Commit graph

875 commits

Author SHA1 Message Date
Ondrej Zajicek (work)
1f2eb2aca8 BGP: Implement flowspec validation procedure
Implement flowspec validation procedure as described in RFC 8955 sec. 6
and RFC 9117. The Validation procedure enforces that only routers in the
forwarding path for a network can originate flowspec rules for that
network.

The patch adds new mechanism for tracking inter-table dependencies, which
is necessary as the flowspec validation depends on IP routes, and flowspec
rules must be revalidated when best IP routes change.

The validation procedure is disabled by default and requires that
relevant IP table uses trie, as it uses interval queries for subnets.
2022-02-06 23:27:13 +01:00
Ondrej Zajicek (work)
1ae42e5223 Nest: Add routing table configuration blocks
Allow to specify sorted flag, trie fla, and min/max settle time.

Also do not enable trie by default, it must be explicitly enabled.
2022-02-06 23:27:13 +01:00
Ondrej Zajicek (work)
fde1cff012 Nest: Add convenience functions to check rtable net type 2022-02-06 23:27:13 +01:00
Ondrej Zajicek (work)
61375bd0b3 Nest: Avoid unnecessary net_format() in 'show route' command
When output of 'show route' command was generated, the net_format() was
called for each network prematurely, even if the result was not needed.

Fix the code to call net_format() only when needed. This makes queries
that process many networks but show only few (e.g. 'show route where ..',
or 'show route count') much faster (like 5x - 10x faster).
2022-02-06 23:27:13 +01:00
Ondrej Zajicek (work)
9ac16df3d7 Nest: Add trie iteration code to 'show route'
Add trie iteration code to rt_show_cont() CLI hook and use it to
accelerate 'show route in <addr>' commands using interval queries.
2022-02-06 23:27:13 +01:00
Ondrej Zajicek (work)
ea97b89051 Nest: Implement 'show route in <addr>' command
Implement 'show route in <addr>' command, which shows all routes in
networks that are subnets of given network. Currently limited to IP
network types.
2022-02-06 23:27:13 +01:00
Ondrej Zajicek (work)
836a87b8ac Nest: Attach prefix trie to rtable for faster LPM and interval queries
Attach a prefix trie to IP/VPN/ROA tables. Use it for net_route() and
net_roa_check(). This leads to 3-5x speedups for IPv4 and 5-10x
speedup for IPv6 of these calls.

TODO:
 - Rebuild the trie during rt_prune_table()
 - Better way to avoid trie_add_prefix() in net_get() for existing tables
 - Make it configurable (?)
2022-02-06 23:27:13 +01:00
Ondrej Zajicek (work)
f761be6b30 Nest: Clean up main channel handling
Remove assumption that main channel is the only channel.
2021-06-17 16:56:51 +02:00
Ondrej Zajicek (work)
1b9bf4e192 Nest: Fix export of tmpattrs through pipes
Pipes copy the original rte with old values, so they require rte to be
exported with stored tmpattrs. Other protocols access stored attributes
using eattr list, so they require rte to be exported with expanded
tmpattrs. This is temporary hack, we plan to remove whoe tmpattr mechanism.

Thanks to Paul Donohue for the bugreport.
2021-06-14 20:02:50 +02:00
Ondrej Zajicek (work)
3ebabab277 Revert "Nest: Fix export of tmpattrs through pipes"
This reverts commit f8e273b5e7.
2021-06-14 17:58:37 +02:00
Ondrej Zajicek (work)
f8e273b5e7 Nest: Fix export of tmpattrs through pipes
In most cases of export there is no need to store back temporary
attributes to rte, as receivers (protocols) access eattr list anyway.
But pipe copies the original rte with old values, so we should store
tmpattrs also during export.

Thanks to Paul Donohue for the bugreport.
2021-06-14 16:30:59 +02:00
Ondrej Zajicek (work)
596f2e32e3 Nest: Allow both 'password' and 'key' keywords for authentication keys 2021-06-09 19:54:01 +02:00
Ondrej Zajicek (work)
8eea396baf Nest: Fix password list parsing code
One of previous patches broke password list parsing code, fix that.
2021-06-06 19:10:33 +02:00
Toke Høiland-Jørgensen
589f7d1e4f Nest: Allow MAC algorithms to specify min/max key length
Add min/max key length fields to the MAC algorithm description and
validate configured keys before they are used.
2021-06-06 16:28:18 +02:00
Toke Høiland-Jørgensen
35f88b305a Nest: Allow specifying security keys as hex bytes as well as strings
Add support for specifying a password in hexadecimal format, The result
is the same whether a password is specified as a quoted string or a
hex-encoded byte string, this just makes it more convenient to input
high-entropy byte strings as MAC keys.
2021-06-06 16:28:18 +02:00
Toke Høiland-Jørgensen
725d9af94a Lib: Add Blake2s and Blake2b hash functions
The Babel MAC authentication RFC recommends implementing Blake2s as one of
the supported algorithms. In order to achieve do this, add the blake2b and
blake2s hash functions for MAC authentication. The hashing function
implementations are the reference implementations from blake2.net.

