On Mon, Jan 24, 2022 at 04:33:10PM +0100, Claudio Jeker wrote:
> This diff does a few things regarding MFT file and hash sequences:
>
> - it validates the filename early on so that if considered valid it can
> be printed by printf(%s) without problems.
> - it assigns the file type (based on the
tps://datatracker.ietf.org/doc/html/draft-spaghetti-sidrops-rpki-validation-update
https://datatracker.ietf.org/meeting/110/materials/slides-110-sidrops-job-snijders-validation-update-00
Kind regards,
Job
>
> Index: x509/x509_addr.c
> ===
On Sat, Jan 22, 2022 at 11:16:14AM +0100, Theo Buehler wrote:
> +The error indicates that this is not the case or that the leaf tries
> +to inherit resources that the trust anchor itself inherits.
I unable to understand the second part of the sentence: a leaf
inheriting resources that the trust an
OK job@
Thanks Claudio,
A question about stats below
On Fri, Jan 14, 2022 at 10:29:20AM +0100, Claudio Jeker wrote:
> @@ -1246,8 +1249,8 @@ main(int argc, char *argv[])
> logx("Certificate revocation lists: %zu", stats.crls);
> logx("Ghostbuster records: %zu", stats.gbrs);
> logx("Repos
On Mon, Jan 10, 2022 at 03:30:23PM +0100, Claudio Jeker wrote:
> + if (RB_INSERT(repo_tree, &repos, rp) != NULL)
> + errx(1, "repository already added to repo tree %d, %s", id,
> path);
> + warnx("repository added to repo tree %d, %s", id, path);
The above warnx() probably nee
On Tue, Dec 21, 2021 at 07:00:03PM +0100, Claudio Jeker wrote:
> For some reasons various ids were stored as size_t (probably because once
> they used to be the index in an array). This is just silly and annoyed me
> for long enough. I think this fixes all of them.
>
> While there also stop using
It might be advantageous to permit operators to optionally specify the
maximum number of publication points with which rpki-client will
synchronize.
For example: "doas rpki-client -m 1 -t /etc/rpki/ripe.tal" has as effect
that only RIPE NCC's repository is contacted, but none of the delegated
repo
Replace MAX_REPO_TIMEOUT with repo_timeout, which is set to 1/4th of
timeout, or if timeout is disabled set it to 24 hours.
OK?
Index: extern.h
===
RCS file: /cvs/src/usr.sbin/rpki-client/extern.h,v
retrieving revision 1.97
diff -u -
On Wed, Nov 24, 2021 at 03:09:02PM +0100, Claudio Jeker wrote:
> For a RRDP regress test I would like to move some functions to better
> places. hex_decode() belongs into encoding.c and the publish XML code
> is now in rrdp_util.c.
OK job@
On Mon, Nov 22, 2021 at 07:46:23PM +0100, Matthias Schmidt wrote:
> a typo snuck in
Thanks
IANA made a permanent registration in the SMI Security for S/MIME CMS
Content Type registry at
https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#security-smime-1
for signed objects conforming to draft-ietf-sidrops-aspa-profile
OK?
Kind regards,
Job
Index: obj_mac.num
==
On Tue, Nov 09, 2021 at 12:12:42PM +0100, Theo Buehler wrote:
> I'm ok with that. Maybe we should bump even higher, say 8M? Isn't the
> main point to have a limit at all? I don't think it needs to be very
> tight.
I think it is best to bump the limits to accommodate real world
observations. 8 MB o
Hi all,
Ties de Kock reported that the RIPE NCC Production CA's manifest is
likely to double in size during RFC 6489 key rollover events. Both old
and new entries will be listed. KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
currently is 1.1 MB.
OK?
Kind regards,
Job
Index: extern.h
On Fri, Nov 05, 2021 at 09:18:15AM +0100, Claudio Jeker wrote:
> Noticed the other day. The ip addr arrays and as number array are
> marshalled element by element which is not very efficent.
> All the data is in one big blob of memory so just use the basic io
> operations for a memory blob and ship
OK job@
On Tue, Oct 26, 2021 at 05:43:32PM +0200, Claudio Jeker wrote:
> This is part 3 of the BIO removal. Switch tal_parse to pass a file buffer
> like all other callers. The parent process can now just use load_file()
> and pass that buffer to the parser. From there on the magic just happens.
