Implement a basic API to work with flowspec NLRI.

Flowspec is excessivly flexible and large so there is no way to convert
the flowspec data into a struct bgpd_addr and it is better to keep it in
wireformat and add a few functions to validate and extract information
from the NLRI encoding.
OK tb@

Add ASPA validation functions to the RDE.

This implements ASPA validation based on the current draft. Implementing
this showed various weaknesses in the current ASPA draft which I hope to
fix in the near future.

Unlike the algorithm specified in the draft our version validates the
AS_PATH attribute in a single path doing one or two lookups depending on
the sessions BGP role.

The code is not yet hooked up into the RDE (see the NOTYET blocks).
Missing are reload logic, bgpctl integration and the loading of the
merged ASPA set from the rtr process.

OK tb@

Add RTR support to OpenBGPD. Add basic support for the protocol.
The RTR client runs in a new process where the protocol handling is done
and when new data is available all sources are merged into one ROA set
which is then loaded into the RDE. The roa-set from the config is also
handled by the new RTR engine.
Tested by and ok job@

Instead of processing all imsg when reading them store peer specific
messages on a per peer queue. This queue is later processed one at a
time resulting in a fairer processing of work and avoiding big table
dumps to delay processing of other updates.
OK denis@ benno@

Completley rewrite the community matching and handling code. All community
attributes are put into a new data structure when parsing the UPDATE.
The filter code can quickly lookup and modify this data structure.
When creating an UPDATE the data is put back into wire format.
Setups using a lot of communities benefit a lot from this.
Input and OK benno@

Implement a fast presix-set lookup. This magic trie is able to match a
prefix addr/plen to a prefix-set spec addr/plen prefixlen min - max (a
prefix including prefixlen range). Every addr/plen pair is a node in the
trie and the prefixlen is added as a bitmask to those nodes.
For the lookup the any match is OK, there is no need to do longest or
best prefix matching.
Inspiration for this solution comes from the way bird implements this
which was done by Ondrej Zajicek santiago (at) crfreenet.org
OK benno@

Implement as-set a fast lookup table to be used instead of long list of
AS numbers in source-as, AS and transit-as filterstatements. These table
use bsearch to quickly verify if an AS is in the set or not.
The filter syntax is not fully set in stone yet.
OK denis@ benno@ and previously OK deraadt@

undo unintentional commits

When 'enforce neighbor-as no' is set, don't do a config-time check for the neighbor-as, as it is dynamic.

work on making log.c similar in all daemons:

move daemon-local functions into new logmsg.c, and reduce
the (mostly whitespace) differences so that log.c's can be diffed easily.

ok claudio@, feedback from henning@, deraadt@, reyk@

Move imsg into libutil and add a man page.

Minor bump for libutil.

Previous versions of this diff and man page looked at by various people.

"you should just commit" deraadt

incorrect .PATH setting, discovered with nicm

rework timers.
stop changing tienmr values directly, always use new
timer_(get/set/stop/running) functions. preparation for more to come :)
ok claudio

no need for KAME_SCOPEID; just check __KAME__.

implement carp demotion control for bgpd.
sessions can be configured to modify the carp demotion counter for a
given interface group (usually, "carp", which has all carp interfaces)
when the session is not established. once the session is established for
60 seconds, the demotion is cleared.
this, used correctly, can prevent a bgpd-box which lost all sessions (and
thus has no routes) to be carp master, while the backup has sessions.
thought through and partially hacked on a drive from calgary to vancouver
with ryan, ok claudio

Move functions shared with bgpctl into new file util.c. Simplifies the
link between bgpctl and bgpd mostly because of rde_attr.c.

route label support, kroute part and ID allocator as well as the internal
interface changes. support in the filter language and rde to come. claudio ok

ewps, this was not supposed to creep in

free rules_l if the initial config file parse fails

Unbreak peer_localaddr() because Link Local Addresses reported by
getifaddrs() have the scope id added to the address and so fuck up in the
compare later. This part has bin stolen from ifconfig/ifconfig.c and shows
the beauty of IPv6. Thank you KAME.
disgusting but OK henning@

add a filter option to dump prefixes learned in UPDATEs into a PF table,
intended for building realtime BGP blacklists (e.g. with spamd);
ok claudio & henning

Type in Makefile. CLFAGS != CFLAGS and we don't want -Wredundant-decls the
standard include files are full of redundant declarations. OK henning@

Add support for basic filters. Nothing optimized and it has some issues but
this is a huge step forward. OK henning@

factor out functions to print the configuration (rules only for now)
will become more and needed by bgpctl too

