summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2012-10-25isisd: don't process invalid prefixes from TLVsDavid Lamparter
it's possible to feed invalid prefixes (1.2.3.4/40 or dead::beef/200) on IS-IS. if this is not checked, it will later cause an assert in processing. let's simply abort processing the TLV if the prefix is invalid. * isisd/isis_tlv.c: check prefix lengths for validity Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2012-10-25isisd: pull up invalid prefix assert()David Lamparter
processing invalid prefixes causes isisd to assert() or otherwise misbehave in ip_masklen/apply_mask. pull up the assert() to indicate better there's broken data in isisd's LSDB. * isisd/isis_spf.c: assert() prefix lengths Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2012-10-25isisd: fix null pointer dereference in send_lsp()Avneesh Sachdev
* isisd/isis_pdu.c: (send_lsp) Handle case where there are no LSPs on the LSP transmission queue. This can happen if, for instance, the queue is cleared because of protocol events before the send_lsp thread gets a chance to run.
2012-10-25isisd: tighten checks on ISIS pdu lengthAvneesh Sachdev
* isisd/isis_pdu.c: Fix problem where isisd would crash if it received a LAN IIH with the 'pdu length' field set to zero. Similar problems can occur in parsing other ISIS PDUs as well -- check that the PDU length in an ISIS hello, LSP or SNP packet is at least as big as the size of the respective fixed header.
2012-10-25lib: improve sanity checks in stream_set_endp()Avneesh Sachdev
* lib/stream.c: (stream_set_endp) Add checks to make sure that the supplied 'endp' is within the 'size' of the stream, and that the current read pointer 'getp' is not beyond the specified 'endp'.
2012-10-25ospfd: respect max-metric over configured cost for summary LSAsJR Rivers
ISSUE When max-metric router-lsa administrative is invoked on an ABR created with... area <area> range <addr/mask> the summary LSAs are sent out with 65535 (max-metric) added to the normal cost. When max-metric router-lsa administrative is invoked on an ABR created with... area <area> range <addr/mask> cost <cost> the summary LSAs are sent out with <cost> (the max-metric is ignored). This second behavior effectively incapacitates the max-metric function. PATCH This patch evaluates the state of the router and if it's isolated as a stub router (rfc3137) via `max-metric router-lsa`, we unconditionally uses the value of 0xff0000 when advertising summary LSAs. Signed-off-by: JR Rivers <jrrivers@cumulusnetworks.com> Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com> Reviewed-by: Ayan Banerjee <ayan@cumulusnetworks.com> Reviewed-by: Dinesh Dutt <ddutt@cumulusnetworks.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2012-10-25ospfd: ABR algorithm not propagating MAXAGE LSAs into areaJR Rivers
When a range (or sub-range) is deleted, the area is notified by propagating a MAXAGE LSA. This LSA stays in the database for a while to both insure propagation as well as in the off chance that it's useful in the near future. Unfortunately, the ABR algorithm was treating these MAXAGE LSAs as unchanged and not propagating them within the areas. Signed-off-by: JR Rivers <jrrivers@cumulusnetworks.com> Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com> Reviewed-by: Dinesh Dutt <ddutt@cumulusnetworks.com> Reviewed-by: Shrijeet Mukherjee <shm@cumulusnetworks.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2012-10-25ospfd: blackhole route removal for area rangeJR Rivers
ISSUE When an area range is created in which there the sub-area has routes that are smaller than the range, an ABR creates a blackhole route to cover the range. When the range is removed, the blackhole route is not removed. --A----B----C--- B is an ABR with A in area 1 and C in area 0. If A advertises `10.2.0.0/30` and `10.2.0.4/30` and B is configured with `area 0.0.0.1 range 10.2.0.0/29` a blackhole is created on B (`blackhole 10.2.0.0/29 proto zebra`). When the area/range is removed via the command line, the blackhole remains in existence even though the "range" route is removed from area 0 and the individual routes are propagated. PATCH The reason for this behavior is that, prior to this patch, the range is deleted from the area's list, so when ospf_abr_manage_discard_routes() gets called, there is nothing to clean up. The patch removes the discard route as part of the processing of the command line (ospf_area_range_unset()). Signed-off-by: JR Rivers <jrrivers@cumulusnetworks.com> Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com> Reviewed-by: Shrijeet Mukherjee <shm@cumulusnetworks.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2012-10-25lib: improve fletcher checksum validationJR Rivers
