From 44e351d1522f0099687aac9fd65dcea73a04af43 Mon Sep 17 00:00:00 2001 From: Maria Matejka Date: Fri, 8 Dec 2023 20:53:20 +0100 Subject: [PATCH 1/4] RPKI: retry timer doesn't reset connections when more data is pending With very busy deployments, RPKI may kill cache connection too early. Instead of that, we want it to keep loading if any data is waiting to be read and the reason for delay is just our congestion. Also, when we kill the session because of actually slow cache, we want to reload from scratch as the data we have is unreliable and nobody knows whether the state is still valid. --- proto/rpki/rpki.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/proto/rpki/rpki.c b/proto/rpki/rpki.c index 3e321627..4ec48e3b 100644 --- a/proto/rpki/rpki.c +++ b/proto/rpki/rpki.c @@ -295,6 +295,7 @@ rpki_cache_change_state(struct rpki_cache *cache, const enum rpki_cache_state ne rpki_close_connection(cache); rpki_schedule_next_retry(cache); rpki_stop_refresh_timer_event(cache); + cache->request_session_id = 1; break; case RPKI_CS_FAST_RECONNECT: @@ -365,12 +366,11 @@ rpki_stop_expire_timer_event(struct rpki_cache *cache) } static int -rpki_do_we_recv_prefix_pdu_in_last_seconds(struct rpki_cache *cache) +rpki_sync_is_stuck(struct rpki_cache *cache) { - if (!cache->last_rx_prefix) - return 0; - - return ((current_time() - cache->last_rx_prefix) <= 2 S); + return !sk_rx_ready(cache->tr_sock->sk) && ( + !cache->last_rx_prefix || (current_time() - cache->last_rx_prefix > 10 S) + ); } /** @@ -402,7 +402,7 @@ rpki_refresh_hook(timer *tm) /* We sent Serial/Reset Query in last refresh hook call * and we got Cache Response but didn't get End-Of-Data yet. * It could be a trouble with network or only too long synchronization. */ - if (!rpki_do_we_recv_prefix_pdu_in_last_seconds(cache)) + if (rpki_sync_is_stuck(cache)) { CACHE_TRACE(D_EVENTS, cache, "Sync takes more time than refresh interval %us, resetting connection", cache->refresh_interval); rpki_cache_change_state(cache, RPKI_CS_ERROR_TRANSPORT); @@ -443,7 +443,7 @@ rpki_retry_hook(timer *tm) case RPKI_CS_CONNECTING: case RPKI_CS_SYNC_START: case RPKI_CS_SYNC_RUNNING: - if (!rpki_do_we_recv_prefix_pdu_in_last_seconds(cache)) + if (rpki_sync_is_stuck(cache)) { /* We tried to establish a connection in last retry hook call and haven't done * yet. It looks like troubles with network. We are aggressive here. */ From d21a508e8d9210f5b3b60d8fc8b79a344d4a7440 Mon Sep 17 00:00:00 2001 From: Ondrej Zajicek Date: Thu, 21 Mar 2024 15:59:26 +0100 Subject: [PATCH 2/4] Revert "OSPF: On physical PtP links, skip next-hop resolving" This reverts commit 31aa62ae6d2e111e87c08b4b27a16ead968f0689. --- proto/ospf/rt.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/proto/ospf/rt.c b/proto/ospf/rt.c index efcd4e17..471bb586 100644 --- a/proto/ospf/rt.c +++ b/proto/ospf/rt.c @@ -1796,12 +1796,7 @@ calc_next_hop(struct ospf_area *oa, struct top_hash_entry *en, if (ifa->type == OSPF_IT_VLINK) return new_nexthop(p, IPA_NONE, NULL, 0); - /* - * The type of the ospf_iface is PtP and the iface is a physical PtP link, - * so we can simply use the iface, and skip further resolving. - */ - if (ifa->type == OSPF_IT_PTP && !(ifa->iface->flags & IF_MULTIACCESS)) - return new_nexthop(p, IPA_NONE, ifa->iface, ifa->ecmp_weight); + /* FIXME: On physical PtP links we may skip next-hop altogether */ if (ospf_is_v2(p) || ospf_is_ip6(p)) { From a698f8d917af8e9b421a667766a42f45e9359616 Mon Sep 17 00:00:00 2001 From: Ondrej Zajicek Date: Fri, 22 Mar 2024 00:40:06 +0100 Subject: [PATCH 3/4] Static: Fix invalid combination of nexthop options BFD requires defined local IP, but for nexthop with onlink there might not be such address. So we reject this combination of nexthop options. This prevent crash where such combination of options is used. --- proto/static/config.Y | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/proto/static/config.Y b/proto/static/config.Y index 7b282898..f1825edf 100644 --- a/proto/static/config.Y +++ b/proto/static/config.Y @@ -95,6 +95,8 @@ stat_nexthop: } | stat_nexthop ONLINK bool { this_snh->onlink = $3; + if (this_snh->use_bfd && this_snh->onlink) + cf_error("Options 'bfd' and 'onlink' cannot be combined"); } | stat_nexthop WEIGHT expr { this_snh->weight = $3 - 1; @@ -102,6 +104,8 @@ stat_nexthop: } | stat_nexthop BFD bool { this_snh->use_bfd = $3; cf_check_bfd($3); + if (this_snh->use_bfd && this_snh->onlink) + cf_error("Options 'bfd' and 'onlink' cannot be combined"); } ; From 0b684a43bd7ce4a32c9cd7754b88286bcd1815bb Mon Sep 17 00:00:00 2001 From: Ondrej Zajicek Date: Fri, 22 Mar 2024 01:40:43 +0100 Subject: [PATCH 4/4] NEWS and version update --- NEWS | 6 ++++++ misc/bird.spec | 2 +- sysdep/config.h | 2 +- 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/NEWS b/NEWS index 0637fc24..4016179a 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,9 @@ +Version 2.15.1 (2024-03-22) + o OSPF: Fix regression in handling PtP links + o RPKI: Handle connection resets properly + o Static: Reject invalid combination of options + o Fix builds with limited set of protocols + Version 2.15 (2024-03-10) o BGP: Send hold timer o BGP: New options to specify required BGP capabilities diff --git a/misc/bird.spec b/misc/bird.spec index 14118ef2..39bfc4e7 100644 --- a/misc/bird.spec +++ b/misc/bird.spec @@ -1,6 +1,6 @@ Summary: BIRD Internet Routing Daemon Name: bird -Version: 2.15 +Version: 2.15.1 Release: 1 Copyright: GPL Group: Networking/Daemons diff --git a/sysdep/config.h b/sysdep/config.h index 54aa4021..56f3b0d5 100644 --- a/sysdep/config.h +++ b/sysdep/config.h @@ -13,7 +13,7 @@ #ifdef GIT_LABEL #define BIRD_VERSION XSTR1(GIT_LABEL) #else -#define BIRD_VERSION "2.15" +#define BIRD_VERSION "2.15.1" #endif /* Include parameters determined by configure script */