From patchwork Mon Aug 12 15:38:00 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 7979 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4WjJZS1X7zz3x41 for ; Mon, 12 Aug 2024 15:38:24 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "E5" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4WjJZN4y5Lz5Zb; Mon, 12 Aug 2024 15:38:20 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4WjJZN4SQ3z341p; Mon, 12 Aug 2024 15:38:20 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4WjJZF6Tr5z341Q for ; Mon, 12 Aug 2024 15:38:13 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4WjJZF2jgBz5M3; Mon, 12 Aug 2024 15:38:13 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1723477093; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Lb6XlObPffEMMcsUMQTN7eYVlZMyThtNQmrmBLRjK9Y=; b=5m44vI9/UYKCYBp/jpAX2L9aFus8iwAdweCVX1oh8awWW3meOyyYgclv4lE6zrJ8aN23Bw 5S0piPRDYmvvzAAg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1723477093; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Lb6XlObPffEMMcsUMQTN7eYVlZMyThtNQmrmBLRjK9Y=; b=dU+AmU7+OpQGAmXoLV9WgNjO3MYpiuCxZ/QPsScOkbaUE/+RRWrvlhNgDULbUy7WOxxo4C CK8JK4tzahw4vpPOVdGOvaz9d1749elShyjFD6NoYHlVPpkLeedM7O4LRLNmoPgyGaHOWC XZiVAb+IHyW36PcPIS8FVw5nWEzysZQ04GMJnctlH1oVZL/2gsEtN17C+rMUSDQJt0605/ QoUVGg8aMTPXhybwDtiYeei5gpZ3gaga0p2cxuAixazc+/x6GT8O8GAfUe70bY4rJge4MJ fTzltV2jlZpajdBJAbRKlkKoCl6RlJcpje1Fwgse3WOQimvIwqDfSeJdYnk2dw== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH] frr: Update to version 10.1 Date: Mon, 12 Aug 2024 17:38:00 +0200 Message-ID: <20240812153808.3944396-6-adolf.belka@ipfire.org> In-Reply-To: <20240812153808.3944396-1-adolf.belka@ipfire.org> References: <20240812153808.3944396-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Message-ID-Hash: 6VCTOFQNXCZ4534S3R53YR622U4PT5GK X-Message-ID-Hash: 6VCTOFQNXCZ4534S3R53YR622U4PT5GK X-MailFrom: adolf.belka@ipfire.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.8 Precedence: list List-Id: IPFire development talk Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: - Update from version 9.1 to 10.1 - Update of rootfile - CVE Fixes in 9.1.1 - Changelog 10.1 Breaking changes Enable BGP dynamic capability by default for datacenter profile Advertise BGP "Dynamic" capability by default if using a datacenter profile. The dynamic capability gives more flexibility in terms of changing some parameters (e.g. Graceful-Restart, Long-lived Graceful-Restart timers, Addpath, Role, etc.) without resetting the session. Split BGP rpki cache command into separate per SSH/TCP The old command is broken at some level. When configuring a TCP session with the source, the command thinks it's an SSH session with a username. Add deprecation cycle for OSPF router-info X [A.B.C.D] command Features BGP dampening per-neighbor support It is now possible to configure BGP dampening parameters on a per-neighbor basis. In previous releases, BGP dampening could only be configured globally or per-SAFI. BMP send-experimental stats We added an option to send experimental BMP (RFC 7854) stats [65531-65534]. RFC 7854 defines BMP statistics types: Values 65531 through 65534 are Experimental, and value 65535 is Reserved. Implement extended link-bandwidth for BGP By default bandwidth in extended communities is encoded in IEEE floating-point format, and is limited to a maximum of 25 Gbps. Since not every vendor implements this correctly (due to IEEE floating-point), another draft is implemented to encode the bandwidth into IPv6 address-specific extended community. Paths Limit for Multiple Paths in BGP Implemented this draft as an extension for the Addpath capability, that tells the sender to send only an arbitrary number of paths per prefix instead of sending all of the known paths. New command for OSPFv2 ip ospf neighbor-filter NAME [A.B.C.D] Configure an IP prefix list to filter packets received from OSPF neighbors on