Re: pf: drop tcp packet when syn AND fin flags are set

2022-03-14 Thread Remi Locherer
On Mon, Mar 14, 2022 at 01:27:14AM +0100, Alexander Bluhm wrote:
> On Sun, Mar 13, 2022 at 11:24:33PM +0100, Remi Locherer wrote:
> > Hi,
> > 
> > When pf processes a TCP packet with SYN and FIN flags set, it removes
> > the FIN flag and continuous processing it. I propose we change that and
> > let pf drop such a packet. I don't see any legit use for combining these
> > two flags in the same packet.
> > 
> > Henning added this comment 7 years ago:
> > XXX why clear instead of drop?
> > 
> > Damjan Dimitrov approached me with this. He got a request that his firewall
> > should drop TCP packets with SYN and FIN flags set. But with pf this can
> > currently not be done because the FIN flag is cleared before rule 
> > processing.
> > 
> > I tested the behaviour with scapy:
> > send(IP(dst="172.24.217.34")/TCP(dport=23,flags="SF"))
> > 
> > Opinions? OKs?
> 
> RFC 1644 TCP Extensions for Transactions (T/TCP) allows it
> RFC 6247 declares T/TCP historic due to security issues
> RFC 7413 TCP Fast Open (TFO) might reintroduce it
> 
> The intension of the clear FIN in pf might be to convert T/TCP into
> regular TCP.  But then the data should also be scrubbed.  Our stack
> ignores SYN+data and SYN+FIN.  I think it puts such a connection
> attempt into the syn-cache.  Of course without data and FIN to avoid
> DoS.

This is how OpenBSD responds with pf disabled:
192.168.201.21.20 > 192.168.201.29.22: SF 0:0(0) win 8192
192.168.201.29.22 > 192.168.201.21.20: S 2641340782:2641340782(0) ack 1 win 
16384  (DF)

So pf behaves kind of similar to that.

But even with T/TCP or TFO, I don't a legit use of a TCP packet with
SYN and FIN set together.

If we want to handle TFO then pf should probably inspect the TFO
option header and coocky.

> What about SYN+ACK+data+FIN ?  When we ack this, the 3-way handhake
> is complete.  I don't see why we should not allow it.  Could you
> disable pf and see if our TCP stack can handle this?

With pf disabled:
192.168.201.21.20 > 192.168.201.29.22: SF [tcp sum ok] 0:1000(1000) ack 0 win 
8192 (ttl 64, id 1, len 1040)
192.168.201.29.22 > 192.168.201.21.20: R [tcp sum ok] 0:0(0) win 0 (DF) (ttl 
64, id 55619, len 40)

The same but without initial ACK and FIN:
192.168.201.21.20 > 192.168.201.29.22: S [tcp sum ok] 0:1000(1000) win 8192 
(ttl 64, id 1, len 1040)
192.168.201.29.22 > 192.168.201.21.20: S [tcp sum ok] 689392523:689392523(0) 
ack 1 win 16384  (DF) (ttl 64, id 10777, len 44)

> 
> Maybe it should be
> 
>   /* No transactional TCP */
>   if ((flags & (TH_ACK|TH_FIN)) == TH_FIN)
>   goto tcp_drop;
> 

Did T/TCP specify the combination of SYN and FIN flags?

With TFO a client can send a cookie and data together with the SYN.
But a FIN flag? I did not find a hint for that in the RFC.

> Or should we strip data and FIN from both SYN packets to disable
> TFO?

In the TCP stack or pf? An OpenBSD router with activated pf might be used to
protect hosts with support for TFO. So pf should probably not strip data and
the TFO cookie from SYN packets. But this does not imply that the TCP stack
has to support TFO IMHO.

> > Index: pf_norm.c
> > ===
> > RCS file: /cvs/src/sys/net/pf_norm.c,v
> > retrieving revision 1.223
> > diff -u -p -r1.223 pf_norm.c
> > --- pf_norm.c   10 Mar 2021 10:21:48 -  1.223
> > +++ pf_norm.c   13 Mar 2022 15:39:42 -
> > @@ -1117,8 +1117,9 @@ pf_normalize_tcp(struct pf_pdesc *pd)
> > if (flags & TH_RST)
> > goto tcp_drop;
> >  
> > -   if (flags & TH_FIN) /* XXX why clear instead of drop? */
> > -   flags &= ~TH_FIN;
> > +   /* Illegal packet */
> > +   if (flags & TH_FIN)
> > +   goto tcp_drop;
> > } else {
> > /* Illegal packet */
> > if (!(flags & (TH_ACK|TH_RST)))
> > 
> 



pf: drop tcp packet when syn AND fin flags are set

2022-03-13 Thread Remi Locherer
Hi,

When pf processes a TCP packet with SYN and FIN flags set, it removes
the FIN flag and continuous processing it. I propose we change that and
let pf drop such a packet. I don't see any legit use for combining these
two flags in the same packet.

Henning added this comment 7 years ago:
XXX why clear instead of drop?

Damjan Dimitrov approached me with this. He got a request that his firewall
should drop TCP packets with SYN and FIN flags set. But with pf this can
currently not be done because the FIN flag is cleared before rule processing.

I tested the behaviour with scapy:
send(IP(dst="172.24.217.34")/TCP(dport=23,flags="SF"))

Opinions? OKs?

Remi


Index: pf_norm.c
===
RCS file: /cvs/src/sys/net/pf_norm.c,v
retrieving revision 1.223
diff -u -p -r1.223 pf_norm.c
--- pf_norm.c   10 Mar 2021 10:21:48 -  1.223
+++ pf_norm.c   13 Mar 2022 15:39:42 -
@@ -1117,8 +1117,9 @@ pf_normalize_tcp(struct pf_pdesc *pd)
if (flags & TH_RST)
goto tcp_drop;
 
-   if (flags & TH_FIN) /* XXX why clear instead of drop? */
-   flags &= ~TH_FIN;
+   /* Illegal packet */
+   if (flags & TH_FIN)
+   goto tcp_drop;
} else {
/* Illegal packet */
if (!(flags & (TH_ACK|TH_RST)))




Re: ospfd/ospf6d, interfaces in log messages

2021-11-03 Thread Remi Locherer
On Tue, Nov 02, 2021 at 05:27:11PM +, Stuart Henderson wrote:
> I've recently started seeing a number of flaps with ospfd/ospf6d
> with invalid seq nums / "seq num mismatch, bad flags" logged.
> Not quite sure what's going yet as they must be occurring on
> various local switched segments on one nic and also on ethernet
> wan circuits direct to router on a separate pcie nic, anyway
> it's made it clear that very few of the log messages relating
> to neighbours identify which interface is involved.
> 
> I don't know if it makes sense to commit or not, but there's a
> diff below adding the interface wherever the neighbour ID is logged
> if anyone's interested (same changes to both ospfd and ospf6d).
> 
> 
> Nov  2 11:29:30  ospfd[78532]: recv_db_description: neighbor ID xx.2: 
> invalid seq num, mine 20d22487 his 20d22485
> Nov  2 11:29:30  ospf6d[89545]: recv_db_description: neighbor ID 
> xx.2: invalid seq num, mine 4cabc5c1 his 4cabc5c0
> Nov  2 11:29:34  ospf6d[89545]: recv_db_description: neighbor ID 
> xx.1: invalid seq num, mine 98360a5 his 98360a4
> Nov  2 11:29:34  ospfd[78532]: recv_db_description: neighbor ID xx.1: 
> invalid seq num, mine f708c646 his f708c645
> Nov  2 11:29:38  ospfd[78532]: recv_db_description: neighbor ID 
> xx.11: invalid seq num, mine e4068bcc his e4068bcb
> Nov  2 11:30:06  ospf6d[89545]: recv_db_description: neighbor ID 
> xx.3: seq num mismatch, bad flags
> Nov  2 11:30:14  ospf6d[89545]: recv_db_description: neighbor ID 
> xx.1: invalid seq num, mine 98360ae his 98360ad
> Nov  2 11:30:14  ospfd[78532]: recv_db_description: neighbor ID xx.1: 
> invalid seq num, mine f708c64f his f708c64e
> Nov  2 11:30:22  ospfd[78532]: recv_db_description: neighbor ID xx.2: 
> invalid seq num, mine 20d22493 his 20d22490
> Nov  2 11:30:22  ospfd[78532]: recv_db_description: neighbor ID xx.2: 
> invalid seq num, mine 20d22493 his 20d22492
> Nov  2 11:30:39  ospfd[78532]: recv_db_description: neighbor ID xx.2: 
> invalid seq num, mine 20d2249c his 20d2249b
> Nov  2 11:30:59  ospf6d[89545]: recv_db_description: neighbor ID 
> xx.11: seq num mismatch, bad flags
> Nov  2 11:30:59  ospfd[78532]: recv_db_description: neighbor ID 
> xx.11: seq num mismatch, bad flags
> Nov  2 11:31:09  ospfd[78532]: recv_db_description: neighbor ID xx.1: 
> invalid seq num, mine f708c65c his f708c65b
> 

I think this addition makes sense. Over which link a neighbor is connected
can only be looked up via ospfctl. It's valuable having this info in the
logs when analysing past events.

Diff reads fine, applies and compiles.

OK remi

> 
> Index: ospf6d/database.c
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/database.c,v
> retrieving revision 1.20
> diff -u -p -r1.20 database.c
> --- ospf6d/database.c 15 Jul 2020 14:47:41 -  1.20
> +++ ospf6d/database.c 2 Nov 2021 17:11:38 -
> @@ -60,9 +60,9 @@ send_db_description(struct nbr *nbr)
>   case NBR_STA_INIT:
>   case NBR_STA_2_WAY:
>   case NBR_STA_SNAP:
> - log_debug("send_db_description: neighbor ID %s: "
> + log_debug("send_db_description: neighbor ID %s (%s): "
>   "cannot send packet in state %s", inet_ntoa(nbr->id),
> - nbr_state_name(nbr->state));
> + nbr->iface->name, nbr_state_name(nbr->state));
>   goto fail;
>   case NBR_STA_XSTRT:
>   bits |= OSPF_DBD_MS | OSPF_DBD_M | OSPF_DBD_I;
> @@ -160,8 +160,8 @@ recv_db_description(struct nbr *nbr, cha
>   int  dupe = 0;
>  
>   if (len < sizeof(dd_hdr)) {
> - log_warnx("recv_db_description: neighbor ID %s: "
> - "bad packet size", inet_ntoa(nbr->id));
> + log_warnx("recv_db_description: neighbor ID %s (%s): "
> + "bad packet size", inet_ntoa(nbr->id), nbr->iface->name);
>   return;
>   }
>   memcpy(&dd_hdr, buf, sizeof(dd_hdr));
> @@ -170,9 +170,10 @@ recv_db_description(struct nbr *nbr, cha
>  
>   /* db description packet sanity checks */
>   if (ntohs(dd_hdr.iface_mtu) > nbr->iface->mtu) {
> - log_warnx("recv_db_description: neighbor ID %s: "
> + log_warnx("recv_db_description: neighbor ID %s (%s): "
>   "invalid MTU %d expected %d", inet_ntoa(nbr->id),
> - ntohs(dd_hdr.iface_mtu), nbr->iface->mtu);
> + nbr->iface->name, ntohs(dd_hdr.iface_mtu),
> + nbr->iface->mtu);
>   return;
>   }
>  
> @@ -180,8 +181,9 @@ recv_db_description(struct nbr *nbr, cha
>   nbr->last_rx_bits == dd_hdr.bits &&
>   ntohl(dd_hdr.dd_seq_num) == nbr->dd_seq_num - nbr->dd_master ?
>   1 : 0) {
> - log_debug("recv_db_description: dupe from neighbor ID %s",
> - inet_ntoa(nbr->id));
> 

Re: wg(4) ipv6 ospf6d

2021-08-26 Thread Remi Locherer
On Wed, Aug 25, 2021 at 10:29:36PM +0100, Stuart Henderson wrote:
> On 2021/08/25 13:33, Daniel Jakots wrote:
> > On Wed, 25 Aug 2021 18:02:11 +0100, Stuart Henderson
> >  wrote:
> > 
> > > If I manually configure a link-local the interface is successfully
> > > added.
> > > 
> > > Anyone have an idea what the behaviour should be here? For passive
> > > would it make sense to accept an interface without link-local?
> > 
> > I discussed about that with remi@ a few months ago when I considered
> > using ospf6d, as I had the same cryptic error than you give. I was told:
> > 
> > > ospf6d can not work without a link-local address on the interface.
> > > RFC 5340 mandates the use of link-local addresses in section 2.5.
> > 
> > And here's a link to the mentioned section:
> > https://datatracker.ietf.org/doc/html/rfc5340#section-2.5
> > 
> > Cheers,
> > Daniel
> 
> Thanks, but in itself that doesn't give a reason to have this
> restriction on a "passive" interface, in that case it's only
> redistributing the network on the interface, not sending OSPF packets on
> the interface itself.
> 

I think with a passive interface OSPFv3 could work without link-local
address.

Allowing that in ospf6d would need a little bit of code shuffling.
The config parser checks the existence of a link-local address on
an interface before it looks at the interface block where the passive
option would be. Maybe there are more places that would need to be changed.

Remi



fix ospf6d.conf example

2021-03-26 Thread Remi Locherer
Hi,

danj@ noticed that our ospf6d.conf example is using multiple areas.
In the man page of ospf6d we state that multi area support is not
available. The daemon accepts such a config but does not do the right
thing if I remember correctly.

OK to change the example to use just one area?

Remi

Index: ospf6d.conf
===
RCS file: /cvs/src/etc/examples/ospf6d.conf,v
retrieving revision 1.1
diff -u -p -r1.1 ospf6d.conf
--- ospf6d.conf 11 Jul 2014 16:36:35 -  1.1
+++ ospf6d.conf 26 Mar 2021 08:30:49 -
@@ -20,14 +20,9 @@
 area 0.0.0.5 {
interface em0 {
router-dead-time 20
+   router-priority 5
}
 
interface em1 {
-   }
-}
-
-area 0.0.0.7 {
-   interface em2 {
-   router-priority 5
}
 }



Re: ping graphical display

2021-02-20 Thread Remi Locherer
On February 19, 2021 8:56:31 PM UTC, Stuart Henderson  
wrote:
>Canvassing opinions on having . and ! this way around. I'm using . for
>response, ! for no response, which makes more sense to me but it's been
>pointed out that it's the opposite of what cisco does so it might
>confuse
>some people.

Also Junos uses "!" for sucessfull pings and "." for no response.
https://kb.juniper.net/InfoCenter/index?page=content&id=KB25251

And if I remember it corectly then Brocade did it the same way as Cisco.

The "-g" flag is used differently in various ping implementations. From man 
pages:
* FreeBSD: - g is sweepmi size.
* NetBSD: -g is used to specify a gateway for loose source routing.
* Illumos: same as NetBSD
* Linux: no -g


I like the feature and think -g is fine. I would prefer if our ping would use 
"!" in the same way as Cisco. That is probably als consistent with -f where a 
"." also stands for a echo request.

Remi



Re: fix: ospf6d(8): wrong intra area announcement

2020-10-04 Thread Remi Locherer
On Fri, Oct 02, 2020 at 02:01:09AM +0200, Jan Klemkow wrote:
> Hi,
> 
> The new intra area db entry has to be saved into the tree before
> orig_intra_area_prefix_lsas() is called.  If not, the ospf6d will not
> announce the new intra area db for a newly learned link from another
> ospf router of the broadcast domain.
> 
> This bug is triggered, if you add new addresses an ospf interface while
> the ospf6d is already running as a backup designated router.  The
> opposite designated ospf6d will get your new link announcement and
> return an old intra area db without the new address.
> 
> Beside of the fix, the diff removes redundant code.  I made the same
> diff for the ospfd to keep code in sync and remove redundant code there,
> too.  ospfd does not have the bug explained above, as far as I know.
> 
> Both regression tests passes with this diff.
> 
> OK?

The ospfd part looks good to me.
Please also add the tab that denis@ add on top of your ospf6d diff.

OK remi@

> 
> Bye,
> Jan
> 
> Index: ospf6d/rde_lsdb.c
> ===
> RCS file: /cvs//src/usr.sbin/ospf6d/rde_lsdb.c,v
> retrieving revision 1.45
> diff -u -p -r1.45 rde_lsdb.c
> --- ospf6d/rde_lsdb.c 21 Aug 2020 10:17:35 -  1.45
> +++ ospf6d/rde_lsdb.c 1 Oct 2020 23:09:38 -
> @@ -467,6 +467,7 @@ lsa_add(struct rde_nbr *nbr, struct lsa 
>   struct lsa_tree *tree;
>   struct vertex   *new, *old;
>   struct timeval   tv, now, res;
> + int update = 1;
>  
>   if (LSA_IS_SCOPE_AS(ntohs(lsa->hdr.type)))
>   tree = &asext_tree;
> @@ -495,16 +496,13 @@ lsa_add(struct rde_nbr *nbr, struct lsa 
>   fatal("lsa_add");
>   return (1);
>   }
> - if (!lsa_equal(new->lsa, old->lsa)) {
> - if (ntohs(lsa->hdr.type) == LSA_TYPE_LINK)
> - orig_intra_area_prefix_lsas(nbr->area);
> - if (ntohs(lsa->hdr.type) != LSA_TYPE_EXTERNAL)
> - nbr->area->dirty = 1;
> - start_spf_timer();
> - }
> + if (lsa_equal(new->lsa, old->lsa))
> + update = 0;
>   vertex_free(old);
>   RB_INSERT(lsa_tree, tree, new);
> - } else {
> + }
> +
> + if (update) {
>   if (ntohs(lsa->hdr.type) == LSA_TYPE_LINK)
>   orig_intra_area_prefix_lsas(nbr->area);
>   if (ntohs(lsa->hdr.type) != LSA_TYPE_EXTERNAL)
> Index: ospfd/rde_lsdb.c
> ===
> RCS file: /cvs//src/usr.sbin/ospfd/rde_lsdb.c,v
> retrieving revision 1.50
> diff -u -p -r1.50 rde_lsdb.c
> --- ospfd/rde_lsdb.c  22 Nov 2015 13:09:10 -  1.50
> +++ ospfd/rde_lsdb.c  1 Oct 2020 23:06:57 -
> @@ -383,6 +383,7 @@ lsa_add(struct rde_nbr *nbr, struct lsa 
>   struct lsa_tree *tree;
>   struct vertex   *new, *old;
>   struct timeval   tv, now, res;
> + int update = 1;
>  
>   if (lsa->hdr.type == LSA_TYPE_EXTERNAL ||
>   lsa->hdr.type == LSA_TYPE_AS_OPAQ)
> @@ -410,15 +411,13 @@ lsa_add(struct rde_nbr *nbr, struct lsa 
>   fatal("lsa_add");
>   return (1);
>   }
> - if (!lsa_equal(new->lsa, old->lsa)) {
> - if (lsa->hdr.type != LSA_TYPE_EXTERNAL &&
> - lsa->hdr.type != LSA_TYPE_AS_OPAQ)
> - nbr->area->dirty = 1;
> - start_spf_timer();
> - }
> + if (lsa_equal(new->lsa, old->lsa))
> + update = 0;
>   vertex_free(old);
>   RB_INSERT(lsa_tree, tree, new);
> - } else {
> + }
> +
> + if (update) {
>   if (lsa->hdr.type != LSA_TYPE_EXTERNAL &&
>   lsa->hdr.type != LSA_TYPE_AS_OPAQ)
>   nbr->area->dirty = 1;
> 



Re: rdomain.4: on removing rtables

2020-09-22 Thread Remi Locherer
On Tue, Sep 22, 2020 at 10:03:29PM +0200, Klemens Nanni wrote:
> We have never been able to remove an rtable;  until claudio moved them
> explicitly with rtable_l2set() in  if_loop.c:loop_clone_destroy(), i.e.
> 
>   revision 1.90
>   date: 2020/01/08 09:09:10;  author: claudio;  state: Exp;  lines: +6 -2;
>   In loop_clone_destroy() reset the rdomain with rtable_l2set() after
>   the if_detach() call. In if_detach() various route messages are 
> generated
>   and during that time the rtable_l2() mapping needs to stay.
>   OK kn@
> 
> it would still exist but not be assigned to any valid rdomain. Back then this
> could be obvserved with `route -T1 ...' still "working" after having
> destroyed lo1.
> 
> Reverting claudio's commit on -CURRENT, that is with `netstat -R' now
> available, confirms this:
> 
>   # sysctl kern.version
>   kern.version=OpenBSD 6.8-beta (GENERIC) #0: Tue Sep 22 21:24:48 CEST 
> 2020
>   kn@eru:/sys/arch/amd64/compile/GENERIC
>   # ifconfig lo1 rdomain 1
>   # netstat -R
>   Rdomain 0
> Interfaces: lo0 vio0
> Routing table: 0
> 
>   Rdomain 1
> Interface: lo1
> Routing table: 1
> 
>   # ifconfig lo1 destroy
>   # netstat -R
>   Rdomain 0
> Interfaces: lo0 vio0
> Routing table: 0
> 
>   # route -T1 show
>   Routing tables
>   # echo $?
>   0
> 
> 
> This is not documented anywhere and I'd certainly not expect it after
> reading rtable(4).  The manual says we can delete rdomains and is quiet
> about deleting rtables, which can imply that rtables cannot be deleted
> but might also imply that rtables are deleted automatically when
> rdomains are deleted.
> 
> Either way, explicit is better here, I think.
> 
> Feedback? OK?

The comment at the beginning of src/sys/net/rtable.c is the only
place I'm aware of that documents that routing tables can not be
deleted.

I think it makes sense to document this in rtable(4).

ok remi@

> 
> 
> Index: rdomain.4
> ===
> RCS file: /cvs/src/share/man/man4/rdomain.4,v
> retrieving revision 1.14
> diff -u -p -r1.14 rdomain.4
> --- rdomain.4 30 Jul 2020 21:44:34 -  1.14
> +++ rdomain.4 22 Sep 2020 19:58:57 -
> @@ -146,3 +146,5 @@ and IPv6 support first appeared in
>  .Sh CAVEATS
>  No tool is available to assign more than one rtable to an rdomain
>  other than to the default one (0).
> +An rtable cannot be deleted.
> +Deleting an rdomain will move its rtable into the default rdomain.
> 



Re: rdomain.4: add netstat -R example

2020-09-22 Thread Remi Locherer
On Tue, Sep 22, 2020 at 08:54:31PM +0200, Klemens Nanni wrote:
> It's handy and otherwise easily missed when reading up on routing
> domains and tables;  wording taken from netstat(1) as is.
> 
> Not listing pgrep(1)'s `-T' because examples don't have to be exhaustive
> and ps(1) is already demonstrated;  same for top(1) users which more
> likely come across its `t' and `T' in the help page anyway (I guess).
> 
> Feedback? OK?
> 

ok remi@

> 
> Index: rdomain.4
> ===
> RCS file: /cvs/src/share/man/man4/rdomain.4,v
> retrieving revision 1.14
> diff -u -p -r1.14 rdomain.4
> --- rdomain.4 30 Jul 2020 21:44:34 -  1.14
> +++ rdomain.4 22 Sep 2020 18:51:29 -
> @@ -98,6 +98,10 @@ Put em0 and lo4 in rdomain 4:
>  # ifconfig em0 192.0.2.100/24
>  .Ed
>  .Pp
> +List all rdomains with associated interfaces and routing tables:
> +.Pp
> +.Dl # netstat -R
> +.Pp
>  Set a default route and localhost reject route within rtable 4:
>  .Bd -literal -offset indent
>  # route -T4 -qn add -net 127 127.0.0.1 -reject
> @@ -129,6 +133,7 @@ Delete rdomain 4 again:
>  # ifconfig lo4 destroy
>  .Ed
>  .Sh SEE ALSO
> +.Xr netstat 1 ,
>  .Xr ps 1 ,
>  .Xr lo 4 ,
>  .Xr route 4 ,
> 



ospf(6)d: do not unlink the control socket

2020-09-15 Thread Remi Locherer
In 2018 we discussed that it is OK when ripd leaves its control socket
laying around:
https://marc.info/?l=openbsd-tech&m=154101413029926&w=2

When mestre@ adapted ldpd in June this year I was reminded to also adapt
ospfd and ospf6d for consistent.

OK?

Remi


Index: ospfd/control.c
===
RCS file: /cvs/src/usr.sbin/ospfd/control.c,v
retrieving revision 1.45
diff -u -p -r1.45 control.c
--- ospfd/control.c 29 Aug 2018 08:43:16 -  1.45
+++ ospfd/control.c 12 Sep 2020 13:13:54 -
@@ -125,13 +125,10 @@ control_listen(void)
 }
 
 void
-control_cleanup(char *path)
+control_cleanup(void)
 {
-   if (path == NULL)
-   return;
event_del(&control_state.ev);
event_del(&control_state.evt);
-   unlink(path);
 }
 
 /* ARGSUSED */
Index: ospfd/control.h
===
RCS file: /cvs/src/usr.sbin/ospfd/control.h,v
retrieving revision 1.7
diff -u -p -r1.7 control.h
--- ospfd/control.h 29 Aug 2018 08:43:16 -  1.7
+++ ospfd/control.h 12 Sep 2020 13:14:15 -
@@ -40,6 +40,6 @@ int   control_listen(void);
 void   control_accept(int, short, void *);
 void   control_dispatch_imsg(int, short, void *);
 intcontrol_imsg_relay(struct imsg *);
-void   control_cleanup(char *);
+void   control_cleanup(void);
 
 #endif /* _CONTROL_H_ */
Index: ospfd/ospfd.c
===
RCS file: /cvs/src/usr.sbin/ospfd/ospfd.c,v
retrieving revision 1.113
diff -u -p -r1.113 ospfd.c
--- ospfd/ospfd.c   26 Jun 2020 19:04:38 -  1.113
+++ ospfd/ospfd.c   12 Sep 2020 13:14:42 -
@@ -282,8 +282,6 @@ main(int argc, char *argv[])
 
if (unveil("/", "r") == -1)
fatal("unveil");
-   if (unveil(ospfd_conf->csock, "c") == -1)
-   fatal("unveil");
if (unveil(NULL, NULL) == -1)
fatal("unveil");
 
@@ -318,7 +316,7 @@ ospfd_shutdown(void)
msgbuf_clear(&iev_rde->ibuf.w);
close(iev_rde->ibuf.fd);
 
-   control_cleanup(ospfd_conf->csock);
+   control_cleanup();
while ((r = SIMPLEQ_FIRST(&ospfd_conf->redist_list)) != NULL) {
SIMPLEQ_REMOVE_HEAD(&ospfd_conf->redist_list, entry);
free(r);
Index: ospf6d/control.c
===
RCS file: /cvs/src/usr.sbin/ospf6d/control.c,v
retrieving revision 1.28
diff -u -p -r1.28 control.c
--- ospf6d/control.c1 Jan 2020 10:09:34 -   1.28
+++ ospf6d/control.c12 Sep 2020 13:29:06 -
@@ -124,13 +124,10 @@ control_listen(void)
 }
 
 void
-control_cleanup(char *path)
+control_cleanup(void)
 {
-   if (path == NULL)
-   return;
event_del(&control_state.ev);
event_del(&control_state.evt);
-   unlink(path);
 }
 
 /* ARGSUSED */
Index: ospf6d/control.h
===
RCS file: /cvs/src/usr.sbin/ospf6d/control.h,v
retrieving revision 1.6
diff -u -p -r1.6 control.h
--- ospf6d/control.h1 Sep 2018 19:21:10 -   1.6
+++ ospf6d/control.h12 Sep 2020 13:27:50 -
@@ -40,6 +40,6 @@ int   control_listen(void);
 void   control_accept(int, short, void *);
 void   control_dispatch_imsg(int, short, void *);
 intcontrol_imsg_relay(struct imsg *);
-void   control_cleanup(char *);
+void   control_cleanup(void);
 
 #endif /* _CONTROL_H_ */
Index: ospf6d/ospf6d.c
===
RCS file: /cvs/src/usr.sbin/ospf6d/ospf6d.c,v
retrieving revision 1.47
diff -u -p -r1.47 ospf6d.c
--- ospf6d/ospf6d.c 26 Jun 2020 19:06:52 -  1.47
+++ ospf6d/ospf6d.c 12 Sep 2020 13:40:11 -
@@ -274,7 +274,8 @@ main(int argc, char *argv[])
fatalx("control socket setup failed");
main_imsg_compose_ospfe_fd(IMSG_CONTROLFD, 0, control_fd);
 
-   if (unveil(ospfd_conf->csock, "c") == -1)
+   /* no filesystem visibility */
+   if (unveil("/", "") == -1)
fatal("unveil");
if (unveil(NULL, NULL) == -1)
fatal("unveil");
@@ -303,7 +304,7 @@ ospfd_shutdown(void)
msgbuf_clear(&iev_rde->ibuf.w);
close(iev_rde->ibuf.fd);
 
-   control_cleanup(ospfd_conf->csock);
+   control_cleanup();
kr_shutdown();
carp_demote_shutdown();
 



Re: ospf6d: use ROUTE_FLAGFILTER

2020-09-02 Thread Remi Locherer
On Wed, Sep 02, 2020 at 03:23:28PM +1000, Jonathan Matthew wrote:
> Like ospfd, ospf6d can use ROUTE_FLAGFILTER to opt out of receiving messages
> relating to L2 and broadcast routes on its routing socket.  We've been running
> this for a week or so with no problems.
> 
> ok?

ok remi@

> 
> Index: kroute.c
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/kroute.c,v
> retrieving revision 1.64
> diff -u -p -u -p -r1.64 kroute.c
> --- kroute.c  17 May 2020 18:29:25 -  1.64
> +++ kroute.c  18 Aug 2020 11:56:09 -
> @@ -102,6 +102,7 @@ kr_init(int fs, u_int rdomain, int redis
>   int opt = 0, rcvbuf, default_rcvbuf;
>   socklen_t   optlen;
>   int filter_prio = fib_prio;
> + int filter_flags = RTF_LLINFO | RTF_BROADCAST;
>  
>   kr_state.fib_sync = fs;
>   kr_state.rdomain = rdomain;
> @@ -127,6 +128,12 @@ kr_init(int fs, u_int rdomain, int redis
>   if (setsockopt(kr_state.fd, AF_ROUTE, ROUTE_PRIOFILTER, &filter_prio,
>   sizeof(filter_prio)) == -1) {
>   log_warn("%s: setsockopt AF_ROUTE ROUTE_PRIOFILTER", __func__);
> + /* not fatal */
> + }
> +
> + if (setsockopt(kr_state.fd, AF_ROUTE, ROUTE_FLAGFILTER, &filter_flags,
> + sizeof(filter_flags)) == -1) {
> + log_warn("%s: setsockopt AF_ROUTE ROUTE_FLAGFILTER", __func__);
>   /* not fatal */
>   }
>  
> 



Re: top: toggle routing tables

2020-08-25 Thread Remi Locherer
On Tue, Aug 25, 2020 at 09:34:55AM +0200, Klemens Nanni wrote:
> On Mon, Aug 24, 2020 at 12:52:46AM +0200, Klemens Nanni wrote:
> > Add `t' to swap the WAIT column with RTABLE (and vice versa);  WAIT
> > is wide enough to fit RTABLE, somewhat adds additional value to STATE
> > and seems therefore most appropiate to hide in favour of RTABLE.
> > 
> > Internally, I renamed the existing CMD_rtable command to filter routing
> > tables into CMD_rtableid in order to use CMD_rtable for showing them as
> > that seems in line with how CMD_threads is named to show threads, etc.
> > 
> > format_header() semantics are slightly reworked/improved now that there
> > are two changing fields;  instead of conditionally changing, it now
> > always updates it accordingly - i think that makes it clearer overall.
> > 
> > format_next_process() now uses strlcpy() instead of snprintf() for plain
> > strings as I had to touch those lines anyway.
> > 
> > Filtering rtables with `T' does not toggle the column, just like
> > filtering users with `u' does not toggle between user and thread id.
> > 
> > Feedback? OK?
> New diff after feedback from jmc and a little cleanup I just committed
> to avoid churn here.

I like it!
ok remi@

> 
> Index: display.c
> ===
> RCS file: /cvs/src/usr.bin/top/display.c,v
> retrieving revision 1.64
> diff -u -p -r1.64 display.c
> --- display.c 23 Aug 2020 21:11:55 -  1.64
> +++ display.c 25 Aug 2020 07:33:14 -
> @@ -826,6 +826,7 @@ show_help(void)
>   "s time   - change delay between displays to `time' seconds\n"
>   "T [-]rtable  - show processes associated with routing table 
> `rtable'\n"
>   "   (T+ shows all, T -rtable hides rtable)\n"
> + "t- toggle the display of routing tables\n"
>   "u [-]user- show processes for `user' (u+ shows all, u -user 
> hides user)\n"
>   "\n");
>  
> Index: machine.c
> ===
> RCS file: /cvs/src/usr.bin/top/machine.c,v
> retrieving revision 1.109
> diff -u -p -r1.109 machine.c
> --- machine.c 25 Aug 2020 07:27:34 -  1.109
> +++ machine.c 25 Aug 2020 07:33:14 -
> @@ -75,8 +75,9 @@ struct handle {
>  static char header[] =
>   "  PID XPRI NICE  SIZE   RES STATE WAIT  TIMECPU 
> COMMAND";
>  
> -/* 0123456   -- field to fill in starts at header+6 */
> +/* offsets in the header line to start alternative columns */
>  #define UNAME_START 6
> +#define RTABLE_START 46
>  
>  #define Proc_format \
>   "%5d %-8.8s %3d %4d %5s %5s %-9s %-7.7s %6s %5.2f%% %s"
> @@ -226,16 +227,16 @@ machine_init(struct statics *statics)
>  }
>  
>  char *
> -format_header(char *second_field)
> +format_header(char *second_field, char *eighth_field)
>  {
> - char *field_name, *thread_field = " TID";
> - char *ptr;
> -
> - field_name = second_field ? second_field : thread_field;
> + char *second_fieldp = second_field, *eighth_fieldp = eighth_field, *ptr;
>  
>   ptr = header + UNAME_START;
> - while (*field_name != '\0')
> - *ptr++ = *field_name++;
> + while (*second_fieldp != '\0')
> + *ptr++ = *second_fieldp++;
> + ptr = header + RTABLE_START;
> + while (*eighth_fieldp != '\0')
> + *ptr++ = *eighth_fieldp++;
>   return (header);
>  }
>  
> @@ -544,13 +545,12 @@ skip_processes(struct handle *hndl, int 
>  
>  char *
>  format_next_process(struct handle *hndl, const char *(*get_userid)(uid_t, 
> int),
> -pid_t *pid)
> +int rtable, pid_t *pid)
>  {
> - char *p_wait;
>   struct kinfo_proc *pp;
>   int cputime;
>   double pct;
> - char second_buf[16];
> + char second_buf[16], eighth_buf[8];
>  
>   /* find and remember the next proc structure */
>   pp = *(hndl->next_proc++);
> @@ -566,7 +566,11 @@ format_next_process(struct handle *hndl,
>   strlcpy(second_buf, (*get_userid)(pp->p_ruid, 0),
>   sizeof(second_buf));
>  
> - p_wait = pp->p_wmesg[0] ? pp->p_wmesg : "-";
> + if (rtable)
> + snprintf(eighth_buf, sizeof(eighth_buf), "%7d", pp->p_rtableid);
> + else
> + strlcpy(eighth_buf, pp->p_wmesg[0] ? pp->p_wmesg : "-",
> + sizeof(eighth_buf));
>  
>   /* format this entry */
>   snprintf(fmt, sizeof(fmt), Proc_format, pp->p_pid, second_buf,
> @@ -575,7 +579,7 @@ format_next_process(struct handle *hndl,
>   format_k(pagetok(pp->p_vm_rssize)),
>   (pp->p_stat == SSLEEP && pp->p_slptime > maxslp) ?
>   "idle" : state_abbr(pp),
> - p_wait, format_time(cputime), 100.0 * pct,
> + eighth_buf, format_time(cputime), 100.0 * pct,
>   printable(format_comm(pp)));
>  
>   *pid = pp->p_pid;
> Index: machine.h
> ===
> RCS file: /cvs/src/usr.bin

Re: top: filter by routing table

2020-08-23 Thread Remi Locherer
On Sun, Aug 23, 2020 at 10:45:14PM +0200, Klemens Nanni wrote:
> On Sun, Aug 23, 2020 at 10:39:21PM +0200, Remi Locherer wrote:
> > I like the feature and it works as advertised.
> > 
> > It would be nice to have a column that displays the rtable id of
> > each process when T is used. When I type "T-0" I see a list of procs
> > not in rtable 0.  But I still do not know in which one they are.
> That's certainly possible, but we need to pick a column which is not
> only suitable to omit but also wide enough to fit "RTABLE" as
> description, I'd say.
> 
> Are you OK with the diff as is?  We can take care of the rest as a
> separate diff.

sure! ok remi@



Re: top: filter by routing table

2020-08-23 Thread Remi Locherer
On Sat, Aug 22, 2020 at 05:20:56PM -0600, Todd C. Miller wrote:
> This looks good to me but I've refrained from commenting simply
> because I don't use rtables at all myself.  Can we get some feedback
> from people who actually use rtables?
> 
>  - todd
> 

I like the feature and it works as advertised.

It would be nice to have a column that displays the rtable id of
each process when T is used. When I type "T-0" I see a list of procs
not in rtable 0.  But I still do not know in which one they are.

Remi



Re: rdomain.4: route -T takes an rtable, not rdomain

2020-07-30 Thread Remi Locherer
On Thu, Jul 30, 2020 at 04:08:01AM +0200, Klemens Nanni wrote:
> Multiple rtables may exist in the default rdomain (0), that is their
> corresponding rdomains/lo(4) interfaces do not have to exist.
> 
> This demonstrates it;  first, nothing but default, so route(8) fails:
> 
>   # netstat -R
>   Rdomain 0
> Interfaces: lo0 vio0 enc0
> Routing table: 0
> 
>   # route -T1 exec id -R
>   route: routing table 1: No such file or directory
> 
> Then create an rdomain and with it an rtable:
> 
>   # ifconfig lo1 rdomain 1
>   # netstat -R
>   Rdomain 0
> Interfaces: lo0 vio0 enc0
> Routing table: 0
> 
>   Rdomain 1
> Interface: lo1
> Routing table: 1
> 
> This makes route(8) work, but it keeps working when we remove the
> rdomain again since the rtable persits:
> 
>   # route -T1 exec id -R
>   1
>   # ifconfig lo1 destroy
>   # netstat -R
>   Rdomain 0
> Interfaces: lo0 vio0 enc0
> Routing tables: 0 1
> 
>   # route -T1 exec id -R
>   1
> 
> 
> I'm not sure yet, whether this is intentional or in fact a bug.
> Either ways, the manual should be fixed - route(8)'s synopsis says the
> same, just like ping(8)'s `-V rtable':
> 
>   $ man -hs8 route
>   route [-dnqtv] [-T rtable] command [[modifiers] args]
> 
> Feedback? Objections? OK?
> 

OK remi@

> 
> Index: share/man/man4/rdomain.4
> ===
> RCS file: /cvs/src/share/man/man4/rdomain.4,v
> retrieving revision 1.13
> diff -u -p -r1.13 rdomain.4
> --- share/man/man4/rdomain.4  1 Feb 2020 15:00:20 -   1.13
> +++ share/man/man4/rdomain.4  30 Jul 2020 01:56:39 -
> @@ -98,7 +98,7 @@ Put em0 and lo4 in rdomain 4:
>  # ifconfig em0 192.0.2.100/24
>  .Ed
>  .Pp
> -Set a default route and localhost reject route within rdomain 4:
> +Set a default route and localhost reject route within rtable 4:
>  .Bd -literal -offset indent
>  # route -T4 -qn add -net 127 127.0.0.1 -reject
>  # route -T4 -n add default 192.0.2.1
> @@ -106,7 +106,7 @@ Set a default route and localhost reject
>  .Pp
>  Start
>  .Xr sshd 8
> -in rdomain 4:
> +in rtable 4:
>  .Pp
>  .Dl # route -T4 exec /usr/sbin/sshd
>  .Pp
> 



Re: ldpd engine process exits with pledge "cpath"

2020-06-20 Thread Remi Locherer
On Fri, Jun 19, 2020 at 02:43:00PM +0100, Ricardo Mestre wrote:
> mea culpa, but I'd rather just remove the unlink of the socket.
> 
> OK?

Diff reads OK to me.

We had the same discussion in 2018 for ripd:
https://marc.info/?l=openbsd-tech&m=154101413029926&w=2

Note to self: ospfd should get the same treatment ...

> 
> Index: control.c
> ===
> RCS file: /cvs/src/usr.sbin/ldpd/control.c,v
> retrieving revision 1.29
> diff -u -p -u -r1.29 control.c
> --- control.c 3 Mar 2017 23:30:57 -   1.29
> +++ control.c 19 Jun 2020 13:40:46 -
> @@ -98,11 +98,10 @@ control_listen(void)
>  }
>  
>  void
> -control_cleanup(char *path)
> +control_cleanup(void)
>  {
>   accept_del(control_fd);
>   close(control_fd);
> - unlink(path);
>  }
>  
>  /* ARGSUSED */
> Index: control.h
> ===
> RCS file: /cvs/src/usr.sbin/ldpd/control.h,v
> retrieving revision 1.9
> diff -u -p -u -r1.9 control.h
> --- control.h 3 Mar 2017 23:30:57 -   1.9
> +++ control.h 19 Jun 2020 13:40:46 -
> @@ -32,7 +32,7 @@ extern struct ctl_conns ctl_conns;
>  
>  int  control_init(char *);
>  int  control_listen(void);
> -void control_cleanup(char *);
> +void control_cleanup(void);
>  int  control_imsg_relay(struct imsg *);
>  
>  #endif   /* _CONTROL_H_ */
> Index: ldpe.c
> ===
> RCS file: /cvs/src/usr.sbin/ldpd/ldpe.c,v
> retrieving revision 1.76
> diff -u -p -u -r1.76 ldpe.c
> --- ldpe.c10 Aug 2019 01:30:53 -  1.76
> +++ ldpe.c19 Jun 2020 13:40:46 -
> @@ -171,7 +171,7 @@ ldpe_shutdown(void)
>   msgbuf_clear(&iev_main->ibuf.w);
>   close(iev_main->ibuf.fd);
>  
> - control_cleanup(global.csock);
> + control_cleanup();
>   config_clear(leconf);
>  
>   if (sysdep.no_pfkey == 0) {
> 



Re: netstat -R: list rdomains with associated ifs and tables

2020-06-11 Thread Remi Locherer
On Wed, Jun 10, 2020 at 11:47:49PM +0200, Sebastian Benoit wrote:
> Remi Locherer(remi.loche...@relo.ch) on 2020.06.10 22:16:36 +0200:
> > On Tue, Jun 09, 2020 at 10:02:06AM +0200, Remi Locherer wrote:
> > > On Tue, Jun 09, 2020 at 09:17:31AM +0200, Claudio Jeker wrote:
> > > > On Tue, Jun 09, 2020 at 08:44:42AM +0200, Remi Locherer wrote:
> > > > > On Mon, Jun 08, 2020 at 10:10:17PM +0200, Remi Locherer wrote:
> > > > > > Hi,
> > > > > > 
> > > > > > to my knowledge there is no easy way to list all active rdomains or
> > > > > > routing tables. Other platforms have "show vrf" or similar commands
> > > > > > for an overview.
> > > > > > 
> > > > > > Here is my attempt at such a view for OpenBSD:
> > > > > 
> > > > > Updated diff with small changes:
> > > > > - Print inet instead of Internet (input deraadt)
> > > > > - Removed padding before rdomain id.
> > > > > - Changed man page wording.
> > > > > 
> > > > > twister ..in/netstat$ obj/netstat -R
> > > > > Rdomain 0
> > > > >   Interfaces: lo0 iwm0 re0 enc0 pflog0 mpe0
> > > > >   Routing tables:
> > > > >   0: inet   8, inet6  45, mpls   1
> > > > >   3: inet   1, inet6   0, mpls   0
> > > > >   7: inet  130309, inet6   1, mpls   0
> > > > > 
> > > > > Rdomain 77
> > > > >   Interfaces: vether77 lo77
> > > > >   Routing tables:
> > > > >  77: inet   0, inet6   0, mpls   0
> > > > > 
> > > > > Rdomain 122
> > > > >   Interfaces: vether122 lo122 pair122 vether1122 vether1123 
> > > > > vether1124 vether1125 vether1126 vether1127
> > > > >   Routing tables:
> > > > > 122: inet  24, inet6   0, mpls   0
> > > > > 
> > > > > Rdomain 255
> > > > >   Interfaces: vether255 lo255
> > > > >   Routing tables:
> > > > > 255: inet   3, inet6   0, mpls   0
> > > > > 
> > > > > twister ..in/netstat$
> > > > > 
> > > > > OK?
> > > > 
> > > > Why do you think the route counts are needed? You fetch all routing 
> > > > tables
> > > > to count them in userland. The sysctl for doing that is expensive and
> > > > especially on systems with full tables will make this command slow.
> > > > If this is something we really want then the kernel should track and
> > > > provide the count.
> > > 
> > > These counters are of interest for operators. But I agree that counting
> > > the routes in userland is unfortunate. But I don't know how bad it is.
> > > Is a lock involved in the kernel when dumping the full table?
> > 
> > I did some homework and figured out, that dumping a routing table takes the
> > NET_LOCK. So it's not just inefficient counting all routes in userland it
> > might have a negative impact on the system.
> > 
> > Below my new proposal without the counters. I still think it would be good
> > to have those counters. Maybe I'll try to find a solution for that.
> 
> Maybe sysctl NET_RT_STATS and struct rtstat could be expanded to cover this?

