| Age | Commit message (Collapse) | Author |
|---|
|
How RFC 9234 support will work in the long run may still change but
for now at least tell people how to use it.
|
|
Fixes config regress. Found by anton@, discussed with tb@
|
|
like other unknown ones. Also KNF the code a bit.
Was OK tb@ some time ago
|
|
|
|
|
|
With this it is possible to send a role in the OPEN message and if that
was successful the RDE will add the new OTC attribute if necessary.
OK tb@
|
|
|
|
scope_id to struct kroute6 to make link local addresses work.
OK tb@
|
|
It seems that IN6_IS_ADDR_MC_NODELOCAL() is the official name of this
nightmare and therefor more portable.
OK tb@
|
|
The only user of struct kif was the session engine for the 'depend on'
feature. Switch the imsg exchange to a new struct session_dependon and
rename the IMSG as well.
OK tb@
|
|
|
|
OK tb@
|
|
struct kroute and kroute6.
Rename knexthop_node to knexthop as well. Mostly mechanical but fix
at least one log format string to have the correct order of arguments.
OK tb@
|
|
OK tb@
|
|
simpler.
OK tb@
|
|
ok claudio
|
|
struct kroute_full is address family independent and so more portable.
Also struct kroute and struct kroute6 will be kroute.c internal soon.
OK tb@
|
|
|
|
Use this function in kroute so that kroute_find and kroute6_find can switch
to use struct bgpd_addr as argument.
OK tb@
|
|
Also fix the function by moving the memcpy() after the embedded scope
has been removed.
OK tb@
|
|
Noticed by tb@
|
|
Using inet4applymask() makes the code similar to the IPv6 version.
Also switch kroute{,6}_match() to use a struct bgpd_addr * as argument.
OK tb@
|
|
Do not set any errno. So if a non empty string is used in name2id
conversion and the return value is 0 then that would be an error.
Callers in most cases do not care and accept that a label may be
lost because of conversion failure.
Noticed by and OK tb@
|
|
to the warning. The messages are clear enough and unique.
OK tb@
|
|
When pfkey_reply() detects an error in a message it needs to flush that
message out of the buffer because pfkey_read() only did a peak read.
OK tb@
|
|
or which are not marked RTF_DONE. Possible fix for bgpd exiting for
no obvious reason. Found with help from florian@
OK florian@
|
|
Instead define our own algorithm enums for the IPsec code.
OK tb@ sthen@
|
|
indicates that the route was successfully added to the FIB.
Filter out dynamic routes, like it is already done for ARP and ND routes) and
kill F_DYNAMIC.
Also remove the protect_lo() bits. Adding dummy kroute entries does no longer
prevent bad routes to hit the FIB. Also loopback IPs are checked in a few
other places to prevent bad routes to be installed into the FIB.
OK tb@
|
|
|
|
|
|
into a struct kroute_full and then two functions to add/change or delete
that route from the kroute tree.
Cleanup some additional things and use the same parse funtion in fetchtable.
OK tb@
|
|
ERROR to yylex() to make the parser fail nicely.
OK tb@
|
|
It is the same value but using the kif seems better.
|
|
kr_nexthop_add() and kr_nexthop_delete() only operate on the main table
so just pass in the right rdomain id.
kr_shutdown() and kr_dispatch_msg() don't really need the rdomain passed.
The was done for kif_remove(), since that function needs to remove connected
routes from the rdomain table. Connected routes can only exists in the
interfaces rdomain so just use kif->k.rdomain. If such routes exist that
table exists as well. If the table does not exists there are also no
connected routes to track.
OK tb@
|
|
By moving the rtlabel_unref into kroute_remove the unref is more reliable.
There are still places where handling is not quite right but it is a step
in the right direction.
OK tb@
|
|
|
|
Also cleanup some redundant if statements.
OK tb@
|
|
Instead of passing it around all the time put the fib_priority into the
kroute state. It is only needed in send_rtmsg() in the end.
Additionally insert F_BGP_INSERTED routes with a special RTP_MINE priority.
This makes changing the fib_priority at runtime simpler because there
is no need to alter the kroute table anymore.
OK tb@ deraadt@
|
|
RTP_LOCAL is internally used by the kernel and is not available for
userland. The minimal usable routing prio is 2.
OK tb@
|
|
in range. Also rephrase the error message.
OK tb@
|
|
Check the return value in all cases and use a common idiom for this check.
OK tb@
|
|
actually loads a routing table and not really an rdomain.
|
|
|
|
When max-communities X is set on a filterrule the filter will match when
more than X communities are present in the path. In other words
max-communities 0 means no communities are allowed and max-communities 3
limits it up to 3 communities.
There is max-communities, max-ext-communities and max-large-communities
for each of the 3 community attributes. These three max checks can be used
together.
OK tb@ job@
|
|
First of all the detection logic was totally wrong. Then filter out
non-transitive extended communities when received from an ebgp peer.
Also cleanup the type handling of ext-communities. Mainly to not have
to handle the transitive vs non-transitive versions the type is masked
with EXT_COMMUNITY_VALUE before doing the switch case for the various
types.
With this my test using ext-communities works.
OK tb@
|
|
|
|
Remove the IN_BADCLASS() check which filters out the experimental IPv4
address space. Now there are no more experiments in IPv4 and so there
is less reason for these network daemons to deny such an IP.
Everything still disallows multicast IPs (224/4) and loopback (127/8)
a few also disallow 0/8 but this is not consistent.
In any case using 240/4 in production is a really bad idea but it is
not up to this software to prevent you from being a fool.
OK deraadt@ tb@
|
|
|
|
jmc@ dislikes a comma before "then" in a conditional, so leave those
untouched.
ok jmc@
|
|
Instead of using new == NULL or new != NULL in combination with an again
label to steer the control flow of this function, switch to using a while
loop and break/continue/return. Simplified version of a diff by claudio.
ok claudio
|
