forwarded 697240 https://bugzilla.quagga.net/show_bug.cgi?id=734 tags 697240 + confirmed upstream stop
Hello Hans Thank you for this bug report. I found a matching one on the Quagga Bug Tracker and added your information. The patch from the second URL seems reasonable, I try to get it into the Wheezy packages. bye, -christian- On Thu, 03 Jan 2013 00:08:04 +0100 Hans van Kranenburg <hans.van.kranenb...@mendix.com> wrote: > Package: quagga > Version: 0.99.21-3 > Severity: normal > > In the current quagga version that will be release with wheezy, the ospf > distribute-list command is broken. Worse, using it does not give any > warning, does not crash quagga, but the command is totally ignored. > > The result of this bug is that when upgrading quagga from squeeze to > wheezy, distribute-list is ignored, which probably results in unwanted > routes to be advertised via ospf, potentially having disastrous effect > on the stability of a whole ospf network. > > As test, I created a minimal ospf configuration, which shows the > distribute-list being ignored: > > mekker(config)# sh run > > Current configuration: > ! > hostname mekker > password blaat > ! > ! > router ospf > ospf router-id 1.2.3.4 > redistribute connected > ! > access-list test deny any > ! > line vty > ! > end > mekker(config)# router ospf > mekker(config-router)# distribute-list test out connected > mekker(config-router)# > mekker(config)# sh run > > Current configuration: > ! > hostname mekker > password blaat > ! > ! > router ospf > ospf router-id 1.2.3.4 > redistribute connected > ! > access-list test deny any > ! > line vty > ! > end > > Also, if the distribute-list command exists in the ospfd configuration > file and ospfd is started, the line gets ignored, without any warning or > whatsoever. > > # cat /etc/quagga/ospfd.conf > ! > hostname mekker > password blaat > ! > ! > router ospf > ospf router-id 1.2.3.4 > redistribute connected > distribute-list test out connected > ! > access-list test deny any > ! > line vty > ! > # /etc/init.d/quagga start > $ telnet localhost ospfd > Trying 127.0.0.1... > Connected to localhost. > Escape character is '^]'. > > Hello, this is Quagga (version 0.99.21). > Copyright 1996-2005 Kunihiro Ishiguro, et al. > > > User Access Verification > > Password: > mekker> en > mekker# sh run > > Current configuration: > ! > hostname mekker > password blaat > ! > ! > router ospf > ospf router-id 1.2.3.4 > redistribute connected > ! > access-list test deny any > ! > line vty > ! > end > mekker# > > It's gone! And ospfd starts injecting all routes that had to be filtered > into your network now, happily messing up everything. > > This bug was introduced in commit > e0ca5fde7be5b5ce90dae78c2477e8245aecb8e9 in quagga, and is clearly the > result of over-enthousiastic copy-pasting of almost(!) similar lines. > > See > http://git.savannah.gnu.org/cgit/quagga.git/commit/?h=sf/ospfd&id=e0ca5fde7be5b5ce90dae78c2477e8245aecb8e9 > click to ospfd/ospf_vty.c and look at the bottom two chunks of that patch. > > Later, this issue was found and fixed in > 1e47fb668d0125cbb6d53f73469093e744164a47: See > http://git.savannah.gnu.org/cgit/quagga.git/commit/?id=1e47fb668d0125cbb6d53f73469093e744164a47&h=master > > There is no new quagga release available which includes this bugfix, but > it's merged to master in git. Both the introduction and fix of this bug > are trivial changes, so would there be any way to get this patch > included before the release? This would prevent network-downtime and > headaches for network admins while upgrading to wheezy. > > I succesfully tested this patch by building packages for wheezy and > squeeze-backports based on 0.99.21-3 and installing them both on the > test machine I used for this bug report, and on test-locations in our > network. > > Attached is the patch file which I created, > 40_ospfd__ospf_vty.c__distribute-list.diff > -- Network Engineering & Design; Content Delivery Platform & IP NETCOLOGNE Gesellschaft für Telekommunikation mbH Am Coloneum 9 | 50829 Köln Tel: 0221 2222-8711 | Fax: 0221 2222-78711 www.netcologne.de Geschäftsführer: Dr. Hans Konle (Sprecher) Dipl.-Ing. Karl-Heinz Zankel HRB 25580, AG Köln Diese Nachricht (inklusive aller Anhänge) ist vertraulich. Sollten Sie diese Nachricht versehentlich erhalten haben, bitten wir, den Absender (durch Antwort-E-Mail) hiervon unverzüglich zu informieren und die Nachricht zu löschen. Die E-Mail darf in diesem Fall weder vervielfältigt noch in anderer Weise verwendet werden. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
