![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / usr.sbin / bgpd
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.463 / (download) - annotate - [select for diffs], Wed May 22 08:41:14 2024 UTC (10 days, 11 hours ago) by claudio
Branch: MAIN
CVS Tags: HEAD
Changes since 1.462: +4 -4 lines
Diff to previous 1.462 (colored)
Convert bgpid, remote_bgpid and clusterid to host byte order. Before the RDE used host byte order for remote_bgpid but all the other code used network byte order. The reason for that was that bgpid was initially an IPv4 address but since RFC 6286 in 2011 this is much more relaxed and so it makes more sense to just treat them as numbers and so host byte order. OK tb@
Revision 1.462 / (download) - annotate - [select for diffs], Wed Apr 24 10:41:34 2024 UTC (5 weeks, 3 days ago) by claudio
Branch: MAIN
Changes since 1.461: +2 -7 lines
Diff to previous 1.461 (colored)
Remove 'announce capabilities' as neighbor config stanza. There is no need to have an easy knob to get outdated or crappy implementations to limp along. Instead the various default on capabilities just need to be disabled (e.g. announce as-4byte no). OK tb@
Revision 1.461 / (download) - annotate - [select for diffs], Thu Apr 11 18:07:55 2024 UTC (7 weeks, 2 days ago) by tb
Branch: MAIN
Changes since 1.460: +2 -2 lines
Diff to previous 1.460 (colored)
Remove repeated type declaration that makes bison unhappy Fixes: https://github.com/openbgpd-portable/openbgpd-portable/issues/77 ok claudio
Revision 1.460 / (download) - annotate - [select for diffs], Tue Apr 9 12:40:01 2024 UTC (7 weeks, 4 days ago) by claudio
Branch: MAIN
Changes since 1.459: +4 -3 lines
Diff to previous 1.459 (colored)
Limit the number of provider ASnumbers to MAX_ASPA_SPAS_COUNT (10'000) in the parser as well. OK tb@
Revision 1.459 / (download) - annotate - [select for diffs], Tue Apr 9 09:03:18 2024 UTC (7 weeks, 4 days ago) by claudio
Branch: MAIN
Changes since 1.458: +30 -17 lines
Diff to previous 1.458 (colored)
Allow operators to enforce the presence of certain capabilities on sessions. For simple capabilities this just adds enforce to the yes/no option of the announce statement. For multi-protocol capabilities and add-path there is an extra keyword. On top of this for add-path the enforcement requires the neighbor to send a matching capability, e.g 'announce add-path recv enforce' requires the other side to send any 'announce add-path send XYZ' capability. This is mainly to enforce as-4byte and extra multi-protocol capabilities. OK denis@ tb@
Revision 1.458 / (download) - annotate - [select for diffs], Wed Apr 3 08:57:26 2024 UTC (8 weeks, 3 days ago) by claudio
Branch: MAIN
Changes since 1.457: +21 -9 lines
Diff to previous 1.457 (colored)
Rewrite str2key() to not use strtoul() to convert 2 hexdigits into one char. Instead use a simple function to do the conversion per nibble. OK deraadt@ tb@
Revision 1.457 / (download) - annotate - [select for diffs], Wed Mar 20 09:35:46 2024 UTC (2 months, 1 week ago) by claudio
Branch: MAIN
Changes since 1.456: +12 -13 lines
Diff to previous 1.456 (colored)
Cleanup AID handling. - Loops over all valid AID should start with AID_MIN and go up to AID_MAX - 1 e.g. for (i = AID_MIN; i < AID_MAX; i++) If for some reason AID_UNSPEC must be handled make that explicit in the for loop. - aid2afi() now returns an error for AID_UNSPEC since there is no valid AFI SAFI combo for AID_UNSPEC. - Add additional checks for AID_MIN where currently only AID_MAX was checked. This affects imsg for route refresh and graceful restart. - Simplify add-path capability handling. Only the negotiated add_path capa sets the flag for AID_UNSPEC to help code to quickly check if any add-path is active. OK tb@
Revision 1.456 / (download) - annotate - [select for diffs], Mon Mar 18 14:54:52 2024 UTC (2 months, 2 weeks ago) by claudio
Branch: MAIN
Changes since 1.455: +4 -3 lines
Diff to previous 1.455 (colored)
Typecast char argument to isxdigit() to unsigned char since isxdigit() only works that way correctly. OK deraadt@
Revision 1.455 / (download) - annotate - [select for diffs], Wed Aug 16 08:26:35 2023 UTC (9 months, 2 weeks ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4
Changes since 1.454: +2 -17 lines
Diff to previous 1.454 (colored)
Remove per-AFI ASPA handling in bgpd internals With draft-ietf-sidrops-aspa-profile-16 and draft-ietf-sidrops-aspa-verification-15 the AFI dependence of ASPA records was dropped. So remove this complication form the code. This only removes the AFI handling internally in bgpd but still allows the old syntax in aspa-set tables. The optional address family is just ignored and records are merged together. For RTR sessions draft-ietf-sidrops-8210bis has not yet been updated so right now we still handle RTR sessions as specified there. The IPv4 and IPv6 ASPA entries are handled in two trees and merged together into one AFI independent tree. This is the best we can do for now until IETF updates draft-ietf-sidrops-8210bis. OK tb@ job@
Revision 1.454 / (download) - annotate - [select for diffs], Fri Apr 28 13:23:52 2023 UTC (13 months ago) by claudio
Branch: MAIN
Changes since 1.453: +4 -1 lines
Diff to previous 1.453 (colored)
Add explicit default labels in switch() statements with error handling. Right now these are not reachable. Should also clear some gcc warnings. OK tb@
Revision 1.453 / (download) - annotate - [select for diffs], Wed Apr 26 18:14:28 2023 UTC (13 months ago) by claudio
Branch: MAIN
Changes since 1.452: +3 -1 lines
Diff to previous 1.452 (colored)
Add prototypes for geticmptypebyname() and geticmpcodebyname(). Needed for bison.
Revision 1.452 / (download) - annotate - [select for diffs], Fri Apr 21 10:48:33 2023 UTC (13 months, 1 week ago) by claudio
Branch: MAIN
Changes since 1.451: +8 -2 lines
Diff to previous 1.451 (colored)
Adjust ext community handling to support the generic transitive communities introduced with flowspec. OK tb@
Revision 1.451 / (download) - annotate - [select for diffs], Fri Apr 21 10:47:07 2023 UTC (13 months, 1 week ago) by claudio
Branch: MAIN
Changes since 1.450: +2 -2 lines
Diff to previous 1.450 (colored)
Missing space noticed by Pablo Mendez Hernandez
Revision 1.450 / (download) - annotate - [select for diffs], Fri Apr 21 09:28:14 2023 UTC (13 months, 1 week ago) by claudio
Branch: MAIN
Changes since 1.449: +6 -4 lines
Diff to previous 1.449 (colored)
Sync common code with bgpctl with the version from there. OK tb@
Revision 1.449 / (download) - annotate - [select for diffs], Wed Apr 19 15:27:46 2023 UTC (13 months, 1 week ago) by claudio
Branch: MAIN
Changes since 1.448: +8 -8 lines
Diff to previous 1.448 (colored)
Reshuffle the flowrule yacc rules to be in a more logical and alphabetical order.
Revision 1.448 / (download) - annotate - [select for diffs], Tue Apr 18 13:31:14 2023 UTC (13 months, 2 weeks ago) by tb
Branch: MAIN
Changes since 1.447: +14 -15 lines
Diff to previous 1.447 (colored)
Rewrite some ugly for loops This fixes a few KNF issues and ugly line wrapping by using a local version of nitems(); fix two bsearch() on top. ok claudio
Revision 1.447 / (download) - annotate - [select for diffs], Tue Apr 18 12:11:27 2023 UTC (13 months, 2 weeks ago) by claudio
Branch: MAIN
Changes since 1.446: +830 -3 lines
Diff to previous 1.446 (colored)
Implement the parser bits to process flowspec rules. Heavily inspired by pfctl, in bgpd flowspec rules are written like pf rules (with a few exceptions / extensions). As a result not all flowspec features are available but that is OK. OK tb@
Revision 1.446 / (download) - annotate - [select for diffs], Wed Apr 5 08:37:21 2023 UTC (13 months, 4 weeks ago) by claudio
Branch: MAIN
Changes since 1.445: +38 -20 lines
Diff to previous 1.445 (colored)
Refactor port definitions to also support service names like bgp. OK tb@
Revision 1.445 / (download) - annotate - [select for diffs], Wed Apr 5 08:04:28 2023 UTC (13 months, 4 weeks ago) by claudio
Branch: MAIN
Changes since 1.444: +11 -11 lines
Diff to previous 1.444 (colored)
Rename family with af to follow pfctl/parse.y a bit more. OK tb@
Revision 1.444 / (download) - annotate - [select for diffs], Tue Apr 4 16:01:54 2023 UTC (13 months, 4 weeks ago) by claudio
Branch: MAIN
Changes since 1.443: +23 -23 lines
Diff to previous 1.443 (colored)
Cleanup parse.y a bit. Move global defines a bit down. Move mrtdump and network rules up into the grammar and switch the order of restricted to be more like the rest. OK tb@
Revision 1.443 / (download) - annotate - [select for diffs], Mon Apr 3 10:48:00 2023 UTC (13 months, 4 weeks ago) by claudio
Branch: MAIN
Changes since 1.442: +4 -2 lines
Diff to previous 1.442 (colored)
Add first step of flowspec support. This adds the bits to establish a connection with SAFI 133. Right now any sent UPDATE with SAFI 133 is simply ignored. At the moment SAFI 134 (flowspec for L3VPN) is unsupported. OK tb@
Revision 1.442 / (download) - annotate - [select for diffs], Thu Mar 9 13:12:19 2023 UTC (14 months, 3 weeks ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE,
OPENBSD_7_3
Changes since 1.441: +9 -7 lines
Diff to previous 1.441 (colored)
Major rework of RFC9234 support. My initial interpretation of the RFC was too conservative. Fixes and changes include: - add role output to bgpctl, also adjust the capability output. Note, this changes the JSON output of neighbors a bit. - adjust the config parser to enable the RFC9234 role capability when there is a role set. iBGP and sessions with no role will not announce the role capability. - adjust the role capability announcement to be only on sessions that use either AFI IPv4 or IPv6 and SAFI 1 (AID_INET, AID_INET6). - if there is an OPEN notification indicating that the role capability is bad only disable the capability if it is not enforced. - Adjust capability negotiation, store remote_role on the peer since the neighbors role is no longer needed by the RDE. - inject the OTC attribute on ingress only for AID_INET and AID_INET6. For other AIDs clear the F_ATTR_OTC_LOOP flag. - Adjust the role logic in the RDE and use the peer->role (local role of the system) for all checks. Also remove the check if the role capability was negotiated between peers. - In prefix_eligible() check also if the F_ATTR_OTC_LOOP flag is set. The RFC requires that prefixes must be considered ineligible (and not treat as withdraw as done before) - When generating an UPDATE include the OTC attribute unless the AID is neither AID_INET or AID_INET6. Fixes https://github.com/openbgpd-portable/openbgpd-portable/issues/51 Reported by Pier Carlo Chiodi OK tb@
Revision 1.441 / (download) - annotate - [select for diffs], Mon Jan 30 16:51:34 2023 UTC (16 months ago) by claudio
Branch: MAIN
Changes since 1.440: +3 -3 lines
Diff to previous 1.440 (colored)
Alter the way extended communities are matched when part of the value is auto-expanded or masked off. Try to match against both 2- and 4-byte AS encoding and on insertion check if expansion is actually possible and deny communities where both community values are > USHRT_MAX. OK tb@
Revision 1.440 / (download) - annotate - [select for diffs], Tue Jan 24 14:13:11 2023 UTC (16 months, 1 week ago) by claudio
Branch: MAIN
Changes since 1.439: +29 -4 lines
Diff to previous 1.439 (colored)
Implement filter and control message matching for ASAP. This adds avs (ASPA validation state) which can be 'unknown', 'valid' or 'invalid'. It behaves similar to ovs but the ASPA validation state of paths from iBGP sessions is 'unknown' and the role of the ebgp session is important to get the right validation state. OK tb@
Revision 1.439 / (download) - annotate - [select for diffs], Fri Jan 20 15:41:33 2023 UTC (16 months, 1 week ago) by claudio
Branch: MAIN
Changes since 1.438: +3 -3 lines
Diff to previous 1.438 (colored)
Document the aspa-set table. While there remove the superfluous 'allow' keyword. OK tb@
Revision 1.438 / (download) - annotate - [select for diffs], Wed Jan 4 14:33:30 2023 UTC (16 months, 3 weeks ago) by claudio
Branch: MAIN
Changes since 1.437: +32 -25 lines
Diff to previous 1.437 (colored)
Add a per eBGP session role to the config. This somewhat replaces the RFC 9234 open policy role. This is done because ASPA requires the same role to be present to properly validate paths. For iBGP sessions the role is forced to ROLE_NONE. If no role is set on an ebgp session then 'announce policy' is forced to 'no'. Also make sure the the role capability is only added if the role is set. OK tb@
Revision 1.437 / (download) - annotate - [select for diffs], Fri Nov 18 10:17:23 2022 UTC (18 months, 1 week ago) by claudio
Branch: MAIN
Changes since 1.436: +122 -5 lines
Diff to previous 1.436 (colored)
Add plumbing for ASPA support. This implements the parser and part of the logic in the rtr process. It does not implement the new RTR messages yet but it is possible to specify an aspa-set in the config. Also the validation code in the RDE is missing so this does not do anything. With this in it will be possible to extend rpki-client to publish an aspa-set as part of the openbgpd config file. OK tb@
Revision 1.436 / (download) - annotate - [select for diffs], Wed Sep 21 21:12:04 2022 UTC (20 months, 1 week ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2
Changes since 1.435: +6 -8 lines
Diff to previous 1.435 (colored)
The values for fib_priority are OS dependent. To help portability move the RTP_BGP and similar defines all into kroute.c and export them via kr_default_prio() and kr_check_prio(). OK tb@
Revision 1.435 / (download) - annotate - [select for diffs], Wed Aug 17 15:15:26 2022 UTC (21 months, 2 weeks ago) by claudio
Branch: MAIN
Changes since 1.434: +11 -11 lines
Diff to previous 1.434 (colored)
Convert bzero() to memset(), bcmp() to memcmp() and bcopy() to memcpy(). The memory regions passed to memcpy() can not overlap so no need for memmove(). OK tb@ deraadt@
Revision 1.434 / (download) - annotate - [select for diffs], Thu Jul 28 13:11:49 2022 UTC (22 months ago) by deraadt
Branch: MAIN
Changes since 1.433: +6 -6 lines
Diff to previous 1.433 (colored)
whitespace found during a read-thru; ok claudio
Revision 1.433 / (download) - annotate - [select for diffs], Thu Jul 21 12:34:19 2022 UTC (22 months, 1 week ago) by claudio
Branch: MAIN
Changes since 1.432: +1 -9 lines
Diff to previous 1.432 (colored)
Relax the config of add-path send and rde evaluate all add-path send is kind of like rde evaluate all (at least if plus is used) and so it kind of implies 'rde evaluate all' in that case. Removing the check in neighbor_consistent() allows to setup sessions so that 'either or' are used. This makes sense since peers may opt out of add-path by disabling the capability on their side. Based on report from Pier Carlo Chiodi OK tb@ cvs: ----------------------------------------------------------------------
Revision 1.432 / (download) - annotate - [select for diffs], Mon Jul 11 17:08:21 2022 UTC (22 months, 3 weeks ago) by claudio
Branch: MAIN
Changes since 1.431: +82 -5 lines
Diff to previous 1.431 (colored)
Implement send side of RFC7911 ADD-PATH
This allows to send out more then one path per perfix to a neighbor that
supports add-path receive. OpenBGPD supports a few different modes to
select which paths to send:
- all: send all valid paths (the ones with a * in bgpctl output)
- best: send out only the single best path
- ecmp: send out paths that evaluate the same up and including
the nexthop metric
- as-wide-best: send out paths that evaluete the same up but not including
the nexthop metric
Currently ecmp and as-wide-best are the same. On top of this best, ecmp
and as-wide-best allow to include extra paths (e.g. best plus 2) and
for the multipath modes there is also a maximum (e.g. ecmp plus 2 max 4)
OK tb@
Revision 1.431 / (download) - annotate - [select for diffs], Mon Jun 27 13:26:51 2022 UTC (23 months ago) by claudio
Branch: MAIN
Changes since 1.430: +35 -3 lines
Diff to previous 1.430 (colored)
Add support for RFC 9234 - Route Leak Prevention and Detection Using Roles With this it is possible to send a role in the OPEN message and if that was successful the RDE will add the new OTC attribute if necessary. OK tb@
Revision 1.430 / (download) - annotate - [select for diffs], Wed Jun 15 14:09:30 2022 UTC (23 months, 2 weeks ago) by claudio
Branch: MAIN
Changes since 1.429: +7 -7 lines
Diff to previous 1.429 (colored)
Do not use defines from pfkeyv2.h in portable code. Instead define our own algorithm enums for the IPsec code. OK tb@ sthen@
Revision 1.429 / (download) - annotate - [select for diffs], Thu Jun 9 17:33:47 2022 UTC (23 months, 3 weeks ago) by claudio
Branch: MAIN
Changes since 1.428: +4 -2 lines
Diff to previous 1.428 (colored)
Properly error out if a variable does not exist. Need to pass back ERROR to yylex() to make the parser fail nicely. OK tb@
Revision 1.428 / (download) - annotate - [select for diffs], Thu Jun 2 11:12:47 2022 UTC (2 years ago) by claudio
Branch: MAIN
Changes since 1.427: +5 -5 lines
Diff to previous 1.427 (colored)
Adjust lowest allowed routing priority to be bigger than RTP_LOCAL. RTP_LOCAL is internally used by the kernel and is not available for userland. The minimal usable routing prio is 2. OK tb@
Revision 1.427 / (download) - annotate - [select for diffs], Thu Jun 2 11:05:15 2022 UTC (2 years ago) by claudio
Branch: MAIN
Changes since 1.426: +6 -5 lines
Diff to previous 1.426 (colored)
Use a common idiom to check if the user supplied routing priority is in range. Also rephrase the error message. OK tb@
Revision 1.426 / (download) - annotate - [select for diffs], Thu Jun 2 09:29:34 2022 UTC (2 years ago) by claudio
Branch: MAIN
Changes since 1.425: +6 -4 lines
Diff to previous 1.425 (colored)
Cleanup ktable_exists() usage and its warning message. Check the return value in all cases and use a common idiom for this check. OK tb@
Revision 1.425 / (download) - annotate - [select for diffs], Tue May 31 09:45:33 2022 UTC (2 years ago) by claudio
Branch: MAIN
Changes since 1.424: +45 -1 lines
Diff to previous 1.424 (colored)
Implement a max communities filter match When max-communities X is set on a filterrule the filter will match when more than X communities are present in the path. In other words max-communities 0 means no communities are allowed and max-communities 3 limits it up to 3 communities. There is max-communities, max-ext-communities and max-large-communities for each of the 3 community attributes. These three max checks can be used together. OK tb@ job@
Revision 1.424 / (download) - annotate - [select for diffs], Mon May 23 13:40:12 2022 UTC (2 years ago) by deraadt
Branch: MAIN
Changes since 1.423: +2 -2 lines
Diff to previous 1.423 (colored)
whitespaces found when I went checking for something else
Revision 1.423 / (download) - annotate - [select for diffs], Tue Mar 15 11:13:48 2022 UTC (2 years, 2 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.422: +68 -40 lines
Diff to previous 1.422 (colored)
Change how $macros are expanded in the config. Expand $macros not only at the start of a yacc token but also inside STRING elements. STRING elements are used e.g. for community specifications and it makes sense to allow $FOO:$BAR to correctly expand. There is no expansion of macros in quoted strings (both single and double quotes). Factor out the macro expand logic and with this introduce its own lookup buffer for the macro name. For expansion to work inside STRING the char after the makro name must be a character not allowed in macro names (not alpha-numerical or '_'). Add extra checks to set variables. Mainly restrict length of the name and also make sure it does not include not allowed characters. OK tb@
Revision 1.422 / (download) - annotate - [select for diffs], Wed Feb 23 11:20:35 2022 UTC (2 years, 3 months ago) by claudio
Branch: MAIN
Changes since 1.421: +80 -30 lines
Diff to previous 1.421 (colored)
Make it possible to bind and connect to non-default ports. This is mainly for testing. Using alternate ports does not work for session using ipsec. OK tb@ deraadt@
Revision 1.421 / (download) - annotate - [select for diffs], Tue Feb 22 17:24:12 2022 UTC (2 years, 3 months ago) by claudio
Branch: MAIN
Changes since 1.420: +32 -32 lines
Diff to previous 1.420 (colored)
Convert parse.y to use stdint.h types uintX_t instead of u_intX_t OK tb@
Revision 1.420 / (download) - annotate - [select for diffs], Fri Oct 15 15:01:27 2021 UTC (2 years, 7 months ago) by naddy
Branch: MAIN
Changes since 1.419: +6 -6 lines
Diff to previous 1.419 (colored)
Don't declare variables as "unsigned char *" that are passed to functions that take "char *" arguments. Where such chars are assigned to int or passed to ctype functions, explicitly cast them to unsigned char. For OpenBSD's clang, -Wpointer-sign has been disabled by default, but when the parse.y code was built elsewhere, the compiler would complain. With help from millert@ ok benno@ deraadt@
Revision 1.419 / (download) - annotate - [select for diffs], Wed Sep 1 12:39:52 2021 UTC (2 years, 9 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0
Changes since 1.418: +32 -10 lines
Diff to previous 1.418 (colored)
Implement roa-set data expiry. Every prefix in a roa-set can specify an optional expires timestamp. The rtr process is walking the roa-set every 5min and removes every prefix that is expired. With this stale RPKI data will slowly disapear and not linger around. OK job@
Revision 1.418 / (download) - annotate - [select for diffs], Mon Aug 9 08:15:34 2021 UTC (2 years, 9 months ago) by claudio
Branch: MAIN
Changes since 1.417: +16 -2 lines
Diff to previous 1.417 (colored)
Implement reception of multiple paths per BGP session. This is one side of RFC7911 and the send portion will follow. The path-id is extracted from the NLRI encoding an put into struct prefix. To do this the prefix_by_peer() function gets a path-id argument. If a session is not path-id enabled this argument will be always 0. If a session is path-id enabled the value is taken from the NLRI and can be anything, including 0. The value has no meaning in itself. Still to make sure the decision process is able to break a tie the path-id is checked as the last step (this is not part of the RFC but required). OK benno@
Revision 1.417 / (download) - annotate - [select for diffs], Thu Jun 17 16:05:26 2021 UTC (2 years, 11 months ago) by claudio
Branch: MAIN
Changes since 1.416: +6 -2 lines
Diff to previous 1.416 (colored)
Implement RFC 7313 enhanced route refresh. It is off by default and can be enabled with 'announce enhanced refresh yes' Similar to graceful restart this allows to mark routes as stale, refresh them and the flush out routes that are still stale. Enhanced route refresh uses a begin of rr and a end of rr message to signal the various stages. A future enhancement would be the addition of a timeout in case the EoRR message is not sent in reasonable time. OK denis@ job@
Revision 1.416 / (download) - annotate - [select for diffs], Thu May 20 10:06:20 2021 UTC (3 years ago) by claudio
Branch: MAIN
Changes since 1.415: +3 -2 lines
Diff to previous 1.415 (colored)
Properly initalize the MRT config so that mrt_reconfigure() is doing the
right thing. This also fixes the bgpd -nv output for 'dump X {in,out}'
statements for peers.
