While populating the nexthop info for "show bgp nexthop json", resolvedPrefix
is added in parent json object instead of json_nexthop object.
This results in displaying wrong resolvedPrefix for nexthops.
Fixing the same by adding resolvedPrefix to json_nexthop object, so that
the proper resolvedPrefix would be displayed for the respective nexthop
Signed-off-by: Krishnasamy R <krishnasamyr@nvidia.com>
A redistribute cmd can have a route-map attached to it and adding the
match source-protocol to that route-map means BGP to filter which
protocol routes to accept among the bunch of routes zebra is sending.
Fixing this since this wasnt implemented earlier.
Ticket :#4119692
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
Signed-off-by: Rajasekar Raja <rajasekarr@nvidia.com>
Test Scenario:
RouterA and RouterB are in the same routing domain and have configured a P2P link. RouterA is configured with "is-type level-1" while RouterB is configured with "is-type level-1-2". They establish a level-1 UP neighborship. In this scenario, we expect that when RouterB's configuration is switched to "is-type level-2-only", the neighborship status on both RouterA and RouterB would be non-UP. However, RouterB still shows the neighbor as UP.
Upon receiving a P2P Hello packet, the function "process_p2p_hello" is invoked. According to the ISO/IEC 10589 protocol specification, section 8.2.5.2 a) and tables 5 and 7, if the "iih->circ_type" of the neighbor's hello packet does not match one's own "circuit->is_type," we may choose to take no action.
When establishing a neighborship for the first time, the neighbor's status can remain in the "Initializing" state. However, if the neighborship has already been established and one's own "circuit->is_type" changes, the neighbor's UP status cannot be reset. Therefore, when processing P2P Hello packets, we should be cognizant of changes in our own link adjacency type.
Topotest has identified a core issue during testing.
(gdb) bt
"#0 0xb7efe579 in __kernel_vsyscall ()
\#1 0xb79f62f7 in ?? ()
\#2 0xbf981dd0 in ?? ()
\#3 <signal handler called>
\#4 0xb79f7722 in ?? ()
\#5 0xb7ed8634 in _DYNAMIC () from /home/z15467/isis_core/usr/lib/i386-linux-gnu/frr/libfrr.so.0.0.0
\#6 0x0001003c in ?? ()
\#7 0x00010000 in ?? ()
\#8 0xb7df3322 in _frr_mtx_lock (mutex=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>) at ../lib/frr_pthread.h:255
\#9 event_timer_remain_msec (thread=0x10000) at ../lib/event.c:734
\#10 event_timer_remain_msec (thread=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>) at ../lib/event.c:727
\#11 0x004fb4aa in _send_hello_sched (circuit=<optimized out>, threadp=0x2189de0, level=1, delay=<optimized out>) at ../isisd/isis_pdu.c:2116
\#12 0x004e8dbc in isis_circuit_up (circuit=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>) at ../isisd/isis_circuit.c:734
\#13 0x004ea8f7 in isis_csm_state_change (event=<optimized out>, circuit=<optimized out>, arg=<optimized out>) at ../isisd/isis_csm.c:98
\#14 0x004ea23f in isis_circuit_circ_type_set (circuit=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>,
circ_type=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>) at ../isisd/isis_circuit.c:1578
\#15 0x0053aefa in lib_interface_isis_network_type_modify (args=<optimized out>) at ../isisd/isis_nb_config.c:4190
\#16 0xb7dbcc8d in nb_callback_modify (errmsg_len=8192, errmsg=0xbf982afc "", resource=0x2186220, dnode=<optimized out>, event=NB_EV_APPLY, nb_node=0x1fafe70, context=<optimized out>)
at ../lib/northbound.c:1550
\#17 nb_callback_configuration (context=<optimized out>, event=NB_EV_APPLY, change=<optimized out>, errmsg=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>,
errmsg_len=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>) at ../lib/northbound.c:1900
\#18 0xb7dbd646 in nb_transaction_process (errmsg_len=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>,
errmsg=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>, transaction=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>,
event=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>) at ../lib/northbound.c:2028
\#19 nb_candidate_commit_apply (transaction=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>,
save_transaction=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>,
transaction_id=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>, errmsg=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>,
errmsg_len=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>) at ../lib/northbound.c:1368
\#20 0xb7dbdd68 in nb_candidate_commit (context=..., candidate=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>,
save_transaction=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>,
comment=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>, transaction_id=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>,
errmsg=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>, errmsg_len=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>)
at ../lib/northbound.c:1401
\#21 0xb7dc0cff in nb_cli_classic_commit (vty=vty@entry=0x21d6940) at ../lib/northbound_cli.c:57
\#22 0xb7dc0f46 in nb_cli_apply_changes_internal (vty=vty@entry=0x21d6940, xpath_base=xpath_base@entry=0xbf986b7c "/frr-interface:lib/interface[name='r5-eth0']", clear_pending=clear_pending@entry=false)
at ../lib/northbound_cli.c:184
\#23 0xb7dc130b in nb_cli_apply_changes (vty=<optimized out>, xpath_base_fmt=<optimized out>) at ../lib/northbound_cli.c:240
