Re: bgpd, network add broken with rdomains ?
Thank you Denis, problem solved !
Le 03/12/2018 à 21:26, Denis Fondras a écrit :
> On Mon, Dec 03, 2018 at 09:19:10PM +0100, Denis Fondras wrote:
>> On Mon, Dec 03, 2018 at 05:59:26PM +0100, Julien Dhaille wrote:
>>> Hi. I am using bgpd within a rdomain (1).
>>> After the upgrade to 6.4 stable, I can’t announce prefixes anymore via
>>> bgpctl :
>>>
>>> router# ps aux -o rtable|grep bgp
>>>
>>> root 4039 0.0 0.1 300 1292 p0 S+p 5:12PM 0:00.00 grep
>>> bgp 0
>>> root 68170 0.0 0.2 1056 2060 p2 I+ 4:52PM 0:00.01 bgpd
>>> -dvv 1
>>> _bgpd 80238 0.0 0.4 4160 4264 p2 I+p 4:52PM 0:00.01 bgpd:
>>> route deci 1
>>> _bgpd 26255 0.0 0.2 1456 2164 p2 S+p 4:52PM 0:00.04 bgpd:
>>> session en 1
>>>
>>> router# route -T1 exec bgpctl network add 10.0.0.1/32 nexthop 10.0.0.20
>>> prepend-self 11
>>> or
>>> router# route -T1 exec bgpctl -s /var/run/bgpd.sock.1 network add
>>> 10.0.0.1/32 nexthop 10.0.0.20 prepend-self 11
>>>
>>> results in :
>>>
>>> network_add: prefix 10.0.0.1/32 in non-existing rdomain 0
>>>
>>> Am I missing a change or something ?
>>>
>> rde.c,v1.389 from Jul 10, 2018 introduced this "regression".
>>
>> Can you try this diff :
>>
> Well, a bit too fast...
>
> Index: bgpctl.c
> ===
> RCS file: /cvs/src/usr.sbin/bgpctl/bgpctl.c,v
> retrieving revision 1.224
> diff -u -p -r1.224 bgpctl.c
> --- bgpctl.c 28 Nov 2018 08:33:59 - 1.224
> +++ bgpctl.c 3 Dec 2018 20:24:41 -
> @@ -101,6 +101,7 @@ const char*print_auth_method(enum auth_
> struct imsgbuf *ibuf;
> struct mrt_parser show_mrt = { show_mrt_dump, show_mrt_state, show_mrt_msg };
> struct mrt_parser net_mrt = { network_mrt_dump, NULL, NULL };
> +int tableid;
>
> __dead void
> usage(void)
> @@ -116,7 +117,7 @@ int
> main(int argc, char *argv[])
> {
> struct sockaddr_un sun;
> - int fd, n, done, ch, nodescr = 0, verbose = 0, r;
> + int fd, n, done, ch, nodescr = 0, verbose = 0;
> struct imsg imsg;
> struct network_confignet;
> struct parse_result *res;
> @@ -128,8 +129,8 @@ main(int argc, char *argv[])
> if (pledge("stdio rpath wpath cpath unix inet dns", NULL) == -1)
> err(1, "pledge");
>
> - r = getrtable();
> - if (asprintf(&sockname, "%s.%d", SOCKET_NAME, r) == -1)
> + tableid = getrtable();
> + if (asprintf(&sockname, "%s.%d", SOCKET_NAME, tableid) == -1)
> err(1, "asprintf");
>
> while ((ch = getopt(argc, argv, "ns:")) != -1) {
> @@ -345,6 +346,7 @@ main(int argc, char *argv[])
> bzero(&net, sizeof(net));
> net.prefix = res->addr;
> net.prefixlen = res->prefixlen;
> + net.rtableid = tableid;
> /* attribute sets are not supported */
> if (res->action == NETWORK_ADD) {
> imsg_compose(ibuf, IMSG_NETWORK_ADD, 0, 0, -1,
> @@ -1981,6 +1983,7 @@ network_bulk(struct parse_result *res)
> errx(1, "bad prefix: %s", b);
> net.prefix = h;
> net.prefixlen = len;
> + net.rtableid = tableid;
>
> if (res->action == NETWORK_BULK_ADD) {
> imsg_compose(ibuf, IMSG_NETWORK_ADD,
>
>
>
--
Julien Dhaille
AS16080 / AS34913 - Dalenys Group
https://www.peeringdb.com/asn/16080
pEpkey.asc
Description: application/pgp-keys
Re: bgpd, network add broken with rdomains ?
Thank you Denis, problem solved !
