vtysh: Use HOME environment variable to get homedir and only fallback to passed entry if no HOME is definedSnap packages have a local HOME defined inside the SNAP container, but don't get access to passwd entry.
zebra: fix crash caused by using route-map with "set src"Signed-off-by: Stas Nichiporovich <stas@iptel.by>
Tested-by: NetDEF CI System <cisystem@netdef.org>
ospfd: fix - correct neighbor index on changing/p2p/virtual linksospfd keeps a list of neighbor routers for each configured interface. This
list is indexed using the neighbor router id in case of point-to-point and
virtual link types, otherwise the list is indexed using the neighbor's
source IP (RFC 2328, page 96). The router adds itself as a "pseudo" neighbor
on each link, and also keeps a pointer called (nbr_self) to the neighbor
structure. This takes...
lib: Fix priviledge modification for vty group specifiedWhen attempting to switch runtime permissions over to
the correct group specified for the vty group, if the
user specified to run as does not have that vty group
then do warn about the issue and stop running
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Reported-by: Thomas Martin <tmartincpp@gmail.com>
Tested-by: NetDEF CI System <cisystem@netdef.org>
pimd: Fix hang when doing nexthop lookup from zebraI was running in to a bug when pimd would hang in some cases when
it had to do a nexthop lookup from zebra, such as when a PIM JOIN
was received. This issue could be easily reproduced by running
'show ip rib <ip>' from the pimd vty which forces a nexthop lookup.
The issue is in zclient_read_nexthop, the zclient_read_header function
reads the message content into the stream, but then after that...
zebra: handle multihop nexthop changes properlyThe rib entries are normally added and deleted when they are
changed. However, they are modified in placae when the nexthop
reachability changes. This fixes to:
- properly detect nexthop changes from nexthop_active_update()
calls from rib_process()
- rib_update_kernel() to not reset FIB flags when a RIB entry
is being modifed (old and new RIB are same)
- improves the "show ip route <pr...
ripd: Fix Null pointer dereferenceThe rip_output_process function dereferenced a NULL
pointer. Core file examination showed that tmp_rinfo
was NULL on line 2435. Looking at the last diff
associated with this commit, it was obvious that
a formating mistake had been made in the loop over
the route nodes list of possible paths.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Reported-by: Sebastian Kricner <sebastian.kr...
isisd: ignore unknown interfaces when adjusting IS-IS mtuFor example during startup of isisd, the MTU of interfaces is not
known, since this information will only be available once the
interfaces have been learned from zebra.
It makes no sense to include the MTU 0 that is stored for interfaces
in this state in the consideration whether a new lsp-mtu for an
area is valid, so skip interfaces which are in this state.
Signed-off-by: Christian Franke <n...
isisd: make sure that all interface addresses are advertisedIf the following configuration commands are run interactively in
succession, the ipv6 addresses of this interface won't be advertised
in the router's LSP immediately:
# interface eth0
# ip router isis test
# ipv6 router isis test
This is because the ipv6 router command won't trigger a state change
for the interface and therefore, it won't trigger a regeneration of
the LSPs.
The same...
isisd: fix a crash due to an lsp-mtu issueisisd crashed on startup if it was enabled for an interface with
a too small MTU.
To fix this, we treat this case as an invalid configuration and
disable isis on that interface if that case happens, since it is
a configuration error.
Signed-off-by: Christian Franke <nobody@nowhere.ws>
isisd: work around route table asserts for deleting node with infoThe route table code in lib/table.c triggers an assertion when a route
node with rn->info != NULL reaches refcount 0, probably to avoid
memleaks. In this particular case, this is not an issue, since the
info will be freed by the destructor.
However, since removing this assertion probably requires more
discussion, just make sure that rn->info gets freed and unset before
its refcount is decremen...
quagga: Remove double read of streamThe addition of a MIN(X,Y) with a stream_getc in the Y
causes a double read of the stream due to the way that
MIN is defined.
This fix removes a crash in all protocols.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Revert "bgpd: Lower BGP's default keepalive/holdtime to 3s/9s"This reverts commit f89b09be92bed03b1e5add55dc14ef92e94c52e1.
Martin Winter has reported reliability issues in testing on some platforms.
We need a more comprehensive way to deal with defaults and updating them, e.g.
profiles of some kind.
Defer this change till after next release.
zebra: Fix route deletion on *BSDFix for not handling RTM_CHANGE correctly. This patch change it to
delete/add instead. Using RTM_CHANGE on kernels where it works is better,
but is left as an exercise for developer who has access and will to fix it
on *BSD.
[ed note: collaboration with Martin Winter]
configure: Fix warnings on CentOS and bump the minimum autoconf version* configure.ac: Bump the minimum version to 2.60 as needed by
AC_USE_SYSTEM_EXTENSIONS. AC 2.60 is nearly 10 years old, note. Add
AC_PROG_RANLIB, for when --disable-shared is used.
There are other warnings on, e.g., CentOS 6.7 with 2.63, but they
don't go away if the suggestion to add AC_SYSTEM_EXTENSIONS is
followed. This warning doesn't occur on Fedora with AC 2.69.
Note: auto...
doc: older versions of texinfo seem to be sensitive to location of unmacro* bgpd.texi: The unmacro of mprec seems to be disliked by older texinfos.
