Christian Franke [Mon, 28 Apr 2014 08:04:59 +0000 (08:04 +0000)]
ospfd: clarify indentation and comments in ospf_lsa_maxage_delete
Signed-off-by: Christian Franke <chris@opensourcerouting.org> Acked-by: Feng Lu <lu.feng@6wind.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Christian Franke [Mon, 28 Apr 2014 08:04:58 +0000 (08:04 +0000)]
ospfd: fix a reference counting issue introduced by commit 4de8bf0011
Commit 4de8bf0011 added a return statement to a loop iterating over a
route_table. That loop uses route_top/route_next.
As commit 4de8bf0011 failed to add a route_node_unlock before the
return statement, a reference is leaked when this codepath is taken.
Signed-off-by: Christian Franke <chris@opensourcerouting.org> Acked-by: Feng Lu <lu.feng@6wind.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Lu Feng [Fri, 21 Feb 2014 08:11:15 +0000 (08:11 +0000)]
ospfd: check the LS-Ack's recentness instead of only comparing the #seq
ISSUE:
RTA(DR)-----(BackupDR)RTB
RTA advertises a new LSA to RTB, and then flushes the LSA (with setting
the age of the LSA to MaxAge) within 1 second. Then the LSA is deleted
from RTA, while it still exists on RTB with non-MaxAge and can not be
flushed any more.
FIX:
The reason can be explained in below:
a) RTA -- new LSA, #seq=1 --> RTB (RTB will send the delayed Ack in 1s)
b) RTA -- MaxAge LSA, #seq=1 --> RTB (RTB discards it for the MIN_LS_ARRIVAL)
c) RTA <-- Ack for the new LSA, #seq=1 -- RTB (RTA accepts it)
In the step c), ospf_ls_ack() compares the #seq of the entry in the LS-Ack
with that of local MaxAge LSA. The #seq of the two entries are same. So
the Ack is accepted and the LSA is removed from the retransmit-list (while
it should not).
In RFC2328, section 13.7. Receiving link state acknowledgments:
o If the acknowledgment is for the same instance that is <==
contained on the list, remove the item from the list and
examine the next acknowledgment. Otherwise:
where "same instance" does not mean the same #seq. We must call
ospf_lsa_more_recent() to check whether the two instances are same.
Signed-off-by: Feng Lu <lu.feng@6wind.com> Signed-off-by: Christian Franke <chris@opensourcerouting.org> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Christian Franke [Thu, 11 Jul 2013 07:56:29 +0000 (07:56 +0000)]
ospfd: don't allow to set network type on loopback interfaces
OSPFd only allocates some stub information for loopback interfaces.
This causes a crash when the interface state machine is started on
that interface by configuring a different network type.
It doesn't make much sense to configure the network type of a loopback
interface, therefore, just forbid it.
See also bugzilla #670.
Signed-off-by: Christian Franke <chris@opensourcerouting.org> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Christian Franke [Wed, 10 Jul 2013 11:56:18 +0000 (11:56 +0000)]
ospfd: run DR election prior to LSA regeneration
The results from DR election are used when constructing router-LSAs.
E.g. they are used to determine whether a broadcast interface should
be added with a link type of stub interface or transit interface.
Therefore, we should run DR election prior before regenerating LSAs.
Signed-off-by: Christian Franke <chris@opensourcerouting.org> Acked-by: Feng Lu <lu.feng@6wind.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Ken Williams [Tue, 15 Apr 2014 02:23:11 +0000 (02:23 +0000)]
zebra: Change the mechanism for comparing route ID's.
The current format uses subtraction of two ints. Unfortunately, the
subtraction method does not work for all combinations of numbers.
For example, the with numbers represented by 10.x.x.x and 192.x.x.x,
10.x.x.x - 192.x.x.x will yield a very large positive number indicating
that 10.x.x.x is larger.
Signed-off-by: Ken Williams <kenneth.j.williams@intel.com> Acked-by: Feng Lu <lu.feng@6wind.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
David Lamparter [Tue, 1 Apr 2014 17:34:55 +0000 (19:34 +0200)]
tests: fix build & disable testcommands
The perils of having tests, the test wasn't tested thoroughly enough...
Fixup various automake problems, and then disable it since it depends on
configure parameters in its current version.
For 0.99.24 we can ship a static copy of vtysh_cmd.c and have it
reenabled.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Brett Ciphery [Thu, 3 Oct 2013 13:48:54 +0000 (13:48 +0000)]
zebra: set metric for directly connected routes via netlink to 0
a value of 1 is hard coded for the metric field, much like the
ifconfig utility it may have roots in. in order to be in line
with the metric used in the linux kernel itself, we switch this
to 0.
