#
f7421e07 |
| 15-May-2024 |
job <job@openbsd.org> |
Mark RTR and IPv6 BGP packets with DSCP CS6 (network control)
Additionally, set TCP_NODELAY on the RTR socket, there is no need to queue up messages towards the RTR server.
OK claudio@
|
#
bb1a6d1a |
| 09-Apr-2024 |
claudio <claudio@openbsd.org> |
Check that the ASPA tas array fits in an IMSG before sending the ASPA record over to RTR or the RDE.
The long term goal is to increase the IMSG size considerably but that requires some additional AP
Check that the ASPA tas array fits in an IMSG before sending the ASPA record over to RTR or the RDE.
The long term goal is to increase the IMSG size considerably but that requires some additional API changes to the imsg API. OK tb@
show more ...
|
#
be25e90d |
| 09-Jan-2024 |
claudio <claudio@openbsd.org> |
Convert the parent process imsg handling over to the new imsg API.
This simplifies the code a fair bit and removes direct unchecked memory access to imsg.data. OK tb@
|
#
ee9b0250 |
| 04-Jan-2024 |
claudio <claudio@openbsd.org> |
Rename argument roa of imsg_send_sockets() to rtr since the imsgbuf is for PROC_RTR.
|
#
d1ee0d19 |
| 07-Nov-2023 |
claudio <claudio@openbsd.org> |
Rename struct imsgbuf *ibuf to *imsgbuf in all places. ibuf should be reserved for struct ibuf * values. OK tb@
|
#
c0c9c169 |
| 16-Aug-2023 |
claudio <claudio@openbsd.org> |
Remove per-AFI ASPA handling in bgpd internals
With draft-ietf-sidrops-aspa-profile-16 and draft-ietf-sidrops-aspa-verification-15 the AFI dependence of ASPA records was dropped. So remove this comp
Remove per-AFI ASPA handling in bgpd internals
With draft-ietf-sidrops-aspa-profile-16 and draft-ietf-sidrops-aspa-verification-15 the AFI dependence of ASPA records was dropped. So remove this complication form the code.
This only removes the AFI handling internally in bgpd but still allows the old syntax in aspa-set tables. The optional address family is just ignored and records are merged together.
For RTR sessions draft-ietf-sidrops-8210bis has not yet been updated so right now we still handle RTR sessions as specified there. The IPv4 and IPv6 ASPA entries are handled in two trees and merged together into one AFI independent tree. This is the best we can do for now until IETF updates draft-ietf-sidrops-8210bis.
OK tb@ job@
show more ...
|
#
9ed3e6d0 |
| 19-Apr-2023 |
claudio <claudio@openbsd.org> |
Implement code to pass the flowspec config over to the RDE. The parent process tracks which prefixes are added / removed and issues the corresponding imsg calls. Right now the RDE does nothing with t
Implement code to pass the flowspec config over to the RDE. The parent process tracks which prefixes are added / removed and issues the corresponding imsg calls. Right now the RDE does nothing with the received information. OK tb@
show more ...
|
#
fd932e23 |
| 14-Feb-2023 |
claudio <claudio@openbsd.org> |
No longer wait for the RTR process to finish the config reload before sending the IMSG_RECONF_DONE message to the RDE. The RDE does not depend on the RTR config reload (in contrast to the SE). The RO
No longer wait for the RTR process to finish the config reload before sending the IMSG_RECONF_DONE message to the RDE. The RDE does not depend on the RTR config reload (in contrast to the SE). The ROA / ASPA reload is async from the RDE config reload. OK tb@
show more ...
|
#
81f73015 |
| 20-Jan-2023 |
claudio <claudio@openbsd.org> |
comma space not space comma
|
#
ff84f55e |
| 18-Nov-2022 |
claudio <claudio@openbsd.org> |
Add plumbing for ASPA support. This implements the parser and part of the logic in the rtr process. It does not implement the new RTR messages yet but it is possible to specify an aspa-set in the con
Add plumbing for ASPA support. This implements the parser and part of the logic in the rtr process. It does not implement the new RTR messages yet but it is possible to specify an aspa-set in the config. Also the validation code in the RDE is missing so this does not do anything. With this in it will be possible to extend rpki-client to publish an aspa-set as part of the openbgpd config file. OK tb@
show more ...
|
#
eafe309e |
| 17-Aug-2022 |
claudio <claudio@openbsd.org> |
Convert bzero() to memset(), bcmp() to memcmp() and bcopy() to memcpy().
The memory regions passed to memcpy() can not overlap so no need for memmove(). OK tb@ deraadt@
|
#
57baab2a |
| 28-Jul-2022 |
deraadt <deraadt@openbsd.org> |
whitespace found during a read-thru; ok claudio
|
#
b3695291 |
| 23-Jul-2022 |
claudio <claudio@openbsd.org> |
Refactor and rename bgpd_filternexthop() to bgpd_oknexthop()
Simplify the logic and adjust kroute_match() which makes the code easier to understand. OK tb@
|
#
aae7fbb0 |
| 22-Jul-2022 |
claudio <claudio@openbsd.org> |
Revert previous commit. The RTP_MINE checks on struct kroute_full are not correct because kr_tofull() replaces RTP_MINE with the real priority. Noticed because of incorrect nexthop selection.
|
#
df2875e4 |
| 22-Jul-2022 |
claudio <claudio@openbsd.org> |
Retire the F_KERNEL flag, it got superseded by route priority and RTP_MINE.