the OSPF interface. Implement non-broadcast support for point-to-multipoint networks This extends non-broadcast support to point-to-multipoint networks. The AllOSPFRouters (224.0.0.5) is still joined for non-broadcast networks since it is joined for NBMA networks. Other significant changes bgpd Fix route leaking from the default l3vrf Fix match peer when switching between IPv4/IPv6/interface Fix dynamic peer graceful restart race condition Fix colored routes not installed after a switchover Fix crash when deleting the SRv6 locator Fix no set as-path prepend ASNUM... Fix negative commands for Graceful-Restart operations (avoid entering incorrect state) Fix ipv4-mapped ipv6 on non 6pe Fix show run of network route-distinguisher Fix display when using missing-as-worst Fix show bgp neighbors output Fix error handling for MP/GR capabilities as a dynamic capability Fix error handling when receiving BGP Prefix-SID attribute Fix route-target display with a dotted format Fix no bgp as-path access-list Fix no form for neighbor X capability software-version Check against extended community unit size for link bandwidth Make sure we have enough data to handle extended link bandwidth Check if FQDN capability length is in valid ranges Allow using different ASNs per VRF instances Send End-of-RIB not only if Graceful-Restart capability is received Implement backpressure to avoid CPU hog Ignore validating the attribute flags if path-attribute is configured Prevent deletion of BGP peer groups associated with bgp listen range Inherit some peer flags from the peer-group Allow specification of AS 0 for RPKI commands Allow using maximum-prefix for EVPN Increase install/uninstall speed of EVPN VNIs Update default-originate route-map actual map structure Include unsuppress-map as a valid outgoing eBGP policy Allow dynamically disable graceful-restart/long-lived graceful-restart Unset advertised capabilities if the capability is disabled Aggregated summary-only remove suppressed from EVPN isisd Fix crash when deactivating ISIS adjacency on the interface Fix show isis database [detail] json Fix show isis algorithm Fix crash when configuring the circuit type for the interface Fix IP/IPv6 reachability TLVs When the metric-type is configured as "wide", the IS-IS generates incorrect metric values for IPv4 directly connected routes Add link state support for SRv6 adjacencies The hold time of hello packets on a P2P link does not match the sending interval mgmtd Implement YANG RPC/action support ospfd Fix crash in OSPF TE parsing Fix the bug where ip_ospf_dead-interval_minimal_hello-multiplier did not reset the hello timer Fix no write-multiplier command Fix no maximum-paths command Solved crash in RI parsing with OSPF TE Assure OSPF AS External routes are installed after the link flap Send LS Updates in response to LS Request as unicast ospf6d Handle topo change in Graceful-Restart Helper mode for max-age LSAs Prevent heap-buffer-overflow with an unknown type Redistribute metric for AS-external route Fix next-hop computation for inter-area multi-ABR ECMP Fix interface type vs. connected routes updates pathd Retry synchronous label-manager ZAPI connection pimd Fix null register before aging out reg-stop Fix dr-priority range Fix crash unconfiguring rp keepalive timer lib Fix keychain NB crash Do not convert EVPN prefixes into IPv4/IPv6 if not needed ripd Fix clear ip rip command ripngd Fix clear ipv6 ripng command tools Handle seq num for BGP as-path in frr-reload.py vtysh Fix 'show ip[v6] prefix-list ... json' formatting by moving it to vtysh Fix show route-map command when calling via do Show ip ospf network ... even if it's not the same as the interface type zebra Fix mpls label bind command Fix excessive exit commands Fix static SRv6 segment-list SID order Fix JSON output for show route summary json Fix malformed json output for multiple