From: Jan Moskyto Matejka Date: Wed, 7 Dec 2016 14:30:46 +0000 (+0100) Subject: Merge branch 'int-new-rpki-squashed' (early part) into int-new X-Git-Tag: v2.0.0-pre0~9 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ad88b94bca78e010357a6c7806e1d5e01701d4a7;p=thirdparty%2Fbird.git Merge branch 'int-new-rpki-squashed' (early part) into int-new --- ad88b94bca78e010357a6c7806e1d5e01701d4a7 diff --cc Makefile.in index 63d3351fb,6d82c8e42..a5e80ff41 --- a/Makefile.in +++ b/Makefile.in @@@ -58,8 -58,10 +59,10 @@@ all: daemon cl daemon: $(daemon) cli: $(client) + $(daemon): LIBS += $(DAEMON_LIBS) + # Include directories -dirs := client conf doc filter lib nest $(addprefix proto/,$(protocols)) @sysdep_dirs@ +dirs := client conf doc filter lib nest test $(addprefix proto/,$(protocols)) @sysdep_dirs@ conf-y-targets := $(addprefix $(objdir)/conf/,cf-parse.y keywords.h commands.h) cf-local = $(conf-y-targets): $(s)config.Y diff --cc configure.in index 8a825bf26,3c9df3a9a..32344d1f9 --- a/configure.in +++ b/configure.in @@@ -86,9 -87,23 +87,24 @@@ if test "$enable_pthreads" != no ; the fi fi + if test "$enable_libssh" != no ; then + AC_CHECK_LIB(ssh, ssh_connect) + if test $ac_cv_lib_ssh_ssh_connect = yes ; then + proto_rpki=rpki + enable_libssh=yes + AC_DEFINE(HAVE_LIBSSH) + else + if test "$enable_libssh" = yes ; then + AC_MSG_ERROR([LibSSH not available.]) + else + enable_libssh=no + fi + fi + fi + if test "$bird_cflags_default" = yes ; then BIRD_CHECK_GCC_OPTION(bird_cv_c_option_wno_pointer_sign, -Wno-pointer-sign, -Wall) + BIRD_CHECK_GCC_OPTION(bird_cv_c_option_wno_missing_init, -Wno-missing-field-initializers, -Wall -Wextra) BIRD_CHECK_GCC_OPTION(bird_cv_c_option_fno_strict_aliasing, -fno-strict-aliasing) BIRD_CHECK_GCC_OPTION(bird_cv_c_option_fno_strict_overflow, -fno-strict-overflow) @@@ -169,8 -183,8 +185,8 @@@ f AC_SUBST(iproutedir) --# all_protocols="$proto_bfd babel bgp ospf pipe radv rip static" - all_protocols="$proto_bfd bgp ospf pipe radv rip static" -all_protocols="$proto_bfd ospf pipe radv rip $proto_rpki static " ++# all_protocols="$proto_bfd babel bgp ospf pipe radv rip $proto_rpki static" ++all_protocols="$proto_bfd bgp ospf pipe radv rip $proto_rpki static " all_protocols=`echo $all_protocols | sed 's/ /,/g'` diff --cc doc/bird.sgml index e70232d1b,53998a761..a734b2ff5 --- a/doc/bird.sgml +++ b/doc/bird.sgml @@@ -3819,9 -3623,186 +3819,187 @@@ protocol rip } + RPKI + + Introduction + +

The Resource Public Key Infrastructure (RPKI) is mechanism for origin + validation of BGP routes (RFC 6480). BIRD supports only so-called RPKI-based + origin validation. There is implemented RPKI to Router (RPKI-RTR) protocol (RFC + 6810). It uses some of the RPKI data to allow a router to verify that the + autonomous system announcing an IP address prefix is in fact authorized to do + so. This is not crypto checked so can be violated. But it should prevent the + vast majority of accidental hijackings on the Internet today, e.g. the famous + Pakastani accidental announcement of YouTube's address space. + +

The RPKI-RTR protocol receives and maintains a set of ROAs from a cache + server (also called validator). You can validate routes (RFC 6483) using + function reload in for manual call of revalidation of all + routes. + + Supported transports + + Unprotected transport over TCP uses a port 323. The cache server + and BIRD router should be on the same trusted and controlled network + for security reasons. + SSHv2 encrypted transport connection uses the normal SSH port + 22. + + + Configuration + +

