0
0
mirror of https://gitlab.nic.cz/labs/bird.git synced 2024-11-18 00:58:42 +00:00
Commit Graph

4256 Commits

Author SHA1 Message Date
Ondrej Zajicek
6b38285f58 Net: Replace runtime checks with STATIC_ASSERT() 2023-03-06 11:57:40 +01:00
Petr Vaněk
0f679438f3 Printf test suite fails on systems with musl libc because tests for "%m"
and "%M" formats expect "Input/output error" message but musl returns
"I/O error". Proposed change compares the printf output with string
returned from strerror function for EIO constant.

See-also: https://bugs.gentoo.org/836713

Minor change from committer.
2023-03-06 11:33:27 +01:00
Maria Matejka
2f080b5432 Config: Dropping filter instruction trees after linearization 2023-02-22 14:54:09 +01:00
Maria Matejka
6c058ae40c Linpool flush drops all the allocated pages but one
When a linpool is used to allocate a one-off big load of memory, it
makes no sense to keep that amount of memory for future use inside the
linpool. Contrary to previous implementations where the memory was
directly free()d, we now use the page allocator which has an internal
cache which keeps the released pages for us and subsequent allocations
simply get these released pages back.

And even if the page cleanup routine kicks in inbetween, the pages get
only madvise()d, not munmap()ed so performance aspects are negligible.

This may fix some memory usage peaks in extreme cases.
2023-02-22 14:54:09 +01:00
Ondrej Zajicek
913ec57f27 BGP: Update RFC references 2023-02-19 15:42:18 +01:00
Ondrej Zajicek
501256cfc8 Babel: Update RFC references 2023-02-19 15:34:43 +01:00
Ondrej Zajicek
eefb296799 Conf: Fix too early free of old configuration
The change 371eb49043 introduced early free
of old_config. Unfortunately, it did not properly check whether it is not
still in use (blocked by obstacle during reconfiguration). Fix that.

It also means that we still could have a short peak when three configs
are in use (when a new reconfig is requeste while the previous one is
still active).
2023-02-19 04:08:31 +01:00
Toke Høiland-Jørgensen
ee91965894 Babel: Keep separate auth PC counters for unicast and multicast
The babel protocol normally sends all its messages as multicast packets,
but the protocol specification allows most messages to be sent as either
unicast or multicast, and the two can be mixed freely. In particular, the
babeld implementation can be configured to unicast updates to all peers
instead of sending them as unicast.

Daniel discovered that this can cause problems with the packet counter
checks in the MAC extension due to packet reordering. This happens on WiFi
networks where clients have power save enabled (which is quite common in
infrastructure networks): in this case, the access point will buffer all
multicast traffic and only send it out along with its beacons, leading to a
maximum buffering in default Linux-based access point configuration of up
to 200 ms.

This means that a Babel sender that mixes unicast and multicast messages
can have the unicast messages overtake the multicast messages because of
this buffering; when authentication is enabled, this causes the receiver to
discard the multicast message when it does arrive because it now has a
packet counter value less than the unicast message that arrived before it.
Daniel observed that this happens frequently enough that Babel ceases to
work entirely when runner over a WiFi network.

The issue has been described in draft-ietf-babel-mac-relaxed, which is
currently pending RFC publication. That also describes two mitigation
mechanisms: Keeping separate PC counters for unicast and multicast, and
using a reorder window for PC values. This patch implements the former as
that is the simplest, and resolves the particular issue seen on WiFi.

Thanks to Daniel Gröber for the bugreport.

Minor changes from committer.
2023-02-14 18:18:32 +01:00
Andreas Rammhold
eecc3f02e4 Babel: Implement IPv4 via IPv6 extension (RFC 9229)
The patch implements an IPv4 via IPv6 extension (RFC 9229) to the Babel
routing protocol (RFC 8966) that allows annoncing routes to an IPv4
prefix with an IPv6 next hop, which makes it possible for IPv4 traffic
to flow through interfaces that have not been assigned an IPv4 address.

The implementation is compatible with the current Babeld version.

Thanks to Toke Høiland-Jørgensen for early review on this work.

