When exiting from the helper mode for a given router after an
unsuccessful graceful restart, removing the neighborship to that
router straight away leads to a dangling pointer in the associated
interface, which inevitably leads to a crash. To solve this
problem, schedule the removal of the neighbor instead of removing
it immediately.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Change the "show_ospf_grace_lsa_info" callback to account for the
fact that the "vty" parameter can be null.
This fixes a crash that happens when "debug ospf packet ls-update
detail" is configured and a Grace-LSA is sent or received.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
When exiting from the GR helper mode, recalculate the DR only for
interfaces of the appropriate types (broadcast and NMBA).
This fixes a problem where the state of a neighbor reachable over a
p2p interface was changing from Full/DROther to Full/Backup across
a graceful restart.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Since a single ospfd process can have multiple OSPF interfaces
configured, we need to separate the global GR initialization and
termination from per-instance initialization and termination.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
When browsing or parsing OSPF LSA TLVs, we need to use the LSA length which is
part of the LSA header. This length, encoded in 16 bits, must be first
converted to host byte order with ntohs() function. However, Coverity Scan
considers that ntohs() function return TAINTED data. Thus, when the length is
used to control for() loop, Coverity Scan marks this part of the code as defect
with "Untrusted Loop Bound" due to the usage of Tainted variable. Similar
problems occur when browsing sub-TLV where length is extracted with ntohs().
To overcome this limitation, a size attribute has been added to the ospf_lsa
structure. The size is set when lsa->data buffer is allocated. In addition,
when an OSPF packet is received, the size of the payload is controlled before
contains is processed. For OSPF LSA, this allow a secure buffer allocation.
Thus, new size attribute contains the exact buffer allocation allowing a
strict control during TLV browsing.
This patch adds extra control to bound for() loop during TLV browsing to
avoid potential problem as suggested by Coverity Scan. Controls are based
on new size attribute of the ospf_lsa structure to avoid any ambiguity.
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
gcc 10 complains about some of our format specs, fix them. Use
atomic size_t in thread stats, to work around platform
differences.
Signed-off-by: Mark Stapp <mjs@voltanet.io>
Use to-string functions for GR message codes instead of raw
string array indexing; the values used can come in packets
and are not validated.
Signed-off-by: Mark Stapp <mjs@voltanet.io>
Description:
The following show commands are added to display helper specific
information.
1.show ip ospf graceful-restart helper [detail] [json]
--> displays user configurations and list of all helpers details.
2.show ip ospf neighbour detail
--> diplays helper details
Signed-off-by: Rajesh Girada <rgirada@vmware.com>
Description:
The follwoing helper exit scenarios are handled.
1. Recv Max age grace LSA from RESTARTER.
2. Grace timer expiry.
3. Due to topo change if lsa check is enabled.
Signed-off-by: Rajesh Girada <rgirada@vmware.com>
