summaryrefslogtreecommitdiff
path: root/proto
AgeCommit message (Collapse)Author
2017-09-12Nest: VRF support for neighbor cache and olock codeOndrej Zajicek (work)
Actually much simpler than expected.
2017-09-06Basic VRF supportOndrej Zajicek (work)
Add basic VRF (virtual routing and forwarding) support. Protocols can be associated with VRFs, such protocols will be restricted to interfaces assigned to the VRF (as reported by Linux kernel) and will use sockets bound to the VRF. E.g., different multihop BGP instances can use diffent kernel routing tables to handle BGP TCP connections. The VRF support is preliminary, currently there are several limitations: - Recent Linux kernels (4.11) do not handle correctly sockets bound to interaces that are part of VRF, so most protocols other than multihop BGP do not work. This will be fixed by future kernel versions. - Neighbor cache ignores VRFs. Breaks config with the same prefix on local interfaces in different VRFs. Not much problem as single hop protocols do not work anyways. - Olock code ignores VRFs. Breaks config with multiple BGP peers with the same IP address in different VRFs. - Incoming BGP connections are not dispatched according to VRFs. Breaks config with multiple BGP peers with the same IP address in different VRFs. Perhaps we would need some kernel API to read VRF of incoming connection? Or probably use multiple listening sockets in int-new branch. - We should handle master VRF interface up/down events and perhaps disable associated protocols when VRF goes down. Or at least disable associated interfaces. - Also we should check if the master iface is really VRF iface and not some other kind of master iface. - BFD session request dispatch should be aware of VRFs. - Perhaps kernel protocol should read default kernel table ID from VRF iface so it is not necessary to configure it. - Perhaps we should have per-VRF default table.
2017-08-30RAdv: Some style nitpicksOndrej Zajicek (work)
2017-08-30RAdv: Configure how long a dead prefix is advertisedMichal 'vorner' Vaner
2017-08-30RAdv: Buffer prefixes awhile after they disappearMichal 'vorner' Vaner
Keep a cache of all the relevant prefixes we send out. When a prefix appears, insert it into the cache. If it dies, keep it there for a while, marked as dead. Send out the dead prefixes with zero lifetime.
2017-08-30RAdv: Extract prefix option preparationMichal 'vorner' Vaner
Put the prefix option preparation into a separate function. We're going to reuse that bit of code.
2017-08-09RAdv: Fix typoOndrej Zajicek (work)
2017-08-09RAdv: Style updatesMichal 'vorner' Vaner
Adapt the naming conventions to be a bit closer to the other protocols. proto_radv -> radv_proto struct radv_proto *ra -> struct radv_proto *p struct proto *p -> struct proto *P
2017-08-09radv: Fix RFC reference in commentsMichal 'vorner' Vaner
2017-03-14BGP: Allow to specify interface for regular sessionsOndrej Zajicek (work)
This may be useful if multple interfaces share the same network range. Thanks to Fritz Grimpen for the original patch.
2017-03-14BGP: Fix bug in ADD_PATHOndrej Zajicek (work)
When a BGP session with ADD_PATH is restarted and the neighbor do not announce ADD_PATH capability during reconnect, the accept_ra_types is still set to RA_ANY. Thanks to Lennert Buytenhek for the bugreport
2017-02-23BGP: Allow exchanging LOCAL_PREF with eBGP peersOndrej Zajicek (work)
Adds option 'allow bgp_local_pref' to override the usual restriction of LOCAL_PREF on eBGP sessions. Thanks to Lennert Buytenhek for the patch.
2017-02-19BGP: Update RFC referencesOndrej Zajicek (work)
2017-02-17Static: Fix bug in static route filter expressionsOndrej Zajicek (work)
During reconfiguration, old and new filter expressions in static routes are compared using i_same() function. When filter expressions contain function calls, it is necessary that old filter expressions are the second argument in i_same(), as it is internally modified by i_same(). Otherwise pointers to old (and freed) data appear in the config structure. Thanks to Lennert Buytenhek for tracking and reporting the bug.
