Commit graph

381 commits

Author SHA1 Message Date
Maria Matejka
fd9f0c0640 Configuration strings are constant.
This is merely a const propagation. There was no problem in there.
2020-04-09 15:37:14 +02:00
Ondrej Zajicek (work)
78e4a123bb BGP: Handle flowspec rules without dst part
The RFC 5575 does not explicitly reject flowspec rules without dst part,
it just requires dst part in validation procedure for feasibility, which
we do not implement anyway. Thus flow without dst prefix is syntactically
valid, but unfeasible (if feasibilty testing is done).

Thanks to Alex D. for the bugreport.
2020-03-03 17:45:16 +01:00
Ondrej Zajicek (work)
757cab18d6 BGP: Support for MD5SIG together with remote range
When dynamic BGP with remote range is configured, MD5SIG needs to use
newer socket option (TCP_MD5SIG_EXT) to specify remote addres range for
listening socket.

Thanks to Adam Kułagowski for the suggestion.
2020-02-27 17:29:17 +01:00
Ondrej Zajicek (work)
21d09632a5 BGP: Add some statistics
Add some statistic counters to BGP consistent with BGP MIB (RFC 4273),
including persistent 'FSM established transitions'.
2019-12-03 18:05:41 +01:00
Ondrej Zajicek (work)
0f88200247 BGP: Fix processing of IPv6 Flowspec
During NLRI parsing of IPv6 Flowspec, dst prefix was not properly
extracted from NLRI, therefore a received flow was stored in a different
position in flowspec routing table, and was not reachable by command
'show route <flow>'.

Add proper prefix part accessors to flowspec code and use them from BGP
NLRI parsing code.

Thanks to Alex D. for the bugreport.
2019-11-18 17:56:51 +01:00
Ondrej Zajicek (work)
0b228fca04 BGP: Add option to enforce first AS in AS_PATH
This is optional check described in RFC 4271. Although this can be also
done by filters, it is widely implemented option in BGP implementations.

Thanks to Eugene Bogomazov for the original patch.
2019-11-10 02:06:07 +01:00
Ondrej Zajicek (work)
a52476c9be BGP: Add option to reject AS_SETs
There is a pending draft to make them obsolete
2019-11-04 22:09:35 +01:00
Ondrej Zajicek (work)
be7c1aef42 BGP: RFC 8654 got released 2019-10-26 01:32:24 +02:00
Ondrej Zajicek (work)
ec331acf48 BGP: Fix handling of transitive extended communities
Transitive extended communities should be removed on external sessions,
the old code them in all cases.

Thanks to Jean-Daniel Pauget for the original patch.
2019-10-24 17:50:19 +02:00
Ondrej Zajicek (work)
6c9cda6f92 BGP: Fix reconfiguration with import table
Change of some options requires route refresh, but when import table is
active, channel reload is done from it instead of doing full route
refresh. So in this case we request it internally.
2019-10-10 23:33:40 +02:00
Ondrej Zajicek (work)
09ee846d92 BGP: AIGP metric support (RFC 7311) 2019-10-09 17:53:23 +02:00
Ondrej Zajicek (work)
eb1e43a9af BGP: Fix setup with multiple dynamic BGP ranges
Based on a patch from Liam Nattrass, thanks.
2019-09-17 14:45:14 +02:00
Ondrej Zajicek (work)
1127887a8b BGP: Fix handling of bgp_aggregator atttribute
The attribute should not be modifiable by filters as we do not
support its type.
2019-09-09 13:17:30 +02:00
Ondrej Zajicek (work)
8388f5a7e1 BGP: Fix bugs in handling of shutdown messages
There is an improper check for valid message size, which may lead to
stack overflow and buffer leaks to log when a large message is received.

