Re: libagentx: always initialize buf in ax_oidrange2string

2021-10-24 Thread Claudio Jeker
On Sun, Oct 24, 2021 at 06:31:29PM +0100, Martijn van Duren wrote: > This diff should be superfluous with the next diff, but I don't think > this should be left as is anyway. > > It's not a big problem, since it's a static buffer and it gets > initialized by previous calls, so it's always

rpki-client add regress print functions to main repo

2021-10-24 Thread Claudio Jeker
--- /dev/null 1 Jan 1970 00:00:00 - +++ usr.sbin/rpki-client/print.c24 Oct 2021 17:30:47 - @@ -0,0 +1,169 @@ +/* $OpenBSD$ */ +/* + * Copyright (c) 2021 Claudio Jeker + * Copyright (c) 2019 Kristaps Dzonsons + * + * Permission to use, copy, modify, and distribute this software

Re: simplify sys___thrsigdivert a bit

2021-10-23 Thread Claudio Jeker
On Sat, Oct 23, 2021 at 05:47:58PM +0200, Mark Kettenis wrote: > > Date: Sat, 23 Oct 2021 17:29:36 +0200 > > From: Claudio Jeker > > > > The sys___thrsigdivert code can be simplified a bit. It is possible to > > set the error before the loop and then ha

simplify sys___thrsigdivert a bit

2021-10-23 Thread Claudio Jeker
The sys___thrsigdivert code can be simplified a bit. It is possible to set the error before the loop and then have the loop exit after polling for pending signals. IMO the results looks nicer than what we have now. OK? -- :wq Claudio Index: kern/kern_sig.c

fix IO handling in rpki-client

2021-10-23 Thread Claudio Jeker
This diff changes the io read functions to work on ibufs. With this the poll loops will consume data with io_buf_read() until a full message is received and then that message is processed. Thanks to this the processes no longer block while waiting for more data in the io read functions. With this

Re: ixl(4): add checksum receive offloading

2021-10-22 Thread Claudio Jeker
On Fri, Oct 22, 2021 at 04:45:09PM +0200, Hrvoje Popovski wrote: > On 22.10.2021. 16:09, Florian Obser wrote: > > > > > > On 22 October 2021 13:55:20 CEST, Stuart Henderson > > wrote: > >> On 2021/10/22 11:25, Jan Klemkow wrote: > >>> this diff add hardware checksum offloading for the receive

fix symlink read in openrsync

2021-10-22 Thread Claudio Jeker
flist_gen_dirent() does a fts_read and inside that tries to read the symlink information. Now since fts_open did not specifiy FTS_NOCHDIR the symlink_read call needs to use ent->fts_accpath instead of f->path which was based on ent->fts_path. OK? -- :wq Claudio Index: flist.c

Re: retire hifn safe ubsec

2021-10-21 Thread Claudio Jeker
On Thu, Oct 21, 2021 at 04:30:02PM +0200, Alexander Bluhm wrote: > Hi, > > Goal is to retire the async crypto API. It is slow and adds > complexity which hinders MP progress in IPsec. It is used by the > old PCI devices hifn(4), safe(4), and ubsec(4). > > These devices are not common anymore.

normalize ldap DN in the config

2021-10-06 Thread Claudio Jeker
Run into this while setting up a new DN. The DN in namespace only matches if it is normalized. So it may be best to do this by default when adding a namespace. With this using a capitalized namespace like "o=OpenBSD,c=CA" will work. Also as a side note the rootdn is already normalized so no need

Re: sigwaitinfo(2) and sigtimedwait(2)

2021-09-28 Thread Claudio Jeker
On Sun, Sep 26, 2021 at 02:36:02PM +0200, Mark Kettenis wrote: > > Date: Fri, 24 Sep 2021 19:36:21 +0200 > > From: Rafael Sadowski > > > > I'm trying to port the more KDE stuff so my question is from porter > > perspective. > > > > I need sigwaitinfo(2)/sigtimedwait(2) and I found both

OpenBGPD 7.2 released

2021-09-23 Thread Claudio Jeker
We have released OpenBGPD 7.2, which will be arriving in the OpenBGPD directory of your local OpenBSD mirror soon. This release includes the following changes to the previous release: * Support for RFC 9072 - Extended Optional Parameters Lenght for BGP OPEN Message * Support for

bgpctl mrtdump adjustment

2021-09-22 Thread Claudio Jeker
In bgpd we do not follow the RFC8050 encoding for RIB_GENERIC_ADDPATH. Mainly because it does not fit the way the code works and also because the only other BGP implementation that seems to care about RIB_GENERIC_ADDPATH does it the same way. Because of this it makes no sense to parse

Re: tls_pending(3)

