| Age | Commit message (Collapse) | Author |
|---|
|
process tracks which prefixes are added / removed and issues the
corresponding imsg calls.
Right now the RDE does nothing with the received information.
OK tb@
|
|
sending the IMSG_RECONF_DONE message to the RDE. The RDE does not depend
on the RTR config reload (in contrast to the SE).
The ROA / ASPA reload is async from the RDE config reload.
OK tb@
|
|
|
|
logic in the rtr process. It does not implement the new RTR messages yet
but it is possible to specify an aspa-set in the config. Also the validation
code in the RDE is missing so this does not do anything.
With this in it will be possible to extend rpki-client to publish an
aspa-set as part of the openbgpd config file.
OK tb@
|
|
The memory regions passed to memcpy() can not overlap so no need for memmove().
OK tb@ deraadt@
|
|
|
|
Simplify the logic and adjust kroute_match() which makes the code
easier to understand.
OK tb@
|
|
not correct because kr_tofull() replaces RTP_MINE with the real priority.
Noticed because of incorrect nexthop selection.
|
|
Only problem is when route(8) is used to modify/delete a bgpd owned route.
Exact behaviour for that is still a bit unclear but F_KERNEL does not help
in this case either. In the kr_fib_delete/change remove F_BGPD_INSERTED
in that case as a first step.
OK tb@
|
|
- introduce network_free() to properly free a network struct including
the possible rtlabel reference.
- change expand_networks() and the reload code to not only expand the
main network config but also the network configs inside L3VPN sections.
- adjust reload logic to properly match any kind of network struct.
Up until now rtlabel and priority network statememnts were not correctly
reloaded.
OK tb@
|
|
The only user of struct kif was the session engine for the 'depend on'
feature. Switch the imsg exchange to a new struct session_dependon and
rename the IMSG as well.
OK tb@
|
|
simpler.
OK tb@
|
|
indicates that the route was successfully added to the FIB.
Filter out dynamic routes, like it is already done for ARP and ND routes) and
kill F_DYNAMIC.
Also remove the protect_lo() bits. Adding dummy kroute entries does no longer
prevent bad routes to hit the FIB. Also loopback IPs are checked in a few
other places to prevent bad routes to be installed into the FIB.
OK tb@
|
|
kr_nexthop_add() and kr_nexthop_delete() only operate on the main table
so just pass in the right rdomain id.
kr_shutdown() and kr_dispatch_msg() don't really need the rdomain passed.
The was done for kif_remove(), since that function needs to remove connected
routes from the rdomain table. Connected routes can only exists in the
interfaces rdomain so just use kif->k.rdomain. If such routes exist that
table exists as well. If the table does not exists there are also no
connected routes to track.
OK tb@
|
|
Instead of passing it around all the time put the fib_priority into the
kroute state. It is only needed in send_rtmsg() in the end.
Additionally insert F_BGP_INSERTED routes with a special RTP_MINE priority.
This makes changing the fib_priority at runtime simpler because there
is no need to alter the kroute table anymore.
OK tb@ deraadt@
|
|
actually loads a routing table and not really an rdomain.
|
|
a few reindents.
OK florian@ tb@
|
|
delivery checks at the end still need to happen. So that on EINTR bgpd
processes reconfigure or mrt files ASAP.
Fix for mrt integration tests.
Reported by and ok anton@
|
|
Also either fail hard or restart after other errors. In anycase do not
look at pollfds after an error.
OK benno@
|
|
|
|
OK claudio@
|
|
If the limit is hit the request will be dropped and the rtr process will
retry the connect after the retry timeout. Hopefully by then the number of
connections is down again.
OK deraadt@ benno@
|
|
a long time if the IP is not reachable and would block the main process
while doing so.
Problem noticed by Pier Carlo Chiodi
OK benno@
|
|
bind. The len argument is modified by addr2sa but is also used as argument
in the call and it is undefined if the value of len in connect is set to
the value "returned" by addr2sa().
Should fix connect issues seen on Linux system.
OK denis@
|
|
The RTR client runs in a new process where the protocol handling is done
and when new data is available all sources are merged into one ROA set
which is then loaded into the RDE. The roa-set from the config is also
handled by the new RTR engine.
Tested by and ok job@
|
|
Also change the startup code to use enum bgpd_process to select which
process needs to be run. Makes the code in my opinion easier to understand.
OK denis@
|
|
Noticed by procter@
|
|
in the parent to a simple RB tree based on struct roa. With this overlapping
ROAs (same prefix & source-as but different maxlen) are now merged in the RDE
when the lookup trie is constructed.
OK benno@
|
|
type directly to log init. One less common in bgpd.
OK benno@
|
|
charactars. Also fix a long line.
OK benno@ deraadt@
|
|
to be more generic, then change 'reload' to take take a '[reason]' also,
which will be logged by bgpd.
ok kn claudio
|
|
removed the session engine will issue a IMSG_PFKEY_RELOAD call after
the parent has removed the peer which is no problem and so no need
to fill the log with this.
OK benno@
|
|
immediate exit of bgpd. Instead pass the fd via pointer arg.
OK benno@
|
|
This way config errors will be directly user visible on startup.
To do this split out send_config() out of reconfigure() which is
sending the config to the SE and RDE.
OK sthen@
|
|
and l3vpns instead of temporary globals. Also rework rde_reload_done to
free filters and sets earlier. The soft-reconfiguration process no longer
needs the previous filters / sets to do its work since there is a full
Adj-RIB-Out.
OK benno@
|
|
of sending them after e.g. the filter rule send them before. The benefit
is that the filterset is present when a rule is added and so the filter
rule is complete at that moment.
OK benno@
|
|
ok claudio@
|
|
from the RDE. Make sure that all nexthops don't get removed in the FIB
when a FIB table is removed. This should only happen for the main FIB.
Remove F_RIB_HASNOFIB which is just confusing since there is already
F_RIB_NOFIB and F_RIB_NOFIBSYNC.
OK benno@
|
|
4 times the read size. This helps to increase the efficency of poll()
since now most of the time the read and write call can operate on full
buffers.
OK benno@ phessler@
|
|
hit a race frequently where a session ended up with no key/SPI in the kernel.
Since there is no way to do atomic updates of SADB_X_SATYPE_TCPSIGNATURE
the code is adding a new one then removing the old one.
Also make sure keys are correctly cleared when peers are deconfigured.
May not be perfect but a lot better than what was there before.
Tested by and OK sthen@
|
|
getpeerbyid() gets a lot quicker at finding the peer when many peers
are configured. In my test case the difference is around 20% runtime.
OK denis@
|
|
'obj, sizeof(struct object)'
OK benno@
|
|
process in this process. The refreshing of the keys is done whenever the
session state is changes to state IDLE or ACTIVE. This should behave better
when reloading configs with auth changes.
OK benno@
|
|
the hand-rolled list. This changes the way peers are reloaded since now
both parent and session engine are now merging the lists.
OK denis@
|
|
descriptor keeps CLOEXEC flag then it will be closed unexpectedly by
exec().
ok tedu florian
|
|
were missed before (e.g. network related objects). This helps to detect
memory leaks.
Start using new_config() and free_config() in all places where bgpd_config
structure are used. This way the struct is properly initialised and cleaned
up. Introduce copy_config() to only copy the values into the other struct
leaving the pointers as they were.
Looks good to benno@
|
|
this ensures that the imsgs go actually out right away.
|
|
of some strange maximum. The poll loop in bgpd.c already limits the
maximum wait time so there is no need to double it.
While there switch to using time_t for the calculation.
OK phessler@
|
|
|
|
Result is the same.
|
