👁 Image
OpenBSD release(s):
1.288 (79),
1.283 (78),
1.282 (77),
1.267 (76),
1.262 (75),
1.259 (74),
1.257 (73),
1.254 (72),
1.242 (71),
1.239 (70),
1.234 (69),
1.229 (68),
1.227 (67 66),
1.215 (65),
1.204 (64),
1.192 (63),
1.191 (62),
1.188 (61),
1.185 (60),
1.184 (59),
1.179 (58),
1.175 (57),
1.174 (56 55),
1.172 (54),
1.170 (53),
1.168 (52 51),
1.167 (50),
1.166 (49),
1.165 (48),
1.155 (47),
1.148 (46),
1.145 (45 44),
1.144 (43 42),
1.143 (41),
1.139 (40),
1.132 (39),
1.123 (38),
1.113 (37),
1.105 (36),
1.88 (35),
Tags:
None
revision
1.290/
(Download) -
annotate -
Thu, 14 May 2026 12:26:44 UTC by claudio
Changes since
1.289:
+9 -4
(diff)
If either tcp_md5_set() or pfkey_establish() fail then also fail the
ongoing connect.
The old graceful failure mode was added for strange cases like kernels
without TCP MD5 support but there is honestly no good reason to limp along.
The correct way to handle this on such broken systems is to edit the config
and remove the auth settings. After that a bgpctl reload will fix the problem
by skipping the TCP MD5 or IPSec setup.
Reported by Frank Denis
OK tb@
revision
1.289/
(Download) -
annotate -
Wed, 13 May 2026 13:49:55 UTC by claudio
Changes since
1.288:
+3 -1
(diff)
Add missing pfkey_remove() calls in error paths for RTR socket establishment.
OK tb@
revision
1.288/
(Download) -
annotate -
Thu, 19 Mar 2026 12:44:22 UTC by claudio
OpenBSD release(s): 79
Changes since
1.287:
+4 -9
(diff)
Implement imsg_send_config and imsg_recv_config which handle the
sending of bgpd_config.
struct bgpd_config includes various pointers and those should not be passed.
Instead use an zeroed stack object and copy_config() to ensure that all
pointers are NULL before passing the struct.
Also implement imsg_recv_config() which does the reverse.
Reported by Shibo, Shawn, Hugo, Systopia Team
OK tb@
revision
1.287/
(Download) -
annotate -
Wed, 04 Feb 2026 11:41:11 UTC by claudio
Changes since
1.286:
+6 -6
(diff)
Improve rde_apply_set() performance by changing filter_sets in the RDE.
Switch away from a linked list of filter_set elements and instead use
an array of stripped down rde_filter_set_elm elements. As a result
rde_apply_set() becomes more efficent since the CPU is no longer waiting
all the time for memory accesses.
Introduce a new way to send and recv the imsgs for IMSG_FILTER_SET.
There is a send and receive function in the new bgpd_imsg.c file that
is also used by bgpctl. The receive function is a lot more strict
and on top of this add imsg_check_filterset() which validates messages
sent on the control socket before passing them on.
OK tb@
revision
1.286/
(Download) -
annotate -
Wed, 03 Dec 2025 12:20:19 UTC by claudio
Changes since
1.285:
+6 -19
(diff)
Factor out filterset_send() (simple rename) and filterset_recv() (common
code) as a first step to optimise filter_set handling in the RDE.
OK tb@
revision
1.285/
(Download) -
annotate -
Tue, 04 Nov 2025 10:47:25 UTC by claudio
Changes since
1.284:
+12 -7
(diff)
Switch main poll event loop of parent process over to use monotime and
timer api. This mainly affects the mrt file handling and removes some
hand rolled timeout handling.
Fix for CID 492342
OK tb@
revision
1.284/
(Download) -
annotate -
Mon, 03 Nov 2025 13:25:38 UTC by tb
Changes since
1.283:
+5 -5
(diff)
bgpd: plug leaks in bgpd_rtr_conn_setup()
Do not leak the socket and ce if setsockopt() fails. Also fix a copy-pasto
in a log_warn()
ok claudio
revision
1.283/
(Download) -
annotate -
Thu, 24 Apr 2025 20:24:12 UTC by claudio
OpenBSD release(s): 78
Changes since
1.282:
+8 -3
(diff)
Both IMSG_CTL_RELOAD and IMSG_DEMOTE pass a string buffer that could
theoretically be not '\0' terminated.
For now just enforce a '\0' at the end of the buffer in question.
This is enough to prevent any bad side-effects from an unterminated string.
Reported by S. Ai, H. Lefeuvre, Systopia team
OK tb@
revision
1.282/
(Download) -
annotate -
Thu, 20 Feb 2025 19:47:31 UTC by claudio
OpenBSD release(s): 77
Changes since
1.281:
+3 -3
(diff)
Abstract internal time into monotime and increase resolution to micorseconds
monotime is tracking CLOCK_MONOTONIC with microsecond resolution as a
64bit long long type. To avoid type confusion and integer promotion
this long long lives inside a struct. The monotime API provides the
necessary functions to add, subtract and convert monotimes.
OK tb@
revision
1.281/
(Download) -
annotate -
Wed, 12 Feb 2025 19:33:20 UTC by claudio
Changes since
1.280:
+4 -4
(diff)
Make the filename for the config file const since it should not be modified.
OK tb@
revision
1.280/
(Download) -
annotate -
Tue, 03 Dec 2024 13:46:53 UTC by claudio
Changes since
1.279:
+15 -21
(diff)
Only set the SO_RCVBUF and SO_SNDBUF on the socketpair to what we want.
Do not retry if that fails hoping for a different result.
OK tb@ kn@
revision
1.279/
(Download) -
annotate -
Mon, 02 Dec 2024 15:13:57 UTC by claudio
Changes since
1.278:
+1 -9
(diff)
Remove the ASPA imsg size workaround now that imsg are large enough to
handle MAX_ASPA_SPAS_COUNT (10k) entries.
OK tb@
revision
1.278/
(Download) -
annotate -
Mon, 02 Dec 2024 15:03:17 UTC by claudio
Changes since
1.277:
+5 -2
(diff)
Bump imsg size up to MAX_BGPD_IMSGSIZE (128k) to support extended messages
and more.
OK tb@
revision
1.277/
(Download) -
annotate -
Thu, 21 Nov 2024 13:38:14 UTC by claudio
Changes since
1.276:
+8 -4
(diff)
Convert simple stuff in usr.sbin over to new imsgbuf_init behaviour
OK tb@
revision
1.276/
(Download) -
annotate -
Thu, 21 Nov 2024 13:22:21 UTC by claudio
Changes since
1.275:
+2 -2
(diff)
bgpd and smtpd include their own imsgbuf_read_nofd() implementation.
Adjust that one as well apart from that the conversion to the new
imsgbuf_read read behaviour is trivial.
OK tb@
revision
1.275/
(Download) -
annotate -
Thu, 21 Nov 2024 13:18:38 UTC by claudio
Changes since
1.274:
+2 -2
(diff)
Use imsgbuf_queuelen() instead of accessing the w.queue member.
OK tb@
revision
1.274/
(Download) -
annotate -
Thu, 21 Nov 2024 13:17:57 UTC by claudio
Changes since
1.273:
+7 -7
(diff)
Use imsgbuf_clear() where appropriate instead of msgbuf_clear().
OK tb@
revision
1.273/
(Download) -
annotate -
Thu, 21 Nov 2024 13:17:01 UTC by claudio
Changes since
1.272:
+6 -6
(diff)
Rename imsg_init, imsg_clear, imsg_read, imsg_write and imsg_flush to
imsgbuf_init, imsgbuf_clear, imsgbuf_read, imsgbuf_write and imsgbuf_flush.
This separates the imsgbuf API from the per-imsg API.
OK tb@
revision
1.272/
(Download) -
annotate -
Thu, 21 Nov 2024 13:16:06 UTC by claudio
Changes since
1.271:
+2 -2
(diff)
Convert imsg_write() callers to the new simplified return logic.
OK tb@
revision
1.271/
(Download) -
annotate -
Thu, 21 Nov 2024 13:10:26 UTC by claudio
Changes since
1.270:
+2 -2
(diff)
Introduce imsg_write() and use it instead of msgbuf_write().
imsg_write() is just a thin wrapper around msgbuf_write(). So this is
mostly search and replace.
OK tb@
revision
1.270/
(Download) -
annotate -
Tue, 08 Oct 2024 12:28:09 UTC by claudio
Changes since
1.269:
+59 -24
(diff)
Extend the socket handover from parent to rtr process to also include teardown
This is needed to support tcp md5sum and ipsec auth for rtr.
OK tb@
revision
1.269/
(Download) -
annotate -
Tue, 01 Oct 2024 11:49:24 UTC by claudio
Changes since
1.268:
+9 -4
(diff)
Rework the pfkey and tcp md5 API to not depend on struct peer.
Instead use struct auth_config and struct auth_state in the pfkey calls
and those tcp_md5 calls where it matters.
This is preparation work to allow RTR to use TCP MD5 as well.
OK tb@
revision
1.268/
(Download) -
annotate -
Mon, 30 Sep 2024 09:42:24 UTC by claudio
Changes since
1.267:
+24 -24
(diff)
In bgpd_rtr_connect() do the setsockopt dance for IP_TOS and TCP_NODELAY
before calling connect(). This way it happens for sure and on top the TOS
is already set on the initial SYN.
OK tb@
revision
1.267/
(Download) -
annotate -
Wed, 04 Sep 2024 15:06:36 UTC by claudio
OpenBSD release(s): 76
Changes since
1.266:
+7 -1
(diff)
Qualifying nexthops via BGP does not properly work since nexthops need
to be rechecked when a BGP route is added (or changed).
We need to revalidate nexthops on inserts (kroute_insert) and
on change (krX_change but only for AID_INET and AID_INET6 -- no nexthops
in the other tables) the nexthop needs to be updated.
Only validate nexthops if 'nexthop qualify via bgp' is enabled. For route
changes the code can depend on the F_NEXTHOP flag.
Fix for: https://github.com/openbgpd-portable/openbgpd-portable/issues/81
OK tb@
revision
1.266/
(Download) -
annotate -
Wed, 04 Sep 2024 13:30:10 UTC by claudio
Changes since
1.265:
+9 -5
(diff)
Call pfkey_remove() only after the Session Engine finished reloading its
configuration. Doing so before could result in some messages being sent
out without proper TCP-MD5 signature.
Fix for: https://github.com/openbgpd-portable/openbgpd-portable/issues/82
OK tb@
revision
1.265/
(Download) -
annotate -
Mon, 12 Aug 2024 09:04:23 UTC by claudio
Changes since
1.264:
+6 -2
(diff)
Add 'min-version' RTR config option and default to RTR version 1 by default.
The min-version pins a minimal required version for rtr session. This is
needed if specific PDUs are required and it ensures that the session is
not suddenly downgraded. This is important for ASPA where a minimum
version of 2 is required. Only then the ASPA PDUs are transmitted.
By default a RTR version of 1 is used but setting min-version to 2
will enable draft-ietf-sidrops-8210bis-14 support and enforce it
at the same time. Right now defaulting to version 2 is not possible
since draft-ietf-sidrops-8210bis failed to progress for a too long
time resulting in split eco system with various incompatible RTR
version 2 implementations.
OK tb@
revision
1.264/
(Download) -
annotate -
Wed, 15 May 2024 09:09:38 UTC by job
Changes since
1.263:
+28 -1
(diff)
Mark RTR and IPv6 BGP packets with DSCP CS6 (network control)
Additionally, set TCP_NODELAY on the RTR socket, there is no need to
queue up messages towards the RTR server.
OK claudio@
revision
1.263/
(Download) -
annotate -
Tue, 09 Apr 2024 12:05:07 UTC by claudio
Changes since
1.262:
+10 -2
(diff)
Check that the ASPA tas array fits in an IMSG before sending the ASPA
record over to RTR or the RDE.
The long term goal is to increase the IMSG size considerably but that
requires some additional API changes to the imsg API.
OK tb@
revision
1.262/
(Download) -
annotate -
Tue, 09 Jan 2024 13:41:32 UTC by claudio
OpenBSD release(s): 75
Changes since
1.261:
+79 -80
(diff)
Convert the parent process imsg handling over to the new imsg API.
