| Age | Commit message (Collapse) | Author |
|---|
|
* BGP error handling generally boils down to "reset session". This was fine
when all BGP speakers pretty much understood all BGP messages. However
the increasing deployment of new attribute types has shown this approach
to cause problems, in particular where a new attribute type is "tunneled"
over some speakers which do not understand it, and then arrives at a speaker
which does but considers it malformed (e.g. corruption along the way, or
because of early implementation bugs/interop issues).
To mitigate this drafts before the IDR (likely to be adopted) propose to
treat errors in partial (i.e. not understood by neighbour), optional
transitive attributes, when received from eBGP peers, as withdrawing only
the NLRIs in the affected UPDATE, rather than causing the entire session
to be reset. See:
http://tools.ietf.org/html/draft-scudder-idr-optional-transitive
* bgp_aspath.c: (assegments_parse) Replace the "NULL means valid, 0-length
OR an error" return value with an error code - instead taking
pointer to result structure as arg.
(aspath_parse) adjust to suit previous change, but here NULL really
does mean error in the external interface.
* bgp_attr.h (bgp_attr_parse) use an explictly typed and enumerated
value to indicate return result.
(bgp_attr_unintern_sub) cleans up just the members of an attr, but not the
attr itself, for benefit of those who use a stack-local attr.
* bgp_attr.c: (bgp_attr_unintern_sub) split out from bgp_attr_unintern
(bgp_attr_unintern) as previous.
(bgp_attr_malformed) helper function to centralise decisions on how to
handle errors in attributes.
(bgp_attr_{aspathlimit,origin,etc..}) Use bgp_attr_malformed.
(bgp_attr_aspathlimit) Subcode for error specifc to this attr should be
BGP_NOTIFY_UPDATE_OPT_ATTR_ERR.
(bgp_attr_as4_path) be more rigorous about checks, ala bgp_attr_as_path.
(bgp_attr_parse) Adjust to deal with the additional error level that
bgp_attr_ parsers can raise, and also similarly return appropriate
error back up to (bgp_update_receive). Try to avoid leaking as4_path.
* bgp_packet.c: (bgp_update_receive) Adjust to deal with BGP_ATTR_PARSE_WITHDRAW
error level from bgp_attr_parse, which should lead to a withdraw, by
making the attribute parameter in call to (bgp_nlri_parse) conditional
on the error, so the update case morphs also into a withdraw.
Use bgp_attr_unintern_sub from above, instead of doing this itself.
Fix error case returns which were not calling bgp_attr_unintern_sub
and probably leaking memory.
* tests/aspath_test.c: Fix to work for null return with bad segments
|
|
|
|
extcom..'
* Extended communities has some kind of resource allocation problem which
causes a double-free if the 'set extcommunity ...' command is used.
Try fix by properly interning extcommunities.
Also, more generally, make unintern functions take a double pointer
so they can NULL out callers references - a usefully defensive programming
pattern for functions which make refs invalid.
Sadly, this patch doesn't fix the problem entirely - crashes still
occur on session clear.
* bgp_ecommunity.h: (ecommunity_{free,unintern}) take double pointer
args.
* bgp_community.h: (community_unintern) ditto
* bgp_attr.h: (bgp_attr_intern) ditto
* bgp_aspath.h: (bgp_aspath.h) ditto
* (general) update all callers of above
* bgp_routemap.c: (route_set_ecommunity_{rt,soo}) intern the new extcom added
to the attr, and unintern any old one.
(route_set_ecommunity_{rt,soo}_compile) intern the extcom to be used
for the route-map set.
(route_set_ecommunity_*_free) unintern to match, instead of free
(route_set_ecommunity_soo) Do as _rt does and don't just leak
any pre-existing community, add to it (is additive right though?)
|
|
* aspath_test.c: Add more test cases. In particular ones to cover the
last invalid-segment problem. Also add ability to specify aspath attribute
headers and test them somewhat.
NB: It's obvious this test has not been run for a year by anyone, despite
2 non-trivial commits to bgpd aspath code.
|
|
Some of the changes made in commit cddb8112b80fa9867156c637d63e6e79eeac67bb
don't work particularly well for other changes that need to be made to
address BGP attribute error handling problems. In particular, returning
a pointer from complex attribute data parsing functions will not suffice
to express the require range of return status conditions.
