Christian Franke [Tue, 10 Nov 2015 16:45:03 +0000 (17:45 +0100)]
ripd, isisd: fix warnings that make the build fail
These issues have been found by running buildtest.sh
using GCC 5.2.0 and Clang 3.7.0
Fixes pointer checks that can never be null
Signed-off-by: Christian Franke <chris@opensourcerouting.org> Tested-by: NetDEF CI System <cisystem@netdef.org> Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Michael Zingg [Fri, 26 Oct 2012 09:18:19 +0000 (11:18 +0200)]
isisd: Fix LSPs not being regenerated after adjacency change
In isisd LSP's are not regenerated after a change in adjacency if
lsp-gen-interval has expired.
I have tested this on Debian 6.0 with zebra and level1 isisd with point
to point links. This problem is also listed in Test ISIS-18.3 on the
opensourcerouting.org wiki:
http://confluence.isc.org/display/osr/ANVL+ISIS+Compliance+Test+Plan
http://confluence.isc.org/display/osr/ANVL+ISIS+Results
Amritha Nambiar [Wed, 14 Oct 2015 05:08:46 +0000 (22:08 -0700)]
isisd: Drop packet received on multiple interfaces due to the time gap in binding socket to an interface
Due to the time window between opening socket and binding it to an interface, the same hello
packet is delivered on multiple interfaces, unique socket per circuit is not yet established.
When such hellos get processed, they form incorrect adjacencies. So, drop the packet that is
received on multiple interfaces because the socket for the circuit is yet to bind to an interface.
Don Slice [Tue, 29 Mar 2016 19:19:42 +0000 (19:19 +0000)]
zebra: Use vrf name instead of vrf-id for ipv6 static route configuration
Changed output of the "ipv6 route ... vrf red" to display and store with the
vrf name instead of the vrf_id, since the vrf_id would disappear on reboot
or quagga restart.
Ticket: CM-10126 Signed-off-by: Don Slice Reviewed-by: Donald Sharp
vivek [Mon, 28 Mar 2016 16:37:39 +0000 (09:37 -0700)]
BGP: Fix BGP unnumbered peerings across VRFs
Upon receipt of incoming connection, a peer structure (doppelganger) is
created internally and the connection processed for it. The problem is
that in the case of BGP unnumbered, the sockunion structure within BGP was
being updated (in peer_create()) prior to the peer's flags being updated,
so it didn't take into account the 'v6only' configuration. This results
in subsequent problems when bgp_bind() is done - the socket ends up being
bound to the BGP instance instead of the interface.
In the case of an incoming connection, we should just use the addresses
on which the connection was setup/accepted, there is no need to attempt to
derive it again. Further, there is no need to attempt to update addresses
at the time of peer_create() since that is done when the connection is
attempted in bgp_start().
Paul Jakma [Mon, 8 Feb 2016 14:46:28 +0000 (14:46 +0000)]
lib: zclient can overflow (struct interface) hw_addr if zebra is evil
* lib/zclient.c: (zebra_interface_if_set_value) The hw_addr_len field
is used as trusted input to read off the hw_addr and write to the
INTERFACE_HWADDR_MAX sized hw_addr field. The read from the stream is
bounds-checked by the stream abstraction, however the write out to the
heap can not be.
Tighten the supplied length to stream_get used to do the write.
Impact: a malicious zebra can overflow the heap of clients using the ZServ
IPC. Note that zebra is already fairly trusted within Quagga.
Donald Sharp [Wed, 27 Jan 2016 16:54:45 +0000 (16:54 +0000)]
bgpd: Fix VU#270232, VPNv4 NLRI parser memcpys to stack on unchecked length
Address CERT vulnerability report VU#270232, memcpy to stack data structure
based on length field from packet data whose length field upper-bound was
not properly checked.
This likely allows BGP peers that are enabled to send Labeled-VPN SAFI
routes to Quagga bgpd to remotely exploit Quagga bgpd.
Mitigation: Do not enable Labeled-VPN SAFI with untrusted neighbours.
Impact: Labeled-VPN SAFI is not enabled by default.
* bgp_mplsvpn.c: (bgp_nlri_parse_vpnv4) The prefixlen is checked for
lower-bound, but not for upper-bound against received data length.
The packet data is then memcpy'd to the stack based on the prefixlen.
Extend the prefixlen check to ensure it is within the bound of the NLRI
packet data AND the on-stack prefix structure AND the maximum size for the
address family.
