summaryrefslogtreecommitdiff
path: root/proto/babel
AgeCommit message (Collapse)Author
2023-02-19Babel: Update RFC referencesOndrej Zajicek
2023-02-14Babel: Keep separate auth PC counters for unicast and multicastToke Høiland-Jørgensen
The babel protocol normally sends all its messages as multicast packets, but the protocol specification allows most messages to be sent as either unicast or multicast, and the two can be mixed freely. In particular, the babeld implementation can be configured to unicast updates to all peers instead of sending them as unicast. Daniel discovered that this can cause problems with the packet counter checks in the MAC extension due to packet reordering. This happens on WiFi networks where clients have power save enabled (which is quite common in infrastructure networks): in this case, the access point will buffer all multicast traffic and only send it out along with its beacons, leading to a maximum buffering in default Linux-based access point configuration of up to 200 ms. This means that a Babel sender that mixes unicast and multicast messages can have the unicast messages overtake the multicast messages because of this buffering; when authentication is enabled, this causes the receiver to discard the multicast message when it does arrive because it now has a packet counter value less than the unicast message that arrived before it. Daniel observed that this happens frequently enough that Babel ceases to work entirely when runner over a WiFi network. The issue has been described in draft-ietf-babel-mac-relaxed, which is currently pending RFC publication. That also describes two mitigation mechanisms: Keeping separate PC counters for unicast and multicast, and using a reorder window for PC values. This patch implements the former as that is the simplest, and resolves the particular issue seen on WiFi. Thanks to Daniel Gröber for the bugreport. Minor changes from committer.
2023-02-14Babel: Implement IPv4 via IPv6 extension (RFC 9229)Andreas Rammhold
The patch implements an IPv4 via IPv6 extension (RFC 9229) to the Babel routing protocol (RFC 8966) that allows annoncing routes to an IPv4 prefix with an IPv6 next hop, which makes it possible for IPv4 traffic to flow through interfaces that have not been assigned an IPv4 address. The implementation is compatible with the current Babeld version. Thanks to Toke Høiland-Jørgensen for early review on this work. Minor changes from committer.
2023-01-31Babel: Initialise source seqno from incoming messageToke Høiland-Jørgensen
When creating a new babel_source object we initialise the seqno to 0. The caller will update the source object with the right metric and seqno value, for both newly created and old source objects. However if we initialise the source object seqno to 0 that may actually turn out to be a valid (higher) seqno than the one in the routing table, because of seqno wrapping. In this case the source metric will not be set properly, which breaks feasibility tracking for subsequent updates. To fix this, add a new initial_seqno argument to babel_get_source() which is used when allocating a new object, and set that to the seqno value of the update we're sending. Thanks to Juliusz Chroboczek for the bugreport.
2023-01-30Babel: Improve clarity of unfeasible update handling.Ondrej Zajicek
Add a comment and (unnecessary) check to make correctness obvious.
2023-01-30Babel: Fix missing modulo comparison of seqnosToke Høiland-Jørgensen
Juliusz noticed there were a couple of places we were doing straight inequality comparisons of seqnos in Babel. This is wrong because seqnos can wrap: so we need to use the modulo-64k comparison function for these cases as well. Introduce a strict-inequality version of the modulo-comparison for this purpose.
2023-01-22VRF: Fix issues with reconfigurationOndrej Zajicek
Protocols receive if_notify() announcements that are filtered according to their VRF setting, but during reconfiguration, they access iface_list directly and forgot to check VRF setting here, which leads to all interfaces be addedd. Fix this issue for Babel, OSPF, RAdv and RIP protocols. Thanks to Marcel Menzel for the bugreport.
2023-01-03Nest: Fix leaking internal attributes in RIP and BabelOndrej Zajicek
During backporting attribute changes from 3.0-branch, some internal attributes (RIP iface and Babel seqno) leaked to 'show route all' output. Allow protocols to hide specific attributes with GA_HIDDEN value. Thanks to Nigel Kukard for the bugreport.
