import frr-7.5.1-4.el8
This commit is contained in:
parent
ea88f68640
commit
6868c1555b
@ -1 +1 @@
|
|||||||
67064fd2c9f971a7004e3e66411f9c99e56cfb9c SOURCES/frr-7.5.tar.gz
|
dfc756dfd123360d1e1a760d66821e47f9a6afed SOURCES/frr-7.5.1.tar.gz
|
||||||
|
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
|||||||
SOURCES/frr-7.5.tar.gz
|
SOURCES/frr-7.5.1.tar.gz
|
||||||
|
@ -1,119 +0,0 @@
|
|||||||
diff --git a/ospfd/ospfd.c b/ospfd/ospfd.c
|
|
||||||
index d8be19db9..6fe94f3a4 100644
|
|
||||||
--- a/ospfd/ospfd.c
|
|
||||||
+++ b/ospfd/ospfd.c
|
|
||||||
@@ -384,12 +384,50 @@ struct ospf *ospf_lookup_by_inst_name(unsigned short instance, const char *name)
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
-struct ospf *ospf_get(unsigned short instance, const char *name, bool *created)
|
|
||||||
+static void ospf_init(struct ospf *ospf)
|
|
||||||
{
|
|
||||||
- struct ospf *ospf;
|
|
||||||
struct vrf *vrf;
|
|
||||||
struct interface *ifp;
|
|
||||||
|
|
||||||
+ ospf_opaque_type11_lsa_init(ospf);
|
|
||||||
+
|
|
||||||
+ if (ospf->vrf_id != VRF_UNKNOWN)
|
|
||||||
+ ospf->oi_running = 1;
|
|
||||||
+
|
|
||||||
+ /* Activate 'ip ospf area x' configured interfaces for given
|
|
||||||
+ * vrf. Activate area on vrf x aware interfaces.
|
|
||||||
+ * vrf_enable callback calls router_id_update which
|
|
||||||
+ * internally will call ospf_if_update to trigger
|
|
||||||
+ * network_run_state
|
|
||||||
+ */
|
|
||||||
+ vrf = vrf_lookup_by_id(ospf->vrf_id);
|
|
||||||
+
|
|
||||||
+ FOR_ALL_INTERFACES (vrf, ifp) {
|
|
||||||
+ struct ospf_if_params *params;
|
|
||||||
+ struct route_node *rn;
|
|
||||||
+ uint32_t count = 0;
|
|
||||||
+
|
|
||||||
+ params = IF_DEF_PARAMS(ifp);
|
|
||||||
+ if (OSPF_IF_PARAM_CONFIGURED(params, if_area))
|
|
||||||
+ count++;
|
|
||||||
+
|
|
||||||
+ for (rn = route_top(IF_OIFS_PARAMS(ifp)); rn; rn = route_next(rn))
|
|
||||||
+ if ((params = rn->info) && OSPF_IF_PARAM_CONFIGURED(params, if_area))
|
|
||||||
+ count++;
|
|
||||||
+
|
|
||||||
+ if (count > 0) {
|
|
||||||
+ ospf_interface_area_set(ospf, ifp);
|
|
||||||
+ ospf->if_ospf_cli_count += count;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ ospf_router_id_update(ospf);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+struct ospf *ospf_get(unsigned short instance, const char *name, bool *created)
|
|
||||||
+{
|
|
||||||
+ struct ospf *ospf;
|
|
||||||
+
|
|
||||||
/* vrf name provided call inst and name based api
|
|
||||||
* in case of no name pass default ospf instance */
|
|
||||||
if (name)
|
|
||||||
@@ -402,39 +440,7 @@ struct ospf *ospf_get(unsigned short instance, const char *name, bool *created)
|
|
||||||
ospf = ospf_new(instance, name);
|
|
||||||
ospf_add(ospf);
|
|
||||||
|
|
||||||
- ospf_opaque_type11_lsa_init(ospf);
|
|
||||||
-
|
|
||||||
- if (ospf->vrf_id != VRF_UNKNOWN)
|
|
||||||
- ospf->oi_running = 1;
|
|
||||||
-
|
|
||||||
- /* Activate 'ip ospf area x' configured interfaces for given
|
|
||||||
- * vrf. Activate area on vrf x aware interfaces.
|
|
||||||
- * vrf_enable callback calls router_id_update which
|
|
||||||
- * internally will call ospf_if_update to trigger
|
|
||||||
- * network_run_state
|
|
||||||
- */
|
|
||||||
- vrf = vrf_lookup_by_id(ospf->vrf_id);
|
|
||||||
-
|
|
||||||
- FOR_ALL_INTERFACES (vrf, ifp) {
|
|
||||||
- struct ospf_if_params *params;
|
|
||||||
- struct route_node *rn;
|
|
||||||
- uint32_t count = 0;
|
|
||||||
-
|
|
||||||
- params = IF_DEF_PARAMS(ifp);
|
|
||||||
- if (OSPF_IF_PARAM_CONFIGURED(params, if_area))
|
|
||||||
- count++;
|
|
||||||
-
|
|
||||||
- for (rn = route_top(IF_OIFS_PARAMS(ifp)); rn; rn = route_next(rn))
|
|
||||||
- if ((params = rn->info) && OSPF_IF_PARAM_CONFIGURED(params, if_area))
|
|
||||||
- count++;
|
|
||||||
-
|
|
||||||
- if (count > 0) {
|
|
||||||
- ospf_interface_area_set(ospf, ifp);
|
|
||||||
- ospf->if_ospf_cli_count += count;
|
|
||||||
- }
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- ospf_router_id_update(ospf);
|
|
||||||
+ ospf_init(ospf);
|
|
||||||
}
|
|
||||||
|
|
||||||
return ospf;
|
|
||||||
@@ -450,7 +456,7 @@ struct ospf *ospf_get_instance(unsigned short instance, bool *created)
|
|
||||||
ospf = ospf_new(instance, NULL /* VRF_DEFAULT*/);
|
|
||||||
ospf_add(ospf);
|
|
||||||
|
|
||||||
- ospf_opaque_type11_lsa_init(ospf);
|
|
||||||
+ ospf_init(ospf);
|
|
||||||
}
|
|
||||||
|
|
||||||
return ospf;
|
|
||||||
diff --git a/ospfd/ospfd.h b/ospfd/ospfd.h
|
|
||||||
index 192e54281..3087b735a 100644
|
|
||||||
--- a/ospfd/ospfd.h
|
|
||||||
+++ b/ospfd/ospfd.h
|
|
||||||
@@ -604,7 +604,6 @@ extern int ospf_nbr_nbma_poll_interval_set(struct ospf *, struct in_addr,
|
|
||||||
unsigned int);
|
|
||||||
extern int ospf_nbr_nbma_poll_interval_unset(struct ospf *, struct in_addr);
|
|
||||||
extern void ospf_prefix_list_update(struct prefix_list *);
|
|
||||||
-extern void ospf_init(void);
|
|
||||||
extern void ospf_if_update(struct ospf *, struct interface *);
|
|
||||||
extern void ospf_ls_upd_queue_empty(struct ospf_interface *);
|
|
||||||
extern void ospf_terminate(void);
|
|
@ -1,92 +0,0 @@
|
|||||||
From 8a66632391db5f5181a4afef6aae41f48bee7fdb Mon Sep 17 00:00:00 2001
|
|
||||||
From: Donald Sharp <sharpd@nvidia.com>
|
|
||||||
Date: Fri, 15 Jan 2021 08:14:49 -0500
|
|
||||||
Subject: [PATCH] bgpd: Allow peer-groups to have `ttl-security hops`
|
|
||||||
configured
|
|
||||||
|
|
||||||
The command `neighbor PGROUP ttl-security hops X` was being
|
|
||||||
accepted but ignored. Allow it to be stored. I am still
|
|
||||||
not sure that this is applied correctly, but that is another
|
|
||||||
problem.
