| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
zclient_stop(), which is used as antagonist to zclient_init(), needs to
undo the vrf_bitmap allocation. Otherwise zclient_init() will leak the
allocated memory, for example when zclient_reset() is used.
Reported-by: Lou Berger <lberger@labn.net>
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* zclient.c: prefix length on router-id and interface address add
messages not sanity checked. fix.
* */*_zebra.c: Prefix length on zebra route read was not checked, and
clients use it to write to storage. An evil zebra could overflow
client structures by sending overly long prefixlen.
Prompted by discussions with:
Donald Sharp <sharpd@cumulusnetworks.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* lib/zclient.c: (zebra_interface_if_set_value) The hw_addr_len field
is used as trusted input to read off the hw_addr and write to the
INTERFACE_HWADDR_MAX sized hw_addr field. The read from the stream is
bounds-checked by the stream abstraction, however the write out to the
heap can not be.
Tighten the supplied length to stream_get used to do the write.
Impact: a malicious zebra can overflow the heap of clients using the ZServ
IPC. Note that zebra is already fairly trusted within Quagga.
Reported-by: Kostya Kortchinsky <kostyak@google.com>
|
| |
|
|
|
|
|
|
|
|
| |
Allow the auto-generation of a "<X-Y>" string for cli handline.
Where X or Y can be a #define.
CMD_RANGE_STR(LOW, HIGH) translates to:
"<4-99>"
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This removes the BSD specific usage of struct sockaddr_dl
hardware address. This unifies to use explict hw_addr member for
the address, and zebra specific enumeration for the link layer
type.
Additionally the zapi is updated to never send platform specific
structures over the wire, but the ll_type along with hw_addr_len
and hw_addr are now sent for all platforms.
Based on initial work by Paul Jakma.
Signed-off-by: Timo Teräs <timo.teras@iki.fi>
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
FIB override routes are for routing protocols that establish
shortcut routes, or establish point-to-point routes that should
not be redistributed. Namely this is useful NHRP daemon to come.
Zebra is extended to select two entries from RIB the "best" entry
from routing protocols, and the FIB entry to install to kernel.
FIB override routes are never selected as best entry, and thus
are never adverticed to other routing daemons. The best FIB
override, or if it does not exist the otherwise best RIB is
selected as FIB entry to be installed.
Signed-off-by: Timo Teräs <timo.teras@iki.fi>
Acked-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |
|
|
|
|
|
| |
The 'struct fifo' and it's accompanying #defines do not
belong in lib/zebra.h. Move them into their own header.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |
|
|
|
| |
Signed-off-by: Lou Berger <lberger@labn.net>
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
|
| |
|
|
|
| |
Signed-off-by: Lou Berger <lberger@labn.net>
Reviewed-by: David Lamparter <equinox@opensourcerouting.org>
|
| |
|
|
|
| |
Signed-off-by: Lou Berger <lberger@labn.net>
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
|
| |
|
|
| |
Signed-off-by: Lou Berger <lberger@labn.net>
|
| |
|
|
| |
Signed-off-by: Lou Berger <lberger@labn.net>
|
| |
|
|
|
| |
Signed-off-by: Lou Berger <lberger@labn.net>
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
|
| |
|
|
|
|
| |
with null. Fixes issue seen in bgp check tests.
Signed-off-by: Lou Berger <lberger@labn.net>
|
| |
|
|
|
|
|
|
|
| |
When libreadline is used, we mistakenly mix in strdup() done in
libreadline with Quagga's lib/memory bookkeeping/counting, leading to
counter underflows on MTYPE_TMP.
Signed-off-by: Lou Berger <lberger@labn.net>
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
|
| |
|
|
|
|
|
| |
lib/zebra.h has FILTER_X #define's. These do not belong there.