vrfs in command show ip route vrf all json Fix crash if MAC-VLAN link in another netns Fix crash on MAC-VLAN link down/up Deny the routes if ip protocol CLI refers to an undefined route-map Bridge flap handle VLAN membership update Add show fpm status [json] command 9.1.1 Fixed CVEs CVE-2024-31950 CVE-2024-31951 CVE-2024-31949 Bug Fixes bgpd "default-originate" shouldn't withdraw non-default routes Aggr summary-only suppressed export to evpn Allow using optional table id for negative `no set table x` command Arrange peer notification to after zebra announce Check bgp evpn instance presence in soo Convert the bgp_advertise_attr->adv to a fifo Do not show tcp mss if the socket is broken Ensure bgp does not stop monitoring nexthops Ensure community data is freed in some cases. Ensure that the correct aspath is free'd Fix `match peer` when switching between ipv4/ipv6/interface Fix `no set as-path prepend asnum...` Fix bgp_best_selection heap-use-after-free Fix crash when deleting the srv6 locator Fix display when using `missing-as-worst` Fix dynamic peer graceful restart race condition Fix ecommunity_fill_pbr_action heap-buffer-overflow Fix error handling when receiving bgp prefix sid attribute Fix errors handling for mp/gr capabilities as dynamic capability Fix format overflow for graceful-restart debug logs Fix logging message when receiving a software version capability Fix no bgp as-path access-list issue Fix route-map match probability deconfiguration callback Fix srv6 memory leak detection Fix the order of null check and zapi decode Fix vrf leaking with 'no bgp network import-check Free memory for srv6 functions and locator chunks Ignore validating the attribute flags if path-attribute is configured Include unsuppress-map as a valid outgoing policy Lttng tp add evpn route events Make `suppress-fib-pending` clear peering Note when receiving but not understanding a route notification Prevent from one more cve triggering this place Set correct ttl for the dynamic neighbor peers Update default-originate route-map actual map structure Revert "Fix pointer arithmetic in bgp snmp module" doc Add param range for graceful-restart helper supported-grace-time Remove duplicated show route-map isisd Fix _isis_spftree_del heap-use-after-free Fix dislaying lsp id Fix heap-after-free with prefix sid Fix ip/ipv6 reachability tlvs lib Check for not being a blackhole route Fix show route map json output Do not convert evpn prefixes into ipv4/ipv6 if not needed Replace deprecated ares_gethostbyname Replace deprecated ares_process() nhrpd Fix race condition Fix core dump on shutdown ospf6d Ospfv3 route change comparision fixed for asbr-only change Prevent heap-buffer-overflow with unknown type ospfd Add support for "no router-info [] command" Can not delete "segment-routing node-msd" when sr if off Correct lsa parser which fulfill the ted Correct opaque lsa extended parser Correct sid check size Fix ospf dead-interval minimal hello-multiplier param range Fix the bug where ip_ospf_dead-interval_minimal_hello-multiplier did not reset hello timer Protect call to get_edge() in ospf_te.c Solved crash in ospf te parsing Solved crash in ri parsing with ospf te Revert "Fix some dicey pointer arith in snmp module" pbrd Fix map seq installed flag in json Fix pbr handling for last rule deletion pimd Fix crash unconfiguring rp keepalive timer Fix crash when configuring ssmpingd Fix dr-priority range Fix null register before aging out reg-stop Fix order of operations for evaluating join Re-evaluated s,g oils upon rp changes and for empty sg upstream oils Fix crash when mixing ssm/any-source joins staticd Fix changing to source auto in bfd monitor tests Check for 0.0.0.0/1 in bgp_default_route Check if ibgp session can drop invalid aigp attribute Extend tests for aspath exclude Update ospf te topotests tools Apply black formatting for tools/frr-reload.py Fix frr-reload interface desc cmd Fix frr-reload multiple no description cmds Fix frr-reload multiple no description cmds Use error log level when failing to execute commands via frr-reload.py topotests Do not check table version Redispatch tests in bfd_topo3 Test wrong bfd source in bfd_topo3 Vpnv4 route leaking with no import-check vtysh Show `ip ospf network ...