#
623585da |
| 09-Apr-2024 |
claudio <claudio@openbsd.org> |
Increase RTR PDU limit to 48k and limit number of SPAS to 10'000.
PDU larger then 48k will result in a session reset while ASPA records with more than 10'000 entries will be implicitly withdrawn.
A
Increase RTR PDU limit to 48k and limit number of SPAS to 10'000.
PDU larger then 48k will result in a session reset while ASPA records with more than 10'000 entries will be implicitly withdrawn.
Also truncate RTR error PDUs to only include 256 bytes of the faulty PDU. It makes no sense to include more to identify the issue. OK tb@
show more ...
|
#
eff7ddaf |
| 22-Mar-2024 |
claudio <claudio@openbsd.org> |
Rework the cease shutdown reason to work in both directions by looking at the ibuf payload passed to log_notification(). Because of this move ibuf_get_string() and the log_notification() call in pars
Rework the cease shutdown reason to work in both directions by looking at the ibuf payload passed to log_notification(). Because of this move ibuf_get_string() and the log_notification() call in parse_notification(). OK tb@
show more ...
|
#
1f53ead5 |
| 23-Jan-2024 |
claudio <claudio@openbsd.org> |
KNF, space before EOL
|
#
a62144a2 |
| 15-Jan-2024 |
claudio <claudio@openbsd.org> |
A cache can send a 'NO_DATA_AVAILABLE' error during version negotiation so handle this case as well. This error triggers an RTR_EVNT_NO_DATA event that moves the session to RTR_STATE_ESTABLISHED (and
A cache can send a 'NO_DATA_AVAILABLE' error during version negotiation so handle this case as well. This error triggers an RTR_EVNT_NO_DATA event that moves the session to RTR_STATE_ESTABLISHED (and out of negotiation).
When there is no data available the session_id remains unset until data becomes available. So handle this case not only in rtr_parse_cache_response() but also in rtr_parse_notify().
RTR_EVNT_NO_DATA arms the RTR_EVNT_TIMER_RETRY timer. On expiry send a reset or serial query depending on the cache session state.
OK tb@
show more ...
|
#
047cb73c |
| 11-Jan-2024 |
claudio <claudio@openbsd.org> |
Clear the last errors after receiving a RTR_EVNT_END_OF_DATA event.
Once the cache is synced we can assume that the errors are no longer relevant. OK tb@
|
#
33c73471 |
| 11-Jan-2024 |
claudio <claudio@openbsd.org> |
Export the rtr session state as string. OK tb@
|
#
125ef3d5 |
| 11-Jan-2024 |
claudio <claudio@openbsd.org> |
Try to improve RTR version negotiation.
RFC8210 and especially draft-ietf-sidrops-8210bis are underspecified when it comes to inital version negotiation. The authors seem to have a very different vi
Try to improve RTR version negotiation.
RFC8210 and especially draft-ietf-sidrops-8210bis are underspecified when it comes to inital version negotiation. The authors seem to have a very different view on how this works compared to the various RTR cache implementations.
Reducing the version on any session close is a problem since it often leads to downgraded sessions where not needed. Instead require the server to send PDUs with their correct version (either a code 4 error, a cache response or cache reset pdu).
Extensively tested against various modes of StayRTR. Also tested against routinator which is currently not following the spec (https://github.com/NLnetLabs/routinator/issues/919) and breaks on unknown versions.
This is probably not the last change to make RTR version negotiation work but it is a step in the right direction.
OK tb@
show more ...
|
#
9dad7388 |
| 10-Jan-2024 |
claudio <claudio@openbsd.org> |
Improve rtr_send_error() so that there is no need to log_warnx() before.
Now rtr_send_error() supports a format string for the error message so use this fact to make the error report better.
OK tb@
|
#
0d6339a2 |
| 09-Jan-2024 |
claudio <claudio@openbsd.org> |
The End of Data PDU changed between v0 (RFC6810) and v1 (RFC8210).
Add struct rtr_endofdata_v0 and rtr_parse_end_of_data_v0() to handle this oddity. With this bgpd supports RFC6810 and RFC8210 and s
The End of Data PDU changed between v0 (RFC6810) and v1 (RFC8210).
Add struct rtr_endofdata_v0 and rtr_parse_end_of_data_v0() to handle this oddity. With this bgpd supports RFC6810 and RFC8210 and some form of draft-ietf-sidrops-8210bis
OK tb@
show more ...
|
#
964d6687 |
| 09-Jan-2024 |
claudio <claudio@openbsd.org> |
rtr_parse_notify() state check is special since we ignore the PDU when it arrives in a strange moment. The RFC is as helpful about this as one could expect. Still I botched the state check and later
rtr_parse_notify() state check is special since we ignore the PDU when it arrives in a strange moment. The RFC is as helpful about this as one could expect. Still I botched the state check and later added an rtr_send_error() call which made the previous worse. OK tb@
show more ...
|
#
4fa7a5b4 |
| 09-Jan-2024 |
claudio <claudio@openbsd.org> |
Be more consistent with RTR parse error reporting.
Stop calling rtr_send_error() after a parse error in rtr_process_msg(); instead move the calls into the parse functions. Use consistend and useful
Be more consistent with RTR parse error reporting.
Stop calling rtr_send_error() after a parse error in rtr_process_msg(); instead move the calls into the parse functions. Use consistend and useful error text to most rtr_send_error() calls. In parse header also check the minimal version for router key and ASPA pdus before checking their length.
