0
0
mirror of https://gitlab.nic.cz/labs/bird.git synced 2024-11-14 23:28:43 +00:00
Commit Graph

630 Commits

Author SHA1 Message Date
Maria Matejka
702c04fbef Removing the route scope attribute. Use custom attributes instead.
The route scope attribute was used for simple user route marking. As
there is a better tool for this (custom attributes), the old and limited
way can be dropped.
2022-05-04 15:39:21 +02:00
Maria Matejka
337c04c45e Moved route preference to eattrs 2022-05-04 15:39:21 +02:00
Vincent Bernat
207ac48533 Doc: fix mating -> matching in flowspec section 2022-04-22 17:06:27 +02:00
Ondrej Zajicek (work)
692055e3df BFD: Add 'strict bind' option
Add BFD protocol option 'strict bind' to use separate listening socket
for each BFD interface bound to its address instead of using shared
listening sockets.
2022-04-07 19:33:40 +02:00
Maria Matejka
4eeae48214 Merge commit '56c8f2f0' into haugesund
Conflicts:
	nest/route.h
	nest/rt-table.c
2022-03-09 13:49:31 +01:00
Maria Matejka
24773af9e0 Merge commit 'e42eedb9' into haugesund 2022-03-09 11:02:55 +01:00
Ondrej Filip
7404a21580 Minor doc and gendist changes 2022-03-02 10:38:15 +01:00
Ondrej Filip
9b13fa4d9c Small changes related to the new release 2022-02-20 14:28:06 +01:00
Maria Matejka
a6fc31f153 Blogpost about performance + data. 2022-02-07 22:35:41 +01:00
Ondrej Zajicek (work)
53a2540687 Merge branch 'oz-trie-table' 2022-02-06 23:42:10 +01:00
Ondrej Zajicek (work)
d0f9a77f64 Doc: Describe routing table options 2022-02-06 23:27:13 +01:00
Ondrej Zajicek (work)
1f2eb2aca8 BGP: Implement flowspec validation procedure
Implement flowspec validation procedure as described in RFC 8955 sec. 6
and RFC 9117. The Validation procedure enforces that only routers in the
forwarding path for a network can originate flowspec rules for that
network.

The patch adds new mechanism for tracking inter-table dependencies, which
is necessary as the flowspec validation depends on IP routes, and flowspec
rules must be revalidated when best IP routes change.

The validation procedure is disabled by default and requires that
relevant IP table uses trie, as it uses interval queries for subnets.
2022-02-06 23:27:13 +01:00
Maria Matejka
fe840ddad9 Merge commit 'a9646efd40569f3a1d749bc1bd13219876b33a00' into sark-bgp-rebased 2022-02-04 15:26:36 +01:00
Maria Matejka
92e48894c3 Merge commit '75aceadaf746f8ed0acce0424f89903283dacf16' into sark-bgp-rebased 2022-02-04 15:21:16 +01:00
Maria Matejka
28a43d53e7 Merge commit '00410fd6c17697a5919cb32a44f7117dd3a0834a' into sark-bgp-rebased 2022-02-04 15:18:48 +01:00
Maria Matejka
d62a3d0274 Thread performance: Moved graph key to left top corner where it fits better 2022-02-04 15:18:44 +01:00
Maria Matejka
b554457e5e Thread documentation: Final version of chapter 3 2022-02-04 15:18:06 +01:00
Maria Matejka
765c940094 Thread documentation: Rewritten chapter 3 on loops and locks once again 2022-02-03 22:42:26 +01:00
Maria Matejka
935b0b7124 Performance data of sark vs. v2.0.8 with a chart generator 2022-02-03 10:03:17 +01:00
Ondrej Zajicek (work)
81ee6cda2e Netlink: Add option to specify netlink socket receive buffer size
Add option 'netlink rx buffer' to specify netlink socket receive buffer
size. Uses SO_RCVBUFFORCE, so it can override rmem_max limit.

Thanks to Trisha Biswas and Michal for the original patches.
2022-01-17 05:11:29 +01:00
Ondrej Zajicek (work)
60e9def9ef BGP: Add option 'free bind'
The BGP 'free bind' option applies the IP_FREEBIND/IPV6_FREEBIND
socket option for the BGP listening socket.

