On Mon, Feb 15, 2021 at 08:02:37PM +1000, David Gwynne wrote:
> if you have multiple links to the same destination, this will let you
> use them via route-to/reply-to/dup-to.
>
> ok?
>
> Index: pf.c
> ===
> RCS file:
On Sun, Feb 14, 2021 at 05:41:55PM +, Job Snijders wrote:
> Make the AIA more easily available for debugging purposes & future
> changesets
>
> In the context of the RPKI, the AIA extension identifies the publication
> point of the certificate of the issuer of the certificate in which the
>
On Mon, Feb 15, 2021 at 04:53:17PM +0100, Theo Buehler wrote:
> On Fri, Feb 12, 2021 at 10:01:38AM +0100, Claudio Jeker wrote:
> > On Mon, Feb 08, 2021 at 05:15:40PM +0100, Claudio Jeker wrote:
> > > Split the repository code into two parts:
> > >
> > > - f
On Wed, Feb 10, 2021 at 05:30:02PM +0100, Claudio Jeker wrote:
> On Tue, Jan 26, 2021 at 10:31:40AM +0100, Claudio Jeker wrote:
> > This diff adds initial RTR (RPKI to Router) support to bgpd.
> > Instead of loading the roa-set table via the configuration bgpd will use
> >
On Mon, Feb 15, 2021 at 04:58:50PM +, Job Snijders wrote:
> Hi,
>
> Thank you for the review
>
> On Mon, Feb 15, 2021 at 01:42:57PM +0100, Claudio Jeker wrote:
> > Please do not define variables in the middle of functions.
>
> now fixed
>
> >
On Fri, Feb 19, 2021 at 10:27:06AM +0100, Theo Buehler wrote:
> As discussed a few days ago, there are a few reallocarray + memset that
> can be directly handled by recallocarray.
Fine with me.
> Index: main.c
> ===
> RCS file:
Better to make sure that all URI we ingest are sensitive. Similar check
is already done in cert.c so also do it for the TAL files (even though
these are normally controled by the user).
OK?
--
:wq Claudio
Index: tal.c
===
RCS file:
:32:26 -
@@ -0,0 +1,1223 @@
+/*
+ * Copyright (c) 2020 Nils Fisher
+ * Copyright (c) 2020 Claudio Jeker
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission
On Mon, Feb 08, 2021 at 05:15:40PM +0100, Claudio Jeker wrote:
> Split the repository code into two parts:
>
> - fetch of the trust anchors (the certs referenced by TAL files)
> - fetch of the MFT files of a repository
>
> While the two things kind of look similar there ar
On Fri, Aug 27, 2021 at 03:58:23PM +0900, morimoto wrote:
> hi,
> I found an interesting issue while toying routing.
> route(1) accepts IPv4 destination and IPv6 gateway entry.
> command is as below:
> route add 192.0.2.1 2001:db8::1
>
> Curiously it has no error.
> The entry is pointless, I
RPKI repository can only include a few specific files, everything else is
just ignored and deleted after every fetch. Since openrsync supports
--exclude-file now we can use this to limit what is actually accepted by
the client.
I used a config file in /etc/rpki instead of using multiple
On Tue, Aug 31, 2021 at 02:23:57PM +0200, Claudio Jeker wrote:
> RPKI repository can only include a few specific files, everything else is
> just ignored and deleted after every fetch. Since openrsync supports
> --exclude-file now we can use this to limit what is actually accepted by
>
On Wed, Sep 01, 2021 at 09:38:55AM +, Job Snijders wrote:
> On Tue, Aug 31, 2021 at 09:58:54AM +0200, Claudio Jeker wrote:
> > This diff improves the http code by a) adding an IO timeout and b)
> > implementing http_proxy support.
> >
> > Works for me using tinypro
This diff improves the http code by a) adding an IO timeout and b)
implementing http_proxy support.
Works for me using tinyproxy as proxy server.
--
:wq Claudio
Index: encoding.c
===
RCS file:
On Mon, Aug 09, 2021 at 12:17:47PM +0200, Claudio Jeker wrote:
> This diff adds the bits needed to support add-path in MRT dumps.
> The problem here is that MRT as a stateless protocol has no chance
> to know what kind of encoding (add-path or not) is used for the NLRI in
> m
While Connection: keep-alive should be the default it seems that at least
some of the CA repositories fail to behave like that. Adding back the
Connection header seems to fix this and delta downloads go faster again.
