Commit graph

238 commits

Author SHA1 Message Date
Jan Maria Matejka
f62a369fb4 Filter refactoring: Moved filter instruction definition to a separate file 2019-02-20 22:30:54 +01:00
Jan Maria Matejka
25566c6810 Filter refactoring: Moved the bitfield bit position formula to route.h 2019-02-20 22:30:54 +01:00
Jan Maria Matejka
aca8263926 Filter refactoring: Moved the interpret macros inside the block 2019-02-20 22:30:54 +01:00
Jan Maria Matejka
a946317fab Filter: Converted static global variables to a filter_state struct.
The static filter state was messy and blocked the planned parallel
execution of filters. Anyway, this will be also slower as the state
structure must be passed almost everywhere with us.
2019-02-20 22:30:53 +01:00
Maria Matejka
265419a369 Custom route attributes
For local route marking purposes, local custom route attributes may be
defined. These attributes are seamlessly stripped after export filter to
every real protocol like Kernel, BGP or OSPF, they however pass through
pipes. We currently allow at most 256 custom attributes.

This should be much faster than currently used bgp communities
for marking routes.
2018-12-06 09:55:21 +01:00
Ondrej Zajicek (work)
f2d8e6801e Filter: Make ifname attribute modifiable
Allow to change an interface associated with a route by setting
ifname attribute. It will also change the route to a direct one.
2018-11-05 22:03:21 +01:00
Ondrej Zajicek (work)
41b83e52f7 Filter: Fix minor bug in accessing bgp_path
Not relevant for regular BGP paths, just for BGP paths added by filters
to e.g. static routes.
2018-10-25 11:23:15 +02:00
Ondrej Zajicek (work)
586c1800c4 Nest: Neighbor cache cleanups
Simplify neighbor cache code, fix several minor bugs, and improve
handling of ONLINK flag.
2018-06-27 16:57:07 +02:00
Jan Maria Matejka
1771f70d74 Filter: fixed eattr cached pointer
Use ACCESS_RTE to guard **f_rte, use ACCESS_EATTRS to guard **f_eattrs.
Use f_rta_cow() before writing to rta or eattrs, use f_rte_cow() before
writing preference (stored in rte).

Do not access eattrs indirectly through (*f_rte)->attrs->eattrs, it is
way too slow. The cached pointer is faster.
2018-06-19 16:51:40 +02:00
Jan Maria Matejka
13c0be19d3 Nest: Removing separate tmpa from route propagation
This is a fundamental change of an original (1999) concept of route
processing inside BIRD. During import/export, there was a temporary
ea_list created which was to be used instead of the another one inside
the route itself.

This led to some confusion, quirks, and strange filter code that handled
extended route attributes. Dropping it now.

The protocol interface has changed in an uniform way -- the
`struct ea_list *attrs` argument has been removed from store_tmp_attrs(),
import_control(), rt_notify() and get_route_info().
2018-05-30 17:08:49 +02:00
Jan Maria Matejka
ee7e2ffd26 Protocol: Introducing an enum protocol_class
This supersedes the EAP_* constants.
2018-05-29 12:35:06 +02:00
Jan Maria Matejka
c3becfe193 Filter: macro for recursive interpretation of instructions 2018-05-29 12:35:06 +02:00
Jan Maria Matejka
0ec6b5ecd3 Filter: Simple type checks converted to ARG() macro 2018-05-29 12:35:06 +02:00
Jan Maria Matejka
478f9babed Filter: Removing the third argument hack
Just to make the code a bit more clean and easier to maintain.
2018-05-29 11:53:51 +02:00
Ondrej Zajicek (work)
b24b781117 Filter: Add support for src filter op to access SADR source prefix
The patch allows to use 'net.src' to access SADR source prefix
from filters.

Thanks to Toke Hoiland-Jorgensen for the original patch for srclen.
2018-05-16 11:19:29 +02:00
Jan Maria Matejka
823ad12191 Filter: Added missing instruction comparators.
These instructions caused SIGABORTs on reconfiguration.
2018-04-27 14:38:41 +02:00
Jan Maria Matejka
8a871e890a Merge branch 'master' into int-new 2018-03-14 12:57:16 +01:00
Jan Maria Matejka
e8bc64e308 Filter: make bgpmask literals real constructors
The bgpmask literals can include expressions. This is OK but they have
to be interpreted as soon as the code is run, not in the time the code
is used as value.

