On Tue, Jan 05, 2021 at 11:17:22AM +0100, Claudio Jeker wrote:
> While changing log_addr() I noticed that struct bgpd_addr could benefit
> from changing the encoding of AID_VPN_IPv4 and AID_VPN_IPv6 addrs.
> Instead of having independent route distinguishers and labelstacks use
> c
On Wed, Jan 06, 2021 at 01:02:50PM +0100, Claudio Jeker wrote:
> The code in ospf6d is a bit broken when it comes to point-to-point links.
> This diff fixes this by a) using the neighbor address instead of the unset
> interface destination address and by b) matching the incomming packet
On Fri, Dec 18, 2020 at 11:36:33AM +0100, Claudio Jeker wrote:
> In preparation for RTR support this diff changes the internal
> representation of roa-set to a simple RB tree based on struct roa.
> The big difference is that overlapping roas, e.g.
> 10/8 source-as 3
>
On Thu, Dec 17, 2020 at 01:26:09PM +0100, Claudio Jeker wrote:
> getifaddrs can return a struct ifaddrs entry with a NULL ifa_addr.
> I think an unnumbered point-to-point interface can trigger this.
> So better check for it before accessing anything in ifa_addr.
I will commit this la
On Thu, Dec 10, 2020 at 02:42:49PM +0100, Claudio Jeker wrote:
> On Thu, Dec 03, 2020 at 10:59:29PM +0100, Claudio Jeker wrote:
> > The use of roa-set, prefix-set and as-set is fairly common in bgpd.
> > Still sometimes it is not exactly clear how old the data in those tables
&g
On Tue, Dec 29, 2020 at 03:42:20PM +0100, Sebastian Benoit wrote:
> Hi,
>
> claudios bgpd diff and florian mentioning rad(8) made me look into usr.sbin/
> for getifaddrs() usage. I think these need a NULL check as well.
>
> ok?
Looks OK to me.
> diff --git usr.sbin/ospf6d/parse.y
On Tue, Dec 29, 2020 at 04:20:04PM +0100, Sebastian Benoit wrote:
>
> More missing checks, outside of usr.sbin.
>
> Missing: isakmpd and ifconfig
> I have not yet looked at libc internal use, libpcap and regress/.
>
> ok?
Looks good to me.
> diff --git sbin/iked/parse.y sbin/iked/parse.y
>
On Wed, Jan 06, 2021 at 10:27:42AM +0100, Claudio Jeker wrote:
> Linux and FreeBSD both support the use of struct ip_mreqn in
> IP_ADD_MEMBERSHIP and IP_DROP_MEMBERSHIP. This struct adds one more field
> to pass an interface index to the kernel (instead of using the IP
> address).
On Wed, Jan 06, 2021 at 10:27:42AM +0100, Claudio Jeker wrote:
> Linux and FreeBSD both support the use of struct ip_mreqn in
> IP_ADD_MEMBERSHIP and IP_DROP_MEMBERSHIP. This struct adds one more field
> to pass an interface index to the kernel (instead of using the IP
> address).
Currently rpki-client keeps all pending work on a queue and only removes
it from the queue at once it got processed. The only bit that the parent
rpki-client process needs from the queue is the type when processing the
response. So instead of passing the id pass the type back from the parser.
Here is my try to extend ip(4) to also document struct ip_mreqn.
Not sure what is the best way to document the option to use either struct
ip_mreq or struct ip_mreqn with IP_ADD_MEMBERSHIP.
--
:wq Claudio
Index: ip.4
===
RCS file:
On Thu, Nov 26, 2020 at 08:25:48PM +1100, Jonathan Gray wrote:
> On Tue, Nov 24, 2020 at 07:20:46PM -0600, Scott Cheloha wrote:
> > Hi,
> >
> > Both kettenis@ and mpi@ have mentioned in private that my proposed
> > changes to tsleep_nsec(9) etc. would be nicer if we could just get rid
> > of
Use asprintf with %.*s to construct the path based on the mft file
location and the filename of the referenced file.
