0
0
mirror of https://gitlab.nic.cz/labs/bird.git synced 2024-12-22 09:41:54 +00:00
Commit Graph

1273 Commits

Author SHA1 Message Date
Jan Moskyto Matejka
ad88b94bca Merge branch 'int-new-rpki-squashed' (early part) into int-new 2016-12-07 15:30:46 +01:00
Ondrej Zajicek (work)
d15b0b0a1b BGP redesign
Integrated and extensible BGP with generalized AFI handling,
support for IPv4+IPv6 AFI and unicast+multicast SAFI.
2016-12-07 14:20:52 +01:00
Jan Moskyto Matejka
af62c0f9f1 LibSSH may be switched off together with RPKI 2016-12-07 14:15:35 +01:00
Jan Moskyto Matejka
f7f70bed8f Make: upgrade Babel makefiles 2016-12-07 09:35:24 +01:00
Pavel Tvrdík
65d2a88dd2 RPKI protocol with one cache server per protocol
The RPKI protocol (RFC 6810) using the RTRLib
(http://rpki.realmv6.org/) that is integrated inside
the BIRD's code.

Implemeted transports are:
 - unprotected transport over TCP
 - secure transport over SSHv2

Example configuration of bird.conf:
  ...
  roa4 table r4;
  roa6 table r6;

  protocol rpki {
    debug all;

    # Import both IPv4 and IPv6 ROAs
    roa4 { table r4; };
    roa6 { table r6; };

    # Set cache server (validator) address,
    # overwrite default port 323
    remote "rpki-validator.realmv6.org" port 8282;

    # Overwrite default time intervals
    retry   10;         # Default 600 seconds
    refresh 60;         # Default 3600 seconds
    expire 600;         # Default 7200 seconds
  }

  protocol rpki {
    debug all;

    # Import only IPv4 routes
    roa4 { table r4; };

    # Set cache server address to localhost,
    # use default ports tcp => 323 or ssh => 22
    remote 127.0.0.1;

    # Use SSH transport instead of unprotected transport over TCP
    ssh encryption {
      bird private key "/home/birdgeek/.ssh/id_rsa";
      remote public key "/home/birdgeek/.ssh/known_hosts";
      user "birdgeek";
    };
  }
  ...
2016-12-07 09:35:24 +01:00
Ondrej Zajicek (work)
ed1a908e53 BGP: Fix memory leak in graceful restart code
Prefix and bucket tables are initialized when entering established state
but not explicitly freed when leaving it (that is handled by protocol
restart). With graceful restart, BGP may enter and leave established
state multiple times without hard protocol restart causing memory leak.
2016-11-25 11:51:38 +01:00
Ondrej Zajicek (work)
261816b0d4 BGP: Cluster list item should be prepended
Commit 3c09af41... changed behavior of int_set_add() from prepend to
append, which makes more sense for community list, but prepend must be
used for cluster list. Add int_set_prepend() and use it in cluster list
handling code.
2016-11-15 16:24:39 +01:00
Ondrej Zajicek (work)
9b0a0ba9e6 Unit Testing for BIRD
- Unit Testing Framework (BirdTest)
 - Integration of BirdTest into the BIRD build system
 - Tests for several BIRD modules

 Based on squashed Pavel Tvrdik's int-test branch, updated for
 current int-new branch.
2016-11-09 16:36:34 +01:00
Ondrej Zajicek (work)
8860e991f6 Merge branch 'master' into int-new 2016-11-08 19:27:58 +01:00
Ondrej Zajicek (work)
c8cafc8ebb Minor code cleanups 2016-11-08 17:46:29 +01:00
Ondrej Zajicek (work)
cc5b93f72d Merge tag 'v1.6.2' into int-new 2016-11-08 17:04:29 +01:00
Ondrej Zajicek (work)
e03dc6a984 BFD: Authentication
Implement BFD authentication (part of RFC 5880). Supports plaintext
passwords and cryptographic MD5 / SHA-1 authentication.

