[PATCH] renumber CARP virtual host ID range

Hi all, Following a discussion on the NANOG mailing regarding the overlap between MAC addresses assigned to VRRP [1] and virtual host IDs as used in the CARP protocol, it was suggested to use a range dedicated to CARP [2]. Ytti assigned 74-66-30-FF-FE-00 .. 74-66-30-FF-FE-FF. * Improve

Re: Speeding up openbsd on amd64 MP

On Sun, Sep 14, 2014 at 02:54:54PM +0200, Stefan Fritsch wrote: I would like people to test the diffs on other machines. In particular on non-Intel CPUs. The only AMD system I could get hold of did not run reliably with openbsd even without the pmap diff. I tested MP 'kernel -j 2' on a PC

Re: Speeding up openbsd on amd64 MP

On Sun, Sep 14, 2014 at 06:54:40PM +0200, Stefan Fritsch wrote: On Sun, 14 Sep 2014, Job Snijders wrote: I tested MP 'kernel -j 2' on a PC Engines apu1c4 (AMD G series T40E, 1 GHz dual Bobcat core with 64 bit support) and saw no speedup. Thanks. But no slowdown either? No slowdown either

Re: rwho on OpenBSD 5.6

On Sun, Nov 09, 2014 at 01:36:59PM -0700, Theo de Raadt wrote: I just updated to OpenBSD 5.6 and I was happy to see that rcp, rsh, rshd, rwho, rwhod, etc have been removed (at least according to the Changelog). However, the upgrade instructions fail to mention that files like /etc/rc.d/rwhod

Re: rwho on OpenBSD 5.6

On Sun, Nov 09, 2014 at 10:02:32PM +, Stuart Henderson wrote: I was answering the specific point about the _exact_ same state as a clean 5.6 installation there. There are some specific cases where it makes a lot of sense to tell people to rm things (e.g. base program moved to ports). And

tcpdump: decode Large BGP Communities

This patch adds support to tcpdump(8) to decode Large BGP Communities in human readable form. Example: [ snip ] BGP (UPDATE: (Path attributes: (ORIGIN[T] IGP) (AS_PATH[T] 65000) (NEXT_HOP[T] pxtr-2.meerval.net) (COMMUNITIES[OT] 666:666

Re: openbgpd: support for bgp administrative shutdown communication

Dear all, The below is based on feedback from Sebastian Benoit, Theo de Raadt, and Peter Hessler. The patch adds less lines of code, and adheres better to style(9). Thank you for your time. Kind regards, Job Index: bgpctl/bgpctl.8

tcpdump: decode BGP Administrative Shutdown Communication

This patch adds support to tcpdump(8) to decode BGP Administrative Shutdown Communications in human readable form. The draft-ietf-idr-shutdown (https://tools.ietf.org/html/draft-ietf-idr-shutdown) specification documents a mechanism to transmit a short freeform UTF-8 message as part of a BGP

openbgpd: support for bgp administrative shutdown communication

rk has been tested against pmacct and exabgp which also support draft-ietf-idr-shutdown. The BGP Administrative Shutdown Communication feature for OpenBGPD was developed by Peter van Dijk <peter.van.d...@powerdns.com> and Job Snijders <j...@ntt.

[PATCH] openbgpd: Add support for BGP Validation State Communities (RFC 8097)

Dear all, BGP Origin Validation State communities are non-transitive opaque extended communities to carry the origination Autonomous System validation state inside an autonomous system. IBGP speakers that receive this validation state can configure local policies that allow it to influence their

Re: [PATCH] openbgpd: Add support for BGP Validation State Communities (RFC 8097)

On Wed, Mar 29, 2017 at 12:14:24AM +0200, Sebastian Benoit wrote: > Job Snijders(j...@instituut.net) on 2017.03.28 14:12:42 -0500: > > > > match from any \ > > set { ext-community bovs not-found \ > > do other implementations call this "bovs"?

