summaryrefslogtreecommitdiff
path: root/bgpd
AgeCommit message (Collapse)Author
2011-09-26bgpd: CVE-2011-3327 (ext. comm. buffer overflow)CROSS
This vulnerability (CERT-FI #513254) was reported by CROSS project. They have also suggested a fix to the problem, which was found acceptable. The problem occurs when bgpd receives an UPDATE message containing 255 unknown AS_PATH attributes in Path Attribute Extended Communities. This causes a buffer overlow in bgpd. * bgp_ecommunity.c * ecommunity_ecom2str(): perform size check earlier
2011-09-25bgpd: improve NEXT_HOP attribute checks (BZ#680)Denis Ovsienko
* lib/prefix.h * IPV4_CLASS_DE(): new helper macro * bgp_attr.c * bgp_attr_nexthop(): add check for "partial" bit, refresh flag error reporting, explain meaning of RFC4271 section 6.3 and implement it
2011-09-25bgpd: don't be confused by "unspecific" subcode in the NOTIFY message.Dmitrij Tejblum
* bgp_debug.c (bgp_notify_open_msg, bgp_notify_update_msg, bgp_notify_cease_msg, bgp_notify_capability_msg): add messages for "unspecific" subcode.
2011-09-25bgpd: check ATOMIC_AGGREGATE attr flags (BZ#678)Denis Ovsienko
* bgp_attr.c * bgp_attr_atomic(): accept extra argument, add checks for "optional", "transitive" and "partial" bits, log each error condition independently * bgp_attr_parse(): provide extra argument
2011-09-25bgpd: check MULTI_EXIT_DISC attr flags (BZ#677)Denis Ovsienko
* bgp_attr.c * bgp_attr_med(): add checks for "optional", "transitive" and "partial" bits, log each error condition independently
2011-09-25bgpd: check LOCAL_PREF attribute flags (BZ#674)Denis Ovsienko
* bgp_attr.c * bgp_attr_local_pref(): accept extra argument, add checks for "optional" and "transitive" bits, log each error condition independently * bgp_attr_parse(): provide extra argument
2011-09-25bgpd: fix parsing of graceful restart cap. (#663)Peter Pentchev
"While setting up a testbed, I ran across a little problem in the parsing of the "graceful restart" BGP capability that resulted in Quagga not actually activating it for the peer in question - when the peer sent a single AFI/SAFI block." * bgp_open.c * bgp_capability_restart(): actually process the last AFI/SAFI block
2011-09-25bgpd: add useful notification logs (BZ#616)heasley
* bgp_packet.c * bgp_notify_send_with_data(): add calls to zlog_info()
2011-09-10bgpd: spellingDenis Ovsienko
2011-09-10bgpd: spellingDenis Ovsienko
2011-08-09bgpd: improve "show ip bgp scan detail"Denis Ovsienko
* bgp_nexthop.c (show_ip_bgp_scan_tables): access proper structure field in AF_INET6 case, handle ifindex NH type properly
2011-08-08bgpd: dismiss some zlookup checksDenis Ovsienko
bgp_nexthop_onlink(): zlookup is not used here at all bgp_nexthop_lookup_ipv6(): rely on the detection performed by "query" function (this also changes the fallback value to 0), reorder if-block bgp_nexthop_lookup(): idem
2011-08-05bgpd: add "show ip bgp scan detail" commandDenis Ovsienko
* bgp_nexthop.c: (show_ip_bgp_scan) transform into show_ip_bgp_scan_tables(), which uses inet_ntop() and can dump nexthops on request; (show_ip_bgp_scan_detail_cmd) new function
2011-08-05bgpd: touch nexthop handling codeDenis Ovsienko
bgp_nexthop_lookup_ipv6(): declare variables where they are actually used, drop no-op initialization (the field is already 0) bgp_nexthop_lookup(): ditto bgp_nexthop_check_ebgp(): rename to bgp_nexthop_onlink() bgp_nexthop_cache_changed(): rename to bgp_nexthop_cache_different()
2011-08-03bgpd: use XCALLOC to allocate bgpd damp arrayStephen Hemminger
* bgpd: (bgp_damp_parameter_set) The BGP reuse_index is not initialized properly. This would cause sporadic crash when disabling dampening. Use XCALLOC correctly and the right size array is initialized and no memset is needed.
