| Age | Commit message (Collapse) | Author |
|---|
|
Filter: TLV
Filter: support multiple TLVs
Filter: clean unused build_tunnel_encap and calc_tunnel_encap
Filter: replace te_format_tlvlist using format visitor
Filter: add af to ep subtlv
Filter: define tlvlist_calc_tunnel_encap_new and tlvlist_decode_tunnel_encap
Filter: use tlvlist_calc_tunnel_encap_new
Filter: add visit_tlv_end and visit_subtlv_end
Filter: use visitor in EA_SET
Filter: use vistor in EA_SET
Filter: add tlvlist_same fixes configure free peer
Generalize tunnel encapsulation
Add struct tunnel_encap
Improve format function
Add tunnel type names
Add cloud security tunnel type
Update tunnel types
Add addess family
Replace log with DBG
Add format callback
Add wireguard peer key to tunnel encap format
Move wireguard formatting from tunnel_encaps library
Change from eattr to adata in decode and format
Support multiple TLVs
Use visitor pattern
Use visitor in wireguard
Remove decode_tunnel_encap
Replace te_format_tlvlist using format visitor
Remove unused structs
Use AFI_IPV4+6
Add visit_tlv_end and visit_subtlv_end
Remove debug
Fix format encap + ep
Register encap name
Filter: Simplify TLV
Remove some reserved keywords: TUNNEL_ENCAP, TUNNEL_ENDPOINT,
UDP_DEST_PORT, and COLOR
Support unknown sub-TLV.
Filter: Clean up
Clean up unused functions and structs.
Filter: replace asn with reserved in ep.
Filter: Remove unused T_TLV
Filter: Clean up commented code
Filter: Remove unused empty set
Filter: Refactor encoder
Filter: Refactor tlvlist
Filter: Implement unknown cmp
Filter: Simplify encoding
Filter: Add EA_GET
Filter: Fix indent
|
|
Implement byte string literals on the format b"xxx" and b64"xxx" which can be used as literals
and in constants.
The format b"xxx" supports character data and octal and
hexadecimal data using C escapes (\n, \nn, \nnn, \xn and \xnn).
The format b64"xxx" supports base64 encoded strings (RFC1341).
|
|
Support abstract socket in sk_unix_connect
Implement SK_UNIX_ACTIVE
|
|
|
|
Add min/max key length fields to the MAC algorithm description and
validate configured keys before they are used.
|
|
Add support for specifying a password in hexadecimal format, The result
is the same whether a password is specified as a quoted string or a
hex-encoded byte string, this just makes it more convenient to input
high-entropy byte strings as MAC keys.
|
|
Import the blake2-kat.h header with test vector output from the blake
reference implementation, and add tests to mac_test.c to compare the
output of the Bird MAC algorithm implementations with that reference
output.
Since the reference implementation only has test vectors for the full
output size, there are no tests for the smaller-sized output variants.
|
|
The Babel MAC authentication RFC recommends implementing Blake2s as one of
the supported algorithms. In order to achieve do this, add the blake2b and
blake2s hash functions for MAC authentication. The hashing function
implementations are the reference implementations from blake2.net.
The Blake2 algorithms allow specifying an arbitrary output size, and the
Babel MAC spec says to implement Blake2s with 128-bit output. To satisfy
this, we add two different variants of each of the algorithms, one using
the default size (256 bits for Blake2s, 512 bits for Blake2b), and one
using half the default output size.
Update to BIRD coding style done by committer.
|
|
Simplify the code and fix an issue with getentropy() return value.
|
|
Add a wrapper function in sysdep to get random bytes, and required checks
in configure.ac to select how to do it. The configure script tries, in
order, getrandom(), getentropy() and reading from /dev/urandom.
|
|
underlying interface disappears
When an interface disappears, all the neighbors are freed as well. Seqno
requests were anyway not decoupled from them, leading to strange
segfaults. This fix adds a proper seqno request list inside neighbors to
make sure that no pointer to neighbor is kept after free.
|
|
|
|
|
|
For numeric operators, comma is used for disjunction in expressions like
"10, 20, 30..40". But for bitmask operators, comma is used for
conjunction in a way that does not really make much sense. Use always
explicit logical operators (&& and ||) to connect bitmask operators.
Thanks to Matt Corallo for the bugreport.
|
|
Add support to set or read outgoing MPLS labels using filters. Currently
this supports the addition of one label per route for the first next hop.
