Releases: FRRouting/frr
Releases · FRRouting/frr
FRR release 8.4.6
Debian Packages - https://deb.frrouting.org
RPM Packages - https://rpm.frrouting.org
Snaps - https://snapcraft.io/frr
Docker - quay.io/frrouting/frr
Fixed CVE-2024-44070
More details: https://frrouting.org/security/cve-2024-44070
Bug Fixes
isisd
- Fix update link params after circuit is up
bgpd
- Fix crash at no rpki
- Fix for CVE-2024-44070
tools
- Ignore errors for frr reload stuff
FRR Release 9.1.2
Debian Packages - https://deb.frrouting.org
RPM Packages - https://rpm.frrouting.org
Snaps - https://snapcraft.io/frr
Docker - quay.io/frrouting/frr
Fixed CVE-2024-44070
More details: https://frrouting.org/security/cve-2024-44070
Bug Fixes
bgpd
- Fix crash at no rpki
- Fix, do not access peer->notify.data when it is null
- Fix for CVE-2024-44070
- Ignore RFC8212 for BGP Confederations
- Check if we have really enough data before doing memcpy for software version
- Set last reset reason to admin shutdown if it was manually
isisd
- Fix crash when reading asla
- Add missing
exitstatement - Fix update link params after circuit is up
- Fix crash when calculating the neighbor spanning tree based on the fragmented LSP
zebra
- Ensure non-equal id's are not same nhg's
pimd
- Fix msdp setting of sa->rp
- Fix crash on non-existent interface
ospfd
- Fix internal ldp-sync state flags when feature is disabled
zebra
- Fix missing static routes
- Fix to avoid two Vrfs with same table ids
- Fix evpn mh bond member proto reinstall
ldpd
- Fix wrong gtsm count
ripd
- Change the start value of sequence 1 to 0
FRR release 9.0.4
Debian Packages - https://deb.frrouting.org
RPM Packages - https://rpm.frrouting.org
Snaps - https://snapcraft.io/frr
Docker - quay.io/frrouting/frr
Fixed CVE-2024-44070
More details: https://frrouting.org/security/cve-2024-44070
Bug Fixes
bgpd
- Fix crash at no rpki
- Fix, do not access peer->notify.data when it is null
- Fix for CVE-2024-44070
- Ignore RFC8212 for BGP Confederations
- Set last reset reason to admin shutdown if it was manually
isisd
- Fix crash when reading ASLA
- Fix update link params after circuit is up
- Fix crash when calculating the neighbor spanning tree based on the fragmented LSP
ripd
- Change the start value of sequence 1 to 0
tools
- Ignore errors for frr reload stuff
ospfd
- Fix internal ldp-sync state flags when feature is disabled
pimd
- Fix crash on non-existent interface
zebra
- Fix missing static routes
- Ensure non-equal id's are not same nhg's
ldpd
- Fix wrong gtsm count
FRR release 8.5.6
Debian Packages - https://deb.frrouting.org
RPM Packages - https://rpm.frrouting.org
Snaps - https://snapcraft.io/frr
Docker - quay.io/frrouting/frr
Fixed CVE-2024-44070
More details: https://frrouting.org/security/cve-2024-44070
Bug Fixes
isisd
- Fix update link params after circuit is up
bgpd
- Fix crash at no rpki
- Fix for CVE-2024-44070
- Ignore RFC8212 for BGP Confederations
tools
- Ignore errors for frr reload stuff
FRR release 10.1.1
Debian Packages - https://deb.frrouting.org
RPM Packages - https://rpm.frrouting.org
Snaps - https://snapcraft.io/frr
Docker - quay.io/frrouting/frr
Fixed CVE-2024-44070
More details: https://frrouting.org/security/cve-2024-44070
Bug Fixes
bgpd
- Fix as-path exclude modify crash
- Fix labels static-analyser
- Fix, do not access peer->notify.data when it is null
- Fix crash at no rpki
- Fix memory type for static->prd_pretty
- Revert "topotests: add an ebgp 6vpe test"
- Revert "topotests: add bgp_nexthop_mp_ipv4_6 test"
