David Lamparter [Thu, 25 Oct 2018 13:37:28 +0000 (15:37 +0200)]
debianpkg: always install /etc/init.d/frr
There is no point in making this conditional, systemd correctly prefers
the service file over the init script when it is present. Also, people
can install an init system that doesn't match their distribution and
even change init systems on an installation.
Signed-off-by: David Lamparter <equinox@diac24.net>
David Lamparter [Thu, 25 Oct 2018 13:00:55 +0000 (15:00 +0200)]
debianpkg: ditch development-only files
It is currently impossible to build external stuff that links against
installed FRR headers or libraries. Such projects need to directly
reference an FRR source tree until we revamp the library installation
semantics.
In any case these files would then be in a frr-dev Debian package.
Signed-off-by: David Lamparter <equinox@diac24.net>
David Lamparter [Wed, 24 Oct 2018 18:57:32 +0000 (20:57 +0200)]
debianpkg: raise debhelper compat level to 9
Compat level 7 has long been deprecated. 9 works fine for us, though it
does change the library installation directories to multi-arch. (Which
is not a problem.)
Signed-off-by: David Lamparter <equinox@diac24.net>
David Lamparter [Wed, 24 Oct 2018 15:20:29 +0000 (17:20 +0200)]
debianpkg: make frr-pythontools a "Recommends:"
From the Debian policy:
Recommends:
This declares a strong, but not absolute, dependency.
The Recommends field should list packages that would be found
together with this one in all but unusual installations.
I'd say, yes, we do want the python-based reload functionality in all
but unusual installations.
Signed-off-by: David Lamparter <equinox@diac24.net>
David Lamparter [Wed, 3 Oct 2018 17:14:27 +0000 (19:14 +0200)]
debianpkg: create frr-snmp and frr-rpki-rtrlib
This splits off SNMP and RPKI support so that users can install these
packages (with the appropriate dependencies) independently of main FRR.
It also obsoletes out the weird multi-variant package distribution we've
been doing for RPKI support.
The snmpd dependency is also changed to Recommends: on frr-snmp since
the frr-snmp package is essentially useless without snmpd.
Signed-off-by: David Lamparter <equinox@diac24.net>
David Lamparter [Tue, 23 Oct 2018 11:54:07 +0000 (13:54 +0200)]
debianpkg: use better dependency for pythontools
As described in https://wiki.debian.org/binNMU, arch-indep packages
should have an "almost identical" dependency so "+..." changes can be
made to arch-dep packages without breaking the arch-indep pkgs.
Signed-off-by: David Lamparter <equinox@diac24.net>
David Lamparter [Wed, 24 Oct 2018 15:01:11 +0000 (17:01 +0200)]
tools: add new tarsource.sh helper
It cleans your house and cooks dinner. Or maybe it creates a clean dist
tarball for you, plus a Debian .dsc if you have dpkg installed - and
GPG-signs the result appropriately if requested.
In any case the resulting tarball should be distributed for our
releases.
Signed-off-by: David Lamparter <equinox@diac24.net>
David Lamparter [Mon, 22 Oct 2018 11:37:53 +0000 (13:37 +0200)]
debianpkg: kill backports
The debianpkg/backports system is rather complicated and actually slows
down Debian package building quite a lot since the backports/rules file
is evaluated a zillion times during a normal build.
This just folds up everything into a single Debian package build that
works on all OSes. The only real difference that the backports stuff
was used for is switching between systemd and init.d, the latter for
Ubuntu 12.04 and 14.04.
With this, that switch is controlled by the pkg.frr.nosystemd
Build-Profile instead. Package builds for Ubuntu 14.04 need to supply
the -Ppkg.frr.nosystemd option to dpkg-buildpackage. (12.04 isn't
supported anymore anyway.)
Note that the update-rc.d step that was previously coded into
postinst/postrm is now handled by the dh_installinit magic.
Other than this, there were some minor build dependency differences, all
of which are now just handled as | in the central deps.
Signed-off-by: David Lamparter <equinox@diac24.net>
Renato Westphal [Fri, 19 Oct 2018 18:55:47 +0000 (15:55 -0300)]
ospfd: fix issue with the "no segment-routing prefix A.B.C.D/M" command
Add a missing check to bail out earlier when SR is not configured. The
same command without the "no" prefix has the same check as it prevents
unexpected things (i.e. crashes) from happening.
