Releases: FRRouting/frr
Release list
FRR Release 10.7.0-rc1
We are pleased to announce FRR release 10.7.0-rc1.
FRR 10.7.0-rc1 is the first release candidate for the 10.7 series, with 1371 commits from 101 developers since FRR 10.6.0. This build is intended for testing; please report issues before the final 10.7.0 release.
Debian and RPM release packages are available under the RC (frr-rc) channels
Debian Packages - https://deb.frrouting.org/
RPM Packages - https://rpm.frrouting.org/
Thank you to all contributors!
Release Overview
New Features Highlight
-
BFD authentication with keychain support
- BFD sessions can now use the FRR keychain framework for authentication.
- Supported algorithms include cleartext, SHA-1, and the meticulous variant required by operators running strict authentication policies.
- Keychains integrate with BFD profiles and northbound configuration for single-hop, multi-hop, and SBFD sessions.
-
BGP-LS SRv6 extensions
- BGP Link-State now advertises and processes SRv6 topology information, including:
- SRv6 Capabilities TLV
- SRv6 Locator TLV
- SRv6 SID NLRI (including End, End.X, and LAN End.X forms)
- SRv6 Endpoint Behavior TLV
- SRv6 SID Structure TLV
- Static SRv6 SIDs configured in zebra can be exported into BGP-LS, enabling SRv6-aware TE controllers to consume locator and SID information from FRR.
- BGP Link-State now advertises and processes SRv6 topology information, including:
-
BGP route-map based allowas-in
allowas-incan be applied selectively through route-maps instead of only as a blanket peer or address-family knob.- This allows finer control over which received routes may contain the local AS in the AS_PATH, improving policy flexibility in complex multihomed and hub-and-spoke designs.
-
OSPFv2 RFC 4222 control-plane DSCP marking
- OSPFv2 can classify control packets into high- and low-priority queues per RFC 4222 recommendation 1.
- Recommendation 2 extends the neighbor inactivity timer behavior for low-priority control traffic.
- Operators can mark OSPF control traffic with DSCP values to protect routing protocol stability under congestion.
-
OSPF BFD quick neighbor
- When BFD is enabled on OSPF interfaces, a quick-neighbor mode reduces the time needed to bring up OSPF adjacencies over BFD-monitored links.
- This is useful on fabrics where fast reconvergence after link-up is required.
-
PIM IGMP proxy route-map filtering
- IGMP proxy joins and prunes can be filtered with
ip igmp proxy route-map. - A new route-map match condition,
match multicast-source-interface, allows policy based on the interface where a join was learned. - This helps deployments that proxy IGMP between access and core segments while restricting which groups or sources are forwarded.
- IGMP proxy joins and prunes can be filtered with
-
PIM dense-mode Assert on multi-access LAN
- Dense-mode wrong-interface traffic on shared LANs now runs the RFC 3973 Assert procedure instead of immediately pruning all neighbors.
- On point-to-point links the previous immediate-prune behavior is preserved.
- This elects a single forwarder on multi-access segments and avoids pruning active branches when duplicate (S,G) packets arrive on a non-RPF interface.
-
PIM Auto-RP allow-rp support
- A new
allow-rpconfiguration accepts Auto-RP groups even when the embedded RP address does not match the local RP configuration. - IPv4 and IPv6 Auto-RP are supported through northbound/YANG modeling.
- This helps mixed-vendor or transitional Auto-RP deployments where strict RP identity checking would otherwise drop valid control traffic.
- A new
-
Static route per-route metric and nexthop ECMP weight
- Static routes now support a per-route metric as a non-key attribute, independent of the existing administrative-distance key.
- Static ECMP nexthops can carry weights for unequal-cost multi-path forwarding.
- Together these align static routing policy more closely with zebra’s nexthop-group handling used by other protocols.
What's Changed
- EVPN RMAC management fixes and test coverage by @soumyar-roy in #20588
- ospfd: Display message when clearing interface without OSPF by @soumyar-roy in #20267
- zebra: FRR restart leads to zebra mlag core by @soumyar-roy in #20225
- zebra: limit RTADV socket rcvbuf to 20MB by @hengwu0 in #20654
- Evpn test abstraction by @donaldsharp in #20637
- pimd,pim6d: fix last-member-query-count and add robustness value by @rzalamena in #20613
- bgpd: Changes to include new fields in "show bgp router" command by @soumyar-roy in #20631
- bgpd: Fix double-free crash in peer_delete() during doppelganger peer… by @routingrocks in #20661
- staticd: Fix SRv6 SID use-after-free on locator deletion by @cscarpitta in #20660
- yang: Correct pyang errors in frr-nexthop.yang by @y-bharath14 in #20694
- bgpd: Replace 3 with BGP_ALLOWAS_IN_DEFAULT constant by @ton31337 in #20698
- Fixes for op-state change notifications being sent to backend clients (daemons) by @choppsv1 in #20647
- bgpd: Missing large community value in commAttriSentToNbr JSON by @soumyar-roy in #20608
- lib,bgpd: Adding JSON str for time in dd:hh:mm:ss format by @soumyar-roy in #20632
- bgpd: use BGP_PATH_INFO_NUM_LABELS macro in bgp_evpn_path_info_get_l3vni by @nick-bouliane in #20679