- Revert "bgpd: optimize bgp_interface_address_del"
- Revert "bgpd: fix removing ipv6 global nexhop"
- Revert "bgpd: fix "used" json key on link-local nexthop"
- Revert "tests: ipv6 global removal in bgp_nexthop_mp_ipv4_6"
- Revert "bgpd: set ipv4-mapped ipv6 for ipv4 with ipv6 nexthop"
- Revert "bgpd: prefer link-local to a ipv4-mapped ipv6 global"
- Revert "topotests: update bgp_vrf_leaking_5549_routes"
- Revert "bgpd: optimize bgp_interface_address_add"
- Revert "bgpd: reduce bgp_interface_address_add indentation"
- Revert "bgpd: log new ipv6 global in bgp_interface_address_add"
- Revert "bgpd: fix sending ipv6 local nexthop if global present"
isisd
- Fix crash when reading asla
- Add missing
exitstatement - Fix update link params after circuit is up
- Fix crash at flex-algo without mpls-te
- Fix memory handling in isis_adj_process_threeway()
nhrpd
- Fix show nhrp shortcut json
- Fix sending /32 shortcut
pimd
- Fix crash in pimd
mgmtd
- Don't add implicit state data when reading config from file
lib
- Fix distribute-list deletion
- Fix crash on distribute-list delete
- Fix LYD_NEW_PATH_OUTPUT issue to support libyang v3.x
ripd
- Fix show run output for distribute-list
zebra
- Ensure non-equal id's are not same nhg's
- Mimic GNU basename() API for non-glibc library e.g. musl
FRR release 10.0.2
Debian Packages - https://deb.frrouting.org
RPM Packages - https://rpm.frrouting.org
Snaps - https://snapcraft.io/frr
Docker - quay.io/frrouting/frr
Fixed CVE-2024-44070
More details: https://frrouting.org/security/cve-2024-44070
Bug Fixes
bgpd
- Fix as-path exclude modify crash
- Fix, do not access peer->notify.data when it is null
- Fix crash at no rpki
- Ignore RFC8212 for BGP Confederations
- Fix for CVE-2024-44070
- Relax OAD (One-Administration-Domain) for RFC8212
- Fix "bgp as-pah access-list" with "set aspath exclude" set/unset issues
- Check if we have really enough data before doing memcpy for FQDN capability
- Check if we have really enough data before doing memcpy for software version
- Set last reset reason to admin shutdown if it was manually
- Fix do not use api.backup_nexthop in ZAPI message
isisd
- Fix crash when reading asla
- Add missing
exitstatement - Fix update link params after circuit is up
- Fix crash at flex-algo without mpls-te
- Fix memory handling in isis_adj_process_threeway()
- Fix crash when calculating the neighbor spanning tree based on the fragmented LSP
- Fix crash when obtaining the next hop to calculate LFA on LAN links
- Fix memory leaks when the transition of neighbor state from non-UP to DOWN
- Fix crash when displaying asla in json
pimd
- Fix crash in pimd
- Fix msdp setting of sa->rp
- Fix crash on non-existent interface
nhrpd
- Fix sending /32 shortcut
mgmtd
- Don't add implicit state data when reading config from file
- Fix too early daemon detach of mgmtd
ripd
- Fix show run output for distribute-list
lib
- Fix distribute-list deletion
- Fix crash on distribute-list delete
- Fix incorrect use of error checking macro
yang
- Added missed prefix to the yang file
ospfd
- Fix internal ldp-sync state flags when feature is disabled
ldpd
- Fix wrong gtsm count
ripd
- Change the start value of sequence 1 to 0
zebra
- Fix evpn mh bond member proto reinstall
- Fix to avoid two Vrfs with same table ids
- Fix missing static routes
- Ensure non-equal id's are not same nhg's
FRR Release 10.1
We are pleased to announce FRR release 10.1.
FRR 10.1 brings a long list of enhancements and fixes with 601 commits from 58 developers. Thanks to all contributors.