|
|
||||||
|
|
||||||
Fixes: #7848
|
|
||||||
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
|
|
||||||
---
|
|
||||||
bgpd/bgpd.c | 8 +++++---
|
|
||||||
1 file changed, 5 insertions(+), 3 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/bgpd/bgpd.c b/bgpd/bgpd.c
|
|
||||||
index 9297ec4711c..4ebd3da0620 100644
|
|
||||||
--- a/bgpd/bgpd.c
|
|
||||||
+++ b/bgpd/bgpd.c
|
|
||||||
@@ -7150,6 +7150,7 @@ int is_ebgp_multihop_configured(struct peer *peer)
|
|
||||||
int peer_ttl_security_hops_set(struct peer *peer, int gtsm_hops)
|
|
||||||
{
|
|
||||||
struct peer_group *group;
|
|
||||||
+ struct peer *gpeer;
|
|
||||||
struct listnode *node, *nnode;
|
|
||||||
int ret;
|
|
||||||
|
|
||||||
@@ -7186,9 +7187,10 @@ int peer_ttl_security_hops_set(struct peer *peer, int gtsm_hops)
|
|
||||||
return ret;
|
|
||||||
} else {
|
|
||||||
group = peer->group;
|
|
||||||
+ group->conf->gtsm_hops = gtsm_hops;
|
|
||||||
for (ALL_LIST_ELEMENTS(group->peer, node, nnode,
|
|
||||||
- peer)) {
|
|
||||||
- peer->gtsm_hops = group->conf->gtsm_hops;
|
|
||||||
+ gpeer)) {
|
|
||||||
+ gpeer->gtsm_hops = group->conf->gtsm_hops;
|
|
||||||
|
|
||||||
/* Calling ebgp multihop also resets the
|
|
||||||
* session.
|
|
||||||
@@ -7198,7 +7200,7 @@ int peer_ttl_security_hops_set(struct peer *peer, int gtsm_hops)
|
|
||||||
* value is
|
|
||||||
* irrelevant.
|
|
||||||
*/
|
|
||||||
- peer_ebgp_multihop_set(peer, MAXTTL);
|
|
||||||
+ peer_ebgp_multihop_set(gpeer, MAXTTL);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
@@ -7219,9 +7221,10 @@ int peer_ttl_security_hops_set(struct peer *peer, int gtsm_hops)
|
|
||||||
MAXTTL + 1 - gtsm_hops);
|
|
||||||
} else {
|
|
||||||
group = peer->group;
|
|
||||||
+ group->conf->gtsm_hops = gtsm_hops;
|
|
||||||
for (ALL_LIST_ELEMENTS(group->peer, node, nnode,
|
|
||||||
- peer)) {
|
|
||||||
- peer->gtsm_hops = group->conf->gtsm_hops;
|
|
||||||
+ gpeer)) {
|
|
||||||
+ gpeer->gtsm_hops = group->conf->gtsm_hops;
|
|
||||||
|
|
||||||
/* Change setting of existing peer
|
|
||||||
* established then change value (may break
|
|
||||||
@@ -7231,17 +7234,18 @@ int peer_ttl_security_hops_set(struct peer *peer, int gtsm_hops)
|
|
||||||
* no session then do nothing (will get
|
|
||||||
* handled by next connection)
|
|
||||||
*/
|
|
||||||
- if (peer->fd >= 0
|
|
||||||
- && peer->gtsm_hops
|
|
||||||
+ if (gpeer->fd >= 0
|
|
||||||
+ && gpeer->gtsm_hops
|
|
||||||
!= BGP_GTSM_HOPS_DISABLED)
|
|
||||||
sockopt_minttl(
|
|
||||||
- peer->su.sa.sa_family, peer->fd,
|
|
||||||
- MAXTTL + 1 - peer->gtsm_hops);
|
|
||||||
- if ((peer->status < Established)
|
|
||||||
- && peer->doppelganger
|
|
||||||
- && (peer->doppelganger->fd >= 0))
|
|
||||||
- sockopt_minttl(peer->su.sa.sa_family,
|
|
||||||
- peer->doppelganger->fd,
|
|
||||||
+ gpeer->su.sa.sa_family,
|
|
||||||
+ gpeer->fd,
|
|
||||||
+ MAXTTL + 1 - gpeer->gtsm_hops);
|
|
||||||
+ if ((gpeer->status < Established)
|
|
||||||
+ && gpeer->doppelganger
|
|
||||||
+ && (gpeer->doppelganger->fd >= 0))
|
|
||||||
+ sockopt_minttl(gpeer->su.sa.sa_family,
|
|
||||||
+ gpeer->doppelganger->fd,
|
|
||||||
MAXTTL + 1 - gtsm_hops);
|
|
||||||
}
|
|
||||||
}
|
|
25
SOURCES/0009-routemap.patch
Normal file
25
SOURCES/0009-routemap.patch
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
diff --git a/lib/routemap.c b/lib/routemap.c
|
||||||
|
index a90443a..0b594b2 100644
|
||||||
|
--- a/lib/routemap.c
|
||||||
|
+++ b/lib/routemap.c
|
||||||
|
@@ -1649,9 +1649,9 @@ static struct list *route_map_get_index_list(struct route_node **rn,
|
||||||
|
*/
|
||||||
|
static struct route_map_index *
|
||||||
|
route_map_get_index(struct route_map *map, const struct prefix *prefix,
|
||||||
|
- route_map_object_t type, void *object, uint8_t *match_ret)
|
||||||
|
+ route_map_object_t type, void *object, enum route_map_cmd_result_t *match_ret)
|
||||||
|
{
|
||||||
|
- int ret = 0;
|
||||||
|
+ enum route_map_cmd_result_t ret = RMAP_NOMATCH;
|
||||||
|
struct list *candidate_rmap_list = NULL;
|
||||||
|
struct route_node *rn = NULL;
|
||||||
|
struct listnode *ln = NULL, *nn = NULL;
|
||||||
|
@@ -2399,7 +2399,7 @@ route_map_result_t route_map_apply(struct route_map *map,
|
||||||
|
if ((!map->optimization_disabled)
|
||||||
|
&& (map->ipv4_prefix_table || map->ipv6_prefix_table)) {
|
||||||
|
index = route_map_get_index(map, prefix, type, object,
|
||||||
|
- (uint8_t *)&match_ret);
|
||||||
|
+ &match_ret);
|
||||||
|
if (index) {
|
||||||
|
if (rmap_debug)
|
||||||
|
zlog_debug(
|
@ -1,60 +0,0 @@
|
|||||||
From 46a2b560fa84c5f8ece8dbb82cbf355af675ad41 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Rafael Zalamena <rzalamena@opensourcerouting.org>
|
|
||||||
Date: Tue, 19 Jan 2021 08:49:23 -0300
|
|
||||||
Subject: [PATCH] tools: fix frr-reload BFD profile support
|
|
||||||
|
|
||||||
Fix the handling of multiple BFD profiles by adding the appropriated
|
|
||||||
code to push/pop contexts inside BFD configuration node.
