summaryrefslogtreecommitdiff
path: root/usr.sbin/bgpd/printconf.c
AgeCommit message (Collapse)Author
2006-12-05implement the ttl security hack. since the pc slaves fear the word hack,Henning Brauer
they call it "Generalized TTL Security Mechanism" officially, RFC 3682. manpage with help from jmc
2006-11-28allow bgpd to work on alternate routing tables, claudio ok, jmc manpage helpHenning Brauer
2006-08-04add "restart" to max-prefix, allows sessions suspended due to reachingHenning Brauer
max-prefix to be restarted automagically after a given number of minutes requested by "Sylwester S. Biernacki" <obeer@obeer.com>, manpage help jmc, ok claudio
2006-05-27Move prinitng of communities into own function so that special communitiesClaudio Jeker
like "*" or "neighbor-as" is printed correctly. Issue noticed by Leen Besselink.
2006-04-04add "set nexthop self", force nexthop to be set to own address even with IBGPHenning Brauer
requested & tested Falk Brockerhoff <fb@smartterra.de>, and tony sarendal tested this too. claudio ok
2006-03-22Change the way bgpd selects nexthops. Up until now every route was consideredClaudio Jeker
when calculating the nexthop. Now only non BGP routes and not the default route are used unless forced with the new config options nexthop qualify via bgp nexthop qualify via default This change is required for complex setups e.g. where an additional IGP is running. OK henning@
2006-02-10Make it possible to turn suftreconfig in/out on or off. Default is on forClaudio Jeker
both directions. Manpage update follows. OK henning@
2006-02-09Implement "set community delete 65001:*" and friends. This will removeClaudio Jeker
communities from the path attributes. Useful to make sure that the ones you set later are set by a (evil) peer. OK henning@
2006-02-02Implement new special community "neighbor-as". neighbor-as is expanded onClaudio Jeker
the fly to the remote AS of the current neighbor. This can be used to simplify rulesets in a dramatic way -- going from a script based nightmare down to a handfull rules. jajajaja henning@
2005-11-01Switch from the per peer filter set list to a filter-only solution.Claudio Jeker
The default filter_sets are converted into match filter rules that get evaluated first. Simplifies code massively -- mainly the config reload part -- and makes softreconfig out a piece of cake. "get it in" henning@
2005-10-31Missing space in printf for unknown peers.Claudio Jeker
2005-10-31Print group names in rules in double quotes. Makes the output more parsable.Claudio Jeker
2005-08-09Introduce new route decision tunable "rde med compare (always|strict)".Claudio Jeker
If set to always the med will also be compared between different AS. The default is strict which is the way the RFC specifies it. OK henning@
2005-07-28print the v4/v6 safi announce stuff, from wthHenning Brauer
2005-07-01Switch filter_sets form SIMPLEQ to TAILQ, needed for upcomming stuff.Claudio Jeker
2005-07-01Make the pftable filter set use the name2id "cache" like the route labels.Claudio Jeker
This saves 14 bytes per aspath. OK henning@
2005-06-29rtlabel support via filter sets. Just use "set rtlabel foobar" in filtersClaudio Jeker
network and neighbor statements and the routes are labeled accordingly. While doing that fix some mem-leaks by introducing filterset_free() and remove the free on send option of send_filterset(). This took a bit longer because we need to carefully track the rtlabel id refcnts or bad things may happen on reloads. henning@ looks fine
2005-06-09Change the "network connected|static" statements to "network inet|inet6Claudio Jeker
connected|static" so that it is possible to distinguish between IPv4 and IPv6 addresses. "network connected|static" is considered deprecated but will be supported as an alias for "network inet connected|static" for some time (one release) to simplify upgrades. This also solve a nasty crash when using "network connected". OK henning@
2005-04-28Support for "network connected" and "network static" -- announce allClaudio Jeker
directly connected respectively all static routes. The list is auto- matically adjusted as soon as a route changes. OK henning@
2005-04-18Print mrt config after the main and network config. Main and network configClaudio Jeker
belong together. OK henning@
2005-04-12Introduce a per prefix weight. The weight is used to tip prefixes with equalClaudio Jeker
long AS pathes in one or the other direction. It weights a prefix at a very late stage in the decision process. This is a nice bgpd feature to traffic engineer networks where most AS pathes are equally long. OK henning@
2005-04-07nicer outputHenning Brauer
2005-03-14Allow to modify the metrics in a relative way by prepending the number withClaudio Jeker
a '+' or '-'. e.g. set localpref +20. This is another gem from the FOSDEM lying around on my HD gathering dust. OK henning@
