Stephanie Wilde-Hobbs via Bird-users writes:
> Hi,
>
> The babel RTT metric measurements provided by bird appears suspect for
> my setup. The metric through a tunnel with a latency of about 5ms is
> shown in babel as 150+ms.
>
> Can others replicate this issue? (should be easy to check for
Maria Matejka via Bird-users writes:
> Hello Mark,
>
> you are having a lot of useful suggestions. There are even more thoughts
> alike yours, regarding documentation. And indeed you are right that our
> documentation is kinda good as a reference manual but it kinda sucks if
> you are a
: Toke Høiland-Jørgensen
-Toke
Nick Cao via Bird-users writes:
> Resend of the patch in
> http://trubka.network.cz/pipermail/bird-users/2023-June/017058.html
>
> ETX link quality estimation algorithm is useful for link types other than
> wireless,
> especially when using babel with tunnels where packet losses do occur.
>
Alexander Zubkov via Bird-users writes:
> Hello, Maria!
>
> You suggestion for blob syntax seems good to me. I think I can try to
> prepare patches for that. Only one concern is that it could break some
> current configuration files, if they have functions with such names. Maybe
> it is better
Ondrej Zajicek writes:
> On Thu, Jun 01, 2023 at 11:21:36PM +0200, Toke Høiland-Jørgensen via
> Bird-users wrote:
>> > I have some more changes to make to the dampening patch, but if we're in
>> > agreement that this direction is the way to go I'll get a v1 out ASAP.
Daniel Gröber writes:
> Hi Maria,
>
> On Thu, Jun 01, 2023 at 05:33:42PM +0200, Maria Matejka via Bird-users wrote:
>> > Toke's first two patches are ready for merging, but the third (metric
>> > smoothing) is contested since it conflicts with my route selection patch in
>> > its current form
Juliusz Chroboczek writes:
>> I don't really have a particular use case in mind for exposing the
>> metric, as indicated by my comment above. It just occurred to me as
>> something that *might* be useful for someone :)
>
> I certainly emphatise with your instinct to export as many useful knobs
Juliusz Chroboczek writes:
>> My thinking was that filters may want to do something like:
>>
>> if (metric == smoothed_metric)
>> metric += 100; /* route is stable, we can apply our policy */
>>
>> but I honestly don't know if that's useful for anything in reality :)
>
> I'm a little
d...@darkboxed.org writes:
> Hi Toke,
>
> On Tue, Feb 28, 2023 at 12:20:22PM +0100, Toke Høiland-Jørgensen wrote:
>> > I've thought about this some more, I think we absolutely shouldn't expose
>> > the smooted metric to filters. It's an implementation detail. There's
Daniel Gröber writes:
> Hi Toke,
>
> On Mon, Feb 27, 2023 at 12:16:01PM +0100, Toke Høiland-Jørgensen wrote:
>> >> - Add the smoothed metric as a new route attribute (so it's also
>> >> available to filters)
>> >
>> > I think doing that is a
Daniel Gröber writes:
> Hi Toke,
>
> On Mon, Feb 27, 2023 at 12:14:23AM +0100, Toke Høiland-Jørgensen wrote:
>> > To clarify: it's really only the metric smoothing patch that's in conflict
>> > with my patch. I would advocate for merging only the other two patches f
Daniel Gröber writes:
> Hi,
>
> On Sun, Feb 26, 2023 at 11:10:03PM +0100, Toke Høiland-Jørgensen via
> Bird-users wrote:
>> Note that this series conflicts with Daniel's patches for moving the
>> route selection into the Bird nest. Figured I'd send them no
-lists.debian.net/pipermail/babel-users/2022-April/003932.html
Signed-off-by: Toke Høiland-Jørgensen
---
doc/bird.sgml | 51 ++---
proto/babel/babel.c | 84 ++--
proto/babel/babel.h | 24
proto/babel/config.Y | 20 ++-
proto/babel/packets.c
the two be compatible).
