summaryrefslogtreecommitdiff
path: root/ospfd
AgeCommit message (Collapse)Author
2013-07-28ospfd: CVE-2013-2236, stack overrun in apiserverDavid Lamparter
the OSPF API-server (exporting the LSDB and allowing announcement of Opaque-LSAs) writes past the end of fixed on-stack buffers. This leads to an exploitable stack overflow. For this condition to occur, the following two conditions must be true: - Quagga is configured with --enable-opaque-lsa - ospfd is started with the "-a" command line option If either of these does not hold, the relevant code is not executed and the issue does not get triggered. Since the issue occurs on receiving large LSAs (larger than 1488 bytes), it is possible for this to happen during normal operation of a network. In particular, if there is an OSPF router with a large number of interfaces, the Router-LSA of that router may exceed 1488 bytes and trigger this, leading to an ospfd crash. For an attacker to exploit this, s/he must be able to inject valid LSAs into the OSPF domain. Any best-practice protection measure (using crypto authentication, restricting OSPF to internal interfaces, packet filtering protocol 89, etc.) will prevent exploitation. On top of that, remote (not on an OSPF-speaking network segment) attackers will have difficulties bringing up the adjacency needed to inject a LSA. This patch only performs minimal changes to remove the possibility of a stack overrun. The OSPF API in general is quite ugly and needs a rewrite. Reported-by: Ricky Charlet <ricky.charlet@hp.com> Cc: Florian Weimer <fweimer@redhat.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-04-20ospfd: fix flooding procedureChristian Franke
An ospf router should accept a new maxage LSA into its lsdb if it has any neighbors in state Exchange or Loading. ospfd would however only account for neighbors on the same interface which does not seem to be a valid optimization. Signed-off-by: Christian Franke <chris@opensourcerouting.org> Signed-off-by: Joachim Nilsson <troglobit@gmail.com> Signed-off-by: David Lamparter <equinox@diac24.net>
2013-04-20ospfd: make ospf_maxage_lsa_remover actually yieldChristian Franke
ospf_maxage_lsa_remover whould check whether to yield, but run on anyway. Signed-off-by: Christian Franke <chris@opensourcerouting.org> Signed-off-by: Joachim Nilsson <troglobit@gmail.com> Signed-off-by: David Lamparter <equinox@diac24.net>
2013-04-09ospfd: restore nexthop IP for p2p interfacesChristian Franke
commit c81ee5c... "ospfd: Optimize and improve SPF nexthop calculation" subtly changed semantics of routes calculated over pointopoint links by removing the nexthop IP address and instead using an ifindex route. This breaks calculation of AS-Ext routes with a forwarding address since in ospf_ase_complete_direct_routes() this will be hit: if (op->nexthop.s_addr == 0) op->nexthop.s_addr = nexthop.s_addr; thus turning the route unusable by having an invalid nexthop. Fix by restoring the nexthop IP on routes over PtP links. This also allows running multi-access (Ethernet) interfaces in PtP mode again. This bug is a regression against 0.99.21 and only present in 0.99.22. Signed-off-by: Christian Franke <chris@opensourcerouting.org> [patch description and code comments rewritten] Acked-by: Joakim Tjernlund <Joakim.Tjernlund@transmode.se> Acked-by: James Li <jli@cumulusnetworks.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-04-09ospfd: fix LSA initialization for build without opaque LSAChristian Franke
If configured without opaque LSA support, the old code would incorrectly associate type 5 LSAs with an area. Signed-off-by: Christian Franke <chris@opensourcerouting.org> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2013-01-07ospfd: Remove dup MaxAge LSA floodDinesh G Dutt
Stop additional, unnecessary flooding of MaxAge LSAs. When a MaxAge LSA is installed, if the LSA is prematurely aged or the LSA is not self-originated, the LSA is flushed. This results in a the LSA being flooded a second time and in some cases flooded back to the receiver (unless the receiver is also the advertising router). A MaxAge'd LSA has already been flooded in ospf_flood() as part of the LSA receive processing (ospf_ls_upd). A self-originated LSA will be flooded from the originate/refresh routine. Thus, in the install routine, a MaxAge'd LSA only needs to be added to the MaxAge LSA list. Signed-off-by: Dinesh G Dutt <ddutt@cumulusnetworks.com> Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
2013-01-07ospfd: Corrected ospfd Type-4/Type-5 ls update handlingVishal Kumar
