First of all warn that a prefix was dropped. In the generate an update
code handle possible overflows of attributes and NLRI and withdraw the
affected prefix. This way the peer will not have stale data.
OK tb@
Calling malloc / reallocarray with a 0 size is not portable and the
memcpy with a possible NULL pointer as source and 0 len is seen as UB
by newer C standards (grmbl).
OK tb@
An announce PDU requires at least one provider ASnum while a withdraw
must not include any provider ASnums. The first is mandated by the ASPA
profile and the 2nd by the 8210bis draft.
Further cleanup some leftovers from the old per-AFI split of ASPA.
OK tb@
to be rechecked when a BGP route is added (or changed).
We need to revalidate nexthops on inserts (kroute_insert) and
on change (krX_change but only for AID_INET and AID_INET6 -- no nexthops
in the other tables) the nexthop needs to be updated.
Only validate nexthops if 'nexthop qualify via bgp' is enabled. For route
changes the code can depend on the F_NEXTHOP flag.
Fix for: https://github.com/openbgpd-portable/openbgpd-portable/issues/81
OK tb@
Also export the msgbuf queue len as a stats member so bgpctl does not need
to dig into the msgbuf structure inside struct peer.
This skips imsg related msgbuf since that will be handled by a imsgbuf
specific function.
OK tb@
filtered prefixes in the Loc-RIB
This includes filtered prefixes into the Loc-RIB but they are marked
ineligible so nothing will select them but it is possible to show them
in bgpctl. So 'bppctl show rib filtered' will return all prefixes filtered
out by the input filters.
OK tb@
The min-version pins a minimal required version for rtr session. This is
needed if specific PDUs are required and it ensures that the session is
not suddenly downgraded. This is important for ASPA where a minimum
version of 2 is required. Only then the ASPA PDUs are transmitted.
By default a RTR version of 1 is used but setting min-version to 2
will enable draft-ietf-sidrops-8210bis-14 support and enforce it
at the same time. Right now defaulting to version 2 is not possible
since draft-ietf-sidrops-8210bis failed to progress for a too long
time resulting in split eco system with various incompatible RTR
version 2 implementations.
OK tb@
withdraw case. Those bytes are needed for the attribute length field.
Without this withdraw messages can become overfull and are dropped
without notice.
Problem found and fix tested by denis@
OK denis@ tb@
In up_get_nexthop() check that the local_vX_addr is actually valid
before using it. In the UPDATE generation functions check that the
nexthop is valid before adding it and fail hard if it does not exist.
You can't announce an IPv4 prefix/gateway over an IPv6 only link.
OK henning@ sthen@
capability neither from our side not the remote end.
Also track unknown AFI/SAFI combos for the remote end in AID_UNSPEC
this way even unknown combos will prevent a fall back.
OK henning@ sthen@
Before the RDE used host byte order for remote_bgpid but all the other
code used network byte order. The reason for that was that bgpid was
initially an IPv4 address but since RFC 6286 in 2011 this is much more
relaxed and so it makes more sense to just treat them as numbers and
so host byte order.
OK tb@
This converts OPEN and it capability parser and RREFRESH and with that
all packet parser are kind of converted. There is still parse_header()
and the general packet handling that needs some work now so that all
the ugly ibuf_from_buffer() can be dropped.
OK tb@
We don't really care if it works or not and we don't want to clamp it
down further then 64k. So just call setsockopt() once and ignore the error.
OK tb@ sthen@
There is no need to have an easy knob to get outdated or crappy
implementations to limp along. Instead the various default on
capabilities just need to be disabled (e.g. announce as-4byte no).
OK tb@
attribute error.
BGP more and more relies on capabilities, automatically clearing them
all no longer seems the right choice. Now operators need to adjust the
config explicitly to allow such connections.
From a larger diff which is OK tb@
last_sent_errcode is now cleared late (when state changes to ESTABLISHED)
and so notifications sent in the OPEN phase would be dropped after the
first incident. Using the session state to know if sending a message is
possible seems more robust and is what session_stop() uses as well.
For now log the notification which are not sent as 'dropping' to see how
often this happens.
OK tb@
PDU larger then 48k will result in a session reset while ASPA records
with more than 10'000 entries will be implicitly withdrawn.
Also truncate RTR error PDUs to only include 256 bytes of the faulty PDU.
It makes no sense to include more to identify the issue.
OK tb@
record over to RTR or the RDE.
The long term goal is to increase the IMSG size considerably but that
requires some additional API changes to the imsg API.
OK tb@
For simple capabilities this just adds enforce to the yes/no option of the
announce statement. For multi-protocol capabilities and add-path there is
an extra keyword. On top of this for add-path the enforcement requires the
neighbor to send a matching capability, e.g
'announce add-path recv enforce' requires the other side to send any
'announce add-path send XYZ' capability.