Signed-off-by: Brett Ciphery <brett.ciphery@windriver.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
David Lamparter [Thu, 1 Aug 2013 08:12:25 +0000 (08:12 +0000)]
build: remove now-useless --{en, dis}able-tests
commit d771020 "don't build tests unless make check is run" has made the
--{en,dis}able-tests switch completely useless. The differentiation is
now made by running "make check" or not doing so. The only effect of
the switch is an "empty" excursion of make into the tests/ directory.
(well, and it turns "make check" useless from the main directory if
--disable-tests is given, which I don't think makes sense either)
Acked-by: Greg Troxel <gdt@ir.bbn.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
David Lamparter [Thu, 1 Aug 2013 07:43:36 +0000 (07:43 +0000)]
build: improve backtrace support/detection
libexecinfo is used to provide backtrace() on *BSD. The API is
compatible with glibc's, so this is a "free" improvement.
To improve configure behaviour, the following configure options are
modified/introduced:
* --enable-gcc-rdynamic now defaults to "on" if the compiler is gcc.
(I sadly wasn't able to find any documentation on the availability of
this option for llvm, even though at least the version I have
installed does support it)
* --enable-backtrace has been added. This behaves as off/auto/on
switch, i.e. giving either {dis,en}able will result in the requested
behaviour (or an error if support wasn't found)
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
lib: fix possible off-by-one in stream_put_prefix()
The STREAM_WRITEABLE() call only checks if there is space for the
prefix in the stream but does not account for the prefixlen. The
stream_putc() call reduces available space by 1 and we can end
copying one byte too much and with "endp" off by one if we are
near the buffer end.
Instead of moving the stream_putc() call before STREAM_WRITEABLE(),
we check before hand for the required space, and open-code it. This
avoids a function call and verifying again the stream buffer.
Signed-off-by: Jorge Boncompte [DTI2] <jorge@dti2.net> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Fixes commit 97c84db00c (hash: dynamically grow hash table). The
no_expand field it's not initialized and could make the hashes to
never grow the table index.
Signed-off-by: Jorge Boncompte [DTI2] <jorge@dti2.net> Acked-by: Feng Lu <lu.feng@6wind.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
837d16c ("*: use array_size() helper macro") accidentally changed one of
the expressions in the backtrace code, which afterwards read:
zlog_backtrace_sigsafe():
if (((size = backtrace(array,array_size(array)) <= 0) ||
which boils down to: (size = backtrace(...) <= 0). The braces were
intended to go: (size = backtrace(...)) <= 0.
All in all, this makes a nice textbook example of the original author
being too clever (trying to save a single line by pulling the assignment
into the condition) and the next person touching the code tripping over
it...
This code occurs another time in zlog_backtrace() where it is actually
correct. Pulling out the assignment nonetheless. Also, new test
program.
Cc: Andrew J. Schorr <ajschorr@alumni.princeton.edu> Cc: Balaji.G <balajig81@gmail.com> Cc: Scott Feldman <sfeldma@cumulusnetworks.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
This command allows the user to change to default reference bandwidth
for cost calculations. The default value is 100 Mbps. With a default
bandwidth of 10 MBps, the default cost becomes 10. Those values are
consistent with OSPFv2.
[DL: resolved conflicts in vty command additions & docs] Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Vincent Bernat [Wed, 24 Oct 2012 14:45:53 +0000 (14:45 +0000)]
ospf6d: compute interface cost from its bandwidth
Previously, the interface cost was a fixed default value that a user
was allowed to change with "ipv6 ospf6 cost XX". As what is done with
OSPFv2, we change this behaviour to compute the default interface cost
from the interface bandwidth.
The user can still force a cost with "ipv6 ospf6 cost XX". He can get
the default value with "no ipv6 ospf6 cost". Moreover, the default
cost value was 1. The cost is now computed from the bandwidth and a
default reference bandwidth of 100 MBps (as for OSPFv2). Since the
default bandwidth for an interface is 10 MBps, the "default" cost
becomes 10 instead of 1.
[DL: resolved conflict in ospf6d/ospf6_interface.c] Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Do not send ospf6d hellos on fresh created interfaces without
configuration (ie. no vlan configured). Ospf6d use ip6_mtu, if it's not
initalised, Ospf6d tries to alloc indefinite size of memory.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
David Lamparter [Sat, 23 Nov 2013 15:55:36 +0000 (16:55 +0100)]
ospf6d: fix interface_down() stopping hellos
interface_down() - which also handles some nonobvious cases like the
last linklocal address disappearing - was previously not cancelling the
hello timer. This had the effect of multiple such threads ending up
scheduled after a quick down-up cycle.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
David Lamparter [Mon, 9 Dec 2013 15:48:55 +0000 (16:48 +0100)]
ospf6d: clear lsa->refresh before clearing LSAs
This fixes a SEGV when we receive a higher-SeqNum copy of a LSA that we
originated ourselves, before a reboot of ospf6d. We create a new
copy of the LSA to resync the SeqNum, but then half an hour later
the old refresh thread ends up trying to refresh the free()'d old LSA.
