| Age | Commit message (Collapse) | Author |
|---|
|
|
|
they call it "Generalized TTL Security Mechanism" officially, RFC 3682.
manpage with help from jmc
|
|
state, if known by the driver. this is required to check the full
duplex state without depending on the ifmedia ioctl which can't be
called in the kernel without process context.
ok henning@, brad@
|
|
|
|
not 6 any more (rtableid added). need to tell sysctl so.
|
|
messages for any other tables.
real multi-table support is more adventurous (will come tho)
|
|
apparently from Jeff Rizzo <riz@NetBSD.org> via "Thomas E. Spanjaard"
<tgen@netphreax.net>, ok claudio
|
|
capability is enabled, not when annoucing the refresh capability is
enabled...
Alex Hunsaker <badalex@gmail.com> ran into that issue
|
|
* remove SAs and flows later again, even if the
* configuration info changed due to reload.
* We need: SPIs, method, local_addr, remote_addr.
* remote_addr cannot change, so no copy.
with this, I have just migrated a session from tcp md5sig to ipsec esp ike,
just with bgpctl reload (both sides) followed by bgpctl neighbor $foo clear
(just one side)!
claudio ok
|
|
is not such a good idea - it gets nulled on config reloads, and thus
we fail to clear the old SAs when the session is restarted after a config
reload occured. obvious solution: store the SPIs outside the config area.
ok claudio
|
|
|
|
might be NULL on realloc failure tho. all users check buffer size before
using the buffer, so this is not a problem.
makes error handling much easier. ease the capabilities code big time.
claudio ok
|
|
marker after a bulk transfer, claudio ok
|
|
make the parser restartable. with that implement "include" file support.
makes life a _lot_ easier with filter generation tools. claudio ok
|
|
|
|
ifconfig(8) where they are explained;
ok mcbride mpf henning
|
|
|
|
ok claudio hshoexer deraadt
|
|
ok jmc@ claudio@
|
|
MSB in the first byte, not the LSB to indicate the peer must not wait
before sending us updates
|
|
to check wether a session was put in IDLE manually by the operator or
by bgpd itself as result of a fatal session error we were looking at the
wrong timer, claudio ok
|
|
draft-ietf-idr-restart. Do not announce actual restart capabilities,
so that this only serves as indicator that we are capable of sending
and receiving the End-of-RIB marker.
leave disabled for now, since the code to actually send the EoR-marker
is currently ifdef'd out (to be fixed soon) and we wanna play safe for
4.0. and juniper doesn't support that capability (which is not a problem
per se) and at the same time has its capability negotiation code completely
fucked up, if a capability is rejected they don't indicate WHICH capability
they reject (which makes that a problem, tho still a small one and we cope).
claudio ok
|
|
no surprise sending route refresh requests didn't work on my i386 routers,
i think I originally hacked & tested this on sparc64
|
|
we used to put all capability attributes into one optional attribute. this
is legal.
I recentlu observed that basically all other implementations use one
optional attribute per capability attribute. this difference might explain
why we - in some cases - saw "unsupoorted capabiliy" notifications from
neighbors without the capability in question in the data part. of course
that makes capability negotiation a little hard...
so switch us to use one optional attribute per capability as well, and
ease the code a bit while there, claudio ok
|
|
|
|
and adj-rib-out. Additionally it is now possible to limit the output to a
specified peer. OK henning@
|
|
doesn't handle it correctly. found out the hard way by me :(
Note: This is a clear protocol violation by juniper. Nontheless we need
to be interoperate correctly...
|
|
send an "empty" UPDATE message, used as End-of-RIB marker for implementions
understanding this, ignored by anything else.
see draft-ietf-idr-restart-13.txt, ok claudio
|
|
max-prefix to be restarted automagically after a given number of minutes
requested by "Sylwester S. Biernacki" <obeer@obeer.com>, manpage help jmc,
ok claudio
|
|
These may be leftovers from a crash or so and result in an strange
behaving bgpd parent process additionally it causes huge CPU loads because
of a linear list walk done on every insert. Code stolen from ospfd which
does the same thing since a long time ago. This is a temporary fix until
we have real routing priorities and all this PROTO1 flagging can be removed.
PROTO1 is not exclusive to bgpd but for correct operation we currently need
to enforce it.
OK because it is only temporary henning@
Found and fix tested by Sylwester S. Biernacki
|
|
and at the same time there is messages from him in the socket buffer,
because we process the imsgs from the RDE (which tells us max-prefix was
reached) first, and put the session to IDLE, close connection and
deallocate buffers. if we then try to read from the socket and write to the
deallocated buffer we crash, of course. so check wether we have a buffer
before reading.
crash seen and fix tested by "Sylwester S. Biernacki" <obeer@obeer.com>
|
|
|
|
|
|
|
|
now, once all sessions went to established, we start doing demotion, so
that when one drops and has dmeotion enabled, we actually demote.
ok claudio
|
|
|
|
peers added at runtime
|
|
|
|
|
|
sessions can be configured to modify the carp demotion counter for a
given interface group (usually, "carp", which has all carp interfaces)
when the session is not established. once the session is established for
60 seconds, the demotion is cleared.
this, used correctly, can prevent a bgpd-box which lost all sessions (and
thus has no routes) to be carp master, while the backup has sessions.
thought through and partially hacked on a drive from calgary to vancouver
with ryan, ok claudio
|
|
request use one struct ctl_show_rib_request where all the info is encoded.
OK henning@
|
|
can than select which nexthop should be printed. OK henning@
|
|
(set v4 TTL/v6 hoplimit, v4 TOS), do not look at remote sockaddr's af,
since that is not set at the first connection attempt yet. instead, use
the configured remote address' af.
problem spotted & my fix tested by Leen Besselink <leen@consolejunkie.net>
|
|
detect them looking at their name, beginning with carp.
these days, we can just check for the iftype to be IFT_CARP.
wanted to do this for some time and kept forgetting. from the airplane over two
weeks ago, forgotten in a secondary tree again...
|
|
path_copy and path_put. Diff from Kevin Brintnall, looks good henning@
|
|
|
|
by filter sets or if the nexthop is currently looked up. With this the
"nexthop_update: non-existent nexthop" warning should be history. OK henning@
|
|
This will fix problems with set nexthop on outgoing filters. Found by
gluk@ OK henning@
|
|
the reload was successful or not. OK henning@
|
|
is the current process' pid). fixes blocking with concurrent bgpctl
instances... oups. surprised we missed that earlier, the pid stuff was only
ever added for that purposed, but we missed to set the pid. gigantic oups.
with & ok claudio
|