Debian Packages - https://deb.frrouting.org
RPM Packages - https://rpm.frrouting.org
Snaps - https://snapcraft.io/frr
Docker - quay.io/frrouting/frr:10.1.0
Release Overview
Breaking changes
Enable BGP dynamic capability by default for datacenter profile
Advertise BGP "Dynamic" capability by default if using a datacenter profile. The dynamic capability gives more flexibility in terms of changing some parameters (e.g. Graceful-Restart, Long-lived Graceful-Restart timers, Addpath, Role, etc.) without resetting the session.
More details here.
Split BGP rpki cache command into separate per SSH/TCP
The old command is broken at some level. When configuring a TCP session with the source, the command thinks it's an SSH session with a username.
Add deprecation cycle for OSPF router-info X [A.B.C.D] command
Features
BGP dampening per-neighbor support
It is now possible to configure BGP dampening parameters on a per-neighbor basis. In previous releases, BGP dampening could only be configured globally or per-SAFI.
More details here.
BMP send-experimental stats
We added an option to send experimental BMP (RFC 7854) stats [65531-65534].
RFC 7854 defines BMP statistics types:
Values 65531 through 65534 are Experimental, and value 65535 is Reserved.
More details here.
Implement extended link-bandwidth for BGP
By default bandwidth in extended communities is encoded in IEEE floating-point format, and is limited to a maximum of 25 Gbps. Since not every vendor implements this correctly (due to IEEE floating-point), another draft is implemented to encode the bandwidth into IPv6 address-specific extended community.
More details here.
Paths Limit for Multiple Paths in BGP
Implemented this draft as an extension for the Addpath capability, that tells the sender to send only an arbitrary number of paths per prefix instead of sending all of the known paths.
More details here.
New command for OSPFv2 ip ospf neighbor-filter NAME [A.B.C.D]
Configure an IP prefix list to filter packets received from OSPF neighbors on the OSPF interface.
More details here.
Implement non-broadcast support for point-to-multipoint networks
This extends non-broadcast support to point-to-multipoint networks.
The AllOSPFRouters (224.0.0.5) is still joined for non-broadcast networks since it is joined for NBMA networks.
More details here.
Other significant changes
bgpd
- Fix route leaking from the default l3vrf
- Fix
match peerwhen switching between IPv4/IPv6/interface - Fix dynamic peer graceful restart race condition
- Fix colored routes not installed after a switchover
- Fix crash when deleting the SRv6 locator
- Fix
no set as-path prepend ASNUM... - Fix negative commands for Graceful-Restart operations (avoid entering incorrect state)
- Fix ipv4-mapped ipv6 on non 6pe
- Fix show run of network route-distinguisher
- Fix display when using
missing-as-worst - Fix
show bgp neighborsoutput - Fix error handling for MP/GR capabilities as a dynamic capability
- Fix error handling when receiving BGP Prefix-SID attribute
- Fix route-target display with a dotted format
- Fix
no bgp as-path access-list - Fix
noform forneighbor X capability software-version - Check against extended community unit size for link bandwidth
- Make sure we have enough data to handle extended link bandwidth
- Check if FQDN capability length is in valid ranges
- Allow using different ASNs per VRF instances
- Send End-of-RIB not only if Graceful-Restart capability is received
- Implement backpressure to avoid CPU hog
- Ignore validating the attribute flags if path-attribute is configured
- Prevent deletion of BGP peer groups associated with
bgp listen range - Inherit some peer flags from the peer-group
