Age | Commit message (Collapse) | Author |
|
|
|
The RPKI protocol (RFC 6810) using the RTRLib
(http://rpki.realmv6.org/) that is integrated inside
the BIRD's code.
Implemeted transports are:
- unprotected transport over TCP
- secure transport over SSHv2
Example configuration of bird.conf:
...
roa4 table r4;
roa6 table r6;
protocol rpki {
debug all;
# Import both IPv4 and IPv6 ROAs
roa4 { table r4; };
roa6 { table r6; };
# Set cache server (validator) address,
# overwrite default port 323
remote "rpki-validator.realmv6.org" port 8282;
# Overwrite default time intervals
retry 10; # Default 600 seconds
refresh 60; # Default 3600 seconds
expire 600; # Default 7200 seconds
}
protocol rpki {
debug all;
# Import only IPv4 routes
roa4 { table r4; };
# Set cache server address to localhost,
# use default ports tcp => 323 or ssh => 22
remote 127.0.0.1;
# Use SSH transport instead of unprotected transport over TCP
ssh encryption {
bird private key "/home/birdgeek/.ssh/id_rsa";
remote public key "/home/birdgeek/.ssh/known_hosts";
user "birdgeek";
};
}
...
|
|
|
|
In a header file write it with extern keyword. And in one of the *.c
file declare it without extern keyword.
|
|
BSD lib/setkey.h and lib/sysio.h #include fixes.
OpenBSD's flex needs -o param without space.
V6ONLY for SK_IP fix.
|
|
|
|
|
|
AF can be specified implicitly by saddr or daddr, flags SKF_V4ONLY and
SKF_V6ONLY are to be removed.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The netlink code assumes an order for the members of struct msghdr.
This breaks recvmsg and sendmsg with musl libc on mips64. Fix this by
using designated initializers instead.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
|
|
|
|
|
|
sysdep/linux/netlink.c:921:10: error: fields must have a constant size:
'variable length array in structure' extension will never be supported
char buf[128 + KRT_METRICS_MAX*8 + nh_bufsize(a->nexthops)];
^
1 error generated.
|
|
Also removed the lib-dir merging with sysdep. Updated #include's
accordingly.
Fixed make doc on recent Debian together with moving generated doc into
objdir.
Moved Makefile.in into root dir
Retired all.o and birdlib.a
Linking the final binaries directly from all the .o files.
|
|
==00:00:00:02.831 2468== Syscall param socketcall.setsockopt(optval) points to uninitialised byte(s)
==00:00:00:02.831 2468== at 0x513BDEA: setsockopt (in /usr/lib/libc-2.23.so)
==00:00:00:02.831 2468== by 0x45C7AF: sk_setup (io.c:1216)
==00:00:00:02.831 2468== by 0x45CDFF: sk_open (io.c:1417)
==00:00:00:02.831 2468== by 0x44B562: rip_open_socket (packets.c:740)
==00:00:00:02.831 2468== by 0x4481A7: rip_iface_locked (rip.c:616)
==00:00:00:02.831 2468== by 0x4133E4: olock_run_event (locks.c:177)
==00:00:00:02.831 2468== by 0x45A6DE: ev_run (event.c:85)
==00:00:00:02.831 2468== by 0x45A7AD: ev_run_list (event.c:142)
==00:00:00:02.831 2468== by 0x45E0FC: io_loop (io.c:2066)
==00:00:00:02.831 2468== by 0x463B56: main (main.c:845)
==00:00:00:02.831 2468== Address 0xffefffd24 is on thread 1's stack
==00:00:00:02.831 2468== in frame #1, created by sk_setup (io.c:1188)
==00:00:00:02.831 2468== Uninitialised value was created by a stack allocation
==00:00:00:02.831 2468== at 0x45C6BB: sk_setup (io.c:1188)
|
|
|
|
|
|
This patch implements the IPv6 subset of the Babel routing protocol.
Based on the patch from Toke Hoiland-Jorgensen, with some heavy
modifications and bugfixes.
Thanks to Toke Hoiland-Jorgensen for the original patch.
|
|
Add code for manipulation with TCP-MD5 keys in the IPsec SA/SP database
at FreeBSD systems. Now, BGP MD5 authentication (RFC 2385) keys are
handled automatically on both Linux and FreeBSD.
Based on patches from Pavel Tvrdik.
|
|
|
|
When enabled, direct protocol generates routes only if the underlying
link state is up.
|
|
Many protocols do almost the same when creating a rte_update request
before calling rte_update2(). This commit should simplify the protocol
side of the route-creation routine.
|
|
|
|
Add option that changes default paths for config file and control socket
to the current working directory.
|
|
|
|
int-new-channels
|
|
Counter exp_routes is increased during initial route feed after GR
recovery, so it has to start with zero, otherwise BIRD will end with
double value in exp_routes.
|
|
Event cycle may took too much time and trigger next timer events, so
avoid cycling between timer and event cycles inside the loop cycle.
|
|
In BIRD, RX has lower priority than TX with the exception of RX from
control socket. The patch replaces heuristic based on socket type with
explicit mark and uses it for both control socket and BGP session waiting
to be established.
This should avoid an issue when during heavy load, outgoing connection
could connect (TX event), send open, but then failed to receive OPEN /
establish in time, not sending notifications between and therefore
got hold timer expired error from the neighbor immediately after it
finally established the connection.
|
|
When a kernel route changed, function krt_learn_scan() noticed that and
replaced the route in internal kernel FIB, but after that, function
krt_learn_prune() failed to propagate the new route to the nest, because
it confused the new route with the (removed) old best route and decided
that the best route did not changed.
Wow, the original code (and the bug) is almost 17 years old.
|
|
The events variable is used in the short loop decision. The reasons are
not much clear, keeping this to keep the former behaviour.
|
|
The old linked list implementation used some wild typecasts and required
GCC option -fno-strict-aliasing to work properly. This patch fixes that.
However, we still keep the option due to other potential problems.
(Commited by Ondrej Santiago Zajicek)
|
|
To avoid byzantine behavior in case of some errors, linked lists are
cleared after rem_node() and resource headers are cleared after rfree().
|
|
After restart, LSAs locally originated by the previous instance are
received from neighbors. They are installed to LSA db and flushed. If
export of a route triggers origination of a new external LSA before flush
of the received one is complete, the check in ospf_originate_lsa() causes
origination to fail (because en->nf is NULL for the old LSA and non-NULL
for the new LSA). The patch fixes this by updating the en->nf for LSAs
being flushed (as is already done for empty ones). Generally, en->nf
field deserves some better description in the code.
Thanks to Jigar Mehta for analyzing the problem.
|
|
|
|
Thanks to Pavel Tvrdik for noticing it.
|
|
|
|
It does strange things when even one fd larger than FD_SETSIZE is
passed to select().
|
|
|
|
|