* bgp_aspath.c: (assegments_parse) Rollback to a more minimal set of
changes to fix the original problem.
(aspath_parse) Slightly needless pushing around of code, and taking
2 parameters to say whether ot use 2 or 4 byte encoding seems unnecessary.
* bgp_attr.c: (bgp_attr_as{,4}path) Rollback, in preparation for BGP
attribute error handling update.
|
|
* draft-ietf-idr-as-pathlimit doesn't seem to have gone anywhere, and its
author does not think it will make progress in IDR. Remove all support
introduced for it, but leave stubs for the commands to avoid breaking
any configurations.
Basically reverts cecab5e9725792e60a5e4b473e238a14cd85815d.
|
|
* bgp_attr.c: (bgp_attr_ext_communities) Certain extended-community attrs
can leave attr->flag indicating ext-community is present, even though no
extended-community object has been attached to the attr structure. Thus a
null-pointer dereference can occur later.
(bgp_attr_community) No bug fixed here, but tidy up flow so it has same
form as previous.
Problem and fix thanks to anonymous reporter.
|
|
* ospf6_route.c ([no_]debug_ospf6_route) Include memory as a debug
option. This allows ospf6 route memory debugging to be enabled or
disabled interactively or from a config file.
|
|
* ospf6_route.c: (ospf6_route_best_next) Allows unlock route, even
when there's no next route. This is consistent with how
ospf6_route_next() behaves.
* ospf6_intra.c: (ospf6_intra_prefix_lsa_remove) Make sure the last
route considered is always unlocked. This is needed when the for
loop terminates because ospf6_route_is_prefix() returns zero.
|
|
A clean exit makes it easier to use memory debuggers.
* ospf6_asbr.c: (ospf6_asbr_terminate) Add a function to do route map
cleanup.
* ospf6_lsa.c: (ospf6_lsa_terminate) Add a function to cleanup the lsa
handler vector.
* ospf6_main.c: (ospf6_exit) Add an function that causes ospf6d to
gracefully exit.
* ospf6_message.c: (ospf6_message_terminate) Add a function that frees
the send and receive buffers.
* ospf6_top.c: (ospf6_delete) Enable the ospf6_delete() function.
Disable ospf6 before freeing everything.
|
|
* ospf6_area.c: (ospf6_area_delete) Get rid of unused code that refers
to a nonexistent function and structure member.
|
|
* ospf6_area.c: Call ospf6_spf_table_finish() before deleting the spf
table. This ensures that the associated ospf6_vertex structures
are also freed.
* ospf6_spf.c: Only allocate a priority queue when a spf calculation
is actually performed. Also defer calling ospf6_spf_table_finish().
|
|
* log.c: (closezlog) Also free the dynamically allocated filename when
a log is closed.
|
|
if.c: (if_terminate) This adds a cleanup function that can be called
when a daemon exits, similar to vty_terminate().
|
|
* bgp_attr.c: I observed while doing some debugging that even for simple
tests there was a lot of hash collisions for BGP attributes. Switch to
using Jhash rather than additive hashing. Probably overkill, but the
function is fast and available.
({attrhash,cluster,transit}_hask_key_make) convert to Jenkins hash,
instead of additive hash.
|
|
* hash.{h,c}: (string_hash_make) Hash optimised for strings, current
implementation using Bernstein hash, which offers a good compromise
between distribution and performance.
* distribute.c: (distribute_hash_make) use previous instead of additive
string hash.
* if_rmap.c: (if_rmap_hash_make) ditto
|
|
If the radix tree creates an extra interior node in bgp_node_get(),
it locks the interior node even though this node is not returned to
the caller, so it may never be unlocked. The lock prevents this node
from being deleted.
* bgpd/bgp_table.c: (bgp_node_get) Remove lock on interior node which
prevents proper node deletion
|
|
* bgp_route.c: (route_vty_out*) The local prefix, metric and weight values
are all stored as uint32_t. Change the format to %u so that large values
are not displayed as negative integers.
|
|
* bgp_route.c: (bgp_static_update_rsclient) BGP sometimes crashes when
removing route server client because of use after free.
