Dynamically grow the hash table index if the chains get too long.
If expansion doesn't help keep chain length short, then stop expanding,
to avoid bad behavior if there is a poor hash function.
Not a new idea, based on concepts in uthash.
Depends on my previous patch to restrict hash to power of 2.
Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
[profiling results: sum of cycles spent in hash_get/jhash with RIPE RIS
test data (single simple BGP peer) improved to 69% of previously spent] Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
By forcing the hash table size to be a power of 2, a potentially
expensive divide can be replaced by a mask operation. Almost all
usage of the hash table was using default size of 1024. Only places
with different size was thread library (1011) and bgp aspath.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Joakim Tjernlund [Sat, 23 Feb 2013 18:38:37 +0000 (19:38 +0100)]
vtysh: fix false lib path matching in extract.pl.in
The if ($file =~ /lib/) path matching logic is supposed to
match Quagga's lib directory only but will match all path
having lib in it such as /var/lib/jenkins/quagga/...
Fix by matching both lib and file: lib/keychain.c etc.
Signed-off-by: Joakim Tjernlund <Joakim.Tjernlund@transmode.se> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
This patch resolves the significance of order of group and password
statements.
It prevents passwords from being lost in cases where all
three conditions apply:
1. the peer is member of a group with or without group password
2. the peer has an individual password set
3. the peer is added to a group within an address-family ipv6
section
In addition this patch prevents the same issue in cases, where an IPv4
peer's password is set first and the peer is added to a group
afterwards.
Adding a peer to a group cancels his individual password. Without ipv6
this is not a problem, because choosing the right order of config
statements will do (set password only after adding peer to group).
When adding the peer to a group within the address-family
section, his password is definitely lost. The same workaround (ie.
setting the password after the address-family section) can not be used,
because "show run" will print the configuration statements in the wrong
order.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
David Lamparter [Sun, 27 Jan 2013 03:46:02 +0000 (04:46 +0100)]
build: fix "pragma weak" mixups
Not only was there a minor typo in the "pragma weak" preprocessor
checks, but also were the tests not behaving as needed - they only
indicated support for the /first/ method of implementing weak aliases,
which on Linux is __attribute__ and not #pragma.
* m4/ax_sys_weak_alias.m4: set defines for _all_ weak alias methods
* zebra/kernel_null.c: fix typo
Cc: Doug VanLeuven <roamdad@sonic.net> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
David Lamparter [Fri, 18 Jan 2013 18:11:59 +0000 (19:11 +0100)]
doc: update some introduction paragraphs
in particular,
- add IS-IS to some listings
- list Solaris & OSX as "some work required"
- remove OS version numbers. We have no base to specify any of them.
- list supported C compilers (gcc, clang, icc)
- cut the Quagga 2.0 stuff that promises QoS and firewall functionality
Christian Franke [Mon, 28 Jan 2013 06:14:43 +0000 (07:14 +0100)]
bgpd: fix crash in soft-reconfiguration
Commit 8692c50652 introduced a bug where bgpd would crash on
soft-reconfiguration.
This happens e.g. when there are filtered unicast routes because
rn->info is NULL in that case, which the code did not account for.
Reported-by: Paweł Staszewski <pstaszewski@itcare.pl> Signed-off-by: Christian Franke <chris@opensourcerouting.org> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
David Lamparter [Wed, 23 Jan 2013 03:20:37 +0000 (04:20 +0100)]
tests: fix missing init in bgp_mp_attr_test.c
turns out, bgp_mp_reach_parse really doesn't like getting garbage
attribute input. In particular, attr->extra better be NULL or we
merrily go trample random places (like our stack).
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
David Lamparter [Tue, 22 Jan 2013 22:39:17 +0000 (23:39 +0100)]
tests: update & extend AS_PATH tests
NB: these tests test for current implementation state, not for RFC
conformance. In particular, behaviour with confederations in AS4_PATH
as well as reconcilation of short AS_PATH + AS4_PATH is currently NOT
conforming to RFC 4893/6793.
* tests/aspath_test.c: add capability to put both AS4_PATH & AS_PATH,
add test for AS4_PATH w/o AS_PATH, update confederation test
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
David Lamparter [Wed, 23 Jan 2013 04:50:24 +0000 (05:50 +0100)]
bgpd: relax ORF capability length handling
commit fe9bb64... "bgpd: CVE-2012-1820, DoS in bgp_capability_orf()"
made the length test in bgp_capability_orf_entry() stricter and is now
causing us to refuse (with CEASE) ORF capabilites carrying any excess
data. This does not conform to the robustness principle as laid out by
RFC1122 ("be liberal in what you accept").
Even worse, RFC5291 is quite unclear on how to use the ORF capability
with multiple AFI/SAFIs. It can be interpreted as either "use one
instance, stuff everything in" but also as "use multiple instances".
