| Age | Commit message (Collapse) | Author |
|---|
|
case carp(4) interfaces anymore. LINK_STATE_IS_UP() almost always does
the right job.
OK deraadt@ henning@
This needs a -current kernel or link state may be not reported correctly.
|
|
the standard OpenBSD-style parse.y handle continuing lines with backslashes,
paying particular attention to how comments are handled (which can cause
nasty side-effects if you're not expecting it).
Most wording from jmc@, with suggestions from fgsch@, marc@, Richard Toohey,
patrick keshishian and Florian Obser, ok jmc@.
|
|
checking errs > 0 is not going to work... also make errs signed in 2 cases
triggered by Milosz Jakubowski <milosz.jakubowski at gmail.com> pointing out
a few cases, diff written from scratch to cover all of them. unsigned errs
noticed by sthen. ok claudio sthen
|
|
existing network element. First free the old filterset and then move
the new on top of it. This solves the reload issue with changing network
statements. OK henning@
|
|
|
|
"it's worth killing, if just to stop it being copied all over the place"
|
|
From: "Anthony J. Bentley" <anthonyjbentley at gmail dot com>
|
|
as an int. This way 4-byte ASes should be printed nicely.
OK deraadt@ henning@
|
|
start with the neighbor-as. makes finding the offender easier.
from Sebastian Benoit <benoit-lists at fb12.de>, claudio agrees
|
|
'enforce neighbor-as'; from Sebastian Benoit on tech@.
|
|
|
|
the needed bits
ok deraadt@, millert@
|
|
for NOFILE in the session engine.
OK henning, sthen@
|
|
time to consume broadcasted messages or the socket gets full and own
messages that are needed are lost. This fixes an infinit loop in
pfkey_reply that happens when bgpd tcp md5sum is used on a system that
also runs a larger IPsec setup.
OK henning, lot of patience, debuging and testing by Thomas Boernert
|
|
header. ATTR_UNDEF is still a bit strange though but at least it will now
parse and ignore such a freak attribute correctly.
|
|
will not leak into the Loc-RIB or other RIBs but act as withdraws.
The invalid prefixes would not been selected anyway but it is better
to keep them out of all RIBs but the Adj-RIB-In.
|
|
|
|
help to figure out the cause of flapping session faster.
OK henning@ sthen@
|
|
segments. Bgpd does not support confederations but it is too extreme
to close a session because a path contained such elements.
OK henning@, sthen@
|
|
by using calloc(). This fixes an issue where the RDE would start up
as route-collector because uninitialized memory made the RDE switch
to that mode.
OK henning@, sthen@, phessler@
|
|
pt out by cppcheck/jasper, ok sthen claudio
|
|
|
|
|
|
following misc@ discussion with Tony Sarendal. ok phessler@
|
|
reference in case attr_optadd() errors out.
Found by and diff provided by Igor Zinovik, OK henning@
|
|
should help identifying FSM errors since the state is know known.
OK henning@ sthen@
|
|
attributes are ignored or UPDATEs are invalidated and withdrawn.
While there use % to check if a attribute is a multiple of X.
OK henning@, sthen@
|
|
in the manual. Help from jmc@.
|
|
RTABLE_ANY.
OK henning@
|
|
|
|
(verified by both sthen@ and me).
ok sthen@; "just commit it" claudio@
|
|
Found via the clang static analyser.
ok henning@ claudio@ deraadt@
|
|
problem reported with the obvious fix for bgpd by Sebastian Benoit
<benoit-lists at fb12.de>, also PR 6432
applied to all the others by yours truly. ok theo
isn't it amazing how far this parser (and more) spread?
|
|
The previous location also depended on poll results and in most cases was
therefor not entered because finished dumps are not added to the poll array.
Problem reported by Peter Haag, OK henning@
|
|
ok claudio@
|
|
change to bgpd; while here, rewrite usage() in a more usual way.
ok jmc@
|
|
|
|
in bgpd.conf. This allows to add/modify restricted control sockets on runtime.
Feature request by a few people how often forgot to add -r path when restarting
bgpd (including myself).
NOTE: this removes the -s and -r arguments from bgpd so pay attention when
updateing.
jajaja sthen@, OK henning@
|
|
"dump table-mp" but this is only possible if the session and the prefixes
are from the same address family. Evil little hackery (especially the
IPv6 nexthop encoding) but seems to work according to libbgpdump.
|
|
to use an end pointer to compare against. Looks less scary and makes
gcc4 happy. OK henning@
|
|
Minor bump for libutil.
Previous versions of this diff and man page looked at by various people.
"you should just commit" deraadt
|
|
ibuf, buf_read to ibuf_read, READ_BUF_SIZE to IBUF_READ_SIZE.
ok henning gilles claudio jacekm deraadt
|
|
more readable, and fixes a spacing bug we had in smtpd.8;
|
|
have MPLS information connected to them and the kernel requires the flag now.
OK michele@
|
|
the old RIB and then via softreconfig in and a special softreconfig out loading
the new RIB.
Feature requested and testeded by Elisa Jasinska.
OK henning@
|
|
Only existing tables should keep their fib sync state, new ones should set
the current fib sync flag to the configured one at the end of the config
load. Found the hard way by sthen@, OK sthen@
|
|
|
|
the length of an AS path (matches if the path is longer then the specified
lenght) the second matches when a sequence of the same AS number is longer
then the specified length).
max-as-len is good to protect crappy comercial bgp boxes from other crappy
comercial bgp boxes. max-as-seq was a feature request from SwissIX and maybe
EuroIX to find and filter prepends.
Additinal testing and OK sthen@
|
|
This adds a bit of new config to specify the mapping between an rdomain and
the BGP MPLS VPN instance, example:
rdomain 1 {
descr "CUSTOMER1"
rd 65003:1
import-target rt 65003:3
export-target rt 65003:1
depend on mpe0
network 192.168.224/24
}
The "depend on mpe0" is a but ugly but for now this is the quickest way to
figure out which interface bgp should use to insert the MPLS routes.
A big side-effect of this diff is that networks are now internally
distributed through kroute.c.
This needs some kernel changes that will follow hopefully soon.
OK henning@
|
|
into play. Check the AID and use 32 or 128 based on the address family.
Now bgpctl show rib <IPv6 addr> works like in the IPv4 case.
Bug reported and fix made during yesterday's Swinog BE#85
|