Fixes the following segfaults:
ospfd aborted: vtysh -c "configure terminal" -c "router ospf" -c "no segment-routing prefix 1.1.1.1/32"
ospfd aborted: vtysh -c "configure terminal" -c "router ospf" -c "no segment-routing prefix 1.1.1.1/32 index 65535 no-php-flag"
Renato Westphal [Fri, 19 Oct 2018 18:55:22 +0000 (15:55 -0300)]
bgpd: use the vrf_bitmap_*() helper functions when necessary
zclient->redist[afi][type] is a hash table and not an integer since a
while ago when VRF support was introduced. As such, zclient->redist[][]
should never be manipulated directly, the vrf_bitmap_*() helper functions
should be used instead. This fixes a few crashes found by the CLI fuzzer.
Renato Westphal [Fri, 19 Oct 2018 18:55:12 +0000 (15:55 -0300)]
bgpd: fix bug while iterating over VPN table
The routing table data structure can create intermediate route nodes
during its normal operation, so we always need to check if the 'info'
pointer of a route node is NULL or not before dereferencing it.
Renato Westphal [Fri, 19 Oct 2018 18:55:08 +0000 (15:55 -0300)]
bgpd: remove wrong assert
The vnc_direct_del_rn_group_rd() function can be called with the 'afi'
parameter set to AFI_L2VPN on some specific cases. Remove the assert to
fix the crash.
Renato Westphal [Fri, 19 Oct 2018 18:55:03 +0000 (15:55 -0300)]
bgpd: fix NULL pointer dereference bug
Other parts of the rfapi code check if the 'rfg->rfapi_import_table'
pointer is NULL or not before using it. Do the same here to fix a crash
detected by the CLI fuzzer.
Renato Westphal [Fri, 19 Oct 2018 18:54:57 +0000 (15:54 -0300)]
bgpd: add a NULL check to prevent a crash in the rfapi code
The rfapiDeleteRemotePrefixesIt() function checks on several places if
'p' is NULL or not. Introduce an additional NULL check to prevent a
crash from happening.
Renato Westphal [Fri, 19 Oct 2018 18:54:47 +0000 (15:54 -0300)]
bgpd: fix crashes caused by missing input validation
The rfapi code wasn't checking if strtoul() succeeded or not when parsing
the list of labels. Fix the affected commands by not allowing the user
to enter a non-numeric input.
Renato Westphal [Fri, 19 Oct 2018 18:53:55 +0000 (15:53 -0300)]
bgpd: handle NULL pointers in lcommunity_cmp()
Like community_cmp() and ecommunity_cmp(), the lcommunity_cmp() function
also needs to handle NULL pointers for correct operation.
Without this fix, bgpd can crash when entering the following commands:
vtysh -c "configure terminal" -c "ip large-community-list standard WORD deny"
vtysh -c "configure terminal" -c "no ip large-community-list expanded WORD"
Renato Westphal [Fri, 19 Oct 2018 18:53:46 +0000 (15:53 -0300)]
bgpd: fix cleanup of dampening configuration
The bgp_damp_config_clean() function was deallocating some arrays without
resetting the variables that represent their sizes. This was leading to
some crashes because other parts of the code iterate over these arrays
by looking at their corresponding sizes, which could be invalid.
Fixes the following segfaults (which only happen under certain
circumstances):
vtysh -c "configure terminal" -c "router bgp 1" -c "bgp dampening"
vtysh -c "configure terminal" -c "router bgp 1" -c "no bgp dampening"
vtysh -c "configure terminal" -c "router bgp 1" -c "no bgp dampening 45"
vtysh -c "" -c "clear ip bgp dampening"
Renato Westphal [Fri, 19 Oct 2018 18:53:33 +0000 (15:53 -0300)]
bfdd: do not allow multihop peers without a local-address
The BFD code assumes that multihop peers have a local address
configured. When that doesn't happen, the BFD client daemons fail to
decode some BFD ZAPI messages and abort. To fix this, do not accept the
configuration of multhop peers unless a local-address is configured.
