On Mon, Jun 19, 2023 at 04:45:03PM -0500, Scott Cheloha wrote:
> On Mon, Jun 19, 2023 at 10:22:56AM +0200, Claudio Jeker wrote:
> > On Sun, Jun 18, 2023 at 12:43:18PM -0500, Scott Cheloha wrote:
> > > On Sun, Jun 18, 2023 at 12:36:07PM -0500, Scott Cheloha wrote:
> > > &
Instead of ibuf_reserve() just use ibuf_add_zero(buf, 1) to add a
NUL byte to the buffer.
There is more needed in here but lets start small.
--
:wq Claudio
Index: check_tcp.c
===
RCS file: /cvs/src/usr.sbin/relayd/check_tcp.c,v
retr
On Tue, Jun 20, 2023 at 08:36:58AM +0200, Claudio Jeker wrote:
> On Mon, Jun 19, 2023 at 04:45:03PM -0500, Scott Cheloha wrote:
> > On Mon, Jun 19, 2023 at 10:22:56AM +0200, Claudio Jeker wrote:
> > > On Sun, Jun 18, 2023 at 12:43:18PM -0500, Scott Cheloha wrote:
> > > &
On Mon, Jun 19, 2023 at 04:45:03PM -0500, Scott Cheloha wrote:
> On Mon, Jun 19, 2023 at 10:22:56AM +0200, Claudio Jeker wrote:
> > On Sun, Jun 18, 2023 at 12:43:18PM -0500, Scott Cheloha wrote:
> > > On Sun, Jun 18, 2023 at 12:36:07PM -0500, Scott Cheloha wrote:
> > > &
On Mon, Jun 19, 2023 at 06:41:14PM -0500, Scott Cheloha wrote:
> > On Jun 19, 2023, at 18:07, Theo de Raadt wrote:
> >
> > Make sure to STOP all kernel profiling before attempting to
> >suspend or hibernate your machine. Otherwise I expect it
> >will hang.
> >
> > It is
On Sun, Jun 18, 2023 at 12:43:18PM -0500, Scott Cheloha wrote:
> On Sun, Jun 18, 2023 at 12:36:07PM -0500, Scott Cheloha wrote:
> > On Sun, Jun 18, 2023 at 07:32:56PM +0200, Mark Kettenis wrote:
> > > > Date: Sun, 18 Jun 2023 12:27:17 -0500
> > > > From: Scott Cheloha
> > > >
> > > > The intent h
On Fri, Jun 16, 2023 at 07:14:01AM +0200, Theo Buehler wrote:
> With the last print_host() contortions out of the way, this is only used
> via print_addr() and can go. Make sa, buf, len local. Align variables.
> Unindent the if (buf == NULL) path.
One minor comment below.
> Index: iked.h
> =
On Tue, Jun 13, 2023 at 02:19:36PM +0200, Mark Kettenis wrote:
> > Date: Mon, 12 Jun 2023 19:09:59 -0500
> > From: Scott Cheloha
> >
> > We need to initialize the per-CPU clockintr_queue struct before we can
> > call clockintr_establish() from sched_init_cpu().
> >
> > Initialization is done wit
On Wed, Jun 14, 2023 at 12:37:35PM +0200, Theo Buehler wrote:
> On Wed, Jun 14, 2023 at 11:38:15AM +0200, Claudio Jeker wrote:
> > On Wed, Jun 14, 2023 at 11:10:52AM +0200, Theo Buehler wrote:
> > > On Wed, Jun 14, 2023 at 10:44:23AM +0200, Claudio Jeker wrote:
> > >
On Wed, Jun 14, 2023 at 11:10:52AM +0200, Theo Buehler wrote:
> On Wed, Jun 14, 2023 at 10:44:23AM +0200, Claudio Jeker wrote:
> > There is no real need to have print_host() with the extra arguments.
> > So convert the last remaining print_host() calls to use print_addr().
