Changelog:
bgpd
"default-originate" shouldn't withdraw non-default routes
Aggr summary-only suppressed export to evpn
Allow using optional table id for negative `no set table x` command
Arrange peer notification to after zebra announce
Check bgp evpn instance presence in soo
Convert the bgp_advertise_attr->adv to a fifo
Do not show tcp mss if the socket is broken
Ensure bgp does not stop monitoring nexthops
Ensure community data is freed in some cases.
Ensure that the correct aspath is free'd
Fix `match peer` when switching between ipv4/ipv6/interface
Fix `no set as-path prepend asnum...`
Fix bgp_best_selection heap-use-after-free
Fix crash when deleting the srv6 locator
Fix display when using `missing-as-worst`
Fix dynamic peer graceful restart race condition
Fix ecommunity_fill_pbr_action heap-buffer-overflow
Fix error handling when receiving bgp prefix sid attribute
Fix errors handling for mp/gr capabilities as dynamic capability
Fix format overflow for graceful-restart debug logs
Fix logging message when receiving a software version capability
Fix no bgp as-path access-list issue
Fix route-map match probability deconfiguration callback
Fix srv6 memory leak detection
Fix the order of null check and zapi decode
Fix vrf leaking with 'no bgp network import-check
Free memory for srv6 functions and locator chunks
Ignore validating the attribute flags if path-attribute is configured
Include unsuppress-map as a valid outgoing policy
Lttng tp add evpn route events
Make `suppress-fib-pending` clear peering
Note when receiving but not understanding a route notification
Prevent from one more cve triggering this place
Set correct ttl for the dynamic neighbor peers
Update default-originate route-map actual map structure
Revert "Fix pointer arithmetic in bgp snmp module"
doc
Add param range for graceful-restart helper supported-grace-time
Remove duplicated show route-map
isisd
Fix _isis_spftree_del heap-use-after-free
Fix dislaying lsp id
Fix heap-after-free with prefix sid
Fix ip/ipv6 reachability tlvs
lib
Check for not being a blackhole route
Fix show route map json output
Do not convert evpn prefixes into ipv4/ipv6 if not needed
Replace deprecated ares_gethostbyname
Replace deprecated ares_process()
nhrpd
Fix nhrp_peer leak
Fix race condition
Fix core dump on shutdown
ospf6d
Ospfv3 route change comparision fixed for asbr-only change
Prevent heap-buffer-overflow with unknown type
ospfd
Add support for "no router-info [<area|as>] command"
Can not delete "segment-routing node-msd" when sr if off
Correct lsa parser which fulfill the ted
Correct opaque lsa extended parser
Correct sid check size
Fix ospf dead-interval minimal hello-multiplier param range
Fix the bug where ip_ospf_dead-interval_minimal_hello-multiplier did not reset hello timer
Protect call to get_edge() in ospf_te.c
Solved crash in ospf te parsing
Solved crash in ri parsing with ospf te
Revert "Fix some dicey pointer arith in snmp module"
pbrd
Fix map seq installed flag in json
Fix pbr handling for last rule deletion
pimd
Fix crash unconfiguring rp keepalive timer
Fix crash when configuring ssmpingd
Fix dr-priority range
Fix null register before aging out reg-stop
Fix order of operations for evaluating join
Re-evaluated s,g oils upon rp changes and for empty sg upstream oils
Fix crash when mixing ssm/any-source joins
staticd
Fix changing to source auto in bfd monitor
tests
Check for 0.0.0.0/1 in bgp_default_route
Check if ibgp session can drop invalid aigp attribute
Extend tests for aspath exclude
Update ospf te topotests
tools
Apply black formatting for tools/frr-reload.py
Fix frr-reload interface desc cmd
Fix frr-reload multiple no description cmds
Fix frr-reload multiple no description cmds
Use error log level when failing to execute commands via frr-reload.py
topotests
Do not check table version
Redispatch tests in bfd_topo3
Test wrong bfd source in bfd_topo3
Vpnv4 route leaking with no import-check
vtysh
Show `ip ospf network ...` even if it's not the same as the interface type
zebra
Add missing whitespace when printing route entry status
Deny the routes if ip protocol cli refers to an undefined rmap
Don't deref vxlan-vni array
Fix crash if macvlan link in another netns
Fix crash on macvlan link down/up
Fix evpn svd based remote nh neigh del
Fix mpls command
Fix route deletion during zebra shutdown
The dplane_fpm_nl return path leaks memory
Signed-off-by: Jafar Al-Gharaibeh <jafar@atcorp.com>
Without this, the Debian package build fails because dplane_sample_plugin.so gets compiled but not installed.
