Explicit setting of AF_INET(6|) in IP socket creation. BFD set to listen
on v6, without setting the V6ONLY flag to catch both v4 and v6 traffic.
Squashing and minor changes by Ondrej Santiago Zajicek
Since 2.6.19, the netlink API defines RTA_TABLE routing attribute to
allow 32-bit routing table IDs. Using this attribute to index routing
tables at Linux, instead of 8-bit rtm_table field.
Symbol lookup by cf_find_symbol() not only did the lookup but also added
new void symbols allocated from cfg_mem linpool, which gets broken when
lookups are done outside of config parsing, which may lead to crashes
during reconfiguration.
The patch separates lookup-only cf_find_symbol() and config-modifying
cf_get_symbol(), while the later is called only during parsing. Also
new_config and cfg_mem global variables are NULLed outside of parsing.
New data types net_addr and variants (in lib/net.h) describing
network addresses (prefix/pxlen). Modifications of FIB structures
to handle these data types and changing everything to use these
data types instead of prefix/pxlen pairs where possible.
The commit is WiP, some protocols are not yet updated (BGP, Kernel),
and the code contains some temporary scaffolding.
Comments are welcome.
If the number of sockets is too much for select(), we should at least
handle it with proper error messages and reject new sockets instead of
breaking the event loop.
Thanks to Alexander V. Chernikov for the patch.
When a new route was imported from kernel and chosen as preferred, then
the old best route was propagated as a withdraw to the kernel protocol.
Under some circumstances such withdraw propagated to the BSD kernel could
remove the new alien route and thus reverting the import.
When an interface goes down, (Linux) kernel removes routes pointing to
that ifacem but does not send withdraws for them. We rescan the
kernel table to ensure synchronization.
Thanks to Alexander Demenshin for the bugreport.
Although RFC 3542 allows both cases, Theo de Raadt thinks
he knows better, and msg_controllen without last padding
fails on OpenBSD.
Thanks to Job Snijders for the bugreport.
I/O:
- BSD: specify src addr on IP sockets by IP_HDRINCL
- BSD: specify src addr on UDP sockets by IP_SENDSRCADDR
- Linux: specify src addr on IP/UDP sockets by IP_PKTINFO
- IPv6: specify src addr on IP/UDP sockets by IPV6_PKTINFO
- Alternative SKF_BIND flag for binding to IP address
- Allows IP/UDP sockets without tx_hook, on these
sockets a packet is discarded when TX queue is full
- Use consistently SOL_ for socket layer values.
OSPF:
- Packet src addr is always explicitly set
- Support for secondary addresses in BSD
- Dynamic RX/TX buffers
- Fixes some minor buffer overruns
- Interface option 'tx length'
- Names for vlink pseudoifaces (vlinkX)
- Vlinks use separate socket for TX
- Vlinks do not use fixed associated iface
- Fixes TTL for direct unicast packets
- Fixes DONTROUTE for OSPF sockets
- Use ifa->ifname instead of ifa->iface->name
RIP sockets for multiple ifaces collided, because we cannot bind to
a specific iface on BSD. Workarounded by SO_REUSEPORT.
Thanks to Eugene M. Zheganin for the bugreport.
The bug caused that krt_prefsrc attribute was not processed when a route
received from a kernel protocol was exported to another kernel protocol.
Thanks to Sergey Popovich for a bugreport.
Implemented eval command can be used to evaluate expressions.
The patch also documents echo command and allows to use log classes
instead of integer as a mask for echo.
Interfaces for OSPF and RIP could be configured to use (and request)
TTL 255 for traffic to direct neighbors.
Thanks to Simon Dickhoven for the original patch for RIPng.
Implements support for IPv6 traffic class, sets higher priority for OSPF
and RIP outgoing packets by default and allows to configure ToS/DS/TClass
IP header field and the local priority of outgoing packets.
Several new configure command variants:
configure undo - undo last reconfiguration
configure timeout - configure with scheduled undo if not confirmed in timeout
configure confirm - confirm last configuration
configure check - just parse and validate config file
When 'import keep rejected' protocol option is activated, routes
rejected by the import filter are kept in the routing table, but they
are hidden and not propagated to other protocols. It is possible to
examine them using 'show route rejected'.
Allows to send and receive multiple routes for one network by one BGP
session. Also contains necessary core changes to support this (routing
tables accepting several routes for one network from one protocol).
It needs some more cleanup before merging to the master branch.
- ROA tables, which are used as a basic part for RPKI.
- Commands for examining and modifying ROA tables.