Toke Høiland-Jørgensen (3):
lib/timer: Add current_time_now() function for immediate timestamp
babel: Add support for the RTT extension
babel: Add route metric smoothing
doc/bird.sgml | 63 +++--
lib/timer.c | 13 +++
lib/timer.h
Add a current_time_now() function which gets an immediate monotonic
timestamp instead of using the cached value from the event loop. This is
useful for callers that need precise times, such as the Babel RTT
measurement code.
Signed-off-by: Toke Høiland-Jørgensen
---
lib/timer.c | 13
-by: Toke Høiland-Jørgensen
---
doc/bird.sgml| 12 +
proto/babel/babel.c | 121 ---
proto/babel/babel.h | 16 ++
proto/babel/config.Y | 10 +++-
4 files changed, 150 insertions(+), 9 deletions(-)
diff --git a/doc/bird.sgml b/doc
Ondrej Zajicek writes:
> On Thu, Jan 26, 2023 at 11:42:33AM +0100, Toke Høiland-Jørgensen wrote:
>> Ondrej Zajicek writes:
>>
>> > On Tue, Jan 24, 2023 at 08:05:41PM +0100, Toke Høiland-Jørgensen wrote:
>> >> > I think that si
Juliusz Chroboczek writes:
>> This has been clarified in RFC8966 as: "Note that the feasibility
>> distance is not updated and the garbage-collection timer is not reset
>> when a retraction (an update with infinite metric) is sent."
>>
>> The feasibility distance is only updated if the metric
Daniel Gröber writes:
> Hi Toke,
>
> Thanks for the comprehensive review! See below.
>
> On Tue, Jan 31, 2023 at 12:38:25PM +0100, Toke Høiland-Jørgensen wrote:
>> Daniel Gröber writes:
>> > This appears to not actually be a breaking change as route announcement w
Ondrej Zajicek writes:
> On Tue, Jan 31, 2023 at 11:55:50AM +0100, Toke Høiland-Jørgensen via
> Bird-users wrote:
>> When creating a new babel_source object we initialise the seqno to 0. The
>> caller will update the source object with the right metric and seqno value,
>>
Daniel Gröber writes:
> This allows for filtering routes from specific interfaces and
> neighbours. With the current internal route selection proto babel exports
> only up to one route and an admin cannot do fine-grained filtering.
>
> To fix this we rip out the internal route selection entirely
, and set that to the seqno value of
the update we're sending.
Reported-by: Juliusz Chroboczek
Signed-off-by: Toke Høiland-Jørgensen
---
proto/babel/babel.c | 7 ---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/proto/babel/babel.c b/proto/babel/babel.c
index 25081c3bde2f
Juliusz Chroboczek writes:
>> Introduce a strict-inequality version of the modulo-comparison for this
>> purpose.
>
> Thanks.
>
> I'm a little worried about the code around line 1017:
>
> struct babel_source *s = babel_get_source(p, e, e->router_id);
> s->expires = current_time() +
Ondrej Zajicek writes:
> On Mon, Jan 30, 2023 at 11:15:52PM +0100, Toke Høiland-Jørgensen via
> Bird-users wrote:
>> Juliusz noticed there were a couple of places we were doing straight
>> inequality comparisons of seqnos in Babel. This is wrong because seqnos can
>>
d...@darkboxed.org writes:
> Hi Toke,
>
> On Mon, Jan 30, 2023 at 10:50:14PM +0100, Toke Høiland-Jørgensen wrote:
>> Daniel Gröber writes:
>>
>> > The route expiration code appears to have been stolen from rip.c, in that
>> > code the rt_notify funct
for this
purpose.
Reported-by: Juliusz Chroboczek
Signed-off-by: Toke Høiland-Jørgensen
---
proto/babel/babel.c | 8 ++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/proto/babel/babel.c b/proto/babel/babel.c
index ff8b6b52ef4a..a20bd72456bb 100644
--- a/proto/babel/babel.c
+++ b
Juliusz Chroboczek writes:
>> The problematic bit is, I think, 's' in babel_handle_update can be NULL
>> because nothing ensures the babel_source for a particular neighbour
>> actually exists here:
>
> s will be passed to babel_is_feasible, which returns true if s is null.
