minimize diffs between the base debian files and each backport to the
changes that actually matter, so that they aren't lost in the noise of
capitalization and ordering differences.
this removes some cruft -- old/outdated/incorrect information,
trailing whitespace, etc., and updates the descriptions. Some small
changes were made where appropriate to minimize the diff between the
base control file and those of the various backports.
precise/trusty: don't attempt to install pimd or ldpd manuals
Neither of these daemons are installed on 14.04, leading to build
failures now that the man pages are excluded from the Makefiles when
the daemons aren't enabled for install.
backports: error out on upstream/downstream version mismatch
The quilt source format expects the upstream tarball's version to
correspond roughly to the debian version of the package, and errors
will be thrown (at unpack time, in our case) if it doesn't. Do a
sanity check when we're building the source package to make sure they
match up.
Silas McCroskey [Tue, 14 Feb 2017 17:48:57 +0000 (00:48 +0700)]
backports: symlink identical files
Testing-done: built all backports in schroots and VMs
made files identical between different backports symlinks
to the ones for the more recent distribution, and updated
relevant tar invocations to follow symlinks.
Silas McCroskey [Tue, 14 Feb 2017 17:34:42 +0000 (00:34 +0700)]
debian: add pkg-config to build-depends
Testing-done: `--add-depends pkg-config' sbuild
The dependency on pkg-config was introduced recently, and
missed because it's in our schroots by default. Need to add
it for other build environments (e.g. ubuntu schroots).
Silas McCroskey [Tue, 14 Feb 2017 15:48:19 +0000 (22:48 +0700)]
debian: move ubuntu 16.04 files into new backports system
Added 'debian/patches' to the exclude file, since the existing patches
interfere with the build and are unused by our build. No other
changes were necessary. Used '-0~ubuntu16.04+1' as the version
extention, to denote: no patches (-0), debian packaging files changed
for backport (+1).
Signed-off-by: Silas McCroskey <smccroskey@cumulusnetworks.com> Signed-off-by: Martin Winter <mwinter@opensourcerouting.org>
Silas McCroskey [Tue, 14 Feb 2017 15:44:17 +0000 (22:44 +0700)]
debian: move ubuntu 14.04 files into new backports system
`git diff'ed the main (cmaster) branch against the 14.04 branch
to determine changed debian files, then pulled them into
debian/backports via `git cat-file'. Added 'debian/patches' to
the exclude file, since the existing patches interfere with the
build and are unused by our build. Used '-0~ubuntu14.04+1' as
the version extention, to denote: no patches (-0), debian
packaging files changed for backport (+1).
Original commit by Silas with updates on fork name by Martin
Signed-off-by: Martin Winter <mwinter@opensourcerouting.org>
Silas McCroskey [Tue, 14 Feb 2017 15:34:56 +0000 (22:34 +0700)]
debian: move ubuntu 12.04 files into new backports system
`git diff'ed the main (cmaster) branch against the 12.04 branch
to determine changed debian files, then pulled them into
debian/backports via `git cat-file'. Added 'debian/patches' to
the exclude file, since the existing patches interfere with the
build and are unused by our build. Used '-0~ubuntu12.04+1' as
the version extention, to denote: no patches (-0), debian
packaging files changed for backport (+1).
Original commit by Silas with updates on fork name by Martin
Signed-off-by: Martin Winter <mwinter@opensourcerouting.org>
Silas McCroskey [Tue, 14 Feb 2017 12:04:10 +0000 (19:04 +0700)]
debian/backports: include in distfile, don't put files in ..
Testing-done: ran 'make dist', unpacked elsewhere, built from result
Adjusted target to build the .orig.tar.gz accordingly, since it must
exclude the debian/ subdirectory. Allows for building any backport from
only a tarball.
Signed-off-by: Silas McCroskey <smccroskey@cumulusnetworks.com> Signed-off-by: Martin Winter <mwinter@opensourcerouting.org>
Silas McCroskey [Tue, 14 Feb 2017 11:45:50 +0000 (18:45 +0700)]
debian: structure for building backports from a single branch
Source a makefile (when it exists) in debian/rules to assemble
a source package via:
* a debian.tar.gz tarball built from combining the contents of debian/
and debian/backports/$backport/debian/ using other details under
debian/backports/$backport
* an orig.tar.gz file (not generated by this makefile). This can (and
should) be the same for all backports.
ßingen [Fri, 17 Nov 2017 09:32:36 +0000 (10:32 +0100)]
ldp: Fix bug configuring PW
With non-targeted LDP receiving a PW label mapping before configuring
the PW was causing the SET message to be sent before the ADD one, so
Zebra PW manager wouldn't find the PW on first message reception.
