This is another minor cleanup. It makes http_done() similar to http_fail()
and by taking all the arguments (which would allow it to be called after
the http connection was removed) and it also no longer alters the http
state.
At the same time move some common code between http_connect() and
rpki-client applies all delta files to a temporary location. At the same
time files or uri are tracked in a added and deleted set to know which
files to remove from the repo or move into place.
Now when adding a file to the temp dir one step is missing. If the file
was previously removed and then
On Mon, Apr 12, 2021 at 10:25:35AM -0600, Theo de Raadt wrote:
> > + line = XML_GetCurrentLineNumber(p);
>
> I think you can simplify your larger diff and avoid the temporary variable
> by doing:
>
>warnx("%s: XML error at line %llu: %s", s->local,
>
So expat has a few options that changes the ABI / API of expat.
One of them is XML_GetCurrentLineNumber() which returns a XML_Size which
is typedef-ed to unsigend long or unsigned long long depending on the
XML_LARGE_SIZE define. To work around this I just use a unsigned long long
to store the
On Sat, Mar 20, 2021 at 04:15:29PM -0400, Ashton Fagg wrote:
> Hello.
>
> Pinging on this one hoping to get some feedback. I've reattached the
> diff below.
>
Hi Ashton,
I adjusted your diff a bit (mainly cleanup of spacing and other style
changes). Please have a look. I think this version
On Thu, Apr 08, 2021 at 07:34:00PM +, Job Snijders wrote:
> Hi all,
>
> The below patch exposes two metrics via JSON. This will remove the need
> for some rpki-client affiniadios to screen scrape rpki-client's STDOUT.
>
> OK?
>
OK claudio@
> Index: output-json.c
>
On Thu, Apr 08, 2021 at 07:43:47PM +0200, Theo Buehler wrote:
> On Thu, Apr 08, 2021 at 07:18:39PM +0200, Claudio Jeker wrote:
> > On Thu, Apr 08, 2021 at 06:22:16PM +0200, Theo Buehler wrote:
> > > On Thu, Apr 08, 2021 at 04:47:15PM +0200, Claudio Jeker wrote:
> > >
On Thu, Apr 08, 2021 at 06:22:16PM +0200, Theo Buehler wrote:
> On Thu, Apr 08, 2021 at 04:47:15PM +0200, Claudio Jeker wrote:
> > This diff is a first step in tightening the code in http.c
> > It should cleanup the poll handling and make adds some code to ensure that
> >
This diff is a first step in tightening the code in http.c
It should cleanup the poll handling and make adds some code to ensure that
only expected results are returned. The goal is that http_handle() only
does IO processing and http_nextstep() is used for transitions into new
states.
I did
Currently when a pipe to some child is closed the main process errors out
hard. This is not great since the exit reason is not shown.
Change this to break out of the poll loop and also restructure the wait
code to use a loop which checks for both exit and signal status.
I also switched rsync and
When -b is used rpki-client should bind to that address for outgoing
connections. The http code does that but only warns if a bind call fails
but try the connect none the less. This is different from other network
tools (nc, ftp, telnet). So change this to a real error.
--
:wq Claudio
Index:
In some cases unlink reports 'no such file or directory' when the RRDP
repository is merged at the end of a RRDP sync.
The problem is that some deleted files are in the temporary location and
not part of the real repo. Because of this if unlink return ENOENT then
try the alternate location.
While
When an rrdp request fails because the hash of a delta or snapshot is
incorrect the repo never finishes because the setting of
RRDP_STATE_PARSE_DONE and the call to rrdp_finished() is skipped.
The result is a hanging rpki-client until the alarm kills it after 1h.
This simple diff should fix the
Here is a bit more cleanup of the http.c code.
- Move http_fail() out of http_free() and more to the places where the
failure should be reported. This needs further work but one step at a
time.
- Change http_connect() to be more like the example in getaddrinfo() with
the big difference
On Thu, Apr 01, 2021 at 07:27:10AM +0200, Bruno Flueckiger wrote:
> On 31.03., David Alten wrote:
> > Hello,
> >
> > I???m having issues getting iscsid to work with my Synology NAS.
> >
> > The first issue was that the NAS was returning an error code. Turns out
> > it didn???t like not?? missing
It is time to use setproctitle() in rpki-client.
Right now there are three processes, soon it will be four.
