Merge commit '652be92a21f5575e5f74f6abe98eb4200b86776c' into haugesund

2024-11-12 22:28:44 +00:00 · 2022-05-30 15:36:54 +02:00 · 2022-05-30 15:36:54 +02:00 · 45af19dd99
commit 45af19dd99
parent ef3a8138c9 652be92a21
18 changed files with 134 additions and 2224 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -360,17 +360,17 @@ build-opensuse-15.3-amd64:
  <<: *build-linux
  image: registry.nic.cz/labs/bird:opensuse-15.3-amd64
-build-freebsd-11-amd64:
+#build-freebsd-11-amd64:
-  <<: *build-base
+#  <<: *build-base
-  tags:
+#  tags:
-    - freebsd
+#    - freebsd
-    - amd64
+#    - amd64
-build-freebsd-11-i386:
+#build-freebsd-11-i386:
-  <<: *build-base
+#  <<: *build-base
-  tags:
+#  tags:
-    - freebsd
+#    - freebsd
-    - i386
+#    - i386
 .pkg-deb: &pkg-deb
--- a/client/client.c
+++ b/client/client.c
@ -50,6 +50,7 @@ static byte *server_read_pos = server_read_buf;
 int init = 1;		/* During intial sequence */
 int busy = 1;		/* Executing BIRD command */
 int interactive;	/* Whether stdin is terminal */
 int last_code;		/* Last return code */
 static int num_lines, skip_input;
 int term_lns, term_cls;
@ -196,7 +197,7 @@ init_commands(void)
    {
      /* Initial command is finished and we want to exit */
      cleanup();
-      exit(0);
+      exit((last_code < 8000) ? 0 : 1);
    }
  input_init();
@ -283,6 +284,8 @@ server_got_reply(char *x)
      if (code)
        PRINTF(len, "%s\n", verbose ? x : x+5);
      last_code = code;
      if (x[4] == ' ')
      {
        busy = 0;
--- a/distro/pkg/rpm/bird.service
+++ b/distro/pkg/rpm/bird.service
@ -5,8 +5,9 @@ After=network.target
 [Service]
 Type=simple
 ExecStartPre=/usr/sbin/bird -p
 ExecStart=/usr/sbin/bird -f -u bird -g bird
-ExecReload=/bin/kill -HUP $MAINPID
+ExecReload=/usr/sbin/birdc configure
 Restart=on-failure
 [Install]
--- a/doc/bird.sgml
+++ b/doc/bird.sgml
@ -2153,6 +2153,13 @@ protocol bfd [&lt;name&gt;] {
 	to configure separate BFD protocol instances for IPv4 and for IPv6
 	sessions.
 	<tag><label id="bfd-strict-bind">strict bind <m/switch/</tag>
 	Specify whether each BFD interface should use a separate listening
 	socket bound to its local address, or just use a shared listening socket
 	accepting all addresses. Binding to a specific address could be useful
 	in cases like running multiple BIRD instances on a machine, each
 	handling a different set of interfaces. Default: disabled.
 	<tag><label id="bfd-iface">interface <m/pattern/ [, <m/.../] { <m/options/ }</tag>
 	Interface definitions allow to specify options for sessions associated
 	with such interfaces and also may contain interface specific options.
@ -5252,7 +5259,7 @@ Note that for negated matches, value must be either zero or equal to bitmask
 	<cf>port 1..1023,1194,3306</cf>).
 	<tag><label id="flow-dport">dport <m/numbers-match/</tag>
-	Set a mating destination port numbers (e.g. <cf>dport 49151</cf>).
+	Set a matching destination port numbers (e.g. <cf>dport 49151</cf>).
 	<tag><label id="flow-sport">sport <m/numbers-match/</tag>
 	Set a matching source port numbers (e.g. <cf>sport = 0</cf>).
