| Age | Commit message (Collapse) | Author |
|---|
|
since that one is kept.
OK tb@
|
|
OK tb@
|
|
Instead use struct auth_config and struct auth_state in the pfkey calls
and those tcp_md5 calls where it matters.
This is preparation work to allow RTR to use TCP MD5 as well.
OK tb@
|
|
Mainly handle unknown ext-communities better and handle the special
case of type == -1.
OK tb@
|
|
before calling connect(). This way it happens for sure and on top the TOS
is already set on the initial SYN.
OK tb@
|
|
First of all warn that a prefix was dropped. In the generate an update
code handle possible overflows of attributes and NLRI and withdraw the
affected prefix. This way the peer will not have stale data.
OK tb@
|
|
|
|
Again malloc(0) is not portable and calling memcpy with a NULL pointer
and a 0 length is not allowed by the C standard.
OK tb@
|
|
Calling malloc / reallocarray with a 0 size is not portable and the
memcpy with a possible NULL pointer as source and 0 len is seen as UB
by newer C standards (grmbl).
OK tb@
|
|
OK tb@
|
|
An announce PDU requires at least one provider ASnum while a withdraw
must not include any provider ASnums. The first is mandated by the ASPA
profile and the 2nd by the 8210bis draft.
Further cleanup some leftovers from the old per-AFI split of ASPA.
OK tb@
|
|
extra security measures of recallocarray() which adds a lot of overhead.
OK tb@
|
|
Just drop the attribute if received from an external peer.
Treat as withdraw if the len is 0 or not % 4.
OK tb@
|
|
imsg_get_data() does the same and produces the same error.
OK tb@
|
|
OK tb@
|
|
|
|
to be rechecked when a BGP route is added (or changed).
We need to revalidate nexthops on inserts (kroute_insert) and
on change (krX_change but only for AID_INET and AID_INET6 -- no nexthops
in the other tables) the nexthop needs to be updated.
Only validate nexthops if 'nexthop qualify via bgp' is enabled. For route
changes the code can depend on the F_NEXTHOP flag.
Fix for: https://github.com/openbgpd-portable/openbgpd-portable/issues/81
OK tb@
|
|
configuration. Doing so before could result in some messages being sent
out without proper TCP-MD5 signature.
Fix for: https://github.com/openbgpd-portable/openbgpd-portable/issues/82
OK tb@
|
|
also enqueue update and rrfresh imsgs only if the peer is up and flush them
once this is no longer the case.
OK tb@
|
|
This is cheap and will trigger immediatly instead of waiting until
the next UPDATE happens (which could happen a lot later).
OK tb@ job@
|
|
Adjust the error check that is now wrong after the inet_aton -> inet_pton
conversion.
Noticed by & OK bluhm.
OK tb
|
|
No need for inet_aton's flexibility.
OK claudio
|
|
Also export the msgbuf queue len as a stats member so bgpctl does not need
to dig into the msgbuf structure inside struct peer.
This skips imsg related msgbuf since that will be handled by a imsgbuf
specific function.
OK tb@
|
|
filtered prefixes in the Loc-RIB
This includes filtered prefixes into the Loc-RIB but they are marked
ineligible so nothing will select them but it is possible to show them
in bgpctl. So 'bppctl show rib filtered' will return all prefixes filtered
out by the input filters.
OK tb@
|
|
The min-version pins a minimal required version for rtr session. This is
needed if specific PDUs are required and it ensures that the session is
not suddenly downgraded. This is important for ASPA where a minimum
version of 2 is required. Only then the ASPA PDUs are transmitted.
By default a RTR version of 1 is used but setting min-version to 2
will enable draft-ietf-sidrops-8210bis-14 support and enforce it
at the same time. Right now defaulting to version 2 is not possible
since draft-ietf-sidrops-8210bis failed to progress for a too long
time resulting in split eco system with various incompatible RTR
version 2 implementations.
OK tb@
|
|
done in rtr_parse_header(). No need to do it twice.
|
|
adjusted the pdu to follow the other ASPA drafts.
OK tb@
|
|
Reported by Marco D'Itri
|
|
|
|
withdraw case. Those bytes are needed for the attribute length field.
Without this withdraw messages can become overfull and are dropped
without notice.
Problem found and fix tested by denis@
OK denis@ tb@
|
|
as connected (they are so by definition).
Issue reported by Jason Tubnor ( Jason.Tubnor (at) lchs.com.au )
OK tb@
|
|
Noticed by anton@
|
|
In up_get_nexthop() check that the local_vX_addr is actually valid
before using it. In the UPDATE generation functions check that the
nexthop is valid before adding it and fail hard if it does not exist.
You can't announce an IPv4 prefix/gateway over an IPv6 only link.
OK henning@ sthen@
|
|
capability neither from our side not the remote end.
Also track unknown AFI/SAFI combos for the remote end in AID_UNSPEC
this way even unknown combos will prevent a fall back.
OK henning@ sthen@
|
|
OK henning@ sthen@
|
|
OK henning@ sthen@
|
|
used more then once in a log message (e.g. log_peer_warnx + log_addr.
OK henning@ sthen@
|
|
Before the RDE used host byte order for remote_bgpid but all the other
code used network byte order. The reason for that was that bgpid was
initially an IPv4 address but since RFC 6286 in 2011 this is much more
relaxed and so it makes more sense to just treat them as numbers and
so host byte order.
OK tb@
|
|
This converts OPEN and it capability parser and RREFRESH and with that
all packet parser are kind of converted. There is still parse_header()
and the general packet handling that needs some work now so that all
the ugly ibuf_from_buffer() can be dropped.
OK tb@
|
|
|
|
|
|
|
|
We don't really care if it works or not and we don't want to clamp it
down further then 64k. So just call setsockopt() once and ignore the error.
OK tb@ sthen@
|
|
Additionally, set TCP_NODELAY on the RTR socket, there is no need to
queue up messages towards the RTR server.
OK claudio@
|
|
There is no need to have an easy knob to get outdated or crappy
implementations to limp along. Instead the various default on
capabilities just need to be disabled (e.g. announce as-4byte no).
OK tb@
|
|
a down of an idle connection will properly stop the session.
OK tb@ (as part of larger diff)
|
|
Also make sure that something is logged when a session is stopped.
Part of a bigger diff which was OK tb@
|
|
attribute error.
BGP more and more relies on capabilities, automatically clearing them
all no longer seems the right choice. Now operators need to adjust the
config explicitly to allow such connections.
From a larger diff which is OK tb@
|
|
Fixes: https://github.com/openbgpd-portable/openbgpd-portable/issues/77
ok claudio
|
|
|
