Michal Sekletar [Fri, 16 May 2014 14:13:43 +0000 (14:13 +0000)]
zebra: raise the privileges before calling socket()
Because of recent changes when creating AF_NETLINK socket, kernel will
cache capabilities of the caller and if file descriptor is used or
otherwise handed to another process it will check that current user has
necessary capabilities to use the socket. Hence we need to ensure we
have necessary capabilities when creating the socket and at the time we
use the socket.
Milan Kocian [Fri, 18 Oct 2013 07:59:38 +0000 (07:59 +0000)]
bgpd: Fix condition allowas-in in rsclient code
Currently when you set neighbour's 'allowas-in' option on route server side
you get redistribution of the prefixes from this neighbour's table into all
neighbour's tables which have the same AS number. I think that wanted behaviour
is to allow import prefixes from neighbour's tables with the same AS num
into neighbour which has 'allowas-in' option set.
Signed-off-by: Milan Kocian <milon@wq.cz> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Traditionally, ttl-security feature has been associated with EBGP
sessions as those identify directly connected external peers. The
GTSM RFC (rfc 5082) does not make any restrictions on type of
peering. In fact, it is beneficial to support ttl-security for both
EBGP and IBGP sessions. Specifically, in data centers, there are
directly connected IBGP peerings that will benefit from the protection
ttl-security provides.
Signed-off-by: Dinesh G Dutt <ddutt@cumulusnetworks.com> Reviewed-by: Pradosh Mohapatra <pmohapat@cumulusnetworks.com>
[DL: function refactoring split out into previous 2 patches. changes:
- bgp_set_socket_ttl(): ret type int -> void
- is_ebgp_multihop_configured(): stripped peer == NULL check
- comments/whitespace] Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
David Lamparter [Mon, 19 May 2014 21:15:02 +0000 (23:15 +0200)]
bgpd: factor out eBGP multihop check
The check for an eBGP multihop configuration is unwieldy; factor it out
into a separate function.
[DL: originally by Dinesh G Dutt <ddutt@cumulusnetworks.com>,
split off from the next commit] Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
David Lamparter [Mon, 19 May 2014 20:52:04 +0000 (22:52 +0200)]
bgpd: factor out TTL setting
TTL/min TTL are set from both bgp_accept() and bgp_connect(). Factor
them out so the following change to enable iBGP GTSM becomes more
readable.
[DL: originally by Dinesh G Dutt <ddutt@cumulusnetworks.com>,
split off from the next commit] Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
1. When an interface goes down, the zclient callbacks are invoked
in the following order: (a) address_delete() that removes the
connected address list: ifp->connected, (b) interface_down()
that performs "fast external fallover" operation. The operation
relies on ifp->connected to look for peers that should be brought
down. That's a cyclic dependency.
2. 'ttl-security' configuration handler sets peer->ttl to
MAXTTL (so that BGP packets are sent with TTL=255, as per the
requirement of ttl-security). This, however, is incompatible
with 'fast external fallover' as the fallover operation checks
for (ttl == 1) to determine directly connected peers.
3. The current fallover operation does not work for IPv6 address family.
PATCH
1. The patch removes the dependency on 'ifp->connected' list for fast
fallover. The peer already contains a nexthop structure that reflects
the peering address. The nexthop structure has a pointer to the
interface (ifp) that peering address resolves to. Everytime the TCP
connection succeeds, the ifp is updated. The patch uses this ifp in
the interface_down() callback for a match for the peers that should be
brought down.
2. The evaluation for directly connected peering is enhanced as
'peer->ttl == 1' OR 'peer->gtsm_hops == 1'. Thus a ttl-security
configuration on the peer with one hop is directly connected and
should be brought down under 'fast external fallover'.
3. Because of fix (1), IPv6 address family works automatically.
Signed-off-by: Pradosh Mohapatra <pmohapat@cumulusnetworks.com> Reviewed-by: Dinesh G Dutt <ddutt@cumulusnetworks.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Vipin Kumar [Thu, 9 Jan 2014 00:31:22 +0000 (00:31 +0000)]
bgpd: increase TCP socket buffer size
BGP does not respond fairly in high scale. As the number of BGP peers
and prefixes increase, triggers like interface flaps which lead to BGP
peer flaps, cause blockage in bgp_write.
BGP does handle the cases of TCP socket buffer full by queuing a write
event back, there is no functional issue there as such. Still,
increasing the peer socket buffer size should help reduce event queueing
in BGP.
Signed-off-by: Vipin Kumar <vipin@cumulusnetworks.com> Reviewed-by: Pradosh Mohapatra <pmohapat@cumulusnetworks.com> Reviewed-by: Dinesh Dutt <ddutt@cumulusnetworks.com>
[DL: patch split, this is item 3.] Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Vipin Kumar [Thu, 9 Jan 2014 00:31:22 +0000 (00:31 +0000)]
bgpd: fix O_NONBLOCK on outgoing connects
BGP was setting sockets to be non-blocking only for the accepted passive
peers. As a fix, setting the BGP sockets to be non-blocking even for
the active peers.