Move BGP path attribute handling functions in a own file. henning@ conceptual ok

Move the update generation into a separate file. The update generation has
nothing to do with the decision process. henning@ "conceptual ok ;-)"

first cut at tcpmd5 setup seupport from within bgpd. works so far.
with help from hshoexer@ and markus@
ok claudio@ hshoexer@ markus@

include path fixes for gcc3.
tests otto@, okay millert@

compile like it used to

add bgpdctl

prepare for bgpdctl

listen on a AF_LOCAL socket for imsgs too.
only implemented type yet is IMSG_CTL_SHOW_NEIGHBOR which sends back
the struct peer for all neighbors.
will be used by bgpdctl

bloody attempt at the other manpage.
this time with (non-bloody) help from jmc@

o add low-level functions for adding/chaining/removing kernel routes
o define new imsg types for this
o process these imsgs in the parent process

now "only" debugging and the rde sending these messages is missing.

ok claudio@

my bloody attempt at a manpage. to be fleshed out.

zap -Werror and -Wcast-align

better set of warning opts

oups, kill (then helpful) shit from the time when it live out of the tree...
noticed by Dries Schellekens <gwyllion@ace.ulyssis.org>

welcome, bgpd
started by me some time ago with moral support from theo, the proceeded up to
the point where the session engine worked correctly. claudio jeker joined
then and did a lot of work in the RDE.
it is not particulary usefull as application right now as parts are still
missing but is imported to enable more people to work on it.
status:
BGP sessions get established fine, OPEN messages and then KEEPALIVEs
exchanged etc. session FSM works fine; NOTIFICATIONs are handled fine, and
all connection drops etc I provoked get handled fine.
Incoming UPDATE messgages are parsed well and the data entered to the RIB,
the decision process is not yet there, neither is outgoing UPDATEs or sync
to the kernel routing table.

not connected to the builds yet.

Add ASPA validation functions to the RDE.

This implements ASPA validation based on the current draft. Implementing
this showed various weaknesses in the current ASPA draft which I hope to
fix in the near future.

Unlike the algorithm specified in the draft our version validates the
AS_PATH attribute in a single path doing one or two lookups depending on
the sessions BGP role.

The code is not yet hooked up into the RDE (see the NOTYET blocks).
Missing are reload logic, bgpctl integration and the loading of the
merged ASPA set from the rtr process.

OK tb@

Add RTR support to OpenBGPD. Add basic support for the protocol.
The RTR client runs in a new process where the protocol handling is done
and when new data is available all sources are merged into one ROA set
which is then loaded into the RDE. The roa-set from the config is also
handled by the new RTR engine.
Tested by and ok job@

Instead of processing all imsg when reading them store peer specific
messages on a per peer queue. This queue is later processed one at a
time resulting in a fairer processing of work and avoiding big table
dumps to delay processing of other updates.
OK denis@ benno@

Completley rewrite the community matching and handling code. All community
attributes are put into a new data structure when parsing the UPDATE.
The filter code can quickly lookup and modify this data structure.
When creating an UPDATE the data is put back into wire format.
Setups using a lot of communities benefit a lot from this.
Input and OK benno@

Implement a fast presix-set lookup. This magic trie is able to match a
prefix addr/plen to a prefix-set spec addr/plen prefixlen min - max (a
prefix including prefixlen range). Every addr/plen pair is a node in the
trie and the prefixlen is added as a bitmask to those nodes.
For the lookup the any match is OK, there is no need to do longest or
best prefix matching.
Inspiration for this solution comes from the way bird implements this
which was done by Ondrej Zajicek santiago (at) crfreenet.org
OK benno@

Implement as-set a fast lookup table to be used instead of long list of
AS numbers in source-as, AS and transit-as filterstatements. These table
use bsearch to quickly verify if an AS is in the set or not.
The filter syntax is not fully set in stone yet.
OK denis@ benno@ and previously OK deraadt@

undo unintentional commits

When 'enforce neighbor-as no' is set, don't do a config-time check for the neighbor-as, as it is dynamic.

work on making log.c similar in all daemons:

move daemon-local functions into new logmsg.c, and reduce
the (mostly whitespace) differences so that log.c's can be diffed easily.

ok claudio@, feedback from henning@, deraadt@, reyk@

Move imsg into libutil and add a man page.

Minor bump for libutil.

Previous versions of this diff and man page looked at by various people.

