Hi all,
Following a discussion on the NANOG mailing regarding the overlap
between MAC addresses assigned to VRRP [1] and virtual host IDs as used
in the CARP protocol, it was suggested to use a range dedicated to CARP
[2]. Ytti assigned 74-66-30-FF-FE-00 .. 74-66-30-FF-FE-FF.
* Improve
On Sun, Sep 14, 2014 at 02:54:54PM +0200, Stefan Fritsch wrote:
I would like people to test the diffs on other machines. In particular on
non-Intel CPUs. The only AMD system I could get hold of did not run
reliably with openbsd even without the pmap diff.
I tested MP 'kernel -j 2' on a PC
On Sun, Sep 14, 2014 at 06:54:40PM +0200, Stefan Fritsch wrote:
On Sun, 14 Sep 2014, Job Snijders wrote:
I tested MP 'kernel -j 2' on a PC Engines apu1c4 (AMD G series T40E, 1
GHz dual Bobcat core with 64 bit support) and saw no speedup.
Thanks. But no slowdown either?
No slowdown either
On Sun, Nov 09, 2014 at 01:36:59PM -0700, Theo de Raadt wrote:
I just updated to OpenBSD 5.6 and I was happy to see that rcp, rsh,
rshd, rwho, rwhod, etc have been removed (at least according to the
Changelog). However, the upgrade instructions fail to mention that files
like /etc/rc.d/rwhod
On Sun, Nov 09, 2014 at 10:02:32PM +, Stuart Henderson wrote:
I was answering the specific point about the _exact_ same state as a
clean 5.6 installation there.
There are some specific cases where it makes a lot of sense to tell
people to rm things (e.g. base program moved to ports). And
This patch adds support to tcpdump(8) to decode Large BGP
Communities in human readable form.
Example:
[ snip ] BGP (UPDATE: (Path attributes: (ORIGIN[T] IGP)
(AS_PATH[T] 65000)
(NEXT_HOP[T] pxtr-2.meerval.net)
(COMMUNITIES[OT] 666:666
Dear all,
The below is based on feedback from Sebastian Benoit, Theo de Raadt,
and Peter Hessler. The patch adds less lines of code, and adheres
better to style(9). Thank you for your time.
Kind regards,
Job
Index: bgpctl/bgpctl.8
This patch adds support to tcpdump(8) to decode BGP Administrative
Shutdown Communications in human readable form.
The draft-ietf-idr-shutdown
(https://tools.ietf.org/html/draft-ietf-idr-shutdown)
specification documents a mechanism to transmit a short freeform UTF-8
message as part of a BGP
rk has been tested against pmacct and exabgp which also
support draft-ietf-idr-shutdown.
The BGP Administrative Shutdown Communication feature for OpenBGPD was
developed by Peter van Dijk <peter.van.d...@powerdns.com> and Job Snijders
<j...@ntt.
Dear all,
BGP Origin Validation State communities are non-transitive opaque
extended communities to carry the origination Autonomous System
validation state inside an autonomous system. IBGP speakers that
receive this validation state can configure local policies that allow it
to influence their
On Wed, Mar 29, 2017 at 12:14:24AM +0200, Sebastian Benoit wrote:
> Job Snijders(j...@instituut.net) on 2017.03.28 14:12:42 -0500:
> >
> > match from any \
> > set { ext-community bovs not-found \
>
> do other implementations call this "bovs"?
Hi OpenBSD,
bgpd(8) as shipped in OpenBSD 6.1 supports draft-ietf-idr-shutdown-07.
The below patch adds support to tcpdump(8) to decode such shutdown
communication.
This is an improved version of the patch proposal I sent in January.
Kind regards,
Job
diff --git
On Mon, Apr 17, 2017 at 01:56:17PM -0600, Theo de Raadt wrote:
> + memset(string, 0, 129);
> + memcpy(string, p+1, shutdown_comm_length);
> + safeputs(string);
>
> Please don't copy numbers like that. If
Hi all,
Daan Keuper (Computest) was kind enough to review the diff, he pointed
out the following:
safeputs() expects a null-terminated string. Since shutdown_comm_length
won't exceed BGP_NOTIFY_MINOR_CEASE_ADMIN_SHUTDOWN_LEN (128), the
following will ensure a null-terminated string is passed to
On Sat, Jul 01, 2017 at 08:50:36PM +0200, Sebastian Benoit wrote:
> Sebastian Benoit(be...@openbsd.org) on 2017.07.01 20:40:17 +0200:
>
> oks for this?
