0
0
mirror of https://gitlab.nic.cz/labs/bird.git synced 2024-11-09 20:58:44 +00:00
Commit Graph

1959 Commits

Author SHA1 Message Date
Maria Matejka
b708dd367a Merge commit '4972590e' into thread-next 2023-10-12 11:05:28 +02:00
Maria Matejka
e2f08c382a BGP/BMP: fixed build with no bmp at all 2023-10-12 10:57:55 +02:00
Maria Matejka
4972590ea5 BGP: dropped bgp_fix_attr_flags() (useless remnant from previous versions) 2023-10-12 09:29:09 +02:00
Maria Matejka
2cbf7c48ad Merge commit 'b20b6a9ad204f2648ed3d62720435bb21dfb947c' into thread-next 2023-10-11 22:26:41 +02:00
Maria Matejka
b20b6a9ad2 BGP/BMP: Moved temporary allocation checks to the freeing functions 2023-10-11 22:23:34 +02:00
Maria Matejka
65ced75e95 Merge branch 'mq-bmp-to-merge-to-v3' into thread-next 2023-10-11 22:06:18 +02:00
Ondrej Zajicek
57aa077227 BGP: Improve custom BGP attributes
- Implement EA_GET for custom BGP attributes
 - Forbid EA_SET on existing opaque attributes
 - Forbid redefining existing attributes
 - Document possible compatibility problems
2023-10-05 21:54:25 +02:00
Ondrej Zajicek
ba01a6f2e6 MPLS: Handle compatibility with old configs
Old configs do not define MPLS domains and may use a static protocol
to define static MPLS routes.

When MPLS channel is the only channel of static protocol, handle it
as a main channel. Also, define implicit MPLS domain if needed and
none is defined.
2023-10-05 17:54:43 +02:00
Ondrej Zajicek
ab47c2ae46 BGP: Custom attribute definitions should use cfg_alloc(), not malloc()
Otherwise we would get memory leaks.
2023-10-04 20:16:13 +02:00
Ondrej Zajicek
be09b030ed MPLS: Update to support and use 64bit source id 2023-10-04 15:00:24 +02:00
Ondrej Zajicek
8f5511dafb L3VPN: Import/export target reconfiguration 2023-10-04 13:12:05 +02:00
Ondrej Zajicek
d8130da86b BGP, L3VPN: Fix MPLS channel reload
When a MPLS channel is reloaded, it should reload all regular MPLS-aware
channels. This causes re-evaluation of routes in FEC map and possibly
reannouncement of MPLS routes.
2023-10-04 13:12:05 +02:00
Ondrej Zajicek
e915f99e1c L3VPN: Fix bug in reconfiguration
Fields import_target / export_target link to config structures, must be
updated during reconfiguration.
2023-10-04 13:12:05 +02:00
Ondrej Zajicek
81a20ca5d8 Static: Add syntax for static MPLS labels
Instead of just using route attributes, static routes with
static MPLS labels can be defined just by e.g.:

  route 10.1.1.0/24 mpls 100 via 10.1.2.1 mpls 200;
2023-10-04 13:12:05 +02:00
Ondrej Zajicek
bcff3ae79a L3VPN: BGP/MPLS VPNs using MPLS backbone
The L3VPN protocol implements RFC 4364 BGP/MPLS VPNs using MPLS backbone.
It works similarly to pipe. It connects IP table (one per VRF) with (global)
VPN table. Routes passed from VPN table to IP table are stripped of RD and
filtered by import targets, routes passed in the other direction are extended
with RD, MPLS labels and export targets in extended communities. A separate
MPLS channel is used to announce MPLS routes for the labels.
2023-10-04 13:07:28 +02:00
Ondrej Zajicek
9d456d5366 BGP: Add MPLS support
When MPLS is active, received routes on MPLS-aware SAFIs (ipvX-mpls,
vpnX-mpls) are automatically labeled according to active label policy and
corresponding MPLS routes are automatically generated. Also routes sent
on MPLS-aware SAFIs announce local labels when it should be done.
2023-10-04 13:01:21 +02:00
Ondrej Zajicek
15c86ed061 Static: Add MPLS support
When MPLS is active, static IP/VPN routes are automatically labeled
according to active label policy and corresponding MPLS routes are
automatically generated.
2023-10-04 13:01:21 +02:00
Maria Matejka
198fb23a3a Merge commit '93509af4' into HEAD 2023-10-03 11:26:46 +02:00
katerina.kubecova
93509af4c1 Table preexport net-filter refactoring
Also added a possibility for filtering by trie.
2023-10-03 11:08:28 +02:00
Maria Matejka
8d1215dba6 Channel: Refeeding by an auxiliary request if needed.
If the protocol supports route refresh on export, we keep the stop-start
method of route refeed. This applies for BGP with ERR or with export
table on, for OSPF, Babel, RIP or Pipe.

For BGP without ERR or for future selective ROA reloads, we're adding an
auxiliary export request, doing the refeed while the main export request
is running, somehow resembling the original method of BIRD 2 refeed.