- Add new show command to display only failed routes by @deepak-singhal0408 in #20343
- bfdd: early return on socket allocation failure by @ethanmilon-6wind in #20700
- zebra: add state column to 'show evpn es' command output by @shashanka-ks in #20711
- zebra: add 'no encapsulation' command under segment-routing/srv6 by @hedrok in #20716
- tests: Check PIM Register/-Stop handling in pim_igmp_vrf topotest by @gromit1811 in #18329
- ospf6d: Fix stack buffer overflow in link LSA by @rminnikanti in #20695
- bgpd: fix md5 password unset on dynamic nbr by @chiragshah6 in #20740
- bgpd,zebra: EVPNv6 addressing coverity warnings by @Manpreet-k0 in #20680
- bgpd: Fix suppress-fib-pending config race condition on startup by @krishna-samy in #20622
- bgpd: fix batch clearing resume to use correct lookup APIs by @miteshkanjariya in #20738
- bgpd: add a counter for received duplicate updates by @enkechen-panw in #20553
- bgpd: Fix AS path exclude not working during VRF route re-import by @soumyar-roy in #20556
- Nexthop weight support for static routes (ECMP/UCMP) by @iurmanj6WIND in #20559
- Add memberCount into peer-grp json AND GR fields in fields in show bgp vrfs json by @raja-rajasekar in #20578
- zebra: uninstall remote neigh even when ifp is down by @raja-rajasekar in #20587
- vtysh: Add JSON output support for
show memoryby @ton31337 in #20605 - bgpd: Ignore transitiveness flag when checking type for link bandwidth by @ton31337 in #20607
- bgpd: Show all advertised paths including non-best paths only if addpath is enabled by @ton31337 in #20618
- bgpd: implement new redistribute json command by @soumyar-roy in #20630
- ospf6d: Fix FULL adjacency persisting despite MTU mismatch by @rminnikanti in #20681
- doc: Fix VRF-related and PIM docs by @gromit1811 in #20717
- zebra: rename BondState to State in 'show evpn es' output by @shashanka-ks in #20721
- lib: use MTYPEs for northbound in several places by @mjstapp in #20733
- Non route replace semantics by @donaldsharp in #20725
- yang: Fix pyang errors in frr-bgp-filter.yang by @y-bharath14 in #20746
- zebra: shorten label for RNH mem type by @mjstapp in #20749
- *: Fixed coverity warnings in multiple areas by @Manpreet-k0 in #20610
- bgpd: EVPN MH fix unimport ES route on vtep change by @Manpreet-k0 in #20730
- Zebra fixup nhg handling from kernel by @donaldsharp in #20732
- zebra: Updation of ifp->flags by @hnattamaisub in #20769
- fix spell checks round 4 by @chiragshah6 in #20771
- tests: Deleted duplicate imported modules by @y-bharath14 in #20779
- Sharp send tableid for route by @donaldsharp in #20634
- bgpd: unref routes when yielding during clearing iteration by @mjstapp in #20789
- bgpd: fix premature deletion of already-stale routes during GR clearing by @miteshkanjariya in #20768
- bgpd: validate incoming NOTIFICATION messages...
FRR Release 10.6.1
Debian Packages - https://deb.frrouting.org/
RPM Packages - https://rpm.frrouting.org/
Docker - quay.io/frrouting/frr
What's Changed
- doc: fix indentation error in pim doc (backport #21373)
- Fix/bgp hardening backports 10.6
- isisd: improve validation of flex-algo decoder (backport #21314)
- bgpd: Do not allocate stream if route-refresh capability is not received (backport #21394)
- bgpd: Check dynamic capability action before validating ENHE capability (backport #21395)
- bgpd: Do not allow triggering route-refresh path with a malformed ORF length (backport #21399)
- pimd: guard channel OIL detach against stale pointers (backport #21431)
- ospfd: add validation in several places before accessing message bodies (backport #21303)
- pimd: fix NOCACHE MFC resync detection log, add vrf name too (backport #21481)
- bgpd: Fix mixed remote-as for peer-groups when using auto (backport #21406)
- bgpd: Don't mark nexthop as changed if a set next-hop unchanged is applied (backport #21445)
- ospfd: add LSA validation in the apiserver path (backport #21536)
- eigrpd: reject invalid prefix mask len (backport #21539)
- eigrpd: enforce minimum TLV length in Hello handler (backport #21543)
- isisd: use correct min size values for srv6 subtlvs (backport #21540)
- bgpd: fix neighbor IP comparison for IPv6 memcmp return values (backport #21559)
- bgp_evpn: fix memleak when configuring rd (backport #21566)
- eigrpd: fix byte order in Hello authentication decode (backport #21545)
- lib: Report IPv6 MTU and not IPv4 for if_update_state_mtu6 (backport #21501)
- bgpd: Prevent out-of-bound reading handling soft version dynamic capability (backport #21602)
- isisd: continue hardening SRV6 tlv parsing (backport #21585)
- bgpd: Dynamic capability parsing fixes (backport #21603)
- isisd: consume leftover bytes after FAD sub-sub-TLV loop (backport #21544)
- bgpd: Harden SRv6 Service Data parser for SID Structure length (backport #21612)
- nhrpd: stop debugging auth credentials (backport #21615)
- bgpd: honor 'no activate' for dynamic neighbors in peer-group (backport #21658)
- bgpd: migrate timers during peer_xfer_conn to fix stale route cleanup (backport #21558)
- isisd: correct SRv6 End.X SID minimum size constants (backport #21541)
- isisd: Reject SRv6 Locator TLV with Loc-Size of zero (backport #21641)
- bgpd: Validate if NHC BGPID TLV value is non-zero (backport #21611)