The Blake2 algorithms allow specifying an arbitrary output size, and the
Babel MAC spec says to implement Blake2s with 128-bit output. To satisfy
this, we add two different variants of each of the algorithms, one using
the default size (256 bits for Blake2s, 512 bits for Blake2b), and one
using half the default output size.

Update to BIRD coding style done by committer.
2021-06-06 16:26:58 +02:00
Maria Matejka
3d90241f62 Internal route tables have a reduced cleanup routine
This fixes an internal table cleanup bug introduced
in ff397df7ed.
2021-04-19 15:14:55 +02:00
Maria Matejka
7c8b7649f9 Allocation of ea_list in one contiguous memory block
This saves some bytes of memory for complex ea's.
2021-03-30 21:56:08 +02:00
Maria Matejka
ff397df7ed Routing table is now a resource allocated from its own pool
This also fixes memory leaks from import/export tables being never
cleaned up and freed.
2021-03-30 21:56:08 +02:00
Maria Matejka
4635314cef Routing tables list iteration should use explicit node struct position 2021-03-30 21:56:08 +02:00
Ondrej Zajicek (work)
0a3db4c680 Minor fixes for restricted builds 2021-03-17 15:56:12 +01:00
Ondrej Zajicek (work)
2f98153490 Pipe: Propagate debug flags from protocol to channels
Pipe channels are kind-of implicit, so setting protocol debug flags
should also set pipe debug flags.
2021-03-16 20:10:00 +01:00
Ondrej Zajicek (work)
7be3af7fa6 Rate-limit scheduling of work-events
In general, events are code handling some some condition, which is
scheduled when such condition happened and executed independently from
I/O loop. Work-events are a subgroup of events that are scheduled
repeatedly until some (often significant) work is done (e.g. feeding
routes to protocol). All scheduled events are executed during each
I/O loop iteration.

Separate work-events from regular events to a separate queue and
rate limit their execution to a fixed number per I/O loop iteration.
That should prevent excess latency when many work-events are
scheduled at one time (e.g. simultaneous reload of many BGP sessions).
2021-03-12 15:35:56 +01:00
Ondrej Zajicek (work)
211fe69c98 Nest: No automatic ROA reload on non-reloadable channels 2021-03-09 18:37:52 +01:00
Ondrej Zajicek (work)
d3782c72b9 Nest: Add option to control automatic RPKI reload
Also, no automatic reload for BGP channels without import/export table.
2021-02-12 05:05:18 +01:00
Vincent Bernat
714238716e BGP: Add support for BGP hostname capability
This is an implementation of draft-walton-bgp-hostname-capability-02.
It is implemented since quite some time for FRR and in datacenter, this
gives a nice output to avoid using IP addresses.

It is disabled by default. The hostname is retrieved from uname(2) and
can be overriden with "hostname" option. The domain name is never set
nor displayed.

Minor changes by committer.
2021-02-10 16:53:57 +01:00
Ondrej Zajicek (work)
00b85905b9 Nest: Automatic channel reloads based on RPKI changes
If there are roa_check() calls in channel filters, then the channel
subscribes to ROA table notifications, which are sent when ROA tables
are updated (subject to settle time) and trigger channel reload or
refeed.
2021-02-10 03:09:57 +01:00
Ondrej Zajicek (work)
d06a875b04 Filter: Recursive filter iteration code
Add macros for recursive filter iteration that allows to examine
all instructions reachable from a filter.
2021-02-07 19:21:42 +01:00
Ondrej Zajicek (work)
7a1f4baac1 Nest: remove last_tx_filter_change
No longer needed after redesign of export handling.
2021-01-06 14:51:49 +01:00
James Lu
455c13dc99 Nest: Read Babel metric as IGP metric
(Minor syntactic changes by committer)
2020-12-29 02:25:21 +01:00
Ondrej Zajicek (work)
61dae32b29 Nest: Per-channel debug flags
The patch add support for per-channel debug flags, currently just
'states', 'routes', and 'filters'. Flag 'states' is used for channel
state changes, remaining two for routes passed through the channel.
The per-protocol debug flags 'routes'/'filters' still enable reporting
of routes for all channels, to keep existing behavior.