Based on former commit from Pavel Tvrdik
2016-11-02 17:53:22 +01:00
Ondrej Zajicek (work)
29239ba2bb OSPF: Use message authentication interface
Based on former commit from Pavel Tvrdik
2016-11-02 17:53:22 +01:00
Ondrej Zajicek (work)
390601f038 RIP: Use message authentication interface
Based on former commit from Pavel Tvrdik
2016-11-02 17:53:22 +01:00
Pavel Tvrdík
56cb3bedc2 Nest: Add support for MAC algorithms in grammar 2016-11-02 16:23:53 +01:00
Ondrej Zajicek (work)
de2a27e255 Add generic message authentication interface
Add generic interface for generating and verifying MACs (message
authentication codes). Replace multiple HMAC implementation with
a generic one.
2016-11-02 16:23:53 +01:00
Jan Moskyto Matejka
3e236955c9 Build: switch on -Wextra, get rid of most of the warnings
There are several unresolved -Wmissing-field-initializers on older
versions of GCC than 5.1, all of them false positive.
2016-11-01 14:52:54 +01:00
Ondrej Filip
3213273d82 IANA assigned a different number to large BGP communities - changed. 2016-10-27 11:08:28 +02:00
Ondrej Zajicek (work)
66dbdbd993 BGP: Support for large communities
Add support for large communities (draft-ietf-idr-large-community),
96bit alternative to RFC 1997 communities.

Thanks to Matt Griswold for the original patch.
2016-10-03 12:48:56 +02:00
Pavel Tvrdik
0f5054f685 BFD: Fix invalid read from pollfd array
It is possible that sockets_add() are called between sockets_prepare()
and sockets_fire() during poll loop in birdloop_main(), so we need to
use loop->poll_fd.used instead of loop->sock_num to find the last field.
2016-09-15 16:18:32 +02:00
Ondrej Zajicek (work)
84cac51a51 Nest: Keep multipath next hops sorted 2016-09-14 11:53:54 +02:00
Ondrej Zajicek (work)
13a31a4001 Babel: Immediately update hello interval on interface reconfigure
An interface reconfiguration may change both the hello and update
intervals. An update interval change is immediately put into effect,
while a hello interval change is not. This also updates the hello
interval immediately (if the new interval is shorter than the old one),
and sends a hello to notify peers of the change.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
2016-07-20 15:55:45 +02:00
Ondrej Zajicek (work)
c6ed5a0f99 Babel: Do not maintain feasibility distance for our own routes
We do not need to maintain feasibility distances for our own router
ID (we ignore the updates anyway). Not doing so makes the routes be
garbage collected sooner when export filters change.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
2016-07-19 14:38:36 +02:00
Ondrej Zajicek (work)
0f67366601 Babel: Do not keep an infeasible route as selected
When a route becomes infeasible it should not be kept as selected; this
is forbidden by section 3.6 of the RFC and prevents subsequent updates
from the same router ID from replacing it.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
2016-07-19 14:28:53 +02:00
Ondrej Zajicek (work)
5d6ca22085 Babel: Send wildcard retractions on shutdown and startup
This makes BIRD send a wildcard retraction on all interfaces before
shutting down and right after starting up. This helps ensure that
neighbours will discard the announced routes as soon as possible,
rather than only after the normal timeout procedures.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
2016-07-19 14:23:41 +02:00
Ondrej Zajicek (work)
ecae2f43f3 Babel: Rework handling of retractions
An update with wildcard AE and infinite metric should be treated as a
global retraction of all prefixes announced by that neighbour, per
section 4.4.9 of the RFC. In addition, router ID and seqno in retraction
updates should be ignored. This reworks the handling of retractions and
adjusts the parser to handle all this correctly.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
2016-07-19 13:33:02 +02:00
Ondrej Zajicek (work)
321ff8c404 Babel: Make sure intervals do not overflow
Intervals are carried as 16-bit centisecond values, but kept internally
in 16-bit second values, which causes a potential for overflow. This adds
some checks to make sure this does not happen.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
2016-07-19 11:57:20 +02:00
Ondrej Zajicek (work)
ea0cb652e9 BGP: Fix extended messages
Change attribute length limit to handle extended (64 kB) messages.

