The code pattern:
for (ALL_LSDB(lsdb, lsa)) {
remove_lsa(lsa)
}
has a use after free in ALL_LSDB, since we ask for the next pointer,
after it has been freed.
Modify the code such that we grab the next pointer before we can
possibly free it.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
ospf6_network.h needs ospf6_top.h to be included
first.
This makes newer versions of gcc much much happier.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
1. The socket() call is changed to vrf_socket().
2. The ospf6 instance creation api added.
3. The global socket fd is replaced with ospf6->fd.
4. All dependency of the global socket is resolved.
5. Added the ospf6 receive timer in the global structure.
6. Performed the thread off on receive timer when we do "no router ospf6".
Co-authored-by: harios <hari@niralnetworks.com>
Signed-off-by: Kaushik <kaushik@niralnetworks.com>
1. Removed the VRF_DEFAULT dependency from ospf6d.
2. The dependency on show command still exist
will be fixed when the ospf6 master is available.
Co-authored-by: Harios <hari@niralnetworks.com>
Signed-off-by: Kaushik <kaushik@niralnetworks.com>
This reverts commit 0f9f74baeb.
This commit was causing crashes and the goal of this commit
was to make coverity sanity happy. I'd rather have coverity
sad and not have ospfv3 crash
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
ospf6_lsa_unlock may free the lsa data structure as such
we cannot use the passed in data structure after freeing it.
Provide a mechanism to know if the data has been freed
using the same usage patterns of other _unlock functions
in FRR.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
the for (ALL_LSDB...) macro was iterating over lsa,
when lsa had just been freed in these functions.
Remove the macro and make the adjustments saving lsa_next
before the free.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
There is no need to check for failure of a ALLOC call
as that any failure to do so will result in a assert
happening. So we can safely remove all of this code.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
The following types are nonstandard:
- u_char
- u_short
- u_int
- u_long
- u_int8_t
- u_int16_t
- u_int32_t
Replace them with the C99 standard types:
- uint8_t
- unsigned short
- unsigned int
- unsigned long
- uint8_t
- uint16_t
- uint32_t
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
When we have a interface disabled in ospfv3 and
we are receiving messages on it. We will spam
the log file repeatedly. Debug guard the message.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
RFC 2328 (14.1) Premature aging of LSAs from
routing domain :
When ospf6d is going away (router going down),
send MAXAGEd self originated LSAs to all
neighbors in routing domain to trigger
Premature aging to remove from resepective LSDBs.
Neighbor Router Reboot:
Upon receiving Self-originate MAXAGEd LSA, simply
discard, Current copy could be non maxaged latest.
For neighbor advertised LSA's (current copy in LSDB)
is set to MAXAGE but received new LSA with Non-MAXAGE
(with current age), discard the current MAXAGE LSA,
Send latest copy of LSA to neighbors and update the
LSDB with new LSA.
When a neighbor transition to FULL, trigger AS-External
LSAs update from external LSDB to new neighbor.
Testing:
R1 ---- DUT --- R5
| \
R2 R3
|
R4
Area 1: R5 and DUT
Area 0: DUT, R1, R2, R3
Area 2: R2 R4
Add IPv6 static routes at R5
Redistribute kernel routes at R5,
Validate routes at R4, redistributed via backbone
to area 2.
Stop n start frr.service at R5 and validated
MAXAGE LSAs then recent age LSAs in Database at DUT-R4.
Validated external routes installed DUT to R4.
Signed-off-by: Chirag Shah <chirag@cumulusnetworks.com>
While traversing LSUpdate list, if LSUpdate message
fills up (w/ LSAs) to the interface MTU size,
Send the existing filled LSUpdate message if max
payload exceeds max ospf6 payload,
reset sendbuf (buffer) to fill rest of
the remaining LSAs.
Add relevant fields to debugs.
