Commit graph

368 commits

Author SHA1 Message Date
Pavel Tvrdik
69ae578450 Add `.asn' operator to all ROA prefixes in filters
Example:
  bird> eval (1.2.0.0/16 max 20 as 1234).asn
  1234

Todo: Should be described in user docs
2016-12-07 09:35:24 +01:00
Pavel Tvrdík
65d2a88dd2 RPKI protocol with one cache server per protocol
The RPKI protocol (RFC 6810) using the RTRLib
(http://rpki.realmv6.org/) that is integrated inside
the BIRD's code.

Implemeted transports are:
 - unprotected transport over TCP
 - secure transport over SSHv2

Example configuration of bird.conf:
  ...
  roa4 table r4;
  roa6 table r6;

  protocol rpki {
    debug all;

    # Import both IPv4 and IPv6 ROAs
    roa4 { table r4; };
    roa6 { table r6; };

    # Set cache server (validator) address,
    # overwrite default port 323
    remote "rpki-validator.realmv6.org" port 8282;

    # Overwrite default time intervals
    retry   10;         # Default 600 seconds
    refresh 60;         # Default 3600 seconds
    expire 600;         # Default 7200 seconds
  }

  protocol rpki {
    debug all;

    # Import only IPv4 routes
    roa4 { table r4; };

    # Set cache server address to localhost,
    # use default ports tcp => 323 or ssh => 22
    remote 127.0.0.1;

    # Use SSH transport instead of unprotected transport over TCP
    ssh encryption {
      bird private key "/home/birdgeek/.ssh/id_rsa";
      remote public key "/home/birdgeek/.ssh/known_hosts";
      user "birdgeek";
    };
  }
  ...
2016-12-07 09:35:24 +01:00
Pavel Tvrdik
5df4073c81 filter/test.conf: Minor changes in order of calls 2016-11-30 11:57:35 +01:00
Pavel Tvrdik
4abe781c27 Remove filter/test_bgp_filtering.conf file
It was an example filtering configuration from BIRD's wiki.
2016-11-30 11:57:35 +01:00
Pavel Tvrdik
012a0d6bf8 Merge test6.conf IPv6 tests into test.conf 2016-11-30 11:57:35 +01:00
Pavel Tvrdik
c39a1cb17e filter/test.conf: Extend tests 2016-11-16 17:01:09 +01:00
Pavel Tvrdik
0ed1e85091 filter/test.conf: Reorder tests
Tests are sorted from trivial tests to more complex tests
2016-11-16 13:46:43 +01:00
Pavel Tvrdik
7dea7ccb10 filter/test.conf: Replace print func with assert and format 2016-11-16 12:22:01 +01:00
Pavel Tvrdik
4b135d0958 Birdtest: Add function format in grammar for stringify expression 2016-11-16 12:22:01 +01:00
Pavel Tvrdik
3ec0bedc60 Birdtest: Remove bt_assert command from term
The bt_assert function does not return any value, so it was useless to
have a option in term definition.
2016-11-16 12:22:01 +01:00
Pavel Tvrdik
5e3cd0e5b5 Birdtest: Replace BT_SUCCESS and BT_FAILURE with 1 and 0 2016-11-11 17:43:09 +01:00
Pavel Tvrdik
fd328869cc birdtest: Fix no-forked mode in trie_test 2016-11-11 17:02:16 +01:00
Ondrej Zajicek (work)
101c5a50aa Filter: Add long community tests
Based on Pavel Tvrdik's int-test-lc branch.
2016-11-09 19:09:24 +01:00
Ondrej Zajicek (work)
9b0a0ba9e6 Unit Testing for BIRD
- Unit Testing Framework (BirdTest)
 - Integration of BirdTest into the BIRD build system
 - Tests for several BIRD modules