|
|
||||||
|
|
||||||
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
|
|
||||||
---
|
|
||||||
tools/frr-reload.py | 28 ++++++++++++++++++++++++++++
|
|
||||||
1 file changed, 28 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/tools/frr-reload.py b/tools/frr-reload.py
|
|
||||||
index da005b6f874..ca6fe81f007 100755
|
|
||||||
--- a/tools/frr-reload.py
|
|
||||||
+++ b/tools/frr-reload.py
|
|
||||||
@@ -533,6 +533,18 @@ def load_contexts(self):
|
|
||||||
if line.startswith('!') or line.startswith('#'):
|
|
||||||
continue
|
|
||||||
|
|
||||||
+ if (len(ctx_keys) == 2
|
|
||||||
+ and ctx_keys[0].startswith('bfd')
|
|
||||||
+ and ctx_keys[1].startswith('profile ')
|
|
||||||
+ and line == 'end'):
|
|
||||||
+ log.debug('LINE %-50s: popping from sub context, %-50s', line, ctx_keys)
|
|
||||||
+
|
|
||||||
+ if main_ctx_key:
|
|
||||||
+ self.save_contexts(ctx_keys, current_context_lines)
|
|
||||||
+ ctx_keys = copy.deepcopy(main_ctx_key)
|
|
||||||
+ current_context_lines = []
|
|
||||||
+ continue
|
|
||||||
+
|
|
||||||
# one line contexts
|
|
||||||
# there is one exception though: ldpd accepts a 'router-id' clause
|
|
||||||
# as part of its 'mpls ldp' config context. If we are processing
|
|
||||||
@@ -649,6 +661,22 @@ def load_contexts(self):
|
|
||||||
log.debug('LINE %-50s: entering sub-sub-context, append to ctx_keys', line)
|
|
||||||
ctx_keys.append(line)
|
|
||||||
|
|
||||||
+ elif (
|
|
||||||
+ line.startswith('profile ')
|
|
||||||
+ and len(ctx_keys) == 1
|
|
||||||
+ and ctx_keys[0].startswith('bfd')
|
|
||||||
+ ):
|
|
||||||
+
|
|
||||||
+ # Save old context first
|
|
||||||
+ self.save_contexts(ctx_keys, current_context_lines)
|
|
||||||
+ current_context_lines = []
|
|
||||||
+ main_ctx_key = copy.deepcopy(ctx_keys)
|
|
||||||
+ log.debug(
|
|
||||||
+ "LINE %-50s: entering BFD profile sub-context, append to ctx_keys",
|
|
||||||
+ line
|
|
||||||
+ )
|
|
||||||
+ ctx_keys.append(line)
|
|
||||||
+
|
|
||||||
else:
|
|
||||||
# Continuing in an existing context, add non-commented lines to it
|
|
||||||
current_context_lines.append(line)
|
|
||||||
|
|
40
SOURCES/0010-moving-executables.patch
Normal file
40
SOURCES/0010-moving-executables.patch
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
diff --git a/tools/frr.service b/tools/frr.service
|
||||||
|
index aa45f42..a3f0103 100644
|
||||||
|
--- a/tools/frr.service
|
||||||
|
+++ b/tools/frr.service
|
||||||
|
@@ -17,9 +17,9 @@ WatchdogSec=60s
|
||||||
|
RestartSec=5
|
||||||
|
Restart=on-abnormal
|
||||||
|
LimitNOFILE=1024
|
||||||
|
-ExecStart=/usr/lib/frr/frrinit.sh start
|
||||||
|
-ExecStop=/usr/lib/frr/frrinit.sh stop
|
||||||
|
-ExecReload=/usr/lib/frr/frrinit.sh reload
|
||||||
|
+ExecStart=/usr/libexec/frr/frrinit.sh start
|
||||||
|
+ExecStop=/usr/libexec/frr/frrinit.sh stop
|
||||||
|
+ExecReload=/usr/libexec/frr/frrinit.sh reload
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
|
diff --git a/tools/frrcommon.sh.in b/tools/frrcommon.sh.in
|
||||||
|
index 9a144b2..a334d95 100644
|
||||||
|
--- a/tools/frrcommon.sh.in
|
||||||
|
+++ b/tools/frrcommon.sh.in
|
||||||
|
@@ -59,6 +59,9 @@ chownfrr() {
|
||||||
|
[ -n "$FRR_USER" ] && chown "$FRR_USER" "$1"
|
||||||
|
[ -n "$FRR_GROUP" ] && chgrp "$FRR_GROUP" "$1"
|
||||||
|
[ -n "$FRR_CONFIG_MODE" ] && chmod "$FRR_CONFIG_MODE" "$1"
|
||||||
|
+ if [ -d "$1" ]; then
|
||||||
|
+ chmod gu+x "$1"
|
||||||
|
+ fi
|
||||||
|
}
|
||||||
|
|
||||||
|
vtysh_b () {
|
||||||
|
@@ -152,7 +155,7 @@ daemon_start() {
|
||||||
|
daemon_prep "$daemon" "$inst" || return 1
|
||||||
|
if test ! -d "$V_PATH"; then
|
||||||
|
mkdir -p "$V_PATH"
|
||||||
|
- chown frr "$V_PATH"
|
||||||
|
+ chownfrr "$V_PATH"
|
||||||
|
fi
|
||||||
|
|
||||||
|
eval wrap="\$${daemon}_wrap"
|
77
SOURCES/0011-reload-bfd-profile.patch
Normal file
77
SOURCES/0011-reload-bfd-profile.patch
Normal file
@ -0,0 +1,77 @@
|
|||||||
|
diff --git a/tools/frr-reload.py b/tools/frr-reload.py
|
||||||
|
index 9979c8b..1c24f90 100755
|
||||||
|
--- a/tools/frr-reload.py
|
||||||
|
+++ b/tools/frr-reload.py
|
||||||
|
@@ -785,6 +785,48 @@ def line_exist(lines, target_ctx_keys, target_line, exact_match=True):
|
||||||
|
return True
|
||||||
|
return False
|
||||||
|
|
||||||
|
+def delete_bgp_bfd(lines_to_add, lines_to_del):
|
||||||
|
+ """
|
||||||
|