So, if not for applying robustness, we end up clearing sessions from
implementations going by the former interpretation. (or if anyone dares
add a byte of padding...)
Cc: Denis Ovsienko <infrastation@yandex.ru> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
David Lamparter [Sun, 20 Jan 2013 17:29:28 +0000 (18:29 +0100)]
bgpd: don't try to reconcile AS4_PATH with NULL
bgp_attr_munge_as4_attrs would previously try to reintegrate an AS4_PATH
with a NULL AS_PATH, leading to a rather nasty SEGV. Let's go by
RFC6793 and treat missing AS_PATH as 0-length AS_PATH, which in turn
means discarding the AS4_PATH.
[NB: we don't actually stick to the actual rule, which is discarding
AS4_PATH if it's longer than AS_PATH; indeed we should probably fix that
too]
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
David Lamparter [Wed, 16 Jan 2013 00:48:04 +0000 (01:48 +0100)]
build: Quagga 0.99.22-rc1
this is not a full release version, so neither release notes nor
documentation are updated yet. Also, signing the tag with my private
GPG key instead of the Quagga one.
bgpd: conditional default-originate using route-map
Incorporate a patch by Svetozar Mihailov which implements
default-originate route-maps to behave as expected, i.e. allowing
the default route to be advertised conditionally, depending on a
criterion given by the route-map.
I am aware that the performance attributes of the following implementation
are far from optimal. However, this affects only code paths belonging to
a feature that is broken without this patch, therefore, it seems reasonable
to me to have this in the mainline for now.
Cc: Svetozar Mihailov <quagga@j.zarhi.com> Reported-by: Sébastien Cramatte <scramatte@gmail.com> Signed-off-by: Christian Franke <chris@opensourcerouting.org> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Quagga makes bad assumptions about sockaddr_dl (on NetBSD, but possibly
on other systems as well). Particularly, sizeof(struct sockaddr_dl)
returns a size that does not include the full sdl_data field, leading to
not enough data being copied. This breaks IPv6 RAs in particular, as
a broken mac address from sockaddr_dl will be included in the packets.
From: Matthias-Christian Ott <ott@mirix.org> Tested-by: Uwe Toenjes <6bone@6bone.informatik.uni-leipzig.de>
[further simplified + more comments] Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Hasso Tepper [Sun, 13 Jan 2013 17:45:29 +0000 (17:45 +0000)]
build: Fix build on MacOSX 10.8 (Mountain Lion)
Newer MacOSX versions have support for both IPv6 advanced socket API
RFCs (2292 and 3542) switchable in compile time, but neither of these
is default for some strange reason. RFC3542 will be default in future,
but for now we have to declare that we want to use the RFC3542 API
before including <netinet/in.h>.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Keep data flowing, uncork after each BGP_WRITE_PACKET_MAX.
This makes TCP send data sooner, since thread may not be scheduled
again for a a longish time because of new UPDATE's coming in.
Signed-off-by: Stephen Hemminger <shemminger@vyatta.org> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
The readtime value is for diagnostic, and doesn't have to be highly
accurate. This also fixes a problem where the readtime was being measured
with system clock, but the peer_uptime() was comparing with bgp_clock.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Measuring the resource usage of threads is moderately expensive
since it requires doing an additional system call everytime a
thread context switches. Make it possible to disable this with
a configuration option.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
bgpd: improve logging of invalid BGP Notifications
Invalid BGP Notification messages should be logged locally, cf.
RFC4271, Sect. 6.4, p 34,
NOTIFICATION Message Error Handling
Current notification for invalid Notification code:
2012/10/10 02:17:54 BGP: message index 10 not found in bgp_notify_msg (max is 8)
2012/10/10 02:17:54 BGP: 192.168.1.1 received NOTIFICATION 10/0 ((no item found)) 0 bytes
the logging should be a bit more clear. The above logging really doesn't
explain much and looks more like a programming error.
[rewrote most of it to get in something I can call a shape -David] Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
bgpd: fix error response to invalid BGP version number
BGP4-ANVL 20.1 ANVL tries to open BGP with version 5 and expects correct
notification in response. Quagga sends notification, but with incorrect
information in it.
The data needs to be a 2-byte value, and for now we respond with 0004 for any
peer version other than 4.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Commit 558d1fec11749d3257e improved bgp_attr_dup so it would be possible
for the caller to provide attr_extra, allowing to use the stack instead
of the heap for operations requiring only a short lived attr.
However, this commit introduced a bug where bgp_attr_dup wouldn't copy
attr_extra at all (but provide a reference to the original) if the
caller provided attr_extra.
Cc: Jorge Boncompte [DTI2] <jorge@dti2.net> Signed-off-by: Christian Franke <chris@opensourcerouting.org> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
zebra was not checking afi/safi values. This was leading to crashes where
these values were coming directly from some protocol's on-wire fields.