> Later on, s is only
Daniel Gröber writes:
> The route expiration code appears to have been stolen from rip.c, in that
> code the rt_notify function actually does modify the rtable fib by calling
> fib_get. The babel code however does no such thing, so this inefficient
> restart is just entirely uneccesarry.
Erm,
Ondrej Zajicek writes:
> On Tue, Jan 24, 2023 at 08:05:41PM +0100, Toke Høiland-Jørgensen wrote:
>> > I think that simple sequence numbers work in two cases - if there is
>> > sufficient interval between packets, or there is only one packet
>> > flying (e.g.
Ondrej Zajicek writes:
> On Tue, Jan 24, 2023 at 12:12:19AM +0100, Toke Høiland-Jørgensen via
> Bird-users wrote:
>> The issue has been described in draft-ietf-babel-mac-relaxed, which is
>> currently pending RFC publication. That also describes two mitigation
>> mechani
a reorder window for PC values. This patch implements the former as
that is the simplest, and resolves the particular issue seen on WiFi.
Reported-by: Daniel Gröber
Tested-by: Daniel Gröber
Signed-off-by: Toke Høiland-Jørgensen
---
proto/babel/babel.c | 28 ++--
proto/babel
Bernd Naumann writes:
> Hey *,
>
> Because Babel popped up on the list, I want to use the opportunity to
> drop a few questions I had over the last days...
>
> On my small home-network I currently use OSPFv3 for IPv4 and IPv6 to
> announce routes from Laptops and PCs, and the Router. (There are
Juliusz Chroboczek writes:
>> But this filter applies in the antenna that advertise the route.
>> 10.20.2.2 and 10.20.2.36 advertise 10.0.0.0/8
>>
>> 10.20.2.162 and 10.20.3.1 links with 10.20.2.2 and i want that 10.20.2.162
>> uses
>> 10.20.2.36 (not direct link) for 10.0.0.0/8 not 10.20.2.2
Oriol Rico writes:
> The problem is that all antennas that advertise this route are over the
> same interface in the rest of the antennas, over wlan interface
Erm, I'm not sure I quite understand what you're asking, then? Could you
please provide some more details on your setup and what you're
Oriol Rico writes:
> Hello:
> We have a series of wireless antennas deployed in mesh with the babel
> protocol using bird.
>Two of those antennas advertise the route 10.0.0.0/8.
>The rest of the antennas choose one of the two outputs depending on the
> babel protocol.
>How can I
Michele Salerno writes:
> Hi,
> I am new to ML and also to using bird2.
> I use bird2 with babel protocol for routing the vpn server and openwrt
> router.
> The openwrt routers have a mesh wifi interface.
> My question is, if the wan (default gw) is down, can bird use the better
> mesh as the
Juliusz Chroboczek writes:
>> That seems like an interesting idea, especially for things like
>> automatically switching between multiple Wireguard tunnel concentrators.
>
> That's exactly the application that it was designed for. For some
> background, please see
>
>
Hi everyone
I've implemented the Babel RTT extension specified in
draft-ietf-babel-rtt-extension in Bird. I've tested that it talks to
babeld on a single link and that the two implementations agree on each
others' (smoothed) RTT values. However, I'd like to subject the code to
some more tortured
Douglas Fischer writes:
> The question raised by colleague Irene reminded me of a topic that may or
> may not be the focus of BIRD's development.
>
> I imagine that the biggest supporters of SMP/Multi-Core/Thread-Safe
> evolution on BIRD are Operators of Route-Servers of large IXPs, and
>
Maria Matejka writes:
> To make it crystal clear, 3.0 stable won't be much optimized in the
> algorithmic or data structure way, this will happen later on. Anyway,
> thank you for all your wishes.
One question: What changes (if any) are necessary for the protocols to
run in multithreaded
ZX writes:
> Oh no if I start NetworkManager and exports the full table into the kernel,
> the CPU booms on CentOS 7 and 8. Don't know why.
That's because NetworkManager listens to netlink notifications of new
routes (for some reason). I've run into this problem with several
userspace utilities
Fabian Bläse writes:
> Hi,
>
> is there any possibility to filter incoming babel routes on a
> per-neighbor or per-interface basis?
