0
0
mirror of https://gitlab.nic.cz/labs/bird.git synced 2024-12-23 18:21:54 +00:00
Commit Graph

48 Commits

Author SHA1 Message Date
Maria Matejka
22f54eaee6 Resource pools are now bound with domains.
Memory allocation is a fragile part of BIRD and we need checking that
everybody is using the resource pools in an appropriate way. To assure
this, all the resource pools are associated with locking domains and
every resource manipulation is thoroughly checked whether the
appropriate locking domain is locked.

With transitive resource manipulation like resource dumping or mass free
operations, domains are locked and unlocked on the go, thus we require
pool domains to have higher order than their parent to allow for this
transitive operations.

Adding pool locking revealed some cases of insecure memory manipulation
and this commit fixes that as well.
2023-04-24 10:33:28 +02:00
Maria Matejka
34e803c6c3 Merge commit '54430df9' into thread-next 2022-11-07 10:09:01 +01:00
Maria Matejka
605ff0a0eb RPKI: wait for retry_time if we get error immediately after connected 2022-10-03 17:09:02 +02:00
Maria Matejka
7901c40500 Merge commit '3fd1f461' into thread-next
closes #16
closes #17
closes #18
2022-09-26 12:21:33 +02:00
Maria Matejka
4364ee9b6f Merge commit '938742decc6e1d6d3a0375dd012b75172e747bbc' into haugesund 2022-06-08 15:31:28 +02:00
Maria Matejka
cae5979871 Merge commit '950775f6fa3d569a9d7cd05e33538d35e895d688' into haugesund
There were quite a lot of conflicts in flowspec validation code which
ultimately led to some code being a bit rewritten, not only adapted from
this or that branch, yet it is still in a limit of a merge.
2022-06-08 11:47:49 +02:00
Maria Matejka
41508ceac3 Merge commit '1c30b689ddd032ef8000fb7836348a48ba3184ff' into haugesund 2022-05-30 17:26:25 +02:00
Maria Matejka
65254128e1 Merge commit '702c04fbef222e802ca4dfac645dc75ede522db6' into haugesund 2022-05-30 17:18:46 +02:00
Maria Matejka
1a92ee9d4d Merge commit '337c04c45e1472d6d9b531a3c55f1f2d30ebf308' into haugesund 2022-05-30 17:18:03 +02:00
Maria Matejka
5051e3c4af Merge commit '17f91f9e6e70f7e3f29502e854823c0d48571eaa' into haugesund 2022-05-30 16:59:24 +02:00
Maria Matejka
45af19dd99 Merge commit '652be92a21f5575e5f74f6abe98eb4200b86776c' into haugesund 2022-05-30 15:36:54 +02:00
Maria Matejka
d7b077f5d6 Merge commit '4a23ede2b056a41456790cc20a0c3d92a7137693' into haugesund 2022-05-30 15:31:19 +02:00
Maria Matejka
652be92a21 Merge remote-tracking branch 'origin/master' into haugesund-to-2.0 2022-05-30 15:20:21 +02:00
Maria Matejka
938742decc Squashing the route attribute structure into one level.
For now, all route attributes are stored as eattrs in ea_list. This
should make route manipulation easier and it also allows for a layered
approach of route attributes where updates from filters will be stored
as an overlay over the previous version.
2022-05-30 14:39:09 +02:00
Maria Matejka
950775f6fa Route destination field merged with nexthop attribute; splitting flowspec validation result out.
As there is either a nexthop or another destination specification
(or othing in case of ROAs and Flowspec), it may be merged together.
This code is somehow quirky and should be replaced in future by better
implementation of nexthop.

