Convert the list_delete(struct list *) function to use
struct list **. This is to allow the list pointer to be nulled.
I keep running into uses of this list_delete function where we
forget to set the returned pointer to NULL and attempt to use
it and then experience a crash, usually after the developer
has long since left the building.
Let's make the api explicit in it setting the list pointer
to null.
Cynical Prediction: This code will expose a attempt
to use the NULL'ed list pointer in some obscure bit
of code.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
During the loop we save a pointer to the next route in the table in case
brouter is deleted during the course of the loop iteration. However when
we call ospf6_route_remove this can trigger ospf6_route_remove on other
routes in the table, one of which could be pointed at by said pointer.
Since ospf6_route_next locks the route that it returns, it won't
actually be deleted, instead the refcount will go to 1. In the next loop
iteration, nbrouter becomes brouter, and calling ospf6_route_next on
this one will finally decrement the refcount to 0, resulting in a free,
which causes subsequent reads on brouter to be UAF. Since the route will
have OSPF6_ROUTE_WAS_REMOVED set, provided the memory was not
overwritten before we got there, we'll continue on to the next one so it
is unlikely this will cause a crash in production.
Solution implemented is to check if we've deleted the route and continue
if so.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
This is a fallout from PR #1022 (zapi consolidation). In the early days,
the client daemons would allocate enough memory to send all nexthops
to zebra. Then zebra would add all nexthops to the RIB and respect
MULTIPATH_NUM only when installing the routes in the kernel. Now things
are different and the client daemons can send at most MULTIPATH_NUM
nexthops to zebra, and failure to respect that will result in a buffer
overflow. The MULTIPATH_NUM limit in the new zebra API is a small price
we pay to avoid allocating memory for each route sent to zebra.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Commit 427f8e61bb introduced prefix list callbacks
to handle when a prefix list is changed. Unfortunately
if you have ospf6 running but not configured it crashes.
Modify ospf6d to not crash when we are not properly configured
yet for prefix-lists handling.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Oops, I tested this with prefix lists configured and failed to notice it
blows up when nothing is set...
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Using the previously-added vty_frame() support, this gets rid of all the
pointless empty "interface XYZ" blocks that get added for any interface
that shows up in the system (e.g. dummys, tunnels, etc.)
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
FLAG_BLACKHOLE is used for different things in different places. remove
it from the zclient API, instead indicate blackholes as proper nexthops
inside the message.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Add the RMAP_COMPILE_SUCCESS and switch over to using it.
Refactoring allows a removal of a if statement to just
use the switch statement already in place. Additionally
the reworking cleans up memory freeing in a couple of spots.
In one spot we no longer will leak memory too.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
With the old API, ospf6d always needed to send a nexthop address and a
nexthop interface when advertising a route to zebra. In the case where
the nexthop address didn't exist (e.g. connected route), zebra would
take care of ignore it in the zread_ipv6_add() function.
Now, if we have a nexthop interface but not a nexthop address, we not
only can but we should send a nexthop of type NEXTHOP_TYPE_IFINDEX. zebra
won't fix bad nexthops anymore because the clients have a proper API to
send correct messages.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Some differences compared to the old API:
* Now the redistributed routes are sent using address-family
independent messages (ZEBRA_REDISTRIBUTE_ROUTE_ADD and
ZEBRA_REDISTRIBUTE_ROUTE_DEL). This allows us to unify the ipv4/ipv6
zclient callbacks in the client daemons and thus remove a lot of
duplicate code;
* Now zebra sends all nexthops of the redistributed routes to the client
daemons, not only the first one. This shouldn't have any noticeable
performance implications and will allow us to remove an ugly exception
we had for ldpd (which needs to know all nexthops of the redistributed
routes). The other client daemons can simply ignore the nexthops if
they want or consult just the first one (e.g. ospfd/ospf6d/ripd/ripngd).
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Register add/delete hooks with the prefix list code to properly change
ospf6_area's prefix list in/out pointers.
There are 2 other uncached uses of prefix lists in the ASBR route-map
code and the interface code; these should probably be cached too. (To
be fixed another day...)
Fixes: #453
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
This version string has not been updated in over 11 years.
I cannot see any viable reason that we should use or update
or anything with this value, remove.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Start creating a counterpart to frr_init and frr_late_init.
