ßingen [Thu, 9 Nov 2017 15:02:18 +0000 (16:02 +0100)]
lib: Address ZMQ lib TODOs
Add write callback.
Add error callback.
Add frrzmq_check_events() function to check for edge triggered things
that may have happened after a zmq_send() call or so.
Update ZMQ tests.
Quentin Young [Mon, 23 Oct 2017 20:43:32 +0000 (16:43 -0400)]
bgpd: fix mishandled attribute length
A crafted BGP UPDATE with a malformed path attribute length field causes
bgpd to dump up to 65535 bytes of application memory and send it as the
data field in a BGP NOTIFY message, which is truncated to 4075 bytes
after accounting for protocol headers. After reading a malformed length
field, a NOTIFY is generated that is supposed to contain the problematic
data, but the malformed length field is inadvertently used to compute
how much data we send.
CVE-2017-15865
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Chirag Shah [Thu, 2 Nov 2017 14:54:45 +0000 (07:54 -0700)]
ospfd: VRF aware Router-ID update
Ensure zebra received router-id isolated per vrf instance.
Store zebra received router-id within ospf instance.
Ticket:CM-18657
Reviewed By:
Testing Done:
Validated follwoing sequence
- Create vrf1111
- Create ospf vrf1111 with no router-id
- Assign ip to vrf111
- ospf is assigned zebra assigned router-id which is vrf ip.
- upon remvoing vrf ip, the router-id retained as same until
ospfd restarted.
Signed-off-by: Chirag Shah <chirag@cumulusnetworks.com>
Donald Sharp [Fri, 3 Nov 2017 19:25:31 +0000 (15:25 -0400)]
bgpd: Prevent infinite loop when reading capabilities
If the user has configured the ability to override
the capabilities or if the afi/safi passed as part
of the _MP capability is not understood, then we
can enter into an infinite loop as part of the
capability parsing.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The problem with this is that macaddr[0] is passed in as a integer
so the sprintf function thinks that the value to display is much
larger than it actually is. The ECOMMUNITY_STR_DEFAULT_LEN is 27
So the resulting string no-longer fits in memory and we write
off the end of the buffer and can crash. If we force the
passed in value to be a uint8_t then we get the expected output
since a single byte is displayed as 2 hex characters and the
resulting string fits in str_buf.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Don Slice [Fri, 3 Nov 2017 16:45:02 +0000 (16:45 +0000)]
bgpd: default originate issue with intf peers and global intf address
Problem reported that a receiver of a default route issued across bgp
unnumbered peering using default originate would have the route stay
as inactive. Discovered we were messing up the nexthop value sent to
the peer in this one particular case. Manual testing good, fix supplied
to the submitter and verified to resolve the problem. bgp-smoke
completed successfully.
Ticket: CM-18634 Signed-off-by: Don Slice <dslice@cumulusnetworks.com> Reviewed-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Fri, 27 Oct 2017 17:02:15 +0000 (13:02 -0400)]
eigrpd: Allow query send to send more than 1 packet
When we send a query if we have more queries than we
can fit in one packet, allow the packet to be broken
up into multiple packets to be sent to our neighbor.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Chirag Shah [Mon, 30 Oct 2017 18:56:59 +0000 (11:56 -0700)]
ospfd: fix show ospf neigh json for multile nbrs
Same neighbor learned from multiple ospf interfaces
(all) were not displayed in json, only last was displayed.
Created list within dictionary using neighbor-id as key.
lookup neigbhor-id in json obejct prior to creating new list.
spine-2# show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
0.0.1.16 1 Full/DR 36.754s 8.0.3.15 swp1:8.0.3.16
0.0.1.16 1 Full/DR 30.903s 7.0.3.15 swp2:7.0.3.16
Donald Sharp [Mon, 30 Oct 2017 23:41:28 +0000 (19:41 -0400)]
pimd: Fix crash with debug and ifp changes
Certain interface flapping events can cause a lookup
that does not find any ifp pointer. This is only causing
a crash in the `debug pim zebra` command due to only needing
to lookup the interface for it's name.
Modify code to ensure we have a valid pointer. Follow other
debug statements lead in the same function for what to display
when an interface does not currently exist.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Sun, 29 Oct 2017 12:51:57 +0000 (08:51 -0400)]
eigrpd: When writing packet don't crash in some cases
When we are writing a packet if we have gotten ourselves
into a bad situation, note it and move on. Hopefully
dumping enough information so that we can find the offending
reason.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Chirag Shah [Thu, 26 Oct 2017 21:23:25 +0000 (14:23 -0700)]
ospfd: add vrf option to operational command
Seperate the display option in both vty and json
case 'vrf' is used in show command.
show ip ospf 'vrf all' [json]
Display vrf name as key object in json and vrf name
in vty output.
case 'vrf' is not used then only display default
vrf ospf instance and vrf name is not shown in vty and
json.
Signed-off-by: Chirag Shah <chirag@cumulusnetworks.com>
Donald Sharp [Mon, 23 Oct 2017 14:10:06 +0000 (10:10 -0400)]
zebra: Move clear_nhlfe_installed to calling functions
The function clear_nhlfe_installed is to be called
when we get a install failure of some sort for
a lsp change. Since an install failure can happen
in both linux and openBSD moving the function call
northbound is a good idea.
I've also added it to the kernel_del_lsp for completeness
on failure as well, even though neither linux or openBSD
currently can fail a uninstall.
