tteras/quagga - tteras' quagga tree

	Commit message (Collapse)	Author	Age	Files	Lines
*	Merge Quagga master branch -- as of 1-Mar-2012 -- into euro_ix_bex21b	Chris Hall	2012-03-17	1	-13/+7
\|\ \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Version 0.99.20ex21b This brings us up to date with: commit 48f99b0c2bfed8d3880732d188e1d5964f575ee4 Date: Thu Sep 29 16:55:23 2011 +0400 release: 0.99.20 and the subsequent: commit dc00d2bb56aa6a84dd2328133f69db3c3e6d9dc7 Date: Sun Jan 8 14:47:06 2012 +0000 Marker merge for 'RE-0.99.17.6' This marker merge (i.e. an 'ours' strategy merge) is a placeholder to show that all commits in Quagga-RE stable, to its release RE-0.99.17.6 tag, have been reviewed and merged into 'master'. and then further commits (in descending date order) commit b51a3a31500133e3e26f12e7639f297c655bc735 commit ef2d5d100431031c32ea35b3c834b46cff16f511 commit 4c78376f96cd2ca56f1c6476b76fd659654431f5 commit e854095932260b3e6187902aa9a7baa0e96b9428 commit e6b03b77766dce8009ad7b4a2392e14addf4ab0f commit c25eaffdb2190149e768dc4ee4efc913c6d02992 commit d034aa027ef44d0a74805c27ad2a4d8ea20395d1 commit 907fd95e502e10334e5390c73cc57588b88b8171 commit 7fd6cd819ff98f0580b745ba637990df9c20ef0f commit 4c0cf00afc4340a429a9c4830f638b4593d7c3af commit 4afa50b393ff1fb34dd577888a05b81dfdced5af commit 6eb0c5ab1d43bcf9edd4fefd19031f2b96ded728 commit aca43b656623f38dfa6ea835dacbdfec51d03a67 commit 6bb1273e83c29b3aeff9584bc8f6272e773294ad commit d660f698427277ce695a5b756f3143c8304274ea commit 6134b875f39986564aced5e2d7329fcd852f17f4 commit b4e45f67057be22133b6bec88cdf285d5c8214db commit 6eac79a6fed4842e00607c00c445213b51bba377 commit cb32fd690a957819865219a847e3c21a53a0f419 commit 73bfe0bd9adb8e4dfcee7239e56a425c6d58f4e9 commit f768f367bcd1f37a53c563495176a5a134caf234 commit c7ec179a95c1ed4fcd3d3be3f981c8c20dce534a commit cddf391bf6839e9f093cef15508669c1f3f92122 commit 5a616c08ce089e25dc0e8da920727af4d11279bf commit 6ae93c058725991df5a9ae35cefec368919b5fea commit fc98d16ea77372f4ab4231e8904f8467e8d1ef71 A summary of the changes that relate to bppd, zebra and the lib follows. bgpd changes * attribute handling: (a) now checks the flag byte for all attributes and issues suitable log messages and notifications, (b) reports some length issues that previously let slide (local pref). Tighten End-of-RIB detection -- now iff an MP_UNREACH is the only attribute and no ordinary update or withdraw. * added --socket/-z option -- sets zebra socket name * sets IPv6 tclass as required * improved next hop handling and added "show ip bgp scan" and "show ip bgpd scan detail" commands. see commits: fc98d16ea77372f4ab4231e8904f8467e8d1ef71 0e8032d69961ae196c11ba6ead856084c7acf7c2 b64bfc1c4a552fc0b4dd024d5f77171ec848a5df 318f0d8a7f5e8e87086bbf2a9e7c4b35638951ac 8e80bdf20f493a71bcf74262ed3aa3a2437f4df6 f04a80a5d209dbb54f6fec5d0149b7c0e489d29e * removed SAFI_UNICAST_MULTICAST * fiddled with SAFI_MPLS_LABELED_VPN -- unsure if this is now complete -- stuff here TODO ! * support for multicast SAFI see commits: 73bfe0bd9adb8e4dfcee7239e56a425c6d58f4e9 5a616c08ce089e25dc0e8da920727af4d11279bf * added "match probability" commands * uses "route_types.txt" more effectively -- which affects the implementation of "redistribute" commands see commit: e0ca5fde7be5b5ce90dae78c2477e8245aecb8e9 * "nexthop-local unchanged" included in configuration. zebra changes * some whitespace change clutter :-( * ZEBRA_HELLO and mopping up routes (BZ#448) * implement route_types.h * support for SAFI_MULTICAST commit f768f367bcd1f37a53c563495176a5a134caf234 IPv6 MP-BGP Routes addition and deletion commit cddf391bf6839e9f093cef15508669c1f3f92122 IPv4 MP-BGP Routes addition and deletion * brought up to date with RFC6275 * add --socket/-z option * add "ipv6 nd mtu <1-65535>" commands lib changes * filter-list handling -- does not free the filter-list before calling the delete_hook(). However, unlike commit 6a2e0f36b103386e57dbe3a6ee4716e809111198 does remove the filter-list from the name look-up, before calling the delete_hook() -- which I believe works better. * md5.c now includes RFC 2104 HMAC However fixed to remove compiler warning, by replacing use of caddr_t by unsigned char. Some phantom whitespace changes elsewhere prefix.c: commits d171bf58ef12ace43d48565e6870722dece1e6ed 051954f574b9c26458518a7029aeed118f0da620 9663386f16e6285a322747514527fdf1d19788e4 - optimise masklen2ip() and apply_mask_ipv4() -- the version here should work on a Big-Endian machine as well. - optimise ip_masklen() -- the version here should (a) work on a Big-Endian machine, (b) give the same result as before if the netmask is not, in fact, valid, and (c) uses just 256 bytes of table -- not 64K. Version here is probably not quite as fast as the previous patch... but certainly faster that what was there before. * zclient.c: introduced zclient_serv_path, for general zclient and for bgpd zlookup. Added ZEBRA_HELLO to client start. Added safi to ipv4 and ipv6 route add/delete.
\| *	bgpd: more SAFI fixes	Denis Ovsienko	2011-09-29	1	-13/+6
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	(with resolved conflict in bgpd/bgp_packet.c) Two macros resolving to the same integer constant broke a case block and a more thorough merge of BGP_SAFI_VPNV4 and BGP_SAFI_VPNV6 was performed. * bgpd.h: MPLS-labeled VPN SAFI is AFI-independent, switch to single * macro * bgp_capability_test.c: update test data * bgp_mp_attr_test.c: idem * bgp_route.c: (bgp_maximum_prefix_overflow, bgp_table_stats_vty) update macro and check conditions (where appropriate) * bgp_packet.c: (bgp_route_refresh_send, bgp_capability_send, bgp_update_receive, bgp_route_refresh_receive): idem * bgp_open.c: (bgp_capability_vty_out, bgp_afi_safi_valid_indices, bgp_open_capability_orf, bgp_open_capability): idem * bgp_attr.c: (bgp_mp_reach_parse, bgp_packet_attribute, bgp_packet_withdraw): idem
* \|	vtysh partly restored. bgpd not crashing on over-size messages.	Chris Hall	2012-02-19	1	-4/+8
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	NB: this is a partial interim version -- NOT for production. Reinstate vtysh. In bgpd: cope better with generating oversize messages. The "pipework" branch is no more. There is now "euro_ix" and "euro_ix_b", where 'b' stands for 'bleedin'. The "pipework" is currently in 'bleedin'. Version updated to: 0.99.18ex20b Major changes in this commit: * modified bgpd to avoid crashing if an oversize message is created. At present, any oversize messages are simply discarded. This may be a mistake... since it is possible that some routes that should have been withdrawn are not. TBA. The stream lib facilities have been overhauled to may this easier. * restoring vtysh. At present the vtysh is thought to work, except that it does not currently create integrated configuration files. For the time being, only the following compile: lib, bgpd, zebra, vtysh, tests All other daemons will fail to compile, and must be disabled.
* \|	Changed gcc options to -std=c99 and -O2, and tighted warnings.	Chris Hall	2011-09-02	1	-0/+2
\| \| \| \| \| \| \| \|	Some small changes to accomodate same.
* \|	Reworking of peer state handling.	Chris Hall	2010-07-19	1	-1/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	This fixes a reported assert() in 'no neighbor xxx'. It also fixes other issues found when reviewing and testing that. Also fixed is a reported segfault caused by prefix lists without explicit sequence numbers. Peer State ========== Tightened up the peer state handling, including: * shades of pIdle -- depending on some peer flags and the session, if any * state transitions -- particularly pEstablished -> pIdle or pClearing * handling if deleting peer and associated session * handling of PEER_DOWN_XXX -- why peer was last downed * handling of last NOTIFICATION sent/received RS Client RIBs ============== Cleared up places where RS Client RIBs were not disposed of properly when a peer's afi/safi state changed, in particular: -- when deactivating an afi/safi -- when unsetting the rs client state for an afi/safi -- when binding a peer to a group for an afi/safi In the past these issues were probably invisible, except for a slight leak of memory. With the newer code these issues triggered some asserts when closing down a peer or the entire program. Program Termination =================== Now terminates by deleting all peers -- essentially 'no neighbor' for all peers. Each time a peer is set to be deleted bm->peer_linger_count is incremented, when the peer finally is deleted, the count is decremented. So while in program_terminating state, all nexuses continue to run until the Routing Engine spots that there are no peers left to delete. Then all nexuses are shut down and the program finally terminates. To do this, when termination starts a new Routing Engine foreground task is added, which calls program_terminate_if_all_peers_deleted(). Accept() Status for Session =========================== The accept() code needs to find the session associated with the incoming IP address. Then it needs to see if can accept the incoming connection. It looks up the IP address in the Peer Index (under its Mutex). Previously: the Peer Index entry contained a pointer to the accepting connection (if any), and the session had a pointer to the Peer Index entry so that it could set/clear the accept field in that entry. Now: have removed the accept field in the Peer Index entry, and the pointer