This simplifies the code a fair bit and removes direct unchecked memory
access to imsg.data.
OK tb@
revision
1.261/
(Download) -
annotate -
Thu, 04 Jan 2024 10:26:14 UTC by claudio
Changes since
1.260:
+3 -3
(diff)
Rename argument roa of imsg_send_sockets() to rtr since the imsgbuf is
for PROC_RTR.
revision
1.260/
(Download) -
annotate -
Tue, 07 Nov 2023 11:18:35 UTC by claudio
Changes since
1.259:
+4 -4
(diff)
Rename struct imsgbuf *ibuf to *imsgbuf in all places.
ibuf should be reserved for struct ibuf * values.
OK tb@
revision
1.259/
(Download) -
annotate -
Wed, 16 Aug 2023 08:26:35 UTC by claudio
OpenBSD release(s): 74
Changes since
1.258:
+1 -4
(diff)
Remove per-AFI ASPA handling in bgpd internals
With draft-ietf-sidrops-aspa-profile-16 and
draft-ietf-sidrops-aspa-verification-15 the AFI dependence of ASPA
records was dropped. So remove this complication form the code.
This only removes the AFI handling internally in bgpd but still allows
the old syntax in aspa-set tables. The optional address family is just
ignored and records are merged together.
For RTR sessions draft-ietf-sidrops-8210bis has not yet been updated so
right now we still handle RTR sessions as specified there. The IPv4 and
IPv6 ASPA entries are handled in two trees and merged together into one
AFI independent tree. This is the best we can do for now until IETF
updates draft-ietf-sidrops-8210bis.
OK tb@ job@
revision
1.258/
(Download) -
annotate -
Wed, 19 Apr 2023 07:12:22 UTC by claudio
Changes since
1.257:
+22 -1
(diff)
Implement code to pass the flowspec config over to the RDE. The parent
process tracks which prefixes are added / removed and issues the
corresponding imsg calls.
Right now the RDE does nothing with the received information.
OK tb@
revision
1.257/
(Download) -
annotate -
Tue, 14 Feb 2023 15:33:46 UTC by claudio
OpenBSD release(s): 73
Changes since
1.256:
+2 -2
(diff)
No longer wait for the RTR process to finish the config reload before
sending the IMSG_RECONF_DONE message to the RDE. The RDE does not depend
on the RTR config reload (in contrast to the SE).
The ROA / ASPA reload is async from the RDE config reload.
OK tb@
revision
1.256/
(Download) -
annotate -
Fri, 20 Jan 2023 10:30:41 UTC by claudio
Changes since
1.255:
+2 -2
(diff)
comma space not space comma
revision
1.255/
(Download) -
annotate -
Fri, 18 Nov 2022 10:17:23 UTC by claudio
Changes since
1.254:
+24 -9
(diff)
Add plumbing for ASPA support. This implements the parser and part of the
logic in the rtr process. It does not implement the new RTR messages yet
but it is possible to specify an aspa-set in the config. Also the validation
code in the RDE is missing so this does not do anything.
With this in it will be possible to extend rpki-client to publish an
aspa-set as part of the openbgpd config file.
OK tb@
revision
1.254/
(Download) -
annotate -
Wed, 17 Aug 2022 15:15:25 UTC by claudio
OpenBSD release(s): 72
Changes since
1.253:
+2 -2
(diff)
Convert bzero() to memset(), bcmp() to memcmp() and bcopy() to memcpy().
The memory regions passed to memcpy() can not overlap so no need for memmove().
OK tb@ deraadt@
revision
1.253/
(Download) -
annotate -
Thu, 28 Jul 2022 13:11:48 UTC by deraadt
Changes since
1.252:
+3 -3
(diff)
whitespace found during a read-thru; ok claudio
revision
1.252/
(Download) -
annotate -
Sat, 23 Jul 2022 10:24:00 UTC by claudio
Changes since
1.251:
+10 -14
(diff)
Refactor and rename bgpd_filternexthop() to bgpd_oknexthop()
Simplify the logic and adjust kroute_match() which makes the code
easier to understand.
OK tb@
revision
1.251/
(Download) -
annotate -
Fri, 22 Jul 2022 17:26:58 UTC by claudio
Changes since
1.250:
+2 -2
(diff)
Revert previous commit. The RTP_MINE checks on struct kroute_full are
not correct because kr_tofull() replaces RTP_MINE with the real priority.
Noticed because of incorrect nexthop selection.
revision
1.250/
(Download) -
annotate -
Fri, 22 Jul 2022 11:17:48 UTC by claudio
Changes since
1.249:
+2 -2
(diff)
Retire the F_KERNEL flag, it got superseded by route priority and RTP_MINE.
Only problem is when route(8) is used to modify/delete a bgpd owned route.
Exact behaviour for that is still a bit unclear but F_KERNEL does not help
in this case either. In the kr_fib_delete/change remove F_BGPD_INSERTED
in that case as a first step.
OK tb@
revision
1.249/
(Download) -
annotate -
Wed, 20 Jul 2022 12:43:27 UTC by claudio
Changes since
1.248:
+4 -2
(diff)
Cleanup and fix the network code.
- introduce network_free() to properly free a network struct including
the possible rtlabel reference.
- change expand_networks() and the reload code to not only expand the
main network config but also the network configs inside L3VPN sections.
- adjust reload logic to properly match any kind of network struct.
Up until now rtlabel and priority network statememnts were not correctly
reloaded.
OK tb@
revision
1.248/
(Download) -
annotate -
Thu, 23 Jun 2022 13:09:03 UTC by claudio
Changes since
1.247:
+4 -4
(diff)
Move struct kif from bgpd.h to kroute.c
The only user of struct kif was the session engine for the 'depend on'
feature. Switch the imsg exchange to a new struct session_dependon and
rename the IMSG as well.
OK tb@
revision
1.247/
(Download) -
annotate -
Wed, 22 Jun 2022 14:56:11 UTC by claudio
Changes since
1.246:
+5 -11
(diff)
Use struct kroute_full in bgpd_filternexthop() so this code becomes a lot
simpler.
OK tb@
revision
1.246/
(Download) -
annotate -
Wed, 15 Jun 2022 10:10:03 UTC by claudio
Changes since
1.245:
+3 -3
(diff)
Rename F_BGPD_INSERTED to F_BGPD and use F_BGPD_INSERTED as a flag that
indicates that the route was successfully added to the FIB.
Filter out dynamic routes, like it is already done for ARP and ND routes) and
kill F_DYNAMIC.
Also remove the protect_lo() bits. Adding dummy kroute entries does no longer
prevent bad routes to hit the FIB. Also loopback IPs are checked in a few
other places to prevent bad routes to be installed into the FIB.
OK tb@
revision
1.245/
(Download) -
annotate -
Thu, 09 Jun 2022 16:45:19 UTC by claudio
Changes since
1.244:
+13 -9
(diff)
Remove the rdomain / rtableid passed to some kroute functions.
kr_nexthop_add() and kr_nexthop_delete() only operate on the main table
so just pass in the right rdomain id.
kr_shutdown() and kr_dispatch_msg() don't really need the rdomain passed.
The was done for kif_remove(), since that function needs to remove connected
routes from the rdomain table. Connected routes can only exists in the
interfaces rdomain so just use kif->k.rdomain. If such routes exist that
table exists as well. If the table does not exists there are also no
connected routes to track.
OK tb@
revision
1.244/
(Download) -
annotate -
Sun, 05 Jun 2022 12:43:13 UTC by claudio
Changes since
1.243:
+11 -16
(diff)
Rework how fib_priority is handled.
Instead of passing it around all the time put the fib_priority into the
kroute state. It is only needed in send_rtmsg() in the end.
Additionally insert F_BGP_INSERTED routes with a special RTP_MINE priority.
This makes changing the fib_priority at runtime simpler because there
is no need to alter the kroute table anymore.
OK tb@ deraadt@
revision
1.243/
(Download) -
annotate -
Thu, 02 Jun 2022 08:46:25 UTC by claudio
Changes since
1.242:
+3 -3
(diff)
Adjust some warning messages to be a bit more accurate. ktable_update()
actually loads a routing table and not really an rdomain.
revision
1.242/
(Download) -
annotate -
Sun, 06 Feb 2022 09:51:19 UTC by claudio
OpenBSD release(s): 71
Changes since
1.241:
+4 -4
(diff)
Switch from u_intX_t types to stdint.h uintX_t. Mostly mechanical with
a few reindents.
OK florian@ tb@
revision
1.241/
(Download) -
annotate -
Sun, 23 Jan 2022 11:59:40 UTC by claudio
Changes since
1.240:
+3 -2
(diff)
On poll() failure we want to skip pollfd related action but the signal
delivery checks at the end still need to happen. So that on EINTR bgpd
processes reconfigure or mrt files ASAP.
Fix for mrt integration tests.
Reported by and ok anton@
revision
1.240/
(Download) -
annotate -
Thu, 20 Jan 2022 18:06:20 UTC by claudio
Changes since
1.239:
+4 -2
(diff)
Make sure that all poll loops properly restart the poll loop on EINTR.
Also either fail hard or restart after other errors. In anycase do not
look at pollfds after an error.
OK benno@
revision
1.239/
(Download) -
annotate -
Tue, 20 Jul 2021 12:07:46 UTC by claudio
OpenBSD release(s): 70
Changes since
1.238:
+2 -2
(diff)
Add -V to usage. Reported by Pier Carlo Chiodi.
revision
1.238/
(Download) -
annotate -
Wed, 16 Jun 2021 16:24:12 UTC by job
Changes since
1.237:
+6 -2
(diff)
Add command line option to show the version
OK claudio@
revision
1.237/
(Download) -
annotate -
Mon, 17 May 2021 10:47:07 UTC by claudio
Changes since
1.236:
+8 -1
(diff)
Limit the number of concurrent RTR connects to 32.
If the limit is hit the request will be dropped and the rtr process will
retry the connect after the retry timeout. Hopefully by then the number of
connections is down again.
OK deraadt@ benno@
revision
1.236/
(Download) -
annotate -
Tue, 11 May 2021 07:57:24 UTC by claudio
Changes since
1.235:
+119 -15
(diff)
Use non-blocking connect() to setup the RTR socket. connect() can hang for
a long time if the IP is not reachable and would block the main process
while doing so.
Problem noticed by Pier Carlo Chiodi
OK benno@
revision
1.235/
(Download) -
annotate -
Mon, 03 May 2021 13:18:06 UTC by claudio
Changes since
1.234:
+6 -5
(diff)
Like in the session engine do not inline the addr2sa call into connect and
bind. The len argument is modified by addr2sa but is also used as argument
in the call and it is undefined if the value of len in connect is set to
the value "returned" by addr2sa().
Should fix connect issues seen on Linux system.
OK denis@
revision
1.234/
(Download) -
annotate -
Tue, 16 Feb 2021 08:29:16 UTC by claudio
OpenBSD release(s): 69
Changes since
1.233:
+175 -27
(diff)
Add RTR support to OpenBGPD. Add basic support for the protocol.
The RTR client runs in a new process where the protocol handling is done
and when new data is available all sources are merged into one ROA set
which is then loaded into the RDE. The roa-set from the config is also
handled by the new RTR engine.
Tested by and ok job@
revision
1.233/
(Download) -
annotate -
Mon, 04 Jan 2021 17:44:14 UTC by claudio
Changes since
1.232:
+25 -19
(diff)
Rename PFD_PIPE_ROUTE to PFD_PIPE_RDE which is a more obvious name.
Also change the startup code to use enum bgpd_process to select which
process needs to be run. Makes the code in my opinion easier to understand.
OK denis@
revision
1.232/
(Download) -
annotate -
Wed, 30 Dec 2020 07:00:54 UTC by claudio
Changes since
1.231:
+2 -2
(diff)
RB_REMOVE from the correct tree. Dumb copy paste bug introduced by last commit.
Noticed by procter@
revision
1.231/
(Download) -
annotate -
Tue, 29 Dec 2020 15:30:34 UTC by claudio
Changes since
1.230:
+12 -34
(diff)
In preparation for RTR support change the representation of the roa-set
in the parent to a simple RB tree based on struct roa. With this overlapping
ROAs (same prefix & source-as but different maxlen) are now merged in the RDE
when the lookup trie is constructed.
