| Age | Commit message (Collapse) | Author |
|---|
|
The RPKI protocol (RFC 6810) using the RTRLib
(http://rpki.realmv6.org/) that is integrated inside
the BIRD's code.
Implemeted transports are:
- unprotected transport over TCP
- secure transport over SSHv2
Example configuration of bird.conf:
...
roa4 table r4;
roa6 table r6;
protocol rpki {
debug all;
# Import both IPv4 and IPv6 ROAs
roa4 { table r4; };
roa6 { table r6; };
# Set cache server (validator) address,
# overwrite default port 323
remote "rpki-validator.realmv6.org" port 8282;
# Overwrite default time intervals
retry 10; # Default 600 seconds
refresh 60; # Default 3600 seconds
expire 600; # Default 7200 seconds
}
protocol rpki {
debug all;
# Import only IPv4 routes
roa4 { table r4; };
# Set cache server address to localhost,
# use default ports tcp => 323 or ssh => 22
remote 127.0.0.1;
# Use SSH transport instead of unprotected transport over TCP
ssh encryption {
bird private key "/home/birdgeek/.ssh/id_rsa";
remote public key "/home/birdgeek/.ssh/known_hosts";
user "birdgeek";
};
}
...
|
|
|
|
|
|
There are several unresolved -Wmissing-field-initializers on older
versions of GCC than 5.1, all of them false positive.
|
|
Some memory was being allocated from bad linpool, not from the given one
as they should.
Thanks to Madhu and Justin Cattle for reporting this.
|
|
Kernel protocol calls rt_export_merged(), which used @rte_update_pool for
temporary allocations, supposing it is called from other functions from
rt-table.c that handles locking and flushing of the linpool. Therefore,
linpool was not flushed properly and memory leaked.
Add linpool argument to rt_export_merged() and use @krt_filter_lp when
called from kernel protocol.
Thanks to Justin Cattle and Alexander Frolkin for the bugreport.
(Commit squashed and updated by Ondrej Zajicek)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Many protocols do almost the same when creating a rte_update request
before calling rte_update2(). This commit should simplify the protocol
side of the route-creation routine.
|
|
|
|
Fix reading from freed memory.
Free at: channel_set_state(c, CS_DOWN)
Read at: WALK_LIST2_DELSAFE(c, n, x, tab->channels, table_node)
==00:00:00:00.261 24718==
==00:00:09:31.755 24718== Invalid read of size 8
==00:00:09:31.755 24718== at 0x4061BA: rt_prune_table (rt-table.c:1688)
==00:00:09:31.755 24718== by 0x405D5E: rt_event (rt-table.c:1559)
==00:00:09:31.755 24718== by 0x45D089: ev_run (event.c:85)
==00:00:09:31.755 24718== by 0x45D158: ev_run_list (event.c:142)
==00:00:09:31.755 24718== by 0x462814: io_loop (io.c:2412)
==00:00:09:31.755 24718== by 0x468712: main (main.c:833)
==00:00:09:31.755 24718== Address 0x5601538 is 136 bytes inside a block of size 304 free'd
==00:00:09:31.755 24718== at 0x4C29D2A: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==00:00:09:31.755 24718== by 0x46FF3E: rfree (resource.c:166)
==00:00:09:31.755 24718== by 0x470309: mb_free (resource.c:415)
==00:00:09:31.755 24718== by 0x406A6B: rt_unlock_table (rt-table.c:1921)
==00:00:09:31.755 24718== by 0x40DAE3: channel_do_down (proto.c:297)
==00:00:09:31.755 24718== by 0x40DD46: channel_set_state (proto.c:359)
==00:00:09:31.755 24718== by 0x4061AD: rt_prune_table (rt-table.c:1692)
==00:00:09:31.755 24718== by 0x405D5E: rt_event (rt-table.c:1559)
==00:00:09:31.755 24718== by 0x45D089: ev_run (event.c:85)
==00:00:09:31.755 24718== by 0x45D158: ev_run_list (event.c:142)
==00:00:09:31.755 24718== by 0x462814: io_loop (io.c:2412)
==00:00:09:31.755 24718== by 0x468712: main (main.c:833)
==00:00:09:31.755 24718== Block was alloc'd at
==00:00:09:31.755 24718== at 0x4C28C10: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==00:00:09:31.755 24718== by 0x470FBC: bird_xmalloc (xmalloc.c:29)
==00:00:09:31.755 24718== by 0x4701E6: mb_alloc (resource.c:339)
==00:00:09:31.755 24718== by 0x406C29: rt_commit (rt-table.c:1977)
==00:00:09:31.755 24718== by 0x45C36D: config_do_commit (conf.c:269)
==00:00:09:31.755 24718== by 0x45C545: config_commit (conf.c:361)
==00:00:09:31.755 24718== by 0x4686F9: main (main.c:822)
==00:00:09:31.755 24718==
|
|
The patch adds support for channels, structures connecting protocols and
tables and handling most interactions between them. The documentation is
missing yet.