>
> As far as I can tell, the babel implementation in bird has its own
> route selection algorithm and only sends a single route to the bird
> table. This seems to
Ondrej Zajicek writes:
> On Fri, Jun 04, 2021 at 12:42:54AM +0200, Toke Høiland-Jørgensen wrote:
>> Ondrej Zajicek writes:
>>
>> > On Sun, May 30, 2021 at 11:12:04PM +0200, Toke Høiland-Jørgensen wrote:
>> >> >> Toke Høiland-Jørgensen writes:
Ondrej Zajicek writes:
> On Sun, May 30, 2021 at 11:12:04PM +0200, Toke Høiland-Jørgensen wrote:
>> >> Toke Høiland-Jørgensen writes:
>> >>
>> >> > This series adds MAC authentication support to the Babel protocol as
>> >> > specifi
Ondrej Zajicek writes:
> On Tue, Mar 02, 2021 at 11:15:24PM +0100, Toke Høiland-Jørgensen wrote:
>> Toke Høiland-Jørgensen writes:
>>
>> > This series adds MAC authentication support to the Babel protocol as
>> > specified
>> > in in RFC8967:
>&g
Snipping to this, as it seems fishy:
> Output from the same router "router1.place6":
>
> bird> show babel neighbors
> babel1:
> IP addressInterface Metric Routes Hellos Expires
> fe80::21b:21ff:febc:bf36 bond0.896 8 12 0.000
> fe80::21b:21ff:febc:bfe0 bond0.8
Signed-off-by: Toke Høiland-Jørgensen
---
proto/babel/babel.c | 50 -
1 file changed, 27 insertions(+), 23 deletions(-)
diff --git a/proto/babel/babel.c b/proto/babel/babel.c
index 4b6b9d7f9f6f..6ac3bb6a7fec 100644
--- a/proto/babel/babel.c
+++ b/proto
Signed-off-by: Toke Høiland-Jørgensen
---
sysdep/bsd/krt-sock.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/sysdep/bsd/krt-sock.c b/sysdep/bsd/krt-sock.c
index c2faa23dd44f..cd89544063c7 100644
--- a/sysdep/bsd/krt-sock.c
+++ b/sysdep/bsd/krt-sock.c
@@ -665,6 +665,9 @@ krt_read_ifinfo
Ondrej Zajicek writes:
> On Mon, Apr 19, 2021 at 03:55:18PM +0200, Toke Høiland-Jørgensen wrote:
>> Ondrej Zajicek writes:
>>
>> > Is there a reason why to disregard the IF_MULTICAST flag? This seems to me
>> > more like a bug in FreeBSD Wireguard im
Ondrej Zajicek writes:
> On Thu, Apr 15, 2021 at 03:44:50PM +0200, Toke Høiland-Jørgensen wrote:
>> The babel protocol code was checking interfaces for the IF_MULTICAST flag
>> and refusing to run if this isn't present. However, there are cases where
>> this flag doesn't cor
on interfaces that can
handle the traffic.
Reported-by: Stefan Haller
Signed-off-by: Toke Høiland-Jørgensen
---
proto/babel/babel.c | 8
1 file changed, 8 deletions(-)
diff --git a/proto/babel/babel.c b/proto/babel/babel.c
index 4b6b9d7f9f6f..297b86b06a46 100644
--- a/proto/babel/babel.c
Ondrej Zajicek writes:
> On Tue, Mar 02, 2021 at 11:15:24PM +0100, Toke Høiland-Jørgensen wrote:
>> Toke Høiland-Jørgensen writes:
>>
>> > This series adds MAC authentication support to the Babel protocol as
>> > specified
>> > in in RFC8967:
>&g
Toke Høiland-Jørgensen writes:
> This series adds MAC authentication support to the Babel protocol as specified
> in in RFC8967:
>
> https://www.rfc-editor.org/rfc/rfc8967
>
> I have performed basic interoperability testing between this implementation
> and
>
Grant Taylor writes:
> Hi,
>
> I'm facing a problem where RIP (v2) isn't originating a default route if
> it's not in the (kernel) table that RIP is using.
