0
0
mirror of https://gitlab.nic.cz/labs/bird.git synced 2025-01-23 17:31:55 +00:00
Commit Graph

3989 Commits

Author SHA1 Message Date
Ondrej Zajicek
248b505e1f BFD: Improve incoming packet matching
For active sessions, ignore received packets with zero local id and
mismatched remote id. That forces a session timeout instead of an
immediate session restart. It makes BFD sessions more resilient to
packet spoofing.

Thanks to André Grüneberg for the suggestion.
2024-05-30 12:30:00 +02:00
Ondrej Zajicek
084f5381f1 VRF: Fix issues with reconfiguration
Protocols receive if_notify() announcements that are filtered according
to their VRF setting, but during reconfiguration, they access iface_list
directly and forgot to check VRF setting here, which leads to all
interfaces be addedd.

Fix this issue for Babel, OSPF, RAdv and RIP protocols.

Thanks to Marcel Menzel for the bugreport.
2024-05-30 12:30:00 +02:00
Maria Matejka
279e239210 Added test case for switch bug fixed in e20bef69cc 2024-05-30 12:30:00 +02:00
Ondrej Zajicek
f8c5c22817 BGP: Add received role value to role mismatch log message 2024-05-30 12:30:00 +02:00
Ondrej Zajicek
c8a45af2b8 Alloc: Minor cleanups
- Fix THP disable on old systems
 - Failed syscalls should use die() instead of bug()
 - Our printf uses %ld for s64 instead of long
2024-05-30 12:30:00 +02:00
Radu Carpa
6e37ee384f Filter: Allow setting the 'onlink' route attribute in filters
Add static route attribute to set onlink flag for route next hop. Can be
used to build a dynamically routed IP-in-IP overlay network. Usage:

     ifname = "tunl0";
     onlink = true;
     gw = bgp_next_hop;
2024-05-30 12:30:00 +02:00
Ondrej Zajicek
1338ba86da Alloc: Disable transparent huge pages
The usage pattern implemented in allocator seems to be incompatible with
transparent huge pages, as memory released using madvise(MADV_DONTNEED)
with regular page size and alignment does not seem to trigger demotion
of huge pages back to regular pages, even when significant number of
pages is released. Even if demotion is triggered when system memory
is low, it still breaks memory accounting.
2024-05-30 12:30:00 +02:00
Ondrej Zajicek
fead4077d5 Build: Fix cleanup of nest/proto-build.c 2024-05-30 12:30:00 +02:00
Ondrej Zajicek
e82b966b58 Minor cleanups 2024-05-30 12:30:00 +02:00
Ondrej Zajicek
c482ff9e12 BSD: Add support for kernel route metric
Add support for kernel route metric/priority, exported as krt_metric
attribute, like in Linux. This should also fix issues with overwriting
or removing system routes.
2024-05-30 12:30:00 +02:00
Maria Matejka
95b528e129 Fix memory pre-allocation
When BIRD has no free memory mapped, it allocates several pages in
advance just to be sure that there is some memory available if needed.
This hysteresis tactics works quite well to reduce memory ping-ping with
kernel.

Yet it had a subtle bug: this pre-allocation didn't take a memory
coldlist into account, therefore requesting new pages from kernel even
in cases when there were other pages available. This led to slow memory
bloating.

To demonstrate this behavior fast enough to be seen well, you may:
  * temporarily set the values in sysdep/unix/alloc.c as follows to
    exacerbate the issue:
      #define KEEP_PAGES_MAIN_MAX    4096
      #define KEEP_PAGES_MAIN_MIN    1000
      #define CLEANUP_PAGES_BULK     4096
  * create a config file with several millions of static routes
  * periodically disable all static protocols and then reload config
  * log memory consumption

This should give you a steady growth rate of about 16kB per cycle. If
you don't set the values this high, the issue happens much more slowly,
yet after 14 days of running, you are going to see an OOM kill.

After this fix, pre-allocation uses the memory coldlist to get some hot
pages and the same test as described here gets you a perfectly stable
constant memory consumption (after some initial wobbling).