There is also a refeed request queue to keep track of different refeed
requests.
2023-10-03 09:54:39 +02:00
Ondrej Zajicek
21213be523 Nest: Expand rte_src.private_id to u64
In general, private_id is sparse and protocols may want to map some
internal values directly into it. For example, L3VPN needs to
map VPN route discriminators to private_id.

OTOH, u32 is enough for global_id, as these identifiers are dense.
2023-10-02 15:09:30 +02:00
Maria Matejka
8ad9c4bb33 BGP config: Splitting Route Refresh and Enhanced Route Refresh
Both toggles are on by default but if some implementation needs one or
another to be switched off separately, then it's possible now.
2023-09-27 20:18:46 +02:00
Maria Matejka
b58ebc4ef1 Babel: Properly handle route refeed 2023-09-27 17:40:40 +02:00
Maria Matejka
bf84daca8c RIP: Properly handle route refeed 2023-09-27 17:40:40 +02:00
Maria Matejka
018a77fc0b Aggregator: Forbidden dangerous filter computations 2023-09-26 15:46:24 +02:00
Maria Matejka
8674d7ab4b Aggregator: Fixed hashing of adata 2023-09-26 15:46:24 +02:00
Igor Putovny
977b82fba4 Basic route aggregation
Add a new protocol offering route aggregation.

User can specify list of route attributes in the configuration file and
run route aggregation on the export side of the pipe protocol. Routes are
sorted and for every group of equivalent routes new route is created and
exported to the routing table. It is also possible to specify filter
which will run for every route before aggregation.

Furthermore, it will be possible to set attributes of new routes
according to attributes of the aggregated routes.

This is a work in progress.

Original work by Igor Putovny, subsequent cleanups and finalization by
Maria Matejka.
2023-09-26 15:46:24 +02:00
Maria Matejka
860fbf0d65 Babel: Remove interfaces on shutdown
This avoids calling interface timer between Babel going
PS_DOWN and finally cleaning up the resource pool.
2023-09-25 09:31:18 +02:00
Maria Matejka
e65a5257b2 Protocols have now assigned startup phases
For now, there are 4 phases: Necessary (device), Connector (kernel, pipe), Generator (static, rpki) and Regular.
Started and reconfigured are from Necessary to Regular, shutdown backwards.

This way, kernel can flush routes before actually being shutdown.
2023-09-24 23:23:08 +02:00
Maria Matejka
c262c728eb Export: More strict export state checking on change 2023-09-24 20:43:04 +02:00
Maria Matejka
a920b5111c Properly consted routes inside table 2023-09-24 20:43:04 +02:00
Vojtech Vilimek
b43580d77d Renamed channel class pointers
The channel class pointers were strangely named , not .
2023-09-24 20:43:04 +02:00
Maria Matejka
32009cb6eb Logging: Abolished stdio in favor of write() to make the logging faster. 2023-09-24 20:40:06 +02:00
katerina.kubecova
a0fb0eaa67 BGP: Setting and unsetting unknown attributes
All these must be declared as bytestring. Allows operators to delete
unwanted attributes breaking the Internet:

    https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling
2023-09-20 14:15:18 +02:00
katerina.kubecova
bb8e28248b Structures bytestring and adata merged into adata. 2023-09-20 14:03:05 +02:00
Maria Matejka
8638c6f0b3 BGP: When debug { routes } is set, updates considered as loop are logged 2023-09-14 14:44:35 +02:00
Maria Matejka
6f798683a3 Conf: config warnings show the file position 2023-09-12 15:58:07 +02:00
Maria Matejka
51f2e7afaf Conf: Symbol manipulation gets its context explicitly 2023-09-12 15:36:46 +02:00
Ondrej Zajicek
aa70e14c9e BFD: Improve handling of AdminDown
According to RFC 5882, system should not interpret the local or remote
session state transition to AdminDown as failure. We followed that for
the local session state but not for the remote session state (which
just triggered a transition of the local state to Down). The patch
fixes that.

We do not properly generate AdminDown on our side, so the patch is
relevant just for interoperability with other systems.

Thanks to Sunnat Samadov for the bugreport.
2023-08-29 18:23:29 +02:00
Ondrej Zajicek
f5140d1027 Conf: Allow keywords to be redefined by user symbols
Most syntactic constructs in BIRD configuration (e.g. protocol options)
are defined as keywords, which are distinct from symbols (user-defined
names for protocols, variables, ...). That may cause backwards
compatibility issue when a new feature is added, as it may collide with
existing user names.

We can allow keywords to be shadowed by symbols in almost all cases to
avoid this issue.

This replaces the previous mechanism, where shadowable symbols have to be
explictly added to kw_syms.
2023-08-25 23:50:44 +02:00
Ondrej Zajicek
116285f2b0 RPKI: Fix conflict in config grammar 2023-08-25 04:32:01 +02:00
Ondrej Zajicek
f411a19bb0 Conf: Use nonterminal bytestring instead of BYTETEXT
Nonterminal bytestring allows to provide expressions to be evaluated in
places where BYTETEXT is used now: passwords, radv custom option.

