Martin Winter [Tue, 7 Nov 2017 21:16:57 +0000 (13:16 -0800)]
FRR Release 2.0.2
This version of FRR contains these fixes since the last release:
1. Improved Packaging for debian related builds.
2. Fix for a invalid AS-PATH length in BGP.
3. Fix for miss-handling of BGP attributes in an error situation.
(Re-Release of 2.0.1 which missed some version number and changelog updates)
Signed-off-by: Martin Winter <mwinter@opensourcerouting.org>
Quentin Young [Mon, 23 Oct 2017 20:43:32 +0000 (16:43 -0400)]
bgpd: fix mishandled attribute length
A crafted BGP UPDATE with a malformed path attribute length field causes
bgpd to dump up to 65535 bytes of application memory and send it as the
data field in a BGP NOTIFY message, which is truncated to 4075 bytes
after accounting for protocol headers. After reading a malformed length
field, a NOTIFY is generated that is supposed to contain the problematic
data, but the malformed length field is inadvertently used to compute
how much data we send.
CVE-2017-15865
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Andreas Jaggi [Fri, 8 Sep 2017 11:46:20 +0000 (07:46 -0400)]
bgpd: Fix AS_PATH size calculation for long paths
If you have an AS_PATH with more entries than
what can be written into a single AS_SEGMENT_MAX
it needs to be broken up. The code that noticed
that the AS_PATH needs to be broken up was not
correctly calculating the size of the resulting
message. This patch addresses this issue.
This patch was built from an email that Andreas
sent to the dev alias for FRRouting.
Fixes: #1114 Signed-off-by: Andreas Jaggi <aj@open.ch> Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
In order for the frr service to come up automatically, the service needs to be enabled which will create a symlink from /etc/systemd/system/network-online.target.wants/frr.service to /etc/systemd/system/frr.service
smccroskey [Tue, 8 Aug 2017 21:51:38 +0000 (14:51 -0700)]
frr.lintian-overrides: update for current list of built libs
Because the lintian warning no longer matched exactly due to removal
of unused protobuf libraries from the build, the warning wasn't
masked. Update it to match the current warning string.
frr.service: remove explicit dependency on socket-based syslog.target
Testing done: built and installed for all ubuntu targets
Socket-based services such as syslog need not be specified as
dependencies in service files, and doing so may slow down boot by
reducing parallelism. All known supported systemd-based platforms
have syslog as a socket-based service.
Clears the following lintian warnings:
W: frr: systemd-service-file-refers-to-obsolete-target lib/systemd/system/frr.service syslog.target
smccroskey [Mon, 29 May 2017 22:34:02 +0000 (15:34 -0700)]
debian: install PNG files in /usr/share/info
Testing done: built in sbuild with lintian enabled
Clears lintian warnings of the following form:
W: frr-doc: info-document-missing-image-file
According to the documentation for the lintian warning, certain
applications (e.g. emacs) can render images from info files inline,
and expect the images to either have their full path defined or be
installed in the same directory as the info files themselves.
Automake doesn't seem to have a primary for handling this sort of
installation (info_DATA is invalid and causes an error), so opted to
handle it in the debian install file itself.
Installing the images elsewhere (another path installed by frr-doc)
and giving a full path to their location in info files might be a
better approach.
Martin Winter [Fri, 9 Jun 2017 02:14:41 +0000 (19:14 -0700)]
debian->debianpkg: Move debian files from debian dir to debianpkg dir.
Debian build systems use debian subdir for building and having a debian
dir in the source package causes issues.
