summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2007-12-22[bgpd] Fix number of DoS security issues, restricted to configured peers.Paul Jakma
2007-12-22 Paul Jakma <paul.jakma@sun.com> * Fix series of vulnerabilities reported by "Mu Security Research Team", where bgpd can be made to crash by sending malformed packets - requires that bgpd be configured with a session to the peer. * bgp_attr.c: (bgp_attr_as4_path) aspath_parse may fail, only set the attribute flag indicating AS4_PATH if we actually managed to parse one. (bgp_attr_munge_as4_attrs) Assert was too general, it is possible to receive AS4_AGGREGATOR before AGGREGATOR. (bgp_attr_parse) Check that we have actually received the extra byte of header for Extended-Length attributes. * bgp_attr.h: Fix BGP_ATTR_MIN_LEN to account for the length byte. * bgp_open.c: (cap_minsizes) Fix size of CAPABILITY_CODE_RESTART, incorrect -2 left in place from a development version of as4-path patch. * bgp_packet.c: (bgp_route_refresh_receive) ORF length parameter needs to be properly sanity checked. * tests/bgp_capability_test.c: Test for empty capabilities.
2007-12-18+ fixed no_set_aspath_prepend() to correctly match existing "set" statementDenis Ovsienko
2007-11-21[bgpd] Fix typo in previous commit to bgp_main.cPaul Jakma
2007-11-13[bgpd] small fix for crash if 'listenon' argument is not givenPaul Jakma
2007-11-13 Paul Jakma <paul.jakma@sun.com> * bgp_main.c: Small fix, format string parameters should never be NULL - it's not strictly valid and some libc's don't let you away with.
2007-11-12+ fixed bug #418 (changing address on an existing interface doesn't cause ↵Denis Ovsienko
existing static routes to be revalidated)
2007-11-012007-10-30 Nick Hilliard <nick@inex.ie>Paul Jakma
* bgp_main.c: Add 'listenon' argument, to pass address to bind to. * bgp_network.c: (bgp_socket) Extend to take bind address. * bgpd.c: (bgp_init) Pass stored address. * bgpd.h: (struct bgp_master) storage for bind address 2007-11-01 Paul Jakma <paul.jakma@sun.com> * tools/multiple-bgpd.sh: New, quick script to launch a bunch of bgpds.
2007-10-24+ fix the bug reported by Milan Kocian (IPv6 route handling was broken by ↵Denis Ovsienko
the RIB debug changeset). after
2007-10-22[ospf6d] Fix removal of defunct ASBR routesPaul Jakma
2007-10-22 Phil Spagnolo <phillip.a.spagnolo@boeing.com> * ospf6_asbr.c: (ospf6_asbr_lsentry_remove) Remove shortcut of LSDB search - it's based on assumption non-BEST routes can't have ASBR routes, which appears to be wrong. Safest to search.
2007-10-22[snmp-smux] Fix problems if 'smux peer ...' is issued multiple timesPaul Jakma
2007-10-22 Lorenzo Colitti <lorenzo@colitti.com> * smux.c: (smux_stop) Avoid cancelling a defunct thread pointer (smux_start) Stop smux before trying to start it, possibly again.
