From 133c55762014936a5791cb5704530d732e2b8f3b Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: May 10 2022 07:00:03 +0000 Subject: import frr-7.5-11.el8 --- diff --git a/SOURCES/0008-bfd-reload.patch b/SOURCES/0008-bfd-reload.patch deleted file mode 100644 index b153592..0000000 --- a/SOURCES/0008-bfd-reload.patch +++ /dev/null @@ -1,60 +0,0 @@ -From 46a2b560fa84c5f8ece8dbb82cbf355af675ad41 Mon Sep 17 00:00:00 2001 -From: Rafael Zalamena -Date: Tue, 19 Jan 2021 08:49:23 -0300 -Subject: [PATCH] tools: fix frr-reload BFD profile support - -Fix the handling of multiple BFD profiles by adding the appropriated -code to push/pop contexts inside BFD configuration node. - -Signed-off-by: Rafael Zalamena ---- - tools/frr-reload.py | 28 ++++++++++++++++++++++++++++ - 1 file changed, 28 insertions(+) - -diff --git a/tools/frr-reload.py b/tools/frr-reload.py -index da005b6f874..ca6fe81f007 100755 ---- a/tools/frr-reload.py -+++ b/tools/frr-reload.py -@@ -533,6 +533,18 @@ def load_contexts(self): - if line.startswith('!') or line.startswith('#'): - continue - -+ if (len(ctx_keys) == 2 -+ and ctx_keys[0].startswith('bfd') -+ and ctx_keys[1].startswith('profile ') -+ and line == 'end'): -+ log.debug('LINE %-50s: popping from sub context, %-50s', line, ctx_keys) -+ -+ if main_ctx_key: -+ self.save_contexts(ctx_keys, current_context_lines) -+ ctx_keys = copy.deepcopy(main_ctx_key) -+ current_context_lines = [] -+ continue -+ - # one line contexts - # there is one exception though: ldpd accepts a 'router-id' clause - # as part of its 'mpls ldp' config context. If we are processing -@@ -649,6 +661,22 @@ def load_contexts(self): - log.debug('LINE %-50s: entering sub-sub-context, append to ctx_keys', line) - ctx_keys.append(line) - -+ elif ( -+ line.startswith('profile ') -+ and len(ctx_keys) == 1 -+ and ctx_keys[0].startswith('bfd') -+ ): -+ -+ # Save old context first -+ self.save_contexts(ctx_keys, current_context_lines) -+ current_context_lines = [] -+ main_ctx_key = copy.deepcopy(ctx_keys) -+ log.debug( -+ "LINE %-50s: entering BFD profile sub-context, append to ctx_keys", -+ line -+ ) -+ ctx_keys.append(line) -+ - else: - # Continuing in an existing context, add non-commented lines to it - current_context_lines.append(line) - diff --git a/SOURCES/0008-ospf-multi-instance.patch b/SOURCES/0008-ospf-multi-instance.patch new file mode 100644 index 0000000..e0da72a --- /dev/null +++ b/SOURCES/0008-ospf-multi-instance.patch @@ -0,0 +1,119 @@ +diff --git a/ospfd/ospfd.c b/ospfd/ospfd.c +index d8be19db9..6fe94f3a4 100644 +--- a/ospfd/ospfd.c ++++ b/ospfd/ospfd.c +@@ -384,12 +384,50 @@ struct ospf *ospf_lookup_by_inst_name(unsigned short instance, const char *name) + return NULL; + } + +-struct ospf *ospf_get(unsigned short instance, const char *name, bool *created) ++static void ospf_init(struct ospf *ospf) + { +- struct ospf *ospf; + struct vrf *vrf; + struct interface *ifp; + ++ ospf_opaque_type11_lsa_init(ospf); ++ ++ if (ospf->vrf_id != VRF_UNKNOWN) ++ ospf->oi_running = 1; ++ ++ /* Activate 'ip ospf area x' configured interfaces for given ++ * vrf. Activate area on vrf x aware interfaces. ++ * vrf_enable callback calls router_id_update which ++ * internally will call ospf_if_update to trigger ++ * network_run_state ++ */ ++ vrf = vrf_lookup_by_id(ospf->vrf_id); ++ ++ FOR_ALL_INTERFACES (vrf, ifp) { ++ struct ospf_if_params *params; ++ struct route_node *rn; ++ uint32_t count = 0; ++ ++ params = IF_DEF_PARAMS(ifp); ++ if (OSPF_IF_PARAM_CONFIGURED(params, if_area)) ++ count++; ++ ++ for (rn = route_top(IF_OIFS_PARAMS(ifp)); rn; rn = route_next(rn)) ++ if ((params = rn->info) && OSPF_IF_PARAM_CONFIGURED(params, if_area)) ++ count++; ++ ++ if (count > 0) { ++ ospf_interface_area_set(ospf, ifp); ++ ospf->if_ospf_cli_count += count; ++ } ++ } ++ ++ ospf_router_id_update(ospf); ++} ++ ++struct ospf *ospf_get(unsigned short instance, const char *name, bool *created) ++{ ++ struct ospf *ospf; ++ + /* vrf name provided call inst and name based api + * in case of no name pass default ospf instance */ + if (name) +@@ -402,39 +440,7 @@ struct ospf *ospf_get(unsigned short instance, const char *name, bool *created) + ospf = ospf_new(instance, name); + ospf_add(ospf); + +- ospf_opaque_type11_lsa_init(ospf); +- +- if (ospf->vrf_id != VRF_UNKNOWN) +- ospf->oi_running = 1; +- +- /* Activate 'ip ospf area x' configured interfaces for given +- * vrf. Activate area on vrf x aware interfaces. +- * vrf_enable callback calls router_id_update which +- * internally will call ospf_if_update to trigger +- * network_run_state +- */ +- vrf = vrf_lookup_by_id(ospf->vrf_id); +- +- FOR_ALL_INTERFACES (vrf, ifp) { +- struct ospf_if_params *params; +- struct route_node *rn; +- uint32_t count = 0; +- +- params = IF_DEF_PARAMS(ifp); +- if (OSPF_IF_PARAM_CONFIGURED(params, if_area)) +- count++; +- +- for (rn = route_top(IF_OIFS_PARAMS(ifp)); rn; rn = route_next(rn)) +- if ((params = rn->info) && OSPF_IF_PARAM_CONFIGURED(params, if_area)) +- count++; +- +- if (count > 0) { +- ospf_interface_area_set(ospf, ifp); +- ospf->if_ospf_cli_count += count; +- } +- } +- +- ospf_router_id_update(ospf); ++ ospf_init(ospf); + } + + return ospf; +@@ -450,7 +456,7 @@ struct ospf *ospf_get_instance(unsigned short instance, bool *created) + ospf = ospf_new(instance, NULL /* VRF_DEFAULT*/); + ospf_add(ospf); + +- ospf_opaque_type11_lsa_init(ospf); ++ ospf_init(ospf); + } + + return ospf; +diff --git a/ospfd/ospfd.h b/ospfd/ospfd.h +index 192e54281..3087b735a 100644 +--- a/ospfd/ospfd.h ++++ b/ospfd/ospfd.h +@@ -604,7 +604,6 @@ extern int ospf_nbr_nbma_poll_interval_set(struct ospf *, struct in_addr, + unsigned int); + extern int ospf_nbr_nbma_poll_interval_unset(struct ospf *, struct in_addr); + extern void ospf_prefix_list_update(struct prefix_list *); +-extern void ospf_init(void); + extern void ospf_if_update(struct ospf *, struct interface *); + extern void ospf_ls_upd_queue_empty(struct ospf_interface *); + extern void ospf_terminate(void); diff --git a/SOURCES/0009-bgp-ttl-security.patch b/SOURCES/0009-bgp-ttl-security.patch new file mode 100644 index 0000000..193929c --- /dev/null +++ b/SOURCES/0009-bgp-ttl-security.patch @@ -0,0 +1,92 @@ +From 8a66632391db5f5181a4afef6aae41f48bee7fdb Mon Sep 17 00:00:00 2001 +From: Donald Sharp +Date: Fri, 15 Jan 2021 08:14:49 -0500 +Subject: [PATCH] bgpd: Allow peer-groups to have `ttl-security hops` + configured + +The command `neighbor PGROUP ttl-security hops X` was being +accepted but ignored. Allow it to be stored. I am still +not sure that this is applied correctly, but that is another +problem. + +Fixes: #7848 +Signed-off-by: Donald Sharp +--- + bgpd/bgpd.