>
> /* filter listening sockets out unless -a is set */
> - if (!aflag && istcp && kf->t_state <= TCPS_LISTEN)
> + if (!(aflag ||
Small update.
I renamed the 'msb' argument ('most significant bits') to 'part' to
improve readability. In Community 15562:4, '15562' is part 0 and the '4'
is part 1. Same type of logic might be useful down the road for Large
Communities which would have 3 parts.
- Job
diff --git
Dear Alexander,
On Sun, Jun 25, 2017 at 06:13:40PM +0200, Alexander Hall wrote:
> On June 25, 2017 2:06:20 PM GMT+02:00, Job Snijders <j...@instituut.net>
> wrote:
> >This patch adds a -v option to cp(1) for more verbose output.
> >
> > $ touch a b;
Hi Ingo,
Thanks for taking the time to review this.
On Sun, Jun 25, 2017 at 03:12:26PM +0200, Ingo Schwarze wrote:
> Job Snijders wrote on Sun, Jun 25, 2017 at 02:06:16PM +0200:
>
> > This patch adds a '-v' option to rm(1) for more verbose output.
>
> Do not add new o
On Sun, Jun 25, 2017 at 02:09:22PM +0200, Peter Hessler wrote:
> : $ bgpctl show rib community WELLKNOWN:0
> : ..
> : $ bgpctl show rib community WELLKNOWN:*
> : ..
>
> Eh, I don't really see a reason to have syntatic sugar for
> '65535'. In this case, I'm
Hi all,
This patch adds a '-v' option to rm(1) for more verbose output.
$ mkdir a; touch a/b; touch c
$ rm -rfv *
removed 'a/b'
removed directory 'a'
removed 'c'
Kind regards,
Job
diff --git bin/rm/rm.1 bin/rm/rm.1
index 5c8aefaab7d..7de2c7067ee 100644
Hi all,
This patch adds a -v option to mv(1) for more verbose output.
$ touch a
$ mv -v a b
'a' -> 'b'
$ mkdir c
$ mv -v b c
'b' -> 'c/b'
$ mv -v c d
'e' -> 'd'
And here is an example of the output of the situation mentioned in the
Dear team,
This patch adds a -v option to cp(1) for more verbose output.
$ touch a b; mkdir c
$ cp -v a b c
'a' -> 'c/a'
'b' -> 'c/b'
$ cp -rv c d
'c' -> 'd/'
'c/a' -> 'd/a'
'c/b' -> 'd/b'
Kind regards,
Job
diff --git bin/cp/cp.1
On Sun, Jun 25, 2017 at 02:06:20PM +0200, Job Snijders wrote:
> This patch adds a -v option to cp(1) for more verbose output.
NetBSD/FreeBSD/DragonFly/OSX's cp(1) with "-v" print file names without
the single quotes, which might indeed be more appealing to the eye:
$ touch
On Sun, Jun 25, 2017 at 11:41:05PM +0200, Sebastian Benoit wrote:
> ok
>
> as wor the WELLKNOWN, what do other implementations do?
I'm not aware of other implementations that do a blanket replacement of
"65535:" with something like "WELLKNOWN:" in their CLI output.
Most implementations (after
On Sun, Jun 25, 2017 at 04:09:11PM +0200, Job Snijders wrote:
> --- bin/rm/rm.1
> +++ bin/rm/rm.1
> @@ -95,6 +95,8 @@ that directory is skipped.
> .It Fl r
> Equivalent to
> .Fl R .
> +.It Fl v
> +Explain what is being done.
On second thought, "Display wh
Dear team,
The lowest valid BGP LOCAL_PREF is 0, allowing bgpd to set 0 too will
accomodate interopability.
Kind regards,
Job
--- a/usr.sbin/bgpd/parse.y
+++ b/usr.sbin/bgpd/parse.y
@@ -1988,7 +1988,7 @@ filter_set_opt: LOCALPREF NUMBER {
}
Dear team,
This patch makes 'unknown' well-known communities more of a first-class
citizen.
A powerful property of well-known communities is that (often) operators
can implement the feature associated with a given well-known community
through their local routing policy, ahead of time before
Dear team,
This patch adds support for the "graceful shutdown" well-known
community as described in draft-ietf-grow-bgp-gshut.
