summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2013-02-01bgpd: relax ORF capability length handlingDavid Lamparter
commit fe9bb64... "bgpd: CVE-2012-1820, DoS in bgp_capability_orf()" made the length test in bgp_capability_orf_entry() stricter and is now causing us to refuse (with CEASE) ORF capabilites carrying any excess data. This does not conform to the robustness principle as laid out by RFC1122 ("be liberal in what you accept"). Even worse, RFC5291 is quite unclear on how to use the ORF capability with multiple AFI/SAFIs. It can be interpreted as either "use one instance, stuff everything in" but also as "use multiple instances". So, if not for applying robustness, we end up clearing sessions from implementations going by the former interpretation. (or if anyone dares add a byte of padding...) Cc: Denis Ovsienko <infrastation@yandex.ru> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-02-01bgpd: don't try to reconcile AS4_PATH with NULLDavid Lamparter
bgp_attr_munge_as4_attrs would previously try to reintegrate an AS4_PATH with a NULL AS_PATH, leading to a rather nasty SEGV. Let's go by RFC6793 and treat missing AS_PATH as 0-length AS_PATH, which in turn means discarding the AS4_PATH. [NB: we don't actually stick to the actual rule, which is discarding AS4_PATH if it's longer than AS_PATH; indeed we should probably fix that too] Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-01-16build: Quagga 0.99.22-rc1David Lamparter
this is not a full release version, so neither release notes nor documentation are updated yet. Also, signing the tag with my private GPG key instead of the Quagga one.
2013-01-16bgpd: conditional default-originate using route-mapChristian Franke
Incorporate a patch by Svetozar Mihailov which implements default-originate route-maps to behave as expected, i.e. allowing the default route to be advertised conditionally, depending on a criterion given by the route-map. I am aware that the performance attributes of the following implementation are far from optimal. However, this affects only code paths belonging to a feature that is broken without this patch, therefore, it seems reasonable to me to have this in the mainline for now. Cc: Svetozar Mihailov <quagga@j.zarhi.com> Reported-by: Sébastien Cramatte <scramatte@gmail.com> Signed-off-by: Christian Franke <chris@opensourcerouting.org> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-01-16bgpd: uncork/nagle socket when sending BGP NOTIFYLeonid Rosenboim
This pushes out the NOTIFY message before closing a connection. Previously, the TCP_CORK bandwidth optimization code caused NOTIFY messages to disappear prior to when the connection is closed. * bgpd/bgp_packet.c: unset CORK, set NODELAY, and replace writen() by more correct write() Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-01-16Revert "bgpd: flock() dump files (BZ#742)"David Lamparter
This reverts commit b07458a055493dd37cb955ae90f11ae8bc334d3a. On second thought, the right way to do this is with rename(), not by introducing a lock that can potentially even stall bgpd. Reported-by: Christian Franke <chris@opensourcerouting.org> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-01-16zebra: fix sockaddr_dl length assumptions (BZ#737)David Lamparter
Quagga makes bad assumptions about sockaddr_dl (on NetBSD, but possibly on other systems as well). Particularly, sizeof(struct sockaddr_dl) returns a size that does not include the full sdl_data field, leading to not enough data being copied. This breaks IPv6 RAs in particular, as a broken mac address from sockaddr_dl will be included in the packets. From: Matthias-Christian Ott <ott@mirix.org> Tested-by: Uwe Toenjes <6bone@6bone.informatik.uni-leipzig.de> [further simplified + more comments] Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-01-16build: update .gitignore for all test programsLeonid Rosenboim
2013-01-15build: add buildtest.sh scriptDavid Lamparter
This script compiles Quagga in a variety of configurations and optionally with LLVM and ICC (if those are installed). Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-01-15build: Fix build on MacOSX 10.8 (Mountain Lion)Hasso Tepper
Newer MacOSX versions have support for both IPv6 advanced socket API RFCs (2292 and 3542) switchable in compile time, but neither of these is default for some strange reason. RFC3542 will be default in future, but for now we have to declare that we want to use the RFC3542 API before including <netinet/in.h>. Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-01-15build: Remove deprecated AM_CONFIG_HEADERHasso Tepper
