En

FRRouting官网安全更新(2021-07-29)

来源:FRRouting官网 发布日期:2021-07-29 阅读次数:10120 评论:0

基本信息

发布日期:2021-07-29(官方当地时间)

更新类型:安全更新

更新版本:frr-8.0

感知时间:2021-07-30 03:40:33

风险等级:未知

情报贡献:TSRC

更新标题

安全更新

更新详情

The FRR community is pleased to announce FRR 8.0.

In this release there are over 2200 commits from 91 different authors.

Please note that we expect to release a bugfix point release relatively soon after this release.

* Debian Packaging - https://deb.frrouting.org/
* RPM Packaging - https://rpm.frrouting.org/

Snaps will be delayed by several weeks; when available they will be published here:
* Snap Packaging - https://snapcraft.io/frr

Due to the absence of a suitable `libyang2` package for Alpine Linux, Docker builds will also be delayed.

## Changelog

### Major changes

#### Behavior
* Many users are familiar with vtysh's "walk up" behavior. If a command is entered which isn't valid in the current CLI context mode, vtysh will "walk up" to higher, more general contexts and attempt to evaluate the command there. In prior releases, this would happen if the command entered was ambiguous for the current context. This caused more problems than it was worth and so in this release the behavior has been changed so that vtysh will no longer walk up when an ambiguous command is entered. Some users that have configurations which rely on this behavior may notice that their configurations no longer work. This should be a very small minority of users but please keep it in mind if you start seeing weird configuration issues.

#### Features

* A new daemon, `pathd`, has been added. This daemon implements support for segment routing. Documentation is currently lacking, but there are example configurations to look at
[here](http://docs.frrouting.org/en/latest/pathd.html).

* EVPN Multihoming is now fully supported

* OSPFv3 now supports VRFs

* TI-LFA has been implemented in IS-IS and OSPF

* Zebra now has the ability to dump netlink messages in a human-friendly format

* LDP gained SNMP support

#### Dependencies

* FRR uses [libyang](https://github.com/CESNET/libyang) to implement support
for YANG models and related functionality. In this release we've transitioned
to libyang2 to provide both better performance and to receive better support
from future libyang changes. Packaged libyang2 is provided in our Debian and
RPM repositories.

### All daemons

#### babeld
* Add `distribute-list` commands
* Fix memory leak in connected route handling

#### bgpd
* Add support for use of aliases with communities
* Add support of tcp-mss for neighbors
* Add support for EVPN Multihoming
* Add ability to show BGP routes from a particular table version
* Add support for for RFC 8050 (MRT add-path)
* Add SNMP support for MPLS VPN
* Add `show bgp summary wide` command to show more detailed output on wide
terminals
* Add ability for peer-groups to have `ttl-security hops` configured
* Add support for conditional Advertisement
* Add support for RFC 4271 Delay Open Timer
* Add a knob to not advertise until route is installed in fib
* Add BGP-wide configuration for graceful shutdown
* Add support for RFC 8654 extended messages
* Improve RPKI reporting as well as new show commands
* Improve handling of VRF route leaking
* Improve scaling behavior for dynamic neighbors
* Improve LL nexthop tracking to be interface based
* Improve route reachability handling with respect to blackhole routes
* Improve SNMP traps to RFC 4273 notifications
* Improve EVPN routes to use L3 NHG's where applicable
* Improvements to EVPN
* Improvements to update behavior
* Fix various issues with connection resolution
* Fix statistics commands in some situations
* Fix non-determistic locally-originated paths in bestpath selection
* Continue working on transitioning to YANG/Northbound configuration
* Various bug fixes and performance improvements

#### eigrpd
* Add `distribute-list` commands
* Ensure received AS number is the same as ours in all situations
* Properly validate TLV lengths in some situations

#### isisd
* Add ldb-sync functionality
* Add TI-LFA functionality
* Add support for Anycast-SID's
* Add support for classic LFA RFC 5286
* Add `show isis fast-reroute summary` command
* Add support for Remote LFA RFC 7490
* Fix Attach-bit processing in some scenarios
* Cleanup BFD integration
* Various bug fixes and performance improvements

#### ldpd
* Add SNMP support
* Support for LDP IGP Synchronization
* Support for RLFA clients
* Various bug fixes and performance improvements

#### libfrr
* Various bugfixes and performance improvements

#### nhrpd
* Add `nhrp multicast-nflog-group (1-65535)` command
* Add configuration options for vici socket path
* Add support for forwarding multicast packets
* Fix handling of MTU
* Fix handling of NAT extension
* Retry IPsec under some conditions

#### ospfd
* Add OSPF GR helper support
* Add JSON support for various commands
* Add `summary-address A.B.C.D/M ...` commands
* Add `area X nssa suppress-fa` command
* Add support for TI-LFA
* Add support for BFD profiles
* Add support for Traffic Engineering database
* Add support for usage of DMPVPN with OSPF
* Add `clear ip ospf neighbor` commands
* Add YANG support for route-maps
* Improvements to SNMP
* Fixes for type 5 and type 7 LSA handling
* Various bug fixes and performance improvements