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/bgpd/bgpd.c b/bgpd/bgpd.c +index 9297ec4711c..4ebd3da0620 100644 +--- a/bgpd/bgpd.c ++++ b/bgpd/bgpd.c +@@ -7150,6 +7150,7 @@ int is_ebgp_multihop_configured(struct peer *peer) + int peer_ttl_security_hops_set(struct peer *peer, int gtsm_hops) + { + struct peer_group *group; ++ struct peer *gpeer; + struct listnode *node, *nnode; + int ret; + +@@ -7186,9 +7187,10 @@ int peer_ttl_security_hops_set(struct peer *peer, int gtsm_hops) + return ret; + } else { + group = peer->group; ++ group->conf->gtsm_hops = gtsm_hops; + for (ALL_LIST_ELEMENTS(group->peer, node, nnode, +- peer)) { +- peer->gtsm_hops = group->conf->gtsm_hops; ++ gpeer)) { ++ gpeer->gtsm_hops = group->conf->gtsm_hops; + + /* Calling ebgp multihop also resets the + * session. +@@ -7198,7 +7200,7 @@ int peer_ttl_security_hops_set(struct peer *peer, int gtsm_hops) + * value is + * irrelevant. + */ +- peer_ebgp_multihop_set(peer, MAXTTL); ++ peer_ebgp_multihop_set(gpeer, MAXTTL); + } + } + } else { +@@ -7219,9 +7221,10 @@ int peer_ttl_security_hops_set(struct peer *peer, int gtsm_hops) + MAXTTL + 1 - gtsm_hops); + } else { + group = peer->group; ++ group->conf->gtsm_hops = gtsm_hops; + for (ALL_LIST_ELEMENTS(group->peer, node, nnode, +- peer)) { +- peer->gtsm_hops = group->conf->gtsm_hops; ++ gpeer)) { ++ gpeer->gtsm_hops = group->conf->gtsm_hops; + + /* Change setting of existing peer + * established then change value (may break +@@ -7231,17 +7234,18 @@ int peer_ttl_security_hops_set(struct peer *peer, int gtsm_hops) + * no session then do nothing (will get + * handled by next connection) + */ +- if (peer->fd >= 0 +- && peer->gtsm_hops ++ if (gpeer->fd >= 0 ++ && gpeer->gtsm_hops + != BGP_GTSM_HOPS_DISABLED) + sockopt_minttl( +- peer->su.sa.sa_family, peer->fd, +- MAXTTL + 1 - peer->gtsm_hops); +- if ((peer->status < Established) +- && peer->doppelganger +- && (peer->doppelganger->fd >= 0)) +- sockopt_minttl(peer->su.sa.sa_family, +- peer->doppelganger->fd, ++ gpeer->su.sa.sa_family, ++ gpeer->fd, ++ MAXTTL + 1 - gpeer->gtsm_hops); ++ if ((gpeer->status < Established) ++ && gpeer->doppelganger ++ && (gpeer->doppelganger->fd >= 0)) ++ sockopt_minttl(gpeer->su.sa.sa_family, ++ gpeer->doppelganger->fd, + MAXTTL + 1 - gtsm_hops); + } + } diff --git a/SOURCES/0010-bfd-reload.patch b/SOURCES/0010-bfd-reload.patch new file mode 100644 index 0000000..b153592 --- /dev/null +++ b/SOURCES/0010-bfd-reload.patch @@ -0,0 +1,60 @@ +From 46a2b560fa84c5f8ece8dbb82cbf355af675ad41 Mon Sep 17 00:00:00 2001 +From: Rafael Zalamena +Date: Tue, 19 Jan 2021 08:49:23 -0300 +Subject: [PATCH] tools: fix frr-reload BFD profile support + +Fix the handling of multiple BFD profiles by adding the appropriated +code to push/pop contexts inside BFD configuration node. + +Signed-off-by: Rafael Zalamena +--- + tools/frr-reload.py | 28 ++++++++++++++++++++++++++++ + 1 file changed, 28 insertions(+) + +diff --git a/tools/frr-reload.py b/tools/frr-reload.py +index da005b6f874..ca6fe81f007 100755 +--- a/tools/frr-reload.py ++++ b/tools/frr-reload.py +@@ -533,6 +533,18 @@ def load_contexts(self): + if line.startswith('!') or line.startswith('#'): + continue + ++ if (len(ctx_keys) == 2 ++ and ctx_keys[0].startswith('bfd') ++ and ctx_keys[1].startswith('profile ') ++ and line == 'end'): ++ log.debug('LINE %-50s: popping from sub context, %-50s', line, ctx_keys) ++ ++ if main_ctx_key: ++ self.save_contexts(ctx_keys, current_context_lines) ++ ctx_keys = copy.deepcopy(main_ctx_key) ++ current_context_lines = [] ++ continue ++ + # one line contexts + # there is one exception though: ldpd accepts a 'router-id' clause + # as part of its 'mpls ldp' config context. If we are processing +@@ -649,6 +661,22 @@ def load_contexts(self): + log.debug('LINE %-50s: entering sub-sub-context, append to ctx_keys', line) + ctx_keys.append(line) + ++ elif ( ++ line.startswith('profile ') ++ and len(ctx_keys) == 