summaryrefslogtreecommitdiff
path: root/bgpd
AgeCommit message (Collapse)Author
2011-12-03bgpd: fix memory leak for extra attributesOleg A. Arkhangelsky
this fixes commit b881c7074bb698aeb1b099175b325734fc6e44d2
2011-11-21bgpd: remove unused function bgp_bind_addressDavid Lamparter
bgp_bind_address is replaced with sockunion_bind.
2011-11-21bgpd: fix update-source for IPv6 (BZ#548)David Lamparter
if update-source was given as interface name, bgpd was unconditionally trying to bind to an IPv4 address from that interface. change function to find the best-matching (number of address bits) same-family address on the interface.
2011-11-15bgpd: fix "nexthop-local unchanged" (BZ#350)Dylan Hall
2011-11-15bgpd: justify capabilities for TOS settingChris Luke
To set the TOS bits on TCP connections, platforms that restrict capabilities need the priv level to be raised before the sockopt is set, and this requires the ZCAP_NET_ADMIN priv. * bgp_main.c: update _caps_p to include ZCAP_NET_ADMIN * bgp_network.c * bgp_connect(): request ZPRIVS_RAISE/ZPRIVS_LOWER * bgp_listener(): request ZPRIVS_RAISE earlier
2011-11-15bgpd: revised fix to --dryrun (BZ#622)Sergey Y. Afonin
2011-10-26bgpd: fix 2 more cases of length error reportingDenis Ovsienko
* bgp_attr.c (bgp_attr_originator_id, bgp_attr_cluster_list): provide required arguments to bgp_attr_malformed()
2011-10-22bgpd: check AGGREGATOR attr flags (BZ#678)Denis Ovsienko
* bgp_attr.c * bgp_attr_aggregator(): check Optional/Transitive flag bits
2011-10-19bgpd: fix more regressions in attr flag checksDenis Ovsienko
Commit 05a4936b713b9882171d0f7fb20b8439df23939e fixed some of the attributes involved, but not all. This commit should do it. * bgp_attr.c * bgp_attr_originator_id() * bgp_attr_cluster_list() * bgp_mp_reach_parse() * bgp_mp_unreach_parse()
2011-10-18bgpd: use bgp_attr_malformed()Denis Ovsienko
Some of the recent attribute flags/length checks copied from QRE use bgp_notify_send_with_data() directly, but master branch assumes using bgp_attr_malformed(). * bgp_attr.c * bgp_attr_med() * bgp_attr_local_pref() * bgp_attr_atomic() * bgp_attr_originator_id() * bgp_attr_cluster_list() * bgp_mp_reach_parse() * bgp_mp_unreach_parse()
2011-10-17bgpd: add flag checks for MP_(UN)REACH_NLRIDenis Ovsienko
* bgp_attr.[ch] * bgp_mp_reach_parse(): add extra arguments and a uniform flag check block * bgp_mp_unreach_parse(): idem * bgp_attr_parse(): provide extra arguments * bgp_mp_attr_test.c * parse_test(): justify respective calls
2011-10-17bgpd: fix spelling of CLUSTER_LISTDenis Ovsienko
2011-10-17bgpd: check CLUSTER_LIST attribute flagsDenis Ovsienko
* bgp_attr.c * bgp_attr_cluster_list(): accept extra argument, add checks for "optional", "transitive" and "partial" bits, log each error condition independently * bgp_attr_parse(): provide extra arguments
2011-10-17bgpd: check ORIGINATOR_ID attribute flagsDenis Ovsienko
* bgp_attr.c * bgp_attr_originator_id(): accept extra argument, add checks for "optional", "transitive" and "partial" bits, log each error condition independently * bgp_attr_parse(): provide extra arguments
2011-10-17IPv6 transport class suppportStephen Hemminger
IPv6 supports the same concept of differentiated service for routing protocols as IPv4, but like too many things, the standards committee decided that having two names for the same thing wasn't good enough and introduced a third more generic term transport class. The socket option to set transport class works the same as IPv4, but the arguments are different. * lib/sockopt.[ch] * setsockopt_ipv6_tclass(): new function * bgpd/bgp_network.c * bgp_connect(): set socket option * bgp_listener(): set socket option * ospf6d/ospf6_network.c * ospf6_set_transport_class(): new function * ospf6_serv_sock(): set socket option * ripngd/ripngd.c * ripng_make_socket(): set socket option
2011-10-12bgpd: fix regression in improved attr flag checksDenis Ovsienko