--
:wq Claudio
Index: http.c
Trying to remove work that is done over and over again.
One of those checks are the various OID compares.
Instead of converting the ASN1_OBJECT into a string and comparing the
strings, convert the string into an ASN1_OBJECT once and then compare
these objects with OBJ_cmp().
Any comments about
On Fri, Sep 03, 2021 at 10:12:57AM +0200, Sebastian Benoit wrote:
> Tobias Heider(tobias.hei...@stusta.de) on 2021.09.02 15:39:46 +0200:
> > The diff below makes iked accept a list of protocols for the "proto" config
> > option in iked.conf(5).
> > This would allow us to have a single policy with
On Thu, Sep 09, 2021 at 09:18:04AM -0600, Bob Beck wrote:
>
> ok beck@
>
> On Thu, Sep 09, 2021 at 09:35:51AM +0200, Claudio Jeker wrote:
> > While Connection: keep-alive should be the default it seems that at least
> > some of the CA repositories fail to behav
I'm tired waiting 30min and more for apnic and idnic to finish their delta
syncs with 1000+ deltas to fetch from a server on the other side of the
planet. If a repo is more than 300 deltas behind just grab the snapshot,
it is way faster in the end.
The number 300 was selected to be not too low to
On Mon, Sep 06, 2021 at 12:39:56PM -0700, Greg Steuck wrote:
> In the course of making ASan work on OpenBSD I ran into an accounting
> limitation. struct vmspace declares vm_dsize as segsz_t (aka int32_t).
> This effectively limits it to 2^31 pages (2^43 bytes on amd64). This
> would be enough if
Looking at profiling information and the code made me realize that these
recallocarray calls growing the array by one every time are unnecessary.
The size of the array is known in advance so use that information and
build it up ahead of time.
In the roa case the IP list is double nested and so
On Thu, Sep 16, 2021 at 11:00:31PM +0200, Kristaps Dzonsons wrote:
> Hi,
>
> I'm porting a nonblocking, polling OpenSSL system to libtls. However, I'm
> not sure how this is non-hackily possible without SSL_pending(3) to detect
> if less data is read with tls_read() than is buffered.
>
>
On Wed, Sep 08, 2021 at 05:40:31PM +0200, Theo Buehler wrote:
> On Wed, Sep 08, 2021 at 03:05:41PM +0200, Claudio Jeker wrote:
> > Looking at profiling information and the code made me realize that these
> > recallocarray calls growing the array by one every time are unnecessar
This diff adds support to read MRT files using the new introduced _ADDPATH
types as defined in RFC8050. I also started adding MRT support to bgpd but
that depends on ADD-PATH itself.
There are a few gotchas, especially the MRT_DUMP_V2 RIB_GENERIC_ADDPATH
handling is different from all other RIB
I never really liked the getopt_long definitions in rsync. Too much magic
and chaos.
This moves the table out of main to gain some more space and to make it a
proper read-only object. Because of this struct opts also needs to become
a global but that is OK.
Clean up the required_argument options
On Tue, Jun 29, 2021 at 12:00:24PM +0200, Claudio Jeker wrote:
> This diff moves the rib_entry pointer re into the union to safe some
> space. For add-path I need to add a few more u_int32_t and that would
> blow the size of struct prefix from 128 to 132 bytes. malloc would round
On Thu, Jul 29, 2021 at 09:51:43AM +0200, Martin Pieuchot wrote:
> On 26/07/21(Mon) 09:23, Martin Pieuchot wrote:
> > On 26/07/21(Mon) 08:55, Martin Pieuchot wrote:
> > > On 21/07/21(Wed) 10:18, Martin Pieuchot wrote:
> > > > On 11/07/21(Sun) 14:45, Visa Hankala wrote:
> > > > > On Sat, Jul 10,
On Fri, Aug 06, 2021 at 08:34:18PM +0200, Sebastian Benoit wrote:
> Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.08.04 17:55:45 +0200:
> > On Fri, Jul 30, 2021 at 12:02:12PM +0200, Claudio Jeker wrote:
> > > This diff implements the bit to support the receive sid
This diff adds the bits needed to support add-path in MRT dumps.