Put them in lib/filter.h where they belong.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |
|
|
|
|
|
|
|
|
| |
This code change does two things:
1) Removes ZEBRA_AFI_XXX #defines since they were redundant information
2) Switches afi_t to an enumerated type so that the compiler
can do a bit more compile time checking.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |
|
|
|
|
|
| |
A couple compiler warnings snuck in from the last
round of work being looked at. This cleans them up
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |
|
|
| |
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
|
| |
|
|
|
| |
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
Acked-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |
|
|
|
| |
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
Acked-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |
|
|
|
|
|
|
| |
The 'struct static_ipv4' and 'struct static_ipv6' structures
are essentially the same. Collapse them into one data structure
'struct static_route'.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |
|
|
|
|
|
|
| |
This commits allow overriding MTU using netlink attributes on
per-route basis. This is useful for routing protocols that can
advertice prefix specific MTUs between routers (e.g. NHRP).
Signed-off-by: Timo Teräs <timo.teras@iki.fi>
|
| |
|
|
|
|
|
|
|
| |
This flag is used internally in zebra only. And it makes no sense
to expose it over the zclient API, as having it set from client
could corrupt the internal state.
Signed-off-by: Timo Teräs <timo.teras@iki.fi>
Acked-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The old style mallinfo() function uses an 'int' to
report memory usage data to the program. Unfortunately
modern architectures can chew through 2gb of memory like a
buzz saw hitting some warm butter, especially in the case
of a memory leak or memory fragmentation.
When a daemon uses more than 2gb of memory, just indicate it's
gotten large and we don't know anymore.
Pre-change behavior:
Robot-1# show memory
System allocator statistics:
Total heap allocated: 16777216 TiB
Holding block headers: 1288 KiB
Used small blocks: 0 bytes
Used ordinary blocks: 535 MiB
Free small blocks: 768 bytes
Free ordinary blocks: 16777216 TiB
Ordinary blocks: 266107
Small blocks: 24
Holding blocks: 2
Post-change behavior:
Robot-1# show memory
System allocator statistics:
Total heap allocated: 1572 KiB
Holding block headers: > 2GB
Used small blocks: 0 bytes
Used ordinary blocks: 1443 KiB
Free small blocks: 32 bytes
Free ordinary blocks: 129 KiB
Ordinary blocks: 2
Small blocks: 1
Holding blocks: 2
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |
|
|
|
|
| |
Signed-off-by: Daniel Walton <dwalton@cumulusnetworks.com>
Reviewed-by: Donald Sharp <sharpd@cumulusnetworks.com>
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |
|
|
|
| |
Signed-off-by: Daniel Walton <dwalton@cumulusnetworks.com>
Reviewed-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |\ |
|
| | |
| |
| |
| |
| |
| | |
Of course Solaris doesn't have getgrouplist()...
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
|
| | |
| |
| |
| |
| |
| |
| | |
__EXTENSION__ is already defined in config.h by autoconf; drop the
duplicate from zebra.h.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
zebra.h pulls in config.h, which results in fiddling with things like
__FILE_OFFSET_BITS. It must always be included first, in order to set
flags that influence the compiler via <features.h>.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Description:
We use valgrind memcheck quite a bit to spot leaks in
our work with bgpd. In order to eliminate false positives,
we added code in the exit path to release the remaining
allocated memory.
Bgpd startup log message now includes pid.
Some little tweaks by Paul Jakma <paul.jakma@hpe.com>:
* bgp_mplsvpn.c: (str2prefix_rd) do the cleanup in common code at the end
and goto it.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Both smux.c and vty.c have the same:
static struct thread_master *master;
as global variables for the file. This can and will lead to confusion
name the variables something appropriate for the file it is in.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
There exists a sequence of cli commands that are successfully read in by bgpd.conf, but
not by a consolidated Quagga.conf.
This issue stems from the fact that the consolidated config file attempts to match the
current node + 1 node up the tree, while the individual config file searches for matches
all the way up the tree.
Quagga.conf read-in relies on vtysh_cmd.c command parsing which puts all nodes
at CONFIG_NODE and if a match is found CMD_SUCCESS_DAEMON is returned. This signals to
the parser to call the appropriate daemon with the comamnd.
bgp as an example has three levels of config node's. If you are reading in a config node
at the 3rd level(say address-family ipv6) then transition to another node under bgp it will
not work in Quagga.conf because the code only looked up one node and was at CONFIG_BGP when it failed
to find a match.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Reviewed-by: Daniel Walton <dwalton@cumulusnetworks.com>
|
| |/
|
|
|
|
|
|
|
|
|
|
| |
zclient.c depended upon link time inclusion of a
extern struct thread_master *master. This is a violation of the
namespace of the calling daemon. If a library needs the pointer
pass it in and save it for future use.