We currently support just one cache server per protocol. However you can + define more RPKI protocols generally. + + + protocol rpki [<name>] { + roa4 { table <tab>; }; + roa6 { table <tab>; }; + remote <ip> | "<domain>" [port <num>]; + port <num>; + refresh [keep] <num>; + retry [keep] <num>; + expire [keep] <num>; + transport tcp; + transport ssh { + bird private key "</path/to/id_rsa>"; + remote public key "</path/to/known_host>"; + user "<name>"; + }; + } + + +

Alse note that you have to specify ROA table into which will be imported + routes from a cache server. If you want to import only IPv4 prefixes you have + to specify only roa4 table. Similarly with IPv6 prefixes only. If you want to + fetch both IPv4 and even IPv6 ROAs you have to specify both types of ROA + tables. + + RPKI protocol options + + + remote Specifies + a destination address of the cache server. Can be specified by an IP + address or by full domain name string. Only one cache can be specified + per protocol. This option is required. + + port Specifies the port number. The default port + number is 323 for transport without any encryption and 22 for transport + with SSH encryption. + + refresh [keep] Time period in seconds. Tells how + long to wait before next attempting to poll the cache using a Serial + Query or a Reset Query packet. Must be lower than 86400 seconds (one + day). Too low value can caused a false positive detection of + network connection problems. A keyword retry [keep] Time period in seconds between a failed + Serial/Reset Query and a next attempt. Maximum allowed value is 7200 + seconds (two hours). Too low value can caused a false positive + detection of network connection problems. A keyword expire [keep] Time period in seconds. Received + records are deleted if the client was unable to successfully refresh + data for this time period. Must be in range from 600 seconds (ten + minutes) to 172800 seconds (two days). A keyword transport tcp Unprotected transport over TCP. It's a default + transport. Should be used only on secure private networks. + Default: tcp + + transport ssh { It enables a + SSHv2 transport encryption. Cannot be combined with a TCP transport. + Default: off + + + SSH transport options + + bird private key "/path/to/id_rsa" + A path to the BIRD's private SSH key for authentication. + It can be a id_rsa file. + + remote public key "/path/to/known_host" + A path to the cache's public SSH key for verification identity + of the cache server. It could be a path to known_host file. + + user " + A SSH user name for authentication. This option is a required. + + + Examples + BGP origin validation +

Policy: Don't import + roa4 table r4; + roa6 table r6; + + protocol rpki { + debug all; + + roa4 { table r4; }; + roa6 { table r6; }; + + # Please, do not use rpki-validator.realmv6.org in production + remote "rpki-validator.realmv6.org" port 8282; + + retry keep 5; + refresh keep 30; + expire 600; + } + + filter peer_in { + if (roa_check(r4, net, bgp_path.last) = ROA_INVALID || + roa_check(r6, net, bgp_path.last) = ROA_INVALID) then + { + print "Ignore invalid ROA ", net, " for ASN ", bgp_path.last; + reject; + } + accept; + } + + protocol bgp { + debug all; + local as 65000; + neighbor 192.168.2.1 as 65001; + import filter peer_in; + } + + + SSHv2 transport encryption + + roa4 table r4; + roa6 table r6; + + protocol rpki { + debug all; + + roa4 { table r4; }; + roa6 { table r6; }; + + remote 127.0.0.1 port 2345; + transport ssh { + bird private key "/home/birdgeek/.ssh/id_rsa"; + remote public key "/home/birdgeek/.ssh/known_hosts"; + user "birdgeek"; + }; + + # Default interval values + } + + + Static +

