Increase RTR PDU limit to 48k and limit number of SPAS to 10'000.

PDU larger then 48k will result in a session reset while ASPA records
with more than 10'000 entries will be implicitly withdrawn.

A

Increase RTR PDU limit to 48k and limit number of SPAS to 10'000.

PDU larger then 48k will result in a session reset while ASPA records
with more than 10'000 entries will be implicitly withdrawn.

Also truncate RTR error PDUs to only include 256 bytes of the faulty PDU.
It makes no sense to include more to identify the issue.
OK tb@

show more ...

Rework the cease shutdown reason to work in both directions by looking
at the ibuf payload passed to log_notification().
Because of this move ibuf_get_string() and the log_notification() call
in pars

Rework the cease shutdown reason to work in both directions by looking
at the ibuf payload passed to log_notification().
Because of this move ibuf_get_string() and the log_notification() call
in parse_notification().
OK tb@

show more ...

KNF, space before EOL

A cache can send a 'NO_DATA_AVAILABLE' error during version negotiation
so handle this case as well. This error triggers an RTR_EVNT_NO_DATA
event that moves the session to RTR_STATE_ESTABLISHED (and

A cache can send a 'NO_DATA_AVAILABLE' error during version negotiation
so handle this case as well. This error triggers an RTR_EVNT_NO_DATA
event that moves the session to RTR_STATE_ESTABLISHED (and out of negotiation).

When there is no data available the session_id remains unset until data
becomes available. So handle this case not only in rtr_parse_cache_response()
but also in rtr_parse_notify().

RTR_EVNT_NO_DATA arms the RTR_EVNT_TIMER_RETRY timer. On expiry send a
reset or serial query depending on the cache session state.

OK tb@

show more ...

Clear the last errors after receiving a RTR_EVNT_END_OF_DATA event.

Once the cache is synced we can assume that the errors are no longer
relevant.
OK tb@

Export the rtr session state as string.
OK tb@

Try to improve RTR version negotiation.

RFC8210 and especially draft-ietf-sidrops-8210bis are underspecified when
it comes to inital version negotiation. The authors seem to have a very
different vi

Try to improve RTR version negotiation.

RFC8210 and especially draft-ietf-sidrops-8210bis are underspecified when
it comes to inital version negotiation. The authors seem to have a very
different view on how this works compared to the various RTR cache
implementations.

Reducing the version on any session close is a problem since it often leads
to downgraded sessions where not needed. Instead require the server to send
PDUs with their correct version (either a code 4 error, a cache response
or cache reset pdu).

Extensively tested against various modes of StayRTR.
Also tested against routinator which is currently not following the spec
(https://github.com/NLnetLabs/routinator/issues/919) and breaks on unknown
versions.

This is probably not the last change to make RTR version negotiation work
but it is a step in the right direction.

OK tb@

show more ...

Improve rtr_send_error() so that there is no need to log_warnx() before.

Now rtr_send_error() supports a format string for the error message so
use this fact to make the error report better.

OK tb@

The End of Data PDU changed between v0 (RFC6810) and v1 (RFC8210).

Add struct rtr_endofdata_v0 and rtr_parse_end_of_data_v0() to handle this
oddity. With this bgpd supports RFC6810 and RFC8210 and s

The End of Data PDU changed between v0 (RFC6810) and v1 (RFC8210).

Add struct rtr_endofdata_v0 and rtr_parse_end_of_data_v0() to handle this
oddity. With this bgpd supports RFC6810 and RFC8210 and some form of
draft-ietf-sidrops-8210bis

OK tb@

show more ...

rtr_parse_notify() state check is special since we ignore the PDU when
it arrives in a strange moment. The RFC is as helpful about this as one
could expect. Still I botched the state check and later

rtr_parse_notify() state check is special since we ignore the PDU when
it arrives in a strange moment. The RFC is as helpful about this as one
could expect. Still I botched the state check and later added an
rtr_send_error() call which made the previous worse.
OK tb@

show more ...

Be more consistent with RTR parse error reporting.

Stop calling rtr_send_error() after a parse error in rtr_process_msg();
instead move the calls into the parse functions.
Use consistend and useful

Be more consistent with RTR parse error reporting.

Stop calling rtr_send_error() after a parse error in rtr_process_msg();
instead move the calls into the parse functions.
Use consistend and useful error text to most rtr_send_error() calls.
In parse header also check the minimal version for router key and ASPA pdus
before checking their length.

