Based on the vulnerability mentioned in 793496 an attacker can craft an
LSA with MaxSequence number wtih invalid links and not set age to MAX_AGE
so the lsa would not be flush from the database.
To address the issue, check incoming LSA is MaxSeq but Age is not set
to MAX_AGE 3600, discard the LSA from processing it.
Based on RFC-2328 , When a LSA update sequence reaches MaxSequence
number, it should be prematurely aged out from the database with age set
to MAX_AGE (3600).
Ticket:CM-18989
Reviewed By:
Testing Done:
Signed-off-by: Chirag Shah <chirag@cumulusnetworks.com>
Ospfd cored because of an assert when we try to write more than the MTU
size to the ospf packet buffer stream. The problem is - we allocate only MTU
sized buffer. The expectation is that Hello packets are never large
enough to approach MTU. Instead of crashing, this fix discards hello and
logs an error. One should not have so many neighbors behind an
interface.
Ticket: CM-22380
Signed-off-by: Nitin Soni <nsoni@cumulusnetworks.com>
Reviewed-by: CCR-8204
This reverts commit 48944eb65e.
We're using GNU C, not ISO C - and this commit triggers new (real)
warnings about {0} instead of bogus ones about {}.
Signed-off-by: David Lamparter <equinox@diac24.net>
When the ospf->oi_write_q is not empty that means that ospf could
already have a thread scheduled for running. Just dropping
the pointer before resheduling does not stop the one currently
scheduled for running from running. The calling of thread_add_write
checks to see if we are already running and does the right thing here
so it is sufficient to just call thread_add_write.
This issue was tracked down from this stack trace:
Oct 19 18:04:00 VYOS-R1 ospfd[1811]: [EC 134217739] interface eth2.1032:172.16.4.110: ospf_check_md5 bad sequence 5333618 (expect 5333649)
Oct 19 18:04:00 VYOS-R1 ospfd[1811]: message repeated 3 times: [ [EC 134217739] interface eth2.1032:172.16.4.110: ospf_check_md5 bad sequence 5333618 (expect 5333649)]
Oct 19 18:04:00 VYOS-R1 ospfd[1811]: Assertion `node’ failed in file ospfd/ospf_packet.c, line 666, function ospf_write
Oct 19 18:04:00 VYOS-R1 ospfd[1811]: Backtrace for 8 stack frames:
Oct 19 18:04:00 VYOS-R1 ospfd[1811]: [bt 0] /usr/lib/libfrr.so.0(zlog_backtrace+0x3a) [0x7fef3efe9f8a]
Oct 19 18:04:00 VYOS-R1 ospfd[1811]: [bt 1] /usr/lib/libfrr.so.0(_zlog_assert_failed+0x61) [0x7fef3efea501]
Oct 19 18:04:00 VYOS-R1 ospfd[1811]: [bt 2] /usr/lib/frr/ospfd(+0x2f15e) [0x562e0c91815e]
Oct 19 18:04:00 VYOS-R1 ospfd[1811]: [bt 3] /usr/lib/libfrr.so.0(thread_call+0x60) [0x7fef3f00d430]
Oct 19 18:04:00 VYOS-R1 ospfd[1811]: [bt 4] /usr/lib/libfrr.so.0(frr_run+0xd8) [0x7fef3efe7938]
Oct 19 18:04:00 VYOS-R1 ospfd[1811]: [bt 5] /usr/lib/frr/ospfd(main+0x153) [0x562e0c901753]
Oct 19 18:04:00 VYOS-R1 ospfd[1811]: [bt 6] /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5) [0x7fef3d83db45]
Oct 19 18:04:00 VYOS-R1 ospfd[1811]: [bt 7] /usr/lib/frr/ospfd(+0x190be) [0x562e0c9020be]
Oct 19 18:04:00 VYOS-R1 ospfd[1811]: Current thread function ospf_write, scheduled from file ospfd/ospf_packet.c, line 881
Oct 19 18:04:00 VYOS-R1 zebra[1771]: [EC 4043309116] Client ‘ospf’ encountered an error and is shutting down.
Oct 19 18:04:00 VYOS-R1 zebra[1771]: client 41 disconnected. 0 ospf routes removed from the rib
We had an assert(node) in ospf_write, which means that the list was empty. So I just
searched until I saw a code path that allowed multiple writes to the ospf_write function.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
In all but one instance we were following this pattern
with ospf_lsa_new:
ospf_lsa_new()
ospf_lsa_data_new()
so let's create a ospf_lsa_new_and_data to abstract
this bit of fun and cleanup all the places where
it assumes these function calls can fail.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The following types are nonstandard:
- u_char
- u_short
- u_int
- u_long
- u_int8_t
- u_int16_t
- u_int32_t
Replace them with the C99 standard types:
- uint8_t
- unsigned short
- unsigned int
- unsigned long
- uint8_t
- uint16_t
- uint32_t
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
- ospfd/ospf_opaque.c: Update issue #1652 by introducing a new
function 'free_opaque_info_owner()' to clean list of callback owner
and call this function in appropriate place where 'listdelete_and_null'
is not used.
- ospfd/ospf_packet.c: In case of crash, ospfd is not been able to
flush LSA. In case of self Opaque LSA, when restarting, ospfd crash
during the resynchronisation process with its neighbor due to an
empty list of LSA to flood. Just add a control on the list count
in 'ospf_ls_upd_queue_send()' to escape the function and avoid the
problem.
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
Some of the deprecated stream.h macros see such little use that we may
as well just remove them and use the non-deprecated macros.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Router-ID change or ospf instance going down,
send LS-Upd with MAXAGE to self origintated LSAs to
all ospf neighbors.
Ticket:CM-1576
Testing Done:
Bring R1 - R2, Change Router-ID on R2, restart frr on R2
Validated R1 ospf LSDB for max aged 3600 LSA from R2.
Signed-off-by: Chirag Shah <chirag@cumulusnetworks.com>
list_free is occassionally being used to delete the
list and accidently not deleting all the nodes.
We keep running across this usage pattern. Let's
remove the temptation and only allow list_delete
to handle list deletion.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Convert the list_delete(struct list *) function to use
struct list **. This is to allow the list pointer to be nulled.
I keep running into uses of this list_delete function where we
forget to set the returned pointer to NULL and attempt to use
it and then experience a crash, usually after the developer
has long since left the building.
Let's make the api explicit in it setting the list pointer
to null.
Cynical Prediction: This code will expose a attempt
to use the NULL'ed list pointer in some obscure bit
of code.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Change all callers of IPV4_ADDR_SAME() to pass a pointer to a struct in_addr
Use assignment and comparison instead of memcpy() and memcmp(). Avoids function
calls. Faster.
Signed-off-by: Jorge Boncompte <jbonor@gmail.com>
This reverts commit c14777c6bf.
clang 5 is not widely available enough for people to indent with. This
is particularly problematic when rebasing/adjusting branches.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
log.c provides functionality for associating a constant (typically a
protocol constant) with a string and finding the string given the
constant. However this is highly delicate code that is extremely prone
to stack overflows and off-by-one's due to requiring the developer to
always remember to update the array size constant and to do so correctly
which, as shown by example, is never a good idea.b
The original goal of this code was to try to implement lookups in O(1)
time without a linear search through the message array. Since this code
is used 99% of the time for debugs, it's worth the 5-6 additional cmp's
worst case if it means we avoid explitable bugs due to oversights...
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
The FSF's address changed, and we had a mixture of comment styles for
the GPL file header. (The style with * at the beginning won out with
580 to 141 in existing files.)
Note: I've intentionally left intact other "variations" of the copyright
header, e.g. whether it says "Zebra", "Quagga", "FRR", or nothing.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Pass pointer to pointer instead of assigning by return value. See
previous commit message.
To ensure that the behavior stays functionally correct, any assignments
with the result of a thread_add* function have been transformed to set
the pointer to null before passing it. These can be removed wherever the
pointer is known to already be null.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
The way thread.c is written, a caller who wishes to be able to cancel a
thread or avoid scheduling it twice must keep a reference to the thread.
Typically this is done with a long lived pointer whose value is checked
for null in order to know if the thread is currently scheduled. The
check-and-schedule idiom is so common that several wrapper macros in
thread.h existed solely to provide it.
This patch removes those macros and adds a new parameter to all
thread_add_* functions which is a pointer to the struct thread * to
store the result of a scheduling call. If the value passed is non-null,
the thread will only be scheduled if the value is null. This helps with
consistency.
A Coccinelle spatch has been used to transform code of the form:
if (t == NULL)
t = thread_add_* (...)
to the form
thread_add_* (..., &t)
The THREAD_ON macros have also been transformed to the underlying
thread.c calls.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
This ditches tv_add, tv_sub, tv_cmp, etc. in favour of
monotime{,_since,_until}() which actually makes the code much more
readable in some locations.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
This reverts commit b7fe4141, which introduced a logic where the OSPF
send buffer size was dynamically updated to reflect the maximum MTU
of the OSPF enabled interfaces (this was done to make ospfd work with
interfaces configured for jumbo frames).
Since commit a78d75b0, this is not necessary anymore because
ospf_sock_init() now sets the OSPF send buffer size to a very high value
(8MB). Also, the previous logic was broken because it didn't account
for run-time interface MTU changes.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
We can't use if_lookup_prefix() in rip_update_process() because this
function uses prefix_cmp() internally to try matching an interface
address to a static neighbor's address.
Since prefix_cmp() tries to match exact prefixes, if_lookup_prefix()
was always returning NULL.
What we really need here is to use prefix_match(), which checks if
one prefix includes the other (e.g. one /24 interface including a /32
static neighbor's address). The fix then is to replace the call to
if_lookup_prefix() and use if_lookup_address() instead, which uses
prefix_match() internally.
Fixes IxANVL RIP test 17.1
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
NOTE: I am squashing several commits together because they
do not independently compile and we need this ability to
do any type of sane testing on the patches. Since this
series builds together I am doing this. -DBS
This new structure is the basis to get new link parameters for
Traffic Engineering from Zebra/interface layer to OSPFD and ISISD
for the support of Traffic Engineering
* lib/if.[c,h]: link parameters struture and get/set functions
* lib/command.[c,h]: creation of a new link-node
* lib/zclient.[c,h]: modification to the ZBUS message to convey the
link parameters structure
* lib/zebra.h: New ZBUS message
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
Add support for IEEE 754 format
* lib/stream.[c,h]: Add stream_get{f,d} and stream_put{f,d}) demux and muxers to
safely convert between big-endian IEEE-754 single and double binary
format, as used in IETF RFCs, and C99. Implementation depends on host
using __STDC_IEC_559__, which should be everything we care about. Should
correctly error out otherwise.
* lib/network.[c,h]: Add ntohf and htonf converter
* lib/memtypes.c: Add new memeory type for Traffic Engineering support
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
Add link parameters support to Zebra
* zebra/interface.c:
- Add new link-params CLI commands
- Add new functions to set/get link parameters for interface
* zebra/redistribute.[c,h]: Add new function to propagate link parameters
to routing daemon (essentially OSPFD and ISISD) for Traffic Engineering.
* zebra/redistribute_null.c: Add new function
zebra_interface_parameters_update()
* zebra/zserv.[c,h]: Add new functions to send link parameters
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
Add support of new link-params CLI to vtysh
In vtysh_config.c/vtysh_config_parse_line(), it is not possible to continue
to use the ordered version for adding line i.e. config_add_line_uniq() to print
Interface CLI commands as it completely break the new LINK_PARAMS_NODE.
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
Update Traffic Engineering support for OSPFD
These patches update original code to RFC3630 (OSPF-TE) and add support of
RFC5392 (Inter-AS v2) & RFC7471 (TE metric extensions) and partial support
of RFC6827 (ASON - GMPLS).
