summaryrefslogtreecommitdiff
path: root/usr.sbin/bgpd/session.c
AgeCommit message (Collapse)Author
2009-10-26Better error handling when doing mrt dumps (e.g. when there is no more spaceClaudio Jeker
on the disk). Before the SE spinned and the RDE may even crash in these events. Found by Elisa Jasinska. OK henning@
2009-09-22Update capability code to follow RFC 5492. Unlike before multipleClaudio Jeker
capabilities are now encoded in a single capability option. RFC conforming BGP implementations must be able to parse both the old and the new way of the encoding (most still seem to use the old one). bgpd still accepts both ways on reception. OK henning, sthen
2009-09-03Use correct destination in memcpy(). Fixes PR6218, OK henningClaudio Jeker
2009-09-02Implement all of RFC 4486 BGP Cease Notification Message Subcodes.Claudio Jeker
The other side should now see why a session was dropped. e.g: bgpd: ... received notification: Cease, administratively down OK henning
2009-08-21Fix for PR6213, peers with 4-byte AS numbers were unable to connect to aClaudio Jeker
template neighbor because the AS was set before the 4-byte one was parsed. While there force enforce neighbor-as to no for iBGP peers. Found and fix tested by Matthias Cramer (cramer (at) swissix.ch) OK henning@, sthen@
2009-07-24RECONF_REINIT is a bad initial reconf_action state for templates.Claudio Jeker
getpeerbyip() initializes the full peer and so there is no need to do the work a second time -- especially since there it was already in the wrong state resulting in strange behaviour. OK henning@
2009-06-07Change the way fds passed over a socket are retreived on the receiving side.Eric Faurot
Currently the receiver fetches an imsg via imsg_get() and if he expects an fd, he then calls imsg_get_fd() to fetch the next fd queued on the imsgbuf from which the imsg came. This changes hides the fd queueing mechanism to the API user. When closing an imsg with an fd, the message is flagged so that the receiving end knows it must dequeue the fd in imsg_get() and return it with the imsg structure. This way there is no (less) possible screw up from imsg_get_fd() not being called directly after imsg_get() by the user. The retreived imsg is self-contained. ok pyr@, "I like that" henning@
2009-06-06sync bgpd/bgpctl with the common imsg code, making it lib ready as well.Eric Faurot
ok claudio@ pyr@
2009-06-04Add "rde rib <name>" to the config and allow the rde to use these other RIBs.Claudio Jeker
Still a bit hackish, reload is missing and printconf as well. Looks good h@
2009-05-27add an option to change the "connect-retry" timer which defaults to 120s.Reyk Floeter
this can be used to decrease the failover time in specific carp'ed IBGP setups. ok henning@
2009-03-19First big chunk of mrt rewrite. Simplifies code hopefully and fixes tableClaudio Jeker
dumps that were wrong because of the 4byte AS support. Dumps I took seemed to work so far. "Put it in" henning@
2009-03-18Correctly check the peer group for mrt dumps. Without this all non-groupedClaudio Jeker
peers ended up in most mrt dumps. Also switch the if-statements to a hopefully easier to read version. Another mrt fix from my flight home. OK henning@
2009-03-18short_as is always initialised to the 16bit AS that is used. So no needClaudio Jeker
use conf->as as source for > 16bit AS numbers. OK henning.
2009-03-13Move mrt code over to use the msgbuf way of queuing buffers instead of rollingClaudio Jeker
an own version. More cleanup to come.
2009-03-13Sync buffer API with the one from ospfd. The dynamic buffers will make otherClaudio Jeker
code much easier to write. OK henning@ some time ago.
