Commit graph

1478 commits

Author SHA1 Message Date
Maria Matejka
258be56539 Nest: Added const to ea_show just to declare that this shouldn't really change anything 2020-05-01 15:19:12 +02:00
Maria Matejka
a7d9b8f116 OSPF: Zero-initialization of a temporary neighbor 2020-05-01 15:19:12 +02:00
Maria Matejka
5f60d14ede RPKI: fixed rare va_list leak 2020-05-01 15:19:12 +02:00
Maria Matejka
9e64ac4b7c OSPF: Adding a note about a static analyzer result. 2020-05-01 15:19:12 +02:00
Maria Matejka
dccee40826 OSPF: variable-length array of size 0 replaced by alloca()'d pointer
NULL pointer is safer than a random pointer onto stack if this function
gets changed and eventually broken.
2020-05-01 15:19:12 +02:00
Maria Matejka
d607205486 Not calling memcpy with n=0. 2020-04-28 16:21:06 +02:00
Nasato Goto
a6548d5b5b BGP: Fix handling of 16bit-only ASN translation
The bug generated invalid AGGREGATOR attribute during translation of
32bit ASN to 16bit-only BGP peer. The patch fixes that.
2020-04-15 03:46:53 +02:00
Maria Matejka
fd9f0c0640 Configuration strings are constant.
This is merely a const propagation. There was no problem in there.
2020-04-09 15:37:14 +02:00
Ondrej Zajicek (work)
d516c68ad8 RIP: Improvements to demand circuit mode
Restart iface after changing demand circuit mode during reconfiguration.
Fix next_regular interval reset during reconfiguration. Send flushing
response when iface goes down.
2020-03-14 17:04:49 +01:00
Maria Matejka
dc042d87cb Perf: changed route update pattern to be more like common protocols 2020-03-12 09:26:05 +01:00
Ondrej Zajicek (work)
78e4a123bb BGP: Handle flowspec rules without dst part
The RFC 5575 does not explicitly reject flowspec rules without dst part,
it just requires dst part in validation procedure for feasibility, which
we do not implement anyway. Thus flow without dst prefix is syntactically
valid, but unfeasible (if feasibilty testing is done).

Thanks to Alex D. for the bugreport.
2020-03-03 17:45:16 +01:00
Ondrej Zajicek (work)
757cab18d6 BGP: Support for MD5SIG together with remote range
When dynamic BGP with remote range is configured, MD5SIG needs to use
newer socket option (TCP_MD5SIG_EXT) to specify remote addres range for
listening socket.

Thanks to Adam Kułagowski for the suggestion.
2020-02-27 17:29:17 +01:00
Ondrej Zajicek (work)
22c3cf955d RIP: Demand circuit support (RFC 2091) 2020-02-21 02:35:50 +01:00
Ondrej Zajicek (work)
3343088a71 RIP: Fix crash when interface is removed
Recent changes in neighbor code caused RIP to access neighbor field which
is NULL during interface/neighbor removal and caused crash when debug
messages are enabled. Use correct field to get iface from neighbor.
2020-02-14 22:43:27 +01:00
Maria Matejka
027a3e66f7 RPKI: Allow build without libSSH 2020-02-04 10:15:35 +01:00
Ondrej Zajicek (work)
7f9adafc10 BFD: Option to specify which class of BFD sessions are accepted
Allows to configure IPv4/IPv6-only or direct/multihop-only BFD protocol
instances.
2020-01-28 18:07:25 +01:00
Ondrej Zajicek (work)
9f2670277c OSPF: Fix bad initialization of tx_hdrlen field
Function ifa_tx_hdrlen() uses fields autype and passwords, so it must be
called after these are set.

Thanks to Kenth Eriksson for the bugreport.
2020-01-09 03:02:15 +01:00
Ondrej Zajicek (work)
21d09632a5 BGP: Add some statistics
Add some statistic counters to BGP consistent with BGP MIB (RFC 4273),
including persistent 'FSM established transitions'.
2019-12-03 18:05:41 +01:00
Ondrej Zajicek (work)
0f88200247 BGP: Fix processing of IPv6 Flowspec
During NLRI parsing of IPv6 Flowspec, dst prefix was not properly
extracted from NLRI, therefore a received flow was stored in a different
position in flowspec routing table, and was not reachable by command
'show route <flow>'.