I also looked at that. If I understand sysctl_rtable_rstat() correct then it
is not per table but for all of them. I guess I can change that. ;-)



Re: netstat -R: list rdomains with associated ifs and tables

2020-06-11 Thread Remi Locherer
On Wed, Jun 10, 2020 at 11:44:17PM +0100, Stuart Henderson wrote:
> It's useful information, I like it. (I preferred it with the route
> count, but I agree, it's hard on the system if there's a full DFZ
> table).
> 
> One thing though -
> 
> > twister ..in/netstat$ obj/netstat -R 
> > Rdomain 0
> >   Interfaces: lo0 iwm0 re0 enc0 pflog0
> >   Routing tables: 0 6 7 77
> 
> When there are multiple tables it's clear that this is a list of
> table numbers, but when there's only one the output text is confusing:
> 
> Rdomain 0
>   Interfaces: lo0 em1 enc0 tun2 vlan1 pflog0
>   Routing tables: 0
> 
> "there are zero routing tables?"
> 
> Rdomain 100
>   Interfaces: vether100 lo100 vether101 [...]
>   Routing tables: 100
> 
> "there are 100 tables?"
> 
> This would be clearer if it used table/tables as appropriate e.g.
> 
>   Routing table: 0
>   Routing table: 100
>   Routing tables: 0 6 7 77
> 
> the code to handle this gets messy though, maybe someone can think
> of alternative wording that gets around this another way..
> 

It's not too messy I think.

twister ..in/netstat$ obj/netstat -R 
Rdomain 0
  Interfaces: lo0 iwm0 re0 enc0 pflog0
  Routing tables: 0 5

Rdomain 255
  Interface: lo255
  Routing table: 255

twister ..in/netstat$



Index: main.c
===
RCS file: /cvs/src/usr.bin/netstat/main.c,v
retrieving revision 1.116
diff -u -p -r1.116 main.c
--- main.c  28 Apr 2019 17:59:51 -  1.116
+++ main.c  30 May 2020 17:59:33 -
@@ -127,7 +127,7 @@ main(int argc, char *argv[])
tableid = getrtable();
 
while ((ch = getopt(argc, argv,
-   "AaBbc:deFf:ghI:iLlM:mN:np:P:qrsT:tuvW:w:")) != -1)
+   "AaBbc:deFf:ghI:iLlM:mN:np:P:qRrsT:tuvW:w:")) != -1)
switch (ch) {
case 'A':
Aflag = 1;
@@ -225,6 +225,9 @@ main(int argc, char *argv[])
case 'q':
qflag = 1;
break;
+   case 'R':
+   Rflag = 1;
+   break;
case 'r':
rflag = 1;
break;
@@ -318,6 +321,11 @@ main(int argc, char *argv[])
mroutepr();
if (af == AF_INET6 || af == AF_UNSPEC)
mroute6pr();
+   exit(0);
+   }
+
+   if (Rflag) {
+   rdomainpr();
exit(0);
}
 
Index: netstat.1
===
RCS file: /cvs/src/usr.bin/netstat/netstat.1,v
retrieving revision 1.86
diff -u -p -r1.86 netstat.1
--- netstat.1   17 Apr 2019 20:34:21 -  1.86
+++ netstat.1   8 Jun 2020 20:42:46 -
@@ -74,6 +74,8 @@
 .Op Fl i | I Ar interface
 .Nm
 .Op Fl W Ar interface
+.Nm
+.Op Fl R
 .Sh DESCRIPTION
 The
 .Nm
@@ -267,6 +269,8 @@ Otherwise the states of the matching soc
 Only show interfaces that have seen packets (or bytes if
 .Fl b
 is specified).
+.It Fl R
+List all rdomains with associated interfaces and routing tables.
 .It Fl r
 Show the routing tables.
 The output is explained in more detail below.
Index: netstat.h
===
RCS file: /cvs/src/usr.bin/netstat/netstat.h,v
retrieving revision 1.74
diff -u -p -r1.74 netstat.h
--- netstat.h   28 Apr 2019 17:59:51 -  1.74
+++ netstat.h   10 Jun 2020 20:08:28 -
@@ -57,6 +57,7 @@ int   pflag;  /* show given protocol */
 intPflag;  /* show given PCB */
 intqflag;  /* only display non-zero values for output */
 intrflag;  /* show routing tables (or routing stats) */
+intRflag;  /* show rdomain and rtable summary */
 intsflag;  /* show protocol statistics */
 inttflag;  /* show i/f watchdog timers */
 intvflag;  /* be verbose */
@@ -112,6 +113,8 @@ voidrt_stats(void);
 void   pr_rthdr(int, int);
 void   pr_encaphdr(void);
 void   pr_family(int);
+
+void   rdomainpr(void);
 
 void   ip6_stats(char *);
 void   icmp6_stats(char *);
Index: route.c
===
RCS file: /cvs/src/usr.bin/netstat/route.c,v
retrieving revision 1.104
diff -u -p -r1.104 route.c
--- route.c 28 Jun 2019 13:35:02 -  1.104
+++ route.c 11 Jun 2020 19:39:38 -
@@ -51,6 +51,7 @@
 #include 
 #include 
 #include 
+#include 
 
 #include "netstat.h"
 
@@ -346,4 +347,75 @@ rt_stats(void)
rtstat.rts_unreach, plural(rtstat.rts_unreach));
printf("\t%u use%s of a wildcard route\n",
rtstat.rts_wildcard, plural(rtstat.rts_wildcard));
+}
+
+/*
+ * Print rdomain and rtable summary
+ */
+
+void
+rdomainpr(void)
+{
+   struct if_data   *ifd;
+   struct ifaddrs   *ifap, *ifa;
+   struct rt_tableinfo   info;
+
+   int  rtt_dom[RT_TABLEID_MAX+1];
+   int  rdom_

Re: netstat -R: list rdomains with associated ifs and tables

2020-06-10 Thread Remi Locherer
On Tue, Jun 09, 2020 at 10:02:06AM +0200, Remi Locherer wrote:
> On Tue, Jun 09, 2020 at 09:17:31AM +0200, Claudio Jeker wrote:
> > On Tue, Jun 09, 2020 at 08:44:42AM +0200, Remi Locherer wrote:
> > > On Mon, Jun 08, 2020 at 10:10:17PM +0200, Remi Locherer wrote:
> > > > Hi,
> > > > 
> > > > to my knowledge there is no easy way to list all active rdomains or
> > > > routing tables. Other platforms have "show vrf" or similar commands
> > > > for an overview.
> > > > 
> > > > Here is my attempt at such a view for OpenBSD:
> > > 
> > > Updated diff with small changes:
> > > - Print inet instead of Internet (input deraadt)
> > > - Removed padding before rdomain id.
> > > - Changed man page wording.
> > > 
> > > twister ..in/netstat$ obj/netstat -R
> > > Rdomain 0
> > >   Interfaces: lo0 iwm0 re0 enc0 pflog0 mpe0
> > >   Routing tables:
> > >   0: inet   8, inet6  45, mpls   1
> > >   3: inet   1, inet6   0, mpls   0
> > >   7: inet  130309, inet6   1, mpls   0
> > > 
> > > Rdomain 77
> > >   Interfaces: vether77 lo77
> > >   Routing tables:
> > >  77: inet   0, inet6   0, mpls   0
> > > 
> > > Rdomain 122
> > >   Interfaces: vether122 lo122 pair122 vether1122 vether1123 vether1124 
> > > vether1125 vether1126 vether1127
> > >   Routing tables:
> > > 122: inet  24, inet6   0, mpls   0
> > > 
> > > Rdomain 255
> > >   Interfaces: vether255 lo255
> > >   Routing tables:
> > > 255: inet   3, inet6   0, mpls   0
> > > 
> > > twister ..in/netstat$
> > > 
> > > OK?
> > 
> > Why do you think the route counts are needed? You fetch all routing tables
> > to count them in userland. The sysctl for doing that is expensive and
> > especially on systems with full tables will make this command slow.
> > If this is something we really want then the kernel should track and
> > provide the count.
> 
> These counters are of interest for operators. But I agree that counting
> the routes in userland is unfortunate. But I don't know how bad it is.
> Is a lock involved in the kernel when dumping the full table?

I did some homework and figured out, that dumping a routing table takes the
NET_LOCK. So it's not just inefficient counting all routes in userland it
might have a negative impact on the system.

Below my new proposal without the counters. I still think it would be good
to have those counters. Maybe I'll try to find a solution for that.

twister ..in/netstat$ obj/netstat -R 
Rdomain 0
  Interfaces: lo0 iwm0 re0 enc0 pflog0
  Routing tables: 0 6 7 77

Rdomain 100
  Interfaces: vether100 lo100 vether101 vether102 vether103 vether104 vether105 
vether106 vether107 vether108 vether109
  Routing tables: 100

Rdomain 255
  Interfaces: vether255 lo255
  Routing tables: 255

twister ..in/netstat$



Index: main.c
===
RCS file: /cvs/src/usr.bin/netstat/main.c,v
retrieving revision 1.116
diff -u -p -r1.116 main.c
--- main.c  28 Apr 2019 17:59:51 -  1.116
+++ main.c  30 May 2020 17:59:33 -
@@ -127,7 +127,7 @@ main(int argc, char *argv[])
tableid = getrtable();
 
while ((ch = getopt(argc, argv,
-   "AaBbc:deFf:ghI:iLlM:mN:np:P:qrsT:tuvW:w:")) != -1)
+   "AaBbc:deFf:ghI:iLlM:mN:np:P:qRrsT:tuvW:w:")) != -1)
switch (ch) {
case 'A':
Aflag = 1;
@@ -225,6 +225,9 @@ main(int argc, char *argv[])
case 'q':
qflag = 1;
break;
+   case 'R':
+   Rflag = 1;
+   break;
case 'r':
rflag = 1;
break;
@@ -318,6 +321,11 @@ main(int argc, char *argv[])
mroutepr();
if (af == AF_INET6 || af == AF_UNSPEC)
mroute6pr();
+   exit(0);
+   }
+
+   if (Rflag) {
+   rdomainpr();
exit(0);
}
 
Index: netstat.1
===
RCS file: /cvs/src/usr.bin/netstat/netstat.1,v
retrieving revision 1.86
diff -u -p -r1.86 netstat.1
--- netstat.1   17 Apr 2019 20:34:21 -  1.86
+++ netstat.1   8 Jun 2020 20:42:46 -
@@ -74,6 +74,8 @@
 .Op Fl i | I Ar interface
 .Nm
 .Op Fl W Ar interface
+.Nm
+.Op Fl R
 .Sh DESCRIPTION
 The
 .Nm
@@ -26

Re: netstat -R: list rdomains with associated ifs and tables

2020-06-09 Thread Remi Locherer
On Tue, Jun 09, 2020 at 09:17:31AM +0200, Claudio Jeker wrote:
> On Tue, Jun 09, 2020 at 08:44:42AM +0200, Remi Locherer wrote:
> > On Mon, Jun 08, 2020 at 10:10:17PM +0200, Remi Locherer wrote:
> > > Hi,
> > > 
> > > to my knowledge there is no easy way to list all active rdomains or
> > > routing tables. Other platforms have "show vrf" or similar commands
> > > for an overview.
> > > 
> > > Here is my attempt at such a view for OpenBSD:
> > 
> > Updated diff with small changes:
> > - Print inet instead of Internet (input deraadt)
> > - Removed padding before rdomain id.
> > - Changed man page wording.
> > 
> > twister ..in/netstat$ obj/netstat -R
> > Rdomain 0
> >   Interfaces: lo0 iwm0 re0 enc0 pflog0 mpe0
> >   Routing tables:
> >   0: inet   8, inet6  45, mpls   1
> >   3: inet   1, inet6   0, mpls   0
> >   7: inet  130309, inet6   1, mpls   0
> > 
> > Rdomain 77
> >   Interfaces: vether77 lo77
> >   Routing tables:
> >  77: inet   0, inet6   0, mpls   0
> > 
> > Rdomain 122
> >   Interfaces: vether122 lo122 pair122 vether1122 vether1123 vether1124 
> > vether1125 vether1126 vether1127
> >   Routing tables:
> > 122: inet  24, inet6   0, mpls   0
> > 
> > Rdomain 255
> >   Interfaces: vether255 lo255
> >   Routing tables:
> > 255: inet   3, inet6   0, mpls   0
> > 
> > twister ..in/netstat$
> > 
> > OK?
> 
> Why do you think the route counts are needed? You fetch all routing tables
> to count them in userland. The sysctl for doing that is expensive and
> especially on systems with full tables will make this command slow.
> If this is something we really want then the kernel should track and
> provide the count.

These counters are of interest for operators. But I agree that counting
the routes in userland is unfortunate. But I don't know how bad it is.
Is a lock involved in the kernel when dumping the full table?

I see in art.h that struct art_table has a counter. What would be a good
way to export this to userland?

> 
> Apart from that I think this is a good addition.
>  
> > Index: main.c
> > ===
> > RCS file: /cvs/src/usr.bin/netstat/main.c,v
> > retrieving revision 1.116
> > diff -u -p -r1.116 main.c
> > --- main.c  28 Apr 2019 17:59:51 -  1.116
> > +++ main.c  30 May 2020 17:59:33 -
> > @@ -127,7 +127,7 @@ main(int argc, char *argv[])
> > tableid = getrtable();
> >  
> > while ((ch = getopt(argc, argv,
> > -   "AaBbc:deFf:ghI:iLlM:mN:np:P:qrsT:tuvW:w:")) != -1)
> > +   "AaBbc:deFf:ghI:iLlM:mN:np:P:qRrsT:tuvW:w:")) != -1)
> > switch (ch) {
> > case 'A':
> > Aflag = 1;
> > @@ -225,6 +225,9 @@ main(int argc, char *argv[])
> > case 'q':
> > qflag = 1;
> > break;
> > +   case 'R':
> > +   Rflag = 1;
> > +   break;
> > case 'r':
> > rflag = 1;
> > break;
> > @@ -318,6 +321,11 @@ main(int argc, char *argv[])
> > mroutepr();
> > if (af == AF_INET6 || af == AF_UNSPEC)
> > mroute6pr();
> > +   exit(0);
> > +   }
> > +
> > +   if (Rflag) {
> > +   rdomainpr();
> > exit(0);
> > }
> >  
> > Index: netstat.1
> > ===
> > RCS file: /cvs/src/usr.bin/netstat/netstat.1,v
> > retrieving revision 1.86
> > diff -u -p -r1.86 netstat.1
> > --- netstat.1   17 Apr 2019 20:34:21 -  1.86
> > +++ netstat.1   8 Jun 2020 20:42:46 -
> > @@ -74,6 +74,8 @@
> >  .Op Fl i | I Ar interface
> >  .Nm
> >  .Op Fl W Ar interface
> > +.Nm
> > +.Op Fl R
> >  .Sh DESCRIPTION
> >  The
> >  .Nm
> > @@ -267,6 +269,8 @@ Otherwise the states of the matching soc
> >  Only show interfaces that have seen packets (or bytes if
> >  .Fl b
> >  is specified).
> > +.It Fl R
> > +List all rdomains with associated interfaces and routing tables.
> >  .It Fl r
> >  Show the routing tables.
> >  The output is explained in more detail below.
> > Index: netstat.h
> > ===

Re: netstat -R: list rdomains with associated ifs and tables

2020-06-08 Thread Remi Locherer
On Mon, Jun 08, 2020 at 10:10:17PM +0200, Remi Locherer wrote:
> Hi,
> 
> to my knowledge there is no easy way to list all active rdomains or
> routing tables. Other platforms have "show vrf" or similar commands
> for an overview.
> 
> Here is my attempt at such a view for OpenBSD:

Updated diff with small changes:
- Print inet instead of Internet (input deraadt)
- Removed padding before rdomain id.
- Changed man page wording.

twister ..in/netstat$ obj/netstat -R
Rdomain 0
  Interfaces: lo0 iwm0 re0 enc0 pflog0 mpe0
  Routing tables:
  0: inet   8, inet6  45, mpls   1
  3: inet   1, inet6   0, mpls   0
  7: inet  130309, inet6   1, mpls   0

Rdomain 77
  Interfaces: vether77 lo77
  Routing tables:
 77: inet   0, inet6   0, mpls   0

Rdomain 122
  Interfaces: vether122 lo122 pair122 vether1122 vether1123 vether1124 
vether1125 vether1126 vether1127
  Routing tables:
122: inet  24, inet6   0, mpls   0

Rdomain 255
  Interfaces: vether255 lo255
  Routing tables:
255: inet   3, inet6   0, mpls   0

twister ..in/netstat$

OK?


Index: main.c
===
RCS file: /cvs/src/usr.bin/netstat/main.c,v
retrieving revision 1.116
diff -u -p -r1.116 main.c
--- main.c  28 Apr 2019 17:59:51 -  1.116
+++ main.c  30 May 2020 17:59:33 -
@@ -127,7 +127,7 @@ main(int argc, char *argv[])
tableid = getrtable();
 
while ((ch = getopt(argc, argv,
-   "AaBbc:deFf:ghI:iLlM:mN:np:P:qrsT:tuvW:w:")) != -1)
+   "AaBbc:deFf:ghI:iLlM:mN:np:P:qRrsT:tuvW:w:")) != -1)
switch (ch) {
case 'A':
Aflag = 1;
@@ -225,6 +225,9 @@ main(int argc, char *argv[])
case 'q':
qflag = 1;
break;
+   case 'R':
+   Rflag = 1;
+   break;
case 'r':
rflag = 1;
break;
@@ -318,6 +321,11 @@ main(int argc, char *argv[])
mroutepr();
if (af == AF_INET6 || af == AF_UNSPEC)
mroute6pr();
+   exit(0);
+   }
+
+   if (Rflag) {
+   rdomainpr();
exit(0);
}
 
Index: netstat.1
===
RCS file: /cvs/src/usr.bin/netstat/netstat.1,v
retrieving revision 1.86
diff -u -p -r1.86 netstat.1
--- netstat.1   17 Apr 2019 20:34:21 -  1.86
+++ netstat.1   8 Jun 2020 20:42:46 -
@@ -74,6 +74,8 @@
 .Op Fl i | I Ar interface
 .Nm
 .Op Fl W Ar interface
+.Nm
+.Op Fl R
 .Sh DESCRIPTION
 The
 .Nm
@@ -267,6 +269,8 @@ Otherwise the states of the matching soc
 Only show interfaces that have seen packets (or bytes if
 .Fl b
 is specified).
+.It Fl R
+List all rdomains with associated interfaces and routing tables.
 .It Fl r
 Show the routing tables.
 The output is explained in more detail below.
Index: netstat.h
===
RCS file: /cvs/src/usr.bin/netstat/netstat.h,v
retrieving revision 1.74
diff -u -p -r1.74 netstat.h
--- netstat.h   28 Apr 2019 17:59:51 -  1.74
+++ netstat.h   7 Jun 2020 22:03:10 -
@@ -57,6 +57,7 @@ int   pflag;  /* show given protocol */
 intPflag;  /* show given PCB */
 intqflag;  /* only display non-zero values for output */
 intrflag;  /* show routing tables (or routing stats) */
+intRflag;  /* show rdomain and rtable summary */
 intsflag;  /* show protocol statistics */
 inttflag;  /* show i/f watchdog timers */
 intvflag;  /* be verbose */
@@ -112,6 +113,9 @@ voidrt_stats(void);
 void   pr_rthdr(int, int);
 void   pr_encaphdr(void);
 void   pr_family(int);
+
+void   rdomainpr(void);
+void   rttsummarypr(int);
 
 void   ip6_stats(char *);
 void   icmp6_stats(char *);
Index: route.c
===
RCS file: /cvs/src/usr.bin/netstat/route.c,v
retrieving revision 1.104
diff -u -p -r1.104 route.c
--- route.c 28 Jun 2019 13:35:02 -  1.104
+++ route.c 9 Jun 2020 06:36:29 -
@@ -51,6 +51,7 @@
 #include 
 #include 
 #include 
+#include 
 
 #include "netstat.h"
 
@@ -346,4 +347,117 @@ rt_stats(void)
rtstat.rts_unreach, plural(rtstat.rts_unreach));
printf("\t%u use%s of a wildcard route\n",
rtstat.rts_wildcard, plural(rtstat.rts_wildcard));
+}
+
+/*
+ * Print rdomain and rtable summary
+ */
+
+void
+rdomainpr(void)
+{
+   struct if_data   *ifd;
+   struct ifaddrs   *ifap, *ifa;
+   struct rt_tableinfo   info;
+
+   int  rtt_dom[RT_TABLEID_MA

netstat -R: list rdomains with associated ifs and tables

2020-06-08 Thread Remi Locherer
Hi,

to my knowledge there is no easy way to list all active rdomains or
routing tables. Other platforms have "show vrf" or similar commands
for an overview.

Here is my attempt at such a view for OpenBSD:

twister ..in/netstat$ obj/netstat -R
Rdomain   0
  Interfaces: lo0 iwm0 re0 enc0 pflog0
  Routing tables:
  0: Internet   8, Internet6  43, MPLS   0
  3: Internet   1, Internet6   0, MPLS   0
  7: Internet  130309, Internet6   1, MPLS   0

Rdomain  77
  Interfaces: vether77 lo77
  Routing tables:
 77: Internet   0, Internet6   0, MPLS   0

Rdomain 122
  Interfaces: vether122 lo122 pair122 vether1122 vether1123 vether1124 
vether1125 vether1126 vether1127
  Routing tables:
122: Internet  24, Internet6   0, MPLS   0

Rdomain 255
  Interfaces: vether255 lo255
  Routing tables:
255: Internet   3, Internet6   0, MPLS   0

twister ..in/netstat$

Comments? OKs?

Remi


Index: main.c
===
RCS file: /cvs/src/usr.bin/netstat/main.c,v
retrieving revision 1.116
diff -u -p -r1.116 main.c
--- main.c  28 Apr 2019 17:59:51 -  1.116
+++ main.c  30 May 2020 17:59:33 -
@@ -127,7 +127,7 @@ main(int argc, char *argv[])
tableid = getrtable();
 
while ((ch = getopt(argc, argv,
-   "AaBbc:deFf:ghI:iLlM:mN:np:P:qrsT:tuvW:w:")) != -1)
+   "AaBbc:deFf:ghI:iLlM:mN:np:P:qRrsT:tuvW:w:")) != -1)
switch (ch) {
case 'A':
Aflag = 1;
@@ -225,6 +225,9 @@ main(int argc, char *argv[])
case 'q':
qflag = 1;
break;
+   case 'R':
+   Rflag = 1;
+   break;
case 'r':
rflag = 1;
break;
@@ -318,6 +321,11 @@ main(int argc, char *argv[])
mroutepr();
if (af == AF_INET6 || af == AF_UNSPEC)
mroute6pr();
+   exit(0);
+   }
+
+   if (Rflag) {
+   rdomainpr();
exit(0);
}
 
Index: netstat.1
===
RCS file: /cvs/src/usr.bin/netstat/netstat.1,v
retrieving revision 1.86
diff -u -p -r1.86 netstat.1
--- netstat.1   17 Apr 2019 20:34:21 -  1.86
+++ netstat.1   8 Jun 2020 19:21:26 -
@@ -74,6 +74,8 @@
 .Op Fl i | I Ar interface
 .Nm
 .Op Fl W Ar interface
+.Nm
+.Op Fl R
 .Sh DESCRIPTION
 The
 .Nm
@@ -267,6 +269,9 @@ Otherwise the states of the matching soc
 Only show interfaces that have seen packets (or bytes if
 .Fl b
 is specified).
+.It Fl R
+Show all rdomains and list associated interfaces and routing tables
+with number of entries.
 .It Fl r
 Show the routing tables.
 The output is explained in more detail below.
Index: netstat.h
===
RCS file: /cvs/src/usr.bin/netstat/netstat.h,v
retrieving revision 1.74
diff -u -p -r1.74 netstat.h
--- netstat.h   28 Apr 2019 17:59:51 -  1.74
+++ netstat.h   7 Jun 2020 22:03:10 -
@@ -57,6 +57,7 @@ int   pflag;  /* show given protocol */
 intPflag;  /* show given PCB */
 intqflag;  /* only display non-zero values for output */
 intrflag;  /* show routing tables (or routing stats) */
+intRflag;  /* show rdomain and rtable summary */
 intsflag;  /* show protocol statistics */
 inttflag;  /* show i/f watchdog timers */
 intvflag;  /* be verbose */
@@ -112,6 +113,9 @@ voidrt_stats(void);
 void   pr_rthdr(int, int);
 void   pr_encaphdr(void);
 void   pr_family(int);
+
+void   rdomainpr(void);
+void   rttsummarypr(int);
 
 void   ip6_stats(char *);
 void   icmp6_stats(char *);
Index: route.c
===
RCS file: /cvs/src/usr.bin/netstat/route.c,v
retrieving revision 1.104
diff -u -p -r1.104 route.c
--- route.c 28 Jun 2019 13:35:02 -  1.104
+++ route.c 8 Jun 2020 19:29:58 -
@@ -51,6 +51,7 @@
 #include 
 #include 
 #include 
+#include 
 
 #include "netstat.h"
 
@@ -346,4 +347,117 @@ rt_stats(void)
rtstat.rts_unreach, plural(rtstat.rts_unreach));
printf("\t%u use%s of a wildcard route\n",
rtstat.rts_wildcard, plural(rtstat.rts_wildcard));
+}
+
+/*
+ * Print rdomain and rtable summary
+ */
+
+void
+rdomainpr(void)
+{
+   struct if_data   *ifd;
+   struct ifaddrs   *ifap, *ifa;
+   struct rt_tableinfo   info;
+
+   int  rtt_dom[RT_TABLEID_MAX+1];
+   int  mib[6], rdom, rtt;
+   size_t   len;
+   char*old, *rdom_if[RT_TABLEID_MAX+1] = { };
+
+   getifaddrs(&ifap);
+   for (ifa = ifap; ifa; ifa = ifa->ifa_next) {
+   if (ifa->ifa_addr->sa_family != AF_LINK)

Re: ospf6d: change the way interfaces are handled

2020-06-03 Thread Remi Locherer
On Sat, May 30, 2020 at 04:37:43PM +0200, Denis Fondras wrote:
> This diff updates how ospf6d(8) handles interfaces.
> It is now in line with what ospfd(8) does.
> 
> Last step before enabling reload.
> 
> Tested against Mikrotik and Zebra implementations.
> 
> Warning: it changes the default behaviour. No prefix is announced if no
> "redistribute" statement is present in config file. Is this a showstopper ?

The diff reads good and works. I mostly agree with it.

But we should not change the behaviour. That prefixes configured on an
interface need a redistribute statement is counter intuitive. The "passive"
statement would be useless.

> 
> Index: hello.c
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/hello.c,v
> retrieving revision 1.22
> diff -u -p -r1.22 hello.c
> --- hello.c   3 Jan 2020 17:25:48 -   1.22
> +++ hello.c   30 May 2020 14:19:09 -
> @@ -175,12 +175,16 @@ recv_hello(struct iface *iface, struct i
>   nbr->priority = LSA_24_GETHI(ntohl(hello.opts));
>   /* XXX neighbor address shouldn't be stored on virtual links */
>   nbr->addr = *src;
> + ospfe_imsg_compose_rde(IMSG_NEIGHBOR_ADDR, nbr->peerid, 0,
> + src, sizeof(struct in6_addr));
>   }
>  
>   if (!IN6_ARE_ADDR_EQUAL(&nbr->addr, src)) {
>   log_warnx("%s: neighbor ID %s changed its address to %s",
>   __func__, inet_ntoa(nbr->id), log_in6addr(src));
>   nbr->addr = *src;
> + ospfe_imsg_compose_rde(IMSG_NEIGHBOR_ADDR, nbr->peerid, 0,
> + src, sizeof(struct in6_addr));
>   }
>  
>   nbr->options = opts;
> Index: interface.c
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/interface.c,v
> retrieving revision 1.29
> diff -u -p -r1.29 interface.c
> --- interface.c   27 May 2020 09:03:56 -  1.29
> +++ interface.c   30 May 2020 14:19:09 -
> @@ -72,8 +72,6 @@ struct {
>  static int vlink_cnt = 0;
>  #endif
>  
> -TAILQ_HEAD(, iface)  iflist;
> -
>  const char * const if_event_names[] = {
>   "NOTHING",
>   "UP",
> @@ -145,10 +143,6 @@ if_fsm(struct iface *iface, enum iface_e
>   area_track(iface->area);
>   orig_rtr_lsa(iface->area);
>   orig_link_lsa(iface);
> -
> - /* state change inform RDE */
> - ospfe_imsg_compose_rde(IMSG_IFINFO, iface->self->peerid, 0,
> - &iface->state, sizeof(iface->state));
>   }
>  
>   if (old_state & (IF_STA_MULTI | IF_STA_POINTTOPOINT) &&
> @@ -166,41 +160,8 @@ if_fsm(struct iface *iface, enum iface_e
>   return (ret);
>  }
>  
> -int
> -if_init(void)
> -{
> - TAILQ_INIT(&iflist);
> -
> - return (fetchifs(0));
> -}
> -
> -/* XXX using a linked list should be OK for now */
>  struct iface *
> -if_find(unsigned int ifindex)
> -{
> - struct iface*iface;
> -
> - TAILQ_FOREACH(iface, &iflist, list) {
> - if (ifindex == iface->ifindex)
> - return (iface);
> - }
> - return (NULL);
> -}
> -
> -struct iface *
> -if_findname(char *name)
> -{
> - struct iface*iface;
> -
> - TAILQ_FOREACH(iface, &iflist, list) {
> - if (!strcmp(name, iface->name))
> - return (iface);
> - }
> - return (NULL);
> -}
> -
> -struct iface *
> -if_new(u_short ifindex, char *ifname)
> +if_new(struct kif *kif, struct kif_addr *ka)
>  {
>   struct iface*iface;
>  
> @@ -210,7 +171,6 @@ if_new(u_short ifindex, char *ifname)
>   iface->state = IF_STA_DOWN;
>  
>   LIST_INIT(&iface->nbr_list);
> - TAILQ_INIT(&iface->ifa_list);
>   TAILQ_INIT(&iface->ls_ack_list);
>   RB_INIT(&iface->lsa_tree);
>  
> @@ -225,34 +185,36 @@ if_new(u_short ifindex, char *ifname)
>   return (iface);
>   }
>  #endif
> - strlcpy(iface->name, ifname, sizeof(iface->name));
> - iface->ifindex = ifindex;
> -
> - TAILQ_INSERT_TAIL(&iflist, iface, list);
> -
> - return (iface);
> -}
>  
> -void
> -if_update(struct iface *iface, int mtu, int flags, u_int8_t type,
> -u_int8_t state, u_int64_t rate, u_int32_t rdomain)
> -{
> - iface->mtu = mtu;
> - iface->flags = flags;
> - iface->if_type = type;
> - iface->linkstate = state;
> - iface->baudrate = rate;
> - iface->rdomain = rdomain;
> + strlcpy(iface->name, kif->ifname, sizeof(iface->name));
>  
> - /* set type */
> - if (flags & IFF_POINTOPOINT)
> + /* get type */
> + if (kif->flags & IFF_POINTOPOINT)
>   iface->type = IF_TYPE_POINTOPOINT;
> - if (flags & IFF_BROADCAST && flags & IFF_MULTICAST)
> + if (kif->flags & IFF_BROADCAST && kif->flags & IFF_MULTICAST)
>   iface->type = IF_TYPE_BROADCAST;
> - if (flags & IFF_LOOPBACK) {
> + if (kif->flags & IFF_LOOPBACK) {
>   iface->ty

Re: iked(8): AES_GCM ciphers for IKE

2020-05-20 Thread Remi Locherer
On Fri, May 15, 2020 at 01:59:35AM +0200, Tobias Heider wrote:
> On Thu, May 14, 2020 at 10:47:52PM +0200, Tobias Heider wrote:
> > On Thu, May 14, 2020 at 10:07:30PM +0200, Tobias Heider wrote:
> > > Hi,
> > > 
> > > currently iked(8) supports AES-GCM only for ESP.
> > > The diff below adds the ENCR_AES_GCM_16 and ENCR_AES_GCM_12 variants for 
> > > IKE.
> > > (for more information see [1] and [2]).
> > > Both variants support the 128, 196, and 256 bit key lengths.
> > > 
> > > The new new ciphers can be configured with:
> > > - aes-128-gcm, aes-196-gcm and aes-256-gcm for ENCR_AES_GCM_16
> > > - aes-128-gcm-12, aes-196-gcm-12 and aes-256-gcm-12 for ENCR_AES_GCM_12
> 
> Small typo: it's 192, not 196.
> 
> > > 
> > > It would be nice if we could get some interop testing with different IKEv2
> > > implementations.  I have so far successfully tested strongswan <-> iked 
> > > and
> > > of course iked <-> iked.
> > > 
> > > Feedback welcome ;)

It works with a Juniper SRX on the other side.

I tested with this iked.conf:

ikev2 "srx1" active esp \
from 192.168.100.0/24 to 192.168.111.0/24 \
local 10.0.0.2 peer 10.0.0.1 \
ikesa enc aes-128-gcm group ecp256 \
childsa enc aes-128-gcm group ecp256 \
srcid 10.0.0.2 dstid 10.0.0.1 \
psk "Secret1"


> > > 
> > > [1] https://tools.ietf.org/html/rfc5282
> > > [2] 
> > > https://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml#ikev2-parameters-5
> > > 
> > 
> > whoops, previous diff was broken.
> > 
> 
> Another update because it seems parse_xf matches substrings instead of the
> full transform type name, which means I had to change the order of ikeencxfs
> members or 'aes-128-gcm' will always match 'aes-128-gcm-12' ...
> 
> Index: crypto.c
> ===
> RCS file: /cvs/src/sbin/iked/crypto.c,v
> retrieving revision 1.27
> diff -u -p -r1.27 crypto.c
> --- crypto.c  14 May 2020 15:08:30 -  1.27
> +++ crypto.c  14 May 2020 23:55:13 -
> @@ -92,7 +92,7 @@ hash_new(uint8_t type, uint16_t id)
>   struct iked_hash*hash;
>   const EVP_MD*md = NULL;
>   HMAC_CTX*ctx = NULL;
> - int  length = 0, fixedkey = 0, trunc = 0;
> + int  length = 0, fixedkey = 0, trunc = 0, isaead = 
> 0;
>  
>   switch (type) {
>   case IKEV2_XFORMTYPE_PRF:
> @@ -156,6 +156,14 @@ hash_new(uint8_t type, uint16_t id)
>   length = SHA512_DIGEST_LENGTH;
>   trunc = 32;
>   break;
> + case IKEV2_XFORMAUTH_AES_GCM_12:
> + length = 12;
> + isaead = 1;
> + break;
> + case IKEV2_XFORMAUTH_AES_GCM_16:
> + length = 16;
> + isaead = 1;
> + break;
>   case IKEV2_XFORMAUTH_NONE:
>   case IKEV2_XFORMAUTH_DES_MAC:
>   case IKEV2_XFORMAUTH_KPDK_MD5:
> @@ -177,7 +185,7 @@ hash_new(uint8_t type, uint16_t id)
>   print_map(id, ikev2_xformtype_map));
>   break;
>   }
> - if (md == NULL)
> + if (!isaead && md == NULL)
>   return (NULL);
>  
>   if ((hash = calloc(1, sizeof(*hash))) == NULL) {
> @@ -192,6 +200,10 @@ hash_new(uint8_t type, uint16_t id)
>   hash->hash_trunc = trunc;
>   hash->hash_length = length;
>   hash->hash_fixedkey = fixedkey;
> + hash->hash_isaead = isaead;
> +
> + if (isaead)
> + return (hash);
>  
>   if ((ctx = calloc(1, sizeof(*ctx))) == NULL) {
>   log_debug("%s: alloc hash ctx", __func__);
> @@ -276,6 +288,7 @@ cipher_new(uint8_t type, uint16_t id, ui
>   const EVP_CIPHER*cipher = NULL;
>   EVP_CIPHER_CTX  *ctx = NULL;
>   int  length = 0, fixedkey = 0, ivlength = 0;
> + int  saltlength = 0, authid = 0;
>  
>   switch (type) {
>   case IKEV2_XFORMTYPE_ENCR:
> @@ -309,6 +322,39 @@ cipher_new(uint8_t type, uint16_t id, ui
>   ivlength = EVP_CIPHER_iv_length(cipher);
>   fixedkey = EVP_CIPHER_key_length(cipher);
>   break;
> + case IKEV2_XFORMENCR_AES_GCM_16:
> + case IKEV2_XFORMENCR_AES_GCM_12:
> + switch (id_length) {
> + case 128:
> + cipher = EVP_aes_128_gcm();
> + break;
> + case 192:
> + cipher = EVP_aes_192_gcm();
> + break;
> + case 256:
> + cipher = EVP_aes_256_gcm();
> + break;
> + default:
> + log_debug("%s: invalid key length %d"
> + " f

Re: mcx(4) checksum offload

2020-05-19 Thread Remi Locherer
On Tue, May 19, 2020 at 08:48:17AM +1000, Jonathan Matthew wrote:
> So far I've completely ignored offloads in the ethernet drivers I've
> written, but on having a quick look at the documentation I found that
> mcx(4) checksum offload is extremely easy to use, and some simple testing
> suggests that it helps quite a bit.  I've seen tcpbench receive throughput
> increase by around 15%.
> 
> The nic supports all the checksum offloads we know about, reports checksum
> status for every packet without being asked to, and can figure out packet
> header lengths etc. for itself, so on the tx side, the driver just sets
> some flags to say "checksum this for me please", and on the rx side, it
> looks at two bits in the completion queue entry.
> 
> I'm mostly sending this out to see if anyone can gather any interesting
> performance numbers.

ipv4 forwarding, 64Byte UDP packagesi sent over both mcx, pfctl -d

with patch:
- generating 560 Kpps: 560 Kpps stable
- generating 1 Mpps: first few min 809 Kpps, then drops to 520 Kpps

without patch:
- generating 560 Kpps: first few min 560 Kpps theni drops to 514 Kpps
- generating 1Mpps: first few min 766 Kpps, then drops to 500 Kpps

mcx0 at pci7 dev 0 function 0 "Mellanox ConnectX-4 Lx" rev 0x00: FW 14.17.2032, 
msix, address 24:8a:07:b0:23:a0
mcx1 at pci7 dev 0 function 1 "Mellanox ConnectX-4 Lx" rev 0x00: FW 14.17.2032, 
msix, address 24:8a:07:b0:23:a1

> 
> 
> Index: if_mcx.c
> ===
> RCS file: /cvs/src/sys/dev/pci/if_mcx.c,v
> retrieving revision 1.44
> diff -u -p -u -p -r1.44 if_mcx.c
> --- if_mcx.c  24 Apr 2020 07:28:37 -  1.44
> +++ if_mcx.c  18 May 2020 10:22:32 -
> @@ -1255,6 +1292,10 @@ struct mcx_cq_entry {
>   uint32_tcq_checksum;
>   uint32_t__reserved__;
>   uint32_tcq_flags;
> +#define MCX_CQ_ENTRY_FLAGS_L4_OK (1 << 26)
> +#define MCX_CQ_ENTRY_FLAGS_L3_OK (1 << 25)
> +#define MCX_CQ_ENTRY_FLAGS_L2_OK (1 << 24)
> +
>   uint32_tcq_lro_srqn;
>   uint32_t__reserved__[2];
>   uint32_tcq_byte_cnt;
> @@ -2355,7 +2396,9 @@ mcx_attach(struct device *parent, struct
>   ifp->if_qstart = mcx_start;
>   ifp->if_watchdog = mcx_watchdog;
>   ifp->if_hardmtu = sc->sc_hardmtu;
> - ifp->if_capabilities = IFCAP_VLAN_MTU;
> + ifp->if_capabilities = IFCAP_VLAN_MTU | IFCAP_CSUM_IPv4 |
> + IFCAP_CSUM_UDPv4 | IFCAP_CSUM_UDPv6 | IFCAP_CSUM_TCPv4 |
> + IFCAP_CSUM_TCPv6;
>   IFQ_SET_MAXLEN(&ifp->if_snd, 1024);
>  
>   ifmedia_init(&sc->sc_media, IFM_IMASK, mcx_media_change,
> @@ -5662,6 +5966,7 @@ mcx_process_rx(struct mcx_softc *sc, str
>   struct mcx_slot *ms;
>   struct mbuf *m;
>   int slot;
> + uint32_t flags;
>  
>   slot = betoh16(cqe->cq_wqe_count) % (1 << MCX_LOG_RQ_SIZE);
>  
> @@ -5680,6 +5985,13 @@ mcx_process_rx(struct mcx_softc *sc, str
>   betoh32(cqe->cq_rx_hash);
>   }
>  
> + flags = bemtoh32(&cqe->cq_flags);
> + if (flags & MCX_CQ_ENTRY_FLAGS_L3_OK)
> + m->m_pkthdr.csum_flags = M_IPV4_CSUM_IN_OK;
> + if (flags & MCX_CQ_ENTRY_FLAGS_L4_OK)
> + m->m_pkthdr.csum_flags |= M_TCP_CSUM_IN_OK |
> + M_UDP_CSUM_IN_OK;
> +
>   if (c->c_tdiff) {
>   uint64_t t = bemtoh64(&cqe->cq_timestamp) - c->c_timestamp;
>   t *= c->c_udiff;
> @@ -6343,6 +6657,7 @@ mcx_start(struct ifqueue *ifq)
>   sqe->sqe_signature = htobe32(MCX_SQE_CE_CQE_ALWAYS);
>  
>   /* eth segment */
> + sqe->sqe_mss_csum = htobe32(MCX_SQE_L3_CSUM | MCX_SQE_L4_CSUM);
>   sqe->sqe_inline_header_size = htobe16(MCX_SQ_INLINE_SIZE);
>   m_copydata(m, 0, MCX_SQ_INLINE_SIZE,
>   (caddr_t)sqe->sqe_inline_headers);
> 



Re: ospf6d: remove F_IFACE_AVAIL

2020-05-17 Thread Remi Locherer
On Sat, May 16, 2020 at 08:17:28PM +0200, Denis Fondras wrote:
> This information is never used/checked.
> 

ok remi@

> Index: kroute.c
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/kroute.c,v
> retrieving revision 1.63
> diff -u -p -r1.63 kroute.c
> --- kroute.c  16 May 2020 15:54:12 -  1.63
> +++ kroute.c  16 May 2020 18:11:51 -
> @@ -761,7 +761,6 @@ kif_update(u_short ifindex, int flags, s
>   return (NULL);
>   if ((iface = if_new(ifindex, ifname)) == NULL)
>   return (NULL);
> - iface->cflags |= F_IFACE_AVAIL;
>   }
>  
>   if_update(iface, ifd->ifi_mtu, flags, ifd->ifi_type,
> @@ -1019,7 +1018,6 @@ if_announce(void *msg)
>   case IFAN_ARRIVAL:
>   if ((iface = if_new(ifan->ifan_index, ifan->ifan_name)) == NULL)
>   fatal("if_announce failed");
> - iface->cflags |= F_IFACE_AVAIL;
>   break;
>   case IFAN_DEPARTURE:
>   iface = if_find(ifan->ifan_index);
> Index: ospf6d.h
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/ospf6d.h,v
> retrieving revision 1.48
> diff -u -p -r1.48 ospf6d.h
> --- ospf6d.h  16 May 2020 15:54:12 -  1.48
> +++ ospf6d.h  16 May 2020 18:11:51 -
> @@ -330,7 +330,6 @@ struct iface {
>   u_int8_t cflags;
>  #define F_IFACE_PASSIVE  0x01
>  #define F_IFACE_CONFIGURED   0x02
> -#define F_IFACE_AVAIL0x04
>  };
>  
>  struct ifaddrchange {
> 



Re: ospf6d: remove IMSG_IFDELETE

2020-05-16 Thread Remi Locherer
On Thu, May 14, 2020 at 08:10:55PM +0200, Denis Fondras wrote:
> Following https://marc.info/?l=openbsd-tech&m=158946552515632&w=2, when
> IMSG_IFADD is removed, IMSG_IFDELETE becomes useless...

