ospf6d: update auth sequence number after validating digestTest for valid sequence number before validating auth digest,
but don't update the neighbor's sequence number value until
after validating.
Reported-by: Bronson Yen <bronson@calif.io>
Signed-off-by: Mark Stapp <mjs@cisco.com>
Merge pull request #21486 from opensourcerouting/fix/bgp_print_link_type_correctly_according_to_remote_as_autobgpd: Print neighbor link type correctly according to local-as
Merge pull request #21551 from opensourcerouting/fix/bgp_inter_confederation_ebgpbgpd: Replace the actual local-as when using replace-as with the confederation
isisd: Preserve flags when copying SRv6 End SID sub-TLVPreserve the flags field when duplicating an SRv6 End SID sub-TLV by
copying it into the cloned entry.
Signed-off-by: Carmine Scarpitta <cscarpit@cisco.com>
eigrpd: fix byte order in Hello TLV decode functionsThe auth_type and length fields in EIGRP Hello TLV structures are
network byte order, but several decode functions compare them against
host-order constants without ntohs().
Add ntohs() to all affected comparisons:
- eigrp_hello_authentication_decode: auth_type and length checks
- eigrp_hello_parameter_decode: length check
- eigrp_sw_version_decode: length check
- eigrp_peer_termination_decode...
lib: northbound: distinguish unknown schema node from key mismatchWhen an mgmt edit-config arrives with an xpath that cannot be resolved
against the data tree, lyd_find_path returns an error and mgmtd emits
"List keys in xpath and data tree are different" for two distinct
failure modes:
- the xpath names a schema node that does not exist (typo, e.g.
"prefix-lst" instead of "prefix-list"); and
- the xpath resolves to a valid schema node, but the key p...
bgp_evpn: fix memleak when configuring rdDirect leak of 14 byte(s) in 1 object(s) allocated from:
#0 0x7bea082f74e8 in strdup ../../../../src/libsanitizer/asan/asan_interceptors.cpp:578
#1 0x7bea07e3ca5a in qstrdup lib/memory.c:123
#2 0x63e8ac7e7349 in evpn_configure_rd bgpd/bgp_evpn_vty.c:2401
#3 0x63e8ac7e7349 in bgp_evpn_vni_rd bgpd/bgp_evpn_vty.c:6439
#4 0x7bea07db2926 in cmd_execute_command_real lib/command.c:...
bgpd: fix neighbor IP comparison for IPv6 memcmp return valuesRootcause and fix:
In bgp bestpath selection,IPv6 peer addresses are ordered with
memcmp in sockunion_cmp(), so the return value can be any negative
or positive integer (e.g. 2), not only -1, 0, or 1.
The BGP neighbor-IP step compared ret to exactly ±1, so
other positive/negative values fell through to the default branch and
leading to select the wrong path. Using ret > 0 and ret < 0 instead.
...
bgpd: Replace the actual local-as when using replace-as with the confederationIf we have something like:
router bgp 12345
no bgp ebgp-requires-policy
bgp confederation identifier 64512
neighbor 192.168.1.1 remote-as 65004
neighbor 192.168.3.3 remote-as 64515
neighbor 192.168.3.3 remove-private-AS all replace-AS
Then 192.168.3.3 receives a route with AS PATH: 64512 12345, but 12345 should
be replaced to 64512 because the peering is done using 64512 <-> 64515.
Sign...
eigrpd: enforce minimum TLV length in Hello handlerThe Hello TLV parser accepts TLVs with length 1, 2, or 3 because
the condition only checks length > 0. Since the TLV header itself
is 4 bytes (type + length), a declared length smaller than
EIGRP_TLV_HDR_LENGTH causes the pointer to advance by less than
one header width, misaligning all subsequent TLV reads.
Tighten the check to require length >= EIGRP_TLV_HDR_LENGTH.
Signed-off-by: Tristan M...
isisd: use correct min size values for srv6 subtlvsUse the correct min sizes for the SRV6_ENDX and
LAN_ENDX SID subtlvs.
Reported-by: Tristan Madani <TristanInSec@gmail.com>
Signed-off-by: Mark Stapp <mjs@cisco.com>
ospfd: add LSA validation in the apiserver pathAdd some length validation for LSAs offered through the
apiserver code path.
Signed-off-by: Mark Stapp <mjs@cisco.com>
ospfd: fix redistribution for overlapping prefixesOSPF should not originate AS-external LSAs for networks that are
already advertised internally (i.e. via OSPF-enabled interfaces).
The redistribution check for connected routes used `prefix_match()`,
which incorrectly suppressed routes whose prefixes only overlap with
an OSPF-enabled interface.
Use `prefix_same()` instead, so only identical prefixes are skipped
and distinct connected networks...
tests: topology to test OSPF overlapping prefixAdd test for the OSPF connected overlapping prefix bug where an external
route is ommited because a connected route overlaps the prefix.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
bgpd: Respect local-as if configured when using internal/external/autoLet's say we have something like:
router bgp 65001
neighbor 192.168.1.5 remote-as internal
neighbor 192.168.1.5 local-as 65005 no-prepend replace-as
This way when the BGP OPEN is received it's treating 192.168.1.5 as external,
because local-as is not evaluated, and 65001 is taken instead.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
bgpd: Compare local-as when showing if the link is external or internalBefore this patch we compared remote-as vs. local-as (which is taken from BGP
instance). But if we use `local-as X`, we should compare it too.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
bgpd: Show "external" only if it's really external if using remote-as autoFixes: 0dfe25697f5299326046fcfb66f2c6beca7c423c ("bgpd: Implement `neighbor X remote-as auto`")
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
Merge pull request #21445 from opensourcerouting/fix/bgp_nexthop_unchanged_outboundbgpd: Don't mark nexthop as changed if a set next-hop unchanged is applied
zebra: fix wrong hash count function callThe Pull Requests #21263 and #21388 had conflicting changes:
- 21263 uses `hashcount` (lib/hash.h implementation) to count items in a
hash
- 21388 changes the hash type being referenced in the other PR with type
safe hash (lib/typesafe.h)
Since both Pull Requests got merged at nearly the same time the CI
didn't have a chance to build them together.
Signed-off-by: Rafael Zalamena <rzalamen...
Donald Sharp
Mark Stapp
Carmine Scarpitta
TristanInSec
Reinaldo Saraiva
Loïc Sang
harini
Donatas Abraitis
Rafael Zalamena
Dmytro Shytyi