Re: tcpdump: decode BGP Administrative Shutdown Communication

Hi OpenBSD, bgpd(8) as shipped in OpenBSD 6.1 supports draft-ietf-idr-shutdown-07. The below patch adds support to tcpdump(8) to decode such shutdown communication. This is an improved version of the patch proposal I sent in January. Kind regards, Job diff --git

Re: tcpdump: decode BGP Administrative Shutdown Communication

On Mon, Apr 17, 2017 at 01:56:17PM -0600, Theo de Raadt wrote: > + memset(string, 0, 129); > + memcpy(string, p+1, shutdown_comm_length); > + safeputs(string); > > Please don't copy numbers like that. If

Re: tcpdump: decode BGP Administrative Shutdown Communication

Hi all, Daan Keuper (Computest) was kind enough to review the diff, he pointed out the following: safeputs() expects a null-terminated string. Since shutdown_comm_length won't exceed BGP_NOTIFY_MINOR_CEASE_ADMIN_SHUTDOWN_LEN (128), the following will ensure a null-terminated string is passed to

Re: netstat(1) print PID for sockets.

On Sat, Jul 01, 2017 at 08:50:36PM +0200, Sebastian Benoit wrote: > Sebastian Benoit(be...@openbsd.org) on 2017.07.01 20:40:17 +0200: > > oks for this? > > /* filter listening sockets out unless -a is set */ > - if (!aflag && istcp && kf->t_state <= TCPS_LISTEN) > + if (!(aflag ||

Re: [PATCH 2/3] openbgpd: Add support for 'unknown' well-known communities

Small update. I renamed the 'msb' argument ('most significant bits') to 'part' to improve readability. In Community 15562:4, '15562' is part 0 and the '4' is part 1. Same type of logic might be useful down the road for Large Communities which would have 3 parts. - Job diff --git

Re: [PATCH] cp(1): add -v option for verbosity

Dear Alexander, On Sun, Jun 25, 2017 at 06:13:40PM +0200, Alexander Hall wrote: > On June 25, 2017 2:06:20 PM GMT+02:00, Job Snijders <j...@instituut.net> > wrote: > >This patch adds a -v option to cp(1) for more verbose output. > > > > $ touch a b;

Re: [PATCH] rm(1): add -v option for verbosity

Hi Ingo, Thanks for taking the time to review this. On Sun, Jun 25, 2017 at 03:12:26PM +0200, Ingo Schwarze wrote: > Job Snijders wrote on Sun, Jun 25, 2017 at 02:06:16PM +0200: > > > This patch adds a '-v' option to rm(1) for more verbose output. > > Do not add new o

Re: [PATCH 2/3] openbgpd: Add support for 'unknown' well-known communities

On Sun, Jun 25, 2017 at 02:09:22PM +0200, Peter Hessler wrote: > : $ bgpctl show rib community WELLKNOWN:0 > : .. > : $ bgpctl show rib community WELLKNOWN:* > : .. > > Eh, I don't really see a reason to have syntatic sugar for > '65535'. In this case, I'm

[PATCH] rm(1): add -v option for verbosity

Hi all, This patch adds a '-v' option to rm(1) for more verbose output. $ mkdir a; touch a/b; touch c $ rm -rfv * removed 'a/b' removed directory 'a' removed 'c' Kind regards, Job diff --git bin/rm/rm.1 bin/rm/rm.1 index 5c8aefaab7d..7de2c7067ee 100644

[PATCH] mv(1): add -v option for verbosity

Hi all, This patch adds a -v option to mv(1) for more verbose output. $ touch a $ mv -v a b 'a' -> 'b' $ mkdir c $ mv -v b c 'b' -> 'c/b' $ mv -v c d 'e' -> 'd' And here is an example of the output of the situation mentioned in the

[PATCH] cp(1): add -v option for verbosity

Dear team, This patch adds a -v option to cp(1) for more verbose output. $ touch a b; mkdir c $ cp -v a b c 'a' -> 'c/a' 'b' -> 'c/b' $ cp -rv c d 'c' -> 'd/' 'c/a' -> 'd/a' 'c/b' -> 'd/b' Kind regards, Job diff --git bin/cp/cp.1

Re: [PATCH] cp(1): add -v option for verbosity

On Sun, Jun 25, 2017 at 02:06:20PM +0200, Job Snijders wrote: > This patch adds a -v option to cp(1) for more verbose output. NetBSD/FreeBSD/DragonFly/OSX's cp(1) with "-v" print file names without the single quotes, which might indeed be more appealing to the eye: $ touch

Re: [PATCH 2/3] openbgpd: Add support for 'unknown' well-known communities

On Sun, Jun 25, 2017 at 11:41:05PM +0200, Sebastian Benoit wrote: > ok > > as wor the WELLKNOWN, what do other implementations do? I'm not aware of other implementations that do a blanket replacement of "65535:" with something like "WELLKNOWN:" in their CLI output. Most implementations (after

