Commit graph

257 commits

Author SHA1 Message Date
Pavel Tvrdík
65d2a88dd2 RPKI protocol with one cache server per protocol
The RPKI protocol (RFC 6810) using the RTRLib
(http://rpki.realmv6.org/) that is integrated inside
the BIRD's code.

Implemeted transports are:
 - unprotected transport over TCP
 - secure transport over SSHv2

Example configuration of bird.conf:
  ...
  roa4 table r4;
  roa6 table r6;

  protocol rpki {
    debug all;

    # Import both IPv4 and IPv6 ROAs
    roa4 { table r4; };
    roa6 { table r6; };

    # Set cache server (validator) address,
    # overwrite default port 323
    remote "rpki-validator.realmv6.org" port 8282;

    # Overwrite default time intervals
    retry   10;         # Default 600 seconds
    refresh 60;         # Default 3600 seconds
    expire 600;         # Default 7200 seconds
  }

  protocol rpki {
    debug all;

    # Import only IPv4 routes
    roa4 { table r4; };

    # Set cache server address to localhost,
    # use default ports tcp => 323 or ssh => 22
    remote 127.0.0.1;

    # Use SSH transport instead of unprotected transport over TCP
    ssh encryption {
      bird private key "/home/birdgeek/.ssh/id_rsa";
      remote public key "/home/birdgeek/.ssh/known_hosts";
      user "birdgeek";
    };
  }
  ...
2016-12-07 09:35:24 +01:00
Ondrej Zajicek (work)
08b3a24da5 IO: Minor changes in socket AF handing
AF can be specified implicitly by saddr or daddr, flags SKF_V4ONLY and
SKF_V6ONLY are to be removed.
2016-05-17 15:21:49 +02:00
Jan Moskyto Matejka
5af7b59660 Merge branch 'int-new' of gitlab.labs.nic.cz:labs/bird into int-new 2016-05-13 13:48:04 +02:00
Jan Moskyto Matejka
d39d41fbda Hash: Fix of previous commit 2016-05-13 13:46:46 +02:00
Ondrej Zajicek (work)
b66a9e2f33 Merge branch 'master' into int-new 2016-05-12 21:49:52 +02:00
Ondrej Zajicek (work)
659f80f262 Make int-new compilable again 2016-05-12 21:47:29 +02:00
Ondrej Zajicek (work)
776d6b2c05 Merge remote-tracking branch 'origin/int-new' into int-new 2016-05-12 18:11:12 +02:00
Ondrej Zajicek (work)
af678af0d5 Merge remote-tracking branch 'origin/master' into int-new 2016-05-12 18:03:23 +02:00
Jan Moskyto Matejka
54ac0becee Hash: fixed rta hashing wrt. structure padding 2016-05-12 16:16:25 +02:00
Ondrej Zajicek (work)
286e2011d2 Miscellaneous minor fixes 2016-05-12 16:04:47 +02:00
Pavel Tvrdik
8e433d6a52 Prog Doc: Complete several missing parameters 2016-05-12 15:49:44 +02:00
Jan Moskyto Matejka
0c6dfe5236 Merge branch 'int-new' into int-new-merged 2016-05-10 14:30:49 +02:00
Jan Moskyto Matejka
7152e5efbb Build system reworked to one global Makefile with includes and no nesting
Also removed the lib-dir merging with sysdep. Updated #include's
accordingly.

Fixed make doc on recent Debian together with moving generated doc into
objdir.

Moved Makefile.in into root dir

Retired all.o and birdlib.a
Linking the final binaries directly from all the .o files.
2016-05-10 14:07:34 +02:00
Ondrej Zajicek (work)
937e75d8f1 Add the Babel routing protocol (RFC 6126)
This patch implements the IPv6 subset of the Babel routing protocol.
Based on the patch from Toke Hoiland-Jorgensen, with some heavy
modifications and bugfixes.

Thanks to Toke Hoiland-Jorgensen for the original patch.
2016-04-28 18:01:40 +02:00
Ondrej Zajicek (work)
a7baa09862 BSD: Add the IPsec SA/SP database entries control
Add code for manipulation with TCP-MD5 keys in the IPsec SA/SP database
at FreeBSD systems. Now, BGP MD5 authentication (RFC 2385) keys are
handled automatically on both Linux and FreeBSD.

Based on patches from Pavel Tvrdik.
2016-04-13 14:37:09 +02:00
Jan Moskyto Matejka
7a7ac65682 Merge branch 'master' into int-new-channels 2016-04-08 12:28:33 +02:00
Ondrej Zajicek (work)
f2ae2badff Main: Add local option
Add option that changes default paths for config file and control socket
to the current working directory.
2016-04-07 12:39:49 +02:00
Ondrej Zajicek (work)
9e7b3ebdf9 IO: Replace RX priority heuristic with explicit mark
In BIRD, RX has lower priority than TX with the exception of RX from
control socket. The patch replaces heuristic based on socket type with
explicit mark and uses it for both control socket and BGP session waiting
to be established.

This should avoid an issue when during heavy load, outgoing connection
could connect (TX event), send open, but then failed to receive OPEN /
establish in time, not sending notifications between and therefore
got hold timer expired error from the neighbor immediately after it
finally established the connection.
2016-04-06 11:49:34 +02:00
Jan Moskyto Matejka
54bb032d21 Birdlib: Modify lists to avoid problems with pointer aliasing rules
The old linked list implementation used some wild typecasts and required
GCC option -fno-strict-aliasing to work properly. This patch fixes that.
However, we still keep the option due to other potential problems.

