Debian Bug report logs - #495232
quagga: zebra ignores routes added via command line

version graph

Package: quagga; Maintainer for quagga is Christian Hammers <ch@debian.org>; Source for quagga is src:quagga.

Reported by: Hannes Schulz <schulz@schwaar.com>

Date: Fri, 15 Aug 2008 14:24:01 UTC

Severity: grave

Tags: fixed-upstream, patch, upstream

Found in version quagga/0.99.10-1

Fixed in versions quagga/0.99.11-1, quagga/0.99.10-1lenny1

Done: Christian Hammers <ch@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Christian Hammers <ch@debian.org>:
Bug#495232; Package quagga. Full text and rfc822 format available.

Acknowledgement sent to Hannes Schulz <schulz@schwaar.com>:
New Bug report received and forwarded. Copy sent to Christian Hammers <ch@debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Hannes Schulz <schulz@schwaar.com>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: quagga: zebra ignores routes added via command line
Date: Fri, 15 Aug 2008 16:23:04 +0200
Package: quagga
Version: 0.99.10-1
Severity: normal

I try to add routes with "/sbin/ip" e.g.
  /sbin/ip ro add 62.116.121.19 dev br8

strace suggests the resulting netlink message never reaches zebra.


-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.26.2-hwh8 (SMP w/4 CPU cores)
Locale: LANG=de_AT.UTF-8, LC_CTYPE=de_AT.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages quagga depends on:
ii  adduser                       3.108      add and remove users and groups
ii  debconf [debconf-2.0]         1.5.22     Debian configuration management sy
ii  iproute                       20080725-2 networking and traffic control too
ii  libc6                         2.7-13     GNU C Library: Shared libraries
ii  libcap1                       1:1.10-14  support for getting/setting POSIX.
ii  libpam0g                      0.99.7.1-7 Pluggable Authentication Modules l
ii  libpcre3                      7.6-2.1    Perl 5 Compatible Regular Expressi
ii  libreadline5                  5.2-3      GNU readline and history libraries
ii  logrotate                     3.7.1-3    Log rotation utility

quagga recommends no packages.

Versions of packages quagga suggests:
pn  snmpd                         <none>     (no description available)

-- debconf information excluded




Information forwarded to debian-bugs-dist@lists.debian.org, Christian Hammers <ch@debian.org>:
Bug#495232; Package quagga. Full text and rfc822 format available.

Acknowledgement sent to Hannes Schulz <schulz@schwaar.com>:
Extra info received and forwarded to list. Copy sent to Christian Hammers <ch@debian.org>. Full text and rfc822 format available.

Message #10 received at 495232@bugs.debian.org (full text, mbox):

From: Hannes Schulz <schulz@schwaar.com>
To: 495232@bugs.debian.org
Subject: I have a patch for this bug
Date: Fri, 15 Aug 2008 16:29:16 +0200
--- zebra/rt_netlink.c	2008-08-15 15:42:56.000000000 +0200
+++ zebra/rt_netlink.c	2008-08-15 15:43:19.000000000 +0200
@@ -1971,7 +1971,7 @@
     /* 7*/ BPF_STMT(BPF_LD|BPF_ABS|BPF_B,
 		    sizeof(struct nlmsghdr) + offsetof(struct rtmsg, rtm_protocol)),
     /* 8*/ BPF_JUMP(BPF_JMP+ BPF_B, RTPROT_REDIRECT, 4, 0),
-    /* 9*/ BPF_JUMP(BPF_JMP+ BPF_B, RTPROT_KERNEL, 0, 1),
+    /* 9*/ BPF_JUMP(BPF_JMP+ BPF_B, RTPROT_KERNEL, 3, 0),
     /*10*/ BPF_JUMP(BPF_JMP+ BPF_B, RTPROT_ZEBRA, 0, 3),
     /*11*/ BPF_STMT(BPF_LD|BPF_ABS|BPF_H, offsetof(struct nlmsghdr,
nlmsg_type)),
     /*12*/ BPF_JUMP(BPF_JMP|BPF_JEQ|BPF_K, htons(RTM_NEWROUTE), 0, 1),


This brings the BPF in line with the description (which is in file
zebra/rt_netlink.c line 1945 ff.) and addresses the bug.

Please apply

--
Hannes




Information forwarded to debian-bugs-dist@lists.debian.org, Christian Hammers <ch@debian.org>:
Bug#495232; Package quagga. Full text and rfc822 format available.

Acknowledgement sent to "Christian Hammers" <ch@lathspell.de>:
Extra info received and forwarded to list. Copy sent to Christian Hammers <ch@debian.org>. Full text and rfc822 format available.

Message #15 received at 495232@bugs.debian.org (full text, mbox):

From: "Christian Hammers" <ch@lathspell.de>
To: "Hannes Schulz" <schulz@schwaar.com>
Cc: 495232@bugs.debian.org
Subject: Re: I just sent a bugreport + patch to quagga-dev and reported it as bug 495232 in debian's BTS.
Date: Sat, 16 Aug 2008 20:38:29 +0200 (CEST)
> I'd like you to verify the bug and consider the patch for lenny.

Please discuss this patch with the upstream author on the quagga users
mailing list at http://lists.quagga.net/mailman/listinfo/quagga-users

I don't like adding patches to the quagga sources so ask the upstream
author if he accepts it.

bye,

-christian-





Information forwarded to debian-bugs-dist@lists.debian.org, Christian Hammers <ch@debian.org>:
Bug#495232; Package quagga. (Thu, 20 Nov 2008 17:24:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Friedemann Stoyan <fstoyan@swapon.de>:
Extra info received and forwarded to list. Copy sent to Christian Hammers <ch@debian.org>. (Thu, 20 Nov 2008 17:24:15 GMT) Full text and rfc822 format available.

Message #20 received at 495232@bugs.debian.org (full text, mbox):

From: Friedemann Stoyan <fstoyan@swapon.de>
To: 495232@bugs.debian.org
Subject: Please unblock 0.99.11-1
Date: Thu, 20 Nov 2008 18:20:22 +0100
Dear Maintainers,

I run into the same trouble, quagga 0.99.10-1 is completely unusable for me. I 
compiled quagga source 0.99.11-1 from unstable for lenny. This version fixes 
the bug. Please unblock quagga 0.99.11-1.


Regards
Friedemann




Information forwarded to debian-bugs-dist@lists.debian.org, Christian Hammers <ch@debian.org>:
Bug#495232; Package quagga. (Thu, 20 Nov 2008 18:00:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to paul@cupis.co.uk (Paul Cupis):
Extra info received and forwarded to list. Copy sent to Christian Hammers <ch@debian.org>. (Thu, 20 Nov 2008 18:00:02 GMT) Full text and rfc822 format available.

Message #25 received at 495232@bugs.debian.org (full text, mbox):

From: paul@cupis.co.uk (Paul Cupis)
To: Friedemann Stoyan <fstoyan@swapon.de>, 495232@bugs.debian.org
Subject: Re: Bug#495232: Please unblock 0.99.11-1
Date: Thu, 20 Nov 2008 17:57:41 +0000
On Thu, Nov 20, 2008 at 06:20:22PM +0100, Friedemann Stoyan wrote:
> I run into the same trouble, quagga 0.99.10-1 is completely unusable for 
> me. I compiled quagga source 0.99.11-1 from unstable for lenny. This 
> version fixes the bug. Please unblock quagga 0.99.11-1.

Upstream are considering dumping 0.99.11 due to a bug in the OSPF code -
0.99.12 is due to be released in the coming weeks with the fix (or can
be patched etc).

Regards,





Severity set to `grave' from `normal' Request was from Bernhard Miklautz <miklautz@inqnet.at> to control@bugs.debian.org. (Wed, 10 Dec 2008 17:57:03 GMT) Full text and rfc822 format available.