* ospfd/ospf_dump.[c,h]: Add new dump functions for Traffic Engineering
* ospfd/ospf_opaque.[c,h]: Add new TLV code points for RFC5392
* ospfd/ospf_packet.c: Update checking of OSPF_OPTION
* ospfd/ospf_vty.[c,h]: Update ospf_str2area_id
* ospfd/ospf_zebra.c: Add new function ospf_interface_link_params() to get
Link Parameters information from the interface to populate Traffic Engineering
metrics
* ospfd/ospfd.[c,h]: Update OSPF_OPTION flags (T -> MT and new DN)
* ospfd/ospf_te.[c,h]: Major modifications to update the code to new
link parameters structure and new RFCs
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
tmp
HAVE_OPAQUE_LSA is used by default and you have to actively turn it off
except that OPAQUE_LSA is an industry standard and used pretty much
everywhere. There is no need to have special #defines for this anymore.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
(cherry picked from commit 36fef5708d074a3ef41f34d324c309c45bae119b)
When considering small networks that have extreme requirements on
availability and thus convergence delay, the timers given in the OSPF RFC
seem a little “conservative”, i.e., the delay between accepted LSAs and the
rate at which LSAs are sent. Cisco introduced two commands 'timers throttle
lsa all’ and 'timers lsa arrival’, which allow operators to tune these
parameters.
I have been writing a patch to also support 'timers lsa arrival’ fully and
‘timers throttle lsa all’ (without the throttling part) also in quagga.
* ospf_opaque.c: (ospf_opaque_adjust_lsreq) Odd hack to general OSPF
database exchange but made to act only on opaque LSAs. It's either covering
up bugs in the flooding code or its wrong. If it's covering up bugs, those
would affect all LSAs and should be fixed at a lower layer in ospfd, indeed
perhaps those bugs are long fixed anyway (?). Alternatively, it's just plain
wrong. Nuke.
(ospf_opaque_exclude_lsa_from_lsreq) helper to above, nuke.
* ospf_packet.c: Nuke call to ospf_opaque_adjust_lsreq.
Tested-by: olivier.dugeon@orange.com
* Opaque support contains some kind of hack/optimisation to
origination/flooding to suppress some origins/floods until an opaque LS
Acks are received. Previous versions of the code have already been shown
to have bugs in them (see e16fd8a5, e.g.). It seems over-complex and fragile,
plus its conceptually the wrong place to try implement flooding hacks that,
AFAICT, do not depend particularly on the semantics of opaque LSA.
Nuke.
Tested-by: Olivier Dugeon <olivier.dugeon@orange.com>
On higher warning levels, compilers expect %p printf arguments to be
void *. Since format string / argument warnings can be useful
otherwise, let's get rid of this noise by sprinkling casts to void *
over printf calls.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
If opaque-capability is enabled, we must set the O-bit in
the option field of all DD packets. Changing the option
field of DD packets may cause the peer to reset the state
back to ExStart.
Signed-off-by: Feng Lu <lu.feng@6wind.com>
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
(cherry picked from commit 86ce951e349fd08d1ba2c66f5f6d07756689422a)
This looks fishy in ospf_make_md5_digest()
if (list_isempty (OSPF_IF_PARAM (oi, auth_crypt)))
auth_key = (const u_int8_t *) "";
...
MD5Update(&ctx, auth_key, OSPF_AUTH_MD5_SIZE);
auth_key points to a "" string of len 1 which is a lot
smaller that OSPF_AUTH_MD5_SIZE. Is this intentional to
get some random data or just a plain bug?
Anyone using MD5 should have a closer look and decide
what to do.
Acked-by: Feng Lu <lu.feng@6wind.com>
(cherry picked from commit ea2a598411cc7bd20456849e56bbc9e93c9916e7)
Two issues:
1) nbr->oi->ifp->name is an array it would
always evaluate to true.
2) There exist a code path where addr
would be used without initialization.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Reviewed-by: Daniel Walton <dwalton@cumulusnetworks.com>
When there is an OSPF missconfiguration, do not zlog_warn the fact
as that it would quickly overwhelm any log file.
Ticket: CM-7534
Reviewed by: CCR-3756
Testing: See bug
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Ticket:
Reviewed By: CCR-3335
Testing Done: bgpsmoke, ENHE tests etc.
Add support for filtering routes from upper layer protocols to zebra
via route-maps for IPv6. The same functionality already existed for
IPv4.
In addition, add support for setting source of routes via IPv6 protocol
map.
Signed-off-by: Dinesh G Dutt <ddutt@cumulusnetworks.com>
Reviewed-by: Donald Sharp <sharpd@cumulusnetworks.com>
Reviewed-by: Vivek Venkataraman <vivek@cumulusnetworks.com>
Reviewed-by: Vipin Kumar <vipin@cumulusnetworks.com>
Allow configuration of faster OSPF convergence via the
min_ls_interval and min_ls_arrival timer lengths.
This patch was originated by Michael, and cross-ported
to Cumulus's Quagga.
Signed-off-by: Michael Rossberg <michael.rossberg@tu-ilmenau.de>
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
9.5 Sending Hello packets
Hello packets are sent out each functioning router interface.
They are used to discover and maintain neighbor
relationships.[6] On broadcast and NBMA networks, Hello Packets
are also used to elect the Designated Router and Backup
Designated Router.
The format of an Hello packet is detailed in Section A.3.2. The
Hello Packet contains the router's Router Priority (used in
choosing the Designated Router), and the interval between Hello
Packets sent out the interface (HelloInterval). The Hello
Packet also indicates how often a neighbor must be heard from to
remain active (RouterDeadInterval). Both HelloInterval and
RouterDeadInterval must be the same for all routers attached to
a common network. The Hello packet also contains the IP address
mask of the attached network (Network Mask). On unnumbered
point-to-point networks and on virtual links this field should
be set to 0.0.0.0.
Signed-off-by: Vipin Kumar <vipin@cumulusnetworks.com>
Reviewed-by: Vivek Venkatraman <vivek@cumulusnetworks.com>
Reviewed-by: Dinesh G Dutt <ddutt@cumulusnetworks.com>
LSAcks (for directed acks) are being sent to neighbor's unicast address.
RFC 2328 says:
"The IP destination address for the packet is selected as
follows. On physical point-to-point networks, the IP
destination is always set to the address AllSPFRouters"
Fix is to unconditionally set the destination address for LSAcks over
point-to-point links as AllSPFRouters. Quagga OSPF already has similar
change for OSPF DBD, LSUpdate and LSrequest packets.
Signed-off-by: Vipin Kumar <vipin@cumulusnetworks.com>
Reviewed-by: Daniel Walton <dwalton@cumulusnetworks.com>
Reviewed-by: Dinesh G Dutt <ddutt@cumulusnetworks.com>
——————————————-------------
- etc/init.d/quagga is modified to support creating separate ospf daemon
process for each instance. Each individual instance is monitored by
watchquagga just like any protocol daemons.(requires initd-mi.patch).
- Vtysh is modified to able to connect to multiple daemons of the same
protocol (supported for OSPF only for now).
- ospfd is modified to remember the Instance-ID that its invoked with. For
the entire life of the process it caters to any command request that
matches that instance-ID (unless its a non instance specific command).
Routes/messages to zebra are tagged with instance-ID.
- zebra route/redistribute mechanisms are modified to work with
[protocol type + instance-id]
- bgpd now has ability to have multiple instance specific redistribution
for a protocol (OSPF only supported/tested for now).
- zlog ability to display instance-id besides the protocol/daemon name.
- Changes in other daemons are to because of the needed integration with
some of the modified APIs/routines. (Didn’t prefer replicating too many
separate instance specific APIs.)
- config/show/debug commands are modified to take instance-id argument
as appropriate.
Guidelines to start using multi-instance ospf
---------------------------------------------
The patch is backward compatible, i.e for any previous way of single ospf
deamon(router ospf <cr>) will continue to work as is, including all the
show commands etc.
To enable multiple instances, do the following:
1. service quagga stop
2. Modify /etc/quagga/daemons to add instance-ids of each desired
instance in the following format:
ospfd=“yes"
ospfd_instances="1,2,3"
assuming you want to enable 3 instances with those instance ids.
3. Create corresponding ospfd config files as ospfd-1.conf, ospfd-2.conf
and ospfd-3.conf.
4. service quagga start/restart
5. Verify that the deamons are started as expected. You should see
ospfd started with -n <instance-id> option.
ps –ef | grep quagga
With that /var/run/quagga/ should have ospfd-<instance-id>.pid and
ospfd-<instance-id>/vty to each instance.
6. vtysh to work with instances as you would with any other deamons.
7. Overall most quagga semantics are the same working with the instance
deamon, like it is for any other daemon.
NOTE:
To safeguard against errors leading to too many processes getting invoked,
a hard limit on number of instance-ids is in place, currently its 5.
Allowed instance-id range is <1-65535>
Once daemons are up, show running from vtysh should show the instance-id
of each daemon as 'router ospf <instance-id>’ (without needing explicit
configuration)
Instance-id can not be changed via vtysh, other router ospf configuration
is allowed as before.
Signed-off-by: Vipin Kumar <vipin@cumulusnetworks.com>
Reviewed-by: Daniel Walton <dwalton@cumulusnetworks.com>
Reviewed-by: Dinesh G Dutt <ddutt@cumulusnetworks.com>
is able to send out K (=3 by default) packets per thread-write.
Signed-off-by: Ayan Banerjee <ayan@cumulusnetworks.com>
Reviewed-by: JR Rivers <jrrivers@cumulusnetworks.com>
Quagga sources have inherited a slew of Page Feed (^L, \xC) characters
from ancient history. Among other things, these break patchwork's
XML-RPC API because \xC is not a valid character in XML documents.
Nuke them from high orbit.
Patches can be adapted simply by:
sed -e 's%^L%%' -i filename.patch
(you can type page feeds in some environments with Ctrl-V Ctrl-L)
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
ISSUE:
RTA(DR)-----(BackupDR)RTB
RTA advertises a new LSA to RTB, and then flushes the LSA (with setting
the age of the LSA to MaxAge) within 1 second. Then the LSA is deleted
from RTA, while it still exists on RTB with non-MaxAge and can not be
flushed any more.
FIX:
The reason can be explained in below:
a) RTA -- new LSA, #seq=1 --> RTB (RTB will send the delayed Ack in 1s)
b) RTA -- MaxAge LSA, #seq=1 --> RTB (RTB discards it for the MIN_LS_ARRIVAL)
c) RTA <-- Ack for the new LSA, #seq=1 -- RTB (RTA accepts it)
In the step c), ospf_ls_ack() compares the #seq of the entry in the LS-Ack
with that of local MaxAge LSA. The #seq of the two entries are same. So
the Ack is accepted and the LSA is removed from the retransmit-list (while
it should not).
In RFC2328, section 13.7. Receiving link state acknowledgments:
o If the acknowledgment is for the same instance that is <==
contained on the list, remove the item from the list and
examine the next acknowledgment. Otherwise:
where "same instance" does not mean the same #seq. We must call
ospf_lsa_more_recent() to check whether the two instances are same.
Signed-off-by: Feng Lu <lu.feng@6wind.com>
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
VU#229804 reports that, by injecting Router LSAs with the Advertising
Router ID different from the Link State ID, OSPF implementations can be
tricked into retaining and using invalid information.
Quagga is not vulnerable to this because it looks up Router LSAs by
(Router-ID, LS-ID) pair. The relevant code is in ospf_lsa.c l.3140.
Note the double "id" parameter at the end.
Still, we can provide an improvement here by discarding such malformed
LSAs and providing a warning to the administrator. While we cannot
prevent such malformed LSAs from entering the OSPF domain, we can
certainly try to limit their distribution.
cf. http://www.kb.cert.org/vuls/id/229804 for the vulnerability report.
This issue is a specification issue in the OSPF protocol that was
discovered by Dr. Gabi Nakibly.