OVERVIEW The checksum used in OSPF (rfc2328) is specified in rc905 annex B. There is an sample implementation in rfc1008 which forms the basis of the quagga implementation. This algorithm works perfectly when generating a checksum; however, validation is a bit problematic. The following LSA (generated by a non-quagga implementation) is received by quagga and marked with an invalid checksum; however, it passes both the rfc905 and rfc1008 validation checks. static uint8_t lsa_10_121_233_29[] = { 0x0e, 0x10, 0x02, 0x03, 0x09, 0x00, 0x35, 0x40, 0x0a, 0x79, 0xe9, 0x1d, 0x80, 0x00, 0x00, 0x03, 0x00, 0x8a, 0x00, 0x1c, 0xff, 0xff, 0xff, 0xe0, 0x00, 0x00, 0x36, 0xb0 }; LS Type: Summary-LSA (IP network) LS Age: 3600 seconds Do Not Age: False Options: 0x02 (E) Link-State Advertisement Type: Summary-LSA (IP network) (3) Link State ID: 9.0.53.64 Advertising Router: 10.121.233.29 (10.121.233.29) LS Sequence Number: 0x80000003 LS Checksum: 0x008a Length: 28 Netmask: 255.255.255.224 Metric: 14000 You'll note that one byte of the checksum is 0x00; quagga would calculate the checksum as 0xff8a. It can be argued that the sourcing implementation generates an incorrect checksum; however, rfc905 indicates that, for 1's complement arithmetic, the value 255 shall be regarded as 0, thus either values are valid. EXPLANATION The quagga ospfd and ospf6d implementations operate by copying the PDU's existing checksum in a holding variable, calculating the checksum, and comparing the resulting checksum to the original. As a note, this implementation has the side effect of modifying the contents of the PDU. Evaluation of both rfc905 and rfc1008 shows that checksum validation should involve calculating the sum over the PDU and checking that both resulting C0 and C1 values are zero. This behavior is enacted in the rfc1008 implementation by calling encodecc with k = 0 (checksum offset); however, this functionality had been omitted from the quagga implementation. PATCH This patch adds the ability to call the quagga's fletcher_checksum() with a checksum offset value of 0xffff (aka FLETCHER_CHECKSUM_VALIDATE) which returns the sum over the buffer (a value of 0 indicates a valid checksum). This is similar to the mechanism in rfc1008 when called with k = 0. The patch also introduces ospf_lsa_checksum_valid(). ospf6d had it's own implementation of the fletcher checksum in ospf6_lsa_checksum(); it's the same algorithm as in fletcher_checksum(). This patch removes the local implementation in favor of the library's as well as creates and uses ospf6_lsa_checksum_valid(). quagga's ISIS implementation suffers from the same problem; however, I do not have the facilities to validate a fix to ISIS, thus this change has been left to the ISIS maintainers. The function iso_csum_verify() should be reduced to running the fletcher checksum over the buffer using an offset of 0. Signed-off-by: JR Rivers <jrrivers@cumulusnetworks.com> Reviewed-by: Scott Feldman <sfeldma@cumulusnetworks.com> Reviewed-by: Nolan Leake <nolan@cumulusnetworks.com> Reviewed-by: Ayan Banerjee <ayan@cumulusnetworks.com> Reviewed-by: Shrijeet Mukherjee <shm@cumulusnetworks.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2012-10-25zebra: make static routes respect table settingNolan Leake
Make static routes respect non-default routing tables. BEFORE PATCH ------------ ! in zebra.conf table 1 ! add static route vtysh> ip route 10.0.0.0/30 eth0 cumulus@net-top0:~$ ip route default via 192.168.0.2 dev eth0 10.0.0.0/30 dev eth0 proto zebra 192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.15 ! nothing in table 1 cumulus@net-top0:~$ ip route show table 1 AFTER PATCH ----------- ! in zebra.conf table 1 ! add static route vtysh> ip route 10.0.0.0/30 eth0 cumulus@net-top0:~$ ip route default via 192.168.0.2 dev eth0 192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.15 ! static route in table 1 cumulus@net-top0:~$ ip route show table 1 10.0.0.0/30 dev eth0 proto zebra Signed-off-by: Nolan Leake <nolan@cumulusnetworks.com> Reviewed-by: Scott Feldman <sfeldma@cumulusnetworks.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2012-10-19Revert "ospfd: Do not fall back to intervening router."Paul Jakma
This reverts commit 9289c6ff55cd96c943d23e43fc9e5f987aa965ed. The commit reverted an earlier change which was fixed a bug that caused black-holes to remote destinations with multiple paths, that could occur during convergence. Overall, the previous code is more correct.