Based on the patch from Alexander Zubkov <green@qrator.net>, thanks!
2023-08-24 16:59:23 +02:00
Alexander Zubkov
fc3547880a Filter: Add bytestring type
- Rename BYTESTRING lexem to BYTETEXT, not to collide with 'bytestring' type name
 - Add bytestring type with id T_BYTESTRING (0x2c)
 - Add from_hex() filter function to create bytestring from hex string
 - Add filter test cases for bytestring type

Minor changes by committer.
2023-08-24 04:33:33 +02:00
Ondrej Zajicek
e3c0eca956 Nest: Treat VRF interfaces as inside respective VRFs
Despite not having defined 'master interface', VRF interfaces should be
treated as being inside respective VRFs. They behave as a loopback for
respective VRFs. Treating the VRF interface as inside the VRF allows
e.g. OSPF to pick up IP addresses defined on the VRF interface.

For this, we also need to tell apart VRF interfaces and regular interfaces.
Extend Netlink code to parse interface type and mark VRF interfaces with
IF_VRF flag.

Based on the patch from Erin Shepherd, thanks!
2023-08-23 16:08:40 +02:00
Ondrej Zajicek
5121101136 Merge branch 'bmp' 2023-08-22 15:28:05 +02:00
Alexander Zubkov
fea04d7c34 Use more proper pointers to constant bytestrings 2023-08-22 14:44:18 +02:00
Ondrej Zajicek
9bf2048476 BGP: Update RFC reference
RFC 5549 was obsoleted by RFC 8950.
2023-08-22 14:20:59 +02:00
Ondrej Zajicek
4558adabfb BMP: Improve peer_down handling
Move all bmp_peer_down() calls to one place and make it synchronous with
BGP session down, ensuring that BMP receives peer_down before route
withdraws from flushing.

Also refactor bmp_peer_down_() message generating code.
2023-08-22 01:26:06 +02:00
Ondrej Zajicek
52641e0866 BMP: Use generic channel feed instead of direct walk over rtable
Now we use rt_notify() and channels for both feed and notifications,
in both import tables (pre-policy) and regular tables (post-policy).

Remove direct walk in bmp_route_monitor_snapshot().
2023-08-21 04:24:15 +02:00
Ondrej Zajicek
c40f29a790 BMP: Fix route timestamps 2023-08-18 15:39:08 +02:00
Ondrej Zajicek
f4deef89be BMP: Refactor route monitoring
- Manage BMP state through bmp_peer, bmp_stream, bmp_table structures
 - Use channels and rt_notify() hook for route announcements
 - Add support for post-policy monitoring
 - Send End-of-RIB even when there is no routes
 - Remove rte_update_in_notify() hook from import tables
 - Update import tables to support channels
 - Add bmp_hack (no feed / no flush) flag to channels
2023-08-18 03:53:58 +02:00
Ondrej Zajicek
aec21cda24 BMP: Remove useless buffer 2023-08-01 18:39:38 +02:00
Ondrej Zajicek
8ded8baba2 BMP: Simplify route monitoring hooks
No need for *_begin(), *_commit(), and *_end() hooks. The hook *_notify()
is sufficient for everything.
2023-08-01 18:38:02 +02:00
Alexander Zubkov
ccfa48a24a RAdv: Use new syntax for custom options
And use WALK_LIST macro
2023-06-26 15:35:22 +02:00
Alexander Zubkov
9c81250c04 RAdv: Add custom options
Currently one can use only a predefined set of advertised options in RAdv
protocol, which are supported by BIRD configuration. It would be convenient
to be able to specify other possible options at least manually as a blob
so one should not wait until it is supported in the code, released, etc.

This idea is inspired by presentation by Ondřej Caletka at CSNOG, in which
he noticed the lack of either PREF64 option or possibility to add custom
options in various software.

The patch makes it possible to define such options with the syntax:

  other type <num> <bytestring>
2023-06-23 17:26:03 +02:00
Ondrej Zajicek
43d41d8449 BMP: Ensure that bmp_fire_tx() does nothing when not up 2023-06-08 05:10:05 +02:00
Ondrej Zajicek
e8838d930c BMP: Support multiple instances of BMP protocol
Add internal BMP functions with plicit bmp_proto *p as first argument,
which allows using TRACE() macro. Keep list of BMP instances and call
internal functions. Old BMP functions are wrappers that call internal
functions for all enabled BMP instances.

Extract End-of-RIB mark into separate function.

Based on patch from Michal Zagorski <mzagorsk@akamai.com>. Thanks!
2023-06-08 05:03:15 +02:00
Ondrej Zajicek
69372dc9aa Babel: Minor changes to RTT formatting
Use existing %t printf code and move 'ms' in CLI output to table header.
2023-06-02 02:34:05 +02:00
Toke Høiland-Jørgensen
f08abcb8dd Babel: Add support for the RTT extension
This adds support to the Babel protocol for the RTT extension specified
in draft-ietf-babel-rtt-extension. While this extension is not yet at the
RFC stage, it is one of the more useful extensions to Babel[0], so it
seems worth having in Bird as well.

The extension adds timestamps to Hello and IHU TLVs and uses these to
compute an RTT to each neighbour. An extra per-neighbour cost is then
computed from the RTT based on a minimum and maximum interval and cost
value specified in the configuration. The primary use case for this is
improving routing in a geographically distributed tunnel-based overlay
network.