"you should just commit" deraadt

incorrect .PATH setting, discovered with nicm

rework timers.
stop changing tienmr values directly, always use new
timer_(get/set/stop/running) functions. preparation for more to come :)
ok claudio

no need for KAME_SCOPEID; just check __KAME__.

implement carp demotion control for bgpd.
sessions can be configured to modify the carp demotion counter for a
given interface group (usually, "carp", which has all carp interfaces)
when the session is not established. once the session is established for
60 seconds, the demotion is cleared.
this, used correctly, can prevent a bgpd-box which lost all sessions (and
thus has no routes) to be carp master, while the backup has sessions.
thought through and partially hacked on a drive from calgary to vancouver
with ryan, ok claudio

Move functions shared with bgpctl into new file util.c. Simplifies the
link between bgpctl and bgpd mostly because of rde_attr.c.

route label support, kroute part and ID allocator as well as the internal
interface changes. support in the filter language and rde to come. claudio ok

ewps, this was not supposed to creep in

free rules_l if the initial config file parse fails

Unbreak peer_localaddr() because Link Local Addresses reported by
getifaddrs() have the scope id added to the address and so fuck up in the
compare later. This part has bin stolen from ifconfig/ifconfig.c and shows
the beauty of IPv6. Thank you KAME.
disgusting but OK henning@

add a filter option to dump prefixes learned in UPDATEs into a PF table,
intended for building realtime BGP blacklists (e.g. with spamd);
ok claudio & henning

Type in Makefile. CLFAGS != CFLAGS and we don't want -Wredundant-decls the
standard include files are full of redundant declarations. OK henning@

Add support for basic filters. Nothing optimized and it has some issues but
this is a huge step forward. OK henning@

factor out functions to print the configuration (rules only for now)
will become more and needed by bgpctl too

Move BGP path attribute handling functions in a own file. henning@ conceptual ok

Move the update generation into a separate file. The update generation has
nothing to do with the decision process. henning@ "conceptual ok ;-)"

first cut at tcpmd5 setup seupport from within bgpd. works so far.
with help from hshoexer@ and markus@
ok claudio@ hshoexer@ markus@

include path fixes for gcc3.
tests otto@, okay millert@

compile like it used to

add bgpdctl

prepare for bgpdctl

listen on a AF_LOCAL socket for imsgs too.
only implemented type yet is IMSG_CTL_SHOW_NEIGHBOR which sends back
the struct peer for all neighbors.
will be used by bgpdctl

bloody attempt at the other manpage.
this time with (non-bloody) help from jmc@

o add low-level functions for adding/chaining/removing kernel routes
o define new imsg types for this
o process these imsgs in the parent process

now "only" debugging and the rde sending these messages is missing.

ok claudio@

my bloody attempt at a manpage. to be fleshed out.

zap -Werror and -Wcast-align

better set of warning opts

oups, kill (then helpful) shit from the time when it live out of the tree...
noticed by Dries Schellekens <gwyllion@ace.ulyssis.org>

welcome, bgpd
started by me some time ago with moral support from theo, the proceeded up to
the point where the session engine worked correctly. claudio jeker joined
then and did a lot of work in the RDE.
it is not particulary usefull as application right now as parts are still
missing but is imported to enable more people to work on it.
status:
BGP sessions get established fine, OPEN messages and then KEEPALIVEs
exchanged etc. session FSM works fine; NOTIFICATIONs are handled fine, and
all connection drops etc I provoked get handled fine.
Incoming UPDATE messgages are parsed well and the data entered to the RIB,
the decision process is not yet there, neither is outgoing UPDATEs or sync
to the kernel routing table.

not connected to the builds yet.

Add RTR support to OpenBGPD. Add basic support for the protocol.
The RTR client runs in a new process where the protocol handling is done
and when new data is available all sources are merged into one ROA set
which is then loaded into the RDE. The roa-set from the config is also
handled by the new RTR engine.
Tested by and ok job@

Instead of processing all imsg when reading them store peer specific
messages on a per peer queue. This queue is later processed one at a
time resulting in a fairer processing of work and avoiding big table
dumps to delay processing of other updates.
OK denis@ benno@

Completley rewrite the community matching and handling code. All community
attributes are put into a new data structure when parsing the UPDATE.
The filter code can quickly lookup and modify this data structure.
When creating an UPDATE the data is put back into wire format.
Setups using a lot of communities benefit a lot from this.
Input and OK benno@

Implement a fast presix-set lookup. This magic trie is able to match a
prefix addr/plen to a prefix-set spec addr/plen prefixlen min - max (a
prefix including prefixlen range). Every addr/plen pair is a node in the
trie and the prefixlen is added as a bitmask to those nodes.
For the lookup the any match is OK, there is no need to do longest or
best prefix matching.
Inspiration for this solution comes from the way bird implements this
which was done by Ondrej Zajicek santiago (at) crfreenet.org
OK benno@

Implement as-set a fast lookup table to be used instead of long list of
AS numbers in source-as, AS and transit-as filterstatements. These table
use bsearch to quickly verify if an AS is in the set or not.
The filter syntax is not fully set in stone yet.
OK denis@ benno@ and previously OK deraadt@

undo unintentional commits

When 'enforce neighbor-as no' is set, don't do a config-time check for the neighbor-as, as it is dynamic.

work on making log.c similar in all daemons:

move daemon-local functions into new logmsg.c, and reduce
the (mostly whitespace) differences so that log.c's can be diffed easily.

ok claudio@, feedback from henning@, deraadt@, reyk@

Move imsg into libutil and add a man page.