Reported-by: Kostya Kortchinsky <kostyak@google.com>
This commit a joint effort between:
Lou Berger <lberger@labn.net>
Donald Sharp <sharpd@cumulusnetworks.com>
Paul Jakma <paul.jakma@hpe.com> / <paul@jakma.org>
Donald Sharp [Fri, 25 Mar 2016 15:41:44 +0000 (11:41 -0400)]
lib: Fix handling of poll
poll returns the number of revents that we need to handle
in the array. revent is a bit field of events that need
to be handled. thread.c was treating each sub item in the
bitfield as a separate item to handle.
As such the loop over the pollfds would quit early
sometimes.
Ticket: CM-10077 Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com> Reviewed-by: Don Slice <dslice@cumulusnetworks.com>
Don Slice [Thu, 24 Mar 2016 15:40:50 +0000 (15:40 +0000)]
zebra: add or delete router-id when interface moves vrfs
When an interface changes which vrf it is part of, it needs to be added
to the list of possible router-id choices in the new vrf and removed
from the old vrf/default.
Ticket: CM-9074 Signed-off-by: Don Slice Reviewed-by: Vivek Venkatraman
vivek [Fri, 25 Mar 2016 05:01:11 +0000 (22:01 -0700)]
Zebra: Fix handling of larger table-ids
Zebra code was not handling larger table-ids correctly. There were 2 issues:
a) In the netlink interface, RTA_TABLE was never sent or processed. This
pretty much limited the table-ids that zebra could understand to < 255.
b) In the interface into the zebra RIB (in particular for protocols), there
were some incorrect checks that again assumed the table id should be < 252
or be "main". This is valid only for the Default VRF (for now), for other
VRFs, the table-id should be the value learnt from the kernel.
bfd was receiving a callback with an interface name string
but was ignoring the passed in vrf to find the ifp pointer.
This commit fixes that code path in bfd.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com> Reviewed-by: Radhika Mahankali <radhika@cumulusnetworks.com>
Donald Sharp [Wed, 23 Mar 2016 19:38:30 +0000 (12:38 -0700)]
bgpd, lib, zebra: Add ability to retrieve ifp without specifying a vrf
There are cases where we get an interface name but do not have a
corresponding vrf. We care about getting an interface pointer
so just provide a function that searches all vrf's for the ifp.
Donald Sharp [Tue, 22 Mar 2016 21:03:04 +0000 (17:03 -0400)]
zebra: Some small modifications to actually delete the vrf
zebra was not actually deleting the vrf passed in.
Ticket: CM-9412 Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com> Reviewed-by: Don Slice <dslice@cumulusnetworks.com> Reviewed-by: Daniel Walton <dwalton@cumulusnetworks.com>
Donald Sharp [Tue, 22 Mar 2016 20:37:17 +0000 (16:37 -0400)]
zebra: Replace vrf with zebra_vrf in a few places
We were incorrectly using vrf instead of zebra_vrf in a
few spots.
Ticket: CM-9412 Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com> Reviewed-by: Don Slice <dslice@cumulusnetworks.com> Reviewed-by: Daniel Walton <dwalton@cumulusnetworks.com>
Daniel Walton [Tue, 22 Mar 2016 19:04:58 +0000 (19:04 +0000)]
RDNBRD: Change default distance of imported table routes to 15
Signed-off-by: Daniel Walton <dwalton@cumulusnetworks.com> Reviewed-by: Donald Sharp <sharpd@cumulusnetworks.com>
Ticket: CM-9898
The 'redistribute neighbor' feature is the primary use case for
importing table routes. We need the redistribute neighbor routes to
have a lower admin distance than eBGP so that the local table routes are
preferred (if the host is dual homed we could also learn about it via eBGP).
vivek [Tue, 22 Mar 2016 17:46:30 +0000 (17:46 +0000)]
Quagga: Make routemap updates or deletes work for VRFs
Updates to routemaps and delete of the routemap were not working properly
for VRFs. This was because while routemaps are global, the routemap update
processing timer and the processing were at the per-instance level. This
approach was unable to handle processing for multiple instances as the
routemap has no tracking of which instances are still pending processing.
This lead to the processing happening correctly only for the first instance
- which could be the default instance or some other instance. It could also
result in reference to freed memory for an instance.
The fix done is to make the update/delete processing also global and not per
instance. This means that the route-map delay timer will be global and a global
thread will handle the change (or delete) for all instances instead of spawning
a separate thread for each instance. To support this, a global BGP command
"bgp route-map delay-timer <value>" has been implemented. The existing command
per-instance is not deleted but will update the global timer.
vivek [Tue, 22 Mar 2016 16:52:35 +0000 (16:52 +0000)]
Zebra: Restrict IPv6 RA to valid interfaces
Restrict interfaces on which IPv6 Router Advertisements are allowed. The list
excludes loopback interfaces including the VRF device interface; specific to
Cumulus, it also includes "switch0" and "ethX" interfaces.
