| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
| |
| |
| | |
No longer build/start/install watchlink
|
| | | |
|
| | |\ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
The filter rules were incorrect (jump to wrong offset), so the kernel
would not accept them.
Fixes: 2570
|
| |\ \ \ |
|
| | |\| | |
|
| | | | | |
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
from http://www.gossamer-threads.com/lists/quagga/dev/15611
[clear_shim] Re: [quagga-users 9315] New md5 signature patch for bgp... quagga_md5_bsd_linux_v9.diff Remove Highlighting [In reply to]
mhw at wittsend ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Jan 28, 2008, 12:55 PM And, of course, the moment I send off a patch against 0.99.9 and claim
it should patch the CVS, I find out it does not.
Post #2 of 3 (192
views) On Mon, 2008-01-28 at 14:50 -0500, Michael H. Warfield wrote:
Permalink > Hello all!
> Building on the efforts of Leigh Brown and the earlier works on an MD5
> signature patch for bgpd, I've incorporated the autoconf efforts by
> Sargun Dhillon on top of my own changes for IPv6 along with filling in a
> few missing spots in the autoconf stuff myself. Leigh had released a v7
> and I subsequently released a v8 patch for md5 signatures for Linux and
> BSD to deal with conflicts with IPv6. This is now a v9 patch
> incorporating some of the changes from Sargun and adding a few of my own
> to complete the autoconf changes.
> This patch is still against 0.99.9 but should patch cleanly against
> CVS.
Attached is the patch against CVS. It does NOT have a patch for
config.h.in (that was a mistake on my part, it's not in CVS, it's
generated but it's not regenerated if you are working from the releases
and don't rerun autoheader) and fixes a problem with a header file and
some alignments.
[cl] > This adds a configure option, --enable-tcp-md5, to enable tcp md5 [cl]
> signatures. This is not qualified against the operating system on which
> it is being built. The patch should work on BSD and Linux. Other
> operation systems are a crap shoot. I don't know. I presume some other
> errors will occur on other operating systems which do not support MD5
> signatures in this manner. Since they're not supported now, this is no
> great loss. Someone might want to test this in other environments,
> though, and enhance it for those other environments.
>
> Attached...
>
> quagga_md5_bsd_linux_v9.diff
>
> http://www.wittsend.com/mhw/md5sig/quagga_md5_bsd_linux_v9.diff
>
> Is there anything left that needs to be done before this can be
> committed to CVS? Can someone with commit privs please do the honors?
Mike
--
Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw[at]WittsEnd.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
Attachments: [unknown] quagga_cvs_md5_bsd_linux_v9.diff (18.4 KB)
<http://www.gossamer-threads.com/lists/engine?do=post_attachment;postatt_id=1184;list=quagga>
[unknown] signature.asc (0.30 KB)
<http://www.gossamer-threads.com/lists/engine?do=post_attachment;postatt_id=1185;list=quagga>
Signed-off-by: Tom Grennan <tgrennan@vyatta.com>
|
| |\ \ \
| |/ /
|/| |
| | |
| | |
| | |
| | | |
Conflicts:
ChangeLog
zebra/zebra_rib.c
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
2008-03-13 Paul Jakma <paul.jakma@sun.com>
* (various) Remove 0 entries from struct message's, unneeded due to
recent improvements in mes_lookup/LOOKUP.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
2008-03-13 Paul Jakma <paul.jakma@sun.com>
* ripd.c/rip_interface.c: Remove 0 entries from rip_msg
ri_version_msg struct message's, not needed with recent fixes
to mes_lookup.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
2008-02-28 Paul Jakma <paul.jakma@sun.com>
* log.c: (mes_lookup) Sowmini Varadhan diagnosed a problem where
this function can cause a NULL dereference, on lookups for unknown
indices, or messages with NULL strings. Can occur, e.g., debug
logging code when processing received messages. Fixed to accept a
pointer to a default string to be used if there is no match.
* log.h: LOOKUP adjusted to match
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
2008-02-28 Paul Jakma <paul.jakma@sun.com>
* linklist.c: This implementation expects that the data pointer not
be null, e.g. listgetdata() asserts this. The list add methods
don't apply the same sanity check.
Noted by Jim Carlson in bug #437.
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
2008-01-30 Peter Szilagyi <sp615@hszk.bme.hu>
* lib/stream.h: Remove named 'new' parameter in prototype
for c++ header compatibility.
* ospfd/ospf_opaque.h: ditto
* ospfd/ospfd.h: Renamed struct export to _export for c++
header compatibility.
* ospf6d/ospf6_area.h: ditto
|
| | | |
| | |
| | |
| | |
| | |
| | | |
2008-02-23 Paul Jakma <paul.jakma@sun.com>
* aspath_test.c: Test for 0-ASN sequences that still have data.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
2008-01-29 James Carlson <james.d.carlson@sun.com>
* Fix bug #437, assert due to bogus index management
* isis_flags.c: (flags_initialize) new
* (flags_get_index) fix off by one, leading to list assert
on null node data.
(flags_free_index) ditto.
* isisd.c: (isis_area_create) use flags_initialize
(isis_area_destroy) deconfigure circuits when
taking down area.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
2008-01-29 Jorge Boncompte <jorge@dti2.net>
* bgp_network.c: (bgp_socket) IPv4-only version crashes if -l is not
used as address will be null.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
2008-01-13 Paul Jakma <paul.jakma@sun.com>
* Makefile.am: pkg target should depend on the 'depend.%' files.
