On Wed, Nov 23, 2022 at 02:54:08PM +, Klemens Nanni wrote:
> Do it like the rest of at/detach routines which modify a struct ifnet
> pointer without returning anything.
>
> OK?
>
> diff --git a/sys/net/if.c b/sys/net/if.c
> index c30d7e30e4f..3cb8bbf9176 100644
> --- a/sys/net/if.c
> +++
On Wed, Nov 23, 2022 at 01:20:43PM +0100, Alexander Bluhm wrote:
> On Wed, Nov 23, 2022 at 11:09:31AM +, Klemens Nanni wrote:
> > Feedback? Objection? OK?
>
> OK bluhm@
Also OK claudio@ on this and the other diff.
> > diff --git a/regress/sys/net/rtable/util.c
On Wed, Nov 23, 2022 at 09:06:55AM +, Klemens Nanni wrote:
> On Wed, Nov 23, 2022 at 09:49:17AM +0100, Claudio Jeker wrote:
> > On Wed, Nov 23, 2022 at 08:24:11AM +, Klemens Nanni wrote:
> > > *if_afdata[] and struct domain's dom_if{at,de}tach() are only used with
&g
On Wed, Nov 23, 2022 at 08:24:11AM +, Klemens Nanni wrote:
> *if_afdata[] and struct domain's dom_if{at,de}tach() are only used with
> IPv6 Neighbour Discovery in6_dom{at,de}tach(), which allocate/init and
> free single struct nd_ifinfo.
>
> Set up a new ND-specific *if_nd member directly to
On Tue, Nov 22, 2022 at 09:25:08AM +, Stuart Henderson wrote:
> Need to query (and set $if, which might be used in route commands etc) I
> think.
>
I would prefer if people took a step back from configuring interfaces by
MAC address. It feels like a overly specific hack is introduced for
a
On Thu, Nov 17, 2022 at 05:53:40PM +, Job Snijders wrote:
> Dear all,
>
> I introduced a 'shortlist' feature in rpki-client(8). If the operator
> specifies one or more '-q' options followed by FQDNs, the utility will
> *only* connect to those hosts and skip all others.
>
> $ doas
On Wed, Nov 16, 2022 at 03:37:31PM +0100, Claudio Jeker wrote:
> On Wed, Nov 16, 2022 at 02:52:59PM +0100, Theo Buehler wrote:
> > On Wed, Nov 16, 2022 at 12:47:46PM +0100, Claudio Jeker wrote:
> > > ASPA sets are the 2nd thing that will be generated out of rpki (and
> &
On Wed, Nov 16, 2022 at 02:52:59PM +0100, Theo Buehler wrote:
> On Wed, Nov 16, 2022 at 12:47:46PM +0100, Claudio Jeker wrote:
> > ASPA sets are the 2nd thing that will be generated out of rpki (and
> > rpki-client). ASPA is used to further prevent leaks by providing custom
On Wed, Nov 16, 2022 at 12:18:14PM +, Job Snijders wrote:
> On Wed, Nov 16, 2022 at 12:47:46PM +0100, Claudio Jeker wrote:
> > A aspa-set is defined like this:
> > aspa-set {
> > source-as 1 transit-as { 5 }
> > source-as 2 expires
ASPA sets are the 2nd thing that will be generated out of rpki (and
rpki-client). ASPA is used to further prevent leaks by providing customer
provider attestation (and blocking paths which violate these attestations).
I started to implement this and while this code does no checks yet it is
enough
My last commit to in6_ifattach() broke a few regress tests.
The problem is that 'ifconfig tun0 inet6 eui64' no longer works.
Now I thought it would if called explicitly but no.
So lets peddal back a bit and assign link-local addresses on all interface
but wg(4). For mpe(4) this does not really
On Fri, Nov 04, 2022 at 03:40:04PM +0100, Claudio Jeker wrote:
> So mpe(4) is a special device. It is a point-to-multipoint interface that
> does not do multicast. So setting IFF_MULTICAST on the interface is not
> correct but IPv6 depends on it because neighbor discovery.
On Wed, Nov 09, 2022 at 08:51:21AM -0700, Todd C. Miller wrote:
> On Wed, 09 Nov 2022 15:46:06 +, Florian Obser wrote:
>
> > 200 might be a bit short for an URL, no?
