Age | Commit message (Collapse) | Author |
|
Wireguard: Debug
Wireguard: Implement tunnel encode decode
Wireguard: Add remote endpoint
Wireguard: Refactor into peer and allowed ips functions
Wireguard: Clean up config.Y
Wireguard: Extended color community
Wireguard: Allow multiple channels
Wireguard: Add peer config settings
Wireguard: Set up wireguard device
Add private key and listen port items.
Wireguard: Add peer list
Wireguard: Move key conversion
Wireguard: Use recursive tunnel encaps
Wireguard: Add user space support
Wireguard: Reinit wg device at shutdown
Wireguard: Add channel hooks
Wireguard: Implement copy_config
Wireguard: Fixes
Wireguard: Add tunnel_type config parameter
Use 51820 (default wireguard port) as default tunnel type.
Wireguard: Rename remote endpoint to tunnel endpoint
Adopt to draft-ietf-idr-tunnel-encaps-13.txt
by renaming emote endpoint to tunnel endpoint.
Wireguard: Fix discarded const qualifiers
Wireguard: Remove bgp include
Wireguard: Generalize tunnel encapsulation
Wireguard: Add struct tunnel_encap
Wireguard: Remove wg peer on withdraw
Wireguard: Refactor remove_allowed_ip
Wireguard: Dump peers
Wireguard: Fix duplicate allowedip entries
Wireguard: Dump peers
Wireguard: Don't add endpoint if not set
Wireguard: Replace debug with DBG
Wireguard: Replace log with WG_TRACE
Wireguard: Refactor add_allowed_ip
Wireguard: Don't replace peers
Wireguard: Don't fix listen_port update
Wireguard: Move wireguard formatting from tunnel_encaps library
Wireguard: Change from eattr to adata in decode and format
wireguard: support multiple TLVs
Wireguard: use visitor in wireguard
Wireguard: WIP add wireguard sub-TLV to parser
Wireguard: update debug msg
wireguard: register name
Wireguard: WIP
Wireguard: implement allowed_ips instead of allowed_ip
Wireguard: fix free peer, and peer config syntax
Wireguard: clean up
Wireguard: change key options to bytestring
Wireguard: Add EA_GET
|
|
This also fixes memory leaks from import/export tables being never
cleaned up and freed.
|
|
|
|
Pipe channels are kind-of implicit, so setting protocol debug flags
should also set pipe debug flags.
|
|
In general, events are code handling some some condition, which is
scheduled when such condition happened and executed independently from
I/O loop. Work-events are a subgroup of events that are scheduled
repeatedly until some (often significant) work is done (e.g. feeding
routes to protocol). All scheduled events are executed during each
I/O loop iteration.
Separate work-events from regular events to a separate queue and
rate limit their execution to a fixed number per I/O loop iteration.
That should prevent excess latency when many work-events are
scheduled at one time (e.g. simultaneous reload of many BGP sessions).
|
|
|
|
Also, no automatic reload for BGP channels without import/export table.
|
|
If there are roa_check() calls in channel filters, then the channel
subscribes to ROA table notifications, which are sent when ROA tables
are updated (subject to settle time) and trigger channel reload or
refeed.
|
|
Add macros for recursive filter iteration that allows to examine
all instructions reachable from a filter.
|
|
No longer needed after redesign of export handling.
|
|
The patch add support for per-channel debug flags, currently just
'states', 'routes', and 'filters'. Flag 'states' is used for channel
state changes, remaining two for routes passed through the channel.
The per-protocol debug flags 'routes'/'filters' still enable reporting
of routes for all channels, to keep existing behavior.
The patch causes minor changes in some log messages.
|
|
When config structures are copied due to template application,
we need to reset list node structure before calling add_tail().
Thanks to Mikael Magnusson for patches.
|
|
Most commands like 'show ospf neighbors' fail when protocol is not
specified and there are multiple instances of given protocol type.
This is annoying in BIRD 2, as many protocols have IPv4 and IPv6
instances. The patch changes that by showing output from all protocol
instances of appropriate type.
Note that the patch also removes terminating cli_msg() call from these
commands and moves it to the common iterating code.
|
|
This is merely a const propagation. There was no problem in there.
|
|
Channel currently does not have independent pool and uses protocol pool,
which is freed when protocol changes state to down, while channel is
still in flushing. Move some some cleanup code to channel_do_flush()
so it is done before freeing of protocol pool.
|
|
Use a hierarchical bitmap in a routing table to assign ids to routes, and
then use bitmaps (indexed by route id) in channels to keep track whether
routes were exported. This avoids unreliable and inefficient re-evaluation
of filters for old routes in order to determine whether they were exported.
|
|
Only channels that are up can be reloaded.
|
|
The patch implements optional internal export table to a channel and
hooks it to BGP so it can be used as Adj-RIB-Out. When enabled, all
exported (post-filtered) routes are stored there. An export table can be
examined using e.g. 'show route export table bgp1.ipv4'.
|
|
Several BGP channel options (including 'next hop self') could be
reconfigured without session reset, with just route refeed/refresh.