This fix is for Type-4 LS updates handling at a ABR router where ospf daemon is not distributing Type-4 LS updates with correct LS-Age after learning about a ASBR router in a ospf network. Because of this Type-5 LS updates are not learnt in ospf network. Testing Scenario: This can be re-produced by restarting the ospfd daemon on DUT (mentioned in figure below)before the Hello time interval expires for area 0.0.0.1. ____ _______ ____ _________ | | area: 0.0.0.1 | | area: 0.0.0.0 | | area: 0.0.0.2 | | | R1 |---------------------|DUT/ABR|---------------------| R2 |------------------| R3/ASBR | |____| x.x.x.0/24 |_______| y.y.y.0/64 |____| z.z.z.0/24 |_________| In the above setup when ospfd is restarted (imp:before the Hello interval at R1 expires) and DUT learns about ASBR router R3 (Type-4) in the network from R2, but this ls-update is not propagates in area 0.0.0.1. So R1 never comes to know about the ASBR router in the network, so all the type-5 LS updates coming from R3 are not learnt by R1. Further if we again restart ospfd daemon it starts working fine. With the fix given this issue can be resolved. More Discussion on this is available at: http://www.gossamer-threads.com/lists/quagga/dev/23892 Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
2013-01-07ospfd: compile warning cleanupsAndrew Certain
A set of patches to clarify some comments as well as cleanup code that was causing warnings. After these patches, the code can be compiled with -Wall -Wsign-compare -Wpointer-arith -Wbad-function-cast -Wwrite-strings -Wmissing-prototypes -Wmissing-declarations -Wchar-subscripts -Wcast-qual -Wextra -Wno-unused-parameter -Wno-missing-field-initializers (what is current in trunk plus -Wextra -Wno-unused-parameter -Wno-missing-field-initializers). Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
2013-01-07ospfd: Update nsm_change_state to static scope, as it is not called from ↵Andrew Certain
elsewhere Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
2013-01-07ospfd: Changed TE instance check to remove -Wtype-limits warningAndrew Certain
Since LEGAL_TE_INSTANCE_RANGE() was being passed an unsigned int, a warning was being thrown due to the compare against >= 0. Since this macro was used only in one place, I removed the macro for an explict compare against a constant for the MAX. Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
2013-01-07ospfd: Update comments to be more clear in packet processingAndrew Certain
Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
2013-01-07ospfd: Fixed signed/unsigned masking of negative metricsAndrew Certain
In the original code, negative metrics would be converted successfully by atoi() and then converted to an unsigned int that would always compare successfully against >= 0, leaving a large positive metric in the route map. Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
2013-01-07ospfd: Fixed typo bug in ospf_vty.h:ospf_neighborAndrew Certain
Typo bug. ospf_nbr_nbma_poll_interval_set() was being sent priority instead of interval. Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
2013-01-07ospfd: fix argument parsing for distribute-listChristian Franke
Use the correct argument for the protocol lookup in ospf distribute-list commands. Signed-off-by: Christian Franke <chris@opensourcerouting.org> Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
2013-01-07ospf: fix apiserver enableDavid Lamparter
The ospf_apiserver_enable flag was being cleared _after_ the "-a" command-line option set it to 1. Move up the initialisation, so enabling the OSPF API is actually possible. Reported-by: Rosario Mattera <rosmattera@gmail.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org> Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
2013-01-07ospf: Fix type-4 network mask to 0 per RFCLeonard Tracy
The OSPF RFC (2328) states that the network mask field of a type 4 LSA "is not meaningful and must be zero". OSPFD has been setting the mask as /32. This patch changes OSPFD to set the mask to 0 per the RFC Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
2013-01-07ospf: Reduce MaxAge log levelAyan Banerjee
Reduce the log level for the MaxAge LSA reception when such an LSA does not exist in the database. Signed-off-by: Ayan Banerjee <ayan@cumulusnetworks.com> Reviewed-by: Scott Feldman <sfeldma@cumulusnetworks.com> Reviewed-by: Nolan Leake <nolan@cumulusnetworks.com> Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
2013-01-07ospf: Convert MAX_AGE LSA list to treeDinesh Dutt