An example implementation would be to add the following to your
bgpd.conf:
match from any community GRACEFUL_SHUTDOWN set { localpref 0 }
Kind regards,
Job
---
Dear all,
This patch adds a '-v' option to cp(1), mv(1), and rm(1). If the '-v'
option is used, the utility will display the name of each file after it
has been successfully copied, moved or removed.
This patch rolls in feedback from recent discussion. The manpage updates
are specific as to what
Dear team,
I have the following use-case on some of my routers: ntpd will
opportunistically select a source address, regardless of whether that
source address is actually a globally routable IP address. Most of the
time this is great, but not in some deployment scenarios.
For instance, IP
On Fri, May 26, 2017 at 09:40:49PM +0200, Peter Hessler wrote:
> On 2017 May 26 (Fri) at 20:01:00 +0200 (+0200), Peter Hessler wrote:
> :Apropos of "I found it", I implemented support for RFC 7607. It's a
> :super short RFC, but basically it forbids use of AS 0 anywhere.
> :
> :OK?
>
> Fixed some
On Mon, May 29, 2017 at 12:02:33PM +0200, Michal Mazurek wrote:
> The error information for bgp was commited in 2009
> (bgpnotify_minor_cease, bgpnotify_minor_cap) but never enabled, so do
> that here. Also add FSM error codes.
perhaps add a comment like /* RFC 6608 */ above the below:
> +static
On Tue, May 30, 2017 at 01:29:07PM -0600, Theo de Raadt wrote:
> I don't think this trivial thing should be pushed into the public
> namespace.
>
> Personally I think this construct is really contrived.
ok. Another downside might be that it can negatively impact portability.
Thanks,
Job
Dear team,
Henning Brauer (off-list) made a few suggestions, which I summerized in
the following four points:
1) poor initialization style, instead of:
struct xxx yyy = {
.property = zzz
};
use:
struct xxx yyy;
yyy.property = zzz;
2) avoid
On Tue, May 30, 2017 at 10:21:17AM +0200, Michal Mazurek wrote:
> On 12:15:06, 29.05.17, Job Snijders wrote:
> > perhaps add a comment like /* RFC 6608 */ above the below:
>
> Right, it will make it more consistent.
>
> > > +static const char *bgpnotify_minor_fsm[] = {
On Sun, May 28, 2017 at 10:52:24PM +0200, Sebastian Benoit wrote:
> which makes me think:
> would a global local-address be good enough?
Attached is a patch that allows you to specify the source for outgoing
queries, as a global option. Example ntpd.conf:
query from 165.254.255.33
query
Hi,
Might be out of my depth here, but would be nice if the sstosa() is
available to everyone, not just _KERNEL
If accepted, 'define sstosa' can to be removed from
usr.sbin/ftp-proxy/ftp-proxy.c.
Kind regards,
Job
---
sys/sys/socket.h | 16 ++--
1 file changed, 10 insertions(+),
On Sun, Oct 22, 2017 at 04:04:30PM +0200, Mike Belopuhov wrote:
> > If this is as expected, OK job@
>
> It's setting the option in my build here:
>
> 15:55:20.336682 fe:e1:bb:d1:a2:f0 fe:e1:ba:d0:55:1e 0800 78: \
> 10.50.50.34.17078 > 10.50.50.1.80: S [tcp sum ok] 1313610867:1313610867(0) \
>
On Mon, Dec 04, 2017 at 02:55:16PM +0100, Alexander Bluhm wrote:
> RFC 4861 requires that all neighbor discovery packets have 255 in
> their IPv6 header hop limit field. Let pf drop neighbor solicitation,
> neighbor advertisement, router solicitation, router advertisement,
> and redirect ICMP6
On Sat, Dec 16, 2017 at 09:45:02AM +0100, Paul de Weerd wrote:
> On Fri, Dec 15, 2017 at 12:24:45PM +0100, Paul de Weerd wrote:
> | I've updated the diff to add this example as per jmc's suggestion. It
> | now has:
> |
> | - add the `-c command` feature
> | - updates usage
> | -
On Thu, Dec 14, 2017 at 09:23:29AM +0100, Paul de Weerd wrote:
> Another use I personally find very convenient is this:
>
> [weerd@pom] $ script -c "vmctl start test -c"
>
> Hope others see value here too :)
That is a great use case.
