Age | Commit message (Collapse) | Author |
|
This vulnerability (CERT-FI #514838) was reported by CROSS project.
The error is reproducible only when ospfd debugging is enabled:
* debug ospf packet all
* debug ospf zebra
When incoming packet header type field is set to 0x0a, ospfd will crash.
* ospf_packet.c
* ospf_verify_header(): add type field check
* ospf_read(): perform input checks early
|
|
This vulnerability (CERT-FI #514838) was reported by CROSS project.
When only 14 first bytes of a Hello packet is delivered, ospfd crashes.
* ospf_packet.c
* ospf_read(): add size check
|
|
This vulnerability (CERT-FI #514837) was reported by CROSS project.
They have also suggested a fix to the problem, which was found
acceptable.
Quagga ospfd does not seem to handle unknown LSA types in a Link State
Update message correctly. If LSA type is something else than one
supported
by Quagga, the default handling of unknown types leads to an error.
* ospf_flood.c
* ospf_flood(): check return value of ospf_lsa_install()
|
|
|
|
|
|
|
|
This reverts commit 68575f4babf4d6fc302c366898a1047f13629214.
|
|
Since 46bc0e432e75, all the binaries are built as Position-Independed
Executables (if available and enabled). ospfd was missed for some
unknown reason.
|
|
* ospf_ase.c
* ospf_ase_complete_direct_routes(): dismiss unused variable
* ospf_ase_calculate_route(): put assignments into parentheses
|
|
* ospf_spf.c
* ROUTER_LSA_TOS_SIZE: prepend OSPF_ and move to ospf_lsa.h
* ROUTER_LSA_MIN_SIZE: replace with existing OSPF_ROUTER_LSA_LINK_SIZE
|
|
* sockopt.[ch] (setsockopt_ipv4_multicast): ifindex is now mandatory (all
non-ancient OSes can use it anyway), and if_addr parameter (the address
of the interface) is now gone. (setsockopt_ipv4_multicast_if):
IP_MULTICAST_IF processing moved to this new function
* ospf_network.c (ospf_if_add_allspfrouters, ospf_if_drop_allspfrouters,
ospf_if_add_alldrouters, ospf_if_drop_alldrouters, ospf_if_ipmulticast),
rip_interface.c (ipv4_multicast_join, ipv4_multicast_leave,
rip_interface_new): adapt to the new interface
|
|
* ospf_route.c: Function ospf_asbr_route_cmp is called uniquely from
ospf_route_cmp() when the flag OSPF_RFC1583_COMPATIBLE is not set.
Therefore, the check that the flag is set doesn't make sense at all
and it can consequently be removed without doing any harm.
Signed-off-by: Alexandre Chappuis <alc@open.ch>
Signed-off-by: Roman Hoog Antink <rha@open.ch>
|
|
* ospf_{ism,network}.c: Certain oft-repeated but trivial messages should be
debug log level, not info, to avoid spamming 'terminal monitor'
|
|
* ospf_zebra.c: (ospf_distribute_list_update_timer) forces a
refresh of default route each time it finds a default prefix.
This is suboptimal, just record that it needs to be done and
do it once.
Signed-off-by: Joakim Tjernlund <Joakim.Tjernlund@transmode.se>
|
|
* ospf_zebra.c: (ospf_distribute_list_update_timer)
If there are updates to the distribute list every 5 second or less,
ospf_distribute_list_update_timer() will never run as the timer gets
rearmed for each update. This fixes it by never rearming an active
distribute list timer.
Signed-off-by: Joakim Tjernlund <Joakim.Tjernlund@transmode.se>
|
|
Roman Hoog Antink <rha@open.ch> reports:
When adding a connected route (using vtysh, without restart) to the
redistribution access list of ospfd, while static routes already exist,
the update timer ospf_distribute_list_update_timer() is being run for
static routes only. That way, the connected route never appears in the
OSPF database, until quagga is completely restarted.
The update timer for connected routes is cancelled in
ospfd/ospfd_zebra.c:ospf_distribute_list_update():976, were a new timer
is scheduled for static routes, caused by the loop in ospf_filter_update().
* ospf_zebra.c: (ospf_distribute_list_update_timer) make it
refresh all external routes. This fixes the problem
reported by Roman.
Signed-off-by: Joakim Tjernlund <Joakim.Tjernlund@transmode.se>
|
|
* ospf_packet.c: (ospf_ls_upd) DISCARD_LSA continues, and so should be
after debug messages, not before them.
|
|
* ospf_lsdb.c: (lsdb_prefix_set) memset is unneeded, as all fields are
initialised explicitly, and this function can be in the top-3 of a
profile when there are a lot of LSAs.
|
|
Several bits of text can be local or are unused.
|
|
|
|
This code is only used one place and can be made local.
Gcc is smart enough to inline local functions if it wants to.
The function also has a big chunk of compatiablity code that
is no longer used; since quagga is now in a version control system
the source does not need to be used as a historical reference.
|
|
The following syntax forms were not historically supported
by Quagga, although IOS accepted them w/o a problem:
no ip ospf cost <1-65535>
no ospf cost <1-65535>
no ip ospf cost <1-65535> A.B.C.D
no ospf cost <1-65535> A.B.C.D
From now on Quagga also supports these variants.
|
|
* ospf_ism.c (ospf_dr_eligible_routers) should test for priority > 0 instead
of != 0 as ospf_nbr_new () initially sets prio to -1
|
|
* ospf_zebra.c: (ospf_distribute_check_connected) check to make filter out
routes matching connected routes was matching against OSPF networks, which
can be far more general than the actual connected interfaces. Fix.
|
|
* */*main.c: (main) Current versions of Gcc warn if the return value for
daemon() is not checked. So add a simple test and exit on failure.
|
|
Doing redistribute delete with full BGP table was taking
30 minutes, this drops it down to less than a second.