Commit 2febf323411c1aed9d7694898f852ce2ef36a7e5 assumed every flag bit except optional/transitive/partial unset, which at times could not be true for "extended length" bit. * bgp_attr.c * bgp_attr_origin(): exclude BGP_ATTR_FLAG_EXTLEN from comparison * bgp_attr_nexthop(): idem * bgp_attr_med(): idem * bgp_attr_local_pref(): idem * bgp_attr_atomic(): idem
2011-10-08bgpd: fix parsing of graceful restart cap. (#663)Peter Pentchev
"While setting up a testbed, I ran across a little problem in the parsing of the "graceful restart" BGP capability that resulted in Quagga not actually activating it for the peer in question - when the peer sent a single AFI/SAFI block." * bgp_open.c * bgp_capability_restart(): actually process the last AFI/SAFI block
2011-10-08bgpd: improve attr length error handling (BZ#679)Denis Ovsienko
* bgp_attr.c * bgp_attr_parse(): provide extra argument to bgp_attr_aggregator() * bgp_attr_local_pref(): use bgp_notify_send_with_data() * bgp_attr_atomic(): idem * bgp_attr_aggregator(): idem Conflicts: bgpd/bgp_attr.c
2011-09-30bgpd: improve attr flags checksDenis Ovsienko
Do not check each of the Optional/Transitive/Partial attribute flag bits, when their only valid combination is known in advance, but still perform bit-deep error message logging. This change assumes unused (low-order) 4 bits of the flag octet cleared. * bgp_attr.c * bgp_attr_origin(): rewrite check * bgp_attr_nexthop(): idem * bgp_attr_med(): idem * bgp_attr_local_pref(): idem * bgp_attr_atomic(): idem Conflicts: bgpd/bgp_attr.c
2011-09-30bgpd: ignore 4 bits of attribute flags byteDenis Ovsienko
2011-09-30bgpd: add missing "partial" flag checks (BZ#676)Denis Ovsienko
ORIGIN handling function used to have "partial" bit check and recent commits added it for NEXT_HOP, MULTI_EXIT_DISC and ATOMIC_AGGREGATE cases. This commit adds "partial" check for AS_PATH and LOCAL_PREF cases, which should leave attributes 1 through 6 inclusive completely covered with attribute flags checks. * bgp_attr.c * bgp_attr_origin(): use bit-by-bit checks for better diagnostics * bgp_attr_aspath(): add flag check * bgp_attr_local_pref(): idem Conflicts: bgpd/bgp_attr.c
2011-09-30bgpd: improve NEXT_HOP attribute checks (BZ#680)Denis Ovsienko
* lib/prefix.h * IPV4_CLASS_DE(): new helper macro * bgp_attr.c * bgp_attr_nexthop(): add check for "partial" bit, refresh flag error reporting, explain meaning of RFC4271 section 6.3 and implement it Conflicts: bgpd/bgp_attr.c
2011-09-29bgpd: rename SAFI 3 according to RFC4760Denis Ovsienko
- SAFI value 3 is reserved. It was assigned by RFC 2858 for a use that was never fully implemented, so it is deprecated by this document. * zebra.h: rename macro * bgp_fsm.c: (bgp_graceful_restart_timer_expire, bgp_graceful_stale_timer_expire, bgp_stop, bgp_establish): update * bgpd.c: (peer_nsf_stop): update * bgp_open.c: (bgp_capability_vty_out): SAFI 3 isn't a recognized case any more
2011-09-29bgpd: more SAFI fixesDenis Ovsienko
(with resolved conflict in bgpd/bgp_packet.c) Two macros resolving to the same integer constant broke a case block and a more thorough merge of BGP_SAFI_VPNV4 and BGP_SAFI_VPNV6 was performed. * bgpd.h: MPLS-labeled VPN SAFI is AFI-independent, switch to single * macro * bgp_capability_test.c: update test data * bgp_mp_attr_test.c: idem * bgp_route.c: (bgp_maximum_prefix_overflow, bgp_table_stats_vty) update macro and check conditions (where appropriate) * bgp_packet.c: (bgp_route_refresh_send, bgp_capability_send, bgp_update_receive, bgp_route_refresh_receive): idem * bgp_open.c: (bgp_capability_vty_out, bgp_afi_safi_valid_indices, bgp_open_capability_orf, bgp_open_capability): idem * bgp_attr.c: (bgp_mp_reach_parse, bgp_packet_attribute, bgp_packet_withdraw): idem
2011-09-29bgpd: fix SAFI for for MPLS labeled VPN-IPv6Denis Ovsienko
* bgpd.h: change value of BGP_SAFI_VPNV6 to 128 (RFC4659, BZ#659) * bgp_route.c: (bgp_table_stats_vty) fix length argument to strncmp()
2011-09-27bgpd: don't be confused by "unspecific" subcode in the NOTIFY message.Dmitrij Tejblum
* bgp_debug.c (bgp_notify_open_msg, bgp_notify_update_msg, bgp_notify_cease_msg, bgp_notify_capability_msg): add messages for "unspecific" subcode.