>
On Tue, Sep 14, 2021 at 12:22:41PM +0200, Claudio Jeker wrote:
> I'm tired waiting 30min and more for apnic and idnic to finish their delta
> syncs with 1000+ deltas to fetch from a server on the other side of the
> planet. If a repo is more than 300 deltas behind just grab the snapshot,
> it is wa
On Thu, Sep 02, 2021 at 07:23:26AM +0100, Jason McIntyre wrote:
> > .Ar time
> > -can be integer or decimal numbers.
> > +are positive integer or real (decimal) numbers, with an optional
>
> can you have a negative timeout?
Negative values are not permitted
$ timeout -- -1 /bin/ls
timeout: inva
Hi,
FreeBSD/NetBSD/DragonFly and GNU 'coreutils' have a utility called
timeout(1) which allows you to kill a process after X time.
Importing timeout would remove the only reason I have coreutils
installed :-)
I retrieved timeout.{c,1} from
http://cvsweb.netbsd.org/bsdweb.cgi/src/usr.bin/timeout
On Wed, Sep 01, 2021 at 11:14:15AM +0200, Claudio Jeker wrote:
> On Tue, Aug 31, 2021 at 02:23:57PM +0200, Claudio Jeker wrote:
> > RPKI repository can only include a few specific files, everything else is
> > just ignored and deleted after every fetch. Since openrsync supports
> > --exclude-file
On Tue, Aug 31, 2021 at 09:58:54AM +0200, Claudio Jeker wrote:
> This diff improves the http code by a) adding an IO timeout and b)
> implementing http_proxy support.
>
> Works for me using tinyproxy as proxy server.
OK?
Index: http.c
=
Hi,
I don't think this should be user configurable.
If folks remove entries like "+ *.crl" it breaks things.
If folks add entries like "+ *.mp3" it wastes network bandwidth. :-)
Let's use "--include" and "--exclude" instead.
kind regards,
Job
On Tue, Aug 31, 2021 at 02:23:57PM +0200, Claudio
Hi all,
Based on suggestions from Julian Reschke.
* "Connection: keep-alive" isn't needed, as the HTTP 1.1 default is to
use persistent connections (RFC 7230, section 6.3).
* "Host" is recommended to be in the front.
* "Accept-Encoding: identity" makes it clear to the server compression
enc
On Sat, Jul 10, 2021 at 09:05:15AM -0600, Theo de Raadt wrote:
> Job Snijders wrote:
> > A use case could be running rpki-client more frequently than once an
> > hour:
Perhaps I choose a poor example, because of $work *I* run rpki-client
very often, but do not recommend others
Hi all,
The below patch adds a new kind of time specifier: an interval (in
minutes). When used, cron(8) will schedule the next instance of a job
after the previous job has completed and a full interval has passed.
A crontab(5) configured as following:
$ crontab -l
@3 sleep 100
Will res
Disabled by default is a good start.
OK job@
On Thu, Jun 17, 2021 at 03:29:38PM +0200, Claudio Jeker wrote:
> On Thu, Jun 17, 2021 at 01:25:07PM +0000, Job Snijders wrote:
> > On Thu, Jun 17, 2021 at 12:24:16PM +0200, Claudio Jeker wrote:
> > > On Mon, Jun 14, 2021 at 05:10:07PM +0200, Claudio Jeker wrote:
> > > &
On Thu, Jun 17, 2021 at 12:24:16PM +0200, Claudio Jeker wrote:
> On Mon, Jun 14, 2021 at 05:10:07PM +0200, Claudio Jeker wrote:
> > On Thu, May 27, 2021 at 06:24:06PM +0200, Claudio Jeker wrote:
> > > Implement RFC 7313 enhanced route refresh.
> > >
> > > While there also change when graceful rest
I'd like to modify our JSON format, many people in the community have
voiced complaints that transforming the string to an integer is
annoying.
This won't break existing deployments coupled with GoRTR.
OK?
Index: output-json.c
===
R
On Mon, May 03, 2021 at 10:40:53AM -0600, Theo de Raadt wrote:
> This needs a cast from time_t to long long, otherwise the code won't compile
> or operate correctly on laggard legacy 32-bit time_t systems.
thanks, fixed!
