0
0
mirror of https://gitlab.nic.cz/labs/bird.git synced 2024-12-23 02:01:55 +00:00
Commit Graph

173 Commits

Author SHA1 Message Date
Pavel Tvrdík
41f4b5940f RPKI protocol with integrated RTRLib inside
Add the RPKI protocol (RFC 6810) using the RTRLib
(http://rpki.realmv6.org/) that is integrated inside
the BIRD's code.

Implemeted transports are:
 - unprotected transport over TCP
 - secure transport over SSHv2

The code should work properly with one or more cache servers per protocol.

Example configuration of bird.conf:
  ...
  roa4 table roatable;

  protocol rpki {
    table roatable;

    cache 127.0.0.1; # defaults: port 8282, preference 1, no encryption

    cache 127.0.0.1 {
      preference 1;
      port 2222;
      ssh encryption {
        bird private key "/home/birdgeek/.ssh/id_rsa";
        cache public key "/home/birdgeek/.ssh/known_hosts";
        user "birdgeek";
      };
    };

    cache "rpki-validator.realmv6.org" {
      preference 2;
    };
  }
  ...
2016-01-25 15:39:38 +01:00
Pavel Tvrdík
7eb9e79648 Add condition for max_pxlen by ROA grammar 2016-01-21 10:37:08 +01:00
Pavel Tvrdík
a4caa1c0a3 Use net_addr pointer for net_addr_roaX
net_addr_roa6 is bigger than net_addr

Thanks to Ondrej Zajicek for notice
2016-01-21 10:37:08 +01:00
Pavel Tvrdík
650b418942 Delete old ROA code 2016-01-20 16:46:58 +01:00
Pavel Tvrdík
513ad0a85e Add ROA net_addr to grammar
Example:
  protocol static
  {
    route 10.110.0.0/16 max 16 as 1000 blackhole;
    route 10.120.0.0/16 max 24 as 1000 blackhole;
    route 10.130.0.0/16 max 24 as 2000 blackhole;
    route 10.130.128.0/18 max 24 as 3000 blackhole;
    ...
  }
2016-01-20 16:46:30 +01:00
Ondrej Zajicek (work)
e691d16a63 Explicit ip4_addr / ip6_addr printf support 2015-12-29 17:12:47 +01:00
Ondrej Zajicek (work)
04632fd77f Follow-up work on integration 2015-12-24 15:56:04 +01:00
Jan Moskyto Matejka
9656dce72e ROA code switchoff 2015-12-20 13:04:07 +01:00
Jan Moskyto Matejka
5e173e9f63 Stop perusing f_prefix for non-prefix-set uses
Multiple changes by Ondrej Santiago Zajicek
2015-12-19 23:49:47 +01:00
Jan Moskyto Matejka
d7661fbe9d Removed BITS_PER_IP_ADDRESS, MAX_PREFIX_LENGTH, BIRD_AF
Explicit setting of AF_INET(6|) in IP socket creation. BFD set to listen
on v6, without setting the V6ONLY flag to catch both v4 and v6 traffic.

Squashing and minor changes by Ondrej Santiago Zajicek
2015-12-19 15:57:09 +01:00
Ondrej Zajicek (work)
04ae8ddaa1 Merge branch 'master' into int-new 2015-11-25 14:24:35 +01:00
Ondrej Zajicek (work)
d44e686e9b Follow-up commit on integrated BIRD
Use net_addr for interface address prefixes, support net_addr in
configuration parser.
2015-11-12 02:03:59 +01:00
Ondrej Zajicek (work)
9b9a7143c4 Conf: Fixes bug in symbol lookup during reconfiguration
Symbol lookup by cf_find_symbol() not only did the lookup but also added
new void symbols allocated from cfg_mem linpool, which gets broken when
lookups are done outside of config parsing, which may lead to crashes
during reconfiguration.

