Re: SSI
Op 27 sep. 2012 om 22:51 heeft Grumpy gru...@grumble-bubble.org het volgende geschreven: For starters, what is SSI? As many TLAs go, it can mean multiple things. I won't try to guess what you want. Obviously, SSI is a recursive acronym for ``SSI Shrinks Information''. I am surprised a CS veteran like you doesn't know this. Grumpy Veteran, yes. But as you know, the set of aquired acronyms depends much upon environment. I once had a meeting (fresh from university) with some IBM engineers on the subject of the introduction of the first RS/6000 models in .nl. I still feel the sense of alienation, not knowing what a DASD was. I was guessing it was some very special storage device, but in the end it just meant direct access storage device: just a disk. FYI = For Your Information FYI = Fuck You Idiot Very useful distinction in corporate wide forwarding :-) Maybe this wil trigger an EOG (end of grumpiness :-) -Otto
Re: SSI
On 13:28 Fri 28 Sep , Brian Empson wrote: Wow This mailing list is crazy Isn't that fun?
npppd, framed_ip_address
Hello again, On 28 September 2012 03:17, YASUOKA Masahiko yasu...@yasuoka.netjavascript:; wrote: Hi, On Thu, 27 Sep 2012 13:41:52 -0400 Andrew Ngo andrew@gmail.com javascript:; wrote: Hm. I can't seem to get npppd to map users to static addresses in the npppd-users file, after trying various permutations of pool-address ##-## for static and such. The client is an iPhone running iOS 6.0, and is definitely able to set up a working vpn over l2tp/ipsec with the npppd server (many thx, btw), but the client is then always assigned a random address from the pool (and never the static one, incidentally... but that could just be chance). Did I screw something up in the configuration or has this particular feature not been implemented yet? Has anyone else had troubles with this? The feature was broken by the my configuration syntax change work. Thank you for your report. Attached diff will fix the problem. I tested the diff and it works over here; thanks. (By the way, the daemon goes absolutely bananas if you use a framed-ip-address on a different subnet than those in the pool. Bananas! I don't recommend this error. ^^) npppd will assign ip address dynamically on that case. Can you explain your recommendation? I only managed to replicate the error using pool-address [ip4] [ip4] for static in the pre-patched npppd, so it's probably a result of the same bug. (When I said bananas, I was just talking about the deluge of unhandled option messages. :) Anyway, I've attached the output -- it looks like a consequence of npppd thinking it has no addresses to allocate. 10:15:17:NOTICE: Starting npppd pid=12849 version=5.0.0 10:15:17:NOTICE: Load configuration from='/etc/npppd/npppd.conf' successfully. 10:15:17:INFO: pppx0 Started pppx 10:15:17:INFO: Listening /var/run/npppd_ctl (npppd_ctl) 10:15:17:INFO: ipcp=IPCP pool pool=[ 172.16.2.2/31,172.16.2.4/31,172.16.2.6/32] 10:15:17:INFO: Loading pool config successfully. 10:15:17:INFO: l2tpd Listening 0.0.0.0:1701/udp (L2TP LNS) [L2TP_ipv4] 10:15:17:INFO: l2tpd Listening [::]:1701/udp (L2TP LNS) [L2TP_ipv6] 10:15:27:NOTICE: l2tpd ctrl=1 logtype=Started RecvSCCRQ from=[...]:49950/udp tunnel_id=1/38 protocol=1.0 winsize=4 hostname=Rhinoceros vendor=(no vendorname) firm= 10:15:27:INFO: l2tpd ctrl=1 SendSCCRP 10:15:27:NOTICE: l2tpd ctrl=2 logtype=Started RecvSCCRQ from=[...]:49950/udp tunnel_id=2/38 protocol=1.0 winsize=4 hostname=Rhinoceros vendor=(no vendorname) firm= 10:15:27:INFO: l2tpd ctrl=2 SendSCCRP 10:15:28:INFO: l2tpd ctrl=1 RecvSCCN 10:15:28:INFO: l2tpd ctrl=1 SendZLB 10:15:28:INFO: l2tpd ctrl=1 call=4645 RecvICRQ session_id=849 10:15:28:INFO: l2tpd ctrl=1 call=4645 SendICRP session_id=4645 10:15:28:INFO: l2tpd ctrl=1 RecvZLB 10:15:29:INFO: l2tpd ctrl=1 call=4645 RecvICCN session_id=849 calling_number= tx_conn_speed=100 framing=async 10:15:29:NOTICE: l2tpd ctrl=1 call=4645 logtype=PPPBind ppp=0 10:15:29:INFO: ppp id=0 layer=base logtype=Started tunnel=L2TP_ipv4([...]:49950) 10:15:29:INFO: l2tpd ctrl=1 call=4645 SendZLB 10:15:29:DEBUG: l2tpd ctrl=1 SendZLB 10:15:30:INFO: l2tpd ctrl=1 RecvZLB 10:15:33:INFO: ppp id=0 layer=lcp logtype=Opened mru=1360/1360 auth=MS-CHAP-V2 magic=[...]