The implementation follows the babeld implementation when picking
constants and default configuration values. It also uses the same RTT
smoothing algorithm as babeld, and follows it in adding a new 'tunnel'
interface type which enables RTT by default.

[0] https://alioth-lists.debian.net/pipermail/babel-users/2022-April/003932.html
2023-06-02 00:31:53 +02:00
Ondrej Zajicek
0799fc99ab BMP: Fix bug in buffer resize
The buffer code in bmp_buffer_grow(), reuse the MRT buffer handling code.

Based on comments by Michal Zagorski <mzagorsk@akamai.com>, Thanks!
2023-05-31 18:42:14 +02:00
Ondrej Zajicek
e8be7a7080 BMP: Proper reconfiguration and protocol status
Based on patches from Michal Zagorski <mzagorsk@akamai.com> co-authored
with Pawel Maslanka <pmaslank@akamai.com>. Thanks!
2023-05-31 17:41:53 +02:00
Ondrej Zajicek
1e45e2aa4e BMP: Add station address check
Also, do not initialize it to IPA_NONE4, use regular IPA_NONE.
2023-05-30 17:23:56 +02:00
Michal Zagorski
62d8fbdc1c BMP: Add local address option
Also remove unused local and ip_post_policy options.

Co-authored with Pawel Maslanka <pmaslank@akamai.com>.

Minor changes by committer.
2023-05-30 17:09:25 +02:00
Ondrej Zajicek
ae4d934c53 BMP: Minor formatting cleanups
Based on patches from Michal Zagorski <mzagorsk@akamai.com> co-authored
with Pawel Maslanka <pmaslank@akamai.com>. Thanks!
2023-05-30 16:23:07 +02:00
Ondrej Zajicek
c1821a9aba BGP: Improve bgp_create_update_bmp()
Fix issue with missing AF cap (e.g. IPv4 unicast when no capabilities
are announced).

Add Linpool save/restore action similar to bgp_create_update().

Based on patch from Michal Zagorski <mzagorsk@akamai.com> co-authored
with Pawel Maslanka <pmaslank@akamai.com>. Thanks!
2023-05-30 15:37:52 +02:00
Maria Matejka
5ba9878b4f BFD: Fixed reconfiguration issues
After converting BFD to the new IO loop system, reconfiguration never
really worked. Sadly, we missed this case in our testing suite so it
passed under the radar for quite a while.

Thanks to Andrei Dinu <andrei.dinu@digitalit.ro> for reporting and
isolating this issue.
2023-05-29 19:32:26 +02:00
Ondrej Zajicek
f8ba82804f BGP: Fix role check when no capability option is present
When an OPEN message without capability options was parsed, the remote
role field was not initialized with the proper (non-zero) default value,
so it was interpreted as if 'provider' was announced.

Thanks to Mikhail Grishin for the bugreport.
2023-05-19 01:02:57 +02:00
Maria Matejka
794f555f63 BGP: fix listen socket cleanup 2023-05-11 11:41:01 +02:00
Maria Matejka
a818a3011e Channel: configurable feed block size 2023-05-11 11:41:01 +02:00
Maria Matejka
bb28b16fd6 BGP: proactively rehash prefix hash up to shorten collision lists 2023-05-11 11:41:01 +02:00
Maria Matejka
318ac8720f OLocks in BGP must be freed early 2023-05-09 10:33:23 +02:00
Maria Matejka
7d8e541057 Linpool state save and restore refactoring 2023-05-06 10:50:31 +02:00
Ondrej Zajicek
aa3c35498d BMP: Use OPEN messages stored in BGP
The BMP protocol needs OPEN messages of established BGP sessions to
construct appropriate Peer Up messages. Instead of saving them internally
we use OPEN messages stored in BGP instances. This allows BMP instances
to be restarted or enabled later.

Because of this change, we can simplify BMP data structures. No need to
keep track of BGP sessions when we are not started. We have to iterate
over all (established) BGP sessions when the BMP session is established.
This is just a scaffolding now, but some kind of iteration would be
necessary anyway.

Also, the commit cleans up handling of msg/msg_length arguments to be
body/body_length consistently in both rx/tx and peer_up/peer_down calls.
2023-05-01 04:01:16 +02:00
Ondrej Zajicek
1be0be1b71 BGP: Save sent and received OPEN messages
These are necessary for BMP Peer UP message and it is better to keep them
in BGP than in BMP (so BMP could be restarted or added later).
2023-05-01 04:01:16 +02:00
Ondrej Zajicek
a8a64ca0fe Conf: Improve handling of keywords
For whatever reason, parser allocated a symbol for every parsed keyword
in each scope. That wasted time and memory. The effect is worsened with
recent changes allowing local scopes, so keywords often promote soft
scopes (with no symbols) to real scopes.

Do not allocate a symbol for a keyword. Take care of keywords that could
be promoted to symbols (kw_sym) and do it explicitly.
2023-04-27 18:41:01 +02:00
Maria Matejka
ce7495b49a Refactoring of domains connected to pools 2023-04-25 09:52:28 +02:00
Maria Matejka
22f54eaee6 Resource pools are now bound with domains.
Memory allocation is a fragile part of BIRD and we need checking that
everybody is using the resource pools in an appropriate way. To assure
this, all the resource pools are associated with locking domains and
every resource manipulation is thoroughly checked whether the
appropriate locking domain is locked.

