Your message dated Sun, 06 Jan 2013 17:17:56 +0000
with message-id <[email protected]>
and subject line Bug#697240: fixed in quagga 0.99.21-4
has caused the Debian Bug report #697240,
regarding regression: silent malfunctioning in ospf distribute-list when 
upgrading to wheezy
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
697240: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697240
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: quagga
Version: 0.99.21-3
Severity: normal

In the current quagga version that will be release with wheezy, the ospf
distribute-list command is broken. Worse, using it does not give any
warning, does not crash quagga, but the command is totally ignored.

The result of this bug is that when upgrading quagga from squeeze to
wheezy, distribute-list is ignored, which probably results in unwanted
routes to be advertised via ospf, potentially having disastrous effect
on the stability of a whole ospf network.

As test, I created a minimal ospf configuration, which shows the
distribute-list being ignored:

mekker(config)# sh run

Current configuration:
!
hostname mekker
password blaat
!
!
router ospf
 ospf router-id 1.2.3.4
 redistribute connected
!
access-list test deny any
!
line vty
!
end
mekker(config)# router ospf
mekker(config-router)# distribute-list test out connected
mekker(config-router)#
mekker(config)# sh run

Current configuration:
!
hostname mekker
password blaat
!
!
router ospf
 ospf router-id 1.2.3.4
 redistribute connected
!
access-list test deny any
!
line vty
!
end

Also, if the distribute-list command exists in the ospfd configuration
file and ospfd is started, the line gets ignored, without any warning or
whatsoever.

# cat /etc/quagga/ospfd.conf
!
hostname mekker
password blaat
!
!
router ospf
ospf router-id 1.2.3.4
redistribute connected
distribute-list test out connected
!
access-list test deny any
!
line vty
!
# /etc/init.d/quagga start
$ telnet localhost ospfd
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.

Hello, this is Quagga (version 0.99.21).
Copyright 1996-2005 Kunihiro Ishiguro, et al.


User Access Verification

Password:
mekker> en
mekker# sh run

Current configuration:
!
hostname mekker
password blaat
!
!
router ospf
 ospf router-id 1.2.3.4
 redistribute connected
!
access-list test deny any
!
line vty
!
end
mekker#

It's gone! And ospfd starts injecting all routes that had to be filtered
into your network now, happily messing up everything.

This bug was introduced in commit
e0ca5fde7be5b5ce90dae78c2477e8245aecb8e9 in quagga, and is clearly the
result of over-enthousiastic copy-pasting of almost(!) similar lines.

See
http://git.savannah.gnu.org/cgit/quagga.git/commit/?h=sf/ospfd&id=e0ca5fde7be5b5ce90dae78c2477e8245aecb8e9
click to ospfd/ospf_vty.c and look at the bottom two chunks of that patch.

Later, this issue was found and fixed in
1e47fb668d0125cbb6d53f73469093e744164a47: See
http://git.savannah.gnu.org/cgit/quagga.git/commit/?id=1e47fb668d0125cbb6d53f73469093e744164a47&h=master

There is no new quagga release available which includes this bugfix, but
it's merged to master in git. Both the introduction and fix of this bug
are trivial changes, so would there be any way to get this patch
included before the release? This would prevent network-downtime and
headaches for network admins while upgrading to wheezy.

I succesfully tested this patch by building packages for wheezy and
squeeze-backports based on 0.99.21-3 and installing them both on the
test machine I used for this bug report, and on test-locations in our
network.

Attached is the patch file which I created,
40_ospfd__ospf_vty.c__distribute-list.diff

-- 
Hans van Kranenburg - System / Network Engineer
T +31 (0)10 2760434 | [email protected] | www.mendix.com
Upstream patch: 1e47fb668d0125cbb6d53f73469093e744164a47

Description: This patch fixes a regression bug introduced in commit
e0ca5fde7be5b5ce90dae78c2477e8245aecb8e9 which prevented the distribute-list
command from being executed.