/[...] 10:15:34:INFO: ppp id=0 layer=chap proto=mschap_v2 logtype=Success username=turnip realm=LOCAL 10:15:34:NOTICE: ppp id=0 layer=base No free address in the pool. 10:15:34:NOTICE: ppp id=0 layer=base No free address in the pool. 10:15:35:INFO: ppp id=0 layer=base unhandled protocol ipv6cp, 32855(8057) 10:15:35:INFO: ppp id=0 layer=ccp CCP is stopped 10:15:35:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 10:15:36:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 10:15:36:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 10:15:37:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 10:15:38:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 10:15:38:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 10:15:39:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 10:15:39:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 10:15:40:NOTICE: l2tpd ctrl=2 timeout waiting ack for ctrl packets. 10:15:40:NOTICE: l2tpd ctrl=2 logtype=Finished 10:15:40:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 10:15:40:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 10:15:41:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 10:15:41:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 10:15:42:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 10:15:42:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 10:15:43:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 10:15:43:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 ^C 10:15:44:INFO: l2tpd ctrl=1 call=4645 SendCDN result=ADMINISTRATIVE_REASON/3 10:15:44:NOTICE: l2tpd ctrl=1 call=4645 logtype=PPPUnbind 10:15:44:NOTICE: ppp id=0 layer=base logtype=TUNNELUSAGE user=turnip duration=15sec layer2=L2TP_ipv4 layer2from=[...]:49950 auth=MS-CHAP-V2 data_in=701bytes,28packets data_out=563bytes,31packets error_in=1 error_out=0 mppe=no
ospfd network
Hi, I have two questions regarding ospfd. a) is there an equivalent to Cisco's or Quagga's network definition network 10.0.0.0/24 area 0.0.0.1 in order to define that a certain network belongs to a certain area? From my understanding of ospfd.conf(5) the only way to do this is to put the interface definition in area {}. Maybe I'm missing something. b) quagga support ACLs on areas like import-list Is there a way for filtering out certain route announcements from remote routers? regards, Giannis
Re: SSI
On Fri, Sep 28, 2012 at 10:56:49AM +, Tom Bodr wrote: Op 27 sep. 2012 om 22:51 heeft Grumpy gru...@grumble-bubble.org het volgende geschreven: For starters, what is SSI? As many TLAs go, it can mean multiple things. I won't try to guess what you want. Obviously, SSI is a recursive acronym for ``SSI Shrinks Information''. I am surprised a CS veteran like you doesn't know this. Grumpy Veteran, yes. But as you know, the set of aquired acronyms depends much upon environment. I once had a meeting (fresh from university) with some IBM engineers on the subject of the introduction of the first RS/6000 models in .nl. I still feel the sense of alienation, not knowing what a DASD was. I was guessing it was some very special storage device, but in the end it just meant direct access storage device: just a disk. FYI = For Your Information FYI = Fuck You Idiot Very useful distinction in corporate wide forwarding :-) Maybe this wil trigger an EOG (end of grumpiness :-) -Otto Try walking into a meeting with doctors as the 'network guy' and spending a half hour thinking they are complete idiots because of what they are saying about POE. Which of course meant Power over Ethernet to me and Physician Order Entry to them. Ken
