mirror_frr

mirror of https://git.proxmox.com/git/mirror_frr synced 2025-08-05 18:42:23 +00:00

Author	SHA1	Message	Date
Philippe Guibert	83360720df	bgpd: add support of bgp flowspec filtering per packet length It is possible to do filtering based on packet length value or a range of packet-length. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>	2018-06-28 08:52:15 +02:00
Philippe Guibert	3b0c3697a3	bgpd: add comment to inform that icmp can be stored in that struct Generic ipset entry structure will be reused to host icmp information. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>	2018-06-28 08:52:15 +02:00
Philippe Guibert	932404b7b0	bgpd: handle ICMP type and code from flowspec It is possible for flowspec entries containing ICMP rule to insert PBR entries based on ICMP type and ICMP code. Flowspec ICMP filtering can either have icmp type or icmp code or both. Not all combinations are permitted: - if icmp code is provided, then it is not possible to derive the correct icmp value. This will not be installed - range of ICMP is authorised or list of ICMP, but not both. - on receiving a list of ICMPtype/code, each ICMP type is attempted to be associated to ICMP code. If not found, then ICMPtype is combined with all known ICMP code values associated to that ICMP type. - if a specific ICMP type/code is needed, despite the ICMP code/type combination does not exist, then it is possible to do it by forging a FS ICMP type/code specific for that. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>	2018-06-28 08:52:15 +02:00
Philippe Guibert	be729dd7a5	zebra: improve show zebra ipset output for icmp The icmp type/code is displayed. Also, the flags are correctly set in case ICMP protocol is elected. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>	2018-06-28 08:52:15 +02:00
Philippe Guibert	5b0d92b8d5	zebra: pbr ipset_type2_str command is externalised The API of that function that converts ipset types is externalised. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>	2018-06-28 08:52:15 +02:00
Quentin Young	62a9c814e1	Merge pull request #2563 from pacovn/Coverity_1465494_String_not_null_terminated_2 lib zebra: str-z check (2) (Coverity 1465494)	2018-06-27 15:15:22 -04:00
Quentin Young	7f3ad069d7	Merge pull request #2570 from pacovn/Coverity_1448386_Untrusted_value_as_argument lib: untrusted argument (Coverity 1448386)	2018-06-27 15:09:34 -04:00
Jafar Al-Gharaibeh	904124c1ec	Merge pull request #2569 from pacovn/Coverity_1451361_Dereference_before_null_check_2 lib: null check (2) (Coverity 1451361)	2018-06-27 13:51:48 -04:00
Jafar Al-Gharaibeh	e3660a21a4	Merge pull request #2566 from pacovn/Coverity_23024_Dereference_null_return ospf6d: null check (Coverity 23024)	2018-06-27 13:49:08 -04:00
Jafar Al-Gharaibeh	8bd98c6b15	Merge pull request #2564 from pacovn/Coverity_23110_Dereference_after_null_check ospfd: null check (Coverity 23110)	2018-06-27 13:47:47 -04:00
paco	45ec351df2	lib: untrusted argument (Coverity 1448386) Signed-off-by: F. Aragon <paco@voltanet.io>	2018-06-27 15:50:04 +02:00
paco	4872511153	ospf6d: null check (Coverity 23024) Signed-off-by: F. Aragon <paco@voltanet.io>	2018-06-27 15:31:05 +02:00
paco	64268e1a12	lib: null check (2) (Coverity 1451361) Additional correction to `fa3016309b` Signed-off-by: F. Aragon <paco@voltanet.io>	2018-06-27 15:24:45 +02:00
