summaryrefslogtreecommitdiff
path: root/nest/config.Y
AgeCommit message (Collapse)Author
2009-04-08Fixes broken cryptographic authentication in OSPFOndrej Zajicek
Cryptographic authentication in OSPF is defective by design - there might be several packets independently sent to the network (for example HELLO, LSUPD and LSACK) where they might be reordered and that causes crypt. sequence number error. That can be workarounded by not incresing sequence number too often. Now we update it only when last packet was sent before at least one second. This can constitute a risk of replay attacks, but RFC supposes something similar (like time in seconds used as CSN).
2008-11-08Fix bugs in OSPF MD5 authentication. First bug is that defaultOndrej Zajicek
values for MD5 password ID changed during reconfigure, Second bug is that BIRD chooses password in first-fit manner, but RFC says that it should use the one with the latest generate-from. It also modifies the syntax for multiple passwords. Now it is possible to just add more 'password' statements to the interface section and it is not needed to use 'passwords' section. Old syntax can be used too.
2005-02-14Small changed to reduce the number of warnings.Ondrej Filip
2004-07-13MD5 authentication in OSPF works. :-)Ondrej Filip
2004-06-26Password management redesigned (untested).Ondrej Filip
2004-06-25A lot of changes:Ondrej Filip
- metric is 3 byte long now - summary lsa originating - more OSPF areas possible - virtual links - better E1/E2 routes handling - some bug fixes.. I have to do: - md5 auth (last mandatory item from rfc2328) - !!!!DEBUG!!!!! (mainly virtual link system has probably a lot of bugs) - 2328 appendig E
2004-06-11RTS_OSPF_BONDARY is nonsense, RTS_OSPF_IA must have smaller id than RTS_OSPF_EXTOndrej Filip
2004-06-07Cleanup in show route import <p>.Ondrej Filip
2002-11-13Added missing semicolons.Martin Mares
2000-06-08Oops! Configuration compiles now.Martin Mares
2000-06-08Use `switch' for `disabled'.Pavel Machek
2000-06-08Updated CLI helps.Martin Mares
2000-05-30Added read-only access to all required fields in rta.Pavel Machek
2000-05-29Tracing of CLI connections/commands can be now controlledMartin Mares
by `debug commands <level>' in the configuration. Level 0 means no tracing, 1 means connections only, 2 includes all commands.
2000-05-16Fixed incorrect error message about router ID syntax.Martin Mares
2000-05-15Cleanup of configuration.Martin Mares
o Use `expr' instead of `NUM' and `ipa' instead of `IPA', so that defined symbols work everywhere. o `define' now accepts both numbers and IP addresses. o Renamed `ipa' in filters to `fipa'. Pavel, please update filters to accept define'd symbols as well.
2000-05-13Added `show route for <prefix-or-ipa>' which looks up route leading toMartin Mares
given network.
2000-05-13Unified parsing of prefixes.Martin Mares
Had to rename `prefix' in filters to `fprefix'.
2000-05-08Implemented `show route count' which is `show route stats' withMartin Mares
exception that it doesn't print the routes themselves.
2000-05-07Implemented `show route <...> stats'.Martin Mares
2000-05-06Added commands `show route protocol <p>' and `show route import <p>' whichMartin Mares
show the routing table as exported to the protocol given resp. as returned from its import control hook. To get handling of filtered extended attributes right (even in the old `show route where <filter>' command), the get_route_info hook gets an attribute list and all protocol specific rte attributes are contained there as temporary ones. Updated RIP to do that. Added ea_append() which joins two ea_list's.
2000-05-04Removed RTS_RIP_EXT.Martin Mares
2000-04-28Split CF_HDR section to CF_HDR (only includes) and CF_DEFINES (defines,Martin Mares
C declarations etc.).
2000-04-01BGP now handles incoming routes (IPv4 only).Martin Mares
2000-03-12Added tracing of interface events.Martin Mares
2000-03-07Added configuration of default protocol debugging flags.Martin Mares
2000-03-07Added protocol debugging flags (protocol.h: D_xxx), parsing of themMartin Mares
in configuration files and commands for manipulating them. Current debug message policy: o D_STATES, D_ROUTES and D_FILTERS are handled in generic code. o Other debug flags should be handled in the protocols and whenever the flag is set, the corresponding messages should be printed using calls to log(L_TRACE, ...), each message prefixed with the name of the protocol instance. These messages should cover the whole normal operation of the protocol and should be useful for an administrator trying to understand what does the protocol behave on his network or who is attempting to diagnose network problems. If your messages don't fit to the categories I've defined, feel free to add your own ones (by adding them to protocol.h and on two places in nest/config.Y), but please try to keep the categories as general as possible (i.e., not tied to your protocol). o Internal debug messages not interesting even to an experienced user should be printed by calling DBG() which is either void or a call to debug() depending on setting of the LOCAL_DEBUG symbol at the top of your source. o Dump functions (proto->dump etc.) should call debug() to print their messages. o If you are doing any internal consistency checks, use ASSERT or bug(). o Nobody shall ever call printf() or any other stdio functions. Also please try to log any protocol errors you encounter and tag them with the appropriate message category (usually L_REMOTE or L_AUTH). Always carefully check contents of any message field you receive and verify all IP addresses you work with (by calling ipa_classify() or by using the neighbour cache if you want to check direct connectedness as well).
