0
0
mirror of https://gitlab.nic.cz/labs/bird.git synced 2024-12-22 09:41:54 +00:00
Commit Graph

5307 Commits

Author SHA1 Message Date
Job Snijders
8dc2a36ae5 RPKI: Add TCP-MD5 authentication option
RPKI-To-Router (RTR) sessions seem to be similar security-sensitivity as
IBGP sessions. BIRD already offered a choice of either "plain TCP" (meh)
or "SSH" (secure, albeit a bit more hassle to set up than TCP-MD5).
The patch adds TCP-MD5 as another option. TCP-MD5 for RTR is specified
through RFC 6810 section 7.3 and RFC 8210 section 9.3.

Minor changes by committer.
2024-10-03 16:25:29 +02:00
Katerina Kubecova
716472957b Kernel: protocol shuts down synchronously
Before this commit, on kernel shutdown, the routes were re-exported by
the regular export but treated as withdraw. This was too hairy and
caused unnecessary complexity of the protocol's state machine.

Instead of that, we found out that it makes more sense to just refeed
the routes synchronously and convert to withdraw. This is done by the
direct export access instead of the channel.

It would (maybe) make more sense to run export filters on this in case
the export filter updates the krt_metric attribute, but as this doesn't
work on regular withdraw anyway, it's better for now to just let it be
and maybe somebody in the future fixes this issue.
2024-09-30 10:04:36 +02:00
Maria Matejka
5daec239c4 Renamed my past self in commit authorship and mentioned that in the contributing policy 2024-08-29 14:38:58 +02:00
Maria Matejka
2ba6e797cc Fixed a stupid bug in parse-and-exit mode
Introduced in 08ff0af898, the additional CLI
configuration wasn't properly initialized in the parse-and-exit mode
due to an oversight that cli_init_unix() is not called in this mode.

Thanks to Felix Friedlander for the bugreport.
2024-08-29 14:37:19 +02:00
Fabrice Fontaine
404e82616d configure.ac: properly evaluate ac_test_CFLAGS
Since autoconf 2.69 and
https://git.savannah.gnu.org/cgit/autoconf.git/commit/?id=76754e04fce5f6a7701bec57b057020585df2ae3
ac_test_CFLAGS is set to ${CFLAGS+y} instead of ${CFLAGS+set}.

Just test that ac_test_CFLAGS is not empty, to support both cases.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2024-08-27 14:54:07 +02:00
Ondrej Zajicek
acbdc29d57 Lib: Expand timer recurrence to 64b
The period of recurent timers was stored in 32b field, despite it was
btime-compatible value in us. Therefore, it was limited to ~72 min,
which mas okay for most purposes, except configurable MRT dump periods.

Thanks to Felix Friedlander for the bugreport.
2024-08-27 14:28:41 +02:00
Ondrej Zajicek
5214d7e59f IO: Ensure that socket rcvbuf is large enough
The socket structure has the field rbsize (receive buffer size), which
controls the size of the userspace receive buffer. There is also kernel
receive buffer, which in some cases may be smaller (e.g. on FreeBSD it
is by default ~8k). The patch ensures that the kernel receive buffer is
as large as the userspace receive buffer.
2024-08-01 14:55:05 +02:00
Ondrej Zajicek
c9836207f5 IO: Fix missing return introduced in one of earlier patches 2024-07-30 16:42:32 +02:00
Ondrej Zajicek
df22b3140c IO: Avoid re-binding accepted sockets to VRF
When VRFs are used, BIRD correctly binds listening (and connecting)
sockets to their VRFs but also re-binds accepted sockets to the same VRF.
This is not needed as the interface bind is inherited in this case, and
indeed this redundant bind causes an -EPERM if BIRD is running as
non-root making BIRD close the connection and reject the peer.

Thanks to Christian Svensson for the original patch and Alexander Zubkov
for suggestions.
2024-07-30 16:33:51 +02:00
Maria Matejka
e787a9210f NEWS and version update 2024-07-01 15:34:06 +02:00
Maria Matejka
5ea6423cb9 Fixed secondary route export 2024-06-28 22:03:45 +02:00
Maria Matejka
d53582c9a1 show threads: displaying the same thread id's as in log 2024-06-28 22:03:45 +02:00
Maria Matejka
c2480ff533 Export: Throw a warning instead of crashing on export_accepted_map inconsistency 2024-06-28 22:03:45 +02:00
Maria Matejka
edffd82057 Config undo queuing bug fixed 2024-06-28 22:03:45 +02:00
Maria Matejka
45fb9742f0 BGP runs TX as a deferred routine
This should help flushing the tx buffers as soon as possible.
2024-06-28 22:03:45 +02:00
Maria Matejka
6eea722d3f Forbid locking altogether when RCU reader is active 2024-06-28 22:03:45 +02:00
Maria Matejka
1e77e6e1b2 Flush deferred calls directly after the loop finished its one run 2024-06-28 22:03:45 +02:00
Maria Matejka
865bab6237 IO: Allow to take new loops if the thread is hot, but only one at time 2024-06-28 22:03:45 +02:00
Maria Matejka
18d069d663 Even on shutdown we should try to pass the freed memory to others 2024-06-27 08:22:15 +02:00
Maria Matejka
08ff0af898 Additional CLI sockets may now be restricted
This allows to have one main socket for the heavy operations
very restricted just for the appropriate users, whereas the
looking glass socket may be more open.

