| Age | Commit message (Collapse) | Author |
|---|
|
(This patch was modified to leave calls to stream_getl() in place, they
are necessary for the stream's internal pointer to advance to the
correct position. -- Denis)
Signed-off-by: Denis Ovsienko <infrastation@yandex.ru>
Fix gcc warnings about varables that are set but never used.
* bgpd/bgp_attr.c
* cluster_unintern(): ret
* transit_unintern(): ret
* bgp_attr_default_intern(): attre
* bgp_mp_reach_parse(): rd_high, rd_low
* bgpd/bgp_route.c
* bgp_announce_check_rsclient(): bgp
* bgpd/bgp_zebra.c
* zebra_read_ipv4(): ifindex
* zebra_read_ipv6(): ifindex
* bgpd/bgpd.c
* bgp_config_write_peer(): filter
* lib/distribute.c
* distribute_list_all(): dist
* distribute_list(): dist
* distribute_list_prefix_all(): dist
* distribute_list_prefix(): dist
* lib/if_rmap.c
* if_rmap(): if_rmap
* lib/vty.c
* vty_accept(): vty
* lib/zclient.c
* zclient_read(): ret
* zebra/irdp_interface.c
* if_group(): zi
* zebra/rt_netlink.c
* kernel_read(): ret, sock
|
|
This issue has been pointed out by Lou Berger and Tim Browski.
* bgp_packet.c
* bgp_route_refresh_receive(): restore if() condition, which was
broken by commit fdbc8e77c88f751924299d0bc752371d5cc31116
|
|
getaddrinfo returns a list of socket parameters for listening. it
will contain both IPv4 and IPv6 listening sockets. unless we use
IPV6_V6ONLY on the IPv6 ones, only the socket listed first will
work. if the IPv4 one came first, the IPv6 one would get an
"Address in use" error.
this functionality was already present for bgpd and its listening
sockets. as it is needed for vtys as well, make it a common helper.
Conflicts:
lib/sockunion.c
|
|
this replaces most occurences of routing protocol lists by preprocessor
defines from route_types.h. the latter is autogenerated from
route_types.txt by a perl script (previously awk). adding a routing
protocol now is mostly a matter of changing route_types.txt and log.c.
Conflicts:
lib/route_types.awk
|
|
|
|
All daemons modified to support custom path to zserv
socket.
lib: generalize a zclient connection
zclient_socket_connect added. zclient_socket and
zclient_socket_un were hidden under static expression.
"zclient_serv_path_set" modified.
|
|
New clause 'match probability <percentage value>'
was added in route-maps (bgpd/bgp_routemap.c modified).
|
|
Second patch replaces "VTY_GET_LONG ("AS", as_ul, arg);"
by "VTY_GET_INTEGER_RANGE ("AS", as, arg, 1, BGP_AS4_MAX);"
as done in all other code, which parses AS numbers.
|
|
When doing valgrind testing, the privledges from zprivs_init() need
to be cleaned up on exit.
|
|
BGP was ignoring nexthop info for static and other redistributed
routes for IPv6. Build extra attribute info to store the nexthop.
See also:
https://bugzilla.vyatta.com/show_bug.cgi?id=6073
|
|
this fixes commit b881c7074bb698aeb1b099175b325734fc6e44d2
|
|
bgp_bind_address is replaced with sockunion_bind.
|
|
if update-source was given as interface name, bgpd was unconditionally
trying to bind to an IPv4 address from that interface.
change function to find the best-matching (number of address bits)
same-family address on the interface.
|
|
|
|
To set the TOS bits on TCP connections, platforms that restrict
capabilities need the priv level to be raised before the sockopt
is set, and this requires the ZCAP_NET_ADMIN priv.
* bgp_main.c: update _caps_p to include ZCAP_NET_ADMIN
* bgp_network.c
* bgp_connect(): request ZPRIVS_RAISE/ZPRIVS_LOWER
* bgp_listener(): request ZPRIVS_RAISE earlier
|
|
|
|
* bgp_attr.c (bgp_attr_originator_id, bgp_attr_cluster_list): provide
required arguments to bgp_attr_malformed()
|
|
* bgp_attr.c
* bgp_attr_aggregator(): check Optional/Transitive flag bits
|
|
Commit 05a4936b713b9882171d0f7fb20b8439df23939e fixed some of the
attributes involved, but not all. This commit should do it.