The SEGV is triggered by this chain:
ospf6_lsdb_maxage_remover
-> thread_execute(ospf6_lsa_refresh)
-> old->refresh = NULL
Which assumes that old->refresh is no longer scheduled to run, as it is
being run right there. But the thread_execute() doesn't know about
old->refresh and therefore didn't remove it.
(Found by ANVL OSPFV3-16.17)
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Christian Franke [Thu, 13 Dec 2012 15:11:16 +0000 (16:11 +0100)]
ospf6d: handle missing link local address more gracefully
ospf6 can't run on an interface without a link local address.
Don't start the state machine when an interface comes up without
such an ip and bring it up later, when a usable link local
address is added.
Signed-off-by: Christian Franke <chris@opensourcerouting.org> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Christian Franke [Wed, 27 Nov 2013 17:06:15 +0000 (17:06 +0000)]
zebra: log routes w/o gateway in rib_delete_ipv4
Signed-off-by: Christian Franke <chris@opensourcerouting.org> Acked-by: Feng Lu <lu.feng@6wind.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
BGP: While advertising v4 prefixes over a v6 session, set the correct v4 nexthop.
ISSUE:
For an IPv6 peer, BGPd sets the local router-id as the next-hop's v4 address.
This is incorrect as the router-id may not be a valid next-hop to be included
in UPDATEs that contain v4 prefixes.
PATCH:
Set the v4 address in the next-hop field based on the interface that the
peering is on (directly connected interface or loopback).
Signed-off-by: Pradosh Mohapatra <pmohapat at cumulusnetworks.com> Reviewed-by: Scott Feldman <sfeldma at cumulusnetworks.com> Acked-by: Feng Lu <lu.feng@6wind.com>
Dinesh Dutt [Mon, 26 Aug 2013 03:40:37 +0000 (03:40 +0000)]
ospf6d: fix integrated config
With integrated config, the line defining an interface to be p2p is defined
before assigning the interface to an area. When during the interface
transition, there is an attempt to generate a router LSA, the process
crashes. This fix addresses that.
Signed-off-by: Dinesh G Dutt <ddutt at cumulusnetworks.com> Reviewed-by: Pradosh Mohapatra <pmohapat at cumulusnetworks.com> Reviewed-by: Scott Feldman <sfeldma at cumulusnetworks.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Dinesh Dutt [Mon, 26 Aug 2013 03:40:23 +0000 (03:40 +0000)]
ospf6d: add SPF logs, statistics, and display of SPF parameters
Signed-off-by: Pradosh Mohapatra <pmohapat at cumulusnetworks.com> Reviewed-by: Scott Feldman <sfeldma at cumulusnetworks.com>
[DL: adapted to rebase / readded randomly lost line]
[DL: killed timeval_subtract] Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Dinesh Dutt [Mon, 26 Aug 2013 03:40:16 +0000 (03:40 +0000)]
ospf6d: add 'log-adjacency-changes [detail]'
Similar to OSPFv2, add support for 'log-adjacency-changes [detail]' to log
changes in adjacency state of ospfv3 neighbors.
Signed-off-by: Pradosh Mohapatra <pmohapat at cumulusnetworks.com> Reviewed-by: Dinesh G Dutt <ddutt at cumulusnetworks.com> Reviewed-by: Scott Feldman <sfeldma at cumulusnetworks.com> Reviewed-by: Shrijeet Mukherjee <shm at cumulusnetworks.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Dinesh Dutt [Sun, 25 Aug 2013 03:03:39 +0000 (03:03 +0000)]
ospf6d: don't send LSAck on an interface if we've flooded the LSU out that i/f
If we flood an LSA back out the same interface we received it from, don't send
an LSAck out that interface for that LSA. This is as per RFC 2328, section 13.5
Signed-off-by: Dinesh G Dutt <ddutt at cumulusnetworks.com> Reviewed-by: Pradosh Mohapatra <pmohapat at cumulusnetworks.com> Reviewed-by: Scott Feldman <sfeldma at cumulusnetworks.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Dinesh Dutt [Sun, 25 Aug 2013 03:03:31 +0000 (03:03 +0000)]
ospf6d: handle Prefix and Router Options bits correctly
Ensure that prefixes with the NU/LA bit set do not get added to the routing
table. Ensure that routers with the V6/R bit set do not get added as transit
routes.
