[PATCH] usr.sbin/rpki-client: remove -f (force) option

2020-06-30 Thread Job Snijders
Remove rpki-client's -f command line option I haven't come across a use case that requires tricking the software into accepting out-of-date manifests. Anyone using -f? I think this is a leftover from the initial debugging era. OK? Index: extern.h

Re: suggest to run rpki-client hourly

2020-04-16 Thread Job Snijders
Now that cron(8) was put on a quick steroids programme, we have new options available! Awesome work Todd, Theo. On Mon, Apr 13, 2020 at 02:43:27PM +, Job Snijders wrote: > I'm reviewing some of the timers associated with the workings of the > end-to-end propagation from ROA to VRP. I

Re: suggest to run rpki-client hourly

2020-04-13 Thread Job Snijders
On Mon, Apr 13, 2020 at 02:43:27PM +, Job Snijders wrote: > I'm reviewing some of the timers associated with the workings of the > end-to-end propagation from ROA to VRP. I think suggesting to run > rpki-client only once a day can make for needless brittleness. > > Running r

suggest to run rpki-client hourly

2020-04-13 Thread Job Snijders
Hi, I'm reviewing some of the timers associated with the workings of the end-to-end propagation from ROA to VRP. I think suggesting to run rpki-client only once a day can make for needless brittleness. Running rpki-client just once a day also results in only making a rsync fetch attempt once a

Re: BIRD 1.x/2.x support at rpki-client

2020-03-06 Thread Job Snijders
On Fri, Mar 06, 2020 at 07:11:56PM +0100, Robert Scheck wrote: > On Fri, 06 Mar 2020, Sebastian Benoit wrote: > > Note that I haven't tried this with bird 1 or 2 yet ;) > > comments, oks? > > I did not try it yet, but I think BIRD 1 also needs something like "define > force_roa_table_update =

Re: BIRD 1.x/2.x support at rpki-client

2020-03-06 Thread Job Snijders
I have a small suggestion, in some deployments I saw the convention to name it as following so it is clear the data came from user provided data rather than internal bird structures I tested Benno's patch against BIRD 1.6.6 - wfm. Index: main.c

Re: BIRD 1.x/2.x support at rpki-client

2020-03-06 Thread Job Snijders
On Fri, Mar 06, 2020 at 12:24:18PM +0100, Sebastian Benoit wrote: > Robert Scheck(rob...@fedoraproject.org) on 2020.03.03 01:20:24 +0100: > > job@ suggested to move this from GitHub to tech@ list (as upstream): > > > > 1. Currently, BIRD 1.x support in rpki-client seems to be broken: As per > >

Re: BIRD 1.x/2.x support at rpki-client

2020-03-04 Thread Job Snijders
We are still at the early stages of RPKI deployment, so if we make it easier to plug things into BIRD1 is beneficial given the wide deployment scale. Only /very/ recently was rpki-client packaged for some of the Linux distros, so if we add support for all formats now - it’ll improve the

Re: BIRD 1.x/2.x support at rpki-client

2020-03-04 Thread Job Snijders
I think we still need to support BIRD 1 for the foreseeable future, NIC.CZ hasn’t communicated plans to deprecate BIRD1 and still supports it; and BIRD1 still is widely deployed. I’m somewhat preferential to just generate all 3 BIRD flavors if -B is given as command line option. Kind regards,

Re: BIRD 1.x/2.x support at rpki-client

2020-03-04 Thread Job Snijders
On Wed, Mar 4, 2020, at 00:55, Robert Scheck wrote: > > The idea is you can specify many outputs. That will make the commandline > > very long, especially for the way we run it in cron. > > Oh! I'm sorry, I didn't see the idea of specifying many outputs. Yeah, its nice to do things in one batch

Re: IPv6 Support for umb(4)

2020-01-29 Thread Job Snijders
On Tue, Jan 28, 2020 at 03:03:47PM +0100, Gerhard Roth wrote: > this patch adds IPv6 support to umb(4). OK job@ Tested with 'telnet -6 towel.blinkenlights.nl' on Fibocom L831-EAU on IIJ MIO's network (Japan), with 'inet6 autoconf' in /etc/hostname.umb0 :-) job@vurt ~$ doas ifconfig umb0 umb0:

Re: Add #define for RFC8622 IPTOS_DSCP_LE codepoint

2020-01-25 Thread Job Snijders
On Sat, Jan 25, 2020 at 11:36:53PM +1100, Damien Miller wrote: > This adds a #define for the "lower effort" DSCP code point specified > by https://tools.ietf.org/html/rfc8622 > > People have asked to be able to use this OpenSSH for "don't care" > traffic. > > ok? OK job@

Re: bgpd max-prefix out limit

2020-01-22 Thread Job Snijders
On Wed, Jan 22, 2020 at 05:02:32AM +0100, Claudio Jeker wrote: > This diff implements 'max-prefix NUM out' which is a simple way to > avoid leaking full tables to upstream or peers. If the limit is > triggered the session will be closed with a NOTIFICATION (kind of > suicide for the good of the