Reported-by: CERT Coordination Center <cert@cert.org>
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
An ospf router should accept a new maxage LSA into its lsdb if it has any
neighbors in state Exchange or Loading. ospfd would however only account
for neighbors on the same interface which does not seem to be a valid
optimization.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
Signed-off-by: Joachim Nilsson <troglobit@gmail.com>
Signed-off-by: David Lamparter <equinox@diac24.net>
If configured without opaque LSA support, the old code would incorrectly
associate type 5 LSAs with an area.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
A set of patches to clarify some comments as well as cleanup code that was
causing warnings. After these patches, the code can be compiled with
-Wall -Wsign-compare -Wpointer-arith -Wbad-function-cast -Wwrite-strings
-Wmissing-prototypes -Wmissing-declarations -Wchar-subscripts -Wcast-qual
-Wextra -Wno-unused-parameter -Wno-missing-field-initializers
(what is current in trunk plus -Wextra -Wno-unused-parameter
-Wno-missing-field-initializers).
Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
Reduce the log level for the MaxAge LSA reception when such an LSA does
not exist in the database.
Signed-off-by: Ayan Banerjee <ayan@cumulusnetworks.com>
Reviewed-by: Scott Feldman <sfeldma@cumulusnetworks.com>
Reviewed-by: Nolan Leake <nolan@cumulusnetworks.com>
Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
OVERVIEW
The checksum used in OSPF (rfc2328) is specified in rc905 annex B. There is an
sample implementation in rfc1008 which forms the basis of the quagga
implementation. This algorithm works perfectly when generating a checksum;
however, validation is a bit problematic.
The following LSA (generated by a non-quagga implementation) is received by
quagga and marked with an invalid checksum; however, it passes both the rfc905
and rfc1008 validation checks.
static uint8_t lsa_10_121_233_29[] = {
0x0e, 0x10, 0x02, 0x03,
0x09, 0x00, 0x35, 0x40,
0x0a, 0x79, 0xe9, 0x1d,
0x80, 0x00, 0x00, 0x03,
0x00, 0x8a, 0x00, 0x1c,
0xff, 0xff, 0xff, 0xe0,
0x00, 0x00, 0x36, 0xb0
};
LS Type: Summary-LSA (IP network)
LS Age: 3600 seconds
Do Not Age: False
Options: 0x02 (E)
Link-State Advertisement Type: Summary-LSA (IP network) (3)
Link State ID: 9.0.53.64
Advertising Router: 10.121.233.29 (10.121.233.29)
LS Sequence Number: 0x80000003
LS Checksum: 0x008a
Length: 28
Netmask: 255.255.255.224
Metric: 14000
You'll note that one byte of the checksum is 0x00; quagga would calculate the
checksum as 0xff8a.
It can be argued that the sourcing implementation generates an incorrect
checksum; however, rfc905 indicates that, for 1's complement arithmetic, the
value 255 shall be regarded as 0, thus either values are valid.
EXPLANATION
The quagga ospfd and ospf6d implementations operate by copying the PDU's
existing checksum in a holding variable, calculating the checksum, and comparing
the resulting checksum to the original. As a note, this implementation has the
side effect of modifying the contents of the PDU.
Evaluation of both rfc905 and rfc1008 shows that checksum validation should
involve calculating the sum over the PDU and checking that both resulting C0 and
C1 values are zero. This behavior is enacted in the rfc1008 implementation by
calling encodecc with k = 0 (checksum offset); however, this functionality had
been omitted from the quagga implementation.
PATCH
This patch adds the ability to call the quagga's fletcher_checksum() with a
checksum offset value of 0xffff (aka FLETCHER_CHECKSUM_VALIDATE) which returns
the sum over the buffer (a value of 0 indicates a valid checksum). This is
similar to the mechanism in rfc1008 when called with k = 0. The patch also
introduces ospf_lsa_checksum_valid().
ospf6d had it's own implementation of the fletcher checksum in
ospf6_lsa_checksum(); it's the same algorithm as in fletcher_checksum(). This
patch removes the local implementation in favor of the library's as well as creates
and uses ospf6_lsa_checksum_valid().
quagga's ISIS implementation suffers from the same problem; however, I do not
have the facilities to validate a fix to ISIS, thus this change has been left to
the ISIS maintainers. The function iso_csum_verify() should be reduced to
running the fletcher checksum over the buffer using an offset of 0.
Signed-off-by: JR Rivers <jrrivers@cumulusnetworks.com>
Reviewed-by: Scott Feldman <sfeldma@cumulusnetworks.com>
Reviewed-by: Nolan Leake <nolan@cumulusnetworks.com>
Reviewed-by: Ayan Banerjee <ayan@cumulusnetworks.com>
Reviewed-by: Shrijeet Mukherjee <shm@cumulusnetworks.com>
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
The old ospf_check_auth() function did two different jobs depending on
AuType. For Null and Simple cases it actually authenticated the packet,
but for Cryptographic case it only checked declared packet size (not
taking the actual number of bytes on wire into account). The calling
function, ospf_verify_header(), had its own set of MD5/checksum checks
dispatched depending on AuType.
This commit makes the packet size check work against the real number of
bytes and moves it to ospf_packet_examine(). All MD5/checksum
verification is now performed in ospf_check_auth() function.
* ospf_packet.c
* ospf_packet_examin(): check length with MD5 bytes in mind
* ospf_verify_header(): remove all AuType-specific code
* ospf_check_auth(): completely rewrite
An OSPFv2 packet with trailing data blocks (authentication and/or
link-local signaling) failed the recently implemented packet length
check, because trailing data length isn't counted in the packet header
"length" field. This commit fixes respective check conditions.
* ospf_packet.c
* ospf_packet_examin(): use "bytesdeclared" instead of "bytesonwire"
This commit ports more packet checks to OSPFv2, in particular, LSA size
verification and Router-LSA link blocks verification.
* ospf_lsa.h: add LSA size macros
* ospf_packet.h: add struct ospf_ls_update
* ospf_packet.c
* ospf_lsa_minlen[]: a direct equivalent of ospf6_lsa_minlen[]
* ospf_router_lsa_links_examin(): new function, verifies trailing
part of a Router-LSA
* ospf_lsa_examin(): new function like ospf6_lsa_examin()
* ospf_lsaseq_examin(): new function like ospf6_lsaseq_examin()
* ospf_packet_examin(): add type-specific deeper level checks
1. The only purpose of "ibuf" argument was to get stream size, which
was always equal to OSPF_MAX_PACKET_SIZE + 1, exactly as initialized
in ospf_new().
2. Fix the packet size check condition, which was incorrect for very
large packets, at least in theory.
This commit ports some of the OSPFv3 packet reception checks
to OSPFv2.
* ospf_packet.c
* ospf_packet_minlen[]: a direct equivalent of ospf6_packet_minlen[]
* ospf_packet_examin(): new function designed after the first part
of ospf6_packet_examin()
* ospf_read(): verify received packet with ospf_packet_examin()
* ospf_packet.h: add convenience macros
* (general) Move functions in headers into files, to be compiled into
shared object files. Remove inline qualifier from functions. Let the
compiler do the work.
* ospf_packet.c (ospf_recv_packet): FreeBSD, starting from version 10, will not
subtract the IP header size from ip_len.
This is the patch from FreeBSD's ports/net/quagga/files/patch-ospfd__ospf_packet.c,
by Boris Kovalenko.
This vulnerability (CERT-FI #514838) was reported by CROSS project.
The error is reproducible only when ospfd debugging is enabled:
* debug ospf packet all
* debug ospf zebra
When incoming packet header type field is set to 0x0a, ospfd will crash.
* ospf_packet.c
* ospf_verify_header(): add type field check
* ospf_read(): perform input checks early
This vulnerability (CERT-FI #514838) was reported by CROSS project.
When only 14 first bytes of a Hello packet is delivered, ospfd crashes.
* ospf_packet.c
* ospf_read(): add size check
* It's possible for the packet output buffer to be filled up with a long
series of non-Hello packets in between Hellos packets, such that the
router's neighbours don't receive the Hello packet in time, even though
the hello-timer ran at about the right time. Fix this by prioritising
Hello packets, letting them skip the queue and go ahead of any packets
already on the queue.
This problem can occur when there are lots of LSAs and slow links.
* ospf_packet.h: (ospf_hello_send_sub) not used outside of ospf_packet.c
* ospf_packet.c: (ospf_fifo_push_head) add packet to head of fifo (so its
no longer really a fifo, but hey)
(ospf_packet_add_top) add packet to top of the packet output queue.
(ospf_hello_send_sub) Put Hello's at the top of the packet output queue.
make it take in_addr_t parameter, so that this
ospf_hello_send can re-use this code too.
(ospf_hello_send) consolidate code by using ospf_hello_send_sub
(ospf_poll_send,ospf_hello_reply_timer) adjust for ospf_hello_send_sub.
* The hello protocol monitors connectivity in 2 different ways:
a) local -> remote
b) remote -> local
Connectivity is required in both directions (2-way) for adjacencies to
form.
The first requires a round-trip to detect, and is done by advertising
which other hosts a router knows about in its hello messages. This allows
a host to detect which other routers are and are not receiving its
message. If a remote neighbour delists the local router, then the local
router raises a "1-Way Received" event.
The latter is straight-forward, and is detected by setting a timer for the
neighbour. If another Hello packet is not received within this time then
the neighbour is dead, and a separate "Inactive" event is raised.
These are 2 different and relatively independent measures.
Knowing that we can optimise the 2nd, remote->local measure and reset
the timer when /any/ packet arrives from that neighbour. For any packet
is as good as a Hello packet. This can help in marginal situations, where
the number of protocol messages that must be sent sometimes can exceed
the capacity of the network to transmit the messages within the configured
dead-time. I.e. an OSPF network with lots of LSAs, slow links and/or
slow hosts (e.g. O(10k) LSAs, O(100kbit) links, embedded CPUs, and O(10s)
dead-times).
This optimisation allows an OSPF network to run closer to this margin,
and/or allows networks to perhaps better cope with rare periods of
exceptional load, where otherwise they would not.
It's fully compatible with plain OSPF implementations and doesn't
prejudice dead-neighbour detection.
* ospf_nsm.h: Rename HelloReceived event to PacketReceived.
* ospf_nsm.c: (nsm_hello_received) -> nsm_packet_received
* ospf_packet.c: Schedule PacketReceived whenever a valid message is
received.
* ospf_packet.c: (ospf_ls_upd) the corresponding test on the arrival side
in (ospf_flood) is <, so this should be >=, not >, purely for consistency.
There is no practical effect here though.
* ospf_packet.c: make this message conditional on 'debug ospf event', as it
be easily triggered with, e.g., multiple subnets sharing same physical
network. E.g, see bug #532.
This function will return the interface for the first matching
remote address for PtP i/f's. That won't work for multiple
unnumbered i/f's as these may all have the same address.
Pass in the struct interface pointer, ifp, to find the
correct set of oi's to search in. This also reduces the
size of the search list, making it faster.
* ospfd/ospf_interface.c: Add struct interface * param to
ospf_if_lookup_recv_if() to select the right list to search in.
* ospfd/ospf_interface.h: ditto.
* ospfd/ospf_packet.c: Pass new ifp argument to ospf_if_lookup_recv_if()
Update ospf_db_desc_send(), ospf_ls_upd_queue_send() and ospf_ls_req_send()
to always use OSPF_ALLSPFROUTERS for PtP links.
See RFC 2328, chap 8.1 for details:
"The IP destination address for the packet is selected as
follows. On physical point-to-point networks, the IP
destination is always set to the address AllSPFRouters."
Without this, it won't be possible to establish adjacencies on
multiple unnumbered links to the same router.
ChangeLog:
2008-07-25 Joakim Tjernlund <Joakim.Tjernlund@transmode.se>
* ospfd/ospf_packet.c: Set destination for PtP links to
OSPF_ALLSPFROUTERS.