Only problem is when route(8) is used to modify/delete a bgpd owned route. Exact behaviour for that is still a bit unclear
Retire the F_KERNEL flag, it got superseded by route priority and RTP_MINE.
Only problem is when route(8) is used to modify/delete a bgpd owned route. Exact behaviour for that is still a bit unclear but F_KERNEL does not help in this case either. In the kr_fib_delete/change remove F_BGPD_INSERTED in that case as a first step. OK tb@
show more ...
|
#
8bf72ef0 |
| 20-Jul-2022 |
claudio <claudio@openbsd.org> |
Cleanup and fix the network code.
- introduce network_free() to properly free a network struct including the possible rtlabel reference. - change expand_networks() and the reload code to not only
Cleanup and fix the network code.
- introduce network_free() to properly free a network struct including the possible rtlabel reference. - change expand_networks() and the reload code to not only expand the main network config but also the network configs inside L3VPN sections. - adjust reload logic to properly match any kind of network struct. Up until now rtlabel and priority network statememnts were not correctly reloaded. OK tb@
show more ...
|
#
0195298d |
| 23-Jun-2022 |
claudio <claudio@openbsd.org> |
Move struct kif from bgpd.h to kroute.c
The only user of struct kif was the session engine for the 'depend on' feature. Switch the imsg exchange to a new struct session_dependon and rename the IMSG
Move struct kif from bgpd.h to kroute.c
The only user of struct kif was the session engine for the 'depend on' feature. Switch the imsg exchange to a new struct session_dependon and rename the IMSG as well. OK tb@
show more ...
|
#
703f44cf |
| 22-Jun-2022 |
claudio <claudio@openbsd.org> |
Use struct kroute_full in bgpd_filternexthop() so this code becomes a lot simpler.
OK tb@
|
#
25bccace |
| 15-Jun-2022 |
claudio <claudio@openbsd.org> |
Rename F_BGPD_INSERTED to F_BGPD and use F_BGPD_INSERTED as a flag that indicates that the route was successfully added to the FIB.
Filter out dynamic routes, like it is already done for ARP and ND
Rename F_BGPD_INSERTED to F_BGPD and use F_BGPD_INSERTED as a flag that indicates that the route was successfully added to the FIB.
Filter out dynamic routes, like it is already done for ARP and ND routes) and kill F_DYNAMIC.
Also remove the protect_lo() bits. Adding dummy kroute entries does no longer prevent bad routes to hit the FIB. Also loopback IPs are checked in a few other places to prevent bad routes to be installed into the FIB.
OK tb@
show more ...
|
#
6ec75fbe |
| 09-Jun-2022 |
claudio <claudio@openbsd.org> |
Remove the rdomain / rtableid passed to some kroute functions.
kr_nexthop_add() and kr_nexthop_delete() only operate on the main table so just pass in the right rdomain id. kr_shutdown() and kr_disp
Remove the rdomain / rtableid passed to some kroute functions.
kr_nexthop_add() and kr_nexthop_delete() only operate on the main table so just pass in the right rdomain id. kr_shutdown() and kr_dispatch_msg() don't really need the rdomain passed. The was done for kif_remove(), since that function needs to remove connected routes from the rdomain table. Connected routes can only exists in the interfaces rdomain so just use kif->k.rdomain. If such routes exist that table exists as well. If the table does not exists there are also no connected routes to track. OK tb@
show more ...
|
#
859a8563 |
| 05-Jun-2022 |
claudio <claudio@openbsd.org> |
Rework how fib_priority is handled. Instead of passing it around all the time put the fib_priority into the kroute state. It is only needed in send_rtmsg() in the end. Additionally insert F_BGP_INSER
Rework how fib_priority is handled. Instead of passing it around all the time put the fib_priority into the kroute state. It is only needed in send_rtmsg() in the end. Additionally insert F_BGP_INSERTED routes with a special RTP_MINE priority. This makes changing the fib_priority at runtime simpler because there is no need to alter the kroute table anymore. OK tb@ deraadt@
show more ...
|
#
311b0850 |
| 02-Jun-2022 |
claudio <claudio@openbsd.org> |
Adjust some warning messages to be a bit more accurate. ktable_update() actually loads a routing table and not really an rdomain.
|
#
39386878 |
| 06-Feb-2022 |
claudio <claudio@openbsd.org> |
Switch from u_intX_t types to stdint.h uintX_t. Mostly mechanical with a few reindents. OK florian@ tb@
|
#
62af2417 |
| 23-Jan-2022 |
claudio <claudio@openbsd.org> |
On poll() failure we want to skip pollfd related action but the signal delivery checks at the end still need to happen. So that on EINTR bgpd processes reconfigure or mrt files ASAP. Fix for mrt inte
On poll() failure we want to skip pollfd related action but the signal delivery checks at the end still need to happen. So that on EINTR bgpd processes reconfigure or mrt files ASAP. Fix for mrt integration tests. Reported by and ok anton@
show more ...
|
#
468ac036 |
| 20-Jan-2022 |
claudio <claudio@openbsd.org> |
Make sure that all poll loops properly restart the poll loop on EINTR. Also either fail hard or restart after other errors. In anycase do not look at pollfds after an error. OK benno@
|