OK benno@
revision
1.230/
(Download) -
annotate -
Thu, 05 Nov 2020 11:52:59 UTC by claudio
Changes since
1.229:
+2 -3
(diff)
Kill bgpd_process, nothing uses it anymore. Instead pass the process
type directly to log init. One less common in bgpd.
OK benno@
revision
1.229/
(Download) -
annotate -
Mon, 11 May 2020 16:59:19 UTC by claudio
OpenBSD release(s): 68
Changes since
1.228:
+5 -5
(diff)
There is no reason to limit the string length of log_reason() to REASON_LEN
charactars. Also fix a long line.
OK benno@ deraadt@
revision
1.228/
(Download) -
annotate -
Sun, 10 May 2020 13:38:46 UTC by deraadt
Changes since
1.227:
+5 -1
(diff)
In bgpctl argument parser, re-arrange 'reason' parsing ('nei action [reason]')
to be more generic, then change 'reload' to take take a '[reason]' also,
which will be logged by bgpd.
ok kn claudio
revision
1.227/
(Download) -
annotate -
Wed, 02 Oct 2019 08:58:34 UTC by claudio
OpenBSD release(s): 67 66
Changes since
1.226:
+6 -7
(diff)
In IMSG_PFKEY_RELOAD do not warn about unknown peers. When a peer is
removed the session engine will issue a IMSG_PFKEY_RELOAD call after
the parent has removed the peer which is no problem and so no need
to fill the log with this.
OK benno@
revision
1.226/
(Download) -
annotate -
Tue, 01 Oct 2019 08:57:47 UTC by claudio
Changes since
1.225:
+2 -2
(diff)
For portable kr_init() returns an fd of -1 which now would end up in an
immediate exit of bgpd. Instead pass the fd via pointer arg.
OK benno@
revision
1.225/
(Download) -
annotate -
Thu, 08 Aug 2019 11:33:08 UTC by claudio
Changes since
1.224:
+38 -22
(diff)
Parse the config file early on startup before bgpd is daemonized.
This way config errors will be directly user visible on startup.
To do this split out send_config() out of reconfigure() which is
sending the config to the SE and RDE.
OK sthen@
revision
1.224/
(Download) -
annotate -
Mon, 05 Aug 2019 08:46:55 UTC by claudio
Changes since
1.223:
+3 -3
(diff)
Cleanup config reload in the RDE. Use the bgpd_conf struct to store sets
and l3vpns instead of temporary globals. Also rework rde_reload_done to
free filters and sets earlier. The soft-reconfiguration process no longer
needs the previous filters / sets to do its work since there is a full
Adj-RIB-Out.
OK benno@
revision
1.223/
(Download) -
annotate -
Mon, 05 Aug 2019 08:36:19 UTC by claudio
Changes since
1.222:
+7 -7
(diff)
Change the order how filtersets are passed during config reloads. Instead
of sending them after e.g. the filter rule send them before. The benefit
is that the filterset is present when a rule is added and so the filter
rule is complete at that moment.
OK benno@
revision
1.222/
(Download) -
annotate -
Wed, 24 Jul 2019 20:25:27 UTC by benno
Changes since
1.221:
+1 -2
(diff)
mrt.h only needs to be included by mrt.c
ok claudio@
revision
1.221/
(Download) -
annotate -
Tue, 23 Jul 2019 06:26:44 UTC by claudio
Changes since
1.220:
+9 -1
(diff)
Clean up RIB related kroute code. Introduce a way to flush a FIB table
from the RDE. Make sure that all nexthops don't get removed in the FIB
when a FIB table is removed. This should only happen for the main FIB.
Remove F_RIB_HASNOFIB which is just confusing since there is already
F_RIB_NOFIB and F_RIB_NOFIBSYNC.
OK benno@
revision
1.220/
(Download) -
annotate -
Fri, 19 Jul 2019 07:40:41 UTC by claudio
Changes since
1.219:
+43 -13
(diff)
When allocating socketpair() increase their send and receive buffers to
4 times the read size. This helps to increase the efficency of poll()
since now most of the time the read and write call can operate on full
buffers.
OK benno@ phessler@
revision
1.219/
(Download) -
annotate -
Wed, 29 May 2019 08:48:00 UTC by claudio
Changes since
1.218:
+2 -4
(diff)
Rework pfkey handling a bit. The old remove then add way of inserting md5sig
hit a race frequently where a session ended up with no key/SPI in the kernel.
Since there is no way to do atomic updates of SADB_X_SATYPE_TCPSIGNATURE
the code is adding a new one then removing the old one.
Also make sure keys are correctly cleared when peers are deconfigured.
May not be perfect but a lot better than what was there before.
Tested by and OK sthen@
revision
1.218/
(Download) -
annotate -
Mon, 27 May 2019 09:14:32 UTC by claudio
Changes since
1.217:
+3 -3
(diff)
Switch the peer TAILQ to a RB tree indexed by the peer id. This way
getpeerbyid() gets a lot quicker at finding the peer when many peers
are configured. In my test case the difference is around 20% runtime.
OK denis@
revision
1.217/
(Download) -
annotate -
Wed, 08 May 2019 18:48:34 UTC by claudio
Changes since
1.216:
+6 -6
(diff)
when passing objects to imsg use the for 'obj, sizeof(*obj)' instead of
'obj, sizeof(struct object)'
OK benno@
revision
1.216/
(Download) -
annotate -
Wed, 08 May 2019 12:41:55 UTC by claudio
Changes since
1.215:
+48 -13
(diff)
Rework the TCP md5sig and IKE handling. Move the pfkey socket to the parent
process in this process. The refreshing of the keys is done whenever the
session state is changes to state IDLE or ACTIVE. This should behave better
when reloading configs with auth changes.
OK benno@
revision
1.215/
(Download) -
annotate -
Sun, 31 Mar 2019 16:57:38 UTC by claudio
OpenBSD release(s): 65
Changes since
1.214:
+11 -22
(diff)
Move the struct peer into bgpd_config and switch it to a TAILQ instead of
the hand-rolled list. This changes the way peers are reloaded since now
both parent and session engine are now merging the lists.
OK denis@
revision
1.214/
(Download) -
annotate -
Sun, 31 Mar 2019 03:36:18 UTC by yasuoka
Changes since
1.213:
+5 -2
(diff)
Avoid calling dup2(oldd, newd) when oldd == newd. In that case the
descriptor keeps CLOEXEC flag then it will be closed unexpectedly by
exec().
ok tedu florian
revision
1.213/
(Download) -
annotate -
Thu, 07 Mar 2019 07:42:36 UTC by claudio
Changes since
1.212:
+22 -2
(diff)
Do a better job at cleaning up the config on shutdown. Remove bits that
were missed before (e.g. network related objects). This helps to detect
memory leaks.
Start using new_config() and free_config() in all places where bgpd_config
structure are used. This way the struct is properly initialised and cleaned
up. Introduce copy_config() to only copy the values into the other struct
leaving the pointers as they were.
Looks good to benno@
revision
1.212/
(Download) -
annotate -
Thu, 14 Feb 2019 14:34:31 UTC by claudio
Changes since
1.211:
+4 -4
(diff)
mrt_timeout() can send out imsgs so better call it before doing the set_pollfd
this ensures that the imsgs go actually out right away.
revision
1.211/
(Download) -
annotate -
Thu, 14 Feb 2019 13:13:33 UTC by claudio
Changes since
1.210:
+5 -4
(diff)
mrt_timeout should just return -1 when there is no timeout set instead
of some strange maximum. The poll loop in bgpd.c already limits the
maximum wait time so there is no need to double it.
While there switch to using time_t for the calculation.
OK phessler@
revision
1.210/
(Download) -
annotate -
Thu, 14 Feb 2019 10:38:04 UTC by claudio
Changes since
1.209:
+1 -1
(diff)
Revert part of last commit, this stuff is unrelated.
revision
1.209/
(Download) -
annotate -
Thu, 14 Feb 2019 10:34:54 UTC by claudio
Changes since
1.208:
+2 -2
(diff)
Use -1 instead of the less portable INFTIM for the poll timeout.
Result is the same.
revision
1.208/
(Download) -
annotate -
Mon, 11 Feb 2019 15:44:25 UTC by claudio
Changes since
1.207:
+19 -21
(diff)
The definition of VPNs in bgpd was never super elegant. The 'depend on
mpeX' config was a bit redundant. Also to make it more flexible (e.g. having
more than one mpeX interface per rdomain the syntax was changed.
To make this possible especially the network distribution logic had to be
adjusted and cleaned up. This should in general make network statements
well defined and conflicts between 'network A.B.C.D/N' and e.g. 'network static'
are handled in a well defined way ('network A.B.C.D/N' has preference).
With and OK dlg@, OK denis@
revision
1.207/
(Download) -
annotate -
Sun, 20 Jan 2019 06:13:40 UTC by bcook
Changes since
1.206:
+13 -8
(diff)
explicitly check if the session engine exited by comparing the pid
ok claudio@
revision
1.206/
(Download) -
annotate -
Fri, 18 Jan 2019 23:30:45 UTC by claudio
Changes since
1.205:
+5 -5
(diff)
Don't store the mpe information in struct ktable but instead pass the
ifindex from the RDE over. This will allow to import prefixes to multiple
mpe interfaces in one rdomain.
OK dlg@
revision
1.205/
(Download) -
annotate -
Thu, 27 Dec 2018 20:23:24 UTC by remi
Changes since
1.204:
+16 -10
(diff)
Check if a control socket or address is already in use befor using it.
If it is used abort startup or let a reload fail.
Sockets are now not unlinked anymore on regular shutdown.
This helps a lot when one tries to do a config check without -n.
Inputs and OK claudio@
revision
1.204/
(Download) -
annotate -
Sat, 29 Sep 2018 08:11:11 UTC by claudio
OpenBSD release(s): 64
Changes since
1.203:
+37 -13
(diff)
Implement origin validation in bgpd. This introduces two new tables, the
roa-set for RPKI based origin validation and a origin-set which allows to
lookup a source-as / prefix pair.
For RPKI a config can be built like this:
roa-set {
165.254.255.0/24 source-as 15562
193.0.0.0/21 maxlen 24 source-as 3333
}
deny from any ovs invalid
match from any ovs valid set community local-as:42
match from any ovs not-found set community local-as:43
Origin sets are similar but only match when the source-as / prefix pair is
valid.
match from any origin-set ARINDB set community local-as:44
Committing this now so that further work can be done in tree.
OK benno@, job@
revision
1.203/
(Download) -
annotate -
Sat, 29 Sep 2018 07:58:06 UTC by claudio
Changes since
1.202:
+25 -5
(diff)
With the introduction of sets the config that is shipped to the RDE got
potentially much bigger. In bad cases the SE activated the config way
before the RDE which is not ideal. Introduce IMSG_RECONF_DRAIN which
acts as a barrier and ensures that both childs got all the config.
Only after that the IMSG_RECONF_DONE message is sent activating
the config in the childs more or less simultaneous.
OK benno@
revision
1.202/
(Download) -
annotate -
Tue, 25 Sep 2018 07:58:11 UTC by claudio
Changes since
1.201:
+5 -5
(diff)
When sending set_tables in the imsg use the right size. Currently the
number of elements is used as size which is always wrong.
revision
1.201/
(Download) -
annotate -
Fri, 21 Sep 2018 04:55:27 UTC by claudio
Changes since
1.200:
+29 -1
(diff)
Implement code to parse, print and reload roa-set tables.
This is sharing a lot of code with prefixset which makes all a bit easier.
A roa-set is defined like this:
roa-set "test2" {
1.2.3.0/24 source-as 1,
1.2.8.0/22 maxlen 24 source-as 3
}
No support for acting on this data yet.
Put it in deraadt@, OK benno@, input and OK denis@
revision
1.200/
(Download) -
annotate -
Thu, 20 Sep 2018 11:45:59 UTC by claudio
Changes since
1.199:
+32 -5
(diff)
Split up as_set into a set_table and an as_set. The first is what does
the lookup and will now also be used in roa-set tries. The as_set is glue
to add the name and dirty flag. Add an accessor to get the set data so
that the imsg sending and printing can be moved into the right places.
