![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / usr.sbin / bgpd
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.134.4.1 / (download) - annotate - [select for diffs], Mon May 15 09:31:14 2023 UTC (12 months, 3 weeks ago) by tb
Branch: OPENBSD_7_3
Changes since 1.134: +7 -1 lines
Diff to previous 1.134 (colored) next main 1.135 (colored)
Rename 'invalid' to 'disqualified' in the 'show rib' table. 'invalid' conflicts with the 'in' keyword and the parser is not smart enough to handle this. As a secondary benefit the term 'invalid' is less overloaded. There are various reasons why prefixes are not eligible in the route decision process calling them all 'invalid' is a bit harsh. job@, tb@ and benno@ agree from claudio Properly handle references for nexthops and labels in filterset_copy() Up until recently filterset_copy() was only used in the parent process where none of those references exist but by using filterset_copy() in the RDE to populate per-peer output filters the code needs to handle such references. Without this rules like 'match to any set nexthop X' will cause internal corruption on config reloads and session resets. Bug report from Marko Cupac (marko.cupac (at) mimar.rs) OK tb@ from claudio Pass ASPA objects in reverse since this is what aspa_add_set() expects. OK tb@ from claudio Adjust bgplgd after renaming of the invalid option in bgpctl. This does not change the query string argument. We may do this at a later stage. OK tb@ from claudio This is errata/7.3/002_bgpd.patch.sig
Revision 1.136 / (download) - annotate - [select for diffs], Tue May 9 13:11:19 2023 UTC (13 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
HEAD
Changes since 1.135: +7 -1 lines
Diff to previous 1.135 (colored)
Properly handle references for nexthops and labels in filterset_copy() Up until recently filterset_copy() was only used in the parent process where none of those references exist but by using filterset_copy() in the RDE to populate per-peer output filters the code needs to handle such references. Without this rules like 'match to any set nexthop X' will cause internal corruption on config reloads and session resets. Bug report from Marko Cupac (marko.cupac (at) mimar.rs) OK tb@
Revision 1.135 / (download) - annotate - [select for diffs], Wed Apr 19 13:23:33 2023 UTC (13 months, 2 weeks ago) by claudio
Branch: MAIN
Changes since 1.134: +4 -1 lines
Diff to previous 1.134 (colored)
Implement a way to announce flowspec rules without hitting Adj-RIB-In and Loc-RIB. Flowspec objects are collected in a single flowrib RIB and then directly distributed into the various Adj-RIB-Outs. For this to work add a bypass in the filter logic (flowspec AFI/SAFI are currently accepted without any rule). The filter language lacks a way to allow prefixes based on AFI/SAFI which is the minimum needed. OK tb@
Revision 1.134 / (download) - annotate - [select for diffs], Fri Mar 10 07:57:15 2023 UTC (15 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE
Branch point for: OPENBSD_7_3
Changes since 1.133: +9 -20 lines
Diff to previous 1.133 (colored)
Compile the output filter rules into per peer filter rules. especially on route-servers the output filters are in the hot path so reducing the number of rules to check has a big impact. I have seen a 25% to 30% speedup in my big IXP testbench. The output ruleset is applied and copied for each peer during config reload and when a peer is initially added. OK tb@
Revision 1.133 / (download) - annotate - [select for diffs], Tue Jan 24 14:13:12 2023 UTC (16 months, 2 weeks ago) by claudio
Branch: MAIN
Changes since 1.132: +6 -1 lines
Diff to previous 1.132 (colored)
Implement filter and control message matching for ASAP. This adds avs (ASPA validation state) which can be 'unknown', 'valid' or 'invalid'. It behaves similar to ovs but the ASPA validation state of paths from iBGP sessions is 'unknown' and the role of the ebgp session is important to get the right validation state. OK tb@
Revision 1.132 / (download) - annotate - [select for diffs], Tue Jan 24 11:28:41 2023 UTC (16 months, 2 weeks ago) by claudio
Branch: MAIN
Changes since 1.131: +22 -3 lines
Diff to previous 1.131 (colored)
Implement ASPA validation and reload logic on ASPA set changes. For this use the validation state (vstate) in struct prefix and struct filterstate to store both the ASPA and ROA validity. Introduce helper functions to set and get the various states for struct prefix and make sure struct filterstate is also setup properly. Change the ASPA state in rde_aspath to be AFI/AID and role independent by storing all 4 possible outcomes. Also add a ASPA generation count which is used to update the rde_aspath ASPA state cache on reloads. Rework the rde_aspa.c code to be AFI/AID and role independent. Doing this for roles is trivial but AFI switch goes deep and is so unnecessary. The reload is combined with the ROA reload logic and renamed to RPKI softreload. OK tb@
Revision 1.131 / (download) - annotate - [select for diffs], Thu Jan 12 17:35:51 2023 UTC (16 months, 3 weeks ago) by claudio
Branch: MAIN
Changes since 1.130: +24 -4 lines
Diff to previous 1.130 (colored)
Split rde_filterstate_prep() into three functions. - rde_filterstate_init(): initialize a filterstate to default values - rde_filterstate_copy(): copy from a filterstate into a new state object - rde_filterstate_prep(): set filtersate based on prefix passed as argument. This makes the code a bit easier to read. OK tb@
Revision 1.130 / (download) - annotate - [select for diffs], Wed Jan 11 17:10:26 2023 UTC (16 months, 3 weeks ago) by claudio
Branch: MAIN
Changes since 1.129: +8 -7 lines
Diff to previous 1.129 (colored)
Add the validation state to the filterstate struct. Removes vstate argument from rde_filter(). Rename prefix_vstate() to prefix_roa_vstate(). OK tb@
Revision 1.129 / (download) - annotate - [select for diffs], Thu Jul 28 13:11:51 2022 UTC (22 months, 1 week ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2
Changes since 1.128: +3 -3 lines
Diff to previous 1.128 (colored)
whitespace found during a read-thru; ok claudio
Revision 1.128 / (download) - annotate - [select for diffs], Tue May 31 09:45:33 2022 UTC (2 years ago) by claudio
Branch: MAIN
Changes since 1.127: +17 -1 lines
Diff to previous 1.127 (colored)
Implement a max communities filter match When max-communities X is set on a filterrule the filter will match when more than X communities are present in the path. In other words max-communities 0 means no communities are allowed and max-communities 3 limits it up to 3 communities. There is max-communities, max-ext-communities and max-large-communities for each of the 3 community attributes. These three max checks can be used together. OK tb@ job@
Revision 1.127 / (download) - annotate - [select for diffs], Sun Feb 6 09:51:19 2022 UTC (2 years, 4 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.126: +10 -10 lines
Diff to previous 1.126 (colored)
Switch from u_intX_t types to stdint.h uintX_t. Mostly mechanical with a few reindents. OK florian@ tb@
Revision 1.126 / (download) - annotate - [select for diffs], Wed Dec 30 07:29:56 2020 UTC (3 years, 5 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0,
OPENBSD_6_9_BASE,
OPENBSD_6_9
Changes since 1.125: +7 -7 lines
Diff to previous 1.125 (colored)
