Up to [local] / src / usr.sbin / bgpd
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.37 / (download) - annotate - [select for diffs], Wed May 22 08:41:14 2024 UTC (2 weeks, 3 days ago) by claudio
Branch: MAIN
CVS Tags: HEAD
Changes since 1.36: +2 -2 lines
Diff to previous 1.36 (colored)
Convert bgpid, remote_bgpid and clusterid to host byte order. Before the RDE used host byte order for remote_bgpid but all the other code used network byte order. The reason for that was that bgpid was initially an IPv4 address but since RFC 6286 in 2011 this is much more relaxed and so it makes more sense to just treat them as numbers and so host byte order. OK tb@
Revision 1.36 / (download) - annotate - [select for diffs], Wed Mar 20 09:35:46 2024 UTC (2 months, 2 weeks ago) by claudio
Branch: MAIN
Changes since 1.35: +7 -10 lines
Diff to previous 1.35 (colored)
Cleanup AID handling. - Loops over all valid AID should start with AID_MIN and go up to AID_MAX - 1 e.g. for (i = AID_MIN; i < AID_MAX; i++) If for some reason AID_UNSPEC must be handled make that explicit in the for loop. - aid2afi() now returns an error for AID_UNSPEC since there is no valid AFI SAFI combo for AID_UNSPEC. - Add additional checks for AID_MIN where currently only AID_MAX was checked. This affects imsg for route refresh and graceful restart. - Simplify add-path capability handling. Only the negotiated add_path capa sets the flag for AID_UNSPEC to help code to quickly check if any add-path is active. OK tb@
Revision 1.35 / (download) - annotate - [select for diffs], Sat Feb 3 09:26:52 2024 UTC (4 months ago) by jsg
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5
Changes since 1.34: +2 -2 lines
Diff to previous 1.34 (colored)
fix off-by-one in bounds check found by "buffer overflow 'peer->capa.add_path' 7 <= 7" smatch error ok claudio@
Revision 1.34 / (download) - annotate - [select for diffs], Tue Nov 7 11:17:35 2023 UTC (7 months ago) by claudio
Branch: MAIN
Changes since 1.33: +2 -2 lines
Diff to previous 1.33 (colored)
Alter imsg_move() to clear the full imsg buffer instead of just the imsg->data field. This is needed for future imsg API changes. OK tb@
Revision 1.33 / (download) - annotate - [select for diffs], Mon Oct 16 10:25:46 2023 UTC (7 months, 3 weeks ago) by claudio
Branch: MAIN
Changes since 1.32: +2 -1 lines
Diff to previous 1.32 (colored)
Improve IPv6 link-local address handling When a session is established determine the possible interface scope of that session. The scope is only set when the remote address is directly connected. This interface scope is passed to the RDE that uses this information when link-local nexthops are received. Again checking that a link-local nexthop is actually acceptable. OK tb@
Revision 1.32 / (download) - annotate - [select for diffs], Wed Apr 19 13:23:33 2023 UTC (13 months, 3 weeks ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_7_4_BASE,
OPENBSD_7_4
Changes since 1.31: +4 -1 lines
Diff to previous 1.31 (colored)
Implement a way to announce flowspec rules without hitting Adj-RIB-In and Loc-RIB. Flowspec objects are collected in a single flowrib RIB and then directly distributed into the various Adj-RIB-Outs. For this to work add a bypass in the filter logic (flowspec AFI/SAFI are currently accepted without any rule). The filter language lacks a way to allow prefixes based on AFI/SAFI which is the minimum needed. OK tb@
Revision 1.31 / (download) - annotate - [select for diffs], Fri Mar 10 07:57:16 2023 UTC (15 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE,
OPENBSD_7_3
Changes since 1.30: +42 -13 lines
Diff to previous 1.30 (colored)
Compile the output filter rules into per peer filter rules. especially on route-servers the output filters are in the hot path so reducing the number of rules to check has a big impact. I have seen a 25% to 30% speedup in my big IXP testbench. The output ruleset is applied and copied for each peer during config reload and when a peer is initially added. OK tb@
Revision 1.30 / (download) - annotate - [select for diffs], Thu Mar 9 13:12:19 2023 UTC (15 months ago) by claudio
Branch: MAIN
Changes since 1.29: +1 -8 lines
Diff to previous 1.29 (colored)
