commit c876b0b27e398c7d733966ce8636c26dd7a8e6eb Author: Paul Jakma Date: Wed Feb 8 15:19:38 2017 +0000 release: Quagga 1.2.0 commit 3c06ac025adbd4611e3a290b43fea4cb512688ac Author: Paul Jakma Date: Sun Feb 5 21:45:05 2017 +0000 build/HACKING: add check for pandoc and update make rule for HACKING.pdf commit b29cd82299206f77a584699bcb3b7a7b36183787 Author: Paul Jakma Date: Sun Feb 5 21:24:42 2017 +0000 HACKING: Update governance commit f452d5409a5eb275ee4d5dd24e67461231dc425a Author: Jim Carroll Date: Fri Jan 27 16:08:59 2017 +0000 ripd: Fix restriction on default RTE that's incompatible with CIDR * ripd.c: (rip_response_process) A 0 address can still easily have a non-zero netmask. E.g., 0/1 to complement 128/1. These should be allowed through. See bug #903. Modify to check for malformed pseudo-default routes, where the netmask is 0 but the address is non-0, and warn and drop such routes instead. commit d023f9ffae4b040335d12c1aa7409a9a15b7a3ac Author: Paul Jakma Date: Fri Sep 16 15:13:43 2016 +0100 bgpd: Rollback "always send OPEN" a little, to workaround test suite issues * "bgpd: Send OPEN immediately on inbound connections" doesn't play well with some partial BGP implementations, test and conformance suites e.g., which have rigid expectations about ordering and don't implement much of CD. roll back, but only a little, by deferring OPEN sending on outbound till receive. * bgpd.h: (struct peer) add PEER_STATUS_OPEN_DEFERRED status flag. Kind of a sub-fsm. Main FSM does not allow transition functions to signal next-state - next-state is inflexibly fixed in the table - so can't handle it cleanly at that level. * bgp_fsm.c: (bgp_connect_success) Defer sending open if the peer is an accept-peer/inbound and there appears to be an outbound connection in progress. Set PEER_STATUS_OPEN_DEFERRED to signal to bgp_open_receive that an OPEN still must be sent. * bgp_packet.c: (bgp_open_receive) Send the OPEN here, when deferred. commit 5a0c1be698a044bc838f3e6c8b259fa52cf9981c Author: Paul Jakma Date: Thu Sep 15 17:13:16 2016 +0100 bgpd: Config state related to OPEN must now be copied to accept peer. * bgp_network.c: (bgp_accept) OPEN is now sent on accept peer, due to "Send OPEN immediately on inbound connections", so configuration state that affects OPEN also has to be copied for. Fixes failure with Martin Winter / NetDEFs test cases, where bgpd was failing to advertise configured AFI/SAFIs. commit c79862373cd310dba8c0a51ff94ddce48be0099e Author: Paul Jakma Date: Wed Sep 21 17:42:37 2016 +0100 bgpd: Better/more debug for collisions, inc. logging port of NOTIFYs. commit 1ebafb61a4a2059fdd50aeefd27780d6358dd488 Author: Paul Jakma Date: Wed Apr 27 09:55:21 2016 +0100 bgpd: collision detection assumes 'new' peer is the inbound connection * bgp_packet.c: (bgp_collision_detect) for a long time, this has assumed the 'new' peer argument on which an OPEN has just been received must be an 'inbound' connection, and the looked up 'peer' the outbound. However, this doesn't seem a robust assumption. It seems possible it could be the other way around. The consequences are that collision detection could behave inconsistently with other implementations, and result in both sides closing the same connection. Fix to follow the RFC. commit ac278ea6b770fd0bf74b3e718c2e6a4d84fcba3a Author: Paul Jakma Date: Tue Apr 26 11:46:34 2016 +0100 bgpd: collision-detect should retain Established peers + tidy logic + logs * bgp_network.c: (bgp_accept) We should also reject connections where the main peer is in >Established state. Could potentially also reject connections for main peer == Established here too. Log the port number too, so it's easier to reconcile logs with network dumps. * bgp_packet.c: (bgp_collision_detect) Try factor out some of the conditionals controlling the action of the loop to the top, for readability. Handle existing Established session, by closing the new one, favouring stability and as per RFC, except for GR. (bgp_open_receive) Tidy up the logic a bit for readability, making each case distinct in the main body of the loop. commit f408fa2c81a8e5873cb0a8c37fe44e389f65d50e Author: Paul Jakma Date: Mon Apr 25 15:50:31 2016 +0100 lib: Add a trivial sockunion_get_port helper function commit 2d81a7a8e425dcc4ca0cda411e73915f7ec3c1c9 Author: Paul Jakma Date: Wed Apr 20 14:05:20 2016 +0100 bgpd: Send OPEN immediately on inbound connections * bgpd_fsm.c: (bgp_connect_success) This is the transition function called when TCP_connection_open occurs in Connect or Active. It sends OPEN, but