bgpd: Move rpki strict check to bgp_accept()Current code checks on bgp_start and bgp_establish()
to prevent incoming and outgoing connections when rpki strict mode
is on and bgp is not connected to rpki. Modify the code such that
the bgp_establish() code is no longer the place to check this
it should be in bgp_accept(). Without this there is a very reproducible
crash that happens because the check in bgp_establish() is immediately
afte...
tests: Add new bgp rpki testingAdd these tests to the bgp rpki topotest to better test the rpki code:
a) Test that RPKI invalid state is handled correctly.
b) Ensures that neighbor rpki strict works correctly
c) Add match rpki invalid route-map and ensure it works correctly.
d) Add match rpki-extcommunity and ensure it works correctly.
e) Add IPv6 RPKI validation and ensure it works correctly.
Signed-off-by: Donald Sharp <...
pceplib: validate during of_list TLV decodingValidate buffer length in OF TLV decoding; avoid casting buffer
as integer pointer; count advance by 2-bytes.
Signed-off-by: Mark Stapp <mjs@cisco.com>
bgpd: Check if prefixlen is not 0 when parsing flowspec stuffWhen len == 0, this wraps to UINT32_MAX/SIZE_MAX, causing an unbounded read
from whatever memory follows the buffer. Currently mitigated for the validation
path (caller checks psize == 0), but bgp_flowspec_contains_prefix and bgp_fs_nlri_get_string take len from stored prefix data and have no such guard.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
bgpd: Prevent len_string going negative when trying to display flowspec entriesThe bgp_fs_nlri_get_string() function writes flowspec component strings into
a 512-byte stack buffer (BGP_FLOWSPEC_STRING_DISPLAY_MAX). It tracks remaining
space using len_string, which is decremented by the return value of snprintf.
The critical bug: when snprintf truncates output, it returns the number of
characters that would have been written, not the number actually written.
This causes ...
tests: add topotest for PIM allow-rp featureAdd a new topotest to verify the 'ip pim allow-rp' functionality.
The test validates that PIM joins with mismatched RP addresses are
rejected by default, accepted when allow-rp is enabled, and properly
filtered when using the rp-list prefix-list option.
Signed-off-by: Soumya Roy <souroy@nvidia.com>
pimd: add YANG/northbound support for allow-rp configurationWire the allow-rp CLI through the northbound framework with
proper YANG modeling, replacing direct struct field manipulation.
Add IPv6 pim allow-rp command support.
Integrate allow-rp CLI with the northbound framework using proper
YANG modeling, replacing direct struct field manipulation. Add IPv6
pim allow-rp command support.
Signed-off-by: Soumya Roy <souroy@nvidia.com>
pimd: refactor allow-rp logic and remove unused parameter- Remove unused 'allow_rp' parameter from recv_join() function.
The parameter was passed but never used; the code accessed
pim_ifp->allow_rp directly instead.
- Consolidate all allow-rp checking logic into pim_is_rp_allowed().
The function now handles the allow_rp enable check internally,
making the calling code cleaner and the function self-contained.
- Update function documentation ...
pimd: fix the crash by doing NULL check for pim interfaceAdded the NULL check befor accessing pim interface while processing
command "no ip pim allow-rp rp-list sample"
Ticket: #3864208
Testing:
before:
tor-11(config-if)# no ip pim allow-rp rp-list policy
vtysh: error reading from pimd: Success (0)Warning: closing connection to pimd because of an I/O error!
Broadcast message from root@tor-11 (somewhere) (Thu Apr 18 21:15:45 2024):
cumulus-core: R...
pimd: add allow-rp knob to ignore incorrect rpWhen processing a (*,G) source list entry, the RFC dictates that the
source address provided must match the RP address. In some situations
it's desirable to forego this check. This patch adds a simple boolean
knob, configurable on a per-interface basis, to disable that check.
Alternatively, one can specify a prefix-list, which will act as a
whitelist for what RP addresses to allow.
Signed-off...
Merge pull request #21214 from LabNConsulting/chopps/fix-swapped-vals-and-setsockoptlib: fix swapped values, bad setsockopt, and intermittent test failure
bgpd: Revalidate locally originated routes against RPKI changesWithout this patch we evaluated only adj_in for a particular peer, which means
we never re-advertise locally originated route if RPKI state changes, e.g.:
if RPKI state changes from VALID to INVALID, we still advertise this route
to the peer even if we have a route-map that denies announcing INVALID routes.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
zebra: fix spurious tag mismatch in rib_route_match_ctx()rib_route_match_ctx() matches a returning dplane result back to the
correct route_entry. For ZEBRA_ROUTE_STATIC it narrowed the match
using both distance and tag. However, tag is an attribute of the
route_entry, not part of its identity — a tag change modifies the
route_entry in place without creating a new one.
Including tag in the match creates a race: if a tag update arrives and
modifies ...
bgpd: properly copy ls attr's admin_groupthe bgp_ls_attr_copy() function must make a separate copy
of the embedded admin_group in the bgp_ls_attr.
