Hi,
Currently one can use only a predefined set of advertised options in radv
protocol, that are supported by bird's configuration. It would be
convenient to be able to specify other possible options at least manually
as a blob so one should not wait until it is supported in the code,
released, etc.
This idea is inspired by presentation by Ondřej Caletka at CSNOG, in which
he noticed the lack of either PREF64 option or possibility to add custom
options in various software.
Attached patch [radv-custom.patch] makes it possible to define such options
with the syntax:
other type <num> <bytestring>
I can also prepare a patch for documentation if it is to be merged.
But it does solve the question with PREF64 completely. Because currently
bytestring minimal length is 16 bytes, but for PREF64 we need to provide a
14-byte blob. And for minimal RA option, it have to be as short as 6 bytes.
So another patch [bytestring-short.patch] allows bytestrings to be as short
as 6 bytes, when colon-notation is used: "01:02:03:04:05:06". And I kept
the minimum size of 16 bytes without colons, because it can conflict with
some symbol names.
The main concern is that a 6-byte bytestring conflicts with the MAC address
representation. Bird does not have the type for it currently, but who
knows, it might need it in the future. So we might need some new syntax for
bytestring in that case. Or it can be postponed to later time. In this case
introduction of MAC-address lexems would break configs that use 6-byte
bytestrings (if we want to care much about those).
It is also not possible to define a 8-byte bytestring, because it conflicts
with IPv6 address, but we are introducing short bytestrings for RA here,
and 8-byte bytestrings are not strictly required for that, because possible
option sizes are 8, 16, ... with payloads 2 bytes less: 6, 14, ... So if
one needs a 8-byte payload, he can easily pad it with extra zeroes ":00"
with the same on-the-wire result. But still, this gives one more reason for
an additional syntax for bytestrings.
There also was possbility to explicitly allow only 6, 7, 9 and greater
lengths of bytestrings. Or to move IPv6 regex definition before bytestring
definition to make it more preferrable. I choose the second variant, but
IPv6 regex is too loose now and match many things far from IPv6 notation.
So I decided to provide a more strict regex definition for IPv6 addresses.
Of course it is ugly, but I think it could be helpful anyway, because it
does not conflict with other similar lexems, including MAC addresses.
As a downside for this, in case of some typo in IPv6 address, there will
not be a meaningful error about bad IPv6 address. So I added an additional
regex there, to catch lexems with hex digits and at least 2 colons to show
more meaningful error for that. But I'm not sure about it.
If those changes for bytestrings are OK too, I also can prepare further
patch for documentation.
Have a nice day,
Alexander Zubkov
commit 2b7908712dda313e0a97740751315e99ec0d06c0
Author: Alexander Zubkov <green@qrator.net>
Date: Mon Jun 12 11:52:13 2023 +0200
RAdv: allow adding custom options with payload as hexadecimal string
Allows to send RA options that do not have specific configure commands
defined for it by specifying its plain payload manually.
diff --git a/proto/radv/config.Y b/proto/radv/config.Y
index 8d4a3ab9..5c213d50 100644
--- a/proto/radv/config.Y
+++ b/proto/radv/config.Y
@@ -25,6 +25,15 @@ static struct radv_dnssl_config this_radv_dnssl;
static list radv_dns_list; /* Used by radv_rdnss and radv_dnssl */
static u8 radv_mult_val; /* Used by radv_mult for second return value */
+static inline void
+radv_add_to_custom_list(list *l, int type, struct bytestring *payload)
+{
+ if (type < 0 || type > 255) cf_error("RA cusom type must be in range 0-255");
+ struct radv_custom_config *cf = cfg_allocz(sizeof(struct radv_custom_config));
+ add_tail(l, NODE cf);
+ cf->type = type;
+ cf->payload = payload;
+}
CF_DECLS
@@ -52,6 +61,7 @@ radv_proto_start: proto_start RADV
init_list(&RADV_CFG->pref_list);
init_list(&RADV_CFG->rdnss_list);
init_list(&RADV_CFG->dnssl_list);
+ init_list(&RADV_CFG->custom_list);
};
radv_proto_item:
@@ -61,6 +71,7 @@ radv_proto_item:
| PREFIX radv_prefix { add_tail(&RADV_CFG->pref_list, NODE this_radv_prefix); }
| RDNSS { init_list(&radv_dns_list); } radv_rdnss { add_tail_list(&RADV_CFG->rdnss_list, &radv_dns_list); }
| DNSSL { init_list(&radv_dns_list); } radv_dnssl { add_tail_list(&RADV_CFG->dnssl_list, &radv_dns_list); }