Since the * field in printf(3) is expecting an int type, typecast the
ptrdiff_t to an int. Add an assert check to make sure there is no
overflow. Also do the same overflow check in
On Thu, Dec 03, 2020 at 03:48:00PM +0100, Christian Weisgerber wrote:
> Claudio Jeker:
>
> > In tal_parse() use strndup() to create the tal descr instead of the more
> > complex malloc, memcpy version. Result is the same but the strndup version
> >
In tal_parse() use strndup() to create the tal descr instead of the more
complex malloc, memcpy version. Result is the same but the strndup version
is a lot nicer.
OK?
--
:wq Claudio
Index: tal.c
===
RCS file:
On Wed, Dec 02, 2020 at 12:19:11PM +0100, Claudio Jeker wrote:
> The overflow check for the relative metric adjustments of filtersets
> assumes a certain overflow behaviour of signed integers. I think it is
> better to write this in a way that does not involve an overflow.
>
Here a
On Mon, Dec 07, 2020 at 01:00:05PM +0900, Yuichiro NAITO wrote:
> Hi.
>
> I have set up OpenBSD as a IPsec gateway and tried to forward IPv6 packets.
> But IPv6 packets are not forwarded via IPsec tunnel.
> IPv4 forwarding via IPsec works for me.
>
> Of course, I set following MIBs.
>
>
On Mon, Dec 07, 2020 at 10:13:44AM -0300, Martin Pieuchot wrote:
> On 05/12/20(Sat) 22:34, Jonathan Matthew wrote:
> > On Fri, Dec 04, 2020 at 10:03:46AM -0300, Martin Pieuchot wrote:
> > > On 04/12/20(Fri) 12:01, Jonathan Matthew wrote:
> > > > On Wed, Dec 02, 2020 at 11:41:04AM -0300, Martin
The use of roa-set, prefix-set and as-set is fairly common in bgpd.
Still sometimes it is not exactly clear how old the data in those tables
is. This diff is a first step at inproving inspection by adding
bgpctl show sets
Sample output is:
Type Name #IPv4
On Fri, Dec 04, 2020 at 12:17:31PM -0600, Scott Cheloha wrote:
> On Fri, Dec 04, 2020 at 09:56:02AM +0100, Claudio Jeker wrote:
> > On Thu, Dec 03, 2020 at 10:05:30PM -0600, Scott Cheloha wrote:
> > > Hi,
> > >
> > > srp_finalize(9) uses tsleep(9) to
On Fri, Dec 04, 2020 at 12:08:39PM -0600, Scott Cheloha wrote:
> On Fri, Dec 04, 2020 at 10:07:07AM +0100, Claudio Jeker wrote:
> > On Thu, Dec 03, 2020 at 10:42:50PM -0600, Scott Cheloha wrote:
> > > Hi,
> > >
> > > mbg(4) is among the few remaining drivers us
On Mon, Dec 07, 2020 at 09:55:06PM +, Job Snijders wrote:
> On Mon, Dec 07, 2020 at 10:03:57PM +0100, Claudio Jeker wrote:
> > So ghostbuster records (rfc6493) are showing up in RPKI datasets and
> > instead of silently ignoring them rpki-client should first of all validate
&g
So ghostbuster records (rfc6493) are showing up in RPKI datasets and
instead of silently ignoring them rpki-client should first of all validate
the file hash in the manifest and later on also validate the CMS data.
This first diff does ensure that all files in an mft are present and have
a valid
On Mon, Dec 07, 2020 at 10:54:26PM -0600, Scott Cheloha wrote:
> On Wed, Dec 02, 2020 at 11:43:32PM +0100, Mark Kettenis wrote:
> > > From: "Constantine A. Murenin"
> > > Date: Wed, 2 Dec 2020 14:04:52 -0800
> > >
> > > Not sure if you've seen it, but ipmi(4) has been disabled for over 12
> > >
This diff makes the timer code independent from struct peer. This way
it can be used in different places without too much issues.