Implement IMSG_CTL_SHOW_SET to get information about roa-set, as-sets and prefix-sets loaded into the RDE. For now only the number of prefixes or asnumbers are shown plus the time since the last change was done to the table. OK benno@
Revision 1.125 / (download) - annotate - [select for diffs], Thu Dec 3 11:53:34 2020 UTC (3 years, 6 months ago) by claudio
Branch: MAIN
Changes since 1.124: +7 -7 lines
Diff to previous 1.124 (colored)
rework the overflow checks for the various relative metric adjustments. This test no longer depends on specific overflow behaviour. OK millert@
Revision 1.124 / (download) - annotate - [select for diffs], Thu Nov 5 11:51:13 2020 UTC (3 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.123: +12 -5 lines
Diff to previous 1.123 (colored)
Refactor the filterset handling of nexthops. Instead of depending on bgpd_process and changing the behaviour that way add a new filterset type ACTION_SET_NEXTHOP_REF which is used when the nexthop reference of the union is used. Adjust the RDE to convert ACTION_SET_NEXTHOP to ACTION_SET_NEXTHOP_REF when receiving the filtersets. OK benno@
Revision 1.123 / (download) - annotate - [select for diffs], Fri Feb 14 13:54:31 2020 UTC (4 years, 3 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8,
OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.122: +25 -1 lines
Diff to previous 1.122 (colored)
Rename copy_filterset() to filterset_copy() and move it to rde_filter.c where functions like filterset_move() live. Also initialize the dest TAILQ in filterset_copy() as it is done in filterset_move(). OK benno@ phessler@
Revision 1.122 / (download) - annotate - [select for diffs], Tue Aug 13 12:16:20 2019 UTC (4 years, 9 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6
Changes since 1.121: +46 -62 lines
Diff to previous 1.121 (colored)
Instead of passing a struct prefix pointer to rde_filter() pass the 4 values prefix_peer, prefix_vstate and prefix/prefixlen to the function. This removes some ugly hacks in cases where the prefix was not available. Also adjust the order of arguments of rde_attr_set() to match rde_filter(). OK benno@
Revision 1.121 / (download) - annotate - [select for diffs], Mon Jul 1 07:07:08 2019 UTC (4 years, 11 months ago) by claudio
Branch: MAIN
Changes since 1.120: +3 -3 lines
Diff to previous 1.120 (colored)
Unify the way object in the RDE are reference counted. The affected structures are pt_entry, rde_aspath, rde_communities, and nexthop. The functions are always called *_ref and *_unref also the behaviour when the last reference is removed is unified and now the object is removed inside of the unref function. The actual bean-counting is not modified by this diff. OK benno@
Revision 1.120 / (download) - annotate - [select for diffs], Sat Jun 22 05:44:05 2019 UTC (4 years, 11 months ago) by claudio
Branch: MAIN
Changes since 1.119: +8 -8 lines
Diff to previous 1.119 (colored)
Add a direct pointer from struct prefix to struct pt_entry. This changes makes it possible to not use the struct rib_entry pointer which will be used to optimize the Adj-RIB-Out. Also adjust pt_ref() and pt_unref() so that the code can be written a bit more compact. Also prefix_cmp() no longer needs to go via rib_compare() and calls pt_prefix_cmp() directly. OK phessler@
Revision 1.119 / (download) - annotate - [select for diffs], Mon Jun 17 11:02:19 2019 UTC (4 years, 11 months ago) by claudio
Branch: MAIN
Changes since 1.118: +14 -48 lines
Diff to previous 1.118 (colored)
Completley rewrite the community matching and handling code. All community attributes are put into a new data structure when parsing the UPDATE. The filter code can quickly lookup and modify this data structure. When creating an UPDATE the data is put back into wire format. Setups using a lot of communities benefit a lot from this. Input and OK benno@
Revision 1.118 / (download) - annotate - [select for diffs], Thu May 9 22:27:33 2019 UTC (5 years, 1 month ago) by claudio
Branch: MAIN
Changes since 1.117: +6 -17 lines
Diff to previous 1.117 (colored)
Neither rde_apply_set() nor rde_filter() are called with a NULL state so remove some unneeded == NULL checks. OK benno@
Revision 1.117 / (download) - annotate - [select for diffs], Mon Feb 4 18:53:10 2019 UTC (5 years, 4 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_6_5_BASE,
OPENBSD_6_5
Changes since 1.116: +16 -1 lines
Diff to previous 1.116 (colored)
Implement as-override, a feature where the neighbor AS is replaced by the
local AS in AS paths. This is sometimes needed in bigger transport networks
where private AS numbers are used in multiple locations.
The implementation is done using a filterset which modifies the AS path -
somewhat inspired by the set attribute code. Setting as-override yes will add
match from <neighbor> set { as-override }
to the start of the filter rules. Since this is filters the Adj-RIB-In still
holds the original path and so reloads changing the setting just work.
With and OK markus@
Revision 1.116 / (download) - annotate - [select for diffs], Wed Dec 19 15:26:42 2018 UTC (5 years, 5 months ago) by claudio
Branch: MAIN
Changes since 1.115: +12 -34 lines
Diff to previous 1.115 (colored)
Fold ext-communities into filter_community so that bgpd can match multiple ext-communities at the same time as well. Additionally this fixes parsing some of the ext-community types. Now all communities are handled by one common struct. OK benno@ plus some input from denis@
Revision 1.115 / (download) - annotate - [select for diffs], Tue Dec 11 09:02:14 2018 UTC (5 years, 5 months ago) by claudio
Branch: MAIN
Changes since 1.114: +4 -4 lines
Diff to previous 1.114 (colored)
Refactor aspath code a bit. Move cached source_as (for origin validation) into struct aspath and pass that struct to aspath_match(). OK denis@
Revision 1.114 / (download) - annotate - [select for diffs], Wed Nov 28 08:32:27 2018 UTC (5 years, 6 months ago) by claudio
Branch: MAIN
Changes since 1.113: +32 -270 lines
Diff to previous 1.113 (colored)
Start reworking community handling. Merge standard communities and large communities into one filter_community struct and allow it that more then one community can be used in filter rules (currently up to 3). Also rework the code handling bgpctl show rib commands. The special IMSG types for the various filters are gone and the code is in general simpler. OK job@, phessler@
Revision 1.113 / (download) - annotate - [select for diffs], Wed Nov 14 14:03:36 2018 UTC (5 years, 6 months ago) by claudio
Branch: MAIN
Changes since 1.112: +5 -5 lines
Diff to previous 1.112 (colored)
Remove an unneeded union wrapping the skipsteps pointer. OK phessler@
Revision 1.112 / (download) - annotate - [select for diffs], Sat Sep 29 08:11:11 2018 UTC (5 years, 8 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_6_4_BASE,
OPENBSD_6_4
Changes since 1.111: +32 -7 lines
Diff to previous 1.111 (colored)
Implement origin validation in bgpd. This introduces two new tables, the
roa-set for RPKI based origin validation and a origin-set which allows to
lookup a source-as / prefix pair.
For RPKI a config can be built like this:
roa-set {
165.254.255.0/24 source-as 15562
193.0.0.0/21 maxlen 24 source-as 3333
}
deny from any ovs invalid
match from any ovs valid set community local-as:42
match from any ovs not-found set community local-as:43
Origin sets are similar but only match when the source-as / prefix pair is
valid.
match from any origin-set ARINDB set community local-as:44
Committing this now so that further work can be done in tree.
