bgpd/bgp_attr.c | 4 - bgpd/bgp_network.c | 18 ++++- bgpd/bgp_route.c | 6 + bgpd/bgp_vty.c | 68 +++++++++++++++++--- bgpd/bgpd.c | 173 ++++++++++++++++++++++++++++++++++++++++++++++++++++- bgpd/bgpd.h | 8 ++ configure.ac | 2 lib/command.c | 2 lib/if.c | 2 lib/sockunion.c | 30 +++++++++ lib/sockunion.h | 1 11 files changed, 293 insertions(+), 21 deletions(-)
New commits: commit 31d0f1b3c64903d56a47caebf887067d222c7cd6 Author: Paul Jakma <[email protected]> Date: Tue Mar 29 14:18:49 2011 +0100 bgpd: Fix merge error in jhash commit * bgp_attr.c: (attrhash_key_make) 98e30f should have changed jhash2 to jhash. These kinds of merge errors would be reduced and life would be easier if people would submit fully-formed fixes that could be chucked directly into git-am. commit f5a4827db60545309d0ee378b85acac56cf7837a Author: Stephen Hemminger <[email protected]> Date: Thu Mar 24 17:30:21 2011 +0000 bgpd: refine the setting up of GTSM * bgpd.h: Add error code for setting GTSM on iBGP * bgpd.c: (peer_ttl_security_hops_set) use previous error code and signal incompatibility of GTSM+iBGP to vty. Consider the session state when setting GTSM, and reset Open/Active peers to let them pick up new TTL from start. commit 0d51c7ef830c3930bb0d7207d93f26bcb8cee455 Author: Greg Troxel <[email protected]> Date: Thu Mar 24 10:19:43 2011 -0400 build: treat opaque-lsa default correctly for ospfapi In deciding whether to default ospfapi to on or off, use the same rule for opaque-lsa as earlier: != no rather than = yes, so that not having set it implies yes. commit d876bdf4a84f40ac3f9bec8d5040858b3725db3e Author: Stephen Hemminger <[email protected]> Date: Thu Aug 5 10:26:27 2010 -0700 lib: Add support for IPv6 ttl security * sockunion.c: (sockopt_minttl) Add IPv6 support for min hop count. The kernel support is Linux kernel 2.6.35 or later. commit 89b6d1f8e2759cc38bc768067abe3a296d93f454 Author: Stephen Hemminger <[email protected]> Date: Thu Mar 24 10:51:59 2011 +0000 bgpd: Cleanups & fixes for minttl / GTSM * bgp_vty.c: (peer_ebgp_multihop_{un,}set_vty) tail-call cleanup. ({no_,}neighbor_ttl_security) ditto. * bgpd.c: (peer_ttl_security_hops_set) Peer group checks and TTL set only need to be done on transition. * sockunion.c: (sockopt_minttl) remove always-on debug and improve readability. commit fa411a212b55bba650d68fd0456686f3e47b7395 Author: Nick Hilliard <[email protected]> Date: Wed Mar 23 15:33:17 2011 +0000 bgpd: RFC 5082 Generalized TTL Security Mechanism support * bgpd: Add support for RFC 5082 GTSM, which allows the TTL field to be used to verify that incoming packets have been sent from neighbours no more than X IP hops away. In other words, this allows packets that were sent from further away (i.e. not by the neighbour with known distance, and so possibly a miscreant) to be filtered out. * lib/sockunion.{c,h}: (sockopt_minttl) new function, to set a minimum TTL using the IP_MINTTL socket opt. * bgpd.h: (BGP_ERR_NO_EBGP_MULTIHOP_WITH_TTLHACK) define for command error for minttl. (struct peer) add a config variable, to store the configured minttl. (peer_ttl_security_hops_{set,unset}) configuration handlers * bgpd.c: (peer_group_get) init gtsm_hops (peer_ebgp_multihop_{un,}set) check for conflicts with GTSM. Multihop and GTSM can't both be active for a peer at the same time. (peer_ttl_security_hops_set) set minttl, taking care to avoid conflicts with ebgp_multihop. (bgp_config_write_peer) write out minttl as "neighbor .. ttl-security hops X". * bgp_vty.c: (bgp_vty_return) message for BGP_ERR_NO_EBGP_MULTIHOP_WITH_TTLHACK (peer_ebgp_multihop_{un,}set_vty) * bgp_network.c: (bgp_accept) set minttl on accepted sockets if appropriate. (bgp_connect) ditto for outbound. commit 3bde17f1af635c9ca19df0b3516cb8ad0376e6d3 Author: Paul Jakma <[email protected]> Date: Wed Mar 23 10:30:30 2011 +0000 bgpd: Fix compile failure if IPv6 build was disabled. * bgp_route.c: ({no_,}ipv6_bgp_network_ttl_cmd) depends on ipv6_bgp_network which is HAVE_IPV6, so these should be too. (bgp_route_init) and the installs should be similarly ifdefed commit fc95186c30884c96543aecfc56cfe5b08774525b Author: Christian Hammers <[email protected]> Date: Wed Mar 23 13:07:55 2011 +0300 lib: fix more format warnings (#637) The following patch was also neccessary to compile. * command.c: (config_logmsg_cmd) use "%s" format spec * if.c: (connected_log) ditto http://suva.vyatta.com/git/?p=vyatta-quagga.git;a=commitdiff;h=31d0f1b3c64903d56a47caebf887067d222c7cd6 http://suva.vyatta.com/git/?p=vyatta-quagga.git;a=commitdiff;h=f5a4827db60545309d0ee378b85acac56cf7837a http://suva.vyatta.com/git/?p=vyatta-quagga.git;a=commitdiff;h=0d51c7ef830c3930bb0d7207d93f26bcb8cee455 http://suva.vyatta.com/git/?p=vyatta-quagga.git;a=commitdiff;h=d876bdf4a84f40ac3f9bec8d5040858b3725db3e http://suva.vyatta.com/git/?p=vyatta-quagga.git;a=commitdiff;h=89b6d1f8e2759cc38bc768067abe3a296d93f454 http://suva.vyatta.com/git/?p=vyatta-quagga.git;a=commitdiff;h=fa411a212b55bba650d68fd0456686f3e47b7395 http://suva.vyatta.com/git/?p=vyatta-quagga.git;a=commitdiff;h=3bde17f1af635c9ca19df0b3516cb8ad0376e6d3 http://suva.vyatta.com/git/?p=vyatta-quagga.git;a=commitdiff;h=fc95186c30884c96543aecfc56cfe5b08774525b _______________________________________________ svn mailing list [email protected] http://mailman.vyatta.com/mailman/listinfo/svn