* ospf_lsa.c: (ospf_lsa_maxage) When flushing lots of entries the
performance is terrible because it looks up each LSA entry through
ospf_lsa_maxage_exist before deleting causing O(N^2) performance. Use a
new OSPF_LSA_MAXAGE flag instead of scan - and maintain it.
(ospf_lsa_maxage_exist) removed
(ospf_lsa_maxage_delete) maintain OSPF_LSA_MAXAGE flag
|
|
In some cases ospfd does not recalc the route table. This
happens when ospfd receives an old LSA which will trigger
recalc but the this recalc will fail because all interfaces
isn't up yet. Next LSA that is originated matches the old one
so no recalc will be performed. This problem has been observed
when there are only 2 ppp I/Fs in an area, both go down at the
same time, then they come up again with a few seconds apart.
* ospf_lsa.c: (ospf_{router,network}_lsa_install) avoid a needless scheduling
of SPF.
(ospf_lsa_different) fix bug in LSA comparison that would lead to the
described failure to schedule SPF.
|
|
* ospf_packet.c: make this message conditional on 'debug ospf event', as it
be easily triggered with, e.g., multiple subnets sharing same physical
network. E.g, see bug #532.
|
|
* ospf_lsa.c: (link_info_set) Use %zd for size_t - C99 is old enough now.
Lots of similar warnings all over the code.
(ospf_lsa_translated_nssa_compare) Unused func - delete.
|
|
* ospf_{spf,lsa}.c: remove out of date comment; add comment on some
non-obvious code; Make note of a possible scaling problem.
|
|
* global: In struct ospf_path, change struct ospf_interface *oi to int
ifindex. It is unsafe to reference *oi as an ospf interface can be
deleted under your feet. Use a weak reference instead.
|
|
* ospf_spf.c: (ospf_get_next_link) One must check the vertex type, Router or
Network, to select type link to match against. Link type 1 has neighbour
router ID in link_id and link type 2 has IP address of DR. Since router
id may have same value as an existing IP address one risks matching a
router ID against a DR.
|
|
This function will return the interface for the first matching
remote address for PtP i/f's. That won't work for multiple
unnumbered i/f's as these may all have the same address.
Pass in the struct interface pointer, ifp, to find the
correct set of oi's to search in. This also reduces the
size of the search list, making it faster.
* ospfd/ospf_interface.c: Add struct interface * param to
ospf_if_lookup_recv_if() to select the right list to search in.
* ospfd/ospf_interface.h: ditto.
* ospfd/ospf_packet.c: Pass new ifp argument to ospf_if_lookup_recv_if()
|
|
Makes it possible to run OSPF on multiple PtP interfaces
with the same remote address.
* ospfd/ospf_interface.c: Export ospf_if_table_lookup().
* ospfd/ospf_interface.h: ditto.
* ospfd/ospfd.c: (ospf_network_run_interface) Use ospf_if_table_lookup() to
determine whether OSPF is already configured for a subnet and interface.
|
|
*/*: ifp->flags is 64 bit unsigned which can not be handled by %l on 32
bit architectures - requires %ll and the appropriate cast.
|
|
Should a self originated Network/Router LSA with higher
LS seq. nr. be received we should flood and install it in
the LSDB but we cannot use it for our internal calculations
as it is stale.
Reorginate an new LSA to replace the stale one as soon
as possible.
|
|
ospf_path_lookup(), ospf_route_match_same() and
ospf_ase_route_match_same() needs to
compare if the interface matches too.
|
|
A few route_unlock_node() calls was missing.
|
|
ospf_lsa_install() will calculate LSA checksum so no
need to do it before calling ospf_lsa_install().
Set the OSPF_LSA_SELF_CHECKED flag on own LSA's to
save ospf_lsa_is_self_originated() some work.
Do not memset() memory that is about to overwritten
with memcpy().
|
|
|
|
|
|
|
|
This piece of code causes all Quagga routers on a broadcast link to
send a HELLO packet simultaneously if they see a new neighbor. It also
resets the HELLO timer, so all the quagga routers will continue to
send HELLO packets simultaneously in the future. This is not good
(especially on networks with a lot of Quagga routers connected), and
is explicitly discouraged by the OSPF standard, RFC 2328 (chapter
4.4.Timers).
I suggest to remove the code snippet, it does not provide much benefit
anyway.
|
|
Should probably have AC_TYPE_UINT16_T in configure.ac to make it really
clean... and a fresh import of gnulib, the existing copy of gnulib seems to
be manually put some stuff in zebra.h. I'm leaving that alone for now,
since a fresh import will probably clean up a lot of cruft and it would be a
duplicated effort to fix some things now.
The FreeBSD port 0.99.11_1 files/patch-ospfd-ospfd.h can probably go away
after this is applied.
|
|
* */*main.c: Seems that the actual code was removed previously, but the
argument processing code remained.
|
|
|
|
This may fix vyatta BUG 3096. The reference count for OSPF route table was
never completely freed on deleting all neighbors.
|
|
The cmd_nodes used to configure vty, can mostly be static so
(basic data hiding 101).
|
|
Use Ansi-C prototypes rather than old K&R method of declaring
function without arguments
|
|
Simple conversion of XMALLOC/memset to XCALLOC
|