FRR Release 9.0.1

We are pleased to announce FRR release 9.0.1

Debian Packages - https://deb.frrouting.org

RPM Packages - https://rpm.frrouting.org

Snaps - https://snapcraft.io/frr

Docker - quay.io/frrouting/frr:9.0.1

Bug Fixes

bgpd

• Add peers back to peer hash when peer_xfer_conn fails
• Check the length of the rcv software version
• Do not explicitly print maxttl value for ebgp-multihop vty output
• Do not process nlris if the attribute length is zero
• Don't read the first byte of orf header if we are ahead of stream
• Evpn code was not properly unlocking rd_dest
• Fix show bgp all rpki notfound
• Make sure we have enough data to read two bytes when validating aigp
• Use treat-as-withdraw for tunnel encapsulation attribute

zebra

• Fix evpn nexthop config order

lib

• Allow unsetting walltime-warning and cpu-warning

ospfd

• Prevent use after free( and crash of ospf ) when no router ospf

pimd

• Prevent crash when receiving register message when the rp() is unknown
• When receiving a packet be more careful with length in pim_pim_packet

vtysh

• Print uniq lines when parsing no service ...

FRR release 8.5.3

We are pleased to announce FRR release 8.5.3

Debian Packages - https://deb.frrouting.org

RPM Packages - https://rpm.frrouting.org

Snaps - https://snapcraft.io/frr

Docker - quay.io/frrouting/frr:8.5.3

Bug Fixes

bgpd

• Add peers back to peer hash when peer_xfer_conn fails
• Do not explicitly print maxttl value for ebgp-multihop vty output
• Do not process nlris if the attribute length is zero
• Do not try to redistribute routes if we are shutting down
• Don't read the first byte of orf header if we are ahead of stream
• Evpn code was not properly unlocking rd_dest
• Fix show bgp all rpki notfound
• Fix session reset issue caused by malformed core attributes
• Free bgp vpn policy
• Free previously dup'ed aspath attribute for aggregate routes
• Free temporary memory after using argv_concat()
• Intern attributes before putting into rib-out
• Make sure we have enough data to read two bytes when validating aigp
• Prevent use after free
• Rfapi memleak fixes, clean ce tables at exit
• Unlock dest if we return earlier for aggregate install
• Use treat-as-withdraw for tunnel encapsulation attribute

zebra

• Fix evpn nexthop config order
• Abstract dplane_ctx_route_init to init route without copying
• Fix crash when dplane_fpm_nl fails to process received routes
• Further handle route replace semantics
• Fix command ipv6 nht xxx

lib

• Allow unsetting walltime-warning and cpu-warning
• Skip route-map optimization if !af_inet(6)
• Use max_bitlen instead of magic number

ospf6d

• Fix crash because neighbor structure was freed
• Stop crash in ospf6_write

ospfd

• Check for nulls in vty code
• Prevent use after free( and crash of ospf ) when no router ospf

pbrd

• Fix crash with match command

pimd

• Prevent crash when receiving register message when the rp() is unknown
• When receiving a packet be more careful with length in pim_pim_packet

ripd, ripngd

• Revert "Cleanup memory allocations on shutdown"

tools

• Add what frr thinks as the fib routes for support_bundle

vtysh

• Print uniq lines when parsing no service ...

FRR 9.0 Release

We are pleased to announce FRR release 9.0.

FRR 9.0 brings a long list of enhancements and fixes with 942 commits from 70 developers. Thanks to all contributors.

Debian Packages - https://deb.frrouting.org

RPM Packages - https://rpm.frrouting.org

Snaps - https://snapcraft.io/frr

Docker - quay.io/frrouting/frr:9.0.0

Release Overview

Centralized Management Daemon

A new daemon called mgmtd has been added paving the way for a new northbound yang-based management interface. staticd has been converted to use mgmtd with more daemons to follow future releases. If you use custom configuration paths you may need to adapt these to use mgmtd. See the documentation for more info.

Switched to libyang minimum version 2.1.80!

The required minimum version for libyang is raised to 2.1.80. RPM/DEB packages are published on our repositories. Docker images are built using 2.1.80 also.

Memory footprint for BGP reduced drastically!

