summaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2021-06-06Nest: Allow MAC algorithms to specify min/max key lengthToke Høiland-Jørgensen
Add min/max key length fields to the MAC algorithm description and validate configured keys before they are used.
2021-06-06Nest: Allow specifying security keys as hex bytes as well as stringsToke Høiland-Jørgensen
Add support for specifying a password in hexadecimal format, The result is the same whether a password is specified as a quoted string or a hex-encoded byte string, this just makes it more convenient to input high-entropy byte strings as MAC keys.
2021-06-06Lib: Add tests for blake2s and blake2bToke Høiland-Jørgensen
Import the blake2-kat.h header with test vector output from the blake reference implementation, and add tests to mac_test.c to compare the output of the Bird MAC algorithm implementations with that reference output. Since the reference implementation only has test vectors for the full output size, there are no tests for the smaller-sized output variants.
2021-06-06Lib: Add Blake2s and Blake2b hash functionsToke Høiland-Jørgensen
The Babel MAC authentication RFC recommends implementing Blake2s as one of the supported algorithms. In order to achieve do this, add the blake2b and blake2s hash functions for MAC authentication. The hashing function implementations are the reference implementations from blake2.net. The Blake2 algorithms allow specifying an arbitrary output size, and the Babel MAC spec says to implement Blake2s with 128-bit output. To satisfy this, we add two different variants of each of the algorithms, one using the default size (256 bits for Blake2s, 512 bits for Blake2b), and one using half the default output size. Update to BIRD coding style done by committer.
2021-06-06sysdep: Add wrapper to get random bytes - updateOndrej Zajicek (work)
Simplify the code and fix an issue with getentropy() return value.
2021-06-06sysdep: Add wrapper to get random bytesToke Høiland-Jørgensen
Add a wrapper function in sysdep to get random bytes, and required checks in configure.ac to select how to do it. The configure script tries, in order, getrandom(), getentropy() and reading from /dev/urandom.
2021-05-30Babel: Seqno requests are properly decoupled from neighbors when the ↵Maria Matejka
underlying interface disappears When an interface disappears, all the neighbors are freed as well. Seqno requests were anyway not decoupled from them, leading to strange segfaults. This fix adds a proper seqno request list inside neighbors to make sure that no pointer to neighbor is kept after free.
2021-05-18Flowspec: Documentation updateOndrej Zajicek (work)
2021-05-18Flowspec: Label field should use numeric operator and not bitmask operatorOndrej Zajicek (work)
2021-05-18Flowspec: Do not use comma for bitmask operatorsOndrej Zajicek (work)
For numeric operators, comma is used for disjunction in expressions like "10, 20, 30..40". But for bitmask operators, comma is used for conjunction in a way that does not really make much sense. Use always explicit logical operators (&& and ||) to connect bitmask operators. Thanks to Matt Corallo for the bugreport.
2021-05-17Filter: Add MPLS label route attributeTrisha Biswas
Add support to set or read outgoing MPLS labels using filters. Currently this supports the addition of one label per route for the first next hop. Minor changes by committer.
2021-05-14Flowspec: Fix values for true/false operatorsOndrej Zajicek (work)
RFC 8955 is pretty clear that 000 is false and 111 is true.
2021-05-14Flowspec: Add code for conversion of flowspec parts to interval listsOndrej Zajicek (work)
Implement function flow_explicate_part() to convert flowspec numeric expressions to a simple list of (disjoint, sorted) intervals. That could be used in filters to build f_tree-based int-sets from them.
2021-04-12Lib: Fix handling of buffers in timestamp formattingOndrej Zajicek (work)
The code in tm_format_real_time() mixed up two buffers and their sizes, which may cause crash in MRT dumping code. Thanks to Piotr Wydrych for the bugreport.
2021-03-30Resources: added mb_move() to complement rmove() for memory blocksMaria Matejka
2021-03-25Slab: head now uses bitmask for used/free nodes info instead of listsMaria Matejka
From now, there are no auxiliary pointers stored in the free slab nodes. This led to strange debugging problems if use-after-free happened in slab-allocated structures, especially if the structure's first member is a next pointer. This also reduces the memory needed by 1 pointer per allocated object. OTOH, we now rely on pages being aligned to their size's multiple, which is quite common anyway.
2021-03-12Rate-limit scheduling of work-eventsOndrej Zajicek (work)
In general, events are code handling some some condition, which is scheduled when such condition happened and executed independently from I/O loop. Work-events are a subgroup of events that are scheduled repeatedly until some (often significant) work is done (e.g. feeding routes to protocol). All scheduled events are executed during each I/O loop iteration. Separate work-events from regular events to a separate queue and rate limit their execution to a fixed number per I/O loop iteration. That should prevent excess latency when many work-events are scheduled at one time (e.g. simultaneous reload of many BGP sessions).
2021-02-07Filter: Recursive filter iteration codeOndrej Zajicek (work)
Add macros for recursive filter iteration that allows to examine all instructions reachable from a filter.