- bgpd: Check if BGPID NHC TLV exists when IPv6 next-hop is link-local (backport #21377, #21605, #21611)
Full Changelog: frr-10.6.0...frr-10.6.1
FRR Release 10.5.4
Debian Packages - https://deb.frrouting.org/
RPM Packages - https://rpm.frrouting.org/
Docker - quay.io/frrouting/frr
What's Changed
- pimd: When address change ensure DR changes too. (backport #20881)
- lib/typesafe: guard skiplist level generation against ctz(0) UB (backport #20899)
- bgpd: fix memory leak in cluster_intern() (backport #20913)
- doc: add some text regarding libyang versions (backport #20862)
- eigrpd: handle the gr neighbor list safely in update_receive (backport #20933)
- nhrpd: fix packet and buffer handling errors (backport #20932)
- bgpd: Fix test for OPEN message with remote-as auto (backport #20963)
- bgpd: Add missing PEER_FLAG_SEND_NHC_ATTRIBUTE for update group flags (backport)
- bgpd: check more during flowspec nlri parsing (backport #19909)
- bgpd: Fix condition when evaluating paths (backport #20975)
- ospfd: harden TE/SR TLV iteration against malformed lengths (backport #21002)
- bfdd: Fix wrong memory free when using ttable code (backport #21020)
- bgpd: fix off-by-one error in FlowSpec operator array bounds check (backport #21054)
- lib: fix zclient crash when many peers reconnect after FRR restart (backport #21056)
- lib: fix vty_is_closed() falsely reporting VTY_SHELL as closed (backport #21082)
- bgpd: Check if the NHC length is enough to fill TLV value + TLV header (backport #21074)
- ospfd: fix sequence number check, avoid truncation ambiguity (backport #21096)
- nhrpd: Correct addrlen check in os_recvmsg() (backport #21100)
- ldpd: improve tlv validation in several places (backport #21118)
- PIM message-handling code fixes (backport #21093)
- lib: disable warning in zlog.c to match master
- bgpd: fix some packet-parsing issues (10.5 version)
- bgpd: Return 0 if AS4 capability is malformed (backport #21112)
- isisd: fix edge condition in max_lsp_count computation (backport #21159)
- bgpd: Prevent heap use-after-free for tunnel encapsulation attribute (backport #21176)
- isisd: fix memory leak in remove_excess_adjs() (backport #21183)
- isisd: Fix missing neighbor address Sub-TLVs after link-params change (backport #21204)
- bgpd: improve packet parsing for EVPN and ENCAP/VNC (backport #21098)
- nhrpd: harden against malformed packets (backport #21097)
- ripngd: fix data handling in several places (10.5 backport)
- bgpd: Recent bugs for 10.5
- vrrrpd: improve error handling in several paths (backport #21251)
- bgpd: fix NHT for explicit link-local BGP peers (backport)
- bgpd: flowspec foobar hardening (backport #21308)
- bgpd: fix import vrf on non existing vrf (backport)
- ospf6d: improve/harden packet processing (backport #21277)
- bfdd: harden packet validation and reflector handling (backport #21105) (backport #21255)
- pceplib: validate during of_list TLV decoding (backport #21310)
- pimd: fix crash due to double free (backport #21354)
- eigrpd: improve validation and error-handling in tlv parsing (backport #21316 to 10.5)
- bgpd: Revalidate locally originated routes against RPKI changes (backport #21302)
- bgpd: hardening backports 10.5
- bgpd: Move rpki strict check to bgp_accept() (backport #21328)
- bgpd: Do not allocate stream if route-refresh capability is not received (backport #21394)
- bgpd: Check dynamic capability action before validating ENHE capability (backport #21395)
- pimd: guard channel OIL detach against stale pointers (backport #21431)
- isisd: improve validation of flex-algo decoder (backport)
- ospfd: add validation in several places before accessing message bodies (backport #21303)
- pimd: fix NOCACHE MFC resync detection log, add vrf name too (backport #21481)
- bgpd: Fix mixed remote-as for peer-groups when using auto (backport #21406)
- bgpd: Don't mark nexthop as changed if a set next-hop unchanged is applied (backport #21445)
- ospfd: add LSA validation in the apiserver path (backport #21536)
- eigrpd: enforce minimum TLV length in Hello handler (backport #21543)
- eigrpd: reject invalid prefix mask len (backport #21539)
- isisd: use correct min size values for srv6 subtlvs (backport #21540)
- eigrpd: Handling for malformed update packets (10.5 version)
- bgpd: fix neighbor IP comparison for IPv6 memcmp return values (backport #21559)
- eigrpd: fix byte order in Hello authentication decode (backport #21545)
- bgp_evpn: fix memleak when configuring rd (backport #21566)
- lib: Report IPv6 MTU and not IPv4 for if_update_state_mtu6 (backport #21501)
- bgpd: Dynamic capability parsing fixes (backport #21603)
- isisd: consume leftover bytes after FAD sub-sub-TLV loop (backport #21544)
- nhrpd: stop debugging auth credentials (backport #21615)
- bgpd: honor 'no activate' for dynamic neighbors in peer-group (backport #21658)
- bgpd: migrate timers during peer_xfer_conn to fix stale route cleanup (backport #21558)
- isisd: Reject SRv6 Locator TLV with Loc-Size of zero (backport #21641)
- bgpd: Validate if NHC BGPID TLV value is non-zero (backport #21611)
- bgpd: Check if BGPID NHC TLV exists when IPv6 next-hop is link-local (backport #21377, #21605, #21611)
- bgpd: Do not allocate NHC TLV with an extra trailer (backport #21606)