Ticket:CM-18069
Signed-off-by: Chirag Shah <chirag@cumulusnetworks.com>
This reverts commit c14777c6bf.
clang 5 is not widely available enough for people to indent with. This
is particularly problematic when rebasing/adjusting branches.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
log.c provides functionality for associating a constant (typically a
protocol constant) with a string and finding the string given the
constant. However this is highly delicate code that is extremely prone
to stack overflows and off-by-one's due to requiring the developer to
always remember to update the array size constant and to do so correctly
which, as shown by example, is never a good idea.b
The original goal of this code was to try to implement lookups in O(1)
time without a linear search through the message array. Since this code
is used 99% of the time for debugs, it's worth the 5-6 additional cmp's
worst case if it means we avoid explitable bugs due to oversights...
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
The FSF's address changed, and we had a mixture of comment styles for
the GPL file header. (The style with * at the beginning won out with
580 to 141 in existing files.)
Note: I've intentionally left intact other "variations" of the copyright
header, e.g. whether it says "Zebra", "Quagga", "FRR", or nothing.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Pass pointer to pointer instead of assigning by return value. See
previous commit message.
To ensure that the behavior stays functionally correct, any assignments
with the result of a thread_add* function have been transformed to set
the pointer to null before passing it. These can be removed wherever the
pointer is known to already be null.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
The way thread.c is written, a caller who wishes to be able to cancel a
thread or avoid scheduling it twice must keep a reference to the thread.
Typically this is done with a long lived pointer whose value is checked
for null in order to know if the thread is currently scheduled. The
check-and-schedule idiom is so common that several wrapper macros in
thread.h existed solely to provide it.
This patch removes those macros and adds a new parameter to all
thread_add_* functions which is a pointer to the struct thread * to
store the result of a scheduling call. If the value passed is non-null,
the thread will only be scheduled if the value is null. This helps with
consistency.
A Coccinelle spatch has been used to transform code of the form:
if (t == NULL)
t = thread_add_* (...)
to the form
thread_add_* (..., &t)
The THREAD_ON macros have also been transformed to the underlying
thread.c calls.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
The next patch will bulk-replace these, and monotime() has time_t as
return value, not an error indicator.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Ticket: Trivial
Reviewed by: Trivial
Testing: arm/powerpc/amd64 targets now build
Apparently we have a arm build. Who knew? This fixes the compile warnings/errors
produced when you compile a arm build with -Werror.
Quagga sources have inherited a slew of Page Feed (^L, \xC) characters
from ancient history. Among other things, these break patchwork's
XML-RPC API because \xC is not a valid character in XML documents.
Nuke them from high orbit.
Patches can be adapted simply by:
sed -e 's%^L%%' -i filename.patch
(you can type page feeds in some environments with Ctrl-V Ctrl-L)
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Do not send ospf6d hellos on fresh created interfaces without
configuration (ie. no vlan configured). Ospf6d use ip6_mtu, if it's not
initalised, Ospf6d tries to alloc indefinite size of memory.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Improve the _disable/_enable infrastructure so it gets into
a more usable shape and make 'no router ospf6' actually work.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
The code was setting the DbDesc seqnum to the current seconds value of time if
this was the initial DbDesc. However, the same code was getting invoked if the
initial DbDesc was retransmitted. Caused ANVL test XX.XX to fail.
Signed-off-by: Dinesh G Dutt <ddutt at cumulusnetworks.com>
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
the performance in the presence of a large number of LSAs. I also verified
that the performance improvements stayed in the presence of a large number
of peers (I tested upto 128).
Signed-off-by: Dinesh G Dutt <ddutt at cumulusnetworks.com>
Reviewed-by: Scott Feldman <sfeldma at cumulusnetworks.com>Summary:
Reviewed-by: James Li <jli at cumulusnetworks.com>
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
The OSPFv3 code doesn't do the following things right as part of an adjacency
bringup:
- Transmit DbDesc frames appropriately to ensure faster state transition to
Loading state
- Transmit LsReq frames when switching to exchange state and on receipt of
an LS update in Loading state
- Requesting LSAs multiple times in LsReq.