AM_CONFIG_HEADER has been deprecated for many years and is removed completely from automake 1.13. Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-01-15bgpd: uncork after each writeStephen Hemminger
Keep data flowing, uncork after each BGP_WRITE_PACKET_MAX. This makes TCP send data sooner, since thread may not be scheduled again for a a longish time because of new UPDATE's coming in. Signed-off-by: Stephen Hemminger <shemminger@vyatta.org> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-01-15bgpd: use recent monotonic time for readtimeStephen Hemminger
The readtime value is for diagnostic, and doesn't have to be highly accurate. This also fixes a problem where the readtime was being measured with system clock, but the peer_uptime() was comparing with bgp_clock. Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-01-15configure: allow building without getrusageStephen Hemminger
Measuring the resource usage of threads is moderately expensive since it requires doing an additional system call everytime a thread context switches. Make it possible to disable this with a configuration option. Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-01-15bgpd: mark route nodes scheduled into work queueStephen Hemminger
The flag bit BGP_NODE_PROCESS_SCHEDULED is checked but never set. This causes route node to be scheduled multiple times under load. Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-01-15bgpd: improve logging of invalid BGP NotificationsLeonid Rosenboim
Invalid BGP Notification messages should be logged locally, cf. RFC4271, Sect. 6.4, p 34, NOTIFICATION Message Error Handling Current notification for invalid Notification code: 2012/10/10 02:17:54 BGP: message index 10 not found in bgp_notify_msg (max is 8) 2012/10/10 02:17:54 BGP: 192.168.1.1 received NOTIFICATION 10/0 ((no item found)) 0 bytes the logging should be a bit more clear. The above logging really doesn't explain much and looks more like a programming error. [rewrote most of it to get in something I can call a shape -David] Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-01-14bgpd: fix error response to invalid BGP version numberLeonid Rosenboim
BGP4-ANVL 20.1 ANVL tries to open BGP with version 5 and expects correct notification in response. Quagga sends notification, but with incorrect information in it. The data needs to be a 2-byte value, and for now we respond with 0004 for any peer version other than 4. Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-01-14bgpd: fix a bug in bgp_attr_dupChristian Franke
Commit 558d1fec11749d3257e improved bgp_attr_dup so it would be possible for the caller to provide attr_extra, allowing to use the stack instead of the heap for operations requiring only a short lived attr. However, this commit introduced a bug where bgp_attr_dup wouldn't copy attr_extra at all (but provide a reference to the original) if the caller provided attr_extra. Cc: Jorge Boncompte [DTI2] <jorge@dti2.net> Signed-off-by: Christian Franke <chris@opensourcerouting.org> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-01-14bgpd: fix a memleak on "set community none"Christian Franke
Signed-off-by: Christian Franke <chris@opensourcerouting.org> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-01-14zebra: don't overrun afi/safi array boundariesLeonid Rosenboim
zebra was not checking afi/safi values. This was leading to crashes where these values were coming directly from some protocol's on-wire fields. Safeguarding them in zebra is a good start. Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-01-14bgpd: store "no neighbor activate" for IPv4 unicastChristian Franke
If a neighbor was in a peer group for any AFI/SAFI, bgpd would never write a "no neighbor activate" line for IPv4 unicast, so a valid setup like following could be configured, but not saved: router bgp 64600 bgp router-id 198.51.100.1 network 198.51.100.0/24 neighbor peers peer-group neighbor 2001:db8::2 remote-as 64601 no neighbor 2001:db8::2 activate ! address-family ipv6 network 2001:db8:1::/48 neighbor peers activate neighbor peers soft-reconfiguration inbound neighbor 2001:db8::2 peer-group peers exit-address-family ! Signed-off-by: Christian Franke <chris@opensourcerouting.org> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-01-14bgpd: avoid heap fragmentation in bgp_clear_route_tableJorge Boncompte [DTI2]