Major rework of RFC9234 support. My initial interpretation of the RFC was too conservative. Fixes and changes include: - add role output to bgpctl, also adjust the capability output. Note, this changes the JSON output of neighbors a bit. - adjust the config parser to enable the RFC9234 role capability when there is a role set. iBGP and sessions with no role will not announce the role capability. - adjust the role capability announcement to be only on sessions that use either AFI IPv4 or IPv6 and SAFI 1 (AID_INET, AID_INET6). - if there is an OPEN notification indicating that the role capability is bad only disable the capability if it is not enforced. - Adjust capability negotiation, store remote_role on the peer since the neighbors role is no longer needed by the RDE. - inject the OTC attribute on ingress only for AID_INET and AID_INET6. For other AIDs clear the F_ATTR_OTC_LOOP flag. - Adjust the role logic in the RDE and use the peer->role (local role of the system) for all checks. Also remove the check if the role capability was negotiated between peers. - In prefix_eligible() check also if the F_ATTR_OTC_LOOP flag is set. The RFC requires that prefixes must be considered ineligible (and not treat as withdraw as done before) - When generating an UPDATE include the OTC attribute unless the AID is neither AID_INET or AID_INET6. Fixes https://github.com/openbgpd-portable/openbgpd-portable/issues/51 Reported by Pier Carlo Chiodi OK tb@
Revision 1.29 / (download) - annotate - [select for diffs], Mon Feb 13 18:07:53 2023 UTC (15 months, 3 weeks ago) by claudio
Branch: MAIN
Changes since 1.28: +11 -31 lines
Diff to previous 1.28 (colored)
Pass struct rib_entry to rde_generate_updates() instead of struct rib. With this the newbest and oldbest arguments can go since the infromation is part of the rib_entry. Especially the prefix in the rib_entry is always valid so simplify some code in various functions below to use this information. OK tb@
Revision 1.28 / (download) - annotate - [select for diffs], Thu Feb 9 13:43:23 2023 UTC (15 months, 4 weeks ago) by claudio
Branch: MAIN
Changes since 1.27: +6 -6 lines
Diff to previous 1.27 (colored)
Instead of relaying struct peer from the SE to the RDE to fill out 10 stat numbers, just send the peerid and have the RDE response with the stats. The control code will then merge these counters into the real peer struct and send that to bgpctl. This reduces the number of bytes sent around a fair bit. OK tb@
Revision 1.27 / (download) - annotate - [select for diffs], Tue Jan 24 11:28:41 2023 UTC (16 months, 2 weeks ago) by claudio
Branch: MAIN
Changes since 1.26: +2 -1 lines
Diff to previous 1.26 (colored)
Implement ASPA validation and reload logic on ASPA set changes. For this use the validation state (vstate) in struct prefix and struct filterstate to store both the ASPA and ROA validity. Introduce helper functions to set and get the various states for struct prefix and make sure struct filterstate is also setup properly. Change the ASPA state in rde_aspath to be AFI/AID and role independent by storing all 4 possible outcomes. Also add a ASPA generation count which is used to update the rde_aspath ASPA state cache on reloads. Rework the rde_aspa.c code to be AFI/AID and role independent. Doing this for roles is trivial but AFI switch goes deep and is so unnecessary. The reload is combined with the ROA reload logic and renamed to RPKI softreload. OK tb@
Revision 1.26 / (download) - annotate - [select for diffs], Wed Jan 18 13:20:01 2023 UTC (16 months, 2 weeks ago) by claudio
Branch: MAIN
Changes since 1.25: +6 -14 lines
Diff to previous 1.25 (colored)
Improve pending checks in poll loop by ordering them by trigger frequency and by making peer_imsg_pending() a true O(1) function. OK tb@
Revision 1.25 / (download) - annotate - [select for diffs], Fri Sep 23 15:49:20 2022 UTC (20 months, 2 weeks ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2
Changes since 1.24: +27 -15 lines
Diff to previous 1.24 (colored)