Do not mix updates and withdraws (RFC 7606).
2016-07-11 20:41:32 +02:00
Ondrej Zajicek (work)
775a5a8195 BGP: Skip empty path segments in received AS_PATH
Although RFC 4271 does not forbid empty path segments, they are useless
and some implementations consider them invalid. It is clarified in RFC 7606,
specifying that AS_PATH with empty segment is considered malformed.
2016-06-29 14:24:32 +02:00
Ondrej Zajicek (work)
08b3a24da5 IO: Minor changes in socket AF handing
AF can be specified implicitly by saddr or daddr, flags SKF_V4ONLY and
SKF_V6ONLY are to be removed.
2016-05-17 15:21:49 +02:00
Ondrej Zajicek (work)
af678af0d5 Merge remote-tracking branch 'origin/master' into int-new 2016-05-12 18:03:23 +02:00
Pavel Tvrdik
8e433d6a52 Prog Doc: Complete several missing parameters 2016-05-12 15:49:44 +02:00
Jan Moskyto Matejka
0c6dfe5236 Merge branch 'int-new' into int-new-merged 2016-05-10 14:30:49 +02:00
Jan Moskyto Matejka
92912f063a Merge remote-tracking branch 'origin/rte-update' into int-new 2016-05-10 14:21:15 +02:00
Jan Moskyto Matejka
7152e5efbb Build system reworked to one global Makefile with includes and no nesting
Also removed the lib-dir merging with sysdep. Updated #include's
accordingly.

Fixed make doc on recent Debian together with moving generated doc into
objdir.

Moved Makefile.in into root dir

Retired all.o and birdlib.a
Linking the final binaries directly from all the .o files.
2016-05-10 14:07:34 +02:00
Ondrej Zajicek (work)
937e75d8f1 Add the Babel routing protocol (RFC 6126)
This patch implements the IPv6 subset of the Babel routing protocol.
Based on the patch from Toke Hoiland-Jorgensen, with some heavy
modifications and bugfixes.

Thanks to Toke Hoiland-Jorgensen for the original patch.
2016-04-28 18:01:40 +02:00
Ondrej Zajicek (work)
a7baa09862 BSD: Add the IPsec SA/SP database entries control
Add code for manipulation with TCP-MD5 keys in the IPsec SA/SP database
at FreeBSD systems. Now, BGP MD5 authentication (RFC 2385) keys are
handled automatically on both Linux and FreeBSD.

Based on patches from Pavel Tvrdik.
2016-04-13 14:37:09 +02:00
Jan Moskyto Matejka
2003a18407 Route update: move table lookup from protocols into rte_update2().
Many protocols do almost the same when creating a rte_update request
before calling rte_update2(). This commit should simplify the protocol
side of the route-creation routine.
2016-04-08 13:09:06 +02:00
Jan Moskyto Matejka
7a7ac65682 Merge branch 'master' into int-new-channels 2016-04-08 12:28:33 +02:00
Jan Moskyto Matejka
4bdf1881dc Channelize: rt_notify arg conversion table -> channel 2016-04-07 10:08:23 +02:00
Ondrej Zajicek (work)
bd22d7f41d IO: Avoid multiple event cycles in one loop cycle.
Event cycle may took too much time and trigger next timer events, so
avoid cycling between timer and event cycles inside the loop cycle.
2016-04-06 11:57:28 +02:00
Ondrej Zajicek (work)
9e7b3ebdf9 IO: Replace RX priority heuristic with explicit mark
In BIRD, RX has lower priority than TX with the exception of RX from
control socket. The patch replaces heuristic based on socket type with
explicit mark and uses it for both control socket and BGP session waiting
to be established.