2023-01-01Nest: Fix several issues with pflagsOndrej Zajicek
There were some confusion about validity and usage of pflags, which caused incorrect usage after some flags from (now removed) protocol- specific area were moved to pflags. We state that pflags: - Are secondary data used by protocol-specific hooks - Can be changed on an existing route (in contrast to copy-on-write for primary data) - Are irrelevant for propagation (not propagated when changed) - Are specific to a routing table (not propagated by pipe) The patch did these fixes: - Do not compare pflags in rte_same(), as they may keep cached values like BGP_REF_STALE, causing spurious propagation. - Initialize pflags to zero in rte_get_temp(), avoid initialization in protocol code, fixing at least two forgotten initializations (krt and one case in babel). - Improve documentation about pflags
2022-12-24Babel: Rework seqno request handlingToke Høiland-Jørgensen
The seqno request retransmission handling was tracking the destination that a forwarded request was being sent to and always retransmitting to that same destination. This is unnecessary because we only need to retransmit requests we originate ourselves, not those we forward on behalf of others; in fact retransmitting on behalf of others can lead to exponential multiplication of requests, which would be bad. So rework the seqno request tracking so that instead of storing the destination of a request, we just track whether it was a request that we forwarded on behalf of another node, or if it was a request we originated ourselves. Forwarded requests are not retransmitted, they are only used for duplicate suppression, and for triggering an update when satisfied. If we end up originating a request that we previously forwarded, we "upgrade" the old request and restart the retransmit counter. One complication with this is that requests sent in response to unfeasible updates (section 3.8.2.2 of the RFC) have to be sent as unicast to a particular peer. However, we don't really need to retransmit those as there's no starvation when sending such a request; so we just change such requests to be one-off unicast requests that are not subject to retransmission or duplicate suppression. This is the same behaviour as babeld has for such requests. Minor changes from committer.
2022-08-18Simplified the protocol hookup code in MakefilesMaria Matejka
2022-07-22Fixed a rarely used part of Babel: comparing two routes in table by their metricMaria Matejka
2022-07-11Merge commit 'beb5f78a' into backportMaria Matejka
2022-07-10Merge version 2.0.10 into backportMaria Matejka
2022-06-27Preexport callback now takes the channel instead of protocol as argumentMaria Matejka
Passing protocol to preexport was in fact a historical relic from the old times when channels weren't a thing. Refactoring that to match current extensibility needs.
2022-06-05Babel: Do not try to remove multicast seqno request objects from neighbour listOndrej Zajicek
The Babel seqno request code keeps track of which seqno requests are outstanding for a neighbour by putting them onto a per-neighbour list. When reusing a seqno request, it will try to remove this node, but if the seqno request in question was a multicast request with no neighbour attached this will result in a crash because it tries to remove a list node that wasn't added to any list. Fix this by making the list remove conditional. Also fix neighbor removal which were changing seqno requests to multicast ones instead of removing them. Fixes: ebd5751cdeb4 ("Babel: Seqno requests are properly decoupled from neighbors when the underlying interface disappears"). Based on the patch from Toke Høiland-Jørgensen <toke@toke.dk>, bug reported by Stefan Haller <stefan.haller@stha.de>, thanks.
2022-05-30Merge remote-tracking branch 'origin/master' into haugesund-to-2.0Maria Matejka
2022-04-22Babel: Fix compilation when LOCAL_DEBUG is set in packets.cToke Høiland-Jørgensen
The debug output was not updated with the rest of the code, so packets.c fails to compile if LOCAL_DEBUG is set.
2022-04-22Babel: Send out low-interval hello on shutdownToke Høiland-Jørgensen
When shutting down a Babel instance we send a wildcard retraction to make sure all peers can quickly switch to other route origins. Add another small optimisation borrowed from babeld: sending a Hello message (along with the retraction) with a very low interval. This will cause neighbours to modify their expiry timers for the node's state to quickly time it out, thus conserving resources in the network.
2022-04-06Protocols have their own explicit init routinesMaria Matejka
2022-04-06Slab allocator can free the blocks without knowing the parent structureMaria Matejka
2022-03-09Merge commit 'e42eedb9' into haugesundMaria Matejka
2022-03-09Merge commit '5cff1d5f' into haugesundMaria Matejka
Conflicts: proto/bgp/attrs.c proto/pipe/pipe.c
2022-03-09Merge commit 'd5a32563' into haugesundMaria Matejka
2022-02-27Babel: Fix bug in iface reconfigurationOndrej Zajicek (work)
A recent change in Babel causes ifaces to disappear after reconfiguration. The patch fixes that. Thanks to Johannes Kimmel for an insightful bugreport.