Implement a special update generator for add-path send all. The generic add-path code up_generate_addpath() reevaluates everything since this is the simplest way to select the announced paths. For add-path all this is overkill since there is no dependency between prefixes and so individual prefixes can be handled more efficently. Extend rde_generate_updates() to pass the current newbest and oldbest prefixes (for the selected best path) but now also include newpath and oldpath (which is the prefix that is added/removed/modified). If newpath or oldpath is set then a single prefix was altered and up_generate_addpath_all() can just remove or add this prefix. If newpath and oldpath are NULL than the full list based on newbest needs to be inserted and any old path/prefix removed in the process. This improves update generation performance on big route collectors using add-path all substantially. OK tb@
Revision 1.24 / (download) - annotate - [select for diffs], Wed Sep 21 10:39:17 2022 UTC (20 months, 2 weeks ago) by claudio
Branch: MAIN
Changes since 1.23: +19 -1 lines
Diff to previous 1.23 (colored)
Adjust pathid_assign() to be much faster in the common case. Use a per peer path_id_tx to assign to paths received from none add-path enabled peers. This skips two extra walks of the RIB prefix list and is a big speed-up when there are many regular sessions. If the session uses add-path recv then the old way of assigning random path_ids needs to be used. With input and OK tb@
Revision 1.23 / (download) - annotate - [select for diffs], Thu Sep 1 13:23:24 2022 UTC (21 months, 1 week ago) by claudio
Branch: MAIN
Changes since 1.22: +35 -67 lines
Diff to previous 1.22 (colored)
Switch the rde_peer hashtable and peer list to a single RB tree. Only the RDE used a hashtable for lookups while the session engine switched from a list to RB tree some time ago. Use peer_foreach() in the mrt code instead of passing the peer list as an argument. OK benno@ tb@
Revision 1.22 / (download) - annotate - [select for diffs], Fri Aug 26 14:10:52 2022 UTC (21 months, 1 week ago) by claudio
Branch: MAIN
Changes since 1.21: +22 -13 lines
Diff to previous 1.21 (colored)
Handle IMSG_SESSION_* messages immediatly when received and do not put them on the per peer imsg queue. This is mainly for IMSG_SESSION_DOWN. Delaying the session down can race against IMSG_SESSION_ADD which is handled immediatly and as a result an establised connection may be removed in the RDE because of it. The various graceful restart imsgs need similar treatment for similar reasons. In the end when a session is reset/closed the RDE needs to stop all work and flush the per peer imsg queue. With this only update and route refresh messages are handled via the imsg queue. OK tb@
Revision 1.21 / (download) - annotate - [select for diffs], Wed Aug 17 15:15:26 2022 UTC (21 months, 3 weeks ago) by claudio
Branch: MAIN
Changes since 1.20: +2 -2 lines
Diff to previous 1.20 (colored)
Convert bzero() to memset(), bcmp() to memcmp() and bcopy() to memcpy(). The memory regions passed to memcpy() can not overlap so no need for memmove(). OK tb@ deraadt@
Revision 1.20 / (download) - annotate - [select for diffs], Thu Jul 28 13:11:51 2022 UTC (22 months, 1 week ago) by deraadt
Branch: MAIN
Changes since 1.19: +2 -2 lines
Diff to previous 1.19 (colored)
whitespace found during a read-thru; ok claudio
Revision 1.19 / (download) - annotate - [select for diffs], Mon Jul 11 17:08:21 2022 UTC (22 months, 4 weeks ago) by claudio
Branch: MAIN
Changes since 1.18: +16 -2 lines
Diff to previous 1.18 (colored)
Implement send side of RFC7911 ADD-PATH This allows to send out more then one path per perfix to a neighbor that supports add-path receive. OpenBGPD supports a few different modes to select which paths to send: - all: send all valid paths (the ones with a * in bgpctl output) - best: send out only the single best path - ecmp: send out paths that evaluate the same up and including the nexthop metric - as-wide-best: send out paths that evaluete the same up but not including the nexthop metric Currently ecmp and as-wide-best are the same. On top of this best, ecmp and as-wide-best allow to include extra paths (e.g. best plus 2) and for the multipath modes there is also a maximum (e.g. ecmp plus 2 max 4) OK tb@
Revision 1.18 / (download) - annotate - [select for diffs], Thu Jul 7 10:46:54 2022 UTC (23 months ago) by claudio
Branch: MAIN
Changes since 1.17: +60 -12 lines
Diff to previous 1.17 (colored)