OK?
Index: usr.sbin/rpki-client/extern.h
==
On Mon, May 03, 2021 at 08:37:52AM -0600, Theo de Raadt wrote:
> Job Snijders wrote:
>
> > AS38971,178.57.71.0/24,24,ripe,2021-05-04T05:39:30Z
>
> This time format is human readable, but these files are largely part
> of the machinery. And now they need expens
Hi all,
The below changeset adds a column containing the soonest expiration
moment to rpki-client(8)'s CSV and JSON output. This can be useful to CA
operators to monitor progression/stalling of the signer pipeline, but
also to relying parties who wish to avoid routing based on stale RPKI
data.
A
On Tue, Apr 20, 2021 at 10:27:51AM +0200, Claudio Jeker wrote:
> On Fri, Apr 16, 2021 at 12:21:56PM +0200, Claudio Jeker wrote:
> > This diff changes the http module to support keep-alive.
> > It splits requests (for a resource) from connections (to a server).
> > When a request is received the cod
Hi all,
The below patch exposes two metrics via JSON. This will remove the need
for some rpki-client affiniadios to screen scrape rpki-client's STDOUT.
OK?
Kind regards,
Job
Index: output-json.c
===
RCS file: /cvs/src/usr.sbin/rpk
On Tue, Mar 02, 2021 at 05:04:12PM +0100, Theo Buehler wrote:
> > I think this is now ready to go in.
>
> Go for it!
>
> ok tb
OK job@
Hi,
Thank you for the review
On Mon, Feb 15, 2021 at 01:42:57PM +0100, Claudio Jeker wrote:
> Please do not define variables in the middle of functions.
now fixed
> > + AUTHORITY_INFO_ACCESS_free(info);
> > +
> > + return aia;
> > +}
>
> I really don't like the way x509_get_aia() is diffe
Make the AIA more easily available for debugging purposes & future
changesets
In the context of the RPKI, the AIA extension identifies the publication
point of the certificate of the issuer of the certificate in which the
extension appears. A single reference to the publication point of the
immedi
On Fri, Jan 08, 2021 at 03:43:18PM +0100, Claudio Jeker wrote:
> rpki-client is currently very strict about the ip ranges and as ranges in
> certificates. If a child certificate has a uncovered range in its list it
> is considered invalid and is removed from the pool (with it all the ROA
> entries
On Tue, Dec 15, 2020 at 05:02:19PM +0100, Claudio Jeker wrote:
> On Mon, Dec 14, 2020 at 06:22:09PM +0000, Job Snijders wrote:
> > This patch appears to be a very elegant solution to a thorny subtle
> > problem: what to do when a peer is not accepting new routing
> > informati
Hi all,
This patch appears to be a very elegant solution to a thorny subtle
problem: what to do when a peer is not accepting new routing information
from you?
I've seen in the wild that some crashed BGP implementations continue to
be able to generate KEEPALIVE messages, and are able to TCP ACK
ke
On Mon, Dec 07, 2020 at 10:03:57PM +0100, Claudio Jeker wrote:
> So ghostbuster records (rfc6493) are showing up in RPKI datasets and
> instead of silently ignoring them rpki-client should first of all validate
> the file hash in the manifest and later on also validate the CMS data.
>
> This first
Remove rpki-client's -f command line option
I haven't come across a use case that requires tricking the software
into accepting out-of-date manifests. Anyone using -f? I think this is a
leftover from the initial debugging era.
OK?
Index: extern.h
=
Now that cron(8) was put on a quick steroids programme, we have new
options available! Awesome work Todd, Theo.
On Mon, Apr 13, 2020 at 02:43:27PM +, Job Snijders wrote:
> I'm reviewing some of the timers associated with the workings of the
> end-to-end propagation from ROA to V
On Mon, Apr 13, 2020 at 02:43:27PM +, Job Snijders wrote:
> I'm reviewing some of the timers associated with the workings of the
> end-to-end propagation from ROA to VRP. I think suggesting to run
> rpki-client only once a day can make for needless brittleness.
>
> Runn
Hi,
I'm reviewing some of the timers associated with the workings of the
end-to-end propagation from ROA to VRP. I think suggesting to run
rpki-client only once a day can make for needless brittleness.