Thanks to Alexander Zubkov for the idea.
2022-01-09 02:44:32 +01:00
Alexander Zubkov
77042292ff Doc: Document min/max operators for lists 2021-12-28 04:09:36 +01:00
Alexander Zubkov
e15e465720 Doc: Document community components access operators 2021-12-28 04:07:09 +01:00
Maria Matejka
ffa6a51c58 Thread documentation: Chapter 4 on memory management 2021-12-22 15:35:49 +01:00
Simon Ruderich
00410fd6c1 Doc: bgp: remove "advertise ipv4"
The option was removed in d15b0b0a ("BGP redesign", 2016-12-07)
but the documentation wasn't updated.
2021-12-18 03:17:48 +01:00
Maria Matejka
a840170e84 Thread documentation: Completely rewritten chapter 3 on loops and locks 2021-12-08 20:31:12 +01:00
Maria Matejka
827c78297e Final version of asynchronous export documentation 2021-12-08 12:39:48 +01:00
Maria Matejka
b6612ec792 Thread documentation: chapter 3, coroutines and locking 2021-12-08 12:39:36 +01:00
Maria Matejka
f459deee9f Thread documentation: chapters 0, 1 and 2 2021-12-08 12:39:28 +01:00
Maria Matejka
56c8f2f03a Nest: Route generations and explicit tracking route propagion through pipes 2021-11-09 19:20:41 +01:00
Maria Matejka
3660f19dd5 Dropping the RTS_DUMMY temporary route storage.
Kernel route sync is done by other ways now and this code is not used
currently.
2021-10-13 19:09:04 +02:00
Maria Matejka
6cd3771378 Multipage allocation
We can also quite simply allocate bigger blocks. Anyway, we need these
blocks to be aligned to their size which needs one mmap() two times
bigger and then two munmap()s returning the unaligned parts.

The user can specify -B <N> on startup when <N> is the exponent of 2,
setting the block size to 2^N. On most systems, N is 12, anyway if you
know that your configuration is going to eat gigabytes of RAM, you are
almost forced to raise your block size as you may easily get into memory
fragmentation issues or you have to raise your maximum mapping count,
e.g. "sysctl vm.max_map_count=(number)".
2021-10-13 19:01:22 +02:00
Ondrej Zajicek (work)
596f2e32e3 Nest: Allow both 'password' and 'key' keywords for authentication keys 2021-06-09 19:54:01 +02:00
Ondrej Zajicek (work)
b174cc0abc Babel: Add MAC authentication support - update
Some cleanups and bugfixes to the previous patch, including:

 - Fix rate limiting in index mismatch check

 - Fix missing BABEL_AUTH_INDEX_LEN in auth_tx_overhead computation

 - Fix missing auth_tx_overhead recalculation during reconfiguration

 - Fix pseudoheader construction in babel_auth_sign() (sport vs fport)

 - Fix typecasts for ptrdiffs in log messages

 - Make auth log messages similar to corresponding RIP/OSPF ones

 - Change auth log messages for events that happen during regular
   operation to debug messages

 - Switch meaning of babel_auth_check*() functions for consistency
   with corresponding RIP/OSPF ones

 - Remove requirement for min/max key length, only those required by
   given MAC code are enforced
2021-06-06 16:28:18 +02:00
Toke Høiland-Jørgensen
b218a28f61 Babel: Add MAC authentication support
This implements support for MAC authentication in the Babel protocol, as
specified by RFC 8967. The implementation seeks to follow the RFC as close
as possible, with the only deliberate deviation being the addition of
support for all the HMAC algorithms already supported by Bird, as well as
the Blake2b variant of the Blake algorithm.

