0
0
mirror of https://gitlab.nic.cz/labs/bird.git synced 2024-11-18 00:58:42 +00:00
Commit Graph

4254 Commits

Author SHA1 Message Date
Maria Matejka
b4196b70c4 BGP: SendHoldTimer became an RFC, updating docs 2024-11-06 13:05:32 +01:00
Ondrej Zajicek
294d363da0 Filter: Remove T_ENUM_RTC
It is not used for a long time.
2024-10-18 16:53:12 +02:00
Ondrej Zajicek
1002c35bf9 Filter: Replace T_ENUM_NETTYPE with T_ENUM_NET_TYPE
To be consistent with other enum type names.
2024-10-18 16:49:19 +02:00
Ondrej Zajicek
80ca0ed279 Filter: Add enum types to filter grammar
Enum types existed on semantic level, but not on syntactic level,
so they could not be used in filter code.

Generate filter grammar for enum types based on CF_ENUM() declarations.

Thanks to lbz for the bugreport.
2024-10-18 16:39:42 +02:00
Eric Long
072821e55e Flowspec: Fix IPv6 prefix when offset is not multiple of 8
Current implementation handles flowspec prefix length and offset only
in bytes, but RFC 8956 (Dissemination of Flow Specification Rules for
IPv6) Section 3.1 [1] and example in Section 3.8.2 [2] states the
pattern should begin right after offset *bits*.

For example, pattern "::1:1234:5678:9800:0/60-104" is currently
serialized as "02 68 3c 01 12 34 56 78 98", but it should shift its
pattern 4 more bits to the left: "02 68 3c 11 23 45 67 89 80".

This patch implements shifting left/right for IPv6 type and use it to
correct the behaviour. Test data are replaced with the correct ones.

Minor changes and test vectors done by committer.

[1]: https://www.rfc-editor.org/rfc/rfc8956.html#section-3.1
[2]: https://www.rfc-editor.org/rfc/rfc8956.html#section-3.8.2
2024-10-16 21:32:36 +02:00
Ondrej Zajicek
6f9ccfae9e Flowspec: Test improvements
Simplify Flowspec initialization macros.

Add examples from RFC 8955 4.3 and RFC 8956 3.8 to format tests.
2024-10-16 04:04:46 +02:00
Ondrej Zajicek
a70ecadefe Doc: Minor fixes 2024-10-15 17:19:42 +02:00
Ondrej Zajicek
cb40a666b9 Doc: Fix code blocks
Code blocks should not be indented, as the indendation is passed
to the output,
2024-10-15 17:17:10 +02:00
Johannes Erwerle
72c2df562d Doc: Improve readability of the operator documentation
Minor changes by committer.
2024-10-15 17:17:06 +02:00
Ondrej Zajicek
48a620a916 Fix typo in documentation 2024-10-09 18:00:16 +02:00
Ondrej Zajicek
39e75b879b Filter: Fixes and improvements related to case/sets
Unify grammar for set_atom and switch_atom to avoid inconsistencies
between them. Fix errors in documentation related to case statement
and set type. Change 'vpnrd' to 'rd' to be consistent with the filter
language.

Thanks to Mikhail Mayorov for bugreport.
2024-10-08 19:44:17 +02:00
Ondřej Zajíček
163ab3130f Merge branch 'dpetera-master-patch-71179' into 'master'
Fix typo in user docs

See merge request labs/bird!27
2024-10-07 16:35:55 +02:00
David Petera
d4929d9113 Fix typo in user docs 2024-10-07 16:15:09 +02:00
Job Snijders
8dc2a36ae5 RPKI: Add TCP-MD5 authentication option
RPKI-To-Router (RTR) sessions seem to be similar security-sensitivity as
IBGP sessions. BIRD already offered a choice of either "plain TCP" (meh)
or "SSH" (secure, albeit a bit more hassle to set up than TCP-MD5).
The patch adds TCP-MD5 as another option. TCP-MD5 for RTR is specified
through RFC 6810 section 7.3 and RFC 8210 section 9.3.

