Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Pbrd nht refcount #22

Closed
wants to merge 385 commits into from
Closed

Conversation

qlyoung
Copy link

@qlyoung qlyoung commented Mar 15, 2018

have not tested in the slightest

Mitesh Kanjariya and others added 30 commits February 27, 2018 01:14
The PMSI attribute is only applicable to EVPN type-3 route.
Rmac is applicable to type-2 and type-5 routes.
We should attach these attributes appropiately based on route-type.

Signed-off-by: Mitesh Kanjariya <mitesh@cumulusnetworks.com>
This command doesnt make sense as EVPN routes are only present in
global table.

Signed-off-by: Mitesh Kanjariya <mitesh@cumulusnetworks.com>
zebra, bgp: Support type-5 routes with asymmetric routing
The netns backend is chosen by VRF if a runtime flag named vrfwnetns is
selected when running zebra.
In the case the NETNS backend is chosen, in some case the VRFID value is
being assigned the value of the NSID. Within the perimeter of that work,
this is why the vrf_lookup_by_table function is extended with a new
parameter.

Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
a vty command is added:
in addition to this command ( kept for future usage):
- [no] logical-router-id <ID> netns <NETNSNAME>
a new command is being placed under vrf subnode
- vrf <NAME>
   [no] netns <NETNSNAME>
  exit

This command permits to map a VRF with a Netnamespace.
The commit only handles the relationship between vrf and ns structures.
It adds 2 attributes to vrf structure:
- one defines the kind of vrf ( mapped under netns or vrf from kernel)
- the other is the opaque pointer to ns
The show running-config is handled by zebra daemon.

Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Using the vrf backend kind, the vty command that configured netns
under vty will not be installed if the vrf backend is vrf lite

Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Upon following calls: interface poll, address poll, route poll, and
ICMPv6 handling, each new Namespace is being parsed. For that, the
socket operations need to switch from one NS to one other, to get the
necessary information.

As of now, there is a crash when dumping interfaces, through show
running-config.

Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
For each route to be added or deleted, instead of applying directly to
default namespaces, when a vrf is mapped to a namespace, then the
correct zns must be found out.

Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
All ipv6 operations stick to namespace.

Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Using c-lang scan-build tool, fix a dereference of a null pointer.

Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
This commit is also a fix that avoids a VRF to be attached to the wrong
namespace context, at creation time. Because the VRF, at creation time
does not know yet the namespace where it will get its information.

Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
In addition to have the possibility to create from vty vrf based on a
netns backend, the API will be made accessible from external, especially
for zebra that will handle the netns discovery part. This commit is
externalising following functions:
- netns_pathname
- ns_handler_create
- vrf_handler_create

Also, the VRF initialisation case when under NETNS backend is changed,
since the NS identifier may not be known at the configuration time,but
may be known later, under discovery process.

Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
If vrf backend is netns, then the zebra will create its own
zebra_ns context for each new netns discovered. As consequence,
a routing table, and other contexts will be created for each
new namespace discovered. When it is enabled, a populate process
will be done, consisting in learning new interfaces and routes, and
addresses from other NETNS.

Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
The zebra netnamespace contexts are initialised, based on the callback
coming from the NS. Reversely, the list of ns is parsed to disable the
ns contexts.

Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Show vrf command displays information on the vrf, if it is related to
vrf kernel or if it is related to netns.
When a vrf from kernel is detected, before creating a new vrf, a check
is done against an already present vrf, and if that vrf is not a vrf
mapped with a netns. If that is that case, then the creation is
rejected.

Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
The addition of the name of the netns in the vrf message introduces also
a limitation when the size of the netns is bigger than 15 bytes. Then
the netns are ignored by the library.
In addition to this, some sanity checks have been introduced. some
functions to create the netns from a call not coming from the vty is
being added with traces.
Also, the ns vty function is reentrant, if the context is already
created.

Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Two apis are provided so that the switch from one netns to an other one
is taken care.
Also an other API to know if the VRF has a NETNS backend or a VRF Lite
backend.

Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
A NS identifier is collected by netlink. This identifier is a 32 bit
identifier that is either generated by the kernel (if not set) or
manually set by a set netlink command. The commit here is getting the
NSID from the newly created NS. If the linux option to create or get a
new NSID from the kernel does not exist, then the NSID is locally
genrated.

Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
upon zebra initialisation, and upon further netnamespace creation, the
the netnamespaces are created and a vrf associated to the netnamespace
is created. By convention, the name of the netns will be the same as the
VRF.
Add a stub routine that returns a fake ns identifier, in case netlink (
linux machines) is not available.
Also, upon each newly discovered NETNS, a NSID id being generated,
either by relying on kernel NSID feature, or by generating locally the
NSID ( see previous commit for more information).

Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
when the netns backend is selected for VRF, the default VRF is being
assigned a NSID. This avoids the need to handle the case where if the
incoming NSID was 0 for a non default VRF, then a specific handling had
to be done to keep 0 value for default VRF.
In most cases, as the first NETNS to get a NSID will be the default VRF,
most probably the default VRF will be assigned to 0, while the other
ones will have their value incremented. On some cases, where the NSID is
already assigned for NETNS, including default VRF, then the default VRF
value will be the one derived from the NSID of default VRF, thus keeping
consistency between VRF IDs and NETNS IDs.
Default NS is attempted to be created. Actually, some VMs may have the
netns feature, but the NS initialisation fails because that folder is
not present.

Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
this is a static analysis performed by c-lang scan-build tool that
demonstrated this issue. This commit is handling the fix.

Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
For supporting vrf based on namespaces, it is possible that an interface
with the same index is present. This is the case for loopback
interfaces. For that, for each query, if the interface is not found
, matching the vrf identifier, then a new interface is created, when the
backens for VRF is NETNS.

Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
the vrf identifier in the ospf_vrf_enable routine is never read, then
does not need to be initialised.

Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
The assert appears in zebra_mpls.c when checking default zebra_vrf.
It appears that when the mpls entries are flushed, it gets the default
vrf which is already flushed by vrf_terminate() function. In order to
avoid that assert to trigger a crash, the mpls flush is called before
vrf termination.

Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
The vrf_sockunion_socket() wraps sockunion_socket() with vrf_id as
additional parameter. The creation of socket forces the user to
transparently move to new NETNS for doing the operation.
The vrf_getaddr_info() wraps getaddr_info() with vrf_id as additional
parameter. That API relies on the underlying system. Then there may be
need to switch to an other netns in that case too.
Also, the vrf_socket() implementation is simplified.

Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
The change contained in this commit does the following:
- discovery of vrf id from zebra daemon, and adaptation of bgp contexts
  with BGP.
  The list of network addresses contain a reference to the bgp context
  supporting the vrf.
  The bgp context contains a vrf pointer that gives information about
  the netns path in case the vrf is a netns path.

Only some contexts are impacted, namely socket creation, and retrieval
of local IP settings. ( this requires vrf identifier).

Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Upon creation of BGP instances, server socket may or may not be created.
In the case of VRF instances, if the VRF backend relies on NETNS, then
a new server socket will be created for each BGP VRF instance. If the
VRF backend relies on VRF LITE, then only one server socket will be
enough. Moreover, At startup, with BGP VRF configuration, a server
socket may not be created if VRF is not the default one or VRF is not
recognized yet.

Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Upon starting a BGP VRF instance, the server socket is not created,
because the VRF ID is not known, and then underlying VRF backend is not
ready yet. Because of that, the peer connection attempt will not be
started before.

Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
donaldsharp and others added 18 commits March 14, 2018 08:43
When I use these functions and am programming on linux I
always have to pull up a man page for these two functions
since they exist in *BSD land only.

Modify the name of the size variable to destsize on
pass in to give me the small hint I need to know
what to do.

Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
ospf6d: Stop debug messages happening in rare case
…nc-fix

tools/frr-reload.py: process vnc settings as sub-context
lib: Fixup strlcat and strlcpy to be a bit more descriptive
…eeway

doc: document IS-IS three-way handshake config
bgpd: Parse PMSI Tunnel Attribute and display
There were several places where when I am attempting
to debug zebra functionality that I would really
like to have the ability to know what vrf I think
I am operating on.

Add the vrf_id to a bunch of zlog_debug messages
to help figure out issues when they happen.

Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
zebra: Add some additional vrf info to debugs
…bgp-vpn-vrf-leaking

bgpd: vpn - vrf route leaking
This is an implementation of PBR for FRR.

This implemenation uses a combination of rules and
tables to determine how packets will flow.

PBR introduces a new concept of 'nexthop-groups' to
specify a group of nexthops that will be used for
ecmp.  Nexthop-groups are specified on the cli via:

nexthop-group DONNA
  nexthop 192.168.208.1
  nexthop 192.168.209.1
  nexthop 192.168.210.1
!

PBR sees the nexthop-group and installs these as a default
route with these nexthops starting at table 10000
robot# show pbr nexthop-groups
Nexthop-Group: DONNA Table: 10001 Valid: 1 Installed: 1
	Valid: 1  nexthop 192.168.209.1
	Valid: 1  nexthop 192.168.210.1
	Valid: 1  nexthop 192.168.208.1

I have also introduced the ability to specify a table
in a 'show ip route table XXX' to see the specified tables.

robot# show ip route table 10001
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, P - PIM, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
       F - PBR,
       > - selected route, * - FIB route

F>* 0.0.0.0/0 [0/0] via 192.168.208.1, enp0s8, 00:14:25
  *                 via 192.168.209.1, enp0s9, 00:14:25
  *                 via 192.168.210.1, enp0s10, 00:14:25

PBR tracks PBR-MAPS via the pbr-map command:

!
pbr-map EVA seq 10
  match src-ip 4.3.4.0/24
  set nexthop-group DONNA
!
pbr-map EVA seq 20
  match dst-ip 4.3.5.0/24
  set nexthop-group DONNA
!

pbr-maps can have 'match src-ip <prefix>' and 'match dst-ip <prefix>'
to affect decisions about incoming packets.  Additionally if you
only have one nexthop to use for a pbr-map you do not need
to setup a nexthop-group and can specify 'set nexthop XXXX'.

