| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
Reported by Prof. Dr. Steffen Wendzel <wendzel @ hs-worms . de>,
thanks!
OK martijn@ sthen@
|
|
|
|
|
|
|
|
| |
This is an easy safety switch to not leak full tables to upstreams and
peers. If the limit is hit a Cease notification is sent and the session
is closed.
This implements most of https://tools.ietf.org/html/draft-sa-idr-maxprefix-00
OK job@
|
|
|
|
|
|
| |
struct rde_aspath define aspath_hashstart and aspath_hashend and update
all values in one call. Inspired by struct process and its ps_startcopy.
OK deraadt@
|
|
|
|
| |
and order prototypes like the functions in rde_peer.c
|
|
|
|
|
|
|
| |
Change peer_foreach() to just walk the peer list instead of iterating over
the peer hash table. Also change peer_down() arguments so that it can be
used as a peer_foreach() callback (which is then used in rde_shutdown()).
OK benno@
|
| |
|
|
|
|
|
|
|
| |
messages on a per peer queue. This queue is later processed one at a
time resulting in a fairer processing of work and avoiding big table
dumps to delay processing of other updates.
OK denis@ benno@
|
|
|
|
|
|
|
|
|
|
| |
graceful reload. At the same time extend peer_dump() to force all updates
getting sent by adding every entry in the Adj-RIB-Out to the update tree
unless they are PREFIX_FLAG_DEAD or PREFIX_FLAG_STALE. The latter will be
removed during that stage since peer_dump() just did a full update of the
Adj-RIB-Out. Also fix prefix_withdraw to check the correct prefix flags
before removing a prefix from the update or withdraw tree.
OK benno@
|
|
|
|
|
|
|
|
| |
gets enlarged use an array of pointers, so pointers to struct rib entries
remain valid after adding new RIBs. Also remove the global ribs pointer
and rib_valid() since they are no longer used since all the code uses now
rib_byid() instead.
OK benno@
|
|
|
|
|
| |
of the other. Just merge struct rib_desc into struct rib. Makes code simpler.
OK benno@
|
|
|
|
|
|
|
| |
prefix_peer, prefix_vstate and prefix/prefixlen to the function. This removes
some ugly hacks in cases where the prefix was not available.
Also adjust the order of arguments of rde_attr_set() to match rde_filter().
OK benno@
|
|
|
|
|
| |
path_update to prefix_update since this is now more working on a prefix.
OK clang
|
|
|
|
|
|
|
|
|
| |
route evaluation is modified. In both cases the softreconfig code will
now walk the RIB and ensure that everything is in proper sync.
Additionally remove 'route-collector yes|no' from the bgpd config, instead
use 'rde rib Loc-RIB no evaluate' with the benefit that you can alter
the setting now during runtime.
Tested and OK benno@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
structures are linked does not scale for the Adj-RIB-Out and so inserts
and updates into the Adj-RIB-Out did not scale because of some linear
list traversals in hot paths.
A synthetic test with 4000 peers announcing one prefix each showed that
the initial convergence time dropped from around 1 hout to around 6min.
Note: because the Adj-RIB-Out is now per peer the order in which prefixes
are dumped in 'bgpctl show rib out' changed.
Tested and OK job@, benno@, phessler@
|
|
|
|
|
|
|
|
|
| |
structures are pt_entry, rde_aspath, rde_communities, and nexthop.
The functions are always called *_ref and *_unref also the behaviour
when the last reference is removed is unified and now the object is
removed inside of the unref function. The actual bean-counting is not
modified by this diff.
OK benno@
|
|
|
|
|
| |
Readd them by dumping them explicitly.
Tested by and OK benno@
|
|
|
|
|
|
|
|
|
| |
This changes makes it possible to not use the struct rib_entry pointer
which will be used to optimize the Adj-RIB-Out.
Also adjust pt_ref() and pt_unref() so that the code can be written
a bit more compact. Also prefix_cmp() no longer needs to go via
rib_compare() and calls pt_prefix_cmp() directly.
