commit a4b5665f76d9e907a547c85c9c4a7a656c568b9d Author: David Lamparter Date: Tue Jun 24 07:14:20 2014 +0200 release: 0.99.23 commit 2c32ee5f04191c6ffae9c19621548bc72b00e3ba Author: David Lamparter Date: Tue Jun 24 07:12:01 2014 +0200 doc: update NEWS for 0.99.23 changes commit 6b0655a25194c7c0331154edaa6124cf783e5e5e Author: David Lamparter Date: Wed Jun 4 06:53:35 2014 +0200 *: nuke ^L (page feed) Quagga sources have inherited a slew of Page Feed (^L, \xC) characters from ancient history. Among other things, these break patchwork's XML-RPC API because \xC is not a valid character in XML documents. Nuke them from high orbit. Patches can be adapted simply by: sed -e 's%^L%%' -i filename.patch (you can type page feeds in some environments with Ctrl-V Ctrl-L) Signed-off-by: David Lamparter commit fdb913aedb5a9807ad60715e8badb4f25d57acea Author: David Lamparter Date: Tue Jun 3 18:42:25 2014 +0200 build: Quagga 0.99.23-rc1 this is not a full release version, so neither release notes nor documentation are updated yet. Also, signing the tag with my private GPG key instead of the Quagga one. commit fd6f39a514093973bb0fb39484a0ed9615534c89 Author: Lu Feng Date: Wed Feb 19 09:05:05 2014 +0000 isisd: ignore the unrecognized TLVs When processing LSPDUs, the unrecognized TLVs/sub-TLVs should be silently ignored. In parse_tlvs(), ISIS_WARNING is returned once an unrecognized TLV exists. It breaks the processing in lsp_authentication_check() and lsp_update_data(). So remove it. Signed-off-by: Feng Lu Signed-off-by: David Lamparter commit 404fd2974fb53340be6d570b86f2f6f4c0a100c6 Author: Joachim Nilsson Date: Wed Aug 21 09:39:33 2013 +0000 ripd: fix "show ip rip status" documentation The command was mis-named in the documentation as "show ip protocols". Signed-off-by: Joachim Nilsson Signed-off-by: David Lamparter commit 7b3b98ae3ecdad20cf5cebd2a6532aee17184d95 Author: Lu Feng Date: Mon Apr 14 08:09:29 2014 +0000 ripd & ripngd: avoid the zero interface metric The interface metric is initialized to 0 in the commit db19c85: zebra: set metric for directly connected routes via netlink to 0 Ripd and ripngd must be aware of it and avoid increase the route metric by 0. Signed-off-by: Feng Lu Signed-off-by: David Lamparter commit 224e7e515747b74dd6d3610570a64b9726a27722 Author: Timo Teräs Date: Thu Apr 24 06:40:33 2014 +0000 lib: remove redundant and incorrect sys/fcntl.h include POSIX defines , is the same thing. However, it should not be used as it's existence can depend on C-library implementation. E.g. musl gives warning if is used. Signed-off-by: Timo Teräs Signed-off-by: David Lamparter commit d9d4ae5157207b9b8bdb167983519a7ffb860f2c Author: Stephen Hemminger Date: Wed Jan 13 00:32:39 2010 +0000 bgpd: fix crash when allowas-in is done on inactive peer When allowas-in is changed on a peer that is not up, BGP would crash trying to do route_refresh. If peer is not up, there is no need to do notification or send. Signed-off-by: Stephen Hemminger Acked-by: Feng Lu Signed-off-by: David Lamparter commit 8c71e481dae11b7ae3f1ef561a989624b2ae84b6 Author: Pradosh Mohapatra Date: Wed Jan 15 06:57:57 2014 +0000 bgpd: efficient NLRI packing for AFs != ipv4-unicast ISSUE: Currently, for non-ipv4-unicast address families where prefixes are encoded in MP_REACH/MP_UNREACH attributes, BGP ends up sending one prefix per UPDATE message. This is quite inefficient. The patch addresses the issue. PATCH: We introduce a scratch buffer in the peer structure that stores the MP_REACH/MP_UNREACH attributes for non-ipv4-unicast families. This enables us to encode multiple prefixes. In the end, the two buffers are merged to create the UPDATE packet. Signed-off-by: Pradosh Mohapatra Reviewed-by: Daniel Walton [DL: removed no longer existing bgp_packet_withdraw prototype] Signed-off-by: David Lamparter commit 2c13299a05e5544a5e79c2a970256a21f488a3fa Author: Pradosh Mohapatra Date: Sat Sep 7 07:07:20 2013 +0000 bgpd: don't compare next-hop to router-id While announcing a path to a peer, the code currently compares the path's next-hop with the peer's router-id. This can lead to problems as the router IDs are unique only within an AS. Suppose AS 1 sends route with next-hop 10.1.1.1. It is possible that the speaker has an established BGP peering with a router in AS 2 with router ID 10.1.1.1. The route will not be advertised to that peer in AS 2. The patch removes this check. Signed-off-by: Pradosh Mohapatra Reviewed-by: Dinesh G Dutt Reviewed-by: Shrijeet Mukherjee Signed-off-by: David Lamparter commit 66d2ead7df2db9144605c973fcd80b88df33f81b Author: Sébastien Luttringer Date: Tue May 27 19:55:11 2014 +0200 vtysh: fix build against readline 6.3 readline 6.3 removes some old deprecated funnily-named types. This updates vtysh to use the new types so it builds again. Reported-by: Joel Teichroeb References: https://bugs.archlinux.org/task/39495 Signed-off-by: David Lamparter commit 8e998b1eb5fea53f2a2eddd9f7f2b8ab004406f3 Author: Michal Sekletar Date: Fri May 16 14:13:43 2014 +0000 zebra: raise the privileges before calling socket() Because of recent changes when creating AF_NETLINK socket, kernel will cache capabilities of the caller and if file descriptor is used or otherwise handed to another process it will check that current user has necessary capabilities to use the socket. Hence we need to ensure we have necessary capabilities when creating the socket and at the time we use the socket. See: http://www.spinics.net/lists/netdev/msg280198.html Signed-off-by: Michal Sekletar Signed-off-by: David Lamparter commit 000e157c852653288c5a1e6d0dee821c1765d315 Author: Milan Kocian Date: Fri Oct 18 07:59:38 2013 +0000 bgpd: Fix condition allowas-in in rsclient code Currently when you set neighbour's 'allowas-in' option on route server side you get redistribution of the prefixes from this neighbour's table into all neighbour's tables which have the same AS number. I think that wanted behaviour is to allow import prefixes from neighbour's tables with the same AS num into neighbour which has 'allowas-in' option set. Signed-off-by: Milan Kocian Signed-off-by: David Lamparter commit 5d804b439a4138c77f81de30c64f923e2b5c1340 Author: Pradosh Mohapatra Date: Thu Sep 12 03:37:07 2013 +0000 bgpd: support TTL-security with iBGP Traditionally, ttl-security feature has been associated with EBGP sessions as those identify directly connected external peers. The GTSM RFC (rfc 5082) does not make any restrictions on type of peering. In fact, it is beneficial to support ttl-security for both EBGP and IBGP sessions. Specifically, in data centers, there are directly connected IBGP peerings that will benefit from the protection ttl-security provides. Signed-off-by: Dinesh G Dutt Reviewed-by: Pradosh Mohapatra [DL: function refactoring split out into previous 2 patches. changes: - bgp_set_socket_ttl(): ret type int -> void - is_ebgp_multihop_configured(): stripped peer == NULL check - comments/whitespace] Signed-off-by: David Lamparter commit 5f9adb5d26d3af31b00c02084468e9f92b461b01 Author: David Lamparter Date: Mon May 19 23:15:02 2014 +0200 bgpd: factor out eBGP multihop check The check for an eBGP multihop configuration is unwieldy; factor it out into a separate function. [DL: originally by Dinesh G Dutt , split off from the next commit] Signed-off-by: David Lamparter commit ef0b0c3e95a1f30d6f338100c689feef8ad5cd6e Author: David Lamparter Date: Mon May 19 22:52:04 2014 +0200 bgpd: factor out TTL setting TTL/min TTL are set from both bgp_accept() and bgp_connect(). Factor them out so the following change to enable iBGP GTSM becomes more readable. [DL: originally by Dinesh G Dutt , split off from the next commit] Signed-off-by: David Lamparter commit 8da8689d91a6436c17aca5000b1426aaea47e23c Author: Pradosh Mohapatra Date: Wed Sep 11 03:33:55 2013 +0000 bgpd: fix fast external fallover behavior ISSUES 1. When an interface goes down, the zclient callbacks are invoked in the following order: (a) address_delete() that removes the connected address list: ifp->connected, (b) interface_down() that performs "fast external fallover" operation. The operation relies on ifp->connected to look for peers that should be brought down. That's a cyclic dependency. 2. 'ttl-security' configuration handler sets peer->ttl to MAXTTL (so that BGP packets are sent with TTL=255, as per the requirement of ttl-security). This, however, is incompatible with 'fast external fallover' as the fallover operation checks for (ttl == 1) to determine directly connected peers. 