2020-11-24lib/slab: introduce sl_allocz() function and use it in BabelToke Høiland-Jørgensen
The babel protocol code was initialising objects returned from the slab allocator by assigning to each of the struct members individually, but wasn't touching the NODE member while doing so. This leads to warnings on debug builds since commit: baac7009063d ("List expensive check.") To fix this, introduce an sl_allocz() variant of the slab allocator which will zero out the memory before returning it, and switch all the babel call sites to use this version. The overhead for doing this should be negligible for small objects, and in the case of babel, the largest object being allocated was being zeroed anyway, so we can drop the memset in babel_read_tlv().
2020-05-01Slab: Init node in slab head to NULLs.Maria Matejka
2020-05-01Timer: Adding missing initializer.Maria Matejka
2020-05-01Lists: Replaced replace_node() by update_node() which is the only use of ↵Maria Matejka
that function.
2020-05-01Lists: fix a stupid sanitizer bugMaria Matejka
2020-05-01Uninitialized list nodes fixesMaria Matejka
2020-05-01List expensive check.Maria Matejka
2020-05-01Expensive check declarationMaria Matejka
Intended to be run at every operation with complex data structures to check their consistency and validity.
2020-05-01IPv6 address parser: fail on incomplete addressesMaria Matejka
2020-05-01Non-null function argument declarationMaria Matejka
2020-04-28More assertion categoriesMaria Matejka
2020-04-28Not calling memcpy with n=0.Maria Matejka
2020-04-09Configuration strings are constant.Maria Matejka
This is merely a const propagation. There was no problem in there.
2020-04-05Fletcher16 test fixed to work at bigendian architectures.Maria Matejka
To be honest, it was wrong in concept, anyway it accidentally worked.
2020-03-03Flowspec: Fix testsOndrej Zajicek (work)
Missing dst no longer generates error.
2020-03-03BGP: Handle flowspec rules without dst partOndrej Zajicek (work)
The RFC 5575 does not explicitly reject flowspec rules without dst part, it just requires dst part in validation procedure for feasibility, which we do not implement anyway. Thus flow without dst prefix is syntactically valid, but unfeasible (if feasibilty testing is done). Thanks to Alex D. for the bugreport.
2020-02-27BGP: Support for MD5SIG together with remote rangeOndrej Zajicek (work)
When dynamic BGP with remote range is configured, MD5SIG needs to use newer socket option (TCP_MD5SIG_EXT) to specify remote addres range for listening socket. Thanks to Adam Kułagowski for the suggestion.
2019-12-09Filter: Add support for src/dst accessors for Flowspec and SADROndrej Zajicek (work)
2019-11-26Nest: Use bitmaps to keep track of exported routesOndrej Zajicek (work)
Use a hierarchical bitmap in a routing table to assign ids to routes, and then use bitmaps (indexed by route id) in channels to keep track whether routes were exported. This avoids unreliable and inefficient re-evaluation of filters for old routes in order to determine whether they were exported.
2019-11-26Lib: Basic and hierarchical bitmapsOndrej Zajicek (work)
Basic bitmap is obvious. Hierarchical bitmap is structure of several bitmaps, where higher levels are conjunctions of intervals on level below, allowing for efficient lookup of first unset bit.
2019-11-18BGP: Fix processing of IPv6 FlowspecOndrej Zajicek (work)
During NLRI parsing of IPv6 Flowspec, dst prefix was not properly extracted from NLRI, therefore a received flow was stored in a different position in flowspec routing table, and was not reachable by command 'show route <flow>'. Add proper prefix part accessors to flowspec code and use them from BGP NLRI parsing code. Thanks to Alex D. for the bugreport.
2019-11-03Support for address family constantsOndrej Zajicek (work)
We already had them defined on BGP level, but they are more general.
2019-10-09Lib: Support for 64-bit numbers in bvsnprintf()Ondrej Zajicek (work)
Use 'l' for s64/u64 instead of for long/ulong, as that is much more useful. Also make number() correct with regard to signed/unsigned typecasts.
2019-08-21BGP: Use reallocation for capability structureOndrej Zajicek (work)
Instead of having large stack buffer for max amount of AFI/SAFI pairs. The old code is not correct w.r.t. extendeded option length, as more AFI/SAFI pairs may fit into the capability option.
2019-08-20BGP: Implement extended optional parameters lengthOndrej Zajicek (work)
Extends BGP options/capabilities data length to 16bit, to avoid issues with too many capabilities. See draft-ietf-idr-ext-opt-param-07
2019-08-12RAdv: Allow solicited RAs to be sent as unicastOndrej Zajicek (work)
Add option to send solicited router advertisements as unicast directly to soliciting nodes instead of as multicast to all-nodes group.
2019-07-24Merge remote-tracking branch 'origin/mq-filter-stack'Ondrej Zajicek (work)
2019-07-23RPKI: Fix reconfiguration when ssh parameters are undefinedOndrej Zajicek (work)
2019-07-18Lib: Improve printf() testsOndrej Zajicek (work)
Includes patch from Maximilian Eschenbacher
2019-07-18Lib: Fix print of 64-bit router idOndrej Zajicek (work)
Mismatched types to printf(). The old code coincidentally worked on amd64 due to its calling conventions. Thanks to Maximilian Eschenbacher for the bugreport.
2019-07-15Filter: Simpler filter context allocationMaria Matejka
2019-07-08Libdmalloc macros fixedMaria Matejka