0
0
mirror of https://gitlab.nic.cz/labs/bird.git synced 2024-11-15 23:58:43 +00:00
Commit Graph

158 Commits

Author SHA1 Message Date
Ondrej Zajicek (work)
04edf8f2f2 IO: Workaround for broken FreeBSD behavior
FreeBSD silently changes TTL to 1 when MSG_DONTROUTE is used, even when
it is explicitly set to another value. That breaks TTL security sockets,
including BFD which always uses TTL 255. Bad FreeBSD!
2018-12-19 18:10:39 +01:00
Ondrej Zajicek (work)
c0fc3e6718 The MRT protocol
The new MRT protocol is responsible for periodic RIB table dumps in the
MRT format (RFC 6396). Also the existing code for BGP4MP MRT dumps is
refactored and splitted between BGP to MRT protocols, will be more
integrated into MRT in the future.

Example:

protocol mrt {
	table "*";
	filename "%N_%F_%T.mrt";
	period 60;
}

It is partially based on the old MRT code from Pavel Tvrdik.
2018-09-18 17:50:45 +02:00
Ondrej Zajicek (work)
6be71641ef BSD: Use MSG_DONTROUTE for unicast packets on FreeBSD
BSD systems cannot use SO_DONTROUTE, because it does not work properly
with multicast packets (perhaps it tries to find iface based on multicast
group address). But we can use MSG_DONTROUTE sendmsg() flag for unicast
packets. Works on FreeBSD, is ignored on OpenBSD and is broken on NetBSD
(i guess due to integrated routing table and ARP table).
2018-07-28 19:30:56 +02:00
Ondrej Zajicek (work)
d6cf996151 IO: Fix socket priority
On Linux, setting the ToS will also set the priority and the range of
accepted values is quite limited (masked by 0x1e). Therefore, 0xc0 is
translated to a priority of 0, not something we want, overriding the
"7" priority which was set previously explicitely. To avoid that, just
move setting priority later in the code.

Thanks to Vincent Bernat for the patch.
2018-01-23 17:05:45 +01:00
Ondrej Zajicek (work)
943478b00f Basic VRF support
Add basic VRF (virtual routing and forwarding) support. Protocols can be
associated with VRFs, such protocols will be restricted to interfaces
assigned to the VRF (as reported by Linux kernel) and will use sockets
bound to the VRF. E.g., different multihop BGP instances can use diffent
kernel routing tables to handle BGP TCP connections.

The VRF support is preliminary, currently there are several limitations:

- Recent Linux kernels (4.11) do not handle correctly sockets bound
to interaces that are part of VRF, so most protocols other than multihop
BGP do not work. This will be fixed by future kernel versions.

- Neighbor cache ignores VRFs. Breaks config with the same prefix on
local interfaces in different VRFs. Not much problem as single hop
protocols do not work anyways.

- Olock code ignores VRFs. Breaks config with multiple BGP peers with the
same IP address in different VRFs.

- Incoming BGP connections are not dispatched according to VRFs.
Breaks config with multiple BGP peers with the same IP address in
different VRFs. Perhaps we would need some kernel API to read VRF of
incoming connection? Or probably use multiple listening sockets in
int-new branch.

- We should handle master VRF interface up/down events and perhaps
disable associated protocols when VRF goes down. Or at least disable
associated interfaces.

- Also we should check if the master iface is really VRF iface and
not some other kind of master iface.

- BFD session request dispatch should be aware of VRFs.

- Perhaps kernel protocol should read default kernel table ID from VRF
iface so it is not necessary to configure it.

