summaryrefslogtreecommitdiff
path: root/doc
AgeCommit message (Collapse)Author
2022-03-09Merge commit 'e42eedb9' into haugesundMaria Matejka
2022-02-20Small changes related to the new releaseOndrej Filip
2022-02-06Merge branch 'oz-trie-table'Ondrej Zajicek (work)
2022-02-06Doc: Describe routing table optionsOndrej Zajicek (work)
2022-02-06BGP: Implement flowspec validation procedureOndrej Zajicek (work)
Implement flowspec validation procedure as described in RFC 8955 sec. 6 and RFC 9117. The Validation procedure enforces that only routers in the forwarding path for a network can originate flowspec rules for that network. The patch adds new mechanism for tracking inter-table dependencies, which is necessary as the flowspec validation depends on IP routes, and flowspec rules must be revalidated when best IP routes change. The validation procedure is disabled by default and requires that relevant IP table uses trie, as it uses interval queries for subnets.
2022-01-17Netlink: Add option to specify netlink socket receive buffer sizeOndrej Zajicek (work)
Add option 'netlink rx buffer' to specify netlink socket receive buffer size. Uses SO_RCVBUFFORCE, so it can override rmem_max limit. Thanks to Trisha Biswas and Michal for the original patches.
2022-01-09BGP: Add option 'free bind'Ondrej Zajicek (work)
The BGP 'free bind' option applies the IP_FREEBIND/IPV6_FREEBIND socket option for the BGP listening socket. Thanks to Alexander Zubkov for the idea.
2021-12-28Doc: Document min/max operators for listsAlexander Zubkov
2021-12-28Doc: Document community components access operatorsAlexander Zubkov
2021-12-18Doc: bgp: remove "advertise ipv4"Simon Ruderich
The option was removed in d15b0b0a ("BGP redesign", 2016-12-07) but the documentation wasn't updated.
2021-10-13Dropping the RTS_DUMMY temporary route storage.Maria Matejka
Kernel route sync is done by other ways now and this code is not used currently.
2021-10-13Multipage allocationMaria Matejka
We can also quite simply allocate bigger blocks. Anyway, we need these blocks to be aligned to their size which needs one mmap() two times bigger and then two munmap()s returning the unaligned parts. The user can specify -B <N> on startup when <N> is the exponent of 2, setting the block size to 2^N. On most systems, N is 12, anyway if you know that your configuration is going to eat gigabytes of RAM, you are almost forced to raise your block size as you may easily get into memory fragmentation issues or you have to raise your maximum mapping count, e.g. "sysctl vm.max_map_count=(number)".
2021-06-09Nest: Allow both 'password' and 'key' keywords for authentication keysOndrej Zajicek (work)
2021-06-06Babel: Add MAC authentication support - updateOndrej Zajicek (work)
Some cleanups and bugfixes to the previous patch, including: - Fix rate limiting in index mismatch check - Fix missing BABEL_AUTH_INDEX_LEN in auth_tx_overhead computation - Fix missing auth_tx_overhead recalculation during reconfiguration - Fix pseudoheader construction in babel_auth_sign() (sport vs fport) - Fix typecasts for ptrdiffs in log messages - Make auth log messages similar to corresponding RIP/OSPF ones - Change auth log messages for events that happen during regular operation to debug messages - Switch meaning of babel_auth_check*() functions for consistency with corresponding RIP/OSPF ones - Remove requirement for min/max key length, only those required by given MAC code are enforced
2021-06-06Babel: Add MAC authentication supportToke Høiland-Jørgensen
This implements support for MAC authentication in the Babel protocol, as specified by RFC 8967. The implementation seeks to follow the RFC as close as possible, with the only deliberate deviation being the addition of support for all the HMAC algorithms already supported by Bird, as well as the Blake2b variant of the Blake algorithm. For description of applicability, assumptions and security properties, see RFC 8967 sections 1.1 and 1.2.