Tags added: patch Request was from Andreas Henriksson <andreas@fatal.se> to control@bugs.debian.org. (Fri, 12 Dec 2008 21:09:09 GMT) Full text and rfc822 format available.

Bug marked as fixed in version 0.99.11-1. Request was from Ben Hutchings <ben@decadent.org.uk> to control@bugs.debian.org. (Sun, 28 Dec 2008 12:51:05 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Christian Hammers <ch@debian.org>:
Bug#495232; Package quagga. (Fri, 02 Jan 2009 02:42:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Cyril Brulebois <kibi@debian.org>:
Extra info received and forwarded to list. Copy sent to Christian Hammers <ch@debian.org>. (Fri, 02 Jan 2009 02:42:02 GMT) Full text and rfc822 format available.

Message #36 received at 495232@bugs.debian.org (full text, mbox):

From: Cyril Brulebois <kibi@debian.org>
To: Hannes Schulz <schulz@schwaar.com>
Cc: Friedemann Stoyan <fstoyan@swapon.de>, Paul Cupis <paul@cupis.co.uk>, 495232@bugs.debian.org
Subject: Re: Bug#495232: Please unblock 0.99.11-1
Date: Fri, 2 Jan 2009 03:37:51 +0100
[Message part 1 (text/plain, inline)]
Paul Cupis <paul@cupis.co.uk> (20/11/2008):
> On Thu, Nov 20, 2008 at 06:20:22PM +0100, Friedemann Stoyan wrote:
> > I run into the same trouble, quagga 0.99.10-1 is completely unusable
> > for me. I compiled quagga source 0.99.11-1 from unstable for lenny.
> > This version fixes the bug. Please unblock quagga 0.99.11-1.
> 
> Upstream are considering dumping 0.99.11 due to a bug in the OSPF code
> - 0.99.12 is due to be released in the coming weeks with the fix (or
> can be patched etc).

Hello,

I'm wondering what to do with quagga for that bug WRT lenny. The diff
between .10 and .11 is *huge*¹. Would a backport of the specific patch
(as the one proposed by Hannes Schulz) for lenny be acceptable for a
t-p-u upload?

¹: 206 files changed, 5133 insertions(+), 25909 deletions(-) according
   to a diffstat on a source debdiff.

Hannes, did you contact upstream asking whether your patch would be
suitable on top of .10? If you didn't, could you please do so, and point
to the first mail of the thread by replying to the Debian bugreport, so
that one can easily track it?

Thanks for your time!

Mraw,
KiBi.
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Christian Hammers <ch@debian.org>:
Bug#495232; Package quagga. (Sun, 04 Jan 2009 20:48:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Ben Hutchings <ben@decadent.org.uk>:
Extra info received and forwarded to list. Copy sent to Christian Hammers <ch@debian.org>. (Sun, 04 Jan 2009 20:48:02 GMT) Full text and rfc822 format available.

Message #41 received at 495232@bugs.debian.org (full text, mbox):

From: Ben Hutchings <ben@decadent.org.uk>
To: Stephen Hemminger <stephen.hemminger@vyatta.com>
Cc: "quagga-dev "@lists.quagga.net, 495232@bugs.debian.org
Subject: quagga 0.99.10: zebra ignores routes added via command line
Date: Sun, 04 Jan 2009 20:45:49 +0000
[Message part 1 (text/plain, inline)]
Stephen,

Debian 5.0 "lenny" will release with quagga 0.99.10.  However we have a
bug report that:

"I try to add routes with "/sbin/ip" e.g.
  /sbin/ip ro add 62.116.121.19 dev br8

strace suggests the resulting netlink message never reaches zebra."

and the proposed fix to the netlink filter:

--- zebra/rt_netlink.c	2008-08-15 15:42:56.000000000 +0200
+++ zebra/rt_netlink.c	2008-08-15 15:43:19.000000000 +0200
@@ -1971,7 +1971,7 @@
     /* 7*/ BPF_STMT(BPF_LD|BPF_ABS|BPF_B,
 		    sizeof(struct nlmsghdr) + offsetof(struct rtmsg, rtm_protocol)),
     /* 8*/ BPF_JUMP(BPF_JMP+ BPF_B, RTPROT_REDIRECT, 4, 0),
-    /* 9*/ BPF_JUMP(BPF_JMP+ BPF_B, RTPROT_KERNEL, 0, 1),
+    /* 9*/ BPF_JUMP(BPF_JMP+ BPF_B, RTPROT_KERNEL, 3, 0),
     /*10*/ BPF_JUMP(BPF_JMP+ BPF_B, RTPROT_ZEBRA, 0, 3),
     /*11*/ BPF_STMT(BPF_LD|BPF_ABS|BPF_H, offsetof(struct nlmsghdr, nlmsg_type)),
     /*12*/ BPF_JUMP(BPF_JMP|BPF_JEQ|BPF_K, htons(RTM_NEWROUTE), 0, 1),
--- END ---

This looks correct to me.  Please can you confirm?

Ben.

-- 
Ben Hutchings
[W]e found...that it wasn't as easy to get programs right as we had thought.
... I realized that a large part of my life from then on was going to be spent
in finding mistakes in my own programs. - Maurice Wilkes, 1949
[signature.asc (application/pgp-signature, inline)]

Tags added: upstream, fixed-upstream Request was from Ben Hutchings <ben@decadent.org.uk> to control@bugs.debian.org. (Sun, 04 Jan 2009 20:48:06 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Christian Hammers <ch@debian.org>:
Bug#495232; Package quagga. (Sun, 04 Jan 2009 23:42:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Christian Hammers <ch@lathspell.de>:
Extra info received and forwarded to list. Copy sent to Christian Hammers <ch@debian.org>. (Sun, 04 Jan 2009 23:42:03 GMT) Full text and rfc822 format available.

Message #48 received at 495232@bugs.debian.org (full text, mbox):

From: Christian Hammers <ch@lathspell.de>
To: Cyril Brulebois <kibi@debian.org>, 495232@bugs.debian.org
Cc: Hannes Schulz <schulz@schwaar.com>, Friedemann Stoyan <fstoyan@swapon.de>, Paul Cupis <paul@cupis.co.uk>, 495232@bugs.debian.org
Subject: Re: Bug#495232: Please unblock 0.99.11-1
Date: Mon, 5 Jan 2009 00:40:51 +0100
Hello

I've just prepared a 0.99.10-1lenny1 version that includes the
one-line patch. While the original version seems to ignore
simple route additions with "ip route", the patched one shows
them (example below).

If any of the upstream authors answers to the mail to quagga-dev,
I'll upload the patch immediately and ask on debian-release for
an unblock.

