0
0
mirror of https://gitlab.nic.cz/labs/bird.git synced 2024-12-26 19:51:54 +00:00
Commit Graph

163 Commits

Author SHA1 Message Date
Ondrej Zajicek
024c310b53 Fixes broken cryptographic authentication in OSPF
Cryptographic authentication in OSPF is defective by
design - there might be several packets independently
sent to the network (for example HELLO, LSUPD and LSACK)
where they might be reordered and that causes crypt.
sequence number error.

That can be workarounded by not incresing sequence number
too often. Now we update it only when last packet was sent
before at least one second. This can constitute a risk of
replay attacks, but RFC supposes something similar (like time
in seconds used as CSN).
2009-04-08 20:15:01 +02:00
Ondrej Zajicek
b21f68b4cd Fix bugs in OSPF MD5 authentication. First bug is that default
values for MD5 password ID changed during reconfigure, Second
bug is that BIRD chooses password in first-fit manner, but RFC
says that it should use the one with the latest generate-from.

It also modifies the syntax for multiple passwords.
Now it is possible to just add more 'password' statements
to the interface section and it is not needed to use
'passwords' section. Old syntax can be used too.
2008-11-08 17:24:23 +01:00
Ondrej Filip
030d3b387e Small changed to reduce the number of warnings. 2005-02-14 11:58:46 +00:00
Ondrej Filip
bc956fcab6 MD5 authentication in OSPF works. :-) 2004-07-13 14:46:14 +00:00
Ondrej Filip
5236fb03af Password management redesigned (untested). 2004-06-26 20:11:14 +00:00
Ondrej Filip
98ac61766d A lot of changes:
- metric is 3 byte long now
	- summary lsa originating
	- more OSPF areas possible
	- virtual links
	- better E1/E2 routes handling
	- some bug fixes..

I have to do:
	- md5 auth (last mandatory item from rfc2328)
	- !!!!DEBUG!!!!! (mainly virtual link system has probably a lot of bugs)
	- 2328 appendig E
2004-06-25 16:39:53 +00:00
Ondrej Filip
8bf684eca2 RTS_OSPF_BONDARY is nonsense, RTS_OSPF_IA must have smaller id than RTS_OSPF_EXT 2004-06-11 09:05:06 +00:00
Ondrej Filip
c90ac711bc Cleanup in show route import <p>. 2004-06-07 10:42:24 +00:00
Martin Mares
de10a974f2 Added missing semicolons. 2002-11-13 08:46:12 +00:00
Martin Mares
49569a8b53 Oops! Configuration compiles now. 2000-06-08 10:48:35 +00:00
Pavel Machek
ca77641d07 Use switch' for disabled'. 2000-06-08 10:25:56 +00:00
Martin Mares
ec423cc725 Updated CLI helps. 2000-06-08 10:25:02 +00:00
Pavel Machek
26c09e1d25 Added read-only access to all required fields in rta. 2000-05-30 10:42:39 +00:00
Martin Mares
4761efdb43 Tracing of CLI connections/commands can be now controlled
by `debug commands <level>' in the configuration. Level 0 means
no tracing, 1 means connections only, 2 includes all commands.
2000-05-29 22:10:18 +00:00
Martin Mares
e79671a72c Fixed incorrect error message about router ID syntax. 2000-05-16 15:08:43 +00:00
Martin Mares
e3f2d5fce3 Cleanup of configuration.
o  Use `expr' instead of `NUM' and `ipa' instead of `IPA',
   so that defined symbols work everywhere.
o  `define' now accepts both numbers and IP addresses.
o  Renamed `ipa' in filters to `fipa'.

Pavel, please update filters to accept define'd symbols as well.
2000-05-15 11:48:23 +00:00
Martin Mares
9449c91ab2 Added `show route for <prefix-or-ipa>' which looks up route leading to
given network.
2000-05-13 11:42:42 +00:00
Martin Mares
758458be05 Unified parsing of prefixes.
Had to rename `prefix' in filters to `fprefix'.
2000-05-13 11:17:49 +00:00
Martin Mares
33a368ad59 Implemented show route count' which is show route stats' with
exception that it doesn't print the routes themselves.
2000-05-08 14:58:00 +00:00
Martin Mares
23693958aa Implemented `show route <...> stats'. 2000-05-07 11:28:59 +00:00
Martin Mares
ce1da96ee7 Added commands show route protocol <p>' and show route import <p>' which
show the routing table as exported to the protocol given resp. as returned
from its import control hook.