>
> The system itself is using Policy Based Routing and does have a default
> route in a different (kernel) table. PBR is searching
Jay Hanke writes:
> Is it possible to output the BIRD route table in JSON format from
> birdc?
Nope...
-Toke
Дружок 1 writes:
> Hello, All!
>
> I have two bird2.0.7 process run in same Linux system:
>bird
>bird6 (copy of sbin/bird)
> It used two different config files.
> In each config describes protocol bfd
> But I need that process “bird” unbind own bfd from v6 address, and process
> “bird6”
From: Toke Høiland-Jørgensen
In preparation for adding authentication checks, refactor the TLV walking
code so it can be reused for a separate pass of the packet for
authentication checks.
Signed-off-by: Toke Høiland-Jørgensen
---
proto/babel/packets.c | 171
From: Toke Høiland-Jørgensen
This implements support for MAC authentication in the Babel protocol, as
specified by RFC8967. The implementation seeks to follow the RFC as close
as possible, with the only deliberate deviation being the addition of
support for all the HMAC algorithms already
From: Toke Høiland-Jørgensen
The Babel MAC authentication RFC recommends implementing Blake2s as one of
the supported algorithms. In order to achieve do this, add the blake2b and
blake2s hash functions for MAC authentication. The hashing function
implementations are the reference implementations
From: Toke Høiland-Jørgensen
The new standards track version of the Babel protocol was finally published
as an RFC. This has been the version of the protocol implemented by Bird
all along, but now that it has an RFC number we can update all the
references to the standard in the docs and code
From: Toke Høiland-Jørgensen
This adds a new field to the MAC algorithm description which is a pointer
that will allow an algorithm to validate a key before it is used. Add this
validate to the Blake algorithms, validating that the key length is exactly
equal to their respective output sizes
From: Toke Høiland-Jørgensen
This adds support for specifying a password in raw hexadecimal bytes form,
via the 'key' keyword. The result is the same whether a password is
specified as a quoted string or a hex-encoded byte string, this just makes
it more convenient to input high-entropy byte
Høiland-Jørgensen (8):
sysdep: Add wrapper to get random bytes
nest: Add Blake2s and Blake2b hash functions
mac_test: Add tests for blake2s and blake2b
nest: Allow specifying security keys as hex bytes as well as strings
config: Allow MAC algorithms to specify a function
From: Toke Høiland-Jørgensen
The Babel authentication code added by a subsequent commit needs a way to
get random bytes for generating nonces.
This patch adds a wrapper function in sysdep to get random bytes, and the
required checks in configure.ac to select how to do it. The configure
script
Fabian Bläse writes:
> Hi,
>
> when using both bird and babeld in our babel network, babeld regularly
> complains about malformed packets. This happens when bird sends route
> retractions without including router-id and next-hop TLVs first.
> According to rfc6126 the router-id is not used for
Ondrej Zajicek writes:
> On Tue, Dec 15, 2020 at 01:05:22PM +0100, Toke Høiland-Jørgensen wrote:
>> Andreas Rammhold writes:
>>
>> > * What if the kernel doesn't accept the RTA_VIA value we gave it?
>> >Does BIRD generally handle this already?
>>
Andreas Rammhold writes:
> On 13:05 15.12.20, Toke Høiland-Jørgensen wrote:
>> Andreas Rammhold writes:
>>
>> > This is a first attempt at implementing draft-ietf-babel-v4viav6-00 as
>> > IPv4 via IPv6 extension to the Babel routing protocol that allows
>>
t; "center" of the above setup) did transport the v4 packets via the v6
> link-local next hop addresses just as expected.
>
> Thanks to Toke Høiland-Jørgensen for early review on this work.
>
> -< notes >--
>
> (My current notes on the current implementatio
Toke Høiland-Jørgensen writes:
> From: Toke Høiland-Jørgensen
>
> This adds a new field to the MAC algorithm description which is a pointer
> that will allow an algorithm to validate a key before it is used. Add this
> validate to the Blake algorithms, validating that the key le
From: Toke Høiland-Jørgensen
In preparation for adding authentication checks, refactor the TLV walking
code so it can be reused for a separate pass of the packet for
authentication checks.