Safeguarding them in zebra is a good start.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Christian Franke [Mon, 19 Nov 2012 11:17:31 +0000 (11:17 +0000)]
bgpd: store "no neighbor activate" for IPv4 unicast
If a neighbor was in a peer group for any AFI/SAFI, bgpd would never write a
"no neighbor activate" line for IPv4 unicast, so a valid setup like following
could be configured, but not saved:
bgpd: avoid heap fragmentation in bgp_clear_route_table
In bgp_clear_route_table, moved cleanup code before the allocation
of the work queue items. This returns the memory to the system
allocator before allocating new and might therefore help avoiding
heap fragmentation.
* bgp_route.c: (bgp_clear_route_table) moved code blocks.
Signed-off-by: Jorge Boncompte [DTI2] <jorge@dti2.net> Reviewed-by: Leonid Rosenboim <Leonid.Rosenboim@windriver.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
bgpd: fix for leaked struct bgp_adj_[in|out] on peer shutdown
If a peer with soft-reconfiguration configured is cleared, the
function bgp_clear_route_table() doesn't free the bgp_adj_in and bgp_adj_out
structures of route nodes that for some reason, ej. denied by a filter,
don't have routes attached "rn->info == NULL".
Signed-off-by: Jorge Boncompte [DTI2] <jorge@dti2.net> Reviewed-by: Leonid Rosenboim <Leonid.Rosenboim@windriver.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
David Lamparter [Tue, 27 Nov 2012 02:21:44 +0000 (03:21 +0100)]
lib: remove ALL_LIST_ELEMENTS dead code branch
ALL_LIST_ELEMENTS is checking node == NULL twice, which is causing a
whole slew of false positives in Coverity. In this particular case,
addressing this in the code is reasonable; being a macro, this appears
all over the place without easy remedy.
Acked-by: Scott Feldman <sfeldma@cumulusnetworks.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
高鹏 [Wed, 21 Nov 2012 10:15:43 +0000 (18:15 +0800)]
zebra: fix netlink NL_PKT_BUF_SIZE
Change default value of variable NL_PKT_BUF_SIZE to 8192UL. Cf.
NLMSG_GOODSIZE definition of linux in include/linux/netlink.h for detail.
Previously, on platforms with a page size greater than 8192, if you had added
too many interfaces, zebra would not have enough buffer space to get the entire
interface list. This resulted in an incomplete interface list.
From: 高鹏 <gpstrive@gmail.com>
[updated to apply after FPM patches] Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Doug VanLeuven [Fri, 14 Dec 2012 12:58:30 +0000 (14:58 +0200)]
testzebra: pragma weak: detect systems with weak alias and provide alternative
LLVM clang does not support #pragma weak (bug 3679) on OS X. There are
other systems where the #pragma weak has varying syntax.
Added m4 file from the autoconf archives:
http://www.gnu.org/software/autoconf-archive/ax_sys_weak_alias.html
Fix up zebra/*_null.c files to use #pragma weak alias or stub functions
if not available. It's incomplete in that the different format #pragma
enable easier fixes on need.
Tested on 64bit OS X 10.7, FreeBSD 9.0 amd64 & i386 (32bit) using
gcc & clang. Tested on linux 64bit.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Dinesh G Dutt [Mon, 7 Jan 2013 18:12:52 +0000 (10:12 -0800)]
ospfd: Remove dup MaxAge LSA flood
Stop additional, unnecessary flooding of MaxAge LSAs.
When a MaxAge LSA is installed, if the LSA is prematurely aged or the LSA is
not self-originated, the LSA is flushed. This results in a the LSA being
flooded a second time and in some cases flooded back to the receiver
(unless the receiver is also the advertising router). A MaxAge'd LSA has
already been flooded in ospf_flood() as part of the LSA receive processing
(ospf_ls_upd). A self-originated LSA will be flooded from the originate/refresh
routine. Thus, in the install routine, a MaxAge'd LSA only needs to be added
to the MaxAge LSA list.
Signed-off-by: Dinesh G Dutt <ddutt@cumulusnetworks.com> Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
Vishal Kumar [Fri, 7 Dec 2012 22:47:58 +0000 (14:47 -0800)]
ospfd: Corrected ospfd Type-4/Type-5 ls update handling
This fix is for Type-4 LS updates handling at a ABR router where
ospf daemon is not distributing Type-4 LS updates with correct LS-Age
after learning about a ASBR router in a ospf network. Because of this
Type-5 LS updates are not learnt in ospf network.
Testing Scenario:
This can be re-produced by restarting the ospfd daemon on DUT
(mentioned in figure below)before the Hello time interval expires
for area 0.0.0.1.
