Donald Sharp [Thu, 16 Nov 2017 13:49:02 +0000 (08:49 -0500)]
ripd: Fix SA issues
The rinfo variable was being set but never used.
We just need to call rip_ecmp_replace or rip_ecmp_add
this function does not care about the return values
because the rinfo returned is stored on the rip
route entry.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Wed, 15 Nov 2017 18:22:56 +0000 (13:22 -0500)]
bgpd: Allow bgp to understand the different nexthop types
When BGP is being redistributed prefixes, allow it to
understand the nexthop type.
This fixes the issue where a blackhole route was being interpreted
to having a nexthop of 1.0.0.0( ruh-roh!!! ). This broke
downstream neighbors as that they would receive a 1.0.0.0 nexthop,
which is bad, very very bad.
This commit sets us up for the future where we can match
a route-map against a nexthop type. In that bgp is
now at least nominally paying attention to the type.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Wed, 15 Nov 2017 14:50:32 +0000 (09:50 -0500)]
ripd: Convert to using 'struct nexthop' for nexthop information
RIP is not using the nexthop data structure and as such when
it does not fully understand when it receives some of the
more exotic nexthop types what to do with it. This is the
start of a series of commits to allow RIP to start understanding
and properly displaying information about different nexthop
types.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Fri, 10 Nov 2017 13:51:34 +0000 (08:51 -0500)]
lib, zebra: Modify zebra to use STREAM_GET for zapi
This code modifies zebra to use the STREAM_GET functionality.
This will allow zebra to continue functioning in the case of
bad input data from higher level protocols instead of crashing.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Thu, 2 Nov 2017 12:37:06 +0000 (08:37 -0400)]
lib: Add STREAM_GETX functions
Currently when stream reads fail, for any reason, we assert.
While a *great* debugging tool, Asserting on production code
is not a good thing. So this is the start of a conversion over
to a series of STREAM_GETX functions that do not assert and
allow the developer a way to program this gracefully and still
clean up.
Current code is something like this( taken from redistribute.c
because this is dead simple ):
afi = stream_getc(client->ibuf);
type = stream_getc(client->ibuf);
instance = stream_getw(client->ibuf);
This code has several issues:
1) There is no failure mode for the stream read other than assert.
if afi fails to be read the code stops.
2) stream_getX functions cannot be converted to a failure mode
because it is impossible to tell a failure from good data
with this api.
We've created a stream_getc2( which does not assert ),
but we need a way to allow clean failure mode handling.
This is done by macro'ing stream_getX2 functions with
the equivalent all uppercase STREAM_GETX functions that
include a goto.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Daniel Walton [Fri, 10 Nov 2017 18:30:25 +0000 (18:30 +0000)]
tools: frr-reload do not attempt deleting lines that cannot be deleted
Signed-off-by: Daniel Walton <dwalton@cumulusnetworks.com>
There are several lines that we cannot do a "no" on
- frr version
- frr defaults
- password
- line vty
frr-reload should ignore these if asked to do a "no" on them
Daniel Walton [Fri, 10 Nov 2017 17:57:42 +0000 (17:57 +0000)]
tools: frr-reload remove Cumulus Linux release numbers from comments
Signed-off-by: Daniel Walton <dwalton@cumulusnetworks.com>
The "3.0", etc in the comments were referring to Cumulus Linux 3.0 which
was confusing now that FRR has a 3.0
Daniel Walton [Fri, 10 Nov 2017 17:19:08 +0000 (17:19 +0000)]
tools: frr-reload.py ignore multiple whitespaces
Signed-off-by: Daniel Walton <dwalton@cumulusnetworks.com>
Without this fix frr-reload would do a del/add even if the only
difference were bogus whitespaces.
Marcel Röthke [Fri, 10 Nov 2017 12:56:24 +0000 (13:56 +0100)]
bgpd: Add RPKI/RTR support
This commit adds support for the RTR protocol to receive ROA
information from a RPKI cache server. That information can than be used
to validate the BGP origin AS of IP prefixes.
Both features are implemented using [rtrlib](http://rtrlib.realmv6.org/).
Juergen Kammer [Tue, 7 Nov 2017 08:38:22 +0000 (09:38 +0100)]
ospf6d: Fix setting interface ipv6 ospf6 cost value (LSA hooks were never called)
Fixes: #1420 Signed-off-by: Juergen Kammer <j.kammer@eurodata.de>
If the ipv6 ospf6 cost on an interface is changed, no recalculation of routes happens, though the interface structure is updated with the new value. The new cost will be used later, when LSA hooks are called for any other reason.
Diagnosis:
The DEFUN for the config command sets oi->cost and calls ospf6_interface_recalculate_cost(oi) whenever there is a change in the supplied value. ospf6_interface_recalculate_cost then gets the new cost for the interface by calling ospf6_interface_get_cost(oi), which returns oi->cost if a cost is manually set (i.e. we get the value we just set). ospf6_interface_recalculate_cost only calls the LSA hooks if there is a change - which obviously never happens if we compare the new value with itself.
