Commit graph

782 commits

Author SHA1 Message Date
Ondrej Zajicek (work)
81ee6cda2e Netlink: Add option to specify netlink socket receive buffer size
Add option 'netlink rx buffer' to specify netlink socket receive buffer
size. Uses SO_RCVBUFFORCE, so it can override rmem_max limit.

Thanks to Trisha Biswas and Michal for the original patches.
2022-01-17 05:11:29 +01:00
Ondrej Zajicek (work)
bbc33f6ec3 Netlink: Add another workaround for older kernel headers
Unfortunately, SOL_NETLINK is both recently added and arch-dependent,
so we cannot just define it.
2022-01-15 22:39:40 +01:00
Ondrej Zajicek (work)
8988264a64 Netlink: Add workaround for older kernel headers 2022-01-14 23:15:05 +01:00
Ondrej Zajicek (work)
e818f16448 Netlink: Enable strict checking for KRT dumps
Add strict checking for netlink KRT dumps to avoid PMTU cache records
from FNHE table dump along with KRT.

Linux Kernel added FNHE table dump to the netlink API in patch:

8d3b68cd37.1561131177.git.sbrivio@redhat.com/

Therefore, since Linux 5.3 these route cache entries are dumped together
with regular routes during periodic KRT scans, which in some cases may be
huge amount of useless data. This can be avoided by using strict checking
for netlink dumps:

https://lore.kernel.org/netdev/20181008031644.15989-1-dsahern@kernel.org/

The patch mitigates the risk of receiving unknown and potentially large
number of FNHE records that would block BIRD I/O in each sync. There is a
known issue caused by the GRE tunnels on Linux that seems to be creating
one FNHE record for each destination IP address that is routed through
the tunnel, even when the PMTU equals to GRE interface MTU.

Thanks to Tomas Hlavacek for the original patch.
2022-01-14 21:53:40 +01:00
Ondrej Zajicek (work)
d0dd1d20cd Netlink: Explicitly skip received cloned routes
Kernel uses cloned routes to keep route cache entries, but reports them
together with regular routes. They were skipped implicitly as they
do not have rtm_protocol filled. Add explicit check for cloned flag
and skip such routes explicitly.

Also, improve debug logs of skipped routes.
2022-01-14 19:07:57 +01:00
Alexander Zubkov
87a02489f3 IO: Support nonlocal bind in socket interface
Add option to socket interface for nonlocal binding, i.e. binding to an
IP address that is not present on interfaces. This behaviour is enabled
when SKF_FREEBIND socket flag is set. For Linux systems, it is
implemented by IP_FREEBIND socket flag.

Minor changes done by commiter.
2022-01-08 19:02:31 +01:00
Ondrej Zajicek (work)
f5c8fb5fba Netlink: Do not ignore dead routes from BIRD
Currently, BIRD ignores dead routes to consider them absent. But it also
ignores its own routes and thus it can not correctly manage such routes
in some cases. This patch makes an exception for routes with proto bird
when ignoring dead routes, so they can be properly updated or removed.

Thanks to Alexander Zubkov for the original patch.
2022-01-05 19:25:42 +01:00
Ondrej Zajicek (work)
77d032c71f Netlink: Improve multipath parsing errors
Function nl_parse_multipath() should handle errors internally.
2022-01-05 18:46:41 +01:00
Ondrej Zajicek (work)
a39cd2cc0b BSD: Assume onlink flag on ifaces with only host addresses
The BSD kernel does not support the onlink flag and BIRD does not use
direct routes for next hop validation, instead depends on interface
address ranges. We would like to handle PtMP cases with only host
addresses configured, like:

  ifconfig wg0 192.168.0.10/32
  route add 192.168.0.4 -iface wg0
  route add 192.168.0.8 -iface wg0

To accept BIRD routes with onlink next-hop, like:

  route 192.168.42.0/24 via 192.168.0.4%wg0 onlink

BIRD would dismiss the route when receiving from the kernel, as the
next-hop 192.168.0.4 is not part of any interface subnet and onlink
flag is not kept by the BSD kernel.

