diff --git a/SOURCES/0008-ospf-multi-instance.patch b/SOURCES/0008-ospf-multi-instance.patch new file mode 100644 index 0000000..e0da72a --- /dev/null +++ b/SOURCES/0008-ospf-multi-instance.patch @@ -0,0 +1,119 @@ +diff --git a/ospfd/ospfd.c b/ospfd/ospfd.c +index d8be19db9..6fe94f3a4 100644 +--- a/ospfd/ospfd.c ++++ b/ospfd/ospfd.c +@@ -384,12 +384,50 @@ struct ospf *ospf_lookup_by_inst_name(unsigned short instance, const char *name) + return NULL; + } + +-struct ospf *ospf_get(unsigned short instance, const char *name, bool *created) ++static void ospf_init(struct ospf *ospf) + { +- struct ospf *ospf; + struct vrf *vrf; + struct interface *ifp; + ++ ospf_opaque_type11_lsa_init(ospf); ++ ++ if (ospf->vrf_id != VRF_UNKNOWN) ++ ospf->oi_running = 1; ++ ++ /* Activate 'ip ospf area x' configured interfaces for given ++ * vrf. Activate area on vrf x aware interfaces. ++ * vrf_enable callback calls router_id_update which ++ * internally will call ospf_if_update to trigger ++ * network_run_state ++ */ ++ vrf = vrf_lookup_by_id(ospf->vrf_id); ++ ++ FOR_ALL_INTERFACES (vrf, ifp) { ++ struct ospf_if_params *params; ++ struct route_node *rn; ++ uint32_t count = 0; ++ ++ params = IF_DEF_PARAMS(ifp); ++ if (OSPF_IF_PARAM_CONFIGURED(params, if_area)) ++ count++; ++ ++ for (rn = route_top(IF_OIFS_PARAMS(ifp)); rn; rn = route_next(rn)) ++ if ((params = rn->info) && OSPF_IF_PARAM_CONFIGURED(params, if_area)) ++ count++; ++ ++ if (count > 0) { ++ ospf_interface_area_set(ospf, ifp); ++ ospf->if_ospf_cli_count += count; ++ } ++ } ++ ++ ospf_router_id_update(ospf); ++} ++ ++struct ospf *ospf_get(unsigned short instance, const char *name, bool *created) ++{ ++ struct ospf *ospf; ++ + /* vrf name provided call inst and name based api + * in case of no name pass default ospf instance */ + if (name) +@@ -402,39 +440,7 @@ struct ospf *ospf_get(unsigned short instance, const char *name, bool *created) + ospf = ospf_new(instance, name); + ospf_add(ospf); + +- ospf_opaque_type11_lsa_init(ospf); +- +- if (ospf->vrf_id != VRF_UNKNOWN) +- ospf->oi_running = 1; +- +- /* Activate 'ip ospf area x' configured interfaces for given +- * vrf. Activate area on vrf x aware interfaces. +- * vrf_enable callback calls router_id_update which +- * internally will call ospf_if_update to trigger +- * network_run_state +- */ +- vrf = vrf_lookup_by_id(ospf->vrf_id); +- +- FOR_ALL_INTERFACES (vrf, ifp) { +- struct ospf_if_params *params; +- struct route_node *rn; +- uint32_t count = 0; +- +- params = IF_DEF_PARAMS(ifp); +- if (OSPF_IF_PARAM_CONFIGURED(params, if_area)) +- count++; +- +- for (rn = route_top(IF_OIFS_PARAMS(ifp)); rn; rn = route_next(rn)) +- if ((params = rn->info) && OSPF_IF_PARAM_CONFIGURED(params, if_area)) +- count++; +- +- if (count > 0) { +- ospf_interface_area_set(ospf, ifp); +- ospf->if_ospf_cli_count += count; +- } +- } +- +- ospf_router_id_update(ospf); ++ ospf_init(ospf); + } + + return ospf; +@@ -450,7 +456,7 @@ struct ospf *ospf_get_instance(unsigned short instance, bool *created) + ospf = ospf_new(instance, NULL /* VRF_DEFAULT*/); + ospf_add(ospf); + +- ospf_opaque_type11_lsa_init(ospf); ++ ospf_init(ospf); + } + + return ospf; +diff --git a/ospfd/ospfd.h b/ospfd/ospfd.h +index 192e54281..3087b735a 100644 +--- a/ospfd/ospfd.h ++++ b/ospfd/ospfd.h +@@ -604,7 +604,6 @@ extern int ospf_nbr_nbma_poll_interval_set(struct ospf *, struct in_addr, + unsigned int); + extern int ospf_nbr_nbma_poll_interval_unset(struct ospf *, struct in_addr); + extern void ospf_prefix_list_update(struct prefix_list *); +-extern void ospf_init(void); + extern void ospf_if_update(struct ospf *, struct interface *); + extern void ospf_ls_upd_queue_empty(struct ospf_interface *); + extern void ospf_terminate(void); diff --git a/SOURCES/0009-bgp-ttl-security.patch b/SOURCES/0009-bgp-ttl-security.patch new file mode 100644 index 0000000..193929c --- /dev/null +++ b/SOURCES/0009-bgp-ttl-security.patch @@ -0,0 +1,92 @@ +From 8a66632391db5f5181a4afef6aae41f48bee7fdb Mon Sep 17 00:00:00 2001 +From: Donald Sharp +Date: Fri, 15 Jan 2021 08:14:49 -0500 +Subject: [PATCH] bgpd: Allow peer-groups to have `ttl-security hops` + configured + +The command `neighbor PGROUP ttl-security hops X` was being +accepted but ignored. Allow it to be stored. I am still +not sure that this is applied correctly, but that is another +problem. + +Fixes: #7848 +Signed-off-by: Donald Sharp +--- + bgpd/bgpd.