OK?
--
:wq Claudio
Index: control.c
===
RCS file: /cvs/src/usr.sbin/bgpd/control.c,v
retrieving
On Thu, Dec 03, 2020 at 10:59:29PM +0100, Claudio Jeker wrote:
> The use of roa-set, prefix-set and as-set is fairly common in bgpd.
> Still sometimes it is not exactly clear how old the data in those tables
> is. This diff is a first step at inproving inspection by adding
> bgpc
On Thu, Dec 03, 2020 at 10:05:30PM -0600, Scott Cheloha wrote:
> Hi,
>
> srp_finalize(9) uses tsleep(9) to spin while it waits for the object's
> refcount to reach zero. It blocks for up to 1 tick and then checks
> the refecount again and again.
>
> We can just as easily do this with
On Thu, Dec 03, 2020 at 10:42:50PM -0600, Scott Cheloha wrote:
> Hi,
>
> mbg(4) is among the few remaining drivers using tsleep(9).
>
> In a few spots, when the kernel is not cold, the driver will spin for
> up to 1/10 seconds waiting for the MBG_BUSY flag to go low.
>
> We can approximate this
In bgpd network inet static and network inet connected should skip
networks that use 127.0.0.1 as gateway. (This is to prevent network inet
static picking up reject routes like 224/4).
This does not really make sense for network inet rtlabel "theones".
Using rtlabels the operator is in control and
On Mon, Nov 30, 2020 at 07:19:28PM -0300, Martin Pieuchot wrote:
> On 04/11/20(Wed) 11:19, Martin Pieuchot wrote:
> > Here's a 3rd approach to solve the TOCTOU race in single_thread_set().
> > The issue being that the lock serializing access to `ps_single' is not
> > held when calling
On Mon, Nov 30, 2020 at 07:10:47PM -0300, Martin Pieuchot wrote:
> Every multi-threaded process keeps a list of threads in `ps_threads'.
> This list is iterated in interrupt and process context which makes it
> complicated to protect it with a rwlock.
>
> One of the places where such iteration is
The overflow check for the relative metric adjustments of filtersets
assumes a certain overflow behaviour of signed integers. I think it is
better to write this in a way that does not involve an overflow.
OK?
--
:wq Claudio
Index: rde_filter.c
On Wed, Dec 02, 2020 at 05:27:59PM +1000, Jonathan Matthew wrote:
> On Tue, Dec 01, 2020 at 02:35:18PM -0300, Martin Pieuchot wrote:
> > On 01/12/20(Tue) 15:30, Claudio Jeker wrote:
> > > [...]
> > > Did you run a make build with that smr_barrier() in it and checked t
rpki-client passes both empty strings and NULL strings as zero length
objects. The unmarshal code then allocates memory in any case and so a
NULL string is unmarshalled as empty string. This is not great, currently
there are no empty strings but a fair amount of NULL strings.
This diff changes the
On Tue, Dec 01, 2020 at 09:47:35PM +1000, Jonathan Matthew wrote:
> On Tue, Dec 01, 2020 at 10:31:43AM +0100, Claudio Jeker wrote:
> > On Mon, Nov 30, 2020 at 07:10:47PM -0300, Martin Pieuchot wrote:
> > > Every multi-threaded process keeps a list of threads in `ps_threads
On Wed, Dec 02, 2020 at 06:49:38AM -0700, Todd C. Miller wrote:
> On Wed, 02 Dec 2020 12:19:11 +0100, Claudio Jeker wrote:
>
> > The overflow check for the relative metric adjustments of filtersets
> > assumes a certain overflow behaviour of signed integers. I think it is
&
Be stricter in what we accept as URL. Nobody should use silly encodings
like UTF-8 or other crap in the embedded URLs. I also consider any kind of
space as a failure (use %20 instead if that is really needed).