Also flowspec validation result has its own attribute now as it doesn't
have anything to do with route nexthop.
2022-05-30 14:39:09 +02:00
Ondrej Zajicek
7bb06b34a1 RPKI: Display cache server port on show protocol
Thanks to Luiz Amaral for the idea.
2022-05-21 16:03:08 +02:00
Maria Matejka
1c30b689dd Moved route source attribute (RTS_*) to eattrs 2022-05-04 15:39:53 +02:00
Maria Matejka
702c04fbef Removing the route scope attribute. Use custom attributes instead.
The route scope attribute was used for simple user route marking. As
there is a better tool for this (custom attributes), the old and limited
way can be dropped.
2022-05-04 15:39:21 +02:00
Maria Matejka
337c04c45e Moved route preference to eattrs 2022-05-04 15:39:21 +02:00
Maria Matejka
17f91f9e6e Explicit definition structures of route attributes
Changes in internal API:

* Every route attribute must be defined as struct ea_class somewhere.
* Registration of route attributes known at startup must be done by
  ea_register_init() from protocol build functions.
* Every attribute has now its symbol registered in a global symbol table
  defined as SYM_ATTRIBUTE
* All attribute ID's are dynamically allocated.
* Attribute value custom formatting hook is defined in the ea_class.
* Attribute names are the same for display and filters, always prefixed
  by protocol name.

Also added some unit testing code for filters with route attributes.
2022-05-04 15:39:19 +02:00
Maria Matejka
4a23ede2b0 Protocols have their own explicit init routines 2022-04-06 18:14:08 +02:00
Maria Matejka
3fd1f46184 RPKI has its own loop 2021-11-22 19:05:44 +01:00
Maria Matejka
20ace7f2e6 RPKI: Use the route refresh mechanism also for the first load 2021-11-22 19:05:44 +01:00
Maria Matejka
46739f007a RPKI: Do nothing when protocol is stopping 2021-11-09 19:20:41 +01:00
Maria Matejka
69d1ffde4c Split route data structure to storage (ro) / manipulation (rw) structures.
Routes are now allocated only when they are just to be inserted to the
table. Updating a route needs a locally allocated route structure.
Ownership of the attributes is also now not transfered from protocols to
tables and vice versa but just borrowed which should be easier to handle
in a multithreaded environment.
2021-11-09 19:20:41 +01:00
Maria Matejka
5cff1d5f02 Route: moved rte_src pointer from rta to rte
It is an auxiliary key in the routing table, not a route attribute.
2021-10-13 19:09:04 +02:00
Maria Matejka
eb937358c0 Preference moved to RTA and set explicitly in protocols 2021-10-13 19:09:04 +02:00
Ondrej Zajicek (work)
47d92d8f9d Nest: Clean up main channel handling
Remove assumption that main channel is the only channel.
2021-09-10 17:32:05 +02:00
Ondrej Zajicek (work)
f761be6b30 Nest: Clean up main channel handling
Remove assumption that main channel is the only channel.
2021-06-17 16:56:51 +02:00
Ondrej Zajicek (work)
17663b6a7c RPKI: Remove port (and SSH username) from 'Cache server' output line
It was mixed-up if hostname is IPv6 address, and reporting separate
values (like port) on separate lines fits better into key-value style
of 'show protocols all' output. Also, the patch simplifies transport
identification formatting (although it is unused now).

Thanks to Alarig Le Lay for the suggestion.
2021-01-07 06:04:31 +01:00
Ondrej Zajicek (work)
fc1e3211b1 RPKI: Add 'ignore max length' option
Add 'ignore max length' option to RPKI protocol, which ignores received
max length in ROA records and instead uses max value (32 or 128). This
may be useful for implementing loose RPKI check for blackholes.
2020-10-11 01:00:54 +02:00
Kazuki Yamaguchi
19f8f17320 RPKI: Fix unnecessary reconnection on reconfiguration
Compare the new timing parameters with the old configuration, not with
the temporary state of the current connection.

