Daniel Walton [Fri, 10 Nov 2017 18:30:25 +0000 (18:30 +0000)]
tools: frr-reload do not attempt deleting lines that cannot be deleted
Signed-off-by: Daniel Walton <dwalton@cumulusnetworks.com>
There are several lines that we cannot do a "no" on
- frr version
- frr defaults
- password
- line vty
frr-reload should ignore these if asked to do a "no" on them
Daniel Walton [Fri, 10 Nov 2017 17:57:42 +0000 (17:57 +0000)]
tools: frr-reload remove Cumulus Linux release numbers from comments
Signed-off-by: Daniel Walton <dwalton@cumulusnetworks.com>
The "3.0", etc in the comments were referring to Cumulus Linux 3.0 which
was confusing now that FRR has a 3.0
Daniel Walton [Fri, 10 Nov 2017 17:19:08 +0000 (17:19 +0000)]
tools: frr-reload.py ignore multiple whitespaces
Signed-off-by: Daniel Walton <dwalton@cumulusnetworks.com>
Without this fix frr-reload would do a del/add even if the only
difference were bogus whitespaces.
Marcel Röthke [Fri, 10 Nov 2017 12:56:24 +0000 (13:56 +0100)]
bgpd: Add RPKI/RTR support
This commit adds support for the RTR protocol to receive ROA
information from a RPKI cache server. That information can than be used
to validate the BGP origin AS of IP prefixes.
Both features are implemented using [rtrlib](http://rtrlib.realmv6.org/).
Juergen Kammer [Tue, 7 Nov 2017 08:38:22 +0000 (09:38 +0100)]
ospf6d: Fix setting interface ipv6 ospf6 cost value (LSA hooks were never called)
Fixes: #1420 Signed-off-by: Juergen Kammer <j.kammer@eurodata.de>
If the ipv6 ospf6 cost on an interface is changed, no recalculation of routes happens, though the interface structure is updated with the new value. The new cost will be used later, when LSA hooks are called for any other reason.
Diagnosis:
The DEFUN for the config command sets oi->cost and calls ospf6_interface_recalculate_cost(oi) whenever there is a change in the supplied value. ospf6_interface_recalculate_cost then gets the new cost for the interface by calling ospf6_interface_get_cost(oi), which returns oi->cost if a cost is manually set (i.e. we get the value we just set). ospf6_interface_recalculate_cost only calls the LSA hooks if there is a change - which obviously never happens if we compare the new value with itself.
Quentin Young [Mon, 23 Oct 2017 20:43:32 +0000 (16:43 -0400)]
bgpd: fix mishandled attribute length
A crafted BGP UPDATE with a malformed path attribute length field causes
bgpd to dump up to 65535 bytes of application memory and send it as the
data field in a BGP NOTIFY message, which is truncated to 4075 bytes
after accounting for protocol headers. After reading a malformed length
field, a NOTIFY is generated that is supposed to contain the problematic
data, but the malformed length field is inadvertently used to compute
how much data we send.
CVE-2017-15865
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Chirag Shah [Thu, 2 Nov 2017 14:54:45 +0000 (07:54 -0700)]
ospfd: VRF aware Router-ID update
Ensure zebra received router-id isolated per vrf instance.
Store zebra received router-id within ospf instance.
Ticket:CM-18657
Reviewed By:
Testing Done:
Validated follwoing sequence
- Create vrf1111
- Create ospf vrf1111 with no router-id
- Assign ip to vrf111
- ospf is assigned zebra assigned router-id which is vrf ip.
- upon remvoing vrf ip, the router-id retained as same until
ospfd restarted.
Signed-off-by: Chirag Shah <chirag@cumulusnetworks.com>
Donald Sharp [Fri, 3 Nov 2017 19:25:31 +0000 (15:25 -0400)]
bgpd: Prevent infinite loop when reading capabilities
If the user has configured the ability to override
the capabilities or if the afi/safi passed as part
of the _MP capability is not understood, then we
can enter into an infinite loop as part of the
capability parsing.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The problem with this is that macaddr[0] is passed in as a integer
so the sprintf function thinks that the value to display is much
larger than it actually is. The ECOMMUNITY_STR_DEFAULT_LEN is 27
So the resulting string no-longer fits in memory and we write
off the end of the buffer and can crash. If we force the
passed in value to be a uint8_t then we get the expected output
since a single byte is displayed as 2 hex characters and the
resulting string fits in str_buf.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Don Slice [Fri, 3 Nov 2017 16:45:02 +0000 (16:45 +0000)]
bgpd: default originate issue with intf peers and global intf address
Problem reported that a receiver of a default route issued across bgp
unnumbered peering using default originate would have the route stay
as inactive. Discovered we were messing up the nexthop value sent to
the peer in this one particular case. Manual testing good, fix supplied
to the submitter and verified to resolve the problem. bgp-smoke
completed successfully.
Ticket: CM-18634 Signed-off-by: Don Slice <dslice@cumulusnetworks.com> Reviewed-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Fri, 27 Oct 2017 17:02:15 +0000 (13:02 -0400)]
eigrpd: Allow query send to send more than 1 packet
When we send a query if we have more queries than we
can fit in one packet, allow the packet to be broken
up into multiple packets to be sent to our neighbor.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Chirag Shah [Mon, 30 Oct 2017 18:56:59 +0000 (11:56 -0700)]
ospfd: fix show ospf neigh json for multile nbrs
Same neighbor learned from multiple ospf interfaces
(all) were not displayed in json, only last was displayed.
