CVSROOT: /cvs
Module name: src
Changes by: clau...@cvs.openbsd.org 2023/03/09 06:12:19
Modified files:
usr.sbin/bgpd : bgpd.h parse.y printconf.c rde.c rde.h
rde_decide.c rde_peer.c rde_update.c session.c
session.h
Log message:
Major rework of RFC9234 support. My initial interpretation of the RFC was
too conservative. Fixes and changes include:
- add role output to bgpctl, also adjust the capability output.
Note, this changes the JSON output of neighbors a bit.
- adjust the config parser to enable the RFC9234 role capability when
there is a role set. iBGP and sessions with no role will not announce
the role capability.
- adjust the role capability announcement to be only on sessions that
use either AFI IPv4 or IPv6 and SAFI 1 (AID_INET, AID_INET6).
- if there is an OPEN notification indicating that the role capability
is bad only disable the capability if it is not enforced.
- Adjust capability negotiation, store remote_role on the peer since
the neighbors role is no longer needed by the RDE.
- inject the OTC attribute on ingress only for AID_INET and AID_INET6.
For other AIDs clear the F_ATTR_OTC_LOOP flag.
- Adjust the role logic in the RDE and use the peer->role (local role of
the system) for all checks. Also remove the check if the role capability
was negotiated between peers.
- In prefix_eligible() check also if the F_ATTR_OTC_LOOP flag is set.
The RFC requires that prefixes must be considered ineligible (and not
treat as withdraw as done before)
- When generating an UPDATE include the OTC attribute unless the AID is
neither AID_INET or AID_INET6.
Fixes https://github.com/openbgpd-portable/openbgpd-portable/issues/51
Reported by Pier Carlo Chiodi
OK tb@
