Patch in PR contains typo, got clean patch from zebra anon cvs server
Wrote e-mail to security officer and freebsd-audit to ask for
a) review
b) what to do next (FreeBSD Ports Security Advisory?...)
concerning a) the author of zebra already ok'd the patch.
converning b) waiting for SO or fbsd-auditers to respond
PR: 23856
Submitted by: Vincent Poy <vince@oahu.WURLDLINK.NET>
Reviewed by: Kunihiro Ishiguro <kunihiro@zebra.org>
Approved by: Kunihiro Ishiguro <kunihiro@zebra.org>
Obtained from: PR (partly) + zebra anon cvs server
fix: multiple route entry for same type of route,
which caused problem for BGP implicit withdraw.
If you are using zebra-0.89 and have a problem with multiple BGP
routes in zebra for one prefix, please update.
Obtained from: Kunihiro Ishiguro <kunihiro@zebra.org>
are two commands "cat >" and "cat >>" when they both take one argument
so I combined them together so they can do what the "cat" command's
name came from.)
added manpage entries in Makefile
Highlights:
o OSPF neighbor is supported.
o IPv6 inteface's address information propagation bug is fixed.
o BGP's various MED comparison methods are added.
o BGP read lock problem is fixed.
Release / contribution information (I think its maybe of interest
concerning the status of zebra):
From: Kunihiro Ishiguro <kunihiro@zebra.org>
Date: Mon, 02 Oct 2000 19:46:41 -0700
I've not yet merged below contributions as of zebra-0.89:
o OSPF Demand Circuits
K N Sridhar <sridhar@euler.ece.iisc.ernet.in>
o Kerberos 4, Kerberos 5 auth and DES CFB64 encryption.
Magnus Ahltorp <ahltorp@nada.kth.se>
These will be merged as soon as possible.
o PIM-SM
Robert.Olsson@data.slu.seJens.Laas@data.slu.se
Will be added after zebra-1.0 release.
From its developer:
Hi, this is Kunihiro.
I think this version is the most stable OSPF version ever had. We'll
keep on fixing and adding new feature to ospfd. And also some BGP's
route selection problems are fixed. Many patches are included.
* Changes in zebra-0.86
* Changes in lib
** Fix bug of exec-timeout command which may cause crush.
** Multiple same policy for "access-list", "ip prefix-list, "as-path
access-list", "ip community-list" is not duplicated.
** It used to be "ip prefix-list A.B.C.D/M" match routes which mask >= M.
Now default behavior is exact match so it only match routes which mask == M.
* Changes in bgpd
** "match ip address prefix-list" is added to route-map.
** A route without local preference is evaluated as 100 local preference.
** Select smaller router-id route when other values are same.
** Compare MED only both routes comes from same neighboring AS.
** "bgp always-compare-med" command is added.
** Now MED value is passed to IBGP peer.
** When neighbor's filter is configured with non-existent access-list,
as-path access-list, ip prefix-list, route-map. The behavior is changed
from all permit to all deny.
* Changes in ospfd
** Fix bug of external route tag byte order.
** OSPF Neighbor deletion bug which cause crush is fixed.
** Some route calculation bug are fixed.
** Add sanity check with router routing table.
** Fix bug of memory leak about linklist.
** Fix bug of 1-WayReceived in NSM.
** Take care of BIGENDIAN architecture.
** Fix bug of NSM state flapping between ExStart and Exchange.
** Fix bug of Network-LSA originated in stub network.
** Fix bug of MS flag unset.
** Add to schedule router_lsa origination when the interface cost changes.
** Increment LS age by configured interface transmit_delay.
** distribute-list is reimplemented.
** Fix bug of refresh never occurs.
** Fix bug of summary-LSAs reorigination. Correctly copy OSPF_LSA_APPROVED
flag to new LSA. when summary-LSA is reoriginatd.