from the session to that entry. There is now an "accept" flag in the session structure -- so setting/clearing accept does not have to fiddle with any state to do with the peer. Which seems cleaner. To find the session, the accept() code goes via the Peer Index and then via the peer to find the session. This is done under the Peer Index Mutex. To support that, the Routing Engine only changes the peer->session pointer under the same Mutex. General Changes =============== 1. name changes: peer_lock -> bgp_peer_lock etc. 2. bgp_notify_send -> bgp_peer_down_error bgp_notify_send_with_data -> bgp_peer_down_error_with_data 3. name changes: bgp_peer_sIdle -> bgp_peer_pIdle etc. 4. changing int to bool 5. added "received" flag to bgp_notify structure Files Affected ============== configure.ac -- set version to 0.99.15ex02 bgpd/bgp.h -- format changes only bgpd/bgp_advertise.c -- (1) bgpd/bgp_attr.c -- (2) bgpd/bgp_common.h -- (3) bgpd/bgp_connection.c -- (4) for session->active - adding session->accept flag - removing peer index accept entry - adding bgp_connection_query_accept() bgpd/bgp_connection.h -- adding bgp_connection_query_accept() bgpd/bgp_debug.c -- (3) (5) - changed bgp_notify_print() to remove "sending" parameter and use (5) bgpd/bgp_debug.h -- changed bgp_notify_print() bgpd/bgp_fsm.c -- added TODO for NSF and for CollisionDetectEstablishedState bgpd/bgp_main.c -- (4) for various flags - added static bool program_terminating - used "mqb_priority" name instead of "1" - ignore SIGHUP and SIGTERM messages once is "program_terminating" - added program_terminate_if_all_peers_deleted() - in SIGTERM: set program_terminating and add the foreground hook. bgpd/bgp_mplsvpn.c -- (3) bgpd/bgp_msg_read.c -- (5) set the "received" flag on incoming notifications - update call of bgp_notify_print() bgpd/bgp_msg_write.c -- update call of bgp_notify_print() bgpd/bgp_network.c -- (4) bgpd/bgp_nexthop.c -- (3) bgpd/bgp_notification.c -- add "received" flag to notification structure, which is false by default. bgpd/bgp_notification.h -- add "received" flag to notification structure - add bgp_notify_set_received() - add bgp_notify_get_received() bgpd/bgp_open.c -- (2) bgpd/bgp_open_state.c -- in bgp_peer_open_state_receive(): - copy the session->hold_timer_interval and session->keepalive_timer_interval values (as negotiated by the BGP Engine) into the peer - set PEER_CAP_RESTART_RCV if have - fix typo, use: open_recv->can_preserve not: open_recv->can_g_restart bgpd/bgp_packet.c -- delete bgp_notify_send() and bgp_notify_send_with_data() - (1) (2) (3) - bgp_clear_route_normal() -> bgp_clear_routes() and now returns "completed" state. bgpd/bgp_packet.h -- delete: bgp_keepalive_send() bgp_open_send() bgp_notify_send() bgp_notify_send_with_data() bgpd/bgp_peer.c -- changed: bgp_session_has_established() bgp_session session() bgp_session_has_disabled() to void and to take session, not peer. - removed lock of session structure in bgp_session_do_event() -- was holding the lock for far longer than necessary, particularly when clearing routes ! - in bgp_session_has_established(): - lock session structure where and only where required - tidied up timer handling - in bgp_session_has_stopped(): - extend IdleHoldTime - examine notification etc to see why session came down. - invoke bgp_peer_down_notify(), which will start the process of downing the peer. - in bgp_session_has_disabled(): - removed defer_enable - removed calls to bgp_peer_stop() etc. That is done in bgp_peer_down() et all. - now if session is marked delete_me, then do that; otherwise, can enable again. - removed program_terminate_if_all_disabled(), replaced by new mechanism - in bgp_peer_stop(): - changed to void function and added nsf parameter. - sets pClearing state. - MUST now only be called when pEstablished. - removed some code to bgp_peer_reset_idle(). So... bgp_peer_stop() brings pEstablished peer to halt, while bgp_peer_reset_idle() prepares it for new session. - now passes nsf to bgp_clear_all_routes(), which returns flag to say whether task is complete or whether it continues in background. - clearing of NSF_MODE and flags moved to bgp_peer_reset_idle(). - sets pIdle state if route clearing completed - renamed peer_nsf_stop() -> bgp_peer_nsf_stop() - if is pIdle or pClearing and have NSF routes, then stops timers and clears out all the NSF routes. - added bgp_peer_clear_all_stale_routes() - added bgp_peer_shutdown() -- used when peer is downed for PEER_DOWN_USER_SHUTDOWN ! - added bgp_peer_reset_idle() -- used when peer goes pIdle or is about to enable session. - deleted bgp_peer_timers_stop() -- see bgp_peer_change_status(). - replaced bgp_peer_clearing_completed() - if pClearing, sets pIdle and enables if can - if pDeleting, unlocks peer - replaced bgp_timer_set() by bgp_peer_timers_set() -- deals in new peer states only. - renamed peer_new() -> bgp_peer_new() - renamed peer_create() -> bgp_peer_create() - added setting of PEER_STATUS_REAL_PEER - changed auto activation to reflect what actually happens. - changed bgp_session_init_new() call because it now sets peer->session. - sets timers suitable for pIdle. before any auto enable. - renamed peer_delete() -> bgp_peer_delete() - removed call of peer_nsf_stop() - added bgp_peer_down() with PEER_DOWN_NEIGHBOR_DELETE -- which does all the work of flattening an active peer, and returns it pIdle or pClearing. - if pClearing, lock the peer so that when clearing completes, it can unlock it. - sets pDeleting state, and increments bm->peer_linger_count. - tightened procedure for dealing with various references to peer -- including use of the PEER_STATUS_REAL_PEER flag. - tidied up dealing with rsclient RIBs and shared pointers to group versions of same. - removed call of bgp_timer_set(), now done in bgp_peer_change_status(). - now unregisters the peer immediately, so can register a new one before this one is completely deleted. - deletes session if it can. - moved peer_lock() & peer_unlock() from bgpd.c and renamed bgp_peer_lock() & bgp_peer_unlock() - renamed peer_free() bgp_peer_free() and made static. - peer must be pDeleting -- so have been through bgp_peer_delete() - peer->session must be NULL - decrements bm->peer_linger_count - deleted peer->clear_node_queue handling - deleted bgp_session_free() -- that's done in bgp_peer_delete() or elsewhere. - unlocked bgp at end - assert peer->session == NULL, to be sure - set peer->lock == -54321 - in bgp_peer_enable(): - recast as switch() on peer state - added bgp_peer_reset)idle() before enabling the session. - renamed bgp_peer_disable() -> bgp_peer_down() - takes PEER_DOWN_XXX argument, which drives what notification is sent, and sets the peer->last_reset status. A small number of PEER_DOWN_XXX are special. - removed the IdleHoldTimer stuff. - copies outbound notification to session. - for PEER_DOWN_NSF_CLOSE_SESSION, keep non- stale routes. - for PEER_DOWN_USER_SHUTDOWN, do bgp_peer_shutdown() - after disabling any session and doing any shutdown, proceed as per peer->status: pIdle -- flush stale routes bgp_peer_enable() pEstablished -- bgp_peer_stop() pClearing -- flush stale routes - added bgp_peer_down_notify(). - added bgp_peer_down_error(), which replaces bgp_notify_send(). - added bgp_peer_down_error_with_data(), which replaces bgp_notify_send_with_data() The "down_error" functions calculate the appropriate PEER_DOWN_XXX value, and call bgp_peer_down_notify(). - added bgp_peer_map_peer_down(), to map PEER_DOWN_XXX to a notification message. - added bgp_peer_map_notification, to map notification message to a PEER_DOWN_XXX. - renamed peer_change_status() -> bgp_peer_change_status() - do most things only if state changes. - add call to bgp_peer_reset_idle() as enter pIdle state. - at all times do bgp_peer_timer_set() - renamed peer_timers_set() -> bgp_peer_timers_set() - commoned up code for Graceful Restart and Graceful Restart Stale timers and stale routes. - changed Graceful Restart Stale time to cope if it should expire before Graceful Restart ! bgpd/bgp_peer.h -- added PEER_DOWN_XXX values and tidied up + PEER_DOWN_NULL + PEER_DOWN_UNSPECIFIED + PEER_DOWN_CONFIG_CHANGE + PEER_DOWN_AF_DEACTIVATE + PEER_DOWN_PASSWORD_CHANGE + PEER_DOWN_ALLOWAS_IN_CHANGE + PEER_DOWN_INTERFACE_DOWN + PEER_DOWN_MAX_PREFIX + PEER_DOWN_HEADER_ERROR + PEER_DOWN_OPEN_ERROR + PEER_DOWN_UPDATE_ERROR + PEER_DOWN_HOLD_TIMER + PEER_DOWN_FSM_ERROR + PEER_DOWN_DYN_CAP_ERROR - PEER_DOWN_NOTIFY_SEND (deleted) - added typedef peer_down_t - struct peer: - deleted redundant clear_node_queue - removed PEER_STATUS_ACCEPT_PEER flag - added PEER_STATUS_REAL_PEER flag - (3) - deleted bgp_peer_reenable() -- redundant - deleted bgp_peer_stop() -- now static - replaced bgp_peer_disable() by bgp_peer_down() - added bgp_peer_down_error() - added bgp_peer_down_error_with_data() - deleted peer_change_status() -- now static - renamed peer_new() -> bgp_peer_new() - renamed peer_create() -> bgp_peer_create() - renamed peer_delete() -> bgp_peer_delete() - added bgp_peer_lock() - added bgp_peer_unlock() - deleted peer_free() - deleted peer_nsf_stop() bgpd/bgp_peer_index.c -- removed accept entry from bgp_peer_index_entry structure - added explicit next_free entry to the structure - sets next_free to point at self in entries which are in use -- and checks this. - change bgp_peer_index_seek_accept() to link to session via the peer data structure, and to call