Minor changes from committer.
2023-02-14 16:17:03 +01:00
Maria Matejka
0851fcde65 Documentation: Adding roadmap as decided in January 2023 2023-02-03 09:12:34 +01:00
Ondrej Zajicek
0ab62f2674 Build: Partial revert of one of previous changes
There are many compatibility issues with echo -e, scratch that.
2023-02-01 19:30:21 +01:00
Ondrej Zajicek
ba348b2029 Build: Minor improvement to build output 2023-02-01 17:47:17 +01:00
Ondrej Zajicek
23f3dd5cfb Nest: Minor cleanup in buildsystem
There ware missing dependencies for proto-build.c generation, which
sometimes lead to failed builds, and ignores changes in the set of
built protocols. Fix that, and also improve formatting of proto-build.c
2023-02-01 17:31:18 +01:00
Toke Høiland-Jørgensen
dc4c5f51f8 Babel: Initialise source seqno from incoming message
When creating a new babel_source object we initialise the seqno to 0. The
caller will update the source object with the right metric and seqno value,
for both newly created and old source objects. However if we initialise the
source object seqno to 0 that may actually turn out to be a valid (higher)
seqno than the one in the routing table, because of seqno wrapping. In this
case the source metric will not be set properly, which breaks feasibility
tracking for subsequent updates.

To fix this, add a new initial_seqno argument to babel_get_source() which
is used when allocating a new object, and set that to the seqno value of
the update we're sending.

Thanks to Juliusz Chroboczek for the bugreport.
2023-01-31 15:52:14 +01:00
Ondrej Zajicek
96d7c4679d Babel: Improve clarity of unfeasible update handling.
Add a comment and (unnecessary) check to make correctness obvious.
2023-01-30 23:49:20 +01:00
Toke Høiland-Jørgensen
3e7e4a7186 Babel: Fix missing modulo comparison of seqnos
Juliusz noticed there were a couple of places we were doing straight
inequality comparisons of seqnos in Babel. This is wrong because seqnos can
wrap: so we need to use the modulo-64k comparison function for these cases
as well.

Introduce a strict-inequality version of the modulo-comparison for this
purpose.
2023-01-30 23:36:39 +01:00
Alexander Zubkov
72230d3ca3 Small fix of indenting 2023-01-23 14:23:00 +01:00
Ondrej Zajicek
5437104afa NEWS and version update 2023-01-23 02:23:19 +01:00
Ondrej Zajicek
99872676df BFD: Improve incoming packet matching
For active sessions, ignore received packets with zero local id and
mismatched remote id. That forces a session timeout instead of an
immediate session restart. It makes BFD sessions more resilient to
packet spoofing.

Thanks to André Grüneberg for the suggestion.
2023-01-22 23:42:08 +01:00
Ondrej Zajicek
a82683694d VRF: Fix issues with reconfiguration
Protocols receive if_notify() announcements that are filtered according
to their VRF setting, but during reconfiguration, they access iface_list
directly and forgot to check VRF setting here, which leads to all
interfaces be addedd.

Fix this issue for Babel, OSPF, RAdv and RIP protocols.

Thanks to Marcel Menzel for the bugreport.
2023-01-22 18:21:08 +01:00
Maria Matejka
3186ffe797 Added test case for switch bug fixed in e20bef69cc 2023-01-22 12:55:31 +01:00
Ondrej Zajicek
af611f93aa BGP: Add received role value to role mismatch log message 2023-01-20 15:55:47 +01:00
Ondrej Zajicek
804916daa9 Alloc: Minor cleanups
- Fix THP disable on old systems
 - Failed syscalls should use die() instead of bug()
 - Our printf uses %ld for s64 instead of long
2023-01-18 13:40:21 +01:00
Maria Matejka
6bb992cb04 Merge branch 'master' of https://gitlab.nic.cz/labs/bird 2023-01-18 12:33:06 +01:00
Maria Matejka
973aa37e1e Fix memory pre-allocation
When BIRD has no free memory mapped, it allocates several pages in
advance just to be sure that there is some memory available if needed.
This hysteresis tactics works quite well to reduce memory ping-ping with
kernel.

Yet it had a subtle bug: this pre-allocation didn't take a memory
coldlist into account, therefore requesting new pages from kernel even
in cases when there were other pages available. This led to slow memory
bloating.

To demonstrate this behavior fast enough to be seen well, you may:
  * temporarily set the values in sysdep/unix/alloc.c as follows to
    exacerbate the issue:
      #define KEEP_PAGES_MAIN_MAX    4096
      #define KEEP_PAGES_MAIN_MIN    1000
      #define CLEANUP_PAGES_BULK     4096
  * create a config file with several millions of static routes
  * periodically disable all static protocols and then reload config
  * log memory consumption

This should give you a steady growth rate of about 16kB per cycle. If
you don't set the values this high, the issue happens much more slowly,
yet after 14 days of running, you are going to see an OOM kill.