2008-09-11remove hackery to un-demote after the session has been established forHenning Brauer
a while, we can now just use a timer (since i rewrote the timer code)
2008-09-05ignore unknown SAFIs in the MP capabilities. used by some to distributeHenning Brauer
some kind of VPN stuff
2008-06-26fatalx instead of fatal because errno is not set of pipe is closed. OK henningClaudio Jeker
2008-05-08take advantage of the timewheel: instead of checking each an everyHenning Brauer
timer, just get the first off the queue and check wether it is due
2008-05-08change timer internals so that we use a timewheel (tailq, sorted by expiryHenning Brauer
so that the timer that will expire first is always the first element, and so on). will make the checking a bit faster and moreelegant and more conveniant. ok claudio
2007-12-23provide timer_nextduein, which provides the number of seconds until theHenning Brauer
next timer expires. use that in the session engine's mainloop, which simplifies it and removes the last bits of timer internals knowledge from anywhere outside timer.c.
2007-12-23use timer_running (with left = NULL, which the last commit made possible)Henning Brauer
instead of timer_get and checking manually
2007-12-20rework timers.Henning Brauer
stop changing tienmr values directly, always use new timer_(get/set/stop/running) functions. preparation for more to come :) ok claudio
2007-06-19Ignore SIGHUP in bgpd's children to allow the use of pkill -1 bgpd forPierre-Yves Ritschard
reloading. ``yeah that is good'' henning@
2007-05-29Correctly encode the End-of-RIB marker capability. It is just 2 bytes notClaudio Jeker
4. OK henning@
2007-05-15draft-ietf-idr-restart -> RFC 4724 and bump draft-ietf-idr-as4bytes toClaudio Jeker
version 13.
2007-04-23Make bgpd 4-byte AS compatible. All internal representations of AS numbersClaudio Jeker
are now 4-byte instead of the old 2-byte numbers. The only exception are communities because they can not be switched. The RDE will inflate and deflate the ASPATH and AGGREGATOR attributes on demand and create the NEW_ASPATH and NEW_AGGREGATOR field whenever needed. Both old and new stile sessions are supported and can be mixed. Currently new stile sessions with the 4-byte AS number capability turned on are only enabled if one of the AS numbers involved is a 4-byte one. This is based on an initial diff by Geoff Huston gih (at) apnic (dot) net Cleanup, testing and bug-fixes by myself (via AS 3.10). Currently mrt table dumps are producing incompatible output this will be fixed afterwards -- this diff is already big enough. "get it in if you think it is ready" henning@
2007-03-28IPv6 ttl setting via IPV6_HOPLIMIT no longer works. Switch toClaudio Jeker
IPV6_UNICAST_HOPS which does the same thing and does not fail. OK henning@ found by Jon Morby
2007-03-16A few more s/2858/4760/ and use RFC <number> everywhere.Claudio Jeker
2007-02-22KNFHenning Brauer
2007-02-22do not try to set IP_TTL on non-INET listening sockets, it's not goingHenning Brauer
to work on INET6... non-fatal error, so in pratice this just avoids a misleading error msg
2007-01-26Massiv rework of the control imsg flow. Main changes:Claudio Jeker
- dedicated pipe between the SE and the RDE for control messages - restartable RB tree dumps in the RDE - queuing limits both in the SE and RDE The result is a dramatic decrease of memory consumption on operations like bgpctl show rib. Previously all messages where first stored in the RDE then passed to the SE where they got queued in case bgpctl was not fast enough. Now only a small number of messages is generated and passed to the SE and the SE has an additional limit instead of acting like an infinite buffer. Without this the bgpd on bgpd.networx.ch would not survive a single minute. looks good henning@
2007-01-23Typo in fatal() message found by dunceor @ gmail dot comClaudio Jeker
2006-12-05implement the ttl security hack. since the pc slaves fear the word hack,Henning Brauer
they call it "Generalized TTL Security Mechanism" officially, RFC 3682. manpage with help from jmc
2006-11-28add additional link states to report the half duplex / full duplexReyk Floeter
state, if known by the driver. this is required to check the full duplex state without depending on the ifmedia ioctl which can't be called in the kernel without process context. ok henning@, brad@
2006-11-06fix pasto; only announce restart capability when announcing the restartHenning Brauer
capability is enabled, not when annoucing the refresh capability is enabled... Alex Hunsaker <badalex@gmail.com> ran into that issue
