summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
| * | bgpd: rewrite attr flag error loggingDenis Ovsienko2011-11-211-54/+54
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * bgp_attr.c * attr_flag_str: new message list * bgp_attr_flags_diagnose(): new function, implements previously added error logging in a generic way * bgp_attr_origin(): use bgp_attr_flags_diagnose() * bgp_attr_nexthop(): ditto * bgp_attr_med(): ditto * bgp_attr_local_pref(): ditto * bgp_attr_atomic(): ditto * bgp_attr_originator_id(): ditto * bgp_attr_cluster_list(): ditto * bgp_mp_reach_parse(): ditto * bgp_mp_unreach_parse(): ditto
| * | ospfd: spelling/format fixDenis Ovsienko2011-11-211-1/+1
| | |
| * | bgpd: check AGGREGATOR attr flags (BZ#678)Denis Ovsienko2011-11-211-0/+21
| | | | | | | | | | | | | | | * bgp_attr.c * bgp_attr_aggregator(): check Optional/Transitive flag bits
| * | lib: optimize apply_mask_ipv6()Denis Ovsienko2011-11-211-17/+7
| | |
| * | lib: optimize apply_mask_ipv4()Denis Ovsienko2011-11-211-18/+3
| | |
| * | bgpd: fix error message in bgp_attr_aspath()Denis Ovsienko2011-11-211-1/+1
| | |
| * | lib: make masklen2ip6() safer and fasterDenis Ovsienko2011-11-212-17/+136
| | |
| * | vty_serv_sock_family unusedStephen Hemminger2011-11-211-1/+2
| | | | | | | | | | | | | | | If the vty_serv_sock_addrinfo is being used, then vty_serv_sock_family is unsed. Fix by adjusting ifdef/else/endif
| * | ospf6d: decode message type with LOOKUP()Denis Ovsienko2011-11-212-15/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * ospf6_message.h * OSPF6_MESSAGE_TYPE_CANONICAL(): dismiss * OSPF6_MESSAGE_TYPE_NAME(): dismiss * ospf6_message.c * ospf6_message_type_str: rewrite as a message list, add max value * ospf6_packet_examin(): update to use LOOKUP() * ospf6_receive(): idem * ospf6_send(): idem
| * | lib: address -Wunused-but-set-variableDenis Ovsienko2011-11-214-18/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * if.c * if_dump(): 'node', 'c' * distribute.c * distribute_list_all(): 'dist' * distribute_list(): 'dist' * districute_list_prefix_all(): 'dist' * if_rmap.c * if_rmap(): 'if_rmap' * vty.c * vty_accept(): 'vty'
| * | lib: spellingDenis Ovsienko2011-11-211-10/+10
| | |
| * | lib: add sockopt helper for setting IPV6_V6ONLY and use itDavid Lamparter2011-11-214-8/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | getaddrinfo returns a list of socket parameters for listening. it will contain both IPv4 and IPv6 listening sockets. unless we use IPV6_V6ONLY on the IPv6 ones, only the socket listed first will work. if the IPv4 one came first, the IPv6 one would get an "Address in use" error. this functionality was already present for bgpd and its listening sockets. as it is needed for vtys as well, make it a common helper.
| * | lib: put route_types.txt to real useDavid Lamparter2011-11-2110-570/+387
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | this replaces most occurences of routing protocol lists by preprocessor defines from route_types.h. the latter is autogenerated from route_types.txt by a perl script (previously awk). adding a routing protocol now is mostly a matter of changing route_types.txt and log.c. Conflicts: lib/route_types.awk
| * | zebra: fix redistribution of new protocolsDavid Lamparter2011-11-211-34/+12
| | | | | | | | | | | | | | | redistribute is currently limited to "known" protocols. there is no reason for this limitation, so, remove it.