After this fix, pre-allocation uses the memory coldlist to get some hot
pages and the same test as described here gets you a perfectly stable
constant memory consumption (after some initial wobbling).

Thanks to NIX-CZ for reporting and helping to investigate this issue.
Thanks to Santiago for finding the cause in the code.
2023-01-18 09:39:45 +01:00
Radu Carpa
7144c9ca46 Filter: Allow setting the 'onlink' route attribute in filters
Add static route attribute to set onlink flag for route next hop. Can be
used to build a dynamically routed IP-in-IP overlay network. Usage:

     ifname = "tunl0";
     onlink = true;
     gw = bgp_next_hop;
2023-01-17 18:13:37 +01:00
Ondrej Zajicek
928a1cb034 Alloc: Disable transparent huge pages
The usage pattern implemented in allocator seems to be incompatible with
transparent huge pages, as memory released using madvise(MADV_DONTNEED)
with regular page size and alignment does not seem to trigger demotion
of huge pages back to regular pages, even when significant number of
pages is released. Even if demotion is triggered when system memory
is low, it still breaks memory accounting.
2023-01-17 17:13:50 +01:00
Ondrej Zajicek
54234c9eae Build: Fix cleanup of nest/proto-build.c 2023-01-13 16:44:42 +01:00
Ondrej Zajicek
f8276812e6 Minor cleanups 2023-01-13 13:32:29 +01:00
Ondrej Zajicek
7fb23041a5 BSD: Add support for kernel route metric
Add support for kernel route metric/priority, exported as krt_metric
attribute, like in Linux. This should also fix issues with overwriting
or removing system routes.
2023-01-13 13:17:46 +01:00
Mike Crute
64a2b7aaa3 Log message before aborting
Log message before aborting due to watchdog timeout. We have to use
async-safe write to debug log, as it is done in signal handler.

Minor changes from committer.
2023-01-12 17:40:53 +01:00
Ondrej Zajicek
e20bef69cc Filter: Change linearization of branches in switch instruction
Most branching instructions (FI_CONDITION, FI_AND, FI_OR) linearize its
branches in a recursive way, while FI_SWITCH branches are linearized
from parser even before the switch instruction is allocated.

Change linearization of FI_SWITCH branches to make it similar to other
branching instructions. This also fixes an issue with constant
switch evaluation, where linearized branch is mistaken for
non-linearized during switch construction.

Thanks to Jiten Kumar Pathy for the bugreport.
2023-01-07 20:18:44 +01:00
Ondrej Zajicek
d1cd5e5a63 BGP: Allow role specific keywords to be used as symbols
Some of these new BGP role keywords use generic names that collides with
user-defined symbols. Allow them to be redefined. Also remove duplicit
keyword definition for 'prefer'.
2023-01-03 19:11:34 +01:00
Ondrej Zajicek
309c874f9c Configure: Expensive check option was broken, never worked 2023-01-03 17:14:48 +01:00
Ondrej Zajicek
b28431e557 Nest: Fix leaking internal attributes in RIP and Babel
During backporting attribute changes from 3.0-branch, some internal
attributes (RIP iface and Babel seqno) leaked to 'show route all' output.
Allow protocols to hide specific attributes with GA_HIDDEN value.

Thanks to Nigel Kukard for the bugreport.
2023-01-03 17:01:54 +01:00
Ondrej Zajicek
d3f50ede12 Add compile-time option to enable 4-way tries instead of 16-way ones
In some cases 16-way tries are too memory-heavy, while 4-way are
almost as efficient as the original 2-way ones.
2023-01-02 15:55:55 +01:00
Ondrej Zajicek
6d1ae197d1 Nest: Fix several issues with pflags
There were some confusion about validity and usage of pflags, which
caused incorrect usage after some flags from (now removed) protocol-
specific area were moved to pflags.

We state that pflags:

 - Are secondary data used by protocol-specific hooks
 - Can be changed on an existing route (in contrast to copy-on-write
   for primary data)
 - Are irrelevant for propagation (not propagated when changed)
 - Are specific to a routing table (not propagated by pipe)

The patch did these fixes:

 - Do not compare pflags in rte_same(), as they may keep cached values
   like BGP_REF_STALE, causing spurious propagation.

 - Initialize pflags to zero in rte_get_temp(), avoid initialization in
   protocol code, fixing at least two forgotten initializations (krt
   and one case in babel).

 - Improve documentation about pflags
2023-01-01 20:10:23 +01:00
Toke Høiland-Jørgensen
8b06a4d8af Babel: Rework seqno request handling
The seqno request retransmission handling was tracking the destination
that a forwarded request was being sent to and always retransmitting to
that same destination. This is unnecessary because we only need to
retransmit requests we originate ourselves, not those we forward on
behalf of others; in fact retransmitting on behalf of others can lead to
exponential multiplication of requests, which would be bad.