2012-09-26lib/table: add route_table_get_next() and iteratorAvneesh Sachdev
* lib/table.[ch] - Add a function (route_table_get_next()) to get the route_node in a tree that succeeds a given prefix in iteration order. This allows one to reliably walk nodes in a tree while allowing modifications, and is useful for achieving scale and performance. Other approaches are also possible -- the main plus point of this one is that it does not require any state about the walk to be maintained in the table data structures. - Add an iterator for walking the nodes in a tree. This introduces a new structure (route_table_iter_t) and the following main functions. route_table_iter_init() route_table_iter_pause() route_table_iter_next() route_table_iter_cleanup() The iterator normally uses node pointers and the existing route_next() function to walk nodes efficiently. When an iteration is 'paused' with route_table_iter_pause(), it stores the last prefix processed. The next call to route_table_iter_next() transparently invokes route_table_get_next() with the prefix to resume iteration. * bgpd/bgp_table.[ch] Add wrappers for the new table features described above. * tests/table_test.c Add tests for the new table code. Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2012-09-26bgpd: make bgp_table a wrapper around table libraryAvneesh Sachdev
Make the BGP table code a thin wrapper around the table implementation in libzebra. * bgpd/bgp_table.[ch] - Use the ROUTE_NODE_FIELDS macro to embed the fields of a route_node in the bgp_node structure. - Add a route_table field to the bgp_table structure. Initialize the route_table with a delegate, such that the nodes in the table are bgp_node structures. - Add inline wrappers that call route_table functions underneath, and accept/return the correct BGP types. * bgpd/bgp_route.c Change some code to use inline wrappers instead of accessing fields of nodes/tables directly. The latter does not always work because the types of some fields need to be translated now. Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2012-09-26lib: prepare table code for reuse by bgp_tableAvneesh Sachdev
* lib/table.[ch] - Add a macro (ROUTE_NODE_FIELDS) that expands to all the fields of a route_node structure. - Add the route_table_delegate_t structure, a function vector which allows clients to customize the behavior of one or more tables. The delegate currently contains the 'create_node' and 'destroy_node' functions, and hence enables a table to use an alternative node structure. The alternative node is expected to embed the fields of a route_node using ROUTE_NODE_FIELDS. - Add route_table_init_with_delegate() to create a new table with a given delegate. - Make route_table_init() a thin wrapper around route_table_init_with_delegate(). The delegate it passes in simply creates/destroys route_node structures as before. - Add a user data pointer (info) to the route_table structure. This can be used by a client to keep per-table state. Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2012-09-26lib: bring some changes over from bgp_table to tableAvneesh Sachdev
* lib/table.c - Maintain table node count. Expose it via the route_table_count() function (from revision cbdfbaa5). - route_unlock_node(): Add assertion (from revision 228da428). - route_table_free(): Make static and fix up cleanup code (from revision 228da428). - route_node_delete(): Change to be static. - Add 'const' qualifier in a couple places. Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2012-09-25build: fix extract.pl for cross compilationSerj Kalichev
extract.pl should invoke the C preprocessor for the target system, not the host. * vtysh/extract.pl.in: use @CPP@ to get target cpp Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2012-09-25ripd: clear sockaddr_in before usingNick Hilliard
ripd_create_socket() failed in bind() on Mac OS X 10.7 since there was garbage in unused fields of struct sockaddr_in. * ripd/ripd.c: zero out struct sockaddr_sin from before filling. Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2012-09-25build: fix autoconf multicast check on OpenBSDBrad Smith
Fix the "BSD struct ip_mreq hack" autoconf test to work with OpenBSD. Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2012-09-25build: correct libtool parameter used within MakefilesBrad Smith
This corrects the parameters passed to libtool when linking the shared libraries. The paramter name is -version-info not -version. Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2012-07-25ospfd: Do not fall back to intervening router.Joakim Tjernlund
The patch in bug 330 did two things. It add a return value whether ospf_nexthop_calculation() failed or not and also moved the return stmt for 16.1.1 para 5 so now SPF will fallback to the intervening router when no back links are found by 16.1.1 para 5. This is wrong and can potentially create black holes or routing loops according to Dave Katz and Acee Lindem at ospf@ietf.org Even if the current code could be proved to be harmless in all cases, it adds substantial extra processing and memory allocations. Signed-off-by: Joakim Tjernlund <Joakim.Tjernlund@transmode.se> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2012-07-25ospfd: use ZEBRA_NEXTHOP_IPV4_IFINDEXJoakim Tjernlund