This should help identify the different processes.
I did not change the proc title of the main process to keep the arguments.
--
:wq Claudio
Index: main.c
On Wed, Mar 31, 2021 at 01:41:36PM +0200, Claudio Jeker wrote:
> On Wed, Mar 31, 2021 at 12:40:57PM +0200, Claudio Jeker wrote:
> > The current code to cleanup the repository after validation did not
> > cleanup directories and also skipped any repo directory that is no
On Wed, Mar 31, 2021 at 12:40:57PM +0200, Claudio Jeker wrote:
> The current code to cleanup the repository after validation did not
> cleanup directories and also skipped any repo directory that is no
> referenced.
>
> Adjust the cleanup code to fix these two issues. Thi
file: encoding.c
diff -N encoding.c
--- /dev/null 1 Jan 1970 00:00:00 -
+++ encoding.c 31 Mar 2021 11:00:49 -
@@ -0,0 +1,88 @@
+/* $OpenBSD$ */
+/*
+ * Copyright (c) 2020 Claudio Jeker
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose
The current code to cleanup the repository after validation did not
cleanup directories and also skipped any repo directory that is no
referenced.
Adjust the cleanup code to fix these two issues. This uses the fact that
the cache directory now only contains 2 directories rsync & ta.
Thanks to the
On Tue, Mar 30, 2021 at 05:45:39PM +0200, Theo Buehler wrote:
> On Tue, Mar 30, 2021 at 05:30:19PM +0200, Claudio Jeker wrote:
> > Found the hard way. http_new() call http_free() if http_resolv() failes.
> > http_free() call http_fail() in that case since the state is not
Found the hard way. http_new() call http_free() if http_resolv() failes.
http_free() call http_fail() in that case since the state is not
STATE_DONE. In the main poll loop another http_fail() call is made. This
results in bad bad things.
--
:wq Claudio
Index: http.c
On Mon, Mar 29, 2021 at 01:19:21PM +0200, Claudio Jeker wrote:
> On Mon, Mar 29, 2021 at 12:42:02PM +0200, Theo Buehler wrote:
> > On Mon, Mar 29, 2021 at 10:38:54AM +0200, Claudio Jeker wrote:
> > > Replace a super strange way to translate some binary blob into a hex
> >
On Mon, Mar 29, 2021 at 12:42:02PM +0200, Theo Buehler wrote:
> On Mon, Mar 29, 2021 at 10:38:54AM +0200, Claudio Jeker wrote:
> > Replace a super strange way to translate some binary blob into a hex string.
> > The code drops the : from the string but this is fine, the : is just
&
On Mon, Mar 29, 2021 at 10:38:54AM +0200, Claudio Jeker wrote:
> Replace a super strange way to translate some binary blob into a hex string.
> The code drops the : from the string but this is fine, the : is just
> visual fluff. I used the same function in the not yet finished RRDP
&
Replace a super strange way to translate some binary blob into a hex string.
The code drops the : from the string but this is fine, the : is just
visual fluff. I used the same function in the not yet finished RRDP
codebase and there I don't want the extra ':'.
Works for me.
--
:wq Claudio
Not sure on what I was tripping when writing filepathcmp() but it makes no
sense to use strcasecmp() there. It compares paths in the filesystem and
these are case-sensitive.
--
:wq Claudio
Index: main.c
===
RCS file:
On Fri, Mar 26, 2021 at 01:16:32PM +0100, Klemens Nanni wrote:
> On Wed, Mar 17, 2021 at 04:47:36PM +0100, Klemens Nanni wrote:
> > `ifconfig mp* mplslabel N' validates the label both in ifconfig and each
> > driver's ioctl handler, but there is one case where all drivers install
> > a route
On Fri, Mar 26, 2021 at 10:37:27AM +0100, Theo Buehler wrote:
> On Fri, Mar 26, 2021 at 09:52:04AM +0100, Claudio Jeker wrote:
> > This diff replaces mostly the same code in the poll loop with a for loop.
> > It also gives a hint which process closed a connection.
>
> This
This diff replaces mostly the same code in the poll loop with a for loop.
It also gives a hint which process closed a connection.
--
:wq Claudio
Index: main.c
===
RCS file: /cvs/src/usr.sbin/rpki-client/main.c,v
retrieving revision
On Fri, Mar 26, 2021 at 09:36:13AM +0100, Remi Locherer wrote:
> Hi,
>
> danj@ noticed that our ospf6d.conf example is using multiple areas.