2007-05-09 Paul Jakma <paul.jakma@sun.com>
* configure.ac: sys/conf.h depends on sys/param.h, at least on
FBSD 6.2.
(bug #363) Should check for in_pktinfo for IRDP
2006-05-27 Paul Jakma <paul.jakma@sun.com>
* configure.ac: General cleanup of header and type checks, introducing
an internal define, QUAGGA_INCLUDES, to build up a list of
stuff to include so as to avoid 'present but cant be compiled'
warnings.
Misc additional checks of things missing according to autoscan.
Add LIBM, for bgpd's use of libm, so as to avoid burdening
LIBS, and all the binaries, with libm linkage.
Remove the bad practice of using m4 changequote(), just
quote the []'s in the case statements properly.
This should fix bugs 162, 303 and 178.
* */*.{c,h}: Update all HAVE_* to the standard autoconf namespaced
HAVE_* defines. I.e. HAVE_SA_LEN -> HAVE_STRUCT_SOCKADDR_SA_LEN,
* bgpd/Makefile.am: Add LIBM to bgpd's LDADD, for pow().
2006-10-22 Yar Tikhiy <yar@comp.chem.msu.su>
* (general) Add support for passive-interface default (with
minor edits by Paul Jakma).
* ospf_interface.h: Add OSPF_IF_PASSIVE_STATUS macro, looking
at configured value, or the global 'default' value, as
required.
* ospf_interface.c: (ospf_if_new_hook) Leave passive
unconfigured per default, allowing global 'default' to
take effect for unconfigured interfaces.
* ospf_packet.c: (various) use OSPF_IF_PASSIVE_STATUS
* ospf_vty.c: (ospf_passive_interface_default) new function,
unset passive from all interfaces if default is enabled, as
the per-iface settings become redundant.
(ospf_passive_interface_update) new func, update passive
setting taking global default into account.
({no,}ospf_passive_interface_addr_cmd) Add support for
'default' variant of command.
(show_ip_ospf_interface_sub) Update to take global
default into account when printing passive status.
(ospf_config_write) ditto.
* ospfd.c: (ospf_new) set global passive-interface default.
* ospfd.h: (struct ospf) Add field for global
passive-interface.
2006-09-25 Andrew J. Schorr <ajschorr@alumni.princeton.edu>
* ospf_packet.c: (ospf_packet_dup, ospf_make_md5_digest)
Fix zlog_warn messages to eliminate compiler warnings.
(ospf_hello) Improve warning messages to show why we
are complaining.
2006-08-28 Andy Gay <andy@andynet.net>
* ospf_packet.c: (ospf_make_db_desc) Assert added with More-bit
fixes does not hold up with addition of Ogier DB-Exchange
optimisation, which can empty the db-summary list in between
sent DD packets. Remove assert, update More-bit always when
in Exchange.
2006-08-25 Paul Jakma <paul.jakma@sun.com>
* (general) Bug #134. Be more robust to backward time changes,
use the newly added libzebra time functions.
In most cases: recent_time -> recent_relative_time()
gettimeofday -> quagga_gettime (QUAGGA_CLK_MONOTONIC, ..)
time -> quagga_time.
(ospf_make_md5_digest) time() call deliberately not changed.
(ospf_external_lsa_refresh) remove useless gettimeofday, LSA
tv_orig time was already set in ospf_lsa_new, called via
ospf_external_lsa_new.
2006-08-03 Paul Jakma <paul.jakma@sun.com>
* ospf_packet.c: (ospf_make_db_desc) Unset the DD More bit
after constructing the packet, if appropriate.
(ospf_db_desc_proc) Speed up Exchange, slave should raise
ExchangeDone earlier, as RFC mandates, by forming its reply
before deciding whether both sides are done, avoids a
needless round of empty DD packet exchanges at the end of
Exchange, hence speeding up ExchangeDone.
(ospf_db_desc) use UNSET_FLAG macro.
2006-07-26 Paul Jakma <paul.jakma@sun.com>
* ospf_lsa.{c,h}: (ospf_lsa_unlock) Change to take a double pointer
to the LSA to be 'unlocked', so that, if the LSA is freed, the
callers pointer to the LSA can be NULLed out, allowing any further
use of that pointer to provoke a crash sooner rather than later.
* ospf_*.c: (general) Adjust callers of ospf_lsa_unlock to match
previous. Try annotate 'locking' somewhat to show which 'locks'
are protecting what LSA reference, if not obvious.
* ospf_opaque.c: (ospf_opaque_lsa_install) Trivial: remove useless
goto, replace with return.
* ospf_packet.c: (ospf_make_ls_ack) Trivial: merge two list loops,
the dual-loop predated the delete-safe list-loop macro.
2006-07-10 Andrew J. Schorr <ajschorr@alumni.princeton.edu>
* ospf_packet.c: (ospf_hello) Improve NetworkMask mismatch warning
message to include interface name and conflicting prefix lengths.
2006-06-15 Paul Jakma <paul.jakma@sun.com>
* Reported by Milan Koci
* ospf_interface.h: (struct ospf_if_info) Add reference counts
for multicast group memberships. Add various macros to help
manipulate/check membership state.
* ospf_interface.c: (ospf_if_set_multicast) Maintain the
ospf_if_info reference counts, and only actually drop
memberships if it hits 0, to avoid losing membership when
OSPF is disabled on an interface with multiple active OSPF
interfaces.
* ospf_packet.c: (ospf_{hello,read}) Use the new macros to
check/set
multicast membership.
* ospf_vty.c: (show_ip_ospf_interface_sub) ditto.
2006-05-30 Paul Jakma <paul.jakma@sun.com>
* ospf_packet.c: (ospf_read) Debug message about packets
received on unenabled interfaces should be conditional on
debug being set.
2006-01-17 Paul Jakma <paul.jakma@sun.com>
* ospf_packet.c: (ospf_verify_header) print out the types
involved if there's a mismatch.
* ospf_zebra.c: (ospf_zebra_add) Adjust to new zserv format.
2006-01-10 Juris Kalnins <juris@mt.lv>
* ospf_packet.c: (ospf_make_md5_digest) fix odd, if not
undefined effect, assignment of an increment expression.
* (general) SPF millisecond resolution timer with adaptive,
linear back-off holdtime. Prettification of ospf_timer_dump.
* ospf_dump.c: (ospf_timeval_dump) new function. The guts of
ospf_timer_dump, but made to be more dynamic in printing out
the relative timeval, sliding the precision printed out
according to the value.
(ospf_timer_dump) guts moved to ospf_timeval_dump.
* ospf_dump.h: export ospf_timeval_dump.
* ospf_flood.c: (ospf_flood) remove gettimeofday, use
the libzebra exported recent_time instead, as it's not
terribly critical to have time exactly right - the dropped
LSA will be retransmited to us if we don't ACK it.
* ospf_packet.c: (ospf_ls_upd_timer) Ditto, but here we're
not transmitting, just putting LSA back on update transmit list.
* ospfd.h: delay and holdtimes should be unsigned.
Add spf_max_holdtime and spf_hold_multiplier.
Update default defines for delay and hold time to be in msec.
(struct ospf) change the SPF timestamp to a struct timeval.
Remove ospf_timers_spf_(un)?set.
* ospfd.c: (ospf_timers_spf_{set,unset}) removed.
(ospf_new) initialise spf_max_holdtime and spf_hold_multiplier
* ospf_spf.c: (ospf_spf_calculate) SPF timestamp is a timeval
now, update with gettimeofday.
(ospf_spf_calculate_schedule) Change SPF timers to millisecond
resolution.
Make the holdtime be adaptive, with a linear increase in
holdtime ever consecutive SPF run which occurs within holdtime
of previous SPF, bounded by spf_max_holdtime.
* ospf_vty.c: Update spf timers commands.
(ospf_timers_spf_set) trivial helper.
(ospf_timers_throttle_spf_cmd) new command to set SPF delay,
initial hold and max hold times with millisecond resolution.
(ospf_timers_spf_cmd) Deprecated. Accept the old values,
convert to msec, truncate to new limits.
(no_ospf_timers_throttle_spf_cmd) set timers to defaults.
(no_ospf_timers_spf_cmd) deprecated form, same as previous.
(show_ip_ospf_cmd) Display SPF parameters and times.
(show_ip_ospf_neighbour_header) Centralise the 'sh ip os ne'
header.
(show_ip_ospf_neighbor_sub) Fix the field widths. Get rid of
the multiple spaces which were making the lines even longer.
(show_ip_ospf_neighbor_cmd) Use show_ip_ospf_neighbour_header
(show_ip_ospf_neighbor_all_cmd) ditto and fix the field
widths for NBMA neighbours.
(show_ip_ospf_neighbor_int) Use header function.
(show_ip_ospf_nbr_nbma_detail_sub) use sizeof for timebuf,
local array - safer.
(show_ip_ospf_neighbor_detail_sub) ditto
(ospf_vty_init) install the new SPF throttle timer commands.
* (general) OSPF fast, sub-second hello and 1s dead-interval
support. A warning fix. Millisec support for ospf_timer_dump.
Change auto-cost ref-bandwidth to add a comment to write out
of config, rather than printing annoying messages to vty on
startup.
* ospf_dump.c: (ospf_timer_dump) Print out milliseconds too.
Callers typically specify a length of 9, so most see
millisecs unless they specify the additional length.
* ospf_interface.h: (struct ospf_interface) new interface param,
fast_hello.
* ospf_interface.c: (ospf_if_table_lookup) add brackets,
gcc warning fix.
(ospf_new_if_params) Initialise fast_hello param.
(ospf_free_if_params) Check whether fast_hello is configured.
(ospf_if_new_hook) set fast_hello to default.
* ospf_ism.h: Wrap OSPF_ISM_TIMER_ON inside do {} while (0) to
prevent funny side-effects from its if statement when this
macro is used conditionally by other macros.
(OSPF_ISM_TIMER_MSEC_ON) new macro, set in milliseconds.
(OSPF_HELLO_TIMER_ON) new macro to set hello timer according
to whether fast_hello is set.
* ospf_ism.c: Update all setting of the hello timer to use
either OSPF_ISM_TIMER_MSEC_ON or OSPF_HELLO_TIMER_ON. The
former is used when hello is to be sent immediately.
* ospf_nsm.c: ditto
* ospf_packet.c: (ospf_hello) hello-interval is not checked
for mismatch if fast_hello is set.
(ospf_read) Annoying nit, fix "no ospf_interface" to be debug
rather than a warning, as it can be perfectly normal to
receive packets when logical subnets are used.
(ospf_make_hello) Set hello-interval to 0 if fast-hellos are
configured.
* ospf_vty.c: (ospf_auto_cost_reference_bandwidth) annoying
nit, don't vty_out if this command is given, it gets tired
quick.
(show_ip_ospf_interface_sub) Print the hello-interval
according to whether fast-hello is set or not.
Print the extra 5 millisec characters from (ospf_timer_dump)
if fast-hello is configured.
(ospf_vty_dead_interval_set) new function, common to all
forms of dead-interval command, to set dead-interval and
fast-hello correctly. If a dead-interval is given, unset
fast-hello, else if a hello-multiplier is set, set
dead-interval to 1 and fast-hello to given multiplier.
(ip_ospf_dead_interval_addr_cmd) use
ospf_vty_dead_interval_set().
(ip_ospf_dead_interval_minimal_addr_cmd) ditto.
(no_ip_ospf_dead_interval) Unset fast-hello.
(no_ip_ospf_hello_interval) Bug-fix, unset of hello-interval
should set it to OSPF_HELLO_INTERVAL_DEFAULT, not
OSPF_ROUTER_DEAD_INTERVAL_DEFAULT.
(config_write_interface) Write out fast-hello.
