If VRF is not found by the given name, validate it and return an error.
Fixes: 76b2bc97e7 ("staticd: Accept full blackhole typed keywords for ip_route_cmd")
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
The previous change to assume() did address the coverity warning about
one direction of the shift in HASH_KEY, let's constrain the other in
HASH_SIZE as well.
To be fair, the hash table *will* break at 1G entries, but at that point
we have other problems RAM-wise. (Could bump the thing to 64-bit, but
then we need better item hash functions too on every single user.)
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Use oil_incoming_vif instead of oil_parent. I had
to go look this up as that I failed to remember that
the linux kernel calls this parent for some bizarre
reason.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
currently snmpwalk give results such :
BGP4V2-MIB::bgp4V2PeerRemoteAddrType.1.ipv6z.10.125.0.2 = INTEGER: ipv4(1)
BGP4V2-MIB::bgp4V2PeerRemoteAddrType.2.dns.253.0.1.37.0.0.0.0.0.0.0.0.0.0.0.3 = INTEGER: ipv6(2)
BGP4V2-MIB::bgp4V2PeerRemoteAddr.1.ipv6z.10.125.0.2 = Hex-STRING: 0A 7D 00 02
BGP4V2-MIB::bgp4V2PeerRemoteAddr.2.dns.253.0.1.37.0.0.0.0.0.0.0.0.0.0.0.3 = Hex-STRING: FD 00 01 25 00 00 00 00 00 00 00 00 00 00 00 03
the expected result is the following
BGP4V2-MIB::bgp4V2PeerRemoteAddrType.1.ipv4.10.125.0.2 = INTEGER: ipv4(1)
BGP4V2-MIB::bgp4V2PeerRemoteAddrType.1.ipv6.253.0.1.37.0.0.0.0.0.0.0.0.0.0.0.3 =
INTEGER: ipv6(2)
BGP4V2-MIB::bgp4V2PeerRemoteAddr.1.ipv4.10.125.0.2 = Hex-STRING: 0A 7D 00 02
BGP4V2-MIB::bgp4V2PeerRemoteAddr.1.ipv6.253.0.1.37.0.0.0.0.0.0.0.0.0.0.0.3 = Hex
-STRING: FD 00 01 25 00 00 00 00 00 00 00 00 00 00 00 03
in draft-ietf-idr-bgp4-mibv2-11
INDEX for Bgp4V2PeerEntry is define as follows
INDEX {
bgp4V2PeerInstance,
bgp4V2PeerRemoteAddrType,
bgp4V2PeerRemoteAddr
}
the peer instance is defined as follows
OBJECT bgp4V2PeerInstance
SYNTAX Unsigned32 (1..4294967295)
more this interpretation is conformant with the snmpwalk implementation
for instance we obtain the following result
swBgp.bgp4V2.bgp4V2Objects.bgp4V2PeerTable.bgp4V2PeerEntry.bgp4V2PeerRemotePort.1.ipv6.253.0.1.37.0.0.0.0.0.0.0.0.0.0.0.3 = Gauge32: 179
swBgp.bgp4V2.bgp4V2Objects.bgp4V2PeerTable.bgp4V2PeerEntry.bgp4V2PeerRemoteAs.1.ipv4.10.125.0.2 = Gauge32: 65200
since currently we are not supporting multi instance for bgp peer in
SNMP the bgp4V2PeerInstance value is set to 1 coforming to:
"Implementations that do not support multiple routing instances should return 1 for this object."
test is updated accordingly to fix.
currently index for bgp4V2NlriEntry is not coformant to MIB definition
Signed-off-by: Francois Dumontet <francois.dumontet@6wind.com>
currently an snmpwalk gives:
BGP4V2-MIB::bgp4V2PeerFsmEstablishedTime.1.ipv6z.10.125.0.2 = Gauge32: 103 seconds
BGP4V2-MIB::bgp4V2PeerFsmEstablishedTime.2.dns.253.0.1.37.0.0.0.0.0.0.0.0.0.0.0.3 = Gauge32: 103 seconds
but ipv6z and dns are not the valid address type this must be ipv4 and
ipv6.
