Age | Commit message (Collapse) | Author |
|
This reverts commit 2c9fd7e07283b8904ef20030c9dadb032e999b12.
|
|
* doc/Makefile.am: pdf target needs to depend on all the input files.
|
|
|
|
* bgp_attr.c: (attrhash_key_make) 98e30f should have changed jhash2 to jhash.
These kinds of merge errors would be reduced and life would be easier if
people would submit fully-formed fixes that could be chucked directly into
git-am.
|
|
* bgpd.h: Add error code for setting GTSM on iBGP
* bgpd.c: (peer_ttl_security_hops_set) use previous error code and signal
incompatibility of GTSM+iBGP to vty.
Consider the session state when setting GTSM, and reset Open/Active peers
to let them pick up new TTL from start.
|
|
In deciding whether to default ospfapi to on or off, use the same rule
for opaque-lsa as earlier: != no rather than = yes, so that not having
set it implies yes.
|
|
* sockunion.c: (sockopt_minttl) Add IPv6 support for min hop count.
The kernel support is Linux kernel 2.6.35 or later.
|
|
* bgp_vty.c: (peer_ebgp_multihop_{un,}set_vty) tail-call cleanup.
({no_,}neighbor_ttl_security) ditto.
* bgpd.c: (peer_ttl_security_hops_set) Peer group checks and TTL set only
need to be done on transition.
* sockunion.c: (sockopt_minttl) remove always-on debug and improve readability.
|
|
* bgpd: Add support for RFC 5082 GTSM, which allows the TTL field to be used
to verify that incoming packets have been sent from neighbours no more
than X IP hops away. In other words, this allows packets that were sent from
further away (i.e. not by the neighbour with known distance, and so possibly
a miscreant) to be filtered out.
* lib/sockunion.{c,h}: (sockopt_minttl) new function, to set a minimum TTL
using the IP_MINTTL socket opt.
* bgpd.h: (BGP_ERR_NO_EBGP_MULTIHOP_WITH_TTLHACK) define for command
error for minttl.
(struct peer) add a config variable, to store the configured minttl.
(peer_ttl_security_hops_{set,unset}) configuration handlers
* bgpd.c: (peer_group_get) init gtsm_hops
(peer_ebgp_multihop_{un,}set) check for conflicts with GTSM. Multihop and
GTSM can't both be active for a peer at the same time.
(peer_ttl_security_hops_set) set minttl, taking care to avoid conflicts with
ebgp_multihop.
(bgp_config_write_peer) write out minttl as "neighbor .. ttl-security hops X".
* bgp_vty.c: (bgp_vty_return) message for
BGP_ERR_NO_EBGP_MULTIHOP_WITH_TTLHACK
(peer_ebgp_multihop_{un,}set_vty)
* bgp_network.c: (bgp_accept) set minttl on accepted sockets if appropriate.
(bgp_connect) ditto for outbound.
|
|
|
|
* bgp_route.c: ({no_,}ipv6_bgp_network_ttl_cmd) depends on ipv6_bgp_network
which is HAVE_IPV6, so these should be too.
(bgp_route_init) and the installs should be similarly ifdefed
|
|
The following patch was also neccessary to compile.
* command.c: (config_logmsg_cmd) use "%s" format spec
* if.c: (connected_log) ditto
|
|
* bgp_attr.c; (attrhash_key_make) s6_addr is only member of in6_addr
guaranteed to be available - s6_addr32 isn't. Fix to be more portable, and
thus allow compilation on BSD again.
|
|
* ospfd: Refresher logic cleanup broke OSPF opaque, which does its own thing
with regard to refresher logic and which also, in the protocol, requires
implementations to keep state of which OI an LSA is received on (rather
than providing information in the LSA to allow it to be looked up - as
other LSAs requiring such assocation were careful to do).
* ospf_lsa.h: (struct ospf_interface) Add back the pointer to oi, but only
for type-9 now.
* ospf_nsm.c: (ospf_db_summary_add) check the oi actually exists first -
doesn't obviate the need for opaque to ensure oi pointers get cleaned up
when ospf_interfaces disappear.