To get handling of filtered extended attributes right (even in the old
`show route where <filter>' command), the get_route_info hook gets an
attribute list and all protocol specific rte attributes are contained
there as temporary ones. Updated RIP to do that.

Added ea_append() which joins two ea_list's.
2000-05-06 22:57:39 +00:00
Martin Mares
beaf86e13c Removed RTS_RIP_EXT. 2000-05-04 21:23:10 +00:00
Martin Mares
2edb31b097 Split CF_HDR section to CF_HDR (only includes) and CF_DEFINES (defines,
C declarations etc.).
2000-04-28 15:11:10 +00:00
Martin Mares
f880924990 BGP now handles incoming routes (IPv4 only). 2000-04-01 09:17:33 +00:00
Martin Mares
6a9f28b0b9 Added tracing of interface events. 2000-03-12 20:50:35 +00:00
Martin Mares
f30b86f9d5 Added configuration of default protocol debugging flags. 2000-03-07 21:50:03 +00:00
Martin Mares
96d8e3bff2 Added protocol debugging flags (protocol.h: D_xxx), parsing of them
in configuration files and commands for manipulating them.

Current debug message policy:

   o  D_STATES, D_ROUTES and D_FILTERS are handled in generic code.
   o  Other debug flags should be handled in the protocols and whenever
      the flag is set, the corresponding messages should be printed
      using calls to log(L_TRACE, ...), each message prefixed with
      the name of the protocol instance. These messages should cover
      the whole normal operation of the protocol and should be useful
      for an administrator trying to understand what does the protocol
      behave on his network or who is attempting to diagnose network
      problems. If your messages don't fit to the categories I've defined,
      feel free to add your own ones (by adding them to protocol.h
      and on two places in nest/config.Y), but please try to keep the
      categories as general as possible (i.e., not tied to your protocol).
   o  Internal debug messages not interesting even to an experienced
      user should be printed by calling DBG() which is either void or
      a call to debug() depending on setting of the LOCAL_DEBUG symbol
      at the top of your source.
   o  Dump functions (proto->dump etc.) should call debug() to print
      their messages.
   o  If you are doing any internal consistency checks, use ASSERT
      or bug().
   o  Nobody shall ever call printf() or any other stdio functions.

Also please try to log any protocol errors you encounter and tag them
with the appropriate message category (usually L_REMOTE or L_AUTH). Always
carefully check contents of any message field you receive and verify all
IP addresses you work with (by calling ipa_classify() or by using the
neighbour cache if you want to check direct connectedness as well).
2000-03-07 20:49:48 +00:00
Martin Mares
b9626ec6ea Garbage collector events and counters are now per table and one day
they can be made configurable if it turns out to be useful.
2000-03-04 22:21:06 +00:00
Martin Mares
fae0396ea4 Completion works. Unfortunately, we have to access a couple of internal
symbols of libreadline :-(
2000-02-17 23:37:16 +00:00
Martin Mares
4b87e256eb Split off general commands to cmds.c.
Added `show symbols' command which dumps whole symbol table together
with symbol types etc.
2000-01-19 12:30:19 +00:00
Martin Mares
d272fe22dd Separated `official protocol names' used in status dumps from name templates
used for automatic generation of instance names.

	protocol->name is the official name
	protocol->template is the name template (usually "name%d"),
		should be all lowercase.

Updated all protocols to define the templates, checked that their configuration
grammar includes proto_name which generates the name and interns it in the
symbol table.
2000-01-17 11:52:50 +00:00
Martin Mares
f14a4becbe Reworked proto lists -- each proto is now in two lists: the global one
(proto_list) and per-type one (original lists). A lot of things simplified.