Minor bump for libutil.

Previous versions of this diff and man page looked at by various people.

"you should just commit" deraadt

incorrect .PATH setting, discovered with nicm

rework timers.
stop changing tienmr values directly, always use new
timer_(get/set/stop/running) functions. preparation for more to come :)
ok claudio

no need for KAME_SCOPEID; just check __KAME__.

implement carp demotion control for bgpd.
sessions can be configured to modify the carp demotion counter for a
given interface group (usually, "carp", which has all carp interfaces)
when the session is not established. once the session is established for
60 seconds, the demotion is cleared.
this, used correctly, can prevent a bgpd-box which lost all sessions (and
thus has no routes) to be carp master, while the backup has sessions.
thought through and partially hacked on a drive from calgary to vancouver
with ryan, ok claudio

Move functions shared with bgpctl into new file util.c. Simplifies the
link between bgpctl and bgpd mostly because of rde_attr.c.

route label support, kroute part and ID allocator as well as the internal
interface changes. support in the filter language and rde to come. claudio ok

ewps, this was not supposed to creep in

free rules_l if the initial config file parse fails

Unbreak peer_localaddr() because Link Local Addresses reported by
getifaddrs() have the scope id added to the address and so fuck up in the
compare later. This part has bin stolen from ifconfig/ifconfig.c and shows
the beauty of IPv6. Thank you KAME.
disgusting but OK henning@

add a filter option to dump prefixes learned in UPDATEs into a PF table,
intended for building realtime BGP blacklists (e.g. with spamd);
ok claudio & henning

Type in Makefile. CLFAGS != CFLAGS and we don't want -Wredundant-decls the
standard include files are full of redundant declarations. OK henning@

Add support for basic filters. Nothing optimized and it has some issues but
this is a huge step forward. OK henning@

factor out functions to print the configuration (rules only for now)
will become more and needed by bgpctl too

Move BGP path attribute handling functions in a own file. henning@ conceptual ok

Move the update generation into a separate file. The update generation has
nothing to do with the decision process. henning@ "conceptual ok ;-)"

first cut at tcpmd5 setup seupport from within bgpd. works so far.
with help from hshoexer@ and markus@
ok claudio@ hshoexer@ markus@

include path fixes for gcc3.
tests otto@, okay millert@

compile like it used to

add bgpdctl

prepare for bgpdctl

listen on a AF_LOCAL socket for imsgs too.
only implemented type yet is IMSG_CTL_SHOW_NEIGHBOR which sends back
the struct peer for all neighbors.
will be used by bgpdctl

bloody attempt at the other manpage.
this time with (non-bloody) help from jmc@

o add low-level functions for adding/chaining/removing kernel routes
o define new imsg types for this
o process these imsgs in the parent process

now "only" debugging and the rde sending these messages is missing.

ok claudio@

my bloody attempt at a manpage. to be fleshed out.

zap -Werror and -Wcast-align

better set of warning opts

oups, kill (then helpful) shit from the time when it live out of the tree...
noticed by Dries Schellekens <gwyllion@ace.ulyssis.org>

welcome, bgpd
started by me some time ago with moral support from theo, the proceeded up to
the point where the session engine worked correctly. claudio jeker joined
then and did a lot of work in the RDE.
it is not particulary usefull as application right now as parts are still
missing but is imported to enable more people to work on it.
status:
BGP sessions get established fine, OPEN messages and then KEEPALIVEs
exchanged etc. session FSM works fine; NOTIFICATIONs are handled fine, and
all connection drops etc I provoked get handled fine.
Incoming UPDATE messgages are parsed well and the data entered to the RIB,
the decision process is not yet there, neither is outgoing UPDATEs or sync
to the kernel routing table.

not connected to the builds yet.

