Age | Commit message (Collapse) | Author |
|
|
|
to work on INET6...
non-fatal error, so in pratice this just avoids a misleading error msg
|
|
that source and destination match the actual traffic flow.
Found and initial diff by Adam Chappell (Adam.Chappell at interoute dot com)
|
|
|
|
|
|
This is an undocumented optimisation that fails with the introduction of
AS 23456 as placeholder for 4-byte ASN.
OK henning@
|
|
to understand. This is modeled after bgpctl's parse_prefix function.
OK henning@
|
|
|
|
With help from jmc@
|
|
for special stuff (4-byte AS support).
|
|
range check. Found while hacking on 4-byte AS support.
|
|
- dedicated pipe between the SE and the RDE for control messages
- restartable RB tree dumps in the RDE
- queuing limits both in the SE and RDE
The result is a dramatic decrease of memory consumption on operations like
bgpctl show rib. Previously all messages where first stored in the RDE
then passed to the SE where they got queued in case bgpctl was not fast enough.
Now only a small number of messages is generated and passed to the SE and
the SE has an additional limit instead of acting like an infinite buffer.
Without this the bgpd on bgpd.networx.ch would not survive a single minute.
looks good henning@
|
|
This is needed because the nexthop is not yet linked to the aspath attributes
and so a withdraw in the same update imsg could remove this nexthop which in
turn causes a use after free error when the prefix is added later on.
The order of parsing (attributes, withdraws, prefixes instead of withdraws,
attributes, prefixes) was reversed for multiprotocol support.
This should fix all strange nexthop crashes seen by various people.
Tested and OK henning@
|
|
|
|
Previously prefix changes of neighbors with softreconfig in disabled where
using prefix_add() instead of prefix_move(). Luckily prefix_add() has
additional logic to detect this case and calls prefix_move() itself.
This made backtraces of a totaly different issue so strange that I was
hunting a bug for weeks at the completely wrong spot. Doh!
|
|
pipes without the signal just fine. ok claudio
|
|
On some of my systems rde_shutdown() takes more than 3min doing nothing more
than calling free(3) over and over again.
|
|
less than 255 attributes can be allocated at max. OK claudio@
|
|
|
|
|
|
change. OK henning@
|
|
struct in6_addr later on. OK henning@
|
|
OK henning@
|
|
OK henning@
|
|
|
|
they call it "Generalized TTL Security Mechanism" officially, RFC 3682.
manpage with help from jmc
|
|
state, if known by the driver. this is required to check the full
duplex state without depending on the ifmedia ioctl which can't be
called in the kernel without process context.
ok henning@, brad@
|
|
|
|
not 6 any more (rtableid added). need to tell sysctl so.
|
|
messages for any other tables.
real multi-table support is more adventurous (will come tho)
|
|
apparently from Jeff Rizzo <riz@NetBSD.org> via "Thomas E. Spanjaard"
<tgen@netphreax.net>, ok claudio
|
|
capability is enabled, not when annoucing the refresh capability is
enabled...
Alex Hunsaker <badalex@gmail.com> ran into that issue
|
|
* remove SAs and flows later again, even if the
* configuration info changed due to reload.
* We need: SPIs, method, local_addr, remote_addr.
* remote_addr cannot change, so no copy.
with this, I have just migrated a session from tcp md5sig to ipsec esp ike,
just with bgpctl reload (both sides) followed by bgpctl neighbor $foo clear
(just one side)!
claudio ok
|
|
is not such a good idea - it gets nulled on config reloads, and thus
we fail to clear the old SAs when the session is restarted after a config
reload occured. obvious solution: store the SPIs outside the config area.
ok claudio
|
|
|
|
might be NULL on realloc failure tho. all users check buffer size before
using the buffer, so this is not a problem.
makes error handling much easier. ease the capabilities code big time.
claudio ok
|
|
marker after a bulk transfer, claudio ok
|
|
make the parser restartable. with that implement "include" file support.
makes life a _lot_ easier with filter generation tools. claudio ok
|
|
|
|
ifconfig(8) where they are explained;
ok mcbride mpf henning
|
|
|
|
ok claudio hshoexer deraadt
|
|
ok jmc@ claudio@
|
|
MSB in the first byte, not the LSB to indicate the peer must not wait
before sending us updates
|
|
to check wether a session was put in IDLE manually by the operator or
by bgpd itself as result of a fatal session error we were looking at the
wrong timer, claudio ok
|
|
draft-ietf-idr-restart. Do not announce actual restart capabilities,
so that this only serves as indicator that we are capable of sending
and receiving the End-of-RIB marker.
leave disabled for now, since the code to actually send the EoR-marker
is currently ifdef'd out (to be fixed soon) and we wanna play safe for
4.0. and juniper doesn't support that capability (which is not a problem
per se) and at the same time has its capability negotiation code completely
fucked up, if a capability is rejected they don't indicate WHICH capability
they reject (which makes that a problem, tho still a small one and we cope).
claudio ok
|
|
no surprise sending route refresh requests didn't work on my i386 routers,
i think I originally hacked & tested this on sparc64
|
|
we used to put all capability attributes into one optional attribute. this
is legal.
I recentlu observed that basically all other implementations use one
optional attribute per capability attribute. this difference might explain
why we - in some cases - saw "unsupoorted capabiliy" notifications from
neighbors without the capability in question in the data part. of course
that makes capability negotiation a little hard...
so switch us to use one optional attribute per capability as well, and
ease the code a bit while there, claudio ok
|
|
|
|
and adj-rib-out. Additionally it is now possible to limit the output to a
specified peer. OK henning@
|