The commands:
router isis 1
mpls-te on
no mpls-te on
mpls-te on
no mpls-te on
!
Will crash
Valgrind gives us this:
==652336== Invalid read of size 8
==652336== at 0x49AB25C: typed_rb_min (typerb.c:495)
==652336== by 0x4943B54: vertices_const_first (link_state.h:424)
==652336== by 0x493DCE4: vertices_first (link_state.h:424)
==652336== by 0x493DADC: ls_ted_del_all (link_state.c:1010)
==652336== by 0x47E77B: isis_instance_mpls_te_destroy (isis_nb_config.c:1871)
==652336== by 0x495BE20: nb_callback_destroy (northbound.c:1131)
==652336== by 0x495B5AC: nb_callback_configuration (northbound.c:1356)
==652336== by 0x4958127: nb_transaction_process (northbound.c:1473)
==652336== by 0x4958275: nb_candidate_commit_apply (northbound.c:906)
==652336== by 0x49585B8: nb_candidate_commit (northbound.c:938)
==652336== by 0x495CE4A: nb_cli_classic_commit (northbound_cli.c:64)
==652336== by 0x495D6C5: nb_cli_apply_changes_internal (northbound_cli.c:250)
==652336== Address 0x6f928e0 is 272 bytes inside a block of size 320 free'd
==652336== at 0x48399AB: free (vg_replace_malloc.c:538)
==652336== by 0x494BA30: qfree (memory.c:141)
==652336== by 0x493D99D: ls_ted_del (link_state.c:997)
==652336== by 0x493DC20: ls_ted_del_all (link_state.c:1018)
==652336== by 0x47E77B: isis_instance_mpls_te_destroy (isis_nb_config.c:1871)
==652336== by 0x495BE20: nb_callback_destroy (northbound.c:1131)
==652336== by 0x495B5AC: nb_callback_configuration (northbound.c:1356)
==652336== by 0x4958127: nb_transaction_process (northbound.c:1473)
==652336== by 0x4958275: nb_candidate_commit_apply (northbound.c:906)
==652336== by 0x49585B8: nb_candidate_commit (northbound.c:938)
==652336== by 0x495CE4A: nb_cli_classic_commit (northbound_cli.c:64)
==652336== by 0x495D6C5: nb_cli_apply_changes_internal (northbound_cli.c:250)
==652336== Block was alloc'd at
==652336== at 0x483AB65: calloc (vg_replace_malloc.c:760)
==652336== by 0x494B6F8: qcalloc (memory.c:116)
==652336== by 0x493D7D2: ls_ted_new (link_state.c:967)
==652336== by 0x47E4DD: isis_instance_mpls_te_create (isis_nb_config.c:1832)
==652336== by 0x495BB29: nb_callback_create (northbound.c:1034)
==652336== by 0x495B547: nb_callback_configuration (northbound.c:1348)
==652336== by 0x4958127: nb_transaction_process (northbound.c:1473)
==652336== by 0x4958275: nb_candidate_commit_apply (northbound.c:906)
==652336== by 0x49585B8: nb_candidate_commit (northbound.c:938)
==652336== by 0x495CE4A: nb_cli_classic_commit (northbound_cli.c:64)
==652336== by 0x495D6C5: nb_cli_apply_changes_internal (northbound_cli.c:250)
==652336== by 0x495D23E: nb_cli_apply_changes (northbound_cli.c:268)
Let's null out the pointer. After this change. Valgrind no longer reports issues
and isisd no longer crashes.
Fixes: #10939
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
Function ospf_te_parse_te() and ospf_te_delete_te() browse TE TLV but also
subTLV. The loop that parse the subTLV check that cummulative read data doesn't
exceed the total size of the TLV. However, the sum variable that counts the
number of read data was wrongly intialize to 0 instead to 4 (i.e. the initial
TLV Header size that is located at the TOP of subTLV).
This patch adjust accordingly the initial value of the counter.
