The tricky bit here is the fact that the peer wbuf needs to be allocated
and freed in the right places (when a peer is setup and when it is freed).
During lifetime we just flush the msgbuf with msgbuf_clear().
mrt has a similar issue. I think that freeing the msgbuf in mrt_clean is right.
OK tb@
Instead use struct auth_config and struct auth_state in the pfkey calls
and those tcp_md5 calls where it matters.
This is preparation work to allow RTR to use TCP MD5 as well.
OK tb@
to be rechecked when a BGP route is added (or changed).
We need to revalidate nexthops on inserts (kroute_insert) and
on change (krX_change but only for AID_INET and AID_INET6 -- no nexthops
in the other tables) the nexthop needs to be updated.
Only validate nexthops if 'nexthop qualify via bgp' is enabled. For route
changes the code can depend on the F_NEXTHOP flag.
Fix for: https://github.com/openbgpd-portable/openbgpd-portable/issues/81
OK tb@
filtered prefixes in the Loc-RIB
This includes filtered prefixes into the Loc-RIB but they are marked
ineligible so nothing will select them but it is possible to show them
in bgpctl. So 'bppctl show rib filtered' will return all prefixes filtered
out by the input filters.
OK tb@
The min-version pins a minimal required version for rtr session. This is
needed if specific PDUs are required and it ensures that the session is
not suddenly downgraded. This is important for ASPA where a minimum
version of 2 is required. Only then the ASPA PDUs are transmitted.
By default a RTR version of 1 is used but setting min-version to 2
will enable draft-ietf-sidrops-8210bis-14 support and enforce it
at the same time. Right now defaulting to version 2 is not possible
since draft-ietf-sidrops-8210bis failed to progress for a too long
time resulting in split eco system with various incompatible RTR
version 2 implementations.
OK tb@
There is no need to have an easy knob to get outdated or crappy
implementations to limp along. Instead the various default on
capabilities just need to be disabled (e.g. announce as-4byte no).
OK tb@
PDU larger then 48k will result in a session reset while ASPA records
with more than 10'000 entries will be implicitly withdrawn.
Also truncate RTR error PDUs to only include 256 bytes of the faulty PDU.
It makes no sense to include more to identify the issue.
OK tb@
For simple capabilities this just adds enforce to the yes/no option of the
announce statement. For multi-protocol capabilities and add-path there is
an extra keyword. On top of this for add-path the enforcement requires the
neighbor to send a matching capability, e.g
'announce add-path recv enforce' requires the other side to send any
'announce add-path send XYZ' capability.
This is mainly to enforce as-4byte and extra multi-protocol capabilities.
OK denis@ tb@
at the ibuf payload passed to log_notification().
Because of this move ibuf_get_string() and the log_notification() call
in parse_notification().
OK tb@
While there fix the RFC5492 handling of ERR_OPEN_CAPA (the current code
has the logic inversed). ERR_OPEN_CAPA is there to signal that a needed
capability is missing in our OPEN message. Just add the handling of
ERR_OPEN_CAPA to log_notification().
Also rework the handling of the shutdown reason and move the printing
into log_notification().
OK tb@
to new ibuf API.
Various aspath functions are modified to work better with ibufs.
aspath_inflate() now only works with ibufs and is a lot simpler.
aspath_verify() does all the checks using the ibuf api and therefor
most length checks can be skipped.
aspath_asprint() and the new internal aspath_strsize() and aspath_snprint()
are totally overhauled -- including some bugs that got squashed.
OK tb@
Rewrite rde_update_dispatch() to use ibufs. Because of this
rde_update_err(), rde_get_mp_nexthop(), nlri_get_prefix() and
friends are switched to use ibufs. For rde_attr_parse() a minimal
change was done for now.
OK tb@
When a session is established determine the possible interface scope of that
session. The scope is only set when the remote address is directly connected.
This interface scope is passed to the RDE that uses this information when
link-local nexthops are received. Again checking that a link-local nexthop
is actually acceptable.
OK tb@
With draft-ietf-sidrops-aspa-profile-16 and
draft-ietf-sidrops-aspa-verification-15 the AFI dependence of ASPA
records was dropped. So remove this complication form the code.
This only removes the AFI handling internally in bgpd but still allows
the old syntax in aspa-set tables. The optional address family is just
ignored and records are merged together.
For RTR sessions draft-ietf-sidrops-8210bis has not yet been updated so
right now we still handle RTR sessions as specified there. The IPv4 and
IPv6 ASPA entries are handled in two trees and merged together into one
AFI independent tree. This is the best we can do for now until IETF
updates draft-ietf-sidrops-8210bis.
OK tb@ job@
ASPA provider AS sets can include optional limitations to inet/inet6 these
limits are represented in the TAS_AID bit masks (2bits per AS).
Introduce a TAS_AID_SIZE() makro that returns the size in bytes of this
bit mask (rounded to the next uint32_t).
Without this change aspa objects with AID specific elements trigger a
fatal error condition when the config is loaded.
OK tb@ job@
process tracks which prefixes are added / removed and issues the
corresponding imsg calls.
