tests: Fix invalid escape warning in bgp_link_state test modulePytest reports a DeprecationWarning during collection of
tests/topotests/bgp_link_state/test_bgp_link_state.py due to an
invalid escape sequence in the module docstring.
```
test_bgp_link_state.py:6
/home/user/frr/tests/topotests/bgp_link_state/test_bgp_link_state.py:6: DeprecationWarning: invalid escape sequence '\ '
"""
```
Fix this by converting the module docstring to a raw string l...
tests: Fix invalid ISIS max-lsp-lifetime in bgp_link_state configsThe bgp_link_state topotest ISIS configs set:
max-lsp-lifetime 20
FRR accepts max-lsp-lifetime only in range 350-65535, so value 20
triggers warnings while loading the configs.
Update r1/r2/r3/r4 configs to use:
max-lsp-lifetime 350
Signed-off-by: Carmine Scarpitta <cscarpit@cisco.com>
bgpd: Treat malformed BGP-LS TLV as NLRI discard per RFC 9552RFC 9552 Section 5.1 states that when a malformed TLV is detected in
a BGP-LS attribute, the router MUST handle the affected NLRI(s) as
NLRI discard. The BGP session MUST NOT be reset.
bgp_attr_ls() currently returns BGP_ATTR_PARSE_ERROR on TLV parse
failure, which causes the caller (bgp_packet.c) to return BGP_Stop and
reset the session.
This behavior creates a remote BGP-session-reset vecto...
bgpd: Reject BGP-LS node/link names containing non-printable charactersparse_node_name() and parse_link_name() accept arbitrary bytes from the
wire, including embedded NUL bytes and control characters. A malicious
peer can inject names such as "good\0bad", which:
- Are silently truncated by strcmp/printf (only "good" is visible),
allowing two distinct TLV values to appear identical in logs and VTY
output (log spoofing).
- Can bypass NLRI deduplication: bg...
mgmtd: add periodic notify mode with mode/mode_data and FE support - Added mode/mode_data to native NOTIFY_SELECT message.
- Defined periodic vs on-change notify semantics in FE path.
- Track periodic selectors separately from on-change selectors per session.
- Added per-session periodic timer lifecycle for sampled oper snapshots.
- Keep backend notify-select subscriptions on-change only.
- Update FE client API/topotest encoding and docs for mode s...
Merge pull request #21769 from donaldsharp/rnh_problems_with_quick_interface_flappingzebra: Allow quick flaps of interfaces to be handled properly in next…
zebra: Allow quick flaps of interfaces to be handled properly in nexthop trackingCurrently if you have a quick series of events:
interface down
interface up
This can end up resolving to no changes in the nexthop tracking if zebra
is extremely busy.
Modify zebra to notice that the connected/local/kernel routes have been
removed and re-added and allow nexthop trackign to send a nexthop withdraw
then a add to make things keep working.
Signed-off-by: Donald Sharp <sharpd@nv...
tests: add test verifying aggregate->count with bgp suppress-fib-pendingAdd a topotest verifying that aggregate->count is correctly maintained
when bgp suppress-fib-pending is enabled.
Topology: r2 (AS 65002) --- r1 (AS 65001)
r2 advertises 10.0.0.0/24 to r1. r1 has suppress-fib-pending enabled
and aggregate-address 10.0.0.0/8 configured.
The bug fixed (bgpd: fix aggregate->count errors in ZAPI route
notifications): ZAPI_ROUTE_INSTALLED called bgp_aggregate_inc...
bgpd: fix aggregate->count errors in ZAPI route notificationsAggregate counting tracks BGP RIB presence, not FIB installation state.
bgp_aggregate_increment/decrement() must be called when routes enter or
leave the BGP RIB — not in response to FIB events from zebra. When
"bgp suppress-fib-pending" is configured, BGP registers for route
notifications (ZEBRA_ROUTE_NOTIFY_REQUEST), and the ZAPI notification
handlers violated this principle, causing two bug...
tests: bgp_community_change_update: use receivedPrefixDup counterReplace the grep-based duplicate-update detection with the
receivedPrefixDup counter from "show bgp neighbors json". This
avoids reliance on log file content.
