1. 03 May, 2018 1 commit
    • Ondřej Zajíček's avatar
      Better initialization of random generator · eaf63d31
      Ondřej Zajíček authored
      Use full time precision to initialize random generator. The old
      code was prone to initialize it to the same values in specific
      circumstances (boot without RTC, multiple VMs starting at once).
      eaf63d31
  2. 23 Jan, 2018 1 commit
    • Ondřej Zajíček's avatar
      IO: Fix socket priority · d6cf9961
      Ondřej Zajíček authored
      On Linux, setting the ToS will also set the priority and the range of
      accepted values is quite limited (masked by 0x1e). Therefore, 0xc0 is
      translated to a priority of 0, not something we want, overriding the
      "7" priority which was set previously explicitely. To avoid that, just
      move setting priority later in the code.
      
      Thanks to Vincent Bernat for the patch.
      d6cf9961
  3. 07 Dec, 2017 8 commits
  4. 06 Sep, 2017 1 commit
    • Ondřej Zajíček's avatar
      Basic VRF support · 943478b0
      Ondřej Zajíček authored
      Add basic VRF (virtual routing and forwarding) support. Protocols can be
      associated with VRFs, such protocols will be restricted to interfaces
      assigned to the VRF (as reported by Linux kernel) and will use sockets
      bound to the VRF. E.g., different multihop BGP instances can use diffent
      kernel routing tables to handle BGP TCP connections.
      
      The VRF support is preliminary, currently there are several limitations:
      
      - Recent Linux kernels (4.11) do not handle correctly sockets bound
      to interaces that are part of VRF, so most protocols other than multihop
      BGP do not work. This will be fixed by future kernel versions.
      
      - Neighbor cache ignores VRFs. Breaks config with the same prefix on
      local interfaces in different VRFs. Not much problem as single hop
      protocols do not work anyways.
      
      - Olock code ignores VRFs. Breaks config with multiple BGP peers with the
      same IP address in different VRFs.
      
      - Incoming BGP connections are not dispatched according to VRFs.
      Breaks config with multiple BGP peers with the same IP address in
      different VRFs. Perhaps we would need some kernel API to read VRF of
      incoming connection? Or probably use multiple listening sockets in
      int-new branch.
      
      - We should handle master VRF interface up/down events and perhaps
      disable associated protocols when VRF goes down. Or at least disable
      associated interfaces.
      
      - Also we should check if the master iface is really VRF iface and
      not some other kind of master iface.
      
      - BFD session request dispatch should be aware of VRFs.
      
      - Perhaps kernel protocol should read default kernel table ID from VRF
      iface so it is not necessary to configure it.
      
      - Perhaps we should have per-VRF default table.
      943478b0
  5. 23 May, 2017 1 commit
  6. 16 May, 2017 1 commit
  7. 09 May, 2017 1 commit
  8. 20 Dec, 2016 1 commit
  9. 07 Dec, 2016 4 commits
    • Ondřej Zajíček's avatar
      BGP redesign · d15b0b0a
      Ondřej Zajíček authored
      Integrated and extensible BGP with generalized AFI handling,
      support for IPv4+IPv6 AFI and unicast+multicast SAFI.
      d15b0b0a
    • Jan Moskyto Matejka's avatar
      af62c0f9
    • Jan Moskyto Matejka's avatar
    • Pavel Tvrdík's avatar
      RPKI protocol with one cache server per protocol · 65d2a88d
      Pavel Tvrdík authored
      The RPKI protocol (RFC 6810) using the RTRLib
      (http://rpki.realmv6.org/) that is integrated inside
      the BIRD's code.
      
      Implemeted transports are:
       - unprotected transport over TCP
       - secure transport over SSHv2
      
      Example configuration of bird.conf:
        ...
        roa4 table r4;
        roa6 table r6;
      
        protocol rpki {
          debug all;
      
          # Import both IPv4 and IPv6 ROAs
          roa4 { table r4; };
          roa6 { table r6; };
      
          # Set cache server (validator) address,
          # overwrite default port 323
          remote "rpki-validator.realmv6.org" port 8282;
      
          # Overwrite default time intervals
          retry   10;         # Default 600 seconds
          refresh 60;         # Default 3600 seconds
          expire 600;         # Default 7200 seconds
        }
      
        protocol rpki {
          debug all;
      
