Maria Matejka
605ff0a0eb
RPKI: wait for retry_time if we get error immediately after connected
2022-10-03 17:09:02 +02:00
Maria Matejka
dc28c6ed1c
Simplified the protocol hookup code in Makefiles
2022-08-18 22:07:30 +02:00
Maria Matejka
652be92a21
Merge remote-tracking branch 'origin/master' into haugesund-to-2.0
2022-05-30 15:20:21 +02:00
Ondrej Zajicek
7bb06b34a1
RPKI: Display cache server port on show protocol
...
Thanks to Luiz Amaral for the idea.
2022-05-21 16:03:08 +02:00
Luiz Amaral
9a9439d5e1
RPKI: Implement VRF support
2022-05-19 19:43:59 +02:00
Maria Matejka
4a23ede2b0
Protocols have their own explicit init routines
2022-04-06 18:14:08 +02:00
Maria Matejka
83d9920f90
Merge commit '5cff1d5f' into haugesund
...
Conflicts:
proto/bgp/attrs.c
proto/pipe/pipe.c
2022-03-09 10:56:06 +01:00
Job Snijders
b9f38727a7
RPKI: Add contextual out-of-bound checks in RTR Prefix PDU handler
...
RFC 6810 and RFC 8210 specify that the "Max Length" value MUST NOT be
less than the Prefix Length element (underflow). On the other side,
overflow of the Max Length element also is possible, it being an 8-bit
unsigned integer allows for values larger than 32 or 128. This also
implicitly ensures there is no overflow of "Length" value.
When a PDU is received where the Max Length field is corrputed, the RTR
client (BIRD) should immediately terminate the session, flush all data
learned from that cache, and log an error for the operator.
Minor changes done by commiter.
2021-12-18 16:35:28 +01:00
Maria Matejka
5cff1d5f02
Route: moved rte_src pointer from rta to rte
...
It is an auxiliary key in the routing table, not a route attribute.
2021-10-13 19:09:04 +02:00
Maria Matejka
eb937358c0
Preference moved to RTA and set explicitly in protocols
2021-10-13 19:09:04 +02:00
Ondrej Zajicek (work)
47d92d8f9d
Nest: Clean up main channel handling
...
Remove assumption that main channel is the only channel.
2021-09-10 17:32:05 +02:00
Ondrej Zajicek (work)
f761be6b30
Nest: Clean up main channel handling
...
Remove assumption that main channel is the only channel.
2021-06-17 16:56:51 +02:00
Ondrej Zajicek (work)
454ae30445
RPKI: Improve error handling of DNS resolver
2021-03-17 17:24:00 +01:00
Ondrej Zajicek (work)
17663b6a7c
RPKI: Remove port (and SSH username) from 'Cache server' output line
...
It was mixed-up if hostname is IPv6 address, and reporting separate
values (like port) on separate lines fits better into key-value style
of 'show protocols all' output. Also, the patch simplifies transport
identification formatting (although it is unused now).
Thanks to Alarig Le Lay for the suggestion.
2021-01-07 06:04:31 +01:00
Ondrej Zajicek (work)
fc1e3211b1
RPKI: Add 'ignore max length' option
...
Add 'ignore max length' option to RPKI protocol, which ignores received
max length in ROA records and instead uses max value (32 or 128). This
may be useful for implementing loose RPKI check for blackholes.
2020-10-11 01:00:54 +02:00
Kazuki Yamaguchi
19f8f17320
RPKI: Fix unnecessary reconnection on reconfiguration
...
Compare the new timing parameters with the old configuration, not with
the temporary state of the current connection.
The timing values in struct rpki_cache is updated by a version 1 End Of
Data PDU, unless this behavior is suppressed by the configuration
explicitly by the "keep" keyword. Consequently, every reconfiguration
of BIRD triggers a reconnection even if it is not necessary.
2020-06-03 15:05:35 +02:00
Maria Matejka
5f60d14ede
RPKI: fixed rare va_list leak
2020-05-01 15:19:12 +02:00
Maria Matejka
027a3e66f7
RPKI: Allow build without libSSH
2020-02-04 10:15:35 +01:00
Ondrej Zajicek (work)
4e23b49969
RPKI: Fix handling of IPv6 cache addresses
...
The old code used just sizeof(struct sockaddr) bytes of IP address.