* ospf_opaque.{c,h}: (ospf_opaque_functab,ospf_opaque_lsa_refresh) Refresher
LSA functions now need to return the LSA to the general refresh logic,
to indicate whether the LSA was refreshed.
|
|
* configure.ac: (AC_ARG_ENABLE({ospf-te,opaque-lsa})) reverse the sense to
--disable
(enable_{opaque_lsa,ospf_te}) treat as enabled unless explicitly disabled.
|
|
* bgp_packet.c: (bgp_write) On BGP write, use TCP_CORK to provide hints to
kernel about TCP buffering. This will cause BGP packets to occur in
bigger chunks (full size MTU), improving performance and getting rid of
one of the problems reported in the UNH BGP conformance test.
|
|
* sockunion.{c,h}: (sockopt_cork) wrapper for TCP_CORK socket option for
those platforms that provide it. For other platforms, it is just a nop.
|
|
* bgpd: Rather than toggling socket in/out of non-block mode, just leave it
in nonblocking mode.
One exception is in bgp_notify which only happens just before close.
|
|
* bgp_community.[ch]: (community_lookup) New helper function to look
up a community list in the hash table.
* bgp_routemap.c: A new community structure was being allocated for
every BGP update which matched a route map which set a community.
This behavior led to rapid growth in the memory consumed by bgpd.
Adding the communities to the hash table addresses the memory
growth, but may introduce a problem in modifying or deleting the
'set community' statement in the route map.
|
|
Many show commands do not have support for multiple views and do not
treat different address families uniformly. The following changes add
a number of commands with support for views and rationalized treatment
of IPv4 v IPv6 and unicast v multicast (such as in JUNOS, IOS XR and
more recent versions of IOS).
* bgp_route.c: (bgp_show_community) Inserted a new second argument (the
name of the view) and the code to look up that name in the BGP structure.
The NULL argument in the call to bgp_show (indicating the default view)
was replaced by the specified view. The existing calls to
bgp_show_community had a NULL second argument inserted to make clear
that they refer to the default view.
(top level) Added new functions via the DEFUN and/or ALIAS macros (and
the associated command table entries) to add the commands
show bgp ipv4 (unicast|multicast)
show bgp ipv4 (unicast|multicast) A.B.C.D
show bgp ipv4 (unicast|multicast) A.B.C.D/M
show bgp ipv6 (unicast|multicast)
show bgp ipv6 (unicast|multicast) X:X::X:X
show bgp ipv6 (unicast|multicast) X:X::X:X/M
These show either the full BGP table or the specified route or
prefix for the given address family.
show bgp view WORD (ipv4|ipv6) (unicast|multicast) community
show bgp view WORD (ipv4|ipv6) (unicast|multicast) community \
(AA:NN|local-AS|no-advertise|no-export){1,4}
For the specified view and address family, these show entries
matching any community or the specified communit(y)(ies).
show bgp view WORD (ipv4|ipv6) (unicast|multicast) neighbors \
(A.B.C.D|X:X::X:X) (advertised-routes|received-routes)
For the specified view and address family, show the routes
advertised to or received from the given BGP neighbor.
show bgp [view WORD] ipv4 (unicast|multicast) \
rsclient (A.B.C.D|X:X::X:X)
show bgp [view WORD] ipv4 (unicast|multicast) \
rsclient (A.B.C.D|X:X::X:X) A.B.C.D
show bgp [view WORD] ipv4 (unicast|multicast) \
rsclient (A.B.C.D|X:X::X:X) A.B.C.D/M
show bgp [view WORD] ipv6 (unicast|multicast) \
rsclient (A.B.C.D|X:X::X:X)
show bgp [view WORD] ipv6 (unicast|multicast) \
rsclient (A.B.C.D|X:X::X:X) X:X::X:X
show bgp [view WORD] ipv6 (unicast|multicast) \
rsclient (A.B.C.D|X:X::X:X) X:X::X:X/M
For the specifed (optional) view and address family, show either
the full BGP table or the specified route or prefix for the given
route server client peer.
