RPKI support without SSH transport
Ahoj BIRD Parents - I was wondering if there is a reason, why BIRD 2.0.x can't be built for RPKI support without libssh, although RPKI-RTR would also work on an unencrypted transport (as documented in the BIRD user documentation). I am asking, because I am building BIRD for a hardware router platform (Ubiquiti's EdgeRouters) and including libssh is, although doable, a real pain-in-the-rear, depending on the OS version and hardware architecture (4 variants in the EdgeOS world at the moment). Without libssh, which drags a whole slew of other library-crap behind it 🙄, BIRD is pretty lightweight and very easy to deploy. Just curious ... Thanks a lot (again) for this great piece of software! Clemens
On Thu, Jan 09, 2020 at 03:07:15PM +0100, Clemens Schrimpe wrote:
Ahoj BIRD Parents -
I was wondering if there is a reason, why BIRD 2.0.x can't be built for RPKI support without libssh, although RPKI-RTR would also work on an unencrypted transport (as documented in the BIRD user documentation).
Mainly that protocol-based compile-time variability was already there. But i agree that it would make sense to have support for RPKI without SSH transport / libssh dependency, and i already got some requests for that. So perhaps we will update that.
I am asking, because I am building BIRD for a hardware router platform (Ubiquiti's EdgeRouters) and including libssh is, although doable, a real pain-in-the-rear, depending on the OS version and hardware architecture (4 variants in the EdgeOS world at the moment).
Isn't EdgeOS based on Debian? So i suppose there should not be problem with libssh / libgcrypt there. But last time i played with EdgeRouter i just dropped whole EdgeOS and used vanilla Debian with Ubiquiti EdgeRouter Linux kernel. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
Hello! Please try the attached patch. It has not been tested, yet it compiles with no LibSSH available. Maria On 1/9/20 3:07 PM, Clemens Schrimpe wrote:
Ahoj BIRD Parents -
I was wondering if there is a reason, why BIRD 2.0.x can't be built for RPKI support without libssh, although RPKI-RTR would also work on an unencrypted transport (as documented in the BIRD user documentation).
I am asking, because I am building BIRD for a hardware router platform (Ubiquiti's EdgeRouters) and including libssh is, although doable, a real pain-in-the-rear, depending on the OS version and hardware architecture (4 variants in the EdgeOS world at the moment).
Without libssh, which drags a whole slew of other library-crap behind it 🙄, BIRD is pretty lightweight and very easy to deploy.
Just curious ...
Thanks a lot (again) for this great piece of software!
Clemens
Please try the attached patch. It has not been tested, yet it compiles with no LibSSH available.
This appears to work nicely. After running autoreconf and ./configure --disable-libssh it builds a bird with RPKI support, which is still "lean": DEV 2.x MIPS:~/bird-patch> ldd bird linux-vdso.so.1 (0x771ed000) libpthread.so.0 => /lib/mips-linux-gnu/libpthread.so.0 (0x770a2000) libc.so.6 => /lib/mips-linux-gnu/libc.so.6 (0x76f20000) /lib/ld.so.1 => /lib64/ld.so.1 (0x771bc000) however, attempts to build it without --disable-libssh result in a linking error: /tmp/ccz8W8kL.ltrans12.ltrans.o: In function `rpki_init_cache': /home/csch/bird-patch/proto/rpki/rpki.c:583: undefined reference to `rpki_tr_ssh_init' /home/csch/bird-patch/proto/rpki/rpki.c:583: undefined reference to `rpki_tr_ssh_init' collect2: error: ld returned 1 exit status It still works without the patch, but (as mentioned) yields a bird with many external dependencies: DEV 2.x MIPS:~/bird> ldd bird linux-vdso.so.1 (0x7755a000) libssh.so.4 => /usr/lib/mips-linux-gnu/libssh.so.4 (0x773bb000) libpthread.so.0 => /lib/mips-linux-gnu/libpthread.so.0 (0x7738e000) libc.so.6 => /lib/mips-linux-gnu/libc.so.6 (0x7720c000) librt.so.1 => /lib/mips-linux-gnu/librt.so.1 (0x771f4000) libcrypto.so.1.0.2 => /usr/lib/mips-linux-gnu/libcrypto.so.1.0.2 (0x77034000) libz.so.1 => /lib/mips-linux-gnu/libz.so.1 (0x7700b000) libgssapi_krb5.so.2 => /usr/lib/mips-linux-gnu/libgssapi_krb5.so.2 (0x76fb8000) /lib/ld.so.1 => /lib64/ld.so.1 (0x77529000) libdl.so.2 => /lib/mips-linux-gnu/libdl.so.2 (0x76fa5000) libkrb5.so.3 => /usr/lib/mips-linux-gnu/libkrb5.so.3 (0x76ed6000) libk5crypto.so.3 => /usr/lib/mips-linux-gnu/libk5crypto.so.3 (0x76e91000) libcom_err.so.2 => /lib/mips-linux-gnu/libcom_err.so.2 (0x76e7d000) libkrb5support.so.0 => /usr/lib/mips-linux-gnu/libkrb5support.so.0 (0x76e62000) libkeyutils.so.1 => /lib/mips-linux-gnu/libkeyutils.so.1 (0x76e4e000) libresolv.so.2 => /lib/mips-linux-gnu/libresolv.so.2 (0x76e28000) To summarize → your patch works fine in "the forward direction" (towards solving the problem), but apparently creates another problem when building with libssh now. 🤷🏼♂️ Thanks for your efforts! Clemens
Hello and sorry for the late feedback ... lots of things going on ...