3. The current fallover operation does not work for IPv6 address family. PATCH 1. The patch removes the dependency on 'ifp->connected' list for fast fallover. The peer already contains a nexthop structure that reflects the peering address. The nexthop structure has a pointer to the interface (ifp) that peering address resolves to. Everytime the TCP connection succeeds, the ifp is updated. The patch uses this ifp in the interface_down() callback for a match for the peers that should be brought down. 2. The evaluation for directly connected peering is enhanced as 'peer->ttl == 1' OR 'peer->gtsm_hops == 1'. Thus a ttl-security configuration on the peer with one hop is directly connected and should be brought down under 'fast external fallover'. 3. Because of fix (1), IPv6 address family works automatically. Signed-off-by: Pradosh Mohapatra Reviewed-by: Dinesh G Dutt Signed-off-by: David Lamparter commit 3374bef0412ac11815779f54321cbc4bf96da909 Author: Vipin Kumar Date: Thu Jan 9 00:31:22 2014 +0000 bgpd: increase TCP socket buffer size BGP does not respond fairly in high scale. As the number of BGP peers and prefixes increase, triggers like interface flaps which lead to BGP peer flaps, cause blockage in bgp_write. BGP does handle the cases of TCP socket buffer full by queuing a write event back, there is no functional issue there as such. Still, increasing the peer socket buffer size should help reduce event queueing in BGP. Signed-off-by: Vipin Kumar Reviewed-by: Pradosh Mohapatra Reviewed-by: Dinesh Dutt [DL: patch split, this is item 3.] Signed-off-by: David Lamparter commit 48fc05fb7e6ee44db9f73f3194bfd4738b7f9dc1 Author: Vipin Kumar Date: Thu Jan 9 00:31:22 2014 +0000 bgpd: fix O_NONBLOCK on outgoing connects BGP was setting sockets to be non-blocking only for the accepted passive peers. As a fix, setting the BGP sockets to be non-blocking even for the active peers. Signed-off-by: Vipin Kumar Reviewed-by: Pradosh Mohapatra Reviewed-by: Dinesh Dutt [DL: patch split, this is item 1.] Signed-off-by: David Lamparter commit 6aa136f1eaeb0dfc1e39e6c2cd6380a399ef126f Author: Vitaliy Senchyshyn Date: Wed Oct 2 10:40:20 2013 +0000 bgpd: send notify in OpenSent when stopping manually The issue it fixes is that the notification message is not sent to a second peer when bgp is stopped manually. According to BGP RFC4271, section 8.2.2, regarding the FSM transitions, in OpenSent state: If a ManualStop event (Event 2) is issued in the OpenSent state, the local system: * sends the NOTIFICATION with a Cease, * sets the ConnectRetryTimer to zero, * releases all BGP resources, * drops the TCP connection, * sets the ConnectRetryCounter to zero, and * changes its state to Idle. I've added a check for OpenSent state when the notification is sent from the functions which are called from the CLI commands which directly/indirectly stop/restart BGP. Acked-by: Pradosh Mohapatra Signed-off-by: David Lamparter commit b366b518401e0b0652cd70d297d3fb67b4803db0 Author: Boian Bonev Date: Mon Sep 9 16:41:35 2013 +0000 bgpd: display multipath status in "show ip bgp" The output of "show ip bg" does not show whether and which routes are installed as multipath routes along the best route: BGP table version is 0, local router ID is 10.10.100.209 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, R Removed Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *>i1.0.0.0/24 10.10.100.1 1 111 0 15169 i * i 10.10.100.2 1 111 0 15169 i * i 10.10.100.3 1 111 0 65100 15169 i This patch adds a new status code that is showing exactly which routes are used as multipath: BGP table version is 0, local router ID is 10.10.100.209 Status codes: s suppressed, d damped, h history, * valid, > best, = multipath, i internal, r RIB-failure, S Stale, R Removed Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *>i1.0.0.0/24 10.10.100.1 1 111 0 15169 i *=i 10.10.100.2 1 111 0 15169 i * i 10.10.100.3 1 111 0 65100 15169 i The inconsistency in the status code legend ("i - internal" vs. "i internal") inherent from old IOS was fixed. It had to be touched anyways. Signed-off-by: Boian Bonev [DL: rewrap long line, clean whitespace in same chunk] Signed-off-by: David Lamparter commit 689bb66c6a92d238bed1a8b0920438c5a2271966 Author: Pradosh Mohapatra Date: Sat Sep 7 07:13:37 2013 +0000 bgpd: track correct originator-id in reflected routes ISSUE: Suppose route1 and route2 received from route-reflector-client1 and client2 respectively have identical attributes. The current logic of creating the adj-rib-out for a peer threads the 'adv' structures for both routes against the same attribute. This results in 'bgp_update_packet()' to pack those routes in the same UPDATE message with one attr structure formatted. The originator-id is thus set according to the first route's received router id. This is incorrect. PATCH: Fix bgp_announce_check() function to set the originator-id in the advertising attr structure. Also, fix the attribute hash function and compare function to consider originator-id. Otherwise attributes where all fields except the originator-id are identical get merged into one memory location. Signed-off-by: Pradosh Mohapatra Reviewed-by: Scott Feldman Reviewed-by: Ken Yin [DL: whitespace changes dropped] Signed-off-by: David Lamparter commit 2fdd455cfd1f758b7aa2e6c8e3d185098b93908c Author: Pradosh Mohapatra Date: Sat Sep 7 07:02:36 2013 +0000 bgpd: add 'bgp bestpath as-path multipath-relax' Compute multipath in BGP based on AS_PATH hop count match. If the knob is turned on, it is not required to have an exact match of AS_PATHs (provided other multipath conditions are met, of course). Signed-off-by: Pradosh Mohapatra Reviewed-by: Dinesh G Dutt Signed-off-by: David Lamparter commit d92a2f39b46f1990052d2db046b47edf7bb21ebb Author: Jorge Boncompte [DTI2] Date: Wed Jul 31 16:36:08 2013 +0000 bgpd: use ATTR_FLAG_BIT() for BGP_ATTR_ values * bgp_attr.c: this UNSET_FLAG()s are bogus. I did a quick review and I think that they could not cause any bug anyway. Signed-off-by: Jorge Boncompte [DTI2] Acked-by: Feng Lu Signed-off-by: David Lamparter commit cbf435cb72b937c9e5bfe38905e05de3755b1021 Author: Christian Franke Date: Mon Apr 28 11:42:20 2014 +0000 ospfd: add debug messages for router lsa-generation Add log messages to lsa_link_broadcast_set so it becomes more apparent why a particular broadcast interface was added as transit or stub interface. Signed-off-by: Christian Franke Acked-by: Feng Lu Signed-off-by: David Lamparter commit b4b359a265f1b6272b4eb17c11e9c6ef9817f34b Author: Pradosh Mohapatra Date: Mon Apr 28 10:58:06 2014 +0000 ospfd: For an ABR, ensure the right LSID is MaxAge'd PROBLEM: Accurate garbage collection of maxage LSAs. The global OSPF structure has a maxage_lsa tree - the key to the tree is tuple. Suppose the ABR has multiple areas and has originated some intra-area LSAs. The key for all those LSAs is the same. The code then ends up in a state where all but the first LSA do not get cleaned up from the areas' LSDB. A subsequent event would readvertise those LSAs. PATCH: Since the LSA is going to stick around till it actually gets cleaned up by the maxage_walker, make the LSA pointer as the key. Each distinct LSA that gets maxage'd then gets added to the tree and will get cleaned up correctly. Signed-off-by: Pradosh Mohapatra [CF: Use CHAR_BIT; use uintptr_t; use sizeof(field) instead of sizeof(type)] Signed-off-by: Christian Franke [DL: this must remain a temporary fix! needs to be redone after 0.99.23] Signed-off-by: David Lamparter commit 8afee5c1729e56f74d27ceb1766bea9f943f060c Author: Christian Franke Date: Mon Apr 28 08:04:59 2014 +0000 ospfd: clarify indentation and comments in ospf_lsa_maxage_delete Signed-off-by: Christian Franke Acked-by: Feng Lu Signed-off-by: David Lamparter commit e387dfd18ded3ddfef4c0a9cb896f73831864579 Author: Christian Franke Date: Mon Apr 28 08:04:58 2014 +0000 ospfd: fix a reference counting issue introduced by commit 4de8bf0011 Commit 4de8bf0011 added a return statement to a loop iterating over a route_table. That loop uses route_top/route_next. As commit 4de8bf0011 failed to add a route_node_unlock before the return statement, a reference is leaked when this codepath is taken. Signed-off-by: Christian Franke Acked-by: Feng Lu Signed-off-by: David Lamparter commit 49d7af115177d05bd66d3115cbacd56a7591ec5e Author: Lu Feng Date: Fri Feb 21 08:11:15 2014 +0000 ospfd: check the LS-Ack's recentness instead of only comparing the #seq ISSUE: RTA(DR)-----(BackupDR)RTB RTA advertises a new LSA to RTB, and then flushes the LSA (with setting the age of the LSA to MaxAge) within 1 second. Then the LSA is deleted from RTA, while it still exists on RTB with non-MaxAge and can not be flushed any more. FIX: The reason can be explained in below: a) RTA -- new LSA, #seq=1 --> RTB (RTB will send the delayed Ack in 1s) b) RTA -- MaxAge LSA, #seq=1 --> RTB (RTB discards it for the MIN_LS_ARRIVAL) c) RTA <-- Ack for the new LSA, #seq=1 -- RTB (RTA accepts it) In the step c), ospf_ls_ack() compares the #seq of the entry in the LS-Ack with that of local MaxAge LSA. The #seq of the two entries are same. So the Ack is accepted and the LSA is removed from the retransmit-list (while it should not). In RFC2328, section 13.7. Receiving link state acknowledgments: o If the acknowledgment is for the same instance that is <== contained on the list, remove the item from the list and examine the next acknowledgment. Otherwise: where "same instance" does not mean the same #seq. We must call ospf_lsa_more_recent() to check whether the two instances are same. Signed-off-by: Feng Lu Signed-off-by: Christian Franke Signed-off-by: David Lamparter commit 4b4bda9bb1913579bd54667f62fafe58e2746478 Author: Christian Franke Date: Thu Jul 11 07:56:29 2013 +0000 ospfd: don't allow to set network type on loopback interfaces OSPFd only allocates some stub information for loopback interfaces. This causes a crash when the interface state machine is started on that interface by configuring a different network type. It doesn't make much sense to configure the network type of a loopback interface, therefore, just forbid it. See also bugzilla #670. Signed-off-by: Christian Franke Signed-off-by: David Lamparter commit 7a9d983e4f961c2103f2cf82a51d5d8321ad0e43 Author: Christian Franke Date: Wed Jul 10 11:56:18 2013 +0000 ospfd: run DR election prior to LSA regeneration The results from DR election are used when constructing router-LSAs. E.g. they are used to determine whether a broadcast interface should be added with a link type of stub interface or transit interface. Therefore, we should run DR election prior before regenerating LSAs. Before commit c363d3861b5384a31465a72ddc3b0f6ff007a95a the DR election was called synchronously prior to router-LSA regeneration which was run asynchronously. This fixes bug #761 on the Quagga bugzilla. Signed-off-by: Christian Franke Acked-by: Feng Lu Signed-off-by: David Lamparter commit 24c84dbe806084552d7bb14b9f1d00514a048b9d Author: Ken Williams Date: Tue Apr 15 02:23:11 2014 +0000 zebra: Change the mechanism for comparing route ID's. The current format uses subtraction of two ints. Unfortunately, the subtraction method does not work for all combinations of numbers. For example, the with numbers represented by 10.x.x.x and 192.x.x.x, 10.x.x.x - 192.x.x.x will yield a very large positive number indicating that 10.x.x.x is larger. Signed-off-by: Ken Williams Acked-by: Feng Lu Signed-off-by: David Lamparter commit 4becea724ccd87e88f8454622ae227308b5fa3ce Author: Christian Franke Date: Tue Nov 19 14:11:42 2013 +0000 lib: use heap to manage timers Signed-off-by: Christian Franke Signed-off-by: David Lamparter commit 514991c76366c2a9f4c644714ad0722df0eed532 Author: Christian Franke Date: Tue Nov 19 14:11:41 2013 +0000 lib: remove unused thread_master_debug function Signed-off-by: Christian Franke Signed-off-by: David Lamparter commit ba32db1e854ff2b26861a2d4e4193a9f1b3816cd Author: Christian Franke Date: Tue Nov 19 14:11:40 2013 +0000 tests: Add tests for timers Signed-off-by: Christian Franke Signed-off-by: David Lamparter commit 6f2a67031cfb21362fc7ecd3251761799c8ffe27 Author: Christian Franke Date: Mon Sep 30 12:27:52 2013 +0000 ospfd/ospf_vty.c: use keyword cmd style Use the new keyword command style for: - default-information originate - distance ospf - redistribute Signed-off-by: Christian Franke Signed-off-by: David Lamparter commit cd40b329a2e4da882bcad0431c048c876bbeafbd Author: Christian Franke Date: Mon Sep 30 12:27:51 2013 +0000 lib/command.c: rewrite command matching/parsing Add support for keyword commands. Includes new documentation for DEFUN() in lib/command.h, for preexisting features as well as new keyword specification. Signed-off-by: Christian Franke Signed-off-by: David Lamparter commit e712d0e3667ffad8109ef8bce3ce01927ee95bb7 Author: David Lamparter Date: Tue Apr 1 19:34:55 2014 +0200 tests: fix build & disable testcommands The perils of having tests, the test wasn't tested thoroughly enough... Fixup various automake problems, and then disable it since it depends on configure parameters in its current version. For 0.99.24 we can ship a static copy of vtysh_cmd.c and have it reenabled. Signed-off-by: David Lamparter commit 8f399b0e4fff2344d75ebf709e1ce55f15269db2 Author: Christian Franke Date: Mon Sep 30 12:27:50 2013 +0000 tests: add a test program for lib/command.c Signed-off-by: Christian Franke Signed-off-by: David Lamparter commit 2b00515a9b639fd1e057f3ebf10ded2dde920764 Author: Christian Franke Date: Mon Sep 30 12:27:49 2013 +0000 bgpd, ospfd, zebra: fix some DEFUN definitions Fixup some DEFUNS with incorrect command strings or mixed up helpstrings. Signed-off-by: Christian Franke Signed-off-by: David Lamparter commit f7bf41534e885c7bc077529c591a1bce24a5f1e9 Author: David Lamparter Date: Tue Oct 22 17:10:21 2013 +0000 zebra: apply syntactic sugar to rib_dump() strip the explicit __func__ present on all calls and make the prefix argument a transparent union. Signed-off-by: David Lamparter commit db19c85679b08668c3dce73a655c21753042cf06 Author: Brett Ciphery Date: Thu Oct 3 13:48:54 2013 +0000 zebra: set metric for directly connected routes via netlink to 0 a value of 1 is hard coded for the metric field, much like the ifconfig utility it may have roots in. in order to be in line with the metric used in the linux kernel itself, we switch this to 0. Signed-off-by: Brett Ciphery Signed-off-by: David Lamparter commit 98a59492d9152df8c93612d2d12f170b5c034189 Author: David Lamparter Date: Thu Aug 1 08:12:25 2013 +0000 build: remove now-useless --{en, dis}able-tests commit d771020 "don't build tests unless make check is run" has made the --{en,dis}able-tests switch completely useless. The differentiation is now made by running "make check" or not doing so. The only effect of the switch is an "empty" excursion of make into the tests/ directory. (well, and it turns "make check" useless from the main directory if --disable-tests is given, which I don't think makes sense either) Acked-by: Greg Troxel Signed-off-by: David Lamparter commit 8c99b4c11e69e4cf0ac03c551764cccc0a3fe35a Author: David Lamparter Date: Thu Aug 1 07:43:36 2013 +0000 build: improve backtrace support/detection libexecinfo is used to provide backtrace() on *BSD. The API is compatible with glibc's, so this is a "free" improvement. To improve configure behaviour, the following configure options are modified/introduced: * --enable-gcc-rdynamic now defaults to "on" if the compiler is gcc. (I sadly wasn't able to find any documentation on the availability of this option for llvm, even though at least the version I have installed does support it) * --enable-backtrace has been added. This behaves as off/auto/on switch, i.e. giving either {dis,en}able will result in the requested behaviour (or an error if support wasn't found) Signed-off-by: David Lamparter commit af514777f4327932a3e84f83d79e941967503e15 Author: Jorge Boncompte [DTI2] Date: Wed Jul 31 16:16:05 2013 +0000 lib: fix possible off-by-one in stream_put_prefix() The STREAM_WRITEABLE() call only checks if there is space for the prefix in the stream but does not account for the prefixlen. The stream_putc() call reduces available space by 1 and we can end copying one byte too much and with "endp" off by one if we are near the buffer end. Instead of moving the stream_putc() call before STREAM_WRITEABLE(), we check before hand for the required space, and open-code it. This avoids a function call and verifying again the stream buffer. Signed-off-by: Jorge Boncompte [DTI2] Signed-off-by: David Lamparter commit 6d729eeac91578dca29961e0e46f246f33c37f0c Author: Jorge Boncompte [DTI2] Date: Wed Jul 31 15:01:18 2013 +0000 lib: fix for dynamically grown hashes Fixes commit 97c84db00c (hash: dynamically grow hash table). The no_expand field it's not initialized and could make the hashes to never grow the table index. Signed-off-by: Jorge Boncompte [DTI2] Acked-by: Feng Lu Signed-off-by: David Lamparter commit 4d474fa3297c0d5d632e2c0bff6ccb0edbedaa5d Author: David Lamparter Date: Tue Nov 19 15:00:06 2013 +0100 lib: fix backtraces broken by 837d16c... 837d16c ("*: use array_size() helper macro") accidentally changed one of the expressions in the backtrace code, which afterwards read: zlog_backtrace_sigsafe(): if (((size = backtrace(array,array_size(array)) <= 0) || which boils down to: (size = backtrace(...) <= 0). The braces were intended to go: (size = backtrace(...)) <= 0. All in all, this makes a nice textbook example of the original author being too clever (trying to save a single line by pulling the assignment into the condition) and the next person touching the code tripping over it... This code occurs another time in zlog_backtrace() where it is actually correct. Pulling out the assignment nonetheless. Also, new test program. Cc: Andrew J. Schorr Cc: Balaji.G Cc: Scott Feldman Signed-off-by: David Lamparter commit c78a46c27f6dfdd42fe0800cebabc1e49cb0a4bf Author: Christian Franke Date: Wed Mar 20 10:50:09 2013 +0000 ospf6d: fix refcounting in