OK benno@, job@
Revision 1.111 / (download) - annotate - [select for diffs], Wed Sep 26 15:48:01 2018 UTC (5 years, 8 months ago) by claudio
Branch: MAIN
Changes since 1.110: +2 -2 lines
Diff to previous 1.110 (colored)
Rename AS_NONE to AS_UNDEF, AS_NONE will be reused for a different purpose soon. OK compiler and grep
Revision 1.110 / (download) - annotate - [select for diffs], Wed Sep 26 15:01:36 2018 UTC (5 years, 8 months ago) by claudio
Branch: MAIN
Changes since 1.109: +4 -1 lines
Diff to previous 1.109 (colored)
Switching bgpd to a default deny policy had one bad side-effect. Some withdraw were suddenly filtered out because the filter ran into the default deny. So for this case (state == NULL) change action to default allow. This bug was haunting bgpd for a while now causing prefixes to be stuck for no obvious reason. OK benno@, sthen@
Revision 1.109 / (download) - annotate - [select for diffs], Wed Sep 26 13:26:32 2018 UTC (5 years, 8 months ago) by claudio
Branch: MAIN
Changes since 1.108: +2 -2 lines
Diff to previous 1.108 (colored)
Indent issue. No functional change
Revision 1.108 / (download) - annotate - [select for diffs], Thu Sep 20 11:45:59 2018 UTC (5 years, 8 months ago) by claudio
Branch: MAIN
Changes since 1.107: +2 -2 lines
Diff to previous 1.107 (colored)
Split up as_set into a set_table and an as_set. The first is what does the lookup and will now also be used in roa-set tries. The as_set is glue to add the name and dirty flag. Add an accessor to get the set data so that the imsg sending and printing can be moved into the right places. This is done mainly because roa-sets need similar but slightly different versions and making the code more generic is the best way fixing this. OK benno@
Revision 1.107 / (download) - annotate - [select for diffs], Thu Sep 20 11:06:04 2018 UTC (5 years, 8 months ago) by benno
Branch: MAIN
Changes since 1.106: +24 -16 lines
Diff to previous 1.106 (colored)
whitespace cleanup, ok claudio@
Revision 1.106 / (download) - annotate - [select for diffs], Sun Sep 9 14:08:11 2018 UTC (5 years, 9 months ago) by benno
Branch: MAIN
Changes since 1.105: +2 -9 lines
Diff to previous 1.105 (colored)
use TAILQ_CONCAT in filterset_move(). ok claudio@
Revision 1.105 / (download) - annotate - [select for diffs], Sat Sep 8 15:25:27 2018 UTC (5 years, 9 months ago) by benno
Branch: MAIN
Changes since 1.104: +3 -4 lines
Diff to previous 1.104 (colored)
implement or-longer filter op for prefix-sets. Allows one two write rules like deny from any prefix-set mynetworks or-longer ok claudio, feature discussed with job and deraadt
Revision 1.104 / (download) - annotate - [select for diffs], Fri Sep 7 16:45:23 2018 UTC (5 years, 9 months ago) by benno
Branch: MAIN
Changes since 1.103: +6 -4 lines
Diff to previous 1.103 (colored)
fix badly broken reload of filter rules that use prefix-sets. debugged and fixed with/by claudio@
Revision 1.103 / (download) - annotate - [select for diffs], Fri Sep 7 10:49:22 2018 UTC (5 years, 9 months ago) by claudio
Branch: MAIN
Changes since 1.102: +14 -18 lines
Diff to previous 1.102 (colored)
Implement a fast presix-set lookup. This magic trie is able to match a prefix addr/plen to a prefix-set spec addr/plen prefixlen min - max (a prefix including prefixlen range). Every addr/plen pair is a node in the trie and the prefixlen is added as a bitmask to those nodes. For the lookup the any match is OK, there is no need to do longest or best prefix matching. Inspiration for this solution comes from the way bird implements this which was done by Ondrej Zajicek santiago (at) crfreenet.org OK benno@
Revision 1.102 / (download) - annotate - [select for diffs], Fri Sep 7 05:43:33 2018 UTC (5 years, 9 months ago) by claudio
Branch: MAIN
Changes since 1.101: +15 -2 lines
Diff to previous 1.101 (colored)
Implement as-set a fast lookup table to be used instead of long list of AS numbers in source-as, AS and transit-as filterstatements. These table use bsearch to quickly verify if an AS is in the set or not. The filter syntax is not fully set in stone yet. OK denis@ benno@ and previously OK deraadt@
Revision 1.101 / (download) - annotate - [select for diffs], Wed Sep 5 17:32:43 2018 UTC (5 years, 9 months ago) by claudio
Branch: MAIN
Changes since 1.100: +4 -10 lines
Diff to previous 1.100 (colored)
Implement most prefixlen operations as OP_RANGE (prefixlen A - B). Simplify the RDE logic this way and make it possible to load such ranges into a much faster lookup trie for prefix-sets. When printing the config bgpd tries to use the nices way to express the rule: e.g. match from any prefix 18.0.0.0/8 prefixlen 8 - 32 becomes match from any prefix 18.0.0.0/8 or-longer Apart from that there is no user visible change because of this. OK sthen@
Revision 1.100 / (download) - annotate - [select for diffs], Wed Sep 5 09:49:57 2018 UTC (5 years, 9 months ago) by claudio
Branch: MAIN
Changes since 1.99: +7 -12 lines
Diff to previous 1.99 (colored)
Change the way as_compare() and aspath_match() handle 'neighbor-as'. Instead of doing the condition before calling aspath_match() just pass the neighbor-as down to as_compare() which then has all needed data for the lookup. While doing this also remove one of the as fields in struct filter_as since the min/max fields can be reused for unary operations. OK denis@ phessler@
Revision 1.99 / (download) - annotate - [select for diffs], Fri Aug 3 16:31:22 2018 UTC (5 years, 10 months ago) by claudio
Branch: MAIN
Changes since 1.98: +3 -5 lines
Diff to previous 1.98 (colored)
Move nexthop and nexthop flags from the rde_aspath to struct prefix. struct prefix will be slowly becomming the hub of the rib. OK phessler@ job@
Revision 1.98 / (download) - annotate - [select for diffs], Thu Aug 2 14:41:42 2018 UTC (5 years, 10 months ago) by claudio
Branch: MAIN
Changes since 1.97: +34 -34 lines
Diff to previous 1.97 (colored)
Split out the rule skipping logic into own function and by doing so ensure that both filter lists are treated the same way. This fixes an inconsistency with ibgp and ebgp filters as used in the example config. OK benno@ sthen@
Revision 1.97 / (download) - annotate - [select for diffs], Sun Jul 22 16:59:08 2018 UTC (5 years, 10 months ago) by claudio
Branch: MAIN
Changes since 1.96: +26 -16 lines
Diff to previous 1.96 (colored)
Move nexthop into struct filterstate (including nexthop flags) and use them whereever possible. In some places (path_update, softreconfig_out handler) the nexthop state is temporarily folded back into the rde_aspath. Tested and OK benno@
Revision 1.96 / (download) - annotate - [select for diffs], Mon Jul 16 09:09:20 2018 UTC (5 years, 10 months ago) by claudio
Branch: MAIN
Changes since 1.95: +4 -2 lines
Diff to previous 1.95 (colored)
Use struct filterstate in rde_update_dispatch() and pass it down to functions like rde_update_update and path_update. This will allow to move more pointers from rde_aspath to the prefix. Looks good benno@
Revision 1.95 / (download) - annotate - [select for diffs], Mon Jul 9 14:08:48 2018 UTC (5 years, 11 months ago) by claudio
Branch: MAIN
Changes since 1.94: +73 -63 lines
Diff to previous 1.94 (colored)
Introduce a struct filterstate and pass this to rde_filter instead of passing the asp. This is no longer using asp_get() and should be therefor be a bit lighter. Will also allow to put more stuff into the state. OK denis@ sthen@
Revision 1.94 / (download) - annotate - [select for diffs], Fri Jun 29 11:45:50 2018 UTC (5 years, 11 months ago) by claudio
Branch: MAIN
Changes since 1.93: +4 -6 lines
Diff to previous 1.93 (colored)
Prepare the ground for allowing temporary aspath object living on the stack. To do this path_copy() gets a second argument (dst, src) and a new function path_prep() is introduced to initialize an aspath object. The current path_copy() usage is replaced with path_copy(path_get(), asp) which does the same. Additionally some const where added to the *_copy functions to make it more obvious which is the source and target. Also the pftable_ref() and rtlabel_ref() functions return now the id instead of void. OK sthen@
Revision 1.93 / (download) - annotate - [select for diffs], Thu Jun 28 09:54:48 2018 UTC (5 years, 11 months ago) by claudio
Branch: MAIN
Changes since 1.92: +3 -2 lines
Diff to previous 1.92 (colored)
Remove rde_aspath pointer from rde_filter since that argument can be fetched from the prefix instead. While there also switch to prefix_peer from asp->peer in rde_dump_rib_as(). Makes the code easier overall.
Revision 1.92 / (download) - annotate - [select for diffs], Thu Jun 28 08:55:56 2018 UTC (5 years, 11 months ago) by claudio
Branch: MAIN
Changes since 1.91: +6 -2 lines
Diff to previous 1.91 (colored)
Instead of passing the rde_aspath to nexthop_modify() pass pointers to the nexthop and the flags.
