Commit graph

217 commits

Author SHA1 Message Date
Ondrej Zajicek
c9df01d321 Fixes several minor bugs in kernel syncer. 2012-03-25 19:44:14 +02:00
Ondrej Zajicek
9ba2798c65 Adds krt_metric linux route attribute. 2012-03-23 17:22:13 +01:00
Ondrej Zajicek
732a0a257d Fixes problems with creating/removing/renaming ifaces on BSD. 2012-01-23 01:26:40 +01:00
root
4b3a8ff8c6 Extend buffer for netlink messages. 2012-01-09 16:57:45 +01:00
Ondrej Zajicek
a7f23f581f Implements protocol templates.
Based on the patch from Alexander V. Chernikov.
Extended to support almost all protocols.
Uses 'protocol bgp NAME from TEMPLATE { ... }' syntax.
2011-11-07 00:31:23 +01:00
Ondrej Zajicek
32f95476a8 Signal problems with route installation to kernel tables. 2011-10-06 22:48:49 +02:00
Ondrej Zajicek
b1b1943360 The generalized TTL security mechanism (RFC 5082) support.
Thanks to Alexander V. Chernikov for the patch.
2011-08-16 23:13:05 +02:00
root
aca0e79faa Handles missing macro. 2011-07-29 14:52:28 +02:00
Ondrej Zajicek
e8b89a6104 Update and document the privilege restriction. 2011-05-15 16:29:44 +02:00
Ondrej Zajicek
1bc2695744 Allows run with restricted privileges.
Adds option -u and -g to specify user and group.
When different user (than root) is specified,
linux capabilities CAP_NET_* are kept.
2011-05-10 02:42:17 +02:00
Ondrej Zajicek
71ca77169d Adds support for several Linux kernel route attributes. 2011-04-13 12:32:27 +02:00
Ondrej Zajicek
83696b3913 Hide 6to4 route warnings. 2011-03-29 02:44:39 +02:00
Ondrej Zajicek
52a43ae3b7 Minor changes in addresses.
Mainly changes IA_UNNUMBERED to IA_PEER and adds IA_HOST. Also do not
show broadcast addr in show interfaces. Nobody cares for that.
2011-03-28 22:46:18 +02:00
Ondrej Zajicek
32b4972834 Multipath support for linux kernel protocol. 2010-12-07 23:36:11 +01:00
Ondrej Zajicek
01427d3f2b Remove some runaway debug messages and typos. 2010-11-19 18:03:27 +01:00
Ondrej Zajicek
f25cb0ef9f Implements link state detection.
Also changes some symbol names (IFF_ADMIN_DOWN -> IFF_SHUTDOWN,
IFF_LINK_UP -> IFF_ADMIN_UP).
2010-11-11 10:03:02 +01:00
Ondrej Zajicek
cfe34a316e Implements hostcache and recursive next hops.
Hostcache is a structure for monitoring changes in a routing table that
is used for routes with dynamic/recursive next hops. This is needed for
proper iBGP next hop handling.
2010-07-05 17:50:19 +02:00
Ondrej Zajicek
691057f033 Support loopback/dummy addresses. 2010-05-26 16:09:22 +02:00
Ondrej Zajicek
87a9abeac9 Fixes interface scan on Linux 2.4.x in IPv6 mode. 2010-05-21 15:17:49 +02:00
Ondrej Zajicek
ba32170657 Better support for /31 networks. 2010-04-28 00:39:57 +02:00
Ondrej Filip
6bc414d619 It seems that prefixes /31 and /127 are valid and used in this strange world. 2010-04-19 16:10:20 +02:00
Ondrej Zajicek
646b24d932 Minor changes. 2010-04-08 17:45:50 +02:00
Ondrej Zajicek
c429d4a4ba Restrict export of device routes to the kernel protocol.
In usual configuration, such export is already restricted
with the aid of the direct protocol but there are some
races that can circumvent it. This makes it harder to
break kernel device routes. Also adds an option to
disable this restriction.
2010-04-04 15:41:31 +02:00
Ondrej Zajicek
e7b09e4ab9 Use SO_BINDTODEVICE also in Linux/IPv6. 2010-04-02 16:11:46 +02:00
Ondrej Zajicek
bed417288e Minor fixes to previous patches. 2010-04-02 11:31:20 +02:00
Ondrej Zajicek
0aad2b9292 Temporary OSPF commit - sockets. 2010-03-14 16:36:59 +01:00
Ondrej Zajicek
54305181f6 Merge branch 'new' into socket2 2010-03-11 18:55:59 +01:00
Ondrej Zajicek
ff2857b03d Many changes in (mainly) kernel syncers.
- BSD kernel syncer is now self-conscious and can learn alien routes
- important bugfix in BSD kernel syncer (crash after protocol restart)
- many minor changes and bugfixes in kernel syncers and neighbor cache
- direct protocol does not generate host and link local routes
- min_scope check is removed, all routes have SCOPE_UNIVERSE by default
- also fixes some remaining compiler warnings
2010-02-26 10:55:58 +01:00
Ondrej Zajicek
e81b440f68 Fix configure to enable warnings and fix most of them. 2010-02-21 14:34:53 +01:00
Ondrej Zajicek
353729f513 Temporary OSPF commit - socket changes. 2010-02-11 10:23:35 +01:00
Ondrej Zajicek
3f22fa9e74 Merge branch 'dev' into ospf3 2009-11-09 22:54:39 +01:00
Ondrej Zajicek
9d4d38d1a5 Fixes some problems related to link-local routes in KRT interface. 2009-10-28 22:39:24 +01:00
Ondrej Zajicek
bff74c7aa3 Allows importing 'onlink' routes. 2009-10-20 19:04:28 +02:00
Ondrej Zajicek
aa7088fe26 Fixes one previous commit. 2009-09-30 16:34:47 +02:00
Ondrej Zajicek
2d507e64b7 Do not allow gateway routes with NULL iface. 2009-09-24 19:08:14 +02:00
Ondrej Zajicek
be86240662 Temporary OSPFv3 development commit.
Finally, it is working.
2009-09-08 13:45:02 +02:00
Ondrej Zajicek
f9c799a00e Temporary OSPFv3 development commit (changing multicast support). 2009-09-04 11:06:51 +02:00
Ondrej Zajicek
b49e6f5a65 Temporary OSPFv3 development commit 2009-08-25 16:42:14 +02:00
Ondrej Zajicek
86975e584e Allow more kernel routing tables in IPv6. 2009-08-21 09:43:31 +02:00
Ondrej Zajicek
51f4469f03 Fixes problems with rewriting of kernel device routes. 2009-05-29 17:36:37 +02:00
Ondrej Zajicek
6c84554b67 Merge branch 'master' into dev 2009-05-21 09:26:59 +02:00
Ondrej Zajicek
19e10907c1 Fixes communication on netlink sockets
Independent sessions on netlink sockets mixed state
in some common variables.
2009-05-08 14:37:06 +02:00
Ondrej Filip
2b70f0742e Linux specific TCP-MD5 handling moved to sysdep/linux/sysio.h
FreeBSD coded added. BSD cannot set BGP passwords itself.
This has to be done by external command.
2009-05-04 18:17:46 +02:00
Ondrej Zajicek
e366625c0e Fixes mixed-up messages on netlink socket
Under specific circumstances there might be two mixed-up
netlink sessions (one for scan, the other for route change
request). This patch separates netlink scans and requests
to two fds (and seq counters).