Instead of processing all imsg when reading them store peer specific
messages on a per peer queue. This queue is later processed one at a
time resulting in a fairer processing of work and avoiding big table
dumps to delay processing of other updates.
OK denis@ benno@

Completley rewrite the community matching and handling code. All community
attributes are put into a new data structure when parsing the UPDATE.
The filter code can quickly lookup and modify this data structure.
When creating an UPDATE the data is put back into wire format.
Setups using a lot of communities benefit a lot from this.
Input and OK benno@

Implement a fast presix-set lookup. This magic trie is able to match a
prefix addr/plen to a prefix-set spec addr/plen prefixlen min - max (a
prefix including prefixlen range). Every addr/plen pair is a node in the
trie and the prefixlen is added as a bitmask to those nodes.
For the lookup the any match is OK, there is no need to do longest or
best prefix matching.
Inspiration for this solution comes from the way bird implements this
which was done by Ondrej Zajicek santiago (at) crfreenet.org
OK benno@

Implement as-set a fast lookup table to be used instead of long list of
AS numbers in source-as, AS and transit-as filterstatements. These table
use bsearch to quickly verify if an AS is in the set or not.
The filter syntax is not fully set in stone yet.
OK denis@ benno@ and previously OK deraadt@

undo unintentional commits

When 'enforce neighbor-as no' is set, don't do a config-time check for the neighbor-as, as it is dynamic.

work on making log.c similar in all daemons:

move daemon-local functions into new logmsg.c, and reduce
the (mostly whitespace) differences so that log.c's can be diffed easily.

ok claudio@, feedback from henning@, deraadt@, reyk@

Move imsg into libutil and add a man page.

Minor bump for libutil.

Previous versions of this diff and man page looked at by various people.

"you should just commit" deraadt

incorrect .PATH setting, discovered with nicm

rework timers.
stop changing tienmr values directly, always use new
timer_(get/set/stop/running) functions. preparation for more to come :)
ok claudio

no need for KAME_SCOPEID; just check __KAME__.

implement carp demotion control for bgpd.
sessions can be configured to modify the carp demotion counter for a
given interface group (usually, "carp", which has all carp interfaces)
when the session is not established. once the session is established for
60 seconds, the demotion is cleared.
this, used correctly, can prevent a bgpd-box which lost all sessions (and
thus has no routes) to be carp master, while the backup has sessions.
thought through and partially hacked on a drive from calgary to vancouver
with ryan, ok claudio

Move functions shared with bgpctl into new file util.c. Simplifies the
link between bgpctl and bgpd mostly because of rde_attr.c.

route label support, kroute part and ID allocator as well as the internal
interface changes. support in the filter language and rde to come. claudio ok

ewps, this was not supposed to creep in

free rules_l if the initial config file parse fails

Unbreak peer_localaddr() because Link Local Addresses reported by
getifaddrs() have the scope id added to the address and so fuck up in the
compare later. This part has bin stolen from ifconfig/ifconfig.c and shows
the beauty of IPv6. Thank you KAME.
disgusting but OK henning@

add a filter option to dump prefixes learned in UPDATEs into a PF table,
intended for building realtime BGP blacklists (e.g. with spamd);
ok claudio & henning

Type in Makefile. CLFAGS != CFLAGS and we don't want -Wredundant-decls the
standard include files are full of redundant declarations. OK henning@

Add support for basic filters. Nothing optimized and it has some issues but
this is a huge step forward. OK henning@

factor out functions to print the configuration (rules only for now)
will become more and needed by bgpctl too

Move BGP path attribute handling functions in a own file. henning@ conceptual ok

Move the update generation into a separate file. The update generation has
nothing to do with the decision process. henning@ "conceptual ok ;-)"

first cut at tcpmd5 setup seupport from within bgpd. works so far.
with help from hshoexer@ and markus@
ok claudio@ hshoexer@ markus@

include path fixes for gcc3.
tests otto@, okay millert@

compile like it used to

add bgpdctl

prepare for bgpdctl

listen on a AF_LOCAL socket for imsgs too.
only implemented type yet is IMSG_CTL_SHOW_NEIGHBOR which sends back
the struct peer for all neighbors.
will be used by bgpdctl

bloody attempt at the other manpage.
this time with (non-bloody) help from jmc@

o add low-level functions for adding/chaining/removing kernel routes
o define new imsg types for this
o process these imsgs in the parent process

now "only" debugging and the rde sending these messages is missing.

ok claudio@

my bloody attempt at a manpage. to be fleshed out.

zap -Werror and -Wcast-align

better set of warning opts

oups, kill (then helpful) shit from the time when it live out of the tree...
noticed by Dries Schellekens <gwyllion@ace.ulyssis.org>

welcome, bgpd
started by me some time ago with moral support from theo, the proceeded up to
the point where the session engine worked correctly. claudio jeker joined
then and did a lot of work in the RDE.
it is not particulary usefull as application right now as parts are still
missing but is imported to enable more people to work on it.
status:
BGP sessions get established fine, OPEN messages and then KEEPALIVEs
exchanged etc. session FSM works fine; NOTIFICATIONs are handled fine, and
all connection drops etc I provoked get handled fine.
Incoming UPDATE messgages are parsed well and the data entered to the RIB,
the decision process is not yet there, neither is outgoing UPDATEs or sync
to the kernel routing table.

not connected to the builds yet.