only for a !ACCEPT_PEER. I.e. only on the local bgpd's outbound connection. This means OPEN will never be sent on a received connection, until OPEN is received on it. Which means if the remote peer delays sending its OPEN on such an inbound connection, the local peer might hit a timer (e.g. connectretry) before then and reset. There should be no harm in sending OPEN ASAP on any new connection with any conforming implementation, indeed this is supposed to be the behaviour. It should speed up things, decrease the window in which collision detection could be hit, and make things more robust. So do so. * bgp_packet.c: (bgp_open_receive) Update the comment. Do not send bgp_open_send on the ACCEPT_PEER connection that has just been transferred over, that's now done in bgp_connect_success, as it should be. The accept peer's output fifo must also be transferred over, to ensure the Open gets sent, if not already, and the write thread state replicated accordingly. * bgp_network.c: (bgp_accept) local AS config needs to set, so we can send Open early on ACCEPT_PEER connections. Note: The Cumulus "Fix FSM to handle active/passive connections better" patch also makes this change, amongst other things. commit a04d836427dcea903edf3d6aea3c0978b8ba1300 Author: Paul Jakma Date: Fri Jan 27 11:37:36 2017 +0000 release: Add release.sh script and update HACKING.md accordingly. commit 461649d3346a15a4b8be64156181bc2dac7a538e Author: Paul Jakma Date: Fri Jan 27 11:19:48 2017 +0000 doc: nhrpd.texi needs to referenced by Makefile for dist tarballs commit ac728fd929f5b949364089c4f0d95cfa322a7683 Author: Paul Jakma Date: Fri Jan 27 11:07:24 2017 +0000 nhrpd: Makefile.am needs to specify the headers, for dist tarballs to work commit b1887c852c5c040e109925887ec8c1ca8c428730 Author: Timo Teräs Date: Tue Jan 24 16:42:19 2017 +0200 doc: add initial nhrpd documentation commit 23426d21d5ceccec47d80288e8cf411e44f59e58 Author: Paul Jakma Date: Mon Jan 23 10:55:55 2017 +0000 lib: routemap.h depends on prefix.h commit 7fa7acb4926f2a0d1fb5eb0834ae6c60b8ba5147 Author: Paul Jakma Date: Fri Jan 20 18:16:04 2017 +0000 bgpd: Fix unhandled enum warning for AFI_ETHER * bgp_open.c: (bgp_afi_safi_valid_indices) We have AFI_ETHER defined, but don't handle it at this point. commit 3334bab0d96b2d7064111e025ff6294d6a32d026 Author: Job Snijders Date: Fri Jan 20 14:47:12 2017 +0000 bgpd: Add support for BGP Large Communities As described by Michael Lambert to the list: Traditional communities are four-octet entities to support two-octet ASNs and are usually represented as :. Large communities are an enhancement to support four-octet ASNs and are 12 octets long, represented as ::. This issue has been tracked in quagga bugzilla ticket #875, which documents some of the usage and indicates that some testing has been done. TODO: Documentation - update doc/bgpd.texi. * bgp_attr.{c,h}: Add BGP_ATTR_LARGE_COMMUNITIES codepoint. Add (struct lcommunity *) to (struct bgp_attr_extra). * bgp_clist.{c,h}: Large community codepoints and routines. * bgp_route.c: Display support. * bgp_routemap.c: 'match lcommunity', 'set large-community' and 'set large-comm-list' * bgp_vty.c: Peer configuration, add 'large' to 'neighbor send-community ..'. Add "show ip bgp large-community", ""ip large-community-list ...". Authors: Keyur Patel Job Snijders commit f2a4b8fffb1f771371d6bfc425e7a69a14057b06 Author: Paul Jakma Date: Fri Jan 20 14:45:47 2017 +0000 nhrpd: Add libgen.h include for basename call commit 86d87e018bd8f9249986be4e6b713ab918fa5e0b Author: Paul Jakma Date: Wed Apr 20 14:04:22 2016 +0100 bgpd: Graphviz dot files for the BGP FSM * bgp_fsm_{quagga,4271}.dot: Graphviz DOT files to document the BGP FSM somewhat, for both Quagga and the basics of 4271. May contain errors, and could do with more work, but hopefully a useful start. commit b8f8ba1bb24295a47758cb0e0b3072e017e52280 Author: Paul Jakma Date: Wed Sep 28 16:54:48 2016 +0100 bgpd: Make the exponential backoff on BGP stop_with_error slower * bgp_fsm.c: (bgp_stop_with_error) peer->v_start * 2^x exponential back off, up to max of 120s, ramps up fast. Use a slower back off, implemented via a helper. (back_off_exp2) The original 2^x back off. (back_off_exp2_bias) Exp back-off, but biased down by the initial value to slow the rampup initially. commit b1b1579bf16e6c3a21216d7f68b1b175ab1303bd Author: Paul Jakma Date: Wed Sep 21 18:50:23 2016 +0100 bgpd: consolidate start timer backoff via a 'BGP_Stop_with_error' FSM event * Exponential increase/back-off on the peer start timer is replicated