 Based on squashed Pavel Tvrdik's int-test branch, updated for
 current int-new branch.
2016-11-09 16:36:34 +01:00
Ondrej Zajicek (work)
8860e991f6 Merge branch 'master' into int-new 2016-11-08 19:27:58 +01:00
Ondrej Zajicek (work)
c8cafc8ebb Minor code cleanups 2016-11-08 17:46:29 +01:00
Ondrej Zajicek (work)
cc5b93f72d Merge tag 'v1.6.2' into int-new 2016-11-08 17:04:29 +01:00
Jan Moskyto Matejka
3e236955c9 Build: switch on -Wextra, get rid of most of the warnings
There are several unresolved -Wmissing-field-initializers on older
versions of GCC than 5.1, all of them false positive.
2016-11-01 14:52:54 +01:00
Ondrej Zajicek (work)
c68e8cd374 Filter: Minor formatting changes in test.conf 2016-10-18 13:06:51 +02:00
Pavel Tvrdik
5fd7dacadc Filter: Expand testing of large community sets 2016-10-13 15:17:41 +02:00
Pavel Tvrdik
c2564d34af Tree/Trie: Check the end of buffer
We set buffer->pos to buffer->end in function buffer_print() when
bvsnprintf() failed, so there would be uninitialized memory between
the old buffer->pos and the current buffer->pos.
2016-10-11 21:25:21 +02:00
Ondrej Zajicek (work)
a998836d4b Filter: fix missing separator 2016-10-04 23:19:35 +02:00
Ondrej Zajicek (work)
60566c5c80 Filter: large community sets
Add support for lc sets to filter code. Grammar of (small) community sets
has to be updated to avoid parser collisions.
2016-10-03 13:47:37 +02:00
Ondrej Zajicek (work)
66dbdbd993 BGP: Support for large communities
Add support for large communities (draft-ietf-idr-large-community),
96bit alternative to RFC 1997 communities.

Thanks to Matt Griswold for the original patch.
2016-10-03 12:48:56 +02:00
Pavel Tvrdik
768d5e1058 Add !~ operator to filter grammar 2016-09-21 13:35:52 +02:00
Pavel Tvrdik
bc00f05815 Filter: Prefer xmalloc/xfree to malloc/free 2016-09-15 15:24:00 +02:00
Ondřej Surý
33d22f0e9e whitespace fixes 2016-08-16 09:24:12 +02:00
Ondrej Zajicek (work)
f1f39bb9d8 Filter: Fixes reconfiguration with last_nonaggregated operator 2016-07-01 11:03:13 +02:00
Pavel Tvrdik
5de0e848de filter/test.conf: fixes formating 2016-06-30 15:00:47 +02:00
Ondrej Zajicek (work)
122deb6d5b Filters: Fixes pm_same() w.r.t. ASN ranges and ASN expressions
This is necessary for proper detection of filter changes during
reconfigurations.
2016-06-09 00:30:41 +02:00
Ondrej Filip
a0fe1944d1 Add AS# ranges to bgpmask. 2016-06-08 16:22:44 +02:00
Ondrej Zajicek (work)
286e2011d2 Miscellaneous minor fixes 2016-05-12 16:04:47 +02:00
Jan Moskyto Matejka
0c6dfe5236 Merge branch 'int-new' into int-new-merged 2016-05-10 14:30:49 +02:00
Jan Moskyto Matejka
7152e5efbb Build system reworked to one global Makefile with includes and no nesting
Also removed the lib-dir merging with sysdep. Updated #include's
accordingly.

Fixed make doc on recent Debian together with moving generated doc into
objdir.