Kind regards,
Job
Goodmorning everyone,
While quite some resizing scenarios can be done from within single user
mode, resizing the root partition requires you to bring your own
growfs(8) binary into the ramdisk environment. The below patch adds
growfs(8) to the amd64 ramdisk to simplify such operations.
I tested
Thanks for the feedback.
I'll get to work on a MI patch and test on amd64 + i386, then pass it on to you.
On Mon, Nov 06, 2017 at 04:14:48PM -0700, Theo de Raadt wrote:
> I agree on that. So please put it into the correct lists files for
> all the unlimited ramdisks.
>
> Job, the situation is a little nit-picky but try to do it for all the
> architectures and I'll give you fast feedback.
This is
On Sat, Dec 09, 2017 at 06:44:44PM +0100, Theo Buehler wrote:
> Theo asked me to make sure that all our shells print a prompt
> including the hostname by default.
Thank you. This is a significant improvement.
I keep finding myself updating /etc/profile everywhere to ensure I don't
lose my
This has been committed. Since the patch changed the userland ABI, don't
forget to rebuild (at least) fstat, netstat & tcpbench.
Kind regards,
Job
On Tue, Oct 24, 2017 at 03:21:08PM +0200, Mike Belopuhov wrote:
> I didn't do it because tcp_var.h is where tcp keeps all of it's prototypes
> but I don't mind moving them into tcp_input.c. Any objections? Otherwise
> I'll check in the diff below.
ok job@
Dear all,
This patch builds upon the work shared in the following email. Mike's
patch is a prerequisite to apply this patch.
Date: Tue, 24 Oct 2017 15:21:08 +0200
From: Mike Belopuhov
Subject: Re: Refactor TCP partial ACK handling
TCP_FACK was
On Thu, Oct 19, 2017 at 06:55:05PM +0200, Mike Belopuhov wrote:
> SACK has been enabled in GENERIC kernels for over a decade and it's
> time to make it an official part of the TCP stack.
I tested your diff by doing an amd64 release build and testing both the
newly created /bsd and /bsd.rd, I
on/do_command.c
index 6a4022fcc9a..4fbca61d170 100644
--- usr.sbin/cron/do_command.c
+++ usr.sbin/cron/do_command.c
@@ -3,6 +3,7 @@
/* Copyright 1988,1990,1993,1994 by Paul Vixie
* Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC")
* Copyright (c) 1997,2000 by Internet Softwar
OK job@
On Sun, 17 Jun 2018 at 17:00, Florian Obser wrote:
> I like it, I think the heuristic is good enough.
>
> OK florian@ or I take OKs to commit it myself ;)
>
> On Sun, May 20, 2018 at 07:48:34PM +0100, Mikolaj Kucharski wrote:
> > Hi,
> >
> > This is very naive patch for whois(1) which
ISC")
* Copyright (c) 1997,2000 by Internet Software Consortium, Inc.
+ * Copyright (c) 2018 Job Snijders
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -80,7 +81,6 @@ child
On Wed, May 30, 2018 at 03:18:45PM +0200, Claudio Jeker wrote:
> This adds a protection to handle aspaths overly large attributes in
> bgpd. The main idea is to protect other bgp routes downstream for
> hitting the limit with is often not well catched.
I am not sure this is sound logic. The BGP
On Wed, Jun 06, 2018 at 11:04:56PM +0200, Claudio Jeker wrote:
> The following diff does a few things.
> a) it removes the `announce (all|none|self|default-route)` version
> b) `announce none` is now `export none`
> c) `announce default-route` is now `export default-route`
> d) the examples file
On Thu, Jun 07, 2018 at 12:14:07PM +0200, Claudio Jeker wrote:
> > It would be helpful during upgrades if it's possible to write some
> > configurations that work the same on both the old and new versions.
> > That way the configuration can be changed to a version which will
> > still work before
On Thu, Jun 21, 2018 at 08:59:45PM +0200, Claudio Jeker wrote:
> This is the first step of some larger reshuffling of how the RDE is
> working. One of the things needed is proper reference counting for
> nexthops since I want to kill nexthop_link and nexthop_unlink in the
> long run.
>
> Even
Hi,
On Sat, Jan 6, 2018 at 9:53 AM, Christoph R. Murauer wrote:
> Here is a diff for the missing -rOPENBSD_6_2 branch to update the
> -stable CVS trees as described in https://www.openbsd.org/anoncvs.html
> at Updating an existing tree.
