| Age | Commit message (Collapse) | Author |
|---|
|
Increase this value if the number of shift reduce conflicts changes in
the future.
|
|
WIP debug unix socket
WIP debug socket
WIP debug sk_free
WIP debug print errno
WIP debug socket
WIP debug fix sign-ness
WIP debug put
WIP debug unix socket
|
|
Wireguard: Debug
Wireguard: Implement tunnel encode decode
Wireguard: Add remote endpoint
Wireguard: Refactor into peer and allowed ips functions
Wireguard: Clean up config.Y
Wireguard: Extended color community
Wireguard: Allow multiple channels
Wireguard: Add peer config settings
Wireguard: Set up wireguard device
Add private key and listen port items.
Wireguard: Add peer list
Wireguard: Move key conversion
Wireguard: Use recursive tunnel encaps
Wireguard: Add user space support
Wireguard: Reinit wg device at shutdown
Wireguard: Add channel hooks
Wireguard: Implement copy_config
Wireguard: Fixes
Wireguard: Add tunnel_type config parameter
Use 51820 (default wireguard port) as default tunnel type.
Wireguard: Rename remote endpoint to tunnel endpoint
Adopt to draft-ietf-idr-tunnel-encaps-13.txt
by renaming emote endpoint to tunnel endpoint.
Wireguard: Fix discarded const qualifiers
Wireguard: Remove bgp include
Wireguard: Generalize tunnel encapsulation
Wireguard: Add struct tunnel_encap
Wireguard: Remove wg peer on withdraw
Wireguard: Refactor remove_allowed_ip
Wireguard: Dump peers
Wireguard: Fix duplicate allowedip entries
Wireguard: Dump peers
Wireguard: Don't add endpoint if not set
Wireguard: Replace debug with DBG
Wireguard: Replace log with WG_TRACE
Wireguard: Refactor add_allowed_ip
Wireguard: Don't replace peers
Wireguard: Don't fix listen_port update
Wireguard: Move wireguard formatting from tunnel_encaps library
Wireguard: Change from eattr to adata in decode and format
wireguard: support multiple TLVs
Wireguard: use visitor in wireguard
Wireguard: WIP add wireguard sub-TLV to parser
Wireguard: update debug msg
wireguard: register name
Wireguard: WIP
Wireguard: implement allowed_ips instead of allowed_ip
Wireguard: fix free peer, and peer config syntax
Wireguard: clean up
Wireguard: change key options to bytestring
Wireguard: Add EA_GET
|
|
Refer to RFC 9012, The BGP Tunnel Encapsulation Attribute.
Improve format function
DOC
Minor fix
Fix debug
|
|
|
|
Filter: TLV
Filter: support multiple TLVs
Filter: clean unused build_tunnel_encap and calc_tunnel_encap
Filter: replace te_format_tlvlist using format visitor
Filter: add af to ep subtlv
Filter: define tlvlist_calc_tunnel_encap_new and tlvlist_decode_tunnel_encap
Filter: use tlvlist_calc_tunnel_encap_new
Filter: add visit_tlv_end and visit_subtlv_end
Filter: use visitor in EA_SET
Filter: use vistor in EA_SET
Filter: add tlvlist_same fixes configure free peer
Generalize tunnel encapsulation
Add struct tunnel_encap
Improve format function
Add tunnel type names
Add cloud security tunnel type
Update tunnel types
Add addess family
Replace log with DBG
Add format callback
Add wireguard peer key to tunnel encap format
Move wireguard formatting from tunnel_encaps library
Change from eattr to adata in decode and format
Support multiple TLVs
Use visitor pattern
Use visitor in wireguard
Remove decode_tunnel_encap
Replace te_format_tlvlist using format visitor
Remove unused structs
Use AFI_IPV4+6
Add visit_tlv_end and visit_subtlv_end
Remove debug
Fix format encap + ep
Register encap name
Filter: Simplify TLV
Remove some reserved keywords: TUNNEL_ENCAP, TUNNEL_ENDPOINT,
UDP_DEST_PORT, and COLOR
Support unknown sub-TLV.