bgp_connection_query_accept() under the Peer Index Mutex. - (4) for bgp_peer_index_seek_accept() bgpd/bgp_peer_index.h -- removed accept entry from bgp_peer_index_entry structure - added explicit next_free entry to the structure - (4) for bgp_peer_index_seek_accept() bgpd/bgp_route.c -- (1) (2) (3) - in bgp_process_rsclient(), bgp_process_main(), and bgp_processq_del(): - extra dasserts() - clear rn->wq_next - unlock table after unlock node (bug fix) - in bgp_process(), lock bgp before table. - in bgp_maximum_prefix_restart_timer(), replace call of peer_clear() by unset of flag and bgp_peer_enable() -- peer is already down. - added bgp_maximum_prefix_cancel_timer() - deleted bgp_clear_this_route() -- code now inline in only caller. - renamed bgp_clear_route_normal() -> bgp_clear_routes() - takes an "nsf" argument to invoke NSF "clearing", iff nsf set for afi/safi. Sets PEER_STATUS_NSF_WAIT if so. - returns bool "completed" if clearing has completed immediately -- ie no background work left to be done. - renamed bgp_clear_route_all() -> bgp_clear_all_routes() - takes "nsf" argument and returns "completed" as for bgp_clear_routes(). - removed call: bgp_peer_clearing_completed() - renamed bgp_clear_route_rsclient() -> bgp_clear_rsclient_rib() - deleted bgp_cleanup_routes() -- was used during termination, no longer required because termination deletes all peers. bgpd/bgp_route.h -- deleted bgp_cleanup_routes() -- program termination now deletes all peers, which implicitly cleans up all routes. - renamed: bgp_clear_route_normal() -> bgp_clear_routes() - renamed: bgp_clear_route_rsclient() -> bgp_clear_rsclient_rib() - renamed: bgp_clear_route_all() -> bgp_clear_all_routes() - added: bgp_maximum_prefix_cancel_timer() bgpd/bgp_session.c -- (3) - deleted bgp_session_defer_if_limping() - in bgp_session_init_new() - changed to void and removed session argument -- always creates a new session - peer MUST not have a session - removed Peer Index pointer stuff as Peer Index no longer has accept field - sets session->peer and locks peer - sets peer->session under Peer Index Mutex - sets session->delete_me false - sets session->accept flag false - replaced bgp_session_free() by bgp_session_delete() - changed to void function - if session is active, set the delete_me flag so session will be deleted when goes sDisabled. - make sure that session Mutex has been released by the BGP Engine before destroying it... otherwise: tears. - unhook session from peer under Peer Index mutex -- for accept() stuff. - unhook peer from session. - unlock peer. - in bgp_session_enable() - assert that peer is pIdle. - clear delete_me for completeness - clear additional fields - in bgp_session_disable() - clear session->accept - in bgp_session_is_active() - no longer interested in Peer Index stuff - deleted bgp_session_defer_if_limping() bgpd/bgp_session.h -- in bgp_session structure: - removed index_entry pointer to Peer Index - added delete_me flag - removed defer_enable flag - added accept flag - removed session parameter from bgp_session_init_new() - deleted bgp_session_free() - added bgp_session_delete() - bgp_session_is_active() now returns bool bgpd/bgp_table.c -- bgp_node_free() sets lock count = -54321 - in bgp_table_free(): - assert that route node is empty - set lock count = -54321 - bgp_node_delete() asserts that is not on_wq - (1) bgpd/bgp_vty.c -- (1) (3) (4) - change peer_af_flag_modify_vty() to call peer_af_flag_modify() not set or unset. - change name: bgp_clear_route_rsclient() -> bgp_clear_rsclient_rib() - in peer_rsclient_set_vty(): - add peer to bgp->rsclient list after all validation is complete - in peer_rsclient_unset_vty(): - removed code for deleting the rsclient RIB etc to peer_rsclient_unset(). - added peer_rsclient_unset() bgpd/bgp_zebra.c -- bgp_peer_disable() -> bgp_peer_down() and now takes PEER_DOWN_INTERFACE_DOWN argument. bgpd/bgpd.c -- (1) (3) - replaced setting peer->last_reset and call of bgp_notify_send() by call of the new bgp_peer_down(). - bgp_router_id_set() ... PEER_DOWN_RID_CHANGE - bgp_cluster_id_set() ... PEER_DOWN_CLID_CHANGE - bgp_cluster_id_unset() ... PEER_DOWN_CLID_CHANGE - bgp_confederation_id_set() ... PEER_DOWN_CONFED_ID_CHANGE ... PEER_DOWN_CONFED_ID_CHANGE - bgp_confederation_id_unset() ... PEER_DOWN_CONFED_ID_CHANGE - bgp_confederation_peers_add() ... PEER_DOWN_CONFED_PEER_CHANGE - bgp_confederation_peers_remove() ... PEER_DOWN_CONFED_PEER_CHANGE - peer_as_change() ... PEER_DOWN_REMOTE_AS_CHANGE - peer_activate() ... PEER_DOWN_AF_ACTIVATE - peer_deactivate() ... PEER_DOWN_AF_DEACTIVATE - peer_group_bind() ... PEER_DOWN_RMAP_BIND - peer_group_unbind() ... PEER_DOWN_RMAP_UNBIND - peer_change_action() ... why_changed ... why_changed - peer_flag_modify_action() ... action->peer_down - peer_update_source_if_set() ... PEER_DOWN_UPDATE_SOURCE_CHANGE ... PEER_DOWN_UPDATE_SOURCE_CHANGE - peer_update_source_addr_set() ... PEER_DOWN_UPDATE_SOURCE_CHANGE ... PEER_DOWN_UPDATE_SOURCE_CHANGE - peer_update_source_unset() ... PEER_DOWN_UPDATE_SOURCE_CHANGE ... PEER_DOWN_UPDATE_SOURCE_CHANGE - peer_local_as_set() ... PEER_DOWN_LOCAL_AS_CHANGE ... PEER_DOWN_LOCAL_AS_CHANGE - peer_local_as_unset() ... PEER_DOWN_LOCAL_AS_CHANGE ... PEER_DOWN_LOCAL_AS_CHANGE - peer_password_set() ... PEER_DOWN_PASSWORD_CHANGE ... PEER_DOWN_PASSWORD_CHANGE - peer_password_unset() ... PEER_DOWN_PASSWORD_CHANGE ... PEER_DOWN_PASSWORD_CHANGE - peer_clear() ... PEER_DOWN_USER_RESET - bgp_terminate() ... PEER_DOWN_USER_RESET - deleted peer_lock() & peer_unlock(). See bgp_peer_lock() & bgp_peer_unlock() in bgp_peer - in peer_as_change(), move downing of peer to after all config changes have been made. - in peer_remote_as() implicitly activate iff !BGP_FLAG_NO_DEFAULT and is IPv4/Unicast. (but only ever called with IPv4/Unicast or nothing at all.) - in peer_deactivate() - if cannot dynamically reconfigure, then will down the peer PEER_DOWN_AF_DEACTIVATE. - uses new peer_rsclient_unset() to tidy away any rsclient RIB etc. - in peer_change_action(): - added 'why_down' argument - replace if's by switch() - in struct peer_flag_action, updated entry types - in peer_flag_action_list[], added the appropriate PEER_DOWN_XXX values. - in peer_af_flag_action_list[] - added the appropriate PEER_DOWN_XXX values - added multiple flag entries - in peer_flag_action_set(): - changed to return const address of peer_flag_action structure -- or NULL. - table may now contain entries which the given flag must be a subset of. - in peer_flag_modify_action(): - now takes peer_flag_action* and whether flag has been set or not. - allow only peer_change_none or peer_change_reset - deal with clearing PEER_FLAG_SHUTDOWN, otherwise bgp_peer_down(). - in peer_group_bind(): - uses new peer_rsclient_unset() to tidy away any rsclient RIB etc. - in peer_flag_modify(): - takes bool set flag - changed to suit peer_flag_action_set() and peer_flag_modify_action() - in peer_flag_set() and peer_flag_unset() changed to bool flag - added peer_af_flag_modify_action(), common code for use in peer_af_flag_modify(). - in peer_af_flag_modify(): - takes bool set flag - changed to suit peer_flag_action_set() and peer_flag_modify_action() - use peer_af_flag_modify_action() - in peer_af_flag_set() and peer_af_flag_unset() changed to bool flag - in peer_clear(): adjust for new bgp_peer_down() mechanics. - in bgp_master_init(): account for peer_linger_count (starting at 0) - in bgp_terminate(): - removed program_terminating -- see flag now in bgp_main.c - implement "retain_mode" by using BGP_OPT_NO_FIB flag to turn off changing the FIB as routes are deleted. - either bgp_peer_delete() if terminating or bgp_peer_down() all peers. - flush process queues. - deleted program_terminate_if_all_disabled() - in peer_lookup(), removed handling of PEER_STATUS_ACCEPT_PEER(). - deleted peer_lookup_with_open(). - in bgp_config_write_family(), removed handling of PEER_STATUS_ACCEPT_PEER(). - in bgp_config_write(), removed handling of PEER_STATUS_ACCEPT_PEER(). bgpd/bgpd.h -- add peer_linger_count entry to the bgp_master structure. - remove: peer_lock(), peer_unlock() and peer_delete() - (4) for peer_af_flag_modify() - added peer_rsclient_unset() lib/plist.c -- fixed handling of prefix lists with no explicit sequence numbers. lib/qpnexus.c -- (4) for main_thread & terminate flags - change qpn_terminate() so does nothing if terminate flag is already set. lib/qpnexus.h -- (4) for main_thread & terminate flags tests/bgp_capability_test.c -- (3)
* \|	Fixed program shutdown. Added peering engine side of TTL changing.	paulo	2010-01-27	1	-1/+1
\| \| \| \| \| \| \| \| \| \|	Changed names of peer states. Writed in peering engine side of sending route_refresh.
* \|	Getting BGP Engine to start and removing warnings.	Chris Hall	2010-01-24	1	-70/+73