This led to strange behavior like rewriting bgpmasks when they shan't
be rewritten:

	function mask_generator(int as)
	{
		return [= * as * =];
	}

	function another()
	bgpmask m1;
	bgpmask m2;
	{
		m1 = mask_generator(10);
		m2 = mask_generator(20);
		if (m1 == m2) {
			print("strange"); # this would happen
		}
	}

Moreover, sending this to CLI would cause stack overflow and knock down the
whole BIRD, as soon as there is at least one route to execute the given
filter on.

	show route filter bgpmask mmm; bgppath ppp; { ppp = +empty+; mmm = [= (ppp ~ mmm) =]; print(mmm); accept; }

The magic match operator (~) inside the bgpmask literal would try to
resolve mmm, which points to the same bgpmask so it would resolve
itself, call the magic match operator and vice versa.

After this patch, the bgpmask literal will get resolved as soon as it's
assigned to mmm and it also will return a type error as bool is not
convertible to ASN in BIRD.
2018-03-14 11:34:29 +01:00
Jan Maria Matejka
e95705f00c Merge branch 'master' into int-new 2018-03-13 17:02:49 +01:00
Jan Maria Matejka
74bfd2f97c Filters: Removed FI_COMMA, not used for 19 years.
This instruction was removed in the commit linked below
and never used ever again. Rest in peace.

commit 84c7e1943f
Author: Pavel Machek <pavel@ucw.cz>
Date:   Tue Mar 2 19:49:28 1999 +0000
2018-03-13 17:01:37 +01:00
Jan Maria Matejka
d1ba927b36 Merge branch 'master' into int-new 2018-03-13 16:51:04 +01:00
Jan Maria Matejka
7c601e6b7b Filter: recursion to loop
It was supposed to do tail-recursion in interpret() but it didn't
compile as such. Converting it to loop makes a significant filter
performance improvement for flat filters.
2018-03-13 16:29:33 +01:00
Maria Jan Matejka
5a14df3950 Filter: Instruction codes named as enum
The two-letter instructions were quite messy but they could be easily
read from memory dumps. Now GDB (since 2012) supports pretty printing
enum values and GCC checks the switch construction for missing enum
values so we are converting the nice two-byte values to enums.

Anyway, the enum still keeps the old two-byte values to be able to read
the instruction codes even without GDB from plain memory dump.
2018-03-13 16:29:33 +01:00
Ondrej Zajicek (work)
1561ee799c Handle properly enums for extended attributes 2018-02-13 19:52:22 +01:00
Ondrej Zajicek (work)
75d98b6013 Merge branch 'master' into int-new 2018-01-23 18:29:32 +01:00
Ondrej Zajicek (work)
b940579115 Filter: Allow silent filter execution
A filter should log messages only if executed explicitly (e.g., during
route export or route import). When a filter is executed for technical
reasons (e.g., to establish whether a route was exported before), it
should run silently.
2018-01-16 16:20:01 +01:00
Ondrej Zajicek (work)
8f8671bcde Filter: Handle undefined BGP paths as empty
The same is already done for clists. Also fixes defined() to work
properly for paths and clists.
2018-01-03 15:44:05 +01:00
Ondrej Zajicek (work)
830ba75e6d Merge commit '1e8721e2aeccfbc3f533e8b8abc07582cee77e9a' into int-new 2017-12-07 21:54:47 +01:00
Michal 'vorner' Vaner
5a8b1fb047 filter: Allow assigning enums into extended attributes
They are internally ints, but they got refused as a wrong type. This
fixes setting of the BGP origin and is also needed for RA.
2017-09-20 15:36:54 +02:00
Ondrej Zajicek (work)
6f535924eb Filter: Fix reconfiguration of roa_check() 2017-04-18 13:56:51 +02:00
Jan Moskyto Matejka
61e501da89 Filter: Check whether IP is 4 or 6 2017-03-22 14:53:37 +01:00
Ondrej Zajicek (work)
a5d2a34497 Minor cleanups
BTW, 'prefices' is hypercorrection, as 'prefix' is from 'praefixum' with
plural 'praefixa'.
2017-03-14 17:25:42 +01:00
Jan Moskyto Matejka
8c9986d310 Filters: VPN Route Distinguishers, Prefix Type, Docs Update 2017-03-13 13:51:20 +01:00
Jan Moskyto Matejka
c609d03986 Merge branch 'int-new' into nexthop-merged 2017-02-22 11:58:04 +01:00
Ondrej Zajicek (work)
c259669fa3 Merge branch 'master' into int-new 2017-02-08 14:34:48 +01:00
Ondrej Zajicek (work)
da65a3d898 Filter: Fix missing case for !~ operator
Thanks to Vincent Bernat for the patch.
2017-01-24 15:35:38 +01:00
Jan Moskyto Matejka
5b208e296f Removing (struct rta)->cast. Never used. 2016-12-22 13:09:59 +01:00
Jan Moskyto Matejka
4e276a8920 Merged multipath and single-path data structures.
Dropped struct mpnh and mpnh_*()
Now struct nexthop exists, nexthop_*(), and also included struct nexthop
into struct rta.