` even if it's not the same as the interface type zebra Add missing whitespace when printing route entry status Deny the routes if ip protocol cli refers to an undefined rmap Don't deref vxlan-vni array Fix crash if macvlan link in another netns Fix crash on macvlan link down/up Fix evpn svd based remote nh neigh del Fix mpls command Fix route deletion during zebra shutdown The dplane_fpm_nl return path leaks memory Signed-off-by: Adolf Belka --- config/rootfiles/packages/frr | 14 ++++++++++++-- lfs/frr | 6 +++--- 2 files changed, 15 insertions(+), 5 deletions(-) diff --git a/config/rootfiles/packages/frr b/config/rootfiles/packages/frr index 92b31ffe9..b5661dff4 100644 --- a/config/rootfiles/packages/frr +++ b/config/rootfiles/packages/frr @@ -36,9 +36,11 @@ usr/bin/vtysh #usr/include/frr/frr_pthread.h #usr/include/frr/frratomic.h #usr/include/frr/frrcu.h +#usr/include/frr/frrdistance.h #usr/include/frr/frrevent.h #usr/include/frr/frrlua.h #usr/include/frr/frrscript.h +#usr/include/frr/frrsendmmsg.h #usr/include/frr/frrstr.h #usr/include/frr/graph.h #usr/include/frr/hash.h @@ -56,6 +58,7 @@ usr/bin/vtysh #usr/include/frr/ldp_sync.h #usr/include/frr/lib_errors.h #usr/include/frr/lib_vty.h +#usr/include/frr/libagentx.h #usr/include/frr/libfrr.h #usr/include/frr/libfrr_trace.h #usr/include/frr/libospf.h @@ -67,11 +70,11 @@ usr/bin/vtysh #usr/include/frr/memory.h #usr/include/frr/mgmt.pb-c.h #usr/include/frr/mgmt_be_client.h +#usr/include/frr/mgmt_defines.h #usr/include/frr/mgmt_fe_client.h #usr/include/frr/mgmt_msg.h +#usr/include/frr/mgmt_msg_native.h #usr/include/frr/mgmt_pb.h -#usr/include/frr/mgmtd -#usr/include/frr/mgmtd/mgmt_defines.h #usr/include/frr/mlag.h #usr/include/frr/module.h #usr/include/frr/monotime.h @@ -152,6 +155,7 @@ usr/bin/vtysh #usr/include/frr/zlog.h #usr/include/frr/zlog_5424.h #usr/include/frr/zlog_live.h +#usr/include/frr/zlog_recirculate.h #usr/include/frr/zlog_targets.h #usr/lib/frr #usr/lib/frr/modules @@ -181,6 +185,7 @@ usr/lib/libmgmt_be_nb.so.0 usr/lib/libmgmt_be_nb.so.0.0.0 usr/sbin/bgpd usr/sbin/fabricd +usr/sbin/fpm_listener usr/sbin/frr usr/sbin/frr-reload usr/sbin/frr-reload.py @@ -211,6 +216,7 @@ usr/sbin/zebra #usr/share/yang/frr-bgp-types.yang #usr/share/yang/frr-bgp.yang #usr/share/yang/frr-deviations-bgp-datacenter.yang +#usr/share/yang/frr-deviations-ietf-key-chain.yang #usr/share/yang/frr-filter.yang #usr/share/yang/frr-if-rmap.yang #usr/share/yang/frr-interface.yang @@ -231,5 +237,9 @@ usr/sbin/zebra #usr/share/yang/frr-zebra.yang #usr/share/yang/ietf-bgp-types.yang #usr/share/yang/ietf-interfaces.yang +#usr/share/yang/ietf-key-chain.yang +#usr/share/yang/ietf-netconf-acm.yang +#usr/share/yang/ietf-netconf-with-defaults.yang +#usr/share/yang/ietf-netconf.yang #usr/share/yang/ietf-routing-types.yang var/ipfire/backup/addons/includes/frr diff --git a/lfs/frr b/lfs/frr index ea5a6b9e9..577698cd6 100644 --- a/lfs/frr +++ b/lfs/frr @@ -26,7 +26,7 @@ include Config SUMMARY = FRRouting Routing daemon -VER = 9.1 +VER = 10.1 THISAPP = frr-frr-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = frr -PAK_VER = 9 +PAK_VER = 10 DEPS = @@ -50,7 +50,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = ba64f9455c38441f8cadce4eed435fb86344244e98bd1b675335887fb098be29adc035d722d3c128e136a4c6b0aa1adcbdc0e22815702e52170da940a5caf20a +$(DL_FILE)_BLAKE2 = 72dccecd6ad4f64a635d17ca99f2b1583ea83697901a0078270c033effa53ece2a4fe169d1b46d9393000a437bb48e562f49b2a94b48f4d2d013d2204322fde8 install : $(TARGET)