ospf6_asbr_lsa_remove When iterating over a list, also the last node should be unlocked again. Signed-off-by: Christian Franke Signed-off-by: David Lamparter commit fd5006896fce2816244c1ef4cabc736279548538 Author: Vincent Bernat Date: Wed Oct 24 14:45:54 2012 +0000 ospf6d: add "auto-cost reference-bandwidth" command This command allows the user to change to default reference bandwidth for cost calculations. The default value is 100 Mbps. With a default bandwidth of 10 MBps, the default cost becomes 10. Those values are consistent with OSPFv2. [DL: resolved conflicts in vty command additions & docs] Signed-off-by: David Lamparter commit c19543b223d3b8463c048f346b8044589e0cce39 Author: Vincent Bernat Date: Wed Oct 24 14:45:53 2012 +0000 ospf6d: compute interface cost from its bandwidth Previously, the interface cost was a fixed default value that a user was allowed to change with "ipv6 ospf6 cost XX". As what is done with OSPFv2, we change this behaviour to compute the default interface cost from the interface bandwidth. The user can still force a cost with "ipv6 ospf6 cost XX". He can get the default value with "no ipv6 ospf6 cost". Moreover, the default cost value was 1. The cost is now computed from the bandwidth and a default reference bandwidth of 100 MBps (as for OSPFv2). Since the default bandwidth for an interface is 10 MBps, the "default" cost becomes 10 instead of 1. [DL: resolved conflict in ospf6d/ospf6_interface.c] Signed-off-by: David Lamparter commit 1db65fadf627637621c342b789b9a3604ca5fab5 Author: Ingo Flaschberger Date: Sun Apr 17 18:28:20 2011 +0000 ospf6d: solve segfaults with ospf6d on FreeBSD Do not send ospf6d hellos on fresh created interfaces without configuration (ie. no vlan configured). Ospf6d use ip6_mtu, if it's not initalised, Ospf6d tries to alloc indefinite size of memory. Signed-off-by: David Lamparter commit e708ed69aa0b993527f48b1f31b645c00750927f Merge: a11e012 424cc3b Author: David Lamparter Date: Tue Mar 18 17:04:25 2014 +0100 Merge volatile/cumulus_ospf6d Signed-off-by: David Lamparter commit 424cc3bd48da0f417c9056c5c2ade697a3386cd4 Author: David Lamparter Date: Sat Nov 23 16:55:36 2013 +0100 ospf6d: fix interface_down() stopping hellos interface_down() - which also handles some nonobvious cases like the last linklocal address disappearing - was previously not cancelling the hello timer. This had the effect of multiple such threads ending up scheduled after a quick down-up cycle. Signed-off-by: David Lamparter commit 11b4f01355703d34099d4da145c7d92e32d98636 Author: David Lamparter Date: Mon Dec 9 16:48:55 2013 +0100 ospf6d: clear lsa->refresh before clearing LSAs This fixes a SEGV when we receive a higher-SeqNum copy of a LSA that we originated ourselves, before a reboot of ospf6d. We create a new copy of the LSA to resync the SeqNum, but then half an hour later the old refresh thread ends up trying to refresh the free()'d old LSA. The SEGV is triggered by this chain: ospf6_lsdb_maxage_remover -> thread_execute(ospf6_lsa_refresh) -> old->refresh = NULL Which assumes that old->refresh is no longer scheduled to run, as it is being run right there. But the thread_execute() doesn't know about old->refresh and therefore didn't remove it. (Found by ANVL OSPFV3-16.17) Signed-off-by: David Lamparter commit b13c1d9299d6426f48f074545f3e403e5a9b8a61 Author: Christian Franke Date: Thu Dec 13 16:11:16 2012 +0100 ospf6d: handle missing link local address more gracefully ospf6 can't run on an interface without a link local address. Don't start the state machine when an interface comes up without such an ip and bring it up later, when a usable link local address is added. Signed-off-by: Christian Franke Signed-off-by: David Lamparter commit d9628728e0924ae13ef6e8f8a67a2c9802745184 Author: Christian Franke Date: Fri Mar 8 21:47:35 2013 +0100 ospf6d: improve ordered shutdown Improve the _disable/_enable infrastructure so it gets into a more usable shape and make 'no router ospf6' actually work. Signed-off-by: Christian Franke Signed-off-by: David Lamparter commit a11e012e8661629d665e992e765741a5eaa7d017 Author: Remi Gacogne Date: Sun Sep 8 13:48:34 2013 +0000 security: Fix some typos and potential NULL-deref This patch against the git tree fixes minor typos, some of them possibily leading to NULL-pointer dereference in rare conditions. Signed-off-by: Remi Gacogne Signed-off-by: Joachim Nilsson Acked-by: Feng Lu commit b52aef18a9f3acc8b24ab5c2631dc574b8e2ec70 Author: Christian Franke Date: Wed Nov 27 17:06:15 2013 +0000 zebra: log routes w/o gateway in rib_delete_ipv4 Signed-off-by: Christian Franke Acked-by: Feng Lu Signed-off-by: David Lamparter commit 23f5f7c3dd805b7d6a46d86d23aaa5c71273a84a Author: Christian Franke Date: Wed Nov 27 17:06:14 2013 +0000 zebra: match gateway when deleting NEXTHOP_IPV4_IFINDEX routes Signed-off-by: Christian Franke Acked-by: Feng Lu commit a25a1264a5615a90e9ca9f60ccc1f397ca55bc56 Author: Christian Franke Date: Wed Nov 27 14:36:05 2013 +0000 ospfd: fixup log message in ospf_zebra_delete Signed-off-by: Christian Franke Acked-by: Feng Lu commit 6ee06fa9ed91412cb745668d462031cdbe2642e0 Author: Pradosh Mohapatra Date: Sun Jan 12 18:30:13 2014 +0000 bgpd: bgpd-set-v4-nexthop-for-v6-peering.patch BGP: While advertising v4 prefixes over a v6 session, set the correct v4 nexthop. ISSUE: For an IPv6 peer, BGPd sets the local router-id as the next-hop's v4 address. This is incorrect as the router-id may not be a valid next-hop to be included in UPDATEs that contain v4 prefixes. PATCH: Set the v4 address in the next-hop field based on the interface that the peering is on (directly connected interface or loopback). Signed-off-by: Pradosh Mohapatra Reviewed-by: Scott Feldman Acked-by: Feng Lu commit 37531a7ec380554b18c004bcae9f5a070385d132 Author: Christian Franke Date: Thu Dec 13 13:50:28 2012 +0100 ospf6d: clear DR info on interface_down This fixes an issue where ospf6d would send incorrect hellos and perform wrong DR election when an interface went down and up again. Signed-off-by: Christian Franke commit 1579a67f130ca34df9acefac14ebcdfdd8f6600a Author: Christian Franke Date: Fri Mar 8 02:35:38 2013 +0100 ospf6d: set cmsg size correctly On both Linux and FreeBSD, msg_controllen should be set to CMSG_LEN, not CMSG_SPACE. This avoids sending 4 bytes of trailing garbage to the kernel. Signed-off-by: Christian Franke commit 7d4aa1d57d54a57aae78e6b12cf4524e2c43a514 Author: Christian Franke Date: Thu Dec 13 16:10:05 2012 +0100 ospf6d: don't run DR election early on "ipv6 ospf6 priority" On changing the router priority, DR election should only be run when it was completed at least once before. Signed-off-by: Christian Franke commit ba960d5ae43e49991ed70fbe9ffa2e4567437a31 Author: Dinesh Dutt Date: Mon Aug 26 03:40:37 2013 +0000 ospf6d: fix integrated config With integrated config, the line defining an interface to be p2p is defined before assigning the interface to an area. When during the interface transition, there is an attempt to generate a router LSA, the process crashes. This fix addresses that. Signed-off-by: Dinesh G Dutt Reviewed-by: Pradosh Mohapatra Reviewed-by: Scott Feldman Signed-off-by: David Lamparter commit a0edf6740e8203abec1ee3efa344a417c16fec7b Author: Dinesh Dutt Date: Mon Aug 26 03:40:23 2013 +0000 ospf6d: add SPF logs, statistics, and display of SPF parameters Signed-off-by: Pradosh Mohapatra Reviewed-by: Scott Feldman [DL: adapted to rebase / readded randomly lost line] [DL: killed timeval_subtract] Signed-off-by: David Lamparter commit 3d35ca482babab4267570143b8327fc894df0ff8 Author: Dinesh Dutt Date: Mon Aug 26 03:40:16 2013 +0000 ospf6d: add 'log-adjacency-changes [detail]' Similar to OSPFv2, add support for 'log-adjacency-changes [detail]' to log changes in adjacency state of ospfv3 neighbors. Signed-off-by: Pradosh Mohapatra Reviewed-by: Dinesh G Dutt Reviewed-by: Scott Feldman Reviewed-by: Shrijeet Mukherjee Signed-off-by: David Lamparter commit 7cf997226e86d98839f1e7872ca98b023ffea98e Author: Dinesh Dutt Date: Sun Aug 25 03:03:39 2013 +0000 ospf6d: don't send LSAck on an interface if we've flooded the LSU out that i/f If we flood an LSA back out the same interface we received it from, don't send an LSAck out that interface for that LSA. This is as per RFC 2328, section 13.5 Signed-off-by: Dinesh G Dutt Reviewed-by: Pradosh Mohapatra Reviewed-by: Scott Feldman Signed-off-by: David Lamparter commit 01879114f73adaf1cd4c9f5e7ae1550b72ff9ca9 Author: Dinesh Dutt Date: Sun Aug 25 03:03:31 2013 +0000 ospf6d: handle Prefix and Router Options bits correctly Ensure that prefixes with the NU/LA bit set do not get added to the routing table. Ensure that routers with the V6/R bit set do not get added as transit routes. Signed-off-by: Dinesh Dutt [DL: adjust to rebase] Signed-off-by: David Lamparter commit e68a67672ccfabefadac36c66e88af997fb572b2 