When we get this sequence of events:
- zebra receives interface up, sends to ospf
- ospf receives intf up, processes( including neighbor formation and spf )
and sends route to zebra for installation.
- zebra receives route for processing, schedules it too happen in the future
- zebra receives interface down event, sends to ospf
- zebra processes route X and marks it inactive because nexthop
interface is down
- zebra receives interface up event, sends to ospf
- ospf receives both events and processes the change and decides
that nothing has changed so it does not send any route change for X to zebra.
At this point zebra has a route from ospf that is marked as inactive, while
ospf believes that the route should be installed properly.
Modify the code such that on an interface down event, ospf marks the routes
as changed if the ifindex is being used for a nexthop, so that when ospf
is deciding if routes have changed post spf that it can just automatically
send that route down again if it still exists.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
Found that in some circumstances, when the "ip ospf area"
command was entered for the default vrf, the wrong ospf
process would be used to check for the presence of a
"network" statement, causing the "ip ospf area" command to
be rejected. This was due to the command using the ospf
instance lookup to find the right ospf process, which can
be in error depending on when the processes were created.
Signed-off-by: Don Slice <dslice@nvidia.com>
When browsing or parsing OSPF LSA TLVs, we need to use the LSA length which is
part of the LSA header. This length, encoded in 16 bits, must be first
converted to host byte order with ntohs() function. However, Coverity Scan
considers that ntohs() function return TAINTED data. Thus, when the length is
used to control for() loop, Coverity Scan marks this part of the code as defect
with "Untrusted Loop Bound" due to the usage of Tainted variable. Similar
problems occur when browsing sub-TLV where length is extracted with ntohs().
To overcome this limitation, a size attribute has been added to the ospf_lsa
structure. The size is set when lsa->data buffer is allocated. In addition,
when an OSPF packet is received, the size of the payload is controlled before
contains is processed. For OSPF LSA, this allow a secure buffer allocation.
Thus, new size attribute contains the exact buffer allocation allowing a
strict control during TLV browsing.
This patch adds extra control to bound for() loop during TLV browsing to
avoid potential problem as suggested by Coverity Scan. Controls are based
on new size attribute of the ospf_lsa structure to avoid any ambiguity.
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
If the default route redistribution is configured in OSPF router before
the VRF is created, then this is not currently registered in zebra after
the VRF creation.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Currently ospfd relies on vrf bitmaps in zclient to check that the
redistribution is configured. This doesn't work when the VRF for OSPF
instance doesn't exist yet, because vrf bitmaps ignore VRF_UNKNOWN id.
Because of this, the following problems occur when the VRF doesn't exist:
- repeated "redistribute smth" command is processed as a first-time
instead of an update
- "no redistribute smth" doesn't work at all
This commit fixes both issues by relying on internal redistribution
config instead of zclient vrf bitmaps.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Found a couple spots where FRR was using `case default` when
using a switch over an enum. In this case we *must* enumerate
all states as part of the switch.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
Description:
DR information is missing under "show ip ospf interface [json]".
Added DR infomation to display in "show ip ospf interface".
Signed-off-by: Rajesh Girada <rgirada@vmware.com>
This fixes 2 asan errors:
If we only have a TLV_ROUTER_ADDR don't continue after we skipped it.
Fixed length when parsing EXT_TLV_LINK_SIZE.
Signed-off-by: Erik Kooistra <me@erikkooistra.nl>
`config.h` has all the defines from autoconf, which may include things
that switch behavior of other included headers (e.g. _GNU_SOURCE
enabling prototypes for additional functions.)
So, the first include in any `.c` file must be either `config.h` (with
the appropriate guard) or `zebra.h` (which includes `config.h` first
thing.)
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Currently this flag is only helpful in an extremely rare situation when
the BFD session registration was unsuccessful and after that zebra is
restarted. Let's remove this flag to simplify the API. If we ever want
to solve the problem of unsuccessful registration/deregistration, this
can be done using internal flags, without API modification.
Also add the error log to help user understand why the BFD session is
not working.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
`CFLAGS` is a "user variable", not intended to be controlled by
configure itself. Let's put all the "important" stuff in AC_CFLAGS and
only leave debug/optimization controls in CFLAGS.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
... by referencing all autogenerated headers relative to the root
directory. (90% of the changes here is `version.h`.)