The patch improves reconfiguration code to do it that way.
|
|
|
|
Protocol can have specified VRF, in such case it is restricted to a set
of ifaces associated with the VRF, otherwise it can use all interfaces.
The patch allows to specify VRF as 'default', in which case it is
restricted to a set of iface not associated with any VRF.
|
|
|
|
When 'graceful down' command is entered, protocols are shut down
with regard to graceful restart. Namely Kernel protocol does
not remove routes and BGP protocol does not send notification,
just closes the connection.
|
|
Support for dynamically spawning BGP protocols for incoming connections.
Use 'neighbor range' to specify range of valid neighbor addresses, then
incoming connections from these addresses spawn new BGP instances.
|
|
... and consted some declarations.
|
|
Thanks to Michal Nowak for reporting the issue.
|
|
|
|
This protocol is highly experimental and nobody should use it in
production. Anyway it may help you getting some insight into what eats
so much time in filter processing.
|
|
The patch d506263d... blocked adding channel during reconfiguration,
that broke protocols which use the same functiona also during init.
This patch fixes that.
|
|
The patch implements optional internal import table to a channel and
hooks it to BGP so it can be used as Adj-RIB-In. When enabled, all
received (pre-filtered) routes are stored there and import filters can
be re-evaluated without explicit route refresh. An import table can be
examined using e.g. 'show route import table bgp1.ipv4'.
|
|
When a new channel is found during reconfiguration, do force restart
of the protocol, like with any other un-reconfigurable change.
The old behavior was that the new channel was added but remained in down
state, even if the protocol was up, so a manual protocol restart was
often necessary.
In the future this should be improved such that a reconfigurable
channel addition (e.g. direct) is accepted and channel is started,
while an un-reconfigurable addition forces protocol restart.
|
|
The new MRT protocol is responsible for periodic RIB table dumps in the
MRT format (RFC 6396). Also the existing code for BGP4MP MRT dumps is
refactored and splitted between BGP to MRT protocols, will be more
integrated into MRT in the future.
Example:
protocol mrt {
table "*";
filename "%N_%F_%T.mrt";
period 60;
}
It is partially based on the old MRT code from Pavel Tvrdik.
|
|
|
|
If export filter is changed during reconfiguration and a route disappears
between reconfiguration and refeed (e.g., if the route is a static route
also removed during the reconfiguration), the route is not withdrawn.
The patch fixes that by adding tx reconfiguration timestamp.
|
|
This supersedes the EAP_* constants.
|
|
|
|
Multiple definitions of same channels are forbidden, but inherited
channel can be redefined. In such case channel options are merged.
|
|
Function filter_same() must be called with arguments in proper order,
otherwise it breaks the new filter, causing crash during route
processing.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Date/time output (e.g. in logs, show commands) can use %f to specify
subsecond time. By default, millisecond precision is used in output.
|
|
The old timer interface is still kept, but implemented by new timers. The
plan is to switch from the old inteface to the new interface, then clean
it up.
|
|
The patch implements BGP Administrative Shutdown Communication (RFC 8203)
allowing BGP operators to pass messages related to BGP session
administrative shutdown/restart. It handles both transmit and receive of
shutdown messages. Messages are logged and may be displayed by show
protocol all command.
Thanks to Job Snijders for the basic patch.
|
|
Add basic VRF (virtual routing and forwarding) support. Protocols can be
associated with VRFs, such protocols will be restricted to interfaces
assigned to the VRF (as reported by Linux kernel) and will use sockets
bound to the VRF. E.g., different multihop BGP instances can use diffent
kernel routing tables to handle BGP TCP connections.
The VRF support is preliminary, currently there are several limitations:
- Recent Linux kernels (4.11) do not handle correctly sockets bound
to interaces that are part of VRF, so most protocols other than multihop
BGP do not work. This will be fixed by future kernel versions.
- Neighbor cache ignores VRFs. Breaks config with the same prefix on
local interfaces in different VRFs. Not much problem as single hop
protocols do not work anyways.
- Olock code ignores VRFs. Breaks config with multiple BGP peers with the
same IP address in different VRFs.
- Incoming BGP connections are not dispatched according to VRFs.
Breaks config with multiple BGP peers with the same IP address in
different VRFs. Perhaps we would need some kernel API to read VRF of
incoming connection? Or probably use multiple listening sockets in
int-new branch.
- We should handle master VRF interface up/down events and perhaps
disable associated protocols when VRF goes down. Or at least disable
associated interfaces.
- Also we should check if the master iface is really VRF iface and
not some other kind of master iface.
- BFD session request dispatch should be aware of VRFs.
- Perhaps kernel protocol should read default kernel table ID from VRF
iface so it is not necessary to configure it.
- Perhaps we should have per-VRF default table.
|
|
|