Compare commits
No commits in common. 'i8c' and 'c9' have entirely different histories.
@ -1 +1 @@
|
||||
dfc756dfd123360d1e1a760d66821e47f9a6afed SOURCES/frr-7.5.1.tar.gz
|
||||
467835eb73a6018948fd667663ce68282cf6d16b SOURCES/frr-8.3.1.tar.gz
|
||||
|
@ -1 +1 @@
|
||||
SOURCES/frr-7.5.1.tar.gz
|
||||
SOURCES/frr-8.3.1.tar.gz
|
||||
|
@ -1,20 +0,0 @@
|
||||
diff --git a/tools/frr-reload.py b/tools/frr-reload.py
|
||||
index 208fb11..0692adc 100755
|
||||
--- a/tools/frr-reload.py
|
||||
+++ b/tools/frr-reload.py
|
||||
@@ -1,4 +1,4 @@
|
||||
-#!/usr/bin/python
|
||||
+#!/usr/bin/python3
|
||||
# Frr Reloader
|
||||
# Copyright (C) 2014 Cumulus Networks, Inc.
|
||||
#
|
||||
diff --git a/tools/generate_support_bundle.py b/tools/generate_support_bundle.py
|
||||
index 540b7a1..0876ebb 100755
|
||||
--- a/tools/generate_support_bundle.py
|
||||
+++ b/tools/generate_support_bundle.py
|
||||
@@ -1,4 +1,4 @@
|
||||
-#!/usr/bin/python
|
||||
+#!/usr/bin/python3
|
||||
|
||||
########################################################
|
||||
### Python Script to generate the FRR support bundle ###
|
@ -0,0 +1,25 @@
|
||||
diff --git a/ospfd/ospf_spf.c b/ospfd/ospf_spf.c
|
||||
index 74a5674..aec9037 100644
|
||||
--- a/ospfd/ospf_spf.c
|
||||
+++ b/ospfd/ospf_spf.c
|
||||
@@ -48,7 +48,10 @@
|
||||
#include "ospfd/ospf_sr.h"
|
||||
#include "ospfd/ospf_ti_lfa.h"
|
||||
#include "ospfd/ospf_errors.h"
|
||||
+
|
||||
+#ifdef SUPPORT_OSPF_API
|
||||
#include "ospfd/ospf_apiserver.h"
|
||||
+#endif
|
||||
|
||||
/* Variables to ensure a SPF scheduled log message is printed only once */
|
||||
|
||||
@@ -1897,7 +1900,9 @@ static void ospf_spf_calculate_schedule_worker(struct thread *thread)
|
||||
/* Update all routers routing table */
|
||||
ospf->oall_rtrs = ospf->all_rtrs;
|
||||
ospf->all_rtrs = all_rtrs;
|
||||
+#ifdef SUPPORT_OSPF_API
|
||||
ospf_apiserver_notify_reachable(ospf->oall_rtrs, ospf->all_rtrs);
|
||||
+#endif
|
||||
|
||||
/* Free old ABR/ASBR routing table */
|
||||
if (ospf->old_rtrs)
|
@ -1,17 +0,0 @@
|
||||
diff --git a/tools/frr.in b/tools/frr.in
|
||||
index b860797..eb64a93 100755
|
||||
--- a/tools/frr.in
|
||||
+++ b/tools/frr.in
|
||||
@@ -105,10 +105,12 @@ check_daemon()
|
||||
if [ ! -r "$C_PATH/$1-$2.conf" ]; then
|
||||
touch "$C_PATH/$1-$2.conf"
|
||||
chownfrr "$C_PATH/$1-$2.conf"
|
||||
+ chmod 0600 "$C_PATH/$1-$2.conf"
|
||||
fi
|
||||
elif [ ! -r "$C_PATH/$1.conf" ]; then
|
||||
touch "$C_PATH/$1.conf"
|
||||
chownfrr "$C_PATH/$1.conf"
|
||||
+ chmod 0600 "$C_PATH/$1.conf"
|
||||
fi
|
||||
fi
|
||||
return 0
|
@ -1,31 +0,0 @@
|
||||
diff --git a/tools/frrinit.sh.in b/tools/frrinit.sh.in
|
||||
index 539ab7d..d27d1be 100644
|
||||
--- a/tools/frrinit.sh.in
|
||||
+++ b/tools/frrinit.sh.in
|
||||
@@ -43,7 +43,7 @@ fi
|
||||
case "$1" in
|
||||
start)
|
||||
daemon_list daemons
|
||||
- watchfrr_options="$watchfrr_options $daemons"
|
||||
+ watchfrr_options="$daemons"
|
||||
daemon_start watchfrr
|
||||
;;
|
||||
stop)
|
||||
@@ -57,7 +57,7 @@ restart|force-reload)
|
||||
all_stop --reallyall
|
||||
|
||||
daemon_list daemons
|
||||
- watchfrr_options="$watchfrr_options $daemons"
|
||||
+ watchfrr_options="$daemons"
|
||||
daemon_start watchfrr
|
||||
;;
|
||||
|
||||
@@ -87,7 +87,7 @@ reload)
|
||||
# restart watchfrr to pick up added daemons.
|
||||
# NB: This will NOT cause the other daemons to be restarted.
|
||||
daemon_list daemons
|
||||
- watchfrr_options="$watchfrr_options $daemons"
|
||||
+ watchfrr_options="$daemons"
|
||||
daemon_stop watchfrr && \
|
||||
daemon_start watchfrr
|
||||
|
@ -1,33 +0,0 @@
|
||||
diff --git a/ospfd/ospf_vty.c b/ospfd/ospf_vty.c
|
||||
index 69a3e4587..57ef6029a 100644
|
||||
--- a/ospfd/ospf_vty.c
|
||||
+++ b/ospfd/ospf_vty.c
|
||||
@@ -3737,6 +3737,28 @@ static void show_ip_ospf_interface_sub(struct vty *vty, struct ospf *ospf,
|
||||
vty_out(vty,
|
||||
" No backup designated router on this network\n");
|
||||
} else {
|
||||
+ nbr = ospf_nbr_lookup_by_addr(oi->nbrs, &DR(oi));
|
||||
+ if (nbr) {
|
||||
+ if (use_json) {
|
||||
+ json_object_string_add(
|
||||
+ json_interface_sub, "drId",
|
||||
+ inet_ntoa(nbr->router_id));
|
||||
+ json_object_string_add(
|
||||
+ json_interface_sub, "drAddress",
|
||||
+ inet_ntoa(nbr->address.u
|
||||
+ .prefix4));
|
||||
+ } else {
|
||||
+ vty_out(vty,
|
||||
+ " Designated Router (ID) %s",
|
||||
+ inet_ntoa(nbr->router_id));
|
||||
+ vty_out(vty,
|
||||
+ " Interface Address %s\n",
|
||||
+ inet_ntoa(nbr->address.u
|
||||
+ .prefix4));
|
||||
+ }
|
||||
+ }
|
||||
+ nbr = NULL;
|
||||
+
|
||||
nbr = ospf_nbr_lookup_by_addr(oi->nbrs, &BDR(oi));
|
||||
if (nbr == NULL) {
|
||||
if (!use_json)
|
@ -0,0 +1,67 @@
|
||||
From 1d42fb941af17a29346b2af03338f8e18470f009 Mon Sep 17 00:00:00 2001
|
||||
From: Michal Ruprich <michalruprich@gmail.com>
|
||||
Date: Tue, 22 Nov 2022 12:38:05 +0100
|
||||
Subject: [PATCH] tools: Enable start of FRR for non-root user
|
||||
|
||||
There might be use cases when this would make sense, for example
|
||||
running FRR in a container as a designated user.
|
||||
|
||||
Signed-off-by: Michal Ruprich <mruprich@redhat.com>
|
||||
---
|
||||
tools/etc/frr/daemons | 5 +++++
|
||||
tools/frrcommon.sh.in | 4 ++++
|
||||
2 files changed, 9 insertions(+)
|
||||
|
||||
diff --git a/tools/etc/frr/daemons b/tools/etc/frr/daemons
|
||||
index 8aa08871e35..2427bfff777 100644
|
||||
--- a/tools/etc/frr/daemons
|
||||
+++ b/tools/etc/frr/daemons
|
||||
@@ -91,6 +91,12 @@ pathd_options=" -A 127.0.0.1"
|
||||
# say BGP.
|
||||
#MAX_FDS=1024
|
||||
|
||||
+# Uncomment this option if you want to run FRR as a non-root user. Note that
|
||||
+# you should know what you are doing since most of the daemons need root
|
||||
+# to work. This could be useful if you want to run FRR in a container
|
||||
+# for instance.