Full Changelog: frr-10.5.2...frr-10.5.4
FRR Release 10.4.4
Debian Packages - https://deb.frrouting.org/
RPM Packages - https://rpm.frrouting.org/
Docker - quay.io/frrouting/frr
What's Changed
- pimd: When address change ensure DR changes too. (backport #20881)
- bgpd: fix memory leak in cluster_intern() (backport #20913)
- doc: add some text regarding libyang versions (backport #20862)
- eigrpd: handle the gr neighbor list safely in update_receive (backport #20933)
- nhrpd: fix packet and buffer handling errors (backport #20932)
- bgpd: Add missing PEER_FLAG_SEND_NHC_ATTRIBUTE for update group flags (backport)
- bgpd: check more during flowspec nlri parsing (backport #19909)
- bgpd: Fix test for OPEN message with remote-as auto (backport #20963)
- ospfd: harden TE/SR TLV iteration against malformed lengths (backport #21002)
- bfdd: Fix wrong memory free when using ttable code (backport #21020)
- bgpd: fix off-by-one error in FlowSpec operator array bounds check (backport #21054)
- bgpd: Check if the NHC length is enough to fill TLV value + TLV header (backport #21074)
- ospfd: fix sequence number check, avoid truncation ambiguity (backport #21096)
- nhrpd: Correct addrlen check in os_recvmsg() (backport #21100)
- ldpd: improve tlv validation in several places (backport #21118)
- PIM message-handling code fixes (backport #21093)
- lib: disable warning in zlog.c to match master
- bgpd: fix some packet-parsing issues (10.4 version)
- isisd: fix edge condition in max_lsp_count computation (backport #21159)
- bgpd: Return 0 if AS4 capability is malformed (backport #21112)
- bgpd: Prevent heap use-after-free for tunnel encapsulation attribute (backport #21176)
- isisd: fix memory leak in remove_excess_adjs() (backport #21183)
- bgpd: improve packet parsing for EVPN and ENCAP/VNC (backport #21098)
- nhrpd: harden against malformed packets (backport #21097)
- bgpd: fix NHT for explicit link-local BGP peers (backport)
- ripngd: fix data handling in several places (10.4 version)
- bgpd: Recent bugs for 10.4
- vrrrpd: improve error handling in several paths (backport #21251)
- lib: fix zclient crash when many peers reconnect after FRR restart (backport #21056)
- bgpd: flowspec foobar hardening (backport #21308)
- bgpd: fix import vrf on non existing vrf (backport)
- ospf6d: improve/harden packet processing (backport #21277)
- pceplib: validate during of_list TLV decoding (backport #21310)
- bgpd: Revalidate locally originated routes against RPKI changes (backport)
- bfdd: harden packet validation and reflector handling (backport #21105)
- pimd: fix crash due to double free (backport #21354)
- eigrpd: improve validation and error-handling in tlv parsing (backport #21316)
- bgpd: hardening backports 10.4
- bgpd: Do not allocate stream if route-refresh capability is not received (backport #21394)
- bgpd: Check dynamic capability action before validating ENHE capability (backport #21395)
- pimd: guard channel OIL detach against stale pointers (backport #21431)
- isisd: improve validation of flex-algo decoder (backport) (backport #21463)
- ospfd: add validation in several places before accessing message bodies (backport #21303)
- bgpd: Fix mixed remote-as for peer-groups when using auto (backport #21406)
- ospfd: add LSA validation in the apiserver path (backport #21536)
- bgpd: Don't mark nexthop as changed if a set next-hop unchanged is applied (backport #21445)
- eigrpd: enforce minimum TLV length in Hello handler (backport #21543)
- isisd: use correct min size values for srv6 subtlvs (backport #21540)
- eigrpd: reject invalid prefix mask len (backport #21539)
- bgpd: fix neighbor IP comparison for IPv6 memcmp return values (backport #21559)
- eigrpd: Handling for malformed update packets (10.4 version)
- eigrpd: fix byte order in Hello authentication decode (backport #21545)
- lib: Report IPv6 MTU and not IPv4 for if_update_state_mtu6 (backport #21501)
- bgp_evpn: fix memleak when configuring rd (backport #21566)
- isisd: consume leftover bytes after FAD sub-sub-TLV loop (backport #21544)
- nhrpd: stop debugging auth credentials (backport #21615)
- bgpd: honor 'no activate' for dynamic neighbors in peer-group (backport #21658)
- bgpd: Dynamic capability parsing fixes (backport #21603)
- isisd: Reject SRv6 Locator TLV with Loc-Size of zero (backport #21641)
Full Changelog: frr-10.4.3...frr-10.4.4
FRR Release 10.3.4
Debian Packages - https://deb.frrouting.org/
RPM Packages - https://rpm.frrouting.org/
Docker - quay.io/frrouting/frr
What's Changed
- Alpine Docker fix ups for 3.22 (backport #20004)
- bgpd: update source address for bgp neighbor (backport #20330)
- docker: Add missing
pytestpackage for Alpine as dependency (backport #20369) - bgpd: Use the default local-preference value and not 0 when adjusting (backport #20400)
- eigrpd: Prevent crash in packet handling (backport #20410)
- zebra: Fix memory leak when SRv6 explicit SID allocation fails (backport #20429)
- isisd: fix crash when changing isis type (backport #20171)
- zebra: Fix memory leak when SRv6 dynamic SID allocation fails (backport #20445)
- ospfd: fixed ospf nssa flush issue (backport #20428)
- zebra: EVPN check l3vni vxlan intf exist in rmac install (backport #20494)
