Pavel Tvrdík
65d2a88dd2
RPKI protocol with one cache server per protocol
...
The RPKI protocol (RFC 6810) using the RTRLib
(http://rpki.realmv6.org/ ) that is integrated inside
the BIRD's code.
Implemeted transports are:
- unprotected transport over TCP
- secure transport over SSHv2
Example configuration of bird.conf:
...
roa4 table r4;
roa6 table r6;
protocol rpki {
debug all;
# Import both IPv4 and IPv6 ROAs
roa4 { table r4; };
roa6 { table r6; };
# Set cache server (validator) address,
# overwrite default port 323
remote "rpki-validator.realmv6.org" port 8282;
# Overwrite default time intervals
retry 10; # Default 600 seconds
refresh 60; # Default 3600 seconds
expire 600; # Default 7200 seconds
}
protocol rpki {
debug all;
# Import only IPv4 routes
roa4 { table r4; };
# Set cache server address to localhost,
# use default ports tcp => 323 or ssh => 22
remote 127.0.0.1;
# Use SSH transport instead of unprotected transport over TCP
ssh encryption {
bird private key "/home/birdgeek/.ssh/id_rsa";
remote public key "/home/birdgeek/.ssh/known_hosts";
user "birdgeek";
};
}
...
2016-12-07 09:35:24 +01:00
Ondrej Zajicek (work)
af678af0d5
Merge remote-tracking branch 'origin/master' into int-new
2016-05-12 18:03:23 +02:00
Ondrej Zajicek (work)
286e2011d2
Miscellaneous minor fixes
2016-05-12 16:04:47 +02:00
Pavel Tvrdik
8e433d6a52
Prog Doc: Complete several missing parameters
2016-05-12 15:49:44 +02:00
Jan Moskyto Matejka
2003a18407
Route update: move table lookup from protocols into rte_update2().
...
Many protocols do almost the same when creating a rte_update request
before calling rte_update2(). This commit should simplify the protocol
side of the route-creation routine.
2016-04-08 13:09:06 +02:00
Jan Moskyto Matejka
4bdf1881dc
Channelize: rt_notify arg conversion table -> channel
2016-04-07 10:08:23 +02:00
Pavel Tvrdík
1bb3ecb2a5
Fix closing flushed channel
...
Fix reading from freed memory.
Free at: channel_set_state(c, CS_DOWN)
Read at: WALK_LIST2_DELSAFE(c, n, x, tab->channels, table_node)
==00:00:00:00.261 24718==
==00:00:09:31.755 24718== Invalid read of size 8
==00:00:09:31.755 24718== at 0x4061BA: rt_prune_table (rt-table.c:1688)
==00:00:09:31.755 24718== by 0x405D5E: rt_event (rt-table.c:1559)
==00:00:09:31.755 24718== by 0x45D089: ev_run (event.c:85)
==00:00:09:31.755 24718== by 0x45D158: ev_run_list (event.c:142)
==00:00:09:31.755 24718== by 0x462814: io_loop (io.c:2412)
==00:00:09:31.755 24718== by 0x468712: main (main.c:833)
==00:00:09:31.755 24718== Address 0x5601538 is 136 bytes inside a block of size 304 free'd
==00:00:09:31.755 24718== at 0x4C29D2A: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==00:00:09:31.755 24718== by 0x46FF3E: rfree (resource.c:166)
==00:00:09:31.755 24718== by 0x470309: mb_free (resource.c:415)
==00:00:09:31.755 24718== by 0x406A6B: rt_unlock_table (rt-table.c:1921)
==00:00:09:31.755 24718== by 0x40DAE3: channel_do_down (proto.c:297)
==00:00:09:31.755 24718== by 0x40DD46: channel_set_state (proto.c:359)
==00:00:09:31.755 24718== by 0x4061AD: rt_prune_table (rt-table.c:1692)
==00:00:09:31.755 24718== by 0x405D5E: rt_event (rt-table.c:1559)
==00:00:09:31.755 24718== by 0x45D089: ev_run (event.c:85)
==00:00:09:31.755 24718== by 0x45D158: ev_run_list (event.c:142)
==00:00:09:31.755 24718== by 0x462814: io_loop (io.c:2412)
==00:00:09:31.755 24718== by 0x468712: main (main.c:833)
==00:00:09:31.755 24718== Block was alloc'd at
==00:00:09:31.755 24718== at 0x4C28C10: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==00:00:09:31.755 24718== by 0x470FBC: bird_xmalloc (xmalloc.c:29)
==00:00:09:31.755 24718== by 0x4701E6: mb_alloc (resource.c:339)
==00:00:09:31.755 24718== by 0x406C29: rt_commit (rt-table.c:1977)
==00:00:09:31.755 24718== by 0x45C36D: config_do_commit (conf.c:269)
==00:00:09:31.755 24718== by 0x45C545: config_commit (conf.c:361)
==00:00:09:31.755 24718== by 0x4686F9: main (main.c:822)
==00:00:09:31.755 24718==
2016-02-08 16:08:50 +01:00
Ondrej Zajicek (work)
f4a60a9bc4
Channels - explicit links between protocols and tables
...
