Claudio Jeker([email protected]) on 2019.08.09 08:58:09 +0200:
> Yesterday I added --address support in openrsync, this was done so that
> rpki-client can pass a bind address to openrsync since in my case the
> default address selection would pick up a non routeable address (IX lan)
> for some connections.
>
> This is the diff for rpki-client to pass a bind address down to rsync.
> With this I can use rpki-client on one of the border routers.
> I decided to not validate the address in rpki-client, instead it relies on
> rsync to do that.
>
> OK?
ok
> --
> :wq Claudio
>
>
> Index: main.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/rpki-client/main.c,v
> retrieving revision 1.12
> diff -u -p -r1.12 main.c
> --- main.c 9 Aug 2019 05:29:51 -0000 1.12
> +++ main.c 9 Aug 2019 06:52:47 -0000
> @@ -113,7 +113,7 @@ TAILQ_HEAD(entityq, entity);
> */
> static void proc_parser(int, int, int)
> __attribute__((noreturn));
> -static void proc_rsync(const char *, int, int)
> +static void proc_rsync(const char *, const char *, int, int)
> __attribute__((noreturn));
> static void logx(const char *fmt, ...)
> __attribute__((format(printf, 1, 2)));
> @@ -522,7 +522,7 @@ proc_child(int signal)
> * repositories and saturate our system.
> */
> static void
> -proc_rsync(const char *prog, int fd, int noop)
> +proc_rsync(const char *prog, const char *bind_addr, int fd, int noop)
> {
> size_t id, i, idsz = 0;
> ssize_t ssz;
> @@ -678,10 +678,12 @@ proc_rsync(const char *prog, int fd, int
> err(EXIT_FAILURE, "pledge");
> i = 0;
> args[i++] = (char *)prog;
> - args[i++] = "-r";
> - args[i++] = "-l";
> - args[i++] = "-t";
> + args[i++] = "-rlt";
> args[i++] = "--delete";
> + if (bind_addr != NULL) {
> + args[i++] = "--address";
> + args[i++] = (char *)bind_addr;
> + }
> args[i++] = uri;
> args[i++] = dst;
> args[i] = NULL;
> @@ -1270,12 +1272,16 @@ main(int argc, char *argv[])
> struct stats stats;
> struct roa **out = NULL;
> const char *rsync_prog = "openrsync";
> + const char *bind_addr = NULL;
>
> if (pledge("stdio rpath proc exec cpath unveil", NULL) == -1)
> err(EXIT_FAILURE, "pledge");
>
> - while ((c = getopt(argc, argv, "e:fnqrv")) != -1)
> + while ((c = getopt(argc, argv, "b:e:fnqrv")) != -1)
> switch (c) {
> + case 'b':
> + bind_addr = optarg;
> + break;
> case 'e':
> rsync_prog = optarg;
> break;
> @@ -1350,7 +1356,7 @@ main(int argc, char *argv[])
>
> if (noop && pledge("stdio", NULL) == -1)
> err(EXIT_FAILURE, "pledge");
> - proc_rsync(rsync_prog, fd[0], noop);
> + proc_rsync(rsync_prog, bind_addr, fd[0], noop);
> /* NOTREACHED */
> }
>
> @@ -1505,6 +1511,7 @@ main(int argc, char *argv[])
>
> usage:
> fprintf(stderr,
> - "usage: rpki-client [-fnqrv] [-e rsync_prog] tal ...\n");
> + "usage: rpki-client [-fnqrv] [-b bind_addr] [-e rsync_prog] "
> + "tal ...\n");
> return EXIT_FAILURE;
> }
> Index: rpki-client.8
> ===================================================================
> RCS file: /cvs/src/usr.sbin/rpki-client/rpki-client.8,v
> retrieving revision 1.3
> diff -u -p -r1.3 rpki-client.8
> --- rpki-client.8 18 Jun 2019 13:28:37 -0000 1.3
> +++ rpki-client.8 9 Aug 2019 06:52:47 -0000
> @@ -25,6 +25,7 @@ for Origin Validation.
> .Sh SYNOPSIS
> .Nm
> .Op Fl fnqrv
> +.Op Fl b Ar bind_addr
> .Op Fl e Ar rsync_prog
> .Ar tal1 tal2 ...
> .Sh DESCRIPTION
> @@ -38,6 +39,10 @@ to fetch certificates, manifests, revoca
> announcements themselves.
> Its arguments are as follows:
> .Bl -tag -width Ds
> +.It Fl b Ar bind_addr
> +Tell the rsync client to use the specified
> +.Ar bind_addr
> +as the source address for connections.
> .It Fl e Ar rsync_prog
> Use
> .Ar rsync_prog
> @@ -45,7 +50,8 @@ instead of
> .Xr openrsync 1
> to fetch repositories.
> It must accept the
> -.Fl rlt
> +.Fl rlt ,
> +.Fl -address
> and
> .Fl -delete
> flags and connect with rsync-protocol locations.
>
