| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
| |
Signed-off-by: Lou Berger <lberger@labn.net>
|
| |
|
|
|
| |
Signed-off-by: Lou Berger <lberger@labn.net>
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
There wasn't much missing for VPNv6 to begin with; just a few bits of
de- & encoding and a few lists to be updated.
Signed-off-by: Lou Berger <lberger@labn.net>
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
[Editorial note: Signed-off-by may imply an authorship claim, but need not]
Edited-by: Paul Jakma <paul.jakma@hpe.com> / <paul@jakma.org>
|
| |
|
|
|
| |
Signed-off-by: Lou Berger <lberger@labn.net>
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
|
| |
|
|
|
|
|
|
|
|
| |
This changes the existing _vpnv4 functions for MPLS-VPN into
SAFI-agnostic functions, renaming them from *_vpnv4 to *_safi.
Also adds route-map support while at it.
Signed-off-by: Lou Berger <lberger@labn.net>
Reviewed-by: David Lamparter <equinox@opensourcerouting.org>
|
| |
|
|
|
| |
Signed-off-by: Lou Berger <lberger@labn.net>
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
|
| |
|
|
|
| |
Signed-off-by: Lou Berger <lberger@labn.net>
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
|
| |
|
|
| |
Signed-off-by: Lou Berger <lberger@labn.net>
|
| |
|
|
| |
Signed-off-by: Lou Berger <lberger@labn.net>
|
| |
|
|
|
| |
Signed-off-by: Lou Berger <lberger@labn.net>
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
|
| |
|
|
|
|
| |
with null. Fixes issue seen in bgp check tests.
Signed-off-by: Lou Berger <lberger@labn.net>
|
| |
|
|
|
|
|
|
|
| |
When libreadline is used, we mistakenly mix in strdup() done in
libreadline with Quagga's lib/memory bookkeeping/counting, leading to
counter underflows on MTYPE_TMP.
Signed-off-by: Lou Berger <lberger@labn.net>
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
|
| |
|
|
|
| |
Signed-off-by: Lou Berger <lberger@labn.net>
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
|
| |
|
|
|
| |
Signed-off-by: Lou Berger <lberger@labn.net>
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
|
| |
|
|
|
|
|
|
| |
There was no way to actually set ZEBRA_DEBUG_DETAIL, even though some
debug output was conditional to it. Add CLI command.
Signed-off-by: Lou Berger <lberger@labn.net>
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
|
| |
|
|
|
|
|
| |
lib/zebra.h has FILTER_X #define's. These do not belong there.
Put them in lib/filter.h where they belong.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |
|
|
|
| |
* bgp_open.c: cap_minsize should be CAPABILITY_CODE_RESTART_LEN for RESTART
not 6.
|
| |
|
|
|
|
|
|
|
|
| |
This code change does two things:
1) Removes ZEBRA_AFI_XXX #defines since they were redundant information
2) Switches afi_t to an enumerated type so that the compiler
can do a bit more compile time checking.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* bgpd.texi: Document the -l argument. Update the 'BGP decision process' table
to reflect what /actually/ is implemented. Add docs on 'compare-routerid' in
the bestpath section.
Add a section on MED, to highlight the issues it has by default, and to
highlight that it is terminally broken for its original purpose in many
modern iBGP topologies.
Mention the potential workarounds and fixes.
* routemap.texi: set an anchor on 'set metric' so bgpd.texi can reference it.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* bgp_route.c: (bgp_info_cmp) This function is supposed to return a
preference between the given paths, and does so as binary either or. When
mpath was added, the binary return value was left as is and instead an out
parameter 'paths_eq' was added to indicate the mpath-equality case. It's
a bit odd, as is the resulting logic in the caller.
Regularise things again by making the function return a strcmp like
trinary return value of -1,0,1. Get rid of the mpath specific arguments,
but pass in afi/safi as part of the general context - that plus the
(struct bgp *) is enough to access configuration.