\|/ \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Finish the wiring required to get bgp_msg_read to process OPEN messages into the connection's open_state, and be able to check for correct peer AS, etc. Removed bugs preventing messages from being written. Added BGP Id check to collision detection logic. Removed as many warnings from comilation as possible. Replaced horrible FIFO kludge in the process. (Introduced the even more horrible miyagi kludge.) modified: bgpd/bgp_advertise.c modified: bgpd/bgp_advertise.h modified: bgpd/bgp_connection.c modified: bgpd/bgp_connection.h modified: bgpd/bgp_debug.c modified: bgpd/bgp_fsm.c modified: bgpd/bgp_msg_read.c modified: bgpd/bgp_msg_write.c modified: bgpd/bgp_network.c modified: bgpd/bgp_nexthop.c modified: bgpd/bgp_notification.c modified: bgpd/bgp_open.c modified: bgpd/bgp_packet.c modified: bgpd/bgp_session.c modified: bgpd/bgp_session.h modified: bgpd/bgpd.c modified: lib/Makefile.am modified: lib/distribute.c modified: lib/if_rmap.c new file: lib/miyagi.h modified: lib/prefix.h modified: lib/sockopt.c modified: lib/stream.c modified: lib/thread.c modified: lib/vty.c modified: lib/zebra.h modified: tests/bgp_capability_test.c modified: tests/bgp_mp_attr_test.c modified: tests/ecommunity_test.c modified: tests/heavy-thread.c modified: tests/heavy-wq.c modified: tests/heavy.c modified: tests/main.c modified: tests/test-checksum.c modified: tests/test-sig.c modified: watchquagga/watchquagga.c modified: zebra/if_netlink.c modified: zebra/ioctl.c modified: zebra/rt_netlink.c modified: zebra/rtread_netlink.c
*	[bgpd] Fix number of DoS security issues, restricted to configured peers.	Paul Jakma	2007-12-22	1	-0/+30
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	2007-12-22 Paul Jakma <paul.jakma@sun.com> * Fix series of vulnerabilities reported by "Mu Security Research Team", where bgpd can be made to crash by sending malformed packets - requires that bgpd be configured with a session to the peer. * bgp_attr.c: (bgp_attr_as4_path) aspath_parse may fail, only set the attribute flag indicating AS4_PATH if we actually managed to parse one. (bgp_attr_munge_as4_attrs) Assert was too general, it is possible to receive AS4_AGGREGATOR before AGGREGATOR. (bgp_attr_parse) Check that we have actually received the extra byte of header for Extended-Length attributes. * bgp_attr.h: Fix BGP_ATTR_MIN_LEN to account for the length byte. * bgp_open.c: (cap_minsizes) Fix size of CAPABILITY_CODE_RESTART, incorrect -2 left in place from a development version of as4-path patch. * bgp_packet.c: (bgp_route_refresh_receive) ORF length parameter needs to be properly sanity checked. * tests/bgp_capability_test.c: Test for empty capabilities.
*	[bgpd] Merge AS4 support	Paul Jakma	2007-10-14	1	-25/+132
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	2007-10-14 Paul Jakma <paul.jakma@sun.com> * NEWS: Note that MRT dumps are now version 2 * (general) Merge in Juergen Kammer's AS4 patch. 2007-09-27 Paul Jakma <paul.jakma@sun.com> * bgp_aspath.c: (assegment_normalise) remove duplicates from from sets. (aspath_reconcile_as4) disregard a broken part of the RFC around error handling in path reconciliation. * aspath_test.c: Test dupe-weeding from sets. Test that reconciliation merges AS_PATH and AS4_PATH where former is shorter than latter. 2007-09-26 Paul Jakma <paul.jakma@sun.com> * aspath_test.c: Test AS4_PATH reconcilation where length of AS_PATH and AS4_PATH is same. 2007-09-25 Paul Jakma <paul.jakma@sun.com> * bgp_open.c: (peek_for_as4_capability) Fix to work. * bgp_packet.c: (bgp_open_receive) Fix sanity check of as4. * tests/bgp_capability_test.c: (general) Extend tests to validate peek_for_as4_capability. Add test of full OPEN Option block, with multiple capabilities, both as a series of Option, and a single option. Add some crap to beginning of stream, to prevent code depending on getp == 0. 2007-09-18 Paul Jakma <paul.jakma@sun.com> * bgp_open.c: (bgp_capability_as4) debug printf inline with others. (peek_for_as4_capability) There's no need to signal failure, as failure is better dealt with through full capability parser - just return the AS4, simpler. * bgp_packet.c: (bgp_open_receive) Update to match peek_for_as4_capability change. Allow use of BGP_AS_TRANS by 2b speakers. Use NOTIFY_OPEN_ERR rather than CEASE for OPEN parsing errors. (bgp_capability_msg_parse) missing argument to debug print (bgp_capability_receive) missing return values. * tests/bgp_capability_test.c: (parse_test) update for changes to peek_for_as4_capability 2007-07-25 Paul Jakma <paul.jakma@sun.com> * Remove 2-byte size macros, just make existing macros take argument to indicate which size to use. Adjust all users - typically they want '1'. * bgp_aspath.c: (aspath_has_as4) New, return 1 if there are any as4's in a path. (aspath_put) Return the number of bytes actually written, to fix the bug Juergen noted: Splitting of segments will change the number of bytes written from that already written to the AS_PATH header. (aspath_snmp_pathseg) Pass 2-byte flag to aspath_put. SNMP is still defined as 2b. (aspath_aggregate) fix latent bug. (aspath_reconcile_as4) AS_PATH+NEW_AS_PATH reconciliation function. (aspath_key_make) Hash the AS_PATH string, rather than just taking the addition of assegment ASes as the hash value, hopefully sligthly more collision resistant. (bgp_attr_munge_as4_attrs) Collide the NEW_ attributes together with the OLD 2-byte forms, code Juergen had in bgp_attr_parse but re-organised a bit. (bgp_attr_parse) Bunch of code from Juergen moves to previous function. (bgp_packet_attribute) Compact significantly by just /always/ using extended-length attr header. Fix bug Juergen noted, by using aspath_put's (new) returned size value for the attr header rather than the (guesstimate) of aspath_size() - the two could differ when aspath_put had to split large segments, unlikely this bug was ever hit in the 'wild'. (bgp_dump_routes_attr) Always use extended-len and use aspath_put return for header length. Output 4b ASN for AS_PATH and AGGREGATOR. * bgp_ecommunity.c: (ecommunity_{hash_make,cmp}) fix hash callback declarations to match prototypes. (ecommunity_gettoken) Updated for ECOMMUNITY_ENCODE_AS4, complete rewrite of Juergen's changes (no asdot support) * bgp_open.c: (bgp_capability_as4) New, does what it says on the tin. (peek_for_as4_capability) Rewritten to use streams and bgp_capability_as4. * bgp_packet.c: (bgp_open_send) minor edit checked (in the abstract at least) with Juergen. Changes are to be more accepting, e.g, allow AS_TRANS on a 2-byte session. * (general) Update all commands to use CMD_AS_RANGE. * bgp_vty.c: (bgp_clear) Fix return vals to use CMD_.. Remove stuff replicated by VTY_GET_LONG (bgp_clear_vty) Return bgp_clear directly to vty. * tests/aspath_test.c: Exercise 32bit parsing. Test reconcile function. * tests/ecommunity_test.c: New, test AS4 ecommunity changes, positive test only at this time, error cases not tested yet. 2007-07-25 Juergen Kammer <j.kammer@eurodata.de> * (general) AS4 support. * bgpd.h: as_t changes to 4-bytes. * bgp_aspath.h: Add BGP_AS4_MAX and BGP_AS_TRANS defines. * bgp_aspath.c: AS_VALUE_SIZE becomes 4-byte, AS16_VALUE_SIZE added for 2-byte. Add AS16 versions of length calc macros. (aspath_count_numas) New, count number of ASes. (aspath_has_as4) New, return 1 if there are any as4's in a path. (assegments_parse) Interpret assegment as 4 or 2 byte, according to how the caller instructs us, with a new argument. (aspath_parse) Add use32bit argument to pass to assegments_parse. Adjust all its callers to pass 1, unless otherwise noted. (assegment_data_put) Adjust to be able to write 2 or 4 byte AS, according to new use32bit argument. (aspath_put) Adjust to write 2 or 4. (aspath_gettoken) Use a long for passed in asno. * bgp_attr.c: (attr_str) Add BGP_ATTR_AS4_PATH and BGP_ATTR_AS4_AGGREGATOR. (bgp_attr_aspath) Call aspath_parse with right 2/4 arg, as determined by received-capability flag. (bgp_attr_aspath_check) New, code previously in attr_aspath but moved to new func so it can be run after NEW_AS_PATH reconciliation. (bgp_attr_as4_path) New, handle NEW_AS_PATH. (bgp_attr_aggregator) Adjust to cope with 2/4 byte ASes. (bgp_attr_as4_aggregator) New, read NEW_AGGREGATOR. (bgp_attr_parse) Add handoffs to previous parsers for the two new AS4 NEW_ attributes. Various checks added for NEW/OLD reconciliation. (bgp_packet_attribute) Support 2/4 for AS_PATH and AGGREGATOR, detect when NEW_ attrs need to be sent. * bgp_debug.{c,h}: Add 'debug bgp as4'. * bgp_dump.c: MRTv2 support, unconditionally enabled, which supports AS4. Based on patches from Erik (RIPE?). * bgp_ecommunity.c: (ecommunity_ecom2str) ECOMMUNITY_ENCODE_AS4 support. * bgp_open.c: (peek_for_as4_capability) New, peek for AS4 capability prior to full capability parsing, so we know which ASN to use for struct peer lookup. (bgp_open_capability) Always send AS4 capability. * bgp_packet.c: (bgp_open_send) AS4 handling for AS field (bgp_open_receive) Peek for AS4 capability first, and figure out which AS to believe. * bgp_vty.c: (bgp_show_peer) Print AS4 cap * tests/aspath_test.c: Support asn32 changes, call aspath_parse with 16 bit. * vtysh/extract.pl: AS4 compatibility for router bgp ASNUMBER * vtysh/extract.pl.in: AS4 compatibility for router bgp ASNUMBER * vtysh/vtysh.c: AS4 compatibility for router bgp ASNUMBER
*	[bgpd] Fix typo, which prevented advertisement of MP (non-IPv4) prefixes	Paul Jakma	2007-09-18	1	-16/+94
\| \| \| \| \| \| \| \| \| \| \| \|	2007-09-17 Paul Jakma <paul.jakma@sun.com> * bgp_open.c: (bgp_capability_mp) We were setting afc_nego[safi][safi] rather than afc_nego[afi][safi], thus failling to announce any non-IPv4 prefixes. Remove the extra, typo-ed character. * bgp_capability_test.c: Test that peer's adv_recv and adv_nego get set correctly for MP capability and given AFI/SAFI. Colour OK/failed result so it's easier to find them.
*	[tests] Add bgp_capability_test.c, should have been part of earlier commit	Paul Jakma	2007-08-08	1	-0/+457

