Cryptographic authentication in OSPF is defective by
design - there might be several packets independently
sent to the network (for example HELLO, LSUPD and LSACK)
where they might be reordered and that causes crypt.
sequence number error.
That can be workarounded by not incresing sequence number
too often. Now we update it only when last packet was sent
before at least one second. This can constitute a risk of
replay attacks, but RFC supposes something similar (like time
in seconds used as CSN).
values for MD5 password ID changed during reconfigure, Second
bug is that BIRD chooses password in first-fit manner, but RFC
says that it should use the one with the latest generate-from.
It also modifies the syntax for multiple passwords.
Now it is possible to just add more 'password' statements
to the interface section and it is not needed to use
'passwords' section. Old syntax can be used too.
- metric is 3 byte long now
- summary lsa originating
- more OSPF areas possible
- virtual links
- better E1/E2 routes handling
- some bug fixes..
I have to do:
- md5 auth (last mandatory item from rfc2328)
- !!!!DEBUG!!!!! (mainly virtual link system has probably a lot of bugs)
- 2328 appendig E
o Use `expr' instead of `NUM' and `ipa' instead of `IPA',
so that defined symbols work everywhere.
o `define' now accepts both numbers and IP addresses.
o Renamed `ipa' in filters to `fipa'.
Pavel, please update filters to accept define'd symbols as well.
show the routing table as exported to the protocol given resp. as returned
from its import control hook.
To get handling of filtered extended attributes right (even in the old
`show route where <filter>' command), the get_route_info hook gets an
attribute list and all protocol specific rte attributes are contained
there as temporary ones. Updated RIP to do that.
Added ea_append() which joins two ea_list's.
in configuration files and commands for manipulating them.
Current debug message policy:
o D_STATES, D_ROUTES and D_FILTERS are handled in generic code.
o Other debug flags should be handled in the protocols and whenever
the flag is set, the corresponding messages should be printed
using calls to log(L_TRACE, ...), each message prefixed with
the name of the protocol instance. These messages should cover
the whole normal operation of the protocol and should be useful
for an administrator trying to understand what does the protocol
behave on his network or who is attempting to diagnose network
problems. If your messages don't fit to the categories I've defined,
feel free to add your own ones (by adding them to protocol.h
and on two places in nest/config.Y), but please try to keep the
categories as general as possible (i.e., not tied to your protocol).
o Internal debug messages not interesting even to an experienced
user should be printed by calling DBG() which is either void or
a call to debug() depending on setting of the LOCAL_DEBUG symbol
at the top of your source.
o Dump functions (proto->dump etc.) should call debug() to print
their messages.
o If you are doing any internal consistency checks, use ASSERT
or bug().
o Nobody shall ever call printf() or any other stdio functions.
Also please try to log any protocol errors you encounter and tag them
with the appropriate message category (usually L_REMOTE or L_AUTH). Always
carefully check contents of any message field you receive and verify all
IP addresses you work with (by calling ipa_classify() or by using the
neighbour cache if you want to check direct connectedness as well).
used for automatic generation of instance names.
protocol->name is the official name
protocol->template is the name template (usually "name%d"),
should be all lowercase.
Updated all protocols to define the templates, checked that their configuration
grammar includes proto_name which generates the name and interns it in the
symbol table.
To define a new command, just add a new rule to the gramar:
CF_CLI(COMMAND NAME, arguments, help-args, help-text) {
what-should-the-command-do
} ;
where <arguments> are appended to the RHS of the rule, <help-args> is the
argument list as shown in the help and <help-text> is description of the
command for the help.
<what-should-the-command-do> is a C code snippet to be executed. It should
not take too much time to execute. If you want to print out a lot of
information, you can schedule a routine to be called after the current
buffer is flushed by making cli->cont point to the routine (see the
TEST LONG command definition for an example); if the connection is closed
in the meantime, cli->cleanup gets called.
You can access `struct cli' belonging to the connection you're currently
servicing as this_cli, but only during parse time, not from routines scheduled
for deferred execution.
Functions to call inside command handlers:
cli_printf(cli, code, printf-args) -- print text to CLI connection,
<code> is message code as assigned in doc/reply_codes or a negative
one if it's a continuation line.
cli_msg(code, printf-args) -- the same for this_cli.
Use 'sock -x bird.ctl' for connecting to the CLI until a client is written.
we want to allow filter and similar complex constructs to be used in commands
and we should avoid code duplication), only with CLI_MARKER token prepended
before the whole input.
Defined macro CF_CLI(cmd, args, help) for defining CLI commands in .Y files.
The first argument specifies the command itself, the remaining two arguments
are copied to the help file (er, will be copied after the help file starts
to exist). This macro automatically creates a skeleton rule for the command,
you only need to append arguments as in:
CF_CLI(STEAL MONEY, <$>, [[Steal <$> US dollars or equivalent in any other currency]]): NUM {
cli_msg(0, "%d$ stolen", $3);
} ;
Also don't forget to reset lexer state between inputs.
but the core routines are there and seem to be working.
o lib/ipv6.[ch] written
o Lexical analyser recognizes IPv6 addresses and when in IPv6
mode, treats pure IPv4 addresses as router IDs.
o Router ID must be configured manually on IPv6 systems.
o Added SCOPE_ORGANIZATION for org-scoped IPv6 multicasts.
o Fixed few places where ipa_(hton|ntoh) was called as a function
returning converted address.
o Parsing of interface patterns moved to generic code,
introduced this_ipatt which works similarly to this_iface.
o Interface patterns now support selection by both interface
names and primary IP addresses.
o Proto `direct' updated.
o RIP updated as well, it also seems the memory corruption
bug there is gone.
