| Age | Commit message (Collapse) | Author |
|---|
|
|
|
from Job Snijders
ok phessler@ benno@
|
|
in draft-ietf-grow-bgp-gshut
from Job Snijders
ok phessler@ benno@
|
|
from Job Snijders
ok phessler@ benno@
|
|
|
|
Based on a diff from Job Snijders
|
|
|
|
the IANA table to a somewhat more complete list. This includes BGP Prefix
Origin Validation State support via the ext-community ovs keyword.
OK henning@ benno@ based on a diff by Job Snijders
|
|
routes announced to an ebgp peer (ref. rfc4360). While here remove the
pratial flag from extended and large communities.
ok claudio@
|
|
add a bit about working with multiple bgpds in rdomains in bgpctl.
shouting from claudio@ and help from jmc@
|
|
aka UNKNOWN.
ok claudio@ phessler@ and henning helped along too
|
|
IMSG_CTL_SHOW_RIB_PREFIX case is not using rib_dump_r and so should not use
rde_dump_done, instead send the IMSG_CTL_END msg and free the ctx directly.
This is easier to understand.
|
|
the list in that case so don't try to LIST_REMOVE it.
Problem found by benno@
|
|
/var/run/bgpd.sock.<rdomain> in both bgpd and bgpctl. makes life
easier for admins.
ok phessler, claudio, henning, feedback from Job Snijders
|
|
OK deraadt@, henning@, sthen@, and everyone who has ever been annoyed
|
|
Req by and OK benno@
|
|
of LOG_CRIT (which should only be used for fatal).
OK benno@
|
|
send imsgs and so the SE and RDE crashed because of this late in shutdown.
OK benno@ phessler@
|
|
|
|
|
|
instead, use the rtable bgpd was started in (route -T <n> exec / rc.d
daemon_rtable) for nexthop verification and as default Adj-RIB-In and
Loc-RIB. This allows multiple bgpds in different rdomains on the same
machine - bgp router virtualization if you like buzzwords.
initial version written under contract more than a year ago, it took us
a while to wrap our brains around the bgpd <-> rdomain interactions -
1) RIBs, 2) nexthop verification and 3) tcp sockets.
ok & input phessler claudio benno
|
|
per control session and peer the generation of imsg in the RDE. This
reduces the memory pressure in the SE substantially and also a bit in
the RDE. Makes the RDE more responsive for bgpctl commands.
Tested by me with 100 peers * 2000 prefixes and by phessler@ on an AMS-IX
border router with 200+ session. Convergance time got quite a bit better.
OK phessler@
|
|
which is useful in very limited situations.
Angry dragons and grues will hunt for you, if you use it.
OK claudio@ sthen@ benno@
|
|
ok florian@ phessler@
|
|
OK claudio@
|
|
noticed by and OK claudio@
|
|
This is intended to be used for ASN migrations, not for permanent use.
You MUST use filters to protect yourself from receiving your own routes.
There be dragons and grues.
OK claudio@ benno@
|
|
"match in from any set community local-as:neighbor-as"
OK claudio@
|
|
|
|
Drop the session if it shows during OPEN or CAPA, or mark as invalid if
it is part of an Update.
required by RFC 7607
man page OK jmc@
OK florian@ benno@ claudio@
|
|
Diff from Denis Fondras, many thanks!
OK claudio@ phessler@
|
|
Diff from Denis Fondras, many thanks!
OK claudio@ phessler@
|
|
|
|
the RDE so that the code actually works.
Problem found and reported by Pier Carlo Chiodi (pierky at pierky com)
OK deraadt@
|
|
warn with the same severity. Switch log_warn() to LOG_ERR and keep
fatal() at LOG_CRIT.
OK reyk@ florian@
|
|
The previous commit (rev 1.47) added a missing htonl in pfkey_send() but
didn't add a corresponding ntohl in pfkey_reply(). This patch fixes this.
Found the hard way by benno@, who also suggested the rename of spip
to spi.
OK benno@ claudio@ henning@
|
|
Also, do not allow to configure SPI values in the 0..255 range. RFC 4302
and RFC 4303 say the following:
"The set of SPI values in the range 1 through 255 are reserved by the
Internet Assigned Numbers Authority (IANA) for future use; a reserved
SPI value will not normally be assigned by IANA unless the use of the
assigned SPI value is specified in an RFC. The SPI value of zero (0)
is reserved for local, implementation-specific use and MUST NOT be
sent on the wire".
ok and tweak benno@
|
|
|
|
"Administrative Shutdown" or "Administrative Reset"
patch submitted by Job Snijders, thanks!
|
|
struct rib and not rib_desc since the full descriptor is almost never needed.
This should now allow the update code to be changed.
|
|
of the id. For this we move the rtableid into struct rib. Also move the update
code in rib.c up to where the kroute code is. Makes more senses like that.
|
|
|
|
Doing this by folding the lock flag into a pointer and providing an accessor
function for the rib pointer. This is an acceptable middle path for this
important structure.
OK benno@ on an earlier version
|
|
there is still a little difference regarding handling of the verbosity
value that will be handled later.
ok claudio@ florian@
|
|
If you pass in crap then you will not get gold back.
|
|
While there also remove a comment that is since a few years at least.
OK gcc
|
|
This way the tree becomes a bit better decoupled.
|
|
how struct rib_entry is used.
|
|
|
|
|
