zebra: Move `allow-external-route-update` to mgmt frontend sideThe `allow-external-route-update` command was being compiled into
the zebra side of the nb code. Thus when configuration was being
applied that uses mgmtd as a frontend and zebra as the frontend
one would get there first and lock the database, preventing
the other side from working. Move this command to the correct
spot.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
tests: add orphan BNC cleanup test for explicit LL peer deletionVerify that deleting an explicit link-local BGP neighbor leaves no
orphan BNC behind. Without the conf_if guard in
bgp_unlink_nexthop_by_peer() and bgp_delete_connected_nexthop(),
the BNC lookup uses scope_id (non-zero after TCP) while the BNC
was created with ifindex 0, causing the cleanup to miss.
Signed-off-by: Soumya Roy <souroy@nvidia.com>
bgpd: fix BNC cleanup for explicit link-local peersbgp_unlink_nexthop_by_peer() and bgp_delete_connected_nexthop()
look up the BNC using scope_id to derive the ifindex. For
explicit LL peers (conf_if NULL) the BNC was created with
ifindex 0, but after the TCP handshake scope_id is non-zero.
The mismatch causes the lookup to miss, leaving an orphan BNC
with a stale nht_info pointer after the peer is deleted.
Add the same conf_if guard that pee...
vrrpd: replace some assertsReplace several asserts with error returns, especially in
packet-processing paths.
Signed-off-by: Mark Stapp <mjs@cisco.com>
vrrpd: only support ethernet in GARP codeDon't mix explicit ethernet and per-interface hw values;
we only support ethernet for g-ARP messages.
Signed-off-by: Mark Stapp <mjs@cisco.com>
Merge pull request #21211 from opensourcerouting/fix/cap_overflow_parsing_unknownbgpd: Check if we are not overusing error_data buffer when unknown cap received
bgpd: Check if we are not overusing error_data buffer when unknown cap receivedThere is no bounds check before the memcpy(). With Extended Message support
enabled, incoming OPEN messages can be up to 65535 bytes, so the total size
of unknown capability TLVs can far exceed 4096 bytes, overflowing the stack
buffer.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
bgpd: backpressure generic framework dest back ptrFor generic backpressur logic, the dest carrying
the backpressure list node pointer.
Signed-off-by: Chirag Shah <chirag@nvidia.com>
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
bgpd: backpressure generic frameworkThis change decouples the backpressure logic
from being tied exclusively to bgp_dest.
It introduces a generic structure that can hold a void
pointer to any BGP-related object that needs to send to zebra
using the the backpressure framework. The associated enum identifies
the object type so the correct ZAPI handler can be invoked.
Signed-off-by: Chirag Shah <chirag@nvidia.com>
Signed-off-by: Do...
ripngd: fix data handling in several placesDon't accept responses unless interface is configured; be
more careful with route_node before dereferencing the info
pointer; validate min and max packet size before processing.
Signed-off-by: Mark Stapp <mjs@cisco.com>
ripd: ensure simple-auth value is NULL-terminatedEnsure the simple-auth string is in a NULL-terminated
buffer before printing it with '%s'.
Signed-off-by: Mark Stapp <mjs@cisco.com>
ripd: use rn->info properly in process_response()route_node->info is a list, not a single object; use it
correctly, and avoid NULL-deref potential.
Signed-off-by: Mark Stapp <mjs@cisco.com>
bgpd: Do not process route-refresh for AFI/SAFI if it's not negotiatedWe shouldn't allow processing AFI/SAFI received in route-refresh message if we
don't have this AFI/SAFI enabled for this peer.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
tests: Verify neighbor addr Sub-TLVs after link-params resetAdd test_step11() to the isis_te_topo1 topotest suite to verify
that the IPv4 and IPv6 Neighbor Address Sub-TLVs in the Extended IS
Reachability TLV are correctly restored after link-params changes.
The test removes link-params from r1-eth0 and then re-adds them,
and checks that the neighbor address Sub-TLVs are still present in
the TED on all routers after the reconfiguration.
Signed-off-by:...
isisd: Fix missing neighbor address Sub-TLVs after link-params changeWhen link-params are removed from an interface, Zebra notifies IS-IS via
the zebra_if_update_link_params hook, triggering isis_mpls_te_update().
That function calls isis_link_params_update(), which resets ext->status
to keep only SR-related Sub-TLV flags — clearing EXT_NEIGH_ADDR and
EXT_NEIGH_ADDR6, which control advertisement of the IPv4 and IPv6
Neighbor Address Sub-TLVs, so those Sub-TLVs d...
bgpd: include length in cluster_hash_cmp()For robustness, the lengths should be compared even when the
pointers are equal.
Signed-off-by: Enke Chen <enchen@paloaltonetworks.com>
bgpd: add config "nexthop prefer-global" for ipv6 address familyThis command is similar to "set ipv6 next-hop prefer-global" in a
route-map, but it's global and is applied to the ipv6 routes from
all neighbors.
BGP may receive a link-local ipv6 address, and a global IPv6 address
as the nexthops from a directly connected peer. The default in FRR
is to use the link-local address. This config would override the
default and use the global ipv6 address instead...
Christian Hopps
Donald Sharp
Chirag Shah
Soumya Roy
Mark Stapp
Carmine Scarpitta
Enke Chen