summaryrefslogtreecommitdiff
path: root/usr.sbin/bgpd
AgeCommit message (Collapse)Author
2007-01-11Correct logic in path_update() so that moves are only done when needed.Claudio Jeker
Previously prefix changes of neighbors with softreconfig in disabled where using prefix_add() instead of prefix_move(). Luckily prefix_add() has additional logic to detect this case and calls prefix_move() itself. This made backtraces of a totaly different issue so strange that I was hunting a bug for weeks at the completely wrong spot. Doh!
2007-01-04ignore SIGPIPE, like the other 2 processes already do. we detect brokenHenning Brauer
pipes without the signal just fine. ok claudio
2007-01-04Do not run rde_shutdown() unless bgpd is started with -d.Claudio Jeker
On some of my systems rde_shutdown() takes more than 3min doing nothing more than calling free(3) over and over again.
2006-12-21Check for overflow of others_len. This can not happen at the moment becauseClaudio Jeker
less than 255 attributes can be allocated at max. OK claudio@
2006-12-18avoid p = realloc(p idiom, ok claudio, spotted deraadtHenning Brauer
2006-12-12Xr bgplg and bgplgsh;Jason McIntyre
2006-12-12Change nexthop_delete() to be more obvious what's going on. No functionalClaudio Jeker
change. OK henning@
2006-12-12Even IPv6 has a prefixlen limit. This ensures that we do not overflow theClaudio Jeker
struct in6_addr later on. OK henning@
2006-12-12In path_remove() remove only local prefixes from the pftable.Claudio Jeker
OK henning@
2006-12-12Kill peer_remove(). This function is only used once so inline it there.Claudio Jeker
OK henning@
2006-12-08no need for KAME_SCOPEID; just check __KAME__.Jun-ichiro itojun Hagino
2006-12-05implement the ttl security hack. since the pc slaves fear the word hack,Henning Brauer
they call it "Generalized TTL Security Mechanism" officially, RFC 3682. manpage with help from jmc
2006-11-28add additional link states to report the half duplex / full duplexReyk Floeter
state, if known by the driver. this is required to check the full duplex state without depending on the ifmedia ioctl which can't be called in the kernel without process context. ok henning@, brad@
2006-11-28allow bgpd to work on alternate routing tables, claudio ok, jmc manpage helpHenning Brauer
2006-11-28mib we pass to sysctl when fetching the routing table has 7 entries now,Henning Brauer
not 6 any more (rtableid added). need to tell sysctl so.
2006-11-16for now, make bgpd work with routing table 0 (main one) and ignore routingHenning Brauer
messages for any other tables. real multi-table support is more adventurous (will come tho)
2006-11-10char -> u_char in a few placesHenning Brauer
apparently from Jeff Rizzo <riz@NetBSD.org> via "Thomas E. Spanjaard" <tgen@netphreax.net>, ok claudio
2006-11-06fix pasto; only announce restart capability when announcing the restartHenning Brauer
capability is enabled, not when annoucing the refresh capability is enabled... Alex Hunsaker <badalex@gmail.com> ran into that issue
2006-10-26 * make sure we keep copies of everything we need toHenning Brauer
* remove SAs and flows later again, even if the * configuration info changed due to reload. * We need: SPIs, method, local_addr, remote_addr. * remote_addr cannot change, so no copy. with this, I have just migrated a session from tcp md5sig to ipsec esp ike, just with bgpctl reload (both sides) followed by bgpctl neighbor $foo clear (just one side)! claudio ok
2006-10-26storing the dynamically acquired SPIs for tcpmd5 inside the conf structHenning Brauer
is not such a good idea - it gets nulled on config reloads, and thus we fail to clear the old SAs when the session is restarted after a config reload occured. obvious solution: store the SPIs outside the config area. ok claudio
2006-10-25use strtonum, Pierre-Yves Ritschard <pyr@spootnik.org>Henning Brauer
2006-09-19make buffer_grow always return a valid struct buf; the contained bufferHenning Brauer
might be NULL on realloc failure tho. all users check buffer size before using the buffer, so this is not a problem. makes error handling much easier. ease the capabilities code big time. claudio ok
2006-09-19when the neighbor announced the restart capability, send the end-of-ribHenning Brauer
marker after a bulk transfer, claudio ok
2006-09-19save the parser state in one big struct, and make it interchangable, akaHenning Brauer
make the parser restartable. with that implement "include" file support. makes life a _lot_ easier with filter generation tools. claudio ok
2006-09-19kill useless debug code that somehow snuck in, some 2 years ago...Henning Brauer
2006-09-12for apps which use interface groups, point to the section ofJason McIntyre
ifconfig(8) where they are explained; ok mcbride mpf henning
2006-08-31knock out the cpp/m4 stuff from MACROS; after discussion with many...Jason McIntyre
2006-08-30writing to the pfkey socket can give EAGAIN and we must retry.Henning Brauer
ok claudio hshoexer deraadt
2006-08-28use Forwarding Information Base vs. Forward Information Base;Kevin Steves
ok jmc@ claudio@
2006-08-27in the restart capability (that we do not actually send yet), set theHenning Brauer
MSB in the first byte, not the LSB to indicate the peer must not wait before sending us updates