Signed-off-by: Francois Dumontet <francois.dumontet@6wind.com>
snmpwalk exhibit the followinfg errors:
BGP4V2-MIB::bgp4V2PeerLastErrorReceivedTime.1.ipv6z.10.125.0.2 = Wrong Type (should be Timeticks): Gauge32: 0
BGP4V2-MIB::bgp4V2PeerLastErrorReceivedTime.2.dns.253.0.1.37.0.0.0.0.0.0.0.0.0.0.0.3 = Wrong Type (should be Timeticks): Hex-STRING: 00 00 00 00 00 00 00 00
BGP4V2-MIB::bgp4V2PeerLastErrorSentTime.1.ipv6z.10.125.0.2 = Wrong Type (should be Timeticks): Gauge32: 178
BGP4V2-MIB::bgp4V2PeerLastErrorSentTime.2.dns.253.0.1.37.0.0.0.0.0.0.0.0.0.0.0.3 = Wrong Type (should be Timeticks): Hex-STRING: B2 00 00 00 00 00 00 00
Error: OID not increasing: BGP4V2-MIB::bgp4V2NlriIndex.1.4.10.200."".0.24.10.125.0.2
>= BGP4V2-MIB::bgp4V2NlriIndex.1.4.10.200."".0.24."".0.0.0
draft-ietf-idr-bgp4-mibv2-11 states the following
bgp4V2PeerLastErrorReceivedTime OBJECT-TYPE
SYNTAX TimeStamp
bgp4V2PeerLastErrorSentTime OBJECT-TYPE
SYNTAX TimeStamp
we set the correct values
Signed-off-by: Francois Dumontet <francois.dumontet@6wind.com>
To show the TCP MSS value per neighbor you have to configure it, otherwise you
don't see the actual value.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
GCC 13.2.0 complains:
```
ospf6d/ospf6_intra.c:139:25: error: ‘json_arr’ may be used uninitialized [-Werror=maybe-uninitialized]
ospf6d/ospf6_intra.c:485:20: error: ‘json_arr’ may be used uninitialized [-Werror=maybe-uninitialized]
```
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
This patch includes:
* Implementation of RFC 5709 support in OSPF. Using
openssl library and FRR key-chain,
one can use SHA1, SHA256, SHA384, SHA512 and
keyed-MD5( backward compatibility with RFC 2328) HMAC algs.
* Updating documentation of OSPF
* add topotests for new HMAC algorithms
Signed-off-by: Mahdi Varasteh <varasteh@amnesh.ir>
Null checking the `sra` pointer after dereferencing it causes a
coverity issue. Let's perform the null check before dereferencing the
pointer.
Fixes this coverity issue:
*** CID 1568133: Null pointer dereferences (REVERSE_INULL)
/isisd/isis_zebra.c: 1077 in isis_zebra_srv6_adj_sid_uninstall()
1071 enum seg6local_action_t action = ZEBRA_SEG6_LOCAL_ACTION_UNSPEC;
1072 struct interface *ifp;
1073 uint16_t prefixlen = IPV6_MAX_BITLEN;
1074 struct isis_circuit *circuit = sra->adj->circuit;
1075 struct isis_area *area = circuit->area;
1076
>>> CID 1568133: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "sra" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
1077 if (!sra)
1078 return;
1079
1080 switch (sra->behavior) {
1081 case SRV6_ENDPOINT_BEHAVIOR_END_X:
1082 prefixlen = IPV6_MAX_BITLEN;
Signed-off-by: Carmine Scarpitta <cscarpit@cisco.com>
Null checking the `sra` pointer after dereferencing it causes a
coverity issue. Let's perform the null check before dereferencing the
pointer.