|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |

Version 0.99.20ex21b This brings us up to date with: commit 48f99b0c2bfed8d3880732d188e1d5964f575ee4 Date: Thu Sep 29 16:55:23 2011 +0400 release: 0.99.20 and the subsequent: commit dc00d2bb56aa6a84dd2328133f69db3c3e6d9dc7 Date: Sun Jan 8 14:47:06 2012 +0000 Marker merge for 'RE-0.99.17.6' This marker merge (i.e. an 'ours' strategy merge) is a placeholder to show that all commits in Quagga-RE stable, to its release RE-0.99.17.6 tag, have been reviewed and merged into 'master'. and then further commits (in descending date order) commit b51a3a31500133e3e26f12e7639f297c655bc735 commit ef2d5d100431031c32ea35b3c834b46cff16f511 commit 4c78376f96cd2ca56f1c6476b76fd659654431f5 commit e854095932260b3e6187902aa9a7baa0e96b9428 commit e6b03b77766dce8009ad7b4a2392e14addf4ab0f commit c25eaffdb2190149e768dc4ee4efc913c6d02992 commit d034aa027ef44d0a74805c27ad2a4d8ea20395d1 commit 907fd95e502e10334e5390c73cc57588b88b8171 commit 7fd6cd819ff98f0580b745ba637990df9c20ef0f commit 4c0cf00afc4340a429a9c4830f638b4593d7c3af commit 4afa50b393ff1fb34dd577888a05b81dfdced5af commit 6eb0c5ab1d43bcf9edd4fefd19031f2b96ded728 commit aca43b656623f38dfa6ea835dacbdfec51d03a67 commit 6bb1273e83c29b3aeff9584bc8f6272e773294ad commit d660f698427277ce695a5b756f3143c8304274ea commit 6134b875f39986564aced5e2d7329fcd852f17f4 commit b4e45f67057be22133b6bec88cdf285d5c8214db commit 6eac79a6fed4842e00607c00c445213b51bba377 commit cb32fd690a957819865219a847e3c21a53a0f419 commit 73bfe0bd9adb8e4dfcee7239e56a425c6d58f4e9 commit f768f367bcd1f37a53c563495176a5a134caf234 commit c7ec179a95c1ed4fcd3d3be3f981c8c20dce534a commit cddf391bf6839e9f093cef15508669c1f3f92122 commit 5a616c08ce089e25dc0e8da920727af4d11279bf commit 6ae93c058725991df5a9ae35cefec368919b5fea commit fc98d16ea77372f4ab4231e8904f8467e8d1ef71 A summary of the changes that relate to bppd, zebra and the lib follows. bgpd changes * attribute handling: (a) now checks the flag byte for all attributes and issues suitable log messages and notifications, (b) reports some length issues that previously let slide (local pref). Tighten End-of-RIB detection -- now iff an MP_UNREACH is the *only* attribute and no ordinary update or withdraw. * added --socket/-z option -- sets zebra socket name * sets IPv6 tclass as required * improved next hop handling and added "show ip bgp scan" and "show ip bgpd scan detail" commands. see commits: fc98d16ea77372f4ab4231e8904f8467e8d1ef71 0e8032d69961ae196c11ba6ead856084c7acf7c2 b64bfc1c4a552fc0b4dd024d5f77171ec848a5df 318f0d8a7f5e8e87086bbf2a9e7c4b35638951ac 8e80bdf20f493a71bcf74262ed3aa3a2437f4df6 f04a80a5d209dbb54f6fec5d0149b7c0e489d29e * removed SAFI_UNICAST_MULTICAST * fiddled with SAFI_MPLS_LABELED_VPN -- unsure if this is now complete -- stuff here TODO ! * support for multicast SAFI see commits: 73bfe0bd9adb8e4dfcee7239e56a425c6d58f4e9 5a616c08ce089e25dc0e8da920727af4d11279bf * added "match probability" commands * uses "route_types.txt" more effectively -- which affects the implementation of "redistribute" commands see commit: e0ca5fde7be5b5ce90dae78c2477e8245aecb8e9 * "nexthop-local unchanged" included in configuration. zebra changes * some whitespace change clutter :-( * ZEBRA_HELLO and mopping up routes (BZ#448) * implement route_types.h * support for SAFI_MULTICAST commit f768f367bcd1f37a53c563495176a5a134caf234 IPv6 MP-BGP Routes addition and deletion commit cddf391bf6839e9f093cef15508669c1f3f92122 IPv4 MP-BGP Routes addition and deletion * brought up to date with RFC6275 * add --socket/-z option * add "ipv6 nd mtu <1-65535>" commands lib changes * filter-list handling -- does not free the filter-list before calling the delete_hook(). However, unlike commit 6a2e0f36b103386e57dbe3a6ee4716e809111198 *does* remove the filter-list from the name look-up, before calling the delete_hook() -- which I believe works better. * md5.c now includes RFC 2104 HMAC However fixed to remove compiler warning, by replacing use of caddr_t by unsigned char*. Some phantom whitespace changes elsewhere * prefix.c: commits d171bf58ef12ace43d48565e6870722dece1e6ed 051954f574b9c26458518a7029aeed118f0da620 9663386f16e6285a322747514527fdf1d19788e4 - optimise masklen2ip() and apply_mask_ipv4() -- the version here should work on a Big-Endian machine as well. - optimise ip_masklen() -- the version here should (a) work on a Big-Endian machine, (b) give the same result as before if the netmask is not, in fact, valid, and (c) uses just 256 bytes of table -- not 64K. Version here is probably not quite as fast as the previous patch... but certainly faster that what was there before. * zclient.c: introduced zclient_serv_path, for general zclient and for bgpd zlookup. Added ZEBRA_HELLO to client start. Added safi to ipv4 and ipv6 route add/delete.

| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |

(with resolved conflict in bgpd/bgp_packet.c) Two macros resolving to the same integer constant broke a case block and a more thorough merge of BGP_SAFI_VPNV4 and BGP_SAFI_VPNV6 was performed. * bgpd.h: MPLS-labeled VPN SAFI is AFI-independent, switch to single * macro * bgp_capability_test.c: update test data * bgp_mp_attr_test.c: idem * bgp_route.c: (bgp_maximum_prefix_overflow, bgp_table_stats_vty) update macro and check conditions (where appropriate) * bgp_packet.c: (bgp_route_refresh_send, bgp_capability_send, bgp_update_receive, bgp_route_refresh_receive): idem * bgp_open.c: (bgp_capability_vty_out, bgp_afi_safi_valid_indices, bgp_open_capability_orf, bgp_open_capability): idem * bgp_attr.c: (bgp_mp_reach_parse, bgp_packet_attribute, bgp_packet_withdraw): idem

| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |

NB: this is a partial interim version -- NOT for production. Reinstate vtysh. In bgpd: cope better with generating oversize messages. The "pipework" branch is no more. There is now "euro_ix" and "euro_ix_b", where 'b' stands for 'bleedin'. The "pipework" is currently in 'bleedin'. Version updated to: 0.99.18ex20b Major changes in this commit: * modified bgpd to avoid crashing if an oversize message is created. At present, any oversize messages are simply discarded. This may be a mistake... since it is possible that some routes that should have been withdrawn are not. TBA. The stream lib facilities have been overhauled to may this easier. * restoring vtysh. At present the vtysh is thought to work, except that it does not currently create integrated configuration files. For the time being, *only* the following compile: lib, bgpd, zebra, vtysh, tests All other daemons will fail to compile, and must be disabled.

| | | | | | | |

Some small changes to accomodate same.

| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |

This fixes a reported assert() in 'no neighbor xxx'. It also fixes other issues found when reviewing and testing that. Also fixed is a reported segfault caused by prefix lists without explicit sequence numbers. Peer State ========== Tightened up the peer state handling, including: * shades of pIdle -- depending on some peer flags and the session, if any * state transitions -- particularly pEstablished -> pIdle or pClearing * handling if deleting peer and associated session * handling of PEER_DOWN_XXX -- why peer was last downed * handling of last NOTIFICATION sent/received RS Client RIBs ============== Cleared up places where RS Client RIBs were not disposed of properly when a peer's afi/safi state changed, in particular: -- when deactivating an afi/safi -- when unsetting the rs client state for an afi/safi -- when binding a peer to a group for an afi/safi In the past these issues were probably invisible, except for a slight leak of memory. With the newer code these issues triggered some asserts when closing down a peer or the entire program. Program Termination =================== Now terminates by deleting all peers -- essentially 'no neighbor' for all peers. Each time a peer is set to be deleted bm->peer_linger_count is incremented, when the peer finally is deleted, the count is decremented. So while in program_terminating state, all nexuses continue to run until the Routing Engine spots that there are no peers left to delete. Then all nexuses are shut down and the program finally terminates. To do this, when termination starts a new Routing Engine foreground task is added, which calls program_terminate_if_all_peers_deleted(). Accept() Status for Session =========================== The accept() code needs to find the session associated with the incoming IP address. Then it needs to see if can accept the incoming connection. It looks up the IP address in the Peer Index (under its Mutex). Previously: the Peer Index entry contained a pointer to the accepting connection (if any), and the session had a pointer to the Peer Index entry so that it could set/clear the accept field in that entry. Now: have removed the accept field in the Peer Index entry, and the pointer from the session to that entry. There is now an "accept" flag in the session structure -- so setting/clearing accept does not have to fiddle with any state to do with the peer. Which seems cleaner. To find the session, the accept() code goes via the Peer Index and then via the peer to find the session. This is done under the Peer Index Mutex. To support that, the Routing Engine only changes the peer->session pointer under the same Mutex. General Changes =============== 1. name changes: peer_lock -> bgp_peer_lock etc. 2. bgp_notify_send -> bgp_peer_down_error bgp_notify_send_with_data -> bgp_peer_down_error_with_data 3. name changes: bgp_peer_sIdle -> bgp_peer_pIdle etc. 4. changing int to bool 5. added "received" flag to bgp_notify structure Files Affected ============== configure.ac -- set version to 0.99.15ex02 bgpd/bgp.h -- format changes only bgpd/bgp_advertise.c -- (1) bgpd/bgp_attr.c -- (2) bgpd/bgp_common.h -- (3) bgpd/bgp_connection.c -- (4) for session->active - adding session->accept flag - removing peer index accept entry - adding bgp_connection_query_accept() bgpd/bgp_connection.h -- adding bgp_connection_query_accept() bgpd/bgp_debug.c -- (3) (5) - changed bgp_notify_print() to remove "sending" parameter and use (5) bgpd/bgp_debug.h -- changed bgp_notify_print() bgpd/bgp_fsm.c -- added TODO for NSF and for CollisionDetectEstablishedState bgpd/bgp_main.c -- (4) for various flags - added static bool program_terminating - used "mqb_priority" name instead of "1" - ignore SIGHUP and SIGTERM messages once is "program_terminating" - added program_terminate_if_all_peers_deleted() - in SIGTERM: set program_terminating and add the foreground hook. bgpd/bgp_mplsvpn.c -- (3) bgpd/bgp_msg_read.c -- (5) set the "received" flag on incoming notifications - update call of bgp_notify_print() bgpd/bgp_msg_write.c -- update call of bgp_notify_print() bgpd/bgp_network.c -- (4) bgpd/bgp_nexthop.c -- (3) bgpd/bgp_notification.c -- add "received" flag to notification structure, which is false by default. bgpd/bgp_notification.h -- add "received" flag to notification structure - add bgp_notify_set_received() - add bgp_notify_get_received() bgpd/bgp_open.c -- (2) bgpd/bgp_open_state.c -- in bgp_peer_open_state_receive(): - copy the session->hold_timer_interval and session->keepalive_timer_interval values (as negotiated by the BGP Engine) into the peer - set PEER_CAP_RESTART_RCV if have - fix typo, use: open_recv->can_preserve not: open_recv->can_g_restart bgpd/bgp_packet.c -- delete bgp_notify_send() and bgp_notify_send_with_data() - (1) (2) (3) - bgp_clear_route_normal() -> bgp_clear_routes() and now returns "completed" state. bgpd/bgp_packet.h -- delete: bgp_keepalive_send() bgp_open_send() bgp_notify_send() bgp_notify_send_with_data() bgpd/bgp_peer.c -- changed: bgp_session_has_established() bgp_session session() bgp_session_has_disabled() to void and to take session, not peer. - removed lock of session structure in bgp_session_do_event() -- was holding the lock for far longer than necessary, particularly when clearing routes ! - in bgp_session_has_established(): - lock session structure where and only where required - tidied up timer handling - in bgp_session_has_stopped(): - extend IdleHoldTime - examine notification etc to see why session came down. - invoke bgp_peer_down_notify(), which will start the process of downing the peer. - in bgp_session_has_disabled(): - removed defer_enable - removed calls to bgp_peer_stop() etc. That is done in bgp_peer_down() et all. - now if session is marked delete_me, then do that; otherwise, can enable again. - removed program_terminate_if_all_disabled(), replaced by new mechanism - in bgp_peer_stop(): - changed to void function and added nsf parameter. - sets pClearing state. - MUST now only be called when pEstablished. - removed some code to bgp_peer_reset_idle(). So... bgp_peer_stop() brings pEstablished peer to halt, while bgp_peer_reset_idle() prepares it for new session. - now passes nsf to bgp_clear_all_routes(), which returns flag to say whether task is complete or whether it continues in background. - clearing of NSF_MODE and flags moved to bgp_peer_reset_idle(). - sets pIdle state if route clearing completed - renamed peer_nsf_stop() -> bgp_peer_nsf_stop() - if is pIdle or pClearing and have NSF routes, then stops timers and clears out all the NSF routes. - added bgp_peer_clear_all_stale_routes() - added bgp_peer_shutdown() -- used when peer is downed for PEER_DOWN_USER_SHUTDOWN ! - added bgp_peer_reset_idle() -- used when peer goes pIdle or is about to enable session. - deleted bgp_peer_timers_stop() -- see bgp_peer_change_status(). - replaced bgp_peer_clearing_completed() - if pClearing, sets pIdle and enables if can - if pDeleting, unlocks peer - replaced bgp_timer_set() by bgp_peer_timers_set() -- deals in new peer states only. - renamed peer_new() -> bgp_peer_new() - renamed peer_create() -> bgp_peer_create() - added setting of PEER_STATUS_REAL_PEER - changed auto activation to reflect what actually happens. - changed bgp_session_init_new() call because it now sets peer->session. - sets timers suitable for pIdle. before any auto enable. - renamed peer_delete() -> bgp_peer_delete() - removed call of peer_nsf_stop() - added bgp_peer_down() with PEER_DOWN_NEIGHBOR_DELETE -- which does all the work of flattening an active peer, and returns it pIdle or pClearing. - if pClearing, lock the peer so that when clearing completes, it can unlock it. - sets pDeleting state, and increments bm->peer_linger_count. - tightened procedure for dealing with various references to peer -- including use of the PEER_STATUS_REAL_PEER flag. - tidied up dealing with rsclient RIBs and shared pointers to group versions of same. - removed call of bgp_timer_set(), now done in bgp_peer_change_status(). - now unregisters the peer immediately, so can register a new one before this one is completely deleted. - deletes session if it can. - moved peer_lock() & peer_unlock() from bgpd.c and renamed bgp_peer_lock() & bgp_peer_unlock() - renamed peer_free() bgp_peer_free() and made static. - peer must be pDeleting -- so have been through bgp_peer_delete() - peer->session must be NULL - decrements bm->peer_linger_count - deleted peer->clear_node_queue handling - deleted bgp_session_free() -- that's done in bgp_peer_delete() or elsewhere. - unlocked bgp at end - assert peer->session == NULL, to be sure - set peer->lock == -54321 - in bgp_peer_enable(): - recast as switch() on peer state - added bgp_peer_reset)idle() before enabling the session. - renamed bgp_peer_disable() -> bgp_peer_down() - takes PEER_DOWN_XXX argument, which drives what notification is sent, and sets the peer->last_reset status. A small number of PEER_DOWN_XXX are special. - removed the IdleHoldTimer stuff. - copies outbound notification to session. - for PEER_DOWN_NSF_CLOSE_SESSION, keep non- stale routes. - for PEER_DOWN_USER_SHUTDOWN, do bgp_peer_shutdown() - after disabling any session and doing any shutdown, proceed as per peer->status: pIdle -- flush stale routes bgp_peer_enable() pEstablished -- bgp_peer_stop() pClearing -- flush stale routes - added bgp_peer_down_notify(). - added bgp_peer_down_error(), which replaces bgp_notify_send(). - added bgp_peer_down_error_with_data(), which replaces bgp_notify_send_with_data() The "down_error" functions calculate the appropriate PEER_DOWN_XXX value, and call bgp_peer_down_notify(). - added bgp_peer_map_peer_down(), to map PEER_DOWN_XXX to a notification message. - added bgp_peer_map_notification, to map notification message to a PEER_DOWN_XXX. - renamed peer_change_status() -> bgp_peer_change_status() - do most things only if state changes. - add call to bgp_peer_reset_idle() as enter pIdle state. - at all times do bgp_peer_timer_set() - renamed