Age | Commit message (Collapse) | Author | |
---|---|---|---|
2021-11-09 | Secondary and merged exports get a whole feed instead of traversing the ↵ | Maria Matejka | |
table structures directly | |||
2021-11-09 | Route export: rejected by filter bitmap | Maria Matejka | |
If a route has been rejected by filter, store that information to avoid repeated export filter runs on rejected routes. | |||
2021-11-09 | Protocol stats split to import and export | Maria Matejka | |
2021-11-09 | Nest: Route generations and explicit tracking route propagion through pipes | Maria Matejka | |
2021-11-09 | Refeed is done from export table when appropriate | Maria Matejka | |
2021-11-09 | Recursive route nexthop updates now announced with valid new_best/old_best ↵ | Maria Matejka | |
information | |||
2021-11-09 | Suppressed MRT unused static function warning | Maria Matejka | |
2021-11-09 | Split route data structure to storage (ro) / manipulation (rw) structures. | Maria Matejka | |
Routes are now allocated only when they are just to be inserted to the table. Updating a route needs a locally allocated route structure. Ownership of the attributes is also now not transfered from protocols to tables and vice versa but just borrowed which should be easier to handle in a multithreaded environment. | |||
2021-11-09 | Extended route trace: logging Path Identifiers | Maria Matejka | |
2021-10-13 | Dropping the unused rte_same hook | Maria Matejka | |
2021-10-13 | Dropping rte-local dumper entries | Maria Matejka | |
2021-10-13 | RIP fixup + dropping the tmp_attrs mechanism as obsolete | Maria Matejka | |
2021-10-13 | BGP: Moved the suppressed and stale flags to pflags | Maria Matejka | |
2021-10-13 | Kernel: Convert the rte-local attributes to extended attributes and flags to ↵ | Maria Matejka | |
pflags | |||
2021-10-13 | Dropping the RTS_DUMMY temporary route storage. | Maria Matejka | |
Kernel route sync is done by other ways now and this code is not used currently. | |||
2021-10-13 | Babel: Convert the rte-local attributes to extended attributes | Maria Matejka | |
2021-10-13 | OSPF: Convert the rte-local attributes to extended attributes | Maria Matejka | |
2021-10-13 | RIP: convert the rte-local attributes to extended attributes | Maria Matejka | |
2021-10-13 | Extended route attributes may include also pointers | Maria Matejka | |
2021-10-13 | IGP metric getter refactoring to protocol callback | Maria Matejka | |
Direct protocol hooks for IGP metric inside nest/rt-table.c make the protocol API unnecessarily complex. Instead, we use a proper callback. | |||
2021-10-13 | Route: moved rte_src pointer from rta to rte | Maria Matejka | |
It is an auxiliary key in the routing table, not a route attribute. | |||
2021-10-13 | Preference moved to RTA and set explicitly in protocols | Maria Matejka | |
2021-10-13 | Preexport: No route modification, no linpool needed | Maria Matejka | |
2021-10-13 | Export table: Delay freeing of old stored route. | Maria Matejka | |
This is needed to provide the protocols the full old route after filters when export table is enabled. | |||
2021-10-13 | There may be a symbol with NULL protocol when reconfiguring | Maria Matejka | |
2021-10-13 | Show route may be accidentally called on shutdown also when not all default ↵ | Maria Matejka | |
tables are present | |||
2021-10-13 | fixup! Multipage allocation | Maria Matejka | |
2021-10-13 | Multipage allocation | Maria Matejka | |
We can also quite simply allocate bigger blocks. Anyway, we need these blocks to be aligned to their size which needs one mmap() two times bigger and then two munmap()s returning the unaligned parts. The user can specify -B <N> on startup when <N> is the exponent of 2, setting the block size to 2^N. On most systems, N is 12, anyway if you know that your configuration is going to eat gigabytes of RAM, you are almost forced to raise your block size as you may easily get into memory fragmentation issues or you have to raise your maximum mapping count, e.g. "sysctl vm.max_map_count=(number)". | |||
2021-10-13 | CLI socket accept() may also fail and should produce some message, not a ↵ | Maria Matejka | |
coredump. | |||