In FRR 8.4 release, we shipped Extended Message Support for BGP, which increased the memory usage significantly. In FRR 9.0 release, the memory footprint is back to normal again. We removed the unused structure fields that consumed a huge amount of memory unnecessarily.

Other significant changes

• Introduce mgmtd daemon link
• Add BGP neighbor path-attribute treat-as-withdraw command link
• Add BGP ASN dot notation support (RFC 5396) link
• Add BGP Software Version capability (draft-abraitis-bgp-version-capability) link
• Allow BGP peering via 127.0.0.0/8 link
• Deprecate BGP internet community - this is the Cisco-specific community, which is never been RFC-defined and confusing
• Implement match source-protocol for BGP route maps link
• Implement BGP Node Target extended communities (draft-ietf-idr-node-target-ext-comm) link
• Implement Flex-Algo for SR-MPLS (RFC 9350) link
• Add support for IS-IS advertise-passive-only link
• Add IS-IS affinity-map support link
• Add the graceful-restart hello-delay OSPFv2/OSPFv3 command link, link
• Add the ipv6 mld join PIMv6 command link
• Add allow-ecmp x RIP/RIPng command link, link
• Add BFD support for RIP

Memory leak fixes for BGP and other protocols.

New CLI debug and show commands were added and/or fixed.

Dropping package builds for EOL Debian 9 and Ubuntu 18.04.

A full log of changes can be found by browsing the commit history of the FRR 9.0 tag here

FRR 8.5.2 Release

We are pleased to announce FRR release 8.5.2

Debian Packages - https://deb.frrouting.org

RPM Packages - https://rpm.frrouting.org

Snaps - https://snapcraft.io/frr

Docker - quay.io/frrouting/frr:8.5.2

Attention

With the 8.5.0 release, the new BGP attribute AIGP (Accumulated IGP Metric Attribute) was introduced. This new attribute was mistakenly set as Transitive. This was fixed (53afb27) with the 8.5.2 release, but it's not backward-compatible between 8.5.x versions. We suggest using only the latest version of the 8.5 release.

If you see such errors/notifications, upgrade to the latest 8.5.x versions, and avoid using 8.5.0, and 8.5.1.

AIGP attribute must be flagged as "Transitive"

%NOTIFICATION: received from neighbor X.Y.Z.W 3/4 (UPDATE Message Error/Attribute 
Flags Error) 14 bytes 80 1a 0b 01 00 0b 00 00 00 00 00 00 00 01

(This affects only iBGP sessions).

Bug Fixes

bfdd

• Fix malformed session with vrf
• Remove redundant nb destroy callbacks

bgpd

• Ensure stream received has enough data
• Fix bgpd core when unintern attr
• Fix the json output of show bgp all json to be in a valid format
• Make sure aigp attribute is non-transitive
• Using no pretty json output for l2vpn-evpn routes

lib

• Fix memory leak in in link state
• Fix vtysh core when handling questionmark
• Link state memory corruption

ospfd

• Fix interface param type update
• Fix memory leaks w/ show ip ospf int x json commands
• Ospf opaque lsa stale processing fix and topotests.
• Respect loopback's cost that is set and set loopback costs to 0

pim6d

• Fix crash in ipv6 pim command

pimd

• Pim not sending register packets after changing from non dr to dr

tools

• Fix list value remove in frr-reload

vtysh

• Give actual pam error messages

zebra

• Evpn handle del event for dup detected mac
• Fix dp_out_queued counter to actually reflect real life
• Fix evpn dup detected local mac del event
• Reduce creation and fix memory leak of frrscripting pointers
• Unlock the route node when sending route notifications

FRR 8.5.1 Release

We are pleased to announce FRR release 8.5.1

Debian Packages - https://deb.frrouting.org

RPM Packages - https://rpm.frrouting.org

Snaps - https://snapcraft.io/frr

Docker - quay.io/frrouting/frr:8.5.1

Bug Fixes

bgpd

• Fix crash due to community aliases size
• Aggregate-address memory leak fix
• Bmp fix peer-up ports byte order
• Check 7 bytes for long-lived graceful-restart capability
• Copy the password from the previous peer on peer_xfer_config()
• Do not allow a no router bgp xxx when autoimport is happening
• Do not allow l3vni changes when shutting down
• Do not announce routes immediatelly on filter updates
• Do not call bgp_soft_reconfig_in() twice in a row on policy change
• Evpn-mh esi not active suppress ead-es route
• Fix crash for show bgp ... neighbor received-routes detail|prefix
• Fix debug output for route-map names when using a unsuppress-map
• Fix ecommunity parsing for as4
• Fix for ain->attr corruption during path update
• Increase buffer size used for dumping bgp to mrt files
• Limit flowspec to no attribute means a implicit withdrawal
• Prevent null pointer deref when outputting data

