Add the RPKI protocol (RFC 6810) using the RTRLib
(http://rpki.realmv6.org/) that is integrated inside
the BIRD's code.
Implemeted transports are:
- unprotected transport over TCP
- secure transport over SSHv2
The code should work properly with one cache server per protocol.
A compilation has to be hacked with:
$ ./configure LIBS='-lssh' ...
Example configuration of bird.conf:
...
roa table roatable;
protocol rpki {
roa table roatable;
cache "rpki-validator.realmv6.org";
}
protocol rpki {
roa table roatable;
cache "localhost" {
port 2222;
ssh encryption {
bird private key "/home/birdgeek/.ssh/id_rsa";
cache public key "/home/birdgeek/.ssh/known_hosts";
user "birdgeek";
};
};
}
...
TODO list:
- load libssh2 using dlopen
- support more cache servers per protocol
Symbol lookup by cf_find_symbol() not only did the lookup but also added
new void symbols allocated from cfg_mem linpool, which gets broken when
lookups are done outside of config parsing, which may lead to crashes
during reconfiguration.
The patch separates lookup-only cf_find_symbol() and config-modifying
cf_get_symbol(), while the later is called only during parsing. Also
new_config and cfg_mem global variables are NULLed outside of parsing.
Permit specifying neighbor address, AS number and port independently.
Add 'interface' parameter for specifying interface for link-local
sessions independently.
Thanks to Alexander V. Chernikov for the original patch.
Router ID could be automatically determined based of subset of
ifaces/addresses specified by 'router id from' option. The patch also
does some minor changes related to router ID reconfiguration.
Thanks to Alexander V. Chernikov for most of the work.
Several new configure command variants:
configure undo - undo last reconfiguration
configure timeout - configure with scheduled undo if not confirmed in timeout
configure confirm - confirm last configuration
configure check - just parse and validate config file
- ROA tables, which are used as a basic part for RPKI.
- Commands for examining and modifying ROA tables.
- Filter operators based on ROA tables consistent with RFC 6483.
- Fixes several conflicts in the grammar.
- Fixes a bug in (a..b, c) pair patterns.
- Makes pair patterns orthogonal.
- Allows term expressions in pair patterns without additional ( ).
- Allows several comma separated values in switch cases.
The old BIRD grammar needs two lookaheads to distinguish if..else from
else: in case, which caused the parser to fail on some combinations of
both expressions.
This patch replaces two tokens 'else' ':' by one token 'else:' to fix
that.
- Adds check to deny config file with no specified protocol to prevent
loading of empty config file.
- Moves CLI init before config parse to receive immediate error message
when cannot open control socket.
- Fixes socket name path check and other error handling in CLI init.
Previous version of Makefile executed Bison two times (in parallel),
because of two specified targets. I am not sure wheter this is the best
fix.
Previon