Refactor the code that generates updates so that up_generate_updates is only called in one spot. rde_generate_updates() gets a enum eval_mode argument to discern the different cases. peer_generate_update() uses the eval_mode to skip the update if it is not needed. While there also add an extra AID check in IMSG_REFRESH case to make sure the requested AID is actually available for this peer. OK tb@
Revision 1.17 / (download) - annotate - [select for diffs], Mon Jun 27 13:26:51 2022 UTC (23 months, 1 week ago) by claudio
Branch: MAIN
Changes since 1.16: +8 -1 lines
Diff to previous 1.16 (colored)
Add support for RFC 9234 - Route Leak Prevention and Detection Using Roles With this it is possible to send a role in the OPEN message and if that was successful the RDE will add the new OTC attribute if necessary. OK tb@
Revision 1.16 / (download) - annotate - [select for diffs], Mon May 23 13:40:12 2022 UTC (2 years ago) by deraadt
Branch: MAIN
Changes since 1.15: +3 -3 lines
Diff to previous 1.15 (colored)
whitespaces found when I went checking for something else
Revision 1.15 / (download) - annotate - [select for diffs], Tue Mar 22 10:53:08 2022 UTC (2 years, 2 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.14: +2 -2 lines
Diff to previous 1.14 (colored)
Switch from a LIST to TAILQ for the structure to store prefixes on a rib_entry. Mostly mechanical, this simplifies prefix_insert() and prefix_remove() since the redo queue can now just use TAILQ_INSERT_TAIL(). rde_softreconfig_sync_reeval() needs to use TAILQ_CONCAT() to move the list of prefixes over to the local TAILQ_HEAD to reapply them later. OK tb@
Revision 1.14 / (download) - annotate - [select for diffs], Mon Mar 21 17:35:56 2022 UTC (2 years, 2 months ago) by claudio
Branch: MAIN
Changes since 1.13: +4 -3 lines
Diff to previous 1.13 (colored)
Remove the active prefix cache in struct rib_entry. I need the space and it also makes less sense to track this with ECMP or add-path. Replace the re->active access with prefix_best(re) which does the check on the spot. Feedback and OK tb@
Revision 1.13 / (download) - annotate - [select for diffs], Sun Feb 6 09:51:19 2022 UTC (2 years, 4 months ago) by claudio
Branch: MAIN
Changes since 1.12: +20 -20 lines
Diff to previous 1.12 (colored)
Switch from u_intX_t types to stdint.h uintX_t. Mostly mechanical with a few reindents. OK florian@ tb@
Revision 1.12 / (download) - annotate - [select for diffs], Mon Aug 9 08:15:35 2021 UTC (2 years, 10 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0
Changes since 1.11: +11 -3 lines
Diff to previous 1.11 (colored)
Implement reception of multiple paths per BGP session. This is one side of RFC7911 and the send portion will follow. The path-id is extracted from the NLRI encoding an put into struct prefix. To do this the prefix_by_peer() function gets a path-id argument. If a session is not path-id enabled this argument will be always 0. If a session is path-id enabled the value is taken from the NLRI and can be anything, including 0. The value has no meaning in itself. Still to make sure the decision process is able to break a tie the path-id is checked as the last step (this is not part of the RFC but required). OK benno@
Revision 1.11 / (download) - annotate - [select for diffs], Thu Jun 17 16:05:26 2021 UTC (2 years, 11 months ago) by claudio
Branch: MAIN
Changes since 1.10: +37 -1 lines
Diff to previous 1.10 (colored)
Implement RFC 7313 enhanced route refresh. It is off by default and can be enabled with 'announce enhanced refresh yes' Similar to graceful restart this allows to mark routes as stale, refresh them and the flush out routes that are still stale. Enhanced route refresh uses a begin of rr and a end of rr message to signal the various stages. A future enhancement would be the addition of a timeout in case the EoRR message is not sent in reasonable time. OK denis@ job@
Revision 1.10 / (download) - annotate - [select for diffs], Thu Jun 17 08:45:37 2021 UTC (2 years, 11 months ago) by claudio
Branch: MAIN
Changes since 1.9: +9 -1 lines
Diff to previous 1.9 (colored)
Add a bit of extra paranoia befor the up_generate_updates() call in rde_up_dump_upcall(). This is the 4th place up_generate_updates() is called.