For description of applicability, assumptions and security properties,
see RFC 8967 sections 1.1 and 1.2.
2021-06-06 16:28:18 +02:00
Toke Høiland-Jørgensen
35f88b305a Nest: Allow specifying security keys as hex bytes as well as strings
Add support for specifying a password in hexadecimal format, The result
is the same whether a password is specified as a quoted string or a
hex-encoded byte string, this just makes it more convenient to input
high-entropy byte strings as MAC keys.
2021-06-06 16:28:18 +02:00
Toke Høiland-Jørgensen
725d9af94a Lib: Add Blake2s and Blake2b hash functions
The Babel MAC authentication RFC recommends implementing Blake2s as one of
the supported algorithms. In order to achieve do this, add the blake2b and
blake2s hash functions for MAC authentication. The hashing function
implementations are the reference implementations from blake2.net.

The Blake2 algorithms allow specifying an arbitrary output size, and the
Babel MAC spec says to implement Blake2s with 128-bit output. To satisfy
this, we add two different variants of each of the algorithms, one using
the default size (256 bits for Blake2s, 512 bits for Blake2b), and one
using half the default output size.

Update to BIRD coding style done by committer.
2021-06-06 16:26:58 +02:00
Ondrej Zajicek (work)
c3c691e95c Flowspec: Documentation update 2021-05-18 20:41:01 +02:00
Ondrej Zajicek (work)
dd8481cc1c Flowspec: Do not use comma for bitmask operators
For numeric operators, comma is used for disjunction in expressions like
"10, 20, 30..40". But for bitmask operators, comma is used for
conjunction in a way that does not really make much sense. Use always
explicit logical operators (&& and ||) to connect bitmask operators.

Thanks to Matt Corallo for the bugreport.
2021-05-18 19:54:18 +02:00
Trisha Biswas
e5468d1685 Filter: Add MPLS label route attribute
Add support to set or read outgoing MPLS labels using filters. Currently
this supports the addition of one label per route for the first next hop.

Minor changes by committer.
2021-05-17 17:50:04 +02:00
Ondrej Zajicek (work)
58510024be Doc: Include full LinuxDocTools code
BIRD uses hacked LinuxDocTools for building documentation, keeping some
parts locally and using remaining parts from system-installed one. This
setup breaks when LinuxDocTools makes some internal changes and is hard
to keep consistent.

Just include full LinuxDocTools code (both hacked and unmodified parts)
to avoid consistency issues. Note that we still need some binaries from
LinuxDocTools, so it still needs to be installed to build documentation.
2021-04-25 02:21:05 +02:00
Ondrej Zajicek (work)
5caf32efa2 Doc: Fix flowspec example
Thanks to Matt Corallo for the bugreport.
2021-04-03 20:09:32 +02:00
Ondrej Zajicek (work)
0d1a11cca3 Doc: Document automatic RPKI reload 2021-03-15 17:51:33 +01:00
Ondrej Zajicek (work)
6489a2450e Doc: Document channel debug options 2021-03-15 16:16:32 +01:00
Vincent Bernat
714238716e BGP: Add support for BGP hostname capability
This is an implementation of draft-walton-bgp-hostname-capability-02.
It is implemented since quite some time for FRR and in datacenter, this
gives a nice output to avoid using IP addresses.

It is disabled by default. The hostname is retrieved from uname(2) and
can be overriden with "hostname" option. The domain name is never set
nor displayed.

Minor changes by committer.
2021-02-10 16:53:57 +01:00
Ondrej Zajicek (work)
a141959f07 Doc: Describe per-nexthop static route options
Also remove description of (no longer supported) per-route 'bfd' option,
and add examples of IPv6 routes with link-local nexthops.
2021-01-07 01:20:56 +01:00
Ondrej Zajicek (work)
4155104c90 BGP: Deprecate 'missing lladdr' option
The option is not implemented since transition to 2.0 and no plan to add it.
Also remove some deprecated RTS_* valus from documentation.

