summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2021-10-13Kernel: Convert the rte-local attributes to extended attributes and flags to ↵Maria Matejka
pflags
2021-10-13Dropping the RTS_DUMMY temporary route storage.Maria Matejka
Kernel route sync is done by other ways now and this code is not used currently.
2021-10-13Babel: Convert the rte-local attributes to extended attributesMaria Matejka
2021-10-13OSPF: Convert the rte-local attributes to extended attributesMaria Matejka
2021-10-13RIP: convert the rte-local attributes to extended attributesMaria Matejka
2021-10-13Extended route attributes may include also pointersMaria Matejka
2021-10-13IGP metric getter refactoring to protocol callbackMaria Matejka
Direct protocol hooks for IGP metric inside nest/rt-table.c make the protocol API unnecessarily complex. Instead, we use a proper callback.
2021-10-13Route: moved rte_src pointer from rta to rteMaria Matejka
It is an auxiliary key in the routing table, not a route attribute.
2021-10-13Preference moved to RTA and set explicitly in protocolsMaria Matejka
2021-10-13Preexport: No route modification, no linpool neededMaria Matejka
2021-10-13Export table: Delay freeing of old stored route.Maria Matejka
This is needed to provide the protocols the full old route after filters when export table is enabled.
2021-10-13There may be a symbol with NULL protocol when reconfiguringMaria Matejka
2021-10-13Show route may be accidentally called on shutdown also when not all default ↵Maria Matejka
tables are present
2021-10-13fixup! Multipage allocationMaria Matejka
2021-10-13Multipage allocationMaria Matejka
We can also quite simply allocate bigger blocks. Anyway, we need these blocks to be aligned to their size which needs one mmap() two times bigger and then two munmap()s returning the unaligned parts. The user can specify -B <N> on startup when <N> is the exponent of 2, setting the block size to 2^N. On most systems, N is 12, anyway if you know that your configuration is going to eat gigabytes of RAM, you are almost forced to raise your block size as you may easily get into memory fragmentation issues or you have to raise your maximum mapping count, e.g. "sysctl vm.max_map_count=(number)".
2021-10-13CLI socket accept() may also fail and should produce some message, not a ↵Maria Matejka
coredump.
2021-10-13OSPF: explicitly stop the periodic tick on shutdown to avoid recalculation racesMaria Matejka
2021-10-13Linpools may use pages instead of xmallocMaria Matejka
2021-10-13fixup! Bound allocated pages to resource pools with page caches to avoid ↵Maria Matejka
unnecessary syscalls
2021-09-10Bound allocated pages to resource pools with page caches to avoid ↵Maria Matejka
unnecessary syscalls
2021-09-10Reducing filter stack size to allow for lesser thread stack sizeMaria Matejka
2021-09-10OSPF: Setting a list node NULL before useMaria Matejka
2021-09-10Fixed memory poisoning in slabMaria Matejka
2021-09-10Debug output uses local buffer to avoid clashes between threads.Maria Matejka
2021-09-10Filter: Additional consistency checksMaria Matejka
2021-09-10Nest: Clean up main channel handlingOndrej Zajicek (work)
Remove assumption that main channel is the only channel.
2021-06-11CI: Allow Babel testsOndrej Zajicek (work)
2021-06-09Nest: Allow both 'password' and 'key' keywords for authentication keysOndrej Zajicek (work)
2021-06-09Babel: Simplify auth expirationOndrej Zajicek (work)
Just use hello_expiry for that, keep init_expiry for initial unauthentized neighbors.
2021-06-06Nest: Fix password list parsing codeOndrej Zajicek (work)
One of previous patches broke password list parsing code, fix that.
2021-06-06Lib: Fix static assert macroOndrej Zajicek (work)
2021-06-06Babel: Add MAC authentication support - updateOndrej Zajicek (work)
Some cleanups and bugfixes to the previous patch, including: - Fix rate limiting in index mismatch check - Fix missing BABEL_AUTH_INDEX_LEN in auth_tx_overhead computation - Fix missing auth_tx_overhead recalculation during reconfiguration - Fix pseudoheader construction in babel_auth_sign() (sport vs fport) - Fix typecasts for ptrdiffs in log messages - Make auth log messages similar to corresponding RIP/OSPF ones - Change auth log messages for events that happen during regular operation to debug messages - Switch meaning of babel_auth_check*() functions for consistency with corresponding RIP/OSPF ones - Remove requirement for min/max key length, only those required by given MAC code are enforced
2021-06-06Babel: Add MAC authentication supportToke Høiland-Jørgensen
This implements support for MAC authentication in the Babel protocol, as specified by RFC 8967. The implementation seeks to follow the RFC as close as possible, with the only deliberate deviation being the addition of support for all the HMAC algorithms already supported by Bird, as well as the Blake2b variant of the Blake algorithm. For description of applicability, assumptions and security properties, see RFC 8967 sections 1.1 and 1.2.