- Filter operators based on ROA tables consistent with RFC 6483.
Which was, actually, a bug in timers - on older kernel, monotonic timer
is missing and the other implementation started with now == 0, which
collides with usage 0 as a special value in timer->expires field.
In usual configuration, such export is already restricted
with the aid of the direct protocol but there are some
races that can circumvent it. This makes it harder to
break kernel device routes. Also adds an option to
disable this restriction.
- Adds check to deny config file with no specified protocol to prevent
loading of empty config file.
- Moves CLI init before config parse to receive immediate error message
when cannot open control socket.
- Fixes socket name path check and other error handling in CLI init.
When device protocol goes down, interfaces should be flushed
asynchronously (in the same way like routes from protocols are flushed),
when protocol goes to DOWN/HUNGRY.
This fixes the problem with static routes staying in kernel routing
table after BIRD shutdown.
- BSD kernel syncer is now self-conscious and can learn alien routes
- important bugfix in BSD kernel syncer (crash after protocol restart)
- many minor changes and bugfixes in kernel syncers and neighbor cache
- direct protocol does not generate host and link local routes
- min_scope check is removed, all routes have SCOPE_UNIVERSE by default
- also fixes some remaining compiler warnings
It seems that by adding one pipe-specific exception to route
announcement code and by adding one argument to rt_notify() callback i
could completely eliminate the need for the phantom protocol instance
and therefore make the code more straightforward. It will also fix some
minor bugs (like ignoring debug flag changes from the command line).
There is no reak callback scheduler and previous behavior causes
bad things during hard congestion (like BGP hold timeouts).
Smart callback scheduler is still missing, but main loop was
changed such that it first processes all tx callbacks (which
are fast enough) (but max 4* per socket) + rx callbacks for CLI,
and in the second phase it processes one rx callback per
socket up to four sockets (as rx callback can be slow when
there are too many protocols, because route redistribution
is done synchronously inside rx callback). If there is event
callback ready, second phase is skipped in 90% of iterations
(to speed up CLI during congestion).
This also fixes bug that timer->recurrent was not cleared
in tm_new() and unexpected recurrence of startup timer
in BGP confused state machine and caused crash.
If other side of a socket is sending data faster than
BIRD is processing, BIRD does not schedule any other
callbacks (events, timers, rx/tx callbacks).
KRF_INSTALLED flag was not cleared during reconfiguration
that lead to not removing routes during reconfigure when
export rules changed.
We also should not try to remove routes we didi not installed,
on Linux this leads to warnings (as kernel checks route source
field and do not allow to remove non-bird routes) but we should
not rely on it.
Here is a patch fixing a bug that causes breakage of a local routing
table during shutdown of Bird. The problem was caused by shutdown
of 'device' protocol before shutdown of 'kernel' protocol. When
'device' protocol went down, the route (with local network prefix)
From different protocol (BGP or OSPF) became preferred and installed
to the kernel routing table. Such routes were broken (like
192.168.1.0/24 via 192.168.1.2). I think it is also the cause
of problem reported by Martin Kraus.
The patch disables updating of kernel routing table during shutdown of
Bird. I am not sure whether this is the best way to fix it, I would
prefer to forbid 'kernel' protocol to overwrite routes with
'proto kernel'.
The patch also fixes a problem that during shutdown sometimes routes
created by Bird remained in the kernel routing table.
Also, removed the `if (s)' test, because I believe that as the whole
socket interface doesn't accent NULL pointers, sk_reallocate() shouldn't
be the only exception.
you can delete the socket from anywhere in the hooks and nothing should break.
Also, the receive/transmit buffers are now regular xmalloc()'ed buffers,
not separate resources which would need shuffling around between pools.
sk_close() is gone, use rfree() instead.
for even only medium sized route table output. Fix a strange garbled
output problem in the client. The latter seems to be caused by some
library doing tcflush while there is still command output pending. So
the best fix here is to do fflush and then tcdrain. Note that this
problem occurs only under certain load situations and is not too easy to
reproduce.
(by Andreas)
Please try compiling your code with --enable-warnings to see them. (The
unused parameter warnings are usually bogus, the unused variable ones
are very useful, but gcc is unable to control them separately.)
of calling the protocols manually.
Implemented printing of dynamic attributes in `show route all'.
Each protocol can now register its own attribute class (protocol->attr_class,
set to EAP_xxx) and also a callback for naming and formatting of attributes.
The callback can return one of the following results:
GA_UNKNOWN Attribute not recognized.
GA_NAME Attribute name recognized and put to the buffer,
generic code should format the value.