This makes later handling of URLs a lot safer (e.g. rpki-client prints
part of URLs in
On Tue, Dec 01, 2020 at 10:27:15AM -0300, Martin Pieuchot wrote:
> On 01/12/20(Tue) 10:21, Claudio Jeker wrote:
> > On Mon, Nov 30, 2020 at 07:19:28PM -0300, Martin Pieuchot wrote:
> > > On 04/11/20(Wed) 11:19, Martin Pieuchot wrote:
> > > > Here's a 3rd app
On Tue, Dec 01, 2020 at 10:46:00AM -0300, Martin Pieuchot wrote:
> On 01/12/20(Tue) 21:47, Jonathan Matthew wrote:
> > On Tue, Dec 01, 2020 at 10:31:43AM +0100, Claudio Jeker wrote:
> > > On Mon, Nov 30, 2020 at 07:10:47PM -0300, Martin Pieuchot wrote:
> > > > Ever
getifaddrs can return a struct ifaddrs entry with a NULL ifa_addr.
I think an unnumbered point-to-point interface can trigger this.
So better check for it before accessing anything in ifa_addr.
--
:wq Claudio
Index: config.c
===
On Wed, Dec 16, 2020 at 10:41:42PM +, Job Snijders wrote:
> On Tue, Dec 15, 2020 at 05:02:19PM +0100, Claudio Jeker wrote:
> > On Mon, Dec 14, 2020 at 06:22:09PM +, Job Snijders wrote:
> > > This patch appears to be a very elegant solution to a thorny subtle
> > &g
gt; converge to healthier paths.
>
> IDR discussions here
>
> https://mailarchive.ietf.org/arch/msg/idr/L9nWFBpW0Tci0c9DGfMoqC1j_sA/
>
> OK job@
>
> Kind regards,
>
> Job
>
> On Mon, Dec 14, 2020 at 06:45:47PM +0100, Claudio Jeker wrote:
> > The BGP protocol has a keepa
On Fri, Dec 11, 2020 at 07:07:56PM -0600, Scott Cheloha wrote:
> Hi,
>
> I'd like to remove lbolt from the kernel. I think having it in the
> kernel complicates otherwise simple code.
>
> We can start with sdmmc(4).
>
> The goal in sdmmc_io_function_enable() is calling
In preparation for RTR support this diff changes the internal
representation of roa-set to a simple RB tree based on struct roa.
The big difference is that overlapping roas, e.g.
10/8 source-as 3
10/8 maxlen 24 source-as 3
are now merged in the RDE and so bgpd -nv will show both
On Wed, Dec 02, 2020 at 05:06:28PM +0100, Claudio Jeker wrote:
> rpki-client passes both empty strings and NULL strings as zero length
> objects. The unmarshal code then allocates memory in any case and so a
> NULL string is unmarshalled as empty string. This is not great,
On Thu, Dec 03, 2020 at 02:33:03PM +0100, Claudio Jeker wrote:
> Use asprintf with %.*s to construct the path based on the mft file
> location and the filename of the referenced file.
>
> Since the * field in printf(3) is expecting an int type, typecast the
> ptrdiff_t to an int
On Sat, Dec 12, 2020 at 07:07:20AM -0500, Daniel Moch wrote:
> A recent change to openrsync added the --timeout opt. There's code to
> handle the (default) case of --timeout=0, which sets the poll_timeout
> to -1 (INFTIM). Unfortunately that code doesn't run in the server
> process, meaning all
On Thu, Dec 10, 2020 at 11:26:16AM -0600, Scott Cheloha wrote:
> Hi,
>
> Before converting bpf(4) from using ticks to using real units of time
> we need to serialize BIOCGRTIMEOUT and BIOCSRTIMEOUT. Neither
> operation is atomic so we need to use the per-descriptor mutex when
> reading or
In bgpd statements like
network inet static
or
network rtlabel "exportme"
will skip routes that use 127.0.0.1 as nexthop. This makes sense for
network connected and network static but for rtlabel and even priority
based selection this makes less sense.