The patch separates lookup-only cf_find_symbol() and config-modifying
cf_get_symbol(), while the later is called only during parsing. Also
new_config and cfg_mem global variables are NULLed outside of parsing.
2015-11-09 00:42:02 +01:00
Ondrej Zajicek (work)
fe9f1a6ded Initial commit on integrated BIRD
New data types net_addr and variants (in lib/net.h) describing
network addresses (prefix/pxlen). Modifications of FIB structures
to handle these data types and changing everything to use these
data types instead of prefix/pxlen pairs where possible.

The commit is WiP, some protocols are not yet updated (BGP, Kernel),
and the code contains some temporary scaffolding.

Comments are welcome.
2015-11-05 12:48:52 +01:00
Pavel Tvrdík
ae80a2de95 unsigned [int] -> uint 2015-06-08 02:24:08 +02:00
Ondrej Zajicek
8bcb5fb1e8 Implement latency tracking, internal event log and watchdog 2015-03-02 09:41:14 +01:00
Ondrej Zajicek
a1beb8f3ee Relax BGP neighbor parameter
Permit specifying neighbor address, AS number and port independently.
Add 'interface' parameter for specifying interface for link-local
sessions independently.

Thanks to Alexander V. Chernikov for the original patch.
2015-02-22 13:50:58 +01:00
Ondrej Zajicek
bc7f4e0e34 Bump max symbol length to 64.
And move the constant to conf.h header.

Thanks to Alexander Chernikov for the patch.
2015-02-21 12:42:31 +01:00
Ondrej Zajicek
88a183c6c9 Integrated IP functions. 2014-10-24 11:11:43 +02:00
Ondrej Zajicek
dcde7ae597 Allows to configure different remote port for BGP sessions.
Thanks to João Taveira Araújo for the original patch.
2014-10-02 12:52:50 +02:00
Ondrej Zajicek
b2f008378a Allows more constants in set literals.
Thanks to Michael Fincham for the bugreport.
2014-10-02 12:52:50 +02:00
Ondrej Zajicek
9eceab33f9 String constants could be used for string option values.
Thanks to Frederik Kriewitz for the patch.
2014-05-29 23:05:03 +02:00
Ondrej Zajicek
0c3d9dacaf Fixes file descriptor leak when parser ends with error.
Thanks to MrBr for the bugreport.
2014-03-25 14:58:00 +01:00
Ondrej Zajicek
0c791f873a BGP graceful restart support.
Also significant core protocol state changes needed for that,
global graceful restart recovery state and kernel proto support
for recovery.
2014-03-20 14:07:12 +01:00
Ondrej Zajicek
90eb5e7a8b Use ISO 8601 timeformats by default. 2013-11-25 13:44:07 +01:00
Ondrej Zajicek
0aeac9cb7f Merge commit 'origin/bfd' 2013-11-22 02:48:44 +01:00
Ondrej Zajicek
0e175f9f0f Fixes some BFD bugs and makes logging thread-safe. 2013-10-05 20:12:28 +02:00
Ondrej Zajicek
6a8d3f1c1f BFD work in progress.
Now it compiles and mostly works.
2013-09-16 23:57:40 +02:00
Ondrej Filip
1f64a487a0 Symbol names enclosed by apostrophes can contain colons. 2013-08-15 13:29:33 +02:00
Ondrej Zajicek
1103b32e83 Allows to define constants of all filter types. 2013-07-25 22:33:57 +02:00
Ondrej Filip
8c4da7e01d Symbol names enclosed by apostrophes can contain DOTs. 2013-02-10 19:17:38 +01:00
Ondrej Zajicek
79b4e12e60 Implements interface masks for choosing router id.
Router ID could be automatically determined based of subset of
ifaces/addresses specified by 'router id from' option. The patch also
does some minor changes related to router ID reconfiguration.