2000-03-04Garbage collector events and counters are now per table and one dayMartin Mares
they can be made configurable if it turns out to be useful.
2000-02-17Completion works. Unfortunately, we have to access a couple of internalMartin Mares
symbols of libreadline :-(
2000-01-19Split off general commands to cmds.c.Martin Mares
Added `show symbols' command which dumps whole symbol table together with symbol types etc.
2000-01-17Separated `official protocol names' used in status dumps from name templatesMartin Mares
used for automatic generation of instance names. protocol->name is the official name protocol->template is the name template (usually "name%d"), should be all lowercase. Updated all protocols to define the templates, checked that their configuration grammar includes proto_name which generates the name and interns it in the symbol table.
2000-01-16Reworked proto lists -- each proto is now in two lists: the global oneMartin Mares
(proto_list) and per-type one (original lists). A lot of things simplified. Implemented `disable', `enable' and `restart' CLI commands.
1999-12-06Implemented echoing of log messages to CLI connections. Just try `echo all'.Martin Mares
1999-12-04Don't forget to send an OK reply after dumping debug information.Martin Mares
1999-12-04Added DEBUG commands.Martin Mares
Removed CLI tests, real commands now serve as much better examples.
1999-12-03Renamed SHOW PROTOCOLS VERBOSE to SHOW PROTOCOLS ALL to be consistentMartin Mares
with the other commands.
1999-12-02Implemented `show route where <condition>' command.Martin Mares
Pavel, please check my addition to filter/config.Y.
1999-12-01Added dumping of routing tables (`show route'). This includes filtering.Martin Mares
1999-11-30Use TIME_INFINITY for initialization of password entries insteadMartin Mares
of 2000000000 (BTW who wrote that???)
1999-11-30`show interfaces' and `show protocols' works.Martin Mares
1999-11-25Added few basic commands: show status, show interfaces [summary],Martin Mares
show protocols (incomplete).
1999-11-17Added some temporary examples of how to define CLI commands (search for CF_CLI).Martin Mares
To define a new command, just add a new rule to the gramar: CF_CLI(COMMAND NAME, arguments, help-args, help-text) { what-should-the-command-do } ; where <arguments> are appended to the RHS of the rule, <help-args> is the argument list as shown in the help and <help-text> is description of the command for the help. <what-should-the-command-do> is a C code snippet to be executed. It should not take too much time to execute. If you want to print out a lot of information, you can schedule a routine to be called after the current buffer is flushed by making cli->cont point to the routine (see the TEST LONG command definition for an example); if the connection is closed in the meantime, cli->cleanup gets called. You can access `struct cli' belonging to the connection you're currently servicing as this_cli, but only during parse time, not from routines scheduled for deferred execution. Functions to call inside command handlers: cli_printf(cli, code, printf-args) -- print text to CLI connection, <code> is message code as assigned in doc/reply_codes or a negative one if it's a continuation line. cli_msg(code, printf-args) -- the same for this_cli. Use 'sock -x bird.ctl' for connecting to the CLI until a client is written.
1999-11-15An example of how to define enums.Martin Mares
1999-10-31Parse CLI commands. We use the same parser as for configuration files (becauseMartin Mares
we want to allow filter and similar complex constructs to be used in commands and we should avoid code duplication), only with CLI_MARKER token prepended before the whole input. Defined macro CF_CLI(cmd, args, help) for defining CLI commands in .Y files. The first argument specifies the command itself, the remaining two arguments are copied to the help file (er, will be copied after the help file starts to exist). This macro automatically creates a skeleton rule for the command, you only need to append arguments as in: CF_CLI(STEAL MONEY, <$>, [[Steal <$> US dollars or equivalent in any other currency]]): NUM { cli_msg(0, "%d$ stolen", $3); } ; Also don't forget to reset lexer state between inputs.
1999-10-02Obvious bugs in authentication fixed.Pavel Machek
1999-08-03Basic support for IPv6. The system-dependent part doesn't work yet,Martin Mares
but the core routines are there and seem to be working. o lib/ipv6.[ch] written o Lexical analyser recognizes IPv6 addresses and when in IPv6 mode, treats pure IPv4 addresses as router IDs. o Router ID must be configured manually on IPv6 systems. o Added SCOPE_ORGANIZATION for org-scoped IPv6 multicasts. o Fixed few places where ipa_(hton|ntoh) was called as a function returning converted address.
1999-08-03Cleaned up handling of interface patterns:Martin Mares
o Parsing of interface patterns moved to generic code, introduced this_ipatt which works similarly to this_iface. o Interface patterns now support selection by both interface names and primary IP addresses. o Proto `direct' updated. o RIP updated as well, it also seems the memory corruption bug there is gone.
1999-05-31Added PASSIVE option to paswwords.Pavel Machek
1999-05-26Change format of passwords (less ;'s) and fix password.h to allowPavel Machek
multiple inclusions.
1999-05-26Skeleton for password handling, currently I only build structures andPavel Machek
do nothing more advanced for them