summaryrefslogtreecommitdiff
path: root/proto/babel/packets.c
AgeCommit message (Collapse)Author
2023-04-14Merge commit 'ee919658' into thread-next-ifaceMaria Matejka
2023-04-04Sockets: Unified API for main and other loopsMaria Matejka
Now sk_open() requires an explicit IO loop to open the socket in. Also specific functions for socket RX pause / resume are added to allow for BGP corking. And last but not least, socket reloop is now synchronous to resolve weird cases of the target loop stopping before actually picking up the relooped socket. Now the caller must ensure that both loops are locked while relooping, and this way all sockets always have their respective loop.
2023-02-14Babel: Keep separate auth PC counters for unicast and multicastToke Høiland-Jørgensen
The babel protocol normally sends all its messages as multicast packets, but the protocol specification allows most messages to be sent as either unicast or multicast, and the two can be mixed freely. In particular, the babeld implementation can be configured to unicast updates to all peers instead of sending them as unicast. Daniel discovered that this can cause problems with the packet counter checks in the MAC extension due to packet reordering. This happens on WiFi networks where clients have power save enabled (which is quite common in infrastructure networks): in this case, the access point will buffer all multicast traffic and only send it out along with its beacons, leading to a maximum buffering in default Linux-based access point configuration of up to 200 ms. This means that a Babel sender that mixes unicast and multicast messages can have the unicast messages overtake the multicast messages because of this buffering; when authentication is enabled, this causes the receiver to discard the multicast message when it does arrive because it now has a packet counter value less than the unicast message that arrived before it. Daniel observed that this happens frequently enough that Babel ceases to work entirely when runner over a WiFi network. The issue has been described in draft-ietf-babel-mac-relaxed, which is currently pending RFC publication. That also describes two mitigation mechanisms: Keeping separate PC counters for unicast and multicast, and using a reorder window for PC values. This patch implements the former as that is the simplest, and resolves the particular issue seen on WiFi. Thanks to Daniel Gröber for the bugreport. Minor changes from committer.
2023-02-14Babel: Implement IPv4 via IPv6 extension (RFC 9229)Andreas Rammhold
The patch implements an IPv4 via IPv6 extension (RFC 9229) to the Babel routing protocol (RFC 8966) that allows annoncing routes to an IPv4 prefix with an IPv6 next hop, which makes it possible for IPv4 traffic to flow through interfaces that have not been assigned an IPv4 address. The implementation is compatible with the current Babeld version. Thanks to Toke Høiland-Jørgensen for early review on this work. Minor changes from committer.
2022-05-30Merge remote-tracking branch 'origin/master' into haugesund-to-2.0Maria Matejka
2022-04-22Babel: Fix compilation when LOCAL_DEBUG is set in packets.cToke Høiland-Jørgensen
The debug output was not updated with the rest of the code, so packets.c fails to compile if LOCAL_DEBUG is set.
2022-04-06Slab allocator can free the blocks without knowing the parent structureMaria Matejka
2021-06-06Babel: Add MAC authentication support - updateOndrej Zajicek (work)
Some cleanups and bugfixes to the previous patch, including: - Fix rate limiting in index mismatch check - Fix missing BABEL_AUTH_INDEX_LEN in auth_tx_overhead computation - Fix missing auth_tx_overhead recalculation during reconfiguration - Fix pseudoheader construction in babel_auth_sign() (sport vs fport) - Fix typecasts for ptrdiffs in log messages - Make auth log messages similar to corresponding RIP/OSPF ones - Change auth log messages for events that happen during regular operation to debug messages - Switch meaning of babel_auth_check*() functions for consistency with corresponding RIP/OSPF ones - Remove requirement for min/max key length, only those required by given MAC code are enforced
2021-06-06Babel: Add MAC authentication supportToke Høiland-Jørgensen
This implements support for MAC authentication in the Babel protocol, as specified by RFC 8967. The implementation seeks to follow the RFC as close as possible, with the only deliberate deviation being the addition of support for all the HMAC algorithms already supported by Bird, as well as the Blake2b variant of the Blake algorithm. For description of applicability, assumptions and security properties, see RFC 8967 sections 1.1 and 1.2.