To apply the pbr-map to an incoming interface you do this:

interface enp0s10
 pbr-policy EVA
!

When a pbr-map is applied to interfaces it can be installed
into the kernel as a rule:

[sharpd@robot frr1]$ ip rule show
0:	from all lookup local
309:	from 4.3.4.0/24 iif enp0s10 lookup 10001
319:	from all to 4.3.5.0/24 iif enp0s10 lookup 10001
1000:	from all lookup [l3mdev-table]
32766:	from all lookup main
32767:	from all lookup default

[sharpd@robot frr1]$ ip route show table 10001
default proto pbr metric 20
	nexthop via 192.168.208.1 dev enp0s8 weight 1
	nexthop via 192.168.209.1 dev enp0s9 weight 1
	nexthop via 192.168.210.1 dev enp0s10 weight 1

The linux kernel now will use the rules and tables to properly
apply these policies.

Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Signed-off-by: Don Slice <dslice@cumulusnetworks.com>
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Keep a hash of nexthops used by the NHT subsystem of pbrd together with
a refcount for each nexthop. Only send a removal message to Zebra when
the refcount drops to zero.

As part of this, change the nexthop member of pbr_nexthop_cache to a
pointer to the single copy stored in the hash.

Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
@qlyoung qlyoung closed this Mar 15, 2018
donaldsharp pushed a commit that referenced this pull request Jun 29, 2023
This commit ensures proper cleanup by deleting the gm_join_list when a PIM interface is deleted. The gm_join_list was previously not being freed, causing a memory leak.

The ASan leak log for reference:
```
***********************************************************************************
Address Sanitizer Error detected in multicast_mld_join_topo1.test_multicast_mld_local_join/r1.asan.pim6d.28070

=================================================================
==28070==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 40 byte(s) in 1 object(s) allocated from:
    #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    #1 0x56230373dd6b in qcalloc lib/memory.c:105
    #2 0x56230372180f in list_new lib/linklist.c:49
    #3 0x56230361b589 in pim_if_gm_join_add pimd/pim_iface.c:1313
    #4 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868
    #5 0x562303767280 in nb_callback_create lib/northbound.c:1235
    #6 0x562303767280 in nb_callback_configuration lib/northbound.c:1579
    #7 0x562303768a1d in nb_transaction_process lib/northbound.c:1710
    #8 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104
    #9 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137
    #10 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49
    #11 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88
    #12 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991
    #13 0x5623036c5f1b in cmd_execute_command lib/command.c:1053
    #14 0x5623036c6392 in cmd_execute lib/command.c:1221
    #15 0x5623037e75da in vty_command lib/vty.c:591
    #16 0x5623037e7a74 in vty_execute lib/vty.c:1354
    #17 0x5623037f0253 in vtysh_read lib/vty.c:2362
    #18 0x5623037db4e8 in event_call lib/event.c:1995
    #19 0x562303720f97 in frr_run lib/libfrr.c:1213
    #20 0x56230368615d in main pimd/pim6_main.c:184
    #21 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 192 byte(s) in 4 object(s) allocated from:
    #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    #1 0x56230373dd6b in qcalloc lib/memory.c:105
    #2 0x56230361b91d in gm_join_new pimd/pim_iface.c:1288
    #3 0x56230361b91d in pim_if_gm_join_add pimd/pim_iface.c:1326
    #4 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868
    #5 0x562303767280 in nb_callback_create lib/northbound.c:1235
    #6 0x562303767280 in nb_callback_configuration lib/northbound.c:1579
    #7 0x562303768a1d in nb_transaction_process lib/northbound.c:1710
    #8 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104
    #9 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137
    #10 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49
    #11 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88
    #12 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991
    #13 0x5623036c5f1b in cmd_execute_command lib/command.c:1053
    #14 0x5623036c6392 in cmd_execute lib/command.c:1221
    #15 0x5623037e75da in vty_command lib/vty.c:591
    #16 0x5623037e7a74 in vty_execute lib/vty.c:1354
    #17 0x5623037f0253 in vtysh_read lib/vty.c:2362
    #18 0x5623037db4e8 in event_call lib/event.c:1995
    #19 0x562303720f97 in frr_run lib/libfrr.c:1213
    #20 0x56230368615d in main pimd/pim6_main.c:184
    #21 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 96 byte(s) in 4 object(s) allocated from:
    #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    #1 0x56230373dd6b in qcalloc lib/memory.c:105
    #2 0x562303721651 in listnode_new lib/linklist.c:71
    #3 0x56230372182b in listnode_add lib/linklist.c:92
    #4 0x56230361ba9a in gm_join_new pimd/pim_iface.c:1295
    #5 0x56230361ba9a in pim_if_gm_join_add pimd/pim_iface.c:1326
    #6 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868
    #7 0x562303767280 in nb_callback_create lib/northbound.c:1235
    #8 0x562303767280 in nb_callback_configuration lib/northbound.c:1579
    #9 0x562303768a1d in nb_transaction_process lib/northbound.c:1710
    #10 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104
    #11 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137
    #12 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49
    #13 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88
    #14 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991
    #15 0x5623036c5f1b in cmd_execute_command lib/command.c:1053
    #16 0x5623036c6392 in cmd_execute lib/command.c:1221
    #17 0x5623037e75da in vty_command lib/vty.c:591
    #18 0x5623037e7a74 in vty_execute lib/vty.c:1354
    #19 0x5623037f0253 in vtysh_read lib/vty.c:2362
    #20 0x5623037db4e8 in event_call lib/event.c:1995
    #21 0x562303720f97 in frr_run lib/libfrr.c:1213
    #22 0x56230368615d in main pimd/pim6_main.c:184
    #23 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 48 byte(s) in 1 object(s) allocated from:
    #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    #1 0x56230373dd6b in qcalloc lib/memory.c:105
    #2 0x56230361b91d in gm_join_new pimd/pim_iface.c:1288
    #3 0x56230361b91d in pim_if_gm_join_add pimd/pim_iface.c:1326
    #4 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868
    #5 0x562303767280 in nb_callback_create lib/northbound.c:1235
    #6 0x562303767280 in nb_callback_configuration lib/northbound.c:1579
    #7 0x562303768a1d in nb_transaction_process lib/northbound.c:1710
    #8 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104
    #9 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137
    #10 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49
    #11 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88
    #12 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991
    #13 0x5623036c5f6f in cmd_execute_command lib/command.c:1072
    #14 0x5623036c6392 in cmd_execute lib/command.c:1221
    #15 0x5623037e75da in vty_command lib/vty.c:591
    #16 0x5623037e7a74 in vty_execute lib/vty.c:1354
    #17 0x5623037f0253 in vtysh_read lib/vty.c:2362
    #18 0x5623037db4e8 in event_call lib/event.c:1995
    #19 0x562303720f97 in frr_run lib/libfrr.c:1213
    #20 0x56230368615d in main pimd/pim6_main.c:184
    #21 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 24 byte(s) in 1 object(s) allocated from:
    #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    #1 0x56230373dd6b in qcalloc lib/memory.c:105
    #2 0x562303721651 in listnode_new lib/linklist.c:71
    #3 0x56230372182b in listnode_add lib/linklist.c:92
    #4 0x56230361ba9a in gm_join_new pimd/pim_iface.c:1295
    #5 0x56230361ba9a in pim_if_gm_join_add pimd/pim_iface.c:1326
    #6 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868
    #7 0x562303767280 in nb_callback_create lib/northbound.c:1235
    #8 0x562303767280 in nb_callback_configuration lib/northbound.c:1579
    #9 0x562303768a1d in nb_transaction_process lib/northbound.c:1710
    #10 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104
    #11 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137
    #12 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49
    #13 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88
    #14 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991
    #15 0x5623036c5f6f in cmd_execute_command lib/command.c:1072
    #16 0x5623036c6392 in cmd_execute lib/command.c:1221
    #17 0x5623037e75da in vty_command lib/vty.c:591
    #18 0x5623037e7a74 in vty_execute lib/vty.c:1354
    #19 0x5623037f0253 in vtysh_read lib/vty.c:2362
    #20 0x5623037db4e8 in event_call lib/event.c:1995
    #21 0x562303720f97 in frr_run lib/libfrr.c:1213
    #22 0x56230368615d in main pimd/pim6_main.c:184
    #23 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

SUMMARY: AddressSanitizer: 400 byte(s) leaked in 11 allocation(s).
***********************************************************************************
```

Signed-off-by: Keelan Cannoo <keelan.cannoo@icloud.com>
donaldsharp pushed a commit that referenced this pull request Sep 11, 2023
This commit ensures proper cleanup by deleting the gm_join_list when a PIM interface is deleted. The gm_join_list was previously not being freed, causing a memory leak.

