Eric Long authored 6 months ago and Ondřej Zajíček committed 6 months ago

Current implementation handles flowspec prefix length and offset only
in bytes, but RFC 8956 (Dissemination of Flow Specification Rules for
IPv6) Section 3.1 [1] and example in Section 3.8.2 [2] states the
pattern should begin right after offset *bits*.

For example, pattern "::1:1234:5678:9800:0/60-104" is currently
serialized as "02 68 3c 01 12 34 56 78 98", but it should shift its
pattern 4 more bits to the left: "02 68 3c 11 23 45 67 89 80".

This patch implements shifting left/right for IPv6 type and use it to
correct the behaviour. Test data are replaced with the correct ones.

Minor changes and test vectors done by committer.

[1]: https://www.rfc-editor.org/rfc/rfc8956.html#section-3.1
[2]: https://www.rfc-editor.org/rfc/rfc8956.html#section-3.8.2

Simplify Flowspec initialization macros.

Add examples from RFC 8955 4.3 and RFC 8956 3.8 to format tests.

Code blocks should not be indented, as the indendation is passed
to the output,

Johannes Erwerle authored 6 months ago and Ondřej Zajíček committed 6 months ago

Minor changes by committer.

Unify grammar for set_atom and switch_atom to avoid inconsistencies
between them. Fix errors in documentation related to case statement
and set type. Change 'vpnrd' to 'rd' to be consistent with the filter
language.

Thanks to Mikhail Mayorov for bugreport.

Fix typo in user docs

See merge request labs/bird!27

Job Snijders authored 6 months ago and Ondřej Zajíček committed 6 months ago

RPKI-To-Router (RTR) sessions seem to be similar security-sensitivity as
IBGP sessions. BIRD already offered a choice of either "plain TCP" (meh)
or "SSH" (secure, albeit a bit more hassle to set up than TCP-MD5).
The patch adds TCP-MD5 as another option. TCP-MD5 for RTR is specified
through RFC 6810 section 7.3 and RFC 8210 section 9.3.

Minor changes by committer.

Introduced in 08ff0af8, the additional CLI
configuration wasn't properly initialized in the parse-and-exit mode
due to an oversight that cli_init_unix() is not called in this mode.

Thanks to Felix Friedlander for the bugreport.

Fabrice Fontaine authored 7 months ago and Ondřej Zajíček committed 7 months ago

Since autoconf 2.69 and
https://git.savannah.gnu.org/cgit/autoconf.git/commit/?id=76754e04fce5f6a7701bec57b057020585df2ae3


ac_test_CFLAGS is set to ${CFLAGS+y} instead of ${CFLAGS+set}.

Just test that ac_test_CFLAGS is not empty, to support both cases.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

The period of recurent timers was stored in 32b field, despite it was
btime-compatible value in us. Therefore, it was limited to ~72 min,
which mas okay for most purposes, except configurable MRT dump periods.

Thanks to Felix Friedlander for the bugreport.

The socket structure has the field rbsize (receive buffer size), which
controls the size of the userspace receive buffer. There is also kernel
receive buffer, which in some cases may be smaller (e.g. on FreeBSD it
is by default ~8k). The patch ensures that the kernel receive buffer is
as large as the userspace receive buffer.

When VRFs are used, BIRD correctly binds listening (and connecting)
sockets to their VRFs but also re-binds accepted sockets to the same VRF.
This is not needed as the interface bind is inherited in this case, and
indeed this redundant bind causes an -EPERM if BIRD is running as
non-root making BIRD close the connection and reject the peer.

Thanks to Christian Svensson for the original patch and Alexander Zubkov
for suggestions.

Maria Matejka authored 9 months ago and Ondřej Zajíček committed 9 months ago

This allows to have one main socket for the heavy operations
very restricted just for the appropriate users, whereas the
looking glass socket may be more open.

Implemented an idea originally submitted and requested by Akamai.

Maria Matejka authored 9 months ago and Ondřej Zajíček committed 9 months ago

If the user has such a need, they may configure additional sockets
in the config file. This may work for e.g. some advanced access control.

Maria Matejka authored 9 months ago and Ondřej Zajíček committed 9 months ago

Source: dda37842

Alexander Zubkov authored 9 months ago and Ondřej Zajíček committed 9 months ago

Some vendors do not fill the checksum for IPv6 UDP packets.
For interoperability with such implementations one can set
UDP_NO_CHECK6_RX socket option on Linux.

Thanks to Ville O for the suggestion.

Minor changes by committer.

The krt_metric is a part of the primary key, so it cannot differ for
route replace operation.

Thanks to Leif Jakob for the bugreport.

Move bfd_opts grammar inside BFD parser code to avoid dependences between
nest and BFD grammars, which breaks when BFD build is disabled.

Add dummy bfd_opts grammar rule, so protocols can use this nonterminal
even with BFD disabled.

Thanks to Yuri Honegger for the bugreport.

In BIRD 1, we used DD-MM-YYYY, while in BIRD 2 we switched to the usual
format YYYY-MM-DD.

Thanks to Janne Pisilä for the bugreport.

In OSPFv3-IPv4 there is no requirement that link-local next hop announced
in Link-LSA must be in interface address range. Therefore, for interfaces
that do not have IPv4 address we can use some loopback IP address and
announce it as a next hop. Also we should accept such address.

BFD requires defined local IP, but for nexthop with onlink there might
not be such address. So we reject this combination of nexthop options.
This prevent crash where such combination of options is used.