F. Aragon [Tue, 4 Sep 2018 12:37:00 +0000 (14:37 +0200)]
zebra: filter zebra messages (label manager)
This change makes the zebra acting as label manager proxy not to relay non-LM
messages to clients that a zebra acting in non-proxy mode may send to it. Also,
the existing code does not schedule a rcv in case of relay_response_back
returns -1. This patch re-schedules reads on the socket even in case such a
function returns -1 by calling thread_add_read().
paco [Thu, 7 Jun 2018 13:28:12 +0000 (15:28 +0200)]
bgpd, doc, ldpd, lib, tests, zebra: LM fixes
Corrections so that the BGP daemon can work with the label manager properly
through a label-manager proxy. Details:
- Correction so the BGP daemon behind a proxy label manager gets the range
correctly (-I added to the BGP daemon, to set the daemon instance id)
- For the BGP case, added an asynchronous label manager connect command so
the labels get recycled in case of a BGP daemon reconnection. With this,
BGPd and LDPd would behave similarly.
David Lamparter [Tue, 30 Oct 2018 01:02:00 +0000 (02:02 +0100)]
build: fix reproducibility re. -fdebug-prefix-map
If CFLAGS contains something like `-fdebug-prefix-map=/build/path=.`, we
need to remove it from CONFIG_ARGS so it doesn't get baked into `show
version`. Otherwise, build becomes non-reproducible if the build path
changes. To avoid other things creeping in, let's just remove *FLAGS in
their entirety. (Not really reliable information anyway.)
With this commit, FRR build should be 100% reproducible.
Signed-off-by: David Lamparter <equinox@diac24.net>
David Lamparter [Thu, 8 Nov 2018 05:50:13 +0000 (06:50 +0100)]
vtysh: rework/straighten pager handling
- no longer try to special-case a custom terminal length; the OS has
procedures for that (SIGWINCH & TIOCGWINSZ)
- only use a pager if requested by CLI command or VTYSH_PAGER. The
behaviour with VTYSH_PAGER set should be compatible to previous
versions.
Signed-off-by: David Lamparter <equinox@diac24.net>
David Lamparter [Fri, 30 Nov 2018 20:40:39 +0000 (21:40 +0100)]
debian/tools: new init script
This separates the init script used for the system (and called in the
systemd unit file) from the script that watchfrr uses to control
daemons. Mixing these two caused the entire thing to become a rather
huge spaghetti mess.
Note that there is a behaviour change in that the new script always
starts zebra regardless of zebra_enable.
Side changes:
- Ubuntu 12.04 removed from backports since it doesn't work anyway
- zebra is always started regardless of zebra_enable. To disable FRR,
the entire init script should be disabled through policy.
- no-watchfrr operation is no longer supported by the scripts in the
Debian packages. (This is intentional.)
Signed-off-by: David Lamparter <equinox@diac24.net>
David Lamparter [Fri, 30 Nov 2018 16:56:04 +0000 (17:56 +0100)]
watchfrr: immediately try connecting after start
When we make a call to (re)start some daemon(s), we can immediately try
connecting to its VTY socket after the script completes. If the daemon
started correctly, this will always succeed since the start script only
returns after daemon startup is complete.
Among other things, this reduces the delay to "startup complete"
notification at initial watchfrr start.
Signed-off-by: David Lamparter <equinox@diac24.net>
David Lamparter [Thu, 27 Sep 2018 02:18:48 +0000 (04:18 +0200)]
watchfrr, lib: cleanup & delay detaching
This cleans up watchfrr to be more "normal" like the other daemons in
terms of what it does in main(), i.e. using the full frr_*() call set.
Also, this changes the startup behaviour on watchfrr to stay attached on
the daemon's parent process until startup is really complete. This
should allow removing the "watchfrr.started" hack at some point.
Signed-off-by: David Lamparter <equinox@diac24.net>
Donald Sharp [Thu, 6 Sep 2018 14:51:08 +0000 (10:51 -0400)]
bgpd: Prevent possible crash when parsing v6 attributes
The peer->nexthop.ifp pointer must be set when parsing the
attributes in bgp_mp_reach_parse, notice this
and fail gracefully.
Rework bgp_nexthop_set to remove the HAVE_CUMULUS and to
fail the nexthop_set when we have a zebra connection and
no ifp pointer, as that not havinga zebra connection and
no ifp pointer is legal.