> In the man page of ospf6d we state that multi area support is not
> available. The daemon accepts such a config but does not do the right
> thing if I
This diff is mostly cleanup and adding the missing bits needed for RRDP.
Instead of a simple bool ok use an enum to report the state back.
Can be fail, ok or not-modified (the last is used for 304 Not Modified
answers (if a If-Modified-Since header was passed in the request).
Additionally add
RRDP has a lot of base64 strings to handle. Because of this adjust the
base64_decode function in tal.c to take a regular string as input.
For now keep the function static, will change that once RRDP is ready.
OK?
--
:wq Claudio
Index: tal.c
On Fri, Mar 19, 2021 at 12:02:48PM +0100, Theo Buehler wrote:
> On Fri, Mar 19, 2021 at 11:01:27AM +0100, Claudio Jeker wrote:
> > This is mostly for -portable but also the native version should be able to
> > mention that it is not the -portable version.
> > This is a
This is mostly for -portable but also the native version should be able to
mention that it is not the -portable version.
This is a compromise I can live with, hope everyone else agrees.
--
:wq Claudio
? obj
Index: extern.h
===
RCS
rpki-client is currently not able to to load relative tal files via -t
option. The problem is that the chdir to the cache directory happens
before the tal files are loaded. Move the fchdir down so relative path
work when queue_add_tal() is called. Also make sure that the rsync and
parser process
On Thu, Mar 18, 2021 at 04:46:08PM +0100, Theo Buehler wrote:
> The port number starts after the ':'.
Agreed. OK claudio@
> Index: http.c
> ===
> RCS file: /cvs/src/usr.sbin/rpki-client/http.c,v
> retrieving revision 1.7
> diff -u
On Thu, Mar 18, 2021 at 03:54:48PM +0100, Theo Buehler wrote:
> A malformed URI such as "https://[::1/index.html; causes a NULL access
> in the hosttail[1] == ":" check.
Good catch. I think your diff makes this code a bit easier to understand.
OK claudio@
> Index: http.c
>
On Tue, Mar 16, 2021 at 09:46:27AM +0100, Klemens Nanni wrote:
> On Tue, Mar 16, 2021 at 08:55:43AM +0100, Claudio Jeker wrote:
> > > .Sh HISTORY
> > > -The
> > > +The ,
> >
> > Why did you add this ',' that looks strange to me.
> >
> >
This diff aims at removing some warnings seen in -portable.
- gcc has a hard time to realize when a variable like noop ensures that
an other variable is not used.
- Similar the switch () statements in http.c include all possible enums but
gcc warns about control reaches end of non-void function.
On Wed, Mar 17, 2021 at 07:09:23PM +0100, Klemens Nanni wrote:
> With that the ifconfig(8) bits (which are still pending in the other
> tech@ thread) actually hold up.
>
> Code is there, noone seemed to have used it so far, though.
>
> OK?
OK claudio@
> Index: if_mpw.c
>
On Tue, Mar 16, 2021 at 11:33:53PM +0100, Klemens Nanni wrote:
> Found while reading the code and testing ifconfig(8)'s `tunneldomain' in
> order to document MPLS ioctls (see other thread on tech@).
>
> mpe(4) consistently uses the softc's rdomain which is tracked
> consistently across the
On Tue, Mar 16, 2021 at 03:05:23PM +0100, Alexander Bluhm wrote:
> Hi,
>
> I am running ntpd as a client with three upstream servers. Some
> of them are not synchonized and report a time that is off by several
> seconds.
>
> The ntpd client code corrects both T1 and T4 with the current offset
>
Base gcc warns about 'rp' may be used uninitialized.
Now the code is correct and rp is not use uninitalized but it is not as
obvious as it could be. Also rp is a bit of a shitty name for the redo
queue tail pointer. So cleanup the code and with it stop the warning.
OK?