lib

• Adjust only any flag for prefix-list entries if destroying
• Destroy any flag when creating a prefix-list entry with prefix
• Fix clear route-map cmd using defpy
• Fix link state memory leak
• Include clippy generated commands for routemap.c
• On bfd peer shutdown actually stop event

ospfd

• Cleanup some memory leaks on shutdown in ospf_apiserver.c
• Fix for vitual-link crash in signal handler
• Fix ospf_lsa memory leak
• Fix ospf_ti_lfa drop of an entire table
• Fixing summary origination after range configuration
• Free up q_space in early return path
• Log adjacency changes with neighbor ip in addition to neighbor id

pbrd

• Fix mismatching in match src-dst

pim6d

• Fixing mroutes not created after disabling and enabling pimv6.

pimd

• Fix use after free issue for ifp's moving vrfs
• In_multicast needs host order
• Process no-forward bsm packet

ripd

• Fix malformed route-map
• Fix memory leak for ripd's route-map

staticd

• Tell bfd that we are shutting down

tools

• Fix missing remote-as configuration when reload
• Frr-reload fix list value not present
• Make check flag really work for reload
• Set correct directory of vtysh for frr-reload.py

zebra

• Add link_nsid to zebra interface
• Cleanup ctx leak on shutdown and turn off event
• Evpn mh sync mac install as inactive
• Fix for heap-use-after-free in evpn
• Fix race during shutdown
• Install directly connected route after interface flap

FRR 8.5 Release

We are pleased to announce FRR release 8.5.

FRR 8.5 brings a long list of enhancements and fixes with 947+ commits from 68 developers. Thanks to all contributors.

Debian Packages - https://deb.frrouting.org

RPM Packages - https://rpm.frrouting.org

Snaps - https://snapcraft.io/frr

Docker - quay.io/frrouting/frr:8.5.0

Release Overview

This release includes several new features, improvements, and bug fixes for various protocols and daemons. Some notable changes include:

• Set the BGP Input/Output Queue limit for all peers when messaging parsing. Increase this only if you have the memory to handle large queues of messages at once. link1 link2
• Add support for per-VRF SRv6 SID. link
• Add BGP labeled-unicast Add-Path functionality
• Implementation of SNMP BGP4v2-MIB. link for better network management and monitoring
• Add BGP new command neighbor path-attribute discard. link
• Implement L3 route-target auto/wildcard configuration. link
• Implement BGP ACCEPT_OWN Community Attribute / rfc7611. link
• Implement The Accumulated IGP Metric Attribute for BGP / rfc7311. link
• Implement graceful-shutdown command per neighbor. link
• Add BGP new command to configure TCP keepalives for a peer bgp tcp-keepalive. link
• Traffic control (TC) ZAPI implementation
• SRv6 uSID (microSID) implementation. link
• Start deprecating start-shell ..., ssh ..., telnet ... commands due to security reasons
• Add VRRPv3 an ability to disable IPv4 pseudo-header checksum. link
• BFD integration for static routes. link
• Allow protocols to configure BFD sessions with automatic source selection
• Allow zero-length opaque LSAs for OSPF (rfc5250)
• Add ISIS new command set-overload-bit on-startup. link
• PIMv6 BSM support. link
• A lots of bugs, especially for PIM/PIMv6/BGP
• Many commands got VRF and/or JSON/detail output options support
• Several fixes for memory leaks and race conditions
• Improved the consistency of output for several commands

A full log of changes can be found by browsing the commit history of FRR 8.5 tag here

FRR 8.4.2 Release

We are pleased to announce FRR 8.4.2.