The ASan leak log for reference:
```
***********************************************************************************
Address Sanitizer Error detected in multicast_mld_join_topo1.test_multicast_mld_local_join/r1.asan.pim6d.28070

=================================================================
==28070==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 40 byte(s) in 1 object(s) allocated from:
    #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    #1 0x56230373dd6b in qcalloc lib/memory.c:105
    #2 0x56230372180f in list_new lib/linklist.c:49
    #3 0x56230361b589 in pim_if_gm_join_add pimd/pim_iface.c:1313
    #4 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868
    #5 0x562303767280 in nb_callback_create lib/northbound.c:1235
    #6 0x562303767280 in nb_callback_configuration lib/northbound.c:1579
    #7 0x562303768a1d in nb_transaction_process lib/northbound.c:1710
    #8 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104
    #9 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137
    #10 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49
    #11 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88
    #12 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991
    #13 0x5623036c5f1b in cmd_execute_command lib/command.c:1053
    #14 0x5623036c6392 in cmd_execute lib/command.c:1221
    #15 0x5623037e75da in vty_command lib/vty.c:591
    #16 0x5623037e7a74 in vty_execute lib/vty.c:1354
    #17 0x5623037f0253 in vtysh_read lib/vty.c:2362
    #18 0x5623037db4e8 in event_call lib/event.c:1995
    #19 0x562303720f97 in frr_run lib/libfrr.c:1213
    #20 0x56230368615d in main pimd/pim6_main.c:184
    #21 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 192 byte(s) in 4 object(s) allocated from:
    #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    #1 0x56230373dd6b in qcalloc lib/memory.c:105
    #2 0x56230361b91d in gm_join_new pimd/pim_iface.c:1288
    #3 0x56230361b91d in pim_if_gm_join_add pimd/pim_iface.c:1326
    #4 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868
    #5 0x562303767280 in nb_callback_create lib/northbound.c:1235
    #6 0x562303767280 in nb_callback_configuration lib/northbound.c:1579
    #7 0x562303768a1d in nb_transaction_process lib/northbound.c:1710
    #8 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104
    #9 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137
    #10 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49
    #11 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88
    #12 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991
    #13 0x5623036c5f1b in cmd_execute_command lib/command.c:1053
    #14 0x5623036c6392 in cmd_execute lib/command.c:1221
    #15 0x5623037e75da in vty_command lib/vty.c:591
    #16 0x5623037e7a74 in vty_execute lib/vty.c:1354
    #17 0x5623037f0253 in vtysh_read lib/vty.c:2362
    #18 0x5623037db4e8 in event_call lib/event.c:1995
    #19 0x562303720f97 in frr_run lib/libfrr.c:1213
    #20 0x56230368615d in main pimd/pim6_main.c:184
    #21 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 96 byte(s) in 4 object(s) allocated from:
    #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    #1 0x56230373dd6b in qcalloc lib/memory.c:105
    #2 0x562303721651 in listnode_new lib/linklist.c:71
    #3 0x56230372182b in listnode_add lib/linklist.c:92
    #4 0x56230361ba9a in gm_join_new pimd/pim_iface.c:1295
    #5 0x56230361ba9a in pim_if_gm_join_add pimd/pim_iface.c:1326
    #6 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868
    #7 0x562303767280 in nb_callback_create lib/northbound.c:1235
    #8 0x562303767280 in nb_callback_configuration lib/northbound.c:1579
    #9 0x562303768a1d in nb_transaction_process lib/northbound.c:1710
    #10 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104
    #11 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137
    #12 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49
    #13 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88
    #14 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991
    #15 0x5623036c5f1b in cmd_execute_command lib/command.c:1053
    #16 0x5623036c6392 in cmd_execute lib/command.c:1221
    #17 0x5623037e75da in vty_command lib/vty.c:591
    #18 0x5623037e7a74 in vty_execute lib/vty.c:1354
    #19 0x5623037f0253 in vtysh_read lib/vty.c:2362
    #20 0x5623037db4e8 in event_call lib/event.c:1995
    #21 0x562303720f97 in frr_run lib/libfrr.c:1213
    #22 0x56230368615d in main pimd/pim6_main.c:184
    #23 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 48 byte(s) in 1 object(s) allocated from:
    #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    #1 0x56230373dd6b in qcalloc lib/memory.c:105
    #2 0x56230361b91d in gm_join_new pimd/pim_iface.c:1288
    #3 0x56230361b91d in pim_if_gm_join_add pimd/pim_iface.c:1326
    #4 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868
    #5 0x562303767280 in nb_callback_create lib/northbound.c:1235
    #6 0x562303767280 in nb_callback_configuration lib/northbound.c:1579
    #7 0x562303768a1d in nb_transaction_process lib/northbound.c:1710
    #8 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104
    #9 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137
    #10 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49
    #11 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88
    #12 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991
    #13 0x5623036c5f6f in cmd_execute_command lib/command.c:1072
    #14 0x5623036c6392 in cmd_execute lib/command.c:1221
    #15 0x5623037e75da in vty_command lib/vty.c:591
    #16 0x5623037e7a74 in vty_execute lib/vty.c:1354
    #17 0x5623037f0253 in vtysh_read lib/vty.c:2362
    #18 0x5623037db4e8 in event_call lib/event.c:1995
    #19 0x562303720f97 in frr_run lib/libfrr.c:1213
    #20 0x56230368615d in main pimd/pim6_main.c:184
    #21 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 24 byte(s) in 1 object(s) allocated from:
    #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    #1 0x56230373dd6b in qcalloc lib/memory.c:105
    #2 0x562303721651 in listnode_new lib/linklist.c:71
    #3 0x56230372182b in listnode_add lib/linklist.c:92
    #4 0x56230361ba9a in gm_join_new pimd/pim_iface.c:1295
    #5 0x56230361ba9a in pim_if_gm_join_add pimd/pim_iface.c:1326
    #6 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868
    #7 0x562303767280 in nb_callback_create lib/northbound.c:1235
    #8 0x562303767280 in nb_callback_configuration lib/northbound.c:1579
    #9 0x562303768a1d in nb_transaction_process lib/northbound.c:1710
    #10 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104
    #11 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137
    #12 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49
    #13 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88
    #14 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991
    #15 0x5623036c5f6f in cmd_execute_command lib/command.c:1072
    #16 0x5623036c6392 in cmd_execute lib/command.c:1221
    #17 0x5623037e75da in vty_command lib/vty.c:591
    #18 0x5623037e7a74 in vty_execute lib/vty.c:1354
    #19 0x5623037f0253 in vtysh_read lib/vty.c:2362
    #20 0x5623037db4e8 in event_call lib/event.c:1995
    #21 0x562303720f97 in frr_run lib/libfrr.c:1213
    #22 0x56230368615d in main pimd/pim6_main.c:184
    #23 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

SUMMARY: AddressSanitizer: 400 byte(s) leaked in 11 allocation(s).
***********************************************************************************
```

Signed-off-by: Keelan Cannoo <keelan.cannoo@icloud.com>
(cherry picked from commit 24379f0)
donaldsharp pushed a commit that referenced this pull request Nov 21, 2023
The function aspath_remove_private_asns was using an aspath to perform some operation and didnt free it after usage leading to the leak below.

***********************************************************************************
Address Sanitizer Error detected in bgp_remove_private_as_route_map.test_bgp_remove_private_as_route_map/r2.asan.bgpd.27074

