bgpd: Do not process route-refresh for AFI/SAFI if it's not negotiatedWe shouldn't allow processing AFI/SAFI received in route-refresh message if we
don't have this AFI/SAFI enabled for this peer.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
tests: Verify neighbor addr Sub-TLVs after link-params resetAdd test_step11() to the isis_te_topo1 topotest suite to verify
that the IPv4 and IPv6 Neighbor Address Sub-TLVs in the Extended IS
Reachability TLV are correctly restored after link-params changes.
The test removes link-params from r1-eth0 and then re-adds them,
and checks that the neighbor address Sub-TLVs are still present in
the TED on all routers after the reconfiguration.
Signed-off-by:...
isisd: Fix missing neighbor address Sub-TLVs after link-params changeWhen link-params are removed from an interface, Zebra notifies IS-IS via
the zebra_if_update_link_params hook, triggering isis_mpls_te_update().
That function calls isis_link_params_update(), which resets ext->status
to keep only SR-related Sub-TLV flags — clearing EXT_NEIGH_ADDR and
EXT_NEIGH_ADDR6, which control advertisement of the IPv4 and IPv6
Neighbor Address Sub-TLVs, so those Sub-TLVs d...
bgpd: include length in cluster_hash_cmp()For robustness, the lengths should be compared even when the
pointers are equal.
Signed-off-by: Enke Chen <enchen@paloaltonetworks.com>
bgpd: add config "nexthop prefer-global" for ipv6 address familyThis command is similar to "set ipv6 next-hop prefer-global" in a
route-map, but it's global and is applied to the ipv6 routes from
all neighbors.
BGP may receive a link-local ipv6 address, and a global IPv6 address
as the nexthops from a directly connected peer. The default in FRR
is to use the link-local address. This config would override the
default and use the global ipv6 address instead...
bgpd: fix NHT for explicit link-local BGP peersWhen a BGP peer is configured with an explicit IPv6 link-local
address (neighbor fe80::1 interface swp1), the NHT peer-tracking
code skipped deriving the ifindex from the kernel-provided
scope_id because peer->conf_if is NULL for this configuration
style. This caused peer-tracking to create a BNC keyed with
ifindex 0 while path-tracking created a separate BNC keyed with
the real ifindex from s...
isisd: add unit test for remove_excess_adjs() memory leak fixAdd a test that verifies remove_excess_adjs() properly frees the
isis_vertex_adj it removes from the list. The test uses FRR's
per-MTYPE allocation counter (n_alloc) to assert that:
- After remove_excess_adjs(): exactly one MTYPE_ISIS_VERTEX_ADJ
allocation is freed (not just unlinked)
- After full list cleanup: all allocations return to baseline
Without the fix in the preceding commit, the ...
isisd: fix memory leak in remove_excess_adjs()When the number of adjacencies for a vertex exceeds
ISIS_MAX_PATH_SPLITS, remove_excess_adjs() calls list_delete_node()
which frees the listnode but does NOT free the isis_vertex_adj data
payload. This leaks one MTYPE_ISIS_VERTEX_ADJ allocation per call.
In large-scale deployments, each SPF run triggers this path
accumulating leaked memory.
Valgrind trace:
definitely lost: 3,332,608 bytes i...
bfdd: cap IPv6 echo reflection to declared lengthValidate IPv6 echo payload length and reflect only bep->len
bytes instead of raw receive length to avoid oversized
reflection payloads.
Signed-off-by: Jafar Al-Gharaibeh <jafar@atcorp.com>
bfdd: account for FP offset in echo length checksValidate echo packet length using bfd_offset + sizeof(*bep) so
forwarding-plane packets are not parsed past received data.
Signed-off-by: Jafar Al-Gharaibeh <jafar@atcorp.com>
bfdd: fix recv errno filter logic in a few placesUse logical AND when filtering EAGAIN/EWOULDBLOCK/EINTR in
bfd_recv_ipv4_fp(), bfd_recv_ipv4(), and bfd_recv_ipv6() so
only real socket errors are logged.
Signed-off-by: Jafar Al-Gharaibeh <jafar@atcorp.com>
bfdd: gate IPv6 echo reflection on known sessionsOnly reflect IPv6 echo packets when the source/local tuple maps to
an existing BFD session, preventing unauthenticated reflection of
arbitrary on-link packets.
Signed-off-by: Jafar Al-Gharaibeh <jafar@atcorp.com>
bfdd: validate control packet length before session lookupCheck recv length before casting/parsing the control packet so short
or error reads cannot drive discriminator/session lookup with
uninitialized data. Keep debug visibility for short and non-positive
reads while dropping early.