The problem here is that MRT as a stateless protocol has no chance
to know what kind of encoding (add-path or not) is used for the NLRI in
message dumps. And for table dumps there is a need to add an extra field
to the dumps to show
On Mon, Aug 09, 2021 at 01:19:08PM +0200, Ingo Schwarze wrote:
> Hi,
>
> as mentioned earlier, deraadt@ reported that sftp(1) ignores Ctrl-C.
> Fixing that without longjmp(3) requires making editline(3) better
> behaved.
>
> Currently, when read(2) from the terminal gets interrupted by a
>
This diff implements the bit to support the receive side of
RFC7911 - Advertisement of Multiple Paths in BGP.
I did some basic tests and it works for me. People running route
collectors should give this a try. The interaction of Add-Path and bgpctl
probably needs some work. Also the MRT dumper
On Wed, Aug 04, 2021 at 10:53:39AM +0200, Claudio Jeker wrote:
> This adds a few more HTTP Status codes to the mix of the accepted ones.
> Mainly 100, 103 and 203 are now also accepted. All other codes in the 1xx
> and 2xx are still considered an error since they are not expected from
On Fri, Jul 30, 2021 at 12:02:12PM +0200, Claudio Jeker wrote:
> This diff implements the bit to support the receive side of
> RFC7911 - Advertisement of Multiple Paths in BGP.
>
> I did some basic tests and it works for me. People running route
> collectors should
This adds a few more HTTP Status codes to the mix of the accepted ones.
Mainly 100, 103 and 203 are now also accepted. All other codes in the 1xx
and 2xx are still considered an error since they are not expected from the
GET request made by the http client. This is a minimal HTTP client and it
We have released OpenBGPD 7.2, which will be arriving in the
OpenBGPD directory of your local OpenBSD mirror soon.
This release includes the following changes to the previous release:
* Support for RFC 9072 - Extended Optional Parameters Lenght for
BGP OPEN Message
* Support for
On Thu, Oct 21, 2021 at 04:30:02PM +0200, Alexander Bluhm wrote:
> Hi,
>
> Goal is to retire the async crypto API. It is slow and adds
> complexity which hinders MP progress in IPsec. It is used by the
> old PCI devices hifn(4), safe(4), and ubsec(4).
>
> These devices are not common anymore.
On Sun, Sep 26, 2021 at 02:36:02PM +0200, Mark Kettenis wrote:
> > Date: Fri, 24 Sep 2021 19:36:21 +0200
> > From: Rafael Sadowski
> >
> > I'm trying to port the more KDE stuff so my question is from porter
> > perspective.
> >
> > I need sigwaitinfo(2)/sigtimedwait(2) and I found both
Run into this while setting up a new DN.
The DN in namespace only matches if it is normalized.
So it may be best to do this by default when adding a namespace.
With this using a capitalized namespace like "o=OpenBSD,c=CA" will
work. Also as a side note the rootdn is already normalized so no need
In bgpd we do not follow the RFC8050 encoding for RIB_GENERIC_ADDPATH.
Mainly because it does not fit the way the code works and also because the
only other BGP implementation that seems to care about RIB_GENERIC_ADDPATH
does it the same way.
Because of this it makes no sense to parse
flist_gen_dirent() does a fts_read and inside that tries to read the
symlink information. Now since fts_open did not specifiy FTS_NOCHDIR
the symlink_read call needs to use ent->fts_accpath instead of f->path
which was based on ent->fts_path.
OK?
--
:wq Claudio
Index: flist.c
On Fri, Oct 22, 2021 at 04:45:09PM +0200, Hrvoje Popovski wrote:
> On 22.10.2021. 16:09, Florian Obser wrote:
> >
> >
> > On 22 October 2021 13:55:20 CEST, Stuart Henderson
> > wrote:
> >> On 2021/10/22 11:25, Jan Klemkow wrote:
> >>> this diff add hardware checksum offloading for the receive
On Sun, Oct 24, 2021 at 06:31:29PM +0100, Martijn van Duren wrote:
> This diff should be superfluous with the next diff, but I don't think
> this should be left as is anyway.
>
> It's not a big problem, since it's a static buffer and it gets
> initialized by previous calls, so it's always
On Sun, Oct 24, 2021 at 06:39:42PM +0100, Martijn van Duren wrote:
> libagentx currently allows OIDs with a length of 0.