>
> Perhaps stravis(3) is a better choice then?
>
Like this?
--
:wq Claudio
Index: fetch.c
The redirect URI is untrusted input so strnvis it first before printing
it.
--
:wq Claudio
Index: fetch.c
===
RCS file: /cvs/src/usr.bin/ftp/fetch.c,v
retrieving revision 1.210
diff -u -p -r1.210 fetch.c
--- fetch.c 15 Sep 2022
This is the changes that I added to rpki-client http.c which I have not
yet merged into ftp(1)
This is rev 1.67 of http.c:
date: 2022/09/08 13:52:36; author: claudio; state: Exp; lines: +6 -4;
commitid: lZD6EB9xp7I5lQCo;
In http_get_line() additionally strip any trailing space or tab from
On Wed, Nov 09, 2022 at 07:37:50AM +, Stuart Henderson wrote:
> Seems some hosting providers have annoying "out of prefix"
> default gateways whuch are painful to configure
> (https://marc.info/?t=16678224225=1=2), should
> we give a pointer in route(8)?
>
> Index: route.8
>
On Mon, Nov 07, 2022 at 08:36:10PM +0100, Moritz Buhl wrote:
> Hi tech,
> Dear claudio,
>
> ctx might leak due to a prefix/rib dump new/subtree failing in calloc
> and then going to nomem in rde_dump_ctx_new.
>
> I am wondering if a similar fix is missing in rde_dump_done after
> the nomem
On Mon, Nov 07, 2022 at 08:12:23PM +0100, Moritz Buhl wrote:
> Hi tech,
> Dear claudio,
>
> there could be an uninitialized stack memory access in pfkey_reply.
>
> It looks like this:
> struct sadb_msg hdr, *msg;
> ...
>
> do {
> rv = pfkey_read(sd, );
>
So mpe(4) is a special device. It is a point-to-multipoint interface that
does not do multicast. So setting IFF_MULTICAST on the interface is not
correct but IPv6 depends on it because neighbor discovery.
Now there is no neighbor discovery on mpe(4) the neighbors are handled via
BGP. So lets
On Fri, Nov 04, 2022 at 01:50:11PM +0100, Theo Buehler wrote:
> Doesn't really matter, but it looks odd and -Wmissing-field-initializers
> flags this.
>
> Index: output.c
> ===
> RCS file: /cvs/src/usr.sbin/rpki-client/output.c,v
>
On Fri, Nov 04, 2022 at 09:12:13AM +0100, Theo Buehler wrote:
> On Thu, Nov 03, 2022 at 03:26:35PM +0100, Claudio Jeker wrote:
> > Noticed while figuring out the kroute bug with MPLS.
> > I think it would be nice to know the MPLS label of a fib MPLS route.
> >
> &g
Noticed while figuring out the kroute bug with MPLS.
I think it would be nice to know the MPLS label of a fib MPLS route.
bgpctl show fib table 13
flags: B = BGP, C = Connected, S = Static
N = BGP Nexthop reachable via this route
r = reject route, b = blackhole route
flags prio
On Wed, Nov 02, 2022 at 05:56:21PM +0100, Martijn van Duren wrote:
> On Wed, 2022-11-02 at 17:47 +0100, Claudio Jeker wrote:
> > On Wed, Nov 02, 2022 at 05:25:12PM +0100, Martijn van Duren wrote:
> > > On Wed, 2022-11-02 at 17:00 +0100, Claudio Jeker wrote:
> > > >
On Wed, Nov 02, 2022 at 05:25:12PM +0100, Martijn van Duren wrote:
> On Wed, 2022-11-02 at 17:00 +0100, Claudio Jeker wrote:
> > On Wed, Nov 02, 2022 at 07:33:14AM +0100, Martijn van Duren wrote:
> > > I found 2 minor issues in the handling of sequences/sets in
> > > o
On Wed, Nov 02, 2022 at 07:33:14AM +0100, Martijn van Duren wrote:
> I found 2 minor issues in the handling of sequences/sets in
> ober_read_element():
> 1) An empty sequence/set (which is basically always) unconditionally
>creates an (uninitialised) sub-element. Add the same length check
>
Based on Job's work lets introduce conn_info() which prints the URI /
host plus the IP address. This may be helpful to better understand errors.