With transitive resource manipulation like resource dumping or mass free
operations, domains are locked and unlocked on the go, thus we require
pool domains to have higher order than their parent to allow for this
transitive operations.

Adding pool locking revealed some cases of insecure memory manipulation
and this commit fixes that as well.
2023-04-24 10:33:28 +02:00
Maria Matejka
1141ce4e2d Resource pool closing has its dedicated function 2023-04-22 20:49:58 +02:00
Maria Matejka
b3f805ce29 Socket closing has its dedicated function 2023-04-22 20:48:42 +02:00
Ondrej Zajicek
976dec048a BMP: Silence some log messages
Hooks called from BGP to BMP should not log warning when BMP is not
connected, that is not an error (and we do not want to flood logs with
a ton of messages).

Blocked sk_send() should not log warning, that is expected situation.
Error during sk_send() is handled in error hook anyway.
2023-04-20 17:14:45 +02:00
Ondrej Zajicek
2c7d2141ac BMP: Fix connection management
Replace broken TCP connection management with a simple state machine.
Handle failed attempts properly with a timeout, detect and handle TCP
connection close and try to reconnect after that. Remove useless
'station_connected' flag.

Keep open messages saved even after the BMP session establishment,
so they can be used after BMP session flaps.

Use proper log messages for session events.
2023-04-20 16:28:07 +02:00
Ondrej Zajicek
010df43519 BMP: Fix reconfiguration
It is not supported, but at least it must update internal config
pointer to not keep old one.
2023-04-18 18:57:54 +02:00
Ondrej Zajicek
02164814b4 BMP: Allow build without BMP and disable BMP build by default
It has still several important issues to be enabled by default.
2023-04-18 17:21:13 +02:00
Ondrej Zajicek
fbeef4b74d BMP: Move initialization to bmp_start()
That fixes BMP socket allocation from an invalid pool.
2023-04-18 15:13:24 +02:00
Ondrej Zajicek
04e3a76c94 BMP: Fix missing template
It is mandatory for protocol.
2023-04-18 15:09:21 +02:00
Maria Matejka
787fb56da3 IO: added a specific loop pickup group for BFD; to be done better in future 2023-04-17 13:30:14 +02:00
Ondrej Zajicek (work)
3925e65938 BMP: Add some missing bmp_buffer_free() calls
They were inadvertently removed during recent code refactoring.

Thanks to Dawid Macek for the bugreport and patch.
2023-04-16 20:06:02 +02:00
Ondrej Zajicek (work)
4d56b70dc5 BMP: Remove duplicate functions for update encoding
Use existing BGP functions also for BMP update encoding.
2023-04-16 20:06:00 +02:00
Ondrej Zajicek (work)
568fd66613 BMP: Integrate bmp_conn to bmp_proto
There is only one socket per BMP instance, no need to have separate
struct (like in BGP).
2023-04-16 20:05:17 +02:00
Ondrej Zajicek (work)
4adebdf198 BMP: Minor cleanups
Remove redundant 'disable' option, simplify IP address serialization,
and remove useless macros.
2023-04-16 20:05:17 +02:00
Ondrej Zajicek (work)
a995ed4386 BMP: Do not use global instance ptr internally
Use local variable to refence relevant instance instead of using global
instance ptr. Also, use 'p' variable instead of 'bmp' so we can use
common macros like TRACE().
2023-04-16 20:05:17 +02:00
Ondrej Zajicek (work)
ad16e35177 BMP: Remove superfluous error handling
Most error handling code was was for cases that cannot happen,
or they would be code bugs (and should use ASSERT()). Keep error
handling for just for I/O errors, like in rest of BIRD.
2023-04-16 20:05:17 +02:00
Pawel Maslanka
a848dad40a BMP protocol support
Initial implementation of a basic subset of the BMP (BGP Monitoring
Protocol, RFC 7854) from Akamai team. Submitted for further review
and improvement.
2023-04-16 20:05:15 +02:00
Maria Matejka
61e64d6a41 Merge commit '9e44ace3' into thread-next-iface 2023-04-14 15:18:18 +02:00
Maria Matejka
1106927213 Merge commit '913ec57f' into thread-next-iface 2023-04-14 13:43:24 +02:00
Maria Matejka
ea30d596d3 Merge commit 'ee919658' into thread-next-iface 2023-04-14 13:42:42 +02:00
Maria Matejka
a1fcd1c57a Merge commit 'dc4c5f51' into thread-next-iface 2023-04-14 11:32:20 +02:00
Trisha Biswas
9e44ace392 BGP: Add 'allow bgp_med' option for EBGP sessions
This option allows to treat bgp_med as regular transitive attribute
on EBGP sessions (without hacks in filters).

Minor changes from committer.
2023-04-14 04:28:37 +02:00
Maria Matejka
22a0900ec2 BFD: fixed a request pickup race condition
When several BGPs requested a BFD session in short time, chances were
that the second BGP would file a request while the pickup routine was
still running and it would get enqueued into the waiting list instead of
being picked up.