paco	4adf00f765	ospfd: null check (Coverity 23110) Signed-off-by: F. Aragon <paco@voltanet.io>	2018-06-27 14:41:50 +02:00
paco	b6312ad185	lib zebra: str-z check (2) (Coverity 1465494) This is an additional correction after `45981fda06` / PR #2462. I hope this fixes the Coverity warning (I've added an additional check for ensuring the string provided by the inotify read is zero-terminated). Signed-off-by: F. Aragon <paco@voltanet.io>	2018-06-27 14:22:01 +02:00
Donald Sharp	71a7b1f82f	Merge pull request #2556 from pacovn/Coverity_1465491_Untrusted_value_as_argument_3 pimd: untrusted argument (3) (Coverity 1465491)	2018-06-26 19:59:27 -04:00
Quentin Young	81ef2361a3	Merge pull request #2559 from pacovn/Coverity_1302503_Logically_dead_code lib ospfd: dead code (Coverity 1302503 1302502)	2018-06-26 16:48:54 -04:00
paco	39050c7e0d	lib ospfd: dead code (Coverity 1302503 1302502) Signed-off-by: F. Aragon <paco@voltanet.io>	2018-06-26 21:39:56 +02:00
Quentin Young	045a178c13	Merge pull request #2560 from pacovn/Coverity_1302500_Constant_variable_guards_dead_code ospfd: dead code (Coverity `1302500`)	2018-06-26 15:05:53 -04:00
Quentin Young	cccb13bff1	Merge pull request #2557 from pacovn/Coverity_1465490_Unchecked_return_value pimd: return check (Coverity 1465490)	2018-06-26 14:42:30 -04:00
paco	9df48e81ee	ospfd: dead code (Coverity `1302500`) Signed-off-by: F. Aragon <paco@voltanet.io>	2018-06-26 20:33:47 +02:00
paco	d1b21b9616	pimd: return check (Coverity 1465490) Unless someone intentionally changes MCAST_ALL_ROUTERS ("224.0.0.2") with a wrong IP, this should never fail, so the fix is using "(void)" at the left of the function call, as an explicit way of indicating we discard the return value on purpose. Signed-off-by: F. Aragon <paco@voltanet.io>	2018-06-26 19:34:04 +02:00
Quentin Young	cf6bc77d28	Merge pull request #2503 from pacovn/Coverity_1469898_Uninitialized_scalar_variable lib: uninitialized variable (2) (Coverity 1469898)	2018-06-26 11:35:58 -04:00
Quentin Young	c1802707e0	Merge pull request #2463 from pacovn/Coverity_1452539_Out-of-bounds_access lib: out-of-bounds access (Coverity 1452539)	2018-06-26 11:34:31 -04:00
Russ White	8394a34484	Merge pull request #2534 from pacovn/Coverity_1470113_Untrusted_array_index_write zebra: untrusted array index (2) (Coverity 1470113)	2018-06-26 11:18:38 -04:00
Russ White	4bca4c6f0c	Merge pull request #2540 from LabNConsulting/working/master/bgp-twice-leaked-nht bgpd: don't nexthop-track twice-leaked routes that came from zebra	2018-06-26 11:17:32 -04:00
Russ White	dec20a1570	Merge pull request #2542 from pacovn/Coverity_1452552_Out-of-bounds_access isisd: out-of-bounds access (Coverity 1452552)	2018-06-26 11:15:59 -04:00
Russ White	f1b5eeea03	Merge pull request #2545 from pacovn/Coverity_1468413_Explicit_null_dereferenced bgpd: null check (Coverity 1468413)	2018-06-26 11:14:39 -04:00
paco	813099f0fc	pimd: untrusted argument (3) (Coverity 1465491) Additional fix over `d94023d85c` (PR #2546) Removed all pointer arithmetic used for the checks, while keeping same coverage. I hope this removes the Coverity warning (If this don't fix it, I'll make Coverity work with a fork and try there as many times as necessary) Signed-off-by: F. Aragon <paco@voltanet.io>	2018-06-26 17:14:36 +02:00
Russ White	884cc57a96	Merge pull request #2547 from pacovn/Coverity_1458168_Dereference_null_return_value eigrpd ospfd: null check (Coverity 1458168 1455335)	2018-06-26 11:14:07 -04:00