--- a/filter/f-inst.c
+++ b/filter/f-inst.c
@ -737,6 +737,7 @@
      l->attrs[0].type = da.type;
      l->attrs[0].originated = 1;
      l->attrs[0].fresh = 1;
      l->attrs[0].undef = 0;
      switch (da.type) {
      case EAF_TYPE_INT:
--- a/lib/ip.c
+++ b/lib/ip.c
@ -85,25 +85,29 @@ ip4_classify(ip4_addr ad)
  u32 a = _I(ad);
  u32 b = a >> 24U;
-  if (b && b <= 0xdf)
+  if (b < 0xe0)
  {
-    if (b == 0x7f)
+    if (b == 0x00)				/* 0.0.0.0/8        This network */
      return IADDR_INVALID;
    if (b == 0x7f)				/* 127.0.0.0/8      Loopback address */
      return IADDR_HOST | SCOPE_HOST;
-    else if ((b == 0x0a) ||
+
-	     ((a & 0xffff0000) == 0xc0a80000) ||
+    if ((b == 0x0a) ||				/* 10.0.0.0/8       Private range */
-	     ((a & 0xfff00000) == 0xac100000))
+	((a & 0xffff0000) == 0xc0a80000) ||	/* 192.168.0.0/16   Private range */
 	((a & 0xfff00000) == 0xac100000))	/* 172.16.0.0/12    Private range */
      return IADDR_HOST | SCOPE_SITE;
-    else
+
-      return IADDR_HOST | SCOPE_UNIVERSE;
+    return IADDR_HOST | SCOPE_UNIVERSE;
  }
-  if (b >= 0xe0 && b <= 0xef)
+  if (b < 0xf0)					/* 224.0.0.0/4      Multicast address */
    return IADDR_MULTICAST | SCOPE_UNIVERSE;
-  if (a == 0xffffffff)
+  if (a == 0xffffffff)				/* 255.255.255.255  Broadcast address */
    return IADDR_BROADCAST | SCOPE_LINK;
-  return IADDR_INVALID;
+  return IADDR_HOST | SCOPE_SITE;		/* 240.0.0.0/4      Reserved / private */
 }
 int
--- a/nest/rt-table.c
+++ b/nest/rt-table.c
@ -2294,7 +2294,7 @@ static void
 rt_prune_table(rtable *tab)
 {
  struct fib_iterator *fit = &tab->prune_fit;
-  int limit = 512;
+  int limit = 2000;
  struct rt_import_hook *ih;
  node *n, *x;
--- a/proto/babel/babel.c
+++ b/proto/babel/babel.c
@ -862,14 +862,14 @@ babel_send_ihus(struct babel_iface *ifa)
 }
 static void
-babel_send_hello(struct babel_iface *ifa)
+babel_send_hello(struct babel_iface *ifa, uint interval)
 {
  struct babel_proto *p = ifa->proto;
  union babel_msg msg = {};
  msg.type = BABEL_TLV_HELLO;
  msg.hello.seqno = ifa->hello_seqno++;
-  msg.hello.interval = ifa->cf->hello_interval;
+  msg.hello.interval = interval ?: ifa->cf->hello_interval;
  TRACE(D_PACKETS, "Sending hello on %s with seqno %d interval %t",
 	ifa->ifname, msg.hello.seqno, (btime) msg.hello.interval);
@ -1577,7 +1577,7 @@ babel_iface_timer(timer *t)
  if (now_ >= ifa->next_hello)
  {
-    babel_send_hello(ifa);
+    babel_send_hello(ifa, 0);
    ifa->next_hello += hello_period * (1 + (now_ - ifa->next_hello) / hello_period);
  }
@ -1624,7 +1624,7 @@ babel_iface_start(struct babel_iface *ifa)
  tm_start(ifa->timer, 100 MS);
  ifa->up = 1;
-  babel_send_hello(ifa);