Fixed this by enforcing pickup loop restart when new requests got added,
and also by atomically moving the unpicked requests to a temporary list
to announce admin down before actually being added into the wait list.
2023-04-06 12:48:02 +02:00
Maria Matejka
4a69a64745 BGP: set free bind also for connect sockets if configured 2023-04-04 17:00:59 +02:00
Maria Matejka
1b1ed1fc78 BGP: sockets use sk_resume_rx and sk_pause_rx 2023-04-04 17:00:59 +02:00
Maria Matejka
e33902e15c BGP now has its own loop 2023-04-04 17:00:59 +02:00
Maria Matejka
836e857b30 Sockets: Unified API for main and other loops
Now sk_open() requires an explicit IO loop to open the socket in. Also
specific functions for socket RX pause / resume are added to allow for
BGP corking.

And last but not least, socket reloop is now synchronous to resolve
weird cases of the target loop stopping before actually picking up the
relooped socket. Now the caller must ensure that both loops are locked
while relooping, and this way all sockets always have their respective
loop.
2023-04-04 17:00:59 +02:00
Maria Matejka
571c4f69bf More efficient IO loop event execution to avoid long loops
If there are lots of loops in a single thread and only some of the loops
are actually active, the other loops are now kept aside and not checked
until they actually get some timers, events or active sockets.

This should help with extreme loads like 100k tables and protocols.

Also ping and loop pickup mechanism was allowing subtle race
conditions. Now properly handling collisions between loop ping and pickup.
2023-04-04 17:00:59 +02:00
Maria Matejka
d9f0f4af7d Resource dumps also write out block addresses 2023-04-04 17:00:59 +02:00
Maria Matejka
0b7657a9dc Route feed marks only the relevant pending exports as done 2023-04-04 17:00:58 +02:00
Maria Matejka
98f69aa419 Propagated const through route feed routines 2023-04-04 17:00:58 +02:00
Maria Matejka
731ec00840 Allowing to restart a route refresh.
Repeated pipe refeed should not end route refresh as the prune routine
may start pruning otherwise valid routes.

The same applies for BGP repeated route refresh.
2023-04-04 17:00:58 +02:00
Maria Matejka
90de93ca03 Fixed unwanted reloads while reconfiguring protocols with import table on 2023-04-04 17:00:58 +02:00
Maria Matejka
97d2875e99 Fixed bad filter re-evaluation with import table if filtered->accepted
The import table feed wasn't resetting the table-specific route values
like REF_FILTERED and thus made the route look like filtered even though
it should have been re-evaluated as accepted.
2023-04-04 17:00:58 +02:00
Maria Matejka
227352c461 BGP Export Table: Fixed route source objects leaking when prefix best routes is updated 2023-04-04 17:00:58 +02:00
Maria Matejka
2898f8f177 BGP: LLGR Staleness optimization dropped.
This brought unnecessary complexity into the decision procedures while the
performance aspects weren't worth it. It just saved one ea_list traversal
when many others are also done.
2023-04-04 17:00:58 +02:00
Maria Matejka
adbce76517 BGP: show detailed TX state in show proto all output 2023-04-04 17:00:58 +02:00
Maria Matejka
6543303ad4 BFD notifications respect protocol loop settings 2023-04-04 17:00:58 +02:00
Maria Matejka
b8a230e478 Interface subsystem locking 2023-04-04 17:00:58 +02:00
Ondrej Zajicek
f881b98d9b BGP: Fix bgp_med handling
Missing translation from BGP attribute ID to eattr ID in bgp_unset_attr()
broke automatic removal of bgp_med during export to EBGP peers.

Thanks to Edward Sun for the bugreport.
2023-04-04 05:20:49 +02:00
Maria Matejka
2b712554d1 BGP: Free bind applies also to outbound connections
Even though the free bind option is primarily meant to alleviate problems
with addresses assigned too late, it's also possible to use BIRD with AnyIP
configuration, assigning whole ranges to the machine. Therefore free bind
allows also to create an outbound connection from specific address even though
such address is not assigned.
2023-03-16 19:23:33 +01:00
Ondrej Zajicek
913ec57f27 BGP: Update RFC references 2023-02-19 15:42:18 +01:00
Ondrej Zajicek
501256cfc8 Babel: Update RFC references 2023-02-19 15:34:43 +01:00
Toke Høiland-Jørgensen
ee91965894 Babel: Keep separate auth PC counters for unicast and multicast
The babel protocol normally sends all its messages as multicast packets,
but the protocol specification allows most messages to be sent as either
unicast or multicast, and the two can be mixed freely. In particular, the
babeld implementation can be configured to unicast updates to all peers
instead of sending them as unicast.

Daniel discovered that this can cause problems with the packet counter
checks in the MAC extension due to packet reordering. This happens on WiFi
networks where clients have power save enabled (which is quite common in
infrastructure networks): in this case, the access point will buffer all
multicast traffic and only send it out along with its beacons, leading to a
maximum buffering in default Linux-based access point configuration of up
to 200 ms.

This means that a Babel sender that mixes unicast and multicast messages
can have the unicast messages overtake the multicast messages because of
this buffering; when authentication is enabled, this causes the receiver to
discard the multicast message when it does arrive because it now has a
packet counter value less than the unicast message that arrived before it.
Daniel observed that this happens frequently enough that Babel ceases to
work entirely when runner over a WiFi network.