Signed-off-by: Vipin Kumar <vipin@cumulusnetworks.com> Reviewed-by: Pradosh Mohapatra <pmohapat@cumulusnetworks.com> Reviewed-by: Dinesh Dutt <ddutt@cumulusnetworks.com>
[DL: patch split, this is item 1.] Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
bgpd: send notify in OpenSent when stopping manually
The issue it fixes is that the notification message is not sent to a
second peer when bgp is stopped manually.
According to BGP RFC4271, section 8.2.2, regarding the FSM transitions,
in OpenSent state:
If a ManualStop event (Event 2) is issued in the OpenSent state, the
local system:
* sends the NOTIFICATION with a Cease,
* sets the ConnectRetryTimer to zero,
* releases all BGP resources,
* drops the TCP connection,
* sets the ConnectRetryCounter to zero, and
* changes its state to Idle.
I've added a check for OpenSent state when the notification is sent from
the functions which are called from the CLI commands which
directly/indirectly stop/restart BGP.
Acked-by: Pradosh Mohapatra <pmohapat@cumulusnetworks.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
The output of "show ip bg" does not show whether and which routes are
installed as multipath routes along the best route:
BGP table version is 0, local router ID is 10.10.100.209
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, R Removed
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i1.0.0.0/24 10.10.100.1 1 111 0 15169 i
* i 10.10.100.2 1 111 0 15169 i
* i 10.10.100.3 1 111 0 65100 15169 i
This patch adds a new status code that is showing exactly which routes
are used as multipath:
BGP table version is 0, local router ID is 10.10.100.209
Status codes: s suppressed, d damped, h history, * valid, > best, = multipath,
i internal, r RIB-failure, S Stale, R Removed
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i1.0.0.0/24 10.10.100.1 1 111 0 15169 i
*=i 10.10.100.2 1 111 0 15169 i
* i 10.10.100.3 1 111 0 65100 15169 i
The inconsistency in the status code legend ("i - internal" vs. "i internal")
inherent from old IOS was fixed. It had to be touched anyways.
Signed-off-by: Boian Bonev <bbonev at ipacct.com>
[DL: rewrap long line, clean whitespace in same chunk] Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
bgpd: track correct originator-id in reflected routes
ISSUE:
Suppose route1 and route2 received from route-reflector-client1 and client2
respectively have identical attributes. The current logic of creating the
adj-rib-out for a peer threads the 'adv' structures for both routes against
the same attribute. This results in 'bgp_update_packet()' to pack those
routes in the same UPDATE message with one attr structure formatted. The
originator-id is thus set according to the first route's received router id.
This is incorrect.
PATCH:
Fix bgp_announce_check() function to set the originator-id in the
advertising attr structure. Also, fix the attribute hash function and
compare function to consider originator-id. Otherwise attributes where all
fields except the originator-id are identical get merged into one memory
location.
Signed-off-by: Pradosh Mohapatra <pmohapat at cumulusnetworks.com> Reviewed-by: Scott Feldman <sfeldma at cumulusnetworks.com> Reviewed-by: Ken Yin <kyin at cumulusnetworks.com>
[DL: whitespace changes dropped] Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Compute multipath in BGP based on AS_PATH hop count match. If the knob
is turned on, it is not required to have an exact match of AS_PATHs
(provided other multipath conditions are met, of course).
Signed-off-by: Pradosh Mohapatra <pmohapat at cumulusnetworks.com> Reviewed-by: Dinesh G Dutt <ddutt at cumulusnetworks.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Christian Franke [Mon, 28 Apr 2014 11:42:20 +0000 (11:42 +0000)]
ospfd: add debug messages for router lsa-generation
Add log messages to lsa_link_broadcast_set so it becomes more
apparent why a particular broadcast interface was added as
transit or stub interface.
Signed-off-by: Christian Franke <chris@opensourcerouting.org> Acked-by: Feng Lu <lu.feng@6wind.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
ospfd: For an ABR, ensure the right LSID is MaxAge'd
PROBLEM:
Accurate garbage collection of maxage LSAs. The global OSPF structure has
a maxage_lsa tree - the key to the tree is <ls-id, adv-router> tuple. Suppose
the ABR has multiple areas and has originated some intra-area LSAs. The
key for all those LSAs is the same. The code then ends up in a state where
all but the first LSA do not get cleaned up from the areas' LSDB. A subsequent
event would readvertise those LSAs.
PATCH:
Since the LSA is going to stick around till it actually gets cleaned up by
the maxage_walker, make the LSA pointer as the key. Each distinct LSA that
gets maxage'd then gets added to the tree and will get cleaned up correctly.
Signed-off-by: Pradosh Mohapatra <pmohapat@cumulusnetworks.com>
[CF: Use CHAR_BIT; use uintptr_t; use sizeof(field) instead of sizeof(type)] Signed-off-by: Christian Franke <chris@opensourcerouting.org>
[DL: this must remain a temporary fix! needs to be redone after 0.99.23] Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Christian Franke [Mon, 28 Apr 2014 08:04:59 +0000 (08:04 +0000)]
ospfd: clarify indentation and comments in ospf_lsa_maxage_delete
Signed-off-by: Christian Franke <chris@opensourcerouting.org> Acked-by: Feng Lu <lu.feng@6wind.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Christian Franke [Mon, 28 Apr 2014 08:04:58 +0000 (08:04 +0000)]
ospfd: fix a reference counting issue introduced by commit 4de8bf0011
Commit 4de8bf0011 added a return statement to a loop iterating over a
route_table. That loop uses route_top/route_next.