Signed-off-by: Dinesh Dutt <ddutt at cumulusnetworks.com>
[DL: adjust to rebase] Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Dinesh Dutt [Sun, 25 Aug 2013 03:03:23 +0000 (03:03 +0000)]
ospf6d: add LSA payload to show summary output
Unlike OSPFv2, the LSID of an LSA isn't sufficient to know what the contents
of the LSA are. Its useful for debugging and basic eyeball tests to see the
contents of the LSA in the simple tabular format of "show ipv6 ospf6 database".
This patch adds that output to the command. It replaces the existing fields of
"duration, Chksum and Length" with a single field called Payload which is
dependent on the LSA type. For Inter-Area Prefix, Intra-Area Prefix and
AS-External LSAs, this will be the advertised prefix/prefix length, for Router
LSAs, it is RtrID/IfID etc.
Signed-off-by: Dinesh G Dutt <ddutt at cumulusnetworks.com> Reviewed-by: Pradosh Mohapatra <pmohapat at cumulusnetworks.com> Reviewed-by: Scott Feldman <sfeldma at cumulusnetworks.com>
[DL: rebase fix, line disappeared in ospf6_abr_originate_summary_to_area] Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Dinesh Dutt [Sun, 25 Aug 2013 03:03:15 +0000 (03:03 +0000)]
ospf6d: increment dbdesc seqnum on SeqNumberMismatch/BadLsReq event
As per RFC 2328, section 10.3, if the neighbor state machine reaches
SeqNumberMismatch state when the NSM is in state Exchange or greater,
"router increments the DD sequence number in the neighbor data structure,
declares itself master (sets the master/slave bit to master), and starts
sending Database Description Packets, with the initialize (I), more (M)
and master (MS) bits set.".
The existing code doesn't increment the DD SeqNum. This patch fixes that.
Signed-off-by: Dinesh G Dutt <ddutt at cumulusnetworks.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Dinesh Dutt [Sun, 25 Aug 2013 03:03:07 +0000 (03:03 +0000)]
ospf6d: don't change SeqNum on initial DbDesc message
The code was setting the DbDesc seqnum to the current seconds value of time if
this was the initial DbDesc. However, the same code was getting invoked if the
initial DbDesc was retransmitted. Caused ANVL test XX.XX to fail.
Signed-off-by: Dinesh G Dutt <ddutt at cumulusnetworks.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Dinesh Dutt [Sat, 24 Aug 2013 08:00:44 +0000 (08:00 +0000)]
ospf6d: handle seqnum wrapping
Signed-off-by: Shrijeet Mukherjee <shm at cumulusnetworks.com> Reviewed-by: Dinesh G Dutt <ddutt at cumulusnetworks.com>
[DL: mechanical adjust to rebase]
[DL: adjust to removal of timerwheel code] Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Dinesh Dutt [Sat, 24 Aug 2013 08:00:37 +0000 (08:00 +0000)]
ospf6d: add overload support
OSPFv3: Support setting/clearing overload bit on router
It is sometimes necessary for a router to gracefully remove itself from
the SPF tree i.e. it cannot act as a transit router. It does this by
setting the overload bit in the router LSA. This patch adds support for
enabling/disabling the overload bit.
Signed-off-by: Dinesh G Dutt <ddutt at cumulusnetworks.com> Reviewed-by: Pradosh Mohapatra <pmohapat at cumulusnetworks.com>
[DL: patch applied with fuzz] Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Dinesh Dutt [Sat, 24 Aug 2013 07:55:57 +0000 (07:55 +0000)]
ospf6d: fix linkdown handling
Ensure OSPFv3 handles link down even correctly.
OSPFv3 checks only the administrative status of a link instead of its
operative status. This prevents it up from detecting a real link down
event and reacting appropriately. Only protocol timer timeouts make it
detect a link down eventually. This patch makes it look for the operative
status of a link instead of admin status.
Signed-off-by: Dinesh G Dutt <ddutt at cumulusnetworks.com> Reviewed-by: James Li <jli at cumulusnetworks.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Dinesh Dutt [Sat, 24 Aug 2013 07:55:50 +0000 (07:55 +0000)]
ospf6d: correct nexthop through directly connected networks
This is implementing this part of RFC 2328:
This is the "first case", see below,
16.1.1. The next hop calculation
...