Add proper prefix part accessors to flowspec code and use them from BGP
NLRI parsing code.

Thanks to Alex D. for the bugreport.
2019-11-18 17:56:51 +01:00
Ondrej Zajicek (work)
0b228fca04 BGP: Add option to enforce first AS in AS_PATH
This is optional check described in RFC 4271. Although this can be also
done by filters, it is widely implemented option in BGP implementations.

Thanks to Eugene Bogomazov for the original patch.
2019-11-10 02:06:07 +01:00
Ondrej Zajicek (work)
a52476c9be BGP: Add option to reject AS_SETs
There is a pending draft to make them obsolete
2019-11-04 22:09:35 +01:00
Ondrej Zajicek (work)
be7c1aef42 BGP: RFC 8654 got released 2019-10-26 01:32:24 +02:00
Ondrej Zajicek (work)
ec331acf48 BGP: Fix handling of transitive extended communities
Transitive extended communities should be removed on external sessions,
the old code them in all cases.

Thanks to Jean-Daniel Pauget for the original patch.
2019-10-24 17:50:19 +02:00
Ondrej Zajicek (work)
4e23b49969 RPKI: Fix handling of IPv6 cache addresses
The old code used just sizeof(struct sockaddr) bytes of IP address.
2019-10-19 03:39:07 +02:00
Ondrej Zajicek (work)
6c9cda6f92 BGP: Fix reconfiguration with import table
Change of some options requires route refresh, but when import table is
active, channel reload is done from it instead of doing full route
refresh. So in this case we request it internally.
2019-10-10 23:33:40 +02:00
Ondrej Zajicek (work)
09ee846d92 BGP: AIGP metric support (RFC 7311) 2019-10-09 17:53:23 +02:00
Ondrej Zajicek (work)
759b204be3 Lib: Support for 64-bit numbers in bvsnprintf()
Use 'l' for s64/u64 instead of for long/ulong, as that is much more
useful. Also make number() correct with regard to signed/unsigned
typecasts.
2019-10-09 17:53:23 +02:00
Maria Matejka
6dda6931d1 Perf: allow testing with cached route attributes. 2019-10-09 17:47:14 +02:00
Ondrej Zajicek (work)
4821251ebb BFD: Fix reconfiguration of neighbors
The bfd_reconfigure_neighbors() returned after first reconfigured
neighbor instead of continuing with the next one.

Thanks to Winston Chen for the bugreport and a patch.
2019-09-30 19:10:14 +02:00
Ondrej Zajicek (work)
eb1e43a9af BGP: Fix setup with multiple dynamic BGP ranges
Based on a patch from Liam Nattrass, thanks.
2019-09-17 14:45:14 +02:00
Ondrej Zajicek (work)
1127887a8b BGP: Fix handling of bgp_aggregator atttribute
The attribute should not be modifiable by filters as we do not
support its type.
2019-09-09 13:17:30 +02:00
Ondrej Zajicek (work)
8388f5a7e1 BGP: Fix bugs in handling of shutdown messages
There is an improper check for valid message size, which may lead to
stack overflow and buffer leaks to log when a large message is received.

Thanks to Daniel McCarney for bugreport and analysis.
2019-09-09 03:13:35 +02:00
Ondrej Zajicek (work)
56d8b1e7f6 OSPF: Fix 'show ospf lsadb' cmd without proto arg
It crashed when used without protocol argument.