Minor changes by committer.
2024-10-03 16:25:29 +02:00
Maria Matejka
5daec239c4 Renamed my past self in commit authorship and mentioned that in the contributing policy 2024-08-29 14:38:58 +02:00
Maria Matejka
2ba6e797cc Fixed a stupid bug in parse-and-exit mode
Introduced in 08ff0af898, the additional CLI
configuration wasn't properly initialized in the parse-and-exit mode
due to an oversight that cli_init_unix() is not called in this mode.

Thanks to Felix Friedlander for the bugreport.
2024-08-29 14:37:19 +02:00
Fabrice Fontaine
404e82616d configure.ac: properly evaluate ac_test_CFLAGS
Since autoconf 2.69 and
https://git.savannah.gnu.org/cgit/autoconf.git/commit/?id=76754e04fce5f6a7701bec57b057020585df2ae3
ac_test_CFLAGS is set to ${CFLAGS+y} instead of ${CFLAGS+set}.

Just test that ac_test_CFLAGS is not empty, to support both cases.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2024-08-27 14:54:07 +02:00
Ondrej Zajicek
acbdc29d57 Lib: Expand timer recurrence to 64b
The period of recurent timers was stored in 32b field, despite it was
btime-compatible value in us. Therefore, it was limited to ~72 min,
which mas okay for most purposes, except configurable MRT dump periods.

Thanks to Felix Friedlander for the bugreport.
2024-08-27 14:28:41 +02:00
Ondrej Zajicek
5214d7e59f IO: Ensure that socket rcvbuf is large enough
The socket structure has the field rbsize (receive buffer size), which
controls the size of the userspace receive buffer. There is also kernel
receive buffer, which in some cases may be smaller (e.g. on FreeBSD it
is by default ~8k). The patch ensures that the kernel receive buffer is
as large as the userspace receive buffer.
2024-08-01 14:55:05 +02:00
Ondrej Zajicek
c9836207f5 IO: Fix missing return introduced in one of earlier patches 2024-07-30 16:42:32 +02:00
Ondrej Zajicek
df22b3140c IO: Avoid re-binding accepted sockets to VRF
When VRFs are used, BIRD correctly binds listening (and connecting)
sockets to their VRFs but also re-binds accepted sockets to the same VRF.
This is not needed as the interface bind is inherited in this case, and
indeed this redundant bind causes an -EPERM if BIRD is running as
non-root making BIRD close the connection and reject the peer.

Thanks to Christian Svensson for the original patch and Alexander Zubkov
for suggestions.
2024-07-30 16:33:51 +02:00
Maria Matejka
08ff0af898 Additional CLI sockets may now be restricted
This allows to have one main socket for the heavy operations
very restricted just for the appropriate users, whereas the
looking glass socket may be more open.

Implemented an idea originally submitted and requested by Akamai.
2024-06-27 04:14:39 +02:00
Maria Matejka
f3b6661ddd Additional CLI sockets can be now configured in the config file
If the user has such a need, they may configure additional sockets
in the config file. This may work for e.g. some advanced access control.
2024-06-27 04:14:38 +02:00
Maria Matejka
a95fff3793 CLI now has a configuration structure 2024-06-27 04:14:38 +02:00
Maria Matejka
09f50f3766 Typed lists: added forgotten #undef 2024-06-27 04:14:38 +02:00
Maria Matejka
f27004fb4d Backported typed list updates from v3
Source: dda37842dc
2024-06-27 04:14:38 +02:00
Ondrej Zajicek
333c7e8536 Doc: Minor cleanups in BFD documentation 2024-06-26 16:38:03 +02:00
Alexander Zubkov
8a40bccffe BFD: Add option to accept zero checksum for IPv6 UDP packets
Some vendors do not fill the checksum for IPv6 UDP packets.
For interoperability with such implementations one can set
UDP_NO_CHECK6_RX socket option on Linux.

Thanks to Ville O for the suggestion.