If there is at least one intervening router in the current
shortest path between the destination and the root, the
destination simply inherits the set of next hops from the
parent. Otherwise, there are two cases. In the first case,
the parent vertex is the root (the calculating router
itself). This means that the destination is either a
directly connected network or directly connected router.
The outgoing interface in this case is simply the OSPF
interface connecting to the destination network/router.
...
The current Quagga code always tries to inherit the nexthop from
a parent vertex, but does not cover the case that the destination
is directly connected to the root vertex. This patch adds support
for that case.
Signed-off-by: James Li <jli at cumulusnetworks.com> Reviewed-by: Dinesh G Dutt <ddutt at cumulusnetworks.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Dinesh Dutt [Sat, 24 Aug 2013 07:55:43 +0000 (07:55 +0000)]
ospf6d: don't suppress empty router LSA
Currently in OSPFv3 implementation, if all the interfaces are down/loopback
or are without any full adjacencies, the router LSA is suppressed. So for
a router with only stub networks, no router LSA is generated. However,
intra-prefix LSAs are generated for the stub networks and these intra-prefix
LSAs will reference the router LSA. So the router LSA really should not be
suppressed. It needs to be generated to be the starting vertex for SPF
w.r.t the stub networks.
Signed-off-by: James Li <jli at cumulusnetworks.com> Reviewed-by: Dinesh G Dutt <ddutt at cumulusnetworks.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Dinesh Dutt [Sat, 24 Aug 2013 07:55:36 +0000 (07:55 +0000)]
ospf6d: turn off expensive debugging
OSPF6 has very expensive LSDB and route debug on by default. This needs to be
turned off for scaled performance.
Signed-off-by: James Li <jli at cumulusnetworks.com> Reviewed-by: Dinesh G Dutt <ddutt at cumulusnetworks.com>Summary: Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Dinesh Dutt [Sat, 24 Aug 2013 07:55:14 +0000 (07:55 +0000)]
ospf6d: convert LSDB to use route_node, improve performance
the performance in the presence of a large number of LSAs. I also verified
that the performance improvements stayed in the presence of a large number
of peers (I tested upto 128).
Signed-off-by: Dinesh G Dutt <ddutt at cumulusnetworks.com> Reviewed-by: Scott Feldman <sfeldma at cumulusnetworks.com>Summary: Reviewed-by: James Li <jli at cumulusnetworks.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Dinesh Dutt [Sat, 24 Aug 2013 07:55:07 +0000 (07:55 +0000)]
ospf6d: fix neighbor state machine (faster lsdb sync, RFC compliance)
The OSPFv3 code doesn't do the following things right as part of an adjacency
bringup:
- Transmit DbDesc frames appropriately to ensure faster state transition to
Loading state
- Transmit LsReq frames when switching to exchange state and on receipt of
an LS update in Loading state
- Requesting LSAs multiple times in LsReq.
It currently uses retransmit timer expiry to send the LsReq and DbDesc frames
which significantly slows down large lsdb syncs.
Signed-off-by: Dinesh G Dutt <ddutt at cumulusnetworks.com> Reviewed-by: Scott Feldman <sfeldma at cumulusnetworks.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Dinesh Dutt [Sat, 24 Aug 2013 07:55:00 +0000 (07:55 +0000)]
ospf6d: add p2p interface support
Signed-off-by: Dinesh G Dutt <ddutt at cumulusnetworks.com> Signed-off-by: Ayan Banerjee <ayabaner at gmail.com> Reviewed-by: Scott Feldman <sfeldma at cumulusnetworks.com> Reviewed-by: James Li <jli at cumulusnetworks.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Dinesh Dutt [Sat, 24 Aug 2013 07:54:50 +0000 (07:54 +0000)]
ospf6d: fix various bugs in installing and flooding LSAs
Signed-off-by: Dinesh G Dutt <ddutt at cumulusnetworks.com> Reviewed-by: Pradosh Mohapatra <pmohapat at cumulusnetworks.com> Reviewed-by: Scott Feldman <sfeldma at cumulusnetworks.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Dinesh Dutt [Sat, 24 Aug 2013 07:54:41 +0000 (07:54 +0000)]
ospf6d: add more details to show ipv6 ospf6 data
Specifically, it displays the flags, lock and retransmission count fields.
Signed-off-by: Dinesh G Dutt <ddutt at cumulusnetworks.com> Reviewed-by: JR Rivers <jrrivers at cumulusnetworks.com> Reviewed-by: Scott Feldman <sfeldma at cumulusnetworks.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Dinesh Dutt [Sat, 24 Aug 2013 07:54:31 +0000 (07:54 +0000)]
ospf6d: enable the commands to support detailed debugging of LSAs.
The code for the commands exists, but it hasn't been defined in the
definition of the command itself. This patch fixes that.