This should fix http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=428865
2009-04-17 18:43:11 +02:00
Ondrej Zajicek
cb53039271 Rate limit for most abundant log messages 2009-02-26 14:23:54 +01:00
Ondrej Zajicek
11ec0f1a51 Fixes compilation on older systems.
Older kernel headers (the ones in Debian Sarge) does not
have __kernel_sockaddr_storage .
2009-01-16 12:49:51 +01:00
Ondrej Zajicek
6c8102e3a8 Ignore messages related to wireless extensions. 2008-11-04 14:51:45 +01:00
Ondrej Zajicek
a98fbf0f12 Merge branch 'dev' into out 2008-10-27 00:20:22 +01:00
Ondrej Zajicek
4c94a6c7e7 Do not repeat 'Invalid broadcast address' error message.
'Invalid broadcast address' error is reported only once for
an interface and not during every interface scan.
2008-10-26 23:23:09 +01:00
Ondrej Zajicek
d7f3b30649 Ignore unknown netlink events.
Bird sometimes reported 'bird: nl_parse_link: Malformed message received'.
The cause is that bird asynchronously received netlink packet from
wireless driver about some wireless event on its link layer. In that
case bird shouldn't complain.
2008-10-26 23:20:50 +01:00
Ondrej Zajicek
1567edea8d Bugfix for routing table breaking bug.
Here is a patch fixing a bug that causes breakage of a local routing
table during shutdown of Bird. The problem was caused by shutdown
of 'device' protocol before shutdown of 'kernel' protocol.  When
'device' protocol went down, the route (with local network prefix)
From different protocol (BGP or OSPF) became preferred and installed
to the kernel routing table. Such routes were broken (like
192.168.1.0/24 via 192.168.1.2). I think it is also the cause
of problem reported by Martin Kraus.