Re: [PATCH] rm(1): add -v option for verbosity

On Sun, Jun 25, 2017 at 04:09:11PM +0200, Job Snijders wrote: > --- bin/rm/rm.1 > +++ bin/rm/rm.1 > @@ -95,6 +95,8 @@ that directory is skipped. > .It Fl r > Equivalent to > .Fl R . > +.It Fl v > +Explain what is being done. On second thought, "Display wh

[PATCH 1/3] openbgpd: Allow localpref of zero

Dear team, The lowest valid BGP LOCAL_PREF is 0, allowing bgpd to set 0 too will accomodate interopability. Kind regards, Job --- a/usr.sbin/bgpd/parse.y +++ b/usr.sbin/bgpd/parse.y @@ -1988,7 +1988,7 @@ filter_set_opt: LOCALPREF NUMBER { }

[PATCH 2/3] openbgpd: Add support for 'unknown' well-known communities

Dear team, This patch makes 'unknown' well-known communities more of a first-class citizen. A powerful property of well-known communities is that (often) operators can implement the feature associated with a given well-known community through their local routing policy, ahead of time before

[PATCH 3/3] openbgpd: Add well-known community GRACEFUL_SHUTDOWN

Dear team, This patch adds support for the "graceful shutdown" well-known community as described in draft-ietf-grow-bgp-gshut. An example implementation would be to add the following to your bgpd.conf: match from any community GRACEFUL_SHUTDOWN set { localpref 0 } Kind regards, Job ---

[PATCH] bin: Add -v option to cp(1), mv(1), rm(1)

Dear all, This patch adds a '-v' option to cp(1), mv(1), and rm(1). If the '-v' option is used, the utility will display the name of each file after it has been successfully copied, moved or removed. This patch rolls in feedback from recent discussion. The manpage updates are specific as to what

[PATCH] ntpd: allow to specify a source IP address for outgoing queries

Dear team, I have the following use-case on some of my routers: ntpd will opportunistically select a source address, regardless of whether that source address is actually a globally routable IP address. Most of the time this is great, but not in some deployment scenarios. For instance, IP

Re: [bgpd] RFC 7607 Codification of AS 0 Processing

On Fri, May 26, 2017 at 09:40:49PM +0200, Peter Hessler wrote: > On 2017 May 26 (Fri) at 20:01:00 +0200 (+0200), Peter Hessler wrote: > :Apropos of "I found it", I implemented support for RFC 7607. It's a > :super short RFC, but basically it forbids use of AS 0 anywhere. > : > :OK? > > Fixed some

Re: tcpdump: enable some more bgp info

On Mon, May 29, 2017 at 12:02:33PM +0200, Michal Mazurek wrote: > The error information for bgp was commited in 2009 > (bgpnotify_minor_cease, bgpnotify_minor_cap) but never enabled, so do > that here. Also add FSM error codes. perhaps add a comment like /* RFC 6608 */ above the below: > +static

Re: sys/socket.h: make sstosa() available to everyone

On Tue, May 30, 2017 at 01:29:07PM -0600, Theo de Raadt wrote: > I don't think this trivial thing should be pushed into the public > namespace. > > Personally I think this construct is really contrived. ok. Another downside might be that it can negatively impact portability. Thanks, Job

Re: [PATCH] ntpd: allow to specify a source IP address for outgoing queries

Dear team, Henning Brauer (off-list) made a few suggestions, which I summerized in the following four points: 1) poor initialization style, instead of: struct xxx yyy = { .property = zzz }; use: struct xxx yyy; yyy.property = zzz; 2) avoid

Re: tcpdump: enable some more bgp info

On Tue, May 30, 2017 at 10:21:17AM +0200, Michal Mazurek wrote: > On 12:15:06, 29.05.17, Job Snijders wrote: > > perhaps add a comment like /* RFC 6608 */ above the below: > > Right, it will make it more consistent. > > > > +static const char *bgpnotify_minor_fsm[] = {

Re: [PATCH] ntpd: allow to specify a source IP address for outgoing queries

On Sun, May 28, 2017 at 10:52:24PM +0200, Sebastian Benoit wrote: > which makes me think: > would a global local-address be good enough? Attached is a patch that allows you to specify the source for outgoing queries, as a global option. Example ntpd.conf: query from 165.254.255.33 query

sys/socket.h: make sstosa() available to everyone

Hi, Might be out of my depth here, but would be nice if the sstosa() is available to everyone, not just _KERNEL If accepted, 'define sstosa' can to be removed from usr.sbin/ftp-proxy/ftp-proxy.c. Kind regards, Job --- sys/sys/socket.h | 16 ++-- 1 file changed, 10 insertions(+),

