Commit graph

1491 commits

Author SHA1 Message Date
Ondrej Zajicek (work)
fc1e3211b1 RPKI: Add 'ignore max length' option
Add 'ignore max length' option to RPKI protocol, which ignores received
max length in ROA records and instead uses max value (32 or 128). This
may be useful for implementing loose RPKI check for blackholes.
2020-10-11 01:00:54 +02:00
Maria Matejka
600eb695b1 OSPF: Fixed a debug assert 2020-08-31 15:41:39 +02:00
Ondrej Zajicek (work)
dc8d9dec4a OSPF: Skip out-of-state packets earlier
Sometimes multicast OSPF packet is received when neighbor adjacency is
not established. Such packet should be ignored earlier in packet
processing as otherwise it causes strange error messages when OSPFv3
authentication is enabled.
2020-08-12 19:42:44 +02:00
Ondrej Zajicek (work)
c26c6bc2d7 Show info from multiple protocols when protocol is not specified
Most commands like 'show ospf neighbors' fail when protocol is not
specified and there are multiple instances of given protocol type.
This is annoying in BIRD 2, as many protocols have IPv4 and IPv6
instances. The patch changes that by showing output from all protocol
instances of appropriate type.

Note that the patch also removes terminating cli_msg() call from these
commands and moves it to the common iterating code.
2020-06-28 15:38:47 +02:00
Ondrej Zajicek (work)
82937b465b OSPF: Fix bad header length test
Thanks to Slava Aseev for the thorough bugreport.
2020-06-10 13:27:14 +02:00
Kazuki Yamaguchi
19f8f17320 RPKI: Fix unnecessary reconnection on reconfiguration
Compare the new timing parameters with the old configuration, not with
the temporary state of the current connection.

The timing values in struct rpki_cache is updated by a version 1 End Of
Data PDU, unless this behavior is suppressed by the configuration
explicitly by the "keep" keyword. Consequently, every reconfiguration
of BIRD triggers a reconnection even if it is not necessary.
2020-06-03 15:05:35 +02:00
Maria Matejka
eee8af4db2 OSPF: setting list node to zero before enlisting 2020-06-02 16:58:06 +02:00
Ondrej Zajicek (work)
4e8f8afc68 Babel: Set onlink flag for IPv4 routes with unreachable next hop
If the next hop of a route is not a reachable address, the route should be
installed as onlink. This enables a configuration common in mesh networks
where the mesh interface is assigned a /32 and babel handles the routing by
installing onlink routes.

Thanks to Toke Hoiland-Jorgensen for the patch.
2020-05-26 23:43:13 +02:00
Ondrej Zajicek (work)
c1632ad0f3 OSPF: Fix handling of unnumbered PtPs
This issue has a long history. In 2012, we changed data field for
unnumbered PtP links from iface id (specified by RFC) to IP address based
on reports of bugs in Quagga that required it, and we used out-of-band
information to distinquish unnumberred PtPs with the same local IP
address.

Then with OSPF graceful restart implementation, we found that we can no
longer use out-of-band information, and we need to use only LSAdb info
for routing table calculation, but i forgot to finish handling of this
case, so multiple unnumbered PtPs with the same local IP addresses were
broken.

Considering that even recent Mikrotik RouterOS has broken next hop
calculation that depends on IP address in PtP link data field, we
cannot just switch back to the iface id for unnumbered PtP links.

The patch makes two changes: First, it goes back to use out-of-band
(position) info for distinguishing local interfaces in SPF when graceful
restart is not enabled, while still uses LSAdb-only approach for SPF
calculation when graceful restart is enabled.

Second, it adds OSPF interface option 'ptp address', which controls
whether IP address or iface id is used in data field. It is enabled
by default except for unnumbered PtP links with enabled graceful
restart.