Renato Westphal	52af5f9458	Merge pull request #2535 from donaldsharp/netlink_talk_fun Netlink talk fun	2018-06-26 12:03:52 -03:00
Renato Westphal	b2e020256e	Merge pull request #2549 from pacovn/Coverity_1452317_Explicit_null_dereferenced ldpd: null check (Coverity 1452317)	2018-06-26 10:55:08 -03:00
Renato Westphal	ec45d6c140	Merge pull request #2552 from qlyoung/remove-defun-deprecated Remove DEFUN_DEPRECATED	2018-06-26 10:25:00 -03:00
Jafar Al-Gharaibeh	347e3c3d5f	Merge pull request #2548 from pacovn/Coverity_1453456_Unchecked_return_value_from_library lib: check return value (Coverity 1453456)	2018-06-25 17:30:31 -04:00
paco	e339d7c04d	lib: check return value (Coverity 1453456) Signed-off-by: F. Aragon <paco@voltanet.io>	2018-06-25 20:20:24 +02:00
Jafar Al-Gharaibeh	c356b7e68f	Merge pull request #2546 from pacovn/Coverity_1465491_Untrusted_value_as_argument_2 pimd: untrusted argument (2) (Coverity 1465491)	2018-06-25 12:53:26 -04:00
Jafar Al-Gharaibeh	2b94866707	Merge pull request #2530 from pacovn/Coverity_1399295_Out-of-bounds_read Coverity 1399295 out of bounds read	2018-06-25 12:46:57 -04:00
Jafar Al-Gharaibeh	91609fe00b	Merge pull request #2536 from pacovn/Coverity_1470150_Dereference_null_return_value lib: null check (Coverity 1470150)	2018-06-25 12:43:31 -04:00
Jafar Al-Gharaibeh	6bb6f26c4e	Merge pull request #2550 from pacovn/Coverity_1399284_Dereference_null_return_value ospfd: null check (Coverity 1399284)	2018-06-25 12:40:02 -04:00
Jafar Al-Gharaibeh	d2722bf362	Merge pull request #2544 from pacovn/Coverity_1468510_Dereference_null_return_value ospf6d: null check (Coverity 1468510)	2018-06-25 12:39:17 -04:00
Quentin Young	61cdcbdc02	lib: remove DEFUN_DEPRECATED Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>	2018-06-25 16:38:53 +00:00
Quentin Young	f07e1c4fe4	bgpd: remove DEFUN_DEPRECATED usage Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>	2018-06-25 16:38:48 +00:00
Jafar Al-Gharaibeh	433b146e25	Merge pull request #2543 from pacovn/Coverity_1399304_Out-of-bounds_access ospfd: out-of-bounds access (Coverity 1399304 1399286)	2018-06-25 12:38:44 -04:00
Jafar Al-Gharaibeh	d4e2ab91cd	Merge pull request #2541 from pacovn/Coverity_1221445_1221448_Out-of-bounds_access ospfd: OoB access (Coverity 1221445 1221448)	2018-06-25 12:37:57 -04:00
Quentin Young	20d8a28413	*: remove deprecated 'log trap' commands Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>	2018-06-25 16:35:34 +00:00
paco	d94023d85c	pimd: untrusted argument (2) (Coverity 1465491) Additional fix over `18e994a043` (PR #2457) Previous correction was not enough for fixing the Coverity warning. Now we ensure we don't overflow the buffer. Signed-off-by: F. Aragon <paco@voltanet.io>	2018-06-25 17:37:48 +02:00
paco	162dbe419d	ospfd: null check (Coverity 1399284) Signed-off-by: F. Aragon <paco@voltanet.io>	2018-06-25 17:18:17 +02:00
paco	13f0e43443	ospfd: OoB access (Coverity 1399304 1399286) Signed-off-by: F. Aragon <paco@voltanet.io>	2018-06-25 17:07:31 +02:00
paco	0ef34ac51a	ldpd: null check (Coverity 1452317) Signed-off-by: F. Aragon <paco@voltanet.io>	2018-06-25 16:47:15 +02:00
paco	a2d7fdfeb0	eigrpd ospfd: null chk (Coverity 1458168 1455335) Signed-off-by: F. Aragon <paco@voltanet.io>	2018-06-25 16:37:04 +02:00

1 2 3 4 5 ...

11855 Commits