OK tb@
show more ...
|
#
37149e4f |
| 08-Jan-2024 |
claudio <claudio@openbsd.org> |
Rework rtr_parse_header() and introduce rtr_check_session_id() to make the initial header parsing simpler. This also allows to simplify the version negotiation dance a bit. More is needed there. OK t
Rework rtr_parse_header() and introduce rtr_check_session_id() to make the initial header parsing simpler. This also allows to simplify the version negotiation dance a bit. More is needed there. OK tb@
show more ...
|
#
fba72c10 |
| 05-Jan-2024 |
claudio <claudio@openbsd.org> |
Improve rtr_send_error() logging and demote the FSM state changes from log_info to log_debug. OK tb@
|
#
b1793e8c |
| 04-Jan-2024 |
claudio <claudio@openbsd.org> |
Convert the RTR PDU parser to use the new ibuf API. Lenght / overflow checks are now handled by ibufs. OK tb@
|
#
0314fe8b |
| 03-Jan-2024 |
claudio <claudio@openbsd.org> |
Use "established" and "exchange" as RTR state names.
"idle" and "active" are used in the BGP FSM with different meaning which leads to confusion. When a RTR session is up the state is "established"
Use "established" and "exchange" as RTR state names.
"idle" and "active" are used in the BGP FSM with different meaning which leads to confusion. When a RTR session is up the state is "established" apart from the time when a new delta is loaded (between cache response and end of data PDU) the state is "exchange".
OK tb@
show more ...
|
#
929e486e |
| 27-Dec-2023 |
claudio <claudio@openbsd.org> |
Refactor rtr_parse_error() so that even a NO_DATA_AVAILABLE is logged as last error. So that bgpctl can show that there was no data available. OK tb@
|
#
a2488d3f |
| 19-Oct-2023 |
claudio <claudio@openbsd.org> |
While the ibuf_add calls should not fail the way they are used it is still better to check for error. OK tb@
|
#
de259131 |
| 19-Oct-2023 |
claudio <claudio@openbsd.org> |
Convert rtr_proto.c to use new ibuf API. More yak shaving required which will follow. OK tb@
|
#
c0c9c169 |
| 16-Aug-2023 |
claudio <claudio@openbsd.org> |
Remove per-AFI ASPA handling in bgpd internals
With draft-ietf-sidrops-aspa-profile-16 and draft-ietf-sidrops-aspa-verification-15 the AFI dependence of ASPA records was dropped. So remove this comp
Remove per-AFI ASPA handling in bgpd internals
With draft-ietf-sidrops-aspa-profile-16 and draft-ietf-sidrops-aspa-verification-15 the AFI dependence of ASPA records was dropped. So remove this complication form the code.
This only removes the AFI handling internally in bgpd but still allows the old syntax in aspa-set tables. The optional address family is just ignored and records are merged together.
For RTR sessions draft-ietf-sidrops-8210bis has not yet been updated so right now we still handle RTR sessions as specified there. The IPv4 and IPv6 ASPA entries are handled in two trees and merged together into one AFI independent tree. This is the best we can do for now until IETF updates draft-ietf-sidrops-8210bis.
OK tb@ job@
show more ...
|
#
dfd27b08 |
| 28-Mar-2023 |
claudio <claudio@openbsd.org> |
Introduce a semaphore to protect intermediate state from different RTR sessions to leak into the RDE via rtr_recalc. Only run rtr_recalc when the last or only RTR session is done with the update. Run
Introduce a semaphore to protect intermediate state from different RTR sessions to leak into the RDE via rtr_recalc. Only run rtr_recalc when the last or only RTR session is done with the update. Run a new timer along to ensure that the semaphore is not hold forever. The timeout is currently a very generous 60sec, no RTR cache should be that slow. OK tb@
show more ...
|
#
00164d10 |
| 17-Mar-2023 |
claudio <claudio@openbsd.org> |
Fix rtr_parse_aspa(), the spas array is actually not copied over into the rtr_aspa struct so access them directly from the buf using offset as the address of the first element. OK tb@
|
#
5a04dc7f |
| 11-Mar-2023 |
claudio <claudio@openbsd.org> |
Factor out the cache reset logic into rtr_reset_cache() and use it consitently in all places where the cache should be reset.
Additionally adjust the FSM to handle a connection close event in the pr
Factor out the cache reset logic into rtr_reset_cache() and use it consitently in all places where the cache should be reset.
Additionally adjust the FSM to handle a connection close event in the protocol negotiation phase as a protocol mismatch. Some caches fail to send an error PDU and this allows them to work. A drawback is that if the connection is closed because of a different reason the system will fall back to a lower then necessary version. The RFC and draft mandates this behaviour.
OK tb@
show more ...
|
#
83072fb6 |
| 09-Mar-2023 |
claudio <claudio@openbsd.org> |
Implement ASPA support in RTR by following draft-ietf-sidrops-8210bis-10.
In rtr.c renamed rtr_aspa_merge_set() to rtr_aspa_insert() and move it close to rtr_roa_insert(). In rtr_proto.c most comple
Implement ASPA support in RTR by following draft-ietf-sidrops-8210bis-10.
In rtr.c renamed rtr_aspa_merge_set() to rtr_aspa_insert() and move it close to rtr_roa_insert(). In rtr_proto.c most complexity comes from the version negotiation. The ASPA parser is reasonably streight forward. The version negotiation is fragile but that is mostly because of the protocol specification and the fact that RTR cache daemons sometimes fail to send errors. OK tb@
show more ...
|
#
d62638d7 |
| 02-Feb-2023 |
job <job@openbsd.org> |
Emit log messages in consistent format
|
#
2b195b86 |
| 01-Feb-2023 |
job <job@openbsd.org> |
Fix spelling
|