pimd: Provide better ordering for calling pim_upstream_use_rptIn pim_upstream_new, call pim_upstream_use_rpt after the rpf_update
as that pim_upstream_use_rpt can make a decision about what is
done based upon rpf changes. This aligns the two together.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
pimd: fix crash in JP agg list due to stale upstream entryWhen pim_upstream_rpf_clear() nulls the RPF interface, it does not
remove the upstream from the old RPF neighbor's JP aggregation list.
This leaves a stale entry that becomes a dangling pointer after the
upstream is eventually freed. When the neighbor's JP timer fires and
iterates the list, it dereferences the freed upstream causing a
SIGSEGV.
Fix by finding the RPF neighbor and removing the u...
bgpd: move auto config flag from bgp to srv6 unicast policyMove SID allocation auto mode on bgp to srv6 unicast policy. This is a
better fit and rename to SRV6_POLICY_FLAG_SID_AUTO.
Signed-off-by: LoĂ¯c Sang <loic.sang@6wind.com>
zebra: fix EVPN MACIP DEL flag mixup in neighbor delete pathOn ZEBRA_MACIP_DEL, zebra_evpn_neigh_send_del_to_client() was passing
ZEBRA_NEIGH_* flags into zebra_evpn_macip_send_msg_to_client(), while
debug output decodes those bits as ZEBRA_MACIP_TYPE_* flags. Because bit
values overlap, DEL logs could incorrectly print "Sticky MAC".
This is a flag-domain mismatch on DEL reporting, not a behavior change in
BGP processing (DEL uses state).
Fix by sendi...
ospfd: Fix setting of typeThere exists a code path where the vertex is already
created but the type has not been set. When
ospf_te_parse_router_lsa is called it was not
updating the type. This caused the test_ospf_te_topo1.py
topotest to fail, because it is looking for a type
but it is not present. Modify the code
to set the type here always.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
pimd: reject truncated IP datagrams before IGMP/mtrace handling- Validate IPv4 total length against recv buffer in pim_igmp_verify_header()
so downstream code cannot trust ip_hdr->ip_len past the bytes we hold (e.g.
mtrace sendto length).
- Drop recvmsg results with MSG_TRUNC in pim_socket_recvfromto() so callers
never process a truncated buffer as a full datagram.
Signed-off-by: Jafar Al-Gharaibeh <jafar@atcorp.com>
pimd: cap PIM Hello secondary address list parsingBound how many encoded unicast addresses we accept from a single
PIM_MSG_OPTION_TYPE_ADDRESS_LIST TLV. The cap is the minimum of
limits derived from interface MTU, TLV length, and PIM_HELLO_SECONDARY_ADDR_MAX.
Reject with cleanup when exceeded to avoid unbounded allocation from
link-local Hellos. Free the temporary address list on parse failure in
pim_hello_recv.
Signed-off-by: Jafar Al-Ghara...
tests: Ensure test_bgp_vpnv4_per_nexthop_label.py actually has a chanceThe test is not actually giving time for the withdrawal to happen,
modify the check for the second prefix to be a run_and_expect
loop as well.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
nhrpd: validate strictly in nhrp_cie_pull() code pathMany callers of nhrp_cie_pull() don't check the status of
the sockaddr arguments. Init the sockaddrs to UNSPEC by
default; return error (NULL) if the cie header lengths
are present but invalid.
Signed-off-by: Mark Stapp <mjs@cisco.com>
tests: Fix some pim tests to account for multipathBoth the test_multicast_pim6_static_rp2.py and test_multicast_pim_uplink_topo1.py
test scripts have multipath available as possible paths that pim
can take. Depending on ordering of how routes are received
in the underlay's protocol's. You can very rarely have
the streams take unexpected paths from the RP towards the
source or from the source towards the RP. Modify the
code base to be a bit ...
tests: Fix verify_upstream_iif error messageThe test is specifying in_interface for the expected value
when the failure is detected, but this just happens to be
the last value in the loop instead of what it was actually
looking for.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
tests: modify test_pim.py to send more multicast packetsCurrently the send of the multicast stream is 40 * 2ms in length
which is only 80ms. If the underlay has not fully converged we
may never be able to transition to a correct state. Modify
the code to give a bunch more time for sending the multicast
stream.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
Merge pull request #21532 from opensourcerouting/fix/bgp_confederation_equal_bgp_externalbgpd: Do not reject the route if confederation AS matches peer AS
lib: fix mgmt_msg recv to deal with mis-alignmentWe need our messages to start on 64 bit boundaries as the message buffer
is accessed directly as structured data. In particular on ARM32 arch
using the data this way lead to unaligned access and SIGBUS.
