1. 17 Jun, 2021 1 commit
  2. 14 Jun, 2021 3 commits
  3. 11 Jun, 2021 1 commit
  4. 09 Jun, 2021 2 commits
  5. 06 Jun, 2021 11 commits
    • Ondřej Zajíček's avatar
      Nest: Fix password list parsing code · 8eea396b
      Ondřej Zajíček authored
      One of previous patches broke password list parsing code, fix that.
    • Ondřej Zajíček's avatar
      Lib: Fix static assert macro · ee9516db
      Ondřej Zajíček authored
    • Ondřej Zajíček's avatar
      Babel: Add MAC authentication support - update · b174cc0a
      Ondřej Zajíček authored
      Some cleanups and bugfixes to the previous patch, including:
       - Fix rate limiting in index mismatch check
       - Fix missing BABEL_AUTH_INDEX_LEN in auth_tx_overhead computation
       - Fix missing auth_tx_overhead recalculation during reconfiguration
       - Fix pseudoheader construction in babel_auth_sign() (sport vs fport)
       - Fix typecasts for ptrdiffs in log messages
       - Make auth log messages similar to corresponding RIP/OSPF ones
       - Change auth log messages for events that happen during regular
         operation to debug messages
       - Switch meaning of babel_auth_check*() functions for consistency
         with corresponding RIP/OSPF ones
       - Remove requirement for min/max key length, only those required by
         given MAC code are enforced
    • Toke Høiland-Jørgensen's avatar
      Babel: Add MAC authentication support · b218a28f
      Toke Høiland-Jørgensen authored
      This implements support for MAC authentication in the Babel protocol, as
      specified by RFC 8967. The implementation seeks to follow the RFC as close
      as possible, with the only deliberate deviation being the addition of
      support for all the HMAC algorithms already supported by Bird, as well as
      the Blake2b variant of the Blake algorithm.
      For description of applicability, assumptions and security properties,
      see RFC 8967 sections 1.1 and 1.2.
    • Toke Høiland-Jørgensen's avatar
      Babel: Refactor TLV parsing code for easier reuse · 69d10132
      Toke Høiland-Jørgensen authored
      In preparation for adding authentication checks, refactor the TLV
      walking code so it can be reused for a separate pass of the packet
      for authentication checks.
    • Toke Høiland-Jørgensen's avatar
      Nest: Allow MAC algorithms to specify min/max key length · 589f7d1e
      Toke Høiland-Jørgensen authored
      Add min/max key length fields to the MAC algorithm description and
      validate configured keys before they are used.
    • Toke Høiland-Jørgensen's avatar
      Nest: Allow specifying security keys as hex bytes as well as strings · 35f88b30
      Toke Høiland-Jørgensen authored
      Add support for specifying a password in hexadecimal format, The result
      is the same whether a password is specified as a quoted string or a
      hex-encoded byte string, this just makes it more convenient to input
      high-entropy byte strings as MAC keys.
    • Toke Høiland-Jørgensen's avatar
      Lib: Add tests for blake2s and blake2b · f1a82419
      Toke Høiland-Jørgensen authored
      Import the blake2-kat.h header with test vector output from the blake
      reference implementation, and add tests to mac_test.c to compare the
      output of the Bird MAC algorithm implementations with that reference
      Since the reference implementation only has test vectors for the full
      output size, there are no tests for the smaller-sized output variants.
    • Toke Høiland-Jørgensen's avatar
      Lib: Add Blake2s and Blake2b hash functions · 725d9af9
      Toke Høiland-Jørgensen authored
      The Babel MAC authentication RFC recommends implementing Blake2s as one of
      the supported algorithms. In order to achieve do this, add the blake2b and
      blake2s hash functions for MAC authentication. The hashing function
      implementations are the reference implementations from blake2.net.
      The Blake2 algorithms allow specifying an arbitrary output size, and the
      Babel MAC spec says to implement Blake2s with 128-bit output. To satisfy
      this, we add two different variants of each of the algorithms, one using
      the default size (256 bits for Blake2s, 512 bits for Blake2b), and one
      using half the default output size.
      Update to BIRD coding style done by committer.
    • Ondřej Zajíček's avatar
      sysdep: Add wrapper to get random bytes - update · e5724f71
      Ondřej Zajíček authored
      Simplify the code and fix an issue with getentropy() return value.
    • Toke Høiland-Jørgensen's avatar
      sysdep: Add wrapper to get random bytes · c48ebde5
      Toke Høiland-Jørgensen authored
      Add a wrapper function in sysdep to get random bytes, and required checks
      in configure.ac to select how to do it. The configure script tries, in
      order, getrandom(), getentropy() and reading from /dev/urandom.
  6. 01 Jun, 2021 1 commit
    • Ondřej Zajíček's avatar
      BGP: Ensure that freed neighbor entry is not accessed · 91d04583
      Ondřej Zajíček authored
      Routes from downed protocols stay in rtable (until next rtable prune
      cycle ends) and may be even exported to another protocol. In BGP case,
      source BGP protocol is examined, although dynamic parts (including
      neighbor entries) are already freed. That may lead to crash under some
      race conditions. Ensure that freed neighbor entry is not accessed to
      avoid this issue.
  7. 30 May, 2021 1 commit
    • Maria Matejka's avatar
      Babel: Seqno requests are properly decoupled from neighbors when the... · ebd5751c
      Maria Matejka authored
      Babel: Seqno requests are properly decoupled from neighbors when the underlying interface disappears
      When an interface disappears, all the neighbors are freed as well. Seqno
      requests were anyway not decoupled from them, leading to strange
      segfaults. This fix adds a proper seqno request list inside neighbors to
      make sure that no pointer to neighbor is kept after free.
  8. 26 May, 2021 1 commit
  9. 20 May, 2021 2 commits
  10. 19 May, 2021 10 commits
  11. 18 May, 2021 3 commits
  12. 17 May, 2021 1 commit
    • Trisha Biswas's avatar
      Filter: Add MPLS label route attribute · e5468d16
      Trisha Biswas authored
      Add support to set or read outgoing MPLS labels using filters. Currently
      this supports the addition of one label per route for the first next hop.
      Minor changes by committer.
  13. 14 May, 2021 2 commits
  14. 10 May, 2021 1 commit
    • Ondřej Zajíček's avatar
      Babel: Log the reason when refusing to run on an interface · c1511b92
      Ondřej Zajíček authored
      The babel protocol code checks whether iface supports multicast, and
      whether it has a link-local address assigned. However, it doesn not give
      any feedback if any of those checks fail, it just silently ignores the
      interface. Fix this by explicitly logging when multicast check fails.
      Based on patch from Toke Høiland-Jørgensen, thanks!