2019-10-19 03:39:07 +02:00
Vincent Bernat
3b62417c35
RPKI: Fix allocation of hostname when using an IPv6 address
2019-07-29 15:42:30 +02:00
Ondrej Zajicek (work)
15b0a92294
RPKI: Fix reconfiguration when ssh parameters are undefined
2019-07-23 01:52:18 +02:00
Jan Maria Matejka
f851f0d7e3
Config: Dropping CF_ADDTO.
2018-06-26 14:29:03 +02:00
Jan Maria Matejka
ee7e2ffd26
Protocol: Introducing an enum protocol_class
...
This supersedes the EAP_* constants.
2018-05-29 12:35:06 +02:00
Ondrej Zajicek (work)
2e507a7457
Use non-fatal asserts even for regular build
2018-01-10 16:17:37 +01:00
Ondrej Zajicek (work)
72163bd5f3
Nest: Allow modification of channels inherited from templates
...
Multiple definitions of same channels are forbidden, but inherited
channel can be redefined. In such case channel options are merged.
2018-01-09 18:42:22 +01:00
Ondrej Zajicek (work)
a6f79ca57f
Timers: Revert temporary names and remove old timer.h
2017-12-07 13:54:59 +01:00
Ondrej Zajicek (work)
ee528fbd5d
Timers: Add typecast to unit-converting macros
2017-12-07 13:53:42 +01:00
Ondrej Zajicek (work)
d59c1a2958
RPKI: Update to new timers
2017-12-07 13:52:21 +01:00
Ondrej Zajicek (work)
d3fa9e84e9
Timers: Show sub-second times in some protocol outputs
2017-12-07 13:49:27 +01:00
Ondrej Zajicek (work)
025525266f
Timers: Replace old timers with microsecond timers
...
The old timer interface is still kept, but implemented by new timers. The
plan is to switch from the old inteface to the new interface, then clean
it up.
2017-12-07 13:49:27 +01:00
Ondrej Zajicek (work)
4278abfe27
Check validity of dest w.r.t. net_type
...
Allow to define static roa/flow routes without dest.
2017-04-18 13:56:40 +02:00
Jan Moskyto Matejka
c609d03986
Merge branch 'int-new' into nexthop-merged
2017-02-22 11:58:04 +01:00
Ondrej Zajicek (work)
62e64905b7
Several minor fixes
2017-02-20 02:26:45 +01:00
Jan Moskyto Matejka
5b208e296f
Removing (struct rta)->cast. Never used.
2016-12-22 13:09:59 +01:00
Ondrej Zajicek (work)
eeba61ccd5
Minor cleanups
2016-12-13 20:18:11 +01:00
Jan Moskyto Matejka
b94e5e58db
RPKI: fixed some of the extended warnings
2016-12-07 15:35:35 +01:00
Jan Moskyto Matejka
af62c0f9f1
LibSSH may be switched off together with RPKI
2016-12-07 14:15:35 +01:00
Pavel Tvrdík
65d2a88dd2
RPKI protocol with one cache server per protocol
...
The RPKI protocol (RFC 6810) using the RTRLib
(http://rpki.realmv6.org/ ) that is integrated inside
the BIRD's code.
Implemeted transports are:
- unprotected transport over TCP
- secure transport over SSHv2
Example configuration of bird.conf:
...
roa4 table r4;
roa6 table r6;
protocol rpki {
debug all;
# Import both IPv4 and IPv6 ROAs
roa4 { table r4; };
roa6 { table r6; };
# Set cache server (validator) address,
# overwrite default port 323
remote "rpki-validator.realmv6.org" port 8282;
# Overwrite default time intervals
retry 10; # Default 600 seconds
refresh 60; # Default 3600 seconds
expire 600; # Default 7200 seconds
}
protocol rpki {
debug all;
# Import only IPv4 routes
roa4 { table r4; };
# Set cache server address to localhost,
# use default ports tcp => 323 or ssh => 22
remote 127.0.0.1;
# Use SSH transport instead of unprotected transport over TCP
ssh encryption {
bird private key "/home/birdgeek/.ssh/id_rsa";
remote public key "/home/birdgeek/.ssh/known_hosts";
user "birdgeek";
};
}
...
2016-12-07 09:35:24 +01:00