2021-09-16 Thread Claudio Jeker
On Thu, Sep 16, 2021 at 11:00:31PM +0200, Kristaps Dzonsons wrote: > Hi, > > I'm porting a nonblocking, polling OpenSSL system to libtls. However, I'm > not sure how this is non-hackily possible without SSL_pending(3) to detect > if less data is read with tls_read() than is buffered. > >

rpki-client RRDP delta vs snapshot sync

2021-09-14 Thread Claudio Jeker
I'm tired waiting 30min and more for apnic and idnic to finish their delta syncs with 1000+ deltas to fetch from a server on the other side of the planet. If a repo is more than 300 deltas behind just grab the snapshot, it is way faster in the end. The number 300 was selected to be not too low to

Re: rpki-client add back keep-alive to http requests

2021-09-10 Thread Claudio Jeker
On Thu, Sep 09, 2021 at 09:18:04AM -0600, Bob Beck wrote: > > ok beck@ > > On Thu, Sep 09, 2021 at 09:35:51AM +0200, Claudio Jeker wrote: > > While Connection: keep-alive should be the default it seems that at least > > some of the CA repositories fail to behav

rpki-client compare oid with OBJ_cmp

2021-09-09 Thread Claudio Jeker
Trying to remove work that is done over and over again. One of those checks are the various OID compares. Instead of converting the ASN1_OBJECT into a string and comparing the strings, convert the string into an ASN1_OBJECT once and then compare these objects with OBJ_cmp(). Any comments about

rpki-client add back keep-alive to http requests

2021-09-09 Thread Claudio Jeker
While Connection: keep-alive should be the default it seems that at least some of the CA repositories fail to behave like that. Adding back the Connection header seems to fix this and delta downloads go faster again. -- :wq Claudio Index: http.c

Re: do less recallocarray calls in rpki-client

2021-09-08 Thread Claudio Jeker
On Wed, Sep 08, 2021 at 05:40:31PM +0200, Theo Buehler wrote: > On Wed, Sep 08, 2021 at 03:05:41PM +0200, Claudio Jeker wrote: > > Looking at profiling information and the code made me realize that these > > recallocarray calls growing the array by one every time are unnecessar

do less recallocarray calls in rpki-client

2021-09-08 Thread Claudio Jeker
Looking at profiling information and the code made me realize that these recallocarray calls growing the array by one every time are unnecessary. The size of the array is known in advance so use that information and build it up ahead of time. In the roa case the IP list is double nested and so

Re: Change vm_dsize to vsize_t

2021-09-07 Thread Claudio Jeker
On Mon, Sep 06, 2021 at 12:39:56PM -0700, Greg Steuck wrote: > In the course of making ASan work on OpenBSD I ran into an accounting > limitation. struct vmspace declares vm_dsize as segsz_t (aka int32_t). > This effectively limits it to 2^31 pages (2^43 bytes on amd64). This > would be enough if

Re: iked(8): make proto option accept lists

2021-09-03 Thread Claudio Jeker
On Fri, Sep 03, 2021 at 10:12:57AM +0200, Sebastian Benoit wrote: > Tobias Heider(tobias.hei...@stusta.de) on 2021.09.02 15:39:46 +0200: > > The diff below makes iked accept a list of protocols for the "proto" config > > option in iked.conf(5). > > This would allow us to have a single policy with

Re: rpki-client add http_proxy support

2021-09-01 Thread Claudio Jeker
On Wed, Sep 01, 2021 at 09:38:55AM +, Job Snijders wrote: > On Tue, Aug 31, 2021 at 09:58:54AM +0200, Claudio Jeker wrote: > > This diff improves the http code by a) adding an IO timeout and b) > > implementing http_proxy support. > > > > Works for me using tinypro

Re: rpki-client exclude files from rsync fetch

2021-09-01 Thread Claudio Jeker
On Tue, Aug 31, 2021 at 02:23:57PM +0200, Claudio Jeker wrote: > RPKI repository can only include a few specific files, everything else is > just ignored and deleted after every fetch. Since openrsync supports > --exclude-file now we can use this to limit what is actually accepted by >

rpki-client exclude files from rsync fetch

2021-08-31 Thread Claudio Jeker
RPKI repository can only include a few specific files, everything else is just ignored and deleted after every fetch. Since openrsync supports --exclude-file now we can use this to limit what is actually accepted by the client. I used a config file in /etc/rpki instead of using multiple

rpki-client add http_proxy support

2021-08-31 Thread Claudio Jeker
This diff improves the http code by a) adding an IO timeout and b) implementing http_proxy support. Works for me using tinyproxy as proxy server. -- :wq Claudio Index: encoding.c === RCS file:

Re: route(1): add an address family validation

2021-08-27 Thread Claudio Jeker
On Fri, Aug 27, 2021 at 03:58:23PM +0900, morimoto wrote: > hi, > I found an interesting issue while toying routing. > route(1) accepts IPv4 destination and IPv6 gateway entry. > command is as below: > route add 192.0.2.1 2001:db8::1 > > Curiously it has no error. > The entry is pointless, I

Re: bgpd MRT RFC8050 support (add-path for mrt dumps)

2021-08-18 Thread Claudio Jeker
On Mon, Aug 09, 2021 at 12:17:47PM +0200, Claudio Jeker wrote: > This diff adds the bits needed to support add-path in MRT dumps. > The problem here is that MRT as a stateless protocol has no chance > to know what kind of encoding (add-path or not) is used for the NLRI in > m

Re: libedit: stop ignoring SIGINT

2021-08-09 Thread Claudio Jeker
On Mon, Aug 09, 2021 at 01:19:08PM +0200, Ingo Schwarze wrote: > Hi, > > as mentioned earlier, deraadt@ reported that sftp(1) ignores Ctrl-C. > Fixing that without longjmp(3) requires making editline(3) better > behaved. > > Currently, when read(2) from the terminal gets interrupted by a >

bgpd MRT RFC8050 support (add-path for mrt dumps)

2021-08-09 Thread Claudio Jeker
This diff adds the bits needed to support add-path in MRT dumps. The problem here is that MRT as a stateless protocol has no chance to know what kind of encoding (add-path or not) is used for the NLRI in message dumps. And for table dumps there is a need to add an extra field to the dumps to show

Re: bgpd add add-path receive support

2021-08-09 Thread Claudio Jeker
On Fri, Aug 06, 2021 at 08:34:18PM +0200, Sebastian Benoit wrote: > Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.08.04 17:55:45 +0200: > > On Fri, Jul 30, 2021 at 12:02:12PM +0200, Claudio Jeker wrote: > > > This diff implements the bit to support the receive sid

Re: bgpd add add-path receive support

2021-08-04 Thread Claudio Jeker
On Fri, Jul 30, 2021 at 12:02:12PM +0200, Claudio Jeker wrote: > This diff implements the bit to support the receive side of > RFC7911 - Advertisement of Multiple Paths in BGP. > > I did some basic tests and it works for me. People running route > collectors should

Re: rpki-client support more http status codes

2021-08-04 Thread Claudio Jeker
On Wed, Aug 04, 2021 at 10:53:39AM +0200, Claudio Jeker wrote: > This adds a few more HTTP Status codes to the mix of the accepted ones. > Mainly 100, 103 and 203 are now also accepted. All other codes in the 1xx > and 2xx are still considered an error since they are not expected from

rpki-client support more http status codes

2021-08-04 Thread Claudio Jeker
This adds a few more HTTP Status codes to the mix of the accepted ones. Mainly 100, 103 and 203 are now also accepted. All other codes in the 1xx and 2xx are still considered an error since they are not expected from the GET request made by the http client. This is a minimal HTTP client and it

bgpd add add-path receive support

2021-07-30 Thread Claudio Jeker
This diff implements the bit to support the receive side of RFC7911 - Advertisement of Multiple Paths in BGP. I did some basic tests and it works for me. People running route collectors should give this a try. The interaction of Add-Path and bgpctl probably needs some work. Also the MRT dumper

Re: Do not spin on the NET_LOCK() in kqueue

2021-07-29 Thread Claudio Jeker
On Thu, Jul 29, 2021 at 09:51:43AM +0200, Martin Pieuchot wrote: > On 26/07/21(Mon) 09:23, Martin Pieuchot wrote: > > On 26/07/21(Mon) 08:55, Martin Pieuchot wrote: > > > On 21/07/21(Wed) 10:18, Martin Pieuchot wrote: > > > > On 11/07/21(Sun) 14:45, Visa Hankala wrote: > > > > > On Sat, Jul 10,

Re: rpki-client: adjust HTTP/1.1 request string

2021-07-23 Thread Claudio Jeker
On Fri, Jul 23, 2021 at 05:28:33PM +0200, Sebastian Benoit wrote: > Job Snijders(j...@openbsd.org) on 2021.07.23 15:23:49 +: > > Hi all, > > > > Based on suggestions from Julian Reschke. > > > > * "Connection: keep-alive" isn't needed, as the HTTP 1.1 default is to > > use persistent

bgpd support for RFC9072

2021-07-19 Thread Claudio Jeker
This adds support for RFC9072: Extended Optional Parameters Length for BGP OPEN Message. I did not add any knobs to force the new format. Seems to work for me (tested both formats with bgpd). The other ususal suspects have no support yet so lets see. -- :wq Claudio Index: bgpd.8

