp data to peers on a heavily
loaded system is a recipe for not having fun. Add more time.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
(cherry picked from commit 3797454a2a)