[PATCH] nc(1): print IP address in verbose mode (-v)

2019-10-23 Thread Job Snijders
Dear all, Scratching a small itch: telnet(1) nicely prints what IP addresses it is attempting to connect to, I'd like 'nc -v' to do the same, see below: $ nc -v localhost 23 nc: connect to localhost (127.0.0.1) port 23 (tcp) failed: Connection refused nc: connect to localhost (::1) port 23 (tcp)

Re: OpenBSD crossed 400,000 commits

2019-10-08 Thread Job Snijders
On Tue, Oct 08, 2019 at 09:57:42PM -0600, Theo de Raadt wrote: > Sometime in the last week OpenBSD crossed 400,000 commits (*) upon all > our repositories since starting at 1995/10/18 08:37:01 > Canada/Mountain. That's a lot of commits by a lot of amazing people. Great achievement! Time to pop a

Re: bgpd fail before daemonizing on config errors

2019-08-08 Thread Job Snijders
On Thu, Aug 08, 2019 at 11:48:08AM +0200, Claudio Jeker wrote: > With the introduction of re-exec of the childs the config parsing happened > after bgpd demonized. This is super annoying and therefor this diff > changes that. It will make bgpd fail on startup if there is an issue with > the config

Re: bgpd adj-rib-out rewrite

2019-07-16 Thread Job Snijders
On Wed, Jul 10, 2019 at 10:08:38PM +0200, Claudio Jeker wrote: > This diff is a bit of a monster. It changes the Adj-RIB-Out to be a > peer specific set of RB trees instead of using a rib in the original > sense. The reason for this is that the more peers a system has the > more elements end up

Re: Remove irrfilter from bgpctl

2019-06-24 Thread Job Snijders
Hi, On Mon, Jun 24, 2019 at 12:41:08PM +0200, Claudio Jeker wrote: > I think it is time to remove the bgpctl irrfilter code. It is not > useful and it is better to use tools like bgpq3 to build as-sets and > prefix-sets for bgpd filtering. Agreed. I'd love to have a replacement in base some day,

Re: bgpd set nexthop 198.51.100.42 clarifications

2019-05-28 Thread Job Snijders
On Tue, May 28, 2019 at 05:17:08PM +0200, Claudio Jeker wrote: > On Tue, May 28, 2019 at 01:28:32PM +0200, Job Snijders wrote: > > On Mon, May 13, 2019 at 09:03:41PM +0200, Claudio Jeker wrote: > > > When using a rule forcing the nexthop to a specific address bgpd > > &

Re: bgpd set nexthop 198.51.100.42 clarifications

2019-05-28 Thread Job Snijders
Hi, On Mon, May 13, 2019 at 09:03:41PM +0200, Claudio Jeker wrote: > When using a rule forcing the nexthop to a specific address bgpd > currently does not mark that nexthop as no-modify. In other words > the default rules for nexthop propagation applies. This means that > for ebgp it only sends

Re: bgpd set nexthop 198.51.100.42 clarifications

2019-05-27 Thread Job Snijders
On Mon, May 13, 2019 at 21:11 Claudio Jeker wrote: > When using a rule forcing the nexthop to a specific address bgpd > currently does not mark that nexthop as no-modify. In other words > the default rules for nexthop propagation applies. This means that > for ebgp it only sends out the set

Re: Stream Control Transmission Protocol SCTP RFC4960

2019-05-23 Thread Job Snijders
On Thu, May 23, 2019 at 19:50 Denis wrote: > > SCTP(4) present in FreeBSD 12.0 > > OpenBSD implementation planned? Nothing planned as far as I know. Out of curiosity - what is your use case? Do you really use it? It doesn’t seem to be a widely used protocol. Kind regards, Job

Re: NSD & Unbound refusing to bind to IPv6 when anycast flag set ?

2019-05-17 Thread Job Snijders
On Fri, May 17, 2019 at 2:13 PM Stuart Henderson wrote: > On 2019/05/16 23:37, Rachel Roch wrote: > > > RFC3513 says this: > > > > > > o An anycast address must not be used as the source address of > > > an IPv6 packet. > > > > > > o An anycast address must not be assigned to an IPv6 host,

Re: tcpdump support extended bgp shutdown communication

2019-05-11 Thread Job Snijders
OK job@ On Sat, May 11, 2019 at 14:37 Claudio Jeker wrote: > bgpd already got support for extended shutdown communication messages. > This adds the same support to tcpdump. > > OK? > -- > :wq Claudio > > Index: print-bgp.c > === >