Signed-off-by: Martin Buck <mb-tmp-tvguho.pbz@gromit.dyndns.org>
The tar.xz dist tarball doesn't exist for new releases.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
(cherry picked from commit 5a1130213c)
Github changed the HTML for their releases tab, making download links a
javascript thing. Which does not jive with uscan... at all...
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
(cherry picked from commit 3c185cf70c)
Apparently now the binary filename is after the item...
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
(cherry picked from commit f032ce0a66)
Already done for existing python scripts in the install, just need to
add new .py files.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
(cherry picked from commit 03cef39003)
The debian/watchfrr.rc file was not install, so we just remove the cruft.
Signed-off-by: Ondřej Surý <ondrej@sury.org>
(cherry picked from commit 5632ff61df)
These two build-deps are for compile-time tools and thus need to be
marked :native.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
(cherry picked from commit e9f0af06c9)
This allows e.g. "sbuild --host=arm64" to build packages for other
architectures on, say, fat amd64 servers. As a side effect, the Debian
build uses a separate builddir, which helps noting issues on that front.
Signed-off-by: David Lamparter <equinox@diac24.net>
(cherry-picked from commit d1312e009b)
8.4 Release Overview
- New BGP [command](https://docs.frrouting.org/en/latest/bgp.html#clicmd-neighbor-A.B.C.D-X-X-X-X-WORD-soo-EXTCOMMUNITY) (`neighbor PEER soo`) to configure SoO to prevent routing loops and suboptimal routing on dual-homed sites.
- Command `debug bgp allow-martian` replaced to `bgp allow-martian-nexthop` because previously we allowed using martian next-hops when debug is turned on.
- Implement `BGP Prefix Origin Validation State Extended Community` [rfc8097](https://datatracker.ietf.org/doc/rfc8097/)
- Implement `Route Leak Prevention and Detection Using Roles in UPDATE and OPEN Messages` [rfc9234](https://datatracker.ietf.org/doc/rfc9234/)
- BMP L3VPN support
- PIMv6 support
- MLD support
- New [command](https://docs.frrouting.org/en/latest/basic.html#clicmd-allow-reserved-ranges) to enable using reserved IPv4 ranges as normal addresses for BGP next-hops, interface addresses, etc.
