summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2013-02-23bgpd: fix lost passwords of grouped neighborsRoman Hoog Antink
This patch resolves the significance of order of group and password statements. It prevents passwords from being lost in cases where all three conditions apply: 1. the peer is member of a group with or without group password 2. the peer has an individual password set 3. the peer is added to a group within an address-family ipv6 section In addition this patch prevents the same issue in cases, where an IPv4 peer's password is set first and the peer is added to a group afterwards. Adding a peer to a group cancels his individual password. Without ipv6 this is not a problem, because choosing the right order of config statements will do (set password only after adding peer to group). When adding the peer to a group within the address-family section, his password is definitely lost. The same workaround (ie. setting the password after the address-family section) can not be used, because "show run" will print the configuration statements in the wrong order. Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-02-23zebra: use SO_RCVBUFFORCE for netlink socketUlrich Weber
so net.core.rmem_max must not be adjusted. Requires linux kernel >= 2.6.14, falls back to SO_RCVBUF on error Signed-off-by: Ulrich Weber <ulrich.weber@sophos.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-02-10release: 0.99.22David Lamparter
2013-02-09build: fix "pragma weak" mixupsDavid Lamparter
Not only was there a minor typo in the "pragma weak" preprocessor checks, but also were the tests not behaving as needed - they only indicated support for the /first/ method of implementing weak aliases, which on Linux is __attribute__ and not #pragma. * m4/ax_sys_weak_alias.m4: set defines for _all_ weak alias methods * zebra/kernel_null.c: fix typo Cc: Doug VanLeuven <roamdad@sonic.net> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-02-01doc: update some introduction paragraphsDavid Lamparter
in particular, - add IS-IS to some listings - list Solaris & OSX as "some work required" - remove OS version numbers. We have no base to specify any of them. - list supported C compilers (gcc, clang, icc) - cut the Quagga 2.0 stuff that promises QoS and firewall functionality
2013-02-01doc: update NEWS for 0.99.22 changesDavid Lamparter
2013-02-01bgpd: fix crash in soft-reconfigurationChristian Franke
Commit 8692c50652 introduced a bug where bgpd would crash on soft-reconfiguration. This happens e.g. when there are filtered unicast routes because rn->info is NULL in that case, which the code did not account for. Reported-by: Paweł Staszewski <pstaszewski@itcare.pl> Signed-off-by: Christian Franke <chris@opensourcerouting.org> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-02-01tests: fix missing init in bgp_mp_attr_test.cDavid Lamparter
turns out, bgp_mp_reach_parse really doesn't like getting garbage attribute input. In particular, attr->extra better be NULL or we merrily go trample random places (like our stack). Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-02-01tests: update & extend AS_PATH testsDavid Lamparter
NB: these tests test for current implementation state, not for RFC conformance. In particular, behaviour with confederations in AS4_PATH as well as reconcilation of short AS_PATH + AS4_PATH is currently NOT conforming to RFC 4893/6793. * tests/aspath_test.c: add capability to put both AS4_PATH & AS_PATH, add test for AS4_PATH w/o AS_PATH, update confederation test Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-02-01bgpd: relax ORF capability length handlingDavid Lamparter
commit fe9bb64... "bgpd: CVE-2012-1820, DoS in bgp_capability_orf()" made the length test in bgp_capability_orf_entry() stricter and is now causing us to refuse (with CEASE) ORF capabilites carrying any excess data. This does not conform to the robustness principle as laid out by RFC1122 ("be liberal in what you accept"). Even worse, RFC5291 is quite unclear on how to use the ORF capability with multiple AFI/SAFIs. It can be interpreted as either "use one instance, stuff everything in" but also as "use multiple instances". So, if not for applying robustness, we end up clearing sessions from implementations going by the former interpretation. (or if anyone dares add a byte of padding...) Cc: Denis Ovsienko <infrastation@yandex.ru> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-02-01bgpd: don't try to reconcile AS4_PATH with NULLDavid Lamparter
bgp_attr_munge_as4_attrs would previously try to reintegrate an AS4_PATH with a NULL AS_PATH, leading to a rather nasty SEGV. Let's go by RFC6793 and treat missing AS_PATH as 0-length AS_PATH, which in turn means discarding the AS4_PATH. [NB: we don't actually stick to the actual rule, which is discarding AS4_PATH if it's longer than AS_PATH; indeed we should probably fix that too] Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-01-16build: Quagga 0.99.22-rc1David Lamparter
this is not a full release version, so neither release notes nor documentation are updated yet. Also, signing the tag with my private GPG key instead of the Quagga one.