The code to update rsclient created a local static copy of bgp attributes
but neglected to handle the extra information pointer. The extra
information was getting freed by bgp_attr_unintern() and reused later when
the copy was passed to bgp_attr_intern().
The fix is to use the attr_dup function to create a copy of the extra
information, then clean it up.
|
|
* bgp_route.c: (bgp_aggregate_set) make sure to unlock BGP node if failure
|
|
* bgpd: (bgp_aggregate_{set,unset,delete}) This fixes locking and other
issues with aggregate set/unset command
|
|
* bgpd: (bgp_damp_parameter_set) The BGP reuse_index is not initialized
properly. This would cause sporadic crash when disabling dampening. Use
XCALLOC correctly and the right size array is initialized and no memset is
needed.
|
|
* bgpd: Connected table locks were being locked but not unlocked, such that
eventually a lock would exceed 2^31 and become negative, thus triggering
an assert later on.
* bgp_main.c: (bgp_exit) delete connected elements along with ifp's.
* bgp_nexthop.c: (bgp_nexthop_lookup{,_ipv6}) add missing unlocks
(bgp_multiaccess_check_v4) ditto
(bgp_connected_{add,delete}) Use a distinct memtype for bgp_connected_ref.
(bgp_scan_finish) reset the nexthop cache to clean it up when bgpd exits
* bgp_route.c: fix missing bgp_node unlocks
* lib/memtype.c: (memory_list_bgp) add MTYPE_BGP_CONN
* testing: has been tested for almost 2 months now.
|
|
* lib/memory.c: (zrealloc) If is called with NULL pointer then it should
increment allocations because it behaves the same as zmalloc.
(zfree) is called with NULL pointer, it does nothing therefore allocation
count should not change.
|
|
|
|
|
|
Older versions of Quagga/Zebra would output a value in MRT table
dump files for "uptime" aka "ORIGINATED" that was a WALL clock
value. Given that uptime is now internally a bgp_clock MONOTONIC
value, the output in the MRT files is showing up as monotonic.
Note: time of MRT dump is still recorded correctly as a
time() based value, so we haven't lost that value.
Proposal is to correct the uptime output on the vty and in the
MRT files to again display something more akin to WALL time.
* bgp_dump.c: (bgp_dump_routes_func) add conditional correction
* bgp_route.c: (route_vty_out_detail) make correction conditional, move
variable declaration to beginning of the function
|
|
Doesn't ripng needs same fix as ripd.
|
|
...A nasty bug, if you forgot to disable debugging, stored the config
and reboot your machine - if you really depend on ripd, then the machine
will not fully come back on the network, because ripd fails.
|
|
* bgpd/bgp_debug.c: fix VTY strings for BGP debug commands to match
correct syntax
|
|
* bgp_packet.c: (bgp_notify_receive) justify the difference between
BGP_NOTIFY_OPEN_UNSUP_PARAM and BGP_NOTIFY_OPEN_UNSUP_CAPBL cases, as
it is explained in RFC5492, page 3, paragraph 1.
"Unsupported Capability" error does not mean, that the peer doesn't
support capabilities advertisement -- quite the opposite (if the peer
would not support capabilities advertisement, the code would be
"Unsupported Optional Parameter"). Thus there is no reason to mark
the peer as one non-supporting capabilities advertisement.
Example: suppose the peer is in fact IPv6-only, but we didn't configure
anything address-family specific for it. Then, the peer would refuse
the session with "Unsupported Capability" code. If we internally set
the peer as non-supporting capabilities advertisement after that, we
will not be able to establish the session with it ever, even with a
fixed configuration -- IPv6-only BGP session cannot be established
without capabilities.