=================================================================
==27074==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 80 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    #1 0x7fd0a45932ff in qcalloc lib/memory.c:105
    #2 0x562b630b44cc in aspath_dup bgpd/bgp_aspath.c:689
    #3 0x562b62f48498 in route_set_aspath_prepend bgpd/bgp_routemap.c:2283
    #4 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    #5 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    #6 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    #7 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    #8 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    #9 0x562b62f6ae90 in subgroup_coalesce_timer bgpd/bgp_updgrp_adv.c:368
    #10 0x7fd0a463322a in event_call lib/event.c:1970
    #11 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    #12 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    #13 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Direct leak of 80 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    #1 0x7fd0a45932ff in qcalloc lib/memory.c:105
    #2 0x562b630b44cc in aspath_dup bgpd/bgp_aspath.c:689
    #3 0x562b62f48498 in route_set_aspath_prepend bgpd/bgp_routemap.c:2283
    #4 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    #5 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    #6 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    #7 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    #8 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    #9 0x562b62f5b844 in updgrp_policy_update_walkcb bgpd/bgp_updgrp.c:1685
    #10 0x562b62f59442 in update_group_walkcb bgpd/bgp_updgrp.c:1721
    #11 0x7fd0a455a7aa in hash_walk lib/hash.c:270
    #12 0x562b62f64a48 in update_group_af_walk bgpd/bgp_updgrp.c:2062
    #13 0x562b62f6508c in update_group_walk bgpd/bgp_updgrp.c:2071
    #14 0x562b62f6520c in update_group_policy_update bgpd/bgp_updgrp.c:1769
    #15 0x562b62f4c2be in bgp_route_map_process_update bgpd/bgp_routemap.c:4501
    #16 0x562b62f4d81a in bgp_route_map_process_update_cb bgpd/bgp_routemap.c:4683
    #17 0x7fd0a45ed7e8 in route_map_walk_update_list lib/routemap.c:870
    #18 0x562b62f337a2 in bgp_route_map_update_timer bgpd/bgp_routemap.c:4695
    #19 0x7fd0a463322a in event_call lib/event.c:1970
    #20 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    #21 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    #22 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 64 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
    #1 0x7fd0a459301f in qmalloc lib/memory.c:100
    #2 0x562b630b313f in aspath_make_str_count bgpd/bgp_aspath.c:551
    #3 0x562b630b3ecf in aspath_str_update bgpd/bgp_aspath.c:659
    #4 0x562b630b88b7 in aspath_prepend bgpd/bgp_aspath.c:1484
    #5 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
    #6 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    #7 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    #8 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    #9 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    #10 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    #11 0x562b62f6ae90 in subgroup_coalesce_timer bgpd/bgp_updgrp_adv.c:368
    #12 0x7fd0a463322a in event_call lib/event.c:1970
    #13 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    #14 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    #15 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 64 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
    #1 0x7fd0a459301f in qmalloc lib/memory.c:100
    #2 0x562b630b313f in aspath_make_str_count bgpd/bgp_aspath.c:551
    #3 0x562b630b3ecf in aspath_str_update bgpd/bgp_aspath.c:659
    #4 0x562b630b88b7 in aspath_prepend bgpd/bgp_aspath.c:1484
    #5 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
    #6 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    #7 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    #8 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    #9 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    #10 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    #11 0x562b62f5b844 in updgrp_policy_update_walkcb bgpd/bgp_updgrp.c:1685
    #12 0x562b62f59442 in update_group_walkcb bgpd/bgp_updgrp.c:1721
    #13 0x7fd0a455a7aa in hash_walk lib/hash.c:270
    #14 0x562b62f64a48 in update_group_af_walk bgpd/bgp_updgrp.c:2062
    #15 0x562b62f6508c in update_group_walk bgpd/bgp_updgrp.c:2071
    #16 0x562b62f6520c in update_group_policy_update bgpd/bgp_updgrp.c:1769
    #17 0x562b62f4c2be in bgp_route_map_process_update bgpd/bgp_routemap.c:4501
    #18 0x562b62f4d81a in bgp_route_map_process_update_cb bgpd/bgp_routemap.c:4683
    #19 0x7fd0a45ed7e8 in route_map_walk_update_list lib/routemap.c:870
    #20 0x562b62f337a2 in bgp_route_map_update_timer bgpd/bgp_routemap.c:4695
    #21 0x7fd0a463322a in event_call lib/event.c:1970
    #22 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    #23 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    #24 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 48 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    #1 0x7fd0a45932ff in qcalloc lib/memory.c:105
    #2 0x562b630b280d in assegment_new bgpd/bgp_aspath.c:105
    #3 0x562b630b28f7 in assegment_dup bgpd/bgp_aspath.c:145
    #4 0x562b630b29e8 in assegment_dup_all bgpd/bgp_aspath.c:162
    #5 0x562b630b8895 in aspath_prepend bgpd/bgp_aspath.c:1483
    #6 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
    #7 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    #8 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    #9 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    #10 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    #11 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    #12 0x562b62f5b844 in updgrp_policy_update_walkcb bgpd/bgp_updgrp.c:1685
    #13 0x562b62f59442 in update_group_walkcb bgpd/bgp_updgrp.c:1721
    #14 0x7fd0a455a7aa in hash_walk lib/hash.c:270
    #15 0x562b62f64a48 in update_group_af_walk bgpd/bgp_updgrp.c:2062
    #16 0x562b62f6508c in update_group_walk bgpd/bgp_updgrp.c:2071
    #17 0x562b62f6520c in update_group_policy_update bgpd/bgp_updgrp.c:1769
    #18 0x562b62f4c2be in bgp_route_map_process_update bgpd/bgp_routemap.c:4501
    #19 0x562b62f4d81a in bgp_route_map_process_update_cb bgpd/bgp_routemap.c:4683
    #20 0x7fd0a45ed7e8 in route_map_walk_update_list lib/routemap.c:870
    #21 0x562b62f337a2 in bgp_route_map_update_timer bgpd/bgp_routemap.c:4695
    #22 0x7fd0a463322a in event_call lib/event.c:1970
    #23 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    #24 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    #25 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 48 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    #1 0x7fd0a45932ff in qcalloc lib/memory.c:105
    #2 0x562b630b280d in assegment_new bgpd/bgp_aspath.c:105
    #3 0x562b630b28f7 in assegment_dup bgpd/bgp_aspath.c:145
    #4 0x562b630b29e8 in assegment_dup_all bgpd/bgp_aspath.c:162
    #5 0x562b630b8895 in aspath_prepend bgpd/bgp_aspath.c:1483
    #6 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
    #7 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    #8 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    #9 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    #10 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    #11 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    #12 0x562b62f6ae90 in subgroup_coalesce_timer bgpd/bgp_updgrp_adv.c:368
    #13 0x7fd0a463322a in event_call lib/event.c:1970
    #14 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    #15 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    #16 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 16 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
    #1 0x7fd0a459301f in qmalloc lib/memory.c:100
    #2 0x562b630b2879 in assegment_data_new bgpd/bgp_aspath.c:83
    #3 0x562b630b2879 in assegment_new bgpd/bgp_aspath.c:108
    #4 0x562b630b28f7 in assegment_dup bgpd/bgp_aspath.c:145
    #5 0x562b630b29e8 in assegment_dup_all bgpd/bgp_aspath.c:162
    #6 0x562b630b8895 in aspath_prepend bgpd/bgp_aspath.c:1483
    #7 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
    #8 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    #9 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    #10 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    #11 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    #12 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    #13 0x562b62f6ae90 in subgroup_coalesce_timer bgpd/bgp_updgrp_adv.c:368
    #14 0x7fd0a463322a in event_call lib/event.c:1970
    #15 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    #16 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    #17 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 16 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
    #1 0x7fd0a459301f in qmalloc lib/memory.c:100
    #2 0x562b630b2879 in assegment_data_new bgpd/bgp_aspath.c:83
    #3 0x562b630b2879 in assegment_new bgpd/bgp_aspath.c:108
    #4 0x562b630b28f7 in assegment_dup bgpd/bgp_aspath.c:145
    #5 0x562b630b29e8 in assegment_dup_all bgpd/bgp_aspath.c:162
    #6 0x562b630b8895 in aspath_prepend bgpd/bgp_aspath.c:1483
    #7 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
    #8 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    #9 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    #10 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    #11 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    #12 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    #13 0x562b62f5b844 in updgrp_policy_update_walkcb bgpd/bgp_updgrp.c:1685
    #14 0x562b62f59442 in update_group_walkcb bgpd/bgp_updgrp.c:1721
    #15 0x7fd0a455a7aa in hash_walk lib/hash.c:270
    #16 0x562b62f64a48 in update_group_af_walk bgpd/bgp_updgrp.c:2062
    #17 0x562b62f6508c in update_group_walk bgpd/bgp_updgrp.c:2071
    #18 0x562b62f6520c in update_group_policy_update bgpd/bgp_updgrp.c:1769
    #19 0x562b62f4c2be in bgp_route_map_process_update bgpd/bgp_routemap.c:4501
    #20 0x562b62f4d81a in bgp_route_map_process_update_cb bgpd/bgp_routemap.c:4683
    #21 0x7fd0a45ed7e8 in route_map_walk_update_list lib/routemap.c:870
    #22 0x562b62f337a2 in bgp_route_map_update_timer bgpd/bgp_routemap.c:4695
    #23 0x7fd0a463322a in event_call lib/event.c:1970
    #24 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    #25 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    #26 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

SUMMARY: AddressSanitizer: 416 byte(s) leaked in 16 allocation(s).
***********************************************************************************

Signed-off-by: ryndia <dindyalsarvesh@gmail.com>
donaldsharp pushed a commit that referenced this pull request Jun 26, 2024
Fix a crash when doing "show isis database detail json" in
isis_srv6_topo1 topotest.