2006-09-19make buffer_grow always return a valid struct buf; the contained bufferHenning Brauer
might be NULL on realloc failure tho. all users check buffer size before using the buffer, so this is not a problem. makes error handling much easier. ease the capabilities code big time. claudio ok
2006-08-27in the restart capability (that we do not actually send yet), set theHenning Brauer
MSB in the first byte, not the LSB to indicate the peer must not wait before sending us updates
2006-08-27fix a small logic botch in session_accept() in the fast reconnect logic,Henning Brauer
to check wether a session was put in IDLE manually by the operator or by bgpd itself as result of a fatal session error we were looking at the wrong timer, claudio ok
2006-08-27add code to announce the restart capability according toHenning Brauer
draft-ietf-idr-restart. Do not announce actual restart capabilities, so that this only serves as indicator that we are capable of sending and receiving the End-of-RIB marker. leave disabled for now, since the code to actually send the EoR-marker is currently ifdef'd out (to be fixed soon) and we wanna play safe for 4.0. and juniper doesn't support that capability (which is not a problem per se) and at the same time has its capability negotiation code completely fucked up, if a capability is rejected they don't indicate WHICH capability they reject (which makes that a problem, tho still a small one and we cope). claudio ok
2006-08-27missing htons() in session_rrefresh()Henning Brauer
no surprise sending route refresh requests didn't work on my i386 routers, i think I originally hacked & tested this on sparc64
2006-08-27change how we advertise capabilities.Henning Brauer
we used to put all capability attributes into one optional attribute. this is legal. I recentlu observed that basically all other implementations use one optional attribute per capability attribute. this difference might explain why we - in some cases - saw "unsupoorted capabiliy" notifications from neighbors without the capability in question in the data part. of course that makes capability negotiation a little hard... so switch us to use one optional attribute per capability as well, and ease the code a bit while there, claudio ok
2006-08-04add "restart" to max-prefix, allows sessions suspended due to reachingHenning Brauer
max-prefix to be restarted automagically after a given number of minutes requested by "Sylwester S. Biernacki" <obeer@obeer.com>, manpage help jmc, ok claudio
2006-07-30there's a nasty little race condition when the neigbor reached max-prefixHenning Brauer
and at the same time there is messages from him in the socket buffer, because we process the imsgs from the RDE (which tells us max-prefix was reached) first, and put the session to IDLE, close connection and deallocate buffers. if we then try to read from the socket and write to the deallocated buffer we crash, of course. so check wether we have a buffer before reading. crash seen and fix tested by "Sylwester S. Biernacki" <obeer@obeer.com>
2006-07-28factor out the code to build bgp messages, ok claudio a long time agoHenning Brauer
2006-06-18fix a commentHenning Brauer
2006-06-18make cloned sessions appear with RECONF_REINIT so they are treated likeHenning Brauer
peers added at runtime
2006-06-17implement carp demotion control for bgpd.Henning Brauer
sessions can be configured to modify the carp demotion counter for a given interface group (usually, "carp", which has all carp interfaces) when the session is not established. once the session is established for 60 seconds, the demotion is cleared. this, used correctly, can prevent a bgpd-box which lost all sessions (and thus has no routes) to be carp master, while the backup has sessions. thought through and partially hacked on a drive from calgary to vancouver with ryan, ok claudio
2006-06-12in session_setup_socket(), to take address family dependent actionHenning Brauer
(set v4 TTL/v6 hoplimit, v4 TOS), do not look at remote sockaddr's af, since that is not set at the first connection attempt yet. instead, use the configured remote address' af. problem spotted & my fix tested by Leen Besselink <leen@consolejunkie.net>
2006-06-10back in the dark age, carp interfaces were very strange - and we had toHenning Brauer
detect them looking at their name, beginning with carp. these days, we can just check for the iftype to be IFT_CARP. wanted to do this for some time and kept forgetting. from the airplane over two weeks ago, forgotten in a secondary tree again...