2021-06-06Nest: Allow specifying security keys as hex bytes as well as stringsToke Høiland-Jørgensen
Add support for specifying a password in hexadecimal format, The result is the same whether a password is specified as a quoted string or a hex-encoded byte string, this just makes it more convenient to input high-entropy byte strings as MAC keys.
2021-06-06Lib: Add Blake2s and Blake2b hash functionsToke Høiland-Jørgensen
The Babel MAC authentication RFC recommends implementing Blake2s as one of the supported algorithms. In order to achieve do this, add the blake2b and blake2s hash functions for MAC authentication. The hashing function implementations are the reference implementations from blake2.net. The Blake2 algorithms allow specifying an arbitrary output size, and the Babel MAC spec says to implement Blake2s with 128-bit output. To satisfy this, we add two different variants of each of the algorithms, one using the default size (256 bits for Blake2s, 512 bits for Blake2b), and one using half the default output size. Update to BIRD coding style done by committer.
2021-05-18Flowspec: Documentation updateOndrej Zajicek (work)
2021-05-18Flowspec: Do not use comma for bitmask operatorsOndrej Zajicek (work)
For numeric operators, comma is used for disjunction in expressions like "10, 20, 30..40". But for bitmask operators, comma is used for conjunction in a way that does not really make much sense. Use always explicit logical operators (&& and ||) to connect bitmask operators. Thanks to Matt Corallo for the bugreport.
2021-05-17Filter: Add MPLS label route attributeTrisha Biswas
Add support to set or read outgoing MPLS labels using filters. Currently this supports the addition of one label per route for the first next hop. Minor changes by committer.
2021-04-25Doc: Include full LinuxDocTools codeOndrej Zajicek (work)
BIRD uses hacked LinuxDocTools for building documentation, keeping some parts locally and using remaining parts from system-installed one. This setup breaks when LinuxDocTools makes some internal changes and is hard to keep consistent. Just include full LinuxDocTools code (both hacked and unmodified parts) to avoid consistency issues. Note that we still need some binaries from LinuxDocTools, so it still needs to be installed to build documentation.
2021-04-03Doc: Fix flowspec exampleOndrej Zajicek (work)
Thanks to Matt Corallo for the bugreport.
2021-03-15Doc: Document automatic RPKI reloadOndrej Zajicek (work)
2021-03-15Doc: Document channel debug optionsOndrej Zajicek (work)
2021-02-10BGP: Add support for BGP hostname capabilityVincent Bernat
This is an implementation of draft-walton-bgp-hostname-capability-02. It is implemented since quite some time for FRR and in datacenter, this gives a nice output to avoid using IP addresses. It is disabled by default. The hostname is retrieved from uname(2) and can be overriden with "hostname" option. The domain name is never set nor displayed. Minor changes by committer.
2021-01-07Doc: Describe per-nexthop static route optionsOndrej Zajicek (work)
Also remove description of (no longer supported) per-route 'bfd' option, and add examples of IPv6 routes with link-local nexthops.
2021-01-06BGP: Deprecate 'missing lladdr' optionOndrej Zajicek (work)
The option is not implemented since transition to 2.0 and no plan to add it. Also remove some deprecated RTS_* valus from documentation. Thanks to Sébastien Parisot for notification.
2020-12-02Filter: Add 'weight' route attributeOndrej Zajicek (work)
Add 'weight' route attribute that allows to get and set ECMP weight of nexthops. Similar to 'gw' attribute, it is limited to the first nexthop, but it is useful for handling BGP multipath, where an ECMP route is merged from multiple regular routes.
2020-11-19Static: Support for multiple routes with the same networkOndrej Zajicek (work)
Add support for proper handling of multiple routes with the same network to the static protocol. Routes are distinguished by internal index, which is assigned automatically (sequentially for routes within each network). Having different route preference or igp_metric attribute is optional.
2020-11-18Doc: Added example of static routes with BGP large communitiesNigel Kukard
2020-11-15Doc: Fix typoOndrej Zajicek (work)
Thanks to Hexhu for the bugreport.
