| Age | Commit message (Collapse) | Author |
|---|
|
Having triple backquotes on the same line as code block
does not agree with Markdown parser of the repo hosting
site.
Signed-off-by: Mladen Sablic <mladen.sablic@gmail.com>
|
|
Stream updates
|
|
RPKI follow up
|
|
Signed-off-by: Marcel Röthke <marcel.roethke@haw-hamburg.de>
|
|
Signed-off-by: Marcel Röthke <marcel.roethke@haw-hamburg.de>
|
|
Signed-off-by: Marcel Röthke <marcel.roethke@haw-hamburg.de>
|
|
The flags value is not used for unregister events. Let's purposefully
not send anything and purposefully not accept non 0 for it.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
|
frr: COMMUNITY.md updated link to to kernel.org
|
|
Signed-off-by: Mladen Sablic <mladen.sablic@gmail.com>
|
|
The flags passed in should be 0 for an unregister event. Ensure
that we respect that.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
|
The safi encode/decode is using 2 bytes, which
may cause problems on some platforms. Let's assume
that a safi is a uint8_t and work accordingly.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
|
This code modifies zebra to use the STREAM_GET functionality.
This will allow zebra to continue functioning in the case of
bad input data from higher level protocols instead of crashing.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
|
Currently when stream reads fail, for any reason, we assert.
While a *great* debugging tool, Asserting on production code
is not a good thing. So this is the start of a conversion over
to a series of STREAM_GETX functions that do not assert and
allow the developer a way to program this gracefully and still
clean up.
Current code is something like this( taken from redistribute.c
because this is dead simple ):
afi = stream_getc(client->ibuf);
type = stream_getc(client->ibuf);
instance = stream_getw(client->ibuf);
This code has several issues:
1) There is no failure mode for the stream read other than assert.
if afi fails to be read the code stops.
2) stream_getX functions cannot be converted to a failure mode
because it is impossible to tell a failure from good data
with this api.
So this new code will convert to this:
STREAM_GETC(client->ibuf, afi);
STREAM_GETC(client->ibuf, type);
STREAM_GETW(client->ibuf, instance);
....
stream_failure:
return;
We've created a stream_getc2( which does not assert ),
but we need a way to allow clean failure mode handling.
This is done by macro'ing stream_getX2 functions with
the equivalent all uppercase STREAM_GETX functions that
include a goto.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
|
bgpd: Add RPKI/RTR support
|
|
frr-reload.py: misc fixes
|
|
Signed-off-by: Marcel Röthke <marcel.roethke@haw-hamburg.de>
|
|
Signed-off-by: Marcel Röthke <marcel.roethke@haw-hamburg.de>
|
|
Fixes: #1412
Signed-off-by: Juergen Werner <pogojotz@gmx.net>
|
|
Signed-off-by: Daniel Walton <dwalton@cumulusnetworks.com>
There are several lines that we cannot do a "no" on
- frr version
- frr defaults
- password
- line vty
frr-reload should ignore these if asked to do a "no" on them
|
|
Signed-off-by: Daniel Walton <dwalton@cumulusnetworks.com>
The "3.0", etc in the comments were referring to Cumulus Linux 3.0 which
was confusing now that FRR has a 3.0
|
|
Signed-off-by: Daniel Walton <dwalton@cumulusnetworks.com>
We had multiple places checking for
if ctx_keys[0].startswith('router bgp') and line
Combine these into a single check
|
|
Signed-off-by: Daniel Walton <dwalton@cumulusnetworks.com>
|
|
Signed-off-by: Daniel Walton <dwalton@cumulusnetworks.com>
Without this fix frr-reload would do a del/add even if the only
difference were bogus whitespaces.
root@cel-redxp-10[nclu]# /usr/lib/frr/frr-reload.py --test
/etc/frr/frr.conf
Lines To Delete
===============
router bgp 100
no bgp router-id 1.1.1.1
Lines To Add
============
router bgp 100
bgp router-id 1.1.1.1
root@cel-redxp-10[nclu]#
|
|
lib: Only apply prefix's to the same family
|
|
This commit adds support for the RTR protocol to receive ROA
information from a RPKI cache server. That information can than be used
to validate the BGP origin AS of IP prefixes.
Both features are implemented using [rtrlib](http://rtrlib.realmv6.org/).