OK phessler@
|
| |
|
|
|
|
|
|
|
|
|
| |
asynchronously and therefor other tasks can make progress at the same
time. Additionally prefixes belonging to a RIB which does not run the
the decision process are no longer linked into the nexthop list.
This replaces the early return in prefix_updateall() and reduces the
time spent in nexthop_update().
OK benno@
|
|
|
|
| |
No binary change according to clang
|
|
|
|
|
|
|
|
| |
attributes are put into a new data structure when parsing the UPDATE.
The filter code can quickly lookup and modify this data structure.
When creating an UPDATE the data is put back into wire format.
Setups using a lot of communities benefit a lot from this.
Input and OK benno@
|
|
|
|
|
|
| |
and the loop passed all attributes known by bgpd. Saves about 80% of
time in up_generate_attr().
OK phessler@
|
|
|
|
|
|
|
|
|
|
| |
were missed before (e.g. network related objects). This helps to detect
memory leaks.
Start using new_config() and free_config() in all places where bgpd_config
structure are used. This way the struct is properly initialised and cleaned
up. Introduce copy_config() to only copy the values into the other struct
leaving the pointers as they were.
Looks good to benno@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
and setting. This allows rules like:
ext-community * * # delete any ext-community
ext-community ovs * # delete any ext-community of specified type
ext-community rt 1.2.3.4:*
and
ext-community rt 65001:local-as
ext-community rt local-as:11111
Note: Sometimes the type of the ext-community is underspecified when using
wildchars or expands. So 'ext-community rt *' or 'ext-community soo *' will
match for any of the 3 possible types (2-byte AS, 4-byte AS and IP address).
If local-as/neighbor-as is used as an expand of as-number like
ext-community rt local-as:11111
then bgpd will default to the 4-byte AS type to encode the community.
OK benno@
|
|
|
|
|
|
|
|
|
|
|
| |
local AS in AS paths. This is sometimes needed in bigger transport networks
where private AS numbers are used in multiple locations.
The implementation is done using a filterset which modifies the AS path -
somewhat inspired by the set attribute code. Setting as-override yes will add
match from <neighbor> set { as-override }
to the start of the filter rules. Since this is filters the Adj-RIB-In still
holds the original path and so reloads changing the setting just work.
With and OK markus@
|
|
|
|
|
|
|
|
| |
set of RB trees of prefixes and atribute. Refactor most of the update code
which removes some strange buffer handling. By building the output queue
directly in the Adj-RIB-Out the top memory usage during startup is greatly
reduced which should help busy server.
Tested by phessler@ and myself
|
|
|
|
|
|
| |
The kernel bits are missing as of now. With input from claudio@ and kn@
OK claudio@
|
|
|
|
|
|
|
| |
multiple ext-communities at the same time as well. Additionally this fixes
parsing some of the ext-community types. Now all communities are handled
by one common struct.
OK benno@ plus some input from denis@
|
| |
|
|
|
|
|
| |
into struct aspath and pass that struct to aspath_match().
OK denis@
|
|
|
|
|
|
|
|
| |
communities into one filter_community struct and allow it that more then
one community can be used in filter rules (currently up to 3).
Also rework the code handling bgpctl show rib commands. The special IMSG
types for the various filters are gone and the code is in general simpler.
OK job@, phessler@
|
|
|
|
|
|
|
|
|
|
| |
introduced before 6.4 because it now can be replaced with the real RIB.
Main changes are:
- simplified 'show rib' handling since everything is now a real RIB
- path_update() is now returning if a prefix was not modified, added or moved
- softreconfig out case is simpler since path_update does all the magic now
- Adjust shutdown code to work with the Adj-RIB-Out
Tested and OK denis@, benno@
|
|
|
|
|
|
|
|
| |
lists are no longer needed and make it possible to share rde_aspath between
peers & prefixes. Instead of the lists the rde_aspath is now reference counted.
With this struct prefix is now the central place where everything is connected
to making the RIB a bit easier to handle.
With input and OK denis@
|
|
|
|
|
|
|
|
| |
network_flush() is now using rib_dump_new to walk the Adj-RIB-In and
remove all dynamically added announcements. peer_flush() got generalized
and is now used also in peer_down(). It also uses a walker to remove all
prefixes of a peer but does it in a synchronous way for now.
