Merge remote-tracking branch 'origin/master' into haugesund-to-2.0

.gitlab-ci.yml

@@ -360,17 +360,17 @@ build-opensuse-15.3-amd64:
   <<: *build-linux
   image: registry.nic.cz/labs/bird:opensuse-15.3-amd64
 
-build-freebsd-11-amd64:
+#build-freebsd-11-amd64:
-  <<: *build-base
+#  <<: *build-base
-  tags:
+#  tags:
-    - freebsd
+#    - freebsd
-    - amd64
+#    - amd64
 
-build-freebsd-11-i386:
+#build-freebsd-11-i386:
-  <<: *build-base
+#  <<: *build-base
-  tags:
+#  tags:
-    - freebsd
+#    - freebsd
-    - i386
+#    - i386
 
 
 .pkg-deb: &pkg-deb

doc/bird.sgml

@@ -5251,7 +5251,7 @@ Note that for negated matches, value must be either zero or equal to bitmask
 	<cf>port 1..1023,1194,3306</cf>).
 
 	<tag><label id="flow-dport">dport <m/numbers-match/</tag>
-	Set a mating destination port numbers (e.g. <cf>dport 49151</cf>).
+	Set a matching destination port numbers (e.g. <cf>dport 49151</cf>).
 
 	<tag><label id="flow-sport">sport <m/numbers-match/</tag>
 	Set a matching source port numbers (e.g. <cf>sport = 0</cf>).

nest/rt-table.c

@@ -2170,7 +2170,7 @@ static void
 rt_prune_table(rtable *tab)
 {
   struct fib_iterator *fit = &tab->prune_fit;
-  int limit = 512;
+  int limit = 2000;
 
   struct channel *c;
   node *n, *x;

proto/babel/babel.c

@@ -859,14 +859,14 @@ babel_send_ihus(struct babel_iface *ifa)
 }
 
 static void
-babel_send_hello(struct babel_iface *ifa)
+babel_send_hello(struct babel_iface *ifa, uint interval)
 {
   struct babel_proto *p = ifa->proto;
   union babel_msg msg = {};
 
   msg.type = BABEL_TLV_HELLO;
   msg.hello.seqno = ifa->hello_seqno++;
-  msg.hello.interval = ifa->cf->hello_interval;
+  msg.hello.interval = interval ?: ifa->cf->hello_interval;
 
   TRACE(D_PACKETS, "Sending hello on %s with seqno %d interval %t",
 	ifa->ifname, msg.hello.seqno, (btime) msg.hello.interval);
@@ -1574,7 +1574,7 @@ babel_iface_timer(timer *t)
 
   if (now_ >= ifa->next_hello)
   {
-    babel_send_hello(ifa);
+    babel_send_hello(ifa, 0);
     ifa->next_hello += hello_period * (1 + (now_ - ifa->next_hello) / hello_period);
   }
 
@@ -1621,7 +1621,7 @@ babel_iface_start(struct babel_iface *ifa)
   tm_start(ifa->timer, 100 MS);
   ifa->up = 1;
 
-  babel_send_hello(ifa);
+  babel_send_hello(ifa, 0);
   babel_send_wildcard_retraction(ifa);
   babel_send_wildcard_request(ifa);
   babel_send_update(ifa, 0);	/* Full update */
@@ -2432,6 +2432,11 @@ babel_iface_shutdown(struct babel_iface *ifa)
 {
   if (ifa->sk)
   {
+    /*
+     * Retract all our routes and lower the hello interval so peers' neighbour
+     * state expires quickly
+     */
+    babel_send_hello(ifa, BABEL_MIN_INTERVAL);
     babel_send_wildcard_retraction(ifa);
     babel_send_queue(ifa);
   }

proto/babel/packets.c

@@ -2010,7 +2010,7 @@ babel_auth_sign(struct babel_iface *ifa, ip_addr dest)
   }
 