+  babel_send_hello(ifa, 0);
  babel_send_wildcard_retraction(ifa);
  babel_send_wildcard_request(ifa);
  babel_send_update(ifa, 0);	/* Full update */
@ -2435,6 +2435,11 @@ babel_iface_shutdown(struct babel_iface *ifa)
 {
  if (ifa->sk)
  {
    /*
     * Retract all our routes and lower the hello interval so peers' neighbour
     * state expires quickly
     */
    babel_send_hello(ifa, BABEL_MIN_INTERVAL);
    babel_send_wildcard_retraction(ifa);
    babel_send_queue(ifa);
  }
--- a/proto/babel/packets.c
+++ b/proto/babel/packets.c
@ -2010,7 +2010,7 @@ babel_auth_sign(struct babel_iface *ifa, ip_addr dest)
  }
  DBG("Added MAC signatures (%d bytes) on ifa %s for dest %I\n",
-      tot_len, ifa->ifname, dest);
+      pos - (pkt + len), ifa->ifname, dest);
  return pos - (pkt + len);
 }
--- a/proto/bfd/bfd.c
+++ b/proto/bfd/bfd.c
@ -582,6 +582,9 @@ bfd_get_iface(struct bfd_proto *p, ip_addr local, struct iface *iface)
  ifa->sk = bfd_open_tx_sk(p, local, iface);
  ifa->uc = 1;
  if (cf->strict_bind)
    ifa->rx = bfd_open_rx_sk_bound(p, local, iface);
  add_tail(&p->iface_list, &ifa->n);
  return ifa;
@ -599,6 +602,12 @@ bfd_free_iface(struct bfd_iface *ifa)
    rfree(ifa->sk);
  }
  if (ifa->rx)
  {
    sk_stop(ifa->rx);
    rfree(ifa->rx);
  }
  rem_node(&ifa->n);
  mb_free(ifa);
 }
@ -1031,17 +1040,20 @@ bfd_start(struct proto *P)
  birdloop_enter(p->loop);
-  if (cf->accept_ipv4 && cf->accept_direct)
+  if (!cf->strict_bind)
-    p->rx4_1 = bfd_open_rx_sk(p, 0, SK_IPV4);
+  {
    if (cf->accept_ipv4 && cf->accept_direct)
      p->rx4_1 = bfd_open_rx_sk(p, 0, SK_IPV4);
-  if (cf->accept_ipv4 && cf->accept_multihop)
+    if (cf->accept_ipv4 && cf->accept_multihop)
-    p->rx4_m = bfd_open_rx_sk(p, 1, SK_IPV4);
+      p->rx4_m = bfd_open_rx_sk(p, 1, SK_IPV4);
-  if (cf->accept_ipv6 && cf->accept_direct)
+    if (cf->accept_ipv6 && cf->accept_direct)
-    p->rx6_1 = bfd_open_rx_sk(p, 0, SK_IPV6);
+      p->rx6_1 = bfd_open_rx_sk(p, 0, SK_IPV6);
-  if (cf->accept_ipv6 && cf->accept_multihop)
+    if (cf->accept_ipv6 && cf->accept_multihop)
-    p->rx6_m = bfd_open_rx_sk(p, 1, SK_IPV6);
+      p->rx6_m = bfd_open_rx_sk(p, 1, SK_IPV6);
  }
  birdloop_leave(p->loop);
@ -1095,7 +1107,8 @@ bfd_reconfigure(struct proto *P, struct proto_config *c)
  if ((new->accept_ipv4 != old->accept_ipv4) ||
      (new->accept_ipv6 != old->accept_ipv6) ||
      (new->accept_direct != old->accept_direct) ||
-      (new->accept_multihop != old->accept_multihop))
+      (new->accept_multihop != old->accept_multihop) ||
      (new->strict_bind != old->strict_bind))
    return 0;
  birdloop_mask_wakeups(p->loop);
--- a/proto/bfd/bfd.h
+++ b/proto/bfd/bfd.h