Signed-off-by: Dinesh G Dutt <ddutt at cumulusnetworks.com> Reviewed-by: Scott Feldman <sfeldma at cumulusnetworks.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Dinesh Dutt [Sat, 24 Aug 2013 07:54:24 +0000 (07:54 +0000)]
ospf6d: remove older version of LSA from neigbor retx list before prematurely aging it.
See comment in code for very detailed issue and fix.
Signed-off-by: Dinesh G Dutt <ddutt at cumulusnetworks.com> Reviewed-by: Scott Feldman <sfeldma at cumulusnetworks.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Dinesh Dutt [Sat, 24 Aug 2013 07:54:17 +0000 (07:54 +0000)]
ospf6d: reinvoke MaxAge remover thread if not all MaxAge LSAs were flushed.
MaxAge LSAs are being flushed out only on an event, unlike OSPFv2 where they're flushed out
periodically. This causes certain LSAs to hang around forever, never getting flushed out.
This patch makes flushing out MaxAge LSAs periodic, retriggered after a certain period if
not all MaxAge LSAs were flushed out.
Signed-off-by: Dinesh G Dutt <ddutt at cumulusnetworks.com> Reviewed-by: Scott Feldman <sfeldma at cumulusnetworks.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Dinesh Dutt [Sat, 24 Aug 2013 07:54:09 +0000 (07:54 +0000)]
ospf6d: schedule SPF to run on events rather than directly on each event.
OSPV3 SPF triggers on every SPF-able event instead of using timers the way
OSPFv2 does. This patch makes SPF be triggered/throttled similar to OSPFv2.
It adds a command to quagga identical to the OSPFv2 equivalent to configure
these timers.
Summary:
Signed-off-by: Dinesh Dutt <ddutt at cumulusnetworks.com> Reviewed-by: Scott Feldman <sfeldma at cumulusnetworks.com>
[DL: removed reference to oa->ts_spf for rebase]
[DL: killed timeval_subtract] Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Dinesh Dutt [Wed, 23 Oct 2013 00:42:18 +0000 (17:42 -0700)]
ospf6d/ospfd: refactor some common defines
Rearranging common defs and structures for use betweeen OSPFv2 and
OSPFv3. Created a new file called libospf.h under lib directory to
hold defines that are common between OSPFv2 and OSPFv3 code bases.
[DL: split of defines refactor from timer refactor] Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Change the datastructure for recursive routes. This brings the following
benefits:
By using struct nexthop also to store nexthops obtained by recursive
resolution, we can get rid of quite a bit of code duplication in the fib
management. (rt_netlink, rt_socket, ...)
With the new datastructure we can make use of all available paths when
recursive routes are resolved with multipath routes.
Signed-off-by: Christian Franke <chris@opensourcerouting.org> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Christian Franke [Thu, 24 Jan 2013 14:04:49 +0000 (14:04 +0000)]
zebra: don't change connected state from zebra/interface.c
Try to avoid changing connected state from zebra/interface.c as this
means making assumptions about kernel behaviour which may be or may
become wrong. This state should rather be updated by events from the
kernel.
Signed-off-by: Christian Franke <chris@opensourcerouting.org> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Christian Franke [Thu, 24 Jan 2013 14:04:48 +0000 (14:04 +0000)]
zebra: add ZEBRA_IFC_QUEUED to keep track of kernel state
As there are timeframes when we don't get a notification from the kernel
about new addresses. (e.g. while Linux performs IPv6 DAD), we need to
have some information whether an address has been sent to the kernel or
not.
One case where this is relevant would be a user adding an IPv6 address,
but deleting it before DAD has been complete. With the next patch which
removes some (ill assuming) synchronous parts in address setup,
ipv6_address_uninstall would not know whether or not it has to actually
delete the prefix from the kernel. Resolving these windows where we lack
information is what the flag ZEBRA_IFC_QUEUED is intended for.
Signed-off-by: Christian Franke <chris@opensourcerouting.org> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Christian Franke [Thu, 24 Jan 2013 14:04:47 +0000 (14:04 +0000)]
zebra: warn if advertising connected with _REAL unset
The implementation in zebra and the zclient protocol allow to communicate
addresses to clients which are not yet in the kernel.
This is usually not done and most clients seem to expect an address to be
configured in the kernel when they receive it. Therefore, it seems
reasonable to issue a warning when advertising an address to the clients
that is not yet in the kernel.
Signed-off-by: Christian Franke <chris@opensourcerouting.org> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Christian Franke [Thu, 24 Jan 2013 14:04:46 +0000 (14:04 +0000)]
zebra: consolidate connected_implicit_withdraw
connected_implicit_withdraw is used at two places and followed by exactly
the same code. Move that code into connected_implicit_withdraw and give
that function a more descriptive name.