Re: bgpd refactor struct prefix

2021-07-14 Thread Claudio Jeker
On Tue, Jun 29, 2021 at 12:00:24PM +0200, Claudio Jeker wrote: > This diff moves the rib_entry pointer re into the union to safe some > space. For add-path I need to add a few more u_int32_t and that would > blow the size of struct prefix from 128 to 132 bytes. malloc would round

rsync getopt_long cleanup

2021-07-13 Thread Claudio Jeker
I never really liked the getopt_long definitions in rsync. Too much magic and chaos. This moves the table out of main to gain some more space and to make it a proper read-only object. Because of this struct opts also needs to become a global but that is OK. Clean up the required_argument options

bgpctl add support for RFC8050 (add-path support for MRT parser)

2021-07-13 Thread Claudio Jeker
This diff adds support to read MRT files using the new introduced _ADDPATH types as defined in RFC8050. I also started adding MRT support to bgpd but that depends on ADD-PATH itself. There are a few gotchas, especially the MRT_DUMP_V2 RIB_GENERIC_ADDPATH handling is different from all other RIB

Re: rsync fix symlink discovery

2021-07-06 Thread Claudio Jeker
I'll have a look at this. I do agree that the code should be improved overall. > Philip Guenther > > On Fri, Jul 2, 2021 at 4:46 AM Claudio Jeker > wrote: > > > Hit this today while doing some tests. symlink_read() needs to use just > > the filename and not the full path

rsync fix symlink discovery

2021-07-02 Thread Claudio Jeker
Hit this today while doing some tests. symlink_read() needs to use just the filename and not the full path because fts_read(3) does chdir internally. Without this I got: openrsync: error: ./obj/openrsync.1: readlink: No such file or directory openrsync: error: symlink_read openrsync: error:

Re: compare-dest support for openrsync

2021-07-02 Thread Claudio Jeker
On Wed, Jun 30, 2021 at 05:47:16PM +0200, Claudio Jeker wrote: > Thge compare-dest option of rsync is something I would like to use in > rpki-client. This implements just that and I think after that adding > copy-dest and link-dest options should be somewhat easy to add as well. > Li

Re: systat(1) counter overflow

2021-07-02 Thread Claudio Jeker
On Fri, Jul 02, 2021 at 01:09:05PM +0200, Martin Pieuchot wrote: > On 01/07/21(Thu) 13:53, Anindya Mukherjee wrote: > > Hi, > > > > I noticed that if I leave the system running for more than about a month, > > some > > of the counters in the uvm view of systat(1) overflow and become negative. >

compare-dest support for openrsync

2021-06-30 Thread Claudio Jeker
Claudio Jeker + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR

Re: patch: __realpath: no need of LOCKLEAF

2021-06-29 Thread Claudio Jeker
On Sat, Jun 26, 2021 at 07:07:42AM +0200, Sebastien Marie wrote: > Hi, > > The following diff removes LOCKLEAF from NDINIT. The code doesn't > doesn't need it: the returned vnode is released immediately. The > string path is built from the namei() call using REALPATH, during > directories

bgpd refactor struct prefix

2021-06-29 Thread Claudio Jeker
This diff moves the rib_entry pointer re into the union to safe some space. For add-path I need to add a few more u_int32_t and that would blow the size of struct prefix from 128 to 132 bytes. malloc would round that up to 256bytes and that is bad for the struct that is allocted in millions in

Re: recvmsg returns MSG_DONTWAIT

2021-06-27 Thread Claudio Jeker
On Sun, Jun 27, 2021 at 05:28:09PM +0200, Mark Kettenis wrote: > > Date: Sun, 27 Jun 2021 13:36:03 + > > From: Klemens Nanni > > > > On Sat, Jun 12, 2021 at 11:54:58PM -0700, Greg Steuck wrote: > > > I started with a failing test for Haskell network package on 6.9-current > > > amd64 > > >

OpenBGPD 7.1 released

2021-06-25 Thread Claudio Jeker
We have released OpenBGPD 7.1, which will be arriving in the OpenBGPD directory of your local OpenBSD mirror soon. This release includes the following changes to the previous release: * OpenBSD 6.9 errata 009 During bgpd(8) config reloads prefixes of the wrong address family could

bgpd refactor network flush code a bit

2021-06-24 Thread Claudio Jeker
The network flush code only operates on peerself (like all the other network commands). Instead of passing a peer to the tree walker just default to peerself in network_flush_upcall(). This makes the code more obivous that it operates on peerself. -- :wq Claudio Index: rde.c

bgpd shuffle some code around

2021-06-24 Thread Claudio Jeker
In rde_update_dispatch() do the AFI check for IPv4 prefixes before extracting the prefix. This is similar to what the MP code does and is also more logical. OK? -- :wq Claudio Index: rde.c === RCS file:

Re: bgpd fix bad free() call when deflating aspath

2021-06-24 Thread Claudio Jeker
On Tue, Jun 22, 2021 at 08:19:22PM +0200, Claudio Jeker wrote: > I changed the way up_generate_attr() calls aspath_deflate() but did not > realize that aspath_deflate() frees the pdata at the end. That free should > no longer happen but for that also the mrt case where aspath_deflate(

bgpd refactor some common code for add-path

2021-06-22 Thread Claudio Jeker
Adjust the way nlri get extracted from the MP attrs. Instead of switch statements with a while loop for each case move the while loop out and only do the nlri_get_* call in the switch statement. The mpp and mplen adjustmens and the call to rde_update_update and rde_update_withdraw are also moved

bgpd fix bad free() call when deflating aspath

2021-06-22 Thread Claudio Jeker
I changed the way up_generate_attr() calls aspath_deflate() but did not realize that aspath_deflate() frees the pdata at the end. That free should no longer happen but for that also the mrt case where aspath_deflate() needs to be adjusted. With this both the mrt and as0 integration test pass

bgpd fix add-path capability encoding

2021-06-22 Thread Claudio Jeker
Dumb copy paste error. The add-path capability is 4byte per AFI/SAFI the 2 + is from graceful restart where two extra bytes are at the front of the AFI/SAFI list. -- :wq Claudio Index: session.c === RCS file:

Re: setitimer(2): increase interval upper bound to UINT_MAX seconds

2021-06-18 Thread Claudio Jeker
On Thu, Jun 17, 2021 at 08:41:39PM -0500, Scott Cheloha wrote: > On Fri, Jun 11, 2021 at 12:17:02PM -0500, Scott Cheloha wrote: > > Hi, > > > > setitimer(2) has a one hundred million second upper bound for timers. > > Any timer interval larger than this is considered invalid and we set > >

Re: bgpd support for enhanced route refresh

2021-06-17 Thread Claudio Jeker
On Thu, Jun 17, 2021 at 01:40:01PM +, Job Snijders wrote: > On Thu, Jun 17, 2021 at 03:29:38PM +0200, Claudio Jeker wrote: > > On Thu, Jun 17, 2021 at 01:25:07PM +, Job Snijders wrote: > > > On Thu, Jun 17, 2021 at 12:24:16PM +0200, Claudio Jeker wrote: > > > &

Re: bgpd support for enhanced route refresh

2021-06-17 Thread Claudio Jeker
On Thu, Jun 17, 2021 at 01:25:07PM +, Job Snijders wrote: > On Thu, Jun 17, 2021 at 12:24:16PM +0200, Claudio Jeker wrote: > > On Mon, Jun 14, 2021 at 05:10:07PM +0200, Claudio Jeker wrote: > > > On Thu, May 27, 2021 at 06:24:06PM +0200, Claudio Jeker wrote: > > > &g

Re: bgpd support for enhanced route refresh

2021-06-17 Thread Claudio Jeker
On Mon, Jun 14, 2021 at 05:10:07PM +0200, Claudio Jeker wrote: > On Thu, May 27, 2021 at 06:24:06PM +0200, Claudio Jeker wrote: > > Implement RFC 7313 enhanced route refresh. > > > > While there also change when graceful restart EoR markers are sent. > > In short

bgpd refactor common code

2021-06-17 Thread Claudio Jeker
To not recreate the issue of missing another check in one of the up_generate_updates() call points factor out the common code into rde_skip_peer(). I hope this way a similar f-up can be avoided -- :wq Claudio ? obj Index: rde.c ===

Re: bgpd show proper info in Adj-RIB-Out

2021-06-16 Thread Claudio Jeker
On Tue, Jun 15, 2021 at 06:14:38PM +0200, Claudio Jeker wrote: > The Adj-RIB-Out should show what is sent to the peer. bgpd did not fully > do that since it adjusted the ASPATH and the nexthop afterwards when > building the actual UPDATE. > > This diff changes that and moves the

Re: Fix unsafe snmpd defaults

2021-06-15 Thread Claudio Jeker
On Tue, Jun 15, 2021 at 07:25:30PM +0200, Florian Obser wrote: > On 2021-06-15 17:39 +01, Stuart Henderson wrote: > > Can we take a straw poll of readers of this email who are using SNMPv3 > > (if any ;-) -- are you using auth+enc, just auth, or no authentication? > > I'm thinking that somebody

