summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2022-09-06Better profylaction recursive route loopsMaria Matejka
In some specific configurations, it was possible to send BIRD into an infinite loop of recursive next hop resolution. This was caused by route priority inversion. To prevent priority inversions affecting other next hops, we simply refuse to resolve any next hop if the best route for the matching prefix is recursive or any other route with the same preference is recursive. Next hop resolution doesn't change route priority, therefore it is perfectly OK to resolve BGP next hops e.g. by an OSPF route, yet if the same (or covering) prefix is also announced by iBGP, by retraction of the OSPF route we would get a possible priority inversion.
2022-08-18Merge branch 'mq-fix-eattr-setting' into backportMaria Matejka
2022-08-18Simplified the protocol hookup code in MakefilesMaria Matejka
2022-08-18Fixed initialization of Linux kernel route attributesMaria Matejka
2022-08-03Merge commit '082905a8' into HEADMaria Matejka
2022-08-03rip_rte_better() uses the IGP_METRIC_UNKNOWN instead of protocol-specific ↵Maria Matejka
infinity
2022-07-27Merge branch 'master' into backportOndrej Zajicek
2022-07-26Netlink: Restrict route replace for IPv6Ondrej Zajicek
Seems like the previous patch was too optimistic, as route replace is still broken even in Linux 4.19 LTS (but fixed in Linux 5.10 LTS) for: ip route add 2001:db8::/32 via fe80::1 dev eth0 ip route replace 2001:db8::/32 dev eth0 It ends with two routes instead of just the second. The issue is limited to direct and special type (e.g. unreachable) routes, the patch restricts route replace for cases when the new route is a regular route (with a next hop address).
2022-07-25Netlink: Simplify handling of IPv6 ECMP routesOndrej Zajicek
When IPv6 ECMP support first appeared in Linux kernel, it used different API than IPv4 ECMP. Individual next hops were updated and announced separately, instead of using RTA_MULTIPATH as in IPv4. This has several drawbacks and requires complex code to merge received notifications to one multipath route. When Linux came with IPv6 RTA_MULTIPATH support, the initial versions were somewhat buggy, so we kept using the old API for updates (splitting multipath routes to sequences of route updates), while accepting both old-style routes and RTA_MULTIPATH routes in scans / notifications. As IPv6 RTA_MULTIPATH support is here for a long time, this patch fully switches Netlink to the IPv6 RTA_MULTIPATH API and removes old complex code for handling individual next hop announces. The required Linux version is at least 4.11 for reliable operation. Thanks to Daniel Gröber for the original patch.
2022-07-24Merge branch 'master' into backportOndrej Zajicek
2022-07-24KRT: Scan routing tables separetely on linux to avoid congestionOndrej Zajicek
Remove compile-time sysdep option CONFIG_ALL_TABLES_AT_ONCE, replace it with runtime ability to run either separate table scans or shared scan. On Linux, use separate table scans by default when the netlink socket option NETLINK_GET_STRICT_CHK is available, but retreat to shared scan when it fails. Running separate table scans has advantages where some routing tables are managed independently, e.g. when multiple routing daemons are running on the same machine, as kernel routing table modification performance is significantly reduced when the table is modified while it is being scanned. Thanks Daniel Gröber for the original patch and Toke Høiland-Jørgensen for suggestions.
2022-07-22Fixed a rarely used part of Babel: comparing two routes in table by their metricMaria Matejka
2022-07-22Revert "Export table: Delay freeing of old stored route."Maria Matejka
This reverts commit cee0cd148c9b71bf47d007c850193b5fbf9486c1. This change is not needed in version 2 and the surrounding code has disappeared mostly in version 3.
2022-07-12BGP: Minor improvements to BGP rolesOndrej Zajicek
Add support for bgp_otc in filters and warning for configuration inside confederations.