This is done mainly because roa-sets need similar but slightly different
versions and making the code more generic is the best way fixing this.
OK benno@
revision
1.199/
(Download) -
annotate -
Thu, 20 Sep 2018 07:46:39 UTC by claudio
Changes since
1.198:
+4 -4
(diff)
Switch prefixset to an RB_TREE instead of a SIMPLEQ. This allows to trigger
on duplicates (which are only reported) but is needed as a preparation step
for roa-sets.
OK benno@ denis@
revision
1.198/
(Download) -
annotate -
Sun, 09 Sep 2018 11:00:51 UTC by benno
Changes since
1.197:
+2 -1
(diff)
Add network prefix-set <name> syntax to announce networks in a prefix-set.
feature discussed with deraadt@ and job@, ok claudio@
revision
1.197/
(Download) -
annotate -
Fri, 07 Sep 2018 10:59:16 UTC by claudio
Changes since
1.196:
+2 -2
(diff)
Some space fixes mentioned by benno@
revision
1.196/
(Download) -
annotate -
Fri, 07 Sep 2018 10:49:22 UTC by claudio
Changes since
1.195:
+2 -2
(diff)
Implement a fast presix-set lookup. This magic trie is able to match a
prefix addr/plen to a prefix-set spec addr/plen prefixlen min - max (a
prefix including prefixlen range). Every addr/plen pair is a node in the
trie and the prefixlen is added as a bitmask to those nodes.
For the lookup the any match is OK, there is no need to do longest or
best prefix matching.
Inspiration for this solution comes from the way bird implements this
which was done by Ondrej Zajicek santiago (at) crfreenet.org
OK benno@
revision
1.195/
(Download) -
annotate -
Fri, 07 Sep 2018 05:43:33 UTC by claudio
Changes since
1.194:
+7 -1
(diff)
Implement as-set a fast lookup table to be used instead of long list of
AS numbers in source-as, AS and transit-as filterstatements. These table
use bsearch to quickly verify if an AS is in the set or not.
The filter syntax is not fully set in stone yet.
OK denis@ benno@ and previously OK deraadt@
revision
1.194/
(Download) -
annotate -
Sat, 14 Jul 2018 12:32:35 UTC by benno
Changes since
1.193:
+3 -3
(diff)
get rid of two more implicit ktable_get with rdomain 0.
should not change anything when run in rdomain 0.
ok henning@ phessler@ claudio@
revision
1.193/
(Download) -
annotate -
Tue, 10 Jul 2018 12:40:41 UTC by benno
Changes since
1.192:
+2 -2
(diff)
You can run multiple copies of bgpd in seperate rdomains.
However, the processes will see each others route messages. Some
structures are not initialized correctly for that, causing at least
useless log messages.
This is an attempt to use the default_tableid where its needed.
A few hardcoded uses of rtable 0 remain.
ok claudio@
revision
1.192/
(Download) -
annotate -
Sat, 10 Feb 2018 01:24:28 UTC by benno
OpenBSD release(s): 63
Changes since
1.191:
+19 -1
(diff)
Add prefix-sets, lists of prefixes which can be used in place of a
prefix in a filter rule. Initial idea hashed out with job@ in Toronto.
This is WIP, i'm commiting it now so we can work on it in the tree.
ok florian@ claudio@
revision
1.191/
(Download) -
annotate -
Sat, 12 Aug 2017 16:31:09 UTC by florian
OpenBSD release(s): 62
Changes since
1.190:
+2 -2
(diff)
Make not yet implemented pledges more visible in grep output.
input benno, deraadt, tedu
also standardize on #if 0 since it makes tedu's editor vomit.
OK benno, pirofti on a previous version
revision
1.190/
(Download) -
annotate -
Tue, 27 Jun 2017 15:58:07 UTC by deraadt
Changes since
1.189:
+2 -2
(diff)
move a global into local context; from rob pierce
revision
1.189/
(Download) -
annotate -
Sun, 28 May 2017 15:16:33 UTC by henning
Changes since
1.188:
+4 -3
(diff)
so far, bgpd was hardcoded to use rtable 0 for nexthop verification.
instead, use the rtable bgpd was started in (route -T <n> exec / rc.d
daemon_rtable) for nexthop verification and as default Adj-RIB-In and
Loc-RIB. This allows multiple bgpds in different rdomains on the same
machine - bgp router virtualization if you like buzzwords.
initial version written under contract more than a year ago, it took us
a while to wrap our brains around the bgpd <-> rdomain interactions -
1) RIBs, 2) nexthop verification and 3) tcp sockets.
ok & input phessler claudio benno
revision
1.188/
(Download) -
annotate -
Tue, 24 Jan 2017 04:22:42 UTC by benno
OpenBSD release(s): 61
Changes since
1.187:
+9 -8
(diff)
sync log.c from relayd et al to bgpd.
there is still a little difference regarding handling of the verbosity
value that will be handled later.
ok claudio@ florian@
revision
1.187/
(Download) -
annotate -
Sat, 03 Sep 2016 16:22:17 UTC by renato
Changes since
1.186:
+25 -58
(diff)
Simplify shutdown process.
On shutdown, there's no need to use kill(2) to kill the child
processes. Just closing the IPC sockets will make the children receive
an EOF, break out from the event loop and then exit.
Tha advantages of this "pipe teardown" are:
* simpler code;
* no need to pledge "proc" in the parent process;
* removal of a (hard to trigger) PID reuse race condition.
ok benno@ claudio@
revision
1.186/
(Download) -
annotate -
Fri, 02 Sep 2016 14:00:29 UTC by benno
Changes since
1.185:
+2 -1
(diff)
work on making log.c similar in all daemons:
move daemon-local functions into new logmsg.c, and reduce
the (mostly whitespace) differences so that log.c's can be diffed easily.
ok claudio@, feedback from henning@, deraadt@, reyk@
revision
1.185/
(Download) -
annotate -
Mon, 20 Jun 2016 20:12:52 UTC by benno
OpenBSD release(s): 60
Changes since
1.184:
+2 -2
(diff)
change the "nexthop 1.2.3.4 now valid: via 192.168.0.1" message to log_debug()
ok deraadt@ florian@ stsp@ phessler@
revision
1.184/
(Download) -
annotate -
Tue, 02 Feb 2016 17:51:11 UTC by sthen
OpenBSD release(s): 59
Changes since
1.183:
+1 -3
(diff)
Remove setproctitle() for the parent process. Because rc.d(8) uses process
titles (including flags) to distinguish between daemons, this makes it
possible to manage multiple copies of a daemon using the normal infrastructure
by symlinking rc.d scripts to a new name. ok jung@ ajacoutot@, smtpd ok gilles@
revision
1.183/
(Download) -
annotate -
Fri, 27 Nov 2015 21:41:30 UTC by claudio
Changes since
1.182:
+6 -6
(diff)
Imporve error messages for the imsg handler code. OK sthen@
revision
1.182/
(Download) -
annotate -
Fri, 20 Nov 2015 23:26:08 UTC by florian
Changes since
1.181:
+5 -1
(diff)
bgpd has been naughty. It tries to play with AF_UNIX sockets without
pledging "unix".
Move control_listen up to the main process which already has
pledge("unix"). accept(2) was already allowed.
(Technically no longer necessary since listen(2) is now allowed, too,
but this moves it to the right place.)
OK claudio@, deraadt@
revision
1.181/
(Download) -
annotate -
Tue, 17 Nov 2015 17:54:01 UTC by benno
Changes since
1.180:
+7 -1
(diff)
pledge() esposes a design issue in bgpd that will take a moment to
get right, so disable the pledge() call in bgpd (parent process) for now.
ok deraadt@
revision
1.180/
(Download) -
annotate -
Thu, 12 Nov 2015 20:49:46 UTC by benno
Changes since
1.179:
+16 -1
(diff)
pledge the bgpd main process. Some of the promises can be improved upon
with a bit of rework, so comment why they are needed.
ok deraadt@
revision
1.179/
(Download) -
annotate -
Tue, 04 Aug 2015 14:46:38 UTC by phessler
OpenBSD release(s): 58
Changes since
1.178:
+3 -3
(diff)
Give more precise errors, to help track when bgpd quits
OK florian@ benno@ sthen@ deraadt@
revision
1.178/
(Download) -
annotate -
Mon, 20 Jul 2015 16:10:37 UTC by claudio
Changes since
1.177:
+168 -54
(diff)
Make bgpd execute the RDE and session engine process instead of just forking.
This way ASLR and stack cookies are per process.
With input from benno@ and deraadt@
OK benno@
revision
1.177/
(Download) -
annotate -
Thu, 16 Jul 2015 18:26:04 UTC by claudio
Changes since
1.176:
+26 -50
(diff)
Next round of config cleanup. Move various lists into the bgpd_config struct.
This is the next step to better split parsing and merging the config.
OK benno@
revision
1.176/
(Download) -
annotate -
Sat, 14 Mar 2015 02:43:02 UTC by claudio
Changes since
1.175:
+11 -9
(diff)
Move the command line options (mainly -d and -v) out of struct bgpd_config
into a own flag field since these can't be modified via a config reload.
OK henning@ benno@ before lock
revision
1.175/
(Download) -
annotate -
Mon, 09 Feb 2015 11:37:31 UTC by claudio
OpenBSD release(s): 57
Changes since
1.174:
+9 -13
(diff)
Kill session_socket_blockmode() and replace it with SOCK_CLOEXEC or
SOCK_NONBLOCK and accept4(). OK henning@ tested & OK benno@
revision
1.174/
(Download) -
annotate -
Wed, 13 Nov 2013 20:41:01 UTC by benno
OpenBSD release(s): 56 55
Changes since
1.173:
+4 -3
(diff)
from claudio
"Let msgbuf_write return -1 with errno EAGAIN. The users then must
check if this was the case and readd the event or poll again. The
current handling in the imsg code is wrong for sure."
ok gilles, benno
revision
1.173/
(Download) -
annotate -
Wed, 13 Nov 2013 09:14:48 UTC by florian
Changes since
1.172:
+19 -13
(diff)
Knob to set priority with which bgpd inserts routes into the kernel
routing table. Need for it in "special" setups pointed out by
Loic Blot (loic.blot _AT_ unix-experience _DOT_ fr) on tech.
OK benno, henning
revision
1.172/
(Download) -
annotate -
Fri, 31 May 2013 23:10:13 UTC by claudio
OpenBSD release(s): 54
Changes since
1.171:
+9 -9
(diff)
Unfuck BGP MPLS VPNs that got broken by the last few reload related commits.
OK henning@
revision
1.171/
(Download) -
annotate -
Thu, 07 Mar 2013 21:26:28 UTC by claudio
Changes since
1.170:
+7 -8
(diff)
Implements a few missing bits for better templates support:
- on config reload also adjust the cloned neighbors so that they get the
config changes as well.
- clean up sessions that are 1h idle but in state active (instead of down)
- add bits to allow bgpctl to destroy cloned neighbors
Tested by sthen@ some time ago, OK phessler@
revision
1.170/
(Download) -
annotate -
Fri, 02 Nov 2012 18:02:45 UTC by florian
OpenBSD release(s): 53
Changes since
1.169:
+2 -1
(diff)
Unstick bgpctl reload after reloading a bgpd.conf with errors.
ok claudio, benno
revision
1.169/
(Download) -
annotate -
Tue, 18 Sep 2012 09:45:51 UTC by claudio
Changes since
1.168:
+19 -3
(diff)
Only allow one reload request at a time in bgpd. Needed for further work.
