Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

isisd: fix ip/ipv6 reachability tlvs #15655

Merged
merged 1 commit into from
May 13, 2024
Merged

isisd: fix ip/ipv6 reachability tlvs #15655

merged 1 commit into from
May 13, 2024

Conversation

idryzhov
Copy link
Contributor

@idryzhov idryzhov commented Apr 2, 2024

Don't allocate subtlvs container if there's nothing to add to it. If the container is allocated, the "sub-TLVs presence" bit is set in the TLVs even if there's no actual sub-TLVs, what violates the RFC.

Fixes #14514.

@idryzhov
isisd: fix ip/ipv6 reachability tlvs
c3d34b8 
Don't allocate subtlvs container if there's nothing to add to it. If the
container is allocated, the "sub-TLVs presence" bit is set in the TLVs
even if there's no actual sub-TLVs, what violates the RFC.

Fixes FRRouting#14514.

Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
@idryzhov
Copy link
Contributor Author

idryzhov commented Apr 2, 2024

@Mergifyio backport stable/9.0 stable/9.1 dev/10.0

@mergify Mergify
Copy link

mergify bot commented Apr 2, 2024
edited
Loading

backport stable/9.0 stable/9.1 dev/10.0

❌ No backport have been created

GitHub error: Branch not found

odd22
odd22 requested changes Apr 2, 2024
View reviewed changes
Copy link
Member

@odd22 odd22 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm disagree with this modification. In fact, if pcfgs is not null, this means that there is at least one subtlv to add. Thus, it is necessary to allocate memory for at least this subtlv. So, for me, it is not pertinent to move the subtlv memory allocation later in the loop. You could have a look to isis_lsp.c line 912 & 982 where the isis_tlvs_add_extended_ip_reach() function is called. You'll see that the pcfgs is the result of the loop around the SR algorithms.

@idryzhov
Copy link
Contributor Author

idryzhov commented Apr 2, 2024
edited
Loading

That's exactly what I looked at.

pcfgs is defined as a fixed-length array which is always non-NULL:
struct sr_prefix_cfg *pcfgs[SR_ALGORITHM_COUNT] = {NULL};.

Then it is populated in the loop, but if there are no algorithms configured it will stay full of NULL pointers, which means we won't have any sub-TLVs. So when we get to isis_tlvs_add_extended_ip_reach the pcfgs pointer is never NULL even if all the pointers inside it are NULL. We must not allocate the container in this case.

@odd22
Copy link
Member

odd22 commented Apr 3, 2024

That's exactly what I looked at.

pcfgs is defined as a fixed-length array which is always non-NULL: struct sr_prefix_cfg *pcfgs[SR_ALGORITHM_COUNT] = {NULL};.

Then it is populated in the loop, but if there are no algorithms configured it will stay full of NULL pointers, which means we won't have any sub-TLVs. So when we get to isis_tlvs_add_extended_ip_reach the pcfgs pointer is never NULL even if all the pointers inside it are NULL. We must not allocate the container in this case.

OK. But, in this case, the modification should be done inside isis_lsp.c to not allocate an empty structure to pcfgs and pass a NULL pointer to isis_tlvs_add_extended_ip_reach if there is no Algorithms.

@idryzhov
Copy link
Contributor Author

idryzhov commented Apr 3, 2024

Why do you think it's better? It would just be much more code changes. isis_tlvs_add_extended_ip_reach and isis_tlvs_add_ipv6_reach are both called from 3 places where this needs to be fixed instead of a single place inside the function.

louis-6wind
louis-6wind suggested changes Apr 3, 2024
View reviewed changes
Copy link
Contributor

@louis-6wind louis-6wind left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@idryzhov @odd22, what happens if we have a prefix SID and we unconfigure it?

IMO, you should modify pack_item_extended_ip_reach() and its IPv6 equivalent.

Only set flag and return subTLV if one of the list count is not zero.

@louis-6wind
Copy link
Contributor

Could you amend an existing topotest to check the change?

@idryzhov
Copy link
Contributor Author

r->subtlvs is checked in several places in the code, not only in pack_item_extended_ip_reach. I think my fix is better than both suggestions, because it restores the previous behavior before flex-algo support – the struct is not allocated if there's no subTLVs. Both suggestions from @odd22 and @louis-6wind require much more changes to the code and more complicated checks instead of a simple NULL check.

Regarding the topotest question, I don't have time unfortunately to look into the topotests for that. You can add you own topotest commit to this branch if you want to have it before merging this PR.

louis-6wind
louis-6wind approved these changes Apr 19, 2024
View reviewed changes
Copy link
Contributor

@louis-6wind louis-6wind left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@louis-6wind
Copy link
Contributor

louis-6wind commented Apr 19, 2024
edited
Loading

I have tried to figure out how to make a topotest but it is much more complicated. Output from #14514 description is from the Arista device. No output shows the issue in FRR.

@idryzhov @odd22, what happens if we have a prefix SID and we unconfigure it?

I have tested that with your fix @idryzhov and it works because TLVs are built from scratch each time the config changes.

I think my fix is better than both suggestions, because it restores the previous behavior before flex-algo support

correct

@ton31337 ton31337 merged commit 1b2eb32 into FRRouting:master May 13, 2024
13 checks passed
@ton31337
Copy link
Member

@Mergifyio backport stable/9.0 stable/9.1 stable/10.0

@mergify Mergify
Copy link

mergify bot commented May 13, 2024
edited
Loading

backport stable/9.0 stable/9.1 stable/10.0

✅ Backports have been created

This was referenced May 13, 2024
Merged
Merged
Merged
ton31337 added a commit that referenced this pull request May 13, 2024
@ton31337
Merge pull request #15997 from FRRouting/mergify/bp/stable/9.1/pr-15655
995e159 
isisd: fix ip/ipv6 reachability tlvs (backport #15655)
ton31337 added a commit that referenced this pull request May 13, 2024
@ton31337
Merge pull request #15998 from FRRouting/mergify/bp/stable/10.0/pr-15655
653974e 
isisd: fix ip/ipv6 reachability tlvs (backport #15655)
riw777 added a commit that referenced this pull request May 13, 2024
@riw777
Merge pull request #15996 from FRRouting/mergify/bp/stable/9.0/pr-15655
c2ca061 
isisd: fix ip/ipv6 reachability tlvs (backport #15655)
@ipspace
Copy link

ipspace commented May 14, 2024

I can confirm that the fix makes IS-IS work between frr:master and Arista cEOS 4.32.0F. Great job, thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@odd22 odd22 odd22 approved these changes

@louis-6wind louis-6wind louis-6wind approved these changes

Assignees
No one assigned
Labels
backport bugfix isis master size/S
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

IS-IS: TLV 135 includes Sub-TLV presence bit is 1 when Sub-TLV length is 0.
5 participants
@idryzhov @odd22 @louis-6wind @ton31337 @ipspace