News
- 2007-09-18: Quagga Route-Server Live
Having today been allocated a shiny, new AS-number (196614), by RIPE, we'd like to now officially announce the Quagga Route-Server and invite everyone and anyone to peer with it! We're interested in:
- Live routes, for our 'global' view
- any other "junk" routes (private, generated, etc.), for our 'test' view
- Representative BGP implementations, from common vendors
- Unusual BGP implementations, e.g. quite old or quite new versions, or rare speakers
- As many routes, with as many differing attributes, as possible
I.e. if you've got a BGP speaker on the internet, and it is likely to remain on the internet, we'd like a session with it!
Sign up today!
- 2007-09-07: Quagga 0.99.9 Released
Quagga 0.99.9 has been released, and is available, along with a full changelog, in the usual places.
Thanks to everyone who helped by reporting bugs and testing fixes.
Release notes
bgpd: Low impact DoS (Mu Security)
This release fixes two potential DoS conditions in bgpd, reported by Mu Security, where a bgpd could be crashed if a peer sent a malformed OPEN message or a malformed COMMUNITY attribute. Only configured peers can do this, hence we consider these issues to be very low impact.
bgpd: crash with outbound route-maps
This release fixes a serious regression in bgpd in Quagga 0.99.8, where use of outbound route-maps would cause a crash.
bgpd: severe performance problems with regexes
Operators should be aware that allowing untrusted access to the bgpd vty are vulnerable to such untrusted users running regex commands that may cause bgpd to block for many minutes.
To try alleviate this, bgpd now passes the 'REG_NOSUB' flag to regcomp(). This may help good regex implementations to avoid doing a lot of work when users specify substitutions (which we will never use). Unfortunately, this doesn't appear to have much of an effect on the platforms I have tested (Solaris libc and GNU libc).
The 'PCRE' regex implementation however appears to be better behaved, and does not introduce huge slow-downs when regexes with substitutions are applied. Operators who continue to offer untrusted vty access may wish to preload the 'libpcreposix' library (e.g. using LD_PRELOAD). Be aware however that PCRE is not fully compatible with POSIX extended regexes, and this workaround may adversely impact existing configurations.
bgpd: AS-Pathlimit TTL attribute support added
This attribute allows for routes to be announced with a limited scope, specified in terms of numbers of AS-hopcount. See the TeXinfo documentation for further details.
isisd: Now supports Solaris
A short-form list of code related changes:
bgpd: - [bgpd] low-impact DoS: crash on malformed community with debug set - [bgpd] bug #398 Bogus free on out route-map, and assert() with rsclients - [bgpd] Add support for AS_PATHLIMIT / draft-ietf-idr-as-pathlimit - [bgpd] cleanup, compact and consolidate capability parsing code - [bgpd] Dont schedule dumps multiple times for same command - [bgpd] Pass NOSUB to regexec ospfd: - [ospfd] Bug #331, NSSA ASBR regression - failure to set E-bit in NSSA areas - Bug #362 is fixed now. - [ospfd] Fix bad SPF calculation on some topologies - incorrect sorting zebra: - + fixed bug #400: adjusted rtread_sysctl.c:route_read() - Looks like bug #320 is finally fixed now. - Fixed ioctl_solaris.c:if_get_mtu() for IPv6'less operation - Fixed bug #394 "RTF_DONE is ignored in rtm_read()" - Merged own patch for bug #390 (rewrite zebra/zebra_rib.c:nexthop_active_update()) - Use the proper field length for the peer's address (netlink_interface_addr) - Bugzilla #384. isisd: - [isisd] Add support for Solaris DLPI
- 2007-07-27: Quagga 0.99.8 Released
Quagga 0.99.8 has been released. As ever, the changelog has the full details. This release contains fixes for a few niggly bugs and regressions. the addition of route-map support within zebra, a potential 10 to 15% memory saving in bgpd and several build related changes.
A summary of changes follows:
- zebra:
- rib loop check for RIB_ENTRY_REMOVED checks wrong var
- [PtP] Fix BSD problems with PtP interfaces: must treat RTA_BRD as peer addre
- Add zebra_routemap.c
- Routemap support on received routes, with 'set src' command (linux)
- lib
- Add comments regarding setsockopt_multicast_ipv4 arguments.
- build:
- configure needs to check for struct icmphdr for IRDP
- [linux] Fix strange compilation problem by explicitly including <linux/types
- [zebra] Trivial patches so we can compile when IPv6 is not enabled
- [autoconf] Fix missing space character in previous commit
- [autoconf] GNU_SOURCE can be defined twice, through AC_FUNC_STRNLEN
- [autoconf] add back check for inet_aton
- [autoconf] bugs 162,303,178: Fix 'present but can not be compiled' warnings
- Improve portability by invoking gcc with -std=gnu99 instead of -std=c99
- ospfd
- Fix address qualified 'ip ospf auth' commands
- Bug #330 regression: Fix ospf_spf_add_parent assert
- network command now behaves more logically when a peer prefix is defined
- vtysh
- bug #371: vtysh forgets to print 'end' for write-terminal
- bgpd
- bug #370, default-originate was broken by a silly thinko
- Trim memory usage of BGP routes
- ospf6d:
- Fix silly bug: muse use strcmp to compare strings
- zebra:
- 2007-06-22: DNS disruptions
Due to DNS updates in progress there likely will be some apparent disruption to access to services, including Bugzilla and the email lists, over the course of at least today and tomorrow.