(ospf_config_write) Write a comment about
"auto-cost reference-bandwidth" having to be equal on all
routers. Hopefully just as noticeable as old practice of
writing to vty, but less annoying.
(ospf_vty_if_init) install the two new dead-interval
commands.
* ospfd.h: Add defines for OSPF_ROUTER_DEAD_INTERVAL_MINIMAL
and OSPF_FAST_HELLO_DEFAULT.
* ospf_api.c: sign warnings.
* ospf_apiserver.c: sign warning and convert all the struct
in_addr initialisations so as not to make assumptions about
how this struct is organised, initialise the s_addr member
explicitely.
* ospf_packet.c: Add const qualifier to auth_key.
* ospfd/ospf_vty.c: forece default route LSA to be re_issued whenever
cost is changed ( [no] ip ospf area XXX default-cost YYY)
Support ignore-mtu option
* ospfd/ospfd.h: define OSPF_MTU_IGNORE_DEFAULT
* ospfd/ospf_packet.c: support ignore-mtu option
* ospfd/ospf_interface.h: field added for skipping MTU check
* ospfd/ospf_interface.c: fix memory leak in ospf_crypt_key_delete()
Set mtu_ignore field to default value
* ospfd/ospf_abr.[ch]: export ospf_abr_announce_network_to_area()
* ospfd/ospf_ism.h: add MACRO to convert internal ISM status into SNMP
correct values
* ospfd/ospf_snmp.c: add sanity check on LSA type in lsdb_lookup_next()
convert OSPFIFSTATE internal status into SNMP values
* lib/md5-gnu.h: removed
* lib/md5.h: replaces md5-gnu.h
* lib/Makefile.am: use correct md5.h
* lib/md5.c: import from WIDE
* ospfd/ospf_packet.c: use new md5 API
* ripd/ripd.c: use new md5 API
* (general) Fix memory leaks in opaque AS-scope LSAs, reported and
with much debugging done by by scott collins <scollins@agile.tv>.
(possible backport candidate?)
* ospf_lsa.c: (ospf_discard_from_db) dont call
ospf_ase_unregister_external_lsa for opaque-lsa's, opaques are
never registered with ase in the first place.
* ospf_packet.c: (general) Disabuse opaque related code of its
tendency to try gather up things into temporary lists.
(ospf_ls_upd) remove the temporary lists opaque uses, call
opaque functions inline, just like all other types.
(ospf_ls_ack) ditto.
(ospf_recv_packet) fixup sign warning.
* ospf_opaque.c: (general) fix the unneeded use of lists, and
untwist some of the logic.
(ospf_opaque_self_originated_lsa_received) take a single LSA
as argument, not a list of them. Remove the list loop. Logic
otherwise unchanged.
(ospf_opaque_ls_ack_received) Mostly ditto. But untwist the logic,
move the actions up into the switch block, remove the goto's and
sanitise the logic near the end a bit.
* ospf_opaque.h: Adjust definitions of aforementioned functions
in ospf_opaque.c to match.
* (general) extern and static qualifiers added.
unspecified arguments in definitions fixed, typically they should
be 'void'.
function casts added for callbacks.
Guards added to headers which lacked them.
Proper headers included rather than relying on incomplete
definitions.
gcc noreturn function attribute where appropriate.
* ospf_opaque.c: remove the private definition of ospf_lsa's
ospf_lsa_refresh_delay.
* ospf_lsa.h: export ospf_lsa_refresh_delay
* ospf_packet.c: (ospf_make_md5_digest) make *auth_key const,
correct thing to do - removes need for the casts later.
* ospf_vty.c: Use vty.h's VTY_GET_INTEGER rather than ospf_vty's
home-brewed versions, shuts up several warnings.
* ospf_vty.h: remove VTY_GET_UINT32. VTY_GET_IPV4_ADDRESS and
VTY_GET_IPV4_PREFIX moved to lib/vty.h.
* ospf_zebra.c: (ospf_distribute_list_update_timer) hacky
overloading of the THREAD_ARG pointer should at least use
uintptr_t.
* (global): Fix up list loops to match changes in lib/linklist,
and some basic auditing of usage.
* configure.ac: define QUAGGA_NO_DEPRECATED_INTERFACES
* HACKING: Add notes about deprecating interfaces and commands.
* lib/linklist.h: Add usage comments.
Rename getdata macro to listgetdata.
Rename nextnode to listnextnode and fix its odd behaviour to be
less dangerous.
Make listgetdata macro assert node is not null, NULL list entries
should be bug condition.
ALL_LIST_ELEMENTS, new macro, forward-referencing macro for use
with for loop, Suggested by Jim Carlson of Sun.
Add ALL_LIST_ELEMENTS_RO for cases which obviously do not need the
"safety" of previous macro.
LISTNODE_ADD and DELETE macros renamed to ATTACH, DETACH, to
distinguish from the similarly named functions, and reflect their
effect better.
Add a QUAGGA_NO_DEPRECATED_INTERFACES define guarded section
with the old defines which were modified above,
for backwards compatibility - guarded to prevent Quagga using it..
* lib/linklist.c: fix up for linklist.h changes.
* ospf6d/ospf6_abr.c: (ospf6_abr_examin_brouter) change to a single
scan of the area list, rather than scanning all areas first for
INTER_ROUTER and then again for INTER_NETWORK. According to
16.2, the scan should be area specific anyway, and further
ospf6d does not seem to implement 16.3 anyway.
* ospf_packet.c: (ospf_write_frags) Enhance error message to
show MTU. Also make function static.
(ospf_write) Enhance error message to show interface name and MTU.
Also make function static.
* ospfd.h: Add new field struct stream *ibuf to struct ospf.
* ospfd.c: (ospf_new) Check return code from ospf_sock_init.
Allocate ibuf using stream_new(OSPF_MAX_PACKET_SIZE+1).
(ospf_finish) Call stream_free(ospf->ibuf.
* ospf_packet.c: (ospf_read) Call stream_reset(ospf->ibuf) and then
pass it to ospf_recv_packet for use in receiving the packet
(instead of allocating a new stream for each packet received).
Eliminate all calls to stream_free(ibuf).
(ospf_recv_packet) The struct stream *ibuf is now passed in as
an argument. No need to use recvfrom to peek at the packet
header (to see how big it is), just use ospf->ibuf which is
always large enough (this eliminates a system call to recvfrom).
Therefore, no need to allocate a stream just for this packet,
and no need to free it when done.
* ospf_packet.c: (ospf_recv_packet) If there is somehow a runt
packet in the queue, it must be discarded. Improve warning messages.
Fix scope to static.
(ospf_read) Fix bug: should reset the read thread in all cases
to make sure we continue to get incoming messages.
* ospf_packet.c: (ospf_recv_packet) use stream_recvmsg.
2005-02-11 Hasso Tepper <hasso at quagga.net>
* ospf_lsdb.c: Fix sum of checksums calculation.
2005-02-09 Andrew J. Schorr <ajschorr@alumni.princeton.edu>
* ospf_packet.c: (ospf_write) If sendmsg fails, give more info in the
error message.
2005-02-08 Andrew J. Schorr <ajschorr@alumni.princeton.edu>
* ospf_interface.h: Reduce structure padding by putting new u_char
field multicast_memberships in a better spot (grouped with
other u_char fields type and state).
2005-02-08 Andrew J. Schorr <ajschorr@alumni.princeton.edu>
* ospf_interface.h: Improve passive_interface comment. Add new
multicast_memberships bitmask to struct ospf_interface to track
active multicast subscriptions. Declare new function
ospf_if_set_multicast.
* ospf_interface.c: (ospf_if_set_multicast) New function to configure
multicast memberships properly based on the current
multicast_memberships status and the current values of the
ospf_interface state, type, and passive_interface status.
(ospf_if_up) Remove call to ospf_if_add_allspfrouters (this is
now handled by ism_change_state's call to ospf_if_set_multicast).
(ospf_if_down) Remove call to ospf_if_drop_allspfrouters (now
handled by ism_change_state).
* ospf_ism.c: (ospf_dr_election) Remove logic to join or leave
the DRouters multicast group (now handled by ism_change_state's call
to ospf_if_set_multicast).
(ism_change_state) Add call to ospf_if_set_multicast to change
multicast memberships as necessary to reflect the new interface state.
* ospf_packet.c: (ospf_hello) When a Hello packet is received on a
passive interface: 1. Increase the severity of the error message
from LOG_INFO to LOG_WARNING; 2. Add more information to the error
message (packet destination address and interface address);
and 3. If the packet was sent to ospf-all-routers, then try
to fix the multicast group memberships.
(ospf_read) When a packet is received on an interface whose state
is ISM_Down, enhance the warning message to show the packet
destination address, and try to update/fix the multicast group
memberships if the packet was sent to a multicast address.
When a packet is received for ospf-designated-routers, but the
current interface state is not DR or BDR, then increase the
severity level of the error message from LOG_INFO to LOG_WARNING,
and try to fix the multicast group memberships.
* ospf_vty.c: (ospf_passive_interface) Call ospf_if_set_multicast for
any ospf interface that may have changed from active to passive.
(no_ospf_passive_interface) Call ospf_if_set_multicast for
any ospf interface that may have changed from passive to active.
(show_ip_ospf_interface_sub) Show multicast group memberships.
2005-02-08 Paul Jakma <paul@dishone.st>
* ospf_packet.c: (various) Remove unneeded stream_set_putp abuse.
2005-02-02 Andrew J. Schorr <ajschorr@alumni.princeton.edu>
* ospf_packet.c: (ospf_read) Fix bug: must check for state ISM_Down,
not for event ISM_InterfaceDown. And improve the message by
adding the interface flags.
2005-01-30 Andrew J. Schorr <ajschorr@alumni.princeton.edu>
* ospf_network.c: (ospf_sock_init) Save errno before calling
ospfd_privs.change.
2005-01-29 Andrew J. Schorr <ajschorr@alumni.princeton.edu>
* ospf_packet.c: (ospf_packet_add) If oi->obuf is NULL, print
an error message and return.
(ospf_read) If the interface state is ISM_InterfaceDown, issue
a warning message and ignore the packet.
2005-01-10 Greg Troxel <gdt@fnord.ir.bbn.com>
* ospf_packet.h: Remove commented out definition of
OSPF_MAX_PACKET; neither it or the uncommented one are used any more.
* ospf_packet.c (ospf_make_ls_upd): Leave room for authentication
when deciding if an update will fit.
(ospf_packet_authspace): Factor out calculation of size required
for authentication.
(ospf_make_db_desc): Use ospf_max_packet, not OSPF_MAX_PACKET.
Don't confuse readers that there is a macro.
2004-12-30 Andrew J. Schorr <ajschorr@alumni.princeton.edu>
* ospf_network.c: Improve all setsockopt error messages to give detailed
information on the arguments.
2004-12-29 Andrew J. Schorr <ajschorr@alumni.princeton.edu>
* ospf_packet.c: (ospf_db_desc) Reduce severity of "Negotiation done"
messages from LOG_WARNING to LOG_INFO, since this seems to be
normal.
2004-12-29 Andrew J. Schorr <ajschorr@alumni.princeton.edu>
* ospf_packet.c: (ospf_read) Always look up the interface if
ospf_recv_packet returns NULL ifp, since some platforms such
as Solaris 8 appear to support ifindex retrieval but don't.
2004-12-22 Hasso Tepper <hasso at quagga.net>
* ospf_dump.c: Show debug configuration in vtysh.
* ospf_vty.c: Fix "show ip ospf" output. Router can't be elected in
any case if it's configured as "translate-never".
* ospf_lsdb.[ch]: New function to calculate sum of checksums.
* ospf_vty.c: Bugfix to show really number of AS external LSAs, not
number of all LSAs with AS scope, this includes opaque as LSAs as
well, show this number separately. Show numbers and sums of
checksums for each type of LSAs.