2022-07-11BGP: Implement BGP rolesEugene Bogomazov
Implement BGP roles as described in RFC 9234. It is a mechanism for route leak prevention and automatic route filtering based on common BGP topology relationships. It defines role capability (controlled by 'local role' option) and OTC route attribute, which is used for automatic route filtering and leak detection. Minor changes done by commiter.
2022-07-11Added forgotten route source locking in flowspec validationMaria Matejka
2022-07-11Merge remote-tracking branch 'origin/master' into backportMaria Matejka
2022-07-11Merge commit 'beb5f78a' into backportMaria Matejka
2022-07-10Merge version 2.0.10 into backportMaria Matejka
2022-06-27Filter: Implement for loopsOndrej Zajicek (work)
For loops allow to iterate over elements in compound data like BGP paths or community lists. The syntax is: for [ <type> ] <variable> in <expr> do <command-body>
2022-06-27Filter: Implement mixed declarations of local variablesOndrej Zajicek (work)
Allow variable declarations mixed with code, also in nested blocks with proper scoping, and with variable initializers. E.g: function fn(int a) { int b; int c = 10; if a > 20 then { b = 30; int d = c * 2; print a, b, c, d; } string s = "Hello"; }
2022-06-27Filter: Improve handling of stack frames in filter bytecodeOndrej Zajicek (work)
When f_line is done, we have to pop the stack frame. The old code just removed nominal number of args/vars. Change it to use stored ventry value modified by number of returned values. This allows to allocate variables on a stack frame during execution of f_lines instead of just at start. But we need to know the number of returned values for a f_line. It is 1 for term, 0 for cmd. Store that to f_line during linearization.
2022-06-27Filter: Simplify handling of command sequencesOndrej Zajicek (work)
Command sequences in curly braces used a separate nonterminal in grammar. Handle them as a regular command.
2022-06-27Filter: Fix bug in variable shadowingOndrej Zajicek (work)
When a new variable used the same name as an existing symbol in an outer scope, then offset number was defined based on a scope of the existing symbol ($3) instead of a scope of the new symbol (sym_). That can lead to two variables sharing the same memory slot.
2022-06-27Filter: Implement soft scopesOndrej Zajicek (work)
Soft scopes are anonymous scopes that most likely do not contain any symbol, so allocating regular scope is postponed when it is really needed.
2022-06-27Filter: Implement direct recursionOndrej Zajicek (work)
Direct recursion almost worked, just crashed on function signature check. Split function parsing such that function signature is saved before function body is processed. Recursive calls are marked so they can be avoided during f_same() and similar code walking. Also, include tower of hanoi solver as a test case.
2022-06-27Filter: Apply constant promotion for FI_EQ / FI_NEQOndrej Zajicek (work)
Equality comparison is defined on all values, even of different types, but we still want to do constant promotion if possible.
2022-06-27Filter: Add literal for empty setAlexander Zubkov
Add literal for empty set [], which works both for tree-based sets and prefix sets by using existing constant promotion mechanism. Minor changes by committer.
2022-06-27Nest: Cleanups in as_path_filter()Ondrej Zajicek (work)
Use struct f_val as a common argument for as_path_filter(), as suggested by Alexander Zubkov. That allows to use NULL sets as valid arguments.
2022-06-27Filter: Ensure that all expressions declared return typeOndrej Zajicek (work)
All instructions with a return value (i.e. expressions, ones with non-zero outval, third argument in INST()) should declare their return type. Check that automatically by M4 macros. Set outval of FI_RETURN to 0. The instruction adds one value to stack, but syntactically it is a statement, not an expression. Add fake return type declaration to FI_CALL, otherwise the automatic check would fail builds.
2022-06-27Filter: Improve description of type systemOndrej Zajicek (work)
2022-06-27Filter: Implement type checks for function callsOndrej Zajicek (work)
Keep list of function parameters in f_line and use it to verify types of arguments for function calls. Only static type checks are implemented.
2022-06-27Filter: Clean up function call instructionOndrej Zajicek (work)
Pass instructions of function call arguments as vararg arguments to FI_CALL instruction constructor and move necessary magic from parser code to interpreter / instruction code.