Signed-off-by: Toke Høiland-Jørgensen
---
proto/babel/packets.c | 166
From: Toke Høiland-Jørgensen
The Babel MAC authentication draft recommends implementing Blake2s as one
of the supported algorithms. In order to achieve do this, add the blake2b
and blake2s hash functions for MAC authentication. The hashing function
implementations are the reference
From: Toke Høiland-Jørgensen
This adds a new field to the MAC algorithm description which is a pointer
that will allow an algorithm to validate a key before it is used. Add this
validate to the Blake algorithms, validating that the key length is exactly
equal to their respective output sizes
From: Toke Høiland-Jørgensen
This implements support for MAC authentication in the Babel protocol, as
specified by draft-babel-hmac-10. The implementation seeks to follow the
draft as close as possible, with the only deliberate deviation being the
addition of support for all the HMAC algorithms
From: Toke Høiland-Jørgensen
This adds support for specifying a password in raw hexadecimal bytes form,
via the 'key' keyword. The result is the same whether a password is
specified as a quoted string or a hex-encoded byte string, this just makes
it more convenient to input high-entropy byte
---
Toke Høiland-Jørgensen (7):
sysdep: Add wrapper to get random bytes
nest: Add Blake2s and Blake2b hash functions
mac_test: Add tests for blake2s and blake2b
nest: Allow specifying security keys as hex bytes as well as strings
config: Allow MAC algorithms
From: Toke Høiland-Jørgensen
The Babel authentication code added by a subsequent commit needs a way to
get random bytes for generating nonces.
This patch adds a wrapper function in sysdep to get random bytes, and the
required checks in configure.ac to select how to do it. The configure
script
Ondrej Zajicek writes:
> On Mon, Nov 23, 2020 at 11:07:04AM +0100, Toke Høiland-Jørgensen wrote:
>> The babel protocol code was initialising objects returned from the slab
>> allocator by assigning to each of the struct members individually, but
>> wasn't touching the NODE
andr...@rammhold.de writes:
> While testing this patch I asked myself if there are actually still
> valid users of non-zeroed memory and if we shouldn't just change the
> default to be zeroed? That would also remove the need to patch every
> single call site.
Well there are other callers that
Andreas Rammhold writes:
> On 11:33 23.11.20, Toke Høiland-Jørgensen wrote:
>> Andreas Rammhold writes:
>>
>> > On 11:07 23.11.20, Toke Høiland-Jørgensen wrote:
>> >> +void *
>> >> +sl_allocz(slab *s)
>> >> +{
>> >> + vo
Andreas Rammhold writes:
> On 11:07 23.11.20, Toke Høiland-Jørgensen wrote:
>> +void *
>> +sl_allocz(slab *s)
>> +{
>> + void *obj = sl_alloc(s);
>> + memset(obj, 0, s->size);
>> + return obj;
>> +}
>> +
>
> This is the same func
allocated was being zeroed anyway, so we can drop the memset in
babel_read_tlv().
Signed-off-by: Toke Høiland-Jørgensen
---
v2:
- Introduce sl_allocz() instead of adding more zeroing to the babel code.
lib/resource.h| 1 +
lib/slab.c| 24
proto/babel/babe
So let's change the babel code to make sure we also zero-initialise the
list node. For the packet parser, just move the existing memset() out of
babel_read_tlv() and in all other places, use struct assignment for
initialising members, which is idiomatic for Bird.
Signed-off-by: Toke Høiland
Maria Matějka writes:
> Hello!
>
> Just a quick reply from my phone. When adding these checks, I also
> wanted to zero out slab objects but then I realized that these objects
> should be initialized anyway after allocation and in most cases all of
> these would be rewritten twice.
>
> The
andr...@rammhold.de writes:
> On 19:01 22.11.20, Toke Høiland-Jørgensen wrote:
>> > The V4 over/via V6 draft. I would link to it but it seems the IETF
>> > website is currently unreachable (or I am being cloudflared…).