* bgp_vty.c: (top level) Added new functions via the DEFUN and/or ALIAS
macros (and the associated command table entries) to add the commands
show bgp [view WORD] (ipv4|ipv6) (unicast|multicast) summary
show bgp [view WORD] (ipv4|ipv6) (unicast|multicast) rsclient summary
For the specified (optional) view and address family, display
either the normal summary table for BGP peers, or the route server
client table showing the import and export policies.
|
|
* configure.ac: Bump to 0.99.18
|
|
* draft-ietf-idr-as-pathlimit doesn't seem to have gone anywhere, and its
author does not think it will make progress in IDR. Remove all support
introduced for it, but leave stubs for the commands to avoid breaking
any configurations.
Basically reverts cecab5e9725792e60a5e4b473e238a14cd85815d.
|
|
* bgp_attr.c: (bgp_attr_ext_communities) Certain extended-community attrs
can leave attr->flag indicating ext-community is present, even though no
extended-community object has been attached to the attr structure. Thus a
null-pointer dereference can occur later.
(bgp_attr_community) No bug fixed here, but tidy up flow so it has same
form as previous.
Problem and fix thanks to anonymous reporter.
|
|
* ospf6_route.c ([no_]debug_ospf6_route) Include memory as a debug
option. This allows ospf6 route memory debugging to be enabled or
disabled interactively or from a config file.
|
|
* ospf6_route.c: (ospf6_route_best_next) Allows unlock route, even
when there's no next route. This is consistent with how
ospf6_route_next() behaves.
* ospf6_intra.c: (ospf6_intra_prefix_lsa_remove) Make sure the last
route considered is always unlocked. This is needed when the for
loop terminates because ospf6_route_is_prefix() returns zero.
|
|
A clean exit makes it easier to use memory debuggers.
* ospf6_asbr.c: (ospf6_asbr_terminate) Add a function to do route map
cleanup.
* ospf6_lsa.c: (ospf6_lsa_terminate) Add a function to cleanup the lsa
handler vector.
* ospf6_main.c: (ospf6_exit) Add an function that causes ospf6d to
gracefully exit.
* ospf6_message.c: (ospf6_message_terminate) Add a function that frees
the send and receive buffers.
* ospf6_top.c: (ospf6_delete) Enable the ospf6_delete() function.
Disable ospf6 before freeing everything.
|
|
* ospf6_area.c: (ospf6_area_delete) Get rid of unused code that refers
to a nonexistent function and structure member.
|
|
* ospf6_area.c: Call ospf6_spf_table_finish() before deleting the spf
table. This ensures that the associated ospf6_vertex structures
are also freed.
* ospf6_spf.c: Only allocate a priority queue when a spf calculation
is actually performed. Also defer calling ospf6_spf_table_finish().
|
|
* log.c: (closezlog) Also free the dynamically allocated filename when
a log is closed.
|
|
if.c: (if_terminate) This adds a cleanup function that can be called
when a daemon exits, similar to vty_terminate().
|
|
* bgp_attr.c: I observed while doing some debugging that even for simple
tests there was a lot of hash collisions for BGP attributes. Switch to
using Jhash rather than additive hashing. Probably overkill, but the
function is fast and available.
({attrhash,cluster,transit}_hask_key_make) convert to Jenkins hash,
instead of additive hash.
|
|
* hash.{h,c}: (string_hash_make) Hash optimised for strings, current
implementation using Bernstein hash, which offers a good compromise
between distribution and performance.
* distribute.c: (distribute_hash_make) use previous instead of additive
string hash.
* if_rmap.c: (if_rmap_hash_make) ditto
|
|
If the radix tree creates an extra interior node in bgp_node_get(),
it locks the interior node even though this node is not returned to
the caller, so it may never be unlocked. The lock prevents this node
from being deleted.
* bgpd/bgp_table.c: (bgp_node_get) Remove lock on interior node which
prevents proper node deletion
|
|
* bgp_route.c: (route_vty_out*) The local prefix, metric and weight values
are all stored as uint32_t. Change the format to %u so that large values
are not displayed as negative integers.
|
|
* bgp_route.c: (bgp_static_update_rsclient) BGP sometimes crashes when
removing route server client because of use after free.
The code to update rsclient created a local static copy of bgp attributes
but neglected to handle the extra information pointer. The extra
information was getting freed by bgp_attr_unintern() and reused later when
the copy was passed to bgp_attr_intern().