2011-08-01bgpd: Fix display of unsigned attributesWataru Tanitsu
* bgp_route.c: (route_vty_out*) The local prefix, metric and weight values are all stored as uint32_t. Change the format to %u so that large values are not displayed as negative integers.
2011-07-18bgpd: Fix compile failure if IPv6 build was disabled.Paul Jakma
* bgp_route.c: ({no_,}ipv6_bgp_network_ttl_cmd) depends on ipv6_bgp_network which is HAVE_IPV6, so these should be too. (bgp_route_init) and the installs should be similarly ifdefed
2011-07-17bgpd: rename SAFI 3 according to RFC4760Denis Ovsienko
- SAFI value 3 is reserved. It was assigned by RFC 2858 for a use that was never fully implemented, so it is deprecated by this document. * zebra.h: rename macro * bgp_fsm.c: (bgp_graceful_restart_timer_expire, bgp_graceful_stale_timer_expire, bgp_stop, bgp_establish): update * bgpd.c: (peer_nsf_stop): update * bgp_open.c: (bgp_capability_vty_out): SAFI 3 isn't a recognized case any more
2011-07-14bgpd: more SAFI fixesDenis Ovsienko
Two macros resolving to the same integer constant broke a case block and a more thorough merge of BGP_SAFI_VPNV4 and BGP_SAFI_VPNV6 was performed. * bgpd.h: MPLS-labeled VPN SAFI is AFI-independent, switch to single * macro * bgp_capability_test.c: update test data * bgp_mp_attr_test.c: idem * bgp_route.c: (bgp_maximum_prefix_overflow, bgp_table_stats_vty) update macro and check conditions (where appropriate) * bgp_packet.c: (bgp_route_refresh_send, bgp_capability_send, bgp_update_receive, bgp_route_refresh_receive): idem * bgp_open.c: (bgp_capability_vty_out, bgp_afi_safi_valid_indices, bgp_open_capability_orf, bgp_open_capability): idem * bgp_attr.c: (bgp_mp_reach_parse, bgp_packet_attribute, bgp_packet_withdraw): idem
2011-07-13bgpd: fix SAFI for for MPLS labeled VPN-IPv6Denis Ovsienko
* bgpd.h: change value of BGP_SAFI_VPNV6 to 128 (RFC4659, BZ#659) * bgp_route.c: (bgp_table_stats_vty) fix length argument to strncmp()
2011-07-12bgpd: consistent log msg format (BZ#565)heasley
2011-07-05bgpd: Remove AS Path limit/TTL functionalityPaul Jakma
* draft-ietf-idr-as-pathlimit doesn't seem to have gone anywhere, and its author does not think it will make progress in IDR. Remove all support introduced for it, but leave stubs for the commands to avoid breaking any configurations. Basically reverts cecab5e9725792e60a5e4b473e238a14cd85815d. (cherry picked from commit c8f3fe3063cb9ff193b13011cfbda3e605395340) Conflicts: bgpd/bgp_attr.c (caused by c8e7b895, resolved)
2011-07-04bgpd/security: CVE-2010-1674 Fix crash due to extended-community parser errorPaul Jakma
* bgp_attr.c: (bgp_attr_ext_communities) Certain extended-community attrs can leave attr->flag indicating ext-community is present, even though no extended-community object has been attached to the attr structure. Thus a null-pointer dereference can occur later. (bgp_attr_community) No bug fixed here, but tidy up flow so it has same form as previous. Problem and fix thanks to anonymous reporter. (cherry picked from commit 0c46638122f10019a12ae9668aec91691cf2e017)
