| Age | Commit message (Collapse) | Author | 
|---|
|  | * bgp_fsm.c: I have found an fd leak in bgpd that is caused by the 'new'
  Clearing state.  I've been seeing it from hold timer failures, but it can
  also be triggered by other things.
  When Hold_Timer_expired fires in Established state, a notify is sent and
  BGP_Stop event queued.  The fsm then transitions into Clearing state.
  That is the problem; When the BGP_Stop event is serviced, the state table
  says to ignore it while in Clearing.  Thus bgp_stop is not called and the
  fd leaks.  Previously the peer would be in Idle state, which correctly
  handles the BGP_Stop event.
  Fix by making bgp_stop safe to call from Clearing state, without losing
  ClearingCompleted events, and then ensuring it is called prior to
  transition from Clearing->Idle. | 
|  | * kernel_null.c: we're pretending to add an address, so
  set IFC_REAL. If this isn't done, calling into the 'got address
  from kernel' half of zebra will implicitly-withdraw the ifc, which
  could cause a crash in test_zebra.c. | 
|  |  | 
|  | AS_CONFED_SEQUENCE segment should always be deleted when prepending
(e.g. with a route-map) an AS_SEQUENCE segment to an AS path. Otherwise,
AS_CONFED_SEQUENCE will not be deleted later when updating EBGP peers (since
it is not the leftmost segment) and will leak outside the confederation. | 
|  | This patch implements BGP confederation error handling in Quagga as described
in RFC5065, paragraph 5.
* bgp_aspath.c: (aspath_confed_check, aspath_left_confed_check) new functions
* bgp_attr.c: (bgp_attr_aspath_check) apply previous and NOTIFY if there's
  a problem. | 
|  | */*: ifp->flags is 64 bit unsigned which can not be handled by %l on 32
     bit architectures - requires %ll and the appropriate cast. | 
|  | Start BGP listener only after first instance is started.  This helps the
security if BGP is not used but daemon is started.  It also addresses some
issues like MD5 not working on listener unless IPV6 configured (because
listener was not in list); as well as compiler warnings.
* bgp_network.c: (bgp_listener) listen socket creation consolidated here
  (bgp_socket) Use bgp_listener
* bgpd.c: (bgp_get) call bgp_socket on creation of first struct bgp.
  (bgp_init) remove bgp_socket call.
* memtypes.c: Add MTYPE_BGP_LISTENER | 
|  | bgpd.c: (various tables) only used in one place and are immutable. | 
|  | * ripd.c: (rip_create_socket) RIP packets should go out with Type Of Service
  (DSCP) set to Internet control (like OSPF and BGP). | 
|  | * bgp_vty.c: (BGP_UPDATE_SOURCE_STR) Restore ability to accept arbitrary
  interface names for the 'neighbor ... update-source' command - shouldn't
  have been deleted.
  (BGP_UPDATE_SOURCE_STR) Add help for same. | 
|  | Move zserv socket creation code into zebra_zserv_socket_init() and
call it only after pidfile lock has been acquired exclusively. This
keeps subsequent zebra daemons from deleting the working socket of
an already running process (bug #403). | 
|  | The man page for zebra(8) mentions as port number to connect to 2602,
but it's acutally 2601 (as shown in /etc/services). 2602 belongs to ripd.
Attached patch fixes this typo. | 
|  |  | 
|  | * bgp_route.c: (bgp_update_main) Nexthop reachability should be checked for
  confederations too in case a prefix is received from more than one
  confederation peers. | 
|  |  | 
|  | Currently, when accepting the connection, it can be left as zombie, when the
peer just initiates a connection, but never sends data (and the TCP
connection end packets are lost).  This happens because for accepted
connections a temporary new peer entry is created until OPEN message is
exchanged, and this temporary peer entry does not get the hold time
parameter set at all.
