sorted by: recent | see : popular

Content Tagged with new + Quagga

Quagga 0.99.10 has been released, and is available, along with a full changelog, in the usual places.

Thanks to everyone who helped by reporting bugs, contributing and testing fixes.

Release notes

zebra: Races in the RIB could lead to routes not being installed to kernel FIB

bgpd: 4-Byte AS Number support

Quagga now supports 4-byte AS numbers.

bgpd: Low impact AS4 Attribute DoS (Mu Security)

This release fixes further potential DoS conditions in bgpd, again reported by Mu Security, where a bgpd could be made to crash if an UPDATE was sent with certain AS4 attributes. The possible crashes are either a NULL pointer dereference, or an assert, and so are not thougth to be exploitable.

As AS4 support is only being introduced in this release of Quagga, the impact is considered neglible. The exception is where pre-release Quagga software, with initial AS4 support, has been deployed. Such deployments are vulnerable to a DoS initiated by any remote participant in the BGP network.

NB: The CVS commit message mistakenly says this affects only configured peers. The above advice takes precedence.

bgpd: Sundry regression fixes

Sessions would be incorrectly reset if a partial AS-Pathlimit attribute was received. All users of 0.99.9 bgpd, in which AS-Pathlimit support was introduced, that receive public routes will need to upgrade to 0.99.10 to avoid this issue.

Advertisement of Multi-Protocol prefixes (i.e. non-IPv4) had been broken in the 0.99.9 release.

BSD: Interface link-state now supported

Solaris: Support added for Solaris 10U5 IP instance privileges

A short-form list of code related changes:

zebra:

    [zebra] note the meta-queue in NEWS
    [zebra] initial edition of meta-queue for RIB updates processing (#431)
    [zebra] fix bug#326 by rib_lookup_and_pushup()
    [zebra/linux] Use BPF to filter out responses, to try avoid netlink
    overruns
    [zebra] fixed bug #418 (changing address on an existing interface
    doesn't cause existing static routes to be revalidated)
    [zebra] fix the bug reported by Milan Kocian (IPv6 route handling
    was broken by the RIB debug changeset).
    [zebra] rib_process() speedup for multi-nexthop route nodes
    [zebra] Minor bugfix: IPv6 prefixes were logged incorrectly in RIB
    debugging calls. Fixed.
    [zebra] sayonara old_pid!
    [zebra] fixed bug #402: now the second zebra process doesn't
    destroy routes of the first one before dying
    [zebra] we are not going to receive routing messages originated by
    old_pid,
      because rib_sweep_route() is called after damon() now. This will allow
      to drop old_pid completely soon.
    [zebra] Switch from LOOKUP() to lookup() for rtm_type (see bug #401 for details).
    [zebra] * rt_socket.c: (kernel_rtm_ipv4) prefix_buf could be passed
            to zlog_err() uninitialized with debug disabled. Fixed.

lib:

    [lib] trivial: add const qualifier to stream_put/write
    [lib] Fix the struct message LOOKUP function to be more robust
    [lib/linklist] Enforce "nodes must have data" invariant more
    rigorously
    [lib] add mising UL qualifier to numerical constant
    [lib] pidfiles are now always created with 0644 perms instead if
    LOGFILE_MASK (0600)
    [privs/Solaris] Quagga should work in zones with IP instances
    [snmp-smux] Fix problems if 'smux peer ...' is issued multiple
    times

bgpd:

    [bgpd] minor changes to bgp_mp_reach_parse
    [bgpd] bug #419: partial aspath-limit incorrectly causes session reset
    [bgpd] fix the set statement name
    [bgpd] Added new route-map set statement: "as-path ignore"
    [bgpd] remove unnecessary 0 entries from struct message's
    [bgpd] fix crash on startup if compiled IPv4-only
    [bgpd] Fix number of DoS security issues, restricted to configured
    peers.
    [bgpd] fixed no_set_aspath_prepend() to correctly match existing
    "set" statement
    [bgpd] Fix typo in previous commit to bgp_main.c
    [bgpd] small fix for crash if 'listenon' argument is not given
    [bgpd] Add 'listenon' argument
    [bgpd] Merge AS4 support
    [bgpd] Fix typo, which prevented advertisement of MP (non-IPv4)
    prefixes

ospfd:

    [ospfd] fix missing arg to zlog_warn()
    [ospfd] fix minor regression in OSPF sending buffer adjustment
logic

ripd:

    [ripd] Fix mistaken empty string test
    [ripd] remove unnecessary 0 entries from struct message's

isisd:

    [isisd] Bug #437: fix ssert caused by bad list management

ospf6d:

    [ospf6d] Fix removal of defunct ASBR routes

general:

    [c++] remove/rename some names in headers that clash with C++ reserved words
    [daemons] Sanity check port number arguments before use
    [solaris] add missing makefile.am dependency
    [link-detect] Improve BSD support.
    [link-detect] Try to get BSD link-detect to work properly.
    [link-detect] Static interface routes should behave properly with
    link-detect.
    [tests] BGP MP_(UN)REACH_NLRI unit tests
    [tests:bgp] Further tests for 0 sized as_path segments
    [tools] multiple-bgpd.sh: make paths more configurable

Quagga 0.99.8 has been released. As ever, the changelog has the full details. This release contains fixes for a few niggly bugs and regressions. the addition of route-map support within zebra, a potential 10 to 15% memory saving in bgpd and several build related changes.