In practice an edge case would be seen as the same IPv6 peer working
with its "neighbor" block read from bgpd.conf, but not working, when
slowly input in "conf t" mode.
|
|
* ospf6_spf.c: Don't replace a node with another node with a lower
number of hops, instead get them from the queue in the correct
order. (Actually, the replacement crashed the ospf6d daemon
rather than worked.)
|
|
* ospf_lsa.h: (struct ospf_lsa) remove oi pointer
* ospf_lsa.c: (ospf_network_lsa_refresh) instead of keeping a pointer, just
lookup the oi when it's needed. This decouples network LSA from oi lifetime
and avoids having to invalidate pointers in LSAs when an oi changes,
simplifying the code.
|
|
* ospf_lsa.c: (various) unregister LSAs from refresher before flushing.
|
|
2006-05-30 Paul Jakma <paul.jakma@sun.com>
* (general) Fix confusion around MaxAge-ing and problem with
high-latency networks. Analysis and suggested fixes by
Phillip Spagnolo, in [quagga-dev 4132], on which this commit
expands slightly.
* ospf_flood.{c,h}: (ospf_lsa_flush) new function.
Scope-general form of existing flush functions, essentially
the dormant ospf_maxage_flood() but without the ambiguity of
whether it is responsible for flooding.
* ospf_lsa.c: (ospf_lsa_maxage) Role minimised to simply setup
LSA on the Maxage list and schedule removal - no more.
ospf_lsa_flush* being the primary way to kick-off flushes
of LSAs.
Don't hardcode the remover-timer value, which was too
short for very high-latency networks.
(ospf_maxage_lsa_remover) Just do what needs to be done to
remove maxage LSAs from the maxage list, remove the call
to ospf_flood_through().
Don't hardcode remove-timer value.
(ospf_lsa_{install,flush_schedule}) ospf_lsa_flush is the correct
entrypoint to flushing maxaged LSAs.
(lsa_header_set) Use a define for the initial age, useful for
testing.
* ospf_opaque.c: (ospf_opaque_lsa_refresh) ditto.
(ospf_opaque_lsa_flush_schedule) ditto.
* ospfd.h: ({struct ospf,ospf_new}) Add maxage_delay parameter,
interval to wait before running the maxage_remover. Supply a
suitable default.
Add a define for OSPF_LSA_INITIAL_AGE, see lsa_header_set().
|
|
* (general) Get rid of the router and network LSA specific refresh timers
and make the general refresher do this instead. Get rid of the twiddling
of timers for router/network LSA that was spread across the code.
This lays the foundations for future, general LSA refresh improvements,
such as making sequence rollover work, and having generic LSA delays.
* ospfd.h: (struct ospf) Bye bye to the router-lsa update timer thread
pointer.
(struct ospf_area) and to the router-lsa refresh timer.
* ospf_interface.h: Remove the network_lsa_self timer thread pointer
* ospf_lsa.h: (struct ospf_lsa) oi field should always be there, for benefit
of type-2/network LSA processing.
(ospf_{router,network}_lsa_{update_timer,timer_add}) no timers for these
more
(ospf_{router,network}_lsa_update) more generic functions to indicate that some
router/network LSAs need updating
(ospf_router_lsa_update_area) update router lsa in a particular area alone.
(ospf_{summary,summary_asbr,network}_lsa_refresh) replaced by the general
ospf_lsa_refresh function.
(ospf_lsa_refresh) general LSA refresh function
|
|
* ospf_interface.h: (struct ospf_if_params) add field for saved network LSA
seqnum
* ospf_interfa.c: (ospf_new_if_params) init network_lsa_seqnum field to
initial seqnum - doesnt matter though.
* ospf_lsa.c: (ospf_network_lsa_new) check for any saved sequence number,
and use if it exists. Save the result back. This should help avoid needless
round of LSUpdate/LSRequests when a neighbour has to tell the originator
"uhm, i have something newer than that already".
* ospf_vty.c: (show_ip_ospf_interface_sub) Show the saved network LSA seqnum
|
|
* It's possible for the packet output buffer to be filled up with a long
series of non-Hello packets in between Hellos packets, such that the
router's neighbours don't receive the Hello packet in time, even though
the hello-timer ran at about the right time. Fix this by prioritising
Hello packets, letting them skip the queue and go ahead of any packets
already on the queue.
This problem can occur when there are lots of LSAs and slow links.
* ospf_packet.h: (ospf_hello_send_sub) not used outside of ospf_packet.c
* ospf_packet.c: (ospf_fifo_push_head) add packet to head of fifo (so its
no longer really a fifo, but hey)
(ospf_packet_add_top) add packet to top of the packet output queue.