[PATCH] bgpctl(8): improve user interface for RPKI Origin Validation

2019-04-01 Thread Job Snijders
Dear all, I've consulted with numerous user interface experts, their consistent advice was to facilitate internalization by provoking simpler, stronger emotions through the text based interface. bgpctl(8) will now provide simplified 'SAD' or 'HAPPY' ascii ideograms to help network operators

Re: bgpd optimize filter rules

2018-12-03 Thread Job Snijders
On Mon, Dec 03, 2018 at 12:14:13PM +0100, Claudio Jeker wrote: > There is a trivial optimization that bgpd can do when loading the filter > ruleset. If the rule is the same as the previous rule than the filterset > can be merged. e.g. > > match from ebgp set community delete $myAS:* >

Re: bgpd refactor aspath_match a bit

2018-11-27 Thread Job Snijders
On Tue, Nov 27, 2018 at 06:23:53PM +0100, Claudio Jeker wrote: > On Tue, Nov 27, 2018 at 04:21:53PM +0100, Job Snijders wrote: > > On Fri, Nov 23, 2018 at 03:55:18PM +0100, Claudio Jeker wrote: > > > For origin validation I chacked the source_as in struct rde_aspath > &

Re: bgpd refactor aspath_match a bit

2018-11-27 Thread Job Snijders
Hi Claudio, On Fri, Nov 23, 2018 at 03:55:18PM +0100, Claudio Jeker wrote: > For origin validation I chacked the source_as in struct rde_aspath > this is not really the right place. It should be in struct aspath > since that holds all the ASPATH related stuff. Change this, move > aspath_match out

Re: bgpd refactor community code

2018-11-27 Thread Job Snijders
On Thu, Nov 22, 2018 at 05:56:20PM +0100, Claudio Jeker wrote: > On Tue, Nov 13, 2018 at 06:53:55PM +0100, Claudio Jeker wrote: > > This is a large diff that changes the way communities are stored in > > filters and filter_sets. Both standard communities and large communities > > now share the

Re: prevent bgpd from starting when control socket already used

2018-11-11 Thread Job Snijders
Shouldnt we already bomb out at the following? cannot bind to 0.0.0.0:179: Address already in use cannot bind to [::]:179: Address already in use In any regard, I agree with the functionality proposed. No strong opinion on the diff itself. Kind regards, Job On Sun, Nov 11, 2018 at 22:35 Remi

Re: ifconfig(8) to deny non-contiguous netmask / take 2

2018-09-30 Thread Job Snijders
OK job@

[PATCH] bgpd: expose ROA origin validation state in show rib

2018-09-29 Thread Job Snijders
Dear all, This small patch exposes the origin validation state in 'bgpctl show rib' and 'bgpctl show rib detail'. This will help debugging, and draw attention to routing problems. I know we're weary of spending horizontal space, but I think spending 3 chars to show the OV state (and as such make

Re: bgpd ROA validation

2018-09-25 Thread Job Snijders
On Tue, Sep 25, 2018 at 12:23:48PM +0200, Claudio Jeker wrote: > On Sat, Sep 22, 2018 at 09:48:24PM +0000, Job Snijders wrote: > > Seems we are getting very close. Some suggestions to simplify the > > experience for the end user. > > > > Let's start with supporting jus

Re: bgpd ROA validation

2018-09-22 Thread Job Snijders
Hi claudio, Seems we are getting very close. Some suggestions to simplify the experience for the end user. Let's start with supporting just one (unnamed) roa-set, so far I've really not come across a use case where multiple ROA tables are useful. I say this having implemented origin validation

Re: bgpd ROA validation

2018-09-22 Thread Job Snijders
On Fri, Sep 21, 2018 at 05:29:24PM +0200, Claudio Jeker wrote: > I currently use the RIPE RPKI validator to grab a JSON file (e.g. > http://localcert.ripe.net:8088/export.json) and feed that to this perl > script to convert it into bgpd syntax: For now I recommend using

Re: bgpd roa-set backend

2018-09-14 Thread Job Snijders
Dear Claudio, On Fri, Sep 14, 2018 at 04:59:51PM +0200, Claudio Jeker wrote: > This diff extends the existing trie code for prefix-set to also work with > roa-set. Unlike prefix-set there is no need for a prefixlen mask during > lookup, instead the source-as needs to be checked and also if the >

Re: bgpd: refine source-as matching

2018-08-09 Thread Job Snijders
On Thu, Aug 09, 2018 at 03:10:11PM +0200, Claudio Jeker wrote: > Per rfc6472 AS_SET should no longer be used but some AS still do. > Until now source-as would take the rightmost AS number of an AS_PATH > no matter if it was an AS_SEQUENCE or an AS_SET. Thit is not correct. Indeed, good find! >

[PATCH] column(1): -r to right justify

2018-07-04 Thread Job Snijders
Dear all, Following some back and forth on how disklabel output should be formatted, I proposed to Kenneth to extend the column(1) utility. All that was missing is the ability to right justify. I've longed for this feature for a while: I often use 'column -t' to prettify data coming from an awk