OK remi@

> 
> Index: kroute.c
> ===
> RCS file: /home/denis/dev/cvs/src/usr.sbin/ospf6d/kroute.c,v
> retrieving revision 1.62
> diff -u -p -r1.62 kroute.c
> --- kroute.c  16 Dec 2019 08:28:33 -  1.62
> +++ kroute.c  14 May 2020 18:06:16 -
> @@ -1023,12 +1023,6 @@ if_announce(void *msg)
>   break;
>   case IFAN_DEPARTURE:
>   iface = if_find(ifan->ifan_index);
> - if (iface->cflags & F_IFACE_CONFIGURED) {
> - main_imsg_compose_rde(IMSG_IFDELETE, 0,
> - &iface->ifindex, sizeof(iface->ifindex));
> - main_imsg_compose_ospfe(IMSG_IFDELETE, 0,
> - &iface->ifindex, sizeof(iface->ifindex));
> - }
>   if_del(iface);
>   break;
>   }
> Index: ospf6d.h
> ===
> RCS file: /home/denis/dev/cvs/src/usr.sbin/ospf6d/ospf6d.h,v
> retrieving revision 1.47
> diff -u -p -r1.47 ospf6d.h
> --- ospf6d.h  14 May 2020 18:05:50 -  1.47
> +++ ospf6d.h  14 May 2020 18:06:30 -
> @@ -103,7 +103,6 @@ enum imsg_type {
>   IMSG_KROUTE_CHANGE,
>   IMSG_KROUTE_DELETE,
>   IMSG_IFINFO,
> - IMSG_IFDELETE,
>   IMSG_IFADDRNEW,
>   IMSG_IFADDRDEL,
>   IMSG_NEIGHBOR_UP,
> Index: ospfe.c
> ===
> RCS file: /home/denis/dev/cvs/src/usr.sbin/ospf6d/ospfe.c,v
> retrieving revision 1.62
> diff -u -p -r1.62 ospfe.c
> --- ospfe.c   14 May 2020 18:05:50 -  1.62
> +++ ospfe.c   14 May 2020 18:07:26 -
> @@ -257,7 +257,6 @@ ospfe_dispatch_main(int fd, short event,
>   struct imsgev   *iev = bula;
>   struct imsgbuf  *ibuf = &iev->ibuf;
>   int  n, stub_changed, shut = 0, isvalid, wasvalid;
> - unsigned int ifindex;
>  
>   if (event & EV_READ) {
>   if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN)
> @@ -326,19 +325,6 @@ ospfe_dispatch_main(int fd, short event,
>   if_fsm(iface, IF_EVT_DOWN);
>   log_warnx("interface %s down", iface->name);
>   }
> - break;
> - case IMSG_IFDELETE:
> - if (imsg.hdr.len != IMSG_HEADER_SIZE +
> - sizeof(ifindex))
> - fatalx("IFDELETE imsg with wrong len");
> -
> - memcpy(&ifindex, imsg.data, sizeof(ifindex));
> - iface = if_find(ifindex);
> - if (iface == NULL)
> - fatalx("interface lost in ospfe");
> -
> - LIST_REMOVE(iface, entry);
> - if_del(iface);
>   break;
>   case IMSG_IFADDRNEW:
>   if (imsg.hdr.len != IMSG_HEADER_SIZE +
> Index: rde.c
> ===
> RCS file: /home/denis/dev/cvs/src/usr.sbin/ospf6d/rde.c,v
> retrieving revision 1.87
> diff -u -p -r1.87 rde.c
> --- rde.c 14 May 2020 18:05:50 -  1.87
> +++ rde.c 14 May 2020 18:07:18 -
> @@ -651,7 +651,6 @@ rde_dispatch_parent(int fd, short event,
>   struct imsgbuf  *ibuf = &iev->ibuf;
>   ssize_t  n;
>   int  shut = 0, link_ok, prev_link_ok, orig_lsa;
> - unsigned int ifindex;
>  
>   if (event & EV_READ) {
>   if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN)
> @@ -733,19 +732,6 @@ rde_dispatch_parent(int fd, short event,
>  
>   orig_intra_area_prefix_lsas(iface->area);
>  
> - break;
> - case IMSG_IFDELETE:
> - if (imsg.hdr.len != IMSG_HEADER_SIZE +
> - sizeof(ifindex))
> - fatalx("IFDELETE imsg with wrong len");
> -
> - memcpy(&ifindex, imsg.data, sizeof(ifindex));
> - iface = if_find(ifindex);
> - if (iface == NULL)
> - fatalx("interface lost in rde");
> -
> - LIST_REMOVE(iface, entry);
> - if_del(iface);
>   break;
>   case IMSG_IFADDRNEW:
>   if (imsg.hdr.len != IMSG_HEADER_SIZE +
> 



Re: ospf6d: remove IMSG_IFADD

2020-05-16 Thread Remi Locherer
On Thu, May 14, 2020 at 04:10:42PM +0200, Denis Fondras wrote:
> IMSG_IFADD is never used, wipe it.

In ospfd we have IMSG_RECONF_IFACE for this. Once we start adding
reload functionality we can bring that over to ospf6d.

OK remi@

> 
> Index: ospf6d.h
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/ospf6d.h,v
> retrieving revision 1.46
> diff -u -p -r1.46 ospf6d.h
> --- ospf6d.h  5 Apr 2020 18:19:04 -   1.46
> +++ ospf6d.h  14 May 2020 13:52:08 -
> @@ -103,7 +103,6 @@ enum imsg_type {
>   IMSG_KROUTE_CHANGE,
>   IMSG_KROUTE_DELETE,
>   IMSG_IFINFO,
> - IMSG_IFADD,
>   IMSG_IFDELETE,
>   IMSG_IFADDRNEW,
>   IMSG_IFADDRDEL,
> Index: ospfe.c
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/ospfe.c,v
> retrieving revision 1.61
> diff -u -p -r1.61 ospfe.c
> --- ospfe.c   2 Jan 2020 10:16:46 -   1.61
> +++ ospfe.c   14 May 2020 13:52:08 -
> @@ -327,18 +327,6 @@ ospfe_dispatch_main(int fd, short event,
>   log_warnx("interface %s down", iface->name);
>   }
>   break;
> - case IMSG_IFADD:
> - if ((iface = malloc(sizeof(struct iface))) == NULL)
> - fatal(NULL);
> - memcpy(iface, imsg.data, sizeof(struct iface));
> -
> - LIST_INIT(&iface->nbr_list);
> - TAILQ_INIT(&iface->ls_ack_list);
> - RB_INIT(&iface->lsa_tree);
> -
> - LIST_INSERT_HEAD(&iface->area->iface_list, iface,
> - entry);
> - break;
>   case IMSG_IFDELETE:
>   if (imsg.hdr.len != IMSG_HEADER_SIZE +
>   sizeof(ifindex))
> Index: rde.c
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/rde.c,v
> retrieving revision 1.86
> diff -u -p -r1.86 rde.c
> --- rde.c 5 Apr 2020 18:19:04 -   1.86
> +++ rde.c 14 May 2020 13:52:09 -
> @@ -734,17 +734,6 @@ rde_dispatch_parent(int fd, short event,
>   orig_intra_area_prefix_lsas(iface->area);
>  
>   break;
> - case IMSG_IFADD:
> - if ((iface = malloc(sizeof(struct iface))) == NULL)
> - fatal(NULL);
> - memcpy(iface, imsg.data, sizeof(struct iface));
> -
> - LIST_INIT(&iface->nbr_list);
> - TAILQ_INIT(&iface->ls_ack_list);
> - RB_INIT(&iface->lsa_tree);
> -
> - LIST_INSERT_HEAD(&iface->area->iface_list, iface, 
> entry);
> - break;
>   case IMSG_IFDELETE:
>   if (imsg.hdr.len != IMSG_HEADER_SIZE +
>   sizeof(ifindex))
> 



Re: tcpdump: print nhrp packets

2020-04-14 Thread Remi Locherer
On Tue, Apr 14, 2020 at 01:49:32PM +1000, David Gwynne wrote:
> 
> 
> > On 13 Apr 2020, at 19:03, Remi Locherer  wrote:
> > 
> > Hi,
> > 
> > I recently looked into NHRP (RFC 2332) and noticed that our tcpdump does
> > not have a printer for it. So I added support for NHRP to tcpdump.
> > 
> > Initially I was surprised: I expected a simpler protocol! But it is from
> > the 90's with all the protocols from then in mind (frame relay, ATM, ...).
> > 
> > I tested with public available pcap files and compared the output with
> > wirshark.
> > https://packetlife.net/captures/protocol/nhrp/
> > https://www.networkingwithfish.com/fun-in-the-lab-sniffer-tracing-a-dmvpn-tunnel-startup/
> > 
> > The output looks like this:
> > 
> > 08:34:45.647483 172.16.25.2 > 172.16.15.2: gre NHRP: reg request, id 7 [tos 
> > 0xc0]
> > 08:34:45.671422 172.16.15.2 > 172.16.25.2: gre NHRP: reg reply, id 7 [tos 
> > 0xc0]
> > 
> > 08:47:16.138679 172.16.15.2 > 172.16.25.2: gre NHRP: res request, id 6 [tos 
> > 0xc0]
> > 08:47:16.148863 172.16.25.2 > 172.16.15.2: gre NHRP: res reply, id 6 [tos 
> > 0xc0]
> > 
> > With -v set:
> > 
> > 08:34:45.647483 172.16.25.2 > 172.16.15.2: gre [] 2001 NHRP: reg request, 
> > id 7, hopcnt 255, src nbma 172.16.25.2, 192.168.0.2 -> 192.168.0.1 (code 0, 
> > pl 255, mtu 1514, htime 7200, pref 0) [tos 0xc0] (ttl 254, id 22, len 116)
> > 08:34:45.671422 172.16.15.2 > 172.16.25.2: gre [] 2001 NHRP: reg reply, id 
> > 7, hopcnt 255, src nbma 172.16.25.2, 192.168.0.2 -> 192.168.0.1 (code 0, pl 
> > 255, mtu 1514, htime 7200, pref 0) [tos 0xc0] (ttl 255, id 7, len 136)
> > 
> > 08:47:16.138679 172.16.15.2 > 172.16.25.2: gre [] 2001 NHRP: res request, 
> > id 6, hopcnt 254, src nbma 172.16.45.2, 192.168.0.4 -> 192.168.0.2 (code 0, 
> > pl 0, mtu 1514, htime 7200, pref 0) [tos 0xc0] (ttl 254, id 20, len 116)
> > 08:47:16.148863 172.16.25.2 > 172.16.15.2: gre [] 2001 NHRP: res reply, id 
> > 6, hopcnt 255, src nbma 172.16.45.2, 192.168.0.4 -> 192.168.0.2 (code 0, pl 
> > 32, mtu 1514, htime 7199, pref 0, nbma 172.16.25.2, proto 192.168.0.2) [tos 
> > 0xc0] (ttl 255, id 31, len 144)
> > 
> > Extensions are not parsed and printed.
> > 
> > It would be nice to get pcaps with expamles that use address or protocol
> > combinations other than GRE and IPv4.
> > 
> > Comments, OKs?
> 
> Can you print the addresses when -v is not set too?
> 
> Otherwise I'm keen.
> 

Like this?

tcpdump -n:
08:47:16.068855 172.16.25.2 > 172.16.15.2: gre NHRP: res request, id 8, src 
nbma 172.16.25.2, 192.168.0.2 -> 192.168.0.4 (code 0) [tos 0xc0]
08:47:16.150679 172.16.15.2 > 172.16.25.2: gre NHRP: res reply, id 8, src nbma 
172.16.25.2, 192.168.0.2 -> 192.168.0.4 (code 0, nbma 172.16.45.2, proto 
192.168.0.4) [tos 0xc0]

tcpdump -nv:
08:47:16.068855 172.16.25.2 > 172.16.15.2: gre [] 2001 NHRP: res request, id 8, 
hopcnt 255, src nbma 172.16.25.2, 192.168.0.2 -> 192.168.0.4 (code 0, pl 0, mtu 
1514, htime 7200, pref 0) [tos 0xc0] (ttl 255, id 29, len 96)
08:47:16.150679 172.16.15.2 > 172.16.25.2: gre [] 2001 NHRP: res reply, id 8, 
hopcnt 254, src nbma 172.16.25.2, 192.168.0.2 -> 192.168.0.4 (code 0, pl 32, 
mtu 1514, htime 7199, pref 0, nbma 172.16.45.2, proto 192.168.0.4) [tos 0xc0] 
(ttl 254, id 21, len 164)



Index: Makefile
===
RCS file: /cvs/src/usr.sbin/tcpdump/Makefile,v
retrieving revision 1.64
diff -u -p -r1.64 Makefile
--- Makefile3 Dec 2019 01:43:33 -   1.64
+++ Makefile28 Mar 2020 17:07:22 -
@@ -48,7 +48,7 @@ SRCS= tcpdump.c addrtoname.c privsep.c p
print-bgp.c print-ospf6.c print-ripng.c print-rt6.c print-stp.c \
print-etherip.c print-lwres.c print-lldp.c print-cdp.c print-pflog.c \
print-pfsync.c pf_print_state.c print-ofp.c ofp_map.c \
-   print-udpencap.c print-carp.c \
+   print-udpencap.c print-carp.c print-nhrp.c \
print-802_11.c print-iapp.c print-mpls.c print-slow.c print-usbpcap.c \
gmt2local.c savestr.c setsignal.c in_cksum.c
 
Index: interface.h
===
RCS file: /cvs/src/usr.sbin/tcpdump/interface.h,v
retrieving revision 1.83
diff -u -p -r1.83 interface.h
--- interface.h 3 Dec 2019 01:43:33 -   1.83
+++ interface.h 28 Mar 2020 17:07:22 -
@@ -217,6 +217,7 @@ extern void ppp_ether_if_print(u_char *,
 extern void gre_print(const u_char *, u_int);
 extern void vxlan_print(const u_char *, u_int);
 extern void nsh_print(const u_char *, u_int);
+extern void nhrp_print(const u_char *, u_int);
 extern void icmp_print(const u_ch

tcpdump: print nhrp packets

2020-04-13 Thread Remi Locherer
--- /dev/null   1 Jan 1970 00:00:00 -
+++ print-nhrp.c13 Apr 2020 08:38:01 -
@@ -0,0 +1,286 @@
+/*     $OpenBSD:$ */
+
+/*
+ * Copyright (c) 2020 Remi Locherer 
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * RFC 2332 NBMA Next Hop Resolution Protocol (NHRP)
+ */
+
+#include 
+#include 
+#include 
+
+#include 
+#include 
+#include 
+
+#include 
+
+#include 
+#include 
+#include 
+
+#include "addrtoname.h"
+#include "afnum.h"
+#include "interface.h"
+#include "extract.h"
+
+#define NHRP_VER_RFC2332   1
+
+#define NHRP_PKG_RESOLUTION_REQUEST1
+#define NHRP_PKG_RESOLUTION_REPLY  2
+#define NHRP_PKG_REGISTRATION_REQUEST  3
+#define NHRP_PKG_REGISTRATION_REPLY4
+#define NHRP_PKG_PURGE_REQUEST 5
+#define NHRP_PKG_PURGE_REPLY   6
+#define NHRP_PKG_ERROR_INDICATION  7
+
+
+struct nhrp_header {
+   /* fixed header part */
+   u_int16_t   afn;/* link layer address */
+   u_int16_t   pro_type;   /* protocol type (short form) */
+   u_int8_tpro_snap[5];/* protocol type (long form) */
+   u_int8_thopcnt; /* hop count */
+   u_int16_t   pktsz;  /* length of the NHRP packet (octets) */
+   u_int16_t   chksum; /* IP checksum over the entier packet */
+   u_int16_t   extoff; /* extension offset */
+   u_int8_top_version; /* version of address mapping and
+  management protocol */
+   u_int8_top_type;/* NHRP packet type */
+   u_int8_tshtl;   /* type and length of src NBMA addr */
+   u_int8_tsstl;   /* type and length of src NBMA
+  subaddress */
+   /* mandatory header part */
+   u_int8_tspl;/* src proto len */
+   u_int8_tdpl;/* dst proto len */
+   u_int16_t   flags;  /* flags */
+union {
+   u_int32_t   id; /* request id */
+   struct {/* error code */
+   u_int16_t   code;
+   u_int16_t   offset;
+   } err;
+   } u;
+};
+
+struct nhrp_cie {
+   /* client information entrie */
+   u_int8_tcode;
+   u_int8_tplen;
+   u_int16_t   unused;
+   u_int16_t   mtu;
+   u_int16_t   htime;
+   u_int8_tcli_addr_tl;
+   u_int8_tcli_saddr_tl;
+   u_int8_tcli_proto_tl;
+   u_int8_tpref;
+};
+
+static const u_char *  nhrp_print_cie(const u_char *, u_int16_t, u_int16_t);
+
+
+void
+nhrp_print(const u_char *p, u_int length)
+{
+   struct nhrp_header  *hdr;
+   const u_char*nhrpext, *nhrpend;
+
+   printf("NHRP: ");
+
+   if ((snapend - p) < sizeof(*hdr))
+   goto trunc;
+
+   hdr = (struct nhrp_header *)p;
+
+   if (hdr->op_version != NHRP_VER_RFC2332) {
+   printf("unknown-version-%02x", hdr->op_version);
+   return;
+
+   }
+
+   nhrpext = p + EXTRACT_16BITS(&hdr->extoff);
+   nhrpend = p + EXTRACT_16BITS(&hdr->pktsz);
+
+   switch (hdr->op_type) {
+   case NHRP_PKG_RESOLUTION_REQUEST:
+   printf("res request, ");
+   break;
+   case NHRP_PKG_RESOLUTION_REPLY:
+   printf("res reply, ");
+   break;
+   case NHRP_PKG_REGISTRATION_REQUEST:
+   printf("reg request, ");
+   break;
+   case NHRP_PKG_REGISTRATION_REPLY:
+   printf("reg reply, ");
+   break;
+   case NHRP_PKG_PURGE_REQUEST:
+   printf("purge request, ");
+   break;
+   case NHRP_PKG_PURGE_REPLY:
+   printf("purge reply, ");
+   break;
+   case NHRP_PKG_ERROR_INDICATION:
+   printf("error %u", hdr->u.err.code);
+   return;
+   default:
+   printf("unknown-op-type-%04x, ", hdr->op_type);
+  

Re: ospf6d: update to connected routes

2020-04-05 Thread Remi Locherer
On Wed, Apr 01, 2020 at 08:50:45PM +0200, Denis Fondras wrote:
> Handle connected routes as ospfd(8) does.
> 
> (diff to ospf6d and ospf6ctl)

OK remi@

> 
> Index: ospf6ctl/ospf6ctl.c
> ===
> RCS file: /cvs/src/usr.sbin/ospf6ctl/ospf6ctl.c,v
> retrieving revision 1.50
> diff -u -p -r1.50 ospf6ctl.c
> --- ospf6ctl/ospf6ctl.c   26 May 2019 09:27:09 -  1.50
> +++ ospf6ctl/ospf6ctl.c   1 Apr 2020 18:16:12 -
> @@ -1103,10 +1103,10 @@ show_rib_msg(struct imsg *imsg)
>   errx(1, "Invalid route type");
>   }
>  
> - printf("%-20s %-17s %-12s %-9s %-7d %s\n", dstnet,
> + printf("%-20s %-16s%s %-12s %-9s %-7d %s\n", dstnet,
>   log_in6addr_scope(&rt->nexthop, rt->ifindex),
> - path_type_name(rt->p_type), dst_type_name(rt->d_type),
> - rt->cost,
> + rt->connected ? "C" : " ", path_type_name(rt->p_type),
> + dst_type_name(rt->d_type), rt->cost,
>   rt->uptime == 0 ? "-" : fmt_timeframe_core(rt->uptime));
>   free(dstnet);
>   break;
> Index: ospf6d/ospf6d.h
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/ospf6d.h,v
> retrieving revision 1.45
> diff -u -p -r1.45 ospf6d.h
> --- ospf6d/ospf6d.h   21 Jan 2020 20:38:52 -  1.45
> +++ ospf6d/ospf6d.h   1 Apr 2020 18:16:12 -
> @@ -483,6 +483,7 @@ struct ctl_rt {
>   enum dst_typed_type;
>   u_int8_t flags;
>   u_int8_t prefixlen;
> + u_int8_t connected;
>  };
>  
>  struct ctl_sum {
> Index: ospf6d/rde.c
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/rde.c,v
> retrieving revision 1.85
> diff -u -p -r1.85 rde.c
> --- ospf6d/rde.c  29 Mar 2020 11:59:11 -  1.85
> +++ ospf6d/rde.c  1 Apr 2020 18:16:12 -
> @@ -886,6 +886,9 @@ rde_send_change_kroute(struct rt_node *r
>   TAILQ_FOREACH(rn, &r->nexthop, entry) {
>   if (rn->invalid)
>   continue;
> + if (rn->connected)
> + /* skip self-originated routes */
> + continue;
>   krcount++;
>  
>   bzero(&kr, sizeof(kr));
> @@ -899,8 +902,12 @@ rde_send_change_kroute(struct rt_node *r
>   kr.ext_tag = r->ext_tag;
>   imsg_add(wbuf, &kr, sizeof(kr));
>   }
> - if (krcount == 0)
> - fatalx("rde_send_change_kroute: no valid nexthop found");
> + if (krcount == 0) {
> + /* no valid nexthop or self originated, so remove */
> + ibuf_free(wbuf);
> + rde_send_delete_kroute(r);
> + return;
> + }
>  
>   imsg_close(&iev_main->ibuf, wbuf);
>   imsg_event_add(iev_main);
> Index: ospf6d/rde_spf.c
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/rde_spf.c,v
> retrieving revision 1.27
> diff -u -p -r1.27 rde_spf.c
> --- ospf6d/rde_spf.c  29 Mar 2020 11:59:11 -  1.27
> +++ ospf6d/rde_spf.c  1 Apr 2020 18:16:12 -
> @@ -897,7 +897,9 @@ rt_nexthop_add(struct rt_node *r, struct
>   rn->ifindex = vn->ifindex;
>   rn->adv_rtr.s_addr = adv_rtr.s_addr;
>   rn->uptime = now.tv_sec;
> - rn->connected = vn->prev == spf_root;
> + rn->connected = (type == LSA_TYPE_NETWORK &&
> + vn->prev == spf_root) ||
> + (IN6_IS_ADDR_UNSPECIFIED(&vn->nexthop));
>   rn->invalid = 0;
>  
>   r->invalid = 0;
> @@ -952,21 +954,24 @@ rt_dump(struct in_addr area, pid_t pid, 
>   fatalx("rt_dump: invalid RIB type");
>   }
>  
> + memset(&rtctl, 0, sizeof(rtctl));
> + rtctl.prefix = r->prefix;
> + rtctl.area.s_addr = r->area.s_addr;
> + rtctl.cost = r->cost;
> + rtctl.cost2 = r->cost2;
> + rtctl.p_type = r->p_type;
> + rtctl.d_type = r->d_type;
> + rtctl.flags = r->flags;
> + rtctl.prefixlen = r->prefixlen;
> +
>   TAILQ_FOREACH(rn, &r->nexthop, entry) {
>   if (rn->invalid)
>   continue;
>  
> - rtctl.prefix = r->prefix;
> + rtctl.connected = rn->connected;
>   rtctl.nexthop = rn->nexthop;
>   rtctl.ifindex = rn->ifindex;
> - rtctl.area.s_addr = r->area.s_addr;
>   rtctl.adv_rtr.s_addr = rn->adv_rtr.s_addr;
> - rtctl.cost = r->cost;
> - rtctl.cost2 = r->cost2;
> - rtctl.p_type = r->p_type;
> - rtctl.d_type = r->d_type;
>

Re: ospf6d: bring ospf6d closer to ospfd

2020-03-28 Thread Remi Locherer
On Sat, Mar 21, 2020 at 05:25:45PM +0100, Denis Fondras wrote:
> Biggest chunk is rework of rde_asext_get()/rde_asext_put().
> Also change get_net_link() and get_rtr_link() to work like ospfd couterpart.

Reads good to me and I didn't spot any issues running tests with it.

One question: why "if 0" the "Dump SPF tree to log"?

> 
> Index: rde.c
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/rde.c,v
> retrieving revision 1.84
> diff -u -p -r1.84 rde.c
> --- rde.c 17 Feb 2020 08:12:22 -  1.84
> +++ rde.c 21 Mar 2020 16:04:47 -
> @@ -59,8 +59,9 @@ int  rde_req_list_exists(struct rde_nbr
>  void  rde_req_list_del(struct rde_nbr *, struct lsa_hdr *);
>  void  rde_req_list_free(struct rde_nbr *);
>  
> -struct lsa   *rde_asext_get(struct kroute *);
> -struct lsa   *rde_asext_put(struct kroute *);
> +struct iface *rde_asext_lookup(struct in6_addr, int);
> +void  rde_asext_get(struct kroute *);
> +void  rde_asext_put(struct kroute *);
>  
>  int   comp_asext(struct lsa *, struct lsa *);
>  struct lsa   *orig_asext_lsa(struct kroute *, u_int16_t);
> @@ -217,6 +218,7 @@ __dead void
>  rde_shutdown(void)
>  {
>   struct area *a;
> + struct vertex   *v, *nv;
>  
>   /* close pipes */
>   msgbuf_clear(&iev_ospfe->ibuf.w);
> @@ -232,6 +234,10 @@ rde_shutdown(void)
>   LIST_REMOVE(a, entry);
>   area_del(a);
>   }
> + for (v = RB_MIN(lsa_tree, &asext_tree); v != NULL; v = nv) {
> + nv = RB_NEXT(lsa_tree, &asext_tree, v);
> + vertex_free(v);
> + }
>   rde_nbr_free();
>  
>   free(iev_ospfe);
> @@ -643,8 +649,6 @@ rde_dispatch_parent(int fd, short event,
>   struct kroutekr;
>   struct imsgev   *iev = bula;
>   struct imsgbuf  *ibuf = &iev->ibuf;
> - struct lsa  *lsa;
> - struct vertex   *v;
>   ssize_t  n;
>   int  shut = 0, link_ok, prev_link_ok, orig_lsa;
>   unsigned int ifindex;
> @@ -676,13 +680,7 @@ rde_dispatch_parent(int fd, short event,
>   break;
>   }
>   memcpy(&kr, imsg.data, sizeof(kr));
> -
> - if ((lsa = rde_asext_get(&kr)) != NULL) {
> - v = lsa_find(NULL, lsa->hdr.type,
> - lsa->hdr.ls_id, lsa->hdr.adv_rtr);
> -
> - lsa_merge(nbrself, lsa, v);
> - }
> + rde_asext_get(&kr);
>   break;
>   case IMSG_NETWORK_DEL:
>   if (imsg.hdr.len != IMSG_HEADER_SIZE + sizeof(kr)) {
> @@ -691,20 +689,7 @@ rde_dispatch_parent(int fd, short event,
>   break;
>   }
>   memcpy(&kr, imsg.data, sizeof(kr));
> -
> - if ((lsa = rde_asext_put(&kr)) != NULL) {
> - v = lsa_find(NULL, lsa->hdr.type,
> - lsa->hdr.ls_id, lsa->hdr.adv_rtr);
> -
> - /*
> -  * if v == NULL no LSA is in the table and
> -  * nothing has to be done.
> -  */
> - if (v)
> - lsa_merge(nbrself, lsa, v);
> - else
> - free(lsa);
> - }
> + rde_asext_put(&kr);
>   break;
>   case IMSG_IFINFO:
>   if (imsg.hdr.len != IMSG_HEADER_SIZE +
> @@ -1202,48 +1187,77 @@ rde_req_list_free(struct rde_nbr *nbr)
>  /*
>   * as-external LSA handling
>   */
> -struct lsa *
> -rde_asext_get(struct kroute *kr)
> +struct iface *
> +rde_asext_lookup(struct in6_addr prefix, int plen)
>  {
> +
>   struct area *area;
>   struct iface*iface;
>   struct iface_addr   *ia;
> - struct in6_addr  addr;
> -
> - LIST_FOREACH(area, &rdeconf->area_list, entry)
> - LIST_FOREACH(iface, &area->iface_list, entry)
> + struct in6_addr  ina, inb;
> + 
> + LIST_FOREACH(area, &rdeconf->area_list, entry) {
> + LIST_FOREACH(iface, &area->iface_list, entry) {
>   TAILQ_FOREACH(ia, &iface->ifa_list, entry) {
>   if (IN6_IS_ADDR_LINKLOCAL(&ia->addr))
>   continue;
>  
> - inet6applymask(&addr, &ia->addr,
> - kr->prefixlen);
> - if (!memcmp(&addr, &kr->prefix,
> - sizeof(addr)) && kr->prefixlen ==
> - ia->prefixl

syslog regress and libressl

2020-03-04 Thread Remi Locherer
I noticed that some regress test fail since February 7:

- run-args-server-tls-reconnect.pl
- run-args-server-tls-tcp.pl
- run-args-tls-cipher-null.pl

(http://bluhm.genua.de/regress/results/regress-ot6.html)

It is related to changes in LibreSSL. Is this intended? Should the regress
tests be adapted?

Below diff makes two of the tests succeed.

Remi


Index: args-server-tls-tcp.pl
===
RCS file: /cvs/src/regress/usr.sbin/syslogd/args-server-tls-tcp.pl,v
retrieving revision 1.10
diff -u -p -r1.10 args-server-tls-tcp.pl
--- args-server-tls-tcp.pl  22 May 2018 15:01:16 -  1.10
+++ args-server-tls-tcp.pl  2 Mar 2020 21:30:01 -
@@ -41,7 +41,7 @@ our %args = (
loggrep => {
qr/syslogd\[\d+\]: loghost .* connection error: /.
qr/handshake failed: error:.*:SSL routines:/.
-   qr/CONNECT_CR_SRVR_HELLO:wrong version number/ => 1,
+   qr/\(UNKNOWN\)SSL_internal:unknown failure occurred/ => 1,
},
 },
 );
Index: args-tls-cipher-null.pl
===
RCS file: /cvs/src/regress/usr.sbin/syslogd/args-tls-cipher-null.pl,v
retrieving revision 1.8
diff -u -p -r1.8 args-tls-cipher-null.pl
--- args-tls-cipher-null.pl 5 Apr 2017 22:32:14 -   1.8
+++ args-tls-cipher-null.pl 2 Mar 2020 22:22:32 -
@@ -16,7 +16,7 @@ our %args = (
qr/Logging to FORWTLS \@tls:\/\/localhost:\d+/ => '>=4',
qr/syslogd\[\d+\]: loghost .* connection error: /.
qr/handshake failed: error:.*:SSL routines:/.
-   qr/CONNECT_CR_SRVR_HELLO:sslv3 alert handshake failure/ => 1,
+   qr/ST_CONNECT:sslv3 alert handshake failure/ => 1,
get_testgrep() => 1,
},
cacrt => "ca.crt",



Re: openssl.1: Tag command names

2020-02-17 Thread Remi Locherer
On Mon, Feb 17, 2020 at 05:19:27PM +0100, Klemens Nanni wrote:
> 
> I'd like to commit this soon, it allows me to jump to the command I'm
> looking for, e.g. ":tx509" shows me the synopsis right away.
> 
> FWIW, some Linux distributions ship with separate manuals, e.g. x509(1SSL).
> 
> Patch was done with a VIM macro by adding a new line after each `.Sh'
> line with the respective name but lowercased, so no typos in the added
> strings.
> 
> Specifying it is required since the markup following the `.Tg' markup
> always starts with "openssl";  the tag must not include it (`.Tg'
> accepts at most one word anyway).
> 

I like the idea!

To me it would be more logical to put .Tg above .Sh, but that is a minor
thing.

> 
> Index: openssl.1
> ===
> RCS file: /cvs/src/usr.bin/openssl/openssl.1,v
> retrieving revision 1.119
> diff -u -p -U1 -r1.119 openssl.1
> --- openssl.1 16 Feb 2020 16:39:01 -  1.119
> +++ openssl.1 17 Feb 2020 16:11:22 -
> @@ -203,2 +203,3 @@ itself.
>  .Sh ASN1PARSE
> +.Tg asn1parse
>  .Bl -hang -width "openssl asn1parse"
> @@ -299,2 +300,3 @@ into a nested structure.
>  .Sh CA
> +.Tg ca
>  .Bl -hang -width "openssl ca"
> @@ -848,2 +850,3 @@ The same as
>  .Sh CIPHERS
> +.Tg ciphers
>  .Nm openssl ciphers
> @@ -880,2 +883,3 @@ but without cipher suite codes.
>  .Sh CMS
> +.Tg cms
>  .Bl -hang -width "openssl cms"
> @@ -1396,2 +1400,3 @@ is specified.
>  .Sh CRL
> +.Tg crl
>  .Bl -hang -width "openssl crl"
> @@ -1472,2 +1477,3 @@ Verify the signature on the CRL.
>  .Sh CRL2PKCS7
> +.Tg crl2pkcs7
>  .Bl -hang -width "openssl crl2pkcs7"
> @@ -1517,2 +1523,3 @@ The output format.
>  .Sh DGST
> +.Tg dgst
>  .Bl -hang -width "openssl dgst"
> @@ -1631,2 +1638,3 @@ If no files are specified then standard 
>  .Sh DHPARAM
> +.Tg dhparam
>  .Bl -hang -width "openssl dhparam"
> @@ -1707,2 +1715,3 @@ parameters are generated instead.
>  .Sh DSA
> +.Tg dsa
>  .Bl -hang -width "openssl dsa"
> @@ -1795,2 +1804,3 @@ Print the public/private key in plain te
>  .Sh DSAPARAM
> +.Tg dsaparam
>  .Bl -hang -width "openssl dsaparam"
> @@ -1847,2 +1857,3 @@ If this option is included, the input fi
>  .Sh EC
> +.Tg ec
>  .Bl -hang -width "openssl ec"
> @@ -1959,2 +1970,3 @@ Print the public/private key in plain te
>  .Sh ECPARAM
> +.Tg ecparam
>  .Bl -hang -width "openssl ecparam"
> @@ -2054,2 +2066,3 @@ Print the EC parameters in plain text.
>  .Sh ENC
> +.Tg enc
>  .Bl -hang -width "openssl enc"
> @@ -2217,2 +2230,3 @@ Print extra details about the processing
>  .Sh ERRSTR
> +.Tg errstr
>  .Nm openssl errstr
> @@ -2247,2 +2261,3 @@ Print debugging statistics about various
>  .Sh GENDSA
> +.Tg gendsa
>  .Bl -hang -width "openssl gendsa"
> @@ -2293,2 +2308,3 @@ The parameters in this file determine th
>  .Sh GENPKEY
> +.Tg genpkey
>  .Bl -hang -width "openssl genpkey"
> @@ -2397,2 +2413,3 @@ Print the private/public key in plain te
>  .Sh GENRSA
> +.Tg genrsa
>  .Bl -hang -width "openssl genrsa"
> @@ -2454,2 +2471,3 @@ The default is 2048.
>  .Sh NSEQ
> +.Tg nseq
>  .Nm openssl nseq
> @@ -2484,2 +2502,3 @@ a Netscape certificate sequence is creat
>  .Sh OCSP
> +.Tg ocsp
>  .Bl -hang -width "openssl ocsp"
> @@ -2836,2 +2855,3 @@ option.
>  .Sh PASSWD
> +.Tg passwd
>  .Bl -hang -width "openssl passwd"
> @@ -2899,2 +2919,3 @@ to each password hash.
>  .Sh PKCS7
> +.Tg pkcs7
>  .Bl -hang -width "openssl pkcs7"
> @@ -2944,2 +2965,3 @@ Print certificate details in full rather
>  .Sh PKCS8
> +.Tg pkcs8
>  .Bl -hang -width "openssl pkcs8"
> @@ -3027,2 +3049,3 @@ It is recommended that des3 is used.
>  .Sh PKCS12
> +.Tg pkcs12
>  .Bl -hang -width "openssl pkcs12"
> @@ -3244,2 +3267,3 @@ is equivalent to
>  .Sh PKEY
> +.Tg pkey
>  .Bl -hang -width "openssl pkey"
> @@ -3307,2 +3331,3 @@ even if a private key is being processed
>  .Sh PKEYPARAM
> +.Tg pkeyparam
>  .Cm openssl pkeyparam
> @@ -3332,2 +3357,3 @@ Print the parameters in plain text.
>  .Sh PKEYUTL
> +.Tg pkeyutl
>  .Bl -hang -width "openssl pkeyutl"
> @@ -3484,2 +3510,3 @@ Verify the input data and output the rec
>  .Sh PRIME
> +.Tg prime
>  .Cm openssl prime
> @@ -3528,2 +3555,3 @@ is prime.
>  .Sh RAND
> +.Tg rand
>  .Bl -hang -width "openssl rand"
> @@ -3555,2 +3583,3 @@ or standard output if not specified.
>  .Sh REQ
> +.Tg req
>  .Bl -hang -width "openssl req"
> @@ -4004,2 +4033,3 @@ Any additional fields will be treated as
>  .Sh RSA
> +.Tg rsa
>  .Bl -hang -width "openssl rsa"
> @@ -4101,2 +4131,3 @@ Print the public/private key components 
>  .Sh RSAUTL
> +.Tg rsautl
>  .Bl -hang -width "openssl rsautl"
> @@ -4175,2 +4206,3 @@ Verify the input data and output the rec
>  .Sh S_CLIENT
> +.Tg s_client
>  .Bl -hang -width "openssl s_client"
> @@ -4473,2 +4505,3 @@ will be used.
>  .Sh S_SERVER
> +.Tg s_server
>  .Bl -hang -width "openssl s_server"
> @@ -4778,2 +4811,3 @@ a certificate is requested but the clien
>  .Sh S_TIME
> +.Tg s_time
>  .Bl -hang -width "openssl s_time"
> @@ -4888,2 +

Re: ospf6d: rework rde_lsdb.c

2020-02-16 Thread Remi Locherer
On Sat, Feb 15, 2020 at 11:37:12AM +0100, Denis Fondras wrote:
> 3 changes in rde_lsdb.c
> - lsa_find_lsid() has redondant parameters
> - call to lsa_self() can be simplified (== ospfd)
> - update debug messages to be more suitable
> 

ok remi@

> Index: rde.c
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/rde.c,v
> retrieving revision 1.83
> diff -u -p -r1.83 rde.c
> --- rde.c 21 Jan 2020 15:17:12 -  1.83
> +++ rde.c 27 Jan 2020 17:11:52 -
> @@ -455,17 +455,10 @@ rde_dispatch_imsg(int fd, short event, v
>  
>   rde_req_list_del(nbr, &lsa->hdr);
>  
> - self = lsa_self(lsa);
> - if (self) {
> - if (v == NULL)
> - /* LSA is no longer announced,
> -  * remove by premature aging. */
> - lsa_flush(nbr, lsa);
> - else
> - lsa_reflood(v, lsa);
> - } else if (lsa_add(nbr, lsa))
> - /* delayed lsa, don't flood yet */
> - break;
> + if (!(self = lsa_self(nbr, lsa, v)))
> + if (lsa_add(nbr, lsa))
> + /* delayed lsa */
> + break;
>  
>   /* flood and perhaps ack LSA */
>   imsg_compose_event(iev_ospfe, IMSG_LS_FLOOD,
> @@ -1683,8 +1676,7 @@ orig_asext_lsa(struct kroute *kr, u_int1
>   memcpy((char *)lsa + sizeof(struct lsa_hdr) + sizeof(struct lsa_asext),
>   &kr->prefix, LSA_PREFIXSIZE(kr->prefixlen));
>  
> - lsa->hdr.ls_id = lsa_find_lsid(&asext_tree, lsa->hdr.type,
> - lsa->hdr.adv_rtr, comp_asext, lsa);
> + lsa->hdr.ls_id = lsa_find_lsid(&asext_tree, comp_asext, lsa);
>  
>   if (age == MAX_AGE) {
>   /* inherit metric and ext_tag from the current LSA,
> Index: rde.h
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/rde.h,v
> retrieving revision 1.24
> diff -u -p -r1.24 rde.h
> --- rde.h 21 Jan 2020 15:17:12 -  1.24
> +++ rde.h 27 Jan 2020 17:11:52 -
> @@ -145,9 +145,7 @@ void   vertex_nexthop_add(struct vertex 
>   const struct in6_addr *, u_int32_t);
>  int   lsa_newer(struct lsa_hdr *, struct lsa_hdr *);
>  int   lsa_check(struct rde_nbr *, struct lsa *, u_int16_t);
> -int   lsa_self(struct lsa *);
> -void  lsa_flush(struct rde_nbr *, struct lsa *);
> -void  lsa_reflood(struct vertex *, struct lsa*);
> +int   lsa_self(struct rde_nbr *, struct lsa *, struct vertex *);
>  int   lsa_add(struct rde_nbr *, struct lsa *);
>  void  lsa_del(struct rde_nbr *, struct lsa_hdr *);
>  void  lsa_age(struct vertex *);
> @@ -156,7 +154,7 @@ struct vertex *lsa_find_rtr(struct area 
>  struct vertex*lsa_find_rtr_frag(struct area *, u_int32_t, unsigned 
> int);
>  struct vertex*lsa_find_tree(struct lsa_tree *, u_int16_t, u_int32_t,
>   u_int32_t);
> -u_int32_t lsa_find_lsid(struct lsa_tree *, u_int16_t, u_int32_t,
> +u_int32_t lsa_find_lsid(struct lsa_tree *,
>   int (*)(struct lsa *, struct lsa *), struct lsa *);
>  u_int16_t lsa_num_links(struct vertex *);
>  void  lsa_snap(struct rde_nbr *);
> Index: rde_lsdb.c
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/rde_lsdb.c,v
> retrieving revision 1.42
> diff -u -p -r1.42 rde_lsdb.c
> --- rde_lsdb.c21 Jan 2020 15:17:13 -  1.42
> +++ rde_lsdb.c27 Jan 2020 17:11:52 -
> @@ -192,7 +192,7 @@ lsa_check(struct rde_nbr *nbr, struct ls
>   return (0);
>   }
>   if (ntohs(lsa->hdr.len) != len) {
> - log_warnx("lsa_check: bad packet size");
> + log_warnx("lsa_check: bad packet length");
>   return (0);
>   }
>  
> @@ -244,7 +244,7 @@ lsa_check(struct rde_nbr *nbr, struct ls
>   }
>   metric = ntohl(lsa->data.pref_sum.metric);
>   if (metric & ~LSA_METRIC_MASK) {
> - log_warnx("lsa_check: bad LSA summary metric");
> + log_warnx("lsa_check: bad LSA prefix summary metric");
>   return (0);
>   }
>   if (lsa_get_prefix(((char *)lsa) + sizeof(lsa->hdr) +
> @@ -263,7 +263,7 @@ lsa_check(struct rde_nbr *nbr, struct ls
>   }
>   metric = ntohl(lsa->data.rtr_sum.metric);
>   if (metric & ~LSA_METRIC_MASK) {
>

Re: ospf6d: simplify lsa_snap()

2020-01-21 Thread Remi Locherer
On Wed, Jan 22, 2020 at 12:56:00AM +0100, Claudio Jeker wrote:
> On Tue, Jan 21, 2020 at 03:58:58PM +0100, Remi Locherer wrote:
> > On Tue, Jan 21, 2020 at 01:09:30PM +0100, Denis Fondras wrote:
> > > On Tue, Jan 21, 2020 at 09:35:06AM +0100, Remi Locherer wrote:
> > > > > @@ -235,6 +233,7 @@ lsa_check(struct rde_nbr *nbr, struct ls
> > > > >   case LSA_TYPE_NETWORK:
> > > > >   if ((len % sizeof(u_int32_t)) ||
> > > > >   len < sizeof(lsa->hdr) + sizeof(u_int32_t)) {
> > > > > + log_warnx("lsa_check: bad LSA network packet");
> > > > 
> > > > please use __func__
> > > > 
> > > 
> > > None use __func__ currently.
> > > 
> > 
> > Right, it's not often used in ospf6d.
> > 
> > I think we should use it more in such cases.
> > 
> > But you have my OK with or without that.
> > 
> 
> I think the log_warnx should use __func__ less and instead use better
> messages that an operator can understand without having to check the code.
> As a developer 'lsa_check: bad LSA network packet' sounds great since I
> can find the code but as an operator 'dropped LSA network packet with bad
> size from neighbor XY' would be more effective. I'm probably the source of
> most of those messages that's why I think they could be better :)
> But changing those can happen some other time.

I agree with that point. But when the function name is used in a message
I prefer if __func__ is used.



Re: ospf6d: simplify lsa_snap()

2020-01-21 Thread Remi Locherer
On Tue, Jan 21, 2020 at 01:09:30PM +0100, Denis Fondras wrote:
> On Tue, Jan 21, 2020 at 09:35:06AM +0100, Remi Locherer wrote:
> > > @@ -235,6 +233,7 @@ lsa_check(struct rde_nbr *nbr, struct ls
> > >   case LSA_TYPE_NETWORK:
> > >   if ((len % sizeof(u_int32_t)) ||
> > >   len < sizeof(lsa->hdr) + sizeof(u_int32_t)) {
> > > + log_warnx("lsa_check: bad LSA network packet");
> > 
> > please use __func__
> > 
> 
> None use __func__ currently.
> 

Right, it's not often used in ospf6d.

I think we should use it more in such cases.

But you have my OK with or without that.

Remi



Re: ospf(6)d: allow "type p2p" globally or per area

2020-01-21 Thread Remi Locherer
On Mon, Jan 20, 2020 at 05:08:26PM +0100, Denis Fondras wrote:
> On Sun, Jan 19, 2020 at 11:04:16PM +0100, Remi Locherer wrote:
> > This makes the interface setting "type p2p" configurable globally or
> > per area. ospf(6)d allows this for almost all interface related settings.
> > 
> > As a side-effect of this diff ospf(6)d -nv prints "type p2p" also for
> > point-to-point interfaces like gif or gre. I think this is an advantage
> > but I can also change that by re-introducing the iface->p2p variable.
> > 
> > OK?
> > 
> 
> diff looks good. Is it really useful to set p2p globally ?

Yes, if the router only connects to other routers.
And the diff makes "type p2p" works the same as the other interface
settings do. And as the manual tells the user.