* bgp_network.c: (bgp_accept) Set hold time and keepalive values for ACCEPT
  peers. | 
|  | * bgp_route.c: (bgp_clear_node_queue_init) fix buffer
  overrun. | 
|  | zebra_rib.c: process_subq(): #ifdef out debug code. | 
|  | I've spent the last several weeks working on stability fixes to bgpd.
These patches fix all of the numerous crashes, assertion failures, memory
leaks and memory stomping I could find.  Valgrind was used extensively.
Added new function bgp_exit() to help catch problems.  If "debug bgp" is
configured and bgpd exits with status of 0, statistics on remaining
lib/memory.c allocations are printed to stderr.  It is my hope that other
developers will use this to stay on top of memory issues.
Example questionable exit:
  bgpd: memstats: Current memory utilization in module LIB:
  bgpd: memstats:  Link List                     :          6
  bgpd: memstats:  Link Node                     :          5
  bgpd: memstats:  Hash                          :          8
  bgpd: memstats:  Hash Bucket                   :          2
  bgpd: memstats:  Hash Index                    :          8
  bgpd: memstats:  Work queue                    :          3
  bgpd: memstats:  Work queue item               :          2
  bgpd: memstats:  Work queue name string        :          3
  bgpd: memstats: Current memory utilization in module BGP:
  bgpd: memstats:  BGP instance                  :          1
  bgpd: memstats:  BGP peer                      :          1
  bgpd: memstats:  BGP peer hostname             :          1
  bgpd: memstats:  BGP attribute                 :          1
  bgpd: memstats:  BGP extra attributes          :          1
  bgpd: memstats:  BGP aspath                    :          1
  bgpd: memstats:  BGP aspath str                :          1
  bgpd: memstats:  BGP table                     :         24
  bgpd: memstats:  BGP node                      :          1
  bgpd: memstats:  BGP route                     :          1
  bgpd: memstats:  BGP synchronise               :          8
  bgpd: memstats:  BGP Process queue             :          1
  bgpd: memstats:  BGP node clear queue          :          1
  bgpd: memstats: NOTE: If configuration exists, utilization may be expected.
Example clean exit:
  bgpd: memstats: No remaining tracked memory utilization.
This patch fixes bug #397: "Invalid free in bgp_announce_check()".
This patch fixes bug #492: "SIGBUS in bgpd/bgp_route.c:
bgp_clear_route_node()".
My apologies for not separating out these changes into individual patches.
The complexity of doing so boggled what is left of my brain.  I hope this
is all still useful to the community.
This code has been production tested, in non-route-server-client mode, on
a linux 32-bit box and a 64-bit box.
Release/reset functions, used by bgp_exit(), added to:
  bgpd/bgp_attr.c,h
  bgpd/bgp_community.c,h
  bgpd/bgp_dump.c,h
  bgpd/bgp_ecommunity.c,h
  bgpd/bgp_filter.c,h
  bgpd/bgp_nexthop.c,h
  bgpd/bgp_route.c,h
  lib/routemap.c,h
File by file analysis:
* bgpd/bgp_aspath.c: Prevent re-use of ashash after it is released.
* bgpd/bgp_attr.c: #if removed uncalled cluster_dup().
* bgpd/bgp_clist.c,h: Allow community_list_terminate() to be called from
  bgp_exit().
* bgpd/bgp_filter.c: Fix aslist->name use without allocation check, and
  also fix memory leak.
* bgpd/bgp_main.c: Created bgp_exit() exit routine.  This function frees
  allocations made as part of bgpd initialization and, to some extent,
  configuration.  If "debug bgp" is configured, memory stats are printed
  as described above.
* bgpd/bgp_nexthop.c: zclient_new() already allocates stream for
  ibuf/obuf, so bgp_scan_init() shouldn't do it too.  Also, made it so
  zlookup is global so bgp_exit() can use it.
* bgpd/bgp_packet.c: bgp_capability_msg_parse() call to bgp_clear_route()
  adjusted to use new BGP_CLEAR_ROUTE_NORMAL flag.