Signed-off-by: Jafar Al-Gharaibeh <jafar@atcorp.com>
ci: skip github ci for mergify PRsSkip this workflow when the PR actor is mergify[bot] to reduce load.
We still run NeDEF CI, so if there are issues they would still be
caught.
Signed-off-by: Jafar Al-Gharaibeh <jafar@atcorp.com>
ci: upgrade GitHub actions for Node 24Bump checkout, upload-artifact, and download-artifact to
Node 24-compatible major versions so CI remains compatible
with the runner runtime migration away from Node 20.
Signed-off-by: Jafar Al-Gharaibeh <jafar@atcorp.com>
isisd: fix edge condition in max_lsp_count computationFix an edge condition in the arithmetic in the max_lsp_count
api.
Signed-off-by: Mark Stapp <mjs@cisco.com>
tests: fix grpc_basic xdist collection mismatchAdd a deterministic import check for grpc and grpc_tools before the
subprocess-based --check call. When gRPC is not installed, all xdist
workers skip consistently, avoiding the collection mismatch that
causes pytest-xdist to abort with "Different tests were collected".
Signed-off-by: Jafar Al-Gharaibeh <jafar@atcorp.com>
tests: add topotest for BGP I/O thread CPU spin on full input queueAdd a stress test that replicates the I/O thread spin bug fixed in commit
ed405bf22 ("bgpd: fix I/O thread spinning when peer input queue is
full").
A raw BGP speaker (bgp_sender.py) blasts 10000 UPDATE messages via
non-blocking I/O, each carrying a 15-ASN AS_PATH to increase per-route
processing cost. The total data (~740 KB) exceeds the ibuf_work ring
buffer (~96 KB), creating sustained TCP ...
tests: Slow down test_config.py to allow for processing time to happenThe code has this pattern:
a) Input some cli
b) Look for success
The test is not being graceful in that under heavy load, a) might
not have finished. Give the test system more time to get to an answer.
Please note, I am actually still seeing a honest to goodness bug in mgmtd
that this test is exposing, but the messages about the `cli is locked` and
test failing for not being given enough ti...
bgpd: Fix missing present_tlvs bit for Link ID in link NLRIWhen originating/withdrawing a Link NLRI, link_remote_id is filled in
the bgp_ls_nlri structure but BGP_LS_LINK_DESC_LINK_ID_BIT is not set
in link_desc.present_tlvs.
Fix by setting BGP_LS_LINK_DESC_LINK_ID_BIT in both bgp_ls_originate_link()
and bgp_ls_withdraw_link().
Signed-off-by: Carmine Scarpitta <cscarpit@cisco.com>
bgpd: Require valid TED objects in BGP-LS originate/withdraw APIsBGP-LS node/link/prefix originate and withdraw handlers are expected to
receive valid TED objects.
Add explicit checks at the beginning of each function and return early on
invalid inputs, before any further processing.
This makes the API contract clear, avoids NULL dereferences, and keeps the
originate/withdraw paths consistent.
Signed-off-by: Carmine Scarpitta <cscarpit@cisco.com>
bgpd: Include local-node ASN in link withdraw NLRIA Link NLRI contains two nodes: local node and remote node.
Per RFC 9552, each node is identified by ASN, OSPF Area ID, and
IGP Router ID.
For the remote node, `bgp_ls_withdraw_link` sets ASN, OSPF Area ID, and
IGP Router ID when generating the NLRI.
For the local node, `bgp_ls_withdraw_link` sets only OSPF Area ID and
IGP Router ID when generating the NLRI.
Add ASN for the local node as wel...
bgpd: Fix use-after-free in BGP-LS node origination`bgp_ls_originate_node()` could free `ls_attr` after `bgp_ls_populate_node_attr()`
failure, then continue and pass the freed pointer to `bgp_ls_update()`.
Fix by returning immediately after `bgp_ls_attr_free(ls_attr)` on
populate failure.
Signed-off-by: Carmine Scarpitta <cscarpit@cisco.com>
lib: fix crash in thread_process_io_inner_loop on stale epoll eventWhen do_event_cancel() processes a pending cancellation at the top of
event_fetch_inner_loop(), it removes the fd from the epoll_event_hash
and calls EPOLL_CTL_DEL. However, epoll_wait() can still deliver events
that were already queued in the kernel's ready list before the
EPOLL_CTL_DEL took effect.
When thread_process_io_inner_loop() processes such a stale event, the
hash lookup returns NULL...
Donatas Abraitis
Carmine Scarpitta
Enke Chen
Soumya Roy
Quentin Baradat
Jafar Al-Gharaibeh
Mark Stapp
Ke Zhang
Donald Sharp
Manpreet Kaur