2007-10-22[news] Fix top-line versionPaul Jakma
2007-10-18[tests] Forgot to commit ecommunity_tests.cPaul Jakma
2007-10-14[bgpd] Merge AS4 supportPaul Jakma
2007-10-14 Paul Jakma <paul.jakma@sun.com> * NEWS: Note that MRT dumps are now version 2 * (general) Merge in Juergen Kammer's AS4 patch. 2007-09-27 Paul Jakma <paul.jakma@sun.com> * bgp_aspath.c: (assegment_normalise) remove duplicates from from sets. (aspath_reconcile_as4) disregard a broken part of the RFC around error handling in path reconciliation. * aspath_test.c: Test dupe-weeding from sets. Test that reconciliation merges AS_PATH and AS4_PATH where former is shorter than latter. 2007-09-26 Paul Jakma <paul.jakma@sun.com> * aspath_test.c: Test AS4_PATH reconcilation where length of AS_PATH and AS4_PATH is same. 2007-09-25 Paul Jakma <paul.jakma@sun.com> * bgp_open.c: (peek_for_as4_capability) Fix to work. * bgp_packet.c: (bgp_open_receive) Fix sanity check of as4. * tests/bgp_capability_test.c: (general) Extend tests to validate peek_for_as4_capability. Add test of full OPEN Option block, with multiple capabilities, both as a series of Option, and a single option. Add some crap to beginning of stream, to prevent code depending on getp == 0. 2007-09-18 Paul Jakma <paul.jakma@sun.com> * bgp_open.c: (bgp_capability_as4) debug printf inline with others. (peek_for_as4_capability) There's no need to signal failure, as failure is better dealt with through full capability parser - just return the AS4, simpler. * bgp_packet.c: (bgp_open_receive) Update to match peek_for_as4_capability change. Allow use of BGP_AS_TRANS by 2b speakers. Use NOTIFY_OPEN_ERR rather than CEASE for OPEN parsing errors. (bgp_capability_msg_parse) missing argument to debug print (bgp_capability_receive) missing return values. * tests/bgp_capability_test.c: (parse_test) update for changes to peek_for_as4_capability 2007-07-25 Paul Jakma <paul.jakma@sun.com> * Remove 2-byte size macros, just make existing macros take argument to indicate which size to use. Adjust all users - typically they want '1'. * bgp_aspath.c: (aspath_has_as4) New, return 1 if there are any as4's in a path. (aspath_put) Return the number of bytes actually written, to fix the bug Juergen noted: Splitting of segments will change the number of bytes written from that already written to the AS_PATH header. (aspath_snmp_pathseg) Pass 2-byte flag to aspath_put. SNMP is still defined as 2b. (aspath_aggregate) fix latent bug. (aspath_reconcile_as4) AS_PATH+NEW_AS_PATH reconciliation function. (aspath_key_make) Hash the AS_PATH string, rather than just taking the addition of assegment ASes as the hash value, hopefully sligthly more collision resistant. (bgp_attr_munge_as4_attrs) Collide the NEW_ attributes together with the OLD 2-byte forms, code Juergen had in bgp_attr_parse but re-organised a bit. (bgp_attr_parse) Bunch of code from Juergen moves to previous function. (bgp_packet_attribute) Compact significantly by just /always/ using extended-length attr header. Fix bug Juergen noted, by using aspath_put's (new) returned size value for the attr header rather than the (guesstimate) of aspath_size() - the two could differ when aspath_put had to split large segments, unlikely this bug was ever hit in the 'wild'. (bgp_dump_routes_attr) Always use extended-len and use aspath_put return for header length. Output 4b ASN for AS_PATH and AGGREGATOR. * bgp_ecommunity.c: (ecommunity_{hash_make,cmp}) fix hash callback declarations to match prototypes. (ecommunity_gettoken) Updated for ECOMMUNITY_ENCODE_AS4, complete rewrite of Juergen's changes (no asdot support) * bgp_open.c: (bgp_capability_as4) New, does what it says on the tin. (peek_for_as4_capability) Rewritten to use streams and bgp_capability_as4. * bgp_packet.c: (bgp_open_send) minor edit checked (in the abstract at least) with Juergen. Changes are to be more accepting, e.g, allow AS_TRANS on a 2-byte session. * (general) Update all commands to use CMD_AS_RANGE. * bgp_vty.c: (bgp_clear) Fix return vals to use CMD_.. Remove stuff replicated by VTY_GET_LONG (bgp_clear_vty) Return bgp_clear directly to vty. * tests/aspath_test.c: Exercise 32bit parsing. Test reconcile function. * tests/ecommunity_test.c: New, test AS4 ecommunity changes, positive test only at this time, error cases not tested yet. 2007-07-25 Juergen Kammer <j.kammer@eurodata.de> * (general) AS4 support. * bgpd.h: as_t changes to 4-bytes. * bgp_aspath.h: Add BGP_AS4_MAX and BGP_AS_TRANS defines. * bgp_aspath.c: AS_VALUE_SIZE becomes 4-byte, AS16_VALUE_SIZE added for 2-byte. Add AS16 versions of length calc