Problem:
-------
(*,G) created on transit node where same groups are defined as SSM
At present FRR has SSM checks for IGMP report, but SSM check is missing for PIM join.
Fix:
----
Whenever there is a modification in prefix list for SSM range, then we need to browse the ifchannels (PIM joins)
and groups coming in SSM range with (and *,G) should be removed from ifchannel database and also withdraw those routes
from upstream routers.
Signed-off-by: Sai Gomathi <nsaigomathi@vmware.com>
Problem :
=======
(*,G) created on transit node where same groups are defined as SSM
At present FRR has SSM checks for IGMP report, but SSM check is missing for PIM join.
Fix :
===
When an interface receives the PIM (*,G)join with G as SSM group, then PIMd supposed to discard that join.
There is no need to maintain PIM state for this group.
Signed-off-by: Sai Gomathi <nsaigomathi@vmware.com>
This removes a giant `switch { }` block from lib/zclient.c and
harmonizes all zclient callback function types to be the same (some had
a subset of the args, some had a void return, now they all have
ZAPI_CALLBACK_ARGS and int return.)
Apart from getting rid of the giant switch, this is a minor security
benefit since the function pointers are now in a `const` array, so they
can't be overwritten by e.g. heap overflows for code execution anymore.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
It allows FRR to read the interface config even when the necessary VRFs
are not yet created and interfaces are in "wrong" VRFs. Currently, such
config is rejected.
For VRF-lite backend, we don't care at all about the VRF of the inactive
interface. When the interface is created in the OS and becomes active,
we always use its actual VRF instead of the configured one. So there's
no need to reject the config.
For netns backend, we may have multiple interfaces with the same name in
different VRFs. So we care about the VRF of inactive interfaces. And we
must allow to preconfigure the interface in a VRF even before it is
moved to the corresponding netns. From now on, we allow to create
multiple configs for the same interface name in different VRFs and
the necessary config is applied once the OS interface is moved to the
corresponding netns.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
FRR should only ever use the appropriate THREAD_ON/THREAD_OFF
semantics. This is espacially true for the functions we
end up calling the thread for.
Signed-off-by: Donatas Abraitis <donatas.abraitis@gmail.com>
Deleting a mesh-group member no longer deletes the mesh-group.
Complete bug description at:
https://github.com/FRRouting/frr/issues/9664
Signed-off-by: Adriano Marto Reis <adrianomarto@gmail.com>
This `XFREE()` call is in plainly in the wrong spot. `rp_all` (the
224.0.0.0/4 entry) isn't supposed to be free'd ever, and the
conditional above makes quite clear that it remains in use.
It may be possible to exploit this as a heap corruption bug, maybe even
as RCE. I haven't tried; I randomly noticed this while working on the
BSM code. Luckily this code is only run by the CLI for the clear
command, so the surface is very small.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
pim_msdp_peer_rpf_check creates an nexthop to do
a rpf search against and doesn't initialize it
sucht that the pim_nexthop_lookup function is
making decisions against the nexthop just
created that was uninitialized.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
This makes a lot more sense semantically (and matches the way groups are
handled.) Also allows placing additional restrictions on source
creation (e.g. limit on number of sources or ACLs.)
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Intentionally separate here because the previous patch does a whole
bunch of "move stuff up 1 level of indentation", and reviewing that is
easier when you can use the ignore-whitespace option on diff.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
IGMP group/source memberships are a property of the interface; the
particular IP address that the querier used to collect the data is
irrelevant.
... and IGMP packets get delivered only once to pimd anyway, since we
receive them on the "global" per-VRF IGMP socket. (The one in igmp_sock
is only used for sending queries.)
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
pimd's include files are very interdependent. Let's chop that down a
bit to gain some flexibility.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Problem
======
In pim_msg_send_frame api, the while loop was executed only once.
Fix
===
while is changed to if, as in the code flow
the while part is getting executed only once.
Signed-off-by: Sai Gomathi <nsaigomathi@vmware.com>
Problem :
=======
When all the groups from Ixia are stopped,
groups still keep refreshing and not getting timeout
RCA:
====
IGMP Report is coming in include mode without any source address, this problem will come.
Fix :
===
If the requested filter mode is INCLUDE *and* the requested
source list is empty, then the entry corresponding to the
requested interface and multicast address is deleted if present.
If no such entry is present, the request is ignored.
When an interface receives the IGMP report without any source, then the group is deleted.
Signed-off-by: Sai Gomathi <nsaigomathi@vmware.com>
There is a possibility that the same line can be matched as a command in
some node and its parent node. In this case, when reading the config,
this line is always executed as a command of the child node.
For example, with the following config:
```
router ospf
network 193.168.0.0/16 area 0
!
mpls ldp
discovery hello interval 111
!
```
Line `mpls ldp` is processed as command `mpls ldp-sync` inside the
`router ospf` node. This leads to a complete loss of `mpls ldp` node
configuration.
To eliminate this issue and all possible similar issues, let's print an
explicit "exit" at the end of every node config.
This commit also changes indentation for a couple of existing exit
commands so that all existing commands are on the same level as their
corresponding node-entering commands.
Fixes#9206.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
While defaults are good picks for "reasonable" guesses, min and max
range values really aren't. Operators and experimenters often like to
configure "unreasonable" values to stress test, tests boundary
conditions and explore innovations.
With that in mind, change all ranges to 1..max (of type).
While we're here add optional ignored values in the "no" CLI forms.
Signed-off-by: Christian Hopps <chopps@labn.net>
Problem Statement:
==================
IGMP query is sent at irregular intervals
(more than 30 seconds) when "ip igmp query-max-response-time 100"
command is executed multiple times.
RCA:
=================
When "ip igmp query-max-response-time 100" is executed, the timers
are reset resulting in the delay of sending the query.
Fix:
=================
When there is no change in the config value, we should not reset
the timers.
Signed-off-by: Mobashshera Rasool <mrasool@vmware.com>
When we decide that we do not need a item on the partial_bsrp_list
don't just drop the memory on the floor, free it up.
This was happening when we decided that a pending item has
a hold time of 0.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
Some no commands were not accepting values and left us in
a situation where a cut-n-paste of the non-no line would
not be properly accepted.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
The only difference in daemons' interface node definition is the config
write function. No need to define the node in every daemon, just pass
the callback as an argument to a library function and define the node
there.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
This commit is to correct the order in which the fields are
accessed while verifying it. First the fields should be
verified, and if it is valid then access it.
Signed-off-by: Mobashshera Rasool <mrasool@vmware.com>
Allow the join-prune interval to be as small as 5 seconds instead
of limiting the value to 60.
This can and will come at a price of being able to converge less
mroutes.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
IGMPv3 packets with invalid TOS should be dropped.
Test Case ID: 4.10
TEST_DESCRIPTION
Every IGMP message described in this document is sent with
IP Precedence of Internetwork Control (e.g., Type of Service
0xc0)
(Tests that IGMPv3 Membership Query Message conforms to
above statement)
TEST_REFERENCE
NEGATIVE: RFC 3376, IGMP Version 3, s4 p7 Message Formats
Issue: #9071
Signed-off-by: Mobashshera Rasool <mrasool@vmware.com>