Signed-off-by: Mark Stapp <mjs@cisco.com>
bgpd: call init and term funcs for LS attr admin_groupThere's an admin group struct embedded in the BGP LS attr;
it needs to be init'd and freed.
Reported-by: Haruto Kimura (Stella) <harutokimura0608@gmail.com>
Signed-off-by: Mark Stapp <mjs@cisco.com>
bgpd: Fix incorrect comparisons in BGP-LS *_cmp() functionsComparison functions in bgp_ls_nlri.c return (a - b) on unsigned
integer fields. The unsigned subtraction result is then implicitly
converted to int (the return type). When the difference exceeds
INT_MAX the sign flips, inverting the result:
a = 0xFFFFFFFF, b = 0
(uint32_t)a - b = 0xFFFFFFFF -> cast to int gives -1
-> caller sees a < b, which is wrong
These functions are expected to ret...
tests: Verify BGP-LS routes withdrawn on peer deactivateAdd test_bgp_ls_peer_deactivate() to verify that deactivating the
last BGP-LS peer on r2 withdraws all locally originated routes on
r2 and clears all received routes on rr.
Add test_bgp_ls_peer_reactivate() to verify that reactivating the
peer triggers a fresh TED sync, re-originates all BGP-LS NLRIs on
r2, and re-advertises them to rr.
Signed-off-by: Carmine Scarpitta <cscarpit@cisco.com>
bgpd: Withdraw BGP-LS routes and reset TED on last peer deactivationWhen the last BGP-LS peer is deactivated, locally originated BGP-LS
routes are not withdrawn from the RIB, leaving stale routes on peers.
The TED is also not cleared, so the next registration re-originates
on top of stale state.
Add bgp_ls_withdraw_ted() which removes all self-originated paths via
bgp_clear_route() and clears all TED entries. Call it in
peer_deactivate() when the last BGP-LS p...
bgpd: Request initial TED sync on link-state registrationAfter registering with the LS database, no initial sync is requested,
so the TED remains empty until the IGP sends unsolicited updates.
Any topology changes that occurred before registration are
permanently missed and never originated as BGP-LS NLRIs.
Additionally, LS_MSG_EVENT_SYNC messages are not handled in the TED
processors, so any sync response from zebra is silently dropped.
Request a ...
tests: Fix test_bgp_srv6_sid_unexport expectationsAfter removing sid export on R1, the test checks both 10.0.0.1/32
and 10.0.0.3/32 on R2 with expect_sid="", expecting neither to
carry a SRv6 SID. This is wrong: 10.0.0.3/32 is originated by R3
which still has sid export configured, so it should still be
seen on R2 with r3_unicast_sid.
This wrong expectation was not caught because check_route() did
not verify the absence of a SID when expect_s...
tests: Fix check_route not verifying absence of SIDWhen check_route() is called with expect_sid="" to assert that a
route has no SRv6 SID, it silently succeeds even if a SID is
present.
Add an explicit check: when expect_sid is "", return an error if
a SRv6 SID is found on the route.
Signed-off-by: Carmine Scarpitta <cscarpit@cisco.com>
tests: Add test for sid export route-map update in bgp_srv6_unicastAdd test_bgp_srv6_sid_rmap_update() to verify that replacing an
already-configured sid export route-map with a different one
correctly applies the new policy.
The test reconfigures R1 with a new route-map (filter2) that
excludes 10.0.0.1/32 from SID assignment, confirms the prefix
loses its SRv6 encapsulation on R2 and becomes uninstalled on
R3, then restores the original route-map (filter) an...
bgpd: Fix sid export route-map update not taking effectWhen `sid export ... route-map <name>` is reconfigured with a
different route-map on an already-configured SID export, the new
route-map is silently ignored. The code skips the early-return
(rmap_str != rmap_name), but then calls
bgp_srv6_unicast_announce() without updating rmap_name, so the
old route-map remains in effect.
Fix this by replacing rmap_name before triggering the re-announce:
dec...
tests: fix intermittent failure of notify testRead and wait on live output from the clients rather than running the
client to completion after it receives N notifications. This allows us
to wait for the notifications we expect and not be fragile to receiving
other notifications in between.
Add flush() to stdout of FE_CLIENT otherwise we wait on line output
from print() that never comes b/c it's buffered.
Signed-off-by: Christian Hopps <c...
lib: fix swapped values and bad setsockoptWe had reversed the setting of max read and write message count values
for mgmtd connections (both server and client). This effectively allowed
clients to send more than they received and the server to process more
than it sent (i.e., backwards of what we probably want to keep a loaded
system working properly)
Also for the mgmtd loopback connection (i.e., sending CLI based YANG
config or reciv...
Donatas Abraitis
Donald Sharp
Mark Stapp
Soumya Roy
Enke Chen
Carmine Scarpitta