> This isn't wrong from an agentx protocol point of view, but ber encoding
> can't handle OIDs with less then 2 elements, which makes it unable to
> map the values back to SNMP.
--- /dev/null 1 Jan 1970 00:00:00 -
+++ usr.sbin/rpki-client/print.c24 Oct 2021 17:30:47 -
@@ -0,0 +1,169 @@
+/* $OpenBSD$ */
+/*
+ * Copyright (c) 2021 Claudio Jeker
+ * Copyright (c) 2019 Kristaps Dzonsons
+ *
+ * Permission to use, copy, modify, and distribute this software
In LDAP there is two ways to remove an attribute.
One can remove an attribute by just naming the attribute but it is also
possible to remove a specific attribute: value combo.
In ldapd the latter is broken if the last attribute is removed because
the result of ldap_del_values() is an invalid
On Wed, Dec 22, 2021 at 10:14:40AM -0500, Dave Voutila wrote:
>
> Claudio Jeker writes:
>
> > I added support for vmctl -cL -B net -b bsd.rd -d disk.img to run the
> > autoinstall by emulating a PXE boot. In the commit
> > https://gi
I added support for vmctl -cL -B net -b bsd.rd -d disk.img to run the
autoinstall by emulating a PXE boot. In the commit
https://github.com/openbsd/src/commit/a13de4d12a4c9ba0edc05aab2ad635f782449229
the feature got removed over eagerly.
This diff adds this back because I find this super
On Sat, Dec 04, 2021 at 07:01:23PM +0100, Alexandr Nedvedicky wrote:
> Hello,
>
>
> On Fri, Dec 03, 2021 at 03:42:09PM +0100, Claudio Jeker wrote:
> >
> > See comments below.
> >
> >
> > > +void
> > > +pfi_group_delmember(const char *gro
On Sat, Dec 25, 2021 at 11:36:50AM +0100, Theo Buehler wrote:
> These extensions MUST be marked critical by the sections of the spec
> mentioned in the cryptowarnx(). That's determined by the ASN1_BOOLEAN
> that is extracted and ignored after the FIXME a few lines below each of
> the two hunks.
On Tue, Jan 04, 2022 at 04:57:23PM +0100, Theo Buehler wrote:
> On Tue, Jan 04, 2022 at 04:15:56PM +0100, Claudio Jeker wrote:
> > This is another diff on the way to having a validated repo.
> > Pass the filename of the entity which was parsed back to the parent.
> >
This changes the last proc_parser function over to not pass the entity to
the function. In this case apart from file we also need to pass the public
key of the TA and the tal identifier.
Change is mechanical and makes all callers work the same way.
--
:wq Claudio
Index: parser.c
The limiter for repository count under a TA only makes sense for
repositories referenced from certs but less so for the actual TA. So
remove the logic from ta_lookup() and friends and make the code simpler.
There is no risk in doing so since there is only one TA and one
ta_lookup() done per TAL
In the roa parser the handling of maxlen is overly complex.
Just set maxlen to addr.prefixlen before parsing the maxlength option.
If present it will override maxlen with the new value and with that the
ternary confusion at the end can be removed.
--
:wq Claudio
Index: roa.c
For some reasons various ids were stored as size_t (probably because once
they used to be the index in an array). This is just silly and annoyed me
for long enough. I think this fixes all of them.
While there also stop using size_t for maxlength of a prefix. Everywhere
else the code uses just a
Create a common repo_done() function which does the entiyq_flush and in
the case of RRDP the fallback to rsync. This simplifies the code and will
help to add the repo info to the parser process.
One difference between this and the original version is the case when a
RRDP repository merge fails.
On Thu, Dec 23, 2021 at 07:50:24AM +, Raf Czlonka wrote:
> On Wed, Dec 22, 2021 at 08:32:16AM GMT, Claudio Jeker wrote:
> > On Tue, Dec 21, 2021 at 03:49:47PM -0500, jwinnie@tilde.institute wrote:
> > >
> > > Hello OpenBSD developers,
> > >
> > &g
On Mon, Dec 27, 2021 at 12:23:32PM +0100, Theo Buehler wrote:
> On Sat, Dec 25, 2021 at 05:48:53PM +0100, Claudio Jeker wrote:
> [...]