Debugged with and tested by Paul de Weerd
Revision 1.415 / (download) - annotate - [select for diffs], Thu Apr 15 13:42:33 2021 UTC (3 years, 1 month ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE,
OPENBSD_6_9
Changes since 1.414: +31 -8 lines
Diff to previous 1.414 (colored)
On powerpc64 regress/usr.sbin/bgpd/config failed. It parses a config file, writes bgpd's config to stdout and compares it with an expected output. On big endian machines the order of the set of communities is different. The parser used memcmp(3) to sort a struct of integers. This depends of the endianess. The correct way is to compare the integer fields in native byte order. With this change, the resulting order is the same on i386 and powerpc64. OK claudio@
Revision 1.414 / (download) - annotate - [select for diffs], Tue Mar 2 09:45:07 2021 UTC (3 years, 3 months ago) by claudio
Branch: MAIN
Changes since 1.413: +29 -3 lines
Diff to previous 1.413 (colored)
Introduce 'rde evaluate all' a mode to work around path hiding in IXP route-server environments. By default only the best path is sent to peers and if that path is filtered then the path is hidden for that peer. On route-servers this is sometimes not desried. For this 'rde evaluate all' will cause the evaluation process to fall back to alternate routes and will redistribute the first non-filtered path to the peer. This is very similar to per-peer RIBs but accomplishes the same effect without the massive increase in memory usage. Compared to the default mode this requires more CPU resources but it is probably less than what per-peer RIBs would require. 'rde evaluate all' can be set and reset globally, on groups and on idividual neighbors. It is not limited to route-server configs but route loops are possible if not properly used. OK benno@
Revision 1.413 / (download) - annotate - [select for diffs], Tue Feb 16 08:29:16 2021 UTC (3 years, 3 months ago) by claudio
Branch: MAIN
Changes since 1.412: +118 -3 lines
Diff to previous 1.412 (colored)
Add RTR support to OpenBGPD. Add basic support for the protocol. The RTR client runs in a new process where the protocol handling is done and when new data is available all sources are merged into one ROA set which is then loaded into the RDE. The roa-set from the config is also handled by the new RTR engine. Tested by and ok job@
Revision 1.412 / (download) - annotate - [select for diffs], Mon Jan 25 09:15:23 2021 UTC (3 years, 4 months ago) by claudio
Branch: MAIN
Changes since 1.411: +15 -1 lines
Diff to previous 1.411 (colored)
RFC6472 discourages the use of AS_SET segements in ASPATH attributes.
The main reason is that AS_SET does not play nice with RPKI ROA.
Introduce a per neighbor and global config option
'reject as-set yes' and 'reject as-set no'
If set to yes received UPDATES with AS_SET segements are rejected.
This is done the same way other ASPATH soft-errors are handled. The UPDATE
is marked invalid and all prefixes are treated as withdraws.
`bgpctl show rib in error` can be used to show prefixes that where denied
and treated as withdraws because of errors.
By default this feature is off.
OK benno@
Revision 1.411 / (download) - annotate - [select for diffs], Tue Dec 29 15:30:34 2020 UTC (3 years, 5 months ago) by claudio
Branch: MAIN
Changes since 1.410: +32 -33 lines
Diff to previous 1.410 (colored)
In preparation for RTR support change the representation of the roa-set in the parent to a simple RB tree based on struct roa. With this overlapping ROAs (same prefix & source-as but different maxlen) are now merged in the RDE when the lookup trie is constructed. OK benno@
Revision 1.406.4.1 / (download) - annotate - [select for diffs], Tue Oct 27 20:38:25 2020 UTC (3 years, 7 months ago) by bluhm
Branch: OPENBSD_6_7
Changes since 1.406: +3 -1 lines
Diff to previous 1.406 (colored) next main 1.407 (colored)
Fix a memory leak when parsing roa-set lists. If the prefixset_item is already in the RB tree free the item we tried to add since the item form the RB tree is used. Memory leak found and fix provided by Felix Maurer ( felix at felix-maurer.de) from claudio@ this is errata/6.7/025_bgpd.patch.sig
Revision 1.408.4.1 / (download) - annotate - [select for diffs], Tue Oct 27 20:38:00 2020 UTC (3 years, 7 months ago) by bluhm
Branch: OPENBSD_6_8
Changes since 1.408: +3 -1 lines
Diff to previous 1.408 (colored) next main 1.409 (colored)
Fix a memory leak when parsing roa-set lists. If the prefixset_item is already in the RB tree free the item we tried to add since the item form the RB tree is used. Memory leak found and fix provided by Felix Maurer ( felix at felix-maurer.de) from claudio@ this is errata/6.8/001_bgpd.patch.sig
Revision 1.410 / (download) - annotate - [select for diffs], Tue Oct 27 19:13:34 2020 UTC (3 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.409: +25 -3 lines
Diff to previous 1.409 (colored)
Do not allow configuration of the same neighbor multiple times. For this the parser needs to check if the remote address is already in the RB tree. Additionally fixup get_id to also compare the remote_masklen and fix some memory leaks on parser failures. Fixes a bgpd fatal on reload reported by Pascal Mathis. OK benno@
Revision 1.409 / (download) - annotate - [select for diffs], Mon Oct 26 08:31:01 2020 UTC (3 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.408: +3 -1 lines
Diff to previous 1.408 (colored)
Fix a memory leak when parsing roa-set lists. If the prefixset_item is already in the RB tree free the item we tried to add since the item form the RB tree is used. Memory leak found and fix provided by Felix Maurer ( felix at felix-maurer.de)
Revision 1.408 / (download) - annotate - [select for diffs], Sun May 10 13:38:46 2020 UTC (4 years ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE
Branch point for: OPENBSD_6_8
Changes since 1.407: +4 -4 lines
Diff to previous 1.407 (colored)
In bgpctl argument parser, re-arrange 'reason' parsing ('nei action [reason]')
to be more generic, then change 'reload' to take take a '[reason]' also,
which will be logged by bgpd.
ok kn claudio
Revision 1.407 / (download) - annotate - [select for diffs], Fri May 8 07:44:17 2020 UTC (4 years ago) by claudio
Branch: MAIN
Changes since 1.406: +3 -3 lines
Diff to previous 1.406 (colored)
Do not use string litterals in the grammar ("{") it is not POSIX compliant
and also not needed. This just needs a char lookup ('{') like it is done
in all the other rules with '{'. With this parse.y can be compiled with
bison.
OK otto@ benno@
Revision 1.406 / (download) - annotate - [select for diffs], Thu Apr 23 16:13:11 2020 UTC (4 years, 1 month ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_6_7_BASE
Branch point for: OPENBSD_6_7
Changes since 1.405: +34 -9 lines
Diff to previous 1.405 (colored)
Store local-address by address family. This allows to configure both an IPv4 and IPv6 local-address on a group and the neighbors bind to the right local-address. Also implement 'no local-address' to reset a previously set local address back to zero. This should help with IBGP and multihop session config and hopefully reduce repetition in bgpd configs. OK sthen@ benno@
Revision 1.405 / (download) - annotate - [select for diffs], Mon Mar 16 14:47:30 2020 UTC (4 years, 2 months ago) by claudio
Branch: MAIN
Changes since 1.404: +15 -6 lines
Diff to previous 1.404 (colored)
The assumption that in roa tables a prefix / source-as combo only appears once in the input file is not correct. I thought the RPKI validators would aggreagte these entries but that is not necessarily the case. There are cases where prefixes show up with the same source-as multiple times with different maxlen lenght. In those cases merge these multiple entries and keep the one entry with the longest maxlen length since that is the VRP which covers all others. Found by job@ OK benno@
Revision 1.404 / (download) - annotate - [select for diffs], Fri Feb 14 13:54:31 2020 UTC (4 years, 3 months ago) by claudio
Branch: MAIN
Changes since 1.403: +2 -3 lines
Diff to previous 1.403 (colored)
Rename copy_filterset() to filterset_copy() and move it to rde_filter.c where functions like filterset_move() live. Also initialize the dest TAILQ in filterset_copy() as it is done in filterset_move(). OK benno@ phessler@
Revision 1.403 / (download) - annotate - [select for diffs], Fri Jan 24 05:44:05 2020 UTC (4 years, 4 months ago) by claudio
Branch: MAIN
Changes since 1.402: +9 -1 lines
Diff to previous 1.402 (colored)
Implement 'max-prefix NUM out' to limit the number of announced prefixes. This is an easy safety switch to not leak full tables to upstreams and peers. If the limit is hit a Cease notification is sent and the session is closed. This implements most of https://tools.ietf.org/html/draft-sa-idr-maxprefix-00 OK job@
Revision 1.402 / (download) - annotate - [select for diffs], Fri Sep 27 10:26:32 2019 UTC (4 years, 8 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6
Changes since 1.401: +5 -1 lines
Diff to previous 1.401 (colored)
Move the code to initialize the cluster-id from merge_config() to parse_config(). The first is not called on startup which results in bgpd using 0.0.0.0 as cluster-id. Found and fix provided by Rivo Nurges (Rivo dot Nurges at smit dot ee) Thanks and OK claudio@
Revision 1.401 / (download) - annotate - [select for diffs], Tue Aug 13 07:39:57 2019 UTC (4 years, 9 months ago) by claudio
Branch: MAIN
Changes since 1.400: +2 -1 lines
Diff to previous 1.400 (colored)
When allocating a new peer set the reconf_action to RECONF_REINIT. Also in merge_config() it is no longer needed to reset the reconf_action of the new peers to RECONF_REINIT. merge_config() is not called on startup and so some of the initialisation of new peers did not happen correctly. This fixes the md5 integration test since the md5 initialisation did not happen early enough.
Revision 1.400 / (download) - annotate - [select for diffs], Thu Aug 8 11:30:46 2019 UTC (4 years, 9 months ago) by claudio
Branch: MAIN
Changes since 1.399: +2 -1 lines
Diff to previous 1.399 (colored)
Set the reconf state of listening addrs to RECONF_REINIT. This is what the session engine expects and will allow to send out the config without calling merge_config first. OK sthen@
Revision 1.399 / (download) - annotate - [select for diffs], Wed Aug 7 10:26:41 2019 UTC (4 years, 9 months ago) by claudio
Branch: MAIN
Changes since 1.398: +2 -9 lines
Diff to previous 1.398 (colored)
Improve RIB reload behaviour. Especially when the rtable changes or the route evaluation is modified. In both cases the softreconfig code will now walk the RIB and ensure that everything is in proper sync. Additionally remove 'route-collector yes|no' from the bgpd config, instead use 'rde rib Loc-RIB no evaluate' with the benefit that you can alter the setting now during runtime. Tested and OK benno@
Revision 1.398 / (download) - annotate - [select for diffs], Wed Aug 7 06:53:48 2019 UTC (4 years, 9 months ago) by claudio
Branch: MAIN
Changes since 1.397: +2 -2 lines
Diff to previous 1.397 (colored)
Only templates can have a remote-as of 0 (as in uninitalised, trust the AS from the OPEN message) any other use of AS 0 is forbidden. This makes templates work again without any extra unwanted config. OK benno@
Revision 1.397 / (download) - annotate - [select for diffs], Mon Aug 5 08:46:55 2019 UTC (4 years, 9 months ago) by claudio
Branch: MAIN
Changes since 1.396: +4 -4 lines
Diff to previous 1.396 (colored)
Cleanup config reload in the RDE. Use the bgpd_conf struct to store sets and l3vpns instead of temporary globals. Also rework rde_reload_done to free filters and sets earlier. The soft-reconfiguration process no longer needs the previous filters / sets to do its work since there is a full Adj-RIB-Out. OK benno@
Revision 1.396 / (download) - annotate - [select for diffs], Wed Jul 24 20:25:27 2019 UTC (4 years, 10 months ago) by benno
Branch: MAIN
Changes since 1.395: +1 -2 lines
Diff to previous 1.395 (colored)
mrt.h only needs to be included by mrt.c ok claudio@
Revision 1.395 / (download) - annotate - [select for diffs], Wed Jul 24 09:00:03 2019 UTC (4 years, 10 months ago) by claudio
Branch: MAIN
Changes since 1.394: +84 -80 lines
Diff to previous 1.394 (colored)
Refactor the way RIBs are parsed a bit. No functional change but should make it easier to extend the rib definitions later on. OK benno@
Revision 1.394 / (download) - annotate - [select for diffs], Tue Jul 23 06:26:44 2019 UTC (4 years, 10 months ago) by claudio
Branch: MAIN
Changes since 1.393: +2 -2 lines
Diff to previous 1.393 (colored)
Clean up RIB related kroute code. Introduce a way to flush a FIB table from the RDE. Make sure that all nexthops don't get removed in the FIB when a FIB table is removed. This should only happen for the main FIB. Remove F_RIB_HASNOFIB which is just confusing since there is already F_RIB_NOFIB and F_RIB_NOFIBSYNC. OK benno@
Revision 1.393 / (download) - annotate - [select for diffs], Wed Jul 17 10:13:26 2019 UTC (4 years, 10 months ago) by claudio
Branch: MAIN
Changes since 1.392: +1 -3 lines
Diff to previous 1.392 (colored)
Change the Adj-RIB-Out to a per peer set of RB trees. The way RIB data structures are linked does not scale for the Adj-RIB-Out and so inserts and updates into the Adj-RIB-Out did not scale because of some linear list traversals in hot paths. A synthetic test with 4000 peers announcing one prefix each showed that the initial convergence time dropped from around 1 hout to around 6min. Note: because the Adj-RIB-Out is now per peer the order in which prefixes are dumped in 'bgpctl show rib out' changed. Tested and OK job@, benno@, phessler@
Revision 1.392 / (download) - annotate - [select for diffs], Sat Jun 22 05:36:40 2019 UTC (4 years, 11 months ago) by claudio
Branch: MAIN
Changes since 1.391: +3 -3 lines
Diff to previous 1.391 (colored)
Adjust peer id allocation a bit. Use defines for the various special values and intervals. Mostly the same with the exception that peerself is now id 1 and the first peer has id 2 -- was 0 and 1 before. OK kn@, benno@
Revision 1.391 / (download) - annotate - [select for diffs], Mon Jun 17 13:35:42 2019 UTC (4 years, 11 months ago) by claudio
Branch: MAIN
Changes since 1.390: +14 -14 lines
Diff to previous 1.390 (colored)
Cleanup, remove some unneded spaces add some other where needed. No binary change according to clang
Revision 1.390 / (download) - annotate - [select for diffs], Mon Jun 17 11:02:19 2019 UTC (4 years, 11 months ago) by claudio
Branch: MAIN
Changes since 1.389: +65 -73 lines
Diff to previous 1.389 (colored)
Completley rewrite the community matching and handling code. All community attributes are put into a new data structure when parsing the UPDATE. The filter code can quickly lookup and modify this data structure. When creating an UPDATE the data is put back into wire format. Setups using a lot of communities benefit a lot from this. Input and OK benno@
Revision 1.386.2.1 / (download) - annotate - [select for diffs], Fri Jun 7 15:03:17 2019 UTC (4 years, 11 months ago) by sthen
Branch: OPENBSD_6_5
Changes since 1.386: +3 -2 lines
Diff to previous 1.386 (colored) next main 1.387 (colored)
MFC bgpd fix - rev 1.389 (commitid: sS30LBpY2rPoMUFf) Also check the type of a network statement when looking for duplicates. Fixes adding network 0.0.0.0/0 after network inet static.
Revision 1.389 / (download) - annotate - [select for diffs], Fri May 31 08:22:25 2019 UTC (5 years ago) by claudio
Branch: MAIN
Changes since 1.388: +3 -2 lines
Diff to previous 1.388 (colored)
Also check the type of a network statement when looking for duplicates. Fixes adding network 0.0.0.0/0 after network inet static. OK phessler@ benno@
Revision 1.388 / (download) - annotate - [select for diffs], Mon May 27 09:14:32 2019 UTC (5 years ago) by claudio
Branch: MAIN
Changes since 1.387: +7 -6 lines
Diff to previous 1.387 (colored)
Switch the peer TAILQ to a RB tree indexed by the peer id. This way getpeerbyid() gets a lot quicker at finding the peer when many peers are configured. In my test case the difference is around 20% runtime. OK denis@
Revision 1.387 / (download) - annotate - [select for diffs], Fri May 3 15:08:47 2019 UTC (5 years, 1 month ago) by claudio
Branch: MAIN
Changes since 1.386: +6 -1 lines
Diff to previous 1.386 (colored)
Make sure that the as-set name is not too long when parsing the config file. Fixes an assertion caught in new_as_set() parsing some arouteserver config.
Revision 1.386 / (download) - annotate - [select for diffs], Wed Apr 10 15:21:54 2019 UTC (5 years, 1 month ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_6_5_BASE
Branch point for: OPENBSD_6_5
Changes since 1.385: +2 -1 lines
Diff to previous 1.385 (colored)
Include endian.h since htobe* or be*toh is used. Helps with protable. OK deraadt@
Revision 1.385 / (download) - annotate - [select for diffs], Sun Mar 31 16:57:38 2019 UTC (5 years, 2 months ago) by claudio
Branch: MAIN
Changes since 1.384: +51 -54 lines
Diff to previous 1.384 (colored)
Move the struct peer into bgpd_config and switch it to a TAILQ instead of the hand-rolled list. This changes the way peers are reloaded since now both parent and session engine are now merging the lists. OK denis@
Revision 1.384 / (download) - annotate - [select for diffs], Fri Mar 15 09:54:54 2019 UTC (5 years, 2 months ago) by claudio
Branch: MAIN
Changes since 1.383: +3 -2 lines
Diff to previous 1.383 (colored)
Set all default values in init_config in parse.y and remove the special ones in session.c. Adjust printconfig a bit to only show non default values and move mrt_mergeconfig into merge_conifg where it kind of belongs. OK benno@
Revision 1.383 / (download) - annotate - [select for diffs], Sat Mar 9 10:05:58 2019 UTC (5 years, 2 months ago) by claudio
Branch: MAIN
Changes since 1.382: +3 -2 lines
Diff to previous 1.382 (colored)
Unbreak 'announce inet none' which was actually clearing way too much. 'announce inet none' should only clear AFI/SAFI pairs where the AFI is inet. OK benno@
Revision 1.382 / (download) - annotate - [select for diffs], Thu Mar 7 07:42:36 2019 UTC (5 years, 2 months ago) by claudio
Branch: MAIN
Changes since 1.381: +32 -9 lines
Diff to previous 1.381 (colored)
Do a better job at cleaning up the config on shutdown. Remove bits that were missed before (e.g. network related objects). This helps to detect memory leaks. Start using new_config() and free_config() in all places where bgpd_config structure are used. This way the struct is properly initialised and cleaned up. Introduce copy_config() to only copy the values into the other struct leaving the pointers as they were. Looks good to benno@
Revision 1.381 / (download) - annotate - [select for diffs], Wed Feb 27 04:16:02 2019 UTC (5 years, 3 months ago) by claudio
Branch: MAIN
Changes since 1.380: +7 -45 lines
Diff to previous 1.380 (colored)
Fix export none. none became a keyword some time ago and so this broke. Switch also default-route to a keyword and remove the old 6.3/6.4 announce compat code. Reported by florian@ OK benno@
Revision 1.380 / (download) - annotate - [select for diffs], Tue Feb 26 10:49:15 2019 UTC (5 years, 3 months ago) by claudio
Branch: MAIN
Changes since 1.379: +54 -23 lines
Diff to previous 1.379 (colored)
Add support for '*', local-as and neighbor-as for ext-community matching
and setting. This allows rules like:
ext-community * * # delete any ext-community
ext-community ovs * # delete any ext-community of specified type
ext-community rt 1.2.3.4:*
and
ext-community rt 65001:local-as
ext-community rt local-as:11111
Note: Sometimes the type of the ext-community is underspecified when using
wildchars or expands. So 'ext-community rt *' or 'ext-community soo *' will
match for any of the 3 possible types (2-byte AS, 4-byte AS and IP address).
If local-as/neighbor-as is used as an expand of as-number like
ext-community rt local-as:11111
then bgpd will default to the 4-byte AS type to encode the community.
OK benno@
Revision 1.379 / (download) - annotate - [select for diffs], Mon Feb 18 16:31:46 2019 UTC (5 years, 3 months ago) by claudio
Branch: MAIN
Changes since 1.378: +2 -1 lines
Diff to previous 1.378 (colored)
Add stdlib.h since bsearch and strtoul need it.
Revision 1.378 / (download) - annotate - [select for diffs], Mon Feb 18 15:16:02 2019 UTC (5 years, 3 months ago) by claudio
Branch: MAIN
Changes since 1.377: +2 -2 lines
Diff to previous 1.377 (colored)
Initialize type and subtype because modern gcc complains about it.
Revision 1.377 / (download) - annotate - [select for diffs], Mon Feb 18 12:43:23 2019 UTC (5 years, 3 months ago) by claudio
Branch: MAIN
Changes since 1.376: +1 -2 lines
Diff to previous 1.376 (colored)
Drop netmpls/mpls.h include, not needed here.
Revision 1.376 / (download) - annotate - [select for diffs], Mon Feb 18 12:35:08 2019 UTC (5 years, 3 months ago) by claudio
Branch: MAIN
Changes since 1.375: +4 -4 lines
Diff to previous 1.375 (colored)
Use (unsigned) long long instead of (u_)int64_t since that drops the need to do casts for printf.
Revision 1.375 / (download) - annotate - [select for diffs], Mon Feb 18 09:43:57 2019 UTC (5 years, 3 months ago) by claudio
Branch: MAIN
Changes since 1.374: +4 -2 lines
Diff to previous 1.374 (colored)
Do not depend on the length field of struct sockaddr instead pass the length to the various functions needing it. Helps portability. OK benno@
Revision 1.374 / (download) - annotate - [select for diffs], Fri Feb 15 10:10:53 2019 UTC (5 years, 3 months ago) by claudio
Branch: MAIN
Changes since 1.373: +2 -2 lines
Diff to previous 1.373 (colored)
Remove stray ',' at end of a yacc rule. Noticed by bison.
Revision 1.373 / (download) - annotate - [select for diffs], Fri Feb 15 09:55:21 2019 UTC (5 years, 3 months ago) by claudio
Branch: MAIN
Changes since 1.372: +2 -2 lines
Diff to previous 1.372 (colored)
Use the posix version of betoh64() which is spelled be64toh() this is more portable.
Revision 1.372 / (download) - annotate - [select for diffs], Wed Feb 13 22:57:08 2019 UTC (5 years, 3 months ago) by deraadt
Branch: MAIN
Changes since 1.371: +3 -3 lines
Diff to previous 1.371 (colored)
(unsigned) means (unsigned int) which on ptrdiff_t or size_t or other larger types really is a range reduction... Almost any cast to (unsigned) is a bug. ok millert tb benno
Revision 1.371 / (download) - annotate - [select for diffs], Tue Feb 12 09:02:41 2019 UTC (5 years, 3 months ago) by claudio
Branch: MAIN
Changes since 1.370: +3 -2 lines
Diff to previous 1.370 (colored)
Move the yyerror in case get_mpe_config fails. If bgpd -n is used just ignore the error and move on. This helps regress tests.
Revision 1.370 / (download) - annotate - [select for diffs], Mon Feb 11 15:44:25 2019 UTC (5 years, 3 months ago) by claudio
Branch: MAIN
Changes since 1.369: +73 -85 lines
Diff to previous 1.369 (colored)
The definition of VPNs in bgpd was never super elegant. The 'depend on
mpeX' config was a bit redundant. Also to make it more flexible (e.g. having
more than one mpeX interface per rdomain the syntax was changed.
To make this possible especially the network distribution logic had to be
adjusted and cleaned up. This should in general make network statements
well defined and conflicts between 'network A.B.C.D/N' and e.g. 'network static'
are handled in a well defined way ('network A.B.C.D/N' has preference).
With and OK dlg@, OK denis@
Revision 1.369 / (download) - annotate - [select for diffs], Mon Feb 4 18:53:10 2019 UTC (5 years, 3 months ago) by claudio
Branch: MAIN
Changes since 1.368: +23 -2 lines
Diff to previous 1.368 (colored)
Implement as-override, a feature where the neighbor AS is replaced by the
local AS in AS paths. This is sometimes needed in bigger transport networks
where private AS numbers are used in multiple locations.
The implementation is done using a filterset which modifies the AS path -
somewhat inspired by the set attribute code. Setting as-override yes will add
match from <neighbor> set { as-override }
to the start of the filter rules. Since this is filters the Adj-RIB-In still
holds the original path and so reloads changing the setting just work.
