0
0
mirror of https://gitlab.nic.cz/labs/bird.git synced 2024-12-27 04:01:53 +00:00
Commit Graph

1714 Commits

Author SHA1 Message Date
Maria Matejka
74566d3c85 BMP: overflow checker made configurable
Also added documentation for these two options.
2024-10-08 15:11:28 +02:00
Maria Matejka
c972f54f00 BMP: overflow checker
If the TX buffers overflow 1 GB, the BMP protocol restarts
because it is very much possible that the other side is stalled.
2024-10-08 15:11:28 +02:00
Maria Matejka
3f371ddff2 BMP: simplified update queuing
This commit drops an unnecessary layer of indirection, allocates the
output blocks by 1M chunks and drops most of the intermediary
allocations from the heap altogether.
2024-10-08 15:11:28 +02:00
Maria Matejka
0f9f6424cd BMP: drop an unused mempool 2024-10-08 15:11:28 +02:00
Job Snijders
8dc2a36ae5 RPKI: Add TCP-MD5 authentication option
RPKI-To-Router (RTR) sessions seem to be similar security-sensitivity as
IBGP sessions. BIRD already offered a choice of either "plain TCP" (meh)
or "SSH" (secure, albeit a bit more hassle to set up than TCP-MD5).
The patch adds TCP-MD5 as another option. TCP-MD5 for RTR is specified
through RFC 6810 section 7.3 and RFC 8210 section 9.3.

Minor changes by committer.
2024-10-03 16:25:29 +02:00
Alexander Zubkov
8a40bccffe BFD: Add option to accept zero checksum for IPv6 UDP packets
Some vendors do not fill the checksum for IPv6 UDP packets.
For interoperability with such implementations one can set
UDP_NO_CHECK6_RX socket option on Linux.

Thanks to Ville O for the suggestion.

Minor changes by committer.
2024-06-26 16:29:57 +02:00
Ondrej Zajicek
e29f134ad9 BFD: Fix build when BFD is disabled
Move bfd_opts grammar inside BFD parser code to avoid dependences between
nest and BFD grammars, which breaks when BFD build is disabled.

Add dummy bfd_opts grammar rule, so protocols can use this nonterminal
even with BFD disabled.

Thanks to Yuri Honegger for the bugreport.
2024-05-28 15:31:52 +02:00
Katerina Kubecova
e6dbde6883 BFD: Set password per session 2024-04-16 15:30:59 +02:00
Ondrej Zajicek
280daed57d OSPF: Allow loopback nexthop in OSPFv3-IPv4
In OSPFv3-IPv4 there is no requirement that link-local next hop announced
in Link-LSA must be in interface address range. Therefore, for interfaces
that do not have IPv4 address we can use some loopback IP address and
announce it as a next hop. Also we should accept such address.
2024-04-04 18:37:26 +02:00
Maria Matejka
08571b2059 ASPA: basic data structures and Static protocol support 2024-03-25 14:15:30 +01:00
Maria Matejka
b95dc8f29f Expanded usage of stdbool.h to the whole BIRD 2024-03-25 09:39:58 +01:00
Ondrej Zajicek
a698f8d917 Static: Fix invalid combination of nexthop options
BFD requires defined local IP, but for nexthop with onlink there might
not be such address. So we reject this combination of nexthop options.
This prevent crash where such combination of options is used.
2024-03-22 00:40:06 +01:00
Ondrej Zajicek
d21a508e8d Revert "OSPF: On physical PtP links, skip next-hop resolving"
This reverts commit 31aa62ae6d.
2024-03-21 15:59:26 +01:00
Ondrej Zajicek
46a4932574 Merge commit '44e351d1522f0099687aac9fd65dcea73a04af43' 2024-03-21 15:58:52 +01:00
Ondrej Zajicek
66d6ac7085 Babel: Fix build with limited set of protocols 2024-03-19 15:39:46 +01:00
Ondrej Zajicek
06209c1917 Aggregator: Fix build with limited set of protocols 2024-03-19 15:39:19 +01:00
Michal Zagorski
099898ffdd Static: Fix build with limited set of protocols 2024-03-11 12:57:13 +01:00
Ondrej Zajicek
1b064355f7 Client: Add support for completion of command options
We can easily extend command completion to handle also keywords for
command options. Help for command options is not yet supported.
2024-03-05 19:04:10 +01:00
Ondrej Zajicek
26dd61ee7f BFD: Add arguments to 'show bfd sessions' command
Add several arguments to 'show bfd sessions' command to filter
the list of sessions.
2024-03-05 00:02:16 +01:00
Ondrej Zajicek
4737937375 BFD: Improve 'show bfd sessions all' command 2024-03-04 23:51:37 +01:00
Katerina Kubecova
a48dc5efe0 BFD: Show session for ip / ip prefix 2024-03-04 23:35:10 +01:00
Katerina Kubecova
37bf207843 BFD: show bfd sessions all 2024-03-04 23:35:10 +01:00
Job Snijders
e2728c8078 RPKI: Add 'local address' configuration option
Allow to explicitly configure the source IP address for RPKI-To-Router
sessions. Predictable source addresses are useful for minimizing the
holes to be poked in ACLs.