          # Import only IPv4 routes
          roa4 { table r4; };
      
          # Set cache server address to localhost,
          # use default ports tcp => 323 or ssh => 22
          remote 127.0.0.1;
      
          # Use SSH transport instead of unprotected transport over TCP
          ssh encryption {
            bird private key "/home/birdgeek/.ssh/id_rsa";
            remote public key "/home/birdgeek/.ssh/known_hosts";
            user "birdgeek";
          };
        }
        ...
      65d2a88d
  10. 08 Nov, 2016 1 commit
  11. 01 Nov, 2016 1 commit
  12. 29 Sep, 2016 1 commit
  13. 16 Aug, 2016 1 commit
  14. 08 Jun, 2016 1 commit
  15. 30 May, 2016 1 commit
  16. 24 May, 2016 1 commit
  17. 17 May, 2016 1 commit
  18. 12 May, 2016 2 commits
  19. 10 May, 2016 1 commit
  20. 03 May, 2016 1 commit
    • Pavel Tvrdik's avatar
      Initialize variable ifr in sk_setup() · f7a99acb
      Pavel Tvrdik authored
      ==00:00:00:02.831 2468== Syscall param socketcall.setsockopt(optval) points to uninitialised byte(s)
      ==00:00:00:02.831 2468==    at 0x513BDEA: setsockopt (in /usr/lib/libc-2.23.so)
      ==00:00:00:02.831 2468==    by 0x45C7AF: sk_setup (io.c:1216)
      ==00:00:00:02.831 2468==    by 0x45CDFF: sk_open (io.c:1417)
      ==00:00:00:02.831 2468==    by 0x44B562: rip_open_socket (packets.c:740)
      ==00:00:00:02.831 2468==    by 0x4481A7: rip_iface_locked (rip.c:616)
      ==00:00:00:02.831 2468==    by 0x4133E4: olock_run_event (locks.c:177)
      ==00:00:00:02.831 2468==    by 0x45A6DE: ev_run (event.c:85)
      ==00:00:00:02.831 2468==    by 0x45A7AD: ev_run_list (event.c:142)
      ==00:00:00:02.831 2468==    by 0x45E0FC: io_loop (io.c:2066)
      ==00:00:00:02.831 2468==    by 0x463B56: main (main.c:845)
      ==00:00:00:02.831 2468==  Address 0xffefffd24 is on thread 1's stack
      ==00:00:00:02.831 2468==  in frame #1, created by sk_setup (io.c:1188)
      ==00:00:00:02.831 2468==  Uninitialised value was created by a stack allocation
      ==00:00:00:02.831 2468==    at 0x45C6BB: sk_setup (io.c:1188)
      f7a99acb
  21. 13 Apr, 2016 1 commit
    • Ondřej Zajíček's avatar
      BSD: Add the IPsec SA/SP database entries control · a7baa098
      Ondřej Zajíček authored
      Add code for manipulation with TCP-MD5 keys in the IPsec SA/SP database
      at FreeBSD systems. Now, BGP MD5 authentication (RFC 2385) keys are
      handled automatically on both Linux and FreeBSD.
      
      Based on patches from Pavel Tvrdik.
      a7baa098
  22. 06 Apr, 2016 2 commits
    • Ondřej Zajíček's avatar
      IO: Avoid multiple event cycles in one loop cycle. · bd22d7f4
      Ondřej Zajíček authored
      Event cycle may took too much time and trigger next timer events, so
      avoid cycling between timer and event cycles inside the loop cycle.
      bd22d7f4
    • Ondřej Zajíček's avatar
      IO: Replace RX priority heuristic with explicit mark · 9e7b3ebd
      Ondřej Zajíček authored
      In BIRD, RX has lower priority than TX with the exception of RX from
      control socket. The patch replaces heuristic based on socket type with
      explicit mark and uses it for both control socket and BGP session waiting
      to be established.
      
      This should avoid an issue when during heavy load, outgoing connection
      could connect (TX event), send open, but then failed to receive OPEN /
      establish in time, not sending notifications between and therefore
      got hold timer expired error from the neighbor immediately after it
      finally established the connection.
      9e7b3ebd
  23. 30 Mar, 2016 1 commit
  24. 18 Mar, 2016 1 commit
  25. 15 Mar, 2016 1 commit
  26. 11 Mar, 2016 1 commit
  27. 27 Jan, 2016 1 commit
  28. 11 Jan, 2016 1 commit