- As usual, lots of bugs and memory leaks were fixed \m/
Changelog
---------
**babeld**
- Ignore Sub-TLV's with mandatory bit set
- Ignore unicast Hello's
**bfdd**
- Add IPv4 BFD Echo support
- Add RTT to BFD IPv4 Echo packet processing
- Allow L3 VRF BFD sessions without UDP leaking
**bgpd**
- Add `mpls bgp forwarding` to ease MPLS-VPN EBGP peering
- Add `bgp allow-martian-nexthop` command (remove `debug bgp allow-martian`)
- Add `neighbor soo` command
- Add `no rpki` command
- Add `show bgp access-list` command to filter routes by access-list
- Implement [rfc8097](https://datatracker.ietf.org/doc/rfc8097/)
- Implement [rfc9234](https://datatracker.ietf.org/doc/rfc9234/)
- Add resolution for L3VPN traffic over GRE interfaces
- Allow setting custom port for BGP unnumbered peers
- Allow statistics gathering to give more data about prefix lengths
- Apply conditional advertisements policy to update-group
- Associate appropriate family for redistributed connected addresses
- Avoid notify race between io and main pthreads
- Call a hook when as-path filter is replaced
- Cleanup memory leaks associated with t_deferral_timer
- Do not check if the whole as-path has target asn when using as-override
- Do not print new line for EVPN CLI outputs if it's a JSON
- Do not show polling_period default value in CLI for RPKI
- Don't advertise conditionally withdrawn routes
- Drop SSH public key for RPKI CLI option
- Fix `show bgp nexthop a.b.c.d`
- Fix for `aggregate-address summary-only matching-med-only`
- Fix inconsistencies with default-originate route-map
- Fix memory leak for `as-override`
- Fix memory leak for `set as-path replace` route-map command
- Fix memory leak for community alias
- Fix memory leak for community stuff
- Fix memory leak in SRv6 locator
- Fix memory leak when an SRv6 sid is removed
- Fix memory leak when setting [l]community at the egress
- Fix route-map update and delete route-map
- Fix `show bgp l2vpn evpn route rd` crash
- Fix the wrong next-hop BGP struct for next-hop validation
- Fixed BMP VPNv4 monitoring are withdrawn instead of updates
- Fixup PBR rule changes that were missed
- Fixup some MAC address token CLI syntax
- Free ecommunity before returning on warning/error
- Free memory for as-path filter if regexp is wrong
- Free memory for BMP listeners when deleting BGP instance
- Generate RPKI CLI config even if no cache servers are configured
- Handle origin validation state extended community via route-map match
- Handle route-refresh requests received before EOR
- Implement retain route-target all behavior
- Improve labelpool performance at scale
- Inconsistencies in snt counters with default-originate
- Prevent memory leak of the listener on shutdown
- Print peer's hostname for BGP (filtering) messages
- Print source VRF name when leaking to another VRF
- Release RCU lock in BGP keepalive pthread
- Reset BGP sessions when changing the port
- Send route updates when modifying access/aspath/prefix lists
- Set TTL for iBGP/eBGP by checking only if generic TTL security applied
- Show cache server preference in `show rpki cache-server` output
- Show extended communities memory consumption
- Show TTL value unconditionally for neighbors
- Start conditional advertisement timer instantly
- Stop conditional advertisements thread when terminating
- Stop LLGR thread when deleting a peer and/or gr flags changed
- Treat as withdraw if we receive as path with as_set / as_confed_set
- When specifying listen address for BGP we shouldn't imply no-fib flag
- Withdraw implicitly old paths from VRFs when import/export list changes
- Ensure that bgp open message stream has enough data to read
- Notify BGP conditional advertisement thread when the peer goes down
**bmp**
- Add an interface source to BMP connect command
- Add L3VPN support
**eigrpd**
- VRF variable name hides a parameter of the same name
**fabricd**
- Turn off excessive logging when peering will not come up
**isisd**
- Ensure rcap is freed in error case
- Fix crash with xfrm interface type
- Fix memory leak on shutdown with prefix lists
- Fix prefix-sid last-hop-behavior
**ldpd**
- Check if the thread is scheduled before calling for remained time
**lib**
- Abstract usage of '%pnhs' so that next-hop groups can use it too
- Add errno details to the sockopt_reuseaddr API
- Add sys_rawio to the capabilities definitions
- Allow downgrade of all caps when none are specified
- Allow using ipv4 (class e) reserved block if enabled
- Check hostname in resolver_resolve
- Cleanup red-herring memleaks in the parent of daemonizing fork
- Ensure ls_msg2edge does not use memory after freeing
- Fix `show route-map name json` command and memory leak
- Fix memory leak in `zclient_send_localsid()`
- Fix skip of every other plist deletion
- Fixup workqueue.c to use the proper thread.h semantics
- Function `crypt` does not need to be declared mid function
- Increase next-hop flags size to 16 bits
- Prevent uninitialized usage of data
- Remove usage of inet_ntop in lib/sockopt.c
- Require at least 2.1.42 version of sysrepo when compiling
- Return 0 as the remaining msec if the thread is not scheduled
- stream_dup memory alloc cannot fail
- Update sysrepo code with the latest API changes
- Use pi4 instead of inet_ntop in sockopt.c
**nhrpd**
- Use frr_weak_random()
- Use nhrp_interface_update_nbma when source VRF was changed
**ospf6d**
- Don't remove the summary route if it is a range
- Ensure that ospf6d does not memcpy beyond the end of the data
- Fix missing cost change
- Permit route delete without next-hops
- Remove ospf6enabled from JSON output
**ospfd**
- Add how many packets the interface has queued to send
- Add router-id support to OSPF API
- Added CLIs to change default timers for lsa refresh and maxage remove delay.