Donald Sharp [Thu, 16 Nov 2017 19:06:10 +0000 (14:06 -0500)]
zebra: Install/Update success caused flags to be cleared for lsp
When the kernel installs/updates a lsp the return code for
success is a 0. The code was interpreting the 0 as a failure
case for the Install/Update code paths. This caused upon
a true deletion zebra loosing knowledge of the lsp
but the kernel still had it installed.
Failure:
mpls label bind 10.50.4.11/32 4444
!
line vty
!
end
robot.cumulusnetworks.com# conf t
robot.cumulusnetworks.com(config)# no mpls lsp 6666 10.50.11.1 3933
robot.cumulusnetworks.com(config)# exit
robot.cumulusnetworks.com# show mpls table 6666
robot.cumulusnetworks.com# exit
sharpd@robot ~/frr4> ip -f mpls route show
6666 as to 3933 via inet 10.50.11.1 dev enp0s10 proto static
With Fix:
sharpd@robot ~/frr4> ip -f mpls route show
6666 as to 3933 via inet 10.50.11.1 dev enp0s10 proto static
sharpd@robot ~/frr4> sudo vtysh
Hello, this is FRRouting (version 3.1-dev).
Copyright 1996-2005 Kunihiro Ishiguro, et al.
robot.cumulusnetworks.com# conf t
robot.cumulusnetworks.com(config)# no mpls lsp 6666 10.50.11.1 3933
robot.cumulusnetworks.com(config)# end
robot.cumulusnetworks.com# show mpls table 6666
robot.cumulusnetworks.com# exit
sharpd@robot ~/frr4> ip -f mpls route show
sharpd@robot ~/frr4>
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Thu, 16 Nov 2017 17:26:07 +0000 (12:26 -0500)]
zebra: rt_socket.c should not use SET_FLAG
The SET_FLAG(nexthop->flags, NEXTHOP_FLAG_FIB)
is already taken care of in zebra_rib.c. There
is no need for this to be handled by rt_socket.c.
rt_netlink.c does not do a SET_FLAG(nexthop->flags, NEXTHOP_FLAG_FIB)
for route installation. Please note it does do it for a mpls
labeled route installation, which will be fixed in a future
commit.
Remove some dead code from 2002 as well.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Thu, 16 Nov 2017 18:10:41 +0000 (13:10 -0500)]
zebra: Note about functionality in rt.h
When we are modifying the kernel there could
be multiple modules/hooks involved in this
process. As such let the caller set
the appropriate flags for success/failure.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Fri, 10 Nov 2017 13:51:34 +0000 (08:51 -0500)]
lib, zebra: Modify zebra to use STREAM_GET for zapi
This code modifies zebra to use the STREAM_GET functionality.
This will allow zebra to continue functioning in the case of
bad input data from higher level protocols instead of crashing.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Thu, 2 Nov 2017 12:37:06 +0000 (08:37 -0400)]
lib: Add STREAM_GETX functions
Currently when stream reads fail, for any reason, we assert.
While a *great* debugging tool, Asserting on production code
is not a good thing. So this is the start of a conversion over
to a series of STREAM_GETX functions that do not assert and
allow the developer a way to program this gracefully and still
clean up.
Current code is something like this( taken from redistribute.c
because this is dead simple ):
afi = stream_getc(client->ibuf);
type = stream_getc(client->ibuf);
instance = stream_getw(client->ibuf);
This code has several issues:
1) There is no failure mode for the stream read other than assert.
if afi fails to be read the code stops.
2) stream_getX functions cannot be converted to a failure mode
because it is impossible to tell a failure from good data
with this api.
We've created a stream_getc2( which does not assert ),
but we need a way to allow clean failure mode handling.
This is done by macro'ing stream_getX2 functions with
the equivalent all uppercase STREAM_GETX functions that
include a goto.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Daniel Walton [Fri, 10 Nov 2017 18:30:25 +0000 (18:30 +0000)]
tools: frr-reload do not attempt deleting lines that cannot be deleted
Signed-off-by: Daniel Walton <dwalton@cumulusnetworks.com>
There are several lines that we cannot do a "no" on
- frr version
- frr defaults
- password
- line vty
frr-reload should ignore these if asked to do a "no" on them
Daniel Walton [Fri, 10 Nov 2017 17:57:42 +0000 (17:57 +0000)]
tools: frr-reload remove Cumulus Linux release numbers from comments
Signed-off-by: Daniel Walton <dwalton@cumulusnetworks.com>
The "3.0", etc in the comments were referring to Cumulus Linux 3.0 which
was confusing now that FRR has a 3.0
Daniel Walton [Fri, 10 Nov 2017 17:19:08 +0000 (17:19 +0000)]
tools: frr-reload.py ignore multiple whitespaces
Signed-off-by: Daniel Walton <dwalton@cumulusnetworks.com>
Without this fix frr-reload would do a del/add even if the only
difference were bogus whitespaces.