Author: Dinesh Dutt Date: Sun Aug 25 03:03:23 2013 +0000 ospf6d: add LSA payload to show summary output Unlike OSPFv2, the LSID of an LSA isn't sufficient to know what the contents of the LSA are. Its useful for debugging and basic eyeball tests to see the contents of the LSA in the simple tabular format of "show ipv6 ospf6 database". This patch adds that output to the command. It replaces the existing fields of "duration, Chksum and Length" with a single field called Payload which is dependent on the LSA type. For Inter-Area Prefix, Intra-Area Prefix and AS-External LSAs, this will be the advertised prefix/prefix length, for Router LSAs, it is RtrID/IfID etc. Signed-off-by: Dinesh G Dutt Reviewed-by: Pradosh Mohapatra Reviewed-by: Scott Feldman [DL: rebase fix, line disappeared in ospf6_abr_originate_summary_to_area] Signed-off-by: David Lamparter commit 931b1b8c9a612665391ed43653c970fcb38bbbf0 Author: Dinesh Dutt Date: Sun Aug 25 03:03:15 2013 +0000 ospf6d: increment dbdesc seqnum on SeqNumberMismatch/BadLsReq event As per RFC 2328, section 10.3, if the neighbor state machine reaches SeqNumberMismatch state when the NSM is in state Exchange or greater, "router increments the DD sequence number in the neighbor data structure, declares itself master (sets the master/slave bit to master), and starts sending Database Description Packets, with the initialize (I), more (M) and master (MS) bits set.". The existing code doesn't increment the DD SeqNum. This patch fixes that. Signed-off-by: Dinesh G Dutt Signed-off-by: David Lamparter commit 7a10a359e9740710c1e39c8be0f761f506795480 Author: Dinesh Dutt Date: Sun Aug 25 03:03:07 2013 +0000 ospf6d: don't change SeqNum on initial DbDesc message The code was setting the DbDesc seqnum to the current seconds value of time if this was the initial DbDesc. However, the same code was getting invoked if the initial DbDesc was retransmitted. Caused ANVL test XX.XX to fail. Signed-off-by: Dinesh G Dutt Signed-off-by: David Lamparter commit 3b220289a4d0da4539d965ca71e9479d68c87b11 Author: Dinesh Dutt Date: Sat Aug 24 08:00:44 2013 +0000 ospf6d: handle seqnum wrapping Signed-off-by: Shrijeet Mukherjee Reviewed-by: Dinesh G Dutt [DL: mechanical adjust to rebase] [DL: adjust to removal of timerwheel code] Signed-off-by: David Lamparter commit f41b4a021659dd48d62b1a7aac4b28e3663dbdaa Author: Dinesh Dutt Date: Sat Aug 24 08:00:37 2013 +0000 ospf6d: add overload support OSPFv3: Support setting/clearing overload bit on router It is sometimes necessary for a router to gracefully remove itself from the SPF tree i.e. it cannot act as a transit router. It does this by setting the overload bit in the router LSA. This patch adds support for enabling/disabling the overload bit. Signed-off-by: Dinesh G Dutt Reviewed-by: Pradosh Mohapatra [DL: patch applied with fuzz] Signed-off-by: David Lamparter commit e7ad6b20d7a7c63ed7c640ab9f61c853e77508c5 Author: Dinesh Dutt Date: Sat Aug 24 07:55:57 2013 +0000 ospf6d: fix linkdown handling Ensure OSPFv3 handles link down even correctly. OSPFv3 checks only the administrative status of a link instead of its operative status. This prevents it up from detecting a real link down event and reacting appropriately. Only protocol timer timeouts make it detect a link down eventually. This patch makes it look for the operative status of a link instead of admin status. Signed-off-by: Dinesh G Dutt Reviewed-by: James Li Signed-off-by: David Lamparter commit b81e97a8a7f85ecc7489dc8a7c7b9d403d9c4bc6 Author: Dinesh Dutt Date: Sat Aug 24 07:55:50 2013 +0000 ospf6d: correct nexthop through directly connected networks This is implementing this part of RFC 2328: This is the "first case", see below, 16.1.1. The next hop calculation ... If there is at least one intervening router in the current shortest path between the destination and the root, the destination simply inherits the set of next hops from the parent. Otherwise, there are two cases. In the first case, the parent vertex is the root (the calculating router itself). This means that the destination is either a directly connected network or directly connected router. The outgoing interface in this case is simply the OSPF interface connecting to the destination network/router. ... The current Quagga code always tries to inherit the nexthop from a parent vertex, but does not cover the case that the destination is directly connected to the root vertex. This patch adds support for that case. Signed-off-by: James Li Reviewed-by: Dinesh G Dutt Signed-off-by: David Lamparter commit 17d003da963d6294e5ab95c690de285eccf0bac0 Author: Dinesh Dutt Date: Sat Aug 24 07:55:43 2013 +0000 ospf6d: don't suppress empty router LSA Currently in OSPFv3 implementation, if all the interfaces are down/loopback or are without any full adjacencies, the router LSA is suppressed. So for a router with only stub networks, no router LSA is generated. However, intra-prefix LSAs are generated for the stub networks and these intra-prefix LSAs will reference the router LSA. So the router LSA really should not be suppressed. It needs to be generated to be the starting vertex for SPF w.r.t the stub networks. Signed-off-by: James Li Reviewed-by: Dinesh G Dutt Signed-off-by: David Lamparter commit e39d05384d4563f04edf339bbd67a117dd18e533 Author: Dinesh Dutt Date: Sat Aug 24 07:55:36 2013 +0000 ospf6d: turn off expensive debugging OSPF6 has very expensive LSDB and route debug on by default. This needs to be turned off for scaled performance. Signed-off-by: James Li Reviewed-by: Dinesh G Dutt Summary: Signed-off-by: David Lamparter commit a765eb9383c53c68523a67b36cea92eadf6f3439 Author: Dinesh Dutt Date: Sat Aug 24 07:55:14 2013 +0000 ospf6d: convert LSDB to use route_node, improve performance the performance in the presence of a large number of LSAs. I also verified that the performance improvements stayed in the presence of a large number of peers (I tested upto 128). Signed-off-by: Dinesh G Dutt Reviewed-by: Scott Feldman Summary: Reviewed-by: James Li Signed-off-by: David Lamparter commit eb82e9ee81792f86548d4937486b5dcbbd411a98 Author: Dinesh Dutt Date: Sat Aug 24 07:55:07 2013 +0000 ospf6d: fix neighbor state machine (faster lsdb sync, RFC compliance) The OSPFv3 code doesn't do the following things right as part of an adjacency bringup: - Transmit DbDesc frames appropriately to ensure faster state transition to Loading state - Transmit LsReq frames when switching to exchange state and on receipt of an LS update in Loading state - Requesting LSAs multiple times in LsReq. It currently uses retransmit timer expiry to send the LsReq and DbDesc frames which significantly slows down large lsdb syncs. Signed-off-by: Dinesh G Dutt Reviewed-by: Scott Feldman Signed-off-by: David Lamparter commit c5926a92235874574b20e426a3752c1451a90ec7 Author: Dinesh Dutt Date: Sat Aug 24 07:55:00 2013 +0000 ospf6d: add p2p interface support Signed-off-by: Dinesh G Dutt Signed-off-by: Ayan Banerjee Reviewed-by: Scott Feldman Reviewed-by: James Li Signed-off-by: David Lamparter commit bf986da797e7d2a0aaae313fea626ba433581f03 Author: Dinesh Dutt Date: Sat Aug 24 07:54:50 2013 +0000 ospf6d: fix various bugs in installing and flooding LSAs Signed-off-by: Dinesh G Dutt Reviewed-by: Pradosh Mohapatra Reviewed-by: Scott Feldman Signed-off-by: David Lamparter commit 8ae454e779d5620576990f4bf5da3a35f913cc4d Author: Dinesh Dutt Date: Sat Aug 24 07:54:41 2013 +0000 ospf6d: add more details to show ipv6 ospf6 data Specifically, it displays the flags, lock and retransmission count fields. Signed-off-by: Dinesh G Dutt Reviewed-by: JR Rivers Reviewed-by: Scott Feldman Signed-off-by: David Lamparter commit 09df4574b95dbb5880eb2d3c3c3c900687a9a3ef Author: Dinesh Dutt Date: Sat Aug 24 07:54:31 2013 +0000 ospf6d: enable the commands to support detailed debugging of LSAs. The code for the commands exists, but it hasn't been defined in the definition of the command itself. This patch fixes that. Signed-off-by: Dinesh G Dutt Reviewed-by: Scott Feldman Signed-off-by: David Lamparter commit ac58e143f7278d5faaad7a8672e48328b03cffa5 Author: Dinesh Dutt Date: Sat Aug 24 07:54:24 2013 +0000 ospf6d: remove older version of LSA from neigbor retx list before prematurely aging it. See comment in code for very detailed issue and fix. Signed-off-by: Dinesh G Dutt Reviewed-by: Scott Feldman Signed-off-by: David Lamparter commit 2449fcd64ae95d5fbfd95d93468fc57003def57d Author: Dinesh Dutt Date: Sat Aug 24 07:54:17 2013 +0000 ospf6d: reinvoke MaxAge remover thread if not all MaxAge LSAs were flushed. MaxAge LSAs are being flushed out only on an event, unlike OSPFv2 where they're flushed out periodically. This causes certain LSAs to hang around forever, never getting flushed out. This patch makes flushing out MaxAge LSAs periodic, retriggered after a certain period if not all MaxAge LSAs were flushed