Store the MaxAge LSA list in a tree instead of a linked list for efficient access. Walking the list can be quite inefficient in some large systems and under certain tests. ospfd maintains the list of LSA's that have been MaxAge'd out in a separate linked list for removal by a remover/walker thread. When a new LSA is to be installed, the old LSA is ejected and when it is ejected, the MaxAge LSA list is traversed to ensure that the old LSA is also removed from this list if it exists on this list. When a large number (> 5K) MaxAge LSAs are bombarding the system, walking this list takes a significant time causing timers to fire and actions to be taken such as expiring neighbors due to expiry of DeadInterval (especially when timer is really low, <= 12s), creating a spiral of instability. By making this MaxAge LSA list be a tree, this problem is mitigated. Signed-off-by: Dinesh Dutt <ddutt@cumulusnetworks.com> Reviewed-by: Ayan Banerjee <ayan@cumulusnetworks.com> Reviewed-by: Scott Feldman <sfeldma@cumulusnetworks.com> Reviewed-by: Shrijeet Mukherjee <shm@cumulusnetworks.com> Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
2013-01-07ospf: forward ref. of areas for "max-metric router-lsa administrative" cmdAyan Banerjee
In the event areas are created at a later point of time with respect to the playback of the "max-metric router-lsa administrative" command, those areas do not get into indefinite max-metric mode. This patch is inteneded to store the configuration and apply it to all future areas that may be created. In the process, some other bugs that were there with respect to restart etc are fixed up. Tested locally to see that the fix works across multiple areas and across multiple restarts. Signed-off-by: Ayan Banerjee <ayan@cumulusnetworks.com> Reviewed-by: Scott Feldman <sfeldma@cumulusnetworks.com> Reviewed-by: JR Rivers <jrrivers@cumulusnetworks.com> Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
2013-01-07ospf: suppress delete using replacementAyan Banerjee
After a SPF run, OSPF deletes routes that have changed in terms of any metric, type, and/or next-hops and re-adds them. Given that the Zebra-RIB already support replacement semantics, we suppress deletes for routes that will be added back again. This has the following advantages. It reduces the number of IPC messages between OSPF/Zebra. Also, in the current flow, a batch of route deletes were followed by a batch of adds even for say a metric change. With the change, routes are sent as "add" when they are modified. Zebra already implicitly deletes older routes. Signed-off-by: Ayan Banerjee <ayan@cumulusnetworks.com> Reviewed-by: Scott Feldman <sfeldma@cumulusnetworks.com> Reviewed-by: Dinesh Dutt <ddutt@cumulusnetworks.com> Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
2012-11-05ospfd: remove some buggy extra ';' symbols.Hasso Tepper
* ospfd/ospf_apiserver.c: extra ; causing lookup to fail always * ospfd/ospf_lsa.c: extra ; causing debug output even when disabled Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2012-10-25*: use array_size() helper macroBalaji.G
Use the array_size() helper macro. Replaces several instances of local macros with the same definition. Reviewed-by: Scott Feldman <sfeldma@cumulusnetworks.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2012-10-25ospfd: respect max-metric over configured cost for summary LSAsJR Rivers
ISSUE When max-metric router-lsa administrative is invoked on an ABR created with... area <area> range <addr/mask> the summary LSAs are sent out with 65535 (max-metric) added to the normal cost. When max-metric router-lsa administrative is invoked on an ABR created with... area <area> range <addr/mask> cost <cost> the summary LSAs are sent out with <cost> (the max-metric is ignored). This second behavior effectively incapacitates the max-metric function. PATCH This patch evaluates the state of the router and if it's isolated as a stub router (rfc3137) via `max-metric router-lsa`, we unconditionally uses the value of 0xff0000 when advertising summary LSAs. Signed-off-by: JR Rivers <jrrivers@cumulusnetworks.com> Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com> Reviewed-by: Ayan Banerjee <ayan@cumulusnetworks.com> Reviewed-by: Dinesh Dutt <ddutt@cumulusnetworks.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2012-10-25ospfd: ABR algorithm not propagating MAXAGE LSAs into areaJR Rivers
When a range (or sub-range) is deleted, the area is notified by propagating a MAXAGE LSA. This LSA stays in the database for a while to both insure propagation as well as in the off chance that it's useful in the near future. Unfortunately, the ABR algorithm was treating these MAXAGE LSAs as unchanged and not propagating them within the areas. Signed-off-by: JR Rivers <jrrivers@cumulusnetworks.com> Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com> Reviewed-by: Dinesh Dutt <ddutt@cumulusnetworks.com> Reviewed-by: Shrijeet Mukherjee <shm@cumulusnetworks.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2012-10-25ospfd: blackhole route removal for area rangeJR Rivers