Thanks to NIX-CZ for reporting and helping to investigate this issue.
Thanks to Santiago for finding the cause in the code.
2024-05-30 12:30:00 +02:00
Mike Crute
cb7bca2937 Log message before aborting
Log message before aborting due to watchdog timeout. We have to use
async-safe write to debug log, as it is done in signal handler.

Minor changes from committer.
2024-05-30 12:30:00 +02:00
Ondrej Zajicek
bf5aa94a8b Filter: Change linearization of branches in switch instruction
Most branching instructions (FI_CONDITION, FI_AND, FI_OR) linearize its
branches in a recursive way, while FI_SWITCH branches are linearized
from parser even before the switch instruction is allocated.

Change linearization of FI_SWITCH branches to make it similar to other
branching instructions. This also fixes an issue with constant
switch evaluation, where linearized branch is mistaken for
non-linearized during switch construction.

Thanks to Jiten Kumar Pathy for the bugreport.
2024-05-30 12:30:00 +02:00
Ondrej Zajicek
20529f5bd1 BGP: Allow role specific keywords to be used as symbols
Some of these new BGP role keywords use generic names that collides with
user-defined symbols. Allow them to be redefined. Also remove duplicit
keyword definition for 'prefer'.
2024-05-30 12:30:00 +02:00
Ondrej Zajicek
5172342e13 Configure: Expensive check option was broken, never worked 2024-05-30 12:30:00 +02:00
Ondrej Zajicek
37399f48c0 Nest: Fix leaking internal attributes in RIP and Babel
During backporting attribute changes from 3.0-branch, some internal
attributes (RIP iface and Babel seqno) leaked to 'show route all' output.
Allow protocols to hide specific attributes with GA_HIDDEN value.

Thanks to Nigel Kukard for the bugreport.
2024-05-30 12:30:00 +02:00
Ondrej Zajicek
82be0ba400 Add compile-time option to enable 4-way tries instead of 16-way ones
In some cases 16-way tries are too memory-heavy, while 4-way are
almost as efficient as the original 2-way ones.
2024-05-30 12:29:59 +02:00
Ondrej Zajicek
42eb4a1972 Nest: Fix several issues with pflags
There were some confusion about validity and usage of pflags, which
caused incorrect usage after some flags from (now removed) protocol-
specific area were moved to pflags.

We state that pflags:

 - Are secondary data used by protocol-specific hooks
 - Can be changed on an existing route (in contrast to copy-on-write
   for primary data)
 - Are irrelevant for propagation (not propagated when changed)
 - Are specific to a routing table (not propagated by pipe)

The patch did these fixes:

 - Do not compare pflags in rte_same(), as they may keep cached values
   like BGP_REF_STALE, causing spurious propagation.

 - Initialize pflags to zero in rte_get_temp(), avoid initialization in
   protocol code, fixing at least two forgotten initializations (krt
   and one case in babel).

 - Improve documentation about pflags
2024-05-30 12:29:59 +02:00
Toke Høiland-Jørgensen
f41fed59e1 Babel: Rework seqno request handling
The seqno request retransmission handling was tracking the destination
that a forwarded request was being sent to and always retransmitting to
that same destination. This is unnecessary because we only need to
retransmit requests we originate ourselves, not those we forward on
behalf of others; in fact retransmitting on behalf of others can lead to
exponential multiplication of requests, which would be bad.

So rework the seqno request tracking so that instead of storing the
destination of a request, we just track whether it was a request that we
forwarded on behalf of another node, or if it was a request we originated
ourselves. Forwarded requests are not retransmitted, they are only used
for duplicate suppression, and for triggering an update when satisfied.
If we end up originating a request that we previously forwarded, we
"upgrade" the old request and restart the retransmit counter.

One complication with this is that requests sent in response to unfeasible
updates (section 3.8.2.2 of the RFC) have to be sent as unicast to a
particular peer. However, we don't really need to retransmit those as
there's no starvation when sending such a request; so we just change
such requests to be one-off unicast requests that are not subject to
retransmission or duplicate suppression. This is the same behaviour as
babeld has for such requests.