| * | rib: default distance value for new protocols (v2)David Lamparter2011-11-211-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | adding protocols and forgetting to update zebra_rib.c currently causes a beyond end of array access for the default distance value. fix by making 150 the default distance for unknown routing protocols. 150 is higher than all other IGPs but lower than iBGP (200)
| * | build: fixup autoconf for cross-compiling (to OpenWRT)David Lamparter2011-11-211-6/+12
| | | | | | | | | | | | | | | | | | | | | MALLOC/REALLOC aren't used properly (no rpl_malloc), remove them while at it, infer some sane ipforwarding method from the OS value. (v2 on that, "==" is not a proper operator for standard "test")
| * | zebra: set the interface link-layer socket addressTom Goff2011-11-211-0/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | * kernel_socket.c: (ifm_read) The reorganization from commit 6fe70d1b35c189cb1e488b2c26551ba7baac6148 removed setting the interface link-layer socket address structure on routing socket platforms. This restores saving the link-layer information because it might be used elsewhere: rtm_write() when no gateway is given, if_dump_vty() and rtadv_send_packet().
| * | bgpd: remove unused function bgp_bind_addressDavid Lamparter2011-11-211-26/+0
| | | | | | | | | | | | bgp_bind_address is replaced with sockunion_bind.
| * | bgpd: fix update-source for IPv6 (BZ#548)David Lamparter2011-11-211-12/+27
| | | | | | | | | | | | | | | | | | | | | | | | if update-source was given as interface name, bgpd was unconditionally trying to bind to an IPv4 address from that interface. change function to find the best-matching (number of address bits) same-family address on the interface.
| * | lib: prefix2sockunion, prefix_common_bits helper functionsDavid Lamparter2011-11-212-0/+56
| | | | | | | | | | | | | | | | | | prefix2sockunion converts a struct prefix* to a union sockunion *; prefix_common_bits counts the number of common bits in the prefix's address part.
| * | bgpd: fix "nexthop-local unchanged" (BZ#350)Dylan Hall2011-11-151-0/+5
| | |
| * | bgpd: justify capabilities for TOS settingChris Luke2011-11-152-5/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | To set the TOS bits on TCP connections, platforms that restrict capabilities need the priv level to be raised before the sockopt is set, and this requires the ZCAP_NET_ADMIN priv. * bgp_main.c: update _caps_p to include ZCAP_NET_ADMIN * bgp_network.c * bgp_connect(): request ZPRIVS_RAISE/ZPRIVS_LOWER * bgp_listener(): request ZPRIVS_RAISE earlier
| * | ospfd: improve fix to CVE-2011-3326 (BZ#586)Thomas Ries2011-11-151-1/+1
| | | | | | | | | | | | | | | | | | Make ospf_flood() propagate error returned by ospf_lsa_install() further to properly discard the malformed LSA, not just prevent the immediate crash.
| * | bgpd: revised fix to --dryrun (BZ#622)Sergey Y. Afonin2011-11-151-3/+4
| | |
| * | bgpd: fix more regressions in attr flag checksDenis Ovsienko2011-10-191-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit 05a4936b713b9882171d0f7fb20b8439df23939e fixed some of the attributes involved, but not all. This commit should do it. * bgp_attr.c * bgp_attr_originator_id() * bgp_attr_cluster_list() * bgp_mp_reach_parse() * bgp_mp_unreach_parse()
| * | lib: fix endianness of masklen2ip()Denis Ovsienko2011-10-171-3/+39
| | |
| * | lib: make masklen2ip() safer and fasterDenis Ovsienko2011-10-172-17/+40
| | |
| * | ospf6d: make some old sizing checks assertionsDenis Ovsienko2011-10-171-90/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As long as ospf6_packet_examin() is now the single checkpoint for received packets, most of the old checks performed elsewhere can be converted into assert() constructs. Malformed input data at respective points can be attributed solely to a programming error, not a malformed packet. * ospf6_message.c * ospf6_hello_print() * ospf6_dbdesc_print() * ospf6_lsreq_print() * ospf6_lsupdate_print() * ospf6_lsack_print() * ospf6_hello_recv() * ospf6_dbdesc_recv_master() * ospf6_dbdesc_recv_slave() * ospf6_lsreq_recv() * ospf6_lsupdate_recv() * ospf6_lsupdate_recv() * ospf6_lsack_recv() * ospf6_receive()
| * | zebra: trivial warning fixPaul Jakma2011-10-171-7/+4
| | | | | | | | | | | | * zebra_routemap.c: (route_set_src) get rid of the dummy family variable.