Signed-off-by: Christian Franke <chris@opensourcerouting.org> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Christian Franke [Thu, 24 Jan 2013 14:04:43 +0000 (14:04 +0000)]
zebra: process information about new addresses (BZ#486)
Because of a change of semantics in the Linux kernel, information
about changes made by zebra itself was not considered for updates.
This change should fix this by accounting for the new semantics.
It is based on a patch by lich posted to the bugzilla #486
Signed-off-by: Christian Franke <chris@opensourcerouting.org> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
David Lamparter [Fri, 2 Aug 2013 07:27:53 +0000 (07:27 +0000)]
ospfd: protect vs. VU#229804 (malformed Router-LSA)
VU#229804 reports that, by injecting Router LSAs with the Advertising
Router ID different from the Link State ID, OSPF implementations can be
tricked into retaining and using invalid information.
Quagga is not vulnerable to this because it looks up Router LSAs by
(Router-ID, LS-ID) pair. The relevant code is in ospf_lsa.c l.3140.
Note the double "id" parameter at the end.
Still, we can provide an improvement here by discarding such malformed
LSAs and providing a warning to the administrator. While we cannot
prevent such malformed LSAs from entering the OSPF domain, we can
certainly try to limit their distribution.
cf. http://www.kb.cert.org/vuls/id/229804 for the vulnerability report.
This issue is a specification issue in the OSPF protocol that was
discovered by Dr. Gabi Nakibly.
Reported-by: CERT Coordination Center <cert@cert.org> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Christian Franke [Sat, 25 May 2013 14:01:35 +0000 (14:01 +0000)]
bgpd, zebra: Support NEXTHOP_IPV4_IFINDEX in nexthop_lookup api
Since commit ba281d3d040, ospfd uses NEXTHOP_IPV4_IFINDEX
routes. The API between zebra and bgpd which is used to query
nexthops for recursive routes did not support this nexthop
type and therefore, ospf changes (or any other IGP changes
which use NEXTHOP_IPV4_IFINDEX) would never trigger any
recursive route update.
Signed-off-by: Christian Franke <chris@opensourcerouting.org> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Christian Franke [Thu, 11 Apr 2013 08:24:30 +0000 (08:24 +0000)]
bgpd: honor PEER_FLAG_DISABLE_CONNECTED_CHECK on bgp_scan
When neighbor disable-connected-check was used, bgpd would accept routes
with unconnected nexthop as indended, however those routes would be
invalidated on the next bgp_scan run as that function did not know about
disable-connected-check.
Signed-off-by: Christian Franke <chris@opensourcerouting.org> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
rl_completion_append_character is reset to space every time the completion
function is entered. So we would have to set it to '\0' every time
new_completion() is called. We can make this conditional and avoid using
rl_pending_input.
This code path is most relevant when there are multiple completion
matches with the same prefix, e.g. in router bgp context: "neighbor 1.2.3.4
pa"<ssive|ssword> would have been completed to "neighbor 1.2.3.4 pass "
instead of "neighbor 1.2.3.4 pass".
Signed-off-by: Christian Franke <chris@opensourcerouting.org> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
David Lamparter [Wed, 31 Jul 2013 12:39:41 +0000 (14:39 +0200)]
bgpd: write NOTIFY non-blockingly
switching the socket to blocking may well block the entire bgpd process
for some time if our peer is overloaded (which may well be the original
reason for the NOTIFY)
The error handling is slightly different from the previous ML discussion
on this; buffer exhaustion isn't technically a fatal TCP error, and we
should probably proceed with FSM actions according to a sent NOTIFY
(adjusting timers) even if we didn't manage to get the NOTIFY onto the
wire.
Acked-by: Leonid Rosenboim <lrosenbo@wrs.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Rakesh Garimella [Mon, 11 Mar 2013 12:38:31 +0000 (12:38 +0000)]
bgpd: prevent double address delete on shutdown
bgp_interface_down() and bgp_exit() both proceed to delete the address
from bgpd's interface representation, so the second call gets a NULL
result from the hash lookup and subsequently crashes.
Signed-off-by: Rakesh Garimella <rakesh.garimella@sophos.com>
[reformatted] Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Leonid Rosenboim [Tue, 30 Jul 2013 18:14:25 +0000 (20:14 +0200)]
bgpd: stricter packet handling in OpenSent
Keepalives and updates are not expected in OpenSent, prior to receiving
the peer's open message. Terminate the session with the proper
notification.