Implemented an idea originally submitted and requested by Akamai.
2024-06-27 04:14:39 +02:00
Maria Matejka
f3b6661ddd Additional CLI sockets can be now configured in the config file
If the user has such a need, they may configure additional sockets
in the config file. This may work for e.g. some advanced access control.
2024-06-27 04:14:38 +02:00
Maria Matejka
a95fff3793 CLI now has a configuration structure 2024-06-27 04:14:38 +02:00
Maria Matejka
09f50f3766 Typed lists: added forgotten #undef 2024-06-27 04:14:38 +02:00
Maria Matejka
f27004fb4d Backported typed list updates from v3
Source: dda37842dc
2024-06-27 04:14:38 +02:00
Maria Matejka
af73cc4215 Allocator now reports cold pages 2024-06-26 20:45:54 +02:00
Maria Matejka
aa11e82174 Filter unit test uncertainty hack 2024-06-26 18:30:17 +02:00
Maria Matejka
be2ba84e50 Tame improper xmalloc warning 2024-06-26 17:21:26 +02:00
Maria Matejka
b797444e94 Merge commit 'b95dc8f29f18eb177f91fdc4bf0716fac9b15366' into mq-config-ref
Also converted all _Bool's to bool.
2024-06-26 17:19:24 +02:00
Ondrej Zajicek
333c7e8536 Doc: Minor cleanups in BFD documentation 2024-06-26 16:38:03 +02:00
Alexander Zubkov
8a40bccffe BFD: Add option to accept zero checksum for IPv6 UDP packets
Some vendors do not fill the checksum for IPv6 UDP packets.
For interoperability with such implementations one can set
UDP_NO_CHECK6_RX socket option on Linux.

Thanks to Ville O for the suggestion.

Minor changes by committer.
2024-06-26 16:29:57 +02:00
Maria Matejka
16e53f3f30 channel roa reload debug message 2024-06-26 15:13:12 +02:00
Maria Matejka
2a6fe617b1 IO: allow for faster loop dropping 2024-06-26 11:30:48 +02:00
Maria Matejka
a4a7e09478 Revert "BGP: Export uses common attribute cache"
This reverts commit d01a7c2bda.

It seems that the performance penalty in global ea cache is actually
very high so returning back to local attribute caches in every BGP.
2024-06-26 11:30:48 +02:00
Maria Matejka
a9534186f1 Fixed fast subsequent reconfigurations bug 2024-06-26 11:30:41 +02:00
Maria Matejka
7d455d64ca Remove spinlock debug structures in production build 2024-06-26 11:30:41 +02:00
Maria Matejka
5b7fd453d4 BGP: show proto info crash fix if BGP is down 2024-06-26 11:30:41 +02:00
Maria Matejka
9f7874a5c9 BGP: using closer pointer for netindex hash than all the way to the table 2024-06-26 11:30:41 +02:00
Maria Matejka
8e67cba528 Linpool: allocation split to fast and slow 2024-06-26 11:30:41 +02:00
Maria Matejka
3d45539455 ROA aggregator uses its own rte source instead of recycling 2024-06-26 11:29:43 +02:00
Maria Matejka
6f981969bb RCU read lock optimization 2024-06-26 11:29:43 +02:00
Maria Matejka
d23db54da0 ROA: Switching off digestor splitting 2024-06-26 11:29:43 +02:00
Maria Matejka
4998ca5554 Route attribute usecount doesn't need to synchronize on unlock 2024-06-26 11:29:43 +02:00
Maria Matejka
2c4b368176 RPKI socket read is prioritized over other sockets 2024-06-26 11:29:43 +02:00
Maria Matejka
f9b46a1ba1 Refeed done hooks are called in the same order as the requests came in 2024-06-26 11:29:43 +02:00
Maria Matejka
0b6e752bd9 Conflating multiple partial ROA reload requests together 2024-06-26 11:29:43 +02:00
Maria Matejka
bd44a13ce5 Spinhash main lock removed
Spinhash now uses RCU instead to guard cur-new exchanges to avoid
excessive synchronization and cache misses on the main spinlock.
2024-06-26 11:29:12 +02:00
Maria Matejka
282066ee29 Moved the cork thresholds massively up
This allows for more efficient import and export bundling, including
best route export and next hop resolution.
2024-06-26 11:29:12 +02:00
Maria Matejka
9be90c0f84 Fixed a race condition in rcu-domain blocking 2024-06-19 12:36:55 +02:00
Maria Matejka
67875e76d9 Safer cleanup of table auxiliary routines 2024-06-19 12:36:55 +02:00
Maria Matejka
dda37842dc No page flush before polling
The maximum amount of locally kept pages is 128 so we can just
well keep the half-meg of RAM allocated and prepared for future use.
2024-06-18 11:02:51 +02:00