Thanks to Sébastien Parisot for notification.
2021-01-06 14:44:23 +01:00
Ondrej Zajicek (work)
8cc5bb09e3 Filter: Add 'weight' route attribute
Add 'weight' route attribute that allows to get and set ECMP weight of
nexthops. Similar to 'gw' attribute, it is limited to the first nexthop,
but it is useful for handling BGP multipath, where an ECMP route is
merged from multiple regular routes.
2020-12-02 05:02:26 +01:00
Ondrej Zajicek (work)
3347aaafec Static: Support for multiple routes with the same network
Add support for proper handling of multiple routes with the same network
to the static protocol. Routes are distinguished by internal index, which
is assigned automatically (sequentially for routes within each network).
Having different route preference or igp_metric attribute is optional.
2020-11-19 16:38:39 +01:00
Nigel Kukard
df65d519d6 Doc: Added example of static routes with BGP large communities 2020-11-18 18:00:12 +01:00
Ondrej Zajicek (work)
6ea8a46ccb Doc: Fix typo
Thanks to Hexhu for the bugreport.
2020-11-15 16:28:13 +01:00
Ondrej Zajicek (work)
4a42e7e925 BFD: Update documentation about per-session options 2020-11-12 04:50:45 +01:00
Ondrej Zajicek (work)
fc1e3211b1 RPKI: Add 'ignore max length' option
Add 'ignore max length' option to RPKI protocol, which ignores received
max length in ROA records and instead uses max value (32 or 128). This
may be useful for implementing loose RPKI check for blackholes.
2020-10-11 01:00:54 +02:00
Ondrej Zajicek (work)
6c11dbcf28 Doc: Fix missing semicolons
Thanks to Marco Gartmann for the bugreport.
2020-10-05 14:52:55 +02:00
Ondrej Zajicek (work)
14ce8904e7 Doc: Fix typo
Thanks to Sergey Kulikov for the bugreport.
2020-10-05 14:45:01 +02:00
Kenth Eriksson
71e08edd94 Doc: Add 'ptp address' to OSPF doc overview 2020-06-03 23:05:29 +02:00
Ondrej Zajicek (work)
c1632ad0f3 OSPF: Fix handling of unnumbered PtPs
This issue has a long history. In 2012, we changed data field for
unnumbered PtP links from iface id (specified by RFC) to IP address based
on reports of bugs in Quagga that required it, and we used out-of-band
information to distinquish unnumberred PtPs with the same local IP
address.

Then with OSPF graceful restart implementation, we found that we can no
longer use out-of-band information, and we need to use only LSAdb info
for routing table calculation, but i forgot to finish handling of this
case, so multiple unnumbered PtPs with the same local IP addresses were
broken.

Considering that even recent Mikrotik RouterOS has broken next hop
calculation that depends on IP address in PtP link data field, we
cannot just switch back to the iface id for unnumbered PtP links.

The patch makes two changes: First, it goes back to use out-of-band
(position) info for distinguishing local interfaces in SPF when graceful
restart is not enabled, while still uses LSAdb-only approach for SPF
calculation when graceful restart is enabled.

Second, it adds OSPF interface option 'ptp address', which controls
whether IP address or iface id is used in data field. It is enabled
by default except for unnumbered PtP links with enabled graceful
restart.

Thanks to Kenth Eriksson for the bugreport and Joakim Tjernlund for
suggestions.
2020-05-26 18:21:43 +02:00
Ondrej Zajicek (work)
1ca7665fa4 Nest: Allow key id 0
There is nothing in RFCs specifying that id 0 is not allowed. Some
implementations does not support it, while some other use key id 0 by
default. We allow it but start with key id 1 by default.

Thanks to Kenth Eriksson for the bugreport.
2020-05-19 02:50:47 +02:00
Ondrej Zajicek (work)
b729e731f9 RIP: Triggered RIP (demand circuit) documentation 2020-05-19 02:42:22 +02:00
Ondrej Zajicek (work)
ec430a7fee Nest: Implement BGP path mask loop operator
Implement regex-like '+' operator in BGP path masks to match previous
path mask item multiple times. This is useful as ASNs may appear
multiple times in paths due to path prepending for traffic engineering
purposes.
2020-05-18 16:25:08 +02:00
Ondrej Zajicek (work)
82bfee76f0 Filter: Remove quitbird command
No need for this debug filter command and it can be abused from CLI.
2020-05-02 02:47:18 +02:00
Ondrej Zajicek (work)
a109056145 Doc: Update prefix set comment 2020-04-08 13:11:51 +02:00
Ondrej Zajicek (work)
7f9adafc10 BFD: Option to specify which class of BFD sessions are accepted
Allows to configure IPv4/IPv6-only or direct/multihop-only BFD protocol
instances.
2020-01-28 18:07:25 +01:00
Ondrej Zajicek (work)
3232d17186 Doc: Fix documentation of BGP gateway option
Thanks to Nico Schottelius for the bugreport.
2019-12-16 18:08:40 +01:00
Ondrej Zajicek (work)
ff2ca10cba Filter: Add support for src/dst accessors for Flowspec and SADR 2019-12-09 04:23:01 +01:00
Ondrej Zajicek (work)
0b228fca04 BGP: Add option to enforce first AS in AS_PATH
This is optional check described in RFC 4271. Although this can be also
done by filters, it is widely implemented option in BGP implementations.