The patch disables updating of kernel routing table during shutdown of
Bird. I am not sure whether this is the best way to fix it, I would
prefer to forbid 'kernel' protocol to overwrite routes with
'proto kernel'.

The patch also fixes a problem that during shutdown sometimes routes
created by Bird remained in the kernel routing table.
2008-10-26 23:09:46 +01:00
Ondrej Zajicek
d51aa28190 Implementation of MD5 authentication of BGP sessions. 2008-10-26 22:42:39 +01:00
Martin Mares
057021df0d Fix behavior of ipa_opposite().
It was giving wrong results on /30 networks.
2008-08-25 11:19:49 +00:00
Martin Mares
9831e5916f Staticized lots of local functions. 2004-06-05 09:58:23 +00:00
Martin Mares
6578a60493 Marked unused parameters in sysdep code as such. 2004-06-05 09:11:07 +00:00
Martin Mares
abf06173a3 Current Linux kernels don't remember rtm_protocol for IPv6 routes and supply RTPROT_BOOT instead.
Work around that.
2003-02-22 23:06:32 +00:00
Martin Mares
8001948b43 Report link-scope addresses as well. 2003-02-22 22:38:15 +00:00
Martin Mares
5fc7c5c513 Don't loop forever when trying to skip an out-sequence netlink reply. 2001-08-03 08:44:51 +00:00
Martin Mares
2836ce3951 Check broadcast address sanity before believing it. 2000-06-21 09:58:09 +00:00
Martin Mares
ca00d4a13a Fix numbering of routing tables in IPv6 version. 2000-06-18 19:49:32 +00:00
Martin Mares
df49d4e14b Removed lots of trailing newlines in log messages.
Please note that the only calls which don't add newlines automatically
(i.e., don't print a full line of output) are debug() and DBG().
2000-06-04 19:56:06 +00:00
Martin Mares
4a91150175 Updated for new scope handling.
Also, provide proper address scopes in struct ifa.
2000-06-01 12:58:41 +00:00
Martin Mares
0e5aa966cc Multicast problems should be gone, although the fix is Linux only and we'll
need to figure out something better when working on new ports.
2000-05-11 16:30:56 +00:00
Martin Mares
109c2f6cf3 If a broadcast address is missing, go fake one. 2000-05-11 12:30:06 +00:00
Martin Mares
b6c9d8eb2e Removed the `async' switch which was used for debugging only anyway.
Don't moan when netlink reports lost packets.
2000-05-08 12:05:55 +00:00
Martin Mares
94e935d8a2 Incoming buffer must be at least 8KB long. 2000-05-08 11:02:53 +00:00
Martin Mares
84f0700205 IPv6 support compiles on both glibc 2.0 and 2.1. 2000-05-06 21:46:09 +00:00
Martin Mares
9a220cabbc #ifdef out lots of debugging information.
The long resource/routing table dump printed upon startup is gone now
and if you wish to see it, just send bird SIGUSR1 or use the `debug'
commands.
2000-05-04 20:52:28 +00:00
Martin Mares
93a786cb03 Removed a lot of unused variables.
Please try compiling your code with --enable-warnings to see them. (The
unused parameter warnings are usually bogus, the unused variable ones
are very useful, but gcc is unable to control them separately.)
2000-05-04 20:30:36 +00:00
Martin Mares
f380aa60fa IPv6 compiles with glibc 2.1. 2000-04-20 23:05:41 +00:00
Martin Mares
221135d6bf Include "lib/string.h" instead of <string.h>. It should give us bzero()
and other non-portable functions on all systems.
2000-03-31 23:30:21 +00:00
Martin Mares
832fa033b7 Cleaned up debugging in kernel syncer. Netlink has still LOCAL_DEBUG
turned on, but after some testing I'll gag it.
2000-03-12 21:54:39 +00:00
Martin Mares
d07bab3997 ipa_opposite hack is not applicable in IPv6. 2000-03-01 11:29:30 +00:00
Martin Mares
6a636392d3 Rewrote interface type detection logic. The `unnumbered' flag is now per
address, not per interface (hence it's ifa->flags & IA_UNNUMBERED) and
should be set reliably. IF_MULTIACCESS should be fixed now, but it isn't
wise to rely on it on interfaces configured with /30 prefix.
2000-02-29 23:19:52 +00:00
Martin Mares
aa8761de94 Kernel route syncer now supports dynamic reconfiguration. Also it doesn't
depend on the startup counter hack now and uses a zero-time timer instead
to make itself scheduled after normal protocol startup.
2000-01-18 10:39:30 +00:00
Martin Mares
fb89b1a4ce Removed point-to-point tunnel hack as it breaks ordinary PtP interfaces.
I'll find a better solution soon.
2000-01-17 12:40:00 +00:00
Martin Mares
f7fcb75252 Reconfiguration for device protocol. 2000-01-17 11:17:33 +00:00
Martin Mares
476e108425 Minor cleanups. 1999-12-16 13:51:43 +00:00
Martin Mares
a2867cd957 Better order of includes.
set_inaddr() moved to sysio.h.
1999-12-16 13:14:02 +00:00
Martin Mares
67ece6df42 Tried to clean up multicast handling. Now we don't try to guess
multicast abilities depending on definedness of symbols and use hard-wired
system-dependent configuration defines instead.