Index: quagga-0.99.21/ospfd/ospf_vty.c
===================================================================
--- quagga-0.99.21.orig/ospfd/ospf_vty.c	2013-01-02 22:01:40.809660603 +0100
+++ quagga-0.99.21/ospfd/ospf_vty.c	2013-01-02 22:01:56.822404035 +0100
@@ -6037,7 +6037,7 @@
   int source;
 
   /* Get distribute source. */
-  source = proto_redistnum(AFI_IP, argv[0]);
+  source = proto_redistnum(AFI_IP, argv[1]);
   if (source < 0 || source == ZEBRA_ROUTE_OSPF)
     return CMD_WARNING;
 
@@ -6056,7 +6056,7 @@
   struct ospf *ospf = vty->index;
   int source;
 
-  source = proto_redistnum(AFI_IP, argv[0]);
+  source = proto_redistnum(AFI_IP, argv[1]);
   if (source < 0 || source == ZEBRA_ROUTE_OSPF)
     return CMD_WARNING;
 

--- End Message ---
--- Begin Message ---
Source: quagga
Source-Version: 0.99.21-4

We believe that the bug you reported is fixed in the latest version of
quagga, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Christian Hammers <[email protected]> (supplier of updated quagga package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 06 Jan 2013 15:50:32 +0100
Source: quagga
Binary: quagga quagga-dbg quagga-doc
Architecture: source amd64 all
Version: 0.99.21-4
Distribution: unstable
Urgency: medium
Maintainer: Christian Hammers <[email protected]>
Changed-By: Christian Hammers <[email protected]>
Description: 
 quagga     - BGP/OSPF/RIP routing daemon
 quagga-dbg - BGP/OSPF/RIP routing daemon (debug symbols)
 quagga-doc - documentation files for quagga
Closes: 697240
Changes: 
 quagga (0.99.21-4) unstable; urgency=medium
 .
   * Fixed regression bug that caused OSPF "distribute-list" statements to be
     silently ignored. The patch has already been applied upstream but there
     has been no new Quagga release since then.
     Thanks to Hans van Kranenburg for reporting. Closes: #697240
Checksums-Sha1: 
 4bdf5b5b5ae59c07b1a33aa9dc4a4e73b97ecf74 1434 quagga_0.99.21-4.dsc
 b1738022d05bbfe595dc3cc31795ed79987b9abc 39642 quagga_0.99.21-4.debian.tar.gz
 0d131e830b23742b2585e00dd3ad7492cb3f20a7 1707966 quagga_0.99.21-4_amd64.deb
 976f3a4ec90cc2b1ada86f9d54a34ada65348b58 2500582 quagga-dbg_0.99.21-4_amd64.deb
 8054cecb090b0e33951ac8a76425a57bea39b6fb 645208 quagga-doc_0.99.21-4_all.deb
Checksums-Sha256: 
 7b2622513539321441438b495e2458ae6a538e1eccd81947c5b99b37079b44c3 1434 
quagga_0.99.21-4.dsc
 a60e45f981da62b239f02660b9a971ec7c71cf1178932cd69ab29fd75067e617 39642 
quagga_0.99.21-4.debian.tar.gz
 3c7719901374f3a609331e6146d9428b765e4a0f545520419fe56f80e373a888 1707966 
quagga_0.99.21-4_amd64.deb
 92545db9ee715e60410ddd62b0c68184186e4cd8a497daedb443b8fe288bf1c5 2500582 
quagga-dbg_0.99.21-4_amd64.deb
 3faac29ab5aa1463cc8cd9e108d480af3ad6632811f4907b36d4698dffa047ca 645208 
quagga-doc_0.99.21-4_all.deb
Files: 
 17ac9f13f23c8312aa11518d93ee6a52 1434 net optional quagga_0.99.21-4.dsc
 ed3a87d92cc884f060ed608bc0a6426d 39642 net optional 
quagga_0.99.21-4.debian.tar.gz
 1184b26d7c371f2d4753ac13fcc22f4c 1707966 net optional 
quagga_0.99.21-4_amd64.deb
 d252cc452a12e897a3a0a080be80b455 2500582 debug extra 
quagga-dbg_0.99.21-4_amd64.deb
 f19151cd23b5c4ad71f4c0bb3327a2a3 645208 net optional 
quagga-doc_0.99.21-4_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlDpkysACgkQkR9K5oahGOa0UQCdHa3+tRFBWLmDIjLeOXvO8Pwf
6Q0AoIbfqr9NsQXT8oUuq9jE+vacPWMm
=jbR/
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to