Minor changes by committer.
2024-06-26 16:29:57 +02:00
Ondrej Zajicek
00b139bd25 Kernel: Do not use route replace when krt_metric differs
The krt_metric is a part of the primary key, so it cannot differ for
route replace operation.

Thanks to Leif Jakob for the bugreport.
2024-05-30 16:12:15 +02:00
Ondrej Zajicek
a5b4c21d81 Filter: Silence some warnings in clang 2024-05-30 02:40:55 +02:00
Ondrej Zajicek
3327d61298 Lib: Fix BSD build 2024-05-30 02:11:06 +02:00
Ondrej Zajicek
c130b4e1ae Lib: Use access() function attribute 2024-05-29 13:03:10 +02:00
Ondrej Zajicek
2d6fb31cd1 Lib: Use alloc_size() function attribute 2024-05-28 16:41:24 +02:00
Ondrej Zajicek
e29f134ad9 BFD: Fix build when BFD is disabled
Move bfd_opts grammar inside BFD parser code to avoid dependences between
nest and BFD grammars, which breaks when BFD build is disabled.

Add dummy bfd_opts grammar rule, so protocols can use this nonterminal
even with BFD disabled.

Thanks to Yuri Honegger for the bugreport.
2024-05-28 15:31:52 +02:00
Maria Matejka
765debf523 Formalized our contribution policy which we're currently applying 2024-05-07 17:34:57 +02:00
Ondrej Zajicek
d0512ba74b Doc: BFD update 2024-04-17 17:07:47 +02:00
Katerina Kubecova
e6dbde6883 BFD: Set password per session 2024-04-16 15:30:59 +02:00
Ondrej Zajicek
13c10ee062 Doc: Fix datetime format for password entries
In BIRD 1, we used DD-MM-YYYY, while in BIRD 2 we switched to the usual
format YYYY-MM-DD.

Thanks to Janne Pisilä for the bugreport.
2024-04-11 18:54:23 +02:00
Ondrej Zajicek
280daed57d OSPF: Allow loopback nexthop in OSPFv3-IPv4
In OSPFv3-IPv4 there is no requirement that link-local next hop announced
in Link-LSA must be in interface address range. Therefore, for interfaces
that do not have IPv4 address we can use some loopback IP address and
announce it as a next hop. Also we should accept such address.
2024-04-04 18:37:26 +02:00
Maria Matejka
bc10975adb ASPA: checks done in filters; no autoreload yet 2024-03-25 14:15:30 +01:00
Maria Matejka
08571b2059 ASPA: basic data structures and Static protocol support 2024-03-25 14:15:30 +01:00
Maria Matejka
b95dc8f29f Expanded usage of stdbool.h to the whole BIRD 2024-03-25 09:39:58 +01:00
Ondrej Zajicek
0b684a43bd NEWS and version update 2024-03-22 01:40:43 +01:00
Ondrej Zajicek
a698f8d917 Static: Fix invalid combination of nexthop options
BFD requires defined local IP, but for nexthop with onlink there might
not be such address. So we reject this combination of nexthop options.
This prevent crash where such combination of options is used.
2024-03-22 00:40:06 +01:00
Ondrej Zajicek
d21a508e8d Revert "OSPF: On physical PtP links, skip next-hop resolving"
This reverts commit 31aa62ae6d.
2024-03-21 15:59:26 +01:00
Ondrej Zajicek
46a4932574 Merge commit '44e351d1522f0099687aac9fd65dcea73a04af43' 2024-03-21 15:58:52 +01:00
Ondrej Zajicek
66d6ac7085 Babel: Fix build with limited set of protocols 2024-03-19 15:39:46 +01:00
Ondrej Zajicek
06209c1917 Aggregator: Fix build with limited set of protocols 2024-03-19 15:39:19 +01:00
Michal Zagorski
099898ffdd Static: Fix build with limited set of protocols 2024-03-11 12:57:13 +01:00
Ondrej Zajicek
adfff44878 NEWS and version update 2024-03-10 18:57:04 +01:00