pimd: cap neighbors and reject PIM when iface has no PIMCap the neighbor list per interface (PIM_NEIGHBOR_LIST_MAX) to bound memory
and DR-election work when many spoofed Hellos appear.
Reject Hello / Join/Prune / Assert when PIM is not enabled on the receiving
interface (with optional packet debug).
Document neighbor-filter-prefix-list in YANG as an optional extra filter on PIM
neighbor source addresses.
Signed-off-by: Jafar Al-Gharaibeh <jafar@...
bgpd: Modify show commands to include sin6_scope_idWhen displaying LL peerings in bgp, include the sin6_scope_id
as a value to be dumped as well.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
lib: Modify sockunion_cmp to include the sin6 interface idWhen using LL's in a sockunion, the sin6_scope_id is being
set to allow for differentiation at the socket level,
yet it is not being included in the test for a sockunion_cmp,
modify the code to do this.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
bgpd: EVPN rd all option for route outputTicket: #4992460
Testing:
Before fix:
btor-11# show bgp l2vpn evpn route rd all prefix 2060:1:1:110::/64
% Malformed Route Distinguisher
After fix:
btor-11# show bgp l2vpn evpn route rd all prefix 2060:1:1:110::/64
Route Distinguisher: 144.1.1.6:9
BGP routing table entry for 144.1.1.6:9:[5]:[0]:[64]:[2060:1:1:110::]
Paths: (1 available, best #1)
Not advertised to any peer
Route [5]:[0]...
bgpd: Add command to display EVPN type-5 per-prefixAdd support for command
show bgp l2vpn evpn route rd <rd> prefix <prefix> [json]
This is currently a Cumulus-specific change. Multiple of the EVPN operational
commands need to be unified with upstream changes which have now caught up
to display most of the needed information of the global EVPN table but differ
in some aspects from existing Cumulus commands. The unification also needs
to handle...
tests: staticd: add topotest for static route metric featureAdd test_static_route_metric.py to tests/topotests/static_route_distance/
covering 7 scenarios × IPv4+IPv6 (14 test functions):
1. Metric replacement: changing a nexthop's metric removes the old-metric
RIB entry and installs a new one at the new metric — no stale duplicate
is left behind.
2. ECMP at same metric: two nexthops with identical metric are installed
as a single ZAPI ADD wit...
tests: staticd: add topotests for per-route distance and tagAdd tests/topotests/static_route_distance/ covering:
- Per-path administrative distance: AD replacement, ECMP with mixed
ADs, lazy deletion keyed on nexthop identity, running-config
correctness after each operation.
- Per-path tag: basic tag assignment, independent tags per path,
tag change in place, combined AD+tag change in one command,
max-value-wins recalculation on deletion (delete...
tests: staticd: add topotests for apply_finish batching behaviorCover the four scenarios introduced by the apply_finish commit:
1. Tag + metric combined change in one transaction (tag_modify and
metric_modify both fire, then apply_finish once).
2. Distance + metric combined change (distance_modify and metric_modify,
then apply_finish once).
3. Tag + distance + metric all three in one transaction (all three
per-leaf callbacks, then appl...
doc: staticd: document administrative distance, metric, and tagAdd two new sections to doc/user/static.rst:
1. Administrative Distance and Metric: explains that static routes are
grouped by (table-id, distance, metric) into path groups; nexthops
sharing the same tuple form an ECMP set. Covers floating static
routes (nexthops with different (distance, metric) tuples form separate
path groups; all groups present in the RIB with the best-prefere...
staticd: add per-route metric as a non-key path-list attributeAdd metric as a non-key leaf attribute on the flat path-list entry,
mirroring how distance is already handled after the schema refactoring.
YANG
----
Add a metric leaf (uint32, default 0) to the staticd-prefix-attributes
grouping. Metric is not part of the nexthop-identity key; changing it
on an existing nexthop triggers a leaf MODIFY rather than a
DESTROY+CREATE.
Internal path grouping
----...
zebra: support metric as identity key for static routesAdd metric to the ZEBRA_ROUTE_STATIC identity checks in zebra so that
two static routes at the same distance but different metrics are treated
as distinct route_entries:
- rib_compare_routes(): add a ZEBRA_ROUTE_STATIC metric check so that an
incoming static route at a different metric is not treated as an update
to the existing entry.
- process_subq_early_route_delete(): extend the existi...
tests: grpc: update path-list xpath and JSON fixtures to flat schemaThe staticd path-list key changed from (table-id, distance) to nexthop
identity (table-id, nh-type, vrf, gateway, interface), with distance
and metric as non-key attributes.
Update test_grpc.cpp:
- xpath predicate: replace path-list[table-id][distance]/frr-nexthops/
nexthop[nh-type]... with flat path-list[table-id][nh-type]...