|
||||
+# FRR_NO_ROOT="yes"
|
||||
+
|
||||
# The list of daemons to watch is automatically generated by the init script.
|
||||
#watchfrr_options=""
|
||||
|
||||
diff --git a/tools/frrcommon.sh.in b/tools/frrcommon.sh.in
|
||||
index 3c16c27c6df..4f095a176e4 100755
|
||||
--- a/tools/frrcommon.sh.in
|
||||
+++ b/tools/frrcommon.sh.in
|
||||
@@ -43,6 +43,10 @@ RELOAD_SCRIPT="$D_PATH/frr-reload.py"
|
||||
#
|
||||
|
||||
is_user_root () {
|
||||
+ if [[ ! -z $FRR_NO_ROOT && "${FRR_NO_ROOT}" == "yes" ]]; then
|
||||
+ return 0
|
||||
+ fi
|
||||
+
|
||||
[ "${EUID:-$(id -u)}" -eq 0 ] || {
|
||||
log_failure_msg "Only users having EUID=0 can start/stop daemons"
|
||||
return 1
|
||||
diff --git a/doc/user/setup.rst b/doc/user/setup.rst
|
||||
index 25934df..51ffd32 100644
|
||||
--- a/doc/user/setup.rst
|
||||
+++ b/doc/user/setup.rst
|
||||
@@ -114,6 +114,16 @@ most operating systems is 1024. If the operator plans to run bgp with
|
||||
several thousands of peers than this is where we would modify FRR to
|
||||
allow this to happen.
|
||||
|
||||
+::
|
||||
+
|
||||
+ FRR_NO_ROOT="yes"
|
||||
+
|
||||
+This option allows you to run FRR as a non-root user. Use this option
|
||||
+only when you know what you are doing since most of the daemons
|
||||
+in FRR will not be able to run under a regular user. This option
|
||||
+is useful for example when you run FRR in a container with a designated
|
||||
+user instead of root.
|
||||
+
|
||||
::
|
||||
|
||||
zebra_options=" -s 90000000 --daemon -A 127.0.0.1"
|
@ -0,0 +1,59 @@
|
||||
From 3e46b43e3788f0f87bae56a86b54d412b4710286 Mon Sep 17 00:00:00 2001
|
||||
From: Donald Sharp <sharpd@nvidia.com>
|
||||
Date: Fri, 30 Sep 2022 08:51:45 -0400
|
||||
Subject: [PATCH] bgpd: Ensure FRR has enough data to read 2 bytes in
|
||||
peek_for_as4_capability
|
||||
|
||||
In peek_for_as4_capability the code is checking that the
|
||||
stream has at least 2 bytes to read ( the opt_type and the
|
||||
opt_length ). However if BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer)
|
||||
is configured then FRR is reading 3 bytes. Which is not good
|
||||
since the packet could be badly formated. Ensure that
|
||||
FRR has the appropriate data length to read the data.
|
||||
|
||||
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
|
||||
---
|
||||
bgpd/bgp_open.c | 27 +++++++++++++++++++++------
|
||||
1 file changed, 21 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/bgpd/bgp_open.c b/bgpd/bgp_open.c
|
||||
index 7248f034a5a..a760a7ca013 100644
|
||||
--- a/bgpd/bgp_open.c
|
||||
+++ b/bgpd/bgp_open.c
|
||||
@@ -1185,15 +1185,30 @@ as_t peek_for_as4_capability(struct peer *peer, uint16_t length)
|
||||
uint8_t opt_type;
|
||||
uint16_t opt_length;
|
||||
|
||||
- /* Check the length. */
|
||||
- if (stream_get_getp(s) + 2 > end)
|
||||
+ /* Ensure we can read the option type */
|
||||
+ if (stream_get_getp(s) + 1 > end)
|
||||
goto end;
|
||||
|
||||
- /* Fetch option type and length. */
|
||||
+ /* Fetch the option type */
|
||||
opt_type = stream_getc(s);
|
||||
- opt_length = BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer)
|
||||
- ? stream_getw(s)
|
||||
- : stream_getc(s);
|
||||
+
|
||||
+ /*
|
||||
+ * Check the length and fetch the opt_length
|
||||
+ * If the peer is BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer)
|
||||
+ * then we do a getw which is 2 bytes. So we need to
|
||||
+ * ensure that we can read that as well
|
||||
+ */
|
||||
+ if (BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer)) {
|
||||
+ if (stream_get_getp(s) + 2 > end)
|
||||
+ goto end;
|
||||
+
|
||||
+ opt_length = stream_getw(s);
|
||||
+ } else {
|
||||
+ if (stream_get_getp(s) + 1 > end)
|
||||
+ goto end;
|
||||
+
|
||||
+ opt_length = stream_getc(s);
|
||||
+ }
|
||||
|
||||
/* Option length check. */
|
||||
if (stream_get_getp(s) + opt_length > end)
|
@ -1,25 +0,0 @@
|
||||
diff --git a/lib/routemap.c b/lib/routemap.c
|
||||
index a90443a..0b594b2 100644
|
||||
--- a/lib/routemap.c
|
||||
+++ b/lib/routemap.c
|
||||
@@ -1649,9 +1649,9 @@ static struct list *route_map_get_index_list(struct route_node **rn,
|
||||
*/
|
||||
static struct route_map_index *
|
||||
route_map_get_index(struct route_map *map, const struct prefix *prefix,
|
||||
- route_map_object_t type, void *object, uint8_t *match_ret)
|
||||
+ route_map_object_t type, void *object, enum route_map_cmd_result_t *match_ret)
|
||||
{
|
||||
- int ret = 0;
|
||||
+ enum route_map_cmd_result_t ret = RMAP_NOMATCH;
|
||||
struct list *candidate_rmap_list = NULL;
|
||||
struct route_node *rn = NULL;
|
||||
struct listnode *ln = NULL, *nn = NULL;
|
||||
@@ -2399,7 +2399,7 @@ route_map_result_t route_map_apply(struct route_map *map,
|
||||
if ((!map->optimization_disabled)
|
||||
&& (map->ipv4_prefix_table || map->ipv6_prefix_table)) {
|
||||
index = route_map_get_index(map, prefix, type, object,
|
||||
- (uint8_t *)&match_ret);
|
||||
+ &match_ret);
|
||||
if (index) {
|
||||
if (rmap_debug)
|
||||
zlog_debug(
|
@ -0,0 +1,47 @@
|
||||
From 766eec1b7accffe2c04a5c9ebb14e9f487bb9f78 Mon Sep 17 00:00:00 2001
|
||||
From: Donald Sharp <sharpd@nvidia.com>
|
||||
Date: Wed, 2 Nov 2022 13:24:48 -0400
|
||||
Subject: [PATCH] bgpd: Ensure that bgp open message stream has enough data to
|
||||
read
|
||||
|
||||
If a operator receives an invalid packet that is of insufficient size
|
||||
then it is possible for BGP to assert during reading of the packet
|
||||
instead of gracefully resetting the connection with the peer.