With and OK markus@
Revision 1.368 / (download) - annotate - [select for diffs], Sun Dec 30 13:53:07 2018 UTC (5 years, 5 months ago) by denis
Branch: MAIN
Changes since 1.367: +2 -1 lines
Diff to previous 1.367 (colored)
add support for IPv6 VPN routes The kernel bits are missing as of now. With input from claudio@ and kn@ OK claudio@
Revision 1.367 / (download) - annotate - [select for diffs], Fri Dec 28 14:28:52 2018 UTC (5 years, 5 months ago) by denis
Branch: MAIN
Changes since 1.366: +4 -13 lines
Diff to previous 1.366 (colored)
set conf.capabilities.mp to 0 by default OK claudio@
Revision 1.366 / (download) - annotate - [select for diffs], Wed Dec 19 15:26:42 2018 UTC (5 years, 5 months ago) by claudio
Branch: MAIN
Changes since 1.365: +95 -88 lines
Diff to previous 1.365 (colored)
Fold ext-communities into filter_community so that bgpd can match multiple ext-communities at the same time as well. Additionally this fixes parsing some of the ext-community types. Now all communities are handled by one common struct. OK benno@ plus some input from denis@
Revision 1.365 / (download) - annotate - [select for diffs], Thu Dec 6 12:38:01 2018 UTC (5 years, 5 months ago) by claudio
Branch: MAIN
Changes since 1.364: +127 -44 lines
Diff to previous 1.364 (colored)
Implement a simple ruleset optimizer. All it does is merge filter rules that only differ in the filter sets. Since this is still rather common it is able to reduce the number of rules by 5% on an autogenerated config. OK job@
Revision 1.364 / (download) - annotate - [select for diffs], Wed Nov 28 08:32:27 2018 UTC (5 years, 6 months ago) by claudio
Branch: MAIN
Changes since 1.363: +100 -141 lines
Diff to previous 1.363 (colored)
Start reworking community handling. Merge standard communities and large communities into one filter_community struct and allow it that more then one community can be used in filter rules (currently up to 3). Also rework the code handling bgpctl show rib commands. The special IMSG types for the various filters are gone and the code is in general simpler. OK job@, phessler@
Revision 1.363 / (download) - annotate - [select for diffs], Sun Nov 18 09:36:23 2018 UTC (5 years, 6 months ago) by claudio
Branch: MAIN
Changes since 1.362: +2 -2 lines
Diff to previous 1.362 (colored)
Use correct name when printing the error message that a network prefix-set is not found. Fixes crash reported by Tom Smyth.
Revision 1.362 / (download) - annotate - [select for diffs], Thu Nov 1 00:18:44 2018 UTC (5 years, 7 months ago) by sashan
Branch: MAIN
Changes since 1.361: +3 -2 lines
Diff to previous 1.361 (colored)
- odd condition/test in PF lexer
(and other lexers too)
This commit rectifies earlier change:
in the lex... even inside quotes, a \ followed by space or tab should
expand to space or tab, and a \ followed by newline should be ignored
(as a line continuation). compatible with the needs of hoststated
(which has the most strict quoted string requirements), and ifstated
(where one commonly does line continuations in strings).
OK deraadt@, OK millert@
Revision 1.361 / (download) - annotate - [select for diffs], Sat Sep 29 08:11:11 2018 UTC (5 years, 8 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_6_4_BASE,
OPENBSD_6_4
Changes since 1.360: +112 -24 lines
Diff to previous 1.360 (colored)
Implement origin validation in bgpd. This introduces two new tables, the
roa-set for RPKI based origin validation and a origin-set which allows to
lookup a source-as / prefix pair.
For RPKI a config can be built like this:
roa-set {
165.254.255.0/24 source-as 15562
193.0.0.0/21 maxlen 24 source-as 3333
}
deny from any ovs invalid
match from any ovs valid set community local-as:42
match from any ovs not-found set community local-as:43
Origin sets are similar but only match when the source-as / prefix pair is
valid.
match from any origin-set ARINDB set community local-as:44
Committing this now so that further work can be done in tree.
OK benno@, job@
Revision 1.360 / (download) - annotate - [select for diffs], Thu Sep 27 13:48:00 2018 UTC (5 years, 8 months ago) by benno
Branch: MAIN
Changes since 1.359: +11 -5 lines
Diff to previous 1.359 (colored)
unbreak "inet" and "inet6" aliases in filters after rev. 1.333 ok claudio@
Revision 1.359 / (download) - annotate - [select for diffs], Fri Sep 21 08:17:15 2018 UTC (5 years, 8 months ago) by claudio
Branch: MAIN
Changes since 1.358: +5 -5 lines
Diff to previous 1.358 (colored)
Both AS 23456 and AS 0 are reserved and can nor be used. Extend check for AS 0 and adjust yyerror message to print the right number. With input and OK denis@
Revision 1.358 / (download) - annotate - [select for diffs], Fri Sep 21 08:15:33 2018 UTC (5 years, 8 months ago) by claudio
Branch: MAIN
Changes since 1.357: +4 -4 lines
Diff to previous 1.357 (colored)
better yyerror messages. "syntax error" is generally not very helpful. OK denis@
Revision 1.357 / (download) - annotate - [select for diffs], Fri Sep 21 05:13:35 2018 UTC (5 years, 8 months ago) by claudio
Branch: MAIN
Changes since 1.356: +7 -4 lines
Diff to previous 1.356 (colored)
Move setting of the PREFIXSET_FLAG_OPS higher up since prefixset_item rule is now also used by roa-set. Also set the prefix operation for roa-set items to OP_NONE since that what it actually needs to be.
Revision 1.356 / (download) - annotate - [select for diffs], Fri Sep 21 04:55:27 2018 UTC (5 years, 8 months ago) by claudio
Branch: MAIN
Changes since 1.355: +94 -18 lines
Diff to previous 1.355 (colored)
Implement code to parse, print and reload roa-set tables.
This is sharing a lot of code with prefixset which makes all a bit easier.
A roa-set is defined like this:
roa-set "test2" {
1.2.3.0/24 source-as 1,
1.2.8.0/22 maxlen 24 source-as 3
}
No support for acting on this data yet.
Put it in deraadt@, OK benno@, input and OK denis@
Revision 1.355 / (download) - annotate - [select for diffs], Thu Sep 20 11:45:59 2018 UTC (5 years, 8 months ago) by claudio
Branch: MAIN
Changes since 1.354: +7 -8 lines
Diff to previous 1.354 (colored)
Split up as_set into a set_table and an as_set. The first is what does the lookup and will now also be used in roa-set tries. The as_set is glue to add the name and dirty flag. Add an accessor to get the set data so that the imsg sending and printing can be moved into the right places. This is done mainly because roa-sets need similar but slightly different versions and making the code more generic is the best way fixing this. OK benno@
Revision 1.354 / (download) - annotate - [select for diffs], Thu Sep 20 07:46:39 2018 UTC (5 years, 8 months ago) by claudio
Branch: MAIN
Changes since 1.353: +27 -4 lines
Diff to previous 1.353 (colored)
Switch prefixset to an RB_TREE instead of a SIMPLEQ. This allows to trigger on duplicates (which are only reported) but is needed as a preparation step for roa-sets. OK benno@ denis@
Revision 1.353 / (download) - annotate - [select for diffs], Fri Sep 14 10:22:11 2018 UTC (5 years, 8 months ago) by claudio
Branch: MAIN
Changes since 1.352: +8 -4 lines
Diff to previous 1.352 (colored)
Extend as_set to allow for different sized objects to be added. The only requirement is that the first value of the struct is a 32bit ID which is used in the bsearch. This allows to add more than just as numbers to a set. as_set_match now returns a pointer to this data or NULL if not found. OK benno@
Revision 1.352 / (download) - annotate - [select for diffs], Thu Sep 13 11:18:18 2018 UTC (5 years, 8 months ago) by claudio
Branch: MAIN
Changes since 1.351: +25 -25 lines
Diff to previous 1.351 (colored)
Similar to as-set factor out the code to create a prefix-set into a function. Makes all a bit nicer and as an added bonus fixes a memory leak. OK phessler@
Revision 1.351 / (download) - annotate - [select for diffs], Thu Sep 13 11:16:21 2018 UTC (5 years, 8 months ago) by claudio
Branch: MAIN
Changes since 1.350: +16 -4 lines
Diff to previous 1.350 (colored)
ROA entires are allowing to define a prefix with a maxlen.
In the end this is just another way to specify a prefixlen range
and kind of an or-longer case with an upper limit.
So these two prefix statements are equivalent:
prefix 10.0.0.0/8 prefixlen 8 - 24
prefix 10.0.0.0/8 maxlen 24
While there also make 'prefixlen = 17' a OP_RANGE and because of that also
usable in prefix-set tables. Finally adjust printconf.c for those to
changes to print them nicely.
OK phessler@
Revision 1.350 / (download) - annotate - [select for diffs], Mon Sep 10 11:09:25 2018 UTC (5 years, 8 months ago) by benno
Branch: MAIN
Changes since 1.349: +2 -3 lines
Diff to previous 1.349 (colored)
use filterset_move() like all other network statements. It checks for source == NULL, avoiding a possible crash introduced yesterday. ok claudio@
Revision 1.349 / (download) - annotate - [select for diffs], Sun Sep 9 20:39:09 2018 UTC (5 years, 8 months ago) by claudio
Branch: MAIN
Changes since 1.348: +25 -1 lines
Diff to previous 1.348 (colored)
Allow for empty as-set and prefix-set definitions by adding explicit rules for those because shift/reduce issues in the list with optional commas. OK benno@
Revision 1.348 / (download) - annotate - [select for diffs], Sun Sep 9 15:04:36 2018 UTC (5 years, 8 months ago) by claudio
Branch: MAIN
Changes since 1.347: +4 -1 lines
Diff to previous 1.347 (colored)
Shut up a gcc warning about uninitialized use of min & max by adding a default case in the switch statement. Found by denis@ and fix proposed by sthen@
Revision 1.347 / (download) - annotate - [select for diffs], Sun Sep 9 14:27:24 2018 UTC (5 years, 8 months ago) by claudio
Branch: MAIN
Changes since 1.346: +3 -5 lines
Diff to previous 1.346 (colored)
Can not allow empty as-set and prefix-set blocks right now. This produces shit/reduce confilcts which need to be resolved first.
Revision 1.346 / (download) - annotate - [select for diffs], Sun Sep 9 13:44:54 2018 UTC (5 years, 8 months ago) by claudio
Branch: MAIN
Changes since 1.345: +2 -2 lines
Diff to previous 1.345 (colored)
Remove another optnl. In general we no longer support a newline between
the keyword and "{". In this case it is 'set {'.
Newlines afterwards are accepted.
Revision 1.345 / (download) - annotate - [select for diffs], Sun Sep 9 13:32:05 2018 UTC (5 years, 8 months ago) by claudio
Branch: MAIN
Changes since 1.344: +2 -2 lines
Diff to previous 1.344 (colored)
Bad merge, change a optnl to comma since that is what we want there.
Revision 1.344 / (download) - annotate - [select for diffs], Sun Sep 9 13:22:41 2018 UTC (5 years, 8 months ago) by claudio
Branch: MAIN
Changes since 1.343: +39 -42 lines
Diff to previous 1.343 (colored)
Rework the parser a bit to be more sane when it comes to newline and comma
handling. In expansion lists we want that commas and newlines are allowed
but optional. In the neighbor, group and rdomain blocks statements need to
be newline separated but neighbor 192.0.2.3 { descr "test-peer" } is allowed.
OK sthen@ benno@
Revision 1.343 / (download) - annotate - [select for diffs], Sun Sep 9 13:06:42 2018 UTC (5 years, 8 months ago) by claudio
Branch: MAIN
Changes since 1.342: +22 -25 lines
Diff to previous 1.342 (colored)
Write asset as as_set since the other word is already used in English. benno@ agrees, OK compiler
Revision 1.342 / (download) - annotate - [select for diffs], Sun Sep 9 11:00:51 2018 UTC (5 years, 8 months ago) by benno
Branch: MAIN
Changes since 1.341: +26 -28 lines
Diff to previous 1.341 (colored)
Add network prefix-set <name> syntax to announce networks in a prefix-set. feature discussed with deraadt@ and job@, ok claudio@
Revision 1.341 / (download) - annotate - [select for diffs], Sat Sep 8 15:25:27 2018 UTC (5 years, 8 months ago) by benno
Branch: MAIN
Changes since 1.340: +24 -3 lines
Diff to previous 1.340 (colored)
implement or-longer filter op for prefix-sets. Allows one two write rules like deny from any prefix-set mynetworks or-longer ok claudio, feature discussed with job and deraadt
Revision 1.340 / (download) - annotate - [select for diffs], Sat Sep 8 12:29:19 2018 UTC (5 years, 8 months ago) by claudio
Branch: MAIN
Changes since 1.339: +6 -3 lines
Diff to previous 1.339 (colored)
More BGPD_OPT_NOACTION checking to make regress happier.
Revision 1.339 / (download) - annotate - [select for diffs], Sat Sep 8 12:18:51 2018 UTC (5 years, 8 months ago) by claudio
Branch: MAIN
Changes since 1.338: +3 -2 lines
Diff to previous 1.338 (colored)
If BGPD_OPT_NOACTION is set don't check that the rdomain exists. This makes it possible to use bgpd -nv in regress with unknown rdomains.
Revision 1.338 / (download) - annotate - [select for diffs], Sat Sep 8 09:33:54 2018 UTC (5 years, 8 months ago) by claudio
Branch: MAIN
Changes since 1.337: +61 -52 lines
Diff to previous 1.337 (colored)
Change the way we parse prefix-sets so that newlines are allowed in more places and so prefix-sets look a lot better. Currently commas are not allowed but they will come back soon. OK benno@
Revision 1.337 / (download) - annotate - [select for diffs], Fri Sep 7 11:50:32 2018 UTC (5 years, 8 months ago) by benno
Branch: MAIN
Changes since 1.336: +1 -14 lines
Diff to previous 1.336 (colored)
remove unused function find_prefixsetitem(), ok claudio@
Revision 1.336 / (download) - annotate - [select for diffs], Fri Sep 7 09:38:04 2018 UTC (5 years, 8 months ago) by benno
Branch: MAIN
Changes since 1.335: +3 -3 lines
Diff to previous 1.335 (colored)
allow as4number_any in as-sets. Otherwise you cant filter bogon as'es. ok claudio@
Revision 1.335 / (download) - annotate - [select for diffs], Fri Sep 7 07:35:30 2018 UTC (5 years, 8 months ago) by miko
Branch: MAIN
Changes since 1.334: +4 -9 lines
Diff to previous 1.334 (colored)
replace malloc()+strlcpy() with strndup() in cmdline_symset(). "looks good" gilles@ halex@
Revision 1.334 / (download) - annotate - [select for diffs], Fri Sep 7 05:43:33 2018 UTC (5 years, 8 months ago) by claudio
Branch: MAIN
Changes since 1.333: +84 -5 lines
Diff to previous 1.333 (colored)
Implement as-set a fast lookup table to be used instead of long list of AS numbers in source-as, AS and transit-as filterstatements. These table use bsearch to quickly verify if an AS is in the set or not. The filter syntax is not fully set in stone yet. OK denis@ benno@ and previously OK deraadt@
Revision 1.333 / (download) - annotate - [select for diffs], Wed Sep 5 17:32:43 2018 UTC (5 years, 8 months ago) by claudio
Branch: MAIN
Changes since 1.332: +60 -57 lines
Diff to previous 1.332 (colored)
Implement most prefixlen operations as OP_RANGE (prefixlen A - B). Simplify the RDE logic this way and make it possible to load such ranges into a much faster lookup trie for prefix-sets. When printing the config bgpd tries to use the nices way to express the rule: e.g. match from any prefix 18.0.0.0/8 prefixlen 8 - 32 becomes match from any prefix 18.0.0.0/8 or-longer Apart from that there is no user visible change because of this. OK sthen@
Revision 1.332 / (download) - annotate - [select for diffs], Wed Sep 5 09:49:57 2018 UTC (5 years, 8 months ago) by claudio
Branch: MAIN
Changes since 1.331: +3 -3 lines
Diff to previous 1.331 (colored)
Change the way as_compare() and aspath_match() handle 'neighbor-as'. Instead of doing the condition before calling aspath_match() just pass the neighbor-as down to as_compare() which then has all needed data for the lookup. While doing this also remove one of the as fields in struct filter_as since the min/max fields can be reused for unary operations. OK denis@ phessler@
Revision 1.331 / (download) - annotate - [select for diffs], Mon Aug 27 19:32:37 2018 UTC (5 years, 9 months ago) by claudio
Branch: MAIN
Changes since 1.330: +2 -2 lines
Diff to previous 1.330 (colored)
If the maximum for a community is defined via the large flag then this maximum should also be passed to strtonum() instead of UINT_MAX or the error handling does not work.
Revision 1.330 / (download) - annotate - [select for diffs], Mon Aug 27 09:49:00 2018 UTC (5 years, 9 months ago) by claudio
Branch: MAIN
Changes since 1.329: +4 -7 lines
Diff to previous 1.329 (colored)
merge_filterset() needs to produce a stable sorted filterset to make sure the RDE can compare the sets on reload and skip those that did not change. For large communities the check is wrong and incomplete, replace it with a simple memcmp() of the structs which will result in a stable order. OK phessler@
Revision 1.329 / (download) - annotate - [select for diffs], Wed Aug 8 13:52:30 2018 UTC (5 years, 9 months ago) by claudio
Branch: MAIN
Changes since 1.328: +16 -34 lines
Diff to previous 1.328 (colored)
Merge getcommunity() and getlargecommunity() into one function that takes a flag if it is large or not. Makes code more reusable.
Revision 1.328 / (download) - annotate - [select for diffs], Wed Jul 11 14:08:46 2018 UTC (5 years, 10 months ago) by benno
Branch: MAIN
Changes since 1.327: +37 -2 lines
Diff to previous 1.327 (colored)
add option "network ... priority number" to announce prefixes from the kernel routing table selected by priority. For example to import all ospfd/ospf6d routes into bgp. tested by remi@ ok remi@ henning@ and maybe a little claudio@
Revision 1.327 / (download) - annotate - [select for diffs], Tue Jul 10 12:40:41 2018 UTC (5 years, 10 months ago) by benno
Branch: MAIN
Changes since 1.326: +6 -5 lines
Diff to previous 1.326 (colored)
You can run multiple copies of bgpd in seperate rdomains. However, the processes will see each others route messages. Some structures are not initialized correctly for that, causing at least useless log messages. This is an attempt to use the default_tableid where its needed. A few hardcoded uses of rtable 0 remain. ok claudio@
Revision 1.326 / (download) - annotate - [select for diffs], Tue Jul 10 09:55:14 2018 UTC (5 years, 10 months ago) by benno
Branch: MAIN
Changes since 1.325: +21 -1 lines
Diff to previous 1.325 (colored)
dont let rtable number overflow, we only support up to RT_TABLEID_MAX rtables ok henning@, claudio@, phessler@
Revision 1.325 / (download) - annotate - [select for diffs], Mon Jul 9 12:05:11 2018 UTC (5 years, 10 months ago) by krw
Branch: MAIN
Changes since 1.324: +5 -5 lines
Diff to previous 1.324 (colored)
No need to mention which memory allocation entry point failed (malloc, calloc or strdup), we just need to log that we ran out of memory in a particular function. Recommended by florian@ and deraadt@ ok benno@ henning@ tb@
Revision 1.324 / (download) - annotate - [select for diffs], Sun Jul 8 17:15:07 2018 UTC (5 years, 10 months ago) by krw
Branch: MAIN
Changes since 1.323: +3 -3 lines
Diff to previous 1.323 (colored)
Be consistent in warn() and log_warn() usage when running out of memory. Next step, be correct *and* consistent. ok dennis@ tb@ benno@ schwarze@
Revision 1.323 / (download) - annotate - [select for diffs], Wed Jun 13 09:44:59 2018 UTC (5 years, 11 months ago) by job
Branch: MAIN
Changes since 1.322: +23 -3 lines
Diff to previous 1.322 (colored)
Provide backwards compatibility for some of the announce directives OK sthen@
Revision 1.322 / (download) - annotate - [select for diffs], Wed Jun 13 09:33:51 2018 UTC (5 years, 11 months ago) by claudio
Branch: MAIN
Changes since 1.321: +21 -18 lines
Diff to previous 1.321 (colored)
Deprecate announce (all|self|none|default-route) The announce keyword was overloaded and confused a lot of operators, time to clean it up and while there incorporate RFC8212 guideline for propagation. - `announce all` is the new default but the default deny filter will make sure that by default nothing is leaked - `announce self` is no more and results in syntax error - `announce none` is now `export none` - `announce default-route` becomes `export default-route` - the filters are switched to a default deny rule both incoming and outgoing You most certainly need to adjust your config! Best is to change the config in advance by using `announce all` explicitly on all neighbors and adding `deny from any` and `deny to any` at the start of your filters and adjust the rest of the filters to still produce the same result. `bgpd -nv -f bgpd.conf ` and `bgpctl show rib out nei foo` are good tools to verify the changes. Lots of discussions with job@, deraadt@, sthen@ OK job@
Revision 1.321 / (download) - annotate - [select for diffs], Mon Jun 11 08:49:02 2018 UTC (5 years, 11 months ago) by denis
Branch: MAIN
Changes since 1.320: +78 -47 lines
Diff to previous 1.320 (colored)
Fix an off-by-one line count when using include statements. Thanks to otto@ for the initial diff. OK benno@
Revision 1.320 / (download) - annotate - [select for diffs], Thu Apr 26 14:12:19 2018 UTC (6 years, 1 month ago) by krw
Branch: MAIN
Changes since 1.319: +3 -1 lines
Diff to previous 1.319 (colored)
Plug leak in error case of the common 'varset' implementations. ok benno@
Revision 1.319 / (download) - annotate - [select for diffs], Sat Feb 10 01:24:28 2018 UTC (6 years, 3 months ago) by benno
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE,
OPENBSD_6_3
Changes since 1.318: +124 -8 lines
Diff to previous 1.318 (colored)
Add prefix-sets, lists of prefixes which can be used in place of a prefix in a filter rule. Initial idea hashed out with job@ in Toronto. This is WIP, i'm commiting it now so we can work on it in the tree. ok florian@ claudio@
Revision 1.318 / (download) - annotate - [select for diffs], Mon Feb 5 01:42:40 2018 UTC (6 years, 3 months ago) by claudio
Branch: MAIN
Changes since 1.317: +2 -1 lines
Diff to previous 1.317 (colored)
Add a comment why it is OK to set the tableid to 0 for Adj-RIB-In/Out. Requested by henning@
Revision 1.317 / (download) - annotate - [select for diffs], Sun Feb 4 05:08:16 2018 UTC (6 years, 3 months ago) by claudio
Branch: MAIN
Changes since 1.316: +3 -3 lines
Diff to previous 1.316 (colored)
Clenaup RIB handling in the RDE. Introduce some defines for Adj-RIB-In and Adj-RIB-Out and use them consistently. Makes code easier to read. OK benno@
Revision 1.316 / (download) - annotate - [select for diffs], Thu Oct 19 06:52:55 2017 UTC (6 years, 7 months ago) by jsg
Branch: MAIN
Changes since 1.315: +3 -3 lines
Diff to previous 1.315 (colored)
don't try to print uninitialised memory as a string in error paths ok deraadt@ claudio@
Revision 1.315 / (download) - annotate - [select for diffs], Mon Aug 21 14:41:22 2017 UTC (6 years, 9 months ago) by phessler
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.314: +6 -6 lines
Diff to previous 1.314 (colored)
When 'enforce neighbor-as no' is set, don't do a config-time check for the neighbor-as, as it is dynamic.