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/bgpd/bgpd.c b/bgpd/bgpd.c +index 9297ec4711c..4ebd3da0620 100644 +--- a/bgpd/bgpd.c ++++ b/bgpd/bgpd.c +@@ -7150,6 +7150,7 @@ int is_ebgp_multihop_configured(struct peer *peer) + int peer_ttl_security_hops_set(struct peer *peer, int gtsm_hops) + { + struct peer_group *group; ++ struct peer *gpeer; + struct listnode *node, *nnode; + int ret; + +@@ -7186,9 +7187,10 @@ int peer_ttl_security_hops_set(struct peer *peer, int gtsm_hops) + return ret; + } else { + group = peer->group; ++ group->conf->gtsm_hops = gtsm_hops; + for (ALL_LIST_ELEMENTS(group->peer, node, nnode, +- peer)) { +- peer->gtsm_hops = group->conf->gtsm_hops; ++ gpeer)) { ++ gpeer->gtsm_hops = group->conf->gtsm_hops; + + /* Calling ebgp multihop also resets the + * session. +@@ -7198,7 +7200,7 @@ int peer_ttl_security_hops_set(struct peer *peer, int gtsm_hops) + * value is + * irrelevant. + */ +- peer_ebgp_multihop_set(peer, MAXTTL); ++ peer_ebgp_multihop_set(gpeer, MAXTTL); + } + } + } else { +@@ -7219,9 +7221,10 @@ int peer_ttl_security_hops_set(struct peer *peer, int gtsm_hops) + MAXTTL + 1 - gtsm_hops); + } else { + group = peer->group; ++ group->conf->gtsm_hops = gtsm_hops; + for (ALL_LIST_ELEMENTS(group->peer, node, nnode, +- peer)) { +- peer->gtsm_hops = group->conf->gtsm_hops; ++ gpeer)) { ++ gpeer->gtsm_hops = group->conf->gtsm_hops; + + /* Change setting of existing peer + * established then change value (may break +@@ -7231,17 +7234,18 @@ int peer_ttl_security_hops_set(struct peer *peer, int gtsm_hops) + * no session then do nothing (will get + * handled by next connection) + */ +- if (peer->fd >= 0 +- && peer->gtsm_hops ++ if (gpeer->fd >= 0 ++ && gpeer->gtsm_hops + != BGP_GTSM_HOPS_DISABLED) + sockopt_minttl( +- peer->su.sa.sa_family, peer->fd, +- MAXTTL + 1 - peer->gtsm_hops); +- if ((peer->status < Established) +- && peer->doppelganger +- && (peer->doppelganger->fd >= 0)) +- sockopt_minttl(peer->su.sa.sa_family, +- peer->doppelganger->fd, ++ gpeer->su.sa.sa_family, ++ gpeer->fd, ++ MAXTTL + 1 - gpeer->gtsm_hops); ++ if ((gpeer->status < Established) ++ && gpeer->doppelganger ++ && (gpeer->doppelganger->fd >= 0)) ++ sockopt_minttl(gpeer->su.sa.sa_family, ++ gpeer->doppelganger->fd, + MAXTTL + 1 - gtsm_hops); + } + } diff --git a/SPECS/frr.spec b/SPECS/frr.spec index 6445ed2..455a3e3 100644 --- a/SPECS/frr.spec +++ b/SPECS/frr.spec @@ -5,7 +5,7 @@ Name: frr Version: 7.5 -Release: 4%{?checkout}%{?dist} +Release: 7%{?checkout}%{?dist} Summary: Routing daemon License: GPLv2+ URL: http://www.frrouting.org @@ -37,6 +37,8 @@ Patch0003: 0003-disable-eigrp-crypto.patch Patch0004: 0004-fips-mode.patch Patch0006: 0006-CVE-2020-12831.patch Patch0007: 0007-frrinit.patch +Patch0008: 0008-ospf-multi-instance.patch +Patch0009: 0009-bgp-ttl-security.patch %description FRRouting is free software that manages TCP/IP based routing protocols. It takes @@ -197,6 +199,16 @@ make check PYTHON=%{__python3} %{_tmpfilesdir}/%{name}.conf %changelog +* Thu Sep 30 2021 Michal Ruprich - 7.5-7 +- Related: #1917269 - Wrong value in gating file + +* Fri Sep 17 2021 Michal Ruprich - 7.5-6 +- Related: #1917269 - Incomplete patch, adding gating rules + +* Thu Sep 16 2021 Michal Ruprich - 7.5-5 +- Resolves: #1979426 - Unable to configure OSPF in multi-instance mode +- Resolves: #1917269 - vtysh running-config output not showing bgp ttl-security hops option + * Tue Jan 12 2021 root - 7.5-4 - Related: #1889323 - Fixing start-up with old config file