In the above setup when ospfd is restarted (imp:before the Hello interval
at R1 expires) and DUT learns about ASBR router R3 (Type-4) in the
network from R2, but this ls-update is not propagates in area
0.0.0.1. So R1 never comes to know about the ASBR router in the
network, so all the type-5 LS updates coming from R3 are not learnt
by R1. Further if we again restart ospfd daemon it starts working fine.
With the fix given this issue can be resolved.
More Discussion on this is available at:
http://www.gossamer-threads.com/lists/quagga/dev/23892
Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
Andrew Certain [Tue, 4 Dec 2012 21:36:41 +0000 (13:36 -0800)]
ospfd: Changed TE instance check to remove -Wtype-limits warning
Since LEGAL_TE_INSTANCE_RANGE() was being passed an unsigned int, a warning
was being thrown due to the compare against >= 0. Since this macro was used
only in one place, I removed the macro for an explict compare against a
constant for the MAX.
Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
Andrew Certain [Tue, 4 Dec 2012 21:33:24 +0000 (13:33 -0800)]
lib: Changes to VTY string-parsing macros to remove warnings
The VTY_GET_INTEGER_RANGE macro was being used also just to check the range
on a variable that wasn't used (for the "no" version of a VTY command), so I
split the macro into two. Also, since the variable is unsigned, if MIN is
zero, you get a warning about comparing an unsigned number against 0, giving
rise to slightly convoluted logic. Note that the previous two patches were
found by the -Wtype-limits and -Wunused-variables warnings. Without the
changes to these macros, these warnings are triggered erroneously, making it
harder to find the real problems.
Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
Andrew Certain [Tue, 4 Dec 2012 20:54:18 +0000 (12:54 -0800)]
ospfd: Fixed signed/unsigned masking of negative metrics
In the original code, negative metrics would be converted successfully by
atoi() and then converted to an unsigned int that would always compare
successfully against >= 0, leaving a large positive metric in the route map.
Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
David Lamparter [Tue, 4 Dec 2012 19:11:41 +0000 (11:11 -0800)]
ospf: fix apiserver enable
The ospf_apiserver_enable flag was being cleared _after_ the "-a"
command-line option set it to 1. Move up the initialisation, so
enabling the OSPF API is actually possible.
Reported-by: Rosario Mattera <rosmattera@gmail.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org> Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
Leonard Tracy [Tue, 4 Dec 2012 19:02:35 +0000 (11:02 -0800)]
ospf: Fix type-4 network mask to 0 per RFC
The OSPF RFC (2328) states that the network mask field of a type 4
LSA "is not meaningful and must be zero". OSPFD has been setting
the mask as /32. This patch changes OSPFD to set the mask to 0 per
the RFC
Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
Dinesh Dutt [Tue, 4 Dec 2012 18:46:37 +0000 (10:46 -0800)]
ospf: Convert MAX_AGE LSA list to tree
Store the MaxAge LSA list in a tree instead of a linked list for efficient access.
Walking the list can be quite inefficient in some large systems and under certain tests.
ospfd maintains the list of LSA's that have been MaxAge'd out in a separate
linked list for removal by a remover/walker thread. When a new LSA is to be
installed, the old LSA is ejected and when it is ejected, the MaxAge LSA list
is traversed to ensure that the old LSA is also removed from this list if it
exists on this list.
When a large number (> 5K) MaxAge LSAs are bombarding the system, walking this
list takes a significant time causing timers to fire and actions to be taken
such as expiring neighbors due to expiry of DeadInterval (especially when timer
is really low, <= 12s), creating a spiral of instability.
By making this MaxAge LSA list be a tree, this problem is mitigated.
Signed-off-by: Dinesh Dutt <ddutt@cumulusnetworks.com> Reviewed-by: Ayan Banerjee <ayan@cumulusnetworks.com> Reviewed-by: Scott Feldman <sfeldma@cumulusnetworks.com> Reviewed-by: Shrijeet Mukherjee <shm@cumulusnetworks.com> Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
Ayan Banerjee [Mon, 3 Dec 2012 19:17:24 +0000 (11:17 -0800)]
ospf: forward ref. of areas for "max-metric router-lsa administrative" cmd
In the event areas are created at a later point of time with respect
to the playback of the "max-metric router-lsa administrative" command,
those areas do not get into indefinite max-metric mode. This patch is
inteneded to store the configuration and apply it to all future areas
that may be created.
In the process, some other bugs that were there with respect to restart
etc are fixed up.
Tested locally to see that the fix works across multiple
areas and across multiple restarts.
Signed-off-by: Ayan Banerjee <ayan@cumulusnetworks.com> Reviewed-by: Scott Feldman <sfeldma@cumulusnetworks.com> Reviewed-by: JR Rivers <jrrivers@cumulusnetworks.com> Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
Ayan Banerjee [Mon, 3 Dec 2012 18:48:46 +0000 (10:48 -0800)]
ospf: suppress delete using replacement
After a SPF run, OSPF deletes routes that have changed in terms of any
metric, type, and/or next-hops and re-adds them. Given that the Zebra-RIB
already support replacement semantics, we suppress deletes for routes
that will be added back again.