Filter: Clean up
Clean up unused functions and structs.
Filter: replace asn with reserved in ep.
Filter: Remove unused T_TLV
Filter: Clean up commented code
Filter: Remove unused empty set
Filter: Refactor encoder
Filter: Refactor tlvlist
Filter: Implement unknown cmp
Filter: Simplify encoding
Filter: Add EA_GET
Filter: Fix indent
|
|
|
|
Problem with listen_port dead lock in wireguard-go.
|
|
Unix socket implementation for wireguard-go.
Improve socket debugging
Free sockets on error and eof
Use abstract unix sockets on Android
Send in socket tx hook
Fix unix socket, and enable fast_rx.
|
|
Add to makefile.
|
|
Implement byte string literals on the format b"xxx" and b64"xxx" which can be used as literals
and in constants.
The format b"xxx" supports character data and octal and
hexadecimal data using C escapes (\n, \nn, \nnn, \xn and \xnn).
The format b64"xxx" supports base64 encoded strings (RFC1341).
|
|
|
|
Support abstract socket in sk_unix_connect
Implement SK_UNIX_ACTIVE
|
|
BIRD implements shutdown by reconfiguring to fake empty configuration.
Such fake config structure is created from the last running config and
shares some data, including symbol table. This allows access to (removed)
routing tables and causes crash when 'show route' command is used during
shutdown.
Clean up symbol table, table list and links to default tables, so removed
routing tables cannot be accessed during shutdown.
|
|
Remove assumption that main channel is the only channel.
|
|
Pipes copy the original rte with old values, so they require rte to be
exported with stored tmpattrs. Other protocols access stored attributes
using eattr list, so they require rte to be exported with expanded
tmpattrs. This is temporary hack, we plan to remove whoe tmpattr mechanism.
Thanks to Paul Donohue for the bugreport.
|
|
This reverts commit f8e273b5e7a3c721f4a30cf27a0b4fe54602e83f.
|
|
In most cases of export there is no need to store back temporary
attributes to rte, as receivers (protocols) access eattr list anyway.
But pipe copies the original rte with old values, so we should store
tmpattrs also during export.
Thanks to Paul Donohue for the bugreport.
|
|
|
|
|
|
Just use hello_expiry for that, keep init_expiry for initial
unauthentized neighbors.
|
|
One of previous patches broke password list parsing code, fix that.
|
|
|
|
Some cleanups and bugfixes to the previous patch, including:
- Fix rate limiting in index mismatch check
- Fix missing BABEL_AUTH_INDEX_LEN in auth_tx_overhead computation
- Fix missing auth_tx_overhead recalculation during reconfiguration
- Fix pseudoheader construction in babel_auth_sign() (sport vs fport)
- Fix typecasts for ptrdiffs in log messages
- Make auth log messages similar to corresponding RIP/OSPF ones
- Change auth log messages for events that happen during regular
operation to debug messages
- Switch meaning of babel_auth_check*() functions for consistency
with corresponding RIP/OSPF ones
- Remove requirement for min/max key length, only those required by
given MAC code are enforced
|
|
This implements support for MAC authentication in the Babel protocol, as
specified by RFC 8967. The implementation seeks to follow the RFC as close
as possible, with the only deliberate deviation being the addition of
support for all the HMAC algorithms already supported by Bird, as well as
the Blake2b variant of the Blake algorithm.
