![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / usr.sbin / bgpd
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.35 / (download) - annotate - [select for diffs], Tue Apr 9 12:09:20 2024 UTC (2 months ago) by claudio
Branch: MAIN
CVS Tags: HEAD
Changes since 1.34: +26 -4 lines
Diff to previous 1.34 (colored)
Increase RTR PDU limit to 48k and limit number of SPAS to 10'000. PDU larger then 48k will result in a session reset while ASPA records with more than 10'000 entries will be implicitly withdrawn. Also truncate RTR error PDUs to only include 256 bytes of the faulty PDU. It makes no sense to include more to identify the issue. OK tb@
Revision 1.34 / (download) - annotate - [select for diffs], Fri Mar 22 15:41:34 2024 UTC (2 months, 2 weeks ago) by claudio
Branch: MAIN
Changes since 1.33: +1 -17 lines
Diff to previous 1.33 (colored)
Rework the cease shutdown reason to work in both directions by looking at the ibuf payload passed to log_notification(). Because of this move ibuf_get_string() and the log_notification() call in parse_notification(). OK tb@
Revision 1.33 / (download) - annotate - [select for diffs], Tue Jan 23 15:59:56 2024 UTC (4 months, 2 weeks ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5
Changes since 1.32: +2 -2 lines
Diff to previous 1.32 (colored)
KNF, space before EOL
Revision 1.32 / (download) - annotate - [select for diffs], Mon Jan 15 11:55:26 2024 UTC (4 months, 3 weeks ago) by claudio
Branch: MAIN
Changes since 1.31: +19 -6 lines
Diff to previous 1.31 (colored)
A cache can send a 'NO_DATA_AVAILABLE' error during version negotiation so handle this case as well. This error triggers an RTR_EVNT_NO_DATA event that moves the session to RTR_STATE_ESTABLISHED (and out of negotiation). When there is no data available the session_id remains unset until data becomes available. So handle this case not only in rtr_parse_cache_response() but also in rtr_parse_notify(). RTR_EVNT_NO_DATA arms the RTR_EVNT_TIMER_RETRY timer. On expiry send a reset or serial query depending on the cache session state. OK tb@
Revision 1.31 / (download) - annotate - [select for diffs], Thu Jan 11 15:38:05 2024 UTC (4 months, 4 weeks ago) by claudio
Branch: MAIN
Changes since 1.30: +6 -1 lines
Diff to previous 1.30 (colored)
Clear the last errors after receiving a RTR_EVNT_END_OF_DATA event. Once the cache is synced we can assume that the errors are no longer relevant. OK tb@
Revision 1.30 / (download) - annotate - [select for diffs], Thu Jan 11 13:08:39 2024 UTC (4 months, 4 weeks ago) by claudio
Branch: MAIN
Changes since 1.29: +2 -1 lines
Diff to previous 1.29 (colored)
Export the rtr session state as string. OK tb@
Revision 1.29 / (download) - annotate - [select for diffs], Thu Jan 11 11:43:07 2024 UTC (4 months, 4 weeks ago) by claudio
Branch: MAIN
Changes since 1.28: +50 -47 lines
Diff to previous 1.28 (colored)
Try to improve RTR version negotiation. RFC8210 and especially draft-ietf-sidrops-8210bis are underspecified when it comes to inital version negotiation. The authors seem to have a very different view on how this works compared to the various RTR cache implementations. Reducing the version on any session close is a problem since it often leads to downgraded sessions where not needed. Instead require the server to send PDUs with their correct version (either a code 4 error, a cache response or cache reset pdu). Extensively tested against various modes of StayRTR. Also tested against routinator which is currently not following the spec (https://github.com/NLnetLabs/routinator/issues/919) and breaks on unknown versions. This is probably not the last change to make RTR version negotiation work but it is a step in the right direction. OK tb@
Revision 1.28 / (download) - annotate - [select for diffs], Wed Jan 10 16:08:36 2024 UTC (4 months, 4 weeks ago) by claudio