With this ip_info() becomes much simpler. I also decided to not check
snprintf returns because the buffer is big enough and afaik encoding
errors can't
Job's diff made me realise that clearing the connection info (conn->res)
makes error reporting worse. It is not like we save lots of memory by
doing so. So do not call freeaddrinfo() in http_connect_done(), now
http_free() will free res0 before freeing conn.
--
:wq Claudio
Index: http.c
On Wed, Nov 02, 2022 at 11:45:43AM +0100, Theo Buehler wrote:
> Not all callers of valid_uri() ensure that the uri passed in is actually
> a C string and the API implies at least that uri[usz - 1] != '\0' is
> allowed. For example, x509_location() a priori doesn't pass a C string
> and Job will
On Wed, Nov 02, 2022 at 10:38:57AM +0100, Theo Buehler wrote:
> Like most x509_* functions, x509_get_time() returns 0 on error and 1 on
> success, so rather than changing x509_get_time(), I changed the callers.
OK claudio@
> Index: aspa.c
>
On Tue, Nov 01, 2022 at 02:45:58PM +, Job Snijders wrote:
> It can be useful to see a little bit more detail on what exactly isn't
> working.
>
> OK?
>
> Index: http.c
> ===
> RCS file: /cvs/src/usr.sbin/rpki-client/http.c,v
>
So the timeout for each request is started when the command is accepted
but the actual fork and exec of bgpctl happens later. So command_pid can
be 0 when the timeout fires. In that case do not kill ourself but instead
just abort this command.
I think this is the proper way to do this dance. Not
Trying to figure out why bgplgd terminates sometimes.
Since there is a timeout firing at an unexpected time I want some extra
info to figure out what kind of race this is.
--
:wq Claudio
Index: slowcgi.c
===
RCS file:
On Mon, Oct 24, 2022 at 11:58:50AM +0200, Theo Buehler wrote:
> The amount of copy-paste and repetition in x509_init_oid() is becoming a
> bit much. The function is an eyesore due to the repetition and made
> worse by the inconsistent wrapping. It's long past the point where my
> brain is still
With rev 1.65 proxy_parse_uri() can assign a pointer to proxyport
that is part of fullhost and so points to freed memory (once that function
returns). The fix is to copy the port as well.
This should be a fix for
https://github.com/rpki-client/rpki-client-portable/issues/74
--
:wq Claudio
Currently the last_updown stat is not initalized and 0 when a peer is
initially added. If the peer is passive or is unable to establish a
connection last_updown remains 0 which is not ideal.
Initalize the last_updown timestamp in init_peer() which is called when a
new peer is added or cloned.
As mentioned I think having metric values that depend on session state is
not ideal. Introduce 'bgpd_peer_last_change_seconds' which is the last
time the session up/down state changed. It does not track every state
change only when a session goes in and out of ESTABLISHED state.
This replaces
I think since the HTTP endpoint is called /metrics bgpctl should also use
metrics and not metric. Also add a bit of documentation to the man pages.
--
:wq Claudio
Index: bgpctl/bgpctl.8
===
RCS file:
This diff adds the required bits to export the bgpctl show metrics output
as openmetrics. For this /metrics needs to answer with a different
content-type. Apart from that adding this is trivial.
--
:wq Claudio
Index: bgplgd.c
===
On Mon, Oct 17, 2022 at 12:39:44PM +0200, Denis Fondras wrote:
> Le Mon, Oct 17, 2022 at 11:49:31AM +0200, Claudio Jeker a écrit :
> > On Wed, Oct 12, 2022 at 12:12:25PM +0200, Theo Buehler wrote:
> > > On Fri, Oct 07, 2022 at 12:37:10PM +0200, Claudio Jeker wrote:
On Wed, Oct 12, 2022 at 12:12:25PM +0200, Theo Buehler wrote:
> On Fri, Oct 07, 2022 at 12:37:10PM +0200, Claudio Jeker wrote:
> > This diff adds `bgpctl show metric` which is a command that dumps some
> > stats out in openmetric format. This format can be ingested by e.g.
> >
0
@@ -37,7 +37,7 @@ struct output {
void(*tail)(void);
};
-extern const struct output show_output, json_output;
+extern const struct output show_output, json_output, ometric_output;
extern const size_t pt_sizes[];
#define EOL0(flag) ((flag & F_CTL_SSV) ? ';' : '\n')
Ind
We have released OpenBGPD 7.7, which will be arriving in the
OpenBGPD directory of your local OpenBSD mirror soon.