As commit 4de8bf0011 failed to add a route_node_unlock before the
return statement, a reference is leaked when this codepath is taken.
Signed-off-by: Christian Franke <chris@opensourcerouting.org> Acked-by: Feng Lu <lu.feng@6wind.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Lu Feng [Fri, 21 Feb 2014 08:11:15 +0000 (08:11 +0000)]
ospfd: check the LS-Ack's recentness instead of only comparing the #seq
ISSUE:
RTA(DR)-----(BackupDR)RTB
RTA advertises a new LSA to RTB, and then flushes the LSA (with setting
the age of the LSA to MaxAge) within 1 second. Then the LSA is deleted
from RTA, while it still exists on RTB with non-MaxAge and can not be
flushed any more.
FIX:
The reason can be explained in below:
a) RTA -- new LSA, #seq=1 --> RTB (RTB will send the delayed Ack in 1s)
b) RTA -- MaxAge LSA, #seq=1 --> RTB (RTB discards it for the MIN_LS_ARRIVAL)
c) RTA <-- Ack for the new LSA, #seq=1 -- RTB (RTA accepts it)
In the step c), ospf_ls_ack() compares the #seq of the entry in the LS-Ack
with that of local MaxAge LSA. The #seq of the two entries are same. So
the Ack is accepted and the LSA is removed from the retransmit-list (while
it should not).
In RFC2328, section 13.7. Receiving link state acknowledgments:
o If the acknowledgment is for the same instance that is <==
contained on the list, remove the item from the list and
examine the next acknowledgment. Otherwise:
where "same instance" does not mean the same #seq. We must call
ospf_lsa_more_recent() to check whether the two instances are same.
Signed-off-by: Feng Lu <lu.feng@6wind.com> Signed-off-by: Christian Franke <chris@opensourcerouting.org> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Christian Franke [Thu, 11 Jul 2013 07:56:29 +0000 (07:56 +0000)]
ospfd: don't allow to set network type on loopback interfaces
OSPFd only allocates some stub information for loopback interfaces.
This causes a crash when the interface state machine is started on
that interface by configuring a different network type.
It doesn't make much sense to configure the network type of a loopback
interface, therefore, just forbid it.
See also bugzilla #670.
Signed-off-by: Christian Franke <chris@opensourcerouting.org> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Christian Franke [Wed, 10 Jul 2013 11:56:18 +0000 (11:56 +0000)]
ospfd: run DR election prior to LSA regeneration
The results from DR election are used when constructing router-LSAs.
E.g. they are used to determine whether a broadcast interface should
be added with a link type of stub interface or transit interface.
Therefore, we should run DR election prior before regenerating LSAs.
Signed-off-by: Christian Franke <chris@opensourcerouting.org> Acked-by: Feng Lu <lu.feng@6wind.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Ken Williams [Tue, 15 Apr 2014 02:23:11 +0000 (02:23 +0000)]
zebra: Change the mechanism for comparing route ID's.
The current format uses subtraction of two ints. Unfortunately, the
subtraction method does not work for all combinations of numbers.
For example, the with numbers represented by 10.x.x.x and 192.x.x.x,
10.x.x.x - 192.x.x.x will yield a very large positive number indicating
that 10.x.x.x is larger.
Signed-off-by: Ken Williams <kenneth.j.williams@intel.com> Acked-by: Feng Lu <lu.feng@6wind.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
David Lamparter [Tue, 1 Apr 2014 17:34:55 +0000 (19:34 +0200)]
tests: fix build & disable testcommands
The perils of having tests, the test wasn't tested thoroughly enough...
Fixup various automake problems, and then disable it since it depends on
configure parameters in its current version.
For 0.99.24 we can ship a static copy of vtysh_cmd.c and have it
reenabled.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Brett Ciphery [Thu, 3 Oct 2013 13:48:54 +0000 (13:48 +0000)]
zebra: set metric for directly connected routes via netlink to 0
a value of 1 is hard coded for the metric field, much like the
ifconfig utility it may have roots in. in order to be in line
with the metric used in the linux kernel itself, we switch this
to 0.
Signed-off-by: Brett Ciphery <brett.ciphery@windriver.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
David Lamparter [Thu, 1 Aug 2013 08:12:25 +0000 (08:12 +0000)]
build: remove now-useless --{en, dis}able-tests
commit d771020 "don't build tests unless make check is run" has made the
--{en,dis}able-tests switch completely useless. The differentiation is
now made by running "make check" or not doing so. The only effect of
the switch is an "empty" excursion of make into the tests/ directory.
(well, and it turns "make check" useless from the main directory if
--disable-tests is given, which I don't think makes sense either)
Acked-by: Greg Troxel <gdt@ir.bbn.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
David Lamparter [Thu, 1 Aug 2013 07:43:36 +0000 (07:43 +0000)]
build: improve backtrace support/detection
libexecinfo is used to provide backtrace() on *BSD. The API is
compatible with glibc's, so this is a "free" improvement.