- Adding per neighbor JSON details to gr helper detail command
- Crash when router acts as gr helper upon a topo change
- Fix `show ip ospf neighbour <nbrid>` command
- Increase packets sent at one time in ospf_write
- Refactor fifo_flush for the interface
- Remove deprecated command `graceful-restart helper-only`
- When a neighbor goes down clear the oi->obuf if we can
- Catch and report too small LSAs
- Remove assert on zero length LSA - which is permitted by spec
- Fix bug where acks were not be generated to incoming P2P/P2MP neighbors
**pathd**
- `no mpls-te on` command was not working
- Add a zebra stop handler
- Change the vty output, when no ted is enabled on pathd
- Ensure the path is free'd after we no longer need it
- Nai adjacency fix query type f for IPv5
pim6d
- (*,g) mroutes not learnt after pim6d daemon restart
- Lots of CLI changes regarding MLD
- Lots of CLI changes regarding PIMv6
- Clear interface stats on interface shutdown
- Disable pim6d compilation by default
- Don't enable MLD on pimreg interface
- Fix the code for MLD in the show pim state command
- mroute stuck in register state, multicast traffic getting drops
- Register message getting dropped in the source node, mroute stuck in regj
- Send register msg with IPv6 global address
- Update last_member_query_interval and last_member_query_count
- Use ttable for displaying show commands
- Deleting the memory malloced for JSON
- Adding JSON support for show ipv6 next-hop
- Send register msg via register socket
- Change the show running commands based on the address family
- Set rp to true if the address matches, ignore prefix-length
**pimd**
- Allow v6 to do non-integrated configuration
- Assign a vty port value for v6
- Cleanup rpf lookup debug to help us figure out what is going on
- Correct the order of show JSON for interface traffic
- During prune pending, behave as noinfo state
- Fix invalid memory access join_timer_stop
- Fix memleak in bfd profile
- Fix PIM interface deletion flow
- Fix static mroute to also take into account the input interface
- Fix the setting of oif_flags in channel oil
- Fix unaligned accesses
- Handle receive of (*,g) register stop with src addr as 0
- Igmp querier election is not correct in lan scenario
- JSON support for next-hop
- Let the end operator know the ifindex as well in the failure case
- Limit PIM's ECMP to what zebra tells us is the multipath
- Querier to non-querier transition to be ignored
- Register stop message sent with mask 32
- Show interface traffic even if the interface is currently `down`
- Update mroute iif based on next-hop received from zebra
- VRF may be null from pim_cmd_lookup_vrf
**ripd**
- Use a sequence number instead of a time
**sharpd**
- Fix memory leak in release-locator-chunk
- Fix memory leak in release-locator-chunk
- Fix memory leaks related to SRv6 next-hops
**staticd**
- When changing the underlying nh ensure it is reinstalled
**tools**
- Add missing bfdd to logrotate config
- Add pim6d to tools so that pim6d will work properly
- Fix boot config load in watchfrr
- Stop zebra daemon last
**vtysh**
- Account validity should be verified when authenticating users with pam
- Add autocomplete for VRFs when using with `router bgp`
- Handle SIGTSTP (c-z) without exiting the vty shell
- Ignore `end` when parsing frr.conf
- Properly handle `[no] service cputime-stats` in config
- Properly handle `service cputime-warning xx` in the config
- Add `allow-reserved-ranges` global command
**watchfrr**
- Check that the operational timeout specified is good
**zebrad**
- Fixing log flooding when disabling MLAG leaf configuration
- Add a `mpls enable` interface node command
- Add a configurable knob `zebra nexthop-group keep (1-3600)`
- Add a timer to next-hop group deletion
- Add ability for netconf dplane to handle global values
