summaryrefslogtreecommitdiffstats
path: root/doc (unfollow)
Commit message (Collapse)AuthorFilesLines
2020-01-10tests: ospf6-topo1 did not work properly with nhg's and 5.3 kernelsDonald Sharp2-2/+16
Fix the ospf6-topo1 test to understand nhg's and what happens when they are installed into a kernel that can support them. Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
2020-01-10debian: Fix logrotate in debian for bfdd, pbrd and vrrpd.Tim Bray1-1/+1
Signed-off-by: Tim Bray <tim@kooky.org>
2020-01-10zebra: fix bfd deregister message memleakQuentin Young1-0/+2
Removing double frees accidentally introduced a memleak Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
2020-01-09doc: Replace wrong paths for centos/fedora source build instructionsDonatas Abraitis4-18/+15
Signed-off-by: Donatas Abraitis <donatas.abraitis@gmail.com>
2020-01-08pimd: lookup nh using vrf_id we checked beforeStephen Worley1-1/+2
Update zclient_lookup_nexthop_once() to create the zapi header using the vrf_id on the pim->vrf struct. This is the one we do a check on a couple lines before, so we should be using it when we actually create the header as well. Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
2020-01-08pimd: allow pimd to handle nexthop_lookup zapi errorStephen Worley1-0/+8
Allow pimd to stop the lookup if zebra tells pimd that the lookup failed due to a zapi error. Otherwise, it will keep waiting for a nexthop message that will never come. Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
2020-01-08lib,zebra: add zapi msg top level error handlingStephen Worley5-9/+114
Add error handling for top level failures (not able to execute command, unable to find vrf for command, etc.) With this error handling we add a new zapi message type of ZEBRA_ERROR used when we are unable to properly handle a zapi command and pass it down into the lower level code. In the event of this, we reply with a message of type enum zebra_error_types containing the error type. The sent packet will look like so: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Length | Marker | Version | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | VRF ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Command | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ERROR TYPE | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Also add appropriate hooks for clients to subscribe to for handling these types of errors. Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
2020-01-08zebra: make current show nexthop-group cli zebra-specificMark Stapp1-1/+2
There's confusion between the nexthop-group configuration and a zebra-specific show command. For now, make the zebra show command string RIB-specific until we're able to unify these paths. Signed-off-by: Mark Stapp <mjs@voltanet.io>
2020-01-07zebra: remove cast from l3vni XMALLOCQuentin Young1-4/+2
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
2020-01-07bgpd: fix unaligned access to addpath idSantosh P K4-4/+7
uint8_t * cannot be cast to uint32_t * unless the pointed-to address is aligned according to uint32_t's alignment rules. And it usually is not. Signed-off-by: Santosh P K <sapk@vmware.com>
2020-01-07doc: Clarify what is supported directly in PIM documentationDonald Sharp1-0/+7
The FRR community keeps getting asked about what is supported or not. Try to clarify in an additional spot what is and what is not supported. Where people interested in using PIM might have a chance at actually seeing the notification. Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
2020-01-07bgpd: An ability to set attributes for default-originate via route-mapDonatas Abraitis1-26/+21
With this change, we are able to set attributes via route-map to the default route. It's useful in cases where we have two or more spines and we want to prefer one router over others for leaves. This simplifies configuration instead of using 'network 0.0.0.0/0' or 'ip route 0.0.0.0/0 ...' and 'redistribute static' combination. Signed-off-by: Donatas Abraitis <donatas.abraitis@gmail.com>
2020-01-07tests: Add a test for 'neighbor <neighbor> default-originate route-map <rm>'Donatas Abraitis6-0/+161