The patch causes minor changes in some log messages.
2020-12-07 22:19:40 +01:00
Ondrej Zajicek (work)
30b8468269 Minor cleanups with cfg_allocz()
Also fixes some more failed asserts due to add_tail().
2020-11-24 04:09:11 +01:00
Ondrej Zajicek (work)
1678bc0746 Fix some failed asserts due to add_tail()
When config structures are copied due to template application,
we need to reset list node structure before calling add_tail().

Thanks to Mikael Magnusson for patches.
2020-11-24 03:42:23 +01:00
Ondrej Zajicek (work)
c9ae81656f Some minor sl_allocz() cleanups 2020-11-24 03:21:44 +01:00
Ondrej Zajicek (work)
b962967e20 Nest: Fix crash in receive limit handling in import table
Logging as a result of triggered receive limit in import table code
accesset rte->net, which was not filed yet.

Thanks to Pier Carlo Chiodi for the bugreport.
2020-11-15 16:01:19 +01:00
Ondrej Zajicek (work)
3b56bf8849 BFD: Better handling of BFD options in BGP configs
Merge multiple BFD option blocks in BGP configs instead of using the last
one. That is necessary for proper handling of templates when BFD options
are used both in a BGP template and in a BGP protocol derived from that
template.
2020-11-12 04:02:38 +01:00
Ondrej Zajicek (work)
9d3fc3062b BFD: Allow per-request session options
BFD session options are configured per interface in BFD protocol. This
patch allows to specify them also per-request in protocols requesting
sessions (currently limited to BGP).
2020-11-08 15:33:22 +01:00
Ondrej Zajicek (work)
c0e1f534c9 Nest: Keep route ordering during route updates
Put new non-best routes to the end of list instead of the second
position. Put updated routes to their old position. Position is changed
just by best route selection.
2020-07-16 15:02:10 +02:00
Ondrej Zajicek (work)
c26c6bc2d7 Show info from multiple protocols when protocol is not specified
Most commands like 'show ospf neighbors' fail when protocol is not
specified and there are multiple instances of given protocol type.
This is annoying in BIRD 2, as many protocols have IPv4 and IPv6
instances. The patch changes that by showing output from all protocol
instances of appropriate type.

Note that the patch also removes terminating cli_msg() call from these
commands and moves it to the common iterating code.
2020-06-28 15:38:47 +02:00
Ondrej Zajicek (work)
1ca7665fa4 Nest: Allow key id 0
There is nothing in RFCs specifying that id 0 is not allowed. Some
implementations does not support it, while some other use key id 0 by
default. We allow it but start with key id 1 by default.

Thanks to Kenth Eriksson for the bugreport.
2020-05-19 02:50:47 +02:00
Ondrej Zajicek (work)
ec430a7fee Nest: Implement BGP path mask loop operator
Implement regex-like '+' operator in BGP path masks to match previous
path mask item multiple times. This is useful as ASNs may appear
multiple times in paths due to path prepending for traffic engineering
purposes.
2020-05-18 16:25:08 +02:00
Ondrej Zajicek (work)
b8bbbbaf56 Nest: Fix neighbor handling for colliding ranges
Resolve neighbors using longest prefix match. Although interface ranges
should not generally collide, it may happen for unnumbered links.

Thanks to Kenth Eriksson for the bugreport.
2020-05-11 04:29:36 +02:00
Maria Matejka
b12442c985 Fixed a harmless warning in production build 2020-05-01 15:41:42 +02:00
Maria Matejka
3bb10b4d31 Uninitialized list nodes fixes 2020-05-01 15:19:12 +02:00
Maria Matejka
258be56539 Nest: Added const to ea_show just to declare that this shouldn't really change anything 2020-05-01 15:19:12 +02:00
Maria Matejka
0fa8bf91cd Nest: Several assumptions to tame the static analyzer 2020-05-01 15:19:12 +02:00
Maria Matejka
bbe49ae569 Nest: Assumption in rt-show for not-so-intuitive invariant. 2020-05-01 15:19:12 +02:00
Nasato Goto
a6548d5b5b BGP: Fix handling of 16bit-only ASN translation
The bug generated invalid AGGREGATOR attribute during translation of
32bit ASN to 16bit-only BGP peer. The patch fixes that.
2020-04-15 03:46:53 +02:00
Maria Matejka
fd9f0c0640 Configuration strings are constant.
This is merely a const propagation. There was no problem in there.
2020-04-09 15:37:14 +02:00
Ondrej Zajicek (work)
2755002890 Filter: Optimize IPv4 prefix sets
Use separate IPv4 and IPv6 implementation of prefix sets. Just this
change makes IPv4 prefix sets 60% smaller and 50% faster.
2020-03-26 03:57:48 +01:00