224.0.0.0/24 cannot be used by igmp since this is reserved
for routing protocols and other low-level topology discovery or
maintenance protocols.
Fixes: #10614
Signed-off-by: Mobashshera Rasool <mrasool@vmware.com>
(cherry picked from commit fcfd479d99)
Restrict the number of nexthops for a route to the compiled-in
limit. Be careful with the zapi route struct's array of nexthops
too.
Signed-off-by: Mark Stapp <mstapp@nvidia.com>
(cherry picked from commit 1f7ab1a2cc)
When rip is configured to work on secondary addresses
on an interface, rip was not properly sending out
the packets on secondary addresses because the source of the
packet was never properly being setup and rip would
send the packet out multiple times for the primary address
not once for each address on the interface that is setup to work.
tcpdump + rip debugs output with fix:
2022/02/15 19:59:50 RIP: [ZG173-BHW0K] turn on virbr0
2022/02/15 19:59:51 RIP: [PYB7S-80D89] multicast join at virbr0
2022/02/15 19:59:51 RIP: [GZR24-FCQGG] multicast request on virbr0
2022/02/15 19:59:51 RIP: [JTNCV-XD8S1] rip_send_packet 192.168.122.1 > 224.0.0.9 (virbr0)
2022/02/15 19:59:51 RIP: [VEJY5-67P5X] SEND to 224.0.0.9520
2022/02/15 19:59:51 RIP: [JTNCV-XD8S1] rip_send_packet 73.3.3.8 > 224.0.0.9 (virbr0)
2022/02/15 19:59:51 RIP: [VEJY5-67P5X] SEND to 224.0.0.9520
19:59:51.831128 IP 192.168.122.1.route > rip2-routers.mcast.net.route: RIPv2, Request, length: 24
19:59:51.831161 IP c-73-3-3-8.hsd1.mo.comcast.net.route > rip2-routers.mcast.net.route: RIPv2, Request, length: 24
Fixes: #10588
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
(cherry picked from commit 114918bd0b)
Add a counter to the number of times a thread is starved from
a timer event and add the output to `show thread cpu`
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
(cherry picked from commit 1dd08c2243)
Conversion of bgp error codes returned for cli input into
an enum and then properly handling all the error cases
in bgp_vty_return.
Because not all error codes returned were properly handled
in this function there existed configuration examples that
were accepted on the cli without an error message but not
saved.
Fixes: #10589
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
(cherry picked from commit 4b7e23e9f2)
BGP_ERR_PEER_GROUP_MEMBER and BGP_ERR_PEER_GROUP_PEER_TYPE_DIFFERENT
both are not handled by bgp_vty_return, but both can be handled by
this function as that there is nothing special going on here.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
(cherry picked from commit 6dcea6fe05)
confederations are checking to see that the bgp pointer
is non-null. But it's impossible to have a null pointer
in the cli and in all paths we have already deref'ed the bgp
pointer. Let's remove that error code as that it is impossible
to happen.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
(cherry picked from commit 8b4a0b6631)
Add a 15 minute warning to the logging system when
bgp policy is not setup properly. Operators keep asking
about the missing policy( on upgrade typically ). Let's
try to give them a bit more of a hint when something is
going wrong as that they are clearly missing the other
various places FRR tells them about it.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
(cherry picked from commit b17826b715)
There are singline-line commands inside `router bgp` that start with
`vnc ` or `bmp `. Those commands are currently treated as node-entering
commands. We need to specify such commands more precisely.
Fixes#10548.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
(cherry picked from commit 57692f125e)
bgp_attr_default_set creates a new empty aspath. If family error happens,
this aspath is not freed. Move attr initialization after we checked the
family.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
(cherry picked from commit 606c3f9fb2)
aspth_empty a couple of lines earlier creates an aspath and it must be
freed.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
(cherry picked from commit afb254d792)
Using memcmp is wrong because struct ipaddr may contain unitialized
padding bytes that should not be compared.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
(cherry picked from commit 60cda04dda)
Currently "range" command can only accept `cost` or `substitute`
individually, and `show running` will mix them.
So need make it accept mixed form with both of them, otherwise
configuration file in mixed form will fail to start.
Signed-off-by: anlan_cs <vic.lan@pica8.com>
(cherry picked from commit ec88a72a37)
isis_tlvs.c would fail at multiple places if incorrect TLVs were
received causing stream assertion violations.
This patch fixes the issues by adding missing length checks, missing
consumed length updates and handling malformed Segment Routing subTLVs.
Signed-off-by: Juraj Vijtiuk <juraj.vijtiuk@sartura.hr>
Small adjustments by Igor Ryzhov:
- fix incorrect replacement of srgb by srlb on lines 3052 and 3054
- add length check for ISIS_SUBTLV_ALGORITHM
- fix conflict in fuzzing data during rebase
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
(cherry picked from commit 9ba865f54d)
Multiple deletions from the hash_walk or hash_iteration calls
during a single invocation of the passed in function can and
will cause the program to crash. Warn against doing such a
thing.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
(cherry picked from commit 341743ac5b)
I'm seeing this crash in various forms:
Program terminated with signal SIGSEGV, Segmentation fault.
50 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
[Current thread is 1 (Thread 0x7f418efbc7c0 (LWP 3580253))]
(gdb) bt
(gdb) f 4
267 (*func)(hb, arg);
(gdb) p hb
$1 = (struct hash_bucket *) 0x558cdaafb250
(gdb) p *hb
$2 = {len = 0, next = 0x0, key = 0, data = 0x0}
(gdb)
I've also seen a crash where data is 0x03.
My suspicion is that hash_iterate is calling zebra_nhg_sweep_entry which
does delete the particular entry we are looking at as well as possibly other
entries when the ref count for those entries gets set to 0 as well.
Then we have this loop in hash_iterate.c:
for (i = 0; i < hash->size; i++)
for (hb = hash->index[i]; hb; hb = hbnext) {
/* get pointer to next hash bucket here, in case (*func)
* decides to delete hb by calling hash_release
*/
hbnext = hb->next;
(*func)(hb, arg);
}
Suppose in the previous loop hbnext is set to hb->next and we call
zebra_nhg_sweep_entry. This deletes the previous entry and also
happens to cause the hbnext entry to be deleted as well, because of nhg
refcounts. At this point in time the memory pointed to by hbnext is
not owned by the pthread anymore and we can end up on a state where
it's overwritten by another pthread in zebra with data for other incoming events.
What to do? Let's change the sweep function to a hash_walk and have
it stop iterating and to start over if there is a possible double
delete operation.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
(cherry picked from commit 07b9ebca65)
Using memcmp is wrong because struct nexthop may contain unitialized
padding bytes that should not be compared.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
(cherry picked from commit e4190ca4ab)
This patch repairs the checking conditions on length in four functions:
babel_packet_examin, parse_hello_subtlv, parse_ihu_subtlv, and parse_update_subtlv
Signed-off-by: qingkaishi <qingkaishi@gmail.com>
(cherry picked from commit c3793352a8)
`show ip pim assert` shows S,G ifchannel information even when
there is no information available about the assert process.
Fix the code to not dump non-interesting cases.
Fixes: 10462
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
(cherry picked from commit 35e5ef55f1)
In all places that pim_nht_bsr_del is called, the code
needs to not unregister if the current_bsr is INADDR_ANY.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
(cherry picked from commit 5f010b1205)