ISSUE When an area range is created in which there the sub-area has routes that are smaller than the range, an ABR creates a blackhole route to cover the range. When the range is removed, the blackhole route is not removed. --A----B----C--- B is an ABR with A in area 1 and C in area 0. If A advertises `10.2.0.0/30` and `10.2.0.4/30` and B is configured with `area 0.0.0.1 range 10.2.0.0/29` a blackhole is created on B (`blackhole 10.2.0.0/29 proto zebra`). When the area/range is removed via the command line, the blackhole remains in existence even though the "range" route is removed from area 0 and the individual routes are propagated. PATCH The reason for this behavior is that, prior to this patch, the range is deleted from the area's list, so when ospf_abr_manage_discard_routes() gets called, there is nothing to clean up. The patch removes the discard route as part of the processing of the command line (ospf_area_range_unset()). Signed-off-by: JR Rivers <jrrivers@cumulusnetworks.com> Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com> Reviewed-by: Shrijeet Mukherjee <shm@cumulusnetworks.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2012-10-25lib: improve fletcher checksum validationJR Rivers
OVERVIEW The checksum used in OSPF (rfc2328) is specified in rc905 annex B. There is an sample implementation in rfc1008 which forms the basis of the quagga implementation. This algorithm works perfectly when generating a checksum; however, validation is a bit problematic. The following LSA (generated by a non-quagga implementation) is received by quagga and marked with an invalid checksum; however, it passes both the rfc905 and rfc1008 validation checks. static uint8_t lsa_10_121_233_29[] = { 0x0e, 0x10, 0x02, 0x03, 0x09, 0x00, 0x35, 0x40, 0x0a, 0x79, 0xe9, 0x1d, 0x80, 0x00, 0x00, 0x03, 0x00, 0x8a, 0x00, 0x1c, 0xff, 0xff, 0xff, 0xe0, 0x00, 0x00, 0x36, 0xb0 }; LS Type: Summary-LSA (IP network) LS Age: 3600 seconds Do Not Age: False Options: 0x02 (E) Link-State Advertisement Type: Summary-LSA (IP network) (3) Link State ID: 9.0.53.64 Advertising Router: 10.121.233.29 (10.121.233.29) LS Sequence Number: 0x80000003 LS Checksum: 0x008a Length: 28 Netmask: 255.255.255.224 Metric: 14000 You'll note that one byte of the checksum is 0x00; quagga would calculate the checksum as 0xff8a. It can be argued that the sourcing implementation generates an incorrect checksum; however, rfc905 indicates that, for 1's complement arithmetic, the value 255 shall be regarded as 0, thus either values are valid. EXPLANATION The quagga ospfd and ospf6d implementations operate by copying the PDU's existing checksum in a holding variable, calculating the checksum, and comparing the resulting checksum to the original. As a note, this implementation has the side effect of modifying the contents of the PDU. Evaluation of both rfc905 and rfc1008 shows that checksum validation should involve calculating the sum over the PDU and checking that both resulting C0 and C1 values are zero. This behavior is enacted in the rfc1008 implementation by calling encodecc with k = 0 (checksum offset); however, this functionality had been omitted from the quagga implementation. PATCH This patch adds the ability to call the quagga's fletcher_checksum() with a checksum offset value of 0xffff (aka FLETCHER_CHECKSUM_VALIDATE) which returns the sum over the buffer (a value of 0 indicates a valid checksum). This is similar to the mechanism in rfc1008 when called with k = 0. The patch also introduces ospf_lsa_checksum_valid(). ospf6d had it's own implementation of the fletcher checksum in ospf6_lsa_checksum(); it's the same algorithm as in fletcher_checksum(). This patch removes the local implementation in favor of the library's as well as creates and uses ospf6_lsa_checksum_valid(). quagga's ISIS implementation suffers from the same problem; however, I do not have the facilities to validate a fix to ISIS, thus this change has been left to the ISIS maintainers. The function iso_csum_verify() should be reduced to running the fletcher checksum over the buffer using an offset of 0. Signed-off-by: JR Rivers <jrrivers@cumulusnetworks.com> Reviewed-by: Scott Feldman <sfeldma@cumulusnetworks.com> Reviewed-by: Nolan Leake <nolan@cumulusnetworks.com> Reviewed-by: Ayan Banerjee <ayan@cumulusnetworks.com> Reviewed-by: Shrijeet Mukherjee <shm@cumulusnetworks.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2012-10-19Revert "ospfd: Do not fall back to intervening router."Paul Jakma
This reverts commit 9289c6ff55cd96c943d23e43fc9e5f987aa965ed. The commit reverted an earlier change which was fixed a bug that caused black-holes to remote destinations with multiple paths, that could occur during convergence. Overall, the previous code is more correct.