in a few places. Consolidate by adding a "BGP_Stop_with_error" event so places outside FSM can just raise that event. * bgpd.h: Add BGP_Stop_with_error * bgp_fsm.c: (bgp_event_str[]) Add text for BGP_Stop_with_error. FSM table: Handle BGP_Stop_with_error, identical to bgp_stop in nearly all cases. * bgp_packet.c: (bgp_write,bgp_write_notify) can just raise new event now. commit 5a9f13a4a0df45c72dc425cc930e5e5682ba59ae Author: Paul Jakma Date: Tue Oct 4 13:00:00 2016 +0100 bgpd: Remove change that makes NHT tickle BGP FSM. * bgpd NHT patch makes NHT tickle FSM to restart session attempts that are still very early, pre sending of messages. Not really necessary, and conceptually it may be nicer to just keep these two pieces separate from each other. * bgpd.h: Remove NHT_Update FSM event * bgp_fsm.c: Remove NHT_Update event action from the FSM. * bgp_nht.c: Remove NHT_Update event. commit 3dda6b3eccb9a2a88d607372c83c04c796e7daac Author: Paul Jakma Date: Tue Sep 6 16:57:40 2016 +0100 bgpd: Rejiggle exported nht function names and consolidate some code * bgp_nht.h: Tweak the API a bit to simplify and make names a bit clearer on function. Remove AFI argument, it's implied in both bgp_infos and peers. (bgp_find_nexthop) this doesn't so much find a bnc, as check the bnc for the given bgp_info is valid. Rename to (bgp_nexthop_check). (bgp_find_or_add_nexthop) This ensures a bnc exists, so call it (bgp_ensure_nexthop). (bgp_unlink_nexthop_by_peer) Remove via peer. * bgp_nht.c: Adjust to above. (bgp_get_nexthop_rn) helper to get the rn. (bgp_find_nexthop) further helper to get the bnc for path or peer. (bgp_unlink_nexthop_check) helper to check whether a bnc should go. (bgp_ensure_nexthop) Use the helpers. * bgp_{route,fsm}.c: s/bgp_find_or_add_nexthop/bgp_ensure_nexthop/ commit 05c9075b09bea9e2328980df7138da5fd8157dc3 Author: Paul Jakma Date: Tue May 17 13:28:16 2016 +0100 bgpd: Modernise BGP defaults for MRAI and connect time Quagga uses historic BGP defaults for its minimum route advertisement interval (MRAI) timers, and its ConnectRetry timer. It uses 30s and 5s for the eBGP and iBGP MRAIs, and 120s for the ConnectRetry timer. These values are quite high, and delay convergence and session establishment, and are unlikely to be desirable in modern networks. The MRAI can, without a doubt, be significantly reduced. The optimal MRAI is related to the size of the network, its diameter in terms of BGP propagation latency particularly. Prior research suggests values of 5s to 15s for Internet BGP, as reasonably conservative values. Further, other implementations have long shipped with 1s or even 0s MRAI values. A too low MRAI, e.g. a 0 MRAI, can greatly increase the number of BGP messages a speaker sends, and hence the bandwidth and even CPU it might use. I.e. some MRAI is better than no MRAI, with current BGP, or it is prone to excessive - even extreme - chattiness. The ConnectRetry timer default also should be set much lower. Lowering the MRAI had previously been suggested by: "Lower the default MRAI timer for iBGP peers to 0 Signed-off-by: Daniel Walton Reviewed-by: Donald Sharp " * bgpd/bgpd.h: Set defaults to: - 3s for the eBGP MRAI - 1s for iBGP MRAI (lower, but non-0, would be nice for this) - 5s for the ConnectRetry timer commit a2f0db2be27385211f033271d8b83e9caf362236 Author: Paul Jakma Date: Thu Feb 25 16:41:56 2016 +0000 lib: track worst case # of cycles and don't allow granularity to go above * The workqueue code at present errs towards optimising the granularity for throughput of queue items in runs. This perhaps is at the cost of risking excessive delays at times. Make the workqueue take worst-cases into account. * thread.c: (thread_should_yield) When thread should yield, we can return the time taken for free, as it might be useful to caller. work_queue_run * workqueue.h: (struct work_queue) Add fields for worst # of cycles, and (independently) worst time taken. * workqueue.c: (work_queue_new) Worst starts high. (work_queue_run) Track the worst number of cycles taken, where a queue run had to yield before clearing out the queue. Use this as an upper-bound on the granularity, so the granulity can never increase. Track the worst-case delay per work-queue, where it had to yield, thanks to the thread_should_yield return value change. Note that "show thread cpu" already shows stats for the work_queue_run function, inc average and worst cases. Deficiencies: - A spurious outside delay (e.g. process not run in ages) could cause 'worst' to be very low in some particular