Implemented `disable', `enable' and `restart' CLI commands.
2000-01-16 23:30:06 +00:00
Martin Mares
34350a5270 Implemented echoing of log messages to CLI connections. Just try `echo all'. 1999-12-06 12:34:45 +00:00
Martin Mares
f3792601df Don't forget to send an OK reply after dumping debug information. 1999-12-04 23:28:56 +00:00
Martin Mares
305a01f57b Added DEBUG commands.
Removed CLI tests, real commands now serve as much better examples.
1999-12-04 23:17:29 +00:00
Martin Mares
28e01f85c6 Renamed SHOW PROTOCOLS VERBOSE to SHOW PROTOCOLS ALL to be consistent
with the other commands.
1999-12-03 11:10:50 +00:00
Martin Mares
430da60fa2 Implemented `show route where <condition>' command.
Pavel, please check my addition to filter/config.Y.
1999-12-02 14:04:44 +00:00
Martin Mares
730f2e2c8c Added dumping of routing tables (`show route'). This includes filtering. 1999-12-01 15:10:21 +00:00
Martin Mares
f0474f2070 Use TIME_INFINITY for initialization of password entries instead
of 2000000000 (BTW who wrote that???)
1999-11-30 14:02:27 +00:00
Martin Mares
0d3e6bceee show interfaces' and show protocols' works. 1999-11-30 12:57:14 +00:00
Martin Mares
ae97b946e9 Added few basic commands: show status, show interfaces [summary],
show protocols (incomplete).
1999-11-25 15:35:30 +00:00
Martin Mares
62a4639548 Added some temporary examples of how to define CLI commands (search for CF_CLI).
To define a new command, just add a new rule to the gramar:
  CF_CLI(COMMAND NAME, arguments, help-args, help-text) {
	what-should-the-command-do
	} ;
where <arguments> are appended to the RHS of the rule, <help-args> is the
argument list as shown in the help and <help-text> is description of the
command for the help.

<what-should-the-command-do> is a C code snippet to be executed. It should
not take too much time to execute. If you want to print out a lot of
information, you can schedule a routine to be called after the current
buffer is flushed by making cli->cont point to the routine (see the
TEST LONG command definition for an example); if the connection is closed
in the meantime, cli->cleanup gets called.

You can access `struct cli' belonging to the connection you're currently
servicing as this_cli, but only during parse time, not from routines scheduled
for deferred execution.

Functions to call inside command handlers:
  cli_printf(cli, code, printf-args) -- print text to CLI connection,
	<code> is message code as assigned in doc/reply_codes or a negative
	one if it's a continuation line.
  cli_msg(code, printf-args) -- the same for this_cli.

Use 'sock -x bird.ctl' for connecting to the CLI until a client is written.
1999-11-17 12:14:44 +00:00
Martin Mares
7d509304b5 An example of how to define enums. 1999-11-15 11:36:22 +00:00
Martin Mares
bc2fb68098 Parse CLI commands. We use the same parser as for configuration files (because
we want to allow filter and similar complex constructs to be used in commands
and we should avoid code duplication), only with CLI_MARKER token prepended
before the whole input.

Defined macro CF_CLI(cmd, args, help) for defining CLI commands in .Y files.
The first argument specifies the command itself, the remaining two arguments
are copied to the help file (er, will be copied after the help file starts
to exist). This macro automatically creates a skeleton rule for the command,
you only need to append arguments as in:

	CF_CLI(STEAL MONEY, <$>, [[Steal <$> US dollars or equivalent in any other currency]]): NUM {
		cli_msg(0, "%d$ stolen", $3);
	} ;

Also don't forget to reset lexer state between inputs.
1999-10-31 17:47:47 +00:00
Pavel Machek
ac40c888c2 Obvious bugs in authentication fixed. 1999-10-02 10:44:48 +00:00
Martin Mares
dce267832a Basic support for IPv6. The system-dependent part doesn't work yet,
but the core routines are there and seem to be working.

   o  lib/ipv6.[ch] written
   o  Lexical analyser recognizes IPv6 addresses and when in IPv6
      mode, treats pure IPv4 addresses as router IDs.
   o  Router ID must be configured manually on IPv6 systems.
   o  Added SCOPE_ORGANIZATION for org-scoped IPv6 multicasts.
   o  Fixed few places where ipa_(hton|ntoh) was called as a function
      returning converted address.
1999-08-03 19:36:06 +00:00
Martin Mares
8edf2361f9 Cleaned up handling of interface patterns:
o  Parsing of interface patterns moved to generic code,
      introduced this_ipatt which works similarly to this_iface.
   o  Interface patterns now support selection by both interface
      names and primary IP addresses.
   o  Proto `direct' updated.
   o  RIP updated as well, it also seems the memory corruption
      bug there is gone.
1999-08-03 19:30:49 +00:00
Pavel Machek
900d5470ae Added PASSIVE option to paswwords. 1999-05-31 17:12:00 +00:00
Pavel Machek
858a717796 Change format of passwords (less ;'s) and fix password.h to allow
multiple inclusions.
1999-05-26 14:37:07 +00:00
Pavel Machek
1a2ded450e Skeleton for password handling, currently I only build structures and
do nothing more advanced for them
1999-05-26 14:24:57 +00:00
Martin Mares
0e02abfd57 From now we support multiple tables. The master_table variable is
definitely gone. Both rte_update() and rte_discard() have an additional
argument telling which table should they modify.