Thanks to Daniel McCarney for bugreport and analysis.
2019-09-09 03:13:35 +02:00
Ondrej Zajicek (work)
4fa0e472cf BGP: Use reallocation for capability structure
Instead of having large stack buffer for max amount of AFI/SAFI pairs.
The old code is not correct w.r.t. extendeded option length, as more
AFI/SAFI pairs may fit into the capability option.
2019-08-21 17:16:08 +02:00
Ondrej Zajicek (work)
524d253853 BGP: Implement extended optional parameters length
Extends BGP options/capabilities data length to 16bit, to avoid issues
with too many capabilities. See draft-ietf-idr-ext-opt-param-07
2019-08-20 19:15:50 +02:00
Ondrej Zajicek (work)
b7d7599ce3 BGP: implement Adj-RIB-Out
The patch implements optional internal export table to a channel and
hooks it to BGP so it can be used as Adj-RIB-Out. When enabled, all
exported (post-filtered) routes are stored there. An export table can be
examined using e.g. 'show route export table bgp1.ipv4'.
2019-08-14 06:02:33 +02:00
Ondrej Zajicek (work)
e2b530aa72 BGP: Improve reconfiguration
Several BGP channel options (including 'next hop self') could be
reconfigured without session reset, with just route refeed/refresh.
The patch improves reconfiguration code to do it that way.
2019-08-06 15:29:06 +02:00
Ondrej Zajicek (work)
f6a6a77640 BGP: Fix 'deterministic med' to work with 'merge paths'
The 'deterministic med' option is implemented by suppressing other than
best-in-group routes (grouped by ASN) from best route selection. This
interferes with 'merge paths' as supressed routes are no longer mergable
with best route. This is fixed by suppressing only those routes that are
not mergable with best-in-group route.
2019-08-06 15:09:42 +02:00
Ondrej Zajicek (work)
cec40a7467 Merge remote-tracking branch 'origin/mq-filter-stack' 2019-07-24 15:38:32 +02:00
Ondrej Zajicek (work)
15b0a92294 RPKI: Fix reconfiguration when ssh parameters are undefined 2019-07-23 01:52:18 +02:00
Ondrej Zajicek (work)
cf7ff99513 BFD: Support for VRFs
Allow multiple BFD instances in separate VRFs, dispatch BFD requests
according to VRFs.

Thanks to Alexander Zubkov for notice and patches.
2019-07-17 16:20:35 +02:00
Maria Matejka
eac9250fd5 Merge branch 'master' into mq-filter-stack 2019-07-03 11:12:25 +02:00
Maria Matejka
78976974e7 Dynamic attributes definition split whether it is bitmask or not. 2019-07-03 00:00:11 +02:00
Maria Jan Matejka
026bfedb33 BGP: Prefix hash is too small, increase its max size.
This doesn't make any change for you until you have
millions of updates waiting to be sent. Increasing
the max hash size from 2^20 to 2^24.
2019-07-01 09:05:54 +02:00
Maria Jan Matejka
9dac814ee8 BGP: split tx explicitly
If BGP has too many data to send and BIRD is slower than the link, TX is
always possible until all data is sent. This patch limits maximum number
of generated BGP messages in one iteration of TX hook.
2019-07-01 09:05:50 +02:00
Ondrej Zajicek (work)
8a68316eb9 Nest: Add command to request graceful restart
When 'graceful down' command is entered, protocols are shut down
with regard to graceful restart. Namely Kernel protocol does
not remove routes and BGP protocol does not send notification,
just closes the connection.
2019-06-30 21:29:24 +02:00
Ondrej Zajicek (work)
d35fb9d732 BGP: Fix bug introduced in one of last patches 2019-06-12 16:37:12 +02:00
Alexander Azimov
7ff34ca2cb BGP: Compliance with RFC8203bis 2019-04-30 13:55:43 +02:00
Ondrej Zajicek (work)
0b1e1e1a00 BGP: Output Local AS number in show protocol
Useful for implementation of agents implementing the SNMP-BGP MIB, which
requires the local AS of a session to be specified.