Debian Packages - https://deb.frrouting.org/
RPM Packages - https://rpm.frrouting.org/
Snaps - https://snapcraft.io/frr
Docker - frrouting/frr:v8.4.2

Bug fixes:

• bfdd: fix ipv4 socket source selection
• bgpd : fix crash for set ipv4/ipv6 vpn next-hop command
• bgpd: stop overriding nexthop when bgp unnumbered
• bgpd: fix aggregated routes are withdrawn abnormally
• bgpd: fix a few memory leaks
• build: enable pim6d by default
• build: fix sed regex in lua macro
• doc : add freebsd 13 build docs
• isisd: fix memory leak
• lib: disable vrf before terminating interfaces
• lib: do not log echo ping commands from watchfrr
• ospf6d: fix infinite loop when adding asbr route
• ospfd: fix rfc conformance test cases 25.19 and 27.6
• ospfd: fix typo and report the P2P link name in the warning
• ospfd: report the router IP with opaque capability mismatch
• ospfd: fix memory leak
• pimd: consistently ignore prefix list mask len
• staticd: do not crash when modifying an existing static route with color
• zebra: free all memory associated ctx->u.iptable.interface_name_list
• zebra: fix tracepoint changes for lttng
• zebra: free up route map name memory on vrf deletion event
• zebra: use mpls enable, not mpls when generating a config

FRR 8.4.1 Release

We are pleased to announce FRR 8.4.1.

Debian Packages - https://deb.frrouting.org/
RPM Packages - https://rpm.frrouting.org/
Snaps - https://snapcraft.io/frr
Docker - frrouting/frr:v8.4.1

Bug fixes:

• zebra: Fix dplane_fpm_nl to allow for fast configuration
• zebra: Use the enum, luke
• zebra: relax if_type check to allow early ES config creation
• zebra: Reuse netinet/if_ether.h to avoid redefinition of struct ethhdr
• zebra: fix build without AF_MPLS
• ospfd: Get route-map name for default-information originate
• ospfd: Allow unnumbered and numbered addresses to co-exist better
• ospfd: prevent from crashing when processing external lsa
• bgpd: fix "storing the address of local variable"
• bgpd: rpki was decrementing the node lock one time too many
• bgpd: Do not send Deconfig/Shutdown message when restarting
• bgpd: authorise to select bgp self peer prefix on rr case
• bgpd: fix invalid ipv4-vpn nexthop for IPv6 peer
• pimd: Convert zlog_warn to debug
• isisd: fix area NULL pointer in isis_route_update
• tools: remove backslash from declare check regex

FRR 8.4 Release

We are pleased to announce FRR 8.4.

FRR 8.4 brings a long list of enhancements and fixes with 700+ commits from 66 developers. Thanks to all contributors.

Debian Packages - https://deb.frrouting.org

RPM Packages - https://rpm.frrouting.org

Snaps - https://snapcraft.io/frr

Docker - frrouting/frr:v8.4.0

Release Overview

• New BGP command (neighbor PEER soo) to configure SoO to prevent routing loops and suboptimal routing on dual-homed sites.
• Command debug bgp allow-martian replaced to bgp allow-martian-nexthop because previously we allowed using martian next-hops when debug is turned on.
• Implement BGP Prefix Origin Validation State Extended Community rfc8097
• Implement Route Leak Prevention and Detection Using Roles in UPDATE and OPEN Messages rfc9234
• BMP L3VPN support
• PIMv6 support
• MLD support
• New command to enable using reserved IPv4 ranges as normal addresses for BGP next-hops, interface addresses, etc.
• As usual, lots of bugs and memory leaks were fixed \m/

Changelog

babeld

• Ignore Sub-TLV's with mandatory bit set
• Ignore unicast Hello's

bfdd

• Add IPv4 BFD Echo support
• Add RTT to BFD IPv4 Echo packet processing
• Allow L3 VRF BFD sessions without UDP leaking