Also explicitly enable bgp suppress-duplicates in x1/bgpd.conf, and
disable debug bgp updates in both c1 and x1 configs.
Signed-off-by: Enke Chen <enchen@paloaltonetworks.com>
bgpd: Fix possible NULL deref in capability extended-nexthopSA is warning that peer as returned by peer_and_group_lookup_vty
can be NULL. As such deref'ing the peer in bgp_capability_send
is a no go. This used to work because the peer was checked
for null in bgp_capability_send.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
bgpd: bgp_packet.c and bgp_fsm.c were using peer->connection in some wrong placesSimplify the code to fully make sure that the function is really
connection oriented. Find and fix the places where peer->connection
was being used on connection oriented functions
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
bgpd: Modify functions to use `struct peer_connection`Modify functions in:
bgp_packet.c
bgp_attr.c
bgp_open.c
bgp_fsm.c
bgp_ls.c
to take a `struct peer_connection` vs a `struct peer`. Just more
cleanup of the functions in what they are doing.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
zebra: fix memleak in ip import-table rmapFree the existing route-map name before
inheriting new policy name.
Assisted-by: Claude
Signed-off-by: Chirag Shah <chirag@nvidia.com>
bgpd: Cleanup leaked memory on shutdown of rpkiWhen shutting down rpki, clean up the memory
associated with the instance.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
tests: Add a `no rpki` command for testingThe `no rpki` command was not being tested at all in the bgp rpki code.
Let's add a new test for it.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
bgpd: Allow rpki to gracefully shutdown pthreads on stopThe bgp rpki code is seeing crashes on shutdown because the
rtr mgr code is shutting down it's created pthreads and
then joining them appropriately. When FRR then shutsdown
we are seeing a situation where the pthread_join is crashing
because it thinks it should do a join. Allow the bgp_rpki.c
code to hook into the new frr_pthread_non_controlled_shutdown
call to handle this situation better.
...
lib: Add a frr_pthread_non_controlled_shutdownAllow for pthreads to be cleaned up outside the scope
of the frr_pthread infrastructure on shutdown.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
tests: Fix backtraces working properly for post topology teardownBacktraces were not being properly handled on the post topology
teardown. Fix that.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
tests: Catch core dumps *after* teardown has completedIf a test dumps core after it has been told to teardown, the topotests
do not catch this problem. Modify the code to catch this situation.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
bgpd: fix EVPN VRF auto RT deletion collisionWhen an EVPN VRF L3VNI is learned before the BGP configuration is fully
replayed, bgpd may install the implicit auto-derived L3 route-target
first.
If the saved configuration also contains that same value as an explicit
configured import RT, a later configured RT can accidentally remove it.
This surfaced after the commit 800f336b0bfb ("tools: fix daemon starting
order for debian packages") wa...
ospf6d: re-validate packet auth-data lengthRe-validate authentication data len from incoming packets
before using the value in digest computation.
Signed-off-by: Mark Stapp <mjs@cisco.com>
ospf6d: handle incoming cmsg data, validate hoplimitRequest hoplimit data when opening new sockets.
Iterate through cmsg objects; don't assume the type of the first
object present. Use the IPV6_RECVHOPLIMIT cmsg data for
incoming packets; ignore multicast packets with invalid
hoplimit per RFC5340.
Signed-off-by: Mark Stapp <mjs@cisco.com>
tests: Run black over a bunch of evpn topotestsPrevious commit only changed pytest marks but the tools are complaining
about a bunch of code I didn't touch. Let's just make it happy in
one fell swoop.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
tests: Add `evpn` pytestmark to tests that are missingThere are a number of evpn tests that have been created that do not
have the evpn pytestmark. Make it so.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
tests: Remove invalid link-params command from BGP-LS topotest configsThe frr.conf files for r1–r4 contain a `neighbor` command inside
link-params blocks:
link-params
neighbor 10.0.255.X
The command is incomplete and invalid. When loading the config, FRR
reports:
% Command incomplete: neighbor 10.0.255.X
and silently ignores it. Remove the command.
Signed-off-by: Carmine Scarpitta <cscarpit@cisco.com>
Donatas Abraitis
Carmine Scarpitta
Ashwini Reddy
Donald Sharp
Enke Chen
Mark Stapp
Chirag Shah
Gabriel Goller