> #0  raise (sig=<optimized out>) at ../sysdeps/unix/sysv/linux/raise.c:50
> #1  0x00007fad89524e2c in core_handler (signo=6, siginfo=0x7ffe86a4b8b0, context=0x7ffe86a4b780) at lib/sigevent.c:258
> #2  <signal handler called>
> #3  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
> #4  0x00007fad8904e537 in __GI_abort () at abort.c:79
> #5  0x00007fad8904e40f in __assert_fail_base (fmt=0x7fad891c5688 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x7fad8a3e70e8 "json_object_get_type(jso) == json_type_object",
>     file=0x7fad8a3e7064 "./json_object.c", line=590, function=<optimized out>) at assert.c:92
> #6  0x00007fad8905d662 in __GI___assert_fail (assertion=0x7fad8a3e70e8 "json_object_get_type(jso) == json_type_object", file=0x7fad8a3e7064 "./json_object.c", line=590,
>     function=0x7fad8a3e7440 "json_object_object_add_ex") at assert.c:101
> #7  0x00007fad8a3dfe93 in json_object_object_add_ex () from /lib/x86_64-linux-gnu/libjson-c.so.5
> #8  0x000055708e3f8f7f in format_subsubtlv_srv6_sid_structure (sid_struct=0x602000172b70, buf=0x0, json=0x6040000a21d0, indent=6) at isisd/isis_tlvs.c:2880
> #9  0x000055708e3f9acb in isis_format_subsubtlvs (subsubtlvs=0x602000172b50, buf=0x0, json=0x6040000a21d0, indent=6) at isisd/isis_tlvs.c:3022
> #10 0x000055708e3eefb0 in format_item_ext_subtlvs (exts=0x614000047440, buf=0x0, json=0x6040000a2190, indent=2, mtid=2) at isisd/isis_tlvs.c:1313
> #11 0x000055708e3fd599 in format_item_extended_reach (mtid=2, i=0x60300015aed0, buf=0x0, json=0x6040000a1bd0, indent=0) at isisd/isis_tlvs.c:3763
> #12 0x000055708e40d46a in format_item (mtid=2, context=ISIS_CONTEXT_LSP, type=ISIS_TLV_MT_REACH, i=0x60300015aed0, buf=0x0, json=0x6040000a1bd0, indent=0) at isisd/isis_tlvs.c:6789
> #13 0x000055708e40d4fc in format_items_ (mtid=2, context=ISIS_CONTEXT_LSP, type=ISIS_TLV_MT_REACH, items=0x60600021d160, buf=0x0, json=0x6040000a1bd0, indent=0) at isisd/isis_tlvs.c:6804
> #14 0x000055708e40edbc in format_mt_items (context=ISIS_CONTEXT_LSP, type=ISIS_TLV_MT_REACH, m=0x6180000845d8, buf=0x0, json=0x6040000a1bd0, indent=0) at isisd/isis_tlvs.c:7147
> #15 0x000055708e4111e9 in format_tlvs (tlvs=0x618000084480, buf=0x0, json=0x6040000a1bd0, indent=0) at isisd/isis_tlvs.c:7572
> #16 0x000055708e4114ce in isis_format_tlvs (tlvs=0x618000084480, json=0x6040000a1bd0) at isisd/isis_tlvs.c:7613
> #17 0x000055708e36f167 in lsp_print_detail (lsp=0x612000058b40, vty=0x0, json=0x6040000a1bd0, dynhost=1 '\001', isis=0x60d00001f800) at isisd/isis_lsp.c:785
> #18 0x000055708e36f31f in lsp_print_all (vty=0x0, json=0x6040000a0490, head=0x61f000005488, detail=1 '\001', dynhost=1 '\001', isis=0x60d00001f800) at isisd/isis_lsp.c:820
> #19 0x000055708e4379fc in show_isis_database_lspdb_json (json=0x6040000a0450, area=0x61f000005480, level=0, lspdb=0x61f000005488, sysid_str=0x0, ui_level=1) at isisd/isisd.c:2683
> #20 0x000055708e437ef9 in show_isis_database_json (json=0x6040000a0310, sysid_str=0x0, ui_level=1, isis=0x60d00001f800) at isisd/isisd.c:2754
> #21 0x000055708e438357 in show_isis_database_common (vty=0x62e000060400, json=0x6040000a0310, sysid_str=0x0, ui_level=1, isis=0x60d00001f800) at isisd/isisd.c:2788
> #22 0x000055708e438591 in show_isis_database (vty=0x62e000060400, json=0x6040000a0310, sysid_str=0x0, ui_level=1, vrf_name=0x7fad89806300 <vrf_default_name> "default", all_vrf=false)
>     at isisd/isisd.c:2825
> #23 0x000055708e43891d in show_database (self=0x55708e5519c0 <show_database_cmd>, vty=0x62e000060400, argc=5, argv=0x6040000a02d0) at isisd/isisd.c:2855
> #24 0x00007fad893a9767 in cmd_execute_command_real (vline=0x60300015f220, vty=0x62e000060400, cmd=0x0, up_level=0) at lib/command.c:1002
> #25 0x00007fad893a9adc in cmd_execute_command (vline=0x60300015f220, vty=0x62e000060400, cmd=0x0, vtysh=0) at lib/command.c:1061
> #26 0x00007fad893aa728 in cmd_execute (vty=0x62e000060400, cmd=0x621000025900 "show isis database detail json ", matched=0x0, vtysh=0) at lib/command.c:1227

Note that prior to 2e670cd, there was no crash but only the last
"srv6-sid-structure" was displayed. A "srv6-sid-structure" should be
displayed for each "sid". This commit also fix this.

Was:

> "srv6-lan-endx-sid": [
>   {
>     "sid": "fc00:0:1:1::",
>     "weight": 0,
>     "algorithm": "SPF",
>     "neighbor-id": "0000.0000.0002"
>   },
>   {
>     "sid": "fc00:0:1:2::",
>     "weight": 0,
>     "algorithm": "SPF",
>     "neighbor-id": "0000.0000.0003"
>   }
> ],
> "srv6-sid-structure": {
>   "loc-block-len": 32,
>   "loc-node-len": 16,
>   "func-len": 16,
>   "arg-len": 0
> },

Now (srv6-sid-structure are identical but they are not always):

> "srv6-lan-endx-sid": [
>   {
>     "sid": "fc00:0:1:1::",
>     "algorithm": "SPF",
>     "neighbor-id": "0000.0000.0002",
>     "srv6-sid-structure": {
>       "loc-block-len": 32,
>       "loc-node-len": 16,
>       "func-len": 8,
>       "arg-len": 0
>     },
>   },
>   {
>     "sid": "fc00:0:1:2::",
>     "algorithm": "SPF",
>     "neighbor-id": "0000.0000.0003",
>     "srv6-sid-structure": {
>       "loc-block-len": 32,
>       "loc-node-len": 16,
>       "func-len": 16,
>       "arg-len": 0
>     },
>   }
> ],

Fixes: 2e670cd ("isisd: fix display of srv6 subsubtlvs")
Fixes: 648a158 ("isisd: Add SRv6 End.X SID to Sub-TLV format func")
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
donaldsharp pushed a commit that referenced this pull request Jul 26, 2024
Fix the following crash when pim options are (un)configured on an
non-existent interface.

> r1(config)# int fgljdsf
> r1(config-if)# no ip pim unicast-bsm
> vtysh: error reading from pimd: Connection reset by peer (104)Warning: closing connection to pimd because of an I/O error!

> #0  raise (sig=<optimized out>) at ../sysdeps/unix/sysv/linux/raise.c:50
> #1  0x00007f70c8f32249 in core_handler (signo=11, siginfo=0x7fffff88e4f0, context=0x7fffff88e3c0) at lib/sigevent.c:258
> #2  <signal handler called>
> #3  0x0000556cfdd9b16d in lib_interface_pim_address_family_unicast_bsm_modify (args=0x7fffff88f130) at pimd/pim_nb_config.c:1910
> #4  0x00007f70c8efdcb5 in nb_callback_modify (context=0x556d00032b60, nb_node=0x556cffeeb9b0, event=NB_EV_APPLY, dnode=0x556d00031670, resource=0x556d00032b48, errmsg=0x7fffff88f710 "", errmsg_len=8192)
>     at lib/northbound.c:1538
> #5  0x00007f70c8efe949 in nb_callback_configuration (context=0x556d00032b60, event=NB_EV_APPLY, change=0x556d00032b10, errmsg=0x7fffff88f710 "", errmsg_len=8192) at lib/northbound.c:1888
> #6  0x00007f70c8efee82 in nb_transaction_process (event=NB_EV_APPLY, transaction=0x556d00032b60, errmsg=0x7fffff88f710 "", errmsg_len=8192) at lib/northbound.c:2016
> #7  0x00007f70c8efd658 in nb_candidate_commit_apply (transaction=0x556d00032b60, save_transaction=true, transaction_id=0x0, errmsg=0x7fffff88f710 "", errmsg_len=8192) at lib/northbound.c:1356
> #8  0x00007f70c8efd78e in nb_candidate_commit (context=..., candidate=0x556cffeb0e80, save_transaction=true, comment=0x0, transaction_id=0x0, errmsg=0x7fffff88f710 "", errmsg_len=8192) at lib/northbound.c:1389
> #9  0x00007f70c8f03e58 in nb_cli_classic_commit (vty=0x556d00025a80) at lib/northbound_cli.c:51
> #10 0x00007f70c8f043f8 in nb_cli_apply_changes_internal (vty=0x556d00025a80,
>     xpath_base=0x7fffff893bb0 "/frr-interface:lib/interface[name='fgljdsf']/frr-pim:pim/address-family[address-family='frr-routing:ipv4']", clear_pending=false) at lib/northbound_cli.c:178
> #11 0x00007f70c8f0475d in nb_cli_apply_changes (vty=0x556d00025a80, xpath_base_fmt=0x556cfdde9fe0 "./frr-pim:pim/address-family[address-family='%s']") at lib/northbound_cli.c:234
> #12 0x0000556cfdd8298f in pim_process_no_unicast_bsm_cmd (vty=0x556d00025a80) at pimd/pim_cmd_common.c:3493
> #13 0x0000556cfddcf782 in no_ip_pim_ucast_bsm (self=0x556cfde40b20 <no_ip_pim_ucast_bsm_cmd>, vty=0x556d00025a80, argc=4, argv=0x556d00031500) at pimd/pim_cmd.c:4950
> #14 0x00007f70c8e942f0 in cmd_execute_command_real (vline=0x556d00032070, vty=0x556d00025a80, cmd=0x0, up_level=0) at lib/command.c:1002
> #15 0x00007f70c8e94451 in cmd_execute_command (vline=0x556d00032070, vty=0x556d00025a80, cmd=0x0, vtysh=0) at lib/command.c:1061
> #16 0x00007f70c8e9499f in cmd_execute (vty=0x556d00025a80, cmd=0x556d00030320 "no ip pim unicast-bsm", matched=0x0, vtysh=0) at lib/command.c:1227
> #17 0x00007f70c8f51e44 in vty_command (vty=0x556d00025a80, buf=0x556d00030320 "no ip pim unicast-bsm") at lib/vty.c:616
> #18 0x00007f70c8f53bdd in vty_execute (vty=0x556d00025a80) at lib/vty.c:1379
> #19 0x00007f70c8f55d59 in vtysh_read (thread=0x7fffff896600) at lib/vty.c:2374
> #20 0x00007f70c8f4b209 in event_call (thread=0x7fffff896600) at lib/event.c:2011
> #21 0x00007f70c8ed109e in frr_run (master=0x556cffdb4ea0) at lib/libfrr.c:1217
> #22 0x0000556cfdddec12 in main (argc=2, argv=0x7fffff896828, envp=0x7fffff896840) at pimd/pim_main.c:165
> (gdb) f 3
> #3  0x0000556cfdd9b16d in lib_interface_pim_address_family_unicast_bsm_modify (args=0x7fffff88f130) at pimd/pim_nb_config.c:1910
> 1910			pim_ifp->ucast_bsm_accept =
> (gdb) list
> 1905		case NB_EV_ABORT:
> 1906			break;
> 1907		case NB_EV_APPLY:
> 1908			ifp = nb_running_get_entry(args->dnode, NULL, true);
> 1909			pim_ifp = ifp->info;
> 1910			pim_ifp->ucast_bsm_accept =
> 1911				yang_dnode_get_bool(args->dnode, NULL);
> 1912
> 1913			break;
> 1914		}
> (gdb) p pim_ifp
> $1 = (struct pim_interface *) 0x0

