| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
Reported by Prof. Dr. Steffen Wendzel <wendzel @ hs-worms . de>,
thanks!
OK martijn@ sthen@
|
| |
|
|
|
|
|
| |
configuration file.", but occasionally something else fit better; at the
same time, try to make the format for FILES more consistent;
original diff from clematis
|
| |
|
|
|
| |
charactars. Also fix a long line.
OK benno@ deraadt@
|
| |
|
|
|
|
| |
to be more generic, then change 'reload' to take take a '[reason]' also,
which will be logged by bgpd.
ok kn claudio
|
| |
|
|
|
|
|
| |
and also not needed. This just needs a char lookup ('{') like it is done
in all the other rules with '{'. With this parse.y can be compiled with
bison.
OK otto@ benno@
|
| |
|
|
|
|
| |
Make it a log_debug() instead to reduce the noise seen on most full feeds.
The DFZ is currently not clean enough to properly drop AS 0 in that case.
OK job@ deraadt@
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
an IPv4 and IPv6 local-address on a group and the neighbors bind to the
right local-address. Also implement 'no local-address' to reset a previously
set local address back to zero. This should help with IBGP and multihop
session config and hopefully reduce repetition in bgpd configs.
OK sthen@ benno@
|
| |
|
|
|
|
|
|
|
|
| |
once in the input file is not correct. I thought the RPKI validators would
aggreagte these entries but that is not necessarily the case.
There are cases where prefixes show up with the same source-as multiple times
with different maxlen lenght. In those cases merge these multiple entries
and keep the one entry with the longest maxlen length since that is the VRP
which covers all others.
Found by job@ OK benno@
|
| |
|
|
|
|
|
|
|
| |
mdoc(7) auto-tagging delivered false positives leading tag users
to usages somewhere in manual; add ".Tg" markup for both keywords
in the "NEIGHBORS AND GROUPS" section where the concepts are
introduced.
Feedback and OK schwarze
|
| |
|
|
|
|
| |
where functions like filterset_move() live. Also initialize the dest
TAILQ in filterset_copy() as it is done in filterset_move().
OK benno@ phessler@
|
| |
|
|
|
|
|
|
|
| |
sessions and vice versa) from the RDE to the SE. The SE is the right place
for this since there getsockname(2) fetches the local address and so the
alternate one can be fetched there as well.
With this the route pledge is no longer needed in the RDE and the pledge
is now just "stdio recvfd".
OK benno@
|
| | |
|
| |
|
|
| |
OK florian@, benno@
|
| |
|
|
|
|
|
|
|
|
| |
there is actual work to do (nh->next_prefix != NULL). If next_prefix
is NULL there is a possibility that nexthop_unref() is called before
the nexthop is removed from the nexthop_runners queue resulting in a
use-after-free access in nexthop_runner().
For consistency add a debug message in nexthop_unlink() if the nexthop
is removed from the nexthop_runners queue because the last prefix is gone.
OK procter@
|
| | |
|
| |
|
|
|
|
|
|
| |
This is an easy safety switch to not leak full tables to upstreams and
peers. If the limit is hit a Cease notification is sent and the session
is closed.
This implements most of https://tools.ietf.org/html/draft-sa-idr-maxprefix-00
OK job@
|
| |
|
|
| |
ok tedu
|
| |
|
|
|
| |
not only sent errors can be reported but also received ones.
OK denis@ deraadt@
|
| |
|
|
| |
OK denis@ deraadt@
|
| | |
|
| |
|
|
| |
and the refcnt, hash and flags are also grouped.
|
| |
|
|
|
|
|
|
| |
the prefix. When reloading the config the export needs to be redone as
part of softreconfig out else fixing the filters has no effect and a
session reset is required.
Note: changing the export setting still needs a session reset
OK benno@
|
| |
|
|
|
|
| |
struct rde_aspath define aspath_hashstart and aspath_hashend and update
all values in one call. Inspired by struct process and its ps_startcopy.