To improve configure behaviour, the following configure options are
modified/introduced:
* --enable-gcc-rdynamic now defaults to "on" if the compiler is gcc.
(I sadly wasn't able to find any documentation on the availability of
this option for llvm, even though at least the version I have
installed does support it)
* --enable-backtrace has been added. This behaves as off/auto/on
switch, i.e. giving either {dis,en}able will result in the requested
behaviour (or an error if support wasn't found)
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
lib: fix possible off-by-one in stream_put_prefix()
The STREAM_WRITEABLE() call only checks if there is space for the
prefix in the stream but does not account for the prefixlen. The
stream_putc() call reduces available space by 1 and we can end
copying one byte too much and with "endp" off by one if we are
near the buffer end.
Instead of moving the stream_putc() call before STREAM_WRITEABLE(),
we check before hand for the required space, and open-code it. This
avoids a function call and verifying again the stream buffer.
Signed-off-by: Jorge Boncompte [DTI2] <jorge@dti2.net> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Fixes commit 97c84db00c (hash: dynamically grow hash table). The
no_expand field it's not initialized and could make the hashes to
never grow the table index.
Signed-off-by: Jorge Boncompte [DTI2] <jorge@dti2.net> Acked-by: Feng Lu <lu.feng@6wind.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
837d16c ("*: use array_size() helper macro") accidentally changed one of
the expressions in the backtrace code, which afterwards read:
zlog_backtrace_sigsafe():
if (((size = backtrace(array,array_size(array)) <= 0) ||
which boils down to: (size = backtrace(...) <= 0). The braces were
intended to go: (size = backtrace(...)) <= 0.
All in all, this makes a nice textbook example of the original author
being too clever (trying to save a single line by pulling the assignment
into the condition) and the next person touching the code tripping over
it...
This code occurs another time in zlog_backtrace() where it is actually
correct. Pulling out the assignment nonetheless. Also, new test
program.
Cc: Andrew J. Schorr <ajschorr@alumni.princeton.edu> Cc: Balaji.G <balajig81@gmail.com> Cc: Scott Feldman <sfeldma@cumulusnetworks.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
This command allows the user to change to default reference bandwidth
for cost calculations. The default value is 100 Mbps. With a default
bandwidth of 10 MBps, the default cost becomes 10. Those values are
consistent with OSPFv2.
[DL: resolved conflicts in vty command additions & docs] Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Vincent Bernat [Wed, 24 Oct 2012 14:45:53 +0000 (14:45 +0000)]
ospf6d: compute interface cost from its bandwidth
Previously, the interface cost was a fixed default value that a user
was allowed to change with "ipv6 ospf6 cost XX". As what is done with
OSPFv2, we change this behaviour to compute the default interface cost
from the interface bandwidth.
The user can still force a cost with "ipv6 ospf6 cost XX". He can get
the default value with "no ipv6 ospf6 cost". Moreover, the default
cost value was 1. The cost is now computed from the bandwidth and a
default reference bandwidth of 100 MBps (as for OSPFv2). Since the
default bandwidth for an interface is 10 MBps, the "default" cost
becomes 10 instead of 1.
[DL: resolved conflict in ospf6d/ospf6_interface.c] Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Do not send ospf6d hellos on fresh created interfaces without
configuration (ie. no vlan configured). Ospf6d use ip6_mtu, if it's not
initalised, Ospf6d tries to alloc indefinite size of memory.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
David Lamparter [Sat, 23 Nov 2013 15:55:36 +0000 (16:55 +0100)]
ospf6d: fix interface_down() stopping hellos
interface_down() - which also handles some nonobvious cases like the
last linklocal address disappearing - was previously not cancelling the
hello timer. This had the effect of multiple such threads ending up
scheduled after a quick down-up cycle.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
David Lamparter [Mon, 9 Dec 2013 15:48:55 +0000 (16:48 +0100)]
ospf6d: clear lsa->refresh before clearing LSAs
This fixes a SEGV when we receive a higher-SeqNum copy of a LSA that we
originated ourselves, before a reboot of ospf6d. We create a new
copy of the LSA to resync the SeqNum, but then half an hour later
the old refresh thread ends up trying to refresh the free()'d old LSA.
The SEGV is triggered by this chain:
ospf6_lsdb_maxage_remover
-> thread_execute(ospf6_lsa_refresh)
-> old->refresh = NULL
Which assumes that old->refresh is no longer scheduled to run, as it is
being run right there. But the thread_execute() doesn't know about
old->refresh and therefore didn't remove it.
(Found by ANVL OSPFV3-16.17)
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Christian Franke [Thu, 13 Dec 2012 15:11:16 +0000 (16:11 +0100)]
ospf6d: handle missing link local address more gracefully
ospf6 can't run on an interface without a link local address.
Don't start the state machine when an interface comes up without
such an ip and bring it up later, when a usable link local
address is added.