Changed from 'source address' to 'local address' by committer.
2024-02-22 14:58:29 +01:00
Ondrej Zajicek
2d0652dd10 BGP: Maintain valid route attribute flags even in local tables
BGP route attributes have flags (Optional, Transitive) that are validated
on decode and set to valid value on export. But if such attribute is
modified by filter or set internally by BGP during import, then its flags
would be zero in local tables. That usually does not matter, as they are
not used locally and they were fixed on export, but invalid flags leaked
in BMP and MRT dumps.

Keep route attribute flags set to valid values even when set by filters
or modified by BGP.
2024-02-20 17:39:05 +01:00
Job Snijders
44a16bff6c BGP: Update SendHoldTimer BGP Error code
IANA registered an "Early Allocation" BGP Error code for 'Send Hold
Timer Expired' event. Update BIRD to use that error code.
2024-02-18 09:06:52 +01:00
Ondrej Zajicek
c3335b5044 Static: Allow to define both nexthop and interface
Allow to define both nexthop and interface using iproute2-like syntax,
e.g.: route 10.0.0.0/16 via 10.1.0.1 dev "eth0";

Now we can avoid to use link-local scope hack (e.g. 10.1.0.1%eth0)
for cases where both nexthop and interface have to be defined.

Thanks to Marcin Saklak for the suggestion.
2024-02-16 18:44:40 +01:00
Alexander Zubkov
574d7eb241 BGP: Allow multiple EBGP neighbors with the same peer.
We can distinguish BGP sessions if at least one side uses a different IP
address. Extend olock mechanism to handle local IP as a part of key, with
optional wildcard, so BGP sessions could local IP in the olock and not
block themselves.
2024-02-07 19:11:10 +01:00
Ondrej Zajicek
ff2ebdc7e1 BGP: Increase max length of notification data in error logs
Increase max length of notification data in error logs from 16 to 128.
There is already enough space in the buffer.

Thanks to Marco d'Itri for the suggestion.
2024-02-06 18:34:55 +01:00
Ondrej Zajicek
13c6cf8a74 Trivial code cleanups 2024-01-22 06:29:14 +01:00
Maria Matejka
44e351d152 RPKI: retry timer doesn't reset connections when more data is pending
With very busy deployments, RPKI may kill cache connection too early.
Instead of that, we want it to keep loading if any data is waiting to
be read and the reason for delay is just our congestion.

Also, when we kill the session because of actually slow cache, we want
to reload from scratch as the data we have is unreliable and nobody
knows whether the state is still valid.
2023-12-20 11:58:07 +01:00
Ondrej Zajicek
2b6bd8ca3a OSPF: Cleanup some warnings 2023-12-13 18:07:38 +01:00
Katerina Kubecova
bcf2327425 BGP: Send hold timer
Implement BGP Send hold timer according to draft-ietf-idr-bgp-sendholdtimer.
The Send hold timer drops the session if the neighbor is sending keepalives,
but does not receive our messages, causing the TCP connection to stall.
2023-12-05 04:14:45 +01:00
Ondrej Zajicek
3fb06fea1d BGP: Add options to require BGP capabilities
Some BGP capabilities change the BGP behavior in a significant way, so if
the configuration depends on it, it is better to not establish BGP
session when the capability is not available.