@ -47,6 +47,7 @@ struct bfd_config
  u8 accept_ipv6;
  u8 accept_direct;
  u8 accept_multihop;
  u8 strict_bind;
 };
 struct bfd_iface_config
@ -116,6 +117,7 @@ struct bfd_iface
  struct bfd_proto *bfd;
  sock *sk;
  sock *rx;
  u32 uc;
  u8 changed;
 };
@ -221,6 +223,7 @@ void bfd_show_sessions(struct proto *P);
 /* packets.c */
 void bfd_send_ctl(struct bfd_proto *p, struct bfd_session *s, int final);
 sock * bfd_open_rx_sk(struct bfd_proto *p, int multihop, int inet_version);
 sock * bfd_open_rx_sk_bound(struct bfd_proto *p, ip_addr local, struct iface *ifa);
 sock * bfd_open_tx_sk(struct bfd_proto *p, ip_addr local, struct iface *ifa);
--- a/proto/bfd/config.Y
+++ b/proto/bfd/config.Y
@ -23,7 +23,8 @@ CF_DECLS
 CF_KEYWORDS(BFD, MIN, IDLE, RX, TX, INTERVAL, MULTIPLIER, PASSIVE,
 	INTERFACE, MULTIHOP, NEIGHBOR, DEV, LOCAL, AUTHENTICATION,
-	NONE, SIMPLE, METICULOUS, KEYED, MD5, SHA1, IPV4, IPV6, DIRECT)
+	NONE, SIMPLE, METICULOUS, KEYED, MD5, SHA1, IPV4, IPV6, DIRECT,
 	STRICT, BIND)
 %type <iface> bfd_neigh_iface
 %type <a> bfd_neigh_local
@ -48,6 +49,7 @@ bfd_proto_item:
 | INTERFACE bfd_iface
 | MULTIHOP bfd_multihop
 | NEIGHBOR bfd_neighbor
 | STRICT BIND bool { BFD_CFG->strict_bind = $3; }
 ;
 bfd_proto_opts:
--- a/proto/bfd/packets.c
+++ b/proto/bfd/packets.c
@ -366,7 +366,9 @@ bfd_rx_hook(sock *sk, uint len)
    if (ps > BFD_STATE_DOWN)
      DROP("invalid init state", ps);
-    uint ifindex = (sk->sport == BFD_CONTROL_PORT) ? sk->lifindex : 0;
+    uint ifindex = (sk->sport == BFD_CONTROL_PORT) ?
      (sk->iface ? sk->iface->index : sk->lifindex) :
      0;
    s = bfd_find_session_by_addr(p, sk->faddr, ifindex);
    /* FIXME: better session matching and message */
@ -438,6 +440,38 @@ bfd_open_rx_sk(struct bfd_proto *p, int multihop, int af)
  return NULL;
 }
 sock *
 bfd_open_rx_sk_bound(struct bfd_proto *p, ip_addr local, struct iface *ifa)
 {
  sock *sk = sk_new(p->tpool);
  sk->type = SK_UDP;
  sk->saddr = local;
  sk->sport = ifa ? BFD_CONTROL_PORT : BFD_MULTI_CTL_PORT;
  sk->iface = ifa;
  sk->vrf = p->p.vrf;
  sk->data = p;
  sk->rbsize = BFD_MAX_LEN;
  sk->rx_hook = bfd_rx_hook;
  sk->err_hook = bfd_err_hook;
  /* TODO: configurable ToS and priority */
  sk->tos = IP_PREC_INTERNET_CONTROL;
  sk->priority = sk_priority_control;
  sk->flags = SKF_THREAD | SKF_BIND | (ifa ? SKF_TTL_RX : 0);
  if (sk_open(sk) < 0)
    goto err;
  sk_start(sk);
  return sk;
 err:
  sk_log_error(sk, p->p.name);
  rfree(sk);
  return NULL;
 }
 sock *
 bfd_open_tx_sk(struct bfd_proto *p, ip_addr local, struct iface *ifa)
 {
--- a/proto/bgp/attrs.c
+++ b/proto/bgp/attrs.c
@ -1465,7 +1465,7 @@ bgp_finish_attrs(struct bgp_parse_state *s, rta *a)