Thanks to Eugene Bogomazov for the original patch.
2019-11-10 02:06:07 +01:00
Ondrej Zajicek (work)
becda5638a Doc: Minor fix 2019-11-05 16:29:47 +01:00
Ondrej Zajicek (work)
d54a69ac7f Doc: Add documentation for BGP option 'allow as sets' 2019-11-05 16:00:25 +01:00
Ondrej Zajicek (work)
be7c1aef42 BGP: RFC 8654 got released 2019-10-26 01:32:24 +02:00
Ondrej Zajicek (work)
eeb2c61653 Doc: Minor documentation fixes
Thanks to Christoph for the bugreport.
2019-10-10 22:43:41 +02:00
Ondrej Zajicek (work)
09ee846d92 BGP: AIGP metric support (RFC 7311) 2019-10-09 17:53:23 +02:00
Ondrej Zajicek
15a7583787 Doc: Fix duplicated lines
Thanks to elados93 for the patch.
2019-10-08 14:20:25 +02:00
Ondrej Zajicek (work)
532471967e Doc: Update BGP mask documentation 2019-09-10 17:28:06 +02:00
Ondrej Zajicek (work)
b7d7599ce3 BGP: implement Adj-RIB-Out
The patch implements optional internal export table to a channel and
hooks it to BGP so it can be used as Adj-RIB-Out. When enabled, all
exported (post-filtered) routes are stored there. An export table can be
examined using e.g. 'show route export table bgp1.ipv4'.
2019-08-14 06:02:33 +02:00
Ondrej Zajicek (work)
70a4320bdd RAdv: Allow solicited RAs to be sent as unicast
Add option to send solicited router advertisements as unicast directly
to soliciting nodes instead of as multicast to all-nodes group.
2019-08-12 00:43:19 +02:00
Ondrej Zajicek (work)
96e4d0960c Change 'graceful down' command to 'graceful restart' and update docs
The command initiating planned graceful restart including bird shutdown
should be called 'graceful restart' instead of 'graceful down', as the
later should be reserved for graceful shutdown in style of RFC 8326.
2019-07-31 19:45:29 +02:00
Ondrej Zajicek (work)
8c703ecf73 Doc: Update documentation about VRFs and BFD 2019-07-30 19:21:06 +02:00
Vincent Bernat
e840cb9cd5 Doc: Fix typo in BGP dynamic names feature description 2019-07-09 15:30:45 +02:00
Ondrej Zajicek (work)
6c0f85d5de Doc: OSPF graceful restart options 2019-06-30 22:11:29 +02:00
Ondrej Zajicek (work)
8a68316eb9 Nest: Add command to request graceful restart
When 'graceful down' command is entered, protocols are shut down
with regard to graceful restart. Namely Kernel protocol does
not remove routes and BGP protocol does not send notification,
just closes the connection.
2019-06-30 21:29:24 +02:00
Ondrej Zajicek (work)
dbbe4a783b Doc: Dynamic BGP 2019-04-30 16:16:50 +02:00
Ondrej Filip
df092aa1de Small type in doc. 2019-04-24 13:49:18 +02:00
Ondrej Zajicek (work)
23ee6b1cd6 BGP: Promiscuous ASN mode
Allow to specify just 'internal' or 'external' for remote neighbor
instead of specific ASN. In the second case that means BGP peers with
any non-local ASNs are accepted.
2019-04-03 15:54:50 +02:00
Ondrej Zajicek (work)
3a22a6e858 Doc: Route attribute cleanups 2019-03-19 19:38:32 +01:00
Ondrej Zajicek (work)
3c3605818f BGP: Mandatory option for channels
Allow to mark channel to be mandatory, and do not allow BGP sessions if
no common AFI/SAFI is established.
2019-03-19 17:44:50 +01:00
Ondrej Zajicek (work)
900fda4411 Doc: Detect SP/OpenSP automatically 2019-02-19 18:20:07 +01:00
Ondrej Zajicek (work)
ee95f281f0 Doc: Add documentation for OSPF retransmit delay option
Thanks to Igor Podlesny for notification.
2019-01-26 21:02:35 +01:00
Ondrej Zajicek (work)
1c730ee761 Doc: Remove doc for already removed option 2019-01-26 20:44:37 +01:00
Maria Matějka
82b742533b Perf: Protocol to measure BIRD performance internally
This protocol is highly experimental and nobody should use it in
production. Anyway it may help you getting some insight into what eats
so much time in filter processing.
2018-12-18 15:08:31 +01:00
Ondrej Zajicek (work)
1cab2b4a7c BGP: Extend 'next hop keep' and 'next hop self' options
Extend 'next hop keep' and 'next hop self' options to have boolean values
(enabled / disabled) and also values 'ibgp'/ 'ebgp' to restrict it to
routes received from IBGP / EBGP. This allows to have it enabled by
default in some cases, matches features of other implementations, and
allows to handle some strange cases like EBGP border router with 'next
hop self' also doing IBGP route reflecting.