* ospf_lsa.c: Calculate checksum before putting LSA into database.
2004-12-15 Andrew J. Schorr <ajschorr@alumni.princeton.edu>
* ospf_interface.h: Declare new function ospf_default_iftype.
* ospf_interface.c: (ospf_default_iftype) New function to centralize
this logic in one place.
* ospf_zebra.c: (ospf_interface_add) Use new function
ospf_default_iftype.
* ospf_vty.c: (no_ip_ospf_network,config_write_interface) Fix logic
by using new function ospf_default_iftype.
2004-12-11 Andrew J. Schorr <ajschorr@alumni.princeton.edu>
* ospf_packet.c: (ospf_db_desc) Should be static, not global.
(ospf_hello,ospf_db_desc,ospf_ls_upd,ospf_ls_ack) Improve warning
messages to include identifying information (e.g. router id).
* ospf_nsm.c: (nsm_change_state) Improve info message to include
router id and state names.
2004-12-09 Greg Troxel <gdt@fnord.ir.bbn.com>
* ospf_apiserver.c (ospf_apiserver_term): Obtain struct
ospf_apiserver * from listnode. Remove unused variables. Follows
suggestion from Jay Fenlason.
2004-12-08 Andrew J. Schorr <ajschorr@alumni.princeton.edu>
* *.c: Change level of debug messages to LOG_DEBUG.
2004-12-07 Andrew J. Schorr <ajschorr@alumni.princeton.edu>
* ospf_main.c: (main) The 2nd argument to openzlog has been removed.
2004-12-03 Andrew J. Schorr <ajschorr@alumni.princeton.edu>
* ospf_packet.c: (ospf_db_desc) Reduce priority on a debug message
from LOG_NOTICE to LOG_DEBUG.
2004-12-03 Andrew J. Schorr <ajschorr@alumni.princeton.edu>
* ospf_main.c: (sigint) Use zlog_notice for termination message.
(main) Issue a startup announcement using zlog_notice.
2004-11-30 Andrew J. Schorr <ajschorr@alumni.princeton.edu>
* ospf_packet.c: (ospf_db_desc_proc) Fix spelling of packet in warning
message and in comment.
(ospf_db_desc) Warning message that a packet is being discarded
should give the router id of the packet source. Fix spelling
of packet in two warning messages.
(ospf_ls_req) Warning message that a link state request is being
discarded should give the router id of the neighbor that sent it.
2004-11-26 Andrew J. Schorr <ajschorr@alumni.princeton.edu>
* ospf_main.c: Remove #include "debug.h" (was not being used, and
lib/debug.h has now been deleted).
2004-11-25 Hasso Tepper <hasso at quagga.net>
* ospf_main.c: Make group to run as configurable.
2004-11-15 Greg Troxel <gdt@fnord.ir.bbn.com>
* ospf_packet.c (ospf_recv_packet): Assume CMSG_SPACE is present
and works (lib/zebra.h provides if OS doesn't).
2004-11-15 Paul Jakma <paul@dishone.st>
* ospf_{apiserver,te}.c: ospf_lsa_free's should be ospf_lsa_unlock.
2004-11-12 Paul Jakma <paul@dishone.st>
* ospf_ia.c: (process_summary_lsa) Only an ABR has any reason to
ignore stub area summary default. Even so it seems a strange
check, add a comment to that effect.
2004-11-04 Paul Jakma <paul@dishone.st>
* ospfd.c: (ospf_network_match_iface) revert to previous network
statement match behaviour.
2004-11-02 Paul Jakma <paul@dishone.st>
* ospf_packet.c: (ospf_write_frags) remove iov arg, msg already points
to it. Add convenience pointer to msg->msg_iov[1], and use this,
fixing the unfortunate borkenness introduced in moving of this code
to a function.
(ospf_write) remove iovp and fix up call to previous.
(ospf_ls_upd_packet_new) cast size to long int - unfortunately
glibc's size_t format modifier is not portable.
2004-10-31 Paul Jakma <paul@dishone.st>
* ospf_packet.c: (ospf_write_frags) Add debug output
(ospf_write) set type early, so we can pass it to
ospf_write_frags.
(ospf_ls_upd_packet_new) print size in debug output when too large
packet is encountered.
* ospf_zebra.c: (ospf_distribute_list_update_timer) Ugly misuse of
THREAD_ARG to store an integer, but it should at least use same
same type to retrieve the value. Assert value is sane.
2004-10-22 Paul Jakma <paul@dishone.st>
* ospf_network.c: (ospf_sock_init) call neutral setsock_ifindex()
function.
* ospf_packet.c: (ospf_read) manually look up ifindex
if system could not have returned one, eg openbsd, thanks to Rivo
Nurges for highlighting problem and fix.
Change setsockopt_pktinfo to setsockopt_ifindex.
2004-10-19 Andrew J. Schorr <aschorr@telemetry-investments.com>
* ospf_snmp.c: (ospf_snmp_if_update) Fix logic to handle PtP links
with dedicated subnets properly.
* ospf_lsa.c: (lsa_link_ptop_set) ditto.
* ospfd.c: (ospf_network_match_iface) ditto.
(ospf_network_run) ditto.
* ospf_interface.c: (ospf_if_is_configured) ditto.
(ospf_if_lookup_by_prefix) ditto.
(ospf_if_lookup_recv_if) ditto.
* ospf_vty.c: (show_ip_ospf_interface_sub) Display the peer or
broadcast address if present.
2004-10-13 Hasso Tepper <hasso at quagga.net>
* ospf_main.c: Unbreak compilation with ospfapi disabled.
* ospf_snmp.c: Remove defaults used to initialize smux connection to
snmpd. Connection is initialized only if smux peer is configured.
2004-10-12 Hasso Tepper <hasso at quagga.net>
* ospf_main.c, ospf_opaque.c: Unbreak ospfclient compilation - move
static variable from ospf_main.c into ospf_opaque.c.
2004-10-11 Hasso Tepper <hasso at quagga.net>
* ospf_main.c, ospf_opaque.c: Disable ospfapi init by default. New
command line switch to enable it.
2004-10-11 Paul Jakma <paul@dishone.st>
* ospf_dump.c: (ospf_ip_header_dump) Assume header is in host order
remove ntohs that should have dissappeared. Take struct ip
as argument, caller has to know there's an IP header at start of
stream anyway.
* ospf_dump.h: update declaration of ospf_ip_header_dump.
* ospf_packet.c: (ospf_write) correct call to
sockopt_iphdrincl_swab_htosys which was munging the header.
(ospf_recv_packet) ip_len is needed for old OpenBSD fixup.
(ospf_read) sockopt_iphdrincl_swab_systoh ip header as soon as
we have it.
* (global) Const char update and signed/unsigned fixes.
* (various headers) size defines should be unsigned.
* ospf_interface.h: remove duplicated defines, include the
authoritative header - though, these defines should probably
be moved to a dedicated header, or ospfd.h.
* ospf_lsa.h: (struct lsa) ls_seqnum should be unsigned.
* ospf_packet.c: (ospf_write) cast result of shift to unsigned.
2004-10-08 Hasso Tepper <hasso at quagga.net>
* *.[c|h]: Fix compiler warnings: make some strings const, signed ->
unsigned, remove unused variables etc.
2004-10-07 Greg Troxel <gdt@claude.ir.bbn.com>
* ospf_apiserver.c (ospf_apiserver_unregister_opaque_type): Don't
use of variable names 'node' and 'nextnode' to avoid possible
conflict with list macros. Move variable declaration inside for
loop after a statement to top of function.
2004-10-07 Paul Jakma <paul@dishone.st>
* ospf_snmp.c: Missed list typedef update
* ospf_dump.c: Include sockopt.h for header swab functions.
2004-10-05 Paul Jakma <paul@dishone.st>
* ospf_packet.c: replace ospf_swap_iph_to... with
sockopt_iphdrincl_swab_...
2004-10-03 James R. Leu <jleu at mindspring.com>
* ospf_zebra.c: Read router id related messages from zebra daemon.
Schedule router-id update thread if it's changed.
* ospfd.c: Remove own router-id selection function. Use router id from
zebra daemon if it isn't manually overriden in configuration.
2004-09-27 Paul Jakma <paul@dishone.st>
* ospf_dump.c: (ospf_ip_header_dump) Use HAVE_IP_HDRINCL_BSD_ORDER
Apply to offset too. Print ip_cksum, lets not worry about
possible 2.0.37 compile problems.
* ospf_packet.c: (ospf_swap_iph_to{n,h}) Use
HAVE_IP_HDRINCL_BSD_ORDER.
(ospf_recv_packet) ditto.
(ospf_write) Fixup iov argument to ospf_write_frags.
(struct msghdr).msg_name is caddr_t on most platforms.
(ospf_recv_packet) ditto. And msg_flags is not always there
memset struct then set fields we care about rather than
initialise all fields individually.
2004-09-26 Hasso Tepper <hasso at quagga.net>
* ospf_abr.c, ospf_dump.c, ospf_lsa.c, ospf_packet.c, ospf_vty.c,
ospf_zebra.c: Fix compiler warnings.
2004-09-24 Paul Jakma <paul@dishone.st>
* ospf_apiserver.{c,h}: lists typedef removal cleanup.
update some list loops to LIST_LOOP. some miscellaneous indent
fixups.
(ospf_apiserver_unregister_opaque_type) fix listnode_delete of
referenced node in loop.
(ospf_apiserver_term) loops calling ospf_apiserver_free, which
deletes referenced nodes from apiserver_list, fixed.
* ospf_interface.h: lists typedef removal cleanup.
* ospf_opaque.{c,h}: lists typedef removal cleanup. update some list
loops to LIST_LOOP. miscellaneous style and indent fixups.
* ospf_te.{c,h}: ditto
* ospf_packet.c: lists typedef removal cleanup.
(ospf_write) ifdef fragmentation support. move actual
fragmentation out to a new, similarly ifdefed, function.
(ospf_write_frags) fragmented write support, moved from previous.
2004-09-23 Hasso Tepper <hasso at quagga.net>
* *.[c|h]: list -> struct list *, listnode -> struct listnode *.
2004-09-12 Paul Jakma <paul@dishone.st>
* ospf_packet.c: Fix bugzilla #107
(ospf_packet_max) get rid of the magic 88 constant
(ospf_swab_iph_ton) new function. set ip header to network order,
taking BSDisms into account.
(ospf_swab_iph_toh) the inverse.
(ospf_write) Add support for IP fragmentation, will only work on
linux though, other kernels make it impossible. get rid of the
magic 4 constant.
(ospf_make_ls_upd) Bound check to end of stream, not to
interface mtu.
(ospf_ls_upd_packet_new) New function, allocate upd packet
taking oversized LSAs into account.
(ospf_ls_upd_queue_send) use ospf_ls_upd_packet_new to allocate,
rather than statically allocating mtu sized packet buffer, which
actually was wrong - it didnt take ip header into account, which
should not be included in packet buffer.
(ospf_ls_upd_send_queue_event) minor tweaks and remove
TODO comment.
2004-08-31 David Wiggins <dwiggins@bbn.com>
* ospf_spf.c (ospf_spf_calculate): Many more comments and debug
print statements. New function ospf_vertex_dump used in debugging.
2004-08-31 David Wiggins <dwiggins@bbn.com>
* ospf_spf.h (struct vertex): Comments for flags and structure members.
2004-08-31 David Wiggins <dwiggins@bbn.com>
* ospf_route.c: When finding an alternate route, log cost as well.
2004-08-31 David Wiggins <dwiggins@bbn.com>
* ospf_interface.c (ospf_lookup_if_params): Initialize af in
struct prefix allocated on stack.
2004-08-31 David Wiggins <dwiggins@bbn.com>
* ospf_packet.c (ospf_ls_ack_send_delayed): In p2mp mode, send
acks to AllSPFRouters, rather than All-DR.