A summary of changes follows:

• zebra:
  • rib loop check for RIB_ENTRY_REMOVED checks wrong var
  • [PtP] Fix BSD problems with PtP interfaces: must treat RTA_BRD as peer addre
  • Add zebra_routemap.c
  • Routemap support on received routes, with 'set src' command (linux)
• lib
  • Add comments regarding setsockopt_multicast_ipv4 arguments.
• build:
  • configure needs to check for struct icmphdr for IRDP
  • [linux] Fix strange compilation problem by explicitly including <linux/types
  • [zebra] Trivial patches so we can compile when IPv6 is not enabled
  • [autoconf] Fix missing space character in previous commit
  • [autoconf] GNU_SOURCE can be defined twice, through AC_FUNC_STRNLEN
  • [autoconf] add back check for inet_aton
  • [autoconf] bugs 162,303,178: Fix 'present but can not be compiled' warnings
  • Improve portability by invoking gcc with -std=gnu99 instead of -std=c99
• ospfd
  • Fix address qualified 'ip ospf auth' commands
  • Bug #330 regression: Fix ospf_spf_add_parent assert
  • network command now behaves more logically when a peer prefix is defined
• vtysh
  • bug #371: vtysh forgets to print 'end' for write-terminal
• bgpd
  • bug #370, default-originate was broken by a silly thinko
  • Trim memory usage of BGP routes
• ospf6d:
  • Fix silly bug: muse use strcmp to compare strings

Quagga 0.99.6 has been released, see the full changelog for the details. A summary of the changes:

• bgpd
  • Bug #302, bgpd can get stuck in state Clearing
  • Implement 'debug bgp zebra' to log all messages to and from zebra.
  • Fix bug where a deleted route that was quickly re-added was being lost
  • trivial: non C99 u_int.._t should be uint.._t
  • struct peer must have bgp field valid (redistribute crash)
  • Coverity CID #64: Needless NULL check, CID #64: Deref of potentially NULL pointer.
  • CID#73, potential crash in bgp statistics if called for AFI/SAFI with emtpy table
  • Bug #302 fixes. ClearingCompleted event gets flushed, leaving peers stuck in Clearing.
  • Trivial fix of printf format/arg mismatch
  • reduce the process queue hold time to something more sensible
  • RIB statistics address space size shouldnt double count space
  • simplify peer refcounts, squash slow peer leak
  • Fix 0.99 shutdown regression, introduce Clearing and Deleted states
  • Add RIB reporting commands, show bgp ... statistics
  • Handle pcount as flags are changed, fixing pcount issues
  • Add 'show ... neighbor .... prefix-counts' command
• ospfd
  • Consider all connected addresses when creating ospf interfaces
  • Add debug messages for a few zebra messages that had been overlooked
  • Fix bug in passive-interface default commands.
  • Stop losing subsequent default-information originate 'always' info
  • Add passive-interface default support
  • Improve some warning messages.
  • Fix assertion in DB-exchange fix, hit by ogier-db-ex-opt commit
• isisd: Fix compiler warnings and allow v4-only compilation
• zebra
  • Changes of nexthops of static routes didnt take effect
  • Compile fix for PF_ROUTE
• ripd
  • bug #293: routemap set metric doesn't check for underflow correctly
  • bug #278: remove gratuitous use of mid-function declaration
• general
  • [daemon startup] Add --dry-run/-C argument to daemons, to check config file syntax
  • Handle upgrade from SUNWzebra to Quagga for 'interface fooX:Y' commands
  • [snmp] Fix asn_build calls to pass correct variable sizes (fixes 64-bit issues)
  • [doc] Add recent NetBSD/FreeBSD versions to list of what ought to work.

Quagga 0.99.2 has been released. This release fixes several regressions and bugs over 0.99.1, particularly in bgpd and ospfd. See the long ChangeLog for the full details. This release still contains several known and/or reported regressions over 0.98, particularly related to maximum-prefix count in bgpd, redistribution of static routes in ospfd and redistribution of connected routes in ripd, amongst others.

Due to crappy/old automake used to create tarball, it had to be updated to make it work for systems not having GNU install. Sorry for inconvenience.

0.98.5 from stable series is released fixing several bugs in ospfd and bgpd, most notably some crashes in ospfd and yet another route server functionality regression in bgpd. See changelog for detailed info.

Packages of Quagga 0.99.3 for Solaris 10 and Fedora Core 4 are available.

Three security issues have been reported recently in Quagga.

Two RIP issue were reported by Konstantin V. Gavrilenko of Arhont. The first RIP issue concerns an information leak through RIPv1, due to RIP version control not being applied fully. The second RIP issue concerns unauthenticated route injection via RIPv1 when RIPv2 authentication is enabled. Finally, bgpd is vulnerable to a DoS via the telnet interface, which could affect BGP route-servers and looking glasses.

The fixes are integrated, and the most recent CVS snapshots as of 20060504 should be considered Release Candidates, e.g. 0.98 20060504 and 0.99 20060504 or any later snapshot.

An overview of the 0.98 changes has been posted to the quagga-users list (HTML format with hyperlinks). While the various changes have all been tested, further testing of the 0.98 snapshot in this Release Candidate form, would be greatly appreciated.

Quagga 0.99.4 has been released, to address the same 3 security issues as fixed in the 0.98.6 release, in addition to several bug fixes. Please see the announcement email for further details.