pimd: use upstream-owned pim pointer in register and upstream timersMultiple upstream control paths fetched the PIM instance through
up->channel_oil->pim even though upstream already owns a stable
up->pim pointer.
In teardown/re-eval edge flows, channel_oil can be detached before
these paths execute. Dereferencing channel_oil only to access pim adds
an avoidable null/stale pointer risk.
Switch these call sites to up->pim:
- pim_register_join()
- pim_upstream_...
pimd: use upstream-owned pim pointer in MSDP update pathsSeveral MSDP helper paths fetched the PIM instance through
up->channel_oil->pim even though they only require the upstream's
instance context.
In teardown/re-evaluation edge flows, channel_oil can be detached before
these paths run (for example while IGMP prune side effects and upstream
cleanup overlap). Dereferencing up->channel_oil only to access pim then
creates an avoidable null/stale poin...
pimd: avoid JP build deref through channel OILpim_msg_build_jp_groups() fetched the pim instance via
source->up->channel_oil->pim for (*,G) entries. That creates an
unnecessary dependency on channel_oil lifetime while building JP
messages.
In teardown/re-evaluation edge flows, channel_oil may already be
detached before JP aggregation/encoding finishes, making this path
vulnerable to null/stale dereference.
Use source->up->pim directly in...
pimd: guard RP RPF-failure mroute delete on detached OILpim_upstream_update() unconditionally called pim_mroute_del()
when pim_rpf_update() returned PIM_RPF_FAILURE. In teardown/re-eval
edge cases, overlapping prune/delete side effects can detach
up->channel_oil before this path executes.
Control flow can reach this from IGMP prune-driven cleanup where
ifchannel/upstream teardown races with RP re-evaluation. If
up->channel_oil is already NULL, call...
pimd: avoid null deref in upstream delete debug pathThe upstream delete trace log read up->channel_oil->oil_ref_count
unconditionally. In teardown edge cases, channel_oil may already be
detached before this debug statement executes, turning diagnostic
logging into a potential null dereference.
Control flow for the crash case is:
igmp_source_forward_stop() -> tib_sg_gm_prune() ->
pim_ifchannel_local_membership_del() -> delete_on_noinfo() ->
pim_...
pimd: guard channel OIL detach against stale pointersIGMP prune and ifchannel teardown paths can delete the same (S,G)
channel OIL before upstream teardown reaches
pim_channel_oil_upstream_deref(). When that happens, upstream delete
can pass a stale OIL pointer into RB removal, which crashes in
typed_rb_remove() during igmp_source_timer-driven cleanup.
This can happen via prune side effects in the same event flow:
igmp_source_forward_stop() -> t...
doc: fix SRv6 route commandsMove text out of code block, use H_Encaps and H_Encaps_Red in vtysh
commands (instead of H.Encaps and H.Encaps.Red), refresh output.
Fixes: 62465b9dcc82 ("doc: Add SRv6 encapsulation behavior configuration to staticd doc")
Signed-off-by: Justin Iurman <justin.iurman@6wind.com>
Merge pull request #21409 from opensourcerouting/fix/drop_deprecated_branch_deletion_for_mergifytools: Upgrade configuration to current format for Mergify
Merge pull request #21399 from opensourcerouting/fix/bgp_send_notification_if_orf_length_too_bigbgpd: Do not allow triggering route-refresh path with a malformed ORF length
Merge pull request #21394 from opensourcerouting/fix/bgp_do_not_allocate_stream_if_rr_cap_not_receivedbgpd: Do not allocate stream if route-refresh capability is not received
tools: Upgrade configuration to current format for MergifyDrop deprecated (soon) fields for Mergifyio.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
Merge pull request #21350 from opensourcerouting/fix/bgp_flowspec_missing_offset_advance_unknown_typebgpd: Return an error for unknown flowspec component type
bgpd: Do not allow triggering route-refresh path with a malformed ORF lengthBefore this patch we just continued with the route-refresh flow blindly instead
of sending a notification.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
bgpd: larger one field to be 2 bytesThe `struct attr`'s `encap_tunneltype` should be 2 bytes based on
current code.