Thanks to Kenth Eriksson for the bugreport and Joakim Tjernlund for
suggestions.
2020-05-26 18:21:43 +02:00
Ondrej Zajicek (work)
b729e731f9 RIP: Triggered RIP (demand circuit) documentation 2020-05-19 02:42:22 +02:00
Ondrej Zajicek (work)
5fc8407177 RIP: Fix handling of passive mode for demand circuit interfaces 2020-05-12 03:46:47 +02:00
Maria Matejka
048eb2ddf1 Merge remote-tracking branch 'origin/mq-static-analysis' 2020-05-01 15:34:17 +02:00
Maria Matejka
258be56539 Nest: Added const to ea_show just to declare that this shouldn't really change anything 2020-05-01 15:19:12 +02:00
Maria Matejka
a7d9b8f116 OSPF: Zero-initialization of a temporary neighbor 2020-05-01 15:19:12 +02:00
Maria Matejka
5f60d14ede RPKI: fixed rare va_list leak 2020-05-01 15:19:12 +02:00
Maria Matejka
9e64ac4b7c OSPF: Adding a note about a static analyzer result. 2020-05-01 15:19:12 +02:00
Maria Matejka
dccee40826 OSPF: variable-length array of size 0 replaced by alloca()'d pointer
NULL pointer is safer than a random pointer onto stack if this function
gets changed and eventually broken.
2020-05-01 15:19:12 +02:00
Ondrej Zajicek (work)
17de3a023f BGP: Fix handling of strange IPv6 link-local-only next hops
There are three common ways how to encode IPv6 link-local-only next hops:
(:: ll), (ll), and (ll ll). We use the first one but we should accept all
three. The patch fixes handling of the last one.

Thanks to Sebastian Hahn for the bugreport.
2020-04-29 02:50:29 +02:00
Maria Matejka
d607205486 Not calling memcpy with n=0. 2020-04-28 16:21:06 +02:00
Nasato Goto
a6548d5b5b BGP: Fix handling of 16bit-only ASN translation
The bug generated invalid AGGREGATOR attribute during translation of
32bit ASN to 16bit-only BGP peer. The patch fixes that.
2020-04-15 03:46:53 +02:00
Maria Matejka
fd9f0c0640 Configuration strings are constant.
This is merely a const propagation. There was no problem in there.
2020-04-09 15:37:14 +02:00
Ondrej Zajicek (work)
d516c68ad8 RIP: Improvements to demand circuit mode
Restart iface after changing demand circuit mode during reconfiguration.
Fix next_regular interval reset during reconfiguration. Send flushing
response when iface goes down.
2020-03-14 17:04:49 +01:00
Maria Matejka
dc042d87cb Perf: changed route update pattern to be more like common protocols 2020-03-12 09:26:05 +01:00
Ondrej Zajicek (work)
78e4a123bb BGP: Handle flowspec rules without dst part
The RFC 5575 does not explicitly reject flowspec rules without dst part,
it just requires dst part in validation procedure for feasibility, which
we do not implement anyway. Thus flow without dst prefix is syntactically
valid, but unfeasible (if feasibilty testing is done).

Thanks to Alex D. for the bugreport.
2020-03-03 17:45:16 +01:00
Ondrej Zajicek (work)
757cab18d6 BGP: Support for MD5SIG together with remote range
When dynamic BGP with remote range is configured, MD5SIG needs to use
newer socket option (TCP_MD5SIG_EXT) to specify remote addres range for
listening socket.

Thanks to Adam Kułagowski for the suggestion.
2020-02-27 17:29:17 +01:00
Ondrej Zajicek (work)
22c3cf955d RIP: Demand circuit support (RFC 2091) 2020-02-21 02:35:50 +01:00
Ondrej Zajicek (work)
3343088a71 RIP: Fix crash when interface is removed
Recent changes in neighbor code caused RIP to access neighbor field which
is NULL during interface/neighbor removal and caused crash when debug
messages are enabled. Use correct field to get iface from neighbor.
2020-02-14 22:43:27 +01:00
Maria Matejka
027a3e66f7 RPKI: Allow build without libSSH 2020-02-04 10:15:35 +01:00
Ondrej Zajicek (work)
7f9adafc10 BFD: Option to specify which class of BFD sessions are accepted
Allows to configure IPv4/IPv6-only or direct/multihop-only BFD protocol
instances.
2020-01-28 18:07:25 +01:00
Ondrej Zajicek (work)
9f2670277c OSPF: Fix bad initialization of tx_hdrlen field
Function ifa_tx_hdrlen() uses fields autype and passwords, so it must be
called after these are set.

Thanks to Kenth Eriksson for the bugreport.
2020-01-09 03:02:15 +01:00
Ondrej Zajicek (work)
21d09632a5 BGP: Add some statistics
Add some statistic counters to BGP consistent with BGP MIB (RFC 4273),
including persistent 'FSM established transitions'.
2019-12-03 18:05:41 +01:00
Ondrej Zajicek (work)
0f88200247 BGP: Fix processing of IPv6 Flowspec
During NLRI parsing of IPv6 Flowspec, dst prefix was not properly
extracted from NLRI, therefore a received flow was stored in a different
position in flowspec routing table, and was not reachable by command
'show route <flow>'.

Add proper prefix part accessors to flowspec code and use them from BGP
NLRI parsing code.