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Description:
All matching external routes are added to matching external hash table
of aggregate route when aggregation is enabled.
But these external info pointers are not delinked from this hash table
before freeing the corresponding memory while disabling redistribution.
Addressing these memory issues in this change.
Signed-off-by: Rajesh Girada <rgirada@vmware.com>
Currently, if NSSA area is configured before redistribution is enabled,
Type-7 LSA's are installed and flooded. But if NSSA area is configured
after redistribution is enabled, Type-7 LSA's are not installed.
With this change, when NSSA area is configured, schedule a task that
scans for external LSA's. If they exist, install Type-7 and flood to
all NSSA Areas.
There already was an attempt to fix this problem in 0f321812f where
ospf_asbr_nssa_redist_task() was triggered in ospf_abr_task_timer().
This turns out to be incorrect place for this operation because it's
a one-off operation needed only after "area <ID> nssa" execution. And
ospf_abr_task_timer() is a periodic operation. Triggering
ospf_asbr_nssa_redist_task() in ospf_abr_task_timer() caused a problem
that was fixed in 945eec2b6 making the problem with NSSA area
configured after redistribution actual again.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Most of these are many, many years out of date. All of them vary
randomly in quality. They show up by default in packages where they
aren't really useful now that we use integrated config. Remove them.
The useful ones have been moved to the docs.
Signed-off-by: Quentin Young <qlyoung@nvidia.com>
The interface parameters deletion must be called before
`route_table_finish` due to the usage of the route data structures to
search neighbors in the same interface. If the route info is removed
before that we get the following crash:
```
6 0x00007f5c6ed50394 in core_handler at lib/sigevent.c:255
7 <signal handler called>
8 ospf_interface_bfd_apply (ifp=<optimized out>) at ospfd/ospf_bfd.c:130
9 0x000055d4c306d076 in ospf_interface_disable_bfd at ospfd/ospf_bfd.c:159
10 0x000055d4c3071781 in ospf_del_if_params at ospfd/ospf_interface.c:553
11 0x000055d4c3071900 in ospf_if_delete_hook at ospfd/ospf_interface.c:704
12 0x00007f5c6ed17935 in hook_call_if_del at lib/if.c:59
13 if_delete_retain at lib/if.c:290
14 0x00007f5c6ed19bc5 in if_delete at lib/if.c:313
15 0x00007f5c6ed19d88 in if_terminate at lib/if.c:1067
16 0x00007f5c6ed63a04 in vrf_delete at lib/vrf.c:297
17 0x00007f5c6ed76784 in zclient_vrf_delete at lib/zclient.c:1974
18 zclient_read at lib/zclient.c:3686
19 0x00007f5c6ed60f85 in thread_call at lib/thread.c:1815
20 0x00007f5c6ed20228 in frr_run at lib/libfrr.c:1149
21 0x000055d4c306bc70 in main at ospfd/ospf_main.c:233
```
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
Allow over-write of message-digest-key interface config. Most
attributes handle multi-instance by ... ignoring instances,
and tolerating repeated config: do the same for md5 auth.
Signed-off-by: Mark Stapp <mjs@voltanet.io>
When you set OSPF hello-interval for an interface and dead-interval is
not set for this interface, dead-interval will be calculated and set
automatically. "show running-config" will contain an invalid command:
test(config)# interface vpp1
test(config-if)# ip ospf area 0
test(config-if)# ip ospf hello-interval 1
test(config-if)# exit
test(config)#
test(config)# do show running-config
...
interface if1
ip ospf area 0
ip ospf dead-interval minimal hello-multiplier 0
ip ospf hello-interval 1
!
...
It causes frr-reload.py to fail because of this:
# vtysh -c "show running-config no-header" | vtysh -m -f -
line 9: % Unknown command: ip ospf dead-interval minimal hello-multiplier 0
...
With this change, output "ip ospf dead-interval" only if it has value
configured explicitly.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
When ip nhrp map multicast is being used, this is usually accompanied by an
iptables rule to block the original multicast packet. This causes sendmsg to
return EPERM.
Signed-off-by: Reuben Dowle <reuben.dowle@4rf.com>
This commit introduces the implementation for the north-bound
callbacks for the ospfd-specific route-map match and set clauses.
Signed-off-by: NaveenThanikachalam <nthanikachal@vmware.com>
Signed-off-by: Sarita Patra <saritap@vmware.com>
