[pve-devel] [PATCH frr] Fix #4810: bump to 8.5.2-1+pve1

[pve-devel] [PATCH frr] Fix #4810: bump to 8.5.2-1+pve1

[Alexandre Derumier]

frr 8.5.1 a critical bug evpn bug with Type-3 EVPN route

This is fixed with
https://github.com/FRRouting/frr/pull/14094

Not yet applied in 8.5.2, but already in stable/8.5 branch.

This patch serie update frr to stable/8.5 on commit 3d1b6c0e604ef96ee9a4601b31b6561258fd80f0
(Please update frr mirror to this commit)

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
---
 debian/changelog                              |  6 ++
 .../0001-zebra-fix-evpn-dup-detected.patch    | 46 ------------
 .../0002-zebra-evpn-handle-del-event.patch    | 71 -------------------
 debian/patches/series                         |  2 -
 4 files changed, 6 insertions(+), 119 deletions(-)
 delete mode 100644 debian/patches/frr/0001-zebra-fix-evpn-dup-detected.patch
 delete mode 100644 debian/patches/frr/0002-zebra-evpn-handle-del-event.patch

diff --git a/debian/changelog b/debian/changelog
index e2b2f80..ac3edd5 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+frr (8.5.2-1+pve1) bookworm; urgency=medium
+
+  * update upstream sources to stable/8.5 commit 3d1b6c0e604ef96ee9a4601b31b6561258fd80f0
+
+ -- Proxmox Support Team <support@proxmox.com>  Fri, 18 Aug 2023 15:01:42 +0200
+
 frr (8.5.1-1+pve1) bookworm; urgency=medium
 
