bgpd: store nexthop info for redistributed IPV6 routes
BGP was ignoring nexthop info for static and other redistributed
routes for IPv6. Build extra attribute info to store the nexthop.
See also:
https://bugzilla.vyatta.com/show_bug.cgi?id=6073
ospfd: avoid redundant lookup in ospf_redistribute_withdraw
The old algorithim looked up every node twice as it withdrew
the entry. It looks up entry once in redistribute_withdraw, then
looks it up again info_delete. Use result of first lookup
to do the free directly.
This may explain the slow performance observed in
https://bugzilla.vyatta.com/show_bug.cgi?id=4421
lib: call filter delete hook before freeing access list
The delete_hook was being run after calling access list delete function.
This would cause ospf to dereference a NULL, in ospf_filter_update
because 'access->name' was already freed.
See also:
https://bugzilla.vyatta.com/show_bug.cgi?id=7654
Denis Ovsienko [Sun, 4 Dec 2011 19:21:55 +0000 (23:21 +0400)]
lib: optimize ip_masklen()
The new implementation makes use of a 64KB mapping table, which makes it
possible to compute masklen faster and with constant execution time. The
map also allows for additional version of the function, which can detect
errors in input argument.
The previous implementation had a variable cost of execution, which
depended on masklen in a non-linear manner, and at its worst (/31) was
4 times slower, than the new implementation. The only case of old
function just slightly outperforming the new one is /0, which is of
little practical interest.
Ulrich Weber [Wed, 16 Nov 2011 15:32:12 +0000 (19:32 +0400)]
bgp: use VTY_GET_INTEGER_RANGE() in bgp_clear()
Second patch replaces "VTY_GET_LONG ("AS", as_ul, arg);"
by "VTY_GET_INTEGER_RANGE ("AS", as, arg, 1, BGP_AS4_MAX);"
as done in all other code, which parses AS numbers.
Denis Ovsienko [Thu, 27 Oct 2011 16:04:08 +0000 (20:04 +0400)]
bgpd: fix AS4_PATH attr flag check (BZ#676)
AS_PATH is a well-known, transitive path attribute and cannot be flagged
as "Partial". This is what commit 77a20b8af32c926176f8492a086d9e4ec670496b implemented, but it did not
account, that bgp_attr_aspath() is also used to process AS4_PATH, which
is an optional, transitive path attribute and as such may be flagged as
"Partial". This change justfies the test condition.
Denis Ovsienko [Fri, 14 Oct 2011 17:59:58 +0000 (21:59 +0400)]
ospf6d: decode message type with LOOKUP()
* ospf6_message.h
* OSPF6_MESSAGE_TYPE_CANONICAL(): dismiss
* OSPF6_MESSAGE_TYPE_NAME(): dismiss
* ospf6_message.c
* ospf6_message_type_str: rewrite as a message list, add max value
* ospf6_packet_examin(): update to use LOOKUP()
* ospf6_receive(): idem
* ospf6_send(): idem
David Lamparter [Sun, 4 Oct 2009 14:21:49 +0000 (16:21 +0200)]
lib: add sockopt helper for setting IPV6_V6ONLY and use it
getaddrinfo returns a list of socket parameters for listening. it
will contain both IPv4 and IPv6 listening sockets. unless we use
IPV6_V6ONLY on the IPv6 ones, only the socket listed first will
work. if the IPv4 one came first, the IPv6 one would get an
"Address in use" error.
this functionality was already present for bgpd and its listening
sockets. as it is needed for vtys as well, make it a common helper.
David Lamparter [Tue, 15 Sep 2009 23:52:42 +0000 (01:52 +0200)]
lib: put route_types.txt to real use
this replaces most occurences of routing protocol lists by preprocessor
defines from route_types.h. the latter is autogenerated from
route_types.txt by a perl script (previously awk). adding a routing
protocol now is mostly a matter of changing route_types.txt and log.c.
David Lamparter [Wed, 26 Aug 2009 22:28:28 +0000 (00:28 +0200)]
rib: default distance value for new protocols (v2)
adding protocols and forgetting to update zebra_rib.c currently causes
a beyond end of array access for the default distance value. fix by
making 150 the default distance for unknown routing protocols.
150 is higher than all other IGPs but lower than iBGP (200)
Tom Goff [Wed, 25 Nov 2009 20:36:06 +0000 (20:36 +0000)]
zebra: set the interface link-layer socket address
* kernel_socket.c: (ifm_read) The reorganization from commit 6fe70d1b35c189cb1e488b2c26551ba7baac6148 removed setting the
interface link-layer socket address structure on routing socket
platforms. This restores saving the link-layer information because
it might be used elsewhere: rtm_write() when no gateway is given,
if_dump_vty() and rtadv_send_packet().
Chris Luke [Tue, 18 Oct 2011 13:26:51 +0000 (17:26 +0400)]
bgpd: justify capabilities for TOS setting
To set the TOS bits on TCP connections, platforms that restrict
capabilities need the priv level to be raised before the sockopt
is set, and this requires the ZCAP_NET_ADMIN priv.
