Maria Matejka [Wed, 5 Apr 2023 19:59:01 +0000 (21:59 +0200)]
BFD: fixed a request pickup race condition
When several BGPs requested a BFD session in short time, chances were
that the second BGP would file a request while the pickup routine was
still running and it would get enqueued into the waiting list instead of
being picked up.
Fixed this by enforcing pickup loop restart when new requests got added,
and also by atomically moving the unpicked requests to a temporary list
to announce admin down before actually being added into the wait list.
Maria Matejka [Sun, 2 Apr 2023 17:15:22 +0000 (19:15 +0200)]
Sockets: Unified API for main and other loops
Now sk_open() requires an explicit IO loop to open the socket in. Also
specific functions for socket RX pause / resume are added to allow for
BGP corking.
And last but not least, socket reloop is now synchronous to resolve
weird cases of the target loop stopping before actually picking up the
relooped socket. Now the caller must ensure that both loops are locked
while relooping, and this way all sockets always have their respective
loop.
Maria Matejka [Fri, 24 Feb 2023 08:13:35 +0000 (09:13 +0100)]
More efficient IO loop event execution to avoid long loops
If there are lots of loops in a single thread and only some of the loops
are actually active, the other loops are now kept aside and not checked
until they actually get some timers, events or active sockets.
This should help with extreme loads like 100k tables and protocols.
Also ping and loop pickup mechanism was allowing subtle race
conditions. Now properly handling collisions between loop ping and pickup.
Maria Matejka [Thu, 9 Mar 2023 15:34:17 +0000 (16:34 +0100)]
Fixed default table configuration
When changing default table behavior, I missed that it enabled to
configure multiple master4 and master6 tables. Now BIRD recognizes it
and fails properly.
Maria Matejka [Wed, 8 Mar 2023 20:38:18 +0000 (21:38 +0100)]
Fixed bad filter re-evaluation with import table if filtered->accepted
The import table feed wasn't resetting the table-specific route values
like REF_FILTERED and thus made the route look like filtered even though
it should have been re-evaluated as accepted.
Maria Matejka [Wed, 29 Mar 2023 16:55:46 +0000 (18:55 +0200)]
BGP: LLGR Staleness optimization dropped.
This brought unnecessary complexity into the decision procedures while the
performance aspects weren't worth it. It just saved one ea_list traversal
when many others are also done.
Ondrej Zajicek [Sun, 19 Feb 2023 02:59:10 +0000 (03:59 +0100)]
Conf: Fix too early free of old configuration
The change 371eb49043d225d2bab8149187b813a14b4b86d2 introduced early free
of old_config. Unfortunately, it did not properly check whether it is not
still in use (blocked by obstacle during reconfiguration). Fix that.
It also means that we still could have a short peak when three configs
are in use (when a new reconfig is requeste while the previous one is
still active).
Maria Matejka [Thu, 16 Mar 2023 18:23:19 +0000 (19:23 +0100)]
BGP: Free bind applies also to outbound connections
Even though the free bind option is primarily meant to alleviate problems
with addresses assigned too late, it's also possible to use BIRD with AnyIP
configuration, assigning whole ranges to the machine. Therefore free bind
allows also to create an outbound connection from specific address even though
such address is not assigned.
Petr Vaněk [Mon, 6 Mar 2023 10:19:30 +0000 (11:19 +0100)]
Printf test suite fails on systems with musl libc because tests for "%m"
and "%M" formats expect "Input/output error" message but musl returns
"I/O error". Proposed change compares the printf output with string
returned from strerror function for EIO constant.
Maria Matejka [Wed, 22 Feb 2023 13:45:20 +0000 (14:45 +0100)]
Linpool flush drops all the allocated pages but one
When a linpool is used to allocate a one-off big load of memory, it
makes no sense to keep that amount of memory for future use inside the
linpool. Contrary to previous implementations where the memory was
directly free()d, we now use the page allocator which has an internal
cache which keeps the released pages for us and subsequent allocations
simply get these released pages back.
And even if the page cleanup routine kicks in inbetween, the pages get
only madvise()d, not munmap()ed so performance aspects are negligible.
This may fix some memory usage peaks in extreme cases.
Ondrej Zajicek [Sun, 19 Feb 2023 02:59:10 +0000 (03:59 +0100)]
Conf: Fix too early free of old configuration
The change 371eb49043d225d2bab8149187b813a14b4b86d2 introduced early free
of old_config. Unfortunately, it did not properly check whether it is not
still in use (blocked by obstacle during reconfiguration). Fix that.
It also means that we still could have a short peak when three configs
are in use (when a new reconfig is requeste while the previous one is
still active).
Babel: Keep separate auth PC counters for unicast and multicast
The babel protocol normally sends all its messages as multicast packets,
but the protocol specification allows most messages to be sent as either
unicast or multicast, and the two can be mixed freely. In particular, the
babeld implementation can be configured to unicast updates to all peers
instead of sending them as unicast.