Signed-off-by: anlan_cs <anlan_cs@126.com>
bgpd: fix wrong overwritten for evpnThe `ecommunity_tunnel_type()` sets the value based on the pointer of
`(bgp_encap_types *tunnel_type)`. But the `struct attr`'s `encap_tunneltype` field
is `uint8_t` type, it is wrongly as input parameter in `bgp_attr_ext_communities()`,
resulting in the subsequent fileds to be overritten.
Change `bgp_attr_ext_communities()` to the same style as others:
`rfapiGetVncTunnelUnAddr()/rfapiRouteInf...
bgpd: Check dynamic capability action before validating ENHE capabilityWithout checking the action we cannot reach the path where we unset the
capability, because the length is 0 for CAPABILITY_ACTION_UNSET.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
bgpd: Do not allocate stream if route-refresh capability is not receivedJust allocate the stream only if we have a sanity check regarding the capability.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
Merge pull request #21345 from opensourcerouting/fix/bgp_srv6_BGP_PREFIX_SID_SRV6_L3_SERVICE_SID_INFO_lenbgpd: Fix srv6 type parsing and EVPN type-5 NLRI prefix lengh parsing for IPv4
staticd: fix static_disable_vrf() to always send a route DELETEstatic_disable_vrf() called static_uninstall_path() to remove routes
belonging to a VRF being disabled. However, static_uninstall_path()
sends a ZAPI ADD (not a DELETE) when nexthops are still in the list,
so the routes were never actually withdrawn from zebra.
Replace with static_zebra_route_add(pn, false) to unconditionally send
a DELETE for each path, which is the correct behavior when tea...
topotests: split bgp_evpn_mh_v4_v6_num v4/v6 layoutSeparate v4 and v6 topology configs into dedicated directories, keep only shared host configs under common/, and remove ARP redirect-specific tests so this PR contains only test-structure split changes.
Drop three unused helper functions from test_evpn_mh_v4_v6_num.py.
Signed-off-by: Ashwini Reddy <ashred@nvidia.com>
Made-with: Cursor
zebra: EVPN prevent stale mbr_zifs entries from early returnPrematurely resetting zif->vlan_bitmap in interface_bridge_vlan_update()
leads to inconsistent state if the function bails out early because the
kernel AF_BRIDGE netlink notification arrived without VLAN info (no
IFLA_BRIDGE_VLAN_INFO).
Because the old bitmap is replaced by an empty one before the NULL check
on bvarray, the early return skips zebra_vlan_mbr_re_eval() and leaks
the old bitmap. ...
bgpd: remove dest list from batch-clearing codeRemove unused list type and data structs from the batch-clearing
code.
Signed-off-by: Mark Stapp <mjs@cisco.com>
bgpd: Check if BGPID NHC TLV exists when IPv6 next-hop is link-localdraft-ietf-idr-nhc section 2.2.1 says:
In some cases, the BGP speaker sending a route might encode only a link-local
address and no global address. In such a case, a problem arises because there
is no expectation of global uniqueness of such an address, and the
"semantic match" discussed in Section 2.3 could yield a false positive.
To mitigate this problem, if a BGP speaker originates a route...
tests: Fix time re in all_protocol_startup/test_all_protocol_startupThere was failure in test with diff:
- Hello due in 932 usecs
+ Hello due in XX.XXXs
Regular expression expected for format SECONDS.MSECs only.
Added `usec` support to regular expression.
`ospf_timeval_dump` can also output weeks, days, hours, but probably
there is no need to support that.
Signed-off-by: Kyrylo Yatsenko <hedrok@gmail.com>
bgpd: Fix memory leak for nhc attribute if ipv6 is link-local addressFor NHC, next-hop for ipv6 should be a global one.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
tests: ensure bgp confederation work after changing its commandAdditionally, removed a few white spaces in the code comment.
Signed-off-by: anlan_cs <anlan_cs@126.com>
Mark Stapp
Y Bharath
Jafar Al-Gharaibeh
Justin Iurman
Donatas Abraitis
anlan_cs
harini
Enke Chen
Ashwini Reddy
Chirag Shah
Nick Bouliane
Mark Stapp
Kyrylo Yatsenko