Minor changes from committer.
2024-05-30 12:29:59 +02:00
Ondrej Zajicek
a6b6a82b58 BSD: Use ip_mreqn on FreeBSD 12.1+ and OpenBSD 6.9+ 2024-05-30 12:29:59 +02:00
Alexander Chernikov
b2d1212879 FreeBSD: use interface index instead of IP address when specifying multicast interface
Minor changes from committer.
2024-05-30 12:29:59 +02:00
Alexander Chernikov
ea9fa458f0 Netlink: move OS-specific headers and defines to sysdep
Minor changes from committer.
2024-05-30 12:29:59 +02:00
Ondrej Zajicek
2300b83370 BSD: Add missing makefile for bsd-netlink target
Use symlinks to linux/netlink* to avoid limitations of our buildsystem.
2024-05-30 12:29:59 +02:00
Ondrej Zajicek
1465567f7e NEWS and version update 2024-05-30 12:29:59 +02:00
Ondrej Zajicek
574513dee2 BSD: Workaround for direct routes on FreeBSD 13.0
FreeBSD 13.0 added some safechecks for syscalls, rejecting sockaddrs that
are too small, later versions loosen up the check.
2024-05-30 12:29:59 +02:00
Ondrej Zajicek
9b9d442401 BGP: Log unacceptable hold time as decimal number
Thanks Johannes Moos for the suggestion.
2024-05-30 12:29:59 +02:00
Ondrej Zajicek
c9ff0627a7 CLI: Fix for long-lived sessions during high loads
When there is a continuos stream of CLI commands, cli_get_command()
always returns 1 (there is a new command). Anyway, the socket receive
buffer was reset only when there was no command at all, leading to a
strange behavior: after a while, the CLI receive buffer came to its end,
then read() was called with zero size buffer, it returned 0 which was
interpreted as EOF.

The patch fixes that by resetting the buffer position after each command
and moving remaining data at the beginning of buffer.

Thanks to Maria Matejka for examining the bug and for the original bugfix.
2024-05-30 12:29:59 +02:00
Ondrej Zajicek
9aa5a3d958 Client: Unknown command should return nonzero errorcode 2024-05-30 12:29:59 +02:00
Ondrej Zajicek
f063aaf33e Doc: Document issue with import tables
The import table does not work reliably together with re-evaluation of
routes due to recursive next hops or flowspec validation. We will at
least document that here, as import tables are completely redesigned and
this issue is fixed in BIRD 3.x branch.
2024-05-30 12:29:59 +02:00
Alexander V. Chernikov
00e25663eb Netlink on FreeBSD support
Netlink support was added to FreeBSD recently. It is not as full-featured
as its Linux counterpart yet, however the added subset is enough to make
a routing daemon work. Specifically, it supports multiple tables,
multipath, nexthops and nexthops groups. No MPLS support yet.

The attached change adds 'bsd-netlink’ sysconf target, allowing to build
both netlink & rtsock versions on FreeBSD.
2024-05-30 12:29:59 +02:00
Ondrej Zajicek
678c491993 BGP: Improve handling of hold and keepalive timers
The effective keepalive time now scales relative to the negotiated
hold time, to maintain proportion between the keepalive time and the
hold time. This avoids issues when both keepalive and hold times
were configured, the hold time was negotiated to a smaller value,
but the keepalive time stayed the same.

Add new options 'min hold time' and 'min keepalive time', which reject
session attempts with too small hold time.

Improve validation of config options an their documentation.

Thanks to Alexander Zubkov and Sergei Goriunov for suggestions.
2024-05-30 12:29:59 +02:00
Ondrej Zajicek
670fb5652e Nest: Avoid spurious announcements triggered by filtered routes
When filtered routes (enabled by 'import keep filtered' option) are
updated, they trigger announcements by rte_announce(). For regular
channels (e.g. type RA_OPTIMAL or RA_ANY) such announcement is just
ignored, but in case of RA_ACCEPTED (BGP peer with 'secondary' option)
it just reannounces the old (and still valid) best route.