Completley rewrite the community matching and handling code. All community
attributes are put into a new data structure when parsing the UPDATE.
The filter code can quickly lookup and modify this data structure.
When creating an UPDATE the data is put back into wire format.
Setups using a lot of communities benefit a lot from this.
Input and OK benno@

Implement a fast presix-set lookup. This magic trie is able to match a
prefix addr/plen to a prefix-set spec addr/plen prefixlen min - max (a
prefix including prefixlen range). Every addr/plen pair is a node in the
trie and the prefixlen is added as a bitmask to those nodes.
For the lookup the any match is OK, there is no need to do longest or
best prefix matching.
Inspiration for this solution comes from the way bird implements this
which was done by Ondrej Zajicek santiago (at) crfreenet.org
OK benno@

Implement as-set a fast lookup table to be used instead of long list of
AS numbers in source-as, AS and transit-as filterstatements. These table
use bsearch to quickly verify if an AS is in the set or not.
The filter syntax is not fully set in stone yet.
OK denis@ benno@ and previously OK deraadt@

undo unintentional commits

When 'enforce neighbor-as no' is set, don't do a config-time check for the neighbor-as, as it is dynamic.

work on making log.c similar in all daemons:

move daemon-local functions into new logmsg.c, and reduce
the (mostly whitespace) differences so that log.c's can be diffed easily.

ok claudio@, feedback from henning@, deraadt@, reyk@

Move imsg into libutil and add a man page.

Minor bump for libutil.

Previous versions of this diff and man page looked at by various people.

"you should just commit" deraadt

incorrect .PATH setting, discovered with nicm

rework timers.
stop changing tienmr values directly, always use new
timer_(get/set/stop/running) functions. preparation for more to come :)
ok claudio

no need for KAME_SCOPEID; just check __KAME__.

implement carp demotion control for bgpd.
sessions can be configured to modify the carp demotion counter for a
given interface group (usually, "carp", which has all carp interfaces)
when the session is not established. once the session is established for
60 seconds, the demotion is cleared.
this, used correctly, can prevent a bgpd-box which lost all sessions (and
thus has no routes) to be carp master, while the backup has sessions.
thought through and partially hacked on a drive from calgary to vancouver
with ryan, ok claudio

Move functions shared with bgpctl into new file util.c. Simplifies the
link between bgpctl and bgpd mostly because of rde_attr.c.

route label support, kroute part and ID allocator as well as the internal
interface changes. support in the filter language and rde to come. claudio ok

ewps, this was not supposed to creep in

free rules_l if the initial config file parse fails

Unbreak peer_localaddr() because Link Local Addresses reported by
getifaddrs() have the scope id added to the address and so fuck up in the
compare later. This part has bin stolen from ifconfig/ifconfig.c and shows
the beauty of IPv6. Thank you KAME.
disgusting but OK henning@

add a filter option to dump prefixes learned in UPDATEs into a PF table,
intended for building realtime BGP blacklists (e.g. with spamd);
ok claudio & henning

Type in Makefile. CLFAGS != CFLAGS and we don't want -Wredundant-decls the
standard include files are full of redundant declarations. OK henning@

Add support for basic filters. Nothing optimized and it has some issues but
this is a huge step forward. OK henning@

factor out functions to print the configuration (rules only for now)
will become more and needed by bgpctl too

Move BGP path attribute handling functions in a own file. henning@ conceptual ok

Move the update generation into a separate file. The update generation has
nothing to do with the decision process. henning@ "conceptual ok ;-)"

first cut at tcpmd5 setup seupport from within bgpd. works so far.
with help from hshoexer@ and markus@
ok claudio@ hshoexer@ markus@

include path fixes for gcc3.
tests otto@, okay millert@

compile like it used to

add bgpdctl

prepare for bgpdctl

listen on a AF_LOCAL socket for imsgs too.
only implemented type yet is IMSG_CTL_SHOW_NEIGHBOR which sends back
the struct peer for all neighbors.
will be used by bgpdctl

bloody attempt at the other manpage.
this time with (non-bloody) help from jmc@

o add low-level functions for adding/chaining/removing kernel routes
o define new imsg types for this
o process these imsgs in the parent process

now "only" debugging and the rde sending these messages is missing.

ok claudio@

my bloody attempt at a manpage. to be fleshed out.

zap -Werror and -Wcast-align

better set of warning opts

oups, kill (then helpful) shit from the time when it live out of the tree...
noticed by Dries Schellekens <gwyllion@ace.ulyssis.org>

welcome, bgpd
started by me some time ago with moral support from theo, the proceeded up to
the point where the session engine worked correctly. claudio jeker joined
then and did a lot of work in the RDE.
it is not particulary usefull as application right now as parts are still
missing but is imported to enable more people to work on it.
status:
BGP sessions get established fine, OPEN messages and then KEEPALIVEs
exchanged etc. session FSM works fine; NOTIFICATIONs are handled fine, and
all connection drops etc I provoked get handled fine.
Incoming UPDATE messgages are parsed well and the data entered to the RIB,
the decision process is not yet there, neither is outgoing UPDATEs or sync
to the kernel routing table.

not connected to the builds yet.