Moved Makefile.in into root dir

Retired all.o and birdlib.a
Linking the final binaries directly from all the .o files.
2016-05-10 14:07:34 +02:00
Jan Moskyto Matejka
7a7ac65682 Merge branch 'master' into int-new-channels 2016-04-08 12:28:33 +02:00
Ondrej Zajicek (work)
9c9cc35c02 Filter: Implement last_nonaggregated operator on bgp_path 2016-02-16 17:33:58 +01:00
Pavel Tvrdík
0264ccf6f4 Rewrite roa_check() for integrated BIRD
Thanks to Ondrej Zajicek for his support with writing this code.
2016-01-20 16:46:58 +01:00
Pavel Tvrdík
cb1bd816db Add ROA_* constants values to grammar of configuration
Add ROA_UNKNOWN, ROA_VALID and ROA_INVALID
2016-01-20 16:46:58 +01:00
Pavel Tvrdík
de9b87f558 Add NET ROA4/6 structures 2016-01-07 18:21:31 +01:00
Ondrej Zajicek (work)
04632fd77f Follow-up work on integration 2015-12-24 15:56:04 +01:00
Ondrej Zajicek (work)
0bf95f99e6 Follow-up work on integration
Contains some patches from Jan Moskyto Matejka
2015-12-21 17:17:21 +01:00
Ondrej Zajicek (work)
23c212e7f1 Follow-up work on integration 2015-12-21 03:33:18 +01:00
Ondrej Zajicek (work)
e92a4b855f Filter: Fix some changes in IP<->Quad implicit conversion 2015-12-20 21:43:00 +01:00
Jan Moskyto Matejka
9656dce72e ROA code switchoff 2015-12-20 13:04:07 +01:00
Jan Moskyto Matejka
5e173e9f63 Stop perusing f_prefix for non-prefix-set uses
Multiple changes by Ondrej Santiago Zajicek
2015-12-19 23:49:47 +01:00
Jan Moskyto Matejka
d7661fbe9d Removed BITS_PER_IP_ADDRESS, MAX_PREFIX_LENGTH, BIRD_AF
Explicit setting of AF_INET(6|) in IP socket creation. BFD set to listen
on v6, without setting the V6ONLY flag to catch both v4 and v6 traffic.

Squashing and minor changes by Ondrej Santiago Zajicek
2015-12-19 15:57:09 +01:00
Ondrej Zajicek (work)
fe9f1a6ded Initial commit on integrated BIRD
New data types net_addr and variants (in lib/net.h) describing
network addresses (prefix/pxlen). Modifications of FIB structures
to handle these data types and changing everything to use these
data types instead of prefix/pxlen pairs where possible.

The commit is WiP, some protocols are not yet updated (BGP, Kernel),
and the code contains some temporary scaffolding.

Comments are welcome.
2015-11-05 12:48:52 +01:00
Ondrej Zajicek
1321e12ac4 Static: Allows to specify attributes for static routes
The patch adds suport for specifying route attributes together with
static routes, e.g.:

 route 10.1.1.0/24 via 10.0.0.1 { krt_advmss = 1200; ospf_metric1 = 100; };
2015-07-20 17:11:10 +02:00
Ondrej Zajicek
8d9eef1771 BGP multipath support
Kernel option 'merge paths' allows to merge routes exported to kernel
protocol (currently BGP and static routes) to multipath routes.
2015-06-08 02:24:08 +02:00
Ondrej Zajicek
315f23a047 Add bitfield route attribute type 2015-05-10 19:44:10 +02:00
Pavel Tvrdik
7d37bf79de Remove a comparison of unsigned expression < 0 2015-02-21 19:38:44 +01:00
Ondrej Zajicek
51762a45b3 Allows user data attached to f_trie_node structure.
Thanks to Alexander Chernikov for the patch.
2015-02-21 14:05:20 +01:00
Ondrej Zajicek
1123e70740 Implements token bucket filter for rate limiting. 2014-10-02 12:52:50 +02:00
Ondrej Zajicek
b2f008378a Allows more constants in set literals.
Thanks to Michael Fincham for the bugreport.
2014-10-02 12:52:50 +02:00
Ondrej Zajicek
6285793f18 Replaces function name in test.conf as it collided with new keyword. 2014-07-07 22:23:37 +02:00
Ondrej Zajicek
283c7dfada Merge branch 'master' into add-path 2013-11-25 18:42:47 +01:00
Ondrej Zajicek
52e030e146 Converts filters to unsigned integers. 2013-11-24 00:17:02 +01:00
Ondrej Zajicek
736e143fa5 Merge branch 'master' into add-path
Conflicts:

	filter/filter.c
	nest/proto.c
	nest/rt-table.c
	proto/bgp/bgp.h
	proto/bgp/config.Y
2013-11-23 11:50:34 +01:00
Ondrej Zajicek
56027b5cbd Minor fix in log_commit() w.r.t. changes in BFD branch. 2013-11-22 21:58:43 +01:00
Ondrej Zajicek
0aeac9cb7f Merge commit 'origin/bfd' 2013-11-22 02:48:44 +01:00
Ondrej Zajicek
f8f2419d4c Additional filter test case. 2013-11-20 13:30:11 +01:00
Ondrej Zajicek
a15dab76f9 Implements 'allow local as' option.
Similar to allowas-in option on other routers.
2013-10-21 14:59:35 +02:00
Ondrej Zajicek
0e175f9f0f Fixes some BFD bugs and makes logging thread-safe. 2013-10-05 20:12:28 +02:00
Ondrej Zajicek
7ccb36d330 Implements C.len operator for clist and eclist types.
Thanks to Sergey Popovich for the original patch.
2013-10-02 14:57:29 +02:00
Ondrej Zajicek
28a10f84cb Some fixes in filter code.
Thanks to Sergey Popovich for original patches.
2013-10-02 14:41:37 +02:00
Ondrej Zajicek
70c5780535 Minor code cleanups.
Thanks to Sergey Popovich for the patch.
2013-10-02 12:10:09 +02:00
Ondrej Zajicek
b655596d1d Simplifies val_in_range().
Also fixes missing type check for element ~ set.
2013-10-02 11:42:46 +02:00
Ondrej Zajicek
a5fc59587f Rewrites static attribute filter code and adds ifname/ifindex attributes.
Thanks to Sergey Popovich for the original ifname/ifindex patch.
2013-09-26 22:08:21 +02:00
Ondrej Zajicek
507e182a60 Fixes reconfiguration of global set variables.
When global set variables were used, every reconfiguration restarted
protocols that use it in filters.

Thanks to Sergey Popovich for a bugreport.
2013-09-10 12:58:24 +02:00
Ondrej Zajicek
bff9ce5130 Extends delete/filter operators to work no bgp_paths. 2013-08-15 01:06:47 +02:00
Ondrej Zajicek
00192d5ab8 Implements proper setting of 'gw' route attribute.
Thanks to Sergey Popovich for the bugreport.
2013-08-13 20:32:02 +02:00
Ondrej Zajicek
4ee39ff2ff Fixes initial random values for function arguments.
Thanks to Javor Kliachev for the bugreport.
2013-07-26 11:08:59 +02:00
Ondrej Zajicek
1103b32e83 Allows to define constants of all filter types. 2013-07-25 22:33:57 +02:00
Ondrej Zajicek
508d936078 Implements eval command and minor CLI cleanups.
Implemented eval command can be used to evaluate expressions.

The patch also documents echo command and allows to use log classes
instead of integer as a mask for echo.
2013-07-25 13:15:32 +02:00
Ondrej Zajicek
cc31b75a8f Implements 'bgppath ~ int set' filter op. 2013-07-09 23:27:10 +02:00
Ondrej Zajicek
36da2857bc Implements router advertisements activated by received routes.
The RAdv protocol could be configured to change its behavior based on
availability of routes, e.g., do not announce router lifetime when a
default route is not available.
2013-02-08 23:58:27 +01:00
Ondrej Zajicek
b31774eeb0 Removes some nonsense. 2012-11-27 01:30:09 +01:00
Ondrej Zajicek
3e40f3e795 Fixes setting of route attributes of type router id. 2012-11-27 01:25:47 +01:00
Ondrej Zajicek
094d2bdb79 Implements ADD-PATH extension for BGP.
Allows to send and receive multiple routes for one network by one BGP
session. Also contains necessary core changes to support this (routing
tables accepting several routes for one network from one protocol).
It needs some more cleanup before merging to the master branch.
2012-08-14 16:46:43 +02:00
Ondrej Zajicek
4be266a983 Implements wildcard matching in config file include.
Also fixes some minor bugs in include.

