zebra: fix spurious tag mismatch in rib_route_match_ctx()rib_route_match_ctx() matches a returning dplane result back to the
correct route_entry. For ZEBRA_ROUTE_STATIC it narrowed the match
using both distance and tag. However, tag is an attribute of the
route_entry, not part of its identity — a tag change modifies the
route_entry in place without creating a new one.
Including tag in the match creates a race: if a tag update arrives and
modifies ...
bgpd: properly copy ls attr's admin_groupthe bgp_ls_attr_copy() function must make a separate copy
of the embedded admin_group in the bgp_ls_attr.
Signed-off-by: Mark Stapp <mjs@cisco.com>
bgpd: call init and term funcs for LS attr admin_groupThere's an admin group struct embedded in the BGP LS attr;
it needs to be init'd and freed.
Reported-by: Haruto Kimura (Stella) <harutokimura0608@gmail.com>
Signed-off-by: Mark Stapp <mjs@cisco.com>
bgpd: Fix incorrect comparisons in BGP-LS *_cmp() functionsComparison functions in bgp_ls_nlri.c return (a - b) on unsigned
integer fields. The unsigned subtraction result is then implicitly
converted to int (the return type). When the difference exceeds
INT_MAX the sign flips, inverting the result:
a = 0xFFFFFFFF, b = 0
(uint32_t)a - b = 0xFFFFFFFF -> cast to int gives -1
-> caller sees a < b, which is wrong
These functions are expected to ret...
tests: Fix test_bgp_srv6_sid_unexport expectationsAfter removing sid export on R1, the test checks both 10.0.0.1/32
and 10.0.0.3/32 on R2 with expect_sid="", expecting neither to
carry a SRv6 SID. This is wrong: 10.0.0.3/32 is originated by R3
which still has sid export configured, so it should still be
seen on R2 with r3_unicast_sid.
This wrong expectation was not caught because check_route() did
not verify the absence of a SID when expect_s...
tests: Fix check_route not verifying absence of SIDWhen check_route() is called with expect_sid="" to assert that a
route has no SRv6 SID, it silently succeeds even if a SID is
present.
Add an explicit check: when expect_sid is "", return an error if
a SRv6 SID is found on the route.
Signed-off-by: Carmine Scarpitta <cscarpit@cisco.com>
tests: Add test for sid export route-map update in bgp_srv6_unicastAdd test_bgp_srv6_sid_rmap_update() to verify that replacing an
already-configured sid export route-map with a different one
correctly applies the new policy.
The test reconfigures R1 with a new route-map (filter2) that
excludes 10.0.0.1/32 from SID assignment, confirms the prefix
loses its SRv6 encapsulation on R2 and becomes uninstalled on
R3, then restores the original route-map (filter) an...
bgpd: Fix sid export route-map update not taking effectWhen `sid export ... route-map <name>` is reconfigured with a
different route-map on an already-configured SID export, the new
route-map is silently ignored. The code skips the early-return
(rmap_str != rmap_name), but then calls
bgp_srv6_unicast_announce() without updating rmap_name, so the
old route-map remains in effect.
Fix this by replacing rmap_name before triggering the re-announce:
dec...
zebra: lib: use old compatible value for lyd_new_termFor now use backward compatible `false` value for the penultimate arg to
`lyd_new_term()` to match earlier versions of libyang API. This matches
all the other current uses of `lyd_new_term()` in the code.
Signed-off-by: Christian Hopps <chopps@labn.net>
Merge pull request #21065 from LabNConsulting/chopps/nmda+router-id-op-stateEnable RFC8342 YANG NMDA functionality and add router-id oper-state that uses it.
tests: Give more time for interface information to show upThe test failed in upstream CI because the loopback did not have
the address as of yet as part of a `show interface`. The `show run`
showed that the address was applied, but the interface information in
zebra and from `ip ...` commands showed that the data had not finished
being sent to the kernel. Give this test more time to converge.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
zebra: Move `allow-external-route-update` to mgmt frontend sideThe `allow-external-route-update` command was being compiled into
the zebra side of the nb code. Thus when configuration was being
applied that uses mgmtd as a frontend and zebra as the frontend
one would get there first and lock the database, preventing
the other side from working. Move this command to the correct
spot.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
tests: add orphan BNC cleanup test for explicit LL peer deletionVerify that deleting an explicit link-local BGP neighbor leaves no
orphan BNC behind. Without the conf_if guard in
bgp_unlink_nexthop_by_peer() and bgp_delete_connected_nexthop(),
the BNC lookup uses scope_id (non-zero after TCP) while the BNC
was created with ifindex 0, causing the cleanup to miss.
Signed-off-by: Soumya Roy <souroy@nvidia.com>
bgpd: fix BNC cleanup for explicit link-local peersbgp_unlink_nexthop_by_peer() and bgp_delete_connected_nexthop()
look up the BNC using scope_id to derive the ifindex. For
explicit LL peers (conf_if NULL) the BNC was created with
ifindex 0, but after the TCP handshake scope_id is non-zero.
The mismatch causes the lookup to miss, leaving an orphan BNC
with a stale nht_info pointer after the peer is deleted.
Add the same conf_if guard that pee...
pimd: if an RP is configured, use SSMWhen an RP is configured, sparse mode should trigger regardless
of whether the RP is reachable or not. This behavior is consistent
with other implementations/vendors.
Signed-off-by: Jafar Al-Gharaibeh <jafar@atcorp.com>
vrrpd: replace some assertsReplace several asserts with error returns, especially in
packet-processing paths.
Signed-off-by: Mark Stapp <mjs@cisco.com>
vrrpd: only support ethernet in GARP codeDon't mix explicit ethernet and per-interface hw values;
we only support ethernet for g-ARP messages.
Signed-off-by: Mark Stapp <mjs@cisco.com>
Merge pull request #21211 from opensourcerouting/fix/cap_overflow_parsing_unknownbgpd: Check if we are not overusing error_data buffer when unknown cap received
bgpd: Check if we are not overusing error_data buffer when unknown cap receivedThere is no bounds check before the memcpy(). With Extended Message support
enabled, incoming OPEN messages can be up to 65535 bytes, so the total size
of unknown capability TLVs can far exceed 4096 bytes, overflowing the stack
buffer.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
Donald Sharp
Enke Chen
Mark Stapp
Carmine Scarpitta
Christian Hopps
Nathan Bahr
Donald Sharp
Chirag Shah
Soumya Roy