|
||||
|
||||
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
|
||||
---
|
||||
bgpd/bgp_packet.c | 19 +++++++++++++++++++
|
||||
1 file changed, 19 insertions(+)
|
||||
|
||||
diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c
|
||||
index 769f9613da8..72d6a923175 100644
|
||||
--- a/bgpd/bgp_packet.c
|
||||
+++ b/bgpd/bgp_packet.c
|
||||
@@ -1386,8 +1386,27 @@ static int bgp_open_receive(struct peer *peer, bgp_size_t size)
|
||||
|| CHECK_FLAG(peer->flags, PEER_FLAG_EXTENDED_OPT_PARAMS)) {
|
||||
uint8_t opttype;
|
||||
|
||||
+ if (STREAM_READABLE(peer->curr) < 1) {
|
||||
+ flog_err(
|
||||
+ EC_BGP_PKT_OPEN,
|
||||
+ "%s: stream does not have enough bytes for extended optional parameters",
|
||||
+ peer->host);
|
||||
+ bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
|
||||
+ BGP_NOTIFY_OPEN_MALFORMED_ATTR);
|
||||
+ return BGP_Stop;
|
||||
+ }
|
||||
+
|
||||
opttype = stream_getc(peer->curr);
|
||||
if (opttype == BGP_OPEN_NON_EXT_OPT_TYPE_EXTENDED_LENGTH) {
|
||||
+ if (STREAM_READABLE(peer->curr) < 2) {
|
||||
+ flog_err(
|
||||
+ EC_BGP_PKT_OPEN,
|
||||
+ "%s: stream does not have enough bytes to read the extended optional parameters optlen",
|
||||
+ peer->host);
|
||||
+ bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
|
||||
+ BGP_NOTIFY_OPEN_MALFORMED_ATTR);
|
||||
+ return BGP_Stop;
|
||||
+ }
|
||||
optlen = stream_getw(peer->curr);
|
||||
SET_FLAG(peer->sflags,
|
||||
PEER_STATUS_EXT_OPT_PARAMS_LENGTH);
|
@ -1,40 +0,0 @@
|
||||
diff --git a/tools/frr.service b/tools/frr.service
|
||||
index aa45f42..a3f0103 100644
|
||||
--- a/tools/frr.service
|
||||
+++ b/tools/frr.service
|
||||
@@ -17,9 +17,9 @@ WatchdogSec=60s
|
||||
RestartSec=5
|
||||
Restart=on-abnormal
|
||||
LimitNOFILE=1024
|
||||
-ExecStart=/usr/lib/frr/frrinit.sh start
|
||||
-ExecStop=/usr/lib/frr/frrinit.sh stop
|
||||
-ExecReload=/usr/lib/frr/frrinit.sh reload
|
||||
+ExecStart=/usr/libexec/frr/frrinit.sh start
|
||||
+ExecStop=/usr/libexec/frr/frrinit.sh stop
|
||||
+ExecReload=/usr/libexec/frr/frrinit.sh reload
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
diff --git a/tools/frrcommon.sh.in b/tools/frrcommon.sh.in
|
||||
index 9a144b2..a334d95 100644
|
||||
--- a/tools/frrcommon.sh.in
|
||||
+++ b/tools/frrcommon.sh.in
|
||||
@@ -59,6 +59,9 @@ chownfrr() {
|
||||
[ -n "$FRR_USER" ] && chown "$FRR_USER" "$1"
|
||||
[ -n "$FRR_GROUP" ] && chgrp "$FRR_GROUP" "$1"
|
||||
[ -n "$FRR_CONFIG_MODE" ] && chmod "$FRR_CONFIG_MODE" "$1"
|
||||
+ if [ -d "$1" ]; then
|
||||
+ chmod gu+x "$1"
|
||||
+ fi
|
||||
}
|
||||
|
||||
vtysh_b () {
|
||||
@@ -152,7 +155,7 @@ daemon_start() {
|
||||
daemon_prep "$daemon" "$inst" || return 1
|
||||
if test ! -d "$V_PATH"; then
|
||||
mkdir -p "$V_PATH"
|
||||
- chown frr "$V_PATH"
|
||||
+ chownfrr "$V_PATH"
|
||||
fi
|
||||
|
||||
eval wrap="\$${daemon}_wrap"
|
@ -0,0 +1,70 @@
|
||||
From 1117baca3c592877a4d8a13ed6a1d9bd83977487 Mon Sep 17 00:00:00 2001
|
||||
From: Donald Sharp <sharpd@nvidia.com>
|
||||
Date: Fri, 30 Sep 2022 08:57:43 -0400
|
||||
Subject: [PATCH] bgpd: Ensure FRR has enough data to read 2 bytes in
|
||||
bgp_open_option_parse
|
||||
|
||||
In bgp_open_option_parse the code is checking that the
|
||||
stream has at least 2 bytes to read ( the opt_type and
|
||||
the opt_length). However if BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer)
|
||||
is configured then FRR is reading 3 bytes. Which is not good
|
||||
since the packet could be badly formateed. Ensure that
|
||||
FRR has the appropriate data length to read the data.
|
||||
|
||||
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
|
||||
---
|
||||
bgpd/bgp_open.c | 35 ++++++++++++++++++++++++++++-------
|
||||
1 file changed, 28 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/bgpd/bgp_open.c b/bgpd/bgp_open.c
|
||||
index a760a7ca013..d1667fac261 100644
|
||||
--- a/bgpd/bgp_open.c
|
||||
+++ b/bgpd/bgp_open.c
|
||||
@@ -1278,19 +1278,40 @@ int bgp_open_option_parse(struct peer *peer, uint16_t length,
|
||||
uint8_t opt_type;
|
||||
uint16_t opt_length;
|
||||
|
||||
- /* Must have at least an OPEN option header */
|
||||
- if (STREAM_READABLE(s) < 2) {
|
||||
+ /*
|
||||
+ * Check that we can read the opt_type and fetch it
|
||||
+ */
|
||||
+ if (STREAM_READABLE(s) < 1) {
|
||||
zlog_info("%s Option length error", peer->host);
|
||||
bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
|
||||
BGP_NOTIFY_OPEN_MALFORMED_ATTR);
|
||||
return -1;
|
||||
}
|
||||
-
|
||||
- /* Fetch option type and length. */
|
||||
opt_type = stream_getc(s);
|
||||
- opt_length = BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer)
|
||||
- ? stream_getw(s)
|
||||
- : stream_getc(s);
|
||||
+
|
||||
+ /*
|
||||
+ * Check the length of the stream to ensure that
|
||||
+ * FRR can properly read the opt_length. Then read it
|
||||
+ */
|
||||
+ if (BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer)) {
|
||||
+ if (STREAM_READABLE(s) < 2) {
|
||||
+ zlog_info("%s Option length error", peer->host);
|
||||
+ bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
|
||||
+ BGP_NOTIFY_OPEN_MALFORMED_ATTR);
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ opt_length = stream_getw(s);
|
||||
+ } else {
|
||||
+ if (STREAM_READABLE(s) < 1) {
|
||||
+ zlog_info("%s Option length error", peer->host);
|
||||
+ bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
|
||||
+ BGP_NOTIFY_OPEN_MALFORMED_ATTR);
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ opt_length = stream_getc(s);
|
||||
+ }
|
||||
|
||||
/* Option length check. */
|
||||
if (STREAM_READABLE(s) < opt_length) {
|
@ -1,77 +0,0 @@
|
||||
diff --git a/tools/frr-reload.py b/tools/frr-reload.py
|
||||
index 9979c8b..1c24f90 100755
|
||||
--- a/tools/frr-reload.py
|
||||
+++ b/tools/frr-reload.py
|
||||
@@ -785,6 +785,48 @@ def line_exist(lines, target_ctx_keys, target_line, exact_match=True):
|
||||
return True
|
||||
return False
|
||||
|
||||
+def delete_bgp_bfd(lines_to_add, lines_to_del):
|
||||
+ """
|
||||
+ When 'neighbor <peer> bfd profile <profile>' is present without a
|
||||
+ 'neighbor <peer> bfd' line, FRR explicitily adds it to the running
|
||||
+ configuration. When the new configuration drops the bfd profile
|
||||
+ line, the user's intent is to delete any bfd configuration on the
|
||||
+ peer. On reload, deleting the bfd profile line after the bfd line
|
||||
+ will re-enable BFD with the default BFD profile. Move the bfd line
|
||||
+ to the end, if it exists in the new configuration.
|
||||
+
|
||||
+ Example:
|
||||
+
|
||||
+ neighbor 10.0.0.1 bfd
|
||||
+ neighbor 10.0.0.1 bfd profile bfd-profile-1
|
||||
+
|
||||
+ Move to end:
|
||||
+ neighbor 10.0.0.1 bfd profile bfd-profile-1
|
||||
+ ...