OK sthen@, benno@, henning@
revision
1.168/
(Download) -
annotate -
Sat, 20 Aug 2011 19:02:28 UTC by sthen
OpenBSD release(s): 52 51
Changes since
1.167:
+3 -1
(diff)
Decouple log_verbose() from log_init() so the verbose flag stays set with
"-v" (previously only "-vd" worked). Similar to recent ospfd commit.
ok claudio@
revision
1.167/
(Download) -
annotate -
Sun, 01 May 2011 10:42:28 UTC by claudio
OpenBSD release(s): 50
Changes since
1.166:
+3 -1
(diff)
Free cname and rcname on exit. Found by Milosz Jakubowski
revision
1.166/
(Download) -
annotate -
Thu, 02 Sep 2010 14:03:21 UTC by sobrado
OpenBSD release(s): 49
Changes since
1.165:
+2 -2
(diff)
remove trailing spaces and tabs from source code; no binary changes
(verified by both sthen@ and me).
ok sthen@; "just commit it" claudio@
revision
1.165/
(Download) -
annotate -
Mon, 28 Jun 2010 19:52:03 UTC by sobrado
OpenBSD release(s): 48
Changes since
1.164:
+3 -3
(diff)
remove -r and -s from usage, these options were dropped on a previous
change to bgpd; while here, rewrite usage() in a more usual way.
ok jmc@
revision
1.164/
(Download) -
annotate -
Sun, 27 Jun 2010 19:53:34 UTC by claudio
Changes since
1.163:
+51 -11
(diff)
Instead of specifying the control sockets on the command line have them
in bgpd.conf. This allows to add/modify restricted control sockets on runtime.
Feature request by a few people how often forgot to add -r path when restarting
bgpd (including myself).
NOTE: this removes the -s and -r arguments from bgpd so pay attention when
updateing.
jajaja sthen@, OK henning@
revision
1.163/
(Download) -
annotate -
Wed, 19 May 2010 12:44:14 UTC by claudio
Changes since
1.162:
+11 -8
(diff)
Add softreconfig support for peers changing the RIB. Done by first unloading
the old RIB and then via softreconfig in and a special softreconfig out loading
the new RIB.
Feature requested and testeded by Elisa Jasinska.
OK henning@
revision
1.162/
(Download) -
annotate -
Mon, 17 May 2010 15:49:29 UTC by claudio
Changes since
1.161:
+63 -80
(diff)
Last bits of MPLS VPN support. Hook kernel routing tables and RIB together.
This adds a bit of new config to specify the mapping between an rdomain and
the BGP MPLS VPN instance, example:
rdomain 1 {
descr "CUSTOMER1"
rd 65003:1
import-target rt 65003:3
export-target rt 65003:1
depend on mpe0
network 192.168.224/24
}
The "depend on mpe0" is a but ugly but for now this is the quickest way to
figure out which interface bgp should use to insert the MPLS routes.
A big side-effect of this diff is that networks are now internally
distributed through kroute.c.
This needs some kernel changes that will follow hopefully soon.
OK henning@
revision
1.161/
(Download) -
annotate -
Mon, 03 May 2010 13:09:38 UTC by claudio
Changes since
1.160:
+26 -14
(diff)
Make it possible to load multiple routing tables at the same time and use
those for alternate RIBs. This allows to use "rde rib TESTIT rtable 1".
NOTE: nexthop verification has changed for alternate tables. For now
nexthop will only be verified against the main routing table (id 0).
Because of this "nexthop qualify via bgp" may now compare the nexthops
against bgpd routes from a different RIB.
Tested by sthen@, OK to move on by henning@
revision
1.160/
(Download) -
annotate -
Mon, 26 Apr 2010 12:25:06 UTC by claudio
Changes since
1.159:
+3 -2
(diff)
Add some { } for better readability and to make the code look like the
other blocks in this function.
revision
1.159/
(Download) -
annotate -
Mon, 26 Apr 2010 08:46:31 UTC by claudio
Changes since
1.158:
+1 -5
(diff)
Fix some memory leaks on config reload failure and move one particular
cleanup loop to parse.y where it belongs.
OK henning@
revision
1.158/
(Download) -
annotate -
Thu, 22 Apr 2010 08:24:58 UTC by claudio
Changes since
1.157:
+2 -2
(diff)
Including bgpd.h in mrt.h is dumb.
revision
1.157/
(Download) -
annotate -
Tue, 13 Apr 2010 09:09:48 UTC by claudio
Changes since
1.156:
+16 -24
(diff)
Instead of passing AF specific struct kroutes over imsgs use a struct
kroute_full structure that is AF independent and has all information in
it. Simplifies the communication between processes and reduces the number
of imsg types. This is another step to add FIB support to BGP MPLS VPNs.
revision
1.156/
(Download) -
annotate -
Mon, 29 Mar 2010 09:09:25 UTC by claudio
Changes since
1.155:
+14 -21
(diff)
Since we always reload the config now there is no need to allocate the
filter list head. It is only used temporary in reconfigure().
OK henning
revision
1.155/
(Download) -
annotate -
Wed, 03 Mar 2010 09:40:56 UTC by claudio
OpenBSD release(s): 47
Changes since
1.154:
+1 -2
(diff)
Remove superfluous newline
revision
1.154/
(Download) -
annotate -
Thu, 11 Feb 2010 14:40:06 UTC by claudio
Changes since
1.153:
+2 -2
(diff)
We need to load the config before kr_init() is called or fib-update is
ignored. Found and fix tested by Elisa Jasinska.
revision
1.153/
(Download) -
annotate -
Mon, 11 Jan 2010 05:47:51 UTC by claudio
Changes since
1.152:
+7 -6
(diff)
Do not crash when starting up with a bad config file. Check that
conf.listen_addr is actually valid before deref.
revision
1.152/
(Download) -
annotate -
Thu, 31 Dec 2009 15:34:02 UTC by claudio
Changes since
1.151:
+15 -40
(diff)
Instead of passing the config via arguments to the childs on bootup issue
a config reload as first step in bootup. This allows childs to start with
an empty config and a lot of special cleanup code can bite the dust.
Testing by myself and sthen@ with a few configs (more testing welcome).
Seems like a good idea henning@ & sthen@
revision
1.151/
(Download) -
annotate -
Tue, 01 Dec 2009 14:28:05 UTC by claudio
Changes since
1.150:
+5 -5
(diff)
Use an artificial address family id in struct bgpd_addr and almost everywhere
else. Adds conversion functions to map AFI/SAFI and the Unix AF_ values
from and into AID used in bgpd. This is needed to support things like MPLS
VPN and other upcomming changes that need to play a lot with AFI/SAFI pairs.
Mostly mechanical change, henning@ has no particular issues with this.
Must go in so that I can continue working.
revision
1.150/
(Download) -
annotate -
Mon, 02 Nov 2009 20:38:15 UTC by claudio
Changes since
1.149:
+9 -3
(diff)
Implement IMSG_CTL_LOG_VERBOSE similar to ospfd. Even though bgpd has almost
no log_debug() it makes more sense to make all routing daemons behave the same.
revision
1.149/
(Download) -
annotate -
Mon, 20 Jul 2009 15:00:13 UTC by claudio
Changes since
1.148:
+5 -1
(diff)
On config reload errors free the list of ribs so that following reloads
don't fail because of redefinition conflicts. This problem was reported
by some people.
revision
1.148/
(Download) -
annotate -
Sun, 07 Jun 2009 00:30:23 UTC by claudio
OpenBSD release(s): 46
Changes since
1.147:
+11 -1
(diff)
First attempt at reload support for RIBs. There is some magic that I do
not fully understand but at least no flames are comming out of my test
box anymore.
revision
1.147/
(Download) -
annotate -
Fri, 05 Jun 2009 20:26:38 UTC by claudio
Changes since
1.146:
+3 -2
(diff)
Adjust print_config to all the stuff added in the last days.
revision
1.146/
(Download) -
annotate -
Thu, 04 Jun 2009 04:46:42 UTC by claudio
Changes since
1.145:
+9 -3
(diff)
Add "rde rib <name>" to the config and allow the rde to use these other RIBs.
Still a bit hackish, reload is missing and printconf as well. Looks good h@
revision
1.145/
(Download) -
annotate -
Mon, 12 May 2008 19:15:02 UTC by pyr
OpenBSD release(s): 45 44
Changes since
1.144:
+6 -1
(diff)
Error out with usage line if additional arguments are given after the
option parsing. Found out the hard way by jdixon on ifstated.
ok sobrado@, jdixon@, millert@
revision
1.144/
(Download) -
annotate -
Fri, 11 May 2007 11:27:59 UTC by claudio
OpenBSD release(s): 43 42
Changes since
1.143:
+2 -2
(diff)
Various spelling fixes from Stuart Henderson.
revision
1.143/
(Download) -
annotate -
Fri, 26 Jan 2007 17:40:48 UTC by claudio
OpenBSD release(s): 41
Changes since
1.142:
+8 -3
(diff)
Massiv rework of the control imsg flow. Main changes:
- dedicated pipe between the SE and the RDE for control messages
- restartable RB tree dumps in the RDE
- queuing limits both in the SE and RDE
The result is a dramatic decrease of memory consumption on operations like
bgpctl show rib. Previously all messages where first stored in the RDE
then passed to the SE where they got queued in case bgpctl was not fast enough.
Now only a small number of messages is generated and passed to the SE and
the SE has an additional limit instead of acting like an infinite buffer.
Without this the bgpd on bgpd.networx.ch would not survive a single minute.
looks good henning@
revision
1.142/
(Download) -
annotate -
Thu, 04 Jan 2007 18:38:51 UTC by henning
Changes since
1.141:
+2 -1
(diff)
ignore SIGPIPE, like the other 2 processes already do. we detect broken
pipes without the signal just fine. ok claudio
revision
1.141/
(Download) -
annotate -
Thu, 04 Jan 2007 12:43:36 UTC by claudio
Changes since
1.140:
+2 -2
(diff)
Do not run rde_shutdown() unless bgpd is started with -d.
On some of my systems rde_shutdown() takes more than 3min doing nothing more
than calling free(3) over and over again.
revision
1.140/
(Download) -
annotate -
Tue, 28 Nov 2006 16:39:34 UTC by henning
Changes since
1.139:
+3 -2
(diff)
allow bgpd to work on alternate routing tables, claudio ok, jmc manpage help
revision
1.139/
(Download) -
annotate -
Mon, 19 Jun 2006 20:48:36 UTC by jmc
OpenBSD release(s): 40
Changes since
1.138:
+2 -2
(diff)
add -c to usage() and synopsis;
revision
1.138/
(Download) -
annotate -
Sat, 17 Jun 2006 14:06:09 UTC by henning
Changes since
1.137:
+19 -2
(diff)
implement carp demotion control for bgpd.
sessions can be configured to modify the carp demotion counter for a
given interface group (usually, "carp", which has all carp interfaces)
when the session is not established. once the session is established for
60 seconds, the demotion is cleared.
this, used correctly, can prevent a bgpd-box which lost all sessions (and
thus has no routes) to be carp master, while the backup has sessions.
thought through and partially hacked on a drive from calgary to vancouver
with ryan, ok claudio
revision
1.137/
(Download) -
annotate -
Sat, 27 May 2006 21:24:36 UTC by claudio
Changes since
1.136:
+24 -4
(diff)
Pass a IMSG_CTL_RESULT messgae back to bgpctl on reloads to indicate if
the reload was successful or not. OK henning@
revision
1.136/
(Download) -
annotate -
Wed, 26 Apr 2006 20:00:03 UTC by claudio
Changes since
1.135:
+7 -8
(diff)
Last argument to send_filterset() is a left-over from one of my not so clever
ideas that will never be included and always set to 0. Kill it.
revision
1.135/
(Download) -
annotate -
Wed, 22 Mar 2006 13:30:35 UTC by claudio
Changes since
1.134:
+27 -2
(diff)
Change the way bgpd selects nexthops. Up until now every route was considered
when calculating the nexthop. Now only non BGP routes and not the default
route are used unless forced with the new config options
nexthop qualify via bgp
nexthop qualify via default
This change is required for complex setups e.g. where an additional IGP is
running. OK henning@
revision
1.134/
(Download) -
annotate -
Wed, 15 Mar 2006 12:54:01 UTC by claudio
Changes since
1.133:
+2 -2
(diff)
Sync usage with man page (sort arguments).
revision
1.133/
(Download) -
annotate -
Wed, 15 Mar 2006 11:33:42 UTC by claudio
Changes since
1.132:
+8 -4
(diff)
Allow the control socket to be changed on the command line. Useful if you
need to run multiple bgpds on a single box to simulate a IX. This helped
me massivly debugging error reports. OK henning@
revision
1.132/
(Download) -
annotate -
Tue, 24 Jan 2006 14:26:52 UTC by claudio
OpenBSD release(s): 39
Changes since
1.131:
+29 -32
(diff)
Functions in the poll() loop should only be moved around if there are no
side-effects. Revert last changes and make bgpctl reload work again.
revision
1.131/
(Download) -
annotate -
Tue, 24 Jan 2006 10:05:24 UTC by henning
Changes since
1.130:
+2 -2
(diff)
KNF
revision
1.130/
(Download) -
annotate -
Tue, 24 Jan 2006 10:03:44 UTC by henning
Changes since
1.129:
+8 -4
(diff)
introduce a second control socket, which is restricted to certain messages,
nameley the show ones. needed for looking glass style applications,
monitoring etc. claudio ok
revision
1.129/
(Download) -
annotate -
Tue, 03 Jan 2006 16:49:23 UTC by claudio
Changes since
1.128:
+2 -1
(diff)
Plug some mem leaks.
revision
1.128/
(Download) -
annotate -
Tue, 03 Jan 2006 13:13:16 UTC by claudio
Changes since
1.127:
+29 -26
(diff)
Move the signal handler flags check between the poll() call and the poll
fd handling. Do not access poll fd in case of an error or timeout.