* bgp_main.c: update _caps_p to include ZCAP_NET_ADMIN
* bgp_network.c
* bgp_connect(): request ZPRIVS_RAISE/ZPRIVS_LOWER
* bgp_listener(): request ZPRIVS_RAISE earlier
Denis Ovsienko [Sat, 8 Oct 2011 13:22:45 +0000 (17:22 +0400)]
ospf6d: make some old sizing checks assertions
As long as ospf6_packet_examin() is now the single checkpoint for
received packets, most of the old checks performed elsewhere can
be converted into assert() constructs. Malformed input data at
respective points can be attributed solely to a programming error,
not a malformed packet.
John Kemp [Fri, 18 Mar 2011 14:52:18 +0000 (17:52 +0300)]
bgpd: improve "monotonic" uptime correction
Older versions of Quagga/Zebra would output a value in MRT table
dump files for "uptime" aka "ORIGINATED" that was a WALL clock
value. Given that uptime is now internally a bgp_clock MONOTONIC
value, the output in the MRT files is showing up as monotonic.
Note: time of MRT dump is still recorded correctly as a
time() based value, so we haven't lost that value.
Proposal is to correct the uptime output on the vty and in the
MRT files to again display something more akin to WALL time.
* bgp_dump.c: (bgp_dump_routes_func) add conditional correction
* bgp_route.c: (route_vty_out_detail) make correction conditional, move
variable declaration to beginning of the function
Denis Ovsienko [Mon, 10 Oct 2011 17:08:33 +0000 (21:08 +0400)]
bgpd: add flag checks for MP_(UN)REACH_NLRI
* bgp_attr.[ch]
* bgp_mp_reach_parse(): add extra arguments and a uniform flag
check block
* bgp_mp_unreach_parse(): idem
* bgp_attr_parse(): provide extra arguments
* bgp_mp_attr_test.c
* parse_test(): justify respective calls
Denis Ovsienko [Sat, 8 Oct 2011 09:54:48 +0000 (13:54 +0400)]
bgpd: improve attr length error handling (BZ#679)
* bgp_attr.c
* bgp_attr_parse(): provide extra argument to bgp_attr_aggregator()
* bgp_attr_local_pref(): use bgp_notify_send_with_data()
* bgp_attr_atomic(): idem
* bgp_attr_aggregator(): idem
* bgp_attr.c
* bgp_attr_cluster_list(): accept extra argument, add checks for
"optional", "transitive" and "partial" bits, log each error
condition independently
* bgp_attr_parse(): provide extra arguments
* bgp_attr.c
* bgp_attr_originator_id(): accept extra argument, add checks for
"optional", "transitive" and "partial" bits, log each error
condition independently
* bgp_attr_parse(): provide extra arguments
Denis Ovsienko [Wed, 12 Oct 2011 09:54:21 +0000 (13:54 +0400)]
bgpd: fix regression in improved attr flag checks
Commit 2febf323411c1aed9d7694898f852ce2ef36a7e5 assumed every flag
bit except optional/transitive/partial unset, which at times could
not be true for "extended length" bit.
* bgp_attr.c
* bgp_attr_origin(): exclude BGP_ATTR_FLAG_EXTLEN from comparison
* bgp_attr_nexthop(): idem
* bgp_attr_med(): idem
* bgp_attr_local_pref(): idem
* bgp_attr_atomic(): idem
Do not check each of the Optional/Transitive/Partial attribute
flag bits, when their only valid combination is known in advance,
but still perform bit-deep error message logging. This change
assumes unused (low-order) 4 bits of the flag octet cleared.
* bgp_attr.c
* bgp_attr_origin(): rewrite check
* bgp_attr_nexthop(): idem
* bgp_attr_med(): idem
* bgp_attr_local_pref(): idem
* bgp_attr_atomic(): idem
ORIGIN handling function used to have "partial" bit check and recent
commits added it for NEXT_HOP, MULTI_EXIT_DISC and ATOMIC_AGGREGATE
cases. This commit adds "partial" check for AS_PATH and LOCAL_PREF
cases, which should leave attributes 1 through 6 inclusive completely
covered with attribute flags checks.
* bgp_attr.c
* bgp_attr_origin(): use bit-by-bit checks for better diagnostics
* bgp_attr_aspath(): add flag check
* bgp_attr_local_pref(): idem
IPv6 supports the same concept of differentiated service for routing
protocols as IPv4, but like too many things, the standards committee
decided that having two names for the same thing wasn't good enough and
introduced a third more generic term transport class.
The socket option to set transport class works the same as IPv4, but the
arguments are different.
* lib/sockopt.[ch]
* setsockopt_ipv6_tclass(): new function
* bgpd/bgp_network.c
* bgp_connect(): set socket option
* bgp_listener(): set socket option
* ospf6d/ospf6_network.c
* ospf6_set_transport_class(): new function
* ospf6_serv_sock(): set socket option
* ripngd/ripngd.c
* ripng_make_socket(): set socket option
This vulnerability (CERT-FI #514840) was reported by CROSS project.
ospf6d processes IPv6 prefix structures in incoming packets without
verifying that the declared prefix length is valid. This leads to a
crash
caused by out of bounds memory access.
