[quagga-users 10283] Bgpd crash on long asn32 in aspath (dos possible?)
Attilla De Groot
attilla at nlnetlabs.nl
Tue Jan 13 19:14:34 GMT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi All,
I tried to send the following e-mail to the maintainers, but that mail
got bounced. So I'm sending it here to notify other users and maybe
reach a maintainer.
Attilla
_____________________________________________
Dear Maintainers,
At the moment I'm working on a project with the Locator ID seperation
protocol and I was planning to use Quagga (0.99.11) to connect with
the LISP4 LISP-ALT network (which is just bgp over gre overlay).
However when connecting to the network the bgpd crashes. I think this
is because of the long asn32 numbers that are used in the LISP4
network (32768.*). The daemon generates the following error:
[root at phobos ~/quagga-0.99.11/lib]# bgpd
2009/01/13 10:27:27 BGP: BGPd 0.99.11 starting: vty at 2605, bgp@<all>:179
2009/01/13 10:33:30 BGP: 240.0.254.204 unrecognized capability code:
67 - ignored
2009/01/13 10:33:31 BGP: Assertion `len < str_size' failed in file
bgp_aspath.c, line 619, function aspath_make_str_count
2009/01/13 10:33:31 BGP: No backtrace available on this platform.
Abort trap: 6
My configuration:
[root at phobos ~/quagga-0.99.11/lib]# cat /usr/local/etc/quagga/bgpd.conf
!
! Zebra configuration saved from vty
! 2009/01/12 09:13:01
!
hostname phobos
password ****
enable password ****
log stdout
!
router bgp 2147483677
bgp router-id 153.16.36.254
network 153.16.36.0/24
neighbor 10.235.235.2 remote-as 65000
neighbor 240.0.254.204 remote-as 2147483671
!
line vty
!
I'm not a software engineer, but a daemon that crashes on a message
instead of giving an error doesn't seem very good. I'm mailing this on
the maintainers list because since 1-1-2009 the RIR's are only
providing asn32 numbers and only in special cases still asn16 numbers.
As far as I can determine the crash is caused by the fact that asn's
>= 100000 are not supported in aspaths according to the comment in
bgp_aspath.c (line 578 - 586). RIPE is already handing out asn's >
100000 so this can lead to a dos where Quagga is used in production
environments.
I have tried to adjust #define ASN_STR_LEN (5 + 1) to #define
ASN_STR_LEN (9 + 1). This did solve the crash, but other tools gave
strange results with negative as numbers. I think that this is just
some minor issue in printing the data. Because routes are still
exchanged over bgp.
phobos# show ip bgp summary
BGP router identifier 153.16.36.254, local AS number -2147483619
RIB entries 3, using 192 bytes of memory
Peers 2, using 5040 bytes of memory
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down
State/PfxRcd
10.235.235.2 4 65000 104 107 0 0 0
00:34:24 1
240.0.254.204 4 -2147483625 120 107 0 0 0
01:39:36 0
phobos# sh bgp neighbors 240.0.254.204
BGP neighbor is 240.0.254.204, remote AS -2147483625, local AS -
- -2147483619, external link
I hope this bug report helps you. My suggestion would be to fix the
asn32 support for numbers > 100000 asap. :-)
Best Regards,
Attilla de Groot
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
iEYEARECAAYFAkls6BoACgkQWQLlhsiqASFl0ACfbn0X+QNi4sbe9eiac8EgaP5H
0g0AoKBpe8tviMPPm8HfOrEYJYh6EVlE
=KQF4
-----END PGP SIGNATURE-----
More information about the Quagga-users
mailing list