With and OK dlg@
revision
1.127/
(Download) -
annotate -
Sat, 24 Dec 2005 14:11:13 UTC by claudio
Changes since
1.126:
+2 -1
(diff)
bzero the pfd array before setting it up and calling poll because on error
(e.g. EINTR) poll() will not update the pfd array (copyout) and so the old
revents are used and results in a blocking parent process. OK dlg@
revision
1.126/
(Download) -
annotate -
Wed, 02 Nov 2005 15:03:02 UTC by claudio
Changes since
1.125:
+16 -8
(diff)
Reorder and comment reconfigure(). Makes more sense so.
revision
1.125/
(Download) -
annotate -
Tue, 01 Nov 2005 10:58:29 UTC by claudio
Changes since
1.124:
+1 -4
(diff)
Switch from the per peer filter set list to a filter-only solution.
The default filter_sets are converted into match filter rules that get
evaluated first. Simplifies code massively -- mainly the config reload
part -- and makes softreconfig out a piece of cake. "get it in" henning@
revision
1.124/
(Download) -
annotate -
Thu, 13 Oct 2005 09:09:20 UTC by claudio
Changes since
1.123:
+8 -11
(diff)
Simplify poll loop as well. "grrr, OK" henning@
revision
1.123/
(Download) -
annotate -
Fri, 01 Jul 2005 13:38:14 UTC by claudio
OpenBSD release(s): 38
Changes since
1.122:
+2 -2
(diff)
Switch filter_sets form SIMPLEQ to TAILQ, needed for upcomming stuff.
revision
1.122/
(Download) -
annotate -
Wed, 29 Jun 2005 09:43:25 UTC by claudio
Changes since
1.121:
+10 -15
(diff)
rtlabel support via filter sets. Just use "set rtlabel foobar" in filters
network and neighbor statements and the routes are labeled accordingly.
While doing that fix some mem-leaks by introducing filterset_free() and
remove the free on send option of send_filterset().
This took a bit longer because we need to carefully track the rtlabel id
refcnts or bad things may happen on reloads.
henning@ looks fine
revision
1.121/
(Download) -
annotate -
Thu, 09 Jun 2005 15:32:03 UTC by claudio
Changes since
1.120:
+17 -3
(diff)
Change the "network connected|static" statements to "network inet|inet6
connected|static" so that it is possible to distinguish between IPv4 and IPv6
addresses. "network connected|static" is considered deprecated but will be
supported as an alias for "network inet connected|static" for some time (one
release) to simplify upgrades. This also solve a nasty crash when using
"network connected". OK henning@
revision
1.120/
(Download) -
annotate -
Fri, 27 May 2005 17:59:50 UTC by henning
Changes since
1.119:
+2 -2
(diff)
will throw claudio in a big pot of kaesefondue for repeated whitespace fuckups
revision
1.119/
(Download) -
annotate -
Fri, 27 May 2005 17:52:10 UTC by claudio
Changes since
1.118:
+28 -5
(diff)
kroute6 support, at least partially. Get it in so that Henning can clean it
up more. OK henning@
revision
1.118/
(Download) -
annotate -
Mon, 23 May 2005 22:48:53 UTC by henning
Changes since
1.117:
+1 -2
(diff)
one more endpwent
revision
1.117/
(Download) -
annotate -
Thu, 28 Apr 2005 13:54:45 UTC by claudio
Changes since
1.116:
+50 -1
(diff)
Support for "network connected" and "network static" -- announce all
directly connected respectively all static routes. The list is auto-
matically adjusted as soon as a route changes.
OK henning@
revision
1.116/
(Download) -
annotate -
Wed, 30 Mar 2005 11:23:15 UTC by henning
Changes since
1.115:
+10 -10
(diff)
bgpd used to open listeners in advance in the parent and the SE picked
those it needed, closing all the others. this has some nasty races.
so let the parent keep the list of listeners so it knows when it has
to open a new one
claudio ok, also tested by jason ackley
revision
1.115/
(Download) -
annotate -
Mon, 28 Mar 2005 15:03:33 UTC by henning
Changes since
1.114:
+4 -2
(diff)
free rules_l if the initial config file parse fails
revision
1.114/
(Download) -
annotate -
Thu, 24 Mar 2005 02:39:16 UTC by tedu
Changes since
1.113:
+11 -7
(diff)
fix memory leak in error paths. found with coverity prevent.
ok claudio henning
revision
1.113/
(Download) -
annotate -
Wed, 09 Feb 2005 10:56:28 UTC by henning
OpenBSD release(s): 37
Changes since
1.112:
+4 -1
(diff)
need to send IMSG_NETWORK_DONE after sending networks and associated filter
sets, otherwise local netyworks get withdrawn after config reload;
misbehaviour noticed by peter.galbavy@knowtion.net, claudio ok
revision
1.112/
(Download) -
annotate -
Wed, 02 Feb 2005 18:52:32 UTC by henning
Changes since
1.111:
+11 -10
(diff)
usage() is __dead
pt out by Alexander v Gernler
revision
1.111/
(Download) -
annotate -
Tue, 23 Nov 2004 13:07:01 UTC by claudio
Changes since
1.110:
+30 -2
(diff)
Switch from a single filter_set to a linked list of sets. With this change
it is possible to specify multiple communities. This is also the first step
to better bgpd filters. OK henning@
revision
1.110/
(Download) -
annotate -
Tue, 19 Oct 2004 12:02:49 UTC by henning
Changes since
1.109:
+9 -1
(diff)
allow neighbor definitions to depend on interface state.
with this, if a neighbor is configured as dependent on carp0 for example,
the neighbor will remain in state IDLE as long as carp0 is not master.
once carp0 becomes master the session(s) depending on it immediately
go to CONNECT (or ACTIVE, if they're configured passive), reducing failover
time. claudio ok, with some input from ryan as well
revision
1.109/
(Download) -
annotate -
Thu, 23 Sep 2004 01:55:05 UTC by henning
Changes since
1.108:
+7 -3
(diff)
after receival of a SIGCHLD reset io_pid or rde_pid, respectively, dependent
on which child went away.
revision
1.108/
(Download) -
annotate -
Thu, 16 Sep 2004 17:36:29 UTC by henning
Changes since
1.107:
+11 -11
(diff)
imsg API cleanup:
-kill imsg_compose_pid, imsg_compose_fdpass and imsg_create_pid
-extend the original imsg_compose/_create API to take pid & fd too
-make imsg_compose do imsg_create + imsg_add + imsg_close instead of
duplicating the code
-adjust all callers to the new API
ok claudio
revision
1.107/
(Download) -
annotate -
Thu, 16 Sep 2004 00:25:12 UTC by henning
Changes since
1.106:
+37 -29
(diff)
malloc the imsg buffers instead of having them staticly, suggested by
micskye some time ago
revision
1.106/
(Download) -
annotate -
Wed, 15 Sep 2004 18:30:42 UTC by otto
Changes since
1.105:
+4 -4
(diff)
if (signalflag) { dowork(); signalflag = 0; } is a race. First clear flag,
then call work(). ok henning@
revision
1.105/
(Download) -
annotate -
Tue, 24 Aug 2004 11:43:16 UTC by henning
OpenBSD release(s): 36
Changes since
1.104:
+7 -10
(diff)
use session_socket_blockmode() instead of hand-rolling roughly the same
claudio ok
revision
1.104/
(Download) -
annotate -
Thu, 05 Aug 2004 21:01:38 UTC by claudio
Changes since
1.103:
+3 -3
(diff)
The peer_l is not needed in the rde but still allocated, free them and
save 1k per peer. OK henning@
revision
1.103/
(Download) -
annotate -
Tue, 03 Aug 2004 13:43:29 UTC by claudio
Changes since
1.102:
+2 -1
(diff)
Fix mem-leak on exit. OK henning@
revision
1.102/
(Download) -
annotate -
Wed, 28 Jul 2004 16:00:02 UTC by claudio
Changes since
1.101:
+5 -17
(diff)
The hole dance to close a mrt file after fd passing in the parent is not
needed as the fd is closed while beeing passed. looks good henning@
revision
1.101/
(Download) -
annotate -
Mon, 05 Jul 2004 02:13:43 UTC by henning
Changes since
1.100:
+2 -2
(diff)
fix a few KNF fallouts
revision
1.100/
(Download) -
annotate -
Sun, 04 Jul 2004 03:51:31 UTC by henning
Changes since
1.99:
+4 -3
(diff)
2 more file descriptors for each RDE and SE inherited from the parent
we should close
revision
1.99/
(Download) -
annotate -
Sun, 04 Jul 2004 03:37:03 UTC by henning
Changes since
1.98:
+2 -1
(diff)
when getting rid of the listen_addr TAILQ after forking actually close
the file descriptors in RDE and parent process, not needed or used there
revision
1.98/
(Download) -
annotate -
Sat, 03 Jul 2004 17:19:59 UTC by claudio
Changes since
1.97:
+24 -21
(diff)
Switch mrt dumping to fd passing. This gives some speed up when extensive
dumping is done. Acctually mrt dumps were broken because of the fd passing.
The nice side effect is a much cleaner code, especially in the parent process.
OK henning@
revision
1.97/
(Download) -
annotate -
Sun, 20 Jun 2004 18:35:11 UTC by henning
Changes since
1.96:
+5 -5
(diff)
at least somewhat consistently name the TAILQ_ENTRYs... this confused me
more than once
revision
1.96/
(Download) -
annotate -
Sun, 20 Jun 2004 17:49:46 UTC by henning
Changes since
1.95:
+12 -8
(diff)
implement file descriptor passing in the imsg/msgbuf framework, and use
it to let the main process to prepare new listening sockets (socket() and
bind()) on behalf of the session engine, which of course cannot bind() to
ports < 1024 any more once it dropped privileges. with some help from theo,
claudio ok
revision
1.95/
(Download) -
annotate -
Sun, 06 Jun 2004 17:38:10 UTC by henning
Changes since
1.94:
+18 -1
(diff)
rework bgpd's handling of listening sockets. instead of one for each
supported address familiy, keep a tailq of an arbitary number of them.
the new struct listen_addr contains the sockaddr and the fd.
this fixes quite some nasty behaviour which was a consequence of the previous
model.
looks right deraadt@, and discussed with claudio
revision
1.94/
(Download) -
annotate -
Fri, 21 May 2004 11:48:56 UTC by claudio
Changes since
1.93:
+2 -2
(diff)
Add support for dynamic announcements. Usefule to annouce temporary
blackhole routes or to make network announcements dependent on a external
state (e.g. for carp setups) OK henning@
revision
1.93/
(Download) -
annotate -
Fri, 07 May 2004 10:06:15 UTC by djm
Changes since
1.92:
+33 -1
(diff)
add a filter option to dump prefixes learned in UPDATEs into a PF table,
intended for building realtime BGP blacklists (e.g. with spamd);
ok claudio & henning
revision
1.92/
(Download) -
annotate -
Mon, 03 May 2004 04:44:41 UTC by henning
Changes since
1.91:
+3 -2
(diff)
little KNF issue
revision
1.91/
(Download) -
annotate -
Thu, 29 Apr 2004 19:56:04 UTC by deraadt
Changes since
1.90:
+3 -3
(diff)
sock -> fd; ok henning
revision
1.90/
(Download) -
annotate -
Tue, 27 Apr 2004 04:38:12 UTC by deraadt
Changes since
1.89:
+5 -5
(diff)
crud stripping; henning ok
revision
1.89/
(Download) -
annotate -
Sun, 25 Apr 2004 17:34:39 UTC by claudio
Changes since
1.88:
+3 -8
(diff)
Remove the no longer needed configure stuff in RDE. The peer list needs no
longer to be synced between parent, SE and RDE. OK henning@
revision
1.88/
(Download) -
annotate -
Tue, 16 Mar 2004 12:06:43 UTC by henning
OpenBSD release(s): 35
Changes since
1.87:
+2 -6
(diff)
delay creating the control socket until after forking, but before chroot
(lives in /var/run, i. e. outside chroot) and privdrop.
