zebra: fix crash caused by using route-map with "set src"Signed-off-by: Stas Nichiporovich <stas@iptel.by>
Tested-by: NetDEF CI System <cisystem@netdef.org>
ospfd: fix - correct neighbor index on changing/p2p/virtual linksospfd keeps a list of neighbor routers for each configured interface. This
list is indexed using the neighbor router id in case of point-to-point and
virtual link types, otherwise the list is indexed using the neighbor's
source IP (RFC 2328, page 96). The router adds itself as a "pseudo" neighbor
on each link, and also keeps a pointer called (nbr_self) to the neighbor
structure. This takes...
lib: Fix priviledge modification for vty group specifiedWhen attempting to switch runtime permissions over to
the correct group specified for the vty group, if the
user specified to run as does not have that vty group
then do warn about the issue and stop running
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Reported-by: Thomas Martin <tmartincpp@gmail.com>
Tested-by: NetDEF CI System <cisystem@netdef.org>
pimd: Fix hang when doing nexthop lookup from zebraI was running in to a bug when pimd would hang in some cases when
it had to do a nexthop lookup from zebra, such as when a PIM JOIN
was received. This issue could be easily reproduced by running
'show ip rib <ip>' from the pimd vty which forces a nexthop lookup.
The issue is in zclient_read_nexthop, the zclient_read_header function
reads the message content into the stream, but then after that...
zebra: handle multihop nexthop changes properlyThe rib entries are normally added and deleted when they are
changed. However, they are modified in placae when the nexthop
reachability changes. This fixes to:
- properly detect nexthop changes from nexthop_active_update()
calls from rib_process()
- rib_update_kernel() to not reset FIB flags when a RIB entry
is being modifed (old and new RIB are same)
- improves the "show ip route <pr...
ripd: Fix Null pointer dereferenceThe rip_output_process function dereferenced a NULL
pointer. Core file examination showed that tmp_rinfo
was NULL on line 2435. Looking at the last diff
associated with this commit, it was obvious that
a formating mistake had been made in the loop over
the route nodes list of possible paths.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Reported-by: Sebastian Kricner <sebastian.kr...
isisd: ignore unknown interfaces when adjusting IS-IS mtuFor example during startup of isisd, the MTU of interfaces is not
known, since this information will only be available once the
interfaces have been learned from zebra.
It makes no sense to include the MTU 0 that is stored for interfaces
in this state in the consideration whether a new lsp-mtu for an
area is valid, so skip interfaces which are in this state.
Signed-off-by: Christian Franke <n...
isisd: make sure that all interface addresses are advertisedIf the following configuration commands are run interactively in
succession, the ipv6 addresses of this interface won't be advertised
in the router's LSP immediately:
# interface eth0
# ip router isis test
# ipv6 router isis test
This is because the ipv6 router command won't trigger a state change
for the interface and therefore, it won't trigger a regeneration of
the LSPs.
The same...
isisd: fix a crash due to an lsp-mtu issueisisd crashed on startup if it was enabled for an interface with
a too small MTU.
To fix this, we treat this case as an invalid configuration and
disable isis on that interface if that case happens, since it is
a configuration error.
Signed-off-by: Christian Franke <nobody@nowhere.ws>
isisd: work around route table asserts for deleting node with infoThe route table code in lib/table.c triggers an assertion when a route
node with rn->info != NULL reaches refcount 0, probably to avoid
memleaks. In this particular case, this is not an issue, since the
info will be freed by the destructor.
However, since removing this assertion probably requires more
discussion, just make sure that rn->info gets freed and unset before
its refcount is decremen...
quagga: Remove double read of streamThe addition of a MIN(X,Y) with a stream_getc in the Y
causes a double read of the stream due to the way that
MIN is defined.
This fix removes a crash in all protocols.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Revert "bgpd: Lower BGP's default keepalive/holdtime to 3s/9s"This reverts commit f89b09be92bed03b1e5add55dc14ef92e94c52e1.
Martin Winter has reported reliability issues in testing on some platforms.
We need a more comprehensive way to deal with defaults and updating them, e.g.
profiles of some kind.
Defer this change till after next release.
zebra: Fix route deletion on *BSDFix for not handling RTM_CHANGE correctly. This patch change it to
delete/add instead. Using RTM_CHANGE on kernels where it works is better,
but is left as an exercise for developer who has access and will to fix it
on *BSD.
[ed note: collaboration with Martin Winter]
configure: Fix warnings on CentOS and bump the minimum autoconf version* configure.ac: Bump the minimum version to 2.60 as needed by
AC_USE_SYSTEM_EXTENSIONS. AC 2.60 is nearly 10 years old, note. Add
AC_PROG_RANLIB, for when --disable-shared is used.
There are other warnings on, e.g., CentOS 6.7 with 2.63, but they
don't go away if the suggestion to add AC_SYSTEM_EXTENSIONS is
followed. This warning doesn't occur on Fedora with AC 2.69.