2011-07-04bgpd: VTY string fixes for debug commandsDavid Ward
* bgpd/bgp_debug.c: fix VTY strings for BGP debug commands to match correct syntax (cherry picked from commit 6e22b9017e1ae2ce61c383b1b2b63973207704ac)
2011-07-04bgpd: fix handling of "Unsupported Capability"Dmitrij Tejblum
* bgp_packet.c: (bgp_notify_receive) justify the difference between BGP_NOTIFY_OPEN_UNSUP_PARAM and BGP_NOTIFY_OPEN_UNSUP_CAPBL cases, as it is explained in RFC5492, page 3, paragraph 1. "Unsupported Capability" error does not mean, that the peer doesn't support capabilities advertisement -- quite the opposite (if the peer would not support capabilities advertisement, the code would be "Unsupported Optional Parameter"). Thus there is no reason to mark the peer as one non-supporting capabilities advertisement. Example: suppose the peer is in fact IPv6-only, but we didn't configure anything address-family specific for it. Then, the peer would refuse the session with "Unsupported Capability" code. If we internally set the peer as non-supporting capabilities advertisement after that, we will not be able to establish the session with it ever, even with a fixed configuration -- IPv6-only BGP session cannot be established without capabilities. In practice an edge case would be seen as the same IPv6 peer working with its "neighbor" block read from bgpd.conf, but not working, when slowly input in "conf t" mode. (cherry picked from commit c7aa8abd8788c3607ad0131f02e892cf92221e40)
2011-07-04bgpd: fix community-list error message spellingDenis Ovsienko
* bgp_vty.c: (community_list_perror, show_ip_community_list_arg, show_ip_extcommunity_list_arg) fix spelling (cherry picked from commit b729294c8c5c6f2af8ddf6cfbea2374b6faabe9d)
2010-10-21bgpd: fix printed value of last-update timestampVladimir L Ivanov
* bgp_route.c: (route_vty_out_detail) calculate time value in a way, which works regardless of monotonic clock being used or not
2010-10-06bgpd, lib: adopt afi_t and safi_t in several placesMichael Lambert
* bgpd/bgp_attr.c, bgpd/bgp_open.h, bgpd/bgp_route.c, lib/prefix.c, lib/prefix.h: Various integer types were being used where, if we had strict type checking, afi_t and safi_t would be required. Signed-off-by: G.Balaji <balajig81@gmail.com> (cherry picked from commit c8af35ffa2dc79ff7d7ff00b1b61f1f50a100ab6)
2010-09-17Set from even if binfo->extra is NULL.Greg Troxel
bgpd/bgp_packet.c:bgp_update_packet(): When extracting the peer, don't fail to extract it because "binfo->extra" is NULL. While one should certainly avoid dereferencing binfo->extra, that's not a good reason not to use binfo->peer. Fixes https://bugzilla.quagga.net/show_bug.cgi?id=497. Patch by Eric Sobocinksi.