The Static protocol doesn't communicate with other routers in the network, but instead it allows you to define routes manually. This is often used for diff --cc filter/test.conf index 16ef7a86f,8c820d4d4..18aeaae1f --- a/filter/test.conf +++ b/filter/test.conf @@@ -1036,133 -58,431 +1036,183 @@@ function fifteen( return 15; } +function t_call_function() +{ + bt_assert(fifteen() = 15); + + bt_assert(callme(1, 2) = 42); + bt_assert(callme(42, 2) = 42); + + bt_assert(callme(2, 2) = 4); + bt_assert(callme(3, 2) = 6); + bt_assert(callme(4, 4) = 16); + bt_assert(callme(7, 2) = 14); +} + +bt_test_suite(t_call_function, "Testing calling functions"); + + + + +/* + * Test including another config file + * ---------------------------------- + */ + +function t_include() +int i; +{ + i = 1; + include "test.conf.inc"; + bt_assert(i = 42); +} + +bt_test_suite(t_include, "Testing including another config file"); + + + + +/* + * Test if-else statement + * ---------------------- + */ + +function t_if_else() +int i; +{ + if true then + bt_assert(true); + + if false then + bt_assert(false); + else if true then + bt_assert(true); + else + bt_assert(false); +} + +bt_test_suite(t_if_else, "Testing if-else statement"); + + + + +/* + * Unused functions -- testing only parsing + * ---------------------------------------- + */ + +function __test1() +{ + if source ~ [ RTS_BGP, RTS_STATIC ] then { +# ospf_metric1 = 65535; +# ospf_metric2 = 1000; + ospf_tag = 0x12345678; + accept; + } + reject; +} + +function __test2() +{ + if source ~ [ RTS_BGP, RTS_STATIC ] then { +# ospf_metric1 = 65535; +# ospf_metric2 = 1000; + ospf_tag = 0x12345678; + accept; + } + reject; +} + +filter testf +int j; +{ + print "Heya, filtering route to ", net.ip, " prefixlen ", net.len, " source ", source; + print "This route was from ", from; + j = 7; + j = 17; + if rip_metric > 15 then { + reject "RIP Metric is more than infinity"; + } + rip_metric = 14; + unset(rip_metric); + + accept "ok I take that"; +} + - /* - roa table rl + roa4 table r4; + roa6 table r6; + + protocol static + { + roa4 { table r4; }; + route 10.110.0.0/16 max 16 as 1000 blackhole; + route 10.120.0.0/16 max 24 as 1000 blackhole ; + route 10.130.0.0/16 max 24 as 2000 blackhole; + route 10.130.128.0/18 max 24 as 3000 blackhole; + } + + protocol static { - roa 10.110.0.0/16 max 16 as 1000; - roa 10.120.0.0/16 max 24 as 1000; - roa 10.130.0.0/16 max 24 as 2000; - roa 10.130.128.0/18 max 24 as 3000; + roa6 { table r6; }; + route 2001:0db8:85a3:8a2e::/64 max 96 as 1000 blackhole; } - function test_roa() + function test_roa_check() { # cannot be tested in __startup(), sorry - print "Testing ROA"; - print "Should be true: ", roa_check(rl, 10.10.0.0/16, 1000) = ROA_UNKNOWN, - " ", roa_check(rl, 10.0.0.0/8, 1000) = ROA_UNKNOWN, - " ", roa_check(rl, 10.110.0.0/16, 1000) = ROA_VALID, - " ", roa_check(rl, 10.110.0.0/16, 2000) = ROA_INVALID, - " ", roa_check(rl, 10.110.32.0/20, 1000) = ROA_INVALID, - " ", roa_check(rl, 10.120.32.0/20, 1000) = ROA_VALID; - print "Should be true: ", roa_check(rl, 10.120.32.0/20, 2000) = ROA_INVALID, - " ", roa_check(rl, 10.120.32.32/28, 1000) = ROA_INVALID, - " ", roa_check(rl, 10.130.130.0/24, 1000) = ROA_INVALID, - " ", roa_check(rl, 10.130.130.0/24, 2000) = ROA_VALID, - " ", roa_check(rl, 10.130.30.0/24, 3000) = ROA_INVALID, - " ", roa_check(rl, 10.130.130.0/24, 3000) = ROA_VALID; + print "Should be true: ", roa_check(r4, 10.10.0.0/16, 1000) = ROA_UNKNOWN, + " ", roa_check(r4, 10.0.0.0/8, 1000) = ROA_UNKNOWN, + " ", roa_check(r4, 10.110.0.0/16, 1000) = ROA_VALID, + " ", roa_check(r4, 10.110.0.0/16, 2000) = ROA_INVALID, + " ", roa_check(r4, 10.110.32.0/20, 1000) = ROA_INVALID, + " ", roa_check(r4, 10.120.32.0/20, 1000) = ROA_VALID; + print "Should be true: ", roa_check(r4, 10.120.32.0/20, 