peer_timers_set() -> bgp_peer_timers_set() - commoned up code for Graceful Restart and Graceful Restart Stale timers and stale routes. - changed Graceful Restart Stale time to cope if it should expire before Graceful Restart ! bgpd/bgp_peer.h -- added PEER_DOWN_XXX values and tidied up + PEER_DOWN_NULL + PEER_DOWN_UNSPECIFIED + PEER_DOWN_CONFIG_CHANGE + PEER_DOWN_AF_DEACTIVATE + PEER_DOWN_PASSWORD_CHANGE + PEER_DOWN_ALLOWAS_IN_CHANGE + PEER_DOWN_INTERFACE_DOWN + PEER_DOWN_MAX_PREFIX + PEER_DOWN_HEADER_ERROR + PEER_DOWN_OPEN_ERROR + PEER_DOWN_UPDATE_ERROR + PEER_DOWN_HOLD_TIMER + PEER_DOWN_FSM_ERROR + PEER_DOWN_DYN_CAP_ERROR - PEER_DOWN_NOTIFY_SEND (deleted) - added typedef peer_down_t - struct peer: - deleted redundant clear_node_queue - removed PEER_STATUS_ACCEPT_PEER flag - added PEER_STATUS_REAL_PEER flag - (3) - deleted bgp_peer_reenable() -- redundant - deleted bgp_peer_stop() -- now static - replaced bgp_peer_disable() by bgp_peer_down() - added bgp_peer_down_error() - added bgp_peer_down_error_with_data() - deleted peer_change_status() -- now static - renamed peer_new() -> bgp_peer_new() - renamed peer_create() -> bgp_peer_create() - renamed peer_delete() -> bgp_peer_delete() - added bgp_peer_lock() - added bgp_peer_unlock() - deleted peer_free() - deleted peer_nsf_stop() bgpd/bgp_peer_index.c -- removed accept entry from bgp_peer_index_entry structure - added explicit next_free entry to the structure - sets next_free to point at self in entries which are in use -- and checks this. - change bgp_peer_index_seek_accept() to link to session via the peer data structure, and to call bgp_connection_query_accept() under the Peer Index Mutex. - (4) for bgp_peer_index_seek_accept() bgpd/bgp_peer_index.h -- removed accept entry from bgp_peer_index_entry structure - added explicit next_free entry to the structure - (4) for bgp_peer_index_seek_accept() bgpd/bgp_route.c -- (1) (2) (3) - in bgp_process_rsclient(), bgp_process_main(), and bgp_processq_del(): - extra dasserts() - clear rn->wq_next - unlock table *after* unlock node (bug fix) - in bgp_process(), lock bgp before table. - in bgp_maximum_prefix_restart_timer(), replace call of peer_clear() by unset of flag and bgp_peer_enable() -- peer is already down. - added bgp_maximum_prefix_cancel_timer() - deleted bgp_clear_this_route() -- code now inline in only caller. - renamed bgp_clear_route_normal() -> bgp_clear_routes() - takes an "nsf" argument to invoke NSF "clearing", iff nsf set for afi/safi. Sets PEER_STATUS_NSF_WAIT if so. - returns bool "completed" if clearing has completed immediately -- ie no background work left to be done. - renamed bgp_clear_route_all() -> bgp_clear_all_routes() - takes "nsf" argument and returns "completed" as for bgp_clear_routes(). - removed call: bgp_peer_clearing_completed() - renamed bgp_clear_route_rsclient() -> bgp_clear_rsclient_rib() - deleted bgp_cleanup_routes() -- was used during termination, no longer required because termination deletes all peers. bgpd/bgp_route.h -- deleted bgp_cleanup_routes() -- program termination now deletes all peers, which implicitly cleans up all routes. - renamed: bgp_clear_route_normal() -> bgp_clear_routes() - renamed: bgp_clear_route_rsclient() -> bgp_clear_rsclient_rib() - renamed: bgp_clear_route_all() -> bgp_clear_all_routes() - added: bgp_maximum_prefix_cancel_timer() bgpd/bgp_session.c -- (3) - deleted bgp_session_defer_if_limping() - in bgp_session_init_new() - changed to void and removed session argument -- always creates a new session - peer MUST not have a session - removed Peer Index pointer stuff as Peer Index no longer has accept field - sets session->peer and locks peer - sets peer->session under Peer Index Mutex - sets session->delete_me false - sets session->accept flag false - replaced bgp_session_free() by bgp_session_delete() - changed to void function - if session is active, set the delete_me flag so session will be deleted when goes sDisabled. - make sure that session Mutex has been released by the BGP Engine before destroying it... otherwise: tears. - unhook session from peer under Peer Index mutex -- for accept() stuff. - unhook peer from session. - unlock peer. - in bgp_session_enable() - assert that peer is pIdle. - clear delete_me for completeness - clear additional fields - in bgp_session_disable() - clear session->accept - in bgp_session_is_active() - no longer interested in Peer Index stuff - deleted bgp_session_defer_if_limping() bgpd/bgp_session.h -- in bgp_session structure: - removed index_entry pointer to Peer Index - added delete_me flag - removed defer_enable flag - added accept flag - removed session parameter from bgp_session_init_new() - deleted bgp_session_free() - added bgp_session_delete() - bgp_session_is_active() now returns bool bgpd/bgp_table.c -- bgp_node_free() sets lock count = -54321 - in bgp_table_free(): - assert that route node is empty - set lock count = -54321 - bgp_node_delete() asserts that is not on_wq - (1) bgpd/bgp_vty.c -- (1) (3) (4) - change peer_af_flag_modify_vty() to call peer_af_flag_modify() not set or unset. - change name: bgp_clear_route_rsclient() -> bgp_clear_rsclient_rib() - in peer_rsclient_set_vty(): - add peer to bgp->rsclient list after all validation is complete - in peer_rsclient_unset_vty(): - removed code for deleting the rsclient RIB etc to peer_rsclient_unset(). - added peer_rsclient_unset() bgpd/bgp_zebra.c -- bgp_peer_disable() -> bgp_peer_down() and now takes PEER_DOWN_INTERFACE_DOWN argument. bgpd/bgpd.c -- (1) (3) - replaced setting peer->last_reset and call of bgp_notify_send() by call of the new bgp_peer_down(). - bgp_router_id_set() ... PEER_DOWN_RID_CHANGE - bgp_cluster_id_set() ... PEER_DOWN_CLID_CHANGE - bgp_cluster_id_unset() ... PEER_DOWN_CLID_CHANGE - bgp_confederation_id_set() ... PEER_DOWN_CONFED_ID_CHANGE ... PEER_DOWN_CONFED_ID_CHANGE - bgp_confederation_id_unset() ... PEER_DOWN_CONFED_ID_CHANGE - bgp_confederation_peers_add() ... PEER_DOWN_CONFED_PEER_CHANGE - bgp_confederation_peers_remove() ... PEER_DOWN_CONFED_PEER_CHANGE - peer_as_change() ... PEER_DOWN_REMOTE_AS_CHANGE - peer_activate() ... PEER_DOWN_AF_ACTIVATE - peer_deactivate() ... PEER_DOWN_AF_DEACTIVATE - peer_group_bind() ... PEER_DOWN_RMAP_BIND - peer_group_unbind() ... PEER_DOWN_RMAP_UNBIND - peer_change_action() ... why_changed ... why_changed - peer_flag_modify_action() ... action->peer_down - peer_update_source_if_set() ... PEER_DOWN_UPDATE_SOURCE_CHANGE ... PEER_DOWN_UPDATE_SOURCE_CHANGE - peer_update_source_addr_set() ... PEER_DOWN_UPDATE_SOURCE_CHANGE ... PEER_DOWN_UPDATE_SOURCE_CHANGE - peer_update_source_unset() ... PEER_DOWN_UPDATE_SOURCE_CHANGE ... PEER_DOWN_UPDATE_SOURCE_CHANGE - peer_local_as_set() ... PEER_DOWN_LOCAL_AS_CHANGE ... PEER_DOWN_LOCAL_AS_CHANGE - peer_local_as_unset() ... PEER_DOWN_LOCAL_AS_CHANGE ... PEER_DOWN_LOCAL_AS_CHANGE - peer_password_set() ... PEER_DOWN_PASSWORD_CHANGE ... PEER_DOWN_PASSWORD_CHANGE - peer_password_unset() ... PEER_DOWN_PASSWORD_CHANGE ... PEER_DOWN_PASSWORD_CHANGE - peer_clear() ... PEER_DOWN_USER_RESET - bgp_terminate() ... PEER_DOWN_USER_RESET - deleted peer_lock() & peer_unlock(). See bgp_peer_lock() & bgp_peer_unlock() in bgp_peer - in peer_as_change(), move downing of peer to after all config changes have been made. - in peer_remote_as() implicitly activate iff !BGP_FLAG_NO_DEFAULT and is IPv4/Unicast. (but only ever called with IPv4/Unicast or nothing at all.) - in peer_deactivate() - if cannot dynamically reconfigure, then will down the peer PEER_DOWN_AF_DEACTIVATE. - uses new peer_rsclient_unset() to tidy away any rsclient RIB etc. - in peer_change_action(): - added 'why_down' argument - replace if's by switch() - in struct peer_flag_action, updated entry types - in peer_flag_action_list[], added the appropriate PEER_DOWN_XXX values. - in peer_af_flag_action_list[] - added the appropriate PEER_DOWN_XXX values - added multiple flag entries - in peer_flag_action_set(): - changed to return const address of peer_flag_action structure -- or NULL. - table may now contain entries which the given flag must be a subset of. - in peer_flag_modify_action(): - now takes peer_flag_action* and whether flag has been set or not. - allow *only* peer_change_none or peer_change_reset - deal with clearing PEER_FLAG_SHUTDOWN, otherwise bgp_peer_down(). - in peer_group_bind(): - uses new peer_rsclient_unset() to tidy away any rsclient RIB etc. - in peer_flag_modify(): - takes bool set flag - changed to suit peer_flag_action_set() and peer_flag_modify_action() - in peer_flag_set() and peer_flag_unset() changed to bool flag - added peer_af_flag_modify_action(), common code for use in peer_af_flag_modify(). - in peer_af_flag_modify(): - takes bool set flag - changed to suit peer_flag_action_set() and peer_flag_modify_action() - use peer_af_flag_modify_action() - in peer_af_flag_set() and peer_af_flag_unset() changed to bool flag - in peer_clear(): adjust for new bgp_peer_down() mechanics. - in bgp_master_init(): account for peer_linger_count (starting at 0) - in bgp_terminate(): - removed program_terminating -- see flag now in bgp_main.c - implement "retain_mode" by using BGP_OPT_NO_FIB flag to turn off changing the FIB as routes are deleted. - either bgp_peer_delete() if terminating or bgp_peer_down() all peers. - flush process queues. - deleted program_terminate_if_all_disabled() - in peer_lookup(), removed handling of PEER_STATUS_ACCEPT_PEER(). - deleted peer_lookup_with_open(). - in bgp_config_write_family(), removed handling of PEER_STATUS_ACCEPT_PEER(). - in bgp_config_write(), removed handling of PEER_STATUS_ACCEPT_PEER(). bgpd/bgpd.h -- add peer_linger_count entry to the bgp_master structure. - remove: peer_lock(), peer_unlock() and peer_delete() - (4) for peer_af_flag_modify() - added peer_rsclient_unset() lib/plist.c -- fixed handling of prefix lists with no explicit sequence numbers. lib/qpnexus.c -- (4) for main_thread & terminate flags - change qpn_terminate() so does nothing if terminate flag is already set. lib/qpnexus.h -- (4) for main_thread & terminate flags tests/bgp_capability_test.c -- (3)