> 
> > Remi
> > 
> > 
> > 
> > Index: ospf6d/ospf6d.h
> > ===
> > RCS file: /cvs/src/usr.sbin/ospf6d/ospf6d.h,v
> > retrieving revision 1.44
> > diff -u -p -r1.44 ospf6d.h
> > --- ospf6d/ospf6d.h 3 Jan 2020 17:45:02 -   1.44
> > +++ ospf6d/ospf6d.h 12 Jan 2020 21:44:41 -
> > @@ -329,7 +329,6 @@ struct iface {
> > u_int8_t if_type;
> > u_int8_t linkstate;
> > u_int8_t priority;
> > -   u_int8_t p2p;
> > u_int8_t cflags;
> >  #define F_IFACE_PASSIVE0x01
> >  #define F_IFACE_CONFIGURED 0x02
> > Index: ospf6d/parse.y
> > ===
> > RCS file: /cvs/src/usr.sbin/ospf6d/parse.y,v
> > retrieving revision 1.48
> > diff -u -p -r1.48 parse.y
> > --- ospf6d/parse.y  26 Dec 2019 10:24:18 -  1.48
> > +++ ospf6d/parse.y  19 Jan 2020 21:51:56 -
> > @@ -102,6 +102,7 @@ struct config_defaults {
> > u_int16_t   rxmt_interval;
> > u_int16_t   metric;
> > u_int8_tpriority;
> > +   u_int8_tp2p;
> >  };
> >  
> >  struct config_defaults  globaldefs;
> > @@ -449,6 +450,9 @@ defaults: METRIC NUMBER {
> > }
> > defs->rxmt_interval = $2;
> > }
> > +   | TYPE P2P  {
> > +   defs->p2p = 1;
> > +   }
> > ;
> >  
> >  optnl  : '\n' optnl
> > @@ -550,6 +554,8 @@ interface   : INTERFACE STRING  {
> > iface->metric = defs->metric;
> > iface->priority = defs->priority;
> > iface->cflags |= F_IFACE_CONFIGURED;
> > +   if (defs->p2p == 1)
> > +   iface->type = IF_TYPE_POINTOPOINT;
> > iface = NULL;
> > /* interface is always part of an area */
> > defs = &areadefs;
> > @@ -566,10 +572,6 @@ interfaceopts_l: interfaceopts_l interf
> > ;
> >  
> >  interfaceoptsl : PASSIVE   { iface->cflags |= 
> > F_IFACE_PASSIVE; }
> > -   | TYPE P2P  {
> > -   iface->p2p = 1;
> > -   iface->type = IF_TYPE_POINTOPOINT;
> > -   }
> > | DEMOTE STRING {
> > if (strlcpy(iface->demote_group, $2,
> > sizeof(iface->demote_group)) >=
> > @@ -1034,6 +1036,7 @@ parse_config(char *filename, int opts)
> > defs->rxmt_interval = DEFAULT_RXMT_INTERVAL;
> > defs->metric = DEFAULT_METRIC;
> > defs->priority = DEFAULT_PRIORITY;
> > +   defs->p2p = 0;
> >  
> > conf->spf_delay = DEFAULT_SPF_DELAY;
> > conf->spf_hold_time = DEFAULT_SPF_HOLDTIME;
> > Index: ospf6d/printconf.c
> > ===
> > RCS file: /cvs/src/usr.sbin/ospf6d/printconf.c,v
> > retrieving revision 1.9
> > diff -u -p -r1.9 printconf.c
> > --- ospf6d/printconf.c  26 Dec 2019 10:24:18 -  1.9
> > +++ ospf6d/printconf.c  12 Jan 2020 21:43:06 -
> > @@ -1,4 +1,5 @@
> > -/* $OpenBSD: printconf.c,v 1.9 2019/12/26 10:24:18 remi Exp $ */
> > +/*  $OpenBSD: printconf.c,v 1.9 2019/12/26 10:24:18 remi Exp $
> > +*/
> >  
> >  /*
> >   * Copyright (c) 2004, 2005 Esben Norby 
> > @@ -135,7 +136,7 @@ print_iface(struct iface *iface)
> > prin

Re: ospf6d: simplify lsa_snap()

2020-01-21 Thread Remi Locherer
On Mon, Jan 20, 2020 at 05:03:34PM +0100, Denis Fondras wrote:
> No need to pass peerid to lsa_snap()
> 
> While at it, remove unused variable.

ok iremi@ with a small comment below.

> 
> Index: rde.c
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/rde.c,v
> retrieving revision 1.82
> diff -u -p -r1.82 rde.c
> --- rde.c 2 Jan 2020 10:16:46 -   1.82
> +++ rde.c 20 Jan 2020 09:23:01 -
> @@ -345,7 +345,7 @@ rde_dispatch_imsg(int fd, short event, v
>   if (nbr == NULL)
>   break;
>  
> - lsa_snap(nbr, imsg.hdr.peerid);
> + lsa_snap(nbr);
>  
>   imsg_compose_event(iev_ospfe, IMSG_DB_END, 
> imsg.hdr.peerid,
>   0, -1, NULL, 0);
> Index: rde.h
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/rde.h,v
> retrieving revision 1.23
> diff -u -p -r1.23 rde.h
> --- rde.h 22 Dec 2019 11:19:06 -  1.23
> +++ rde.h 20 Jan 2020 09:23:01 -
> @@ -159,7 +159,7 @@ struct vertex *lsa_find_tree(struct lsa_
>  u_int32_t lsa_find_lsid(struct lsa_tree *, u_int16_t, u_int32_t,
>   int (*)(struct lsa *, struct lsa *), struct lsa *);
>  u_int16_t lsa_num_links(struct vertex *);
> -void  lsa_snap(struct rde_nbr *, u_int32_t);
> +void  lsa_snap(struct rde_nbr *);
>  void  lsa_dump(struct lsa_tree *, int, pid_t);
>  void  lsa_merge(struct rde_nbr *, struct lsa *, struct vertex *);
>  void  lsa_remove_invalid_sums(struct area *);
> Index: rde_lsdb.c
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/rde_lsdb.c,v
> retrieving revision 1.41
> diff -u -p -r1.41 rde_lsdb.c
> --- rde_lsdb.c2 Jan 2020 10:16:46 -   1.41
> +++ rde_lsdb.c20 Jan 2020 09:23:01 -
> @@ -39,8 +39,6 @@ int  lsa_get_prefix(void *, u_int16_t, 
>  
>  RB_GENERATE(lsa_tree, vertex, entry, lsa_compare)
>  
> -extern struct ospfd_conf *rdeconf;
> -
>  void
>  lsa_init(struct lsa_tree *t)
>  {
> @@ -235,6 +233,7 @@ lsa_check(struct rde_nbr *nbr, struct ls
>   case LSA_TYPE_NETWORK:
>   if ((len % sizeof(u_int32_t)) ||
>   len < sizeof(lsa->hdr) + sizeof(u_int32_t)) {
> + log_warnx("lsa_check: bad LSA network packet");

please use __func__

>   return (0);
>   }
>   break;
> @@ -716,7 +715,7 @@ lsa_num_links(struct vertex *v)
>  }
>  
>  void
> -lsa_snap(struct rde_nbr *nbr, u_int32_t peerid)
> +lsa_snap(struct rde_nbr *nbr)
>  {
>   struct lsa_tree *tree = &nbr->area->lsa_tree;
>   struct vertex   *v;
> @@ -727,11 +726,13 @@ lsa_snap(struct rde_nbr *nbr, u_int32_t 
>   continue;
>   lsa_age(v);
>   if (ntohs(v->lsa->hdr.age) >= MAX_AGE) {
> - rde_imsg_compose_ospfe(IMSG_LS_SNAP, peerid,
> - 0, &v->lsa->hdr, ntohs(v->lsa->hdr.len));
> + rde_imsg_compose_ospfe(IMSG_LS_SNAP,
> + nbr->peerid, 0, &v->lsa->hdr,
> + ntohs(v->lsa->hdr.len));
>   } else {
> - rde_imsg_compose_ospfe(IMSG_DB_SNAPSHOT, peerid,
> - 0, &v->lsa->hdr, sizeof(struct lsa_hdr));
> + rde_imsg_compose_ospfe(IMSG_DB_SNAPSHOT,
> + nbr->peerid, 0, &v->lsa->hdr,
> + sizeof(struct lsa_hdr));
>   }
>   }
>   if (tree == &asext_tree)
> 



ospf(6)d: allow "type p2p" globally or per area

2020-01-19 Thread Remi Locherer
This makes the interface setting "type p2p" configurable globally or
per area. ospf(6)d allows this for almost all interface related settings.

As a side-effect of this diff ospf(6)d -nv prints "type p2p" also for
point-to-point interfaces like gif or gre. I think this is an advantage
but I can also change that by re-introducing the iface->p2p variable.

OK?

Remi



Index: ospf6d/ospf6d.h
===
RCS file: /cvs/src/usr.sbin/ospf6d/ospf6d.h,v
retrieving revision 1.44
diff -u -p -r1.44 ospf6d.h
--- ospf6d/ospf6d.h 3 Jan 2020 17:45:02 -   1.44
+++ ospf6d/ospf6d.h 12 Jan 2020 21:44:41 -
@@ -329,7 +329,6 @@ struct iface {
u_int8_t if_type;
u_int8_t linkstate;
u_int8_t priority;
-   u_int8_t p2p;
u_int8_t cflags;
 #define F_IFACE_PASSIVE0x01
 #define F_IFACE_CONFIGURED 0x02
Index: ospf6d/parse.y
===
RCS file: /cvs/src/usr.sbin/ospf6d/parse.y,v
retrieving revision 1.48
diff -u -p -r1.48 parse.y
--- ospf6d/parse.y  26 Dec 2019 10:24:18 -  1.48
+++ ospf6d/parse.y  19 Jan 2020 21:51:56 -
@@ -102,6 +102,7 @@ struct config_defaults {
u_int16_t   rxmt_interval;
u_int16_t   metric;
u_int8_tpriority;
+   u_int8_tp2p;
 };
 
 struct config_defaults  globaldefs;
@@ -449,6 +450,9 @@ defaults: METRIC NUMBER {
}
defs->rxmt_interval = $2;
}
+   | TYPE P2P  {
+   defs->p2p = 1;
+   }
;
 
 optnl  : '\n' optnl
@@ -550,6 +554,8 @@ interface   : INTERFACE STRING  {
iface->metric = defs->metric;
iface->priority = defs->priority;
iface->cflags |= F_IFACE_CONFIGURED;
+   if (defs->p2p == 1)
+   iface->type = IF_TYPE_POINTOPOINT;
iface = NULL;
/* interface is always part of an area */
defs = &areadefs;
@@ -566,10 +572,6 @@ interfaceopts_l: interfaceopts_l interf
;
 
 interfaceoptsl : PASSIVE   { iface->cflags |= F_IFACE_PASSIVE; }
-   | TYPE P2P  {
-   iface->p2p = 1;
-   iface->type = IF_TYPE_POINTOPOINT;
-   }
| DEMOTE STRING {
if (strlcpy(iface->demote_group, $2,
sizeof(iface->demote_group)) >=
@@ -1034,6 +1036,7 @@ parse_config(char *filename, int opts)
defs->rxmt_interval = DEFAULT_RXMT_INTERVAL;
defs->metric = DEFAULT_METRIC;
defs->priority = DEFAULT_PRIORITY;
+   defs->p2p = 0;
 
conf->spf_delay = DEFAULT_SPF_DELAY;
conf->spf_hold_time = DEFAULT_SPF_HOLDTIME;
Index: ospf6d/printconf.c
===
RCS file: /cvs/src/usr.sbin/ospf6d/printconf.c,v
retrieving revision 1.9
diff -u -p -r1.9 printconf.c
--- ospf6d/printconf.c  26 Dec 2019 10:24:18 -  1.9
+++ ospf6d/printconf.c  12 Jan 2020 21:43:06 -
@@ -1,4 +1,5 @@
-/* $OpenBSD: printconf.c,v 1.9 2019/12/26 10:24:18 remi Exp $ */
+/*  $OpenBSD: printconf.c,v 1.9 2019/12/26 10:24:18 remi Exp $
+*/
 
 /*
  * Copyright (c) 2004, 2005 Esben Norby 
@@ -135,7 +136,7 @@ print_iface(struct iface *iface)
printf("\t\trouter-priority %d\n", iface->priority);
printf("\t\ttransmit-delay %d\n", iface->transmit_delay);
 
-   if (iface->p2p)
+   if (iface->type == IF_TYPE_POINTOPOINT)
printf("\t\ttype p2p\n");
 
printf("\t}\n");
Index: ospfd/ospfd.c
===
RCS file: /cvs/src/usr.sbin/ospfd/ospfd.c,v
retrieving revision 1.110
diff -u -p -r1.110 ospfd.c
--- ospfd/ospfd.c   23 Nov 2019 15:05:21 -  1.110
+++ ospfd/ospfd.c   18 Jan 2020 14:02:04 -
@@ -893,7 +893,6 @@ merge_interfaces(struct area *a, struct 
if (i->self)
i->self->priority = i->priority;
i->flags = xi->flags; /* needed? */
-   i->type = xi->type; /* needed? */
i->if_type = xi->if_type; /* needed? */
i->linkstate = xi->linkstate; /* needed? */
 
@@ -915,11 +914,11 @@ merge_interfaces(struct area *a, struct 
if_fsm(i, IF_EVT_UP);
}
 
-   if (i->p2p != xi->p2p) {
+   if (i->type != xi->type) {
/* restart interface to enable or disable DR election */
if (ospfd_process == PROC_OSPF_ENGINE)
i

Re: ospf(6)d.conf: define interface parameters per area or globally

2020-01-12 Thread Remi Locherer
On Sun, Jan 12, 2020 at 04:18:26PM +0100, Claudio Jeker wrote:
> On Sun, Jan 12, 2020 at 03:46:15PM +0100, Remi Locherer wrote:
> > On Wed, Jan 08, 2020 at 01:13:45PM +0100, Denis Fondras wrote:
> > > On Wed, Jan 08, 2020 at 09:14:48AM +0100, Remi Locherer wrote:
> > > > > I have a diff to allow parameters after interface or area definition.
> > > > > Not sure if we want to do that though.
> > > > 
> > > > I would appreciate that! ;-)
> > > > 
> > > 
> > > The ospfd diff needs some more work. Crypt authentication handling is not
> > > perfect.
> > 
> > This works fine for me and the diff reads good. I tested ospfd and ospf6d.
> > Also the crypt options for ospfd worked fine.
> > 
> > ok remi@
> 
> Currently all daemons behave the same way and inherit at the moment of
> creation. Having this behave different between daemons is confusing.
> At least ospfd and bgpd should behave the same. Not saying that the
> current behaviour is great.
> I think in the case of ospfd the way auth-md is handled by this diff is
> not comparable with the behaviour of the other settings.

I agree. But that should not stop us improving one program before the
other ones.

> 
> area 0.0.0.0 {
>   hello-interval 10
>   auth-md 1 foo
> 
>   interface em0
> 
>   hello-interval 20
>   auth-md 1 bar
>   auth-md 2 foofoo
> 
>   interface em1 {
>   auth-md 3 barbar
>   }
> 
>   hello-interval 30
>   auth-md 1 bay
>   auth-md 2 foobar
> }
> 
> What values for hello-interval and auth-md should be set on em0 and em1?
>  

To me it looks natural if the latest value per level is used. With your
example that would be:

em0:
- auth-md 1 "bay"
- auth-md 2 "foobar"
- hello-interval 30

em1:
- auth-md 1 "bay"
- auth-md 2 "foobar"
- auth-md 3 "barbar"
- hello-interval 30

In my testing this is the result of the diff from Denis. (I modified
printconf.c to print the keys to see the results).

Another option would be to make it an error specifying the same option
more than once at the same level.

While looking closer I noticed, that the default value for auth-md-keyid
is set to 0 while the manual says it is 1. But that is not a change
introduced by this diff.

> > > 
> > > Index: ospf6d/ospf6d.h
> > > ===
> > > RCS file: /cvs/src/usr.sbin/ospf6d/ospf6d.h,v
> > > retrieving revision 1.44
> > > diff -u -p -r1.44 ospf6d.h
> > > --- ospf6d/ospf6d.h   3 Jan 2020 17:45:02 -   1.44
> > > +++ ospf6d/ospf6d.h   8 Jan 2020 12:11:20 -
> > > @@ -328,7 +328,7 @@ struct iface {
> > >   enum iface_type  type;
> > >   u_int8_t if_type;
> > >   u_int8_t linkstate;
> > > - u_int8_t priority;
> > > + int16_t  priority;
> > >   u_int8_t p2p;
> > >   u_int8_t cflags;
> > >  #define F_IFACE_PASSIVE  0x01
> > > Index: ospf6d/parse.y
> > > ===
> > > RCS file: /cvs/src/usr.sbin/ospf6d/parse.y,v
> > > retrieving revision 1.48
> > > diff -u -p -r1.48 parse.y
> > > --- ospf6d/parse.y26 Dec 2019 10:24:18 -  1.48
> > > +++ ospf6d/parse.y8 Jan 2020 12:11:20 -
> > > @@ -101,7 +101,7 @@ struct config_defaults {
> > >   u_int16_t   hello_interval;
> > >   u_int16_t   rxmt_interval;
> > >   u_int16_t   metric;
> > > - u_int8_tpriority;
> > > + int16_t priority;
> > >  };
> > >  
> > >  struct config_defaultsglobaldefs;
> > > @@ -111,6 +111,7 @@ struct config_defaults*defs;
> > >  
> > >  struct area  *conf_get_area(struct in_addr);
> > >  int   conf_check_rdomain(u_int);
> > > +void  iface_settings(struct iface *, struct config_defaults 
> > > *);
> > >  
> > >  typedef struct {
> > >   union {
> > > @@ -465,9 +466,14 @@ comma: ','
> > >  area : AREA areaid {
> > >   area = conf_get_area($2);
> > >  
> > > - memcpy(&areadefs, defs, sizeof(areadefs));
> > > + memset(&areadefs, 0, sizeof(areadefs));
> > > + areadefs.priority = -1;
> > >  

Re: ospf(6)d.conf: define interface parameters per area or globally

2020-01-12 Thread Remi Locherer
On Wed, Jan 08, 2020 at 01:13:45PM +0100, Denis Fondras wrote:
> On Wed, Jan 08, 2020 at 09:14:48AM +0100, Remi Locherer wrote:
> > > I have a diff to allow parameters after interface or area definition.
> > > Not sure if we want to do that though.
> > 
> > I would appreciate that! ;-)
> > 
> 
> The ospfd diff needs some more work. Crypt authentication handling is not
> perfect.

This works fine for me and the diff reads good. I tested ospfd and ospf6d.
Also the crypt options for ospfd worked fine.

ok remi@

> 
> Index: ospf6d/ospf6d.h
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/ospf6d.h,v
> retrieving revision 1.44
> diff -u -p -r1.44 ospf6d.h
> --- ospf6d/ospf6d.h   3 Jan 2020 17:45:02 -   1.44
> +++ ospf6d/ospf6d.h   8 Jan 2020 12:11:20 -
> @@ -328,7 +328,7 @@ struct iface {
>   enum iface_type  type;
>   u_int8_t if_type;
>   u_int8_t linkstate;
> - u_int8_t priority;
> + int16_t  priority;
>   u_int8_t p2p;
>   u_int8_t cflags;
>  #define F_IFACE_PASSIVE  0x01
> Index: ospf6d/parse.y
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/parse.y,v
> retrieving revision 1.48
> diff -u -p -r1.48 parse.y
> --- ospf6d/parse.y26 Dec 2019 10:24:18 -  1.48
> +++ ospf6d/parse.y8 Jan 2020 12:11:20 -
> @@ -101,7 +101,7 @@ struct config_defaults {
>   u_int16_t   hello_interval;
>   u_int16_t   rxmt_interval;
>   u_int16_t   metric;
> - u_int8_tpriority;
> + int16_t priority;
>  };
>  
>  struct config_defaultsglobaldefs;
> @@ -111,6 +111,7 @@ struct config_defaults*defs;
>  
>  struct area  *conf_get_area(struct in_addr);
>  int   conf_check_rdomain(u_int);
> +void  iface_settings(struct iface *, struct config_defaults *);
>  
>  typedef struct {
>   union {
> @@ -465,9 +466,14 @@ comma: ','
>  area : AREA areaid {
>   area = conf_get_area($2);
>  
> - memcpy(&areadefs, defs, sizeof(areadefs));
> + memset(&areadefs, 0, sizeof(areadefs));
> + areadefs.priority = -1;
>   defs = &areadefs;
>   } '{' optnl areaopts_l '}' {
> + struct iface*i;
> + LIST_FOREACH(i, &area->iface_list, entry) {
> + iface_settings(i, &areadefs);
> + }
>   area = NULL;
>   defs = &globaldefs;
>   }
> @@ -540,15 +546,12 @@ interface   : INTERFACE STRING  {
>   iface->area = area;
>   LIST_INSERT_HEAD(&area->iface_list, iface, entry);
>  
> - memcpy(&ifacedefs, defs, sizeof(ifacedefs));
> + memset(&ifacedefs, 0, sizeof(ifacedefs));
> + ifacedefs.priority = -1;
>   defs = &ifacedefs;
>   } interface_block {
> - iface->dead_interval = defs->dead_interval;
> - iface->transmit_delay = defs->transmit_delay;
> - iface->hello_interval = defs->hello_interval;
> - iface->rxmt_interval = defs->rxmt_interval;
> - iface->metric = defs->metric;
> - iface->priority = defs->priority;
> + iface->priority = -1;
> + iface_settings(iface, defs);
>   iface->cflags |= F_IFACE_CONFIGURED;
>   iface = NULL;
>   /* interface is always part of an area */
> @@ -1018,6 +1021,8 @@ popfile(void)
>  struct ospfd_conf *
>  parse_config(char *filename, int opts)
>  {
> + struct area *a;
> + struct iface*i;
>   struct sym  *sym, *next;
>  
>   if ((conf = calloc(1, sizeof(struct ospfd_conf))) == NULL)
> @@ -1068,6 +1073,10 @@ parse_config(char *filename, int opts)
>   }
>   }
>  
> + LIST_FOREACH(a, &conf->area_list, entry)
> + LIST_FOREACH(i, &a->iface_list, entry)
> + iface_settings(i, defs);
> + 
>   /* check that all interfaces belong to the configured rdomain */
>   errors += conf_check_rdomain(conf->rdomain);
>

Re: ospf(6)d.conf: define interface parameters per area or globally

2020-01-08 Thread Remi Locherer
On Sat, Jan 04, 2020 at 11:34:45PM +0100, Denis Fondras wrote:
> On Sat, Jan 04, 2020 at 11:11:36PM +0100, Remi Locherer wrote:
> > Hi,
> > 
> > interface-specific parameters can be defined globally or per area.
> > But they are applied to the interfaces only if the interfaces are
> > declared afterwards.
> > 
> 
> I have a diff to allow parameters after interface or area definition.
> Not sure if we want to do that though.

I would appreciate that! ;-)

> > Or is the GLOBAL CONFIURATION section the better place for this?
> > I opted for the AREA section because I consider it unlikely a user adds
> > global parameters at the end of the config file. But who knows. ;-)
> > 
> 
> In the MACRO section I would change the last sentence too (or even remove it 
> as
> it is close to the GLOBAL first paragraph).

True, it does not add a lot of value. But I don't have a strong opinion.

> 
> Anyway OK denis@
> 
> > Remi
> > 
> > Index: ospfd/ospfd.conf.5
> > ===
> > RCS file: /cvs/src/usr.sbin/ospfd/ospfd.conf.5,v
> > retrieving revision 1.58
> > diff -u -p -r1.58 ospfd.conf.5
> > --- ospfd/ospfd.conf.5  19 Nov 2019 09:55:55 -  1.58
> > +++ ospfd/ospfd.conf.5  4 Jan 2020 21:48:00 -
> > @@ -256,11 +256,13 @@ is set to a value other than 1 or if the
> >  Areas are used for grouping interfaces.
> >  All interface-specific parameters can
> >  be configured per area, overruling the global settings.
> > +These interface-specific parameters need to be defined before the 
> > interfaces.
> >  .Bl -tag -width Ds
> >  .It Ic area Ar id | address
> >  Specify an area section, grouping one or more interfaces.
> >  .Bd -literal -offset indent
> >  area 0.0.0.0 {
> > +   hello-interval 3
> > interface em0
> > interface em1 {
> > metric 10
> > Index: ospf6d/ospf6d.conf.5
> > ===
> > RCS file: /cvs/src/usr.sbin/ospf6d/ospf6d.conf.5,v
> > retrieving revision 1.20
> > diff -u -p -r1.20 ospf6d.conf.5
> > --- ospf6d/ospf6d.conf.526 Dec 2019 10:24:18 -  1.20
> > +++ ospf6d/ospf6d.conf.54 Jan 2020 21:48:30 -
> > @@ -236,11 +236,13 @@ is set to a value different to 1 or if t
> >  Areas are used for grouping interfaces.
> >  All interface-specific parameters can
> >  be configured per area, overruling the global settings.
> > +These interface-specific parameters need to be defined before the 
> > interfaces.
> >  .Bl -tag -width Ds
> >  .It Ic area Ar address Ns | Ns Ar id
> >  Specify an area section, grouping one or more interfaces.
> >  .Bd -literal -offset indent
> >  area 0.0.0.0 {
> > +   hello-interval 3
> > interface em0
> > interface em1 {
> > metric 10
> > 
> 



ospf(6)d.conf: define interface parameters per area or globally

2020-01-04 Thread Remi Locherer
Hi,

interface-specific parameters can be defined globally or per area.
But they are applied to the interfaces only if the interfaces are
declared afterwards.

Or is the GLOBAL CONFIURATION section the better place for this?
I opted for the AREA section because I consider it unlikely a user adds
global parameters at the end of the config file. But who knows. ;-)

Remi

Index: ospfd/ospfd.conf.5
===
RCS file: /cvs/src/usr.sbin/ospfd/ospfd.conf.5,v
retrieving revision 1.58
diff -u -p -r1.58 ospfd.conf.5
--- ospfd/ospfd.conf.5  19 Nov 2019 09:55:55 -  1.58
+++ ospfd/ospfd.conf.5  4 Jan 2020 21:48:00 -
@@ -256,11 +256,13 @@ is set to a value other than 1 or if the
 Areas are used for grouping interfaces.
 All interface-specific parameters can
 be configured per area, overruling the global settings.
+These interface-specific parameters need to be defined before the interfaces.
 .Bl -tag -width Ds
 .It Ic area Ar id | address
 Specify an area section, grouping one or more interfaces.
 .Bd -literal -offset indent
 area 0.0.0.0 {
+   hello-interval 3
interface em0
interface em1 {
metric 10
Index: ospf6d/ospf6d.conf.5
===
RCS file: /cvs/src/usr.sbin/ospf6d/ospf6d.conf.5,v
retrieving revision 1.20
diff -u -p -r1.20 ospf6d.conf.5
--- ospf6d/ospf6d.conf.526 Dec 2019 10:24:18 -  1.20
+++ ospf6d/ospf6d.conf.54 Jan 2020 21:48:30 -
@@ -236,11 +236,13 @@ is set to a value different to 1 or if t
 Areas are used for grouping interfaces.
 All interface-specific parameters can
 be configured per area, overruling the global settings.
+These interface-specific parameters need to be defined before the interfaces.
 .Bl -tag -width Ds
 .It Ic area Ar address Ns | Ns Ar id
 Specify an area section, grouping one or more interfaces.
 .Bd -literal -offset indent
 area 0.0.0.0 {
+   hello-interval 3
interface em0
interface em1 {
metric 10



Re: ospf6d: sync hello.c with ospfd

2020-01-03 Thread Remi Locherer
On Thu, Jan 02, 2020 at 05:17:02PM +0100, Denis Fondras wrote:
> Sync with ospfd's hello.c

ok remi@

> 
> Index: hello.c
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/hello.c,v
> retrieving revision 1.21
> diff -u -p -r1.21 hello.c
> --- hello.c   23 Dec 2019 11:25:41 -  1.21
> +++ hello.c   2 Jan 2020 16:11:19 -
> @@ -41,8 +41,6 @@ send_hello(struct iface *iface)
>   struct hello_hdr hello;
>   struct nbr  *nbr;
>   struct ibuf *buf;
> - int  ret;
> - u_int32_topts;
>  
>   switch (iface->type) {
>   case IF_TYPE_POINTOPOINT:
> @@ -72,10 +70,8 @@ send_hello(struct iface *iface)
>   /* hello header */
>   hello.iface_id = htonl(iface->ifindex);
>   LSA_24_SETHI(hello.opts, iface->priority);
> - opts = area_ospf_options(iface->area);
> - LSA_24_SETLO(hello.opts, opts);
> + LSA_24_SETLO(hello.opts, area_ospf_options(iface->area));
>   hello.opts = htonl(hello.opts);
> -
>   hello.hello_interval = htons(iface->hello_interval);
>   hello.rtr_dead_interval = htons(iface->dead_interval);
>  
> @@ -104,10 +100,11 @@ send_hello(struct iface *iface)
>   if (upd_ospf_hdr(buf, iface))
>   goto fail;
>  
> - ret = send_packet(iface, buf, &dst);
> + if (send_packet(iface, buf, &dst) == -1)
> + goto fail;
>  
>   ibuf_free(buf);
> - return (ret);
> + return (0);
>  fail:
>   log_warn("send_hello");
>   ibuf_free(buf);
> @@ -120,7 +117,6 @@ recv_hello(struct iface *iface, struct i
>  {
>   struct hello_hdr hello;
>   struct nbr  *nbr = NULL, *dr;
> - struct area *area;
>   u_int32_tnbr_id, opts;
>   int  nbr_change = 0;
>  
> @@ -148,12 +144,9 @@ recv_hello(struct iface *iface, struct i
>   return;
>   }
>  
> - if ((area = iface->area) == NULL)
> - fatalx("interface lost area");
> -
>   opts = LSA_24_GETLO(ntohl(hello.opts));
> - if ((opts & OSPF_OPTION_E && area->stub) ||
> - ((opts & OSPF_OPTION_E) == 0 && !area->stub)) {
> + if ((opts & OSPF_OPTION_E && iface->area->stub) ||
> + ((opts & OSPF_OPTION_E) == 0 && !iface->area->stub)) {
>   log_warnx("recv_hello: ExternalRoutingCapability mismatch, "
>   "interface %s", iface->name);
>   return;
> @@ -161,8 +154,15 @@ recv_hello(struct iface *iface, struct i
>  
>   /* match router-id */
>   LIST_FOREACH(nbr, &iface->nbr_list, entry) {
> - if (nbr == iface->self)
> + if (nbr == iface->self) {
> + if (nbr->id.s_addr == rtr_id) {
> + log_warnx("recv_hello: Router-ID collision on "
> + "interface %s neighbor IP %s", iface->name,
> + log_in6addr(src));
> + return;
> + }
>   continue;
> + }
>   if (nbr->id.s_addr == rtr_id)
>   break;
>   }
> 



Re: ospf6d: sync database.c with ospfd(8)

2020-01-03 Thread Remi Locherer
On Thu, Jan 02, 2020 at 04:05:45PM +0100, Denis Fondras wrote:
> This is mostly log messages sync.

ok remi@

> 
> Index: database.c
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/database.c,v
> retrieving revision 1.18
> diff -u -p -r1.18 database.c
> --- database.c23 Dec 2019 07:33:49 -  1.18
> +++ database.c2 Jan 2020 14:31:46 -
> @@ -43,7 +43,6 @@ send_db_description(struct nbr *nbr)
>   struct db_dscrp_hdr  dd_hdr;
>   struct lsa_entry*le, *nle;
>   struct ibuf *buf;
> - int  ret = 0;
>   u_int8_t bits = 0;
>  
>   if ((buf = ibuf_open(nbr->iface->mtu - sizeof(struct ip6_hdr))) == NULL)
> @@ -63,11 +62,10 @@ send_db_description(struct nbr *nbr)
>   case NBR_STA_INIT:
>   case NBR_STA_2_WAY:
>   case NBR_STA_SNAP:
> - log_debug("send_db_description: cannot send packet in state %s,"
> - " neighbor ID %s", nbr_state_name(nbr->state),
> - inet_ntoa(nbr->id));
> - ret = -1;
> - goto done;
> + log_debug("send_db_description: neighbor ID %s: "
> + "cannot send packet in state %s", inet_ntoa(nbr->id),
> + nbr_state_name(nbr->state));
> + goto fail;
>   case NBR_STA_XSTRT:
>   bits |= OSPF_DBD_MS | OSPF_DBD_M | OSPF_DBD_I;
>   nbr->dd_more = 1;
> @@ -90,7 +88,7 @@ send_db_description(struct nbr *nbr)
>  
>   /* build LSA list */
>   for (le = TAILQ_FIRST(&nbr->db_sum_list); le != NULL &&
> - buf->wpos + sizeof(struct lsa_hdr) < buf->max; le = nle) {
> + ibuf_left(buf) >=  sizeof(struct lsa_hdr); le = nle) {
>   nbr->dd_end = nle = TAILQ_NEXT(le, entry);
>   if (ibuf_add(buf, le->le_lsa, sizeof(struct lsa_hdr)))
>   goto fail;
> @@ -146,10 +144,11 @@ send_db_description(struct nbr *nbr)
>   goto fail;
>  
>   /* transmit packet */
> - ret = send_packet(nbr->iface, buf, &dst);
> -done:
> + if (send_packet(nbr->iface, buf, &dst) == -1)
> + goto fail;
> +
>   ibuf_free(buf);
> - return (ret);
> + return (0);
>  fail:
>   log_warn("send_db_description");
>   ibuf_free(buf);
> @@ -163,8 +162,8 @@ recv_db_description(struct nbr *nbr, cha
>   int  dupe = 0;
>  
>   if (len < sizeof(dd_hdr)) {
> - log_warnx("recv_db_description: "
> - "bad packet size, neighbor ID %s", inet_ntoa(nbr->id));
> + log_warnx("recv_db_description: neighbor ID %s: "
> + "bad packet size", inet_ntoa(nbr->id));
>   return;
>   }
>   memcpy(&dd_hdr, buf, sizeof(dd_hdr));
> @@ -173,9 +172,9 @@ recv_db_description(struct nbr *nbr, cha
>  
>   /* db description packet sanity checks */
>   if (ntohs(dd_hdr.iface_mtu) > nbr->iface->mtu) {
> - log_warnx("recv_db_description: invalid MTU %d sent by "
> - "neighbor ID %s, expected %d", ntohs(dd_hdr.iface_mtu),
> - inet_ntoa(nbr->id), nbr->iface->mtu);
> + log_warnx("recv_db_description: neighbor ID %s: "
> + "invalid MTU %d expected %d", inet_ntoa(nbr->id),
> + ntohs(dd_hdr.iface_mtu), nbr->iface->mtu);
>   return;
>   }
>  
> @@ -183,7 +182,7 @@ recv_db_description(struct nbr *nbr, cha
>   nbr->last_rx_bits == dd_hdr.bits &&
>   ntohl(dd_hdr.dd_seq_num) == nbr->dd_seq_num - nbr->dd_master ?
>   1 : 0) {
> - log_debug("recv_db_description: dupe from ID %s",
> + log_debug("recv_db_description: dupe from neighbor ID %s",
>   inet_ntoa(nbr->id));
>   dupe = 1;
>   }
> @@ -193,9 +192,9 @@ recv_db_description(struct nbr *nbr, cha
>   case NBR_STA_ATTEMPT:
>   case NBR_STA_2_WAY:
>   case NBR_STA_SNAP:
> - log_debug("recv_db_description: packet ignored in state %s, "
> - "neighbor ID %s", nbr_state_name(nbr->state),
> - inet_ntoa(nbr->id));
> + log_debug("recv_db_description: neighbor ID %s: "
> + "packet ignored in state %s", inet_ntoa(nbr->id),
> + nbr_state_name(nbr->state));
>   return;
>   case NBR_STA_INIT:
>   /* evaluate dr and bdr after issuing a 2-Way event */
> @@ -224,9 +223,11 @@ recv_db_description(struct nbr *nbr, cha
>   } else if (!(dd_hdr.bits & (OSPF_DBD_I | OSPF_DBD_MS))) {
>   /* M only case: we are master */
>   if (ntohl(dd_hdr.dd_seq_num) != nbr->dd_seq_num) {
> - log_warnx("recv_db_description: invalid "
> - "seq num, mine %x his %x",
> -   

Re: ospf6d: remove useless orig_rtr_lsa()

2020-01-02 Thread Remi Locherer
On Tue, Dec 31, 2019 at 01:47:08PM +0100, Denis Fondras wrote:
> Rename orig_rtr_lsa_area() to orig_rtr_lsa()
> 
> Now that area is part of iface, original orig_rtr_lsa() is useless. Also
> verifying that area != NULL is not needed in some cases (these are leftovers 
> of
> the previous diff).
> 

OK remi@

> 
> Index: interface.c
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/interface.c,v
> retrieving revision 1.27
> diff -u -p -r1.27 interface.c
> --- interface.c   23 Dec 2019 07:33:49 -  1.27
> +++ interface.c   31 Dec 2019 12:44:15 -
> @@ -144,7 +144,7 @@ if_fsm(struct iface *iface, enum iface_e
>  
>   if (iface->state != old_state) {
>   area_track(iface->area);
> - orig_rtr_lsa(iface);
> + orig_rtr_lsa(iface->area);
>   orig_link_lsa(iface);
>  
>   /* state change inform RDE */
> @@ -395,7 +395,7 @@ if_act_start(struct iface *iface)
>  
>   if (iface->cflags & F_IFACE_PASSIVE) {
>   /* for an update of stub network entries */
> - orig_rtr_lsa(iface);
> + orig_rtr_lsa(iface->area);
>   return (0);
>   }
>  
> @@ -569,7 +569,7 @@ start:
>   nbr_fsm(nbr, NBR_EVT_ADJ_OK);
>   }
>  
> - orig_rtr_lsa(iface);
> + orig_rtr_lsa(iface->area);
>   if (iface->state & IF_STA_DR || old_state & IF_STA_DR)
>   orig_net_lsa(iface);
>   }
> @@ -586,7 +586,7 @@ if_act_reset(struct iface *iface)
>  
>   if (iface->cflags & F_IFACE_PASSIVE) {
>   /* for an update of stub network entries */
> - orig_rtr_lsa(iface);
> + orig_rtr_lsa(iface->area);
>   return (0);
>   }
>  
> Index: neighbor.c
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/neighbor.c,v
> retrieving revision 1.15
> diff -u -p -r1.15 neighbor.c
> --- neighbor.c23 Dec 2019 07:33:49 -  1.15
> +++ neighbor.c31 Dec 2019 12:44:15 -
> @@ -202,7 +202,7 @@ nbr_fsm(struct nbr *nbr, enum nbr_event 
>* neighbor changed from/to FULL
>* originate new rtr and net LSA
>*/
> - orig_rtr_lsa(nbr->iface);
> + orig_rtr_lsa(nbr->iface->area);
>   if (nbr->iface->state & IF_STA_DR)
>   orig_net_lsa(nbr->iface);
>  
> @@ -226,7 +226,7 @@ nbr_fsm(struct nbr *nbr, enum nbr_event 
>   nbr_state_name(nbr->state));
>  
>   if (nbr->iface->type == IF_TYPE_VIRTUALLINK) {
> - orig_rtr_lsa(nbr->iface);
> + orig_rtr_lsa(nbr->iface->area);
>   }
>   }
>  
> Index: ospf6d.c
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/ospf6d.c,v
> retrieving revision 1.45
> diff -u -p -r1.45 ospf6d.c
> --- ospf6d.c  16 Dec 2019 08:28:33 -  1.45
> +++ ospf6d.c  31 Dec 2019 12:44:15 -
> @@ -741,7 +741,7 @@ merge_config(struct ospfd_conf *conf, st
>   }
>   if (a->dirty) {
>   a->dirty = 0;
> - orig_rtr_lsa(LIST_FIRST(&a->iface_list));
> + orig_rtr_lsa(LIST_FIRST(&a->iface_list)->area);
>   }
>   }
>   }
> Index: ospfe.c
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/ospfe.c,v
> retrieving revision 1.59
> diff -u -p -r1.59 ospfe.c
> --- ospfe.c   28 Dec 2019 09:25:24 -  1.59
> +++ ospfe.c   31 Dec 2019 12:44:15 -
> @@ -45,7 +45,6 @@
>  void  ospfe_sig_handler(int, short, void *);
>  __dead void   ospfe_shutdown(void);
>  void  orig_rtr_lsa_all(struct area *);
> -void  orig_rtr_lsa_area(struct area *);
>  struct iface *find_vlink(struct abr_rtr *);
>  
>  struct ospfd_conf*oeconf = NULL, *nconf;
> @@ -301,7 +300,7 @@ ospfe_dispatch_main(int fd, short event,
>   i->depend_ok =
>   ifstate_is_up(ifp);
>   if (ifstate_is_up(i))
> - orig_rtr_lsa(i);
> + orig_rtr_lsa(i->area);
>   }
>   }
>   }
> @@ -600,8 +599,6 @@ ospfe_dispatch_rde(int fd, short event, 
>* flood on all area interfaces on
>* area 0.0.0.0 include also virtual links.
>*/
> - if (nbr->iface->area == NULL)
> - 

Re: ospf6d: refactor link state ack/req

2019-12-27 Thread Remi Locherer
On Tue, Dec 24, 2019 at 10:02:37PM +0100, Denis Fondras wrote:
> Refactor link state ack/req in ospf6d so it looks closer to ospfd.

ok remi@

> Index: lsack.c
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/lsack.c,v
> retrieving revision 1.7
> diff -u -p -r1.7 lsack.c
> --- lsack.c   11 Dec 2019 21:33:56 -  1.7
> +++ lsack.c   24 Dec 2019 20:51:56 -
> @@ -19,7 +19,7 @@
>  #include 
>  #include 
>  #include 
> -#include 
> +#include 
>  #include 
>  
>  #include 
> @@ -30,39 +30,66 @@
>  #include "log.h"
>  #include "ospfe.h"
>  
> -void  start_ls_ack_tx_timer_now(struct iface *);
> +int   send_ls_ack(struct iface *, struct in6_addr, struct ibuf *);
> +struct ibuf  *prepare_ls_ack(struct iface *);
> +void  start_ls_ack_tx_timer_now(struct iface *);
>  
>  /* link state acknowledgement packet handling */
> -int
> -send_ls_ack(struct iface *iface, struct in6_addr addr, void *data, size_t 
> len)
> +struct ibuf *
> +prepare_ls_ack(struct iface *iface)
>  {
>   struct ibuf *buf;
> - int  ret;
>  
> - /* XXX IBUF_READ_SIZE */
> - if ((buf = ibuf_dynamic(PKG_DEF_SIZE, IBUF_READ_SIZE)) == NULL)
> - fatal("send_ls_ack");
> + if ((buf = ibuf_open(iface->mtu - sizeof(struct ip6_hdr))) == NULL) {
> + log_warn("prepare_ls_ack");
> + return (NULL);
> + }
>  
>   /* OSPF header */
> - if (gen_ospf_hdr(buf, iface, PACKET_TYPE_LS_ACK))
> - goto fail;
> + if (gen_ospf_hdr(buf, iface, PACKET_TYPE_LS_ACK)) {
> + log_warn("prepare_ls_ack");
> + ibuf_free(buf);
> + return (NULL);
> + }
>  
> - /* LS ack(s) */
> - if (ibuf_add(buf, data, len))
> - goto fail;
> + return (buf);
> +}
>  
> +int
> +send_ls_ack(struct iface *iface, struct in6_addr addr, struct ibuf *buf)
> +{
>   /* calculate checksum */
> - if (upd_ospf_hdr(buf, iface))
> - goto fail;
> + if (upd_ospf_hdr(buf, iface)) {
> + log_warn("send_ls_ack");
> + return (-1);
> + }
>  
> - ret = send_packet(iface, buf, &addr);
> + if (send_packet(iface, buf, &addr) == -1) {
> + log_warn("send_ls_ack");
> + return (-1);
> + }
> + return (0);
> +}
>  
> +int
> +send_direct_ack(struct iface *iface, struct in6_addr addr, void *d, size_t 
> len)
> +{
> + struct ibuf *buf;
> + int  ret;
> +
> + if ((buf = prepare_ls_ack(iface)) == NULL)
> + return (-1);
> +
> + /* LS ack(s) */
> + if (ibuf_add(buf, d, len)) {
> + log_warn("send_direct_ack");
> + ibuf_free(buf);
> + return (-1);
> + }
> +
> + ret = send_ls_ack(iface, addr, buf);
>   ibuf_free(buf);
>   return (ret);
> -fail:
> - log_warn("send_ls_ack");
> - ibuf_free(buf);
> - return (-1);
>  }
>  
>  void
> @@ -207,41 +234,44 @@ ls_ack_tx_timer(int fd, short event, voi
>  {
>   struct in6_addr  addr;
>   struct iface*iface = arg;
> - struct lsa_hdr  *lsa_hdr;
>   struct lsa_entry*le, *nle;
>   struct nbr  *nbr;
> - char*buf;
> - char*ptr;
> - int  cnt = 0;
> -
> - if ((buf = calloc(1, READ_BUF_SIZE)) == NULL)
> - fatal("ls_ack_tx_timer");
> + struct ibuf *buf;
> + int  cnt;
>  
>   while (!ls_ack_list_empty(iface)) {
> - ptr = buf;
> + if ((buf = prepare_ls_ack(iface)) == NULL)
> + fatal("ls_ack_tx_timer");
>   cnt = 0;
> - for (le = TAILQ_FIRST(&iface->ls_ack_list); le != NULL &&
> - (ptr - buf < iface->mtu - PACKET_HDR); le = nle) {
> +
> + for (le = TAILQ_FIRST(&iface->ls_ack_list); le != NULL;
> + le = nle) {
>   nle = TAILQ_NEXT(le, entry);
> - memcpy(ptr, le->le_lsa, sizeof(struct lsa_hdr));
> - ptr += sizeof(*lsa_hdr);
> + if (ibuf_left(buf) < sizeof(struct lsa_hdr))
> + break;
> + if (ibuf_add(buf, le->le_lsa, sizeof(struct lsa_hdr)))
> + break;
>   ls_ack_list_free(iface, le);
>   cnt++;
>   }
> + if (cnt == 0) {
> + log_warnx("ls_ack_tx_timer: lost in space");
> + ibuf_free(buf);
> + return;
> + }
>  
>   /* send LS ack(s) but first set correct destination */
>   switch (iface->type) {
>   case IF_TYPE_POINTOPOINT:
>   inet_pton(AF_INET6, AllSPFRouters, &addr);
> - send_ls_ack(iface, addr, buf, ptr - buf);
>

ospf6d: type p2p

2019-12-23 Thread Remi Locherer
Hi,

this brings support for interface "type p2p" to ospf6d (ospfd got it a few
weeks ago).

