Quagga 0.99.10 has been released, and is available, along with a full changelog, in the usual places.

Thanks to everyone who helped by reporting bugs, contributing and testing fixes.

Release notes

zebra: Races in the RIB could lead to routes not being installed to kernel FIB

bgpd: 4-Byte AS Number support

Quagga now supports 4-byte AS numbers.

bgpd: Low impact AS4 Attribute DoS (Mu Security)

This release fixes further potential DoS conditions in bgpd, again reported by Mu Security, where a bgpd could be made to crash if an UPDATE was sent with certain AS4 attributes. The possible crashes are either a NULL pointer dereference, or an assert, and so are not thougth to be exploitable.

As AS4 support is only being introduced in this release of Quagga, the impact is considered neglible. The exception is where pre-release Quagga software, with initial AS4 support, has been deployed. Such deployments are vulnerable to a DoS initiated by any remote participant in the BGP network.

NB: The CVS commit message mistakenly says this affects only configured peers. The above advice takes precedence.

bgpd: Sundry regression fixes

Sessions would be incorrectly reset if a partial AS-Pathlimit attribute was received. All users of 0.99.9 bgpd, in which AS-Pathlimit support was introduced, that receive public routes will need to upgrade to 0.99.10 to avoid this issue.

Advertisement of Multi-Protocol prefixes (i.e. non-IPv4) had been broken in the 0.99.9 release.

BSD: Interface link-state now supported

Solaris: Support added for Solaris 10U5 IP instance privileges

A short-form list of code related changes:

zebra:

    [zebra] note the meta-queue in NEWS
    [zebra] initial edition of meta-queue for RIB updates processing (#431)
    [zebra] fix bug#326 by rib_lookup_and_pushup()
    [zebra/linux] Use BPF to filter out responses, to try avoid netlink
    overruns
    [zebra] fixed bug #418 (changing address on an existing interface
    doesn't cause existing static routes to be revalidated)
    [zebra] fix the bug reported by Milan Kocian (IPv6 route handling
    was broken by the RIB debug changeset).
    [zebra] rib_process() speedup for multi-nexthop route nodes
    [zebra] Minor bugfix: IPv6 prefixes were logged incorrectly in RIB
    debugging calls. Fixed.
    [zebra] sayonara old_pid!
    [zebra] fixed bug #402: now the second zebra process doesn't
    destroy routes of the first one before dying
    [zebra] we are not going to receive routing messages originated by
    old_pid,
      because rib_sweep_route() is called after damon() now. This will allow
      to drop old_pid completely soon.
    [zebra] Switch from LOOKUP() to lookup() for rtm_type (see bug #401 for details).
    [zebra] * rt_socket.c: (kernel_rtm_ipv4) prefix_buf could be passed
            to zlog_err() uninitialized with debug disabled. Fixed.

lib:

    [lib] trivial: add const qualifier to stream_put/write
    [lib] Fix the struct message LOOKUP function to be more robust
    [lib/linklist] Enforce "nodes must have data" invariant more
    rigorously
    [lib] add mising UL qualifier to numerical constant
    [lib] pidfiles are now always created with 0644 perms instead if
    LOGFILE_MASK (0600)
    [privs/Solaris] Quagga should work in zones with IP instances
    [snmp-smux] Fix problems if 'smux peer ...' is issued multiple
    times

bgpd:

    [bgpd] minor changes to bgp_mp_reach_parse
    [bgpd] bug #419: partial aspath-limit incorrectly causes session reset
    [bgpd] fix the set statement name
    [bgpd] Added new route-map set statement: "as-path ignore"
    [bgpd] remove unnecessary 0 entries from struct message's
    [bgpd] fix crash on startup if compiled IPv4-only
    [bgpd] Fix number of DoS security issues, restricted to configured
    peers.
    [bgpd] fixed no_set_aspath_prepend() to correctly match existing
    "set" statement
    [bgpd] Fix typo in previous commit to bgp_main.c
    [bgpd] small fix for crash if 'listenon' argument is not given
    [bgpd] Add 'listenon' argument
    [bgpd] Merge AS4 support
    [bgpd] Fix typo, which prevented advertisement of MP (non-IPv4)
    prefixes

ospfd:

    [ospfd] fix missing arg to zlog_warn()
    [ospfd] fix minor regression in OSPF sending buffer adjustment
logic

ripd:

    [ripd] Fix mistaken empty string test
    [ripd] remove unnecessary 0 entries from struct message's

isisd:

    [isisd] Bug #437: fix ssert caused by bad list management

ospf6d:

    [ospf6d] Fix removal of defunct ASBR routes

general:

    [c++] remove/rename some names in headers that clash with C++ reserved words
    [daemons] Sanity check port number arguments before use
    [solaris] add missing makefile.am dependency
    [link-detect] Improve BSD support.
    [link-detect] Try to get BSD link-detect to work properly.
    [link-detect] Static interface routes should behave properly with
    link-detect.
    [tests] BGP MP_(UN)REACH_NLRI unit tests
    [tests:bgp] Further tests for 0 sized as_path segments
    [tools] multiple-bgpd.sh: make paths more configurable

Quagga 0.99.9 has been released, and is available, along with a full changelog, in the usual places.

Thanks to everyone who helped by reporting bugs and testing fixes.

