mirror of
https://gitlab.nic.cz/labs/bird.git
synced 2024-11-17 16:48:43 +00:00
Babel: Simplify auth expiration
Just use hello_expiry for that, keep init_expiry for initial unauthentized neighbors.
This commit is contained in:
Ondrej Zajicek (work)
parent
8eea396baf
commit
6d26f85395
@ -57,7 +57,6 @@ static void babel_send_seqno_request(struct babel_proto *p, struct babel_entry *
|
|||||||
static void babel_update_cost(struct babel_neighbor *n);
|
static void babel_update_cost(struct babel_neighbor *n);
|
||||||
static inline void babel_kick_timer(struct babel_proto *p);
|
static inline void babel_kick_timer(struct babel_proto *p);
|
||||||
static inline void babel_iface_kick_timer(struct babel_iface *ifa);
|
static inline void babel_iface_kick_timer(struct babel_iface *ifa);
|
||||||
static void babel_auth_init_neighbor(struct babel_neighbor *n);
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Functions to maintain data structures
|
* Functions to maintain data structures
|
||||||
@ -428,10 +427,10 @@ babel_get_neighbor(struct babel_iface *ifa, ip_addr addr)
|
|||||||
nbr->rxcost = BABEL_INFINITY;
|
nbr->rxcost = BABEL_INFINITY;
|
||||||
nbr->txcost = BABEL_INFINITY;
|
nbr->txcost = BABEL_INFINITY;
|
||||||
nbr->cost = BABEL_INFINITY;
|
nbr->cost = BABEL_INFINITY;
|
||||||
|
nbr->init_expiry = current_time() + BABEL_INITIAL_NEIGHBOR_TIMEOUT;
|
||||||
init_list(&nbr->routes);
|
init_list(&nbr->routes);
|
||||||
init_list(&nbr->requests);
|
init_list(&nbr->requests);
|
||||||
add_tail(&ifa->neigh_list, NODE nbr);
|
add_tail(&ifa->neigh_list, NODE nbr);
|
||||||
babel_auth_init_neighbor(nbr);
|
|
||||||
|
|
||||||
return nbr;
|
return nbr;
|
||||||
}
|
}
|
||||||
@ -511,11 +510,11 @@ babel_expire_neighbors(struct babel_proto *p)
|
|||||||
if (nbr->ihu_expiry && nbr->ihu_expiry <= now_)
|
if (nbr->ihu_expiry && nbr->ihu_expiry <= now_)
|
||||||
babel_expire_ihu(p, nbr);
|
babel_expire_ihu(p, nbr);
|
||||||
|
|
||||||
if (nbr->hello_expiry && nbr->hello_expiry <= now_)
|
if (nbr->init_expiry && nbr->init_expiry <= now_)
|
||||||
babel_expire_hello(p, nbr, now_);
|
{ babel_flush_neighbor(p, nbr); continue; }
|
||||||
|
|
||||||
if (nbr->auth_expiry && nbr->auth_expiry <= now_)
|
if (nbr->hello_expiry && nbr->hello_expiry <= now_)
|
||||||
babel_flush_neighbor(p, nbr);
|
{ babel_expire_hello(p, nbr, now_); continue; }
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -1115,6 +1114,9 @@ babel_update_hello_history(struct babel_neighbor *n, u16 seqno, uint interval)
|
|||||||
/* Update expiration */
|
/* Update expiration */
|
||||||
n->hello_expiry = current_time() + BABEL_HELLO_EXPIRY_FACTOR(interval);
|
n->hello_expiry = current_time() + BABEL_HELLO_EXPIRY_FACTOR(interval);
|
||||||
n->last_hello_int = interval;
|
n->last_hello_int = interval;
|
||||||
|
|
||||||
|
/* Disable initial timeout */
|
||||||
|
n->init_expiry = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -1413,20 +1415,6 @@ babel_auth_reset_index(struct babel_iface *ifa)
|
|||||||
ifa->auth_pc = 1;
|
ifa->auth_pc = 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* babel_auth_init_neighbor - Initialise authentication data for neighbor
|
|
||||||
* @n: Neighbor to initialise
|
|
||||||
*
|
|
||||||
* This function initialises the authentication-related state for a new neighbor
|
|
||||||
* that has just been created.