> > I would love to get rid of X509_V_FLAG_IGNORE_CRITICAL and use a callback
> > to ensure the right extensions are critical but I never managed
This re-shuffles struct entity a bit and removes the unneeded has_data
indicator. Both data and datasz are not null when data is present and null
when there is no data. With this in mind the code becomes simpler.
--
:wq Claudio
Index: extern.h
On Wed, Dec 29, 2021 at 01:06:30AM +0100, Theo Buehler wrote:
> On Tue, Dec 28, 2021 at 05:08:46PM +0100, Claudio Jeker wrote:
> > On Mon, Dec 27, 2021 at 12:23:32PM +0100, Theo Buehler wrote:
> > > On Sat, Dec 25, 2021 at 05:48:53PM +0100, Claudio Jeker wrote:
> > >
On Wed, Dec 22, 2021 at 12:34:34PM -0500, Dave Voutila wrote:
>
> Claudio Jeker writes:
>
> > On Wed, Dec 22, 2021 at 10:14:40AM -0500, Dave Voutila wrote:
> >>
> >> Claudio Jeker writes:
> >>
> >> > I added support for vmctl -cL -B n
This are obvious and easy to fix unused but set variables.
There are more in vioscsi.c but those are actually used if compiled with
DEBUG set.
--
:wq Claudio
Index: loadfile_elf.c
===
RCS file:
On Tue, Dec 21, 2021 at 03:49:47PM -0500, jwinnie@tilde.institute wrote:
>
> Hello OpenBSD developers,
>
> I am interested in contributing to improve the uhidpp(4)
> (Logitech Unifying Reciever) support in OpenBSD.
>
> Currently, the uhidpp(4) driver only handles detecting certain
> sensors,
On Tue, Dec 21, 2021 at 06:24:44PM +, Job Snijders wrote:
> On Tue, Dec 21, 2021 at 07:00:03PM +0100, Claudio Jeker wrote:
> > For some reasons various ids were stored as size_t (probably because once
> > they used to be the index in an array). This is just silly and annoyed
On Wed, Nov 10, 2021 at 07:35:26AM +0100, Bjorn Ketelaars wrote:
> On Mon 08/11/2021 11:52, Bjorn Ketelaars wrote:
> > Diff below does two things:
> > 1. add PPP IPCP extensions for name server addresses (rfc1877) to
> >sppp(4)
> > 2. propose negotiated name servers from sppp(4) to resolvd(8)
On Wed, Nov 10, 2021 at 08:22:52AM +0100, Sebastien Marie wrote:
> On Wed, Nov 10, 2021 at 07:35:26AM +0100, Bjorn Ketelaars wrote:
> > On Mon 08/11/2021 11:52, Bjorn Ketelaars wrote:
> > > Diff below does two things:
> > > 1. add PPP IPCP extensions for name server addresses (rfc1877) to
> > >
On Thu, Nov 11, 2021 at 02:13:26PM -0600, Scott Cheloha wrote:
> On Thu, Nov 11, 2021 at 08:53:20PM +0100, Mark Kettenis wrote:
> > > Date: Thu, 11 Nov 2021 13:30:04 -0600
> > > From: Scott Cheloha
> > >
> > > My understanding of sigsuspend(2) is that it only returns if a signal
> > > is
This is something I missed to do easy btrace check like:
syscall:exit:entry,
syscall:fork:entry,
syscall:sigaction:entry,
syscall:execve:entry,
syscall:open:entry { @[probe] = count(); }
This will produce something like this as output:
@[syscall:open:entry]: 844
@[syscall:sigaction:entry]: 480
This documents count(). This function only works when used like this
@map[key] = count();
But it is implemented and works. If used differently you get a syntax
error which is not helpful. This is why I chose to document it like this.
Another option would be to document the language (so it
free(hash);
+ }
}
Index: rrdp_util.c
=======
RCS file: rrdp_util.c
diff -N rrdp_util.c
--- /dev/null 1 Jan 1970 00:00:00 -
+++ rrdp_util.c 24 Nov 2021 12:50:03 -
@@ -0,0 +1,120 @@
+/* $OpenBSD$ */
+/*
+ * Copyright (c) 2020 N
On Thu, Nov 25, 2021 at 02:56:02PM +0100, Alexandr Nedvedicky wrote:
> Hello,
>
> thank you for taking a look at my diff.