For description of applicability, assumptions and security properties,
see RFC 8967 sections 1.1 and 1.2.
|
|
In preparation for adding authentication checks, refactor the TLV
walking code so it can be reused for a separate pass of the packet
for authentication checks.
|
|
Add min/max key length fields to the MAC algorithm description and
validate configured keys before they are used.
|
|
Add support for specifying a password in hexadecimal format, The result
is the same whether a password is specified as a quoted string or a
hex-encoded byte string, this just makes it more convenient to input
high-entropy byte strings as MAC keys.
|
|
Import the blake2-kat.h header with test vector output from the blake
reference implementation, and add tests to mac_test.c to compare the
output of the Bird MAC algorithm implementations with that reference
output.
Since the reference implementation only has test vectors for the full
output size, there are no tests for the smaller-sized output variants.
|
|
The Babel MAC authentication RFC recommends implementing Blake2s as one of
the supported algorithms. In order to achieve do this, add the blake2b and
blake2s hash functions for MAC authentication. The hashing function
implementations are the reference implementations from blake2.net.
The Blake2 algorithms allow specifying an arbitrary output size, and the
Babel MAC spec says to implement Blake2s with 128-bit output. To satisfy
this, we add two different variants of each of the algorithms, one using
the default size (256 bits for Blake2s, 512 bits for Blake2b), and one
using half the default output size.
Update to BIRD coding style done by committer.
|
|
Simplify the code and fix an issue with getentropy() return value.
|
|
Add a wrapper function in sysdep to get random bytes, and required checks
in configure.ac to select how to do it. The configure script tries, in
order, getrandom(), getentropy() and reading from /dev/urandom.
|
|
Routes from downed protocols stay in rtable (until next rtable prune
cycle ends) and may be even exported to another protocol. In BGP case,
source BGP protocol is examined, although dynamic parts (including
neighbor entries) are already freed. That may lead to crash under some
race conditions. Ensure that freed neighbor entry is not accessed to
avoid this issue.
|
|
underlying interface disappears
When an interface disappears, all the neighbors are freed as well. Seqno
requests were anyway not decoupled from them, leading to strange
segfaults. This fix adds a proper seqno request list inside neighbors to
make sure that no pointer to neighbor is kept after free.
|
|
Some area handling code got confused by IPv4 setup in OSPFv3 mode.
|
|
|
|
.gitlab-ci.yml:
+ pkg targets for some distros added
+ artifacts added
- some distros were commented out (due to errors).
misc/docker/*:
+ Dockerfiles updated with the necessary packages.
|
|
|
|
|
|
|
|
|
|
Also temporarily disable cf-ospf-auth, as there is some problem with it.
|
|
Use git-archive to avoid unrelated and temporary files and fix some
minor issues (e.g. dependency on bash as system shell).
|
|
init-system-helpers (>= 1.56~) can't be satisfied on:
* Ubuntu 18.04 (1.51)
* Ubuntu 16.04 (1.29)
* Debian 9 (1.48)
Remove the specific version requirement in order to enable build on
older platforms.
|
|
SUSE is more strict about .spec.
* use SPDX license id
* add missing %ghost file directive
|
|
Adressing following FTBFS on all older debian/ubuntu distros:
Can't locate LinuxDocTools/Data/Latin1ToSgml.pm in @INC (you may need to install the LinuxDocTools::Data::Latin1ToSgml module)
|
|
Files in a single new distro/ dir allow apkg to build BIRD packages for
various distros directly from upstream sources as well as from upstream
archives.
Please see distro/README.md for more detail as well as apkg docs:
https://apkg.rtfd.io
I've used these files to build bird-2.0.8 on all currently supported
releases of following distros:
* Debian
* Ubuntu
* Fedora
* CentOS
* openSUSE
Please note that latest apkg with accumulated fixes for bird is needed:
https://gitlab.nic.cz/packaging/apkg/-/merge_requests/35
|
|
|
|
|
|
For numeric operators, comma is used for disjunction in expressions like
"10, 20, 30..40". But for bitmask operators, comma is used for
conjunction in a way that does not really make much sense. Use always
explicit logical operators (&& and ||) to connect bitmask operators.
Thanks to Matt Corallo for the bugreport.
|