Don Slice [Fri, 18 Mar 2016 19:53:15 +0000 (19:53 +0000)]
quagga: delete interface from default table when moved to vrf
All daemons changed to flag an interface that has been moved to a vrf as DELETED instead of INTERNAL.
When they were flagged as IFINDEX_INTERNAL, ospf, rip, and isis would re-install them in the default
assuming that they were being "pre-defined" before the kernel definitions.
Ticket: CM-9265 Signed-off-by: Don Slice Reviewed-by: Donald Sharp
Donald Sharp [Fri, 18 Mar 2016 16:40:12 +0000 (12:40 -0400)]
ospf6d: Stop sending hello's out loopback interface
Currently if you have this setup:
router ospf6
interface lo area 0.0.0.0
Ospf is scheduling and sending hello's out the loopback interface:
2016/03/18 15:26:12.463248 OSPF6: Could not send entire message
2016/03/18 15:26:22.463475 OSPF6: sendmsg failed: ifindex: 1: Network is unreachhable (101)
Adding a check to not schedule hello's for a loopback interface resolves this issue.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com> Reviewed-by: Don Slice <dslice@cumulusnetworks.com>
root [Fri, 18 Mar 2016 13:18:33 +0000 (13:18 +0000)]
bgpd: Fix initialization check for bgp tests
With the vrf startup code put in place we've modified
bgp startup. If we are running inside of the 'make check'
infrastructure zclient is going to be NULL since it is
not initialized yet nor do we really want to connect
to zebra.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Fri, 18 Mar 2016 01:41:46 +0000 (01:41 +0000)]
tests: Fixup startup of tests so they don't core
Tests were not even compiling due to non updated API changes.
Additionally tests were core'ing after compile issue
because the vrf subsystem is being used now and it
needs to be initialized.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
David Lamparter [Sat, 12 Mar 2016 18:58:09 +0000 (19:58 +0100)]
lib: fix MIN/MAX macros to not double-eval
cf. https://gcc.gnu.org/onlinedocs/gcc/Typeof.html
(Works on all compilers on Quagga's compiler support list in
doc/overview.texi)
Signed-off-by: David Lamparter <equinox@opensourcerouting.org> Tested-by: NetDEF CI System <cisystem@netdef.org> Acked-by: Donald Sharp <sharpd@cumulusnetworks.com>
Change-Id: Iff33d70089d1393bf3e9c757d9e9faf134699121 Signed-off-by: kitty <khiruthigai.balasubramanian@hpe.com> Tested-by: NetDEF CI System <cisystem@netdef.org> Acked-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Thu, 17 Mar 2016 21:26:46 +0000 (17:26 -0400)]
ospfd: Fix Dereference of Null Pointer during config
This construct:
struct ospf *ospf = vty->index;
if (!ospf)
return CMD_SUCCESS;
Is present throughout the entire ospfd code base. The command:
distance ospf external 255
Is not protected by this construct. I added this construct
to the command and in addition did a quick search to find
any others not protected and to protect them.
Ticket: CM-9725 Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com> Reviewed-by: Don Slice <dslice@cumulusnetworks.com>
vivek [Wed, 16 Mar 2016 20:38:31 +0000 (20:38 +0000)]
BGP: Fix linkage between BGP instance and VRF structure
The issue here has to do with the fact that VRFs (like interfaces) are not
actually getting deleted when they are removed - they remain present. This
leads to situations in which BGP may try to unlink more than once, which
messes up the reference count (lock) in the BGP instance.
Signed-off-by: Vivek Venkatraman <vivek@cumulusnetworks.com> Reviewed-by: Donald Sharp <sharpd@cumulusnetworks.com>
Ticket: CM-9419
Reviewed By: CCR-4302
Testing Done: Manual, also verified by Atul
vivek [Sun, 13 Mar 2016 06:03:10 +0000 (06:03 +0000)]
BGP: Check in multipath comparison before invoking sockunion_cmp
During route selection for Multipath routes, when multiple peers are
flapping, it is possible that the old (former) multipath list of routes
for a destination may include routes from peers which are no longer in
Established state. When the new multipath list is compared against the
old list to identify changes, additional checks are needed to avoid
comparing connection addresses if the peer is not in Established state.
This patch introduces those checks.
