summaryrefslogtreecommitdiff
path: root/ospfd
AgeCommit message (Collapse)Author
2012-06-25snmp: let handlers accept OID from a lesser prefixVincent Bernat
Most table handlers do not expect to be given an OID whose prefix is outside what they can handle. This is not a problem with the SMUX implementation since it always correct the OID such that the prefix matches. However, this is not the case for the AgentX implementation. A new function, smux_header_table() is used to do this normalization.
2012-06-25agentx: handle SNMP trapsVincent Bernat
smux_trap() signature has been changed to provide appropriate level information to send SNMPv2 notifications. This includes the addition of the enterprise OID to use (from which is derived the SNMP trap OID) and the MIB registry to locate the appropriate function for variable bindings provided by the trap. The SMUX implementation has been updated but ignore the provided enterprise OID. Instead, it still uses the SMUX peer OID to keep compatibility with previous versions of Quagga. The SMUX implementation also ignores the provided MIB registry since it uses smux_get() function to grab the appropriate values. This is not possible with the AgentX implementation since there is no such function provided by NetSNMP.
2012-06-25smux: drop findVar element from trap object structVincent Bernat
This element was not unused.
2012-06-25smux: remove `tick` argument from smux_trap()Vincent Bernat
smux_trap() contains an argument whose use appears to be to set sysUpTime.0/timestamp field in SNMP trap. However, this value is not used in smux_trap(). Moreover, it is expected that this field is the value of sysUpTime.0 when the trap was sent and not any other time related to the trap. To avoid any confusion, we remove this field from the signature of the function.
2012-06-25build: use net-snmp-config to configure NetSNMPVincent Bernat
The correct method to link to NetSNMP is to use net-snmp-config (which is like pkg-config). Explicit link to libcrypto is also dropped (NetSNMP libs are linked to libcrypto, no need to link Quagga to it). Moreover, @SNMP_INCLUDES@ is dropped because useless. Due to a bug in configure.ac, it was properly populated.
2012-06-25build: only define HAVE_SNMPVincent Bernat
NetSNMP is the only SNMP implementation for Quagga. We don't need two different symbols.
2012-06-25build: allow configure and build in a separate directoryVincent Bernat
Some .h files in lib/ are autogenerated. The search path should include the build directory and the source directory. They usually match but sometimes, they may be different. For example: $ mkdir build $ cd build $ ../configure $ make
2012-04-16ospfd: Fixes a crash of the daemon with a snmp walkJorge Boncompte [DTI2]
- And allows to walk the LSDB. Signed-off-by: Jorge Boncompte [DTI2] <jorge@dti2.net>
2012-04-11ospfd: adjust OSPF_ROUTER_LSA_MIN_SIZE for VL caseDenis Ovsienko
2012-03-12ospfd: reduce ospf_verify_header()Denis Ovsienko
Protocol version checks fits ospf_packet_examin() better (like it is implemented in ospf6d), and packet type check is already there.
2012-03-12ospfd: bring ospf_check_auth() into focusDenis Ovsienko
The old ospf_check_auth() function did two different jobs depending on AuType. For Null and Simple cases it actually authenticated the packet, but for Cryptographic case it only checked declared packet size (not taking the actual number of bytes on wire into account). The calling function, ospf_verify_header(), had its own set of MD5/checksum checks dispatched depending on AuType. This commit makes the packet size check work against the real number of bytes and moves it to ospf_packet_examine(). All MD5/checksum verification is now performed in ospf_check_auth() function. * ospf_packet.c * ospf_packet_examin(): check length with MD5 bytes in mind * ospf_verify_header(): remove all AuType-specific code * ospf_check_auth(): completely rewrite
2012-03-12ospfd: introduce ospf_auth_type_str[]Denis Ovsienko
2012-03-12ospfd: fix packet length check for auth/LLS casesDenis Ovsienko
An OSPFv2 packet with trailing data blocks (authentication and/or link-local signaling) failed the recently implemented packet length check, because trailing data length isn't counted in the packet header "length" field. This commit fixes respective check conditions. * ospf_packet.c * ospf_packet_examin(): use "bytesdeclared" instead of "bytesonwire"
2012-03-12ospfd: introduce ospf_lsa_minlen[] (BZ#705)Denis Ovsienko
This commit ports more packet checks to OSPFv2, in particular, LSA size verification and Router-LSA link blocks verification. * ospf_lsa.h: add LSA size macros * ospf_packet.h: add struct ospf_ls_update * ospf_packet.c * ospf_lsa_minlen[]: a direct equivalent of ospf6_lsa_minlen[] * ospf_router_lsa_links_examin(): new function, verifies trailing part of a Router-LSA * ospf_lsa_examin(): new function like ospf6_lsa_examin() * ospf_lsaseq_examin(): new function like ospf6_lsaseq_examin() * ospf_packet_examin(): add type-specific deeper level checks
2012-03-12ospfd: review ospf_check_md5_digest()Denis Ovsienko
Rewrite some pointer arithmetics without the additional variables and move byte order conversion inside the function.
