bgpd: 'set comm-list delete' stops as soon as it hits a community-list entry with a deny'set comm-list delete' stops as soon as it hits a community-list entry with
a deny
Reviewed By: sharpd@cumulusnetworks.com
Testing Done:
'set comm-list FOO delete' stops evaluating the community-list as soon as
we hit
the first "delete" statement. This makes it impossible to use
community-lists
where you deny some subset of communities to delete and then permit all of
the
others.
This patch ...
bgpd: If route-map does not exist DENY for redistribute statementsUpon usage of a route-map statement in bgp, if the route-map does not exist
it turns into a implicit ALLOW, this causes issues in a wide variety
of scenarios.
Without this fix:
!
router bgp 100
bgp router-id 10.0.2.15
redistribute static route-map FOOEY
!
ip route 33.33.33.33/32 eth1
ip route 44.44.44.44/32 eth1
!
Now look at show ip bgp:
show ip bgp:
Network Next Hop ...
Fixed if_add_update possible null dereferenceCoverity Scan #1221454
In zebra/interface.c if_data could be null dereferenced without early
check.
Signed-off-by: Morgan Stewart <morgan@cumulusnetworks.com>
Reviewed-by: Donald Sharp <sharpd@cumulusnetworks.com>
pimd: Fix compile warning (error with Werror) on BSD* ioctl commands can vary in type between systems, cast to an unsigned long
before passing to format command.
pimd: Remove stdout zlog changesQuagga start has unnecessary pim messages to stdout. Causing some confusion.
Logging is already saving this information in pimd.log
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
pimd: Fix leaked fdWhen caling pim_sock_open if the failure cause happens, however
unlikely, don't leak the fd on failure.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
zebra: Fix leaked sockets in rtadv.cCoverity Scan #709790
In zebra/rtadv.c: rtadv_make_socket leaks socket for error cases.
Added lines to close the socket for each error case or return.
Signed-off-by: Morgan Stewart <morgan@cumulusnetworks.com>
zebra: rib->nexthop_num is double incrementedWhile reading linux kernel netlink messages, rib->nexthop_num is incremented
in the read loop as well as the underlying nexthop_add() function call. This
number should only be incremented in one spot. Removing the increment from
the read loop and allowing the underlying code to track this data as it is
already.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
zebra: fix addr sent in ZEBRA_IPV6_NEXTHOP_LOOKUPI found that zebra doesn't set correct IPv6 address in its result because of
using *addr's address. Although I'm using 0.99.22, the latest version has
also use "&addr". Shouldn't it use "addr"?
Signed-off-by: Hiroshi Yokoi <hiroshi.yokoi.0313@gmail.com>
Acked-by: Donald Sharp <sharpd@cumulusnetworks.com>
vtysh: allow --with-libpam to build with --enable-werrorThe function vtysh_pam fails the build with --enable-werror enabled
because it is a static function not declared as such
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
vtysh: Add missing show thread/work-queues commands'show thread cpu ..' and 'show work-queues' are missing
from vtysh, but are available from telnet.
This commit adds these commands to the vtysh interface.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
vrf: add a runtime check before playing with netnsThis patch adds a runtime check to determine if netns are available. Some
systems like OpenWRT have the system call setns() but don't have the kernel
option CONFIG_NET_NS enabled.
Reported-by: Christian Franke <chris@opensourcerouting.org>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Tested-by: Christian Franke <chris@opensourcerouting.org>
build/arm: Arm compilation warning fixThe arm cross compiler is issuing warnings for signed/unsigned
comparisons for ntohs. ntohs returns a unsigned int, while
the counting variables are signed. Fixed to allow -Werror
to work properly
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
lib: Remove unused 'show memory XXX' functionalityThe 'show memory XXXX' functionality is not used at all.
This removes the unused code
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
lib: Fix Free Pointer dereference in lib/filter.cCoverity Scan ID 23056. access is accessed after free in access_list_delete
Signed-off-by: Denil Vira <denil@cumulusnetworks.com>
lib/zclient: Consolidate error reporting for zclient_read_headerAll functions that call zclient_read_header immediately turn around
and check to ensure that the version and marker fields are correct
Move this code into zclient_read_header
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
lib/command: Fix optional arguments with description interactionsIf you have a cli like this:
"neighbor WORD interface {v6only}"
When in the cli you hit ? after entering v6only you get this:
tor-11(config-router)# neighbor swp1 interface v6only
% There is no matched command.
tor-11(config-router)# neighbor swp1 interface v6only
With this fix we now see:
tor-22(config-router)# neighbor swp1 interface v6only
<cr>
tor-22(config-router)# neighbor swp1 inter...