Signed-off-by: Christian Franke <chris@opensourcerouting.org> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Christian Franke [Wed, 27 Nov 2013 17:06:15 +0000 (17:06 +0000)]
zebra: log routes w/o gateway in rib_delete_ipv4
Signed-off-by: Christian Franke <chris@opensourcerouting.org> Acked-by: Feng Lu <lu.feng@6wind.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
BGP: While advertising v4 prefixes over a v6 session, set the correct v4 nexthop.
ISSUE:
For an IPv6 peer, BGPd sets the local router-id as the next-hop's v4 address.
This is incorrect as the router-id may not be a valid next-hop to be included
in UPDATEs that contain v4 prefixes.
PATCH:
Set the v4 address in the next-hop field based on the interface that the
peering is on (directly connected interface or loopback).
Signed-off-by: Pradosh Mohapatra <pmohapat at cumulusnetworks.com> Reviewed-by: Scott Feldman <sfeldma at cumulusnetworks.com> Acked-by: Feng Lu <lu.feng@6wind.com>
Dinesh Dutt [Mon, 26 Aug 2013 03:40:37 +0000 (03:40 +0000)]
ospf6d: fix integrated config
With integrated config, the line defining an interface to be p2p is defined
before assigning the interface to an area. When during the interface
transition, there is an attempt to generate a router LSA, the process
crashes. This fix addresses that.
Signed-off-by: Dinesh G Dutt <ddutt at cumulusnetworks.com> Reviewed-by: Pradosh Mohapatra <pmohapat at cumulusnetworks.com> Reviewed-by: Scott Feldman <sfeldma at cumulusnetworks.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Dinesh Dutt [Mon, 26 Aug 2013 03:40:23 +0000 (03:40 +0000)]
ospf6d: add SPF logs, statistics, and display of SPF parameters
Signed-off-by: Pradosh Mohapatra <pmohapat at cumulusnetworks.com> Reviewed-by: Scott Feldman <sfeldma at cumulusnetworks.com>
[DL: adapted to rebase / readded randomly lost line]
[DL: killed timeval_subtract] Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Dinesh Dutt [Mon, 26 Aug 2013 03:40:16 +0000 (03:40 +0000)]
ospf6d: add 'log-adjacency-changes [detail]'
Similar to OSPFv2, add support for 'log-adjacency-changes [detail]' to log
changes in adjacency state of ospfv3 neighbors.
Signed-off-by: Pradosh Mohapatra <pmohapat at cumulusnetworks.com> Reviewed-by: Dinesh G Dutt <ddutt at cumulusnetworks.com> Reviewed-by: Scott Feldman <sfeldma at cumulusnetworks.com> Reviewed-by: Shrijeet Mukherjee <shm at cumulusnetworks.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Dinesh Dutt [Sun, 25 Aug 2013 03:03:39 +0000 (03:03 +0000)]
ospf6d: don't send LSAck on an interface if we've flooded the LSU out that i/f
If we flood an LSA back out the same interface we received it from, don't send
an LSAck out that interface for that LSA. This is as per RFC 2328, section 13.5
Signed-off-by: Dinesh G Dutt <ddutt at cumulusnetworks.com> Reviewed-by: Pradosh Mohapatra <pmohapat at cumulusnetworks.com> Reviewed-by: Scott Feldman <sfeldma at cumulusnetworks.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Dinesh Dutt [Sun, 25 Aug 2013 03:03:31 +0000 (03:03 +0000)]
ospf6d: handle Prefix and Router Options bits correctly
Ensure that prefixes with the NU/LA bit set do not get added to the routing
table. Ensure that routers with the V6/R bit set do not get added as transit
routes.
Signed-off-by: Dinesh Dutt <ddutt at cumulusnetworks.com>
[DL: adjust to rebase] Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Dinesh Dutt [Sun, 25 Aug 2013 03:03:23 +0000 (03:03 +0000)]
ospf6d: add LSA payload to show summary output
Unlike OSPFv2, the LSID of an LSA isn't sufficient to know what the contents
of the LSA are. Its useful for debugging and basic eyeball tests to see the
contents of the LSA in the simple tabular format of "show ipv6 ospf6 database".
This patch adds that output to the command. It replaces the existing fields of
"duration, Chksum and Length" with a single field called Payload which is
dependent on the LSA type. For Inter-Area Prefix, Intra-Area Prefix and
AS-External LSAs, this will be the advertised prefix/prefix length, for Router
LSAs, it is RtrID/IfID etc.
Signed-off-by: Dinesh G Dutt <ddutt at cumulusnetworks.com> Reviewed-by: Pradosh Mohapatra <pmohapat at cumulusnetworks.com> Reviewed-by: Scott Feldman <sfeldma at cumulusnetworks.com>
[DL: rebase fix, line disappeared in ospf6_abr_originate_summary_to_area] Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Dinesh Dutt [Sun, 25 Aug 2013 03:03:15 +0000 (03:03 +0000)]
ospf6d: increment dbdesc seqnum on SeqNumberMismatch/BadLsReq event
As per RFC 2328, section 10.3, if the neighbor state machine reaches
SeqNumberMismatch state when the NSM is in state Exchange or greater,
"router increments the DD sequence number in the neighbor data structure,
declares itself master (sets the master/slave bit to master), and starts
sending Database Description Packets, with the initialize (I), more (M)
and master (MS) bits set.".
