- ROA tables, which are used as a basic part for RPKI.
- Commands for examining and modifying ROA tables.
- Filter operators based on ROA tables consistent with RFC 6483.
Hostcache is a structure for monitoring changes in a routing table that
is used for routes with dynamic/recursive next hops. This is needed for
proper iBGP next hop handling.
Which was, actually, a bug in timers - on older kernel, monotonic timer
is missing and the other implementation started with now == 0, which
collides with usage 0 as a special value in timer->expires field.
In usual configuration, such export is already restricted
with the aid of the direct protocol but there are some
races that can circumvent it. This makes it harder to
break kernel device routes. Also adds an option to
disable this restriction.
- Adds check to deny config file with no specified protocol to prevent
loading of empty config file.
- Moves CLI init before config parse to receive immediate error message
when cannot open control socket.
- Fixes socket name path check and other error handling in CLI init.
When device protocol goes down, interfaces should be flushed
asynchronously (in the same way like routes from protocols are flushed),
when protocol goes to DOWN/HUNGRY.
This fixes the problem with static routes staying in kernel routing
table after BIRD shutdown.
- BSD kernel syncer is now self-conscious and can learn alien routes
- important bugfix in BSD kernel syncer (crash after protocol restart)
- many minor changes and bugfixes in kernel syncers and neighbor cache
- direct protocol does not generate host and link local routes
- min_scope check is removed, all routes have SCOPE_UNIVERSE by default
- also fixes some remaining compiler warnings
It seems that by adding one pipe-specific exception to route
announcement code and by adding one argument to rt_notify() callback i
could completely eliminate the need for the phantom protocol instance
and therefore make the code more straightforward. It will also fix some
minor bugs (like ignoring debug flag changes from the command line).
There is no reak callback scheduler and previous behavior causes
bad things during hard congestion (like BGP hold timeouts).
Smart callback scheduler is still missing, but main loop was
changed such that it first processes all tx callbacks (which
are fast enough) (but max 4* per socket) + rx callbacks for CLI,
and in the second phase it processes one rx callback per
socket up to four sockets (as rx callback can be slow when
there are too many protocols, because route redistribution
is done synchronously inside rx callback). If there is event
callback ready, second phase is skipped in 90% of iterations
(to speed up CLI during congestion).
This also fixes bug that timer->recurrent was not cleared
in tm_new() and unexpected recurrence of startup timer
in BGP confused state machine and caused crash.
If other side of a socket is sending data faster than
BIRD is processing, BIRD does not schedule any other
callbacks (events, timers, rx/tx callbacks).
Under specific circumstances there might be two mixed-up
netlink sessions (one for scan, the other for route change
request). This patch separates netlink scans and requests
to two fds (and seq counters).
This should fix http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=428865
KRF_INSTALLED flag was not cleared during reconfiguration
that lead to not removing routes during reconfigure when
export rules changed.
We also should not try to remove routes we didi not installed,
on Linux this leads to warnings (as kernel checks route source
field and do not allow to remove non-bird routes) but we should
not rely on it.
Bird sometimes reported 'bird: nl_parse_link: Malformed message received'.
The cause is that bird asynchronously received netlink packet from
wireless driver about some wireless event on its link layer. In that
case bird shouldn't complain.
Here is a patch fixing a bug that causes breakage of a local routing
table during shutdown of Bird. The problem was caused by shutdown
of 'device' protocol before shutdown of 'kernel' protocol. When
'device' protocol went down, the route (with local network prefix)
From different protocol (BGP or OSPF) became preferred and installed
to the kernel routing table. Such routes were broken (like
192.168.1.0/24 via 192.168.1.2). I think it is also the cause
of problem reported by Martin Kraus.
The patch disables updating of kernel routing table during shutdown of
Bird. I am not sure whether this is the best way to fix it, I would
prefer to forbid 'kernel' protocol to overwrite routes with
'proto kernel'.
The patch also fixes a problem that during shutdown sometimes routes
created by Bird remained in the kernel routing table.
Also, removed the `if (s)' test, because I believe that as the whole
socket interface doesn't accent NULL pointers, sk_reallocate() shouldn't
be the only exception.
you can delete the socket from anywhere in the hooks and nothing should break.
Also, the receive/transmit buffers are now regular xmalloc()'ed buffers,
not separate resources which would need shuffling around between pools.
sk_close() is gone, use rfree() instead.
for even only medium sized route table output. Fix a strange garbled
output problem in the client. The latter seems to be caused by some
library doing tcflush while there is still command output pending. So
the best fix here is to do fflush and then tcdrain. Note that this
problem occurs only under certain load situations and is not too easy to
reproduce.
(by Andreas)
C includes as they contain substitutions specific to make.
Worked around by creating sysconf/paths.h which is created from
the Makefile instead of by the configure script.
Please try compiling your code with --enable-warnings to see them. (The
unused parameter warnings are usually bogus, the unused variable ones
are very useful, but gcc is unable to control them separately.)
of calling the protocols manually.
Implemented printing of dynamic attributes in `show route all'.
