pimd: fix crash due to double freelocal_membership_del may delete the ifchannel and last upstream,
which runs pim_channel_oil_upstream_deref() and frees the channel_oil.
IGMP still holds *oilp in that case; a second pim_channel_oil_del()
corrupts the RB tree (typed_rb_remove on freed / zeroed links).
Signed-off-by: Jafar Al-Gharaibeh <jafar@atcorp.com>
eigrpd: skip unknown and ignored TLVsTry to skip unknown TLVs in places where we don't process
all types.
Reported-by: Haruto Kimura (Stella) <harutokimura0608@gmail.com>
Signed-off-by: Mark Stapp <mjs@cisco.com>
eigrpd: Improve packet validationHarden validation of lengths before accessing packets;
detect and handle invalid INT TLVs where they're created.
Reported-by: Haruto Kimura (Stella) <harutokimura0608@gmail.com>
Signed-off-by: Mark Stapp <mjs@cisco.com>
bgpd: Move rpki strict check to bgp_accept()Current code checks on bgp_start and bgp_establish()
to prevent incoming and outgoing connections when rpki strict mode
is on and bgp is not connected to rpki. Modify the code such that
the bgp_establish() code is no longer the place to check this
it should be in bgp_accept(). Without this there is a very reproducible
crash that happens because the check in bgp_establish() is immediately
afte...
tests: Add new bgp rpki testingAdd these tests to the bgp rpki topotest to better test the rpki code:
a) Test that RPKI invalid state is handled correctly.
b) Ensures that neighbor rpki strict works correctly
c) Add match rpki invalid route-map and ensure it works correctly.
d) Add match rpki-extcommunity and ensure it works correctly.
e) Add IPv6 RPKI validation and ensure it works correctly.
Signed-off-by: Donald Sharp <...
pceplib: validate during of_list TLV decodingValidate buffer length in OF TLV decoding; avoid casting buffer
as integer pointer; count advance by 2-bytes.
Signed-off-by: Mark Stapp <mjs@cisco.com>
bgpd: Check if prefixlen is not 0 when parsing flowspec stuffWhen len == 0, this wraps to UINT32_MAX/SIZE_MAX, causing an unbounded read
from whatever memory follows the buffer. Currently mitigated for the validation
path (caller checks psize == 0), but bgp_flowspec_contains_prefix and bgp_fs_nlri_get_string take len from stored prefix data and have no such guard.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
bgpd: Prevent len_string going negative when trying to display flowspec entriesThe bgp_fs_nlri_get_string() function writes flowspec component strings into
a 512-byte stack buffer (BGP_FLOWSPEC_STRING_DISPLAY_MAX). It tracks remaining
space using len_string, which is decremented by the return value of snprintf.
The critical bug: when snprintf truncates output, it returns the number of
characters that would have been written, not the number actually written.
This causes ...
tests: add topotest for PIM allow-rp featureAdd a new topotest to verify the 'ip pim allow-rp' functionality.
The test validates that PIM joins with mismatched RP addresses are
rejected by default, accepted when allow-rp is enabled, and properly
filtered when using the rp-list prefix-list option.
Signed-off-by: Soumya Roy <souroy@nvidia.com>
pimd: add YANG/northbound support for allow-rp configurationWire the allow-rp CLI through the northbound framework with
proper YANG modeling, replacing direct struct field manipulation.
Add IPv6 pim allow-rp command support.
Integrate allow-rp CLI with the northbound framework using proper
YANG modeling, replacing direct struct field manipulation. Add IPv6
pim allow-rp command support.
Signed-off-by: Soumya Roy <souroy@nvidia.com>
pimd: refactor allow-rp logic and remove unused parameter- Remove unused 'allow_rp' parameter from recv_join() function.
The parameter was passed but never used; the code accessed
pim_ifp->allow_rp directly instead.
- Consolidate all allow-rp checking logic into pim_is_rp_allowed().
The function now handles the allow_rp enable check internally,
making the calling code cleaner and the function self-contained.
- Update function documentation ...
pimd: fix the crash by doing NULL check for pim interfaceAdded the NULL check befor accessing pim interface while processing
command "no ip pim allow-rp rp-list sample"
Ticket: #3864208
Testing:
before:
tor-11(config-if)# no ip pim allow-rp rp-list policy
vtysh: error reading from pimd: Success (0)Warning: closing connection to pimd because of an I/O error!