>
There is no real need to have print_host() with the extra arguments.
So convert the last remaining print_host() calls to use print_addr().
I'm not entierly sure how to really test all these code paths but the
changes are failry simple.
--
:wq Claudio
Index: ikev2.c
==
On Tue, Jun 13, 2023 at 10:57:06AM +0200, Theo Buehler wrote:
> There are a lot of print_host() calls that have an explicit cast and
> pass NULL, 0 as second and third arguments. This is responsible for a
> lot of awkward line wrapping. The exlicit casts can be avoided by
> using a function with a
On Mon, Jun 12, 2023 at 12:18:19PM +0200, Theo Buehler wrote:
> On Mon, Jun 12, 2023 at 11:43:11AM +0200, Claudio Jeker wrote:
> > To generate the IMSG_CTL_SHOW_RIB_ATTR message just use attr_writebuf()
> > instead of going via ibuf_reserve() and attr_write().
> >
> >
To generate the IMSG_CTL_SHOW_RIB_ATTR message just use attr_writebuf()
instead of going via ibuf_reserve() and attr_write().
While there make a pointer != NULL check more obvious.
--
:wq Claudio
Index: rde.c
===
RCS file: /cvs/src/
On Sat, Jun 10, 2023 at 10:15:53AM +0200, Theo Buehler wrote:
> On Sat, Jun 10, 2023 at 09:00:54AM +0200, Claudio Jeker wrote:
> > Instead of building an API for ibufs to handle dynamic strings use
> > open_memstream(3) which does the same via stdio.
> >
> > Now open
Instead of building an API for ibufs to handle dynamic strings use
open_memstream(3) which does the same via stdio.
Now open_memstream() requires a bit more plumbing (one needs to close the
FILE stream and free the buffer) but on the plus side you can use all
stdio functions like fprintf() to fill
On Tue, Jun 06, 2023 at 11:40:58PM +0200, Alexander Bluhm wrote:
> On Tue, Jun 06, 2023 at 11:33:36PM +0300, Vitaliy Makkoveev wrote:
> > > On 6 Jun 2023, at 20:29, Alexander Bluhm wrote:
> > >
> > > On Tue, Jun 06, 2023 at 05:54:31PM +0300, Vitaliy Makkoveev wrote:
> > >> On Tue, Jun 06, 2023 at
My plan is to make ibuf_data() return void * not uint8_t *. Because of
this you can't do pointer arithmetics with that function.
The following diff just uses the same construct that many other functions
in ikev2_pld.c use.
This code should be rewritten but we are not there yet. The goal is to
intr
Replace some ibuf_data() + offset constructs to use ibuf_seek() the actual
interface built exactly for this.
Should behave the same unless the code is already broken and overflowing
the buffer.
--
:wq Claudio
Index: crypto.c
===
RCS
Same change as for rpki-client, introduce compatc mode for objects.
Use it in a few selected places where I think the compact output makes
sense.
--
:wq Claudio
Index: json.c
===
RCS file: /cvs/src/usr.sbin/bgpctl/json.c,v
retrievin
The json API used by rpki-client and bgpctl does pretty-print the json
with every element on a new line. In some cases a more compact output for
some objects makes sense. This is what this diff implements.
This affects both the json output file and also the json filemode.