+ When 'neighbor <peer> bfd profile <profile>' is present without a
|
||||||
|
+ 'neighbor <peer> bfd' line, FRR explicitily adds it to the running
|
||||||
|
+ configuration. When the new configuration drops the bfd profile
|
||||||
|
+ line, the user's intent is to delete any bfd configuration on the
|
||||||
|
+ peer. On reload, deleting the bfd profile line after the bfd line
|
||||||
|
+ will re-enable BFD with the default BFD profile. Move the bfd line
|
||||||
|
+ to the end, if it exists in the new configuration.
|
||||||
|
+
|
||||||
|
+ Example:
|
||||||
|
+
|
||||||
|
+ neighbor 10.0.0.1 bfd
|
||||||
|
+ neighbor 10.0.0.1 bfd profile bfd-profile-1
|
||||||
|
+
|
||||||
|
+ Move to end:
|
||||||
|
+ neighbor 10.0.0.1 bfd profile bfd-profile-1
|
||||||
|
+ ...
|
||||||
|
+
|
||||||
|
+ neighbor 10.0.0.1 bfd
|
||||||
|
+
|
||||||
|
+ """
|
||||||
|
+ lines_to_del_to_app = []
|
||||||
|
+ for (ctx_keys, line) in lines_to_del:
|
||||||
|
+ if (
|
||||||
|
+ ctx_keys[0].startswith("router bgp")
|
||||||
|
+ and line
|
||||||
|
+ and line.startswith("neighbor ")
|
||||||
|
+ ):
|
||||||
|
+ # 'no neighbor [peer] bfd>'
|
||||||
|
+ nb_bfd = "neighbor (\S+) .*bfd$"
|
||||||
|
+ re_nb_bfd = re.search(nb_bfd, line)
|
||||||
|
+ if re_nb_bfd:
|
||||||
|
+ lines_to_del_to_app.append((ctx_keys, line))
|
||||||
|
+
|
||||||
|
+ for (ctx_keys, line) in lines_to_del_to_app:
|
||||||
|
+ lines_to_del.remove((ctx_keys, line))
|
||||||
|
+ lines_to_del.append((ctx_keys, line))
|
||||||
|
+
|
||||||
|
+ return (lines_to_add, lines_to_del)
|
||||||
|
+
|
||||||
|
+
|
||||||
|
def check_for_exit_vrf(lines_to_add, lines_to_del):
|
||||||
|
|
||||||
|
# exit-vrf is a bit tricky. If the new config is missing it but we
|
||||||
|
@@ -1248,6 +1290,7 @@ def compare_context_objects(newconf, running):
|
||||||
|
for line in newconf_ctx.lines:
|
||||||
|
lines_to_add.append((newconf_ctx_keys, line))
|
||||||
|
|
||||||
|
+ (lines_to_add, lines_to_del) = delete_bgp_bfd(lines_to_add, lines_to_del)
|
||||||
|
(lines_to_add, lines_to_del) = check_for_exit_vrf(lines_to_add, lines_to_del)
|
||||||
|
(lines_to_add, lines_to_del) = ignore_delete_re_add_lines(lines_to_add, lines_to_del)
|
||||||
|
(lines_to_add, lines_to_del) = ignore_unconfigurable_lines(lines_to_add, lines_to_del)
|
||||||
|
diff --git a/bgpd/bgp_bfd.c b/bgpd/bgp_bfd.c
|
||||||
|
index b566b0e..1bd6249 100644
|
||||||
|
--- a/bgpd/bgp_bfd.c
|
||||||
|
+++ b/bgpd/bgp_bfd.c
|
||||||
|
@@ -686,9 +686,9 @@ void bgp_bfd_peer_config_write(struct vty *vty, struct peer *peer, char *addr)
|
||||||
|
|
||||||
|
if (!CHECK_FLAG(bfd_info->flags, BFD_FLAG_PARAM_CFG)
|
||||||
|
&& (bfd_info->type == BFD_TYPE_NOT_CONFIGURED)) {
|
||||||
|
- vty_out(vty, " neighbor %s bfd", addr);
|
||||||
|
+ vty_out(vty, " neighbor %s bfd\n", addr);
|
||||||
|
if (bfd_info->profile[0])
|
||||||
|
- vty_out(vty, " profile %s", bfd_info->profile);
|
||||||
|
+ vty_out(vty, " neighbor %s bfd profile %s", addr, bfd_info->profile);
|
||||||
|
vty_out(vty, "\n");
|
||||||
|
}
|
||||||
|
|
@ -1,25 +0,0 @@
|
|||||||
From 1d923374f64e099d734899aff219d90cb0213fa6 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Emanuele Bovisio <emanuele.bovisio@eolo.it>
|
|
||||||
Date: Thu, 5 Nov 2020 14:27:51 +0100
|
|
||||||
Subject: [PATCH] bfdd: fix crash on show bfd peers counters json
|
|
||||||
|
|
||||||
wrong pointer passed to bfd_id_iterate function
|
|
||||||
|
|
||||||
Signed-off-by: Emanuele Bovisio <emanuele.bovisio@eolo.it>
|
|
||||||
---
|
|
||||||
bfdd/bfdd_vty.c | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/bfdd/bfdd_vty.c b/bfdd/bfdd_vty.c
|
|
||||||
index a3f1638e5f6..837a7b7d7d6 100644
|
|
||||||
--- a/bfdd/bfdd_vty.c
|
|
||||||
+++ b/bfdd/bfdd_vty.c
|
|
||||||
@@ -447,7 +447,7 @@ static void _display_peers_counter(struct vty *vty, char *vrfname, bool use_json
|
|
||||||
|
|
||||||
jo = json_object_new_array();
|
|
||||||
bvt.jo = jo;
|
|
||||||
- bfd_id_iterate(_display_peer_counter_json_iter, jo);
|
|
||||||
+ bfd_id_iterate(_display_peer_counter_json_iter, &bvt);
|
|
||||||
|
|
||||||
vty_out(vty, "%s\n", json_object_to_json_string_ext(jo, 0));
|
|
||||||
json_object_free(jo);
|
|
28
SOURCES/frr.fc
Normal file
28
SOURCES/frr.fc
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
/usr/libexec/frr(/.*)? gen_context(system_u:object_r:frr_exec_t,s0)
|
||||||