Revision 1.314 / (download) - annotate - [select for diffs], Sat Aug 12 16:47:50 2017 UTC (6 years, 9 months ago) by phessler
Branch: MAIN
Changes since 1.313: +16 -1 lines
Diff to previous 1.313 (colored)
allow filter rules to be written that affect ibgp or ebgp neighbors discussed with henning@ OK claudio@, benno@, job@
Revision 1.313 / (download) - annotate - [select for diffs], Fri Aug 11 16:02:53 2017 UTC (6 years, 9 months ago) by claudio
Branch: MAIN
Changes since 1.312: +2 -11 lines
Diff to previous 1.312 (colored)
softreconfig in and out are on by default for ever and machines now have enough memory that it does not make sense to provide these knobs anymore. They just make the code more complex for no much gain. OK phessler@, benno@
Revision 1.312 / (download) - annotate - [select for diffs], Mon Jun 26 10:08:06 2017 UTC (6 years, 11 months ago) by phessler
Branch: MAIN
Changes since 1.311: +1 -5 lines
Diff to previous 1.311 (colored)
let admins set an unknown well-known community from Job Snijders ok phessler@ benno@
Revision 1.311 / (download) - annotate - [select for diffs], Mon Jun 26 10:05:57 2017 UTC (6 years, 11 months ago) by phessler
Branch: MAIN
Changes since 1.310: +6 -2 lines
Diff to previous 1.310 (colored)
add support for the "graceful shutdown" well-known community as described in draft-ietf-grow-bgp-gshut from Job Snijders ok phessler@ benno@
Revision 1.310 / (download) - annotate - [select for diffs], Mon Jun 26 10:04:21 2017 UTC (6 years, 11 months ago) by phessler
Branch: MAIN
Changes since 1.309: +2 -2 lines
Diff to previous 1.309 (colored)
allow setting localpref to 0 from Job Snijders ok phessler@ benno@
Revision 1.309 / (download) - annotate - [select for diffs], Wed May 31 20:01:51 2017 UTC (7 years ago) by claudio
Branch: MAIN
Changes since 1.308: +4 -4 lines
Diff to previous 1.308 (colored)
Too vs To. Found by Denis Fondras openbsd (at) ledeuns (dot) net
Revision 1.308 / (download) - annotate - [select for diffs], Wed May 31 10:44:00 2017 UTC (7 years ago) by claudio
Branch: MAIN
Changes since 1.307: +67 -55 lines
Diff to previous 1.307 (colored)
Rework the way we do extended communities (mainly in the parser) and update the IANA table to a somewhat more complete list. This includes BGP Prefix Origin Validation State support via the ext-community ovs keyword. OK henning@ benno@ based on a diff by Job Snijders
Revision 1.307 / (download) - annotate - [select for diffs], Mon May 29 07:49:27 2017 UTC (7 years ago) by phessler
Branch: MAIN
Changes since 1.306: +1 -9 lines
Diff to previous 1.306 (colored)
remove the file permission check for bgpd.conf OK deraadt@, henning@, sthen@, and everyone who has ever been annoyed
Revision 1.306 / (download) - annotate - [select for diffs], Sun May 28 15:16:33 2017 UTC (7 years ago) by henning
Branch: MAIN
Changes since 1.305: +13 -8 lines
Diff to previous 1.305 (colored)
so far, bgpd was hardcoded to use rtable 0 for nexthop verification. instead, use the rtable bgpd was started in (route -T <n> exec / rc.d daemon_rtable) for nexthop verification and as default Adj-RIB-In and Loc-RIB. This allows multiple bgpds in different rdomains on the same machine - bgp router virtualization if you like buzzwords. initial version written under contract more than a year ago, it took us a while to wrap our brains around the bgpd <-> rdomain interactions - 1) RIBs, 2) nexthop verification and 3) tcp sockets. ok & input phessler claudio benno
Revision 1.305 / (download) - annotate - [select for diffs], Sat May 27 18:12:23 2017 UTC (7 years ago) by phessler
Branch: MAIN
Changes since 1.304: +9 -1 lines
Diff to previous 1.304 (colored)
Allow an administrator to disable the bgp loop detection algorithm, which is useful in very limited situations. Angry dragons and grues will hunt for you, if you use it. OK claudio@ sthen@ benno@
Revision 1.304 / (download) - annotate - [select for diffs], Sat May 27 18:04:07 2017 UTC (7 years ago) by benno
Branch: MAIN
Changes since 1.303: +9 -2 lines
Diff to previous 1.303 (colored)
allow only one network <prefix> statement per for the same prefix. ok florian@ phessler@
Revision 1.303 / (download) - annotate - [select for diffs], Sat May 27 10:33:15 2017 UTC (7 years ago) by phessler
Branch: MAIN
Changes since 1.302: +14 -2 lines
Diff to previous 1.302 (colored)
Allow OpenBGPD to selectively choose which local ASN to use per-peer. This is intended to be used for ASN migrations, not for permanent use. You MUST use filters to protect yourself from receiving your own routes. There be dragons and grues. OK claudio@ benno@
Revision 1.302 / (download) - annotate - [select for diffs], Sat May 27 10:24:44 2017 UTC (7 years ago) by phessler
Branch: MAIN
Changes since 1.301: +5 -1 lines
Diff to previous 1.301 (colored)
allow us to use 'local-as' in the filter language "match in from any set community local-as:neighbor-as" OK claudio@
Revision 1.301 / (download) - annotate - [select for diffs], Fri May 26 20:55:30 2017 UTC (7 years ago) by phessler
Branch: MAIN
Changes since 1.300: +6 -1 lines
Diff to previous 1.300 (colored)
AS 0 is special and should be considered an error. Drop the session if it shows during OPEN or CAPA, or mark as invalid if it is part of an Update. required by RFC 7607 man page OK jmc@ OK florian@ benno@ claudio@
Revision 1.300 / (download) - annotate - [select for diffs], Fri May 26 14:08:51 2017 UTC (7 years ago) by phessler
Branch: MAIN
Changes since 1.299: +108 -61 lines
Diff to previous 1.299 (colored)
Expand RIB names in groups Diff from Denis Fondras, many thanks! OK claudio@ phessler@
Revision 1.299 / (download) - annotate - [select for diffs], Fri May 26 14:07:03 2017 UTC (7 years ago) by phessler
Branch: MAIN
Changes since 1.298: +17 -2 lines
Diff to previous 1.298 (colored)
Allow nested {} in prefix lists.
Diff from Denis Fondras, many thanks!
OK claudio@ phessler@
Revision 1.298 / (download) - annotate - [select for diffs], Wed Feb 22 13:55:14 2017 UTC (7 years, 3 months ago) by renato
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.297: +3 -2 lines
Diff to previous 1.297 (colored)
Add missing htonl for IPsec SPI. Also, do not allow to configure SPI values in the 0..255 range. RFC 4302 and RFC 4303 say the following: "The set of SPI values in the range 1 through 255 are reserved by the Internet Assigned Numbers Authority (IANA) for future use; a reserved SPI value will not normally be assigned by IANA unless the use of the assigned SPI value is specified in an RFC. The SPI value of zero (0) is reserved for local, implementation-specific use and MUST NOT be sent on the wire". ok and tweak benno@
Revision 1.297 / (download) - annotate - [select for diffs], Wed Jan 25 00:11:07 2017 UTC (7 years, 4 months ago) by claudio
Branch: MAIN
Changes since 1.296: +2 -2 lines
Diff to previous 1.296 (colored)
Flag the Loc-RIB with F_RIB_LOCAL so we can remove one ugly hack somewhere else
Revision 1.296 / (download) - annotate - [select for diffs], Tue Jan 24 04:22:42 2017 UTC (7 years, 4 months ago) by benno
Branch: MAIN
Changes since 1.295: +2 -1 lines
Diff to previous 1.295 (colored)
sync log.c from relayd et al to bgpd. there is still a little difference regarding handling of the verbosity value that will be handled later. ok claudio@ florian@
Revision 1.295 / (download) - annotate - [select for diffs], Wed Jan 18 04:28:45 2017 UTC (7 years, 4 months ago) by phessler
Branch: MAIN
Changes since 1.294: +3 -3 lines
Diff to previous 1.294 (colored)
while a u_int is large enough for 32bit-asns, it is not big enough for some of the magic values we use to indicate '*' or neighbor-as. fixes "allow from any large-community neighbor-as:*:*"
Revision 1.294 / (download) - annotate - [select for diffs], Fri Jan 13 18:59:12 2017 UTC (7 years, 4 months ago) by phessler
Branch: MAIN
Changes since 1.293: +13 -2 lines
Diff to previous 1.293 (colored)
Add support for draft-ietf-idr-shutdown
BGP state = Idle, marked down with shutdown reason "goodbye, we are
upgrading to openbsd 6.1", down for 00:00:17
developed by Peter van Dijk <peter.van.dijk@powerdns.com> and Job
Snijders <job@ntt.net>, thank you!
OK benno@
Revision 1.293 / (download) - annotate - [select for diffs], Thu Jan 5 13:53:09 2017 UTC (7 years, 4 months ago) by krw
Branch: MAIN
Changes since 1.292: +2 -3 lines
Diff to previous 1.292 (colored)
Replace hand-rolled for(;;) emptying of 'symhead' TAILQ with more modern TAILQ_FOREACH_SAFE(). No intentional functional change. ok millert@ bluhm@ gilles@
Revision 1.292 / (download) - annotate - [select for diffs], Thu Jan 5 12:42:18 2017 UTC (7 years, 4 months ago) by krw
Branch: MAIN
Changes since 1.291: +7 -5 lines
Diff to previous 1.291 (colored)
Replace symset()'s hand-rolled for(;;) traversal of 'symhead' TAILQ
with more modern TAILQ_FOREACH(). This what symget() was already
doing.
Add paranoia '{}' around body of symget()'s TAILQ_FOREACH().
No intentional functional change.
ok bluhm@ otto@
Revision 1.291 / (download) - annotate - [select for diffs], Mon Dec 26 21:30:10 2016 UTC (7 years, 5 months ago) by jca
Branch: MAIN
Changes since 1.290: +2 -2 lines
Diff to previous 1.290 (colored)
Typo, "more then" -> "more than"
Revision 1.290 / (download) - annotate - [select for diffs], Fri Oct 14 16:05:36 2016 UTC (7 years, 7 months ago) by phessler
Branch: MAIN
Changes since 1.289: +116 -2 lines
Diff to previous 1.289 (colored)
Add support for draft-ietf-idr-large-community Joint work with Job Snijders, many thanks! OK benno@ deraadt@
Revision 1.289 / (download) - annotate - [select for diffs], Wed Oct 5 07:38:06 2016 UTC (7 years, 7 months ago) by phessler
Branch: MAIN
Changes since 1.288: +20 -1 lines
Diff to previous 1.288 (colored)
Let bgpd announce routes based on a route-label. OK henning@ benno@
Revision 1.288 / (download) - annotate - [select for diffs], Tue Jun 21 21:35:24 2016 UTC (7 years, 11 months ago) by benno
Branch: MAIN
CVS Tags: OPENBSD_6_0_BASE,
OPENBSD_6_0
Changes since 1.287: +9 -1 lines
Diff to previous 1.287 (colored)
do not allow whitespace in macro names, i.e. "this is" = "a variable". change this in all config parsers in our tree that support macros. problem reported by sven falempin. feedback from henning@, stsp@, deraadt@ ok florian@ mikeb@
Revision 1.287 / (download) - annotate - [select for diffs], Fri Jun 3 17:36:37 2016 UTC (8 years ago) by benno
Branch: MAIN
Changes since 1.286: +60 -4 lines
Diff to previous 1.286 (colored)
Add operators =, !=, - (range), >< (exclsive range) to the as-path filters (AS, peer-as, source-as, transit-as). Add a use case (block illegal AS numbers) to the bgpd.conf example. feedback from claudio, sthen, florian, ok florian@ phessler@
Revision 1.286 / (download) - annotate - [select for diffs], Tue Oct 27 18:19:33 2015 UTC (8 years, 7 months ago) by mmcc
Branch: MAIN
CVS Tags: OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.285: +2 -2 lines
Diff to previous 1.285 (colored)
calloc -> malloc when the memory is immediately overwritten with memcpy. ok claudio@
Revision 1.285 / (download) - annotate - [select for diffs], Thu Oct 22 13:30:07 2015 UTC (8 years, 7 months ago) by reyk
Branch: MAIN
Changes since 1.284: +1 -2 lines
Diff to previous 1.284 (colored)
Revert revision 1.282: "Allow for empty blocks for peers. While this is bad style for permant use, this is very nice to temporarily disable a peer option." This broke the grammar by introducing shift/reduce errors. OK phessler@
Revision 1.284 / (download) - annotate - [select for diffs], Sun Oct 11 19:30:12 2015 UTC (8 years, 7 months ago) by phessler
Branch: MAIN
Changes since 1.283: +5 -1 lines
Diff to previous 1.283 (colored)
standardize a community that has been independently created by nearly every single AS on the planet: the blackhole OK benno@, claudio@, sthen@
Revision 1.283 / (download) - annotate - [select for diffs], Mon Sep 21 09:47:15 2015 UTC (8 years, 8 months ago) by phessler
Branch: MAIN
Changes since 1.282: +12 -1 lines
Diff to previous 1.282 (colored)
Let us log all updates sent from an individual peer. Since this can be applied to a group, also let us disable logging on a sub-member of the group. Very handy for debugging naughty peers on a router with multiple peers. OK benno@
Revision 1.282 / (download) - annotate - [select for diffs], Mon Sep 21 09:41:48 2015 UTC (8 years, 8 months ago) by phessler
Branch: MAIN
Changes since 1.281: +2 -2 lines
Diff to previous 1.281 (colored)
Allow for empty blocks for peers. While this is bad style for permant use, this is very nice to temporarily disable a peer option. OK sthen@ benno@
Revision 1.281 / (download) - annotate - [select for diffs], Thu Jul 16 18:26:04 2015 UTC (8 years, 10 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE,
OPENBSD_5_8
Changes since 1.280: +31 -83 lines
Diff to previous 1.280 (colored)
Next round of config cleanup. Move various lists into the bgpd_config struct. This is the next step to better split parsing and merging the config. OK benno@
Revision 1.280 / (download) - annotate - [select for diffs], Sun Apr 26 20:12:03 2015 UTC (9 years, 1 month ago) by benno
Branch: MAIN
Changes since 1.279: +7 -1 lines
Diff to previous 1.279 (colored)
mlarkin asks "bgpctl checks the length of the control socket path to make sure it fits. When browsing around last night I saw that bgpd does not. Any reason it shouldn't? Please commit" Add a check in parse.y to check this when reading the configuration. ok phessler@ henning@
Revision 1.279 / (download) - annotate - [select for diffs], Sat Apr 25 15:28:18 2015 UTC (9 years, 1 month ago) by phessler
Branch: MAIN
Changes since 1.278: +10 -3 lines
Diff to previous 1.278 (colored)
allow us to write rules that match directly on the peer AS ... allow from AS 1 prefix 192.0.2.0/24 ... Also adjust the IRR ruleset output to include the declared peer AS, instead of hoping they listed their neighbor IP address! OK benno@ older version OK: claudio@ henning@
Revision 1.278 / (download) - annotate - [select for diffs], Sat Mar 14 03:52:42 2015 UTC (9 years, 2 months ago) by claudio
Branch: MAIN
Changes since 1.277: +23 -34 lines
Diff to previous 1.277 (colored)
rename rde_free_filter() to filterlist_free() and start using it outside of the RDE to free the filterlists. Also refactor common code to merge filterlists into its own function. Makes the code look nicer.
Revision 1.277 / (download) - annotate - [select for diffs], Sat Mar 14 02:43:02 2015 UTC (9 years, 2 months ago) by claudio
Branch: MAIN
Changes since 1.276: +5 -6 lines
Diff to previous 1.276 (colored)
Move the command line options (mainly -d and -v) out of struct bgpd_config into a own flag field since these can't be modified via a config reload. OK henning@ benno@ before lock
Revision 1.276 / (download) - annotate - [select for diffs], Sat Mar 14 02:32:35 2015 UTC (9 years, 2 months ago) by claudio
Branch: MAIN
Changes since 1.275: +1 -11 lines
Diff to previous 1.275 (colored)
Move the code that adjust FIB priority when changed during a config reload from the parsing function to the merge_config function where it belongs. OK henning@ benno@ before lock
Revision 1.275 / (download) - annotate - [select for diffs], Thu Nov 20 05:51:20 2014 UTC (9 years, 6 months ago) by jsg
Branch: MAIN
CVS Tags: OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.274: +4 -1 lines
Diff to previous 1.274 (colored)
Don't allow embedded nul characters in strings. Fixes a pfctl crash with an anchor name containing an embedded nul found with the afl fuzzer. pfctl parse.y patch from and ok deraadt@
Revision 1.274 / (download) - annotate - [select for diffs], Mon Nov 3 16:55:59 2014 UTC (9 years, 7 months ago) by bluhm
Branch: MAIN
Changes since 1.273: +6 -6 lines
Diff to previous 1.273 (colored)
Convert the logic in yyerror(). Instead of creating a temporary format string, create a temporary message. OK benno@ doug@ claudio@
Revision 1.273 / (download) - annotate - [select for diffs], Sun Nov 2 00:30:41 2014 UTC (9 years, 7 months ago) by doug
Branch: MAIN
Changes since 1.272: +20 -18 lines
Diff to previous 1.272 (colored)
Add gcc format attributes to parse.y's yyerror() for bgpd. Fix some of the format characters in yyerror calls: %u -> %zu, %lld -> %u ok claudio@
Revision 1.272 / (download) - annotate - [select for diffs], Fri May 2 14:12:05 2014 UTC (10 years, 1 month ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE,
OPENBSD_5_6
Changes since 1.271: +2 -2 lines
Diff to previous 1.271 (colored)
spelling; Denis Fondras
Revision 1.271 / (download) - annotate - [select for diffs], Wed Jan 22 00:21:16 2014 UTC (10 years, 4 months ago) by henning
Branch: MAIN
CVS Tags: OPENBSD_5_5_BASE,
OPENBSD_5_5
Changes since 1.270: +2 -2 lines
Diff to previous 1.270 (colored)
relax the cfg file secrecy check slightly to allow group readability default permissions and mtree NOT changed. prodded by benno, ok phessler benno jmatthew theo pelikan florian
Revision 1.270 / (download) - annotate - [select for diffs], Mon Nov 25 12:53:27 2013 UTC (10 years, 6 months ago) by benno
Branch: MAIN
Changes since 1.269: +7 -7 lines
Diff to previous 1.269 (colored)
use u_char for buffers in yylex, for ctype calls found by millert@, ok deraadt@
Revision 1.269 / (download) - annotate - [select for diffs], Wed Nov 13 09:14:48 2013 UTC (10 years, 6 months ago) by florian
Branch: MAIN
Changes since 1.268: +21 -2 lines
Diff to previous 1.268 (colored)
Knob to set priority with which bgpd inserts routes into the kernel routing table. Need for it in "special" setups pointed out by Loic Blot (loic.blot _AT_ unix-experience _DOT_ fr) on tech. OK benno, henning
Revision 1.268 / (download) - annotate - [select for diffs], Sat Oct 19 15:04:25 2013 UTC (10 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.267: +150 -87 lines
Diff to previous 1.267 (colored)
Merge the prefix and prefixlen filter bits into one filter. Change the filter expansion so that rules are grouped by prefixes last. The RDE will then be able to optimize the rules into table lookups but that is a later step. As additional goodies it is now possible to use inet and inet6 on their own and or-longer can be used as a shorthand for prefixlen >= len. OK henning@ sthen@ florian@
Revision 1.267 / (download) - annotate - [select for diffs], Fri Sep 27 08:23:11 2013 UTC (10 years, 8 months ago) by sthen
Branch: MAIN
Changes since 1.266: +2 -2 lines
Diff to previous 1.266 (colored)
typo in macro name; no md5 change
Revision 1.266 / (download) - annotate - [select for diffs], Sat May 11 14:42:28 2013 UTC (11 years ago) by benno
Branch: MAIN
CVS Tags: OPENBSD_5_4_BASE,
OPENBSD_5_4
Changes since 1.265: +6 -6 lines
Diff to previous 1.265 (colored)
change mrt rib dump ReopenTimerInterval from time_t to int. Intervalls don't need to scale to 64 bits in this universe. ok claudio@ & florian@
Revision 1.265 / (download) - annotate - [select for diffs], Tue Nov 13 09:47:20 2012 UTC (11 years, 6 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_5_3_BASE,
OPENBSD_5_3
Changes since 1.264: +21 -1 lines
Diff to previous 1.264 (colored)
Allow filtering based on the NEXTHOP attribute. This allows to build rules like: allow from any nexthop neighbor (to allow only prefixes that use the routers IP address as nexthop). Lots of testing, input and OK florian@
Revision 1.264 / (download) - annotate - [select for diffs], Sun Sep 23 09:39:17 2012 UTC (11 years, 8 months ago) by claudio
Branch: MAIN
Changes since 1.263: +2 -2 lines
Diff to previous 1.263 (colored)
Enable graceful restart by default. The only way to find out if it works for real. After discussion with sthen@, henning@ and deraadt@. It can be disabled per neighbor with "announce restart no".
Revision 1.263 / (download) - annotate - [select for diffs], Wed Sep 12 05:56:22 2012 UTC (11 years, 8 months ago) by claudio
Branch: MAIN
Changes since 1.262: +3 -3 lines
Diff to previous 1.262 (colored)
Better graceful restart support (implementing more then just the EoR record). This implements only the "Restarting Client" bits of the RFC -- in other words bgpd will keep the FIB when the client restarts but it will not do GR when restarting itself. The capability is still off by default (you need "announce restart yes" to enable it). Tested by Anders Berggren. OK sthen@
Revision 1.262 / (download) - annotate - [select for diffs], Fri Jul 13 15:25:37 2012 UTC (11 years, 10 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_5_2_BASE,
OPENBSD_5_2
Changes since 1.261: +3 -3 lines
Diff to previous 1.261 (colored)
Make sure that set med 0 is ACTION_SET_MED and not relative. Fixes set med 0 and Hennings iBGP sessions. OK henning@
Revision 1.261 / (download) - annotate - [select for diffs], Thu Apr 12 17:31:05 2012 UTC (12 years, 1 month ago) by claudio
Branch: MAIN
Changes since 1.260: +5 -5 lines
Diff to previous 1.260 (colored)
The ebgp flags is just a truth value and it is better to not == 1 compares. OK henning@ sthen@
Revision 1.260 / (download) - annotate - [select for diffs], Sat Sep 17 16:29:44 2011 UTC (12 years, 8 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_5_1_BASE,
OPENBSD_5_1
Changes since 1.259: +5 -1 lines
Diff to previous 1.259 (colored)
Implement new mrt table dump format as specified in draft-ietf-grow-mrt. Tested with IP and IPv6 sessions and against the libbgpdump parser. OK henning@
Revision 1.259 / (download) - annotate - [select for diffs], Sun May 1 12:56:04 2011 UTC (13 years, 1 month ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_5_0_BASE,
OPENBSD_5_0
Changes since 1.258: +3 -21 lines
Diff to previous 1.258 (colored)
On reload the filtersets attached to a network need to be moved to the existing network element. First free the old filterset and then move the new on top of it. This solves the reload issue with changing network statements. OK henning@
Revision 1.258 / (download) - annotate - [select for diffs], Thu Sep 2 14:03:21 2010 UTC (13 years, 9 months ago) by sobrado
Branch: MAIN
CVS Tags: OPENBSD_4_9_BASE,
OPENBSD_4_9
Changes since 1.257: +2 -2 lines
Diff to previous 1.257 (colored)
remove trailing spaces and tabs from source code; no binary changes (verified by both sthen@ and me). ok sthen@; "just commit it" claudio@
Revision 1.257 / (download) - annotate - [select for diffs], Tue Aug 3 18:42:40 2010 UTC (13 years, 10 months ago) by henning
Branch: MAIN
CVS Tags: OPENBSD_4_8_BASE,
OPENBSD_4_8
Changes since 1.256: +4 -3 lines
Diff to previous 1.256 (colored)
fix linecount bug with comments spanning multiple lines problem reported with the obvious fix for bgpd by Sebastian Benoit <benoit-lists at fb12.de>, also PR 6432 applied to all the others by yours truly. ok theo isn't it amazing how far this parser (and more) spread?