- Restructure all 13 path-list JSON blocks from the nested
frr-...
tests: mgmt: update path-list xpaths to flat schemaThe staticd path-list key changed from (table-id, distance) to nexthop
identity (table-id, nh-type, vrf, gateway, interface), with distance
becoming a non-key attribute.
Update the hard-coded mgmt set-config xpaths in test_yang_mgmt.py:
remove '[distance=1]/frr-nexthops/nexthop[' from each path-list
predicate — nh-type, vrf, gateway, and interface are now direct keys
on the path-list entry its...
staticd: use nexthop identity as key in YANG schemaMotivation
----------
Static routes for a prefix can have multiple nexthops, but each nexthop
must be unique for that prefix. The nexthop — identified by the
combination of (table-id, nh-type, vrf, gateway, interface) — should
therefore be the natural key in the YANG schema for static routes.
The previous schema keyed path-list on [table-id, distance] with a
nexthop-list nested below. Since ...
bfdd: avoid close(-1) in bfd_dplane_finish_lateWhen distributed BFD is used in client mode (or server socket init fails),
bg_dplane_sock stays -1. frr_fini still ran bfd_dplane_finish_late and
called close(-1), which Valgrind reports and is invalid for POSIX.
Use socket_close() so we only close a valid listen fd.
Ticket: #4989670
Signed-off-by: Sougata Barik <sougatab@nvidia.com>
bgpd: send dynamic ENHE capability to peer-group membersProblem:
ENHE may never take effect on live sessions when the session was brought
up with ENHE absent from OPEN (e.g. enhe_cfg=0), and the operator later
runs:
neighbor <WORD> capability extended-nexthop
If <WORD> is a peer-group name, peer_and_group_lookup_vty() returns the
peer-group template. That struct peer does not own the BGP TCP session to each remote neighbor,
it typically stays Id...
bgpd: set mp_nexthop_len consistently in subgroup_default_originate()d33a1dd19f added bgp_attr_set(&attr, BGP_ATTR_NEXT_HOP) to the IPv4
else branch of subgroup_default_originate(), but bgp_attr_default_set()
still initializes mp_nexthop_len to IPV6_MAX_BYTELEN. For the IPv4
default-originate path, mp_nexthop_len should be IPV4_MAX_BYTELEN.
This has no behavioral effect: every code path that consults mp_nexthop_len
(BGP_ATTR_NEXTHOP_AFI_IP6, BGP_NEXTHOP_AFI_FRO...
bgpd: fix F-bit incorrectly set after port flap (RFC 4724)The Forwarding State (F) bit in the BGP Graceful Restart capability
was being set based on BM_FLAG_GRACEFUL_RESTART (from -K startup
flag) or BGP_FLAG_GR_PRESERVE_FWD (from preserve-fw-state config),
without gating on whether a restart was actually in progress.
Since BM_FLAG_GRACEFUL_RESTART stays set once initialized at startup
and BGP_FLAG_GR_PRESERVE_FWD stays set as long as the config exis...
tests: Add a zebra gr testTest the -K option for zebra and ensure that zebra
reads routes in on startup again and works properly.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
zebra: Remove extra unneeded lock of proto owned NHGWhen reading a NHG from the kernel on startup, it is
not necessary to lock the proto owned NHG one more time.
This causes problems on rib_sweep events.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
zebra: Create an explicit end of read signalCreate an explicit end of read signal that can come from
the dplane instead of having it be assumed all work is done.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
zebra: Fixup some startup issuesCurrently on startup we do this:
a) Initiate reads from netlink. This creates dplane ctx's in some situations
b) After reads from netlink signal startup is done and start rib sweep code
c) Convert dplane ctx's over to metaQ items
d) Process some metaQ items
e) rib_sweep code is run.
f) Finish processing metaQ items from initial read in.
This can leave items in the rib that should have been c...
zebra: Move intf startup variable to a generic variable for the ctxWhether or not zebra is in startup is a bit of data that
is not specific to interface startup. In fact we need to know
this for routes and nexthops as well( at the very least ).
Let's move the startup value to outside of the interface scope.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
tests: add test for bgp nested aggregate countAdd a topotest for bgp_aggregate_nested that verifies aggregate->count
is correctly maintained across route additions and withdrawals,
including cases where an inner aggregate is removed while the outer
aggregate persists.
Signed-off-by: Enke Chen <enchen@paloaltonetworks.com>
bgpd: enforce guards consistently at aggregate count entry pointsaggregate->count tracks the number of more-specific active routes
contributing to an aggregate, excluding aggregate routes themselves
(sub_type == BGP_ROUTE_AGGREGATE).
Two guards were placed asymmetrically between the outer entry
points (bgp_aggregate_increment/decrement) and the inner worker
functions (bgp_add/remove_route_from_aggregate):
- BGP_PATH_HOLDDOWN: present in bgp_aggregate_inc...
Russ White
Donald Sharp
Chirag Shah
Enke Chen
Sougata Barik
harini
Shashanka K S