\#24 0x00542c1d in isis_network_magic (self=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>, argc=<optimized out>,
argv=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>, no=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>,
vty=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>) at ../isisd/isis_cli.c:3101
\#25 isis_network (self=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>, vty=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>,
argc=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>, argv=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>)
at ./isisd/isis_cli_clippy.c:5499
\#26 0xb7d6d8f1 in cmd_execute_command_real (vline=vline@entry=0x219afa0, vty=vty@entry=0x21d6940, cmd=cmd@entry=0x0,
up_level=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>) at ../lib/command.c:1003
\#27 0xb7d6d9e0 in cmd_execute_command (vline=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>,
vty=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>, cmd=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>,
vtysh=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>) at ../lib/command.c:1061
\#28 0xb7d6dc60 in cmd_execute (vty=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>,
cmd=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>, matched=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>,
vtysh=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>) at ../lib/command.c:1228
\#29 0xb7dfb58a in vty_command (vty=vty@entry=0x21d6940, buf=0x21e0ff0 ' ' <repeats 12 times>, "isis network point-to-point") at ../lib/vty.c:625
\#30 0xb7dfc560 in vty_execute (vty=vty@entry=0x21d6940) at ../lib/vty.c:1388
\#31 0xb7dfdc8d in vtysh_read (thread=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>) at ../lib/vty.c:2400
\#32 0xb7df4d47 in event_call (thread=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>) at ../lib/event.c:2019
\#33 0xb7d9a831 in frr_run (master=<optimized out>) at ../lib/libfrr.c:1232
\#34 0x004e4758 in main (argc=7, argv=0xbf989a24, envp=0xbf989a44) at ../isisd/isis_main.c:354
(gdb) f 9
\#9 event_timer_remain_msec (thread=0x10000) at ../lib/event.c:734
734 ../lib/event.c: No such file or directory.
(gdb) p pthread
No symbol "pthread" in current context.
(gdb) p thread
$1 = (struct event *) 0x10000
When LAN links and P2P links share the` circuit->u` of a neighbor, if one link is no longer in use and the union is not cleared, the other link is unable to pass the non-empty check, resulting in accessing an invalid pointer. Unfortunately, for non-DIS devices in LAN links, `circuit->u.bc.run_dr_elect[x]` is essentially always 1, but in `isis_circuit_down()`,` circuit->u.bc.run_dr_elect[x] `will not be cleared because `circuit->u.bc.is_dr[x]` is always 0. Consequently, when switching to a P2P link, `isis_circuit_circ_type_set()` does not reset the link in a non-C_STATE_UP state, leading to subsequent accesses of `circuit->u.p2p.t_send_p2p_hello` resulting in a non-empty yet invalid address.
I believe that in `isis_circuit_down()`, the LAN link should unconditionally clear `circuit->u.bc.run_dr_elect[x]`.
Signed-off-by: zhou-run <zhou.run@h3c.com>
CID 1601478: Uninitialized variables (UNINIT)
Using uninitialized value "mbefore.real.tv_usec" when calling "event_consumed_time".
Fixes: 3e3a666331 ("lib: Add ability to track time in individual routemaps")
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
We have the support of PCRE2 since 061f5d1cb4.
Also we already do this for containers (docker images).
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
We have this:
if ( (safi == SAFI_UNICAST) && ...)
do stuff
if ( (safi == SAFI_MPLS_VPN) && ... )
do stuff
this leads to having to test safi multiple times if safi is
SAFI_UNICAST. Let's make it a else if as that we know that
the safi is going to not change.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
In an attempt to make the code faster let's just pass
in the prefix instead of having to do a lookup a majillion
times again after we already have it.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
Without this patch we set only the first path for the route (if multiple exist)
as LLGR stale and stop doing that for the rest of the paths, which is wrong.
Fixes: 1479ed2fb3 ("bgpd: Implement LLGR helper mode")
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
We iterated over all bgp_path_info's, but once we remove the path, we didn't
check for other paths under the same bgp_dest.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
Not really used, but since we have it, let's update it as a pointer.
This event comes from https://datatracker.ietf.org/doc/html/rfc9687
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
When shutdown a LAN-type circuit, and if the current device is not the DIS (assuming it is a level-1 device), the isis_circuit_down() function will not call the isis_dr_resign() function to clear the circuit->u.bc.run_dr_elect[0] bit (this bit is set on interfaces in the isis_run_dr() function). After switching the link to a P2P type, since u.p2p and u.bc form a union, and circuit->u.bc.snpa = "\000\000\000\000\000" and circuit->u.bc.run_dr_elect = "\001", this results in circuit->u.p2p.neighbor = 0x1000000000000. Consequently, the value of adj->sysid accesses a wild pointer, causing the current crash.