1 ++ and ctx_keys[0].startswith('bfd') ++ ): ++ ++ # Save old context first ++ self.save_contexts(ctx_keys, current_context_lines) ++ current_context_lines = [] ++ main_ctx_key = copy.deepcopy(ctx_keys) ++ log.debug( ++ "LINE %-50s: entering BFD profile sub-context, append to ctx_keys", ++ line ++ ) ++ ctx_keys.append(line) ++ + else: + # Continuing in an existing context, add non-commented lines to it + current_context_lines.append(line) + diff --git a/SOURCES/0011-designated-router.patch b/SOURCES/0011-designated-router.patch new file mode 100644 index 0000000..323a10e --- /dev/null +++ b/SOURCES/0011-designated-router.patch @@ -0,0 +1,33 @@ +diff --git a/ospfd/ospf_vty.c b/ospfd/ospf_vty.c +index 69a3e4587..57ef6029a 100644 +--- a/ospfd/ospf_vty.c ++++ b/ospfd/ospf_vty.c +@@ -3737,6 +3737,28 @@ static void show_ip_ospf_interface_sub(struct vty *vty, struct ospf *ospf, + vty_out(vty, + " No backup designated router on this network\n"); + } else { ++ nbr = ospf_nbr_lookup_by_addr(oi->nbrs, &DR(oi)); ++ if (nbr) { ++ if (use_json) { ++ json_object_string_add( ++ json_interface_sub, "drId", ++ inet_ntoa(nbr->router_id)); ++ json_object_string_add( ++ json_interface_sub, "drAddress", ++ inet_ntoa(nbr->address.u ++ .prefix4)); ++ } else { ++ vty_out(vty, ++ " Designated Router (ID) %s", ++ inet_ntoa(nbr->router_id)); ++ vty_out(vty, ++ " Interface Address %s\n", ++ inet_ntoa(nbr->address.u ++ .prefix4)); ++ } ++ } ++ nbr = NULL; ++ + nbr = ospf_nbr_lookup_by_addr(oi->nbrs, &BDR(oi)); + if (nbr == NULL) { + if (!use_json) diff --git a/SPECS/frr.spec b/SPECS/frr.spec index 73a732d..1a3b1a8 100644 --- a/SPECS/frr.spec +++ b/SPECS/frr.spec @@ -5,7 +5,7 @@ Name: frr Version: 7.5 -Release: 4%{?checkout}%{?dist}.2 +Release: 11%{?checkout}%{?dist} Summary: Routing daemon License: GPLv2+ URL: http://www.frrouting.org @@ -37,7 +37,10 @@ Patch0003: 0003-disable-eigrp-crypto.patch Patch0004: 0004-fips-mode.patch Patch0006: 0006-CVE-2020-12831.patch Patch0007: 0007-frrinit.patch -Patch0008: 0008-bfd-reload.patch +Patch0008: 0008-ospf-multi-instance.patch +Patch0009: 0009-bgp-ttl-security.patch +Patch0010: 0010-bfd-reload.patch +Patch0011: 0011-designated-router.patch Patch0012: 0012-bfd-peers-crash.patch %description @@ -199,11 +202,27 @@ make check PYTHON=%{__python3} %{_tmpfilesdir}/%{name}.conf %changelog -* Wed Jan 05 2022 Michal Ruprich - 7.5-4.2 -- Resolves: #2037200 - Bfdd crash in metallb CI +* Wed Jan 05 2022 Michal Ruprich - 7.5-11 +- Resolves: #2034328 - Bfdd crash in metallb CI -* Fri Dec 10 2021 Michal Ruprich - 7.5-4.1 -- Resolves: #2031077 - FRR reloader generating invalid BFD configurations, exits with error +* Tue Jan 04 2022 Michal Ruprich - 7.5-10 +- Resolves: #2020878 - frr ospfd show ip ospf interface does not show designated router info + +* Fri Dec 10 2021 Michal Ruprich - 7.5-9 +- Resolves: #2029958 - FRR reloader generating invalid BFD configurations, exits with error + +* Tue Nov 16 2021 Michal Ruprich - 7.5-8 +- Resolves: #2021819 - Rebuilding for the new json-c + +* Thu Sep 30 2021 Michal Ruprich - 7.5-7 +- Related: #1917269 - Wrong value in gating file + +* Fri Sep 17 2021 Michal Ruprich - 7.5-6 +- Related: #1917269 - Incomplete patch, adding gating rules + +* Thu Sep 16 2021 Michal Ruprich - 7.5-5 +- Resolves: #1979426 - Unable to configure OSPF in multi-instance mode +- Resolves: #1917269 - vtysh running-config output not showing bgp ttl-security hops option * Tue Jan 12 2021 root - 7.5-4 - Related: #1889323 - Fixing start-up with old config file