Fixes this coverity issue:
*** CID 1568132: Null pointer dereferences (REVERSE_INULL)
/isisd/isis_zebra.c: 1023 in isis_zebra_srv6_adj_sid_install()
1017 struct seg6local_context ctx = {};
1018 uint16_t prefixlen = IPV6_MAX_BITLEN;
1019 struct interface *ifp;
1020 struct isis_circuit *circuit = sra->adj->circuit;
1021 struct isis_area *area = circuit->area;
1022
>>> CID 1568132: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "sra" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
1023 if (!sra)
1024 return;
1025
1026 sr_debug("ISIS-SRv6 (%s): setting adjacency SID %pI6", area->area_tag,
1027 &sra->sid);
1028
Signed-off-by: Carmine Scarpitta <cscarpit@cisco.com>
Fix this coverity issue:
*** CID 1568129: Null pointer dereferences (REVERSE_INULL)
/isisd/isis_tlvs.c: 2813 in unpack_item_srv6_end_sid()
2807 sid->subsubtlvs = NULL;
2808 }
2809
2810 append_item(&subtlvs->srv6_end_sids, (struct isis_item *)sid);
2811 return 0;
2812 out:
>>> CID 1568129: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "sid" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
2813 if (sid)
2814 free_item_srv6_end_sid((struct isis_item *)sid);
2815 return 1;
2816 }
2817
2818 /* Functions related to TLVs 1 Area Addresses */
Signed-off-by: Carmine Scarpitta <cscarpit@cisco.com>
If we modify as-path with route-map and prepend with private ASNs, then we
advertise a new as-path without stripping private ASNs. Let's fix this, and
remove private ASNs despite if they were sent by the origin or prepended locally.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
When debugging and outputting the oil_parent() let's just
convert it to a string that is useful for people trying
to debug pim
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
When calling daemon_stop() with --quiet and e.g. the pidfile is empty,
it won't return early since while "$fail" is set, "$2" is "--quiet", so
the if condition isn't met and it will continue executing, resulting
in error messages in the log:
> Sep 14 14:48:33 localhost watchfrr[2085]: [YFT0P-5Q5YX] Forked background command [pid 2086]: /usr/lib/frr/watchfrr.sh restart all
> Sep 14 14:48:33 localhost frrinit.sh[2075]: /usr/lib/frr/frrcommon.sh: line 216: kill: `': not a pid or valid job spec
> Sep 14 14:48:33 localhost frrinit.sh[2075]: /usr/lib/frr/frrcommon.sh: line 216: kill: `': not a pid or valid job spec
> Sep 14 14:48:33 localhost frrinit.sh[2075]: /usr/lib/frr/frrcommon.sh: line 216: kill: `': not a pid or valid job spec
Fix this by moving the --quiet check into the block to log_failure_msg(),
and also add the check to all other invocations of log_*_msg() to make
--quiet properly suppress output.
Fixes: 19a99d89f0 ("tools: suppress unuseful warnings during restarting frr")
Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
Add "no" command for pcep pce/pce-config sub-commands, this will mainly
restart configured options to default values.
Signed-off-by: Farid Mihoub <farid.mihoub@6wind.com>
Typesafe hash tables do this:
assume((tabshift) >= 2 && (tabshift) <= 33);
(val) >> (33 - (tabshift));
Sadly, Coverity currently ignores assume() and says:
[...] right shifting by more than 31 bits has undefined behavior.
The shift amount, "33 - h->hh.tabshift", is 33.
Let's see if Coverity understands this can't happen...
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Not sure why this is needed, because it's reset on bgp_connect_success(),
when the session is UP.
When the session is reset, it clears those variables, and we are not able to
see what remote address was before, etc.
hostLocal, hostRemote reports Unknown for `show bgp neighbor json`.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
The 'redistribute table' command can be used by configuration on a
non default BGP instance, but this command does not work for multiple
reasons:
- The route entries configured on a given table are always configured
from the default vrf. This constraint prevents from redistributing a
prefix from the default vrf to an other non default bgp instance.
- The importation of route entries requires 'ip import-table' on vrfs
and this command is not available
Fix this by preventing from configuring this kind of redistribution
on non default bgp instances.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
