Enable RFC 9234 route leak prevention in backwards compatible ('non-strict' mode)

[job]

• Requires BIRD 2.0.15 or higher

[NF] New feature summary

Enable RFC 9234 support on IXP-manager-managed route servers. See https://mailman.nanog.org/pipermail/nanog/2024-September/226204.html

In addition to the above, I have:

• [x] ensured all relevant template output is escaped to avoid XSS attached with <?= $t->ee( $data ) ?> or equivalent.
• [x] ensured appropriate checks against user privilege / resources accessed
• [x] API calls (particular for add/edit/delete/toggle) are not implemented with GET and use CSRF tokens to avoid CSRF attacks

[benjojo]

Requires BIRD 2.0.15 or higher

As far as I understand IXP Manager does not have a way of knowing what minor version of bird is running, and given that the current distros that I would consider most users of IXP-Manager to be using are not that new, merging this would break most configs as of right now.

[job]

thanks @benjojo

Related, perhaps 2.0.14 also is acceptable; as it contains an important bugfix

[nickhilliard]

this would need to be presented in the UI with a tickbox (default: enabled).

[agbcix]

@nickhilliard I do not see the need for a tickbox in the UI. The tickbox would only be necessary for enabling "strict mode". Setting the local role opportunistically is possible, but a Bird reconfigure will drop existing BGP sessions.

@benjojo IXP Manager has the ability to store the BGP daemons version number in the "router" object. The information may be accessed in the templates via $t->router->software_version.

So something like

<?php if( version_compare( $t->router->software_version, "2.14" , ge ) ): ?>
        local role rs_server;
<?php endif; ?>

should do the trick (untested).

As far as I can see, this would be the first real use of optional software_version attribute and I don't know who is really maintaining it.