Update the return values.
The mpath check was testing the IGP metric for equality, even though
previous to the mpath changes (and consistent with the behaviour of all
the other tests bar the end), equality results in continuing through to
the next comparison. Just go back to the previous way - each test finds a
preference to return, or continues on to let further tests have a go.
(bgp_best_selection) Get rid of the (struct bgp_maxpaths_cfg *) arg, we
can't add state for every optional feature to the argument list - they
have to look it up as needed. Do pass through the very general afi/safi
context though (saves several lookups through the route_node).
Adjust for the new trinary bgp_info_cmp return value and updated args.
Do the mpath clearing/accumulation in one place, in each loop.
Call to bgp_info_mpath_update similarly gets updated, as there's no cfg to
pass.
(bgp_process_{rsclient,main}) match bgp_best_selection changes.
* bgp_mpath.c: (bgp_mpath_is_configured_sort) Helper for whether mpath is
enabled by peer sort.
(bgp_mpath_is_configured) ditto, generally.
(bgp_info_mpath_update) caller no longer has the cfg to pass in, look it
up.
* bgp_mpath.h: Export the above and Match .c changes.
Requires commit:
"bgpd: bgp_scan shouldn't queue up route_nodes with no routes for processing"
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |
|
|
|
|
|
|
| |
* bgp_nexthop.c: (bgp_scan) There is little point queueing an rn with no routing
information for processing.
* bgp_route.c: (bgp_process) Do nothing on rn's with no routes. Add an assert
for now, to try catch any other cases, but prob should be removed.
(bgp_best_selection) rn with no routes == finish early.
|
| |
|
|
| |
Reviewed-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
* bgp_open.c: (cap_modsizes) Table of multiple a capability's data size
should fall on, if applicable.
(bgp_capability_parse) Check the header lengthcap_modsizes should fall on.
Inspiration from Cumulus bgpd-capability-cleanup.patch patch, with a
slightly different approach.
Acked-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CEASE NOTIFICATION for OPEN parsing errors seems, to my reading of RFC4271
§6.2 to be incorrect.
* bgp_packet.c: (bgp_open_receive) OPEN/UNACEP_HOLDTIME is not an
appropriate error subcode if bgp_open_option_parse returns an error. Set
it to "Unspecific". Where a more specific subcode is appropriate, then lower
level should send that.
* bgp_open.c: (bgp_open_option_parse) Malformed OPENs should result in
NOTIFICATION with OPEN error, and OPEN/UNSPECIFIC sub-code - not CEASE.
(bgp_capability_{parse,orf_entry}) ditto.
* bgpd.h: Add BGP_NOTIFY_OPEN_UNSPECIFIC for 0. Note that IANA lists 0 as
reserved in the OPEN error sub-code registry, but RFC4271 page 32 says 0
is the "Unspecific" OPEN error subcode.
Have emailed IANA, they says it's a known errate to 4271 under review.
Some inspiration from Cumulus' bgpd-capability-cleanup.patch, though
v different result.
|
| |
|
|
| |
hangs.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Address CERT vulnerability report VU#270232, memcpy to stack data structure
based on length field from packet data whose length field upper-bound was
not properly checked.
This likely allows BGP peers that are enabled to send Labeled-VPN SAFI
routes to Quagga bgpd to remotely exploit Quagga bgpd.
Mitigation: Do not enable Labeled-VPN SAFI with untrusted neighbours.
Impact: Labeled-VPN SAFI is not enabled by default.
* bgp_mplsvpn.c: (bgp_nlri_parse_vpnv4) The prefixlen is checked for
lower-bound, but not for upper-bound against received data length.
The packet data is then memcpy'd to the stack based on the prefixlen.
Extend the prefixlen check to ensure it is within the bound of the NLRI
packet data AND the on-stack prefix structure AND the maximum size for the
address family.
