This commit is quite a substantial rework of the underlying layers in
BMP TX:
- several unnecessary layers of indirection dropped, including most of
the original BMP's buffer machinery
- all messages are now written directly into one protocol's buffer
allocated for the whole time big enough to fit every possible message
- output blocks are allocated by pages and immediately returned when
used, improving the overall memory footprint
- no intermediary allocation is done from the heap altogether
- there is a documented and configurable limit on the TX queue size
Adds ability to override time format of show commands for current CLI session
so that it does not depend on configuration and may ease parsing when CLI is
called from tools.
Minor changes by committer.
Unify grammar for set_atom and switch_atom to avoid inconsistencies
between them. Fix errors in documentation related to case statement
and set type. Change 'vpnrd' to 'rd' to be consistent with the filter
language.
Thanks to Mikhail Mayorov for bugreport.
RPKI-To-Router (RTR) sessions seem to be similar security-sensitivity as
IBGP sessions. BIRD already offered a choice of either "plain TCP" (meh)
or "SSH" (secure, albeit a bit more hassle to set up than TCP-MD5).
The patch adds TCP-MD5 as another option. TCP-MD5 for RTR is specified
through RFC 6810 section 7.3 and RFC 8210 section 9.3.
Minor changes by committer.
This allows to have one main socket for the heavy operations
very restricted just for the appropriate users, whereas the
looking glass socket may be more open.
Implemented an idea originally submitted and requested by Akamai.
Some vendors do not fill the checksum for IPv6 UDP packets.
For interoperability with such implementations one can set
UDP_NO_CHECK6_RX socket option on Linux.
Thanks to Ville O for the suggestion.
Minor changes by committer.
Allow to explicitly configure the source IP address for RPKI-To-Router
sessions. Predictable source addresses are useful for minimizing the
holes to be poked in ACLs.
Changed from 'source address' to 'local address' by committer.
Allow to define both nexthop and interface using iproute2-like syntax,
e.g.: route 10.0.0.0/16 via 10.1.0.1 dev "eth0";
Now we can avoid to use link-local scope hack (e.g. 10.1.0.1%eth0)
for cases where both nexthop and interface have to be defined.
Thanks to Marcin Saklak for the suggestion.
Implement BGP Send hold timer according to draft-ietf-idr-bgp-sendholdtimer.
The Send hold timer drops the session if the neighbor is sending keepalives,
but does not receive our messages, causing the TCP connection to stall.
Some BGP capabilities change the BGP behavior in a significant way, so if
the configuration depends on it, it is better to not establish BGP
session when the capability is not available.
Add several BGP option to require individual BGP capabilities during
session negotiation.
The Kernel protocol, even with the option 'learn' enabled, ignores
direct routes created by the OS kernel (on Linux these are routes
with rtm_protocol == RTPROT_KERNEL).
Implement optional behavior where both OS kernel and third-party routes
are learned, it can be enabled by 'learn all' option.
Minor changes by committer.
Methods can now be called as x.m(y), as long as x can have its type
inferred in config time. If used as a command, it modifies the object,
if used as a value, it keeps the original object intact.
Also functions add(x,y), delete(x,y), filter(x,y) and prepend(x,y) now
spit a warning and are considered deprecated.
It's also possible to call a method on a constant, see filter/test.conf
for examples like bgp_path = +empty+.prepend(1).
Inside instruction definitions (filter/f-inst.c), a METHOD_CONSTRUCTOR()
call is added, which registers the instruction as a method for the type
of its first argument. Each type has its own method symbol table and
filter parser switches between them based on the inferred type of the
object calling the method.
Also FI_CLIST_(ADD|DELETE|FILTER) instructions have been split to allow
for this method dispatch. With type inference, it's now possible.