| * | doc: Add dependency for quagga.pdf make targetPaul Jakma2011-10-171-1/+1
| | | | | | | | | | | | * doc/Makefile.am: pdf target needs to depend on all the input files.
| * | bgpd: improve "monotonic" uptime correctionJohn Kemp2011-10-172-1/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Older versions of Quagga/Zebra would output a value in MRT table dump files for "uptime" aka "ORIGINATED" that was a WALL clock value. Given that uptime is now internally a bgp_clock MONOTONIC value, the output in the MRT files is showing up as monotonic. Note: time of MRT dump is still recorded correctly as a time() based value, so we haven't lost that value. Proposal is to correct the uptime output on the vty and in the MRT files to again display something more akin to WALL time. * bgp_dump.c: (bgp_dump_routes_func) add conditional correction * bgp_route.c: (route_vty_out_detail) make correction conditional, move variable declaration to beginning of the function
| * | ripngd: copy debug statements fix from ripdStephen Hemminger2011-10-172-17/+11
| | | | | | | | | | | | Doesn't ripng needs same fix as ripd.
| * | doc: "[no] router zebra" does not belong to ospfdDenis Ovsienko2011-10-171-4/+0
| | |
| * | ospfd: justify ospf_default_originate_timer()Denis Ovsienko2011-10-172-2/+1
| | | | | | | | | | | | | | | The function is implemented in ospf_lsa.c, move its "extern" declaration to ospf_lsa.h for consistency.
| * | bgpd: add flag checks for MP_(UN)REACH_NLRIDenis Ovsienko2011-10-173-11/+42
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * bgp_attr.[ch] * bgp_mp_reach_parse(): add extra arguments and a uniform flag check block * bgp_mp_unreach_parse(): idem * bgp_attr_parse(): provide extra arguments * bgp_mp_attr_test.c * parse_test(): justify respective calls
| * | bgpd: improve attr length error handling (BZ#679)Denis Ovsienko2011-10-171-16/+25
| | | | | | | | | | | | | | | | | | | | | | | | * bgp_attr.c * bgp_attr_parse(): provide extra argument to bgp_attr_aggregator() * bgp_attr_local_pref(): use bgp_notify_send_with_data() * bgp_attr_atomic(): idem * bgp_attr_aggregator(): idem
| * | bgpd: fix spelling of CLUSTER_LISTDenis Ovsienko2011-10-171-1/+1
| | |
| * | bgpd: check CLUSTER_LIST attribute flagsDenis Ovsienko2011-10-171-2/+17
| | | | | | | | | | | | | | | | | | | | | | | | * bgp_attr.c * bgp_attr_cluster_list(): accept extra argument, add checks for "optional", "transitive" and "partial" bits, log each error condition independently * bgp_attr_parse(): provide extra arguments
| * | bgpd: check ORIGINATOR_ID attribute flagsDenis Ovsienko2011-10-171-2/+18
| | | | | | | | | | | | | | | | | | | | | | | | * bgp_attr.c * bgp_attr_originator_id(): accept extra argument, add checks for "optional", "transitive" and "partial" bits, log each error condition independently * bgp_attr_parse(): provide extra arguments
| * | bgpd: fix regression in improved attr flag checksDenis Ovsienko2011-10-171-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit 2febf323411c1aed9d7694898f852ce2ef36a7e5 assumed every flag bit except optional/transitive/partial unset, which at times could not be true for "extended length" bit. * bgp_attr.c * bgp_attr_origin(): exclude BGP_ATTR_FLAG_EXTLEN from comparison * bgp_attr_nexthop(): idem * bgp_attr_med(): idem * bgp_attr_local_pref(): idem * bgp_attr_atomic(): idem
| * | bgpd: improve attr flags checksDenis Ovsienko2011-10-171-150/+55
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Do not check each of the Optional/Transitive/Partial attribute flag bits, when their only valid combination is known in advance, but still perform bit-deep error message logging. This change assumes unused (low-order) 4 bits of the flag octet cleared. * bgp_attr.c * bgp_attr_origin(): rewrite check * bgp_attr_nexthop(): idem * bgp_attr_med(): idem * bgp_attr_local_pref(): idem * bgp_attr_atomic(): idem
| * | bgpd: add missing "partial" flag checks (BZ#676)Denis Ovsienko2011-10-171-8/+49
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ORIGIN handling function used to have "partial" bit check and recent commits added it for NEXT_HOP, MULTI_EXIT_DISC and ATOMIC_AGGREGATE cases. This commit adds "partial" check for AS_PATH and LOCAL_PREF cases, which should leave attributes 1 through 6 inclusive completely covered with attribute flags checks. * bgp_attr.c * bgp_attr_origin(): use bit-by-bit checks for better diagnostics * bgp_attr_aspath(): add flag check * bgp_attr_local_pref(): idem
| * | bgpd: ignore 4 bits of attribute flags byteDenis Ovsienko2011-10-171-1/+4
| | |
| * | vtysh: [build] silence preprocessor errors in some casesDmitrij Tejblum2011-10-171-1/+1
| | | | | | | | | | | | * extract.pl.in: use configured CPPFLAGS in cpp invocation.