This has the following advantages. It reduces the number of IPC messages
between OSPF/Zebra. Also, in the current flow, a batch of route deletes
were followed by a batch of adds even for say a metric change.
With the change, routes are sent as "add" when they are modified. Zebra
already implicitly deletes older routes.
Signed-off-by: Ayan Banerjee <ayan@cumulusnetworks.com> Reviewed-by: Scott Feldman <sfeldma@cumulusnetworks.com> Reviewed-by: Dinesh Dutt <ddutt@cumulusnetworks.com> Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
David Lamparter [Thu, 13 Dec 2012 09:35:45 +0000 (10:35 +0100)]
build: update ICC warning CFLAGS
Intel's icc doesn't accept "-wd <number>" anymore, it's "-wd<number>"
these days. But, anyhow, the warnings disabled in Quagga's configure.ac
don't seem to appear anywhere at all, so let's just remove the option
completely.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Nick Hilliard [Wed, 28 Nov 2012 14:39:56 +0000 (14:39 +0000)]
isisd: fix ipv6 metric endianness
the isis ipv6 reachability metric is transmitted in big endian / network
format, but isis_spf_process_lsp() does not convert this into host endian
format when mucking around with local cost + received metric. This patch
fixes this problem and makes received ipv6 metrics work properly on
little-endian machines.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Christian Franke [Tue, 27 Nov 2012 19:51:59 +0000 (19:51 +0000)]
isisd: fix metrics check for metric-style narrow
When switching to narrow metric style, all configured circuits are
verified to have a valid narrow style metric. Check te_metric instead
of metric_default as the latter is only 8bit wide and may overflow for
wide style metrics.
Signed-off-by: Christian Franke <chris@opensourcerouting.org> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
David Lamparter [Tue, 27 Nov 2012 01:10:30 +0000 (01:10 +0000)]
isisd: address Coverity warnings
this fixes a bunch of issues found by Coverity SCAN and flagged as
"high" impact -- although, they're all rather minute issues.
* isisd/isis_adjacency.c: one superfluous check, one possible NULL deref
* isisd/isis_circuit.c: two prefix memory leaks
* isisd/isis_csm.c: one missing break
* isisd/isis_lsp.c: one possible NULL deref
* isisd/isis_pfpacket.c: one error-case fd leak
* isisd/isis_route.c: one isis_route_info memory leak
* isisd/isis_routemap.c: one... fnord
* isisd/isis_tlv.c: one infinite loop
Reported-by: Coverity SCAN Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
David Lamparter [Tue, 27 Nov 2012 01:10:29 +0000 (01:10 +0000)]
isisd: always join all IS-IS multicast groups
The socket is only created once when an interface is brought up, and the
multicast groups were joined according to configuration at that point.
This breaks when later switching an interface to another IS-IS level.
Since, for a separate conformance issue (ANVL ISIS-6.4), we should be
inspecting the destination address anyway, the simplest fix here is to
just join all groups unconditionally. There shouldn't be much traffic
on these anyway, worst case we might be picking up some unrelated
multicast groups due to NIC filter aliasing though...
Signed-off-by: David Lamparter <equinox@opensourcerouting.org> Tested-by: Martin Winter <mwinter@opensourcerouting.org>
Christian Franke [Tue, 27 Nov 2012 01:10:28 +0000 (01:10 +0000)]
isisd: save metric-style narrow
isisd defaults to wide metric style. So if narrow metric style is
configured, a matching setting should be written to the configuration,
allowing a narrow metric-style setting to be saved.
Signed-off-by: Christian Franke <chris@opensourcerouting.org> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
David Lamparter [Tue, 27 Nov 2012 01:10:27 +0000 (01:10 +0000)]
isisd: fix spftree_area_del typo causing SEGV
spftree_area_del didn't clear the IPv6 L2 spftree due to a simple typo,
leading to a SEGV on shutdown when the still-armed timer would try to
run an IPv6 L2 SPF calculation with its data free'd already.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
David Lamparter [Tue, 27 Nov 2012 01:10:26 +0000 (01:10 +0000)]
isisd: drop hellos without supported protocol list
isisd should not form adjacencies on receiving an IS-IS Hello without a
list of supported protocols (cf. RFC 1195 s4.4 p32 "Maintaining Router
Adjacencies") Also fixes memleaks in these error cases.
David Lamparter [Tue, 27 Nov 2012 01:10:24 +0000 (01:10 +0000)]
isisd: do not add >63 IP addresses to hello
RFC1195 s4.2 "Multiple IP Addresses per Interface" explicitly forbids us
from adding multiple tuples of IP addresses, putting a hard cutoff at 63
IP addresses.