2004-08-27 Hasso Tepper <hasso at quagga.net>
* ospf_vty.c: Don't print ospf network type under interface only
if interface is in broadcast mode and interface type really is
broadcast. Fixes Bugzilla #108.
2004-08-27 David Wiggins <dwiggins@bbn.com>
* ospf_spf.c (ospf_nexthop_calculation): Initialize address family
in on-stack struct prefix_ipv4. Fixes point-to-multipoint SPF
calculation.
2004-08-26 Greg Troxel <gdt@fnord.ir.bbn.com>
* ospf_packet.c (ospf_recv_packet): adjust size declaration of
buffer used to get interface index so that it compiles on other
than Linux and includes the required alignment space. Probably
this was only working on sparc/sparc64 because most of
sockaddr_dl was not being written.
2004-08-19 Paul Jakma <paul@dishone.st>
* ospf_packet.c: update to match sockopt renames.
2004-08-04 Paul Jakma <paul@dishone.st>
* ospf_spf.c: (ospf_spf_consider_nexthop) Add comment about issue.
Compare only against list head - all nexthops must be same cost
anyway, fixes a reference-listnode-after-delete bug noted by
Kir Kostuchenko.
(ospf_nexthop_calculation) Use ospf_spf_consider_nexthop for all
candidates attached to root.
2004-07-27 Paul Jakma <paul@dishone.st>
* ospf_packet.c: (ospf_ls_upd_send_queue_event) fix thinko from
last fix for ospfd wedging due to oversize LSAs: dont list loop on
ospf_ls_upd_queue_send() - guaranteed segfault.
2004-07-27 Paul Jakma <paul@dishone.st>
* ospf_opaque.c: (ospf_opaque_lsa_flush_schedule) do not NULL out
the LSA as then free_opaque_info_per_id() can never unlock (and
free) the LSA. Reported by Gunnar Stigen.
2004-07-23 Paul Jakma <paul@dishone.st>
* ospf_network.c: Replace PKTINFO/RECVIF with call to
setsockopt_pktinfo
* ospf_packet.c: Use getsockopt_pktinfo_ifindex and
SOPT_SIZE_CMSG_PKTINFO_IPV4.
2004-07-14 Paul Jakma <paul@dishone.st>
* ospf_packet.c: (ospf_ls_upd_send_queue_event) Partial fix for
problem reported by Peter Frost amongst others, where function
will spin indefinitely if update list contains LSAs greater than
MTU-headers or other condition leading to update list never being
cleared. Problem of what to do with these LSAs remains.
(ospf_make_ls_upd) add comment about large LSA problem,
indentation cleanup.
2004-07-01 Greg Troxel <gdt@fnord.ir.bbn.com>
* Makefile.am (lib_LTLIBRARIES): make libospf shared
2004-06-30 Greg Troxel <gdt@poblano.ir.bbn.com>
* Makefile.am: Add shlib support.
2004-06-10 Hasso Tepper <hasso@estpak.ee>
* *: Removed ifdefs HAVE_NSSA.
2004-06-06 Paul Jakma <paul@dishone.st>
* ospf_dump.c,ospf_lsa.c: Fix typos of merge of previous.
ospf_flood.c: (ospf_process_self_originated_lsa) fix zlog format
2004-05-31 Sagun Shakya <sagun.shakya@sun.com>
* ospf_dump.c: (ospf_lsa_header_dump) LOOKUP can return null if
index is out of range.
ospf_flood.c: endianness fix
ospf_lsa.c: Missing ntohl's on (struct lsa *)->data->ls_seqnum
in various places.
2004-05-10 Hasso Tepper <hasso@estpak.ee>
* ospf_zebra.c, ospfd.c: Move ospf_prefix_list_update() function
to ospf_zebra.c from ospfd.c and add redistribution updates if
route-map is used in redistribution.
* ospf_main.c: Remove now useless call to ospf_init().
2004-05-08 Paul Jakma <paul@dishone.st>
* ospf_zebra.c: Sync with lib/zclient changes
2004-05-05 Paul Jakma <paul@dishone.st>
* ospf_network.c: (ospf_sock_init) Check whether IP_HDRINCL is
defined. Warn at compile and runtime. Use
IPTOS_PREC_INTERNETCONTROL otherwise.
* ospf_packet.c: (ospf_associate_packet_vl) cleanup, move
some of the checks up to ospf_read, return either a
virtual link oi, or NULL.
(ospf_read) Cleanup, make it responsible for checks. Remove
the nbr lookup - moved to ospf_neighbor. Adjust all nbr
lookups to use new wrappers exported by ospf_neighbor.
* ospf_neighbor.h: Add ospf_neigbour_get and ospf_nbr_lookup.
* ospf_neighbor.c: (ospf_neigbour_get) Index ospf_interface
neighbour table by router-id for virtual-link ospf_interfaces,
not by peer_addr (which breaks for asymmetric vlinks)
(ospf_nbr_lookup) add a wrapper for nbr lookups to deal with
above.
* ospf_interface.c: (ospf_vl_set_params) Catch changes of interface
address for either end of a virtual-link, and hence potential cost
changes.
2004-04-22 Hasso Tepper <hasso@estpak.ee>
* ospf_zebra.c: Don't ignore reject/bh routes, it's the only way
to "summarize" routes in ASBR at the moment.
2004-04-20 Hasso Tepper <hasso@estpak.ee>
* ospfd.c: Unset NP flag if area is going to be normal or stub.
Fixes UNH OSPF_NSSA.1.2a comment.
* ospf_abr.c: Originate default into stub/nssa area even if
summaries are disabled.
* ospf_zebra.c: Don't attempt to redistribute 127.0.0.0/8.
2004-04-19 Hasso Tepper <hasso@estpak.ee>
* ospf_vty.c: Don't warn that export- and import-list can't be
configured to backbone area if they are applied and are working
fine.
2004-02-19 Sowmini Varadhan <sowmini.varadhan@sun.com>
* ospf_packet.c: Don't drop packets in Solaris x86.
[quagga-dev 1005].
2004-03-18 Amir Guindehi <amir@datacore.ch>
* ospf_opaque.c: Attempt to correct the incorrect behavior of
Quagga's ospfd in the special situation that a node's opaque
capability has changed as "ON -> OFF -> ON". [quagga-dev 843].
2004-02-19 Sowmini Varadhan <sowmini.varadhan@sun.com>
* ospf_abr.c: (ospf_abr_update_aggregate) UNH 3.12b,c, address range
should be configured with the highest cost path within the range,
not lowest.
2004-02-17 Paul Jakma <paul@dishone.st>
* ospf_zebra.c: (ospf_interface_delete) Do not delete the interface
params, nor the interface structure, if an interface delete
message is received from zebra.
* ospf_interface.c: (ospf_if_delete_hook) Delete the interface
params and interface, ie that which was previously removed in
(ospf_interface_delete) above.
2004-02-11 Hasso Tepper <hasso@estpak.ee>
* ospf_interface.c, ospf_zebra.c: Don't attempt to read path->oi->ifp
if oi doesn't exist any more.
2004-02-11 Vadim Suraev <vadim.suraev@terayon.com>
* ospf_packet.c (ospf_ls_upd): Router should flush received network
LSA if it was originated with older router-id ([zebra 14710] #6).
2003-12-08 Mattias Amnefelt <mattiasa@kth.se>
* ospf_packet.c: (ospf_recv_packet) OpenBSD now leaves iph.ip_len
network byte order.
2003-12-05 Greg Troxel <gdt@poblano.ir.bbn.com>
* ospfd.c (ospf_network_match_iface): Rewrite code for clarity
while trying not to change semantics. Add ifdefed-out code to
avoid matching ppp interfaces whose destination address does not
also match the prefix under consideration, to help out people with
problems due to as-yet-unfixed bugs with p2p interfaces coming and
going.
2003-07-25 kamatchi soundaram <kamatchi@tdd.sj.nec.com>
* ospf_packet.c (ospf_ls_upd_send_queue_event): get next route
node in body of the loop to avoid chance that route node
is unlocked and deleted before the next iteration tries to
get next route node.
2003-05-24 Kenji Yabuuchi
* ospf_interface.c(ospf_if_lookup_recv_if): Use the most specific
match for interface lookup.
2003-05-18 Hasso Tepper <hasso@estpak.ee>
* ospf_vty.c: Show NSSA LSA route info in "show ip ospf database"
output
2003-05-16 Hasso Tepper <hasso@estpak.ee>
* ospf_lsa.c: Fix handling of NSSA
2003-04-23 Hasso Tepper <hasso@estpak.ee>
* ospf_vty.c: fix "router xxx" node commands in vtysh
2003-04-19 Hasso Tepper <hasso@estpak.ee>
* {ospf_abr,ospfd}.c: area id's DECIMAL -> ADDRESS
* ospf_routemap.c: sync daemon's route-map commands to have same
syntax.
2003-04-19 Sergey Vyshnevetskiy <serg@vostok.net>
* ospf_packet.c: Add missing param to zlog
* ospf_flood.c: remove unused vars
2003-04-17 Denis Ovsienko <zebra@pilot.org.ua>
* ospf_interface.c: fix incorrect memset
2003-04-10 Amir Guindehi <amir@datacore.ch>
* ospf_lsa.[ch]: opaque LSA fix, use ospf_lookup.
2003-04-03 David Watson <dwatson@eecs.umich.edu>
* ospf_lsa.c: byte order fix
2002-03-17 Amir Guindehi <amir@datacore.ch>
* ospf_apiserver.[ch]: Merge Ralph Keller's OSPFAPI support.
* ospf_api.[ch]: Merge Ralph Keller's OSPFAPI support.
* ospfclient: OSPFAPI demonstration client.
2003-01-23 Masahiko Endo <endo@suri.co.jp>
* ospf_ism.c: NSM event schedule bug fix.
2002-10-30 Greg Troxel <gdt@ir.bbn.com>
* ospf_packet.c (ospf_make_md5_digest): MD5 length fix.
2002-10-23 endo@suri.co.jp (Masahiko Endo)
* ospf_opaque.c: Update Opaque LSA patch.
2002-10-23 Ralph Keller <keller@tik.ee.ethz.ch>
* ospf_vty.c (show_ip_ospf_database): Fix CLI parse.
2002-10-23 Juris Kalnins <juris@mt.lv>
* ospf_interface.c (ospf_if_stream_unset): When write queue
becomes empty stop write timer.
2002-10-10 Greg Troxel <gdt@ir.bbn.com>
* ospf_packet.c (ospf_check_md5_digest): Change >= to > to make it
conform to RFC.
2002-07-07 Kunihiro Ishiguro <kunihiro@ipinfusion.com>
* zebra-0.93 released.
2002-06-19 Kunihiro Ishiguro <kunihiro@ipinfusion.com>
* ospf_spf.c (ospf_nexthop_calculation): Add NULL set to oi and
check of l2. Reported by: Daniel Drown <dan-zebra@drown.org>
(ospf_lsa_has_link): LSA Length calculation fix. Reported by:
Paul Jakma <paulj@alphyra.ie>.
* ospfd.c (ospf_if_update): Fix nextnode reference bug. Reported
by: juris@mt.lv.
2002-01-21 Kunihiro Ishiguro <kunihiro@ipinfusion.com>
* ospfd.c: Merge [zebra 11445] Masahiko ENDO's Opaque-LSA support.
2001-08-27 Kunihiro Ishiguro <kunihiro@zebra.org>
* ospf_interface.c (ospf_add_to_if): Use /32 address to register
OSPF interface information.
(ospf_delete_from_if): Likewise.
* ospf_zebra.c (ospf_interface_address_delete): Likewise.
2001-08-23 Kunihiro Ishiguro <kunihiro@ipinfusion.com>
* ospf_zebra.c (ospf_redistribute_unset): When redistribute type
is OSPF, do not unset redistribute flag.
