Yuanyuan Zhou

Towards Understanding Bugs in Open Source Router Software

Zuoning Yin, Matthew Caesar, and Yuanyuan Zhou
Appears in: 
CCR July 2010

Software errors and vulnerabilities in core Internet routers have led to several high-profile attacks on the Internet infrastructure and numerous outages. Building an understanding of bugs in open-source router software is a first step towards addressing these problems. In this paper, we study router bugs found in two widely-used open-source router implementations. We evaluate the root cause of bugs, ease of diagnosis and detectability, ease of prevention and avoidance, and their effect on network behavior.

Public Review By: 
S. Saroiu

This paper presents a study of bugs found in open-source routers. It characterizes a random sample of bugs present in the bugs databases of Quagga and XORP, two routers with open-source implementations, as well as Cisco IOS/security advisories and the Linux IP stack.
The paper presents many results, of which two stand out in my opinion:
1. Despite the huge success of tools that detect copy-and-paste errors in the Linux kernel, these tools were not very successful when applied to router software.
2. 4% of the code contains more than a quarter of the bugs! Lines of code is not a good metric of “bugginess.” In the router software stacks examined in this paper, the code implementing policy-related logic (4% of the codebase) had 28% of the bugs.
I hope I piqued your interest in reading this bugs characterization study. There are many more results described in the paper.
To summarize the reviewers' feedback and criticism – the paper offers little beyond its analysis of the data. Reviewers also wondered whether the bugs found in Quagga and XORP's codebases are representative of the more popular router software stacks, such as Cisco's and Juniper’s. Finally, the reviewers were looking for more insights into why tools like CPMiner failed to find bugs in the context of routers’ codebases: is it just because finding data races is inherently hard, is it something special about routers’ software stacks, did the tools find more bugs in certain parts of the software codebase?

Syndicate content