The existing code doesn't increment the DD SeqNum. This patch fixes that.
Signed-off-by: Dinesh G Dutt <ddutt at cumulusnetworks.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Dinesh Dutt [Sun, 25 Aug 2013 03:03:07 +0000 (03:03 +0000)]
ospf6d: don't change SeqNum on initial DbDesc message
The code was setting the DbDesc seqnum to the current seconds value of time if
this was the initial DbDesc. However, the same code was getting invoked if the
initial DbDesc was retransmitted. Caused ANVL test XX.XX to fail.
Signed-off-by: Dinesh G Dutt <ddutt at cumulusnetworks.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Dinesh Dutt [Sat, 24 Aug 2013 08:00:44 +0000 (08:00 +0000)]
ospf6d: handle seqnum wrapping
Signed-off-by: Shrijeet Mukherjee <shm at cumulusnetworks.com> Reviewed-by: Dinesh G Dutt <ddutt at cumulusnetworks.com>
[DL: mechanical adjust to rebase]
[DL: adjust to removal of timerwheel code] Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Dinesh Dutt [Sat, 24 Aug 2013 08:00:37 +0000 (08:00 +0000)]
ospf6d: add overload support
OSPFv3: Support setting/clearing overload bit on router
It is sometimes necessary for a router to gracefully remove itself from
the SPF tree i.e. it cannot act as a transit router. It does this by
setting the overload bit in the router LSA. This patch adds support for
enabling/disabling the overload bit.
Signed-off-by: Dinesh G Dutt <ddutt at cumulusnetworks.com> Reviewed-by: Pradosh Mohapatra <pmohapat at cumulusnetworks.com>
[DL: patch applied with fuzz] Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Dinesh Dutt [Sat, 24 Aug 2013 07:55:57 +0000 (07:55 +0000)]
ospf6d: fix linkdown handling
Ensure OSPFv3 handles link down even correctly.
OSPFv3 checks only the administrative status of a link instead of its
operative status. This prevents it up from detecting a real link down
event and reacting appropriately. Only protocol timer timeouts make it
detect a link down eventually. This patch makes it look for the operative
status of a link instead of admin status.
Signed-off-by: Dinesh G Dutt <ddutt at cumulusnetworks.com> Reviewed-by: James Li <jli at cumulusnetworks.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Dinesh Dutt [Sat, 24 Aug 2013 07:55:50 +0000 (07:55 +0000)]
ospf6d: correct nexthop through directly connected networks
This is implementing this part of RFC 2328:
This is the "first case", see below,
16.1.1. The next hop calculation
...
If there is at least one intervening router in the current
shortest path between the destination and the root, the
destination simply inherits the set of next hops from the
parent. Otherwise, there are two cases. In the first case,
the parent vertex is the root (the calculating router
itself). This means that the destination is either a
directly connected network or directly connected router.
The outgoing interface in this case is simply the OSPF
interface connecting to the destination network/router.
...
The current Quagga code always tries to inherit the nexthop from
a parent vertex, but does not cover the case that the destination
is directly connected to the root vertex. This patch adds support
for that case.
Signed-off-by: James Li <jli at cumulusnetworks.com> Reviewed-by: Dinesh G Dutt <ddutt at cumulusnetworks.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Dinesh Dutt [Sat, 24 Aug 2013 07:55:43 +0000 (07:55 +0000)]
ospf6d: don't suppress empty router LSA
Currently in OSPFv3 implementation, if all the interfaces are down/loopback
or are without any full adjacencies, the router LSA is suppressed. So for
a router with only stub networks, no router LSA is generated. However,
intra-prefix LSAs are generated for the stub networks and these intra-prefix
LSAs will reference the router LSA. So the router LSA really should not be
suppressed. It needs to be generated to be the starting vertex for SPF
w.r.t the stub networks.
Signed-off-by: James Li <jli at cumulusnetworks.com> Reviewed-by: Dinesh G Dutt <ddutt at cumulusnetworks.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Dinesh Dutt [Sat, 24 Aug 2013 07:55:36 +0000 (07:55 +0000)]
ospf6d: turn off expensive debugging
OSPF6 has very expensive LSDB and route debug on by default. This needs to be
turned off for scaled performance.
Signed-off-by: James Li <jli at cumulusnetworks.com> Reviewed-by: Dinesh G Dutt <ddutt at cumulusnetworks.com>Summary: Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Dinesh Dutt [Sat, 24 Aug 2013 07:55:14 +0000 (07:55 +0000)]
ospf6d: convert LSDB to use route_node, improve performance
the performance in the presence of a large number of LSAs. I also verified
that the performance improvements stayed in the presence of a large number
of peers (I tested upto 128).