Created list within dictionary using neighbor-id as key.
lookup neigbhor-id in json obejct prior to creating new list.
spine-2# show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
0.0.1.16 1 Full/DR 36.754s 8.0.3.15 swp1:8.0.3.16
0.0.1.16 1 Full/DR 30.903s 7.0.3.15 swp2:7.0.3.16
Donald Sharp [Mon, 30 Oct 2017 23:41:28 +0000 (19:41 -0400)]
pimd: Fix crash with debug and ifp changes
Certain interface flapping events can cause a lookup
that does not find any ifp pointer. This is only causing
a crash in the `debug pim zebra` command due to only needing
to lookup the interface for it's name.
Modify code to ensure we have a valid pointer. Follow other
debug statements lead in the same function for what to display
when an interface does not currently exist.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Sun, 29 Oct 2017 12:51:57 +0000 (08:51 -0400)]
eigrpd: When writing packet don't crash in some cases
When we are writing a packet if we have gotten ourselves
into a bad situation, note it and move on. Hopefully
dumping enough information so that we can find the offending
reason.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Chirag Shah [Thu, 26 Oct 2017 21:23:25 +0000 (14:23 -0700)]
ospfd: add vrf option to operational command
Seperate the display option in both vty and json
case 'vrf' is used in show command.
show ip ospf 'vrf all' [json]
Display vrf name as key object in json and vrf name
in vty output.
case 'vrf' is not used then only display default
vrf ospf instance and vrf name is not shown in vty and
json.
Signed-off-by: Chirag Shah <chirag@cumulusnetworks.com>
Donald Sharp [Mon, 23 Oct 2017 14:10:06 +0000 (10:10 -0400)]
zebra: Move clear_nhlfe_installed to calling functions
The function clear_nhlfe_installed is to be called
when we get a install failure of some sort for
a lsp change. Since an install failure can happen
in both linux and openBSD moving the function call
northbound is a good idea.
I've also added it to the kernel_del_lsp for completeness
on failure as well, even though neither linux or openBSD
currently can fail a uninstall.
This still leaves the hole where if we have multiple
nhlfes and have an install failure we are not quite
doing the right thing by just blanketly calling
clear_nhlfe_installed.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Thu, 26 Oct 2017 18:07:33 +0000 (14:07 -0400)]
bgpd: exit on socket bind failures
When we fail to bind to port 179 we are left in a situation
where we have not saved the bgp pointer created and when
the bgp cli mode is exited we leak the memory.
Additionally there is no recovery situation here that
could be easily programmed without fundamentally changing
the code.
So let's exit and output to the log file some useful
information to hopefully clue the user in on what is
going wrong.
Fixes: #1130 Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Don Slice [Thu, 19 Oct 2017 18:23:30 +0000 (14:23 -0400)]
bgpd: fix various problems with hold/keepalive timers
Problem reported that we weren't adjusting the keepalive timer
correctly when we negotiated a lower hold time learned from a
peer. While working on this, found we didn't do inheritance
correctly at all. This fix solves the first problem and also
ensures that the timers are configured correctly based on this
priority order - peer defined > peer-group defined > global config.
This fix also displays the timers as "configured" regardless of
which of the three locations above is used.
Ticket: CM-18408 Signed-off-by: Don Slice <dslice@cumulusnetworks.com> Reviewed-by: CCR-6807
Testing-performed: Manual testing successful, fix tested by
submitter, bgp-smoke completed successfully
Donald Sharp [Thu, 26 Oct 2017 03:07:21 +0000 (23:07 -0400)]
bgpd: Treat empty reachable NLRI as a EOR
This issue was discovered on a live session with an extremely
old cisco 7206VXR router running 12.2(33)SRE4. The sending router
is sending us an empty NLRI that is MP_REACH. From RFC
exploration(thanks Russ!) it appears that this was
considered a 'valid' way to send EOR.
Following discussion decided that we should treat
this situation as a EOR marker instead of bringing
down the session.
Applying this fix on the FRR router seeing this issue
allows it to continue it's peering relationship with
the ASR. Since this is a point fix I do not see
a high likelihood of further fallout.
Fixes: #1258 Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Thu, 26 Oct 2017 02:38:50 +0000 (22:38 -0400)]
bgpd: When not fully connected to zebra gracefully ignore the issue
When bgp is coming up and is reading a non-integrated config.
The bgp connection to zebra has not fully had a chance to start.
As such when a redistribute line is parsed the attempt is
made to install it but it was erroring out with a warning.
This caused the `redistribute XXX` line to create a error
message to the end user.
Since bgp calls zclient_send_reg_requests which re-registers
the redistribute call once the actual zebra connection is up
and once bgp comes alive this is ok.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Thu, 26 Oct 2017 02:35:35 +0000 (22:35 -0400)]
lib: Fix non-integrated config error display
When using a non-integrated config and starting up
of a protocol daemon, we were not properly handling
all possible cases and as such when an user hit
an actual error they were getting (null) listed
for the message string.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Wed, 25 Oct 2017 17:30:45 +0000 (13:30 -0400)]
pimd: Cleanup vrf SA issues exposed by recent commits
A recent commit has shown that we were not consistent with
handling of the vrf lookup. Adjust pim to do the right
thing with vrf lookup to be consistent and to make SA
happier.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Wed, 25 Oct 2017 14:47:55 +0000 (10:47 -0400)]
zebra: Allow user to specify work-queue processing hold time
Allow the user to modify the work-queue processing hold time
from 10ms to a value from (0-10000). Make the command hidden
as that it's a semi-dangerous command and it could cause
issues.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Wed, 18 Oct 2017 14:19:58 +0000 (10:19 -0400)]
bgpd: Allow 'match peer' for all route-map types
There are multiple places that we use route-maps in bgp
There is no need to limit the route-map 'match peer ...' command
to just import and export route-map types. I see need for
using this in table-maps as well.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
projects / mirror_frr.git / log