- Add interface sysctl ignore on linkdown status
- Add more cases to proto2zebra for understanding kernel routes
- Add some more data to rtadv socket failures
- Add support for maintaining local neigh entries
- Add tc handlers in the script code
- Add tc netlink and dplane ops
- Allow kernel routes to stick around better on interface state changes
- Attempt to make ioctl.c have a bit more useful log messages
- Avoid buffer overflow using netlink_parse_rtattr_nested()
- Cleanup the memory from the hash for MPLS stuff
- Create a zebra_rib_route_entry_new function and use it
- Debug decode rta_expires and rta_mfc_stats
- Delete the malloced memory under `show zebra`
- Don't install connected routes multiple times into frr
- Expand PBR rule action for data-plane programming
- Explicitly call out the correct queue name
- Fix bond down for EVPN-MH
- Fix bug in netconf handling where dplane would drop the change
- Fix crash in shutdown w/ pw thread still running
- Fix ctab calculation typo in tc netlink
- Fix FPM crash
- Fix lost memory on lsp free
- Fix memory leak in srv6 locator delete
- Fix memory leaks and use after frees in nhg's on shutdown
- Fix missing tenant VRF change notification
- Fix missing VNI transition
- Fix remaining mr rtm_getroute oddities
- Fix rtadv startup when config read in is before interface up
- Free neighbor state before the exit to avoid memleaks
- Handle freebsd routing socket enobufs
- Iif/oif are not used in mr rtm_getroute
- Infrastructure for the new dataplane plugin
- Initialize hw via DPDK
- Introduce early route processing on the metaq
- Mc_forwarding was being sent but not retrieved across dataplane
- Notice when an interface is turned on w/ mpls and enable mpls subsystem
- On Linux let interface data come in through netlink messaging
- Pass AFI received for netconf updates
- Pass PBR expanded actions to the dataplane
- Pbr DPDK programming
- Reconfiguring netns for VRF is not a failure
- Rtnetlink: flow attr per gateway attr in multipath updates
- Setup the zebra interface to the DPDK port map table
- System routes should be processed the same time as the kernel
- Use default ns directly in tc dplane
- When deleting next-hop group entries ensure the thread is off
- When saving nhg for later stop processing
Signed-off-by: Jafar Al-Gharaibeh <jafar@atcorp.com>
https://github.com/FRRouting/frr/pull/11465 enabled account verification,
but the pam config declares rootok as sufficient in authentication only
and not in account verification, what causes warning in the log:
vtysh[3747]: pam_warn(frr:account): function=[pam_sm_acct_mgmt]
flags=0 service=[frr] terminal=[<unknown>] user=[root]
ruser=[<unknown>] rhost=[<unknown>]
Signed-off-by: Marius Tomaschewski <mt@suse.com>
It will be easier to maintain a single file instead of two separate.
Also, fixes the issue when the file (/var/log/frr/frr.log) is not created
after logrotate.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
FRR only needs lua library (package libluaX.Y-dev) to be compiled and
linked, but its `configure` script makes use of lua interpreter to
perform its checks. Therefore, `luaX.Y` package is a requisite
build-dependency for debian packaging.
This commit adds the debian package with the lua interpreter to the
build dependencies.
Signed-off-by: Eugene Crosser <crosser@average.org>
When we do "log file /var/log/frr/something", permissions are set to
0640 (frr:frr), but when the logrotate kicks in, we have 0640 (frr:frrvty).
I believe, we should have a consistent permissions.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
At the moment we set /var/log/frr permissions to 0750 (frr:frr), but the log
file is 0640 (root:adm) (unless logrotated) and that doesn't allow adm group
to even open the directory.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