So rework the seqno request tracking so that instead of storing the
destination of a request, we just track whether it was a request that we
forwarded on behalf of another node, or if it was a request we originated
ourselves. Forwarded requests are not retransmitted, they are only used
for duplicate suppression, and for triggering an update when satisfied.
If we end up originating a request that we previously forwarded, we
"upgrade" the old request and restart the retransmit counter.

One complication with this is that requests sent in response to unfeasible
updates (section 3.8.2.2 of the RFC) have to be sent as unicast to a
particular peer. However, we don't really need to retransmit those as
there's no starvation when sending such a request; so we just change
such requests to be one-off unicast requests that are not subject to
retransmission or duplicate suppression. This is the same behaviour as
babeld has for such requests.

Minor changes from committer.
2022-12-24 15:52:12 +01:00
Ondrej Zajicek
2b7643e1f8 BSD: Use ip_mreqn on FreeBSD 12.1+ and OpenBSD 6.9+ 2022-12-18 20:23:46 +01:00
Alexander Chernikov
6825f94570 FreeBSD: use interface index instead of IP address when specifying multicast interface
Minor changes from committer.
2022-12-16 19:37:26 +01:00
Alexander Chernikov
176fc68aed Netlink: move OS-specific headers and defines to sysdep
Minor changes from committer.
2022-12-16 19:21:51 +01:00
Ondrej Zajicek
7b6c964977 BSD: Add missing makefile for bsd-netlink target
Use symlinks to linux/netlink* to avoid limitations of our buildsystem.
2022-12-16 19:03:41 +01:00
Ondrej Zajicek
1e47b9f203 NEWS and version update 2022-12-11 17:28:14 +01:00
Ondrej Zajicek
34ebc4e1ba BSD: Workaround for direct routes on FreeBSD 13.0
FreeBSD 13.0 added some safechecks for syscalls, rejecting sockaddrs that
are too small, later versions loosen up the check.
2022-12-11 16:28:28 +01:00
Ondrej Zajicek
937ebf2536 BGP: Log unacceptable hold time as decimal number
Thanks Johannes Moos for the suggestion.
2022-12-10 18:06:52 +01:00
Ondrej Zajicek
4c19a8a984 CLI: Fix for long-lived sessions during high loads
When there is a continuos stream of CLI commands, cli_get_command()
always returns 1 (there is a new command). Anyway, the socket receive
buffer was reset only when there was no command at all, leading to a
strange behavior: after a while, the CLI receive buffer came to its end,
then read() was called with zero size buffer, it returned 0 which was
interpreted as EOF.

The patch fixes that by resetting the buffer position after each command
and moving remaining data at the beginning of buffer.

Thanks to Maria Matejka for examining the bug and for the original bugfix.
2022-12-10 17:32:42 +01:00
Ondrej Zajicek
1124f39f73 Client: Unknown command should return nonzero errorcode 2022-12-10 03:02:26 +01:00
Ondrej Zajicek
e48f898fda Doc: Document issue with import tables
The import table does not work reliably together with re-evaluation of
routes due to recursive next hops or flowspec validation. We will at
least document that here, as import tables are completely redesigned and
this issue is fixed in BIRD 3.x branch.
2022-12-09 22:43:27 +01:00
Alexander V. Chernikov
a80cd47074 Netlink on FreeBSD support
Netlink support was added to FreeBSD recently. It is not as full-featured
as its Linux counterpart yet, however the added subset is enough to make
a routing daemon work. Specifically, it supports multiple tables,
multipath, nexthops and nexthops groups. No MPLS support yet.

The attached change adds 'bsd-netlink’ sysconf target, allowing to build
both netlink & rtsock versions on FreeBSD.
2022-12-09 16:01:30 +01:00
Ondrej Zajicek
3859e4efc1 BGP: Improve handling of hold and keepalive timers
The effective keepalive time now scales relative to the negotiated
hold time, to maintain proportion between the keepalive time and the
hold time. This avoids issues when both keepalive and hold times
were configured, the hold time was negotiated to a smaller value,
but the keepalive time stayed the same.

Add new options 'min hold time' and 'min keepalive time', which reject
session attempts with too small hold time.

Improve validation of config options an their documentation.

Thanks to Alexander Zubkov and Sergei Goriunov for suggestions.
2022-12-09 05:53:24 +01:00