- Allow specification of AS 0 for RPKI commands
- Allow using
maximum-prefixfor EVPN - Increase install/uninstall speed of EVPN VNIs
- Update default-originate route-map actual map structure
- Include
unsuppress-mapas a valid outgoing eBGP policy - Allow dynamically disable graceful-restart/long-lived graceful-restart
- Unset advertised capabilities if the capability is disabled
- Aggregated summary-only remove suppressed from EVPN
isisd
- Fix crash when deactivating ISIS adjacency on the interface
- Fix
show isis database [detail] json - Fix
show isis algorithm - Fix crash when configuring the circuit type for the interface
- Fix IP/IPv6 reachability TLVs
- When the metric-type is configured as "wide", the IS-IS generates incorrect metric values for IPv4 directly connected routes
- Add link state support for SRv6 adjacencies
- The hold time of hello packets on a P2P link does not match the sending interval
mgmtd
- Implement YANG RPC/action support
ospfd
- Fix crash in OSPF TE parsing
- Fix the bug where ip_ospf_dead-interval_minimal_hello-multiplier did not reset the hello timer
- Fix
no write-multipliercommand - Fix
no maximum-pathscommand - Solved crash in RI parsing with OSPF TE
- Assure OSPF AS External routes are installed after the link flap
- Send LS Updates in response to LS Request as unicast
ospf6d
- Handle topo change in Graceful-Restart Helper mode for max-age LSAs
- Prevent heap-buffer-overflow with an unknown type
- Redistribute metric for AS-external route
- Fix next-hop computation for inter-area multi-ABR ECMP
- Fix interface type vs. connected routes updates
pathd
- Retry synchronous label-manager ZAPI connection
pimd
- Fix null register before aging out reg-stop
- Fix dr-priority range
- Fix crash unconfiguring rp keepalive timer
lib
- Fix keychain NB crash
- Do not convert EVPN prefixes into IPv4/IPv6 if not needed
ripd
- Fix
clear ip ripcommand
ripngd
- Fix
clear ipv6 ripngcommand
tools
- Handle seq num for BGP as-path in frr-reload.py
vtysh
- Fix 'show ip[v6] prefix-list ... json' formatting by moving it to vtysh
- Fix
show route-mapcommand when calling viado - Show
ip ospf network ...even if it's not the same as the interface type
zebra
- Fix
mpls label bindcommand - Fix excessive
exitcommands - Fix static SRv6 segment-list SID order
- Fix JSON output for
show route summary json - Fix malformed json output for multiple vrfs in command
show ip route vrf all json - Fix crash if MAC-VLAN link in another netns
- Fix crash on MAC-VLAN link down/up
- Deny the routes if ip protocol CLI refers to an undefined route-map
- Bridge flap handle VLAN membership update
- Add
show fpm status [json]command
Full Changelog: frr-10.0...frr-10.1
FRR Release 9.1.1
Fixed CVEs
Bug Fixes
bgpd
"default-originate" shouldn't withdraw non-default routes
Aggr summary-only suppressed export to evpn
Allow using optional table id for negative `no set table x` command
Arrange peer notification to after zebra announce
Check bgp evpn instance presence in soo
Convert the bgp_advertise_attr->adv to a fifo
Do not show tcp mss if the socket is broken
Ensure bgp does not stop monitoring nexthops
Ensure community data is freed in some cases.
Ensure that the correct aspath is free'd
Fix `match peer` when switching between ipv4/ipv6/interface
Fix `no set as-path prepend asnum...`
Fix bgp_best_selection heap-use-after-free
Fix crash when deleting the srv6 locator
Fix display when using `missing-as-worst`
Fix dynamic peer graceful restart race condition
Fix ecommunity_fill_pbr_action heap-buffer-overflow
Fix error handling when receiving bgp prefix sid attribute
Fix errors handling for mp/gr capabilities as dynamic capability