Thanks to Jan-Philipp Litza for the patch.
2019-04-30 13:44:11 +02:00
Ondrej Zajicek (work)
e0835db4f1 BGP: Dynamic BGP
Support for dynamically spawning BGP protocols for incoming connections.
Use 'neighbor range' to specify range of valid neighbor addresses, then
incoming connections from these addresses spawn new BGP instances.
2019-04-30 13:32:39 +02:00
Ondrej Zajicek (work)
4a50c8bd03 BGP: Handle corner cases in event ordering
When BGP connection is opened, it may happen that rx hook (with remote
OPEN) is called before tx hook (for local OPEN). Therefore, we need to do
internal changes (like setting local_caps) synchronously with OPENSENT
transition and we need to ensure that OPEN is sent before KEEPALIVE.
2019-04-08 16:56:56 +02:00
Ondrej Zajicek (work)
23ee6b1cd6 BGP: Promiscuous ASN mode
Allow to specify just 'internal' or 'external' for remote neighbor
instead of specific ASN. In the second case that means BGP peers with
any non-local ASNs are accepted.
2019-04-03 15:54:50 +02:00
Ondrej Zajicek (work)
a22c3e5968 BGP: Separate runtime and config usage of local/remote ip and as fields 2019-04-02 17:22:31 +02:00
Ondrej Zajicek (work)
3c3605818f BGP: Mandatory option for channels
Allow to mark channel to be mandatory, and do not allow BGP sessions if
no common AFI/SAFI is established.
2019-03-19 17:44:50 +01:00
Ondrej Zajicek (work)
7e5f769d91 BGP: Handle case where capabilites are not used
If peer does not announce capabilities at all, or when we have
capabilities disabled, handle that as implicit IPv4 unicast.
2019-03-18 14:29:12 +01:00
Maria Matejka
4c553c5a5b Filter refactoring: dropped the recursion from the interpreter
This is a major change of how the filters are interpreted. If everything
works how it should, it should not affect you unless you are hacking the
filters themselves.

Anyway, this change should make a huge improvement in the filter performance
as previous benchmarks showed that our major problem lies in the
recursion itself.

There are also some changes in nest and protocols, related mostly to
spreading const declarations throughout the whole BIRD and also to
refactored dynamic attribute definitions. The need of these came up
during the whole work and it is too difficult to split out these
not-so-related changes.
2019-02-20 22:30:54 +01:00
Ondrej Zajicek (work)
b8a3608aa5 BGP: Cleanup channels when going down
When going up, uncleaned old channel state may trigger unexpected
conditions crashing bird.
2019-01-26 19:48:16 +01:00
Ondrej Zajicek (work)
470740f97b BGP: Better dispatch of incoming connections
Since v2 we have multiple listening BGP sockets, and each BGP protocol
has associated one of them. Use listening socket that accepted the
incoming connection as a key in the dispatch process so only BGP
protocols assocaited with that listening socket can be selected.
This is necesary for proper dispatch when VRFs are used.
2019-01-02 16:01:21 +01:00
Ondrej Zajicek (work)
e16b0aef31 BGP: Postpone setting link_addr
It may happen that the LLv6 address for given iface is not defined during
BGP start, so we postpone the check to the the session establishment.
2019-01-02 15:57:14 +01:00
Ondrej Zajicek (work)
1cab2b4a7c BGP: Extend 'next hop keep' and 'next hop self' options
Extend 'next hop keep' and 'next hop self' options to have boolean values
(enabled / disabled) and also values 'ibgp'/ 'ebgp' to restrict it to
routes received from IBGP / EBGP. This allows to have it enabled by
default in some cases, matches features of other implementations, and
allows to handle some strange cases like EBGP border router with 'next
hop self' also doing IBGP route reflecting.

Change default of 'next hop keep' to enabled for route servers, and
'ibgp' for route reflectors.

Update documentation for these options.
2018-12-16 23:44:24 +01:00
Ondrej Zajicek (work)
cb311b441a BGP: Better handling of non-matching AFI in nexthops 2018-12-16 15:43:58 +01:00
Ondrej Zajicek (work)
3a2a3c7325 Doc: Rename code documentation files back to Doc 2018-12-14 02:03:42 +01:00
Ondrej Zajicek (work)
532116e7e3 BGP: Do not prepend ASN in export from non-RS EBGP to RS EBGP
When route is exported to regular EBGP, local ASN should be prepended to
AS_PATH. When route is propagated by route server (between RS-marked
EBGP peers), it should not change AS_PATH. Question is what to do in
other cases (from non-RS EBGP, IBGP, or locally originated to RS EBGP).

In 1.6.x, we did not prepend ASN in non-RS EBGP or IBGP to RS EBGP, but
we prepended in local to RS EBGP.

In 2.0.x, we changed that so only RS-EBGP to RS-EBGP is not prepended.
We received some negative responses (thanks to heisenbug and Alexander
Zubkov), we decided to change it back. One reason is that it is simple
to modify the AS_PATH by filters, but not possible to un-modify
changes done by BGP itself. Also, as 1.6.x behavior was not really
consistent, the final behavior is that ASN is never prepended when
exported to RS EBGP, like to IBGP.