Especially using rtlabel to
On Wed, Dec 23, 2020 at 04:13:04PM +0100, Alexander Bluhm wrote:
> On Wed, Dec 16, 2020 at 05:24:50PM +0100, Claudio Jeker wrote:
> > On Wed, Dec 16, 2020 at 03:54:04PM +, Stuart Henderson wrote:
> > > On 2020/12/16 16:43, Salvatore Cuzzilla wrote
On Fri, Dec 18, 2020 at 01:46:49PM +0100, Theo Buehler wrote:
> On Fri, Dec 18, 2020 at 11:43:40AM +0100, Claudio Jeker wrote:
> > On Wed, Dec 02, 2020 at 05:06:28PM +0100, Claudio Jeker wrote:
> > > rpki-client passes both empty strings and NULL strings as zero length
> >
On Fri, Dec 18, 2020 at 05:50:27PM +0100, Theo Buehler wrote:
> On Fri, Dec 18, 2020 at 05:45:01PM +0100, Claudio Jeker wrote:
> > On Fri, Dec 18, 2020 at 01:46:49PM +0100, Theo Buehler wrote:
> > > On Fri, Dec 18, 2020 at 11:43:40AM +0100, Claudio Jeker wrote:
> > > &
On Sun, Dec 20, 2020 at 01:01:58AM +0100, Alexander Bluhm wrote:
> Hi,
>
> In revision 1.87 of ip_icmp.c claudio@ added ignoring reject routes
> to icmp_mtudisc_clone(). Otherwise TCP would clone these routes
> for PMTU discovery. They will not work, even after dynamic routing
> has found a
On Sun, Dec 20, 2020 at 01:39:57PM +0100, Otto Moerbeek wrote:
> Hi,
>
> scope is there, just not shown. While there, use proper constants for
> two sizes.
>
> -Otto
>
>
> Index: ktrstruct.c
> ===
> RCS file:
The BGP protocol has a keepalive packet which resets the hold timer when a
packet is received. The problem is this covers only one side of the
transmission. It seems that some BGP implementations fail to process
messages in some cases but still send out KEEPALIVE packets. So bgpd
thinks everything
On Wed, Dec 16, 2020 at 05:01:18PM +0100, Theo Buehler wrote:
> On Wed, Dec 16, 2020 at 04:42:59PM +0100, Alexander Bluhm wrote:
> > When debugging tests, it is useful to see the target name and which
> > output belongs to it. A lot of my tests have echo lines, but I
> > think this is better done
On Wed, Dec 16, 2020 at 03:54:04PM +, Stuart Henderson wrote:
> On 2020/12/16 16:43, Salvatore Cuzzilla wrote:
> > Hi folks,
> >
> > is there any process associated with this netstat record?
> > btw, what's the meaning of the state field with value '17'?
> >
> > ToTo@obsd ~ $ doas netstat
On Wed, Dec 16, 2020 at 04:50:42PM -0300, Martin Pieuchot wrote:
> On 16/12/20(Wed) 12:50, Scott Cheloha wrote:
> > On Tue, Dec 15, 2020 at 01:47:24PM +0100, Mark Kettenis wrote:
> > > > Date: Tue, 15 Dec 2020 13:32:22 +0100
> > > > From: Claudio Jeker
> >
On Mon, Dec 21, 2020 at 11:34:04PM +0100, Alexander Bluhm wrote:
> Hi,
>
> A while ago we decided to pass EACCES to uerland if pf blocks a
> packet. IPv6 still has the old EHOSTUNREACH code.
>
> Use the same errno for dropped IPv6 packets as in IPv4.
>
> ok?
Seems reasonable. OK claudio@
>
On Thu, Dec 10, 2020 at 10:07:29PM -0600, Scott Cheloha wrote:
> On Thu, Dec 10, 2020 at 10:00:46AM +0100, Claudio Jeker wrote:
> > On Mon, Dec 07, 2020 at 10:54:26PM -0600, Scott Cheloha wrote:
> > > Index: ipmi.c
> > > ==
The io marshall code in rpki-client is a bit strange. It mixes
non-blocking and blocking sematics and some of the code could be more
async. This is the first mini step. Always use the buffer io API and
remove the functions that call io_simple_write() internally.