Re: BGPD - refactor nexthop handling

2018-06-24 Thread Job Snijders
On Thu, Jun 21, 2018 at 08:59:45PM +0200, Claudio Jeker wrote: > This is the first step of some larger reshuffling of how the RDE is > working. One of the things needed is proper reference counting for > nexthops since I want to kill nexthop_link and nexthop_unlink in the > long run. > > Even

Add 6to4 anycast prefixes to examples/bgpd.conf

2018-06-21 Thread Job Snijders
Hi, Globally anycasted 6to4 has outlived its usefulness. Operational discussion: http://seclists.org/nanog/2018/Jun/268 Kind regards, Job diff --git etc/examples/bgpd.conf etc/examples/bgpd.conf index a5fa7234a3c..77f610b9a06 100644 --- etc/examples/bgpd.conf +++ etc/examples/bgpd.conf @@

Re: Should whois(1) and IPv6 default to ANICHOST?

2018-06-17 Thread Job Snijders
OK job@ On Sun, 17 Jun 2018 at 17:00, Florian Obser wrote: > I like it, I think the heuristic is good enough. > > OK florian@ or I take OKs to commit it myself ;) > > On Sun, May 20, 2018 at 07:48:34PM +0100, Mikolaj Kucharski wrote: > > Hi, > > > > This is very naive patch for whois(1) which

Re: [patch] crontab(5) add -n option to suppress mail when the run was successful

2018-06-12 Thread Job Snijders
on/do_command.c index 6a4022fcc9a..4fbca61d170 100644 --- usr.sbin/cron/do_command.c +++ usr.sbin/cron/do_command.c @@ -3,6 +3,7 @@ /* Copyright 1988,1990,1993,1994 by Paul Vixie * Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC") * Copyright (c) 1997,2000 by Internet Softwar

[patch] crontab(5) add -n option to suppress mail when the run was successful

2018-06-11 Thread Job Snijders
ISC") * Copyright (c) 1997,2000 by Internet Software Consortium, Inc. + * Copyright (c) 2018 Job Snijders * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -80,7 +81,6 @@ child

Re: bgpd: stop with the announce confusion

2018-06-07 Thread Job Snijders
On Thu, Jun 07, 2018 at 12:14:07PM +0200, Claudio Jeker wrote: > > It would be helpful during upgrades if it's possible to write some > > configurations that work the same on both the old and new versions. > > That way the configuration can be changed to a version which will > > still work before

Re: bgpd: stop with the announce confusion

2018-06-07 Thread Job Snijders
On Wed, Jun 06, 2018 at 11:04:56PM +0200, Claudio Jeker wrote: > The following diff does a few things. > a) it removes the `announce (all|none|self|default-route)` version > b) `announce none` is now `export none` > c) `announce default-route` is now `export default-route` > d) the examples file

Re: bgpd ignore aspath with to large attributes

2018-05-31 Thread Job Snijders
On Wed, May 30, 2018 at 03:18:45PM +0200, Claudio Jeker wrote: > This adds a protection to handle aspaths overly large attributes in > bgpd. The main idea is to protect other bgp routes downstream for > hitting the limit with is often not well catched. I am not sure this is sound logic. The BGP

Re: Eliminate trailing whitespace & typo in chmod

2018-04-13 Thread Job Snijders
https://en.wikipedia.org/wiki/If_and_only_if As a non-native speaker, it took some years before I realized the use of “iff” is not a typo. Kind regards, Job

Re: Stop ping telling world its pid

2018-04-11 Thread Job Snijders
When things arrive out of sequence, that usually is of special interest to network operator people. Not sure the sequence field can easily be overloaded to increase “validity”. I’m not great at math, with a 16 bit random value, wouldn’t we start running into ID collisions around 256 concurrent

Re: high sofnet load with gif(4) and icmp

2018-04-05 Thread Job Snijders
Hi, I'm optimistic about this patch: where previously running traffic through this router over gif tunnels would result in memory exhaustion, the problem now seems gone. memory graph: http://instituut.net/~job/screenshots/ee7f0fa5304032a2.png Should perhaps an errata / syspatch blob be prepared

Re: [PATCH] Update default QoS markers for ssh

2018-04-01 Thread Job Snijders
On Sun, Apr 01, 2018 at 11:29:55AM +0100, Stuart Henderson wrote: > On 2018/03/31 16:10, Job Snijders wrote: > > TL;DR: I propose to update the defaults to use DSCP "AF21" (Low > > Latency Data) for interactive session traffic, and CS1 ("Lower > > Effort")

[PATCH] Update default QoS markers for ssh

2018-03-31 Thread Job Snijders
Dear all, There may be opportunity for improvement of ssh(1) and sshd(8)'s default QoS markers for better integration in environments that can offer either layer-2 or layer-3 prioritisation profiles. Currently ssh(1) and sshd(8) set obsoleted values 'lowdelay' for interactive sessions and