On 14. Jan 2020, at 16:45, Maria Matějka <maria.matejka@nic.cz> wrote:
however, attempts to build it without /--disable-libssh/ result in a linking error:
Oops, sorry, I missed one include. Here is the fixed patch, now it compiles both with and without libSSH.
Maria <no-ssh-2.patch>
No, unfortunately it does not - not any more, at least: Configured with ./configure --disable-libssh it doesn't compile proto/rpki/ssh_transport.c because it references "struct ssh_sock" and "SK_SSH_CONNECT", whose definitions are excluded in lib/socket.h unless HAVE_LIBSSH is defined → CC -o obj/proto/rpki/ssh_transport.o -c proto/rpki/ssh_transport.c proto/rpki/ssh_transport.c: In function 'rpki_tr_ssh_open': proto/rpki/ssh_transport.c:29:40: error: invalid application of 'sizeof' to incomplete type 'struct ssh_sock' sk->ssh = mb_allocz(sk->pool, sizeof(struct ssh_sock)); ^~~~~~ proto/rpki/ssh_transport.c:30:10: error: dereferencing pointer to incomplete type 'struct ssh_sock' sk->ssh->username = ssh_cf->user; ^~ proto/rpki/ssh_transport.c:34:20: error: 'SK_SSH_CONNECT' undeclared (first use in this function) sk->ssh->state = SK_SSH_CONNECT; ^~~~~~~~~~~~~~ Again: Thanks for your great support! Clemens
Hi, In my case all compiled fine: ./configure --disable-libssh ..... CC -o obj/proto/rpki/ssh_transport.o -c proto/rpki/ssh_transport.c CC -o obj/proto/rpki/transport.o -c proto/rpki/transport.c CC -o obj/proto/static/static.o -c proto/static/static.c Clemens Schrimpe пишет 19.03.2020 16:44:
Hello and sorry for the late feedback ... lots of things going on ...
On 14. Jan 2020, at 16:45, Maria Matějka <maria.matejka@nic.cz <mailto:maria.matejka@nic.cz>> wrote:
however, attempts to build it without /--disable-libssh/ result in a linking error:
Oops, sorry, I missed one include. Here is the fixed patch, now it compiles both with and without libSSH.
Maria <no-ssh-2.patch>
No, unfortunately it does not - not any more, at least:
Configured with
./configure --disable-libssh
it doesn't compile /proto/rpki/ssh_transport.c /because it references "struct ssh_sock" and "SK_SSH_CONNECT", whose definitions are excluded in lib/socket.h unless HAVE_LIBSSH is defined →
CC -o obj/proto/rpki/ssh_transport.o -c proto/rpki/ssh_transport.c proto/rpki/ssh_transport.c: In function 'rpki_tr_ssh_open': proto/rpki/ssh_transport.c:29:40: error: invalid application of 'sizeof' to incomplete type 'struct ssh_sock' sk->ssh = mb_allocz(sk->pool, sizeof(struct ssh_sock)); ^~~~~~ proto/rpki/ssh_transport.c:30:10: error: dereferencing pointer to incomplete type 'struct ssh_sock' sk->ssh->username = ssh_cf->user; ^~ proto/rpki/ssh_transport.c:34:20: error: 'SK_SSH_CONNECT' undeclared (first use in this function) sk->ssh->state = SK_SSH_CONNECT; ^~~~~~~~~~~~~~
Again: Thanks for your great support!
Clemens
On Wed, Mar 25, 2020 at 02:17:13PM +0300, Mikhail Grishin wrote:
Hi,
In my case all compiled fine:
./configure --disable-libssh
Yes, current code in git should be OK, all code in ssh_transport.c is commented out.
CC -o obj/proto/rpki/ssh_transport.o -c proto/rpki/ssh_transport.c CC -o obj/proto/rpki/transport.o -c proto/rpki/transport.c CC -o obj/proto/static/static.o -c proto/static/static.c
No, unfortunately it does not - not any more, at least:
Configured with
./configure --disable-libssh
it doesn't compile /proto/rpki/ssh_transport.c /because it references "struct ssh_sock" and "SK_SSH_CONNECT", whose definitions are excluded in lib/socket.h unless HAVE_LIBSSH is defined →
CC -o obj/proto/rpki/ssh_transport.o -c proto/rpki/ssh_transport.c proto/rpki/ssh_transport.c: In function 'rpki_tr_ssh_open': proto/rpki/ssh_transport.c:29:40: error: invalid application of 'sizeof' to incomplete type 'struct ssh_sock' sk->ssh = mb_allocz(sk->pool, sizeof(struct ssh_sock)); ^~~~~~ proto/rpki/ssh_transport.c:30:10: error: dereferencing pointer to incomplete type 'struct ssh_sock' sk->ssh->username = ssh_cf->user; ^~ proto/rpki/ssh_transport.c:34:20: error: 'SK_SSH_CONNECT' undeclared (first use in this function) sk->ssh->state = SK_SSH_CONNECT; ^~~~~~~~~~~~~~
Again: Thanks for your great support!
Clemens
-- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
participants (5)
-
Clemens Schrimpe -
Maria Matejka -
Maria Matějka
-
Mikhail Grishin -
Ondrej Zajicek