2011-09-27bgpd: spellingDenis Ovsienko
2011-09-27bgpd: spellingDenis Ovsienko
2011-09-27bgpd: check ATOMIC_AGGREGATE attr flags (BZ#678)Denis Ovsienko
* bgp_attr.c * bgp_attr_atomic(): accept extra argument, add checks for "optional", "transitive" and "partial" bits, log each error condition independently * bgp_attr_parse(): provide extra argument
2011-09-27bgpd: check MULTI_EXIT_DISC attr flags (BZ#677)Denis Ovsienko
* bgp_attr.c * bgp_attr_med(): add checks for "optional", "transitive" and "partial" bits, log each error condition independently
2011-09-27bgpd: check LOCAL_PREF attribute flags (BZ#674)Denis Ovsienko
* bgp_attr.c * bgp_attr_local_pref(): accept extra argument, add checks for "optional" and "transitive" bits, log each error condition independently * bgp_attr_parse(): provide extra argument
2011-09-27bgpd: add useful notification logs (BZ#616)heasley
* bgp_packet.c * bgp_notify_send_with_data(): add calls to zlog_info()
2011-09-27bgpd: consistent log msg format (BZ#565)heasley
2011-09-26bgpd: CVE-2011-3327 (ext. comm. buffer overflow)CROSS
This vulnerability (CERT-FI #513254) was reported by CROSS project. They have also suggested a fix to the problem, which was found acceptable. The problem occurs when bgpd receives an UPDATE message containing 255 unknown AS_PATH attributes in Path Attribute Extended Communities. This causes a buffer overlow in bgpd. * bgp_ecommunity.c * ecommunity_ecom2str(): perform size check earlier
2011-07-29Merge branch 'attr-errors'Paul Jakma
Contains BGP fixes: - set extcommunity crash: tihs patch tries to make the refcounting more robust but does not fully solve the problem, sadly. - BGP attribute error handling: Little testing.
2011-07-20bgpd: We try to skip out of updating the multipath aggregate if there are noJosh Bailey
changes in the multipath set or attributes, but failed to check for just a bestpath change. The result is there is no attribute on the new bestpath and we hit the assert. Added the bestpath check and rearranged the code to only check attributes when there is no bestpath or multipath change, so we only scan the for attribute changes when necessary. * bgpd/bgp_mpath.c * bgp_info_mpath_aggregate_update(): Added check for bestpath change before skipping the aggregate generation. Skip the attribute check if either the multipath set or bestpath has changed.
2011-07-20bgpd: Fix a crash caused by mistakenly dequeueing the bestpath on theJosh Bailey
multipath list. This causes the multipath list to get truncated but the multipath count still reflects what it was before truncation. When we install the route to zebra we fail to fill the nexthop array with the number of nexthop pointers indicated by the multipath count and this leads to a NULL pointer crash in stream_put_in_addr(). Changes: * bgpd/bgp_mpath.c * bgp_info_mpath_update(): If new_mpath is the bestpath we should just move to the next mp_list node. Move dequeue of new_mpath and the code that updates next_mpath to inside the check that new_mpath is not the bestpath.