Fixes: 3bb513c ("lib: adapt to version 2 of libyang")
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
donaldsharp pushed a commit that referenced this pull request Aug 28, 2024
Fix crash when flex-algo is configured and mpls-te is disabled.

> interface eth0
>  ip router isis 1
> !
> router isis 1
>  flex-algo 129
>   dataplane sr-mpls
>   advertise-definition

> #0  __pthread_kill_implementation (no_tid=0, signo=11, threadid=140486233631168) at ./nptl/pthread_kill.c:44
> #1  __pthread_kill_internal (signo=11, threadid=140486233631168) at ./nptl/pthread_kill.c:78
> #2  __GI___pthread_kill (threadid=140486233631168, signo=signo@entry=11) at ./nptl/pthread_kill.c:89
> #3  0x00007fc5802e9476 in __GI_raise (sig=11) at ../sysdeps/posix/raise.c:26
> #4  0x00007fc58076021f in core_handler (signo=11, siginfo=0x7ffd38d42470, context=0x7ffd38d42340) at lib/sigevent.c:248
> #5  <signal handler called>
> #6  0x000055c527f798c9 in isis_link_params_update_asla (circuit=0x55c52aaed3c0, ifp=0x55c52a1044e0) at isisd/isis_te.c:176
> #7  0x000055c527fb29da in isis_instance_flex_algo_create (args=0x7ffd38d43120) at isisd/isis_nb_config.c:2875
> #8  0x00007fc58072655b in nb_callback_create (context=0x55c52ab1d2f0, nb_node=0x55c529f72950, event=NB_EV_APPLY, dnode=0x55c52ab06230, resource=0x55c52ab189f8, errmsg=0x7ffd38d43750 "",
>     errmsg_len=8192) at lib/northbound.c:1262
> #9  0x00007fc580727625 in nb_callback_configuration (context=0x55c52ab1d2f0, event=NB_EV_APPLY, change=0x55c52ab189c0, errmsg=0x7ffd38d43750 "", errmsg_len=8192) at lib/northbound.c:1662
> #10 0x00007fc580727c39 in nb_transaction_process (event=NB_EV_APPLY, transaction=0x55c52ab1d2f0, errmsg=0x7ffd38d43750 "", errmsg_len=8192) at lib/northbound.c:1794
> #11 0x00007fc580725f77 in nb_candidate_commit_apply (transaction=0x55c52ab1d2f0, save_transaction=true, transaction_id=0x0, errmsg=0x7ffd38d43750 "", errmsg_len=8192)
>     at lib/northbound.c:1131
> #12 0x00007fc5807260d1 in nb_candidate_commit (context=..., candidate=0x55c529f0a730, save_transaction=true, comment=0x0, transaction_id=0x0, errmsg=0x7ffd38d43750 "", errmsg_len=8192)
>     at lib/northbound.c:1164
> #13 0x00007fc58072d220 in nb_cli_classic_commit (vty=0x55c52a0fc6b0) at lib/northbound_cli.c:51
> #14 0x00007fc58072d839 in nb_cli_apply_changes_internal (vty=0x55c52a0fc6b0,
>     xpath_base=0x7ffd38d477f0 "/frr-isisd:isis/instance[area-tag='1'][vrf='default']/flex-algos/flex-algo[flex-algo='129']", clear_pending=false) at lib/northbound_cli.c:178
> #15 0x00007fc58072dbcf in nb_cli_apply_changes (vty=0x55c52a0fc6b0, xpath_base_fmt=0x55c528014de0 "./flex-algos/flex-algo[flex-algo='%ld']") at lib/northbound_cli.c:234
> #16 0x000055c527fd3403 in flex_algo_magic (self=0x55c52804f1a0 <flex_algo_cmd>, vty=0x55c52a0fc6b0, argc=2, argv=0x55c52ab00ec0, algorithm=129, algorithm_str=0x55c52ab120d0 "129")
>     at isisd/isis_cli.c:3752
> #17 0x000055c527fc97cb in flex_algo (self=0x55c52804f1a0 <flex_algo_cmd>, vty=0x55c52a0fc6b0, argc=2, argv=0x55c52ab00ec0) at ./isisd/isis_cli_clippy.c:6445
> #18 0x00007fc5806b9abc in cmd_execute_command_real (vline=0x55c52aaf78f0, vty=0x55c52a0fc6b0, cmd=0x0, up_level=0) at lib/command.c:984
> #19 0x00007fc5806b9c35 in cmd_execute_command (vline=0x55c52aaf78f0, vty=0x55c52a0fc6b0, cmd=0x0, vtysh=0) at lib/command.c:1043
> #20 0x00007fc5806ba1e5 in cmd_execute (vty=0x55c52a0fc6b0, cmd=0x55c52aae6bd0 "flex-algo 129\n", matched=0x0, vtysh=0) at lib/command.c:1209
> #21 0x00007fc580782ae1 in vty_command (vty=0x55c52a0fc6b0, buf=0x55c52aae6bd0 "flex-algo 129\n") at lib/vty.c:615
> #22 0x00007fc580784a05 in vty_execute (vty=0x55c52a0fc6b0) at lib/vty.c:1378
> #23 0x00007fc580787131 in vtysh_read (thread=0x7ffd38d4ab10) at lib/vty.c:2373
> #24 0x00007fc58077b605 in event_call (thread=0x7ffd38d4ab10) at lib/event.c:2011
> #25 0x00007fc5806f8976 in frr_run (master=0x55c529df9b30) at lib/libfrr.c:1212
> #26 0x000055c527f301bc in main (argc=5, argv=0x7ffd38d4ad58, envp=0x7ffd38d4ad88) at isisd/isis_main.c:350
> (gdb) f 6
> #6  0x000055c527f798c9 in isis_link_params_update_asla (circuit=0x55c52aaed3c0, ifp=0x55c52a1044e0) at isisd/isis_te.c:176
> 176                     list_delete_all_node(ext->aslas);
> (gdb) p ext
> $1 = (struct isis_ext_subtlvs *) 0x0

Fixes: ae27101 ("isisd: fix building asla at first flex-algo config")
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
donaldsharp pushed a commit that referenced this pull request Sep 11, 2024
The following causes a isisd crash.

> # cat config
> affinity-map green bit-position 0
> router isis 1
>  flex-algo 129
>   affinity exclude-any green
> # vtysh -f config