2016-12-15OSPF: Fix ECMP external mergingOndrej Zajicek (work)
The variable nfa is not cleaned before each loop iteration and can have a wrong value of nfa.nhs_reuse from the previous step. Thanks to Bernardo Figueiredo for the bugreport and analysis.
2016-12-13OSPF: Fix net-summary origination combined with stubnet optionOndrej Zajicek (work)
Stubnet nodes in OSPF FIB were removed during rt_sync(), but the pointer remained in top_hash_entry.nf, so net-summary LSA origination was confused, reported 'LSA ID collision' and net-summary LSAs were not originated properly. Thanks to Naveen Chowdary Yerramneni for bugreport and analysis.
2016-11-25BGP: Fix memory leak in graceful restart codeOndrej Zajicek (work)
Prefix and bucket tables are initialized when entering established state but not explicitly freed when leaving it (that is handled by protocol restart). With graceful restart, BGP may enter and leave established state multiple times without hard protocol restart causing memory leak.
2016-11-15BGP: Cluster list item should be prependedOndrej Zajicek (work)
Commit 3c09af41... changed behavior of int_set_add() from prepend to append, which makes more sense for community list, but prepend must be used for cluster list. Add int_set_prepend() and use it in cluster list handling code.
2016-11-08Minor code cleanupsOndrej Zajicek (work)
2016-11-02BFD: AuthenticationOndrej Zajicek (work)
Implement BFD authentication (part of RFC 5880). Supports plaintext passwords and cryptographic MD5 / SHA-1 authentication. Based on former commit from Pavel Tvrdik
2016-11-02OSPF: Use message authentication interfaceOndrej Zajicek (work)
Based on former commit from Pavel Tvrdik
2016-11-02RIP: Use message authentication interfaceOndrej Zajicek (work)
Based on former commit from Pavel Tvrdik
2016-11-02Nest: Add support for MAC algorithms in grammarPavel Tvrdík
2016-11-02Add generic message authentication interfaceOndrej Zajicek (work)
Add generic interface for generating and verifying MACs (message authentication codes). Replace multiple HMAC implementation with a generic one.
2016-11-01Build: switch on -Wextra, get rid of most of the warningsJan Moskyto Matejka
There are several unresolved -Wmissing-field-initializers on older versions of GCC than 5.1, all of them false positive.
2016-10-27IANA assigned a different number to large BGP communities - changed.Ondrej Filip
2016-10-03BGP: Support for large communitiesOndrej Zajicek (work)
Add support for large communities (draft-ietf-idr-large-community), 96bit alternative to RFC 1997 communities. Thanks to Matt Griswold for the original patch.
2016-09-15BFD: Fix invalid read from pollfd arrayPavel Tvrdik
It is possible that sockets_add() are called between sockets_prepare() and sockets_fire() during poll loop in birdloop_main(), so we need to use loop->poll_fd.used instead of loop->sock_num to find the last field.
2016-09-14Nest: Keep multipath next hops sortedOndrej Zajicek (work)
2016-07-20Babel: Immediately update hello interval on interface reconfigureOndrej Zajicek (work)
An interface reconfiguration may change both the hello and update intervals. An update interval change is immediately put into effect, while a hello interval change is not. This also updates the hello interval immediately (if the new interval is shorter than the old one), and sends a hello to notify peers of the change. Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
2016-07-19Babel: Do not maintain feasibility distance for our own routesOndrej Zajicek (work)
We do not need to maintain feasibility distances for our own router ID (we ignore the updates anyway). Not doing so makes the routes be garbage collected sooner when export filters change. Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
2016-07-19Babel: Do not keep an infeasible route as selectedOndrej Zajicek (work)
When a route becomes infeasible it should not be kept as selected; this is forbidden by section 3.6 of the RFC and prevents subsequent updates from the same router ID from replacing it. Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
2016-07-19Babel: Send wildcard retractions on shutdown and startupOndrej Zajicek (work)
This makes BIRD send a wildcard retraction on all interfaces before shutting down and right after starting up. This helps ensure that neighbours will discard the announced routes as soon as possible, rather than only after the normal timeout procedures. Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
2016-07-19Babel: Rework handling of retractionsOndrej Zajicek (work)
An update with wildcard AE and infinite metric should be treated as a global retraction of all prefixes announced by that neighbour, per section 4.4.9 of the RFC. In addition, router ID and seqno in retraction updates should be ignored. This reworks the handling of retractions and adjusts the parser to handle all this correctly. Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
2016-07-19Babel: Make sure intervals do not overflowOndrej Zajicek (work)
Intervals are carried as 16-bit centisecond values, but kept internally in 16-bit second values, which causes a potential for overflow. This adds some checks to make sure this does not happen. Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
2016-07-11BGP: Fix extended messagesOndrej Zajicek (work)
Change attribute length limit to handle extended (64 kB) messages. Do not mix updates and withdraws (RFC 7606).
