Age | Commit message (Collapse) | Author |
|
the SE. This got more important since we use the reload all the time now.
Found out the hard way and fix tested by Laurent CARON
|
|
a config reload as first step in bootup. This allows childs to start with
an empty config and a lot of special cleanup code can bite the dust.
Testing by myself and sthen@ with a few configs (more testing welcome).
Seems like a good idea henning@ & sthen@
|
|
flags. This makes a lot of code much easier since the comparison is now
trivial. Additionally calculate the negotiated capabilities for a session
in the SE and pass that and only that to the RDE. This makes the decisions
in the RDE a lot easier. OK henning@
|
|
more clear that going to idle state will stop everything and it is
necessary to start the IdleHold timer to restart sessions. OK henning@
|
|
else. Adds conversion functions to map AFI/SAFI and the Unix AF_ values
from and into AID used in bgpd. This is needed to support things like MPLS
VPN and other upcomming changes that need to play a lot with AFI/SAFI pairs.
Mostly mechanical change, henning@ has no particular issues with this.
Must go in so that I can continue working.
|
|
on the disk). Before the SE spinned and the RDE may even crash in these events.
Found by Elisa Jasinska. OK henning@
|
|
capabilities are now encoded in a single capability option.
RFC conforming BGP implementations must be able to parse both the old
and the new way of the encoding (most still seem to use the old one).
bgpd still accepts both ways on reception. OK henning, sthen
|
|
|
|
The other side should now see why a session was dropped. e.g:
bgpd: ... received notification: Cease, administratively down
OK henning
|
|
template neighbor because the AS was set before the 4-byte one was parsed.
While there force enforce neighbor-as to no for iBGP peers.
Found and fix tested by Matthias Cramer (cramer (at) swissix.ch)
OK henning@, sthen@
|
|
getpeerbyip() initializes the full peer and so there is no need to
do the work a second time -- especially since there it was already
in the wrong state resulting in strange behaviour. OK henning@
|
|
Currently the receiver fetches an imsg via imsg_get() and if he expects
an fd, he then calls imsg_get_fd() to fetch the next fd queued on the
imsgbuf from which the imsg came.
This changes hides the fd queueing mechanism to the API user. When closing
an imsg with an fd, the message is flagged so that the receiving end knows
it must dequeue the fd in imsg_get() and return it with the imsg structure.
This way there is no (less) possible screw up from imsg_get_fd() not being
called directly after imsg_get() by the user. The retreived imsg is
self-contained.
ok pyr@, "I like that" henning@
|
|
ok claudio@ pyr@
|
|
Still a bit hackish, reload is missing and printconf as well. Looks good h@
|
|
this can be used to decrease the failover time in specific carp'ed
IBGP setups.
ok henning@
|
|
dumps that were wrong because of the 4byte AS support. Dumps I took seemed
to work so far. "Put it in" henning@
|
|
peers ended up in most mrt dumps. Also switch the if-statements to a hopefully
easier to read version. Another mrt fix from my flight home.
OK henning@
|
|
use conf->as as source for > 16bit AS numbers. OK henning.
|
|
an own version. More cleanup to come.
|
|
code much easier to write. OK henning@ some time ago.
|
|
a while, we can now just use a timer (since i rewrote the timer code)
|
|
some kind of VPN stuff
|
|
|
|
timer, just get the first off the queue and check wether it is due
|
|
so that the timer that will expire first is always the first element,
and so on). will make the checking a bit faster and moreelegant and more
conveniant. ok claudio
|
|
next timer expires.
use that in the session engine's mainloop, which simplifies it and
removes the last bits of timer internals knowledge from anywhere outside
timer.c.
|
|
instead of timer_get and checking manually
|
|
stop changing tienmr values directly, always use new
timer_(get/set/stop/running) functions. preparation for more to come :)
ok claudio
|
|
reloading.
