| Age | Commit message (Collapse) | Author |
|---|
|
for IMSG_CTL_SHOW_RIB_ATTR. Also drop the attr_optlen() usage in
imsg_create() since it is not stricly needed. With this attr_optlen
follows the path of the dodo.
OK tb@
|
|
OK tb@
|
|
On multipath routes the check ended up checking the wrong route for the
nexthop update. This resulted in a use-after-free in kroute_detach_nexthop().
This only affects IPv6 in the IPv4 code path the right object was already used.
Thanks to sthen@ for providing the debug information to track this down.
OK sthen@ tb@
|
|
the remaining data around.
There is an improbable case where a NOTIFICATION is received while also
reaching the MSG_PROCESS_LIMIT. In this case rbuf is NULL when breaking
out of the for loop and hitting this code.
sthen@ is the (un)lucky person to hit that improbable case
OK tb@ sthen@
|
|
Up until recently filterset_copy() was only used in the parent process
where none of those references exist but by using filterset_copy() in
the RDE to populate per-peer output filters the code needs to handle
such references. Without this rules like 'match to any set nexthop X'
will cause internal corruption on config reloads and session resets.
Bug report from Marko Cupac (marko.cupac (at) mimar.rs)
OK tb@
|
|
OK tb@
|
|
setting the size to 64k was increasing the size but now auto-scaling
could grow the buffer size much more. The origianl idea was that sessions
without protection had a small window size to make window attacks
harder. This problem was fixed long time ago and is no longer relevant.
Limiting the buffer size to a reasonable size ensures that not too many
updates end up queued in the TCP stack.
OK benno@ (some time ago)
|
|
|
|
Right now these are not reachable. Should also clear some gcc warnings.
OK tb@
|
|
Needed for bison.
|
|
prefix/rib dump functions.
OK tb@
|
|
introduced with flowspec.
OK tb@
|
|
|
|
OK tb@
|
|
ASPA provider AS sets can include optional limitations to inet/inet6 these
limits are represented in the TAS_AID bit masks (2bits per AS).
Introduce a TAS_AID_SIZE() makro that returns the size in bytes of this
bit mask (rounded to the next uint32_t).
Without this change aspa objects with AID specific elements trigger a
fatal error condition when the config is loaded.
OK tb@ job@
|
|
IMSG_FLOWSPEC_ADD and IMSG_FLOWSPEC_REMOVE received from bgpctl via SE.
OK tb@
|
|
Input and OK jmc@ tb@
|
|
order.
|
|
and Loc-RIB. Flowspec objects are collected in a single flowrib RIB
and then directly distributed into the various Adj-RIB-Outs.
For this to work add a bypass in the filter logic (flowspec AFI/SAFI
are currently accepted without any rule). The filter language lacks
a way to allow prefixes based on AFI/SAFI which is the minimum needed.
OK tb@
|
|
In flowspec_cmp() make sure a deterministic sort is possible. Most error
cases are unreachable if flowspec NLRI are validated first (flowspec_valid).
In flowspec_valid() replace the assert like check with an error return.
OK tb@
|
|
In general people should use table-v2 which handles flowspec just fine.
OK tb@
|
|
Flowspec has no nexthop so adjust up_prep_adjout() to handle a NULL nexthop.
Add the MP_REACH encoding in up_generate_mp_reach for flowspec.
OK tb@
|
|
process tracks which prefixes are added / removed and issues the
corresponding imsg calls.
Right now the RDE does nothing with the received information.
OK tb@
|
|
Introduce pt_get_flow() and pt_add_flow() to lookup and insert flowspec
objects. Add pt_getflowspec() which works somewhat similar to pt_getaddr()
to extract the flowspec NLRI from a pt_entry.
Make pt_getaddr() to return the destination prefix of the flowspec rule and
handle flowspec in pt_write().
OK tb@
|
|
|
|
with the parser but that is for a later time to fix.
OK tb@
|
|
This fixes a few KNF issues and ugly line wrapping by using a local
version of nitems(); fix two bsearch() on top.
ok claudio
|
|
pfctl, in bgpd flowspec rules are written like pf rules (with a few
exceptions / extensions). As a result not all flowspec features are
available but that is OK.
OK tb@
|
|
RB trees. Mainly RB_FOREACH() walks form RB_MIN to RB_MAX so the most
preferred entry should be at RB_MIN.
OK tb@
|
|
Flowspec is excessivly flexible and large so there is no way to convert
the flowspec data into a struct bgpd_addr and it is better to keep it in
wireformat and add a few functions to validate and extract information
from the NLRI encoding.
OK tb@
|
|
call imsg_compose() and be done with it.
OK tb@
|
|
Add rib_get_addr() to behave like rib_get() did before.
OK tb@
|
|
OK tb@
|
|
OK tb@
|
|
network rules up into the grammar and switch the order of restricted
to be more like the rest.
OK tb@
|
|
connection with SAFI 133. Right now any sent UPDATE with SAFI 133 is
simply ignored. At the moment SAFI 134 (flowspec for L3VPN) is unsupported.
OK tb@
|
|
copy the data out.
OK tb@
|
|
|
|
Increase the refcnt to a 32bit int and while there reorder the vpn
specific structs a bit so the IPv4 and IPv6 types are more equal.
OK tb@
|
|
|
|
as argument instead of the bgpd_addr + prefixlen.
Do the same with prefix_adjout_update but leave prefix_adjout_lookup
and prefix_adjout_match since those are used by bgpctl code that does
not use pt_entry structs.
With this most of the update code no longer needs struct bgpd_addr and
pt_getaddr().
OK tb@
|
|
if pt_ref is called on such a pt_entry. Set refcnt to 0 in pt_alloc
since the value from pt_fill is copied over.
OK tb@
|
|
prefix_write() rename prefix_write() to pt_write() and pass a pt_entry to
the function. Removes an extra conversion step.
OK tb@
|
|
by that make them private. Remove no longer used AID_PTSIZE define.
OK tb@
|
|
sessions to leak into the RDE via rtr_recalc. Only run rtr_recalc when
the last or only RTR session is done with the update. Run a new timer
along to ensure that the semaphore is not hold forever. The timeout
is currently a very generous 60sec, no RTR cache should be that slow.
OK tb@
|
|
OK tb@
|
|
Especially flowspec "prefixes" are variable size and so using a static
buffer there is not going to work in the long run.
OK tb@
|
|
OK tb@ mbuhl@
|
|
|
|
Based on a report by cjt (melissa_cjt at 163.com)
OK tb@
|