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
Add a 'json' parameter to the 'show_opaque_info' callback definition,
and update all instances of that callback to not display plain-text
data when the user requested JSON data.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
When browsing or parsing OSPF LSA TLVs, we need to use the LSA length which is
part of the LSA header. This length, encoded in 16 bits, must be first
converted to host byte order with ntohs() function. However, Coverity Scan
considers that ntohs() function return TAINTED data. Thus, when the length is
used to control for() loop, Coverity Scan marks this part of the code as defect
with "Untrusted Loop Bound" due to the usage of Tainted variable. Similar
problems occur when browsing sub-TLV where length is extracted with ntohs().
To overcome this limitation, a size attribute has been added to the ospf_lsa
structure. The size is set when lsa->data buffer is allocated. In addition,
when an OSPF packet is received, the size of the payload is controlled before
contains is processed. For OSPF LSA, this allow a secure buffer allocation.
Thus, new size attribute contains the exact buffer allocation allowing a
strict control during TLV browsing.
This patch adds extra control to bound for() loop during TLV browsing to
avoid potential problem as suggested by Coverity Scan. Controls are based
on new size attribute of the ospf_lsa structure to avoid any ambiguity.
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
This fixes 2 asan errors:
If we only have a TLV_ROUTER_ADDR don't continue after we skipped it.
Fixed length when parsing EXT_TLV_LINK_SIZE.
Signed-off-by: Erik Kooistra <me@erikkooistra.nl>
This patch allows to store Link State Information received through the various
LSAs into a dedicated Traffic Engineering Database (TED). This feature is
automatically activated once mpls-te is enabled.
A new CLI command `mpls-te export` permits to export the TED to other daemons
through the new ZAPI Opaque Link State messages. In complement, a new CLI
command `show ip ospf mpls-te database ...` output the contains of the TED to
the console.
Major modifications take place in ospf_te.[c, h]. File ospf_zebra.c has been
modified to handle TED synchronisation request.
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
This patch corrects two problems that affect Inter-AS LSA:
1/ Inter-LSA are never flood due to an incorrect setting of specific flag.
2/ When looking to the detail of the OSPF LSA with the command
`show ip ospf database opaque-xxx`, it appears that only the Inter-AS
advertising router is abble to show the detail of the Inter-AS LSA. Foreign
routers are only abble to show the header of this Inster-AS LSA. The problem
comes from the registration of Inter-AS management functions which is done
only on the advetising router. So, the function `ospf_mpls_te_show_info()` is
never call on neighbor routers that have not resgistered Inter-AS management
callback functions.
First, this patch modify functions `set_linkparams_inter_as()` and
`unset_linkparams_inter_as()` to respectively set and unset flags that control
the Inter-AS LSA flooding. Flag & Type from `struct mpls_te_link` have been
redefined: Flag is used to determine if flooding is AS or not and Type is only
used to determine the type of the LSA.
Second, this patch register Inter-AS management functions for both AS and Area
flooding with a different function for LSA origination as parameter is passed
as void and it is mandatory to determine the flooding context:
`struct *ospf` for AS flooding and `struct *ospf_area` for Area flooding.
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
When an interface goes down, if it is MPLS-TE enabled, the corresponding
TE Opaque LSA is not flushed and continue to be advertised.
The problem is due to bugs in ISM and NSM handler functions of ospf_te.c file:
- ospf_mpls_te_ism_change():
- flag associated with Link Parameters is reset
- ISM_Down state is not correctly handle
- ospf_mpls_te_nsm_change():
- flag associated with Link Parameters is reset
- NSM_Down and NSM_Delete states are not handle
This patch correct this problem.
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
This commits attempts to fix a problem that occurs when mpls-te gets
removed from ospfd config. Mpls-te has an inter-as option, which can be
set to Off/Area/AS. Whenever the inter-as takes "Area" or "AS" as a
value, this value will not be cleaned after removing mpls-te or after
removing the ospf router. Therefore, if mpls-te is configured with
inter-as AS or Area and we remove mpls-te or the ospf router, the
inter-as will still preserve its value; therefore, next time mpls-te is
enabled, it will automatically inherits the previous inter-as value
(either Area or AS). This leads to wrong configuration, which can be a
problem for frr_reload.py.