** Fix bug of re-origination when a neighbor disappears.
** Fix bug of segmentation fault with DD retransmission.
** Fix network-LSA re-origination problem.
** Fix problem of remaining withdrawn routes on zebra.
* Changes in ripd
** Do not leave from multicast group when interface goes down bug is fixed.
* Changes in zebra
** Remove client structure when client dies.
** Take care static route when interface goes up/down.
And port changes from sumikawa@ebina.hitachi.co.jp:
- add 'ipv6' on CATEGORIES
- get rid of 'USE_INET6' and use 'OSVERSION' instead of it.
- make PLIST.v6 only difference from PLIST for easily maintanance
Submitted by: sumikawa@ebina.hitachi.co.jp
- remove zebra.sh from ${PREFIX}/etc/rc.d
- start zebra now from /etc/rc.conf.local
- new zebra start script is ${PREFIX}/sbin/zebractl {start|stop|restart}
Example:
/etc/rc.conf.local:
defaultrouter="NO"
router_enable="YES"
router="/usr/local/sbin/zebractl"
router_flags="start"
From: Kunihiro Ishiguro <kunihiro@zebra.org>
Date: Sun, 15 Aug 1999 23:47:59 +0900
This beta includes brand new ripd. Almost codes of ripd is rewritten.
ripd's dynamic `network' command configuration is improved. `timers
basic' command's semantics is changed to conforms to RFC2453. ripngd
is also updated as same as ripd. IPv6 kernel route handling bug is
fixed. SIGUSR1 reopen logging file. ospfd's bug of originating
network LSA is fixed. Redistribute routes handling is much improved.
Now `no redistribute' works as expected. BGP-4+ withdraw bug is
fixed. IPv6 router advertisement codes are added but not yet usable.
* Changes in zebra-0.77
* Changes in lib
** SIGUSR1 reopen logging file.
** route-map is extended to support multi-protocol routing information.
** When compiling under GNU libc 2.1 environment don't use inet6-apps.
* Changes in zebra
** Basic IPv6 router advertisement codes added. It is not yet usable.
** Fix IPv6 route addition/deletion bug is fixed.
** `show ip route A.B.C.D' works
* Changes in bgpd
** When invalid unfeasible routes length comes, bgpd send notify then
continue to process the packet. Now bgpd stop parsing invalid packet
then return to main loop.
** BGP-4+ withdrawn routes parse bug is fixed.
** When BGP-4+ information passed to non shared network's peer, trim
link-local next-hop information.
** `no redistribute ROUTE_TYPE' withdraw installed routes from BGP
routing information.
** `show ipv6 route IPV6ADDR' command added.
** BGP start timer has jitter.
** Holdtimer configuration bug is fixed. Now configuration does not
show unconfigured hold time value.
* Changes in ripngd
** Now update timer (default 30 seconds) has +/- 50% jitter value.
** Add timers basic command.
** `network' configuration is dynamically reflected.
** `timers basic <update> <timeout> <garbage>' added.
* Changes in ripd
** Reconstruct almost codes.
** `network' configuration is dynamically reflected.
** RIP timers now conforms to RFC2453. So user can configure update,
timeout, garbage timer.
** `timers basic <update> <timeout> <garbage>' works.
* Changes in ospfd
** Bug of originating network LSA is fixed.
** `no router ospf' core dump bug is fixed.
* Changes in ospf6d
** Redistribute route works.
BGP-4+ route handling is much improved. ripngd perform route
aggregation with aggregate-address command. When zebra starts up,
delete all installed routes which installed by zebra. ospfd DR
election problem fixed. `terminal length 0' bug is fixed.
BGP route-map now properly handles permit/deny and match/no match
mixture. This fix is done by Rick Payne <rickp@rossfell.co.uk>.
--
Kunihiro Ishiguro
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
* Changes in zebra-0.75
* Changes in lib
** `termnal length 0' bug is fixed.
* Changes in zebra
** When zebra starts up, sweep all zebra installed routes. If -k or
--keep_kernel option is specified to zebra dameon. This function is
not performed.