|
||||
+
|
||||
+ neighbor 10.0.0.1 bfd
|
||||
+
|
||||
+ """
|
||||
+ lines_to_del_to_app = []
|
||||
+ for (ctx_keys, line) in lines_to_del:
|
||||
+ if (
|
||||
+ ctx_keys[0].startswith("router bgp")
|
||||
+ and line
|
||||
+ and line.startswith("neighbor ")
|
||||
+ ):
|
||||
+ # 'no neighbor [peer] bfd>'
|
||||
+ nb_bfd = "neighbor (\S+) .*bfd$"
|
||||
+ re_nb_bfd = re.search(nb_bfd, line)
|
||||
+ if re_nb_bfd:
|
||||
+ lines_to_del_to_app.append((ctx_keys, line))
|
||||
+
|
||||
+ for (ctx_keys, line) in lines_to_del_to_app:
|
||||
+ lines_to_del.remove((ctx_keys, line))
|
||||
+ lines_to_del.append((ctx_keys, line))
|
||||
+
|
||||
+ return (lines_to_add, lines_to_del)
|
||||
+
|
||||
+
|
||||
def check_for_exit_vrf(lines_to_add, lines_to_del):
|
||||
|
||||
# exit-vrf is a bit tricky. If the new config is missing it but we
|
||||
@@ -1248,6 +1290,7 @@ def compare_context_objects(newconf, running):
|
||||
for line in newconf_ctx.lines:
|
||||
lines_to_add.append((newconf_ctx_keys, line))
|
||||
|
||||
+ (lines_to_add, lines_to_del) = delete_bgp_bfd(lines_to_add, lines_to_del)
|
||||
(lines_to_add, lines_to_del) = check_for_exit_vrf(lines_to_add, lines_to_del)
|
||||
(lines_to_add, lines_to_del) = ignore_delete_re_add_lines(lines_to_add, lines_to_del)
|
||||
(lines_to_add, lines_to_del) = ignore_unconfigurable_lines(lines_to_add, lines_to_del)
|
||||
diff --git a/bgpd/bgp_bfd.c b/bgpd/bgp_bfd.c
|
||||
index b566b0e..1bd6249 100644
|
||||
--- a/bgpd/bgp_bfd.c
|
||||
+++ b/bgpd/bgp_bfd.c
|
||||
@@ -686,9 +686,9 @@ void bgp_bfd_peer_config_write(struct vty *vty, struct peer *peer, char *addr)
|
||||
|
||||
if (!CHECK_FLAG(bfd_info->flags, BFD_FLAG_PARAM_CFG)
|
||||
&& (bfd_info->type == BFD_TYPE_NOT_CONFIGURED)) {
|
||||
- vty_out(vty, " neighbor %s bfd", addr);
|
||||
+ vty_out(vty, " neighbor %s bfd\n", addr);
|
||||
if (bfd_info->profile[0])
|
||||
- vty_out(vty, " profile %s", bfd_info->profile);
|
||||
+ vty_out(vty, " neighbor %s bfd profile %s", addr, bfd_info->profile);
|
||||
vty_out(vty, "\n");
|
||||
}
|
||||
|
@ -0,0 +1,255 @@
|
||||
From edc3f63167fd95e4e70287743c9b252415c9336e Mon Sep 17 00:00:00 2001
|
||||
From: Philippe Guibert <philippe.guibert@6wind.com>
|
||||
Date: Thu, 7 Jul 2022 14:33:48 +0200
|
||||
Subject: [PATCH] bfdd: allow l3vrf bfd sessions without udp leaking
|
||||
|
||||
Until now, when in vrf-lite mode, the BFD implementation
|
||||
creates a single UDP socket and relies on the following
|
||||
sysctl value to 1:
|
||||
|
||||
echo 1 > /proc/sys/net/ipv4/udp_l3mdev_accept
|
||||
|
||||
With this setting, the incoming BFD packets from a given
|
||||
vrf, would leak to the default vrf, and would match the
|
||||
UDP socket.
|
||||
|
||||
The drawback of this solution is that udp packets received
|
||||
on a given vrf may leak to an other vrf. This may be a
|
||||
security concern.
|
||||
|
||||
The commit addresses this issue by avoiding this leak
|
||||
mechanism. An UDP socket is created for each vrf, and each
|
||||
socket uses new setsockopt option: SO_REUSEADDR + SO_REUSEPORT.
|
||||
|
||||
With this option, the incoming UDP packets are distributed on
|
||||
the available sockets. The impact of those options with l3mdev
|
||||
devices is unknown. It has been observed that this option is not
|
||||
needed, until the default vrf sockets are created.
|
||||
|
||||
To ensure the BFD packets are correctly routed to the appropriate
|
||||
socket, a BPF filter has been put in place and attached to the
|
||||
sockets : SO_ATTACH_REUSEPORT_CBPF. This option adds a criterium
|
||||
to force the packet to choose a given socket. If initial criteria
|
||||
from the default distribution algorithm were not good, at least
|
||||
two sockets would be available, and the CBPF would force the
|
||||
selection to the same socket. This would come to the situation
|
||||
where an incoming packet would be processed on a different vrf.
|
||||
|
||||
The bpf code is the following one:
|
||||
|
||||
struct sock_filter code[] = {
|
||||
{ BPF_RET | BPF_K, 0, 0, 0 },
|
||||
};
|
||||
|
||||
struct sock_fprog p = {
|
||||
.len = sizeof(code)/sizeof(struct sock_filter),
|
||||
.filter = code,
|
||||
};
|
||||
|
||||
if (setsockopt(sd, SOL_SOCKET, SO_ATTACH_REUSEPORT_CBPF, &p, sizeof(p))) {
|
||||
zlog_warn("unable to set SO_ATTACH_REUSEPORT_CBPF on socket: %s",
|
||||
strerror(errno));
|
||||
return -1;
|
||||
}
|
||||
|
||||
Some tests have been done with by creating vrf contexts, and by using
|
||||
the below vtysh configuration:
|
||||
|
||||
ip route 2.2.2.2/32 10.126.0.2
|
||||
vrf vrf2
|
||||
ip route 2.2.2.2/32 10.126.0.2
|
||||
!
|
||||
interface ntfp2
|
||||
ip address 10.126.0.1/24
|
||||
!
|
||||
interface ntfp3 vrf vrf4
|
||||
ip address 10.126.0.1/24
|
||||
!
|
||||
interface ntfp2 vrf vrf1
|
||||
ip address 10.126.0.1/24
|
||||
!
|
||||
interface ntfp2.100 vrf vrf2
|
||||
ip address 10.126.0.1/24
|
||||
!
|
||||
interface ntfp2.200 vrf vrf3
|
||||
ip address 10.126.0.1/24
|
||||
!
|
||||
line vty
|
||||
!
|
||||
bfd
|
||||
peer 10.126.0.2 vrf vrf2
|
||||
!
|
||||
peer 10.126.0.2 vrf vrf3
|
||||
!
|
||||
peer 10.126.0.2
|
||||
!
|
||||
peer 10.126.0.2 vrf vrf4
|
||||
!
|
||||
peer 2.2.2.2 multihop local-address 1.1.1.1
|
||||
!
|
||||
peer 2.2.2.2 multihop local-address 1.1.1.1 vrf vrf2
|
||||
transmit-interval 1500
|
||||
receive-interval 1500
|
||||
!
|
||||
|
||||
The results showed no issue related to packets received by
|
||||
the wrong vrf. Even changing the udp_l3mdev_accept flag to
|
||||
1 did not change the test results.