The configuration looks like this:

area 0.0.0.0 {
interface em0 {
type p2p
}
}

OK?

Remi


Index: ospf6d.conf.5
===
RCS file: /cvs/src/usr.sbin/ospf6d/ospf6d.conf.5,v
retrieving revision 1.19
diff -u -p -r1.19 ospf6d.conf.5
--- ospf6d.conf.5   26 May 2019 09:27:09 -  1.19
+++ ospf6d.conf.5   5 Oct 2019 14:17:29 -
@@ -328,6 +328,9 @@ Router.
 .It Ic transmit-delay Ar seconds
 Set the transmit delay.
 The default value is 1; valid range is 1\-3600 seconds.
+.It Ic type p2p
+Set the interface type to point to point.
+This disables the election of a DR and BDR for the given interface.
 .El
 .Sh FILES
 .Bl -tag -width "/etc/ospf6d.conf" -compact
Index: ospf6d.h
===
RCS file: /cvs/src/usr.sbin/ospf6d/ospf6d.h,v
retrieving revision 1.42
diff -u -p -r1.42 ospf6d.h
--- ospf6d.h23 Dec 2019 07:33:49 -  1.42
+++ ospf6d.h23 Dec 2019 09:08:23 -
@@ -329,6 +329,7 @@ struct iface {
u_int8_t if_type;
u_int8_t linkstate;
u_int8_t priority;
+   u_int8_t p2p;
u_int8_t cflags;
 #define F_IFACE_PASSIVE0x01
 #define F_IFACE_CONFIGURED 0x02
Index: parse.y
===
RCS file: /cvs/src/usr.sbin/ospf6d/parse.y,v
retrieving revision 1.47
diff -u -p -r1.47 parse.y
--- parse.y 23 Dec 2019 07:33:49 -  1.47
+++ parse.y 23 Dec 2019 10:40:28 -
@@ -126,7 +126,7 @@ typedef struct {
 
 %token AREA INTERFACE ROUTERID FIBPRIORITY FIBUPDATE REDISTRIBUTE RTLABEL
 %token RDOMAIN STUB ROUTER SPFDELAY SPFHOLDTIME EXTTAG
-%token METRIC PASSIVE
+%token METRIC P2P PASSIVE
 %token HELLOINTERVAL TRANSMITDELAY
 %token RETRANSMITINTERVAL ROUTERDEADTIME ROUTERPRIORITY
 %token SET TYPE
@@ -566,6 +566,10 @@ interfaceopts_l: interfaceopts_l interf
;
 
 interfaceoptsl : PASSIVE   { iface->cflags |= F_IFACE_PASSIVE; }
+   | TYPE P2P  {
+   iface->p2p = 1;
+   iface->type = IF_TYPE_POINTOPOINT;
+   }
| DEMOTE STRING {
if (strlcpy(iface->demote_group, $2,
sizeof(iface->demote_group)) >=
@@ -645,6 +649,7 @@ lookup(char *s)
{"metric",  METRIC},
{"no",  NO},
{"on",  ON},
+   {"p2p", P2P},
{"passive", PASSIVE},
{"rdomain", RDOMAIN},
{"redistribute",REDISTRIBUTE},
Index: printconf.c
===
RCS file: /cvs/src/usr.sbin/ospf6d/printconf.c,v
retrieving revision 1.8
diff -u -p -r1.8 printconf.c
--- printconf.c 29 Dec 2018 16:04:31 -  1.8
+++ printconf.c 5 Oct 2019 14:14:19 -
@@ -135,6 +135,9 @@ print_iface(struct iface *iface)
printf("\t\trouter-priority %d\n", iface->priority);
printf("\t\ttransmit-delay %d\n", iface->transmit_delay);
 
+   if (iface->p2p)
+   printf("\t\ttype p2p\n");
+
printf("\t}\n");
 }
 



Re: ospf6d: add basic regress tests

2019-12-23 Thread Remi Locherer
On Sun, Dec 22, 2019 at 08:36:41PM +0100, Denis Fondras wrote:
> Add basic regress test to ospf6d.

Works for me. OK remi@

The tests also succeed when I reduce the sleep from 120 to 60.
A few lines end with a space. I marked them below.

Remi

> 
> Index: ospf6d/Makefile
> ===
> RCS file: ospf6d/Makefile
> diff -N ospf6d/Makefile
> --- /dev/null 1 Jan 1970 00:00:00 -
> +++ ospf6d/Makefile   22 Dec 2019 19:27:27 -
> @@ -0,0 +1,10 @@
> +# $OpenBSD$
> +
> +REGRESS_TARGETS  =   network_statement
> +
> +OSPF6D ?=/usr/sbin/ospf6d
> +
> +network_statement:
> + ${SUDO} ksh ${.CURDIR}/$@.sh ${OSPF6D} ${.CURDIR} 11 12 pair11 pair12
> +
> +.include 
> Index: ospf6d/network_statement.sh
> ===
> RCS file: ospf6d/network_statement.sh
> diff -N ospf6d/network_statement.sh
> --- /dev/null 1 Jan 1970 00:00:00 -
> +++ ospf6d/network_statement.sh   22 Dec 2019 19:27:27 -
> @@ -0,0 +1,107 @@
> +#!/bin/ksh
> +#$OpenBSD$
> +set -e
> +
> +OSPF6D=$1
> +OSPF6DCONFIGDIR=$2
> +RDOMAIN1=$3
> +RDOMAIN2=$4
> +PAIR1=$5
> +PAIR2=$6
> +
> +RDOMAINS="${RDOMAIN1} ${RDOMAIN2}"
> +PAIRS="${PAIR1} ${PAIR2}"
> +PAIR1IP=2001:db8::${RDOMAIN1}
> +PAIR2IP=2001:db8::${RDOMAIN2}
> +PAIR1PREFIX=2001:db8:${RDOMAIN1}::
> +PAIR2PREFIX=2001:db8:${RDOMAIN2}::
> +PAIR2PREFIX2=2001:db8:${RDOMAIN2}:${RDOMAIN2}::
> +
> +error_notify() {
> + echo cleanup
> + pkill -T ${RDOMAIN1} ospf6d || true
> + pkill -T ${RDOMAIN2} ospf6d || true
> + sleep 1
> + ifconfig ${PAIR2} destroy || true
> + ifconfig ${PAIR1} destroy || true
> + ifconfig vether${RDOMAIN1} destroy || true
> + ifconfig vether${RDOMAIN2} destroy || true
> + route -qn -T ${RDOMAIN1} flush || true
> + route -qn -T ${RDOMAIN2} flush || true
> + ifconfig lo${RDOMAIN1} destroy || true
> + ifconfig lo${RDOMAIN2} destroy || true
> + rm ospf6d.1.conf ospf6d.2.conf
> + if [ $1 -ne 0 ]; then
> + echo FAILED
> + exit 1
> + else
> + echo SUCCESS
> + fi
> +}
> +
> +if [ "$(id -u)" -ne 0 ]; then 
^

> + echo need root privileges >&2
> + exit 1
> +fi
> +
> +trap 'error_notify $?' EXIT
> +
> +echo check if rdomains are busy
> +for n in ${RDOMAINS}; do
> + if /sbin/ifconfig | grep -v "^lo${n}:" | grep " rdomain ${n} "; then
> + echo routing domain ${n} is already used >&2
> + exit 1
> + fi
> +done
> +
> +echo check if interfaces are busy
> +for n in ${PAIRS}; do
> + /sbin/ifconfig "${n}" >/dev/null 2>&1 && \
> + ( echo interface ${n} is already used >&2; exit 1 )
> +done
> +
> +set -x
> +
> +echo setup
> +ifconfig ${PAIR1} inet6 rdomain ${RDOMAIN1} ${PAIR1IP}/64 up
> +ifconfig ${PAIR2} inet6 rdomain ${RDOMAIN2} ${PAIR2IP}/64 up
> +ifconfig ${PAIR1} patch ${PAIR2}
> +ifconfig lo${RDOMAIN1} inet 127.0.0.1/8
> +ifconfig lo${RDOMAIN2} inet 127.0.0.1/8
> +ifconfig vether${RDOMAIN1} inet6 rdomain ${RDOMAIN1} ${PAIR1PREFIX}/64 up
> +ifconfig vether${RDOMAIN2} inet6 rdomain ${RDOMAIN2} ${PAIR2PREFIX}/64 up
> +ifconfig vether${RDOMAIN2} inet6 rdomain ${RDOMAIN2} ${PAIR2PREFIX2}/64 up
> +sed "s/{RDOMAIN1}/${RDOMAIN1}/g;s/{PAIR1}/${PAIR1}/g" \
> +ospf6d.network_statement.rdomain1.conf > ospf6d.1.conf
> +chmod 0600 ospf6d.1.conf
> +sed "s/{RDOMAIN2}/${RDOMAIN2}/g;s/{PAIR2}/${PAIR2}/g" \
> +ospf6d.network_statement.rdomain2.conf > ospf6d.2.conf
> +chmod 0600 ospf6d.2.conf 
   ^

> +
> +echo add routes
> +route -T ${RDOMAIN2} add -inet6 default ${PAIR2PREFIX}1
> +route -T ${RDOMAIN2} add 2001:db8:::/126 ${PAIR2PREFIX}2
> +route -T ${RDOMAIN2} add 2001:db8:fffe::/64 ${PAIR2PREFIX}3 -label toOSPF
> +
> +echo start ospf6d
> +route -T ${RDOMAIN1} exec ${OSPF6D} \
> +-v -f ${OSPF6DCONFIGDIR}/ospf6d.1.conf
> +route -T ${RDOMAIN2} exec ${OSPF6D} \
> +-v -f ${OSPF6DCONFIGDIR}/ospf6d.2.conf
> +
> +sleep 120
> +
> +echo tests
> +route -T ${RDOMAIN1} exec ospf6ctl sh fib
> +route -T ${RDOMAIN1} exec ospf6ctl sh rib | \
> +grep ${PAIR2PREFIX}/64
> +route -T ${RDOMAIN1} exec ospf6ctl sh rib | \
> +grep ${PAIR2PREFIX2}/64
> +route -T ${RDOMAIN1} exec ospf6ctl sh rib | \
> +grep "2001:db8:::/126"
> +route -T ${RDOMAIN1} exec ospf6ctl sh rib | \
> +grep "::/0"
> +route -T ${RDOMAIN1} exec ospf6ctl sh rib | \
> +grep "2001:db8:fffe::/64"
> +
> +exit 0
> Index: ospf6d/ospf6d.network_statement.rdomain1.conf
> ===
> RCS file: ospf6d/ospf6d.network_statement.rdomain1.conf
> diff -N ospf6d/ospf6d.network_statement.rdomain1.conf
> --- /dev/null 1 Jan 1970 00:00:00 -
> +++ ospf6d/ospf6d.network_statement.rdomain1.conf 22 Dec 2019 19:27:27 
> -
> @@ -0,0 +1,10 @@
> +router-id 1.1.1.1
> +rdomain {RDOMAIN1}
> +
> +fib-priority 62
> +
> +area 10.0.0.1 {
> + 

Re: ospf6d: warn when a neighbor changes its source address

2019-12-23 Thread Remi Locherer
On Sun, Dec 22, 2019 at 10:32:12PM +0100, Denis Fondras wrote:
> On Sun, Dec 22, 2019 at 10:06:40PM +0100, Remi Locherer wrote:
> > this is similar to ospfd's hello.c rev 1.23.
> > 
> > OK?
> > 
> > Remi
> > 
> > 
> > Index: hello.c
> > ===
> > RCS file: /cvs/src/usr.sbin/ospf6d/hello.c,v
> > retrieving revision 1.19
> > diff -u -p -r1.19 hello.c
> > --- hello.c 11 Dec 2019 21:33:56 -  1.19
> > +++ hello.c 22 Dec 2019 20:46:01 -
> > @@ -173,10 +173,16 @@ recv_hello(struct iface *iface, struct i
> > nbr->dr.s_addr = hello.d_rtr;
> > nbr->bdr.s_addr = hello.bd_rtr;
> > nbr->priority = LSA_24_GETHI(ntohl(hello.opts));
> > +   /* XXX neighbor address shouldn't be stored on virtual links */
> > +   nbr->addr = *src;
> > +   }
> > +
> > +   if (memcmp(&nbr->addr, src, sizeof(struct in6_addr)) != 0) {
> 
> Can you use IN6_ARE_ADDR_EQUAL() macro instead of memcmp() to be consistent 
> with
> other address comparison ?

Yes, that makes sense. Thank you!

> Otherwise OK denis@
> 
> > +   log_warnx("%s: neighbor ID %s changed its address to %s",
> > +   __func__, inet_ntoa(nbr->id), log_in6addr(src));
> > +   nbr->addr = *src;
> > }
> >  
> > -   /* actually the neighbor address shouldn't be stored on virtual links */
> > -   nbr->addr = *src;
> > nbr->options = opts;
> >  
> > nbr_fsm(nbr, NBR_EVT_HELLO_RCVD);
> > 
> 



Re: ospf6d: add reference to area in struct iface

2019-12-22 Thread Remi Locherer
On Sun, Dec 22, 2019 at 06:35:47PM +0100, Denis Fondras wrote:
> area is now part of struct iface
> 
> Code looks cleaner and more like ospfd.

ok remi@

> 
> Index: area.c
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/area.c,v
> retrieving revision 1.4
> diff -u -p -r1.4 area.c
> --- area.c28 Dec 2008 20:08:31 -  1.4
> +++ area.c22 Dec 2019 17:18:49 -
> @@ -88,19 +88,24 @@ area_find(struct ospfd_conf *conf, struc
>  }
>  
>  void
> -area_track(struct area *area, int state)
> +area_track(struct area *area)
>  {
> - int old = area->active;
> + int  old = area->active;
> + struct iface*iface;
>  
> - if (state & NBR_STA_FULL)
> - area->active++;
> - else if (area->active == 0)
> - fatalx("area_track: area already inactive");
> - else
> - area->active--;
> -
> - if (area->active == 0 || old == 0)
> + area->active = 0;
> + LIST_FOREACH(iface, &area->iface_list, entry) {
> + if (iface->state & IF_STA_DOWN)
> + continue;
> + area->active = 1;
> + break;
> + }
> +
> + if (area->active != old) {
> + ospfe_imsg_compose_rde(IMSG_AREA_CHANGE, area->id.s_addr, 0,
> + &area->active, sizeof(area->active));
>   ospfe_demote_area(area, old == 0);
> + }
>  }
>  
>  int
> @@ -110,7 +115,7 @@ area_border_router(struct ospfd_conf *co
>   int  active = 0;
>  
>   LIST_FOREACH(area, &conf->area_list, entry)
> - if (area->active > 0)
> + if (area->active)
>   active++;
>  
>   return (active > 1);
> @@ -124,5 +129,5 @@ area_ospf_options(struct area *area)
>   if (area && !area->stub)
>   opt |= OSPF_OPTION_E;
>  
> - return opt;
> + return (opt);
>  }
> Index: database.c
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/database.c,v
> retrieving revision 1.17
> diff -u -p -r1.17 database.c
> --- database.c11 Dec 2019 21:33:56 -  1.17
> +++ database.c22 Dec 2019 17:18:49 -
> @@ -134,8 +134,7 @@ send_db_description(struct nbr *nbr)
>   fatalx("send_db_description: unknown interface type");
>   }
>  
> - dd_hdr.opts = htonl(area_ospf_options(area_find(oeconf,
> - nbr->iface->area_id)));
> + dd_hdr.opts = htonl(area_ospf_options(nbr->iface->area));
>   dd_hdr.bits = bits;
>   dd_hdr.dd_seq_num = htonl(nbr->dd_seq_num);
>  
> Index: hello.c
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/hello.c,v
> retrieving revision 1.19
> diff -u -p -r1.19 hello.c
> --- hello.c   11 Dec 2019 21:33:56 -  1.19
> +++ hello.c   22 Dec 2019 17:18:49 -
> @@ -72,7 +72,7 @@ send_hello(struct iface *iface)
>   /* hello header */
>   hello.iface_id = htonl(iface->ifindex);
>   LSA_24_SETHI(hello.opts, iface->priority);
> - opts = area_ospf_options(area_find(oeconf, iface->area_id));
> + opts = area_ospf_options(iface->area);
>   LSA_24_SETLO(hello.opts, opts);
>   hello.opts = htonl(hello.opts);
>  
> @@ -148,7 +148,7 @@ recv_hello(struct iface *iface, struct i
>   return;
>   }
>  
> - if ((area = area_find(oeconf, iface->area_id)) == NULL)
> + if ((area = iface->area) == NULL)
>   fatalx("interface lost area");
>  
>   opts = LSA_24_GETLO(ntohl(hello.opts));
> Index: interface.c
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/interface.c,v
> retrieving revision 1.26
> diff -u -p -r1.26 interface.c
> --- interface.c   22 Dec 2019 15:34:52 -  1.26
> +++ interface.c   22 Dec 2019 17:18:49 -
> @@ -143,6 +143,7 @@ if_fsm(struct iface *iface, enum iface_e
>   iface->state = new_state;
>  
>   if (iface->state != old_state) {
> + area_track(iface->area);
>   orig_rtr_lsa(iface);
>   orig_link_lsa(iface);
>  
> @@ -649,7 +650,7 @@ if_to_ctl(struct iface *iface)
>   memcpy(ictl.name, iface->name, sizeof(ictl.name));
>   memcpy(&ictl.addr, &iface->addr, sizeof(ictl.addr));
>   ictl.rtr_id.s_addr = ospfe_router_id();
> - memcpy(&ictl.area, &iface->area_id, sizeof(ictl.area));
> + memcpy(&ictl.area, &iface->area->id, sizeof(ictl.area));
>   if (iface->dr) {
>   memcpy(&ictl.dr_id, &iface->dr->id, sizeof(ictl.dr_id));
>   memcpy(&ictl.dr_addr, &iface->dr->addr, sizeof(ictl.dr_addr));
> Index: neighbor.c
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/neighbor.c,v
> retrieving revision 1.14
> diff -u -p -r1.14 neighbor.c
> --- neighbor.c9 Feb 2018 03:53:37 -   1.14
> +++ neighbor.c22 De

ospf6d: warn when a neighbor changes its source address

2019-12-22 Thread Remi Locherer
this is similar to ospfd's hello.c rev 1.23.

OK?

Remi


Index: hello.c
===
RCS file: /cvs/src/usr.sbin/ospf6d/hello.c,v
retrieving revision 1.19
diff -u -p -r1.19 hello.c
--- hello.c 11 Dec 2019 21:33:56 -  1.19
+++ hello.c 22 Dec 2019 20:46:01 -
@@ -173,10 +173,16 @@ recv_hello(struct iface *iface, struct i
nbr->dr.s_addr = hello.d_rtr;
nbr->bdr.s_addr = hello.bd_rtr;
nbr->priority = LSA_24_GETHI(ntohl(hello.opts));
+   /* XXX neighbor address shouldn't be stored on virtual links */
+   nbr->addr = *src;
+   }
+
+   if (memcmp(&nbr->addr, src, sizeof(struct in6_addr)) != 0) {
+   log_warnx("%s: neighbor ID %s changed its address to %s",
+   __func__, inet_ntoa(nbr->id), log_in6addr(src));
+   nbr->addr = *src;
}
 
-   /* actually the neighbor address shouldn't be stored on virtual links */
-   nbr->addr = *src;
nbr->options = opts;
 
nbr_fsm(nbr, NBR_EVT_HELLO_RCVD);



Re: ospf6d: scale send buffer

2019-12-22 Thread Remi Locherer
On Sun, Dec 22, 2019 at 03:27:05PM +0100, Denis Fondras wrote:
> Trivial diff to scale send buffer on socket.

ok remi@

> 
> Index: interface.c
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/interface.c,v
> retrieving revision 1.25
> diff -u -p -r1.25 interface.c
> --- interface.c   28 Jun 2019 13:32:49 -  1.25
> +++ interface.c   22 Dec 2019 14:09:20 -
> @@ -708,7 +708,7 @@ if_to_ctl(struct iface *iface)
>  
>  /* misc */
>  void
> -if_set_recvbuf(int fd)
> +if_set_sockbuf(int fd)
>  {
>   int bsize;
>  
> @@ -718,7 +718,15 @@ if_set_recvbuf(int fd)
>   bsize /= 2;
>  
>   if (bsize != 256 * 1024)
> - log_warnx("if_set_recvbuf: recvbuf size only %d", bsize);
> + log_warnx("if_set_sockbuf: recvbuf size only %d", bsize);
> +
> + bsize = 64 * 1024;
> + while (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &bsize,
> + sizeof(bsize)) == -1)
> + bsize /= 2;
> +
> + if (bsize != 64 * 1024)
> + log_warnx("if_set_sockbuf: sendbuf size only %d", bsize);
>  }
>  
>  int
> Index: ospfe.c
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/ospfe.c,v
> retrieving revision 1.56
> diff -u -p -r1.56 ospfe.c
> --- ospfe.c   11 Jun 2019 05:00:09 -  1.56
> +++ ospfe.c   22 Dec 2019 14:09:20 -
> @@ -99,7 +99,7 @@ ospfe(struct ospfd_conf *xconf, int pipe
>   fatal("if_set_ipv6_checksum");
>   if (if_set_ipv6_pktinfo(xconf->ospf_socket, 1) == -1)
>   fatal("if_set_ipv6_pktinfo");
> - if_set_recvbuf(xconf->ospf_socket);
> + if_set_sockbuf(xconf->ospf_socket);
>  
>   oeconf = xconf;
>   if (oeconf->flags & OSPFD_FLAG_NO_FIB_UPDATE)
> Index: ospfe.h
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/ospfe.h,v
> retrieving revision 1.20
> diff -u -p -r1.20 ospfe.h
> --- ospfe.h   11 Dec 2019 21:33:56 -  1.20
> +++ ospfe.h   22 Dec 2019 14:09:20 -
> @@ -142,7 +142,7 @@ struct ctl_iface  *if_to_ctl(struct iface
>  int   if_join_group(struct iface *, struct in6_addr *);
>  int   if_leave_group(struct iface *, struct in6_addr *);
>  int   if_set_mcast(struct iface *);
> -void  if_set_recvbuf(int);
> +void  if_set_sockbuf(int);
>  int   if_set_mcast_loop(int);
>  int   if_set_ipv6_pktinfo(int, int);
>  int   if_set_ipv6_checksum(int);
> 



Re: ospf6d: rework priority handling

2019-12-15 Thread Remi Locherer
reads good to me (but I did not test).

On Sun, Dec 15, 2019 at 09:56:15AM +0100, Denis Fondras wrote:
> 
> Index: kroute.c
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/kroute.c,v
> retrieving revision 1.61
> diff -u -p -r1.61 kroute.c
> --- kroute.c  12 Dec 2019 08:21:34 -  1.61
> +++ kroute.c  15 Dec 2019 08:42:10 -
> @@ -97,10 +97,11 @@ RB_PROTOTYPE(kroute_tree, kroute_node, e
>  RB_GENERATE(kroute_tree, kroute_node, entry, kroute_compare)
>  
>  int
> -kr_init(int fs, u_int rdomain, u_int8_t fib_prio)
> +kr_init(int fs, u_int rdomain, int redis_label_or_prefix, u_int8_t fib_prio)
>  {
>   int opt = 0, rcvbuf, default_rcvbuf;
>   socklen_t   optlen;
> + int filter_prio = fib_prio;
>  
>   kr_state.fib_sync = fs;
>   kr_state.rdomain = rdomain;
> @@ -117,6 +118,18 @@ kr_init(int fs, u_int rdomain, u_int8_t 
>   &opt, sizeof(opt)) == -1)
>   log_warn("kr_init: setsockopt");/* not fatal */
>  
> + if (redis_label_or_prefix) {
> + filter_prio = 0;
> + log_info("%s: priority filter disabled", __func__);
> + } else
> + log_debug("%s: priority filter enabled", __func__);
> +
> + if (setsockopt(kr_state.fd, AF_ROUTE, ROUTE_PRIOFILTER, &filter_prio,
> + sizeof(filter_prio)) == -1) {
> + log_warn("%s: setsockopt AF_ROUTE ROUTE_PRIOFILTER", __func__);
> + /* not fatal */
> + }
> +
>   /* grow receive buffer, don't wanna miss messages */
>   optlen = sizeof(default_rcvbuf);
>   if (getsockopt(kr_state.fd, SOL_SOCKET, SO_RCVBUF,
> @@ -353,6 +366,21 @@ kr_fib_decouple(void)
>   log_info("kernel routing table decoupled");
>  }
>  
> +void
> +kr_fib_update_prio(u_int8_t fib_prio)
> +{
> + struct kroute_node  *kr;
> +
> + RB_FOREACH(kr, kroute_tree, &krt)
> + if ((kr->r.flags & F_OSPFD_INSERTED))
> + kr->r.priority = fib_prio;
> +
> + log_info("fib priority changed from %hhu to %hhu", kr_state.fib_prio,
> + fib_prio);
> +
> + kr_state.fib_prio = fib_prio;
> +}
> +
>  /* ARGSUSED */
>  void
>  kr_dispatch_msg(int fd, short event, void *bula)
> @@ -522,11 +550,25 @@ kr_redistribute(struct kroute_node *kh)
>  }
>  
>  void
> -kr_reload(void)
> +kr_reload(int redis_label_or_prefix)
>  {
>   struct kroute_node  *kr, *kn;
>   u_int32_tdummy;
>   int  r;
> + int  filter_prio = kr_state.fib_prio;
> +
> + /* update the priority filter */
> + if (redis_label_or_prefix) {
> + filter_prio = 0;
> + log_info("%s: priority filter disabled", __func__);
> + } else
> + log_debug("%s: priority filter enabled", __func__);
> +
> + if (setsockopt(kr_state.fd, AF_ROUTE, ROUTE_PRIOFILTER, &filter_prio,
> + sizeof(filter_prio)) == -1) {
> + log_warn("%s: setsockopt AF_ROUTE ROUTE_PRIOFILTER", __func__);
> + /* not fatal */
> + }
>  
>   RB_FOREACH(kr, kroute_tree, &krt) {
>   for (kn = kr; kn; kn = kn->next) {
> Index: ospf6d.c
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/ospf6d.c,v
> retrieving revision 1.44
> diff -u -p -r1.44 ospf6d.c
> --- ospf6d.c  25 Mar 2019 20:53:33 -  1.44
> +++ ospf6d.c  15 Dec 2019 08:42:10 -
> @@ -280,7 +280,8 @@ main(int argc, char *argv[])
>   fatal("unveil");
>  
>   if (kr_init(!(ospfd_conf->flags & OSPFD_FLAG_NO_FIB_UPDATE),
> - ospfd_conf->rdomain, ospfd_conf->fib_priority) == -1)
> + ospfd_conf->rdomain, ospfd_conf->redist_label_or_prefix,
> + ospfd_conf->fib_priority) == -1)
>   fatalx("kr_init failed");
>  
>   event_dispatch();
> @@ -631,7 +632,7 @@ ospf_reload(void)
>  
>   merge_config(ospfd_conf, xconf);
>   /* update redistribute lists */
> - kr_reload();
> + kr_reload(ospfd_conf->redist_label_or_prefix);
>   return (0);
>  #else
>   return (-1);
> @@ -654,12 +655,16 @@ merge_config(struct ospfd_conf *conf, st
>   struct area *a, *xa, *na;
>   struct iface*iface;
>   struct redistribute *r;
> + int  rchange = 0;
>  
>   /* change of rtr_id needs a restart */
>   conf->flags = xconf->flags;
>   conf->spf_delay = xconf->spf_delay;
>   conf->spf_hold_time = xconf->spf_hold_time;
> - conf->redistribute = xconf->redistribute;
> + if (SIMPLEQ_EMPTY(&conf->redist_list) !=
> + SIMPLEQ_EMPTY(&xconf->redist_list))
> + rchange = 1;
> + conf->redist_label_or_prefix = xconf->redist_label_or_prefix;
>  
>   if (ospfd_process == PROC_MAIN) {
>   /* main process does neither use areas nor interfaces */
> @@ -671,6 +676,15 @@ merge_config(struct ospfd_conf *conf

Re: ospf6d: rework redist_list and area

2019-12-14 Thread Remi Locherer
On Sat, Dec 14, 2019 at 12:05:57PM +0100, Denis Fondras wrote:
> Still working towards bringing ospf6d and ospfd closer.
> 
> area is now part of struct iface.

Makes sense to me.

> redist_list is part of struct area.

In ospfd the redist_list per area is only used to redistribute a default
route into a stub area. ospf6d does not have proper support for multiple
areas yet. I think we should only add support for stub areas once we implement
multi area support.

Maybe you can split your diff into smaller parts? E.g. the priority filter
in kr_init() could be a diff on it's own.

Remi



Re: ospf6d: refactor kernel route message handling

2019-12-11 Thread Remi Locherer
On Wed, Dec 11, 2019 at 04:38:38PM +0100, Denis Fondras wrote:
> On Tue, Dec 10, 2019 at 09:51:12PM +0100, Remi Locherer wrote:
> > Unfortunately redistribute does not work anymore.
> > 
> 
> Indeed, simple tests are too simple...
> 
> Here is an updated diff.

ok remi@

> 
> Index: kroute.c
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/kroute.c,v
> retrieving revision 1.60
> diff -u -p -r1.60 kroute.c
> --- kroute.c  2 Jan 2019 21:32:55 -   1.60
> +++ kroute.c  11 Dec 2019 14:51:25 -
> @@ -80,7 +80,7 @@ struct kroute_node  *kroute_match(struct 
>  
>  int  protect_lo(void);
>  void get_rtaddrs(int, struct sockaddr *, struct sockaddr **);
> -void if_change(u_short, int, struct if_data *);
> +void if_change(u_short, int, struct if_data *, struct sockaddr_dl *);
>  void if_newaddr(u_short, struct sockaddr_in6 *,
>   struct sockaddr_in6 *, struct sockaddr_in6 *);
>  void if_deladdr(u_short, struct sockaddr_in6 *,
> @@ -90,6 +90,7 @@ voidif_announce(void *);
>  int  send_rtmsg(int, int, struct kroute *);
>  int  dispatch_rtmsg(void);
>  int  fetchtable(void);
> +int  rtmsg_process(char *, size_t); 
>  
>  RB_HEAD(kroute_tree, kroute_node)krt;
>  RB_PROTOTYPE(kroute_tree, kroute_node, entry, kroute_compare)
> @@ -801,7 +802,8 @@ get_rtaddrs(int addrs, struct sockaddr *
>  }
>  
>  void
> -if_change(u_short ifindex, int flags, struct if_data *ifd)
> +if_change(u_short ifindex, int flags, struct if_data *ifd,
> +struct sockaddr_dl *sdl)
>  {
>   struct kroute_node  *kr, *tkr;
>   struct iface*iface;
> @@ -809,7 +811,7 @@ if_change(u_short ifindex, int flags, st
>  
>   wasvalid = kif_validate(ifindex);
>  
> - if ((iface = kif_update(ifindex, flags, ifd, NULL)) == NULL) {
> + if ((iface = kif_update(ifindex, flags, ifd, sdl)) == NULL) {
>   log_warn("if_change: kif_update(%u)", ifindex);
>   return;
>   }
> @@ -1135,12 +1137,8 @@ fetchtable(void)
>  {
>   size_t   len;
>   int  mib[7];
> - char*buf, *next, *lim;
> - struct rt_msghdr*rtm;
> - struct sockaddr *sa, *rti_info[RTAX_MAX];
> - struct sockaddr_in6 *sa_in6;
> - struct sockaddr_rtlabel *label;
> - struct kroute_node  *kr;
> + char*buf;
> + int  rv;
>  
>   mib[0] = CTL_NET;
>   mib[1] = PF_ROUTE;
> @@ -1164,102 +1162,10 @@ fetchtable(void)
>   return (-1);
>   }
>  
> - lim = buf + len;
> - for (next = buf; next < lim; next += rtm->rtm_msglen) {
> - rtm = (struct rt_msghdr *)next;
> - if (rtm->rtm_version != RTM_VERSION)
> - continue;
> - sa = (struct sockaddr *)(next + rtm->rtm_hdrlen);
> - get_rtaddrs(rtm->rtm_addrs, sa, rti_info);
> -
> - if ((sa = rti_info[RTAX_DST]) == NULL)
> - continue;
> -
> - /* Skip ARP/ND cache and broadcast routes. */
> - if (rtm->rtm_flags & (RTF_LLINFO|RTF_BROADCAST))
> - continue;
> -
> - if ((kr = calloc(1, sizeof(struct kroute_node))) == NULL) {
> - log_warn("fetchtable");
> - free(buf);
> - return (-1);
> - }
> -
> - kr->r.flags = F_KERNEL;
> - kr->r.priority = rtm->rtm_priority;
> -
> - switch (sa->sa_family) {
> - case AF_INET6:
> - kr->r.prefix =
> - ((struct sockaddr_in6 *)sa)->sin6_addr;
> - sa_in6 = (struct sockaddr_in6 *)rti_info[RTAX_NETMASK];
> - if (rtm->rtm_flags & RTF_STATIC)
> - kr->r.flags |= F_STATIC;
> - if (rtm->rtm_flags & RTF_BLACKHOLE)
> - kr->r.flags |= F_BLACKHOLE;
> - if (rtm->rtm_flags & RTF_REJECT)
> - kr->r.flags |= F_REJECT;
> - if (rtm->rtm_flags & RTF_DYNAMIC)
> - kr->r.flags |= F_DYNAMIC;
> - if (sa_in6 != NULL) {
> - if (sa_in6->sin6_len == 0)
> - break;
> - kr->r.prefixlen =
&g

Re: ripd: memory leak and double free/use-after-free

2019-12-11 Thread Remi Locherer
On Wed, Dec 11, 2019 at 10:11:58AM +0100, Sebastian Benoit wrote:
> Remi Locherer(remi.loche...@relo.ch) on 2019.12.10 22:39:32 +0100:
> > On Tue, Dec 10, 2019 at 07:05:27PM +0100, Hiltjo Posthuma wrote:
> > > Hi,
> > > 
> > > While looking at the code of ripd:
> > > 
> > > I think there are (also) 2 small memleaks in a debug/error path
> > > (IMSG_REQUEST_ADD and IMSG_RESPONSE_ADD). It breaks out before adding the
> > > struct rip_route as an entry by the add_entry function (which adds it and 
> > > adds
> > > a reference count) in the log_debug block.
> > > 
> > > clang-analyzer also pointed at a double-free and use of free'd data: the
> > > function kroute_insert frees kr and returns -1 when struct kroute is 
> > > duplicate.
> > > 
> > > Patch below (untested):
> > > 
> > 
> > OK remi@
> 
> go ahead and commit it, ok benno@

Thank you for the patch! I just committed it.

Remi

> 
> > 
> > > 
> > > diff --git a/usr.sbin/ripd/kroute.c b/usr.sbin/ripd/kroute.c
> > > index 6e7449e0909..71758a75e44 100644
> > > --- a/usr.sbin/ripd/kroute.c
> > > +++ b/usr.sbin/ripd/kroute.c
> > > @@ -183,8 +183,7 @@ kr_change_fib(struct kroute_node *kr, struct kroute 
> > > *kroute, int action)
> > >  
> > >   if (kroute_insert(kr) == -1) {
> > >   log_debug("kr_update_fib: cannot insert %s",
> > > - inet_ntoa(kr->r.nexthop));
> > > - free(kr);
> > > + inet_ntoa(kroute->nexthop));
> > >   }
> > >   } else
> > >   kr->r.nexthop.s_addr = kroute->nexthop.s_addr;
> > > diff --git a/usr.sbin/ripd/ripe.c b/usr.sbin/ripd/ripe.c
> > > index d83901e245f..1f6f9b6583f 100644
> > > --- a/usr.sbin/ripd/ripe.c
> > > +++ b/usr.sbin/ripd/ripe.c
> > > @@ -351,6 +351,7 @@ ripe_dispatch_rde(int fd, short event, void *bula)
> > >   NULL) {
> > >   log_debug("unknown neighbor id %u",
> > >   imsg.hdr.peerid);
> > > + free(rr);
> > >   break;
> > >   }
> > >   add_entry(&nbr->rq_list, rr);
> > > @@ -396,6 +397,7 @@ ripe_dispatch_rde(int fd, short event, void *bula)
> > >   if ((nbr = nbr_find_peerid(imsg.hdr.peerid)) == NULL) {
> > >   log_debug("unknown neighbor id %u",
> > >   imsg.hdr.peerid);
> > > + free(rr);
> > >   break;
> > >   }
> > >   iface = nbr->iface;
> > > 
> > > -- 
> > > Kind regards,
> > > Hiltjo
> > > 
> > 
> 



Re: ripd: memory leak and double free/use-after-free

2019-12-10 Thread Remi Locherer
On Tue, Dec 10, 2019 at 07:05:27PM +0100, Hiltjo Posthuma wrote:
> Hi,
> 
> While looking at the code of ripd:
> 
> I think there are (also) 2 small memleaks in a debug/error path
> (IMSG_REQUEST_ADD and IMSG_RESPONSE_ADD). It breaks out before adding the
> struct rip_route as an entry by the add_entry function (which adds it and adds
> a reference count) in the log_debug block.
> 
> clang-analyzer also pointed at a double-free and use of free'd data: the
> function kroute_insert frees kr and returns -1 when struct kroute is 
> duplicate.
> 
> Patch below (untested):
> 

OK remi@

> 
> diff --git a/usr.sbin/ripd/kroute.c b/usr.sbin/ripd/kroute.c
> index 6e7449e0909..71758a75e44 100644
> --- a/usr.sbin/ripd/kroute.c
> +++ b/usr.sbin/ripd/kroute.c
> @@ -183,8 +183,7 @@ kr_change_fib(struct kroute_node *kr, struct kroute 
> *kroute, int action)
>  
>   if (kroute_insert(kr) == -1) {
>   log_debug("kr_update_fib: cannot insert %s",
> - inet_ntoa(kr->r.nexthop));
> - free(kr);
> + inet_ntoa(kroute->nexthop));
>   }
>   } else
>   kr->r.nexthop.s_addr = kroute->nexthop.s_addr;
> diff --git a/usr.sbin/ripd/ripe.c b/usr.sbin/ripd/ripe.c
> index d83901e245f..1f6f9b6583f 100644
> --- a/usr.sbin/ripd/ripe.c
> +++ b/usr.sbin/ripd/ripe.c
> @@ -351,6 +351,7 @@ ripe_dispatch_rde(int fd, short event, void *bula)
>   NULL) {
>   log_debug("unknown neighbor id %u",
>   imsg.hdr.peerid);
> + free(rr);
>   break;
>   }
>   add_entry(&nbr->rq_list, rr);
> @@ -396,6 +397,7 @@ ripe_dispatch_rde(int fd, short event, void *bula)
>   if ((nbr = nbr_find_peerid(imsg.hdr.peerid)) == NULL) {
>   log_debug("unknown neighbor id %u",
>   imsg.hdr.peerid);
> + free(rr);
>   break;
>   }
>   iface = nbr->iface;
> 
> -- 
> Kind regards,
> Hiltjo
> 



Re: ospf6d: refactor kernel route message handling

2019-12-10 Thread Remi Locherer
On Mon, Dec 09, 2019 at 07:31:11PM +0100, Denis Fondras wrote:
> Give some love to ospf6d.
> 
> The goal is to have ospf6d looks like ospfd, this could be useful to have
> changes made in one daemon from one go inside the other.
> 
> I will do it step by step until I get to the point where "ospf6ctl reload"
> works.

I like this a lot!
 
> First step is to refactor kernel route message handling, no functionnal 
> change.

I tested your diff with the following configuration:

--
router-id 192.168.250.7
fib-priority 38
redistribute default
redistribute rtlabel toOSPF depend on carp0
area 0 {
interface vether0 {
metric 55
depend on carp0
}
interface iwm0 { passive }
}
--

Unfortunately redistribute does not work anymore.

Remi



ripd: fix split-horizon simple

2019-12-08 Thread Remi Locherer
Hi,

when "split-horizon simple" is used, ripd might send out messges with 0
routes in it. This is because nentries is counted up even if the route
was not added to buf. Moving nentries++ up is fixing this.

Below log message is an indicator for this bug:
recv_response: bad packet size, interface vether0

OK?

Remi


Index: message.c
===
RCS file: /cvs/src/usr.sbin/ripd/message.c,v
retrieving revision 1.12
diff -u -p -r1.12 message.c
--- message.c   25 Oct 2014 03:23:49 -  1.12
+++ message.c   8 Dec 2019 22:02:38 -
@@ -292,11 +292,11 @@ send_response(struct packet_head *r_list
ibuf_add(buf, &netmask, sizeof(netmask));
ibuf_add(buf, &nexthop, sizeof(nexthop));
ibuf_add(buf, &metric, sizeof(metric));
+   nentries++;
 free:
TAILQ_REMOVE(r_list, entry, entry);
delete_entry(entry->rr);
free(entry);
-   nentries++;
}
 
if (iface->auth_type == AUTH_CRYPT)



ripd: fix error message

2019-12-08 Thread Remi Locherer
Hi,

this fixes an error message to reflect the correct function name.

OK?

Remi


Index: message.c
===
RCS file: /cvs/src/usr.sbin/ripd/message.c,v
retrieving revision 1.12
diff -u -p -r1.12 message.c
--- message.c   25 Oct 2014 03:23:49 -  1.12
+++ message.c   8 Dec 2019 22:02:38 -
@@ -70,7 +70,7 @@ add_entry(struct packet_head *r_list, st
fatalx("add_entry: no route report");
 
if ((re = calloc(1, sizeof(*re))) == NULL)
-   fatal("add_response");
+   fatal("add_entry");
 
TAILQ_INSERT_TAIL(r_list, re, entry);
re->rr = rr;



ripd: remove unused line

2019-12-08 Thread Remi Locherer
Hi,

iface is not used afterwards. I think it should have been removed
in revision 1.8.

OK?

Remi


Index: ripe.c
===
RCS file: /cvs/src/usr.sbin/ripd/ripe.c,v
retrieving revision 1.23
diff -u -p -r1.23 ripe.c
--- ripe.c  4 Nov 2018 07:52:55 -   1.23
+++ ripe.c  8 Dec 2019 13:28:29 -
@@ -398,7 +398,6 @@ ripe_dispatch_rde(int fd, short event, v
imsg.hdr.peerid);
break;
}
-   iface = nbr->iface;
add_entry(&nbr->rp_list, rr);
 
break;



Re: ospfd: type p2p

2019-11-17 Thread Remi Locherer
On Sat, Nov 16, 2019 at 06:58:35AM +0100, Claudio Jeker wrote:
> On Fri, Nov 15, 2019 at 06:06:42PM +0100, Remi Locherer wrote:
> > On Mon, Nov 04, 2019 at 02:01:57PM +0200, Kapetanakis Giannis wrote:
> > > On 25/10/2019 13:57, Remi Locherer wrote:
> > > > Hi tech@,
> > > >
> > > > earlier this year I sent a diff that allowed to change an interface
> > > > from broadcast to point-to-point.
> > > >
> > > > https://marc.info/?l=openbsd-tech&m=156132923203704&w=2
> > > >
> > > > It turned out that this was not sufficient. It made the adjacency
> > > > come up in p2p mode (no selection of DR or BDR) but didn't set a valid
> > > > next hop for routes learned over this p2p link. Actually the next hop 
> > > > was
> > > > 0.0.0.0 which was never installed into the routing table.
> > > >
> > > > This is because for P2P interfaces the neighbor address is not taken 
> > > > from
> > > > the received hello but from the "destination" parameter configured on 
> > > > the
> > > > interface. Since this is not set on a broadcast interface the address is
> > > > 0.0.0.0.
> > > >
> > > > My new diff changes this. Now also for P2P links the IP address of the
> > > > neighbor is taken from the hello packets (src address). This on it's own
> > > > would make it simpler to interfere with the routing from remote. One 
> > > > could
> > > > send unicast ospf hello messages and potentially disrupt the routing 
> > > > setup.
> > > > I believe I mitigated this with an additional check I committed in 
> > > > August:
> > > > only hello messages sent to the multicast address are now processed.
> > > >
> > > > The config looks like this:
> > > >
> > > > area 0.0.0.0 {
> > > > interface em0 {
> > > > type p2p
> > > > }
> > > > }
> > > >
> > > > It would be nice to get test reports for this new feature (check the fib
> > > > and routing table!) and also test reports with real p2p2 interfaces (gif
> > > > or gre).
> > > >
> > > > Of course OKs are also welcome. ;-)
> > > >
> > > > Remi
> > > 
> > > 
> > > Hi,
> > > 
> > > From first test seems to work :)
> > > 
> > > looking forward test it for IPv6 as well
> > > 
> > > thanks
> > > 
> > > Giannis
> > 
> > 
> > Anyone willing to OK this?
> 
> See inline.
> 

[...]