Example:
Router# show ip route 
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
       I - ISIS, B - BGP, > - selected route, * - FIB route

K>* 0.0.0.0/0 via 192.168.42.1, eth0
C>* 127.0.0.0/8 is directly connected, lo
C>* 192.168.42.0/24 is directly connected, eth0
K>* 192.168.66.0/24 via 192.168.42.66, eth0
       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Router# show ip route 
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
       I - ISIS, B - BGP, > - selected route, * - FIB route

K>* 0.0.0.0/0 via 192.168.42.1, eth0
C>* 127.0.0.0/8 is directly connected, lo
C>* 192.168.42.0/24 is directly connected, eth0

Router# show ip route 
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
       I - ISIS, B - BGP, > - selected route, * - FIB route

K>* 0.0.0.0/0 via 192.168.42.1, eth0
C>* 127.0.0.0/8 is directly connected, lo
C>* 192.168.42.0/24 is directly connected, eth0
K>* 192.168.66.0/24 via 192.168.42.66, eth0
      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^


bye,

-christian-



Am Fri, 2 Jan 2009 03:37:51 +0100
schrieb Cyril Brulebois <kibi@debian.org>:

> Paul Cupis <paul@cupis.co.uk> (20/11/2008):
> > On Thu, Nov 20, 2008 at 06:20:22PM +0100, Friedemann Stoyan wrote:
> > > I run into the same trouble, quagga 0.99.10-1 is completely
> > > unusable for me. I compiled quagga source 0.99.11-1 from unstable
> > > for lenny. This version fixes the bug. Please unblock quagga
> > > 0.99.11-1.
> > 
> > Upstream are considering dumping 0.99.11 due to a bug in the OSPF
> > code
> > - 0.99.12 is due to be released in the coming weeks with the fix (or
> > can be patched etc).
> 
> Hello,
> 
> I'm wondering what to do with quagga for that bug WRT lenny. The diff
> between .10 and .11 is *huge*¹. Would a backport of the specific patch
> (as the one proposed by Hannes Schulz) for lenny be acceptable for a
> t-p-u upload?
> 
> ¹: 206 files changed, 5133 insertions(+), 25909 deletions(-) according
>    to a diffstat on a source debdiff.
> 
> Hannes, did you contact upstream asking whether your patch would be
> suitable on top of .10? If you didn't, could you please do so, and
> point to the first mail of the thread by replying to the Debian
> bugreport, so that one can easily track it?
> 
> Thanks for your time!
> 
> Mraw,
> KiBi.




Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#495232; Package quagga. (Mon, 05 Jan 2009 23:54:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Christian Hammers <ch@debian.org>:
Extra info received and forwarded to list. (Mon, 05 Jan 2009 23:54:02 GMT) Full text and rfc822 format available.

Message #53 received at 495232@bugs.debian.org (full text, mbox):

From: Christian Hammers <ch@debian.org>
To: quagga-dev@lists.quagga.net
Cc: Ben Hutchings <ben@decadent.org.uk>, 495232@bugs.debian.org, Stephen Hemminger <stephen.hemminger@vyatta.com>
Subject: Re: Bug#495232: quagga 0.99.10: zebra ignores routes added via command line
Date: Tue, 6 Jan 2009 00:53:09 +0100
[resent to quagga-dev as there was a space in the e-mail address and
the mail did not show up in the mailing list archives -ch]

On Sun, 04 Jan 2009, Ben Hutchings <ben@decadent.org.uk> wrote:

Stephen,
 
Debian 5.0 "lenny" will release with quagga 0.99.10.  However we have
a bug report that:
 
"I try to add routes with "/sbin/ip" e.g.
 /sbin/ip ro add 62.116.121.19 dev br8

strace suggests the resulting netlink message never reaches zebra."

and the proposed fix to the netlink filter:

--- zebra/rt_netlink.c	2008-08-15 15:42:56.000000000 +0200
+++ zebra/rt_netlink.c	2008-08-15 15:43:19.000000000 +0200
@@ -1971,7 +1971,7 @@
     /* 7*/ BPF_STMT(BPF_LD|BPF_ABS|BPF_B,
		    sizeof(struct nlmsghdr) + offsetof(struct rtmsg, rtm_protocol)),
     /* 8*/ BPF_JUMP(BPF_JMP+ BPF_B, RTPROT_REDIRECT, 4, 0),
-    /* 9*/ BPF_JUMP(BPF_JMP+ BPF_B, RTPROT_KERNEL, 0, 1),
+    /* 9*/ BPF_JUMP(BPF_JMP+ BPF_B, RTPROT_KERNEL, 3, 0),
     /*10*/ BPF_JUMP(BPF_JMP+ BPF_B, RTPROT_ZEBRA, 0, 3),
     /*11*/ BPF_STMT(BPF_LD|BPF_ABS|BPF_H, offsetof(struct nlmsghdr, nlmsg_type)), 
     /*12*/ BPF_JUMP(BPF_JMP|BPF_JEQ|BPF_K, htons(RTM_NEWROUTE), 0, 1), 
--- END ---

This looks correct to me.  Please can you confirm?
 
Ben.
 




Information forwarded to debian-bugs-dist@lists.debian.org, Christian Hammers <ch@debian.org>:
Bug#495232; Package quagga. (Tue, 06 Jan 2009 00:27:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Stephen Hemminger <shemminger@vyatta.com>:
Extra info received and forwarded to list. Copy sent to Christian Hammers <ch@debian.org>. (Tue, 06 Jan 2009 00:27:02 GMT) Full text and rfc822 format available.

Message #58 received at 495232@bugs.debian.org (full text, mbox):

From: Stephen Hemminger <shemminger@vyatta.com>
To: Christian Hammers <ch@debian.org>
Cc: Ben Hutchings <ben@decadent.org.uk>, 495232@bugs.debian.org, Stephen Hemminger <stephen.hemminger@vyatta.com>
Subject: Re: Bug#495232: quagga 0.99.10: zebra ignores routes added via command line
Date: Mon, 5 Jan 2009 16:23:17 -0800
On Tue, 6 Jan 2009 00:53:09 +0100
Christian Hammers <ch@debian.org> wrote:

> [resent to quagga-dev as there was a space in the e-mail address and
> the mail did not show up in the mailing list archives -ch]
> 
> On Sun, 04 Jan 2009, Ben Hutchings <ben@decadent.org.uk> wrote:
> 
> Stephen,
>  
> Debian 5.0 "lenny" will release with quagga 0.99.10.  However we have
> a bug report that:
>  
> "I try to add routes with "/sbin/ip" e.g.
>  /sbin/ip ro add 62.116.121.19 dev br8
> 
> strace suggests the resulting netlink message never reaches zebra."
> 
> and the proposed fix to the netlink filter:
> 
> --- zebra/rt_netlink.c	2008-08-15 15:42:56.000000000 +0200
> +++ zebra/rt_netlink.c	2008-08-15 15:43:19.000000000 +0200
> @@ -1971,7 +1971,7 @@
>      /* 7*/ BPF_STMT(BPF_LD|BPF_ABS|BPF_B,
> 		    sizeof(struct nlmsghdr) + offsetof(struct rtmsg, rtm_protocol)),
>      /* 8*/ BPF_JUMP(BPF_JMP+ BPF_B, RTPROT_REDIRECT, 4, 0),
> -    /* 9*/ BPF_JUMP(BPF_JMP+ BPF_B, RTPROT_KERNEL, 0, 1),
> +    /* 9*/ BPF_JUMP(BPF_JMP+ BPF_B, RTPROT_KERNEL, 3, 0),
>      /*10*/ BPF_JUMP(BPF_JMP+ BPF_B, RTPROT_ZEBRA, 0, 3),
>      /*11*/ BPF_STMT(BPF_LD|BPF_ABS|BPF_H, offsetof(struct nlmsghdr, nlmsg_type)), 
>      /*12*/ BPF_JUMP(BPF_JMP|BPF_JEQ|BPF_K, htons(RTM_NEWROUTE), 0, 1), 
> --- END ---
> 
> This looks correct to me.  Please can you confirm?
>  
> Ben.
>  

I changed it around later versions and used a different (better method) that handles all protocols
and filter based on nlmsg_pid. I haven't been getting lots of uptake on quagga patches
so only post them about once a Vyatta release.







Information forwarded to debian-bugs-dist@lists.debian.org, Christian Hammers <ch@debian.org>:
Bug#495232; Package quagga. (Tue, 06 Jan 2009 00:51:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Ben Hutchings <ben@decadent.org.uk>:
Extra info received and forwarded to list. Copy sent to Christian Hammers <ch@debian.org>. (Tue, 06 Jan 2009 00:51:02 GMT) Full text and rfc822 format available.