2006-08-27fix a small logic botch in session_accept() in the fast reconnect logic,Henning Brauer
to check wether a session was put in IDLE manually by the operator or by bgpd itself as result of a fatal session error we were looking at the wrong timer, claudio ok
2006-08-27add code to announce the restart capability according toHenning Brauer
draft-ietf-idr-restart. Do not announce actual restart capabilities, so that this only serves as indicator that we are capable of sending and receiving the End-of-RIB marker. leave disabled for now, since the code to actually send the EoR-marker is currently ifdef'd out (to be fixed soon) and we wanna play safe for 4.0. and juniper doesn't support that capability (which is not a problem per se) and at the same time has its capability negotiation code completely fucked up, if a capability is rejected they don't indicate WHICH capability they reject (which makes that a problem, tho still a small one and we cope). claudio ok
2006-08-27missing htons() in session_rrefresh()Henning Brauer
no surprise sending route refresh requests didn't work on my i386 routers, i think I originally hacked & tested this on sparc64
2006-08-27change how we advertise capabilities.Henning Brauer
we used to put all capability attributes into one optional attribute. this is legal. I recentlu observed that basically all other implementations use one optional attribute per capability attribute. this difference might explain why we - in some cases - saw "unsupoorted capabiliy" notifications from neighbors without the capability in question in the data part. of course that makes capability negotiation a little hard... so switch us to use one optional attribute per capability as well, and ease the code a bit while there, claudio ok
2006-08-27add buf_grow() to grow an existing buffer (realloc), claudio okHenning Brauer
2006-08-23Extend show rib interface code so that it is possible to show the adj-rib-inClaudio Jeker
and adj-rib-out. Additionally it is now possible to limit the output to a specified peer. OK henning@
2006-08-22do not send the empty UPDATE message as End-of-RIB marker yet, JuniperHenning Brauer
doesn't handle it correctly. found out the hard way by me :( Note: This is a clear protocol violation by juniper. Nontheless we need to be interoperate correctly...
2006-08-14after a bulk transfer (initial or caused by route refresh request),Henning Brauer
send an "empty" UPDATE message, used as End-of-RIB marker for implementions understanding this, ignored by anything else. see draft-ietf-idr-restart-13.txt, ok claudio
2006-08-04add "restart" to max-prefix, allows sessions suspended due to reachingHenning Brauer
max-prefix to be restarted automagically after a given number of minutes requested by "Sylwester S. Biernacki" <obeer@obeer.com>, manpage help jmc, ok claudio
2006-08-03On startup in fetchtable() clean the routing table of all PROTO1 routes.Claudio Jeker
These may be leftovers from a crash or so and result in an strange behaving bgpd parent process additionally it causes huge CPU loads because of a linear list walk done on every insert. Code stolen from ospfd which does the same thing since a long time ago. This is a temporary fix until we have real routing priorities and all this PROTO1 flagging can be removed. PROTO1 is not exclusive to bgpd but for correct operation we currently need to enforce it. OK because it is only temporary henning@ Found and fix tested by Sylwester S. Biernacki
2006-07-30there's a nasty little race condition when the neigbor reached max-prefixHenning Brauer
and at the same time there is messages from him in the socket buffer, because we process the imsgs from the RDE (which tells us max-prefix was reached) first, and put the session to IDLE, close connection and deallocate buffers. if we then try to read from the socket and write to the deallocated buffer we crash, of course. so check wether we have a buffer before reading. crash seen and fix tested by "Sylwester S. Biernacki" <obeer@obeer.com>
2006-07-28factor out the code to build bgp messages, ok claudio a long time agoHenning Brauer
2006-06-19a little .Xr;Jason McIntyre
2006-06-19add -c to usage() and synopsis;Jason McIntyre
2006-06-19if at startup a given group has carpdemote == 0, we don't do carp demotion.Henning Brauer
now, once all sessions went to established, we start doing demotion, so that when one drops and has dmeotion enabled, we actually demote. ok claudio
2006-06-18fix a commentHenning Brauer
2006-06-18make cloned sessions appear with RECONF_REINIT so they are treated likeHenning Brauer
peers added at runtime
2006-06-17use the carp_demote_ioctl directly instead of carp_demote_set, ok claudioHenning Brauer
2006-06-17urgs, helps to commit everything, sorryHenning Brauer
2006-06-17implement carp demotion control for bgpd.Henning Brauer
sessions can be configured to modify the carp demotion counter for a given interface group (usually, "carp", which has all carp interfaces) when the session is not established. once the session is established for 60 seconds, the demotion is cleared. this, used correctly, can prevent a bgpd-box which lost all sessions (and thus has no routes) to be carp master, while the backup has sessions. thought through and partially hacked on a drive from calgary to vancouver with ryan, ok claudio