Branch: MAIN
Changes since 1.27: +146 -169 lines
Diff to previous 1.27 (colored)
Improve rtr_send_error() so that there is no need to log_warnx() before. Now rtr_send_error() supports a format string for the error message so use this fact to make the error report better. OK tb@
Revision 1.27 / (download) - annotate - [select for diffs], Tue Jan 9 15:13:49 2024 UTC (5 months ago) by claudio
Branch: MAIN
Changes since 1.26: +45 -3 lines
Diff to previous 1.26 (colored)
The End of Data PDU changed between v0 (RFC6810) and v1 (RFC8210). Add struct rtr_endofdata_v0 and rtr_parse_end_of_data_v0() to handle this oddity. With this bgpd supports RFC6810 and RFC8210 and some form of draft-ietf-sidrops-8210bis OK tb@
Revision 1.26 / (download) - annotate - [select for diffs], Tue Jan 9 14:43:41 2024 UTC (5 months ago) by claudio
Branch: MAIN
Changes since 1.25: +2 -3 lines
Diff to previous 1.25 (colored)
rtr_parse_notify() state check is special since we ignore the PDU when it arrives in a strange moment. The RFC is as helpful about this as one could expect. Still I botched the state check and later added an rtr_send_error() call which made the previous worse. OK tb@
Revision 1.25 / (download) - annotate - [select for diffs], Tue Jan 9 14:15:15 2024 UTC (5 months ago) by claudio
Branch: MAIN
Changes since 1.24: +45 -49 lines
Diff to previous 1.24 (colored)
Be more consistent with RTR parse error reporting. Stop calling rtr_send_error() after a parse error in rtr_process_msg(); instead move the calls into the parse functions. Use consistend and useful error text to most rtr_send_error() calls. In parse header also check the minimal version for router key and ASPA pdus before checking their length. OK tb@
Revision 1.24 / (download) - annotate - [select for diffs], Mon Jan 8 16:39:17 2024 UTC (5 months ago) by claudio
Branch: MAIN
Changes since 1.23: +198 -110 lines
Diff to previous 1.23 (colored)
Rework rtr_parse_header() and introduce rtr_check_session_id() to make the initial header parsing simpler. This also allows to simplify the version negotiation dance a bit. More is needed there. OK tb@
Revision 1.23 / (download) - annotate - [select for diffs], Fri Jan 5 11:02:57 2024 UTC (5 months ago) by claudio
Branch: MAIN
Changes since 1.22: +4 -4 lines
Diff to previous 1.22 (colored)
Improve rtr_send_error() logging and demote the FSM state changes from log_info to log_debug. OK tb@
Revision 1.22 / (download) - annotate - [select for diffs], Thu Jan 4 14:30:09 2024 UTC (5 months ago) by claudio
Branch: MAIN
Changes since 1.21: +134 -128 lines
Diff to previous 1.21 (colored)
Convert the RTR PDU parser to use the new ibuf API. Lenght / overflow checks are now handled by ibufs. OK tb@
Revision 1.21 / (download) - annotate - [select for diffs], Wed Jan 3 16:07:37 2024 UTC (5 months ago) by claudio
Branch: MAIN
Changes since 1.20: +17 -16 lines
Diff to previous 1.20 (colored)
Use "established" and "exchange" as RTR state names. "idle" and "active" are used in the BGP FSM with different meaning which leads to confusion. When a RTR session is up the state is "established" apart from the time when a new delta is loaded (between cache response and end of data PDU) the state is "exchange". OK tb@
Revision 1.20 / (download) - annotate - [select for diffs], Wed Dec 27 12:00:30 2023 UTC (5 months, 2 weeks ago) by claudio
Branch: MAIN
Changes since 1.19: +6 -6 lines
Diff to previous 1.19 (colored)
Refactor rtr_parse_error() so that even a NO_DATA_AVAILABLE is logged as last error. So that bgpctl can show that there was no data available. OK tb@
Revision 1.19 / (download) - annotate - [select for diffs], Thu Oct 19 13:14:19 2023 UTC (7 months, 3 weeks ago) by claudio
Branch: MAIN
Changes since 1.18: +42 -26 lines
Diff to previous 1.18 (colored)