I don't think this is needed in this context
On Thu, Jan 18, 2018 at 12:22:21PM +, Stuart Henderson wrote:
> A flag (fsck_flags) would be a better idea than a file, and more
> flexible (users with many disks and low RAM could use the same
> mechanism to force "-l 1" for example).
fsck_flags would be an idea. I prefer not to bring local
On Fri, Feb 02, 2018 at 02:38:54PM +0100, Pierre Emeriaud wrote:
> While playing with bgplg I noticed that 'show ip bgp detail as' error
> message is wrong: expects an AS number but asks for a prefix.
Thanks! Committed.
Kind regards,
Job
Hi all,
I often observed on my Thinkpad x270 that after an upgrade via bsd.rd,
the first reboot resulted in keystrokes being garbage (and at second
reboot everything was fine again).
The below patch seems to be an improvement.
Kind regards,
Job
On Tue, Jan 02, 2018 at 09:36:49AM -0600, joshua
Hi,
Globally anycasted 6to4 has outlived its usefulness.
Operational discussion: http://seclists.org/nanog/2018/Jun/268
Kind regards,
Job
diff --git etc/examples/bgpd.conf etc/examples/bgpd.conf
index a5fa7234a3c..77f610b9a06 100644
--- etc/examples/bgpd.conf
+++ etc/examples/bgpd.conf
@@
On Thu, Aug 09, 2018 at 03:10:11PM +0200, Claudio Jeker wrote:
> Per rfc6472 AS_SET should no longer be used but some AS still do.
> Until now source-as would take the rightmost AS number of an AS_PATH
> no matter if it was an AS_SEQUENCE or an AS_SET. Thit is not correct.
Indeed, good find!
>
Hi,
I'm optimistic about this patch: where previously running traffic
through this router over gif
tunnels would result in memory exhaustion, the problem now seems gone.
memory graph: http://instituut.net/~job/screenshots/ee7f0fa5304032a2.png
Should perhaps an errata / syspatch blob be prepared
https://en.wikipedia.org/wiki/If_and_only_if
As a non-native speaker, it took some years before I realized the use of
“iff” is not a typo.
Kind regards,
Job
When things arrive out of sequence, that usually is of special interest to
network operator people. Not sure the sequence field can easily be
overloaded to increase “validity”.
I’m not great at math, with a 16 bit random value, wouldn’t we start
running into ID collisions around 256 concurrent
On Sun, Apr 01, 2018 at 11:29:55AM +0100, Stuart Henderson wrote:
> On 2018/03/31 16:10, Job Snijders wrote:
> > TL;DR: I propose to update the defaults to use DSCP "AF21" (Low
> > Latency Data) for interactive session traffic, and CS1 ("Lower
> > Effort")
Dear all,
There may be opportunity for improvement of ssh(1) and sshd(8)'s default
QoS markers for better integration in environments that can offer either
layer-2 or layer-3 prioritisation profiles. Currently ssh(1) and sshd(8)
set obsoleted values 'lowdelay' for interactive sessions and
Claudio,
How best to test this change proposal? Should this maybe be tested on
one of the yycix route servers?
I'll let it run on my home router, if that doesn't cause issues in a
week or so; we can consider rs2.yycix.ca
Kind regards,
Job
On Fri, Mar 02, 2018 at 04:55:23PM +0100, Claudio
OK job@
Shouldnt we already bomb out at the following?
cannot bind to 0.0.0.0:179: Address already in use
cannot bind to [::]:179: Address already in use
In any regard, I agree with the functionality proposed. No strong opinion
on the diff itself.
Kind regards,
Job
On Sun, Nov 11, 2018 at 22:35 Remi
Dear all,
This small patch exposes the origin validation state in 'bgpctl show
rib' and 'bgpctl show rib detail'. This will help debugging, and draw
attention to routing problems.
I know we're weary of spending horizontal space, but I think spending 3
chars to show the OV state (and as such make
On Tue, Sep 25, 2018 at 12:23:48PM +0200, Claudio Jeker wrote:
> On Sat, Sep 22, 2018 at 09:48:24PM +0000, Job Snijders wrote:
> > Seems we are getting very close. Some suggestions to simplify the
> > experience for the end user.
> >
> > Let's start with supporting jus
Hi claudio,
Seems we are getting very close. Some suggestions to simplify the
experience for the end user.
Let's start with supporting just one (unnamed) roa-set, so far I've
really not come across a use case where multiple ROA tables are useful.