Re: Enable TCP selective acknowledgements (SACK) on all kernels

On Sun, Oct 22, 2017 at 04:04:30PM +0200, Mike Belopuhov wrote: > > If this is as expected, OK job@ > > It's setting the option in my build here: > > 15:55:20.336682 fe:e1:bb:d1:a2:f0 fe:e1:ba:d0:55:1e 0800 78: \ > 10.50.50.34.17078 > 10.50.50.1.80: S [tcp sum ok] 1313610867:1313610867(0) \ >

Re: pf neighbor discovery hop limit

On Mon, Dec 04, 2017 at 02:55:16PM +0100, Alexander Bluhm wrote: > RFC 4861 requires that all neighbor discovery packets have 255 in > their IPv6 header hop limit field. Let pf drop neighbor solicitation, > neighbor advertisement, router solicitation, router advertisement, > and redirect ICMP6

Re: Add "-c command" option to script(1)

On Sat, Dec 16, 2017 at 09:45:02AM +0100, Paul de Weerd wrote: > On Fri, Dec 15, 2017 at 12:24:45PM +0100, Paul de Weerd wrote: > | I've updated the diff to add this example as per jmc's suggestion. It > | now has: > | > | - add the `-c command` feature > | - updates usage > | -

Re: Add "-c command" option to script(1)

On Thu, Dec 14, 2017 at 09:23:29AM +0100, Paul de Weerd wrote: > Another use I personally find very convenient is this: > > [weerd@pom] $ script -c "vmctl start test -c" > > Hope others see value here too :) That is a great use case. Kind regards, Job

[PATCH] amd64/bsd.rd: add growfs(8)

Goodmorning everyone, While quite some resizing scenarios can be done from within single user mode, resizing the root partition requires you to bring your own growfs(8) binary into the ramdisk environment. The below patch adds growfs(8) to the amd64 ramdisk to simplify such operations. I tested

Re: [PATCH] amd64/bsd.rd: add growfs(8)

Thanks for the feedback. I'll get to work on a MI patch and test on amd64 + i386, then pass it on to you.

Re: [PATCH] amd64/bsd.rd: add growfs(8)

On Mon, Nov 06, 2017 at 04:14:48PM -0700, Theo de Raadt wrote: > I agree on that. So please put it into the correct lists files for > all the unlimited ramdisks. > > Job, the situation is a little nit-picky but try to do it for all the > architectures and I'll give you fast feedback. This is

Re: Include hostname in shell prompts by default

On Sat, Dec 09, 2017 at 06:44:44PM +0100, Theo Buehler wrote: > Theo asked me to make sure that all our shells print a prompt > including the hostname by default. Thank you. This is a significant improvement. I keep finding myself updating /etc/profile everywhere to ensure I don't lose my

Re: Remove TCP_FACK

This has been committed. Since the patch changed the userland ABI, don't forget to rebuild (at least) fstat, netstat & tcpbench. Kind regards, Job

Re: Refactor TCP partial ACK handling

On Tue, Oct 24, 2017 at 03:21:08PM +0200, Mike Belopuhov wrote: > I didn't do it because tcp_var.h is where tcp keeps all of it's prototypes > but I don't mind moving them into tcp_input.c. Any objections? Otherwise > I'll check in the diff below. ok job@

Remove TCP_FACK

Dear all, This patch builds upon the work shared in the following email. Mike's patch is a prerequisite to apply this patch. Date: Tue, 24 Oct 2017 15:21:08 +0200 From: Mike Belopuhov Subject: Re: Refactor TCP partial ACK handling TCP_FACK was

Re: Enable TCP selective acknowledgements (SACK) on all kernels

On Thu, Oct 19, 2017 at 06:55:05PM +0200, Mike Belopuhov wrote: > SACK has been enabled in GENERIC kernels for over a decade and it's > time to make it an official part of the TCP stack. I tested your diff by doing an amd64 release build and testing both the newly created /bsd and /bsd.rd, I

Re: [patch] crontab(5) add -n option to suppress mail when the run was successful

on/do_command.c index 6a4022fcc9a..4fbca61d170 100644 --- usr.sbin/cron/do_command.c +++ usr.sbin/cron/do_command.c @@ -3,6 +3,7 @@ /* Copyright 1988,1990,1993,1994 by Paul Vixie * Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC") * Copyright (c) 1997,2000 by Internet Softwar

Re: Should whois(1) and IPv6 default to ANICHOST?

