Ondrej Filip [Mon, 4 May 2009 16:17:46 +0000 (18:17 +0200)]
Linux specific TCP-MD5 handling moved to sysdep/linux/sysio.h
FreeBSD coded added. BSD cannot set BGP passwords itself.
This has to be done by external command.
Ondrej Zajicek [Fri, 17 Apr 2009 16:43:11 +0000 (18:43 +0200)]
Fixes mixed-up messages on netlink socket
Under specific circumstances there might be two mixed-up
netlink sessions (one for scan, the other for route change
request). This patch separates netlink scans and requests
to two fds (and seq counters).
This should fix http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=428865
Ondrej Zajicek [Thu, 16 Apr 2009 23:48:36 +0000 (01:48 +0200)]
Rewrite of buggy AS path matching.
Old AS path maching supposes thath AS number appears
only once in AS path, but that is not true. It also
contains some bugs related to AS path sets.
New code does not use any assumptions about semantic
structure of AS path. It is asymptotically slower than
the old code, but on real paths it is not significant.
It also allows '?' for matching one arbitrary AS number.
Ondrej Zajicek [Wed, 8 Apr 2009 18:15:01 +0000 (20:15 +0200)]
Fixes broken cryptographic authentication in OSPF
Cryptographic authentication in OSPF is defective by
design - there might be several packets independently
sent to the network (for example HELLO, LSUPD and LSACK)
where they might be reordered and that causes crypt.
sequence number error.
That can be workarounded by not incresing sequence number
too often. Now we update it only when last packet was sent
before at least one second. This can constitute a risk of
replay attacks, but RFC supposes something similar (like time
in seconds used as CSN).
Ondrej Zajicek [Mon, 6 Apr 2009 14:53:06 +0000 (16:53 +0200)]
Fixes bug in OSPF packet retransmission.
If a DBDES packet from a master to a slave is lost, then the old code
does not retransmit it and instead send a next one with the same
sequence number. That leads to silent desynchronization of LSA
databases.
Ondrej Zajicek [Tue, 31 Mar 2009 10:55:57 +0000 (12:55 +0200)]
Reimplementation of prefix sets.
Prefix sets were broken beyond any repair and have to be reimplemented.
They are reimplemented using a trie with bitmasks in nodes.
There is also change in the interpretation of minus prefix pattern,
but the old interpretation was already inconsistent with
the documentation and broken.
There is also some bugfixes in filter code related to set variables.
Ondrej Zajicek [Wed, 25 Mar 2009 18:05:52 +0000 (19:05 +0100)]
Fixes bug in pipe route filtering.
Routes comming through pipe from primary to secondary table were
filtered by both EXPORT and IMPORT filters, but they should be
only filtered by EXPORT filters.
Ondrej Zajicek [Fri, 20 Mar 2009 11:58:21 +0000 (12:58 +0100)]
Fix bugs related to kernel table synchronization.
KRF_INSTALLED flag was not cleared during reconfiguration
that lead to not removing routes during reconfigure when
export rules changed.
We also should not try to remove routes we didi not installed,
on Linux this leads to warnings (as kernel checks route source
field and do not allow to remove non-bird routes) but we should
not rely on it.
Ondrej Zajicek [Wed, 18 Mar 2009 19:30:21 +0000 (20:30 +0100)]
Better handling of AS4 optional attribute errors
AS4 optional attribute errors were handled by session
drop (according to BGP RFC). This patch implements
error handling according to new BGP AS4 draft (*)
- ignoring invalid AS4 optional attributes.
Ondrej Zajicek [Fri, 27 Feb 2009 14:24:46 +0000 (15:24 +0100)]
Better handling of too long attributes
This patch extends the length for attributes from 1024 to 2048
(because both AS_PATH and AS4_PATH attributes take 2+4 B per AS).
If there is not enough space for attributes, Bird skips that
route group. Old behavior (skipping remaining attributes)
leads to skipping required attributes and session drop.
Ondrej Zajicek [Tue, 13 Jan 2009 18:15:49 +0000 (19:15 +0100)]
Fix OSPF protocol error recovery behavior.
When OSPF neighbor state drops down to EXSTART,
clear LSA request and retransmit lists, as specified
by RFC. I hope that this will prevent oscillations
between EXSTART and LOADING states, which sometimes
happened.
It also contains related fix from Yury Shevchuk that
properly resets DB summary list iterator.
Ondrej Zajicek [Thu, 25 Dec 2008 10:55:27 +0000 (11:55 +0100)]
fixes some 64-bit related bugs.
Filter code used 'aux' integer field of 'symbol' struct to store ptr
to next symbol and both 'aux2' and 'def' fields for value.
Changed to just 'def' for value and 'aux2' for ptr to next symbol.
Also another minor bugfix.
Ondrej Zajicek [Wed, 24 Dec 2008 16:24:41 +0000 (17:24 +0100)]
Adds support for fallback to capabilityless BGP connect
When capability related error is received, next connect will be
without capabilities. Also cease error subcodes descriptions
(according to [RFC4486]) are added.
Ondrej Zajicek [Wed, 24 Dec 2008 11:18:10 +0000 (12:18 +0100)]
Fixes bug related to reconfiguration of BGP.
BGP keeps its copy of configuration ptr and didn't update it during
reconfiguration. But old configuration is freed during reconfiguration.