In bgp_clear_route_table, moved cleanup code before the allocation of the work queue items. This returns the memory to the system allocator before allocating new and might therefore help avoiding heap fragmentation. * bgp_route.c: (bgp_clear_route_table) moved code blocks. Signed-off-by: Jorge Boncompte [DTI2] <jorge@dti2.net> Reviewed-by: Leonid Rosenboim <Leonid.Rosenboim@windriver.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-01-14bgpd: fix for leaked struct bgp_adj_[in|out] on peer shutdownJorge Boncompte [DTI2]
If a peer with soft-reconfiguration configured is cleared, the function bgp_clear_route_table() doesn't free the bgp_adj_in and bgp_adj_out structures of route nodes that for some reason, ej. denied by a filter, don't have routes attached "rn->info == NULL". Signed-off-by: Jorge Boncompte [DTI2] <jorge@dti2.net> Reviewed-by: Leonid Rosenboim <Leonid.Rosenboim@windriver.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-01-11lib: remove ALL_LIST_ELEMENTS dead code branchDavid Lamparter
ALL_LIST_ELEMENTS is checking node == NULL twice, which is causing a whole slew of false positives in Coverity. In this particular case, addressing this in the code is reasonable; being a macro, this appears all over the place without easy remedy. Acked-by: Scott Feldman <sfeldma@cumulusnetworks.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-01-11zebra: fix netlink NL_PKT_BUF_SIZE高鹏
Change default value of variable NL_PKT_BUF_SIZE to 8192UL. Cf. NLMSG_GOODSIZE definition of linux in include/linux/netlink.h for detail. Previously, on platforms with a page size greater than 8192, if you had added too many interfaces, zebra would not have enough buffer space to get the entire interface list. This resulted in an incomplete interface list. From: 高鹏 <gpstrive@gmail.com> [updated to apply after FPM patches] Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-01-11build: Fix build for systems with no /bin/trueHasso Tepper
There are systems with no /bin/true - it might have different path (/usr/bin/true) or even a shell builtin. Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-01-11build: MacOSX needs BSD struct ip_mreq hack tooHasso Tepper
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-01-11testzebra: pragma weak: detect systems with weak alias and provide alternativeDoug VanLeuven
LLVM clang does not support #pragma weak (bug 3679) on OS X. There are other systems where the #pragma weak has varying syntax. Added m4 file from the autoconf archives: http://www.gnu.org/software/autoconf-archive/ax_sys_weak_alias.html Fix up zebra/*_null.c files to use #pragma weak alias or stub functions if not available. It's incomplete in that the different format #pragma enable easier fixes on need. Tested on 64bit OS X 10.7, FreeBSD 9.0 amd64 & i386 (32bit) using gcc & clang. Tested on linux 64bit. Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-01-11Merge remote-tracking branch 'savannah/sf/ospfd'David Lamparter
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-01-07ospfd: Remove dup MaxAge LSA floodDinesh G Dutt
Stop additional, unnecessary flooding of MaxAge LSAs. When a MaxAge LSA is installed, if the LSA is prematurely aged or the LSA is not self-originated, the LSA is flushed. This results in a the LSA being flooded a second time and in some cases flooded back to the receiver (unless the receiver is also the advertising router). A MaxAge'd LSA has already been flooded in ospf_flood() as part of the LSA receive processing (ospf_ls_upd). A self-originated LSA will be flooded from the originate/refresh routine. Thus, in the install routine, a MaxAge'd LSA only needs to be added to the MaxAge LSA list. Signed-off-by: Dinesh G Dutt <ddutt@cumulusnetworks.com> Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
2013-01-07ospfd: Corrected ospfd Type-4/Type-5 ls update handlingVishal Kumar