It currently uses retransmit timer expiry to send the LsReq and DbDesc frames
which significantly slows down large lsdb syncs.
Signed-off-by: Dinesh G Dutt <ddutt at cumulusnetworks.com>
Reviewed-by: Scott Feldman <sfeldma at cumulusnetworks.com>
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Signed-off-by: Dinesh G Dutt <ddutt at cumulusnetworks.com>
Signed-off-by: Ayan Banerjee <ayabaner at gmail.com>
Reviewed-by: Scott Feldman <sfeldma at cumulusnetworks.com>
Reviewed-by: James Li <jli at cumulusnetworks.com>
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Rearranging common defs and structures for use betweeen OSPFv2 and
OSPFv3. Created a new file called libospf.h under lib directory to
hold defines that are common between OSPFv2 and OSPFv3 code bases.
[DL: split of defines refactor from timer refactor]
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Use the array_size() helper macro. Replaces several instances of local
macros with the same definition.
Reviewed-by: Scott Feldman <sfeldma@cumulusnetworks.com>
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
* fix disagreement with C99 in zlog_debug calls
Format specifier in some zlog_debug calls for size_t values
was changed in order to C99 ('%u' -> '%zu').
* fix -Wsign-compare warnings
Type of return value of ospf6_packet_max() was changed.
* ospf6_message.h
* OSPF6_MESSAGE_TYPE_CANONICAL(): dismiss
* OSPF6_MESSAGE_TYPE_NAME(): dismiss
* ospf6_message.c
* ospf6_message_type_str: rewrite as a message list, add max value
* ospf6_packet_examin(): update to use LOOKUP()
* ospf6_receive(): idem
* ospf6_send(): idem
As long as ospf6_packet_examin() is now the single checkpoint for
received packets, most of the old checks performed elsewhere can
be converted into assert() constructs. Malformed input data at
respective points can be attributed solely to a programming error,
not a malformed packet.
* ospf6_message.c
* ospf6_hello_print()
* ospf6_dbdesc_print()
* ospf6_lsreq_print()
* ospf6_lsupdate_print()
* ospf6_lsack_print()
* ospf6_hello_recv()
* ospf6_dbdesc_recv_master()
* ospf6_dbdesc_recv_slave()
* ospf6_lsreq_recv()
* ospf6_lsupdate_recv()
* ospf6_lsupdate_recv()
* ospf6_lsack_recv()
* ospf6_receive()
* ospf6_message.c: (ospf6_packet_max): new function, return maximum IPv6
payload on an interface; (ospf6_hello_send, ospf6_dbdesc_send,
ospf6_dbdesc_send_newone, ospf6_lsreq_send, ospf6_lsupdate_send_neighbor,
ospf6_lsupdate_send_interface, ospf6_lsack_send_neighbor,
ospf6_lsack_send_interface): compare message size with the maximum
payload instead of the MTU.
This vulnerability (CERT-FI #514840) was reported by CROSS project.
ospf6d processes IPv6 prefix structures in incoming packets without
verifying that the declared prefix length is valid. This leads to a
crash
caused by out of bounds memory access.
* ospf6_abr.h: new macros for size/alignment validation
* ospf6_asbr.h: idem
* ospf6_intra.h: idem
* ospf6_lsa.h: idem
* ospf6_message.h: idem
* ospf6_proto.h: idem
* ospf6_message.c
* ospf6_packet_minlen: helper array for ospf6_packet_examin()
* ospf6_lsa_minlen: helper array for ospf6_lsa_examin()
* ospf6_hello_recv(): do not call ospf6_header_examin(), let upper
layer verify the input data
* ospf6_dbdesc_recv(): idem
* ospf6_lsreq_recv(): idem
* ospf6_lsupdate_recv(): idem
* ospf6_lsack_recv(): idem
* ospf6_prefixes_examin(): new function, implements A.4.1
* ospf6_lsa_examin(): new function, implements A.4
* ospf6_lsaseq_examin(): new function, an interface to above
* ospf6_packet_examin(): new function, implements A.3
* ospf6_rxpacket_examin(): new function, replaces
ospf6_header_examin()
* ospf6_header_examin(): sayonara
* ospf6_receive(): perform passive interface check earliest possible,
employ ospf6_rxpacket_examin()
"mtu-ignore" is an option ospfd used to mimic from the vendor's
implementation, now ospf6d will also implement it.