out. Signed-off-by: Dinesh G Dutt Reviewed-by: Scott Feldman Signed-off-by: David Lamparter commit 3810e06eebe14f75c66fb17a88574384573e95fa Author: Dinesh Dutt Date: Sat Aug 24 07:54:09 2013 +0000 ospf6d: schedule SPF to run on events rather than directly on each event. OSPV3 SPF triggers on every SPF-able event instead of using timers the way OSPFv2 does. This patch makes SPF be triggered/throttled similar to OSPFv2. It adds a command to quagga identical to the OSPFv2 equivalent to configure these timers. Summary: Signed-off-by: Dinesh Dutt Reviewed-by: Scott Feldman [DL: removed reference to oa->ts_spf for rebase] [DL: killed timeval_subtract] Signed-off-by: David Lamparter commit 8551e6dadce41fb87a61767af723cb25ae611a04 Author: Dinesh Dutt Date: Tue Oct 22 17:42:18 2013 -0700 ospf6d/ospfd: refactor some common defines Rearranging common defs and structures for use betweeen OSPFv2 and OSPFv3. Created a new file called libospf.h under lib directory to hold defines that are common between OSPFv2 and OSPFv3 code bases. [DL: split of defines refactor from timer refactor] Signed-off-by: David Lamparter commit a83a1e9c2f035d3152451dcfc97ab13b4ac427b9 Author: David Lamparter Date: Tue Oct 22 11:35:48 2013 -0700 build: fix tests/prng.h missing from dist broken by fa713d9... "zebra: rework recursive route resolution", and I forgot to squash the fix into that. Signed-off-by: David Lamparter commit fed643f4093abc0ed5e796aab9047768f7036ed6 Author: Vincent Bernat Date: Tue Oct 23 16:00:42 2012 +0000 zebra: make rib_dump() compatible with IPv6 RIB [DL: resolved conflicts in zebra_rib.c] [DL: fix usage with --disable-ipv6] Signed-off-by: David Lamparter commit f3a1732eb3bb41c094ec558d2aeee2766878a91d Author: Christian Franke Date: Fri Jul 5 15:35:41 2013 +0000 zebra: apply route-maps for interface routes Signed-off-by: Christian Franke Signed-off-by: David Lamparter commit c3e6b595160cd3aa601ae7e1887e695710cde15d Author: Christian Franke Date: Fri Jul 5 15:35:40 2013 +0000 zebra: fix recursive-routes via ifindex routes Signed-off-by: Christian Franke Signed-off-by: David Lamparter commit e8d3d2991f72613edb76dea244a8c8e4684873dd Author: Christian Franke Date: Fri Jul 5 15:35:39 2013 +0000 zebra: implement NEXTHOP_FLAG_ONLINK On Linux, the kernel will only allow for a route to be installed when its gateway is directly attached according the kernel fib. There are cases when this restriction by the kernel is too strong, in those cases, we deploy the RTNH_F_ONLINK netlink flag. Signed-off-by: Christian Franke Signed-off-by: David Lamparter commit 48a53dc71cb422e619859b79d5069e02fcd867d0 Author: Christian Franke Date: Fri Jul 5 15:35:38 2013 +0000 zebra: handle blackholes encountered in recursive resolution Signed-off-by: Christian Franke Signed-off-by: David Lamparter commit fa713d9ee5ed30dedd0a290be9aaff780a2896be Author: Christian Franke Date: Fri Jul 5 15:35:37 2013 +0000 zebra: rework recursive route resolution Change the datastructure for recursive routes. This brings the following benefits: By using struct nexthop also to store nexthops obtained by recursive resolution, we can get rid of quite a bit of code duplication in the fib management. (rt_netlink, rt_socket, ...) With the new datastructure we can make use of all available paths when recursive routes are resolved with multipath routes. Signed-off-by: Christian Franke Signed-off-by: David Lamparter commit bfac8dcd2fe7ed099a679b5c8245599c6d0312ed Author: Christian Franke Date: Thu Jan 24 14:04:50 2013 +0000 zebra: improve interface shutdown behaviour Linux removes IPv6 addresses when the interface is set down. Those addresses need to be readded when the interface is set up again. Also, an interface should not be reactivated from shutdown by configuring an ip address. Finally, remove the three-state logic for the shutdown setting as its sole current use may be mild confusion. Signed-off-by: Christian Franke Signed-off-by: David Lamparter commit 02b4805f3914ef6ba0242c6f4dd1b6759ef97bf2 Author: Christian Franke Date: Thu Jan 24 14:04:49 2013 +0000 zebra: don't change connected state from zebra/interface.c Try to avoid changing connected state from zebra/interface.c as this means making assumptions about kernel behaviour which may be or may become wrong. This state should rather be updated by events from the kernel. Signed-off-by: Christian Franke Signed-off-by: David Lamparter commit f7f740fe58fb838fc87e82dc7e1e2d4e5ccf085c Author: Christian Franke Date: Thu Jan 24 14:04:48 2013 +0000 zebra: add ZEBRA_IFC_QUEUED to keep track of kernel state As there are timeframes when we don't get a notification from the kernel about new addresses. (e.g. while Linux performs IPv6 DAD), we need to have some information whether an address has been sent to the kernel or not. One case where this is relevant would be a user adding an IPv6 address, but deleting it before DAD has been complete. With the next patch which removes some (ill assuming) synchronous parts in address setup, ipv6_address_uninstall would not know whether or not it has to actually delete the prefix from the kernel. Resolving these windows where we lack information is what the flag ZEBRA_IFC_QUEUED is intended for. Signed-off-by: Christian Franke Signed-off-by: David Lamparter commit c7df92de2dc91d0a934cf892e543728cb1a10849 Author: Christian Franke Date: Thu Jan 24 14:04:47 2013 +0000 zebra: warn if advertising connected with _REAL unset The implementation in zebra and the zclient protocol allow to communicate addresses to clients which are not yet in the kernel. This is usually not done and most clients seem to expect an address to be configured in the kernel when they receive it. Therefore, it seems reasonable to issue a warning when advertising an address to the clients that is not yet in the kernel. Signed-off-by: Christian Franke Signed-off-by: David Lamparter commit d7f5dad6d1ab3078fcabc79e15a88873940c074d Author: Christian Franke Date: Thu Jan 24 14:04:46 2013 +0000 zebra: consolidate connected_implicit_withdraw connected_implicit_withdraw is used at two places and followed by exactly the same code. Move that code into connected_implicit_withdraw and give that function a more descriptive name. Signed-off-by: Christian Franke Signed-off-by: David Lamparter commit 676e1a0142ec8b181d4d7ea1038f461bc67c1ee1 Author: Christian Franke Date: Thu Jan 24 14:04:45 2013 +0000 zebra: clear ZEBRA_IFC_CONFIGURED on "no ipv6 addr" To match the semantics of IPv4, the ZEBRA_IFC_CONFIGURED flag should be cleared when an IPv6 connected is uninstalled via vty. Signed-off-by: Christian Franke Signed-off-by: David Lamparter commit 9db047fcb1bedcf1a5a1962e49aa70f48f969b96 Author: Christian Franke Date: Thu Jan 24 14:04:44 2013 +0000 zebra: make if_subnet_delete a bit more strict Enhance if_subnet_delete so it will complain about improper use. Also, fix one occurence of improper use where it was called for IPv6 as well. Signed-off-by: Christian Franke Signed-off-by: David Lamparter commit 599da95527ec8e09cd3d890dc3addc6f2e791a0c Author: Christian Franke Date: Thu Jan 24 14:04:43 2013 +0000 zebra: process information about new addresses (BZ#486) Because of a change of semantics in the Linux kernel, information about changes made by zebra itself was not considered for updates. This change should fix this by accounting for the new semantics. It is based on a patch by lich posted to the bugzilla #486 Signed-off-by: Christian Franke Signed-off-by: David Lamparter commit 23cd8fb7133befdb84b3a918f7b2f6147161ac6e Author: David Lamparter Date: Fri Aug 2 07:27:53 2013 +0000 ospfd: protect vs. VU#229804 (malformed Router-LSA) VU#229804 reports that, by injecting Router LSAs with the Advertising Router ID different from the Link State ID, OSPF implementations can be tricked into retaining and using invalid information. Quagga is not vulnerable to this because it looks up Router LSAs by (Router-ID, LS-ID) pair. The relevant code is in ospf_lsa.c l.3140. Note the double "id" parameter at the end. Still, we can provide an improvement here by discarding such malformed LSAs and providing a warning to the administrator. While we cannot prevent such malformed LSAs from entering the OSPF domain, we can certainly try to limit their distribution. cf. http://www.kb.cert.org/vuls/id/229804 for the vulnerability report. This issue is a specification issue in the OSPF protocol that was discovered by Dr. Gabi Nakibly. Reported-by: CERT Coordination Center Signed-off-by: David Lamparter commit a12afd5e8e57c95505d4d0166af234c7f19e9fe1 Author: Christian Franke Date: Sat May 25 14:01:36 2013 +0000 bgpd, zebra: support NEXTHOP_IPV4_IFINDEX in bgp import check Signed-off-by: Christian Franke Signed-off-by: David Lamparter commit bb97e4622ed6f48e2b8e07f1f94edd03162223a1 Author: Christian Franke Date: Sat May 25 14:01:35 2013 +0000 bgpd, zebra: Support