claudio ok
revision
1.87/
(Download) -
annotate -
Fri, 12 Mar 2004 16:21:34 UTC by henning
Changes since
1.86:
+7 -5
(diff)
fix the "wait for child processes to terminate" code, and move it down a bit
millert ok
revision
1.86/
(Download) -
annotate -
Thu, 11 Mar 2004 14:22:22 UTC by claudio
Changes since
1.85:
+3 -2
(diff)
Shutdown the RDE cleanly on exit. Plug some memleaks. OK henning@
revision
1.85/
(Download) -
annotate -
Thu, 11 Mar 2004 13:35:05 UTC by claudio
Changes since
1.84:
+8 -4
(diff)
Free unneeded mrt lists in SE and on exit. OK henning@
revision
1.84/
(Download) -
annotate -
Wed, 10 Mar 2004 15:15:48 UTC by henning
Changes since
1.83:
+3 -2
(diff)
pass a pointer to the network list as well to session_main so we can free()
the members after fork
revision
1.83/
(Download) -
annotate -
Wed, 10 Mar 2004 14:45:24 UTC by henning
Changes since
1.82:
+2 -2
(diff)
pass a pointer to the filter rule list to session_main() so we can free()
the list entries and the head there after forking
revision
1.82/
(Download) -
annotate -
Wed, 10 Mar 2004 13:48:45 UTC by henning
Changes since
1.81:
+7 -2
(diff)
free peer list on exit, claudio ok
revision
1.81/
(Download) -
annotate -
Mon, 01 Mar 2004 16:53:48 UTC by claudio
Changes since
1.80:
+2 -2
(diff)
Arrrg. Not my day. Sync printconfig with parser here too.
revision
1.80/
(Download) -
annotate -
Thu, 19 Feb 2004 13:54:58 UTC by claudio
Changes since
1.79:
+3 -4
(diff)
Make the code more portable. Add some missing header files and make the use
of the queue(3) makros more portable. OK henning@ some time ago.
revision
1.79/
(Download) -
annotate -
Mon, 09 Feb 2004 23:16:46 UTC by henning
Changes since
1.78:
+2 -4
(diff)
print networks too
revision
1.78/
(Download) -
annotate -
Mon, 09 Feb 2004 23:10:04 UTC by henning
Changes since
1.77:
+2 -3
(diff)
drain the list fluffier
revision
1.77/
(Download) -
annotate -
Mon, 09 Feb 2004 01:38:55 UTC by henning
Changes since
1.76:
+2 -3
(diff)
print more fluff
revision
1.76/
(Download) -
annotate -
Mon, 09 Feb 2004 00:00:41 UTC by henning
Changes since
1.75:
+6 -2
(diff)
move printing the config to where it belongs
revision
1.75/
(Download) -
annotate -
Sat, 07 Feb 2004 11:42:30 UTC by henning
Changes since
1.74:
+15 -9
(diff)
send filter rules to the RDE on reloads, help & ok claudio
revision
1.74/
(Download) -
annotate -
Fri, 06 Feb 2004 20:18:18 UTC by henning
Changes since
1.73:
+20 -6
(diff)
initial cut at the filtering language.
structs etc to describe a rule, filter rule list management
parser groks filter defs now.
claudio ok, discussion & help also jakob theo
revision
1.73/
(Download) -
annotate -
Tue, 03 Feb 2004 17:36:30 UTC by henning
Changes since
1.72:
+8 -14
(diff)
defer free()ing the previous peer list until after parsing the config file
so in the parser we can access it. will be needed soon.
revision
1.72/
(Download) -
annotate -
Fri, 23 Jan 2004 21:18:12 UTC by henning
Changes since
1.71:
+5 -8
(diff)
use log_addr
revision
1.71/
(Download) -
annotate -
Thu, 22 Jan 2004 20:34:55 UTC by henning
Changes since
1.70:
+21 -22
(diff)
use log_warnx and log_info. reclassify a few messages in the process and fix
a few messages.
ok claudio@
revision
1.70/
(Download) -
annotate -
Thu, 22 Jan 2004 03:18:03 UTC by henning
Changes since
1.69:
+6 -6
(diff)
s/log_err/log_warn/
it is like warn(3), nor err(3). so use a less confusing name.
revision
1.69/
(Download) -
annotate -
Tue, 20 Jan 2004 09:44:33 UTC by henning
Changes since
1.68:
+6 -1
(diff)
check early wether user _bgpd exists so we can bail out early and nicely
prodded by theo
revision
1.68/
(Download) -
annotate -
Sat, 17 Jan 2004 19:35:35 UTC by claudio
Changes since
1.67:
+32 -14
(diff)
Make it possible to announce own networks. In the RDE these prefixes are
attached to a pseudo peer and inserted like all other prefixes into the RIB.
OK henning@
revision
1.67/
(Download) -
annotate -
Sat, 17 Jan 2004 18:05:46 UTC by henning
Changes since
1.66:
+2 -1
(diff)
allow the interfaces as bgpd sees 'em to be queried via imsgs
revision
1.66/
(Download) -
annotate -
Sun, 11 Jan 2004 22:01:13 UTC by henning
Changes since
1.65:
+2 -5
(diff)
use bgpd_addr in the nexthop tree; change nexthop_add/_remove accordingly
ok claudio@
revision
1.65/
(Download) -
annotate -
Sun, 11 Jan 2004 21:32:56 UTC by henning
Changes since
1.64:
+16 -12
(diff)
in the nexthop imsgs use struct bgpd_addr for the data part instead of
in_addr_t
ok claudio@
revision
1.64/
(Download) -
annotate -
Sun, 11 Jan 2004 19:14:43 UTC by henning
Changes since
1.63:
+10 -6
(diff)
use struct bgpd_addr for nexthop and gateway in struct kroute_nexthop
(and thus the nexthop messages between parent and RDE)
ok claudio@
revision
1.63/
(Download) -
annotate -
Sun, 11 Jan 2004 02:35:13 UTC by henning
Changes since
1.62:
+2 -1
(diff)
new message IMSG_CTL_SHOW_NEXTHOP: request/send lost of BGP nexthops and
the result of their validity check
revision
1.62/
(Download) -
annotate -
Sun, 11 Jan 2004 01:00:07 UTC by claudio
Changes since
1.61:
+2 -2
(diff)
The buffer changes produced some fallout in the mrt code.
Wait until all data has been written out before closing the file and fix
some obvious misstakes. OK henning@
revision
1.61/
(Download) -
annotate -
Fri, 09 Jan 2004 19:08:50 UTC by henning
Changes since
1.60:
+3 -2
(diff)
for IMSG_CTL_KROUTEs allow matching based on flags,
add IMGS_CTL_KROUTE_ADDR to match the route for a given address
ok claudio@
revision
1.60/
(Download) -
annotate -
Fri, 09 Jan 2004 13:47:07 UTC by henning
Changes since
1.59:
+15 -1
(diff)
get us a stateful imsg relaying framework, and the first receiver,
IMSG_CTL_KROUTE, to have the kroute structs forming the fib sent to a
control socket.
ok claudio@
revision
1.59/
(Download) -
annotate -
Thu, 08 Jan 2004 16:17:12 UTC by henning
Changes since
1.58:
+10 -10
(diff)
rename a few functions to further clarify things
revision
1.58/
(Download) -
annotate -
Tue, 06 Jan 2004 03:43:50 UTC by henning
Changes since
1.57:
+2 -2
(diff)
2004
revision
1.57/
(Download) -
annotate -
Mon, 05 Jan 2004 22:57:59 UTC by claudio
Changes since
1.56:
+19 -58
(diff)
Big overhaul of the mrt code.
Dumping of incomming bgp messages is now possible and dumping the (not yet)
filtered updates works too. Per neighbor dumps are still missing.
OK henning@
revision
1.56/
(Download) -
annotate -
Mon, 05 Jan 2004 19:10:24 UTC by henning
Changes since
1.55:
+34 -2
(diff)
correctly handle SIGCHLD.
SIGCHLD does _not_ translate to "a child process went kaboom".
waitpid() and check status; if the child exited or terminated log & quit
ok claudio@
revision
1.55/
(Download) -
annotate -
Mon, 05 Jan 2004 18:21:51 UTC by henning
Changes since
1.54:
+4 -4
(diff)
waitpid's return is a pid_t
revision
1.54/
(Download) -
annotate -
Mon, 05 Jan 2004 16:21:14 UTC by henning
Changes since
1.53:
+13 -1
(diff)
allow fib couple/decouple based on an imsg received on the control socket
by the SE and passed on to the main process
revision
1.53/
(Download) -
annotate -
Sun, 04 Jan 2004 19:39:46 UTC by henning
Changes since
1.52:
+7 -1
(diff)
-new imsg CTL_RELOAD
-upong receival in the SE forward to parent
-make sending messages from SE to parent work for that (was not required before)
-parent reacts to that just like a SIGHUP, reread config file
revision
1.52/
(Download) -
annotate -
Sat, 03 Jan 2004 20:37:34 UTC by henning
Changes since
1.51:
+12 -11
(diff)
move some session specific stuff to session.h and make the few files
that need it include that
revision
1.51/
(Download) -
annotate -
Sat, 03 Jan 2004 20:22:07 UTC by henning
Changes since
1.50:
+21 -10
(diff)
decouple the peer list from bgpd_config.
so many parts of bgpd are not at all interested in the session specific peer
structs... allows for some further cleaning
revision
1.50/
(Download) -
annotate -
Sat, 03 Jan 2004 14:06:35 UTC by henning
Changes since
1.49:
+7 -2
(diff)
change imsg_read semantics so that the number of bytes read is returned.
that means that the callers can (and must) coope with closed connections
themselves, what is exactly the desired behaviour.
revision
1.49/
(Download) -
annotate -
Thu, 01 Jan 2004 23:46:47 UTC by henning
Changes since
1.48:
+7 -2
(diff)
listen on a AF_LOCAL socket for imsgs too.
only implemented type yet is IMSG_CTL_SHOW_NEIGHBOR which sends back
the struct peer for all neighbors.
will be used by bgpdctl
revision
1.48/
(Download) -
annotate -
Thu, 01 Jan 2004 23:09:08 UTC by henning
Changes since
1.47:
+9 -3
(diff)
now that imsg_get uses bigger buffers, one read call can put more than one
imsg into the buffer. since imsg_get by definition only returns one imsg we
missed the next imsg(s) until the next poll event on the socket in question,
building up a queue on that socket. didn't show up as a problem yet...
factor out imsg_read, which reads into the buffer. imsg_get now entirely
operates on the buffers and does not read(2) itself.
make all callers cope by calling imsg_read on poll events and calling
imsg_get in a loop until all imsgs are processed.
revision
1.47/
(Download) -
annotate -
Tue, 30 Dec 2003 22:42:31 UTC by henning
Changes since
1.46:
+3 -3
(diff)
correctly free after buf_add/_close errs.