> #0  raise (sig=<optimized out>) at ../sysdeps/unix/sysv/linux/raise.c:50
> #1  0x00007f650cd32756 in core_handler (signo=6, siginfo=0x7ffc56f93070, context=0x7ffc56f92f40) at lib/sigevent.c:258
> #2  <signal handler called>
> #3  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
> #4  0x00007f650c91c537 in __GI_abort () at abort.c:79
> #5  0x00007f650cd007c9 in nb_running_get_entry_worker (dnode=0x0, xpath=0x0, abort_if_not_found=true, rec_search=true) at lib/northbound.c:2531
> #6  0x00007f650cd007f9 in nb_running_get_entry (dnode=0x55d9ad406e00, xpath=0x0, abort_if_not_found=true) at lib/northbound.c:2537
> #7  0x000055d9ab302248 in isis_instance_flex_algo_affinity_set (args=0x7ffc56f947a0, type=2) at isisd/isis_nb_config.c:2998
> #8  0x000055d9ab3027c0 in isis_instance_flex_algo_affinity_exclude_any_create (args=0x7ffc56f947a0) at isisd/isis_nb_config.c:3155
> #9  0x00007f650ccfe284 in nb_callback_create (context=0x7ffc56f94d20, nb_node=0x55d9ad28b540, event=NB_EV_VALIDATE, dnode=0x55d9ad406e00, resource=0x0, errmsg=0x7ffc56f94de0 "",
>     errmsg_len=8192) at lib/northbound.c:1487
> #10 0x00007f650ccff067 in nb_callback_configuration (context=0x7ffc56f94d20, event=NB_EV_VALIDATE, change=0x55d9ad406d40, errmsg=0x7ffc56f94de0 "", errmsg_len=8192) at lib/northbound.c:1884
> #11 0x00007f650ccfda31 in nb_candidate_validate_code (context=0x7ffc56f94d20, candidate=0x55d9ad20d710, changes=0x7ffc56f94d38, errmsg=0x7ffc56f94de0 "", errmsg_len=8192)
>     at lib/northbound.c:1246
> #12 0x00007f650ccfdc67 in nb_candidate_commit_prepare (context=..., candidate=0x55d9ad20d710, comment=0x0, transaction=0x7ffc56f94da0, skip_validate=false, ignore_zero_change=false,
>     errmsg=0x7ffc56f94de0 "", errmsg_len=8192) at lib/northbound.c:1317
> #13 0x00007f650ccfdec4 in nb_candidate_commit (context=..., candidate=0x55d9ad20d710, save_transaction=true, comment=0x0, transaction_id=0x0, errmsg=0x7ffc56f94de0 "", errmsg_len=8192)
>     at lib/northbound.c:1381
> #14 0x00007f650cd045ba in nb_cli_classic_commit (vty=0x55d9ad3f7490) at lib/northbound_cli.c:57
> #15 0x00007f650cd04749 in nb_cli_pending_commit_check (vty=0x55d9ad3f7490) at lib/northbound_cli.c:96
> #16 0x00007f650cc94340 in cmd_execute_command_real (vline=0x55d9ad3eea10, vty=0x55d9ad3f7490, cmd=0x0, up_level=0) at lib/command.c:1000
> #17 0x00007f650cc94599 in cmd_execute_command (vline=0x55d9ad3eea10, vty=0x55d9ad3f7490, cmd=0x0, vtysh=0) at lib/command.c:1080
> #18 0x00007f650cc94a0c in cmd_execute (vty=0x55d9ad3f7490, cmd=0x55d9ad401d30 "XFRR_end_configuration", matched=0x0, vtysh=0) at lib/command.c:1228
> #19 0x00007f650cd523a4 in vty_command (vty=0x55d9ad3f7490, buf=0x55d9ad401d30 "XFRR_end_configuration") at lib/vty.c:625
> #20 0x00007f650cd5413d in vty_execute (vty=0x55d9ad3f7490) at lib/vty.c:1388
> #21 0x00007f650cd56353 in vtysh_read (thread=0x7ffc56f99370) at lib/vty.c:2400
> #22 0x00007f650cd4b6fd in event_call (thread=0x7ffc56f99370) at lib/event.c:1996
> #23 0x00007f650ccd1365 in frr_run (master=0x55d9ad103cf0) at lib/libfrr.c:1231
> #24 0x000055d9ab29036e in main (argc=2, argv=0x7ffc56f99598, envp=0x7ffc56f995b0) at isisd/isis_main.c:354

Configuring the same in vtysh configure interactive mode works properly.
When using "vtysh -f", the northbound compatible configuration is
committed together whereas, in interactive mode, it committed line by
line. In the first situation, in validation state nb_running_get_entry()
fails because the area not yet in running.

Do not use nb_running_get_entry() northbound validation state.

Fixes: 893882e ("isisd: add isis flex-algo configuration backend")
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
donaldsharp pushed a commit that referenced this pull request Sep 17, 2024
Fix a crash when modifying a route-map with set as-path exclude without
as-path-access-list:

> router(config)# route-map routemaptest deny 1
> router(config-route-map)# set as-path exclude 33 34 35
> router(config-route-map)# set as-path exclude as-path-access-list test

> #0  raise (sig=<optimized out>) at ../sysdeps/unix/sysv/linux/raise.c:50
> #1  0x00007fb3959327de in core_handler (signo=11, siginfo=0x7ffd122da530, context=0x7ffd122da400) at lib/sigevent.c:258
> #2  <signal handler called>
> #3  0x000055ab2762a1bd in as_list_list_del (h=0x55ab27897680 <as_exclude_list_orphan>, item=0x55ab28204e20) at ./bgpd/bgp_aspath.h:77
> #4  0x000055ab2762d1a8 in as_exclude_remove_orphan (ase=0x55ab28204e20) at bgpd/bgp_aspath.c:1574
> #5  0x000055ab27550538 in route_aspath_exclude_free (rule=0x55ab28204e20) at bgpd/bgp_routemap.c:2366
> #6  0x00007fb39591f00c in route_map_rule_delete (list=0x55ab28203498, rule=0x55ab28204170) at lib/routemap.c:1357
> #7  0x00007fb39591f87c in route_map_add_set (index=0x55ab28203460, set_name=0x55ab276ad2aa "as-path exclude", set_arg=0x55ab281e4f70 "as-path-access-list test") at lib/routemap.c:1674
> #8  0x00007fb39591d3f3 in generic_set_add (index=0x55ab28203460, command=0x55ab276ad2aa "as-path exclude", arg=0x55ab281e4f70 "as-path-access-list test", errmsg=0x7ffd122db870 "",
>     errmsg_len=8192) at lib/routemap.c:533
> #9  0x000055ab2755e78e in lib_route_map_entry_set_action_rmap_set_action_exclude_as_path_modify (args=0x7ffd122db290) at bgpd/bgp_routemap_nb_config.c:2427
> #10 0x00007fb3958fe417 in nb_callback_modify (context=0x55ab28205aa0, nb_node=0x55ab27cb31e0, event=NB_EV_APPLY, dnode=0x55ab28202690, resource=0x55ab27c32148, errmsg=0x7ffd122db870 "",
>     errmsg_len=8192) at lib/northbound.c:1538
> #11 0x00007fb3958ff0ab in nb_callback_configuration (context=0x55ab28205aa0, event=NB_EV_APPLY, change=0x55ab27c32110, errmsg=0x7ffd122db870 "", errmsg_len=8192) at lib/northbound.c:1888
> #12 0x00007fb3958ff5e4 in nb_transaction_process (event=NB_EV_APPLY, transaction=0x55ab28205aa0, errmsg=0x7ffd122db870 "", errmsg_len=8192) at lib/northbound.c:2016
> #13 0x00007fb3958fddba in nb_candidate_commit_apply (transaction=0x55ab28205aa0, save_transaction=true, transaction_id=0x0, errmsg=0x7ffd122db870 "", errmsg_len=8192)
>     at lib/northbound.c:1356
> #14 0x00007fb3958fdef0 in nb_candidate_commit (context=..., candidate=0x55ab27c2c9a0, save_transaction=true, comment=0x0, transaction_id=0x0, errmsg=0x7ffd122db870 "", errmsg_len=8192)
>     at lib/northbound.c:1389
> #15 0x00007fb3959045ba in nb_cli_classic_commit (vty=0x55ab281f6680) at lib/northbound_cli.c:57
> #16 0x00007fb395904b5a in nb_cli_apply_changes_internal (vty=0x55ab281f6680, xpath_base=0x7ffd122dfd10 "/frr-route-map:lib/route-map[name='routemaptest']/entry[sequence='1']",
>     clear_pending=false) at lib/northbound_cli.c:184
> #17 0x00007fb395904ebf in nb_cli_apply_changes (vty=0x55ab281f6680, xpath_base_fmt=0x0) at lib/northbound_cli.c:240
> --Type <RET> for more, q to quit, c to continue without paging--
> #18 0x000055ab27557d2e in set_aspath_exclude_access_list_magic (self=0x55ab2775c300 <set_aspath_exclude_access_list_cmd>, vty=0x55ab281f6680, argc=5, argv=0x55ab28204c80,
>     as_path_filter_name=0x55ab28202040 "test") at bgpd/bgp_routemap.c:6397
> #19 0x000055ab2754bdea in set_aspath_exclude_access_list (self=0x55ab2775c300 <set_aspath_exclude_access_list_cmd>, vty=0x55ab281f6680, argc=5, argv=0x55ab28204c80)
>     at ./bgpd/bgp_routemap_clippy.c:856
> #20 0x00007fb39589435d in cmd_execute_command_real (vline=0x55ab281e61f0, vty=0x55ab281f6680, cmd=0x0, up_level=0) at lib/command.c:1003
> #21 0x00007fb3958944be in cmd_execute_command (vline=0x55ab281e61f0, vty=0x55ab281f6680, cmd=0x0, vtysh=0) at lib/command.c:1062
> #22 0x00007fb395894a0c in cmd_execute (vty=0x55ab281f6680, cmd=0x55ab28200f20 "set as-path exclude as-path-access-list test", matched=0x0, vtysh=0) at lib/command.c:1228
> #23 0x00007fb39595242c in vty_command (vty=0x55ab281f6680, buf=0x55ab28200f20 "set as-path exclude as-path-access-list test") at lib/vty.c:625
> #24 0x00007fb3959541c5 in vty_execute (vty=0x55ab281f6680) at lib/vty.c:1388
> #25 0x00007fb3959563db in vtysh_read (thread=0x7ffd122e2bb0) at lib/vty.c:2400
> #26 0x00007fb39594b785 in event_call (thread=0x7ffd122e2bb0) at lib/event.c:1996
> #27 0x00007fb3958d1365 in frr_run (master=0x55ab27b56d70) at lib/libfrr.c:1231
> #28 0x000055ab2747f1cc in main (argc=3, argv=0x7ffd122e2e08) at bgpd/bgp_main.c:555

Fixes: 094dcc3 ("bgpd: fix "bgp as-pah access-list" with "set aspath exclude" set/unset issues")
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
donaldsharp pushed a commit that referenced this pull request Sep 17, 2024
Level 2 adjacency list is not supposed to be always set.