Crops up now that solaris/ doesn't get descended into by
general Quagga build.
|
| | | |
| | |
| | |
| | |
| | |
| | | |
2008-01-11 Ingo Flaschberger <if@xip.at>
* configure.ac: Improve HAVE_BSD_LINK_DETECT test.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
2008-01-11 Andrew J. Schorr <ajschorr@alumni.princeton.edu>
* lib/zebra.h: Revert previous change, no need to include
<net/if_media.h> here.
* zebra/ioctl.c: If HAVE_BSD_LINK_DETECT is defined, include
<net/if_media.h>
(if_get_flags) Remove debug messages about BSD link state.
* zebra/kernel_socket.c: (bsd_linkdetect_translate) If link state
is unknown, we should set the IFF_RUNNING flag.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
2008-01-10 Ingo Flaschberger <if@xip.at>
* configure.ac: Define HAVE_BSD_LINK_DETECT if <net/if_media.h> is
present.
* lib/zebra.h: If HAVE_BSD_LINK_DETECT is defined,
include <net/if_media.h>.
* zebra/ioctl.c: (if_get_flags) If HAVE_BSD_LINK_DETECT, use the
SIOCGIFMEDIA ioctl to ascertain link state.
* zebra/kernel_socket.c: (bsd_linkdetect_translate) New function to
map the ifm_data.ifi_link_state value into the IFF_RUNNING flag.
(ifm_read) Call bsd_linkdetect_translate to fix the IFF_RUNNING
flag before calling if_flags_update.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
2008-01-08 Michael Larson <mike@vyatta.com>
* zebra_rib.c: (nexthop_active_check) Replace if_is_up with
if_is_operative to solve problems with static interface
routes not behaving properly with link-detect.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
2008-01-08 Pavol Rusnak <prusnak@suse.cz>
* memory.c: (mtype_memstr) Fix accidental shift past width of type,
constant should have been forced to UL, rather than being left to
default to int.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
2007-12-22 Paul Jakma <paul.jakma@sun.com>
* Fix series of vulnerabilities reported by "Mu Security
Research Team", where bgpd can be made to crash by sending
malformed packets - requires that bgpd be configured with a
session to the peer.
* bgp_attr.c: (bgp_attr_as4_path) aspath_parse may fail, only
set the attribute flag indicating AS4_PATH if we actually managed
to parse one.
(bgp_attr_munge_as4_attrs) Assert was too general, it is possible
to receive AS4_AGGREGATOR before AGGREGATOR.
(bgp_attr_parse) Check that we have actually received the extra
byte of header for Extended-Length attributes.
* bgp_attr.h: Fix BGP_ATTR_MIN_LEN to account for the length byte.
* bgp_open.c: (cap_minsizes) Fix size of CAPABILITY_CODE_RESTART,
incorrect -2 left in place from a development version of as4-path
patch.
* bgp_packet.c: (bgp_route_refresh_receive) ORF length parameter
needs to be properly sanity checked.
* tests/bgp_capability_test.c: Test for empty capabilities.
|
| |\ \ \
| | |/
| |/| |
|
| | | |
| | |
| | |
| | |
| | |
| | | |
The IFF_RUNNING flag is indeterminate if interface is not IFF_UP.
Basically the carrier state is driver dependent and wrong when
the interface is admin down.
|
| |/ / |
|
| | |
| |
| |
| |
| | |
The vyatta-interfaces script needs to update the linkstatus file,
so locking is needed to prevent concurrent read/update problems.
|
| | |
| |
| |
| |
| |
| | |
Use proper include files so watchlink can be built on 64 bit
platforms. Not strictly necessary yet, since vyatta isn't doing
64 bit builds, but some development machines run 64 bit OS.
|
| | |
| |
| |
| |
| |
| | |
the address provided will exclude all
matching addresses across all ethernet addresses.
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Use socket filter to drop unwanted messages on the netlink listen socket.
This prevents problems where the listener socket buffer gets overrruns
with echos of the new route update that occurs when link changes.
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
> comments are now allowed after the # symbol after each entry
> address ranges are now supported in the matching if the user
enters a netmask value, then every address within the range is
exlcluded
> ip value (without a mask) is treated as a /32 for matching
> matching is against the masked off address value, the mask
is specified by the exclusion entry (and not by the configured
address value)
> sig_usr1 will reload the configuration and is required after
each modification of the exclude file.
The format of the file is the following:
[interface] [address|network] #comments
Only one entry per line is allowed
vifs are supported in the interface line (i.e. eth0.1w)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[interface]
[interface] [ip/mask]
It should also accept a plain IP--but I haven't tested this yet.
Also added syslogging at the info level on interface up/down events.
This change provides support for HA to work with interface cable event. HA and VRRP will need to
populate the /var/linkstatus/exclude file with the VIPs under their management.
In addition to circumvent an additional problem in HA there needs to be an additional address on
the monitored interface, otherwise HA will admin down the interface when the cable is pulled
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
error msgs that occur under large routing tables when layer
2 event occurs.
|
| |\ \
| | |
| | |
| | |
| | |
| | | |
Conflicts:
debian/changelog
|
| | | | |
|
| |/ / |
|
| | | |
|
| | |
| |
| |
| | |
IFF_RUNNING|IFF_UP event.
|
| | |
| |
| |
| | |
- 'vtysh -c "sh run" | grep bgp' gives an accurate 32-bit AS number now
|
| | |
| |
| |
| | |
is lowered
|
| |\ \ |
|
| | | |
| | |
| | |
| | | |
- 32 bit asns show allright now
|
| |/ /
| |
| |
| | |
Glendale is licensed under GPL version 2.
|
| | |
| |
| |
| | |
Re-enable handling of RTM_DELLINK.
|
| | | |
|