The backtrace is as follows:
(gdb) bt
#0 0x00007fbd30e55fe1 in raise () from /lib/x86_64-linux-gnu/libpthread.so.0
#1 0x00007fbd30f76b29 in core_handler (signo=11, siginfo=0x7ffc60b7a270,
context=0x7ffc60b7a140) at ../lib/sigevent.c:261
#2 <signal handler called>
#3 0x00007fbd30dddba4 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#4 0x0000562aec46617f in isis_spf_run_lfa (area=0x562aee3a56d0, spftree=0x562aee3a51a0)
at ../isisd/isis_lfa.c:2403
#5 0x0000562aec483854 in isis_run_spf_with_protection (area=0x562aee3a56d0,
spftree=0x562aee3a51a0) at ../isisd/isis_spf.c:1891
#6 0x0000562aec483b05 in isis_run_spf_cb (thread=0x7ffc60b7b000)
at ../isisd/isis_spf.c:1953
#7 0x00007fbd30f900bb in thread_call (thread=0x7ffc60b7b000) at ../lib/thread.c:1990
#8 0x00007fbd30f2897b in frr_run (master=0x562aee0833c0) at ../lib/libfrr.c:1198
#9 0x0000562aec454d6d in main (argc=5, argv=0x7ffc60b7b228, envp=0x7ffc60b7b258)
at ../isisd/isis_main.c:273
(gdb) f 4
#4 0x0000562aec46617f in isis_spf_run_lfa (area=0x562aee3a56d0, spftree=0x562aee3a51a0)
at ../isisd/isis_lfa.c:2403
2403 ../isisd/isis_lfa.c: No such file or directory.
(gdb) p circuit->u.p2p.neighbor
$1 = (struct isis_adjacency *) 0x1000000000000
(gdb) p adj->sysid
Cannot access memory at address 0x1000000000006
(gdb) p circuit->u.bc
$2 = {snpa = "\000\000\000\000\000", run_dr_elect = "\001", t_run_dr = {0x0, 0x0},
t_send_lan_hello = {0x0, 0x0}, adjdb = {0x0, 0x0}, lan_neighs = {0x0, 0x0},
is_dr = "\000", l1_desig_is = "\000\000\000\000\000\000",
l2_desig_is = "\000\000\000\000\000\000", t_refresh_pseudo_lsp = {0x0, 0x0}}
(gdb)
The backtrace provided above pertains to version 8.5.4, but it seems that the same issue exists in the code of the master branch as well.
Signed-off-by: baozhen-H3C <bao.zhen@h3c.com>
Fix defect flagged by Coverity:
*** CID 1599957: Null pointer dereferences (REVERSE_INULL)
/ospf6d/ospf6_intra.c: 581 in ospf6_link_lsa_get_prefix_str()
575 int buflen, int pos)
576 {
577 struct ospf6_link_lsa *link_lsa = lsa_after_header(lsa->header);
578 struct ospf6_prefix *prefix = nth_prefix(lsa->header, pos);
579 struct in6_addr in6 = { 0 };
580
>>> CID 1599957: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "lsa" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
581 if (!lsa || !prefix || !buf || buflen < (1 + INET6_ADDRSTRLEN))
582 return NULL;
583
584 /* position zero is used for the lladdr in the body of the LSA */
585 if (pos == 0) {
586 inet_ntop(AF_INET6, &link_lsa->linklocal_addr, buf, buflen);
The check for lsa being not-null happens in ospf6_lsdb_show() and
first dereference happens in ospf6_lsa_show_summary()
Signed-off-by: Andrew Cooks <acooks.at.bda@gmail.com>
Add the abilty to track how much time is spent in routemaps.
Example of the new output:
eva# show route-map
ZEBRA:
route-map: FOO Invoked: 1000000 (323 milliseconds total) Optimization: enabled Processed Change: false
deny, sequence 10 Invoked 1000000 (320 milliseconds total)
Match clauses:
Set clauses:
Call clause:
Action:
Exit routemap
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
Add a basic topology that allows the testing of BGP and zebra
at scale. I built this to help me find and fix problems with
a large number of bgp peers. Since I plan to keep using this
and as I understand it there are future plans to take this
higher, I would like to add this as a test that people can invoke
with this command:
sudo -E python3 -m pytest -s -vv --topology-only
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
Under certain timing conditions, the current logic asserts in
ospf_lsa_refresh_delay(). While this isn't readily reproducible,
the only explanation is that the conversion from struct timeval
to milliseconds is 0 due to rounding off the microseconds.
Signed-off-by: Acee <aceelindem@gmail.com>
Currently when doing a `show ip route table XXXX`, zebra is displaying
the current default vrf as the vrf we are in. We are displaying a
table not a vrf. This is only true if you are not using namespace
based vrf's, so modify the output to display accordingly.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
