GitLab

1) Move configuration global 'rpki dir' command to proto/rpki/config.Y
2) rpki_state_dir -> rpki_dir

Imported from:
  https://securerouting.net/download/bird-1.5.0-bgpsec-0.7.tar.bz2

Adds support for receiving Router Key PDUs, saving it to disk. The path
save repository is configurable by ./configure or BIRD's configuration file.

The RPKI protocol (RFC 6810) using the RTRLib
(http://rpki.realmv6.org/) that is integrated inside
the BIRD's code.

Implemeted transports are:
 - unprotected transport over TCP
 - secure transport over SSHv2

Example configuration of bird.conf:
  ...
  roa4 table r4;
  roa6 table r6;

  protocol rpki {
    debug all;

    # Import both IPv4 and IPv6 ROAs
    roa4 { table r4; };
    roa6 { table r6; };

    # Set cache server (validator) address,
    # overwrite default port 323
    remote "rpki-validator.realmv6.org" port 8282;

    # Overwrite default time intervals
    retry   10;         # Default 600 seconds
    refresh 60;         # Default 3600 seconds
    expire 600;         # Default 7200 seconds
  }

  protocol rpki {
    debug all;

    # Import only IPv4 routes
    roa4 { table r4; };

    # Set cache server address to localhost,
    # use default ports tcp => 323 or ssh => 22
    remote 127.0.0.1;

    # Use SSH transport instead of unprotected transport over TCP
    ssh encryption {
      bird private key "/home/birdgeek/.ssh/id_rsa";
      remote public key "/home/birdgeek/.ssh/known_hosts";
      user "birdgeek";
    };
  }
  ...

In a header file write it with extern keyword. And in one of the *.c
file declare it without extern keyword.

sysdep/linux/netlink.c:921:10: error: fields must have a constant size:
'variable length array in structure' extension will never be supported
    char buf[128 + KRT_METRICS_MAX*8 + nh_bufsize(a->nexthops)];
         ^
1 error generated.

Also removed the lib-dir merging with sysdep. Updated #include's
accordingly.

Fixed make doc on recent Debian together with moving generated doc into
objdir.

Moved Makefile.in into root dir

Retired all.o and birdlib.a
Linking the final binaries directly from all the .o files.

Many protocols do almost the same when creating a rte_update request
before calling rte_update2(). This commit should simplify the protocol
side of the route-creation routine.

Counter exp_routes is increased during initial route feed after GR
recovery, so it has to start with zero, otherwise BIRD will end with
double value in exp_routes.

Event cycle may took too much time and trigger next timer events, so
avoid cycling between timer and event cycles inside the loop cycle.

In BIRD, RX has lower priority than TX with the exception of RX from
control socket. The patch replaces heuristic based on socket type with
explicit mark and uses it for both control socket and BGP session waiting
to be established.

This should avoid an issue when during heavy load, outgoing connection
could connect (TX event), send open, but then failed to receive OPEN /
establish in time, not sending notifications between and therefore
got hold timer expired error from the neighbor immediately after it
finally established the connection.

When a kernel route changed, function krt_learn_scan() noticed that and
replaced the route in internal kernel FIB, but after that, function
krt_learn_prune() failed to propagate the new route to the nest, because
it confused the new route with the (removed) old best route and decided
that the best route did not changed.

Wow, the original code (and the bug) is almost 17 years old.

The events variable is used in the short loop decision. The reasons are
not much clear, keeping this to keep the former behaviour.

Jan Moskyto Matejka authored Mar 23, 2016 and Ondřej Zajíček committed Mar 23, 2016

The old linked list implementation used some wild typecasts and required
GCC option -fno-strict-aliasing to work properly. This patch fixes that.
However, we still keep the option due to other potential problems.

(Commited by Ondrej Santiago Zajicek)

To avoid byzantine behavior in case of some errors, linked lists are
cleared after rem_node() and resource headers are cleared after rfree().

After restart, LSAs locally originated by the previous instance are
received from neighbors. They are installed to LSA db and flushed. If
export of a route triggers origination of a new external LSA before flush
of the received one is complete, the check in ospf_originate_lsa() causes
origination to fail (because en->nf is NULL for the old LSA and non-NULL
for the new LSA). The patch fixes this by updating the en->nf for LSAs
being flushed (as is already done for empty ones). Generally, en->nf
field deserves some better description in the code.

Thanks to Jigar Mehta for analyzing the problem.

Thanks to Pavel Tvrdik for noticing it.

It does strange things when even one fd larger than FD_SETSIZE is
passed to select().

This should lift the limit of FD_SETSIZE and allow more than 1024 fd's.
FD_SETSIZE limit doesn't matter now when creating new sockets.

No more need to disable pthread for specific BSD's.