> #0  raise (sig=<optimized out>) at ../sysdeps/unix/sysv/linux/raise.c:50
> #1  0x00007f9f0353274f in core_handler (signo=6, siginfo=0x7ffe95260770, context=0x7ffe95260640) at lib/sigevent.c:258
> #2  <signal handler called>
> #3  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
> #4  0x00007f9f0324e537 in __GI_abort () at abort.c:79
> #5  0x00007f9f035744ea in _zlog_assert_failed (xref=0x7f9f0362c6c0 <_xref.15>, extra=0x0) at lib/zlog.c:789
> #6  0x00007f9f034d25ee in listnode_head (list=0x0) at lib/linklist.c:316
> #7  0x000055cd65aaa481 in lib_interface_state_isis_adjacencies_adjacency_get_next (args=0x7ffe95261730) at isisd/isis_nb_state.c:101
> #8  0x00007f9f034feadd in nb_callback_get_next (nb_node=0x55cd673c0190, parent_list_entry=0x55cd67570d30, list_entry=0x55cd6758f8a0) at lib/northbound.c:1748
> #9  0x00007f9f0350bf07 in __walk (ys=0x55cd675782b0, is_resume=false) at lib/northbound_oper.c:1264
> #10 0x00007f9f0350deaa in nb_op_walk_start (ys=0x55cd675782b0) at lib/northbound_oper.c:1741
> #11 0x00007f9f0350e079 in nb_oper_iterate_legacy (xpath=0x55cd67595c60 "/frr-interface:lib", translator=0x0, flags=0, cb=0x0, cb_arg=0x0, tree=0x7ffe952621b0) at lib/northbound_oper.c:1803
> #12 0x00007f9f03507661 in show_yang_operational_data_magic (self=0x7f9f03634a80 <show_yang_operational_data_cmd>, vty=0x55cd675a61f0, argc=4, argv=0x55cd6758eab0,
>     xpath=0x55cd67595c60 "/frr-interface:lib", json=0x0, xml=0x0, translator_family=0x0, with_config=0x0) at lib/northbound_cli.c:1576
> #13 0x00007f9f035037f0 in show_yang_operational_data (self=0x7f9f03634a80 <show_yang_operational_data_cmd>, vty=0x55cd675a61f0, argc=4, argv=0x55cd6758eab0)
>     at ./lib/northbound_cli_clippy.c:906
> #14 0x00007f9f0349435d in cmd_execute_command_real (vline=0x55cd6758e490, vty=0x55cd675a61f0, cmd=0x0, up_level=0) at lib/command.c:1003
> #15 0x00007f9f03494477 in cmd_execute_command (vline=0x55cd67585340, vty=0x55cd675a61f0, cmd=0x0, vtysh=0) at lib/command.c:1053
> #16 0x00007f9f03494a0c in cmd_execute (vty=0x55cd675a61f0, cmd=0x55cd67579040 "do show yang operational-data /frr-interface:lib", matched=0x0, vtysh=0) at lib/command.c:1228
> #17 0x00007f9f0355239d in vty_command (vty=0x55cd675a61f0, buf=0x55cd67579040 "do show yang operational-data /frr-interface:lib") at lib/vty.c:625
> #18 0x00007f9f03554136 in vty_execute (vty=0x55cd675a61f0) at lib/vty.c:1388
> #19 0x00007f9f0355634c in vtysh_read (thread=0x7ffe952647a0) at lib/vty.c:2400
> #20 0x00007f9f0354b6f6 in event_call (thread=0x7ffe952647a0) at lib/event.c:1996
> #21 0x00007f9f034d1365 in frr_run (master=0x55cd67204da0) at lib/libfrr.c:1231
> #22 0x000055cd65a3236e in main (argc=7, argv=0x7ffe952649c8, envp=0x7ffe95264a08) at isisd/isis_main.c:354

Fixes: 2a1c520 ("isisd: split northbound callbacks into multiple files")
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
donaldsharp pushed a commit that referenced this pull request Oct 17, 2024
The following ASAN issue has been observed:

> ERROR: AddressSanitizer: heap-use-after-free on address 0x6160000acba4 at pc 0x55910c5694d0 bp 0x7ffe3a8ac850 sp 0x7ffe3a8ac840
> READ of size 4 at 0x6160000acba4 thread T0
>         #0 0x55910c5694cf in ctx_info_from_zns zebra/zebra_dplane.c:3315
>     #1 0x55910c569696 in dplane_ctx_ns_init zebra/zebra_dplane.c:3331
>     #2 0x55910c56bf61 in dplane_ctx_nexthop_init zebra/zebra_dplane.c:3680
>     #3 0x55910c5711ca in dplane_nexthop_update_internal zebra/zebra_dplane.c:4490
>     #4 0x55910c571c5c in dplane_nexthop_delete zebra/zebra_dplane.c:4717
>     #5 0x55910c61e90e in zebra_nhg_uninstall_kernel zebra/zebra_nhg.c:3413
>     #6 0x55910c615d8a in zebra_nhg_decrement_ref zebra/zebra_nhg.c:1919
>     #7 0x55910c6404db in route_entry_update_nhe zebra/zebra_rib.c:454
>     #8 0x55910c64c904 in rib_re_nhg_free zebra/zebra_rib.c:2822
>     #9 0x55910c655be2 in rib_unlink zebra/zebra_rib.c:4212
>     #10 0x55910c6430f9 in zebra_rtable_node_cleanup zebra/zebra_rib.c:968
>     #11 0x7f26f275b8a9 in route_node_free lib/table.c:75
>     #12 0x7f26f275bae4 in route_table_free lib/table.c:111
>     #13 0x7f26f275b749 in route_table_finish lib/table.c:46
>     #14 0x55910c65db17 in zebra_router_free_table zebra/zebra_router.c:191
>     #15 0x55910c65dfb5 in zebra_router_terminate zebra/zebra_router.c:244
>     #16 0x55910c4f40db in zebra_finalize zebra/main.c:249
>     #17 0x7f26f2777108 in event_call lib/event.c:2011
>     #18 0x7f26f264180e in frr_run lib/libfrr.c:1212
>     #19 0x55910c4f49cb in main zebra/main.c:531
>     #20 0x7f26f2029d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
>     #21 0x7f26f2029e3f in __libc_start_main_impl ../csu/libc-start.c:392
>     #22 0x55910c4b0114 in _start (/usr/lib/frr/zebra+0x1ae114)

It happens with FRR using the kernel. During shutdown, the
namespace identifier is attempted to be obtained by zebra, in an
attempt to prepare zebra dataplane nexthop messages.

Fix this by accessing the ns structure.

Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
donaldsharp pushed a commit that referenced this pull request Oct 30, 2024
The following ASAN issue has been observed:

> ERROR: AddressSanitizer: heap-use-after-free on address 0x6160000acba4 at pc 0x55910c5694d0 bp 0x7ffe3a8ac850 sp 0x7ffe3a8ac840
> READ of size 4 at 0x6160000acba4 thread T0
>         #0 0x55910c5694cf in ctx_info_from_zns zebra/zebra_dplane.c:3315
>     #1 0x55910c569696 in dplane_ctx_ns_init zebra/zebra_dplane.c:3331
>     #2 0x55910c56bf61 in dplane_ctx_nexthop_init zebra/zebra_dplane.c:3680
>     #3 0x55910c5711ca in dplane_nexthop_update_internal zebra/zebra_dplane.c:4490
>     #4 0x55910c571c5c in dplane_nexthop_delete zebra/zebra_dplane.c:4717
>     #5 0x55910c61e90e in zebra_nhg_uninstall_kernel zebra/zebra_nhg.c:3413
>     #6 0x55910c615d8a in zebra_nhg_decrement_ref zebra/zebra_nhg.c:1919
>     #7 0x55910c6404db in route_entry_update_nhe zebra/zebra_rib.c:454
>     #8 0x55910c64c904 in rib_re_nhg_free zebra/zebra_rib.c:2822
>     #9 0x55910c655be2 in rib_unlink zebra/zebra_rib.c:4212
>     #10 0x55910c6430f9 in zebra_rtable_node_cleanup zebra/zebra_rib.c:968
>     #11 0x7f26f275b8a9 in route_node_free lib/table.c:75
>     #12 0x7f26f275bae4 in route_table_free lib/table.c:111
>     #13 0x7f26f275b749 in route_table_finish lib/table.c:46
>     #14 0x55910c65db17 in zebra_router_free_table zebra/zebra_router.c:191
>     #15 0x55910c65dfb5 in zebra_router_terminate zebra/zebra_router.c:244
>     #16 0x55910c4f40db in zebra_finalize zebra/main.c:249
>     #17 0x7f26f2777108 in event_call lib/event.c:2011
>     #18 0x7f26f264180e in frr_run lib/libfrr.c:1212
>     #19 0x55910c4f49cb in main zebra/main.c:531
>     #20 0x7f26f2029d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
>     #21 0x7f26f2029e3f in __libc_start_main_impl ../csu/libc-start.c:392
>     #22 0x55910c4b0114 in _start (/usr/lib/frr/zebra+0x1ae114)

It happens with FRR using the kernel. During shutdown, the
namespace identifier is attempted to be obtained by zebra, in an
attempt to prepare zebra dataplane nexthop messages.

Fix this by accessing the ns structure.

Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
(cherry picked from commit 7ae70eb)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.