From 8b09286f3d6c65e86be17ef2302cae133e14d823 Mon Sep 17 00:00:00 2001 From: eabdullin Date: Tue, 11 Mar 2025 07:14:15 +0000 Subject: [PATCH] import CS frr-8.5.3-7.el9 --- .../0009-bfd-bgp-shutdown-notification.patch | 285 ++++++++++++++++++ SOURCES/0010-bgp-bfd-drop-connection.patch | 67 ++++ SOURCES/0011-bgp-graceful-restart-noop.patch | 149 +++++++++ SPECS/frr.spec | 14 +- 4 files changed, 514 insertions(+), 1 deletion(-) create mode 100644 SOURCES/0009-bfd-bgp-shutdown-notification.patch create mode 100644 SOURCES/0010-bgp-bfd-drop-connection.patch create mode 100644 SOURCES/0011-bgp-graceful-restart-noop.patch diff --git a/SOURCES/0009-bfd-bgp-shutdown-notification.patch b/SOURCES/0009-bfd-bgp-shutdown-notification.patch new file mode 100644 index 0000000..bf7db9f --- /dev/null +++ b/SOURCES/0009-bfd-bgp-shutdown-notification.patch @@ -0,0 +1,285 @@ +From 59f5dd686a324f888602fa4a56f6da90e844103c Mon Sep 17 00:00:00 2001 +From: Donatas Abraitis +Date: Tue, 11 Jun 2024 11:40:40 +0300 +Subject: [PATCH 1/3] tests: Check if BFD notification is sent and session + remains in down state + +Signed-off-by: Donatas Abraitis +--- + .../r1/bfdd.conf | 4 + + .../r1/bgpd.conf | 2 +- + .../test_bgp_bfd_down_cease_notification.py | 3 + + ...gp_bfd_down_cease_notification_shutdown.py | 122 ++++++++++++++++++ + 4 files changed, 130 insertions(+), 1 deletion(-) + create mode 100644 tests/topotests/bgp_bfd_down_cease_notification/test_bgp_bfd_down_cease_notification_shutdown.py + +diff --git a/tests/topotests/bgp_bfd_down_cease_notification/r1/bfdd.conf b/tests/topotests/bgp_bfd_down_cease_notification/r1/bfdd.conf +index 0ae384eb53ca..1033b27c568d 100644 +--- a/tests/topotests/bgp_bfd_down_cease_notification/r1/bfdd.conf ++++ b/tests/topotests/bgp_bfd_down_cease_notification/r1/bfdd.conf +@@ -1,5 +1,9 @@ + bfd ++ profile r1 ++ exit ++ ! + peer 192.168.255.2 interface r1-eth0 ++ profile r1 + exit + ! + exit +diff --git a/tests/topotests/bgp_bfd_down_cease_notification/r1/bgpd.conf b/tests/topotests/bgp_bfd_down_cease_notification/r1/bgpd.conf +index e855f75c20de..58a90d1a490c 100644 +--- a/tests/topotests/bgp_bfd_down_cease_notification/r1/bgpd.conf ++++ b/tests/topotests/bgp_bfd_down_cease_notification/r1/bgpd.conf +@@ -3,7 +3,7 @@ router bgp 65001 + no bgp ebgp-requires-policy + neighbor 192.168.255.2 remote-as external + neighbor 192.168.255.2 timers 3 10 +- neighbor 192.168.255.2 bfd ++ neighbor 192.168.255.2 bfd profile r1 + address-family ipv4 + redistribute connected + exit-address-family +diff --git a/tests/topotests/bgp_bfd_down_cease_notification/test_bgp_bfd_down_cease_notification.py b/tests/topotests/bgp_bfd_down_cease_notification/test_bgp_bfd_down_cease_notification.py +index 00142981c502..3be34300078b 100644 +--- a/tests/topotests/bgp_bfd_down_cease_notification/test_bgp_bfd_down_cease_notification.py ++++ b/tests/topotests/bgp_bfd_down_cease_notification/test_bgp_bfd_down_cease_notification.py +@@ -89,6 +89,9 @@ def _bgp_bfd_down_notification(): + expected = { + "192.168.255.1": { + "lastNotificationReason": "Cease/BFD Down", ++ "peerBfdInfo": { ++ "status": "Up", ++ }, + } + } + return topotest.json_cmp(output, expected) +diff --git a/tests/topotests/bgp_bfd_down_cease_notification/test_bgp_bfd_down_cease_notification_shutdown.py b/tests/topotests/bgp_bfd_down_cease_notification/test_bgp_bfd_down_cease_notification_shutdown.py +new file mode 100644 +index 000000000000..5ffeed5033ae +--- /dev/null ++++ b/tests/topotests/bgp_bfd_down_cease_notification/test_bgp_bfd_down_cease_notification_shutdown.py +@@ -0,0 +1,122 @@ ++#!/usr/bin/env python ++# SPDX-License-Identifier: ISC ++ ++# ++# bgp_bfd_down_cease_notification_shutdown.py ++# ++# Copyright (c) 2024 by ++# Donatas Abraitis ++# ++ ++""" ++Check if Cease/BFD Down notification message is sent/received ++when the BFD is down (administratively). ++""" ++ ++import os ++import sys ++import json ++import pytest ++import functools ++ ++CWD = os.path.dirname(os.path.realpath(__file__)) ++sys.path.append(os.path.join(CWD, "../")) ++ ++# pylint: disable=C0413 ++from lib import topotest ++from lib.topogen import Topogen, TopoRouter, get_topogen ++from lib.common_config import kill_router_daemons, step ++ ++pytestmark = [pytest.mark.bfdd, pytest.mark.bgpd] ++ ++ ++def build_topo(tgen): ++ for routern in range(1, 3): ++ tgen.add_router("r{}".format(routern)) ++ ++ switch = tgen.add_switch("s1") ++ switch.add_link(tgen.gears["r1"]) ++ switch.add_link(tgen.gears["r2"]) ++ ++ ++def setup_module(mod): ++ tgen = Topogen(build_topo, mod.__name__) ++ tgen.start_topology() ++ ++ router_list = tgen.routers() ++ ++ for i, (rname, router) in enumerate(router_list.items(), 1): ++ router.load_config( ++ TopoRouter.RD_ZEBRA, os.path.join(CWD, "{}/zebra.conf".format(rname)) ++ ) ++ router.load_config( ++ TopoRouter.RD_BGP, os.path.join(CWD, "{}/bgpd.conf".format(rname)) ++ ) ++ router.load_config( ++ TopoRouter.RD_BFD, os.path.join(CWD, "{}/bfdd.conf".format(rname)) ++ ) ++ ++ tgen.start_router() ++ ++ ++def teardown_module(mod): ++ tgen = get_topogen() ++ tgen.stop_topology() ++ ++ ++def test_bgp_bfd_down_notification_shutdown(): ++ tgen = get_topogen() ++ ++ if tgen.routers_have_failure(): ++ pytest.skip(tgen.errors) ++ ++ r1 = tgen.gears["r1"] ++ r2 = tgen.gears["r2"] ++ ++ def _bgp_converge(): ++ output = json.loads(r2.vtysh_cmd("show ip bgp neighbor 192.168.255.1 json")) ++ expected = { ++ "192.168.255.1": { ++ "bgpState": "Established", ++ "addressFamilyInfo": {"ipv4Unicast": {"acceptedPrefixCounter": 2}}, ++ "peerBfdInfo": {"status": "Up"}, ++ } ++ } ++ return topotest.json_cmp(output, expected) ++ ++ def _bgp_bfd_down_notification(): ++ output = json.loads(r2.vtysh_cmd("show ip bgp neighbor 192.168.255.1 json")) ++ expected = { ++ "192.168.255.1": { ++ "lastNotificationReason": "Cease/BFD Down", ++ "lastNotificationHardReset": True, ++ "peerBfdInfo": { ++ "status": "Down", ++ }, ++ } ++ } ++ return topotest.json_cmp(output, expected) ++ ++ step("Initial BGP converge") ++ test_func = functools.partial(_bgp_converge) ++ _, result = topotest.run_and_expect(test_func, None, count=30, wait=1) ++ assert result is None, "Failed to see BGP convergence on R2" ++ ++ r1.vtysh_cmd( ++ """ ++ configure ++ bfd ++ profile r1 ++ shutdown ++ """ ++ ) ++ ++ step("Check if we received Cease/BFD Down notification message") ++ test_func = functools.partial(_bgp_bfd_down_notification) ++ _, result = topotest.run_and_expect(test_func, None, count=30, wait=1) ++ assert result is None, "Failed to see BGP Cease/BFD Down notification message on R2" ++ ++ ++if __name__ == "__main__": ++ args = ["-s"] + sys.argv[1:] ++ sys.exit(pytest.main(args)) + +From ae1f3a48513f51c540788a090b05c24750665f55 Mon Sep 17 00:00:00 2001 +From: Donatas Abraitis +Date: Tue, 11 Jun 2024 11:41:53 +0300 +Subject: [PATCH 2/3] bgpd: Keep last notification's state about hard reset + +When we receive a hard-reset notification, we always show it if it was a hard, +or not. + +For sending side, we missed that. Let's display it too. + +Signed-off-by: Donatas Abraitis +--- + bgpd/bgp_packet.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c +index 3f38790cbda3..8a4453f12472 100644 +--- a/bgpd/bgp_packet.c ++++ b/bgpd/bgp_packet.c +@@ -982,6 +982,7 @@ static void bgp_notify_send_internal(struct peer_connection *connection, + peer->notify.code = bgp_notify.code; + peer->notify.subcode = bgp_notify.subcode; + peer->notify.length = bgp_notify.length; ++ peer->notify.hard_reset = hard_reset; + + if (bgp_notify.length && data) { + bgp_notify.data = XMALLOC(MTYPE_BGP_NOTIFICATION, + +From 1fb48f5d13faf4ec1e6d4c2cdded9ca2dcd6d609 Mon Sep 17 00:00:00 2001 +From: Donatas Abraitis +Date: Wed, 12 Jun 2024 08:39:48 +0300 +Subject: [PATCH 3/3] bgpd: Do not start BGP session if BFD profile is in + shutdown state + +If we do: + +``` +bfd + profile foo + shutdown +``` + +The session is dropped, but immediately established again because we don't +have a proper check on BFD. + +If BFD is administratively shutdown, ignore starting the session. + +Fixes: https://github.com/FRRouting/frr/issues/16186 + +Signed-off-by: Donatas Abraitis +--- + bgpd/bgpd.c | 6 ++++++ + lib/bfd.c | 6 ++++++ + lib/bfd.h | 2 ++ + 3 files changed, 14 insertions(+) + +diff --git a/bgpd/bgpd.c b/bgpd/bgpd.c +index 81506f4410b1..869d2b455214 100644 +--- a/bgpd/bgpd.c ++++ b/bgpd/bgpd.c +@@ -4507,6 +4507,12 @@ bool peer_active(struct peer *peer) + { + if (BGP_PEER_SU_UNSPEC(peer)) + return false; ++ ++ if (peer->bfd_config) { ++ if (bfd_session_is_down(peer->bfd_config->session)) ++ return false; ++ } ++ + if (peer->afc[AFI_IP][SAFI_UNICAST] || peer->afc[AFI_IP][SAFI_MULTICAST] + || peer->afc[AFI_IP][SAFI_LABELED_UNICAST] + || peer->afc[AFI_IP][SAFI_MPLS_VPN] || peer->afc[AFI_IP][SAFI_ENCAP] +diff --git a/lib/bfd.c b/lib/bfd.c +index 2222bb954737..4535fc123378 100644 +--- a/lib/bfd.c ++++ b/lib/bfd.c +@@ -1334,3 +1334,9 @@ int bfd_nht_update(const struct prefix *match, const struct zapi_route *route) + + return 0; + } ++ ++bool bfd_session_is_down(const struct bfd_session_params *session) ++{ ++ return session->bss.state == BSS_DOWN || ++ session->bss.state == BSS_ADMIN_DOWN; ++} +diff --git a/lib/bfd.h b/lib/bfd.h +index bfa5287340f2..48929a95642c 100644 +--- a/lib/bfd.h ++++ b/lib/bfd.h +@@ -464,6 +464,8 @@ extern bool bfd_protocol_integration_shutting_down(void); + extern int bfd_nht_update(const struct prefix *match, + const struct zapi_route *route); + ++extern bool bfd_session_is_down(const struct bfd_session_params *session); ++ + #ifdef __cplusplus + } + #endif diff --git a/SOURCES/0010-bgp-bfd-drop-connection.patch b/SOURCES/0010-bgp-bfd-drop-connection.patch new file mode 100644 index 0000000..d23997c --- /dev/null +++ b/SOURCES/0010-bgp-bfd-drop-connection.patch @@ -0,0 +1,67 @@ +From 247a75d5c662893f6c08daf6ffbe82eb3073205a Mon Sep 17 00:00:00 2001 +From: Donatas Abraitis +Date: Tue, 5 Nov 2024 15:51:58 +0200 +Subject: [PATCH] bgpd: Reset BGP session only if it was a real BFD DOWN event + +Without this patch we always see a double-reset, e.g.: + +``` +2024/11/04 12:42:43.010 BGP: [VQY9X-CQZKG] bgp_peer_bfd_update_source: address [0.0.0.0->172.18.0.3] to [172.18.0.2->172.18.0.3] +2024/11/04 12:42:43.010 BGP: [X8BD9-8RKN4] bgp_peer_bfd_update_source: interface none to eth0 +2024/11/04 12:42:43.010 BFD: [MSVDW-Y8Z5Q] ptm-del-dest: deregister peer [mhop:no peer:172.18.0.3 local:0.0.0.0 vrf:default cbit:0x00 minimum-ttl:255] +2024/11/04 12:42:43.010 BFD: [NYF5K-SE3NS] ptm-del-session: [mhop:no peer:172.18.0.3 local:0.0.0.0 vrf:default] refcount=0 +2024/11/04 12:42:43.010 BFD: [NW21R-MRYNT] session-delete: mhop:no peer:172.18.0.3 local:0.0.0.0 vrf:default +2024/11/04 12:42:43.010 BGP: [P3D3N-3277A] 172.18.0.3 [FSM] Timer (routeadv timer expire) +2024/11/04 12:42:43.010 BFD: [YA0Q5-C0BPV] control-packet: no session found [mhop:no peer:172.18.0.3 local:172.18.0.2 port:11] +2024/11/04 12:42:43.010 BFD: [MSVDW-Y8Z5Q] ptm-add-dest: register peer [mhop:no peer:172.18.0.3 local:172.18.0.2 vrf:default cbit:0x00 minimum-ttl:255] +2024/11/04 12:42:43.011 BFD: [PSB4R-8T1TJ] session-new: mhop:no peer:172.18.0.3 local:172.18.0.2 vrf:default ifname:eth0 +2024/11/04 12:42:43.011 BGP: [Q4BCV-6FHZ5] zclient_bfd_session_update: 172.18.0.2/32 -> 172.18.0.3/32 (interface eth0) VRF default(0) (CPI bit no): Down +2024/11/04 12:42:43.011 BGP: [MKVHZ-7MS3V] bfd_session_status_update: neighbor 172.18.0.3 vrf default(0) bfd state Up -> Down +2024/11/04 12:42:43.011 BGP: [HZN6M-XRM1G] %NOTIFICATION: sent to neighbor 172.18.0.3 6/10 (Cease/BFD Down) 0 bytes +2024/11/04 12:42:43.011 BGP: [QFMSE-NPSNN] zclient_bfd_session_update: sessions updated: 1 +2024/11/04 12:42:43.011 BGP: [ZWCSR-M7FG9] 172.18.0.3 [FSM] BGP_Stop (Established->Clearing), fd 22 +``` + +Reset is due to the source address change. + +With this patch, we reset the session only if it's a _REAL_ BFD down event, which +means we trigger session reset if BFD session is established earlier than BGP. + +Signed-off-by: Donatas Abraitis +--- + bgpd/bgp_bfd.c | 23 ++++++++++++++++------- + 1 file changed, 16 insertions(+), 7 deletions(-) + +diff --git a/bgpd/bgp_bfd.c b/bgpd/bgp_bfd.c +index 11b074a..b3c5f84 100644 +--- a/bgpd/bgp_bfd.c ++++ b/bgpd/bgp_bfd.c +@@ -70,12 +70,22 @@ static void bfd_session_status_update(struct bfd_session_params *bsp, + } + peer->last_reset = PEER_DOWN_BFD_DOWN; + +- /* draft-ietf-idr-bfd-subcode */ +- if (BGP_IS_VALID_STATE_FOR_NOTIF(peer->status)) +- bgp_notify_send(peer, BGP_NOTIFY_CEASE, +- BGP_NOTIFY_CEASE_BFD_DOWN); +- +- BGP_EVENT_ADD(peer, BGP_Stop); ++ /* Once the BFD session is UP, and later BGP session is UP, ++ * BFD notices that peer->su_local changed, and BFD session goes down. ++ * We should trigger BGP session reset if BFD session is UP ++ * only when BGP session is UP already. ++ * Otherwise, we end up resetting BGP session when BFD session is UP, ++ * when the source address is changed, e.g. 0.0.0.0 -> 10.0.0.1. ++ */ ++ if (bss->last_event > peer->uptime) { ++ peer->last_reset = PEER_DOWN_BFD_DOWN; ++ /* rfc9384 */ ++ if (BGP_IS_VALID_STATE_FOR_NOTIF(peer->status)) ++ bgp_notify_send(peer, BGP_NOTIFY_CEASE, ++ BGP_NOTIFY_CEASE_BFD_DOWN); ++ ++ BGP_EVENT_ADD(peer, BGP_Stop); ++ } + } + + if (bss->state == BSS_UP && bss->previous_state != BSS_UP diff --git a/SOURCES/0011-bgp-graceful-restart-noop.patch b/SOURCES/0011-bgp-graceful-restart-noop.patch new file mode 100644 index 0000000..39d4937 --- /dev/null +++ b/SOURCES/0011-bgp-graceful-restart-noop.patch @@ -0,0 +1,149 @@ +diff --git a/bgpd/bgp_fsm.c b/bgpd/bgp_fsm.c +index 8f1fdea..df5fcaf 100644 +--- a/bgpd/bgp_fsm.c ++++ b/bgpd/bgp_fsm.c +@@ -2907,19 +2907,22 @@ int bgp_neighbor_graceful_restart(struct peer *peer, int peer_gr_cmd) + + peer_old_state = bgp_peer_gr_mode_get(peer); + +- if (peer_old_state == PEER_INVALID) { +- zlog_debug("[BGP_GR] peer_old_state == Invalid state !"); ++ if (BGP_DEBUG(graceful_restart, GRACEFUL_RESTART)) ++ zlog_debug("%s [BGP_GR] peer_old_state: %d", __func__, ++ peer_old_state); ++ ++ if (peer_old_state == PEER_INVALID) + return BGP_ERR_GR_OPERATION_FAILED; +- } + + peer_state = peer->PEER_GR_FSM[peer_old_state][peer_gr_cmd]; + peer_new_state = peer_state.next_state; + +- if (peer_new_state == PEER_INVALID) { +- zlog_debug( +- "[BGP_GR] Invalid bgp graceful restart command used !"); ++ if (BGP_DEBUG(graceful_restart, GRACEFUL_RESTART)) ++ zlog_debug("%s [BGP_GR] peer_new_state: %d", __func__, ++ peer_new_state); ++ ++ if (peer_new_state == PEER_INVALID) + return BGP_ERR_GR_INVALID_CMD; +- } + + if (peer_new_state != peer_old_state) { + result = peer_state.action_fun(peer, peer_old_state, +diff --git a/bgpd/bgp_vty.c b/bgpd/bgp_vty.c +index 7bad770..dfd4f9f 100644 +--- a/bgpd/bgp_vty.c ++++ b/bgpd/bgp_vty.c +@@ -3162,7 +3162,7 @@ DEFUN (bgp_neighbor_graceful_restart_set, + { + int idx_peer = 1; + struct peer *peer; +- int ret = BGP_GR_FAILURE; ++ int result = BGP_GR_FAILURE, ret = BGP_GR_SUCCESS; + + VTY_BGP_GR_DEFINE_LOOP_VARIABLE; + +@@ -3174,16 +3174,21 @@ DEFUN (bgp_neighbor_graceful_restart_set, + if (!peer) + return CMD_WARNING_CONFIG_FAILED; + +- ret = bgp_neighbor_graceful_restart(peer, PEER_GR_CMD); +- +- VTY_BGP_GR_ROUTER_DETECT(bgp, peer, peer->bgp->peer); +- VTY_SEND_BGP_GR_CAPABILITY_TO_ZEBRA(peer->bgp, ret); ++ result = bgp_neighbor_graceful_restart(peer, PEER_GR_CMD); ++ if (result == BGP_GR_SUCCESS) { ++ VTY_BGP_GR_ROUTER_DETECT(bgp, peer, peer->bgp->peer); ++ VTY_SEND_BGP_GR_CAPABILITY_TO_ZEBRA(peer->bgp, ret); ++ vty_out(vty, ++ "Graceful restart configuration changed, reset this peer to take effect\n"); ++ } + + if (BGP_DEBUG(graceful_restart, GRACEFUL_RESTART)) + zlog_debug( + "[BGP_GR] bgp_neighbor_graceful_restart_set_cmd : END "); +- vty_out(vty, +- "Graceful restart configuration changed, reset this peer to take effect\n"); ++ ++ if (ret != BGP_GR_SUCCESS) ++ vty_out(vty, ++ "As part of configuring graceful-restart, capability send to zebra failed\n"); + + return bgp_vty_return(vty, ret); + } +@@ -3198,7 +3203,7 @@ DEFUN (no_bgp_neighbor_graceful_restart, + ) + { + int idx_peer = 2; +- int ret = BGP_GR_FAILURE; ++ int result = BGP_GR_FAILURE, ret = BGP_GR_SUCCESS; + struct peer *peer; + + VTY_BGP_GR_DEFINE_LOOP_VARIABLE; +@@ -3211,16 +3216,21 @@ DEFUN (no_bgp_neighbor_graceful_restart, + zlog_debug( + "[BGP_GR] no_bgp_neighbor_graceful_restart_set_cmd : START "); + +- ret = bgp_neighbor_graceful_restart(peer, NO_PEER_GR_CMD); +- +- VTY_BGP_GR_ROUTER_DETECT(bgp, peer, peer->bgp->peer); +- VTY_SEND_BGP_GR_CAPABILITY_TO_ZEBRA(peer->bgp, ret); ++ result = bgp_neighbor_graceful_restart(peer, NO_PEER_GR_CMD); ++ if (ret == BGP_GR_SUCCESS) { ++ VTY_BGP_GR_ROUTER_DETECT(bgp, peer, peer->bgp->peer); ++ VTY_SEND_BGP_GR_CAPABILITY_TO_ZEBRA(peer->bgp, ret); ++ vty_out(vty, ++ "Graceful restart configuration changed, reset this peer to take effect\n"); ++ } + + if (BGP_DEBUG(graceful_restart, GRACEFUL_RESTART)) + zlog_debug( + "[BGP_GR] no_bgp_neighbor_graceful_restart_set_cmd : END "); +- vty_out(vty, +- "Graceful restart