Revision 1.256 / (download) - annotate - [select for diffs], Sun Jun 27 19:53:34 2010 UTC (13 years, 11 months ago) by claudio
Branch: MAIN
Changes since 1.255: +23 -3 lines
Diff to previous 1.255 (colored)
Instead of specifying the control sockets on the command line have them in bgpd.conf. This allows to add/modify restricted control sockets on runtime. Feature request by a few people how often forgot to add -r path when restarting bgpd (including myself). NOTE: this removes the -s and -r arguments from bgpd so pay attention when updateing. jajaja sthen@, OK henning@
Revision 1.255 / (download) - annotate - [select for diffs], Mon May 17 16:08:20 2010 UTC (14 years ago) by claudio
Branch: MAIN
Changes since 1.254: +28 -2 lines
Diff to previous 1.254 (colored)
Implement two new filters, max-as-len and max-as-seq. The first is limiting the length of an AS path (matches if the path is longer then the specified lenght) the second matches when a sequence of the same AS number is longer then the specified length). max-as-len is good to protect crappy comercial bgp boxes from other crappy comercial bgp boxes. max-as-seq was a feature request from SwissIX and maybe EuroIX to find and filter prepends. Additinal testing and OK sthen@
Revision 1.254 / (download) - annotate - [select for diffs], Mon May 17 15:49:29 2010 UTC (14 years ago) by claudio
Branch: MAIN
Changes since 1.253: +201 -47 lines
Diff to previous 1.253 (colored)
Last bits of MPLS VPN support. Hook kernel routing tables and RIB together.
This adds a bit of new config to specify the mapping between an rdomain and
the BGP MPLS VPN instance, example:
rdomain 1 {
descr "CUSTOMER1"
rd 65003:1
import-target rt 65003:3
export-target rt 65003:1
depend on mpe0
network 192.168.224/24
}
The "depend on mpe0" is a but ugly but for now this is the quickest way to
figure out which interface bgp should use to insert the MPLS routes.
A big side-effect of this diff is that networks are now internally
distributed through kroute.c.
This needs some kernel changes that will follow hopefully soon.
OK henning@
Revision 1.253 / (download) - annotate - [select for diffs], Mon May 3 13:09:38 2010 UTC (14 years, 1 month ago) by claudio
Branch: MAIN
Changes since 1.252: +64 -24 lines
Diff to previous 1.252 (colored)
Make it possible to load multiple routing tables at the same time and use those for alternate RIBs. This allows to use "rde rib TESTIT rtable 1". NOTE: nexthop verification has changed for alternate tables. For now nexthop will only be verified against the main routing table (id 0). Because of this "nexthop qualify via bgp" may now compare the nexthops against bgpd routes from a different RIB. Tested by sthen@, OK to move on by henning@
Revision 1.252 / (download) - annotate - [select for diffs], Wed Apr 28 13:07:48 2010 UTC (14 years, 1 month ago) by claudio
Branch: MAIN
Changes since 1.251: +7 -1 lines
Diff to previous 1.251 (colored)
Allow neighbor-as in AS filter statements like: match from any source-as neighbor-as set localpref 1000 OK henning@
Revision 1.251 / (download) - annotate - [select for diffs], Mon Apr 26 08:46:31 2010 UTC (14 years, 1 month ago) by claudio
Branch: MAIN
Changes since 1.250: +10 -1 lines
Diff to previous 1.250 (colored)
Fix some memory leaks on config reload failure and move one particular cleanup loop to parse.y where it belongs. OK henning@
Revision 1.250 / (download) - annotate - [select for diffs], Wed Mar 31 18:53:23 2010 UTC (14 years, 2 months ago) by claudio
Branch: MAIN
Changes since 1.249: +1 -13 lines
Diff to previous 1.249 (colored)
network static and network connected have been superseded by network inet static and network inet connected a long time ago. It is time to remove the old compat code.
Revision 1.249 / (download) - annotate - [select for diffs], Fri Mar 5 15:25:00 2010 UTC (14 years, 3 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_4_7_BASE,
OPENBSD_4_7
Changes since 1.248: +20 -1 lines
Diff to previous 1.248 (colored)
Allow to filter for ext-community attributes. Currently only perfect matches work but that's already better then nothing. OK sthen@
Revision 1.248 / (download) - annotate - [select for diffs], Wed Jan 13 06:02:37 2010 UTC (14 years, 4 months ago) by claudio
Branch: MAIN
Changes since 1.247: +5 -3 lines
Diff to previous 1.247 (colored)
Add support for BGP MPLS VPN aka RFC 4364. This is only the RDE part so that it is possible to use OpenBGPD as a route-reflector for VPNv4. Some clean up of the BGP MP code so that multiple protocols are easier supported. kroute/kernel support not yet done but comming. OK henning@, reyk@
Revision 1.247 / (download) - annotate - [select for diffs], Mon Jan 11 03:24:35 2010 UTC (14 years, 4 months ago) by deraadt
Branch: MAIN
Changes since 1.246: +26 -5 lines
Diff to previous 1.246 (colored)
lex <=, >=, !=, and >< into a single token for correctness and to reduce the lookahead in the parser ok henning
Revision 1.246 / (download) - annotate - [select for diffs], Wed Dec 16 15:40:55 2009 UTC (14 years, 5 months ago) by claudio
Branch: MAIN
Changes since 1.245: +190 -2 lines
Diff to previous 1.245 (colored)
Implement "set ext-community [delete] subtype key:value" to set and delete extended communities as specified in RFC 4360. No matching implemented yet and stuff like * and neighbor-as are neither supported but will be soon. Looks good henning & sthen, manpage fixed by jmc
Revision 1.245 / (download) - annotate - [select for diffs], Wed Dec 9 12:52:07 2009 UTC (14 years, 5 months ago) by claudio
Branch: MAIN
Changes since 1.244: +17 -18 lines
Diff to previous 1.244 (colored)
parsecommunity() always works on a struct filter_community. So pass a pointer to the struct instead of two int pointers.
Revision 1.244 / (download) - annotate - [select for diffs], Wed Dec 9 11:12:50 2009 UTC (14 years, 5 months ago) by claudio
Branch: MAIN
Changes since 1.243: +2 -19 lines
Diff to previous 1.243 (colored)
parsecommunity() does not allow to set unknown well-known communities. So there is no need to check that again. Switch a USHRT_MAX to COMMUNITY_WELLKNOWN to make the compare clearer, the values are the same.
Revision 1.243 / (download) - annotate - [select for diffs], Tue Dec 8 14:03:40 2009 UTC (14 years, 5 months ago) by claudio
Branch: MAIN
Changes since 1.242: +23 -34 lines
Diff to previous 1.242 (colored)
Big AID change part two. This changes the mp capability into an array of flags. This makes a lot of code much easier since the comparison is now trivial. Additionally calculate the negotiated capabilities for a session in the SE and pass that and only that to the RDE. This makes the decisions in the RDE a lot easier. OK henning@
Revision 1.242 / (download) - annotate - [select for diffs], Sun Dec 6 11:42:22 2009 UTC (14 years, 5 months ago) by claudio
Branch: MAIN
Changes since 1.241: +2 -2 lines
Diff to previous 1.241 (colored)
Doh, switch src and dst in memcpy calls or the wrong thing gets copied. For some reasons memcpy has the argument reversed - grmbl. Found the hard way by Insan Praja.
Revision 1.241 / (download) - annotate - [select for diffs], Tue Dec 1 14:28:05 2009 UTC (14 years, 6 months ago) by claudio
Branch: MAIN
Changes since 1.240: +29 -52 lines
Diff to previous 1.240 (colored)
Use an artificial address family id in struct bgpd_addr and almost everywhere else. Adds conversion functions to map AFI/SAFI and the Unix AF_ values from and into AID used in bgpd. This is needed to support things like MPLS VPN and other upcomming changes that need to play a lot with AFI/SAFI pairs. Mostly mechanical change, henning@ has no particular issues with this. Must go in so that I can continue working.
Revision 1.240 / (download) - annotate - [select for diffs], Thu Nov 26 13:40:43 2009 UTC (14 years, 6 months ago) by henning
Branch: MAIN
Changes since 1.239: +25 -3 lines
Diff to previous 1.239 (colored)
support for set origin; based on an initial diff from Sebastian Benoit <benoit-lists at fb12 dot de> who also tested this version claudio ok
Revision 1.239 / (download) - annotate - [select for diffs], Wed Nov 11 13:48:34 2009 UTC (14 years, 6 months ago) by claudio
Branch: MAIN
Changes since 1.238: +2 -1 lines
Diff to previous 1.238 (colored)
Plug two memory leaks in error pathes. Found by parfait. OK henning, jsg
Revision 1.238 / (download) - annotate - [select for diffs], Tue Oct 13 09:51:53 2009 UTC (14 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.237: +2 -2 lines
Diff to previous 1.237 (colored)
Disable graceful restart for now. The EOR marker is sent in the wrong place and fixing this is not a two liner. Will be enabled again when I found out how to fix this.
Revision 1.237 / (download) - annotate - [select for diffs], Tue Oct 6 09:44:13 2009 UTC (14 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.236: +16 -9 lines
Diff to previous 1.236 (colored)
Add config knobs to enable/disable individual BGP capabilities per neighbor. e.g. announce refresh no. With this be more aggressive when announcing our capabilities and enable all of them by default. If there are troubles with some neighbors adding the following config lines should bring you back to the old behaviour: announce refresh yes # was already on by default announce restart no announce as-4byte no # was only set on sessions to peers with 4byte AS nums OK henning and sthen
Revision 1.236 / (download) - annotate - [select for diffs], Fri Sep 4 13:08:49 2009 UTC (14 years, 9 months ago) by claudio
Branch: MAIN
Changes since 1.235: +3 -1 lines
Diff to previous 1.235 (colored)
Make sure that a proper syntax error is produced when something else then yes or no is used in a yes/no token. OK henning
Revision 1.235 / (download) - annotate - [select for diffs], Fri Sep 4 11:50:28 2009 UTC (14 years, 9 months ago) by claudio
Branch: MAIN
Changes since 1.234: +23 -3 lines
Diff to previous 1.234 (colored)
Use the address familiy of the neighbor IP to decide which MP type to use. IPv4 session will still default to only announce inet unicast but now IPv6 session will by default use announce inet6 unicast. The defaults can be overridden on groups and in the neighbor itself but this new behaviour is way more sane then the old one. OK henning, sthen
Revision 1.234 / (download) - annotate - [select for diffs], Mon Aug 31 13:03:31 2009 UTC (14 years, 9 months ago) by claudio
Branch: MAIN
Changes since 1.233: +7 -3 lines
Diff to previous 1.233 (colored)
Use UINT_MAX instead of ASNUM_MAX and get rid of this mostly useless define.
Revision 1.233 / (download) - annotate - [select for diffs], Mon Aug 3 13:14:07 2009 UTC (14 years, 10 months ago) by claudio
Branch: MAIN
Changes since 1.232: +4 -2 lines
Diff to previous 1.232 (colored)
Make announce "self" work like all others (self is a bit special because it's a keyword but "self" is not). OK henning@
Revision 1.232 / (download) - annotate - [select for diffs], Mon Jul 20 14:56:20 2009 UTC (14 years, 10 months ago) by claudio
Branch: MAIN
Changes since 1.231: +2 -2 lines
Diff to previous 1.231 (colored)
Flag added RIBs as F_RIB_NOFIB | F_RIB_NOEVALUATE in the no-eval case even though F_RIB_NOEVALUATE implicitly includes F_RIB_NOFIB.
Revision 1.231 / (download) - annotate - [select for diffs], Sat Jun 6 01:10:29 2009 UTC (14 years, 11 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_4_6_BASE,
OPENBSD_4_6
Changes since 1.230: +30 -6 lines
Diff to previous 1.230 (colored)
Some preliminary filter magic to support multiple RIBs on the filters. It is ugly but does the trick for now. Filters will be rewritten anyway. The rib specifier only makes sense on from rules. e.g. deny rib OMG from any
Revision 1.230 / (download) - annotate - [select for diffs], Sat Jun 6 01:07:01 2009 UTC (14 years, 11 months ago) by claudio
Branch: MAIN
Changes since 1.229: +8 -8 lines
Diff to previous 1.229 (colored)
Only the main Loc-RIB should update the FIB for now. So introduce a F_RIB_NOFIB flag and apply it on all RIBs that are not F_RIB_NOEVALUATE.
Revision 1.229 / (download) - annotate - [select for diffs], Fri Jun 5 20:46:43 2009 UTC (14 years, 11 months ago) by claudio
Branch: MAIN
Changes since 1.228: +2 -2 lines
Diff to previous 1.228 (colored)
Don't call the main RIB DEFAULT but Loc-RIB. Makes more sense.
Revision 1.228 / (download) - annotate - [select for diffs], Fri Jun 5 19:52:32 2009 UTC (15 years ago) by claudio
Branch: MAIN
Changes since 1.227: +16 -1 lines
Diff to previous 1.227 (colored)
Make it possible to bind peers to a specified RIB. Now only filters and bgpctl are missing to have full support of multiple RIBs.
Revision 1.227 / (download) - annotate - [select for diffs], Thu Jun 4 22:08:19 2009 UTC (15 years ago) by claudio
Branch: MAIN
Changes since 1.226: +71 -10 lines
Diff to previous 1.226 (colored)
Make mrt understand alternate RIB plus remove some other static rib references. There is still a problem with the mrt dumps because we only allow one in the RDE. This needs some additional work.
Revision 1.226 / (download) - annotate - [select for diffs], Thu Jun 4 04:46:42 2009 UTC (15 years ago) by claudio
Branch: MAIN
Changes since 1.225: +53 -2 lines
Diff to previous 1.225 (colored)
Add "rde rib <name>" to the config and allow the rde to use these other RIBs. Still a bit hackish, reload is missing and printconf as well. Looks good h@
Revision 1.225 / (download) - annotate - [select for diffs], Wed May 27 04:18:21 2009 UTC (15 years ago) by reyk
Branch: MAIN
Changes since 1.224: +10 -2 lines
Diff to previous 1.224 (colored)
add an option to change the "connect-retry" timer which defaults to 120s. this can be used to decrease the failover time in specific carp'ed IBGP setups. ok henning@
Revision 1.224 / (download) - annotate - [select for diffs], Thu Apr 23 16:20:39 2009 UTC (15 years, 1 month ago) by sthen
Branch: MAIN
Changes since 1.223: +3 -3 lines
Diff to previous 1.223 (colored)
allow bgpctl and bgpd.conf to contain 32-bit ASN written in ASPLAIN format (RFC5396). ok claudio@ henning@
Revision 1.223 / (download) - annotate - [select for diffs], Tue Mar 31 21:03:48 2009 UTC (15 years, 2 months ago) by tobias
Branch: MAIN
Changes since 1.222: +7 -3 lines
Diff to previous 1.222 (colored)
Fixed memory leaks which would occur if the second of two memory allocations fails. looks right deraadt, krw ok henning
Revision 1.222 / (download) - annotate - [select for diffs], Thu Mar 26 13:59:30 2009 UTC (15 years, 2 months ago) by henning
Branch: MAIN
Changes since 1.221: +5 -5 lines
Diff to previous 1.221 (colored)
argh, do not reuse the global trans_as flag to be applied to the peer specific or we had to widen the peer specific flags without need. defien PERRFLAG_TRANS_AS instead and use that
Revision 1.221 / (download) - annotate - [select for diffs], Sun Mar 22 22:34:59 2009 UTC (15 years, 2 months ago) by henning
Branch: MAIN
Changes since 1.220: +8 -1 lines
Diff to previous 1.220 (colored)
make transparent-as yes|no settable peer neighbor with the global setting acting as default. per-neighbor requested by arnold nipper @ decix, ok claudio
Revision 1.220 / (download) - annotate - [select for diffs], Wed Mar 18 19:41:41 2009 UTC (15 years, 2 months ago) by claudio
Branch: MAIN
Changes since 1.219: +5 -1 lines
Diff to previous 1.219 (colored)
Introduce local_as in the peer config. This allows per peer local AS and simplifies some code because it is possible to get the local AS from the peer struct. Local AS needs more patching to work correctly though. OK henning@
Revision 1.219 / (download) - annotate - [select for diffs], Mon Feb 16 18:08:32 2009 UTC (15 years, 3 months ago) by sthen
Branch: MAIN
CVS Tags: OPENBSD_4_5_BASE,
OPENBSD_4_5
Changes since 1.218: +2 -2 lines
Diff to previous 1.218 (colored)
typo in error message; "bigger that" -> "bigger than"
Revision 1.218 / (download) - annotate - [select for diffs], Fri Oct 17 13:02:55 2008 UTC (15 years, 7 months ago) by henning
Branch: MAIN
Changes since 1.217: +5 -3 lines
Diff to previous 1.217 (colored)
bring in the findeol() fix from pfctl. list of affected parsers by sthen
Revision 1.217 / (download) - annotate - [select for diffs], Tue Jul 8 13:14:58 2008 UTC (15 years, 10 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_4_4_BASE,
OPENBSD_4_4
Changes since 1.216: +2 -2 lines
Diff to previous 1.216 (colored)
Use correct format string specifier for int argument. Don't try to print it as string. Fixes crash seen by Peter Bristow. "obviously ok" henning@
Revision 1.216 / (download) - annotate - [select for diffs], Sun Jun 15 10:19:21 2008 UTC (15 years, 11 months ago) by claudio
Branch: MAIN
Changes since 1.215: +4 -1 lines
Diff to previous 1.215 (colored)
Allow bgpd to delete more then one community per filter rule. Fixes PR5807 tested by Raphael Ho long time ago.
Revision 1.215 / (download) - annotate - [select for diffs], Tue Feb 26 10:09:58 2008 UTC (16 years, 3 months ago) by mpf
Branch: MAIN
CVS Tags: OPENBSD_4_3_BASE,
OPENBSD_4_3
Changes since 1.214: +15 -14 lines
Diff to previous 1.214 (colored)
Have popfile() also close the main config file, but only do the final popfile call after yyparse() is done. This also fixes config reload on SIGHUP for some daemons. Spotted by otto@. OK deraadt@
Revision 1.214 / (download) - annotate - [select for diffs], Mon Nov 12 23:59:41 2007 UTC (16 years, 6 months ago) by mpf
Branch: MAIN
Changes since 1.213: +2 -10 lines
Diff to previous 1.213 (colored)
Remove space/tab compression function from lgetc() and replace it with a simple filter in the yylex() loop. The compression in lgetc() didn't happen for quoted strings, thus creating a regression when tabs were used in variables. Some testing by todd@ and pyr@ OK deraadt@
Revision 1.213 / (download) - annotate - [select for diffs], Sat Oct 20 14:24:02 2007 UTC (16 years, 7 months ago) by pyr
Branch: MAIN
Changes since 1.212: +5 -3 lines
Diff to previous 1.212 (colored)
ntpd and bgpd's turn to behave like the others. ok henning@
Revision 1.212 / (download) - annotate - [select for diffs], Tue Oct 16 20:01:23 2007 UTC (16 years, 7 months ago) by mpf
Branch: MAIN
Changes since 1.211: +2 -2 lines
Diff to previous 1.211 (colored)
Allow '=' to end a number in all lexers. Requested and OK deraadt@
Revision 1.211 / (download) - annotate - [select for diffs], Tue Oct 16 06:06:49 2007 UTC (16 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.210: +4 -2 lines
Diff to previous 1.210 (colored)
in the lex... even inside quotes, a \ followed by space or tab should expand to space or tab, and a \ followed by newline should be ignored (as a line continuation). compatible with the needs of hoststated (which has the most strict quoted string requirements), and ifstated (where one commonly does line continuations in strings). pointed out by mpf, discussed with pyr
Revision 1.210 / (download) - annotate - [select for diffs], Sat Oct 13 16:35:20 2007 UTC (16 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.209: +107 -75 lines
Diff to previous 1.209 (colored)
in all these programs using the same pfctl-derived parse.y, re-unify the yylex implementation and the code which interacts with yylex. this also brings the future potential for include support to all of the parsers. in the future please do not silly modifications to one of these files without checking if you are de-unifying the code. checked by developers in all these areas.
Revision 1.209 / (download) - annotate - [select for diffs], Thu Oct 11 14:39:17 2007 UTC (16 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.208: +40 -25 lines
Diff to previous 1.208 (colored)
next step in the yylex unification: handle quoted strings in a nicer fashion as found in hoststated, and make all the code diff as clean as possible. a few issues remain mostly surrounding include support, which will likely be added to more of the grammers soon. ok norby pyr, others
Revision 1.208 / (download) - annotate - [select for diffs], Thu Sep 13 20:39:58 2007 UTC (16 years, 8 months ago) by claudio
Branch: MAIN
Changes since 1.207: +206 -100 lines
Diff to previous 1.207 (colored)
Move parser to use NUMBER as all other parse.y do know. A bit tricky because all the relative metrics need some special handling. OK henning@ deraadt@
Revision 1.207 / (download) - annotate - [select for diffs], Thu May 31 18:38:58 2007 UTC (17 years ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_4_2_BASE,
OPENBSD_4_2
Changes since 1.206: +2 -1 lines
Diff to previous 1.206 (colored)
Init community in get_rule() to COMMUNITY_UNSET. get_rule() is called when set is used inside neighbor or group statements and the result was that these rules no longer machted everything. Problem found by Jon Morby. Please commit henning@
Revision 1.206 / (download) - annotate - [select for diffs], Thu May 31 04:06:04 2007 UTC (17 years ago) by claudio
Branch: MAIN
Changes since 1.205: +5 -1 lines
Diff to previous 1.205 (colored)
Even so some IX in germany likes to abuse 0 as AS community number we should not allow anybody to use 65535. That one is reserved for well known communities. Add in that check again.
Revision 1.205 / (download) - annotate - [select for diffs], Mon May 28 17:26:33 2007 UTC (17 years ago) by henning
Branch: MAIN
Changes since 1.204: +10 -8 lines
Diff to previous 1.204 (colored)
allow matching on communities using 0 in the AS part, that is in use. that unfortunately means we cannot use 0 for "unset". ok claudio
Revision 1.204 / (download) - annotate - [select for diffs], Mon Apr 23 13:04:24 2007 UTC (17 years, 1 month ago) by claudio
Branch: MAIN
Changes since 1.203: +59 -9 lines
Diff to previous 1.203 (colored)
Make bgpd 4-byte AS compatible. All internal representations of AS numbers are now 4-byte instead of the old 2-byte numbers. The only exception are communities because they can not be switched. The RDE will inflate and deflate the ASPATH and AGGREGATOR attributes on demand and create the NEW_ASPATH and NEW_AGGREGATOR field whenever needed. Both old and new stile sessions are supported and can be mixed. Currently new stile sessions with the 4-byte AS number capability turned on are only enabled if one of the AS numbers involved is a 4-byte one. This is based on an initial diff by Geoff Huston gih (at) apnic (dot) net Cleanup, testing and bug-fixes by myself (via AS 3.10). Currently mrt table dumps are producing incompatible output this will be fixed afterwards -- this diff is already big enough. "get it in if you think it is ready" henning@
Revision 1.203 / (download) - annotate - [select for diffs], Tue Apr 17 17:17:45 2007 UTC (17 years, 1 month ago) by claudio
Branch: MAIN
Changes since 1.202: +15 -9 lines
Diff to previous 1.202 (colored)
Make "network inet connected" work again. inet and inet6 became keywords some time ago. OK henning@
Revision 1.202 / (download) - annotate - [select for diffs], Thu Mar 29 13:09:26 2007 UTC (17 years, 2 months ago) by claudio
Branch: MAIN
Changes since 1.201: +30 -9 lines
Diff to previous 1.201 (colored)
Until now prefixlen defaulted to AF_INET if it was used without a prefix. This makes prefixlen filtering for AF_INET6 unnecessary complex. From now on if prefixlen is used alone the address family needs to be specified beforehands via the new inet or inet6 keywords. Remove an old check so that it is finally possible to filter IPv6 prefixes. OK henning@
Revision 1.201 / (download) - annotate - [select for diffs], Tue Mar 6 16:52:48 2007 UTC (17 years, 3 months ago) by henning
Branch: MAIN
CVS Tags: OPENBSD_4_1_BASE,
OPENBSD_4_1
Changes since 1.200: +4 -2 lines
Diff to previous 1.200 (colored)
allow filtering on peer-as (leftmost AS in path), ok claudio
Revision 1.200 / (download) - annotate - [select for diffs], Thu Feb 22 08:34:18 2007 UTC (17 years, 3 months ago) by henning
Branch: MAIN
Changes since 1.199: +2 -2 lines
Diff to previous 1.199 (colored)
KNF
Revision 1.199 / (download) - annotate - [select for diffs], Fri Jan 26 21:34:21 2007 UTC (17 years, 4 months ago) by claudio
Branch: MAIN
Changes since 1.198: +3 -3 lines
Diff to previous 1.198 (colored)
AS 65535 aka USHRT_MAX is reserved and may not be used so adapt the range check. Found while hacking on 4-byte AS support.