bgpd

• Add mpls bgp forwarding to ease MPLS-VPN EBGP peering
• Add bgp allow-martian-nexthop command (remove debug bgp allow-martian)
• Add neighbor soo command
• Add no rpki command
• Add show bgp access-list command to filter routes by access-list
• Implement rfc8097
• Implement rfc9234
• Add resolution for L3VPN traffic over GRE interfaces
• Allow setting custom port for BGP unnumbered peers
• Allow statistics gathering to give more data about prefix lengths
• Apply conditional advertisements policy to update-group
• Associate appropriate family for redistributed connected addresses
• Avoid notify race between io and main pthreads
• Call a hook when as-path filter is replaced
• Cleanup memory leaks associated with t_deferral_timer
• Do not check if the whole as-path has target asn when using as-override
• Do not print new line for EVPN CLI outputs if it's a JSON
• Do not show polling_period default value in CLI for RPKI
• Don't advertise conditionally withdrawn routes
• Drop SSH public key for RPKI CLI option
• Fix show bgp nexthop a.b.c.d
• Fix for aggregate-address summary-only matching-med-only
• Fix inconsistencies with default-originate route-map
• Fix memory leak for as-override
• Fix memory leak for set as-path replace route-map command
• Fix memory leak for community alias
• Fix memory leak for community stuff
• Fix memory leak in SRv6 locator
• Fix memory leak when an SRv6 sid is removed
• Fix memory leak when setting [l]community at the egress
• Fix route-map update and delete route-map
• Fix show bgp l2vpn evpn route rd crash
• Fix the wrong next-hop BGP struct for next-hop validation
• Fixed BMP VPNv4 monitoring are withdrawn instead of updates
• Fixup PBR rule changes that were missed
• Fixup some MAC address token CLI syntax
• Free ecommunity before returning on warning/error
• Free memory for as-path filter if regexp is wrong
• Free memory for BMP listeners when deleting BGP instance
• Generate RPKI CLI config even if no cache servers are configured
• Handle origin validation state extended community via route-map match
• Handle route-refresh requests received before EOR
• Implement retain route-target all behavior
• Improve labelpool performance at scale
• Inconsistencies in snt counters with default-originate
• Prevent memory leak of the listener on shutdown
• Print peer's hostname for BGP (filtering) messages
• Print source VRF name when leaking to another VRF
• Release RCU lock in BGP keepalive pthread
• Reset BGP sessions when changing the port
• Send route updates when modifying access/aspath/prefix lists
• Set TTL for iBGP/eBGP by checking only if generic TTL security applied
• Show cache server preference in show rpki cache-server output
• Show extended communities memory consumption
• Show TTL value unconditionally for neighbors
• Start conditional advertisement timer instantly
• Stop conditional advertisements thread when terminating
• Stop LLGR thread when deleting a peer and/or gr flags changed
• Treat as withdraw if we receive as path with as_set / as_confed_set
• When specifying listen address for BGP we shouldn't imply no-fib flag
• Withdraw implicitly old paths from VRFs when import/export list changes
• Ensure that bgp open message stream has enough data to read
• Notify BGP conditional advertisement thread when the peer goes down

bmp

• Add an interface source to BMP connect command
• Add L3VPN support

eigrpd

• VRF variable name hides a parameter of the same name

fabricd

• Turn off excessive logging when peering will not come up

isisd

• Ensure rcap is freed in error case
• Fix crash with xfrm interface type
• Fix memory leak on shutdown with prefix lists
• Fix prefix-sid last-hop-behavior

ldpd

• Check if the thread is scheduled before calling for remained time

lib

• Abstract usage of '%pnhs' so that next-hop groups can use it too
• Add errno details to the sockopt_reuseaddr API
• Add sys_rawio to the capabilities definitions
• Allow downgrade of all caps when none are specified
• Allow using ipv4 (class e) reserved block if enabled
• Check hostname in resolver_resolve
• Cleanup red-herring memleaks in the parent of daemonizing fork
• Ensure ls_msg2edge does not use memory after freeing
• Fix show route-map name json command and memory leak
• Fix memory leak in zclient_send_localsid()
• Fix skip of every other plist deletion
• Fixup workqueue.c to use the proper thread.h semantics
• Function crypt does not need to be declared mid function
• Increase next-hop flags size to 16 bits
• Prevent uninitialized usage of data
• Remove usage of inet_ntop in lib/sockopt.c
• Require at least 2.1.42 version of sysrepo when compiling
• Return 0 as the remaining msec if the thread is not scheduled
• stream_dup memory alloc cannot fail
• Update sysrepo code with the latest API changes
• Use pi4 instead of inet_ntop in sockopt.c