This release includes the following changes to the previous release:
* Adjust pathid_assign() to be much faster for the common case.
* Improve performance for generating
There is an extra space in the output of ext communities of type OVS.
It seems when fmt_ext_community was introduced the extra space was not
removed from those special ext-communities.
This was noticed by job@
--
:wq Claudio
Index: bgpctl.c
Linux is driving me nuts. The mix of net/, netinet/ includes and the need
to also include some linux/ headers like linux/if.h and linux/in6.h result
in absolute madness. Try to trim the includes in bgpd.h by defining our
own label size for route labels.
With this the net/route.h compat shim can
Different systems need different ways to define fib-priority.
Introduce two kroute specific helper functions that are used by the parser
so that the RTP_XYZ defines no longer leak outside of kroute.c
kr_default_prio() on OpenBSD returns RTP_BGP. On Linux that will be
RTPROT_BGP and on FreeBSD it
On Fri, Sep 02, 2022 at 10:23:30AM +0200, YASUOKA Masahiko wrote:
> Hello,
>
> For HTTP request body, if neither "Content-Encoding: chunked" nor
> "Content-Length" is specified, it should mean body length is 0.
>
> In RFC 9112 Section 6.3, 7.:
> | 7. If this is a request message and none of
This is the first step to speed up add-path send. In the add-path all case
the situation is rather simple and the current way the update is done is
overly complex.
Right now up_generate_addpath() re-evaluates all prefixes for every
update. It first marks all Adj-RIB-Out entires stale, does a full
When running on busy bgpd servers with many clients the function
pathid_assign() consumes a lot of CPU time. The code does a lookup which
often fails and then walks the list of prefixes. In the end this is
results in two list walks.
This complicated dance is only needed for peers that use
We have released OpenBGPD 7.6, which will be arriving in the
OpenBGPD directory of your local OpenBSD mirror soon.
This release includes the following changes to the previous release:
* Include OpenBSD 7.1 errata 008: bgpd(8) could fail to invalidate
nexthops and incorrectly leave them
The kroute_remove() code will fail hard when a connected route is removed.
Most commonly this happens when an interface is deconfigured.
The problem is that there is no logic to match against connected routes.
Connected routes have no real nexthop and just use the ifindex as
identifier, so adjust
On Fri, Sep 09, 2022 at 07:07:14PM +0200, Theo Buehler wrote:
> On Fri, Sep 09, 2022 at 05:50:17PM +0200, Claudio Jeker wrote:
> > This diff optimized subtree walks. In other words it specifies a subtree
> > (as a prefix/prefixlen combo) and only walks the entries that are under
&g
This diff optimized subtree walks. In other words it specifies a subtree
(as a prefix/prefixlen combo) and only walks the entries that are under
this covering route.
Instead of doing a full table walk this will only walk part of the tree
and is therefor much faster if the subtree is small.
--
On Fri, Sep 09, 2022 at 03:20:00PM +0200, Theo Buehler wrote:
> On Fri, Sep 09, 2022 at 02:49:12PM +0200, Claudio Jeker wrote:
> > So bgpctl has the or-shorter flag to indicate that not only the best
> > matching prefix should be shown, instead all matching prefixes are shown
So bgpctl has the or-shorter flag to indicate that not only the best
matching prefix should be shown, instead all matching prefixes are shown.
Currently this is done by a full table walk which is super expensive.
There is no real reason to do that. One can just start the lookup with
prefixlen = 0
HTTP chunked encoding allows for trailer fields at the end of the
transmission. Currently rpki-client's http code does not handle them well.
This diff changes the code so that the chunked transfer is more like the
one defined in RFC 9112.
In short the algorithm is:
read and parse the chunked
The rpki-client http client uses http_get_line to get a single header
line. For field lines (fancy RFC term for the headers) any space at the
end of the line should be stripped. For status lines the situation is a
bit more special but our code does not depend on the space after the
status code.
When parsing header lines ftp (as does rpki-client) is a bit too strict in
what it accepts. In short the field values can have leading and trailing
whitespace which needs to be ignored. See RFC9112 Section 5.
ftp only allows exactly a single leading space which is not in spec.