The commit fixes this by assuming that for routes received from the
kernel, any next-hop is onlink on ifaces with only host addresses.

Thanks to Stefan Haller for the original patch.
2021-12-27 21:00:04 +01:00
Maria Matejka
644e9ca94e Directly mapped pages are kept for future use if temporarily not needed 2021-11-24 19:42:52 +00:00
Ondrej Zajicek (work)
f761be6b30 Nest: Clean up main channel handling
Remove assumption that main channel is the only channel.
2021-06-17 16:56:51 +02:00
Ondrej Zajicek (work)
e5724f71d2 sysdep: Add wrapper to get random bytes - update
Simplify the code and fix an issue with getentropy() return value.
2021-06-06 16:26:06 +02:00
Toke Høiland-Jørgensen
c48ebde5ce sysdep: Add wrapper to get random bytes
Add a wrapper function in sysdep to get random bytes, and required checks
in configure.ac to select how to do it. The configure script tries, in
order, getrandom(), getentropy() and reading from /dev/urandom.
2021-06-06 16:26:06 +02:00
Toke Høiland-Jørgensen
b17adf0735 BSD: Propagate OS-level IFF_MULTICAST to internal IF_MULTICAST flag
The BSD code did not propagate the OS-level IFF_MULTICAST flag to the
Bird-internal IF_MULTICAST flag, which causes problems with Wireguard
interfaces on FreeBSD. The Linux sysdep code does propagate the flag
already, so just copy over the same check and flag update.
2021-05-10 19:49:43 +02:00
Stefan Haller
a7c9515ebc BSD: Fix invalid pointer derefence in logging code
For logging purposes a stack allocated net_addr struct was passed by
value as vararg (instead of the expected pointer). This resulted in
a segfault when the specific error condition got logged.
2021-04-19 15:06:42 +02:00
Ondrej Zajicek (work)
a2277975d7 Unix: Expand accepted ranges of iproute2 constants
We support 32bit table and realm/flow ids, we should also accept them as
constants.

Thanks to Patrick Hemmer for the bugreport.
2021-04-07 16:14:20 +02:00
Maria Matejka
ff397df7ed Routing table is now a resource allocated from its own pool
This also fixes memory leaks from import/export tables being never
cleaned up and freed.
2021-03-30 21:56:08 +02:00
Maria Matejka
886dd92eee Slab: head now uses bitmask for used/free nodes info instead of lists
From now, there are no auxiliary pointers stored in the free slab nodes.
This led to strange debugging problems if use-after-free happened in
slab-allocated structures, especially if the structure's first member is
a next pointer.

This also reduces the memory needed by 1 pointer per allocated object.
OTOH, we now rely on pages being aligned to their size's multiple, which
is quite common anyway.
2021-03-25 16:47:48 +01:00
Ondrej Zajicek (work)
82f19ba95e NEWS and version update 2021-03-18 20:18:38 +01:00
Ondrej Zajicek (work)
7be3af7fa6 Rate-limit scheduling of work-events
In general, events are code handling some some condition, which is
scheduled when such condition happened and executed independently from
I/O loop. Work-events are a subgroup of events that are scheduled
repeatedly until some (often significant) work is done (e.g. feeding
routes to protocol). All scheduled events are executed during each
I/O loop iteration.

Separate work-events from regular events to a separate queue and
rate limit their execution to a fixed number per I/O loop iteration.
That should prevent excess latency when many work-events are
scheduled at one time (e.g. simultaneous reload of many BGP sessions).
2021-03-12 15:35:56 +01:00
Vincent Bernat
714238716e BGP: Add support for BGP hostname capability
This is an implementation of draft-walton-bgp-hostname-capability-02.
It is implemented since quite some time for FRR and in datacenter, this
gives a nice output to avoid using IP addresses.

It is disabled by default. The hostname is retrieved from uname(2) and
can be overriden with "hostname" option. The domain name is never set
nor displayed.