Signed-off-by: Donatas Abraitis <donatas.abraitis@gmail.com>
2020-01-07bgpd: avoid memcmp(NULL, NULL)Quentin Young1-2/+3
Undefined behavior Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
2020-01-07debian: Fix spelling errorDonald Sharp1-1/+1
Spelling error pointed out by debian build. Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
2020-01-07zebra: Handle crash when backpointer does not existDonald Sharp1-0/+7
================================================================= ==3058==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010 (pc 0x7f5bf3ef7477 bp 0x7ffdfaa20d40 sp 0x7ffdfaa204c8 T0) ==3058==The signal is caused by a READ memory access. ==3058==Hint: address points to the zero page. #0 0x7f5bf3ef7476 in memcpy /build/glibc-OTsEL5/glibc-2.27/string/../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:134 #1 0x4d158a in __asan_memcpy (/usr/lib/frr/zebra+0x4d158a) #2 0x7f5bf58da8ad in stream_put /home/qlyoung/frr/lib/stream.c:605:3 #3 0x67d428 in zsend_ipset_entry_notify_owner /home/qlyoung/frr/zebra/zapi_msg.c:851:2 #4 0x5c70b3 in zebra_pbr_add_ipset_entry /home/qlyoung/frr/zebra/zebra_pbr.c #5 0x68e1bb in zread_ipset_entry /home/qlyoung/frr/zebra/zapi_msg.c:2465:4 #6 0x68f958 in zserv_handle_commands /home/qlyoung/frr/zebra/zapi_msg.c:2611:3 #7 0x55666d in main /home/qlyoung/frr/zebra/main.c:309:2 #8 0x7f5bf3e5db96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310 #9 0x4311d9 in _start (/usr/lib/frr/zebra+0x4311d9) the ipset->backpointer was NULL as that the hash lookup failed to find anything. Prevent this crash from happening. Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
2020-01-07zebra: Refactor _add and _del to use a common functionDonald Sharp1-47/+61
The decoding of _add and _del functions is practically identical do a bit of work and make them so. Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
2020-01-07zebra: Prevent zebra vxlan remote macip del buffer overflowDonald Sharp1-2/+13
================================================================= ==13611==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffe9e5c8694 at pc 0x0000004d18ac bp 0x7ffe9e5c8330 sp 0x7ffe9e5c7ae0 WRITE of size 17 at 0x7ffe9e5c8694 thread T0 #0 0x4d18ab in __asan_memcpy (/usr/lib/frr/zebra+0x4d18ab) #1 0x7f16f04bd97f in stream_get2 /home/qlyoung/frr/lib/stream.c:277:2 #2 0x6410ec in zebra_vxlan_remote_macip_del /home/qlyoung/frr/zebra/zebra_vxlan.c:7718:4 #3 0x68fa98 in zserv_handle_commands /home/qlyoung/frr/zebra/zapi_msg.c:2611:3 #4 0x556add in main /home/qlyoung/frr/zebra/main.c:309:2 #5 0x7f16eea3bb96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310 #6 0x431249 in _start (/usr/lib/frr/zebra+0x431249) This decode is the result of a buffer overflow because we are not checking ipa_len. Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
2020-01-07bgpd: fix unaligned access to addpath idQuentin Young1-1/+2
uint8_t * cannot be cast to uint32_t * unless the pointed-to address is aligned according to uint32_t's alignment rules. And it usually is not. Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
2020-01-07bgpd: fix advertise pip running configChirag Shah1-8/+13
advertise pip running configuration should display ip followed by mac parameters value as defined in cli signature. advertise-pip is enabled by default, when displaying the running configuration, there is '\n' added after ip and mac parameters which was not guarded around the non-default parameters. Currently, for every bgp vrf instance it ends up displaying l2vpn address-family section due to unguarded newline. running config: router bgp 6004 vrf vrf1 ! address-family l2vpn evpn exit-address-family ! Ticket:CM-26964 Testing Done: With fix when only 'router bgp 6004 vrf vrf1' configured, running config looks like: ! router bgp 6004 vrf vrf1 ! Signed-off-by: Chirag Shah <chirag@cumulusnetworks.com>
2020-01-07zebra: fix ptm heap double freeQuentin Young1-2/+0
Don't need to free these, they're freed by the caller. Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
2020-01-06lib: dont decode more nexthops than we can handleQuentin Young1-0/+11