From: Leonid Rosenboim <lrosenbo@wrs.com>
[split off FSM changes, some reordering & cleanup. read handling needs
to be separately addressed] Signed-off-by: David Lamparter <equinox@diac24.net>
David Lamparter [Tue, 30 Jul 2013 13:36:26 +0000 (15:36 +0200)]
lib: unconditionally include stddef.h
I've used offsetof() in the previous commit to paper over the security
problems in ospf_api.c. This blows the build on FreeBSD 7.0, missing
offsetof(). Let's add that to zebra's generally used includes.
stddef.h (and offsetof) is defined in C89 section 4.1.5 (and not
deprecated/removed by any later standard). If this causes problems, the
bug report should go against the host OS/compiler...
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
David Lamparter [Mon, 8 Jul 2013 21:05:28 +0000 (23:05 +0200)]
ospfd: CVE-2013-2236, stack overrun in apiserver
the OSPF API-server (exporting the LSDB and allowing announcement of
Opaque-LSAs) writes past the end of fixed on-stack buffers. This leads
to an exploitable stack overflow.
For this condition to occur, the following two conditions must be true:
- Quagga is configured with --enable-opaque-lsa
- ospfd is started with the "-a" command line option
If either of these does not hold, the relevant code is not executed and
the issue does not get triggered.
Since the issue occurs on receiving large LSAs (larger than 1488 bytes),
it is possible for this to happen during normal operation of a network.
In particular, if there is an OSPF router with a large number of
interfaces, the Router-LSA of that router may exceed 1488 bytes and
trigger this, leading to an ospfd crash.
For an attacker to exploit this, s/he must be able to inject valid LSAs
into the OSPF domain. Any best-practice protection measure (using
crypto authentication, restricting OSPF to internal interfaces, packet
filtering protocol 89, etc.) will prevent exploitation. On top of that,
remote (not on an OSPF-speaking network segment) attackers will have
difficulties bringing up the adjacency needed to inject a LSA.
This patch only performs minimal changes to remove the possibility of a
stack overrun. The OSPF API in general is quite ugly and needs a
rewrite.
The export statement is specific to GNU make and breaks the build
with BSD make. I couldn't observe any difference in behaviour
between having the export present and absent, therefore, just remove it.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
Christian Franke [Wed, 20 Feb 2013 10:00:54 +0000 (10:00 +0000)]
ospfd: fix flooding procedure
An ospf router should accept a new maxage LSA into its lsdb if it has any
neighbors in state Exchange or Loading. ospfd would however only account
for neighbors on the same interface which does not seem to be a valid
optimization.
Signed-off-by: Christian Franke <chris@opensourcerouting.org> Signed-off-by: Joachim Nilsson <troglobit@gmail.com> Signed-off-by: David Lamparter <equinox@diac24.net>
Christian Franke [Wed, 20 Feb 2013 10:00:52 +0000 (10:00 +0000)]
ospfd: make ospf_maxage_lsa_remover actually yield
ospf_maxage_lsa_remover whould check whether to yield,
but run on anyway.
Signed-off-by: Christian Franke <chris@opensourcerouting.org> Signed-off-by: Joachim Nilsson <troglobit@gmail.com> Signed-off-by: David Lamparter <equinox@diac24.net>
David Lamparter [Tue, 26 Feb 2013 15:21:20 +0000 (16:21 +0100)]
tests: add DejaGNU framework
DejaGNU seems to be the 'standard' GNU test framework (which by itself
doesn't say much), but it seems relatively usable and the "remote
system" capabilities might come in handy for virtualisation-based tests
for kernel interactions or something.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Christian Franke [Wed, 20 Mar 2013 15:28:46 +0000 (15:28 +0000)]
ospfd: restore nexthop IP for p2p interfaces
commit c81ee5c... "ospfd: Optimize and improve SPF nexthop calculation"
subtly changed semantics of routes calculated over pointopoint links by
removing the nexthop IP address and instead using an ifindex route.
This breaks calculation of AS-Ext routes with a forwarding address since
in ospf_ase_complete_direct_routes() this will be hit:
if (op->nexthop.s_addr == 0)
op->nexthop.s_addr = nexthop.s_addr;
thus turning the route unusable by having an invalid nexthop.
Fix by restoring the nexthop IP on routes over PtP links. This also
allows running multi-access (Ethernet) interfaces in PtP mode again.
This bug is a regression against 0.99.21 and only present in 0.99.22.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
[patch description and code comments rewritten] Acked-by: Joakim Tjernlund <Joakim.Tjernlund@transmode.se> Acked-by: James Li <jli@cumulusnetworks.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
projects / mirror / frr.git / log