Revision 1.91 / (download) - annotate - [select for diffs], Thu Jun 28 08:07:21 2018 UTC (5 years, 11 months ago) by claudio
Branch: MAIN
Changes since 1.90: +23 -19 lines
Diff to previous 1.90 (colored)
Pass a struct prefix to rde_filter and remove some of the arguments which are now fetched from struct prefix. Currently some trickery is needed for export default-route but this will get better once Adj-RIB-Out comes. OK benno@
Revision 1.90 / (download) - annotate - [select for diffs], Wed Jun 27 11:06:49 2018 UTC (5 years, 11 months ago) by claudio
Branch: MAIN
Changes since 1.89: +39 -39 lines
Diff to previous 1.89 (colored)
Move rde_test_prefix() to a place where it makes more sense. No functional change.
Revision 1.89 / (download) - annotate - [select for diffs], Mon Jun 25 14:28:33 2018 UTC (5 years, 11 months ago) by claudio
Branch: MAIN
Changes since 1.88: +4 -9 lines
Diff to previous 1.88 (colored)
Properly start reference counting struct nexthop. This removes the need for some ugly workaround to make sure nexthop objects don't disapear while still being referenced. During initial lookup of a nexthop a extra reference is pulled but even that is now a bit cleaner than before. Tested by job@, dennis@, benno@ OK job@ dennis@
Revision 1.88 / (download) - annotate - [select for diffs], Thu Jun 21 17:28:02 2018 UTC (5 years, 11 months ago) by claudio
Branch: MAIN
Changes since 1.87: +6 -6 lines
Diff to previous 1.87 (colored)
Use correct function name in fatalx()
Revision 1.87 / (download) - annotate - [select for diffs], Wed Jun 13 09:33:51 2018 UTC (5 years, 11 months ago) by claudio
Branch: MAIN
Changes since 1.86: +2 -2 lines
Diff to previous 1.86 (colored)
Deprecate announce (all|self|none|default-route) The announce keyword was overloaded and confused a lot of operators, time to clean it up and while there incorporate RFC8212 guideline for propagation. - `announce all` is the new default but the default deny filter will make sure that by default nothing is leaked - `announce self` is no more and results in syntax error - `announce none` is now `export none` - `announce default-route` becomes `export default-route` - the filters are switched to a default deny rule both incoming and outgoing You most certainly need to adjust your config! Best is to change the config in advance by using `announce all` explicitly on all neighbors and adding `deny from any` and `deny to any` at the start of your filters and adjust the rest of the filters to still produce the same result. `bgpd -nv -f bgpd.conf ` and `bgpctl show rib out nei foo` are good tools to verify the changes. Lots of discussions with job@, deraadt@, sthen@ OK job@
Revision 1.86 / (download) - annotate - [select for diffs], Sat Feb 10 04:23:48 2018 UTC (6 years, 3 months ago) by benno
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE,
OPENBSD_6_3
Changes since 1.85: +2 -5 lines
Diff to previous 1.85 (colored)
claudio noted that this is an else case because we have either a prefix or a prefix-set.
Revision 1.85 / (download) - annotate - [select for diffs], Sat Feb 10 01:24:28 2018 UTC (6 years, 3 months ago) by benno
Branch: MAIN
Changes since 1.84: +81 -38 lines
Diff to previous 1.84 (colored)
Add prefix-sets, lists of prefixes which can be used in place of a prefix in a filter rule. Initial idea hashed out with job@ in Toronto. This is WIP, i'm commiting it now so we can work on it in the tree. ok florian@ claudio@
Revision 1.84 / (download) - annotate - [select for diffs], Mon Feb 5 01:36:45 2018 UTC (6 years, 4 months ago) by claudio
Branch: MAIN
Changes since 1.83: +31 -30 lines
Diff to previous 1.83 (colored)
prefix check must be last because the prefixlen check does an immediate return. This will be rewritten soon so just do the quick fix now. Found and OK benno@
Revision 1.83 / (download) - annotate - [select for diffs], Sat Aug 12 16:47:50 2017 UTC (6 years, 9 months ago) by phessler
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.82: +18 -1 lines
Diff to previous 1.82 (colored)
allow filter rules to be written that affect ibgp or ebgp neighbors discussed with henning@ OK claudio@, benno@, job@
Revision 1.82 / (download) - annotate - [select for diffs], Sat May 27 10:33:15 2017 UTC (7 years ago) by phessler
Branch: MAIN
Changes since 1.81: +2 -2 lines
Diff to previous 1.81 (colored)
Allow OpenBGPD to selectively choose which local ASN to use per-peer. This is intended to be used for ASN migrations, not for permanent use. You MUST use filters to protect yourself from receiving your own routes. There be dragons and grues. OK claudio@ benno@
Revision 1.81 / (download) - annotate - [select for diffs], Sat May 27 10:24:44 2017 UTC (7 years ago) by phessler
Branch: MAIN
Changes since 1.80: +46 -1 lines
Diff to previous 1.80 (colored)
allow us to use 'local-as' in the filter language "match in from any set community local-as:neighbor-as" OK claudio@
Revision 1.80 / (download) - annotate - [select for diffs], Tue Jan 24 04:22:42 2017 UTC (7 years, 4 months ago) by benno
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.79: +2 -1 lines
Diff to previous 1.79 (colored)
sync log.c from relayd et al to bgpd. there is still a little difference regarding handling of the verbosity value that will be handled later. ok claudio@ florian@
Revision 1.79 / (download) - annotate - [select for diffs], Thu Nov 10 09:20:51 2016 UTC (7 years, 6 months ago) by phessler
Branch: MAIN
Changes since 1.78: +16 -1 lines
Diff to previous 1.78 (colored)
properly check if large-community was set before reported by Job Snijders
Revision 1.78 / (download) - annotate - [select for diffs], Fri Oct 14 16:05:36 2016 UTC (7 years, 7 months ago) by phessler
Branch: MAIN
Changes since 1.77: +133 -1 lines
Diff to previous 1.77 (colored)
Add support for draft-ietf-idr-large-community Joint work with Job Snijders, many thanks! OK benno@ deraadt@
Revision 1.77 / (download) - annotate - [select for diffs], Fri Jun 3 17:36:37 2016 UTC (8 years ago) by benno
Branch: MAIN
CVS Tags: OPENBSD_6_0_BASE,
OPENBSD_6_0
Changes since 1.76: +2 -2 lines
Diff to previous 1.76 (colored)
Add operators =, !=, - (range), >< (exclsive range) to the as-path filters (AS, peer-as, source-as, transit-as). Add a use case (block illegal AS numbers) to the bgpd.conf example. feedback from claudio, sthen, florian, ok florian@ phessler@
Revision 1.76 / (download) - annotate - [select for diffs], Fri Nov 6 16:23:26 2015 UTC (8 years, 7 months ago) by phessler
Branch: MAIN
CVS Tags: OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.75: +140 -52 lines
Diff to previous 1.75 (colored)
Radically improve the performance of bgpd filters. Based on PF's skip steps (and uses much of the same code). In a torture test of ~600k prefix filters and 65k prefixes, convergance time goes from 35 minutes to 30 seconds. Many thanks to LONAP for providing a base configuration for torture testing. many discussions with claudio@, benno@, sthen@ and the rest of the bgpd crowd OK sthen@ benno@
Revision 1.75 / (download) - annotate - [select for diffs], Sat Oct 24 08:02:24 2015 UTC (8 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.74: +2 -2 lines
Diff to previous 1.74 (colored)
In all other cases of rde_filter_match() we ensure that asp is valid so do it here as well.