   * update upstream sources to 8.5.1
diff --git a/debian/patches/frr/0001-zebra-fix-evpn-dup-detected.patch b/debian/patches/frr/0001-zebra-fix-evpn-dup-detected.patch
deleted file mode 100644
index a41379d..0000000
--- a/debian/patches/frr/0001-zebra-fix-evpn-dup-detected.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From bd65a991901f43e14b557fd5057130b4bee81df2 Mon Sep 17 00:00:00 2001
-From: Chirag Shah <chirag@nvidia.com>
-Date: Sat, 22 Oct 2022 16:00:14 -0700
-Subject: [PATCH] zebra:fix evpn dup detected local mac del event
-
-The current local mac delete event send to flag with force
-always which breaks the duplicate detected MACs where
-it requires to be resynced from bgpd to earlier state.
-
-Ticket:#3233019
-Issue:3233019
-
-Signed-off-by: Chirag Shah <chirag@nvidia.com>
-(cherry picked from commit 89844a967858d34de99bad8dcb410b4ab4e1dece)
----
- zebra/zebra_evpn_mac.c | 7 +++----
- 1 file changed, 3 insertions(+), 4 deletions(-)
-
-diff --git a/zebra/zebra_evpn_mac.c b/zebra/zebra_evpn_mac.c
-index cebdb978add..25bdc9a877c 100644
---- a/zebra/zebra_evpn_mac.c
-+++ b/zebra/zebra_evpn_mac.c
-@@ -1044,12 +1044,11 @@ int zebra_evpn_macip_send_msg_to_client(vni_t vni,
- 		char flag_buf[MACIP_BUF_SIZE];
- 
- 		zlog_debug(
--			"Send MACIP %s f %s MAC %pEA IP %pIA seq %u L2-VNI %u ESI %s to %s",
-+			"Send MACIP %s f %s state %u MAC %pEA IP %pIA seq %u L2-VNI %u ESI %s to %s",
- 			(cmd == ZEBRA_MACIP_ADD) ? "Add" : "Del",
- 			zclient_evpn_dump_macip_flags(flags, flag_buf,
- 						      sizeof(flag_buf)),
--			macaddr, ip, seq, vni,
--			es ? es->esi_str : "-",
-+			state, macaddr, ip, seq, vni, es ? es->esi_str : "-",
- 			zebra_route_string(client->proto));
- 	}
- 
-@@ -2451,7 +2450,7 @@ int zebra_evpn_del_local_mac(struct zebra_evpn *zevpn, struct zebra_mac *mac,
- 
- 	/* Remove MAC from BGP. */
- 	zebra_evpn_mac_send_del_to_client(zevpn->vni, &mac->macaddr, mac->flags,
--					  false /* force */);
-+					  clear_static /* force */);
- 
- 	zebra_evpn_es_mac_deref_entry(mac);
- 
diff --git a/debian/patches/frr/0002-zebra-evpn-handle-del-event.patch b/debian/patches/frr/0002-zebra-evpn-handle-del-event.patch
deleted file mode 100644
index a0cf1f1..0000000
--- a/debian/patches/frr/0002-zebra-evpn-handle-del-event.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-From b6e64012549d7e2a5cf1f8ad67544c75998aa5fb Mon Sep 17 00:00:00 2001
-From: Chirag Shah <chirag@nvidia.com>
-Date: Tue, 30 Nov 2021 20:42:01 -0800
-Subject: [PATCH] zebra: evpn handle del event for dup detected mac
-
-Upon receiving local mobility event for MAC + NEIGH,
-both are detected as duplicate upon hitting DAD threshold.
-
-Duplicated detected ( freezed) MAC + NEIGH are not known
-to bgpd.
-
-If locally learnt MAC + NEIGH are deleted in kernel,
-the MAC is marked as AUTO after sending delete event
-to bgpd.
-
-Bgpd only reinstalls best route for MAC_IP route (NEIGH)
-but not for MAC event.
-This puts a situation where MAC is AUTO state and
-associated neigh as remote.
-
-Fix:
-DUPLICATE + LOCAL MAC deletion, set MAC delete request
-as reinstall from bgpd.
-
-Ticket:#2873307
-Reviewed By:
-Testing Done:
-
-Freeze MAC + two NEIGHs in local mobility event.
-Delete MAC and NEIGH from kerenl.
-bgp rsync remote mac route which puts MAC to remote state.
-
-Signed-off-by: Chirag Shah <chirag@nvidia.com>
-(cherry picked from commit ad7685de2871996469d370192af7afafc234a3ca)
----
- zebra/zebra_evpn_mac.c | 14 ++++++++++++--
- 1 file changed, 12 insertions(+), 2 deletions(-)
-
-diff --git a/zebra/zebra_evpn_mac.c b/zebra/zebra_evpn_mac.c
-index a2fe9fd00ba..cebdb978add 100644
---- a/zebra/zebra_evpn_mac.c
-+++ b/zebra/zebra_evpn_mac.c
-@@ -1347,16 +1347,26 @@ int zebra_evpn_mac_send_add_to_client(vni_t vni, const struct ethaddr *macaddr,
- int zebra_evpn_mac_send_del_to_client(vni_t vni, const struct ethaddr *macaddr,
- 				      uint32_t flags, bool force)
- {
-+	int state = ZEBRA_NEIGH_ACTIVE;
-+
- 	if (!force) {
- 		if (CHECK_FLAG(flags, ZEBRA_MAC_LOCAL_INACTIVE)
- 		    && !CHECK_FLAG(flags, ZEBRA_MAC_ES_PEER_ACTIVE))
- 			/* the host was not advertised - nothing  to delete */
- 			return 0;
-+
-+		/* MAC is LOCAL and DUP_DETECTED, this local mobility event
-+		 * is not known to bgpd. Upon receiving local delete
-+		 * ask bgp to reinstall the best route (remote entry).
-+		 */
-+		if (CHECK_FLAG(flags, ZEBRA_MAC_LOCAL) &&
-+		    CHECK_FLAG(flags, ZEBRA_MAC_DUPLICATE))
-+			state = ZEBRA_NEIGH_INACTIVE;
- 	}
- 
- 	return zebra_evpn_macip_send_msg_to_client(
--		vni, macaddr, NULL, 0 /* flags */, 0 /* seq */,
--		ZEBRA_NEIGH_ACTIVE, NULL, ZEBRA_MACIP_DEL);
-+		vni, macaddr, NULL, 0 /* flags */, 0 /* seq */, state, NULL,
-+		ZEBRA_MACIP_DEL);
- }
- 
- /*
diff --git a/debian/patches/series b/debian/patches/series
index 4f01bee..50b22cc 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,4 +1,2 @@
-frr/0001-zebra-fix-evpn-dup-detected.patch
-frr/0002-zebra-evpn-handle-del-event.patch
 pve/0001-enable-bgp-daemon.patch
 pve/0002-bgpd-add-an-option-for-RT-auto-derivation-to-force-A.patch
-- 
2.39.2