|
|
Thanks to Ondrej Zajicek for his support with writing this code.
|
|
|
|
|
|
|
|
Returned user data pointers have offset relative to fib_node.
|
|
Minor changes by Ondrej Santiago Zajicek
|
|
Multiple changes by Ondrej Santiago Zajicek
|
|
Explicit setting of AF_INET(6|) in IP socket creation. BFD set to listen
on v6, without setting the V6ONLY flag to catch both v4 and v6 traffic.
Squashing and minor changes by Ondrej Santiago Zajicek
|
|
|
|
|
|
When a table is removed during reconfiguration, a reference was not
cleared in the old configuration, which breaks undo.
|
|
Symbol lookup by cf_find_symbol() not only did the lookup but also added
new void symbols allocated from cfg_mem linpool, which gets broken when
lookups are done outside of config parsing, which may lead to crashes
during reconfiguration.
The patch separates lookup-only cf_find_symbol() and config-modifying
cf_get_symbol(), while the later is called only during parsing. Also
new_config and cfg_mem global variables are NULLed outside of parsing.
|
|
New data types net_addr and variants (in lib/net.h) describing
network addresses (prefix/pxlen). Modifications of FIB structures
to handle these data types and changing everything to use these
data types instead of prefix/pxlen pairs where possible.
The commit is WiP, some protocols are not yet updated (BGP, Kernel),
and the code contains some temporary scaffolding.
Comments are welcome.
|
|
The new RIP implementation fixes plenty of old bugs and also adds support
for many new features: ECMP support, link state support, BFD support,
configurable split horizon and more. Most options are now per-interface.
|
|
Kernel option 'merge paths' allows to merge routes exported to kernel
protocol (currently BGP and static routes) to multipath routes.
|
|
In some cases, export filter accessed attributes of a different route.
|
|
|
|
|
|
Related to changes from previous patch.
|
|
In some circumstances during reconfiguration, routes propagated by pipes
to other tables may hang there even after the primary routes are removed.
There is already a workaround for this issue in the code which removes
these stale routes by flush process when source protocols are shut down.
This patch is a cleaner fix and allows to simplify the flush process
|
|
Thanks to Alexander Chernikov for the patch.
|
|
Message 'Network not in table' was not reported if a network node without
any routes was found in a routing table.
|
|
Shows routes that would be exported to the protocol but are rejected by
the export filter.
|
|
|
|
|
|
|
|
Also significant core protocol state changes needed for that,
global graceful restart recovery state and kernel proto support
for recovery.
|
|
Conflicts:
filter/filter.c
nest/proto.c
nest/rt-table.c
proto/bgp/bgp.h
proto/bgp/config.Y
|
|
|
|
When route was propagated to another rtable through a pipe and then the
pipe was reconfigured softly in such a way that any subsequent route
updates are filtered, then the source protocol shutdown didn't clean up
the route in the second rtable which caused stale routes and potential
crashes.
|
|
Temporary dummy routes created by a kernel protocol during routing table
scan get mixed with real routes propagated from another kernel protocol
through a pipe.
|
|
related to a respective protocol.
|
|
The RAdv protocol could be configured to change its behavior based on
availability of routes, e.g., do not announce router lifetime when a
default route is not available.
|
|
They have different behavior w.r.t. filtered routes that are kept.
|
