Mark RTR and IPv6 BGP packets with DSCP CS6 (network control)

Additionally, set TCP_NODELAY on the RTR socket, there is no need to
queue up messages towards the RTR server.

OK claudio@

Check that the ASPA tas array fits in an IMSG before sending the ASPA
record over to RTR or the RDE.

The long term goal is to increase the IMSG size considerably but that
requires some additional AP

Check that the ASPA tas array fits in an IMSG before sending the ASPA
record over to RTR or the RDE.

The long term goal is to increase the IMSG size considerably but that
requires some additional API changes to the imsg API.
OK tb@

show more ...

Convert the parent process imsg handling over to the new imsg API.

This simplifies the code a fair bit and removes direct unchecked memory
access to imsg.data.
OK tb@

Rename argument roa of imsg_send_sockets() to rtr since the imsgbuf is
for PROC_RTR.

Rename struct imsgbuf *ibuf to *imsgbuf in all places.
ibuf should be reserved for struct ibuf * values.
OK tb@

Remove per-AFI ASPA handling in bgpd internals

With draft-ietf-sidrops-aspa-profile-16 and
draft-ietf-sidrops-aspa-verification-15 the AFI dependence of ASPA
records was dropped. So remove this comp

Remove per-AFI ASPA handling in bgpd internals

With draft-ietf-sidrops-aspa-profile-16 and
draft-ietf-sidrops-aspa-verification-15 the AFI dependence of ASPA
records was dropped. So remove this complication form the code.

This only removes the AFI handling internally in bgpd but still allows
the old syntax in aspa-set tables. The optional address family is just
ignored and records are merged together.

For RTR sessions draft-ietf-sidrops-8210bis has not yet been updated so
right now we still handle RTR sessions as specified there. The IPv4 and
IPv6 ASPA entries are handled in two trees and merged together into one
AFI independent tree. This is the best we can do for now until IETF
updates draft-ietf-sidrops-8210bis.

OK tb@ job@

show more ...

Implement code to pass the flowspec config over to the RDE. The parent
process tracks which prefixes are added / removed and issues the
corresponding imsg calls.
Right now the RDE does nothing with t

Implement code to pass the flowspec config over to the RDE. The parent
process tracks which prefixes are added / removed and issues the
corresponding imsg calls.
Right now the RDE does nothing with the received information.
OK tb@

show more ...

No longer wait for the RTR process to finish the config reload before
sending the IMSG_RECONF_DONE message to the RDE. The RDE does not depend
on the RTR config reload (in contrast to the SE).
The RO

No longer wait for the RTR process to finish the config reload before
sending the IMSG_RECONF_DONE message to the RDE. The RDE does not depend
on the RTR config reload (in contrast to the SE).
The ROA / ASPA reload is async from the RDE config reload.
OK tb@

show more ...

comma space not space comma

Add plumbing for ASPA support. This implements the parser and part of the
logic in the rtr process. It does not implement the new RTR messages yet
but it is possible to specify an aspa-set in the con

Add plumbing for ASPA support. This implements the parser and part of the
logic in the rtr process. It does not implement the new RTR messages yet
but it is possible to specify an aspa-set in the config. Also the validation
code in the RDE is missing so this does not do anything.
With this in it will be possible to extend rpki-client to publish an
aspa-set as part of the openbgpd config file.
OK tb@

show more ...

Convert bzero() to memset(), bcmp() to memcmp() and bcopy() to memcpy().

The memory regions passed to memcpy() can not overlap so no need for memmove().
OK tb@ deraadt@

whitespace found during a read-thru; ok claudio

Refactor and rename bgpd_filternexthop() to bgpd_oknexthop()

Simplify the logic and adjust kroute_match() which makes the code
easier to understand.
OK tb@

Revert previous commit. The RTP_MINE checks on struct kroute_full are
not correct because kr_tofull() replaces RTP_MINE with the real priority.
Noticed because of incorrect nexthop selection.

Retire the F_KERNEL flag, it got superseded by route priority and RTP_MINE.

Only problem is when route(8) is used to modify/delete a bgpd owned route.
Exact behaviour for that is still a bit unclear

Retire the F_KERNEL flag, it got superseded by route priority and RTP_MINE.