- bgpd: Fix multipath decision when multipath is 1 (backport #20493)
- bgpd: reduce ibuf_work ring buffer size (backport #20554)
- zebra: fix crash on inactive VRF and import table (backport #20525)
- zebra: FRR restart leads to zebra mlag core (backport #20225)
- bgpd: Fix double-free crash in peer_delete() during doppelganger peer… (backport #20661)
- staticd: Fix SRv6 SID use-after-free on locator deletion (backport #20660 for 10.3)
- bgpd: fix md5 password unset on dynamic nbr (backport #20740)
- bgpd: Ignore transitiveness flag when checking type for link bandwidth (backport #20607)
- bgpd: EVPN MH fix unimport ES route on vtep change (backport #20730)
- Zebra fixup nhg handling from kernel (backport #20732)
- bgpd: validate incoming NOTIFICATION messages (backport #20796)
- Multiple local fix (backport #20798)
- bgpd: improve flowspec NLRI validation (backport #20814)
- zebra: EVPN fix access BD deref of mbr intf (backport #20791)
- doc: add some text regarding libyang versions (backport #20862)
- bgpd: Fix test for OPEN message with remote-as auto (backport #20963)
- ospfd: harden TE/SR TLV iteration against malformed lengths (backport #21002)
- bfdd: Fix wrong memory free when using ttable code (backport #21020)
- bgpd: fix off-by-one error in FlowSpec operator array bounds check (backport #21054)
- ospfd: fix sequence number check, avoid truncation ambiguity (backport #21096)
- ldpd: improve tlv validation in several places (backport #21118)
- isisd: fix edge condition in max_lsp_count computation (backport #21159)
- bgpd: Return 0 if AS4 capability is malformed (backport #21112)
- bgpd: Prevent heap use-after-free for tunnel encapsulation attribute (backport #21176)
- bgpd: improve packet parsing for EVPN and ENCAP/VNC (backport #21098)
- nhrpd: harden against malformed packets (backport #21097)
- vrrrpd: improve error handling in several paths (backport #21251)
- ripngd: fix data handling in several places (backport #21257)
- ospf6d: improve/harden packet processing (backport #21277)
- bgpd: Revalidate locally originated routes against RPKI changes (backport)
- lib: fix zclient crash when many peers reconnect after FRR restart (backport #21056)
- pceplib: validate during of_list TLV decoding (backport #21310)
- bgpd: Do not allocate stream if route-refresh capability is not received (backport #21394)
- bgpd: Check dynamic capability action before validating ENHE capability (backport #21395)
- bgpd: Don't mark nexthop as changed if a set next-hop unchanged is applied (backport #21445)
- ospfd: add LSA validation in the apiserver path (backport #21536)
- eigrpd: enforce minimum TLV length in Hello handler (backport #21543)
- lib: ignore gcc warning in 10.3 zlog lttng code
- eigrpd: reject invalid prefix mask len (10.3 backport)
- isisd: use correct min size values for srv6 subtlvs (backport #21540)
- ospfd: add validation in several places before accessing message bodies (backport #21303)
- bgpd: fix neighbor IP comparison for IPv6 memcmp return values (backport #21559)
- eigrpd: fix byte order in Hello authentication decode (backport #21545)
- bgpd: Dynamic capability parsing fixes (backport #21603)
- isisd: consume leftover bytes after FAD sub-sub-TLV loop (backport #21544)
- nhrpd: stop debugging auth credentials (backport #21615)
- isisd: Reject SRv6 Locator TLV with Loc-Size of zero (backport #21641)
Full Changelog: frr-10.3.3...frr-10.3.4
FRR Release 10.2.6
Debian Packages - https://deb.frrouting.org/
RPM Packages - https://rpm.frrouting.org/
Docker - quay.io/frrouting/frr
What's Changed
- Alpine Docker fix ups for 3.22 (backport #20004)
- docker: Add missing
pytestpackage for Alpine as dependency (backport #20369) - isisd: fix crash when changing isis type (backport #20171)
- zebra: Fix memory leak when SRv6 dynamic SID allocation fails (backport #20445)
- ospfd: fixed ospf nssa flush issue (backport #20428)
- zebra: EVPN check l3vni vxlan intf exist in rmac install (backport #20494)
- bgpd: Fix multipath decision when multipath is 1 (backport #20493)
- bgpd: reduce ibuf_work ring buffer size (backport #20554)
- zebra: fix crash on inactive VRF and import table (backport #20525)
- zebra: FRR restart leads to zebra mlag core (backport #20225)
- bgpd: Fix double-free crash in peer_delete() during doppelganger peer… (backport #20661)
- bgpd: fix md5 password unset on dynamic nbr (backport #20740)
- bgpd: validate incoming NOTIFICATION messages (backport #20796)
- bgpd: improve flowspec NLRI validation (backport #20814)
- zebra: EVPN fix access BD deref of mbr intf (backport #20791)
- bgpd: Fix test for OPEN message with remote-as auto (backport #20963)
- ospfd: harden TE/SR TLV iteration against malformed lengths (backport #21002)
- bgpd: fix off-by-one error in FlowSpec operator array bounds check (backport #21054)
- ospfd: fix sequence number check, avoid truncation ambiguity (backport #21096)
- ldpd: improve tlv validation in several places (backport #21118)
- isisd: fix edge condition in max_lsp_count computation (backport #21159)
- bgpd: Return 0 if AS4 capability is malformed (backport #21112)
- bgpd: Prevent heap use-after-free for tunnel encapsulation attribute (backport #21176)