Minor changes by committer.
2021-02-10 16:53:57 +01:00
Ondrej Zajicek (work)
df83f62697 Netlink: Ignore dead routes
With net.ipv4.conf.XXX.ignore_routes_with_linkdown sysctl, a user can
ensure the kernel does not use a route whose target interface is down.
Such route is marked with a 'dead' / RTNH_F_DEAD flag.

Ignore these routes or multipath nexthops during scan.

Thanks to Vincent Bernat for the original patch.
2021-01-14 02:01:07 +01:00
Ondrej Zajicek (work)
2a8cc7259e Kernel: Do not check templates
So one can define kernel protocol template without channels.
For other protocols, it is either irrelevant or already done.

Thanks to Clemens Schrimpe for the bugreport.
2021-01-07 01:56:00 +01:00
Ondrej Zajicek (work)
21f9acd2a0 Kernel: Fix handling of krt_realm with ECMP routes
For ECMP routes, RTA_FLOW attribute must be set per-nexthop, not
per-route. Our corresponding krt_realm attribute is per-route.

Thanks to Mikhail Petrov for the bugreport.
2021-01-06 05:25:59 +01:00
Ondrej Zajicek (work)
62d57b9bdf Log: Fix locking during log reconfiguration
The log subsystem should be locked earlier, as default_log_list() may
internally manipulate with the current_log_list (if it is also a default
log list).
2020-11-25 15:15:13 +01:00
Ondrej Zajicek (work)
0ef082c51e Log: Reinitialize the static logging structures
The static logging structures are reused, we need to reinitialize them
otherwise add_tail() would fail in debug build. Reinitializing these
structures should be fine as the list they belong to is being
reinitialized on entry to the very same function.

Thanks to Andreas Rammhold and Mikael Magnusson for patches.
2020-11-25 15:04:34 +01:00
Kazuki Yamaguchi
f1b5f179db Netlink: Fix parsing of MPLS multipath routes
Add support for RTA_MULTIPATH attribute parsing for AF_MPLS routes.

BIRD is capable of installing a multipath route into kernel on Linux,
but it would not be seen because parsing fails. This made BIRD attempt
to install the same route repeatedly.

(The patch minorly updated by committer)
2020-06-03 15:18:02 +02:00
Ondrej Zajicek (work)
fae5448134 Log: Do not open logfiles when parse-and-exit option is active
This is a quick workaround for an issue where configured logfiles are
opened/created during parsing of a config file even when parse-and-exit
option is active. We should later refactor the logging code to avoid
opening log during parsing altogether.
2020-06-03 14:59:20 +02:00
Maria Matejka
cdde3550dc Unix socket: Path length check directly before copying the path.
This is not needed as the string is always short enough, anyway
it may be needed in future and one strlen during BIRD start is
cheap enough.
2020-05-01 15:19:12 +02:00
Maria Matejka
258be56539 Nest: Added const to ea_show just to declare that this shouldn't really change anything 2020-05-01 15:19:12 +02:00
Maria Matejka
fd9f0c0640 Configuration strings are constant.
This is merely a const propagation. There was no problem in there.
2020-04-09 15:37:14 +02:00
Ondrej Zajicek (work)
e2630a494e Netlink: Handle interfaces with missing broadcast addresses 2020-03-07 05:11:21 +01:00
Ondrej Zajicek (work)
757cab18d6 BGP: Support for MD5SIG together with remote range
When dynamic BGP with remote range is configured, MD5SIG needs to use
newer socket option (TCP_MD5SIG_EXT) to specify remote addres range for
listening socket.

Thanks to Adam Kułagowski for the suggestion.
2020-02-27 17:29:17 +01:00
Maria Matejka
ab089f4fb5 Conf: Better error message when reading iproute2 config
Reported by: Martin Weinelt <martin@darmstadt.freifunk.net>
2020-02-04 10:34:46 +01:00
Ondrej Zajicek (work)
7d767c5a3d KRT: Improve syncer code to avoid using temporary data in rtable
The old code stored route verdicts and temporary routes directly in
rtable. The new code do not store received routes (it immediately
compares them with exported routes and resolves conflicts) and uses
internal bitmap to keep track of which routes were received and which
needs to be reinstalled.