|
||||
|
||||
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
||||
---
|
||||
bfdd/bfd.c | 66 +++++++++++++++++++++++------------------------
|
||||
bfdd/bfd_packet.c | 45 ++++++++++++++++++++++++++++++++
|
||||
2 files changed, 77 insertions(+), 34 deletions(-)
|
||||
|
||||
diff --git a/bfdd/bfd.c b/bfdd/bfd.c
|
||||
index 483beb1b17c..a1619263588 100644
|
||||
--- a/bfdd/bfd.c
|
||||
+++ b/bfdd/bfd.c
|
||||
@@ -1950,40 +1950,38 @@ static int bfd_vrf_enable(struct vrf *vrf)
|
||||
if (bglobal.debug_zebra)
|
||||
zlog_debug("VRF enable add %s id %u", vrf->name, vrf->vrf_id);
|
||||
|
||||
- if (vrf->vrf_id == VRF_DEFAULT ||
|
||||
- vrf_get_backend() == VRF_BACKEND_NETNS) {
|
||||
- if (!bvrf->bg_shop)
|
||||
- bvrf->bg_shop = bp_udp_shop(vrf);
|
||||
- if (!bvrf->bg_mhop)
|
||||
- bvrf->bg_mhop = bp_udp_mhop(vrf);
|
||||
- if (!bvrf->bg_shop6)
|
||||
- bvrf->bg_shop6 = bp_udp6_shop(vrf);
|
||||
- if (!bvrf->bg_mhop6)
|
||||
- bvrf->bg_mhop6 = bp_udp6_mhop(vrf);
|
||||
- if (!bvrf->bg_echo)
|
||||
- bvrf->bg_echo = bp_echo_socket(vrf);
|
||||
- if (!bvrf->bg_echov6)
|
||||
- bvrf->bg_echov6 = bp_echov6_socket(vrf);
|
||||
-
|
||||
- if (!bvrf->bg_ev[0] && bvrf->bg_shop != -1)
|
||||
- thread_add_read(master, bfd_recv_cb, bvrf,
|
||||
- bvrf->bg_shop, &bvrf->bg_ev[0]);
|
||||
- if (!bvrf->bg_ev[1] && bvrf->bg_mhop != -1)
|
||||
- thread_add_read(master, bfd_recv_cb, bvrf,
|
||||
- bvrf->bg_mhop, &bvrf->bg_ev[1]);
|
||||
- if (!bvrf->bg_ev[2] && bvrf->bg_shop6 != -1)
|
||||
- thread_add_read(master, bfd_recv_cb, bvrf,
|
||||
- bvrf->bg_shop6, &bvrf->bg_ev[2]);
|
||||
- if (!bvrf->bg_ev[3] && bvrf->bg_mhop6 != -1)
|
||||
- thread_add_read(master, bfd_recv_cb, bvrf,
|
||||
- bvrf->bg_mhop6, &bvrf->bg_ev[3]);
|
||||
- if (!bvrf->bg_ev[4] && bvrf->bg_echo != -1)
|
||||
- thread_add_read(master, bfd_recv_cb, bvrf,
|
||||
- bvrf->bg_echo, &bvrf->bg_ev[4]);
|
||||
- if (!bvrf->bg_ev[5] && bvrf->bg_echov6 != -1)
|
||||
- thread_add_read(master, bfd_recv_cb, bvrf,
|
||||
- bvrf->bg_echov6, &bvrf->bg_ev[5]);
|
||||
- }
|
||||
+ if (!bvrf->bg_shop)
|
||||
+ bvrf->bg_shop = bp_udp_shop(vrf);
|
||||
+ if (!bvrf->bg_mhop)
|
||||
+ bvrf->bg_mhop = bp_udp_mhop(vrf);
|
||||
+ if (!bvrf->bg_shop6)
|
||||
+ bvrf->bg_shop6 = bp_udp6_shop(vrf);
|
||||
+ if (!bvrf->bg_mhop6)
|
||||
+ bvrf->bg_mhop6 = bp_udp6_mhop(vrf);
|
||||
+ if (!bvrf->bg_echo)
|
||||
+ bvrf->bg_echo = bp_echo_socket(vrf);
|
||||
+ if (!bvrf->bg_echov6)
|
||||
+ bvrf->bg_echov6 = bp_echov6_socket(vrf);
|
||||
+
|
||||
+ if (!bvrf->bg_ev[0] && bvrf->bg_shop != -1)
|
||||
+ thread_add_read(master, bfd_recv_cb, bvrf, bvrf->bg_shop,
|
||||
+ &bvrf->bg_ev[0]);
|
||||
+ if (!bvrf->bg_ev[1] && bvrf->bg_mhop != -1)
|
||||
+ thread_add_read(master, bfd_recv_cb, bvrf, bvrf->bg_mhop,
|
||||
+ &bvrf->bg_ev[1]);
|
||||
+ if (!bvrf->bg_ev[2] && bvrf->bg_shop6 != -1)
|
||||
+ thread_add_read(master, bfd_recv_cb, bvrf, bvrf->bg_shop6,
|
||||
+ &bvrf->bg_ev[2]);
|
||||
+ if (!bvrf->bg_ev[3] && bvrf->bg_mhop6 != -1)
|
||||
+ thread_add_read(master, bfd_recv_cb, bvrf, bvrf->bg_mhop6,
|
||||
+ &bvrf->bg_ev[3]);
|
||||
+ if (!bvrf->bg_ev[4] && bvrf->bg_echo != -1)
|
||||
+ thread_add_read(master, bfd_recv_cb, bvrf, bvrf->bg_echo,
|
||||
+ &bvrf->bg_ev[4]);
|
||||
+ if (!bvrf->bg_ev[5] && bvrf->bg_echov6 != -1)
|
||||
+ thread_add_read(master, bfd_recv_cb, bvrf, bvrf->bg_echov6,
|
||||
+ &bvrf->bg_ev[5]);
|
||||
+
|
||||
if (vrf->vrf_id != VRF_DEFAULT) {
|
||||
bfdd_zclient_register(vrf->vrf_id);
|
||||
bfdd_sessions_enable_vrf(vrf);
|
||||
diff --git a/bfdd/bfd_packet.c b/bfdd/bfd_packet.c
|
||||
index d34d6427628..054a9bfbf21 100644
|
||||
--- a/bfdd/bfd_packet.c
|
||||
+++ b/bfdd/bfd_packet.c
|
||||
@@ -876,6 +876,14 @@ void bfd_recv_cb(struct thread *t)
|
||||
"no session found");
|
||||
return;
|
||||
}
|
||||
+ /*
|
||||
+ * We may have a situation where received packet is on wrong vrf
|
||||
+ */
|
||||
+ if (bfd && bfd->vrf && bfd->vrf != bvrf->vrf) {
|
||||
+ cp_debug(is_mhop, &peer, &local, ifindex, vrfid,
|
||||
+ "wrong vrfid.");
|
||||
+ return;
|
||||
+ }
|
||||
|
||||
/* Ensure that existing good sessions are not overridden. */
|
||||
if (!cp->discrs.remote_discr && bfd->ses_state != PTM_BFD_DOWN &&
|
||||
@@ -1208,10 +1216,41 @@ int bp_set_tos(int sd, uint8_t value)
|
||||
return 0;
|
||||
}
|
||||
|
||||
+static bool bp_set_reuse_addr(int sd)
|
||||
+{
|
||||
+ int one = 1;
|
||||
+
|
||||
+ if (setsockopt(sd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)) == -1) {
|
||||
+ zlog_warn("set-reuse-addr: setsockopt(SO_REUSEADDR, %d): %s",
|
||||
+ one, strerror(errno));
|
||||
+ return false;
|
||||
+ }
|
||||
+ return true;
|
||||
+}
|
||||
+
|
||||
+static bool bp_set_reuse_port(int sd)
|
||||
+{
|
||||
+ int one = 1;
|
||||
+
|
||||
+ if (setsockopt(sd, SOL_SOCKET, SO_REUSEPORT, &one, sizeof(one)) == -1) {
|
||||
+ zlog_warn("set-reuse-port: setsockopt(SO_REUSEPORT, %d): %s",
|
||||
+ one, strerror(errno));
|
||||
+ return false;
|
||||
+ }
|
||||
+ return true;
|
||||
+}
|
||||
+
|
||||
+
|
||||
static void bp_set_ipopts(int sd)
|
||||
{
|
||||
int rcvttl = BFD_RCV_TTL_VAL;
|
||||
|
||||
+ if (!bp_set_reuse_addr(sd))
|
||||
+ zlog_fatal("set-reuse-addr: failed");
|
||||
+
|
||||
+ if (!bp_set_reuse_port(sd))
|
||||
+ zlog_fatal("set-reuse-port: failed");
|
||||
+
|
||||
if (bp_set_ttl(sd, BFD_TTL_VAL) != 0)
|
||||
zlog_fatal("set-ipopts: TTL configuration failed");
|
||||
|
||||
@@ -1453,6 +1492,12 @@ static void bp_set_ipv6opts(int sd)
|
||||
int ipv6_pktinfo = BFD_IPV6_PKT_INFO_VAL;
|
||||
int ipv6_only = BFD_IPV6_ONLY_VAL;
|
||||
|
||||
+ if (!bp_set_reuse_addr(sd))
|
||||
+ zlog_fatal("set-reuse-addr: failed");
|
||||
+
|
||||
+ if (!bp_set_reuse_port(sd))
|
||||
+ zlog_fatal("set-reuse-port: failed");
|
||||
+
|
||||
if (bp_set_ttlv6(sd, BFD_TTL_VAL) == -1)
|
||||
zlog_fatal(
|
||||
"set-ipv6opts: setsockopt(IPV6_UNICAST_HOPS, %d): %s",
|
@ -1,117 +0,0 @@
|
||||
From 4b793d1eb35ab5794db12725a28fcdb4fef23af7 Mon Sep 17 00:00:00 2001
|
||||
From: Igor Ryzhov <iryzhov@nfware.com>
|
||||
Date: Thu, 1 Apr 2021 15:29:18 +0300
|
||||
Subject: [PATCH] bfdd: remove profiles when removing bfd node
|
||||
|
||||
Fixes #8379.