[pve-devel] applied: [PATCH frr] Fix #4810: bump to 8.5.2-1+pve1

[Thomas Lamprecht]

Am 23/08/2023 um 16:26 schrieb Alexandre Derumier:
> frr 8.5.1 a critical bug evpn bug with Type-3 EVPN route
> 
> This is fixed with
> https://github.com/FRRouting/frr/pull/14094
> 
> Not yet applied in 8.5.2, but already in stable/8.5 branch.
> 
> This patch serie update frr to stable/8.5 on commit 3d1b6c0e604ef96ee9a4601b31b6561258fd80f0
> (Please update frr mirror to this commit)

FYI, you can update the submodule to that commit and then add that as change
in git, then the change from old to new commit ID will be sent along with the
patch and one avoids 

> 
> Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
> ---
>  debian/changelog                              |  6 ++
>  .../0001-zebra-fix-evpn-dup-detected.patch    | 46 ------------
>  .../0002-zebra-evpn-handle-del-event.patch    | 71 -------------------
>  debian/patches/series                         |  2 -
>  4 files changed, 6 insertions(+), 119 deletions(-)
>  delete mode 100644 debian/patches/frr/0001-zebra-fix-evpn-dup-detected.patch
>  delete mode 100644 debian/patches/frr/0002-zebra-evpn-handle-del-event.patch
> 
>

applied, and bumped to current stable/8.5, which now also contain a fix for:
https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling

thanks!

Re: [pve-devel] applied: [PATCH frr] Fix #4810: bump to 8.5.2-1+pve1

[DERUMIER, Alexandre]

Le mercredi 30 août 2023 à 17:11 +0200, Thomas Lamprecht a écrit :
> Am 23/08/2023 um 16:26 schrieb Alexandre Derumier:
> > frr 8.5.1 a critical bug evpn bug with Type-3 EVPN route
> > 
> > This is fixed with
> > https://antiphishing.cetsi.fr/proxy/v3?i=MUo0RzFIRTVvbFhYVGloQoloZQj6tvqyhpERsn5z8Z4&r=cFdGNHFjVENnWDEzUVliSYiK92A-8tPjy0OkrQBFKsNtwFQPVFVwvPagaFXOdIvK&f=ODlJNFRJTjZBcWFlaWxQaCTade1Nnf6nO8JW1-RCSXUqxmaT0PUjqf9yr24SsS7u&u=https%3A//github.com/FRRouting/frr/pull/14094&k=b1p5
> > 
> > Not yet applied in 8.5.2, but already in stable/8.5 branch.
> > 
> > This patch serie update frr to stable/8.5 on commit
> > 3d1b6c0e604ef96ee9a4601b31b6561258fd80f0
> > (Please update frr mirror to this commit)
> 
> FYI, you can update the submodule to that commit and then add that as
> change
> in git, then the change from old to new commit ID will be sent along
> with the
> patch and one avoids 

ah ok,no problem, will do next time !


> 
> > 
> > Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
> > ---
> >  debian/changelog                              |  6 ++
> >  .../0001-zebra-fix-evpn-dup-detected.patch    | 46 ------------
> >  .../0002-zebra-evpn-handle-del-event.patch    | 71 ---------------
> > ----
> >  debian/patches/series                         |  2 -
> >  4 files changed, 6 insertions(+), 119 deletions(-)
> >  delete mode 100644 debian/patches/frr/0001-zebra-fix-evpn-dup-
> > detected.patch
> >  delete mode 100644 debian/patches/frr/0002-zebra-evpn-handle-del-
> > event.patch
> > 
> > 
> 
> applied, and bumped to current stable/8.5, which now also contain a
> fix for:
> https://antiphishing.cetsi.fr/proxy/v3?i=MUo0RzFIRTVvbFhYVGloQoloZQj6tvqyhpERsn5z8Z4&r=cFdGNHFjVENnWDEzUVliSYiK92A-8tPjy0OkrQBFKsNtwFQPVFVwvPagaFXOdIvK&f=ODlJNFRJTjZBcWFlaWxQaCTade1Nnf6nO8JW1-RCSXUqxmaT0PUjqf9yr24SsS7u&u=https%3A//blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling&k=b1p5
> 
> thanks!

Thanks to you !