--
:wq Claudio
Index: j
On Fri, Jun 02, 2023 at 04:24:31PM +0100, Leah Rowe wrote:
>
> Hi everyone,
>
> I had an interesting idea for OpenBSD. Haven't tried it yet. I'm
> wondering what other people think of it? The idea is, thus:
>
> 1) Do execution tracing and just run a program. Do everything possible
> in it to the
On Wed, May 31, 2023 at 02:07:17PM +, Klemens Nanni wrote:
> On Wed, May 31, 2023 at 10:27:13AM +0200, Claudio Jeker wrote:
> > On Tue, May 30, 2023 at 11:56:01PM +, Klemens Nanni wrote:
> > > On Tue, May 23, 2023 at 07:13:28PM +, Klemens Nanni wrote:
> > > &
On Tue, May 30, 2023 at 11:56:01PM +, Klemens Nanni wrote:
> On Tue, May 23, 2023 at 07:13:28PM +, Klemens Nanni wrote:
> > On Sat, Jan 14, 2023 at 02:28:27PM +, Stuart Henderson wrote:
> > > On 2023/01/12 04:49, Mikolaj Kucharski wrote:
> > > > Hi,
> > > >
> > > > Is there anything el
On Tue, May 30, 2023 at 02:10:31PM +, Job Snijders wrote:
> On Tue, May 30, 2023 at 03:12:46PM +0200, Claudio Jeker wrote:
> > On Tue, May 30, 2023 at 02:38:23PM +0200, Claudio Jeker wrote:
> > > On Wed, May 24, 2023 at 04:18:30PM +, Job Snijders wrote
On Tue, May 30, 2023 at 02:38:23PM +0200, Claudio Jeker wrote:
> On Wed, May 24, 2023 at 04:18:30PM +, Job Snijders wrote:
> > Dear all,
> >
> > Claudio made some suggestions to pass the desired modification times
> > around in a different way, below is an updated
On Wed, May 24, 2023 at 04:18:30PM +, Job Snijders wrote:
> Dear all,
>
> Claudio made some suggestions to pass the desired modification times
> around in a different way, below is an updated patch proposal.
> I also added some instrumentation to also adjust GBRs and TAKs.
>
> RIPE & APNIC in
On Fri, May 26, 2023 at 11:18:26AM +0200, Theo Buehler wrote:
> On Fri, May 26, 2023 at 10:11:32AM +0200, Claudio Jeker wrote:
> > Kill ibuf_prepend() it is used only once and the function does unholy
> > things to the ibuf passed in. Just do the obivous dance in the callee.
> &
Kill ibuf_prepend() it is used only once and the function does unholy
things to the ibuf passed in. Just do the obivous dance in the callee.
The only thing to be careful about is the fact that all pointers of buf
are replaced (msg->msg_data).
Tested with iked -t (which should use this codepath).
-
On Thu, May 25, 2023 at 02:20:37PM +0100, Stuart Henderson wrote:
> On 2023/05/25 15:06, Claudio Jeker wrote:
> > sthen@ reported a bgpd SE crash to me and after inspection of the report
> > it looks like he managed to trigger a mistake in session_process_msg().
> > When for e
sthen@ reported a bgpd SE crash to me and after inspection of the report
it looks like he managed to trigger a mistake in session_process_msg().
When for example a NOTIFICATION message is received then the state change
clears the rbuf. Now normally the for loop starts over afterwards and the
if (p-
Another mechanical diff. Replace ibuf_advance() with ibuf_reserve().
Again ibuf_advance() just calls ibuf_reserve().
--
:wq Claudio
Index: eap.c
===
RCS file: /cvs/src/sbin/iked/eap.c,v
retrieving revision 1.23
diff -u -p -r1.23 eap
This is mostly a mechanical diff replacing ibuf_release with ibuf_free.
ibuf_release() just calls ibuf_free() now so this indirection is no longer
needed.
--
:wq Claudio
Index: ca.c
===
RCS file: /cvs/src/sbin/iked/ca.c,v
retrieving
There is a lot of duplication in iked's imsg_util.c
Now here is a minimal diff removing all extra parts added that are not
needed anymore. The removal of ibuf_zero() depends partially on my
previous imsg diff.
With my imsg diff allocation are always zeroed so no need to call
imsg_zero(). In ibuf_r
Calling malloc() with a zero length is entering underspecified territory.