This is mainly to enforce as-4byte and extra multi-protocol capabilities.
OK denis@ tb@
at the ibuf payload passed to log_notification().
Because of this move ibuf_get_string() and the log_notification() call
in parse_notification().
OK tb@
While there fix the RFC5492 handling of ERR_OPEN_CAPA (the current code
has the logic inversed). ERR_OPEN_CAPA is there to signal that a needed
capability is missing in our OPEN message. Just add the handling of
ERR_OPEN_CAPA to log_notification().
Also rework the handling of the shutdown reason and move the printing
into log_notification().
OK tb@
- Loops over all valid AID should start with AID_MIN and go up to AID_MAX - 1
e.g. for (i = AID_MIN; i < AID_MAX; i++)
If for some reason AID_UNSPEC must be handled make that explicit in the
for loop.
- aid2afi() now returns an error for AID_UNSPEC since there is no valid
AFI SAFI combo for AID_UNSPEC.
- Add additional checks for AID_MIN where currently only AID_MAX was checked.
This affects imsg for route refresh and graceful restart.
- Simplify add-path capability handling. Only the negotiated add_path capa
sets the flag for AID_UNSPEC to help code to quickly check if any add-path
is active.
OK tb@
when named initializers use fields within these anonymous unions.
Hopefully a short-term bandaid until the appropriate changes are identified
and backported to gcc3.
ok claudio@
In this case ibuf_size(in) is 0 and the ibuf_open() fails because
right now 0 sized ibufs are not allowed. Add + 1 to the size calculation
as a workaround.
OK tb@
to new ibuf API.
Various aspath functions are modified to work better with ibufs.
aspath_inflate() now only works with ibufs and is a lot simpler.
aspath_verify() does all the checks using the ibuf api and therefor
most length checks can be skipped.
aspath_asprint() and the new internal aspath_strsize() and aspath_snprint()
are totally overhauled -- including some bugs that got squashed.
OK tb@
This skips ATTR_ASPATH and ATTR_AS4_PATH for now, those will follow soon.
Reshuffle checks a little bit. While ibuf_get does ensure that enough data
is available do a precise size check to ensure that only the expected amount
of data is available.
OK tb@
This converts community_add(), community_large_add() and community_ext_add()
and as a result removes some hacks from rde_attr_add() and rde_attr_parse().
OK tb@
Rewrite rde_update_dispatch() to use ibufs. Because of this
rde_update_err(), rde_get_mp_nexthop(), nlri_get_prefix() and
friends are switched to use ibufs. For rde_attr_parse() a minimal
change was done for now.
OK tb@
was sending and hit the error path because of that. Since the encoding
as two uint32_t in rtr.c is awkward use the same way that the parent is
sending the aspa sets. This uses a local copy so that the included expire
filed is forced to 0 (the RDE does not use that field).
OK tb@
extra data. With this IMSG_UPDATE_ERR can use the new imsg API.
Introduce session_notification_data() for the few cases where there
is no ibuf readily available.
OK tb@
so handle this case as well. This error triggers an RTR_EVNT_NO_DATA
event that moves the session to RTR_STATE_ESTABLISHED (and out of negotiation).
When there is no data available the session_id remains unset until data
becomes available. So handle this case not only in rtr_parse_cache_response()
but also in rtr_parse_notify().
RTR_EVNT_NO_DATA arms the RTR_EVNT_TIMER_RETRY timer. On expiry send a
reset or serial query depending on the cache session state.
OK tb@
the session comes up instead of at the start of a connect.
With this the last errors reported should stick around longer.
Reported by linx.net, OK job@
RFC8210 and especially draft-ietf-sidrops-8210bis are underspecified when
it comes to inital version negotiation. The authors seem to have a very
different view on how this works compared to the various RTR cache
implementations.
Reducing the version on any session close is a problem since it often leads
to downgraded sessions where not needed. Instead require the server to send
PDUs with their correct version (either a code 4 error, a cache response
or cache reset pdu).
Extensively tested against various modes of StayRTR.
Also tested against routinator which is currently not following the spec
(https://github.com/NLnetLabs/routinator/issues/919) and breaks on unknown
versions.
This is probably not the last change to make RTR version negotiation work
but it is a step in the right direction.
OK tb@
Add struct rtr_endofdata_v0 and rtr_parse_end_of_data_v0() to handle this
oddity. With this bgpd supports RFC6810 and RFC8210 and some form of
draft-ietf-sidrops-8210bis
OK tb@
it arrives in a strange moment. The RFC is as helpful about this as one
could expect. Still I botched the state check and later added an
rtr_send_error() call which made the previous worse.
OK tb@
Stop calling rtr_send_error() after a parse error in rtr_process_msg();
instead move the calls into the parse functions.
Use consistend and useful error text to most rtr_send_error() calls.
In parse header also check the minimal version for router key and ASPA pdus
before checking their length.
OK tb@