Running rpki-client just once a day also results in only making a rsync
fetch attempt once a da
On Fri, Mar 06, 2020 at 07:11:56PM +0100, Robert Scheck wrote:
> On Fri, 06 Mar 2020, Sebastian Benoit wrote:
> > Note that I haven't tried this with bird 1 or 2 yet ;)
> > comments, oks?
>
> I did not try it yet, but I think BIRD 1 also needs something like "define
> force_roa_table_update = %lld
I have a small suggestion, in some deployments I saw the convention to
name it as following so it is clear the data came from user provided
data rather than internal bird structures
I tested Benno's patch against BIRD 1.6.6 - wfm.
Index: main.c
===
On Fri, Mar 06, 2020 at 12:24:18PM +0100, Sebastian Benoit wrote:
> Robert Scheck(rob...@fedoraproject.org) on 2020.03.03 01:20:24 +0100:
> > job@ suggested to move this from GitHub to tech@ list (as upstream):
> >
> > 1. Currently, BIRD 1.x support in rpki-client seems to be broken: As per
> >
We are still at the early stages of RPKI deployment, so if we make it easier to
plug things into BIRD1 is beneficial given the wide deployment scale.
Only /very/ recently was rpki-client packaged for some of the Linux distros, so
if we add support for all formats now - it’ll improve the applicab
I think we still need to support BIRD 1 for the foreseeable future, NIC.CZ
hasn’t communicated plans to deprecate BIRD1 and still supports it; and BIRD1
still is widely deployed.
I’m somewhat preferential to just generate all 3 BIRD flavors if -B is given as
command line option.
Kind regards,
On Wed, Mar 4, 2020, at 00:55, Robert Scheck wrote:
> > The idea is you can specify many outputs. That will make the commandline
> > very long, especially for the way we run it in cron.
>
> Oh! I'm sorry, I didn't see the idea of specifying many outputs.
Yeah, its nice to do things in one batch
On Tue, Jan 28, 2020 at 03:03:47PM +0100, Gerhard Roth wrote:
> this patch adds IPv6 support to umb(4).
OK job@
Tested with 'telnet -6 towel.blinkenlights.nl' on Fibocom L831-EAU on
IIJ MIO's network (Japan), with 'inet6 autoconf' in /etc/hostname.umb0 :-)
job@vurt ~$ doas ifconfig umb0
umb0: fl
On Sat, Jan 25, 2020 at 11:36:53PM +1100, Damien Miller wrote:
> This adds a #define for the "lower effort" DSCP code point specified
> by https://tools.ietf.org/html/rfc8622
>
> People have asked to be able to use this OpenSSH for "don't care"
> traffic.
>
> ok?
OK job@
On Wed, Jan 22, 2020 at 05:02:32AM +0100, Claudio Jeker wrote:
> This diff implements 'max-prefix NUM out' which is a simple way to
> avoid leaking full tables to upstream or peers. If the limit is
> triggered the session will be closed with a NOTIFICATION (kind of
> suicide for the good of the Int
Dear all,
Scratching a small itch: telnet(1) nicely prints what IP addresses it is
attempting to connect to, I'd like 'nc -v' to do the same, see below:
$ nc -v localhost 23
nc: connect to localhost (127.0.0.1) port 23 (tcp) failed: Connection refused
nc: connect to localhost (::1) port 23 (tcp)
On Tue, Oct 08, 2019 at 09:57:42PM -0600, Theo de Raadt wrote:
> Sometime in the last week OpenBSD crossed 400,000 commits (*) upon all
> our repositories since starting at 1995/10/18 08:37:01
> Canada/Mountain. That's a lot of commits by a lot of amazing people.
Great achievement! Time to pop a
On Thu, Aug 08, 2019 at 11:48:08AM +0200, Claudio Jeker wrote:
> With the introduction of re-exec of the childs the config parsing happened
> after bgpd demonized. This is super annoying and therefor this diff
> changes that. It will make bgpd fail on startup if there is an issue with
> the config
On Wed, Jul 10, 2019 at 10:08:38PM +0200, Claudio Jeker wrote:
> This diff is a bit of a monster. It changes the Adj-RIB-Out to be a
> peer specific set of RB trees instead of using a rib in the original
> sense. The reason for this is that the more peers a system has the
> more elements end up bei
Hi,
On Mon, Jun 24, 2019 at 12:41:08PM +0200, Claudio Jeker wrote:
> I think it is time to remove the bgpctl irrfilter code. It is not
> useful and it is better to use tools like bgpq3 to build as-sets and
> prefix-sets for bgpd filtering.