Only problem is when route(8) is used to modify/delete a bgpd owned route.
Exact behaviour for that is still a bit unclear but F_KERNEL does not help
in this case either. In the kr_fib_delete/change remove F_BGPD_INSERTED
in that case as a first step.
OK tb@

show more ...

Cleanup and fix the network code.

- introduce network_free() to properly free a network struct including
the possible rtlabel reference.
- change expand_networks() and the reload code to not only

Cleanup and fix the network code.

- introduce network_free() to properly free a network struct including
the possible rtlabel reference.
- change expand_networks() and the reload code to not only expand the
main network config but also the network configs inside L3VPN sections.
- adjust reload logic to properly match any kind of network struct.
Up until now rtlabel and priority network statememnts were not correctly
reloaded.
OK tb@

show more ...

Move struct kif from bgpd.h to kroute.c

The only user of struct kif was the session engine for the 'depend on'
feature. Switch the imsg exchange to a new struct session_dependon and
rename the IMSG

Move struct kif from bgpd.h to kroute.c

The only user of struct kif was the session engine for the 'depend on'
feature. Switch the imsg exchange to a new struct session_dependon and
rename the IMSG as well.
OK tb@

show more ...

Use struct kroute_full in bgpd_filternexthop() so this code becomes a lot
simpler.

OK tb@

Rename F_BGPD_INSERTED to F_BGPD and use F_BGPD_INSERTED as a flag that
indicates that the route was successfully added to the FIB.

Filter out dynamic routes, like it is already done for ARP and ND

Rename F_BGPD_INSERTED to F_BGPD and use F_BGPD_INSERTED as a flag that
indicates that the route was successfully added to the FIB.

Filter out dynamic routes, like it is already done for ARP and ND routes) and
kill F_DYNAMIC.

Also remove the protect_lo() bits. Adding dummy kroute entries does no longer
prevent bad routes to hit the FIB. Also loopback IPs are checked in a few
other places to prevent bad routes to be installed into the FIB.

OK tb@

show more ...

Remove the rdomain / rtableid passed to some kroute functions.

kr_nexthop_add() and kr_nexthop_delete() only operate on the main table
so just pass in the right rdomain id.
kr_shutdown() and kr_disp

Remove the rdomain / rtableid passed to some kroute functions.

kr_nexthop_add() and kr_nexthop_delete() only operate on the main table
so just pass in the right rdomain id.
kr_shutdown() and kr_dispatch_msg() don't really need the rdomain passed.
The was done for kif_remove(), since that function needs to remove connected
routes from the rdomain table. Connected routes can only exists in the
interfaces rdomain so just use kif->k.rdomain. If such routes exist that
table exists as well. If the table does not exists there are also no
connected routes to track.
OK tb@

show more ...

Rework how fib_priority is handled.
Instead of passing it around all the time put the fib_priority into the
kroute state. It is only needed in send_rtmsg() in the end.
Additionally insert F_BGP_INSER

Rework how fib_priority is handled.
Instead of passing it around all the time put the fib_priority into the
kroute state. It is only needed in send_rtmsg() in the end.
Additionally insert F_BGP_INSERTED routes with a special RTP_MINE priority.
This makes changing the fib_priority at runtime simpler because there
is no need to alter the kroute table anymore.
OK tb@ deraadt@

show more ...

Adjust some warning messages to be a bit more accurate. ktable_update()
actually loads a routing table and not really an rdomain.

Switch from u_intX_t types to stdint.h uintX_t. Mostly mechanical with
a few reindents.
OK florian@ tb@

On poll() failure we want to skip pollfd related action but the signal
delivery checks at the end still need to happen. So that on EINTR bgpd
processes reconfigure or mrt files ASAP.
Fix for mrt inte

On poll() failure we want to skip pollfd related action but the signal
delivery checks at the end still need to happen. So that on EINTR bgpd
processes reconfigure or mrt files ASAP.
Fix for mrt integration tests.
Reported by and ok anton@

show more ...

Make sure that all poll loops properly restart the poll loop on EINTR.
Also either fail hard or restart after other errors. In anycase do not
look at pollfds after an error.
OK benno@