diff options
| author | Mobashshera Rasool <mrasool@vmware.com> | 2020-08-04 08:24:29 +0200 |
|---|---|---|
| committer | Mobashshera Rasool <mrasool@vmware.com> | 2020-08-05 07:49:14 +0200 |
| commit | 4b67fe2df396398bda3cd646fa14c6789932f6bb (patch) | |
| tree | c063553174e08831b7421f81b0e1c222edb2243d /pimd/pim_rpf.c | |
| parent | Merge pull request #6844 from donaldsharp/bestpath_routes (diff) | |
| download | frr-4b67fe2df396398bda3cd646fa14c6789932f6bb.tar.xz frr-4b67fe2df396398bda3cd646fa14c6789932f6bb.zip | |
pimd: crash fix when RP is removed
pimd crash at pim_msg_build_jp_groups (
grp=grp@entry=0x7ffca55b5d1e, sgs=sgs@entry=0x17821a0, size=20)
at pimd/pim_msg.c:198
Fix for https://github.com/FRRouting/frr/issues/6849
Root Cause:
===========
pimd has crashed because pim_upstream_rpf_clear function sets the
up->rpf.source_nexthop.interface pointer to NULL and has not removed
the upstream source node from the neighbor. When the upstream gets
deleted the source is not removed from neighbor
neigh->upstream_jp_agg->groups->sources list. This source node has
pointer to upstream freed memory. Hence when on_neighbor_jp_timer expires,
it tries to access the upstream pointer and crashed.
Fix:
====
Before setting the interface pointer to NULL, remove the node from
neigh->upstream_jp_agg->groups->sources list. Also the upstream state
has to be changed to Not joined.
Removed extra line changes.
Signed-off-by: Mobashshera Rasool <mrasool@vmware.com>
Diffstat (limited to 'pimd/pim_rpf.c')
| -rw-r--r-- | pimd/pim_rpf.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/pimd/pim_rpf.c b/pimd/pim_rpf.c index f971520c8..043ccdb84 100644 --- a/pimd/pim_rpf.c +++ b/pimd/pim_rpf.c @@ -346,6 +346,7 @@ void pim_upstream_rpf_clear(struct pim_instance *pim, struct pim_upstream *up) { if (up->rpf.source_nexthop.interface) { + pim_upstream_switch(pim, up, PIM_UPSTREAM_NOTJOINED); up->rpf.source_nexthop.interface = NULL; up->rpf.source_nexthop.mrib_nexthop_addr.u.prefix4.s_addr = PIM_NET_INADDR_ANY; |