Thanks Kelly Cochran for suggestion and draft patch.
2012-07-18 19:29:33 +02:00
Ondrej Zajicek
182a78957d Allows some modifications of dest attribute in filters. 2012-04-29 01:35:52 +02:00
Ondrej Zajicek
af582c4811 Route Origin Authorization basics.
- ROA tables, which are used as a basic part for RPKI.
 - Commands for examining and modifying ROA tables.
 - Filter operators based on ROA tables consistent with RFC 6483.
2012-03-18 17:32:30 +01:00
Ondrej Zajicek
0888a737b0 Extends set operations in filters.
Allows add/filter/delete clist on clist (set algebra on clists).

Allows number ~ bgppath match.
2012-03-15 21:07:58 +01:00
Ondrej Zajicek
8796a8a56e Fixes name for unnamed filters.
Thanks to Alexander V. Chernikov for the suggestion.
2012-03-15 12:50:49 +01:00
Ondrej Zajicek
117e3c4bbf Fixes a bug in pair set intervals.
Pair intervals in form (a,b)..(c,d) were mishanded.

Thanks to Alexander Shikoff for the bugreport.
2012-03-15 12:18:26 +01:00
Ondrej Zajicek
a03ede6493 Fixes a tricky bug in route filtering.
Route attributes was used after rta was freed during copy-on-write in
filter code. This causes some random crashes, esp. with multipath
routes.
2012-01-03 00:42:25 +01:00
Ondrej Zajicek
78e33c29bb Some minor fixes in parser. 2011-10-26 20:06:36 +02:00
Ondrej Zajicek
736fd7303c Fixes a bug with multiple function arguments. 2011-09-27 13:49:32 +02:00
Ondrej Filip
4271f2b77e Fixed problem during 'configure' with EC 2011-09-18 13:52:50 +02:00
Ondrej Filip
48ec367aab Configuration can include other files. 2011-09-11 21:21:47 +02:00
Ondrej Zajicek
42a0c05408 BGP Extended communities. 2011-08-14 13:55:02 +02:00
Ondrej Zajicek
fdf16eb658 Prints full community lists during 'show route all'. 2011-07-03 19:43:30 +02:00
Ondrej Zajicek
e08d2ff08e Adds filter clist operation. 2011-06-26 17:09:24 +02:00
Ondrej Zajicek
b8cc390e7e Fixes several problems in filter syntax.
- Fixes several conflicts in the grammar.
 - Fixes a bug in (a..b, c) pair patterns.
 - Makes pair patterns orthogonal.
 - Allows term expressions in pair patterns without additional ( ).
 - Allows several comma separated values in switch cases.
2011-05-06 22:00:54 +02:00
Ondrej Filip
c454872f4e Avoid using stack. 2011-03-27 23:27:37 +02:00
Ondrej Filip
4fc36f394e This adds (*,x) functionality. 2011-03-26 14:18:56 +01:00
Ondrej Zajicek
0aa88530ad Convert && and || to shortcut boolean operators. 2011-03-23 13:40:46 +01:00
Ondrej Zajicek
26d92bb892 A hack to distinguish if..else from else: in case.
The old BIRD grammar needs two lookaheads to distinguish if..else from
else: in case, which caused the parser to fail on some combinations of
both expressions.

This patch replaces two tokens 'else' ':' by one token 'else:' to fix
that.
2011-03-23 12:49:53 +01:00
Ondrej Zajicek
938b191b92 Fixes error handling in ASN expressions. 2010-10-09 01:00:53 +02:00
Ondrej Zajicek
b2b7bbfc69 Fixes scope of filter symbols. 2010-10-04 19:55:11 +02:00