OK job@ On Sun, 17 Jun 2018 at 17:00, Florian Obser wrote: > I like it, I think the heuristic is good enough. > > OK florian@ or I take OKs to commit it myself ;) > > On Sun, May 20, 2018 at 07:48:34PM +0100, Mikolaj Kucharski wrote: > > Hi, > > > > This is very naive patch for whois(1) which

[patch] crontab(5) add -n option to suppress mail when the run was successful

ISC") * Copyright (c) 1997,2000 by Internet Software Consortium, Inc. + * Copyright (c) 2018 Job Snijders * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -80,7 +81,6 @@ child

Re: bgpd ignore aspath with to large attributes

On Wed, May 30, 2018 at 03:18:45PM +0200, Claudio Jeker wrote: > This adds a protection to handle aspaths overly large attributes in > bgpd. The main idea is to protect other bgp routes downstream for > hitting the limit with is often not well catched. I am not sure this is sound logic. The BGP

Re: bgpd: stop with the announce confusion

On Wed, Jun 06, 2018 at 11:04:56PM +0200, Claudio Jeker wrote: > The following diff does a few things. > a) it removes the `announce (all|none|self|default-route)` version > b) `announce none` is now `export none` > c) `announce default-route` is now `export default-route` > d) the examples file

Re: bgpd: stop with the announce confusion

On Thu, Jun 07, 2018 at 12:14:07PM +0200, Claudio Jeker wrote: > > It would be helpful during upgrades if it's possible to write some > > configurations that work the same on both the old and new versions. > > That way the configuration can be changed to a version which will > > still work before

Re: BGPD - refactor nexthop handling

On Thu, Jun 21, 2018 at 08:59:45PM +0200, Claudio Jeker wrote: > This is the first step of some larger reshuffling of how the RDE is > working. One of the things needed is proper reference counting for > nexthops since I want to kill nexthop_link and nexthop_unlink in the > long run. > > Even

Re: [patch] faq5.html, added missing branch to update -stable trees.

Hi, On Sat, Jan 6, 2018 at 9:53 AM, Christoph R. Murauer wrote: > Here is a diff for the missing -rOPENBSD_6_2 branch to update the > -stable CVS trees as described in https://www.openbsd.org/anoncvs.html > at Updating an existing tree. I don't think this is needed in this context

Re: /etc/rc: fsck -y

On Thu, Jan 18, 2018 at 12:22:21PM +, Stuart Henderson wrote: > A flag (fsck_flags) would be a better idea than a file, and more > flexible (users with many disks and low RAM could use the same > mechanism to force "-l 1" for example). fsck_flags would be an idea. I prefer not to bring local

Re: [PATCH] bgplg error message fix

On Fri, Feb 02, 2018 at 02:38:54PM +0100, Pierre Emeriaud wrote: > While playing with bgplg I noticed that 'show ip bgp detail as' error > message is wrong: expects an AS number but asks for a prefix. Thanks! Committed. Kind regards, Job

Re: pckbd: go back to using table 2 by default

Hi all, I often observed on my Thinkpad x270 that after an upgrade via bsd.rd, the first reboot resulted in keystrokes being garbage (and at second reboot everything was fine again). The below patch seems to be an improvement. Kind regards, Job On Tue, Jan 02, 2018 at 09:36:49AM -0600, joshua

Add 6to4 anycast prefixes to examples/bgpd.conf

Hi, Globally anycasted 6to4 has outlived its usefulness. Operational discussion: http://seclists.org/nanog/2018/Jun/268 Kind regards, Job diff --git etc/examples/bgpd.conf etc/examples/bgpd.conf index a5fa7234a3c..77f610b9a06 100644 --- etc/examples/bgpd.conf +++ etc/examples/bgpd.conf @@

Re: bgpd: refine source-as matching

On Thu, Aug 09, 2018 at 03:10:11PM +0200, Claudio Jeker wrote: > Per rfc6472 AS_SET should no longer be used but some AS still do. > Until now source-as would take the rightmost AS number of an AS_PATH > no matter if it was an AS_SEQUENCE or an AS_SET. Thit is not correct. Indeed, good find! >