NEXTHOP_IPV4_IFINDEX in nexthop_lookup api Since commit ba281d3d040, ospfd uses NEXTHOP_IPV4_IFINDEX routes. The API between zebra and bgpd which is used to query nexthops for recursive routes did not support this nexthop type and therefore, ospf changes (or any other IGP changes which use NEXTHOP_IPV4_IFINDEX) would never trigger any recursive route update. Signed-off-by: Christian Franke Signed-off-by: David Lamparter commit 5b9f51828db732d56053500b1d257797f7f3401b Author: Christian Franke Date: Sat May 25 14:01:34 2013 +0000 zebra: improve display of NEXTHOP_IPV4_IFINDEX in show ip route Signed-off-by: Christian Franke Signed-off-by: David Lamparter commit a0f6ce5b41dcfa059074d72c8fc61896d3e996a9 Author: Christian Franke Date: Thu Apr 11 08:24:30 2013 +0000 bgpd: honor PEER_FLAG_DISABLE_CONNECTED_CHECK on bgp_scan When neighbor disable-connected-check was used, bgpd would accept routes with unconnected nexthop as indended, however those routes would be invalidated on the next bgp_scan run as that function did not know about disable-connected-check. Signed-off-by: Christian Franke Signed-off-by: David Lamparter commit 4ff3bcad8e81b643f3247317a3949d7867b36f75 Author: Christian Franke Date: Wed Mar 20 10:50:07 2013 +0000 isisd, ospf6d: use bug-report information from autoconf Signed-off-by: Christian Franke Signed-off-by: David Lamparter commit a52070899afed55ae44ed6a140ac090cdf07d141 Author: Christian Franke Date: Thu Apr 11 08:24:29 2013 +0000 zebra: don't printf to stdout on ZEBRA_IPV6_NEXTHOP_LOOKUP Signed-off-by: Christian Franke Signed-off-by: David Lamparter commit 67e7a2127c05a8c7dfddd7ffc6378edf6b666d55 Author: Christian Franke Date: Mon Mar 4 09:23:30 2013 +0000 vtysh: don't append superflous spaces (BZ#750) rl_completion_append_character is reset to space every time the completion function is entered. So we would have to set it to '\0' every time new_completion() is called. We can make this conditional and avoid using rl_pending_input. This code path is most relevant when there are multiple completion matches with the same prefix, e.g. in router bgp context: "neighbor 1.2.3.4 pa" would have been completed to "neighbor 1.2.3.4 pass " instead of "neighbor 1.2.3.4 pass". Signed-off-by: Christian Franke Signed-off-by: David Lamparter commit 8ff202e2d3fa7ebbd6728fdd230f3ad1a20578cd Author: David Lamparter Date: Wed Jul 31 14:39:41 2013 +0200 bgpd: write NOTIFY non-blockingly switching the socket to blocking may well block the entire bgpd process for some time if our peer is overloaded (which may well be the original reason for the NOTIFY) The error handling is slightly different from the previous ML discussion on this; buffer exhaustion isn't technically a fatal TCP error, and we should probably proceed with FSM actions according to a sent NOTIFY (adjusting timers) even if we didn't manage to get the NOTIFY onto the wire. Acked-by: Leonid Rosenboim Signed-off-by: David Lamparter commit 9e47abd862f71847a85f330435c7b3a9b1f76099 Author: Rakesh Garimella Date: Mon Mar 11 12:38:31 2013 +0000 bgpd: prevent double address delete on shutdown bgp_interface_down() and bgp_exit() both proceed to delete the address from bgpd's interface representation, so the second call gets a NULL result from the hash lookup and subsequently crashes. Signed-off-by: Rakesh Garimella [reformatted] Signed-off-by: David Lamparter commit 397b5bded5654a31b4bd3b904f091fd3859aecf7 Author: Leonid Rosenboim Date: Tue Jul 30 20:14:25 2013 +0200 bgpd: stricter packet handling in OpenSent Keepalives and updates are not expected in OpenSent, prior to receiving the peer's open message. Terminate the session with the proper notification. From: Leonid Rosenboim [split off FSM changes, some reordering & cleanup. read handling needs to be separately addressed] Signed-off-by: David Lamparter commit c423d413e464913ee88c1ee700e2c4037e6bdb24 Author: David Lamparter Date: Tue Jul 30 15:36:26 2013 +0200 lib: unconditionally include stddef.h I've used offsetof() in the previous commit to paper over the security problems in ospf_api.c. This blows the build on FreeBSD 7.0, missing offsetof(). Let's add that to zebra's generally used includes. stddef.h (and offsetof) is defined in C89 section 4.1.5 (and not deprecated/removed by any later standard). If this causes problems, the bug report should go against the host OS/compiler... Signed-off-by: David Lamparter commit c51443f4aa6b7f0b0d6ad5409ad7d4b215092443 Author: David Lamparter Date: Mon Jul 8 23:05:28 2013 +0200 ospfd: CVE-2013-2236, stack overrun in apiserver the OSPF API-server (exporting the LSDB and allowing announcement of Opaque-LSAs) writes past the end of fixed on-stack buffers. This leads to an exploitable stack overflow. For this condition to occur, the following two conditions must be true: - Quagga is configured with --enable-opaque-lsa - ospfd is started with the "-a" command line option If either of these does not hold, the relevant code is not executed and the issue does not get triggered. Since the issue occurs on receiving large LSAs (larger than 1488 bytes), it is possible for this to happen during normal operation of a network. In particular, if there is an OSPF router with a large number of interfaces, the Router-LSA of that router may exceed 1488 bytes and trigger this, leading to an ospfd crash. For an attacker to exploit this, s/he must be able to inject valid LSAs into the OSPF domain. Any best-practice protection measure (using crypto authentication, restricting OSPF to internal interfaces, packet filtering protocol 89, etc.) will prevent exploitation. On top of that, remote (not on an OSPF-speaking network segment) attackers will have difficulties bringing up the adjacency needed to inject a LSA. This patch only performs minimal changes to remove the possibility of a stack overrun. The OSPF API in general is quite ugly and needs a rewrite. Reported-by: Ricky Charlet Cc: Florian Weimer Signed-off-by: David Lamparter commit 78116ab6e1524815910658898620776ae5fd4d18 Author: Greg Troxel Date: Mon Jul 15 10:15:49 2013 -0400 doc: Modernize INSTALL.quagga.txt. Note that list of prereq versions is out of date. Add DejaGnu for testing. Change references to CVS to git. Signed-off-by: Greg Troxel commit d77102025a30eef274e8d343bfec75f87899a417 Author: Christian Franke Date: Fri Jul 5 18:30:57 2013 +0200 tests: don't build tests unless make check is run Use check_PROGRAMS instead of noinst_PROGRAMS in tests/Makefile.am to build the tests only when make check is actually run. Signed-off-by: Christian Franke commit 1bf0ca9a07358ff13b1390f4462669e9ea4915dc Author: Christian Franke Date: Fri Jul 5 18:30:56 2013 +0200 tests: fix Makefile.am so it works with BSD make The export statement is specific to GNU make and breaks the build with BSD make. I couldn't observe any difference in behaviour between having the export present and absent, therefore, just remove it. Signed-off-by: Christian Franke commit 4c14b7f684510592f2eb46fd84859d8bca57def9 Author: Christian Franke Date: Wed Feb 20 10:00:54 2013 +0000 ospfd: fix flooding procedure An ospf router should accept a new maxage LSA into its lsdb if it has any neighbors in state Exchange or Loading. ospfd would however only account for neighbors on the same interface which does not seem to be a valid optimization. Signed-off-by: Christian Franke Signed-off-by: Joachim Nilsson Signed-off-by: David Lamparter commit 4de8bf001189d40e086764fd804e59657d2e21e6 Author: Christian Franke Date: Wed Feb 20 10:00:52 2013 +0000 ospfd: make ospf_maxage_lsa_remover actually yield ospf_maxage_lsa_remover whould check whether to yield, but run on anyway. Signed-off-by: Christian Franke Signed-off-by: Joachim Nilsson Signed-off-by: David Lamparter commit 77ef01392f82c27a9892840c61a5e7391fd82415 Author: Dinesh G Dutt Date: Fri Apr 12 01:37:15 2013 +0000 doc: update TODO for ospf6d work & bgp multipath This is work in progress at Cumulus Networks. commit c69905b673812ce6ec2a12960727a27b9b8d6426 Author: David Lamparter Date: Thu Jan 24 01:39:14 2013 +0100 tests: DejaGNU libzebra Wrap the few libzebra test programs we have up for DejaGNU. Signed-off-by: David Lamparter commit 5bb7e4d12b3a3015208fad5ee0f3c055b704c8c4 Author: David Lamparter Date: Tue Feb 26 17:53:30 2013 +0100 tests: DejaGNU bgpd this just wraps the existing test programs in expect wrappers that make their results usable to DejaGNU. Signed-off-by: David Lamparter commit f281ab9752393fcc7cbb54c50edb66f25c2a31fb Author: David Lamparter Date: Tue Feb 26 16:21:20 2013 +0100 tests: add DejaGNU framework DejaGNU seems to be the 'standard' GNU test framework (which by itself doesn't say much), but it seems relatively usable and the "remote system" capabilities might come in handy for virtualisation-based tests for kernel interactions or something. Signed-off-by: David Lamparter commit f2b53dac4c72811c06779c596c6162b994eb427a