Eliminate several more SUID problems (VTYSH_LOG, history file) and make
the whole SUID approach more robust. Still possibly unsafe to use, but
much better.
[v2: wrap seteuid/setegid calls]
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
This uses zmq_getsockopt(ZMQ_FD) to create a libfrr read event, which
then wraps zmq_poll and calls an user-specified ZeroMQ read handler.
It's wrapped in a separate library in order to make ZeroMQ support an
installation-time option instead of build-time.
Extended to support per-message and per-fragment callbacks as discussed
with Bingen in PR #566.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
support processing of RTN_BLACKHOLE et al. from kernel and dump them
into appropriate blackhole rib entries.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
blackhole support was horribly broken. cleanup by removing blackhole
stuff from ZEBRA_FLAG_*
introduces support for "prohibit" routes (Linux/netlink only)
also clean up blackhole options on "ip route" vty commands.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
FLAG_BLACKHOLE is used for different things in different places. remove
it from the zclient API, instead indicate blackholes as proper nexthops
inside the message.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
support configuring a point-to-point address on systems using ioctl
/ struct ifaliasreq. error out when interface/address type mismatch.
tested on FreeBSD 8.0-RELEASE.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
add a few bits to properly set a pointopoint address via netlink. the
structures have all the neccessary support, just need to send the proper
message bits to the kernel.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
meh. forgot to even look at the interface deletion path. this doesn't
really work well when looking for the local address in the subnet list
which has the connected prefix in it... loop ensues.
fix by using the connected prefix when looking at the list of connected
prefixes. duh.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
add a connected_check_ptp function which does the same as
connected_check, but takes an additional peer prefix argument.
also fix related prefixlen mixup in PtP addresses (the local part of a
PtP address always is /32, but previously the peer mask got copied.)
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Problem noticed where we were not sending the correct metric values
to our peers for connected interfaces. Found that we were not storing
these values on the structure used to send the update packets.
Signed-off-by: Don Slice <dslice@cumulusnetworks.com>
This warning is at odds with how the world works. Also, the code is
correct on all platforms we care about.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Variably-sized struct tails are done as [0], not [1]. The latter
triggers compiler warnings and mis-sizes "sizeof(struct) + n"
expressions.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Specifically, gcc 4.2.1 on OpenBSD 6.0 warns about these; they're bogus
(gcc 4.2, being rather old, isn't quite as "intelligent" as newer
versions; the newer ones apply more logic and less warnings.)
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
In certain situations, the CLI matcher would not handle ambiguous
commands properly. If it found an ambiguous result in a lower subgraph,
the ambiguous result would not correctly propagate up to previous frames
in the resolution DFS as ambiguous; instead it would propagate up as a
non-match, which could subsequently be overridden by a partial match.
Example CLI space:
show ip route summary
show ip route supernet-only
show ipv6 route summary
Entering `show ip route su` would result in an ambiguous resolution for
the `show ip route` subgraph but would propagate up to the `show ip`
subgraph as a no-match, allowing `ip` to partial-match `ipv6` and
execute that command.
In this example entering `show ip route summary` would disambiguate the
`show ip` subgraph. So this bug would only appear when entering input
that caused ambiguities in at least two parallel subgraphs.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Coverity is generating a lot of warnings about unused stuff being
around. Disabling these bits is most easily done by just putting a few
preprocessor directives into the template.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
1) Various socket close issues
2) Ensure afi passed is usable
3) Fix some reads beyond buffer and reads after free
4) Ensure some failure modes are handled properly
5) Memory Leak(s) fix
6) There is no 6.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Add the RMAP_COMPILE_SUCCESS and switch over to using it.
Refactoring allows a removal of a if statement to just
use the switch statement already in place. Additionally
the reworking cleans up memory freeing in a couple of spots.
In one spot we no longer will leak memory too.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
1) Error check return from setsockopt and sockets
2) Check return codes for str2prefix
3) Clean up some potential NULL References
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
1) Handle key value not found on interface
2) Handle various NULL pointer possibilities
3) Fix possible integer overflow
4) Fix memory leak
5) Check return codes on sscanf
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Set default hostname in frr to unix hostname.
Provide APIs to get the hostname/domaninanme
Use this APIs where needed
Signed-off-by: Mitesh Kanjariya <mitesh@cumulusnetworks.com>
