Ondrej Zajicek [Tue, 23 Jun 2009 08:50:57 +0000 (10:50 +0200)]
Changes handling of AS_PATH_CONFED_* segments in AS_PATH.
Although standard says that if we receive AS_PATH_CONFED_*
(and we are not a part of a confederation) segment, we should
drop session, nobody does that and it is unwise to do that.
Now we drop session just in case that peer ASN is in
AS_PATH_CONFED_* segment (to detect peer that considers BIRD
as a part of its confederation).
Ondrej Zajicek [Fri, 19 Jun 2009 22:59:32 +0000 (00:59 +0200)]
Fixes bug in scheduling of callback by main loop.
If other side of a socket is sending data faster than
BIRD is processing, BIRD does not schedule any other
callbacks (events, timers, rx/tx callbacks).
Ondrej Zajicek [Fri, 22 May 2009 13:16:53 +0000 (15:16 +0200)]
Fixes serious bug in route attribute handing.
ea_same() sometimes returns true for different route attributes,
which caused that hash table in BGP does not work correctly and
some routes were sent with different attributes.
Ondrej Filip [Mon, 4 May 2009 16:17:46 +0000 (18:17 +0200)]
Linux specific TCP-MD5 handling moved to sysdep/linux/sysio.h
FreeBSD coded added. BSD cannot set BGP passwords itself.
This has to be done by external command.
Ondrej Zajicek [Fri, 17 Apr 2009 16:43:11 +0000 (18:43 +0200)]
Fixes mixed-up messages on netlink socket
Under specific circumstances there might be two mixed-up
netlink sessions (one for scan, the other for route change
request). This patch separates netlink scans and requests
to two fds (and seq counters).
This should fix http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=428865
Ondrej Zajicek [Thu, 16 Apr 2009 23:48:36 +0000 (01:48 +0200)]
Rewrite of buggy AS path matching.
Old AS path maching supposes thath AS number appears
only once in AS path, but that is not true. It also
contains some bugs related to AS path sets.
New code does not use any assumptions about semantic
structure of AS path. It is asymptotically slower than
the old code, but on real paths it is not significant.
It also allows '?' for matching one arbitrary AS number.
Ondrej Zajicek [Wed, 8 Apr 2009 18:15:01 +0000 (20:15 +0200)]
Fixes broken cryptographic authentication in OSPF
Cryptographic authentication in OSPF is defective by
design - there might be several packets independently
sent to the network (for example HELLO, LSUPD and LSACK)
where they might be reordered and that causes crypt.
sequence number error.
That can be workarounded by not incresing sequence number
too often. Now we update it only when last packet was sent
before at least one second. This can constitute a risk of
replay attacks, but RFC supposes something similar (like time
in seconds used as CSN).
Ondrej Zajicek [Mon, 6 Apr 2009 14:53:06 +0000 (16:53 +0200)]
Fixes bug in OSPF packet retransmission.
If a DBDES packet from a master to a slave is lost, then the old code
does not retransmit it and instead send a next one with the same
sequence number. That leads to silent desynchronization of LSA
databases.
Ondrej Zajicek [Tue, 31 Mar 2009 10:55:57 +0000 (12:55 +0200)]
Reimplementation of prefix sets.
Prefix sets were broken beyond any repair and have to be reimplemented.
They are reimplemented using a trie with bitmasks in nodes.
There is also change in the interpretation of minus prefix pattern,
but the old interpretation was already inconsistent with
the documentation and broken.
There is also some bugfixes in filter code related to set variables.
Ondrej Zajicek [Wed, 25 Mar 2009 18:05:52 +0000 (19:05 +0100)]
Fixes bug in pipe route filtering.
Routes comming through pipe from primary to secondary table were
filtered by both EXPORT and IMPORT filters, but they should be
only filtered by EXPORT filters.
Ondrej Zajicek [Fri, 20 Mar 2009 11:58:21 +0000 (12:58 +0100)]
Fix bugs related to kernel table synchronization.
KRF_INSTALLED flag was not cleared during reconfiguration
that lead to not removing routes during reconfigure when
export rules changed.
We also should not try to remove routes we didi not installed,
on Linux this leads to warnings (as kernel checks route source
field and do not allow to remove non-bird routes) but we should
not rely on it.
Ondrej Zajicek [Wed, 18 Mar 2009 19:30:21 +0000 (20:30 +0100)]
Better handling of AS4 optional attribute errors
AS4 optional attribute errors were handled by session
drop (according to BGP RFC). This patch implements
error handling according to new BGP AS4 draft (*)
- ignoring invalid AS4 optional attributes.
Ondrej Zajicek [Fri, 27 Feb 2009 14:24:46 +0000 (15:24 +0100)]
Better handling of too long attributes
This patch extends the length for attributes from 1024 to 2048
(because both AS_PATH and AS4_PATH attributes take 2+4 B per AS).
If there is not enough space for attributes, Bird skips that
route group. Old behavior (skipping remaining attributes)
leads to skipping required attributes and session drop.
Ondrej Zajicek [Tue, 13 Jan 2009 18:15:49 +0000 (19:15 +0100)]
Fix OSPF protocol error recovery behavior.
When OSPF neighbor state drops down to EXSTART,
clear LSA request and retransmit lists, as specified
by RFC. I hope that this will prevent oscillations
between EXSTART and LOADING states, which sometimes
happened.
It also contains related fix from Yury Shevchuk that
properly resets DB summary list iterator.