Up to [local] / src / usr.sbin / bgpd
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.5 / (download) - annotate - [select for diffs], Wed Aug 16 08:26:35 2023 UTC (9 months, 3 weeks ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
HEAD
Changes since 1.4: +52 -91 lines
Diff to previous 1.4 (colored)
Remove per-AFI ASPA handling in bgpd internals With draft-ietf-sidrops-aspa-profile-16 and draft-ietf-sidrops-aspa-verification-15 the AFI dependence of ASPA records was dropped. So remove this complication form the code. This only removes the AFI handling internally in bgpd but still allows the old syntax in aspa-set tables. The optional address family is just ignored and records are merged together. For RTR sessions draft-ietf-sidrops-8210bis has not yet been updated so right now we still handle RTR sessions as specified there. The IPv4 and IPv6 ASPA entries are handled in two trees and merged together into one AFI independent tree. This is the best we can do for now until IETF updates draft-ietf-sidrops-8210bis. OK tb@ job@
Revision 1.3.4.1 / (download) - annotate - [select for diffs], Mon May 1 05:13:59 2023 UTC (13 months, 1 week ago) by tb
Branch: OPENBSD_7_3
Changes since 1.3: +5 -4 lines
Diff to previous 1.3 (colored) next main 1.4 (colored)
Rework the way transit provider AID masks are built and sent to the RDE. ASPA provider AS sets can include optional limitations to inet/inet6 these limits are represented in the TAS_AID bit masks (2bits per AS). Introduce a TAS_AID_SIZE() makro that returns the size in bytes of this bit mask (rounded to the next uint32_t). Without this change aspa objects with AID specific elements trigger a fatal error condition when the config is loaded. OK tb@ job@ from claudio Fix missing whitespace in bgpd(8) output from job This is errata/7.3/001_bgpd.patch.sig
Revision 1.4 / (download) - annotate - [select for diffs], Thu Apr 20 15:44:45 2023 UTC (13 months, 2 weeks ago) by claudio
Branch: MAIN
Changes since 1.3: +5 -4 lines
Diff to previous 1.3 (colored)
Rework the way transit provider AID masks are built and sent to the RDE. ASPA provider AS sets can include optional limitations to inet/inet6 these limits are represented in the TAS_AID bit masks (2bits per AS). Introduce a TAS_AID_SIZE() makro that returns the size in bytes of this bit mask (rounded to the next uint32_t). Without this change aspa objects with AID specific elements trigger a fatal error condition when the config is loaded. OK tb@ job@
Revision 1.3 / (download) - annotate - [select for diffs], Tue Jan 24 11:28:41 2023 UTC (16 months, 2 weeks ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE
Branch point for: OPENBSD_7_3
Changes since 1.2: +149 -129 lines
Diff to previous 1.2 (colored)
Implement ASPA validation and reload logic on ASPA set changes. For this use the validation state (vstate) in struct prefix and struct filterstate to store both the ASPA and ROA validity. Introduce helper functions to set and get the various states for struct prefix and make sure struct filterstate is also setup properly. Change the ASPA state in rde_aspath to be AFI/AID and role independent by storing all 4 possible outcomes. Also add a ASPA generation count which is used to update the rde_aspath ASPA state cache on reloads. Rework the rde_aspa.c code to be AFI/AID and role independent. Doing this for roles is trivial but AFI switch goes deep and is so unnecessary. The reload is combined with the ROA reload logic and renamed to RPKI softreload. OK tb@
Revision 1.2 / (download) - annotate - [select for diffs], Tue Jan 17 16:09:01 2023 UTC (16 months, 3 weeks ago) by claudio
Branch: MAIN
Changes since 1.1: +54 -9 lines
Diff to previous 1.1 (colored)
Add the needed logic to load the ASPA table from the rtr process into the RDE. The actual reload logic is missing to keep the diff small. OK tb@
Revision 1.1 / (download) - annotate - [select for diffs], Wed Jan 11 13:53:17 2023 UTC (16 months, 3 weeks ago) by claudio
Branch: MAIN
Add ASPA validation functions to the RDE. This implements ASPA validation based on the current draft. Implementing this showed various weaknesses in the current ASPA draft which I hope to fix in the near future. Unlike the algorithm specified in the draft our version validates the AS_PATH attribute in a single path doing one or two lookups depending on the sessions BGP role. The code is not yet hooked up into the RDE (see the NOTYET blocks). Missing are reload logic, bgpctl integration and the loading of the merged ASPA set from the rtr process. OK tb@