> 
> Another option is to just add this ospfe_imsg_compose_rde() to the two
> places where the addr is updated.

Right, that is actually simpler.

> 
> > +
> > +   return (0);
> >  }
> >  
> >  struct nbr *
> > Index: ospfd.c
> > ===
> > RCS file: /cvs/src/usr.sbin/ospfd/ospfd.c,v
> > retrieving revision 1.108
> > diff -u -p -r1.108 ospfd.c
> > --- ospfd.c 16 May 2019 05:49:22 -  1.108
> > +++ ospfd.c 23 Jun 2019 21:06:44 -
> > @@ -911,6 +911,22 @@ merge_interfaces(struct area *a, struct 
> > if_fsm(i, IF_EVT_UP);
> > }
> >  
> > +   if (i->p2p != xi->p2p) {
> > +   /* re-add interface to enable or disable DR election */
> > +   if (ospfd_process == PROC_OSPF_ENGINE)
> > +   if_fsm(i, IF_EVT_DOWN);
> > +   else if (ospfd_process == PROC_RDE_ENGINE)
> > +   rde_nbr_iface_del(i);
> > +   LIST_REMOVE(i, entry);
> > +   if_del(i);
> > +   LIST_REMOVE(xi, entry);
> > +   LIST_INSERT_HEAD(&a->iface_list, xi, entry);
> > +   xi->area = a;
> > +   if (ospfd_process == PROC_OSPF_ENGINE)
> > +   xi->state = IF_STA_NEW;
> > +   continue;
> > +   }
> 
> This is one big hammer. Would be nice to be a bit softer, also should this
> code be before
>   log_debug("merge_interfaces: proc %d area %s merging "
>   "interface %s", ospfd_process, inet_ntoa(a->id), i->name);
> 
> Since it re-adds an interface. If so it should also have its own
> log_debu

Re: ospfd: type p2p

2019-11-15 Thread Remi Locherer
On Mon, Nov 04, 2019 at 02:01:57PM +0200, Kapetanakis Giannis wrote:
> On 25/10/2019 13:57, Remi Locherer wrote:
> > Hi tech@,
> >
> > earlier this year I sent a diff that allowed to change an interface
> > from broadcast to point-to-point.
> >
> > https://marc.info/?l=openbsd-tech&m=156132923203704&w=2
> >
> > It turned out that this was not sufficient. It made the adjacency
> > come up in p2p mode (no selection of DR or BDR) but didn't set a valid
> > next hop for routes learned over this p2p link. Actually the next hop was
> > 0.0.0.0 which was never installed into the routing table.
> >
> > This is because for P2P interfaces the neighbor address is not taken from
> > the received hello but from the "destination" parameter configured on the
> > interface. Since this is not set on a broadcast interface the address is
> > 0.0.0.0.
> >
> > My new diff changes this. Now also for P2P links the IP address of the
> > neighbor is taken from the hello packets (src address). This on it's own
> > would make it simpler to interfere with the routing from remote. One could
> > send unicast ospf hello messages and potentially disrupt the routing setup.
> > I believe I mitigated this with an additional check I committed in August:
> > only hello messages sent to the multicast address are now processed.
> >
> > The config looks like this:
> >
> > area 0.0.0.0 {
> > interface em0 {
> > type p2p
> > }
> > }
> >
> > It would be nice to get test reports for this new feature (check the fib
> > and routing table!) and also test reports with real p2p2 interfaces (gif
> > or gre).
> >
> > Of course OKs are also welcome. ;-)
> >
> > Remi
> 
> 
> Hi,
> 
> From first test seems to work :)
> 
> looking forward test it for IPv6 as well
> 
> thanks
> 
> Giannis


Anyone willing to OK this?



Index: hello.c
===
RCS file: /cvs/src/usr.sbin/ospfd/hello.c,v
retrieving revision 1.24
diff -u -p -r1.24 hello.c
--- hello.c 12 Aug 2019 20:21:58 -  1.24
+++ hello.c 21 Sep 2019 22:06:17 -
@@ -189,14 +189,13 @@ recv_hello(struct iface *iface, struct i
nbr->dr.s_addr = hello.d_rtr;
nbr->bdr.s_addr = hello.bd_rtr;
nbr->priority = hello.rtr_priority;
-   /* XXX neighbor address shouldn't be stored on virtual links */
-   nbr->addr.s_addr = src.s_addr;
+   nbr_update_addr(nbr->peerid, src);
}
 
if (nbr->addr.s_addr != src.s_addr) {
log_warnx("%s: neighbor ID %s changed its IP address",
__func__, inet_ntoa(nbr->id));
-   nbr->addr.s_addr = src.s_addr;
+   nbr_update_addr(nbr->peerid, src);
}
 
nbr->options = hello.opts;
Index: lsupdate.c
===
RCS file: /cvs/src/usr.sbin/ospfd/lsupdate.c,v
retrieving revision 1.46
diff -u -p -r1.46 lsupdate.c
--- lsupdate.c  15 Jul 2019 18:26:39 -  1.46
+++ lsupdate.c  15 Aug 2019 21:10:13 -
@@ -470,7 +470,7 @@ ls_retrans_timer(int fd, short event, vo
/* ls_retrans_list_free retriggers the timer */
return;
} else if (nbr->iface->type == IF_TYPE_POINTOPOINT)
-   memcpy(&addr, &nbr->iface->dst, sizeof(addr));
+   memcpy(&addr, &nbr->addr, sizeof(addr));
else
inet_aton(AllDRouters, &addr);
} else
Index: neighbor.c
===
RCS file: /cvs/src/usr.sbin/ospfd/neighbor.c,v
retrieving revision 1.48
diff -u -p -r1.48 neighbor.c
--- neighbor.c  9 Feb 2018 02:14:03 -   1.48
+++ neighbor.c  21 Sep 2019 15:28:43 -
@@ -312,6 +312,7 @@ nbr_new(u_int32_t nbr_id, struct iface *
bzero(&rn, sizeof(rn));
rn.id.s_addr = nbr->id.s_addr;
rn.area_id.s_addr = nbr->iface->area->id.s_addr;
+   rn.addr.s_addr = nbr->addr.s_addr;
rn.ifindex = nbr->iface->ifindex;
rn.state = nbr->state;
rn.self = self;
@@ -347,6 +348,23 @@ nbr_del(struct nbr *nbr)
LIST_REMOVE(nbr, hash);
 
free(nbr);
+}
+
+int
+nbr_update_addr(u_int32_t peerid, struct in_addr addr) {
+
+   struct nbr  *nbr = NULL;
+
+   nbr = nbr_find_peerid(peerid);
+   if (nbr == NULL)
+   return (1);
+
+   /* XXX neighbor address shouldn't be stored on virtual links */
+   nbr->addr.s_addr = addr.s_addr;

Re: ospfd: type p2p

2019-11-04 Thread Remi Locherer
On Mon, Nov 04, 2019 at 02:01:57PM +0200, Kapetanakis Giannis wrote:
> On 25/10/2019 13:57, Remi Locherer wrote:
> > Hi tech@,
> >
> > earlier this year I sent a diff that allowed to change an interface
> > from broadcast to point-to-point.
> >
> > https://marc.info/?l=openbsd-tech&m=156132923203704&w=2
> >
> > It turned out that this was not sufficient. It made the adjacency
> > come up in p2p mode (no selection of DR or BDR) but didn't set a valid
> > next hop for routes learned over this p2p link. Actually the next hop was
> > 0.0.0.0 which was never installed into the routing table.
> >
> > This is because for P2P interfaces the neighbor address is not taken from
> > the received hello but from the "destination" parameter configured on the
> > interface. Since this is not set on a broadcast interface the address is
> > 0.0.0.0.
> >
> > My new diff changes this. Now also for P2P links the IP address of the
> > neighbor is taken from the hello packets (src address). This on it's own
> > would make it simpler to interfere with the routing from remote. One could
> > send unicast ospf hello messages and potentially disrupt the routing setup.
> > I believe I mitigated this with an additional check I committed in August:
> > only hello messages sent to the multicast address are now processed.
> >
> > The config looks like this:
> >
> > area 0.0.0.0 {
> > interface em0 {
> > type p2p
> > }
> > }
> >
> > It would be nice to get test reports for this new feature (check the fib
> > and routing table!) and also test reports with real p2p2 interfaces (gif
> > or gre).
> >
> > Of course OKs are also welcome. ;-)
> >
> > Remi
> 
> 
> Hi,
> 
> From first test seems to work :)

Thank you for testing!

> 
> looking forward test it for IPv6 as well

Sure, I plan to also do this this for ospf6d.



Re: Opportunistic DoT for unwind(8)

2019-11-02 Thread Remi Locherer
On Sat, Nov 02, 2019 at 08:20:08AM +0100, Otto Moerbeek wrote:
> On Fri, Nov 01, 2019 at 10:43:27PM +0100, Remi Locherer wrote:
> 
> > On Fri, Nov 01, 2019 at 09:53:28PM +0100, Florian Obser wrote:
> > > On Fri, Nov 01, 2019 at 09:45:37PM +0100, Florian Obser wrote:
> > > > On Fri, Nov 01, 2019 at 09:35:07PM +0100, Remi Locherer wrote:
> > > > > On Thu, Oct 31, 2019 at 08:14:04PM +0100, Otto Moerbeek wrote:
> > > > > > Hi,
> > > > > > 
> > > > > > So here's a new diff that incorporates the bug fix mentioned plus
> > > > > > debug printf line changes suggested by Stuart.
> > > > > > 
> > > > > > Please note that this is a diff on top of very recent current, i.e.
> > > > > > florian's work he committed today. That means that you need to be
> > > > > > up-to-date (including a recent libc update that was committed a few
> > > > > > days ago) to be able to test this version.
> > > > > 
> > > > > I upgraded to a snapshot from today, updated the source and applied
> > > > > your diff. Then I did the same test as last time using pf to block 
> > > > > port 53
> > > > > (block return out log inet proto {tcp udp} to !9.9.9.9 port 53).
> > > > > 
> > > > > Result: the non functional type asr is selected instead of the 
> > > > > forwarder.
> > > > > 
> > > > > $ doas unwindctl status 
> > > > > captive portal is unknown
> > > > > 
> > > > > selected type status
> > > > >  recursor dead
> > > > > forwarder validating (OppDoT)
> > > > >  dhcp unknown (OppDoT)
> > > > >*  asr dead
> > > > > $
> > > > > $ getent hosts undeadly.org
> > > > > $ echo $?
> > > > > 2
> > > > > $ dig +short undeadly.org @9.9.9.9
> > > > > 94.142.241.173
> > > > > $
> > > > > 
> > > > > Without your patch unwind behaves similar regarding the type 
> > > > > selection:
> > > > > 
> > > > > $ doas unwindctl status 
> > > > > captive portal is unknown
> > > > 
> > > > ^ you are creating a not supported configuration.
> > > > 
> > > > When we are behind a captive portal or don't know yet if we are behind
> > > > a captive portal resolving is forced to asr.
> > > > 
> > > > That might not be very wise if asr is dead but I currently don't see
> > > > how this can happen in practice except with a well aimed foot-gun.
> > > 
> > > Actually, I have an idea how this can happen in practice, please try this:
> > > 
> > > diff --git resolver.c resolver.c
> > > index f59860a5e98..5bbc63f60fa 100644
> > > --- resolver.c
> > > +++ resolver.c
> > > @@ -1282,7 +1282,8 @@ best_resolver(void)
> > >  
> > >   if (captive_portal_state == PORTAL_UNKNOWN || captive_portal_state ==
> > >   BEHIND) {
> > > - if (resolvers[UW_RES_ASR] != NULL) {
> > > + if (resolvers[UW_RES_ASR] != NULL && resolvers[UW_RES_ASR]->
> > > +state != DEAD) {
> > >   res = resolvers[UW_RES_ASR];
> > >   goto out;
> > >   }
> > > 
> > > 
> > 
> > Yes, this makes unwind cope with this situation:
> > 
> > $ unwindctl status 
> > not behind captive portal
> > 
> > selected type status
> >  recursor dead
> >*forwarder validating
> >  dhcp dead
> >   asr dead
> > $
> > 
> > OK remi@
> > 
> 
> And with my diff on top of that?

Yes, now it works as expected.

OK remi@
 



Re: Opportunistic DoT for unwind(8)

2019-11-01 Thread Remi Locherer
On Fri, Nov 01, 2019 at 09:53:28PM +0100, Florian Obser wrote:
> On Fri, Nov 01, 2019 at 09:45:37PM +0100, Florian Obser wrote:
> > On Fri, Nov 01, 2019 at 09:35:07PM +0100, Remi Locherer wrote:
> > > On Thu, Oct 31, 2019 at 08:14:04PM +0100, Otto Moerbeek wrote:
> > > > Hi,
> > > > 
> > > > So here's a new diff that incorporates the bug fix mentioned plus
> > > > debug printf line changes suggested by Stuart.
> > > > 
> > > > Please note that this is a diff on top of very recent current, i.e.
> > > > florian's work he committed today. That means that you need to be
> > > > up-to-date (including a recent libc update that was committed a few
> > > > days ago) to be able to test this version.
> > > 
> > > I upgraded to a snapshot from today, updated the source and applied
> > > your diff. Then I did the same test as last time using pf to block port 53
> > > (block return out log inet proto {tcp udp} to !9.9.9.9 port 53).
> > > 
> > > Result: the non functional type asr is selected instead of the forwarder.
> > > 
> > > $ doas unwindctl status 
> > > captive portal is unknown
> > > 
> > > selected type status
> > >  recursor dead
> > > forwarder validating (OppDoT)
> > >  dhcp unknown (OppDoT)
> > >*  asr dead
> > > $
> > > $ getent hosts undeadly.org
> > > $ echo $?
> > > 2
> > > $ dig +short undeadly.org @9.9.9.9
> > > 94.142.241.173
> > > $
> > > 
> > > Without your patch unwind behaves similar regarding the type selection:
> > > 
> > > $ doas unwindctl status 
> > > captive portal is unknown
> > 
> > ^ you are creating a not supported configuration.
> > 
> > When we are behind a captive portal or don't know yet if we are behind
> > a captive portal resolving is forced to asr.
> > 
> > That might not be very wise if asr is dead but I currently don't see
> > how this can happen in practice except with a well aimed foot-gun.
> 
> Actually, I have an idea how this can happen in practice, please try this:
> 
> diff --git resolver.c resolver.c
> index f59860a5e98..5bbc63f60fa 100644
> --- resolver.c
> +++ resolver.c
> @@ -1282,7 +1282,8 @@ best_resolver(void)
>  
>   if (captive_portal_state == PORTAL_UNKNOWN || captive_portal_state ==
>   BEHIND) {
> - if (resolvers[UW_RES_ASR] != NULL) {
> + if (resolvers[UW_RES_ASR] != NULL && resolvers[UW_RES_ASR]->
> +state != DEAD) {
>   res = resolvers[UW_RES_ASR];
>   goto out;
>   }
> 
> 

Yes, this makes unwind cope with this situation:

$ unwindctl status 
not behind captive portal

selected type status
 recursor dead
   *forwarder validating
 dhcp dead
  asr dead
$

OK remi@



Re: Opportunistic DoT for unwind(8)

2019-11-01 Thread Remi Locherer
On Thu, Oct 31, 2019 at 08:14:04PM +0100, Otto Moerbeek wrote:
> Hi,
> 
> So here's a new diff that incorporates the bug fix mentioned plus
> debug printf line changes suggested by Stuart.
> 
> Please note that this is a diff on top of very recent current, i.e.
> florian's work he committed today. That means that you need to be
> up-to-date (including a recent libc update that was committed a few
> days ago) to be able to test this version.

I upgraded to a snapshot from today, updated the source and applied
your diff. Then I did the same test as last time using pf to block port 53
(block return out log inet proto {tcp udp} to !9.9.9.9 port 53).

Result: the non functional type asr is selected instead of the forwarder.

$ doas unwindctl status 
captive portal is unknown

selected type status
 recursor dead
forwarder validating (OppDoT)
 dhcp unknown (OppDoT)
   *  asr dead
$
$ getent hosts undeadly.org
$ echo $?
2
$ dig +short undeadly.org @9.9.9.9
94.142.241.173
$

Without your patch unwind behaves similar regarding the type selection:

$ doas unwindctl status 
captive portal is unknown

selected type status
 recursor dead
forwarder validating
 dhcp dead
   *  asr dead
$



Re: Opportunistic DoT for unwind(8)

2019-10-30 Thread Remi Locherer
Hi Otto,

On Wed, Oct 30, 2019 at 03:57:15PM +0100, Otto Moerbeek wrote:
> Hi,
> 
> I got *very* little feedback on this request for testing.
> 
> If not enough enough testing is done, I'll either abandon the diff or
> commit it as-is, introducing bugs that could have been prevented. Both
> are not good. So get going!
> 
>   -Otto
> 

I applied your diff and tried with the following config:

$ unwind -nv
preference { recursor DoT forwarder dhcp }
forwarder {
9.9.9.9
}
captive portal {
url "http://captive.apple.com/";
expected status 200
expected response 
"SuccessSuccess"
auto yes
}
block list "/etc/unwind_blocklist.txt"
$

To force unwind to use 9.9.9.9 I tested with this pf rules:

$ doas pfctl -sr 
doas (r...@typhoon.relo.ch) password: 
block return log all
pass log all flags S/SA
pass out log on egress inet from (vether0:network) to any flags S/SA nat-to 
(egress:0) round-robin
block return in on ! lo0 proto tcp from any to any port 6000:6010
block return out log inet proto tcp from any to ! 9.9.9.9 port = 53
block return out log inet proto udp from any to ! 9.9.9.9 port = 53
block return out log inet6 proto tcp from any to any port = 53
block return out log inet6 proto udp from any to any port = 53
block return out log proto tcp all user = 55
block return out log proto udp all user = 55
$

As expected I can now query 9.9.9.9 but 8.8.8.8 fails:

$ dig +short undeadly.org @9.9.9.9
94.142.241.173
typhoon ..c/examples$ dig +short undeadly.org @8.8.8.8 
;; connection timed out; no servers could be reached
$

I expected that unwind would choose 9.9.9.9 with OppDoT. But unwind
selects dhcp which is correctly displayed as dead:

$ unwindctl status 
captive portal is unknown

selected type status
 recursor dead
forwarder validating
   * dhcp dead
$

Port 853 on 9.9.9.9 is not blocked:

$ nc -zv 9.9.9.9 853
Connection to 9.9.9.9 853 port [tcp/domain-s] succeeded!
$ nc -zv -u 9.9.9.9 853
Connection to 9.9.9.9 853 port [udp/domain-s] succeeded!
$

Did I do something wrong in unwind.conf?

Remi



ospfd: type p2p

2019-10-25 Thread Remi Locherer
Hi tech@,

earlier this year I sent a diff that allowed to change an interface
from broadcast to point-to-point.

https://marc.info/?l=openbsd-tech&m=156132923203704&w=2

It turned out that this was not sufficient. It made the adjacency
come up in p2p mode (no selection of DR or BDR) but didn't set a valid
next hop for routes learned over this p2p link. Actually the next hop was
0.0.0.0 which was never installed into the routing table.

This is because for P2P interfaces the neighbor address is not taken from
the received hello but from the "destination" parameter configured on the
interface. Since this is not set on a broadcast interface the address is
0.0.0.0.

My new diff changes this. Now also for P2P links the IP address of the
neighbor is taken from the hello packets (src address). This on it's own
would make it simpler to interfere with the routing from remote. One could
send unicast ospf hello messages and potentially disrupt the routing setup.
I believe I mitigated this with an additional check I committed in August:
only hello messages sent to the multicast address are now processed.

The config looks like this:

area 0.0.0.0 {
interface em0 {
type p2p
}
}

It would be nice to get test reports for this new feature (check the fib
and routing table!) and also test reports with real p2p2 interfaces (gif
or gre).

Of course OKs are also welcome. ;-)

Remi



Index: hello.c
===
RCS file: /cvs/src/usr.sbin/ospfd/hello.c,v
retrieving revision 1.24
diff -u -p -r1.24 hello.c
--- hello.c 12 Aug 2019 20:21:58 -  1.24
+++ hello.c 21 Sep 2019 22:06:17 -
@@ -189,14 +189,13 @@ recv_hello(struct iface *iface, struct i
nbr->dr.s_addr = hello.d_rtr;
nbr->bdr.s_addr = hello.bd_rtr;
nbr->priority = hello.rtr_priority;
-   /* XXX neighbor address shouldn't be stored on virtual links */
-   nbr->addr.s_addr = src.s_addr;
+   nbr_update_addr(nbr->peerid, src);
}
 
if (nbr->addr.s_addr != src.s_addr) {
log_warnx("%s: neighbor ID %s changed its IP address",
__func__, inet_ntoa(nbr->id));
-   nbr->addr.s_addr = src.s_addr;
+   nbr_update_addr(nbr->peerid, src);
}
 
nbr->options = hello.opts;
Index: lsupdate.c
===
RCS file: /cvs/src/usr.sbin/ospfd/lsupdate.c,v
retrieving revision 1.46
diff -u -p -r1.46 lsupdate.c
--- lsupdate.c  15 Jul 2019 18:26:39 -  1.46
+++ lsupdate.c  15 Aug 2019 21:10:13 -
@@ -470,7 +470,7 @@ ls_retrans_timer(int fd, short event, vo
/* ls_retrans_list_free retriggers the timer */
return;
} else if (nbr->iface->type == IF_TYPE_POINTOPOINT)
-   memcpy(&addr, &nbr->iface->dst, sizeof(addr));
+   memcpy(&addr, &nbr->addr, sizeof(addr));
else
inet_aton(AllDRouters, &addr);
} else
Index: neighbor.c
===
RCS file: /cvs/src/usr.sbin/ospfd/neighbor.c,v
retrieving revision 1.48
diff -u -p -r1.48 neighbor.c
--- neighbor.c  9 Feb 2018 02:14:03 -   1.48
+++ neighbor.c  21 Sep 2019 15:28:43 -
@@ -312,6 +312,7 @@ nbr_new(u_int32_t nbr_id, struct iface *
bzero(&rn, sizeof(rn));
rn.id.s_addr = nbr->id.s_addr;
rn.area_id.s_addr = nbr->iface->area->id.s_addr;
+   rn.addr.s_addr = nbr->addr.s_addr;
rn.ifindex = nbr->iface->ifindex;
rn.state = nbr->state;
rn.self = self;
@@ -347,6 +348,23 @@ nbr_del(struct nbr *nbr)
LIST_REMOVE(nbr, hash);
 
free(nbr);
+}
+
+int
+nbr_update_addr(u_int32_t peerid, struct in_addr addr) {
+
+   struct nbr  *nbr = NULL;
+
+   nbr = nbr_find_peerid(peerid);
+   if (nbr == NULL)
+   return (1);
+
+   /* XXX neighbor address shouldn't be stored on virtual links */
+   nbr->addr.s_addr = addr.s_addr;
+   ospfe_imsg_compose_rde(IMSG_NEIGHBOR_ADDR, peerid, 0, &addr,
+   sizeof(addr));
+
+   return (0);
 }
 
 struct nbr *
Index: ospfd.c
===
RCS file: /cvs/src/usr.sbin/ospfd/ospfd.c,v
retrieving revision 1.108
diff -u -p -r1.108 ospfd.c
--- ospfd.c 16 May 2019 05:49:22 -  1.108
+++ ospfd.c 23 Jun 2019 21:06:44 -
@@ -911,6 +911,22 @@ merge_interfaces(struct area *a, struct 
if_fsm(i, IF_EVT_UP);
}
 
+   if (i->p2p != xi->p2p) {
+   /* re-add interface to enable or disable DR election */
+   if (ospfd_process == PROC_OSPF_ENGINE)
+   if_fsm(i, IF_EVT_DOWN);
+   els

Re: Attach Hyper-V guest services to VMBus 4.0

2019-10-05 Thread Remi Locherer
On Sat, Oct 05, 2019 at 03:19:08PM +0200, Mike Belopuhov wrote:
> 
> Remi Locherer writes:
> 
> > On Tue, Oct 01, 2019 at 12:25:35AM +0200, Mike Belopuhov wrote:
> >> 
> >> 
> >> Hi,
> >> 
> >> I've got a verbal report that Hyper-V guest services aren't attached
> >> on modern Windows 10 systems so I believe we should get this one-liner
> >> in before 6.6.
> >> 
> >> FreeBSD revision 349856 adds another define for VMBus 5.0 but AFAICT
> >> it doesn't attempt to use it in version negotiations.
> >> 
> >> Unfortunately, I can't test this myself at the moment.
> >> 
> >> I've got another two fixes for Hyper-V but can't test them either, so
> >> if somebody is willing to test, please take a look at http://ix.io/1X2V
> >
> > With the diff from this link I'm getting the following dmesg. The VM
> > seems to work fine.
> >
> 
> Hi Remi,
> 
> Thanks for testing.
> 
> Does it work with a plain OpenBSD-current w/o any diffs?


Yes, that also works:


OpenBSD 6.6 (GENERIC.MP) #352: Sat Oct  5 01:49:16 MDT 2019
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 1056899072 (1007MB)
avail mem = 1012224000 (965MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xf93d0 (338 entries)
bios0: vendor American Megatrends Inc. version "090008" date 12/07/2018
bios0: Microsoft Corporation Virtual Machine
acpi0 at bios0: ACPI 2.0
acpi0: sleep states S0 S5
acpi0: tables DSDT FACP WAET SLIC OEM0 SRAT APIC OEMB
acpi0: wakeup devices
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpihve0 at acpi0
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
ioapic0 at mainbus0: apid 0 pa 0xfec0, version 11, 24 pins, remapped
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i7-8550U CPU @ 1.80GHz, 1779.45 MHz, 06-8e-0a
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SS,SSE3,PCLMUL,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,IBRS,IBPB,STIBP,L1DF,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
cpu0: 256KB 64b/line 8-way L2 cache
tsc_timecounter_init: TSC skew=0 observed drift=0
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 153MHz
acpiprt0 at acpi0: bus 0 (PCI0)
acpicpu0 at acpi0: C1(@1 halt!)
acpipci0 at acpi0 PCI0: _OSC failed
acpicmos0 at acpi0
"VMBus" at acpi0 not configured
"Hyper_V_Gen_Counter_V1" at acpi0 not configured
cpu0: using Skylake AVX MDS workaround
pvbus0 at mainbus0: Hyper-V 10.0
hyperv0 at pvbus0: protocol 3.0, features 0x2e7f
hyperv0: heartbeat, kvp, shutdown, timesync
hvs0 at hyperv0 channel 2: ide, protocol 6.2
scsibus1 at hvs0: 2 targets
sd0 at scsibus1 targ 0 lun 0:  
naa.60022480c6c46e45fe9338343c3f1c08
sd0: 20480MB, 512 bytes/sector, 41943040 sectors, thin
hvs1 at hyperv0 channel 16: scsi, protocol 6.2
scsibus2 at hvs1: 2 targets
hvn0 at hyperv0 channel 15: NVS 5.0 NDIS 6.30, address 00:15:5d:b6:9f:19
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel 82443BX" rev 0x03
pcib0 at pci0 dev 7 function 0 "Intel 82371AB PIIX4 ISA" rev 0x01
pciide0 at pci0 dev 7 function 1 "Intel 82371AB IDE" rev 0x01: DMA, channel 0 
wired to compatibility, channel 1 wired to compatibility
pciide0: channel 0 disabled (no drives)
atapiscsi0 at pciide0 channel 1 drive 0
scsibus3 at atapiscsi0: 2 targets
cd0 at scsibus3 targ 0 lun 0:  removable
cd0(pciide0:1:0): using PIO mode 4, DMA mode 2
piixpm0 at pci0 dev 7 function 3 "Intel 82371AB Power" rev 0x02: SMBus disabled
vga1 at pci0 dev 8 function 0 "Microsoft VGA" rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
isa0 at pcib0
isadma0 at isa0
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot)
wsmouse0 at pms0 mux 0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
vscsi0 at root
scsibus4 at vscsi0: 256 targets
softraid0 at root
scsibus5 at softraid0: 256 targets
root on sd0a (d3de7339e9421b70.a) swap on sd0b dump on sd0b
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
fd1 at fdc0 drive 1: density unknown
hw.machine=amd64
hw.model=Intel(R) Core(TM) i7-8550U CPU @ 1.80GHz
hw.ncpu=1
hw.byteorder=1234
hw.pagesize=4096
hw.disknames=sd0:d3de7339e9421b70,cd0:,fd0:,fd1:
hw.diskcount=4
hw.sensors.hyperv0.timedelta0=-0.06

Re: Attach Hyper-V guest services to VMBus 4.0

2019-10-05 Thread Remi Locherer
On Tue, Oct 01, 2019 at 12:25:35AM +0200, Mike Belopuhov wrote:
> 
> 
> Hi,
> 
> I've got a verbal report that Hyper-V guest services aren't attached
> on modern Windows 10 systems so I believe we should get this one-liner
> in before 6.6.
> 
> FreeBSD revision 349856 adds another define for VMBus 5.0 but AFAICT
> it doesn't attempt to use it in version negotiations.
> 
> Unfortunately, I can't test this myself at the moment.
> 
> I've got another two fixes for Hyper-V but can't test them either, so
> if somebody is willing to test, please take a look at http://ix.io/1X2V

With the diff from this link I'm getting the following dmesg. The VM
seems to work fine.

Cheers,
Remi


OpenBSD 6.6 (GENERIC.MP) #17: Sat Oct  5 11:52:48 CEST 2019
r...@typhoon.relo.ch:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 1056899072 (1007MB)
avail mem = 1012211712 (965MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xf93d0 (338 entries)
bios0: vendor American Megatrends Inc. version "090008" date 12/07/2018
bios0: Microsoft Corporation Virtual Machine
acpi0 at bios0: ACPI 2.0
acpi0: sleep states S0 S5
acpi0: tables DSDT FACP WAET SLIC OEM0 SRAT APIC OEMB
acpi0: wakeup devices
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpihve0 at acpi0
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
ioapic0 at mainbus0: apid 0 pa 0xfec0, version 11, 24 pins, remapped
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i7-8550U CPU @ 1.80GHz, 1399.64 MHz, 06-8e-0a
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SS,SSE3,PCLMUL,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,IBRS,IBPB,STIBP,L1DF,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
cpu0: 256KB 64b/line 8-way L2 cache
tsc_timecounter_init: TSC skew=0 observed drift=0
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 159MHz
acpiprt0 at acpi0: bus 0 (PCI0)
acpicpu0 at acpi0: C1(@1 halt!)
acpipci0 at acpi0 PCI0: _OSC failed
acpicmos0 at acpi0
"VMBus" at acpi0 not configured
"Hyper_V_Gen_Counter_V1" at acpi0 not configured
cpu0: using Skylake AVX MDS workaround
pvbus0 at mainbus0: Hyper-V 10.0
hyperv0 at pvbus0: protocol 5.0, features 0x2e7f
hyperv0: heartbeat, kvp, shutdown, timesync
hvs0 at hyperv0 channel 2: ide, protocol 6.2
scsibus1 at hvs0: 2 targets
sd0 at scsibus1 targ 0 lun 0:  
naa.60022480c6c46e45fe9338343c3f1c08
sd0: 20480MB, 512 bytes/sector, 41943040 sectors, thin
hvs1 at hyperv0 channel 15: scsi, protocol 6.2
scsibus2 at hvs1: 2 targets
hvn0 at hyperv0 channel 14: NVS 5.0 NDIS 6.30, address 00:15:5d:b6:9f:19
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel 82443BX" rev 0x03
pcib0 at pci0 dev 7 function 0 "Intel 82371AB PIIX4 ISA" rev 0x01
pciide0 at pci0 dev 7 function 1 "Intel 82371AB IDE" rev 0x01: DMA, channel 0 
wired to compatibility, channel 1 wired to compatibility
pciide0: channel 0 disabled (no drives)
atapiscsi0 at pciide0 channel 1 drive 0
scsibus3 at atapiscsi0: 2 targets
cd0 at scsibus3 targ 0 lun 0:  removable
cd0(pciide0:1:0): using PIO mode 4, DMA mode 2
piixpm0 at pci0 dev 7 function 3 "Intel 82371AB Power" rev 0x02: SMBus disabled
vga1 at pci0 dev 8 function 0 "Microsoft VGA" rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
isa0 at pcib0
isadma0 at isa0
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot)
wsmouse0 at pms0 mux 0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
vscsi0 at root
scsibus4 at vscsi0: 256 targets
softraid0 at root
scsibus5 at softraid0: 256 targets
root on sd0a (d3de7339e9421b70.a) swap on sd0b dump on sd0b
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
fd1 at fdc0 drive 1: density unknown
hw.machine=amd64
hw.model=Intel(R) Core(TM) i7-8550U CPU @ 1.80GHz
hw.ncpu=1
hw.byteorder=1234
hw.pagesize=4096
hw.disknames=sd0:d3de7339e9421b70,cd0:,fd0:,fd1:
hw.diskcount=4
hw.sensors.hyperv0.timedelta0=-0.314675 secs, OK, Sat Oct  5 11:59:54.672
hw.cpuspeed=1399
hw.vendor=Microsoft Corporation
hw.product=Virtual Machine
hw.version=7.0
hw.serialno=1463-5556-3314-8948-4600-5664-99
hw.uuid=1fc03ccc-e6d5-374f-b6a2-3dc4b4689c0c
hw.physmem=1056899072
hw.usermem=1056886784
hw.ncpufound=1
hw.allowpowerdown=1
hw.smt=0
hw.ncpuonline=1



Re: Attach Hyper-V guest services to VMBus 4.0

2019-10-05 Thread Remi Locherer
Hi Mike,

On Tue, Oct 01, 2019 at 12:25:35AM +0200, Mike Belopuhov wrote:
> 
> 
> Hi,
> 
> I've got a verbal report that Hyper-V guest services aren't attached
> on modern Windows 10 systems so I believe we should get this one-liner
> in before 6.6.
> 
> FreeBSD revision 349856 adds another define for VMBus 5.0 but AFAICT
> it doesn't attempt to use it in version negotiations.
> 
> Unfortunately, I can't test this myself at the moment.
> 
> I've got another two fixes for Hyper-V but can't test them either, so
> if somebody is willing to test, please take a look at http://ix.io/1X2V
> 
> 
> Cheers,
> Mike
> 
> 
> diff --git sys/dev/pv/hyperv.c sys/dev/pv/hyperv.c
> index a75276335d6..3ab2ae22831 100644
> --- sys/dev/pv/hyperv.c
> +++ sys/dev/pv/hyperv.c
> @@ -803,10 +803,11 @@ hv_channel_delivered(struct hv_softc *sc, struct 
> vmbus_chanmsg_hdr *hdr)
>  
>  int
>  hv_vmbus_connect(struct hv_softc *sc)
>  {
>   const uint32_t versions[] = {
> + VMBUS_VERSION_WIN10,
>   VMBUS_VERSION_WIN8_1, VMBUS_VERSION_WIN8,
>   VMBUS_VERSION_WIN7, VMBUS_VERSION_WS2008
>   };
>   struct vmbus_chanmsg_connect cmd;
>   struct vmbus_chanmsg_connect_resp rsp;
> 

with this diff I get below dmesg on Windows 10 1903. Disk and network seem
to work fine. Even startx works! ;-)

Cheers,
Remi


OpenBSD 6.6 (GENERIC.MP) #16: Sat Oct  5 09:49:07 CEST 2019
r...@typhoon.relo.ch:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 1056899072 (1007MB)
avail mem = 1012215808 (965MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xf93d0 (338 entries)
bios0: vendor American Megatrends Inc. version "090008" date 12/07/2018
bios0: Microsoft Corporation Virtual Machine
acpi0 at bios0: ACPI 2.0
acpi0: sleep states S0 S5
acpi0: tables DSDT FACP WAET SLIC OEM0 SRAT APIC OEMB
acpi0: wakeup devices
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpihve0 at acpi0
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
ioapic0 at mainbus0: apid 0 pa 0xfec0, version 11, 24 pins, remapped
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i7-8550U CPU @ 1.80GHz, 1213.35 MHz, 06-8e-0a
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SS,SSE3,PCLMUL,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,IBRS,IBPB,STIBP,L1DF,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
cpu0: 256KB 64b/line 8-way L2 cache
tsc_timecounter_init: TSC skew=0 observed drift=0
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 168MHz
acpiprt0 at acpi0: bus 0 (PCI0)
acpicpu0 at acpi0: C1(@1 halt!)
acpipci0 at acpi0 PCI0: _OSC failed
acpicmos0 at acpi0
"VMBus" at acpi0 not configured
"Hyper_V_Gen_Counter_V1" at acpi0 not configured
cpu0: using Skylake AVX MDS workaround
pvbus0 at mainbus0: Hyper-V 10.0
hyperv0 at pvbus0: protocol 4.0, features 0x2e7f
hyperv0: heartbeat, kvp, shutdown, timesync
hvs0 at hyperv0 channel 2: ide, protocol 6.2
scsibus1 at hvs0: 2 targets
sd0 at scsibus1 targ 0 lun 0:  
naa.60022480c6c46e45fe9338343c3f1c08
sd0: 20480MB, 512 bytes/sector, 41943040 sectors, thin
hvs1 at hyperv0 channel 15: scsi, protocol 6.2
scsibus2 at hvs1: 2 targets
hvn0 at hyperv0 channel 14: NVS 5.0 NDIS 6.30, address 00:15:5d:b6:9f:19
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel 82443BX" rev 0x03
pcib0 at pci0 dev 7 function 0 "Intel 82371AB PIIX4 ISA" rev 0x01
pciide0 at pci0 dev 7 function 1 "Intel 82371AB IDE" rev 0x01: DMA, channel 0 
wired to compatibility, channel 1 wired to compatibility
pciide0: channel 0 disabled (no drives)
atapiscsi0 at pciide0 channel 1 drive 0
scsibus3 at atapiscsi0: 2 targets
cd0 at scsibus3 targ 0 lun 0:  removable
cd0(pciide0:1:0): using PIO mode 4, DMA mode 2
piixpm0 at pci0 dev 7 function 3 "Intel 82371AB Power" rev 0x02: SMBus disabled
vga1 at pci0 dev 8 function 0 "Microsoft VGA" rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
isa0 at pcib0
isadma0 at isa0
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot)
wsmouse0 at pms0 mux 0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
vscsi0 at root
scsibus4 at vscsi0: 256 targets
softraid0 at root
scsibus5 at softraid0: 256 targets
root on sd0a (d3de7339e9421b70.a) swap on sd0b dump on sd0b
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
fd1 at fdc0 drive 1: density unknown
hw.machine=amd64
hw.model=Intel(R) Core(TM) i7-8550U CPU @ 1.80GHz
hw.ncpu=1
hw.byteorder=1234
hw.pagesize=4096
hw.disknames=sd0:d3de7339e

ospfd: warn when a neighbor changes its ip address

2019-08-11 Thread Remi Locherer
I'd like to get a notification when a neighbor changes the src IP address
for hello packets. Either it is a planned change or something bad happens
in the network.

OK?

Remi


Index: hello.c
===
RCS file: /cvs/src/usr.sbin/ospfd/hello.c,v
retrieving revision 1.23
diff -u -p -r1.23 hello.c
--- hello.c 15 Jul 2019 18:26:39 -  1.23
+++ hello.c 11 Aug 2019 09:36:13 -
@@ -189,10 +189,16 @@ recv_hello(struct iface *iface, struct i
nbr->dr.s_addr = hello.d_rtr;
nbr->bdr.s_addr = hello.bd_rtr;
nbr->priority = hello.rtr_priority;
+   /* XXX neighbor address shouldn't be stored on virtual links */
+   nbr->addr.s_addr = src.s_addr;
+   }
+
+   if (nbr->addr.s_addr != src.s_addr) {
+   log_warnx("%s: neighbor ID %s changed its IP address",
+   __func__, inet_ntoa(nbr->id));
+   nbr->addr.s_addr = src.s_addr;
}
 
-   /* actually the neighbor address shouldn't be stored on virtual links */
-   nbr->addr.s_addr = src.s_addr;
nbr->options = hello.opts;
 
nbr_fsm(nbr, NBR_EVT_HELLO_RCVD);



ospfd: check dst addr for hello packets

2019-08-11 Thread Remi Locherer
When ospfd receives a hello packet it takes the src IP address and updates
the address in its neighbor struct for the given router id unconditionally.

In the case of broadcast interfaces this is not a problem:
find_iface() checks that the src address is from the same subnet as
the receiving interface is. It is best practice to only enable ospf in a
subnet where you control all routers.

But in the case of point-to-point interfaces no sanity checks happen on the
src or dst IP address.

RFC 2328 says in "9.5. Sending Hello packets":
On broadcast networks and physical point-to-point networks,
Hello packets are sent every HelloInterval seconds to the IP
multicast address AllSPFRouters.


I verified that ospfd does it like that. Also FastIron and Junos follow
this.

I propose that we add a check and only accept hellos on point-to-point and
broadcast interfaces when the destination is 224.0.0.5 (AllSPFRouters).

The check for AllDRouters is not needed in addition to the proposed check.

OK?

Remi


Index: packet.c
===
RCS file: /cvs/src/usr.sbin/ospfd/packet.c,v
retrieving revision 1.32
diff -u -p -r1.32 packet.c
--- packet.c15 Jul 2019 18:26:39 -  1.32
+++ packet.c11 Aug 2019 09:17:51 -
@@ -219,12 +219,16 @@ recv_packet(int fd, short event, void *b
/* switch OSPF packet type */
switch (ospf_hdr->type) {
case PACKET_TYPE_HELLO:
-   inet_aton(AllDRouters, &addr);
-   if (ip_hdr.ip_dst.s_addr == addr.s_addr) {
-   log_debug("recv_packet: invalid destination IP "
-"address");
-   break;
-   }
+   inet_aton(AllSPFRouters, &addr);
+   if (iface->type == IF_TYPE_BROADCAST ||
+   iface->type == IF_TYPE_POINTOPOINT)
+   if (ip_hdr.ip_dst.s_addr != addr.s_addr) {
+   log_warnx("%s: hello ignored on interface %s, "
+   "invalid destination IP address %s",
+   __func__, iface->name,
+   inet_ntoa(ip_hdr.ip_dst));
+   break;
+   }
 
recv_hello(iface, ip_hdr.ip_src, ospf_hdr->rtr_id, buf, len);
break;



Re: tpmr(4): 802.1Q Two-Port MAC Relay

2019-07-30 Thread Remi Locherer
On Tue, Jul 30, 2019 at 01:36:59PM +1000, David Gwynne wrote:
> a Two-Port MAC Relay is basically a cut down bridge(4). it only supports
> two ports, and unconditionally relays packets between those ports
> instead of doing learning or anything like that.
> 
> i've been trying to get a redundant pair of bridges set up between two
> datacenters here to help me while i migrate between them. so far all my
> efforts to make it redundant have mostly worked, until they introduced
> loops in the layer 2 topology, which generates a broadcast storm, which
> basically takes the net down for a few minutes at a time. it's feels
> very betraying.
> 
> my frustration is that switches plugged together have mechanisms to
> prevent loops like that, more specifically they use spanning tree or
> lacp to make appropriate use of redundant links. i got to a point where
> i just wanted the switches to talk to each other and do their own thing
> to negotiate use of the redundant links.
> 
> unfortunately the only way to get ethernet packets off a physical
> wire and onto a tunnel over an ip network is bridge(4), and bridge(4)
> tries to be a compliant switch from a standards point of view. this
> means it intercepts packets that are meant to be processed by bridges,
> because it is a bridge. these types of packets include spanning tree and
> lacp, which means i couldnt get the physical switches at each site to
> talk to each other. sadface.
> 
> so to solve my problem i hacked up a small driver that did less than
> bridge(4). however, it turns out that what i hacked up is an actual
> thing that already exists as something done in the real world. IEEE
> 802.1Q describes TPMR, which is defined as intercepting far less
> than a real bridge does. one of the appendices specifically describes
> lacp going through one, which is exactly what i wanted. cisco does
> something like this with their layer 2 cross-connects (search for cisco
> xconnect for examples), juniper has l2circuits, and so on.
> 
> the way i'm using this is like below. i have a pair of bridges in each
> datacenter, so 4 boxes in total. they peer directly with the ip network
> that sits between the datacenter. each box has a 4 physical network
> ports. 2 of those ports are configured with aggr(4) and talk IP into the
> core network. the other two ports are connected to the switches at
> each site for use with tpmr. there's 2 etherip interfaces configured on
> each physical box, each of which is connected to the tpmr.
> 
> all that together looks a bit like the following:
> 
>  +-+ +--+  +---+ +-+
>  |d|-|ix2 <-> tpmr0 <-> etherip0|--|etherip0 <-> tpmr0 <-> ixl0|-|d|
>  |c| |  |  |   | |c|
>  |0|-|ix3 <-> tpmr1 <-> etherip1|--|etherip1 <-> tpmr1 <-> ixl1|-|1|
>  ||| +--+ \  / +---+ |||
>  |s| dc0-bridge0   \/  dc1-bridge0   |s|
>  |w|   /\|w|
>  |i| +--+ /  \ +---+ |i|
>  |t|-|ix2 <-> tpmr0 <-> etherip0|--|etherip0 <-> tpmr0 <-> ixl0|-|t|
>  |c| |  |  |   | |c|
>  |h|-|ix3 <-> tpmr1 <-> etherip1|--|etherip1 <-> tpmr1 <-> ixl1|-|h|
>  +-+ +--+  +---+ +-+
>  dc0-bridge1   dc1-bridge1
> 
> each switch has a 4 port port-channel (lacp aggregation) set up. because
> each physical interface on the bridges are tied to a single tunnel, the
> packets effectively traverse a point-to-point link, ie, a really
> complicated wire. because lacp makes it from each point to the other
> point, the switches make sure only active lacp ports are used, which
> avoids layer 2 loops. lacp also means i get to use all the links when
> theyre available.
> 
> with the topology above i can lose a bridge at each site and should
> still have a working link to the other side, so i get my redundancy. the
> use of the extra links with lacp is a bonus. at this point i would have
> been happy for spanning tree to shut links down.
> 
> anyway, here's the code.
> 
> it was originally called xcon(4) since it provides a software
> cross-connect, but i changed my mind after looking at 802.1Q. it might
> be unfair to refer to 802.1Q because tpmr(4) does none of the filtering
> that the spec says it should. i just needed it to work though.
> 
> the guts of it is tpmr_input(). it basically gets the rxed packet from
> one port and enqueues it for tranmission immediately on the other port.
> it does run bpf though, and supports filtering on bpf, which has been
> handy for us when we needed to test taking bpdus off the wire for a bit.
> 
> because it does such a small amount of work, it is relatively fast.
> hrvoje popovski has given it a quick spin and seen the following
> results o

ospfd: improve logging when sendig packets fail

2019-07-14 Thread Remi Locherer
Hi,

I'd like to improve ospfd's logging when sending a packet fails.