Reported-by: Kostya Kortchinsky <kostyak@google.com>
This commit a joint effort between:
Lou Berger <lberger@labn.net>
Donald Sharp <sharpd@cumulusnetworks.com>
Paul Jakma <paul.jakma@hpe.com> / <paul@jakma.org>
|
| |
|
|
|
|
|
| |
The number of parameters to rib_add_ipv4 has been increased.
Submitter of original patch failed to modify solaris code path.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |
|
|
|
|
| |
A vrf_id was being set to 0 instead of VRF_DEFAULT
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* J Yu <jackiesyu@hotmail.com> noted a problem with bgpd of routes not
having their nexthop updated correctly.
Martin Winter <mwinter@opensourcerouting.org> pinned this down to the
case where a BGP route is updated from one with a valid nexthop to an
invalid next-hop, using a test tool. Once the problem occurs, the incorrect
route may remain, even after further UPDATEs, so long as the nexthop in the
zebra RIB does not match the BGP route's nexthop.
Jacqueline Yu then pinned the issue down further to being due to bgpd
sending the DELETE for the route to zebra with the new nexthop after a
BGP UPDATE updates an existing route, but then is found to be invalid,
and zebra not finding the route as it requires a match on all attributes.
* bgp_zebra.c: (bgp_zebra_withdraw) When deleting a prefix, we want it gone.
Do not send additional matching attributes like the nexthop, which can
only cause incorrect non-matches.
Acked-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |
|
|
|
|
|
| |
A couple compiler warnings snuck in from the last
round of work being looked at. This cleans them up
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |
|
|
|
|
|
|
|
|
| |
The RTADV define was not being set correctly or consistently.
Make the code consistent with our HAVE_IPV6 define.
If the user wants to explicitly turn it off then they should
run --disable-rtadv from the configure cli
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |
|
|
|
| |
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
Tested-by: NetDEF CI System <cisystem@netdef.org>
|
| |
|
|
|
|
|
|
|
| |
The changed messages are actually located before transmission is
attempted. Therefore, the tense is somewhat misleading, especially
since transmission may not always succeed.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
Acked-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |
|
|
|
| |
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
Acked-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |
|
|
|
| |
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
Acked-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |
|
|
|
| |
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
Acked-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |
|
|
|
| |
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
Acked-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |
|
|
| |
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
|
| |
|
|
|
| |
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
Acked-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
isisd implements a holdoff interval and will refrain from regenerating
an lsp if the difference between the current time and its last refresh
is less than the holdoff interval. Instead, it will schedule a timer
to regenerate the lsp after the holdoff interval has passed.
This implementation has one disadvantage in the case where there is a
succession of calls to lsp_regenerate_schedule. In such a case, the
first call will trigger an immediate regeneration of the lsp, while the
other calls will only schedule the regeneration timer. This leads to
cases where it takes holdoff interval time for information to propagate,
just because the information was only available e.g. at the second call
of lsp_regenerate_schedule in such a succession of calls.
By not immediately regenerating an lsp if the last generation time
is sufficiently long ago, but instead scheduling the regeneration with a
very small delay, we allow all information from such a succession of
calls to be considered.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
Acked-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |
|
|
| |
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
|
| |
|
|
|
| |
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
Acked-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |
|
|
|
| |
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
Acked-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |
|
|
|
|
|
|
|
| |
New circuits should be initialized to match the is_type
of their area. Also add an additional check to make sure
that no IIHs are sent for levels which are not enabled.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
Acked-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |
|
|
|
|
|
|
|
|
| |
We can abort isis_zebra_route_del_ipv6 if the route in question has
ISIS_ROUTE_FLAG_ZEBRA_SYNCED unset, meaning it's not in the kernel.
Aborting the function if the flag is set prevents us from removing
any routes.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
Acked-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |
|
|
|
| |
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
Acked-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |
|
|
|
| |
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
Acked-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |
|
|
| |
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
|
| |
|
|
|
| |
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
Acked-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |
|
|
|
| |
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
Acked-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