* bgp_attr.c
* bgp_attr_originator_id()
* bgp_attr_cluster_list()
* bgp_mp_reach_parse()
* bgp_mp_unreach_parse()
|
|
Some of the recent attribute flags/length checks copied from QRE use
bgp_notify_send_with_data() directly, but master branch assumes
using bgp_attr_malformed().
* bgp_attr.c
* bgp_attr_med()
* bgp_attr_local_pref()
* bgp_attr_atomic()
* bgp_attr_originator_id()
* bgp_attr_cluster_list()
* bgp_mp_reach_parse()
* bgp_mp_unreach_parse()
|
|
* bgp_attr.[ch]
* bgp_mp_reach_parse(): add extra arguments and a uniform flag
check block
* bgp_mp_unreach_parse(): idem
* bgp_attr_parse(): provide extra arguments
* bgp_mp_attr_test.c
* parse_test(): justify respective calls
|
|
|
|
* bgp_attr.c
* bgp_attr_cluster_list(): accept extra argument, add checks for
"optional", "transitive" and "partial" bits, log each error
condition independently
* bgp_attr_parse(): provide extra arguments
|
|
* bgp_attr.c
* bgp_attr_originator_id(): accept extra argument, add checks for
"optional", "transitive" and "partial" bits, log each error
condition independently
* bgp_attr_parse(): provide extra arguments
|
|
IPv6 supports the same concept of differentiated service for routing
protocols as IPv4, but like too many things, the standards committee
decided that having two names for the same thing wasn't good enough and
introduced a third more generic term transport class.
The socket option to set transport class works the same as IPv4, but the
arguments are different.
* lib/sockopt.[ch]
* setsockopt_ipv6_tclass(): new function
* bgpd/bgp_network.c
* bgp_connect(): set socket option
* bgp_listener(): set socket option
* ospf6d/ospf6_network.c
* ospf6_set_transport_class(): new function
* ospf6_serv_sock(): set socket option
* ripngd/ripngd.c
* ripng_make_socket(): set socket option
|
|
Commit 2febf323411c1aed9d7694898f852ce2ef36a7e5 assumed every flag
bit except optional/transitive/partial unset, which at times could
not be true for "extended length" bit.
* bgp_attr.c
* bgp_attr_origin(): exclude BGP_ATTR_FLAG_EXTLEN from comparison
* bgp_attr_nexthop(): idem
* bgp_attr_med(): idem
* bgp_attr_local_pref(): idem
* bgp_attr_atomic(): idem
|
|
"While setting up a testbed, I ran across a little problem in the
parsing of the "graceful restart" BGP capability that resulted in
Quagga not actually activating it for the peer in question - when
the peer sent a single AFI/SAFI block."
* bgp_open.c
* bgp_capability_restart(): actually process the last AFI/SAFI block
|
|
* bgp_attr.c
* bgp_attr_parse(): provide extra argument to bgp_attr_aggregator()
* bgp_attr_local_pref(): use bgp_notify_send_with_data()
* bgp_attr_atomic(): idem
* bgp_attr_aggregator(): idem
Conflicts:
bgpd/bgp_attr.c
|
|
Do not check each of the Optional/Transitive/Partial attribute
flag bits, when their only valid combination is known in advance,
but still perform bit-deep error message logging. This change
assumes unused (low-order) 4 bits of the flag octet cleared.
* bgp_attr.c
* bgp_attr_origin(): rewrite check
* bgp_attr_nexthop(): idem
* bgp_attr_med(): idem
* bgp_attr_local_pref(): idem
* bgp_attr_atomic(): idem
Conflicts:
bgpd/bgp_attr.c
|
|
|
|
ORIGIN handling function used to have "partial" bit check and recent
commits added it for NEXT_HOP, MULTI_EXIT_DISC and ATOMIC_AGGREGATE
cases. This commit adds "partial" check for AS_PATH and LOCAL_PREF
cases, which should leave attributes 1 through 6 inclusive completely
covered with attribute flags checks.
