A very tricky bug. OSPF on NBMA interfaces probably never really worked.
When a packet was sent to multiple destinations, the checksum was
calculated multiple times from a packet with already filled checksum
field (from previous calculation). Therefore, many packets were sent
with an invalid checksum.
When device protocol goes down, interfaces should be flushed
asynchronously (in the same way like routes from protocols are flushed),
when protocol goes to DOWN/HUNGRY.
This fixes the problem with static routes staying in kernel routing
table after BIRD shutdown.
- BSD kernel syncer is now self-conscious and can learn alien routes
- important bugfix in BSD kernel syncer (crash after protocol restart)
- many minor changes and bugfixes in kernel syncers and neighbor cache
- direct protocol does not generate host and link local routes
- min_scope check is removed, all routes have SCOPE_UNIVERSE by default
- also fixes some remaining compiler warnings
It seems that by adding one pipe-specific exception to route
announcement code and by adding one argument to rt_notify() callback i
could completely eliminate the need for the phantom protocol instance
and therefore make the code more straightforward. It will also fix some
minor bugs (like ignoring debug flag changes from the command line).
When uncofiguring the pipe and the peer table, the peer table was
unlocked when pipe protocol state changed to down/flushing and not to
down/hungry. This leads to the removal of the peer table before
the routes from the pipe were flushed.
The fix leads to adding some pipe-specific hacks to the nest,
but this seems inevitable.
Process well-known communities before the export filter (old behavior is
to process these attributes after, which does not allow to send route
with such community) and just for routes received from other BGP
protocols. Also fixes a bug in next_hop check.
There is no reak callback scheduler and previous behavior causes
bad things during hard congestion (like BGP hold timeouts).
Smart callback scheduler is still missing, but main loop was
changed such that it first processes all tx callbacks (which
are fast enough) (but max 4* per socket) + rx callbacks for CLI,
and in the second phase it processes one rx callback per
socket up to four sockets (as rx callback can be slow when
there are too many protocols, because route redistribution
is done synchronously inside rx callback). If there is event
callback ready, second phase is skipped in 90% of iterations
(to speed up CLI during congestion).
Mixing ip_addr and u32 does bad things on Ultrasparc.
Although both have the same size. Fascinating.
It was not catched by compiler because of varargs.
Although standard says that if we receive AS_PATH_CONFED_*
(and we are not a part of a confederation) segment, we should
drop session, nobody does that and it is unwise to do that.
Now we drop session just in case that peer ASN is in
AS_PATH_CONFED_* segment (to detect peer that considers BIRD
as a part of its confederation).
Allows to add more interface patterns to one common 'options'
section like:
interface "eth3", "eth4" { options common to eth3 and eth4 };
Also removes undocumented and unnecessary ability to specify
more interface patterns with different 'options' sections:
interface "eth3" { options ... }, "eth4" { options ... };
Cryptographic authentication in OSPF is defective by
design - there might be several packets independently
sent to the network (for example HELLO, LSUPD and LSACK)
where they might be reordered and that causes crypt.
sequence number error.
That can be workarounded by not incresing sequence number
too often. Now we update it only when last packet was sent
before at least one second. This can constitute a risk of
replay attacks, but RFC supposes something similar (like time
in seconds used as CSN).
If a DBDES packet from a master to a slave is lost, then the old code
does not retransmit it and instead send a next one with the same
sequence number. That leads to silent desynchronization of LSA
databases.
AS4 optional attribute errors were handled by session
drop (according to BGP RFC). This patch implements
error handling according to new BGP AS4 draft (*)
- ignoring invalid AS4 optional attributes.
(*) http://www.ietf.org/internet-drafts/draft-chen-rfc4893bis-02.txt
This patch extends the length for attributes from 1024 to 2048
(because both AS_PATH and AS4_PATH attributes take 2+4 B per AS).
If there is not enough space for attributes, Bird skips that
route group. Old behavior (skipping remaining attributes)
leads to skipping required attributes and session drop.
When OSPF neighbor state drops down to EXSTART,
clear LSA request and retransmit lists, as specified
by RFC. I hope that this will prevent oscillations
between EXSTART and LOADING states, which sometimes
happened.
It also contains related fix from Yury Shevchuk that
properly resets DB summary list iterator.
When capability related error is received, next connect will be
without capabilities. Also cease error subcodes descriptions
(according to [RFC4486]) are added.
BGP keeps its copy of configuration ptr and didn't update it during
reconfiguration. But old configuration is freed during reconfiguration.
That leads to unnecessary reset of BGP connection during reconfiguration
(old conf is corrupted and therefore different) and possibly other strange
behavior.
Fixes two race conditions causing crash of Bird, several unhandled
cases during BGP initialization, and some other bugs. Also changes
handling of startup delay to be more useful and implement
reporting of last error in 'show protocols' command.