So ibuf_open(0) but more importantly ibuf_dynamic(0, max) step right into
that trap. In the first case the call makes little sense and we should
error out. In the second case it is better to skip the allocation of the
buffer
On Mon, May 22, 2023 at 05:48:01PM +0200, Theo Buehler wrote:
> LibreSSL 3.6 added ASN1_INTEGER_get_uint64() from OpenSSL. While this
> still isn't great, at least it allows for unambiguous error checking.
>
> In as_id_parse() we can replace some hand-rolled parsing which
> simplifies things a bit
On Wed, May 03, 2023 at 10:04:33AM +0200, Claudio Jeker wrote:
> This diff converts the current print code of -f to use json_do api.
> I did some minimal refactoring to reduce code repetition and more is for
> sure possible. I changed the way how the errstr is dumped but apart from
&
On Tue, May 09, 2023 at 05:30:26PM +0200, Theo Buehler wrote:
> beck ported the OpenSSL ASN1_TIME API to use the ASN1_time* API under
> the hood, so for LibreSSL the diff here is a noop.
>
> This allows us to eliminate most of the gross openssl hacks in regress.
> The unistd.h thing is still neede
On Fri, May 19, 2023 at 07:58:47PM +0200, Jan Klemkow wrote:
> Hi,
>
> We use the wrong interface and mtu in tcp_mss() to calculate the mss if
> the destination address points is a local address. In ip_output() we
> use the correct interface and its mtu.
>
> This limits the mss to 1448 if the mt
On Fri, May 19, 2023 at 06:10:19PM +1000, David Gwynne wrote:
> On Fri, May 19, 2023 at 08:11:13AM +0200, Claudio Jeker wrote:
> > On Fri, May 19, 2023 at 01:56:38PM +1000, David Gwynne wrote:
> > > this is a tiny slice off a big pfsync diff i've been working on. when
> &
On Fri, May 19, 2023 at 01:56:38PM +1000, David Gwynne wrote:
> this is a tiny slice off a big pfsync diff i've been working on. when
> you bring pfsync down i need it to wait until all the work it's been
> doing in the network stack has finished, which means i need a barrier
> for all the network
On Thu, May 18, 2023 at 01:56:13AM +0300, Vitaliy Makkoveev wrote:
> > On 18 May 2023, at 01:14, Alexander Bluhm wrote:
> >
> > On Wed, May 17, 2023 at 12:46:02PM +0300, Vitaliy Makkoveev wrote:
> >> Introduce `ip6_soiikey_lock' rwlock(9) to protect `ip6_soiikey'. It
> >> accessed only by ip6_sys
On Mon, May 15, 2023 at 08:42:20AM +, Peter Stuge wrote:
> Alexander Bluhm wrote:
> > Do not set ifconfig ix tso, this flag does not work correctly.
>
> Are there plans for that flag? Remove it? Use it? Only document as
> deprecated? Also print a deprecation message if used?
It will be remove
On Sat, May 13, 2023 at 01:38:07AM +0200, Alexander Bluhm wrote:
> Hi,
>
> Instead of implementing IPv4 header checksum everywhere differently,
> introduce in_hdr_cksum_out(). It is used like in_proto_cksum_out().
>
> ok?
OK claudio@
> bluhm
>
> Index: net/if_bridge.c
> =
On Thu, May 11, 2023 at 09:31:30AM +, Job Snijders wrote:
> Hi Theo,
>
> On Wed, May 10, 2023 at 09:02:13PM +0200, Theo Buehler wrote:
> > Again, try to keep the code as it was as far as possible.
>
> Indeed, thank you for the feedback! Below is an amended version.
I'm not sure if this is qu
This is the minimal change to handle the rename of invalid to disqualified
in bgpctl.
Maybe the QS argument should also be changed which makes the diff a lot bigger.
