Improve some currently impossible error path in log_ext_subtype().
Mainly handle unknown ext-communities better and handle the special
case of type == -1.
OK tb@

Fix typo

Reported by Marco D'Itri

Introduce a ring buffer for log_sockaddr() this way log_addr() can be
used more then once in a log message (e.g. log_peer_warnx + log_addr.
OK henning@ sthen@

Rework the cease shutdown reason to work in both directions by looking
at the ibuf payload passed to log_notification().
Because of this move ibuf_get_string() and the log_notification() call
in pars

Rework the cease shutdown reason to work in both directions by looking
at the ibuf payload passed to log_notification().
Because of this move ibuf_get_string() and the log_notification() call
in parse_notification().
OK tb@

show more ...

Rework parse_notification() to use the ibuf API for everything.

While there fix the RFC5492 handling of ERR_OPEN_CAPA (the current code
has the logic inversed). ERR_OPEN_CAPA is there to signal that

Rework parse_notification() to use the ibuf API for everything.

While there fix the RFC5492 handling of ERR_OPEN_CAPA (the current code
has the logic inversed). ERR_OPEN_CAPA is there to signal that a needed
capability is missing in our OPEN message. Just add the handling of
ERR_OPEN_CAPA to log_notification().

Also rework the handling of the shutdown reason and move the printing
into log_notification().

OK tb@

show more ...

Cleanup AID handling.

- Loops over all valid AID should start with AID_MIN and go up to AID_MAX - 1
e.g. for (i = AID_MIN; i < AID_MAX; i++)
If for some reason AID_UNSPEC must be handled make t

Cleanup AID handling.

- Loops over all valid AID should start with AID_MIN and go up to AID_MAX - 1
e.g. for (i = AID_MIN; i < AID_MAX; i++)
If for some reason AID_UNSPEC must be handled make that explicit in the
for loop.

- aid2afi() now returns an error for AID_UNSPEC since there is no valid
AFI SAFI combo for AID_UNSPEC.

- Add additional checks for AID_MIN where currently only AID_MAX was checked.
This affects imsg for route refresh and graceful restart.

- Simplify add-path capability handling. Only the negotiated add_path capa
sets the flag for AID_UNSPEC to help code to quickly check if any add-path
is active.

OK tb@

show more ...

Workaround for gcc3 - the use of anonymous unions now makes it complain
when named initializers use fields within these anonymous unions.

Hopefully a short-term bandaid until the appropriate changes

Workaround for gcc3 - the use of anonymous unions now makes it complain
when named initializers use fields within these anonymous unions.

Hopefully a short-term bandaid until the appropriate changes are identified
and backported to gcc3.

ok claudio@

show more ...

aspath_inflate() can be called with an empty ASPATH.

In this case ibuf_size(in) is 0 and the ibuf_open() fails because
right now 0 sized ibufs are not allowed. Add + 1 to the size calculation
as a w

aspath_inflate() can be called with an empty ASPATH.

In this case ibuf_size(in) is 0 and the ibuf_open() fails because
right now 0 sized ibufs are not allowed. Add + 1 to the size calculation
as a workaround.
OK tb@

show more ...

Convert he ATTR_ASPATH and ATTR_AS4_PATH handlers in rde_attr_parse()
to new ibuf API.

Various aspath functions are modified to work better with ibufs.
aspath_inflate() now only works with ibufs and

Convert he ATTR_ASPATH and ATTR_AS4_PATH handlers in rde_attr_parse()
to new ibuf API.

Various aspath functions are modified to work better with ibufs.
aspath_inflate() now only works with ibufs and is a lot simpler.
aspath_verify() does all the checks using the ibuf api and therefor
most length checks can be skipped.
aspath_asprint() and the new internal aspath_strsize() and aspath_snprint()
are totally overhauled -- including some bugs that got squashed.
OK tb@

show more ...

Start converting the message parser to use the new ibuf api.

Rewrite rde_update_dispatch() to use ibufs. Because of this
rde_update_err(), rde_get_mp_nexthop(), nlri_get_prefix() and
friends are swi

Start converting the message parser to use the new ibuf api.