|
||||
|
||||
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
|
||||
---
|
||||
bfdd/bfd.c | 8 ++++++++
|
||||
bfdd/bfd.h | 1 +
|
||||
bfdd/bfdd_nb_config.c | 1 +
|
||||
3 files changed, 10 insertions(+)
|
||||
|
||||
diff --git a/bfdd/bfd.c b/bfdd/bfd.c
|
||||
index c966efd8ea71..cf292a836354 100644
|
||||
--- a/bfdd/bfd.c
|
||||
+++ b/bfdd/bfd.c
|
||||
@@ -1889,6 +1889,14 @@ void bfd_sessions_remove_manual(void)
|
||||
hash_iterate(bfd_key_hash, _bfd_session_remove_manual, NULL);
|
||||
}
|
||||
|
||||
+void bfd_profiles_remove(void)
|
||||
+{
|
||||
+ struct bfd_profile *bp;
|
||||
+
|
||||
+ while ((bp = TAILQ_FIRST(&bplist)) != NULL)
|
||||
+ bfd_profile_free(bp);
|
||||
+}
|
||||
+
|
||||
/*
|
||||
* Profile related hash functions.
|
||||
*/
|
||||
diff --git a/bfdd/bfd.h b/bfdd/bfd.h
|
||||
index af3f92d6a8f8..9ee1da728717 100644
|
||||
--- a/bfdd/bfd.h
|
||||
+++ b/bfdd/bfd.h
|
||||
@@ -596,6 +596,7 @@ void bfd_session_free(struct bfd_session *bs);
|
||||
const struct bfd_session *bfd_session_next(const struct bfd_session *bs,
|
||||
bool mhop);
|
||||
void bfd_sessions_remove_manual(void);
|
||||
+void bfd_profiles_remove(void);
|
||||
|
||||
/**
|
||||
* Set the BFD session echo state.
|
||||
diff --git a/bfdd/bfdd_nb_config.c b/bfdd/bfdd_nb_config.c
|
||||
index 0046bc625b45..77f8cbd09c07 100644
|
||||
--- a/bfdd/bfdd_nb_config.c
|
||||
+++ b/bfdd/bfdd_nb_config.c
|
||||
@@ -203,6 +203,7 @@ int bfdd_bfd_destroy(struct nb_cb_destroy_args *args)
|
||||
|
||||
case NB_EV_APPLY:
|
||||
bfd_sessions_remove_manual();
|
||||
+ bfd_profiles_remove();
|
||||
break;
|
||||
|
||||
case NB_EV_ABORT:
|
||||
diff --git a/bfdd/bfdd_nb_config.c b/bfdd/bfdd_nb_config.c
|
||||
index 77f8cbd09c07..4030e2eefa50 100644
|
||||
--- a/bfdd/bfdd_nb_config.c
|
||||
+++ b/bfdd/bfdd_nb_config.c
|
||||
@@ -186,7 +186,15 @@ static int bfd_session_destroy(enum nb_event event,
|
||||
*/
|
||||
int bfdd_bfd_create(struct nb_cb_create_args *args)
|
||||
{
|
||||
- /* NOTHING */
|
||||
+ if (args->event != NB_EV_APPLY)
|
||||
+ return NB_OK;
|
||||
+
|
||||
+ /*
|
||||
+ * Set any non-NULL value to be able to call
|
||||
+ * nb_running_unset_entry in bfdd_bfd_destroy.
|
||||
+ */
|
||||
+ nb_running_set_entry(args->dnode, (void *)0x1);
|
||||
+
|
||||
return NB_OK;
|
||||
}
|
||||
|
||||
@@ -202,6 +210,12 @@ int bfdd_bfd_destroy(struct nb_cb_destroy_args *args)
|
||||
return NB_OK;
|
||||
|
||||
case NB_EV_APPLY:
|
||||
+ /*
|
||||
+ * We need to call this to unset pointers from
|
||||
+ * the child nodes - sessions and profiles.
|
||||
+ */
|
||||
+ nb_running_unset_entry(args->dnode);
|
||||
+
|
||||
bfd_sessions_remove_manual();
|
||||
bfd_profiles_remove();
|
||||
break;
|
||||
diff --git a/bfdd/bfdd_cli.c b/bfdd/bfdd_cli.c
|
||||
index b64e36b36a44..5a844e56e121 100644
|
||||
--- a/bfdd/bfdd_cli.c
|
||||
+++ b/bfdd/bfdd_cli.c
|
||||
@@ -486,7 +486,7 @@ void bfd_cli_show_echo_interval(struct vty *vty, struct lyd_node *dnode,
|
||||
* Profile commands.
|
||||
*/
|
||||
DEFPY_YANG_NOSH(bfd_profile, bfd_profile_cmd,
|
||||
- "profile WORD$name",
|
||||
+ "profile BFDPROF$name",
|
||||
BFD_PROFILE_STR
|
||||
BFD_PROFILE_NAME_STR)
|
||||
{
|
||||
diff --git a/vtysh/vtysh.c b/vtysh/vtysh.c
|
||||
index 74f13e1a44e8..cf1811bb1f2f 100644
|
||||
--- a/vtysh/vtysh.c
|
||||
+++ b/vtysh/vtysh.c
|
||||
@@ -1959,7 +1959,7 @@ DEFUNSH(VTYSH_BFDD, bfd_peer_enter, bfd_peer_enter_cmd,
|
||||
}
|
||||
|
||||
DEFUNSH(VTYSH_BFDD, bfd_profile_enter, bfd_profile_enter_cmd,
|
||||
- "profile WORD",
|
||||
+ "profile BFDPROF",
|
||||
BFD_PROFILE_STR
|
||||
BFD_PROFILE_NAME_STR)
|
||||
{
|
@ -1,48 +0,0 @@
|
||||
From 0f9e4c4a36cf2b0dd585a7ef97acccb8eebdf7bd Mon Sep 17 00:00:00 2001
|
||||
From: Chirag Shah <chirag@nvidia.com>
|
||||
Date: Mon, 25 Jan 2021 11:44:56 -0800
|
||||
Subject: [PATCH] lib: fix a crash in plist update
|
||||
|
||||
Problem:
|
||||
Prefix-list with mulitiple rules, an update to
|
||||
a rule/sequence with different prefix/prefixlen
|
||||
reset prefix-list next-base pointer to avoid
|
||||
having stale value.
|
||||
|
||||
In some case the old next-bast's reference leads
|
||||
to an assert in tri (trie_install_fn ) add.
|
||||
|
||||
bt:
|
||||
(object=0x55576a4c8a00, updptr=0x55576a4b97e0) at lib/plist.c:560
|
||||
(plist=0x55576a4a1770, pentry=0x55576a4c8a00) at lib/plist.c:585
|
||||
(ple=0x55576a4c8a00) at lib/plist.c:745
|
||||
(args=0x7fffe04beb50) at lib/filter_nb.c:1181
|
||||
|
||||
Solution:
|
||||
Reset prefix-list next-base pointer whenver a
|
||||
sequence/rule is updated.