This fix is for Type-4 LS updates handling at a ABR router where ospf daemon is not distributing Type-4 LS updates with correct LS-Age after learning about a ASBR router in a ospf network. Because of this Type-5 LS updates are not learnt in ospf network. Testing Scenario: This can be re-produced by restarting the ospfd daemon on DUT (mentioned in figure below)before the Hello time interval expires for area 0.0.0.1. ____ _______ ____ _________ | | area: 0.0.0.1 | | area: 0.0.0.0 | | area: 0.0.0.2 | | | R1 |---------------------|DUT/ABR|---------------------| R2 |------------------| R3/ASBR | |____| x.x.x.0/24 |_______| y.y.y.0/64 |____| z.z.z.0/24 |_________| In the above setup when ospfd is restarted (imp:before the Hello interval at R1 expires) and DUT learns about ASBR router R3 (Type-4) in the network from R2, but this ls-update is not propagates in area 0.0.0.1. So R1 never comes to know about the ASBR router in the network, so all the type-5 LS updates coming from R3 are not learnt by R1. Further if we again restart ospfd daemon it starts working fine. With the fix given this issue can be resolved. More Discussion on this is available at: http://www.gossamer-threads.com/lists/quagga/dev/23892 Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
2013-01-07ospfd: compile warning cleanupsAndrew Certain
A set of patches to clarify some comments as well as cleanup code that was causing warnings. After these patches, the code can be compiled with -Wall -Wsign-compare -Wpointer-arith -Wbad-function-cast -Wwrite-strings -Wmissing-prototypes -Wmissing-declarations -Wchar-subscripts -Wcast-qual -Wextra -Wno-unused-parameter -Wno-missing-field-initializers (what is current in trunk plus -Wextra -Wno-unused-parameter -Wno-missing-field-initializers). Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
2013-01-07ospfd: Update nsm_change_state to static scope, as it is not called from ↵Andrew Certain
elsewhere Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
2013-01-07ospfd: Changed TE instance check to remove -Wtype-limits warningAndrew Certain
Since LEGAL_TE_INSTANCE_RANGE() was being passed an unsigned int, a warning was being thrown due to the compare against >= 0. Since this macro was used only in one place, I removed the macro for an explict compare against a constant for the MAX. Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
2013-01-07lib: Changes to VTY string-parsing macros to remove warningsAndrew Certain
The VTY_GET_INTEGER_RANGE macro was being used also just to check the range on a variable that wasn't used (for the "no" version of a VTY command), so I split the macro into two. Also, since the variable is unsigned, if MIN is zero, you get a warning about comparing an unsigned number against 0, giving rise to slightly convoluted logic. Note that the previous two patches were found by the -Wtype-limits and -Wunused-variables warnings. Without the changes to these macros, these warnings are triggered erroneously, making it harder to find the real problems. Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
2013-01-07ospfd: Update comments to be more clear in packet processingAndrew Certain
Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
2013-01-07ospfd: Fixed signed/unsigned masking of negative metricsAndrew Certain
In the original code, negative metrics would be converted successfully by atoi() and then converted to an unsigned int that would always compare successfully against >= 0, leaving a large positive metric in the route map. Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
2013-01-07ospfd: Fixed typo bug in ospf_vty.h:ospf_neighborAndrew Certain
Typo bug. ospf_nbr_nbma_poll_interval_set() was being sent priority instead of interval. Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
2013-01-07ospfd: fix argument parsing for distribute-listChristian Franke
Use the correct argument for the protocol lookup in ospf distribute-list commands. Signed-off-by: Christian Franke <chris@opensourcerouting.org> Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
2013-01-07ospf: fix apiserver enableDavid Lamparter
The ospf_apiserver_enable flag was being cleared _after_ the "-a" command-line option set it to 1. Move up the initialisation, so enabling the OSPF API is actually possible. Reported-by: Rosario Mattera <rosmattera@gmail.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org> Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
2013-01-07ospf: Fix type-4 network mask to 0 per RFCLeonard Tracy
The OSPF RFC (2328) states that the network mask field of a type 4 LSA "is not meaningful and must be zero". OSPFD has been setting the mask as /32. This patch changes OSPFD to set the mask to 0 per the RFC Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
2013-01-07ospf: Reduce MaxAge log levelAyan Banerjee
Reduce the log level for the MaxAge LSA reception when such an LSA does not exist in the database. Signed-off-by: Ayan Banerjee <ayan@cumulusnetworks.com> Reviewed-by: Scott Feldman <sfeldma@cumulusnetworks.com> Reviewed-by: Nolan Leake <nolan@cumulusnetworks.com> Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
