Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug
report.
http://bugzilla.quagga.net/show_bug.cgi?id=269
------- Additional Comments From Hoemig@gmx.de 2007-05-22 07:55 -------
Hi Anton / Paul / Andrew,
I think there is possibly an other reason for the crash.
Anton uses the OSPF-Opaque-API (ospf_opaque_type10_lsa_init).
There is a USE-After-FREE situation (LSA was freed but a ospf_ls_ack_send_event
for this LSA will be startet) when ospf startet and receives from a neighbor
Opaque-LSA's before
the local Opaque-Client is registrated. If this happend's the received LSA will
be freed (no registrated Opaque-Registration) but a ospf_ls_ack_send() followed
and starts a timer-function which works with the Lsa which point to some invalid
memory.
The crash:
Start local ospf and start local ospf-opague-client. After 30sec kill
the local ospfd, stop the ospf-opaque-client and now restart only ospfd. When
ospf now receive a self-originated Opaque-Lsa from the Neighbor-Database ospf
crash.
I use a simple workaround (A additional ospf_lsa_look):
--------------------------------------------
--- quagga-0.99.6/ospfd/ospf_packet.c 14 Dec 2006 12:52:13 -0000 1.3
+++ quagga-0.99.6/ospfd/ospf_packet.c 4 May 2007 12:40:16 -0000
@@ -1814,9 +1814,19 @@
"not found in the LSDB.", dump_lsa_key (lsa));
SET_FLAG (lsa->flags, OSPF_LSA_SELF);
-
+
+#if 1 /* BUGFIX: when ospf_opaque_self_originated_lsa_received returns the lsa
can be freed */
+ ospf_lsa_lock(lsa);
+ ospf_opaque_self_originated_lsa_received (nbr, lsa);
+ if (lsa->lock > 1)
+ {
+ ospf_lsa_unlock(&lsa);
+ }
+ ospf_ls_ack_send (nbr, lsa);
+#else /* BUGFIX: when ospf_opaque_self_originated_lsa_received returns the lsa
can be freed */
ospf_opaque_self_originated_lsa_received (nbr, lsa);
ospf_ls_ack_send (nbr, lsa);
+#endif /* BUGFIX: when ospf_opaque_self_originated_lsa_received returns the lsa
can be freed */
continue;
}
--------------------------------------------
With this patch my ospfd runs weeks (50 Systems) without any crash like:
- OSPF: Assertion `((lsa->flags) & (0x01))
- OSPF: Assertion `((lsa->flags) & (0x10))
- OSPF: Assertion `((lsa->lock) == (0))
- OSPF: Assertion `((lsa->refresh_list) < (0))
- ...
I think there are several BUGs depending to this BUG (only when Opaque enabled).
Please test the patch with >= 0.99.6
But I not sure that ospf must send a ls_ack when we receive a
self-originated Opaque-LSA but the Opaque-Client is not connected?
Greets,
Alex
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
_______________________________________________
Quagga-bugs mailing list
Quagga-bugs@lists.quagga.net
http://lists.quagga.net/mailman/listinfo/quagga-bugs
comments should be made in the comments box of this bug
report.
http://bugzilla.quagga.net/show_bug.cgi?id=269
------- Additional Comments From Hoemig@gmx.de 2007-05-22 07:55 -------
Hi Anton / Paul / Andrew,
I think there is possibly an other reason for the crash.
Anton uses the OSPF-Opaque-API (ospf_opaque_type10_lsa_init).
There is a USE-After-FREE situation (LSA was freed but a ospf_ls_ack_send_event
for this LSA will be startet) when ospf startet and receives from a neighbor
Opaque-LSA's before
the local Opaque-Client is registrated. If this happend's the received LSA will
be freed (no registrated Opaque-Registration) but a ospf_ls_ack_send() followed
and starts a timer-function which works with the Lsa which point to some invalid
memory.
The crash:
Start local ospf and start local ospf-opague-client. After 30sec kill
the local ospfd, stop the ospf-opaque-client and now restart only ospfd. When
ospf now receive a self-originated Opaque-Lsa from the Neighbor-Database ospf
crash.
I use a simple workaround (A additional ospf_lsa_look):
--------------------------------------------
--- quagga-0.99.6/ospfd/ospf_packet.c 14 Dec 2006 12:52:13 -0000 1.3
+++ quagga-0.99.6/ospfd/ospf_packet.c 4 May 2007 12:40:16 -0000
@@ -1814,9 +1814,19 @@
"not found in the LSDB.", dump_lsa_key (lsa));
SET_FLAG (lsa->flags, OSPF_LSA_SELF);
-
+
+#if 1 /* BUGFIX: when ospf_opaque_self_originated_lsa_received returns the lsa
can be freed */
+ ospf_lsa_lock(lsa);
+ ospf_opaque_self_originated_lsa_received (nbr, lsa);
+ if (lsa->lock > 1)
+ {
+ ospf_lsa_unlock(&lsa);
+ }
+ ospf_ls_ack_send (nbr, lsa);
+#else /* BUGFIX: when ospf_opaque_self_originated_lsa_received returns the lsa
can be freed */
ospf_opaque_self_originated_lsa_received (nbr, lsa);
ospf_ls_ack_send (nbr, lsa);
+#endif /* BUGFIX: when ospf_opaque_self_originated_lsa_received returns the lsa
can be freed */
continue;
}
--------------------------------------------
With this patch my ospfd runs weeks (50 Systems) without any crash like:
- OSPF: Assertion `((lsa->flags) & (0x01))
- OSPF: Assertion `((lsa->flags) & (0x10))
- OSPF: Assertion `((lsa->lock) == (0))
- OSPF: Assertion `((lsa->refresh_list) < (0))
- ...
I think there are several BUGs depending to this BUG (only when Opaque enabled).
Please test the patch with >= 0.99.6
But I not sure that ospf must send a ls_ack when we receive a
self-originated Opaque-LSA but the Opaque-Client is not connected?
Greets,
Alex
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
_______________________________________________
Quagga-bugs mailing list
Quagga-bugs@lists.quagga.net
http://lists.quagga.net/mailman/listinfo/quagga-bugs