Also, rte_update() no longer walks the whole protocol list -- each table
has a list of all protocols connected to this table and having the
rt_notify hook set. Each protocol can also freely decide (by calling
proto_add_announce_hook) to connect to any other table, but it will
be probably used only by the table-to-table protocol.

The default debugging dumps now include all routing tables and also
all their connections.
1999-05-17 20:14:52 +00:00
Martin Mares
5056c559c4 Changed syntax of attaching filters to protocols to hopefully the final
version:

	EXPORT <filter-spec>	for outbound routes (i.e., those announced
				by BIRD to the rest of the world).
	IMPORT <filter-spec>	for inbound routes (i.e., those imported
				by BIRD from the rest of the world).

where <filter-spec> is one of:

	ALL			pass all routes
	NONE			drop all routes
	FILTER <name>		use named filter
	FILTER { <filter> }	use explicitly defined filter

For all protocols, the default is IMPORT ALL, EXPORT NONE. This includes
the kernel protocol, so that you need to add EXPORT ALL to get the previous
configuration of kernel syncer (as usually, see doc/bird.conf.example for
a bird.conf example :)).
1999-04-05 20:15:31 +00:00
Martin Mares
7f400d1c62 After today's lengthy discussions about filter syntax, let's clean up
whitespace/semicolon rules for whole config file:

   o  All non-zero amounts of whitespace are equivalent to single space
      (aka `all the whitespace has been born equal' ;-)).
   o  Comments count as whitespace.
   o  Whitespace has no syntactic signifance (it can only separate lexical
      elements).
   o  Consequence: line ends are no longer treated as `;'s.
   o  Every declaration must be terminated by an explicit `;' unless
      or by a group enclosed in `{' and `}'.
1999-03-29 19:04:14 +00:00
Martin Mares
7e5f5ffdda Moved to a much more systematic way of configuring kernel protocols.
o  Nothing is configured automatically. You _need_ to specify
     the kernel syncer in config file in order to get it started.
  o  Syncing has been split to route syncer (protocol "Kernel") and
     interface syncer (protocol "Device"), device routes are generated
     by protocol "Direct" (now can exist in multiple instances, so that
     it will be possible to feed different device routes to different
     routing tables once multiple tables get supported).

See doc/bird.conf.example for a living example of these shiny features.
1999-03-26 21:44:38 +00:00
Martin Mares
529c414953 Allow input and output filters (only accept/reject style as we didn't define
modifying filters yet) to be attached to protocol instances.
1999-03-17 14:31:26 +00:00
Martin Mares
31b3e1bbf5 Implemented new configuration/reconfiguration interface and defined protocol
state machines. Full explanation will follow soon.
1999-02-05 21:37:34 +00:00
Martin Mares
b35d72ac66 Name cleanups as suggested by Pavel:
- cfg_strcpy() -> cfg_strdup()
- mempool -> linpool, mp_* -> lp_*  [to avoid confusion with memblock, mb_*]

Anyway, it might be better to stop ranting about names and do some *real* work.
1998-12-06 11:59:18 +00:00
Martin Mares
50d8424ad1 Added configuration of the device internal protocol. This is primarily
intended to serve as an example of interface pattern list use. As a side
effect, you can disable generating of device routes by disabling
this protocol.
1998-11-29 22:03:58 +00:00
Martin Mares
bd5d0d62f1 Allow setting debug value and `disabled' flag in protocol definition. 1998-11-29 14:40:39 +00:00
Martin Mares
7af99789c7 Oops, forgot to remove a debugging kludge. 1998-11-27 21:34:03 +00:00
Martin Mares
0b62c3a7c7 Trivial 15-line bison excercise: Implemented expressions including
user-defined numeric symbols. Whenever possible, use `expr' instead
of `NUM' to get full express ion power :-)
1998-11-27 21:32:45 +00:00
Martin Mares
c74c0e3cdf First attempt at protocol configuration (now done only for RIP). 1998-11-27 21:09:57 +00:00
Martin Mares
da87782278 Parser fragment for the core. Now handles only router ID setting. 1998-11-27 19:37:57 +00:00