By not putting 'invalid' temporary routes to rtable, we keep rtable
in consistent state, therefore scan no longer needs to be atomic
operation and could be splitted to multiple events.
2020-01-07 18:35:03 +01:00
Ondrej Zajicek (work)
cc75b3e1dc KRT: Remove KRF_SYNC_ERROR flag
This info is now stored in an internal bmap. Unfortunately, net.flags
is still needed for temporary kernel data.
2019-12-19 16:34:35 +01:00
Ondrej Zajicek (work)
90a9c97e38 KRT: Fix removal of KRF_INSTALLED
Use route id from net->routes to check export_map. Route received from
sysdep KRT code does not have proper id.
2019-12-17 16:30:29 +01:00
Ondrej Zajicek (work)
c132acae36 KRT: Remove KRF_INSTALLED flag
The same information is stored in export_map of kernel protocol.
2019-12-16 02:42:24 +01:00
Ondrej Zajicek (work)
5ea39eaa96 Nest: Use bitmaps to keep track of exported routes
Use a hierarchical bitmap in a routing table to assign ids to routes, and
then use bitmaps (indexed by route id) in channels to keep track whether
routes were exported. This avoids unreliable and inefficient re-evaluation
of filters for old routes in order to determine whether they were exported.
2019-11-26 18:39:25 +01:00
Ondrej Zajicek
53401bef63 Netlink: Handle IPv4 routes with IPv6 nexthops
Accept RTA_VIA attribute in all cases. The old code always used
RTA_GATEWAY for IPv4 / IPv6 and RTA_VIA for MPLS. The new code uses
RTA_VIA in cases where AF of network and AF of nexthop differs.
2019-11-12 18:13:21 +01:00
Ondrej Zajicek
5ce881be82 Accept uppercase letters in iproute2 names
Names read from texfiles in /etc/iproute2/* are normalized by replacing
non-alphanumeric chars with underscore. The patch fixes handling of
uppercase letters, which were handled as non-alphanumberic.

Thanks to Igor Gavrilov for the bugreport.
2019-10-22 16:25:38 +02:00
Ondrej Zajicek (work)
b000a94275 NEWS and version update 2019-10-11 00:18:38 +02:00
Ondrej Zajicek (work)
759b204be3 Lib: Support for 64-bit numbers in bvsnprintf()
Use 'l' for s64/u64 instead of for long/ulong, as that is much more
useful. Also make number() correct with regard to signed/unsigned
typecasts.
2019-10-09 17:53:23 +02:00
Maria Matejka
24493e9169 Fixed undefined behavior on signals.
The C11 specification allows only sig_atomic_t and _Atomic variable
access. All other accesses to global variables are undefined behavior.

Using int was probably OK on x86 and x86_64; yet there were some reports
from other architectures (especially some MIPS) that in rare cases,
after issuing SIGHUP, BIRD did strange things.
2019-10-04 20:52:07 +02:00
Ondrej Zajicek (work)
9c79022153 Nest: Fix help for 'graceful restart' command
Multi-worded commands are not automatically added to top-level
help output.

Thanks to Christoph for the bugreport.
2019-09-23 14:52:31 +02:00
Ondrej Zajicek (work)
5235c3f78d NEWS and version update 2019-09-10 17:34:41 +02:00
Ondrej Zajicek (work)
5ab3447de1 Sysdep: Drop supplementary groups when dropping GID
We forgot to do that. Oops.
2019-08-21 17:30:00 +02:00
Ondrej Zajicek (work)
543875e080 NEWS and version update 2019-07-31 23:35:29 +02:00
Ondrej Zajicek (work)
96e4d0960c Change 'graceful down' command to 'graceful restart' and update docs
The command initiating planned graceful restart including bird shutdown
should be called 'graceful restart' instead of 'graceful down', as the
later should be reserved for graceful shutdown in style of RFC 8326.
2019-07-31 19:45:29 +02:00
Maria Matejka
48addc88be Log: Fixed race condition in reconfigure while BFD is running 2019-07-30 12:26:37 +02:00