Marcel Röthke [Fri, 10 Nov 2017 12:56:24 +0000 (13:56 +0100)]
bgpd: Add RPKI/RTR support
This commit adds support for the RTR protocol to receive ROA
information from a RPKI cache server. That information can than be used
to validate the BGP origin AS of IP prefixes.
Both features are implemented using [rtrlib](http://rtrlib.realmv6.org/).
Juergen Kammer [Tue, 7 Nov 2017 08:38:22 +0000 (09:38 +0100)]
ospf6d: Fix setting interface ipv6 ospf6 cost value (LSA hooks were never called)
Fixes: #1420 Signed-off-by: Juergen Kammer <j.kammer@eurodata.de>
If the ipv6 ospf6 cost on an interface is changed, no recalculation of routes happens, though the interface structure is updated with the new value. The new cost will be used later, when LSA hooks are called for any other reason.
Diagnosis:
The DEFUN for the config command sets oi->cost and calls ospf6_interface_recalculate_cost(oi) whenever there is a change in the supplied value. ospf6_interface_recalculate_cost then gets the new cost for the interface by calling ospf6_interface_get_cost(oi), which returns oi->cost if a cost is manually set (i.e. we get the value we just set). ospf6_interface_recalculate_cost only calls the LSA hooks if there is a change - which obviously never happens if we compare the new value with itself.
Quentin Young [Mon, 23 Oct 2017 20:43:32 +0000 (16:43 -0400)]
bgpd: fix mishandled attribute length
A crafted BGP UPDATE with a malformed path attribute length field causes
bgpd to dump up to 65535 bytes of application memory and send it as the
data field in a BGP NOTIFY message, which is truncated to 4075 bytes
after accounting for protocol headers. After reading a malformed length
field, a NOTIFY is generated that is supposed to contain the problematic
data, but the malformed length field is inadvertently used to compute
how much data we send.
CVE-2017-15865
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Chirag Shah [Thu, 2 Nov 2017 14:54:45 +0000 (07:54 -0700)]
ospfd: VRF aware Router-ID update
Ensure zebra received router-id isolated per vrf instance.
Store zebra received router-id within ospf instance.
Ticket:CM-18657
Reviewed By:
Testing Done:
Validated follwoing sequence
- Create vrf1111
- Create ospf vrf1111 with no router-id
- Assign ip to vrf111
- ospf is assigned zebra assigned router-id which is vrf ip.
- upon remvoing vrf ip, the router-id retained as same until
ospfd restarted.
Signed-off-by: Chirag Shah <chirag@cumulusnetworks.com>
Donald Sharp [Fri, 3 Nov 2017 19:25:31 +0000 (15:25 -0400)]
bgpd: Prevent infinite loop when reading capabilities
If the user has configured the ability to override
the capabilities or if the afi/safi passed as part
of the _MP capability is not understood, then we
can enter into an infinite loop as part of the
capability parsing.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The problem with this is that macaddr[0] is passed in as a integer
so the sprintf function thinks that the value to display is much
larger than it actually is. The ECOMMUNITY_STR_DEFAULT_LEN is 27
So the resulting string no-longer fits in memory and we write
off the end of the buffer and can crash. If we force the
passed in value to be a uint8_t then we get the expected output
since a single byte is displayed as 2 hex characters and the
resulting string fits in str_buf.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Don Slice [Fri, 3 Nov 2017 16:45:02 +0000 (16:45 +0000)]
bgpd: default originate issue with intf peers and global intf address
Problem reported that a receiver of a default route issued across bgp
unnumbered peering using default originate would have the route stay
as inactive. Discovered we were messing up the nexthop value sent to
the peer in this one particular case. Manual testing good, fix supplied
to the submitter and verified to resolve the problem. bgp-smoke
completed successfully.
Ticket: CM-18634 Signed-off-by: Don Slice <dslice@cumulusnetworks.com> Reviewed-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Fri, 27 Oct 2017 17:02:15 +0000 (13:02 -0400)]
eigrpd: Allow query send to send more than 1 packet
When we send a query if we have more queries than we
can fit in one packet, allow the packet to be broken
up into multiple packets to be sent to our neighbor.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
projects / mirror / frr.git / log