* isisd/isis_tlv.c: cut off (and return success) at 63 addrs.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org> Tested-by: Martin Winter <mwinter@opensourcerouting.org>
David Lamparter [Tue, 27 Nov 2012 01:34:56 +0000 (01:34 +0000)]
build: include git info
If enabled with --with-pkg-gitversion on ./configure, this will append
git version strings and branch information at the following places:
- overall version number: 0.99.21-g0123456
- login motd and show version: tag information + git id + branches
Sample output:
Hello, this is Quagga (version 0.99.21-g14b49ad-dirty).
Copyright 1996-2005 Kunihiro Ishiguro, et al.
This is a git build of quagga_0_99_21_release-106-g14b49ad-dirty
Associated branch(es):
local:master
[v2]: fix build without gitinfo (add "else" branch)
[v2]: fix for repos without any tags (different git describe output) Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Avneesh Sachdev [Tue, 13 Nov 2012 22:49:01 +0000 (22:49 +0000)]
zebra: include intf when sending IPv4 nexthop to FPM
* zebra/zebra_fpm_netlink.c
Change the zebra FPM code to include an interface index when
encoding a nexthop even if the protocol only provided a gateway
address (e.g, NEXTHOP_TYPE_IPV4).
Signed-off-by: Avneesh Sachdev <avneesh@opensourcerouting.org> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Avneesh Sachdev [Tue, 13 Nov 2012 22:48:59 +0000 (22:48 +0000)]
zebra: add module to communicate routes to FPM
Enhance zebra to send routes to the (optional) Forwarding Path Manager
component using the interface defined by fpm/fpm.h.
* configure.ac
- Add --enable-fpm flag.
The FPM-related code in zebra is activated only if the build is
configured with '--enable-fpm'.
- Add HAVE_NETLINK automake conditional.
This allows us to conditionally build netlink-dependent C code.
* zebra/{rib.h,zebra_rib.c}
- Add the 'fpm_q_entries' field to the rib_dest_t structure. This
allows dests to be placed on the fpm queue.
- Define a couple new rib_dest_t flags that hold FPM-related
state.
- Invoke the zfpm_trigger_update() function for a route_node
whenever the information to be sent to the FPM changes.
- rib_can_delete_dest(): Return FALSE if we have to update the FPM
about the given dest. This ensures that the dest is not deleted
even if there are no ribs hanging off of it.
* zebra/zebra_fpm.c
This file holds most of the code for interacting with the FPM.
- If quagga was configured with '--enable-fpm', periodically try
to connect to the FPM.
- When the connection comes up, enqueue all relevent dests to the
FPM queue.
- When the FPM socket is readable, dequeue the next rib_dest_t
from the FPM queue, encode it in to a message and send the
message to the FPM.
- When the connection to the FPM goes down, remove all dests from
the FPM queue, and then start trying to connect to the FPM
again.
- Expose the following new operational commands:
show zebra fpm stats
clear zebra fpm stats
* zebra/zebra_fpm_netlink.c
- zfpm_netlink_encode_route(): Function to encode information
about a rib_dest_t in netlink format.
* zebra/zebra_fpm_private.h
Private header file for the zebra FPM module.
* zebra/zebra_fpm.h
Header file exported by zebra FPM module to the rest of zebra.
* zebra/debug.c
Add the 'debug zebra fpm' command.
* zebra/main.c
Initialize the zebra-FPM code on startup.
* zebra/misc_null.c
Add stub for zfpm_trigger_update().
* zebra/Makefile.am
- Include new file zebra_fpm.c in build.
- Include zebra_fpm_netlink.c in build if HAVE_NETLINK is defined.
* vtysh/Makefile.am
Include zebra_fpm.c in list of files that define cli commands.
Signed-off-by: Avneesh Sachdev <avneesh@opensourcerouting.org> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Avneesh Sachdev [Tue, 13 Nov 2012 22:48:58 +0000 (22:48 +0000)]
fpm: Add public header for Forwarding Plane Manager
The Forwarding Plane Manager (FPM) is an optional component that may
be used in scenarios where the router has a forwarding path that is
distinct from the kernel, commonly a hardware-based fast path. It is
responsible for programming forwarding information (such as routes and
nexthops) in the fast path.
In Quagga, the Routing Information Base is maintained in the 'zebra'
infrastructure daemon. Routing protocols communicate their best routes
to zebra, and zebra computes the best route across protocols for each
prefix. This latter information comprises the bulk of the Forwarding
Information Base.
The new header file added by this patch, 'fpm/fpm.h', defines a
point-to-point interface using which zebra can update the FPM about
changes in routes. The communication takes place over a stream
socket. The FPM listens on a well-known TCP port, and zebra initiates
the connection.