Daniel discovered that this can cause problems with the packet counter
checks in the MAC extension due to packet reordering. This happens on WiFi
networks where clients have power save enabled (which is quite common in
infrastructure networks): in this case, the access point will buffer all
multicast traffic and only send it out along with its beacons, leading to a
maximum buffering in default Linux-based access point configuration of up
to 200 ms.
This means that a Babel sender that mixes unicast and multicast messages
can have the unicast messages overtake the multicast messages because of
this buffering; when authentication is enabled, this causes the receiver to
discard the multicast message when it does arrive because it now has a
packet counter value less than the unicast message that arrived before it.
Daniel observed that this happens frequently enough that Babel ceases to
work entirely when runner over a WiFi network.
The issue has been described in draft-ietf-babel-mac-relaxed, which is
currently pending RFC publication. That also describes two mitigation
mechanisms: Keeping separate PC counters for unicast and multicast, and
using a reorder window for PC values. This patch implements the former as
that is the simplest, and resolves the particular issue seen on WiFi.
Andreas Rammhold [Tue, 14 Feb 2023 15:17:03 +0000 (16:17 +0100)]
Babel: Implement IPv4 via IPv6 extension (RFC 9229)
The patch implements an IPv4 via IPv6 extension (RFC 9229) to the Babel
routing protocol (RFC 8966) that allows annoncing routes to an IPv4
prefix with an IPv6 next hop, which makes it possible for IPv4 traffic
to flow through interfaces that have not been assigned an IPv4 address.
The implementation is compatible with the current Babeld version.
Thanks to Toke Høiland-Jørgensen for early review on this work.
Maria Matejka [Tue, 31 Jan 2023 12:07:46 +0000 (13:07 +0100)]
Interface updates are asynchronous
Instead of propagating interface updates as they are loaded from kernel,
they are enqueued and all the notifications are called from a
protocol-specific event. This change allows to break the locking loop
between protocols and interfaces.
Anyway, this change is based on v2 branch to keep the changes between v2
and v3 smaller.
Maria Matejka [Tue, 31 Jan 2023 12:11:55 +0000 (13:11 +0100)]
Moved interface list flush to device protocol cleanup hook.
The interface list must be flushed when device protocol is stopped. This
was done in a hardcoded specific hook inside generic protocol routines.
The cleanup hook was originally used for table reference counting late
cleanup, yet it can be also simply used for prettier interface list flush.
Ondrej Zajicek [Wed, 1 Feb 2023 15:15:13 +0000 (16:15 +0100)]
Nest: Minor cleanup in buildsystem
There ware missing dependencies for proto-build.c generation, which
sometimes lead to failed builds, and ignores changes in the set of
built protocols. Fix that, and also improve formatting of proto-build.c
Babel: Initialise source seqno from incoming message
When creating a new babel_source object we initialise the seqno to 0. The
caller will update the source object with the right metric and seqno value,
for both newly created and old source objects. However if we initialise the
source object seqno to 0 that may actually turn out to be a valid (higher)
seqno than the one in the routing table, because of seqno wrapping. In this
case the source metric will not be set properly, which breaks feasibility
tracking for subsequent updates.
To fix this, add a new initial_seqno argument to babel_get_source() which
is used when allocating a new object, and set that to the seqno value of
the update we're sending.
Juliusz noticed there were a couple of places we were doing straight
inequality comparisons of seqnos in Babel. This is wrong because seqnos can
wrap: so we need to use the modulo-64k comparison function for these cases
as well.
Introduce a strict-inequality version of the modulo-comparison for this
purpose.
Maria Matejka [Tue, 24 Jan 2023 10:01:34 +0000 (11:01 +0100)]
Object locks use events
Instead of calling custom hooks from object locks, we use standard event
sending mechanism to inform protocols about object lock changes. This is
a backport from version 3 where these events are passed across threads.
This implementation of object locks doesn't use mutexes to lock the
whole data structure. In version 3, this data structure may get accessed
from multiple threads and must be protected by mutex.
Maria Matejka [Tue, 24 Jan 2023 10:01:34 +0000 (11:01 +0100)]
Object locks use events
Instead of calling custom hooks from object locks, we use standard event
sending mechanism to inform protocols about object lock changes. As
event sending is lockless, the unlocking protocol simply enqueues the
appropriate event to the given loop when the locking is done.
The onlink attribute implementation collides with the nexthop attribute
behavior in v3; keeping it aside until finding out how to reimplement it
correctly.
Ondrej Zajicek [Sun, 22 Jan 2023 22:42:08 +0000 (23:42 +0100)]
BFD: Improve incoming packet matching
For active sessions, ignore received packets with zero local id and
mismatched remote id. That forces a session timeout instead of an
immediate session restart. It makes BFD sessions more resilient to
packet spoofing.
Ondrej Zajicek [Sun, 22 Jan 2023 17:12:04 +0000 (18:12 +0100)]
VRF: Fix issues with reconfiguration
Protocols receive if_notify() announcements that are filtered according
to their VRF setting, but during reconfiguration, they access iface_list
directly and forgot to check VRF setting here, which leads to all
interfaces be addedd.
Fix this issue for Babel, OSPF, RAdv and RIP protocols.
projects / thirdparty / bird.git / log