Please test whereever you can.
1999-12-16 13:06:13 +00:00
Martin Mares
30bc402ebb Temporary work-arounds for multicast problems. Needs further investigation. 1999-12-08 15:12:54 +00:00
Martin Mares
2727bb7c5b Renamed attr->attrs to attr->eattrs. 1999-11-04 13:29:43 +00:00
Martin Mares
4532a89e31 Taught Netlink how to behave in IPv6 world. 1999-08-03 19:37:37 +00:00
Martin Mares
dce267832a Basic support for IPv6. The system-dependent part doesn't work yet,
but the core routines are there and seem to be working.

   o  lib/ipv6.[ch] written
   o  Lexical analyser recognizes IPv6 addresses and when in IPv6
      mode, treats pure IPv4 addresses as router IDs.
   o  Router ID must be configured manually on IPv6 systems.
   o  Added SCOPE_ORGANIZATION for org-scoped IPv6 multicasts.
   o  Fixed few places where ipa_(hton|ntoh) was called as a function
      returning converted address.
1999-08-03 19:36:06 +00:00
Martin Mares
7de45ba4a0 Kernel route syncer supports multiple tables.
The changes are just too extensive for lazy me to list them
there, but see the comment at the top of sysdep/unix/krt.c.
The code got a bit more ifdeffy than I'd like, though.

Also fixed a bunch of FIXME's and added a couple of others. :)
1999-08-03 19:33:22 +00:00
Martin Mares
4f1a6d27b9 Kill remaining master_table relics in KRT code.
Make all protocols pass routing table to rte_update and rte_discard.
1999-05-17 20:16:53 +00:00
Martin Mares
a2697f02ac Netlink support for secondary interface addresses. 1999-05-07 13:46:16 +00:00
Martin Mares
9a158361da I rewrote the interface handling code, so that it supports multiple
addresses per interface (needed for example for IPv6 support).

