From: Pavel Tvrdik Date: Thu, 26 May 2016 12:50:46 +0000 (+0200) Subject: Merge branch 'rpki-mbaer' into int-new-rpki-one X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e0dc3daad4516c5bebadbade1b1e2a5138d981ad;p=thirdparty%2Fbird.git Merge branch 'rpki-mbaer' into int-new-rpki-one --- e0dc3daad4516c5bebadbade1b1e2a5138d981ad diff --cc configure.in index b7dd04208,8b9afe397..e2ef005d2 --- a/configure.in +++ b/configure.in @@@ -9,7 -9,10 +9,8 @@@ AC_CONFIG_AUX_DIR(tools AC_ARG_ENABLE(debug, [ --enable-debug enable internal debugging routines (default: disabled)],,enable_debug=no) AC_ARG_ENABLE(memcheck, [ --enable-memcheck check memory allocations when debugging (default: enabled)],,enable_memcheck=yes) AC_ARG_ENABLE(client, [ --enable-client enable building of BIRD client (default: enabled)],,enable_client=yes) -AC_ARG_ENABLE(ipv6, [ --enable-ipv6 enable building of IPv6 version (default: disabled)],,enable_ipv6=no) -AC_ARG_ENABLE(bgpsec,[ --enable-bgpsec enable building of bgp with security (default: disabled)],,enable_bgpsec=no) ++AC_ARG_ENABLE(bgpsec, [ --enable-bgpsec enable building of bgp with security (default: disabled)],,enable_bgpsec=no) AC_ARG_ENABLE(pthreads, [ --enable-pthreads enable POSIX threads support (default: detect)],,enable_pthreads=try) -AC_ARG_WITH(suffix, [ --with-suffix=STRING use specified suffix for BIRD files (default: 6 for IPv6 version)],[given_suffix="yes"]) AC_ARG_WITH(sysconfig, [ --with-sysconfig=FILE use specified BIRD system configuration file]) AC_ARG_WITH(protocols, [ --with-protocols=LIST include specified routing protocols (default: all)],,[with_protocols="all"]) AC_ARG_WITH(sysinclude, [ --with-sysinclude=PATH search for system includes on specified place]) @@@ -229,14 -262,25 +229,31 @@@ if test "$enable_debug" = yes ; the fi fi +DAEMON_LIBS= +AC_CHECK_LIB(dl, dlopen, DAEMON_LIBS="-ldl") +AC_SUBST(DAEMON_LIBS) + +CLIENT=birdcl ++ + AC_MSG_CHECKING([BGPsec enabled]) + if test "$enable_bgpsec" = yes ; then + AC_MSG_RESULT(yes) + protocols="$protocols bgp/bgpsec" + AC_CHECK_LIB(dl, dlopen) + AC_CHECK_LIB(crypto, PEM_read_X509) + AC_CHECK_LIB(crypto, EC_KEY_set_asn1_flag) + if test $ac_cv_lib_crypto_EC_KEY_set_asn1_flag != yes ; then + AC_MSG_ERROR([openssl: libcrypt does not support elliptical curves. EC support is required for BGPsec]) + fi + AC_DEFINE(CONFIG_BGPSEC) + else + AC_MSG_RESULT(no) + fi + + CLIENT= CLIENT_LIBS= if test "$enable_client" = yes ; then - CLIENT=birdc + CLIENT="$CLIENT birdc" AC_CHECK_LIB(history, add_history, CLIENT_LIBS="-lhistory") AC_CHECK_LIB(ncurses, tgetent, USE_TERMCAP_LIB=-lncurses, AC_CHECK_LIB(curses, tgetent, USE_TERMCAP_LIB=-lcurses, diff --cc nest/protocol.h index 69f3bcdb4,be7762619..550257a67 --- a/nest/protocol.h +++ b/nest/protocol.h @@@ -81,7 -76,7 +81,7 @@@ void protos_dump_all(void) extern struct protocol proto_device, proto_radv, proto_rip, proto_static, - proto_ospf, proto_pipe, proto_bgp, proto_bfd, proto_rpki; - proto_ospf, proto_pipe, proto_bgp, proto_bgpsec, proto_bfd; ++ proto_ospf, proto_pipe, proto_bgp, proto_bfd, proto_rpki, proto_bgpsec; /* * Routing Protocol Instance diff --cc proto/bgp/attrs.c index d85afa8f1,bbef98543..dcf53cac0 --- a/proto/bgp/attrs.c +++ b/proto/bgp/attrs.c @@@ -1669,13 -2363,14 +2439,14 @@@ bgp_remove_as4_attrs(struct bgp_proto * * by a &rta. */ struct rta * - bgp_decode_attrs(struct bgp_conn *conn, byte *attr, uint len, struct linpool *pool, int mandatory) -bgp_decode_attrs(struct bgp_conn *conn, byte *attr, unsigned int len, - struct linpool *pool, byte *nlri, int nlri_len) ++bgp_decode_attrs(struct bgp_conn *conn, byte *attr, uint len, struct linpool *pool, int mandatory, ++ byte *nlri, int nlri_len) { struct bgp_proto *bgp = conn->bgp; rta *a = lp_alloc(pool, sizeof(struct rta)); - unsigned int flags, code, l, i, type; + uint flags, code, l, i, type; int errcode; - byte *z, *attr_start; + byte *z=0, *attr_start=0; byte seen[256/8]; ea_list *ea; struct adata *ad; diff --cc proto/bgp/bgp.h