Re: Rationale behind exec clearing out unveil paths

2021-06-15 Thread Claudio Jeker
On Tue, Jun 15, 2021 at 04:33:19PM +, dz...@disroot.org wrote: > >> And I am not letting someone write to the filesystem. Yet, they can > >> bypass that easily. `unveil("/", "rx")` gives a false illusion of > >> security, which can even trip up OpenBSD maintainers (more below). > > > > That

bgpd show proper info in Adj-RIB-Out

2021-06-15 Thread Claudio Jeker
The Adj-RIB-Out should show what is sent to the peer. bgpd did not fully do that since it adjusted the ASPATH and the nexthop afterwards when building the actual UPDATE. This diff changes that and moves the ASPATH prepend for ebgp sessions and the selection of the nexthop. Thanks to this the

Re: Rationale behind exec clearing out unveil paths

2021-06-15 Thread Claudio Jeker
On Tue, Jun 15, 2021 at 11:21:03AM +, dz...@disroot.org wrote: > > "Theo de Raadt" wrote: > > Have you found anything which implies that unveil persists? > I haven't found anything which implies that unveil doesn't persist either. > Do you think that the documentation should keep developers

Re: bgpd support for enhanced route refresh

2021-06-14 Thread Claudio Jeker
On Thu, May 27, 2021 at 06:24:06PM +0200, Claudio Jeker wrote: > Implement RFC 7313 enhanced route refresh. > > While there also change when graceful restart EoR markers are sent. > In short the graceful restart marker should only be sent initally. After > that the End of Route

Re: patch: unveil: remove some leftover of UNVEIL_INSPECT usage with ni_unveil

2021-06-09 Thread Claudio Jeker
On Fri, Mar 12, 2021 at 08:41:59AM +0100, Sebastien Marie wrote: > Hi, > > The following diff is a cleanup to remove two leftover checks, which > were used when ni_unveil was used with UNVEIL_INSPECT: > > it was used by: > - readlink(2) - removed 2019-08-31 > > Make readlink require

Re: setitimer(2): don't round up it_value

2021-06-09 Thread Claudio Jeker
On Thu, May 27, 2021 at 06:29:04PM -0500, Scott Cheloha wrote: > On Wed, May 19, 2021 at 10:32:55AM -0500, Scott Cheloha wrote: > > On Wed, May 12, 2021 at 01:15:05PM -0500, Scott Cheloha wrote: > > > > > > [...] > > > > > > Paul de Weerd mentioned off-list that the initial expiration for an > >

OpenBGPD 7.0 released

2021-06-04 Thread Claudio Jeker
We have released OpenBGPD 7.0, which will be arriving in the OpenBGPD directory of your local OpenBSD mirror soon. This release includes the following changes to the previous release: * Stop processing queued UPDATES when the max-prefix limit was reached. * Improve negotiation for route

Re: vmd: Fix grammar for random lladdr

2021-06-02 Thread Claudio Jeker
On Wed, Jun 02, 2021 at 08:24:53AM -0400, Dave Voutila wrote: > > Martin Vahlensieck writes: > > > Index: parse.y > > === > > retrieving revision 1.56 > > diff -u -p -r1.56 parse.y > > --- parse.y 23 Sep 2020 19:18:18 -

Re: setitimer(2): don't round up it_value

2021-05-28 Thread Claudio Jeker
On Fri, May 28, 2021 at 08:15:20AM +0200, Mark Kettenis wrote: > > Date: Thu, 27 May 2021 18:29:04 -0500 > > From: Scott Cheloha > > Sorry, but does is one of those areas where I'm not very aware how the > interfaces are used by applications. So my default position is: > "don't change it".

bgpd support for enhanced route refresh

2021-05-27 Thread Claudio Jeker
Implement RFC 7313 enhanced route refresh. While there also change when graceful restart EoR markers are sent. In short the graceful restart marker should only be sent initally. After that the End of Route Refresh message should be sent instead. Because of this track if an EoR marker was received

bgpd move deck chairs to port

2021-05-27 Thread Claudio Jeker
Just rename and move some functions used to get per-peer settings to the hopefully better names peer_has_as4byte() and peer_accept_no_as_set(). -- :wq Claudio Index: rde.c === RCS file: /cvs/src/usr.sbin/bgpd/rde.c,v retrieving

Re: bgpd extend capability support (add-path, enhanced rr)

2021-05-25 Thread Claudio Jeker
On Tue, May 18, 2021 at 05:35:01PM +0200, Claudio Jeker wrote: > bgpd(8) will soon support ADD-PATH (RFC7911) and enhanced route refresh > (RFC7313). This is the frist step toward this. > It add the capability parsers, extends the capability struct and adds the > capability nego