Re: handle updates via Adj-RIB-Out

2018-03-05 Thread Job Snijders
Claudio, How best to test this change proposal? Should this maybe be tested on one of the yycix route servers? I'll let it run on my home router, if that doesn't cause issues in a week or so; we can consider rs2.yycix.ca Kind regards, Job On Fri, Mar 02, 2018 at 04:55:23PM +0100, Claudio

Re: [PATCH] bgplg error message fix

2018-02-02 Thread Job Snijders
On Fri, Feb 02, 2018 at 02:38:54PM +0100, Pierre Emeriaud wrote: > While playing with bgplg I noticed that 'show ip bgp detail as' error > message is wrong: expects an AS number but asks for a prefix. Thanks! Committed. Kind regards, Job

Re: /etc/rc: fsck -y

2018-01-18 Thread Job Snijders
On Thu, Jan 18, 2018 at 12:22:21PM +, Stuart Henderson wrote: > A flag (fsck_flags) would be a better idea than a file, and more > flexible (users with many disks and low RAM could use the same > mechanism to force "-l 1" for example). fsck_flags would be an idea. I prefer not to bring local

Re: [patch] faq5.html, added missing branch to update -stable trees.

2018-01-06 Thread Job Snijders
Hi, On Sat, Jan 6, 2018 at 9:53 AM, Christoph R. Murauer wrote: > Here is a diff for the missing -rOPENBSD_6_2 branch to update the > -stable CVS trees as described in https://www.openbsd.org/anoncvs.html > at Updating an existing tree. I don't think this is needed in this context

Re: pckbd: go back to using table 2 by default

2018-01-02 Thread Job Snijders
Hi all, I often observed on my Thinkpad x270 that after an upgrade via bsd.rd, the first reboot resulted in keystrokes being garbage (and at second reboot everything was fine again). The below patch seems to be an improvement. Kind regards, Job On Tue, Jan 02, 2018 at 09:36:49AM -0600, joshua

Re: Add "-c command" option to script(1)

2017-12-16 Thread Job Snijders
On Sat, Dec 16, 2017 at 09:45:02AM +0100, Paul de Weerd wrote: > On Fri, Dec 15, 2017 at 12:24:45PM +0100, Paul de Weerd wrote: > | I've updated the diff to add this example as per jmc's suggestion. It > | now has: > | > | - add the `-c command` feature > | - updates usage > | -

Re: Add "-c command" option to script(1)

2017-12-15 Thread Job Snijders
On Thu, Dec 14, 2017 at 09:23:29AM +0100, Paul de Weerd wrote: > Another use I personally find very convenient is this: > > [weerd@pom] $ script -c "vmctl start test -c" > > Hope others see value here too :) That is a great use case. Kind regards, Job

Re: Include hostname in shell prompts by default

2017-12-09 Thread Job Snijders
On Sat, Dec 09, 2017 at 06:44:44PM +0100, Theo Buehler wrote: > Theo asked me to make sure that all our shells print a prompt > including the hostname by default. Thank you. This is a significant improvement. I keep finding myself updating /etc/profile everywhere to ensure I don't lose my

Re: pf neighbor discovery hop limit

2017-12-04 Thread Job Snijders
On Mon, Dec 04, 2017 at 02:55:16PM +0100, Alexander Bluhm wrote: > RFC 4861 requires that all neighbor discovery packets have 255 in > their IPv6 header hop limit field. Let pf drop neighbor solicitation, > neighbor advertisement, router solicitation, router advertisement, > and redirect ICMP6

Re: [PATCH] amd64/bsd.rd: add growfs(8)

2017-11-07 Thread Job Snijders
On Mon, Nov 06, 2017 at 04:14:48PM -0700, Theo de Raadt wrote: > I agree on that. So please put it into the correct lists files for > all the unlimited ramdisks. > > Job, the situation is a little nit-picky but try to do it for all the > architectures and I'll give you fast feedback. This is

Re: [PATCH] amd64/bsd.rd: add growfs(8)

2017-11-06 Thread Job Snijders
Thanks for the feedback. I'll get to work on a MI patch and test on amd64 + i386, then pass it on to you.