2013-01-07ospf: Convert MAX_AGE LSA list to treeDinesh Dutt
Store the MaxAge LSA list in a tree instead of a linked list for efficient access. Walking the list can be quite inefficient in some large systems and under certain tests. ospfd maintains the list of LSA's that have been MaxAge'd out in a separate linked list for removal by a remover/walker thread. When a new LSA is to be installed, the old LSA is ejected and when it is ejected, the MaxAge LSA list is traversed to ensure that the old LSA is also removed from this list if it exists on this list. When a large number (> 5K) MaxAge LSAs are bombarding the system, walking this list takes a significant time causing timers to fire and actions to be taken such as expiring neighbors due to expiry of DeadInterval (especially when timer is really low, <= 12s), creating a spiral of instability. By making this MaxAge LSA list be a tree, this problem is mitigated. Signed-off-by: Dinesh Dutt <ddutt@cumulusnetworks.com> Reviewed-by: Ayan Banerjee <ayan@cumulusnetworks.com> Reviewed-by: Scott Feldman <sfeldma@cumulusnetworks.com> Reviewed-by: Shrijeet Mukherjee <shm@cumulusnetworks.com> Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
2013-01-07ospf: forward ref. of areas for "max-metric router-lsa administrative" cmdAyan Banerjee
In the event areas are created at a later point of time with respect to the playback of the "max-metric router-lsa administrative" command, those areas do not get into indefinite max-metric mode. This patch is inteneded to store the configuration and apply it to all future areas that may be created. In the process, some other bugs that were there with respect to restart etc are fixed up. Tested locally to see that the fix works across multiple areas and across multiple restarts. Signed-off-by: Ayan Banerjee <ayan@cumulusnetworks.com> Reviewed-by: Scott Feldman <sfeldma@cumulusnetworks.com> Reviewed-by: JR Rivers <jrrivers@cumulusnetworks.com> Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
2013-01-07ospf: suppress delete using replacementAyan Banerjee
After a SPF run, OSPF deletes routes that have changed in terms of any metric, type, and/or next-hops and re-adds them. Given that the Zebra-RIB already support replacement semantics, we suppress deletes for routes that will be added back again. This has the following advantages. It reduces the number of IPC messages between OSPF/Zebra. Also, in the current flow, a batch of route deletes were followed by a batch of adds even for say a metric change. With the change, routes are sent as "add" when they are modified. Zebra already implicitly deletes older routes. Signed-off-by: Ayan Banerjee <ayan@cumulusnetworks.com> Reviewed-by: Scott Feldman <sfeldma@cumulusnetworks.com> Reviewed-by: Dinesh Dutt <ddutt@cumulusnetworks.com> Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
2012-12-13build: check for .git in configure.acDavid Lamparter
Don't error out when someone tries using --with-pkg-git-version on something that isn't actually a git checkout (like a dist tarball). Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2012-12-13build: fix dist tarballDavid Lamparter
automake file lists haven't quite kept up with recent changes, time to fix them up so the dist tarball actually works... Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2012-12-13build: update ICC warning CFLAGSDavid Lamparter
Intel's icc doesn't accept "-wd <number>" anymore, it's "-wd<number>" these days. But, anyhow, the warnings disabled in Quagga's configure.ac don't seem to appear anywhere at all, so let's just remove the option completely. Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2012-12-12isisd: fix ipv6 metric endiannessNick Hilliard
the isis ipv6 reachability metric is transmitted in big endian / network format, but isis_spf_process_lsp() does not convert this into host endian format when mucking around with local cost + received metric. This patch fixes this problem and makes received ipv6 metrics work properly on little-endian machines. Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2012-12-12isisd: verify metrics on metric-style transitionChristian Franke
When switching to metric-style transition, circuit metrics should also be verified to be in the narrow range 0..63. Signed-off-by: Christian Franke <chris@opensourcerouting.org> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>