Age | Commit message (Collapse) | Author |
|
|
|
Although standard says that if we receive AS_PATH_CONFED_*
(and we are not a part of a confederation) segment, we should
drop session, nobody does that and it is unwise to do that.
Now we drop session just in case that peer ASN is in
AS_PATH_CONFED_* segment (to detect peer that considers BIRD
as a part of its confederation).
|
|
|
|
|
|
|
|
Also does some reorganization in RT LSA announcement.
|
|
|
|
|
|
The difference is here to reject incoming connections in the
first case.
|
|
|
|
|
|
|
|
routes.
|
|
This also ensures that misconfigured routers (one side
ptp and one side broadcast) do not make adjacency.
|
|
|
|
Allows to add more interface patterns to one common 'options'
section like:
interface "eth3", "eth4" { options common to eth3 and eth4 };
Also removes undocumented and unnecessary ability to specify
more interface patterns with different 'options' sections:
interface "eth3" { options ... }, "eth4" { options ... };
|
|
|
|
|
|
When sending 'third party' BGP update, Bird used bogus link local
addresses instead of addresses it received before.
|
|
options.
|
|
Also removes code skipping SNPAs
(obsoleted by newer RFCs, should be ignored).
|
|
|
|
|
|
|
|
Cryptographic authentication in OSPF is defective by
design - there might be several packets independently
sent to the network (for example HELLO, LSUPD and LSACK)
where they might be reordered and that causes crypt.
sequence number error.
That can be workarounded by not incresing sequence number
too often. Now we update it only when last packet was sent
before at least one second. This can constitute a risk of
replay attacks, but RFC supposes something similar (like time
in seconds used as CSN).
|
|
If a DBDES packet from a master to a slave is lost, then the old code
does not retransmit it and instead send a next one with the same
sequence number. That leads to silent desynchronization of LSA
databases.
|
|
Replaces old OSPF packet tracing messages with
uniform messages with packet dumps.
|
|
AS4 optional attribute errors were handled by session
drop (according to BGP RFC). This patch implements
error handling according to new BGP AS4 draft (*)
- ignoring invalid AS4 optional attributes.
(*) http://www.ietf.org/internet-drafts/draft-chen-rfc4893bis-02.txt
|
|
Add 'capabilities' option, change default behavior to advertise ipv4,
add some checks and ignore incoming capabilities when capabilities
are disabled.
|
|
|
|
This patch extends the length for attributes from 1024 to 2048
(because both AS_PATH and AS4_PATH attributes take 2+4 B per AS).
If there is not enough space for attributes, Bird skips that
route group. Old behavior (skipping remaining attributes)
leads to skipping required attributes and session drop.
|
|
|
|
When slave was in full state, it didn't retransmit
lost packets. That leads to OSPF connection locked
in states loading-full.
|
|
|
|
When packet was lost during dbdes exchange, slave did not retransmit
it. That leads to OSPF connection locked in states exchange-exstart.
|
|
|
|
|
|
|
|
When OSPF neighbor state drops down to EXSTART,
clear LSA request and retransmit lists, as specified
by RFC. I hope that this will prevent oscillations
between EXSTART and LOADING states, which sometimes
happened.
It also contains related fix from Yury Shevchuk that
properly resets DB summary list iterator.
|
|
|
|
|
|
|
|
Checksum was not recalculated when LSA was changed and
packets with bad checksum were sent.
|
|
When capability related error is received, next connect will be
without capabilities. Also cease error subcodes descriptions
(according to [RFC4486]) are added.
|
|
BGP keeps its copy of configuration ptr and didn't update it during
reconfiguration. But old configuration is freed during reconfiguration.
That leads to unnecessary reset of BGP connection during reconfiguration
(old conf is corrupted and therefore different) and possibly other strange
behavior.
|
|
Fixes two race conditions causing crash of Bird, several unhandled
cases during BGP initialization, and some other bugs. Also changes
handling of startup delay to be more useful and implement
reporting of last error in 'show protocols' command.
|
|
This patch fixes it.
|
|
|
|
values for MD5 password ID changed during reconfigure, Second
bug is that BIRD chooses password in first-fit manner, but RFC
says that it should use the one with the latest generate-from.
It also modifies the syntax for multiple passwords.
Now it is possible to just add more 'password' statements
to the interface section and it is not needed to use
'passwords' section. Old syntax can be used too.
|
|
|