Age | Commit message (Collapse) | Author |
|
To comply with RFC 8212 requirements.
|
|
Multiple definitions of same channels are forbidden, but inherited
channel can be redefined. In such case channel options are merged.
|
|
The same is already done for clists. Also fixes defined() to work
properly for paths and clists.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Also fix several minor bugs and add 'limit' option for k-out-of-j
link sensing strategy. Change default from 8-of-16 to 12-of-16.
Change IHU expiry factor from 1.5 to 3.5 (as in RFC 6126).
|
|
Date/time output (e.g. in logs, show commands) can use %f to specify
subsecond time. By default, millisecond precision is used in output.
|
|
|
|
|
|
|
|
Thanks to Alexander Zubkov for the notification.
|
|
Add basic VRF (virtual routing and forwarding) support. Protocols can be
associated with VRFs, such protocols will be restricted to interfaces
assigned to the VRF (as reported by Linux kernel) and will use sockets
bound to the VRF. E.g., different multihop BGP instances can use diffent
kernel routing tables to handle BGP TCP connections.
The VRF support is preliminary, currently there are several limitations:
- Recent Linux kernels (4.11) do not handle correctly sockets bound
to interaces that are part of VRF, so most protocols other than multihop
BGP do not work. This will be fixed by future kernel versions.
- Neighbor cache ignores VRFs. Breaks config with the same prefix on
local interfaces in different VRFs. Not much problem as single hop
protocols do not work anyways.
- Olock code ignores VRFs. Breaks config with multiple BGP peers with the
same IP address in different VRFs.
- Incoming BGP connections are not dispatched according to VRFs.
Breaks config with multiple BGP peers with the same IP address in
different VRFs. Perhaps we would need some kernel API to read VRF of
incoming connection? Or probably use multiple listening sockets in
int-new branch.
- We should handle master VRF interface up/down events and perhaps
disable associated protocols when VRF goes down. Or at least disable
associated interfaces.
- Also we should check if the master iface is really VRF iface and
not some other kind of master iface.
- BFD session request dispatch should be aware of VRFs.
- Perhaps kernel protocol should read default kernel table ID from VRF
iface so it is not necessary to configure it.
- Perhaps we should have per-VRF default table.
|
|
|
|
|
|
This updates the documentation for the Babel protocol to mention the fact
that it now supports dual-stack operation, and adds documentation for the
new next hop options.
Thanks to Toke Høiland-Jørgensen <toke@toke.dk> for the patch.
|
|
|
|
|
|
Some code cleanup, multiple bugfixes, allows to specify also channel
for 'show route export'. Interesting how such apparenty simple thing
like show route cmd has plenty of ugly corner cases.
|
|
|
|
This avoids collisions with non-BIRD routes in kernel tables.
|
|
|
|
|
|
|
|
BTW, 'prefices' is hypercorrection, as 'prefix' is from 'praefixum' with
plural 'praefixa'.
|
|
This may be useful if multple interfaces share the same network range.
Thanks to Fritz Grimpen for the original patch.
|
|
|
|
|
|
Adds option 'allow bgp_local_pref' to override the usual restriction of
LOCAL_PREF on eBGP sessions.
Thanks to Lennert Buytenhek for the patch.
|
|
|
|
|
|
Thanks to Steve Leung for the bugreport.
|
|
|
|
|
|
|
|
Add flow4/flow6 network and rt-table type and operations, config grammar
and static protocol support.
Squashed flowspec branch from Pavel Tvrdik.
|
|
|
|
The RPKI protocol (RFC 6810) using the RTRLib
(http://rpki.realmv6.org/) that is integrated inside
the BIRD's code.
Implemeted transports are:
- unprotected transport over TCP
- secure transport over SSHv2
Example configuration of bird.conf:
...
roa4 table r4;
roa6 table r6;
protocol rpki {
debug all;
# Import both IPv4 and IPv6 ROAs
roa4 { table r4; };
roa6 { table r6; };
# Set cache server (validator) address,
# overwrite default port 323
remote "rpki-validator.realmv6.org" port 8282;
# Overwrite default time intervals
retry 10; # Default 600 seconds
refresh 60; # Default 3600 seconds
expire 600; # Default 7200 seconds
}
protocol rpki {
debug all;
# Import only IPv4 routes
roa4 { table r4; };
# Set cache server address to localhost,
# use default ports tcp => 323 or ssh => 22
remote 127.0.0.1;
# Use SSH transport instead of unprotected transport over TCP
ssh encryption {
bird private key "/home/birdgeek/.ssh/id_rsa";
remote public key "/home/birdgeek/.ssh/known_hosts";
user "birdgeek";
};
}
...
|
|
- Unit Testing Framework (BirdTest)
- Integration of BirdTest into the BIRD build system
- Tests for several BIRD modules
Based on squashed Pavel Tvrdik's int-test branch, updated for
current int-new branch.
|
|
Implement BFD authentication (part of RFC 5880). Supports plaintext
passwords and cryptographic MD5 / SHA-1 authentication.
Based on former commit from Pavel Tvrdik
|
|
|
|
Thanks to Micah Anderson for bug report and Ondrej Zajicek for the idea!
|
|
|
|
|
|
|