--
:wq Claudio
Index:
On Tue, Mar 16, 2021 at 12:23:31AM +0100, Klemens Nanni wrote:
> On Sat, Mar 13, 2021 at 11:45:30PM +0100, Claudio Jeker wrote:
> > On Sat, Mar 13, 2021 at 11:31:05PM +0100, Klemens Nanni wrote:
> > > First off: I've never used mpe(4), mpw(4) or mpip(4); this occured to
>
On Sat, Mar 13, 2021 at 11:31:05PM +0100, Klemens Nanni wrote:
> First off: I've never used mpe(4), mpw(4) or mpip(4); this occured to
> me while looking at ifconfig.{c,8} in general.
>
>
> 1. bug: ifconfig(8) forgets to document both `-tunneldomain' and
> `-mplslabel' in the first place, diff
The entity queue is per repository. It is a queue of files that depend on
this repository and need to wait until the repository finished its sync.
There is no benefit of a global queue.
In my opinion this is more understandable.
--
:wq Claudio
Index: main.c
Only .crl files need to be parsed first (the other file depend on the
certificate revocation list to be present). Instead of many loops over the
same fileset just do it twice. First for .crl and then for the other known
file types. This should save some CPU cycles.
--
:wq Claudio
Index: main.c
The last commit introduced an error in prefix_eligible(). For nexthops the
logic is not quite right since a NULL nexthop is actually fine. These
nexhops are created for local announcements (unless their nexthop is
overridden).
--
:wq Claudio
Index: rde_decide.c
On Mon, Mar 08, 2021 at 12:11:54PM +0100, Martin Pieuchot wrote:
> On 08/03/21(Mon) 11:57, Claudio Jeker wrote:
> > On Mon, Mar 08, 2021 at 11:06:44AM +0100, Martin Pieuchot wrote:
> > > On 05/03/21(Fri) 11:30, Martin Pieuchot wrote:
> > > > On 04/03/21(T
On Mon, Mar 08, 2021 at 11:06:44AM +0100, Martin Pieuchot wrote:
> On 05/03/21(Fri) 11:30, Martin Pieuchot wrote:
> > On 04/03/21(Thu) 11:45, Mark Kettenis wrote:
> > > > Date: Thu, 4 Mar 2021 11:19:23 +0100
> > > > From: Martin Pieuchot
> > > >
> > > > On 04/03/21(Thu) 11:01, Mark Kettenis
On Mon, Mar 08, 2021 at 11:07:01AM +0100, Martin Pieuchot wrote:
> On 04/03/21(Thu) 10:44, Martin Pieuchot wrote:
> > single_thread_clear() manipulates the same data structures as
> > single_thread_set() and, as such, doesn't need the KERNEL_LOCK().
> >
> > However cursig() does need some sort of
On Fri, Mar 05, 2021 at 04:58:44PM +0100, Claudio Jeker wrote:
> On Fri, Mar 05, 2021 at 04:08:55PM +0100, Theo Buehler wrote:
> > On Fri, Mar 05, 2021 at 01:48:43PM +0100, Claudio Jeker wrote:
> > > Instead of adding similar checks all over the place introduce a
> >
On Fri, Mar 05, 2021 at 04:08:55PM +0100, Theo Buehler wrote:
> On Fri, Mar 05, 2021 at 01:48:43PM +0100, Claudio Jeker wrote:
> > Instead of adding similar checks all over the place introduce a
> > valid_uri() function that checks if a URI is valid enough for rpki-client.
>
RRDP also uses SHA256 hashes to validate files (before withdraws and
updates). Again move this from the implementation in mft.c to validate.c
this way it can be reused.
OK?
--
:wq Claudio
Index: extern.h
===
RCS file:
Instead of adding similar checks all over the place introduce a
valid_uri() function that checks if a URI is valid enough for rpki-client.
