Age | Commit message (Collapse) | Author |
|
The RFC 5575 does not explicitly reject flowspec rules without dst part,
it just requires dst part in validation procedure for feasibility, which
we do not implement anyway. Thus flow without dst prefix is syntactically
valid, but unfeasible (if feasibilty testing is done).
Thanks to Alex D. for the bugreport.
|
|
When dynamic BGP with remote range is configured, MD5SIG needs to use
newer socket option (TCP_MD5SIG_EXT) to specify remote addres range for
listening socket.
Thanks to Adam Kułagowski for the suggestion.
|
|
|
|
Recent changes in neighbor code caused RIP to access neighbor field which
is NULL during interface/neighbor removal and caused crash when debug
messages are enabled. Use correct field to get iface from neighbor.
|
|
Reported by: Martin Weinelt <martin@darmstadt.freifunk.net>
|
|
|
|
Thanks to Robert Scheck <bird@robert-scheck.de> who reported it
and Toke Høiland-Jørgensen <toke@toke.dk> who suggested this patch.
|
|
Allows to configure IPv4/IPv6-only or direct/multihop-only BFD protocol
instances.
|
|
Function ifa_tx_hdrlen() uses fields autype and passwords, so it must be
called after these are set.
Thanks to Kenth Eriksson for the bugreport.
|
|
The old code stored route verdicts and temporary routes directly in
rtable. The new code do not store received routes (it immediately
compares them with exported routes and resolves conflicts) and uses
internal bitmap to keep track of which routes were received and which
needs to be reinstalled.
By not putting 'invalid' temporary routes to rtable, we keep rtable
in consistent state, therefore scan no longer needs to be atomic
operation and could be splitted to multiple events.
|
|
Do not apply dynamic type check for second argument of AND/OR, as it is
not evaluated immediately like regular argument would be.
Thanks to Mikael for the bugreport.
|
|
This info is now stored in an internal bmap. Unfortunately, net.flags
is still needed for temporary kernel data.
|
|
Use route id from net->routes to check export_map. Route received from
sysdep KRT code does not have proper id.
|
|
Initial parsing of test.conf must be done directly in filter_test main,
while reconfiguration is handled as a regular test. Also fix several
minor issues in test code.
|
|
Thanks to Nico Schottelius for the bugreport.
|
|
The same information is stored in export_map of kernel protocol.
|
|
|
|
Check the SYM_FLAG_SAME in new symbols. The old code checked that
in old symbols (f2).
|
|
Channel currently does not have independent pool and uses protocol pool,
which is freed when protocol changes state to down, while channel is
still in flushing. Move some some cleanup code to channel_do_flush()
so it is done before freeing of protocol pool.
|
|
|
|
Add some statistic counters to BGP consistent with BGP MIB (RFC 4273),
including persistent 'FSM established transitions'.
|
|
Add more Docker images with distributions (CentOS 8, Debian 10,
Fedora 27-31, OpenSUSE 15.0 & 15.1, and Ubuntu 18.04 & 19.04).
Fix some issues with older ones.
|
|
Env templates were used for separate IPv4/IPv6 build, that is no longer
needed.
|
|
|
|
|
|
|
|
|
|
Use a hierarchical bitmap in a routing table to assign ids to routes, and
then use bitmaps (indexed by route id) in channels to keep track whether
routes were exported. This avoids unreliable and inefficient re-evaluation
of filters for old routes in order to determine whether they were exported.
|
|
Basic bitmap is obvious. Hierarchical bitmap is structure of several
bitmaps, where higher levels are conjunctions of intervals on level
below, allowing for efficient lookup of first unset bit.
|
|
Continuation lines may use short form (with space instead of message
number), but this should not be done when previous line is final.
Thanks to Kenth Eriksson for the bugreport and analysis.
|
|
During NLRI parsing of IPv6 Flowspec, dst prefix was not properly
extracted from NLRI, therefore a received flow was stored in a different
position in flowspec routing table, and was not reachable by command
'show route <flow>'.
Add proper prefix part accessors to flowspec code and use them from BGP
NLRI parsing code.
Thanks to Alex D. for the bugreport.
|
|
Accept RTA_VIA attribute in all cases. The old code always used
RTA_GATEWAY for IPv4 / IPv6 and RTA_VIA for MPLS. The new code uses
RTA_VIA in cases where AF of network and AF of nexthop differs.
|
|
This is optional check described in RFC 4271. Although this can be also
done by filters, it is widely implemented option in BGP implementations.
Thanks to Eugene Bogomazov for the original patch.
|
|
|
|
|
|
|
|
|
|
We use constant promotion from IPv4 to Router-ID values, as they have
same literals. Instead of ad-hoc code in filter instructions, add
constant promotion code to parse-time typecheck code.
|
|
|
|
Most expressions can be type-validated in parse time. It is not
strong enough to eliminate runtime checks, but at least one gets
errors immediately during reconfigure.
|
|
There is a pending draft to make them obsolete
|
|
We already had them defined on BGP level, but they are more general.
|
|
For regular channels do not compare src in export table, as we want to
keep here only the best (exported) route per network.
|
|
|
|
The route is changed by rte_make_tmp_attrs(), so we need to compare
net->routes to the original one.
Thanks to Kenth Eriksson for the bugreport.
|
|
Transitive extended communities should be removed on external sessions,
the old code them in all cases.
Thanks to Jean-Daniel Pauget for the original patch.
|
|
Names read from texfiles in /etc/iproute2/* are normalized by replacing
non-alphanumeric chars with underscore. The patch fixes handling of
uppercase letters, which were handled as non-alphanumberic.
Thanks to Igor Gavrilov for the bugreport.
|
|
(CHECK keyword added by commiter)
|
|
The old code used just sizeof(struct sockaddr) bytes of IP address.
|
|
|