2016-06-29BGP: Skip empty path segments in received AS_PATHOndrej Zajicek (work)
Although RFC 4271 does not forbid empty path segments, they are useless and some implementations consider them invalid. It is clarified in RFC 7606, specifying that AS_PATH with empty segment is considered malformed.
2016-05-12Prog Doc: Complete several missing parametersPavel Tvrdik
2016-04-28Add the Babel routing protocol (RFC 6126)Ondrej Zajicek (work)
This patch implements the IPv6 subset of the Babel routing protocol. Based on the patch from Toke Hoiland-Jorgensen, with some heavy modifications and bugfixes. Thanks to Toke Hoiland-Jorgensen for the original patch.
2016-04-13BSD: Add the IPsec SA/SP database entries controlOndrej Zajicek (work)
Add code for manipulation with TCP-MD5 keys in the IPsec SA/SP database at FreeBSD systems. Now, BGP MD5 authentication (RFC 2385) keys are handled automatically on both Linux and FreeBSD. Based on patches from Pavel Tvrdik.
2016-04-06IO: Avoid multiple event cycles in one loop cycle.Ondrej Zajicek (work)
Event cycle may took too much time and trigger next timer events, so avoid cycling between timer and event cycles inside the loop cycle.
2016-04-06IO: Replace RX priority heuristic with explicit markOndrej Zajicek (work)
In BIRD, RX has lower priority than TX with the exception of RX from control socket. The patch replaces heuristic based on socket type with explicit mark and uses it for both control socket and BGP session waiting to be established. This should avoid an issue when during heavy load, outgoing connection could connect (TX event), send open, but then failed to receive OPEN / establish in time, not sending notifications between and therefore got hold timer expired error from the neighbor immediately after it finally established the connection.
2016-03-23Birdlib: Do cleanups after remove/freeOndrej Zajicek (work)
To avoid byzantine behavior in case of some errors, linked lists are cleared after rem_node() and resource headers are cleared after rfree().
2016-03-23OSPF: Fix bogus LSA ID collisions between received and originated LSAsOndrej Zajicek (work)
After restart, LSAs locally originated by the previous instance are received from neighbors. They are installed to LSA db and flushed. If export of a route triggers origination of a new external LSA before flush of the received one is complete, the check in ospf_originate_lsa() causes origination to fail (because en->nf is NULL for the old LSA and non-NULL for the new LSA). The patch fixes this by updating the en->nf for LSAs being flushed (as is already done for empty ones). Generally, en->nf field deserves some better description in the code. Thanks to Jigar Mehta for analyzing the problem.
2016-03-23OSPF: Fix reading from freed memoryOndrej Zajicek (work)
Thanks to Pavel Tvrdik for noticing it.
2016-03-22Merge remote-tracking branch 'origin/poll'Jan Moskyto Matejka
2016-03-17RIP: fix typo in configuration at rx length optPavel Tvrdík
2016-03-15Poll: Prevent the improbable case of EAGAIN after POLLINJan Moskyto Matejka
2016-02-25OSPF: Multicast ability is irrelevant for stub interfacesOndrej Zajicek (work)
2016-02-11BGP: Fix bug in incoming connection handlingOndrej Zajicek (work)
When a BGP session was established by an outgoing connection with Graceful Restart behavior negotiated, a pending incoming connection in OpenSent state, and another incoming connection was received, then the outgoing connection (and whole BGP session) was closed, but the old incoming connection was just overwritten by the new one. That later caused a crash when the hold timer from the old connection fired.