The patch ensures that such no-change is ignored even for these channels.
2024-05-30 12:29:59 +02:00
Ondrej Zajicek
b51bf94f46 CI: Remove docker rebuild phase
It is unnnecessary and takes too much time
2024-05-30 12:29:59 +02:00
Ondrej Zajicek
a34cad800b CI: Try new workers 2024-05-30 12:29:59 +02:00
Ondrej Zajicek
1011d89e14 BSD: Fix krt socket code w.r.t. rte/rta changes 2024-05-30 12:29:59 +02:00
Ondrej Zajicek
ae7838daa1 Fix build variables for OpenBSD 2024-05-30 12:29:59 +02:00
Igor Putovny
c72186fe08 Backport SKIP_BACK with type control from v3 2024-05-30 12:27:54 +02:00
Igor Putovny
17fab002a1 Backport settle timer from v3 2024-05-16 13:50:08 +02:00
Ondrej Zajicek
bbac9ca958 Conf: Make 'configure check' command restricted
While it does not directly change BIRD state, it can trigger reading
arbitrary files and eating significant memory.
2022-11-09 22:02:46 +01:00
Ondrej Zajicek
371eb49043 Conf: Free stored old config before parsing new one
BIRD keeps a previous (old) configuration for the purpose of undo. The
existing code frees it after a new configuration is successfully parsed
during reconfiguration. That causes memory usage spikes as there are
temporarily three configurations (old, current, and new). The patch
changes it to free the old one before parsing the new one (as user
already requested a new config). The disadvantage is that undo is
not available after failed reconfiguration.
2022-11-09 21:54:45 +01:00
Maria Matejka
84545a26cc Added more netlab tests for automatic run.
This commit uses bird-tools in version
f35e8bce829f4bff61ec7eb07ec9c67aa867bc9a
2022-11-08 11:19:12 +01:00
Maria Matejka
57308fb277 Page allocator: Fixed minor bugs and added commentary 2022-11-03 12:38:57 +01:00
Maria Matejka
9d03c3f56c Memory pages are not munmapped, instead we just madvise()
Memory unmapping causes slow address space fragmentation, leading in
extreme cases to failing to allocate pages at all. Removing this problem
by keeping all the pages allocated to us, yet calling madvise() to let
kernel dispose of them.

This adds a little complexity and overhead as we have to keep the
pointers to the free pages, therefore to hold e.g. 1 GB of 4K pages with
8B pointers, we have to store 2 MB of data.
2022-11-02 12:56:54 +01:00
Maria Matejka
37b6444137 Moved config-related allocations to config_pool and showing its size in memory usage 2022-11-01 16:38:24 +01:00
Alexander Zubkov
5aebce5e0c Doc: Add documentation for "show route (import|export) table" 2022-10-18 04:25:29 +02:00
Ondrej Zajicek
e471f9e0fb Filter: Fix handling of variables in anonymous filters
Define scope for anonymous filters, and also explicitly distinguish block
scopes and function/filter scopes instead of using anonymous / named
distinction.

Anonymous filters forgot to push scope, so variables for them were in
fact defined in the top scope and therefore they shared a frame. This got
broken after rework of variables, which assumed that there is a named
scope for every function/filter.
2022-10-18 03:58:19 +02:00
Ondrej Zajicek
3242529750 Netlink: Parse onlink flag even on direct routes
While onlink flag is meaningful only with explicit next hops, it can be
defined also on direct routes. Parse it also in this case to avoid
periodic updates of the same route.

Thanks to Marcin Saklak for the bugreport.
2022-10-12 17:57:26 +02:00
Ondrej Zajicek
8f79e6b93e BGP: Add option 'next hop prefer global'
Add BGP channel option 'next hop prefer global' that modifies BGP
recursive next hop resolution to use global next hop IPv6 address instead
of link-local next hop IPv6 address for immediate next hop of received
routes.
2022-10-10 05:06:19 +02:00
Ondrej Zajicek
8478de8817 Nest: Add channel config flag to distinguish new or copy
It is useful to distinguish whehter channel config returned from
channel_config_get() was allocated new, or existing from template.
Caller may want to initialize new ones.
2022-10-03 20:18:12 +02:00
Ondrej Zajicek
92a8565547 Filter: Add some minor functions for f_tree and EC
Add some supportive functions for f_tree and EC. These functions are used
by L3VPN code.
2022-10-03 20:18:12 +02:00