ospf6d: re-validate packet auth-data lengthRe-validate authentication data len from incoming packets
before using the value in digest computation.
Signed-off-by: Mark Stapp <mjs@cisco.com>
ospf6d: handle incoming cmsg data, validate hoplimitRequest hoplimit data when opening new sockets.
Iterate through cmsg objects; don't assume the type of the first
object present. Use the IPV6_RECVHOPLIMIT cmsg data for
incoming packets; ignore multicast packets with invalid
hoplimit per RFC5340.
Signed-off-by: Mark Stapp <mjs@cisco.com>
tests: Run black over a bunch of evpn topotestsPrevious commit only changed pytest marks but the tools are complaining
about a bunch of code I didn't touch. Let's just make it happy in
one fell swoop.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
tests: Add `evpn` pytestmark to tests that are missingThere are a number of evpn tests that have been created that do not
have the evpn pytestmark. Make it so.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
tests: Remove invalid link-params command from BGP-LS topotest configsThe frr.conf files for r1–r4 contain a `neighbor` command inside
link-params blocks:
link-params
neighbor 10.0.255.X
The command is incomplete and invalid. When loading the config, FRR
reports:
% Command incomplete: neighbor 10.0.255.X
and silently ignores it. Remove the command.
Signed-off-by: Carmine Scarpitta <cscarpit@cisco.com>
bgpd: fix aggregate->count undercount when dampening is clearedbgp_damp_info_clean() calls bgp_aggregate_increment() while the path
still carries BGP_PATH_DAMPED (and BGP_PATH_HISTORY), so the increment
is skipped because BGP_PATH_HOLDDOWN() is true. bgp_damp_info_free()
then clears those flags, leaving the route active in the RIB with no
HOLDDOWN. When the route is later deleted, bgp_aggregate_decrement()
proceeds normally, driving count one below where...
bgpd: Prevent assert on shutdown in evpn setupI am seeing this crash on shutdown:
(gdb) bt
0 __pthread_kill_implementation (no_tid=0, signo=6, threadid=<optimized out>) at ./nptl/pthread_kill.c:44
1 __pthread_kill_internal (signo=6, threadid=<optimized out>) at ./nptl/pthread_kill.c:78
2 __GI___pthread_kill (threadid=<optimized out>, signo=signo@entry=6) at ./nptl/pthread_kill.c:89
3 0x000073b03f64527e in __GI_raise (sig=6) at ../sysd...
bgpd: Define a maximum number of TLVs for ENCAP attributeAdding just a guard against the memory going crazy (too much malloc()s) with
legitimate TLVs, but sort of "malformed"/crafted packet.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
bgpd: Replace assert() with a boundary check conditionJust to avoid randomly killing bgpd daemon with a malformed packet.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
bgpd: dynamic neighbors not up with md5 in non default vrfIssue:
When non default vrf, bgp instance and peer group with dynamic neighbors
and md5 config are configured together, bgp peer config happens first.
But bgp vrf enable notification is received later.
BGP listerner socket get created now, but the md5 password is not set on
listening FD. Due to this tcp session not getting established.
Fix: walk through the bgp peer group listening socket rang...
pathd: add optional parameters to `no index` cmd`no index` didn't have all parameters of `index` command, so
frr-reload.py had problems with that.
Merge `no index` and `index` commands to fix this. `no` version ignores
all additional parameters, which are made optional in case of `no`.
Signed-off-by: Kyrylo Yatsenko <hedrok@gmail.com>
pathd: add optional protocol to 'no mpls-te import'Command `mpls-te import ospfv2|ospfv3|isis` had `no` version without
last option, so frr-reload.py failed when it was removed.
To fix:
* Merge `no` and not `no` versions
* Make protocol optional parameter in case of `no`
* If protocol is given in `no` version, check that currently import for
this protocol is activated, otherwise ignore command.
* Create helper function `path_ted_start_import...
pimd: Provide better ordering for calling pim_upstream_use_rptIn pim_upstream_new, call pim_upstream_use_rpt after the rpf_update
as that pim_upstream_use_rpt can make a decision about what is
done based upon rpf changes. This aligns the two together.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
Donald Sharp
Mark Stapp
Donald Sharp
Carmine Scarpitta
Enke Chen
Kyrylo Yatsenko
harini