* bgpd/bgp_route.h: Correct reference counter "lock" to be signed.
  bgp_clear_route() now accepts a bgp_clear_route_type of either
  BGP_CLEAR_ROUTE_NORMAL or BGP_CLEAR_ROUTE_MY_RSCLIENT.
* bgpd/bgp_route.c:
  - bgp_process_rsclient(): attr was being zero'ed and then
    bgp_attr_extra_free() was being called with it, even though it was
    never filled with valid data.
  - bgp_process_rsclient(): Make sure rsclient->group is not NULL before
    use.
  - bgp_processq_del(): Add call to bgp_table_unlock().
  - bgp_process(): Add call to bgp_table_lock().
  - bgp_update_rsclient(): memset clearing of new_attr not needed since
    declarationw with "= { 0 }" does it.  memset was already commented
    out.
  - bgp_update_rsclient(): Fix screwed up misleading indentation.
  - bgp_withdraw_rsclient(): Fix screwed up misleading indentation.
  - bgp_clear_route_node(): Support BGP_CLEAR_ROUTE_MY_RSCLIENT.
  - bgp_clear_node_queue_del(): Add call to bgp_table_unlock() and also
    free struct bgp_clear_node_queue used for work item.
  - bgp_clear_node_complete(): Do peer_unlock() after BGP_EVENT_ADD() in
    case peer is released by peer_unlock() call.
  - bgp_clear_route_table(): Support BGP_CLEAR_ROUTE_MY_RSCLIENT.  Use
    struct bgp_clear_node_queue to supply data to worker.  Add call to
    bgp_table_lock().
  - bgp_clear_route(): Add support for BGP_CLEAR_ROUTE_NORMAL or
    BGP_CLEAR_ROUTE_MY_RSCLIENT.
  - bgp_clear_route_all(): Use BGP_CLEAR_ROUTE_NORMAL.
  Bug 397 fixes:
    - bgp_default_originate()
    - bgp_announce_table()
* bgpd/bgp_table.h:
  - struct bgp_table: Added reference count.  Changed type of owner to be
    "struct peer *" rather than "void *".
  - struct bgp_node: Correct reference counter "lock" to be signed.
* bgpd/bgp_table.c:
  - Added bgp_table reference counting.
  - bgp_table_free(): Fixed cleanup code.  Call peer_unlock() on owner if
    set.
  - bgp_unlock_node(): Added assertion.
  - bgp_node_get(): Added call to bgp_lock_node() to code path that it was
    missing from.
* bgpd/bgp_vty.c:
  - peer_rsclient_set_vty(): Call peer_lock() as part of peer assignment
    to owner.  Handle failure gracefully.
  - peer_rsclient_unset_vty(): Add call to bgp_clear_route() with
    BGP_CLEAR_ROUTE_MY_RSCLIENT purpose.
* bgpd/bgp_zebra.c: Made it so zclient is global so bgp_exit() can use it.
* bgpd/bgpd.c:
  - peer_lock(): Allow to be called when status is "Deleted".
  - peer_deactivate(): Supply BGP_CLEAR_ROUTE_NORMAL purpose to
    bgp_clear_route() call.
  - peer_delete(): Common variable listnode pn.  Fix bug in which rsclient
    was only dealt with if not part of a peer group.  Call
    bgp_clear_route() for rsclient, if appropriate, and do so with
    BGP_CLEAR_ROUTE_MY_RSCLIENT purpose.
  - peer_group_get(): Use XSTRDUP() instead of strdup() for conf->host.
  - peer_group_bind(): Call bgp_clear_route() for rsclient, and do so with
    BGP_CLEAR_ROUTE_MY_RSCLIENT purpose.
  - bgp_create(): Use XSTRDUP() instead of strdup() for peer_self->host.
  - bgp_delete(): Delete peers before groups, rather than after.  And then
    rather than deleting rsclients, verify that there are none at this
    point.
  - bgp_unlock(): Add assertion.
  - bgp_free(): Call bgp_table_finish() rather than doing XFREE() itself.
