summaryrefslogtreecommitdiff
path: root/usr.sbin/bgpd
AgeCommit message (Collapse)Author
2006-11-06fix pasto; only announce restart capability when announcing the restartHenning Brauer
capability is enabled, not when annoucing the refresh capability is enabled... Alex Hunsaker <badalex@gmail.com> ran into that issue
2006-10-26 * make sure we keep copies of everything we need toHenning Brauer
* remove SAs and flows later again, even if the * configuration info changed due to reload. * We need: SPIs, method, local_addr, remote_addr. * remote_addr cannot change, so no copy. with this, I have just migrated a session from tcp md5sig to ipsec esp ike, just with bgpctl reload (both sides) followed by bgpctl neighbor $foo clear (just one side)! claudio ok
2006-10-26storing the dynamically acquired SPIs for tcpmd5 inside the conf structHenning Brauer
is not such a good idea - it gets nulled on config reloads, and thus we fail to clear the old SAs when the session is restarted after a config reload occured. obvious solution: store the SPIs outside the config area. ok claudio
2006-10-25use strtonum, Pierre-Yves Ritschard <pyr@spootnik.org>Henning Brauer
2006-09-19make buffer_grow always return a valid struct buf; the contained bufferHenning Brauer
might be NULL on realloc failure tho. all users check buffer size before using the buffer, so this is not a problem. makes error handling much easier. ease the capabilities code big time. claudio ok
2006-09-19when the neighbor announced the restart capability, send the end-of-ribHenning Brauer
marker after a bulk transfer, claudio ok
2006-09-19save the parser state in one big struct, and make it interchangable, akaHenning Brauer
make the parser restartable. with that implement "include" file support. makes life a _lot_ easier with filter generation tools. claudio ok
2006-09-19kill useless debug code that somehow snuck in, some 2 years ago...Henning Brauer
2006-09-12for apps which use interface groups, point to the section ofJason McIntyre
ifconfig(8) where they are explained; ok mcbride mpf henning
2006-08-31knock out the cpp/m4 stuff from MACROS; after discussion with many...Jason McIntyre
2006-08-30writing to the pfkey socket can give EAGAIN and we must retry.Henning Brauer
ok claudio hshoexer deraadt
2006-08-28use Forwarding Information Base vs. Forward Information Base;Kevin Steves
ok jmc@ claudio@
2006-08-27in the restart capability (that we do not actually send yet), set theHenning Brauer
MSB in the first byte, not the LSB to indicate the peer must not wait before sending us updates
2006-08-27fix a small logic botch in session_accept() in the fast reconnect logic,Henning Brauer
to check wether a session was put in IDLE manually by the operator or by bgpd itself as result of a fatal session error we were looking at the wrong timer, claudio ok
2006-08-27add code to announce the restart capability according toHenning Brauer
draft-ietf-idr-restart. Do not announce actual restart capabilities, so that this only serves as indicator that we are capable of sending and receiving the End-of-RIB marker. leave disabled for now, since the code to actually send the EoR-marker is currently ifdef'd out (to be fixed soon) and we wanna play safe for 4.0. and juniper doesn't support that capability (which is not a problem per se) and at the same time has its capability negotiation code completely fucked up, if a capability is rejected they don't indicate WHICH capability they reject (which makes that a problem, tho still a small one and we cope). claudio ok
2006-08-27missing htons() in session_rrefresh()Henning Brauer
no surprise sending route refresh requests didn't work on my i386 routers, i think I originally hacked & tested this on sparc64
2006-08-27change how we advertise capabilities.Henning Brauer
we used to put all capability attributes into one optional attribute. this is legal. I recentlu observed that basically all other implementations use one optional attribute per capability attribute. this difference might explain why we - in some cases - saw "unsupoorted capabiliy" notifications from neighbors without the capability in question in the data part. of course that makes capability negotiation a little hard... so switch us to use one optional attribute per capability as well, and ease the code a bit while there, claudio ok
2006-08-27add buf_grow() to grow an existing buffer (realloc), claudio okHenning Brauer
2006-08-23Extend show rib interface code so that it is possible to show the adj-rib-inClaudio Jeker
and adj-rib-out. Additionally it is now possible to limit the output to a specified peer. OK henning@
2006-08-22do not send the empty UPDATE message as End-of-RIB marker yet, JuniperHenning Brauer
doesn't handle it correctly. found out the hard way by me :( Note: This is a clear protocol violation by juniper. Nontheless we need to be interoperate correctly...