Add several BGP option to require individual BGP capabilities during
session negotiation.
2023-11-23 20:54:22 +01:00
Ondrej Zajicek
b6923f6386 BGP: Simplify capability handling 2023-11-23 17:18:04 +01:00
Soha Jin
31aa62ae6d OSPF: On physical PtP links, skip next-hop resolving
Signed-off-by: Soha Jin <soha@jin.sh>
Co-developed-by: Wende Tan <twd2.me@gmail.com>
2023-11-09 14:33:25 +01:00
Ondrej Zajicek
57aa077227 BGP: Improve custom BGP attributes
- Implement EA_GET for custom BGP attributes
 - Forbid EA_SET on existing opaque attributes
 - Forbid redefining existing attributes
 - Document possible compatibility problems
2023-10-05 21:54:25 +02:00
Ondrej Zajicek
ba01a6f2e6 MPLS: Handle compatibility with old configs
Old configs do not define MPLS domains and may use a static protocol
to define static MPLS routes.

When MPLS channel is the only channel of static protocol, handle it
as a main channel. Also, define implicit MPLS domain if needed and
none is defined.
2023-10-05 17:54:43 +02:00
Ondrej Zajicek
ab47c2ae46 BGP: Custom attribute definitions should use cfg_alloc(), not malloc()
Otherwise we would get memory leaks.
2023-10-04 20:16:13 +02:00
Ondrej Zajicek
be09b030ed MPLS: Update to support and use 64bit source id 2023-10-04 15:00:24 +02:00
Ondrej Zajicek
8f5511dafb L3VPN: Import/export target reconfiguration 2023-10-04 13:12:05 +02:00
Ondrej Zajicek
d8130da86b BGP, L3VPN: Fix MPLS channel reload
When a MPLS channel is reloaded, it should reload all regular MPLS-aware
channels. This causes re-evaluation of routes in FEC map and possibly
reannouncement of MPLS routes.
2023-10-04 13:12:05 +02:00
Ondrej Zajicek
e915f99e1c L3VPN: Fix bug in reconfiguration
Fields import_target / export_target link to config structures, must be
updated during reconfiguration.
2023-10-04 13:12:05 +02:00
Ondrej Zajicek
81a20ca5d8 Static: Add syntax for static MPLS labels
Instead of just using route attributes, static routes with
static MPLS labels can be defined just by e.g.:

  route 10.1.1.0/24 mpls 100 via 10.1.2.1 mpls 200;
2023-10-04 13:12:05 +02:00
Ondrej Zajicek
bcff3ae79a L3VPN: BGP/MPLS VPNs using MPLS backbone
The L3VPN protocol implements RFC 4364 BGP/MPLS VPNs using MPLS backbone.
It works similarly to pipe. It connects IP table (one per VRF) with (global)
VPN table. Routes passed from VPN table to IP table are stripped of RD and
filtered by import targets, routes passed in the other direction are extended
with RD, MPLS labels and export targets in extended communities. A separate
MPLS channel is used to announce MPLS routes for the labels.
2023-10-04 13:07:28 +02:00
Ondrej Zajicek
9d456d5366 BGP: Add MPLS support
When MPLS is active, received routes on MPLS-aware SAFIs (ipvX-mpls,
vpnX-mpls) are automatically labeled according to active label policy and
corresponding MPLS routes are automatically generated. Also routes sent
on MPLS-aware SAFIs announce local labels when it should be done.
2023-10-04 13:01:21 +02:00
Ondrej Zajicek
15c86ed061 Static: Add MPLS support
When MPLS is active, static IP/VPN routes are automatically labeled
according to active label policy and corresponding MPLS routes are
automatically generated.
2023-10-04 13:01:21 +02:00
Ondrej Zajicek
21213be523 Nest: Expand rte_src.private_id to u64
In general, private_id is sparse and protocols may want to map some
internal values directly into it. For example, L3VPN needs to
map VPN route discriminators to private_id.

OTOH, u32 is enough for global_id, as these identifiers are dense.
2023-10-02 15:09:30 +02:00
Maria Matejka
8ad9c4bb33 BGP config: Splitting Route Refresh and Enhanced Route Refresh
Both toggles are on by default but if some implementation needs one or
another to be switched off separately, then it's possible now.
2023-09-27 20:18:46 +02:00
Maria Matejka
018a77fc0b Aggregator: Forbidden dangerous filter computations 2023-09-26 15:46:24 +02:00
Maria Matejka
8674d7ab4b Aggregator: Fixed hashing of adata 2023-09-26 15:46:24 +02:00