2012-09-25build: correct libtool parameter used within MakefilesBrad Smith
This corrects the parameters passed to libtool when linking the shared libraries. The paramter name is -version-info not -version. Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2012-07-25ospfd: Do not fall back to intervening router.Joakim Tjernlund
The patch in bug 330 did two things. It add a return value whether ospf_nexthop_calculation() failed or not and also moved the return stmt for 16.1.1 para 5 so now SPF will fallback to the intervening router when no back links are found by 16.1.1 para 5. This is wrong and can potentially create black holes or routing loops according to Dave Katz and Acee Lindem at ospf@ietf.org Even if the current code could be proved to be harmless in all cases, it adds substantial extra processing and memory allocations. Signed-off-by: Joakim Tjernlund <Joakim.Tjernlund@transmode.se> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2012-07-25ospfd: use ZEBRA_NEXTHOP_IPV4_IFINDEXJoakim Tjernlund
OSPF really needs to specify interface in its routes. Otherwise ospf may change the wrong route. Signed-off-by: Joakim Tjernlund <Joakim.Tjernlund@transmode.se> [fixed up some whitespace errors, split patch in two] Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2012-07-25ospf_spf_process_stubs: use LSA pos to find OSFP interfaceJoakim Tjernlund
This is better than a prefix lookup as prefixes may not be unique, that is, the same prefix can exist on several interfaces. Signed-off-by: Joakim Tjernlund <Joakim.Tjernlund@transmode.se> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2012-07-25ospfd: Optimize and improve SPF nexthop calculationJoakim Tjernlund
Maintain router LSA positions in OSPF interface. Find the OSPF interface in nexthop_calculation using the position in the router LSA. This is possible because the only time nexthop_calculation needs to look up interfaces is when dealing with its own Router LSA. This has the following advantages: - Multiple PtP interfaces with the same IP address between two routers. - Use Unnumbered PtP on just one end of the link. - Faster OI lookup for the OSPF interface and only done once for PtoP links. *ospf_interface.h: (struct ospf_interface) Add storage for storing router LSA position. *ospf_interface.c: (ospf_if_lookup_by_lsa_pos) lookup OSPF I/F in an area using LSA position. *ospf_lsa.c: (router_lsa_link_set) record Router LSA position. *ospf_spf.c: (ospf_spf_next) Count and pass along lsa position. (ospf_nexthop_calculation) Add lsa position argument. call ospf_if_lookup_by_lsa_pos() for OSFP interface handle. Clean up and remove all calls ospf_if_is_configured() the rest. Adjust a few debug logs. Signed-off-by: Joakim Tjernlund <Joakim.Tjernlund@transmode.se> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2012-07-25ospfd: avoid exhausting memory with OSPF vertices (BZ#476)David Lamparter
This was found in scale testing at OSR; ospfd is adding the same link over and over again to the SPF tree. This fix prevents the resulting memory corruption from happening and adds a debug message to track occurence of this issue and/or confirm a proper fix. (This version was improved by Scott Feldman over the earlier RFC.) * ospfd/ospf_spf.c: (ospf_spf_add_parent) loop over existing vertices and refuse to add duplicates. Tested-by: Martin Winter <mwinter@opensourcerouting.org> Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2012-06-25snmp: let handlers accept OID from a lesser prefixVincent Bernat
Most table handlers do not expect to be given an OID whose prefix is outside what they can handle. This is not a problem with the SMUX implementation since it always correct the OID such that the prefix matches. However, this is not the case for the AgentX implementation. A new function, smux_header_table() is used to do this normalization.
2012-06-25agentx: handle SNMP trapsVincent Bernat
smux_trap() signature has been changed to provide appropriate level information to send SNMPv2 notifications. This includes the addition of the enterprise OID to use (from which is derived the SNMP trap OID) and the MIB registry to locate the appropriate function for variable bindings provided by the trap. The SMUX implementation has been updated but ignore the provided enterprise OID. Instead, it still uses the SMUX peer OID to keep compatibility with previous versions of Quagga. The SMUX implementation also ignores the provided MIB registry since it uses smux_get() function to grab the appropriate values. This is not possible with the AgentX implementation since there is no such function provided by NetSNMP.
2012-06-25smux: drop findVar element from trap object structVincent Bernat
This element was not unused.