|
|
||||||
|
/usr/lib/systemd/system/frr.* gen_context(system_u:object_r:frr_unit_file_t,s0)
|
||||||
|
|
||||||
|
/etc/frr(/.*)? gen_context(system_u:object_r:frr_conf_t,s0)
|
||||||
|
|
||||||
|
/var/log/frr(/.*)? gen_context(system_u:object_r:frr_log_t,s0)
|
||||||
|
/var/tmp/frr(/.*)? gen_context(system_u:object_r:frr_tmp_t,s0)
|
||||||
|
|
||||||
|
/var/lock/subsys/bfdd -- gen_context(system_u:object_r:frr_lock_t,s0)
|
||||||
|
/var/lock/subsys/bgpd -- gen_context(system_u:object_r:frr_lock_t,s0)
|
||||||
|
/var/lock/subsys/eigrpd -- gen_context(system_u:object_r:frr_lock_t,s0)
|
||||||
|
/var/lock/subsys/fabricd -- gen_context(system_u:object_r:frr_lock_t,s0)
|
||||||
|
/var/lock/subsys/isisd -- gen_context(system_u:object_r:frr_lock_t,s0)
|
||||||
|
/var/lock/subsys/nhrpd -- gen_context(system_u:object_r:frr_lock_t,s0)
|
||||||
|
/var/lock/subsys/ospf6d -- gen_context(system_u:object_r:frr_lock_t,s0)
|
||||||
|
/var/lock/subsys/ospfd -- gen_context(system_u:object_r:frr_lock_t,s0)
|
||||||
|
/var/lock/subsys/pbrd -- gen_context(system_u:object_r:frr_lock_t,s0)
|
||||||
|
/var/lock/subsys/pimd -- gen_context(system_u:object_r:frr_lock_t,s0)
|
||||||
|
/var/lock/subsys/ripd -- gen_context(system_u:object_r:frr_lock_t,s0)
|
||||||
|
/var/lock/subsys/ripngd -- gen_context(system_u:object_r:frr_lock_t,s0)
|
||||||
|
/var/lock/subsys/staticd -- gen_context(system_u:object_r:frr_lock_t,s0)
|
||||||
|
/var/lock/subsys/zebra -- gen_context(system_u:object_r:frr_lock_t,s0)
|
||||||
|
/var/lock/subsys/vrrpd -- gen_context(system_u:object_r:frr_lock_t,s0)
|
||||||
|
|
||||||
|
/var/run/frr(/.*)? gen_context(system_u:object_r:frr_var_run_t,s0)
|
||||||
|
|
||||||
|
/usr/bin/vtysh -- gen_context(system_u:object_r:frr_exec_t,s0)
|
162
SOURCES/frr.if
Normal file
162
SOURCES/frr.if
Normal file
@ -0,0 +1,162 @@
|
|||||||
|
## <summary>policy for frr</summary>
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## Execute frr_exec_t in the frr domain.
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed to transition.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`frr_domtrans',`
|
||||||
|
gen_require(`
|
||||||
|
type frr_t, frr_exec_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
corecmd_search_bin($1)
|
||||||
|
domtrans_pattern($1, frr_exec_t, frr_t)
|
||||||
|
')
|
||||||
|
|
||||||
|
######################################
|
||||||
|
## <summary>
|
||||||
|
## Execute frr in the caller domain.
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed access.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`frr_exec',`
|
||||||
|
gen_require(`
|
||||||
|
type frr_exec_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
corecmd_search_bin($1)
|
||||||
|
can_exec($1, frr_exec_t)
|
||||||
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## Read frr's log files.
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed access.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
## <rolecap/>
|
||||||
|
#
|
||||||
|
interface(`frr_read_log',`
|
||||||
|
gen_require(`
|
||||||
|
type frr_log_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
read_files_pattern($1, frr_log_t, frr_log_t)
|
||||||
|
optional_policy(`
|
||||||
|
logging_search_logs($1)
|
||||||
|
')
|
||||||
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## Append to frr log files.
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed access.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`frr_append_log',`
|
||||||
|
gen_require(`
|
||||||
|
type frr_log_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
append_files_pattern($1, frr_log_t, frr_log_t)
|
||||||
|
optional_policy(`
|
||||||
|
logging_search_logs($1)
|
||||||
|
')
|
||||||
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## Manage frr log files
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed access.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`frr_manage_log',`
|
||||||
|
gen_require(`
|
||||||
|
type frr_log_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
manage_dirs_pattern($1, frr_log_t, frr_log_t)
|
||||||
|
manage_files_pattern($1, frr_log_t, frr_log_t)
|
||||||
|
manage_lnk_files_pattern($1, frr_log_t, frr_log_t)
|
||||||
|
optional_policy(`
|
||||||
|
logging_search_logs($1)
|
||||||
|
')
|
||||||
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## Read frr PID files.