Re: bgpd upgrade to RFC6793

2021-05-25 Thread Claudio Jeker
On Tue, May 18, 2021 at 12:48:06PM +0200, Claudio Jeker wrote: > Our four-byte AS support dates back to the days of the original draft. > Since then a new RFC 6793 got released that adjusted the error handling a > bit. RFC 6793 just treats any error on AS4_PATH attribute with attribu

Re: vmd(8): add MTU feature support to vionet device

2021-05-24 Thread Claudio Jeker
On Sun, May 23, 2021 at 10:25:38PM -0400, Dave Voutila wrote: > The following diff adds in virtio 1.1's VIRTIO_NET_F_MTU feature support > to vmd(8)'s virtio networking device. This allows for communicating an MTU > to the guest driver and then enforcing it in the emulated device. > > When the

Re: bgpd adjust graceful restart capability negotiation

2021-05-20 Thread Claudio Jeker
On Tue, May 18, 2021 at 02:06:15PM +0200, Claudio Jeker wrote: > When I adjusted the capability negotiation to check both sides for > presence I made the graceful restart capability lose all AFI/SAFI > elements for the peer capabilities. > > This can be viewed with bgpct

Re: move copyout() in DIOCGETSTATES outside of NET_LOCK() and state_lcok

2021-05-20 Thread Claudio Jeker
On Thu, May 20, 2021 at 09:37:38AM +0200, Martin Pieuchot wrote: > On 20/05/21(Thu) 03:23, Alexandr Nedvedicky wrote: > > Hrvoje gave a try to experimental diff, which trades rw-locks in pf(4) > > for mutexes [1]. Hrvoje soon discovered machine panics, when doing 'pfctl > > -ss' > > The callstack

bgpd extend capability support (add-path, enhanced rr)

2021-05-18 Thread Claudio Jeker
bgpd(8) will soon support ADD-PATH (RFC7911) and enhanced route refresh (RFC7313). This is the frist step toward this. It add the capability parsers, extends the capability struct and adds the capability negotiation bits. The route refresh parser and generator are extended to support the BoRR and

bgpd adjust graceful restart capability negotiation

2021-05-18 Thread Claudio Jeker
When I adjusted the capability negotiation to check both sides for presence I made the graceful restart capability lose all AFI/SAFI elements for the peer capabilities. This can be viewed with bgpctl show nei: e.g Description: beznau-1 BGP version 4, remote router-id 192.168.0.252 BGP state

bgpd upgrade to RFC6793

2021-05-18 Thread Claudio Jeker
Our four-byte AS support dates back to the days of the original draft. Since then a new RFC 6793 got released that adjusted the error handling a bit. RFC 6793 just treats any error on AS4_PATH attribute with attribute drop with the hope that the AS_PATH is better. The reason is a bit

Re: httpd with rdomain

2021-05-17 Thread Claudio Jeker
On Mon, May 17, 2021 at 05:11:41PM +0200, Peter J. Philipp wrote: > Hi, > > I found myself wanting this, this morning. I made a patch but then I put it > in the wrong spot, and noticed it needed rewriting of SERVER in parse.y. > Later in the day I found myself looking into this, and a better

limit concurrent RTR connects in bgpd

2021-05-14 Thread Claudio Jeker
I think it is a good idea to limit the number of concurrent connects in bgpd. I used 32 as the limit since that is way enough for the number of RTR sessions people will configure. If the limit is hit the request will be dropped and the rtr process will retry the connect after the retry timeout.

Re: Fix mbuf leaks in re_rxeof()

2021-05-14 Thread Claudio Jeker
On Thu, May 13, 2021 at 02:40:31PM +, Visa Hankala wrote: > It looks that re_rxeof() might leak mbufs in two cases. The first case > happens if the controller returns an incomplete frame when frames are > expected to be non-fragmented. Note that in this instance the fragment > list sc->rl_head

bgpd strict community negotiation

2021-05-12 Thread Claudio Jeker
RFC5492 is fairly explicit when a capability should be enabled on a session: A BGP speaker that supports a particular capability may use this capability with its peer after the speaker determines (as described above) that the peer supports this capability. Simply put, a given

Re: [Diff] Implement multiple device cloning for hotplug

2021-05-12 Thread Claudio Jeker
On Wed, May 12, 2021 at 10:03:13AM -0400, Ashton Fagg wrote: > joshua stein writes: > > > I'm glad I could inspire you to repost the work I already did years > > ago. > > I'm not sure if you're being sarcastic. > > > But either way, if a driver is causing a panic because it responds > >

fix rpki-client on alpine using libressl

2021-05-11 Thread Claudio Jeker
So on Alpine Linux the libressl version is older then the fix to ASN1_time_parse (rev 1.16 of lib/libcrypto/asn1/a_time_tm.c). Because of this the expire times shown in the CSV and JSON output are all over the place. Lets add explicit memset before calling ASN1_time_parse() to make this work even