>
>
>
> > > }
> > >
> > > - if (kif->pfik_ifp != NULL || kif->pfik_group != NULL || kif == pfi_all)
> > > + if (kif->pfik_ifp != NULL || kif->pfik_group != NULL ||kif
00
@@ -0,0 +1,338 @@
+/* $OpenBSD: rrdp.c,v 1.17 2021/10/29 09:27:36 claudio Exp $ */
+/*
+ * Copyright (c) 2020 Nils Fisher
+ * Copyright (c) 2021 Claudio Jeker
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, prov
On Fri, Nov 19, 2021 at 12:59:38AM +0100, Alexandr Nedvedicky wrote:
> Hello,
>
> it has turned out things are bit more complicated when it comes to interface
> groups. diff below makes following scenario work for me.
>
> we start with etc/pf.conf as follows:
>
> # cat /etc/pf.conf
>
On Thu, Nov 25, 2021 at 12:54:49PM +, Job Snijders wrote:
> Replace MAX_REPO_TIMEOUT with repo_timeout, which is set to 1/4th of
> timeout, or if timeout is disabled set it to 24 hours.
>
> OK?
OK claudio@
> Index: extern.h
>
On Mon, Nov 22, 2021 at 12:18:37AM +0100, Theo Buehler wrote:
> bio->num_write aka BIO_number_written(bio). Straightforward. The main
> reason I'm asking is that keeping the two else results in overlong lines
> and awkward line wrapping. So I decided to drop them hoping that's
> acceptable.
On Mon, Nov 15, 2021 at 12:23:02PM +, Klemens Nanni wrote:
> On Mon, Nov 15, 2021 at 12:00:18PM +1000, David Gwynne wrote:
> > On Sat, Nov 13, 2021 at 11:59:59PM +, Klemens Nanni wrote:
> > > Practically all interfaces pull itself up when IPs get assigned, but
> > > vport(4) does not.
> >
On Thu, Nov 18, 2021 at 08:50:37AM +, Stuart Henderson wrote:
> On 2021/11/18 09:15, Claudio Jeker wrote:
> > On Thu, Nov 18, 2021 at 08:10:26AM +, Stuart Henderson wrote:
> > > On 2021/11/15 17:23, Alexander Bluhm wrote:
> > > >
On Thu, Nov 18, 2021 at 08:10:26AM +, Stuart Henderson wrote:
> On 2021/11/15 17:23, Alexander Bluhm wrote:
> > + DUMP(ids, "%p");
> > + DUMP(ids_swapped, "%d");
> > + DUMP(mtu, "%d");
> > + DUMP(mtutimeout, "%lld");
> > + pr("%18s: %08x\n",
On Thu, Nov 25, 2021 at 08:18:10PM +0100, Sebastian Benoit wrote:
> Job Snijders(j...@openbsd.org) on 2021.11.25 16:13:51 +:
> > It might be advantageous to permit operators to optionally specify the
> > maximum number of publication points with which rpki-client will
> > synchronize.
> >
> >
This is part 3 of the BIO removal. Switch tal_parse to pass a file buffer
like all other callers. The parent process can now just use load_file()
and pass that buffer to the parser. From there on the magic just happens.
--
:wq Claudio
Index: encoding.c
I want to be able to pass a buffer to the various parser functions instead
of a filename. This is in preparation for supporting rpki-client -f somefile
This diff switches CMS and CRL to their regular d2i versions. The cert
files will follow in the next diff.
--
:wq Claudio
Index: cms.c
This diff should implement --max-size and --min-size almost equivalent to
GNU rsync. I decided to use scan_scaled() instead of building something
new that handles all the extra bits GNU rsync has.
The remote rsync process gets the sizes in bytes so scaling is just a
local issue.
Manpage probably
As in $SUBJECT said, sync the output at the end of a rpki-client run with
outputheader() -- the function used to dump this info into the openbgpd
output file.
OK?
--
:wq Claudio
Index: main.c
===
RCS file:
On Thu, Oct 28, 2021 at 08:27:40PM +0200, Theo Buehler wrote:
> On Thu, Oct 28, 2021 at 08:21:12PM +0200, Claudio Jeker wrote:
> > As in $SUBJECT said, sync the output at the end of a rpki-client run with
> > outputheader() -- the function used to dump this info into the openbgpd
This switches the cert parser to use d2i_X509 instead of the BIO versions.