Signed-off-by: Vivek Venkatraman <vivek@cumulusnetworks.com> Reviewed-by: Daniel Walton <dwalton@cumulusnetworks.com> Reviewed-by: Don Slice <dslice@cumulusnetworks.com>
Ticket: CM-9671
Reviewed By: CCR-4277
Testing Done: Manual (problem could not be replicated to verify)
Donald Sharp [Wed, 9 Mar 2016 12:25:02 +0000 (07:25 -0500)]
vtysh: Set an erroneous exit code if dry run fails because of syntax error
vtysh has a -C option to do a dry run of the quagga commands. However, the
program always returns 0 even when there's an error detected in the command.
Furthermore, it only parses vtysh.conf, not Quagga.conf.
This patch makes vtysh -C parse Quagga.conf also and return a non-zero
exit code so that network automation tools can catch this to flag errors in
syntax. This non-zero exit code along with printing the exact error with the
line number and offending line itself should help in fixing the error. But
this lack of proper error code requires the automation tools to go through
an additional hoop to validate the syntax.
Signed-off-by: Dinesh G Dutt <ddutt@cumulusnetworks.com>
Issue (related to CM-7615): 1. CM-7615: There is mismatch in the client name between ptm display of client BFD sessions and the zebra logs. For example, if bgpd added BFD session, zebra logs will show the client as “bgp” but the ptm display will show it as “quagga”
2. Bigger problem is when 2 clients (for example OSPF and BGP) from Quagga register for same BFD session and only one client de-registers the BFD session. This results in BFD session deletion from PTM even though other client still has the BFD registration.
Root Cause: Even though BGP, OSPF and OSPF6 are 3 different clients from Quagga that are trying to register/deregister BFD sessions with PTM, all 3 are represented as one client “quagga” from zebra. This makes it hard for PTM/BFD to distinguish between all three when BFD peer registration/deregistration happens from the clients.
Fix: Send the actual client name bgp, ospf or ospf6 from zebra with BFD reg/dereg messages instead of one unified client name “quagga”
CM-7773: BFD sessions are not getting cleaned from PTM even though no BGP peering exists in Quagga.
Root Cause: PTM cleans up stale BFD sessions from a client when it finds a change in seq id advertised by the client. But, if PTM never detects a change in the seq id then the stale BFD sessions never get cleaned up. The test restarts the quagga without saving the configuration, which results in no BGP peering. No BGP peers are registered with PTM after restart and PTM does not detect a client seq id change resulting in stale BFD sessions.
Fix: New client registration message was added in PTM. Every client that is interested in BFD monitoring will register with PTM with the client seq id. Client will register with a different seq id (typically pid) every time it restarts. This will help in detecting the change in seq id and cleanup of stale BFD sessions for a client.
Code Changes: To support the new client registration message following changes have been made
- Added support for client registration messaging in zebra for sending messages to PTM.
- Added support for client registration messaging between zebra and clients (BGP, OSPF and OSPF6) in BFD library.
- Expanded the reg/de reg peer messaging between zebra and clients to support client specific seq id to distinguish between multiple clients registering for BFD peer rather than one “quagga” client.
- Changes in bgpd, ospfd and ospf6d to send client registrations at the time of daemon initialization and on receiving BFD peer replay message.
vivek [Wed, 9 Mar 2016 03:39:38 +0000 (03:39 +0000)]
BGP: Update commands for VRF support
Ensure commands dealing with update-groups and peer-groups support VRFs.
Also implement a new command "show bgp vrfs" to show summary information of
all configured VRFs. Some additional code cleanup in this area.
radhika [Tue, 8 Mar 2016 13:10:56 +0000 (05:10 -0800)]
Zebra and bgpd: VRF support for BFD
Following changes have been done to support VRF for BFD in zebra and bgpd.
- Pass the correct VRF value from bgpd to zebra for reg and dereg of BFD destinations.
- Send the non-default vrf name in reg/dereg messages of multihop destination to BFD/PTM from zebra.
Donald Sharp [Fri, 4 Mar 2016 06:28:29 +0000 (06:28 +0000)]
lib: Add ability to use poll() instead of select
This patch originated w/ Hannes Hofer <hhofer@barracuda.com>.
I've taken the patch fixed some bugs and reworked the code
to allow both poll and select to be choosen at compile time.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Fri, 4 Mar 2016 03:52:12 +0000 (03:52 +0000)]
lib: Refactore thread_process_fd
thread_process_fd is looping over the read and write
fd's separately. There is no need to do this individually.
loop over both the read and write fdset's at the same time.