* lib/command.c,h: Compiler warning fixes.  Add cmd_terminate().  Fixed
  massive leak in install_element() in which cmd_make_descvec() was being
  called more than once for the same cmd->strvec/string/doc.
* lib/log.c: Make closezlog() check fp before calling fclose().
* lib/memory.c: Catch when alloc count goes negative by using signed
  counts.  Correct #endif comment.  Add log_memstats_stderr().
* lib/memory.h: Add log_memstats_stderr().
* lib/thread.c: thread->funcname was being accessed in thread_call() after
  it had been freed.  Rearranged things so that thread_call() frees
  funcname.  Also made it so thread_master_free() cleans up cpu_record.
* lib/vty.c,h: Use global command_cr.  Add vty_terminate().
* lib/zclient.c,h: Re-enable zclient_free(). | 
|  | This patch fixes:
bgp_network.c: In function 'bgp_md5_set':
bgp_network.c:107: warning: cast from pointer to integer of different size
bgp_network.c: In function 'bgp_socket':
bgp_network.c:447: warning: cast to pointer from integer of different size | 
|  | * configure.ac: Move down the AC_SYS_LARGEFILE test - it was setting CFLAGS
  and so disabling the default CFLAGS setting section.
  Squish warning by adding AC_CONFIG_MACRO_DIR on the reccommendation of
  autoreconf. | 
|  | * bgpd.c: Removal of (struct bgp *) from the master list was being left to
  bgp_free time.  This meant there was a window of time between bgp_delete
  and refcounts hitting 0 (e.g.  routes to be processed) where bgp_lookup's
  could return a deleted (struct bgp *).
  (bgp_delete) This is the logical place where a (struct bgp *) should lose
  its visibility, so move the deletion from the bgp-master list to here,
  from bgp_free.
  Many thanks to Fritz Reichmann for his thorough debugging of the problem
  and testing of fixes and Chris Caputo for his further analysis. | 
|  | * lib/sockunion.c: (sockunion_normalise_mapped) The code to normalize
  address was not copying port value - probably reason why IPV4 in IPV6
  never worked right. | 
|  | * ospf6_lsa.c: (ospf6_lsa_premature_aging) set age to MAX_AGE - don't
  rely on 0 magically meaning same.
  (ospf6_lsa_age_current) handle MAXAGE. | 
|  | * lib/thread.{c,h}: As per subject. This will avoid head-scratching for next
  person who adds a thread-type and gets strange breakage. | 
|  | Should a self originated Network/Router LSA with higher
LS seq. nr. be received we should flood and install it in
the LSDB but we cannot use it for our internal calculations
as it is stale.
Reorginate an new LSA to replace the stale one as soon
as possible. | 
|  | * bgp_route.c: (bgp_{input,output}_filter) Log a debug warning if a route is
  received or sent and a filter name is configured for a prefix, as or
  distribute list but none is found - guaranteed configuration mistake. | 
|  | Add 2 impl. of the Internet Checksum. One new optimized nad
one form RFC 1071. Turns out that the current Quagga in_cksum()
is buggy. On Big Endian routers it miscalculates odd sized buffers. | 
|  | ospf_path_lookup(), ospf_route_match_same() and
ospf_ase_route_match_same() needs to
compare if the interface matches too. | 
|  | Configure option "--disable-doc" will prevent building
the documents under doc. Saves build time and the need to
have document building tools installed. Useful when your build
machine is different from your development machine. | 
|  | A few route_unlock_node() calls was missing. | 
|  | ospf_lsa_install() will calculate LSA checksum so no
need to do it before calling ospf_lsa_install().
Set the OSPF_LSA_SELF_CHECKED flag on own LSA's to
save ospf_lsa_is_self_originated() some work.
Do not memset() memory that is about to overwritten
with memcpy(). | 
|  |  | 
|  | A static route like below: ip route 172.16.1.0/30 192.168.101.162 11
does not move properly to a new interface when the
interface used goes down. Zebra reports that it have
moved but kernel isn't informed so the route is lost.