GA_FULL Both attribute name and value put to the buffer.
Please update protocols generating dynamic attributes to provide
the attr_class and formatting hook.
address, not per interface (hence it's ifa->flags & IA_UNNUMBERED) and
should be set reliably. IF_MULTIACCESS should be fixed now, but it isn't
wise to rely on it on interfaces configured with /30 prefix.
(the current version UNIX-specific) anyway, so it's useless to try splitting it
to sysdep and generic part. Instead of this, configure script decides (based on
system type and user's wish) what (if any) client should be built and what
autoconfiguration it requires. Also, the client provides its own die/bug/...
functions.
used for automatic generation of instance names.
protocol->name is the official name
protocol->template is the name template (usually "name%d"),
should be all lowercase.
Updated all protocols to define the templates, checked that their configuration
grammar includes proto_name which generates the name and interns it in the
symbol table.
multicast abilities depending on definedness of symbols and use hard-wired
system-dependent configuration defines instead.
Please test whereever you can.
with protocols wanting to use the same port on the same interface
during reconfiguration time.
How to use locks: In the if_notify hook, just order locks for the
interfaces you want to work with and do the real socket opening after the
lock hook function gets called. When you stop using the socket, close
it and rfree() the lock.
Please update your protocols to use the new locking mechanism.
but the core routines are there and seem to be working.
o lib/ipv6.[ch] written
o Lexical analyser recognizes IPv6 addresses and when in IPv6
mode, treats pure IPv4 addresses as router IDs.
o Router ID must be configured manually on IPv6 systems.
o Added SCOPE_ORGANIZATION for org-scoped IPv6 multicasts.
o Fixed few places where ipa_(hton|ntoh) was called as a function
returning converted address.
The changes are just too extensive for lazy me to list them
there, but see the comment at the top of sysdep/unix/krt.c.
The code got a bit more ifdeffy than I'd like, though.
Also fixed a bunch of FIXME's and added a couple of others. :)
addresses per interface (needed for example for IPv6 support).
Visible changes:
o struct iface now contains a list of all interface addresses (represented
by struct ifa), iface->addr points to the primary address (if any).
o Interface has IF_UP set iff it's up and it has a primary address.
o IF_UP is now independent on IF_IGNORED (i.e., you need to test IF_IGNORED
in the protocols; I've added this, but please check).
o The if_notify_change hook has been simplified (only one interface pointer
etc.).
o Introduced a ifa_notify_change hook. (For now, only the Direct protocol
does use it -- it's wise to just listen to device routes in all other
protocols.)
o Removed IF_CHANGE_FLAGS notifier flag (it was meaningless anyway).
o Updated all the code except netlink (I'll look at it tomorrow) to match
the new semantics (please look at your code to ensure I did it right).
Things to fix:
o Netlink.
o Make krt-iface interpret "eth0:1"-type aliases as secondary addresses.
operations on 2.1/2.2 kernels. This allows passing of real interface
indexes instead of referencing interfaces by their IP addresses which
fails badly in presence of unnumbered interfaces.
Unfortunately, this structure is not visible with glibc 2.0 as it provides
its own networking headers :-( Both libc5 and glibc 2.1 should be OK.
o Now compatible with filtering.
o Learning of kernel routes supported only on CONFIG_SELF_CONSCIOUS
systems (on the others it's impossible to get it semantically correct).
o Learning now stores all of its routes in a separate fib and selects
the ones the kernel really uses for forwarding packets.
o Better treatment of CONFIG_AUTO_ROUTES ports.
o Lots of internal changes.
o Nothing is configured automatically. You _need_ to specify
the kernel syncer in config file in order to get it started.
o Syncing has been split to route syncer (protocol "Kernel") and
interface syncer (protocol "Device"), device routes are generated
by protocol "Direct" (now can exist in multiple instances, so that
it will be possible to feed different device routes to different
routing tables once multiple tables get supported).
See doc/bird.conf.example for a living example of these shiny features.
(via Netlink). Tweaked kernel synchronization rules a bit. Discovered
locking bug in kernel Netlink :-)
Future plans: Hunt all the bugs and solve all the FIXME's.
over EFence and also hopefully smaller memory overhead, but sadly it's non-free
for commercial use).
If the DMALLOC_OPTIONS environment variable is not set, switch on `reasonable'
checks by default.
Also introduced mb_allocz() for cleared mb_alloc().