#### ospf6d
* Add support for VRFs
* Add JSON support to a bunch of commands
* Add ability to control maximum paths for routes
* Add `show ipv6 ospf6 vrfs` command
* Add support for BFD profiles
* Fix to not send hellos on loopbacks
* Cleanup area handling around interfaces
* YANG support for route-maps
* Various bug fixes and performance improvements

#### ospfclient
* Cleanup trust of user input

#### pathd
* Add support of SR-TE policy management daemon
* Add optional support for PCEP to pathd
* Integrate PCEP-LIB into FRR

#### pbrd
* Add `set installable` nhg command
* Improve interface up/down event handling


#### pimd
* Add YANG integration
* Add JSON support to various commands
* Add BFD profile support
* Fixes to IGMP conformance
* Fixes to behavior surrounding Prune and Prune-pending
* Various bug fixes and performance improvements

#### ripngd
* Fix interface wakeup after shutdown

#### sharpd
* Add ability to use Nexthop Groups
* Add v4 redistribute watching
* Add TED support
* Various bug fixes

#### staticd
* Fix nexthop handling in some situations
* Forbid blackhole and non-blackhole nexthops in a single route

#### vrrpd
* printf formatting cleanups

#### vtysh
* Add a `show history` command
* Add `show memory <daemon>` support
* Start deprecation cycle for `address-family evpn`
* Display version with --help
* Various bug fixes

#### watchfrr
* Fix some crashes

#### zebra
* Add JSON support to various commands
* Add Human readable netlink dumps
* Add L2 NHG support
* Add support for LSPs to FPM dataplane
* Add ability for other protocol daemons to install nexthop groups into the kernel
* Add YANG support for route-maps
* Improve scale performance when handling a large number of VRF's
* Improve network namespace handling
* Improve asic-offload handling
* Improve FreeBSD interface and route handling
* Improve handling of neighbors in kernel dataplane plugin
* Improve label manager
* Improve route-map processing
* Improve debug-ability of routes and VRFs
* Improve FPM dataplane plugin
* Improve handling of reachability / nexthop tracking on shutdown interfaces
* Improve EVPN support
* Fix startup handling of `set src X`
* Various bug fixes and performance improvements

---

Authors:
* Abhinay Ramesh
* Adriano Marto Reis
* Alexander Chernavin
* Ameya Dharkar
* Amold Lad
* Andy Lemin
* Anuradha Karuppiah
* Babis Chalios
* Biswajit Sadhu
* Bo Zhang
* Carlo Galiotto
* Carlos Goncalves
* Chirag Shah
* Christian Hopps
* Christian Poessinger
* Christophe Gouault
* Carles Kishimoto
* David Lamparter
* David Schweizer
* David Teach
* Dewi Morgan
* Donald Sharp
* Donatas Abraitis
* Donnie Savage
* Don Slice
* Duncan Eastoe
* Emanuele Altomare
* Emanuele Bovisio
* Emanuele Di Pascale
* Erik Kooistra
* Fredi Raspall
* Sascha Kattelmann
* Gaurav Goyal
* Yash Ranjan
* G. Paul Ziemba
* Harios Niral
* Hiroki Shirokura
* Igor Ryzhov
* Jafar Al-Gharaibeh
* Javier Garcia
* Joanne Mikkelson
* Joe Maimon
* Karen Schoener
* Kaushik Nath
* Kishore Kunal
* Kuldeep Kashyap
* liuze
* Lou Berger
* Louis Scalbert
* lynne Morrison
* Madhuri Kuruganti
* Mark Stapp
* Martin Buck
* Martin Winter
* Mathias Bøhn Grytemark
* Michael Hohl
* Miroslav Koškár
* Mobashshera Rasool
* Naveen Guggarigoudar
* Neal Shrader
* Nikolay Aleksandrov
* Sai Gomathi
* Olivier Dugeon
* Ondřej Surý
* Pat Ruddy
* Philippe Guibert
* Prerana GB
* Quentin Young
* Rafael Zalamena
* Renato Westphal
* Reuben Dowle
* Rajesh Girada
* Roy Marples
* Rubens Figueiredo
* Runar Borge
* Saravanan K
* Sarita Patra
* Sebastien Merle
* Simon Deziel
* Soman K S
* Stephen Worley
* Sudhanshu Kumar
* Tashana Mehta-Wilson
* Timo Teräs
* Trey Aspelund
* Mahdy Varasteh
* Vishal Dhingra
* Vijay Gupta
* Vincent Bernat
* Vivek Venkatraman
* Wesley Coakley
* Zoran Pericic
* zyxwvu Shi

Overall there have been 4207 files changed, 450802 insertions(+), 123468 deletions(-)

软件描述

FRRouting(FRR)是用于Linux和Unix平台的IP路由协议套件,其中包括BGP,IS-IS,LDP,OSPF,PIM和RIP的协议守护程序。

CVE编号

TSRC分析

暂无

业界资讯

暂无

评论

提交评论 您输入的评论有误,请重新输入