Signed-off-by: Marcel Röthke <marcel.roethke@haw-hamburg.de>
|
|
called)
Fixes: #1420
Signed-off-by: Juergen Kammer <j.kammer@eurodata.de>
If the ipv6 ospf6 cost on an interface is changed, no recalculation of routes happens, though the interface structure is updated with the new value. The new cost will be used later, when LSA hooks are called for any other reason.
Diagnosis:
The DEFUN for the config command sets oi->cost and calls ospf6_interface_recalculate_cost(oi) whenever there is a change in the supplied value. ospf6_interface_recalculate_cost then gets the new cost for the interface by calling ospf6_interface_get_cost(oi), which returns oi->cost if a cost is manually set (i.e. we get the value we just set). ospf6_interface_recalculate_cost only calls the LSA hooks if there is a change - which obviously never happens if we compare the new value with itself.
|
|
LabNConsulting/working/master/patch-set/vnc-vrf-export
Support vrf export/import based on vrf-policy
|
|
Signed-off-by: Lou Berger <lberger@labn.net>
|
|
Signed-off-by: Lou Berger <lberger@labn.net>
|
|
Signed-off-by: Lou Berger <lberger@labn.net>
|
|
Signed-off-by: Lou Berger <lberger@labn.net>
|
|
redhat: Fix redhat startup to actually read in unified config
|
|
enabled and other minor tweaks
Signed-off-by: Lou Berger <lberger@labn.net>
|
|
keep open until group deleted
Signed-off-by: Lou Berger <lberger@labn.net>
|
|
When we have a v4 or v6 prefix list, only
apply it via a match when the address families
are the same.
Fixes: #1339
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
|
bgpd: fix mishandled attribute length
|
|
A crafted BGP UPDATE with a malformed path attribute length field causes
bgpd to dump up to 65535 bytes of application memory and send it as the
data field in a BGP NOTIFY message, which is truncated to 4075 bytes
after accounting for protocol headers. After reading a malformed length
field, a NOTIFY is generated that is supposed to contain the problematic
data, but the malformed length field is inadvertently used to compute
how much data we send.
CVE-2017-15865
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
|
|
zebra: Allow IFLA_IFALIAS to set ifp->desc
|
|
ospfd: VRF aware Router-ID update
|
|
Ensure zebra received router-id isolated per vrf instance.
Store zebra received router-id within ospf instance.
Ticket:CM-18657
Reviewed By:
Testing Done:
Validated follwoing sequence
- Create vrf1111
- Create ospf vrf1111 with no router-id
- Assign ip to vrf111
- ospf is assigned zebra assigned router-id which is vrf ip.
- upon remvoing vrf ip, the router-id retained as same until
ospfd restarted.
Signed-off-by: Chirag Shah <chirag@cumulusnetworks.com>
|
|
lib: Fix nexthop reading to work better
|
|
bgpd: Fix crash with ecommunity string
|
|
Fixes: #1404
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
|
doc, zebra: Add 'match ipv6 address prefix-len (0-128)' command
|
|
bgpd: fix various problems with hold/keepalive timers
|
|
ospfd: clearnup [no] router ospf command
|
|
ospfd: add vrf option to operational command
|
|
If the user has configured the ability to override
the capabilities or if the afi/safi passed as part
of the _MP capability is not understood, then we
can enter into an infinite loop as part of the
capability parsing.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
|
When we are displaying a extended community ECOMMUNITY_SITE_ORIGIN
the display sprintf is this:
len = sprintf(
str_buf + str_pnt,
"EVPN:%02x:%02x:%02x:%02x:%02x:%02x",
macaddr[0], macaddr[1], macaddr[2],
macaddr[3], macaddr[4], macaddr[5]);
The problem with this is that macaddr[0] is passed in as a integer
so the sprintf function thinks that the value to display is much
larger than it actually is. The ECOMMUNITY_STR_DEFAULT_LEN is 27
So the resulting string no-longer fits in memory and we write
off the end of the buffer and can crash. If we force the
passed in value to be a uint8_t then we get the expected output
since a single byte is displayed as 2 hex characters and the
resulting string fits in str_buf.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
|
Add the ability to match a specific prefix-length in zebra.
This command behaves in the same manner that the v4 version
of the command behaves.
Fixes: #1398
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