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed access.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`frr_read_pid_files',`
|
||||||
|
gen_require(`
|
||||||
|
type frr_var_run_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
files_search_pids($1)
|
||||||
|
read_files_pattern($1, frr_var_run_t, frr_var_run_t)
|
||||||
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## All of the rules required to administrate
|
||||||
|
## an frr environment
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed access.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`frr_admin',`
|
||||||
|
gen_require(`
|
||||||
|
type frr_t;
|
||||||
|
type frr_log_t;
|
||||||
|
type frr_var_run_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
allow $1 frr_t:process { signal_perms };
|
||||||
|
ps_process_pattern($1, frr_t)
|
||||||
|
|
||||||
|
tunable_policy(`deny_ptrace',`',`
|
||||||
|
allow $1 frr_t:process ptrace;
|
||||||
|
')
|
||||||
|
|
||||||
|
admin_pattern($1, frr_log_t)
|
||||||
|
|
||||||
|
files_search_pids($1)
|
||||||
|
admin_pattern($1, frr_var_run_t)
|
||||||
|
optional_policy(`
|
||||||
|
logging_search_logs($1)
|
||||||
|
')
|
||||||
|
optional_policy(`
|
||||||
|
systemd_passwd_agent_exec($1)
|
||||||
|
systemd_read_fifo_file_passwd_run($1)
|
||||||
|
')
|
||||||
|
')
|
122
SOURCES/frr.te
Normal file
122
SOURCES/frr.te
Normal file
@ -0,0 +1,122 @@
|
|||||||
|
policy_module(frr, 1.0.0)
|
||||||
|
|
||||||
|
########################################
|
||||||
|
#
|
||||||
|
# Declarations
|
||||||
|
#
|
||||||
|
|
||||||
|
type frr_t;
|
||||||
|
type frr_exec_t;
|
||||||
|
init_daemon_domain(frr_t, frr_exec_t)
|
||||||
|
|
||||||
|
type frr_log_t;
|
||||||
|
logging_log_file(frr_log_t)
|
||||||
|
|
||||||
|
type frr_tmp_t;
|
||||||
|
files_tmp_file(frr_tmp_t)
|
||||||
|
|
||||||
|
type frr_lock_t;
|
||||||
|
files_lock_file(frr_lock_t)
|
||||||
|
|
||||||
|
type frr_conf_t;
|
||||||
|
files_config_file(frr_conf_t)
|
||||||
|
|
||||||
|
type frr_unit_file_t;
|
||||||
|
systemd_unit_file(frr_unit_file_t)
|
||||||
|
|
||||||
|
type frr_var_run_t;
|
||||||
|
files_pid_file(frr_var_run_t)
|
||||||
|
|
||||||
|
########################################
|
||||||
|
#
|
||||||
|
# frr local policy
|
||||||
|
#
|
||||||
|
allow frr_t self:capability { fowner fsetid chown dac_override dac_read_search kill net_bind_service net_raw setgid setuid net_admin };
|
||||||
|
allow frr_t self:netlink_route_socket rw_netlink_socket_perms;
|
||||||
|
allow frr_t self:packet_socket create;
|
||||||
|
allow frr_t self:process { setcap setpgid };
|
||||||
|
allow frr_t self:rawip_socket create_socket_perms;
|
||||||
|
allow frr_t self:tcp_socket { connect connected_stream_socket_perms };
|
||||||
|
allow frr_t self:udp_socket create_socket_perms;
|
||||||
|
allow frr_t self:unix_stream_socket connectto;
|
||||||
|
|
||||||
|
allow frr_t frr_conf_t:dir list_dir_perms;
|
||||||
|
manage_files_pattern(frr_t, frr_conf_t, frr_conf_t)
|
||||||
|
read_lnk_files_pattern(frr_t, frr_conf_t, frr_conf_t)
|
||||||
|
|
||||||
|
manage_dirs_pattern(frr_t, frr_log_t, frr_log_t)
|
||||||
|
manage_files_pattern(frr_t, frr_log_t, frr_log_t)
|
||||||
|
manage_lnk_files_pattern(frr_t, frr_log_t, frr_log_t)
|
||||||
|
logging_log_filetrans(frr_t, frr_log_t, { dir file lnk_file })
|
||||||
|
|
||||||
|
allow frr_t frr_tmp_t:file map;
|
||||||
|
manage_dirs_pattern(frr_t, frr_tmp_t, frr_tmp_t)
|
||||||
|
manage_files_pattern(frr_t, frr_tmp_t, frr_tmp_t)
|
||||||
|
files_tmp_filetrans(frr_t, frr_tmp_t, { file dir })
|
||||||
|
|
||||||
|
manage_files_pattern(frr_t, frr_lock_t, frr_lock_t)
|
||||||
|
manage_lnk_files_pattern(frr_t, frr_lock_t, frr_lock_t)
|
||||||
|
files_lock_filetrans(frr_t, frr_lock_t, { file lnk_file })
|
||||||
|
|
||||||
|
manage_dirs_pattern(frr_t, frr_var_run_t, frr_var_run_t)
|
||||||
|
manage_files_pattern(frr_t, frr_var_run_t, frr_var_run_t)
|
||||||
|
manage_lnk_files_pattern(frr_t, frr_var_run_t, frr_var_run_t)
|
||||||
|
manage_sock_files_pattern(frr_t, frr_var_run_t, frr_var_run_t)
|
||||||
|
files_pid_filetrans(frr_t, frr_var_run_t, { dir file lnk_file })
|
||||||
|
|
||||||
|
allow frr_t frr_exec_t:dir search_dir_perms;
|
||||||
|
can_exec(frr_t, frr_exec_t)
|
||||||
|
|
||||||
|
kernel_read_network_state(frr_t)
|
||||||
|
kernel_rw_net_sysctls(frr_t)
|
||||||
|
kernel_read_system_state(frr_t)
|
||||||
|
|
||||||
|
auth_use_nsswitch(frr_t)
|
||||||
|
|
||||||
|
corecmd_exec_bin(frr_t)
|
||||||
|
|
||||||
|