Author: Christian Franke Date: Wed Mar 20 15:28:46 2013 +0000 ospfd: restore nexthop IP for p2p interfaces commit c81ee5c... "ospfd: Optimize and improve SPF nexthop calculation" subtly changed semantics of routes calculated over pointopoint links by removing the nexthop IP address and instead using an ifindex route. This breaks calculation of AS-Ext routes with a forwarding address since in ospf_ase_complete_direct_routes() this will be hit: if (op->nexthop.s_addr == 0) op->nexthop.s_addr = nexthop.s_addr; thus turning the route unusable by having an invalid nexthop. Fix by restoring the nexthop IP on routes over PtP links. This also allows running multi-access (Ethernet) interfaces in PtP mode again. This bug is a regression against 0.99.21 and only present in 0.99.22. Signed-off-by: Christian Franke [patch description and code comments rewritten] Acked-by: Joakim Tjernlund Acked-by: James Li Signed-off-by: David Lamparter commit 677bcbbf153fe73e57cb44f668977cbd26661fd4 Author: Christian Franke Date: Wed Feb 27 13:47:23 2013 +0000 lib/vty: register vtysh socket in server socket vector (BZ#754) Register the vtysh socket in Vvty_serv_thread so it will be correctly closed on vty_reset instead of being leaked. Signed-off-by: Christian Franke Signed-off-by: David Lamparter commit b68da446e977f8069fb72bce73402e2234ffc1d9 Author: David Lamparter Date: Thu Feb 28 22:17:00 2013 +0100 ripd: correctly redistribute ifindex routes (BZ#664) ripd had a check to restrict metric 0 to only directly connected routes. This check was implemented by checking against Connected as route type. This is, however, incorrect -- all routes that directly use an interface without a nexthop should be treated as directly connected and passed off with metric 0. ripngd does not posess such a check and was not touched. Reported-by: Sean Fulton Signed-off-by: David Lamparter commit 8df55970b64984e5071afd510caad5e778569bc1 Author: David Lamparter Date: Fri Mar 1 12:03:58 2013 +0100 build: reference libcap from libzebra (BZ#393,626) While the actual build failures have been fixed independently by d1d3ac9 "build: reorder libraries to address linker error", libzebra still does not reference libcap. This will lead to more build failures if someone else tries to use libzebra and doesn't add libcap. Let's just add libcap here and be done with it. I've not added libcap to the _DEPENDENCIES variable above since libcap is a system library. Actually, the whole _DEPENDENCIES thing is rather fishy; automake automatically sets _DEPENDENCIES from _LIBADD. For the sake of not breaking stuff that works (especially since most autotools stuff is arcane magic), I'm leaving it alone... Signed-off-by: David Lamparter commit 58952492d2eedd4b7974274a578a1fa9707125bb Author: Christian Franke Date: Wed Feb 20 10:00:53 2013 +0000 ospfd: fix LSA initialization for build without opaque LSA If configured without opaque LSA support, the old code would incorrectly associate type 5 LSAs with an area. Signed-off-by: Christian Franke Signed-off-by: David Lamparter commit c095185c26f72bff14238ca1209ef6b2d7a8b935 Author: David Lamparter Date: Sat Feb 23 22:17:21 2013 +0100 tests: make --disable-bgpd kill bgpd tests too bgpd tests don't compile or run with --disable-bgpd, let's catch this in the Makefile. Reported-by: Joachim Nilsson Signed-off-by: David Lamparter commit 4a014580ff85428aa41b28503554b2ce982805be Author: David Lamparter Date: Wed Feb 27 11:24:24 2013 +0100 build: fix minimal mixup in gitinfo suffix the original version of this had issues with tagless repositories; to fix that I removed the "-g" part from one of the regexes. I then failed to add those 2 characters back, leading to version numbers like "0.99.220123456" instead of "0.99.22-ga123456". Let's put the "-g" back... Signed-off-by: David Lamparter commit b58c90807c9d0bfa9601704c7490a16070906004 Author: Timo Teräs Date: Fri Mar 22 08:54:44 2013 +0000 doc: fix makeinfo errors and one warning commit 4afa50b added few lines that are syntactically incorrect with leading plus sign. Cc: Denis Ovsienko Signed-off-by: Timo Teräs Signed-off-by: David Lamparter commit 24c6bb86f4d21c74149bc0a7e50f9b95da0b6fd3 Author: David Lamparter Date: Fri Mar 29 19:40:39 2013 +0100 doc: add OSPFv3 homenet to TODO The homenet OSPFv3 extensions are not only relevant TODO items, but also suitable for GSoC students. Signed-off-by: David Lamparter commit 3d1e5791c53bf67ebd8ce45322779856974c687f Author: David Lamparter Date: Fri Mar 29 19:31:55 2013 +0100 doc: update TODO the TODO was last touched in 2006. This is a first pass at cleaning it up, motivated primarily by the need for an up-to-date idea list for the Google Summer of Code 2013. Signed-off-by: David Lamparter commit f05a5595e6b4805bc1a6bd86fe7076c5ffbb7f00 Author: Greg Troxel Date: Sun Mar 3 11:38:17 2013 -0500 build: Update supported versions. INSTALL.quagga.tex: Given the statement that it's viewed as a bug if quagga doesn't build on OS versions on the list, prune the list to the set for which there would be near-universal agreement that it's a bug. Clarify that the response to a system on the list not building might be dropping it from the list. (Time marches on, and these lists are not necessarily maintained. As an example, the comment saying FreeBSD4 support was iffy is now 6 years old.) Delete old discussion of ancient texinfo. Delete discussion of NetBSD versions before 4 (as no longer relevant). commit 97c84db00c01b808337bedf69f696a1517e3d8c0 Author: Stephen Hemminger Date: Fri Jan 11 18:25:26 2013 +0000 hash: dynamically grow hash table Dynamically grow the hash table index if the chains get too long. If expansion doesn't help keep chain length short, then stop expanding, to avoid bad behavior if there is a poor hash function. Not a new idea, based on concepts in uthash. Depends on my previous patch to restrict hash to power of 2. Signed-off-by: Stephen Hemminger [profiling results: sum of cycles spent in hash_get/jhash with RIPE RIS test data (single simple BGP peer) improved to 69% of previously spent] Signed-off-by: David Lamparter commit 90645f5598ca8b25cd2692f2ac0d2778a3fd2755 Author: Stephen Hemminger Date: Fri Jan 4 22:29:21 2013 +0000 hash: force size to be a power of 2 By forcing the hash table size to be a power of 2, a potentially expensive divide can be replaced by a mask operation. Almost all usage of the hash table was using default size of 1024. Only places with different size was thread library (1011) and bgp aspath. Signed-off-by: David Lamparter commit 44a86a0278c1678fd4b8dfa56c4f5f2feb6df3ad Author: David Lamparter Date: Fri Jan 25 09:14:52 2013 +0100 guile: remove commit fa75585d3cac97616de4ea7c6805d91f709456eb Author: Matti-Oskari Leppänen Date: Fri Feb 15 10:12:55 2013 +0000 build: update quagga.spec.in both Quagga and RPM have moved a bit since this was last touched. Should now work again on CentOS 5 and 6. Signed-off-by: David Lamparter commit 844ee10416c42debbfbc4d470eb2fe328e060977 Author: Joakim Tjernlund Date: Sat Feb 23 19:38:37 2013 +0100 vtysh: fix false lib path matching in extract.pl.in The if ($file =~ /lib/) path matching logic is supposed to match Quagga's lib directory only but will match all path having lib in it such as /var/lib/jenkins/quagga/... Fix by matching both lib and file: lib/keychain.c etc. Signed-off-by: Joakim Tjernlund Signed-off-by: David Lamparter commit 0e4303d3173ecc264b3ec39a863174670bbe2900 Author: Roman Hoog Antink Date: Fri Jan 18 13:52:03 2013 +0100 bgpd: fix lost passwords of grouped neighbors This patch resolves the significance of order of group and password statements. It prevents passwords from being lost in cases where all three conditions apply: 1. the peer is member of a group with or without group password 2. the peer has an individual password set 3. the peer is added to a group within an address-family ipv6 section In addition this patch prevents the same issue in cases, where an IPv4 peer's password is set first and the peer is added to a group afterwards. Adding a peer to a group cancels his individual password. Without ipv6 this is not a problem, because choosing the right order of config statements will do (set password only after adding peer to group). When adding the peer to a group within the address-family section, his password is definitely lost. The same workaround (ie. setting the password after the address-family section) can not be used, because "show run" will print the configuration statements in the wrong order. Signed-off-by: David Lamparter commit f1ef81b2476ea533ac3d2129aa0e89653c427323 Author: Ulrich Weber Date: Tue Jan 22 10:39:18 2013 +0000 zebra: use SO_RCVBUFFORCE for netlink socket so net.core.rmem_max must not be adjusted. Requires linux kernel >= 2.6.14, falls back to SO_RCVBUF on error Signed-off-by: Ulrich Weber Signed-off-by: David Lamparter