This is a very
The HTTP RFC defines a header as:
message-header = field-name ":" [ field-value ]
field-name = token
field-value= *( field-content | LWS )
The field-content does not include any leading or trailing LWS:
linear white space occurring before the first non-whitespace
This diff adds the parentid to struct cert. The parentid is the id of the
repository the cert lives in. This information will be used to track the
parent repository in the repositories list/tree.
The naming is confusing and I'm happy for better suggestions.
--
:wq Claudio
Index: cert.c
Instead of passing the repo to queue_from_mft() do the lookup in the
function.
--
:wq Claudio
Index: main.c
===
RCS file: /cvs/src/usr.sbin/rpki-client/main.c,v
retrieving revision 1.218
diff -u -p -r1.218 main.c
--- main.c 2
On Fri, Sep 02, 2022 at 09:50:06PM +, Job Snijders wrote:
> Hi Claudio,
>
> This looks mostly OK, just a few nit:
>
> On Fri, Sep 02, 2022 at 10:02:33PM +0200, Claudio Jeker wrote:
> > @@ -1223,8 +1224,26 @@ repo_check_timeout(int timeout)
> > {
> > st
Lets try to finish work by stopping all syncs and fall back to what we
have in cache after 7/8 of the timeout (timeout - 1/2 repo_timeout).
This way we still have 1/8 of time to finish the calculation and produce
output.
Tested this diff by setting the deadline to fire after 60sec.
--
:wq
Split some overly long lines.
--
:wq Claudio
Index: main.c
===
RCS file: /cvs/src/usr.sbin/rpki-client/main.c,v
retrieving revision 1.215
diff -u -p -r1.215 main.c
--- main.c 30 Aug 2022 22:42:32 - 1.215
+++ main.c
This diff uses the now available aborts to stop repository
synchronisations once the timeout is hit.
I played with very short repo_timeouts and it seems to work better then
what we have now.
--
:wq Claudio
? obj
Index: extern.h
===
We want to be able to abort RRDP syncs. Now the problem is that depending
on the state the abort request is more or less complex. What needs to be
avoided is that a message received after the corresponding RRDP session
was removed. This is mainly the RRDP_FILE and RRDP_HTTP_FIN messages that
cause
The rsync process implements a limit by stopping to read commands
from its stdin once too many processes are run. This is all nice and fine
but it does not allow to send a abort request to the process reliably.
This diff refactors the rsync process and introduces a state queue which
can have more
bgpd no longer needs siphash.h and also remove a hash member and a
prototype which are now unused.
--
:wq Claudio
Index: rde.h
===
RCS file: /cvs/src/usr.sbin/bgpd/rde.h,v
retrieving revision 1.268
diff -u -p -r1.268 rde.h
---
Convert the rde_peer hash table to an RB tree. This is a bit more complex
because rde_peer list is used in a lot of places. As a bonus use
peer_foreach in mrt.c to write the table v2 peer header (this needs a
special callback struct because two values need to be passed to the
callback).
The rest
IMSG_CTL_SHOW_RIB_HASH is no longer used, GC it.
Also kill some global hash sizes which are not used anymore.
--
:wq Claudio
Index: bgpd.h
===
RCS file: /cvs/src/usr.sbin/bgpd/bgpd.h,v
retrieving revision 1.451
diff -u -p -r1.451
bgpctl show rib mem no longer shows any hash statistics so remove that
code from bgpctl as a first step. Also since show rib mem is a single
message adjust the code to be done after the message is received.
OK?
--
:wq Claudio
Index: bgpctl.c
Like all other hash tables use an RB tree instead.
Again the calculation of the hash can be skipped because the compare
function is probably fast enough.
--
:wq Claudio
? ktrace.out
? obj
Index: rde.c
===
RCS file:
On Wed, Aug 31, 2022 at 08:37:06AM +, Klemens Nanni wrote:
> On Fri, Aug 26, 2022 at 06:14:44PM +, Klemens Nanni wrote:
> > Naming the list like the struct itself makes for awful grepping.
> > Distinguish the list name; no functional change.
> >
> > Builds/runs fine on and64 and sparc64.