2021-06-06Babel: Refactor TLV parsing code for easier reuseToke Høiland-Jørgensen
In preparation for adding authentication checks, refactor the TLV walking code so it can be reused for a separate pass of the packet for authentication checks.
2021-06-06Nest: Allow MAC algorithms to specify min/max key lengthToke Høiland-Jørgensen
Add min/max key length fields to the MAC algorithm description and validate configured keys before they are used.
2021-06-06Nest: Allow specifying security keys as hex bytes as well as stringsToke Høiland-Jørgensen
Add support for specifying a password in hexadecimal format, The result is the same whether a password is specified as a quoted string or a hex-encoded byte string, this just makes it more convenient to input high-entropy byte strings as MAC keys.
2021-06-06Lib: Add tests for blake2s and blake2bToke Høiland-Jørgensen
Import the blake2-kat.h header with test vector output from the blake reference implementation, and add tests to mac_test.c to compare the output of the Bird MAC algorithm implementations with that reference output. Since the reference implementation only has test vectors for the full output size, there are no tests for the smaller-sized output variants.
2021-06-06Lib: Add Blake2s and Blake2b hash functionsToke Høiland-Jørgensen
The Babel MAC authentication RFC recommends implementing Blake2s as one of the supported algorithms. In order to achieve do this, add the blake2b and blake2s hash functions for MAC authentication. The hashing function implementations are the reference implementations from blake2.net. The Blake2 algorithms allow specifying an arbitrary output size, and the Babel MAC spec says to implement Blake2s with 128-bit output. To satisfy this, we add two different variants of each of the algorithms, one using the default size (256 bits for Blake2s, 512 bits for Blake2b), and one using half the default output size. Update to BIRD coding style done by committer.
2021-06-06sysdep: Add wrapper to get random bytes - updateOndrej Zajicek (work)
Simplify the code and fix an issue with getentropy() return value.
2021-06-06sysdep: Add wrapper to get random bytesToke Høiland-Jørgensen
Add a wrapper function in sysdep to get random bytes, and required checks in configure.ac to select how to do it. The configure script tries, in order, getrandom(), getentropy() and reading from /dev/urandom.
2021-06-01BGP: Ensure that freed neighbor entry is not accessedOndrej Zajicek (work)
Routes from downed protocols stay in rtable (until next rtable prune cycle ends) and may be even exported to another protocol. In BGP case, source BGP protocol is examined, although dynamic parts (including neighbor entries) are already freed. That may lead to crash under some race conditions. Ensure that freed neighbor entry is not accessed to avoid this issue.
2021-05-30Babel: Seqno requests are properly decoupled from neighbors when the ↵Maria Matejka
underlying interface disappears When an interface disappears, all the neighbors are freed as well. Seqno requests were anyway not decoupled from them, leading to strange segfaults. This fix adds a proper seqno request list inside neighbors to make sure that no pointer to neighbor is kept after free.
2021-05-26OSPF: Fix OSPFv3 in IPv4 mode with multiple areasOndrej Zajicek (work)
Some area handling code got confused by IPv4 setup in OSPFv3 mode.
2021-05-20CI: Try different locale for Centos 7Ondrej Zajicek (work)
2021-05-20CI: Package build for more platformsMatous Holinka
.gitlab-ci.yml: + pkg targets for some distros added + artifacts added - some distros were commented out (due to errors). misc/docker/*: + Dockerfiles updated with the necessary packages.
2021-05-19CI: Try utf-8 locale to workaround apkg issueOndrej Zajicek (work)
2021-05-19CI: Build documentation where tools are availableOndrej Zajicek (work)
2021-05-19CI: Update docker images for building of documentationOndrej Zajicek (work)
2021-05-19Pkg: Enable docs subpackage for DebianOndrej Zajicek (work)
2021-05-19CI: Test of apkg buildOndrej Zajicek (work)
Also temporarily disable cf-ospf-auth, as there is some problem with it.