| Age | Commit message (Collapse) | Author |
|---|
|
as an int. This way 4-byte ASes should be printed nicely.
OK deraadt@ henning@
|
|
start with the neighbor-as. makes finding the offender easier.
from Sebastian Benoit <benoit-lists at fb12.de>, claudio agrees
|
|
'enforce neighbor-as'; from Sebastian Benoit on tech@.
|
|
for NOFILE in the session engine.
OK henning, sthen@
|
|
header. ATTR_UNDEF is still a bit strange though but at least it will now
parse and ignore such a freak attribute correctly.
|
|
|
|
segments. Bgpd does not support confederations but it is too extreme
to close a session because a path contained such elements.
OK henning@, sthen@
|
|
by using calloc(). This fixes an issue where the RDE would start up
as route-collector because uninitialized memory made the RDE switch
to that mode.
OK henning@, sthen@, phessler@
|
|
attributes are ignored or UPDATEs are invalidated and withdrawn.
While there use % to check if a attribute is a multiple of X.
OK henning@, sthen@
|
|
(verified by both sthen@ and me).
ok sthen@; "just commit it" claudio@
|
|
The previous location also depended on poll results and in most cases was
therefor not entered because finished dumps are not added to the poll array.
Problem reported by Peter Haag, OK henning@
|
|
ibuf, buf_read to ibuf_read, READ_BUF_SIZE to IBUF_READ_SIZE.
ok henning gilles claudio jacekm deraadt
|
|
the old RIB and then via softreconfig in and a special softreconfig out loading
the new RIB.
Feature requested and testeded by Elisa Jasinska.
OK henning@
|
|
This adds a bit of new config to specify the mapping between an rdomain and
the BGP MPLS VPN instance, example:
rdomain 1 {
descr "CUSTOMER1"
rd 65003:1
import-target rt 65003:3
export-target rt 65003:1
depend on mpe0
network 192.168.224/24
}
The "depend on mpe0" is a but ugly but for now this is the quickest way to
figure out which interface bgp should use to insert the MPLS routes.
A big side-effect of this diff is that networks are now internally
distributed through kroute.c.
This needs some kernel changes that will follow hopefully soon.
OK henning@
|
|
into play. Check the AID and use 32 or 128 based on the address family.
Now bgpctl show rib <IPv6 addr> works like in the IPv4 case.
Bug reported and fix made during yesterday's Swinog BE#85
|
|
those for alternate RIBs. This allows to use "rde rib TESTIT rtable 1".
NOTE: nexthop verification has changed for alternate tables. For now
nexthop will only be verified against the main routing table (id 0).
Because of this "nexthop qualify via bgp" may now compare the nexthops
against bgpd routes from a different RIB.
Tested by sthen@, OK to move on by henning@
|
|
kroute_full structure that is AF independent and has all information in
it. Simplifies the communication between processes and reduces the number
of imsg types. This is another step to add FIB support to BGP MPLS VPNs.
|
|
be there. network X set nexthop Y failed because of this.
|
|
fixed id allocation. Makes code simpler.
OK henning
|
|
NEW is now REINIT, ACTIVE is KEEP and DELETE and NONE stay the same.
|
|
This will allow AID_VPN_IPv4 to do EoRs as well.
|
|
because of that either the IPv4 or IPv6 local address was not set. Because
of this prefixes were sent out with all zero nexthops.
|
|
|
|
that it is possible to use OpenBGPD as a route-reflector for VPNv4.
Some clean up of the BGP MP code so that multiple protocols are easier
supported. kroute/kernel support not yet done but comming.
OK henning@, reyk@
|
|
prefixlen that is not a multiple of 8. Found while reading the RFC.
OK henning@
|
|
of the actual update dump. This will get us the right barrier and the EoR
is no longer sent way before the actual dump. Currently a nop since graceful
restart is turned off (unless you have announce restart yes in the config).
put it in henning@
|
|
|
|
the SE. This got more important since we use the reload all the time now.
Found out the hard way and fix tested by Laurent CARON
|
|
a config reload as first step in bootup. This allows childs to start with
an empty config and a lot of special cleanup code can bite the dust.
Testing by myself and sthen@ with a few configs (more testing welcome).
Seems like a good idea henning@ & sthen@
|
|
indirection.
|
|
extended communities as specified in RFC 4360. No matching implemented yet
and stuff like * and neighbor-as are neither supported but will be soon.
Looks good henning & sthen, manpage fixed by jmc
|
|
flags. This makes a lot of code much easier since the comparison is now
trivial. Additionally calculate the negotiated capabilities for a session
in the SE and pass that and only that to the RDE. This makes the decisions
in the RDE a lot easier. OK henning@
|
|
else. Adds conversion functions to map AFI/SAFI and the Unix AF_ values
from and into AID used in bgpd. This is needed to support things like MPLS
VPN and other upcomming changes that need to play a lot with AFI/SAFI pairs.
Mostly mechanical change, henning@ has no particular issues with this.
Must go in so that I can continue working.
|
|
|
|
no log_debug() it makes more sense to make all routing daemons behave the same.
|
|
|
|
on the disk). Before the SE spinned and the RDE may even crash in these events.
Found by Elisa Jasinska. OK henning@
|
|
received MP capability for IPv4 this does not work when announce capabilities
no is set so check if announce IPv4 none was set in the config.
The capabilities code needs rework since those checks are very error prone.
With this we don't leak unneeded EOR markers for other AFI/SAFI pairs.
|
|
SAFI_ALL shortcuts. This should fix issues with Juniper boxes that started
when I enabled more capabilities by default.
Fix and report by rivo nurges (rix at estpak dot ee) Thanks.
|
|
|
|
Adj-RIB-In. This only works correctly when softreconfig in is enabled
(which is the default). This is needed to allow dynamic creation of
additional RIBs. OK henning@
|
|
Fix function name in a warning message.
|
|
for optional transitive attributes. In short if the partial bit is set on
an optional transitive attribute but the attribute fails validation ignore
the attribute or mark the path as ineligible instead of killing the session
with a NOTIFICATION. Tested, input and OK sthen, OK henning
|
|
|
|
|
|
Currently the receiver fetches an imsg via imsg_get() and if he expects
an fd, he then calls imsg_get_fd() to fetch the next fd queued on the
imsgbuf from which the imsg came.
This changes hides the fd queueing mechanism to the API user. When closing
an imsg with an fd, the message is flagged so that the receiving end knows
it must dequeue the fd in imsg_get() and return it with the imsg structure.
This way there is no (less) possible screw up from imsg_get_fd() not being
called directly after imsg_get() by the user. The retreived imsg is
self-contained.
ok pyr@, "I like that" henning@
|
|
not fully understand but at least no flames are comming out of my test
box anymore.
|
|
|
|
ok claudio@ pyr@
|
|
|