On Tue, Aug 30, 2022 at 09:51:46PM +0100, Stuart Henderson wrote:
> btw a few ports will likely pick this up:
>
> paths/devel/glib2.log:Checking for function "recvmmsg" : NO
> paths/net/tinc.log:checking for recvmmsg... no
> paths/net/knot.log:checking for recvmmsg... no
> paths/net/knot.log:
Currently if bgpd takes a long time to re-evaluate all prefixes because of
a ROA change a second update can come in before the first is processed.
This is not good. So add a barrier to only run one rde_roa_softreconfig
dump at a time.
If a dump is pending while a new roa set is received ignore
I'm on a mission to remove the hash tables :)
This one is for struct nexthop. Hopefully it makes nexthop_get a bit
better.
--
:wq Claudio
Index: rde.c
===
RCS file: /cvs/src/usr.sbin/bgpd/rde.c,v
retrieving revision 1.569
diff -u
On Tue, Aug 30, 2022 at 02:19:29PM +0200, Theo Buehler wrote:
> > Ah, I showed the diff separated from first one.
> > I'm sorry for confusing. The following diff is combined.
>
> Oh, I see.
>
> ok tb (feel free to land the diffs separately if you prefer).
Also OK claudio
--
:wq Claudio
Once rpki-client finished validating everything rpki moves valid files
into the validated cache. For RRDP invalid files currently in the valid
cache are moved back into the corresponding .rrdp directory. The problem
here is that in the .rrdp a same file exists we override the newer invalid
file
On Tue, Aug 30, 2022 at 11:18:01AM +0200, YASUOKA Masahiko wrote:
> b64decode(8) fails if a long line is given.
>
> % wc test
> 1 11370 test
> %
> % ./b64decode -r test > /dev/null
> b64decode: test: /dev/stdout: error decoding base64 input stream
> %
>
> uudecode.c
>
>
On Mon, Aug 29, 2022 at 07:44:33PM +0200, Theo Buehler wrote:
> On Mon, Aug 29, 2022 at 07:28:58PM +0200, Claudio Jeker wrote:
> > This diff removes the aspath cache. I tried replacing it with an RB tree
> > but it still consumes a lot of CPU cycles for little gain. So instea
On Mon, Aug 29, 2022 at 07:34:14PM +0200, Alexander Bluhm wrote:
> Hi,
>
> The diff below is needed to protect the receive socket buffer in
> UDP input with per PCB mutex.
>
> With that, parallel UDP input and soreceive can be activated. There
> are still issues with socket splicing and maybe
This diff removes the aspath cache. I tried replacing it with an RB tree
but it still consumes a lot of CPU cycles for little gain. So instead just
copy the aspath for all rde_aspath structs. It will use more memory but in
most cases the amount is in the 20-30% order.
This also includes a lot of
On Mon, Aug 29, 2022 at 05:49:06PM +0200, Theo Buehler wrote:
> On Mon, Aug 29, 2022 at 05:28:50PM +0200, Claudio Jeker wrote:
> > This is the 2nd RB tree transformation instead of the hash table.
> >
> > The rde.c part will probably conflict with the change for communi
On Mon, Aug 29, 2022 at 05:45:58PM +0200, Claudio Jeker wrote:
> On Mon, Aug 29, 2022 at 05:36:49PM +0200, Theo Buehler wrote:
> > On Mon, Aug 29, 2022 at 05:05:59PM +0200, Claudio Jeker wrote:
> > > The hash table for communities is not great. Instead of implementing
> > &
On Mon, Aug 29, 2022 at 05:36:49PM +0200, Theo Buehler wrote:
> On Mon, Aug 29, 2022 at 05:05:59PM +0200, Claudio Jeker wrote:
> > The hash table for communities is not great. Instead of implementing
> > dynamic hash resize use a RB tree. Also drop the hash calculation and
>
This is the 2nd RB tree transformation instead of the hash table.
The rde.c part will probably conflict with the change for communities.
--
:wq Claudio
? obj
Index: rde.c
===
RCS file: /cvs/src/usr.sbin/bgpd/rde.c,v
retrieving
The hash table for communities is not great. Instead of implementing
dynamic hash resize use a RB tree. Also drop the hash calculation and
just use memcmp() for now. My non scientific test seems to indicate that
the overhead of SipHash is about the same as the memcmp().
