| Age | Commit message (Collapse) | Author |
|---|
|
ok kn
|
|
For nexthops it is fine if they point to NULL. This is used in local
announcements. Only if they point to a real struct the state must be
NEXTHOP_REACH.
Bug reported by and OK florian@
|
|
route-server environments.
By default only the best path is sent to peers and if that path is filtered
then the path is hidden for that peer. On route-servers this is sometimes
not desried. For this 'rde evaluate all' will cause the evaluation process
to fall back to alternate routes and will redistribute the first non-filtered
path to the peer. This is very similar to per-peer RIBs but accomplishes
the same effect without the massive increase in memory usage. Compared to
the default mode this requires more CPU resources but it is probably less
than what per-peer RIBs would require.
'rde evaluate all' can be set and reset globally, on groups and on idividual
neighbors. It is not limited to route-server configs but route loops are
possible if not properly used.
OK benno@
|
|
The RTR client runs in a new process where the protocol handling is done
and when new data is available all sources are merged into one ROA set
which is then loaded into the RDE. The roa-set from the config is also
handled by the new RTR engine.
Tested by and ok job@
|
|
of prefixes is always correct. The strict RFC4271 way of checking MED is
requires to check the neighbor AS and only do the check if the AS are equal.
Because of this it is possible that inserting or removing a route reshuffles
the total order.
prefix_cmp() was extended to return the location where the decision happened:
- 0 if the decision was before the MED comparison or med compare always is set
- 1 if the decision happened after the MED comparison
- 2 if the MED made caused the decision
With this the new functions prefix_insert() and prefix_remove() are able
to decide if more prefixes need to be evaluated (testall was not 0.) and
if prefixes need to be re-evaluated after this one was put (testall = 2).
There is a local redo list where prefixes where the MED resulted in a
reshuffle are put on. After the new prefix is inserted all prefixes on
the redo list are reinserted. Because now all affected MED routes get
reevaluated the order is always correct.
|
|
clean up FILES while here
ok claudio for the former
|
|
|
|
The main reason is that AS_SET does not play nice with RPKI ROA.
Introduce a per neighbor and global config option
'reject as-set yes' and 'reject as-set no'
If set to yes received UPDATES with AS_SET segements are rejected.
This is done the same way other ASPATH soft-errors are handled. The UPDATE
is marked invalid and all prefixes are treated as withdraws.
`bgpctl show rib in error` can be used to show prefixes that where denied
and treated as withdraws because of errors.
By default this feature is off.
OK benno@
|
|
equal versions put the RD and lable stack right into struct bgpd_addr.
For non-VPN addresses these extra fields are ignored. Since VPN and non-VPN
addresses encode the prefix in the same way now some code can be simplified.
In most cases a fallthrough or reuse of encoding functions is now possible.
It should also reduce the size of struct bgpd_addr a bit.
OK denis@
|
|
but also for AS paths starting with an AS_SET segment. RFC4271 wants this
and it also makes sense for all the cases where aspath_neighbor() is used
in bgpd.
OK denis@ job@
|
|
the int type by doing calculations on bigger types. Instead just do a > and <
check. Also improve the remote_addr test by using the same address comparison
as in other places.
OK benno@
|
|
Doing the LIST_REMOVE() outside of prefix_evalute() is no longer valid.
As a benefit it is now simply possible to re-evaluate a prefix by passing
it to prefix_evaluate() for both removal and insertion. prefix_evaluate()
will then take care to ensure that a update is sent out if necessary.
Also move rde_send_kroute() call to rde_generate_updates() to make it a
bit easier to plug this module into a regress test.
OK denis@
|
|
both the export check and the address family check should be done as
early as possible since these peers will not need any kind of updates
to happen. Also remove the non-standard ORIGINATOR_ID check.
With this up_test_update() becomes a simple true/false function which
makes the rest of the code a bit simpler.
OK benno@
|
|
|
|
addr2sa needs to return NULL. Without this connection establishment fails
because bind is called with a bad sockaddr.
|
|
of the VPN address into a sockaddr but it allows to use log_sockaddr for
all cases of log_addr now.
OK florian@
|
|
Also change the startup code to use enum bgpd_process to select which
process needs to be run. Makes the code in my opinion easier to understand.
OK denis@
|
|
the system. While at use memcmp in prefixset_cmp() as well for address
checks.