corenet_tcp_bind_appswitch_emp_port(frr_t)
|
||||||
|
corenet_udp_bind_bfd_control_port(frr_t)
|
||||||
|
corenet_udp_bind_bfd_echo_port(frr_t)
|
||||||
|
corenet_tcp_bind_bgp_port(frr_t)
|
||||||
|
corenet_tcp_connect_bgp_port(frr_t)
|
||||||
|
corenet_udp_bind_all_unreserved_ports(frr_t);
|
||||||
|
corenet_tcp_bind_generic_port(frr_t)
|
||||||
|
corenet_tcp_bind_firepower_port(frr_t)
|
||||||
|
corenet_tcp_bind_priority_e_com_port(frr_t)
|
||||||
|
corenet_udp_bind_router_port(frr_t)
|
||||||
|
corenet_tcp_bind_qpasa_agent_port(frr_t)
|
||||||
|
corenet_tcp_bind_smntubootstrap_port(frr_t)
|
||||||
|
corenet_tcp_bind_versa_tek_port(frr_t)
|
||||||
|
corenet_tcp_bind_zebra_port(frr_t)
|
||||||
|
|
||||||
|
domain_use_interactive_fds(frr_t)
|
||||||
|
|
||||||
|
fs_read_nsfs_files(frr_t)
|
||||||
|
|
||||||
|
sysnet_exec_ifconfig(frr_t)
|
||||||
|
|
||||||
|
userdom_read_admin_home_files(frr_t)
|
||||||
|
|
||||||
|
init_signal(frr_t)
|
||||||
|
init_signal_script(frr_t)
|
||||||
|
init_signull_script(frr_t)
|
||||||
|
|
||||||
|
optional_policy(`
|
||||||
|
logging_send_syslog_msg(frr_t)
|
||||||
|
')
|
||||||
|
|
||||||
|
optional_policy(`
|
||||||
|
modutils_exec_kmod(frr_t)
|
||||||
|
modutils_getattr_module_deps(frr_t)
|
||||||
|
modutils_read_module_config(frr_t)
|
||||||
|
modutils_read_module_deps_files(frr_t)
|
||||||
|
')
|
||||||
|
|
||||||
|
optional_policy(`
|
||||||
|
networkmanager_read_state(frr_t)
|
||||||
|
')
|
||||||
|
|
||||||
|
optional_policy(`
|
||||||
|
userdom_admin_home_dir_filetrans(frr_t, frr_conf_t, file, ".history_frr")
|
||||||
|
')
|
@ -1,16 +1,21 @@
|
|||||||
%global frrversion 7.5
|
%global frrversion 7.5.1
|
||||||
%global frr_libdir /usr/lib/frr
|
%global frr_libdir /usr/libexec/frr
|
||||||
|
|
||||||
%global _hardened_build 1
|
%global _hardened_build 1
|
||||||
|
%global selinuxtype targeted
|
||||||
|
%bcond_without selinux
|
||||||
|
|
||||||
Name: frr
|
Name: frr
|
||||||
Version: 7.5
|
Version: 7.5.1
|
||||||
Release: 11%{?checkout}%{?dist}
|
Release: 4%{?checkout}%{?dist}
|
||||||
Summary: Routing daemon
|
Summary: Routing daemon
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
URL: http://www.frrouting.org
|
URL: http://www.frrouting.org
|
||||||
Source0: https://github.com/FRRouting/frr/releases/download/%{name}-%{frrversion}/%{name}-%{frrversion}.tar.gz
|
Source0: https://github.com/FRRouting/frr/releases/download/%{name}-%{frrversion}/%{name}-%{frrversion}.tar.gz
|
||||||
Source1: %{name}-tmpfiles.conf
|
Source1: %{name}-tmpfiles.conf
|
||||||
|
Source2: frr.fc
|
||||||
|
Source3: frr.te
|
||||||
|
Source4: frr.if
|
||||||
BuildRequires: perl-generators
|
BuildRequires: perl-generators
|
||||||
BuildRequires: gcc
|
BuildRequires: gcc
|
||||||
BuildRequires: net-snmp-devel
|
BuildRequires: net-snmp-devel
|
||||||
@ -27,6 +32,11 @@ Requires(preun): systemd /sbin/install-info
|
|||||||
Requires(postun): systemd
|
Requires(postun): systemd
|
||||||
Requires: iproute
|
Requires: iproute
|
||||||
Requires: initscripts
|
Requires: initscripts
|
||||||
|
|
||||||
|
%if 0%{?with_selinux}
|
||||||
|
Requires: (%{name}-selinux = %{version}-%{release} if selinux-policy-%{selinuxtype})
|
||||||
|
%endif
|
||||||
|
|
||||||
Provides: routingdaemon = %{version}-%{release}
|
Provides: routingdaemon = %{version}-%{release}
|
||||||
Obsoletes: frr-sysvinit quagga frr-contrib
|
Obsoletes: frr-sysvinit quagga frr-contrib
|
||||||
|
|
||||||
@ -37,11 +47,10 @@ Patch0003: 0003-disable-eigrp-crypto.patch
|
|||||||
Patch0004: 0004-fips-mode.patch
|
Patch0004: 0004-fips-mode.patch
|
||||||
Patch0006: 0006-CVE-2020-12831.patch
|
Patch0006: 0006-CVE-2020-12831.patch
|
||||||
Patch0007: 0007-frrinit.patch
|
Patch0007: 0007-frrinit.patch
|
||||||
Patch0008: 0008-ospf-multi-instance.patch
|
Patch0008: 0008-designated-router.patch
|
||||||
Patch0009: 0009-bgp-ttl-security.patch
|
Patch0009: 0009-routemap.patch
|
||||||
Patch0010: 0010-bfd-reload.patch
|
Patch0010: 0010-moving-executables.patch
|
||||||
Patch0011: 0011-designated-router.patch
|
Patch0011: 0011-reload-bfd-profile.patch
|
||||||
Patch0012: 0012-bfd-peers-crash.patch
|
|
||||||
|
|
||||||
%description
|
%description
|
||||||
FRRouting is free software that manages TCP/IP based routing protocols. It takes
|
FRRouting is free software that manages TCP/IP based routing protocols. It takes
|
||||||
@ -52,8 +61,25 @@ FRRouting supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP
|
|||||||
|
|
||||||
FRRouting is a fork of Quagga.
|
FRRouting is a fork of Quagga.