--
:wq Claudio
Index: qs.c
===
RCS file: /cvs/src/usr.sbin/bgplgd/
On Mon, May 08, 2023 at 02:01:52PM +0200, Theo Buehler wrote:
> The diff below is based on a hint by beck and was discussed extensively
> with beck, claudio and job during and after m2k23. It results in a quite
> significant reduction of the runtime of an ordinary rpki-client run as
> usually done
On Mon, May 08, 2023 at 02:29:12PM +0200, Alexander Bluhm wrote:
> Hi,
>
> The call to in_proto_cksum_out() is only needed before the packet
> is passed to ifp->if_output(). The fragment code has its own
> checksum calculation and the other paths end in goto bad.
>
> My TSO tcp_copper() will als
On Thu, May 04, 2023 at 08:43:19AM +0200, Alexander Bluhm wrote:
> Hi,
>
> To make ND6 mp-safe, I have to guarantee the life time of ln =
> rt->rt_llinfo. This call to nd6_llinfo_settimer(ln) looks strange.
>
> The complicated logic can be replaced with what we have in ARP.
> Digging through the
On Sat, May 06, 2023 at 02:58:25PM +0200, Wouter Prins wrote:
> FYI,
>
> Just upgraded towards openbsd 7.3 with the bgpd errata fix. Within an hour
> bgpd crashed with the following message:
>
> May 6 12:14:33 nl-ams-gs-br01 bgpd[67338]: fatal in RDE: aspa_add_set: bad
> order of adds
>
> Tempo
We have released OpenBGPD 8.0, which will be arriving in the
OpenBGPD directory of your local OpenBSD mirror soon.
This release includes the following changes to the previous release:
* Include OpenBSD 7.3 errata 001:
A new ASPA object appeared in the RPKI ecosystem and exposed bugs in
This diff is taking the changes from rpki-client (json.c / json.h) and
then converts json_do_printf() using "%s" fmt string to json_do_string().
Also a few json_do_printf() with static strings are converted.
A few calls with more complex fmt strings remain.
--
:wq Claudio
Index: json.c
=
This diff converts the current print code of -f to use json_do api.
I did some minimal refactoring to reduce code repetition and more is for
sure possible. I changed the way how the errstr is dumped but apart from
that the objects remain the same (apart from spacing differences).
--
:wq Claudio
This replaces simple json_do_printf("name", "%s", buf); calls to
json_do_string(). This affects all json_do_printf() calls since no call
was more complex.
--
:wq Claudio
Index: output-json.c
===
RCS file: /cvs/src/usr.sbin/rpki-clie
On Tue, May 02, 2023 at 09:34:43AM -0600, Todd C. Miller wrote:
> On Tue, 02 May 2023 14:13:27 +0200, Claudio Jeker wrote:
>
> > Add a json_do_string() a function to print a JSON string.
> > This function does the needed encoding of control chars and escape chars.
> >
On Tue, May 02, 2023 at 02:29:20PM +0200, Theo Buehler wrote:
> On Tue, May 02, 2023 at 02:13:27PM +0200, Claudio Jeker wrote:
> > Add a json_do_string() a function to print a JSON string.
> > This function does the needed encoding of control chars and escape chars.
> > I
Add a json_do_string() a function to print a JSON string.
This function does the needed encoding of control chars and escape chars.
I skipped the optional encoding of the forward slash (/) since this is
only needed if the json output is embedded in HTML/SGML/XML.
People putting JSON into such docum
I managed to end up with bad filedescriptors in rrdp.
The result is not pretty since the code will start to spin doing poll()
and read() with read failing but the code does not back off enough to
remove the fd from the poll list.
Fix is simple, instead of marking the request as failed just fail th
Add default: cases in some switches to detect if shit goes very badly
wrong. Right now these code paths are unreachable since the callers of
these functions never use a value that is not covered in the switch() but
gcc is not smart enough for that.
--
:wq Claudio
Index: parse.y
=
On Thu, Apr 27, 2023 at 01:55:33PM +0300, Vitaliy Makkoveev wrote:
> Now only direct netlock used for inet sockets protection. The unlocked
> access to all other sockets is safe, but we could lost consistency for a
> little. Since the solock() used for sockets protection, make locking
> path common
In `bgpctl show flowspec inet` adjust the sent aid to a flowspec version.