Change default of 'next hop keep' to enabled for route servers, and
'ibgp' for route reflectors.

Update documentation for these options.
2018-12-16 23:44:24 +01:00
Ondrej Zajicek (work)
1e0fccd1af Doc: Move root of code documentation to doc dir
It reduces clutter in root and also avoid collision with doc dir on
case-insensitive filesystems when name back to Doc.
2018-12-14 01:53:32 +01:00
Ondrej Zajicek (work)
6b5ad2066a Doc: Document log rotation feature 2018-12-12 16:54:23 +01:00
Ondrej Zajicek (work)
9e92f357be Doc: Document BGP import table option 2018-12-12 16:04:15 +01:00
Ondrej Zajicek (work)
01fd00f5ed Doc: Fix typo in previous LinuxDoc change 2018-12-11 18:43:58 +01:00
Jan Maria Matejka
9a5ef043c1 Merge branch 'mq-custom' into int-new 2018-12-06 09:55:34 +01:00
Maria Matejka
265419a369 Custom route attributes
For local route marking purposes, local custom route attributes may be
defined. These attributes are seamlessly stripped after export filter to
every real protocol like Kernel, BGP or OSPF, they however pass through
pipes. We currently allow at most 256 custom attributes.

This should be much faster than currently used bgp communities
for marking routes.
2018-12-06 09:55:21 +01:00
Robert Scheck
0e4920632a Doc: Allow overriding $SGML_CATALOG_FILES using distribution specific paths 2018-12-04 18:14:04 +01:00
Robert Scheck
f26bf60fb5 Doc: Add alternative path for SGML ISO entities 8879.1986 to $SGML_CATALOG_FILES
The existing paths are valid for Debian, alternative paths are necessary
for Fedora and RHEL/CentOS.
2018-12-04 18:11:42 +01:00
Ondrej Zajicek (work)
3fda08e405 Unix: Change debugging options
The old behavior was that enabling debugging did many nontrivial changes
in BIRD behavior. The patch changes it that these changes are generally
independent. Compiling with --enable-debug now just enables compile-time
debug macros, but do not automatically activate debug mode (-d) nor local
mode (-l). Debug mode with output to file (-D) do not force foreground
mode (-f), therefore there is no need for backgroud option (-b), which is
removed. Also fixes a bug when the default log target in -D mode was
stderr instead of given debug file.
2018-12-04 16:55:25 +01:00
Ondrej Zajicek (work)
fc1b933304 MRT documentation 2018-11-21 16:00:22 +01:00