Moving it to debianpkg avoids the issue and allows us to ship debian
package files in the source distribution
Signed-off-by: Martin Winter <mwinter@opensourcerouting.org>
minimize diffs between the base debian files and each backport to the
changes that actually matter, so that they aren't lost in the noise of
capitalization and ordering differences.
this removes some cruft -- old/outdated/incorrect information,
trailing whitespace, etc., and updates the descriptions. Some small
changes were made where appropriate to minimize the diff between the
base control file and those of the various backports.
precise/trusty: don't attempt to install pimd or ldpd manuals
Neither of these daemons are installed on 14.04, leading to build
failures now that the man pages are excluded from the Makefiles when
the daemons aren't enabled for install.
backports: error out on upstream/downstream version mismatch
The quilt source format expects the upstream tarball's version to
correspond roughly to the debian version of the package, and errors
will be thrown (at unpack time, in our case) if it doesn't. Do a
sanity check when we're building the source package to make sure they
match up.
Silas McCroskey [Tue, 14 Feb 2017 17:48:57 +0000 (00:48 +0700)]
backports: symlink identical files
Testing-done: built all backports in schroots and VMs
made files identical between different backports symlinks
to the ones for the more recent distribution, and updated
relevant tar invocations to follow symlinks.
Silas McCroskey [Tue, 14 Feb 2017 17:34:42 +0000 (00:34 +0700)]
debian: add pkg-config to build-depends
Testing-done: `--add-depends pkg-config' sbuild
The dependency on pkg-config was introduced recently, and
missed because it's in our schroots by default. Need to add
it for other build environments (e.g. ubuntu schroots).
Silas McCroskey [Tue, 14 Feb 2017 15:48:19 +0000 (22:48 +0700)]
debian: move ubuntu 16.04 files into new backports system
Added 'debian/patches' to the exclude file, since the existing patches
interfere with the build and are unused by our build. No other
changes were necessary. Used '-0~ubuntu16.04+1' as the version
extention, to denote: no patches (-0), debian packaging files changed
for backport (+1).
Signed-off-by: Silas McCroskey <smccroskey@cumulusnetworks.com> Signed-off-by: Martin Winter <mwinter@opensourcerouting.org>
Silas McCroskey [Tue, 14 Feb 2017 15:44:17 +0000 (22:44 +0700)]
debian: move ubuntu 14.04 files into new backports system
`git diff'ed the main (cmaster) branch against the 14.04 branch
to determine changed debian files, then pulled them into
debian/backports via `git cat-file'. Added 'debian/patches' to
the exclude file, since the existing patches interfere with the
build and are unused by our build. Used '-0~ubuntu14.04+1' as
the version extention, to denote: no patches (-0), debian
packaging files changed for backport (+1).
Original commit by Silas with updates on fork name by Martin
Signed-off-by: Martin Winter <mwinter@opensourcerouting.org>
Silas McCroskey [Tue, 14 Feb 2017 15:34:56 +0000 (22:34 +0700)]
debian: move ubuntu 12.04 files into new backports system
`git diff'ed the main (cmaster) branch against the 12.04 branch
to determine changed debian files, then pulled them into
debian/backports via `git cat-file'. Added 'debian/patches' to
the exclude file, since the existing patches interfere with the
build and are unused by our build. Used '-0~ubuntu12.04+1' as
the version extention, to denote: no patches (-0), debian
packaging files changed for backport (+1).
Original commit by Silas with updates on fork name by Martin
Signed-off-by: Martin Winter <mwinter@opensourcerouting.org>
Silas McCroskey [Tue, 14 Feb 2017 12:04:10 +0000 (19:04 +0700)]
debian/backports: include in distfile, don't put files in ..
Testing-done: ran 'make dist', unpacked elsewhere, built from result
Adjusted target to build the .orig.tar.gz accordingly, since it must
exclude the debian/ subdirectory. Allows for building any backport from
only a tarball.
Signed-off-by: Silas McCroskey <smccroskey@cumulusnetworks.com> Signed-off-by: Martin Winter <mwinter@opensourcerouting.org>
Silas McCroskey [Tue, 14 Feb 2017 11:45:50 +0000 (18:45 +0700)]
debian: structure for building backports from a single branch
Source a makefile (when it exists) in debian/rules to assemble
a source package via:
* a debian.tar.gz tarball built from combining the contents of debian/
and debian/backports/$backport/debian/ using other details under
debian/backports/$backport
* an orig.tar.gz file (not generated by this makefile). This can (and
should) be the same for all backports.