OK benno@
|
|
|
|
|
| |
sizeof calculation that did not respect possible padding bytes.
OK sthen@ denis@
|
|
|
|
|
|
|
|
|
|
|
| |
walked. rib_dump_r() is now an internal function and instead the code gets
an additional callback for throttling the rib_dump code. This removes a
lot of similar code used to make sure the RDE is not walking to fast and
replaces it with simpler callbacks. The other big change is the removal
of struct rib pointers in other data structures. The rib pointers are not
stable because of a realloc() call happening when extending the array so
instead use the RIB ID as a reference.
Tested and OK denis@ and benno@
|
|
|
|
|
| |
reload peers into a new RIB. Removes one additional full RIB tree walker.
OK benno@
|
|
|
|
| |
OK denis@ claudio@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
roa-set for RPKI based origin validation and a origin-set which allows to
lookup a source-as / prefix pair.
For RPKI a config can be built like this:
roa-set {
165.254.255.0/24 source-as 15562
193.0.0.0/21 maxlen 24 source-as 3333
}
deny from any ovs invalid
match from any ovs valid set community local-as:42
match from any ovs not-found set community local-as:43
Origin sets are similar but only match when the source-as / prefix pair is
valid.
match from any origin-set ARINDB set community local-as:44
Committing this now so that further work can be done in tree.
OK benno@, job@
|
|
|
|
|
|
|
|
|
| |
which prefixes were sent out as UPDATE. At withdraw time the RB tree can be
consulted to know if the withdraw actually needs to be sent to the peer.
This replaces the faulty heuristic that was used before and caused either
that unneeded withdraw to be sent or in the worst case failing to send a
necessary withdraw resulting in stuck routes.
OK benno@
|
|
|
|
|
|
|
|
|
| |
the lookup and will now also be used in roa-set tries. The as_set is glue
to add the name and dirty flag. Add an accessor to get the set data so
that the imsg sending and printing can be moved into the right places.
This is done mainly because roa-sets need similar but slightly different
versions and making the code more generic is the best way fixing this.
OK benno@
|
| |
|
|
|
|
|
|
|
|
|
| |
proper ROA checking. There is a new match function trie_roa_check which
does a trie traversal and looks for candidates and matches. If prefix
is not covered then ROA_UNKNOWN is returned, if prefix is covered by an
entry it will return ROA_INVALID unless the source-as / maxlen combo is
matching (ROA_VALID).
OK and input sthen@
|
|
|
|
|
|
|
|
|
|
| |
need this and are now treated equally to the network statement in the config.
This makes bgpctl network delete <net> also remove a network which was defined
in the config.
While there remove the other use of flag which was done to support Adj-RIB-Out
but the direction we're taking is no longer needing that. Makes code simpler
again.
OK benno@
|
|
|
|
|
| |
deny from any prefix-set mynetworks or-longer
ok claudio, feature discussed with job and deraadt
|
|
|
|
|
|
|
|
|
|
|
| |
prefix addr/plen to a prefix-set spec addr/plen prefixlen min - max (a
prefix including prefixlen range). Every addr/plen pair is a node in the
trie and the prefixlen is added as a bitmask to those nodes.
For the lookup the any match is OK, there is no need to do longest or
best prefix matching.
Inspiration for this solution comes from the way bird implements this
which was done by Ondrej Zajicek santiago (at) crfreenet.org
OK benno@
|
|
|
|
|
|
|
| |
AS numbers in source-as, AS and transit-as filterstatements. These table
use bsearch to quickly verify if an AS is in the set or not.
The filter syntax is not fully set in stone yet.
OK denis@ benno@ and previously OK deraadt@
|
|
|
|
|
|
|
|
| |
heavy bits into the background and so the RDE is able to process new
messages more or less instantly after a configuration reload.
Not all cases are covered yet but the bulk is.
While the backgorund process is running no new config can be loaded.
Tested by and OK benno@
|
|
|
|
| |
ok claudio@
|