bgpd: fix release intermediate SIDs upon changing locatorOn a BGP SRv6 setup with loc1 locator on default instance, and the user
wants to change locator from from loc2 to loc3 in vrf Vrf20.
Sometimes, the resulting SIDs are the SIDS assigned for Vrf20 are the
ones from loc1 assigned at command 'no locator loc2', whereas the
expectation should be the SIDS from loc3. The below show command
shows that 2001:db8:1:1:3:: from loc1 is not released.
> r1# ...
topotests: add test to control sid assignment when changing locatorThe move of vrf20 from loc2 to loc3 should result in appropriate
assignment of the SID 2003:db8:1:1:1::.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
bgpd: Return immediately when dynamic capability action is not validWithout returning immediately, we continue the loop that advances pnt pointer,
which is not good. We should send the notification (which is already done), and
return.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
bgpd: Prevent out-of-bound reading handling soft version dynamic capabilityFixes: 784cf95c4377ec84b25fb5801fdfaa20450325de ("bgpd: Try to handle software version capability with the new encoding format")
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
ospf6d: update auth sequence number after validating digestTest for valid sequence number before validating auth digest,
but don't update the neighbor's sequence number value until
after validating.
Reported-by: Bronson Yen <bronson@calif.io>
Signed-off-by: Mark Stapp <mjs@cisco.com>
Merge pull request #21486 from opensourcerouting/fix/bgp_print_link_type_correctly_according_to_remote_as_autobgpd: Print neighbor link type correctly according to local-as
Merge pull request #21551 from opensourcerouting/fix/bgp_inter_confederation_ebgpbgpd: Replace the actual local-as when using replace-as with the confederation
isisd: Preserve flags when copying SRv6 End SID sub-TLVPreserve the flags field when duplicating an SRv6 End SID sub-TLV by
copying it into the cloned entry.
Signed-off-by: Carmine Scarpitta <cscarpit@cisco.com>
isisd: continue hardening SRV6 tlv parsingAdd more validation for SRV6 END.X and LAN_END.X subsubtlvs.
Ensure allocated subsubtlv pointer is freed in error cleanup paths.
Signed-off-by: Mark Stapp <mjs@cisco.com>
Reported-by: Bronson Yen <bronson@calif.io>
eigrpd: fix byte order in Hello TLV decode functionsThe auth_type and length fields in EIGRP Hello TLV structures are
network byte order, but several decode functions compare them against
host-order constants without ntohs().
Add ntohs() to all affected comparisons:
- eigrp_hello_authentication_decode: auth_type and length checks
- eigrp_hello_parameter_decode: length check
- eigrp_sw_version_decode: length check
- eigrp_peer_termination_decode...
lib: northbound: distinguish unknown schema node from key mismatchWhen an mgmt edit-config arrives with an xpath that cannot be resolved
against the data tree, lyd_find_path returns an error and mgmtd emits
"List keys in xpath and data tree are different" for two distinct
failure modes:
- the xpath names a schema node that does not exist (typo, e.g.
"prefix-lst" instead of "prefix-list"); and
- the xpath resolves to a valid schema node, but the key p...
bgp_evpn: fix memleak when configuring rdDirect leak of 14 byte(s) in 1 object(s) allocated from:
#0 0x7bea082f74e8 in strdup ../../../../src/libsanitizer/asan/asan_interceptors.cpp:578
#1 0x7bea07e3ca5a in qstrdup lib/memory.c:123
#2 0x63e8ac7e7349 in evpn_configure_rd bgpd/bgp_evpn_vty.c:2401
#3 0x63e8ac7e7349 in bgp_evpn_vni_rd bgpd/bgp_evpn_vty.c:6439
#4 0x7bea07db2926 in cmd_execute_command_real lib/command.c:...
bgpd: fix neighbor IP comparison for IPv6 memcmp return valuesRootcause and fix:
In bgp bestpath selection,IPv6 peer addresses are ordered with
memcmp in sockunion_cmp(), so the return value can be any negative
or positive integer (e.g. 2), not only -1, 0, or 1.
The BGP neighbor-IP step compared ret to exactly ±1, so
other positive/negative values fell through to the default branch and
leading to select the wrong path. Using ret > 0 and ret < 0 instead.
...
bgpd: Replace the actual local-as when using replace-as with the confederationIf we have something like:
router bgp 12345
no bgp ebgp-requires-policy
bgp confederation identifier 64512
neighbor 192.168.1.1 remote-as 65004
neighbor 192.168.3.3 remote-as 64515
neighbor 192.168.3.3 remove-private-AS all replace-AS
Then 192.168.3.3 receives a route with AS PATH: 64512 12345, but 12345 should
be replaced to 64512 because the peering is done using 64512 <-> 64515.
Sign...
eigrpd: enforce minimum TLV length in Hello handlerThe Hello TLV parser accepts TLVs with length 1, 2, or 3 because
the condition only checks length > 0. Since the TLV header itself
is 4 bytes (type + length), a declared length smaller than
EIGRP_TLV_HDR_LENGTH causes the pointer to advance by less than
one header width, misaligning all subsequent TLV reads.
Tighten the check to require length >= EIGRP_TLV_HDR_LENGTH.
Signed-off-by: Tristan M...
isisd: use correct min size values for srv6 subtlvsUse the correct min sizes for the SRV6_ENDX and
LAN_ENDX SID subtlvs.
Reported-by: Tristan Madani <TristanInSec@gmail.com>
Signed-off-by: Mark Stapp <mjs@cisco.com>
ospfd: add LSA validation in the apiserver pathAdd some length validation for LSAs offered through the
apiserver code path.
Signed-off-by: Mark Stapp <mjs@cisco.com>
bgpd: fix valgrind memory leaks on daemon shutdownDuring daemon termination, the default BGP instance leaks due to
two issues:
First, bgp_cleanup_routes() skips EVPN and ENCAP two-level table
cleanup for hidden instances, leaving route entries. Add a terminating
check so these tables are always cleaned during shutdown.
Second, a circular dependency exists between bgp_free() and VNI lock
release: each L2VNI holds a bgp_lock on the default ins...
ospfd: fix redistribution for overlapping prefixesOSPF should not originate AS-external LSAs for networks that are
already advertised internally (i.e. via OSPF-enabled interfaces).
The redistribution check for connected routes used `prefix_match()`,
which incorrectly suppressed routes whose prefixes only overlap with
an OSPF-enabled interface.
Use `prefix_same()` instead, so only identical prefixes are skipped
and distinct connected networks...
tests: topology to test OSPF overlapping prefixAdd test for the OSPF connected overlapping prefix bug where an external
route is ommited because a connected route overlaps the prefix.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
bgpd: Respect local-as if configured when using internal/external/autoLet's say we have something like:
router bgp 65001
neighbor 192.168.1.5 remote-as internal
neighbor 192.168.1.5 local-as 65005 no-prepend replace-as
This way when the BGP OPEN is received it's treating 192.168.1.5 as external,
because local-as is not evaluated, and 65001 is taken instead.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
bgpd: Compare local-as when showing if the link is external or internalBefore this patch we compared remote-as vs. local-as (which is taken from BGP
instance). But if we use `local-as X`, we should compare it too.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
bgpd: Show "external" only if it's really external if using remote-as autoFixes: 0dfe25697f5299326046fcfb66f2c6beca7c423c ("bgpd: Implement `neighbor X remote-as auto`")
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
Donald Sharp
Philippe Guibert
Donatas Abraitis
Mark Stapp
TristanInSec
Reinaldo Saraiva
Loïc Sang
harini
souroy
Rafael Zalamena