The commits forces mpls-te to reset inter-as to Off before it mpls-te
gets removed from the configuration and before the ospf router gets
removed.
Signed-off-by: Carlo Galiotto <carlo@voltanet.io>
Some logging systems are, er, "allergic" to tabs in log messages.
(RFC5424: "The syslog application SHOULD avoid octet values below 32")
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
the vrf_id parameter is replaced by struct vrf * parameter.
this impacts most of the daemons that look for an interface based on the
name and the vrf identifier.
Also, it fixes 2 lookup calls in zebra and sharpd, where the vrf_id was
ignored until now.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Solve issue #4198
Link-ID and Remote IP address must be set accordingly to the interface type
(Point-to-Point or Broadcast) from the neighbor information. However, this
information are only valid once the Network State Machine (NSM) is Full i.e.
when the adjacency is up. The original TE code only look to Interface State
Machine (ISM) change which not allow to collect valid neighbor information.
The patch move setup of Link-ID and Remote-IP TE parameters from
ospf_mpls_te_ism_change() to ospf_mpls_te_nsm_change() function.
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
so as to isolate ospf contexts separately for each vrf, the interface
used is cornered to the passed vrf context.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
The head and tail pointers of linked lists should never be modified
manually, the linked list API guarantees that these pointers are always
valid and up-to-date.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
1) stream allocation cannot fail
2) some warnings were removed when functions safely ignored
the calling parameters being wrong.
3) some warnings were removed when functions did not consider
the state as an error since we did not return an error code.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
In all but one instance we were following this pattern
with ospf_lsa_new:
ospf_lsa_new()
ospf_lsa_data_new()
so let's create a ospf_lsa_new_and_data to abstract
this bit of fun and cleanup all the places where
it assumes these function calls can fail.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
There is no need to check for failure of a ALLOC call
as that any failure to do so will result in a assert
happening. So we can safely remove all of this code.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
We lookup the lp value and lookup_linkparams_by_instance
can return NULL if something has gone terribly wrong.
Make sure that lp is not NULL.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Macro that expands to be wrapped in parentheses was being used as a raw
condition for an if statement, leading to some very weird and confusing
formatting...
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
The following types are nonstandard:
- u_char
- u_short
- u_int
- u_long
- u_int8_t
- u_int16_t
- u_int32_t
Replace them with the C99 standard types:
- uint8_t
- unsigned short
- unsigned int
- unsigned long
- uint8_t
- uint16_t
- uint32_t
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
When preforming CI test, CLI command 'no router ospf' followed by a
'router ospf' is performed to clean up the previous configuration.
Ospfd crash when configuring 'netwoark area'.
This is due to opsf_opaque_term() introduce in previous commit that cause this
crash. It remove not only Opaque LSA but also the list through the call to
'list_delete_and_null()' function. Same take place in 'ospf_mpls_te_term()',
'ospf_router_info_term()' and 'ospf_ext_term()' function.
New set of 'ospf_XXX_finish()' has been introduced to solve this issue while
keeping the possiblity to terminate properly the Opaque LSA and remove MPLS
LFIB entries set by Segment Routing.
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
- ospfd/ospf_te.c: Remove unregister function and call to
ospf_delete_opaque_functab() following the introduction of
ospf_opaque_term() function in ospfd.c for ospfd termination.
- ospfd/ospf_sr.c: Set initial index value for node-msd CLI to
avaoid crash when using this command
- ospfd/ospf_ext.c: Disable call to ospf_sr_update_prefix() if
Segment Routing, thus Extended Link/Prefix, is not enable
- ospfd/ospf_opaque.c: Correct scheduling of Opaque LSA flooding
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
This improves code readability and also future-proofs our codebase
against new changes in the data structure used to store interfaces.
The FOR_ALL_INTERFACES_ADDRESSES macro was also moved to lib/ but
for now only babeld is using it.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