Re: high sofnet load with gif(4) and icmp

Hi, I'm optimistic about this patch: where previously running traffic through this router over gif tunnels would result in memory exhaustion, the problem now seems gone. memory graph: http://instituut.net/~job/screenshots/ee7f0fa5304032a2.png Should perhaps an errata / syspatch blob be prepared

Re: Eliminate trailing whitespace & typo in chmod

https://en.wikipedia.org/wiki/If_and_only_if As a non-native speaker, it took some years before I realized the use of “iff” is not a typo. Kind regards, Job

Re: Stop ping telling world its pid

When things arrive out of sequence, that usually is of special interest to network operator people. Not sure the sequence field can easily be overloaded to increase “validity”. I’m not great at math, with a 16 bit random value, wouldn’t we start running into ID collisions around 256 concurrent

Re: [PATCH] Update default QoS markers for ssh

On Sun, Apr 01, 2018 at 11:29:55AM +0100, Stuart Henderson wrote: > On 2018/03/31 16:10, Job Snijders wrote: > > TL;DR: I propose to update the defaults to use DSCP "AF21" (Low > > Latency Data) for interactive session traffic, and CS1 ("Lower > > Effort")

[PATCH] Update default QoS markers for ssh

Dear all, There may be opportunity for improvement of ssh(1) and sshd(8)'s default QoS markers for better integration in environments that can offer either layer-2 or layer-3 prioritisation profiles. Currently ssh(1) and sshd(8) set obsoleted values 'lowdelay' for interactive sessions and

Re: handle updates via Adj-RIB-Out

Claudio, How best to test this change proposal? Should this maybe be tested on one of the yycix route servers? I'll let it run on my home router, if that doesn't cause issues in a week or so; we can consider rs2.yycix.ca Kind regards, Job On Fri, Mar 02, 2018 at 04:55:23PM +0100, Claudio

Re: ifconfig(8) to deny non-contiguous netmask / take 2

OK job@

Re: prevent bgpd from starting when control socket already used

Shouldnt we already bomb out at the following? cannot bind to 0.0.0.0:179: Address already in use cannot bind to [::]:179: Address already in use In any regard, I agree with the functionality proposed. No strong opinion on the diff itself. Kind regards, Job On Sun, Nov 11, 2018 at 22:35 Remi

[PATCH] bgpd: expose ROA origin validation state in show rib

Dear all, This small patch exposes the origin validation state in 'bgpctl show rib' and 'bgpctl show rib detail'. This will help debugging, and draw attention to routing problems. I know we're weary of spending horizontal space, but I think spending 3 chars to show the OV state (and as such make

Re: bgpd ROA validation

On Tue, Sep 25, 2018 at 12:23:48PM +0200, Claudio Jeker wrote: > On Sat, Sep 22, 2018 at 09:48:24PM +0000, Job Snijders wrote: > > Seems we are getting very close. Some suggestions to simplify the > > experience for the end user. > > > > Let's start with supporting jus

Re: bgpd ROA validation

Hi claudio, Seems we are getting very close. Some suggestions to simplify the experience for the end user. Let's start with supporting just one (unnamed) roa-set, so far I've really not come across a use case where multiple ROA tables are useful. I say this having implemented origin validation

Re: bgpd ROA validation

On Fri, Sep 21, 2018 at 05:29:24PM +0200, Claudio Jeker wrote: > I currently use the RIPE RPKI validator to grab a JSON file (e.g. > http://localcert.ripe.net:8088/export.json) and feed that to this perl > script to convert it into bgpd syntax: For now I recommend using

Re: bgpd optimize filter rules

On Mon, Dec 03, 2018 at 12:14:13PM +0100, Claudio Jeker wrote: > There is a trivial optimization that bgpd can do when loading the filter > ruleset. If the rule is the same as the previous rule than the filterset > can be merged. e.g. > > match from ebgp set community delete $myAS:* >

Re: bgpd refactor community code

On Thu, Nov 22, 2018 at 05:56:20PM +0100, Claudio Jeker wrote: > On Tue, Nov 13, 2018 at 06:53:55PM +0100, Claudio Jeker wrote: > > This is a large diff that changes the way communities are stored in > > filters and filter_sets. Both standard communities and large communities > > now share the

