summaryrefslogtreecommitdiff
path: root/proto
AgeCommit message (Collapse)Author
2022-03-09Merge commit 'f81702b7' into haugesundMaria Matejka
2022-03-09Merge commit '8f3942a9' into haugesundMaria Matejka
Conflicts: nest/rt-table.c
2022-03-09Merge commit '56c8f2f0' into haugesundMaria Matejka
Conflicts: nest/route.h nest/rt-table.c
2022-03-09Merge commit '575da88f' into haugesundMaria Matejka
Conflicts: nest/rt-table.c
2022-03-09Merge commit '1b9189d5' into haugesundMaria Matejka
2022-03-09Route validity check converted to generic macro dispatchMaria Matejka
2022-03-09Merge commit '60880b539b8886f76961125d89a265c6e1112b7a' into haugesundMaria Matejka
2022-03-09BGP Flowspec validation: Removed in-route optimization for multithreading ↵Maria Matejka
compatibility
2022-03-09Merge commit 'e42eedb9' into haugesundMaria Matejka
2022-03-09Merge commit '5cff1d5f' into haugesundMaria Matejka
Conflicts: proto/bgp/attrs.c proto/pipe/pipe.c
2022-03-09Merge commit 'd5a32563' into haugesundMaria Matejka
2022-03-09Merge commit '0c59f7ff' into haugesundMaria Matejka
2022-03-02Replacing BGP temporary linpools by the common temporary linpoolMaria Matejka
2022-03-02Introducing an universal temporary linpool flushed after every taskMaria Matejka
2022-03-02Merge commit '2c13759136951ef0e70a3e3c2b2d3c9a387f7ed9' into haugesundMaria Matejka
2022-02-27Babel: Fix bug in iface reconfigurationOndrej Zajicek (work)
A recent change in Babel causes ifaces to disappear after reconfiguration. The patch fixes that. Thanks to Johannes Kimmel for an insightful bugreport.
2022-02-06Merge branch 'oz-trie-table'Ondrej Zajicek (work)
2022-02-06BGP: Implement flowspec validation procedureOndrej Zajicek (work)
Implement flowspec validation procedure as described in RFC 8955 sec. 6 and RFC 9117. The Validation procedure enforces that only routers in the forwarding path for a network can originate flowspec rules for that network. The patch adds new mechanism for tracking inter-table dependencies, which is necessary as the flowspec validation depends on IP routes, and flowspec rules must be revalidated when best IP routes change. The validation procedure is disabled by default and requires that relevant IP table uses trie, as it uses interval queries for subnets.
2022-02-06Nest: Attach prefix trie to rtable for faster LPM and interval queriesOndrej Zajicek (work)
Attach a prefix trie to IP/VPN/ROA tables. Use it for net_route() and net_roa_check(). This leads to 3-5x speedups for IPv4 and 5-10x speedup for IPv6 of these calls. TODO: - Rebuild the trie during rt_prune_table() - Better way to avoid trie_add_prefix() in net_get() for existing tables - Make it configurable (?)
2022-01-28BGP: Make routing loops silentOndrej Zajicek (work)
One of previous commits added error logging of invalid routes. This also inadvertently caused error logging of route loops, which should be ignored silently. Fix that.
2022-01-28BGP: Use proper class in attribute error messagesOndrej Zajicek (work)
Most error messages in attribute processing are in rx/decode step and these use L_REMOTE log class. But there are few that are in tx/export step and these should use L_ERR log class. Use tx-specific macro (REJECT()) in tx/export code and rename field err_withdraw to err_reject in struct bgp_export_state to ensure that appropriate error reporting macros are called in proper contexts.
2022-01-28BGP: Improve 'invalid next hop' error reportingOndrej Zajicek (work)
Distinguish multiple causes of 'invalid next hop' message and report the relevant next hop address. Thanks to Simon Ruderich for the original patch.
2022-01-24BGP: Log route updates that were changed to withdrawsOndrej Zajicek (work)
Typical BGP error handling is treat-as-withdraw, where an invalid route is replaced with a withdraw. Log route network when it happens.
2022-01-09BGP: Add option 'free bind'Ondrej Zajicek (work)
The BGP 'free bind' option applies the IP_FREEBIND/IPV6_FREEBIND socket option for the BGP listening socket. Thanks to Alexander Zubkov for the idea.
