summaryrefslogtreecommitdiff
path: root/proto
AgeCommit message (Collapse)Author
2021-09-10Nest: Clean up main channel handlingOndrej Zajicek (work)
Remove assumption that main channel is the only channel.
2021-06-09Babel: Simplify auth expirationOndrej Zajicek (work)
Just use hello_expiry for that, keep init_expiry for initial unauthentized neighbors.
2021-06-06Babel: Add MAC authentication support - updateOndrej Zajicek (work)
Some cleanups and bugfixes to the previous patch, including: - Fix rate limiting in index mismatch check - Fix missing BABEL_AUTH_INDEX_LEN in auth_tx_overhead computation - Fix missing auth_tx_overhead recalculation during reconfiguration - Fix pseudoheader construction in babel_auth_sign() (sport vs fport) - Fix typecasts for ptrdiffs in log messages - Make auth log messages similar to corresponding RIP/OSPF ones - Change auth log messages for events that happen during regular operation to debug messages - Switch meaning of babel_auth_check*() functions for consistency with corresponding RIP/OSPF ones - Remove requirement for min/max key length, only those required by given MAC code are enforced
2021-06-06Babel: Add MAC authentication supportToke Høiland-Jørgensen
This implements support for MAC authentication in the Babel protocol, as specified by RFC 8967. The implementation seeks to follow the RFC as close as possible, with the only deliberate deviation being the addition of support for all the HMAC algorithms already supported by Bird, as well as the Blake2b variant of the Blake algorithm. For description of applicability, assumptions and security properties, see RFC 8967 sections 1.1 and 1.2.
2021-06-06Babel: Refactor TLV parsing code for easier reuseToke Høiland-Jørgensen
In preparation for adding authentication checks, refactor the TLV walking code so it can be reused for a separate pass of the packet for authentication checks.
2021-06-01BGP: Ensure that freed neighbor entry is not accessedOndrej Zajicek (work)
Routes from downed protocols stay in rtable (until next rtable prune cycle ends) and may be even exported to another protocol. In BGP case, source BGP protocol is examined, although dynamic parts (including neighbor entries) are already freed. That may lead to crash under some race conditions. Ensure that freed neighbor entry is not accessed to avoid this issue.
2021-05-30Babel: Seqno requests are properly decoupled from neighbors when the ↵Maria Matejka
underlying interface disappears When an interface disappears, all the neighbors are freed as well. Seqno requests were anyway not decoupled from them, leading to strange segfaults. This fix adds a proper seqno request list inside neighbors to make sure that no pointer to neighbor is kept after free.
2021-05-26OSPF: Fix OSPFv3 in IPv4 mode with multiple areasOndrej Zajicek (work)
Some area handling code got confused by IPv4 setup in OSPFv3 mode.
2021-05-10Babel: Log the reason when refusing to run on an interfaceOndrej Zajicek (work)
The babel protocol code checks whether iface supports multicast, and whether it has a link-local address assigned. However, it doesn not give any feedback if any of those checks fail, it just silently ignores the interface. Fix this by explicitly logging when multicast check fails. Based on patch from Toke Høiland-Jørgensen, thanks!
2021-05-10OSPF: Allow ifaces with host address as unnumbered PtP or PtMP ifacesOndrej Zajicek (work)
Ifaces with host address (/32) were forced to be stubby, but now they can be used as PtP or PtMP. For these ifaces we need to: - Do not force stub mode - Accept packets from any IP as local - Accept any configured neighbor as local - Detect ifaces properly as unnumbered - Use ONLINK flag for nexthops
2021-05-09OSPF: Packets on PtP networks should be always sent to AllSPFRoutersOndrej Zajicek (work)
As specified in RFC 2328 8.1: "On physical point-to-point networks, the IP destination is always set to the address AllSPFRouters." Note that this likely break setups with multiple neighbors on a network configured as PtP, which worked before. These should be configured as PtMP. Thanks to Senthil Kumar Nagappan for the original patch and to Joakim Tjernlund for suggestions.
2021-05-09OSPF: Minor refactoring of packet sending codeOndrej Zajicek (work)
Common behavior for LSupd and delayed LSack moved to ospf_send_to_iface() and other minor changes.
2021-03-30Routing tables list iteration should use explicit node struct positionMaria Matejka
2021-03-30BGP: Do not keep BAF_EXT_LEN flag internallyOndrej Zajicek (work)
The flag makes sense just in external representation. It is reset during BGP export, but keeping it internally broke MRT dumps for short attributes that used it anyways. Thanks to Simon Marsh for the bugreport and the patch.
2021-03-18BGP: Do not show statisticsOndrej Zajicek (work)
BGP statistics code was preliminary and i wanted to replace it by separate 'show X stats' command. The patch hides the preliminary output in 'show protocols all' so it is not part of the released version.