Message #63 received at 495232@bugs.debian.org (full text, mbox):

From: Ben Hutchings <ben@decadent.org.uk>
To: Stephen Hemminger <shemminger@vyatta.com>
Cc: Christian Hammers <ch@debian.org>, 495232@bugs.debian.org, Stephen Hemminger <stephen.hemminger@vyatta.com>
Subject: Re: Bug#495232: quagga 0.99.10: zebra ignores routes added via command line
Date: Tue, 06 Jan 2009 00:49:16 +0000
[Message part 1 (text/plain, inline)]
On Mon, 2009-01-05 at 16:23 -0800, Stephen Hemminger wrote:
> On Tue, 6 Jan 2009 00:53:09 +0100
> Christian Hammers <ch@debian.org> wrote:
> 
> > [resent to quagga-dev as there was a space in the e-mail address and
> > the mail did not show up in the mailing list archives -ch]
> > 
> > On Sun, 04 Jan 2009, Ben Hutchings <ben@decadent.org.uk> wrote:
> > 
> > Stephen,
> >  
> > Debian 5.0 "lenny" will release with quagga 0.99.10.  However we have
> > a bug report that:
> >  
> > "I try to add routes with "/sbin/ip" e.g.
> >  /sbin/ip ro add 62.116.121.19 dev br8
> > 
> > strace suggests the resulting netlink message never reaches zebra."
> > 
> > and the proposed fix to the netlink filter:
> > 
> > --- zebra/rt_netlink.c	2008-08-15 15:42:56.000000000 +0200
> > +++ zebra/rt_netlink.c	2008-08-15 15:43:19.000000000 +0200
> > @@ -1971,7 +1971,7 @@
> >      /* 7*/ BPF_STMT(BPF_LD|BPF_ABS|BPF_B,
> > 		    sizeof(struct nlmsghdr) + offsetof(struct rtmsg, rtm_protocol)),
> >      /* 8*/ BPF_JUMP(BPF_JMP+ BPF_B, RTPROT_REDIRECT, 4, 0),
> > -    /* 9*/ BPF_JUMP(BPF_JMP+ BPF_B, RTPROT_KERNEL, 0, 1),
> > +    /* 9*/ BPF_JUMP(BPF_JMP+ BPF_B, RTPROT_KERNEL, 3, 0),
> >      /*10*/ BPF_JUMP(BPF_JMP+ BPF_B, RTPROT_ZEBRA, 0, 3),
> >      /*11*/ BPF_STMT(BPF_LD|BPF_ABS|BPF_H, offsetof(struct nlmsghdr, nlmsg_type)), 
> >      /*12*/ BPF_JUMP(BPF_JMP|BPF_JEQ|BPF_K, htons(RTM_NEWROUTE), 0, 1), 
> > --- END ---
> > 
> > This looks correct to me.  Please can you confirm?
> >  
> > Ben.
> >  
> 
> I changed it around later versions and used a different (better method) that handles all protocols
> and filter based on nlmsg_pid. I haven't been getting lots of uptake on quagga patches
> so only post them about once a Vyatta release.

Yes, I saw the filter is quite different in 0.99.11.  But we want to
make a minimal change to 0.99.10, which has:

  /*
   * Filter is equivalent to netlink_route_change
   *
   * if (h->nlmsg_type == RTM_DELROUTE || h->nlmsg_type == RTM_NEWROUTE) {
   *    if (rtm->rtm_type != RTM_UNICAST)
   *    	return 0;
   *    if (rtm->rtm_flags & RTM_F_CLONED)
   *    	return 0;
   *    if (rtm->rtm_protocol == RTPROT_REDIRECT)
   *    	return 0;
   *    if (rtm->rtm_protocol == RTPROT_KERNEL)
   *        return 0;
   *    if (rtm->rtm_protocol == RTPROT_ZEBRA && h->nlmsg_type == RTM_NEWROUTE)
   * 	return 0;
   * }
   * return 0xffff;
   */
  struct sock_filter filter[] = {
    /* 0*/ BPF_STMT(BPF_LD|BPF_ABS|BPF_H, offsetof(struct nlmsghdr, nlmsg_type)),
    /* 1*/ BPF_JUMP(BPF_JMP|BPF_JEQ|BPF_K, htons(RTM_DELROUTE), 1, 0),
    /* 2*/ BPF_JUMP(BPF_JMP|BPF_JEQ|BPF_K, htons(RTM_NEWROUTE), 0, 11),
    /* 3*/ BPF_STMT(BPF_LD|BPF_ABS|BPF_B,
		    sizeof(struct nlmsghdr) + offsetof(struct rtmsg, rtm_type)),
    /* 4*/ BPF_JUMP(BPF_JMP|BPF_B, RTN_UNICAST, 0, 8),
    /* 5*/ BPF_STMT(BPF_LD|BPF_ABS|BPF_B,
		    sizeof(struct nlmsghdr) + offsetof(struct rtmsg, rtm_flags)),
    /* 6*/ BPF_JUMP(BPF_JMP|BPF_JSET|BPF_K, RTM_F_CLONED, 6, 0),
    /* 7*/ BPF_STMT(BPF_LD|BPF_ABS|BPF_B,
		    sizeof(struct nlmsghdr) + offsetof(struct rtmsg, rtm_protocol)),
    /* 8*/ BPF_JUMP(BPF_JMP+ BPF_B, RTPROT_REDIRECT, 4, 0),
    /* 9*/ BPF_JUMP(BPF_JMP+ BPF_B, RTPROT_KERNEL, 0, 1),
    /*10*/ BPF_JUMP(BPF_JMP+ BPF_B, RTPROT_ZEBRA, 0, 3),
    /*11*/ BPF_STMT(BPF_LD|BPF_ABS|BPF_H, offsetof(struct nlmsghdr, nlmsg_type)),
    /*12*/ BPF_JUMP(BPF_JMP|BPF_JEQ|BPF_K, htons(RTM_NEWROUTE), 0, 1),
    /*13*/ BPF_STMT(BPF_RET|BPF_K, 0),		/* drop */
    /*14*/ BPF_STMT(BPF_RET|BPF_K, 0xffff),	/* keep */
  };

The offsets for instruction 9 need to be 3, 0 to match the code in the
comment, don't they?

Ben.

-- 
Ben Hutchings
I say we take off; nuke the site from orbit.  It's the only way to be sure.
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Christian Hammers <ch@debian.org>:
Bug#495232; Package quagga. (Tue, 06 Jan 2009 10:51:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Joakim Tjernlund" <Joakim.Tjernlund@transmode.se>:
Extra info received and forwarded to list. Copy sent to Christian Hammers <ch@debian.org>. (Tue, 06 Jan 2009 10:51:04 GMT) Full text and rfc822 format available.