+ | OTHER TYPE expr BYTESTRING { radv_add_to_custom_list(&RADV_CFG->custom_list, $3, $4); }
| TRIGGER net_ip6 { RADV_CFG->trigger = $2; }
| PROPAGATE ROUTES bool { RADV_CFG->propagate_routes = $3; }
;
@@ -82,6 +93,7 @@ radv_iface_start:
init_list(&RADV_IFACE->pref_list);
init_list(&RADV_IFACE->rdnss_list);
init_list(&RADV_IFACE->dnssl_list);
+ init_list(&RADV_IFACE->custom_list);
RADV_IFACE->min_ra_int = (u32) -1; /* undefined */
RADV_IFACE->max_ra_int = DEFAULT_MAX_RA_INT;
@@ -124,8 +136,10 @@ radv_iface_item:
| PREFIX radv_prefix { add_tail(&RADV_IFACE->pref_list, NODE this_radv_prefix); }
| RDNSS { init_list(&radv_dns_list); } radv_rdnss { add_tail_list(&RADV_IFACE->rdnss_list, &radv_dns_list); }
| DNSSL { init_list(&radv_dns_list); } radv_dnssl { add_tail_list(&RADV_IFACE->dnssl_list, &radv_dns_list); }
+ | OTHER TYPE expr BYTESTRING { radv_add_to_custom_list(&RADV_IFACE->custom_list, $3, $4); }
| RDNSS LOCAL bool { RADV_IFACE->rdnss_local = $3; }
| DNSSL LOCAL bool { RADV_IFACE->dnssl_local = $3; }
+ | OTHER LOCAL bool { RADV_IFACE->custom_local = $3; }
;
radv_preference:
diff --git a/proto/radv/packets.c b/proto/radv/packets.c
index 5cd8b2de..d1f86ec1 100644
--- a/proto/radv/packets.c
+++ b/proto/radv/packets.c
@@ -82,6 +82,13 @@ struct radv_opt_dnssl
char domain[];
};
+struct radv_opt_custom
+{
+ u8 type;
+ u8 length;
+ u8 payload[];
+};
+
static int
radv_prepare_route(struct radv_iface *ifa, struct radv_route *rt,
char **buf, char *bufend)
@@ -254,6 +261,36 @@ radv_prepare_dnssl(struct radv_iface *ifa, list *dnssl_list, char **buf, char *b
return -1;
}
+static int
+radv_prepare_custom(struct radv_iface *ifa, list *custom_list, char **buf, char *bufend)
+{
+ struct radv_custom_config *ccf = HEAD(*custom_list);
+
+ while(NODE_VALID(ccf))
+ {
+ struct radv_opt_custom *op = (void *) *buf;
+ /* Add 2 octets for type and size and 8 - 1 for ceiling the division up to 8 octets */
+ int size = (ccf->payload->length + 2 + 8 - 1) / 8;
+ if (bufend - *buf < size * 8)
+ goto too_much;
+
+ memset(op, 0, size * 8); /* Clear buffer so there is no tail garbage */
+ op->type = ccf->type;
+ op->length = size;
+ memcpy(op->payload, ccf->payload->data, ccf->payload->length);
+
+ *buf += 8 * op->length;
+ ccf = NODE_NEXT(ccf);
+ }
+
+ return 0;
+
+ too_much:
+ log(L_WARN "%s: Too many RA options on interface %s",
+ ifa->ra->p.name, ifa->iface->name);
+ return -1;
+}
+
static int
radv_prepare_prefix(struct radv_iface *ifa, struct radv_prefix *px,
char **buf, char *bufend)
@@ -352,6 +389,14 @@ radv_prepare_ra(struct radv_iface *ifa)
if (radv_prepare_dnssl(ifa, &ic->dnssl_list, &buf, bufend) < 0)
goto done;
+ if (! ic->custom_local)
+ if (radv_prepare_custom(ifa, &cf->custom_list, &buf, bufend) < 0)
+ goto done;
+
+ if (radv_prepare_custom(ifa, &ic->custom_list, &buf, bufend) < 0)
+ goto done;
+
+
if (p->fib_up)
{
FIB_WALK(&p->routes, struct radv_route, rt)
diff --git a/proto/radv/radv.h b/proto/radv/radv.h
index 14d40f8a..8c716158 100644
--- a/proto/radv/radv.h
+++ b/proto/radv/radv.h
@@ -51,6 +51,7 @@ struct radv_config
list pref_list; /* Global list of prefix configs (struct radv_prefix_config) */
list rdnss_list; /* Global list of RDNSS configs (struct radv_rdnss_config) */
list dnssl_list; /* Global list of DNSSL configs (struct radv_dnssl_config) */
+ list custom_list; /* Global list of custom configs (struct radv_custom_config) */
net_addr trigger; /* Prefix of a trigger route, if defined */
u8 propagate_routes; /* Do we propagate more specific routes (RFC 4191)? */
@@ -63,6 +64,7 @@ struct radv_iface_config
list pref_list; /* Local list of prefix configs (struct radv_prefix_config) */
list rdnss_list; /* Local list of RDNSS configs (struct radv_rdnss_config) */
list dnssl_list; /* Local list of DNSSL configs (struct radv_dnssl_config) */
+ list custom_list; /* Local list of custom configs (struct radv_custom_config) */
u32 min_ra_int; /* Standard options from RFC 4861 */
u32 max_ra_int;
@@ -75,6 +77,7 @@ struct radv_iface_config
u8 rdnss_local; /* Global list is not used for RDNSS */
u8 dnssl_local; /* Global list is not used for DNSSL */
+ u8 custom_local; /* Global list is not used for custom */
u8 managed; /* Standard options from RFC 4861 */
u8 other_config;
@@ -122,6 +125,13 @@ struct radv_dnssl_config
const char *domain; /* Domain for DNS search list, in processed form */
};
+struct radv_custom_config
+{
+ node n;
+ u8 type; /* Identifier of the type of option */
+ struct bytestring *payload; /* Payload of the option */
+};
+
/*
* One more specific route as per RFC 4191.