This should avoid an issue when during heavy load, outgoing connection
could connect (TX event), send open, but then failed to receive OPEN /
establish in time, not sending notifications between and therefore
got hold timer expired error from the neighbor immediately after it
finally established the connection.
2016-04-06 11:49:34 +02:00
Ondrej Zajicek (work)
665b8e5283 Birdlib: Do cleanups after remove/free
To avoid byzantine behavior in case of some errors, linked lists are
cleared after rem_node() and resource headers are cleared after rfree().
2016-03-23 02:21:42 +01:00
Ondrej Zajicek (work)
39a6b19d6d OSPF: Fix bogus LSA ID collisions between received and originated LSAs
After restart, LSAs locally originated by the previous instance are
received from neighbors. They are installed to LSA db and flushed. If
export of a route triggers origination of a new external LSA before flush
of the received one is complete, the check in ospf_originate_lsa() causes
origination to fail (because en->nf is NULL for the old LSA and non-NULL
for the new LSA). The patch fixes this by updating the en->nf for LSAs
being flushed (as is already done for empty ones). Generally, en->nf
field deserves some better description in the code.

Thanks to Jigar Mehta for analyzing the problem.
2016-03-23 02:21:42 +01:00
Ondrej Zajicek (work)
a459f4df16 OSPF: Fix reading from freed memory
Thanks to Pavel Tvrdik for noticing it.
2016-03-23 02:21:42 +01:00
Jan Moskyto Matejka
62a4ad3657 Merge remote-tracking branch 'origin/poll' 2016-03-22 13:23:55 +01:00
Pavel Tvrdík
9036bbf2b7 RIP: fix typo in configuration at rx length opt 2016-03-17 18:40:54 +01:00
Jan Moskyto Matejka
fd926ed4ee Poll: Prevent the improbable case of EAGAIN after POLLIN 2016-03-15 14:57:49 +01:00
Ondrej Zajicek (work)
e3f506f9b5 OSPF: Multicast ability is irrelevant for stub interfaces 2016-02-25 18:23:39 +01:00
Ondrej Zajicek (work)
487c6961cb BGP: Fix bug in incoming connection handling
When a BGP session was established by an outgoing connection with
Graceful Restart behavior negotiated, a pending incoming connection in
OpenSent state, and another incoming connection was received, then the
outgoing connection (and whole BGP session) was closed, but the old
incoming connection was just overwritten by the new one. That later
caused a crash when the hold timer from the old connection fired.
2016-02-11 16:38:28 +01:00
Ondrej Zajicek (work)
f4a60a9bc4 Channels - explicit links between protocols and tables
The patch adds support for channels, structures connecting protocols and
tables and handling most interactions between them. The documentation is
missing yet.
2016-02-01 10:28:50 +01:00
Pavel Tvrdík
d82987d12e RIP: Fix DBG output 2016-01-27 12:41:32 +01:00
Jan Moskyto Matejka
74d9416763 RIPng: fixed misrejection of host routes 2016-01-25 10:29:06 +01:00
Jan Moskyto Matejka
6ffa8f5393 Hidden AF_INET* inside sysdep/ 2016-01-11 09:29:51 +01:00
Jan Moskyto Matejka
5b218c3d9b BFD: split of v4/v6 sockets 2016-01-11 09:29:51 +01:00
Ondrej Zajicek (work)
74c838a870 Move ID allocator to a separate file and use it also in OSPF 2015-12-29 15:42:12 +01:00
Ondrej Zajicek (work)
04632fd77f Follow-up work on integration 2015-12-24 15:56:04 +01:00
Ondrej Zajicek (work)
600998fcb1 Modify FIB_WALK() and FIB_ITERATE() to work with new FIB code
Returned user data pointers have offset relative to fib_node.
2015-12-21 20:28:44 +01:00
Ondrej Zajicek (work)
0bf95f99e6 Follow-up work on integration
Contains some patches from Jan Moskyto Matejka
2015-12-21 17:17:21 +01:00
Ondrej Zajicek (work)
23c212e7f1 Follow-up work on integration 2015-12-21 03:33:18 +01:00
Jan Moskyto Matejka
7fd4143ead Integrated address print lengths
Minor changes by Ondrej Santiago Zajicek
2015-12-20 13:47:39 +01:00
Jan Moskyto Matejka
d7661fbe9d Removed BITS_PER_IP_ADDRESS, MAX_PREFIX_LENGTH, BIRD_AF
Explicit setting of AF_INET(6|) in IP socket creation. BFD set to listen
on v6, without setting the V6ONLY flag to catch both v4 and v6 traffic.