Le 03/12/2018 à 21:26, Denis Fondras a écrit :
> On Mon, Dec 03, 2018 at 09:19:10PM +0100, Denis Fondras wrote:
>> On Mon, Dec 03, 2018 at 05:59:26PM +0100, Julien Dhaille wrote:
>>> Hi. I am using bgpd within a rdomain (1).
>>> After the upgrade to 6.4 stable, I can’t announce prefixes anymore via
>>> bgpctl :
>>>
>>> router# ps aux -o rtable|grep bgp
>>>
>>> root 4039 0.0 0.1 300 1292 p0 S+p 5:12PM 0:00.00 grep
>>> bgp 0
>>> root 68170 0.0 0.2 1056 2060 p2 I+ 4:52PM 0:00.01 bgpd
>>> -dvv 1
>>> _bgpd 80238 0.0 0.4 4160 4264 p2 I+p 4:52PM 0:00.01 bgpd:
>>> route deci 1
>>> _bgpd 26255 0.0 0.2 1456 2164 p2 S+p 4:52PM 0:00.04 bgpd:
>>> session en 1
>>>
>>> router# route -T1 exec bgpctl network add 10.0.0.1/32 nexthop 10.0.0.20
>>> prepend-self 11
>>> or
>>> router# route -T1 exec bgpctl -s /var/run/bgpd.sock.1 network add
>>> 10.0.0.1/32 nexthop 10.0.0.20 prepend-self 11
>>>
>>> results in :
>>>
>>> network_add: prefix 10.0.0.1/32 in non-existing rdomain 0
>>>
>>> Am I missing a change or something ?
>>>
>>
>> rde.c,v1.389 from Jul 10, 2018 introduced this "regression".
>>
>> Can you try this diff :
>>
>
> Well, a bit too fast...
>
> Index: bgpctl.c
> ===
> RCS file: /cvs/src/usr.sbin/bgpctl/bgpctl.c,v
> retrieving revision 1.224
> diff -u -p -r1.224 bgpctl.c
> --- bgpctl.c 28 Nov 2018 08:33:59 - 1.224
> +++ bgpctl.c 3 Dec 2018 20:24:41 -
> @@ -101,6 +101,7 @@ const char*print_auth_method(enum auth_
> struct imsgbuf *ibuf;
> struct mrt_parser show_mrt = { show_mrt_dump, show_mrt_state, show_mrt_msg };
> struct mrt_parser net_mrt = { network_mrt_dump, NULL, NULL };
> +int tableid;
>
> __dead void
> usage(void)
> @@ -116,7 +117,7 @@ int
> main(int argc, char *argv[])
> {
> struct sockaddr_un sun;
> - int fd, n, done, ch, nodescr = 0, verbose = 0, r;
> + int fd, n, done, ch, nodescr = 0, verbose = 0;
> struct imsg imsg;
> struct network_confignet;
> struct parse_result *res;
> @@ -128,8 +129,8 @@ main(int argc, char *argv[])
> if (pledge("stdio rpath wpath cpath unix inet dns", NULL) == -1)
> err(1, "pledge");
>
> - r = getrtable();
> - if (asprintf(&sockname, "%s.%d", SOCKET_NAME, r) == -1)
> + tableid = getrtable();
> + if (asprintf(&sockname, "%s.%d", SOCKET_NAME, tableid) == -1)
> err(1, "asprintf");
>
> while ((ch = getopt(argc, argv, "ns:")) != -1) {
> @@ -345,6 +346,7 @@ main(int argc, char *argv[])
> bzero(&net, sizeof(net));
> net.prefix = res->addr;
> net.prefixlen = res->prefixlen;
> + net.rtableid = tableid;
> /* attribute sets are not supported */
> if (res->action == NETWORK_ADD) {
> imsg_compose(ibuf, IMSG_NETWORK_ADD, 0, 0, -1,
> @@ -1981,6 +1983,7 @@ network_bulk(struct parse_result *res)
> errx(1, "bad prefix: %s", b);
> net.prefix = h;
> net.prefixlen = len;
> + net.rtableid = tableid;
>
> if (res->action == NETWORK_BULK_ADD) {
> imsg_compose(ibuf, IMSG_NETWORK_ADD,
>
>
>
bgpd, network add broken with rdomains ?