2022-06-27Preexport callback now takes the channel instead of protocol as argumentMaria Matejka
Passing protocol to preexport was in fact a historical relic from the old times when channels weren't a thing. Refactoring that to match current extensibility needs.
2022-06-16NEWS and version updatev2.0.102.0.10Ondrej Zajicek
2022-06-07IPv4 flowspec literals should reject IPv6 prefices in a well-behaved wayMaria Matejka
When writing flow4 { dst 2001:db8::dead:beef/128; }, BIRD crashed on an not-well-debuggable segfault as it tried to copy the whole 128-bit prefix into an IPv4-sized memory.
2022-06-05Babel: Do not try to remove multicast seqno request objects from neighbour listOndrej Zajicek
The Babel seqno request code keeps track of which seqno requests are outstanding for a neighbour by putting them onto a per-neighbour list. When reusing a seqno request, it will try to remove this node, but if the seqno request in question was a multicast request with no neighbour attached this will result in a crash because it tries to remove a list node that wasn't added to any list. Fix this by making the list remove conditional. Also fix neighbor removal which were changing seqno requests to multicast ones instead of removing them. Fixes: ebd5751cdeb4 ("Babel: Seqno requests are properly decoupled from neighbors when the underlying interface disappears"). Based on the patch from Toke Høiland-Jørgensen <toke@toke.dk>, bug reported by Stefan Haller <stefan.haller@stha.de>, thanks.
2022-06-04IO: Improve resolution of latency debugging messagesOndrej Zajicek
2022-06-04Nest: Improve GC strategy for rtablesOndrej Zajicek
Use timer (configurable as 'gc period') to schedule routing table GC/pruning to ensure that prune is done on time but not too often. Randomize GC timers to avoid concentration of GC events from different tables in one loop cycle. Fix a bug that caused minimum inter-GC interval be 5 us instead of 5 s. Make default 'gc period' adaptive based on number of routing tables, from 10 s for small setups to 600 s for large ones. In marge multi-table RS setup, the patch improved time of flushing a downed peer from 20-30 min to <2 min and removed 40s latencies.
2022-05-30Merge remote-tracking branch 'origin/master' into haugesund-to-2.0Maria Matejka
2022-05-30Merge commit '9eec503b251c3388579032b300d32640403d8612' into haugesund-to-2.0Maria Matejka
2022-05-30Merge commit '692055e3df6cc9f0d428d3b0dd8cdd8e825eb6f4' into haugesund-to-2.0Maria Matejka
2022-05-27CI: Remove broken FreeBSD buildsOndrej Zajicek
We currently do not have FreeBSD CI workers.
2022-05-21BGP: Display neighbor port on show protocolOndrej Zajicek
2022-05-21RPKI: Display cache server port on show protocolOndrej Zajicek
Thanks to Luiz Amaral for the idea.
2022-05-19RPKI: Implement VRF supportLuiz Amaral
2022-05-15BGP: Improve tx performance during feed/flushOndrej Zajicek
The prefix hash table in BGP used the same hash function as the rtable. When a batch of routes are exported during feed/flush to the BGP, they all have similar hash values, so they are all crowded in a few slots in the BGP prefix table (which is much smaller - around the size of the batch - and uses higher bits from hash values), making it much slower due to excessive collisions. Use a different hash function to avoid this. Also, increase the batch size to fill 4k BGP packets and increase minimum BGP bucket and prefix hash sizes to avoid back and forth resizing during flushes. This leads to order of magnitude faster flushes (on my test data).
2022-05-04Fixed spurious undef of route attributesAlexander Zubkov
2022-04-22Doc: fix mating -> matching in flowspec sectionVincent Bernat
2022-04-22Babel: Fix compilation when LOCAL_DEBUG is set in packets.cToke Høiland-Jørgensen
The debug output was not updated with the rest of the code, so packets.c fails to compile if LOCAL_DEBUG is set.