--
:wq Claudio
Index: cert.c
===
RCS file: /cvs/src/usr.sbin/rpki-client/cert.c,v
retrieving revision 1.40
diff -u -p -r1.40 cert.c
--- cert.c 23 Oct
On Sat, Oct 23, 2021 at 05:47:58PM +0200, Mark Kettenis wrote:
> > Date: Sat, 23 Oct 2021 17:29:36 +0200
> > From: Claudio Jeker
> >
> > The sys___thrsigdivert code can be simplified a bit. It is possible to
> > set the error before the loop and then ha
On Mon, Nov 08, 2021 at 11:52:52AM +0100, Bjorn Ketelaars wrote:
> Diff below does two things:
> 1. add PPP IPCP extensions for name server addresses (rfc1877) to
>sppp(4)
> 2. propose negotiated name servers from sppp(4) to resolvd(8) using
>RTM_PROPOSAL_STATIC route messages.
>
> With
ip_addr_print() can be simplified. ip4_addr2str() and ip6_addr2str() are
the same apart from the different AF argument to inet_ntop(). Just collaps
all into ip_addr_print().
--
:wq Claudio
Index: ip.c
===
RCS file:
kn@ removed '~' from unsafe_chars but also changed the code at the same
time. This tries to bring the version in rpki-client back in sync with the
code in ftp(1).
--
:wq Claudio
Index: http.c
===
RCS file:
On Tue, Nov 09, 2021 at 07:44:41PM +0100, Claudio Jeker wrote:
> ip_addr_print() can be simplified. ip4_addr2str() and ip6_addr2str() are
> the same apart from the different AF argument to inet_ntop(). Just collaps
> all into ip_addr_print().
This version is using a switch statement
On Thu, Nov 04, 2021 at 11:27:46AM -0600, Theo de Raadt wrote:
> Claudio Jeker wrote:
>
> > This diff replaces the errx() call in the poll fd check with warnings plus
> > an exit of the main event loop. It also prints an error in case not all
> > files have been proces
There is this bit in parser.c
X509_free(x509); // needed? XXX
As tb@ properly noted this X509_free() is needed because the cert_parse()
returns an up referenced x509 pointer back.
I moved the X509_free() so the error cases become simpler and we no longer
leak a reference on success. At
On Wed, Nov 03, 2021 at 12:58:17PM +0100, Claudio Jeker wrote:
> In one place this is already done but this makes sure we show the bad
> attribute in all cases where a non conforming attribute is found.
Found another bunch of those non conforming attribute errors. Adjust them
as wel
Noticed the other day. The ip addr arrays and as number array are
marshalled element by element which is not very efficent.
All the data is in one big blob of memory so just use the basic io
operations for a memory blob and ship the full array at once.
This seems to reduce runtime by 5-10% (in my
This diff replaces the errx() call in the poll fd check with warnings plus
an exit of the main event loop. It also prints an error in case not all
files have been processed.
An example after kill -9 of the rsync process is:
rpki-client: https://rrdp.lacnic.net/rrdp/notification.xml: loaded from
Noticed by accident. The chunked encoding only works for chunks smaller
than 32k (the HTTP internal read buffer). For chunks bigger than 32k the
state machine jumps too early (after the first write of 32k) into the
STATE_RESPONSE_CHUNKED_TRAILER state and so everything gets confused.
Fix is
Don't become a fork bomb. Limit the number of processes by stopping to
poll for new jobs once the limit is reached. I set the limit to 16 which
is larger then the biggest concurrency I have seen during fetches.
OK?
--
:wq Claudio
Index: extern.h
In one place this is already done but this makes sure we show the bad
attribute in all cases where a non conforming attribute is found.
OK?
--
:wq Claudio
Index: rrdp_delta.c
===
RCS file:
On Wed, Nov 03, 2021 at 06:48:51PM +0100, Theo Buehler wrote:
> On Wed, Nov 03, 2021 at 06:34:05PM +0100, Claudio Jeker wrote:
> > Fix CRLF handling by properly setting nl to the right NUL byte.
> > In the CRLF case both \r\n are replaced by \0 and so the code
> > needs to
This diff changes how the certs and roa track the tal that covers them.
Instead of passing strings around use ids and a simple lookup table
for the description. This will make it possible to add tal ids to more
things.
Usual test run works and the output for openbgpd and json look sane.
--
:wq
1401 - 1500 of 2249 matches
Mail list logo