|
|
||||||
*/
|
|
||||||
void
|
|
||||||
babel_auth_init_neighbor(struct babel_neighbor *n)
|
|
||||||
{
|
|
||||||
if (n->ifa->cf->auth_type != BABEL_AUTH_NONE)
|
|
||||||
n->auth_expiry = current_time() + BABEL_AUTH_NEIGHBOR_TIMEOUT;
|
|
||||||
}
|
|
||||||
|
|
||||||
static void
|
static void
|
||||||
babel_auth_send_challenge_request(struct babel_iface *ifa, struct babel_neighbor *n)
|
babel_auth_send_challenge_request(struct babel_iface *ifa, struct babel_neighbor *n)
|
||||||
{
|
{
|
||||||
@ -1499,7 +1487,6 @@ babel_auth_check_pc(struct babel_iface *ifa, struct babel_msg_auth *msg)
|
|||||||
memcpy(n->auth_index, msg->index, msg->index_len);
|
memcpy(n->auth_index, msg->index, msg->index_len);
|
||||||
|
|
||||||
n->auth_pc = msg->pc;
|
n->auth_pc = msg->pc;
|
||||||
n->auth_expiry = current_time() + BABEL_AUTH_NEIGHBOR_TIMEOUT;
|
|
||||||
n->auth_passed = 1;
|
n->auth_passed = 1;
|
||||||
|
|
||||||
return 1;
|
return 1;
|
||||||
@ -1528,7 +1515,6 @@ babel_auth_check_pc(struct babel_iface *ifa, struct babel_msg_auth *msg)
|
|||||||
}
|
}
|
||||||
|
|
||||||
n->auth_pc = msg->pc;
|
n->auth_pc = msg->pc;
|
||||||
n->auth_expiry = current_time() + BABEL_AUTH_NEIGHBOR_TIMEOUT;
|
|
||||||
n->auth_passed = 1;
|
n->auth_passed = 1;
|
||||||
|
|
||||||
return 1;
|
return 1;
|
||||||
@ -2116,7 +2102,7 @@ babel_show_neighbors(struct proto *P, const char *iff)
|
|||||||
rts++;
|
rts++;
|
||||||
|
|
||||||
uint hellos = u32_popcount(n->hello_map);
|
uint hellos = u32_popcount(n->hello_map);
|
||||||
btime timer = (n->hello_expiry ?: n->auth_expiry) - current_time();
|
btime timer = (n->hello_expiry ?: n->init_expiry) - current_time();
|
||||||
cli_msg(-1024, "%-25I %-10s %6u %6u %6u %7t %-4s",
|
cli_msg(-1024, "%-25I %-10s %6u %6u %6u %7t %-4s",
|
||||||
n->addr, ifa->iface->name, n->cost, rts, hellos, MAX(timer, 0),
|
n->addr, ifa->iface->name, n->cost, rts, hellos, MAX(timer, 0),
|
||||||
n->auth_passed ? "Yes" : "No");
|
n->auth_passed ? "Yes" : "No");
|
||||||
|
|||||||
@ -52,6 +52,7 @@
|
|||||||
#define BABEL_RXCOST_WIRELESS 256
|
#define BABEL_RXCOST_WIRELESS 256
|
||||||
#define BABEL_INITIAL_HOP_COUNT 255
|
#define BABEL_INITIAL_HOP_COUNT 255
|
||||||
#define BABEL_MAX_SEND_INTERVAL 5 /* Unused ? */
|
#define BABEL_MAX_SEND_INTERVAL 5 /* Unused ? */
|
||||||
|
#define BABEL_INITIAL_NEIGHBOR_TIMEOUT (60 S_)
|
||||||
|
|
||||||
/* Max interval that will not overflow when carried as 16-bit centiseconds */
|
/* Max interval that will not overflow when carried as 16-bit centiseconds */
|
||||||
#define BABEL_TIME_UNITS 10000 /* On-wire times are counted in centiseconds */
|
#define BABEL_TIME_UNITS 10000 /* On-wire times are counted in centiseconds */
|
||||||
@ -67,7 +68,6 @@
|
|||||||
#define BABEL_AUTH_NONCE_LEN 10 /* we send 80 bit nonces */
|
#define BABEL_AUTH_NONCE_LEN 10 /* we send 80 bit nonces */
|
||||||
#define BABEL_AUTH_MAX_NONCE_LEN 192 /* max allowed by spec */
|
#define BABEL_AUTH_MAX_NONCE_LEN 192 /* max allowed by spec */
|
||||||
#define BABEL_AUTH_INDEX_LEN 32 /* max size in spec */
|
#define BABEL_AUTH_INDEX_LEN 32 /* max size in spec */
|
||||||
#define BABEL_AUTH_NEIGHBOR_TIMEOUT (300 S_)
|
|
||||||
#define BABEL_AUTH_CHALLENGE_TIMEOUT (30 S_)
|
#define BABEL_AUTH_CHALLENGE_TIMEOUT (30 S_)
|
||||||
#define BABEL_AUTH_CHALLENGE_INTERVAL (300 MS_) /* used for both challenges and replies */
|
#define BABEL_AUTH_CHALLENGE_INTERVAL (300 MS_) /* used for both challenges and replies */
|
||||||
|
|
||||||
@ -236,7 +236,7 @@ struct babel_neighbor {
|
|||||||
/* expiry timers */
|
/* expiry timers */
|
||||||
btime hello_expiry;
|
btime hello_expiry;
|
||||||
btime ihu_expiry;
|
btime ihu_expiry;
|
||||||
btime auth_expiry;
|
btime init_expiry;
|
||||||
|
|
||||||
list routes; /* Routes this neighbour has sent us (struct babel_route) */
|
list routes; /* Routes this neighbour has sent us (struct babel_route) */
|
||||||
list requests; /* Seqno requests bound to this neighbor */
|
list requests; /* Seqno requests bound to this neighbor */
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user