rpki-client does not accept files or directories starting with ., bails on
URI that have strange characters and valid_uri() will also check that the
protocol
On Thu, Mar 04, 2021 at 04:25:53PM +0100, Theo Buehler wrote:
> On Thu, Mar 04, 2021 at 04:10:12PM +0100, Claudio Jeker wrote:
> > On Thu, Mar 04, 2021 at 03:53:44PM +0100, Theo Buehler wrote:
> > > The first two seem obvious oversights. The ones in rsync_base_uri()
> >
On Thu, Mar 04, 2021 at 03:53:44PM +0100, Theo Buehler wrote:
> The first two seem obvious oversights. The ones in rsync_base_uri()
> would end up silently ignored:
> queue_add_from_cert
> repo_lookup
> rsync_base_uri
>
> Index: http.c
>
On Thu, Mar 04, 2021 at 10:06:24PM +1000, David Gwynne wrote:
> this applies the tricks with addresses from veb and etherbridge
> code to the normal ethernet input processing. it seems to make
> things a bit faster. some tests have shown a 15% improvement in
> forwarding performance with this
On Thu, Mar 04, 2021 at 11:06:21AM +0100, Martin Pieuchot wrote:
> On 04/03/21(Thu) 10:36, Claudio Jeker wrote:
> > On Thu, Mar 04, 2021 at 10:28:50AM +0100, Martin Pieuchot wrote:
> > > SINGLE_PTRACE has almost the same semantic as SINGLE_SUSPEND. The
> > > differe
On Thu, Mar 04, 2021 at 10:28:50AM +0100, Martin Pieuchot wrote:
> SINGLE_PTRACE has almost the same semantic as SINGLE_SUSPEND. The
> difference is that there's no need to wait for other threads to be
> parked.
>
> Diff below changes single_thread_set() to be explicit when waiting is
>
This diff just brings all err(3) calls for out of memory situations to one
form: err(1, NULL);
It is not very helpful to tell if malloc, strdup or asprintf failed with no
mem. Just one common idiom.
OK?
--
:wq Claudio
Index: main.c
On Mon, Mar 01, 2021 at 11:57:03AM +0100, Claudio Jeker wrote:
> On Sun, Feb 28, 2021 at 09:09:05AM +0100, Theo Buehler wrote:
> > On Thu, Feb 25, 2021 at 05:03:19PM +0100, Claudio Jeker wrote:
> > > On Fri, Feb 19, 2021 at 07:10:02PM +0100, Claudio Jeker wrote:
> > > &
On Sun, Feb 28, 2021 at 09:09:05AM +0100, Theo Buehler wrote:
> On Thu, Feb 25, 2021 at 05:03:19PM +0100, Claudio Jeker wrote:
> > On Fri, Feb 19, 2021 at 07:10:02PM +0100, Claudio Jeker wrote:
> > > Some TAL files now include an https URI where the TA can be fetched from.
&g
On Fri, Feb 19, 2021 at 07:10:02PM +0100, Claudio Jeker wrote:
> Some TAL files now include an https URI where the TA can be fetched from.
> With this diff rpki-client will download the TA from https unless that
> fails and then fall back to rsync.
>
> This is not yet perfe
It is perfectly fine to wait for read and write at the same time.
The code in rpki-client should do that too, I think it will not matter
but it is what I intended.
--
:wq Claudio
Index: main.c
===
RCS file:
There is no need for cpath or the unveil of . in the rsync process.
That process just does fork+exec for rsync.
Removing the unveil pledge is the same as unveil(NULL, NULL) so skip that
too.
OK?
--
:wq Claudio
Index: main.c
===
RCS
:32:26 -
@@ -0,0 +1,1223 @@
+/*
+ * Copyright (c) 2020 Nils Fisher
+ * Copyright (c) 2020 Claudio Jeker
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission
Better to make sure that all URI we ingest are sensitive. Similar check
is already done in cert.c so also do it for the TAL files (even though
these are normally controled by the user).
OK?
--
:wq Claudio
Index: tal.c
===
RCS file:
On Fri, Feb 19, 2021 at 10:27:06AM +0100, Theo Buehler wrote:
> As discussed a few days ago, there are a few reallocarray + memset that
> can be directly handled by recallocarray.
Fine with me.
> Index: main.c
> ===
> RCS file:
Instead of iterating over all x509 extension and look for SKI and AKI use
X509_get_ext_d2i(). This reduces the complexity a fair bit. Also add
additional checks (e.g. make sure the extensions are non-critical).
More cleanup in cert.c should follow but one step at a time.
--
:wq Claudio
Index:
This diff moves the mkpath() call from the rsync child to the parent.
As a result the rsync process no longer needs cpath. It will also simplify
integration of RRDP since that will be another process.
--
:wq Claudio
? obj
Index: extern.h
On Wed, Feb 17, 2021 at 06:37:56PM -0700, Theo de Raadt wrote:
> Regarding port 323,
>
> +If not specified the default
> +.Ic port
> +is
> +.Em 323 .