OSPF really needs to specify interface in its routes. Otherwise ospf may change the wrong route. Signed-off-by: Joakim Tjernlund <Joakim.Tjernlund@transmode.se> [fixed up some whitespace errors, split patch in two] Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2012-07-25zebra: Add support for ZEBRA_NEXTHOP_IPV4_IFINDEXJoakim Tjernlund
Actually implement the IPV4_IFINDEX nexthop type that has been drifting around as a definition forever (without any warning about it being a placeholder). Signed-off-by: Joakim Tjernlund <Joakim.Tjernlund@transmode.se> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2012-07-25ospf_spf_process_stubs: use LSA pos to find OSFP interfaceJoakim Tjernlund
This is better than a prefix lookup as prefixes may not be unique, that is, the same prefix can exist on several interfaces. Signed-off-by: Joakim Tjernlund <Joakim.Tjernlund@transmode.se> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2012-07-25ospfd: Optimize and improve SPF nexthop calculationJoakim Tjernlund
Maintain router LSA positions in OSPF interface. Find the OSPF interface in nexthop_calculation using the position in the router LSA. This is possible because the only time nexthop_calculation needs to look up interfaces is when dealing with its own Router LSA. This has the following advantages: - Multiple PtP interfaces with the same IP address between two routers. - Use Unnumbered PtP on just one end of the link. - Faster OI lookup for the OSPF interface and only done once for PtoP links. *ospf_interface.h: (struct ospf_interface) Add storage for storing router LSA position. *ospf_interface.c: (ospf_if_lookup_by_lsa_pos) lookup OSPF I/F in an area using LSA position. *ospf_lsa.c: (router_lsa_link_set) record Router LSA position. *ospf_spf.c: (ospf_spf_next) Count and pass along lsa position. (ospf_nexthop_calculation) Add lsa position argument. call ospf_if_lookup_by_lsa_pos() for OSFP interface handle. Clean up and remove all calls ospf_if_is_configured() the rest. Adjust a few debug logs. Signed-off-by: Joakim Tjernlund <Joakim.Tjernlund@transmode.se> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2012-07-25ospfd: avoid exhausting memory with OSPF vertices (BZ#476)David Lamparter
This was found in scale testing at OSR; ospfd is adding the same link over and over again to the SPF tree. This fix prevents the resulting memory corruption from happening and adds a debug message to track occurence of this issue and/or confirm a proper fix. (This version was improved by Scott Feldman over the earlier RFC.) * ospfd/ospf_spf.c: (ospf_spf_add_parent) loop over existing vertices and refuse to add duplicates. Tested-by: Martin Winter <mwinter@opensourcerouting.org> Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2012-07-19lib: make IPv6 prefix parser slightly more strictDavid Lamparter
This makes it possible to have both "show babel route A.B.C.D/M" and "show babel route X:X::X:X/M" commands at the same time without the parser complaining about ambiguity. * lib/command.c: only accept STATE_DOT after : was seen. Reported-by: Juliusz Chroboczek <jch@pps.jussieu.fr> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2012-07-19build: fix isisd topology out of tree buildDavid Lamparter
isisd got the include directory wrong on building with a separate build directory. * configure.ac: adjust ISIS_TOPOLOGY_INCLUDES Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2012-07-13zebra: lingering IP address after deletion (BZ#486)David Lamparter
zebra address bookkeeping is a mess. this is just a workaround to have IPv4 address deletion somewhat working on Linux. the if_unset_prefix call is synchronous, when it returns success the address deletion completed successfully. this is either signaled by a netlink ACK or by an OK return value from ioctl(). This version is wrapped by #ifdef HAVE_NETLINK so we don't touch the BSDs for now. * zebra/interface.c: On Linux, update zebra internal state after deleting an address. Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2012-07-13configure: Add --with-pkg-extra-version=VER for packagers/distributions.Joachim Nilsson
This change adds a --with-pkg-extra-version option to ./configure to allow packagers and distributions to fine tune the version displayed to the end user to assist in support. It is also very useful when reporting bugs on the official Quagga mailing lists. There are two ways of utilsing this functionality: a) ./configure --with-pkg-extra-version=-wmo1 b) EXTRAVERSION=-wmo1 ./configure The latter is a common way for many distributions to add extra version strings to signify their own patch level to a given package. Also, minor whitespace fix in configure summary. Signed-off-by: Joachim Nilsson <joachim.nilsson@westermo.se> Signed-off-by: Joachim Nilsson <troglobit@gmail.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2012-07-13Merge remote branch 'vincentbernat/feature/ospfv3-mib'David Lamparter
2012-07-13Merge remote branch 'vincentbernat/feature/agentx'David Lamparter
2012-07-10ospf6d: fix segfault when requesting inexistant interfaces or areasVincent Bernat
2012-06-25ospf6d: add SNMP notifications/traps supportVincent Bernat
Only implement ospfv3NbrStateChange and ospfv3IfStateChange.