2001-08-19 Kunihiro Ishiguro <kunihiro@ipinfusion.com>
* zebra-0.92a released.
2001-08-15 Kunihiro Ishiguro <kunihiro@ipinfusion.com>
* zebra-0.92 released.
2001-08-12 Kunihiro Ishiguro <kunihiro@ipinfusion.com>
* ospfd.c (ospf_config_write): auto-cost reference-bandwidth
configuration display.
2001-07-24 David Watson <dwatson@eecs.umich.edu>
* ospf_spf.c (ospf_spf_next): Modify ospf_vertex_add_parent to
check for an existing link before connecting the parent and child.
ospf_nexthop_calculation is also modified to check for duplicate
entries when copying from the parent. Finally, ospf_spf_next
removes duplicates when it merges two equal cost candidates.
2001-07-23 itojun@iijlab.net
* ospfd.c (show_ip_ospf_neighbor): Check ospf_top before use it
[zebra 8549].
2001-07-23 Kunihiro Ishiguro <kunihiro@ipinfusion.com>
* ospf_packet.c (ospf_write): Remove defined(__OpenBSD__) to make
it work on OpenBSD.
2001-06-26 Kunihiro Ishiguro <kunihiro@zebra.org>
* ospf_zebra.c (config_write_ospf_default_metric): Display
default-metric configuration.
2001-06-18 Kunihiro Ishiguro <kunihiro@ipinfusion.com>
* ospf_ia.h (OSPF_EXAMINE_SUMMARIES_ALL): Remove old macros.
2001-05-28 Kunihiro Ishiguro <kunihiro@ipinfusion.com>
* ospf_snmp.c (ospfIfEntry): Fix interface lookup bug to avoid
crush.
(ospfIfMetricEntry): Likewise.
2001-03-18 Kunihiro Ishiguro <kunihiro@zebra.org>
* ospf_packet.c (ospf_read): Fix typo. Reported by: "Jen B
Lin'Kova" <jen@stack.net>.
2001-03-15 Gleb Natapov <gleb@nbase.co.il>
* ospf_interface.c (ip_ospf_network): Set interface parameter.
(interface_config_write): Add check for OSPF_IFTYPE_LOOPBACK.
* ospf_zebra.c (ospf_interface_add): Set interface parameter.
2001-02-21 Kunihiro Ishiguro <kunihiro@zebra.org>
* ospf_packet.c (ospf_recv_packet): Solaris also need to add
(iph.ip_hl << 2) to iph.ip_len.
2001-02-09 Kunihiro Ishiguro <kunihiro@zebra.org>
* ospfd.h (OSPF_LS_REFRESH_TIME): Fix OSPF_LS_REFRESH_TIME value.
Suggested by: David Watson <dwatson@eecs.umich.edu>.
* ospf_zebra.c (zebra_init): Remove zebra node.
* ospfd.c (ospf_area_range_set): Function name is changed from
ospf_ara_range_cmd.
(ospf_area_range_unset): New function which separated from DEFUN.
New commands are added:
"no area A.B.C.D range A.B.C.D/M advertise"
"no area <0-4294967295> range A.B.C.D/M advertise"
"no area A.B.C.D range A.B.C.D/M not-advertise"
"no area <0-4294967295> range A.B.C.D/M not-advertise"
* ospf_lsa.c (ospf_lsa_more_recent): Fix previous change.
2001-02-08 Matthew Grant <grantma@anathoth.gen.nz>
* ospf_network.c (ospf_if_add_allspfrouters): Use
setsockopt_multicast_ipv4.
(ospf_if_drop_allspfrouters): Likewise.
* ospf_lsa.c (ospf_router_lsa_install): Add rt_recalc flag.
(ospf_network_lsa_install): Likewise.
(ospf_summary_lsa_install): Likewise.
(ospf_summary_asbr_lsa_install): Likewise.
(ospf_external_lsa_install): Likewise.
(ospf_lsa_install): Call ospf_lsa_different to check this LSA is
new one or not.
2001-02-08 Kunihiro Ishiguro <kunihiro@zebra.org>
* ospf_zebra.c (ospf_interface_delete): Do not free interface
structure when ospfd receive interface delete message to support
pseudo interface.
2001-02-01 Dick Glasspool <dick@ipinfusion.com>
* ospfd.c (area_range_notadvertise): Change area range "suppress"
command to "not-advertise".
* ospfd.h (OSPF_LS_REFRESH_TIME): Change OSPF_LS_REFRESH_TIME from
1800 to 60.
* ospf_abr.c (ospf_abr_update_aggregate): When update_aggregate is
updating the area-range, the lowest cost is now saved.
* ospf_lsa.c (ospf_lsa_more_recent): Routing to compare sequence
numbers rather than creating overflow during calculation.
2001-02-01 Kunihiro Ishiguro <kunihiro@zebra.org>
* zebra-0.91 is released.
2001-01-31 Kunihiro Ishiguro <kunihiro@zebra.org>
* ospf_packet.c (ospf_db_desc_proc): Do not continue process when
NSM_SeqNumberMismatch is scheduled.
(ospf_ls_req): Free ls_upd when return from this function.
(ospf_ls_upd_timer): When update list is empty do not call
ospf_ls_upd_send(). Suggested by: endo@suri.co.jp (Masahiko
Endo).
2001-01-26 Kunihiro Ishiguro <kunihiro@zebra.org>
* ospf_lsa.c (ospf_maxage_flood): Flood LSA when it reaches
MaxAge. RFC2328 Section 14.
(ospf_maxage_lsa_remover): Call above function during removing
MaxAge LSA.
2001-01-26 Dick Glasspool <dick@ipinfusion.com>
* ospf_flood.c (ospf_flood_through_as): Function is updated for
NSSA Translations now done at ospf_abr.c with no change in P-bit.
* ospf_lsa.c (ospf_get_nssa_ip): Get 1st IP connection for Forward
Addr.
(ospf_install_flood_nssa): Leave Type-7 LSA at Lock Count = 2.
* ospf_ase.c (ospf_ase_calculate_route): Add debug codes.
* ospf_abr.c (ospf_abr_translate_nssa): Recalculate LSA checksum.
* ospf_packet.h (OSPF_SEND_PACKET_LOOP): Added for test packet.
* ospf_dump.c (ospf_lsa_type_msg): Add OSPF_GROUP_MEMBER_LSA and
OSPF_AS_NSSA_LSA.
* ospfd.c (data_injection): Function to inject LSA. This is
debugging command.
2001-01-11 Kunihiro Ishiguro <kunihiro@zebra.org>
* ospf_route.c (ospf_route_match_same): Remove function.
(ospf_route_match_same_new): Renamed to ospf_route_match_same.
* ospf_zebra.c (ospf_interface_address_delete): Add check for
oi->address. Suggested by Matthew Grant
<grantma@anathoth.gen.nz>.
(ospf_zebra_add): Remove function.
(ospf_zebra_add_multipath): Rename to ospf_zebra_add.
* ospf_interface.c: Remove HAVE_IF_PSEUDO part.
* ospf_zebra.c: Likewise.
2001-01-10 Kunihiro Ishiguro <kunihiro@zebra.org>
* ospf_ase.c: Remove OLD_RIB part.
* ospf_route.c: Likewise.
* zebra-0.90 is released.
* ospf_packet.c (ospf_recv_packet): Use ip_len adjestment code to
NetBSD.
2001-01-09 Kunihiro Ishiguro <kunihiro@zebra.org>
* ospf_route.c (ospf_route_delete): Use
ospf_zebra_delete_multipath.
2001-01-09 Matthew Grant <grantma@anathoth.gen.nz>
* ospf_interface.c (ospf_if_cleanup): Function name is renamed
from ospf_if_free(). Rewrite whole procudure to support primary
address deletion.
* ospf_zebra.c (ospf_interface_address_delete): Add primary
address deletion process.
2001-01-09 Kunihiro Ishiguro <kunihiro@zebra.org>
* ospf_packet.c (ospf_recv_packet): OpenBSD has same ip_len
treatment like FreeBSD.
2001-01-09 endo@suri.co.jp (Masahiko Endo)
* ospf_packet.c (ospf_recv_packet): FreeBSD kernel network code
strips IP header size from receiving IP Packet. So we adjust
ip_len to whole IP packet size by adding IP header size.
2001-01-08 endo@suri.co.jp (Masahiko Endo)
* ospf_network.c (ospf_serv_sock): When socket() is failed return
* (global) Update code to match stream.h changes.
stream_get_putp effectively replaced with stream_get_endp.
stream_forward renamed to stream_forward_getp.
stream_forward_endp introduced to replace some previous
setting/manual twiddling of putp by daemons.
* lib/stream.h: Remove putp. Update reference to putp with endp.
Add stream_forward_endp, which daemons were doing manually.
Rename stream_forward to stream_forward_getp.
lib/stream.c: Remove/update references to putp.
introduce stream_forward_endp.
* ospf_interface.h: Improve passive_interface comment. Add new
multicast_memberships bitmask to struct ospf_interface to track
active multicast subscriptions. Declare new function
ospf_if_set_multicast.
* ospf_interface.c: (ospf_if_set_multicast) New function to configure
multicast memberships properly based on the current
multicast_memberships status and the current values of the
ospf_interface state, type, and passive_interface status.
(ospf_if_up) Remove call to ospf_if_add_allspfrouters (this is
now handled by ism_change_state's call to ospf_if_set_multicast).
(ospf_if_down) Remove call to ospf_if_drop_allspfrouters (now
handled by ism_change_state).
* ospf_ism.c: (ospf_dr_election) Remove logic to join or leave
the DRouters multicast group (now handled by ism_change_state's call
to ospf_if_set_multicast).
(ism_change_state) Add call to ospf_if_set_multicast to change
multicast memberships as necessary to reflect the new interface state.
* ospf_packet.c: (ospf_hello) When a Hello packet is received on a
passive interface: 1. Increase the severity of the error message
from LOG_INFO to LOG_WARNING; 2. Add more information to the error
message (packet destination address and interface address);
and 3. If the packet was sent to ospf-all-routers, then try
to fix the multicast group memberships.
(ospf_read) When a packet is received on an interface whose state
is ISM_Down, enhance the warning message to show the packet
destination address, and try to update/fix the multicast group
memberships if the packet was sent to a multicast address.
When a packet is received for ospf-designated-routers, but the
current interface state is not DR or BDR, then increase the
severity level of the error message from LOG_INFO to LOG_WARNING,
and try to fix the multicast group memberships.
* ospf_vty.c: (ospf_passive_interface) Call ospf_if_set_multicast for
any ospf interface that may have changed from active to passive.
(no_ospf_passive_interface) Call ospf_if_set_multicast for
any ospf interface that may have changed from passive to active.
(show_ip_ospf_interface_sub) Show multicast group memberships.
* ospf_packet.c: (ospf_read) Fix bug: must check for state ISM_Down,
not for event ISM_InterfaceDown. And improve the message by
adding the interface flags.
* if.h: Declare if_flag_dump.
[backport candidate]
* ospf_packet.c: (ospf_packet_add) If oi->obuf is NULL, print
an error message and return.
(ospf_read) If the interface state is ISM_InterfaceDown, issue
a warning message and ignore the packet.
* ospf_packet.h: Remove commented out definition of
OSPF_MAX_PACKET; neither it or the uncommented one are used any more.
* ospf_packet.c (ospf_make_ls_upd): Leave room for authentication
when deciding if an update will fit.
(ospf_packet_authspace): Factor out calculation of size required
for authentication.
(ospf_make_db_desc): Use ospf_max_packet, not OSPF_MAX_PACKET.
Don't confuse readers that there is a macro.
* ospf_packet.c: (ospf_read) Always look up the interface if
ospf_recv_packet returns NULL ifp, since some platforms such
as Solaris 8 appear to support ifindex retrieval but don't.