*
commit bc91254d2236b9f66b98e260b7a4a92cb0f8bd4b
Author: Alexander Zubkov <gr...@qrator.net>
Date: Mon Jun 12 11:56:09 2023 +0200
Conf: strict IPv6 regexp to allow shorter hexadecimal strings
Make IPv6 regexp more strict so that it does not match extra similar strings.
It makes possible to shorten the length of hexadecimal strings so that they
do not collide with IPv6 notation.
Because IPv6 regexp is strict and it should not match other tokens, it can be
placed before the hexadecimal string regexp to have precedence over it.
Add additional regexp to catch possible typos in IPv6 addresses and hexadecial
strings to show the error message about it.
diff --git a/conf/cf-lex.l b/conf/cf-lex.l
index 9555949d..a7d18e71 100644
--- a/conf/cf-lex.l
+++ b/conf/cf-lex.l
@@ -255,7 +255,28 @@ WHITE [ \t]
return IP4;
}
-{XIGIT}{2}((:{XIGIT}{2}){15,}|({XIGIT}{2}){15,}) {
+({XIGIT}{1,4}:){7}{XIGIT}{1,4} |
+::(({XIGIT}{1,4}:){0,6}{XIGIT}{1,4})? |
+{XIGIT}{1,4}::(({XIGIT}{1,4}:){0,5}{XIGIT}{1,4})? |
+({XIGIT}{1,4}:){1}{XIGIT}{1,4}::(({XIGIT}{1,4}:){0,4}{XIGIT}{1,4})? |
+({XIGIT}{1,4}:){2}{XIGIT}{1,4}::(({XIGIT}{1,4}:){0,3}{XIGIT}{1,4})? |
+({XIGIT}{1,4}:){3}{XIGIT}{1,4}::(({XIGIT}{1,4}:){0,2}{XIGIT}{1,4})? |
+({XIGIT}{1,4}:){4}{XIGIT}{1,4}::(({XIGIT}{1,4}:){0,1}{XIGIT}{1,4})? |
+({XIGIT}{1,4}:){5}{XIGIT}{1,4}::({XIGIT}{1,4})? |
+({XIGIT}{1,4}:){6}{XIGIT}{1,4}:: |
+({XIGIT}{1,4}:){6}({DIGIT}+\.){3}{DIGIT}+ |
+::({XIGIT}{1,4}:){0,5}({DIGIT}+\.){3}{DIGIT}+ |
+{XIGIT}{1,4}::({XIGIT}{1,4}:){0,4}({DIGIT}+\.){3}{DIGIT}+ |
+({XIGIT}{1,4}:){1}{XIGIT}{1,4}::({XIGIT}{1,4}:){0,3}({DIGIT}+\.){3}{DIGIT}+ |
+({XIGIT}{1,4}:){2}{XIGIT}{1,4}::({XIGIT}{1,4}:){0,2}({DIGIT}+\.){3}{DIGIT}+ |
+({XIGIT}{1,4}:){3}{XIGIT}{1,4}::({XIGIT}{1,4}:){0,1}({DIGIT}+\.){3}{DIGIT}+ |
+({XIGIT}{1,4}:){4}{XIGIT}{1,4}::({DIGIT}+\.){3}{DIGIT}+ {
+ if (!ip6_pton(yytext, &cf_lval.ip6))
+ cf_error("Invalid IPv6 address %s", yytext);
+ return IP6;
+}
+
+({XIGIT}{2}){16,}|({XIGIT}{2}(:{XIGIT}{2}){5,}) {
char *s = yytext;
size_t len = 0, i;
struct bytestring *bytes;
@@ -286,12 +307,6 @@ WHITE [ \t]
return BYTESTRING;
}
-({XIGIT}*::|({XIGIT}*:){3,})({XIGIT}*|{DIGIT}+\.{DIGIT}+\.{DIGIT}+\.{DIGIT}+) {
- if (!ip6_pton(yytext, &cf_lval.ip6))
- cf_error("Invalid IPv6 address %s", yytext);
- return IP6;
-}
-
0x{XIGIT}+ {
char *e;
unsigned long int l;
@@ -314,6 +329,10 @@ WHITE [ \t]
return NUM;
}
+({XIGIT}|:)*:({XIGIT}|:)*:({XIGIT}|:)* {
+ cf_error("Malformed IPv6 address or hexadecimal string: %s", yytext);
+}
+
else: {
/* Hack to distinguish if..else from else: in case */
return ELSECOL;