2022-02-06Nest: Attach prefix trie to rtable for faster LPM and interval queriesOndrej Zajicek (work)
Attach a prefix trie to IP/VPN/ROA tables. Use it for net_route() and net_roa_check(). This leads to 3-5x speedups for IPv4 and 5-10x speedup for IPv6 of these calls. TODO: - Rebuild the trie during rt_prune_table() - Better way to avoid trie_add_prefix() in net_get() for existing tables - Make it configurable (?)
2021-10-13Route: moved rte_src pointer from rta to rteMaria Matejka
It is an auxiliary key in the routing table, not a route attribute.
2021-10-13Preexport: No route modification, no linpool neededMaria Matejka
2021-10-13Preference moved to RTA and set explicitly in protocolsMaria Matejka
2021-10-13Babel: Convert the rte-local attributes to extended attributesMaria Matejka
2021-10-13IGP metric getter refactoring to protocol callbackMaria Matejka
Direct protocol hooks for IGP metric inside nest/rt-table.c make the protocol API unnecessarily complex. Instead, we use a proper callback.
2021-06-09Babel: Simplify auth expirationOndrej Zajicek (work)
Just use hello_expiry for that, keep init_expiry for initial unauthentized neighbors.
2021-06-06Babel: Add MAC authentication support - updateOndrej Zajicek (work)
Some cleanups and bugfixes to the previous patch, including: - Fix rate limiting in index mismatch check - Fix missing BABEL_AUTH_INDEX_LEN in auth_tx_overhead computation - Fix missing auth_tx_overhead recalculation during reconfiguration - Fix pseudoheader construction in babel_auth_sign() (sport vs fport) - Fix typecasts for ptrdiffs in log messages - Make auth log messages similar to corresponding RIP/OSPF ones - Change auth log messages for events that happen during regular operation to debug messages - Switch meaning of babel_auth_check*() functions for consistency with corresponding RIP/OSPF ones - Remove requirement for min/max key length, only those required by given MAC code are enforced
2021-06-06Babel: Add MAC authentication supportToke Høiland-Jørgensen
This implements support for MAC authentication in the Babel protocol, as specified by RFC 8967. The implementation seeks to follow the RFC as close as possible, with the only deliberate deviation being the addition of support for all the HMAC algorithms already supported by Bird, as well as the Blake2b variant of the Blake algorithm. For description of applicability, assumptions and security properties, see RFC 8967 sections 1.1 and 1.2.
2021-06-06Babel: Refactor TLV parsing code for easier reuseToke Høiland-Jørgensen
In preparation for adding authentication checks, refactor the TLV walking code so it can be reused for a separate pass of the packet for authentication checks.
2021-05-30Babel: Seqno requests are properly decoupled from neighbors when the ↵Maria Matejka
underlying interface disappears When an interface disappears, all the neighbors are freed as well. Seqno requests were anyway not decoupled from them, leading to strange segfaults. This fix adds a proper seqno request list inside neighbors to make sure that no pointer to neighbor is kept after free.
2021-05-10Babel: Log the reason when refusing to run on an interfaceOndrej Zajicek (work)
The babel protocol code checks whether iface supports multicast, and whether it has a link-local address assigned. However, it doesn not give any feedback if any of those checks fail, it just silently ignores the interface. Fix this by explicitly logging when multicast check fails. Based on patch from Toke Høiland-Jørgensen, thanks!
2020-11-24lib/slab: introduce sl_allocz() function and use it in BabelToke Høiland-Jørgensen
The babel protocol code was initialising objects returned from the slab allocator by assigning to each of the struct members individually, but wasn't touching the NODE member while doing so. This leads to warnings on debug builds since commit: baac7009063d ("List expensive check.") To fix this, introduce an sl_allocz() variant of the slab allocator which will zero out the memory before returning it, and switch all the babel call sites to use this version. The overhead for doing this should be negligible for small objects, and in the case of babel, the largest object being allocated was being zeroed anyway, so we can drop the memset in babel_read_tlv().
2020-06-28Show info from multiple protocols when protocol is not specifiedOndrej Zajicek (work)
Most commands like 'show ospf neighbors' fail when protocol is not specified and there are multiple instances of given protocol type. This is annoying in BIRD 2, as many protocols have IPv4 and IPv6 instances. The patch changes that by showing output from all protocol instances of appropriate type. Note that the patch also removes terminating cli_msg() call from these commands and moves it to the common iterating code.
2020-05-26Babel: Set onlink flag for IPv4 routes with unreachable next hopOndrej Zajicek (work)
If the next hop of a route is not a reachable address, the route should be installed as onlink. This enables a configuration common in mesh networks where the mesh interface is assigned a /32 and babel handles the routing by installing onlink routes. Thanks to Toke Hoiland-Jorgensen for the patch.