Re: ospf6d problem when a route already exists with a different nexthop
Sorry, here is the patch: diff -u ospf6d.uptodate/kroute.c ospf6d.patch1/kroute.c --- ospf6d.uptodate/kroute.cThu Sep 20 15:25:33 2012 +++ ospf6d.patch1/kroute.c Thu Sep 27 18:01:37 2012 @@ -59,6 +59,8 @@ intkr_redist_eval(struct kroute *, struct rroute *); void kr_redistribute(struct kroute_node *); intkroute_compare(struct kroute_node *, struct kroute_node *); +intkr_change_fib(struct kroute_node *, struct kroute *, int, int); +intkr_delete_fib(struct kroute_node *); struct kroute_node *kroute_find(const struct in6_addr *, u_int8_t); struct kroute_node *kroute_matchgw(struct kroute_node *, @@ -140,18 +142,102 @@ } int -kr_change(struct kroute *kroute) +kr_change_fib(struct kroute_node *kr, struct kroute *kroute, int krcount, +int action) { + int i; + struct kroute_node *kn, *nkn; + + if (action == RTM_ADD) { + /* +* First remove all stale multipath routes. +* This step must be skipped when the action is RTM_CHANGE +* because it is already a single path route that will be +* changed. +*/ + for (kn = kr; kn != NULL; kn = nkn) { + for (i = 0; i krcount; i++) { + if (IN6_ARE_ADDR_EQUAL(kn-r.nexthop,kroute[i].nexthop)) + break; + } + nkn = kn-next; + if (i == krcount) + /* stale route */ + if (kr_delete_fib(kn) == -1) + log_warnx(kr_delete_fib failed); + log_debug(kr_update_fib: before: %s%s, + log_in6addr(kn-r.nexthop), + i == krcount ? (deleted) : ); + } + } + + /* +* now add or change the route +*/ + for (i = 0; i krcount; i++) { + /* nexthop within 127/8 - ignore silently */ + if (kr IN6_IS_ADDR_LOOPBACK(kr-r.nexthop)) + continue; + + if (action == RTM_ADD kr) { + for (kn = kr; kn != NULL; kn = kn-next) { + if (IN6_ARE_ADDR_EQUAL(kn-r.nexthop,kroute[i].nexthop)) + break; + } + + log_debug(kr_update_fib: after : %s%s, +log_in6addr(kroute[i].nexthop), +kn == NULL ? (added) : ); + + if (kn != NULL) + /* nexthop already present, skip it */ + continue; + } else + /* modify first entry */ + kn = kr; + + /* send update */ + if (send_rtmsg(kr_state.fd, action, kroute[i]) == -1) + return (-1); + + /* create new entry unless we are changing the first entry */ + if (action == RTM_ADD) + if ((kn = calloc(1, sizeof(*kn))) == NULL) + fatal(NULL); + + kn-r.prefix = kroute[i].prefix; + kn-r.prefixlen = kroute[i].prefixlen; + kn-r.nexthop = kroute[i].nexthop; + kn-r.scope = kroute[i].scope; + kn-r.flags = kroute[i].flags | F_OSPFD_INSERTED; + kn-r.ext_tag = kroute[i].ext_tag; + rtlabel_unref(kn-r.rtlabel); /* for RTM_CHANGE */ + kn-r.rtlabel = kroute[i].rtlabel; + if (action == RTM_ADD) { + if (kroute_insert(kn) == -1) { + log_debug(kr_update_fib: cannot insert %s, + log_in6addr(kn-r.nexthop)); + free(kn); + } + } + action = RTM_ADD; + } + return (0); +} + +int +kr_change(struct kroute *kroute, int krcount) +{ struct kroute_node *kr; int action = RTM_ADD; kroute-rtlabel = rtlabel_tag2id(kroute-ext_tag); - if ((kr = kroute_find(kroute-prefix, kroute-prefixlen)) != - NULL) { - if (!(kr-r.flags F_KERNEL)) - action = RTM_CHANGE; - else { /* a non-ospf route already exists. not a problem */ + kr = kroute_find(kroute-prefix, kroute-prefixlen); + + if (kr != NULL) { + if (kr-r.flags F_KERNEL) { + /* a non-ospf route already exists. not a problem */ if (!(kr-r.flags F_BGPD_INSERTED)) { do { kr-r.flags |= F_OSPFD_INSERTED; @@ -170,79 +256,43 @@ * -