Visible changes:

o  struct iface now contains a list of all interface addresses (represented
   by struct ifa), iface->addr points to the primary address (if any).
o  Interface has IF_UP set iff it's up and it has a primary address.
o  IF_UP is now independent on IF_IGNORED (i.e., you need to test IF_IGNORED
   in the protocols; I've added this, but please check).
o  The if_notify_change hook has been simplified (only one interface pointer
   etc.).
o  Introduced a ifa_notify_change hook. (For now, only the Direct protocol
   does use it -- it's wise to just listen to device routes in all other
   protocols.)
o  Removed IF_CHANGE_FLAGS notifier flag (it was meaningless anyway).
o  Updated all the code except netlink (I'll look at it tomorrow) to match
   the new semantics (please look at your code to ensure I did it right).

Things to fix:

o  Netlink.
o  Make krt-iface interpret "eth0:1"-type aliases as secondary addresses.
1999-05-06 21:38:11 +00:00
Martin Mares
08e2d6259a Removed TOS support. This simplifies many things a lot. 1999-04-12 18:01:07 +00:00
Martin Mares
c10421d3d4 More changes to the kernel syncer.
o  Now compatible with filtering.
o  Learning of kernel routes supported only on CONFIG_SELF_CONSCIOUS
   systems (on the others it's impossible to get it semantically correct).
o  Learning now stores all of its routes in a separate fib and selects
   the ones the kernel really uses for forwarding packets.
o  Better treatment of CONFIG_AUTO_ROUTES ports.
o  Lots of internal changes.
1999-04-03 13:05:18 +00:00
Martin Mares
fb71b23e60 Remember that we can run device syncer without kernel syncer
and vice versa now.
1999-03-29 20:33:45 +00:00
Martin Mares
1127ac6ec7 Cleaned up system configuration files -- removed few obsolete parameters,
documented the remaining ones (sysdep/cf/README).

Available configurations:

   o  linux-20: Old Linux interface via /proc/net/route (selected by default
		on pre-2.1 kernels).
   o  linux-21: Old Linux interface, but device routes handled by the
		kernel (selected by default for 2.1 and newer kernels).
   o  linux-22: Linux with Netlink (I play with it a lot yet, so it isn't
		a default).
   o  linux-ipv6: Prototype config for IPv6 on Linux. Not functional yet.
1999-03-27 22:51:05 +00:00
Martin Mares
7e5f5ffdda Moved to a much more systematic way of configuring kernel protocols.
o  Nothing is configured automatically. You _need_ to specify
     the kernel syncer in config file in order to get it started.
  o  Syncing has been split to route syncer (protocol "Kernel") and
     interface syncer (protocol "Device"), device routes are generated
     by protocol "Direct" (now can exist in multiple instances, so that
     it will be possible to feed different device routes to different
     routing tables once multiple tables get supported).

See doc/bird.conf.example for a living example of these shiny features.
1999-03-26 21:44:38 +00:00
Martin Mares
f79a749d0b Removed our declaration of RTPROT_BIRD since Alexey has assigned
us a real protocol number in 2.2.4 kernel.
1999-03-24 09:23:34 +00:00
Martin Mares
111213f0b6 Fixed processing of !krt_capable() routes. Converted device route decisions
to the krt_capable mechanism as well.
1999-03-04 19:00:31 +00:00
Martin Mares
e16155ae4a KRT: Implemented asynchronous route / interface state notifications
(via Netlink). Tweaked kernel synchronization rules a bit. Discovered
locking bug in kernel Netlink :-)

Future plans: Hunt all the bugs and solve all the FIXME's.
1999-03-04 18:36:18 +00:00
Martin Mares
2253c9e239 Although there are still heaps of FIXME's, Netlink works.
To build BIRD with Netlink support, just configure it with

	./configure --with-sysconfig=linux-21

After it will be tested well enough, I'll probably make it a default
for 2.2 kernels (and rename it to linux-22 :)).
1999-03-04 14:23:32 +00:00
Martin Mares
f81dc8564a Converted some mb_alloc/bzero pairs to mb_allocz. 1999-03-04 11:40:05 +00:00
Martin Mares
aa64578641 Netlink scans routes... 1999-03-03 20:57:29 +00:00
Martin Mares
2d14045224 Rewrote the kernel syncer. The old layering was horrible.
The new kernel syncer is cleanly split between generic UNIX module
and OS dependent submodules:

  -  krt.c (the generic part)
  -  krt-iface (low-level functions for interface handling)
  -  krt-scan (low-level functions for routing table scanning)
  -  krt-set (low-level functions for setting of kernel routes)

krt-set and krt-iface are common for all BSD-like Unices, krt-scan is heavily
system dependent (most Unices require /dev/kmem parsing, Linux uses /proc),
Netlink substitues all three modules.