2011-07-20bgpd: When advertising a multipath route, the attribute set to beJosh Bailey
advertised is based on the bestpath attribute set, but the following attributes are aggregated from the attribute sets of the multipath constituents: - AS_PATH - ORIGIN - COMMUNITIES - EXTENDED COMMUNITIES In addition the route is advertised with the NEXT_HOP set to the router's interface IP address, instead of the NEXT_HOP of the best path. This is to ensure that traffic will go to this router so it can be fanned out via the multipath route. * bgpd/ecommunity.c * ecommunity_uniq_sort(): Make this function externally accessible * bgpd/ecommunity.h * Add external declaration for ecommunity_uniq_sort() * bgpd/bgp_mpath.c * bgp_info_nexthop_cmp(): Replace calls to bgp_attr_extra_get() to avoid unwanted memory allocation * bgp_info_mpath_free(): Free aggregate attribute for multipath * bgp_info_mpath_attr(): Lookup aggregate attribute of a multipath route * bgp_info_mpath_attr_set(): Set aggregate attribute of a multipath route * bgp_info_mpath_aggregate_update(): Update the aggregate attribute of a multipath route * bgpd/bgp_mpath.h * bgp_info_mpath: Add pointer to hold aggregate attribute of a multipath * Add external declarations for new functions * bgpd/bgp_route.c * bgp_announce_check(): Use aggregate attribute when announcing multipath route * bgp_announce_check_rsclient(): Use aggregate attribute when announcing multipath route * bgp_best_selection(): After updating multipath set, update the multipath aggregate attribute
2011-07-20bgpd: For deterministic MED build a multipath set for each peer AS as theJosh Bailey
first stage of the best path calculation. The second stage then selects a winner from each peer AS's best path. In the second stage we clear multipath set of the non-selected best paths via bgp_mp_dmed_deselect(). Since the multipath set is already marked up for the winning path, we don't call bgp_info_mpath_update() after the second stage calculation. * bgpd/bgp_mpath.c * bgp_mp_dmed_deselect(): New function to cleanup the multipath markup if a DMED selected path loses in stage 2 of the best path calculation * bgpd/bgp_mpath.h * Add external declaration of bgp_mp_dmed_deselect() * bgpd/bgp_route.c * bgp_best_selection(): If multipath is enabled, build up the mp_list for the current peer AS, and do the RIB markup the best path from that AS. In the second stage, clear the RIB markup for the DMED selected path if it is not selected as best. Only call bgp_info_mpath_update() in the second stage when not doing deterministic MED.
2011-07-20bgpd: Modify the BGP to zebra route announcement to support multipathJosh Bailey
routes. Use a growable buffer (bgp_nexthop_buf) to collect nexthops that are included in the announcement. Use the BGP_INFO_MULTIPATH_CHG flag to trigger zebra announcement so zebra will be updated if the multipath set changes. Display all multipath nexthops in 'debug bgp zebra' output. * bgpd/bgp_main.c * bgp_exit(): Free bgp_nexthop_buf when exiting * bgpd/bgp_route.c * bgp_process_rsclient(): Clear BGP_INFO_MULTIPATH_CHG after processing * bgp_process_main(): Check BGP_INFO_MULTIPATH_CHG to trigger zebra announcement and clear aftr processing * bgpd/bgp_zebra.c * bgp_nexthop_buf: Growable buffer used to collect nexthops for zebra announcement * bgp_zebra_announce(): Grow bgp_nexthop_buf if needed. Include multipath count in zebra announcement and add all nexthops to bgp_nexthop_buf. Pass bgp_nexthop_buf data to zebra announcement. Added nexthops to debug output. * bgp_zebra_init(): Initialize bgp_nexthop_buf at startup * bgpd/bgp_zebra.h * BGP_NEXTHOP_BUF_SIZE: Default initial bgp_nexthop_buf size has room for 8 nexthops
2011-07-20bgpd: Adds support to mark up the BGP rib table entry with multipathJosh Bailey
