Renato Westphal [Wed, 7 Jun 2017 00:24:02 +0000 (21:24 -0300)]
ldpd: remove pledge calls
In OpenBSD pledge is a mitigation mechanism used to restrict the syscalls
a program can use, enforcing its correct behavior.
In this port of OpenBSD's ldpd(8), it's hard to run under the same
tight pledge promises because of libfrr and additional components we
introduced, like a zclient in lde. Since ldpd is already privsep'ed,
removing the pledge calls shouldn't be a big compromise security-wise.
Martin Winter [Mon, 22 May 2017 11:07:22 +0000 (04:07 -0700)]
redhat: Disallow reload function for unsupported systems
Before the change, a reload triggered a restart if the python reload script wasn't installed or for non-integrated configs
With this change, the reload is rejected with an error in this case (and suggests the installation of the python script package)
Signed-off-by: Martin Winter <mwinter@opensourcerouting.org>
redhat: use %initsystem check that works when chrooted
`systemctl' returns different, non-useful output while in a chroot.
Switch to checking if /sbin/init is a symlink to the systemd binary.
With this change the build works in a mock chroot.
Martin Winter [Thu, 20 Apr 2017 01:12:10 +0000 (18:12 -0700)]
redhat: Fix BuildRequires for FRR/2.0 and duplicate /etc/frr/daemons
- add make & gcc
- remove autoconf and automake (not needed to build from src.rpm)
- fix texi2html version detection for case when no texi2html is installed (broke yum-builddep)
- fix duplicate listing of /etc/frr/daemons
Signed-off-by: Martin Winter <mwinter@opensourcerouting.org>
Renato Westphal [Fri, 2 Jun 2017 14:14:54 +0000 (11:14 -0300)]
ldpd: fix bug in pseudowire control-word negotiation
Bingen discovered a bug in the pseudowire control-word negotiation that
might happen when the "control-word exclude" command is used. Under some
very specific conditions, ldpd might ignore a PWID label mapping when
it shouldn't.
This patch removes a wrong optimization that was preventing ldpd to call
l2vpn_pw_reset() every time we change the configuration of a pseudowire.
When the transport address is changed, all interfaces and targeted
neighbors are temporary disabled in the ldpe process until new sockets
bound to the new transport address are received from the parent.
This patch fixes a problem in which adjacencies weren't being removed
after the associated targeted neighbors were disabled. This was causing
ldpd not to set some MD5 sockoptions for new neighbors are thus preventing
MD5-protected sessions to come up after a change in the transport-address.
It's doesn't make sense to enforce that a targeted-hello is received
on an LDP-enabled interface. It should be possible, for example, to use
LDP only to signal pseudowires and other another protocol (e.g. RSVP-TE)
to create end-to-end LSPs.
ldpd: schedule the sending of label messages when necessary
Once we send a Label Withdraw, we can't send a Label Mapping for the
same FEC until we receive a Label Release from the peer. This is due to
some limitations in the LDP algorithms described in Appendix A. ("LDP
Label Distribution Procedures") of RFC 5036.
To workaround this issue, make it possible to schedule the sending of
a Label Mapping as soon as a Label Release is received for the same FEC.
The easiest way to test this patch is by typing the "label local advertise
explicit-null" command. ldpd will withdraw all null labels using a
Wildcard FEC and then send new Label Mappings as soon the corresponding
Label Releases are received.
On unstable networks, routes can be lost and relearned very often. If
we deallocate the input label every time a route is lost and allocate
a new one when the route is relearned, a lot of changes are made in vain.
This patch introduces a logic in which labels are preserved for at least
five minutes before being deallocated by the LIB garbage collector. This
is consistent with what other implementations do.
ldpd: accept notifications during the session establishment process
If we don't do this, we'll never trigger the backoff exponential timer
since it's impossible to distinguish between Initialization NAK's and
general errors.
Also:
* Implement some missing bits from RFC 5036;
* remove superfluous log message in session_shutdown()
(send_notification() logs that we're sending a fatal notification).
ldpd: use synchronous channels for sending log messages
This is necessary to guarantee that all log messages sent from the child
processes are received in the parent process right away.
Without this patch, when a child process calls fatal() or fatalx(),
the log messages don't make it to the parent because the child doesn't
have a chance to flush its buffers before exiting.
When ldpd fails to start for some reason, like failing to create a pid
file, the child processes call their shutdown functions without being
completely initialized. This patch adds some protections to prevent a
segmentation fault on such circumstances.
ldpd: simplify initialization of the child processes
In order to have separate ASLR/cookies per process, ldpd calls exec()
in the child processes after fork() (this is also known as the fork+exec
model).
This is an important security feature but it makes the initialization
of the child processes a bit more complicated as they're not a copy of
the parent anymore, so all parameters given via command line are lost.
To solve this problem, we were creating an argv array by hand with all
necessary parameters and providing it to the exec() syscall. This works
but it's a very ugly solution. This patch introduces a different approach
to solve the problem: send an IMSG_INIT message to the child processes
with all parameters they need in order to initialize properly. This
makes adding additional initialization parameters much more convenient
and less error prone.
vtysh: fix a compile error when user/group are disabled
If FRR is configured explicilty with --disable-user and
--disable-group, FRR_USER and FRR_GROUP will not be defined
and can be safely skipped in vtysh.
Renato Westphal [Fri, 19 May 2017 13:51:00 +0000 (10:51 -0300)]
bgpd: fix sending of invalid nexthops on the wire
The bpacket_reformat_for_peer() function rewrites the nexthop of outgoing
route updates on a per-peer basis in order to handle route-maps ("set
ip next-hop") and locally-originated routes missing a nexthop.
In the latter case, RFC 4271 says the following: "When announcing a
locally-originated route to an internal peer, the BGP speaker SHOULD use
the interface address of the router through which the announced network
is reachable for the speaker as the NEXT_HOP".
We were doing this for regular IPv4/IPv6 routes, but not for
VPN/EVPN/ENCAP routes, which were being announced with invalid nexthops
(0.0.0.0 or ::).
Chirag Shah [Fri, 12 May 2017 19:05:46 +0000 (12:05 -0700)]
pimd: Fix to Tx S,G Join when SGRpt->Join state
-Upon Rx (*,G) Join w/o SGRpt at RP, trigger (S,G) Join
towards FHR, unset SGRpt flag from channel,
add (*,G) oif to (S,G) entry.
-Add I am not RP check to triger SGRpt on *,G path otherwise,
send S,G Prune on SPT path from RP to FHR upon receving *,G Prune.
-Upon Rx SGRpt receive, remove OIF(downstream where Prune received) from specific S,G.
Testing Done:
pim-smoke
Ran 95 tests in 11790.552s
FAILED (SKIP=10, failures=4)
Signed-off-by: Chirag Shah <chirag@cumulusnetworks.com>
projects / mirror / frr.git / log