Implement a fast presix-set lookup. This magic trie is able to match a
prefix addr/plen to a prefix-set spec addr/plen prefixlen min - max (a
prefix including prefixlen range). Every addr/plen pair is a node in the
trie and the prefixlen is added as a bitmask to those nodes.
For the lookup the any match is OK, there is no need to do longest or
best prefix matching.
Inspiration for this solution comes from the way bird implements this
which was done by Ondrej Zajicek santiago (at) crfreenet.org
OK benno@

Implement as-set a fast lookup table to be used instead of long list of
AS numbers in source-as, AS and transit-as filterstatements. These table
use bsearch to quickly verify if an AS is in the set or not.
The filter syntax is not fully set in stone yet.
OK denis@ benno@ and previously OK deraadt@

undo unintentional commits

When 'enforce neighbor-as no' is set, don't do a config-time check for the neighbor-as, as it is dynamic.

work on making log.c similar in all daemons:

move daemon-local functions into new logmsg.c, and reduce
the (mostly whitespace) differences so that log.c's can be diffed easily.

ok claudio@, feedback from henning@, deraadt@, reyk@

Move imsg into libutil and add a man page.

Minor bump for libutil.

Previous versions of this diff and man page looked at by various people.

"you should just commit" deraadt

incorrect .PATH setting, discovered with nicm

rework timers.
stop changing tienmr values directly, always use new
timer_(get/set/stop/running) functions. preparation for more to come :)
ok claudio

no need for KAME_SCOPEID; just check __KAME__.

implement carp demotion control for bgpd.
sessions can be configured to modify the carp demotion counter for a
given interface group (usually, "carp", which has all carp interfaces)
when the session is not established. once the session is established for
60 seconds, the demotion is cleared.
this, used correctly, can prevent a bgpd-box which lost all sessions (and
thus has no routes) to be carp master, while the backup has sessions.
thought through and partially hacked on a drive from calgary to vancouver
with ryan, ok claudio

Move functions shared with bgpctl into new file util.c. Simplifies the
link between bgpctl and bgpd mostly because of rde_attr.c.

route label support, kroute part and ID allocator as well as the internal
interface changes. support in the filter language and rde to come. claudio ok

ewps, this was not supposed to creep in

free rules_l if the initial config file parse fails

Unbreak peer_localaddr() because Link Local Addresses reported by
getifaddrs() have the scope id added to the address and so fuck up in the
compare later. This part has bin stolen from ifconfig/ifconfig.c and shows
the beauty of IPv6. Thank you KAME.
disgusting but OK henning@

add a filter option to dump prefixes learned in UPDATEs into a PF table,
intended for building realtime BGP blacklists (e.g. with spamd);
ok claudio & henning

Type in Makefile. CLFAGS != CFLAGS and we don't want -Wredundant-decls the
standard include files are full of redundant declarations. OK henning@

Add support for basic filters. Nothing optimized and it has some issues but
this is a huge step forward. OK henning@

factor out functions to print the configuration (rules only for now)
will become more and needed by bgpctl too

Move BGP path attribute handling functions in a own file. henning@ conceptual ok

Move the update generation into a separate file. The update generation has
nothing to do with the decision process. henning@ "conceptual ok ;-)"

first cut at tcpmd5 setup seupport from within bgpd. works so far.
with help from hshoexer@ and markus@
ok claudio@ hshoexer@ markus@

include path fixes for gcc3.
tests otto@, okay millert@

compile like it used to

add bgpdctl

prepare for bgpdctl

listen on a AF_LOCAL socket for imsgs too.
only implemented type yet is IMSG_CTL_SHOW_NEIGHBOR which sends back
the struct peer for all neighbors.
will be used by bgpdctl

bloody attempt at the other manpage.
this time with (non-bloody) help from jmc@

o add low-level functions for adding/chaining/removing kernel routes
o define new imsg types for this
o process these imsgs in the parent process

now "only" debugging and the rde sending these messages is missing.

ok claudio@

my bloody attempt at a manpage. to be fleshed out.

