[PATCH v4 6/8] babel: Refactor TLV parsing code for easier reuse

From: Toke Høiland-Jørgensen In preparation for adding authentication checks, refactor the TLV walking code so it can be reused for a separate pass of the packet for authentication checks. Signed-off-by: Toke Høiland-Jørgensen --- proto/babel/packets.c | 171

[PATCH v4 7/8] babel: Add MAC authentication support

From: Toke Høiland-Jørgensen This implements support for MAC authentication in the Babel protocol, as specified by RFC8967. The implementation seeks to follow the RFC as close as possible, with the only deliberate deviation being the addition of support for all the HMAC algorithms already

[PATCH v4 2/8] nest: Add Blake2s and Blake2b hash functions

From: Toke Høiland-Jørgensen The Babel MAC authentication RFC recommends implementing Blake2s as one of the supported algorithms. In order to achieve do this, add the blake2b and blake2s hash functions for MAC authentication. The hashing function implementations are the reference implementations

[PATCH v4 8/8] babel: Update RFC references to new standards track RFC8966

From: Toke Høiland-Jørgensen The new standards track version of the Babel protocol was finally published as an RFC. This has been the version of the protocol implemented by Bird all along, but now that it has an RFC number we can update all the references to the standard in the docs and code.

[PATCH v4 5/8] config: Allow MAC algorithms to specify a function to validate their keys

From: Toke Høiland-Jørgensen This adds a new field to the MAC algorithm description which is a pointer that will allow an algorithm to validate a key before it is used. Add this validate to the Blake algorithms, validating that the key length is exactly equal to their respective output sizes.

[PATCH v4 4/8] nest: Allow specifying security keys as hex bytes as well as strings

From: Toke Høiland-Jørgensen This adds support for specifying a password in raw hexadecimal bytes form, via the 'key' keyword. The result is the same whether a password is specified as a quoted string or a hex-encoded byte string, this just makes it more convenient to input high-entropy byte

[PATCH v4 0/8] Add MAC authentication support to the Babel protocol

This series adds MAC authentication support to the Babel protocol as specified in in RFC8967: https://www.rfc-editor.org/rfc/rfc8967 I have performed basic interoperability testing between this implementation and the current babeld HMAC implementation[1]. The two implementations were able to

[PATCH v4 1/8] sysdep: Add wrapper to get random bytes

From: Toke Høiland-Jørgensen The Babel authentication code added by a subsequent commit needs a way to get random bytes for generating nonces. This patch adds a wrapper function in sysdep to get random bytes, and the required checks in configure.ac to select how to do it. The configure script

Re: [BIRD 2.0.x] Netlink: ignore dead routes

On Fri, Jan 15, 2021 at 12:01:47PM +0100, Vincent Bernat wrote: > I was also confused by the debug code in iface.c: > > if (i->flags & IF_ADMIN_UP) > debug(" LINK-UP"); > > I think it should be ADMIN-UP and the if for IF_LINK_UP should be added. Yes. this seems like a remnant from the

Re: [BIRD 2.0.x] Netlink: ignore dead routes

❦ 15 janvier 2021 05:39 +01, Ondrej Zajicek: >> It is more complex that I would have expected. First, in-kernel, the >> next-hop only has RTNH_F_LINKDOWN, not RTNH_F_DEAD. This later flag is >> added when sending the flags over netlink only. >> >> Second, there is no async notification when a