| | | | | | | | | |

Changed names of peer states. Writed in peering engine side of sending route_refresh.

|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |

Finish the wiring required to get bgp_msg_read to process OPEN messages into the connection's open_state, and be able to check for correct peer AS, etc. Removed bugs preventing messages from being written. Added BGP Id check to collision detection logic. Removed as many warnings from comilation as possible. Replaced horrible FIFO kludge in the process. (Introduced the even more horrible miyagi kludge.) modified: bgpd/bgp_advertise.c modified: bgpd/bgp_advertise.h modified: bgpd/bgp_connection.c modified: bgpd/bgp_connection.h modified: bgpd/bgp_debug.c modified: bgpd/bgp_fsm.c modified: bgpd/bgp_msg_read.c modified: bgpd/bgp_msg_write.c modified: bgpd/bgp_network.c modified: bgpd/bgp_nexthop.c modified: bgpd/bgp_notification.c modified: bgpd/bgp_open.c modified: bgpd/bgp_packet.c modified: bgpd/bgp_session.c modified: bgpd/bgp_session.h modified: bgpd/bgpd.c modified: lib/Makefile.am modified: lib/distribute.c modified: lib/if_rmap.c new file: lib/miyagi.h modified: lib/prefix.h modified: lib/sockopt.c modified: lib/stream.c modified: lib/thread.c modified: lib/vty.c modified: lib/zebra.h modified: tests/bgp_capability_test.c modified: tests/bgp_mp_attr_test.c modified: tests/ecommunity_test.c modified: tests/heavy-thread.c modified: tests/heavy-wq.c modified: tests/heavy.c modified: tests/main.c modified: tests/test-checksum.c modified: tests/test-sig.c modified: watchquagga/watchquagga.c modified: zebra/if_netlink.c modified: zebra/ioctl.c modified: zebra/rt_netlink.c modified: zebra/rtread_netlink.c

| | | | | | | | | | | | | | | | | | | | | | |

2007-12-22 Paul Jakma <paul.jakma@sun.com> * Fix series of vulnerabilities reported by "Mu Security Research Team", where bgpd can be made to crash by sending malformed packets - requires that bgpd be configured with a session to the peer. * bgp_attr.c: (bgp_attr_as4_path) aspath_parse may fail, only set the attribute flag indicating AS4_PATH if we actually managed to parse one. (bgp_attr_munge_as4_attrs) Assert was too general, it is possible to receive AS4_AGGREGATOR before AGGREGATOR. (bgp_attr_parse) Check that we have actually received the extra byte of header for Extended-Length attributes. * bgp_attr.h: Fix BGP_ATTR_MIN_LEN to account for the length byte. * bgp_open.c: (cap_minsizes) Fix size of CAPABILITY_CODE_RESTART, incorrect -2 left in place from a development version of as4-path patch. * bgp_packet.c: (bgp_route_refresh_receive) ORF length parameter needs to be properly sanity checked. * tests/bgp_capability_test.c: Test for empty capabilities.

| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |

2007-10-14 Paul Jakma <paul.jakma@sun.com> * NEWS: Note that MRT dumps are now version 2 * (general) Merge in Juergen Kammer's AS4 patch. 2007-09-27 Paul Jakma <paul.jakma@sun.com> * bgp_aspath.c: (assegment_normalise) remove duplicates from from sets. (aspath_reconcile_as4) disregard a broken part of the RFC around error handling in path reconciliation. * aspath_test.c: Test dupe-weeding from sets. Test that reconciliation merges AS_PATH and AS4_PATH where former is shorter than latter. 2007-09-26 Paul Jakma <paul.jakma@sun.com> * aspath_test.c: Test AS4_PATH reconcilation where length of AS_PATH and AS4_PATH is same. 2007-09-25 Paul Jakma <paul.jakma@sun.com> * bgp_open.c: (peek_for_as4_capability) Fix to work. * bgp_packet.c: (bgp_open_receive) Fix sanity check of as4. * tests/bgp_capability_test.c: (general) Extend tests to validate peek_for_as4_capability. Add test of full OPEN Option block, with multiple capabilities, both as a series of Option, and a single option. Add some crap to beginning of stream, to prevent code depending on getp == 0. 2007-09-18 Paul Jakma <paul.jakma@sun.com> * bgp_open.c: (bgp_capability_as4) debug printf inline with others. (peek_for_as4_capability) There's no need to signal failure, as failure is better dealt with through full capability parser - just return the AS4, simpler. * bgp_packet.c: (bgp_open_receive) Update to match peek_for_as4_capability change. Allow use of BGP_AS_TRANS by 2b speakers. Use NOTIFY_OPEN_ERR rather than CEASE for OPEN parsing errors. (bgp_capability_msg_parse) missing argument to debug print (bgp_capability_receive) missing return values. * tests/bgp_capability_test.c: (parse_test) update for changes to peek_for_as4_capability 2007-07-25 Paul Jakma <paul.jakma@sun.com> * Remove 2-byte size macros, just make existing macros take argument to indicate which size to use. Adjust all users - typically they want '1'. * bgp_aspath.c: (aspath_has_as4) New, return 1 if there are any as4's in a path. (aspath_put) Return the number of bytes actually written, to fix the bug Juergen noted: Splitting of segments will change the number of bytes written from that already written to the AS_PATH header. (aspath_snmp_pathseg) Pass 2-byte flag to aspath_put. SNMP is still defined as 2b. (aspath_aggregate) fix latent bug. (aspath_reconcile_as4) AS_PATH+NEW_AS_PATH reconciliation function. (aspath_key_make) Hash the AS_PATH string, rather than just taking the addition of assegment ASes as the hash value, hopefully sligthly more collision resistant. (bgp_attr_munge_as4_attrs) Collide the NEW_ attributes together with the OLD 2-byte forms, code Juergen had in bgp_attr_parse but re-organised a bit. (bgp_attr_parse) Bunch of code from Juergen moves to previous function. (bgp_packet_attribute) Compact significantly by just /always/ using extended-length attr header. Fix bug Juergen noted, by using aspath_put's (new) returned size value for the attr header rather than the (guesstimate) of aspath_size() - the two could differ when aspath_put had to split large segments, unlikely this bug was ever hit in the 'wild'. (bgp_dump_routes_attr) Always use extended-len and use aspath_put return for header length. Output 4b ASN for AS_PATH and AGGREGATOR. * bgp_ecommunity.c: (ecommunity_{hash_make,cmp}) fix hash callback declarations to match prototypes. (ecommunity_gettoken) Updated for ECOMMUNITY_ENCODE_AS4, complete rewrite of Juergen's changes (no asdot support) * bgp_open.c: (bgp_capability_as4) New, does what it says on the tin. (peek_for_as4_capability) Rewritten to use streams and bgp_capability_as4. * bgp_packet.c: (bgp_open_send) minor edit checked (in the abstract at least) with Juergen. Changes are to be more accepting, e.g, allow AS_TRANS on a 2-byte session. * (general) Update all commands to use CMD_AS_RANGE. * bgp_vty.c: (bgp_clear) Fix return vals to use CMD_.. Remove stuff replicated by VTY_GET_LONG (bgp_clear_vty) Return bgp_clear directly to vty. * tests/aspath_test.c: Exercise 32bit parsing. Test reconcile function. * tests/ecommunity_test.c: New, test AS4 ecommunity changes, positive test only at this time, error cases not tested yet. 2007-07-25 Juergen Kammer <j.kammer@eurodata.de> * (general) AS4 support. * bgpd.h: as_t changes to 4-bytes. * bgp_aspath.h: Add BGP_AS4_MAX and BGP_AS_TRANS defines. * bgp_aspath.c: AS_VALUE_SIZE becomes 4-byte, AS16_VALUE_SIZE added for 2-byte. Add AS16 versions of length calc macros. (aspath_count_numas) New, count number of ASes. (aspath_has_as4) New, return 1 if there are any as4's in a path. (assegments_parse) Interpret assegment as 4 or 2 byte, according to how the caller instructs us, with a new argument. (aspath_parse) Add use32bit argument to pass to assegments_parse. Adjust all its callers to pass 1, unless otherwise noted. (assegment_data_put) Adjust to be able to write 2 or 4 byte AS, according to new use32bit argument. (aspath_put) Adjust to write 2 or 4. (aspath_gettoken) Use a long for passed in asno. * bgp_attr.c: (attr_str) Add BGP_ATTR_AS4_PATH and BGP_ATTR_AS4_AGGREGATOR. (bgp_attr_aspath) Call aspath_parse with right 2/4 arg, as determined by received-capability flag. (bgp_attr_aspath_check) New, code previously in attr_aspath but moved to new func so it can be run after NEW_AS_PATH reconciliation. (bgp_attr_as4_path) New, handle NEW_AS_PATH. (bgp_attr_aggregator) Adjust to cope with 2/4 byte ASes. (bgp_attr_as4_aggregator) New, read NEW_AGGREGATOR. (bgp_attr_parse) Add handoffs to previous parsers for the two new AS4 NEW_ attributes. Various checks added for NEW/OLD reconciliation. (bgp_packet_attribute) Support 2/4 for AS_PATH and AGGREGATOR, detect when NEW_ attrs need to be sent. * bgp_debug.{c,h}: Add 'debug bgp as4'. * bgp_dump.c: MRTv2 support, unconditionally enabled, which supports AS4. Based on patches from Erik (RIPE?). * bgp_ecommunity.c: (ecommunity_ecom2str) ECOMMUNITY_ENCODE_AS4 support. * bgp_open.c: (peek_for_as4_capability) New, peek for AS4 capability prior to full capability parsing, so we know which ASN to use for struct peer lookup. (bgp_open_capability) Always send AS4 capability. * bgp_packet.c: (bgp_open_send) AS4 handling for AS field (bgp_open_receive) Peek for AS4 capability first, and figure out which AS to believe. * bgp_vty.c: (bgp_show_peer) Print AS4 cap * tests/aspath_test.c: Support asn32 changes, call aspath_parse with 16 bit. * vtysh/extract.pl: AS4 compatibility for router bgp ASNUMBER * vtysh/extract.pl.in: AS4 compatibility for router bgp ASNUMBER * vtysh/vtysh.c: AS4 compatibility for router bgp ASNUMBER

| | | | | | | | | | | |

2007-09-17 Paul Jakma <paul.jakma@sun.com> * bgp_open.c: (bgp_capability_mp) We were setting afc_nego[safi][safi] rather than afc_nego[afi][safi], thus failling to announce any non-IPv4 prefixes. Remove the extra, typo-ed character. * bgp_capability_test.c: Test that peer's adv_recv and adv_nego get set correctly for MP capability and given AFI/SAFI. Colour OK/failed result so it's easier to find them.