Revision 1.198 / (download) - annotate - [select for diffs], Tue Dec 5 12:08:13 2006 UTC (17 years, 6 months ago) by henning
Branch: MAIN
Changes since 1.197: +6 -2 lines
Diff to previous 1.197 (colored)
implement the ttl security hack. since the pc slaves fear the word hack, they call it "Generalized TTL Security Mechanism" officially, RFC 3682. manpage with help from jmc
Revision 1.197 / (download) - annotate - [select for diffs], Tue Nov 28 16:39:34 2006 UTC (17 years, 6 months ago) by henning
Branch: MAIN
Changes since 1.196: +10 -2 lines
Diff to previous 1.196 (colored)
allow bgpd to work on alternate routing tables, claudio ok, jmc manpage help
Revision 1.196 / (download) - annotate - [select for diffs], Wed Oct 25 18:48:29 2006 UTC (17 years, 7 months ago) by henning
Branch: MAIN
Changes since 1.195: +13 -30 lines
Diff to previous 1.195 (colored)
use strtonum, Pierre-Yves Ritschard <pyr@spootnik.org>
Revision 1.195 / (download) - annotate - [select for diffs], Tue Sep 19 12:15:29 2006 UTC (17 years, 8 months ago) by henning
Branch: MAIN
Changes since 1.194: +99 -40 lines
Diff to previous 1.194 (colored)
save the parser state in one big struct, and make it interchangable, aka make the parser restartable. with that implement "include" file support. makes life a _lot_ easier with filter generation tools. claudio ok
Revision 1.194 / (download) - annotate - [select for diffs], Tue Sep 19 11:53:10 2006 UTC (17 years, 8 months ago) by henning
Branch: MAIN
Changes since 1.193: +3 -9 lines
Diff to previous 1.193 (colored)
kill useless debug code that somehow snuck in, some 2 years ago...
Revision 1.193 / (download) - annotate - [select for diffs], Sun Aug 27 16:11:05 2006 UTC (17 years, 9 months ago) by henning
Branch: MAIN
CVS Tags: OPENBSD_4_0_BASE,
OPENBSD_4_0
Changes since 1.192: +2 -1 lines
Diff to previous 1.192 (colored)
add code to announce the restart capability according to draft-ietf-idr-restart. Do not announce actual restart capabilities, so that this only serves as indicator that we are capable of sending and receiving the End-of-RIB marker. leave disabled for now, since the code to actually send the EoR-marker is currently ifdef'd out (to be fixed soon) and we wanna play safe for 4.0. and juniper doesn't support that capability (which is not a problem per se) and at the same time has its capability negotiation code completely fucked up, if a capability is rejected they don't indicate WHICH capability they reject (which makes that a problem, tho still a small one and we cope). claudio ok
Revision 1.192 / (download) - annotate - [select for diffs], Fri Aug 4 12:01:48 2006 UTC (17 years, 10 months ago) by henning
Branch: MAIN
Changes since 1.191: +18 -4 lines
Diff to previous 1.191 (colored)
add "restart" to max-prefix, allows sessions suspended due to reaching max-prefix to be restarted automagically after a given number of minutes requested by "Sylwester S. Biernacki" <obeer@obeer.com>, manpage help jmc, ok claudio
Revision 1.191 / (download) - annotate - [select for diffs], Sat Jun 17 14:06:09 2006 UTC (17 years, 11 months ago) by henning
Branch: MAIN
Changes since 1.190: +21 -2 lines
Diff to previous 1.190 (colored)
implement carp demotion control for bgpd. sessions can be configured to modify the carp demotion counter for a given interface group (usually, "carp", which has all carp interfaces) when the session is not established. once the session is established for 60 seconds, the demotion is cleared. this, used correctly, can prevent a bgpd-box which lost all sessions (and thus has no routes) to be carp master, while the backup has sessions. thought through and partially hacked on a drive from calgary to vancouver with ryan, ok claudio
Revision 1.190 / (download) - annotate - [select for diffs], Wed May 31 02:16:25 2006 UTC (18 years ago) by pat
Branch: MAIN
Changes since 1.189: +5 -1 lines
Diff to previous 1.189 (colored)
Plug memory leaks in error path; ok henning@
Revision 1.189 / (download) - annotate - [select for diffs], Fri May 26 01:06:12 2006 UTC (18 years ago) by deraadt
Branch: MAIN
Changes since 1.188: +2 -4 lines
Diff to previous 1.188 (colored)
\<char> is <char> except for \<newline> -- no exceptions. much like how other things work. ok henning
Revision 1.188 / (download) - annotate - [select for diffs], Wed Apr 26 17:13:14 2006 UTC (18 years, 1 month ago) by claudio
Branch: MAIN
Changes since 1.187: +2 -2 lines
Diff to previous 1.187 (colored)
Remove filterset_names from bgpd.h and replace it with a function because the table was already out of sync now. OK henning@
Revision 1.187 / (download) - annotate - [select for diffs], Tue Apr 18 19:26:55 2006 UTC (18 years, 1 month ago) by henning
Branch: MAIN
Changes since 1.186: +2 -4 lines
Diff to previous 1.186 (colored)
cannot see the string self in the ANNOUNCE STRING prod any more since self is a token now
Revision 1.186 / (download) - annotate - [select for diffs], Tue Apr 18 19:00:52 2006 UTC (18 years, 1 month ago) by claudio
Branch: MAIN
Changes since 1.185: +7 -4 lines
Diff to previous 1.185 (colored)
Fix "announce self" that got broken by "nexthop self". Found by Thomas Bader. OK henning@
Revision 1.185 / (download) - annotate - [select for diffs], Tue Apr 4 12:03:26 2006 UTC (18 years, 2 months ago) by henning
Branch: MAIN
Changes since 1.184: +9 -2 lines
Diff to previous 1.184 (colored)
add "set nexthop self", force nexthop to be set to own address even with IBGP requested & tested Falk Brockerhoff <fb@smartterra.de>, and tony sarendal tested this too. claudio ok
Revision 1.184 / (download) - annotate - [select for diffs], Wed Mar 22 13:30:35 2006 UTC (18 years, 2 months ago) by claudio
Branch: MAIN
Changes since 1.183: +17 -1 lines
Diff to previous 1.183 (colored)
Change the way bgpd selects nexthops. Up until now every route was considered when calculating the nexthop. Now only non BGP routes and not the default route are used unless forced with the new config options nexthop qualify via bgp nexthop qualify via default This change is required for complex setups e.g. where an additional IGP is running. OK henning@
Revision 1.183 / (download) - annotate - [select for diffs], Tue Mar 7 19:47:03 2006 UTC (18 years, 2 months ago) by claudio
Branch: MAIN
Changes since 1.182: +11 -4 lines
Diff to previous 1.182 (colored)
Fix a bug reported by Xavier Beaudouin. On config reloads set parameters inside group blocks were reset to default values. The problem was that group ids changed on reload as soon as a new peer was added to one group. Make sure that group ids remain the same over reloads a similar thing is already done for peer ids. ok henning@
Revision 1.182 / (download) - annotate - [select for diffs], Sat Mar 4 19:33:22 2006 UTC (18 years, 3 months ago) by miod
Branch: MAIN
Changes since 1.181: +5 -5 lines
Diff to previous 1.181 (colored)
Typos grab bag of the month, eyeballed by jmc@
Revision 1.181 / (download) - annotate - [select for diffs], Fri Feb 10 14:34:40 2006 UTC (18 years, 3 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_3_9_BASE,
OPENBSD_3_9
Changes since 1.180: +11 -2 lines
Diff to previous 1.180 (colored)
Make it possible to turn suftreconfig in/out on or off. Default is on for both directions. Manpage update follows. OK henning@
Revision 1.180 / (download) - annotate - [select for diffs], Thu Feb 9 21:05:09 2006 UTC (18 years, 3 months ago) by claudio
Branch: MAIN
Changes since 1.179: +22 -10 lines
Diff to previous 1.179 (colored)
Implement "set community delete 65001:*" and friends. This will remove communities from the path attributes. Useful to make sure that the ones you set later are set by a (evil) peer. OK henning@
Revision 1.179 / (download) - annotate - [select for diffs], Thu Feb 2 14:06:05 2006 UTC (18 years, 4 months ago) by claudio
Branch: MAIN
Changes since 1.178: +9 -1 lines
Diff to previous 1.178 (colored)
Implement new special community "neighbor-as". neighbor-as is expanded on the fly to the remote AS of the current neighbor. This can be used to simplify rulesets in a dramatic way -- going from a script based nightmare down to a handfull rules. jajajaja henning@
Revision 1.178 / (download) - annotate - [select for diffs], Sat Jan 7 14:50:28 2006 UTC (18 years, 4 months ago) by claudio
Branch: MAIN
Changes since 1.177: +2 -1 lines
Diff to previous 1.177 (colored)
Add COMMUNITY_NO_PEER to the list of known wellknown communities else it is not possible to use NO_PEER as community in the config.
Revision 1.177 / (download) - annotate - [select for diffs], Tue Nov 29 16:01:00 2005 UTC (18 years, 6 months ago) by claudio
Branch: MAIN
Changes since 1.176: +2 -2 lines
Diff to previous 1.176 (colored)
superfluous ; OK henning@
Revision 1.176 / (download) - annotate - [select for diffs], Tue Nov 1 21:42:58 2005 UTC (18 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.175: +26 -2 lines
Diff to previous 1.175 (colored)
Sort filter_set with equal type as well. This affects community attributes and set nexthop. Now the full filter set list is sorted.
Revision 1.175 / (download) - annotate - [select for diffs], Tue Nov 1 18:11:24 2005 UTC (18 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.174: +3 -3 lines
Diff to previous 1.174 (colored)
Relative metrics should be stored in relative and not metric. The one is singed the other not.
Revision 1.174 / (download) - annotate - [select for diffs], Tue Nov 1 17:34:58 2005 UTC (18 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.173: +13 -2 lines
Diff to previous 1.173 (colored)
Make sure, that the list of filter_sets is ordered. Makes comparing easier.
Revision 1.173 / (download) - annotate - [select for diffs], Tue Nov 1 10:58:29 2005 UTC (18 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.172: +110 -11 lines
Diff to previous 1.172 (colored)
Switch from the per peer filter set list to a filter-only solution. The default filter_sets are converted into match filter rules that get evaluated first. Simplifies code massively -- mainly the config reload part -- and makes softreconfig out a piece of cake. "get it in" henning@
Revision 1.172 / (download) - annotate - [select for diffs], Wed Oct 19 10:42:06 2005 UTC (18 years, 7 months ago) by henning
Branch: MAIN
Changes since 1.171: +6 -2 lines
Diff to previous 1.171 (colored)
new keyword "down" in neighbor spec, when givenm, the session is not started on bgpd startup but stays in IDLE. requested by claudio
Revision 1.171 / (download) - annotate - [select for diffs], Tue Aug 9 20:27:25 2005 UTC (18 years, 9 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_3_8_BASE,
OPENBSD_3_8
Changes since 1.170: +16 -2 lines
Diff to previous 1.170 (colored)
Introduce new route decision tunable "rde med compare (always|strict)". If set to always the med will also be compared between different AS. The default is strict which is the way the RFC specifies it. OK henning@
Revision 1.170 / (download) - annotate - [select for diffs], Thu Jul 28 20:01:21 2005 UTC (18 years, 10 months ago) by henning
Branch: MAIN
Changes since 1.169: +3 -3 lines
Diff to previous 1.169 (colored)
keywords have to be sorted, and I can't sort properly
Revision 1.169 / (download) - annotate - [select for diffs], Thu Jul 28 16:27:01 2005 UTC (18 years, 10 months ago) by henning
Branch: MAIN
Changes since 1.168: +35 -1 lines
Diff to previous 1.168 (colored)
allow the to be announced SAFIs to be specified per peer, that is part of the multiprotocol shitz claudi needs this to proceed with v6 stuff in the RIB, print stuff and manpage later from whatthehack, claudio ok, marcm schnell schnell schnell
Revision 1.168 / (download) - annotate - [select for diffs], Mon Jul 4 09:37:24 2005 UTC (18 years, 11 months ago) by claudio
Branch: MAIN
Changes since 1.167: +6 -19 lines
Diff to previous 1.167 (colored)
New function filterset_cmp() used two compare two struct filter_set for equality. This function is a bit more complicated than a memcmp() because there are types that need to be considered equal e.g. ACTION_SET_MED and ACTION_SET_RELATIVE_MED. Also ACTION_SET_COMMUNITY and ACTION_SET_NEXTHOP need some special care. OK henning@
Revision 1.167 / (download) - annotate - [select for diffs], Mon Jul 4 09:31:35 2005 UTC (18 years, 11 months ago) by claudio
Branch: MAIN
Changes since 1.166: +4 -4 lines
Diff to previous 1.166 (colored)
Switch some parser rules from "string" to "STRING". "string" is to greedy
and hides possible typos. e.g. set { rtlabel foo localperf 100 } was a valid
syntax but the result was a route label with name "foo localperf 100".
OK henning@
Revision 1.166 / (download) - annotate - [select for diffs], Fri Jul 1 13:38:14 2005 UTC (18 years, 11 months ago) by claudio
Branch: MAIN
Changes since 1.165: +42 -51 lines
Diff to previous 1.165 (colored)
Switch filter_sets form SIMPLEQ to TAILQ, needed for upcomming stuff.
Revision 1.165 / (download) - annotate - [select for diffs], Wed Jun 29 09:43:25 2005 UTC (18 years, 11 months ago) by claudio
Branch: MAIN
Changes since 1.164: +16 -2 lines
Diff to previous 1.164 (colored)
rtlabel support via filter sets. Just use "set rtlabel foobar" in filters network and neighbor statements and the routes are labeled accordingly. While doing that fix some mem-leaks by introducing filterset_free() and remove the free on send option of send_filterset(). This took a bit longer because we need to carefully track the rtlabel id refcnts or bad things may happen on reloads. henning@ looks fine
Revision 1.164 / (download) - annotate - [select for diffs], Thu Jun 9 15:32:03 2005 UTC (18 years, 11 months ago) by claudio
Branch: MAIN
Changes since 1.163: +41 -5 lines
Diff to previous 1.163 (colored)
Change the "network connected|static" statements to "network inet|inet6 connected|static" so that it is possible to distinguish between IPv4 and IPv6 addresses. "network connected|static" is considered deprecated but will be supported as an alias for "network inet connected|static" for some time (one release) to simplify upgrades. This also solve a nasty crash when using "network connected". OK henning@
Revision 1.163 / (download) - annotate - [select for diffs], Tue May 24 17:41:13 2005 UTC (19 years ago) by claudio
Branch: MAIN
Changes since 1.162: +1 -6 lines
Diff to previous 1.162 (colored)
Remove unnecessary error check that is already done in parsecommunity().
Revision 1.162 / (download) - annotate - [select for diffs], Thu Apr 28 13:54:45 2005 UTC (19 years, 1 month ago) by claudio
Branch: MAIN
Changes since 1.161: +22 -1 lines
Diff to previous 1.161 (colored)
Support for "network connected" and "network static" -- announce all directly connected respectively all static routes. The list is auto- matically adjusted as soon as a route changes. OK henning@
Revision 1.161 / (download) - annotate - [select for diffs], Sun Apr 17 16:41:21 2005 UTC (19 years, 1 month ago) by henning
Branch: MAIN
Changes since 1.160: +7 -5 lines
Diff to previous 1.160 (colored)
and don't try to free a null set either
Revision 1.160 / (download) - annotate - [select for diffs], Sun Apr 17 16:36:40 2005 UTC (19 years, 1 month ago) by henning
Branch: MAIN
Changes since 1.159: +2 -2 lines
Diff to previous 1.159 (colored)
fix null pointer deref on filter rules without set part problem reported by "Alexey E. Suslikov" <cruel@texnika.com.ua>
Revision 1.159 / (download) - annotate - [select for diffs], Wed Apr 13 21:16:22 2005 UTC (19 years, 1 month ago) by claudio
Branch: MAIN
Changes since 1.158: +15 -3 lines
Diff to previous 1.158 (colored)
filter_set cleanup. Plug some memleaks and fix an obvious bug in the network case. OK henning@
Revision 1.158 / (download) - annotate - [select for diffs], Tue Apr 12 14:32:00 2005 UTC (19 years, 1 month ago) by claudio
Branch: MAIN
Changes since 1.157: +30 -3 lines
Diff to previous 1.157 (colored)
Introduce a per prefix weight. The weight is used to tip prefixes with equal long AS pathes in one or the other direction. It weights a prefix at a very late stage in the decision process. This is a nice bgpd feature to traffic engineer networks where most AS pathes are equally long. OK henning@
Revision 1.157 / (download) - annotate - [select for diffs], Tue Apr 12 14:26:58 2005 UTC (19 years, 1 month ago) by claudio
Branch: MAIN
Changes since 1.156: +5 -5 lines
Diff to previous 1.156 (colored)
Fix some yyerror messages. Ja ja, INT_MAX is to small... OK henning@
Revision 1.156 / (download) - annotate - [select for diffs], Tue Mar 29 11:13:33 2005 UTC (19 years, 2 months ago) by henning
Branch: MAIN
Changes since 1.155: +18 -4 lines
Diff to previous 1.155 (colored)
walk & free network and filter lists after parse errors ok claudio theo
Revision 1.155 / (download) - annotate - [select for diffs], Mon Mar 28 15:39:32 2005 UTC (19 years, 2 months ago) by henning
Branch: MAIN
Changes since 1.154: +7 -2 lines
Diff to previous 1.154 (colored)
walk & free peer_l after failed config parsing attempts
Revision 1.154 / (download) - annotate - [select for diffs], Wed Mar 23 22:26:34 2005 UTC (19 years, 2 months ago) by claudio
Branch: MAIN
Changes since 1.153: +22 -1 lines
Diff to previous 1.153 (colored)
Move the neighbor checking code from merge_config() to neighbor_consistent() where it belongs. OK henning@
Revision 1.153 / (download) - annotate - [select for diffs], Wed Mar 16 10:50:26 2005 UTC (19 years, 2 months ago) by henning
Branch: MAIN
CVS Tags: OPENBSD_3_7_BASE,
OPENBSD_3_7
Changes since 1.152: +18 -8 lines
Diff to previous 1.152 (colored)
don't try to merge the freshly parsed config into the running one if we had parser failures... debugging session with claudio and jason ackley ok claudio norby deraadt
Revision 1.152 / (download) - annotate - [select for diffs], Mon Mar 14 17:32:04 2005 UTC (19 years, 2 months ago) by claudio
Branch: MAIN
Changes since 1.151: +61 -1 lines
Diff to previous 1.151 (colored)
Allow to modify the metrics in a relative way by prepending the number with a '+' or '-'. e.g. set localpref +20. This is another gem from the FOSDEM lying around on my HD gathering dust. OK henning@
Revision 1.151 / (download) - annotate - [select for diffs], Sun Mar 13 15:27:30 2005 UTC (19 years, 2 months ago) by henning
Branch: MAIN
Changes since 1.150: +3 -3 lines
Diff to previous 1.150 (colored)
s/to many/too many/, from jmc
Revision 1.150 / (download) - annotate - [select for diffs], Fri Mar 11 12:54:19 2005 UTC (19 years, 2 months ago) by claudio
Branch: MAIN
Changes since 1.149: +17 -4 lines
Diff to previous 1.149 (colored)
Finally commit the transparent-as and nexthop no-modify stuff I wrote on the way to FOSDEM. With transparent-as set to ye bgpd will not prepend his own AS for sent updates. NB the neighbor needs to set "enforce neighbor-as no" or it will not like the received AS paths. With set nexthop no-modify bgpd will change the nexthop as done normaly. OK henning@ man page update with help of jmc@
Revision 1.149 / (download) - annotate - [select for diffs], Thu Dec 23 16:09:26 2004 UTC (19 years, 5 months ago) by henning
Branch: MAIN
Changes since 1.148: +2 -2 lines
Diff to previous 1.148 (colored)
KNF
Revision 1.148 / (download) - annotate - [select for diffs], Tue Nov 23 13:07:01 2004 UTC (19 years, 6 months ago) by claudio
Branch: MAIN
Changes since 1.147: +129 -62 lines
Diff to previous 1.147 (colored)
Switch from a single filter_set to a linked list of sets. With this change it is possible to specify multiple communities. This is also the first step to better bgpd filters. OK henning@
Revision 1.147 / (download) - annotate - [select for diffs], Fri Nov 19 14:43:57 2004 UTC (19 years, 6 months ago) by claudio
Branch: MAIN
Changes since 1.146: +3 -3 lines
Diff to previous 1.146 (colored)
For consistency reasons rename struct as_filter to struct filter_as. OK henning@
Revision 1.146 / (download) - annotate - [select for diffs], Fri Nov 19 10:03:34 2004 UTC (19 years, 6 months ago) by claudio
Branch: MAIN
Changes since 1.145: +4 -3 lines
Diff to previous 1.145 (colored)
Make "set network 127.0.0.1" work and use = instead of |= for the blackhole/reject case as $$ is not zeroed. This caused funny results in merge_filterset(). OK henning@
Revision 1.145 / (download) - annotate - [select for diffs], Thu Nov 18 17:07:38 2004 UTC (19 years, 6 months ago) by henning
Branch: MAIN
Changes since 1.144: +6 -3 lines
Diff to previous 1.144 (colored)
add an instance of struct capabilities to peer_conf, and inherit peer->capa.ann from this
Revision 1.144 / (download) - annotate - [select for diffs], Thu Nov 11 10:35:15 2004 UTC (19 years, 6 months ago) by claudio
Branch: MAIN
Changes since 1.143: +25 -1 lines
Diff to previous 1.143 (colored)
New config statement "rde route-age [evaluate|ignore]". If set to evaluate the best path selection will not only be based on the path attributes but also on the age of the prefix. This is an extension to the RFC. The default is ignore but previously it was implicitly set to evaluate. OK henning@ man page OK jaredy@ jmc@
Revision 1.143 / (download) - annotate - [select for diffs], Fri Nov 5 14:30:54 2004 UTC (19 years, 7 months ago) by henning
Branch: MAIN
Changes since 1.142: +3 -1 lines
Diff to previous 1.142 (colored)
memleaks in error pathes, again awesome work from Patrick Latifi
Revision 1.142 / (download) - annotate - [select for diffs], Thu Nov 4 14:05:46 2004 UTC (19 years, 7 months ago) by henning
Branch: MAIN
Changes since 1.141: +12 -16 lines
Diff to previous 1.141 (colored)
(try to) open the config file earlier, makes the error handling easier in case we cannot. in fact there was one missing free(), thus this diff plugs a little memory hole (without real-world relevance I guess). From Patrick Latifi, thanks!
