[FRR]: Fix a BGP check that verifies if the nexthop is invalid by cscarpitta · Pull Request #22910 · sonic-net/sonic-buildimage

cscarpitta · 2025-06-10T07:14:27Z

Currently, in bgp_update_martian_nexthop we do a check to evaluate whether a nexthop is valid or not. But then the result of this check is not saved and therefore it gets lost.

		if (!ipv4_unicast_valid(&attr->nexthop) ||
			      bgp_nexthop_self(bgp, afi, type, stype, attr, dest));

This commit fixes the issue by saving the result of the check in the nh_invalid variable that already exists.

Currently, in `bgp_update_martian_nexthop` we do a check to evaluate whether a nexthop is valid or not. But then the result of this check is not saved and therefore it gets lost. ``` if (!ipv4_unicast_valid(&attr->nexthop) || bgp_nexthop_self(bgp, afi, type, stype, attr, dest)); ``` This commit fixes the issue by saving the result of the check in the `nh_invalid` variable that already exists. Signed-off-by: Carmine Scarpitta <cscarpit@cisco.com>

mssonicbld · 2025-06-10T07:14:35Z

/azp run Azure.sonic-buildimage

azure-pipelines · 2025-06-10T07:14:46Z

Azure Pipelines successfully started running 1 pipeline(s).

cscarpitta · 2025-06-10T13:39:28Z

/azpw run Azure.sonic-buildimage

mssonicbld · 2025-06-10T13:39:31Z

/AzurePipelines run Azure.sonic-buildimage

azure-pipelines · 2025-06-10T13:39:43Z

Azure Pipelines successfully started running 1 pipeline(s).

cscarpitta · 2025-06-13T10:32:36Z

/azpw run Azure.sonic-buildimage

mssonicbld · 2025-06-13T10:32:39Z

/AzurePipelines run Azure.sonic-buildimage

azure-pipelines · 2025-06-13T10:32:50Z

Azure Pipelines successfully started running 1 pipeline(s).

cscarpitta · 2025-06-22T12:54:34Z

/azpw run Azure.sonic-buildimage

mssonicbld · 2025-06-22T12:54:36Z

/AzurePipelines run Azure.sonic-buildimage

azure-pipelines · 2025-06-22T12:54:46Z

Azure Pipelines successfully started running 1 pipeline(s).

cscarpitta · 2025-06-22T16:24:31Z

/AzurePipelines run Azure.sonic-buildimage

azure-pipelines · 2025-06-22T16:24:38Z

Commenter does not have sufficient privileges for PR 22910 in repo sonic-net/sonic-buildimage

cscarpitta · 2025-06-23T06:39:09Z

/AzurePipelines run Azure.sonic-buildimage

azure-pipelines · 2025-06-23T06:39:15Z

Commenter does not have sufficient privileges for PR 22910 in repo sonic-net/sonic-buildimage

cscarpitta · 2025-06-23T14:03:06Z

/azpw run Azure.sonic-buildimage

mssonicbld · 2025-06-23T14:03:08Z

/AzurePipelines run Azure.sonic-buildimage

azure-pipelines · 2025-06-23T14:03:20Z

Azure Pipelines successfully started running 1 pipeline(s).

mssonicbld · 2025-06-23T20:14:20Z

/azp run Azure.sonic-buildimage

azure-pipelines · 2025-06-23T20:14:31Z

Azure Pipelines successfully started running 1 pipeline(s).

cscarpitta · 2025-06-24T14:09:05Z

/azpw run Azure.sonic-buildimage

mssonicbld · 2025-06-24T14:09:09Z

/AzurePipelines run Azure.sonic-buildimage

azure-pipelines · 2025-06-24T14:09:21Z

Azure Pipelines successfully started running 1 pipeline(s).

BYGX-wcr · 2025-06-25T18:48:39Z

 	if (CHECK_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP)))
 -		nh_invalid = (attr->nexthop.s_addr == INADDR_ANY ||
 -			      !ipv4_unicast_valid(&attr->nexthop) ||
-+		if (!ipv4_unicast_valid(&attr->nexthop) ||


Why do we remove the if here?

@cscarpitta, can you please explain this change?

Hi @BYGX-wcr I'm fixing an issue in the bgp_update_martian_nexthop() function.