Signed-off-by: Dinesh G Dutt <ddutt at cumulusnetworks.com> Reviewed-by: Scott Feldman <sfeldma at cumulusnetworks.com>Summary: Reviewed-by: James Li <jli at cumulusnetworks.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Dinesh Dutt [Sat, 24 Aug 2013 07:55:07 +0000 (07:55 +0000)]
ospf6d: fix neighbor state machine (faster lsdb sync, RFC compliance)
The OSPFv3 code doesn't do the following things right as part of an adjacency
bringup:
- Transmit DbDesc frames appropriately to ensure faster state transition to
Loading state
- Transmit LsReq frames when switching to exchange state and on receipt of
an LS update in Loading state
- Requesting LSAs multiple times in LsReq.
It currently uses retransmit timer expiry to send the LsReq and DbDesc frames
which significantly slows down large lsdb syncs.
Signed-off-by: Dinesh G Dutt <ddutt at cumulusnetworks.com> Reviewed-by: Scott Feldman <sfeldma at cumulusnetworks.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Dinesh Dutt [Sat, 24 Aug 2013 07:55:00 +0000 (07:55 +0000)]
ospf6d: add p2p interface support
Signed-off-by: Dinesh G Dutt <ddutt at cumulusnetworks.com> Signed-off-by: Ayan Banerjee <ayabaner at gmail.com> Reviewed-by: Scott Feldman <sfeldma at cumulusnetworks.com> Reviewed-by: James Li <jli at cumulusnetworks.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Dinesh Dutt [Sat, 24 Aug 2013 07:54:50 +0000 (07:54 +0000)]
ospf6d: fix various bugs in installing and flooding LSAs
Signed-off-by: Dinesh G Dutt <ddutt at cumulusnetworks.com> Reviewed-by: Pradosh Mohapatra <pmohapat at cumulusnetworks.com> Reviewed-by: Scott Feldman <sfeldma at cumulusnetworks.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Dinesh Dutt [Sat, 24 Aug 2013 07:54:41 +0000 (07:54 +0000)]
ospf6d: add more details to show ipv6 ospf6 data
Specifically, it displays the flags, lock and retransmission count fields.
Signed-off-by: Dinesh G Dutt <ddutt at cumulusnetworks.com> Reviewed-by: JR Rivers <jrrivers at cumulusnetworks.com> Reviewed-by: Scott Feldman <sfeldma at cumulusnetworks.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Dinesh Dutt [Sat, 24 Aug 2013 07:54:31 +0000 (07:54 +0000)]
ospf6d: enable the commands to support detailed debugging of LSAs.
The code for the commands exists, but it hasn't been defined in the
definition of the command itself. This patch fixes that.
Signed-off-by: Dinesh G Dutt <ddutt at cumulusnetworks.com> Reviewed-by: Scott Feldman <sfeldma at cumulusnetworks.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Dinesh Dutt [Sat, 24 Aug 2013 07:54:24 +0000 (07:54 +0000)]
ospf6d: remove older version of LSA from neigbor retx list before prematurely aging it.
See comment in code for very detailed issue and fix.
Signed-off-by: Dinesh G Dutt <ddutt at cumulusnetworks.com> Reviewed-by: Scott Feldman <sfeldma at cumulusnetworks.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Dinesh Dutt [Sat, 24 Aug 2013 07:54:17 +0000 (07:54 +0000)]
ospf6d: reinvoke MaxAge remover thread if not all MaxAge LSAs were flushed.
MaxAge LSAs are being flushed out only on an event, unlike OSPFv2 where they're flushed out
periodically. This causes certain LSAs to hang around forever, never getting flushed out.
This patch makes flushing out MaxAge LSAs periodic, retriggered after a certain period if
not all MaxAge LSAs were flushed out.
Signed-off-by: Dinesh G Dutt <ddutt at cumulusnetworks.com> Reviewed-by: Scott Feldman <sfeldma at cumulusnetworks.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Dinesh Dutt [Sat, 24 Aug 2013 07:54:09 +0000 (07:54 +0000)]
ospf6d: schedule SPF to run on events rather than directly on each event.
OSPV3 SPF triggers on every SPF-able event instead of using timers the way
OSPFv2 does. This patch makes SPF be triggered/throttled similar to OSPFv2.
It adds a command to quagga identical to the OSPFv2 equivalent to configure
these timers.
Summary:
Signed-off-by: Dinesh Dutt <ddutt at cumulusnetworks.com> Reviewed-by: Scott Feldman <sfeldma at cumulusnetworks.com>
[DL: removed reference to oa->ts_spf for rebase]
[DL: killed timeval_subtract] Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Dinesh Dutt [Wed, 23 Oct 2013 00:42:18 +0000 (17:42 -0700)]
ospf6d/ospfd: refactor some common defines
Rearranging common defs and structures for use betweeen OSPFv2 and
OSPFv3. Created a new file called libospf.h under lib directory to
hold defines that are common between OSPFv2 and OSPFv3 code bases.
[DL: split of defines refactor from timer refactor] Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Change the datastructure for recursive routes. This brings the following
benefits:
By using struct nexthop also to store nexthops obtained by recursive
resolution, we can get rid of quite a bit of code duplication in the fib
management. (rt_netlink, rt_socket, ...)
With the new datastructure we can make use of all available paths when
recursive routes are resolved with multipath routes.