Note: auto...
doc: older versions of texinfo seem to be sensitive to location of unmacro* bgpd.texi: The unmacro of mprec seems to be disliked by older texinfos.
Moving it to after the section fixes it. Even easier, just don't undef the
macro.
doc: Distribute a modern version of texinfo.tex with the docs* doc/texinfo.tex: Ship a more recent texinfo.tex, from texinfo 6.1, so we
don't have to worry about that. E.g., this should allow UTF-8 unicode
chars to be used directly in the text.
* doc/Makefile.am: Add previous to EXTRA_DIST
distro/redhat: Update to support CentOS/RHEL/Fedora, upstart/init/systemd* redhat/quagga.spec.in: Update to support CentOS, RHEL and Fedora, and
support the various init systems across different versions of these
distros, e.g. upstart/init/systemd.
Clean up various warnings from rpmlint.
Remove configure options that are gone.
A few edits and commit message by:
Paul Jakma <paul.jakma@hpe.com> / <paul@jakma.org>
configure.ac: remove -dev in version* configure.ac: Remove the -dev suffix from the version, some package
systems at least do not like non-numeric strings in package versions
(e.g., rpm, which I often use in testing Quagga).
TODO: Work out some sensible scheme for semi-autogenerating the version
perhaps via git describe. The --with-pkg-git-version doesn't affect the
tarball name.
distro/redhat/rpm: remove with_ipv6, package pimd binary, remove pam stack* redhat/quagga.spec.in: remove with_ipv6, it should just be the norm now.
The actual pimd binary wasn't being packaged, fix.
Remove deprecated pam.stack support.
* redhat/quagga.pam.stack: ancient, nuke.
* Makefile.am: ditto
distro: fix redhat/quagga.spec.in* quagga.spec.in: Add default for with_pimd macro.
Remove ancient condtional on quagga_buildreqs.
More recent rpmbuild complains about too many levels of recursion in
quagga_buildreqs, so use %{expand:..}.
Actually use quagga_buildreqs in BuildRequires!
groff is needed for build.
texi2html --number argument has disappeared, split into 2.
Acked-by: Donald Sharp <sharpd at cumulusnet...
lib: fix vrf_bitmap leak in zclient_free()zclient_stop(), which is used as antagonist to zclient_init(), needs to
undo the vrf_bitmap allocation. Otherwise zclient_init() will leak the
allocated memory, for example when zclient_reset() is used.
Reported-by: Lou Berger <lberger@labn.net>
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
bgpd: Fix crash reported by NetDEF CIThis patch is part of the previously submitted
patch set on VPN and Encap SAFIs. It fixes
an issue identified by NetDEF CI.
Ensure temp stack structures are initialized
Add protection against double frees / post
free access to bgp_attr_flush
Signed-off-by: Lou Berger <lberger@labn.net>
lib: Check prefix length from zebra is sensible* zclient.c: prefix length on router-id and interface address add
messages not sanity checked. fix.
* */*_zebra.c: Prefix length on zebra route read was not checked, and
clients use it to write to storage. An evil zebra could overflow
client structures by sending overly long prefixlen.
Prompted by discussions with:
Donald Sharp <sharpd@cumulusnetworks.com>
lib: zclient can overflow (struct interface) hw_addr if zebra is evil* lib/zclient.c: (zebra_interface_if_set_value) The hw_addr_len field
is used as trusted input to read off the hw_addr and write to the
INTERFACE_HWADDR_MAX sized hw_addr field. The read from the stream is
bounds-checked by the stream abstraction, however the write out to the
heap can not be.
Tighten the supplied length to stream_get used to do the write.
Impact: a malicious zebr...
bgpd: Remove the double-pass parsing of NLRIs* bgpd parses NLRIs twice, a first pass "sanity check" and then a second pass
that changes actual state. For most AFI/SAFIs this is done by
bgp_nlri_sanity_check and bgp_nlri_parse, which are almost identical.
As the required action on a syntactic error in an NLRI is to NOTIFY and
shut down the session, it should be acceptable to just do a one pass
parse. There is no need to atomica...
bgpd: Regularise bgp_update_receive, add missing notifies and checks* bgp_packet.c: (bgp_update_receive) Lots of repeated code, doing same
thing for each AFI/SAFI. Except when it doesn't, e.g. the IPv4/VPN
case was missing the EoR bgp_clear_stale_route call - the only action
really needed for EoR.
Make this function a lot more regular, using common, AFI/SAFI
independent blocks so far as possible.
Replace the 4 separate bgp_nlris with an array, i...
bgpd: Regularise BGP NLRI sanity checks a bit* bgp_route.h: (bgp_nlri_sanity_check) The bulk of the args are equivalent
to a (struct bgp_nlri), consolidate.
* bgp_route.c: (bgp_nlri_sanity_check) Make this a frontend for all afi/safis.