2013-01-16bgpd: conditional default-originate using route-mapChristian Franke
Incorporate a patch by Svetozar Mihailov which implements default-originate route-maps to behave as expected, i.e. allowing the default route to be advertised conditionally, depending on a criterion given by the route-map. I am aware that the performance attributes of the following implementation are far from optimal. However, this affects only code paths belonging to a feature that is broken without this patch, therefore, it seems reasonable to me to have this in the mainline for now. Cc: Svetozar Mihailov <quagga@j.zarhi.com> Reported-by: Sébastien Cramatte <scramatte@gmail.com> Signed-off-by: Christian Franke <chris@opensourcerouting.org> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-01-16bgpd: uncork/nagle socket when sending BGP NOTIFYLeonid Rosenboim
This pushes out the NOTIFY message before closing a connection. Previously, the TCP_CORK bandwidth optimization code caused NOTIFY messages to disappear prior to when the connection is closed. * bgpd/bgp_packet.c: unset CORK, set NODELAY, and replace writen() by more correct write() Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-01-16Revert "bgpd: flock() dump files (BZ#742)"David Lamparter
This reverts commit b07458a055493dd37cb955ae90f11ae8bc334d3a. On second thought, the right way to do this is with rename(), not by introducing a lock that can potentially even stall bgpd. Reported-by: Christian Franke <chris@opensourcerouting.org> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-01-16zebra: fix sockaddr_dl length assumptions (BZ#737)David Lamparter
Quagga makes bad assumptions about sockaddr_dl (on NetBSD, but possibly on other systems as well). Particularly, sizeof(struct sockaddr_dl) returns a size that does not include the full sdl_data field, leading to not enough data being copied. This breaks IPv6 RAs in particular, as a broken mac address from sockaddr_dl will be included in the packets. From: Matthias-Christian Ott <ott@mirix.org> Tested-by: Uwe Toenjes <6bone@6bone.informatik.uni-leipzig.de> [further simplified + more comments] Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-01-16build: update .gitignore for all test programsLeonid Rosenboim
2013-01-15build: add buildtest.sh scriptDavid Lamparter
This script compiles Quagga in a variety of configurations and optionally with LLVM and ICC (if those are installed). Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-01-15build: Fix build on MacOSX 10.8 (Mountain Lion)Hasso Tepper
Newer MacOSX versions have support for both IPv6 advanced socket API RFCs (2292 and 3542) switchable in compile time, but neither of these is default for some strange reason. RFC3542 will be default in future, but for now we have to declare that we want to use the RFC3542 API before including <netinet/in.h>. Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-01-15build: Remove deprecated AM_CONFIG_HEADERHasso Tepper
AM_CONFIG_HEADER has been deprecated for many years and is removed completely from automake 1.13. Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-01-15bgpd: uncork after each writeStephen Hemminger
Keep data flowing, uncork after each BGP_WRITE_PACKET_MAX. This makes TCP send data sooner, since thread may not be scheduled again for a a longish time because of new UPDATE's coming in. Signed-off-by: Stephen Hemminger <shemminger@vyatta.org> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-01-15bgpd: use recent monotonic time for readtimeStephen Hemminger
The readtime value is for diagnostic, and doesn't have to be highly accurate. This also fixes a problem where the readtime was being measured with system clock, but the peer_uptime() was comparing with bgp_clock. Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-01-15configure: allow building without getrusageStephen Hemminger
Measuring the resource usage of threads is moderately expensive since it requires doing an additional system call everytime a thread context switches. Make it possible to disable this with a configuration option. Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-01-15bgpd: mark route nodes scheduled into work queueStephen Hemminger
The flag bit BGP_NODE_PROCESS_SCHEDULED is checked but never set. This causes route node to be scheduled multiple times under load. Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-01-15bgpd: improve logging of invalid BGP NotificationsLeonid Rosenboim
Invalid BGP Notification messages should be logged locally, cf. RFC4271, Sect. 6.4, p 34, NOTIFICATION Message Error Handling Current notification for invalid Notification code: 2012/10/10 02:17:54 BGP: message index 10 not found in bgp_notify_msg (max is 8) 2012/10/10 02:17:54 BGP: 192.168.1.1 received NOTIFICATION 10/0 ((no item found)) 0 bytes the logging should be a bit more clear. The above logging really doesn't explain much and looks more like a programming error. [rewrote most of it to get in something I can call a shape -David] Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-01-14bgpd: fix error response to invalid BGP version numberLeonid Rosenboim
BGP4-ANVL 20.1 ANVL tries to open BGP with version 5 and expects correct notification in response. Quagga sends notification, but with incorrect information in it. The data needs to be a 2-byte value, and for now we respond with 0004 for any peer version other than 4. Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-01-14bgpd: fix a bug in bgp_attr_dupChristian Franke