If someone provides us more nexthops than our configured multipath setting, drop the rest of them Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
2020-01-06zebra: free ptm message on errorQuentin Young1-0/+1
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
2020-01-06zebra: route changes via notify path trigger nht and mplsMark Stapp1-9/+5
Changes to a route via the dataplane notify path should trigger nht and mpls lsp processing. Signed-off-by: Mark Stapp <mjs@voltanet.io>
2020-01-06bgpd: fix large route-distinguisher's formatHiroki Shirokura1-3/+4
This commit is about #5629 's issue. Before this commit, bgpd creates format string of bgp-route-distinguisher as int32, but correctly format is uint32. current bgpd's sh-run-cli generate int32 rd, so if user sets the rd as 1:4294967295(0x1:0xffffffff), sh-run cli generates 1: -1 as running-config. This commit fix that issue. Signed-off-by: Hiroki Shirokura <slank.dev@gmail.com>
2020-01-05packaging: Redirect stderr to /dev/null in %post action (frr.spec.in)Donatas Abraitis1-1/+1
Solves: ``` /usr/bin/sed: couldn't write 40 items to stdout: Broken pipe /usr/bin/sed: couldn't write 40 items to stdout: Broken pipe /usr/bin/sed: couldn't write 40 items to stdout: Broken pipe /usr/bin/sed: couldn't write 40 items to stdout: Broken pipe /usr/bin/sed: couldn't write 40 items to stdout: Broken pipe /usr/bin/sed: couldn't write 40 items to stdout: Broken pipe /usr/bin/sed: couldn't write 40 items to stdout: Broken pipe ``` This happens because `grep -q` returns immediately after first match and closes the pipe while sed has more output to write. Signed-off-by: Donatas Abraitis <donatas.abraitis@gmail.com>
2020-01-04zebra: fix undefined bitshifts in netlink stuffQuentin Young2-6/+6
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
2020-01-04zebra: Ignore RTM_GETNEIGH messages from the linux kernelDonald Sharp1-0/+12
The linux kernel will occassionally send RTM_GETNEIGH when it expects user space to help in resolution of an ARP entry. See linux kernel commit: commit 3e25c65ed085b361cc91a8f02e028f1158c9f255 Author: Tim Gardner <tim.gardner@canonical.com> Date: Thu Aug 29 06:38:47 2013 -0600 net: neighbour: Remove CONFIG_ARPD Since we don't care about this, let's just safely ignore this message for the moment. I imagine in the future we might care when we implement neighbor managment in the system. Reported By: Stefan Priebe <s.priebe@profihost.ag> Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
2020-01-04zebra: reject ingress packets that are too largeQuentin Young1-0/+8
There may be logic to prevent this ever happening earlier in the network read path, but it doesn't hurt to double check it here, because clearly deeper paths rely on this being the case. Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
2020-01-04zebra: fix multiple bfd buffer issuesQuentin Young1-25/+13
Whatever this BFD re-transmission function is had a few problems. 1. Used memcpy instead of the (more concise) stream APIs, which include bounds checking. 2. Did not sufficiently check packet sizes. Actually, 2) is mitigated but is still a problem, because the BFD header is 2 bytes larger than the "normal" ZAPI header, while the overall message size remains the same. So if the source message being duplicated is actually right up against the ZAPI_MAX_PACKET_SIZ, you still can't fit the whole message into your duplicated message. I have no idea what the intent was here but at least there's a warning if it happens now. Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
2020-01-04zebra: null terminate interface name from wireQuentin Young1-0/+1
We read an ifname from the wire but don't make sure its null terminated, fix it Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
2020-01-04zebra: fix iptable memleak, fix free funcsQuentin Young2-28/+33
- Fix iptable freeing code to free malloc'd list - malloc iptable in zapi handler and use those functions to free it when done to fix a linked list memleak Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
2020-01-04zebra: ensure ipset name is null terminatedQuentin Young1-0/+1