Re: bgpd fix for rde evaluate all

2021-05-11 Thread Claudio Jeker
On Tue, May 04, 2021 at 09:55:32AM +0200, Claudio Jeker wrote: > Noticed by the arouteserver author Pier Carlo Chiodi the new rde evaluate > all feature has a bug when a 2nd best route is withdrawn. In that case > that route got not withdrawn from the adj-rib-out. > &

rpki-client fix possible uninitalised variables

2021-05-11 Thread Claudio Jeker
Modern gcc warns about these variables being not initalized. main.c: In function 'main': main.c:1064:11: warning: 'rrdppid' may be used uninitialized in this function [-Wmaybe-uninitialized] else if (pid == rrdppid) ^ rrdp_delta.c: In function 'start_publish_withdraw_elem':

Re: bgpd, non-blocking rtr connect

2021-05-10 Thread Claudio Jeker
On Mon, May 03, 2021 at 05:37:36PM +0200, Claudio Jeker wrote: > The RTR session was opened with a blocking connect() call. This is rather > bad if the RTR peer does not exist since then bgpd will block until the > connect timed out. This diff makes the connect() call non

rsync fix file handling in uploader

2021-05-07 Thread Claudio Jeker
So yesterday I committed a change to simplify file handling. This removed the O_NONBLOCK flag from openat() but today I realized that this was a bit premature. The code at that point does not know if the file is actually a regular file and so if you put a fifo in place of a regular file it will

rsync exit code and error cleanup

2021-05-07 Thread Claudio Jeker
Currently our rsync does not follow the exit codes from rsync. Also the error handling is complex because ERR() and ERRX() are not terminating the process. This diff tries to start cleaning up the mess a bit. Introduce some exit codes to use and apply them in places where it is obvious. The

rpki-client don't clobber errno in mkpath

2021-05-06 Thread Claudio Jeker
Noticed while looking at the same version in rsync. free() may clobber errno so better save the value before calling free(). Also update the comment, remove all those arguments I removed :) -- :wq Claudio Index: mkdir.c === RCS

more rsync cleanup

2021-05-06 Thread Claudio Jeker
As noticed by benno@ the blk.blks buffer is leaked in some cases. Fix those and cleanup up the pre_* functions a bit more. I increased the diff context a bit to make the diff easier to read. -- :wq Claudio Index: uploader.c === RCS

Re: simplify the openrsync uploader

2021-05-06 Thread Claudio Jeker
On Wed, May 05, 2021 at 11:34:17PM +0200, Sebastian Benoit wrote: > Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.05.05 17:53:20 +0200: > > The rsync uploader (what is the generator in rsync) can be simplified and > > cleaned up a fair bit. > > > > There is some c

make rsync -v less verbose

2021-05-05 Thread Claudio Jeker
I like rsync -v but hell it is noisy with openrsync. Just shut up about all the files that have not changed unless you go -vv. -- :wq Claudio Index: downloader.c === RCS file: /cvs/src/usr.bin/rsync/downloader.c,v retrieving

simplify the openrsync uploader

2021-05-05 Thread Claudio Jeker
The rsync uploader (what is the generator in rsync) can be simplified and cleaned up a fair bit. There is some confusion of non-blocking IO on regular files and the idea to poll() between openat() and fstat(). This is all not needed and therefor a lot of the code handling files can be moved into

openrsync mini cleanup

2021-05-05 Thread Claudio Jeker
Normalize some code. -- :wq Claudio Index: receiver.c === RCS file: /cvs/src/usr.bin/rsync/receiver.c,v retrieving revision 1.25 diff -u -p -r1.25 receiver.c --- receiver.c 24 Nov 2020 16:54:44 - 1.25 +++ receiver.c 5

Re: unlock lseek(2)

2021-05-05 Thread Claudio Jeker
On Sat, May 01, 2021 at 08:19:19AM +0200, Anton Lindqvist wrote: > Hi, > In August 2019 I tried to unlock lseek(2) which failed since the vnode > lock could not be acquired without holding the kernel lock back then, > found the hard way. claudio@ recently[1] make it possible to acquire a > vnode

bgpd better reload behaviour

2021-05-05 Thread Claudio Jeker
The peer flags (mainly rde evaluate all but also transparent-as) and the export options (none, default) are not properly handled on a config reload. In both cases a full session restart is needed after the config reload (with a bit of extra wait time to ensure that the peer config is actually up

<    4   5   6   7   8   9   10   11   12   13   >