* Changes in ripngd
** Aggreagte address command supported. In router ripngd,
`aggregate-address IPV6PREFIX' works.
* Changes in bgpd
** Input route-map's bug which cause segmentation violation is fixed.
** route-map method improved.
** BGP-4+ nexthop detection improved.
** BGP-4+ route re-selection bug is fixed.
** BGP-4+ iBGP route's nexthop calculation works.
** After connection Established `show ip bgp neighbor' display BGP TCP
connection's source and destination address.
** In case of BGP-4+ `show ip bgp neighbor' display BGP-4+ global and
local nexthop which used for originated route. This address will be
used when `next-hop-self'.
* Changes in ospfd
** Fix bug of DR election.
** Set IP precedence field with IPTOS_PREC_INTERNET_CONTROL.
** Schedule NeighborChange event if NSM status change.
** Never include a neighbor in Hello packet, when the neighbor goes
down.
OSPFd core dump during startup should be fixed.
BTW it's still not a complete OSPF implementation
as the author says on the mailing list:
"This is the first beta relase which includes (partly) workable ospfd.
Now ospfd works as inter area OSPF router. When it works properly
route goes into the kernel. Please note it does not support intra
area route, AS external route, multiple area, aging of LSA, etc...
Please use ospfd only in test environment.
BGP serious bug is fixed. ripngd is almost rewritten to conform to
RFC2080. ospf6d's LSA data structure is improved. And also many bugs
are fixed."
which is prefix-clean:
- Install a zebra startup script ${PREFIX}/rc.d/zebra.sh
- Can be used as start and stop script (expects "start" or
- "stop" as argument).
- If config file is present in ${PREFIX}/etc/zebra
- Starts zebra, ripd, ospfd and bgpd
- Stops (kills) ripd, ospfd, bgpd and at last zebra
From the announcement on the zebra mailing list:
ospfd is much improved. DR election bug is fixed. Database
description can be sent and received. Now Neighbor State Machine
goes to Full. We are working on zebra-0.70 can provide real OSPF
routing feature.
bgpd aggregate-address command is added. At this momemnt summary-only
aggregation is supported. `ip community-list' command is added.
New route-map command such as `set community' or `match community'
is added.
zebra's IPv6 related bug is fixed. VTY input buffer overflow bug
is fixed.
DEFUN can eat (a|b|c) statement. So (deny|permit) is useful for
like this:
bgpd(config)# access-list test ?
deny Access list for denies
permit Access list for permits
Changes in zebra-0.68
++ Changes in lib
- DEFUN() is extended to support (a|b|c) statement.
- Input buffer overflow bug is fixed.
++ Changes in bgpd
- `ip community-list' is added.
- set community and match community is added to route-map statement.
- aggregate-address A.B.C.D/M partly works. Now it works only
summary-only mode.
++ Changes in zebra
- IPv6 network address delete bug is fixed.
++ Changes in ospfd
- DR election bug fixed.
- Now Database Description can be send or received.
- Neighbor State Machine goes to Full state.
++ Changes in ospf6d
- router zebra related bug is fixed.
zebra isn't working
Can't set interface's address.
Can't set interface's address.
Can't set interface's address.
Can't set interface's address.
waiting for a fix from author.
===
===> Building package for zebra-980604
tar: can't add file sbin/ripngd : No such file or directory
tar: can't add file etc/zebra/ripngd.conf.sample : No such file or directory
===
While I'm here, clean it up a little (move comment and CFLAGS override down,
change += to = for variable defined only once).
SNAP 980401
A free multithreaded RIP, OSPF, BGP4 router (server/reflector)
IPv6 support is for:
FreeBSD with INRIA
FreeBSD with Hydrangea
GNU/Linux with IPv6
Developer Mailing List:
majordomo@zebra.org
subscribe zebra [e-mail address] -- for English language ML
subscribe zebra-jp [e-mail address] -- for Japanese language ML