- bgpd: improve packet parsing for EVPN and ENCAP/VNC (backport #21098)
- bgpd: fix NHT for explicit link-local BGP peers (backport #21188)
- nhrpd: harden against malformed packets (backport #21097)
- vrrrpd: improve error handling in several paths (backport #21251)
- ripngd: fix data handling in several places (backport #21257)
- ospf6d: improve/harden packet processing (backport #21277)
- bgpd: Do not allocate stream if route-refresh capability is not received (backport #21394)
- bgpd: Don't mark nexthop as changed if a set next-hop unchanged is applied (backport #21445)
- ospfd: add validation in several places before accessing message bodies (backport #21303)
- bgpd: fix neighbor IP comparison for IPv6 memcmp return values (backport #21559)
- eigrpd: fix byte order in Hello authentication decode (backport #21545)
- isisd: consume leftover bytes after FAD sub-sub-TLV loop (backport #21544)
- nhrpd: stop debugging auth credentials (backport #21615)
- isisd: Reject SRv6 Locator TLV with Loc-Size of zero (backport #21641)
- bgpd: Revalidate locally originated routes against RPKI changes (backport)
Full Changelog: frr-10.2.5...frr-10.2.6
FRR Release 10.1.5
Debian Packages - https://deb.frrouting.org/
RPM Packages - https://rpm.frrouting.org/
What's Changed
- bgpd: fix DEREF_OF_NULL.EX.COND in community_list_dup_check (backport #19325)
- bgpd: fix overflow when decoding zapi nexthop for srv6 max segments (backport #19324)
- bgpd: fix memory leak in evpn mh (backport #19334)
- bgpd: Fix default vrf check while configuring md5 password for prefix on the bgp listen socket (backport #19317)
- zebra: Explicitly print "exit" at the end of srv6 encap node config (backport #19409)
- bgpd: Fix crash due to dangling pointer in bnc nht_info (backport #19362)
- pim6d: don't SEGV on repeated MLD records (backport #19732)
- lib: mgmt_msg: fix bug with disconnect and event scheduling (backport #19994)
- isisd: fix crash when changing isis type (backport #20171)
- bgpd: reduce ibuf_work ring buffer size (backport #20554)
- zebra: FRR restart leads to zebra mlag core (backport #20225)
- bgpd: Fix double-free crash in peer_delete() during doppelganger peer… (backport #20661)
- bgpd: validate incoming NOTIFICATION messages (backport #20796)
- bgpd: improve flowspec NLRI validation (backport #20814)
- ospfd: harden TE/SR TLV iteration against malformed lengths (backport #21002)
- bgpd: fix off-by-one error in FlowSpec operator array bounds check (backport #21054)
- ldpd: improve tlv validation in several places (backport #21118)
- bgpd: Return 0 if AS4 capability is malformed (backport #21112)
- bgpd: improve packet parsing for EVPN and ENCAP/VNC (backport #21098)
- bgpd: fix neighbor IP comparison for IPv6 memcmp return values (backport #21559)
- eigrpd: fix byte order in Hello authentication decode (backport #21545)
- bgpd: Dynamic capability parsing fixes (backport #21603)
- isisd: consume leftover bytes after FAD sub-sub-TLV loop (backport #21544)
- isisd: Reject SRv6 Locator TLV with Loc-Size of zero (backport #21641)
Full Changelog: frr-10.1.4...frr-10.1.5
FRR Release 10.0.5
Debian Packages - https://deb.frrouting.org/
RPM Packages - https://rpm.frrouting.org/
What's Changed
- bgpd: fix DEREF_OF_NULL.EX.COND in community_list_dup_check (backport #19325)
- bgpd: fix overflow when decoding zapi nexthop for srv6 max segments (backport #19324)
- bgpd: fix memory leak in evpn mh (backport #19334)
- bgpd: Fix default vrf check while configuring md5 password for prefix on the bgp listen socket (backport #19317)
- zebra: Explicitly print "exit" at the end of srv6 encap node config (backport #19409)
- bgpd: Fix crash due to dangling pointer in bnc nht_info (backport #19362)
- lib: mgmt_msg: fix bug with disconnect and event scheduling (backport #19994)
- isisd: fix crash when changing isis type (backport #20171)
- bgpd: reduce ibuf_work ring buffer size (backport #20554)
- zebra: FRR restart leads to zebra mlag core (backport #20225)
- bgpd: Fix double-free crash in peer_delete() during doppelganger peer… (backport #20661)
- bgpd: validate incoming NOTIFICATION messages (backport #20796)
- bgpd: improve flowspec NLRI validation (backport #20814)
- ospfd: harden TE/SR TLV iteration against malformed lengths (backport #21002)
- bgpd: fix off-by-one error in FlowSpec operator array bounds check (backport #21054)
- ldpd: improve tlv validation in several places (backport #21118)
- bgpd: Return 0 if AS4 capability is malformed (backport #21112)
- bgpd: improve packet parsing for EVPN and ENCAP/VNC (backport #21098)
- bgpd: fix neighbor IP comparison for IPv6 memcmp return values (backport #21559)
- eigrpd: fix byte order in Hello authentication decode (backport #21545)
- isisd: consume leftover bytes after FAD sub-sub-TLV loop (backport #21544)
- isisd: Reject SRv6 Locator TLV with Loc-Size of zero (backport #21641)
Full Changelog: frr-10.0.4...frr-10.0.5
FRR Release 10.6.0
Debian Packages - https://deb.frrouting.org
RPM Packages - https://rpm.frrouting.org
Snaps - https://snapcraft.io/frr
Docker - quay.io/frrouting/frr
Release Overview
New Features Highlight
- LTTng traces for BFD
- Added support for LTTng tracing in BFD, enabling improved observability and debugging capabilities for BFD sessions.