2021-03-17RPKI: Improve error handling of DNS resolverOndrej Zajicek (work)
2021-03-17Minor fixes for restricted buildsOndrej Zajicek (work)
2021-03-16Pipe: Propagate debug flags from protocol to channelsOndrej Zajicek (work)
Pipe channels are kind-of implicit, so setting protocol debug flags should also set pipe debug flags.
2021-03-16OSPFv3: Update neighbor authentication state from Hello packetsOndrej Zajicek (work)
In OSPFv3, only Hello and DBDes packets contain flags specifying whether RFC 7166 authentication trailer is used. Other packets are processed based on stored authentication state in neighbor structure. Update this state with each received Hello to handle authentication change from reconfigurations. Thanks to Joakim Tjernlund and Kenth Eriksson for the bugreport.
2021-03-10Static: Implement reload hookOndrej Zajicek (work)
2021-02-12Nest: Add option to control automatic RPKI reloadOndrej Zajicek (work)
Also, no automatic reload for BGP channels without import/export table.
2021-02-10BGP: Add support for BGP hostname capabilityVincent Bernat
This is an implementation of draft-walton-bgp-hostname-capability-02. It is implemented since quite some time for FRR and in datacenter, this gives a nice output to avoid using IP addresses. It is disabled by default. The hostname is retrieved from uname(2) and can be overriden with "hostname" option. The domain name is never set nor displayed. Minor changes by committer.
2021-01-22MRT: Fix MP-BGP next hopsOndrej Zajicek (work)
Flag signalling that MP-BGP mode should be used got reset after first batch of routes, so remaining routes were processed without that, leading to missing MP_REACH_NLRI attribute. Thanks to Piotr Wydrych for the bugreport.
2021-01-12MRT: Fix IPv6 table dumpsOndrej Zajicek (work)
Add fake MP_REACH_NLRI attribute with BGP next hop when encoding MRT table dumps for IPv6 routes. That is necessary to encode next hop as NEXT_HOP attribute is not used for MP-BGP. Thanks to Santiago Aggio for the bugreport.
2021-01-10BFD: Dispatch sessions also by interface indexOndrej Zajicek (work)
Direct BFD sessions needs to be dispatched not only by IP addresses, but also by interfaces, in order to avoid collisions between neighbors with the same IPv6 link-local addresses. Extend BFD session hash_ip key by interface index to handle that. Use 0 for multihop sessions. Thanks to Sebastian Hahn for the original patch.
2021-01-07RPKI: Remove port (and SSH username) from 'Cache server' output lineOndrej Zajicek (work)
It was mixed-up if hostname is IPv6 address, and reporting separate values (like port) on separate lines fits better into key-value style of 'show protocols all' output. Also, the patch simplifies transport identification formatting (although it is unused now). Thanks to Alarig Le Lay for the suggestion.
2021-01-06BGP: Deprecate 'missing lladdr' optionOndrej Zajicek (work)
The option is not implemented since transition to 2.0 and no plan to add it. Also remove some deprecated RTS_* valus from documentation. Thanks to Sébastien Parisot for notification.
2020-12-28Static: Fix handling of 'net' attribute in per-route filtersOndrej Zajicek (work)
We need to define 'net' field temporarily as it may be accessed by per-route filters. Thanks to Damian Zaremba for the bugreport.
2020-12-07Nest: Per-channel debug flagsOndrej Zajicek (work)
The patch add support for per-channel debug flags, currently just 'states', 'routes', and 'filters'. Flag 'states' is used for channel state changes, remaining two for routes passed through the channel. The per-protocol debug flags 'routes'/'filters' still enable reporting of routes for all channels, to keep existing behavior. The patch causes minor changes in some log messages.
2020-11-25BGP: Zero the newly allocated bucket structureOndrej Zajicek (work)
This fixes an issue with dirty node passed to add_tail(). Thanks to Andreas Rammhold for the initial patch.
2020-11-24Fix some failed asserts due to add_tail()Ondrej Zajicek (work)
When config structures are copied due to template application, we need to reset list node structure before calling add_tail(). Thanks to Mikael Magnusson for patches.
2020-11-24Some minor sl_allocz() cleanupsOndrej Zajicek (work)
2020-11-24lib/slab: introduce sl_allocz() function and use it in BabelToke Høiland-Jørgensen
The babel protocol code was initialising objects returned from the slab allocator by assigning to each of the struct members individually, but wasn't touching the NODE member while doing so. This leads to warnings on debug builds since commit: baac7009063d ("List expensive check.") To fix this, introduce an sl_allocz() variant of the slab allocator which will zero out the memory before returning it, and switch all the babel call sites to use this version. The overhead for doing this should be negligible for small objects, and in the case of babel, the largest object being allocated was being zeroed anyway, so we can drop the memset in babel_read_tlv().
