Commit graph

3846 commits

Author SHA1 Message Date
Ondrej Zajicek (work)
77d032c71f Netlink: Improve multipath parsing errors
Function nl_parse_multipath() should handle errors internally.
2022-01-05 18:46:41 +01:00
Ondrej Zajicek (work)
29dda184e5 Conf: Fix parsing full-length IPv6 addresses
Lexer expression for bytestring was too loose, accepting also
full-length IPv6 addresses. It should be restricted such that
colon is used between every byte or never.

Fix the regex and also add some test cases for it.

Thanks to Alexander Zubkov for the bugreport
2022-01-05 16:38:49 +01:00
Matous
75aceadaf7 gitlab-ci.yml: failing gitlab runner fixed.
'registry.labs.nic.cz' -> 'registry.nic.cz' changed
2022-01-05 04:13:39 +01:00
Alexander Zubkov
77042292ff Doc: Document min/max operators for lists 2021-12-28 04:09:36 +01:00
Alexander Zubkov
0e1fd7ea6a Filter: Add operators to find minimum and maximum element of sets
Add operators .min and .max to find minumum or maximum element in sets
of types: clist, eclist, lclist. Example usage:

bgp_community.min
bgp_ext_community.max
filter(bgp_large_community, [(as1, as2, *)]).min

Signed-off-by: Alexander Zubkov <green@qrator.net>
2021-12-28 04:07:09 +01:00
Alexander Zubkov
e15e465720 Doc: Document community components access operators 2021-12-28 04:07:09 +01:00
Alexander Zubkov
a2a268da4f Filter: Add operators to pick community components
Add operators that can be used to pick components from
pair (standard community) or lc (large community) types.
For example:

(10, 20).asn --> 10
(10, 20).data --> 20

(10, 20, 30).asn --> 10
(10, 20, 30).data1 --> 20
(10, 20, 30).data2 --> 30

Signed-off-by: Alexander Zubkov <green@qrator.net>
2021-12-28 04:07:00 +01:00
Ondrej Zajicek (work)
a39cd2cc0b BSD: Assume onlink flag on ifaces with only host addresses
The BSD kernel does not support the onlink flag and BIRD does not use
direct routes for next hop validation, instead depends on interface
address ranges. We would like to handle PtMP cases with only host
addresses configured, like:

  ifconfig wg0 192.168.0.10/32
  route add 192.168.0.4 -iface wg0
  route add 192.168.0.8 -iface wg0

To accept BIRD routes with onlink next-hop, like:

  route 192.168.42.0/24 via 192.168.0.4%wg0 onlink

BIRD would dismiss the route when receiving from the kernel, as the
next-hop 192.168.0.4 is not part of any interface subnet and onlink
flag is not kept by the BSD kernel.

The commit fixes this by assuming that for routes received from the
kernel, any next-hop is onlink on ifaces with only host addresses.

Thanks to Stefan Haller for the original patch.
2021-12-27 21:00:04 +01:00
Job Snijders
b9f38727a7 RPKI: Add contextual out-of-bound checks in RTR Prefix PDU handler
RFC 6810 and RFC 8210 specify that the "Max Length" value MUST NOT be
less than the Prefix Length element (underflow). On the other side,
overflow of the Max Length element also is possible, it being an 8-bit
unsigned integer allows for values larger than 32 or 128. This also
implicitly ensures there is no overflow of "Length" value.

When a PDU is received where the Max Length field is corrputed, the RTR
client (BIRD) should immediately terminate the session, flush all data
learned from that cache, and log an error for the operator.

Minor changes done by commiter.
2021-12-18 16:35:28 +01:00
Simon Ruderich
00410fd6c1 Doc: bgp: remove "advertise ipv4"
The option was removed in d15b0b0a ("BGP redesign", 2016-12-07)
but the documentation wasn't updated.
2021-12-18 03:17:48 +01:00
Ondrej Zajicek (work)
b21104c97e Nest: Do not ignore secondary flag changes in ifa updates
Compare all IA_* flags that are set by sysdep iface code.

The old code ignores IA_SECONDARY flag when comparing whether iface
address updates from kernel changed anything. This is usually not an
issue as kernel removes all secondary addresses due to removal of the
primary one, but it breaks when sysctl 'promote_secondaries' is enabled
and kernel promotes secondary addresses to primary ones.