2021-06-06Babel: Refactor TLV parsing code for easier reuseToke Høiland-Jørgensen
In preparation for adding authentication checks, refactor the TLV walking code so it can be reused for a separate pass of the packet for authentication checks.
2020-11-24lib/slab: introduce sl_allocz() function and use it in BabelToke Høiland-Jørgensen
The babel protocol code was initialising objects returned from the slab allocator by assigning to each of the struct members individually, but wasn't touching the NODE member while doing so. This leads to warnings on debug builds since commit: baac7009063d ("List expensive check.") To fix this, introduce an sl_allocz() variant of the slab allocator which will zero out the memory before returning it, and switch all the babel call sites to use this version. The overhead for doing this should be negligible for small objects, and in the case of babel, the largest object being allocated was being zeroed anyway, so we can drop the memset in babel_read_tlv().
2018-06-13Babel: Fix handling of missing IPv4 next hopsOndrej Zajicek (work)
In case of missing IPv4 next hop, we should skip such routes on transmit and ignore such routes on receive. Thanks to Julian Schuh for the bugreport and Toke Hoiland-Jorgensen for the original patch.
2018-02-13Babel: Add source-specific routing supportOndrej Zajicek (work)
This patch adds support for source-specific routing to the Babel protocol. It changes the protocol to support both NET_IP6 and NET_IP6_SADR channels for IPv6 addresses. If only a NET_IP6 channel is configured, source-specific updates are ignored. Otherwise, non-source-specific routes are simply treated as source-specific routes with SADR prefix 0. Thanks to Toke Hoiland-Jorgensen for the original patch. Minor changes by Ondrej Santiago Zajicek.
2017-12-07Merge commit '1e8721e2aeccfbc3f533e8b8abc07582cee77e9a' into int-newOndrej Zajicek (work)
2017-12-07Merge commit '7b2c5f3d2826e3175bf31b1c36056c9efc587a2b' into int-newOndrej Zajicek (work)
2017-12-07Babel: More changes and bugfixesOndrej Zajicek (work)
Several changes and bugfixes in Babel, namely: - Exported route parameters stored directly in route table entry - Exported non-babel routes no longer stored in per-entry route list - Route update, selection and retraction simplified and fixed - Route feasibility is evalualated per update and stored with route - Unreachable route handling fixed, based on hold interval - Added 'show babel routes' command Overall, it fixes some issues with proper propagation of triggered updates, making Babel convergence after topology change almost instant.
2017-12-07Babel: Fix handling of IPv4 retractionsOndrej Zajicek (work)
Babel TLV parsing code rejected IPv4 retractions without next-hop, although next-hop is needed just for regular updates.
2017-12-07Babel: Update to new timersOndrej Zajicek (work)
2017-12-07Nest: Maintain separate IPv4, IPv6 and LLv6 preferred addressesOndrej Zajicek (work)
Also redesign preferred address selection and update protocols to use appropriate preferred address. Based on a previous work by Jan Maria Matejka.
2017-11-28Babel: Parse flags in Hello TLVOndrej Zajicek (work)
RFC6126bis introduces a flags field for the Hello TLV, and adds a unicast flag that is used to signify that a hello was sent as unicast. This adds parsing of the flags field and ignores such unicast hellos, which preserves compatibility until we can add a proper implementation of the unicast hello mechanism. Thanks to Toke Hoiland-Jorgensen for the patch.
2017-09-19BGP: Shutdown communication (RFC 8203)Ondrej Zajicek (work)
The patch implements BGP Administrative Shutdown Communication (RFC 8203) allowing BGP operators to pass messages related to BGP session administrative shutdown/restart. It handles both transmit and receive of shutdown messages. Messages are logged and may be displayed by show protocol all command. Thanks to Job Snijders for the basic patch.