Next step would be to build a
Hi bgpd and esp. bgpd-spamd users,
Currently the pftable code does not keep track how often a prefix was
added to a pftable. Because of this using the same pftable for multiple
neighbor tables does not work well. If one neighbor withdraws a route the
pftable entry is removed from the table no
On Wed, Oct 21, 2020 at 06:08:05PM +0200, Claudio Jeker wrote:
> Bgpd uses many common symbols and the latest compilers are being picky
> about these common symbols.
> This removes the global bgpd_process variable and cleans up the filter_set
> code to not depend on process knowledge
On Wed, Oct 21, 2020 at 07:16:07PM +0200, Claudio Jeker wrote:
> This refactors the control code a bit and removes the common var from the
> session.h header. The session engine no longer walks the control
> connection list. Additionally cleanup the control.c code around
> control_
Bgpd uses many common symbols and the latest compilers are being picky
about these common symbols.
This removes the global bgpd_process variable and cleans up the filter_set
code to not depend on process knowledge (instead use a new type and don't
overload another one).
--
:wq Claudio
Index:
This refactors the control code a bit and removes the common var from the
session.h header. The session engine no longer walks the control
connection list. Additionally cleanup the control.c code around
control_dispatch_msg(). E.g. don't do double lookups of control sessions
by fd to close them.
Since newer compilers default to -fno-common fix bgpd to not depend on
common symbols. The last few ones can just be converted to static symbols
since these are only used in the RDE or SE main code.
With the previous diffs and this one I can compile bgpd and bgpctl with
-fno-common.
OK?
--
:wq
We have released OpenBGPD 6.8p1, which will be arriving in the
OpenBGPD directory of your local OpenBSD mirror soon.
This is the second stable release for the 6.8 version. It includes
the following change:
* Include OpenBSD 6.8 errata 001:
In bgpd, the roa-set parser could leak memory.
On Thu, Dec 31, 2020 at 11:21:44AM +0100, Theo Buehler wrote:
> msg is allocated by vasprintf, and is leaked on return of server_sendlog.
> vasprintf calculates the length of the string, so we can zap a needless
> call to strlen while there.
>
> Index: server.c
>
While changing log_addr() I noticed that struct bgpd_addr could benefit
from changing the encoding of AID_VPN_IPv4 and AID_VPN_IPv6 addrs.
Instead of having independent route distinguishers and labelstacks use
common fields for those and use the v4 and v6 addresses for the prefix.
This is a bit
On Tue, Jan 05, 2021 at 10:16:04AM +0100, Jan Klemkow wrote:
> On Wed, Dec 23, 2020 at 11:59:13AM +, Stuart Henderson wrote:
> > On 2020/12/17 20:50, Jan Klemkow wrote:
> > > ping
> > >
> > > On Fri, Nov 06, 2020 at 01:10:52AM +0100, Jan Klemkow wrote:
> > > > bluhm and I make some network
The dependon statement in ospfd parse.y introduces some troubles since it
holds an empty rule that then conflicts with optnl.
This diff changes dependon into dependon and dependonopt so that in the
place where it is optional dependonopt can be used and in the places where
it must not be optional
The code in ospf6d is a bit broken when it comes to point-to-point links.
This diff fixes this by a) using the neighbor address instead of the unset
interface destination address and by b) matching the incomming packet
against all possible IPs of that interface.
I tripped on b) because my P2P
Linux and FreeBSD both support the use of struct ip_mreqn in
IP_ADD_MEMBERSHIP and IP_DROP_MEMBERSHIP. This struct adds one more field
to pass an interface index to the kernel (instead of using the IP
address).
struct ip_mreqn {
struct in_addr imr_multiaddr; /* IP multicast address of
rpki-client is currently very strict about the ip ranges and as ranges in
certificates. If a child certificate has a uncovered range in its list it
is considered invalid and is removed from the pool (with it all the ROA
entries as well).