Thanks to 'Alexander' for the bugreport.
2021-12-18 01:09:52 +01:00
Ondrej Zajicek (work)
78ddfd2600 Trie: Clarify handling of less-common net types
For convenience, Trie functions generally accept as input values not only
NET_IPx types of nets, but also NET_VPNx and NET_ROAx types. But returned
values are always NET_IPx types.
2021-12-02 03:35:29 +01:00
Maria Matejka
f772afc525 Memory statistics split into Effective and Overhead
This feature is intended mostly for checking that BIRD's allocation
strategies don't consume much memory space. There are some cases where
withdrawing routes in a specific order lead to memory fragmentation and
this output should give the user at least a notion of how much memory is
actually used for data storage and how much memory is "just allocated"
or used for overhead.

Also raising the "system allocator overhead estimation" from 8 to 16
bytes; it is probably even more. I've found 16 as a local minimum in
best scenarios among reachable machines. I couldn't find any reasonable
method to estimate this value when BIRD starts up.

This commit also fixes the inaccurate computation of memory overhead for
slabs where the "system allocater overhead estimation" was improperly
added to the size of mmap-ed memory.
2021-11-27 22:54:15 +01:00
Ondrej Zajicek (work)
14fc24f3a5 Trie: Implement longest-prefix-match queries and walks
The prefix trie now supports longest-prefix-match query by function
trie_match_longest_ipX() and it can be extended to iteration over all
covering prefixes for a given prefix (from longest to shortest) using
TRIE_WALK_TO_ROOT_IPx() macro.
2021-11-26 03:26:36 +01:00
Maria Matejka
644e9ca94e Directly mapped pages are kept for future use if temporarily not needed 2021-11-24 19:42:52 +00:00
Ondrej Zajicek (work)
062e69bf52 Trie: Implement trie walking code
Trie walking allows enumeration of prefixes in a trie in the usual
lexicographic order. Optionally, trie enumeration can be restricted
to a chosen subnet (and its descendants).
2021-11-19 18:04:32 +01:00
Ondrej Zajicek (work)
71c18d9f53 Trie: Simplify network matching code
Introduce ipX_prefix_equal() and use it to simplify network matching code.
2021-11-13 21:11:18 +01:00
Ondrej Zajicek (work)
9f24fef5e9 Conf: Fix crash during shutdown
BIRD implements shutdown by reconfiguring to fake empty configuration.
Such fake config structure is created from the last running config and
shares some data, including symbol table. This allows access to (removed)
routing tables and causes crash when 'show route' command is used during
shutdown.

Clean up symbol table, table list and links to default tables, so removed
routing tables cannot be accessed during shutdown.
2021-10-20 01:51:28 +02:00
Maria Matejka
5cff1d5f02 Route: moved rte_src pointer from rta to rte
It is an auxiliary key in the routing table, not a route attribute.
2021-10-13 19:09:04 +02:00
Maria Matejka
d5a32563df Preexport: No route modification, no linpool needed 2021-10-13 19:09:04 +02:00
Maria Matejka
eb937358c0 Preference moved to RTA and set explicitly in protocols 2021-10-13 19:09:04 +02:00
Maria Matejka
cee0cd148c Export table: Delay freeing of old stored route.
This is needed to provide the protocols the full old route after filters
when export table is enabled.
2021-10-13 19:09:04 +02:00
Maria Matejka
8216ec3027 There may be a symbol with NULL protocol when reconfiguring 2021-10-13 19:09:04 +02:00
Maria Matejka
8ac20511e1 Show route may be accidentally called on shutdown also when not all default tables are present 2021-10-13 19:09:04 +02:00
Maria Matejka
a54f75f454 fixup! Multipage allocation 2021-10-13 19:08:35 +02:00
Maria Matejka
6cd3771378 Multipage allocation
We can also quite simply allocate bigger blocks. Anyway, we need these
blocks to be aligned to their size which needs one mmap() two times
bigger and then two munmap()s returning the unaligned parts.