- Extended weights for the next-hop
- Support for 16-bit next-hop weights has been added, aligning with capabilities introduced in Linux kernel v6.12.
FRRouting now supports extended weight values for improved ECMP distribution accuracy.
- Support for 16-bit next-hop weights has been added, aligning with capabilities introduced in Linux kernel v6.12.
- BGP ECMP by using Underlay Weights
- BGP now provides a configuration option to use underlay-computed weights for ECMP path selection.
Traditionally, BGP derives ECMP weights from extended community attributes. With this enhancement, operators may configure BGP to instead use underlay weights when calculating traffic distribution.
- BGP now provides a configuration option to use underlay-computed weights for ECMP path selection.
- BGP ECMP by using Next-next nodes (Next-hop dependent characteristic) count
- An additional ECMP weighting mode has been introduced based on next-hop dependent characteristics (e.g., next-next-hop node count).
- When
bgp bestpath bandwidth ignoreis enabled and next-hop characteristics are present, BGP uses the number of underlying next-next-hop paths to derive ECMP weights.
- BGP software version capability encoding changes
- Encoding has been updated to align with version 15 of draft-abraitis-bgp-version-capability. Starting with this revision:
The TLV length field is no longer explicitly encoded. The capability length field alone determines the encoding size. - A new command has been introduced
bgp default software-version-capability latest-encoding. This enables use of the updated encoding format.
- Encoding has been updated to align with version 15 of draft-abraitis-bgp-version-capability. Starting with this revision:
- BGP SRv6 unicast at the global (default) VRF
- Support has been added for global (default VRF) unicast routing over an SRv6 core:
- Global IPv4 over SRv6 Core (RFC 9252)
- Global IPv6 over SRv6 Core (RFC 9252)
- This enables SRv6-based transport for IPv4 and IPv6 services in the default routing table.
- Support has been added for global (default VRF) unicast routing over an SRv6 core:
- BGP IPv6 VTEP support
- Comprehensive IPv6 VTEP support has been added throughout the EVPN codebase. This enables EVPN deployments using IPv6 tunnel endpoints while maintaining full backward compatibility with IPv4 VTEPs.
- BGP multiple labels support for labeled unicast
- FRRouting now supports multiple MPLS labels in BGP Labeled Unicast.
- Previously: If multiple labels were received, only the bottom label was used.
- Now: Up to 10 labels are supported per prefix.
- This aligns with the maximum label stack depth defined in RFC 3017 and RFC 8277.
- FRRouting now supports multiple MPLS labels in BGP Labeled Unicast.
- BGP graceful restart for EVPN
- Graceful Restart capability has been extended to EVPN address families. This aligns EVPN behavior with existing graceful restart support for IPv4 and IPv6 unicast.
- Implement forwarding-address-self command for OSPFv2
- A new forwarding-address-self command has been implemented for OSPFv2. By default, when redistributing routes into OSPF, the forwarding address field is set based on the original next-hop. When forwarding-address-self is configured, the router sets the forwarding address field to its own address.
- This is particularly useful in multi-homed (ECMP) ASBR deployments where traffic must be directed explicitly to the redistributing router.
- PIM/PIMv6 filter support for IGMP/MLD joins
- Added support for filtering IGMP (IPv4) and MLD (IPv6) joins in PIM and PIMv6.
- libyang3 changes
- Binary packages are now built against libyang3 by default. Users requiring libyang2 may still recompile FRRouting with libyang2 support.