The minor optimization of reading multiple messages into a single stream
buffer complicated this. Instead we KISS and switch to one message per
stream buffer.
Fixes #20087.
Signed-off-by: Chr...
Merge pull request #21430 from karthikeyav/kmuppalla/upstream-advertisement-delaybgpd: add advertisement-delay to hold route advertisements after startup
Merge pull request #21400 from sougatahitcs/sougatab/_static-route-bfd-admin-down-state-handling-improvementsstatic route bfd admin down state handling improvements
bfdd: fix do not unconfig bfd profile session when removing profileIf a profile is used by a BFD session, then removing the profile from
the configuration will also remove the configuration of that profile in
that BFD session.
This should not happen, as from config perspective, the profile config
and the profile attached to the bfd session are two distinct elements.
Fixes: f6dfa2473983 ("bfdd: remove profile pointers on removal")
Signed-off-by: Philippe Gui...
doc: add missing bfd statistics for rx failed packetBFD doc needs to be updated.
Fixes: 9ae600cf328f ("bfdd, yang: Add a bad packet counter for bfd peers")
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
bfdd: fix do not display tx fail counter for non sbfd sessionsThe json show does not display such counters. Do the same for the non
json show.
Fixes: 868c4d02e699 ("bfdd: adjust show commands for SBFD")
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
tests: Add BGP-LS BGP-only fabric topotestThe BGP-only fabric draft (draft-ietf-idr-bgp-ls-bgp-only-fabric)
defines advertising topology and reachability via BGP-LS NLRIs.
Add a topotest topology with rr (AS65000) collecting BGP-LS from four
routers (r1-r4) using mixed iBGP/eBGP peerings and link-state AF.
The test verifies baseline Node/Link/Prefix NLRI output against an
expected JSON snapshot, and validates originate/withdraw behav...
bgpd: Add per-neighbor route-map commands under BGP-LS AFEnable per-neighbor route-map configuration under address-family
link-state:
```
router bgp <asn>
address-family link-state link-state
neighbor <peer> route-map <rmap-name>
```
This wires neighbor_route_map_cmd and no_neighbor_route_map_cmd into
BGP_LS_NODE so route-map policy can be applied to BGP-LS neighbors
consistently with other address families.
Signed-off-by: Carmine Scarpitta <cs...
bgpd: Add per-neighbor BGP-LS local/remote link-id CLIsAdd per-neighbor CLI knobs to set BGP-LS link identifiers:
```
router bgp <asn
neighbor <peer> local-link-id <1-4294967295>
neighbor <peer> remote-link-id <1-4294967295>
```
These values let operators control link descriptor identifiers for
BGP-LS Link NLRIs. If distribution is active, changing or removing
either value triggers a withdraw/re-originate cycle so exported
topology stays consis...
bgpd: Add CLI to enable BGP-LS distribution for BGP-only fabricsIntroduce a new router-mode command to control BGP-LS export for
BGP-only fabrics:
```
router bgp 65001
address-family link-state link-state
distribute bgp-fabric-link-state [instance-id WORD]
```
When enabled, bgpd exports the current topology as BGP-LS
Node/Link/Prefix NLRIs. When disabled, bgpd withdraws all NLRIs
originated through this feature. If the instance-id changes while
distrib...
Jafar Al-Gharaibeh
Donald Sharp
Carmine Scarpitta
souroy
LoĂ¯c Sang
Nick Bouliane
Mark Stapp
Christian Hopps
Philippe Guibert