macros. (aspath_count_numas) New, count number of ASes. (aspath_has_as4) New, return 1 if there are any as4's in a path. (assegments_parse) Interpret assegment as 4 or 2 byte, according to how the caller instructs us, with a new argument. (aspath_parse) Add use32bit argument to pass to assegments_parse. Adjust all its callers to pass 1, unless otherwise noted. (assegment_data_put) Adjust to be able to write 2 or 4 byte AS, according to new use32bit argument. (aspath_put) Adjust to write 2 or 4. (aspath_gettoken) Use a long for passed in asno. * bgp_attr.c: (attr_str) Add BGP_ATTR_AS4_PATH and BGP_ATTR_AS4_AGGREGATOR. (bgp_attr_aspath) Call aspath_parse with right 2/4 arg, as determined by received-capability flag. (bgp_attr_aspath_check) New, code previously in attr_aspath but moved to new func so it can be run after NEW_AS_PATH reconciliation. (bgp_attr_as4_path) New, handle NEW_AS_PATH. (bgp_attr_aggregator) Adjust to cope with 2/4 byte ASes. (bgp_attr_as4_aggregator) New, read NEW_AGGREGATOR. (bgp_attr_parse) Add handoffs to previous parsers for the two new AS4 NEW_ attributes. Various checks added for NEW/OLD reconciliation. (bgp_packet_attribute) Support 2/4 for AS_PATH and AGGREGATOR, detect when NEW_ attrs need to be sent. * bgp_debug.{c,h}: Add 'debug bgp as4'. * bgp_dump.c: MRTv2 support, unconditionally enabled, which supports AS4. Based on patches from Erik (RIPE?). * bgp_ecommunity.c: (ecommunity_ecom2str) ECOMMUNITY_ENCODE_AS4 support. * bgp_open.c: (peek_for_as4_capability) New, peek for AS4 capability prior to full capability parsing, so we know which ASN to use for struct peer lookup. (bgp_open_capability) Always send AS4 capability. * bgp_packet.c: (bgp_open_send) AS4 handling for AS field (bgp_open_receive) Peek for AS4 capability first, and figure out which AS to believe. * bgp_vty.c: (bgp_show_peer) Print AS4 cap * tests/aspath_test.c: Support asn32 changes, call aspath_parse with 16 bit. * vtysh/extract.pl: AS4 compatibility for router bgp ASNUMBER * vtysh/extract.pl.in: AS4 compatibility for router bgp ASNUMBER * vtysh/vtysh.c: AS4 compatibility for router bgp ASNUMBER
2007-10-04+ pidfiles are now always created with 0644 perms instead if LOGFILE_MASK (0600)Denis Ovsienko
2007-10-04+ rib_process() speedup for multi-nexthop route nodesDenis Ovsienko
2007-10-03+ Minor bugfix: IPv6 prefixes were logged incorrectly in RIB debugging ↵Denis Ovsienko
calls. Fixed.
2007-09-18[privs/Solaris] Quagga should work in zones with IP instancesPaul Jakma
2007-09-18 Paul Jakma <paul.jakma@sun.com> * privs.c: definition of ZCAP_NET_ADMIN on Solaris should be PRIV_SYS_IP_CONFIG, when that's available. Thus allowing Quagga to work with in Solaris zones with exclusive IP instances.
2007-09-18[bgpd] Fix typo, which prevented advertisement of MP (non-IPv4) prefixesPaul Jakma
2007-09-17 Paul Jakma <paul.jakma@sun.com> * bgp_open.c: (bgp_capability_mp) We were setting afc_nego[safi][safi] rather than afc_nego[afi][safi], thus failling to announce any non-IPv4 prefixes. Remove the extra, typo-ed character. * bgp_capability_test.c: Test that peer's adv_recv and adv_nego get set correctly for MP capability and given AFI/SAFI. Colour OK/failed result so it's easier to find them.
2007-09-18+ fix missing arg to zlog_warn()Denis Ovsienko
2007-09-18+ fix minor regression in OSPF sending buffer adjustment logicDenis Ovsienko
2007-09-14+ sayonara old_pid!Denis Ovsienko
2007-09-14+ fixed bug #402: now the second zebra process doesn't destroy routesDenis Ovsienko
of the first one before dying + we are not going to receive routing messages originated by old_pid, because rib_sweep_route() is called after damon() now. This will allow to drop old_pid completely soon.
2007-09-14Switch from LOOKUP() to lookup() for rtm_type (see bug #401 for details).Denis Ovsienko
2007-09-12* rt_socket.c: (kernel_rtm_ipv4) prefix_buf could be passedDenis Ovsienko
to zlog_err() uninitialized with debug disabled. Fixed.
2007-09-07[release] bump to 0.99.9Paul Jakma
2007-09-07 Paul Jakma <paul.jakma@sun.com> * configure.ac: Bump version to 0.99.9
2007-09-07[bgpd] low-impact DoS: crash on malformed community with debug setPaul Jakma
2007-09-07 Paul Jakma <paul.jakma@sun.com> * (general) bgpd can be made crash by remote peers if debug bgp updates is set, due to NULL pointer dereference. Reported by "Mu Security Research Team", <security@musecurity.com>. * bgp_attr.c: (bgp_attr_community) If community length is 0, don't set the community-present attribute bit, just return early. * bgp_debug.c: (community_str,community_com2str) Check com pointer before dereferencing.