2010-08-09bgpd: fix handling of AS path dataChris Hall
* bgpd/bgp_aspath.c * assegments_parse(): add handling of AS4_PATH input, update bounds checks, add check for AS segment type * aspath_parse(): add handling of AS4_PATH input, expect assegments_parse() to do length checking * aspath_empty(): update for the new function prototype * bgpd/bgp_aspath.h: ditto * tests/aspath_test.c: ditto * bgpd/bgp_attr.c * bgp_attr_aspath(): add handling of AS4_PATH input, update flags checks, change returned type * bgp_attr_as4_path(): discard, superseded by bgp_attr_aspath() * bgp_attr_parse(): update respectively
2010-05-14bgpd: tighten bounds checking in RR ORF msg readerChris Hall
* bgp_packet.c: (bgp_route_refresh_receive) add validation of "Length" (RFC5292) field value, check input stream bounds each time bytes are pulled from it
2010-01-15bgp: use monotonic clock for time of dayStephen Hemminger
BGP uses time() to get system time of day; but that value fluctuates with time adjustments from NTP. This can cause premature flapping of peer sessions and other failures. Use the system monotonic clock supported by Quagga thread library to avoid issue. See: http://bugzilla.vyatta.com/show_bug.cgi?id=4467 * bgpd/bgp_fsm.c * bgp_uptime_reset(): dismiss function * bgpd/bgpd.c * bgp_clock(): new function * bgpd/bgp_damp.c * bgp_reuse_timer(): employ bgp_clock() instead of time(NULL) * bgp_damp_withdraw(): idem * bgp_damp_update(): idem * bgp_damp_scan(): idem * bgp_damp_info_vty(): idem * bgp_damp_reuse_time_vty(): idem * bgpd/bgp_fsm.c * bgp_routeadv_timer(): idem * bgp_stop(): idem * bgp_establish(): idem * bgpd/bgp_packet.c * bgp_update_receive(): idem * bgpd/bgp_route.c * bgp_update_rsclient(): idem * bgp_update_main(): idem * bgp_static_update_rsclient(): idem * bgp_static_update_main(): idem * bgp_static_update_vpnv4(): idem * bgp_aggregate_route(): idem * bgp_aggregate_add(): idem * bgp_redistribute_add(): idem * bgpd/bgp_snmp.c * bgpPeerTable(): idem * bgpTrapEstablished(): idem * bgpTrapBackwardTransition(): idem * bgpd/bgpd.c * peer_create(): idem * peer_uptime(): idem * bgp_master_init(): idem
2009-12-17bgpd: code cleanupStephen Hemminger
* bgpd/bgp_aspath.c * ashash: only used in one file, make static * aspath_count_numas(): dead code, sayonara * bgpd/bgpd.c * peer_nsf_stop(): only used in one file, make static * bgpd/bgp_packet.h * bgp_capability_receive(): add missing prototype for a global function
2009-12-10bgpd: compile warnings cleanupStephen Hemminger
* bgpd/bgp_fsm.c * bgp_clearing_completed(): only used in one file, can be static * bgpd/bgp_packet.c * afi2str(): sayonara * safi2str(): sayonara * bgpd/bgp_route.c * bgp_distance_reset(): sayonara * bgpd/bgp_zebra.c * bgp_ifindex_by_nexthop(): sayonara
2009-12-09lib: move check_bit into prefix common codeStephen Hemminger
Make one version of check prefix bit, and put it inline with proper prototype. This gets rid of some macro's and also some assert() that can never happen on a non-broken compiler. * bgpd/bgp_table.c * CHECK_BIT(): sayonara * check_bit(): sayonara * SET_LINK(): sayonara * set_link(): make use of prefix_bit() instead of check_bit() * bgp_node_match(): idem * bgp_node_lookup(): idem * bgp_node_get(): idem * lib/prefix.h * prefix_bit(): new inline version of check_bit() * lib/table.c * CHECK_BIT(): sayonara * check_bit(): sayonara * SET_LINK(): sayonara * set_link(): make use of prefix_bit() instead of check_bit() * route_node_match(): idem * route_node_lookup(): idem * route_node_get(): idem * ospf6d/ospf6_lsdb.c * CHECK_BIT(): sayonara * ospf6_lsdb_lookup_next(): make use of prefix_bit() instead of CHECK_BIT() * ospf6_lsdb_type_router_head(): idem * ospf6_lsdb_type_head(): idem * ospf6d/ospf6_route.c * CHECK_BIT(): sayonara * ospf6_route_match_head() make use of prefix_bit() instead of * CHECK_BIT()
2009-12-04bgpd: work around warning in assegments_parse()Denis Ovsienko
2009-08-28bgpd: fix md5 set on listen socketsStephen Hemminger
* bgp_network.c: (bgp_md5_set) Missing piece from earlier listener change did not get ported from Vyatta code into upstream. The list listener_sockets changed from (int *) to (struct bgp_listener *).
2009-08-13bgp: missing pieces from listener patchStephen Hemminger
* bgp_network.c: (bgp_accept) The code in current git will crash as part of the revised listener code is missing. The new listener thread code passes a pointer to a bgp_listener structure, not the bgp pointer. The old code always got a NULL for bgp pointer, so that is now hard coded.