2021-10-13 | OSPF: explicitly stop the periodic tick on shutdown to avoid recalculation races | Maria Matejka | |
2021-10-13 | Linpools may use pages instead of xmalloc | Maria Matejka | |
2021-10-13 | fixup! Bound allocated pages to resource pools with page caches to avoid ↵ | Maria Matejka | |
unnecessary syscalls | |||
2021-09-10 | Bound allocated pages to resource pools with page caches to avoid ↵ | Maria Matejka | |
unnecessary syscalls | |||
2021-09-10 | Reducing filter stack size to allow for lesser thread stack size | Maria Matejka | |
2021-09-10 | OSPF: Setting a list node NULL before use | Maria Matejka | |
2021-09-10 | Fixed memory poisoning in slab | Maria Matejka | |
2021-09-10 | Debug output uses local buffer to avoid clashes between threads. | Maria Matejka | |
2021-09-10 | Filter: Additional consistency checks | Maria Matejka | |
2021-09-10 | Nest: Clean up main channel handling | Ondrej Zajicek (work) | |
Remove assumption that main channel is the only channel. | |||
2021-06-11 | CI: Allow Babel tests | Ondrej Zajicek (work) | |
2021-06-09 | Nest: Allow both 'password' and 'key' keywords for authentication keys | Ondrej Zajicek (work) | |
2021-06-09 | Babel: Simplify auth expiration | Ondrej Zajicek (work) | |
Just use hello_expiry for that, keep init_expiry for initial unauthentized neighbors. | |||
2021-06-06 | Nest: Fix password list parsing code | Ondrej Zajicek (work) | |
One of previous patches broke password list parsing code, fix that. | |||
2021-06-06 | Lib: Fix static assert macro | Ondrej Zajicek (work) | |
2021-06-06 | Babel: Add MAC authentication support - update | Ondrej Zajicek (work) | |
Some cleanups and bugfixes to the previous patch, including: - Fix rate limiting in index mismatch check - Fix missing BABEL_AUTH_INDEX_LEN in auth_tx_overhead computation - Fix missing auth_tx_overhead recalculation during reconfiguration - Fix pseudoheader construction in babel_auth_sign() (sport vs fport) - Fix typecasts for ptrdiffs in log messages - Make auth log messages similar to corresponding RIP/OSPF ones - Change auth log messages for events that happen during regular operation to debug messages - Switch meaning of babel_auth_check*() functions for consistency with corresponding RIP/OSPF ones - Remove requirement for min/max key length, only those required by given MAC code are enforced | |||
2021-06-06 | Babel: Add MAC authentication support | Toke Høiland-Jørgensen | |
This implements support for MAC authentication in the Babel protocol, as specified by RFC 8967. The implementation seeks to follow the RFC as close as possible, with the only deliberate deviation being the addition of support for all the HMAC algorithms already supported by Bird, as well as the Blake2b variant of the Blake algorithm. For description of applicability, assumptions and security properties, see RFC 8967 sections 1.1 and 1.2. | |||
2021-06-06 | Babel: Refactor TLV parsing code for easier reuse | Toke Høiland-Jørgensen | |
In preparation for adding authentication checks, refactor the TLV walking code so it can be reused for a separate pass of the packet for authentication checks. | |||
2021-06-06 | Nest: Allow MAC algorithms to specify min/max key length | Toke Høiland-Jørgensen | |
Add min/max key length fields to the MAC algorithm description and validate configured keys before they are used. | |||
2021-06-06 | Nest: Allow specifying security keys as hex bytes as well as strings | Toke Høiland-Jørgensen | |
Add support for specifying a password in hexadecimal format, The result is the same whether a password is specified as a quoted string or a hex-encoded byte string, this just makes it more convenient to input high-entropy byte strings as MAC keys. | |||
2021-06-06 | Lib: Add tests for blake2s and blake2b | Toke Høiland-Jørgensen | |
Import the blake2-kat.h header with test vector output from the blake reference implementation, and add tests to mac_test.c to compare the output of the Bird MAC algorithm implementations with that reference output. Since the reference implementation only has test vectors for the full output size, there are no tests for the smaller-sized output variants. |