All messages sent over the connection start with a short 'FPM header'.
In the case of route add/delete messages, the header is followed by a
netlink message. Zebra should send a complete copy of the forwarding
table(s) to the FPM, including routes that it may have picked up from
the kernel.
The FPM interface uses replace semantics. That is, if a 'route add'
message for a prefix is followed by another 'route add' message, the
information in the second message is complete by itself, and replaces
the information sent in the first message.
If the connection to the FPM goes down for some reason, the client
(zebra) should send the FPM a complete copy of the forwarding table(s)
when it reconnects.
Signed-off-by: Avneesh Sachdev <avneesh@opensourcerouting.org> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Avneesh Sachdev [Tue, 13 Nov 2012 22:48:57 +0000 (22:48 +0000)]
lib: bring in sys/queue.h from FreeBSD tree
Bring in sys/queue.h from the FreeBSD tree as lib/queue.h.
This header implements lists of various flavors using inline
linkages. The imported file corresponds to SVN revision 221843 (url
below) and is available under the terms of the New BSD license
(3-clause).
Avneesh Sachdev [Tue, 13 Nov 2012 22:48:54 +0000 (22:48 +0000)]
zebra: add way to determine VRF/AFI/SAFI of table
Add some code that allows us to determine which VRF and AFI/SAFI a
given RIB table corresponds to.
* zebra/rib.h
Add rib_table_info_t structure, which contains information about
the VRF, AFI and SAFI that a table is for.
* zebra/zebra_rib.c
- Add the vrf_table_create() function, which creates a table and
sets its 'info' pointer to a newly created rib_table_info_t.
The 'info' pointer allows us to go from a route_node or a table
to the associated vrf.
- vrf_alloc(): Use vrf_create_table() to create tables.
* lib/memtypes.c
Add memory type for rib_table_info_t.
Signed-off-by: Avneesh Sachdev <avneesh@opensourcerouting.org> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Avneesh Sachdev [Tue, 13 Nov 2012 22:48:53 +0000 (22:48 +0000)]
zebra: add structure to hold per-prefix state in RIB
Add the rib_dest_t structure to hold per-prefix state in the routing
information base. This gives us an appropriate place to maintain the
queueing state of a route_node. Queuing state was previously being
stored on the first rib in the list of ribs hanging off the
route_node.
* zebra/rib.h
- Add new structure rib_dest_t.
- Remove the rn_status field from 'struct rib', it is no longer
required.
- Add macros (RNODE_FOREACH_RIB, RNODE_FOREACH_RIB_SAFE) for
walking all 'struct ribs' corresponding to a route_node. These
hide the fact that there is an intermediate rib_dest_t
structure.
- Add a few utility inlines to go between a rib_dest_t and
associated structures.
* zebra/zebra_rib.c
- rib_link()/rib_unlink()
Tweak for new behavior, where the 'info' pointer of a route_node
points to a rib_dest_t. The list of ribs for a prefix now hangs
off of the dest.
Change the way we ref count route_nodes. We now hold a single
ref count on a route_node if there is a corresponding
rib_dest_t.
- Maintain the queuing state of a route_node on the flags field of
the rib_dest_t.
- Add the rib_gc_dest() function, which deletes a rib_dest_t if it
is no longer required. A rib_dest_t can be deleted iff there are
no struct ribs hanging off of it.
- Call rib_gc_dest() any time we unlink a rib from the
rib_dest_t. Currently we only need to call it once, just before
we return from rib_process().
Andrew Certain [Wed, 7 Nov 2012 23:50:07 +0000 (23:50 +0000)]
bgpd: add replace-as modifier for BGP neighbor
Added replace-as modifier for BGP neighbors when using
local-as. If the replace-as modifier is specified, only the
replacement AS as specified by the local-as modifier is
prepended to the AS_PATH, not the process's AS.
In bgp_attr.c, I decided that
if (peer->change_local_as) {
/* If replace-as is specified, we only use the change_local_as when
advertising routes. */
if( ! CHECK_FLAG (peer->flags, PEER_FLAG_LOCAL_AS_REPLACE_AS) ) {
aspath = aspath_add_seq (aspath, peer->local_as);
}
aspath = aspath_add_seq (aspath, peer->change_local_as);
} else {
aspath = aspath_add_seq (aspath, peer->local_as);
}
was clearer than the alternative that didn't duplicate the prepending of the
process's AS:
/* First, append the process local AS unless we have an alternate local_as
* and we're replacing it (as opposed to just prepending it). */
if (! (peer->change_local_as
&& CHECK_FLAG (peer->flags, PEER_FLAG_LOCAL_AS_REPLACE_AS) ) ) {
aspath = aspath_add_seq (aspath, peer->local_as);
}
if (peer->change_local_as)
aspath = aspath_add_seq (aspath, peer->change_local_as);
}
But I could be convinced otherwise.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Doug VanLeuven [Wed, 10 Oct 2012 23:12:32 +0000 (16:12 -0700)]
build: check actually-used BSD link state fields
ifi_link_state missing in OS X. There could be other *BSD's that haven't
implemented it and possibly affects older implementations.