Agreed. I'd love to have a replacement in base some day,
On Tue, May 28, 2019 at 05:17:08PM +0200, Claudio Jeker wrote:
> On Tue, May 28, 2019 at 01:28:32PM +0200, Job Snijders wrote:
> > On Mon, May 13, 2019 at 09:03:41PM +0200, Claudio Jeker wrote:
> > > When using a rule forcing the nexthop to a specific address bgpd
> > &
Hi,
On Mon, May 13, 2019 at 09:03:41PM +0200, Claudio Jeker wrote:
> When using a rule forcing the nexthop to a specific address bgpd
> currently does not mark that nexthop as no-modify. In other words
> the default rules for nexthop propagation applies. This means that
> for ebgp it only sends ou
On Mon, May 13, 2019 at 21:11 Claudio Jeker
wrote:
> When using a rule forcing the nexthop to a specific address bgpd
> currently does not mark that nexthop as no-modify. In other words
> the default rules for nexthop propagation applies. This means that
> for ebgp it only sends out the set nexth
On Thu, May 23, 2019 at 19:50 Denis wrote:
>
> SCTP(4) present in FreeBSD 12.0
>
> OpenBSD implementation planned?
Nothing planned as far as I know.
Out of curiosity - what is your use case? Do you really use it? It doesn’t
seem to be a widely used protocol.
Kind regards,
Job
On Fri, May 17, 2019 at 2:13 PM Stuart Henderson wrote:
> On 2019/05/16 23:37, Rachel Roch wrote:
> > > RFC3513 says this:
> > >
> > > o An anycast address must not be used as the source address of
> > > an IPv6 packet.
> > >
> > > o An anycast address must not be assigned to an IPv6 host, that
OK job@
On Sat, May 11, 2019 at 14:37 Claudio Jeker
wrote:
> bgpd already got support for extended shutdown communication messages.
> This adds the same support to tcpdump.
>
> OK?
> --
> :wq Claudio
>
> Index: print-bgp.c
> ===
> R
Dear all,
I've consulted with numerous user interface experts, their consistent
advice was to facilitate internalization by provoking simpler, stronger
emotions through the text based interface.
bgpctl(8) will now provide simplified 'SAD' or 'HAPPY' ascii ideograms
to help network operators quick
On Mon, Dec 03, 2018 at 12:14:13PM +0100, Claudio Jeker wrote:
> There is a trivial optimization that bgpd can do when loading the filter
> ruleset. If the rule is the same as the previous rule than the filterset
> can be merged. e.g.
>
> match from ebgp set community delete $myAS:*
> mat
On Tue, Nov 27, 2018 at 06:23:53PM +0100, Claudio Jeker wrote:
> On Tue, Nov 27, 2018 at 04:21:53PM +0100, Job Snijders wrote:
> > On Fri, Nov 23, 2018 at 03:55:18PM +0100, Claudio Jeker wrote:
> > > For origin validation I chacked the source_as in struct rde_aspath
> >
Hi Claudio,
On Fri, Nov 23, 2018 at 03:55:18PM +0100, Claudio Jeker wrote:
> For origin validation I chacked the source_as in struct rde_aspath
> this is not really the right place. It should be in struct aspath
> since that holds all the ASPATH related stuff. Change this, move
> aspath_match out
On Thu, Nov 22, 2018 at 05:56:20PM +0100, Claudio Jeker wrote:
> On Tue, Nov 13, 2018 at 06:53:55PM +0100, Claudio Jeker wrote:
> > This is a large diff that changes the way communities are stored in
> > filters and filter_sets. Both standard communities and large communities
> > now share the same
Shouldnt we already bomb out at the following?
cannot bind to 0.0.0.0:179: Address already in use
cannot bind to [::]:179: Address already in use
In any regard, I agree with the functionality proposed. No strong opinion
on the diff itself.
Kind regards,
Job
On Sun, Nov 11, 2018 at 22:35 Remi L
OK job@
Dear all,
This small patch exposes the origin validation state in 'bgpctl show
rib' and 'bgpctl show rib detail'. This will help debugging, and draw
attention to routing problems.