invocation of a process, and it will stay that way for life of process. - The whole thing of trying to calculate suitable granularities is just fragile and impossible to get 100% right. commit 366bb4ab851137e669a2e7db7a45d73b39090249 Author: Paul Jakma Date: Tue May 17 13:59:55 2016 +0100 tools: Extend multiple-bgpd.sh to support BIRD, ExaBGP plus more configurables * tools/multiple-bgpd.sh: Extend this script to support having multiple different implementations in the ring. Add config generator and launch functions for BIRD and ExaBGP. Allow the proportion of other instances in the ring to peer with to be configurable as %age via PEERPROP. Allow number of v4 routes to advertise to be configurable via ADV. Allow "external", non-ring BGP peers to be defined via the EXPEER* arrays. commit a6efbab768b94a398adb52f0e2b3fe064cfe2f59 Author: Paul Jakma Date: Tue Dec 1 16:09:08 2015 +0000 tools/multiple-bgpd: extend the ring, enable mpath, add links to +-2 instances * multiple-bgpd.sh: Configure mpath to test it. Add links to the ±2 instances in the ring to get a bit more multi-pathing (otherwise, only mpath to the furthest neighbour IF there's an even number of instances). commit 5931124b6c78ec211e3171606fc2ad2dd448b12a Author: Paul Jakma Date: Fri Jul 8 11:24:09 2016 +0100 tools: Remove historic scripts commit b174a58467d155b8609f1b5a1f6e27f22afdb81c Author: Paul Jakma Date: Mon Jan 23 10:55:26 2017 +0000 ripd: Fix GCC6 warning on misleading indentation commit 5bc62ca9561fa01a989e386cbf6e71cbdef77a3c Author: Paul Jakma Date: Mon Jul 11 16:21:23 2016 +0100 isisd,ospf6d,bgpd: Fix GCC 6 warnings on indentation not matching control flow GCC 6 can now give warnings when the indentation of code does not align with the scope of prior control flow statement(s). I.e., where the code visually suggests one kind of control flow, but in actuality follows another. Fix warnings found. They all seem to be simple cases of the indentation being deceptive, but the existing flow being correct. commit 40fc3dda2b7a345e447d2ef355108c987e59ed13 Author: Paul Jakma Date: Tue Oct 11 16:00:27 2016 +0100 build: Add GCC stack-protector/SSP to default flag set * configure.ac: Add GCC SSP / -fstack-protector-strong to default flag set, when available, as part of defence in depth. At least some distros already use SSP by default and it can detect buffer overflows above a certain size. commit 867946bb8802c02049bf68a4e97843d777cbcb68 Author: Paul Jakma Date: Mon Dec 21 13:39:33 2015 +0000 lib: vty_prefix_list_install should validate afi/safi * lib/plist.c: (vty_prefix_list_install) Check afi/safi is supported and warn if not, as a safeguard and to ensure the user is warned, if somehow that code is ever called for non-IP AFI. commit 0c175f82a812c6e86eeb2c11b7f3f96bf46459fa Author: Paul Jakma Date: Mon Dec 21 12:57:31 2015 +0000 ospfd: 'ip ospf network' interface should down iface before changing type * ospf_vty.c: (ip_ospf_network) This function changes the interface type and only then downs/ups the interface if already up. So the down happens with the interface type already altered. However, the interface type can have major ramifications for how underlying state is stored/indexed, which may cause problems. Further, bit of an encapsulation violation to twiddle state here. (no_ip_ospf_network) ditto. * ospf_interface.c: (ospf_if_reset_type) New function to reset the OSPF interface type on an interface. Ensure the interface is downed before the type is changed. * ospf_interface.h: (ospf_if_reset_type) Export, for ospf_vty.c commit 574e5007d5155ee261a4da39fc18502f76e40a30 Author: Paul Jakma Date: Tue May 17 13:33:11 2016 +0100 bgpd: Add route count from neighbours & established sessions to bgp summary * bgp_vty.c: (bgp_show_summary) The sum of the routes received from each neighbour can be interesting/useful. Add a line with this to end of 'show ... bgp ... summary'. Also, add a count of the number of established sessions. Note, the route count is also available from 'show bgp statistics', along with more. commit 670f3dba6721a500418b5793a2b00579198d2bd7 Author: Renato Westphal Date: Mon Nov 28 16:47:13 2016 -0200 bgpd: fix invalid memory access in peer_free() We shoult not call bgp_unlock() before calling bgp_delete_connected_nexthop() in the peer_free() function. Otherwise, if bgp->lock reaches zero, bgp_free() is called and peer->bgp becomes an invalid pointer in the bgp_delete_connected_nexthop() function. To fix this, move the call to bgp_unlock() to the end of peer_free(). commit 