build: Enable vtysh and pimd as part of default buildThe default build needs vtysh and pimd as a default build so
that when a change is made we can catch build issues before they
become a problem.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
bgpd: Fix 'struct peer' memory leakspeer_delete has been written to handle the peer->group pointer and
to remove the peer from the peer group if it exists upon deletion being
called. Shutdown/deletion Code was intentionally setting the peer-group
to NULL prior to calling peer_delete. This leaked the memory associated
with the peer->group because of refcnt accounting.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
bgpd: Add some peer_lock/unlock debug codeFinding memory leaks associated with the peer data structure
is incredibly hard, add some code to allow you to find this
leaked code when needed.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
bgpd: Warn user that bgp is setting maximum-paths larger than MULTIPATH_NUMIn cases where a distribution has compiled zebra with a MULTIPATH_NUM
that is less than what the user is setting the maximum-paths in bgp,
warn them that some of the nexthops will not make it into zebra and
by extension the kernel for routing. The command is still accepted.
dell-s6000-02(config)# router bgp 100
dell-s6000-02(config-router)# maximum-paths 3
% Warning: maximum-paths set to 3 is...
bgpd: Fix small memory leak in str2prefix_rdstr2prefix_rd has a memory leak. This commit fixes that issue
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
bgpd: Remove unnecessary stream_dup callsBGP packet handling creates a stream to handle data for an outgoing packet.
In some cases the code would create a new stream, add data, then duplicate
the stream and then free the original stream. This change removes
the unnecessary duplication, which entails a malloc and memcpy.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
bgpd: Fix memory leak in bgpd/bgp_route.cIn function bgp_aggregate_add, variables 'aspath' and 'community'
are malloced but not guaranteed to be freed before the function
returns.
Signed-off-by: Denil Vira <denil@cumulusnetworks.com>
bgpd: Variable reuse in bgpd/bgpd.cIn bgp_delete(), variables 'node' and 'next' are overwritten in
the nested for loop.
Signed-off-by: Denil Vira <denil@cumulusnetworks.com>
Acked-by: Donald Sharp <sharpd@cumulusnetworks.com>
bgpd: Fix useless call in bgpd/bgp_mplsvpn.cCoverity scan ID : 1302528. Calling "decode_label(pnt)" is only useful for its return value, which is
ignored. Removed the call.
Signed-off-by: Denil Vira <denil@cumulusnetworks.com>
bgpd: Addition of "show ip bgp dampening" command treeThis patch addresses David's comments and contains:
1.Addition of show ip bgp dampening command tree
2.Addition of show ip bgp dampening parameters to display BGP dampening
parameters.
Signed-off-by: Balaji.G <balajig81@gmail.com>
bgpd: Make bgp_info_cmp robust to paths that do not have su_remote infoMy original su_remote == NULL check is not correct. It seems that
* bgp_route.c: (bgp_info_cmp) Some bgp_info is compared with su_remote=NULL
and it's supposed to be perfectly legal. E.g. configured subnet announces
("network a.b.c.d/n"). Ensure bgp_info_cmp is robust if such a path gets
as far as the neighbour address comparison step.
build/lib: Check for and include stdbool.h by default* stdbool.h should be widely supported by now, and the 'bool' type makes
more semantic sense than an integer type for boolean values.
bgpd: Fix race in clearing completionWhen a peer that is Established goes down, it is moved into the Clearing
state to facilitate clearing of the routes received from the peer - remove
from the RIB, reselect best path, update/delete from Zebra and to other
peers etc. At the end of this, a Clearing_Completed event is generated to
the FSM which will allow the peer to move out of Clearing to Idle.
The issue in the code is that there...
bgpd: Only use routes from Established peers for best path selectionEnsure that routes from a peer are not considered for best path
comparison if the peer is not in an Established state. There can
be a window between a peer being deleted and the background
thread that actually clears the routes (marks them as "removed")
runs during which best path may run. If this path selection
compared two prefixes all the way down to peer IP addresses and
one of these two pe...
bgpd: Ignore stale entry candidates during bestpath selection.During best path selection, if one of the candidates is a stale entry, do not
perform the neighbor address comparison as that information is invalid for
the stale entry. Attempting to perform the comparison results in a bgpd
exception.
Signed-off-by: Vivek Venkataraman <vivek@cumulusnetworks.com>
Reviewed-by: Dinesh G Dutt <ddutt@cumulusnetworks.com>
ospfd: trap on state change seems to send incorrect value for ospfNbrStateThe ospfNbrState in the ospf trap sent from ospfd shows an incorrect state.
For example, when the connection goes down, the ospfNbrState in the trap is
sent as '8' (full). When the connection is reestablished, the state is sent
as '7' (loading).
The reason seems to be that the trap is sent from nsm_notice_state_change()
before the state is actually updated by calling nsm_change_state().
Aft...
ospfd: Fix for 'no' + 'debug command' does not disable 'debug command'"no debug ospf packet all detail" does not cancel "debug ospf packet all detail"
due to the code inconsistency in setting/unsetting debug flags.