I know we're weary of spending horizontal space, but I think spending 3
chars to show the OV state (and as such make
On Tue, Sep 25, 2018 at 12:23:48PM +0200, Claudio Jeker wrote:
> On Sat, Sep 22, 2018 at 09:48:24PM +0000, Job Snijders wrote:
> > Seems we are getting very close. Some suggestions to simplify the
> > experience for the end user.
> >
> > Let's start with supportin
Hi claudio,
Seems we are getting very close. Some suggestions to simplify the
experience for the end user.
Let's start with supporting just one (unnamed) roa-set, so far I've
really not come across a use case where multiple ROA tables are useful.
I say this having implemented origin validation on
On Fri, Sep 21, 2018 at 05:29:24PM +0200, Claudio Jeker wrote:
> I currently use the RIPE RPKI validator to grab a JSON file (e.g.
> http://localcert.ripe.net:8088/export.json) and feed that to this perl
> script to convert it into bgpd syntax:
For now I recommend using https://rpki.gin.ntt.net/ap
Dear Claudio,
On Fri, Sep 14, 2018 at 04:59:51PM +0200, Claudio Jeker wrote:
> This diff extends the existing trie code for prefix-set to also work with
> roa-set. Unlike prefix-set there is no need for a prefixlen mask during
> lookup, instead the source-as needs to be checked and also if the
> p
On Thu, Aug 09, 2018 at 03:10:11PM +0200, Claudio Jeker wrote:
> Per rfc6472 AS_SET should no longer be used but some AS still do.
> Until now source-as would take the rightmost AS number of an AS_PATH
> no matter if it was an AS_SEQUENCE or an AS_SET. Thit is not correct.
Indeed, good find!
> Al
Dear all,
Following some back and forth on how disklabel output should be
formatted, I proposed to Kenneth to extend the column(1) utility. All that
was missing is the ability to right justify. I've longed for this
feature for a while: I often use 'column -t' to prettify data coming
from an awk pi
On Thu, Jun 21, 2018 at 08:59:45PM +0200, Claudio Jeker wrote:
> This is the first step of some larger reshuffling of how the RDE is
> working. One of the things needed is proper reference counting for
> nexthops since I want to kill nexthop_link and nexthop_unlink in the
> long run.
>
> Even thou
Hi,
Globally anycasted 6to4 has outlived its usefulness.
Operational discussion: http://seclists.org/nanog/2018/Jun/268
Kind regards,
Job
diff --git etc/examples/bgpd.conf etc/examples/bgpd.conf
index a5fa7234a3c..77f610b9a06 100644
--- etc/examples/bgpd.conf
+++ etc/examples/bgpd.conf
@@ -118,
OK job@
On Sun, 17 Jun 2018 at 17:00, Florian Obser wrote:
> I like it, I think the heuristic is good enough.
>
> OK florian@ or I take OKs to commit it myself ;)
>
> On Sun, May 20, 2018 at 07:48:34PM +0100, Mikolaj Kucharski wrote:
> > Hi,
> >
> > This is very naive patch for whois(1) which ma
d.c usr.sbin/cron/do_command.c
index 6a4022fcc9a..4fbca61d170 100644
--- usr.sbin/cron/do_command.c
+++ usr.sbin/cron/do_command.c
@@ -3,6 +3,7 @@
/* Copyright 1988,1990,1993,1994 by Paul Vixie
* Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC")
* Copyright (c) 1997,2000 by I
stems Consortium, Inc. ("ISC")
* Copyright (c) 1997,2000 by Internet Software Consortium, Inc.
+ * Copyright (c) 2018 Job Snijders
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the abo
On Thu, Jun 07, 2018 at 12:14:07PM +0200, Claudio Jeker wrote:
> > It would be helpful during upgrades if it's possible to write some
> > configurations that work the same on both the old and new versions.
> > That way the configuration can be changed to a version which will
> > still work before y
On Wed, Jun 06, 2018 at 11:04:56PM +0200, Claudio Jeker wrote:
> The following diff does a few things.