4d48bb360db5148b18524d06616555b06342fa68 Author: Daniel Walton Date: Tue Nov 29 12:47:12 2016 -0500 bgpd: fix "show ip bgp" column alignment The "Weight" column is off: BGP table version is 0, local router ID is 10.1.1.1 Status codes: s suppressed, d damped, h history, * valid, > best, = multipath, i internal, r RIB-failure, S Stale, R Removed Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 4.1.1.2/32 9.9.9.2 0 32768 ? *> 4.1.1.4/32 9.9.9.2 0 32768 ? Displayed 2 out of 2 total prefixes Reviewed-by: Donald Sharp commit 2c0adbf9bc0c2425f567848ba7f790059d18b253 Author: Donald Sharp Date: Fri Nov 18 15:42:41 2016 -0500 vtysh, zebra: Fix link-params to use exit-link-params Fix the link-params submode to use the 'exit-link-params' to indicate we are exiting a submode. Fixup all the relevant bits. commit f2f44eaa321be5a52e5ad67069bd8061603589a1 Author: David Lamparter Date: Sat Nov 12 17:43:15 2016 +0900 zebra: fix link-params CLI handling vtysh was breaking in a rather ugly way, and some "no" forms were missing too. commit a53d4e55a51518ae5735a65405dcee88c59cd5d8 Author: Martin Winter Date: Thu Oct 20 23:55:10 2016 -0700 build: configure.ac - use AC_PROG_CC_C99 instead of cflags to force c99 mode commit c2c63cb3d5e2f56cf2b2d3f00535d275ab23a969 Author: Donald Sharp Date: Mon Oct 10 19:35:43 2016 -0400 ospfd: Fix arm compile issue size_t printf formatter is %zd! Signed-off-by: Donald Sharp commit 5bb328e82137a0a9cc73e887d5074da273562d38 Author: Christian Franke Date: Sat Oct 1 22:35:32 2016 +0200 ripngd: add support for route tags commit 2bbacea824300be05f46094a4d156cb12c0dca13 Author: Christian Franke Date: Sat Oct 1 21:43:17 2016 +0200 ripd: add support for route tags commit 7ae2b609875756663e0a7d677609d04baa04b613 Author: Christian Franke Date: Sat Oct 1 06:41:40 2016 +0200 ospf6d: add support for route tags [ported by Paul Jakma, paul@jakma.org] commit ddc160cce1767ef006a812f5213cabfb24e3cd4d Author: Christian Franke Date: Sat Oct 1 20:42:34 2016 +0200 *: Port Christians tweaks for 32-bit route tags Port over Christian's tweaks from his port of my commit widening the route-tag field width to 32-bit. Commit dc9ffce8786844 "*: Consistently support 32-bit route tags". with "changes which make this actually useful for all the daemons". This is missing the zebra route-map changes. commit 5958b8f790f0049f980b74b3e2916979850e5d09 Author: Christian Franke Date: Sat Oct 1 04:06:03 2016 +0200 ospfd: Update route in zebra when tag changes Signed-off-by: Christian Franke commit dafa05e65fe4b3b3ed5525443f554215ba14f42c Author: Timo Teräs Date: Thu Jan 19 17:27:01 2017 +0200 nhrpd: implement next hop resolution protocol This provides DMVPN support and integrates to strongSwan. Please read README.nhrpd and README.kernel for more details. commit 56ae5c4847f53f10e2151039556ec76a7a94c7fb Author: Jafar Al-Gharaibeh Date: Fri Jun 17 16:01:12 2016 -0500 zserv: get rid of code duplication in nexthop_lookup[_mrib] functions z[send/read]_ipv4_nexthop_lookup functions have been duplicated for multicast mrib lookup. The mrib versions are identical to the unicast versions except for a couple of places. The differences do not justify duplicating two functions and 80 lines of codes. Code refactoring and an if statement with a few lines of code are enough to handle the differences with a lot less and cleaner code. Signed-off-by: Jafar Al-Gharaibeh Signed-off-by: Jafar Al-Gharaibeh Tested-by: NetDEF CI System commit 54f1476c2ab201808fae1ec9f2ee1a5460f7882b Author: Quentin Young Date: Mon Jun 20 13:58:05 2016 -0400 zebra: Change bitwise operations to purpose-built macros Some bitfields for zebra_debug_* flags were being modified with bitwise operators instead of the purpose-built macros in lib/zebra.h. Changed such instances to use the macros. Signed-off-by: Quentin Young Signed-off-by: Quentin Young Acked-by: Jafar Al-Gharaibeh Tested-by: NetDEF CI System commit be987c2804730f39828e2e047fb09f05ebd9915a Author: Quentin Young Date: Thu Jun 16 11:26:44 2016 -0400 lib: Clean command.c Removed dead code paths and fixed a typo. Signed-off-by: Quentin Young Signed-off-by: Quentin Young Tested-by: NetDEF CI System commit 99f567205357570091ba109caad126b7bafcf8ce Author: Christian Franke Date: Tue Jun 14 20:07:10 2016 +0200 vtysh: fix a memory leak in vtysh_client_execute buf is dynamically allocated and needs to be freed in the error handling path too. Signed-off-by: Christian Franke Signed-off-by: Christian Franke Acked-by: Donald Sharp commit 5d9fae294228ad39d12913312485429b9129a3b0 Author: Christian Franke