Rewrite rde_update_dispatch() to use ibufs. Because of this
rde_update_err(), rde_get_mp_nexthop(), nlri_get_prefix() and
friends are switched to use ibufs. For rde_attr_parse() a minimal
change was done for now.

OK tb@

show more ...

Implement log_roa() and log_aspa() and use these functions in printconf.c
OK tb@

Implement a basic API to work with flowspec NLRI.

Flowspec is excessivly flexible and large so there is no way to convert
the flowspec data into a struct bgpd_addr and it is better to keep it in
wir

Implement a basic API to work with flowspec NLRI.

Flowspec is excessivly flexible and large so there is no way to convert
the flowspec data into a struct bgpd_addr and it is better to keep it in
wireformat and add a few functions to validate and extract information
from the NLRI encoding.
OK tb@

show more ...

Add first step of flowspec support. This adds the bits to establish a
connection with SAFI 133. Right now any sent UPDATE with SAFI 133 is
simply ignored. At the moment SAFI 134 (flowspec for L3VPN)

Add first step of flowspec support. This adds the bits to establish a
connection with SAFI 133. Right now any sent UPDATE with SAFI 133 is
simply ignored. At the moment SAFI 134 (flowspec for L3VPN) is unsupported.
OK tb@

show more ...

Refactor extract_prefix() to first do the length checks and only then
copy the data out.
OK tb@

Add a per eBGP session role to the config.

This somewhat replaces the RFC 9234 open policy role. This is done because
ASPA requires the same role to be present to properly validate paths.
For iBGP s

Add a per eBGP session role to the config.

This somewhat replaces the RFC 9234 open policy role. This is done because
ASPA requires the same role to be present to properly validate paths.
For iBGP sessions the role is forced to ROLE_NONE. If no role is set on
an ebgp session then 'announce policy' is forced to 'no'.
Also make sure the the role capability is only added if the role is set.
OK tb@

show more ...

Fix nlri parsing of L3VPN prefixes in withdrawals.

L3VPN NLRI have different encoding for updates and withdraws. The withdraw
carries one dummy MPLS label that needs to be skipped. The code doing th

Fix nlri parsing of L3VPN prefixes in withdrawals.

L3VPN NLRI have different encoding for updates and withdraws. The withdraw
carries one dummy MPLS label that needs to be skipped. The code doing that
did adjust the lenght but did not skip the the label in the buffer and so
the parsed prefix was off by 3 bytes.
OK tb@

show more ...

Fix some spelling errors.
OK claudio@

Convert bzero() to memset(), bcmp() to memcmp() and bcopy() to memcpy().

The memory regions passed to memcpy() can not overlap so no need for memmove().
OK tb@ deraadt@

Do a minimal check that the passed in option is inside the ASPATH segment.
Check both for negative pos and for pos bigger or equal to the segment length
With and OK tb@

Unbreak tree: add log_policy() implementation missing from previous commit.

Use IN6_IS_ADDR_MC_NODELOCAL() instead of IN6_IS_ADDR_MC_INTFACELOCAL().
It seems that IN6_IS_ADDR_MC_NODELOCAL() is the official name of this
nightmare and therefor more portable.
OK tb@

Sync KAME hack in log_in6addr() with route/show.c

ok claudio

Implement a applymask() function that works on bgpd_addr structs.
Use this function in kroute so that kroute_find and kroute6_find can switch
to use struct bgpd_addr as argument.
OK tb@

Adapt the KAME hack in sa2addr() to be the same as in route/show.c
Also fix the function by moving the memcpy() after the embedded scope
has been removed.
OK tb@

Remove prefixlen2mask() uasge outside of util.c. Instead use inet4applymask().

Using inet4applymask() makes the code similar to the IPv6 version.
Also switch kroute{,6}_match() to use a struct bgpd_

Remove prefixlen2mask() uasge outside of util.c. Instead use inet4applymask().

Using inet4applymask() makes the code similar to the IPv6 version.
Also switch kroute{,6}_match() to use a struct bgpd_addr * as argument.
OK tb@

show more ...