* zebra_rib.c: (nexthop_active_update) if ifindex has changed, then the
  route should be considered to have changed.
Signed-off-by: Joakim Tjernlund <Joakim.Tjernlund@transmode.se> | 
|  | vtsh_main.c: save 1000 last lines of history to $HOME/.history_quagga (the
file must be created by hand first, this is intended behaviour) | 
|  |  | 
|  |  | 
|  | * bgp_route.c: Was missing these commands. | 
|  |  | 
|  | The patch by Chris Caputo, which was used to prepare 0.99.12
release, consists of three parts:
1. memory allocation fix itself
2. fix for warnings about constant variables
3. fix for printf format specs (%d was used instead of %u)
It was confirmed later, that:
a. a much simpler bugfix was available for memory allocation
b. committed version of the bugfix wasn't optimal CPU-wise
At this point I consider reasonable to revert the allocation
portion of that patch and to replace it with the shorter
version, which is:
-#define ASN_STR_LEN (5 + 1)
+#define ASN_STR_LEN (10 + 1)
Other two parts of Mr. Caputo's patch remain intact. | 
|  | Quagga support linux policy routing (ip route ... table $X) with zebra.conf
table $X option.  It works fine on ipv4.  On ipv6 the parameter is ignored
(table 0 is used).
* zebra/...: Pass appropriate table arg to rib_{add,delete}_ipv6 | 
|  |  | 
|  | ksh93 script cannot have 'stop' functions w/o cancelling
existing definition first. Fixed. | 
|  | * bgpd/bgp_damp.c: Make bgp_damp_reuse_time_vty() accept a buffer and
  length, rather than returning a local var buffer whose contents can get
  trounced.  Remove duplicate BGP_UPTIME_LEN define.
* bgpd/bgp_damp.h: bgp_damp_reuse_time_vty() prototype change.
* bgpd/bgp_route.c: Provide bgp_damp_reuse_time_vty() with a buffer and
  length.  Remove duplicate BGP_UPTIME_LEN define.
This problem was noticed in 2005...
  http://hibernia.jakma.org/~paul/patches/quagga-test.diff
...but the fix didn't make it into the code.
Signed-off-by: Chris Caputo <ccaputo@alt.net> | 
|  | * vtysh/vtysh.c: "end" should be printed at the bottom, not the top.
* vtysh/vtysh_config.c: PROTOCOL_NODE was not being handled, and thus was
  being displayed at the top of a config, rather than in its rightful
  place near the bottom.
Signed-off-by: Chris Caputo <ccaputo@alt.net> | 
|  | * bgpd/bgp_network.c: Fix MD5 listen in IPv4 version of bgp_socket() by
  adding listen socket to listen_sockets list so that MD5 passwords can
  get set.
* lib/sockopt.c: (sockopt_tcp_signature) Fix bogus "% Error while applying
  TCP-Sig to session(s)" / "can't set TCP_MD5SIG option" startup error
  messages by not returning error when there isn't one. | 
|  | This piece of code causes all Quagga routers on a broadcast link to
send a HELLO packet simultaneously if they see a new neighbor. It also
resets the HELLO timer, so all the quagga routers will continue to
send HELLO packets simultaneously in the future. This is not good
(especially on networks with a lot of Quagga routers connected), and
is explicitly discouraged by the OSPF standard, RFC 2328 (chapter
4.4.Timers).
I suggest to remove the code snippet, it does not provide much benefit
anyway. | 
|  | Adds "ipv6 nd router-preference (high|medium|low)" and
"no ipv6 nd router-preference" interface commands.
Files modified:
   doc/ipv6.texi
   zebra/interface.c
   zebra/interface.h
   zebra/rtadv.c
   zebra/rtadv.h
Signed-off-by: Chris Caputo <ccaputo@alt.net> | 
|  | * doc/Makefile.am: arguments for the 'convert' programme seem to have
  changed incompatibly at some stage - just remove the problematic -dither. | 
|  |  |