information based on the multipath list (mp_list) generated during the best path calculation. Display "multipath" for paths that are multipath and also on bestpath if the route is multipath. Flag a best path with the BGP_INFO_MULTIPATH_CHG if the multipath set has changed since the last update. This can be used to trigger updates to zebra and peers. The multipath markup is a lazily allocated bgp_info_mpath structure that is added to the best path and any multipaths. The mpath structures are linked together with the best path element at the head and the other elements ordered by nexthop and then by peer address. This markup scheme is updated by calling bgp_info_mpath_update() and passing in a new mp_list the the current multipath set. There are additional API's for walking the multipath set, querying the count of multipaths, and for cleaning up the multipath markup information when freeing path information. * bgpd/bgp_mpath.c * bgp_info_mpath_new(): Allocation of new mpath element * bgp_info_mpath_free(): Release memory for mpath element * bgp_info_mpath_get(): Access mpath element of path. Allocate memory on-demand * bgp_info_mpath_enqueue(): Enqueue a path onto the multipath list * bgp_info_mpath_dequeue(): Remove a path from the multipath list * bgp_info_mpath_first(): Return first path on the multipath list * bgp_info_mpath_next(): Return next path on the multipath list * bgp_info_mpath_count(): Return the number of paths on the multipath list * bgp_info_mpath_count_set(): Set the number of paths on the multipath list * bgp_info_mpath_update(): Update multipath markup on bgp route table entry and flag any changes. Emit 'debug bgp event' output on any multipath change. * bgpd/bgp_mpath.h * struct bgp_info_mpath: Information added to a bgp_info path to record multipath information * External declarations for new functions in bgp_mpath.c * bgpd/bgp_route.c * bgp_info_free(): Free mpath memory when freeing path information * bgp_info_reap(): Dequeue path from multipath queue before deleting it * bgp_best_selection(): Calls bgp_info_mpath_update() with latest mp_list to mark-up rib table entry * bgp_vty_out_detail(): Add display of multipath flag for a path. Also display 'multipath' for bestpath if it is a multipath route * bgpd/bgp_route.h * struct bgp_info: Add pointer to bgp_info_mpath information * Add flags to mark a path as multipath (BGP_INFO_MULTIPATH) and to mark bestpath if multipath information has changed (BGP_INFO_MULTIPATH_CHG) * lib/memtypes.c * Add MTYPE_BGP_MPATH_INFO for allocating memory for bgp_info_mpath * tests/bgp_mpath_test.c * Add test case for bgp_info_mpath_update() and supporting functions
2011-07-20bgpd: Adds equal-paths check to path comparison. Paths that areJosh Bailey
equal to the best path are accumulated onto an ordered list (mp_list) if maximum-paths is configured. A future commit will add the multipath markup to the BGP rib table based on the mp_list. Add unit test for the added mp_list functions. Deterministic MED is not supported in this commit, it will be added later. * bgpd/bgp_aspath.c * Make aspath_cmp() an external symbol so it can be used in equivalent paths check * bgpd/bgp_aspath.h * Add extern declaration of aspath_cmp() * bgpd/bgp_mpath.c * bgp_info_nexthop_cmp(): Compares nexthops of two paths * bgp_info_mpath_cmp(): Compare function to order multipaths by nexthop and then by peer address * bgp_mp_list_init(): Initialize a list with the multipath order function * bgp_mp_list_clear(): Clear out the mp_list * bgp_mp_list_add(): Add a multipath to mp_list * bgpd/bgp_mpath.h * External declarations for above added functions in bgp_mpath.c * bgpd/bgp_route.c * bgp_info_cmp(): Add equivalent paths result (paths_eq). If eBGP paths are equal down to IGP metric check, flag as equal if peer AS matches. Similarly for iBGP paths but compare full AS_PATH. * bgp_best_selection(): If multipath is enabled, accumulate equivalent paths in mp_list. Add debug bgp event output to see result (will be filtered later to display only when change occurs) * bgp_process_rsclient(): Pass multipath config to bgp_best_selection() * bgp_process_main(): Pass multipath config to bgp_best_selection() * tests/bgp_mpath_test.c * Add unit test case for bgp_mp_list functions
2011-07-20bgpd: Add new configuration cli for eBGP and iBGP multipath.Josh Bailey