Minor changes by committer.
|
|
RFC 8955 is pretty clear that 000 is false and 111 is true.
|
|
Implement function flow_explicate_part() to convert flowspec numeric
expressions to a simple list of (disjoint, sorted) intervals. That could
be used in filters to build f_tree-based int-sets from them.
|
|
The code in tm_format_real_time() mixed up two buffers and their
sizes, which may cause crash in MRT dumping code.
Thanks to Piotr Wydrych for the bugreport.
|
|
|
|
From now, there are no auxiliary pointers stored in the free slab nodes.
This led to strange debugging problems if use-after-free happened in
slab-allocated structures, especially if the structure's first member is
a next pointer.
This also reduces the memory needed by 1 pointer per allocated object.
OTOH, we now rely on pages being aligned to their size's multiple, which
is quite common anyway.
|
|
In general, events are code handling some some condition, which is
scheduled when such condition happened and executed independently from
I/O loop. Work-events are a subgroup of events that are scheduled
repeatedly until some (often significant) work is done (e.g. feeding
routes to protocol). All scheduled events are executed during each
I/O loop iteration.
Separate work-events from regular events to a separate queue and
rate limit their execution to a fixed number per I/O loop iteration.
That should prevent excess latency when many work-events are
scheduled at one time (e.g. simultaneous reload of many BGP sessions).
|
|
Add macros for recursive filter iteration that allows to examine
all instructions reachable from a filter.
|
|
The babel protocol code was initialising objects returned from the slab
allocator by assigning to each of the struct members individually, but
wasn't touching the NODE member while doing so. This leads to warnings on
debug builds since commit:
baac7009063d ("List expensive check.")
To fix this, introduce an sl_allocz() variant of the slab allocator which
will zero out the memory before returning it, and switch all the babel call
sites to use this version. The overhead for doing this should be negligible
for small objects, and in the case of babel, the largest object being
allocated was being zeroed anyway, so we can drop the memset in
babel_read_tlv().
|
|
|
|
|
|
that function.
|
|
|
|
|
|
|
|
Intended to be run at every operation with complex data structures
to check their consistency and validity.
|
|
|
|
|
|
|
|
|
|
This is merely a const propagation. There was no problem in there.
|
|
To be honest, it was wrong in concept, anyway it accidentally worked.
|
|
Missing dst no longer generates error.
|
|
The RFC 5575 does not explicitly reject flowspec rules without dst part,
it just requires dst part in validation procedure for feasibility, which
we do not implement anyway. Thus flow without dst prefix is syntactically
valid, but unfeasible (if feasibilty testing is done).
Thanks to Alex D. for the bugreport.
|
|
When dynamic BGP with remote range is configured, MD5SIG needs to use
newer socket option (TCP_MD5SIG_EXT) to specify remote addres range for
listening socket.
Thanks to Adam Kułagowski for the suggestion.
|
|
|
|
Use a hierarchical bitmap in a routing table to assign ids to routes, and
then use bitmaps (indexed by route id) in channels to keep track whether
routes were exported. This avoids unreliable and inefficient re-evaluation
of filters for old routes in order to determine whether they were exported.
|
|
Basic bitmap is obvious. Hierarchical bitmap is structure of several
bitmaps, where higher levels are conjunctions of intervals on level
below, allowing for efficient lookup of first unset bit.
|
|
During NLRI parsing of IPv6 Flowspec, dst prefix was not properly
extracted from NLRI, therefore a received flow was stored in a different
position in flowspec routing table, and was not reachable by command
'show route <flow>'.
Add proper prefix part accessors to flowspec code and use them from BGP
NLRI parsing code.
Thanks to Alex D. for the bugreport.
|
|
We already had them defined on BGP level, but they are more general.
|
|
Use 'l' for s64/u64 instead of for long/ulong, as that is much more
useful. Also make number() correct with regard to signed/unsigned
typecasts.
|
|
Instead of having large stack buffer for max amount of AFI/SAFI pairs.
The old code is not correct w.r.t. extendeded option length, as more
AFI/SAFI pairs may fit into the capability option.
|
|
Extends BGP options/capabilities data length to 16bit, to avoid issues
with too many capabilities. See draft-ietf-idr-ext-opt-param-07
|
|
Add option to send solicited router advertisements as unicast directly
to soliciting nodes instead of as multicast to all-nodes group.
|
|
|
|
|