Quentin Young [Mon, 23 Oct 2017 20:43:32 +0000 (16:43 -0400)]
bgpd: fix mishandled attribute length
A crafted BGP UPDATE with a malformed path attribute length field causes
bgpd to dump up to 65535 bytes of application memory and send it as the
data field in a BGP NOTIFY message, which is truncated to 4075 bytes
after accounting for protocol headers. After reading a malformed length
field, a NOTIFY is generated that is supposed to contain the problematic
data, but the malformed length field is inadvertently used to compute
how much data we send.
CVE-2017-15865
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Chirag Shah [Thu, 2 Nov 2017 14:54:45 +0000 (07:54 -0700)]
ospfd: VRF aware Router-ID update
Ensure zebra received router-id isolated per vrf instance.
Store zebra received router-id within ospf instance.
Ticket:CM-18657
Reviewed By:
Testing Done:
Validated follwoing sequence
- Create vrf1111
- Create ospf vrf1111 with no router-id
- Assign ip to vrf111
- ospf is assigned zebra assigned router-id which is vrf ip.
- upon remvoing vrf ip, the router-id retained as same until
ospfd restarted.
Signed-off-by: Chirag Shah <chirag@cumulusnetworks.com>
Donald Sharp [Fri, 3 Nov 2017 19:25:31 +0000 (15:25 -0400)]
bgpd: Prevent infinite loop when reading capabilities
If the user has configured the ability to override
the capabilities or if the afi/safi passed as part
of the _MP capability is not understood, then we
can enter into an infinite loop as part of the
capability parsing.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The problem with this is that macaddr[0] is passed in as a integer
so the sprintf function thinks that the value to display is much
larger than it actually is. The ECOMMUNITY_STR_DEFAULT_LEN is 27
So the resulting string no-longer fits in memory and we write
off the end of the buffer and can crash. If we force the
passed in value to be a uint8_t then we get the expected output
since a single byte is displayed as 2 hex characters and the
resulting string fits in str_buf.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Don Slice [Fri, 3 Nov 2017 16:45:02 +0000 (16:45 +0000)]
bgpd: default originate issue with intf peers and global intf address
Problem reported that a receiver of a default route issued across bgp
unnumbered peering using default originate would have the route stay
as inactive. Discovered we were messing up the nexthop value sent to
the peer in this one particular case. Manual testing good, fix supplied
to the submitter and verified to resolve the problem. bgp-smoke
completed successfully.
Ticket: CM-18634 Signed-off-by: Don Slice <dslice@cumulusnetworks.com> Reviewed-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Fri, 27 Oct 2017 17:02:15 +0000 (13:02 -0400)]
eigrpd: Allow query send to send more than 1 packet
When we send a query if we have more queries than we
can fit in one packet, allow the packet to be broken
up into multiple packets to be sent to our neighbor.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Chirag Shah [Mon, 30 Oct 2017 18:56:59 +0000 (11:56 -0700)]
ospfd: fix show ospf neigh json for multile nbrs
Same neighbor learned from multiple ospf interfaces
(all) were not displayed in json, only last was displayed.
Created list within dictionary using neighbor-id as key.
lookup neigbhor-id in json obejct prior to creating new list.
spine-2# show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
0.0.1.16 1 Full/DR 36.754s 8.0.3.15 swp1:8.0.3.16
0.0.1.16 1 Full/DR 30.903s 7.0.3.15 swp2:7.0.3.16
Donald Sharp [Mon, 30 Oct 2017 23:41:28 +0000 (19:41 -0400)]
pimd: Fix crash with debug and ifp changes
Certain interface flapping events can cause a lookup
that does not find any ifp pointer. This is only causing
a crash in the `debug pim zebra` command due to only needing
to lookup the interface for it's name.
Modify code to ensure we have a valid pointer. Follow other
debug statements lead in the same function for what to display
when an interface does not currently exist.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Sun, 29 Oct 2017 12:51:57 +0000 (08:51 -0400)]
eigrpd: When writing packet don't crash in some cases
When we are writing a packet if we have gotten ourselves
into a bad situation, note it and move on. Hopefully
dumping enough information so that we can find the offending
reason.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Chirag Shah [Thu, 26 Oct 2017 21:23:25 +0000 (14:23 -0700)]
ospfd: add vrf option to operational command
Seperate the display option in both vty and json
case 'vrf' is used in show command.
show ip ospf 'vrf all' [json]
Display vrf name as key object in json and vrf name
in vty output.
case 'vrf' is not used then only display default
vrf ospf instance and vrf name is not shown in vty and
json.
Signed-off-by: Chirag Shah <chirag@cumulusnetworks.com>
Donald Sharp [Mon, 23 Oct 2017 14:10:06 +0000 (10:10 -0400)]
zebra: Move clear_nhlfe_installed to calling functions
The function clear_nhlfe_installed is to be called
when we get a install failure of some sort for
a lsp change. Since an install failure can happen
in both linux and openBSD moving the function call
northbound is a good idea.
I've also added it to the kernel_del_lsp for completeness
on failure as well, even though neither linux or openBSD
currently can fail a uninstall.
This still leaves the hole where if we have multiple
nhlfes and have an install failure we are not quite
doing the right thing by just blanketly calling
clear_nhlfe_installed.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
projects / mirror / frr.git / log