2020-11-19Static: Support for multiple routes with the same networkOndrej Zajicek (work)
Add support for proper handling of multiple routes with the same network to the static protocol. Routes are distinguished by internal index, which is assigned automatically (sequentially for routes within each network). Having different route preference or igp_metric attribute is optional.
2020-11-18OSPFv3: Fix intra-area-prefix-LSA origination on DROndrej Zajicek (work)
When a new link-LSA is originated, we need to notify intra-area-prefix-LSA handling, like when a new link-LSA is received. Otherwise a new network prefix added to a DR is not propagated immediately. Thanks to Bala Sajja for the bugreport.
2020-11-12BFD: Better handling of BFD options in BGP configsOndrej Zajicek (work)
Merge multiple BFD option blocks in BGP configs instead of using the last one. That is necessary for proper handling of templates when BFD options are used both in a BGP template and in a BGP protocol derived from that template.
2020-11-12BFD: Fix superfluous reconfiguration of sessionsOndrej Zajicek (work)
2020-11-08BFD: Allow per-request session optionsOndrej Zajicek (work)
BFD session options are configured per interface in BFD protocol. This patch allows to specify them also per-request in protocols requesting sessions (currently limited to BGP).
2020-10-11RPKI: Add 'ignore max length' optionOndrej Zajicek (work)
Add 'ignore max length' option to RPKI protocol, which ignores received max length in ROA records and instead uses max value (32 or 128). This may be useful for implementing loose RPKI check for blackholes.
2020-08-31OSPF: Fixed a debug assertMaria Matejka
2020-08-12OSPF: Skip out-of-state packets earlierOndrej Zajicek (work)
Sometimes multicast OSPF packet is received when neighbor adjacency is not established. Such packet should be ignored earlier in packet processing as otherwise it causes strange error messages when OSPFv3 authentication is enabled.
2020-06-28Show info from multiple protocols when protocol is not specifiedOndrej Zajicek (work)
Most commands like 'show ospf neighbors' fail when protocol is not specified and there are multiple instances of given protocol type. This is annoying in BIRD 2, as many protocols have IPv4 and IPv6 instances. The patch changes that by showing output from all protocol instances of appropriate type. Note that the patch also removes terminating cli_msg() call from these commands and moves it to the common iterating code.
2020-06-10OSPF: Fix bad header length testOndrej Zajicek (work)
Thanks to Slava Aseev for the thorough bugreport.
2020-06-03RPKI: Fix unnecessary reconnection on reconfigurationKazuki Yamaguchi
Compare the new timing parameters with the old configuration, not with the temporary state of the current connection. The timing values in struct rpki_cache is updated by a version 1 End Of Data PDU, unless this behavior is suppressed by the configuration explicitly by the "keep" keyword. Consequently, every reconfiguration of BIRD triggers a reconnection even if it is not necessary.
2020-06-02OSPF: setting list node to zero before enlistingMaria Matejka
2020-05-26Babel: Set onlink flag for IPv4 routes with unreachable next hopOndrej Zajicek (work)
If the next hop of a route is not a reachable address, the route should be installed as onlink. This enables a configuration common in mesh networks where the mesh interface is assigned a /32 and babel handles the routing by installing onlink routes. Thanks to Toke Hoiland-Jorgensen for the patch.
2020-05-26OSPF: Fix handling of unnumbered PtPsOndrej Zajicek (work)
This issue has a long history. In 2012, we changed data field for unnumbered PtP links from iface id (specified by RFC) to IP address based on reports of bugs in Quagga that required it, and we used out-of-band information to distinquish unnumberred PtPs with the same local IP address. Then with OSPF graceful restart implementation, we found that we can no longer use out-of-band information, and we need to use only LSAdb info for routing table calculation, but i forgot to finish handling of this case, so multiple unnumbered PtPs with the same local IP addresses were broken. Considering that even recent Mikrotik RouterOS has broken next hop calculation that depends on IP address in PtP link data field, we cannot just switch back to the iface id for unnumbered PtP links. The patch makes two changes: First, it goes back to use out-of-band (position) info for distinguishing local interfaces in SPF when graceful restart is not enabled, while still uses LSAdb-only approach for SPF calculation when graceful restart is enabled. Second, it adds OSPF interface option 'ptp address', which controls whether IP address or iface id is used in data field. It is enabled by default except for unnumbered PtP links with enabled graceful restart. Thanks to Kenth Eriksson for the bugreport and Joakim Tjernlund for suggestions.
2020-05-19RIP: Triggered RIP (demand circuit) documentationOndrej Zajicek (work)
2020-05-12RIP: Fix handling of passive mode for demand circuit interfacesOndrej Zajicek (work)
2020-05-01Merge remote-tracking branch 'origin/mq-static-analysis'Maria Matejka