Revision 1.141 / (download) - annotate - [select for diffs], Tue Oct 19 12:02:50 2004 UTC (19 years, 7 months ago) by henning
Branch: MAIN
Changes since 1.140: +15 -2 lines
Diff to previous 1.140 (colored)
allow neighbor definitions to depend on interface state. with this, if a neighbor is configured as dependent on carp0 for example, the neighbor will remain in state IDLE as long as carp0 is not master. once carp0 becomes master the session(s) depending on it immediately go to CONNECT (or ACTIVE, if they're configured passive), reducing failover time. claudio ok, with some input from ryan as well
Revision 1.140 / (download) - annotate - [select for diffs], Tue Sep 28 12:09:31 2004 UTC (19 years, 8 months ago) by claudio
Branch: MAIN
Changes since 1.139: +20 -8 lines
Diff to previous 1.139 (colored)
Add prepend-neighbor feature. Prepend the remote-as n times similar to prepend-self. Only for incomming UPDATEs. OK henning@
Revision 1.139 / (download) - annotate - [select for diffs], Tue Aug 24 15:33:48 2004 UTC (19 years, 9 months ago) by henning
Branch: MAIN
CVS Tags: OPENBSD_3_6_BASE,
OPENBSD_3_6
Changes since 1.138: +3 -2 lines
Diff to previous 1.138 (colored)
don't do the pftable_exists() check if we are running -n, needs root
Revision 1.138 / (download) - annotate - [select for diffs], Tue Aug 24 15:30:07 2004 UTC (19 years, 9 months ago) by henning
Branch: MAIN
Changes since 1.137: +2 -1 lines
Diff to previous 1.137 (colored)
correctly inherit conf->opts from xconf->opts in parse_config(), foudn by claudio
Revision 1.137 / (download) - annotate - [select for diffs], Tue Aug 24 12:59:41 2004 UTC (19 years, 9 months ago) by claudio
Branch: MAIN
Changes since 1.136: +2 -4 lines
Diff to previous 1.136 (colored)
back out rev. 1.136. I commited that unintentionally and it does not work without other nastier changes in parse.y.
Revision 1.136 / (download) - annotate - [select for diffs], Fri Aug 20 15:31:56 2004 UTC (19 years, 9 months ago) by claudio
Branch: MAIN
Changes since 1.135: +3 -1 lines
Diff to previous 1.135 (colored)
Grrr. copy paste error. Dump MED and not local-pref. OK henning@
Revision 1.135 / (download) - annotate - [select for diffs], Fri Aug 20 14:56:09 2004 UTC (19 years, 9 months ago) by claudio
Branch: MAIN
Changes since 1.134: +3 -3 lines
Diff to previous 1.134 (colored)
foobar-AS -> foobar-as as already done in some places. mIXeD cASe keywords are not fluffy. OK henning@
Revision 1.134 / (download) - annotate - [select for diffs], Tue Aug 17 16:06:39 2004 UTC (19 years, 9 months ago) by claudio
Branch: MAIN
Changes since 1.133: +34 -25 lines
Diff to previous 1.133 (colored)
Merge set constructs in neighbor statements. This fixes a common problem: previous sets were cleared by the last one. OK henning@
Revision 1.133 / (download) - annotate - [select for diffs], Fri Aug 13 14:03:20 2004 UTC (19 years, 9 months ago) by claudio
Branch: MAIN
Changes since 1.132: +17 -5 lines
Diff to previous 1.132 (colored)
Fix minor issues with IPv6 dumps and add a function for dumping the RIB table protocol independent. This new dump format is not (yet) supported by the mrtd route_btoa tool. OK henning@
Revision 1.132 / (download) - annotate - [select for diffs], Tue Aug 10 13:02:08 2004 UTC (19 years, 9 months ago) by claudio
Branch: MAIN
Changes since 1.131: +2 -8 lines
Diff to previous 1.131 (colored)
switch nexthop in struct filter_set form struct in_addr to struct bgpd_addr OK henning@
Revision 1.131 / (download) - annotate - [select for diffs], Thu Aug 5 18:40:44 2004 UTC (19 years, 10 months ago) by claudio
Branch: MAIN
Changes since 1.130: +3 -3 lines
Diff to previous 1.130 (colored)
tab at EOL
Revision 1.130 / (download) - annotate - [select for diffs], Tue Aug 3 13:46:22 2004 UTC (19 years, 10 months ago) by claudio
Branch: MAIN
Changes since 1.129: +5 -1 lines
Diff to previous 1.129 (colored)
deny hilarious prepends. OK henning@
Revision 1.129 / (download) - annotate - [select for diffs], Mon Aug 2 21:30:55 2004 UTC (19 years, 10 months ago) by claudio
Branch: MAIN
Changes since 1.128: +3 -1 lines
Diff to previous 1.128 (colored)
Fix a possible mem leak and add a missing yyerror(). OK henning@
Revision 1.128 / (download) - annotate - [select for diffs], Fri Jul 30 14:44:30 2004 UTC (19 years, 10 months ago) by claudio
Branch: MAIN
Changes since 1.127: +4 -1 lines
Diff to previous 1.127 (colored)
Add new announce type "default-route" which will only announce the default route to the specified neighbor. Idea and OK henning@
Revision 1.127 / (download) - annotate - [select for diffs], Wed Jul 28 17:05:08 2004 UTC (19 years, 10 months ago) by henning
Branch: MAIN
Changes since 1.126: +7 -2 lines
Diff to previous 1.126 (colored)
allow "set metric" as synonym for "set med", from discussion with & ok claudio
Revision 1.126 / (download) - annotate - [select for diffs], Wed Jul 28 15:10:01 2004 UTC (19 years, 10 months ago) by henning
Branch: MAIN
Changes since 1.125: +19 -3 lines
Diff to previous 1.125 (colored)
allow prefix lists inside prefix lists
Revision 1.125 / (download) - annotate - [select for diffs], Wed Jul 28 15:05:20 2004 UTC (19 years, 10 months ago) by henning
Branch: MAIN
Changes since 1.124: +19 -4 lines
Diff to previous 1.124 (colored)
allow AS lists inside AS lists
Revision 1.124 / (download) - annotate - [select for diffs], Wed Jul 28 14:43:54 2004 UTC (19 years, 10 months ago) by henning
Branch: MAIN
Changes since 1.123: +17 -1 lines
Diff to previous 1.123 (colored)
prevent the filter elements from beeing given more than once
Revision 1.123 / (download) - annotate - [select for diffs], Wed Jul 28 14:15:28 2004 UTC (19 years, 10 months ago) by henning
Branch: MAIN
Changes since 1.122: +93 -24 lines
Diff to previous 1.122 (colored)
add list expansion for AS in filter rules
actually, it's list expansion on steroids, this works:
deny from any { source-AS { 3320 852 } AS { 4589 174 } }
Revision 1.122 / (download) - annotate - [select for diffs], Wed Jul 28 12:46:36 2004 UTC (19 years, 10 months ago) by henning
Branch: MAIN
Changes since 1.121: +25 -25 lines
Diff to previous 1.121 (colored)
rework the filter_match production and everything below - fixes a couple of bugs
Revision 1.121 / (download) - annotate - [select for diffs], Tue Jul 27 20:26:59 2004 UTC (19 years, 10 months ago) by henning
Branch: MAIN
Changes since 1.120: +102 -61 lines
Diff to previous 1.120 (colored)
add support for {} expansion for prefix in the filter rules, claudio ok
Revision 1.120 / (download) - annotate - [select for diffs], Tue Jul 27 13:27:42 2004 UTC (19 years, 10 months ago) by henning
Branch: MAIN
Changes since 1.119: +68 -24 lines
Diff to previous 1.119 (colored)
suport macro expansion for peer spec in filter rules
things like
deny from { $peer1 $peer2 } prefix 192.168.0.0/16
are now possible.
Revision 1.119 / (download) - annotate - [select for diffs], Tue Jul 13 17:57:20 2004 UTC (19 years, 10 months ago) by jaredy
Branch: MAIN
Changes since 1.118: +2 -2 lines
Diff to previous 1.118 (colored)
fix some typos ok henning otto
Revision 1.118 / (download) - annotate - [select for diffs], Mon Jul 5 16:54:53 2004 UTC (19 years, 11 months ago) by henning
Branch: MAIN
Changes since 1.117: +10 -2 lines
Diff to previous 1.117 (colored)
implement "set nexthop blackhole" and "set nexthop reject" blackhole/reject routes will be entered to the kernel for matching ones. this is intended to be used with the Cymru Bogon Route Server Project (http://www.cymru.com/BGP/bogon-rs.html) and similar services, claudio ok
Revision 1.117 / (download) - annotate - [select for diffs], Sat Jul 3 17:19:59 2004 UTC (19 years, 11 months ago) by claudio
Branch: MAIN
Changes since 1.116: +17 -17 lines
Diff to previous 1.116 (colored)
Switch mrt dumping to fd passing. This gives some speed up when extensive dumping is done. Acctually mrt dumps were broken because of the fd passing. The nice side effect is a much cleaner code, especially in the parent process. OK henning@
Revision 1.116 / (download) - annotate - [select for diffs], Wed Jun 23 00:11:27 2004 UTC (19 years, 11 months ago) by claudio
Branch: MAIN
Changes since 1.115: +5 -1 lines
Diff to previous 1.115 (colored)
Support rfc 3765 which adds a new well known community NOPEER. OK henning@
Revision 1.115 / (download) - annotate - [select for diffs], Sun Jun 20 18:35:12 2004 UTC (19 years, 11 months ago) by henning
Branch: MAIN
Changes since 1.114: +10 -10 lines
Diff to previous 1.114 (colored)
at least somewhat consistently name the TAILQ_ENTRYs... this confused me more than once
Revision 1.114 / (download) - annotate - [select for diffs], Tue Jun 8 14:34:48 2004 UTC (19 years, 11 months ago) by henning
Branch: MAIN
Changes since 1.113: +12 -6 lines
Diff to previous 1.113 (colored)
fix a few memory leaks in error paths and one in the pftable path, and simplyfy the prefix production error handling slightly from Mr. Memleak Terminator Patrick Latifi <pat@eyeo.org>, kickass!
Revision 1.113 / (download) - annotate - [select for diffs], Sun Jun 6 17:38:10 2004 UTC (20 years ago) by henning
Branch: MAIN
Changes since 1.112: +27 -16 lines
Diff to previous 1.112 (colored)
rework bgpd's handling of listening sockets. instead of one for each supported address familiy, keep a tailq of an arbitary number of them. the new struct listen_addr contains the sockaddr and the fd. this fixes quite some nasty behaviour which was a consequence of the previous model. looks right deraadt@, and discussed with claudio
Revision 1.112 / (download) - annotate - [select for diffs], Fri May 21 15:36:40 2004 UTC (20 years ago) by claudio
Branch: MAIN
Changes since 1.111: +29 -2 lines
Diff to previous 1.111 (colored)
RFC 2796 bgp route reflector support. This is very useful in conjunction with templates. looks good, go for it henning@
Revision 1.111 / (download) - annotate - [select for diffs], Mon May 17 12:39:32 2004 UTC (20 years ago) by djm
Branch: MAIN
Changes since 1.110: +79 -23 lines
Diff to previous 1.110 (colored)
extend filter language to allow basic setting of COMMUNITIES attribute. ok claudio@
Revision 1.110 / (download) - annotate - [select for diffs], Sat May 8 20:58:00 2004 UTC (20 years ago) by henning
Branch: MAIN
Changes since 1.109: +2 -2 lines
Diff to previous 1.109 (colored)
off by one in key too long detection
Revision 1.109 / (download) - annotate - [select for diffs], Sat May 8 20:56:10 2004 UTC (20 years ago) by henning
Branch: MAIN
Changes since 1.108: +8 -2 lines
Diff to previous 1.108 (colored)
fix redefinition detection with manual keyes ipsec
Revision 1.108 / (download) - annotate - [select for diffs], Sat May 8 20:50:29 2004 UTC (20 years ago) by henning
Branch: MAIN
Changes since 1.107: +12 -1 lines
Diff to previous 1.107 (colored)
with manual keyed ipsec, we need keys and spis for both directions - enforce that
Revision 1.107 / (download) - annotate - [select for diffs], Sat May 8 19:17:20 2004 UTC (20 years ago) by henning
Branch: MAIN
Changes since 1.106: +7 -4 lines
Diff to previous 1.106 (colored)
KNF
Revision 1.106 / (download) - annotate - [select for diffs], Sat May 8 19:09:34 2004 UTC (20 years ago) by henning
Branch: MAIN
Changes since 1.105: +26 -8 lines
Diff to previous 1.105 (colored)
break out the consistency checking for neighbors in its own function, and verify that peers with ipsec have local-address specified (needed to set up the flows...)
Revision 1.105 / (download) - annotate - [select for diffs], Sat May 8 18:04:14 2004 UTC (20 years ago) by henning
Branch: MAIN
Changes since 1.104: +7 -3 lines
Diff to previous 1.104 (colored)
allow for neighbor statements without { parameters } block; everything
can be inherited from the group
Revision 1.104 / (download) - annotate - [select for diffs], Sat May 8 17:40:53 2004 UTC (20 years ago) by henning
Branch: MAIN
Changes since 1.103: +23 -13 lines
Diff to previous 1.103 (colored)
add support for ipsec ah with manual keys, pfkey part already does so, and flesh parser out a bit. also add support for printing ipsec ah with manual keys in printconf
Revision 1.103 / (download) - annotate - [select for diffs], Sat May 8 17:23:20 2004 UTC (20 years ago) by henning
Branch: MAIN
Changes since 1.102: +48 -68 lines
Diff to previous 1.102 (colored)
factor out the string -> key conversion code used for md5sig and twice for ipsec
Revision 1.102 / (download) - annotate - [select for diffs], Fri May 7 10:06:15 2004 UTC (20 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.101: +22 -2 lines
Diff to previous 1.101 (colored)
add a filter option to dump prefixes learned in UPDATEs into a PF table, intended for building realtime BGP blacklists (e.g. with spamd); ok claudio & henning
Revision 1.101 / (download) - annotate - [select for diffs], Thu May 6 14:41:47 2004 UTC (20 years, 1 month ago) by henning
Branch: MAIN
Changes since 1.100: +3 -1 lines
Diff to previous 1.100 (colored)
we need a seperate field for the md5 key len, can't use strlen, noticed by markus some time ago
Revision 1.100 / (download) - annotate - [select for diffs], Tue May 4 11:34:01 2004 UTC (20 years, 1 month ago) by claudio
Branch: MAIN
Changes since 1.99: +5 -3 lines
Diff to previous 1.99 (colored)
Correctly plug the memory leak and fix a error message.
Revision 1.99 / (download) - annotate - [select for diffs], Fri Apr 30 17:34:05 2004 UTC (20 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.98: +8 -3 lines
Diff to previous 1.98 (colored)
plug memory leaks; henning ok
Revision 1.98 / (download) - annotate - [select for diffs], Fri Apr 30 05:47:50 2004 UTC (20 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.97: +2 -2 lines
Diff to previous 1.97 (colored)
spelling
Revision 1.97 / (download) - annotate - [select for diffs], Thu Apr 29 19:56:04 2004 UTC (20 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.96: +2 -2 lines
Diff to previous 1.96 (colored)
sock -> fd; ok henning
Revision 1.96 / (download) - annotate - [select for diffs], Wed Apr 28 06:43:04 2004 UTC (20 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.95: +2 -1 lines
Diff to previous 1.95 (colored)
FILE * leak; henning ja ja ja ja
Revision 1.95 / (download) - annotate - [select for diffs], Wed Apr 28 04:34:46 2004 UTC (20 years, 1 month ago) by henning
Branch: MAIN
Changes since 1.94: +10 -3 lines
Diff to previous 1.94 (colored)
allow ah/esp spec with IKE, markus ok
Revision 1.94 / (download) - annotate - [select for diffs], Wed Apr 28 01:36:56 2004 UTC (20 years, 1 month ago) by henning
Branch: MAIN
Changes since 1.93: +17 -1 lines
Diff to previous 1.93 (colored)
prevent multiple auth methods to be specified
Revision 1.93 / (download) - annotate - [select for diffs], Wed Apr 28 00:38:39 2004 UTC (20 years, 1 month ago) by henning
Branch: MAIN
Changes since 1.92: +5 -5 lines
Diff to previous 1.92 (colored)
prefix the auth related defines by AUTH_, we had a name clash, markus ok
Revision 1.92 / (download) - annotate - [select for diffs], Tue Apr 27 23:15:28 2004 UTC (20 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.91: +3 -1 lines
Diff to previous 1.91 (colored)
set conf.auth.methodod for md5, too
Revision 1.91 / (download) - annotate - [select for diffs], Tue Apr 27 23:02:41 2004 UTC (20 years, 1 month ago) by henning
Branch: MAIN
Changes since 1.90: +2 -2 lines
Diff to previous 1.90 (colored)
ike before in
Revision 1.90 / (download) - annotate - [select for diffs], Tue Apr 27 22:42:13 2004 UTC (20 years, 1 month ago) by henning
Branch: MAIN
Changes since 1.89: +25 -25 lines
Diff to previous 1.89 (colored)
rename the ipsec struct to auth, move all tcpmd5 related fields in there, and add a generic "method" field that expresses what method (none/md5sig/ipsec manual/ipsec ike) is in use markus ok
Revision 1.89 / (download) - annotate - [select for diffs], Tue Apr 27 22:06:54 2004 UTC (20 years, 1 month ago) by henning
Branch: MAIN
Changes since 1.88: +8 -2 lines
Diff to previous 1.88 (colored)
parser parts for ipsec ike, markus ok
Revision 1.88 / (download) - annotate - [select for diffs], Tue Apr 27 04:38:12 2004 UTC (20 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.87: +3 -3 lines
Diff to previous 1.87 (colored)
crud stripping; henning ok
Revision 1.87 / (download) - annotate - [select for diffs], Tue Apr 27 02:35:24 2004 UTC (20 years, 1 month ago) by henning
Branch: MAIN
Changes since 1.86: +2 -2 lines
Diff to previous 1.86 (colored)
curpeer must be set back to curgroup, not NULL
Revision 1.86 / (download) - annotate - [select for diffs], Mon Apr 26 20:07:43 2004 UTC (20 years, 1 month ago) by henning
Branch: MAIN
Changes since 1.85: +33 -33 lines
Diff to previous 1.85 (colored)
need more checks on the keys
Revision 1.85 / (download) - annotate - [select for diffs], Mon Apr 26 19:11:01 2004 UTC (20 years, 1 month ago) by henning
Branch: MAIN
Changes since 1.84: +5 -3 lines
Diff to previous 1.84 (colored)
unbreak
Revision 1.84 / (download) - annotate - [select for diffs], Mon Apr 26 08:51:10 2004 UTC (20 years, 1 month ago) by henning
Branch: MAIN
Changes since 1.83: +2 -1 lines
Diff to previous 1.83 (colored)
don't forget to set keylen, markus
Revision 1.83 / (download) - annotate - [select for diffs], Mon Apr 26 07:58:04 2004 UTC (20 years, 1 month ago) by henning
Branch: MAIN
Changes since 1.82: +134 -1 lines
Diff to previous 1.82 (colored)
parser support for setting ipsec keys and such, markus ok
Revision 1.82 / (download) - annotate - [select for diffs], Sun Apr 25 18:21:18 2004 UTC (20 years, 1 month ago) by henning
Branch: MAIN
Changes since 1.81: +2 -2 lines
Diff to previous 1.81 (colored)
reserve upper half of the (internal) ID space for cloned neighbors, claudio ok
Revision 1.81 / (download) - annotate - [select for diffs], Sun Apr 25 17:51:46 2004 UTC (20 years, 1 month ago) by henning
Branch: MAIN
Changes since 1.80: +9 -6 lines
Diff to previous 1.80 (colored)
fix check wether local-address and neighbor are of same address family - we have to delay this because the current context might be a group nd not a single neighbor, claudio ok
Revision 1.80 / (download) - annotate - [select for diffs], Sun Apr 25 07:16:24 2004 UTC (20 years, 1 month ago) by henning
Branch: MAIN
Changes since 1.79: +18 -4 lines
Diff to previous 1.79 (colored)
add "neighbor cloning", allowing you to specify a prefix and prefixlength instead of the neighbor's IP address. WHen a connection comes in matching that mask we clone the neighbor spec. IPv6 match code by itojun, rde feeding by claudio, ok claudio
Revision 1.79 / (download) - annotate - [select for diffs], Sat Apr 24 19:36:19 2004 UTC (20 years, 1 month ago) by henning
Branch: MAIN
Changes since 1.78: +23 -8 lines
Diff to previous 1.78 (colored)
some rather boring windows talk at cansecwest made me hack initial support for IPv6 transport parts based on a diff from Brent Graveland ok itojun@ claudio@
Revision 1.78 / (download) - annotate - [select for diffs], Thu Mar 11 19:01:08 2004 UTC (20 years, 2 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_3_5_BASE,
OPENBSD_3_5
Changes since 1.77: +2 -2 lines
Diff to previous 1.77 (colored)
There is no cnumber token in the parser so don't define a type for it.
Revision 1.77 / (download) - annotate - [select for diffs], Thu Mar 11 17:47:48 2004 UTC (20 years, 2 months ago) by henning
Branch: MAIN
Changes since 1.76: +2 -2 lines
Diff to previous 1.76 (colored)
yes, the keyword table has to be sorted ;-)
Revision 1.76 / (download) - annotate - [select for diffs], Thu Mar 11 17:12:51 2004 UTC (20 years, 2 months ago) by claudio
Branch: MAIN
Changes since 1.75: +46 -9 lines
Diff to previous 1.75 (colored)
Add basic support for communities. Currently it is only possible to filter on communities, e.g match from any community 24640:* set localpref 666 OK henning@
Revision 1.75 / (download) - annotate - [select for diffs], Wed Mar 10 11:40:33 2004 UTC (20 years, 2 months ago) by henning
Branch: MAIN
Changes since 1.74: +2 -2 lines
Diff to previous 1.74 (colored)
oups
Revision 1.74 / (download) - annotate - [select for diffs], Wed Mar 10 11:38:32 2004 UTC (20 years, 2 months ago) by henning
Branch: MAIN
Changes since 1.73: +6 -1 lines
Diff to previous 1.73 (colored)
implement framework to announce capabilities in the open messages we send. this includes handling "unsupported optional parameter" notifications from the peer and retrying without capability announcement. claudio ok
Revision 1.73 / (download) - annotate - [select for diffs], Mon Mar 8 10:48:06 2004 UTC (20 years, 2 months ago) by henning
Branch: MAIN
Changes since 1.72: +27 -10 lines
Diff to previous 1.72 (colored)
mem leaks in error pathes, mostly from Patrick Latifi
Revision 1.72 / (download) - annotate - [select for diffs], Mon Mar 8 10:33:34 2004 UTC (20 years, 2 months ago) by henning
Branch: MAIN
Changes since 1.71: +7 -3 lines
Diff to previous 1.71 (colored)
typo in format strin (ugh!) and few missing free()s, partitially from Patrick Latifi
Revision 1.71 / (download) - annotate - [select for diffs], Sat Mar 6 21:41:44 2004 UTC (20 years, 3 months ago) by henning
Branch: MAIN
Changes since 1.70: +4 -5 lines
Diff to previous 1.70 (colored)
plug a memory leak in the lexer.
the issue is this code fragement from yylex():
. token = lookup(buf);
. yylval.v.string = strdup(buf);
. if (yylval.v.string == NULL)
. fatal("yylex: strdup");
. return (token);
lookup() tries to match buf against a list of keywords, and returns the
associated token if it has a match, or the token STRING otherwise.
STRING is the only token that needs (and free()s) yylval.v.string. however,
we assigned memory for it with the strdup in yylex for each and every token.
the fix is obviously only setting yylval.v.string when lookup() returns STRING.