nhrpd

• Use frr_weak_random()
• Use nhrp_interface_update_nbma when source VRF was changed

ospf6d

• Don't remove the summary route if it is a range
• Ensure that ospf6d does not memcpy beyond the end of the data
• Fix missing cost change
• Permit route delete without next-hops
• Remove ospf6enabled from JSON output

ospfd

• Add how many packets the interface has queued to send
• Add router-id support to OSPF API
• Added CLIs to change default timers for lsa refresh and maxage remove delay.
• Adding per neighbor JSON details to gr helper detail command
• Crash when router acts as gr helper upon a topo change
• Fix show ip ospf neighbour <nbrid> command
• Increase packets sent at one time in ospf_write
• Refactor fifo_flush for the interface
• Remove deprecated command graceful-restart helper-only
• When a neighbor goes down clear the oi->obuf if we can
• Catch and report too small LSAs
• Remove assert on zero length LSA - which is permitted by spec
• Fix bug where acks were not be generated to incoming P2P/P2MP neighbors

pathd

• no mpls-te on command was not working
• Add a zebra stop handler
• Change the vty output, when no ted is enabled on pathd
• Ensure the path is free'd after we no longer need it
• Nai adjacency fix query type f for IPv5

pim6d

• (*,g) mroutes not learnt after pim6d daemon restart
• Lots of CLI changes regarding MLD
• Lots of CLI changes regarding PIMv6
• Clear interface stats on interface shutdown
• Disable pim6d compilation by default
• Don't enable MLD on pimreg interface
• Fix the code for MLD in the show pim state command
• mroute stuck in register state, multicast traffic getting drops
• Register message getting dropped in the source node, mroute stuck in regj
• Send register msg with IPv6 global address
• Update last_member_query_interval and last_member_query_count
• Use ttable for displaying show commands
• Deleting the memory malloced for JSON
• Adding JSON support for show ipv6 next-hop
• Send register msg via register socket
• Change the show running commands based on the address family
• Set rp to true if the address matches, ignore prefix-length

pimd

• Allow v6 to do non-integrated configuration
• Assign a vty port value for v6
• Cleanup rpf lookup debug to help us figure out what is going on
• Correct the order of show JSON for interface traffic
• During prune pending, behave as noinfo state
• Fix invalid memory access join_timer_stop
• Fix memleak in bfd profile
• Fix PIM interface deletion flow
• Fix static mroute to also take into account the input interface
• Fix the setting of oif_flags in channel oil
• Fix unaligned accesses
• Handle receive of (*,g) register stop with src addr as 0
• Igmp querier election is not correct in lan scenario
• JSON support for next-hop
• Let the end operator know the ifindex as well in t...

FRR 8.3.1 Release

We are pleased to announce FRR 8.3.1.

Debian Packages - https://deb.frrouting.org

RPM Packages - https://rpm.frrouting.org

Snaps - https://snapcraft.io/frr

Docker - frrouting/frr:v8.3.1

Release Overview

• Handle CTRL+Z without exiting the VTY shell
  • In the 8.3 release, the CTRL+Z combination exited the VTY shell, it's back again!
• Ignore end when parsing frr.conf
  • If frr.conf has end inside the config, BGP peering starts only after 10 minutes. This is because parsing the end keyword stopped hooks from reaching the end of the configuration and BGP thoughts the configuration is not ready.

Changelog

bgpd

• Do not announce routes that are conditionally withdrawn (a gap between conditional advertisement interval)
• Fix crash for show bgp l2vpn evpn route rd
• Do not overwrite the Link-Local address with another interface for the next-hop cache
• Call a hook when the as-path filter is replaced
• Fix memory leak when cleaning up MPLS labels

isisd

• Fix memory leak when deleting adjacency

ldpd

• Fix crash when hold time is configured to 65535

ospfd

• Fix crash when the router is running in GR helper mode and receives a new LSA

pimd

• Fix memory leak for show ip pim interface
• Allow the same group/source route to be configured on more than one interface

vtysh

• Handle CTRL+Z without exiting the VTY shell
• Ignore end when parsing frr.conf

zebra

• Avoid buffer overflow when parsing nested route attributes for SR-IPv6
• Fix missing VNI transition, e.g.: show evpn vni detail

---