Thanks to Alex D. for the bugreport.
2019-11-18 17:56:51 +01:00
Ondrej Zajicek (work)
0b228fca04 BGP: Add option to enforce first AS in AS_PATH
This is optional check described in RFC 4271. Although this can be also
done by filters, it is widely implemented option in BGP implementations.

Thanks to Eugene Bogomazov for the original patch.
2019-11-10 02:06:07 +01:00
Ondrej Zajicek (work)
a52476c9be BGP: Add option to reject AS_SETs
There is a pending draft to make them obsolete
2019-11-04 22:09:35 +01:00
Ondrej Zajicek (work)
be7c1aef42 BGP: RFC 8654 got released 2019-10-26 01:32:24 +02:00
Ondrej Zajicek (work)
ec331acf48 BGP: Fix handling of transitive extended communities
Transitive extended communities should be removed on external sessions,
the old code them in all cases.

Thanks to Jean-Daniel Pauget for the original patch.
2019-10-24 17:50:19 +02:00
Ondrej Zajicek (work)
4e23b49969 RPKI: Fix handling of IPv6 cache addresses
The old code used just sizeof(struct sockaddr) bytes of IP address.
2019-10-19 03:39:07 +02:00
Ondrej Zajicek (work)
6c9cda6f92 BGP: Fix reconfiguration with import table
Change of some options requires route refresh, but when import table is
active, channel reload is done from it instead of doing full route
refresh. So in this case we request it internally.
2019-10-10 23:33:40 +02:00
Ondrej Zajicek (work)
09ee846d92 BGP: AIGP metric support (RFC 7311) 2019-10-09 17:53:23 +02:00
Ondrej Zajicek (work)
759b204be3 Lib: Support for 64-bit numbers in bvsnprintf()
Use 'l' for s64/u64 instead of for long/ulong, as that is much more
useful. Also make number() correct with regard to signed/unsigned
typecasts.
2019-10-09 17:53:23 +02:00
Maria Matejka
6dda6931d1 Perf: allow testing with cached route attributes. 2019-10-09 17:47:14 +02:00
Ondrej Zajicek (work)
4821251ebb BFD: Fix reconfiguration of neighbors
The bfd_reconfigure_neighbors() returned after first reconfigured
neighbor instead of continuing with the next one.

Thanks to Winston Chen for the bugreport and a patch.
2019-09-30 19:10:14 +02:00
Ondrej Zajicek (work)
eb1e43a9af BGP: Fix setup with multiple dynamic BGP ranges
Based on a patch from Liam Nattrass, thanks.
2019-09-17 14:45:14 +02:00
Ondrej Zajicek (work)
1127887a8b BGP: Fix handling of bgp_aggregator atttribute
The attribute should not be modifiable by filters as we do not
support its type.
2019-09-09 13:17:30 +02:00
Ondrej Zajicek (work)
8388f5a7e1 BGP: Fix bugs in handling of shutdown messages
There is an improper check for valid message size, which may lead to
stack overflow and buffer leaks to log when a large message is received.

Thanks to Daniel McCarney for bugreport and analysis.
2019-09-09 03:13:35 +02:00
Ondrej Zajicek (work)
56d8b1e7f6 OSPF: Fix 'show ospf lsadb' cmd without proto arg
It crashed when used without protocol argument.

Thanks to Alexander for the bugreport.
2019-08-29 20:58:16 +02:00
Ondrej Zajicek (work)
4fa0e472cf BGP: Use reallocation for capability structure
Instead of having large stack buffer for max amount of AFI/SAFI pairs.
The old code is not correct w.r.t. extendeded option length, as more
AFI/SAFI pairs may fit into the capability option.
2019-08-21 17:16:08 +02:00
Ondrej Zajicek (work)
524d253853 BGP: Implement extended optional parameters length
Extends BGP options/capabilities data length to 16bit, to avoid issues
with too many capabilities. See draft-ietf-idr-ext-opt-param-07
2019-08-20 19:15:50 +02:00
Ondrej Zajicek (work)
b7d7599ce3 BGP: implement Adj-RIB-Out
The patch implements optional internal export table to a channel and
hooks it to BGP so it can be used as Adj-RIB-Out. When enabled, all
exported (post-filtered) routes are stored there. An export table can be
examined using e.g. 'show route export table bgp1.ipv4'.
2019-08-14 06:02:33 +02:00
Ondrej Zajicek (work)
70a4320bdd RAdv: Allow solicited RAs to be sent as unicast
Add option to send solicited router advertisements as unicast directly
to soliciting nodes instead of as multicast to all-nodes group.
2019-08-12 00:43:19 +02:00