2007-09-06+ fixed bug #400: adjusted rtread_sysctl.c:route_read()Denis Ovsienko
2007-08-30[bgpd] bug #398 Bogus free on out route-map, and assert() with rsclientsPaul Jakma
2007-08-27 Paul Jakma <paul.jakma@sun.com> * bgp_route.c: (bgp_announce_check) Fix bug #398, slight modification of Vladimir Ivanov's suggested fix - to keep memory alloc conditional. (bgp_process_announce_selected) Don't take struct attr as argument, none of the callers need it and it needlessly distances allocation from use. Free the extended attr, the attr itself is on the stack. Fix bad indentation. * bgp_attr.c: (bgp_packet_attribute) Remove incorrect assert, and adjust conditional to test attr->extra, diagnosis by Vladimir Ivanov in bug #398. 2007-08-27 Vladimir Ivanov <wawa@yandex-team.ru> * bgp_route.c: (bgp_announce_check_rsclient) copy of ri->attr is no longer deep enough, due to addition of attr->extra. It should use bgp_attr_dup, as bgp_announce_check() does.
2007-08-23[bgpd] Pass NOSUB to regexecPaul Jakma
2007-08-23 Paul Jakma <paul.jakma@sun.com> * bgp_regex.c: (bgp_regcomp) Pass NOSUB flag to regcomp to prevent parsing of substitutions, which can have profound performance effects on bgpd and are of no use to the CLI anyway. How much it helps depends on the regex implementation.
2007-08-21Bug #362 is fixed now.Denis Ovsienko
2007-08-21Looks like bug #320 is finally fixed now.Denis Ovsienko
2007-08-21Fixed ioctl_solaris.c:if_get_mtu() for IPv6'less operationDenis Ovsienko
2007-08-17Fixed bug #394 "RTF_DONE is ignored in rtm_read()"Denis Ovsienko
2007-08-14Merged own patch for bug #390 (rewrite ↵Denis Ovsienko
zebra/zebra_rib.c:nexthop_active_update())
2007-08-13Merged own patch for the bug #391 (debugging and comments mostly).Denis Ovsienko
2007-08-10Use the proper field length for the peer's address (netlink_interface_addr)vize
2007-08-08[tests] Add bgp_capability_test.c, should have been part of earlier commitPaul Jakma
2007-08-08[isisd] Commit new files which should have been part of previous commit..Paul Jakma
2007-08-07[isisd] Add support for Solaris DLPIPaul Jakma
2007-08-07 James Carlson <james.d.carlson@sun.com> * configure.ac: Added support for separate link-layer access mechanisms in isisd. * isis_network.c: split up into isis_bpf.c, isis_dlpi.c, and isis_pfpacket.c, selected by autoconf, and added DLPI support. * (general) Fixed to allow compilation and use on Solaris.
2007-08-07[ospfd] Finish explanatory comment started in previous commit..Paul Jakma
2007-08-07 Paul Jakma <paul.jakma@sun.com> * ospf_spf.c: (ospf_spf_next) Finish off the explanatory comment made in previous commit
2007-08-06[zebra] Add extra debug logging for RIB and RIB queueingPaul Jakma
2007-08-06 Denis Ovsienko * zebra_rib.c: (general) Add extra debug logging for RIB and RIB queue.
2007-08-06[ospfd] Fix bad SPF calculation on some topologies - incorrect sortingPaul Jakma
2007-08-07 Atis Elsts <atis@mikrotik.com> * ospf_spf.c: (ospf_spf_next) Sort heap in correct direction after vertex cost is changed, thus fixing incorrect SPF calculation on certain topologies. * lib/pqueue.{c,h}: Export trickle_up
2007-08-06Fix last commit - add back in closing paren which was apparentlyGreg Troxel
uninentionally deleted along with a test.
2007-08-06[ospfd] Bug #331, NSSA ASBR regression - failure to set E-bit in NSSA areasPaul Jakma
2007-08-06 Paul Jakma <paul.jakma@sun.com> * ospf_lsa.c: (router_lsa_flags) Bug #331, NSSA regression caused caused ASBRs to not advertise E-bit into NSSA areas.