Thanks to Alexander V. Chernikov for most of the work.
2012-12-27 12:56:23 +01:00
Ondrej Zajicek
a92cf57dd6 Implements undo command and optional timeout for configuration
Several new configure command variants:

configure undo - undo last reconfiguration
configure timeout - configure with scheduled undo if not confirmed in timeout
configure confirm - confirm last configuration
configure check - just parse and validate config file
2012-12-26 12:40:48 +01:00
Ondrej Zajicek
4be266a983 Implements wildcard matching in config file include.
Also fixes some minor bugs in include.

Thanks Kelly Cochran for suggestion and draft patch.
2012-07-18 19:29:33 +02:00
Ondrej Zajicek
af582c4811 Route Origin Authorization basics.
- ROA tables, which are used as a basic part for RPKI.
 - Commands for examining and modifying ROA tables.
 - Filter operators based on ROA tables consistent with RFC 6483.
2012-03-18 17:32:30 +01:00
Ondrej Zajicek
0f808c066f Adds filtering to 'show symbols' command.
Thanks Alexander V. Chernikov for the original patch.
2012-03-16 12:47:12 +01:00
Ondrej Zajicek
20ab192bec Adds filtering to 'show ospf lsadb' command.
Thanks Alexander V. Chernikov for the original patch.
2012-03-16 12:12:26 +01:00
Ondrej Zajicek
69a8259c5e Allows sticky link-local neighbors.
Allows using NEF_STICKY neighbors with link-local addresses. This is
used for static route nexthops, they can be specified like fe80::1%eth0
.
2012-01-01 12:14:42 +01:00
Ondrej Zajicek
c32c3f88f0 Fixes parsing larger numbers on 64bit platforms. 2011-12-22 13:44:43 +01:00
Ondrej Zajicek
60fd666b79 Fixes missing header. 2011-11-10 09:22:38 +01:00
Ondrej Zajicek
a7f23f581f Implements protocol templates.
Based on the patch from Alexander V. Chernikov.
Extended to support almost all protocols.
Uses 'protocol bgp NAME from TEMPLATE { ... }' syntax.
2011-11-07 00:31:23 +01:00
Ondrej Zajicek
9b7fdfc84a Fixes for include. 2011-10-10 01:41:08 +02:00
Ondrej Filip
48ec367aab Configuration can include other files. 2011-09-11 21:21:47 +02:00
Ondrej Zajicek
b8cc390e7e Fixes several problems in filter syntax.
- Fixes several conflicts in the grammar.
 - Fixes a bug in (a..b, c) pair patterns.
 - Makes pair patterns orthogonal.
 - Allows term expressions in pair patterns without additional ( ).
 - Allows several comma separated values in switch cases.
2011-05-06 22:00:54 +02:00
Ondrej Zajicek
26d92bb892 A hack to distinguish if..else from else: in case.
The old BIRD grammar needs two lookaheads to distinguish if..else from
else: in case, which caused the parser to fail on some combinations of
both expressions.

This patch replaces two tokens 'else' ':' by one token 'else:' to fix
that.
2011-03-23 12:49:53 +01:00
Ondrej Zajicek
93e868c730 Implements Router Advertisement protocol. 2011-03-13 11:33:50 +01:00
Ondrej Zajicek
112d71a73f Fixes syntactic priority of '.' .
Dot in expressions like net.len definitely should have the highhest
priority.
2010-10-08 14:25:53 +02:00
Ondrej Zajicek
506fa1a73e Merge several fixes suggested by Joakim Tjernlund. 2010-05-02 22:41:40 +02:00
Ondrej Zajicek
44d4ab7a96 Configurable syslog name.
Also fixes a bug in syslog initialization.
2010-04-07 15:34:45 +02:00
Ondrej Zajicek
97e46d28ff Adds check for no protocol and some minor CLI fixes.
- Adds check to deny config file with no specified protocol to prevent
  loading of empty config file.
- Moves CLI init before config parse to receive immediate error message
  when cannot open control socket.
- Fixes socket name path check and other error handling in CLI init.
2010-03-17 12:19:22 +01:00