[PATCH] amd64/bsd.rd: add growfs(8)

2017-11-05 Thread Job Snijders
Goodmorning everyone, While quite some resizing scenarios can be done from within single user mode, resizing the root partition requires you to bring your own growfs(8) binary into the ramdisk environment. The below patch adds growfs(8) to the amd64 ramdisk to simplify such operations. I tested

Re: Remove TCP_FACK

2017-10-25 Thread Job Snijders
This has been committed. Since the patch changed the userland ABI, don't forget to rebuild (at least) fstat, netstat & tcpbench. Kind regards, Job

Re: Refactor TCP partial ACK handling

2017-10-24 Thread Job Snijders
On Tue, Oct 24, 2017 at 03:21:08PM +0200, Mike Belopuhov wrote: > I didn't do it because tcp_var.h is where tcp keeps all of it's prototypes > but I don't mind moving them into tcp_input.c. Any objections? Otherwise > I'll check in the diff below. ok job@

Remove TCP_FACK

2017-10-24 Thread Job Snijders
Dear all, This patch builds upon the work shared in the following email. Mike's patch is a prerequisite to apply this patch. Date: Tue, 24 Oct 2017 15:21:08 +0200 From: Mike Belopuhov Subject: Re: Refactor TCP partial ACK handling TCP_FACK was

Re: Enable TCP selective acknowledgements (SACK) on all kernels

2017-10-23 Thread Job Snijders
On Sun, Oct 22, 2017 at 04:04:30PM +0200, Mike Belopuhov wrote: > > If this is as expected, OK job@ > > It's setting the option in my build here: > > 15:55:20.336682 fe:e1:bb:d1:a2:f0 fe:e1:ba:d0:55:1e 0800 78: \ > 10.50.50.34.17078 > 10.50.50.1.80: S [tcp sum ok] 1313610867:1313610867(0) \ >

Re: Enable TCP selective acknowledgements (SACK) on all kernels

2017-10-22 Thread Job Snijders
On Thu, Oct 19, 2017 at 06:55:05PM +0200, Mike Belopuhov wrote: > SACK has been enabled in GENERIC kernels for over a decade and it's > time to make it an official part of the TCP stack. I tested your diff by doing an amd64 release build and testing both the newly created /bsd and /bsd.rd, I

Re: netstat(1) print PID for sockets.

2017-07-02 Thread Job Snijders
On Sat, Jul 01, 2017 at 08:50:36PM +0200, Sebastian Benoit wrote: > Sebastian Benoit(be...@openbsd.org) on 2017.07.01 20:40:17 +0200: > > oks for this? > > /* filter listening sockets out unless -a is set */ > - if (!aflag && istcp && kf->t_state <= TCPS_LISTEN) > + if (!(aflag ||

[PATCH] bin: Add -v option to cp(1), mv(1), rm(1)

2017-06-27 Thread Job Snijders
Dear all, This patch adds a '-v' option to cp(1), mv(1), and rm(1). If the '-v' option is used, the utility will display the name of each file after it has been successfully copied, moved or removed. This patch rolls in feedback from recent discussion. The manpage updates are specific as to what

Re: [PATCH 2/3] openbgpd: Add support for 'unknown' well-known communities

2017-06-25 Thread Job Snijders
On Sun, Jun 25, 2017 at 11:41:05PM +0200, Sebastian Benoit wrote: > ok > > as wor the WELLKNOWN, what do other implementations do? I'm not aware of other implementations that do a blanket replacement of "65535:" with something like "WELLKNOWN:" in their CLI output. Most implementations (after

Re: [PATCH] cp(1): add -v option for verbosity

2017-06-25 Thread Job Snijders
On Sun, Jun 25, 2017 at 02:06:20PM +0200, Job Snijders wrote: > This patch adds a -v option to cp(1) for more verbose output. NetBSD/FreeBSD/DragonFly/OSX's cp(1) with "-v" print file names without the single quotes, which might indeed be more appealing to the eye: $ touch

Re: [PATCH] rm(1): add -v option for verbosity

2017-06-25 Thread Job Snijders
On Sun, Jun 25, 2017 at 04:09:11PM +0200, Job Snijders wrote: > --- bin/rm/rm.1 > +++ bin/rm/rm.1 > @@ -95,6 +95,8 @@ that directory is skipped. > .It Fl r > Equivalent to > .Fl R . > +.It Fl v > +Explain what is being done. On second thought, "Display wh

Re: [PATCH] cp(1): add -v option for verbosity

2017-06-25 Thread Job Snijders
Dear Alexander, On Sun, Jun 25, 2017 at 06:13:40PM +0200, Alexander Hall wrote: > On June 25, 2017 2:06:20 PM GMT+02:00, Job Snijders <j...@instituut.net> > wrote: > >This patch adds a -v option to cp(1) for more verbose output. > > > > $ touch a b;

Re: [PATCH] rm(1): add -v option for verbosity

2017-06-25 Thread Job Snijders
Hi Ingo, Thanks for taking the time to review this. On Sun, Jun 25, 2017 at 03:12:26PM +0200, Ingo Schwarze wrote: > Job Snijders wrote on Sun, Jun 25, 2017 at 02:06:16PM +0200: > > > This patch adds a '-v' option to rm(1) for more verbose output. > > Do not add new o

Re: [PATCH 2/3] openbgpd: Add support for 'unknown' well-known communities

2017-06-25 Thread Job Snijders
Small update. I renamed the 'msb' argument ('most significant bits') to 'part' to improve readability. In Community 15562:4, '15562' is part 0 and the '4' is part 1. Same type of logic might be useful down the road for Large Communities which would have 3 parts. - Job diff --git