Re: bgpd refactor aspath_match a bit

Hi Claudio, On Fri, Nov 23, 2018 at 03:55:18PM +0100, Claudio Jeker wrote: > For origin validation I chacked the source_as in struct rde_aspath > this is not really the right place. It should be in struct aspath > since that holds all the ASPATH related stuff. Change this, move > aspath_match out

Re: bgpd refactor aspath_match a bit

On Tue, Nov 27, 2018 at 06:23:53PM +0100, Claudio Jeker wrote: > On Tue, Nov 27, 2018 at 04:21:53PM +0100, Job Snijders wrote: > > On Fri, Nov 23, 2018 at 03:55:18PM +0100, Claudio Jeker wrote: > > > For origin validation I chacked the source_as in struct rde_aspath > &

Re: bgpd roa-set backend

Dear Claudio, On Fri, Sep 14, 2018 at 04:59:51PM +0200, Claudio Jeker wrote: > This diff extends the existing trie code for prefix-set to also work with > roa-set. Unlike prefix-set there is no need for a prefixlen mask during > lookup, instead the source-as needs to be checked and also if the >

[PATCH] bgpctl(8): improve user interface for RPKI Origin Validation

Dear all, I've consulted with numerous user interface experts, their consistent advice was to facilitate internalization by provoking simpler, stronger emotions through the text based interface. bgpctl(8) will now provide simplified 'SAD' or 'HAPPY' ascii ideograms to help network operators

Re: NSD & Unbound refusing to bind to IPv6 when anycast flag set ?

On Fri, May 17, 2019 at 2:13 PM Stuart Henderson wrote: > On 2019/05/16 23:37, Rachel Roch wrote: > > > RFC3513 says this: > > > > > > o An anycast address must not be used as the source address of > > > an IPv6 packet. > > > > > > o An anycast address must not be assigned to an IPv6 host,

Re: bgpd set nexthop 198.51.100.42 clarifications

On Mon, May 13, 2019 at 21:11 Claudio Jeker wrote: > When using a rule forcing the nexthop to a specific address bgpd > currently does not mark that nexthop as no-modify. In other words > the default rules for nexthop propagation applies. This means that > for ebgp it only sends out the set

Re: bgpd set nexthop 198.51.100.42 clarifications

Hi, On Mon, May 13, 2019 at 09:03:41PM +0200, Claudio Jeker wrote: > When using a rule forcing the nexthop to a specific address bgpd > currently does not mark that nexthop as no-modify. In other words > the default rules for nexthop propagation applies. This means that > for ebgp it only sends

Re: bgpd set nexthop 198.51.100.42 clarifications

On Tue, May 28, 2019 at 05:17:08PM +0200, Claudio Jeker wrote: > On Tue, May 28, 2019 at 01:28:32PM +0200, Job Snijders wrote: > > On Mon, May 13, 2019 at 09:03:41PM +0200, Claudio Jeker wrote: > > > When using a rule forcing the nexthop to a specific address bgpd > > &

Re: Remove irrfilter from bgpctl

Hi, On Mon, Jun 24, 2019 at 12:41:08PM +0200, Claudio Jeker wrote: > I think it is time to remove the bgpctl irrfilter code. It is not > useful and it is better to use tools like bgpq3 to build as-sets and > prefix-sets for bgpd filtering. Agreed. I'd love to have a replacement in base some day,

Re: tcpdump support extended bgp shutdown communication

OK job@ On Sat, May 11, 2019 at 14:37 Claudio Jeker wrote: > bgpd already got support for extended shutdown communication messages. > This adds the same support to tcpdump. > > OK? > -- > :wq Claudio > > Index: print-bgp.c > === >

Re: Stream Control Transmission Protocol SCTP RFC4960

On Thu, May 23, 2019 at 19:50 Denis wrote: > > SCTP(4) present in FreeBSD 12.0 > > OpenBSD implementation planned? Nothing planned as far as I know. Out of curiosity - what is your use case? Do you really use it? It doesn’t seem to be a widely used protocol. Kind regards, Job

Re: bgpd adj-rib-out rewrite

On Wed, Jul 10, 2019 at 10:08:38PM +0200, Claudio Jeker wrote: > This diff is a bit of a monster. It changes the Adj-RIB-Out to be a > peer specific set of RB trees instead of using a rib in the original > sense. The reason for this is that the more peers a system has the > more elements end up