* bgp_attr.c
* bgp_attr_origin(): use bit-by-bit checks for better diagnostics
* bgp_attr_aspath(): add flag check
* bgp_attr_local_pref(): idem
Conflicts:
bgpd/bgp_attr.c
|
|
* lib/prefix.h
* IPV4_CLASS_DE(): new helper macro
* bgp_attr.c
* bgp_attr_nexthop(): add check for "partial" bit, refresh flag error
reporting, explain meaning of RFC4271 section 6.3 and implement it
Conflicts:
bgpd/bgp_attr.c
|
|
- SAFI value 3 is reserved. It was assigned by RFC 2858 for a use
that was never fully implemented, so it is deprecated by this
document.
* zebra.h: rename macro
* bgp_fsm.c: (bgp_graceful_restart_timer_expire,
bgp_graceful_stale_timer_expire, bgp_stop, bgp_establish): update
* bgpd.c: (peer_nsf_stop): update
* bgp_open.c: (bgp_capability_vty_out): SAFI 3 isn't a recognized case
any more
|
|
(with resolved conflict in bgpd/bgp_packet.c)
Two macros resolving to the same integer constant broke a case block and
a more thorough merge of BGP_SAFI_VPNV4 and BGP_SAFI_VPNV6 was
performed.
* bgpd.h: MPLS-labeled VPN SAFI is AFI-independent, switch to single
* macro
* bgp_capability_test.c: update test data
* bgp_mp_attr_test.c: idem
* bgp_route.c: (bgp_maximum_prefix_overflow, bgp_table_stats_vty) update
macro and check conditions (where appropriate)
* bgp_packet.c: (bgp_route_refresh_send, bgp_capability_send,
bgp_update_receive, bgp_route_refresh_receive): idem
* bgp_open.c: (bgp_capability_vty_out, bgp_afi_safi_valid_indices,
bgp_open_capability_orf, bgp_open_capability): idem
* bgp_attr.c: (bgp_mp_reach_parse, bgp_packet_attribute,
bgp_packet_withdraw): idem
|
|
* bgpd.h: change value of BGP_SAFI_VPNV6 to 128 (RFC4659, BZ#659)
* bgp_route.c: (bgp_table_stats_vty) fix length argument to strncmp()
|
|
* bgp_debug.c (bgp_notify_open_msg, bgp_notify_update_msg,
bgp_notify_cease_msg, bgp_notify_capability_msg): add messages for
"unspecific" subcode.
|
|
|
|
|
|
* bgp_attr.c
* bgp_attr_atomic(): accept extra argument, add checks for
"optional", "transitive" and "partial" bits, log each error
condition independently
* bgp_attr_parse(): provide extra argument
|
|
* bgp_attr.c
* bgp_attr_med(): add checks for "optional", "transitive" and
"partial" bits, log each error condition independently
|
|
* bgp_attr.c
* bgp_attr_local_pref(): accept extra argument, add checks for
"optional" and "transitive" bits, log each error condition
independently
* bgp_attr_parse(): provide extra argument
|
|
* bgp_packet.c
* bgp_notify_send_with_data(): add calls to zlog_info()
|
|
|
|
This vulnerability (CERT-FI #513254) was reported by CROSS project.
They have also suggested a fix to the problem, which was found
acceptable.
The problem occurs when bgpd receives an UPDATE message containing
255 unknown AS_PATH attributes in Path Attribute Extended Communities.
This causes a buffer overlow in bgpd.
* bgp_ecommunity.c
* ecommunity_ecom2str(): perform size check earlier
|
|
Contains BGP fixes:
- set extcommunity crash: tihs patch tries to make the refcounting more robust
but does not fully solve the problem, sadly.
- BGP attribute error handling: Little testing.
|
|
changes in the multipath set or attributes, but failed to check for
just a bestpath change. The result is there is no attribute on the new
bestpath and we hit the assert. Added the bestpath check and
rearranged the code to only check attributes when there is no bestpath
or multipath change, so we only scan the for attribute changes when
necessary.
* bgpd/bgp_mpath.c
* bgp_info_mpath_aggregate_update(): Added check for bestpath
change before skipping the aggregate generation. Skip the attribute
check if either the multipath set or bestpath has changed.
|
|
multipath list. This causes the multipath list to get truncated
but the multipath count still reflects what it was before truncation.