Commit 558d1fec11749d3257e improved bgp_attr_dup so it would be possible for the caller to provide attr_extra, allowing to use the stack instead of the heap for operations requiring only a short lived attr. However, this commit introduced a bug where bgp_attr_dup wouldn't copy attr_extra at all (but provide a reference to the original) if the caller provided attr_extra. Cc: Jorge Boncompte [DTI2] <jorge@dti2.net> Signed-off-by: Christian Franke <chris@opensourcerouting.org> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-01-14bgpd: fix a memleak on "set community none"Christian Franke
Signed-off-by: Christian Franke <chris@opensourcerouting.org> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-01-14zebra: don't overrun afi/safi array boundariesLeonid Rosenboim
zebra was not checking afi/safi values. This was leading to crashes where these values were coming directly from some protocol's on-wire fields. Safeguarding them in zebra is a good start. Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-01-14bgpd: store "no neighbor activate" for IPv4 unicastChristian Franke
If a neighbor was in a peer group for any AFI/SAFI, bgpd would never write a "no neighbor activate" line for IPv4 unicast, so a valid setup like following could be configured, but not saved: router bgp 64600 bgp router-id 198.51.100.1 network 198.51.100.0/24 neighbor peers peer-group neighbor 2001:db8::2 remote-as 64601 no neighbor 2001:db8::2 activate ! address-family ipv6 network 2001:db8:1::/48 neighbor peers activate neighbor peers soft-reconfiguration inbound neighbor 2001:db8::2 peer-group peers exit-address-family ! Signed-off-by: Christian Franke <chris@opensourcerouting.org> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-01-14bgpd: avoid heap fragmentation in bgp_clear_route_tableJorge Boncompte [DTI2]
In bgp_clear_route_table, moved cleanup code before the allocation of the work queue items. This returns the memory to the system allocator before allocating new and might therefore help avoiding heap fragmentation. * bgp_route.c: (bgp_clear_route_table) moved code blocks. Signed-off-by: Jorge Boncompte [DTI2] <jorge@dti2.net> Reviewed-by: Leonid Rosenboim <Leonid.Rosenboim@windriver.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-01-14bgpd: fix for leaked struct bgp_adj_[in|out] on peer shutdownJorge Boncompte [DTI2]
If a peer with soft-reconfiguration configured is cleared, the function bgp_clear_route_table() doesn't free the bgp_adj_in and bgp_adj_out structures of route nodes that for some reason, ej. denied by a filter, don't have routes attached "rn->info == NULL". Signed-off-by: Jorge Boncompte [DTI2] <jorge@dti2.net> Reviewed-by: Leonid Rosenboim <Leonid.Rosenboim@windriver.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-01-11lib: remove ALL_LIST_ELEMENTS dead code branchDavid Lamparter
ALL_LIST_ELEMENTS is checking node == NULL twice, which is causing a whole slew of false positives in Coverity. In this particular case, addressing this in the code is reasonable; being a macro, this appears all over the place without easy remedy. Acked-by: Scott Feldman <sfeldma@cumulusnetworks.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-01-11zebra: fix netlink NL_PKT_BUF_SIZE高鹏
Change default value of variable NL_PKT_BUF_SIZE to 8192UL. Cf. NLMSG_GOODSIZE definition of linux in include/linux/netlink.h for detail. Previously, on platforms with a page size greater than 8192, if you had added too many interfaces, zebra would not have enough buffer space to get the entire interface list. This resulted in an incomplete interface list. From: 高鹏 <gpstrive@gmail.com> [updated to apply after FPM patches] Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-01-11build: Fix build for systems with no /bin/trueHasso Tepper
There are systems with no /bin/true - it might have different path (/usr/bin/true) or even a shell builtin. Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-01-11build: MacOSX needs BSD struct ip_mreq hack tooHasso Tepper
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-01-11testzebra: pragma weak: detect systems with weak alias and provide alternativeDoug VanLeuven
LLVM clang does not support #pragma weak (bug 3679) on OS X. There are other systems where the #pragma weak has varying syntax. Added m4 file from the autoconf archives: http://www.gnu.org/software/autoconf-archive/ax_sys_weak_alias.html Fix up zebra/*_null.c files to use #pragma weak alias or stub functions if not available. It's incomplete in that the different format #pragma enable easier fixes on need. Tested on 64bit OS X 10.7, FreeBSD 9.0 amd64 & i386 (32bit) using gcc & clang. Tested on linux 64bit. Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-01-11Merge remote-tracking branch 'savannah/sf/ospfd'David Lamparter
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-01-07ospfd: Remove dup MaxAge LSA floodDinesh G Dutt