2000) = ROA_INVALID, + " ", roa_check(r4, 10.120.32.32/28, 1000) = ROA_INVALID, + " ", roa_check(r4, 10.130.130.0/24, 1000) = ROA_INVALID, + " ", roa_check(r4, 10.130.130.0/24, 2000) = ROA_VALID, + " ", roa_check(r4, 10.130.30.0/24, 3000) = ROA_INVALID, + " ", roa_check(r4, 10.130.130.0/24, 3000) = ROA_VALID; + print "Should be true: ", roa_check(r6, 2001:0db8:85a3:8a2e:1234::/80, 1000) = ROA_VALID, + " ", roa_check(r6, 2001:0db8:85a3:8a2e:1234::/97, 1000) = ROA_INVALID, + " ", roa_check(r6, 2001:0db8:85a3:8a2e::/64, 1000) = ROA_VALID, + " ", roa_check(r6, 2001:0db8:85a3::/48, 1000) = ROA_UNKNOWN; + + print "Should be true: ", roa_check(r4, 10.10.0.0/16, 1000) = ROA_UNKNOWN, + " ", roa_check(r4, 10.0.0.0/8, 1000) = ROA_UNKNOWN, + " ", roa_check(r4, 10.110.0.0/16, 1000) = ROA_VALID, + " ", roa_check(r4, 10.110.0.0/16, 2000) = ROA_INVALID, + " ", roa_check(r4, 10.110.32.0/20, 1000) = ROA_INVALID, + " ", roa_check(r4, 10.120.32.0/20, 1000) = ROA_VALID; + + print "Should be true: ", roa_check(r6, 2001:0db8:85a3:8a2e:1234::/80, 1000) = ROA_VALID, + " ", roa_check(r6, 2001:0db8:85a3:8a2e:1234::/97, 1000) = ROA_INVALID, + " ", roa_check(r6, 2001:0db8:85a3:8a2e::/64, 1000) = ROA_VALID, + " ", roa_check(r6, 2001:0db8:85a3::/48, 1000) = ROA_UNKNOWN; + + print "Should be true: ", roa_check(r4, 2001:0db8:85a3:8a2e:1234::/97, 1000) = ROA_INVALID || + roa_check(r6, 2001:0db8:85a3:8a2e:1234::/97, 1000) = ROA_INVALID; + + print "Should be false: ", roa_check(r4, 2001:0db8:85a3:8a2e:1234::/80, 1000) = ROA_INVALID || + roa_check(r6, 2001:0db8:85a3:8a2e:1234::/80, 1000) = ROA_INVALID, + " ", roa_check(r4, 2001:0db8:85a3::/48, 1000) = ROA_INVALID || + roa_check(r6, 2001:0db8:85a3::/48, 1000) = ROA_INVALID; + + print "Should be true: ", 10.130.130.0/24 ~ 0.0.0.0/0, + " ", 2001:0db8:85a3:8a2e::/64 ~ ::/0; + print "Should be false: ", 10.130.130.0/24 ~ ::/0, + " ", 2001:0db8:85a3:8a2e::/64 ~ 0.0.0.0/0; + } + + function roa_operators_test() + prefix pfx; + { + print "Testing ROA prefix operators '.maxlen' and '.asn':"; + + pfx = 12.13.0.0/16 max 24 as 1234; + print pfx; + print "Should be true: ", pfx.len = 16, " ", pfx.maxlen = 24, " ", pfx.asn = 1234; + + pfx = 1000::/8 max 32 as 1234; + print pfx; + print "Should be true: ", pfx.len = 8, " ", pfx.maxlen = 32, " ", pfx.asn = 1234; } - */ - -function path_test() -bgpmask pm1; -bgpmask pm2; -bgppath p2; -clist l; -clist l2; -eclist el; -eclist el2; -{ - pm1 = / 4 3 2 1 /; - pm2 = [= 4 3 2 1 =]; - print "Testing path masks: ", pm1, " ", pm2; - p2 = prepend( + empty +, 1 ); - p2 = prepend( p2, 2 ); - p2 = prepend( p2, 3 ); - p2 = prepend( p2, 4 ); - print "Testing paths: ", p2; - print "Should be true: ", p2 ~ pm1, " ", p2 ~ pm2, " ", 3 ~ p2, " ", p2 ~ [2, 10..20], " ", p2 ~ [4, 10..20]; - print "4 = ", p2.len; - p2 = prepend( p2, 5 ); - print "Should be false: ", p2 ~ pm1, " ", p2 ~ pm2, " ", 10 ~ p2, " ", p2 ~ [8, ten..(2*ten)]; - print "Should be true: ", p2 ~ / ? 4 3 2 1 /, " ", p2, " ", / ? 4 3 2 1 /; - print "Should be true: ", p2 ~ [= * 4 3 * 1 =], " ", p2, " ", [= * 4 3 * 1 =]; - print "Should be true: ", p2 ~ [= (3+2) (2*2) 3 2 1 =], " ", p2 ~ mkpath(5, 4); - print "Should be true: ", p2.len = 5, " ", p2.first = 5, " ", p2.last = 1; - print "5 = ", p2.len; - print "Delete 3: ", delete(p2, 3); - print "Filter 1-3: ", filter(p2, [1..3]); - - pm1 = [= 1 2 * 3 4 5 =]; - p2 = prepend( + empty +, 5 ); - p2 = prepend( p2, 4 ); - p2 = prepend( p2, 3 ); - p2 = prepend( p2, 3 ); - p2 = prepend( p2, 2 ); - p2 = prepend( p2, 1 ); - print "Should be true: ", p2 ~ pm1, " ", p2, " ", pm1; - print "Delete 3: ", delete(p2, 3); - print "Delete 4-5: ", delete(p2, [4..5]); - - l = - empty -; - print "Should be false in this special case: ", l ~ [(*,*)]; - l = add( l, (one,2) ); - print "Should be always true: ", l ~ [(*,*)]; - l = add( l, (2,one+2) ); - print "Community list (1,2) (2,3) ", l; - print "Should be true: ", (2,3) ~ l, " ", l ~ [(1,*)], " ", l ~ [p23]," ", l ~ [(2,2..3)], " ", l ~ [(1,1..2)], " ", l ~ [(1,1)..