Maria Matejka [Mon, 25 Nov 2024 11:02:13 +0000 (12:02 +0100)]
Protocol restart timer reworked.
The restart timer was racy and didn't allow for immediate restarts
from limits. Now the protocols stores the last restart time and in case
of too frequent autorestarts caused by exceeded limits, the protocol
gets disabled with an error message.
Maria Matejka [Fri, 22 Nov 2024 13:49:13 +0000 (14:49 +0100)]
Protocol and BGP state information cleanup and fixes
There were some nasty problems with deferred protocol state updates and
race conditions on BGP startup, shutdown, and also with referencing the
cached states.
To allow reading of protocol states from other protocols or completely
different routines, we have to export these states to data structures
not requiring to lock the protocol loops.
On one hand, this doesn't give the reader the actual state "right now",
on the other hand, getting that is impossible in a properly
multithreaded environment and you will always get the information with
some (little but noteworthy) delay.
This implementation handles only the basic state information of the
protocols, common for all the protocols. Adding protocol-specific state
information should be done by implementing the protocol hook init_state().
Channel information is stored but not announced, as we don't need the
announcements for now.
For the upcoming rework of protocol state information propagation,
we need some more eattr types to be defined.
These types are probably not defined completely and before using
them for route attributes, you should check that they don't lack
some crucial methods.
Ondrej Zajicek [Tue, 8 Oct 2024 17:34:51 +0000 (19:34 +0200)]
Filter: Fixes and improvements related to case/sets
Unify grammar for set_atom and switch_atom to avoid inconsistencies
between them. Fix errors in documentation related to case statement
and set type. Change 'vpnrd' to 'rd' to be consistent with the filter
language.
Job Snijders [Thu, 3 Oct 2024 13:43:12 +0000 (15:43 +0200)]
RPKI: Add TCP-MD5 authentication option
RPKI-To-Router (RTR) sessions seem to be similar security-sensitivity as
IBGP sessions. BIRD already offered a choice of either "plain TCP" (meh)
or "SSH" (secure, albeit a bit more hassle to set up than TCP-MD5).
The patch adds TCP-MD5 as another option. TCP-MD5 for RTR is specified
through RFC 6810 section 7.3 and RFC 8210 section 9.3.
Before this commit, on kernel shutdown, the routes were re-exported by
the regular export but treated as withdraw. This was too hairy and
caused unnecessary complexity of the protocol's state machine.
Instead of that, we found out that it makes more sense to just refeed
the routes synchronously and convert to withdraw. This is done by the
direct export access instead of the channel.
It would (maybe) make more sense to run export filters on this in case
the export filter updates the krt_metric attribute, but as this doesn't
work on regular withdraw anyway, it's better for now to just let it be
and maybe somebody in the future fixes this issue.
Maria Matejka [Thu, 29 Aug 2024 12:37:19 +0000 (14:37 +0200)]
Fixed a stupid bug in parse-and-exit mode
Introduced in 08ff0af8986099e6fb1d8a94c7ce62c83e4df7f1, the additional CLI
configuration wasn't properly initialized in the parse-and-exit mode
due to an oversight that cli_init_unix() is not called in this mode.
Fabrice Fontaine [Tue, 27 Aug 2024 12:54:07 +0000 (14:54 +0200)]
configure.ac: properly evaluate ac_test_CFLAGS
Since autoconf 2.69 and
https://git.savannah.gnu.org/cgit/autoconf.git/commit/?id=76754e04fce5f6a7701bec57b057020585df2ae3
ac_test_CFLAGS is set to ${CFLAGS+y} instead of ${CFLAGS+set}.
Just test that ac_test_CFLAGS is not empty, to support both cases.
Ondrej Zajicek [Tue, 27 Aug 2024 12:28:41 +0000 (14:28 +0200)]
Lib: Expand timer recurrence to 64b
The period of recurent timers was stored in 32b field, despite it was
btime-compatible value in us. Therefore, it was limited to ~72 min,
which mas okay for most purposes, except configurable MRT dump periods.
Ondrej Zajicek [Thu, 1 Aug 2024 12:55:05 +0000 (14:55 +0200)]
IO: Ensure that socket rcvbuf is large enough
The socket structure has the field rbsize (receive buffer size), which
controls the size of the userspace receive buffer. There is also kernel
receive buffer, which in some cases may be smaller (e.g. on FreeBSD it
is by default ~8k). The patch ensures that the kernel receive buffer is
as large as the userspace receive buffer.
Ondrej Zajicek [Tue, 30 Jul 2024 14:33:51 +0000 (16:33 +0200)]
IO: Avoid re-binding accepted sockets to VRF
When VRFs are used, BIRD correctly binds listening (and connecting)
sockets to their VRFs but also re-binds accepted sockets to the same VRF.
This is not needed as the interface bind is inherited in this case, and
indeed this redundant bind causes an -EPERM if BIRD is running as
non-root making BIRD close the connection and reject the peer.
Thanks to Christian Svensson for the original patch and Alexander Zubkov
for suggestions.
Maria Matejka [Mon, 24 Jun 2024 11:46:12 +0000 (13:46 +0200)]
Additional CLI sockets may now be restricted
This allows to have one main socket for the heavy operations
very restricted just for the appropriate users, whereas the
looking glass socket may be more open.
Implemented an idea originally submitted and requested by Akamai.
Alexander Zubkov [Wed, 26 Jun 2024 14:29:57 +0000 (16:29 +0200)]
BFD: Add option to accept zero checksum for IPv6 UDP packets
Some vendors do not fill the checksum for IPv6 UDP packets.
For interoperability with such implementations one can set
UDP_NO_CHECK6_RX socket option on Linux.
projects / thirdparty / bird.git / log