Before my fix:

/* Check if received nexthop is valid or not. */ bool bgp_update_martian_nexthop(struct bgp *bgp, afi_t afi, safi_t safi, uint8_t type, uint8_t stype, struct attr *attr, struct bgp_dest *dest) { bool nh_invalid = false; ... /* If NEXT_HOP is present, validate it: * The route can have both nexthop + mp_nexthop encoded as multiple NLRIs, * and we MUST check if at least one of them is valid. * E.g.: IPv6 prefix can be with nexthop: 0.0.0.0, and mp_nexthop: fc00::1. */ if (CHECK_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP))) if (!ipv4_unicast_valid(&attr->nexthop) || bgp_nexthop_self(bgp, afi, type, stype, attr, dest)); /* If MP_NEXTHOP is present, validate it. */ ... return nh_invalid; }

After my fix:

/* Check if received nexthop is valid or not. */ bool bgp_update_martian_nexthop(struct bgp *bgp, afi_t afi, safi_t safi, uint8_t type, uint8_t stype, struct attr *attr, struct bgp_dest *dest) { bool nh_invalid = false; ... /* If NEXT_HOP is present, validate it: * The route can have both nexthop + mp_nexthop encoded as multiple NLRIs, * and we MUST check if at least one of them is valid. * E.g.: IPv6 prefix can be with nexthop: 0.0.0.0, and mp_nexthop: fc00::1. */ if (CHECK_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP))) nh_invalid = !ipv4_unicast_valid(&attr->nexthop) || bgp_nexthop_self(bgp, afi, type, stype, attr, dest); /* If MP_NEXTHOP is present, validate it. */ ... return nh_invalid; }

As you can see, before my fix, the if statement was having no effect, because we were doing the check to evaluate whether the nexthop is valid or not, but then we did not take any action - we ignored the result of the check.

In other words, I am replacing this:

if (!ipv4_unicast_valid(&attr->nexthop) || bgp_nexthop_self(bgp, afi, type, stype, attr, dest));

with this:

nh_invalid = !ipv4_unicast_valid(&attr->nexthop) || bgp_nexthop_self(bgp, afi, type, stype, attr, dest);

The function then returns nh_invalid.

BYGX-wcr

LGTM

mssonicbld · 2025-07-02T04:28:50Z

Cherry-pick PR to 202505: #23180

cscarpitta requested a review from lguohan as a code owner June 10, 2025 07:14

cscarpitta mentioned this pull request Jun 10, 2025

[FRR]: Upgrade FRR to version 10.3 #22267

Merged

ahsalam approved these changes Jun 10, 2025

View reviewed changes

Merge branch 'master' into fix/fix_nh_invalid_check

912450b

BYGX-wcr reviewed Jun 25, 2025

View reviewed changes

BYGX-wcr approved these changes Jul 1, 2025

View reviewed changes

yejianquan merged commit 879d0cf into sonic-net:master Jul 1, 2025
20 checks passed

BYGX-wcr added the Request for 202505 Branch label Jul 1, 2025

yejianquan added the Approved for 202505 Branch label Jul 2, 2025

mssonicbld mentioned this pull request Jul 2, 2025

[action] [PR:22910] [FRR]: Fix a BGP check that verifies if the nexthop is invalid #23180

Merged

mssonicbld added the Created PR to 202505 Branch label Jul 2, 2025

mssonicbld added Included in 202505 Branch and removed Created PR to 202505 Branch labels Jul 3, 2025

Conversation

cscarpitta commented Jun 10, 2025

Uh oh!

mssonicbld commented Jun 10, 2025

Uh oh!

azure-pipelines Bot commented Jun 10, 2025

Uh oh!

cscarpitta commented Jun 10, 2025

Uh oh!

mssonicbld commented Jun 10, 2025

Uh oh!

azure-pipelines Bot commented Jun 10, 2025

Uh oh!

cscarpitta commented Jun 13, 2025

Uh oh!

mssonicbld commented Jun 13, 2025

Uh oh!

azure-pipelines Bot commented Jun 13, 2025

Uh oh!

cscarpitta commented Jun 22, 2025

Uh oh!

mssonicbld commented Jun 22, 2025

Uh oh!

azure-pipelines Bot commented Jun 22, 2025

Uh oh!

cscarpitta commented Jun 22, 2025

Uh oh!

azure-pipelines Bot commented Jun 22, 2025

Uh oh!

cscarpitta commented Jun 23, 2025

Uh oh!

azure-pipelines Bot commented Jun 23, 2025

Uh oh!

cscarpitta commented Jun 23, 2025

Uh oh!

mssonicbld commented Jun 23, 2025

Uh oh!

azure-pipelines Bot commented Jun 23, 2025

Uh oh!

mssonicbld commented Jun 23, 2025

Uh oh!

azure-pipelines Bot commented Jun 23, 2025

Uh oh!

cscarpitta commented Jun 24, 2025

Uh oh!

mssonicbld commented Jun 24, 2025

Uh oh!

azure-pipelines Bot commented Jun 24, 2025

Uh oh!

BYGX-wcr Jun 25, 2025

Choose a reason for hiding this comment

Uh oh!

BYGX-wcr Jun 27, 2025

Choose a reason for hiding this comment

Uh oh!

cscarpitta Jun 28, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

BYGX-wcr Jul 1, 2025

Choose a reason for hiding this comment

Uh oh!

BYGX-wcr left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

mssonicbld commented Jul 2, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

cscarpitta Jun 28, 2025 •

edited

Loading