Stop additional, unnecessary flooding of MaxAge LSAs. When a MaxAge LSA is installed, if the LSA is prematurely aged or the LSA is not self-originated, the LSA is flushed. This results in a the LSA being flooded a second time and in some cases flooded back to the receiver (unless the receiver is also the advertising router). A MaxAge'd LSA has already been flooded in ospf_flood() as part of the LSA receive processing (ospf_ls_upd). A self-originated LSA will be flooded from the originate/refresh routine. Thus, in the install routine, a MaxAge'd LSA only needs to be added to the MaxAge LSA list. Signed-off-by: Dinesh G Dutt <ddutt@cumulusnetworks.com> Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
2013-01-07ospfd: Corrected ospfd Type-4/Type-5 ls update handlingVishal Kumar
This fix is for Type-4 LS updates handling at a ABR router where ospf daemon is not distributing Type-4 LS updates with correct LS-Age after learning about a ASBR router in a ospf network. Because of this Type-5 LS updates are not learnt in ospf network. Testing Scenario: This can be re-produced by restarting the ospfd daemon on DUT (mentioned in figure below)before the Hello time interval expires for area 0.0.0.1. ____ _______ ____ _________ | | area: 0.0.0.1 | | area: 0.0.0.0 | | area: 0.0.0.2 | | | R1 |---------------------|DUT/ABR|---------------------| R2 |------------------| R3/ASBR | |____| x.x.x.0/24 |_______| y.y.y.0/64 |____| z.z.z.0/24 |_________| In the above setup when ospfd is restarted (imp:before the Hello interval at R1 expires) and DUT learns about ASBR router R3 (Type-4) in the network from R2, but this ls-update is not propagates in area 0.0.0.1. So R1 never comes to know about the ASBR router in the network, so all the type-5 LS updates coming from R3 are not learnt by R1. Further if we again restart ospfd daemon it starts working fine. With the fix given this issue can be resolved. More Discussion on this is available at: http://www.gossamer-threads.com/lists/quagga/dev/23892 Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
2013-01-07ospfd: compile warning cleanupsAndrew Certain
A set of patches to clarify some comments as well as cleanup code that was causing warnings. After these patches, the code can be compiled with -Wall -Wsign-compare -Wpointer-arith -Wbad-function-cast -Wwrite-strings -Wmissing-prototypes -Wmissing-declarations -Wchar-subscripts -Wcast-qual -Wextra -Wno-unused-parameter -Wno-missing-field-initializers (what is current in trunk plus -Wextra -Wno-unused-parameter -Wno-missing-field-initializers). Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
2013-01-07ospfd: Update nsm_change_state to static scope, as it is not called from ↵Andrew Certain
elsewhere Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
2013-01-07ospfd: Changed TE instance check to remove -Wtype-limits warningAndrew Certain
Since LEGAL_TE_INSTANCE_RANGE() was being passed an unsigned int, a warning was being thrown due to the compare against >= 0. Since this macro was used only in one place, I removed the macro for an explict compare against a constant for the MAX. Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
2013-01-07lib: Changes to VTY string-parsing macros to remove warningsAndrew Certain
The VTY_GET_INTEGER_RANGE macro was being used also just to check the range on a variable that wasn't used (for the "no" version of a VTY command), so I split the macro into two. Also, since the variable is unsigned, if MIN is zero, you get a warning about comparing an unsigned number against 0, giving rise to slightly convoluted logic. Note that the previous two patches were found by the -Wtype-limits and -Wunused-variables warnings. Without the changes to these macros, these warnings are triggered erroneously, making it harder to find the real problems. Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
2013-01-07ospfd: Update comments to be more clear in packet processingAndrew Certain
Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
2013-01-07ospfd: Fixed signed/unsigned masking of negative metricsAndrew Certain
In the original code, negative metrics would be converted successfully by atoi() and then converted to an unsigned int that would always compare successfully against >= 0, leaving a large positive metric in the route map. Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
2013-01-07ospfd: Fixed typo bug in ospf_vty.h:ospf_neighborAndrew Certain
Typo bug. ospf_nbr_nbma_poll_interval_set() was being sent priority instead of interval. Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
2013-01-07ospfd: fix argument parsing for distribute-listChristian Franke
Use the correct argument for the protocol lookup in ospf distribute-list commands. Signed-off-by: Christian Franke <chris@opensourcerouting.org> Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
2013-01-07ospf: fix apiserver enableDavid Lamparter
The ospf_apiserver_enable flag was being cleared _after_ the "-a" command-line option set it to 1. Move up the initialisation, so enabling the OSPF API is actually possible. Reported-by: Rosario Mattera <rosmattera@gmail.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org> Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
2013-01-07ospf: Fix type-4 network mask to 0 per RFCLeonard Tracy
The OSPF RFC (2328) states that the network mask field of a type 4 LSA "is not meaningful and must be zero". OSPFD has been setting the mask as /32. This patch changes OSPFD to set the mask to 0 per the RFC Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>