(1,2)]; - l = add( l, (2,5) ); - l = add( l, (5,one) ); - l = add( l, (6,one) ); - l = add( l, (one,one) ); - l = delete( l, [(5,1),(6,one),(one,1)] ); - l = delete( l, [(5,one),(6,one)] ); - l = filter( l, [(1,*)] ); - print "Community list (1,2) ", l; - print "Should be false: ", (2,3) ~ l, " ", l ~ [(2,*)], " ", l ~ [(one,3..6)]; - print "Should be always true: ", l ~ [(*,*)]; - l = add( l, (3,one) ); - l = add( l, (one+one+one,one+one) ); - l = add( l, (3,3) ); - l = add( l, (3,4) ); - l = add( l, (3,5) ); - l2 = filter( l, [(3,*)] ); - l = delete( l, [(3,2..4)] ); - print "Community list (1,2) (3,1) (3,5) ", l, " len: ", l.len; - l = add( l, (3,2) ); - l = add( l, (4,5) ); - print "Community list (1,2) (3,1) (3,2) (3,5) (4,5) ", l, " len: ", l.len; - print "Should be true: ", l ~ [(*,2)], " ", l ~ [(*,5)], " ", l ~ [(*, one)]; - print "Should be false: ", l ~ [(*,3)], " ", l ~ [(*,(one+6))], " ", l ~ [(*, (one+one+one))]; - l = delete( l, [(*,(one+onef(3)))] ); - l = delete( l, [(*,(4+one))] ); - print "Community list (3,1) ", l; - l = delete( l, [(*,(onef(5)))] ); - print "Community list empty ", l; - l2 = add( l2, (3,6) ); - l = filter( l2, [(3,1..4)] ); - l2 = filter( l2, [(3,3..6)] ); - print "clist A (1..4): ", l; - print "clist B (3..6): ", l2; - print "clist A union B: ", add( l2, l ); - print "clist A isect B: ", filter( l, l2 ); - print "clist A \ B: ", delete( l, l2 ); - - el = -- empty --; - el = add(el, (rt, 10, 20)); - el = add(el, (ro, 10.20.30.40, 100)); - el = add(el, (ro, 11.21.31.41.mask(16), 200)); - print "EC list (rt, 10, 20) (ro, 10.20.30.40, 100) (ro, 11.21.0.0, 200):"; - print el; - print "EC len: ", el.len; - el = delete(el, (rt, 10, 20)); - el = delete(el, (rt, 10, 30)); - el = add(el, (unknown 2, ten, 1)); - el = add(el, (unknown 5, ten, 1)); - el = add(el, (rt, ten, one+one)); - el = add(el, (rt, 10, 3)); - el = add(el, (rt, 10, 4)); - el = add(el, (rt, 10, 5)); - el = add(el, (generic, 0x2000a, 3*ten)); - el = delete(el, [(rt, 10, 2..ten)]); - print "EC list (ro, 10.20.30.40, 100) (ro, 11.21.0.0, 200) (rt, 10, 1) (unknown 0x5, 10, 1) (rt, 10, 30):"; - print el; - el = filter(el, [(rt, 10, *)]); - print "EC list (rt, 10, 1) (rt, 10, 30): ", el; - print "Testing EC list, true: ", (rt, 10, 1) ~ el, " ", el ~ [(rt, 10, ten..40)]; - print "Testing EC list, false: ", (rt, 10, 20) ~ el, " ", (ro, 10.20.30.40, 100) ~ el, " ", el ~ [(rt, 10, 35..40)], " ", el ~ [(ro, 10, *)]; - el = add(el, (rt, 10, 40)); - el2 = filter(el, [(rt, 10, 20..40)] ); - el2 = add(el2, (rt, 10, 50)); - print "eclist A (1,30,40): ", el; - print "eclist B (30,40,50): ", el2; - print "eclist A union B: ", add( el2, el ); - print "eclist A isect B: ", filter( el, el2 ); - print "eclist A \ B: ", delete( el, el2 ); -} - -function bla() -{ - print "fifteen called"; - return 15; -} - -define four=4; -define onetwo=1.2.3.4; - -function __test1() -{ - if source ~ [ RTS_BGP, RTS_STATIC ] then { -# ospf_metric1 = 65535; -# ospf_metric2 = 1000; - ospf_tag = 0x12345678; - accept; - } reject; -} - -function __test2() -{ - if source ~ [ RTS_BGP, RTS_STATIC ] then { -# ospf_metric1 = 65535; -# ospf_metric2 = 1000; - ospf_tag = 0x12345678; - accept; - } reject; -} - -function test_pxset(prefix set pxs) -{ - print pxs; - print " must be true: ", net10 ~ pxs, ",", 10.0.0.0/10 ~ pxs, ",", 10.0.0.0/12 ~ pxs, ",", - 20.0.0.0/24 ~ pxs, ",", 20.0.40.0/24 ~ pxs, ",", 20.0.0.0/26 ~ pxs, ",", - 20.0.100.0/26 ~ pxs, ",", 20.0.0.0/28 ~ pxs, ",", 20.0.255.0/28 ~ pxs; - print " must be false: ", 10.0.0.0/7 ~ pxs, ",", 10.0.0.0/13 ~ pxs, ",", 10.0.0.0/16 ~ pxs, ",", - 20.0.0.0/16 ~ pxs, ",", 20.0.0.0/23 ~ pxs, ",", 20.0.0.0/29 ~ pxs, ",", - 11.0.0.0/10 ~ pxs, ",", 20.1.0.0/26 ~ pxs; -} - -function test_undef(int a) -int b; -{ - if a = 3 - then b = 4; - print "Defined: ", a, " ", b, " ", defined(b); -} - -define is1 = [ one, (2+1), (6-one), 8, 11, 15, 17, 19]; -define is2 = [(17+2), 17, 15, 11, 8, 5, 3, 2]; -define is3 = [5, 17, 2, 11, 8, 15, 3, 19]; - -define pxs2 = [ 10.0.0.0/16{8,12}, 20.0.0.0/16{24,28} ]; - -define ecs2 = [(rt, ten, (one+onef(0))*10), (ro, 100000, 100..200), (rt, 12345, *)]; - - -function __startup() -int i; -bool b; -prefix px; -ip p; -pair pp; -quad qq; -ec cc; -int set is; -pair set ps; -ec set ecs; -ip set ips; -prefix set pxs; -string st; -{ - print "1a-a1 = 30: ", '1a-a1'; - print "Testing filter language:"; - i = four; - i = 12*100 + 60/2 + i; - i = ( i + 0 ); - print " arithmetics: 1234 = ", i; - printn " if statements "; - print "what happens here?"; - printn "."; - if (i = 4) then { print "*** FAIL: if 0"; quitbird; } else printn "."; -# if !(i = 3) then { print "*** FAIL: if 0"; quitbird; } else printn "."; - if 1234 = i then printn "."; else { print "*** FAIL: if 1 else"; } -# if 1 <= 1 then printn "."; else { print "*** FAIL: test 3"; } - if 1234 < 1234 then { print "*** FAIL: test 4"; quitbird; } else print "ok"; - is = [ 2, 3, 4, 7..11 ]; - - print "must be true: ", 1 = 1, " ", 1 != (0,1), " ", 1 != "a", " ", +empty+ = +empty+, " ", -empty- = -empty-, " ", --empty-- = --empty-- , - " ", [1,4..10,20] = [1,4..10,20] , " ", [ 10.0.0.0/8{ 15 , 17 } ] = [ 10.0.0.0/8{ 15 , 17 } ]; - print "must be false: ", 1 != 1, " ", 1 = (0,1), " ", 1 = "a", " ", +empty+ = -empty-, " ", -empty- = --empty--, " ", --empty-- = +empty+ , - " ", [1,2] = [1,3], " ", [ 10.0.0.0/8{ 15 , 17 } ] = [ 11.0.0.0/8{ 15 , 17 } ]; - - print " must be true: ", 1.2.0.0/16 ~ [ 1.0.0.0/8{ 15 , 17 } ]; - print " data types; must be true: ", 1.2.3.4 = 1.2.3.4, ",", 1 ~ [1,2,3], ",", 5 ~ [1..20], ",", 10 ~ is, ",", 2 ~ [ 1, 2, 3 ], ",", 5 ~ [ 4 .. 7 ], ",", 1.2.3.4 ~ [ 1.2.3.3..1.2.3.5 ], ",", 1.2.3.4 ~ 1.0.0.0/8, ",", 1.0.0.0/8 ~ 1.0.0.0/8, ",", 1.0.0.0/8 ~ [ 1.0.0.0/8+ ]; - print " must be true: ", true && true, ",", true || false, ",", ! false && ! false && true, ",", 1 < 2 && 1 != 3, ",", true && true && ! false, ",", true || 1+"a", ",", !(false && 1+"a"); - - print " must be true: ", defined(1), ",", defined(1.2.3.4), ",", 1 != 2, ",", 1 <= 2; - print " data types: must be false: ", 1 ~ [ 2, 3, 4 ], ",", 5 ~ is, ",", 1.2.3.4 ~ [ 1.2.3.3, 1.2.3.5 ], ",", (1,2) > (2,2), ",", (1,1) > (1,1), ",", 1.0.0.0/9 ~ [ 1.0.0.0/8- ], ",", 1.2.0.0/17 ~ [ 1.0.0.0/8{ 15 , 16 } ], ",", true && false; - - - print " must be true: ", 1 ~ is1, " ", 3 ~ is1, " ", 5 ~ is1; - print " must be true: ", (one+2) ~ is1, " ", 2 ~ is2, " ", 2 ~ is3; - print " must be false: ", 4 ~ is1, " ", 4 ~ is2, " ", 4 ~ is3; - print " must be false: ", 10 ~ is1, " ", 10 ~ is2, " ", 10 ~ is3; - print " must be true: ", 15 ~ is1, " ", 15 ~ is2, " ", 15 ~ is3; - print " must be false: ", 18 ~ is1, " ", 18 ~ is2, " ", 18 ~ is3; - print " must be true: ", 19 ~ is1, " ", 19 ~ is2, " ", 19 ~ is3; - print " must be false: ", 20 ~ is1, " ", 20 ~ is2, " ", 20 ~ is3; - - px = 1.2.0.0/18; - print "Testing prefixes: 1.2.0.0/18 = ", px; - print " must be true: ", 192.168.0.0/16 ~ 192.168.0.0/16, " ", 192.168.0.0/17 ~ 192.168.0.0/16, " ", 192.168.254.0/24 ~ 192.168.0.0/16, " ", netdoc ~ 2001::/16; - print " must be false: ", 192.168.0.0/15 ~ 192.168.0.0/16, " ", 192.160.0.0/17 ~ 192.168.0.0/16, " ", px ~ netdoc; - - p = 127.1.2.3; - print "Testing mask : 127.0.0.0 = ", p.mask(8); - - pp = (1, 2); - print "Testing pairs: (1,2) = ", (1,2), " = ", pp, " = ", (1,1+1), " = ", 'mkpair-a'(2); - print " must be true: ", (1,2) = (1,1+1); - print "Testing enums: ", RTS_DUMMY, " ", RTS_STATIC, " ", - ", true: ", RTS_STATIC ~ [RTS_STATIC, RTS_DEVICE], - ", false: ", RTS_BGP ~ [RTS_STATIC, RTS_DEVICE]; - - ps = [(1,(one+one)), (3,4)..