Re: [PATCH 2/3] openbgpd: Add support for 'unknown' well-known communities

2017-06-25 Thread Job Snijders
On Sun, Jun 25, 2017 at 02:09:22PM +0200, Peter Hessler wrote: > : $ bgpctl show rib community WELLKNOWN:0 > : .. > : $ bgpctl show rib community WELLKNOWN:* > : .. > > Eh, I don't really see a reason to have syntatic sugar for > '65535'. In this case, I'm

[PATCH] cp(1): add -v option for verbosity

2017-06-25 Thread Job Snijders
Dear team, This patch adds a -v option to cp(1) for more verbose output. $ touch a b; mkdir c $ cp -v a b c 'a' -> 'c/a' 'b' -> 'c/b' $ cp -rv c d 'c' -> 'd/' 'c/a' -> 'd/a' 'c/b' -> 'd/b' Kind regards, Job diff --git bin/cp/cp.1

[PATCH] rm(1): add -v option for verbosity

2017-06-25 Thread Job Snijders
Hi all, This patch adds a '-v' option to rm(1) for more verbose output. $ mkdir a; touch a/b; touch c $ rm -rfv * removed 'a/b' removed directory 'a' removed 'c' Kind regards, Job diff --git bin/rm/rm.1 bin/rm/rm.1 index 5c8aefaab7d..7de2c7067ee 100644

[PATCH] mv(1): add -v option for verbosity

2017-06-25 Thread Job Snijders
Hi all, This patch adds a -v option to mv(1) for more verbose output. $ touch a $ mv -v a b 'a' -> 'b' $ mkdir c $ mv -v b c 'b' -> 'c/b' $ mv -v c d 'e' -> 'd' And here is an example of the output of the situation mentioned in the

[PATCH 3/3] openbgpd: Add well-known community GRACEFUL_SHUTDOWN

2017-06-23 Thread Job Snijders
Dear team, This patch adds support for the "graceful shutdown" well-known community as described in draft-ietf-grow-bgp-gshut. An example implementation would be to add the following to your bgpd.conf: match from any community GRACEFUL_SHUTDOWN set { localpref 0 } Kind regards, Job ---

[PATCH 2/3] openbgpd: Add support for 'unknown' well-known communities

2017-06-23 Thread Job Snijders
Dear team, This patch makes 'unknown' well-known communities more of a first-class citizen. A powerful property of well-known communities is that (often) operators can implement the feature associated with a given well-known community through their local routing policy, ahead of time before

[PATCH 1/3] openbgpd: Allow localpref of zero

2017-06-23 Thread Job Snijders
Dear team, The lowest valid BGP LOCAL_PREF is 0, allowing bgpd to set 0 too will accomodate interopability. Kind regards, Job --- a/usr.sbin/bgpd/parse.y +++ b/usr.sbin/bgpd/parse.y @@ -1988,7 +1988,7 @@ filter_set_opt: LOCALPREF NUMBER { }

Re: [PATCH] ntpd: allow to specify a source IP address for outgoing queries

2017-05-30 Thread Job Snijders
Dear team, Henning Brauer (off-list) made a few suggestions, which I summerized in the following four points: 1) poor initialization style, instead of: struct xxx yyy = { .property = zzz }; use: struct xxx yyy; yyy.property = zzz; 2) avoid

Re: sys/socket.h: make sstosa() available to everyone

2017-05-30 Thread Job Snijders
On Tue, May 30, 2017 at 01:29:07PM -0600, Theo de Raadt wrote: > I don't think this trivial thing should be pushed into the public > namespace. > > Personally I think this construct is really contrived. ok. Another downside might be that it can negatively impact portability. Thanks, Job

sys/socket.h: make sstosa() available to everyone

2017-05-30 Thread Job Snijders
Hi, Might be out of my depth here, but would be nice if the sstosa() is available to everyone, not just _KERNEL If accepted, 'define sstosa' can to be removed from usr.sbin/ftp-proxy/ftp-proxy.c. Kind regards, Job --- sys/sys/socket.h | 16 ++-- 1 file changed, 10 insertions(+),

Re: [PATCH] ntpd: allow to specify a source IP address for outgoing queries

2017-05-30 Thread Job Snijders
On Sun, May 28, 2017 at 10:52:24PM +0200, Sebastian Benoit wrote: > which makes me think: > would a global local-address be good enough? Attached is a patch that allows you to specify the source for outgoing queries, as a global option. Example ntpd.conf: query from 165.254.255.33 query

Re: tcpdump: enable some more bgp info

2017-05-30 Thread Job Snijders
On Tue, May 30, 2017 at 10:21:17AM +0200, Michal Mazurek wrote: > On 12:15:06, 29.05.17, Job Snijders wrote: > > perhaps add a comment like /* RFC 6608 */ above the below: > > Right, it will make it more consistent. > > > > +static const char *bgpnotify_minor_fsm[] = {