I say this having implemented origin validation
On Fri, Sep 21, 2018 at 05:29:24PM +0200, Claudio Jeker wrote:
> I currently use the RIPE RPKI validator to grab a JSON file (e.g.
> http://localcert.ripe.net:8088/export.json) and feed that to this perl
> script to convert it into bgpd syntax:
For now I recommend using
On Mon, Dec 03, 2018 at 12:14:13PM +0100, Claudio Jeker wrote:
> There is a trivial optimization that bgpd can do when loading the filter
> ruleset. If the rule is the same as the previous rule than the filterset
> can be merged. e.g.
>
> match from ebgp set community delete $myAS:*
>
On Thu, Nov 22, 2018 at 05:56:20PM +0100, Claudio Jeker wrote:
> On Tue, Nov 13, 2018 at 06:53:55PM +0100, Claudio Jeker wrote:
> > This is a large diff that changes the way communities are stored in
> > filters and filter_sets. Both standard communities and large communities
> > now share the
Hi Claudio,
On Fri, Nov 23, 2018 at 03:55:18PM +0100, Claudio Jeker wrote:
> For origin validation I chacked the source_as in struct rde_aspath
> this is not really the right place. It should be in struct aspath
> since that holds all the ASPATH related stuff. Change this, move
> aspath_match out
On Tue, Nov 27, 2018 at 06:23:53PM +0100, Claudio Jeker wrote:
> On Tue, Nov 27, 2018 at 04:21:53PM +0100, Job Snijders wrote:
> > On Fri, Nov 23, 2018 at 03:55:18PM +0100, Claudio Jeker wrote:
> > > For origin validation I chacked the source_as in struct rde_aspath
> &
Dear Claudio,
On Fri, Sep 14, 2018 at 04:59:51PM +0200, Claudio Jeker wrote:
> This diff extends the existing trie code for prefix-set to also work with
> roa-set. Unlike prefix-set there is no need for a prefixlen mask during
> lookup, instead the source-as needs to be checked and also if the
>
Dear all,
I've consulted with numerous user interface experts, their consistent
advice was to facilitate internalization by provoking simpler, stronger
emotions through the text based interface.
bgpctl(8) will now provide simplified 'SAD' or 'HAPPY' ascii ideograms
to help network operators
On Fri, May 17, 2019 at 2:13 PM Stuart Henderson wrote:
> On 2019/05/16 23:37, Rachel Roch wrote:
> > > RFC3513 says this:
> > >
> > > o An anycast address must not be used as the source address of
> > > an IPv6 packet.
> > >
> > > o An anycast address must not be assigned to an IPv6 host,
On Mon, May 13, 2019 at 21:11 Claudio Jeker
wrote:
> When using a rule forcing the nexthop to a specific address bgpd
> currently does not mark that nexthop as no-modify. In other words
> the default rules for nexthop propagation applies. This means that
> for ebgp it only sends out the set
Hi,
On Mon, May 13, 2019 at 09:03:41PM +0200, Claudio Jeker wrote:
> When using a rule forcing the nexthop to a specific address bgpd
> currently does not mark that nexthop as no-modify. In other words
> the default rules for nexthop propagation applies. This means that
> for ebgp it only sends
On Tue, May 28, 2019 at 05:17:08PM +0200, Claudio Jeker wrote:
> On Tue, May 28, 2019 at 01:28:32PM +0200, Job Snijders wrote:
> > On Mon, May 13, 2019 at 09:03:41PM +0200, Claudio Jeker wrote:
> > > When using a rule forcing the nexthop to a specific address bgpd
> > &
Hi,
On Mon, Jun 24, 2019 at 12:41:08PM +0200, Claudio Jeker wrote:
> I think it is time to remove the bgpctl irrfilter code. It is not
> useful and it is better to use tools like bgpq3 to build as-sets and
> prefix-sets for bgpd filtering.
Agreed. I'd love to have a replacement in base some day,
OK job@
On Sat, May 11, 2019 at 14:37 Claudio Jeker
wrote:
> bgpd already got support for extended shutdown communication messages.
> This adds the same support to tcpdump.
>
> OK?
> --
> :wq Claudio
>
> Index: print-bgp.c
> ===
>
On Thu, May 23, 2019 at 19:50 Denis wrote:
>
> SCTP(4) present in FreeBSD 12.0
>
> OpenBSD implementation planned?