Date: Tue Jun 14 20:07:09 2016 +0200 vtysh: handle case if there is no match in "write terminal $daemon" While the DEFUN should match the list of clients registered in vtysh, it seems better to handle the case explicitly instead of relying on the client list and the DEFUN signature being in sync. Signed-off-by: Christian Franke Signed-off-by: Christian Franke Acked-by: Donald Sharp commit 93ad10e27beebb0416cf33d2f0acf96425064a48 Author: Christian Franke Date: Tue Jun 14 20:07:08 2016 +0200 ripd: print md5 auth digest correctly The dump of the md5 hash was missing one byte of the hash. Signed-off-by: Christian Franke Signed-off-by: Christian Franke Acked-by: Donald Sharp commit d1da1e9d18f46d80da4e91fdabafb03fa4272a01 Author: Christian Franke Date: Tue Jun 14 20:07:07 2016 +0200 pimd: don't leak original_s_route on error original_s_route is allocated on the heap and was not freed during the error case. Signed-off-by: Christian Franke Signed-off-by: Christian Franke Acked-by: Donald Sharp commit 5bd78b9f409b0a7d4b6a9e15d495ca2c53757a4d Author: Christian Franke Date: Tue Jun 14 20:07:02 2016 +0200 ospfd: fix double assignment in ospf_vl_set_timers Signed-off-by: Christian Franke Signed-off-by: Christian Franke Acked-by: Donald Sharp commit c8e80972d5b99fb8baaa367a726f1dc36a840744 Author: Christian Franke Date: Tue Jun 14 20:07:01 2016 +0200 bgpd: fix memory leaks in show commands sockunion_str2su allocates a struct sockunion that used to be leaked in the show commands. Use str2sockunion and keep the information on the stack instead. Signed-off-by: Christian Franke Signed-off-by: Christian Franke Acked-by: Donald Sharp Signed-off-by: Philippe Guibert commit 32e41f75fd1735071e0fa0bdd918e9b1241d1837 Author: Christian Franke Date: Tue Jun 14 20:06:59 2016 +0200 bgpd: don't leak memory in community_regexp_include Signed-off-by: Christian Franke Signed-off-by: Christian Franke Acked-by: Donald Sharp commit 708ea62f82f34c8674042b369ee8cba5d7b34c02 Author: Christian Franke Date: Tue Jun 14 20:06:57 2016 +0200 bgpd: check return value of zebra_interface_state_read zebra_interface_state_read can return NULL in cornercases. The other daemons check for this, so should bgpd. Signed-off-by: Christian Franke Signed-off-by: Christian Franke Acked-by: Donald Sharp commit 5cb81ce51d5c2ed6b6f7ce51dcfa5388b1836c27 Author: Christian Franke Date: Tue Jun 14 20:06:56 2016 +0200 bgpd: setting nexthop doesn't need inet_pton Signed-off-by: Christian Franke Signed-off-by: Christian Franke Acked-by: Donald Sharp commit cfb4826340ab177b3cfbce4f138187f41860b68e Author: David Lamparter Date: Mon Jun 13 17:29:14 2016 +0200 lib: AgentX: use threads instead of eventloop hack AgentX fd/timeout handling is rather hackishly monkeyed into thread.c. Replace with code that uses plain thread_* functions. NB: Net-SNMP's API rivals Quagga's in terms of age and absence of documentation. netsnmp_check_outstanding_agent_requests() in particular seems to be unused and is therefore untested. The most useful documentation on this is actually the blog post Vincent Bernat wrote when he originally integrated this into lldpd and Quagga: https://vincent.bernat.im/en/blog/2012-snmp-event-loop.html Signed-off-by: David Lamparter Signed-off-by: David Lamparter commit 47fb0a8eb8138572a9117156223259413a956e81 Author: David Lamparter Date: Mon Jun 13 17:29:13 2016 +0200 lib: add thread_add_timer_tv (struct timeval) Another zoo extension, this adds a timer scheduling function that takes a struct timeval argument (which is actually what the wrappers boil down to, yet it's not exposed...) Signed-off-by: David Lamparter Signed-off-by: David Lamparter commit 449b29e8bd9fb1ae2e57cea7074e1b9778343455 Author: David Lamparter Date: Mon Jun 13 17:29:12 2016 +0200 lib: linklist: add listnode_add_before() This utility function, to join the zoo that the Quagga linked-list implementation has accumulated, does an insert-before while returning the newly allocated node. It is similar to: - listnode_add_after(), but - complementary direction - returns allocated node - list_add_node_prev(), but - supports before == NULL - returns allocated node In general, the entire linked-list implementation is in bad shape, and while it needs a cleanup / rewrite / replacement, this would both cause significant conflicts and block other cleanups... Signed-off-by: David Lamparter Signed-off-by: David Lamparter commit c96e78dde1f118eaee4269aa2c91ef70850e5423 Author: Donald Sharp Date: Thu Jun 9 15:34:59 2016 -0400 pimd: Fix of using uninitialized Memory Valgrind