Hello list! It seems that rip-ng changes introduced in f7615037 broke RIP so bird dumps core on first RIP packet: # gdb bird bird.core GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-marcel-freebsd"... Core was generated by `bird'. Program terminated with signal 6, Aborted. Reading symbols from /lib/libc.so.7...done. Loaded symbols for /lib/libc.so.7 Reading symbols from /libexec/ld-elf.so.1...done. Loaded symbols for /libexec/ld-elf.so.1 #0 0x281dbb97 in kill () from /lib/libc.so.7 (gdb) bt #0 0x281dbb97 in kill () from /lib/libc.so.7 #1 0x281dbaf6 in raise () from /lib/libc.so.7 #2 0x281da6ca in abort () from /lib/libc.so.7 #3 0x0808d5af in bug (msg=Could not find the frame base for "bug". ) at log.c:252 #4 0x080795df in advertise_entry (p=0x2831d310, b=0x283b8004, whotoldme=2886730113, iface=0x0) at ../../../proto/rip/rip.c:331 #5 0x080797f6 in process_block (p=0x2831d310, block=0x283b8004, whotoldme=2886730113, iface=0x0) at ../../../proto/rip/rip.c:387 #6 0x08079b00 in rip_process_packet (p=0x2831d310, packet=0x283b8000, num=2, whotoldme=2886730113, port=520, iface=0x0) at ../../../proto/rip/rip.c:450 #7 0x08079cd2 in rip_rx (s=0x283051c0, size=40) at ../../../proto/rip/rip.c:497 #8 0x08088cf9 in sk_read (s=0x283051c0) at io.c:1463 #9 0x080893eb in io_loop () at io.c:1676 #10 0x0808e7fe in main (argc=Cannot access memory at address 0x5 ) at main.c:699 rip_rx() now sends NULL interface name to rip_process_packet(). It seems that specifying interface makes rip working again: diff --git a/proto/rip/rip.c b/proto/rip/rip.c index 281296a..e4ccbff 100644 --- a/proto/rip/rip.c +++ b/proto/rip/rip.c @@ -477,9 +477,9 @@ rip_rx(sock *s, int size) #ifdef IPV6 if (! i->iface || s->lifindex != i->iface->index) return 1; +#endif iface = i->iface; -#endif CHK_MAGIC;
On Thu, Jul 19, 2012 at 10:27:20PM +0400, Alexander V. Chernikov wrote:
Hello list!
It seems that rip-ng changes introduced in f7615037 broke RIP so bird dumps core on first RIP packet:
Hello Interesting, it works for me without problems. I do not think that commit f7615037 is relevant, because all changes in it are either #defined for IPv6, or irrelevant (like adding struct iface *iface argument and change neigh_find() -> neigh_find2(), because NULL for iface is value already used by neigh_find()). The backtrace shows bug() is triggered, it is this one: if (!rif) bug("Route packet using unknown interface? No."); ? I see one possible way how this bug could be triggered - if you have two interfaces with intersecting network prefixes, like 192.168.1.0/24 and 192.168.1.0/25, but only one of them active for RIP, receive packet from IP of that iface, neigh_find[2]() may return neighbor on inactive iface and in that case find_interface() will return NULL. But this problem was here always. Could you check if this is the case? (or what was returned by neigh_find2()) -- Elen sila lumenn' omentielvo Ondrej 'SanTiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
participants (2)
-
Alexander V. Chernikov -
Ondrej Zajicek