OK florian@
|
|
IPv6 scoped addresses will print correctly.
OK tb@ florian@
|
|
prefix-sets loaded into the RDE. For now only the number of prefixes or
asnumbers are shown plus the time since the last change was done to the table.
OK benno@
|
|
Bad IMSg name noticed by proctor@
|
|
Noticed by procter@
|
|
in the parent to a simple RB tree based on struct roa. With this overlapping
ROAs (same prefix & source-as but different maxlen) are now merged in the RDE
when the lookup trie is constructed.
OK benno@
|
|
before accessing anything in ifa_addr.
OK florian@
|
|
For network rtlabel and priority skip this check since there the operator
may actually want to distribute this network explicitly (even though it is
probably a reject or blackhole route).
Requested by dlg@ OK benno@
|
|
The problem is that this timer only looks at the receive side of the TCP
session. If for some reason the send side stalls the system fully depends
on the remote BGP peer to reset the session. As seen in an ever growing
OutQ and as a result important changes can get stalled and cause routing
troubles.
This change introduces a SEND HOLD timer. The timer is reset whenever the
session engine was able to write data to the TCP socket. If the send hold
timer expires bgpd was not able to send any data to that neighbor for at
least 90 seconds and therefor the session is forcefully closed with a hold
timer expired notification.
The send hold timer acts as a last resort to detect faulty peers. On an
idle session it can take a long time until this timer triggers but the
main goal here is to reset a stuck session at some point which did not
happen before.
With and OK job@
|
|
in other places as well.
ok procter@
|
|
prefixes from multiple sessions into the same table. Before a prefix
was removed from the table on the first withdraw (even though there
was an alternative around).
Requested by, tested and OK dlg@
|
|
This test no longer depends on specific overflow behaviour.
OK millert@
|
|
with -fno-common does not fail.
OK bcook@
|
|
type directly to log init. One less common in bgpd.
OK benno@
|
|
bgpd_process and changing the behaviour that way add a new filterset
type ACTION_SET_NEXTHOP_REF which is used when the nexthop reference
of the union is used. Adjust the RDE to convert ACTION_SET_NEXTHOP to
ACTION_SET_NEXTHOP_REF when receiving the filtersets.
OK benno@
|
|
Change control_dispatch_msg() to return the change of control connection
count since the return value was not used before.
Add control_fill_pfds() to replace the TAILQ_FOREACH loop in session.c.
This allows to move the ctl_conns symbol to control.c (from session.h
where it caused issues when compiled with -fno-common).
OK benno@
|
|
|
|
the parser needs to check if the remote address is already in the RB tree.
Additionally fixup get_id to also compare the remote_masklen and fix
some memory leaks on parser failures.
Fixes a bgpd fatal on reload reported by Pascal Mathis.
OK benno@
|
|
already in the RB tree free the item we tried to add since the item form
the RB tree is used.
Memory leak found and fix provided by Felix Maurer ( felix at felix-maurer.de)
|
|
need to use or set error anymore.
OK deraadt@
|
|
warning on non __KAME__ systems.
OK deraadt@
|
|
cdefs.h may not exist on some systems and the portable framework uses
sys/types.h to define __dead.
OK deraadt@
|
|
OK claudio@
|
|
Reported by Prof. Dr. Steffen Wendzel <wendzel @ hs-worms . de>,
thanks!
OK martijn@ sthen@
|
|
configuration file.", but occasionally something else fit better; at the
same time, try to make the format for FILES more consistent;
original diff from clematis
|
|
charactars. Also fix a long line.
OK benno@ deraadt@
|
|
to be more generic, then change 'reload' to take take a '[reason]' also,
which will be logged by bgpd.
ok kn claudio
|
|
and also not needed. This just needs a char lookup ('{') like it is done
in all the other rules with '{'. With this parse.y can be compiled with
bison.
OK otto@ benno@
|
|
Make it a log_debug() instead to reduce the noise seen on most full feeds.
The DFZ is currently not clean enough to properly drop AS 0 in that case.
OK job@ deraadt@
|
|
|
|
|
|
|
|
an IPv4 and IPv6 local-address on a group and the neighbors bind to the
right local-address. Also implement 'no local-address' to reset a previously
set local address back to zero. This should help with IBGP and multihop
session config and hopefully reduce repetition in bgpd configs.
OK sthen@ benno@
|