Unfortunately, some daemons don't do any exit handling, this doesn't
change that just yet.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
called list_delete instead of list_free
Moved MTYPE_STATIC in ospfd/zebra.c
Revert changes in ospf6_zebra.c where malloc is called for
multiple nexthops.
Signed-off-by: Chirag Shah <chirag@cumulusnetworks.com>
GCC 7.1.1 returned warnings about buffer sizes
not being big enough to handle the full string
that could be generated.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Free route node upon asbr redistribute route cleanup from
external_id_table route tale.
Free route node when route_remove is called and
node->info is set to null.
Decrement route node lock in route_lookup api as it
is incremented as part of node_lookup api.
use local variable for nexthop vs. malloc in zebra parse
routine.
two of the memory leaks related to nexthops per route were not freed.
two of the memory leak detected per frr service restart
Signed-off-by: Chirag Shah <chirag@cumulusnetworks.com>
This reverts commit c14777c6bf.
clang 5 is not widely available enough for people to indent with. This
is particularly problematic when rebasing/adjusting branches.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
The label initializer & nhrpd variable are just to shut up GCC 7,
the other two are actual bugs.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Signed-off-by: Daniel Walton <dwalton@cumulusnetworks.com>
This allows frr-reload.py (or anything else that scripts via vtysh)
to know if the vtysh command worked or hit an error.
Instead of having an ?: expression embedded in every single caller of
vty_out, just expand \n to \r\n in the vty code if neccessary.
(Deprecation warnings will be enabled in the next commits which will do
the search-and-replace over the codebase.)
[This reverts commit 4d5f445 "lib: add vty_outln()"]
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
rip out this pile of open-coded goo and replace it with uses of the API
that table.h provides.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
route_node->parent and route_node->link shouldn't be touched by user
code since that is a recipe for trouble once we have a hash table in
parallel.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Previous fix was missing the possibility of having to modify the io
buffer size if the kernel reports an new mtu value. This fix adds
that check.
Signed-off-by: Don Slice <dslice@cumulusnetworks.com>
Problem reported by customer that if an mtu value was set in the kernel,
quagga/frr would get very confused about what had been configured and
what had been learned. This caused peers to not be successfully established.
Resolved by keeping a configuration value separate than the operational value
and set the operational accordingly. If configured, it wins unless the config
defines a value that is higher than the kernel supports.
Ticket: CM-16876
Signed-off-by: Don Slice <dslice@cumulusnetworks.com>
Reviewed By: CCR-6399
Testing Done: Manual testing successful, submitter tested, ospf-smoke completed
with no new failures.
log.c provides functionality for associating a constant (typically a
protocol constant) with a string and finding the string given the
constant. However this is highly delicate code that is extremely prone
to stack overflows and off-by-one's due to requiring the developer to
always remember to update the array size constant and to do so correctly
which, as shown by example, is never a good idea.b
The original goal of this code was to try to implement lookups in O(1)
time without a linear search through the message array. Since this code
is used 99% of the time for debugs, it's worth the 5-6 additional cmp's
worst case if it means we avoid explitable bugs due to oversights...
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
ospf6_route_remove may free the ospf6_route passed to it if the refcount
reaches zero, in which case zeroing the ->flag field constitutes a uaf
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
If the user enters a decimal, display a decimal.
If the user enters a dotted quad, display a dotted quad.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
The 'show zebra' command really shouldn't be owned
by ospf6. This command is a specialized command
to show some basic information about ospf6 and zebra
so limit it to ospf6.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The command 'debug ospf6 lsa unknown' was
always showing up, upon starting of the ospf6 daemon.
Remove this from happening. Also fix some help strings
while we are in there.
Ticket: CM-7913
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
When we are receiving the 'no debug ospf6 lsa unknown ...'
Allow the removal of the originate examine and flooding
keywords.
Ticket: CM-12805
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The command 'debug ospf6 lsa unknown' was
always showing up, upon starting of the ospf6 daemon.
Remove this from happening. Also fix some help strings
while we are in there.
Ticket: CM-7913
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
We only needed to add/change the vrf callbacks when we initialize
the vrf subsystem. As such it is not necessary to handle the callbacks
in any other way than through the init function.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The FSF's address changed, and we had a mixture of comment styles for
the GPL file header. (The style with * at the beginning won out with
580 to 141 in existing files.)
Note: I've intentionally left intact other "variations" of the copyright
header, e.g. whether it says "Zebra", "Quagga", "FRR", or nothing.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