Squashing and minor changes by Ondrej Santiago Zajicek
2015-12-19 15:57:09 +01:00
Ondrej Zajicek (work)
52e21323b6 BGP: Update capability number from IANA for extended messages 2015-11-25 15:52:58 +01:00
Ondrej Zajicek (work)
04ae8ddaa1 Merge branch 'master' into int-new 2015-11-25 14:24:35 +01:00
Pavel Tvrdík
33b4f40acc MD5: Mormalize naming style 2015-11-24 16:01:48 +01:00
Ondrej Zajicek (work)
d44e686e9b Follow-up commit on integrated BIRD
Use net_addr for interface address prefixes, support net_addr in
configuration parser.
2015-11-12 02:03:59 +01:00
Ondrej Zajicek (work)
fe9f1a6ded Initial commit on integrated BIRD
New data types net_addr and variants (in lib/net.h) describing
network addresses (prefix/pxlen). Modifications of FIB structures
to handle these data types and changing everything to use these
data types instead of prefix/pxlen pairs where possible.

The commit is WiP, some protocols are not yet updated (BGP, Kernel),
and the code contains some temporary scaffolding.

Comments are welcome.
2015-11-05 12:48:52 +01:00
Ondrej Zajicek (work)
8eb8e546dc Merge branch 'master' into rip-new 2015-10-17 14:44:34 +02:00
Ondrej Zajicek (work)
8465dccb06 Major RIP redesign
The new RIP implementation fixes plenty of old bugs and also adds support
for many new features: ECMP support, link state support, BFD support,
configurable split horizon and more. Most options are now per-interface.
2015-10-05 13:18:10 +02:00
Ondrej Zajicek
b5e76398de OSPF: Fixes some issues with link detection
Thanks to Bernardo Figueiredo and Israel G. Lugo for the bugreport.
2015-08-19 11:16:23 +02:00
Ondrej Zajicek
538264cf1a Static: Support for BFD controlled static routes 2015-07-24 18:02:07 +02:00
Ondrej Zajicek
1321e12ac4 Static: Allows to specify attributes for static routes
The patch adds suport for specifying route attributes together with
static routes, e.g.:

 route 10.1.1.0/24 via 10.0.0.1 { krt_advmss = 1200; ospf_metric1 = 100; };
2015-07-20 17:11:10 +02:00
Ondrej Zajicek
ffa398b8d8 BFD: Fixes crash after socket error
Thanks to Thomas King for the bugreport.
2015-07-19 11:39:24 +02:00
Ondrej Zajicek
06e0d1b692 BGP: Extended messages support
Implements draft-ietf-idr-bgp-extended-messages-10, for now
undocumented and with temporary private capability number.
2015-07-18 13:38:21 +02:00
Ondrej Zajicek
8d9eef1771 BGP multipath support
Kernel option 'merge paths' allows to merge routes exported to kernel
protocol (currently BGP and static routes) to multipath routes.
2015-06-08 02:24:08 +02:00
Ondrej Zajicek
d217ba5111 Moving of mulipath merging code from OSPF to nest 2015-06-08 02:24:08 +02:00
Pavel Tvrdík
ae80a2de95 unsigned [int] -> uint 2015-06-08 02:24:08 +02:00
Pavel Tvrdík
e348ef01b4 unsgined char -> byte 2015-06-08 02:24:08 +02:00
Ondrej Filip
398f922531 Typo fix by Hans van Kranenburg 2015-06-01 10:41:17 +02:00
Ondrej Zajicek
77edab6409 OSPF: Redesign LSA checksumming
New LSA checksumming code separates generic Fletcher-16 and OSPF-specific
code and avoids back and forth endianity conversions, making it much more
readable and also several times faster.
2015-05-01 14:40:56 +02:00
Ondrej Zajicek
30d09eb96e OSPF: Fixes validation of LSA checksums
Prior to this patch, BIRD validates the OSPF LSA checksum by calculating
a new checksum and comparing it with the checksum in the header. Due to
the specifics of the Fletcher checksum used in OSPF, this is not
necessarily correct as the checkbytes in the header may be calculated via
a different means and end up with a different value that is nonetheless
still correct.