2012-03-12ospfd: review ospf_check_auth()Denis Ovsienko
1. The only purpose of "ibuf" argument was to get stream size, which was always equal to OSPF_MAX_PACKET_SIZE + 1, exactly as initialized in ospf_new(). 2. Fix the packet size check condition, which was incorrect for very large packets, at least in theory.
2012-03-12ospfd: introduce ospf_packet_minlen[] (BZ#705)Denis Ovsienko
This commit ports some of the OSPFv3 packet reception checks to OSPFv2. * ospf_packet.c * ospf_packet_minlen[]: a direct equivalent of ospf6_packet_minlen[] * ospf_packet_examin(): new function designed after the first part of ospf6_packet_examin() * ospf_read(): verify received packet with ospf_packet_examin() * ospf_packet.h: add convenience macros
2012-03-12ospfd: fix ospf_packet_add_top() to use LOOKUP()Denis Ovsienko
2012-03-12ospfd: use LOOKUP() for ospf_packet_type_strDenis Ovsienko
* ospf_packet.h: add proper str/max extern declarations * ospf_packet.c * ospf_packet_type_str: rewrite in "struct message", add max value * ospf_packet_add(): use LOOKUP() * ospf_write(): ditto * ospf_hello(): ditto * ospf_read(): ditto * ospf_dump.h: the declaration does not belong here * ospf_dump.c * ospf_header_dump(): use LOOKUP() * show_debugging_ospf(): ditto
2012-01-23fix zebra protocol after MP-BGP changesDenis Ovsienko
The previous commits modified both zebra and bgpd for additional SAFI field, but not any other routing daemon, which led to zebra daemon crashing with failed assertion.
2012-01-08ospfd: use IS_LSA_SELF() where appropriateDenis Ovsienko
2012-01-08ospfd: justify ospf_default_originate_timer()Denis Ovsienko
The function is implemented in ospf_lsa.c, move its "extern" declaration to ospf_lsa.h for consistency.
2012-01-08ospfd: address more trivial compiler warningsDenis Ovsienko
* ospf_ase.c * ospf_ase_complete_direct_routes(): dismiss unused variable
2012-01-06general: remove inline qualifiers and move in-header functions to objectsPaul Jakma
* (general) Move functions in headers into files, to be compiled into shared object files. Remove inline qualifier from functions. Let the compiler do the work.
2012-01-02lib: fix some strtoul() use casesUlrich Weber
...otherwise 4294967295 is not a valid value on 32bit systems
2012-01-02ospfd: fix bug in NSSA ABR status checkDenis Ovsienko
* ospf_abr.c * ospf_abr_nssa_am_elected(): feed "best" instead of "address of best" into IPV4_ADDR_CMP(), because "best" is a pointer; also, mean s_addr field of the structures to get better typed pointers
2012-01-02ospfd: fix packet reception for FreeBSD 10.Dmitrij Tejblum
* ospf_packet.c (ospf_recv_packet): FreeBSD, starting from version 10, will not subtract the IP header size from ip_len. This is the patch from FreeBSD's ports/net/quagga/files/patch-ospfd__ospf_packet.c, by Boris Kovalenko.
2011-12-21ospfd: more info in LSA checksum warning (BZ#685)Jaroslav Fojtik
2011-12-13lib: put route_types.txt to real useDavid Lamparter
this replaces most occurences of routing protocol lists by preprocessor defines from route_types.h. the latter is autogenerated from route_types.txt by a perl script (previously awk). adding a routing protocol now is mostly a matter of changing route_types.txt and log.c. Conflicts: lib/route_types.awk
2011-12-13build: delete .cvsignore filesDenis Ovsienko
2011-12-13ospfd: spellingDenis Ovsienko
2011-12-13quagga: option "-z" ("--socket <path>") addedVyacheslav Trushkin
All daemons modified to support custom path to zserv socket. lib: generalize a zclient connection zclient_socket_connect added. zclient_socket and zclient_socket_un were hidden under static expression. "zclient_serv_path_set" modified.
2011-12-07ospfd: remove unused codeStephen Hemminger
The code for nssa_range and other bits that were written but never used.
2011-12-06ospfd: avoid redundant lookup in ospf_redistribute_withdrawStephen Hemminger
The old algorithim looked up every node twice as it withdrew the entry. It looks up entry once in redistribute_withdraw, then looks it up again info_delete. Use result of first lookup to do the free directly. This may explain the slow performance observed in https://bugzilla.vyatta.com/show_bug.cgi?id=4421
2011-11-15ospfd: improve fix to CVE-2011-3326 (BZ#586)Thomas Ries
Make ospf_flood() propagate error returned by ospf_lsa_install() further to properly discard the malformed LSA, not just prevent the immediate crash.
