git.ipfire.org Git - thirdparty/bird.git/commit

BGP: Implement flowspec validation procedure

Implement flowspec validation procedure as described in RFC 8955 sec. 6
and RFC 9117. The Validation procedure enforces that only routers in the
forwarding path for a network can originate flowspec rules for that
network.

The patch adds new mechanism for tracking inter-table dependencies, which
is necessary as the flowspec validation depends on IP routes, and flowspec
rules must be revalidated when best IP routes change.

The validation procedure is disabled by default and requires that
relevant IP table uses trie, as it uses interval queries for subnets.

author	Ondrej Zajicek (work) <santiago@crfreenet.org>
	Mon, 20 Dec 2021 19:25:35 +0000 (20:25 +0100)
committer	Ondrej Zajicek (work) <santiago@crfreenet.org>
	Sun, 6 Feb 2022 22:27:13 +0000 (23:27 +0100)
commit	1f2eb2aca8e348fefc1822ec2adcad0cc97768d8
tree	11494fc2f2dbc8b7aeb2a4a172fec6d2263af4ab	tree
parent	1ae42e522374ae60c23fe4c419c62b2209fbeea8	commit \| diff

doc/bird.sgml		diff \| blob \| blame \| history
nest/route.h		diff \| blob \| blame \| history
nest/rt-table.c		diff \| blob \| blame \| history
proto/bgp/attrs.c		diff \| blob \| blame \| history
proto/bgp/bgp.c		diff \| blob \| blame \| history
proto/bgp/bgp.h		diff \| blob \| blame \| history
proto/bgp/config.Y		diff \| blob \| blame \| history
proto/bgp/packets.c		diff \| blob \| blame \| history
proto/pipe/pipe.c		diff \| blob \| blame \| history