Description of problem: Quagga (zebra daemon) do not create learned or static routes in kernel table Version-Release number of selected component (if applicable): kernel 3.14.3-200.fc20.i686+PAE quagga zebra version 0.99.22.4 How reproducible: install and update Fedora 20 disable selinux install quagga in shell: vtysh conf t ip route 22.33.44.55 255.255.255.0 11.22.33.44 log stdout Ctrl^z wr quit service stop zebra /usr/sbin/zebra -A 127.0.0.1 -f /etc/quagga/zebra.conf -u root -g root 2014/05/14 14:20:39 ZEBRA: Zebra 0.99.22.4 starting: vty@2601 2014/05/14 14:20:39 ZEBRA: netlink-cmd error: Operation not permitted, type=RTM_NEWROUTE(24), seq=6, pid=0 Actual results: route 22.33.44.55 255.255.255.0 via 11.22.33.44 no int kernel route table route -n Expected results: route 22.33.44.55 255.255.255.0 via 11.22.33.44 must see in route -n comand Additional info: trace zebra int route add moment capset({_LINUX_CAPABILITY_VERSION_3, 0}, {CAP_NET_ADMIN|CAP_NET_RAW|CAP_SYS_ADMIN, CAP_NET_ADMIN|CAP_NET_RAW|CAP_SYS_ADMIN, 0}) = 0 sendmsg(6, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"4\0\0\0\30\0\5\4\7\0\0\0\0\0\0\0\2 \0\0\0\v\0\1\0\0\0\0\10\0\1\0"..., 52}], msg_controllen=0, msg_flags=0}, 0) = 52 capset({_LINUX_CAPABILITY_VERSION_3, 0}, {0, CAP_NET_ADMIN|CAP_NET_RAW|CAP_SYS_ADMIN, 0}) = 0 recvmsg(6, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"H\0\0\0\2\0\0\0\7\0\0\0\320\357\377\377\377\377\377\3774\0\0\0\30\0\5\4\7\0\0\0"..., 8192}], msg_controllen=0, msg_flags=0}, 0) = 72
I have the same thing. Since a few days ago, ripd isn't creating routes: May 15 10:37:10 choo.home.annexia.org zebra[9973]: netlink-cmd error: Operation not permitted, type=RTM_NEWROUTE(24), seq=6, pid=0 May 15 10:37:10 choo.home.annexia.org zebra[9973]: netlink-cmd error: Operation not permitted, type=RTM_NEWROUTE(24), seq=7, pid=0 May 15 10:37:10 choo.home.annexia.org zebra[9973]: netlink-cmd error: Operation not permitted, type=RTM_NEWROUTE(24), seq=8, pid=0 May 15 10:37:10 choo.home.annexia.org zebra[9973]: netlink-cmd error: Operation not permitted, type=RTM_NEWROUTE(24), seq=9, pid=0 kernel 3.14.3-200.fc20.x86_64 quagga-0.99.22.4-1.fc20.x86_64
I asked on the quagga-users mailing list: https://lists.quagga.net/pipermail/quagga-users/2014-May/013705.html
This is a kernel regression. Bug is caused by changes introduced in patch set linked bellow. Reassigning to the kernel. http://www.spinics.net/lists/netdev/msg280198.html
Upstream is aware of the impact on Quagga. The net maintainer has said the patches are going to stay as-is as far as I can tell. See last email below: David Miller May 8 (7 days ago) to torvalds, stephen, luto, security, vgoyal, serge, ssorce, ebiederm, netdev, jorge From: Linus Torvalds <torvalds> Date: Thu, 8 May 2014 14:41:43 -0700 > Annoying. We may have to revert the changes because of the > regression, even though it sounds like the new semantics would > actually be preferred for the very application that regresses... I think we really have to go with the new semantics, personally.
Created attachment 895972 [details] Proposed patch for quagga
Here is a scratch build with proposed quagga patch. Would be great if someone could test it. Also comments on how to make quagga work with new semantics would be greatly appreciated. http://koji.fedoraproject.org/koji/taskinfo?taskID=6852370
(In reply to Michal Sekletar from comment #6) > Here is a scratch build with proposed quagga patch. Would be great if > someone could test it. Also comments on how to make quagga work with new > semantics would be greatly appreciated. > > http://koji.fedoraproject.org/koji/taskinfo?taskID=6852370 Yup, works fine over here.
As per comment #4 reassigning back to quagga. If no one objects I will commit the proposed patch to workaround kernel behavior which is apparently going to stay.
FYI, I've changed my mind a bit and I won't be doing update just yet. I've sent patch upstream and once this is cleaned up there I'll backport whatever we'll come up with.
I can confirm the affects on 3.14 series kernels. I do not have this problem with 3.13 series kernels. To avoid, use a 3.13 kernel, either build or yum update. The hypervisor doesn't seem to be affected, only the guests. FYI
It looks like upstream doesn't care much that *routing* suite is unable to put actual routes in the kernel routing tables [0]. Nevertheless, I will be releasing bugfix update today, please test and leave karma. [0] https://lists.quagga.net/pipermail/quagga-dev/2014-May/011338.html
quagga-0.99.22.4-4.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/quagga-0.99.22.4-4.fc20
Package quagga-0.99.22.4-4.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing quagga-0.99.22.4-4.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-6770/quagga-0.99.22.4-4.fc20 then log in and leave karma (feedback).
FWIW, the upstream kernel maintainers found a patch that should fix quagga: http://www.spinics.net/lists/netdev/msg284505.html That was added into Linus' tree last night so it will be in 3.15 final. I'll grab it for F19/F20 3.14.y kernels as well.
Patch I sent upstream will appear in next version of quagga so we don't really care about this kernel issue any more.
OK, that's likely good overall. Did you update quagga on F19 though, as that has the same kernel CVE fixes that introduced the issue. If not, then the subsequent patch I'll be adding should fix things there.
Nope I didn't fix F19. To be honest I wasn't aware that those kernel patches were included in F19 as well. If you backport subsequent kernel fix we should be all set. Thanks!
kernel-3.14.6-100.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/kernel-3.14.6-100.fc19
kernel-3.14.6-200.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/kernel-3.14.6-200.fc20
kernel-3.14.6-200.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
BGP topology mass update confirms 3.14.6 corrects the problem on a 40 node network with 1209 edges, part of which is virtualized. I am getting route entries again. Very good. 很好
quagga-0.99.22.4-4.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
kernel-3.14.7-100.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/kernel-3.14.7-100.fc19
kernel-3.14.7-100.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.