(ospf_hello_send_sub) Put Hello's at the top of the packet output queue.
make it take in_addr_t parameter, so that this
ospf_hello_send can re-use this code too.
(ospf_hello_send) consolidate code by using ospf_hello_send_sub
(ospf_poll_send,ospf_hello_reply_timer) adjust for ospf_hello_send_sub.
|
|
* The hello protocol monitors connectivity in 2 different ways:
a) local -> remote
b) remote -> local
Connectivity is required in both directions (2-way) for adjacencies to
form.
The first requires a round-trip to detect, and is done by advertising
which other hosts a router knows about in its hello messages. This allows
a host to detect which other routers are and are not receiving its
message. If a remote neighbour delists the local router, then the local
router raises a "1-Way Received" event.
The latter is straight-forward, and is detected by setting a timer for the
neighbour. If another Hello packet is not received within this time then
the neighbour is dead, and a separate "Inactive" event is raised.
These are 2 different and relatively independent measures.
Knowing that we can optimise the 2nd, remote->local measure and reset
the timer when /any/ packet arrives from that neighbour. For any packet
is as good as a Hello packet. This can help in marginal situations, where
the number of protocol messages that must be sent sometimes can exceed
the capacity of the network to transmit the messages within the configured
dead-time. I.e. an OSPF network with lots of LSAs, slow links and/or
slow hosts (e.g. O(10k) LSAs, O(100kbit) links, embedded CPUs, and O(10s)
dead-times).
This optimisation allows an OSPF network to run closer to this margin,
and/or allows networks to perhaps better cope with rare periods of
exceptional load, where otherwise they would not.
It's fully compatible with plain OSPF implementations and doesn't
prejudice dead-neighbour detection.
* ospf_nsm.h: Rename HelloReceived event to PacketReceived.
* ospf_nsm.c: (nsm_hello_received) -> nsm_packet_received
* ospf_packet.c: Schedule PacketReceived whenever a valid message is
received.
|
|
|
|
* ospf_ase.c: (ospf_ase_calculate_route) Fix compiler warning about eval
needing brackets.
(various) add defensive asserts.
* ospf_lsdb.c: (ospf_lsdb_add) add missing node unlock if same lsa already
was indexed.
(ospf_lsdb_delete) check it's actually the same as specified lsa before
deleting
(ospf_lsdb_lookup_by_id_next) fix another corner case - no result =>
don't go on.
|
|
* ospf_lsa.c: (ospf_lsa_refresh_walker) fix an "unlock before use" bug
(various) add asserts for lsa refcounting.
|
|
* ospf_interface.c: (ospf_if_{new,cleanup}) don't touch the network_lsa_self,
ISM and NSM take care of cleaning it up if needs be + we want to keep
network_lsa_self around when possible for the the seqnum.
This shouldn't really make much difference though, particularly as we have
a separate sequence number memory mechanism.
|
|
* ospf_packet.c: (ospf_ls_upd) the corresponding test on the arrival side
in (ospf_flood) is <, so this should be >=, not >, purely for consistency.
There is no practical effect here though.
|
|
* ospf_interface.c: (ospf_if_free) events with dangling pointers left
scheduled can be seriously bad for ospfd's health. Cancel the event.
|
|
* ospf_{ism,network}.c: Certain oft-repeated but trivial messages should be
debug log level, not info, to avoid spamming 'terminal monitor'
|
|
* lib/table.c: (route_node_match) fix overshoot that was causing this
function to go 1 bit too far and thus reading past end of prefix.
(route_node_lookup) be defensive - don't assume others will clean up
leaves when removing info.
|
|
* lib/prefix.c: (prefix_match) nano-optimisation, let it return early
without copying pointers.
|
|
* workqueue.c: (work_queue_run) Err more on the side of keeping granularity
down, by being more conservative about increasing it.
Also, fix mispelling.
|
|
* (general) this can be useful when investigating thread latency problems,
when you don't want to have to restart a daemon between tests.
* thread.c: (cpu_record_(hash_)clear) wipe the stored thread cpu history
data, according to the filter, similar to the vty print code.
(clear_thread_cpu_cmd) new command to clear data.
* thread.h: export new command
* command.c: install it
|