Note that i do not express an opinion about whether such configurations
are even reasonable.
2018-12-12 17:36:54 +01:00
Ondrej Zajicek (work)
0f40405fc9 Update RFC references
Progdoc comments do not allow SGML tags
2018-12-12 16:38:30 +01:00
Ondrej Zajicek (work)
682d3f7de0 BGP: implement Adj-RIB-In
The patch implements optional internal import table to a channel and
hooks it to BGP so it can be used as Adj-RIB-In. When enabled, all
received (pre-filtered) routes are stored there and import filters can
be re-evaluated without explicit route refresh. An import table can be
examined using e.g. 'show route import table bgp1.ipv4'.
2018-12-12 14:46:24 +01:00
Ondrej Zajicek (work)
d506263da7 Nest: Forbid adding channels during reconfiguration
When a new channel is found during reconfiguration, do force restart
of the protocol, like with any other un-reconfigurable change.

The old behavior was that the new channel was added but remained in down
state, even if the protocol was up, so a manual protocol restart was
often necessary.

In the future this should be improved such that a reconfigurable
channel addition (e.g. direct) is accepted and channel is started,
while an un-reconfigurable addition forces protocol restart.
2018-12-11 17:57:14 +01:00
Jan Maria Matejka
14375237f6 Terminology cleanup: The import_control hook is now called preexport.
Once upon a time, far far away, there were the old Bird developers
discussing what direction of route flow shall be called import and
export. They decided to say "import to protocol" and "export to table"
when speaking about a protocol. When speaking about a table, they
spoke about "importing to table" and "exporting to protocol".

The latter terminology was adopted in configuration, then also the
bird CLI in commit ea2ae6dd0 started to use it (in year 2009). Now
it's 2018 and the terminology is the latter. Import is from protocol to
table, export is from table to protocol. Anyway, there was still an
import_control hook which executed right before route export.

One thing is funny. There are two commits in April 1999 with just two
minutes between them. The older announces the final settlement
on config terminology, the newer uses the other definition. Let's see
their commit messages as the git-log tool shows them (the newer first):

    commit 9e0e485e50
    Author: Martin Mares <mj@ucw.cz>
    Date:   Mon Apr 5 20:17:59 1999 +0000

	Added some new protocol hooks (look at the comments for better explanation):

		make_tmp_attrs          Convert inline attributes to ea_list
		store_tmp_attrs         Convert ea_list to inline attributes
		import_control          Pre-import decisions

    commit 5056c559c4
    Author: Martin Mares <mj@ucw.cz>
    Date:   Mon Apr 5 20:15:31 1999 +0000

	Changed syntax of attaching filters to protocols to hopefully the final
	version:

		EXPORT <filter-spec>    for outbound routes (i.e., those announced
					by BIRD to the rest of the world).
		IMPORT <filter-spec>    for inbound routes (i.e., those imported
					by BIRD from the rest of the world).

	where <filter-spec> is one of:

		ALL                     pass all routes
		NONE                    drop all routes
		FILTER <name>           use named filter
		FILTER { <filter> }     use explicitly defined filter

	For all protocols, the default is IMPORT ALL, EXPORT NONE. This includes
	the kernel protocol, so that you need to add EXPORT ALL to get the previous
	configuration of kernel syncer (as usually, see doc/bird.conf.example for
	a bird.conf example :)).

Let's say RIP to this almost 19-years-old inconsistency. For now, if you
import a route, it is always from protocol to table. If you export a
route, it is always from table to protocol.

And they lived happily ever after.
2018-12-04 10:53:01 +01:00
Ondrej Zajicek (work)
863ecfc785 The MRT protocol
The new MRT protocol is responsible for periodic RIB table dumps in the
MRT format (RFC 6396). Also the existing code for BGP4MP MRT dumps is
refactored and splitted between BGP to MRT protocols, will be more
integrated into MRT in the future.

Example:

protocol mrt {
        table "*";
        filename "%N_%F_%T.mrt";
        period 60;
}

It is partially based on the old MRT code from Pavel Tvrdik.
2018-11-20 17:45:35 +01:00
Ondrej Zajicek (work)
e19d08055a BGP: Fix VRF for listening socket
Listening socket should be bound to specified interface and VRF.

Thanks to Alexander Zubkov for the bugreport.
2018-10-26 19:11:33 +02:00