The issue has been described in draft-ietf-babel-mac-relaxed, which is
currently pending RFC publication. That also describes two mitigation
mechanisms: Keeping separate PC counters for unicast and multicast, and
using a reorder window for PC values. This patch implements the former as
that is the simplest, and resolves the particular issue seen on WiFi.

Thanks to Daniel Gröber for the bugreport.

Minor changes from committer.
2023-02-14 18:18:32 +01:00
Andreas Rammhold
eecc3f02e4 Babel: Implement IPv4 via IPv6 extension (RFC 9229)
The patch implements an IPv4 via IPv6 extension (RFC 9229) to the Babel
routing protocol (RFC 8966) that allows annoncing routes to an IPv4
prefix with an IPv6 next hop, which makes it possible for IPv4 traffic
to flow through interfaces that have not been assigned an IPv4 address.

The implementation is compatible with the current Babeld version.

Thanks to Toke Høiland-Jørgensen for early review on this work.

Minor changes from committer.
2023-02-14 16:17:03 +01:00
Maria Matejka
a2fd889a3b Merge commit '0bb04d5390f21b0c96fc4894ba5d5510c541f0ef' into HEAD 2023-02-07 14:27:23 +01:00
Maria Matejka
0bb04d5390 BGP: opening and closing listening socket asynchronously 2023-02-07 11:52:03 +01:00
Maria Matejka
c354e8f4c1 Interface updates are asynchronous
Instead of propagating interface updates as they are loaded from kernel,
they are enqueued and all the notifications are called from a
protocol-specific event. This change allows to break the locking loop
between protocols and interfaces.

Anyway, this change is based on v2 branch to keep the changes between v2
and v3 smaller.
2023-02-02 15:57:21 +01:00
Toke Høiland-Jørgensen
dc4c5f51f8 Babel: Initialise source seqno from incoming message
When creating a new babel_source object we initialise the seqno to 0. The
caller will update the source object with the right metric and seqno value,
for both newly created and old source objects. However if we initialise the
source object seqno to 0 that may actually turn out to be a valid (higher)
seqno than the one in the routing table, because of seqno wrapping. In this
case the source metric will not be set properly, which breaks feasibility
tracking for subsequent updates.

To fix this, add a new initial_seqno argument to babel_get_source() which
is used when allocating a new object, and set that to the seqno value of
the update we're sending.

Thanks to Juliusz Chroboczek for the bugreport.
2023-01-31 15:52:14 +01:00
Ondrej Zajicek
96d7c4679d Babel: Improve clarity of unfeasible update handling.
Add a comment and (unnecessary) check to make correctness obvious.
2023-01-30 23:49:20 +01:00
Toke Høiland-Jørgensen
3e7e4a7186 Babel: Fix missing modulo comparison of seqnos
Juliusz noticed there were a couple of places we were doing straight
inequality comparisons of seqnos in Babel. This is wrong because seqnos can
wrap: so we need to use the modulo-64k comparison function for these cases
as well.

Introduce a strict-inequality version of the modulo-comparison for this
purpose.
2023-01-30 23:36:39 +01:00
Maria Matejka
05d8c3699d Object locks use events
Instead of calling custom hooks from object locks, we use standard event
sending mechanism to inform protocols about object lock changes. This is
a backport from version 3 where these events are passed across threads.

This implementation of object locks doesn't use mutexes to lock the
whole data structure. In version 3, this data structure may get accessed
from multiple threads and must be protected by mutex.
2023-01-26 13:22:28 +01:00
Maria Matejka
4334f86251 VRF setting reduced to one argument, using default dummy iface for default vrf 2023-01-25 13:33:31 +01:00
Maria Matejka
f7c2a886c9 Object locks use events
Instead of calling custom hooks from object locks, we use standard event
sending mechanism to inform protocols about object lock changes. As
event sending is lockless, the unlocking protocol simply enqueues the
appropriate event to the given loop when the locking is done.
2023-01-24 11:34:36 +01:00
Maria Matejka
3ac628e0f0 Merge v2.0.12 into thread-next 2023-01-24 11:04:28 +01:00
Maria Matejka
02b2a4ecaa Merge commit '3186ffe79714a48542d5ad61a94c81216b522fd0' into thread-next 2023-01-24 09:45:40 +01:00
Maria Matejka
21b772fd43 Merge commit '928a1cb034e6f9e8edcdd1dc07264cd703e00827' into thread-next 2023-01-23 19:51:24 +01:00
Maria Matejka
4821612c94 Merge commit 'd1cd5e5a63b2256eb71661f7438537e4ded7b01a' into thread-next 2023-01-23 19:42:12 +01:00
Maria Matejka
4e6cd1b2e3 Merge commit 'b28431e557c4f63923476094a919a0630001275e' into thread-next 2023-01-23 19:39:45 +01:00
Maria Matejka
5aeaa0c2ca Merge commit '8b06a4d8af46511f0f8dbb8905afa88590a831b6' into thread-next 2023-01-23 18:57:13 +01:00
Ondrej Zajicek
99872676df BFD: Improve incoming packet matching
For active sessions, ignore received packets with zero local id and
mismatched remote id. That forces a session timeout instead of an
immediate session restart. It makes BFD sessions more resilient to
packet spoofing.