Release notes

bgpd: Low impact DoS (Mu Security)

This release fixes two potential DoS conditions in bgpd, reported by Mu Security, where a bgpd could be crashed if a peer sent a malformed OPEN message or a malformed COMMUNITY attribute. Only configured peers can do this, hence we consider these issues to be very low impact.

bgpd: crash with outbound route-maps

This release fixes a serious regression in bgpd in Quagga 0.99.8, where use of outbound route-maps would cause a crash.

bgpd: severe performance problems with regexes

Operators should be aware that allowing untrusted access to the bgpd vty are vulnerable to such untrusted users running regex commands that may cause bgpd to block for many minutes.

To try alleviate this, bgpd now passes the 'REG_NOSUB' flag to regcomp(). This may help good regex implementations to avoid doing a lot of work when users specify substitutions (which we will never use). Unfortunately, this doesn't appear to have much of an effect on the platforms I have tested (Solaris libc and GNU libc).

The 'PCRE' regex implementation however appears to be better behaved, and does not introduce huge slow-downs when regexes with substitutions are applied. Operators who continue to offer untrusted vty access may wish to preload the 'libpcreposix' library (e.g. using LD_PRELOAD). Be aware however that PCRE is not fully compatible with POSIX extended regexes, and this workaround may adversely impact existing configurations.

bgpd: AS-Pathlimit TTL attribute support added

This attribute allows for routes to be announced with a limited scope, specified in terms of numbers of AS-hopcount. See the TeXinfo documentation for further details.

isisd: Now supports Solaris

A short-form list of code related changes:

bgpd:
- [bgpd] low-impact DoS: crash on malformed community with debug set
- [bgpd] bug #398 Bogus free on out route-map, and assert() with rsclients
- [bgpd] Add support for AS_PATHLIMIT / draft-ietf-idr-as-pathlimit
- [bgpd] cleanup, compact and consolidate capability parsing code
- [bgpd] Dont schedule dumps multiple times for same command
- [bgpd] Pass NOSUB to regexec

ospfd:
- [ospfd] Bug #331, NSSA ASBR regression - failure to set E-bit in NSSA
areas
- Bug #362 is fixed now.
- [ospfd] Fix bad SPF calculation on some topologies - incorrect sorting

zebra:
- + fixed bug #400: adjusted rtread_sysctl.c:route_read()
- Looks like bug #320 is finally fixed now.
- Fixed ioctl_solaris.c:if_get_mtu() for IPv6'less operation
- Fixed bug #394 "RTF_DONE is ignored in rtm_read()"
- Merged own patch for bug #390 (rewrite
zebra/zebra_rib.c:nexthop_active_update())
- Use the proper field length for the peer's address
(netlink_interface_addr)
- Bugzilla #384.

isisd:
- [isisd] Add support for Solaris DLPI

Quagga 0.99.8 has been released. As ever, the changelog has the full details. This release contains fixes for a few niggly bugs and regressions. the addition of route-map support within zebra, a potential 10 to 15% memory saving in bgpd and several build related changes.

A summary of changes follows:

• zebra:
  • rib loop check for RIB_ENTRY_REMOVED checks wrong var
  • [PtP] Fix BSD problems with PtP interfaces: must treat RTA_BRD as peer addre
  • Add zebra_routemap.c
  • Routemap support on received routes, with 'set src' command (linux)
• lib
  • Add comments regarding setsockopt_multicast_ipv4 arguments.
• build:
  • configure needs to check for struct icmphdr for IRDP
  • [linux] Fix strange compilation problem by explicitly including <linux/types
  • [zebra] Trivial patches so we can compile when IPv6 is not enabled
  • [autoconf] Fix missing space character in previous commit
  • [autoconf] GNU_SOURCE can be defined twice, through AC_FUNC_STRNLEN
  • [autoconf] add back check for inet_aton
  • [autoconf] bugs 162,303,178: Fix 'present but can not be compiled' warnings
  • Improve portability by invoking gcc with -std=gnu99 instead of -std=c99
• ospfd
  • Fix address qualified 'ip ospf auth' commands
  • Bug #330 regression: Fix ospf_spf_add_parent assert
  • network command now behaves more logically when a peer prefix is defined
• vtysh
  • bug #371: vtysh forgets to print 'end' for write-terminal
• bgpd
  • bug #370, default-originate was broken by a silly thinko
  • Trim memory usage of BGP routes
• ospf6d:
  • Fix silly bug: muse use strcmp to compare strings

The bgpd daemon is vulnerable to a Denial-of-Service. Configured peers may cause a Quagga bgpd to, typically, assert() and abort. The DoS may be triggered by peers by sending an UPDATE message with a crafted, malformed Multi-Protocol reachable/unreachable NLRI attribute. Further details, and a proposed fix for Quagga 0.99 are available in Bug #354.

Network World tests open source router software based on Quagga.

Quagga 0.99.5 was released on the 28th of August, see the release announcement (version with HTML links). A small regression in ospfd was quickly reported and fixed by a user, available in CVS. Additionally, the final 0.99 BGP regressions mentioned in the 0.99.5 announcement are believed to be fixed in CVS, see this mail to quagga-dev. Testing of bgpd in CVS snapshots dated 2006-09-14 or later would be appreciated.

BGP users of 0.99 are strongly encouraged to upgrade to 0.99.5, due to an important fix for an AS-Path loop-checking regression, or even a CVS snapshot, to assist in testing. OSPF 0.99-CVS is believed to be stable at this point.

A Quagga wiki has been setup. Go forth and document!