Quentin Young [Mon, 5 Mar 2018 18:20:22 +0000 (13:20 -0500)]
tools: add LeakSanitizer suppressions list
Building FRR with AddressSanitizer is kind of annoying since
libpython3.5 leaks memory, clippy links libpython3.5 and clippy runs as
part of the build process. LeakSanitizer has a way to suppress leaks at
runtime by setting the LSAN_OPTIONS environment variable to contain a
file path to a suppression list:
LSAN_OPTIONS=suppressions=path/to/suppr.txt
This commit provides the file. Setting this environment variable to
before building should allow a clean build with ASAN enabled. The
relative path is there because LeakSanitizer looks at paths relative to
the binary it is sanitizing; clippy is in lib/ so the path is set
relative to lib/.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Martin Winter [Tue, 9 Jan 2018 10:48:03 +0000 (02:48 -0800)]
FRRouting Release 3.0.3
This version of FRR contains these fixes since the last release:
1. Fixes for GCC 7.0
2. Always enable watchfrr on new installation (req for systemd operation)
3. Add 'no password' command (with warning)
4. Added backport for Ubuntu 17.10
Signed-off-by: Martin Winter <mwinter@opensourcerouting.org>
Renato Westphal [Wed, 29 Nov 2017 18:22:08 +0000 (16:22 -0200)]
zebra, ldpd: fix display of pseudowire status
In some circumstances zebra and ldpd would display a pseudowire as UP
when in reality it's not (example: MTU mismatch between the two ends). Fix
this to avoid confusion.
Donald Sharp [Mon, 18 Dec 2017 18:21:08 +0000 (13:21 -0500)]
redhat: watchfrr is built by default, enable it to start at run time
watchfrr has become a first class citizen of the FRR system.
Currently it's used to ensure that running daemons stay up and running
as well as to facilitate frr.conf being written. In the future it is
going to be used to auto-start stop. As such let's start getting
people to use it now.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Wed, 13 Dec 2017 12:43:05 +0000 (07:43 -0500)]
lib: Add warning to no forms of password command
Allow the end-user to remove the password commands that
may have been in their config, but warn them that what
they are doing might be a dangerous thing.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Fri, 17 Nov 2017 00:41:58 +0000 (19:41 -0500)]
bgpd: Only create json for aspath if needed
The creation of the json object for the aspath
is both memory intensive and expensive to
create. Only create the json object when
it is needed and stash it for further usage
at that point.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
ßingen [Fri, 17 Nov 2017 09:32:36 +0000 (10:32 +0100)]
ldp: Fix bug configuring PW
With non-targeted LDP receiving a PW label mapping before configuring
the PW was causing the SET message to be sent before the ADD one, so
Zebra PW manager wouldn't find the PW on first message reception.
Martin Winter [Wed, 8 Nov 2017 00:25:34 +0000 (16:25 -0800)]
FRRouting Release 3.0.2
This version of FRR contains these fixes since the last release:
1. Some improved packaging fixes
2. Fix for miss-handling of BGP attributes in an error situation.
3. Fix for reading in of a nexthop as part of set ip nexthop ... command.
4. Fix for a memory leak in ISIS.
5. Check for per-peer outbound configuration, in addition to the peer-group config.
6. Enable '-S' usage for BGP.
(Re-Release of 3.0.1 which missed some version number and changelog updates)
Signed-off-by: Martin Winter <mwinter@opensourcerouting.org>
Juergen Kammer [Tue, 7 Nov 2017 08:38:22 +0000 (09:38 +0100)]
ospf6d: Fix setting interface ipv6 ospf6 cost value (LSA hooks were never called)
Fixes: #1420 Signed-off-by: Juergen Kammer <j.kammer@eurodata.de>
If the ipv6 ospf6 cost on an interface is changed, no recalculation of routes happens, though the interface structure is updated with the new value. The new cost will be used later, when LSA hooks are called for any other reason.
Diagnosis:
The DEFUN for the config command sets oi->cost and calls ospf6_interface_recalculate_cost(oi) whenever there is a change in the supplied value. ospf6_interface_recalculate_cost then gets the new cost for the interface by calling ospf6_interface_get_cost(oi), which returns oi->cost if a cost is manually set (i.e. we get the value we just set). ospf6_interface_recalculate_cost only calls the LSA hooks if there is a change - which obviously never happens if we compare the new value with itself.