Now rfc8360 relaxes this a bit and mentions that a ROA for
On Fri, Jan 08, 2021 at 09:42:57PM +0100, Sebastian Benoit wrote:
> Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.01.07 19:34:23 +0100:
> > When bgpd generates an UPDATE to update or withdraw prefixes it does this
> > from rde_generate_updates() and then decends into up_
On Thu, Jan 07, 2021 at 04:11:47PM +, Job Snijders wrote:
> On Fri, Jan 08, 2021 at 03:43:18PM +0100, Claudio Jeker wrote:
> > rpki-client is currently very strict about the ip ranges and as ranges in
> > certificates. If a child certificate has a uncovered ra
In iscsid the initiator is kind of a singleton. So lets make use of this
and remove the initiator argument from all function calls.
This compiles for me but I can't currently test this out.
--
:wq Claudio
Index: initiator.c
===
RCS
The aspath_neighbor function returns the first AS of a path. Now if the
first element is an AS_SET then this does not really make sense.
RFC4271 has this bit in section 9.1.2.2
Similarly, neighborAS(n) is a function that returns the
neighbor AS from which the route was received.
Currently bgpd does not properly handle strict med route decisions.
The problem is that the strict MED check only matters for aspaths with the
same neighbor as. The route decision process currently stops as soon as
the current prefix is better then the one checked in the list of prefixes.
Now in
This diff adds 'reject as-set yes' as an option to filter out AS paths
with AS_SET segement elements. In bgpctl they show up with {} elements,
e.g. 174 6762 24835 { 36893 }.
This diff uses the soft-error path from RFC7606 and because of this
prefixes that have such an AS_SET segment will be
This diff adds initial RTR (RPKI to Router) support to bgpd.
Instead of loading the roa-set table via the configuration bgpd will use
RTR to load the RPKI table from one or multiple RTR servers.
This has the benefit that in large setups only a few systems need to run
rpki-client instead of running
On Thu, Jan 14, 2021 at 12:27:54PM +0100, Claudio Jeker wrote:
> Currently bgpd does not properly handle strict med route decisions.
> The problem is that the strict MED check only matters for aspaths with the
> same neighbor as. The route decision process currently stops as soon as
>
On Mon, Jan 18, 2021 at 05:31:21PM +0100, Florian Obser wrote:
> This is my take on -fno-common fixes.
>
> slaacd, unwind and rad are based on the same template so the fixes
> were similar
>
> - remove global $daemon_process, just use a const string for
> setproctitle
> - move ctl_conns to
On Tue, Jan 19, 2021 at 07:49:29PM +0100, Florian Obser wrote:
> When we converted isc_sockaddr_t to sockaddr_storage we also moved to
> inet_net_pton(3). It turns out that was a mistake, at least it's not
> portable for AF_INET6. Effectively revert that part and hand-roll it
> using inet_pton(3).
On Mon, Jan 18, 2021 at 12:13:32PM +, Stuart Henderson wrote:
> can I add IPPROTO_SCTP to in.h? only one port wants it at the
> moment, but I think I've seen others in the past.
OK claudio@
> Index: netinet/in.h
> ===
> RCS
This is my try at cleaning up commons in ospfd.
I made one big combined diff but will probably split up a few things
into own commits. E.g. the lsupdate.c and lsreq.c ones.
I had to cleanup the control.c code a bit since this was a bit of a mess.
While in bgpd I was able to remove the global
On Tue, Jan 19, 2021 at 10:11:14AM +1000, David Gwynne wrote:
> vfs does it for us.
>
> ok?