Each protocol can now register its own attribute class (protocol->attr_class,
set to EAP_xxx) and also a callback for naming and formatting of attributes.
The callback can return one of the following results:
GA_UNKNOWN Attribute not recognized.
GA_NAME Attribute name recognized and put to the buffer,
generic code should format the value.
GA_FULL Both attribute name and value put to the buffer.
Please update protocols generating dynamic attributes to provide
the attr_class and formatting hook.
address, not per interface (hence it's ifa->flags & IA_UNNUMBERED) and
should be set reliably. IF_MULTIACCESS should be fixed now, but it isn't
wise to rely on it on interfaces configured with /30 prefix.
(the current version UNIX-specific) anyway, so it's useless to try splitting it
to sysdep and generic part. Instead of this, configure script decides (based on
system type and user's wish) what (if any) client should be built and what
autoconfiguration it requires. Also, the client provides its own die/bug/...
functions.
used for automatic generation of instance names.
protocol->name is the official name
protocol->template is the name template (usually "name%d"),
should be all lowercase.
Updated all protocols to define the templates, checked that their configuration
grammar includes proto_name which generates the name and interns it in the
symbol table.
multicast abilities depending on definedness of symbols and use hard-wired
system-dependent configuration defines instead.
Please test whereever you can.
with protocols wanting to use the same port on the same interface
during reconfiguration time.
How to use locks: In the if_notify hook, just order locks for the
interfaces you want to work with and do the real socket opening after the
lock hook function gets called. When you stop using the socket, close
it and rfree() the lock.
Please update your protocols to use the new locking mechanism.
but the core routines are there and seem to be working.
o lib/ipv6.[ch] written
o Lexical analyser recognizes IPv6 addresses and when in IPv6
mode, treats pure IPv4 addresses as router IDs.
o Router ID must be configured manually on IPv6 systems.
o Added SCOPE_ORGANIZATION for org-scoped IPv6 multicasts.
o Fixed few places where ipa_(hton|ntoh) was called as a function
returning converted address.
The changes are just too extensive for lazy me to list them
there, but see the comment at the top of sysdep/unix/krt.c.
The code got a bit more ifdeffy than I'd like, though.
Also fixed a bunch of FIXME's and added a couple of others. :)
addresses per interface (needed for example for IPv6 support).
Visible changes:
o struct iface now contains a list of all interface addresses (represented
by struct ifa), iface->addr points to the primary address (if any).
o Interface has IF_UP set iff it's up and it has a primary address.
o IF_UP is now independent on IF_IGNORED (i.e., you need to test IF_IGNORED
in the protocols; I've added this, but please check).
o The if_notify_change hook has been simplified (only one interface pointer
etc.).
o Introduced a ifa_notify_change hook. (For now, only the Direct protocol
does use it -- it's wise to just listen to device routes in all other
protocols.)
o Removed IF_CHANGE_FLAGS notifier flag (it was meaningless anyway).
o Updated all the code except netlink (I'll look at it tomorrow) to match
the new semantics (please look at your code to ensure I did it right).
Things to fix:
o Netlink.
o Make krt-iface interpret "eth0:1"-type aliases as secondary addresses.
operations on 2.1/2.2 kernels. This allows passing of real interface
indexes instead of referencing interfaces by their IP addresses which
fails badly in presence of unnumbered interfaces.
Unfortunately, this structure is not visible with glibc 2.0 as it provides
its own networking headers :-( Both libc5 and glibc 2.1 should be OK.
o Now compatible with filtering.
o Learning of kernel routes supported only on CONFIG_SELF_CONSCIOUS
systems (on the others it's impossible to get it semantically correct).
o Learning now stores all of its routes in a separate fib and selects
the ones the kernel really uses for forwarding packets.
o Better treatment of CONFIG_AUTO_ROUTES ports.
o Lots of internal changes.
documented the remaining ones (sysdep/cf/README).
Available configurations:
o linux-20: Old Linux interface via /proc/net/route (selected by default
on pre-2.1 kernels).
o linux-21: Old Linux interface, but device routes handled by the
kernel (selected by default for 2.1 and newer kernels).
o linux-22: Linux with Netlink (I play with it a lot yet, so it isn't
a default).
o linux-ipv6: Prototype config for IPv6 on Linux. Not functional yet.
o Nothing is configured automatically. You _need_ to specify
the kernel syncer in config file in order to get it started.
o Syncing has been split to route syncer (protocol "Kernel") and
interface syncer (protocol "Device"), device routes are generated
by protocol "Direct" (now can exist in multiple instances, so that
it will be possible to feed different device routes to different
routing tables once multiple tables get supported).
See doc/bird.conf.example for a living example of these shiny features.
(via Netlink). Tweaked kernel synchronization rules a bit. Discovered
locking bug in kernel Netlink :-)
Future plans: Hunt all the bugs and solve all the FIXME's.
To build BIRD with Netlink support, just configure it with
./configure --with-sysconfig=linux-21
After it will be tested well enough, I'll probably make it a default
for 2.2 kernels (and rename it to linux-22 :)).
over EFence and also hopefully smaller memory overhead, but sadly it's non-free
for commercial use).