There is support to configure this for each (AFI,SAFI), but currently this configuration is only present for IPv4 unicast: maximum-paths [ibgp] <1-255> no maximum-paths [ibgp] [<1-255>] * bgpd/Makefile.am * Add bgp_mpath.h and bgp_mpath.c to build * bgpd/bgp_mpath.h * New file for bgp multipath declarations * define BGP_DEFAULT_MAXPATHS * bgpd/bgp_mpath.c * bgp_maximum_paths_set(): Configure maximum paths for the given afi, safi and bgp instance * bgp_maximum_paths_unset(): Return maximum paths configuration to the default setting for the given afi, safi and bgp instance * bgpd/bgp_vty.c * Define command strings for above CLI * bgp_config_write_maxpaths(): Outputs configuration for the given afi, safi and bgp instance * Install command elements for IPv4 unicast * bgpd/bgp_zebra.h * bgp_config_write_maxpaths(): External declaration * bgpd/bgpd.c * bgp_create(): Initialize bgp instance to default maximum paths setting * bgp_config_write_family(): Output maximum paths configuration for the given address family * bgp_config_write(): Output maximum paths configuration for IPv4 unicast address family * bgpd/bgpd.h * struct bgp: Add storage for maximum paths configuration for each afi, safi
2011-04-13bgpd: trivial format / warning fixesPaul Jakma
* bgp_aspath.c: (assegments_parse) just bail early if length doesn't match and fix the formatting. * bgp_network.c: add include needed for set_nonblocking * bgp_packet.c: formatting
2011-04-01bgpd: fix memory leak when deleting a communityMichael Lambert
* bgp_routemap.c: (route_set_community_delete) When deleting a community in a route-map the old community was being orphaned. Like the description of the same code in route_set_community, this is a hack, not a true fix.
2011-04-01Revert "bgpd: "Intern" communities in route maps"Paul Jakma
This reverts commit 2c9fd7e07283b8904ef20030c9dadb032e999b12.
2011-03-29bgpd: Fix merge error in jhash commitPaul Jakma
* bgp_attr.c: (attrhash_key_make) 98e30f should have changed jhash2 to jhash. These kinds of merge errors would be reduced and life would be easier if people would submit fully-formed fixes that could be chucked directly into git-am.
2011-03-28bgpd: refine the setting up of GTSMStephen Hemminger
* bgpd.h: Add error code for setting GTSM on iBGP * bgpd.c: (peer_ttl_security_hops_set) use previous error code and signal incompatibility of GTSM+iBGP to vty. Consider the session state when setting GTSM, and reset Open/Active peers to let them pick up new TTL from start.
2011-03-24bgpd: Cleanups & fixes for minttl / GTSMStephen Hemminger
* bgp_vty.c: (peer_ebgp_multihop_{un,}set_vty) tail-call cleanup. ({no_,}neighbor_ttl_security) ditto. * bgpd.c: (peer_ttl_security_hops_set) Peer group checks and TTL set only need to be done on transition. * sockunion.c: (sockopt_minttl) remove always-on debug and improve readability.
2011-03-23bgpd: RFC 5082 Generalized TTL Security Mechanism supportNick Hilliard
* bgpd: Add support for RFC 5082 GTSM, which allows the TTL field to be used to verify that incoming packets have been sent from neighbours no more than X IP hops away. In other words, this allows packets that were sent from further away (i.e. not by the neighbour with known distance, and so possibly a miscreant) to be filtered out. * lib/sockunion.{c,h}: (sockopt_minttl) new function, to set a minimum TTL using the IP_MINTTL socket opt. * bgpd.h: (BGP_ERR_NO_EBGP_MULTIHOP_WITH_TTLHACK) define for command error for minttl. (struct peer) add a config variable, to store the configured minttl. (peer_ttl_security_hops_{set,unset}) configuration handlers * bgpd.c: (peer_group_get) init gtsm_hops (peer_ebgp_multihop_{un,}set) check for conflicts with GTSM. Multihop and GTSM can't both be active for a peer at the same time. (peer_ttl_security_hops_set) set minttl, taking care to avoid conflicts with ebgp_multihop. (bgp_config_write_peer) write out minttl as "neighbor .. ttl-security hops X". * bgp_vty.c: (bgp_vty_return) message for BGP_ERR_NO_EBGP_MULTIHOP_WITH_TTLHACK (peer_ebgp_multihop_{un,}set_vty) * bgp_network.c: (bgp_accept) set minttl on accepted sockets if appropriate. (bgp_connect) ditto for outbound.