>
> and
>
> +rtr : RTR address {
> + currtr = get_rtr(&$2);
> + currtr->remote_port = 323;
> +
On Tue, Feb 16, 2021 at 10:44:31AM +0100, Claudio Jeker wrote:
> On route-servers at IXPs there is often the wish to not have path hiding
> because of output filters. On way of solving this is to use per peer RIBs
> but the cost (in memory) is very high. This solves this issue in a
> d
On route-servers at IXPs there is often the wish to not have path hiding
because of output filters. On way of solving this is to use per peer RIBs
but the cost (in memory) is very high. This solves this issue in a
different way but with the same (or similar result).
In bgpd all prefixes/paths are
On Mon, Feb 15, 2021 at 04:58:50PM +, Job Snijders wrote:
> Hi,
>
> Thank you for the review
>
> On Mon, Feb 15, 2021 at 01:42:57PM +0100, Claudio Jeker wrote:
> > Please do not define variables in the middle of functions.
>
> now fixed
>
> >
On Wed, Feb 10, 2021 at 05:30:02PM +0100, Claudio Jeker wrote:
> On Tue, Jan 26, 2021 at 10:31:40AM +0100, Claudio Jeker wrote:
> > This diff adds initial RTR (RPKI to Router) support to bgpd.
> > Instead of loading the roa-set table via the configuration bgpd will use
> >
On Mon, Feb 15, 2021 at 04:53:17PM +0100, Theo Buehler wrote:
> On Fri, Feb 12, 2021 at 10:01:38AM +0100, Claudio Jeker wrote:
> > On Mon, Feb 08, 2021 at 05:15:40PM +0100, Claudio Jeker wrote:
> > > Split the repository code into two parts:
> > >
> > > - f
On Sun, Feb 14, 2021 at 05:41:55PM +, Job Snijders wrote:
> Make the AIA more easily available for debugging purposes & future
> changesets
>
> In the context of the RPKI, the AIA extension identifies the publication
> point of the certificate of the issuer of the certificate in which the
>
For SNI all TLS servers need to run with the same config. The config
parser has an extra step for this. The problem is it also compares the
TLS config params with non-TLS servers when a server block has both
listen * port 80 and listen * tls port 443.
The following diff fixes that and also
On Mon, Feb 15, 2021 at 08:02:37PM +1000, David Gwynne wrote:
> if you have multiple links to the same destination, this will let you
> use them via route-to/reply-to/dup-to.
>
> ok?
>
> Index: pf.c
> ===
> RCS file:
On Sat, Feb 13, 2021 at 10:26:48AM +0100, Marcus Glocker wrote:
> On Sat, Feb 13, 2021 at 08:30:04AM +0100, Claudio Jeker wrote:
>
> > On Fri, Feb 12, 2021 at 10:59:05PM +0100, Jeremie Courreges-Anglas wrote:
> > > On Wed, Feb 10 2021, M
On Fri, Feb 12, 2021 at 10:59:05PM +0100, Jeremie Courreges-Anglas wrote:
> On Wed, Feb 10 2021, Martin Pieuchot wrote:
>
> [...]
>
> > Which fields is the new lock protecting? Why isn't the KERNEL_LOCK()
> > enough?
>
> When I mentioned this potential lack of locking to Marcus, I was
>
On Fri, Feb 12, 2021 at 01:20:01PM +0100, Alexander Bluhm wrote:
> On Fri, Feb 12, 2021 at 01:11:24PM +0100, Claudio Jeker wrote:
> > On Fri, Feb 12, 2021 at 12:03:49PM +, Ricardo Mestre wrote:
> > > This was reported on CID 1501718, ifp starts as NULL and then might
On Fri, Feb 12, 2021 at 12:03:49PM +, Ricardo Mestre wrote:
> Hi,
>
> This was reported on CID 1501718, ifp starts as NULL and then might be
> deref'ed.
>
> The question is does the below make any sense to solve it since I don't know
> what I'm doing? :)
>
> What do you net gurus say?
>
On Fri, Feb 12, 2021 at 10:03:21AM +0100, Martijn van Duren wrote:
> ping
>
> On Sun, 2021-01-31 at 11:57 +0100, Martijn van Duren wrote:
> > Now that ober_scanf_elements supports '$' lets use it.
> >
> > Here's a first stab by adding it to snmpd.
> > Passing regress and a few manual checks.