Revision 1.74 / (download) - annotate - [select for diffs], Thu Jul 16 18:26:04 2015 UTC (8 years, 10 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE,
OPENBSD_5_8
Changes since 1.73: +4 -1 lines
Diff to previous 1.73 (colored)
Next round of config cleanup. Move various lists into the bgpd_config struct. This is the next step to better split parsing and merging the config. OK benno@
Revision 1.73 / (download) - annotate - [select for diffs], Sat Apr 25 15:28:18 2015 UTC (9 years, 1 month ago) by phessler
Branch: MAIN
Changes since 1.72: +10 -1 lines
Diff to previous 1.72 (colored)
allow us to write rules that match directly on the peer AS ... allow from AS 1 prefix 192.0.2.0/24 ... Also adjust the IRR ruleset output to include the declared peer AS, instead of hoping they listed their neighbor IP address! OK benno@ older version OK: claudio@ henning@
Revision 1.72 / (download) - annotate - [select for diffs], Sat Mar 14 03:52:42 2015 UTC (9 years, 2 months ago) by claudio
Branch: MAIN
Changes since 1.71: +2 -2 lines
Diff to previous 1.71 (colored)
rename rde_free_filter() to filterlist_free() and start using it outside of the RDE to free the filterlists. Also refactor common code to merge filterlists into its own function. Makes the code look nicer.
Revision 1.71 / (download) - annotate - [select for diffs], Fri Jan 24 06:07:13 2014 UTC (10 years, 4 months ago) by phessler
Branch: MAIN
CVS Tags: OPENBSD_5_7_BASE,
OPENBSD_5_7,
OPENBSD_5_6_BASE,
OPENBSD_5_6,
OPENBSD_5_5_BASE,
OPENBSD_5_5
Changes since 1.70: +3 -2 lines
Diff to previous 1.70 (colored)
fix the matching for filter rules of 'prefixlen = XX' OK claudio@
Revision 1.70 / (download) - annotate - [select for diffs], Sat Oct 19 15:04:25 2013 UTC (10 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.69: +13 -45 lines
Diff to previous 1.69 (colored)
Merge the prefix and prefixlen filter bits into one filter. Change the filter expansion so that rules are grouped by prefixes last. The RDE will then be able to optimize the rules into table lookups but that is a later step. As additional goodies it is now possible to use inet and inet6 on their own and or-longer can be used as a shorthand for prefixlen >= len. OK henning@ sthen@ florian@
Revision 1.69 / (download) - annotate - [select for diffs], Wed Aug 14 20:34:27 2013 UTC (10 years, 9 months ago) by claudio
Branch: MAIN
Changes since 1.68: +29 -24 lines
Diff to previous 1.68 (colored)
Rewrite the internals of the RDE reload logic. This is the first step to make bgpd reload non blocking in the RDE. It also speeds up the reload time a fair bit in some cases (mainly if you run with multiple RIBs and have larger filtersets) and it should also fix a few edge cases on reloads. Testing done by benno@, florian@ and sthen@ OK henning@ and benno@
Revision 1.68 / (download) - annotate - [select for diffs], Tue Nov 13 09:47:20 2012 UTC (11 years, 6 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_5_4_BASE,
OPENBSD_5_4,
OPENBSD_5_3_BASE,
OPENBSD_5_3
Changes since 1.67: +33 -4 lines
Diff to previous 1.67 (colored)
Allow filtering based on the NEXTHOP attribute. This allows to build rules like: allow from any nexthop neighbor (to allow only prefixes that use the routers IP address as nexthop). Lots of testing, input and OK florian@
Revision 1.67 / (download) - annotate - [select for diffs], Tue Sep 20 21:19:06 2011 UTC (12 years, 8 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_5_2_BASE,
OPENBSD_5_2,
OPENBSD_5_1_BASE,
OPENBSD_5_1
Changes since 1.66: +3 -2 lines
Diff to previous 1.66 (colored)
Move a few functions into util.c because bgpctl will need them soon.
Revision 1.66 / (download) - annotate - [select for diffs], Sun May 1 12:56:04 2011 UTC (13 years, 1 month ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_5_0_BASE,
OPENBSD_5_0
Changes since 1.65: +17 -1 lines
Diff to previous 1.65 (colored)
On reload the filtersets attached to a network need to be moved to the existing network element. First free the old filterset and then move the new on top of it. This solves the reload issue with changing network statements. OK henning@
Revision 1.65 / (download) - annotate - [select for diffs], Mon Nov 29 17:02:41 2010 UTC (13 years, 6 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_4_9_BASE,
OPENBSD_4_9
Changes since 1.64: +3 -3 lines
Diff to previous 1.64 (colored)
Deny prefixes that have F_ATTR_PARSE_ERR set by default. Now they will not leak into the Loc-RIB or other RIBs but act as withdraws. The invalid prefixes would not been selected anyway but it is better to keep them out of all RIBs but the Adj-RIB-In.
Revision 1.64 / (download) - annotate - [select for diffs], Mon May 17 16:08:20 2010 UTC (14 years ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_4_8_BASE,
OPENBSD_4_8
Changes since 1.63: +6 -1 lines
Diff to previous 1.63 (colored)
Implement two new filters, max-as-len and max-as-seq. The first is limiting the length of an AS path (matches if the path is longer then the specified lenght) the second matches when a sequence of the same AS number is longer then the specified length). max-as-len is good to protect crappy comercial bgp boxes from other crappy comercial bgp boxes. max-as-seq was a feature request from SwissIX and maybe EuroIX to find and filter prepends. Additinal testing and OK sthen@
Revision 1.63 / (download) - annotate - [select for diffs], Wed Apr 28 13:07:48 2010 UTC (14 years, 1 month ago) by claudio
Branch: MAIN
Changes since 1.62: +13 -8 lines
Diff to previous 1.62 (colored)
Allow neighbor-as in AS filter statements like: match from any source-as neighbor-as set localpref 1000 OK henning@
Revision 1.62 / (download) - annotate - [select for diffs], Fri Mar 5 15:25:00 2010 UTC (14 years, 3 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_4_7_BASE,
OPENBSD_4_7
Changes since 1.61: +6 -1 lines
Diff to previous 1.61 (colored)
Allow to filter for ext-community attributes. Currently only perfect matches work but that's already better then nothing. OK sthen@
Revision 1.61 / (download) - annotate - [select for diffs], Fri Dec 18 15:51:37 2009 UTC (14 years, 5 months ago) by claudio
Branch: MAIN
Changes since 1.60: +2 -15 lines
Diff to previous 1.60 (colored)
Merge rde_filter_community() with community_match() and kill a useless indirection.
Revision 1.60 / (download) - annotate - [select for diffs], Wed Dec 16 15:40:55 2009 UTC (14 years, 5 months ago) by claudio
Branch: MAIN
Changes since 1.59: +27 -1 lines
Diff to previous 1.59 (colored)
Implement "set ext-community [delete] subtype key:value" to set and delete extended communities as specified in RFC 4360. No matching implemented yet and stuff like * and neighbor-as are neither supported but will be soon. Looks good henning & sthen, manpage fixed by jmc
Revision 1.59 / (download) - annotate - [select for diffs], Tue Dec 1 14:28:05 2009 UTC (14 years, 6 months ago) by claudio
Branch: MAIN
Changes since 1.58: +8 -8 lines
Diff to previous 1.58 (colored)
Use an artificial address family id in struct bgpd_addr and almost everywhere else. Adds conversion functions to map AFI/SAFI and the Unix AF_ values from and into AID used in bgpd. This is needed to support things like MPLS VPN and other upcomming changes that need to play a lot with AFI/SAFI pairs. Mostly mechanical change, henning@ has no particular issues with this. Must go in so that I can continue working.
