summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2011-11-21bgpd: fix update-source for IPv6 (BZ#548)David Lamparter
if update-source was given as interface name, bgpd was unconditionally trying to bind to an IPv4 address from that interface. change function to find the best-matching (number of address bits) same-family address on the interface.
2011-11-21lib: prefix2sockunion, prefix_common_bits helper functionsDavid Lamparter
prefix2sockunion converts a struct prefix* to a union sockunion *; prefix_common_bits counts the number of common bits in the prefix's address part.
2011-11-15bgpd: fix "nexthop-local unchanged" (BZ#350)Dylan Hall
2011-11-15bgpd: justify capabilities for TOS settingChris Luke
To set the TOS bits on TCP connections, platforms that restrict capabilities need the priv level to be raised before the sockopt is set, and this requires the ZCAP_NET_ADMIN priv. * bgp_main.c: update _caps_p to include ZCAP_NET_ADMIN * bgp_network.c * bgp_connect(): request ZPRIVS_RAISE/ZPRIVS_LOWER * bgp_listener(): request ZPRIVS_RAISE earlier
2011-11-15ospfd: improve fix to CVE-2011-3326 (BZ#586)Thomas Ries
Make ospf_flood() propagate error returned by ospf_lsa_install() further to properly discard the malformed LSA, not just prevent the immediate crash.
2011-11-15bgpd: revised fix to --dryrun (BZ#622)Sergey Y. Afonin
2011-10-19bgpd: fix more regressions in attr flag checksDenis Ovsienko
Commit 05a4936b713b9882171d0f7fb20b8439df23939e fixed some of the attributes involved, but not all. This commit should do it. * bgp_attr.c * bgp_attr_originator_id() * bgp_attr_cluster_list() * bgp_mp_reach_parse() * bgp_mp_unreach_parse()
2011-10-17lib: fix endianness of masklen2ip()Denis Ovsienko
2011-10-17lib: make masklen2ip() safer and fasterDenis Ovsienko
2011-10-17ospf6d: make some old sizing checks assertionsDenis Ovsienko
As long as ospf6_packet_examin() is now the single checkpoint for received packets, most of the old checks performed elsewhere can be converted into assert() constructs. Malformed input data at respective points can be attributed solely to a programming error, not a malformed packet. * ospf6_message.c * ospf6_hello_print() * ospf6_dbdesc_print() * ospf6_lsreq_print() * ospf6_lsupdate_print() * ospf6_lsack_print() * ospf6_hello_recv() * ospf6_dbdesc_recv_master() * ospf6_dbdesc_recv_slave() * ospf6_lsreq_recv() * ospf6_lsupdate_recv() * ospf6_lsupdate_recv() * ospf6_lsack_recv() * ospf6_receive()
2011-10-17zebra: trivial warning fixPaul Jakma
* zebra_routemap.c: (route_set_src) get rid of the dummy family variable.
2011-10-17doc: Add dependency for quagga.pdf make targetPaul Jakma
* doc/Makefile.am: pdf target needs to depend on all the input files.
2011-10-17bgpd: improve "monotonic" uptime correctionJohn Kemp
Older versions of Quagga/Zebra would output a value in MRT table dump files for "uptime" aka "ORIGINATED" that was a WALL clock value. Given that uptime is now internally a bgp_clock MONOTONIC value, the output in the MRT files is showing up as monotonic. Note: time of MRT dump is still recorded correctly as a time() based value, so we haven't lost that value. Proposal is to correct the uptime output on the vty and in the MRT files to again display something more akin to WALL time. * bgp_dump.c: (bgp_dump_routes_func) add conditional correction * bgp_route.c: (route_vty_out_detail) make correction conditional, move variable declaration to beginning of the function
2011-10-17ripngd: copy debug statements fix from ripdStephen Hemminger
Doesn't ripng needs same fix as ripd.