I got a debug output from a ospfd user which contains "send packet: error ...".
I guess ospfd failed to send an ls ack. With below diff applied it would be
clear which packet could not be sent and to which neighbor.

OK?

Remi

Index: database.c
===
RCS file: /cvs/src/usr.sbin/ospfd/database.c,v
retrieving revision 1.33
diff -u -p -r1.33 database.c
--- database.c  18 Feb 2016 15:33:24 -  1.33
+++ database.c  13 Jul 2019 14:08:10 -
@@ -43,7 +43,6 @@ send_db_description(struct nbr *nbr)
struct db_dscrp_hdr  dd_hdr;
struct lsa_entry*le, *nle;
struct ibuf *buf;
-   int  ret = 0;
u_int8_t bits = 0;
 
if ((buf = ibuf_open(nbr->iface->mtu - sizeof(struct ip))) == NULL)
@@ -66,8 +65,7 @@ send_db_description(struct nbr *nbr)
log_debug("send_db_description: neighbor ID %s: "
"cannot send packet in state %s", inet_ntoa(nbr->id),
nbr_state_name(nbr->state));
-   ret = -1;
-   goto done;
+   goto fail;
case NBR_STA_XSTRT:
bits |= OSPF_DBD_MS | OSPF_DBD_M | OSPF_DBD_I;
nbr->dd_more = 1;
@@ -150,12 +148,13 @@ send_db_description(struct nbr *nbr)
goto fail;
 
/* transmit packet */
-   ret = send_packet(nbr->iface, buf, &dst);
-done:
+   if (send_packet(nbr->iface, buf, &dst) == -1)
+   goto fail;
+
ibuf_free(buf);
-   return (ret);
+   return (0);
 fail:
-   log_warn("send_db_description");
+   log_warn("%s", __func__);
ibuf_free(buf);
return (-1);
 }
Index: hello.c
===
RCS file: /cvs/src/usr.sbin/ospfd/hello.c,v
retrieving revision 1.22
diff -u -p -r1.22 hello.c
--- hello.c 22 Feb 2018 07:42:38 -  1.22
+++ hello.c 13 Jul 2019 14:03:27 -
@@ -41,7 +41,6 @@ send_hello(struct iface *iface)
struct hello_hdr hello;
struct nbr  *nbr;
struct ibuf *buf;
-   int  ret;
 
dst.sin_family = AF_INET;
dst.sin_len = sizeof(struct sockaddr_in);
@@ -103,11 +102,13 @@ send_hello(struct iface *iface)
if (auth_gen(buf, iface))
goto fail;
 
-   ret = send_packet(iface, buf, &dst);
+   if (send_packet(iface, buf, &dst) == -1)
+   goto fail;
+
ibuf_free(buf);
-   return (ret);
+   return (0);
 fail:
-   log_warn("send_hello");
+   log_warn("%s", __func__);
ibuf_free(buf);
return (-1);
 }
Index: lsack.c
===
RCS file: /cvs/src/usr.sbin/ospfd/lsack.c,v
retrieving revision 1.21
diff -u -p -r1.21 lsack.c
--- lsack.c 25 Oct 2014 03:23:49 -  1.21
+++ lsack.c 13 Jul 2019 14:04:59 -
@@ -59,7 +59,6 @@ int
 send_ls_ack(struct iface *iface, struct in_addr addr, struct ibuf *buf)
 {
struct sockaddr_in  dst;
-   int ret;
 
/* update authentication and calculate checksum */
if (auth_gen(buf, iface)) {
@@ -71,8 +70,11 @@ send_ls_ack(struct iface *iface, struct 
dst.sin_len = sizeof(struct sockaddr_in);
dst.sin_addr.s_addr = addr.s_addr;
 
-   ret = send_packet(iface, buf, &dst);
-   return (ret);
+   if (send_packet(iface, buf, &dst) == -1) {
+   log_warn("%s", __func__);
+   return (-1);
+   }
+   return (0);
 }
 
 int
Index: lsreq.c
===
RCS file: /cvs/src/usr.sbin/ospfd/lsreq.c,v
retrieving revision 1.20
diff -u -p -r1.20 lsreq.c
--- lsreq.c 17 Jan 2013 09:02:22 -  1.20
+++ lsreq.c 13 Jul 2019 14:04:00 -
@@ -37,7 +37,6 @@ send_ls_req(struct nbr *nbr)
struct ls_req_hdrls_req_hdr;
struct lsa_entry*le, *nle;
struct ibuf *buf;
-   int  ret;
 
if ((buf = ibuf_open(nbr->iface->mtu - sizeof(struct ip))) == NULL)
fatal("send_ls_req");
@@ -80,12 +79,13 @@ send_ls_req(struct nbr *nbr)
if (auth_gen(buf, nbr->iface))
goto fail;
 
-   ret = send_packet(nbr->iface, buf, &dst);
+   if (send_packet(nbr->iface, buf, &dst) == -1)
+   goto fail;
 
ibuf_free(buf);
-   return (ret);
+   return (0);
 fail:
-   log_warn("send_ls_req");
+   log_warn("%s", __func__);
ibuf_free(buf);
return (-1);
 }
Index: lsupdate.c
===
RCS file: /cvs/src/usr.sbin/ospfd/lsupdate.c,v
retrieving revision 1.45
diff -u -p -r1.45 lsupdate.c
--- lsupdate.c  26 Dec 2016 17

Re: ospfd: point-to-point on ethernet interfaces

2019-07-04 Thread Remi Locherer
On Thu, Jul 04, 2019 at 09:20:59AM +0300, Kapetanakis Giannis wrote:
> Hi,
> 
> This does not work for me with IOS.
> 
> neighbor is full,
> rib is ok
> fib does not list the routes to IOS and
> routing table is not updated on BSD
> 
> On IOS I do have the loopback route the BSD is announcing.

Thank you for testing!

Can you send me your ospfd.conf, the output from ospfd -dv and the output
from tcpdump showing the ospf traffic?

> On 24/06/2019 01:33, Remi Locherer wrote:
> > Diff below adds to ospfd point to point support for Ethernet interfaces.
> > I successfully tested this against Junos and FastIron.
> >
> > I first made the key word in the config "point-to-point". But then I
> > changed to "type p2p". The later would allow for "type nbma" or "type p2mp"
> > should we implement these types.
> >
> > On Junos it looks like this:
> >
> > area 0.0.0.0 {
> > interface ge-0/0/1.0 {
> > interface-type p2p;
> > }
> > }
> >
> > On FastIron it's similar to IOS:
> >
> > interface ethernet 1/2/1
> >  ip address 10.10.10.5 255.255.255.0
> >  ip ospf area 0
> >  ip ospf network point-to-point
> >
> > Comments, test reports and OKs are welcome.
> >
> > Remi
> >
> >
> > Index: interface.c
> > ===
> > RCS file: /cvs/src/usr.sbin/ospfd/interface.c,v
> > retrieving revision 1.82
> > diff -u -p -r1.82 interface.c
> > --- interface.c 11 Mar 2018 13:16:49 -  1.82
> > +++ interface.c 23 Jun 2019 11:27:57 -
> > @@ -190,6 +190,8 @@ if_new(struct kif *kif, struct kif_addr 
> > if (kif->flags & IFF_BROADCAST &&
> > kif->flags & IFF_MULTICAST)
> > iface->type = IF_TYPE_BROADCAST;
> > +   if (iface->p2p)
> > +   iface->type = IF_TYPE_POINTOPOINT;
> > if (kif->flags & IFF_LOOPBACK) {
> > iface->type = IF_TYPE_POINTOPOINT;
> > iface->passive = 1;
> > @@ -351,6 +353,9 @@ if_act_start(struct iface *iface)
> > orig_rtr_lsa(iface->area);
> > return (0);
> > }
> > +
> > +   if (iface->p2p)
> > +   iface->type = IF_TYPE_POINTOPOINT;
> >  
> > switch (iface->type) {
> > case IF_TYPE_POINTOPOINT:
> > Index: ospfd.c
> > ===
> > RCS file: /cvs/src/usr.sbin/ospfd/ospfd.c,v
> > retrieving revision 1.108
> > diff -u -p -r1.108 ospfd.c
> > --- ospfd.c 16 May 2019 05:49:22 -  1.108
> > +++ ospfd.c 23 Jun 2019 21:06:44 -
> > @@ -911,6 +911,22 @@ merge_interfaces(struct area *a, struct 
> > if_fsm(i, IF_EVT_UP);
> > }
> >  
> > +   if (i->p2p != xi->p2p) {
> > +   /* re-add interface to enable or disable DR election */
> > +   if (ospfd_process == PROC_OSPF_ENGINE)
> > +   if_fsm(i, IF_EVT_DOWN);
> > +   else if (ospfd_process == PROC_RDE_ENGINE)
> > +   rde_nbr_iface_del(i);
> > +   LIST_REMOVE(i, entry);
> > +   if_del(i);
> > +   LIST_REMOVE(xi, entry);
> > +   LIST_INSERT_HEAD(&a->iface_list, xi, entry);
> > +   xi->area = a;
> > +   if (ospfd_process == PROC_OSPF_ENGINE)
> > +   xi->state = IF_STA_NEW;
> > +   continue;
> > +   }
> > +
> > strlcpy(i->dependon, xi->dependon,
> > sizeof(i->dependon));
> > i->depend_ok = xi->depend_ok;
> > Index: ospfd.conf.5
> > ===
> > RCS file: /cvs/src/usr.sbin/ospfd/ospfd.conf.5,v
> > retrieving revision 1.57
> > diff -u -p -r1.57 ospfd.conf.5
> > --- ospfd.conf.510 Jun 2019 06:07:15 -  1.57
> > +++ ospfd.conf.523 Jun 2019 22:10:32 -
> > @@ -419,6 +419,9 @@ Router.
> >  .It Ic transmit-delay Ar seconds
> >  Set the transmit delay.
> >  The default value is 1; valid range is 1\-3600 seconds.
> > +.It Ic type p2p
> > +Set the interface type to point to point.
> > +This disables the election of a DR and BDR for the given interface.
> >  .El
> >  .Sh FILES
> >  .Bl -tag

Re: ospfd: point-to-point on ethernet interfaces

2019-07-02 Thread Remi Locherer
ping

On Mon, Jun 24, 2019 at 12:33:16AM +0200, Remi Locherer wrote:
> Diff below adds to ospfd point to point support for Ethernet interfaces.
> I successfully tested this against Junos and FastIron.
> 
> I first made the key word in the config "point-to-point". But then I
> changed to "type p2p". The later would allow for "type nbma" or "type p2mp"
> should we implement these types.
> 
> On Junos it looks like this:
> 
> area 0.0.0.0 {
> interface ge-0/0/1.0 {
> interface-type p2p;
> }
> }
> 
> On FastIron it's similar to IOS:
> 
> interface ethernet 1/2/1
>  ip address 10.10.10.5 255.255.255.0
>  ip ospf area 0
>  ip ospf network point-to-point
> 
> Comments, test reports and OKs are welcome.
> 
> Remi
> 
> 
> Index: interface.c
> ===
> RCS file: /cvs/src/usr.sbin/ospfd/interface.c,v
> retrieving revision 1.82
> diff -u -p -r1.82 interface.c
> --- interface.c   11 Mar 2018 13:16:49 -  1.82
> +++ interface.c   23 Jun 2019 11:27:57 -
> @@ -190,6 +190,8 @@ if_new(struct kif *kif, struct kif_addr 
>   if (kif->flags & IFF_BROADCAST &&
>   kif->flags & IFF_MULTICAST)
>   iface->type = IF_TYPE_BROADCAST;
> + if (iface->p2p)
> + iface->type = IF_TYPE_POINTOPOINT;
>   if (kif->flags & IFF_LOOPBACK) {
>   iface->type = IF_TYPE_POINTOPOINT;
>   iface->passive = 1;
> @@ -351,6 +353,9 @@ if_act_start(struct iface *iface)
>   orig_rtr_lsa(iface->area);
>   return (0);
>   }
> +
> + if (iface->p2p)
> + iface->type = IF_TYPE_POINTOPOINT;
>  
>   switch (iface->type) {
>   case IF_TYPE_POINTOPOINT:
> Index: ospfd.c
> ===
> RCS file: /cvs/src/usr.sbin/ospfd/ospfd.c,v
> retrieving revision 1.108
> diff -u -p -r1.108 ospfd.c
> --- ospfd.c   16 May 2019 05:49:22 -  1.108
> +++ ospfd.c   23 Jun 2019 21:06:44 -
> @@ -911,6 +911,22 @@ merge_interfaces(struct area *a, struct 
>   if_fsm(i, IF_EVT_UP);
>   }
>  
> + if (i->p2p != xi->p2p) {
> + /* re-add interface to enable or disable DR election */
> + if (ospfd_process == PROC_OSPF_ENGINE)
> + if_fsm(i, IF_EVT_DOWN);
> + else if (ospfd_process == PROC_RDE_ENGINE)
> + rde_nbr_iface_del(i);
> + LIST_REMOVE(i, entry);
> + if_del(i);
> + LIST_REMOVE(xi, entry);
> + LIST_INSERT_HEAD(&a->iface_list, xi, entry);
> + xi->area = a;
> + if (ospfd_process == PROC_OSPF_ENGINE)
> + xi->state = IF_STA_NEW;
> + continue;
> + }
> +
>   strlcpy(i->dependon, xi->dependon,
>   sizeof(i->dependon));
>   i->depend_ok = xi->depend_ok;
> Index: ospfd.conf.5
> ===
> RCS file: /cvs/src/usr.sbin/ospfd/ospfd.conf.5,v
> retrieving revision 1.57
> diff -u -p -r1.57 ospfd.conf.5
> --- ospfd.conf.5  10 Jun 2019 06:07:15 -  1.57
> +++ ospfd.conf.5  23 Jun 2019 22:10:32 -
> @@ -419,6 +419,9 @@ Router.
>  .It Ic transmit-delay Ar seconds
>  Set the transmit delay.
>  The default value is 1; valid range is 1\-3600 seconds.
> +.It Ic type p2p
> +Set the interface type to point to point.
> +This disables the election of a DR and BDR for the given interface.
>  .El
>  .Sh FILES
>  .Bl -tag -width "/etc/ospfd.conf" -compact
> Index: ospfd.h
> ===
> RCS file: /cvs/src/usr.sbin/ospfd/ospfd.h,v
> retrieving revision 1.104
> diff -u -p -r1.104 ospfd.h
> --- ospfd.h   16 May 2019 05:49:22 -  1.104
> +++ ospfd.h   23 Jun 2019 11:28:24 -
> @@ -363,6 +363,7 @@ struct iface {
>   u_int8_t linkstate;
>   u_int8_t priority;
>   u_int8_t passive;
> + u_int8_t p2p;
>  };
>  
>  struct ifaddrchange {
> Index: parse.y
> ===
> RCS file: /cvs/src/usr.sbin/ospfd/parse.y,v
> retrieving revision 1.98
> diff -u -p -r1.98 parse.y
> --- parse.y   7 Ju

ospfd: point-to-point on ethernet interfaces

2019-06-23 Thread Remi Locherer
Diff below adds to ospfd point to point support for Ethernet interfaces.
I successfully tested this against Junos and FastIron.

I first made the key word in the config "point-to-point". But then I
changed to "type p2p". The later would allow for "type nbma" or "type p2mp"
should we implement these types.

On Junos it looks like this:

area 0.0.0.0 {
interface ge-0/0/1.0 {
interface-type p2p;
}
}

On FastIron it's similar to IOS:

interface ethernet 1/2/1
 ip address 10.10.10.5 255.255.255.0
 ip ospf area 0
 ip ospf network point-to-point

Comments, test reports and OKs are welcome.

Remi


Index: interface.c
===
RCS file: /cvs/src/usr.sbin/ospfd/interface.c,v
retrieving revision 1.82
diff -u -p -r1.82 interface.c
--- interface.c 11 Mar 2018 13:16:49 -  1.82
+++ interface.c 23 Jun 2019 11:27:57 -
@@ -190,6 +190,8 @@ if_new(struct kif *kif, struct kif_addr 
if (kif->flags & IFF_BROADCAST &&
kif->flags & IFF_MULTICAST)
iface->type = IF_TYPE_BROADCAST;
+   if (iface->p2p)
+   iface->type = IF_TYPE_POINTOPOINT;
if (kif->flags & IFF_LOOPBACK) {
iface->type = IF_TYPE_POINTOPOINT;
iface->passive = 1;
@@ -351,6 +353,9 @@ if_act_start(struct iface *iface)
orig_rtr_lsa(iface->area);
return (0);
}
+
+   if (iface->p2p)
+   iface->type = IF_TYPE_POINTOPOINT;
 
switch (iface->type) {
case IF_TYPE_POINTOPOINT:
Index: ospfd.c
===
RCS file: /cvs/src/usr.sbin/ospfd/ospfd.c,v
retrieving revision 1.108
diff -u -p -r1.108 ospfd.c
--- ospfd.c 16 May 2019 05:49:22 -  1.108
+++ ospfd.c 23 Jun 2019 21:06:44 -
@@ -911,6 +911,22 @@ merge_interfaces(struct area *a, struct 
if_fsm(i, IF_EVT_UP);
}
 
+   if (i->p2p != xi->p2p) {
+   /* re-add interface to enable or disable DR election */
+   if (ospfd_process == PROC_OSPF_ENGINE)
+   if_fsm(i, IF_EVT_DOWN);
+   else if (ospfd_process == PROC_RDE_ENGINE)
+   rde_nbr_iface_del(i);
+   LIST_REMOVE(i, entry);
+   if_del(i);
+   LIST_REMOVE(xi, entry);
+   LIST_INSERT_HEAD(&a->iface_list, xi, entry);
+   xi->area = a;
+   if (ospfd_process == PROC_OSPF_ENGINE)
+   xi->state = IF_STA_NEW;
+   continue;
+   }
+
strlcpy(i->dependon, xi->dependon,
sizeof(i->dependon));
i->depend_ok = xi->depend_ok;
Index: ospfd.conf.5
===
RCS file: /cvs/src/usr.sbin/ospfd/ospfd.conf.5,v
retrieving revision 1.57
diff -u -p -r1.57 ospfd.conf.5
--- ospfd.conf.510 Jun 2019 06:07:15 -  1.57
+++ ospfd.conf.523 Jun 2019 22:10:32 -
@@ -419,6 +419,9 @@ Router.
 .It Ic transmit-delay Ar seconds
 Set the transmit delay.
 The default value is 1; valid range is 1\-3600 seconds.
+.It Ic type p2p
+Set the interface type to point to point.
+This disables the election of a DR and BDR for the given interface.
 .El
 .Sh FILES
 .Bl -tag -width "/etc/ospfd.conf" -compact
Index: ospfd.h
===
RCS file: /cvs/src/usr.sbin/ospfd/ospfd.h,v
retrieving revision 1.104
diff -u -p -r1.104 ospfd.h
--- ospfd.h 16 May 2019 05:49:22 -  1.104
+++ ospfd.h 23 Jun 2019 11:28:24 -
@@ -363,6 +363,7 @@ struct iface {
u_int8_t linkstate;
u_int8_t priority;
u_int8_t passive;
+   u_int8_t p2p;
 };
 
 struct ifaddrchange {
Index: parse.y
===
RCS file: /cvs/src/usr.sbin/ospfd/parse.y,v
retrieving revision 1.98
diff -u -p -r1.98 parse.y
--- parse.y 7 Jun 2019 04:57:45 -   1.98
+++ parse.y 23 Jun 2019 22:04:22 -
@@ -129,7 +129,7 @@ typedef struct {
 %token AREA INTERFACE ROUTERID FIBPRIORITY FIBUPDATE REDISTRIBUTE RTLABEL
 %token RDOMAIN RFC1583COMPAT STUB ROUTER SPFDELAY SPFHOLDTIME EXTTAG
 %token AUTHKEY AUTHTYPE AUTHMD AUTHMDKEYID
-%token METRIC PASSIVE
+%token METRIC P2P PASSIVE
 %token HELLOINTERVAL FASTHELLOINTERVAL TRANSMITDELAY
 %token RETRANSMITINTERVAL ROUTERDEADTIME ROUTERPRIORITY
 %token SET TYPE
@@ -743,6 +743,7 @@ interfaceopts_l : interfaceopts_l interf
;
 
 interfaceoptsl : PASSIVE   { iface->passive = 1; }
+   | TYPE P2P  { iface->p2p = 1; }
| DEMOTE STRING {
   

ospf6d: conf_clear_redist_list

2019-06-08 Thread Remi Locherer
Clear unused redist_list the same way as in ospfd.

OK?

Remi


Index: ospf6d.h
===
RCS file: /cvs/src/usr.sbin/ospf6d/ospf6d.h,v
retrieving revision 1.39
diff -u -p -r1.39 ospf6d.h
--- ospf6d.h29 Dec 2018 16:04:31 -  1.39
+++ ospf6d.h8 Jun 2019 13:43:26 -
@@ -364,13 +364,14 @@ struct redistribute {
u_int8_tprefixlen;
chardependon[IFNAMSIZ];
 };
+SIMPLEQ_HEAD(redist_list, redistribute);
 
 struct ospfd_conf {
struct eventev;
struct in_addr  rtr_id;
LIST_HEAD(, area)   area_list;
LIST_HEAD(, vertex) cand_list;
-   SIMPLEQ_HEAD(, redistribute) redist_list;
+   struct redist_list  redist_list;
 
u_int32_t   opts;
 #define OSPFD_OPT_VERBOSE  0x0001
@@ -522,6 +523,7 @@ int  carp_demote_set(char *, int);
 /* parse.y */
 struct ospfd_conf  *parse_config(char *, int);
 int cmdline_symset(char *);
+voidconf_clear_redist_list(struct redist_list *);
 
 /* interface.c */
 int if_init(void);
Index: ospfe.c
===
RCS file: /cvs/src/usr.sbin/ospf6d/ospfe.c,v
retrieving revision 1.55
diff -u -p -r1.55 ospfe.c
--- ospfe.c 1 Sep 2018 19:21:10 -   1.55
+++ ospfe.c 8 Jun 2019 13:56:31 -
@@ -74,7 +74,6 @@ ospfe(struct ospfd_conf *xconf, int pipe
 {
struct area *area;
struct iface*iface;
-   struct redistribute *r;
struct passwd   *pw;
struct event ev_sigint, ev_sigterm;
pid_tpid;
@@ -174,10 +173,7 @@ ospfe(struct ospfd_conf *xconf, int pipe
event_add(&oeconf->ev, NULL);
 
/* remove unneeded config stuff */
-   while ((r = SIMPLEQ_FIRST(&oeconf->redist_list)) != NULL) {
-   SIMPLEQ_REMOVE_HEAD(&oeconf->redist_list, entry);
-   free(r);
-   }
+   conf_clear_redist_list(&oeconf->redist_list);
 
/* listen on ospfd control socket */
TAILQ_INIT(&ctl_conns);
Index: parse.y
===
RCS file: /cvs/src/usr.sbin/ospf6d/parse.y,v
retrieving revision 1.44
diff -u -p -r1.44 parse.y
--- parse.y 26 May 2019 09:27:09 -  1.44
+++ parse.y 8 Jun 2019 16:36:49 -
@@ -1203,6 +1203,16 @@ conf_check_rdomain(u_int rdomain)
 }
 
 void
+conf_clear_redist_list(struct redist_list *rl)
+{
+   struct redistribute *r;
+   while ((r = SIMPLEQ_FIRST(rl)) != NULL) {
+   SIMPLEQ_REMOVE_HEAD(rl, entry);
+   free(r);
+   }
+}
+
+void
 clear_config(struct ospfd_conf *xconf)
 {
struct area *a;
@@ -1211,6 +1221,8 @@ clear_config(struct ospfd_conf *xconf)
LIST_REMOVE(a, entry);
area_del(a);
}
+
+   conf_clear_redist_list(&xconf->redist_list);
 
free(xconf);
 }
Index: rde.c
===
RCS file: /cvs/src/usr.sbin/ospf6d/rde.c,v
retrieving revision 1.79
diff -u -p -r1.79 rde.c
--- rde.c   12 Jul 2018 13:45:03 -  1.79
+++ rde.c   8 Jun 2019 13:56:14 -
@@ -118,7 +118,6 @@ rde(struct ospfd_conf *xconf, int pipe_p
struct event ev_sigint, ev_sigterm;
struct timeval   now;
struct passwd   *pw;
-   struct redistribute *r;
pid_tpid;
 
switch (pid = fork()) {
@@ -200,10 +199,8 @@ rde(struct ospfd_conf *xconf, int pipe_p
cand_list_init();
rt_init();
 
-   while ((r = SIMPLEQ_FIRST(&rdeconf->redist_list)) != NULL) {
-   SIMPLEQ_REMOVE_HEAD(&rdeconf->redist_list, entry);
-   free(r);
-   }
+   /* remove unneeded stuff from config */
+   conf_clear_redist_list(&rdeconf->redist_list);
 
gettimeofday(&now, NULL);
rdeconf->uptime = now.tv_sec;



Re: ospfd: allow specifying area by number as well as id

2019-05-28 Thread Remi Locherer
Hi David,

are you going to commit this?

Remi


On Thu, May 16, 2019 at 11:14:55PM +0200, Remi Locherer wrote:
> On Thu, May 16, 2019 at 09:39:37AM +0200, Sebastian Benoit wrote:
> > 
> > 
> > 
> > Remi Locherer(remi.loche...@relo.ch) on 2019.05.15 23:15:03 +0200:
> > > On Tue, Apr 30, 2019 at 11:10:37PM +0200, Remi Locherer wrote:
> > > > On Mon, Apr 29, 2019 at 11:10:31AM +0100, Stuart Henderson wrote:
> > > > > On 2019/04/29 11:58, Sebastian Benoit wrote:
> > > > > > David Gwynne(da...@gwynne.id.au) on 2019.04.29 19:36:51 +1000:
> > > > > > > 
> > > > > > > 
> > > > > > > > On 29 Apr 2019, at 4:59 pm, Remi Locherer 
> > > > > > > >  wrote:
> > > > > > > > 
> > > > > > > > Hi David
> > > > > > > > 
> > > > > > > > On Mon, Apr 29, 2019 at 11:53:27AM +1000, David Gwynne wrote:
> > > > > > > >> it's always bothered me that i config areas on a crisco using 
> > > > > > > >> a number,
> > > > > > > >> but then have to think hard to convert that number to an 
> > > > > > > >> address for use
> > > > > > > >> in openbsd. eg, i was given area 700 in one place, which is 
> > > > > > > >> 0.0.2.188
> > > > > > > >> as an address. super annoying.
> > > > > > > >> 
> > > > > > > >> so this changes the ospfd parser so it accepts both a number 
> > > > > > > >> or address.
> > > > > > > >> i also changed it so it prints the number by default, which 
> > > > > > > >> may be
> > > > > > > >> contentious. the manpage is slightly tweaked too.
> > > > > > > >> 
> > > > > > > >> thoughts?
> > > > > > > > 
> > > > > > > > I like it to be able to use a number instead of an address!
> > > > > > > > 
> > > > > > > > It worked fine in my short test I performed.
> > > > > > > > 
> > > > > > > > The output with the comment looks a bit strange to me.
> > > > > > > 
> > > > > > > Are you sure it doesn't look... awesome?
> > > > > > 
> > > > > > I like it!
> > > > > 
> > > > > I don't really, but if we change this it needs to be displayed somehow
> > > > > and I don't have an idea to make it look nicer than this (cisco's 
> > > > > method
> > > > > seems pretty horrible and wouldn't work for us anyway - looks like 
> > > > > they
> > > > > remember which format was used to configure an area and use that as
> > > > > the output format...)
> > > > > 
> > > > 
> > > > Maybe it's better when we just allow both input formats but don't change
> > > > any output.
> > > 
> > > Any opinions or comments on this? I think this would be a valuable 
> > > addition
> > > to ospfd.
> > 
> > Yes, and diff is ok benno@
> > 
> 
> David: ok remi@ for your diff without the printconf part.
> 
> > What about ospf6d?
> 
> I'll handle that.
> 
> > 
> > > > 
> > > > Below diff changes ospfctl to accept the address and number format for
> > > > "ospfct show database area XXX".
> > > > 
> > > > 
> > > > Index: parser.c
> > > > ===
> > > > RCS file: /cvs/src/usr.sbin/ospfctl/parser.c,v
> > > > retrieving revision 1.20
> > > > diff -u -p -r1.20 parser.c
> > > > --- parser.c9 May 2011 12:25:35 -   1.20
> > > > +++ parser.c30 Apr 2019 20:28:18 -
> > > > @@ -39,7 +39,8 @@ enum token_type {
> > > > ADDRESS,
> > > > FLAG,
> > > > PREFIX,
> > > > -   IFNAME
> > > > +   IFNAME,
> > > > +   AREA
> > > >  };
> > > >  
> > > >  struct token {
> > > > @@ -107,7 +108,7 @@ static const struct token t_show_db[] = 
> > > >  };
> > > >  
> > >

ospf6d: allow specifying area by number as well as id

2019-05-23 Thread Remi Locherer
Hi tech@,

David sent a diff for ospfd which allows specifying an area by number
as well as id.
--> https://marc.info/?l=openbsd-tech&m=155650284619263&w=2

This diff does the same for ospf6d and ospf6ctl without modifying any
outputs.

OK?

Remi

 
Index: ospf6d/ospf6d.conf.5
===
RCS file: /cvs/src/usr.sbin/ospf6d/ospf6d.conf.5,v
retrieving revision 1.18
diff -u -p -r1.18 ospf6d.conf.5
--- ospf6d/ospf6d.conf.529 Dec 2018 16:04:31 -  1.18
+++ ospf6d/ospf6d.conf.522 May 2019 21:04:58 -
@@ -237,7 +237,7 @@ Areas are used for grouping interfaces.
 All interface-specific parameters can
 be configured per area, overruling the global settings.
 .Bl -tag -width Ds
-.It Ic area Ar address
+.It Ic area Ar address Ns | Ns Ar id
 Specify an area section, grouping one or more interfaces.
 .Bd -literal -offset indent
 area 0.0.0.0 {
Index: ospf6d/parse.y
===
RCS file: /cvs/src/usr.sbin/ospf6d/parse.y,v
retrieving revision 1.43
diff -u -p -r1.43 parse.y
--- ospf6d/parse.y  29 Apr 2019 05:14:38 -  1.43
+++ ospf6d/parse.y  22 May 2019 20:58:26 -
@@ -117,6 +117,7 @@ typedef struct {
int64_t  number;
char*string;
struct redistribute *redist;
+   struct in_addr   id;
} v;
int lineno;
 } YYSTYPE;
@@ -139,6 +140,7 @@ typedef struct {
 %typeyesno no optlist, optlist_l option demotecount
 %typestring dependon
 %typeredistribute
+%typeareaid
 
 %%
 
@@ -456,15 +458,8 @@ comma  : ','
| /*empty*/
;
 
-area   : AREA STRING {
-   struct in_addr  id;
-   if (inet_aton($2, &id) == 0) {
-   yyerror("error parsing area");
-   free($2);
-   YYERROR;
-   }
-   free($2);
-   area = conf_get_area(id);
+area   : AREA areaid {
+   area = conf_get_area($2);
 
memcpy(&areadefs, defs, sizeof(areadefs));
defs = &areadefs;
@@ -476,6 +471,23 @@ area   : AREA STRING {
 
 demotecount: NUMBER{ $$ = $1; }
| /*empty*/ { $$ = 1; }
+   ;
+
+areaid : NUMBER {
+   if ($1 < 0 || $1 > 0x) {
+   yyerror("invalid area id");
+   YYERROR;
+   }
+   $$.s_addr = htonl($1);
+   }
+   | STRING {
+   if (inet_aton($1, &$$) == 0) {
+   yyerror("error parsing area");
+   free($1);
+   YYERROR;
+   }
+   free($1);
+   }
;
 
 areaopts_l : areaopts_l areaoptsl nl
Index: ospf6ctl/ospf6ctl.c
===
RCS file: /cvs/src/usr.sbin/ospf6ctl/ospf6ctl.c,v
retrieving revision 1.49
diff -u -p -r1.49 ospf6ctl.c
--- ospf6ctl/ospf6ctl.c 12 Jul 2018 13:45:03 -  1.49
+++ ospf6ctl/ospf6ctl.c 22 May 2019 20:18:45 -
@@ -170,7 +170,7 @@ main(int argc, char *argv[])
break;
case SHOW_DBBYAREA:
imsg_compose(ibuf, IMSG_CTL_SHOW_DATABASE, 0, 0, -1,
-   &res->addr, sizeof(res->addr));
+   &res->area, sizeof(res->area));
break;
case SHOW_DBEXT:
imsg_compose(ibuf, IMSG_CTL_SHOW_DB_EXT, 0, 0, -1, NULL, 0);
Index: ospf6ctl/parser.c
===
RCS file: /cvs/src/usr.sbin/ospf6ctl/parser.c,v
retrieving revision 1.13
diff -u -p -r1.13 parser.c
--- ospf6ctl/parser.c   17 Nov 2014 21:53:55 -  1.13
+++ ospf6ctl/parser.c   22 May 2019 20:20:17 -
@@ -40,7 +40,8 @@ enum token_type {
ADDRESS,
FLAG,
PREFIX,
-   IFNAME
+   IFNAME,
+   AREA
 };
 
 struct token {
@@ -108,7 +109,7 @@ static const struct token t_show_db[] = 
 };
 
 static const struct token t_show_area[] = {
-   {ADDRESS,   "", NONE,   NULL},
+   {AREA,  "", NONE,   NULL},
{ENDTOKEN,  "", NONE,   NULL}
 };
 
@@ -218,6 +219,14 @@ match_token(const char *word, const stru
res->action = t->value;
}
break;
+   case AREA:
+   if (parse_area(word, &res->area)) {
+   match++;
+   t = &table[i];
+  

Re: ospfd: allow specifying area by number as well as id

2019-05-16 Thread Remi Locherer
On Thu, May 16, 2019 at 09:39:37AM +0200, Sebastian Benoit wrote:
> 
> 
> 
> Remi Locherer(remi.loche...@relo.ch) on 2019.05.15 23:15:03 +0200:
> > On Tue, Apr 30, 2019 at 11:10:37PM +0200, Remi Locherer wrote:
> > > On Mon, Apr 29, 2019 at 11:10:31AM +0100, Stuart Henderson wrote:
> > > > On 2019/04/29 11:58, Sebastian Benoit wrote:
> > > > > David Gwynne(da...@gwynne.id.au) on 2019.04.29 19:36:51 +1000:
> > > > > > 
> > > > > > 
> > > > > > > On 29 Apr 2019, at 4:59 pm, Remi Locherer  
> > > > > > > wrote:
> > > > > > > 
> > > > > > > Hi David
> > > > > > > 
> > > > > > > On Mon, Apr 29, 2019 at 11:53:27AM +1000, David Gwynne wrote:
> > > > > > >> it's always bothered me that i config areas on a crisco using a 
> > > > > > >> number,
> > > > > > >> but then have to think hard to convert that number to an address 
> > > > > > >> for use
> > > > > > >> in openbsd. eg, i was given area 700 in one place, which is 
> > > > > > >> 0.0.2.188
> > > > > > >> as an address. super annoying.
> > > > > > >> 
> > > > > > >> so this changes the ospfd parser so it accepts both a number or 
> > > > > > >> address.
> > > > > > >> i also changed it so it prints the number by default, which may 
> > > > > > >> be
> > > > > > >> contentious. the manpage is slightly tweaked too.
> > > > > > >> 
> > > > > > >> thoughts?
> > > > > > > 
> > > > > > > I like it to be able to use a number instead of an address!
> > > > > > > 
> > > > > > > It worked fine in my short test I performed.
> > > > > > > 
> > > > > > > The output with the comment looks a bit strange to me.
> > > > > > 
> > > > > > Are you sure it doesn't look... awesome?
> > > > > 
> > > > > I like it!
> > > > 
> > > > I don't really, but if we change this it needs to be displayed somehow
> > > > and I don't have an idea to make it look nicer than this (cisco's method
> > > > seems pretty horrible and wouldn't work for us anyway - looks like they
> > > > remember which format was used to configure an area and use that as
> > > > the output format...)
> > > > 
> > > 
> > > Maybe it's better when we just allow both input formats but don't change
> > > any output.
> > 
> > Any opinions or comments on this? I think this would be a valuable addition
> > to ospfd.
> 
> Yes, and diff is ok benno@
> 

David: ok remi@ for your diff without the printconf part.

> What about ospf6d?

I'll handle that.

> 
> > > 
> > > Below diff changes ospfctl to accept the address and number format for
> > > "ospfct show database area XXX".
> > > 
> > > 
> > > Index: parser.c
> > > ===
> > > RCS file: /cvs/src/usr.sbin/ospfctl/parser.c,v
> > > retrieving revision 1.20
> > > diff -u -p -r1.20 parser.c
> > > --- parser.c  9 May 2011 12:25:35 -   1.20
> > > +++ parser.c  30 Apr 2019 20:28:18 -
> > > @@ -39,7 +39,8 @@ enum token_type {
> > >   ADDRESS,
> > >   FLAG,
> > >   PREFIX,
> > > - IFNAME
> > > + IFNAME,
> > > + AREA
> > >  };
> > >  
> > >  struct token {
> > > @@ -107,7 +108,7 @@ static const struct token t_show_db[] = 
> > >  };
> > >  
> > >  static const struct token t_show_area[] = {
> > > - {ADDRESS,   "", NONE,   NULL},
> > > + {AREA,  "", NONE,   NULL},
> > >   {ENDTOKEN,  "", NONE,   NULL}
> > >  };
> > >  
> > > @@ -218,6 +219,14 @@ match_token(const char *word, const stru
> > >   res->action = t->value;
> > >   }
> > >   break;
> > > + case AREA:
> > > + if (parse_area(word, &res->addr)) {
> > > + 

Re: ospfd: allow specifying area by number as well as id

2019-05-15 Thread Remi Locherer
On Tue, Apr 30, 2019 at 11:10:37PM +0200, Remi Locherer wrote:
> On Mon, Apr 29, 2019 at 11:10:31AM +0100, Stuart Henderson wrote:
> > On 2019/04/29 11:58, Sebastian Benoit wrote:
> > > David Gwynne(da...@gwynne.id.au) on 2019.04.29 19:36:51 +1000:
> > > > 
> > > > 
> > > > > On 29 Apr 2019, at 4:59 pm, Remi Locherer  
> > > > > wrote:
> > > > > 
> > > > > Hi David
> > > > > 
> > > > > On Mon, Apr 29, 2019 at 11:53:27AM +1000, David Gwynne wrote:
> > > > >> it's always bothered me that i config areas on a crisco using a 
> > > > >> number,
> > > > >> but then have to think hard to convert that number to an address for 
> > > > >> use
> > > > >> in openbsd. eg, i was given area 700 in one place, which is 0.0.2.188
> > > > >> as an address. super annoying.
> > > > >> 
> > > > >> so this changes the ospfd parser so it accepts both a number or 
> > > > >> address.
> > > > >> i also changed it so it prints the number by default, which may be
> > > > >> contentious. the manpage is slightly tweaked too.
> > > > >> 
> > > > >> thoughts?
> > > > > 
> > > > > I like it to be able to use a number instead of an address!
> > > > > 
> > > > > It worked fine in my short test I performed.
> > > > > 
> > > > > The output with the comment looks a bit strange to me.
> > > > 
> > > > Are you sure it doesn't look... awesome?
> > > 
> > > I like it!
> > 
> > I don't really, but if we change this it needs to be displayed somehow
> > and I don't have an idea to make it look nicer than this (cisco's method
> > seems pretty horrible and wouldn't work for us anyway - looks like they
> > remember which format was used to configure an area and use that as
> > the output format...)
> > 
> 
> Maybe it's better when we just allow both input formats but don't change
> any output.

Any opinions or comments on this? I think this would be a valuable addition
to ospfd.