Revision 1.58 / (download) - annotate - [select for diffs], Thu Nov 26 13:40:43 2009 UTC (14 years, 6 months ago) by henning
Branch: MAIN
Changes since 1.57: +11 -1 lines
Diff to previous 1.57 (colored)
support for set origin; based on an initial diff from Sebastian Benoit <benoit-lists at fb12 dot de> who also tested this version claudio ok
Revision 1.57 / (download) - annotate - [select for diffs], Thu Aug 6 08:53:11 2009 UTC (14 years, 10 months ago) by claudio
Branch: MAIN
Changes since 1.56: +8 -1 lines
Diff to previous 1.56 (colored)
Implement the error handling as proposed in draft-ietf-idr-optional-transitive for optional transitive attributes. In short if the partial bit is set on an optional transitive attribute but the attribute fails validation ignore the attribute or mark the path as ineligible instead of killing the session with a NOTIFICATION. Tested, input and OK sthen, OK henning
Revision 1.56 / (download) - annotate - [select for diffs], Sat Jun 6 01:10:29 2009 UTC (15 years ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_4_6_BASE,
OPENBSD_4_6
Changes since 1.55: +4 -2 lines
Diff to previous 1.55 (colored)
Some preliminary filter magic to support multiple RIBs on the filters. It is ugly but does the trick for now. Filters will be rewritten anyway. The rib specifier only makes sense on from rules. e.g. deny rib OMG from any
Revision 1.55 / (download) - annotate - [select for diffs], Mon Sep 29 14:03:41 2008 UTC (15 years, 8 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_4_5_BASE,
OPENBSD_4_5
Changes since 1.54: +6 -3 lines
Diff to previous 1.54 (colored)
Correct the logic when matching prefixes. This solves issues where IPv6 prefixes where matched on a simple deny from any prefix 0.0.0.0/0 rule. OK henning@
Revision 1.54 / (download) - annotate - [select for diffs], Sun Jun 15 10:19:21 2008 UTC (15 years, 11 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_4_4_BASE,
OPENBSD_4_4
Changes since 1.53: +3 -2 lines
Diff to previous 1.53 (colored)
Allow bgpd to delete more then one community per filter rule. Fixes PR5807 tested by Raphael Ho long time ago.
Revision 1.53 / (download) - annotate - [select for diffs], Mon May 28 17:26:33 2007 UTC (17 years ago) by henning
Branch: MAIN
CVS Tags: OPENBSD_4_3_BASE,
OPENBSD_4_3,
OPENBSD_4_2_BASE,
OPENBSD_4_2
Changes since 1.52: +2 -2 lines
Diff to previous 1.52 (colored)
allow matching on communities using 0 in the AS part, that is in use. that unfortunately means we cannot use 0 for "unset". ok claudio
Revision 1.52 / (download) - annotate - [select for diffs], Fri May 11 11:27:59 2007 UTC (17 years, 1 month ago) by claudio
Branch: MAIN
Changes since 1.51: +2 -2 lines
Diff to previous 1.51 (colored)
Various spelling fixes from Stuart Henderson.
Revision 1.51 / (download) - annotate - [select for diffs], Mon Apr 23 13:04:24 2007 UTC (17 years, 1 month ago) by claudio
Branch: MAIN
Changes since 1.50: +11 -8 lines
Diff to previous 1.50 (colored)
Make bgpd 4-byte AS compatible. All internal representations of AS numbers are now 4-byte instead of the old 2-byte numbers. The only exception are communities because they can not be switched. The RDE will inflate and deflate the ASPATH and AGGREGATOR attributes on demand and create the NEW_ASPATH and NEW_AGGREGATOR field whenever needed. Both old and new stile sessions are supported and can be mixed. Currently new stile sessions with the 4-byte AS number capability turned on are only enabled if one of the AS numbers involved is a 4-byte one. This is based on an initial diff by Geoff Huston gih (at) apnic (dot) net Cleanup, testing and bug-fixes by myself (via AS 3.10). Currently mrt table dumps are producing incompatible output this will be fixed afterwards -- this diff is already big enough. "get it in if you think it is ready" henning@
Revision 1.50 / (download) - annotate - [select for diffs], Sun May 28 23:24:15 2006 UTC (18 years ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_4_1_BASE,
OPENBSD_4_1,
OPENBSD_4_0_BASE,
OPENBSD_4_0
Changes since 1.49: +3 -8 lines
Diff to previous 1.49 (colored)
Even better nexthop delete behaviour. Do not delete nexthop if they are used by filter sets or if the nexthop is currently looked up. With this the "nexthop_update: non-existent nexthop" warning should be history. OK henning@
Revision 1.49 / (download) - annotate - [select for diffs], Sun May 28 22:07:54 2006 UTC (18 years ago) by claudio
Branch: MAIN
Changes since 1.48: +13 -1 lines
Diff to previous 1.48 (colored)
Preload and pin nexthop used in filtersets so the are validiated when used. This will fix problems with set nexthop on outgoing filters. Found by gluk@ OK henning@
Revision 1.48 / (download) - annotate - [select for diffs], Wed Apr 26 17:13:14 2006 UTC (18 years, 1 month ago) by claudio
Branch: MAIN
Changes since 1.47: +39 -2 lines
Diff to previous 1.47 (colored)
Remove filterset_names from bgpd.h and replace it with a function because the table was already out of sync now. OK henning@
Revision 1.47 / (download) - annotate - [select for diffs], Tue Apr 4 12:03:26 2006 UTC (18 years, 2 months ago) by henning
Branch: MAIN
Changes since 1.46: +3 -1 lines
Diff to previous 1.46 (colored)
add "set nexthop self", force nexthop to be set to own address even with IBGP requested & tested Falk Brockerhoff <fb@smartterra.de>, and tony sarendal tested this too. claudio ok
Revision 1.46 / (download) - annotate - [select for diffs], Thu Feb 9 21:05:09 2006 UTC (18 years, 4 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_3_9_BASE,
OPENBSD_3_9
Changes since 1.45: +29 -1 lines
Diff to previous 1.45 (colored)
Implement "set community delete 65001:*" and friends. This will remove communities from the path attributes. Useful to make sure that the ones you set later are set by a (evil) peer. OK henning@
Revision 1.45 / (download) - annotate - [select for diffs], Fri Feb 3 19:33:14 2006 UTC (18 years, 4 months ago) by claudio
Branch: MAIN
Changes since 1.44: +6 -3 lines
Diff to previous 1.44 (colored)
If the aspath gets copied because it is modified use the copy for filter matching. With this it is possible to make later filters depend on previous filter changes -- e.g. via community attributes.
Revision 1.44 / (download) - annotate - [select for diffs], Fri Feb 3 16:40:57 2006 UTC (18 years, 4 months ago) by claudio
Branch: MAIN
Changes since 1.43: +3 -3 lines
Diff to previous 1.43 (colored)
Doh! Fix stupid copy paste error. Setting the community type to the AS instead of the more obvious type produces really funny errors and gives you some happy hours of debugging.
Revision 1.43 / (download) - annotate - [select for diffs], Thu Feb 2 14:06:05 2006 UTC (18 years, 4 months ago) by claudio
Branch: MAIN
Changes since 1.42: +61 -14 lines
Diff to previous 1.42 (colored)
Implement new special community "neighbor-as". neighbor-as is expanded on the fly to the remote AS of the current neighbor. This can be used to simplify rulesets in a dramatic way -- going from a script based nightmare down to a handfull rules. jajajaja henning@
Revision 1.42 / (download) - annotate - [select for diffs], Tue Jan 24 14:14:04 2006 UTC (18 years, 4 months ago) by claudio
Branch: MAIN
Changes since 1.41: +25 -2 lines
Diff to previous 1.41 (colored)
Check if filter changed on a per peer basis. This should speed up the table run done later as many filter evaluations can be skipped. From the softreconfig in tree. Looks good henning@
Revision 1.41 / (download) - annotate - [select for diffs], Thu Jan 12 14:05:13 2006 UTC (18 years, 5 months ago) by claudio
Branch: MAIN
Changes since 1.40: +13 -6 lines
Diff to previous 1.40 (colored)
Copy AS path in rde_filter() on demand instead of doing it before calling rde_filter(). Adapt path_update() to this change too. path_update() does a path_copy before linking the rde_aspath into the RIB. Looks good Henning.