|
||||
|
||||
Ticket:CM-33109
|
||||
Testing Done:
|
||||
|
||||
Signed-off-by: Chirag Shah <chirag@nvidia.com>
|
||||
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
|
||||
(cherry picked from commit f7f101156eb0e225f375f12cf4f863ebbe3fed03)
|
||||
---
|
||||
lib/plist.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/lib/plist.c b/lib/plist.c
|
||||
index 981e86e2a..c746d1946 100644
|
||||
--- a/lib/plist.c
|
||||
+++ b/lib/plist.c
|
||||
@@ -684,6 +684,7 @@ void prefix_list_entry_update_start(struct prefix_list_entry *ple)
|
||||
if (pl->head || pl->tail || pl->desc)
|
||||
pl->master->recent = pl;
|
||||
|
||||
+ ple->next_best = NULL;
|
||||
ple->installed = false;
|
||||
}
|
||||
|
||||
--
|
||||
2.41.0
|
@ -1,267 +0,0 @@
|
||||
From 2cf7651f0b1b0123dc5568ebad00ac84a9b3c348 Mon Sep 17 00:00:00 2001
|
||||
From: Donald Sharp <sharpd@nvidia.com>
|
||||
Date: Wed, 2 Feb 2022 13:28:42 -0500
|
||||
Subject: [PATCH] zebra: Make netlink buffer reads resizeable when needed
|
||||
|
||||
Currently when the kernel sends netlink messages to FRR
|
||||
the buffers to receive this data is of fixed length.
|
||||
The kernel, with certain configurations, will send
|
||||
netlink messages that are larger than this fixed length.
|
||||
This leads to situations where, on startup, zebra gets
|
||||
really confused about the state of the kernel. Effectively
|
||||
the current algorithm is this:
|
||||
|
||||
read up to buffer in size
|
||||
while (data to parse)
|
||||
get netlink message header, look at size
|
||||
parse if you can
|
||||
|
||||
The problem is that there is a 32k buffer we read.
|
||||
We get the first message that is say 1k in size,
|
||||
subtract that 1k to 31k left to parse. We then
|
||||
get the next header and notice that the length
|
||||
of the message is 33k. Which is obviously larger
|
||||
than what we read in. FRR has no recover mechanism
|
||||
nor is there a way to know, a priori, what the maximum
|
||||
size the kernel will send us.
|
||||
|
||||
Modify FRR to look at the kernel message and see if the
|
||||
buffer is large enough, if not, make it large enough to
|
||||
read in the message.
|
||||
|
||||
This code has to be per netlink socket because of the usage
|
||||
of pthreads. So add to `struct nlsock` the buffer and current
|
||||
buffer length. Growing it as necessary.
|
||||
|
||||
Fixes: #10404
|
||||
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
|
||||
---
|
||||
zebra/kernel_netlink.c | 68 +++++++++++++++++++++++++-----------------
|
||||
zebra/kernel_netlink.h | 2 +-
|
||||
zebra/zebra_dplane.c | 4 +++
|
||||
zebra/zebra_ns.h | 3 ++
|
||||
4 files changed, 49 insertions(+), 28 deletions(-)
|
||||
|
||||
diff --git a/zebra/kernel_netlink.h b/zebra/kernel_netlink.h
|
||||
index ae88f3372b1c..9421ea1c611a 100644
|
||||
--- a/zebra/kernel_netlink.h
|
||||
+++ b/zebra/kernel_netlink.h
|
||||
@@ -96,7 +96,7 @@ extern const char *nl_family_to_str(uint8_t family);
|
||||
extern const char *nl_rttype_to_str(uint8_t rttype);
|
||||
|
||||
extern int netlink_parse_info(int (*filter)(struct nlmsghdr *, ns_id_t, int),
|
||||
- const struct nlsock *nl,
|
||||
+ struct nlsock *nl,
|
||||
const struct zebra_dplane_info *dp_info,
|
||||
int count, int startup);
|
||||
extern int netlink_talk_filter(struct nlmsghdr *h, ns_id_t ns, int startup);
|
||||
diff --git a/zebra/zebra_ns.h b/zebra/zebra_ns.h
|
||||
index 0519e1d5b33d..7a0ffbc1ee6f 100644
|
||||
--- a/zebra/zebra_ns.h
|
||||
+++ b/zebra/zebra_ns.h
|
||||
@@ -39,6 +39,9 @@ struct nlsock {
|
||||
int seq;
|
||||
struct sockaddr_nl snl;
|
||||
char name[64];
|
||||
+
|
||||
+ uint8_t *buf;
|
||||
+ size_t buflen;
|
||||
};
|
||||
#endif
|
||||
|
||||
diff --git a/zebra/kernel_netlink.c b/zebra/kernel_netlink.c
|
||||
index b8eaeb1..14a40a9 100644
|
||||
--- a/zebra/kernel_netlink.c
|
||||
+++ b/zebra/kernel_netlink.c
|
||||
@@ -90,8 +90,6 @@
|
||||
*/
|
||||
#define NL_DEFAULT_BATCH_SEND_THRESHOLD (15 * NL_PKT_BUF_SIZE)
|
||||
|
||||
-#define NL_BATCH_RX_BUFSIZE NL_RCV_PKT_BUF_SIZE
|
||||
-
|
||||
static const struct message nlmsg_str[] = {{RTM_NEWROUTE, "RTM_NEWROUTE"},
|
||||
{RTM_DELROUTE, "RTM_DELROUTE"},
|
||||
{RTM_GETROUTE, "RTM_GETROUTE"},
|
||||
@@ -164,8 +162,6 @@ DEFINE_MTYPE_STATIC(ZEBRA, NL_BUF, "Zebra Netlink buffers")
|
||||
size_t nl_batch_tx_bufsize;
|
||||
char *nl_batch_tx_buf;
|
||||
|
||||
-char nl_batch_rx_buf[NL_BATCH_RX_BUFSIZE];
|
||||
-
|
||||
_Atomic uint32_t nl_batch_bufsize = NL_DEFAULT_BATCH_BUFSIZE;
|
||||
_Atomic uint32_t nl_batch_send_threshold = NL_DEFAULT_BATCH_SEND_THRESHOLD;
|
||||
|
||||
@@ -322,6 +318,9 @@ static int netlink_socket(struct nlsock *nl, unsigned long groups,
|
||||
|
||||
nl->snl = snl;
|
||||
nl->sock = sock;
|
||||
+ nl->buflen = NL_RCV_PKT_BUF_SIZE;
|
||||
+ nl->buf = XMALLOC(MTYPE_NL_BUF, nl->buflen);
|
||||
+
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -729,19 +728,29 @@ static ssize_t netlink_send_msg(const struct nlsock *nl, void *buf,
|
||||
*
|
||||
* Returns -1 on error, 0 if read would block or the number of bytes received.
|
||||
*/
|
||||
-static int netlink_recv_msg(const struct nlsock *nl, struct msghdr msg,
|
||||
- void *buf, size_t buflen)
|
||||
+static int netlink_recv_msg(struct nlsock *nl, struct msghdr *msg)
|
||||
{
|
||||
struct iovec iov;
|
||||
int status;
|
||||
|
||||
- iov.iov_base = buf;
|
||||
- iov.iov_len = buflen;
|
||||
- msg.msg_iov = &iov;
|
||||
- msg.msg_iovlen = 1;
|
||||
+ iov.iov_base = nl->buf;
|
||||
+ iov.iov_len = nl->buflen;
|
||||
+ msg->msg_iov = &iov;
|
||||
+ msg->msg_iovlen = 1;
|
||||
|
||||
do {
|
||||
- status = recvmsg(nl->sock, &msg, 0);
|
||||
+ int bytes;
|
||||
+
|
||||
+ bytes = recv(nl->sock, NULL, 0, MSG_PEEK | MSG_TRUNC);
|
||||
+
|
||||
+ if (bytes >= 0 && (size_t)bytes > nl->buflen) {
|
||||
+ nl->buf = XREALLOC(MTYPE_NL_BUF, nl->buf, bytes);
|
||||
+ nl->buflen = bytes;
|
||||
+ iov.iov_base = nl->buf;
|
||||
+ iov.iov_len = nl->buflen;
|
||||
+ }
|
||||
+
|
||||
+ status = recvmsg(nl->sock, msg, 0);
|
||||
} while (status == -1 && errno == EINTR);
|
||||
|
||||
if (status == -1) {
|
||||
@@ -761,10 +770,10 @@ static int netlink_recv_msg(const struct nlsock *nl, struct msghdr msg,
|
||||
return -1;
|
||||
}
|
||||
|
||||
- if (msg.msg_namelen != sizeof(struct sockaddr_nl)) {
|
||||
+ if (msg->msg_namelen != sizeof(struct sockaddr_nl)) {
|
||||
flog_err(EC_ZEBRA_NETLINK_LENGTH_ERROR,
|
||||
"%s sender address length error: length %d", nl->name,
|
||||
- msg.msg_namelen);
|
||||
+ msg->msg_namelen);
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -873,8 +882,7 @@ static int netlink_parse_error(const struct nlsock *nl, struct nlmsghdr *h,
|
||||
* the filter.