The timing values in struct rpki_cache is updated by a version 1 End Of
Data PDU, unless this behavior is suppressed by the configuration
explicitly by the "keep" keyword. Consequently, every reconfiguration
of BIRD triggers a reconnection even if it is not necessary.
2020-06-03 15:05:35 +02:00
Maria Matejka
027a3e66f7 RPKI: Allow build without libSSH 2020-02-04 10:15:35 +01:00
Ondrej Zajicek (work)
15b0a92294 RPKI: Fix reconfiguration when ssh parameters are undefined 2019-07-23 01:52:18 +02:00
Jan Maria Matejka
ee7e2ffd26 Protocol: Introducing an enum protocol_class
This supersedes the EAP_* constants.
2018-05-29 12:35:06 +02:00
Ondrej Zajicek (work)
72163bd5f3 Nest: Allow modification of channels inherited from templates
Multiple definitions of same channels are forbidden, but inherited
channel can be redefined. In such case channel options are merged.
2018-01-09 18:42:22 +01:00
Ondrej Zajicek (work)
a6f79ca57f Timers: Revert temporary names and remove old timer.h 2017-12-07 13:54:59 +01:00
Ondrej Zajicek (work)
ee528fbd5d Timers: Add typecast to unit-converting macros 2017-12-07 13:53:42 +01:00
Ondrej Zajicek (work)
d59c1a2958 RPKI: Update to new timers 2017-12-07 13:52:21 +01:00
Ondrej Zajicek (work)
d3fa9e84e9 Timers: Show sub-second times in some protocol outputs 2017-12-07 13:49:27 +01:00
Ondrej Zajicek (work)
025525266f Timers: Replace old timers with microsecond timers
The old timer interface is still kept, but implemented by new timers. The
plan is to switch from the old inteface to the new interface, then clean
it up.
2017-12-07 13:49:27 +01:00
Ondrej Zajicek (work)
4278abfe27 Check validity of dest w.r.t. net_type
Allow to define static roa/flow routes without dest.
2017-04-18 13:56:40 +02:00
Jan Moskyto Matejka
c609d03986 Merge branch 'int-new' into nexthop-merged 2017-02-22 11:58:04 +01:00
Ondrej Zajicek (work)
62e64905b7 Several minor fixes 2017-02-20 02:26:45 +01:00
Jan Moskyto Matejka
5b208e296f Removing (struct rta)->cast. Never used. 2016-12-22 13:09:59 +01:00
Ondrej Zajicek (work)
eeba61ccd5 Minor cleanups 2016-12-13 20:18:11 +01:00
Jan Moskyto Matejka
af62c0f9f1 LibSSH may be switched off together with RPKI 2016-12-07 14:15:35 +01:00
Pavel Tvrdík
65d2a88dd2 RPKI protocol with one cache server per protocol
The RPKI protocol (RFC 6810) using the RTRLib
(http://rpki.realmv6.org/) that is integrated inside
the BIRD's code.

Implemeted transports are:
 - unprotected transport over TCP
 - secure transport over SSHv2

Example configuration of bird.conf:
  ...
  roa4 table r4;
  roa6 table r6;

  protocol rpki {
    debug all;

    # Import both IPv4 and IPv6 ROAs
    roa4 { table r4; };
    roa6 { table r6; };

    # Set cache server (validator) address,
    # overwrite default port 323
    remote "rpki-validator.realmv6.org" port 8282;

    # Overwrite default time intervals
    retry   10;         # Default 600 seconds
    refresh 60;         # Default 3600 seconds
    expire 600;         # Default 7200 seconds
  }

  protocol rpki {
    debug all;

    # Import only IPv4 routes
    roa4 { table r4; };

    # Set cache server address to localhost,
    # use default ports tcp => 323 or ssh => 22
    remote 127.0.0.1;

    # Use SSH transport instead of unprotected transport over TCP
    ssh encryption {
      bird private key "/home/birdgeek/.ssh/id_rsa";
      remote public key "/home/birdgeek/.ssh/known_hosts";
      user "birdgeek";
    };
  }
  ...
2016-12-07 09:35:24 +01:00