That leads to unnecessary reset of BGP connection during reconfiguration
(old conf is corrupted and therefore different) and possibly other strange
behavior.
Ondrej Zajicek [Fri, 19 Dec 2008 00:34:39 +0000 (01:34 +0100)]
Major changes to BGP
Fixes two race conditions causing crash of Bird, several unhandled
cases during BGP initialization, and some other bugs. Also changes
handling of startup delay to be more useful and implement
reporting of last error in 'show protocols' command.
Ondrej Zajicek [Thu, 18 Dec 2008 22:26:08 +0000 (23:26 +0100)]
Fixes nasty bug in event processing.
WALK_LIST_DELSAFE (in ev_run_list) is not safe with regard
to deletion of next node. When some events are rescheduled
during event execution, it may lead to deletion of next
node and some events are skipped. Such skipped nodes remain
in temporary list on stack and the last of them contains
'next' pointer to stack area. When this event is later
scheduled, it damages stack area trying to remove it from
the list, which leads to random crashes with funny
backtraces :-) .
Ondrej Zajicek [Mon, 8 Dec 2008 11:24:55 +0000 (12:24 +0100)]
Fixes core state machine.
The core state machine was broken - it didn't free resources
in START -> DOWN transition and might freed resources after
UP -> STOP transition before protocol turned down. It leads
to deadlock on olock acquisition when lock was not freed
during previous stop.
The current behavior is that resources, allocated during
DOWN -> * transition, are freed in * -> DOWN transition,
and flushing (scheduled in UP -> *) just counteract
feeding (scheduled in * -> UP). Protocol fell down
when both flushing is done (if needed) and protocol
reports DOWN.
BTW, is thera a reason why neighbour cache item acquired
by protocol is not tracked by resource mechanism?
Ondrej Zajicek [Sat, 22 Nov 2008 00:12:22 +0000 (01:12 +0100)]
Fixes race condition leading to memory corruption and crash.
When protocol started, feeding was scheduled. If protocol
got down before feeding was executed, then function
responsible for connecting protocol to kernel routing
tables was called after the function responsible for
disconnecting, then resource pool of protocol was freed,
but freed linked list structures remains in the list.
Ondrej Zajicek [Fri, 21 Nov 2008 12:05:12 +0000 (13:05 +0100)]
I am not sure whether this is proper fix for a problem that birdc
shows only parts of larger outputs (for example 'show route all').
It seems that birdc reads (from bird) and writes (to stdout)
everything but during execution of some readline code some already
written output disappeared (although it is fflush()ed and
tcdrain()ed).
As birdc reads from stdin when select said there are some data,
O_NONBLOCK for stdin is unnecessary and when it is removed,
i didn't notified this problem.
Ondrej Zajicek [Fri, 14 Nov 2008 13:50:37 +0000 (14:50 +0100)]
New read-only route attribute 'proto' added. It returns a string
representing a name of the protocol that originated the route.
Strings can be compared using = or matched using ~. Routes can
be filtered, for example:
Ondrej Zajicek [Sat, 8 Nov 2008 16:24:23 +0000 (17:24 +0100)]
Fix bugs in OSPF MD5 authentication. First bug is that default
values for MD5 password ID changed during reconfigure, Second
bug is that BIRD chooses password in first-fit manner, but RFC
says that it should use the one with the latest generate-from.
It also modifies the syntax for multiple passwords.
Now it is possible to just add more 'password' statements
to the interface section and it is not needed to use
'passwords' section. Old syntax can be used too.
Ondrej Zajicek [Wed, 29 Oct 2008 13:16:34 +0000 (14:16 +0100)]
Fix race condition that breaks BGP connections after reconfigure.
RFC says that only connections in OpenConfirm and Established state
should participate in connection collision detection.
The current implementation leads to race condition when both sides
are trying to connect at the almost same time, then both sides
receive OPEN message by different connections at the almost same
time and close the other connection. Both connections are
closed and the both sides end in start/idle or start/active
state.
Ondrej Zajicek [Sun, 26 Oct 2008 23:03:30 +0000 (00:03 +0100)]
Two new informative CLI commands for OSPF.
Two new CLI commands for OSPF giving nice informative (and still machine
parsable) representation of OSPF network graph (based on datas from the
LSA database).
The first command (show ospf topology) shows routers, networks and stub
networks, The second command (show ospf state) shows also external
routes and area-external networks and routers propagated by given area
boundary router.
Ondrej Zajicek [Sun, 26 Oct 2008 22:43:13 +0000 (23:43 +0100)]
Bugfix in LSA origination for PTP OSPF links.
The code generating LSAs for PTP OSPF links is buggy. The old behavior
is that it generates PTP link if there is a full/ptp neighbor and stub
link if there isn't. According to RFC 2328, the correct behavior is to
generate stub link in both cases (in the first case together with PTP
link).
And because of buggy detection of unnumbered networks, for numbered
networks the code creates stub links with 0.0.0.0/32.
Ondrej Zajicek [Sun, 26 Oct 2008 22:20:50 +0000 (23:20 +0100)]
Ignore unknown netlink events.
Bird sometimes reported 'bird: nl_parse_link: Malformed message received'.
The cause is that bird asynchronously received netlink packet from
wireless driver about some wireless event on its link layer. In that
case bird shouldn't complain.