While the ibuf_add calls should not fail the way they are used it is still better to check for error. OK tb@
Revision 1.18 / (download) - annotate - [select for diffs], Thu Oct 19 11:12:10 2023 UTC (7 months, 3 weeks ago) by claudio
Branch: MAIN
Changes since 1.17: +12 -20 lines
Diff to previous 1.17 (colored)
Convert rtr_proto.c to use new ibuf API. More yak shaving required which will follow. OK tb@
Revision 1.17 / (download) - annotate - [select for diffs], Wed Aug 16 08:26:35 2023 UTC (9 months, 3 weeks ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_7_4_BASE,
OPENBSD_7_4
Changes since 1.16: +12 -17 lines
Diff to previous 1.16 (colored)
Remove per-AFI ASPA handling in bgpd internals With draft-ietf-sidrops-aspa-profile-16 and draft-ietf-sidrops-aspa-verification-15 the AFI dependence of ASPA records was dropped. So remove this complication form the code. This only removes the AFI handling internally in bgpd but still allows the old syntax in aspa-set tables. The optional address family is just ignored and records are merged together. For RTR sessions draft-ietf-sidrops-8210bis has not yet been updated so right now we still handle RTR sessions as specified there. The IPv4 and IPv6 ASPA entries are handled in two trees and merged together into one AFI independent tree. This is the best we can do for now until IETF updates draft-ietf-sidrops-8210bis. OK tb@ job@
Revision 1.16 / (download) - annotate - [select for diffs], Tue Mar 28 12:15:23 2023 UTC (14 months, 2 weeks ago) by claudio
Branch: MAIN
Changes since 1.15: +23 -2 lines
Diff to previous 1.15 (colored)
Introduce a semaphore to protect intermediate state from different RTR sessions to leak into the RDE via rtr_recalc. Only run rtr_recalc when the last or only RTR session is done with the update. Run a new timer along to ensure that the semaphore is not hold forever. The timeout is currently a very generous 60sec, no RTR cache should be that slow. OK tb@
Revision 1.15 / (download) - annotate - [select for diffs], Fri Mar 17 11:14:10 2023 UTC (14 months, 3 weeks ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE,
OPENBSD_7_3
Changes since 1.14: +6 -3 lines
Diff to previous 1.14 (colored)
Fix rtr_parse_aspa(), the spas array is actually not copied over into the rtr_aspa struct so access them directly from the buf using offset as the address of the first element. OK tb@
Revision 1.14 / (download) - annotate - [select for diffs], Sat Mar 11 10:04:59 2023 UTC (15 months ago) by claudio
Branch: MAIN
Changes since 1.13: +48 -40 lines
Diff to previous 1.13 (colored)
Factor out the cache reset logic into rtr_reset_cache() and use it consitently in all places where the cache should be reset. Additionally adjust the FSM to handle a connection close event in the protocol negotiation phase as a protocol mismatch. Some caches fail to send an error PDU and this allows them to work. A drawback is that if the connection is closed because of a different reason the system will fall back to a lower then necessary version. The RFC and draft mandates this behaviour. OK tb@
Revision 1.13 / (download) - annotate - [select for diffs], Thu Mar 9 17:21:21 2023 UTC (15 months ago) by claudio
Branch: MAIN
Changes since 1.12: +240 -43 lines
Diff to previous 1.12 (colored)
Implement ASPA support in RTR by following draft-ietf-sidrops-8210bis-10. In rtr.c renamed rtr_aspa_merge_set() to rtr_aspa_insert() and move it close to rtr_roa_insert(). In rtr_proto.c most complexity comes from the version negotiation. The ASPA parser is reasonably streight forward. The version negotiation is fragile but that is mostly because of the protocol specification and the fact that RTR cache daemons sometimes fail to send errors. OK tb@
Revision 1.12 / (download) - annotate - [select for diffs], Thu Feb 2 20:31:37 2023 UTC (16 months, 1 week ago) by job
Branch: MAIN