The user can specify -B <N> on startup when <N> is the exponent of 2,
setting the block size to 2^N. On most systems, N is 12, anyway if you
know that your configuration is going to eat gigabytes of RAM, you are
almost forced to raise your block size as you may easily get into memory
fragmentation issues or you have to raise your maximum mapping count,
e.g. "sysctl vm.max_map_count=(number)".
2021-10-13 19:01:22 +02:00
Maria Matejka
3a31c3aad6 CLI socket accept() may also fail and should produce some message, not a coredump. 2021-10-13 19:00:36 +02:00
Maria Matejka
d322ee3d54 OSPF: explicitly stop the periodic tick on shutdown to avoid recalculation races 2021-10-13 19:00:36 +02:00
Maria Matejka
e5a8eec6d7 Linpools may use pages instead of xmalloc 2021-10-13 19:00:36 +02:00
Maria Matejka
bea582cbb5 fixup! Bound allocated pages to resource pools with page caches to avoid unnecessary syscalls 2021-10-13 18:59:45 +02:00
Ondrej Zajicek (work)
067f69a56d Filter: Add prefix trie benchmarks
Add trie tests intended as benchmarks that use external datasets
instead of generated prefixes. As datasets are not included, they
are commented out by default.
2021-09-25 16:06:43 +02:00
Ondrej Zajicek (work)
e709dc09e6 Filter: Improve prefix trie tests
Add tests explicitly matching insides and outsides of trie and update
tests to do testing of both IPv4 and IPv6 tries.
2021-09-25 16:06:43 +02:00
Ondrej Zajicek (work)
dd61278c9d Filter: Update trie documentation 2021-09-25 16:06:43 +02:00
Ondrej Zajicek (work)
562a2b8c29 Filter: Fix trie test
Generated prefixes must be valid.
2021-09-25 16:06:43 +02:00
Ondrej Zajicek (work)
13225f1dbf Filter: Faster prefix sets
Use 16-way (4bit) branching in prefix trie instead of basic binary
branching. The change makes IPv4 prefix sets almost 3x faster, but
with more memory consumption and much more complicated algorithm.

Together with a previous filter change, it makes IPv4 prefix sets
about ~4.3x faster and slightly smaller (on my test data).
2021-09-25 16:06:43 +02:00
Maria Matejka
7f0e598208 Bound allocated pages to resource pools with page caches to avoid unnecessary syscalls 2021-09-10 18:13:50 +02:00
Maria Matejka
2c13759136 Reducing filter stack size to allow for lesser thread stack size 2021-09-10 18:11:28 +02:00
Maria Matejka
ceef6de459 OSPF: Setting a list node NULL before use 2021-09-10 17:38:22 +02:00
Maria Matejka
923a6644b2 Fixed memory poisoning in slab 2021-09-10 17:38:22 +02:00
Maria Matejka
227e2d5541 Debug output uses local buffer to avoid clashes between threads. 2021-09-10 17:37:46 +02:00
Maria Matejka
eb20251655 Filter: Additional consistency checks 2021-09-10 17:37:46 +02:00
Ondrej Zajicek (work)
47d92d8f9d Nest: Clean up main channel handling
Remove assumption that main channel is the only channel.
2021-09-10 17:32:05 +02:00
Ondrej Zajicek (work)
f761be6b30 Nest: Clean up main channel handling
Remove assumption that main channel is the only channel.
2021-06-17 16:56:51 +02:00
Ondrej Zajicek (work)
1b9bf4e192 Nest: Fix export of tmpattrs through pipes
Pipes copy the original rte with old values, so they require rte to be
exported with stored tmpattrs. Other protocols access stored attributes
using eattr list, so they require rte to be exported with expanded
tmpattrs. This is temporary hack, we plan to remove whoe tmpattr mechanism.

Thanks to Paul Donohue for the bugreport.
2021-06-14 20:02:50 +02:00
Ondrej Zajicek (work)
3ebabab277 Revert "Nest: Fix export of tmpattrs through pipes"
This reverts commit f8e273b5e7.
2021-06-14 17:58:37 +02:00
Ondrej Zajicek (work)
f8e273b5e7 Nest: Fix export of tmpattrs through pipes
In most cases of export there is no need to store back temporary
attributes to rte, as receivers (protocols) access eattr list anyway.
But pipe copies the original rte with old values, so we should store
tmpattrs also during export.

Thanks to Paul Donohue for the bugreport.
2021-06-14 16:30:59 +02:00
Ondrej Zajicek (work)
3f19100f5a CI: Allow Babel tests 2021-06-11 01:31:10 +02:00
Ondrej Zajicek (work)
596f2e32e3 Nest: Allow both 'password' and 'key' keywords for authentication keys 2021-06-09 19:54:01 +02:00
Ondrej Zajicek (work)
6d26f85395 Babel: Simplify auth expiration
Just use hello_expiry for that, keep init_expiry for initial
unauthentized neighbors.
2021-06-09 19:31:55 +02:00
Ondrej Zajicek (work)
8eea396baf Nest: Fix password list parsing code
One of previous patches broke password list parsing code, fix that.
2021-06-06 19:10:33 +02:00