This code change also makes the zclient code consistent with
the other lib functions that need to schedule work on your behalf
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |
|
|
|
|
|
|
|
|
| |
This patch adds a runtime check to determine if netns are available. Some
systems like OpenWRT have the system call setns() but don't have the kernel
option CONFIG_NET_NS enabled.
Reported-by: Christian Franke <chris@opensourcerouting.org>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Tested-by: Christian Franke <chris@opensourcerouting.org>
|
| |
|
|
|
|
|
| |
The 'show memory XXXX' functionality is not used at all.
This removes the unused code
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |
|
|
|
|
| |
Coverity Scan ID 23056. access is accessed after free in access_list_delete
Signed-off-by: Denil Vira <denil@cumulusnetworks.com>
|
| |
|
|
|
|
|
|
| |
All functions that call zclient_read_header immediately turn around
and check to ensure that the version and marker fields are correct
Move this code into zclient_read_header
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If you have a cli like this:
"neighbor WORD interface {v6only}"
When in the cli you hit ? after entering v6only you get this:
tor-11(config-router)# neighbor swp1 interface v6only
% There is no matched command.
tor-11(config-router)# neighbor swp1 interface v6only
With this fix we now see:
tor-22(config-router)# neighbor swp1 interface v6only
<cr>
tor-22(config-router)# neighbor swp1 interface v6only
This behavior is now consistent with non-optional last
arguments.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| | |
|
| |
|
|
|
| |
* stdbool.h should be widely supported by now, and the 'bool' type makes
more semantic sense than an integer type for boolean values.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When considering small networks that have extreme requirements on
availability and thus convergence delay, the timers given in the OSPF RFC
seem a little “conservative”, i.e., the delay between accepted LSAs and the
rate at which LSAs are sent. Cisco introduced two commands 'timers throttle
lsa all’ and 'timers lsa arrival’, which allow operators to tune these
parameters.
I have been writing a patch to also support 'timers lsa arrival’ fully and
‘timers throttle lsa all’ (without the throttling part) also in quagga.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Commit c99f3481a598 has changed the API. Now, the vrfid has been added in
the header, thus we must read it before parsing the rest of the message.
To ease code maintenance, let's add a new function to read a zAPI header.
Fixes: c99f3481a598 ("*: add VRF ID in the API message header")
Reported-by: Martin Winter <mwinter@opensourcerouting.org>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Acked-by: Donald Sharp <sharpd@cumulusnetworks.com>
Tested-by: Martin Winter <mwinter@opensourcerouting.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Hi,
This patch adds the ability to configure multicast static routes
directly into pimd. Two source files are introduced to implement the new
feature in addition to changes to existing files.
Here is how it can be used the CLI:
interface <incoming interface>
ip mroute <outgoing interface> <group addr> #
for asm
or ip mroute <outgoing interface> <group addr> <source> # for ssm
Please let me know if you have any questions or concerns,
Regards,
Jafar
Acked-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |
|
|
|
|
|
|
| |
Quagga was using a mix of srand/rand and srandom/random.
Consolidate to use srandom/random which are the POSIX
versions of random number generators
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |
|
|
|
|
| |
Because operator "!" has higher priority than "&&",
So we put the "&&" expression in "()" to check both getp and endp.
Acked-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We realize VRFs with linux netns by default. The main job is
to associate a VRF with a netns. Currently this is done by
the configuration:
[no] vrf N netns <netns-name>
This command is also available in vtysh and goes to only
zebra, because presently only zebra supports multiple VRF.
A file descriptor is added to "struct vrf". This is for the
associated netns file. Once the command "vrf N netns NAME"
is executed, the specified file is opened and the file
descriptor is stored in the VRF N. In this way the
association is formed.
In vrf_socket(), we first switch to the specified VRF by
using the stored file descriptor, and then can allocate
a socket which is working in the associated netns.