Message #68 received at 495232@bugs.debian.org (full text, mbox):

From: "Joakim Tjernlund" <Joakim.Tjernlund@transmode.se>
To: "'Christian Hammers'" <ch@debian.org>, <quagga-dev@lists.quagga.net>
Cc: <Stephen@services.quagga.net>, "'Hemminger'" <stephen.hemminger@vyatta.com>, "'Ben Hutchings'" <ben@decadent.org.uk>, <495232@bugs.debian.org>
Subject: RE: [quagga-dev 6315] Re: Bug#495232: quagga 0.99.10: zebra ignores routes added via command line
Date: Tue, 6 Jan 2009 11:50:35 +0100
> On Sun, 04 Jan 2009, Ben Hutchings <ben@decadent.org.uk> wrote:
> 
> Stephen,
> 
> Debian 5.0 "lenny" will release with quagga 0.99.10.  However we have
> a bug report that:
> 
> "I try to add routes with "/sbin/ip" e.g.
>  /sbin/ip ro add 62.116.121.19 dev br8
> 
> strace suggests the resulting netlink message never reaches zebra."
> 
> and the proposed fix to the netlink filter:
> 
> --- zebra/rt_netlink.c	2008-08-15 15:42:56.000000000 +0200
> +++ zebra/rt_netlink.c	2008-08-15 15:43:19.000000000 +0200
> @@ -1971,7 +1971,7 @@
>      /* 7*/ BPF_STMT(BPF_LD|BPF_ABS|BPF_B,
> 		    sizeof(struct nlmsghdr) + offsetof(struct rtmsg, rtm_protocol)),
>      /* 8*/ BPF_JUMP(BPF_JMP+ BPF_B, RTPROT_REDIRECT, 4, 0),
> -    /* 9*/ BPF_JUMP(BPF_JMP+ BPF_B, RTPROT_KERNEL, 0, 1),
> +    /* 9*/ BPF_JUMP(BPF_JMP+ BPF_B, RTPROT_KERNEL, 3, 0),
>      /*10*/ BPF_JUMP(BPF_JMP+ BPF_B, RTPROT_ZEBRA, 0, 3),
>      /*11*/ BPF_STMT(BPF_LD|BPF_ABS|BPF_H, offsetof(struct nlmsghdr, nlmsg_type)),
>      /*12*/ BPF_JUMP(BPF_JMP|BPF_JEQ|BPF_K, htons(RTM_NEWROUTE), 0, 1),
> --- END ---
> 
> This looks correct to me.  Please can you confirm?
> 
> Ben.

Don't know , but the current Quagga has something rather different. Check
http://code.quagga.net/cgi-bin/gitweb.cgi?p=quagga.git;a=commitdiff;h=3d265b4d9d748bf4c92aefebc2ca0c04fd607945;hp=30a2231a4881f53dec
a61ef7a62b225a43dab4c5

 Jocke





Information forwarded to debian-bugs-dist@lists.debian.org, Christian Hammers <ch@debian.org>:
Bug#495232; Package quagga. (Tue, 06 Jan 2009 19:48:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Hannes Schulz <schulz@schwaar.com>:
Extra info received and forwarded to list. Copy sent to Christian Hammers <ch@debian.org>. (Tue, 06 Jan 2009 19:48:02 GMT) Full text and rfc822 format available.

Message #73 received at 495232@bugs.debian.org (full text, mbox):

From: Hannes Schulz <schulz@schwaar.com>
To: Cyril Brulebois <kibi@debian.org>
Cc: Friedemann Stoyan <fstoyan@swapon.de>, Paul Cupis <paul@cupis.co.uk>, 495232@bugs.debian.org
Subject: Re: Bug#495232: Please unblock 0.99.11-1
Date: Tue, 06 Jan 2009 20:47:17 +0100
--On 02. Jänner 2009 03:37:51 +0100 Cyril Brulebois <kibi@debian.org>
wrote:

> Paul Cupis <paul@cupis.co.uk> (20/11/2008):
>> On Thu, Nov 20, 2008 at 06:20:22PM +0100, Friedemann Stoyan wrote:
>> > I run into the same trouble, quagga 0.99.10-1 is completely unusable
>> > for me. I compiled quagga source 0.99.11-1 from unstable for lenny.
>> > This version fixes the bug. Please unblock quagga 0.99.11-1.
>> 
>> Upstream are considering dumping 0.99.11 due to a bug in the OSPF code
>> - 0.99.12 is due to be released in the coming weeks with the fix (or
>> can be patched etc).
> 
> Hello,
> 
> I'm wondering what to do with quagga for that bug WRT lenny. The diff
> between .10 and .11 is *huge*¹. Would a backport of the specific patch
> (as the one proposed by Hannes Schulz) for lenny be acceptable for a
> t-p-u upload?
> 
> ¹: 206 files changed, 5133 insertions(+), 25909 deletions(-) according
>    to a diffstat on a source debdiff.
> 
> Hannes, did you contact upstream asking whether your patch would be
> suitable on top of .10? If you didn't, could you please do so, and point
> to the first mail of the thread by replying to the Debian bugreport, so
> that one can easily track it?
> 
> Thanks for your time!
> 


If I recall correctly, Stephen Hemminger wanted to move on to somthing
completely different.

Yours

Hannes







Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#495232; Package quagga. (Tue, 06 Jan 2009 23:24:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Christian Hammers <ch@debian.org>:
Extra info received and forwarded to list. (Tue, 06 Jan 2009 23:24:02 GMT) Full text and rfc822 format available.

Message #78 received at 495232@bugs.debian.org (full text, mbox):

From: Christian Hammers <ch@debian.org>
To: Ben Hutchings <ben@decadent.org.uk>, Hannes Schulz <schulz@schwaar.com>, Stephen Hemminger <shemminger@vyatta.com>
Cc: Cyril Brulebois <kibi@debian.org>, 495232@bugs.debian.org
Subject: Re: Bug#495232: quagga 0.99.10: zebra ignores routes added via command line
Date: Wed, 7 Jan 2009 00:22:18 +0100
Hello

Stephen, I was pointed out the the patch on

http://code.quagga.net/cgi-bin/gitweb.cgi?p=quagga.git;a=commitdiff;h=3d265b4d9d748bf4c92aefebc2ca0c04fd607945;hp=30a2231a4881f53deca61ef7a62b225a43dab4c5

It seems to work here and was signed-off by Paul Jakma. Can you confirm that 
this patch is all (an no other patch has to be applied as well)?

Hannes, you said something about security issues, did you mean in the
patch from the above mentioned URL? Why is one of the patches insecure?

bye,

-christian-




Am Tue, 06 Jan 2009 00:49:16 +0000
schrieb Ben Hutchings <ben@decadent.org.uk>:

> On Mon, 2009-01-05 at 16:23 -0800, Stephen Hemminger wrote:
> > On Tue, 6 Jan 2009 00:53:09 +0100
> > Christian Hammers <ch@debian.org> wrote:
> > 
> > > [resent to quagga-dev as there was a space in the e-mail address
> > > and the mail did not show up in the mailing list archives -ch]
> > > 
> > > On Sun, 04 Jan 2009, Ben Hutchings <ben@decadent.org.uk> wrote:
> > > 
> > > Stephen,
> > >  
> > > Debian 5.0 "lenny" will release with quagga 0.99.10.  However we
> > > have a bug report that:
> > >  
> > > "I try to add routes with "/sbin/ip" e.g.
> > >  /sbin/ip ro add 62.116.121.19 dev br8
> > > 
> > > strace suggests the resulting netlink message never reaches
> > > zebra."
> > > 
> > > and the proposed fix to the netlink filter:
> > > 
> > > --- zebra/rt_netlink.c	2008-08-15 15:42:56.000000000 +0200
> > > +++ zebra/rt_netlink.c	2008-08-15 15:43:19.000000000 +0200
> > > @@ -1971,7 +1971,7 @@
> > >      /* 7*/ BPF_STMT(BPF_LD|BPF_ABS|BPF_B,
> > > 		    sizeof(struct nlmsghdr) + offsetof(struct
> > > rtmsg, rtm_protocol)), /* 8*/ BPF_JUMP(BPF_JMP+ BPF_B,
> > > RTPROT_REDIRECT, 4, 0),
> > > -    /* 9*/ BPF_JUMP(BPF_JMP+ BPF_B, RTPROT_KERNEL, 0, 1),
> > > +    /* 9*/ BPF_JUMP(BPF_JMP+ BPF_B, RTPROT_KERNEL, 3, 0),
> > >      /*10*/ BPF_JUMP(BPF_JMP+ BPF_B, RTPROT_ZEBRA, 0, 3),
> > >      /*11*/ BPF_STMT(BPF_LD|BPF_ABS|BPF_H, offsetof(struct
> > > nlmsghdr, nlmsg_type)), /*12*/ BPF_JUMP(BPF_JMP|BPF_JEQ|BPF_K,
> > > htons(RTM_NEWROUTE), 0, 1), --- END ---
> > > 
> > > This looks correct to me.  Please can you confirm?
> > >  
> > > Ben.
> > >  
> > 
> > I changed it around later versions and used a different (better
> > method) that handles all protocols and filter based on nlmsg_pid. I
> > haven't been getting lots of uptake on quagga patches so only post
> > them about once a Vyatta release.
> 
> Yes, I saw the filter is quite different in 0.99.11.  But we want to
> make a minimal change to 0.99.10, which has:
> 
>   /*
>    * Filter is equivalent to netlink_route_change
>    *
>    * if (h->nlmsg_type == RTM_DELROUTE || h->nlmsg_type ==
> RTM_NEWROUTE) {
>    *    if (rtm->rtm_type != RTM_UNICAST)
>    *    	return 0;
>    *    if (rtm->rtm_flags & RTM_F_CLONED)
>    *    	return 0;
>    *    if (rtm->rtm_protocol == RTPROT_REDIRECT)
>    *    	return 0;
>    *    if (rtm->rtm_protocol == RTPROT_KERNEL)
>    *        return 0;
>    *    if (rtm->rtm_protocol == RTPROT_ZEBRA && h->nlmsg_type ==
> RTM_NEWROUTE)
>    * 	return 0;
>    * }
>    * return 0xffff;
>    */
>   struct sock_filter filter[] = {
>     /* 0*/ BPF_STMT(BPF_LD|BPF_ABS|BPF_H, offsetof(struct nlmsghdr,
> nlmsg_type)), /* 1*/ BPF_JUMP(BPF_JMP|BPF_JEQ|BPF_K,
> htons(RTM_DELROUTE), 1, 0), /* 2*/ BPF_JUMP(BPF_JMP|BPF_JEQ|BPF_K,
> htons(RTM_NEWROUTE), 0, 11), /* 3*/ BPF_STMT(BPF_LD|BPF_ABS|BPF_B,
> 		    sizeof(struct nlmsghdr) + offsetof(struct rtmsg,
> rtm_type)), /* 4*/ BPF_JUMP(BPF_JMP|BPF_B, RTN_UNICAST, 0, 8),
>     /* 5*/ BPF_STMT(BPF_LD|BPF_ABS|BPF_B,
> 		    sizeof(struct nlmsghdr) + offsetof(struct rtmsg,
> rtm_flags)), /* 6*/ BPF_JUMP(BPF_JMP|BPF_JSET|BPF_K, RTM_F_CLONED, 6,
> 0), /* 7*/ BPF_STMT(BPF_LD|BPF_ABS|BPF_B,
> 		    sizeof(struct nlmsghdr) + offsetof(struct rtmsg,
> rtm_protocol)), /* 8*/ BPF_JUMP(BPF_JMP+ BPF_B, RTPROT_REDIRECT, 4,
> 0), /* 9*/ BPF_JUMP(BPF_JMP+ BPF_B, RTPROT_KERNEL, 0, 1),
>     /*10*/ BPF_JUMP(BPF_JMP+ BPF_B, RTPROT_ZEBRA, 0, 3),
>     /*11*/ BPF_STMT(BPF_LD|BPF_ABS|BPF_H, offsetof(struct nlmsghdr,
> nlmsg_type)), /*12*/ BPF_JUMP(BPF_JMP|BPF_JEQ|BPF_K,
> htons(RTM_NEWROUTE), 0, 1), /*13*/ BPF_STMT(BPF_RET|BPF_K,
> 0),		/* drop */ /*14*/ BPF_STMT(BPF_RET|BPF_K,
> 0xffff),	/* keep */ };
> 
> The offsets for instruction 9 need to be 3, 0 to match the code in the
> comment, don't they?
> 
> Ben.
> 




Information forwarded to debian-bugs-dist@lists.debian.org, Christian Hammers <ch@debian.org>:
Bug#495232; Package quagga. (Thu, 08 Jan 2009 16:42:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Hannes Schulz <schulz@schwaar.com>:
Extra info received and forwarded to list. Copy sent to Christian Hammers <ch@debian.org>. (Thu, 08 Jan 2009 16:42:02 GMT) Full text and rfc822 format available.

Message #83 received at 495232@bugs.debian.org (full text, mbox):

From: Hannes Schulz <schulz@schwaar.com>
To: Christian Hammers <ch@debian.org>, Ben Hutchings <ben@decadent.org.uk>, Stephen Hemminger <shemminger@vyatta.com>
Cc: Cyril Brulebois <kibi@debian.org>, 495232@bugs.debian.org
Subject: Re: Bug#495232: quagga 0.99.10: zebra ignores routes added via command line
Date: Thu, 08 Jan 2009 17:39:25 +0100
--On 07. Jänner 2009 00:22:18 +0100 Christian Hammers <ch@debian.org>
wrote:

> Hello
> 
> Stephen, I was pointed out the the patch on
> 
> http://code.quagga.net/cgi-bin/gitweb.cgi?p=quagga.git;a=commitdiff;h=3d2
> 65b4d9d748bf4c92aefebc2ca0c04fd607945;hp=30a2231a4881f53deca61ef7a62b225a
> 43dab4c5
> 
> It seems to work here and was signed-off by Paul Jakma. Can you confirm
> that  this patch is all (an no other patch has to be applied as well)?
> 
> Hannes, you said something about security issues, did you mean in the
> patch from the above mentioned URL? Why is one of the patches insecure?
> 
> bye,
> 
> -christian-
> 
> 


Paul Jamka mentioned it in
	<http://lists.quagga.net/pipermail/quagga-dev/2008-August/005740.html>

This mail references 
	<http://rhn.redhat.com/errata/RHSA-2003-315.html>
which in turn references
	<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0858>
which in turn references
	DSA-415-1 (<http://www.debian.org/security/2004/dsa-415>)


I have no idea whether this issue still applies.


Yours

Hannes







Information forwarded to debian-bugs-dist@lists.debian.org, Christian Hammers <ch@debian.org>:
Bug#495232; Package quagga. (Thu, 08 Jan 2009 17:42:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Christian Hammers <ch@lathspell.de>:
Extra info received and forwarded to list. Copy sent to Christian Hammers <ch@debian.org>. (Thu, 08 Jan 2009 17:42:05 GMT) Full text and rfc822 format available.