index 274794f13,e4adf5cb0..823fa4fd2 --- a/proto/bgp/bgp.h +++ b/proto/bgp/bgp.h @@@ -40,7 -66,20 +66,21 @@@ struct bgp_config int capabilities; /* Enable capability handshake [RFC3392] */ int enable_refresh; /* Enable local support for route refresh [RFC2918] */ int enable_as4; /* Enable local support for 4B AS numbers [RFC4893] */ + int enable_extended_messages; /* Enable local support for extended messages [draft] */ + + /* BGPSec */ + /* cannot be ifdef'd out due to config.Y compatibility */ + int enable_bgpsec; /* Whether neighbor should be a BGPSec peer */ + int bgpsec_prefer; /* Whether validly signed BGPsec routes are prefered during route selection */ + int bgpsec_require; /* Whether neighbor should be a BGPSec peer */ + char *bgpsec_ski; /* local subject key id */ + u8 bgpsec_bski[BGPSEC_SKI_LENGTH]; /* binary local SKI */ + char *bgpsec_key_repo_path; /* Path to the public key repository */ + char *bgpsec_priv_key_path; /* Path to the private key location */ + int bgpsec_save_binary_keys; /* Save a copy of the binary key */ + int bgpsec_no_pcount0; /* allow peer to have pcount 0, xxx current default allows */ + int bgpsec_no_invalid_routes; /* should invalid routes be dropped */ + u32 rr_cluster_id; /* Route reflector cluster ID, if different from local ID */ int rr_client; /* Whether neighbor is RR client of me */ int rs_client; /* Whether neighbor is RS client of me */ @@@ -244,10 -290,9 +299,10 @@@ static inline void set_next_hop(byte *b void bgp_attach_attr(struct ea_list **to, struct linpool *pool, unsigned attr, uintptr_t val); byte *bgp_attach_attr_wa(struct ea_list **to, struct linpool *pool, unsigned attr, unsigned len); - struct rta *bgp_decode_attrs(struct bgp_conn *conn, byte *a, uint len, struct linpool *pool, int mandatory); -struct rta *bgp_decode_attrs(struct bgp_conn *conn, byte *attr, unsigned int len, struct linpool *pool, byte * nlri, int nlri_len); ++struct rta *bgp_decode_attrs(struct bgp_conn *conn, byte *a, uint len, struct linpool *pool, int mandatory, byte * nlri, int nlri_len); int bgp_get_attr(struct eattr *e, byte *buf, int buflen); int bgp_rte_better(struct rte *, struct rte *); +int bgp_rte_mergable(rte *pri, rte *sec); int bgp_rte_recalculate(rtable *table, net *net, rte *new, rte *old, rte *old_best); void bgp_rt_notify(struct proto *P, rtable *tbl UNUSED, net *n, rte *new, rte *old UNUSED, ea_list *attrs); int bgp_import_control(struct proto *, struct rte **, struct ea_list **, struct linpool *); diff --cc proto/bgp/config.Y index 614ef08cd,47713a873..b8b5e1478 --- a/proto/bgp/config.Y +++ b/proto/bgp/config.Y @@@ -27,7 -35,10 +35,10 @@@ CF_KEYWORDS(BGP, LOCAL, NEIGHBOR, AS, H INTERPRET, COMMUNITIES, BGP_ORIGINATOR_ID, BGP_CLUSTER_LIST, IGP, TABLE, GATEWAY, DIRECT, RECURSIVE, MED, TTL, SECURITY, DETERMINISTIC, SECONDARY, ALLOW, BFD, ADD, PATHS, RX, TX, GRACEFUL, RESTART, AWARE, - CHECK, LINK, PORT, EXTENDED, MESSAGES) - CHECK, LINK, PORT, ++ CHECK, LINK, PORT, EXTENDED, MESSAGES, + BGPSEC, BGPSEC_SKI, BGPSEC_KEY_REPO_PATH, BGPSEC_PRIV_KEY_PATH, + BGPSEC_SAVE_BINARY_KEYS, BGPSEC_PREFER, BGPSEC_NO_PCOUNT0, + BGPSEC_REQUIRE, BGPSEC_NO_INVALID_ROUTES) CF_GRAMMAR diff --cc proto/bgp/packets.c index 72ca37289,a867a2f04..aaeb8163e --- a/proto/bgp/packets.c +++ b/proto/bgp/packets.c @@@ -439,10 -485,10 +496,10 @@@ bgp_create_update(struct bgp_conn *conn struct bgp_proto *p = conn->bgp; struct bgp_bucket *buck; int size, second, rem_stored; - int remains = BGP_MAX_PACKET_LENGTH - BGP_HEADER_LENGTH - 4; + int remains = bgp_max_packet_length(p) - BGP_HEADER_LENGTH - 4; byte *w, *w_stored, *tmp, *tstart; ip_addr *ipp, ip, ip_ll; - ea_list *ea; + ea_list *ea = NULL; eattr *nh; put_u16(buf, 0); diff --cc sysdep/autoconf.h.in index 047a49ca2,079f903c6..278ceee19 --- a/sysdep/autoconf.h.in +++ b/sysdep/autoconf.h.in @@@ -43,7 -43,7 +43,8 @@@ #undef CONFIG_BGP #undef CONFIG_OSPF #undef CONFIG_PIPE +#undef CONFIG_RPKI + #undef CONFIG_BGPSEC /* We use multithreading */ #undef USE_PTHREADS