* ospf_dump.c: added missing flags.
Acked-by: Donald Sharp <sharpd@cumulusnetworks.com>
ospfd: Fast OSPF convergenceWhen considering small networks that have extreme requirements on
availability and thus convergence delay, the timers given in the OSPF RFC
seem a little “conservative”, i.e., the delay between accepted LSAs and the
rate at which LSAs are sent. Cisco introduced two commands 'timers throttle
lsa all’ and 'timers lsa arrival’, which allow operators to tune these
parameters.
I have been writing ...
ospfd: Fix bug in 94266fa822ba, nbr_self rebuild didn't add valid nbr_self* 94266fa822ba "ospfd: Self nbrs needs to be rebuilt when router ID changes."
deleted the nbr_self, and added it back, but ospf_nbr_add_self doesn't
actually create the nbr_self - it assumes it's already there. Leading
to use after free and crashes after a router-id change.
* ospfd/ospf_neighbor.{c,h}: (ospf_nbr_self_reset) Little helper to reset the
nbr_self correctly.
* ospf_interface...
bgpd/pimd: fix zAPI parsingCommit c99f3481a598 has changed the API. Now, the vrfid has been added in
the header, thus we must read it before parsing the rest of the message.
To ease code maintenance, let's add a new function to read a zAPI header.
Fixes: c99f3481a598 ("*: add VRF ID in the API message header")
Reported-by: Martin Winter <mwinter@opensourcerouting.org>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wi...
build: Remove the old PIC/PIE patch, let libtool sort it out* Remove the old change from '08 to add in PIE arguments at automake level.
Versions of libtool since then know how to deal with -fpie and do the right
thing according to whether its building shared or executable objects.
So just pass '-fpie' as CFLAG and let libtool do its thing.
isisd: Attached-bit in LSP headerSet/reset attached-bit in LSP header:
This patch provides support for set/reset attached_bit in the LSP header.
In IS-IS networks, routing inter-area traffic from L1 areas is
accomplished by sending the traffic to the nearest L1/L2 router.
A L1/L2 router identifies itself by setting an attach-bit (ATT-bit) in its (LSP).
The ATT-bit in LSP can be changed using the set-attach...
isisd: Add new adjacency to LSP neighbor listisis_pdu.c :
New adjacency did not always get added to LSP neighbor list.
The adjacencies that were created once minimum time allowed before LSP
retransmission had surpassed, instantly got their LSP regenerated, but
the adjacency circuit type was not set to IIH PDU circuit type before
the LSP was regenerated , hence didn't pass the check for adjacency
circuit type in lsp_build(), and the adjac...
pimd: Create ability to modify hell and hold timers per interfaceCreate new per interface command:
'ip pim hello <1-180> {<1-180>}'
The first number is the Hello Timer for this interface
The second number is the Hold Timer to pass to neighbors on this interface.
The second number is optional.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
pimd: Change ioctl call failure from vty_out to zlog_warnThe command 'show ip multicast' when run, iterates over all interfaces
on the router, if you do not have pim configured on that interface
it would generate an error message:
Interface Address ifi Vif PktsIn PktsOut BytesIn BytesOut
br1 20.0.15.1 7 7 0 0 0 0
swp1 169.254.0.10 3 3 0 0 0 0
swp2 ...
pimd: Ensure new generation_id is different from previousThe RFC states that an interfaces generation_id must be changed
if it experiences an if down. From 4.3.1:
The GenID option contains a randomly generated
32-bit value that is regenerated each time PIM forwarding is started
or restarted on the interface, including when the router itself
restarts.
Since we are only grabbing a new generation_id without comparing
it to the previous generation_id,...
pimd: Stop DR election on every helloThe DR election is occurring on every hello received.
This is because the hello receive packet returns a 0
for any successfully received packet. PIMD then looked
at the 0 returned and did a DR election.
Code was inspected for the cases where DR should happen:
(A) Interface ip address change
(B) DR priority in hello packet changes
(C) Received a new neighbor on an interface
(D) Neighbor timer ...
pimd: Fix first DR ElectionThe function pim_neighbor_new caused the dr election before
the addition of the neighbor to the pim_ifp->pim_neighbor_list,
in pim_neighbor_add, which is needed to properly elect the
correct DR.
Move the dr_election and hello trigger till after the addition
to the list.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
pimd: Add ability to set DR Priority for an interfaceFrom RFC 4601, Section 4.3.1:
The DR_Priority Option allows a network administrator to give
preference to a particular router in the DR election process by
giving it a numerically larger DR Priority. The DR_Priority Option
SHOULD be included in every Hello message, even if no DR Priority is
explicitly configured on that interface. This is necessary because
priority-based DR election is only ...
Michael Rossberg
Paul Jakma
