| Age | Commit message (Collapse) | Author |
|---|
|
everywhere.
OK benno@
|
|
switch statement. This way common code is referenced only once.
OK sthen@
|
|
are processed in the Adj-RIB-Out this is no longer needed since the passed
in pointer is still referenced and is not allowed to be freed.
Adjust the mrt code similar to how up_generate_attr() uses aspath_deflate().
OK sthen@
|
|
because it included two extra bytes (copy-paste error from graceful restart).
|
|
|
|
can be enabled with 'announce enhanced refresh yes'
Similar to graceful restart this allows to mark routes as stale, refresh
them and the flush out routes that are still stale. Enhanced route refresh
uses a begin of rr and a end of rr message to signal the various stages.
A future enhancement would be the addition of a timeout in case the EoRR
message is not sent in reasonable time.
OK denis@ job@
|
|
and use it in the two places that need to keep in sync.
OK sthen@
|
|
rde_up_dump_upcall(). This is the 4th place up_generate_updates() is
called.
|
|
to rde_generate_updates() but forgot to add the same checks to
rde_softreconfig_out(). As a result a config reload could result in
prefixes for a not-negotiated address family to leak into the Adj-RIB-Out.
Adjust both rde_generate_updates() and rde_softreconfig_out() to use the
same filter logic.
Also adjust rde_up_flush_upcall() to pass the peer as argument instead of
using prefix_peer(). The up_generate_updates() call there does not need
any filtering since the walker runs on the Adj-RIB-Out and just withdraws
everything.
OK job@ on a previous diff
|
|
OK job@
|
|
ones being sent out. Mainly prepend the ASPATH if needed and also change
the nexthop to the one being sent.
This should make the `bgpctl show rib out` output show the values the
peer receives.
OK job@
|
|
OK claudio@
|
|
When the RDE issues an UPDATE NOTIFICATION because of some fatal error
like max-prefix count reached the peer is put into state PEER_ERR by
rde_update_err() and all UDPDATEs that are still queued should be dropped.
Noticed and OK deraadt@, OK job@
|
|
hopefully better names peer_has_as4byte() and peer_accept_no_as_set().
Move them to rde_peer.c where all other peer functions live.
OK sthen@
|
|
|
|
sent (and also for which AFI/SAFI). Use a slightly better way to write
return if neither route-refresh nor enhanced route-refresh are on.
|
|
|
|
old prefix pointer is most probably NULL. If a secondary route is removed
the withdraw would not happen because old == NULL which skips the withdraw.
Access to old is only needed to extract the prefix. So instead extract the
prefix early and use it for both cases. So if 'rde evaluate all' is used
the code tries all prefixes and if none is allowed a withdraw is issued.
Problem noticed and fix tested by Pier Carlo Chiodi
|
|
when a new peer shows up or during a reload. Tracking this during runtime
just does not work reliably (especially for reloads).
Problem noticed and fix tested by Pier Carlo Chiodi
|
|
(RFC7313). This is the frist step toward this.
It adds the capability parsers for the two no capabilities, extends the
capability struct and adds the capability negotiation bits.
The route refresh message parser and generator are extended to support
the BoRR and EoRR message. Also add the new NOTIFICATION type and subtype
for the route refresh message.
|
|
state is preserved do the graceful restart dance. If graceful restart is off
or the forwarding state was not preserved flush the table.
|
|
Announce only the graceful restart capability header but do not include any
AFI / SAFI pairs. bgpd does not preserve its forwarding state over restarts
and only implements the "Procedures for the Receiving Speaker".
When calculating the negotiated capabilities do not override the peer
capabilities (AFI / SAFI bits), just make sure the negotiated bits are
cleared. With this the peer capabilities are properly shown in bgpctl.
|
|
prefix withdraw as required by RFC6793. Also update the documentation to
reference RFC6793 instead of the older 4893.
OK sthen@
|
|
right thing. This also fixes the bgpd -nv output for 'dump X {in,out}'
statements for peers.
Debugged with and tested by Paul de Weerd
|
|
If the limit is hit the request will be dropped and the rtr process will
retry the connect after the retry timeout. Hopefully by then the number of
connections is down again.
OK deraadt@ benno@
|
|
that capability. Change capa_neg_calc() to check always both the
ann(ounce) and peer capa struct to figure out what was negotiated.
This change affects route refersh and graceful restart (where before
setting the capability in the config to 'no' would not fully disable
the feature).
Also ignore and warn about unexpected route refresh messages.
OK benno@
|
|
|
|
a long time if the IP is not reachable and would block the main process
while doing so.