Thanks to Alexander for the bugreport.
2019-08-29 20:58:16 +02:00
Ondrej Zajicek (work)
4fa0e472cf BGP: Use reallocation for capability structure
Instead of having large stack buffer for max amount of AFI/SAFI pairs.
The old code is not correct w.r.t. extendeded option length, as more
AFI/SAFI pairs may fit into the capability option.
2019-08-21 17:16:08 +02:00
Ondrej Zajicek (work)
524d253853 BGP: Implement extended optional parameters length
Extends BGP options/capabilities data length to 16bit, to avoid issues
with too many capabilities. See draft-ietf-idr-ext-opt-param-07
2019-08-20 19:15:50 +02:00
Ondrej Zajicek (work)
b7d7599ce3 BGP: implement Adj-RIB-Out
The patch implements optional internal export table to a channel and
hooks it to BGP so it can be used as Adj-RIB-Out. When enabled, all
exported (post-filtered) routes are stored there. An export table can be
examined using e.g. 'show route export table bgp1.ipv4'.
2019-08-14 06:02:33 +02:00
Ondrej Zajicek (work)
70a4320bdd RAdv: Allow solicited RAs to be sent as unicast
Add option to send solicited router advertisements as unicast directly
to soliciting nodes instead of as multicast to all-nodes group.
2019-08-12 00:43:19 +02:00
Ondrej Zajicek (work)
e2b530aa72 BGP: Improve reconfiguration
Several BGP channel options (including 'next hop self') could be
reconfigured without session reset, with just route refeed/refresh.
The patch improves reconfiguration code to do it that way.
2019-08-06 15:29:06 +02:00
Ondrej Zajicek (work)
f6a6a77640 BGP: Fix 'deterministic med' to work with 'merge paths'
The 'deterministic med' option is implemented by suppressing other than
best-in-group routes (grouped by ASN) from best route selection. This
interferes with 'merge paths' as supressed routes are no longer mergable
with best route. This is fixed by suppressing only those routes that are
not mergable with best-in-group route.
2019-08-06 15:09:42 +02:00
Vincent Bernat
3b62417c35 RPKI: Fix allocation of hostname when using an IPv6 address 2019-07-29 15:42:30 +02:00
Ondrej Zajicek (work)
00284f0ed6 BFD: Fix formatting of 'show bfd sessions'
The formatting was broken due to longer date in 'since' column.
2019-07-25 14:24:16 +02:00
Ondrej Zajicek (work)
cec40a7467 Merge remote-tracking branch 'origin/mq-filter-stack' 2019-07-24 15:38:32 +02:00
Ondrej Zajicek (work)
18f70a6229 Nest: VRF of protocol can be explicitly specified as 'default'
Protocol can have specified VRF, in such case it is restricted to a set
of ifaces associated with the VRF, otherwise it can use all interfaces.

The patch allows to specify VRF as 'default', in which case it is
restricted to a set of iface not associated with any VRF.
2019-07-24 15:08:03 +02:00
Ondrej Zajicek (work)
048c2f0e8c OSPF: Fix formatting of 'show ospf neighbors'
The formatting was broken when too short router-id was used.
2019-07-23 17:02:41 +02:00
Ondrej Zajicek (work)
15b0a92294 RPKI: Fix reconfiguration when ssh parameters are undefined 2019-07-23 01:52:18 +02:00
Ondrej Zajicek (work)
cf7ff99513 BFD: Support for VRFs
Allow multiple BFD instances in separate VRFs, dispatch BFD requests
according to VRFs.

Thanks to Alexander Zubkov for notice and patches.
2019-07-17 16:20:35 +02:00
Maria Matejka
8263690e75 Merge remote-tracking branch 'origin/master' into mq-filter-stack 2019-07-15 16:07:16 +02:00
Ondrej Zajicek (work)
1aec7112f7 OSPF: Fix handling of NSSA option flags
Per RFC 3101, N-bit signalling NSSA support should be used only in Hello
packets, not in DBDES packets. BIRD since 2.0.4 verifies N-bit in
neighbor structure, which is learned from DBDES packets, therefore
NSSA-LSAs are not propagated to proper implementations of RFC 3101.

This patch fixes that. Both removing the check and removing N-bit from
DBDES packet. This will fix compatibility issues with proper
implementations, but causes compatibility issues with BIRD 2.0.4.
2019-07-10 18:25:36 +02:00
Maria Matejka
b2a4feeb4c Merge branch 'master' into mq-filter-stack 2019-07-10 11:27:08 +02:00
Ondrej Zajicek (work)
deb84d7989 OSPF: Minor fix in graceful restart
Most LSA origination is blocked in ospf_update_topology(), this fix
blocks LSA origination from ospf_rt_spf().
2019-07-09 15:57:46 +02:00