When browsing or parsing OSPF LSA TLVs, we need to use the LSA length which is
part of the LSA header. This length, encoded in 16 bits, must be first
converted to host byte order with ntohs() function. However, Coverity Scan
considers that ntohs() function return TAINTED data. Thus, when the length is
used to control for() loop, Coverity Scan marks this part of the code as defect
with "Untrusted Loop Bound" due to the usage of Tainted variable. Similar
problems occur when browsing sub-TLV where length is extracted with ntohs().
To overcome this limitation, a size attribute has been added to the ospf_lsa
structure. The size is set when lsa->data buffer is allocated. In addition,
when an OSPF packet is received, the size of the payload is controlled before
contains is processed. For OSPF LSA, this allow a secure buffer allocation.
Thus, new size attribute contains the exact buffer allocation allowing a
strict control during TLV browsing.
This patch adds extra control to bound for() loop during TLV browsing to
avoid potential problem as suggested by Coverity Scan. Controls are based
on new size attribute of the ospf_lsa structure to avoid any ambiguity.
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
If there's no default router configured at the moment when bgpd is
connected to zebra, bgpd is not registered as a BFD client.
We should do the registration regardless of the config existence.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
If the n-flag-clear option is set in the configuration of a prefix
segment, clear the flag in the extended ip reachability TLVs.
RFCs 7794 and 8667 are not too strict on the setting / clearing the
N-flag in prefix SIDs. However, if there exists a cmd line option
to clear it, it should be cleared in the TLVs announced, as other
vendors do.
Signed-off-by: Fredi Raspall <fredi@voltanet.io>
Test case test_verify_mroute_when_5_different_receiver_joining_same_sources_p0
is failing intermittently in master. Fixed the issue.
Signed-off-by: Kuldeep Kashyap <kashyapk@vmware.com>
1. Automated test cases to verify BGP Graceful Shutdown community functionality,
with 2 different topologies.
Signed-off-by: Kuldeep Kashyap <kashyapk@vmware.com>
When the ospf6 instance in unknown VRF is deleted, the redistribution
config is not freed, because it is not registered in zebra. We should
always free the config regardless of zebra registration status.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
If the default route redistribution is configured in OSPF6 router before
the VRF is created, then this is not currently registered in zebra after
the VRF creation.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
If the default route redistribution is configured in OSPF router before
the VRF is created, then this is not currently registered in zebra after
the VRF creation.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
RIPNG schedules a call to `ripng_interface_wakeup` in 1 second after
receiving the interface UP event from zebra. The function is called even
if the interface was shut down during this interval.
This is incorrect and also leads to a crash in the following scenario:
```
vtysh -c "conf" -c "router ripng vrf red" -c "network enp2s0"
ip link add red type vrf table 1
ip link set enp2s0 vrf red
ip link set enp2s0 down
ip link set enp2s0 up && sleep 2 && ip link del red
```
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
RIP schedules a call to `rip_interface_wakeup` in 1 second after
receiving the interface UP event from zebra. The function is called even
if the interface was shut down during this interval.
This is incorrect and also leads to a crash in the following scenario:
```
vtysh -c "conf" -c "router rip vrf red" -c "network enp2s0"
ip link add red type vrf table 1
ip link set enp2s0 vrf red
ip link set enp2s0 down
ip link set enp2s0 up && ip link del red
```
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Currently, when AS number of an existing BGP neighbor is added in a BGP
confederation, AS_CONFED_SEQUENCE segment attribute will be missing in
prefixes advertised to the neighbor. Also, receiving prefixes from the
neighbor will be withdrawn because of "Malformed AS path from A.B.C.D".
neighbor 10.100.200.3 remote-as 123
bgp confederation identifier 65001
bgp confederation peers 123
With this change, update peer's sort after adding or removing its AS
number in a BGP confederation.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
When handling the addition of a nhg which would saturate the range of
tables PBR is configured to install into, handle this *before* a
possible call to pbr_nhgc_alloc during hash query
Signed-off-by: Wesley Coakley <wcoakley@nvidia.com>
Represent installed ("allocated") NHG tables with a hash keyed by table
ID. Replaces a pre-allocated array of booleans that implemented this
functionality before.
+ PBR table range > 65535 is fixed (was OOB access before :))
+ Pre-compute next available ID to save time when only checking
if all tables are allocated
Signed-off-by: Wesley Coakley <wcoakley@nvidia.com>
This includes community and large-community data.
```
exit1-debian-9# show ip route 172.16.16.1/32
Routing entry for 172.16.16.1/32
Known via "bgp", distance 20, metric 0, best
Last update 00:00:23 ago
* 192.168.0.2, via eth1, weight 1
AS-Path : 65030
Communities : 65001:1 65001:2 65001:3 65001:4 65001:5 65001:6
Large-Communities: 65001:123:1 65001:123:2
```
Signed-off-by: Donatas Abraitis <donatas.abraitis@gmail.com>
When only one of the keepalive or hold timers is changed from the
default, bgp won't print the timers command in the config.
Signed-off-by: Quentin Young <qlyoung@nvidia.com>