The parser returns AID_INET, AID_INET6 (or the currently unsuported
AID_VPNv4/6) but bgpd wants AID_FLOWSPECv4 and AID_FLOWSPECv6.
Fix this up before sending the command.
--
:wq Claudio
Index: bgpctl.c
This adds the required AID filter in prefix_flowspec_dump().
--
:wq Claudio
Index: rde_rib.c
===
RCS file: /cvs/src/usr.sbin/bgpd/rde_rib.c,v
retrieving revision 1.259
diff -u -p -r1.259 rde_rib.c
--- rde_rib.c 19 Apr 2023 13:23:3
Document the various flowspec commands now supported in bgpctl.
Like with network the show command has an alias as `bgpctl show flowspec`
which is not documented. Maybe we could add an extra sentence in both
cases.
--
:wq Claudio
Index: bgpctl.8
==
Similar diff as I sent out for bgpd. Adjust the community code to handle
the generic transitive extended communities used by flowspec.
--
:wq Claudio
? obj
Index: bgpctl.c
===
RCS file: /cvs/src/usr.sbin/bgpctl/bgpctl.c,v
retrieving
Flowspec added some new ext communities. They use new type (generic
transitive types). Adjust the ext community code to handle these types as
well. I need to cycle back to this but this gets us of the ground.
--
:wq Claudio
Index: parse.y
=
This adjusts the bgpd code (which was copied to bgpctl) to be like the
version in bgpctl (after input from tb@).
--
:wq Claudio
Index: parse.y
===
RCS file: /cvs/src/usr.sbin/bgpd/parse.y,v
retrieving revision 1.449
diff -u -p -r1.4
This currently only supports prefixes and numeric options.
It does not handle TCP and fragment flags right now.
Appart from that lists of options work.
--
:wq Claudio
Index: bgpctl.c
===
RCS file: /cvs/src/usr.sbin/bgpctl/bgpctl.c,v
This diff implements 'bgpctl show flowspec' and on top of that also
'bgpctl flowspec flush'. bgpctl now uses both util.c and flowspec.c from
bgpd. The code to print flowspec is stolen from printconf.c and I did not
implement the json output yet because I have not decided on how to dump
the NLRI th
Implement IMSG_CTL_SHOW_FLOWSPEC and IMSG_FLOWSPEC_FLUSH and add bits for
IMSG_FLOWSPEC_ADD and IMSG_FLOWSPEC_REMOVE received from bgpctl via SE.
This is mostly streight forward code (copying the bits which are already
around).
--
:wq Claudio
Index: bgpd.h
===
With this diffs all the bits I committed before are connected and allow
for flowspec to be announced to other systems.
I first thought I will put the flowspec_valid() inside flowspec_add() but
I changed my mind now and moved it into the imsg handler.
flowspec_add() and flowspec_delete() are built
I want to use this code also in bgpctl (like util.c) and since bgpctl
has no fatalx() and "library" code should not abort.
The comparison function can not return an error so instead sort invalid
objects in a deterministic way. flowspec_cmp() should only be called on
flowspec NLRI that have previou
Implement the minimum to support flowspec in mrt mp table dumps.
This adds a dummy nexthop encoding for flowspec (there is no nexthop).
Not sure if this matters (dumping tables in anything than the v2 table
format for non-IPv4/IPv6 prefixes is not common) but it prevents a
log_warnx() if used.
--
Add handling for flowspec in the update path.
Flowspec has no nexthop so adjust up_prep_adjout() to handle a NULL nexthop.
Add the MP_REACH encoding in up_generate_mp_reach for flowspec.
--
:wq Claudio
Index: rde_update.c
=
This adds the needed bits to send the flowspec rules to the RDE.