Signed-off-by: Christian Franke <chris@opensourcerouting.org> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Christian Franke [Thu, 24 Jan 2013 14:04:49 +0000 (14:04 +0000)]
zebra: don't change connected state from zebra/interface.c
Try to avoid changing connected state from zebra/interface.c as this
means making assumptions about kernel behaviour which may be or may
become wrong. This state should rather be updated by events from the
kernel.
Signed-off-by: Christian Franke <chris@opensourcerouting.org> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Christian Franke [Thu, 24 Jan 2013 14:04:48 +0000 (14:04 +0000)]
zebra: add ZEBRA_IFC_QUEUED to keep track of kernel state
As there are timeframes when we don't get a notification from the kernel
about new addresses. (e.g. while Linux performs IPv6 DAD), we need to
have some information whether an address has been sent to the kernel or
not.
One case where this is relevant would be a user adding an IPv6 address,
but deleting it before DAD has been complete. With the next patch which
removes some (ill assuming) synchronous parts in address setup,
ipv6_address_uninstall would not know whether or not it has to actually
delete the prefix from the kernel. Resolving these windows where we lack
information is what the flag ZEBRA_IFC_QUEUED is intended for.
Signed-off-by: Christian Franke <chris@opensourcerouting.org> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Christian Franke [Thu, 24 Jan 2013 14:04:47 +0000 (14:04 +0000)]
zebra: warn if advertising connected with _REAL unset
The implementation in zebra and the zclient protocol allow to communicate
addresses to clients which are not yet in the kernel.
This is usually not done and most clients seem to expect an address to be
configured in the kernel when they receive it. Therefore, it seems
reasonable to issue a warning when advertising an address to the clients
that is not yet in the kernel.
Signed-off-by: Christian Franke <chris@opensourcerouting.org> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Christian Franke [Thu, 24 Jan 2013 14:04:46 +0000 (14:04 +0000)]
zebra: consolidate connected_implicit_withdraw
connected_implicit_withdraw is used at two places and followed by exactly
the same code. Move that code into connected_implicit_withdraw and give
that function a more descriptive name.
Signed-off-by: Christian Franke <chris@opensourcerouting.org> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Christian Franke [Thu, 24 Jan 2013 14:04:43 +0000 (14:04 +0000)]
zebra: process information about new addresses (BZ#486)
Because of a change of semantics in the Linux kernel, information
about changes made by zebra itself was not considered for updates.
This change should fix this by accounting for the new semantics.
It is based on a patch by lich posted to the bugzilla #486
Signed-off-by: Christian Franke <chris@opensourcerouting.org> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
David Lamparter [Fri, 2 Aug 2013 07:27:53 +0000 (07:27 +0000)]
ospfd: protect vs. VU#229804 (malformed Router-LSA)
VU#229804 reports that, by injecting Router LSAs with the Advertising
Router ID different from the Link State ID, OSPF implementations can be
tricked into retaining and using invalid information.
Quagga is not vulnerable to this because it looks up Router LSAs by
(Router-ID, LS-ID) pair. The relevant code is in ospf_lsa.c l.3140.
Note the double "id" parameter at the end.
Still, we can provide an improvement here by discarding such malformed
LSAs and providing a warning to the administrator. While we cannot
prevent such malformed LSAs from entering the OSPF domain, we can
certainly try to limit their distribution.
cf. http://www.kb.cert.org/vuls/id/229804 for the vulnerability report.
This issue is a specification issue in the OSPF protocol that was
discovered by Dr. Gabi Nakibly.
Reported-by: CERT Coordination Center <cert@cert.org> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Christian Franke [Sat, 25 May 2013 14:01:35 +0000 (14:01 +0000)]
bgpd, zebra: Support NEXTHOP_IPV4_IFINDEX in nexthop_lookup api
Since commit ba281d3d040, ospfd uses NEXTHOP_IPV4_IFINDEX
routes. The API between zebra and bgpd which is used to query
nexthops for recursive routes did not support this nexthop
type and therefore, ospf changes (or any other IGP changes
which use NEXTHOP_IPV4_IFINDEX) would never trigger any
recursive route update.
Signed-off-by: Christian Franke <chris@opensourcerouting.org> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Christian Franke [Thu, 11 Apr 2013 08:24:30 +0000 (08:24 +0000)]
bgpd: honor PEER_FLAG_DISABLE_CONNECTED_CHECK on bgp_scan
When neighbor disable-connected-check was used, bgpd would accept routes
with unconnected nexthop as indended, however those routes would be
invalidated on the next bgp_scan run as that function did not know about
disable-connected-check.
Signed-off-by: Christian Franke <chris@opensourcerouting.org> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
rl_completion_append_character is reset to space every time the completion
function is entered. So we would have to set it to '\0' every time
new_completion() is called. We can make this conditional and avoid using
rl_pending_input.
This code path is most relevant when there are multiple completion
matches with the same prefix, e.g. in router bgp context: "neighbor 1.2.3.4
pa"<ssive|ssword> would have been completed to "neighbor 1.2.3.4 pass "
instead of "neighbor 1.2.3.4 pass".
Signed-off-by: Christian Franke <chris@opensourcerouting.org> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
projects / mirror / frr.git / log