OK tb@

show more ...

Rework rtr_parse_header() and introduce rtr_check_session_id() to make
the initial header parsing simpler.
This also allows to simplify the version negotiation dance a bit. More
is needed there.
OK t

Rework rtr_parse_header() and introduce rtr_check_session_id() to make
the initial header parsing simpler.
This also allows to simplify the version negotiation dance a bit. More
is needed there.
OK tb@

show more ...

Improve rtr_send_error() logging and demote the FSM state changes from
log_info to log_debug.
OK tb@

Convert the RTR PDU parser to use the new ibuf API.
Lenght / overflow checks are now handled by ibufs.
OK tb@

Use "established" and "exchange" as RTR state names.

"idle" and "active" are used in the BGP FSM with different meaning which
leads to confusion. When a RTR session is up the state is "established"

Use "established" and "exchange" as RTR state names.

"idle" and "active" are used in the BGP FSM with different meaning which
leads to confusion. When a RTR session is up the state is "established"
apart from the time when a new delta is loaded (between cache response and
end of data PDU) the state is "exchange".

OK tb@

show more ...

Refactor rtr_parse_error() so that even a NO_DATA_AVAILABLE is logged
as last error. So that bgpctl can show that there was no data available.
OK tb@

While the ibuf_add calls should not fail the way they are used it
is still better to check for error.
OK tb@

Convert rtr_proto.c to use new ibuf API.
More yak shaving required which will follow.
OK tb@

Remove per-AFI ASPA handling in bgpd internals

With draft-ietf-sidrops-aspa-profile-16 and
draft-ietf-sidrops-aspa-verification-15 the AFI dependence of ASPA
records was dropped. So remove this comp

Remove per-AFI ASPA handling in bgpd internals

With draft-ietf-sidrops-aspa-profile-16 and
draft-ietf-sidrops-aspa-verification-15 the AFI dependence of ASPA
records was dropped. So remove this complication form the code.

This only removes the AFI handling internally in bgpd but still allows
the old syntax in aspa-set tables. The optional address family is just
ignored and records are merged together.

For RTR sessions draft-ietf-sidrops-8210bis has not yet been updated so
right now we still handle RTR sessions as specified there. The IPv4 and
IPv6 ASPA entries are handled in two trees and merged together into one
AFI independent tree. This is the best we can do for now until IETF
updates draft-ietf-sidrops-8210bis.

OK tb@ job@

show more ...

Introduce a semaphore to protect intermediate state from different RTR
sessions to leak into the RDE via rtr_recalc. Only run rtr_recalc when
the last or only RTR session is done with the update. Run

Introduce a semaphore to protect intermediate state from different RTR
sessions to leak into the RDE via rtr_recalc. Only run rtr_recalc when
the last or only RTR session is done with the update. Run a new timer
along to ensure that the semaphore is not hold forever. The timeout
is currently a very generous 60sec, no RTR cache should be that slow.
OK tb@

show more ...

Fix rtr_parse_aspa(), the spas array is actually not copied over into
the rtr_aspa struct so access them directly from the buf using offset
as the address of the first element.
OK tb@

Factor out the cache reset logic into rtr_reset_cache() and use it
consitently in all places where the cache should be reset.

Additionally adjust the FSM to handle a connection close event in the
pr

Factor out the cache reset logic into rtr_reset_cache() and use it
consitently in all places where the cache should be reset.

Additionally adjust the FSM to handle a connection close event in the
protocol negotiation phase as a protocol mismatch. Some caches fail
to send an error PDU and this allows them to work. A drawback is that
if the connection is closed because of a different reason the system
will fall back to a lower then necessary version. The RFC and draft
mandates this behaviour.

OK tb@

show more ...

Implement ASPA support in RTR by following draft-ietf-sidrops-8210bis-10.

In rtr.c renamed rtr_aspa_merge_set() to rtr_aspa_insert() and move it
close to rtr_roa_insert().
In rtr_proto.c most comple

Implement ASPA support in RTR by following draft-ietf-sidrops-8210bis-10.

In rtr.c renamed rtr_aspa_merge_set() to rtr_aspa_insert() and move it
close to rtr_roa_insert().
In rtr_proto.c most complexity comes from the version negotiation. The
ASPA parser is reasonably streight forward. The version negotiation is
fragile but that is mostly because of the protocol specification and the
fact that RTR cache daemons sometimes fail to send errors.
OK tb@

show more ...

Emit log messages in consistent format

Fix spelling