OK claudio@
> Index: bpf.c
> ===
> RCS file: /cvs/src/sys/net/bpf.c,v
> retrieving revision 1.202
> diff -u -p -r1.202 bpf.c
> --- bpf.c
On Thu, Jan 14, 2021 at 08:22:45PM +0100, Denis Fondras wrote:
> Le Tue, Jan 12, 2021 at 10:06:46AM +0100, Claudio Jeker a écrit :
> > On Tue, Jan 05, 2021 at 11:17:22AM +0100, Claudio Jeker wrote:
> > > While changing log_addr() I noticed that struct bgpd_addr could benefit
&
On Thu, Jan 14, 2021 at 04:28:42PM +0100, Claudio Jeker wrote:
> This diff adds 'reject as-set yes' as an option to filter out AS paths
> with AS_SET segement elements. In bgpctl they show up with {} elements,
> e.g. 174 6762 24835 { 36893 }.
>
> This diff uses the soft-error pa
I forgot to add ip_mreqn support to IP_MULTICAST_IF and so the
IP_ADD_MEMBERSHIP change is not fixing all the issues I have.
Linux supports calling IP_MULTICAST_IF with a struct in_addr, a struct
ip_mreq, or a struct ip_mreqn. FreeBSD only does the first and last.
I followed the Linux way because
On Fri, Jan 15, 2021 at 02:53:17PM +0100, Claudio Jeker wrote:
> I forgot to add ip_mreqn support to IP_MULTICAST_IF and so the
> IP_ADD_MEMBERSHIP change is not fixing all the issues I have.
>
> Linux supports calling IP_MULTICAST_IF with a struct in_addr, a struct
> ip_mr
On Wed, Jan 13, 2021 at 11:24:32AM +0100, Denis Fondras wrote:
> Le Tue, Jan 12, 2021 at 05:39:02PM +0100, Claudio Jeker a écrit :
> > This diff changes two things:
> > - First, it move the kroute update into rde_generate_updates() simplifying
> > prefix_evaluate a little b
This is another cleanup round of the route decision process.
This time focusing on prefix_cmp(). Make sure that when using
return (a - b) that the results always fits in an int type.
Also make sure the check of the remote_addr at the end is done
properly. The result is probably the same but this
This adjusts the roa_cmp() function to result in the same order on big and
little endian systems. This should help with regress tests where the order
matters.
I also change the prefixset_cmp function to use memcmp for both IPv4 and
IPv6 addresses.
OK?
--
:wq Claudio
Index: config.c
In bgpd most prefixes and addresses are stored as struct bgpd_addr. When
it is printed it uses inet_ntop() which is not ideal since it does not
handle IPv6 scoped_id. Instead convert to a struct sockaddr and use
log_sockaddr() which in turn uses getnameinfo.
Ideally the same should be done for
On Mon, Jan 04, 2021 at 12:09:46PM +0100, Theo Buehler wrote:
> Pointed out by llvm scan-build. mrt_config is much larger (> 10x). As
> far as I can tell, this isn't bad. It just overallocates and copies a
> lot of zeroes thanks to the calloc() in parse.y.
>
> Perhaps it would be better to use
On Mon, Jan 04, 2021 at 01:46:43AM +0100, Klemens Nanni wrote:
> On Tue, Dec 29, 2020 at 11:18:26PM +0100, Claudio Jeker wrote:
> > Generally I would prefer to go for direct dispatch and not use netisr.
> > This removes a queue and a scheduling point and should help reduce
On Fri, Jan 01, 2021 at 09:06:34PM +0100, Theo Buehler wrote:
> httpd(8) leaks resources when clients connect via TLS. The reason for
> this is that server_close() closes the socket underlying the TLS
> connection before calling tls_close().
>
> The currently unchecked tls_close() call fails
On Sat, Jan 02, 2021 at 12:07:28AM +0100, Theo Buehler wrote:
> On Fri, Jan 01, 2021 at 11:38:32PM +0100, Claudio Jeker wrote:
> > On Fri, Jan 01, 2021 at 09:06:34PM +0100, Theo Buehler wrote:
> > > httpd(8) leaks resources when clients connect vi
1101 - 1200 of 2249 matches
Mail list logo