When we install the route to zebra we fail to fill the nexthop
array with the number of nexthop pointers indicated by the
multipath count and this leads to a NULL pointer crash in
stream_put_in_addr().
Changes:
* bgpd/bgp_mpath.c
* bgp_info_mpath_update(): If new_mpath is the bestpath we should
just move to the next mp_list node. Move dequeue of new_mpath and
the code that updates next_mpath to inside the check that
new_mpath is not the bestpath.
|
|
advertised is based on the bestpath attribute set, but the
following attributes are aggregated from the attribute sets
of the multipath constituents:
- AS_PATH
- ORIGIN
- COMMUNITIES
- EXTENDED COMMUNITIES
In addition the route is advertised with the NEXT_HOP set
to the router's interface IP address, instead of the NEXT_HOP
of the best path. This is to ensure that traffic will go to this
router so it can be fanned out via the multipath route.
* bgpd/ecommunity.c
* ecommunity_uniq_sort(): Make this function externally accessible
* bgpd/ecommunity.h
* Add external declaration for ecommunity_uniq_sort()
* bgpd/bgp_mpath.c
* bgp_info_nexthop_cmp(): Replace calls to bgp_attr_extra_get()
to avoid unwanted memory allocation
* bgp_info_mpath_free(): Free aggregate attribute for multipath
* bgp_info_mpath_attr(): Lookup aggregate attribute of a multipath route
* bgp_info_mpath_attr_set(): Set aggregate attribute of a multipath route
* bgp_info_mpath_aggregate_update(): Update the aggregate attribute
of a multipath route
* bgpd/bgp_mpath.h
* bgp_info_mpath: Add pointer to hold aggregate attribute of a multipath
* Add external declarations for new functions
* bgpd/bgp_route.c
* bgp_announce_check(): Use aggregate attribute when announcing multipath
route
* bgp_announce_check_rsclient(): Use aggregate attribute when announcing
multipath route
* bgp_best_selection(): After updating multipath set, update the
multipath aggregate attribute
|
|
first stage of the best path calculation. The second stage then
selects a winner from each peer AS's best path. In the second stage we
clear multipath set of the non-selected best paths via
bgp_mp_dmed_deselect(). Since the multipath set is already marked up
for the winning path, we don't call bgp_info_mpath_update() after the
second stage calculation.
* bgpd/bgp_mpath.c
* bgp_mp_dmed_deselect(): New function to cleanup the multipath
markup if a DMED selected path loses in stage 2 of the best path
calculation
* bgpd/bgp_mpath.h
* Add external declaration of bgp_mp_dmed_deselect()
* bgpd/bgp_route.c
* bgp_best_selection(): If multipath is enabled, build up the mp_list
for the current peer AS, and do the RIB markup the best path from
that AS. In the second stage, clear the RIB markup for the DMED
selected path if it is not selected as best. Only call
bgp_info_mpath_update() in the second stage when not doing
deterministic MED.
|
|
routes. Use a growable buffer (bgp_nexthop_buf) to collect nexthops
that are included in the announcement. Use the BGP_INFO_MULTIPATH_CHG
flag to trigger zebra announcement so zebra will be updated if the
multipath set changes. Display all multipath nexthops in
'debug bgp zebra' output.
* bgpd/bgp_main.c
* bgp_exit(): Free bgp_nexthop_buf when exiting
* bgpd/bgp_route.c
* bgp_process_rsclient(): Clear BGP_INFO_MULTIPATH_CHG after processing
* bgp_process_main(): Check BGP_INFO_MULTIPATH_CHG to trigger zebra
announcement and clear aftr processing
* bgpd/bgp_zebra.c
* bgp_nexthop_buf: Growable buffer used to collect nexthops for zebra
announcement
* bgp_zebra_announce(): Grow bgp_nexthop_buf if needed. Include
multipath count in zebra announcement and add all nexthops to
bgp_nexthop_buf. Pass bgp_nexthop_buf data to zebra announcement.
Added nexthops to debug output.
* bgp_zebra_init(): Initialize bgp_nexthop_buf at startup
* bgpd/bgp_zebra.h
* BGP_NEXTHOP_BUF_SIZE: Default initial bgp_nexthop_buf size has room
for 8 nexthops
|