This still leaves the hole where if we have multiple
nhlfes and have an install failure we are not quite
doing the right thing by just blanketly calling
clear_nhlfe_installed.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Thu, 26 Oct 2017 18:07:33 +0000 (14:07 -0400)]
bgpd: exit on socket bind failures
When we fail to bind to port 179 we are left in a situation
where we have not saved the bgp pointer created and when
the bgp cli mode is exited we leak the memory.
Additionally there is no recovery situation here that
could be easily programmed without fundamentally changing
the code.
So let's exit and output to the log file some useful
information to hopefully clue the user in on what is
going wrong.
Fixes: #1130 Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Don Slice [Thu, 19 Oct 2017 18:23:30 +0000 (14:23 -0400)]
bgpd: fix various problems with hold/keepalive timers
Problem reported that we weren't adjusting the keepalive timer
correctly when we negotiated a lower hold time learned from a
peer. While working on this, found we didn't do inheritance
correctly at all. This fix solves the first problem and also
ensures that the timers are configured correctly based on this
priority order - peer defined > peer-group defined > global config.
This fix also displays the timers as "configured" regardless of
which of the three locations above is used.
Ticket: CM-18408 Signed-off-by: Don Slice <dslice@cumulusnetworks.com> Reviewed-by: CCR-6807
Testing-performed: Manual testing successful, fix tested by
submitter, bgp-smoke completed successfully
Donald Sharp [Thu, 26 Oct 2017 03:07:21 +0000 (23:07 -0400)]
bgpd: Treat empty reachable NLRI as a EOR
This issue was discovered on a live session with an extremely
old cisco 7206VXR router running 12.2(33)SRE4. The sending router
is sending us an empty NLRI that is MP_REACH. From RFC
exploration(thanks Russ!) it appears that this was
considered a 'valid' way to send EOR.
Following discussion decided that we should treat
this situation as a EOR marker instead of bringing
down the session.
Applying this fix on the FRR router seeing this issue
allows it to continue it's peering relationship with
the ASR. Since this is a point fix I do not see
a high likelihood of further fallout.
Fixes: #1258 Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Thu, 26 Oct 2017 02:38:50 +0000 (22:38 -0400)]
bgpd: When not fully connected to zebra gracefully ignore the issue
When bgp is coming up and is reading a non-integrated config.
The bgp connection to zebra has not fully had a chance to start.
As such when a redistribute line is parsed the attempt is
made to install it but it was erroring out with a warning.
This caused the `redistribute XXX` line to create a error
message to the end user.
Since bgp calls zclient_send_reg_requests which re-registers
the redistribute call once the actual zebra connection is up
and once bgp comes alive this is ok.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Thu, 26 Oct 2017 02:35:35 +0000 (22:35 -0400)]
lib: Fix non-integrated config error display
When using a non-integrated config and starting up
of a protocol daemon, we were not properly handling
all possible cases and as such when an user hit
an actual error they were getting (null) listed
for the message string.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Wed, 25 Oct 2017 17:30:45 +0000 (13:30 -0400)]
pimd: Cleanup vrf SA issues exposed by recent commits
A recent commit has shown that we were not consistent with
handling of the vrf lookup. Adjust pim to do the right
thing with vrf lookup to be consistent and to make SA
happier.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Wed, 25 Oct 2017 14:47:55 +0000 (10:47 -0400)]
zebra: Allow user to specify work-queue processing hold time
Allow the user to modify the work-queue processing hold time
from 10ms to a value from (0-10000). Make the command hidden
as that it's a semi-dangerous command and it could cause
issues.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Wed, 18 Oct 2017 14:19:58 +0000 (10:19 -0400)]
bgpd: Allow 'match peer' for all route-map types
There are multiple places that we use route-maps in bgp
There is no need to limit the route-map 'match peer ...' command
to just import and export route-map types. I see need for
using this in table-maps as well.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Don Slice [Mon, 16 Oct 2017 16:07:15 +0000 (09:07 -0700)]
zebra: only pass mpls proto type if doing install
Problem reported with not deleting LSPs from the zebra kernal mpls table
when a delete occurred in bgp. Found that we were exiting the delete
process incorrectly due to not being able to derive the route_type from
the best_nhlre on the lsp while deleting. Since this info was only
needed for route installation, removed this early exit in the case of
deleting the lsp.
Renato Westphal [Mon, 23 Oct 2017 21:24:07 +0000 (19:24 -0200)]
lib: optimize sockunion_connect()
This function is only called with non-blocking sockets [1], so there's
no need to worry about setting O_NONBLOCK and unsetting it later if the
given fd was a blocking socket. This saves us 4 syscalls per connect,
which is not much but is something.
Also, remove an outdated comment about the return values of this
function. It returns a 'connect_result' enum now, whose values are
self-explanatory (connect_error, connect_success and connect_in_progress).
This also fixes a coverity scan warning where we weren't checking the
return value of the fcntl() syscall.
Renato Westphal [Sun, 22 Oct 2017 23:14:21 +0000 (21:14 -0200)]
*: fix coverity warnings - resource leaks
These are mostly trivial fixes for leaks in the error path of some functions.
The changes in bgpd/bgp_mpath.c deserves a bit of explanation though. In
the bgp_info_mpath_aggregate_update() function, we were allocating memory
for the lcomm variable but doing nothing with it. Since the code for
communities, extended communities and large communities is pretty much
the same in this function, it's clear that this was a copy and paste
error where most of the ext. community code was copied but not all of
it as it should have been.
projects / mirror / frr.git / log