bgpd: honor 'no activate' for dynamic neighbors in peer-groupWhen a dynamic peer connects via 'bgp listen range', peer_create()
activates IPv4 unicast by default. peer_create_bind_dynamic_neighbor()
then applies the group's AF config but only activates AFIs the group
has enabled -- it never deactivates AFIs the group has disabled.
This causes 'no neighbor <group> activate' under an address-family
to be ignored for dynamic peers.
Add peer_deactivate() f...
bgpd: Simplify BGP-LS NLRI TLV encoding by inlining helper functionsRemove the TLV encoding helper functions (stream_put_tlv_hdr, stream_put_tlv,
and stream_putf_tlv) and inline their logic directly into the encoder
functions. This improves code clarity and consistency by:
- Consolidating stream writeable checks before encoding each TLV
- Eliminating the confusion of split writeable checks between helpers
and callers
The encoder functions now directly call ...
lib: mgmt: use SOMAXCONN for mgmtd socket listen backlogThe mgmtd frontend and backend UNIX sockets pass a compile-time
constant of 32 to listen(2) as the accept-queue backlog. Under
fan-in from multiple concurrent clients (vtysh sessions, test
harnesses, external controllers) the kernel accept queue
saturates and new connect(2) attempts fail with EAGAIN before
the msg_server handler runs. This is observable as a hard
ceiling: at roughly 1000 concur...
tests: bgp_suppress_fib was not stable before testingbgp_suppress fib is bringing up peers and then ensuring
that the peers are established and then immediately changing
some configuration that should not cause changes in prefixes
being sent or received. Under heavy load you can have peerings
but not fully passed prefixes, thus leaving a timing window
where things are still changing. Ensure that nothing has
changed for 10 seconds before preceed...
isisd: Reject SRv6 Locator TLV with Loc-Size of zeroRFC 9352 Section 7.1 requires Loc-Size to be in the range 1-128.
A value of zero is invalid and must cause the entire TLV to be
ignored. The existing check only rejects values greater than 128,
allowing zero through and producing a zero-length prefix that can
confuse downstream consumers.
Fix this by extending the condition to also reject zero:
if (rv->prefix.prefixlen == 0 || rv->prefix.pr...
tests: Remove `show running bgpd` from the topotestsIn the future bgp is going to transition to using mgmtd and
the `show running-config bgpd` command is going to dissapear.
Let's facilitate this by going ahead and removing this special
case code for the future.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
isisd: anchor stream position in SRv6 End.X SID sub-TLV parsingUse stream_get_getp/stream_set_getp to anchor the stream position at
sub-TLV data entry and sync to the sub-TLV end on all code paths in
the End.X SID (subtlv 43) and LAN End.X SID (subtlv 44) handlers.
This ensures the stream stays aligned with the outer loop sum
accounting when unpack_tlvs() partially consumes bytes before
returning an error, and when trailing bytes exist after
sub-sub-TLVs ...
bgpd: Let the stream track how much was writtenCoverity is complaining about this:
** CID 1670454: Insecure data handling (INTEGER_OVERFLOW)
/bgpd/bgp_ls_nlri.c: 1946 in bgp_ls_encode_link_nlri()
1940 /* Link Descriptors */
1941 ret = bgp_ls_encode_link_descriptor(s, &nlri->link_desc);
1942 if (ret < 0)
1943 return -1;
1944 written += ret;
1945
>>> CID 1670454: Insecure data handli...
bgpd: Removed dead json code pathThe test for json_flags and the removal is not needed. There is
no code path where it is ever set at this point, so remove.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
mgmtd: Use correct printf formatting type.Coverity was, rightly, complaining about a formatting type
that was not correct across all platforms. Fix.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
nhrpd: stop debugging auth credentialsDon't log/debug credentials. The output code was bugged, and
was willing to overrun temporary char buffers - just remove
the code.