The patch adds support for channels, structures connecting protocols and
tables and handling most interactions between them. The documentation is
missing yet.
2016-02-01 10:28:50 +01:00
Pavel Tvrdík
0264ccf6f4
Rewrite roa_check() for integrated BIRD
...
Thanks to Ondrej Zajicek for his support with writing this code.
2016-01-20 16:46:58 +01:00
Pavel Tvrdík
b9f5692186
Fix check in net_route() in debug mode
2016-01-07 18:24:14 +01:00
Pavel Tvrdík
de9b87f558
Add NET ROA4/6 structures
2016-01-07 18:21:31 +01:00
Ondrej Zajicek (work)
04632fd77f
Follow-up work on integration
2015-12-24 15:56:04 +01:00
Ondrej Zajicek (work)
600998fcb1
Modify FIB_WALK() and FIB_ITERATE() to work with new FIB code
...
Returned user data pointers have offset relative to fib_node.
2015-12-21 20:28:44 +01:00
Jan Moskyto Matejka
7fd4143ead
Integrated address print lengths
...
Minor changes by Ondrej Santiago Zajicek
2015-12-20 13:47:39 +01:00
Jan Moskyto Matejka
5e173e9f63
Stop perusing f_prefix for non-prefix-set uses
...
Multiple changes by Ondrej Santiago Zajicek
2015-12-19 23:49:47 +01:00
Jan Moskyto Matejka
d7661fbe9d
Removed BITS_PER_IP_ADDRESS, MAX_PREFIX_LENGTH, BIRD_AF
...
Explicit setting of AF_INET(6|) in IP socket creation. BFD set to listen
on v6, without setting the V6ONLY flag to catch both v4 and v6 traffic.
Squashing and minor changes by Ondrej Santiago Zajicek
2015-12-19 15:57:09 +01:00
Ondrej Zajicek (work)
04ae8ddaa1
Merge branch 'master' into int-new
2015-11-25 14:24:35 +01:00
Ondrej Zajicek (work)
90f78507f4
Merge branch 'master' into rip-new
2015-11-24 15:21:11 +01:00
Ondrej Zajicek (work)
86b4e17001
Nest: Fixes bug in missing cleanup during table removal
...
When a table is removed during reconfiguration, a reference was not
cleared in the old configuration, which breaks undo.
2015-11-09 01:01:12 +01:00
Ondrej Zajicek (work)
9b9a7143c4
Conf: Fixes bug in symbol lookup during reconfiguration
...
Symbol lookup by cf_find_symbol() not only did the lookup but also added
new void symbols allocated from cfg_mem linpool, which gets broken when
lookups are done outside of config parsing, which may lead to crashes
during reconfiguration.
The patch separates lookup-only cf_find_symbol() and config-modifying
cf_get_symbol(), while the later is called only during parsing. Also
new_config and cfg_mem global variables are NULLed outside of parsing.
2015-11-09 00:42:02 +01:00
Ondrej Zajicek (work)
fe9f1a6ded
Initial commit on integrated BIRD
...
New data types net_addr and variants (in lib/net.h) describing
network addresses (prefix/pxlen). Modifications of FIB structures
to handle these data types and changing everything to use these
data types instead of prefix/pxlen pairs where possible.
The commit is WiP, some protocols are not yet updated (BGP, Kernel),
and the code contains some temporary scaffolding.
Comments are welcome.
2015-11-05 12:48:52 +01:00
Ondrej Zajicek (work)
8465dccb06
Major RIP redesign
...
The new RIP implementation fixes plenty of old bugs and also adds support
for many new features: ECMP support, link state support, BFD support,
configurable split horizon and more. Most options are now per-interface.
2015-10-05 13:18:10 +02:00
Ondrej Zajicek
8d9eef1771
BGP multipath support
...
Kernel option 'merge paths' allows to merge routes exported to kernel
protocol (currently BGP and static routes) to multipath routes.
2015-06-08 02:24:08 +02:00
Ondrej Zajicek
db027a41d4
Fixes subtle bug in temporary attribute handling
...
In some cases, export filter accessed attributes of a different route.
2015-06-08 02:24:08 +02:00
Ondrej Zajicek
ca34698ca6
Fixes bug in pipe feeding when filtered routes are kept in table
2015-06-08 02:24:08 +02:00
Pavel Tvrdík
ae80a2de95
unsigned [int] -> uint
2015-06-08 02:24:08 +02:00
Ondrej Zajicek
d0e23d42de
Simplify flushing process
...
Related to changes from previous patch.
2015-05-17 00:56:34 +02:00
Ondrej Zajicek
86f567e13c
Fix minor issue in pipe route propagation
...