Signed-off-by: Feng Lu <lu.feng@6wind.com>
Reviewed-by: Alain Ritoux <alain.ritoux@6wind.com>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The API messages are used by zebra to exchange the interfaces, addresses,
routes and router-id information with its clients. To distinguish which
VRF the information belongs to, a new field "VRF ID" is added in the
message header. And hence the message version is increased to 3.
* The new field "VRF ID" in the message header:
Length (2 bytes)
Marker (1 byte)
Version (1 byte)
VRF ID (2 bytes, newly added)
Command (2 bytes)
- Client side:
- zclient_create_header() adds the VRF ID in the message header.
- zclient_read() extracts and validates the VRF ID from the header,
and passes the VRF ID to the callback functions registered to
the API messages.
- All relative functions are appended with a new parameter "vrf_id",
including all the callback functions.
- "vrf_id" is also added to "struct zapi_ipv4" and "struct zapi_ipv6".
Clients need to correctly set the VRF ID when using the API
functions zapi_ipv4_route() and zapi_ipv6_route().
- Till now all messages sent from a client have the default VRF ID
"0" in the header.
- The HELLO message is special, which is used as the heart-beat of
a client, and has no relation with VRF. The VRF ID in the HELLO
message header will always be 0 and ignored by zebra.
- Zebra side:
- zserv_create_header() adds the VRF ID in the message header.
- zebra_client_read() extracts and validates the VRF ID from the
header, and passes the VRF ID to the functions which process
the received messages.
- All relative functions are appended with a new parameter "vrf_id".
* Suppress the messages in a VRF which a client does not care:
Some clients may not care about the information in the VRF X, and
zebra should not send the messages in the VRF X to those clients.
Extra flags are used to indicate which VRF is registered by a client,
and a new message ZEBRA_VRF_UNREGISTER is introduced to let a client
can unregister a VRF when it does not need any information in that
VRF.
A client sends any message other than ZEBRA_VRF_UNREGISTER in a VRF
will automatically register to that VRF.
- lib/vrf:
A new utility "VRF bit-map" is provided to manage the flags for
VRFs, one bit per VRF ID.
- Use vrf_bitmap_init()/vrf_bitmap_free() to initialize/free a
bit-map;
- Use vrf_bitmap_set()/vrf_bitmap_unset() to set/unset a flag
in the given bit-map, corresponding to the given VRF ID;
- Use vrf_bitmap_check() to test whether the flag, in the given
bit-map and for the given VRF ID, is set.
- Client side:
- In "struct zclient", the following flags are changed from
"u_char" to "vrf_bitmap_t":
redist[ZEBRA_ROUTE_MAX]
default_information
These flags are extended for each VRF, and controlled by the
clients themselves (or with the help of zclient_redistribute()
and zclient_redistribute_default()).
- Zebra side:
- In "struct zserv", the following flags are changed from
"u_char" to "vrf_bitmap_t":
redist[ZEBRA_ROUTE_MAX]
redist_default
ifinfo
ridinfo
These flags are extended for each VRF, as the VRF registration
flags. They are maintained on receiving a ZEBRA_XXX_ADD or
ZEBRA_XXX_DELETE message.
When sending an interface/address/route/router-id message in
a VRF to a client, if the corresponding VRF registration flag
is not set, this message will not be dropped by zebra.
- A new function zread_vrf_unregister() is introduced to process
the new command ZEBRA_VRF_UNREGISTER. All the VRF registration
flags are cleared for the requested VRF.
Those clients, who support only the default VRF, will never receive
a message in a non-default VRF, thanks to the filter in zebra.
* New callback for the event of successful connection to zebra:
- zclient_start() is splitted, keeping only the code of connecting
to zebra.
- Now zclient_init()=>zclient_connect()=>zclient_start() operations
are purely dealing with the connection to zbera.
- Once zebra is successfully connected, at the end of zclient_start(),
a new callback is used to inform the client about connection.
- Till now, in the callback of connect-to-zebra event, all clients
send messages to zebra to request the router-id/interface/routes
information in the default VRF.
Of corse in future the client can do anything it wants in this
callback. For example, it may send requests for both default VRF
and some non-default VRFs.
Signed-off-by: Feng Lu <lu.feng@6wind.com>
Reviewed-by: Alain Ritoux <alain.ritoux@6wind.com>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Acked-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