> a) it removes the `announce (all|none|self|default-route)` version
> b) `announce none` is now `export none`
> c) `announce default-route` is now `export default-route`
> d) the examples file is
On Wed, May 30, 2018 at 03:18:45PM +0200, Claudio Jeker wrote:
> This adds a protection to handle aspaths overly large attributes in
> bgpd. The main idea is to protect other bgp routes downstream for
> hitting the limit with is often not well catched.
I am not sure this is sound logic. The BGP UP
https://en.wikipedia.org/wiki/If_and_only_if
As a non-native speaker, it took some years before I realized the use of
“iff” is not a typo.
Kind regards,
Job
When things arrive out of sequence, that usually is of special interest to
network operator people. Not sure the sequence field can easily be
overloaded to increase “validity”.
I’m not great at math, with a 16 bit random value, wouldn’t we start
running into ID collisions around 256 concurrent pi
Hi,
I'm optimistic about this patch: where previously running traffic
through this router over gif
tunnels would result in memory exhaustion, the problem now seems gone.
memory graph: http://instituut.net/~job/screenshots/ee7f0fa5304032a2.png
Should perhaps an errata / syspatch blob be prepared f
On Sun, Apr 01, 2018 at 11:29:55AM +0100, Stuart Henderson wrote:
> On 2018/03/31 16:10, Job Snijders wrote:
> > TL;DR: I propose to update the defaults to use DSCP "AF21" (Low
> > Latency Data) for interactive session traffic, and CS1 ("Lower
> > Effort")
Dear all,
There may be opportunity for improvement of ssh(1) and sshd(8)'s default
QoS markers for better integration in environments that can offer either
layer-2 or layer-3 prioritisation profiles. Currently ssh(1) and sshd(8)
set obsoleted values 'lowdelay' for interactive sessions and
'through
Claudio,
How best to test this change proposal? Should this maybe be tested on
one of the yycix route servers?
I'll let it run on my home router, if that doesn't cause issues in a
week or so; we can consider rs2.yycix.ca
Kind regards,
Job
On Fri, Mar 02, 2018 at 04:55:23PM +0100, Claudio Jeker
On Fri, Feb 02, 2018 at 02:38:54PM +0100, Pierre Emeriaud wrote:
> While playing with bgplg I noticed that 'show ip bgp detail as' error
> message is wrong: expects an AS number but asks for a prefix.
Thanks! Committed.
Kind regards,
Job
On Thu, Jan 18, 2018 at 12:22:21PM +, Stuart Henderson wrote:
> A flag (fsck_flags) would be a better idea than a file, and more
> flexible (users with many disks and low RAM could use the same
> mechanism to force "-l 1" for example).
fsck_flags would be an idea. I prefer not to bring local c
Hi,
On Sat, Jan 6, 2018 at 9:53 AM, Christoph R. Murauer wrote:
> Here is a diff for the missing -rOPENBSD_6_2 branch to update the
> -stable CVS trees as described in https://www.openbsd.org/anoncvs.html
> at Updating an existing tree.
I don't think this is needed in this context of the documen
Hi all,
I often observed on my Thinkpad x270 that after an upgrade via bsd.rd,
the first reboot resulted in keystrokes being garbage (and at second
reboot everything was fine again).
The below patch seems to be an improvement.
Kind regards,
Job
On Tue, Jan 02, 2018 at 09:36:49AM -0600, joshua
On Sat, Dec 16, 2017 at 09:45:02AM +0100, Paul de Weerd wrote:
> On Fri, Dec 15, 2017 at 12:24:45PM +0100, Paul de Weerd wrote:
> | I've updated the diff to add this example as per jmc's suggestion. It
> | now has:
> |
> | - add the `-c command` feature
> | - updates usage
> | - remov
On Thu, Dec 14, 2017 at 09:23:29AM +0100, Paul de Weerd wrote:
> Another use I personally find very convenient is this:
>
> [weerd@pom] $ script -c "vmctl start test -c"
>
> Hope others see value here too :)
That is a great use case.
Kind regards,
Job
On Sat, Dec 09, 2017 at 06:44:44PM +0100, Theo Buehler wrote:
> Theo asked me to make sure that all our shells print a prompt
> including the hostname by default.
Thank you. This is a significant improvement.
I keep finding myself updating /etc/profile everywhere to ensure I don't
lose my bearing
101 - 200 of 246 matches
Mail list logo