Signed-off-by: Mark Stapp <mjs@cisco.com>
bgpd: fix release intermediate SIDs upon changing locatorOn a BGP SRv6 setup with loc1 locator on default instance, and the user
wants to change locator from from loc2 to loc3 in vrf Vrf20.
Sometimes, the resulting SIDs are the SIDS assigned for Vrf20 are the
ones from loc1 assigned at command 'no locator loc2', whereas the
expectation should be the SIDS from loc3. The below show command
shows that 2001:db8:1:1:3:: from loc1 is not released.
> r1# ...
topotests: add test to control sid assignment when changing locatorThe move of vrf20 from loc2 to loc3 should result in appropriate
assignment of the SID 2003:db8:1:1:1::.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
bgpd: Harden SRv6 Service Data parser for SID Structure lengthRFC 9252 defines the SRv6 SID Structure Sub-Sub-TLV (Type 1) with
a fixed Value length of 6 octets.
Update bgp_attr_srv6_service_data() to reject Type 1 entries whose
declared length is not exactly 6, instead of accepting any length >= 6.
This tightens parser correctness and prevents malformed Type 1
encodings from being treated as valid.
Signed-off-by: Carmine Scarpitta <cscarpit@cisco.com>
bgpd: Validate if NHC BGPID TLV value is non-zeroASN or BGPID as zero is treated as malformed.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
bgpd: Clearly check for AS4 against 0 valueUse BGP_AS_ZERO, instead of !as4 for readability.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
bgpd: Reject Link NLRIs without Link DescriptorA valid Link NLRI must include a Local Node Descriptor, a Remote Node
Descriptor, and a Link Descriptor.
After decoding Protocol-ID, Identifier, and the Local/Remote Node Descriptors,
ensure there is still Link Descriptor data to decode.
If no bytes remain for the Link Descriptor, treat the NLRI as malformed and
fail decode.
Signed-off-by: Carmine Scarpitta <cscarpit@cisco.com>
bgpd: Consolidate redundant stream bounds checks in bgp_ls_decode_nlriReplace two separate STREAM_READABLE checks for reading NLRI Type and Length
with a single combined check. Use symbolic constants BGP_LS_NLRI_TYPE_SIZE and
BGP_LS_NLRI_LENGTH_SIZE instead of magic number 4, improving readability and
maintainability.
Signed-off-by: Carmine Scarpitta <cscarpit@cisco.com>
bgpd: migrate timers during peer_xfer_conn to fix stale route cleanupWhen a BGP session goes down on a GR-helper, bgp_stop() arms the
stalepath timer (t_gr_stale) and restart timer (t_gr_restart) on the
config peer's connection. If the restarting peer reconnects and a
connection collision occurs (common in large-scale topologies like
Fairwater with 256 sessions per leaf), peer_xfer_conn() swaps the
connection pointers: the doppelganger's winning connection (keep...
bgpd: Return immediately when dynamic capability action is not validWithout returning immediately, we continue the loop that advances pnt pointer,
which is not good. We should send the notification (which is already done), and
return.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
bgpd: Prevent out-of-bound reading handling soft version dynamic capabilityFixes: 784cf95c4377ec84b25fb5801fdfaa20450325de ("bgpd: Try to handle software version capability with the new encoding format")
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
bgpd: Prevent zero-length BGP-LS MT-ID TLVAn attacker can craft a BGP-LS update containing an MT-ID TLV with zero
length (tlv_len == 0). This passes existing validation (0 % 2 == 0 and
0 <= MAX), causing XCALLOC(MTYPE_BGP_LS_NLRI, 0) to be called. This
results in unexpected behavior.
This fix validates tlv_len > 0 before allocation in both link and prefix
descriptor MT-ID TLV decoder, savoiding unexpected behavior from zero-length
inp...
Donald Sharp
Eyal Nissim
Carmine Scarpitta
Donald Sharp
TristanInSec
Mark Stapp
Philippe Guibert
Shashanka K S