zap -Werror and -Wcast-align

better set of warning opts

oups, kill (then helpful) shit from the time when it live out of the tree...
noticed by Dries Schellekens <gwyllion@ace.ulyssis.org>

welcome, bgpd
started by me some time ago with moral support from theo, the proceeded up to
the point where the session engine worked correctly. claudio jeker joined
then and did a lot of work in the RDE.
it is not particulary usefull as application right now as parts are still
missing but is imported to enable more people to work on it.
status:
BGP sessions get established fine, OPEN messages and then KEEPALIVEs
exchanged etc. session FSM works fine; NOTIFICATIONs are handled fine, and
all connection drops etc I provoked get handled fine.
Incoming UPDATE messgages are parsed well and the data entered to the RIB,
the decision process is not yet there, neither is outgoing UPDATEs or sync
to the kernel routing table.

not connected to the builds yet.

undo unintentional commits

When 'enforce neighbor-as no' is set, don't do a config-time check for the neighbor-as, as it is dynamic.

work on making log.c similar in all daemons:

move daemon-local functions into new logmsg.c, and reduce
the (mostly whitespace) differences so that log.c's can be diffed easily.

ok claudio@, feedback from henning@, deraadt@, reyk@

Move imsg into libutil and add a man page.

Minor bump for libutil.

Previous versions of this diff and man page looked at by various people.

"you should just commit" deraadt

incorrect .PATH setting, discovered with nicm

rework timers.
stop changing tienmr values directly, always use new
timer_(get/set/stop/running) functions. preparation for more to come :)
ok claudio

no need for KAME_SCOPEID; just check __KAME__.

implement carp demotion control for bgpd.
sessions can be configured to modify the carp demotion counter for a
given interface group (usually, "carp", which has all carp interfaces)
when the session is not established. once the session is established for
60 seconds, the demotion is cleared.
this, used correctly, can prevent a bgpd-box which lost all sessions (and
thus has no routes) to be carp master, while the backup has sessions.
thought through and partially hacked on a drive from calgary to vancouver
with ryan, ok claudio

Move functions shared with bgpctl into new file util.c. Simplifies the
link between bgpctl and bgpd mostly because of rde_attr.c.

route label support, kroute part and ID allocator as well as the internal
interface changes. support in the filter language and rde to come. claudio ok

ewps, this was not supposed to creep in

free rules_l if the initial config file parse fails

Unbreak peer_localaddr() because Link Local Addresses reported by
getifaddrs() have the scope id added to the address and so fuck up in the
compare later. This part has bin stolen from ifconfig/ifconfig.c and shows
the beauty of IPv6. Thank you KAME.
disgusting but OK henning@

add a filter option to dump prefixes learned in UPDATEs into a PF table,
intended for building realtime BGP blacklists (e.g. with spamd);
ok claudio & henning

Type in Makefile. CLFAGS != CFLAGS and we don't want -Wredundant-decls the
standard include files are full of redundant declarations. OK henning@

Add support for basic filters. Nothing optimized and it has some issues but
this is a huge step forward. OK henning@

factor out functions to print the configuration (rules only for now)
will become more and needed by bgpctl too

Move BGP path attribute handling functions in a own file. henning@ conceptual ok

Move the update generation into a separate file. The update generation has
nothing to do with the decision process. henning@ "conceptual ok ;-)"

first cut at tcpmd5 setup seupport from within bgpd. works so far.
with help from hshoexer@ and markus@
ok claudio@ hshoexer@ markus@

include path fixes for gcc3.
tests otto@, okay millert@

compile like it used to

add bgpdctl

prepare for bgpdctl

listen on a AF_LOCAL socket for imsgs too.
only implemented type yet is IMSG_CTL_SHOW_NEIGHBOR which sends back
the struct peer for all neighbors.
will be used by bgpdctl

bloody attempt at the other manpage.
this time with (non-bloody) help from jmc@

o add low-level functions for adding/chaining/removing kernel routes
o define new imsg types for this
o process these imsgs in the parent process

now "only" debugging and the rde sending these messages is missing.

ok claudio@

my bloody attempt at a manpage. to be fleshed out.

zap -Werror and -Wcast-align

better set of warning opts

oups, kill (then helpful) shit from the time when it live out of the tree...
noticed by Dries Schellekens <gwyllion@ace.ulyssis.org>

welcome, bgpd
started by me some time ago with moral support from theo, the proceeded up to
the point where the session engine worked correctly. claudio jeker joined
then and did a lot of work in the RDE.
it is not particulary usefull as application right now as parts are still
missing but is imported to enable more people to work on it.
status:
BGP sessions get established fine, OPEN messages and then KEEPALIVEs
exchanged etc. session FSM works fine; NOTIFICATIONs are handled fine, and
all connection drops etc I provoked get handled fine.
Incoming UPDATE messgages are parsed well and the data entered to the RIB,
the decision process is not yet there, neither is outgoing UPDATEs or sync
to the kernel routing table.

not connected to the builds yet.