Revision 1.9 / (download) - annotate - [select for diffs], Thu May 27 14:32:08 2021 UTC (3 years ago) by claudio
Branch: MAIN
Changes since 1.8: +13 -1 lines
Diff to previous 1.8 (colored)
Rename and move functions used to get per-peer settings to the hopefully better names peer_has_as4byte() and peer_accept_no_as_set(). Move them to rde_peer.c where all other peer functions live. OK sthen@
Revision 1.8 / (download) - annotate - [select for diffs], Thu May 27 13:59:44 2021 UTC (3 years ago) by claudio
Branch: MAIN
Changes since 1.7: +3 -3 lines
Diff to previous 1.7 (colored)
remove excessive tabs and fix a tyop in comment.
Revision 1.7 / (download) - annotate - [select for diffs], Thu May 6 09:18:54 2021 UTC (3 years, 1 month ago) by claudio
Branch: MAIN
Changes since 1.6: +5 -3 lines
Diff to previous 1.6 (colored)
Improve reload behaviour of RDE peer flags and export_type. Add an extra reload barrier (IMSG_RECONF_DRAIN) to the sync of the peer config from the session engine to the rde. Necessary to ensure that the peer config is up to date in the RDE before hitting reconfiguration. Store the export_type and the peer flags outside of peer->conf. Adjust all users of these two fields so they only look at the copies in peer. During reload check the values with the peer->conf to check for changes. If the export_type or the rde evaluate or transparent-as flags changed flush the Adj-RIB-Out for that peer and in a 2nd step rebuild the RIB from scratch. This results in a lot of UPDATE churn but these configs are not altered often. Fix multiple issues in the rde_softreconfig_in_done handler that resulted in multiple runs of the out stage of the softreconfig pipeline. OK benno@
Revision 1.6 / (download) - annotate - [select for diffs], Fri Dec 4 11:57:13 2020 UTC (3 years, 6 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE,
OPENBSD_6_9
Changes since 1.5: +3 -7 lines
Diff to previous 1.5 (colored)
Reference count prefixes added to a pftable. This allows to export prefixes from multiple sessions into the same table. Before a prefix was removed from the table on the first withdraw (even though there was an alternative around). Requested by, tested and OK dlg@
Revision 1.5 / (download) - annotate - [select for diffs], Wed Feb 12 10:33:56 2020 UTC (4 years, 3 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8,
OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.4: +4 -104 lines
Diff to previous 1.4 (colored)
Move the code to figure out the alternate IP address (IPv6 addr for IPv4 sessions and vice versa) from the RDE to the SE. The SE is the right place for this since there getsockname(2) fetches the local address and so the alternate one can be fetched there as well. With this the route pledge is no longer needed in the RDE and the pledge is now just "stdio recvfd". OK benno@
Revision 1.4 / (download) - annotate - [select for diffs], Fri Jan 24 05:44:05 2020 UTC (4 years, 4 months ago) by claudio
Branch: MAIN
Changes since 1.3: +3 -1 lines
Diff to previous 1.3 (colored)
Implement 'max-prefix NUM out' to limit the number of announced prefixes. This is an easy safety switch to not leak full tables to upstreams and peers. If the limit is hit a Cease notification is sent and the session is closed. This implements most of https://tools.ietf.org/html/draft-sa-idr-maxprefix-00 OK job@
Revision 1.3 / (download) - annotate - [select for diffs], Tue Jan 21 06:22:17 2020 UTC (4 years, 4 months ago) by claudio
Branch: MAIN
Changes since 1.2: +2 -2 lines
Diff to previous 1.2 (colored)
Fix a comment
Revision 1.2 / (download) - annotate - [select for diffs], Thu Jan 9 13:31:52 2020 UTC (4 years, 5 months ago) by claudio
Branch: MAIN
Changes since 1.1: +532 -4 lines
Diff to previous 1.1 (colored)
Move peer related code from rde.c to rde_peer.c. Change peer_foreach() to just walk the peer list instead of iterating over the peer hash table. Also change peer_down() arguments so that it can be used as a peer_foreach() callback (which is then used in rde_shutdown()). OK benno@
Revision 1.1 / (download) - annotate - [select for diffs], Wed Jan 1 07:25:04 2020 UTC (4 years, 5 months ago) by claudio
Branch: MAIN
Instead of processing all imsg when reading them store peer specific messages on a per peer queue. This queue is later processed one at a time resulting in a fairer processing of work and avoiding big table dumps to delay processing of other updates. OK denis@ benno@