| Age | Commit message (Collapse) | Author |
|---|
|
|
|
Network Announcements. Move stuff accordingly and add some missing bits.
Input and OK sthen@ OK benno@ just push ahead jmc@
|
|
OK claudio@
|
|
With input from claudio@, sthen@ and jmc@
OK claudio@ sthen@
|
|
OK denis@ claudio@
|
|
OK claudio@
|
|
Bug report from Jon Williams, jon AT jonwillia DOT ms, thanks.
ok claudio@
|
|
roa-set for RPKI based origin validation and a origin-set which allows to
lookup a source-as / prefix pair.
For RPKI a config can be built like this:
roa-set {
165.254.255.0/24 source-as 15562
193.0.0.0/21 maxlen 24 source-as 3333
}
deny from any ovs invalid
match from any ovs valid set community local-as:42
match from any ovs not-found set community local-as:43
Origin sets are similar but only match when the source-as / prefix pair is
valid.
match from any origin-set ARINDB set community local-as:44
Committing this now so that further work can be done in tree.
OK benno@, job@
|
|
potentially much bigger. In bad cases the SE activated the config way
before the RDE which is not ideal. Introduce IMSG_RECONF_DRAIN which
acts as a barrier and ensures that both childs got all the config.
Only after that the IMSG_RECONF_DONE message is sent activating
the config in the childs more or less simultaneous.
OK benno@
|
|
which prefixes were sent out as UPDATE. At withdraw time the RB tree can be
consulted to know if the withdraw actually needs to be sent to the peer.
This replaces the faulty heuristic that was used before and caused either
that unneeded withdraw to be sent or in the worst case failing to send a
necessary withdraw resulting in stuck routes.
OK benno@
|
|
|
|
ok claudio@
|
|
soon. OK compiler and grep
|
|
withdraw were suddenly filtered out because the filter ran into the
default deny. So for this case (state == NULL) change action to default
allow. This bug was haunting bgpd for a while now causing prefixes to be
stuck for no obvious reason.
OK benno@, sthen@
|
|
checking that a source_as / maxlen combo actually fits.
Fixes regress test.
|
|
that it is actually AS_SEQUENCE. No functional change those are the only
two types bgpd supports here.
|
|
|
|
goes in now since it fixes a real issue.
|
|
number of elements is used as size which is always wrong.
|
|
This simplifies host() and merges host_v{4,6}() into host_ip() as recently
done for pfctl and ntpd.
Tested and OK denis, OK deraadt, "go ahead" benno
|
|
AS 0 and adjust yyerror message to print the right number.
With input and OK denis@
|
|
OK denis@
|
|
is now also used by roa-set. Also set the prefix operation for roa-set
items to OP_NONE since that what it actually needs to be.
|
|
This is sharing a lot of code with prefixset which makes all a bit easier.
A roa-set is defined like this:
roa-set "test2" {
1.2.3.0/24 source-as 1,
1.2.8.0/22 maxlen 24 source-as 3
}
No support for acting on this data yet.
Put it in deraadt@, OK benno@, input and OK denis@
|
|
the lookup and will now also be used in roa-set tries. The as_set is glue
to add the name and dirty flag. Add an accessor to get the set data so
that the imsg sending and printing can be moved into the right places.
This is done mainly because roa-sets need similar but slightly different
versions and making the code more generic is the best way fixing this.
OK benno@
|
|
|
|
on duplicates (which are only reported) but is needed as a preparation step
for roa-sets.
OK benno@ denis@
|
|
seg_len instead. Since seg_len is known early move the check up.
Found while hunting for the other bug in aspath_verify.
|
|
unallocated memory while looking for AS 0.
Found by and debugged with Aaron A. Glenn. Thanks a lot.
|
|
to the RDE is valid. The SE is stopping all sessions on exit and so
session_stop() is called which will send an imsg to the RDE which is no
longer there. Instead of fixing just one call fix all. Now the SE should
no longer crash when the RDE crashes.
OK sthen@
|
|
|
|
proper ROA checking. There is a new match function trie_roa_check which
does a trie traversal and looks for candidates and matches. If prefix
is not covered then ROA_UNKNOWN is returned, if prefix is covered by an
entry it will return ROA_INVALID unless the source-as / maxlen combo is
matching (ROA_VALID).
OK and input sthen@
|
|
|
|
requirement is that the first value of the struct is a 32bit ID which is
used in the bsearch. This allows to add more than just as numbers to a
set. as_set_match now returns a pointer to this data or NULL if not found.
OK benno@
|
|
This is better. There is no need to check for the prefix length p->len.
|
|
Makes all a bit nicer and as an added bonus fixes a memory leak.
OK phessler@
|
|
In the end this is just another way to specify a prefixlen range
and kind of an or-longer case with an upper limit.
So these two prefix statements are equivalent:
prefix 10.0.0.0/8 prefixlen 8 - 24
prefix 10.0.0.0/8 maxlen 24
While there also make 'prefixlen = 17' a OP_RANGE and because of that also
usable in prefix-set tables. Finally adjust printconf.c for those to
changes to print them nicely.
OK phessler@
|
|
OK claudio@
|
|
source == NULL, avoiding a possible crash introduced yesterday.
ok claudio@
|
|
|
|
for those because shift/reduce issues in the list with optional commas.
OK benno@
|
|
|
|
case in the switch statement. Found by denis@ and fix proposed by sthen@
|
|
|
|
shit/reduce confilcts which need to be resolved first.
|
|
|
|
the keyword and "{". In this case it is 'set {'.
Newlines afterwards are accepted.
|
|
|
|
handling. In expansion lists we want that commas and newlines are allowed
but optional. In the neighbor, group and rdomain blocks statements need to
be newline separated but neighbor 192.0.2.3 { descr "test-peer" } is allowed.
OK sthen@ benno@
|
|
benno@ agrees, OK compiler
|