* ospf6_abr.h: new macros for size/alignment validation
* ospf6_asbr.h: idem
* ospf6_intra.h: idem
* ospf6_lsa.h: idem
* ospf6_message.h: idem
* ospf6_proto.h: idem
* ospf6_message.c
* ospf6_packet_minlen: helper array for ospf6_packet_examin()
* ospf6_lsa_minlen: helper array for ospf6_lsa_examin()
* ospf6_hello_recv(): do not call ospf6_header_examin(), let upper
layer verify the input data
* ospf6_dbdesc_recv(): idem
* ospf6_lsreq_recv(): idem
* ospf6_lsupdate_recv(): idem
* ospf6_lsack_recv(): idem
* ospf6_prefixes_examin(): new function, implements A.4.1
* ospf6_lsa_examin(): new function, implements A.4
* ospf6_lsaseq_examin(): new function, an interface to above
* ospf6_packet_examin(): new function, implements A.3
* ospf6_rxpacket_examin(): new function, replaces
ospf6_header_examin()
* ospf6_header_examin(): sayonara
* ospf6_receive(): perform passive interface check earliest possible,
employ ospf6_rxpacket_examin()
This vulnerability (CERT-FI #514839) was reported by CROSS project.
When Database Description LSA header list contains trailing zero octets,
ospf6d tries to process this data as an LSA header. This triggers an
assertion in the code and ospf6d shuts down.
* ospf6_lsa.c
* ospf6_lsa_is_changed(): handle header-only argument(s)
appropriately, do not treat LSA length underrun as a fatal error.
This vulnerability (CERT-FI #514838) was reported by CROSS project.
The error is reproducible only when ospfd debugging is enabled:
* debug ospf packet all
* debug ospf zebra
When incoming packet header type field is set to 0x0a, ospfd will crash.
* ospf_packet.c
* ospf_verify_header(): add type field check
* ospf_read(): perform input checks early
This vulnerability (CERT-FI #514837) was reported by CROSS project.
They have also suggested a fix to the problem, which was found
acceptable.
Quagga ospfd does not seem to handle unknown LSA types in a Link State
Update message correctly. If LSA type is something else than one
supported
by Quagga, the default handling of unknown types leads to an error.
* ospf_flood.c
* ospf_flood(): check return value of ospf_lsa_install()
This vulnerability (CERT-FI #513254) was reported by CROSS project.
They have also suggested a fix to the problem, which was found
acceptable.
The problem occurs when bgpd receives an UPDATE message containing
255 unknown AS_PATH attributes in Path Attribute Extended Communities.
This causes a buffer overlow in bgpd.
* lib/prefix.h
* IPV4_CLASS_DE(): new helper macro
* bgp_attr.c
* bgp_attr_nexthop(): add check for "partial" bit, refresh flag error
reporting, explain meaning of RFC4271 section 6.3 and implement it
lib: provide more information in case of failed LOOKUP.
* log.[ch]
* mes_lookup: add a parameter with the name of the message list, print
the name in case of failure.
* LOOKUP macro: pass the name of the message list.
* bgp_attr.c
* bgp_attr_atomic(): accept extra argument, add checks for
"optional", "transitive" and "partial" bits, log each error
condition independently
* bgp_attr_parse(): provide extra argument
* bgp_attr.c
* bgp_attr_local_pref(): accept extra argument, add checks for
"optional" and "transitive" bits, log each error condition
independently
* bgp_attr_parse(): provide extra argument
Fritz Reichmann [Wed, 14 Sep 2011 15:31:51 +0000 (19:31 +0400)]
isisd: fix crash on "no router isis" (BZ#536)
The crash is due to threads accessing data that gets destroyed
during the removal of the configuration.
* isis_circuit.c: Destroy adjacencies to stop adjacency expiry thread.
Stop PSNP threads.
* isisd.c: Change state of circuit back to INIT and reassign the
circuit structure to isis->init_circ_list rather than destroying
the circuit data structure. Stop SPF threads. Stop LSP generation
threads.
* isisd.h: Add pointers to LSP threads into area structure in order to
stop them in isisd.c
* isis_lsp.c: Store pointer to LSP thread in area structure.
* isis_pdu.c: Stop PDU generation for a circuit with a removed area.
* isis_pfpacket.c: Stop processing received PDUs for a circuit with a
removed area.
Tom Goff [Wed, 10 Nov 2010 21:02:38 +0000 (13:02 -0800)]
ospf6d: Fix memory allocation issues in SPF
* ospf6_area.c: Call ospf6_spf_table_finish() before deleting the spf
table. This ensures that the associated ospf6_vertex structures
are also freed.
* ospf6_spf.c: Only allocate a priority queue when a spf calculation
is actually performed.
Tom Goff [Wed, 10 Nov 2010 21:02:11 +0000 (13:02 -0800)]
ospf6d: Extend the "[no] debug ospf6 route" vty commands
* ospf6_route.c ([no_]debug_ospf6_route) Include memory as a debug
option. This allows ospf6 route memory debugging to be enabled or
disabled interactively or from a config file.
projects / mirror / frr.git / log