Moving it to after the section fixes it. Even easier, just don't undef the
macro.
doc: Distribute a modern version of texinfo.tex with the docs* doc/texinfo.tex: Ship a more recent texinfo.tex, from texinfo 6.1, so we
don't have to worry about that. E.g., this should allow UTF-8 unicode
chars to be used directly in the text.
* doc/Makefile.am: Add previous to EXTRA_DIST
distro/redhat: Update to support CentOS/RHEL/Fedora, upstart/init/systemd* redhat/quagga.spec.in: Update to support CentOS, RHEL and Fedora, and
support the various init systems across different versions of these
distros, e.g. upstart/init/systemd.
Clean up various warnings from rpmlint.
Remove configure options that are gone.
A few edits and commit message by:
Paul Jakma <paul.jakma@hpe.com> / <paul@jakma.org>
configure.ac: remove -dev in version* configure.ac: Remove the -dev suffix from the version, some package
systems at least do not like non-numeric strings in package versions
(e.g., rpm, which I often use in testing Quagga).
TODO: Work out some sensible scheme for semi-autogenerating the version
perhaps via git describe. The --with-pkg-git-version doesn't affect the
tarball name.
distro/redhat/rpm: remove with_ipv6, package pimd binary, remove pam stack* redhat/quagga.spec.in: remove with_ipv6, it should just be the norm now.
The actual pimd binary wasn't being packaged, fix.
Remove deprecated pam.stack support.
* redhat/quagga.pam.stack: ancient, nuke.
* Makefile.am: ditto
distro: fix redhat/quagga.spec.in* quagga.spec.in: Add default for with_pimd macro.
Remove ancient condtional on quagga_buildreqs.
More recent rpmbuild complains about too many levels of recursion in
quagga_buildreqs, so use %{expand:..}.
Actually use quagga_buildreqs in BuildRequires!
groff is needed for build.
texi2html --number argument has disappeared, split into 2.
Acked-by: Donald Sharp <sharpd at cumulusnet...
lib: fix vrf_bitmap leak in zclient_free()zclient_stop(), which is used as antagonist to zclient_init(), needs to
undo the vrf_bitmap allocation. Otherwise zclient_init() will leak the
allocated memory, for example when zclient_reset() is used.
Reported-by: Lou Berger <lberger@labn.net>
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
bgpd: Fix crash reported by NetDEF CIThis patch is part of the previously submitted
patch set on VPN and Encap SAFIs. It fixes
an issue identified by NetDEF CI.
Ensure temp stack structures are initialized
Add protection against double frees / post
free access to bgp_attr_flush
Signed-off-by: Lou Berger <lberger@labn.net>
lib: Check prefix length from zebra is sensible* zclient.c: prefix length on router-id and interface address add
messages not sanity checked. fix.
* */*_zebra.c: Prefix length on zebra route read was not checked, and
clients use it to write to storage. An evil zebra could overflow
client structures by sending overly long prefixlen.
Prompted by discussions with:
Donald Sharp <sharpd@cumulusnetworks.com>
lib: zclient can overflow (struct interface) hw_addr if zebra is evil* lib/zclient.c: (zebra_interface_if_set_value) The hw_addr_len field
is used as trusted input to read off the hw_addr and write to the
INTERFACE_HWADDR_MAX sized hw_addr field. The read from the stream is
bounds-checked by the stream abstraction, however the write out to the
heap can not be.
Tighten the supplied length to stream_get used to do the write.
Impact: a malicious zebr...
bgpd: Remove the double-pass parsing of NLRIs* bgpd parses NLRIs twice, a first pass "sanity check" and then a second pass
that changes actual state. For most AFI/SAFIs this is done by
bgp_nlri_sanity_check and bgp_nlri_parse, which are almost identical.
As the required action on a syntactic error in an NLRI is to NOTIFY and
shut down the session, it should be acceptable to just do a one pass
parse. There is no need to atomica...
bgpd: Regularise bgp_update_receive, add missing notifies and checks* bgp_packet.c: (bgp_update_receive) Lots of repeated code, doing same
thing for each AFI/SAFI. Except when it doesn't, e.g. the IPv4/VPN
case was missing the EoR bgp_clear_stale_route call - the only action
really needed for EoR.
Make this function a lot more regular, using common, AFI/SAFI
independent blocks so far as possible.
Replace the 4 separate bgp_nlris with an array, i...
bgpd: Regularise BGP NLRI sanity checks a bit* bgp_route.h: (bgp_nlri_sanity_check) The bulk of the args are equivalent
to a (struct bgp_nlri), consolidate.
* bgp_route.c: (bgp_nlri_sanity_check) Make this a frontend for all afi/safis.
Including SAFI_MPLS_LABELED_VPN.
(bgp_nlri_sanity_check_ip) Regular IP NLRI sanity check based on the
existing code, and adjusted for (struct bgp_nlri *) arg.
* bgp_attr.c: (bgp_mp_reach_parse) Adju...
bgpd: make bgp_nlri_parse_encap conform with other nlri_parse funcs* bgp_encap.{c,h} (bgp_nlri_parse_encap) afi is already in the NLRI argument.
update or withdraw is signalled by attr being non-NULL or NULL.
* bgp_packet.c: (update_receive) fixup to match, and also make the attr
argument conform with NLRI_ATTR_ARG for correct error handling on
optional, transitive, partial, attributes.
Martin Winter
Igor Ryzhov
Paul Jakma
Paul Jakma