2012-06-25smux: remove `tick` argument from smux_trap()Vincent Bernat
smux_trap() contains an argument whose use appears to be to set sysUpTime.0/timestamp field in SNMP trap. However, this value is not used in smux_trap(). Moreover, it is expected that this field is the value of sysUpTime.0 when the trap was sent and not any other time related to the trap. To avoid any confusion, we remove this field from the signature of the function.
2012-06-25build: use net-snmp-config to configure NetSNMPVincent Bernat
The correct method to link to NetSNMP is to use net-snmp-config (which is like pkg-config). Explicit link to libcrypto is also dropped (NetSNMP libs are linked to libcrypto, no need to link Quagga to it). Moreover, @SNMP_INCLUDES@ is dropped because useless. Due to a bug in configure.ac, it was properly populated.
2012-06-25build: only define HAVE_SNMPVincent Bernat
NetSNMP is the only SNMP implementation for Quagga. We don't need two different symbols.
2012-06-25build: allow configure and build in a separate directoryVincent Bernat
Some .h files in lib/ are autogenerated. The search path should include the build directory and the source directory. They usually match but sometimes, they may be different. For example: $ mkdir build $ cd build $ ../configure $ make
2012-04-16ospfd: Fixes a crash of the daemon with a snmp walkJorge Boncompte [DTI2]
- And allows to walk the LSDB. Signed-off-by: Jorge Boncompte [DTI2] <jorge@dti2.net>
2012-04-11ospfd: adjust OSPF_ROUTER_LSA_MIN_SIZE for VL caseDenis Ovsienko
2012-03-12ospfd: reduce ospf_verify_header()Denis Ovsienko
Protocol version checks fits ospf_packet_examin() better (like it is implemented in ospf6d), and packet type check is already there.
2012-03-12ospfd: bring ospf_check_auth() into focusDenis Ovsienko
The old ospf_check_auth() function did two different jobs depending on AuType. For Null and Simple cases it actually authenticated the packet, but for Cryptographic case it only checked declared packet size (not taking the actual number of bytes on wire into account). The calling function, ospf_verify_header(), had its own set of MD5/checksum checks dispatched depending on AuType. This commit makes the packet size check work against the real number of bytes and moves it to ospf_packet_examine(). All MD5/checksum verification is now performed in ospf_check_auth() function. * ospf_packet.c * ospf_packet_examin(): check length with MD5 bytes in mind * ospf_verify_header(): remove all AuType-specific code * ospf_check_auth(): completely rewrite
2012-03-12ospfd: introduce ospf_auth_type_str[]Denis Ovsienko
2012-03-12ospfd: fix packet length check for auth/LLS casesDenis Ovsienko
An OSPFv2 packet with trailing data blocks (authentication and/or link-local signaling) failed the recently implemented packet length check, because trailing data length isn't counted in the packet header "length" field. This commit fixes respective check conditions. * ospf_packet.c * ospf_packet_examin(): use "bytesdeclared" instead of "bytesonwire"
2012-03-12ospfd: introduce ospf_lsa_minlen[] (BZ#705)Denis Ovsienko
This commit ports more packet checks to OSPFv2, in particular, LSA size verification and Router-LSA link blocks verification. * ospf_lsa.h: add LSA size macros * ospf_packet.h: add struct ospf_ls_update * ospf_packet.c * ospf_lsa_minlen[]: a direct equivalent of ospf6_lsa_minlen[] * ospf_router_lsa_links_examin(): new function, verifies trailing part of a Router-LSA * ospf_lsa_examin(): new function like ospf6_lsa_examin() * ospf_lsaseq_examin(): new function like ospf6_lsaseq_examin() * ospf_packet_examin(): add type-specific deeper level checks
2012-03-12ospfd: review ospf_check_md5_digest()Denis Ovsienko
Rewrite some pointer arithmetics without the additional variables and move byte order conversion inside the function.
2012-03-12ospfd: review ospf_check_auth()Denis Ovsienko
1. The only purpose of "ibuf" argument was to get stream size, which was always equal to OSPF_MAX_PACKET_SIZE + 1, exactly as initialized in ospf_new(). 2. Fix the packet size check condition, which was incorrect for very large packets, at least in theory.
2012-03-12ospfd: introduce ospf_packet_minlen[] (BZ#705)Denis Ovsienko
This commit ports some of the OSPFv3 packet reception checks to OSPFv2. * ospf_packet.c * ospf_packet_minlen[]: a direct equivalent of ospf6_packet_minlen[] * ospf_packet_examin(): new function designed after the first part of ospf6_packet_examin() * ospf_read(): verify received packet with ospf_packet_examin() * ospf_packet.h: add convenience macros