``yeah that is good'' henning@
|
|
4. OK henning@
|
|
version 13.
|
|
are now 4-byte instead of the old 2-byte numbers. The only exception are
communities because they can not be switched. The RDE will inflate and deflate
the ASPATH and AGGREGATOR attributes on demand and create the NEW_ASPATH and
NEW_AGGREGATOR field whenever needed. Both old and new stile sessions are
supported and can be mixed. Currently new stile sessions with the 4-byte AS
number capability turned on are only enabled if one of the AS numbers involved
is a 4-byte one.
This is based on an initial diff by Geoff Huston gih (at) apnic (dot) net
Cleanup, testing and bug-fixes by myself (via AS 3.10).
Currently mrt table dumps are producing incompatible output this will be fixed
afterwards -- this diff is already big enough.
"get it in if you think it is ready" henning@
|
|
IPV6_UNICAST_HOPS which does the same thing and does not fail.
OK henning@ found by Jon Morby
|
|
|
|
|
|
to work on INET6...
non-fatal error, so in pratice this just avoids a misleading error msg
|
|
- dedicated pipe between the SE and the RDE for control messages
- restartable RB tree dumps in the RDE
- queuing limits both in the SE and RDE
The result is a dramatic decrease of memory consumption on operations like
bgpctl show rib. Previously all messages where first stored in the RDE
then passed to the SE where they got queued in case bgpctl was not fast enough.
Now only a small number of messages is generated and passed to the SE and
the SE has an additional limit instead of acting like an infinite buffer.
Without this the bgpd on bgpd.networx.ch would not survive a single minute.
looks good henning@
|
|
|
|
they call it "Generalized TTL Security Mechanism" officially, RFC 3682.
manpage with help from jmc
|
|
state, if known by the driver. this is required to check the full
duplex state without depending on the ifmedia ioctl which can't be
called in the kernel without process context.
ok henning@, brad@
|
|
capability is enabled, not when annoucing the refresh capability is
enabled...
Alex Hunsaker <badalex@gmail.com> ran into that issue
|
|
might be NULL on realloc failure tho. all users check buffer size before
using the buffer, so this is not a problem.
makes error handling much easier. ease the capabilities code big time.
claudio ok
|
|
MSB in the first byte, not the LSB to indicate the peer must not wait
before sending us updates
|
|
to check wether a session was put in IDLE manually by the operator or
by bgpd itself as result of a fatal session error we were looking at the
wrong timer, claudio ok
|
|
draft-ietf-idr-restart. Do not announce actual restart capabilities,
so that this only serves as indicator that we are capable of sending
and receiving the End-of-RIB marker.
leave disabled for now, since the code to actually send the EoR-marker
is currently ifdef'd out (to be fixed soon) and we wanna play safe for
4.0. and juniper doesn't support that capability (which is not a problem
per se) and at the same time has its capability negotiation code completely
fucked up, if a capability is rejected they don't indicate WHICH capability
they reject (which makes that a problem, tho still a small one and we cope).
claudio ok
|
|
no surprise sending route refresh requests didn't work on my i386 routers,
i think I originally hacked & tested this on sparc64
|
|
we used to put all capability attributes into one optional attribute. this
is legal.
I recentlu observed that basically all other implementations use one
optional attribute per capability attribute. this difference might explain
why we - in some cases - saw "unsupoorted capabiliy" notifications from
neighbors without the capability in question in the data part. of course
that makes capability negotiation a little hard...
so switch us to use one optional attribute per capability as well, and
ease the code a bit while there, claudio ok
|
|
max-prefix to be restarted automagically after a given number of minutes
requested by "Sylwester S. Biernacki" <obeer@obeer.com>, manpage help jmc,
ok claudio
|
|
and at the same time there is messages from him in the socket buffer,
because we process the imsgs from the RDE (which tells us max-prefix was
reached) first, and put the session to IDLE, close connection and
deallocate buffers. if we then try to read from the socket and write to the
deallocated buffer we crash, of course. so check wether we have a buffer
before reading.
crash seen and fix tested by "Sylwester S. Biernacki" <obeer@obeer.com>
|
|
|