2005-03-11Finally commit the transparent-as and nexthop no-modify stuff I wrote on theClaudio Jeker
way to FOSDEM. With transparent-as set to ye bgpd will not prepend his own AS for sent updates. NB the neighbor needs to set "enforce neighbor-as no" or it will not like the received AS paths. With set nexthop no-modify bgpd will change the nexthop as done normaly. OK henning@ man page update with help of jmc@
2004-11-23Switch from a single filter_set to a linked list of sets. With this changeClaudio Jeker
it is possible to specify multiple communities. This is also the first step to better bgpd filters. OK henning@
2004-11-18add an instance of struct capabilities to peer_conf, and inheritHenning Brauer
peer->capa.ann from this
2004-11-11New config statement "rde route-age [evaluate|ignore]". If set to evaluateClaudio Jeker
the best path selection will not only be based on the path attributes but also on the age of the prefix. This is an extension to the RFC. The default is ignore but previously it was implicitly set to evaluate. OK henning@ man page OK jaredy@ jmc@
2004-10-19fix printing of groups - instead of surrounding each neighbor statementHenning Brauer
which is part of a group by "group blah { .. }", so that each group decl occurs multiple times (that is valid, but confusing and ugly), stuff pointers to each peer into an a array and sort it based on group id. then print all neighbors whoch are not part of a group followed by each group with all its members. annoyed me for quite some time, now finally enough to sit down and fix it claudio ok
2004-10-19allow neighbor definitions to depend on interface state.Henning Brauer
with this, if a neighbor is configured as dependent on carp0 for example, the neighbor will remain in state IDLE as long as carp0 is not master. once carp0 becomes master the session(s) depending on it immediately go to CONNECT (or ACTIVE, if they're configured passive), reducing failover time. claudio ok, with some input from ryan as well
2004-09-28Add prepend-neighbor feature. Prepend the remote-as n times similar toClaudio Jeker
prepend-self. Only for incomming UPDATEs. OK henning@
2004-08-24Add missing config statements -- route-reflector and enforce neighbor-as.Claudio Jeker
Now printconf is in sync with the man page. OK henning@
2004-08-24Forgot to update printconf.c once again. foobar-AS is now foobar-as.Claudio Jeker
2004-08-13Fix minor issues with IPv6 dumps and add a function for dumping the RIB tableClaudio Jeker
protocol independent. This new dump format is not (yet) supported by the mrtd route_btoa tool. OK henning@
2004-08-10switch nexthop in struct filter_set form struct in_addr to struct bgpd_addrClaudio Jeker
OK henning@
2004-08-02Forgot to add "anounce default-route" here. OK henning@Claudio Jeker
2004-07-05implement "set nexthop blackhole" and "set nexthop reject"Henning Brauer
blackhole/reject routes will be entered to the kernel for matching ones. this is intended to be used with the Cymru Bogon Route Server Project (http://www.cymru.com/BGP/bogon-rs.html) and similar services, claudio ok
2004-07-03Switch mrt dumping to fd passing. This gives some speed up when extensiveClaudio Jeker
dumping is done. Acctually mrt dumps were broken because of the fd passing. The nice side effect is a much cleaner code, especially in the parent process. OK henning@
2004-06-20at least somewhat consistently name the TAILQ_ENTRYs... this confused meHenning Brauer
more than once
2004-06-06rework bgpd's handling of listening sockets. instead of one for eachHenning Brauer
supported address familiy, keep a tailq of an arbitary number of them. the new struct listen_addr contains the sockaddr and the fd. this fixes quite some nasty behaviour which was a consequence of the previous model. looks right deraadt@, and discussed with claudio
2004-05-08KNFHenning Brauer
2004-05-08do not omit the IPv6 listening addressHenning Brauer
2004-05-08add support for ipsec ah with manual keys, pfkey part already does so, andHenning Brauer
flesh parser out a bit. also add support for printing ipsec ah with manual keys in printconf
2004-04-28allow ah/esp spec with IKE, markus okHenning Brauer
2004-04-28prefix the auth related defines by AUTH_, we had a name clash, markus okHenning Brauer
2004-04-27teach printconf about all this shiny new ipsec stuffHenning Brauer
2004-04-27rename the ipsec struct to auth, move all tcpmd5 related fields in there, andHenning Brauer
add a generic "method" field that expresses what method (none/md5sig/ipsec manual/ipsec ike) is in use markus ok
2004-04-26fix printing template neighborsHenning Brauer
2004-03-17Add missing space for sets in network statements.Claudio Jeker
2004-03-12print that capabilities stuffHenning Brauer
2004-03-11KNFHenning Brauer