Home Reading Searching Subscribe Sponsors Statistics Posting Contact Spam Lists Links About Hosting Filtering Features Download Marketing Archives Weaver FAQ Gmane Favicon From: Attilla De Groot Subject: [quagga-users 10283] Bgpd crash on long asn32 in aspath (dos possible?) Newsgroups: gmane.network.quagga.user Date: 2009-01-13 19:14:34 GMT (15 weeks, 1 day, 12 hours and 22 minutes ago) Hi All, I tried to send the following e-mail to the maintainers, but that mail got bounced. So I'm sending it here to notify other users and maybe reach a maintainer. Attilla _____________________________________________ Dear Maintainers, At the moment I'm working on a project with the Locator ID seperation protocol and I was planning to use Quagga (0.99.11) to connect with the LISP4 LISP-ALT network (which is just bgp over gre overlay). However when connecting to the network the bgpd crashes. I think this is because of the long asn32 numbers that are used in the LISP4 network (32768.*). The daemon generates the following error: [root phobos ~/quagga-0.99.11/lib]# bgpd 2009/01/13 10:27:27 BGP: BGPd 0.99.11 starting: vty 2605, bgp@:179 2009/01/13 10:33:30 BGP: 240.0.254.204 unrecognized capability code: 67 - ignored 2009/01/13 10:33:31 BGP: Assertion `len < str_size' failed in file bgp_aspath.c, line 619, function aspath_make_str_count 2009/01/13 10:33:31 BGP: No backtrace available on this platform. Abort trap: 6 My configuration: [root phobos ~/quagga-0.99.11/lib]# cat /usr/local/etc/quagga/bgpd.conf ! ! Zebra configuration saved from vty ! 2009/01/12 09:13:01 ! hostname phobos password **** enable password **** log stdout ! router bgp 2147483677 bgp router-id 153.16.36.254 network 153.16.36.0/24 neighbor 10.235.235.2 remote-as 65000 neighbor 240.0.254.204 remote-as 2147483671 ! line vty ! I'm not a software engineer, but a daemon that crashes on a message instead of giving an error doesn't seem very good. I'm mailing this on the maintainers list because since 1-1-2009 the RIR's are only providing asn32 numbers and only in special cases still asn16 numbers. As far as I can determine the crash is caused by the fact that asn's >= 100000 are not supported in aspaths according to the comment in bgp_aspath.c (line 578 - 586). RIPE is already handing out asn's > 100000 so this can lead to a dos where Quagga is used in production environments. I have tried to adjust #define ASN_STR_LEN (5 + 1) to #define ASN_STR_LEN (9 + 1). This did solve the crash, but other tools gave strange results with negative as numbers. I think that this is just some minor issue in printing the data. Because routes are still exchanged over bgp. phobos# show ip bgp summary BGP router identifier 153.16.36.254, local AS number -2147483619 RIB entries 3, using 192 bytes of memory Peers 2, using 5040 bytes of memory Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.235.235.2 4 65000 104 107 0 0 0 00:34:24 1 240.0.254.204 4 -2147483625 120 107 0 0 0 01:39:36 0 phobos# sh bgp neighbors 240.0.254.204 BGP neighbor is 240.0.254.204, remote AS -2147483625, local AS - -2147483619, external link I hope this bug report helps you. My suggestion would be to fix the asn32 support for numbers > 100000 asap. :-) Best Regards, Attilla de Groot