Including SAFI_MPLS_LABELED_VPN.
(bgp_nlri_sanity_check_ip) Regular IP NLRI sanity check based on the
existing code, and adjusted for (struct bgp_nlri *) arg.
* bgp_attr.c: (bgp_mp_reach_parse) Adju...
bgpd: make bgp_nlri_parse_encap conform with other nlri_parse funcs* bgp_encap.{c,h} (bgp_nlri_parse_encap) afi is already in the NLRI argument.
update or withdraw is signalled by attr being non-NULL or NULL.
* bgp_packet.c: (update_receive) fixup to match, and also make the attr
argument conform with NLRI_ATTR_ARG for correct error handling on
optional, transitive, partial, attributes.
bgpd: Fix Null pointer dereference in bgp_info_mpath_updatebgp_info_mpath_update is called with new_best == NULL, this
causes the dereference of new_best in order to get at the mpath_cfg.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
bgpd: Modify maxpaths cli's to use MULTIPATH_NUM for rangeModify the various maxpath commands to use MULTIPATH_NUM
as the upper limit of allowed max paths in BGP. There
is no point in allowing a number of maximum paths greater
than what Quagga is compiled for.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Tested-by: NetDEF CI System <cisystem@netdef.org>
lib: Add CMD_RANGE_STR macro to command.hAllow the auto-generation of a "<X-Y>" string for cli handline.
Where X or Y can be a #define.
CMD_RANGE_STR(LOW, HIGH) translates to:
"<4-99>"
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
zebra, bgpd: Fixup MULTIPATH_NUM usage to not consider 0The code has spots where MULTIPATH_NUM set to 0 is equal to 64.
Now that MULTIPATH_NUM is set from the makefile to never be 0,
remove the code that depends on this.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
build: Rework how MULTIPATH_NUM is delivered to buildChanges made here:
1) MULTIPATH_NUM will never be 0. If user specifies --enable-multipath=0
then this translates to MULTIPATH_NUM being set to 64 inside of the build
system.
2) Move MULTIPATH_NUM from a Makefile construct to a config.h construct.
3) Allowed MULTIPATH_NUM to be a number > 99 but < 1000
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
ospfd: Remove HAVE_OSPF_TERemove from ospf the HAVE_OSPF_TE define and just always have
ospf traffic engineering.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Tested-by: NetDEF CI System <cisystem@netdef.org>
ospfd: Remove HAVE_OPAQUE_LSAHAVE_OPAQUE_LSA is used by default and you have to actively turn it off
except that OPAQUE_LSA is an industry standard and used pretty much
everywhere. There is no need to have special #defines for this anymore.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
doc, vtysh: Fixup of history handlingThis fix does two things:
1) If the ${HOME}/.history_quagga file does not exist, create it
for history storing.
2) Allow vtysh -c "..." commands to be stored in history file
as well
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
lib, zebra: unify link layer type and hardware address handlingThis removes the BSD specific usage of struct sockaddr_dl
hardware address. This unifies to use explict hw_addr member for
the address, and zebra specific enumeration for the link layer
type.
Additionally the zapi is updated to never send platform specific
structures over the wire, but the ll_type along with hw_addr_len
and hw_addr are now sent for all platforms.
Based on initial work by Paul...
zebra: remove metric from kernelIt simplifies things as we can do atomic replace of route prefix.
And it seems there's some race condition somewhere that can result
in an incorrect change request leaving prefixes in kernel when
they were intended to be replaced/deleted.
Signed-off-by: Timo Teräs <timo.teras@iki.fi>
Acked-by: Donald Sharp <sharpd@cumulusnetworks.com>
zebra: support FIB override routesFIB override routes are for routing protocols that establish
shortcut routes, or establish point-to-point routes that should
not be redistributed. Namely this is useful NHRP daemon to come.
Zebra is extended to select two entries from RIB the "best" entry
from routing protocols, and the FIB entry to install to kernel.
FIB override routes are never selected as best entry, and thus
are never adv...
zebra: use link scope for interface routesIn linux, 'scope' is a hint of distance of the IP. And this is
evident from the fact that only lower scope can be used as recursive
via lookup result. This changes all interface routes scope to link
so kernel will allow regular routes to use it as via. Then we do
not need to use the 'onlink' attribute.
Signed-off-by: Timo Teräs <timo.teras@iki.fi>
zebra: atomic FIB updatesThis commit updates the kernel API so that route changes are
atomically updated using change/replaces messages instead
of first sending a withdraw followed with update.
Same for zclient updates, changes are sent as single ADD
instead of DELETE + ADD.
Signed-off-by: Timo Teräs <timo.teras@iki.fi>
lib, bgpd: Remove 'struct fifo' from lib/zebra.hThe 'struct fifo' and it's accompanying #defines do not
belong in lib/zebra.h. Move them into their own header.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>