The RDE just drops them on the ground for now.
--
:wq Claudio
Index: bgpd.c
===
RCS file: /cvs/src/usr.sbin/bgpd/bgpd.c,v
retrieving revision 1.257
diff -u -p -r1.257
Extend the pt_entry api to handle flowspec.
Introduce pt_get_flow() and pt_add_flow() to lookup and insert flowspec
objects. Add pt_getflowspec() which works somewhat similar to pt_getaddr()
to extract the flowspec NLRI from a pt_entry.
There is a hack in pt_getaddr() to return something. This is
This adds the bit to show flowspec rules in the printconfig output
when run with bgpd -nvf config.
I did not fix the ICMP handling yet. It feels like too much of an edge
case for now.
--
:wq Claudio
Index: printconf.c
===
RCS file:
On Tue, Apr 18, 2023 at 12:52:00PM +0200, Theo Buehler wrote:
> On Tue, Apr 18, 2023 at 11:29:26AM +0200, Claudio Jeker wrote:
> > This diff adds the parse.y and config.c bits for flowspec.
> > I tried to make flowspec rules as similar to pf rules (even though
> > flow
This diff adds the parse.y and config.c bits for flowspec.
I tried to make flowspec rules as similar to pf rules (even though
flowspec is more flexible).
Now this diff does nothing in itself but is already large enough to not
add more to it. In parse.y the individual flowspec components are built
I noticed that the order generated in an RB tree using flowspec_cmp() is
reversed. The problem is that for addresses preferred means smaller.
I think it is best to change the flowspec_cmp function to sort data so
that RB_FOREACH will print them most-preferred to least-preferred.
I had not caught t
This does the same trick as with communities of matching both the keyword
and parsing the next argument in one go. Again a few helper tables go
away.
--
:wq Claudio
Index: parser.c
===
RCS file: /cvs/src/usr.sbin/bgpctl/parser.c,v
r
Forgot this bit in the 'bgpctl show rib 192.0.2.1 detail' support I
commited this weekend.
The problem is that parse_prefix() is entered with 'detail' as argument
and clears the previously set address. So be more careful and only modify
the addr pointer if parse_prefix() and parse_addr() are succe
On Mon, Apr 17, 2023 at 12:12:47PM +0200, Theo Buehler wrote:
> On Mon, Apr 17, 2023 at 11:28:37AM +0200, Claudio Jeker wrote:
> > I want to extend the parser to support lists in a few places.
> > One of them is for communities. This is the first step towards this goal.
> >
I want to extend the parser to support lists in a few places.
One of them is for communities. This is the first step towards this goal.
The change uses the fact that match_token() has access to argc and argv
and changes the community parsers to parse the next token for communities.
As a nice side-e
In bgpctl I am constantly hitting this annoying edgecase where adding
detail to a show rib command errors out:
bgpctl show rib 192.0.2.1 detail
unknown argument: detail
valid commands/args:
all
longer-prefixes
or-longer
or-s
Seen while working on similar code. There is no need to make the
composition of IMSG_CTL_SHOW_RIB_COMMUNITIES so complicated.
--
:wq Claudio
Index: rde.c
===
RCS file: /cvs/src/usr.sbin/bgpd/rde.c,v
retrieving revision 1.600
diff -u
On Thu, Apr 13, 2023 at 02:17:48PM +0200, Theo Buehler wrote:
> On Wed, Apr 12, 2023 at 05:33:10PM +0200, Claudio Jeker wrote:
> > This is the first big amount of flowspec specific code.
> > It adds a new file (flowspec.c) which exposes basic API functions to work
> > wit
On Thu, Apr 13, 2023 at 01:23:23PM +0200, Theo Buehler wrote:
> On Thu, Apr 13, 2023 at 12:25:46PM +0200, Claudio Jeker wrote:
> > bgpctl help output follows no clear order. I decided to sort all
> > keywords and flags alphabetically. Also fixup the manpage a bit since
> >
bgpctl help output follows no clear order. I decided to sort all
keywords and flags alphabetically. Also fixup the manpage a bit since
some additions where added in the wrong spot.