Revision 1.40 / (download) - annotate - [select for diffs], Tue Jan 10 16:11:12 2006 UTC (18 years, 5 months ago) by claudio
Branch: MAIN
Changes since 1.39: +2 -10 lines
Diff to previous 1.39 (colored)
The attributes cache broke the set community filterset because community_set() modified the attribute data directly and corrupted the cache by doing it. It is no longer allowed to modify attributes via attr_optget() -> change attr->data. Instead remove the old attribute from the aspath and then add a new modifed one again. Included in this change is the removal of a "feature" that allowed only one community per AS. If you had problems to add multiple communities via filters then this was the problem. Looks good Henning.
Revision 1.39 / (download) - annotate - [select for diffs], Thu Dec 8 17:17:36 2005 UTC (18 years, 6 months ago) by claudio
Branch: MAIN
Changes since 1.38: +2 -1 lines
Diff to previous 1.38 (colored)
Missing #include <limits.h>
Revision 1.38 / (download) - annotate - [select for diffs], Tue Nov 29 20:45:21 2005 UTC (18 years, 6 months ago) by claudio
Branch: MAIN
Changes since 1.37: +4 -4 lines
Diff to previous 1.37 (colored)
even more spaces and tabs.
Revision 1.37 / (download) - annotate - [select for diffs], Wed Nov 2 13:19:30 2005 UTC (18 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.36: +134 -2 lines
Diff to previous 1.36 (colored)
Implement filterset_equal() and rde_filter_equal(). Both return 1 if the two passed filter(set)s are equal or 0 otherwise. rde_filter_equal() has an additional argument dir to specify which direction should be considered.
Revision 1.36 / (download) - annotate - [select for diffs], Tue Nov 1 15:21:54 2005 UTC (18 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.35: +5 -7 lines
Diff to previous 1.35 (colored)
Softreconfig out support. On config reload filter changes of outgoing rules will propagte directly to the neighbors. There is no need to restart bgpd in that case. Currently not optimal but a good start. "get it in" henning@
Revision 1.35 / (download) - annotate - [select for diffs], Tue Nov 1 10:58:29 2005 UTC (18 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.34: +1 -16 lines
Diff to previous 1.34 (colored)
Switch from the per peer filter set list to a filter-only solution. The default filter_sets are converted into match filter rules that get evaluated first. Simplifies code massively -- mainly the config reload part -- and makes softreconfig out a piece of cake. "get it in" henning@
Revision 1.34 / (download) - annotate - [select for diffs], Wed Aug 10 08:34:06 2005 UTC (18 years, 10 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_3_8_BASE,
OPENBSD_3_8
Changes since 1.33: +8 -5 lines
Diff to previous 1.33 (colored)
Pass the correct peer to rde_apply_set(). rde_apply_set() needs to know the peer where the prefix came from so that prepend-neighbor works. Extend rde_filter() and make sure that the correct peer is passed. Until now most cases resulted in a NULL peer causing a nasty crash that was found by David Ulevitch. OK henning@
Revision 1.33 / (download) - annotate - [select for diffs], Mon Jul 4 09:37:24 2005 UTC (18 years, 11 months ago) by claudio
Branch: MAIN
Changes since 1.32: +37 -1 lines
Diff to previous 1.32 (colored)
New function filterset_cmp() used two compare two struct filter_set for equality. This function is a bit more complicated than a memcmp() because there are types that need to be considered equal e.g. ACTION_SET_MED and ACTION_SET_RELATIVE_MED. Also ACTION_SET_COMMUNITY and ACTION_SET_NEXTHOP need some special care. OK henning@
Revision 1.32 / (download) - annotate - [select for diffs], Fri Jul 1 22:04:37 2005 UTC (18 years, 11 months ago) by claudio
Branch: MAIN
Changes since 1.31: +2 -3 lines
Diff to previous 1.31 (colored)
More spaces
Revision 1.31 / (download) - annotate - [select for diffs], Fri Jul 1 13:38:14 2005 UTC (18 years, 11 months ago) by claudio
Branch: MAIN
Changes since 1.30: +4 -4 lines
Diff to previous 1.30 (colored)
Switch filter_sets form SIMPLEQ to TAILQ, needed for upcomming stuff.
Revision 1.30 / (download) - annotate - [select for diffs], Fri Jul 1 12:10:21 2005 UTC (18 years, 11 months ago) by claudio
Branch: MAIN
Changes since 1.29: +1 -12 lines
Diff to previous 1.29 (colored)
The newly introduced function filterset_free() existed already as rde_free_set(), I just missed it when I was looking for it. Kill rde_free_set() and use the more correct filterset_free() from now on.
Revision 1.29 / (download) - annotate - [select for diffs], Fri Jul 1 09:19:24 2005 UTC (18 years, 11 months ago) by claudio
Branch: MAIN
Changes since 1.28: +11 -3 lines
Diff to previous 1.28 (colored)
Make the pftable filter set use the name2id "cache" like the route labels. This saves 14 bytes per aspath. OK henning@
Revision 1.28 / (download) - annotate - [select for diffs], Wed Jun 29 09:43:26 2005 UTC (18 years, 11 months ago) by claudio
Branch: MAIN
Changes since 1.27: +26 -1 lines
Diff to previous 1.27 (colored)
rtlabel support via filter sets. Just use "set rtlabel foobar" in filters network and neighbor statements and the routes are labeled accordingly. While doing that fix some mem-leaks by introducing filterset_free() and remove the free on send option of send_filterset(). This took a bit longer because we need to carefully track the rtlabel id refcnts or bad things may happen on reloads. henning@ looks fine
Revision 1.27 / (download) - annotate - [select for diffs], Tue Apr 12 14:32:01 2005 UTC (19 years, 2 months ago) by claudio
Branch: MAIN
Changes since 1.26: +19 -1 lines
Diff to previous 1.26 (colored)
Introduce a per prefix weight. The weight is used to tip prefixes with equal long AS pathes in one or the other direction. It weights a prefix at a very late stage in the decision process. This is a nice bgpd feature to traffic engineer networks where most AS pathes are equally long. OK henning@
Revision 1.26 / (download) - annotate - [select for diffs], Mon Mar 14 17:32:04 2005 UTC (19 years, 2 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_3_7_BASE,
OPENBSD_3_7
Changes since 1.25: +32 -1 lines
Diff to previous 1.25 (colored)
Allow to modify the metrics in a relative way by prepending the number with a '+' or '-'. e.g. set localpref +20. This is another gem from the FOSDEM lying around on my HD gathering dust. OK henning@
Revision 1.25 / (download) - annotate - [select for diffs], Fri Mar 11 12:54:20 2005 UTC (19 years, 3 months ago) by claudio
Branch: MAIN
Changes since 1.24: +8 -3 lines
Diff to previous 1.24 (colored)
Finally commit the transparent-as and nexthop no-modify stuff I wrote on the way to FOSDEM. With transparent-as set to ye bgpd will not prepend his own AS for sent updates. NB the neighbor needs to set "enforce neighbor-as no" or it will not like the received AS paths. With set nexthop no-modify bgpd will change the nexthop as done normaly. OK henning@ man page update with help of jmc@
Revision 1.24 / (download) - annotate - [select for diffs], Thu Feb 24 17:14:53 2005 UTC (19 years, 3 months ago) by claudio
Branch: MAIN
Changes since 1.23: +3 -1 lines
Diff to previous 1.23 (colored)
Add two missing breaks and suddenly using filter has no strange side effects. Sometimes it is good to look at the rib output of a test box.