>>
>> Ah, cool! That was on my list as well
andr...@rammhold.de writes:
> On 18:21 22.11.20, Toke Høiland-Jørgensen wrote:
>> andr...@rammhold.de writes:
>> > I've been playing with the BIRD source code and implementing a new
>> > extension to Babel but that is not what this mail is about.
>>
&
andr...@rammhold.de writes:
> Hi,
>
> I've been playing with the BIRD source code and implementing a new
> extension to Babel but that is not what this mail is about.
Still curious - which extension? :)
[..]
> Breakpoint 1, add_tail (n=0x234ac30, l=0x241f620) at ./lib/lists.c:82
> #0 add_tail
Ondrej Zajicek writes:
> On Mon, Nov 16, 2020 at 11:31:14PM +0100, Toke Høiland-Jørgensen wrote:
>> Toke Høiland-Jørgensen writes:
>>
>> > @@ -169,6 +170,12 @@ const struct mac_desc mac_table[ALG_MAX] = {
>> >[ALG_SHA256] = HASH_DESC(&qu
Toke Høiland-Jørgensen writes:
> @@ -169,6 +170,12 @@ const struct mac_desc mac_table[ALG_MAX] = {
>[ALG_SHA256] = HASH_DESC("Keyed SHA-256", sha256, SHA256),
>[ALG_SHA384] = HASH_DESC("Keyed SHA-384", sha384, SHA384),
>[ALG_SHA512
Toke Høiland-Jørgensen writes:
> This series adds MAC authentication support to the Babel protocol as specified
> in by the IETF Babel working group in draft-babel-hmac-10:
>
> https://tools.ietf.org/html/draft-ietf-babel-hmac-10
>
> This is the follow-up to v1, posted i
From: Toke Høiland-Jørgensen
This implements support for MAC authentication in the Babel protocol, as
specified by draft-babel-hmac-10. The implementation seeks to follow the
draft as close as possible, with the only deliberate deviation being the
addition of support for all the HMAC algorithms
From: Toke Høiland-Jørgensen
The Babel MAC authentication draft recommends implementing Blake2s as one
of the supported algorithms. In order to achieve do this, add the blake2b
and blake2s hash functions for MAC authentication. The hashing function
implementations are the reference
From: Toke Høiland-Jørgensen
This adds a new field to the MAC algorithm description which is a pointer
that will allow an algorithm to validate a key before it is used. Add this
validate to the Blake algorithms, validating that the key length is exactly
equal to their respective block sizes
From: Toke Høiland-Jørgensen
In preparation for adding authentication checks, refactor the TLV walking
code so it can be reused for a separate pass of the packet for
authentication checks.
Signed-off-by: Toke Høiland-Jørgensen
---
proto/babel/packets.c | 166
functions
- Fix a bunch of nits and code style issues
---
Toke Høiland-Jørgensen (7):
sysdep: Add wrapper to get random bytes
nest: Add Blake2s and Blake2b hash functions
mac_test: Add tests for blake2s and blake2b
nest: Allow specifying security keys as hex bytes as well
From: Toke Høiland-Jørgensen
This adds support for specifying a password in raw hexadecimal bytes form,
via the 'key' keyword. The result is the same whether a password is
specified as a quoted string or a hex-encoded byte string, this just makes
it more convenient to input high-entropy byte
From: Toke Høiland-Jørgensen
The Babel authentication code added by a subsequent commit needs a way to
get random bytes for generating nonces.
This patch adds a wrapper function in sysdep to get random bytes, and the
required checks in configure.ac to select how to do it. The configure
script
James Lu writes:
> Ah, this isn't for anything too serious. It's just a setup for dn42 I'm
> testing out right now.
Right, okay, fair enough; was just curious :)
-Toke
s seems reasonable!
Acked-by: Toke Høiland-Jørgensen
Out of curiosity, what setup are you using Babel+BGP for where you need
this? :)
-Toke
"Fabiano D'Agostino" writes:
> Hi,
> thank you! It seems working. But do I have to execute sudo systemctl enable
> bird.service?
If it's not already, that would be the way to start it at boot...
> Because I just did sudo systemctl start bird.service and it seems
> restarting after reboot
1 - 100 of 267 matches
Mail list logo