The existing HAVE_BSD_LINK_DETECT configure.ac check is only confirming
the link state detection using ifmediareq.ifm_status found in
<net/if_media.h>. This is the link state detection used in
zebra/ioctl.c. Later, *BSD redefined struct if_data in <net/if.h> and
included link state detection. This is the method used in
zebra/kernel_socket.c
Additional test defined in config.ac to test for member struct
if_data.ifi_link_state defined in <net/if.h> separate from test for
<net/if_media.h> ifmediareq.ifm_status
Fixed #ifdef's in zebra/kernel_socket.c to use the new #define
No impact on older function calls in zebra/ioctl.c
Tested on 64bit OS X 10.7, FreeBSD 9.0 amd64 & i386 (32bit)
using gcc & clang. Tested on linux 64bit.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Doug VanLeuven [Wed, 10 Oct 2012 23:11:36 +0000 (16:11 -0700)]
zebra: kernel_socket: fix overflow in RTA_ADDR & RTA_ATTR
In zebra/kernel_socket.c, copying sockaddr from *_msghdr:
There are really 2 different lengths that need to be determined.
1) the length required to point to the next sockaddr in the mesg
buffer which might include any required padding and
2) the actual length of the sockaddr data that needs to be copied
into the destination field.
They may or may not be the same value.
Sizeof sockaddr_in6 is 28, which to pad for alignment purposes on 32
bit systems with a long of 4 bytes is evenly divided and requires
no padding. On 64 bit systems, with a long of 8 it is padded with 4
extra bytes.So the current RTA_* macros are copying 32 bytes into a 28
byte field on 64 bitsystems, where the field overflow did not occur
on the 32 bit systems.
Since using sa_len required the use of an #ifdef which couldn't be used
directly inside a #define, it made sense to move the copy into the
function to allow typdef checking throughout and eliminate the hack
to suppress compiler warnings.
Fixed declaration of cp in ifm_read after compiler noticed type mismatch.
Tested on 64bit OS X 10.7, FreeBSD 9.0 amd64 & i386 (32bit)
using gcc & clang
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Doug VanLeuven [Wed, 10 Oct 2012 22:10:14 +0000 (22:10 +0000)]
zebra: kernel_socket: fix 64bit MacOS X alignment
In OS X 10.7 zebra crashed on invalid execution address.
sockaddr padding in *_msghdr is observed to be 4 bytes in 64bit OS X.
The ROUNDUP macro assumed alignment on sizeof(long) which
allocates 8 bytes on 64bit systems, 4 bytes on 32bit systems
which is true for BSD generally.
Test for Apple and use sizeof(int) which allocates 4 bytes on 32 & 64bit
systems.
Tested on 64bit OS X 10.7, FreeBSD 9.0 amd64 & i386 (32bit)
using gcc & clang
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
An ORF (code 3) capability TLV is defined to contain exactly one
AFI/SAFI block. Function bgp_capability_orf(), which parses ORF
capability TLV, uses do-while cycle to call its helper function
bgp_capability_orf_entry(), which actually processes the AFI/SAFI data
block. The call is made at least once and repeated as long as the input
buffer has enough data for the next call.
The helper function, bgp_capability_orf_entry(), uses "Number of ORFs"
field of the provided AFI/SAFI block to verify, if it fits the input
buffer. However, the check is made based on the total length of the ORF
TLV regardless of the data already consumed by the previous helper
function call(s). This way, the check condition is only valid for the
first AFI/SAFI block inside an ORF capability TLV.
For the subsequent calls of the helper function, if any are made, the
check condition may erroneously tell, that the current "Number of ORFs"
field fits the buffer boundary, where in fact it does not. This makes it
possible to trigger an assertion by feeding an OPEN message with a
specially-crafted malformed ORF capability TLV.
This commit fixes the vulnerability by making the implementation follow
the spec.
Avneesh Sachdev [Thu, 4 Oct 2012 16:21:34 +0000 (16:21 +0000)]
build: reorder libraries to address linker error
The linker on some systems (for example, Ubuntu 12.04 LTS x86_64)
appears to be sensitive to the order in which libraries are
specified. On these systems, if a library 'A' depends on a library
'B', it has to be specified before 'B' when linking an executable.
* zebra/Makefile.am: Make sure LIBCAP comes after libzebra.
* tests/Makefile.am: Ensure libm comes after libbgp.
Signed-off-by: Avneesh Sachdev <avneesh@opensourcerouting.org> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
projects / mirror_frr.git / log