(Commited by Ondrej Santiago Zajicek)
2016-03-23 02:21:42 +01:00
Ondrej Zajicek (work)
665b8e5283 Birdlib: Do cleanups after remove/free
To avoid byzantine behavior in case of some errors, linked lists are
cleared after rem_node() and resource headers are cleared after rfree().
2016-03-23 02:21:42 +01:00
Jan Moskyto Matejka
a815d62d59 Hash: typecast error fix 2016-02-19 16:33:07 +01:00
Jan Moskyto Matejka
9a74622ca1 Updated RTA hashes to 32-bit values.
... and reworked the hashes a bit. Also added mem_hash function
which just computes a hash of given memory block.
2016-02-10 13:26:07 +01:00
Ondrej Zajicek (work)
f4a60a9bc4 Channels - explicit links between protocols and tables
The patch adds support for channels, structures connecting protocols and
tables and handling most interactions between them. The documentation is
missing yet.
2016-02-01 10:28:50 +01:00
Pavel Tvrdík
f9d729ab68 NET ROAx: add max_pxlen, fix format 2016-01-14 14:31:55 +01:00
Jan Moskyto Matejka
9a883adf95 Net address format: Do not print the -4 or -6 suffix in %I4 and %I6 2016-01-13 13:21:25 +01:00
Pavel Tvrdík
a820ae1074 NET ROAx more small changes
- Remove `u8 src` from net_add_roaX
- Add `u8 max_pxlen` to net_add_roaX
- Add some missing macro and functions for ROA
- Remove ASN from hash function for ROA

Thanks to Ondrej Santiago Zajicek
2016-01-12 11:41:10 +01:00
Pavel Tvrdík
93e807292c ROA change printf 'ASN: xxx' to 'ASxxx' 2016-01-12 11:40:50 +01:00
Jan Moskyto Matejka
6ffa8f5393 Hidden AF_INET* inside sysdep/ 2016-01-11 09:29:51 +01:00
Pavel Tvrdík
de9b87f558 Add NET ROA4/6 structures 2016-01-07 18:21:31 +01:00
Ondrej Zajicek (work)
e691d16a63 Explicit ip4_addr / ip6_addr printf support 2015-12-29 17:12:47 +01:00
Ondrej Zajicek (work)
74c838a870 Move ID allocator to a separate file and use it also in OSPF 2015-12-29 15:42:12 +01:00
Ondrej Zajicek (work)
04632fd77f Follow-up work on integration 2015-12-24 15:56:04 +01:00
Jan Moskyto Matejka
70b90dde23 Better fix of missing AF_INET6? definition in lib/socket.h
Moved the code to sysdep.
2015-12-22 09:45:09 +01:00
Jan Moskyto Matejka
67aa88336a BSD wants to include sys/socket.h in lib/socket.h (AF_INET6? definitions) 2015-12-21 18:23:08 +01:00
Ondrej Zajicek (work)
0bf95f99e6 Follow-up work on integration
Contains some patches from Jan Moskyto Matejka
2015-12-21 17:17:21 +01:00
Ondrej Zajicek (work)
23c212e7f1 Follow-up work on integration 2015-12-21 03:33:18 +01:00
Jan Moskyto Matejka
7fd4143ead Integrated address print lengths
Minor changes by Ondrej Santiago Zajicek
2015-12-20 13:47:39 +01:00
Jan Moskyto Matejka
aedd3a6bab Implemented missing prefix manipulation functions 2015-12-20 12:53:40 +01:00
Jan Moskyto Matejka
5e173e9f63 Stop perusing f_prefix for non-prefix-set uses
Multiple changes by Ondrej Santiago Zajicek
2015-12-19 23:49:47 +01:00
Jan Moskyto Matejka
d7661fbe9d Removed BITS_PER_IP_ADDRESS, MAX_PREFIX_LENGTH, BIRD_AF
Explicit setting of AF_INET(6|) in IP socket creation. BFD set to listen
on v6, without setting the V6ONLY flag to catch both v4 and v6 traffic.

Squashing and minor changes by Ondrej Santiago Zajicek
2015-12-19 15:57:09 +01:00
Jan Moskyto Matejka
9b136840d9 Netlink and BSD: Integrating IPv4 and IPv6
Squashing and minor changes by Ondrej Santiago Zajicek
2015-12-18 20:03:47 +01:00
Ondrej Zajicek (work)
04ae8ddaa1 Merge branch 'master' into int-new 2015-11-25 14:24:35 +01:00
Pavel Tvrdík
33b4f40acc MD5: Mormalize naming style 2015-11-24 16:01:48 +01:00
Ondrej Zajicek (work)
90f78507f4 Merge branch 'master' into rip-new 2015-11-24 15:21:11 +01:00
Ondrej Zajicek (work)
e422ca0f29 Some consts for function arguments
Patch from Pavel Tvrdik
2015-11-24 13:52:26 +01:00
Ondrej Zajicek (work)
5126380bea Minor changes to SHA hash functions 2015-11-24 13:47:28 +01:00
Pavel Tvrdík
f312a837e9 Add SHA-384/512 and HMAC-SHA-384/512 crypto hash 2015-11-13 19:34:12 +01:00
Pavel Tvrdík
4035e0e79c Add SHA-224/256 and HMAC-SHA-224/256 crypto hash 2015-11-13 19:34:02 +01:00
Pavel Tvrdík
5d0c36f1da Add SHA1 and SHA1-HMAC crypto hash 2015-11-13 19:33:48 +01:00
Pavel Tvrdík
75ff08022e Add get_u64() and put_u64() into lib/unaligned.h 2015-11-13 19:31:19 +01:00