Add the RPKI protocol (RFC 6810) using the RTRLib
(http://rpki.realmv6.org/) that is integrated inside
the BIRD's code.
Implemeted transports are:
- unprotected transport over TCP
- secure transport over SSHv2
The code should work properly with one or more cache servers per protocol.
Example configuration of bird.conf:
...
roa4 table roatable;
protocol rpki {
table roatable;
cache 127.0.0.1; # defaults: port 8282, preference 1, no encryption
cache 127.0.0.1 {
preference 1;
port 2222;
ssh encryption {
bird private key "/home/birdgeek/.ssh/id_rsa";
cache public key "/home/birdgeek/.ssh/known_hosts";
user "birdgeek";
};
};
cache "rpki-validator.realmv6.org" {
preference 2;
};
}
...
Explicit setting of AF_INET(6|) in IP socket creation. BFD set to listen
on v6, without setting the V6ONLY flag to catch both v4 and v6 traffic.
Squashing and minor changes by Ondrej Santiago Zajicek
New data types net_addr and variants (in lib/net.h) describing
network addresses (prefix/pxlen). Modifications of FIB structures
to handle these data types and changing everything to use these
data types instead of prefix/pxlen pairs where possible.
The commit is WiP, some protocols are not yet updated (BGP, Kernel),
and the code contains some temporary scaffolding.
Comments are welcome.
The new RIP implementation fixes plenty of old bugs and also adds support
for many new features: ECMP support, link state support, BFD support,
configurable split horizon and more. Most options are now per-interface.
The patch adds suport for specifying route attributes together with
static routes, e.g.:
route 10.1.1.0/24 via 10.0.0.1 { krt_advmss = 1200; ospf_metric1 = 100; };
New LSA checksumming code separates generic Fletcher-16 and OSPF-specific
code and avoids back and forth endianity conversions, making it much more
readable and also several times faster.
Prior to this patch, BIRD validates the OSPF LSA checksum by calculating
a new checksum and comparing it with the checksum in the header. Due to
the specifics of the Fletcher checksum used in OSPF, this is not
necessarily correct as the checkbytes in the header may be calculated via
a different means and end up with a different value that is nonetheless
still correct.
The documented means of validating the checksum as specified in RFC 905
B.4 is to calculate c0 and c1 from the unchanged contents of the packet,
which must result in a zero value to be considered valid.
Thanks to Chris Boot for the patch.
Under some circumstances and heavy load, TX could be postponed
until the session fails with hold timer expired.
Thanks to Javor Kliachev for making the bug reproductible.
Permit specifying neighbor address, AS number and port independently.
Add 'interface' parameter for specifying interface for link-local
sessions independently.
Thanks to Alexander V. Chernikov for the original patch.