- Perhaps we should have per-VRF default table.
2017-09-06 17:38:48 +02:00
Ondrej Zajicek (work)
e40542ef3a Minor autoconf cleanup and documentation update 2017-05-16 12:59:22 +02:00
Jan Moskyto Matejka
2c33da5070 Netlink: fix occasional netlink hangs on busy machines 2016-12-20 20:36:56 +01:00
Ondrej Zajicek (work)
c8cafc8ebb Minor code cleanups 2016-11-08 17:46:29 +01:00
Jan Moskyto Matejka
3e236955c9 Build: switch on -Wextra, get rid of most of the warnings
There are several unresolved -Wmissing-field-initializers on older
versions of GCC than 5.1, all of them false positive.
2016-11-01 14:52:54 +01:00
Jan Moskyto Matejka
ccd2a3eda2 Kernel socket missing err_hook fix
Thanks to Tim Weippert for bugreport.
2016-09-29 13:21:16 +02:00
Ondřej Surý
33d22f0e9e whitespace fixes 2016-08-16 09:24:12 +02:00
Jan Moskyto Matejka
9dbcb11cb5 Unix IO: Tried to fix strange behavior after POLLHUP or POLLERR. 2016-05-30 14:28:22 +02:00
Pavel Tvrdik
8e433d6a52 Prog Doc: Complete several missing parameters 2016-05-12 15:49:44 +02:00
Pavel Tvrdik
f7a99acb4e Initialize variable ifr in sk_setup()
==00:00:00:02.831 2468== Syscall param socketcall.setsockopt(optval) points to uninitialised byte(s)
==00:00:00:02.831 2468==    at 0x513BDEA: setsockopt (in /usr/lib/libc-2.23.so)
==00:00:00:02.831 2468==    by 0x45C7AF: sk_setup (io.c:1216)
==00:00:00:02.831 2468==    by 0x45CDFF: sk_open (io.c:1417)
==00:00:00:02.831 2468==    by 0x44B562: rip_open_socket (packets.c:740)
==00:00:00:02.831 2468==    by 0x4481A7: rip_iface_locked (rip.c:616)
==00:00:00:02.831 2468==    by 0x4133E4: olock_run_event (locks.c:177)
==00:00:00:02.831 2468==    by 0x45A6DE: ev_run (event.c:85)
==00:00:00:02.831 2468==    by 0x45A7AD: ev_run_list (event.c:142)
==00:00:00:02.831 2468==    by 0x45E0FC: io_loop (io.c:2066)
==00:00:00:02.831 2468==    by 0x463B56: main (main.c:845)
==00:00:00:02.831 2468==  Address 0xffefffd24 is on thread 1's stack
==00:00:00:02.831 2468==  in frame #1, created by sk_setup (io.c:1188)
==00:00:00:02.831 2468==  Uninitialised value was created by a stack allocation
==00:00:00:02.831 2468==    at 0x45C6BB: sk_setup (io.c:1188)
2016-05-03 11:02:48 +02:00
Ondrej Zajicek (work)
a7baa09862 BSD: Add the IPsec SA/SP database entries control
Add code for manipulation with TCP-MD5 keys in the IPsec SA/SP database
at FreeBSD systems. Now, BGP MD5 authentication (RFC 2385) keys are
handled automatically on both Linux and FreeBSD.

Based on patches from Pavel Tvrdik.
2016-04-13 14:37:09 +02:00
Ondrej Zajicek (work)
bd22d7f41d IO: Avoid multiple event cycles in one loop cycle.
Event cycle may took too much time and trigger next timer events, so
avoid cycling between timer and event cycles inside the loop cycle.
2016-04-06 11:57:28 +02:00
Ondrej Zajicek (work)
9e7b3ebdf9 IO: Replace RX priority heuristic with explicit mark
In BIRD, RX has lower priority than TX with the exception of RX from
control socket. The patch replaces heuristic based on socket type with
explicit mark and uses it for both control socket and BGP session waiting
to be established.

This should avoid an issue when during heavy load, outgoing connection
could connect (TX event), send open, but then failed to receive OPEN /
establish in time, not sending notifications between and therefore
got hold timer expired error from the neighbor immediately after it
finally established the connection.
2016-04-06 11:49:34 +02:00
Jan Moskyto Matejka
ea0a8be2ff IO/Poll: fix mistaken variable merge
The events variable is used in the short loop decision. The reasons are
not much clear, keeping this to keep the former behaviour.
2016-03-30 16:21:32 +02:00
Jan Moskyto Matejka
9c92f69272 Unix: Substituted select -> poll also in congestion checker
It does strange things when even one fd larger than FD_SETSIZE is
passed to select().
2016-03-18 11:47:13 +01:00
Jan Moskyto Matejka
fd926ed4ee Poll: Prevent the improbable case of EAGAIN after POLLIN 2016-03-15 14:57:49 +01:00
Jan Moskyto Matejka
e1c13a5a7b Unix: Rework of select-loop to poll-loop
This should lift the limit of FD_SETSIZE and allow more than 1024 fd's.
FD_SETSIZE limit doesn't matter now when creating new sockets.
2016-03-11 12:45:10 +01:00
Ondrej Zajicek (work)
3aed0a6ff7 IO: Fix the previous bugfix
I should check it after making some trivial changes. The original patch
from Alexander has it right.
2015-11-03 11:27:27 +01:00
Ondrej Zajicek (work)
338f85ca77 IO: Handle fd values too big for select()
If the number of sockets is too much for select(), we should at least
handle it with proper error messages and reject new sockets instead of
breaking the event loop.

Thanks to Alexander V. Chernikov for the patch.
2015-11-03 11:08:57 +01:00
Ondrej Zajicek
b867a87c2f Fixes port range socket option 2015-04-19 00:31:59 +02:00
Ondrej Zajicek
af454f9b7c Fixes bug in debug dumps
Using 'dump sockets' in IPv6 mode caused crash due to mismatched format string.

Thanks to Pavel Tvrdik for noticing it.
2015-03-02 09:42:44 +01:00
Ondrej Zajicek
8bcb5fb1e8 Implement latency tracking, internal event log and watchdog 2015-03-02 09:41:14 +01:00
Ondrej Zajicek
9c89560e6c Use IP_PORTRANGE_HIGH for BFD where available 2015-02-22 20:14:14 +01:00
Ondrej Zajicek
88a183c6c9 Integrated IP functions. 2014-10-24 11:11:43 +02:00
Ondrej Zajicek
0479b44373 Fixes some warnings. 2014-10-02 12:52:50 +02:00
Ondrej Zajicek
8945f73d94 Ensures that msg_controllen includes last padding.
Although RFC 3542 allows both cases, Theo de Raadt thinks
he knows better, and msg_controllen without last padding
fails on OpenBSD.