2011-10-17doc: "[no] router zebra" does not belong to ospfdDenis Ovsienko
2011-10-17ospfd: justify ospf_default_originate_timer()Denis Ovsienko
The function is implemented in ospf_lsa.c, move its "extern" declaration to ospf_lsa.h for consistency.
2011-10-17bgpd: add flag checks for MP_(UN)REACH_NLRIDenis Ovsienko
* bgp_attr.[ch] * bgp_mp_reach_parse(): add extra arguments and a uniform flag check block * bgp_mp_unreach_parse(): idem * bgp_attr_parse(): provide extra arguments * bgp_mp_attr_test.c * parse_test(): justify respective calls
2011-10-17bgpd: improve attr length error handling (BZ#679)Denis Ovsienko
* bgp_attr.c * bgp_attr_parse(): provide extra argument to bgp_attr_aggregator() * bgp_attr_local_pref(): use bgp_notify_send_with_data() * bgp_attr_atomic(): idem * bgp_attr_aggregator(): idem
2011-10-17bgpd: fix spelling of CLUSTER_LISTDenis Ovsienko
2011-10-17bgpd: check CLUSTER_LIST attribute flagsDenis Ovsienko
* bgp_attr.c * bgp_attr_cluster_list(): accept extra argument, add checks for "optional", "transitive" and "partial" bits, log each error condition independently * bgp_attr_parse(): provide extra arguments
2011-10-17bgpd: check ORIGINATOR_ID attribute flagsDenis Ovsienko
* bgp_attr.c * bgp_attr_originator_id(): accept extra argument, add checks for "optional", "transitive" and "partial" bits, log each error condition independently * bgp_attr_parse(): provide extra arguments
2011-10-17bgpd: fix regression in improved attr flag checksDenis Ovsienko
Commit 2febf323411c1aed9d7694898f852ce2ef36a7e5 assumed every flag bit except optional/transitive/partial unset, which at times could not be true for "extended length" bit. * bgp_attr.c * bgp_attr_origin(): exclude BGP_ATTR_FLAG_EXTLEN from comparison * bgp_attr_nexthop(): idem * bgp_attr_med(): idem * bgp_attr_local_pref(): idem * bgp_attr_atomic(): idem
2011-10-17bgpd: improve attr flags checksDenis Ovsienko
Do not check each of the Optional/Transitive/Partial attribute flag bits, when their only valid combination is known in advance, but still perform bit-deep error message logging. This change assumes unused (low-order) 4 bits of the flag octet cleared. * bgp_attr.c * bgp_attr_origin(): rewrite check * bgp_attr_nexthop(): idem * bgp_attr_med(): idem * bgp_attr_local_pref(): idem * bgp_attr_atomic(): idem
2011-10-17bgpd: add missing "partial" flag checks (BZ#676)Denis Ovsienko
ORIGIN handling function used to have "partial" bit check and recent commits added it for NEXT_HOP, MULTI_EXIT_DISC and ATOMIC_AGGREGATE cases. This commit adds "partial" check for AS_PATH and LOCAL_PREF cases, which should leave attributes 1 through 6 inclusive completely covered with attribute flags checks. * bgp_attr.c * bgp_attr_origin(): use bit-by-bit checks for better diagnostics * bgp_attr_aspath(): add flag check * bgp_attr_local_pref(): idem
2011-10-17bgpd: ignore 4 bits of attribute flags byteDenis Ovsienko
2011-10-17vtysh: [build] silence preprocessor errors in some casesDmitrij Tejblum
* extract.pl.in: use configured CPPFLAGS in cpp invocation.