Right now the RDE does nothing with the received information.
OK tb@
pfctl, in bgpd flowspec rules are written like pf rules (with a few
exceptions / extensions). As a result not all flowspec features are
available but that is OK.
OK tb@
Flowspec is excessivly flexible and large so there is no way to convert
the flowspec data into a struct bgpd_addr and it is better to keep it in
wireformat and add a few functions to validate and extract information
from the NLRI encoding.
OK tb@
connection with SAFI 133. Right now any sent UPDATE with SAFI 133 is
simply ignored. At the moment SAFI 134 (flowspec for L3VPN) is unsupported.
OK tb@
sessions to leak into the RDE via rtr_recalc. Only run rtr_recalc when
the last or only RTR session is done with the update. Run a new timer
along to ensure that the semaphore is not hold forever. The timeout
is currently a very generous 60sec, no RTR cache should be that slow.
OK tb@
especially on route-servers the output filters are in the hot path so
reducing the number of rules to check has a big impact. I have seen a
25% to 30% speedup in my big IXP testbench.
The output ruleset is applied and copied for each peer during config reload
and when a peer is initially added.
OK tb@
In rtr.c renamed rtr_aspa_merge_set() to rtr_aspa_insert() and move it
close to rtr_roa_insert().
In rtr_proto.c most complexity comes from the version negotiation. The
ASPA parser is reasonably streight forward. The version negotiation is
fragile but that is mostly because of the protocol specification and the
fact that RTR cache daemons sometimes fail to send errors.
OK tb@
too conservative. Fixes and changes include:
- add role output to bgpctl, also adjust the capability output.
Note, this changes the JSON output of neighbors a bit.
- adjust the config parser to enable the RFC9234 role capability when
there is a role set. iBGP and sessions with no role will not announce
the role capability.
- adjust the role capability announcement to be only on sessions that
use either AFI IPv4 or IPv6 and SAFI 1 (AID_INET, AID_INET6).
- if there is an OPEN notification indicating that the role capability
is bad only disable the capability if it is not enforced.
- Adjust capability negotiation, store remote_role on the peer since
the neighbors role is no longer needed by the RDE.
- inject the OTC attribute on ingress only for AID_INET and AID_INET6.
For other AIDs clear the F_ATTR_OTC_LOOP flag.
- Adjust the role logic in the RDE and use the peer->role (local role of
the system) for all checks. Also remove the check if the role capability
was negotiated between peers.
- In prefix_eligible() check also if the F_ATTR_OTC_LOOP flag is set.
The RFC requires that prefixes must be considered ineligible (and not
treat as withdraw as done before)
- When generating an UPDATE include the OTC attribute unless the AID is
neither AID_INET or AID_INET6.
Fixes https://github.com/openbgpd-portable/openbgpd-portable/issues/51
Reported by Pier Carlo Chiodi
OK tb@
stat numbers, just send the peerid and have the RDE response with the
stats. The control code will then merge these counters into the real
peer struct and send that to bgpctl. This reduces the number of bytes
sent around a fair bit.
OK tb@
This adds avs (ASPA validation state) which can be 'unknown', 'valid'
or 'invalid'. It behaves similar to ovs but the ASPA validation state
of paths from iBGP sessions is 'unknown' and the role of the ebgp session
is important to get the right validation state.
OK tb@
For this use the validation state (vstate) in struct prefix and
struct filterstate to store both the ASPA and ROA validity.
Introduce helper functions to set and get the various states for
struct prefix and make sure struct filterstate is also setup properly.
Change the ASPA state in rde_aspath to be AFI/AID and role independent
by storing all 4 possible outcomes. Also add a ASPA generation count
which is used to update the rde_aspath ASPA state cache on reloads.
Rework the rde_aspa.c code to be AFI/AID and role independent. Doing
this for roles is trivial but AFI switch goes deep and is so unnecessary.
The reload is combined with the ROA reload logic and renamed to RPKI
softreload.
OK tb@
This implements ASPA validation based on the current draft. Implementing
this showed various weaknesses in the current ASPA draft which I hope to
fix in the near future.
Unlike the algorithm specified in the draft our version validates the
AS_PATH attribute in a single path doing one or two lookups depending on
the sessions BGP role.
The code is not yet hooked up into the RDE (see the NOTYET blocks).
Missing are reload logic, bgpctl integration and the loading of the
merged ASPA set from the rtr process.
OK tb@
This somewhat replaces the RFC 9234 open policy role. This is done because
ASPA requires the same role to be present to properly validate paths.
For iBGP sessions the role is forced to ROLE_NONE. If no role is set on
an ebgp session then 'announce policy' is forced to 'no'.
Also make sure the the role capability is only added if the role is set.
OK tb@
logic in the rtr process. It does not implement the new RTR messages yet
but it is possible to specify an aspa-set in the config. Also the validation
code in the RDE is missing so this does not do anything.
With this in it will be possible to extend rpki-client to publish an
aspa-set as part of the openbgpd config file.
OK tb@