Also converted RTD_DEVICE and RTD_ROUTER to RTD_UNICAST. If it is needed
to distinguish between these two cases, RTD_DEVICE is equivalent to
IPA_ZERO(a->nh.gw), RTD_ROUTER is then IPA_NONZERO(a->nh.gw).

From now on, we also explicitely want C99 compatible compiler. We assume
that this 20-year norm should be known almost everywhere.
2016-12-22 13:01:06 +01:00
Jan Moskyto Matejka
ad88b94bca Merge branch 'int-new-rpki-squashed' (early part) into int-new 2016-12-07 15:30:46 +01:00
Ondrej Zajicek (work)
d15b0b0a1b BGP redesign
Integrated and extensible BGP with generalized AFI handling,
support for IPv4+IPv6 AFI and unicast+multicast SAFI.
2016-12-07 14:20:52 +01:00
Pavel Tvrdik
e58f8c28d2 Add `.maxlen' operator to all ROA prefixes in filters
Example:
  bird> eval (1.2.0.0/16 max 20 as 1234).maxlen
  20

Todo: Should be described in user docs
2016-12-07 09:35:24 +01:00
Pavel Tvrdik
69ae578450 Add `.asn' operator to all ROA prefixes in filters
Example:
  bird> eval (1.2.0.0/16 max 20 as 1234).asn
  1234

Todo: Should be described in user docs
2016-12-07 09:35:24 +01:00
Pavel Tvrdík
65d2a88dd2 RPKI protocol with one cache server per protocol
The RPKI protocol (RFC 6810) using the RTRLib
(http://rpki.realmv6.org/) that is integrated inside
the BIRD's code.

Implemeted transports are:
 - unprotected transport over TCP
 - secure transport over SSHv2

Example configuration of bird.conf:
  ...
  roa4 table r4;
  roa6 table r6;

  protocol rpki {
    debug all;

    # Import both IPv4 and IPv6 ROAs
    roa4 { table r4; };
    roa6 { table r6; };

    # Set cache server (validator) address,
    # overwrite default port 323
    remote "rpki-validator.realmv6.org" port 8282;

    # Overwrite default time intervals
    retry   10;         # Default 600 seconds
    refresh 60;         # Default 3600 seconds
    expire 600;         # Default 7200 seconds
  }

  protocol rpki {
    debug all;

    # Import only IPv4 routes
    roa4 { table r4; };

    # Set cache server address to localhost,
    # use default ports tcp => 323 or ssh => 22
    remote 127.0.0.1;

    # Use SSH transport instead of unprotected transport over TCP
    ssh encryption {
      bird private key "/home/birdgeek/.ssh/id_rsa";
      remote public key "/home/birdgeek/.ssh/known_hosts";
      user "birdgeek";
    };
  }
  ...
2016-12-07 09:35:24 +01:00
Pavel Tvrdik
4b135d0958 Birdtest: Add function format in grammar for stringify expression 2016-11-16 12:22:01 +01:00
Pavel Tvrdik
3ec0bedc60 Birdtest: Remove bt_assert command from term
The bt_assert function does not return any value, so it was useless to
have a option in term definition.
2016-11-16 12:22:01 +01:00
Ondrej Zajicek (work)
9b0a0ba9e6 Unit Testing for BIRD
- Unit Testing Framework (BirdTest)
 - Integration of BirdTest into the BIRD build system
 - Tests for several BIRD modules

 Based on squashed Pavel Tvrdik's int-test branch, updated for
 current int-new branch.
2016-11-09 16:36:34 +01:00
Ondrej Zajicek (work)
8860e991f6 Merge branch 'master' into int-new 2016-11-08 19:27:58 +01:00
Ondrej Zajicek (work)
cc5b93f72d Merge tag 'v1.6.2' into int-new 2016-11-08 17:04:29 +01:00
Jan Moskyto Matejka
3e236955c9 Build: switch on -Wextra, get rid of most of the warnings
There are several unresolved -Wmissing-field-initializers on older
versions of GCC than 5.1, all of them false positive.
2016-11-01 14:52:54 +01:00
Ondrej Zajicek (work)
66dbdbd993 BGP: Support for large communities
Add support for large communities (draft-ietf-idr-large-community),
96bit alternative to RFC 1997 communities.

Thanks to Matt Griswold for the original patch.
2016-10-03 12:48:56 +02:00