2012-06-25ospf6d: add SNMP support for ospfv3*LsdbTableVincent Bernat
This includes: - ospfv3AsLsdbTable - ospfv3AreaLsdbTable - ospfv3LinkLsdbTable
2012-06-25ospf6d: add SNMP implementation of ospfv3IfTableVincent Bernat
2012-06-25ospf6d: complete SNMP implementation of ospfv3AreaTableVincent Bernat
2012-06-25ospf6d: complete SNMP implementation for scalar objectsVincent Bernat
2012-06-25ospf6d: add SNMP support for ospfv3NbrTableVincent Bernat
2012-06-25snmp: fix OSPFV3-MIB implementationVincent Bernat
Use the real MIB from RFC 5643. Fix used ASN1 types. Indexes are not exported any more (they are "no access"). Fix some endian issues. Also, ID are just integers, not IPv4 addresses. No additional OID are supported in this commit.
2012-06-25snmp: let handlers accept OID from a lesser prefixVincent Bernat
Most table handlers do not expect to be given an OID whose prefix is outside what they can handle. This is not a problem with the SMUX implementation since it always correct the OID such that the prefix matches. However, this is not the case for the AgentX implementation. A new function, smux_header_table() is used to do this normalization.
2012-06-25agentx: add appropriate documentationVincent Bernat
2012-06-25agentx: handle SNMP trapsVincent Bernat
smux_trap() signature has been changed to provide appropriate level information to send SNMPv2 notifications. This includes the addition of the enterprise OID to use (from which is derived the SNMP trap OID) and the MIB registry to locate the appropriate function for variable bindings provided by the trap. The SMUX implementation has been updated but ignore the provided enterprise OID. Instead, it still uses the SMUX peer OID to keep compatibility with previous versions of Quagga. The SMUX implementation also ignores the provided MIB registry since it uses smux_get() function to grab the appropriate values. This is not possible with the AgentX implementation since there is no such function provided by NetSNMP.
2012-06-25smux: drop findVar element from trap object structVincent Bernat
This element was not unused.
2012-06-25smux: remove `tick` argument from smux_trap()Vincent Bernat
smux_trap() contains an argument whose use appears to be to set sysUpTime.0/timestamp field in SNMP trap. However, this value is not used in smux_trap(). Moreover, it is expected that this field is the value of sysUpTime.0 when the trap was sent and not any other time related to the trap. To avoid any confusion, we remove this field from the signature of the function.
2012-06-25agentx: add AgentX support to Quagga.Vincent Bernat
--enable-snmp will enable AgentX support in Quagga. SMUX is still here and can be enabled with --enable-snmp=smux. AgentX support can be enabled with "agentx" in configuration file. As for SMUX, this command is not understood by vtysh. It can be disabled with "no agentx", though there is no real use of this since this command cannot be used with vtysh. If "agentx" and "no agentx" command were added to vtysh, it would not be possible to disable agentx support after enabling it because NetSNMP does not expose the appropriate methods for this. The internals of AgentX are hidden by NetSNMP. Therefore, we don't have a file descriptor to add to the threading system. We do not have the timers to set either. Therefore, the event loop is modified to make use of snmp_select_info() from NetSNMP. Traps are not supported yet.
2012-06-25smux: isolate SMUX implementation from SNMP implementationVincent Bernat
lib/snmp.c gets OID related helper functions that can be used with another SNMP interface. smux.h is cleaned of SMUX specific bits to only expose functions that may be used by an alternative implementation. We also do not redefine functions already present in NetSNMP. Just use the appropriate headers.
2012-06-25build: use net-snmp-config to configure NetSNMPVincent Bernat
The correct method to link to NetSNMP is to use net-snmp-config (which is like pkg-config). Explicit link to libcrypto is also dropped (NetSNMP libs are linked to libcrypto, no need to link Quagga to it). Moreover, @SNMP_INCLUDES@ is dropped because useless. Due to a bug in configure.ac, it was properly populated.
2012-06-25build: only define HAVE_SNMPVincent Bernat
NetSNMP is the only SNMP implementation for Quagga. We don't need two different symbols.
2012-06-25build: allow configure and build in a separate directoryVincent Bernat
Some .h files in lib/ are autogenerated. The search path should include the build directory and the source directory. They usually match but sometimes, they may be different. For example: $ mkdir build $ cd build $ ../configure $ make
2012-06-21isisd: fix typo in topology generator (BZ#731)David Lamparter
There was a "lsp->" missing before "level" in line 2416. (introduced by git commit e38e0df) Reported-by: Seblu <seblu@seblu.net> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>