Rafael Zalamena [Sat, 3 Nov 2018 22:08:33 +0000 (19:08 -0300)]
bfdd: fix BGP unnumbered peer setup
The session key uses the scope id to figure out which interface we are
using with that link-local address, so if we don't set it when
registering a session we'll end up with multiple IPv6 sessions.
This bug was spotted by Sandro Bolliger.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
David Lamparter [Sat, 27 Oct 2018 17:06:22 +0000 (19:06 +0200)]
build: crop excessive net-snmp library list
This fixes the longstanding GPL vs. OpenSSL licensing issue in our SNMP
code (and cuts down on its other dependencies a wee bit.)
In a way, net-snmp is really buggy here in what it says that we should
link against, but I don't know their application scenarios well enough
to say it should be changed at their end.
Signed-off-by: David Lamparter <equinox@diac24.net>
David Lamparter [Wed, 24 Oct 2018 15:31:31 +0000 (17:31 +0200)]
build: add "redistclean" target
This puts a source tree back in the state it was in after unpacking a
dist tarball. Different from distclean in that it doesn't remove files
that are included in the tarball.
Signed-off-by: David Lamparter <equinox@diac24.net>
David Lamparter [Mon, 15 Oct 2018 04:51:30 +0000 (06:51 +0200)]
build: work around automake wtf
For some reason, automake was "randomizing" the order of these few lines
in the generated output Makefile.in.
I have absolutely no clue what's going on, but it's the only thing
preventing me from building reproducible source tarballs (i.e.
bit-exactly identical), so... just slightly "rephrase" this.
Should behave exactly the same as before.
Signed-off-by: David Lamparter <equinox@diac24.net>
David Lamparter [Tue, 23 Oct 2018 12:06:25 +0000 (14:06 +0200)]
build: carry --with-pkg-extra-version into tarballs
If we use "./configure --with-pkg-extra-version=... && make dist", we
probably want the dist tarball to remember the extra version it was
configured with.
Use --without-pkg-extra-version to kill the tag.
Signed-off-by: David Lamparter <equinox@diac24.net>
David Lamparter [Sat, 6 Oct 2018 21:28:19 +0000 (23:28 +0200)]
build: rewrite readline/curses check
We don't need termcap/tinfo/curses, those are just for libreadline. On
most modern systems, libreadline will pull in the appropriate libs it
needs on its own, so unconditionally adding them adds an extra unneeded
dependency for us.
Still need to try with curses/... for some systems, but only after bare
readline fails.
Signed-off-by: David Lamparter <equinox@diac24.net>
David Lamparter [Mon, 15 Oct 2018 05:02:47 +0000 (07:02 +0200)]
debianpkg: clean up dependencies
- accept either python2 or python3 packages for everything
- drop texlive-latex-base, texlive-generic-recommended (only needed for
PDF docs)
- python-ipaddr is not a build time requirement, only runtime
Signed-off-by: David Lamparter <equinox@diac24.net>
David Lamparter [Mon, 15 Oct 2018 05:00:42 +0000 (07:00 +0200)]
debianpkg: strip ancient/unused cruft
The SNMP MIB directory is unneeded, --enable-poll has been long gone,
the "build" target is straight up wrong (causing FRR to be built in the
install step) and we haven't needed /proc for configure in ages either.
Signed-off-by: David Lamparter <equinox@diac24.net>
Daniil Baturin [Mon, 1 Oct 2018 18:38:44 +0000 (20:38 +0200)]
tools: add a script for building a Debian package in one step.
The script simplifies the relatively lengthy procedure.
It should be invoked from the top level source directory, for example:
./tools/build-debian-package.sh
Christian Franke [Fri, 28 Sep 2018 17:32:38 +0000 (19:32 +0200)]
doc: Use `mv -f` in Makefile
Sphinx always runs, even in the `make install` stage. When `make install`
is run as root and then another `make` is run by a nonprivileged user,
some versions of `mv` prompt like this:
David Lamparter [Sun, 2 Sep 2018 18:36:20 +0000 (20:36 +0200)]
build: fix & clean up *SAN flags
ASAN/MSAN/TSAN flags need to be in CFLAGS and LDFLAGS; the latter links
the correct compiler-dependent library. Also, the configure switch was
broken (--disable-... would enable the sanitizer.)
Signed-off-by: David Lamparter <equinox@diac24.net>
projects / matthieu / frr.git / log