2011-09-29ospfd: fix regression in recent commitYAMAMOTO Shigeru
commit '717750433839762d23a5f8d88fe0b4d57c8d490a' causes SEGV error, when 'oi = ospf_if_lookup_recv_if (ospf, iph->ip_src, ifp);' returns NULL. * ospf_packet.c * ospf_read(): change a place of calling 'ospf_verify_header()'
2011-09-27ospfd: remove unused macroDenis Ovsienko
2011-09-27ospfd: spellingDenis Ovsienko
2011-09-27ospfd: use existing macro for consistencyDenis Ovsienko
2011-09-27ospfd: sizing macros cleanupDenis Ovsienko
* ospf_spf.c * ROUTER_LSA_TOS_SIZE: prepend OSPF_ and move to ospf_lsa.h * ROUTER_LSA_MIN_SIZE: replace with existing OSPF_ROUTER_LSA_LINK_SIZE
2011-09-27lib: simplify interface of setsockopt_multicast_ipv4().Dmitrij Tejblum
* sockopt.[ch] (setsockopt_ipv4_multicast): ifindex is now mandatory (all non-ancient OSes can use it anyway), and if_addr parameter (the address of the interface) is now gone. (setsockopt_ipv4_multicast_if): IP_MULTICAST_IF processing moved to this new function * ospf_network.c (ospf_if_add_allspfrouters, ospf_if_drop_allspfrouters, ospf_if_add_alldrouters, ospf_if_drop_alldrouters, ospf_if_ipmulticast), rip_interface.c (ipv4_multicast_join, ipv4_multicast_leave, rip_interface_new): adapt to the new interface
2011-09-27ospfd: remove useless RFC1583 checkAlexandre Chappuis
* ospf_route.c: Function ospf_asbr_route_cmp is called uniquely from ospf_route_cmp() when the flag OSPF_RFC1583_COMPATIBLE is not set. Therefore, the check that the flag is set doesn't make sense at all and it can consequently be removed without doing any harm. Signed-off-by: Alexandre Chappuis <alc@open.ch> Signed-off-by: Roman Hoog Antink <rha@open.ch>
2011-09-26ospfd: CVE-2011-3325 part 2 (OSPF pkt type segv)Denis Ovsienko
This vulnerability (CERT-FI #514838) was reported by CROSS project. The error is reproducible only when ospfd debugging is enabled: * debug ospf packet all * debug ospf zebra When incoming packet header type field is set to 0x0a, ospfd will crash. * ospf_packet.c * ospf_verify_header(): add type field check * ospf_read(): perform input checks early
2011-09-26ospfd: CVE-2011-3325 part 1 (OSPF header underrun)Denis Ovsienko
This vulnerability (CERT-FI #514838) was reported by CROSS project. When only 14 first bytes of a Hello packet is delivered, ospfd crashes. * ospf_packet.c * ospf_read(): add size check
2011-09-26ospfd: CVE-2011-3326 (uknown LSA type segfault)CROSS
This vulnerability (CERT-FI #514837) was reported by CROSS project. They have also suggested a fix to the problem, which was found acceptable. Quagga ospfd does not seem to handle unknown LSA types in a Link State Update message correctly. If LSA type is something else than one supported by Quagga, the default handling of unknown types leads to an error. * ospf_flood.c * ospf_flood(): check return value of ospf_lsa_install()
2011-07-13Merge remote-tracking branch 'polymorf/master'Greg Troxel
2011-04-13ospf: Fix OSPF API and ospf-te LSA refreshers to match recent API changePaul Jakma
* ospf_apiserver.{c,h}: (ospf_apiserver_lsa_refresher) refreshers must now return the refreshed LSA. * ospf_te.{c,h}: (ospf_mpls_te_lsa_refresh) ditto * ospf_api.c: trivial compiler warning fix
2011-03-22ospfd: Compile fix for opaque supportPaul Jakma
* ospfd: Refresher logic cleanup broke OSPF opaque, which does its own thing with regard to refresher logic and which also, in the protocol, requires implementations to keep state of which OI an LSA is received on (rather than providing information in the LSA to allow it to be looked up - as other LSAs requiring such assocation were careful to do). * ospf_lsa.h: (struct ospf_interface) Add back the pointer to oi, but only for type-9 now. * ospf_nsm.c: (ospf_db_summary_add) check the oi actually exists first - doesn't obviate the need for opaque to ensure oi pointers get cleaned up when ospf_interfaces disappear. * ospf_opaque.{c,h}: (ospf_opaque_functab,ospf_opaque_lsa_refresh) Refresher LSA functions now need to return the LSA to the general refresh logic, to indicate whether the LSA was refreshed.
2010-12-08ospfd: Remove oi field from LSA, have network_lsa_refresh look up when neededPaul Jakma
* ospf_lsa.h: (struct ospf_lsa) remove oi pointer * ospf_lsa.c: (ospf_network_lsa_refresh) instead of keeping a pointer, just lookup the oi when it's needed. This decouples network LSA from oi lifetime and avoids having to invalidate pointers in LSAs when an oi changes, simplifying the code.
2010-12-08ospfd: potential fix for router-id change assert on refresh cleanup patchPaul Jakma
* ospf_lsa.c: (various) unregister LSAs from refresher before flushing.