is reporting that pimd is using uninitialized memory for comparisons. This commit addresses the issues found there. Signed-off-by: Donald Sharp Signed-off-by: Donald Sharp commit 6ff2acde9291b855c44edf9a7a0423580c901d03 Author: Igor Ryzhov Date: Thu Jun 9 16:44:21 2016 +0300 vtysh: send "no interface" command to all daemons that support it Signed-off-by: Igor Ryzhov Signed-off-by: Igor Ryzhov Acked-by: Donald Sharp Tested-by: NetDEF CI System commit c0a613f3a2be8e40265704fd00166cd5342ca409 Author: Christian Franke Date: Mon Jun 6 22:22:15 2016 +0200 bgpd: fix potential crash in community_list_dup_check extcommunity_list_set may set the ->config for an entry to NULL. In this case, the old code in community_list_dup_check would cause a NULL pointer dereference. Adjust the code so it behaves the same in the absence of NULL pointers and otherwise checks if both are NULL to determine equality. Signed-off-by: Christian Franke Signed-off-by: Christian Franke Tested-by: NetDEF CI System Acked-by: Donald Sharp commit 51b45a52adf944ac391c0e90f86597454ab4d657 Author: Christian Franke Date: Mon Jun 6 22:04:30 2016 +0200 zebra: make fpm netlink_route_info_fill more robust Having an RTM_ADDROUTE with a rib == NULL would lead to a crash due to a NULL pointer dereference. Since an RTM_ADDROUTE without a rib object doesn't make much sense, print a warning and remove the concerned route instead. Signed-off-by: Christian Franke Signed-off-by: Christian Franke Tested-by: NetDEF CI System commit 8db38639cc4cf796484b352c57f2709151f0e2e4 Author: Christian Franke Date: Mon Jun 6 21:49:59 2016 +0200 ospf6d: remove unused broken function ospf6_interface_if_del has not been in use since for quite some years and is broken. (Will crash ospf6d if oi->area == NULL) Since it is not used, just remove it. Signed-off-by: Christian Franke Signed-off-by: Christian Franke Tested-by: NetDEF CI System Acked-by: Donald Sharp commit 5a7a23b09fed1cb26b901e3160c2f6e560cfd679 Author: Christian Franke Date: Mon Jun 6 21:13:15 2016 +0200 isisd: exit if daemonizing fails The other daemons in Quagga exit with an error if they cannot fork. Change isisd to behave consistently. Signed-off-by: Christian Franke Signed-off-by: Christian Franke Tested-by: NetDEF CI System Acked-by: Donald Sharp commit 68cfaabc2e281b6ef9810138db3b42e52f1f0060 Author: Christian Franke Date: Mon Jun 6 21:10:24 2016 +0200 zebra: fix a crash in static_add_ipv6 caused by a NULL dereference si will be NULL after end of the preceeding for loop. update is the right static route info to use for deleting the old route. Signed-off-by: Christian Franke Signed-off-by: Christian Franke Tested-by: NetDEF CI System Acked-by: Donald Sharp commit 456cb633436c567a173dadb9b6fb4610266c2ef9 Author: Donald Sharp Date: Thu Jun 2 02:37:52 2016 -0400 pimd: Add ability to safely ignore route-maps pim was not parsing route-map code and causing issues using vtysh because of this. Add code to safely ignore the route-map code and set us up for future expansion into route-maps if neeeded. Signed-off-by: Donald Sharp Signed-off-by: Donald Sharp Tested-by: NetDEF CI System Acked-by: Jafar Al-Gharaibeh commit 18343eeff67b9b17b7d688a13a1f0829db1ad436 Author: Donald Sharp Date: Thu Jun 2 02:30:46 2016 -0400 pimd: Add support for displaying ip mroute When you enter a static mroute under an interface the 'show run' is not displaying this information. Add code to allow this. Signed-off-by: Donald Sharp Reviewed-by: Daniel Walton Reviewed-by: Don Slice Signed-off-by: Donald Sharp Reviewed-by: Daniel Walton Reviewed-by: Don Slice Tested-by: NetDEF CI System Acked-by: Jafar Al-Gharaibeh commit f8aef5fd4aa48eceedb67fb8919378e33617bc5d Author: Donald Sharp Date: Thu Jun 2 02:20:29 2016 -0400 pimd: Remove igmp_add_group_by_addr unneeded parameter The interface name is already passed in as part of the 'struct igrmp *group' pointer. No need to do it twice. Signed-off-by: Donald Sharp Signed-off-by: Donald Sharp Tested-by: NetDEF CI System Acked-by: Jafar Al-Gharaibeh commit 3e6a3a64359ae6fa370fbd9c843b7c0d04a946c3 Author: Donald Sharp Date: Thu Jun 2 02:20:28 2016 -0400 pimd: Remove source_new unneeded parameter The interface name is already passed in as part of the 'struct igmp_group *group' pointer. No need to do it twice. Signed-off-by: Donald Sharp Signed-off-by: Donald Sharp Acked-by: Jafar Al-Gharaibeh commit d395fd1996df70eb5e6ecc4fc1cf90e8303f43a6 Author: Donald Sharp Date: Thu Jun 2 02:20:27 2016 -0400 pimd: Remove dead code. No need to keep '#if 0' code. If we need