configuration changed, reset this peer to take effect\n"); ++ ++ if (ret != BGP_GR_SUCCESS) ++ vty_out(vty, ++ "As part of configuring graceful-restart, capability send to zebra failed\n"); + + return bgp_vty_return(vty, ret); + } +@@ -3310,7 +3320,7 @@ DEFUN (bgp_neighbor_graceful_restart_disable_set, + { + int idx_peer = 1; + struct peer *peer; +- int ret = BGP_GR_FAILURE; ++ int result = BGP_GR_FAILURE, ret = BGP_GR_SUCCESS; + + VTY_BGP_GR_DEFINE_LOOP_VARIABLE; + +@@ -3349,7 +3359,7 @@ DEFUN (no_bgp_neighbor_graceful_restart_disable, + ) + { + int idx_peer = 2; +- int ret = BGP_GR_FAILURE; ++ int result = BGP_GR_FAILURE, ret = BGP_GR_SUCCESS; + struct peer *peer; + + VTY_BGP_GR_DEFINE_LOOP_VARIABLE; +diff --git a/bgpd/bgpd.c b/bgpd/bgpd.c +index 964349b..1db3e58 100644 +--- a/bgpd/bgpd.c ++++ b/bgpd/bgpd.c +@@ -1320,11 +1320,11 @@ int bgp_peer_gr_init(struct peer *peer) + { + /* PEER_GLOBAL_INHERIT Mode */ + /* Event-> */ /* PEER_GR_CMD */ /* NO_PEER_GR_CMD */ +- { PEER_GR, bgp_peer_gr_action }, { PEER_INVALID, NULL }, ++ { PEER_GR, bgp_peer_gr_action }, { PEER_GLOBAL_INHERIT, NULL }, + /* Event-> */ /* PEER_DISABLE_CMD */ /* NO_PEER_DISABLE_CMD */ +- { PEER_DISABLE, bgp_peer_gr_action}, { PEER_INVALID, NULL }, ++ { PEER_DISABLE, bgp_peer_gr_action }, { PEER_GLOBAL_INHERIT, NULL }, + /* Event-> */ /* PEER_HELPER_cmd */ /* NO_PEER_HELPER_CMD */ +- { PEER_HELPER, bgp_peer_gr_action }, { PEER_INVALID, NULL } ++ { PEER_HELPER, bgp_peer_gr_action }, { PEER_GLOBAL_INHERIT, NULL } + } + }; + memcpy(&peer->PEER_GR_FSM, local_Peer_GR_FSM, diff --git a/SPECS/frr.spec b/SPECS/frr.spec index e9b8a38..db90bd7 100644 --- a/SPECS/frr.spec +++ b/SPECS/frr.spec @@ -7,7 +7,7 @@ Name: frr Version: 8.5.3 -Release: 4%{?checkout}%{?dist} +Release: 7%{?checkout}%{?dist} Summary: Routing daemon License: GPLv2+ URL: http://www.frrouting.org @@ -71,6 +71,9 @@ Patch0005: 0005-CVE-2023-47235.patch Patch0006: 0006-CVE-2023-47234.patch Patch0007: 0007-CVE-2023-46752.patch Patch0008: 0008-CVE-2023-46753.patch +Patch0009: 0009-bfd-bgp-shutdown-notification.patch +Patch0010: 0010-bgp-bfd-drop-connection.patch +Patch0011: 0011-bgp-graceful-restart-noop.patch %description FRRouting is free software that manages TCP/IP based routing protocols. It takes @@ -276,6 +279,15 @@ make check PYTHON=%{__python3} %endif %changelog +* Fri Feb 14 2025 Michal Ruprich - 8.5.3-7 +- Resolves: RHEL-68432 - FRR gives false warning when Graceful Restart enabled + +* Fri Feb 14 2025 Michal Ruprich - 8.5.3-6 +- Resolves: RHEL-78354 - BGP with BFD has a dropped Connection before peering established + +* Tue Feb 11 2025 Michal Ruprich - 8.5.3-5 +- Resolves: RHEL-78318 - BFD status down in FRR does not bring down BGP session between peers + * Mon Feb 05 2024 Michal Ruprich - 8.5.3-4 - Resolves: RHEL-14825 - crafted BGP UPDATE message leading to a crash