Thanks to André Grüneberg for the suggestion.
2023-01-22 23:42:08 +01:00
Ondrej Zajicek
a82683694d VRF: Fix issues with reconfiguration
Protocols receive if_notify() announcements that are filtered according
to their VRF setting, but during reconfiguration, they access iface_list
directly and forgot to check VRF setting here, which leads to all
interfaces be addedd.

Fix this issue for Babel, OSPF, RAdv and RIP protocols.

Thanks to Marcel Menzel for the bugreport.
2023-01-22 18:21:08 +01:00
Maria Matejka
21c4c8eafb Merge commit '1e47b9f203aaaad0fb658d40a1670f1d0437f1f8' into thread-next 2023-01-21 23:49:52 +01:00
Maria Matejka
985c060342 Merge commit '3859e4efc1597368df647323c5a3cc1771cb64ca' into thread-next 2023-01-21 23:45:13 +01:00
Ondrej Zajicek
af611f93aa BGP: Add received role value to role mismatch log message 2023-01-20 15:55:47 +01:00
Ondrej Zajicek
f8276812e6 Minor cleanups 2023-01-13 13:32:29 +01:00
Ondrej Zajicek
d1cd5e5a63 BGP: Allow role specific keywords to be used as symbols
Some of these new BGP role keywords use generic names that collides with
user-defined symbols. Allow them to be redefined. Also remove duplicit
keyword definition for 'prefer'.
2023-01-03 19:11:34 +01:00
Ondrej Zajicek
b28431e557 Nest: Fix leaking internal attributes in RIP and Babel
During backporting attribute changes from 3.0-branch, some internal
attributes (RIP iface and Babel seqno) leaked to 'show route all' output.
Allow protocols to hide specific attributes with GA_HIDDEN value.

Thanks to Nigel Kukard for the bugreport.
2023-01-03 17:01:54 +01:00
Ondrej Zajicek
6d1ae197d1 Nest: Fix several issues with pflags
There were some confusion about validity and usage of pflags, which
caused incorrect usage after some flags from (now removed) protocol-
specific area were moved to pflags.

We state that pflags:

 - Are secondary data used by protocol-specific hooks
 - Can be changed on an existing route (in contrast to copy-on-write
   for primary data)
 - Are irrelevant for propagation (not propagated when changed)
 - Are specific to a routing table (not propagated by pipe)

The patch did these fixes:

 - Do not compare pflags in rte_same(), as they may keep cached values
   like BGP_REF_STALE, causing spurious propagation.

 - Initialize pflags to zero in rte_get_temp(), avoid initialization in
   protocol code, fixing at least two forgotten initializations (krt
   and one case in babel).

 - Improve documentation about pflags
2023-01-01 20:10:23 +01:00
Toke Høiland-Jørgensen
8b06a4d8af Babel: Rework seqno request handling
The seqno request retransmission handling was tracking the destination
that a forwarded request was being sent to and always retransmitting to
that same destination. This is unnecessary because we only need to
retransmit requests we originate ourselves, not those we forward on
behalf of others; in fact retransmitting on behalf of others can lead to
exponential multiplication of requests, which would be bad.

So rework the seqno request tracking so that instead of storing the
destination of a request, we just track whether it was a request that we
forwarded on behalf of another node, or if it was a request we originated
ourselves. Forwarded requests are not retransmitted, they are only used
for duplicate suppression, and for triggering an update when satisfied.
If we end up originating a request that we previously forwarded, we
"upgrade" the old request and restart the retransmit counter.

One complication with this is that requests sent in response to unfeasible
updates (section 3.8.2.2 of the RFC) have to be sent as unicast to a
particular peer. However, we don't really need to retransmit those as
there's no starvation when sending such a request; so we just change
such requests to be one-off unicast requests that are not subject to
retransmission or duplicate suppression. This is the same behaviour as
babeld has for such requests.

Minor changes from committer.
2022-12-24 15:52:12 +01:00
Ondrej Zajicek
937ebf2536 BGP: Log unacceptable hold time as decimal number
Thanks Johannes Moos for the suggestion.
2022-12-10 18:06:52 +01:00
Ondrej Zajicek
3859e4efc1 BGP: Improve handling of hold and keepalive timers
The effective keepalive time now scales relative to the negotiated
hold time, to maintain proportion between the keepalive time and the
hold time. This avoids issues when both keepalive and hold times
were configured, the hold time was negotiated to a smaller value,
but the keepalive time stayed the same.

Add new options 'min hold time' and 'min keepalive time', which reject
session attempts with too small hold time.

Improve validation of config options an their documentation.

Thanks to Alexander Zubkov and Sergei Goriunov for suggestions.
2022-12-09 05:53:24 +01:00
Maria Matejka
54179a1ab3 Merge commit '8f79e6b9' into thread-next 2022-11-07 10:24:56 +01:00
Maria Matejka
96d3804057 Merge commit '8478de88' into thread-next 2022-11-07 10:18:19 +01:00