Yesterday I added --address support in openrsync, this was done so that
rpki-client can pass a bind address to openrsync since in my case the
default address selection would pick up a non routeable address (IX lan)
for some connections.
This is the diff for rpki-client to pass a bind address down to rsync.
With this I can use rpki-client on one of the border routers.
I decided to not validate the address in rpki-client, instead it relies on
rsync to do that.
OK?
--
:wq Claudio
Index: main.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/main.c,v
retrieving revision 1.12
diff -u -p -r1.12 main.c
--- main.c 9 Aug 2019 05:29:51 -0000 1.12
+++ main.c 9 Aug 2019 06:52:47 -0000
@@ -113,7 +113,7 @@ TAILQ_HEAD(entityq, entity);
*/
static void proc_parser(int, int, int)
__attribute__((noreturn));
-static void proc_rsync(const char *, int, int)
+static void proc_rsync(const char *, const char *, int, int)
__attribute__((noreturn));
static void logx(const char *fmt, ...)
__attribute__((format(printf, 1, 2)));
@@ -522,7 +522,7 @@ proc_child(int signal)
* repositories and saturate our system.
*/
static void
-proc_rsync(const char *prog, int fd, int noop)
+proc_rsync(const char *prog, const char *bind_addr, int fd, int noop)
{
size_t id, i, idsz = 0;
ssize_t ssz;
@@ -678,10 +678,12 @@ proc_rsync(const char *prog, int fd, int
err(EXIT_FAILURE, "pledge");
i = 0;
args[i++] = (char *)prog;
- args[i++] = "-r";
- args[i++] = "-l";
- args[i++] = "-t";
+ args[i++] = "-rlt";
args[i++] = "--delete";
+ if (bind_addr != NULL) {
+ args[i++] = "--address";
+ args[i++] = (char *)bind_addr;
+ }
args[i++] = uri;
args[i++] = dst;
args[i] = NULL;
@@ -1270,12 +1272,16 @@ main(int argc, char *argv[])
struct stats stats;
struct roa **out = NULL;
const char *rsync_prog = "openrsync";
+ const char *bind_addr = NULL;
if (pledge("stdio rpath proc exec cpath unveil", NULL) == -1)
err(EXIT_FAILURE, "pledge");
- while ((c = getopt(argc, argv, "e:fnqrv")) != -1)
+ while ((c = getopt(argc, argv, "b:e:fnqrv")) != -1)
switch (c) {
+ case 'b':
+ bind_addr = optarg;
+ break;
case 'e':
rsync_prog = optarg;
break;
@@ -1350,7 +1356,7 @@ main(int argc, char *argv[])
if (noop && pledge("stdio", NULL) == -1)
err(EXIT_FAILURE, "pledge");
- proc_rsync(rsync_prog, fd[0], noop);
+ proc_rsync(rsync_prog, bind_addr, fd[0], noop);
/* NOTREACHED */
}
@@ -1505,6 +1511,7 @@ main(int argc, char *argv[])
usage:
fprintf(stderr,
- "usage: rpki-client [-fnqrv] [-e rsync_prog] tal ...\n");
+ "usage: rpki-client [-fnqrv] [-b bind_addr] [-e rsync_prog] "
+ "tal ...\n");
return EXIT_FAILURE;
}
Index: rpki-client.8
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/rpki-client.8,v
retrieving revision 1.3
diff -u -p -r1.3 rpki-client.8
--- rpki-client.8 18 Jun 2019 13:28:37 -0000 1.3
+++ rpki-client.8 9 Aug 2019 06:52:47 -0000
@@ -25,6 +25,7 @@ for Origin Validation.
.Sh SYNOPSIS
.Nm
.Op Fl fnqrv
+.Op Fl b Ar bind_addr
.Op Fl e Ar rsync_prog
.Ar tal1 tal2 ...
.Sh DESCRIPTION
@@ -38,6 +39,10 @@ to fetch certificates, manifests, revoca
announcements themselves.
Its arguments are as follows:
.Bl -tag -width Ds
+.It Fl b Ar bind_addr
+Tell the rsync client to use the specified
+.Ar bind_addr
+as the source address for connections.
.It Fl e Ar rsync_prog
Use
.Ar rsync_prog
@@ -45,7 +50,8 @@ instead of
.Xr openrsync 1
to fetch repositories.
It must accept the
-.Fl rlt
+.Fl rlt ,
+.Fl -address
and
.Fl -delete
flags and connect with rsync-protocol locations.