We copy a fixed length buffer from the wire but don't ensure it is null terminated. Then print it as a c-string. Lul. Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
2020-01-04zebra: disallow negative rtadv intvl, fix overflowQuentin Young1-4/+13
- Disallow RA interval < 0 - Fix integer overflow issue converting interval to seconds from milliseconds - Add missing "m" to "ms" Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
2020-01-04lib: fix ifindex comparison overflowQuentin Young1-1/+6
Very small (negative!) ifindexes, when subtracted, can overflow. Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
2020-01-03bgpd: Time to deprecate bgpTimerUpDonatas Abraitis1-17/+0
Signed-off-by: Donatas Abraitis <donatas.abraitis@gmail.com>
2020-01-03docker: Use proper container name when creating CentOS 8 containerDonatas Abraitis1-1/+1
Signed-off-by: Donatas Abraitis <donatas.abraitis@gmail.com>
2020-01-03configure.ac: make msan & ubsan flags additiveQuentin Young1-2/+2
These were setting = SAN_FLAGS, we want to add to the variable. Note MSAN can't be used with any other sanitizer (except UBSan) but the compiler will complain about that if you use it wrong so we don't need to enforce it here. Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
2020-01-03bgpd: slight correction to sanity checks for SRGBQuentin Young1-9/+37
Also improves the log messages for invalid SRGB length fields, truncated attribute data etc Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
2020-01-03bgpd: fix missing bounds checks for psid attrQuentin Young3-33/+65
Guess what - for a bounds check to work, it has to happen *before* you read the data. We were trusting the attribute field received in a prefix SID attribute and then checking if it was correct afterwards, but if was wrong we'd crash before that. This fixes the problem, and adds additional paranoid bounds checks. Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
2020-01-03zebra: check pbr rule msg for correct afiQuentin Young1-0/+14
further down we hash the src & dst ip, which asserts that the afi is one of the well known ones, given the field names i assume the correct afis here are af_inet[6] Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
2020-01-03pimd: Do not warn for common occurrence in igmp codeDonald Sharp1-2/+4
Do not warn when we receive a multicast address that matches 224.0.0.0/24. Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
2020-01-03pimd: Convert the upstream_list and hash to a rb treeDonald Sharp8-106/+46
Convert the upstream_list and hash to a rb tree, Significant time was being spent in the listnode_add_sort. This reduces this time greatly. Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
2020-01-03pimd: Convert the channel_oil_list|hash to a rb_treeDonald Sharp5-34/+28
The channel_oil_list and hash are taking significant cpu at scale when adding to the sorted list. Replace with a RB_TREE. Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
2020-01-03doc: Add rfc8212 to supported RFCs listDonatas Abraitis1-0/+2
Signed-off-by: Donatas Abraitis <donatas.abraitis@gmail.com>
2020-01-03zebra: use correct attr size for netlink encQuentin Young1-1/+1
a bool is not 4 bytes Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
2020-01-03doc: Updating FRR supported RFC listSri Mohana Singamsetty1-49/+101
1. Added subsections for BGP, MPLS, ISIS, OSPF etc. 2. Updated RFCs for BGP, MPLS, OSPF. Signed-off-by: Sri Mohana Singamsetty <msingamsetty@vmware.com>
2020-01-02bgpd: fix too much no listen doc stringQuentin Young1-3/+2
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
2020-01-02configure.ac: add --enable-undefined-sanitizerQuentin Young1-0/+9
For UBSan Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
2020-01-01ripd: Fix redistribute/no redistribute rinse repeate commandsDonald Sharp1-2/+2
ripd was using zclient_redistribute for installation but not for removal. As such the lib/zclient.c was not properly tracking add/removal. I think it would be best to just let rip to track this instead of zclient. Fixes: #5599 Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>