2009-08-13bgp: compiler warning fixStephen Hemminger
* bgp_filter.h: Gcc complains the function prototype is not correct because the function argument is using old K&R style.
2009-08-05bgpd: Fix mistakes in applying 'allow inbound connections to non-default view'Paul Jakma
* bgpd.c: (peer_lookup_with_open) Bodged application of previous patch meant the second loop around bgp->peer wasn't included in the loop around bm->bgp as it was supposed to be. Fix..
2009-07-30[bgpd] delete erroneous extra brace..Paul Jakma
2009-07-30bgpd: Workaround for invalid MBGP next hopMichael Lambert
* bgp_attr.c: (bgp_mp_reach_parse) There are some interoperability issues for MBGP (particularly IPv4 multicast NLRI) between different implementations. In order to get some next hops to install correctly in the BGP tables, it appears to be necessary to copy the multiprotocol next hop into the base next hop field. This is related to differences in RFC 2283 and RFC 2858.
2009-07-28bgpd/trivial: Fix indentation in previousPaul Jakma
2009-07-28bgpd: Allow inbound connections to non-default viewSteve Hill
* bgpd.c: (peer_lookup) Search through all BGP instances for matches, not just the default instance, if no specific instance is given. (peer_lookup_with_open) same.
2009-07-28bgpd: fd leak in bgpdSteve Hill
* bgp_fsm.c: I have found an fd leak in bgpd that is caused by the 'new' Clearing state. I've been seeing it from hold timer failures, but it can also be triggered by other things. When Hold_Timer_expired fires in Established state, a notify is sent and BGP_Stop event queued. The fsm then transitions into Clearing state. That is the problem; When the BGP_Stop event is serviced, the state table says to ignore it while in Clearing. Thus bgp_stop is not called and the fd leaks. Previously the peer would be in Idle state, which correctly handles the BGP_Stop event. Fix by making bgp_stop safe to call from Clearing state, without losing ClearingCompleted events, and then ensuring it is called prior to transition from Clearing->Idle.
2009-07-28bgpd: Delete AS_CONFED_SEQUENCE when prepending an AS_SEQUENCE type segmentVasilis Tsiligiannis
AS_CONFED_SEQUENCE segment should always be deleted when prepending (e.g. with a route-map) an AS_SEQUENCE segment to an AS path. Otherwise, AS_CONFED_SEQUENCE will not be deleted later when updating EBGP peers (since it is not the leftmost segment) and will leak outside the confederation.
2009-07-28bgpd: Implement BGP confederation error handling (RFC5065, Par. 5)Vasilis Tsiligiannis
This patch implements BGP confederation error handling in Quagga as described in RFC5065, paragraph 5. * bgp_aspath.c: (aspath_confed_check, aspath_left_confed_check) new functions * bgp_attr.c: (bgp_attr_aspath_check) apply previous and NOTIFY if there's a problem.
2009-07-28bgpd: start listener on first instanceStephen Hemminger
Start BGP listener only after first instance is started. This helps the security if BGP is not used but daemon is started. It also addresses some issues like MD5 not working on listener unless IPV6 configured (because listener was not in list); as well as compiler warnings. * bgp_network.c: (bgp_listener) listen socket creation consolidated here (bgp_socket) Use bgp_listener * bgpd.c: (bgp_get) call bgp_socket on creation of first struct bgp. (bgp_init) remove bgp_socket call. * memtypes.c: Add MTYPE_BGP_LISTENER
2009-07-28bgpd: peer action table static/constStephen Hemminger
bgpd.c: (various tables) only used in one place and are immutable.
2009-07-27[bgpd] Restore ability of 'neighbor ... update-source' to take interface namePaul Jakma
* bgp_vty.c: (BGP_UPDATE_SOURCE_STR) Restore ability to accept arbitrary interface names for the 'neighbor ... update-source' command - shouldn't have been deleted. (BGP_UPDATE_SOURCE_STR) Add help for same.