Nothing planned as far as I know.
Out of curiosity - what is your use case? Do you really use it? It doesn’t
seem to be a widely used protocol.
Kind regards,
Job
On Wed, Jul 10, 2019 at 10:08:38PM +0200, Claudio Jeker wrote:
> This diff is a bit of a monster. It changes the Adj-RIB-Out to be a
> peer specific set of RB trees instead of using a rib in the original
> sense. The reason for this is that the more peers a system has the
> more elements end up
On Thu, Aug 08, 2019 at 11:48:08AM +0200, Claudio Jeker wrote:
> With the introduction of re-exec of the childs the config parsing happened
> after bgpd demonized. This is super annoying and therefor this diff
> changes that. It will make bgpd fail on startup if there is an issue with
> the config
Dear all,
Scratching a small itch: telnet(1) nicely prints what IP addresses it is
attempting to connect to, I'd like 'nc -v' to do the same, see below:
$ nc -v localhost 23
nc: connect to localhost (127.0.0.1) port 23 (tcp) failed: Connection refused
nc: connect to localhost (::1) port 23 (tcp)
On Tue, Oct 08, 2019 at 09:57:42PM -0600, Theo de Raadt wrote:
> Sometime in the last week OpenBSD crossed 400,000 commits (*) upon all
> our repositories since starting at 1995/10/18 08:37:01
> Canada/Mountain. That's a lot of commits by a lot of amazing people.
Great achievement! Time to pop a
We are still at the early stages of RPKI deployment, so if we make it easier to
plug things into BIRD1 is beneficial given the wide deployment scale.
Only /very/ recently was rpki-client packaged for some of the Linux distros, so
if we add support for all formats now - it’ll improve the
I think we still need to support BIRD 1 for the foreseeable future, NIC.CZ
hasn’t communicated plans to deprecate BIRD1 and still supports it; and BIRD1
still is widely deployed.
I’m somewhat preferential to just generate all 3 BIRD flavors if -B is given as
command line option.
Kind regards,
On Wed, Mar 4, 2020, at 00:55, Robert Scheck wrote:
> > The idea is you can specify many outputs. That will make the commandline
> > very long, especially for the way we run it in cron.
>
> Oh! I'm sorry, I didn't see the idea of specifying many outputs.
Yeah, its nice to do things in one batch
On Fri, Mar 06, 2020 at 12:24:18PM +0100, Sebastian Benoit wrote:
> Robert Scheck(rob...@fedoraproject.org) on 2020.03.03 01:20:24 +0100:
> > job@ suggested to move this from GitHub to tech@ list (as upstream):
> >
> > 1. Currently, BIRD 1.x support in rpki-client seems to be broken: As per
> >
I have a small suggestion, in some deployments I saw the convention to
name it as following so it is clear the data came from user provided
data rather than internal bird structures
I tested Benno's patch against BIRD 1.6.6 - wfm.
Index: main.c
On Sat, Jan 25, 2020 at 11:36:53PM +1100, Damien Miller wrote:
> This adds a #define for the "lower effort" DSCP code point specified
> by https://tools.ietf.org/html/rfc8622
>
> People have asked to be able to use this OpenSSH for "don't care"
> traffic.
>
> ok?
OK job@
On Wed, Jan 22, 2020 at 05:02:32AM +0100, Claudio Jeker wrote:
> This diff implements 'max-prefix NUM out' which is a simple way to
> avoid leaking full tables to upstream or peers. If the limit is
> triggered the session will be closed with a NOTIFICATION (kind of
> suicide for the good of the
On Tue, Jan 28, 2020 at 03:03:47PM +0100, Gerhard Roth wrote:
> this patch adds IPv6 support to umb(4).
OK job@
Tested with 'telnet -6 towel.blinkenlights.nl' on Fibocom L831-EAU on
IIJ MIO's network (Japan), with 'inet6 autoconf' in /etc/hostname.umb0 :-)
job@vurt ~$ doas ifconfig umb0
umb0:
On Fri, Mar 06, 2020 at 07:11:56PM +0100, Robert Scheck wrote:
> On Fri, 06 Mar 2020, Sebastian Benoit wrote:
> > Note that I haven't tried this with bird 1 or 2 yet ;)
> > comments, oks?
>
> I did not try it yet, but I think BIRD 1 also needs something like "define
> force_roa_table_update =
1 - 100 of 245 matches
Mail list logo