| Age | Commit message (Collapse) | Author |
|---|
|
|
|
as string. Fixes crash seen by Peter Bristow. "obviously ok" henning@
|
|
tested by Raphael Ho long time ago.
|
|
but only do the final popfile call after yyparse() is done.
This also fixes config reload on SIGHUP for some daemons.
Spotted by otto@. OK deraadt@
|
|
it with a simple filter in the yylex() loop.
The compression in lgetc() didn't happen for quoted strings,
thus creating a regression when tabs were used in variables.
Some testing by todd@ and pyr@
OK deraadt@
|
|
ok henning@
|
|
Requested and OK deraadt@
|
|
expand to space or tab, and a \ followed by newline should be ignored
(as a line continuation). compatible with the needs of hoststated
(which has the most strict quoted string requirements), and ifstated
(where one commonly does line continuations in strings).
pointed out by mpf, discussed with pyr
|
|
yylex implementation and the code which interacts with yylex. this also
brings the future potential for include support to all of the parsers.
in the future please do not silly modifications to one of these files
without checking if you are de-unifying the code.
checked by developers in all these areas.
|
|
as found in hoststated, and make all the code diff as clean as possible. a
few issues remain mostly surrounding include support, which will likely be
added to more of the grammers soon.
ok norby pyr, others
|
|
all the relative metrics need some special handling. OK henning@ deraadt@
|
|
set is used inside neighbor or group statements and the result was that
these rules no longer machted everything. Problem found by Jon Morby.
Please commit henning@
|
|
not allow anybody to use 65535. That one is reserved for well known
communities. Add in that check again.
|
|
that unfortunately means we cannot use 0 for "unset".
ok claudio
|
|
are now 4-byte instead of the old 2-byte numbers. The only exception are
communities because they can not be switched. The RDE will inflate and deflate
the ASPATH and AGGREGATOR attributes on demand and create the NEW_ASPATH and
NEW_AGGREGATOR field whenever needed. Both old and new stile sessions are
supported and can be mixed. Currently new stile sessions with the 4-byte AS
number capability turned on are only enabled if one of the AS numbers involved
is a 4-byte one.
This is based on an initial diff by Geoff Huston gih (at) apnic (dot) net
Cleanup, testing and bug-fixes by myself (via AS 3.10).
Currently mrt table dumps are producing incompatible output this will be fixed
afterwards -- this diff is already big enough.
"get it in if you think it is ready" henning@
|
|
some time ago. OK henning@
|
|
This makes prefixlen filtering for AF_INET6 unnecessary complex. From now
on if prefixlen is used alone the address family needs to be specified
beforehands via the new inet or inet6 keywords.
Remove an old check so that it is finally possible to filter IPv6 prefixes.
OK henning@
|
|
|
|
|
|
range check. Found while hacking on 4-byte AS support.
|
|
they call it "Generalized TTL Security Mechanism" officially, RFC 3682.
manpage with help from jmc
|
|
|
|
|
|
make the parser restartable. with that implement "include" file support.
makes life a _lot_ easier with filter generation tools. claudio ok
|
|
|
|
draft-ietf-idr-restart. Do not announce actual restart capabilities,
so that this only serves as indicator that we are capable of sending
and receiving the End-of-RIB marker.
leave disabled for now, since the code to actually send the EoR-marker
is currently ifdef'd out (to be fixed soon) and we wanna play safe for
4.0. and juniper doesn't support that capability (which is not a problem
per se) and at the same time has its capability negotiation code completely
fucked up, if a capability is rejected they don't indicate WHICH capability
they reject (which makes that a problem, tho still a small one and we cope).
claudio ok
|
|
max-prefix to be restarted automagically after a given number of minutes
requested by "Sylwester S. Biernacki" <obeer@obeer.com>, manpage help jmc,
ok claudio
|
|
sessions can be configured to modify the carp demotion counter for a
given interface group (usually, "carp", which has all carp interfaces)
when the session is not established. once the session is established for
60 seconds, the demotion is cleared.
this, used correctly, can prevent a bgpd-box which lost all sessions (and
thus has no routes) to be carp master, while the backup has sessions.
thought through and partially hacked on a drive from calgary to vancouver
with ryan, ok claudio
|
|
|
|
other things work. ok henning
|
|
the table was already out of sync now. OK henning@
|
|
self is a token now
|
|
OK henning@
|
|
requested & tested Falk Brockerhoff <fb@smartterra.de>, and tony sarendal
tested this too. claudio ok
|
|
when calculating the nexthop. Now only non BGP routes and not the default
route are used unless forced with the new config options
nexthop qualify via bgp
nexthop qualify via default
This change is required for complex setups e.g. where an additional IGP is
running. OK henning@
|
|
inside group blocks were reset to default values. The problem was that
group ids changed on reload as soon as a new peer was added to one group.
Make sure that group ids remain the same over reloads a similar thing is
already done for peer ids. ok henning@
|
|
|
|
both directions. Manpage update follows. OK henning@
|
|
communities from the path attributes. Useful to make sure that the ones you
set later are set by a (evil) peer. OK henning@
|
|
the fly to the remote AS of the current neighbor. This can be used to
simplify rulesets in a dramatic way -- going from a script based nightmare
down to a handfull rules. jajajaja henning@
|
|
is not possible to use NO_PEER as community in the config.
|
|
|
|
attributes and set nexthop. Now the full filter set list is sorted.
|
|
is singed the other not.
|
|
|
|
The default filter_sets are converted into match filter rules that get
evaluated first. Simplifies code massively -- mainly the config reload
part -- and makes softreconfig out a piece of cake. "get it in" henning@
|
|
started on bgpd startup but stays in IDLE. requested by claudio
|
|
If set to always the med will also be compared between different AS.
The default is strict which is the way the RFC specifies it.
OK henning@
|
|
|
|
multiprotocol shitz
claudi needs this to proceed with v6 stuff in the RIB, print stuff and
manpage later
from whatthehack, claudio ok, marcm schnell schnell schnell
|