We expect each UNIX port supports kernel routing table scanning, kernel
interface table scanning, kernel route manipulation and possibly also
asynchronous event notifications (new route, interface state change;
not implemented yet) and build the KRT protocol on the top of these
primitive operations.
1999-03-03 19:49:56 +00:00
Martin Mares
7972248d5d Netlink module supports interface scan on startup. Working on more. 1999-03-02 18:37:02 +00:00
Martin Mares
b982b6db2b Implemented netlink protocol parsing functions. More to come tomorrow. 1999-03-01 22:31:27 +00:00
Martin Mares
bdb95a21a4 Added skeletal version of Linux netlink interface. It doesn't work yet,
but the framework is there and I'll try finish it soon.
1999-03-01 20:17:46 +00:00
Martin Mares
025d14cd5a Use traditional Unix route/iface interface only when CONFIG_NETLINK
is not defined. Also moved declarations of Unix iface logic to krt.h.
1999-03-01 19:05:58 +00:00
Martin Mares
7f3d1a0850 Squashed one bug in timing of route scans. 1999-02-13 19:57:19 +00:00
Martin Mares
ed245f967f Synced Linux sysdeps to new interface. 1999-02-05 21:39:21 +00:00
Martin Mares
08c69a7720 die() -> bug() where appropriate. 1998-12-20 14:27:37 +00:00
Martin Mares
8e66a0ebb9 Hopefully finished kernel syncer (krt) rewrite:
o  Interface syncing is now a part of krt and it can have configurable
     parameters. Actually, the only one is scan rate now :)
  o  Kernel routing table syncing is now synchronized with interface
     syncing (we need the most recent version of the interface list
     to prevent lots of routes to non-existent destinations from
     appearing). Instead of its own timer, we just check if it's
     route scan time after each iface list scan.
  o  Syncing of device routes implemented.
  o  CONFIG_AUTO_ROUTES should control syncing of automatic device routes.
  o  Rewrote krt_remove_route() to really remove routes :)
  o  Better diagnostics.
  o  Fixed a couple of bugs.
1998-12-08 18:37:58 +00:00
Martin Mares
f39e4713c2 Rewritten kernel syncer. Now uses the rta trickery I've introduced yesterday
and does things "the right way". Few things are still missing (device
routes etc.), I'll add them later in the evening.
1998-12-08 16:20:13 +00:00
Martin Mares
cdc6bfa70f Comparison of kernel reject routes fixed. 1998-12-07 10:16:15 +00:00
Martin Mares
980ffedbb0 Kernel syncer is now configurable. It will probably need some more
options, but at least basic tuning is possible now.
1998-12-06 17:40:42 +00:00
Martin Mares
756b86dea3 Learn static device routes from the kernel (temporary until we can make
such things configurable).
1998-10-20 16:39:04 +00:00
Martin Mares
0804525255 Basic kernel routing table syncing implemented. Learning of routes installed
by other programs or the kernel itself is not supported yet, but it's not
needed for development of other protocols.
1998-10-19 17:52:29 +00:00
Martin Mares
16a8ba30a9 We parse /proc/net/route and flag RT entries according to it. More to come
today in the morning...
1998-10-18 22:25:56 +00:00
Martin Mares
7e7790c61f Since almost every UNIX system requires different techniques for reading
the kernel routing table as opposed to modifying it which is approximately
the same on non-netlink systems, I've split the kernel routing table
routines to read and write parts. To be implemented later ;-)
1998-10-18 12:50:43 +00:00
Martin Mares
25697773b5 The library is now glued together from generic and OS-dependent parts
by the `mergedirs' script. Few more IP address manipulation functions
and some fixes.
1998-05-15 07:56:13 +00:00
Martin Mares
58ef912c6b First look at data structures. More to come tomorrow... 1998-04-22 12:58:34 +00:00