The documented means of validating the checksum as specified in RFC 905
B.4 is to calculate c0 and c1 from the unchanged contents of the packet,
which must result in a zero value to be considered valid.

Thanks to Chris Boot for the patch.
2015-04-28 13:45:44 +02:00
Ondrej Zajicek
ef3cac669c OSPF: Fixes handling of external routes with immediate gw
The bug caused that received external LSAs with locally reachable
next hops were ignored. I wonder why nobody noticed it sooner.
2015-04-18 13:26:45 +02:00
Ondrej Zajicek
304ac2e861 Minor fixes 2015-04-12 10:47:17 +02:00
Ondrej Zajicek
d924d5a562 BGP: Fixes serious bug in TX handling
Under some circumstances and heavy load, TX could be postponed
until the session fails with hold timer expired.

Thanks to Javor Kliachev for making the bug reproductible.
2015-04-01 00:10:00 +02:00
Ondrej Zajicek
2eadd36fa0 BGP: AS-wide unique router ID (RFC 6286) support
RFC 6286 relaxed rules for router IDs, allowing EBGP sessions between
routers with the same ID (but different ASN).
2015-03-29 21:24:47 +02:00
Ondrej Zajicek
9aed29e605 BGP: Enhanced route refresh (RFC 7313) support
Also hook feed_done is renamed to feed_end.
2015-03-29 18:29:49 +02:00
Ondrej Zajicek
509aab5deb Fixes serious bug in BGP add-path
Temporary rta is reused in BGP, while rta_lookup() breaks it.

Thanks to Alexander Chernikov for analysing the problem.
2015-03-02 10:58:20 +01:00
Ondrej Zajicek
9c89560e6c Use IP_PORTRANGE_HIGH for BFD where available 2015-02-22 20:14:14 +01:00
Ondrej Zajicek
6cf72d7ad7 Rename BGP option 'start delay' to 'connect delay'
Also update log message for error-triggered startup delay.
2015-02-22 17:21:54 +01:00
Ondrej Zajicek
a1beb8f3ee Relax BGP neighbor parameter
Permit specifying neighbor address, AS number and port independently.
Add 'interface' parameter for specifying interface for link-local
sessions independently.

Thanks to Alexander V. Chernikov for the original patch.
2015-02-22 13:50:58 +01:00
Ondrej Zajicek
2bbc308321 Store protocol config size inside protocol structure
Make proto_config_new() use this info instead of supplied size.

Thanks to Alexander V. Chernikov for the patch.
2015-02-21 21:08:23 +01:00
Ondrej Zajicek
374917adcc Make BGP protocol instance search a separate function
Thanks to Alexander V. Chernikov for the patch.
2015-02-21 20:55:43 +01:00
Pavel Tvrdik
4a591d4b94 Replacing GNU old-style field designator extension 2015-02-21 19:31:36 +01:00
Ondrej Zajicek
8ce9a87755 Fixes minor bug in BFD.
Thanks to Pavel Tvrdik for noticing it.
2015-02-21 14:52:17 +01:00
Ondrej Zajicek
dfc7a6c6a0 Fixes potential alignment bug in BGP.
Thanks to Andrew (seti.kr.ua) for the bug report.
2015-02-21 12:24:30 +01:00
Ondrej Zajicek
523f020b5f Link state support in BGP.
Configurable fast shutdown of a BGP session when an interface loses link.
2015-02-21 12:15:56 +01:00
Ondrej Zajicek
ac9dc669d8 Bugfix in latest OSPF changes. 2014-11-03 20:35:25 +01:00
Ondrej Zajicek
cd3b700393 Bugfix to OSPF reconfiguration. 2014-11-03 14:53:59 +01:00
Ondrej Zajicek
6f8bbaa10b Fininshing integrated OSPF. 2014-11-03 10:42:55 +01:00
Ondrej Zajicek
88a183c6c9 Integrated IP functions. 2014-10-24 11:11:43 +02:00