(4,8), (5,*), (6,3..6)]; - print "Pair set: ", ps; - print "Testing pair set, true: ", pp ~ ps, " ", (3,5) ~ ps, " ", (4,1) ~ ps, " ", (5,4) ~ ps, " ", (5,65535) ~ ps, " ", (6,4) ~ ps, " ", (3, 10000) ~ ps; - print "Testing pair set, false: ", (3,3) ~ ps, " ", (4,9) ~ ps, " ", (4,65535) ~ ps, " ", (6,2) ~ ps, " ", (6,6+one) ~ ps, " ", ((one+6),2) ~ ps, " ", (1,1) ~ ps; - - ps = [(20..150, 200..300), (50100..50200, 1000..50000), (*, 5+5)]; - print "Pair set: .. too long .."; - print "Testing pair set, true: ", (100,200) ~ ps, " ", (150,300) ~ ps, " ", (50180,1200) ~ ps, " ", (50110,49000) ~ ps, " ", (0,10) ~ ps, " ", (64000,10) ~ ps; - print "Testing pair set, false: ", (20,199) ~ ps, " ", (151,250) ~ ps, " ", (50050,2000) ~ ps, " ", (50150,50050) ~ ps, " ", (10,9) ~ ps, " ", (65535,11) ~ ps ; - - qq = 1.2.3.4; - print "Testinq quad: 1.2.3.4 = ", qq, - ", true: ", qq = 1.2.3.4, " ", qq ~ [1.2.3.4, 5.6.7.8], - ", false: ", qq = 4.3.2.1, " ", qq ~ [1.2.1.1, 1.2.3.5]; - - cc = (rt, 12345, 200000); - print "Testing EC: (rt, 12345, 200000) = ", cc; - print "Testing EC: (ro, 100000, 20000) = ", (ro, 100000, 20000); - print "Testing EC: (rt, 10.20.30.40, 20000) = ", (rt, 10.20.30.40, 20000); - print " true: ", cc = (rt, 12345, 200000), " ", cc < (rt, 12345, 200010), - ", false: ", cc = (rt, 12346, 200000), " ", cc = (ro, 12345, 200000), " ", cc > (rt, 12345, 200010); - - ecs = [(rt, ten, (one+onef(0))*10), (ro, 100000, 100..200), (rt, 12345, *)]; - print "EC set: ", ecs; - print "EC set: ", ecs2; - print "Testing EC set, true: ", (rt, 10, 20) ~ ecs, " ", (ro, 100000, 100) ~ ecs, " ", (ro, 100000, 200) ~ ecs, - " ", (rt, 12345, 0) ~ ecs, " ", cc ~ ecs, " ", (rt, 12345, 4000000) ~ ecs; - print "Testing EC set, false: ", (ro, 10, 20) ~ ecs, " ", (rt, 10, 21) ~ ecs, " ", (ro, 100000, 99) ~ ecs, - " ", (ro, 12345, 10) ~ ecs, " ", (rt, 12346, 0) ~ ecs, " ", (ro, 0.1.134.160, 150) ~ ecs; - - st = "Hello"; - print "Testing string: ", st, " true: ", st ~ "Hell*", " false: ", st ~ "ell*"; - - b = true; - print "Testing bool: ", b, ", ", !b; - - if ( b = true ) then print "Testing bool comparison b = true: ", b; - else { print "*** FAIL: TRUE test failed" ; quitbird; } - - ips = [ 1.1.1.0 .. 1.1.1.255, ip1222]; - print "Testing IP sets: "; - print ips; - print " must be true: ", 1.1.1.0 ~ ips, ",", 1.1.1.100 ~ ips, ",", 1.2.2.2 ~ ips; - print " must be false: ", 1.1.0.255 ~ ips, ",", 1.1.2.0 ~ ips, ",", 1.2.2.3 ~ ips, ",", 192.168.1.1 ~ ips; - - pxs = [ 1.2.0.0/16, 1.4.0.0/16+]; - print "Testing prefix sets: "; - print pxs; - print " must be true: ", 1.2.0.0/16 ~ pxs, ",", 1.4.0.0/16 ~ pxs, ",", 1.4.0.0/18 ~ pxs, ",", 1.4.0.0/32 ~ pxs; - print " must be false: ", 1.1.0.0/16 ~ pxs, ",", 1.3.0.0/16 ~ pxs, ",", 1.2.0.0/15 ~ pxs, ",", 1.2.0.0/17 ~ pxs, ",", - 1.2.0.0/32 ~ pxs, ",", 1.4.0.0/15 ~ pxs; - - test_pxset(pxs2); - test_pxset([ 10.0.0.0/16{8,12}, 20.0.0.0/16{24,28} ]); - print "What will this do? ", [ 1, 2, 1, 1, 1, 3, 4, 1, 1, 1, 5 ]; - - roa_operators_test(); - - print "Testing functions..."; - callme ( 1, 2 ); - callme ( 2, 2 ); - callme ( 2, 2 ); - callme ( 3, 2 ); - callme ( 4, 4 ); - callme ( 7, 2 ); - - i = fifteen(); - print "Testing function calls: 15 = ", i; - - path_test(); - - print "1.2.3.4 = ", onetwo; - - i = 4200000000; - print "4200000000 = ", i, " true: ", i = 4200000000, " ", i > 4100000000, " false: ", i > 4250000000; - - test_undef(2); - test_undef(3); - test_undef(2); - - print "Testing include"; - include "test.conf.inc"; - - print "done"; - print "Well, now call from birdc `eval test_roa_check()', please."; - return 1; -# quitbird; -# print "*** FAIL: this is unreachable"; -} - -filter testf -int j; -{ - print "Heya, filtering route to ", net.ip, " prefixlen ", net.len, " source ", source; - print "This route was from ", from; - j = 7; - j = 17; - if rip_metric > 15 then { - reject "RIP Metric is more than infinity"; - } - rip_metric = 14; - unset(rip_metric); - - accept "ok I take that"; -} - -eval __startup(); diff --cc lib/Makefile index 26d8bf657,a9aae66f9..a7da98025 --- a/lib/Makefile +++ b/lib/Makefile @@@ -1,7 -1,7 +1,11 @@@ + src := bitops.c checksum.c ip.c lists.c md5.c net.c patmatch.c printf.c sha1.c sha256.c sha512.c slists.c xmalloc.c + obj := $(src-o-files) + $(all-client) + -src := bitops.c checksum.c event.c idm.c ip.c lists.c md5.c mempool.c net.c patmatch.c printf.c resource.c sha1.c sha256.c sha512.c slab.c slists.c tbf.c xmalloc.c +src := bitops.c checksum.c event.c idm.c ip.c lists.c mac.c md5.c mempool.c net.c patmatch.c printf.c resource.c sha1.c sha256.c sha512.c slab.c slists.c tbf.c xmalloc.c obj := $(src-o-files) $(all-daemon) + +tests_src := heap_test.c buffer_test.c event_test.c bitops_test.c patmatch_test.c fletcher16_test.c slist_test.c checksum_test.c lists_test.c mac_test.c ip_test.c hash_test.c printf_test.c +tests_targets := $(tests_targets) $(tests-target-files) +tests_objs := $(tests_objs) $(src-o-files) diff --cc nest/protocol.h index 194145256,6041f3147..6efaaaf72 --- a/nest/protocol.h +++ b/nest/protocol.h @@@ -271,9 -271,8 +271,9 @@@ proto_get_router_id(struct proto_confi } /* Moved from route.h to avoid dependency conflicts */ - static inline void rte_update(struct proto *p, net_addr *n, rte *new) { rte_update2(p->main_channel, n, new, p->main_source); } + static inline void rte_update(struct proto *p, const net_addr *n, rte *new) { rte_update2(p->main_channel, n, new, p->main_source); } +extern pool *proto_pool; extern list proto_list; /* diff --cc nest/route.h index 8a2388607,74bbe4abd..d652ca15a --- a/nest/route.h +++ b/nest/route.h @@@ -283,10 -283,11 +283,10 @@@ void *net_route(rtable *tab, const net_ int net_roa_check(rtable *tab, const net_addr *n, u32 asn); rte *rte_find(net *net, struct rte_src *src); rte *rte_get_temp(struct rta *); - void rte_update2(struct channel *c, net_addr *n, rte *new, struct rte_src *src); + void rte_update2(struct channel *c, const net_addr *n, rte *new, struct rte_src *src); /* rte_update() moved to protocol.h to avoid dependency conflicts */ -void rte_discard(rtable *tab, rte *old); int rt_examine(rtable *t, net_addr *a, struct proto *p, struct filter *filter); -rte *rt_export_merged(struct channel *c, net *net, rte **rt_free, struct ea_list **tmpa, int silent); +rte *rt_export_merged(struct channel *c, net *net, rte **rt_free, struct ea_list **tmpa, linpool *pool, int silent); void rt_refresh_begin(rtable *t, struct channel *c); void rt_refresh_end(rtable *t, struct channel *c); void rt_schedule_prune(rtable *t); diff --cc sysdep/autoconf.h.in index 0d0627f30,a68f3e90e..4887c4335 --- a/sysdep/autoconf.h.in +++ b/sysdep/autoconf.h.in @@@ -67,7 -68,7 +68,10 @@@ /* We have stdint.h */ #undef HAVE_STDINT_H +/* We have execinfo.h */ +#undef HAVE_EXECINFO_H + + /* We have LibSSH */ + #undef HAVE_LIBSSH + #define CONFIG_PATH ?