| * | lib: compile even without IPV6_TCLASSDenis Ovsienko2011-10-171-1/+3
| | |
| * | IPv6 transport class suppportStephen Hemminger2011-10-175-1/+35
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | IPv6 supports the same concept of differentiated service for routing protocols as IPv4, but like too many things, the standards committee decided that having two names for the same thing wasn't good enough and introduced a third more generic term transport class. The socket option to set transport class works the same as IPv4, but the arguments are different. * lib/sockopt.[ch] * setsockopt_ipv6_tclass(): new function * bgpd/bgp_network.c * bgp_connect(): set socket option * bgp_listener(): set socket option * ospf6d/ospf6_network.c * ospf6_set_transport_class(): new function * ospf6_serv_sock(): set socket option * ripngd/ripngd.c * ripng_make_socket(): set socket option
| * | version RE-0.99.17.5RE-0.99.17.5Denis Ovsienko2011-09-291-1/+1
| | |
| * | ospfd: fix regression in recent commitYAMAMOTO Shigeru2011-09-291-10/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | commit '717750433839762d23a5f8d88fe0b4d57c8d490a' causes SEGV error, when 'oi = ospf_if_lookup_recv_if (ospf, iph->ip_src, ifp);' returns NULL. * ospf_packet.c * ospf_read(): change a place of calling 'ospf_verify_header()'
| * | version RE-0.99.17.4RE-0.99.17.4Denis Ovsienko2011-09-261-1/+1
| | |
| * | ospf6d: CVE-2011-3323 (fortify packet reception)Denis Ovsienko2011-09-267-73/+492
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This vulnerability (CERT-FI #514840) was reported by CROSS project. ospf6d processes IPv6 prefix structures in incoming packets without verifying that the declared prefix length is valid. This leads to a crash caused by out of bounds memory access. * ospf6_abr.h: new macros for size/alignment validation * ospf6_asbr.h: idem * ospf6_intra.h: idem * ospf6_lsa.h: idem * ospf6_message.h: idem * ospf6_proto.h: idem * ospf6_message.c * ospf6_packet_minlen: helper array for ospf6_packet_examin() * ospf6_lsa_minlen: helper array for ospf6_lsa_examin() * ospf6_hello_recv(): do not call ospf6_header_examin(), let upper layer verify the input data * ospf6_dbdesc_recv(): idem * ospf6_lsreq_recv(): idem * ospf6_lsupdate_recv(): idem * ospf6_lsack_recv(): idem * ospf6_prefixes_examin(): new function, implements A.4.1 * ospf6_lsa_examin(): new function, implements A.4 * ospf6_lsaseq_examin(): new function, an interface to above * ospf6_packet_examin(): new function, implements A.3 * ospf6_rxpacket_examin(): new function, replaces ospf6_header_examin() * ospf6_header_examin(): sayonara * ospf6_receive(): perform passive interface check earliest possible, employ ospf6_rxpacket_examin()