I think the output of 'bgpctl show rib help' is the worst (both before and
after). It is long and some keywords are n
The command order for bgpctl network bulk add is strange and as a result
soemthing like:
bgpctl network add 127.0.0.1 delete
is valid syntax with strange behaviour. It is actually:
bgpctl network bulk delete
So lets fix this mess and make bulk require add or delete and with that
th
00
+++ usr.sbin/bgpd/flowspec.c12 Apr 2023 15:14:49 -
@@ -0,0 +1,475 @@
+/* $OpenBSD$ */
+
+/*
+ * Copyright (c) 2023 Claudio Jeker
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the abov
On Sun, Apr 09, 2023 at 09:15:12AM +0200, Otto Moerbeek wrote:
> On Sun, Apr 09, 2023 at 08:20:43AM +0200, Otto Moerbeek wrote:
>
> > On Sun, Apr 09, 2023 at 07:53:31AM +0200, Sebastien Marie wrote:
> >
> > > On Fri, Apr 07, 2023 at 09:52:52AM +0200, Otto Moerbeek wrote:
> > > > > Hi,
> > > > >
This diff switches rib_get and rib_add to work on struct pt_entry
pointers and introduces rib_get_addr() which works like rib_get before.
I want to use rib_get and rib_add in the flowspec code.
Long term I want to push struct pt_entry further out and closer to the
NLRI handling in the input path b
On Fri, Apr 07, 2023 at 04:53:52PM +1000, David Gwynne wrote:
> ethernet interfaces in device trees can have a "label" property which
> is generally used (when it is used) to identify which connector it is on
> the case or something like that. eg, eth2 in the turris omnia device
> tree has 'label =
Allow to use service names like 'bgp' for port definitions.
Adapted from pfctl/parse.y.
--
:wq Claudio
? obj
Index: parse.y
===
RCS file: /cvs/src/usr.sbin/bgpd/parse.y,v
retrieving revision 1.445
diff -u -p -r1.445 parse.y
--- pars
Rename family rule to af (more in line with pfctl parse.y).
--
:wq Claudio
Index: parse.y
===
RCS file: /cvs/src/usr.sbin/bgpd/parse.y,v
retrieving revision 1.443
diff -u -p -r1.443 parse.y
--- parse.y 3 Apr 2023 10:48:00 -
Here is a preparation diff that just does some stylistic cleanup in
parse.y
This moves the globals a bit down (I want to add a struct define later and
those are below the current place).
Move the mrt and network statements to the grammar.
Swap order of restricted to follow the common idiom of empt
Flowspec RFC 8955 and 8956 allows to propegate traffic filtering rules
to other routers. The main use case is to drop DDoS traffic further
upstream and by that reducing the impact of such denial of service
attacks.
This diff only adds the needed plumbing to announce the MP capability for
flowspec.
This just reverses the first if statement in the function so that
the code can be deindented by on level.
diff -b output:
@@ -2018,7 +2018,9 @@ single_thread_check_locked(struct proc *
SCHED_ASSERT_LOCKED();
- if (pr->ps_single != NULL && pr->ps_single != p) {
+ if (pr->ps_
If the slowcgi timeout fires before the command was actually started then
just abort the fastcgi request with error 408.
This can happen on POST requests where the client stops sending data.
Now bgplgd does not support POST but that is only checked once the full
fastcgi request from the webserver
This diff adds a new set of ometric sets to show the protocol used to sync
the repository. Possible values are "rrdp", "rsync", "https".
This adds for example
rpki_client_repository_protos{rpki_client_repository_protos="rrdp",name="ripe",carepo="rsync://chloe.sobornost.net/rpki",notify="https://ch
101 - 200 of 1170 matches
Mail list logo