> >
On Mon, Feb 08, 2021 at 05:15:40PM +0100, Claudio Jeker wrote:
> Split the repository code into two parts:
>
> - fetch of the trust anchors (the certs referenced by TAL files)
> - fetch of the MFT files of a repository
>
> While the two things kind of look similar there ar
On Tue, Jan 26, 2021 at 10:31:40AM +0100, Claudio Jeker wrote:
> This diff adds initial RTR (RPKI to Router) support to bgpd.
> Instead of loading the roa-set table via the configuration bgpd will use
> RTR to load the RPKI table from one or multiple RTR servers.
> This has
Running regress/usr.sbin/ocspcheck with a resolv.conf that has
'family inet6 inet4' fails because ocspcheck only tries to contact ::1.
The following diff fixes the issue by not breaking out early from the
getaddrinfo loop over the results. With this the regress test works
and I guess it may help
On Mon, Feb 08, 2021 at 07:46:46PM +0100, Alexander Bluhm wrote:
> On Mon, Feb 08, 2021 at 07:03:59PM +0100, Jan Klemkow wrote:
> > On Mon, Feb 08, 2021 at 03:42:54PM +0100, Alexander Bluhm wrote:
> > > On Wed, Feb 03, 2021 at 11:20:04AM +0100, Claudio Jeker wrote:
> >
Split the repository code into two parts:
- fetch of the trust anchors (the certs referenced by TAL files)
- fetch of the MFT files of a repository
While the two things kind of look similar there are some differences.
- TA files are loaded via rsync or https URI (only one file needs to be
RPKI certificates have 3 possible Subject Information Access URI that we
may be interested in:
- 1.3.6.1.5.5.7.48.5 (caRepository)
- 1.3.6.1.5.5.7.48.10 (rpkiManifest)
- 1.3.6.1.5.5.7.48.13 (rpkiNotify)
rpkiManifest points to the .mft file inside the caRepository.
Because of this
This bit of debug code to understand the progress of rpki-client is no
longer helpful. Most of the time this is a stuck rsync that causes delays
and those are now nicely handled by an internal timeout.
I propose to remove this.
--
:wq Claudio
Index: main.c
The uri field in the entity queue struct is never a URI but always a local
path to the file in the repo. Rename the field so I'm less confused.
Compiler agrees with my change.
--
:wq Claudio
? http.c
? http.diff
? obj
Index: extern.h
On Thu, Feb 04, 2021 at 12:30:17PM +0100, Alexander Bluhm wrote:
> Hi,
>
> I always forget the name of trpt(8). It should be refereced in the
> SO_DEBUG section of getsockopt(2).
>
> ok?
Yes please. Also should we export the tcp_debug buffer via sysctl so that
trpt can run without
On Thu, Feb 04, 2021 at 11:45:26AM +0100, Alexander Bluhm wrote:
> Hi,
>
> I would like to analyse tcpbench(1) TCP connections. So I copied
> the nc -D socket debug option.
>
> ok?
Fine with me. OK claudio@
> Index: usr.bin/tcpbench/tcpbench.1
>
Instead of passing around variables all the way down to entity_write_req()
and repo_lookup() use global variables. Especially for the repository
handling this will become more complex with the introduction of RRDP.
Also shuffle code around a bit so that all entity queue functions are
together.
On Wed, Feb 03, 2021 at 10:20:47PM +0100, Theo Buehler wrote:
> On Wed, Feb 03, 2021 at 08:08:20PM +0100, Claudio Jeker wrote:
> > This is just shuffling code around and adds a few definitions to extern.h.
> > The goal is to reduce the amount of code in main.c. I constantly get
proc_parser_gbr(entp, store, ctx, , );
- break;
- default:
- abort();
- }
-
- ibuf_close(, b);
- TAILQ_REMOVE(, entp, entries);
- entity_free(entp);
- }
-
- rc = 0;
-out:
- while (
On Wed, Feb 03, 2021 at 10:56:38AM +0100, Jan Klemkow wrote:
> On Tue, Jan 05, 2021 at 10:30:33AM +0100, Claudio Jeker wrote:
> > On Tue, Jan 05, 2021 at 10:16:04AM +0100, Jan Klemkow wrote:
> > > On Wed, Dec 23, 2020 at 11:59:13AM +, Stuart Henderson wrote:
> > >
1 - 100 of 1327 matches
Mail list logo