From: Patrick Latifi <pat@eyeo.org>
revision
1.46/
(Download) -
annotate -
Tue, 30 Dec 2003 20:59:43 UTC by henning
Changes since
1.45:
+7 -3
(diff)
missing free()s in error cases that (now) lead to program termination
From: Patrick Latifi <pat@eyeo.org>
revision
1.45/
(Download) -
annotate -
Sat, 27 Dec 2003 14:58:22 UTC by henning
Changes since
1.44:
+1 -9
(diff)
move the fib couple/decouple to the config merge where it belongs
revision
1.44/
(Download) -
annotate -
Sat, 27 Dec 2003 14:24:42 UTC by henning
Changes since
1.43:
+7 -7
(diff)
keep a copy of the fd locally instead of passing it around all time
revision
1.43/
(Download) -
annotate -
Sat, 27 Dec 2003 01:31:49 UTC by henning
Changes since
1.42:
+10 -1
(diff)
on reconfigure, check wether the "no fib-update" statement presence/absence
changed.
if it is absent but was present before, call kroute_fib_couple
if it is present but was absent before, call kroute_fib_decouple
revision
1.42/
(Download) -
annotate -
Sat, 27 Dec 2003 00:53:51 UTC by henning
Changes since
1.41:
+2 -2
(diff)
implement "no fib-update" much cooler
revision
1.41/
(Download) -
annotate -
Fri, 26 Dec 2003 21:40:40 UTC by henning
Changes since
1.40:
+3 -3
(diff)
erm, oups, well, put back rde_pid and io_pid assignments that got lost
somehow...
revision
1.40/
(Download) -
annotate -
Fri, 26 Dec 2003 20:59:54 UTC by henning
Changes since
1.39:
+13 -4
(diff)
fix logging in send_nexthop_update
revision
1.39/
(Download) -
annotate -
Fri, 26 Dec 2003 18:33:11 UTC by henning
Changes since
1.38:
+23 -14
(diff)
let imsg_get and imsg_compose not fatal() but return errors upstream.
make the callers cope.
revision
1.38/
(Download) -
annotate -
Fri, 26 Dec 2003 18:07:32 UTC by henning
Changes since
1.37:
+7 -7
(diff)
when this project started and i added the fatal() function, I made it take
the error number as parameter instead of accessing errno, because in one
place the error number was not in errno but fetched from a socket.
now, of course it makes much more sense to just set errno to the error number
just fecthed in this one place instead of having hundreds of fatal() calls
all transfer the errno round and round and round...
fix this, and also provide a fatalx, which does not care for errno and doesn't
invoke strerror.
oh, btw, in the place where we fetch the err # from the socket, we don't
call fatal anymore anyway...
revision
1.37/
(Download) -
annotate -
Fri, 26 Dec 2003 17:47:04 UTC by henning
Changes since
1.36:
+5 -3
(diff)
by making kroute_dispatch_msg() and kroute_nexthop_add() return int instead
of void they can now report errors upstream and do not need to panic any
more. so do that and handle the errors in bgpd.c in the vein that we at least
can clean up before exit.
there are no direct fatal() call in kroute.c now any more, nor any in bgpd.c
after forking.
revision
1.36/
(Download) -
annotate -
Fri, 26 Dec 2003 17:15:09 UTC by henning
Changes since
1.35:
+45 -31
(diff)
overhaul error handling
try to handle as much as possbile in a graceful way so taht we don't leave
the kernel routing table full of our routes, for example.
revision
1.35/
(Download) -
annotate -
Fri, 26 Dec 2003 16:54:10 UTC by henning
Changes since
1.34:
+3 -2
(diff)
handle kroute_init failures nicer
revision
1.34/
(Download) -
annotate -
Fri, 26 Dec 2003 14:55:03 UTC by henning
Changes since
1.33:
+3 -3
(diff)
improve log message
revision
1.33/
(Download) -
annotate -
Fri, 26 Dec 2003 14:38:58 UTC by henning
Changes since
1.32:
+7 -1
(diff)
log nexthop status changes
revision
1.32/
(Download) -
annotate -
Fri, 26 Dec 2003 00:49:52 UTC by henning
Changes since
1.31:
+2 -3
(diff)
handle IMSG_NEXTHOP_DELETE as well
revision
1.31/
(Download) -
annotate -
Fri, 26 Dec 2003 00:27:23 UTC by henning
Changes since
1.30:
+2 -2
(diff)
kroute_nexthop_check -> kroute_nexthop_add
kroute_validate_nexthop -> kroute_nexthop_insert
revision
1.30/
(Download) -
annotate -
Fri, 26 Dec 2003 00:14:04 UTC by henning
Changes since
1.29:
+21 -1
(diff)
finally marry rde and kroute parts of the nexthop verification:
handle IMSG_NEXTHOP_ADD and send IMSG_NEXTHOP_UPDATE when appropriate
revision
1.29/
(Download) -
annotate -
Thu, 25 Dec 2003 17:07:24 UTC by henning
Changes since
1.28:
+11 -3
(diff)
track routing table changes that are _not_ caused by bgpd itself
ok claudio@
revision
1.28/
(Download) -
annotate -
Thu, 25 Dec 2003 02:24:26 UTC by henning
Changes since
1.27:
+2 -7
(diff)
kill IMSG_KROUTE_ADD as well. just send KROUTE_CHANGE requests.
revision
1.27/
(Download) -
annotate -
Thu, 25 Dec 2003 02:09:19 UTC by henning
Changes since
1.26:
+3 -3
(diff)
it actually makes more sense to call the merged function kroute_change
revision
1.26/
(Download) -
annotate -
Thu, 25 Dec 2003 02:04:46 UTC by henning
Changes since
1.25:
+2 -2
(diff)
kroute_change is obsolete, long live kroute_add
revision
1.25/
(Download) -
annotate -
Wed, 24 Dec 2003 20:09:56 UTC by henning
Changes since
1.24:
+3 -22
(diff)
now that the main process can cleanup without RDE's help, we do not need the
somewhat fragile IMSG_SHUTDOWN_* stuff any more. speeds shutdown up
enourmously.
ok claudio@
revision
1.24/
(Download) -
annotate -
Wed, 24 Dec 2003 19:59:24 UTC by henning
Changes since
1.23:
+3 -1
(diff)
now that we keep track of the routes we added to the kernel we can remove
them easily on shutdown without the RDE's help
revision
1.23/
(Download) -
annotate -
Wed, 24 Dec 2003 19:22:00 UTC by henning
Changes since
1.22:
+4 -4
(diff)
slightly more helpfull error msgs
revision
1.22/
(Download) -
annotate -
Wed, 24 Dec 2003 13:28:01 UTC by henning
Changes since
1.21:
+5 -5
(diff)
handle write() returning 0 correctly, adjust the msgbuf API appropriately,
and make all callers cope.
revision
1.21/
(Download) -
annotate -
Tue, 23 Dec 2003 19:14:49 UTC by deraadt
Changes since
1.20:
+2 -2
(diff)
spacing
revision
1.20/
(Download) -
annotate -
Tue, 23 Dec 2003 18:28:05 UTC by henning
Changes since
1.19:
+22 -3
(diff)
send shutdown requests to the child processes and wait for a ackmessage from
them when shutting down.
the rde needs the main process to clean up the routing table on exit so the
parent process needs to be in service until the RDE is done.
ok claudio@
revision
1.19/
(Download) -
annotate -
Mon, 22 Dec 2003 21:48:23 UTC by henning
Changes since
1.18:
+8 -8
(diff)
delay setting up the signal handlers in the main process until after fork(),
pointed out by theo
revision
1.18/
(Download) -
annotate -
Mon, 22 Dec 2003 15:22:13 UTC by henning
Changes since
1.17:
+20 -1
(diff)
o add low-level functions for adding/chaining/removing kernel routes
o define new imsg types for this
o process these imsgs in the parent process
now "only" debugging and the rde sending these messages is missing.
ok claudio@
revision
1.17/
(Download) -
annotate -
Mon, 22 Dec 2003 15:11:45 UTC by henning
Changes since
1.16:
+5 -5
(diff)
uid check later; configtest is useful as non-root
revision
1.16/
(Download) -
annotate -
Mon, 22 Dec 2003 15:07:05 UTC by henning
Changes since
1.15:
+11 -3
(diff)
add a configtest mode
revision
1.15/
(Download) -
annotate -
Mon, 22 Dec 2003 11:11:25 UTC by miod
Changes since
1.14:
+1 -3
(diff)
No need to setup a signal handler for SIGKILL as you can't catch it anyway.
revision
1.14/
(Download) -
annotate -
Mon, 22 Dec 2003 11:04:12 UTC by henning
Changes since
1.13:
+2 -2
(diff)
in the same vein we can plain errx() if the geteuid check fails.
revision
1.13/
(Download) -
annotate -
Mon, 22 Dec 2003 11:00:19 UTC by henning
Changes since
1.12:
+2 -2
(diff)
when starting up and the configuration has errors, do not call fatal().
plain exit() is enough. we have not yet forked and an error message is already
printed by the parser.
inspired by a theo request
revision
1.12/
(Download) -
annotate -
Sun, 21 Dec 2003 23:28:39 UTC by henning
Changes since
1.11:
+2 -2
(diff)
rename get_imsg() to imsg_get(); that's more consistent
revision
1.11/
(Download) -
annotate -
Sun, 21 Dec 2003 23:26:37 UTC by henning
Changes since
1.10:
+26 -31
(diff)
wrap read & write buffers for imsgs into a struct.
finally gives us read buffers per pipe instead of per process, eleminating
a possible race.
also gets us a real imsg_init() that does all the boring init work
revision
1.10/
(Download) -
annotate -
Sun, 21 Dec 2003 22:16:53 UTC by henning
Changes since
1.9:
+45 -56
(diff)
overhaul the write buffering code.
introduce msgbuf API and bundle all info needed for the write buffers in a
struct msgbuf.
also switch to a write queue per handled connection (each bgp session, each
pipe) instead of one big one.
fixes some subtle problems and is overall nicer.
ok claudio@
revision
1.9/
(Download) -
annotate -
Sun, 21 Dec 2003 18:18:21 UTC by henning
Changes since
1.8:
+7 -7
(diff)
use pipe(2)s instead of socketpair(2)s.
suggested by tedu@ for a performance gain, ok claudio@
revision
1.8/
(Download) -
annotate -
Sat, 20 Dec 2003 21:26:48 UTC by henning
Changes since
1.7:
+5 -5
(diff)
more from the castathon; imsg_compose takes void * now so get rid of the casts
revision
1.7/
(Download) -
annotate -
Sat, 20 Dec 2003 20:53:30 UTC by henning
Changes since
1.6:
+2 -1
(diff)
few missing break; in default: cases in switch; one noticed by tedu@
revision
1.6/
(Download) -
annotate -
Sat, 20 Dec 2003 19:17:51 UTC by deraadt
Changes since
1.5:
+4 -4
(diff)
spacing
revision
1.5/
(Download) -
annotate -
Sat, 20 Dec 2003 18:50:40 UTC by henning
Changes since
1.4:
+6 -1
(diff)
parent: waitpid() for the child processes on exit
revision
1.4/
(Download) -
annotate -
Sat, 20 Dec 2003 18:32:22 UTC by henning
Changes since
1.3:
+2 -1
(diff)
keep track which process we are so fatal() can log in which proc the
condition happened. fatal()s from subsystems used by all 3 processes like
the imsg subsystem were hard to track down without knowing in which process
the condition happened.
revision
1.3/
(Download) -
annotate -
Sat, 20 Dec 2003 14:33:09 UTC by henning
Changes since
1.2:
+2 -2
(diff)
read(2)/write(2) return ssize_t, not size_t
revision
1.2/
(Download) -
annotate -
Wed, 17 Dec 2003 19:26:26 UTC by henning
Changes since
1.1:
+17 -11
(diff)
send reconf requests to the RDE as well and handle them there; syncing peer
data with RIB missing
use same message in RDE and SE for consistency
revision
1.1/
(Download) -
annotate -
Wed, 17 Dec 2003 11:46:54 UTC by henning
welcome, bgpd
started by me some time ago with moral support from theo, the proceeded up to
the point where the session engine worked correctly. claudio jeker joined
then and did a lot of work in the RDE.
it is not particulary usefull as application right now as parts are still
missing but is imported to enable more people to work on it.
status:
BGP sessions get established fine, OPEN messages and then KEEPALIVEs
exchanged etc. session FSM works fine; NOTIFICATIONs are handled fine, and
all connection drops etc I provoked get handled fine.
Incoming UPDATE messgages are parsed well and the data entered to the RIB,
the decision process is not yet there, neither is outgoing UPDATEs or sync
to the kernel routing table.
not connected to the builds yet.