2011-10-17lib: compile even without IPV6_TCLASSDenis Ovsienko
2011-10-17IPv6 transport class suppportStephen Hemminger
IPv6 supports the same concept of differentiated service for routing protocols as IPv4, but like too many things, the standards committee decided that having two names for the same thing wasn't good enough and introduced a third more generic term transport class. The socket option to set transport class works the same as IPv4, but the arguments are different. * lib/sockopt.[ch] * setsockopt_ipv6_tclass(): new function * bgpd/bgp_network.c * bgp_connect(): set socket option * bgp_listener(): set socket option * ospf6d/ospf6_network.c * ospf6_set_transport_class(): new function * ospf6_serv_sock(): set socket option * ripngd/ripngd.c * ripng_make_socket(): set socket option
2011-09-29version RE-0.99.17.5Denis Ovsienko
2011-09-29ospfd: fix regression in recent commitYAMAMOTO Shigeru
commit '717750433839762d23a5f8d88fe0b4d57c8d490a' causes SEGV error, when 'oi = ospf_if_lookup_recv_if (ospf, iph->ip_src, ifp);' returns NULL. * ospf_packet.c * ospf_read(): change a place of calling 'ospf_verify_header()'
2011-09-26version RE-0.99.17.4Denis Ovsienko
2011-09-26ospf6d: CVE-2011-3323 (fortify packet reception)Denis Ovsienko
This vulnerability (CERT-FI #514840) was reported by CROSS project. ospf6d processes IPv6 prefix structures in incoming packets without verifying that the declared prefix length is valid. This leads to a crash caused by out of bounds memory access. * ospf6_abr.h: new macros for size/alignment validation * ospf6_asbr.h: idem * ospf6_intra.h: idem * ospf6_lsa.h: idem * ospf6_message.h: idem * ospf6_proto.h: idem * ospf6_message.c * ospf6_packet_minlen: helper array for ospf6_packet_examin() * ospf6_lsa_minlen: helper array for ospf6_lsa_examin() * ospf6_hello_recv(): do not call ospf6_header_examin(), let upper layer verify the input data * ospf6_dbdesc_recv(): idem * ospf6_lsreq_recv(): idem * ospf6_lsupdate_recv(): idem * ospf6_lsack_recv(): idem * ospf6_prefixes_examin(): new function, implements A.4.1 * ospf6_lsa_examin(): new function, implements A.4 * ospf6_lsaseq_examin(): new function, an interface to above * ospf6_packet_examin(): new function, implements A.3 * ospf6_rxpacket_examin(): new function, replaces ospf6_header_examin() * ospf6_header_examin(): sayonara * ospf6_receive(): perform passive interface check earliest possible, employ ospf6_rxpacket_examin()
2011-09-26ospf6d: CVE-2011-3324 (DD LSA assertion)Denis Ovsienko
This vulnerability (CERT-FI #514839) was reported by CROSS project. When Database Description LSA header list contains trailing zero octets, ospf6d tries to process this data as an LSA header. This triggers an assertion in the code and ospf6d shuts down. * ospf6_lsa.c * ospf6_lsa_is_changed(): handle header-only argument(s) appropriately, do not treat LSA length underrun as a fatal error.
2011-09-26ospfd: CVE-2011-3325 part 2 (OSPF pkt type segv)Denis Ovsienko
This vulnerability (CERT-FI #514838) was reported by CROSS project. The error is reproducible only when ospfd debugging is enabled: * debug ospf packet all * debug ospf zebra When incoming packet header type field is set to 0x0a, ospfd will crash. * ospf_packet.c * ospf_verify_header(): add type field check * ospf_read(): perform input checks early
2011-09-26ospfd: CVE-2011-3325 part 1 (OSPF header underrun)Denis Ovsienko
This vulnerability (CERT-FI #514838) was reported by CROSS project. When only 14 first bytes of a Hello packet is delivered, ospfd crashes. * ospf_packet.c * ospf_read(): add size check
2011-09-26ospfd: CVE-2011-3326 (uknown LSA type segfault)CROSS
This vulnerability (CERT-FI #514837) was reported by CROSS project. They have also suggested a fix to the problem, which was found acceptable. Quagga ospfd does not seem to handle unknown LSA types in a Link State Update message correctly. If LSA type is something else than one supported by Quagga, the default handling of unknown types leads to an error. * ospf_flood.c * ospf_flood(): check return value of ospf_lsa_install()
2011-09-26bgpd: CVE-2011-3327 (ext. comm. buffer overflow)CROSS
This vulnerability (CERT-FI #513254) was reported by CROSS project. They have also suggested a fix to the problem, which was found acceptable. The problem occurs when bgpd receives an UPDATE message containing 255 unknown AS_PATH attributes in Path Attribute Extended Communities. This causes a buffer overlow in bgpd. * bgp_ecommunity.c * ecommunity_ecom2str(): perform size check earlier
2011-09-25bgpd: improve NEXT_HOP attribute checks (BZ#680)Denis Ovsienko
* lib/prefix.h * IPV4_CLASS_DE(): new helper macro * bgp_attr.c * bgp_attr_nexthop(): add check for "partial" bit, refresh flag error reporting, explain meaning of RFC4271 section 6.3 and implement it
2011-09-25bgpd: don't be confused by "unspecific" subcode in the NOTIFY message.Dmitrij Tejblum
* bgp_debug.c (bgp_notify_open_msg, bgp_notify_update_msg, bgp_notify_cease_msg, bgp_notify_capability_msg): add messages for "unspecific" subcode.