2021-12-18RPKI: Add contextual out-of-bound checks in RTR Prefix PDU handlerJob Snijders
RFC 6810 and RFC 8210 specify that the "Max Length" value MUST NOT be less than the Prefix Length element (underflow). On the other side, overflow of the Max Length element also is possible, it being an 8-bit unsigned integer allows for values larger than 32 or 128. This also implicitly ensures there is no overflow of "Length" value. When a PDU is received where the Max Length field is corrputed, the RTR client (BIRD) should immediately terminate the session, flush all data learned from that cache, and log an error for the operator. Minor changes done by commiter.
2021-11-22Table import and export are now explicit hooks.Maria Matejka
Channels have now included rt_import_req and rt_export_req to hook into the table instead of just one list node. This will (in future) allow for: * channel import and export bound to different tables * more efficient pipe code (dropping most of the channel code) * conversion of 'show route' to a special kind of export * temporary static routes from CLI The import / export states are also updated to the new algorithms.
2021-11-09Nest: Route generations and explicit tracking route propagion through pipesMaria Matejka
2021-11-09Split route data structure to storage (ro) / manipulation (rw) structures.Maria Matejka
Routes are now allocated only when they are just to be inserted to the table. Updating a route needs a locally allocated route structure. Ownership of the attributes is also now not transfered from protocols to tables and vice versa but just borrowed which should be easier to handle in a multithreaded environment.
2021-11-09Limit containmentMaria Matejka
2021-11-09Protocol stats split to import and exportMaria Matejka
2021-11-09Refeed is done from export table when appropriateMaria Matejka
2021-11-09Suppressed MRT unused static function warningMaria Matejka
2021-11-09RPKI: Do nothing when protocol is stoppingMaria Matejka
2021-11-09RPKI shouldn't process more packets when being stoppedMaria Matejka
2021-10-13Route: moved rte_src pointer from rta to rteMaria Matejka
It is an auxiliary key in the routing table, not a route attribute.
2021-10-13Preexport: No route modification, no linpool neededMaria Matejka
2021-10-13RIP fixup + dropping the tmp_attrs mechanism as obsoleteMaria Matejka
2021-10-13Dropping the RTS_DUMMY temporary route storage.Maria Matejka
Kernel route sync is done by other ways now and this code is not used currently.
2021-10-13Preference moved to RTA and set explicitly in protocolsMaria Matejka
2021-10-13BGP: Moved the suppressed and stale flags to pflagsMaria Matejka
2021-10-13Babel: Convert the rte-local attributes to extended attributesMaria Matejka
2021-10-13OSPF: Convert the rte-local attributes to extended attributesMaria Matejka
2021-10-13RIP: convert the rte-local attributes to extended attributesMaria Matejka
2021-10-13IGP metric getter refactoring to protocol callbackMaria Matejka
Direct protocol hooks for IGP metric inside nest/rt-table.c make the protocol API unnecessarily complex. Instead, we use a proper callback.
2021-10-13OSPF: explicitly stop the periodic tick on shutdown to avoid recalculation racesMaria Matejka
2021-09-10OSPF: Setting a list node NULL before useMaria Matejka
2021-09-10Nest: Clean up main channel handlingOndrej Zajicek (work)
Remove assumption that main channel is the only channel.
2021-06-17Nest: Clean up main channel handlingOndrej Zajicek (work)
Remove assumption that main channel is the only channel.
2021-06-09Babel: Simplify auth expirationOndrej Zajicek (work)
Just use hello_expiry for that, keep init_expiry for initial unauthentized neighbors.
2021-06-06Babel: Add MAC authentication support - updateOndrej Zajicek (work)
Some cleanups and bugfixes to the previous patch, including: - Fix rate limiting in index mismatch check - Fix missing BABEL_AUTH_INDEX_LEN in auth_tx_overhead computation - Fix missing auth_tx_overhead recalculation during reconfiguration - Fix pseudoheader construction in babel_auth_sign() (sport vs fport) - Fix typecasts for ptrdiffs in log messages - Make auth log messages similar to corresponding RIP/OSPF ones - Change auth log messages for events that happen during regular operation to debug messages - Switch meaning of babel_auth_check*() functions for consistency with corresponding RIP/OSPF ones - Remove requirement for min/max key length, only those required by given MAC code are enforced