Re: tcpdump: enable some more bgp info

2017-05-29 Thread Job Snijders
On Mon, May 29, 2017 at 12:02:33PM +0200, Michal Mazurek wrote: > The error information for bgp was commited in 2009 > (bgpnotify_minor_cease, bgpnotify_minor_cap) but never enabled, so do > that here. Also add FSM error codes. perhaps add a comment like /* RFC 6608 */ above the below: > +static

[PATCH] ntpd: allow to specify a source IP address for outgoing queries

2017-05-28 Thread Job Snijders
Dear team, I have the following use-case on some of my routers: ntpd will opportunistically select a source address, regardless of whether that source address is actually a globally routable IP address. Most of the time this is great, but not in some deployment scenarios. For instance, IP

Re: [bgpd] RFC 7607 Codification of AS 0 Processing

2017-05-28 Thread Job Snijders
On Fri, May 26, 2017 at 09:40:49PM +0200, Peter Hessler wrote: > On 2017 May 26 (Fri) at 20:01:00 +0200 (+0200), Peter Hessler wrote: > :Apropos of "I found it", I implemented support for RFC 7607. It's a > :super short RFC, but basically it forbids use of AS 0 anywhere. > : > :OK? > > Fixed some

Re: tcpdump: decode BGP Administrative Shutdown Communication

2017-04-19 Thread Job Snijders
On Mon, Apr 17, 2017 at 01:56:17PM -0600, Theo de Raadt wrote: > + memset(string, 0, 129); > + memcpy(string, p+1, shutdown_comm_length); > + safeputs(string); > > Please don't copy numbers like that. If

Re: tcpdump: decode BGP Administrative Shutdown Communication

2017-04-17 Thread Job Snijders
Hi all, Daan Keuper (Computest) was kind enough to review the diff, he pointed out the following: safeputs() expects a null-terminated string. Since shutdown_comm_length won't exceed BGP_NOTIFY_MINOR_CEASE_ADMIN_SHUTDOWN_LEN (128), the following will ensure a null-terminated string is passed to

Re: tcpdump: decode BGP Administrative Shutdown Communication

2017-04-17 Thread Job Snijders
Hi OpenBSD, bgpd(8) as shipped in OpenBSD 6.1 supports draft-ietf-idr-shutdown-07. The below patch adds support to tcpdump(8) to decode such shutdown communication. This is an improved version of the patch proposal I sent in January. Kind regards, Job diff --git

Re: [PATCH] openbgpd: Add support for BGP Validation State Communities (RFC 8097)

2017-04-03 Thread Job Snijders
On Wed, Mar 29, 2017 at 12:14:24AM +0200, Sebastian Benoit wrote: > Job Snijders(j...@instituut.net) on 2017.03.28 14:12:42 -0500: > > > > match from any \ > > set { ext-community bovs not-found \ > > do other implementations call this "bovs"?

[PATCH] openbgpd: Add support for BGP Validation State Communities (RFC 8097)

2017-03-28 Thread Job Snijders
Dear all, BGP Origin Validation State communities are non-transitive opaque extended communities to carry the origination Autonomous System validation state inside an autonomous system. IBGP speakers that receive this validation state can configure local policies that allow it to influence their

Re: openbgpd: support for bgp administrative shutdown communication

2017-01-09 Thread Job Snijders
Dear all, The below is based on feedback from Sebastian Benoit, Theo de Raadt, and Peter Hessler. The patch adds less lines of code, and adheres better to style(9). Thank you for your time. Kind regards, Job Index: bgpctl/bgpctl.8

openbgpd: support for bgp administrative shutdown communication

2017-01-08 Thread Job Snijders
rk has been tested against pmacct and exabgp which also support draft-ietf-idr-shutdown. The BGP Administrative Shutdown Communication feature for OpenBGPD was developed by Peter van Dijk <peter.van.d...@powerdns.com> and Job Snijders <j...@ntt.

tcpdump: decode BGP Administrative Shutdown Communication

2017-01-07 Thread Job Snijders
This patch adds support to tcpdump(8) to decode BGP Administrative Shutdown Communications in human readable form. The draft-ietf-idr-shutdown (https://tools.ietf.org/html/draft-ietf-idr-shutdown) specification documents a mechanism to transmit a short freeform UTF-8 message as part of a BGP

tcpdump: decode Large BGP Communities

2016-10-12 Thread Job Snijders
This patch adds support to tcpdump(8) to decode Large BGP Communities in human readable form. Example: [ snip ] BGP (UPDATE: (Path attributes: (ORIGIN[T] IGP) (AS_PATH[T] 65000) (NEXT_HOP[T] pxtr-2.meerval.net) (COMMUNITIES[OT] 666:666

  1   2   >