Fix format overflow for graceful-restart debug logs
Fix logging message when receiving a software version capability
Fix no bgp as-path access-list issue
Fix route-map match probability deconfiguration callback
Fix srv6 memory leak detection
Fix the order of null check and zapi decode
Fix vrf leaking with 'no bgp network import-check
Free memory for srv6 functions and locator chunks
Ignore validating the attribute flags if path-attribute is configured
Include unsuppress-map as a valid outgoing policy
Lttng tp add evpn route events
Make `suppress-fib-pending` clear peering
Note when receiving but not understanding a route notification
Prevent from one more cve triggering this place
Set correct ttl for the dynamic neighbor peers
Update default-originate route-map actual map structure
Revert "Fix pointer arithmetic in bgp snmp module"
doc
Add param range for graceful-restart helper supported-grace-time
Remove duplicated show route-map
isisd
Fix _isis_spftree_del heap-use-after-free
Fix dislaying lsp id
Fix heap-after-free with prefix sid
Fix ip/ipv6 reachability tlvs
lib
Check for not being a blackhole route
Fix show route map json output
Do not convert evpn prefixes into ipv4/ipv6 if not needed
Replace deprecated ares_gethostbyname
Replace deprecated ares_process()
nhrpd
Fix race condition
Fix core dump on shutdown
ospf6d
Ospfv3 route change comparision fixed for asbr-only change
Prevent heap-buffer-overflow with unknown type
ospfd
Add support for "no router-info [<area|as>] command"
Can not delete "segment-routing node-msd" when sr if off
Correct lsa parser which fulfill the ted
Correct opaque lsa extended parser
Correct sid check size
Fix ospf dead-interval minimal hello-multiplier param range
Fix the bug where ip_ospf_dead-interval_minimal_hello-multiplier did not reset hello timer
Protect call to get_edge() in ospf_te.c
Solved crash in ospf te parsing
Solved crash in ri parsing with ospf te
Revert "Fix some dicey pointer arith in snmp module"
pbrd
Fix map seq installed flag in json
Fix pbr handling for last rule deletion
pimd
Fix crash unconfiguring rp keepalive timer
Fix crash when configuring ssmpingd
Fix dr-priority range
Fix null register before aging out reg-stop
Fix order of operations for evaluating join
Re-evaluated s,g oils upon rp changes and for empty sg upstream oils
Fix crash when mixing ssm/any-source joins
staticd
Fix changing to source auto in bfd monitor
tests
Check for 0.0.0.0/1 in bgp_default_route
Check if ibgp session can drop invalid aigp attribute
Extend tests for aspath exclude
Update ospf te topotests
tools
Apply black formatting for tools/frr-reload.py
Fix frr-reload interface desc cmd
Fix frr-reload multiple no description cmds
Fix frr-reload multiple no description cmds
Use error log level when failing to execute commands via frr-reload.py
topotests
Do not check table version
Redispatch tests in bfd_topo3
Test wrong bfd source in bfd_topo3
Vpnv4 route leaking with no import-check
vtysh
Show `ip ospf network ...` even if it's not the same as the interface type
zebra
Add missing whitespace when printing route entry status
Deny the routes if ip protocol cli refers to an undefined rmap
Don't deref vxlan-vni array
Fix crash if macvlan link in another netns
Fix crash on macvlan link down/up
Fix evpn svd based remote nh neigh del
Fix mpls command
Fix route deletion during zebra shutdown
The dplane_fpm_nl return path leaks memory
Full Changelog: frr-9.1...frr-9.1.1
FRR Release 9.0.3
Fixed CVEs
Bug Fixes
bgpd
"default-originate" shouldn't withdraw non-default routes
Arrange peer notification to after zebra announce
Convert the bgp_advertise_attr->adv to a fifo
Ensure community data is freed in some cases.