Patrick Latifi noticed that something was leaking with token handling,
analysis and fix by me.
ok deraadt@
Revision 1.70 / (download) - annotate - [select for diffs], Fri Mar 5 21:52:45 2004 UTC (20 years, 3 months ago) by henning
Branch: MAIN
Changes since 1.69: +15 -1 lines
Diff to previous 1.69 (colored)
plug a couple of memory leaks, Patrick Latifi
Revision 1.69 / (download) - annotate - [select for diffs], Tue Mar 2 20:00:14 2004 UTC (20 years, 3 months ago) by henning
Branch: MAIN
Changes since 1.68: +2 -2 lines
Diff to previous 1.68 (colored)
KNF
Revision 1.68 / (download) - annotate - [select for diffs], Tue Mar 2 19:45:04 2004 UTC (20 years, 3 months ago) by henning
Branch: MAIN
Changes since 1.67: +73 -39 lines
Diff to previous 1.67 (colored)
flesh out the address and prefix parsing, include v6 code, but reject v6 upwards, claudio ok
Revision 1.67 / (download) - annotate - [select for diffs], Mon Mar 1 22:58:12 2004 UTC (20 years, 3 months ago) by henning
Branch: MAIN
Changes since 1.66: +11 -4 lines
Diff to previous 1.66 (colored)
make sure AS doesn't exceed upper bound, issue pointed out by Brent Graveland <brent@graveland.net>
Revision 1.66 / (download) - annotate - [select for diffs], Mon Mar 1 17:04:07 2004 UTC (20 years, 3 months ago) by henning
Branch: MAIN
Changes since 1.65: +2 -2 lines
Diff to previous 1.65 (colored)
KNF
Revision 1.65 / (download) - annotate - [select for diffs], Mon Mar 1 16:47:06 2004 UTC (20 years, 3 months ago) by claudio
Branch: MAIN
Changes since 1.64: +8 -3 lines
Diff to previous 1.64 (colored)
Sync printconfig.c with parse.y. OK henning@
Revision 1.64 / (download) - annotate - [select for diffs], Mon Mar 1 16:02:01 2004 UTC (20 years, 3 months ago) by claudio
Branch: MAIN
Changes since 1.63: +9 -2 lines
Diff to previous 1.63 (colored)
Make it possible to diable the decision process. This is a feature only useful for route-collectors. OK henning@
Revision 1.63 / (download) - annotate - [select for diffs], Thu Feb 26 14:00:33 2004 UTC (20 years, 3 months ago) by claudio
Branch: MAIN
Changes since 1.62: +10 -1 lines
Diff to previous 1.62 (colored)
Implement "enforce neighbor-as yes|no" which is by default on for ebgp neighbors. While doing that check also that the nexthop is valid (not class D or E and not in 127/8 range). Kill some TODO and XXX and rename the british neighbour to neighbor as used everywhere else. OK henning@
Revision 1.62 / (download) - annotate - [select for diffs], Thu Feb 26 13:54:50 2004 UTC (20 years, 3 months ago) by claudio
Branch: MAIN
Changes since 1.61: +2 -2 lines
Diff to previous 1.61 (colored)
No comma at the end of the keywords array. OK henning@
Revision 1.61 / (download) - annotate - [select for diffs], Thu Feb 26 09:53:58 2004 UTC (20 years, 3 months ago) by claudio
Branch: MAIN
Changes since 1.60: +15 -19 lines
Diff to previous 1.60 (colored)
Add per netwok definition filter sets. So you can now use network 10.0.0.0/8 set localpref 100 OK henning@
Revision 1.60 / (download) - annotate - [select for diffs], Wed Feb 25 19:48:18 2004 UTC (20 years, 3 months ago) by claudio
Branch: MAIN
Changes since 1.59: +44 -24 lines
Diff to previous 1.59 (colored)
Rewrite some parts of the mrt dump handling. It is no longer possible to dump the filtered updates but therefore it is now possible to dump per neighbor and also to dump the outgoing messages. OK henning@
Revision 1.59 / (download) - annotate - [select for diffs], Wed Feb 25 14:25:22 2004 UTC (20 years, 3 months ago) by henning
Branch: MAIN
Changes since 1.58: +7 -5 lines
Diff to previous 1.58 (colored)
kill "updates" keyword and use a ordinary string + strcmp at the one place where it's needed, claudio ok
Revision 1.58 / (download) - annotate - [select for diffs], Tue Feb 24 15:43:03 2004 UTC (20 years, 3 months ago) by claudio
Branch: MAIN
Changes since 1.57: +69 -13 lines
Diff to previous 1.57 (colored)
Enhance filters. prefixlen knows now 8-24 and 8><24. It is possible to use prefix 10.0.0.0/8 prefixlen >= 8 and set localpref 100 can be set on a per neighbor basis. OK henning@
Revision 1.57 / (download) - annotate - [select for diffs], Thu Feb 19 13:54:58 2004 UTC (20 years, 3 months ago) by claudio
Branch: MAIN
Changes since 1.56: +2 -1 lines
Diff to previous 1.56 (colored)
Make the code more portable. Add some missing header files and make the use of the queue(3) makros more portable. OK henning@ some time ago.
Revision 1.56 / (download) - annotate - [select for diffs], Tue Feb 10 23:10:23 2004 UTC (20 years, 3 months ago) by henning
Branch: MAIN
Changes since 1.55: +7 -1 lines
Diff to previous 1.55 (colored)
enforce config file secrecy (correct owner, no rights for group/world) help and ok theo
Revision 1.55 / (download) - annotate - [select for diffs], Mon Feb 9 01:46:34 2004 UTC (20 years, 3 months ago) by henning
Branch: MAIN
Changes since 1.54: +1 -2 lines
Diff to previous 1.54 (colored)
make max_prefix an u_int32_t instead of an u_long and change its meaning as in 0 means no limit insytead of setting it to ULONG_MAX for no limit
Revision 1.54 / (download) - annotate - [select for diffs], Mon Feb 9 00:00:41 2004 UTC (20 years, 3 months ago) by henning
Branch: MAIN
Changes since 1.53: +1 -6 lines
Diff to previous 1.53 (colored)
move printing the config to where it belongs
Revision 1.53 / (download) - annotate - [select for diffs], Sun Feb 8 23:44:57 2004 UTC (20 years, 3 months ago) by henning
Branch: MAIN
Changes since 1.52: +2 -117 lines
Diff to previous 1.52 (colored)
factor out functions to print the configuration (rules only for now) will become more and needed by bgpctl too
Revision 1.52 / (download) - annotate - [select for diffs], Fri Feb 6 20:37:53 2004 UTC (20 years, 3 months ago) by henning
Branch: MAIN
Changes since 1.51: +31 -17 lines
Diff to previous 1.51 (colored)
use a struct bgpd_addr for the address token instead of a in_addr, claudio ok
Revision 1.51 / (download) - annotate - [select for diffs], Fri Feb 6 20:18:18 2004 UTC (20 years, 3 months ago) by henning
Branch: MAIN
Changes since 1.50: +340 -10 lines
Diff to previous 1.50 (colored)
initial cut at the filtering language. structs etc to describe a rule, filter rule list management parser groks filter defs now. claudio ok, discussion & help also jakob theo
Revision 1.50 / (download) - annotate - [select for diffs], Thu Feb 5 23:50:54 2004 UTC (20 years, 4 months ago) by henning
Branch: MAIN
Changes since 1.49: +4 -4 lines
Diff to previous 1.49 (colored)
allocate curpeer little earlier. there's a rather obscure error path where teh later allocation causes trouble, claudio ok
Revision 1.49 / (download) - annotate - [select for diffs], Thu Feb 5 14:42:45 2004 UTC (20 years, 4 months ago) by henning
Branch: MAIN
Changes since 1.48: +6 -5 lines
Diff to previous 1.48 (colored)
error message tuning more power!
Revision 1.48 / (download) - annotate - [select for diffs], Thu Feb 5 14:29:09 2004 UTC (20 years, 4 months ago) by henning
Branch: MAIN
Changes since 1.47: +14 -7 lines
Diff to previous 1.47 (colored)
introduce group IDs. will be needed for filtering (or rather, ease things there) just assign them from the neighbor ID pool - fortunately, that is rather simple, we just have to make sure that all members of the group and (later) all filter rules pointing to the group agree on the ID, but it does not need to stay the same across config reloads. ok claudio@
Revision 1.47 / (download) - annotate - [select for diffs], Tue Feb 3 22:28:05 2004 UTC (20 years, 4 months ago) by henning
Branch: MAIN
Changes since 1.46: +32 -0 lines
Diff to previous 1.46 (colored)
replace the previous hack for the internal peer id allocator (which just used the peer's ip address as u_int32_t) by a real id allocator that tries to keep locality high. claudio ok
Revision 1.46 / (download) - annotate - [select for diffs], Tue Feb 3 17:36:30 2004 UTC (20 years, 4 months ago) by henning
Branch: MAIN
Changes since 1.45: +9 -2 lines
Diff to previous 1.45 (colored)
defer free()ing the previous peer list until after parsing the config file so in the parser we can access it. will be needed soon.
Revision 1.45 / (download) - annotate - [select for diffs], Sun Feb 1 19:46:05 2004 UTC (20 years, 4 months ago) by claudio
Branch: MAIN
Changes since 1.44: +2 -6 lines
Diff to previous 1.44 (colored)
Set sane default announce types according to the peer type. For IBGP use announce all and for EBGP use announce self. OK henning@
Revision 1.44 / (download) - annotate - [select for diffs], Wed Jan 28 23:49:55 2004 UTC (20 years, 4 months ago) by henning
Branch: MAIN
Changes since 1.43: +8 -3 lines
Diff to previous 1.43 (colored)
properly whine when password is too long instead of silently truncating
Revision 1.43 / (download) - annotate - [select for diffs], Wed Jan 28 23:31:28 2004 UTC (20 years, 4 months ago) by henning
Branch: MAIN
Changes since 1.42: +29 -8 lines
Diff to previous 1.42 (colored)
implement tcp md5sig password so that the key can be given in ascii, what unfortunately limits the key space (cisco/juniper compat...) we keep the ability to specify the key in hex whithout these limits. help & ok markus
Revision 1.42 / (download) - annotate - [select for diffs], Tue Jan 27 16:49:53 2004 UTC (20 years, 4 months ago) by henning
Branch: MAIN
Changes since 1.41: +5 -14 lines
Diff to previous 1.41 (colored)
use a struct bgpd_addr instead of sockaddr_in for peer_config->local_addr and ->remote_addr for easier multiprotocol support ok claudio@
Revision 1.41 / (download) - annotate - [select for diffs], Mon Jan 26 21:08:18 2004 UTC (20 years, 4 months ago) by henning
Branch: MAIN
Changes since 1.40: +4 -4 lines
Diff to previous 1.40 (colored)
rename "tcp signature" to "tcp md5sig" - the name is misleading, wether ietf wants to call it so or not prodded by theo
Revision 1.40 / (download) - annotate - [select for diffs], Mon Jan 26 14:42:47 2004 UTC (20 years, 4 months ago) by henning
Branch: MAIN
Changes since 1.39: +15 -0 lines
Diff to previous 1.39 (colored)
first cut at tcpmd5 setup seupport from within bgpd. works so far. with help from hshoexer@ and markus@ ok claudio@ hshoexer@ markus@
Revision 1.39 / (download) - annotate - [select for diffs], Sat Jan 24 19:43:37 2004 UTC (20 years, 4 months ago) by henning
Branch: MAIN
Changes since 1.38: +2 -1 lines
Diff to previous 1.38 (colored)
eek, no, ERROR is of course not unused
Revision 1.38 / (download) - annotate - [select for diffs], Sat Jan 24 19:26:12 2004 UTC (20 years, 4 months ago) by mcbride
Branch: MAIN
Changes since 1.37: +2 -5 lines
Diff to previous 1.37 (colored)
Remove unused terminals. ok henning@
Revision 1.37 / (download) - annotate - [select for diffs], Thu Jan 22 21:09:00 2004 UTC (20 years, 4 months ago) by henning
Branch: MAIN
Changes since 1.36: +2 -1 lines
Diff to previous 1.36 (colored)
provide a log_debug and use it in rde.c. with this, logit() can be a private function. we don't need to include syslog.h in bgpd.h any more; log.c and parse.y who need it include it directly now.
Revision 1.36 / (download) - annotate - [select for diffs], Sat Jan 17 19:35:36 2004 UTC (20 years, 4 months ago) by claudio
Branch: MAIN
Changes since 1.35: +21 -4 lines
Diff to previous 1.35 (colored)
Make it possible to announce own networks. In the RDE these prefixes are attached to a pseudo peer and inserted like all other prefixes into the RIB. OK henning@
Revision 1.35 / (download) - annotate - [select for diffs], Sat Jan 17 19:15:07 2004 UTC (20 years, 4 months ago) by henning
Branch: MAIN
Changes since 1.34: +4 -4 lines
Diff to previous 1.34 (colored)
KNF
Revision 1.34 / (download) - annotate - [select for diffs], Tue Jan 13 13:45:49 2004 UTC (20 years, 4 months ago) by claudio
Branch: MAIN
Changes since 1.33: +43 -9 lines
Diff to previous 1.33 (colored)
Implement a max-prefix and a announce none | self | all neighbor statement. The first limits the number of sent prefixes per peer the latter controls which prefix we do annouce to the neighbor. Another looks good from henning@
Revision 1.33 / (download) - annotate - [select for diffs], Tue Jan 6 23:36:40 2004 UTC (20 years, 4 months ago) by henning
Branch: MAIN
Changes since 1.32: +11 -8 lines
Diff to previous 1.32 (colored)
small bug that was not so easy to fix: we did not allow empty lines (or comment-only lines) in the middle of neighbor/group blocks. as first or last line in thise blocks they were accepted, but not in between. ok deraadt@
Revision 1.32 / (download) - annotate - [select for diffs], Tue Jan 6 20:41:55 2004 UTC (20 years, 4 months ago) by henning
Branch: MAIN
Changes since 1.31: +17 -1 lines
Diff to previous 1.31 (colored)
allow holdtime and holdtime min to be configuered per peer ok claudio@
Revision 1.31 / (download) - annotate - [select for diffs], Tue Jan 6 03:43:50 2004 UTC (20 years, 5 months ago) by henning
Branch: MAIN
Changes since 1.30: +2 -2 lines
Diff to previous 1.30 (colored)
2004
Revision 1.30 / (download) - annotate - [select for diffs], Mon Jan 5 22:57:58 2004 UTC (20 years, 5 months ago) by claudio
Branch: MAIN
Changes since 1.29: +38 -25 lines
Diff to previous 1.29 (colored)
Big overhaul of the mrt code. Dumping of incomming bgp messages is now possible and dumping the (not yet) filtered updates works too. Per neighbor dumps are still missing. OK henning@
Revision 1.29 / (download) - annotate - [select for diffs], Mon Jan 5 19:14:41 2004 UTC (20 years, 5 months ago) by henning
Branch: MAIN
Changes since 1.28: +3 -1 lines
Diff to previous 1.28 (colored)
missing fclose() fd leak pointed out by Patrick Latifi, but it was not so easy to fix before I just killed the support for config from stdin and his fix didn't work. however, this is the 16 bytes memory leak on config reload i was hunting for some time, big thanks to Patrick!
Revision 1.28 / (download) - annotate - [select for diffs], Mon Jan 5 19:06:42 2004 UTC (20 years, 5 months ago) by henning
Branch: MAIN
Changes since 1.27: +7 -12 lines
Diff to previous 1.27 (colored)
remove support for reading configuration from stdin. that really does not make sense with a daemon and probably breaks horribly on config reload
Revision 1.27 / (download) - annotate - [select for diffs], Mon Jan 5 19:04:11 2004 UTC (20 years, 5 months ago) by henning
Branch: MAIN
Changes since 1.26: +17 -12 lines
Diff to previous 1.26 (colored)
fix off by ones with strlcpy() memleak fixes in error paths From: Patrick Latifi <pat@eyeo.org>
Revision 1.26 / (download) - annotate - [select for diffs], Sat Jan 3 20:37:34 2004 UTC (20 years, 5 months ago) by henning
Branch: MAIN
Changes since 1.25: +8 -7 lines
Diff to previous 1.25 (colored)
move some session specific stuff to session.h and make the few files that need it include that
Revision 1.25 / (download) - annotate - [select for diffs], Sat Jan 3 20:22:07 2004 UTC (20 years, 5 months ago) by henning
Branch: MAIN
Changes since 1.24: +8 -5 lines
Diff to previous 1.24 (colored)
decouple the peer list from bgpd_config. so many parts of bgpd are not at all interested in the session specific peer structs... allows for some further cleaning
Revision 1.24 / (download) - annotate - [select for diffs], Sat Dec 27 21:40:43 2003 UTC (20 years, 5 months ago) by henning
Branch: MAIN
Changes since 1.23: +5 -5 lines
Diff to previous 1.23 (colored)
bgpid -> router-id local-addr -> local-address
Revision 1.23 / (download) - annotate - [select for diffs], Sat Dec 27 17:34:10 2003 UTC (20 years, 5 months ago) by henning
Branch: MAIN
Changes since 1.22: +2 -2 lines
Diff to previous 1.22 (colored)
fix thinko
Revision 1.22 / (download) - annotate - [select for diffs], Sat Dec 27 14:42:59 2003 UTC (20 years, 5 months ago) by henning
Branch: MAIN
Changes since 1.21: +17 -5 lines
Diff to previous 1.21 (colored)
"no fib-update" -> "fib-update [yes|no]" makes more sense this way
Revision 1.21 / (download) - annotate - [select for diffs], Sat Dec 27 14:28:41 2003 UTC (20 years, 5 months ago) by henning
Branch: MAIN
Changes since 1.20: +2 -2 lines
Diff to previous 1.20 (colored)
few fatal()s should really be fatalx() From: Dries Schellekens <gwyllion@ace.ulyssis.org>
Revision 1.20 / (download) - annotate - [select for diffs], Fri Dec 26 20:52:14 2003 UTC (20 years, 5 months ago) by jakob
Branch: MAIN
Changes since 1.19: +7 -1 lines
Diff to previous 1.19 (colored)
add option 'log updates' to log updates. ok henning@
Revision 1.19 / (download) - annotate - [select for diffs], Fri Dec 26 18:07:32 2003 UTC (20 years, 5 months ago) by henning
Branch: MAIN
Changes since 1.18: +14 -14 lines
Diff to previous 1.18 (colored)
when this project started and i added the fatal() function, I made it take the error number as parameter instead of accessing errno, because in one place the error number was not in errno but fetched from a socket. now, of course it makes much more sense to just set errno to the error number just fecthed in this one place instead of having hundreds of fatal() calls all transfer the errno round and round and round... fix this, and also provide a fatalx, which does not care for errno and doesn't invoke strerror. oh, btw, in the place where we fetch the err # from the socket, we don't call fatal anymore anyway...
Revision 1.18 / (download) - annotate - [select for diffs], Thu Dec 25 23:23:51 2003 UTC (20 years, 5 months ago) by henning
Branch: MAIN
Changes since 1.17: +2 -2 lines
Diff to previous 1.17 (colored)
style
Revision 1.17 / (download) - annotate - [select for diffs], Thu Dec 25 18:35:17 2003 UTC (20 years, 5 months ago) by henning
Branch: MAIN
Changes since 1.16: +7 -5 lines
Diff to previous 1.16 (colored)
must not remove macros vis cmdline after parsinf is done, we will need them again on reload
Revision 1.16 / (download) - annotate - [select for diffs], Thu Dec 25 18:04:10 2003 UTC (20 years, 5 months ago) by henning
Branch: MAIN
Changes since 1.15: +2 -1 lines
Diff to previous 1.15 (colored)
don't leak in yyerror()
Revision 1.15 / (download) - annotate - [select for diffs], Thu Dec 25 17:58:50 2003 UTC (20 years, 5 months ago) by henning
Branch: MAIN
Changes since 1.14: +5 -3 lines
Diff to previous 1.14 (colored)
o can't TAILQ_FOREACH when we TAILQ_REMOVE in the loop o free(sym)
Revision 1.14 / (download) - annotate - [select for diffs], Thu Dec 25 17:35:53 2003 UTC (20 years, 5 months ago) by henning
Branch: MAIN
Changes since 1.13: +4 -1 lines
Diff to previous 1.13 (colored)
free where it was allocated; much easier to verify
Revision 1.13 / (download) - annotate - [select for diffs], Thu Dec 25 14:28:49 2003 UTC (20 years, 5 months ago) by henning
Branch: MAIN
Changes since 1.12: +6 -2 lines
Diff to previous 1.12 (colored)
implement "passive": do not attempt to open a tcp connection to the neighbor system
Revision 1.12 / (download) - annotate - [select for diffs], Wed Dec 24 14:10:49 2003 UTC (20 years, 5 months ago) by henning
Branch: MAIN
Changes since 1.11: +2 -2 lines
Diff to previous 1.11 (colored)
local-addr, not local-address. it's better when documentation and code agree on the keyword...
Revision 1.11 / (download) - annotate - [select for diffs], Wed Dec 24 13:49:21 2003 UTC (20 years, 5 months ago) by henning
Branch: MAIN
Changes since 1.10: +7 -2 lines
Diff to previous 1.10 (colored)
add option to not touch the kernel routing table
Revision 1.10 / (download) - annotate - [select for diffs], Tue Dec 23 13:13:24 2003 UTC (20 years, 5 months ago) by henning
Branch: MAIN
Changes since 1.9: +7 -7 lines
Diff to previous 1.9 (colored)
better syntax for minimum accepted holdtime
Revision 1.9 / (download) - annotate - [select for diffs], Tue Dec 23 01:06:21 2003 UTC (20 years, 5 months ago) by henning
Branch: MAIN
Changes since 1.8: +13 -2 lines
Diff to previous 1.8 (colored)
allow the listening address to be specified, default to INADDR_ANY should make jose@ happy
Revision 1.8 / (download) - annotate - [select for diffs], Mon Dec 22 19:43:36 2003 UTC (20 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.7: +2 -2 lines
Diff to previous 1.7 (colored)
spacing
Revision 1.7 / (download) - annotate - [select for diffs], Mon Dec 22 19:39:59 2003 UTC (20 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.6: +2 -2 lines
Diff to previous 1.6 (colored)
fix indent
Revision 1.6 / (download) - annotate - [select for diffs], Mon Dec 22 19:36:19 2003 UTC (20 years, 5 months ago) by henning
Branch: MAIN
Changes since 1.5: +34 -90 lines
Diff to previous 1.5 (colored)
ease grammar a lot. eleminate pstate and let yacc do the work for us instead. nearly completely from theo with minor adjustment by me.
Revision 1.5 / (download) - annotate - [select for diffs], Sun Dec 21 22:16:53 2003 UTC (20 years, 5 months ago) by henning
Branch: MAIN
Changes since 1.4: +2 -2 lines
Diff to previous 1.4 (colored)
overhaul the write buffering code. introduce msgbuf API and bundle all info needed for the write buffers in a struct msgbuf. also switch to a write queue per handled connection (each bgp session, each pipe) instead of one big one. fixes some subtle problems and is overall nicer. ok claudio@
Revision 1.4 / (download) - annotate - [select for diffs], Sat Dec 20 20:53:30 2003 UTC (20 years, 5 months ago) by henning
Branch: MAIN
Changes since 1.3: +2 -1 lines
Diff to previous 1.3 (colored)
few missing break; in default: cases in switch; one noticed by tedu@
Revision 1.3 / (download) - annotate - [select for diffs], Fri Dec 19 01:38:34 2003 UTC (20 years, 5 months ago) by henning
Branch: MAIN
Changes since 1.2: +5 -4 lines
Diff to previous 1.2 (colored)
fix copyright
Revision 1.2 / (download) - annotate - [select for diffs], Wed Dec 17 18:11:31 2003 UTC (20 years, 5 months ago) by henning
Branch: MAIN
Changes since 1.1: +2 -2 lines
Diff to previous 1.1 (colored)
style
Revision 1.1 / (download) - annotate - [select for diffs], Wed Dec 17 11:46:54 2003 UTC (20 years, 5 months ago) by henning
Branch: MAIN
welcome, bgpd started by me some time ago with moral support from theo, the proceeded up to the point where the session engine worked correctly. claudio jeker joined then and did a lot of work in the RDE. it is not particulary usefull as application right now as parts are still missing but is imported to enable more people to work on it. status: BGP sessions get established fine, OPEN messages and then KEEPALIVEs exchanged etc. session FSM works fine; NOTIFICATIONs are handled fine, and all connection drops etc I provoked get handled fine. Incoming UPDATE messgages are parsed well and the data entered to the RIB, the decision process is not yet there, neither is outgoing UPDATEs or sync to the kernel routing table. not connected to the builds yet.