   DBG("Added MAC signatures (%d bytes) on ifa %s for dest %I\n",
-      tot_len, ifa->ifname, dest);
+      pos - (pkt + len), ifa->ifname, dest);
 
   return pos - (pkt + len);
 }

proto/bgp/attrs.c

@@ -1465,7 +1465,7 @@ bgp_finish_attrs(struct bgp_parse_state *s, rta *a)
 #define RBH_FN(a,h)		h
 
 #define RBH_REHASH		bgp_rbh_rehash
-#define RBH_PARAMS		/8, *2, 2, 2, 8, 20
+#define RBH_PARAMS		/8, *2, 2, 2, 12, 20
 
 
 HASH_DEFINE_REHASH_FN(RBH, struct bgp_bucket)
@@ -1607,7 +1607,7 @@ bgp_withdraw_bucket(struct bgp_channel *c, struct bgp_bucket *b)
 #define PXH_FN(n,i,h)		h
 
 #define PXH_REHASH		bgp_pxh_rehash
-#define PXH_PARAMS		/8, *2, 2, 2, 8, 24
+#define PXH_PARAMS		/8, *2, 2, 2, 12, 24
 
 
 HASH_DEFINE_REHASH_FN(PXH, struct bgp_prefix)
@@ -1633,7 +1633,8 @@ bgp_free_prefix_table(struct bgp_channel *c)
 static struct bgp_prefix *
 bgp_get_prefix(struct bgp_channel *c, net_addr *net, u32 path_id)
 {
-  u32 hash = net_hash(net) ^ u32_hash(path_id);
+  /* We must use a different hash function than the rtable */
+  u32 hash = u32_hash(net_hash(net) ^ u32_hash(path_id));
   struct bgp_prefix *px = HASH_FIND(c->prefix_hash, PXH, net, path_id, hash);
 
   if (px)

proto/bgp/bgp.c

@@ -2467,6 +2467,9 @@ bgp_show_proto_info(struct proto *P)
   else
     cli_msg(-1006, "    Neighbor address: %I%J", p->remote_ip, p->cf->iface);
 
+  if ((p->conn == &p->outgoing_conn) && (p->cf->remote_port != BGP_PORT))
+    cli_msg(-1006, "    Neighbor port:    %u", p->cf->remote_port);
+
   cli_msg(-1006, "    Neighbor AS:      %u", p->remote_as);
   cli_msg(-1006, "    Local AS:         %u", p->cf->local_as);
 

proto/rpki/rpki.c

@@ -828,16 +828,27 @@ rpki_show_proto_info(struct proto *P)
   if (cache)
   {
     const char *transport_name = "---";
+    uint default_port = 0;
 
     switch (cf->tr_config.type)
     {
 #if HAVE_LIBSSH
-    case RPKI_TR_SSH: transport_name = "SSHv2"; break;
+    case RPKI_TR_SSH:
+      transport_name = "SSHv2";
+      default_port = RPKI_SSH_PORT;
+      break;
 #endif
-    case RPKI_TR_TCP: transport_name = "Unprotected over TCP"; break;
+    case RPKI_TR_TCP:
+      transport_name = "Unprotected over TCP";
+      default_port = RPKI_TCP_PORT;
+      break;
     };
 
     cli_msg(-1006, "  Cache server:     %s", cf->hostname);
+
+    if (cf->port != default_port)
+      cli_msg(-1006, "  Cache port:       %u", cf->port);
+
     cli_msg(-1006, "  Status:           %s", rpki_cache_state_to_str(cache->state));
     cli_msg(-1006, "  Transport:        %s", transport_name);
     cli_msg(-1006, "  Protocol version: %u", cache->version);

proto/rpki/transport.c

@@ -85,6 +85,7 @@ rpki_tr_open(struct rpki_tr_sock *tr)
   sk->rbsize = RPKI_RX_BUFFER_SIZE;
   sk->tbsize = RPKI_TX_BUFFER_SIZE;
   sk->tos = IP_PREC_INTERNET_CONTROL;
+  sk->vrf = cache->p->p.vrf;
 
   if (ipa_zero(sk->daddr) && sk->host)
   {