Broadcast message from root@tor-11 (somewhere) (Thu Apr 18 21:15:45 2024):
cumulus-core: R...
pimd: add allow-rp knob to ignore incorrect rpWhen processing a (*,G) source list entry, the RFC dictates that the
source address provided must match the RP address. In some situations
it's desirable to forego this check. This patch adds a simple boolean
knob, configurable on a per-interface basis, to disable that check.
Alternatively, one can specify a prefix-list, which will act as a
whitelist for what RP addresses to allow.
Signed-off...
Merge pull request #21214 from LabNConsulting/chopps/fix-swapped-vals-and-setsockoptlib: fix swapped values, bad setsockopt, and intermittent test failure
bgpd: Revalidate locally originated routes against RPKI changesWithout this patch we evaluated only adj_in for a particular peer, which means
we never re-advertise locally originated route if RPKI state changes, e.g.:
if RPKI state changes from VALID to INVALID, we still advertise this route
to the peer even if we have a route-map that denies announcing INVALID routes.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
zebra: fix spurious tag mismatch in rib_route_match_ctx()rib_route_match_ctx() matches a returning dplane result back to the
correct route_entry. For ZEBRA_ROUTE_STATIC it narrowed the match
using both distance and tag. However, tag is an attribute of the
route_entry, not part of its identity — a tag change modifies the
route_entry in place without creating a new one.
Including tag in the match creates a race: if a tag update arrives and
modifies ...
bgpd: properly copy ls attr's admin_groupthe bgp_ls_attr_copy() function must make a separate copy
of the embedded admin_group in the bgp_ls_attr.
Signed-off-by: Mark Stapp <mjs@cisco.com>
bgpd: call init and term funcs for LS attr admin_groupThere's an admin group struct embedded in the BGP LS attr;
it needs to be init'd and freed.
Reported-by: Haruto Kimura (Stella) <harutokimura0608@gmail.com>
Signed-off-by: Mark Stapp <mjs@cisco.com>
bgpd: Fix incorrect comparisons in BGP-LS *_cmp() functionsComparison functions in bgp_ls_nlri.c return (a - b) on unsigned
integer fields. The unsigned subtraction result is then implicitly
converted to int (the return type). When the difference exceeds
INT_MAX the sign flips, inverting the result:
a = 0xFFFFFFFF, b = 0
(uint32_t)a - b = 0xFFFFFFFF -> cast to int gives -1
-> caller sees a < b, which is wrong
These functions are expected to ret...
tests: Verify BGP-LS routes withdrawn on peer deactivateAdd test_bgp_ls_peer_deactivate() to verify that deactivating the
last BGP-LS peer on r2 withdraws all locally originated routes on
r2 and clears all received routes on rr.
Add test_bgp_ls_peer_reactivate() to verify that reactivating the
peer triggers a fresh TED sync, re-originates all BGP-LS NLRIs on
r2, and re-advertises them to rr.
Signed-off-by: Carmine Scarpitta <cscarpit@cisco.com>
bgpd: Withdraw BGP-LS routes and reset TED on last peer deactivationWhen the last BGP-LS peer is deactivated, locally originated BGP-LS
routes are not withdrawn from the RIB, leaving stale routes on peers.
The TED is also not cleared, so the next registration re-originates
on top of stale state.
Add bgp_ls_withdraw_ted() which removes all self-originated paths via
bgp_clear_route() and clears all TED entries. Call it in
peer_deactivate() when the last BGP-LS p...
bgpd: Request initial TED sync on link-state registrationAfter registering with the LS database, no initial sync is requested,
so the TED remains empty until the IGP sends unsolicited updates.
Any topology changes that occurred before registration are
permanently missed and never originated as BGP-LS NLRIs.
Additionally, LS_MSG_EVENT_SYNC messages are not handled in the TED
processors, so any sync response from zebra is silently dropped.
Request a ...
tests: Fix test_bgp_srv6_sid_unexport expectationsAfter removing sid export on R1, the test checks both 10.0.0.1/32
and 10.0.0.3/32 on R2 with expect_sid="", expecting neither to
carry a SRv6 SID. This is wrong: 10.0.0.3/32 is originated by R3
which still has sid export configured, so it should still be
seen on R2 with r3_unicast_sid.
This wrong expectation was not caught because check_route() did
not verify the absence of a SID when expect_s...
Jafar Al-Gharaibeh
Mark Stapp
Donald Sharp
Soumya Roy
Enke Chen
Carmine Scarpitta