* ospf6_interface.h: extend ospf6_interface structure by one flag
* ospf6_interface.c: (ipv6_ospf6_mtu_ignore, no_ipv6_ospf6_mtu_ignore):
new declarations; (ospf6_interface_create): show initial value for
consistency; (ospf6_interface_show): print flag status
* ospf6_message.c: (ospf6_dbdesc_recv): consider interface-specific flag
when checking MTU
A clean exit makes it easier to use memory debuggers.
* ospf6_asbr.c: (ospf6_asbr_terminate) Add a function to do route map
cleanup.
* ospf6_lsa.c: (ospf6_lsa_terminate) Add a function to cleanup the lsa
handler vector.
* ospf6_main.c: (ospf6_exit) Add an function that causes ospf6d to
gracefully exit.
* ospf6_message.c: (ospf6_message_terminate) Add a function that frees
the send and receive buffers.
* ospf6_top.c: (ospf6_delete) Enable the ospf6_delete() function.
Disable ospf6 before freeing everything.
2008-08-15 Paul Jakma <paul.jakma@sun.com>
* {ospf6d,ripngd}/*: Finish job of marking functions as static, or
exporting declarations for them, to quell warning noise with
Quagga's GCC default high-level of warning flags. Thus allowing
remaining, more useful warnings to be more easily seen.
2005-10-20 Yasuhiro Ohara <yasu@sfc.wide.ad.jp>
* ospf6_neighbor.c: add the calling of ospf6_maxage_remove ()
when the neighbor went out of Exchange/Loading.
IP source address in the OSPF packets. It was sometimes problematic
in actual operation (needed some operational cost: restarting
all-neighbor routers when I/F NIC was changed). Due to this change,
a previously safe case, attaching multiple interface to the same
link will now be dengerous and will not work. Remedy to that should
be applied later.
[port from GNU Zebra]
* (global): Fix up list loops to match changes in lib/linklist,
and some basic auditing of usage.
* configure.ac: define QUAGGA_NO_DEPRECATED_INTERFACES
* HACKING: Add notes about deprecating interfaces and commands.
* lib/linklist.h: Add usage comments.
Rename getdata macro to listgetdata.
Rename nextnode to listnextnode and fix its odd behaviour to be
less dangerous.
Make listgetdata macro assert node is not null, NULL list entries
should be bug condition.
ALL_LIST_ELEMENTS, new macro, forward-referencing macro for use
with for loop, Suggested by Jim Carlson of Sun.
Add ALL_LIST_ELEMENTS_RO for cases which obviously do not need the
"safety" of previous macro.
LISTNODE_ADD and DELETE macros renamed to ATTACH, DETACH, to
distinguish from the similarly named functions, and reflect their
effect better.
Add a QUAGGA_NO_DEPRECATED_INTERFACES define guarded section
with the old defines which were modified above,
for backwards compatibility - guarded to prevent Quagga using it..
* lib/linklist.c: fix up for linklist.h changes.
* ospf6d/ospf6_abr.c: (ospf6_abr_examin_brouter) change to a single
scan of the area list, rather than scanning all areas first for
INTER_ROUTER and then again for INTER_NETWORK. According to
16.2, the scan should be area specific anyway, and further
ospf6d does not seem to implement 16.3 anyway.
* ospf6d/ospf6_message.c: Change memcpy() to strcpy() to prevent
copying of extraneous junk - suggested by Anil Madhavapeddy
<anil@recoil.org> on bug-zebra@gnu.org.
