Package: quagga
Version: 0.99.21-3
Severity: normal
In the current quagga version that will be release with wheezy, the ospf
distribute-list command is broken. Worse, using it does not give any
warning, does not crash quagga, but the command is totally ignored.
The result of this bug is that when upgrading quagga from squeeze to
wheezy, distribute-list is ignored, which probably results in unwanted
routes to be advertised via ospf, potentially having disastrous effect
on the stability of a whole ospf network.
As test, I created a minimal ospf configuration, which shows the
distribute-list being ignored:
mekker(config)# sh run
Current configuration:
!
hostname mekker
password blaat
!
!
router ospf
ospf router-id 1.2.3.4
redistribute connected
!
access-list test deny any
!
line vty
!
end
mekker(config)# router ospf
mekker(config-router)# distribute-list test out connected
mekker(config-router)#
mekker(config)# sh run
Current configuration:
!
hostname mekker
password blaat
!
!
router ospf
ospf router-id 1.2.3.4
redistribute connected
!
access-list test deny any
!
line vty
!
end
Also, if the distribute-list command exists in the ospfd configuration
file and ospfd is started, the line gets ignored, without any warning or
whatsoever.
# cat /etc/quagga/ospfd.conf
!
hostname mekker
password blaat
!
!
router ospf
ospf router-id 1.2.3.4
redistribute connected
distribute-list test out connected
!
access-list test deny any
!
line vty
!
# /etc/init.d/quagga start
$ telnet localhost ospfd
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Hello, this is Quagga (version 0.99.21).
Copyright 1996-2005 Kunihiro Ishiguro, et al.
User Access Verification
Password:
mekker> en
mekker# sh run
Current configuration:
!
hostname mekker
password blaat
!
!
router ospf
ospf router-id 1.2.3.4
redistribute connected
!
access-list test deny any
!
line vty
!
end
mekker#
It's gone! And ospfd starts injecting all routes that had to be filtered
into your network now, happily messing up everything.
This bug was introduced in commit
e0ca5fde7be5b5ce90dae78c2477e8245aecb8e9 in quagga, and is clearly the
result of over-enthousiastic copy-pasting of almost(!) similar lines.
See
http://git.savannah.gnu.org/cgit/quagga.git/commit/?h=sf/ospfd&id=e0ca5fde7be5b5ce90dae78c2477e8245aecb8e9
click to ospfd/ospf_vty.c and look at the bottom two chunks of that patch.
Later, this issue was found and fixed in
1e47fb668d0125cbb6d53f73469093e744164a47: See
http://git.savannah.gnu.org/cgit/quagga.git/commit/?id=1e47fb668d0125cbb6d53f73469093e744164a47&h=master
There is no new quagga release available which includes this bugfix, but
it's merged to master in git. Both the introduction and fix of this bug
are trivial changes, so would there be any way to get this patch
included before the release? This would prevent network-downtime and
headaches for network admins while upgrading to wheezy.
I succesfully tested this patch by building packages for wheezy and
squeeze-backports based on 0.99.21-3 and installing them both on the
test machine I used for this bug report, and on test-locations in our
network.
Attached is the patch file which I created,
40_ospfd__ospf_vty.c__distribute-list.diff
--
Hans van Kranenburg - System / Network Engineer
T +31 (0)10 2760434 | hans.van.kranenb...@mendix.com | www.mendix.com
Upstream patch: 1e47fb668d0125cbb6d53f73469093e744164a47
Description: This patch fixes a regression bug introduced in commit
e0ca5fde7be5b5ce90dae78c2477e8245aecb8e9 which prevented the distribute-list
command from being executed.
Index: quagga-0.99.21/ospfd/ospf_vty.c
===================================================================
--- quagga-0.99.21.orig/ospfd/ospf_vty.c 2013-01-02 22:01:40.809660603 +0100
+++ quagga-0.99.21/ospfd/ospf_vty.c 2013-01-02 22:01:56.822404035 +0100
@@ -6037,7 +6037,7 @@
int source;
/* Get distribute source. */
- source = proto_redistnum(AFI_IP, argv[0]);
+ source = proto_redistnum(AFI_IP, argv[1]);
if (source < 0 || source == ZEBRA_ROUTE_OSPF)
return CMD_WARNING;
@@ -6056,7 +6056,7 @@
struct ospf *ospf = vty->index;
int source;
- source = proto_redistnum(AFI_IP, argv[0]);
+ source = proto_redistnum(AFI_IP, argv[1]);
if (source < 0 || source == ZEBRA_ROUTE_OSPF)
return CMD_WARNING;