 #define RBH_FN(a,h)		h
 #define RBH_REHASH		bgp_rbh_rehash
-#define RBH_PARAMS		/8, *2, 2, 2, 8, 20
+#define RBH_PARAMS		/8, *2, 2, 2, 12, 20
 HASH_DEFINE_REHASH_FN(RBH, struct bgp_bucket)
@ -1607,7 +1607,7 @@ bgp_withdraw_bucket(struct bgp_channel *c, struct bgp_bucket *b)
 #define PXH_FN(n,i,h)		h
 #define PXH_REHASH		bgp_pxh_rehash
-#define PXH_PARAMS		/8, *2, 2, 2, 8, 24
+#define PXH_PARAMS		/8, *2, 2, 2, 12, 24
 HASH_DEFINE_REHASH_FN(PXH, struct bgp_prefix)
@ -1633,7 +1633,8 @@ bgp_free_prefix_table(struct bgp_channel *c)
 static struct bgp_prefix *
 bgp_get_prefix(struct bgp_channel *c, const net_addr *net, u32 path_id)
 {
-  u32 hash = net_hash(net) ^ u32_hash(path_id);
+  /* We must use a different hash function than the rtable */
  u32 hash = u32_hash(net_hash(net) ^ u32_hash(path_id));
  struct bgp_prefix *px = HASH_FIND(c->prefix_hash, PXH, net, path_id, hash);
  if (px)
--- a/proto/bgp/bgp.c
+++ b/proto/bgp/bgp.c
@ -2467,6 +2467,9 @@ bgp_show_proto_info(struct proto *P)
  else
    cli_msg(-1006, "    Neighbor address: %I%J", p->remote_ip, p->cf->iface);
  if ((p->conn == &p->outgoing_conn) && (p->cf->remote_port != BGP_PORT))
    cli_msg(-1006, "    Neighbor port:    %u", p->cf->remote_port);
  cli_msg(-1006, "    Neighbor AS:      %u", p->remote_as);
  cli_msg(-1006, "    Local AS:         %u", p->cf->local_as);
--- a/proto/rpki/rpki.c
+++ b/proto/rpki/rpki.c
@ -834,16 +834,27 @@ rpki_show_proto_info(struct proto *P)
  if (cache)
  {
    const char *transport_name = "---";
    uint default_port = 0;
    switch (cf->tr_config.type)
    {
 #if HAVE_LIBSSH
-    case RPKI_TR_SSH: transport_name = "SSHv2"; break;
+    case RPKI_TR_SSH:
      transport_name = "SSHv2";
      default_port = RPKI_SSH_PORT;
      break;
 #endif
-    case RPKI_TR_TCP: transport_name = "Unprotected over TCP"; break;
+    case RPKI_TR_TCP:
      transport_name = "Unprotected over TCP";
      default_port = RPKI_TCP_PORT;
      break;
    };
    cli_msg(-1006, "  Cache server:     %s", cf->hostname);
    if (cf->port != default_port)
      cli_msg(-1006, "  Cache port:       %u", cf->port);
    cli_msg(-1006, "  Status:           %s", rpki_cache_state_to_str(cache->state));
    cli_msg(-1006, "  Transport:        %s", transport_name);
    cli_msg(-1006, "  Protocol version: %u", cache->version);
--- a/proto/rpki/transport.c
+++ b/proto/rpki/transport.c
@ -85,6 +85,7 @@ rpki_tr_open(struct rpki_tr_sock *tr)
  sk->rbsize = RPKI_RX_BUFFER_SIZE;
  sk->tbsize = RPKI_TX_BUFFER_SIZE;
  sk->tos = IP_PREC_INTERNET_CONTROL;
  sk->vrf = cache->p->p.vrf;
  if (ipa_zero(sk->daddr) && sk->host)
  {
--- a/sysdep/linux/netlink.c.orig
+++ b/sysdep/linux/netlink.c.orig