|
||||
*/
|
||||
int netlink_parse_info(int (*filter)(struct nlmsghdr *, ns_id_t, int),
|
||||
- const struct nlsock *nl,
|
||||
- const struct zebra_dplane_info *zns,
|
||||
+ struct nlsock *nl, const struct zebra_dplane_info *zns,
|
||||
int count, int startup)
|
||||
{
|
||||
int status;
|
||||
@@ -883,7 +891,6 @@ int netlink_parse_info(int (*filter)(struct nlmsghdr *, ns_id_t, int),
|
||||
int read_in = 0;
|
||||
|
||||
while (1) {
|
||||
- char buf[NL_RCV_PKT_BUF_SIZE];
|
||||
struct sockaddr_nl snl;
|
||||
struct msghdr msg = {.msg_name = (void *)&snl,
|
||||
.msg_namelen = sizeof(snl)};
|
||||
@@ -892,14 +899,14 @@ int netlink_parse_info(int (*filter)(struct nlmsghdr *, ns_id_t, int),
|
||||
if (count && read_in >= count)
|
||||
return 0;
|
||||
|
||||
- status = netlink_recv_msg(nl, msg, buf, sizeof(buf));
|
||||
+ status = netlink_recv_msg(nl, &msg);
|
||||
if (status == -1)
|
||||
return -1;
|
||||
else if (status == 0)
|
||||
break;
|
||||
|
||||
read_in++;
|
||||
- for (h = (struct nlmsghdr *)buf;
|
||||
+ for (h = (struct nlmsghdr *)nl->buf;
|
||||
(status >= 0 && NLMSG_OK(h, (unsigned int)status));
|
||||
h = NLMSG_NEXT(h, status)) {
|
||||
/* Finish of reading. */
|
||||
@@ -976,10 +983,10 @@ int netlink_parse_info(int (*filter)(struct nlmsghdr *, ns_id_t, int),
|
||||
*/
|
||||
static int
|
||||
netlink_talk_info(int (*filter)(struct nlmsghdr *, ns_id_t, int startup),
|
||||
- struct nlmsghdr *n, const struct zebra_dplane_info *dp_info,
|
||||
+ struct nlmsghdr *n, struct zebra_dplane_info *dp_info,
|
||||
int startup)
|
||||
{
|
||||
- const struct nlsock *nl;
|
||||
+ struct nlsock *nl;
|
||||
|
||||
nl = &(dp_info->nls);
|
||||
n->nlmsg_seq = nl->seq;
|
||||
@@ -1067,12 +1074,11 @@ static int nl_batch_read_resp(struct nl_batch *bth)
|
||||
* message at a time.
|
||||
*/
|
||||
while (true) {
|
||||
- status = netlink_recv_msg(nl, msg, nl_batch_rx_buf,
|
||||
- sizeof(nl_batch_rx_buf));
|
||||
+ status = netlink_recv_msg(nl, &msg);
|
||||
if (status == -1 || status == 0)
|
||||
return status;
|
||||
|
||||
- h = (struct nlmsghdr *)nl_batch_rx_buf;
|
||||
+ h = (struct nlmsghdr *)nl->buf;
|
||||
ignore_msg = false;
|
||||
seq = h->nlmsg_seq;
|
||||
/*
|
||||
@@ -1506,11 +1512,15 @@ void kernel_terminate(struct zebra_ns *zns, bool complete)
|
||||
if (zns->netlink.sock >= 0) {
|
||||
close(zns->netlink.sock);
|
||||
zns->netlink.sock = -1;
|
||||
+ XFREE(MTYPE_NL_BUF, zns->netlink.buf);
|
||||
+ zns->netlink.buflen = 0;
|
||||
}
|
||||
|
||||
if (zns->netlink_cmd.sock >= 0) {
|
||||
close(zns->netlink_cmd.sock);
|
||||
zns->netlink_cmd.sock = -1;
|
||||
+ XFREE(MTYPE_NL_BUF, zns->netlink_cmd.buf);
|
||||
+ zns->netlink_cmd.buflen = 0;
|
||||
}
|
||||
|
||||
/* During zebra shutdown, we need to leave the dataplane socket
|
||||
@@ -1520,6 +1530,8 @@ void kernel_terminate(struct zebra_ns *zns, bool complete)
|
||||
if (zns->netlink_dplane.sock >= 0) {
|
||||
close(zns->netlink_dplane.sock);
|
||||
zns->netlink_dplane.sock = -1;
|
||||
+ XFREE(MTYPE_NL_BUF, zns->netlink_dplane.buf);
|
||||
+ zns->netlink_dplane.buflen = 0;
|
||||
}
|
||||
}
|
||||
}
|
||||
diff --git a/zebra/kernel_netlink.c b/zebra/kernel_netlink.c
|
||||
index 14a40a9..2b566d4 100644
|
||||
--- a/zebra/kernel_netlink.c
|
||||
+++ b/zebra/kernel_netlink.c
|
||||
@@ -779,7 +779,7 @@ static int netlink_recv_msg(struct nlsock *nl, struct msghdr *msg)
|
||||
|
||||
if (IS_ZEBRA_DEBUG_KERNEL_MSGDUMP_RECV) {
|
||||
zlog_debug("%s: << netlink message dump [recv]", __func__);
|
||||
- zlog_hexdump(buf, status);
|
||||
+ zlog_hexdump(nl->buf, status);
|
||||
}
|
||||
|
||||
return status;
|
||||
diff --git a/zebra/kernel_netlink.c b/zebra/kernel_netlink.c
|
||||
index 2b566d4..0564a6b 100644
|
||||
--- a/zebra/kernel_netlink.c
|
||||
+++ b/zebra/kernel_netlink.c
|
||||
@@ -1060,7 +1060,7 @@ static int nl_batch_read_resp(struct nl_batch *bth)
|
||||
struct sockaddr_nl snl;
|
||||
struct msghdr msg = {};
|
||||
int status, seq;
|
||||
- const struct nlsock *nl;
|
||||
+ struct nlsock *nl;
|
||||
struct zebra_dplane_ctx *ctx;
|
||||
bool ignore_msg;
|
||||
|
@ -0,0 +1,4 @@
|
||||
#Type Name ID GECOS Home directory Shell
|
||||
g frrvty -
|
||||
u frr - "FRRouting routing suite" /var/run/frr /sbin/nologin
|
||||
m frr frrvty
|
@ -0,0 +1,16 @@
|
||||
#!/bin/sh
|
||||
#this script is used to remove babled and ldpd from the tar sources
|
||||
#Usage: sh remove-babeld-ldpd.sh <VERSION>
|
||||
#Example: sh remove-babeld-ldpd.sh 7.3.1 - this is for frr-7.3.1.tar.gz file
|
||||
|
||||
VERSION=$1
|
||||
TAR=frr-${VERSION}.tar.gz
|
||||
DIR=frr-${VERSION}
|
||||
|
||||
echo ${VERSION}
|
||||
echo ${TAR}
|
||||
echo ${DIR}
|
||||
|
||||
tar -xzf ${TAR}
|
||||
rm -rf ${DIR}/babeld ${DIR}/ldpd
|
||||
tar -czf ${TAR} ${DIR}
|
Loading…
Reference in new issue