The fix is to use the attr_dup function to create a copy of the extra
information, then clean it up.
|
|
* bgp_route.c: (bgp_aggregate_set) make sure to unlock BGP node if failure
|
|
* bgpd: (bgp_aggregate_{set,unset,delete}) This fixes locking and other
issues with aggregate set/unset command
|
|
* bgpd: (bgp_damp_parameter_set) The BGP reuse_index is not initialized
properly. This would cause sporadic crash when disabling dampening. Use
XCALLOC correctly and the right size array is initialized and no memset is
needed.
|
|
* bgpd: Connected table locks were being locked but not unlocked, such that
eventually a lock would exceed 2^31 and become negative, thus triggering
an assert later on.
* bgp_main.c: (bgp_exit) delete connected elements along with ifp's.
* bgp_nexthop.c: (bgp_nexthop_lookup{,_ipv6}) add missing unlocks
(bgp_multiaccess_check_v4) ditto
(bgp_connected_{add,delete}) Use a distinct memtype for bgp_connected_ref.
(bgp_scan_finish) reset the nexthop cache to clean it up when bgpd exits
* bgp_route.c: fix missing bgp_node unlocks
* lib/memtype.c: (memory_list_bgp) add MTYPE_BGP_CONN
* testing: has been tested for almost 2 months now.
|
|
* lib/memory.c: (zrealloc) If is called with NULL pointer then it should
increment allocations because it behaves the same as zmalloc.
(zfree) is called with NULL pointer, it does nothing therefore allocation
count should not change.
|
|
|
|
|
|
Older versions of Quagga/Zebra would output a value in MRT table
dump files for "uptime" aka "ORIGINATED" that was a WALL clock
value. Given that uptime is now internally a bgp_clock MONOTONIC
value, the output in the MRT files is showing up as monotonic.
Note: time of MRT dump is still recorded correctly as a
time() based value, so we haven't lost that value.
Proposal is to correct the uptime output on the vty and in the
MRT files to again display something more akin to WALL time.
* bgp_dump.c: (bgp_dump_routes_func) add conditional correction
* bgp_route.c: (route_vty_out_detail) make correction conditional, move
variable declaration to beginning of the function
|
|
Doesn't ripng needs same fix as ripd.
|
|
...A nasty bug, if you forgot to disable debugging, stored the config
and reboot your machine - if you really depend on ripd, then the machine
will not fully come back on the network, because ripd fails.
|
|
* bgpd/bgp_debug.c: fix VTY strings for BGP debug commands to match
correct syntax
|
|
* bgp_packet.c: (bgp_notify_receive) justify the difference between
BGP_NOTIFY_OPEN_UNSUP_PARAM and BGP_NOTIFY_OPEN_UNSUP_CAPBL cases, as
it is explained in RFC5492, page 3, paragraph 1.
"Unsupported Capability" error does not mean, that the peer doesn't
support capabilities advertisement -- quite the opposite (if the peer
would not support capabilities advertisement, the code would be
"Unsupported Optional Parameter"). Thus there is no reason to mark
the peer as one non-supporting capabilities advertisement.
Example: suppose the peer is in fact IPv6-only, but we didn't configure
anything address-family specific for it. Then, the peer would refuse
the session with "Unsupported Capability" code. If we internally set
the peer as non-supporting capabilities advertisement after that, we
will not be able to establish the session with it ever, even with a
fixed configuration -- IPv6-only BGP session cannot be established
without capabilities.
In practice an edge case would be seen as the same IPv6 peer working
with its "neighbor" block read from bgpd.conf, but not working, when
slowly input in "conf t" mode.
|
|
* ospf6_spf.c: Don't replace a node with another node with a lower
number of hops, instead get them from the queue in the correct
order. (Actually, the replacement crashed the ospf6d daemon
rather than worked.)
|
|
* ospf_lsa.h: (struct ospf_lsa) remove oi pointer
* ospf_lsa.c: (ospf_network_lsa_refresh) instead of keeping a pointer, just
lookup the oi when it's needed. This decouples network LSA from oi lifetime
and avoids having to invalidate pointers in LSAs when an oi changes,
simplifying the code.
|
|
* ospf_lsa.c: (various) unregister LSAs from refresher before flushing.
|