Problem noticed by Pier Carlo Chiodi
OK benno@
|
|
|
|
Add an extra reload barrier (IMSG_RECONF_DRAIN) to the sync of the peer
config from the session engine to the rde. Necessary to ensure that the
peer config is up to date in the RDE before hitting reconfiguration.
Store the export_type and the peer flags outside of peer->conf. Adjust all
users of these two fields so they only look at the copies in peer.
During reload check the values with the peer->conf to check for changes.
If the export_type or the rde evaluate or transparent-as flags changed
flush the Adj-RIB-Out for that peer and in a 2nd step rebuild the RIB from
scratch. This results in a lot of UPDATE churn but these configs are not
altered often.
Fix multiple issues in the rde_softreconfig_in_done handler that resulted
in multiple runs of the out stage of the softreconfig pipeline.
OK benno@
|
|
|
|
|
|
no capability was sent to the peer (this happens if the multiprotocol
capability got disabled). It is possible that local and remote systems end
up with no shared AFI/SAFI pair. In this case the connection will not send
or should not receive any UPDATE messages.
The previous behaviour of falling back to AID_INET in that case can result
in problematic behaviour when sessions are missconfigured.
OK benno@, deraadt@
|
|
bind. The len argument is modified by addr2sa but is also used as argument
in the call and it is undefined if the value of len in connect is set to
the value "returned" by addr2sa().
Should fix connect issues seen on Linux system.
OK denis@
|
|
|
|
OK job@
|
|
check needs to be done for iBGP sessions but not for eBGP sessions.
On conflict log an error and send a notification with ERR_OPEN_BGPID
suberror.
Reported by cjt (melissa_cjt at 163.com)
OK benno@
|
|
The right suberror is ERR_UPD_NEXTHOP.
Reported by cjt (melissa_cjt at 163.com)
OK benno@
|
|
|
|
non-existant peer; the bgpctl command exposes the error itself
ok claudio
|
|
|
|
tail pointer (pointer to last element) around and depending on the state
of the list insert at head or insert after tailp. Now gcc has a hard time
to realize that the tail pointer is not used uninitalized. So rewrite the
code to be more explicit about tailp handling (also rename the pointer
to be more explicit). All in all this should be more readable and silences
the gcc warning as well.
|
|
for origin-sets. Found by and reminder procter@
OK deraadt@
|
|
config file, writes bgpd's config to stdout and compares it with
an expected output. On big endian machines the order of the set
of communities is different. The parser used memcmp(3) to sort a
struct of integers. This depends of the endianess. The correct
way is to compare the integer fields in native byte order. With
this change, the resulting order is the same on i386 and powerpc64.
OK claudio@
|
|
ok kn
|
|
For nexthops it is fine if they point to NULL. This is used in local
announcements. Only if they point to a real struct the state must be
NEXTHOP_REACH.
Bug reported by and OK florian@
|
|
route-server environments.
By default only the best path is sent to peers and if that path is filtered
then the path is hidden for that peer. On route-servers this is sometimes
not desried. For this 'rde evaluate all' will cause the evaluation process
to fall back to alternate routes and will redistribute the first non-filtered
path to the peer. This is very similar to per-peer RIBs but accomplishes
the same effect without the massive increase in memory usage. Compared to
the default mode this requires more CPU resources but it is probably less
than what per-peer RIBs would require.
'rde evaluate all' can be set and reset globally, on groups and on idividual
neighbors. It is not limited to route-server configs but route loops are
possible if not properly used.
OK benno@
|
|
The RTR client runs in a new process where the protocol handling is done
and when new data is available all sources are merged into one ROA set
which is then loaded into the RDE. The roa-set from the config is also
handled by the new RTR engine.
Tested by and ok job@
|
|
of prefixes is always correct. The strict RFC4271 way of checking MED is
requires to check the neighbor AS and only do the check if the AS are equal.
Because of this it is possible that inserting or removing a route reshuffles
the total order.
prefix_cmp() was extended to return the location where the decision happened:
- 0 if the decision was before the MED comparison or med compare always is set
- 1 if the decision happened after the MED comparison
- 2 if the MED made caused the decision
With this the new functions prefix_insert() and prefix_remove() are able
to decide if more prefixes need to be evaluated (testall was not 0.) and
if prefixes need to be re-evaluated after this one was put (testall = 2).
There is a local redo list where prefixes where the MED resulted in a
reshuffle are put on. After the new prefix is inserted all prefixes on
the redo list are reinserted. Because now all affected MED routes get
reevaluated the order is always correct.
|
|
clean up FILES while here
ok claudio for the former
|