Don Slice [Fri, 26 May 2017 15:13:08 +0000 (15:13 +0000)]
bgpd: fix issue with ipv6 ecmp with vrfs
Problem reported by customer that ipv6 wasn't installing ecmp paths
when using vrfs. Found a vrf-unware call in bgp_zebra_announce that
was the culprit. Testing of the fix looks good.
Ticket: CM-15545 Signed-off-by: Don Slice <dslice@cumulusnetworks.com>
Martin Winter [Mon, 22 May 2017 11:07:22 +0000 (04:07 -0700)]
redhat: Disallow reload function for unsupported systems
Before the change, a reload triggered a restart if the python reload script wasn't installed or for non-integrated configs
With this change, the reload is rejected with an error in this case (and suggests the installation of the python script package)
Signed-off-by: Martin Winter <mwinter@opensourcerouting.org>
Don Slice [Tue, 14 Feb 2017 17:15:40 +0000 (09:15 -0800)]
zebra: stop deregistering static nexthops unless removing the static
Problem reported was that with some overlapping static route configurations,
when the link went down the less specific static was not re-installed after
the link came back up. Determined that with the overlapping statics, we
would recursively resolve the next-hop temporarily thru the more specific
static route, but since the next-hop wasn't actually reachable, we would go
through the code that clears the nht information for the static completely.
This caused the nht code to no longer process the static route.
After reviewing the process, there doesn't seem to be any reason that the
static should be deregistered in that section of code. Removed the
deregister and the problem is resolved and not addional failures seen in
manual testing. zebra_test.py completed successfully and ospf and bgp smokes
completed with no new failures.
Ticket: CM-14873 Signed-off-by: Don Slice <dslice@cumulusnetworks.com> Reviewed-by: CCR-5696
Don Slice [Wed, 23 Nov 2016 19:58:27 +0000 (11:58 -0800)]
zebra: Move interfaces to default before deleting
Encountered a crash in zebra due to getting a delete on an SVI with
VRR configured. Since we don't actually do a delete but flag the interface
as inactive, slag VRR interfaces would remain on the vrf_iflist with a lock
count of zero, causing the crash. Since all other interface types are moved
to the default table before deleting, doing the same thing for any interfaces
that were left in the vrf.
Testing includes manual testing, bgp-min, ospf-min, vrf-min, bgp-smoke, and ospf-smoke.
All passed (first time or on rerun) or match known failures.
Ticket: CM-13288 Signed-off-by: Don Slice Reviewed-by: Donald Sharp
Daniel Walton [Wed, 17 May 2017 00:16:09 +0000 (00:16 +0000)]
tools: reload handle removal of entire address-family section under BGP
Signed-off-by: Daniel Walton <dwalton@cumulusnetworks.com>
When an entire address-family section is removed from under BGP, we
cannot just issue 'no address-family foo bar' as address-family line
doesn't support 'no'. We have to delete the individual lines under the
address-family.
Daniel Walton [Tue, 16 May 2017 23:58:34 +0000 (23:58 +0000)]
bgpd: 'redistribute' triggers both IPv4 and IPv6 code paths
Signed-off-by: Daniel Walton <dwalton@cumulusnetworks.com>
Whenever you did "redistribute" zebra would kick this off for ipv4 and
ipv6. No real issue other than this is sub-optimal
Daniel Walton [Tue, 16 May 2017 23:54:46 +0000 (23:54 +0000)]
bgpd: "neighbor swpX interface remote-as XYZ" is ignored
Signed-off-by: Daniel Walton <dwalton@cumulusnetworks.com> Reviewed-by: Don Slice <dslice@cumulusnetworks.com>
If you did:
neighbor swp1 interface
neighbor swp1 interface remote-as external
we would not set the remote-as. You could however still do
neighbor swp1 remote-as external