Bug 499960

Summary: BGPd in Quagga prior to 0.99.12 has a serious assert problem crashing with ASN4's.
Product: [Fedora] Fedora Reporter: Michael H. Warfield <mhw>
Component: quaggaAssignee: Jiri Skala <jskala>
Status: CLOSED NEXTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: low    
Version: 10CC: aglotov, jskala
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://www.quagga.net
Whiteboard:
Fixed In Version: 0.99.12-1.fc11 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-05-21 23:23:47 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 499033    

Description Michael H. Warfield 2009-05-09 14:33:32 UTC 
Description of problem:

Versions of quagga which support 4 byte ASN's are prone to crash with an assert error when receiving a long AS path.  This then causes disruption and instability in the routing tables and peerings.

Version-Release number of selected component (if applicable):

Versions prior to 0.99.12 are vulnerable.

Fixed in version 0.99.12 along with several other lower priority fixes.

How reproducible:

Unpredictable.  Depends on someone else on the Internet advertising a long ASN path with 4 byte ASN's.  This last time it was netadmins in Cairo setting up for AfNOG10 that caused quagga bgpd instances all over the net to crash.
  
Actual results:

Assert error in bgp log file.  Bgpd no longer running.  Routing tables gone.  Inbound route advertisements gone.

Expected results:

Bgpd should continue to operate and run normally.

Additional info:

This is fixed in 0.99.12 which also contains fixes for things like running bgpd in a dual stack IPv4 / IPv6 environment with MD5 sums amongst others.  Reference updates notes on home page.  Please pick up the entire package without cherry picking patches.  I've build rpm's from the package using the Fedora source package and just updating the source version and source tarball.

Quagga 0.98 may not be affected due to lack of support for 4 byte ASN's but was not tested to verify.
Comment 1 Fedora Update System 2009-05-20 13:49:26 UTC 
quagga-0.99.12-1.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/quagga-0.99.12-1.fc10
Comment 2 Fedora Update System 2009-05-20 13:49:41 UTC 
quagga-0.99.12-1.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/quagga-0.99.12-1.fc11
Comment 3 Fedora Update System 2009-05-21 23:23:38 UTC 
quagga-0.99.12-1.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 4 Fedora Update System 2009-05-21 23:30:47 UTC 
quagga-0.99.12-1.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.