In some circumstances during reconfiguration, routes propagated by pipes
to other tables may hang there even after the primary routes are removed.
There is already a workaround for this issue in the code which removes
these stale routes by flush process when source protocols are shut down.
This patch is a cleaner fix and allows to simplify the flush process
2015-05-16 20:17:59 +02:00
Ondrej Zajicek
51762a45b3
Allows user data attached to f_trie_node structure.
...
Thanks to Alexander Chernikov for the patch.
2015-02-21 14:05:20 +01:00
Ondrej Zajicek
0da562a7cb
Fixes error message in 'show route' cmd.
...
Message 'Network not in table' was not reported if a network node without
any routes was found in a routing table.
2014-11-08 23:52:42 +01:00
Ondrej Zajicek
7aa809016e
Implements show route noexport option.
...
Shows routes that would be exported to the protocol but are rejected by
the export filter.
2014-10-02 12:52:50 +02:00
Ondrej Zajicek
1123e70740
Implements token bucket filter for rate limiting.
2014-10-02 12:52:50 +02:00
Ondrej Zajicek
c865cae3eb
Fixes 'show route export' w.r.t. protocols with different RA_* types.
2014-04-28 17:31:03 +02:00
Ondrej Zajicek
6eda3f135f
Documentation (and minor fixes) for BGP graceful restart.
2014-03-23 01:35:33 +01:00
Ondrej Zajicek
0c791f873a
BGP graceful restart support.
...
Also significant core protocol state changes needed for that,
global graceful restart recovery state and kernel proto support
for recovery.
2014-03-20 14:07:12 +01:00
Ondrej Zajicek
736e143fa5
Merge branch 'master' into add-path
...
Conflicts:
filter/filter.c
nest/proto.c
nest/rt-table.c
proto/bgp/bgp.h
proto/bgp/config.Y
2013-11-23 11:50:34 +01:00
Ondrej Zajicek
548c329cde
Adds rate limiting to some log messages.
2013-11-22 01:21:15 +01:00
Ondrej Zajicek
9135c1f0ca
Fixes bug in protocol flushing and rtable pruning.
...
When route was propagated to another rtable through a pipe and then the
pipe was reconfigured softly in such a way that any subsequent route
updates are filtered, then the source protocol shutdown didn't clean up
the route in the second rtable which caused stale routes and potential
crashes.
2013-07-24 14:11:12 +02:00
Ondrej Zajicek
fad04c750c
Fixes problems with kernel routes multiple routing tables.
...
Temporary dummy routes created by a kernel protocol during routing table
scan get mixed with real routes propagated from another kernel protocol
through a pipe.
2013-06-13 11:27:14 +02:00
Ondrej Filip
e667622a35
Default rounting table for 'show route export/preexport/protocol' is the one related to a respective protocol.
2013-02-25 10:39:46 +01:00
Ondrej Zajicek
36da2857bc
Implements router advertisements activated by received routes.
...
The RAdv protocol could be configured to change its behavior based on
availability of routes, e.g., do not announce router lifetime when a
default route is not available.
2013-02-08 23:58:27 +01:00
Ondrej Zajicek
b662290f40
Separate import and receive limits.
...
They have different behavior w.r.t. filtered routes that are kept.
2013-01-10 13:07:33 +01:00
Ondrej Zajicek
7057752924
Fixes route tracing w.r.t. kept filtered routes.
2012-11-16 13:29:16 +01:00
Ondrej Zajicek
1555095795
Changes 'rejected' to 'filtered' in one of the last patches.
2012-11-15 01:29:01 +01:00
Ondrej Zajicek
cf98be7b67
Allows rejected routes to be kept and examined.
...
When 'import keep rejected' protocol option is activated, routes
rejected by the import filter are kept in the routing table, but they
are hidden and not propagated to other protocols. It is possible to
examine them using 'show route rejected'.
2012-11-10 14:26:13 +01:00
Ondrej Zajicek
094d2bdb79
Implements ADD-PATH extension for BGP.
...
Allows to send and receive multiple routes for one network by one BGP
session. Also contains necessary core changes to support this (routing
tables accepting several routes for one network from one protocol).
It needs some more cleanup before merging to the master branch.
2012-08-14 16:46:43 +02:00
Ondrej Zajicek
36415e4b1d
Allows to redefine master table.
2012-07-20 19:56:57 +02:00
Ondrej Zajicek
abced4a914
Merge branch 'rt-accepted'
...
Conflicts:
nest/config.Y
nest/rt-table.c
proto/bgp/bgp.c
2012-07-16 14:44:45 +02:00
Ondrej Zajicek
26822d8fe1
Finalize RA_ACCEPTED handling.
2012-07-16 01:33:02 +02:00
Ondrej Zajicek
47c447c42e
Minor cleanups.
2012-05-11 12:10:21 +02:00