it in the future, just go back into the history and grab it. Signed-off-by: Donald Sharp Signed-off-by: Donald Sharp Acked-by: Jafar Al-Gharaibeh commit dc633bd1833c4b9df44df27135ce12fef884b53f Author: Paul Jakma Date: Mon Dec 26 17:25:26 2016 +0000 lib/stream: Add stream_discard, to discard read data from a stream * stream.c: (stream_discard) Discard the already data from a stream, as indicated by the getp. Move remaining, unread data, to the beginning of the stream. get and end stream pointers are updated as appropriate. If all data has been consumed, then this behaves identically to stream_reset. commit 95509a6f55c63b72541fa390f7dda7fab2fa3210 Author: Thorvald Natvig Date: Thu Sep 29 10:25:35 2016 -0700 Extend BGP_SEND_ASPATH_CHECK to cover confederations Extend the check for BGP_SEND_ASPATH_CHECK to also cover confederations. commit 9ed99f040f0dd14d0aca82e159f67d27e64042ae Author: Baruch Siach Date: Sun Aug 21 09:23:05 2016 +0300 lib/memory: fix indirect static link with zlib quagga SNMP support depends on netsnmp, that optionally depends on OpenSSL, which in turn requires zlib. zlib exports the 'zcalloc' symbol, which collides with a function of the same name in memory.c. This is not a problem when linking dynamically, since quagga does not use zlib directly. But static linking fails with the error: CCLD ospfd .../output/host/usr/mips64el-buildroot-linux-uclibc/sysroot/usr/lib/libz.a(zutil.o): In function `zcalloc': zutil.c:(.text+0x48): multiple definition of `zcalloc' .../output/build/quagga-1.0.20160315/lib/.libs/libzebra.a(memory.o):memory.c:(.text+0x1a0): first defined here Rename 'zcalloc' to 'zzcalloc' to avoid symbol collision. Signed-off-by: Baruch Siach Signed-off-by: Baruch Siach commit 64f8c7d80fd9685936613f6c564b9572dd28561d Author: Thomas Petazzoni Date: Sun Aug 21 09:23:04 2016 +0300 configure: fix static linking with readline When static linking is used, the order of the libraries is important, and the libraries using a symbol from another library should be listed *before* the library providing that symbol (see http://eli.thegreenplace.net/2013/07/09/library-order-in-static-linking) for details. When vtysh is linked statically, the command line contains "-lcurses -lreadline", which causes a build failure due to unresolved symbols. This is because readline is using symbols from the curses library: the order should be the opposite. This patch fixes that problem by putting the -lreadline at the beginning of the LIBREADLINE variable calcualted by the configure script. Signed-off-by: Thomas Petazzoni Signed-off-by: Baruch Siach Signed-off-by: Thomas Petazzoni Signed-off-by: Baruch Siach commit a8f9790a9bae34b4ef6b1c0c9391d2a9cc991f47 Author: Jafar Al-Gharaibeh Date: Thu Jul 28 14:41:20 2016 -0500 config: Give the option of disabling run as user/group Leave "user/group" unset when explicitly configuring with "--disable-user" / "--enable-user=no" and "--disable-group" / "--enable-group=no" This allows quagga to skip unsupported system calls such as setuid() on certain platfroms. Signed-off-by: Jafar Al-Gharaibeh Signed-off-by: Jafar Al-Gharaibeh Tested-by: NetDEF CI System commit e3443a21552b6a3cd6ebdbb98336eede217a478f Author: Timo Teräs Date: Wed Oct 19 16:02:34 2016 +0300 bgpd: simplify ebgp-multihop and ttl-security handling Change to track configured value in ->ttl and ->gtsm_hops; not the value set to sockopt. Instead, setting of socket's ttl and minttl options are now merged to one function which calculates it on demand. This greatly simplifies the code. commit c9cc52af9edf0f23a1434c944812064de220a7bf Author: Timo Teräs Date: Wed Oct 19 16:02:33 2016 +0300 bgpd: honor disable-connected-check option with next hop tracking Make bgpd ignore connected state again if configured to do so. commit b41bb62e039454f53e54959b2c3f7eea816e6422 Author: Timo Teräs Date: Wed Oct 19 16:02:32 2016 +0300 zebra: fix nht validity checking to be same as when it's resolved This reverts commit 7e3a435bd99 "A valid BGP nexthop is flagged as invalid" Problem is BGP thinks the nexthop is accessible when it's recursive, and selects it, but zebra rejects it at route install time. Causing FIB and BGP state to be out-of-sync. Fix nht to follow same rules as zebra rib. commit 631fcd2e51b02b3d5548bee4108044921fb3e58b Author: Timo Teräs Date: Wed Oct 19 16:02:31 2016 +0300 zebra: use FIB state for nexthop tracking The FIB override routes can override ZEBRA_FLAG_SELECTED routes in FIB. Use the FIB state instead to report correct nexthop when FIB override routes are present.