OK deraadt@
|
| |
|
|
| |
and order prototypes like the functions in rde_peer.c
|
| |
|
|
|
|
|
| |
Change peer_foreach() to just walk the peer list instead of iterating over
the peer hash table. Also change peer_down() arguments so that it can be
used as a peer_foreach() callback (which is then used in rde_shutdown()).
OK benno@
|
| |
|
|
|
|
|
|
| |
uses CLOCK_MONOTONIC. Convert the control messages to return the relative
age of the prefix instead of the absolute age. Adjust the mrt dump code
to stil dump the route age in seconds since epoch as defined in the RFC.
With this all times in bgpd are now based on CLOCK_MONOTONIC.
OK denis@
|
| |
|
|
|
|
| |
which returns clock_gettime(2) with CLOCK_MONOTONIC. While doing that
introduce last_write for symetry.
OK denis@
|
| | |
|
| |
|
|
|
|
|
| |
messages on a per peer queue. This queue is later processed one at a
time resulting in a fairer processing of work and avoiding big table
dumps to delay processing of other updates.
OK denis@ benno@
|
| | |
|
| |
|
|
|
|
| |
in mrt_dump_hdr_se(). Table dumps don't need time.tv_nsec like used in
the _ET formats like for message and state changes but it keeps to code
similar.
|
| | |
|
| |
|
|
|
| |
in the imsg handler and pass a struct rde_peer pointer to those functions.
OK denis@
|
| |
|
|
| |
group better together.
|
| |
|
|
|
| |
known through the imsg lenght.
OK benno@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
error prone than manually editing rc.conf.local, and also works to
enable ipsec and accounting.
tweak from schwarze@ to use the \(dq\(dq syntax for quotes in '.Dl
foo_flags="" lines' instead of \&"\&".
while at it, fix a reference to a bogus /dev/dhclient.conf file that
recently snuck in.
ok jmc@ deraadt@ schwarze@
|
| |
|
|
| |
ok claudio@
|
| |
|
|
|
|
|
|
|
|
| |
graceful reload. At the same time extend peer_dump() to force all updates
getting sent by adding every entry in the Adj-RIB-Out to the update tree
unless they are PREFIX_FLAG_DEAD or PREFIX_FLAG_STALE. The latter will be
removed during that stage since peer_dump() just did a full update of the
Adj-RIB-Out. Also fix prefix_withdraw to check the correct prefix flags
before removing a prefix from the update or withdraw tree.
OK benno@
|
| |
|
|
|
|
|
|
| |
actually inserts the missing prefix in the prefix tree. While for
regular updates to the Adj-RIB-Out this case is indeed not reachable
it is reachable when using 'export default-route'.
Problem reported and fix tested by Esa Kuusisto.
OK benno@
|
| |
|
|
|
|
|
|
| |
First by requeuing an element that is already on the list and second
by freeing a nexthop that is still on the list resulting in a use after
free. This should fix bgpd crashes seen by various people.
Problem report including backtrace from benno@
OK benno@
|
| |
|
|
|
| |
MPLS VPN cluesticks supplied by Dylan Hall
ok claudio@ jmc@
|
| |
|
|
|
|
|
|
| |
commit the pending work and therefore start a new worklist. The delayed
commits can cause such situations to happen and there is no reason to
panic because of this.
Problem found by jmc@
OK benno@
|
| |
|
|
|
|
|
| |
removed the session engine will issue a IMSG_PFKEY_RELOAD call after
the parent has removed the peer which is no problem and so no need
to fill the log with this.
OK benno@
|
| |
|
|
|
| |
that.
OK benno@
|
| |
|
|
|
|
|
| |
there is no pfkey interface and instead the loading is done via setsockopts.
To make this work correctly there are some additional functions needed when
peers get reconfigured or when new listeners show up.
OK benno@
|
| |
|
|
|
| |
conf here eventhough it is the same.
OK benno@
|
| |
|
|
|
| |
the parent and the SE no longer has the pfkey socket open.
OK benno@
|
denis
jmc
claudio
deraadt
kn
schwarze
bket
landry
benno
procter