Ensure that the correct aspath is free'd
Fix `match peer` when switching between ipv4/ipv6/interface
Fix display when using `missing-as-worst`
Fix error handling when receiving bgp prefix sid attribute
Fix format overflow for graceful-restart debug logs
Fix route-map match probability deconfiguration callback
Fix srv6 memory leak detection
Include unsuppress-map as a valid outgoing policy
Note when receiving but not understanding a route notification
Prevent from one more cve triggering this place
Set correct ttl for the dynamic neighbor peers
Update default-originate route-map actual map structure
doc
Add param range for graceful-restart helper supported-grace-time
isisd
Fix dislaying lsp id
Fix heap-after-free with prefix sid
Fix ip/ipv6 reachability tlvs
lib
Check for not being a blackhole route
Do not convert evpn prefixes into ipv4/ipv6 if not needed
Replace deprecated ares_gethostbyname
Replace deprecated ares_process()
nhrpd
Fix nhrp_peer leak
Fix race condition
ospf6d
Ospfv3 route change comparision fixed for asbr-only change
Prevent heap-buffer-overflow with unknown type
ospfd
Add support for "no router-info [<area|as>] command"
Can not delete "segment-routing node-msd" when sr if off
Correct lsa parser which fulfill the ted
Correct opaque lsa extended parser
Correct sid check size
Fix ospf dead-interval minimal hello-multiplier param range
Fix the bug where ip_ospf_dead-interval_minimal_hello-multiplier did not reset hello timer
Protect call to get_edge() in ospf_te.c
Solved crash in ospf te parsing
Solved crash in ri parsing with ospf te
pbrd
Fix map seq installed flag in json
Fix pbr handling for last rule deletion
pimd
Fix crash unconfiguring rp keepalive timer
Fix crash when configuring ssmpingd
Fix dr-priority range
Fix null register before aging out reg-stop
Fix order of operations for evaluating join
Re-evaluated s,g oils upon rp changes and for empty sg upstream oils
Fix crash when mixing ssm/any-source joins
staticd
Fix changing to source auto in bfd monitor
tests
Check for 0.0.0.0/1 in bgp_default_route
Update ospf te topotests
tools
Always append "exit" in frr-reload.py
Apply black formatting for tools/frr-reload.py
Fix frr-reload multiple no description cmds
Fix key chain reload removal
Fix ospf area stub summary in frr-reload
Fix pim interface config deletion
Use error log level when failing to execute commands via frr-reload.py
topotests
Redispatch tests in bfd_topo3
Test wrong bfd source in bfd_topo3
vtysh
Show `ip ospf network ...` even if it's not the same as the interface type
zebra
Add missing whitespace when printing route entry status
Deny the routes if ip protocol cli refers to an undefined rmap
Fix crash if macvlan link in another netns
Fix crash on macvlan link down/up
Fix nhg out of sync between zebra and kernel
The dplane_fpm_nl return path leaks memory
Full Changelog: frr-9.0.2...frr-9.0.3
FRR Release 8.5.5
Fixed CVEs
Bug Fixes
bgpd
"default-originate" shouldn't withdraw non-default routes
Ensure community data is freed in some cases.
Ensure that the correct aspath is free'd
Fix error handling when receiving bgp prefix sid attribute
Fix format overflow for graceful-restart debug logs
Fix null argument warning
Include unsuppress-map as a valid outgoing policy
Make `suppress-fib-pending` clear peering
Prevent from one more cve triggering this place
doc
Add param range for graceful-restart helper supported-grace-time
isisd
Fix heap-after-free with prefix sid
Need to link directly against libyang
lib
Check for not being a blackhole route
Do not convert evpn prefixes into ipv4/ipv6 if not needed
nhrpd
Fix nhrp_peer leak
Fix race condition
Fix core dump on shutdown
ospf6d
Ospfv3 route change comparision fixed for asbr-only change
ospfd
Correct opaque lsa extended parser
Fix ospf dead-interval minimal hello-multiplier param range
Fix the bug where ip_ospf_dead-interval_minimal_hello-multiplier did not reset hello timer
Protect call to get_edge() in ospf_te.c
Solved crash in ri parsing with ospf te
pbrd
Fix pbr handling for last rule deletion
pimd
Fix crash unconfiguring rp keepalive timer
Fix crash when configuring ssmpingd
Fix dr-priority range
Fix null register before aging out reg-stop
Fix order of operations for evaluating join
Re-evaluated s,g oils upon rp changes and for empty sg upstream oils
tests
Check for 0.0.0.0/1 in bgp_default_route
vtysh
Show `ip ospf network ...` even if it's not the same as the interface type
zebra
Deny the routes if ip protocol cli refers to an undefined rmap
Fix crash if macvlan link in another netns
Fix nhg out of sync between zebra and kernel
Re-install dependent nhgs on interface up
Re-install nhg on interface up
The dplane_fpm_nl return path leaks memory
Full Changelog: frr-8.5.4...frr-8.5.5