If the DMALLOC_OPTIONS environment variable is not set, switch on `reasonable'
checks by default.
Also introduced mb_allocz() for cleared mb_alloc().
The new kernel syncer is cleanly split between generic UNIX module
and OS dependent submodules:
- krt.c (the generic part)
- krt-iface (low-level functions for interface handling)
- krt-scan (low-level functions for routing table scanning)
- krt-set (low-level functions for setting of kernel routes)
krt-set and krt-iface are common for all BSD-like Unices, krt-scan is heavily
system dependent (most Unices require /dev/kmem parsing, Linux uses /proc),
Netlink substitues all three modules.
We expect each UNIX port supports kernel routing table scanning, kernel
interface table scanning, kernel route manipulation and possibly also
asynchronous event notifications (new route, interface state change;
not implemented yet) and build the KRT protocol on the top of these
primitive operations.
o Introduced if_find_by_index()
o Recognizing two types of interface updates: full update (starting with
if_start_update(), ending with if_end_update(), guaranteed to see
all existing interfaces) and a partial update (only if_update(),
usually due to asynchronous interface notifications).
o Introduced IF_LINK_UP flag corresponding to real link state.
o Allowed addressless interfaces.
o IF_UP is now automatically calculated and set iff the interface
is administratively up, has link up and has an IP address assigned.
It may be IF_IGNORED, though (as in case of the loopback).
o Any changes which include up/down transition are considered small
enough to not provoke artificial upping and downing of the interface.
o When an interface disappears (i.e., it wasn't seen in the last scan),
we announce this change only once.
o IF_LOOPBACK implies IF_IGNORE.
of various callbacks.
Events are just another resource type objects (thus automatically freed
and unlinked when the protocol using them shuts down). Each event can
be linked in at most one event list. For most purposes, just use the
global event list handled by the following functions:
ev_schedule Schedule event to be called at the next event
scheduling point. If the event was already
scheduled, it's just re-linked to the end of the list.
ev_postpone Postpone an already scheduled event, so that it
won't get called. Postponed events can be scheduled
again by ev_schedule().
You can also create custom event lists to build your own synchronization
primitives. Just use:
ev_init_list to initialize an event list
ev_enqueue to schedule event on specified event list
ev_postpone works as well for custom lists
ev_run_list to run all events on your custom list
ev_run to run a specific event and dequeue it
guesses most system-dependent parameters and determines name of system
configuration file (sysdep/cf/...) with the remaining ones.
To compile BIRD, you now need to do:
autoconf # Create configure from configure.in
./configure # Run configure script
make # Compile everything
Configuration files:
sysdep/config.h Master config file
sysdep/autoconf.h Parameters determined by configure script
sysdep/cf/*.h Fixed system configuration we're unable
to guess.
Makefiles are still the original ones, but this will change soon.
#define L_DEBUG "\001" /* Debugging messages */
#define L_INFO "\002" /* Informational messages */
#define L_WARN "\003" /* Warnings */
#define L_ERR "\004" /* Errors */
#define L_AUTH "\005" /* Authorization failed etc. */
#define L_FATAL "\006" /* Fatal errors */
#define L_TRACE "\002" /* Protocol tracing */
#define L_INFO "\003" /* Informational messages */
#define L_REMOTE "\004" /* Remote protocol errors */
#define L_WARN "\004" /* Local warnings */
#define L_ERR "\005" /* Local errors */
#define L_AUTH "\006" /* Authorization failed etc. */
#define L_FATAL "\007" /* Fatal errors */
#define L_BUG "\010" /* BIRD bugs */
Introduced bug() which is like die(), but with level L_BUG. Protocols
should _never_ call die() as it should be used only during initialization
and on irrecoverable catastrophic events like out of memory.
Also introduced ASSERT() which behaves like normal assert(), but it calls
bug() when assertion fails. When !defined(DEBUGGING), it gets ignored.
o Interface syncing is now a part of krt and it can have configurable
parameters. Actually, the only one is scan rate now :)
o Kernel routing table syncing is now synchronized with interface
syncing (we need the most recent version of the interface list
to prevent lots of routes to non-existent destinations from
appearing). Instead of its own timer, we just check if it's
route scan time after each iface list scan.
o Syncing of device routes implemented.
o CONFIG_AUTO_ROUTES should control syncing of automatic device routes.
o Rewrote krt_remove_route() to really remove routes :)
o Better diagnostics.
o Fixed a couple of bugs.
regular interface addresses" rule).
Protocols should NOT rely on router_id existence -- when router ID is not
available, the router_id variable is set to zero and protocols requiring
valid router ID should just refuse to start, reporting such error to the log.
the kernel routing table as opposed to modifying it which is approximately
the same on non-netlink systems, I've split the kernel routing table
routines to read and write parts. To be implemented later ;-)
protocols and don't send route/interface updates to them and when they come up,
we resend the whole route/interface tables privately.
Removed the "scan interface list after protocol start" work-around.