[quagga-dev 8573] Re: [quagga-users 12172] Quagga 0.99.18 Released (addressing CVE-2010-1674)
paul at jakma.org
paul at jakma.org
Tue Mar 22 11:46:26 GMT 2011
On Mon, 21 Mar 2011, Greg Troxel wrote:
> Then, there are a bunch of other things that come up with opaque lsas
> ./configure --sysconfdir=/usr/pkg/etc/zebra
> --enable-exampledir=/usr/pkg/sha re/examples/quagga
> --localstatedir=/var/run/zebra --enable-vtysh --enable-opaque-lsa
> --prefix=/usr/pkg --build=i386--netbsdelf --host=i386--netbsdelf
> --infodir= /usr/pkg/info --mandir=/usr/pkg/man
Looking at it now.
> so I wonder if this was tested with opaque support. Sort of
> related, opaque LSAs seem mainstream, so I would propose that we
> enable them by default.
If we keep opaque LSA support, then yes it should be enabled by
default. We really shouldn't have default-off optional features, and
further we should minimise optional features altogether (as we've
Looking at opaque LSA now. Unfortunately opaque does it's own
refreshing, re-implementing various bits of core OSPF behaviour
(perhaps cause the core refresh logic was a bit twisty in the past).
The last ospfd patch series stamped this out for router & network
LSA, as it makes things complicated and buggy.
I can try fix opaque LSAs and certainly make it compile. There are
- try fix it minimally, leaving opaque LSAs own refresh logic in
- try fix it by making it use the general refresh infrastructure
However, I have no way of testing it. The only user I've known of it
was Amir Guindehi's clustering software years ago, and I gather he's
not running it anymore.
So we need users of opaque LSAs to come forward and help test it. If
we can't find users, I'm minded to just deprecate and remove it.
Paul Jakma paul at jakma.org twitter: @pjakma PGP: 64A2FF6A
A hermit is a deserter from the army of humanity.
More information about the Quagga-dev