Thanks to Job Snijders for the bugreport.
2014-06-26 13:30:27 +02:00
Ondrej Zajicek
05476c4d04 IPv4/IPv6 integrated socket code. 2014-05-18 11:42:26 +02:00
Ondrej Zajicek
48e5f32db6 Many changes in I/O and OSPF sockets and packet handling.
I/O:
 - BSD: specify src addr on IP sockets by IP_HDRINCL
 - BSD: specify src addr on UDP sockets by IP_SENDSRCADDR
 - Linux: specify src addr on IP/UDP sockets by IP_PKTINFO
 - IPv6: specify src addr on IP/UDP sockets by IPV6_PKTINFO
 - Alternative SKF_BIND flag for binding to IP address
 - Allows IP/UDP sockets without tx_hook, on these
   sockets a packet is discarded when TX queue is full
 - Use consistently SOL_ for socket layer values.

OSPF:
 - Packet src addr is always explicitly set
 - Support for secondary addresses in BSD
 - Dynamic RX/TX buffers
 - Fixes some minor buffer overruns
 - Interface option 'tx length'
 - Names for vlink pseudoifaces (vlinkX)
 - Vlinks use separate socket for TX
 - Vlinks do not use fixed associated iface
 - Fixes TTL for direct unicast packets
 - Fixes DONTROUTE for OSPF sockets
 - Use ifa->ifname instead of ifa->iface->name
2014-02-06 17:46:01 +01:00
Ondrej Zajicek
0aeac9cb7f Merge commit 'origin/bfd' 2013-11-22 02:48:44 +01:00
Ondrej Zajicek
8931425d02 Fixes problem with RIP on multiple ifaces on BSD.
RIP sockets for multiple ifaces collided, because we cannot bind to
a specific iface on BSD. Workarounded by SO_REUSEPORT.

Thanks to Eugene M. Zheganin for the bugreport.
2013-11-22 02:12:21 +01:00
Ondrej Zajicek
1ec522538f BFD protocol, ready for release.
Supports OSPF and BGP and also statically configured sessions.
2013-11-19 22:33:48 +01:00
Ondrej Zajicek
0e175f9f0f Fixes some BFD bugs and makes logging thread-safe. 2013-10-05 20:12:28 +02:00
Ondrej Zajicek
6a8d3f1c1f BFD work in progress.
Now it compiles and mostly works.
2013-09-16 23:57:40 +02:00
Ondrej Zajicek
bf139664aa Initial BFD commit, work in progress. 2013-09-10 12:09:36 +02:00
Ondrej Zajicek
a0b176e3b2 Fixes header file name.
Thanks to Fritz Grimpen for the patch.
2013-07-24 14:20:46 +02:00
Ondrej Zajicek
354496ace8 Some fixes for TTL security. 2013-07-11 13:50:44 +02:00
Ondrej Zajicek
70e212f913 Implements TTL security for OSPF and RIP.
Interfaces for OSPF and RIP could be configured to use (and request)
TTL 255 for traffic to direct neighbors.

Thanks to Simon Dickhoven for the original patch for RIPng.
2013-06-25 15:39:44 +02:00
Ondrej Zajicek
ef4a50be10 Better packet priority and traffic class handling.
Implements support for IPv6 traffic class, sets higher priority for OSPF
and RIP outgoing packets by default and allows to configure ToS/DS/TClass
IP header field and the local priority of outgoing packets.
2013-06-24 16:37:30 +02:00
Ondrej Zajicek
a92cf57dd6 Implements undo command and optional timeout for configuration
Several new configure command variants:

configure undo - undo last reconfiguration
configure timeout - configure with scheduled undo if not confirmed in timeout
configure confirm - confirm last configuration
configure check - just parse and validate config file
2012-12-26 12:40:48 +01:00
Ondrej Zajicek
c4b76d7b19 Rename sk_new() to avoid name collision with OpenSSL. 2012-07-18 19:35:30 +02:00
Ondrej Zajicek
f1aceff59b Cleanup in sysdep KRT code, part 2.
Remove support for historic Linux kernels,
merge krt-iface, krt-set and krt-scan stub headers.
2012-04-30 22:25:24 +02:00
Ondrej Zajicek
d7f469c15c Some minor fixes. 2012-01-09 02:41:13 +01:00
Ondrej Zajicek
eb1451a3a0 Better support for link-local addresses in IO code. 2012-01-08 15:27:04 +01:00
Ondrej Zajicek
b1b1943360 The generalized TTL security mechanism (RFC 5082) support.
Thanks to Alexander V. Chernikov for the patch.
2011-08-16 23:13:05 +02:00
Ondrej Zajicek
d0e9b36d30 Added header file. 2011-03-23 17:15:11 +01:00
Ondrej Zajicek
93e868c730 Implements Router Advertisement protocol. 2011-03-13 11:33:50 +01:00