Message #88 received at 495232@bugs.debian.org (full text, mbox):

From: Christian Hammers <ch@lathspell.de>
To: "Joakim Tjernlund" <Joakim.Tjernlund@transmode.se>
Cc: "'Christian Hammers'" <ch@debian.org>, <quagga-dev@lists.quagga.net>, <Stephen@services.quagga.net>, "'Hemminger'" <stephen.hemminger@vyatta.com>, "'Ben Hutchings'" <ben@decadent.org.uk>, <495232@bugs.debian.org>
Subject: Re: [quagga-dev 6315] Re: Bug#495232: quagga 0.99.10: zebra ignores routes added via command line
Date: Thu, 8 Jan 2009 18:38:57 +0100
Hello

On Tue, 6 Jan 2009 11:50:35 +0100
"Joakim Tjernlund" <Joakim.Tjernlund@transmode.se> wrote:

> > On Sun, 04 Jan 2009, Ben Hutchings <ben@decadent.org.uk> wrote:
> > 
> > Stephen,
> > 
> > Debian 5.0 "lenny" will release with quagga 0.99.10.  However we have
> > a bug report that:
> > 
> > "I try to add routes with "/sbin/ip" e.g.
> >  /sbin/ip ro add 62.116.121.19 dev br8
> > 
> > strace suggests the resulting netlink message never reaches zebra."
> > 
> > and the proposed fix to the netlink filter:
> > 
> > --- zebra/rt_netlink.c	2008-08-15 15:42:56.000000000 +0200
> > +++ zebra/rt_netlink.c	2008-08-15 15:43:19.000000000 +0200
> > @@ -1971,7 +1971,7 @@
> >      /* 7*/ BPF_STMT(BPF_LD|BPF_ABS|BPF_B,
> > 		    sizeof(struct nlmsghdr) + offsetof(struct rtmsg, rtm_protocol)),
> >      /* 8*/ BPF_JUMP(BPF_JMP+ BPF_B, RTPROT_REDIRECT, 4, 0),
> > -    /* 9*/ BPF_JUMP(BPF_JMP+ BPF_B, RTPROT_KERNEL, 0, 1),
> > +    /* 9*/ BPF_JUMP(BPF_JMP+ BPF_B, RTPROT_KERNEL, 3, 0),
> >      /*10*/ BPF_JUMP(BPF_JMP+ BPF_B, RTPROT_ZEBRA, 0, 3),
> >      /*11*/ BPF_STMT(BPF_LD|BPF_ABS|BPF_H, offsetof(struct nlmsghdr, nlmsg_type)),
> >      /*12*/ BPF_JUMP(BPF_JMP|BPF_JEQ|BPF_K, htons(RTM_NEWROUTE), 0, 1),
> > --- END ---
> > 
> > This looks correct to me.  Please can you confirm?
> > 
> > Ben.
> 
> Don't know , but the current Quagga has something rather different. Check
> http://code.quagga.net/cgi-bin/gitweb.cgi?p=quagga.git;a=commitdiff;h=3d265b4d9d748bf4c92aefebc2ca0c04fd607945;hp=30a2231a4881f53dec
> a61ef7a62b225a43dab4c5
> 
>  Jocke

Hannes found a message from Paul Jakma where he fears that the PID-based
solution from your git URL may reopen the security hole CVE-2003-0858 :
  http://lists.quagga.net/pipermail/quagga-dev/2008-August/005740.html

As the code has been committet, was it found to be OK? Or if not, is the 
above patch which just swaps the "3, 0" acceptable to close the bug
in our Debian package?

bye,

-christian-




Information forwarded to debian-bugs-dist@lists.debian.org, Christian Hammers <ch@debian.org>:
Bug#495232; Package quagga. (Thu, 08 Jan 2009 17:54:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to joakim.tjernlund@transmode.se:
Extra info received and forwarded to list. Copy sent to Christian Hammers <ch@debian.org>. (Thu, 08 Jan 2009 17:54:03 GMT) Full text and rfc822 format available.

Message #93 received at 495232@bugs.debian.org (full text, mbox):

From: Joakim Tjernlund <joakim.tjernlund@transmode.se>
To: Christian Hammers <ch@lathspell.de>
Cc: 'Christian Hammers' <ch@debian.org>, quagga-dev@lists.quagga.net, Stephen@services.quagga.net, 'Hemminger' <stephen.hemminger@vyatta.com>, 'Ben Hutchings' <ben@decadent.org.uk>, 495232@bugs.debian.org
Subject: Re: [quagga-dev 6315] Re: Bug#495232: quagga 0.99.10: zebra ignores routes added via command line
Date: Thu, 08 Jan 2009 18:52:50 +0100
On Thu, 2009-01-08 at 18:38 +0100, Christian Hammers wrote:
> Hello
> 
> On Tue, 6 Jan 2009 11:50:35 +0100
> "Joakim Tjernlund" <Joakim.Tjernlund@transmode.se> wrote:
> 
> > > On Sun, 04 Jan 2009, Ben Hutchings <ben@decadent.org.uk> wrote:
> > > 
> > > Stephen,
> > > 
> > > Debian 5.0 "lenny" will release with quagga 0.99.10.  However we have
> > > a bug report that:
> > > 
> > > "I try to add routes with "/sbin/ip" e.g.
> > >  /sbin/ip ro add 62.116.121.19 dev br8
> > > 
> > > strace suggests the resulting netlink message never reaches zebra."
> > > 
> > > and the proposed fix to the netlink filter:
> > > 
> > > --- zebra/rt_netlink.c	2008-08-15 15:42:56.000000000 +0200
> > > +++ zebra/rt_netlink.c	2008-08-15 15:43:19.000000000 +0200
> > > @@ -1971,7 +1971,7 @@
> > >      /* 7*/ BPF_STMT(BPF_LD|BPF_ABS|BPF_B,
> > > 		    sizeof(struct nlmsghdr) + offsetof(struct rtmsg, rtm_protocol)),
> > >      /* 8*/ BPF_JUMP(BPF_JMP+ BPF_B, RTPROT_REDIRECT, 4, 0),
> > > -    /* 9*/ BPF_JUMP(BPF_JMP+ BPF_B, RTPROT_KERNEL, 0, 1),
> > > +    /* 9*/ BPF_JUMP(BPF_JMP+ BPF_B, RTPROT_KERNEL, 3, 0),
> > >      /*10*/ BPF_JUMP(BPF_JMP+ BPF_B, RTPROT_ZEBRA, 0, 3),
> > >      /*11*/ BPF_STMT(BPF_LD|BPF_ABS|BPF_H, offsetof(struct nlmsghdr, nlmsg_type)),
> > >      /*12*/ BPF_JUMP(BPF_JMP|BPF_JEQ|BPF_K, htons(RTM_NEWROUTE), 0, 1),
> > > --- END ---
> > > 
> > > This looks correct to me.  Please can you confirm?
> > > 
> > > Ben.
> > 
> > Don't know , but the current Quagga has something rather different. Check
> > http://code.quagga.net/cgi-bin/gitweb.cgi?p=quagga.git;a=commitdiff;h=3d265b4d9d748bf4c92aefebc2ca0c04fd607945;hp=30a2231a4881f53dec
> > a61ef7a62b225a43dab4c5
> > 
> >  Jocke
> 
> Hannes found a message from Paul Jakma where he fears that the PID-based
> solution from your git URL may reopen the security hole CVE-2003-0858 :
>   http://lists.quagga.net/pipermail/quagga-dev/2008-August/005740.html
> 
> As the code has been committet, was it found to be OK? Or if not, is the 
> above patch which just swaps the "3, 0" acceptable to close the bug
> in our Debian package?

I can't really say, Paul and/or Stephen will have to speak up I think.

     Jocke




Information forwarded to debian-bugs-dist@lists.debian.org, Christian Hammers <ch@debian.org>:
Bug#495232; Package quagga. (Thu, 08 Jan 2009 18:00:09 GMT) Full text and rfc822 format available.

Acknowledgement sent to Stephen Hemminger <shemminger@vyatta.com>:
Extra info received and forwarded to list. Copy sent to Christian Hammers <ch@debian.org>. (Thu, 08 Jan 2009 18:00:09 GMT) Full text and rfc822 format available.