Re: bgpd fail before daemonizing on config errors

On Thu, Aug 08, 2019 at 11:48:08AM +0200, Claudio Jeker wrote: > With the introduction of re-exec of the childs the config parsing happened > after bgpd demonized. This is super annoying and therefor this diff > changes that. It will make bgpd fail on startup if there is an issue with > the config

[PATCH] nc(1): print IP address in verbose mode (-v)

Dear all, Scratching a small itch: telnet(1) nicely prints what IP addresses it is attempting to connect to, I'd like 'nc -v' to do the same, see below: $ nc -v localhost 23 nc: connect to localhost (127.0.0.1) port 23 (tcp) failed: Connection refused nc: connect to localhost (::1) port 23 (tcp)

Re: OpenBSD crossed 400,000 commits

On Tue, Oct 08, 2019 at 09:57:42PM -0600, Theo de Raadt wrote: > Sometime in the last week OpenBSD crossed 400,000 commits (*) upon all > our repositories since starting at 1995/10/18 08:37:01 > Canada/Mountain. That's a lot of commits by a lot of amazing people. Great achievement! Time to pop a

Re: BIRD 1.x/2.x support at rpki-client

We are still at the early stages of RPKI deployment, so if we make it easier to plug things into BIRD1 is beneficial given the wide deployment scale. Only /very/ recently was rpki-client packaged for some of the Linux distros, so if we add support for all formats now - it’ll improve the

Re: BIRD 1.x/2.x support at rpki-client

I think we still need to support BIRD 1 for the foreseeable future, NIC.CZ hasn’t communicated plans to deprecate BIRD1 and still supports it; and BIRD1 still is widely deployed. I’m somewhat preferential to just generate all 3 BIRD flavors if -B is given as command line option. Kind regards,

Re: BIRD 1.x/2.x support at rpki-client

On Wed, Mar 4, 2020, at 00:55, Robert Scheck wrote: > > The idea is you can specify many outputs. That will make the commandline > > very long, especially for the way we run it in cron. > > Oh! I'm sorry, I didn't see the idea of specifying many outputs. Yeah, its nice to do things in one batch

Re: BIRD 1.x/2.x support at rpki-client

On Fri, Mar 06, 2020 at 12:24:18PM +0100, Sebastian Benoit wrote: > Robert Scheck(rob...@fedoraproject.org) on 2020.03.03 01:20:24 +0100: > > job@ suggested to move this from GitHub to tech@ list (as upstream): > > > > 1. Currently, BIRD 1.x support in rpki-client seems to be broken: As per > >

Re: BIRD 1.x/2.x support at rpki-client

I have a small suggestion, in some deployments I saw the convention to name it as following so it is clear the data came from user provided data rather than internal bird structures I tested Benno's patch against BIRD 1.6.6 - wfm. Index: main.c

Re: Add #define for RFC8622 IPTOS_DSCP_LE codepoint

On Sat, Jan 25, 2020 at 11:36:53PM +1100, Damien Miller wrote: > This adds a #define for the "lower effort" DSCP code point specified > by https://tools.ietf.org/html/rfc8622 > > People have asked to be able to use this OpenSSH for "don't care" > traffic. > > ok? OK job@

Re: bgpd max-prefix out limit

On Wed, Jan 22, 2020 at 05:02:32AM +0100, Claudio Jeker wrote: > This diff implements 'max-prefix NUM out' which is a simple way to > avoid leaking full tables to upstream or peers. If the limit is > triggered the session will be closed with a NOTIFICATION (kind of > suicide for the good of the

Re: IPv6 Support for umb(4)

On Tue, Jan 28, 2020 at 03:03:47PM +0100, Gerhard Roth wrote: > this patch adds IPv6 support to umb(4). OK job@ Tested with 'telnet -6 towel.blinkenlights.nl' on Fibocom L831-EAU on IIJ MIO's network (Japan), with 'inet6 autoconf' in /etc/hostname.umb0 :-) job@vurt ~$ doas ifconfig umb0 umb0:

Re: BIRD 1.x/2.x support at rpki-client

On Fri, Mar 06, 2020 at 07:11:56PM +0100, Robert Scheck wrote: > On Fri, 06 Mar 2020, Sebastian Benoit wrote: > > Note that I haven't tried this with bird 1 or 2 yet ;) > > comments, oks? > > I did not try it yet, but I think BIRD 1 also needs something like "define > force_roa_table_update =

  1   2   3   >