2020-05-01Nest: Added const to ea_show just to declare that this shouldn't really ↵Maria Matejka
change anything
2020-04-09Configuration strings are constant.Maria Matejka
This is merely a const propagation. There was no problem in there.
2019-07-03Dynamic attributes definition split whether it is bitmask or not.Maria Matejka
2019-03-18Merge branch 'master' into HEADMaria Matejka
2019-03-14Nest: Update handling of temporary attributesOndrej Zajicek (work)
The temporary atttributes are no longer removed by ea_do_prune(), but they are undefined by store_tmp_attrs() protocol hooks. This fixes several bugs where temporary attributes were removed when they should not or not removed when they should be. The flag EAF_TEMP is no longer needed and was removed. Update all protocol make_tmp_attrs() / store_tmp_attrs() hooks to use helper functions and to handle unset attributes properly. Also fix some related bugs like improper handling of empty eattr list.
2019-02-20Filter + Config: Fix bugs, tests and split symbols by typeMaria Matejka
2019-02-20Filter refactoring: dropped the recursion from the interpreterMaria Matejka
This is a major change of how the filters are interpreted. If everything works how it should, it should not affect you unless you are hacking the filters themselves. Anyway, this change should make a huge improvement in the filter performance as previous benchmarks showed that our major problem lies in the recursion itself. There are also some changes in nest and protocols, related mostly to spreading const declarations throughout the whole BIRD and also to refactored dynamic attribute definitions. The need of these came up during the whole work and it is too difficult to split out these not-so-related changes.
2018-12-14Doc: Rename code documentation files back to DocOndrej Zajicek (work)
2018-12-04Terminology cleanup: The import_control hook is now called preexport.Jan Maria Matejka
Once upon a time, far far away, there were the old Bird developers discussing what direction of route flow shall be called import and export. They decided to say "import to protocol" and "export to table" when speaking about a protocol. When speaking about a table, they spoke about "importing to table" and "exporting to protocol". The latter terminology was adopted in configuration, then also the bird CLI in commit ea2ae6dd0 started to use it (in year 2009). Now it's 2018 and the terminology is the latter. Import is from protocol to table, export is from table to protocol. Anyway, there was still an import_control hook which executed right before route export. One thing is funny. There are two commits in April 1999 with just two minutes between them. The older announces the final settlement on config terminology, the newer uses the other definition. Let's see their commit messages as the git-log tool shows them (the newer first): commit 9e0e485e50ea74c4f1c5cb65bdfe6ce819c2cee2 Author: Martin Mares <mj@ucw.cz> Date: Mon Apr 5 20:17:59 1999 +0000 Added some new protocol hooks (look at the comments for better explanation): make_tmp_attrs Convert inline attributes to ea_list store_tmp_attrs Convert ea_list to inline attributes import_control Pre-import decisions commit 5056c559c4eb253a4eee10cf35b694faec5265eb Author: Martin Mares <mj@ucw.cz> Date: Mon Apr 5 20:15:31 1999 +0000 Changed syntax of attaching filters to protocols to hopefully the final version: EXPORT <filter-spec> for outbound routes (i.e., those announced by BIRD to the rest of the world). IMPORT <filter-spec> for inbound routes (i.e., those imported by BIRD from the rest of the world). where <filter-spec> is one of: ALL pass all routes NONE drop all routes FILTER <name> use named filter FILTER { <filter> } use explicitly defined filter For all protocols, the default is IMPORT ALL, EXPORT NONE. This includes the kernel protocol, so that you need to add EXPORT ALL to get the previous configuration of kernel syncer (as usually, see doc/bird.conf.example for a bird.conf example :)). Let's say RIP to this almost 19-years-old inconsistency. For now, if you import a route, it is always from protocol to table. If you export a route, it is always from table to protocol. And they lived happily ever after.
2018-11-28Nest: Do not hard-reset interface when preferred address is changedOndrej Zajicek (work)
Modify protocols to use preferred address change notification instead on depending on hard-reset of interfaces in that case, and remove hard-reset in that case. This avoids issue when e.g. IPv6 protocol restarts interface when IPv4 preferred address changed (as hard-reset is unavoidable and common for whole iface). The patch also fixes a bug when removing last address does not send preferred address change notification.