Revision 1.23 / (download) - annotate - [select for diffs], Thu Dec 23 16:09:26 2004 UTC (19 years, 5 months ago) by henning
Branch: MAIN
Changes since 1.22: +2 -2 lines
Diff to previous 1.22 (colored)
KNF
Revision 1.22 / (download) - annotate - [select for diffs], Tue Nov 23 13:07:01 2004 UTC (19 years, 6 months ago) by claudio
Branch: MAIN
Changes since 1.21: +68 -45 lines
Diff to previous 1.21 (colored)
Switch from a single filter_set to a linked list of sets. With this change it is possible to specify multiple communities. This is also the first step to better bgpd filters. OK henning@
Revision 1.21 / (download) - annotate - [select for diffs], Fri Oct 8 16:36:42 2004 UTC (19 years, 8 months ago) by claudio
Branch: MAIN
Changes since 1.20: +4 -2 lines
Diff to previous 1.20 (colored)
Don't access pointers blindly. asp is NULL for withdraws. This fixes a rde crash noticed by Stefan Wahl and later by henning@. OK henning@
Revision 1.20 / (download) - annotate - [select for diffs], Tue Sep 28 14:08:38 2004 UTC (19 years, 8 months ago) by henning
Branch: MAIN
Changes since 1.19: +2 -2 lines
Diff to previous 1.19 (colored)
one m is enough in incoming, really ;)
Revision 1.19 / (download) - annotate - [select for diffs], Tue Sep 28 12:09:31 2004 UTC (19 years, 8 months ago) by claudio
Branch: MAIN
Changes since 1.18: +29 -9 lines
Diff to previous 1.18 (colored)
Add prepend-neighbor feature. Prepend the remote-as n times similar to prepend-self. Only for incomming UPDATEs. OK henning@
Revision 1.18 / (download) - annotate - [select for diffs], Tue Aug 10 13:02:08 2004 UTC (19 years, 10 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_3_6_BASE,
OPENBSD_3_6
Changes since 1.17: +4 -9 lines
Diff to previous 1.17 (colored)
switch nexthop in struct filter_set form struct in_addr to struct bgpd_addr OK henning@
Revision 1.17 / (download) - annotate - [select for diffs], Tue Aug 10 12:57:18 2004 UTC (19 years, 10 months ago) by claudio
Branch: MAIN
Changes since 1.16: +4 -2 lines
Diff to previous 1.16 (colored)
Correctly set the MED in outgoing UPDATEs. OK henning@
Revision 1.16 / (download) - annotate - [select for diffs], Fri Aug 6 12:04:08 2004 UTC (19 years, 10 months ago) by claudio
Branch: MAIN
Changes since 1.15: +31 -29 lines
Diff to previous 1.15 (colored)
Monster diff to get one step closer to IPv6 support. Cleanup path attribute handling. First of all kill struct attr_flags, all those infos are now in struct rde_aspath. Second move attribute parser functions into rde.c, rde_attr.c is shared between bgpd and bgpctl. Third reimplementation of the nexthop handling. Make it IPv6 ready and fix some major bug relating to "set nexthop". henning@ OK if it breaks nothing
Revision 1.15 / (download) - annotate - [select for diffs], Thu Aug 5 18:44:19 2004 UTC (19 years, 10 months ago) by claudio
Branch: MAIN
Changes since 1.14: +8 -8 lines
Diff to previous 1.14 (colored)
Cleanup aspath specific functions and api. Mainly switch to a refcnt based allocation. This helps to save a bit of RAM. looks good henning@
Revision 1.14 / (download) - annotate - [select for diffs], Thu Aug 5 15:58:21 2004 UTC (19 years, 10 months ago) by claudio
Branch: MAIN
Changes since 1.13: +2 -2 lines
Diff to previous 1.13 (colored)
rename and move prefix_equal() to prefix_compare() which returns -1, 0, 1 similar to memcmp() and all other compare functions in bgpd. OK henning@
Revision 1.13 / (download) - annotate - [select for diffs], Sat Jul 10 10:09:41 2004 UTC (19 years, 11 months ago) by claudio
Branch: MAIN
Changes since 1.12: +3 -3 lines
Diff to previous 1.12 (colored)
Fix reverse logic bug in the prefix filter.
Revision 1.12 / (download) - annotate - [select for diffs], Mon Jul 5 16:54:53 2004 UTC (19 years, 11 months ago) by henning
Branch: MAIN
Changes since 1.11: +5 -1 lines
Diff to previous 1.11 (colored)
implement "set nexthop blackhole" and "set nexthop reject" blackhole/reject routes will be entered to the kernel for matching ones. this is intended to be used with the Cymru Bogon Route Server Project (http://www.cymru.com/BGP/bogon-rs.html) and similar services, claudio ok
Revision 1.11 / (download) - annotate - [select for diffs], Thu Jun 24 23:15:58 2004 UTC (19 years, 11 months ago) by claudio
Branch: MAIN
Changes since 1.10: +4 -12 lines
Diff to previous 1.10 (colored)
First step at multiprotocol support, only partially done. OK henning@
Revision 1.10 / (download) - annotate - [select for diffs], Sun Jun 20 18:35:12 2004 UTC (19 years, 11 months ago) by henning
Branch: MAIN
Changes since 1.9: +2 -2 lines
Diff to previous 1.9 (colored)
at least somewhat consistently name the TAILQ_ENTRYs... this confused me more than once
Revision 1.9 / (download) - annotate - [select for diffs], Mon May 17 12:39:32 2004 UTC (20 years ago) by djm
Branch: MAIN
Changes since 1.8: +12 -1 lines
Diff to previous 1.8 (colored)
extend filter language to allow basic setting of COMMUNITIES attribute. ok claudio@
Revision 1.8 / (download) - annotate - [select for diffs], Fri May 7 10:06:15 2004 UTC (20 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.7: +5 -1 lines
Diff to previous 1.7 (colored)
add a filter option to dump prefixes learned in UPDATEs into a PF table, intended for building realtime BGP blacklists (e.g. with spamd); ok claudio & henning
Revision 1.7 / (download) - annotate - [select for diffs], Thu Mar 11 17:12:51 2004 UTC (20 years, 3 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_3_5_BASE,
OPENBSD_3_5
Changes since 1.6: +19 -1 lines
Diff to previous 1.6 (colored)
Add basic support for communities. Currently it is only possible to filter on communities, e.g match from any community 24640:* set localpref 666 OK henning@
Revision 1.6 / (download) - annotate - [select for diffs], Tue Mar 2 19:29:01 2004 UTC (20 years, 3 months ago) by claudio
Branch: MAIN
Changes since 1.5: +2 -3 lines
Diff to previous 1.5 (colored)
Framework for rib lookups by prefix. OK henning@
Revision 1.5 / (download) - annotate - [select for diffs], Mon Mar 1 23:07:09 2004 UTC (20 years, 3 months ago) by deraadt
Branch: MAIN
Changes since 1.4: +2 -2 lines
Diff to previous 1.4 (colored)
spelling
Revision 1.4 / (download) - annotate - [select for diffs], Fri Feb 27 20:53:56 2004 UTC (20 years, 3 months ago) by claudio
Branch: MAIN
Changes since 1.3: +2 -3 lines
Diff to previous 1.3 (colored)
remove unneded peer pointer in struct prefix and change a in_addr_t to struct in_addr. OK henning@
Revision 1.3 / (download) - annotate - [select for diffs], Tue Feb 24 15:44:33 2004 UTC (20 years, 3 months ago) by claudio
Branch: MAIN
Changes since 1.2: +4 -4 lines
Diff to previous 1.2 (colored)
spaces
Revision 1.2 / (download) - annotate - [select for diffs], Tue Feb 24 15:43:03 2004 UTC (20 years, 3 months ago) by claudio
Branch: MAIN
Changes since 1.1: +12 -5 lines
Diff to previous 1.1 (colored)
Enhance filters. prefixlen knows now 8-24 and 8><24. It is possible to use prefix 10.0.0.0/8 prefixlen >= 8 and set localpref 100 can be set on a per neighbor basis. OK henning@
Revision 1.1 / (download) - annotate - [select for diffs], Thu Feb 19 23:07:00 2004 UTC (20 years, 3 months ago) by claudio
Branch: MAIN
Add support for basic filters. Nothing optimized and it has some issues but this is a huge step forward. OK henning@