2006-08-14after a bulk transfer (initial or caused by route refresh request),Henning Brauer
send an "empty" UPDATE message, used as End-of-RIB marker for implementions understanding this, ignored by anything else. see draft-ietf-idr-restart-13.txt, ok claudio
2006-08-04add "restart" to max-prefix, allows sessions suspended due to reachingHenning Brauer
max-prefix to be restarted automagically after a given number of minutes requested by "Sylwester S. Biernacki" <obeer@obeer.com>, manpage help jmc, ok claudio
2006-08-03On startup in fetchtable() clean the routing table of all PROTO1 routes.Claudio Jeker
These may be leftovers from a crash or so and result in an strange behaving bgpd parent process additionally it causes huge CPU loads because of a linear list walk done on every insert. Code stolen from ospfd which does the same thing since a long time ago. This is a temporary fix until we have real routing priorities and all this PROTO1 flagging can be removed. PROTO1 is not exclusive to bgpd but for correct operation we currently need to enforce it. OK because it is only temporary henning@ Found and fix tested by Sylwester S. Biernacki
2006-07-30there's a nasty little race condition when the neigbor reached max-prefixHenning Brauer
and at the same time there is messages from him in the socket buffer, because we process the imsgs from the RDE (which tells us max-prefix was reached) first, and put the session to IDLE, close connection and deallocate buffers. if we then try to read from the socket and write to the deallocated buffer we crash, of course. so check wether we have a buffer before reading. crash seen and fix tested by "Sylwester S. Biernacki" <obeer@obeer.com>
2006-07-28factor out the code to build bgp messages, ok claudio a long time agoHenning Brauer
2006-06-19a little .Xr;Jason McIntyre
2006-06-19add -c to usage() and synopsis;Jason McIntyre
2006-06-19if at startup a given group has carpdemote == 0, we don't do carp demotion.Henning Brauer
now, once all sessions went to established, we start doing demotion, so that when one drops and has dmeotion enabled, we actually demote. ok claudio
2006-06-18fix a commentHenning Brauer
2006-06-18make cloned sessions appear with RECONF_REINIT so they are treated likeHenning Brauer
peers added at runtime
2006-06-17use the carp_demote_ioctl directly instead of carp_demote_set, ok claudioHenning Brauer
2006-06-17urgs, helps to commit everything, sorryHenning Brauer
2006-06-17implement carp demotion control for bgpd.Henning Brauer
sessions can be configured to modify the carp demotion counter for a given interface group (usually, "carp", which has all carp interfaces) when the session is not established. once the session is established for 60 seconds, the demotion is cleared. this, used correctly, can prevent a bgpd-box which lost all sessions (and thus has no routes) to be carp master, while the backup has sessions. thought through and partially hacked on a drive from calgary to vancouver with ryan, ok claudio
2006-06-15Instead of passing three different kinds of arguments in show rib controlClaudio Jeker
request use one struct ctl_show_rib_request where all the info is encoded. OK henning@
2006-06-14Send bot nexthops (exit and true) in the bgpctl show rib cases. bgpctlClaudio Jeker
can than select which nexthop should be printed. OK henning@
2006-06-12in session_setup_socket(), to take address family dependent actionHenning Brauer
(set v4 TTL/v6 hoplimit, v4 TOS), do not look at remote sockaddr's af, since that is not set at the first connection attempt yet. instead, use the configured remote address' af. problem spotted & my fix tested by Leen Besselink <leen@consolejunkie.net>
2006-06-10back in the dark age, carp interfaces were very strange - and we had toHenning Brauer
detect them looking at their name, beginning with carp. these days, we can just check for the iftype to be IFT_CARP. wanted to do this for some time and kept forgetting. from the airplane over two weeks ago, forgotten in a secondary tree again...
2006-06-01Copy the pftableid in path_copy and correctly do the ref/unref dance inClaudio Jeker
path_copy and path_put. Diff from Kevin Brintnall, looks good henning@
2006-05-31Plug memory leaks in error path; ok henning@Patrick Latifi
2006-05-28Even better nexthop delete behaviour. Do not delete nexthop if they are usedClaudio Jeker
by filter sets or if the nexthop is currently looked up. With this the "nexthop_update: non-existent nexthop" warning should be history. OK henning@
2006-05-28Preload and pin nexthop used in filtersets so the are validiated when used.Claudio Jeker
This will fix problems with set nexthop on outgoing filters. Found by gluk@ OK henning@
2006-05-27Pass a IMSG_CTL_RESULT messgae back to bgpctl on reloads to indicate ifClaudio Jeker
the reload was successful or not. OK henning@
2006-05-27if the pid given to imsg_create is 0, use the pid sored in the ibuf (whichHenning Brauer
is the current process' pid). fixes blocking with concurrent bgpctl instances... oups. surprised we missed that earlier, the pid stuff was only ever added for that purposed, but we missed to set the pid. gigantic oups. with & ok claudio
2006-05-27Cleanup with lint. Make the poll fd indexes unsigned and because of thatClaudio Jeker
control_accept should also return a unsigned int. Remove old prototype.
2006-05-27Unfuck community delete. The if () statement to match communities was FUBARClaudio Jeker
instead reverse logic and use the same if statement as in the match function. Issue found and debugged by Leen Besselink. Thanks.
2006-05-27Move prinitng of communities into own function so that special communitiesClaudio Jeker
like "*" or "neighbor-as" is printed correctly. Issue noticed by Leen Besselink.
2006-05-26let us not talk about ipsecadm and vpn anymore; ok reykTheo de Raadt
2006-05-26\<char> is <char> except for \<newline> -- no exceptions. much like howTheo de Raadt
other things work. ok henning
2006-05-23allow bgpd to request a route refresh from a neighbor if that neighborHenning Brauer
announced route refresh capabilities
2006-05-02The pftable name to ID functions should use the pftable_labels list and notClaudio Jeker
the rt_labels list. Luckily this bug was not visible because of the way the pftable and rtlabel code works. Found by Thomas E. Spanjaard.