|
||||||
|
|
||||||
|
%if 0%{?with_selinux}
|
||||||
|
%package selinux
|
||||||
|
Summary: Selinux policy for FRR
|
||||||
|
BuildArch: noarch
|
||||||
|
Requires: selinux-policy-%{selinuxtype}
|
||||||
|
Requires(post): selinux-policy-%{selinuxtype}
|
||||||
|
BuildRequires: selinux-policy-devel
|
||||||
|
%{?selinux_requires}
|
||||||
|
|
||||||
|
%description selinux
|
||||||
|
SELinux policy modules for FRR package
|
||||||
|
|
||||||
|
%endif
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%autosetup -S git
|
%autosetup -S git
|
||||||
|
#SELinux
|
||||||
|
mkdir selinux
|
||||||
|
cp -p %{SOURCE2} %{SOURCE3} %{SOURCE4} selinux
|
||||||
|
|
||||||
%build
|
%build
|
||||||
autoreconf -ivf
|
autoreconf -ivf
|
||||||
@ -88,6 +114,12 @@ pushd doc
|
|||||||
make info
|
make info
|
||||||
popd
|
popd
|
||||||
|
|
||||||
|
#SELinux policy
|
||||||
|
%if 0%{?with_selinux}
|
||||||
|
make -C selinux -f %{_datadir}/selinux/devel/Makefile %{name}.pp
|
||||||
|
bzip2 -9 selinux/%{name}.pp
|
||||||
|
%endif
|
||||||
|
|
||||||
%install
|
%install
|
||||||
mkdir -p %{buildroot}/etc/{frr,rc.d/init.d,sysconfig,logrotate.d,pam.d,default} \
|
mkdir -p %{buildroot}/etc/{frr,rc.d/init.d,sysconfig,logrotate.d,pam.d,default} \
|
||||||
%{buildroot}/var/log/frr %{buildroot}%{_infodir} \
|
%{buildroot}/var/log/frr %{buildroot}%{_infodir} \
|
||||||
@ -112,6 +144,12 @@ install -p -m 644 %{_builddir}/%{name}-%{frrversion}/redhat/frr.logrotate %{buil
|
|||||||
install -p -m 644 %{_builddir}/%{name}-%{frrversion}/redhat/frr.pam %{buildroot}/etc/pam.d/frr
|
install -p -m 644 %{_builddir}/%{name}-%{frrversion}/redhat/frr.pam %{buildroot}/etc/pam.d/frr
|
||||||
install -d -m 775 %{buildroot}/run/frr
|
install -d -m 775 %{buildroot}/run/frr
|
||||||
|
|
||||||
|
%if 0%{?with_selinux}
|
||||||
|
install -D -m 644 selinux/%{name}.pp.bz2 \
|
||||||
|
%{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2
|
||||||
|
install -D -m 644 selinux/%{name}.if %{buildroot}%{_datadir}/selinux/devel/include/distributed/%{name}.if
|
||||||
|
%endif
|
||||||
|
|
||||||
rm %{buildroot}%{_libdir}/frr/*.la
|
rm %{buildroot}%{_libdir}/frr/*.la
|
||||||
rm %{buildroot}%{_libdir}/frr/modules/*.la
|
rm %{buildroot}%{_libdir}/frr/modules/*.la
|
||||||
|
|
||||||
@ -127,6 +165,8 @@ getent passwd frr >/dev/null 2>&1 || useradd -M -r -g frr -s /sbin/nologin \
|
|||||||
usermod -aG frrvty frr
|
usermod -aG frrvty frr
|
||||||
|
|
||||||
%post
|
%post
|
||||||
|
#Because we move files to /usr/libexec, we need to reload .service files as well
|
||||||
|
/usr/bin/systemctl daemon-reload
|
||||||
%systemd_post frr.service
|
%systemd_post frr.service
|
||||||
|
|
||||||
if [ -f %{_infodir}/%{name}.inf* ]; then
|
if [ -f %{_infodir}/%{name}.inf* ]; then
|
||||||
@ -166,6 +206,26 @@ fi
|
|||||||
%preun
|
%preun
|
||||||
%systemd_preun frr.service
|
%systemd_preun frr.service
|
||||||
|
|
||||||
|
#SELinux
|
||||||
|
%if 0%{?with_selinux}
|
||||||
|
%pre selinux
|
||||||
|
%selinux_relabel_pre -s %{selinuxtype}
|
||||||
|
|
||||||
|
%post selinux
|
||||||
|
%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2
|
||||||
|
%selinux_relabel_post -s %{selinuxtype}
|
||||||
|
#/var/tmp and /var/run need to be relabeled as well if FRR is running before upgrade
|
||||||
|
%{_sbindir}/restorecon -R /var/tmp/frr &> /dev/null
|
||||||
|
%{_sbindir}/restorecon -R /var/run/frr &> /dev/null
|
||||||
|
|
||||||
|
%postun selinux
|
||||||
|
if [ $1 -eq 0 ]; then
|
||||||
|
%selinux_modules_uninstall -s %{selinuxtype} %{name}
|
||||||
|
%selinux_relabel_post -s %{selinuxtype}
|
||||||
|
fi
|
||||||
|
|
||||||
|
%endif
|
||||||
|
|
||||||
%check
|
%check
|
||||||
make check PYTHON=%{__python3}
|
make check PYTHON=%{__python3}
|
||||||
|
|
||||||
@ -201,7 +261,28 @@ make check PYTHON=%{__python3}
|
|||||||
/usr/share/yang/*.yang
|
/usr/share/yang/*.yang
|
||||||
%{_tmpfilesdir}/%{name}.conf
|
%{_tmpfilesdir}/%{name}.conf
|
||||||
|
|
||||||
|
%if 0%{?with_selinux}
|
||||||
|
%files selinux
|
||||||
|
%{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.*
|
||||||
|
%{_datadir}/selinux/devel/include/distributed/%{name}.if
|
||||||
|
%ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{name}
|
||||||
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Sep 15 2022 Michal Ruprich <mruprich@redhat.com> - 7.5.1-4
|
||||||
|
- Resolves: #2126040 - Frr is unable to push routes to the system routing table
|
||||||
|
|
||||||
|
* Thu Aug 25 2022 Michal Ruprich <mruprich@redhat.com> - 7.5.1-3
|
||||||
|
- Resolves: #2054160 - FRR reloader does not disable BFD when unsetting BFD profile
|
||||||
|
|
||||||
|
* Wed Aug 24 2022 Michal Ruprich <mruprich@redhat.com> - 7.5.1-2
|
||||||
|
- Resolves: #1941765 - AVCs while running frr tests on RHEL 8.4.0 Beta-1.2
|
||||||
|
- Resolves: #1714984 - SELinux policy (daemons) changes required for package
|
||||||
|
|
||||||
|
* Wed May 11 2022 Michal Ruprich <mruprich@redhat.com> - 7.5.1-1
|
||||||
|
- Resolves: #2018451 - Rebase of frr to version 7.5.1
|
||||||
|
- Resolves: #1975361 - the dynamic routing setup does not work any more
|
||||||
|
|
||||||
* Wed Jan 05 2022 Michal Ruprich <mruprich@redhat.com> - 7.5-11
|
* Wed Jan 05 2022 Michal Ruprich <mruprich@redhat.com> - 7.5-11
|
||||||
- Resolves: #2034328 - Bfdd crash in metallb CI
|
- Resolves: #2034328 - Bfdd crash in metallb CI
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user