2017-09-06Basic VRF supportOndrej Zajicek (work)
Add basic VRF (virtual routing and forwarding) support. Protocols can be associated with VRFs, such protocols will be restricted to interfaces assigned to the VRF (as reported by Linux kernel) and will use sockets bound to the VRF. E.g., different multihop BGP instances can use diffent kernel routing tables to handle BGP TCP connections. The VRF support is preliminary, currently there are several limitations: - Recent Linux kernels (4.11) do not handle correctly sockets bound to interaces that are part of VRF, so most protocols other than multihop BGP do not work. This will be fixed by future kernel versions. - Neighbor cache ignores VRFs. Breaks config with the same prefix on local interfaces in different VRFs. Not much problem as single hop protocols do not work anyways. - Olock code ignores VRFs. Breaks config with multiple BGP peers with the same IP address in different VRFs. - Incoming BGP connections are not dispatched according to VRFs. Breaks config with multiple BGP peers with the same IP address in different VRFs. Perhaps we would need some kernel API to read VRF of incoming connection? Or probably use multiple listening sockets in int-new branch. - We should handle master VRF interface up/down events and perhaps disable associated protocols when VRF goes down. Or at least disable associated interfaces. - Also we should check if the master iface is really VRF iface and not some other kind of master iface. - BFD session request dispatch should be aware of VRFs. - Perhaps kernel protocol should read default kernel table ID from VRF iface so it is not necessary to configure it. - Perhaps we should have per-VRF default table.
2017-06-14Babel: Fix pointer arithmetic in subtlv parsingOndrej Zajicek (work)
The subtlv parsing code was doing byte-based arithmetic with non-void pointers, causing it to read beyond the end of the packet. Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
2017-06-09Babel: Parse sub-TLVs and skip TLVs with mandatory sub-TLVOndrej Zajicek (work)
RFC6126bis formally introduces sub-TLVs to the Babel protocol, including mandatory sub-TLVs. This adds support for parsing sub-TLVs to the Babel protocol and skips TLVs that contain mandatory sub-TLVs, as per the spec. For details, see section 4.4 of https://tools.ietf.org/html/draft-ietf-babel-rfc6126bis-02 Thanks to Toke Høiland-Jørgensen <toke@toke.dk> for the patch.
2017-06-09Babel: Implement IPv6 prefix compression on outgoing updatesOndrej Zajicek (work)
Previously, the Babel protocol would never use prefix compression on outgoing updates (but would parse it on incoming ones). This adds compression of IPv6 addresses of outgoing updates. The compression only works to the extent that the FIB is walked in lexicographic order; i.e. a prefix is only compressed if it shares bytes with the previous prefix in the same packet. Thanks to Toke Høiland-Jørgensen <toke@toke.dk> for the patch.
2017-06-08Babel: Add support for dual-stack IPv4/IPv6 operationOndrej Zajicek (work)
This adds support for dual-stack v4/v6 operation to the Babel protocol. Routing messages will be exchanged over IPv6, but IPv4 routes can be carried in the messages being exchanged. This matches how the reference Babel implementation (babeld) works. The nexthop address for v4 can be configured per interface, and will default to the first available IPv4 address on the given interface. For symmetry, a configuration option to configure the IPv6 nexthop address is also added. Thanks to Toke Høiland-Jørgensen <toke@toke.dk> for the patch.
2016-12-10Babel: Update to integrated branchOndrej Zajicek (work)
2016-11-01Build: switch on -Wextra, get rid of most of the warningsJan Moskyto Matejka
There are several unresolved -Wmissing-field-initializers on older versions of GCC than 5.1, all of them false positive.
2016-07-19Babel: Send wildcard retractions on shutdown and startupOndrej Zajicek (work)
This makes BIRD send a wildcard retraction on all interfaces before shutting down and right after starting up. This helps ensure that neighbours will discard the announced routes as soon as possible, rather than only after the normal timeout procedures. Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
2016-07-19Babel: Rework handling of retractionsOndrej Zajicek (work)
An update with wildcard AE and infinite metric should be treated as a global retraction of all prefixes announced by that neighbour, per section 4.4.9 of the RFC. In addition, router ID and seqno in retraction updates should be ignored. This reworks the handling of retractions and adjusts the parser to handle all this correctly. Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
2016-04-28Add the Babel routing protocol (RFC 6126)Ondrej Zajicek (work)
This patch implements the IPv6 subset of the Babel routing protocol. Based on the patch from Toke Hoiland-Jorgensen, with some heavy modifications and bugfixes. Thanks to Toke Hoiland-Jorgensen for the original patch.