Quentin Young [Mon, 23 Oct 2017 20:43:32 +0000 (16:43 -0400)]
bgpd: fix mishandled attribute length
A crafted BGP UPDATE with a malformed path attribute length field causes
bgpd to dump up to 65535 bytes of application memory and send it as the
data field in a BGP NOTIFY message, which is truncated to 4075 bytes
after accounting for protocol headers. After reading a malformed length
field, a NOTIFY is generated that is supposed to contain the problematic
data, but the malformed length field is inadvertently used to compute
how much data we send.
CVE-2017-15865
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Brian Rak [Mon, 14 Aug 2017 21:22:03 +0000 (17:22 -0400)]
bgpd: Check for per-peer outbound configuration, in addition to the peer-group config
When displaying the config, bgpd only checked for the existance of a peer-group prefix-list before
deciding to not display the outbound prefix-list. This commit updates the outbound prefix-list
logic to match the inbound.
Martin Winter [Thu, 12 Oct 2017 00:56:17 +0000 (17:56 -0700)]
Revert "ospfd: Free memory associated with ospf instance startup"
This reverts commit 79942104bff838362cd6609485a26617492aa6f5.
The original commit causes a heap-use-after-free. See issue
https://github.com/FRRouting/frr/issues/1326
Signed-off-by: Martin Winter <mwinter@opensourcerouting.org>
smccroskey [Tue, 8 Aug 2017 21:51:38 +0000 (14:51 -0700)]
frr.lintian-overrides: update for current list of built libs
Because the lintian warning no longer matched exactly due to removal
of unused protobuf libraries from the build, the warning wasn't
masked. Update it to match the current warning string.
frr.service: remove explicit dependency on socket-based syslog.target
Testing done: built and installed for all ubuntu targets
Socket-based services such as syslog need not be specified as
dependencies in service files, and doing so may slow down boot by
reducing parallelism. All known supported systemd-based platforms
have syslog as a socket-based service.
Clears the following lintian warnings:
W: frr: systemd-service-file-refers-to-obsolete-target lib/systemd/system/frr.service syslog.target
smccroskey [Mon, 29 May 2017 22:34:02 +0000 (15:34 -0700)]
debian: install PNG files in /usr/share/info
Testing done: built in sbuild with lintian enabled
Clears lintian warnings of the following form:
W: frr-doc: info-document-missing-image-file
According to the documentation for the lintian warning, certain
applications (e.g. emacs) can render images from info files inline,
and expect the images to either have their full path defined or be
installed in the same directory as the info files themselves.
Automake doesn't seem to have a primary for handling this sort of
installation (info_DATA is invalid and causes an error), so opted to
handle it in the debian install file itself.
Installing the images elsewhere (another path installed by frr-doc)
and giving a full path to their location in info files might be a
better approach.
Martin Winter [Fri, 9 Jun 2017 02:14:41 +0000 (19:14 -0700)]
debian->debianpkg: Move debian files from debian dir to debianpkg dir.
Debian build systems use debian subdir for building and having a debian
dir in the source package causes issues.
Moving it to debianpkg avoids the issue and allows us to ship debian
package files in the source distribution
Signed-off-by: Martin Winter <mwinter@opensourcerouting.org>
minimize diffs between the base debian files and each backport to the
changes that actually matter, so that they aren't lost in the noise of
capitalization and ordering differences.
this removes some cruft -- old/outdated/incorrect information,
trailing whitespace, etc., and updates the descriptions. Some small
changes were made where appropriate to minimize the diff between the
base control file and those of the various backports.
precise/trusty: don't attempt to install pimd or ldpd manuals
Neither of these daemons are installed on 14.04, leading to build
failures now that the man pages are excluded from the Makefiles when
the daemons aren't enabled for install.
backports: error out on upstream/downstream version mismatch
The quilt source format expects the upstream tarball's version to
correspond roughly to the debian version of the package, and errors
will be thrown (at unpack time, in our case) if it doesn't. Do a
sanity check when we're building the source package to make sure they
match up.
projects / mirror / frr.git / log