The new kernel syncer is cleanly split between generic UNIX module
and OS dependent submodules:
- krt.c (the generic part)
- krt-iface (low-level functions for interface handling)
- krt-scan (low-level functions for routing table scanning)
- krt-set (low-level functions for setting of kernel routes)
krt-set and krt-iface are common for all BSD-like Unices, krt-scan is heavily
system dependent (most Unices require /dev/kmem parsing, Linux uses /proc),
Netlink substitues all three modules.
We expect each UNIX port supports kernel routing table scanning, kernel
interface table scanning, kernel route manipulation and possibly also
asynchronous event notifications (new route, interface state change;
not implemented yet) and build the KRT protocol on the top of these
primitive operations.
o Introduced if_find_by_index()
o Recognizing two types of interface updates: full update (starting with
if_start_update(), ending with if_end_update(), guaranteed to see
all existing interfaces) and a partial update (only if_update(),
usually due to asynchronous interface notifications).
o Introduced IF_LINK_UP flag corresponding to real link state.
o Allowed addressless interfaces.
o IF_UP is now automatically calculated and set iff the interface
is administratively up, has link up and has an IP address assigned.
It may be IF_IGNORED, though (as in case of the loopback).
o Any changes which include up/down transition are considered small
enough to not provoke artificial upping and downing of the interface.
o When an interface disappears (i.e., it wasn't seen in the last scan),
we announce this change only once.
o IF_LOOPBACK implies IF_IGNORE.
of various callbacks.
Events are just another resource type objects (thus automatically freed
and unlinked when the protocol using them shuts down). Each event can
be linked in at most one event list. For most purposes, just use the
global event list handled by the following functions:
ev_schedule Schedule event to be called at the next event
scheduling point. If the event was already
scheduled, it's just re-linked to the end of the list.
ev_postpone Postpone an already scheduled event, so that it
won't get called. Postponed events can be scheduled
again by ev_schedule().
You can also create custom event lists to build your own synchronization
primitives. Just use:
ev_init_list to initialize an event list
ev_enqueue to schedule event on specified event list
ev_postpone works as well for custom lists
ev_run_list to run all events on your custom list
ev_run to run a specific event and dequeue it
#define L_DEBUG "\001" /* Debugging messages */
#define L_INFO "\002" /* Informational messages */
#define L_WARN "\003" /* Warnings */
#define L_ERR "\004" /* Errors */
#define L_AUTH "\005" /* Authorization failed etc. */
#define L_FATAL "\006" /* Fatal errors */
#define L_TRACE "\002" /* Protocol tracing */
#define L_INFO "\003" /* Informational messages */
#define L_REMOTE "\004" /* Remote protocol errors */
#define L_WARN "\004" /* Local warnings */
#define L_ERR "\005" /* Local errors */
#define L_AUTH "\006" /* Authorization failed etc. */
#define L_FATAL "\007" /* Fatal errors */
#define L_BUG "\010" /* BIRD bugs */
Introduced bug() which is like die(), but with level L_BUG. Protocols
should _never_ call die() as it should be used only during initialization
and on irrecoverable catastrophic events like out of memory.
Also introduced ASSERT() which behaves like normal assert(), but it calls
bug() when assertion fails. When !defined(DEBUGGING), it gets ignored.
o Interface syncing is now a part of krt and it can have configurable
parameters. Actually, the only one is scan rate now :)
o Kernel routing table syncing is now synchronized with interface
syncing (we need the most recent version of the interface list
to prevent lots of routes to non-existent destinations from
appearing). Instead of its own timer, we just check if it's
route scan time after each iface list scan.
o Syncing of device routes implemented.
o CONFIG_AUTO_ROUTES should control syncing of automatic device routes.
o Rewrote krt_remove_route() to really remove routes :)
o Better diagnostics.
o Fixed a couple of bugs.
regular interface addresses" rule).
Protocols should NOT rely on router_id existence -- when router ID is not
available, the router_id variable is set to zero and protocols requiring
valid router ID should just refuse to start, reporting such error to the log.
the kernel routing table as opposed to modifying it which is approximately
the same on non-netlink systems, I've split the kernel routing table
routines to read and write parts. To be implemented later ;-)
protocols and don't send route/interface updates to them and when they come up,
we resend the whole route/interface tables privately.
Removed the "scan interface list after protocol start" work-around.
this happens, don't reject the whole interface, just mark it as index 0.
o Removed Pavel's comment about EFAULT and SIGSEGV. EFAULT is a valid return
code for cases where the buffer is too small.
o Commented out the smart interface list size logic temporarily as it seems
Linux 2.0 SIOCGIFCONF doesn't react to ifc_req==NULL sanely. Replaced it
by exponential stepping.