2020-11-12BFD: Update documentation about per-session optionsOndrej Zajicek (work)
2020-10-11RPKI: Add 'ignore max length' optionOndrej Zajicek (work)
Add 'ignore max length' option to RPKI protocol, which ignores received max length in ROA records and instead uses max value (32 or 128). This may be useful for implementing loose RPKI check for blackholes.
2020-10-05Doc: Fix missing semicolonsOndrej Zajicek (work)
Thanks to Marco Gartmann for the bugreport.
2020-10-05Doc: Fix typoOndrej Zajicek (work)
Thanks to Sergey Kulikov for the bugreport.
2020-06-03Doc: Add 'ptp address' to OSPF doc overviewKenth Eriksson
2020-05-26OSPF: Fix handling of unnumbered PtPsOndrej Zajicek (work)
This issue has a long history. In 2012, we changed data field for unnumbered PtP links from iface id (specified by RFC) to IP address based on reports of bugs in Quagga that required it, and we used out-of-band information to distinquish unnumberred PtPs with the same local IP address. Then with OSPF graceful restart implementation, we found that we can no longer use out-of-band information, and we need to use only LSAdb info for routing table calculation, but i forgot to finish handling of this case, so multiple unnumbered PtPs with the same local IP addresses were broken. Considering that even recent Mikrotik RouterOS has broken next hop calculation that depends on IP address in PtP link data field, we cannot just switch back to the iface id for unnumbered PtP links. The patch makes two changes: First, it goes back to use out-of-band (position) info for distinguishing local interfaces in SPF when graceful restart is not enabled, while still uses LSAdb-only approach for SPF calculation when graceful restart is enabled. Second, it adds OSPF interface option 'ptp address', which controls whether IP address or iface id is used in data field. It is enabled by default except for unnumbered PtP links with enabled graceful restart. Thanks to Kenth Eriksson for the bugreport and Joakim Tjernlund for suggestions.
2020-05-19Nest: Allow key id 0Ondrej Zajicek (work)
There is nothing in RFCs specifying that id 0 is not allowed. Some implementations does not support it, while some other use key id 0 by default. We allow it but start with key id 1 by default. Thanks to Kenth Eriksson for the bugreport.
2020-05-19RIP: Triggered RIP (demand circuit) documentationOndrej Zajicek (work)
2020-05-18Nest: Implement BGP path mask loop operatorOndrej Zajicek (work)
Implement regex-like '+' operator in BGP path masks to match previous path mask item multiple times. This is useful as ASNs may appear multiple times in paths due to path prepending for traffic engineering purposes.
2020-05-02Filter: Remove quitbird commandOndrej Zajicek (work)
No need for this debug filter command and it can be abused from CLI.
2020-04-08Doc: Update prefix set commentOndrej Zajicek (work)
2020-01-28BFD: Option to specify which class of BFD sessions are acceptedOndrej Zajicek (work)
Allows to configure IPv4/IPv6-only or direct/multihop-only BFD protocol instances.
2019-12-16Doc: Fix documentation of BGP gateway optionOndrej Zajicek (work)
Thanks to Nico Schottelius for the bugreport.
2019-12-09Filter: Add support for src/dst accessors for Flowspec and SADROndrej Zajicek (work)
2019-11-10BGP: Add option to enforce first AS in AS_PATHOndrej Zajicek (work)
This is optional check described in RFC 4271. Although this can be also done by filters, it is widely implemented option in BGP implementations. Thanks to Eugene Bogomazov for the original patch.
2019-11-05Doc: Minor fixOndrej Zajicek (work)
2019-11-05Doc: Add documentation for BGP option 'allow as sets'Ondrej Zajicek (work)
2019-10-26BGP: RFC 8654 got releasedOndrej Zajicek (work)
2019-10-10Doc: Minor documentation fixesOndrej Zajicek (work)
Thanks to Christoph for the bugreport.