2011-09-25lib: provide more information in case of failed LOOKUP.Dmitrij Tejblum
* log.[ch] * mes_lookup: add a parameter with the name of the message list, print the name in case of failure. * LOOKUP macro: pass the name of the message list.
2011-09-25bgpd: check ATOMIC_AGGREGATE attr flags (BZ#678)Denis Ovsienko
* bgp_attr.c * bgp_attr_atomic(): accept extra argument, add checks for "optional", "transitive" and "partial" bits, log each error condition independently * bgp_attr_parse(): provide extra argument
2011-09-25bgpd: check MULTI_EXIT_DISC attr flags (BZ#677)Denis Ovsienko
* bgp_attr.c * bgp_attr_med(): add checks for "optional", "transitive" and "partial" bits, log each error condition independently
2011-09-25bgpd: check LOCAL_PREF attribute flags (BZ#674)Denis Ovsienko
* bgp_attr.c * bgp_attr_local_pref(): accept extra argument, add checks for "optional" and "transitive" bits, log each error condition independently * bgp_attr_parse(): provide extra argument
2011-09-25configure: test for glibc backtrace even without glibc.Dmitrij Tejblum
Other platform may have compatible facilities.
2011-09-25ospfd: remove unused macroDenis Ovsienko
2011-09-25doc: fix typoRoman Hoog Antink
2011-09-25isisd: raise hello rate for DIS (BZ#539)Fritz Reichmann
* isis_pdu.c: Divide hello interval by three, depending if we are DIS or not.
2011-09-25isisd: fix crash on "no router isis" (BZ#536)Fritz Reichmann
The crash is due to threads accessing data that gets destroyed during the removal of the configuration. * isis_circuit.c: Destroy adjacencies to stop adjacency expiry thread. Stop PSNP threads. * isisd.c: Change state of circuit back to INIT and reassign the circuit structure to isis->init_circ_list rather than destroying the circuit data structure. Stop SPF threads. Stop LSP generation threads. * isisd.h: Add pointers to LSP threads into area structure in order to stop them in isisd.c * isis_lsp.c: Store pointer to LSP thread in area structure. * isis_pdu.c: Stop PDU generation for a circuit with a removed area. * isis_pfpacket.c: Stop processing received PDUs for a circuit with a removed area.
2011-09-25ospf6d: Fix memory allocation issues in SPFTom Goff
* ospf6_area.c: Call ospf6_spf_table_finish() before deleting the spf table. This ensures that the associated ospf6_vertex structures are also freed. * ospf6_spf.c: Only allocate a priority queue when a spf calculation is actually performed.
2011-09-25ospf6d: Extend the "[no] debug ospf6 route" vty commandsTom Goff
* ospf6_route.c ([no_]debug_ospf6_route) Include memory as a debug option. This allows ospf6 route memory debugging to be enabled or disabled interactively or from a config file.