Message #98 received at 495232@bugs.debian.org (full text, mbox):

From: Stephen Hemminger <shemminger@vyatta.com>
To: Christian Hammers <ch@lathspell.de>
Cc: "Joakim Tjernlund" <Joakim.Tjernlund@transmode.se>, "'Christian Hammers'" <ch@debian.org>, <quagga-dev@lists.quagga.net>, <Stephen@services.quagga.net>, "'Hemminger'" <stephen.hemminger@vyatta.com>, "'Ben Hutchings'" <ben@decadent.org.uk>, <495232@bugs.debian.org>
Subject: Re: [quagga-dev 6315] Re: Bug#495232: quagga 0.99.10: zebra ignores routes added via command line
Date: Thu, 8 Jan 2009 09:56:46 -0800
On Thu, 8 Jan 2009 18:38:57 +0100
Christian Hammers <ch@lathspell.de> wrote:

> Hello
> 
> On Tue, 6 Jan 2009 11:50:35 +0100
> "Joakim Tjernlund" <Joakim.Tjernlund@transmode.se> wrote:
> 
> > > On Sun, 04 Jan 2009, Ben Hutchings <ben@decadent.org.uk> wrote:
> > > 
> > > Stephen,
> > > 
> > > Debian 5.0 "lenny" will release with quagga 0.99.10.  However we have
> > > a bug report that:
> > > 
> > > "I try to add routes with "/sbin/ip" e.g.
> > >  /sbin/ip ro add 62.116.121.19 dev br8
> > > 
> > > strace suggests the resulting netlink message never reaches zebra."
> > > 
> > > and the proposed fix to the netlink filter:
> > > 
> > > --- zebra/rt_netlink.c	2008-08-15 15:42:56.000000000 +0200
> > > +++ zebra/rt_netlink.c	2008-08-15 15:43:19.000000000 +0200
> > > @@ -1971,7 +1971,7 @@
> > >      /* 7*/ BPF_STMT(BPF_LD|BPF_ABS|BPF_B,
> > > 		    sizeof(struct nlmsghdr) + offsetof(struct rtmsg, rtm_protocol)),
> > >      /* 8*/ BPF_JUMP(BPF_JMP+ BPF_B, RTPROT_REDIRECT, 4, 0),
> > > -    /* 9*/ BPF_JUMP(BPF_JMP+ BPF_B, RTPROT_KERNEL, 0, 1),
> > > +    /* 9*/ BPF_JUMP(BPF_JMP+ BPF_B, RTPROT_KERNEL, 3, 0),
> > >      /*10*/ BPF_JUMP(BPF_JMP+ BPF_B, RTPROT_ZEBRA, 0, 3),
> > >      /*11*/ BPF_STMT(BPF_LD|BPF_ABS|BPF_H, offsetof(struct nlmsghdr, nlmsg_type)),
> > >      /*12*/ BPF_JUMP(BPF_JMP|BPF_JEQ|BPF_K, htons(RTM_NEWROUTE), 0, 1),
> > > --- END ---
> > > 
> > > This looks correct to me.  Please can you confirm?
> > > 
> > > Ben.
> > 
> > Don't know , but the current Quagga has something rather different. Check
> > http://code.quagga.net/cgi-bin/gitweb.cgi?p=quagga.git;a=commitdiff;h=3d265b4d9d748bf4c92aefebc2ca0c04fd607945;hp=30a2231a4881f53dec
> > a61ef7a62b225a43dab4c5
> > 
> >  Jocke
> 
> Hannes found a message from Paul Jakma where he fears that the PID-based
> solution from your git URL may reopen the security hole CVE-2003-0858 :
>   http://lists.quagga.net/pipermail/quagga-dev/2008-August/005740.html
> 
> As the code has been committet, was it found to be OK? Or if not, is the 
> above patch which just swaps the "3, 0" acceptable to close the bug
> in our Debian package?
> 
> bye,
> 
> -christian-

Your (3,0) transformation.

I accidentally moved the pid check, and put it back in later versions.






Reply sent to Christian Hammers <ch@debian.org>:
You have taken responsibility. (Fri, 09 Jan 2009 00:09:02 GMT) Full text and rfc822 format available.

Notification sent to Hannes Schulz <schulz@schwaar.com>:
Bug acknowledged by developer. (Fri, 09 Jan 2009 00:09:02 GMT) Full text and rfc822 format available.

Message #103 received at 495232-close@bugs.debian.org (full text, mbox):

From: Christian Hammers <ch@debian.org>
To: 495232-close@bugs.debian.org
Subject: Bug#495232: fixed in quagga 0.99.10-1lenny1
Date: Fri, 09 Jan 2009 00:02:04 +0000
Source: quagga
Source-Version: 0.99.10-1lenny1

We believe that the bug you reported is fixed in the latest version of
quagga, which is due to be installed in the Debian FTP archive:

quagga-doc_0.99.10-1lenny1_all.deb
  to pool/main/q/quagga/quagga-doc_0.99.10-1lenny1_all.deb
quagga_0.99.10-1lenny1.diff.gz
  to pool/main/q/quagga/quagga_0.99.10-1lenny1.diff.gz
quagga_0.99.10-1lenny1.dsc
  to pool/main/q/quagga/quagga_0.99.10-1lenny1.dsc
quagga_0.99.10-1lenny1_amd64.deb
  to pool/main/q/quagga/quagga_0.99.10-1lenny1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 495232@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Christian Hammers <ch@debian.org> (supplier of updated quagga package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 04 Jan 2009 20:08:28 +0100
Source: quagga
Binary: quagga quagga-doc
Architecture: source all amd64
Version: 0.99.10-1lenny1
Distribution: testing-proposed-updates
Urgency: low
Maintainer: Christian Hammers <ch@debian.org>
Changed-By: Christian Hammers <ch@debian.org>
Description: 
 quagga     - BGP/OSPF/RIP routing daemon
 quagga-doc - documentation files for quagga
Closes: 495232
Changes: 
 quagga (0.99.10-1lenny1) testing-proposed-updates; urgency=low
 .
   * Fixed bug that caused routes which were added externally, e.g. by
     "ip route add", to be ignored by Quagga (thanks to Hannes Schulz).
     Closes: #495232
Checksums-Sha1: 
 535bb491cf01fcde7c1e20e8a416b51e26683b62 1359 quagga_0.99.10-1lenny1.dsc
 51ebe8a663435246a60a17c83e3776343098e012 35815 quagga_0.99.10-1lenny1.diff.gz
 164d74cb0da7b22cd5d7a925ec175783130429d7 661362 quagga-doc_0.99.10-1lenny1_all.deb
 9e40875e84265a1c57e995d4f1bfaf2e87fbc489 1751836 quagga_0.99.10-1lenny1_amd64.deb
Checksums-Sha256: 
 8b8f6172572e7ef4d088e3743c86bf5c37e1aecc345f00d36502884c2df0a1c6 1359 quagga_0.99.10-1lenny1.dsc
 29511d11ff30576879fa8a2c38d89a41eb1833cfa495415a509931f11284a1e4 35815 quagga_0.99.10-1lenny1.diff.gz
 f1cdba33a44cf19e0fe1965e981e54055d0d063ea0275b5cf24c54c430dcf6ae 661362 quagga-doc_0.99.10-1lenny1_all.deb
 243a196238a48cc1f3406748ee7581b171bd427f00d0a6a418acf6dcb3814c63 1751836 quagga_0.99.10-1lenny1_amd64.deb
Files: 
 0aaed4e91e10c992d6821c44e0887580 1359 net optional quagga_0.99.10-1lenny1.dsc
 c1797afa70de74a96a123da29fa001cf 35815 net optional quagga_0.99.10-1lenny1.diff.gz
 d4f280581d61c8904551387b62ab9738 661362 doc optional quagga-doc_0.99.10-1lenny1_all.deb
 80c731b8f90cbb3afa003c46966f5e5e 1751836 net optional quagga_0.99.10-1lenny1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAklmfd0ACgkQkR9K5oahGObx1wCgo9i2VQQiRjcCYbMPmIsoaT6a
UQ0Anizu6JkcAhekcYKUvabgPR/zwKnk
=iD+6
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 06 Feb 2009 07:26:41 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 17 04:41:53 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.