summaryrefslogtreecommitdiff
path: root/proto/rpki
AgeCommit message (Collapse)Author
2021-12-18RPKI: Add contextual out-of-bound checks in RTR Prefix PDU handlerJob Snijders
RFC 6810 and RFC 8210 specify that the "Max Length" value MUST NOT be less than the Prefix Length element (underflow). On the other side, overflow of the Max Length element also is possible, it being an 8-bit unsigned integer allows for values larger than 32 or 128. This also implicitly ensures there is no overflow of "Length" value. When a PDU is received where the Max Length field is corrputed, the RTR client (BIRD) should immediately terminate the session, flush all data learned from that cache, and log an error for the operator. Minor changes done by commiter.
2021-06-17Nest: Clean up main channel handlingOndrej Zajicek (work)
Remove assumption that main channel is the only channel.
2021-03-17RPKI: Improve error handling of DNS resolverOndrej Zajicek (work)
2021-01-07RPKI: Remove port (and SSH username) from 'Cache server' output lineOndrej Zajicek (work)
It was mixed-up if hostname is IPv6 address, and reporting separate values (like port) on separate lines fits better into key-value style of 'show protocols all' output. Also, the patch simplifies transport identification formatting (although it is unused now). Thanks to Alarig Le Lay for the suggestion.
2020-10-11RPKI: Add 'ignore max length' optionOndrej Zajicek (work)
Add 'ignore max length' option to RPKI protocol, which ignores received max length in ROA records and instead uses max value (32 or 128). This may be useful for implementing loose RPKI check for blackholes.
2020-06-03RPKI: Fix unnecessary reconnection on reconfigurationKazuki Yamaguchi
Compare the new timing parameters with the old configuration, not with the temporary state of the current connection. The timing values in struct rpki_cache is updated by a version 1 End Of Data PDU, unless this behavior is suppressed by the configuration explicitly by the "keep" keyword. Consequently, every reconfiguration of BIRD triggers a reconnection even if it is not necessary.
2020-05-01RPKI: fixed rare va_list leakMaria Matejka
2020-02-04RPKI: Allow build without libSSHMaria Matejka
2019-10-19RPKI: Fix handling of IPv6 cache addressesOndrej Zajicek (work)
The old code used just sizeof(struct sockaddr) bytes of IP address.
2019-07-29RPKI: Fix allocation of hostname when using an IPv6 addressVincent Bernat
2019-07-23RPKI: Fix reconfiguration when ssh parameters are undefinedOndrej Zajicek (work)
2018-06-26Config: Dropping CF_ADDTO.Jan Maria Matejka
2018-05-29Protocol: Introducing an enum protocol_classJan Maria Matejka
This supersedes the EAP_* constants.
2018-01-10Use non-fatal asserts even for regular buildOndrej Zajicek (work)
2018-01-09Nest: Allow modification of channels inherited from templatesOndrej Zajicek (work)
Multiple definitions of same channels are forbidden, but inherited channel can be redefined. In such case channel options are merged.
2017-12-07Timers: Revert temporary names and remove old timer.hOndrej Zajicek (work)
2017-12-07Timers: Add typecast to unit-converting macrosOndrej Zajicek (work)
2017-12-07RPKI: Update to new timersOndrej Zajicek (work)
2017-12-07Timers: Show sub-second times in some protocol outputsOndrej Zajicek (work)
2017-12-07Timers: Replace old timers with microsecond timersOndrej Zajicek (work)
The old timer interface is still kept, but implemented by new timers. The plan is to switch from the old inteface to the new interface, then clean it up.
2017-04-18Check validity of dest w.r.t. net_typeOndrej Zajicek (work)
Allow to define static roa/flow routes without dest.
2017-02-22Merge branch 'int-new' into nexthop-mergedJan Moskyto Matejka
2017-02-20Several minor fixesOndrej Zajicek (work)
2016-12-22Removing (struct rta)->cast. Never used.Jan Moskyto Matejka
2016-12-13Minor cleanupsOndrej Zajicek (work)
2016-12-07RPKI: fixed some of the extended warningsJan Moskyto Matejka
2016-12-07LibSSH may be switched off together with RPKIJan Moskyto Matejka
2016-12-07RPKI protocol with one cache server per protocolPavel TvrdĂ­k
The RPKI protocol (RFC 6810) using the RTRLib (http://rpki.realmv6.org/) that is integrated inside the BIRD's code. Implemeted transports are: - unprotected transport over TCP - secure transport over SSHv2 Example configuration of bird.conf: ... roa4 table r4; roa6 table r6; protocol rpki { debug all; # Import both IPv4 and IPv6 ROAs roa4 { table r4; }; roa6 { table r6; }; # Set cache server (validator) address, # overwrite default port 323 remote "rpki-validator.realmv6.org" port 8282; # Overwrite default time intervals retry 10; # Default 600 seconds refresh 60; # Default 3600 seconds expire 600; # Default 7200 seconds } protocol rpki { debug all; # Import only IPv4 routes roa4 { table r4; }; # Set cache server address to localhost, # use default ports tcp => 323 or ssh => 22 remote 127.0.0.1; # Use SSH transport instead of unprotected transport over TCP ssh encryption { bird private key "/home/birdgeek/.ssh/id_rsa"; remote public key "/home/birdgeek/.ssh/known_hosts"; user "birdgeek"; }; } ...