--
:wq Claudio
Index:
On Mon, Aug 29, 2022 at 04:47:51PM +0200, Theo Buehler wrote:
> On Mon, Aug 29, 2022 at 04:41:56PM +0200, Claudio Jeker wrote:
> > The RDE has a queue of pending updates and withdraws. Those are already
> > counted but not shown. On big setups it may be helpful to know about the
>
The RDE has a queue of pending updates and withdraws. Those are already
counted but not shown. On big setups it may be helpful to know about the
queue progress.
--
:wq Claudio
Index: bgpctl/output.c
===
RCS file:
On large bgpd instances the hash tables used for rde_aspath, aspath and
communities get overloaded to a point that aspath_get() consumes a large
amount of CPU time.
This diff improves the situation by a) using a RB tree for rde_aspath and
communities and b) dropping the hash table for aspath all
On Fri, Aug 26, 2022 at 04:15:43PM +0100, Stuart Henderson wrote:
> On 2022/08/26 09:49, Klemens Nanni wrote:
> > grep and CVS agree that this is a switch(4) left-over.
> >
> > OK?
>
> This is exported to userland isn't it?
I seariously hope not. All those caddr_t are kernel pointers.
In
On Fri, Aug 26, 2022 at 01:48:55PM +0200, Theo Buehler wrote:
> It occurred to me right after committing the previous change that it is
> doing the same thing as valid_uri(). Calling it is simpler and the
> additional "/." check won't hurt.
This is indeed OK. What worries me a bit is that the
On Fri, Aug 26, 2022 at 01:42:15PM +0200, Theo Buehler wrote:
> On Fri, Aug 26, 2022 at 10:58:38AM +0200, Claudio Jeker wrote:
> > Noticed on a route collector with >100 full feeds and well 80Mio prefixes.
> > On startup the RDE slurps in a lot of messages and then slowly process
Noticed on a route collector with >100 full feeds and well 80Mio prefixes.
On startup the RDE slurps in a lot of messages and then slowly processes
them. Those are mostly IMSG_UDPATE but the current code also queues
IMSG_SESSION_DOWN, IMSG_SESSION_UP and the graceful restart imsgs.
It does not
On Fri, Aug 26, 2022 at 09:57:19AM +0200, Theo Buehler wrote:
> First, if there's an issue opening the default skip list file other than
> its absence (most likely bad permissions), we should not silently ignore
> it. Also, let's display the error, so use err().
>
> Second, linelen, the return
The same change was done in bgpd and bgpctl. So here is bgplgd.
I replaced one bcopy() with memmove() since this is most probably an
overlapping memory move.
--
:wq Claudio
Index: qs.c
===
RCS file: /cvs/src/usr.sbin/bgplgd/qs.c,v
file ...\n");
> + " rpki-client [-Vv] [-d cachedir] [-t tal] -f file ...\n"
> + " rpki-client -p file ...\n");
> return 1;
> }
> Index: print.c
> ===
&g
On Thu, Aug 25, 2022 at 01:48:50PM +0100, Stuart Henderson wrote:
> On 2022/08/25 14:38, Claudio Jeker wrote:
> > On Thu, Aug 25, 2022 at 09:23:01AM +0100, Stuart Henderson wrote:
> > > On 2022/08/24 18:47, Denis Fondras wrote:
> > > > Le Tue, Aug 23, 2022 at 0
On Thu, Aug 25, 2022 at 09:23:01AM +0100, Stuart Henderson wrote:
> On 2022/08/24 18:47, Denis Fondras wrote:
> > Le Tue, Aug 23, 2022 at 06:28:12PM +0200, Claudio Jeker a écrit :
> > > I noticed that the "connection from non-peer" message can fill the log and
> &
I noticed that the "connection from non-peer" message can fill the log and
be so chatty that it is hard to see the other messages. The system I see
this on is a bit special since it gets hammered by incorrectly configured
systems. Maybe other people find this message helpful. If so please
speak up
On Mon, Aug 22, 2022 at 12:14:53PM +0200, Theo Buehler wrote:
> rpki-client portable makes sure that libcrypto has RFC 3779 support.
> Therefore the X509_verify_cert() call in valid_x509() will already
> perform the checks that the RFC 3779 extensions are covered along the
> chain. While
301 - 400 of 2249 matches
Mail list logo