2007-08-06[bgpd] Add support for AS_PATHLIMIT / draft-ietf-idr-as-pathlimitPaul Jakma
2007-07-31 Paul Jakma <paul.jakma@sun.com> * (general) Support for draft-ietf-idr-as-pathlimit-03. * bgp_attr.h: (struct attr) Add pathlimit struct bgp_attr.c: (attr_str) Add BGP_ATTR_AS_PATHLIMIT string. (attrhash_key_make) tally pathlimit too (attrhash_cmp) cmp pathlimit attr (bgp_attr_aspathlimit) New, parse AS_PATHLIMIT attr. (bgp_attr_parse) ditto (bgp_packet_attribute) Write out AS_PATHLIMIT when set (bgp_dump_routes_attr) ditto * bgp_route.h: (struct bgp_static) Add TTL field * bgp_route.c: (bgp_announce_check) Drop paths that are over their hop-count TTL before sending via EBGP. Mangle ASN in pathlimit for confeds/private as best we can. (bgp_static_update_{rsclient,main}) Add any configure pathlimit information. (bgp_pathlimit_update_parents) New, update atomic-aggr setting for parents of an aspathlimit'ed static. (bgp_static_set) Add TTL argument, for all the 'bgp network' commands. Call previous for TTL changed statics. (bgp_static_unset) Call pathlimit_update_parents. (various bgp network commands) Add 'pathlimit <0-255>' qualifier to all the various forms, bar route-map - which can set ttl itself. * bgp_routemap.c: (general) Add support for 'set pathlimit ttl' and 'match pathlimit as'. * doc/bgpd.texi: Document 'network ... pathlimit <ttl>'
2007-08-06[bgpd] cleanup, compact and consolidate capability parsing codePaul Jakma
2007-07-26 Paul Jakma <paul.jakma@sun.com> * (general) Clean up and compact capability parsing slightly. Consolidate validation of length and logging of generic TLV, and memcpy of capability data, thus removing such from cap specifc code (not always present or correct). * bgp_open.h: Add structures for the generic capability TLV header and for the data formats of the various specific capabilities we support. Hence remove the badly named, or else misdefined, struct capability. * bgp_open.c: (bgp_capability_vty_out) Use struct capability_mp_data. Do the length checks *before* memcpy()'ing based on that length (stored capability - should have been validated anyway on input, but..). (bgp_afi_safi_valid_indices) new function to validate (afi,safi) which is about to be used as index into arrays, consolidates several instances of same, at least one of which appeared to be incomplete.. (bgp_capability_mp) Much condensed. (bgp_capability_orf_entry) New, process one ORF entry (bgp_capability_orf) Condensed. Fixed to process all ORF entries. (bgp_capability_restart) Condensed, and fixed to use a cap-specific type, rather than abusing capability_mp. (struct message capcode_str) added to aid generic logging. (size_t cap_minsizes[]) added to aid generic validation of capability length field. (bgp_capability_parse) Generic logging and validation of TLV consolidated here. Code compacted as much as possible. * bgp_packet.c: (bgp_open_receive) Capability parsers now use streams, so no more need here to manually fudge the input stream getp. (bgp_capability_msg_parse) use struct capability_mp_data. Validate lengths /before/ memcpy. Use bgp_afi_safi_valid_indices. (bgp_capability_receive) Exported for use by test harness. * bgp_vty.c: (bgp_show_summary) fix conversion warning (bgp_show_peer) ditto * bgp_debug.h: Fix storage 'extern' after type 'const'. * lib/log.c: (mes_lookup) warning about code not being in same-number array slot should be debug, not warning. E.g. BGP has several discontigious number spaces, allocating from different parts of a space is not uncommon (e.g. IANA assigned versus vendor-assigned code points in some number space).
2007-08-02Add comment questioning part of previous change (Denis?).Greg Troxel
Fix indentation to match accumulated changes.
2007-08-02Bugzilla #384.Greg Troxel
2007-08-02 Denis Ovsienko * rt_socket.c (kernel_rtm_ipv4): Only call rtm_write when changes are intended. Don't set FIB flag on failed additions (such as occur with multiple paths. http://bugzilla.quagga.net/attachment.cgi?id=235&action=view
2007-08-02disable gmake workaround now that solaris directory is not built byGreg Troxel
default
2007-08-02note the use of GNU make extensions.Greg Troxel
2007-08-02Add --enable-solaris to descend into solaris-specific build directory.Greg Troxel
While it doesn't take a long time to build, this is currently the only thing in the tree that doesn't work with BSD make, and there's no reason to build solaris package control files on other systems.