Changes since 1.11: +2 -2 lines
Diff to previous 1.11 (colored)
Emit log messages in consistent format
Revision 1.11 / (download) - annotate - [select for diffs], Wed Feb 1 15:37:34 2023 UTC (16 months, 1 week ago) by job
Branch: MAIN
Changes since 1.10: +3 -3 lines
Diff to previous 1.10 (colored)
Fix spelling
Revision 1.10 / (download) - annotate - [select for diffs], Tue Jan 31 17:14:27 2023 UTC (16 months, 1 week ago) by claudio
Branch: MAIN
Changes since 1.9: +28 -16 lines
Diff to previous 1.9 (colored)
Not only reset the connection when a fatal error is received (or sent) but also reset the cache and start totally fresh. The RFC is exceptionally vague about error handling but in most cases the cache state is enough off after an error that a fresh restart makes most sense. With and OK job@
Revision 1.9 / (download) - annotate - [select for diffs], Tue Jan 31 14:38:43 2023 UTC (16 months, 1 week ago) by job
Branch: MAIN
Changes since 1.8: +5 -5 lines
Diff to previous 1.8 (colored)
Fix RTR error reporting: length fields in Error Reports are 32 bits OK claudio@
Revision 1.8 / (download) - annotate - [select for diffs], Wed Dec 28 21:30:16 2022 UTC (17 months, 1 week ago) by jmc
Branch: MAIN
Changes since 1.7: +2 -2 lines
Diff to previous 1.7 (colored)
spelling fixes; from paul tagliamonte any parts of his diff not taken are noted on tech
Revision 1.7 / (download) - annotate - [select for diffs], Mon Jul 11 16:47:27 2022 UTC (23 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2
Changes since 1.6: +4 -4 lines
Diff to previous 1.6 (colored)
s/can not/cannot/ in comments. No functional change.
Revision 1.6 / (download) - annotate - [select for diffs], Tue Mar 8 13:02:42 2022 UTC (2 years, 3 months ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.5: +15 -15 lines
Diff to previous 1.5 (colored)
Avoid leak of roa in rtr_parse_ipv{4,6}_prefix()
If the length checks trigger, roa is leaked. Pull the length checks
above the allocation, which makes more sense and avoids additional
free(roa).
ok claudio
Revision 1.5 / (download) - annotate - [select for diffs], Sun Feb 6 09:51:19 2022 UTC (2 years, 4 months ago) by claudio
Branch: MAIN
Changes since 1.4: +2 -2 lines
Diff to previous 1.4 (colored)
Switch from u_intX_t types to stdint.h uintX_t. Mostly mechanical with a few reindents. OK florian@ tb@
Revision 1.4 / (download) - annotate - [select for diffs], Mon Aug 2 16:42:13 2021 UTC (2 years, 10 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0
Changes since 1.3: +5 -5 lines
Diff to previous 1.3 (colored)
Shuffle conditions around to help my brain.
Revision 1.3 / (download) - annotate - [select for diffs], Sun Aug 1 00:40:13 2021 UTC (2 years, 10 months ago) by job
Branch: MAIN
Changes since 1.2: +4 -4 lines
Diff to previous 1.2 (colored)
KNF OK benno@
Revision 1.2 / (download) - annotate - [select for diffs], Fri Jul 30 15:34:37 2021 UTC (2 years, 10 months ago) by job
Branch: MAIN
Changes since 1.1: +17 -1 lines
Diff to previous 1.1 (colored)
Add checks when reading VRPs with a maxLength via RTR Ensure the maxLength is greater than or equal to the length of the accompanying prefix, and less than or equal to the length (in bits) of an IP address in the address family (32 for IPv4 and 128 for IPv6). The same checks are applied when reading VRPs from configuration on disk. OK claudio@
Revision 1.1 / (download) - annotate - [select for diffs], Tue Feb 16 08:29:16 2021 UTC (3 years, 3 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE,
OPENBSD_6_9
Add RTR support to OpenBGPD. Add basic support for the protocol. The RTR client runs in a new process where the protocol handling is done and when new data is available all sources are merged into one ROA set which is then loaded into the RDE. The roa-set from the config is also handled by the new RTR engine. Tested by and ok job@