What's Changed
- ospfd: On cleanup, actually free vertexes by @donaldsharp in #19686
- tools: add nhrp support bundle by @Jafaral in #19674
- bgpd: Transfer through the return code by @donaldsharp in #19653
- bgpd, lib, pbrd: Use hash_lookup where appropriate by @donaldsharp in #19652
- eigrpd, ospfd, pimd: Fix usage of packed member unaligned by @donaldsharp in #19663
- Improve handling of vrf backend type by @donaldsharp in #19651
- Revert "ospfd: On cleanup, actually free vertexes" by @donaldsharp in #19691
- build: add warning for extra format args by @mjstapp in #19645
- tests: Corrected unidiomatic-typecheck by @ramapalleti in #19676
- lib, zebra: Add fib installed NH count in json show cmd by @raja-rajasekar in #19656
- bgpd: improve/clarify bgp static tables by @mjstapp in #19640
- tests: Ensure key exists for bgp_evpn_mh by @donaldsharp in #19697
- build: Add warning for address of packed member by @donaldsharp in #19690
- tests: fix memory leaks in
make checkfor ASAN run by @eqvinox in #19701 - ospfd: plug leaks in TI-LFA code by @eqvinox in #19700
- bgpd: display reset cause consistently in bgp_show_failed_summary() by @enkechen-panw in #19711
- Coverity low medium by @donaldsharp in #19627
- bgpd: ensure batch clearing flags are clear by @mjstapp in #19696
- Bgp evpn pass originator by @donaldsharp in #19492
- doc: Fix a bunch of the duplicate commands during build by @donaldsharp in #19703
- *: don't access invalid zapi route msg nexthops by @mjstapp in #19714
- eigrpd: Handling for malformed update packets by @ritika0313 in #19699
- zebra: Cleanup early route Q when removing routes. by @donaldsharp in #19338
- doc: Fix documentation regarding capability link-local by @ton31337 in #19713
- pim6d: don't SEGV on repeated MLD records by @eqvinox in #19732
- zebra: fix neighbor table name length by @kunkku in #18872
- bgpd: type-5 routes were sometimes being injected when they should not by @donaldsharp in #19731
- Allow Route Resolution via same prefix Cross VRF by @donaldsharp in #19718
- *: Support IPv6 VTEP for EVPN single-homing by @mjstapp in #19498
- zebra: Free early route objects after we done only by @ton31337 in #19746
- tests: Stop double run of a large number of commands by @donaldsharp in #19755
- Bgp curr to connection by @donaldsharp in #19753
- Weighted ECMP by using Next-Next Hop Nodes characteristic by @ton31337 in #19633
- gdb: Add a walk_bgp_table macro by @donaldsharp in #19728
- tests: correct one assert for ldp test by @anlancs in #19572
- ospf6d: Fix summary deletion dropping redistributed routes by @donaldsharp in #19733
- bgp_bmp: fix pullwr bump call by @lsang6WIND in #19744
- Items found via valgrind running and gcoverage by @donaldsharp in #19719
- lib,zebra: make nhg nexthop show output consistent by @mjstapp in #19762
- Coverity fix: unchecked return value by @aprathik04 in #19702
- pimd/pim6d: fix router-alert crash by @anlancs in #19757
- zebra: Initialize vtep_ip before passing to dplane_local_mac_add/del by @ton31337 in #19763
- zebra: include EVPN encap info with recursive nexthops by @mjstapp in #19720
- tests: Allow --with-timestamp-precision=X to actually work w/ make check by @donaldsharp in #19772
- lib: fix SA warnings re. typesafe _add return val by @eqvinox in #19771
- bgpd: Fix resource leak coverity by @aprathik04 in #19775
- lib: Remove unnecessary #includes by @jkoshy in #19777
- bgpd: EVPN fix auto derive rd when user cfg removed by @chiragshah6 in #19779
- Test speedups of long running tests by @donaldsharp in #19770
- bgpd: check the peer state when recording the down cause by @enkechen-panw in #19667
- bgpd: ensure evpn prefix locals are inited by @mjstapp in #19790
- zebra: EVPN fix alignment of access-vlan cli output by @chiragshah6 in #19795
- pim6d: drop mismatch report packets by @anlancs in #19198
- Cleanup
show debuggingand isisd, fabricd, bgpd and ospfd debug commands by @kaffarell in #19544 - isis: fix advertise-passive-only routes install by @hedrok in #19593
- zebra: Show prefix on failed lookup by @donald...
FRR Release 10.5.3
Debian Packages - https://deb.frrouting.org/
RPM Packages - https://rpm.frrouting.org/
Snaps - https://snapcraft.io/frr
Docker - quay.io/frrouting/frr
What's Changed
- pimd: When address change ensure DR changes too. (backport #20881) by @mergify[bot] in #20891
- lib/typesafe: guard skiplist level generation against ctz(0) UB (backport #20899) by @mergify[bot] in #20904
- bgpd: fix memory leak in cluster_intern() (backport #20913) by @mergify[bot] in #20919
- doc: add some text regarding libyang versions (backport #20862) by @mergify[bot] in #20924
- eigrpd: handle the gr neighbor list safely in update_receive (backport #20933) by @mergify[bot] in #20938
- nhrpd: fix packet and buffer handling errors (backport #20932) by @mergify[bot] in #20941
- bgpd: Fix test for OPEN message with remote-as auto (backport #20963) by @mergify[bot] in #20965
- bgpd: Add missing PEER_FLAG_SEND_NHC_ATTRIBUTE for update group flags (backport) by @ton31337 in #20972
- bgpd: check more during flowspec nlri parsing (backport #19909) by @mergify[bot] in #20982
- bgpd: Fix condition when evaluating paths (backport #20975) by @mergify[bot] in #20997
- ospfd: harden TE/SR TLV iteration against malformed lengths (backport #21002) by @mergify[bot] in #21013
- bfdd: Fix wrong memory free when using ttable code (backport #21020) by @mergify[bot] in #21022
- bgpd: fix off-by-one error in FlowSpec operator array bounds check (backport #21054) by @mergify[bot] in #21059
- lib: fix zclient crash when many peers reconnect after FRR restart (backport #21056) by @mergify[bot] in #21070
- lib: fix vty_is_closed() falsely reporting VTY_SHELL as closed (backport #21082) by @mergify[bot] in #21091
- bgpd: Check if the NHC length is enough to fill TLV value + TLV header (backport #21074) by @mergify[bot] in #21084
- ospfd: fix sequence number check, avoid truncation ambiguity (backport #21096) by @mergify[bot] in #21111
- nhrpd: Correct addrlen check in os_recvmsg() (backport #21100) by @mergify[bot] in #21120