This will improve select processing performance, especially
for large data sets.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
vivek [Wed, 2 Mar 2016 07:40:14 +0000 (07:40 +0000)]
BGP: Handle unknown interface at delete
When BGP deals with interfaces at a VRF-level, it may get an interface delete
for a VRF which it has just de-registered, so it may not be able to locate
the interface. This is no longer an error, so handle this in the message
processing.
vivek [Mon, 29 Feb 2016 18:04:29 +0000 (18:04 +0000)]
BGP: Unnumbered peering in a VRF
Code changes to make unnumbered peering work in a VRF. The changes have
to do with locating the interface in the correct VRF (in order to look for
neighbor address) in the case of outgoing connections and when specifying
source address as well as fetching the correct instance for an incoming
connection based on reading the device the socket is bound to (the multi-vrf
socket option in the kernel).
Additionally, for IPv4 unnumbered peering in a VRF (based on /30 or /31
addresses), bind to the VRF rather than the interface.
Don Slice [Sun, 28 Feb 2016 22:03:27 +0000 (22:03 +0000)]
Zebra: Move VRF keyword in show ip route commands
To make the syntax of the "show ip route" vrf commands more closely align with the bgp variety,
moved the vrf forward in the command. In other words, show ip route 10.1.1.1/32 vrf green became
show ip route vrf green 10.0.0.1/32. Also added a couple of missing show vrf commands (ipv4 and
ipv6 tags).
Ticket: CM-9114 Signed-off-by: Don Slice Reviewed-by: Donald Sharp
vivek [Fri, 26 Feb 2016 19:13:34 +0000 (19:13 +0000)]
Zebra: Fix static NHT to work properly in a VRF
Implement VRF support for static nexthop resolution (NHT). This is
achieved by ensuring the correct VRF is passed as a parameter to
the NHT functions and is stored in the registered nexthop data
structure.
vivek [Thu, 25 Feb 2016 19:44:28 +0000 (19:44 +0000)]
Zebra: Fix neighbor address notification to clients
This problem was fixed as part of implementation of VRF change semantics
for an interface, though it is not directly related. The issue here
was that neighbor addresses learnt on an interface were being informed
to clients even though the clients may not have learnt of the interface.
Fixed by introducing the correct checks.
Signed-off-by: Vivek Venkatraman <vivek@cumulusnetworks.com> Reviewed-by: Donald Sharp <sharpd@cumulusnetworks.com> Reviewed-by: Don Slice <dslice@cumulusnetworks.com>
Ticket: CM-9527
Reviewed By: CCR-4174
Testing Done: Manual tests of various scenarios
vivek [Thu, 25 Feb 2016 19:30:53 +0000 (19:30 +0000)]
Quagga: Implement VRF change semantics for an interface
Implement VRF change semantics for an interface to be invoked
when an interface is moved from one VRF (e.g., the Default) to
another. This includes the message definition as well as updating,
deleting or adding the interface from clients, depending on their
interest in the VRFs (old and new). Also handle replay of the
addresses on the interface upon VRF change, if required.
Signed-off-by: Vivek Venkatraman <vivek@cumulusnetworks.com> Reviewed-by: Donald Sharp <sharpd@cumulusnetworks.com> Reviewed-by: Don Slice <dslice@cumulusnetworks.com>
Ticket: CM-9527
Reviewed By: CCR-4174
Testing Done: Manual tests of various scenarios
vivek [Tue, 23 Feb 2016 23:55:06 +0000 (23:55 +0000)]
BGP: Fix interface list upon instance creation/deletion
The BGP instance cleanup was deleting interfaces in that instance after
prior fixes, but this ended up deleting the interface list header which
was not being re-created. Added code to re-create this at the time an
instance is created.
Signed-off-by: Vivek Venkatraman <vivek@cumulusnetworks.com>
Ticket: CM-9466
Reviewed By: CCR-4164
Testing Done: Manual and verified failed test
Donald Sharp [Tue, 23 Feb 2016 20:06:59 +0000 (15:06 -0500)]
debian: Fixup removal of .pid and .vty files
The <daemon>.pid and <daemon>.vty files were not being
removed on shutdown. This was causing issues w/
logrotate becaue it depends on pid files being correct
about what is running in order to not error out.
Fixed some additional debugs accidently left in the quagga
script.
Ticket: CM-9293 Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com> Reviewed-by: Daniel Walton <dwalton@cumulusnetworks.com>
sharpd [Mon, 22 Feb 2016 21:22:16 +0000 (13:22 -0800)]
debian: Revamp startup again
Remove quagga.service, it was a bad idea culminating in a
series of mistakes.
Replaced with /usr/lib/quagga/quagga script.
Use this script to start/stop quagga as a whole.
Ticket: CM-9445 Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com> Reviewed-by: Daniel Walton <dwalton@cumulusnetworks.com> Reviewed-by: Dave Olson <olson@cumulusnetworks.com>
projects / matthieu / frr.git / log