> 
> Below diff changes ospfctl to accept the address and number format for
> "ospfct show database area XXX".
> 
> 
> Index: parser.c
> ===
> RCS file: /cvs/src/usr.sbin/ospfctl/parser.c,v
> retrieving revision 1.20
> diff -u -p -r1.20 parser.c
> --- parser.c  9 May 2011 12:25:35 -   1.20
> +++ parser.c  30 Apr 2019 20:28:18 -
> @@ -39,7 +39,8 @@ enum token_type {
>   ADDRESS,
>   FLAG,
>   PREFIX,
> - IFNAME
> + IFNAME,
> + AREA
>  };
>  
>  struct token {
> @@ -107,7 +108,7 @@ static const struct token t_show_db[] = 
>  };
>  
>  static const struct token t_show_area[] = {
> - {ADDRESS,   "", NONE,   NULL},
> + {AREA,  "", NONE,   NULL},
>   {ENDTOKEN,  "", NONE,   NULL}
>  };
>  
> @@ -218,6 +219,14 @@ match_token(const char *word, const stru
>   res->action = t->value;
>   }
>   break;
> + case AREA:
> + if (parse_area(word, &res->addr)) {
> + match++;
> + t = &table[i];
> + if (t->value)
> + res->action = t->value;
> + }
> + break;
>   case PREFIX:
>   if (parse_prefix(word, &res->addr, &res->prefixlen)) {
>   match++;
> @@ -274,6 +283,9 @@ show_valid_args(const struct token *tabl
>   case ADDRESS:
>   fprintf(stderr, "  \n");
>   break;
> + case AREA:
> + fprintf(stderr, "  \n");
> + break;
>   case PREFIX:
>   fprintf(stderr, "  [/]\n");
>   break;
> @@ -298,6 +310,32 @@ parse_addr(const char *word, struct in_a
>   bzero(&ina, sizeof(ina));
>  
>   if (inet_pton(AF_INET, word, &ina)) {
> + addr->s_addr = ina.s_addr;
> + return (1);
> + }
> +
> + return (0);
> +}
> +
&

Re: ospfd: do not change router-id on reload if unspecified

2019-05-15 Thread Remi Locherer
On Wed, May 15, 2019 at 03:52:57PM +0200, Denis Fondras wrote:
> When router-id is unspecified, ospfd will choose the lowest IP address of the
> host. I added an area and an IP lower than the existing ones and on reload
> ospfd asked me to restart and did not activate the new area.
> 
> Why would it update the router-id in such a case ?
> 
> This diff changes this behaviour. When router-id is not explicitely changed,
> keep the existing setting.

makes sense to me.
OK remi@

> 
> Index: ospfd.c
> ===
> RCS file: /cvs/src/usr.sbin/ospfd/ospfd.c,v
> retrieving revision 1.107
> diff -u -p -r1.107 ospfd.c
> --- ospfd.c   26 Mar 2019 20:39:33 -  1.107
> +++ ospfd.c   15 May 2019 13:19:52 -
> @@ -185,6 +185,8 @@ main(int argc, char *argv[])
>   kif_clear();
>   exit(1);
>   }
> +if (ospfd_conf->rtr_id.s_addr == 0)
> +ospfd_conf->rtr_id.s_addr = get_rtr_id();
>  
>   if (sockname == NULL) {
>   if (asprintf(&sockname, "%s.%d", OSPFD_SOCKET,
> @@ -641,6 +643,10 @@ ospf_reload(void)
>  
>   if ((xconf = parse_config(conffile, ospfd_conf->opts)) == NULL)
>   return (-1);
> +
> + /* No router-id was specified, keep existing value */
> +if (xconf->rtr_id.s_addr == 0)
> +xconf->rtr_id.s_addr = ospfd_conf->rtr_id.s_addr;
>  
>   /* Abort the reload if rtr_id changed */
>   if (ospfd_conf->rtr_id.s_addr != xconf->rtr_id.s_addr) {
> Index: ospfd.h
> ===
> RCS file: /cvs/src/usr.sbin/ospfd/ospfd.h,v
> retrieving revision 1.103
> diff -u -p -r1.103 ospfd.h
> --- ospfd.h   28 Dec 2018 19:25:10 -  1.103
> +++ ospfd.h   15 May 2019 13:19:52 -
> @@ -561,6 +561,7 @@ intcarp_demote_set(char *, int);
>  
>  /* parse.y */
>  struct ospfd_conf*parse_config(char *, int);
> +u_int32_t get_rtr_id(void);
>  int   cmdline_symset(char *);
>  void  conf_clear_redist_list(struct redist_list *);
>  
> Index: parse.y
> ===
> RCS file: /cvs/src/usr.sbin/ospfd/parse.y,v
> retrieving revision 1.96
> diff -u -p -r1.96 parse.y
> --- parse.y   29 Apr 2019 05:14:38 -  1.96
> +++ parse.y   15 May 2019 13:19:52 -
> @@ -83,7 +83,6 @@ int  symset(const char *, const char *,
>  char *symget(const char *);
>  
>  void  clear_config(struct ospfd_conf *xconf);
> -u_int32_t get_rtr_id(void);
>  int   host(const char *, struct in_addr *, struct in_addr *);
>  
>  static struct ospfd_conf *conf;
> @@ -1253,9 +1252,6 @@ parse_config(char *filename, int opts)
>   clear_config(conf);
>   return (NULL);
>   }
> -
> - if (conf->rtr_id.s_addr == 0)
> - conf->rtr_id.s_addr = get_rtr_id();
>  
>   return (conf);
>  }
> 



Re: ospfd: allow specifying area by number as well as id

2019-04-30 Thread Remi Locherer
On Mon, Apr 29, 2019 at 11:10:31AM +0100, Stuart Henderson wrote:
> On 2019/04/29 11:58, Sebastian Benoit wrote:
> > David Gwynne(da...@gwynne.id.au) on 2019.04.29 19:36:51 +1000:
> > > 
> > > 
> > > > On 29 Apr 2019, at 4:59 pm, Remi Locherer  wrote:
> > > > 
> > > > Hi David
> > > > 
> > > > On Mon, Apr 29, 2019 at 11:53:27AM +1000, David Gwynne wrote:
> > > >> it's always bothered me that i config areas on a crisco using a number,
> > > >> but then have to think hard to convert that number to an address for 
> > > >> use
> > > >> in openbsd. eg, i was given area 700 in one place, which is 0.0.2.188
> > > >> as an address. super annoying.
> > > >> 
> > > >> so this changes the ospfd parser so it accepts both a number or 
> > > >> address.
> > > >> i also changed it so it prints the number by default, which may be
> > > >> contentious. the manpage is slightly tweaked too.
> > > >> 
> > > >> thoughts?
> > > > 
> > > > I like it to be able to use a number instead of an address!
> > > > 
> > > > It worked fine in my short test I performed.
> > > > 
> > > > The output with the comment looks a bit strange to me.
> > > 
> > > Are you sure it doesn't look... awesome?
> > 
> > I like it!
> 
> I don't really, but if we change this it needs to be displayed somehow
> and I don't have an idea to make it look nicer than this (cisco's method
> seems pretty horrible and wouldn't work for us anyway - looks like they
> remember which format was used to configure an area and use that as
> the output format...)
> 

Maybe it's better when we just allow both input formats but don't change
any output.

Below diff changes ospfctl to accept the address and number format for
"ospfct show database area XXX".


Index: parser.c
===
RCS file: /cvs/src/usr.sbin/ospfctl/parser.c,v
retrieving revision 1.20
diff -u -p -r1.20 parser.c
--- parser.c9 May 2011 12:25:35 -   1.20
+++ parser.c30 Apr 2019 20:28:18 -
@@ -39,7 +39,8 @@ enum token_type {
ADDRESS,
FLAG,
PREFIX,
-   IFNAME
+   IFNAME,
+   AREA
 };
 
 struct token {
@@ -107,7 +108,7 @@ static const struct token t_show_db[] = 
 };
 
 static const struct token t_show_area[] = {
-   {ADDRESS,   "", NONE,   NULL},
+   {AREA,  "", NONE,   NULL},
{ENDTOKEN,  "", NONE,   NULL}
 };
 
@@ -218,6 +219,14 @@ match_token(const char *word, const stru
res->action = t->value;
}
break;
+   case AREA:
+   if (parse_area(word, &res->addr)) {
+   match++;
+   t = &table[i];
+   if (t->value)
+   res->action = t->value;
+   }
+   break;
case PREFIX:
if (parse_prefix(word, &res->addr, &res->prefixlen)) {
match++;
@@ -274,6 +283,9 @@ show_valid_args(const struct token *tabl
case ADDRESS:
fprintf(stderr, "  \n");
break;
+   case AREA:
+   fprintf(stderr, "  \n");
+   break;
case PREFIX:
fprintf(stderr, "  [/]\n");
break;
@@ -298,6 +310,32 @@ parse_addr(const char *word, struct in_a
bzero(&ina, sizeof(ina));
 
if (inet_pton(AF_INET, word, &ina)) {
+   addr->s_addr = ina.s_addr;
+   return (1);
+   }
+
+   return (0);
+}
+
+int
+parse_area(const char *word, struct in_addr *addr)
+{
+   struct in_addr   ina;
+   const char  *errstr;
+
+   if (word == NULL)
+   return (0);
+
+   bzero(addr, sizeof(struct in_addr));
+   bzero(&ina, sizeof(ina));
+
+   if (inet_pton(AF_INET, word, &ina)) {
+   addr->s_addr = ina.s_addr;
+   return (1);
+   }
+
+   ina.s_addr = htonl(strtonum(word, 0, 0x, &errstr));
+   if (errstr == NULL) {
addr->s_addr = ina.s_addr;
return (1);
}
Index: parser.h
===
RCS file: /cvs/src/usr.sbin/ospfctl/parser.h,v
retrieving revision 1.13
diff -u -p -r1.13 parser.h
--- parser.h9 May 2011 12:25:35 -   1.13
+++ parser.h30 Apr 2019 20:28:52 -
@@ -64,6 +64,7 @@ struct parse_result {
 
 struct parse_result*parse(int, char *[]);
 int parse_addr(const char *, struct in_addr *);
+int parse_area(const char *, struct in_addr *);
 int parse_prefix(const char *, struct in_addr *,
 u_int8_t *);
 



Re: ospfd: allow specifying area by number as well as id

2019-04-28 Thread Remi Locherer
Hi David

On Mon, Apr 29, 2019 at 11:53:27AM +1000, David Gwynne wrote:
> it's always bothered me that i config areas on a crisco using a number,
> but then have to think hard to convert that number to an address for use
> in openbsd. eg, i was given area 700 in one place, which is 0.0.2.188
> as an address. super annoying.
> 
> so this changes the ospfd parser so it accepts both a number or address.
> i also changed it so it prints the number by default, which may be
> contentious. the manpage is slightly tweaked too.
> 
> thoughts?

I like it to be able to use a number instead of an address!

It worked fine in my short test I performed.

The output with the comment looks a bit strange to me.

typhoon ..sbin/ospfd$ doas obj/ospfd -nv 

router-id 0.0.0.7
fib-update yes
fib-priority 32
rfc1583compat no
spf-delay msec 1000
spf-holdtime msec 5000

area 7 { # 0.0.0.7
 ^
interface pair7:10.77.77.1 {
metric 10
retransmit-interval 5
router-dead-time 40


I'd prefer if we settle for one output format and then use only that. The
number format is more common but that would be a change for the users. I'm
fine with either format for outputs.

There is also "ospfctl show database area 0.0.0.0" and ospf6d. ;-)

Regards,
Remi


> 
> with this diff, i can do the following and things keep
> working:
> 
> --- /etc/ospfd.conf   Mon Apr 29 11:29:56 2019
> +++ /etc/ospfd.conf.new   Mon Apr 29 11:39:45 2019
> @@ -7,5 +7,5 @@
>  redistribute rtlabel "backup" set metric 65535
>  
> -area 0.0.2.188 {
> +area 700 {
>   router-dead-time minimal
>   fast-hello-interval msec 300
> 
> Index: ospfd.conf.5
> ===
> RCS file: /cvs/src/usr.sbin/ospfd/ospfd.conf.5,v
> retrieving revision 1.55
> diff -u -p -r1.55 ospfd.conf.5
> --- ospfd.conf.5  28 Dec 2018 19:25:10 -  1.55
> +++ ospfd.conf.5  29 Apr 2019 01:45:40 -
> @@ -68,7 +68,7 @@ Macros are not expanded inside quotes.
>  For example:
>  .Bd -literal -offset indent
>  hi="5"
> -area 0.0.0.0 {
> +area 0 {
>   interface em0 {
>   hello-interval $hi
>   }
> @@ -257,10 +257,10 @@ Areas are used for grouping interfaces.
>  All interface-specific parameters can
>  be configured per area, overruling the global settings.
>  .Bl -tag -width Ds
> -.It Ic area Ar address
> +.It Ic area Ar id Ns | Ns Ar address
>  Specify an area section, grouping one or more interfaces.
>  .Bd -literal -offset indent
> -area 0.0.0.0 {
> +area 0 {
>   interface em0
>   interface em1 {
>   metric 10
> Index: parse.y
> ===
> RCS file: /cvs/src/usr.sbin/ospfd/parse.y,v
> retrieving revision 1.95
> diff -u -p -r1.95 parse.y
> --- parse.y   13 Feb 2019 22:57:08 -  1.95
> +++ parse.y   29 Apr 2019 01:45:40 -
> @@ -120,6 +120,7 @@ typedef struct {
>   int64_t  number;
>   char*string;
>   struct redistribute *redist;
> + struct in_addr   id;
>   } v;
>   int lineno;
>  } YYSTYPE;
> @@ -145,6 +146,7 @@ typedef struct {
>  %type  deadtime
>  %type  string dependon
>  %type  redistribute
> +%type  areaid
>  
>  %%
>  
> @@ -588,15 +590,8 @@ comma: ','
>   | /*empty*/
>   ;
>  
> -area : AREA STRING {
> - struct in_addr  id;
> - if (inet_aton($2, &id) == 0) {
> - yyerror("error parsing area");
> - free($2);
> - YYERROR;
> - }
> - free($2);
> - area = conf_get_area(id);
> +area : AREA areaid {
> + area = conf_get_area($2);
>  
>   memcpy(&areadefs, defs, sizeof(areadefs));
>   md_list_copy(&areadefs.md_list, &defs->md_list);
> @@ -610,6 +605,23 @@ area : AREA STRING {
>  
>  demotecount  : NUMBER{ $$ = $1; }
>   | /*empty*/ { $$ = 1; }
> + ;
> +
> +areaid   : NUMBER {
> + if ($1 < 0 || $1 > 0x) {
> + yyerror("invalid area id");
> + YYERROR;
> + }
> + $$.s_addr = htonl($1);
> + }
> + | STRING {
> + if (inet_aton($1, &$$) == 0) {
> + yyerror("error parsing area");
> + free($1);
> + YYERROR;
> + }
> + free($1);
> + }
>   ;
>  
>  areaopts_l   : areaopts_l areaoptsl nl
> Index: printconf.c
> ===
> RCS file

ospf(6)d: check rdomain for depend on interfaces

2019-04-28 Thread Remi Locherer
Hi,

the parser in ospf(6)d accepts depend on interfaces that are in a
different rdomain. This works on startup of the daemon. But since it
filters route messages based on it's rdomain it will not get notified
if the depend on interface changes link state.

Below diff extends the existing conf_check_rdomain to also check the
depend on interfaces.

OK?

Remi


Index: ospfd/parse.y
===
RCS file: /cvs/src/usr.sbin/ospfd/parse.y,v
retrieving revision 1.95
diff -u -p -r1.95 parse.y
--- ospfd/parse.y   13 Feb 2019 22:57:08 -  1.95
+++ ospfd/parse.y   28 Apr 2019 09:29:00 -
@@ -1371,18 +1371,45 @@ conf_get_if(struct kif *kif, struct kif_
 int
 conf_check_rdomain(unsigned int rdomain)
 {
-   struct area *a;
-   struct iface*i;
-   int  errs = 0;
+   struct area *a;
+   struct iface*i;
+   struct in_addr   addr;
+   struct kif  *kif;
+   struct redistribute *r;
+   int  errs = 0;
+
+   SIMPLEQ_FOREACH(r, &conf->redist_list, entry)
+   if (r->dependon[0] != '\0') {
+   bzero(&addr, sizeof(addr));
+   kif = kif_findname(r->dependon, addr, NULL);
+   if (kif->rdomain != rdomain) {
+   logit(LOG_CRIT,
+   "depend on %s: interface not in rdomain %u",
+   kif->ifname, rdomain);
+   errs++;
+   }
+   }
 
LIST_FOREACH(a, &conf->area_list, entry)
-   LIST_FOREACH(i, &a->iface_list, entry)
+   LIST_FOREACH(i, &a->iface_list, entry) {
if (i->rdomain != rdomain) {
logit(LOG_CRIT,
"interface %s not in rdomain %u",
i->name, rdomain);
errs++;
}
+   if (i->dependon[0] != '\0') {
+   bzero(&addr, sizeof(addr));
+   kif = kif_findname(i->dependon, addr, NULL);
+   if (kif->rdomain != rdomain) {
+   logit(LOG_CRIT,
+   "depend on %s: interface not in "
+   "rdomain %u",
+   kif->ifname, rdomain);
+   errs++;
+   }
+   }
+   }
 
return (errs);
 }
Index: ospf6d/parse.y
===
RCS file: /cvs/src/usr.sbin/ospf6d/parse.y,v
retrieving revision 1.42
diff -u -p -r1.42 parse.y
--- ospf6d/parse.y  13 Feb 2019 22:57:08 -  1.42
+++ ospf6d/parse.y  28 Apr 2019 09:28:33 -
@@ -1151,18 +1151,41 @@ conf_get_area(struct in_addr id)
 int
 conf_check_rdomain(u_int rdomain)
 {
-   struct area *a;
-   struct iface*i;
-   int  errs = 0;
+   struct area *a;
+   struct iface*i, *idep;
+   struct redistribute *r;
+   int  errs = 0;
+
+   SIMPLEQ_FOREACH(r, &conf->redist_list, entry)
+   if (r->dependon[0] != '\0') {
+   idep = if_findname(r->dependon);
+   if (idep->rdomain != rdomain) {
+   logit(LOG_CRIT,
+   "depend on %s: interface not in rdomain %u",
+   idep->name, rdomain);
+   errs++;
+   }
+   }
 
LIST_FOREACH(a, &conf->area_list, entry)
-   LIST_FOREACH(i, &a->iface_list, entry)
+   LIST_FOREACH(i, &a->iface_list, entry) {
if (i->rdomain != rdomain) {
logit(LOG_CRIT,
"interface %s not in rdomain %u",
i->name, rdomain);
errs++;
}
+   if (i->dependon[0] != '\0') {
+   idep = if_findname(i->dependon);
+   if (idep->rdomain != rdomain) {
+   logit(LOG_CRIT,
+   "depend on %s: interface not in "
+   "rdomain %u",
+   idep->name, rdomain);
+   errs++;
+   }
+   }
+   }
 
return (errs);
 }



Re: uslcom: new product id

2019-04-25 Thread Remi Locherer
On Wed, Apr 24, 2019 at 10:19:13PM +0100, Jason McIntyre wrote:
> On Wed, Apr 24, 2019 at 11:16:18PM +0200, Remi Locherer wrote:
> > On Wed, Apr 24, 2019 at 08:54:08AM +0100, Jason McIntyre wrote:
> > > On Wed, Apr 24, 2019 at 08:11:42AM +0100, Stuart Henderson wrote:
> > > > On 2019/04/23 23:53, Remi Locherer wrote:
> > > > > Hi,
> > > > > 
> > > > > with below diff the usb serial adapter built into the SRX 300 attaches
> > > > > to uslcom and can be used.
> > > > > 
> > > > > uslcom0 at uhub1 port 1 configuration 1 interface 0 "Silicon Labs 
> > > > > Juniper Networks BX Series System Console" rev 1.10/1.01 addr 10
> > > > > 
> > > > > OK?
> > > > 
> > > > >  product SILABS KYOCERA_GPS   0x8411  Kyocera GPS
> > > > >  product SILABS IRZ_SG10  0x8418  IRZ SG-10 GSM/GPRS Modem
> > > > >  product SILABS BEI_VCP   0x846e  BEI USB Sensor (VCP)
> > > > > +product SILABS JUNIPER_BX_CONS   0x8470  Juniper BX Series 
> > > > > System Console
> > > > >  product SILABS BALLUFF_RFID  0x8477  Balluff RFID reader
> > > > >  product SILABS AC_SERV_IBUS  0x85ea  AC-Services IBUS
> > > > >  product SILABS AC_SERV_CIS   0x85eb  AC-Services CIS-IBUS
> > > > 
> > > > The string could be a little shorter, just "Juniper BX Console"
> > > > is clear enough and saves a few bytes in the kernel. Otherwise OK.
> > > > Reminder, first commit just usbdevs, then run "make" and commit
> > > > usbdevs.h/usbdevs_data.h, then the c file.
> > > > 
> > > 
> > > ...and then update uslcom.4 ;)
> > 
> > I'm not sure this makes sense. This is not an adapter I buy because I
> > need serial and only have usb. It's a network device that has this built
> > in so I can connect to serial with just an usb (mini) cable.r
> > 
> > And what product should we add to the manual? It works with Juniper SRX 300.
> > I have no clue if Juniper uses this in other devices. The usb-c connector
> > from my ICX Switch also attaches to uslcom. Should this also be listet?
> > 
> > Remi
> > 
> 
> hi.
> 
> no, it's my mistake - sorry! i just presumed it should be listed.
> jmc
> 

Theo suggested that it makes sense and that there are similar examples.

Should we list devices like this?

Not all SRX models have such an USB console port. I took the model numbers
from here:
https://kb.juniper.net/InfoCenter/index?page=content&id=KB31671


Index: uslcom.4
===
RCS file: /cvs/src/share/man/man4/uslcom.4,v
retrieving revision 1.14
diff -u -p -r1.14 uslcom.4
--- uslcom.420 May 2017 14:24:46 -  1.14
+++ uslcom.425 Apr 2019 20:16:06 -
@@ -53,11 +53,13 @@ Enfora EDG1228
 Gemalto Prox-PU/CU Smartcard Readers
 IRZ MC35pu GSM Terminal
 Jablotron PC-60B
+Juniper SRX 300/320/340/345/550M/1500 USB console
 Lipowsky Baby-JTAG
 Lipowsky Baby-LIN
 Lipowsky HARP-1
 MobiData GPRS Modem
 Pololu USB to Serial
+Ruckus ICX 7150 USB console
 SPORTident BSM7-D-USB
 Tracient RFID
 Track Systems Traqmate



Re: uslcom: new product id

2019-04-24 Thread Remi Locherer
On Wed, Apr 24, 2019 at 08:54:08AM +0100, Jason McIntyre wrote:
> On Wed, Apr 24, 2019 at 08:11:42AM +0100, Stuart Henderson wrote:
> > On 2019/04/23 23:53, Remi Locherer wrote:
> > > Hi,
> > > 
> > > with below diff the usb serial adapter built into the SRX 300 attaches
> > > to uslcom and can be used.
> > > 
> > > uslcom0 at uhub1 port 1 configuration 1 interface 0 "Silicon Labs Juniper 
> > > Networks BX Series System Console" rev 1.10/1.01 addr 10
> > > 
> > > OK?
> > 
> > >  product SILABS KYOCERA_GPS   0x8411  Kyocera GPS
> > >  product SILABS IRZ_SG10  0x8418  IRZ SG-10 GSM/GPRS Modem
> > >  product SILABS BEI_VCP   0x846e  BEI USB Sensor (VCP)
> > > +product SILABS JUNIPER_BX_CONS   0x8470  Juniper BX Series System Console
> > >  product SILABS BALLUFF_RFID  0x8477  Balluff RFID reader
> > >  product SILABS AC_SERV_IBUS  0x85ea  AC-Services IBUS
> > >  product SILABS AC_SERV_CIS   0x85eb  AC-Services CIS-IBUS
> > 
> > The string could be a little shorter, just "Juniper BX Console"
> > is clear enough and saves a few bytes in the kernel. Otherwise OK.
> > Reminder, first commit just usbdevs, then run "make" and commit
> > usbdevs.h/usbdevs_data.h, then the c file.
> > 
> 
> ...and then update uslcom.4 ;)

I'm not sure this makes sense. This is not an adapter I buy because I
need serial and only have usb. It's a network device that has this built
in so I can connect to serial with just an usb (mini) cable.r

And what product should we add to the manual? It works with Juniper SRX 300.
I have no clue if Juniper uses this in other devices. The usb-c connector
from my ICX Switch also attaches to uslcom. Should this also be listet?

Remi



uslcom: new product id

2019-04-23 Thread Remi Locherer
Hi,

with below diff the usb serial adapter built into the SRX 300 attaches
to uslcom and can be used.

uslcom0 at uhub1 port 1 configuration 1 interface 0 "Silicon Labs Juniper 
Networks BX Series System Console" rev 1.10/1.01 addr 10

OK?

Remi



Index: usbdevs
===
RCS file: /cvs/src/sys/dev/usb/usbdevs,v
retrieving revision 1.697
diff -u -p -r1.697 usbdevs
--- usbdevs 27 Mar 2019 22:04:20 -  1.697
+++ usbdevs 23 Apr 2019 21:31:46 -
@@ -3943,6 +3943,7 @@ product SILABS DEKTEK_DTAPLUS 0x83d8  Dek
 product SILABS KYOCERA_GPS 0x8411  Kyocera GPS
 product SILABS IRZ_SG100x8418  IRZ SG-10 GSM/GPRS Modem
 product SILABS BEI_VCP 0x846e  BEI USB Sensor (VCP)
+product SILABS JUNIPER_BX_CONS 0x8470  Juniper BX Series System Console
 product SILABS BALLUFF_RFID0x8477  Balluff RFID reader
 product SILABS AC_SERV_IBUS0x85ea  AC-Services IBUS
 product SILABS AC_SERV_CIS 0x85eb  AC-Services CIS-IBUS
Index: usbdevs.h
===
RCS file: /cvs/src/sys/dev/usb/usbdevs.h,v
retrieving revision 1.709
diff -u -p -r1.709 usbdevs.h
--- usbdevs.h   27 Mar 2019 22:05:06 -  1.709
+++ usbdevs.h   23 Apr 2019 21:32:22 -
@@ -1,4 +1,4 @@
-/* $OpenBSD: usbdevs.h,v 1.709 2019/03/27 22:05:06 kettenis Exp $  */
+/* $OpenBSD$   */
 
 /*
  * THIS FILE IS AUTOMATICALLY GENERATED.  DO NOT EDIT.
@@ -3950,6 +3950,7 @@
 #defineUSB_PRODUCT_SILABS_KYOCERA_GPS  0x8411  /* Kyocera GPS 
*/
 #defineUSB_PRODUCT_SILABS_IRZ_SG10 0x8418  /* IRZ SG-10 
GSM/GPRS Modem */
 #defineUSB_PRODUCT_SILABS_BEI_VCP  0x846e  /* BEI USB 
Sensor (VCP) */
+#defineUSB_PRODUCT_SILABS_JUNIPER_BX_CONS  0x8470  /* 
Juniper BX Series System Console */
 #defineUSB_PRODUCT_SILABS_BALLUFF_RFID 0x8477  /* Balluff RFID 
reader */
 #defineUSB_PRODUCT_SILABS_AC_SERV_IBUS 0x85ea  /* AC-Services 
IBUS */
 #defineUSB_PRODUCT_SILABS_AC_SERV_CIS  0x85eb  /* AC-Services 
CIS-IBUS */
Index: usbdevs_data.h
===
RCS file: /cvs/src/sys/dev/usb/usbdevs_data.h,v
retrieving revision 1.703
diff -u -p -r1.703 usbdevs_data.h
--- usbdevs_data.h  27 Mar 2019 22:05:06 -  1.703
+++ usbdevs_data.h  23 Apr 2019 21:32:22 -
@@ -1,4 +1,4 @@
-/* $OpenBSD: usbdevs_data.h,v 1.703 2019/03/27 22:05:06 kettenis Exp $ 
*/
+/* $OpenBSD$   */
 
 /*
  * THIS FILE IS AUTOMATICALLY GENERATED.  DO NOT EDIT.
@@ -10036,6 +10036,10 @@ const struct usb_known_product usb_known
{
USB_VENDOR_SILABS, USB_PRODUCT_SILABS_BEI_VCP,
"BEI USB Sensor (VCP)",
+   },
+   {
+   USB_VENDOR_SILABS, USB_PRODUCT_SILABS_JUNIPER_BX_CONS,
+   "Juniper BX Series System Console",
},
{
USB_VENDOR_SILABS, USB_PRODUCT_SILABS_BALLUFF_RFID,
Index: uslcom.c
===
RCS file: /cvs/src/sys/dev/usb/uslcom.c,v
retrieving revision 1.40
diff -u -p -r1.40 uslcom.c
--- uslcom.c20 May 2017 10:13:42 -  1.40
+++ uslcom.c23 Apr 2019 21:32:18 -
@@ -208,6 +208,7 @@ static const struct usb_devno uslcom_dev
{ USB_VENDOR_SILABS,USB_PRODUCT_SILABS_INSYS_MODEM },
{ USB_VENDOR_SILABS,USB_PRODUCT_SILABS_IPLINK1220 },
{ USB_VENDOR_SILABS,USB_PRODUCT_SILABS_IRZ_SG10 },
+   { USB_VENDOR_SILABS,USB_PRODUCT_SILABS_JUNIPER_BX_CONS },
{ USB_VENDOR_SILABS,USB_PRODUCT_SILABS_KCF_PRN },
{ USB_VENDOR_SILABS,USB_PRODUCT_SILABS_KETRA_N1 },
{ USB_VENDOR_SILABS,USB_PRODUCT_SILABS_KYOCERA_GPS },



fix link id for p2p interfaces router lsa type 3 link

2019-04-22 Thread Remi Locherer
Hi,

when ospfd originates LSAs for p2p interfaces it puts the interface
address into the link id field where it should use the network address.

The issue was reported by Mitchell Krome on tech@ and one part of the
problem was fixed in rde_spf.c revision 1.77.
--> https://marc.info/?t=15539264081&r=1&w=2

This diff fixes the LSAs ospfd sends out.

OK?

Remi


Index: ospfe.c
===
RCS file: /cvs/src/usr.sbin/ospfd/ospfe.c,v
retrieving revision 1.103
diff -u -p -r1.103 ospfe.c
--- ospfe.c 27 Sep 2018 12:34:06 -  1.103
+++ ospfe.c 22 Apr 2019 08:47:36 -
@@ -908,7 +908,8 @@ orig_rtr_lsa(struct area *area)
rtr_link.id = nbr->addr.s_addr;
rtr_link.data = 0x;
} else {
-   rtr_link.id = iface->addr.s_addr;
+   rtr_link.id = iface->addr.s_addr &
+ iface->mask.s_addr;
rtr_link.data = iface->mask.s_addr;
}
rtr_link.type = LINK_TYPE_STUB_NET;



Re: ospfd: Apply netmask to stub prefixes before adding the route to the route table

2019-04-04 Thread Remi Locherer
On Tue, Apr 02, 2019 at 07:27:07PM +1000, Mitchell Krome wrote:
> On 2/04/2019 3:30 pm, Remi Locherer wrote:
> > Hi Mitchell
> > 
> > On Sat, Mar 30, 2019 at 04:10:09PM +1000, Mitchell Krome wrote:
> >> I kept finding I had a lingering /30 route when I turned off one of my
> >> test boxes. I tracked it down to ospfd sending RTM_ADD for a stub
> >> network with the non-masked prefix. The RTM_ADD path applies the mask
> >> inside the kernel, so the route got added as expected, but the
> >> RTM_DELETE enforces an exact match, so it could never remove the route.
> >>
> >> The advertised stub network was as follows:
> >>
> >> Link connected to: Stub Network
> >>Link ID (Network ID): 10.10.20.2
> >> Link Data (Network Mask): 255.255.255.252
> >>Metric: 10
> > 
> > Please send the details of your setup so it is easy to reproduce the issue.
> > - OpenBSD version
> > - ospfd.conf
> > - interface configs
> > - routing table
> 
> I am running a kernel I compiled myself with source from ~2 weeks ago.
> See the bottom for other info.
> 
> > 
> >> ospfd sends the interface address rather than network address as the
> >> link ID. The RFC says "set the Link ID of the Type 3 link to the
> >> subnet's IP address" which to me means we probably should also apply the
> >> mask before we add the stub to the LSA to avoid getting into this place
> >> to start with? 
> > 
> > This only applies to Type 3 LSAs. Below table is from RFC 2328
> > chapter 12.1.4:
> > 
> > LS Type   Link State ID
> > ___
> > 1 The originating router's Router ID.
> > 2 The IP interface address of the
> >   network's Designated Router.
> > 3 The destination network's IP address.
> > 4 The Router ID of the described AS
> >   boundary router.
> > 5 The destination network's IP address.
> > 
> >>
> >> The patch below just masks the stub network before it gets added to the
> >> route table, so that we can properly delete it. I can send a patch to
> >> mask it before sending the LSA too if the consensus is that is how it
> >> should be.
> > 
> > With your patch you change the case "LSA_TYPE_ROUTER" (LS Type 1) and not
> > LS type 3.
> 
> Inside the LSA type 1 there is a type 3 link which is a "stub network".
> That is what I was changing. Under 12.4.1.1 second dotpoint it says for
> a point to point network add a type 3 link. Maybe I got the terminology
> wrong, but this was definitely the thing I intended to change
> 
>Link type   Description   Link ID
>__
>1   Point-to-pointNeighbor Router ID
>link
>2   Link to transit   Interface address of
>network   Designated Router
>3   Link to stub  IP network number
>network
>4   Virtual link  Neighbor Router ID
> 
> 
>Table 18: Link descriptions in the
>   router-LSA.
> 
> 

Thank you Mitchell for your analysis and great explanation!

I think your proposed fix is correct. I never noticed this warning bevor
because I always used a /32 mask on point-to-point interfaces.

Below again the diff from Mitchell. I tested this and it is OK remi@.


Index: rde_spf.c
===
RCS file: /cvs/src/usr.sbin/ospfd/rde_spf.c,v
retrieving revision 1.76
diff -u -p -r1.76 rde_spf.c
--- rde_spf.c   22 Nov 2015 13:09:10 -  1.76
+++ rde_spf.c   2 Apr 2019 20:13:40 -
@@ -195,7 +195,7 @@ rt_calc(struct vertex *v, struct area *a
if (rtr_link->type != LINK_TYPE_STUB_NET)
continue;
 
-   addr.s_addr = rtr_link->id;
+   addr.s_addr = rtr_link->id & rtr_link->data;
adv_rtr.s_addr = htonl(v->adv_rtr);
 
rt_update(addr, mask2prefixlen(rtr_link->data),



Re: ospfd: Apply netmask to stub prefixes before adding the route to the route table

2019-04-01 Thread Remi Locherer
Hi Mitchell

On Sat, Mar 30, 2019 at 04:10:09PM +1000, Mitchell Krome wrote:
> I kept finding I had a lingering /30 route when I turned off one of my
> test boxes. I tracked it down to ospfd sending RTM_ADD for a stub
> network with the non-masked prefix. The RTM_ADD path applies the mask
> inside the kernel, so the route got added as expected, but the
> RTM_DELETE enforces an exact match, so it could never remove the route.
> 
> The advertised stub network was as follows:
> 
> Link connected to: Stub Network
>   Link ID (Network ID): 10.10.20.2
> Link Data (Network Mask): 255.255.255.252
>   Metric: 10

Please send the details of your setup so it is easy to reproduce the issue.
- OpenBSD version
- ospfd.conf
- interface configs
- routing table

> ospfd sends the interface address rather than network address as the
> link ID. The RFC says "set the Link ID of the Type 3 link to the
> subnet's IP address" which to me means we probably should also apply the
> mask before we add the stub to the LSA to avoid getting into this place
> to start with? 

This only applies to Type 3 LSAs. Below table is from RFC 2328
chapter 12.1.4:

LS Type   Link State ID
___
1 The originating router's Router ID.
2 The IP interface address of the
  network's Designated Router.
3 The destination network's IP address.
4 The Router ID of the described AS
  boundary router.
5 The destination network's IP address.

> 
> The patch below just masks the stub network before it gets added to the
> route table, so that we can properly delete it. I can send a patch to
> mask it before sending the LSA too if the consensus is that is how it
> should be.

With your patch you change the case "LSA_TYPE_ROUTER" (LS Type 1) and not
LS type 3.

Remi

> 
> Mitchell
> 
> diff --git usr.sbin/ospfd/rde_spf.c usr.sbin/ospfd/rde_spf.c
> index 736f2e575..d842a2c20 100644
> --- usr.sbin/ospfd/rde_spf.c
> +++ usr.sbin/ospfd/rde_spf.c
> @@ -195,7 +195,7 @@ rt_calc(struct vertex *v, struct area *area, struct 
> ospfd_conf *conf)
>   if (rtr_link->type != LINK_TYPE_STUB_NET)
>   continue;
>  
> - addr.s_addr = rtr_link->id;
> + addr.s_addr = rtr_link->id & rtr_link->data;
>   adv_rtr.s_addr = htonl(v->adv_rtr);
>  
>   rt_update(addr, mask2prefixlen(rtr_link->data),
> 



Re: ospfd: Warn when the router ID changes during config reload

2019-03-25 Thread Remi Locherer
On Mon, Mar 25, 2019 at 02:43:26PM +0100, Jeremie Courreges-Anglas wrote:
> On Sun, Mar 24 2019, Mitchell Krome  wrote:
> > On 24/03/2019 7:23 am, Theo de Raadt wrote:
> >> Sebastian Benoit  wrote:
> >> 
> >>> Mitchell Krome(mitchellkr...@gmail.com) on 2019.03.23 20:27:17 +1000:
>  Was messing around with ospf and got myself into a situation where the
>  router ID's were the same on two boxes because I only did a reload on
>  one of them when I changed the loopback IP's.
> >>>
> >>> Thats sub optimal i believe...
> >>>
>  This adds a warning when reloading if the router ID changes (there was
>  already a comment saying as much). Same patch can probably be applied to
>  ospf6d if people think it's useful.
> 
> ospf6d currently doesn't support config reloads at all.  It might be
> worth adding an XXX comment there.
> 
> >>> I think it would be better to abort the reload if the router-id is 
> >>> changed,
> >>> i.e. not load the new config at all.
> >> 
> >> That's the right approach in all our other daemons:
> >> 
> >> if the configuration change cannot be installed correctly, consider
> >> it invalid and abort.  Someone would need to write code to make it
> >> valid..
> >> 
> >
> > That makes sense. I checked the manuals for the routers I use at work
> > and they also required the ospf process to be restarted for the config
> > to take effect after changing the router id.
> >
> > I moved the check up into ospf_reload because it doesn't make sense
> > sending the config to all the children if we know we're going to abort.
> 
> Your patch was mangled (long line wrapped) but the changes looked good.
> Here's an updated version which tweaks punctuation and case (to match
> the router-id keyword).  Works for me in my simple test setup.
> 
> Comments/oks?

This works and it makes sense to me.

The log message is a bit lengthy compared to other log messages produced
by ospfd. Maybe something like this: "router-id changed: restart required"

But the patch is also OK remi@ as it is now.

> 
> 
> Index: ospfd.c
> ===
> RCS file: /cvs/src/usr.sbin/ospfd/ospfd.c,v
> retrieving revision 1.105
> diff -u -p -r1.105 ospfd.c
> --- ospfd.c   15 Jan 2019 22:18:10 -  1.105
> +++ ospfd.c   25 Mar 2019 13:33:43 -
> @@ -642,6 +642,13 @@ ospf_reload(void)
>   if ((xconf = parse_config(conffile, ospfd_conf->opts)) == NULL)
>   return (-1);
>  
> + /* Abort the reload if rtr_id changed */
> + if (ospfd_conf->rtr_id.s_addr != xconf->rtr_id.s_addr) {
> + log_warnx("router-id changed in new configuration, "
> + "this requires ospfd to be restarted.");
> + return (-1);
> + }
> +
>   /* send config to childs */
>   if (ospf_sendboth(IMSG_RECONF_CONF, xconf, sizeof(*xconf)) == -1)
>   return (-1);
> @@ -693,7 +700,6 @@ merge_config(struct ospfd_conf *conf, st
>   struct redistribute *r;
>   int  rchange = 0;
>  
> - /* change of rtr_id needs a restart */
>   conf->flags = xconf->flags;
>   conf->spf_delay = xconf->spf_delay;
>   conf->spf_hold_time = xconf->spf_hold_time;
> 
> 
> -- 
> jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE
> 



ospf(6)d: fix "redistribute X set type 2 depend on if"

2019-01-10 Thread Remi Locherer
Hi tech,

in OSPFs external LSAs the type is encoded in the metric field. ospfd and
ospf6d overwrite the type information when "depend on" is used and the
specified interface is down (or in backup state). Below diff fixes this.

The problem was reported on misc by Ior Podlesny:
https://marc.info/?l=openbsd-misc&m=154704895731641&w=2

OK?

Remi



Index: ospfd/ospfd.c
===
RCS file: /cvs/src/usr.sbin/ospfd/ospfd.c,v
retrieving revision 1.103
diff -u -p -r1.103 ospfd.c
--- ospfd/ospfd.c   2 Jan 2019 18:47:59 -   1.103
+++ ospfd/ospfd.c   10 Jan 2019 21:08:23 -
@@ -564,7 +564,8 @@ ospf_redistribute(struct kroute *kr, u_i
switch (r->type & ~REDIST_NO) {
case REDIST_LABEL:
if (kr->rtlabel == r->label) {
-   *metric = depend_ok ? r->metric : MAX_METRIC;
+   *metric = depend_ok ? r->metric :
+   r->metric | MAX_METRIC;
return (r->type & REDIST_NO ? 0 : 1);
}
break;
@@ -579,7 +580,8 @@ ospf_redistribute(struct kroute *kr, u_i
if (kr->flags & F_DYNAMIC)
continue;
if (kr->flags & F_STATIC) {
-   *metric = depend_ok ? r->metric : MAX_METRIC;
+   *metric = depend_ok ? r->metric :
+   r->metric | MAX_METRIC;
return (r->type & REDIST_NO ? 0 : 1);
}
break;
@@ -589,7 +591,8 @@ ospf_redistribute(struct kroute *kr, u_i
if (kr->flags & F_DYNAMIC)
continue;
if (kr->flags & F_CONNECTED) {
-   *metric = depend_ok ? r->metric : MAX_METRIC;
+   *metric = depend_ok ? r->metric :
+   r->metric | MAX_METRIC;
return (r->type & REDIST_NO ? 0 : 1);
}
break;
@@ -601,7 +604,7 @@ ospf_redistribute(struct kroute *kr, u_i
r->mask.s_addr == INADDR_ANY) {
if (is_default) {
*metric = depend_ok ? r->metric :
-   MAX_METRIC;
+   r->metric | MAX_METRIC;
return (r->type & REDIST_NO ? 0 : 1);
} else
return (0);
@@ -610,13 +613,15 @@ ospf_redistribute(struct kroute *kr, u_i
if ((kr->prefix.s_addr & r->mask.s_addr) ==
(r->addr.s_addr & r->mask.s_addr) &&
kr->prefixlen >= mask2prefixlen(r->mask.s_addr)) {
-   *metric = depend_ok ? r->metric : MAX_METRIC;
+   *metric = depend_ok ? r->metric :
+   r->metric | MAX_METRIC;
return (r->type & REDIST_NO ? 0 : 1);
}
break;
case REDIST_DEFAULT:
if (is_default) {
-   *metric = depend_ok ? r->metric : MAX_METRIC;
+   *metric = depend_ok ? r->metric :
+   r->metric | MAX_METRIC;
return (r->type & REDIST_NO ? 0 : 1);
}
break;
Index: ospf6d/ospf6d.c
===
RCS file: /cvs/src/usr.sbin/ospf6d/ospf6d.c,v
retrieving revision 1.41
diff -u -p -r1.41 ospf6d.c
--- ospf6d/ospf6d.c 29 Dec 2018 16:04:31 -  1.41
+++ ospf6d/ospf6d.c 10 Jan 2019 21:53:10 -
@@ -534,7 +534,8 @@ ospf_redistribute(struct kroute *kr, u_i
switch (r->type & ~REDIST_NO) {
case REDIST_LABEL:
if (kr->rtlabel == r->label) {
-   *metric = depend_ok ? r->metric : MAX_METRIC;
+   *metric = depend_ok ? r->metric :
+   r->metric | MAX_METRIC;
return (r->type & REDIST_NO ? 0 : 1);
}
break;
@@ -549,7 +550,8 @@ ospf_redistribute(struct kroute *kr, u_i
if (kr->flags & F_DYNAMIC)
continue;
if (kr->flags & F_STATIC) {
-   *metric = depend_ok ? r->metric : MAX_METRIC;
+   *metric = depend_ok ? r->metric :
+

ospf6d: detect and remove alien routes

2019-01-02 Thread Remi Locherer
Hi tech,

ospfd detects and removes routes in the kernel routing table with priority
RTP_OSPF (or the configured fib-priority) that have been inserted by another
program.

Below diff adds the same behaviour to ospf6d.

OK?

Remi


Index: kroute.c
===
RCS file: /cvs/src/usr.sbin/ospf6d/kroute.c,v
retrieving revision 1.59
diff -u -p -r1.59 kroute.c
--- kroute.c29 Dec 2018 16:04:31 -  1.59
+++ kroute.c2 Jan 2019 12:37:25 -
@@ -1347,6 +1347,7 @@ dispatch_rtmsg(void)
int  flags, mpath;
unsigned int scope;
u_short  ifindex = 0;
+   int  rv;
 
if ((n = read(kr_state.fd, &buf, sizeof(buf))) == -1) {
if (errno == EAGAIN || errno == EINTR)
@@ -1512,15 +1513,27 @@ add:
kr->r.ifindex = ifindex;
kr->r.priority = prio;
 
-   if ((label = (struct sockaddr_rtlabel *)
-   rti_info[RTAX_LABEL]) != NULL) {
-   kr->r.rtlabel =
-   rtlabel_name2id(label->sr_label);
-   kr->r.ext_tag =
-   rtlabel_id2tag(kr->r.rtlabel);
-   }
+   if (rtm->rtm_priority == kr_state.fib_prio) {
+   log_warnx("alien OSPF route %s/%d",
+   log_in6addr(&prefix), prefixlen);
+   rv = send_rtmsg(kr_state.fd,
+   RTM_DELETE, &kr->r);
+   free(kr);
+   if (rv == -1)
+   return (-1);
+   } else {
+   if ((label = (struct sockaddr_rtlabel *)
+   rti_info[RTAX_LABEL]) != NULL) {
+   kr->r.rtlabel =
+   rtlabel_name2id(
+   label->sr_label);
+   kr->r.ext_tag =
+   rtlabel_id2tag(
+   kr->r.rtlabel);
+   }
 
-   kroute_insert(kr);
+   kroute_insert(kr);
+   }
}
break;
case RTM_DELETE:




ospfd: send router lsa when removing an interface

2019-01-01 Thread Remi Locherer
Hi tech,

when removing an interface from ospdf.conf and doing a reload other
OSPF routers should get a router LSA update. Then they can remove the
affected route. But currently this does not happen. The affected route
might be used by other routers a long time after removing it from the
config (until the LSA ages out).

Below diff fixes this.

OK?

Remi


Index: ospfd.c
===
RCS file: /cvs/src/usr.sbin/ospfd/ospfd.c,v
retrieving revision 1.102
diff -u -p -r1.102 ospfd.c
--- ospfd.c 28 Dec 2018 19:25:10 -  1.102
+++ ospfd.c 1 Jan 2019 21:23:38 -
@@ -827,7 +827,7 @@ merge_interfaces(struct area *a, struct 
 
/* problems:
 * - new interfaces (easy)
-* - deleted interfaces (needs to be done via fsm?)
+* - deleted interfaces
 * - changing passive (painful?)
 */
for (i = LIST_FIRST(&a->iface_list); i != NULL; i = ni) {
@@ -842,6 +842,7 @@ merge_interfaces(struct area *a, struct 
rde_nbr_iface_del(i);
LIST_REMOVE(i, entry);
if_del(i);
+   dirty = 1; /* force rtr LSA update */
}
}
 



  1   2   3   >