Hi. I am using bgpd within a rdomain (1). After the upgrade to 6.4 stable, I can’t announce prefixes anymore via bgpctl : router# ps aux -o rtable|grep bgp root 4039 0.0 0.1 300 1292 p0 S+p 5:12PM 0:00.00 grep bgp 0 root 68170 0.0 0.2 1056 2060 p2 I+ 4:52PM 0:00.01 bgpd -dvv 1 _bgpd 80238 0.0 0.4 4160 4264 p2 I+p 4:52PM 0:00.01 bgpd: route deci 1 _bgpd 26255 0.0 0.2 1456 2164 p2 S+p 4:52PM 0:00.04 bgpd: session en 1 router# route -T1 exec bgpctl network add 10.0.0.1/32 nexthop 10.0.0.20 prepend-self 11 or router# route -T1 exec bgpctl -s /var/run/bgpd.sock.1 network add 10.0.0.1/32 nexthop 10.0.0.20 prepend-self 11 results in : network_add: prefix 10.0.0.1/32 in non-existing rdomain 0 Am I missing a change or something ? thanks
Re: [PATCH] parse ! on hostname.if for autoinstall
Permit adding routes in installer was my goal :)
Le 10/11/2018 à 01:16, Todd T. Fries a écrit :
> Would there be any merit in contemplating a syntax that would permit
> adding routes in hostname.if so the installer could pick that up and
> avoid the much more corner case shell disaster scenarios?
>
> note .. 'route add' no longer requires -inet6 so we would not need a
> special route6 syntax.
>
> For example, one attempt at doing this could look like the below:
>
> /usr/src/etc$ cat /etc/hostname.vether2
> 10.2.2.2/24
> inet6 eui64
> route 1.2.3.0/24 10.2.2.1
> route 2001:db8::/96 fe80::1%\$if
> /usr/src/etc$ doas sh ./netstart -n vether2
> ifconfig vether2 10.2.2.2/24
> ifconfig vether2 inet6 eui64
> route -q add 1.2.3.0/24 10.2.2.1
> route -q add 2001:db8::/96 fe80::1%vether2
> /usr/src/etc$ ifconfig vether2
> vether2: flags=8843 mtu 1500
> lladdr fe:e1:ba:dc:67:9b
> index 20 priority 0 llprio 3
> groups: vether
> media: Ethernet autoselect
> status: active
> inet 10.2.2.2 netmask 0xff00 broadcast 10.2.2.255
> inet6 fe80::6a0e:c942:3581:6ebf%vether2 prefixlen 64 scopeid 0x14
> /usr/src/etc$ netstat -nr | grep vether2
> 1.2.3/24 10.2.2.1 UGS00 - 8
> vether2
> 10.2.2/24 10.2.2.2 UCn10 - 4
> vether2
> 10.2.2.1 link#20UHLch 12 - 3
> vether2
> 10.2.2.2 fe:e1:ba:dc:67:9b UHLl 00 - 1
> vether2
> 10.2.2.255 10.2.2.2 UHb00 - 1
> vether2
> 2001:db8::/96 fe80::1%vether2UGS
> 00 - 8 vether2
> fe80::%vether2/64 fe80::6a0e:c942:3581:6ebf%vether2 UCn
> 10 - 4 vether2
> fe80::1%vether2link#20UHLch
> 12 - 3 vether2
> fe80::6a0e:c942:3581:6ebf%vether2 fe:e1:ba:dc:67:9b UHLl
> 00 - 1 vether2
> ff01::%vether2/32 fe80::6a0e:c942:3581:6ebf%vether2 Um
> 00 - 4 vether2
> ff02::%vether2/32 fe80::6a0e:c942:3581:6ebf%vether2 Um
> 00 - 4 vether2
> /usr/src/etc$ diff -u netstart.orig netstart
> --- netstart.orig Fri Nov 9 17:58:58 2018
> +++ netstart Fri Nov 9 18:09:39 2018
> @@ -68,6 +68,10 @@
> _cmds[${#_cmds[*]}]="ifconfig $_if ${_c[@]} up;dhclient $_if"
> V4_DHCPCONF=true
> ;;
> + route) ((${#_c[*]} == 3)) || return
> + _cmd=$(print -- "${_c[@]}" | sed 's/\$if/'$_if'/g')
> + _cmds[${#_cmds[*]}]="route -q add${_cmd#route}"
> + ;;
> '!'*) _cmd=$(print -- "${_c[@]}" | sed 's/\$if/'$_if'/g')
> _cmds[${#_cmds[*]}]="${_cmd#!}"
> ;;
>
>
>
> If this is worth pursuing, I'll create and test an installer equivalent
> version.
>
> Thanks,
>
> Penned by Theo de Raadt on 20181109 10:13.33, we have:
> | This was intentional because a user could put crazy script commands
> | in the files which don't work in the bsd.rd context. bsd.rd is
> | quite gutted.
> |
> | That means some circumstances could fail quite badly
> |
> | Could be reconsidered...
> |
> | > During auto upgrade via the auto_upgrade.conf file (no DHCP server),
> | > shell commands are skipped.
> | > This small diff is coming from parse_hn_line() in /etc/netstart, thus,
> | > it keeps the behavior similar.
> | > I think it's handy, especially if you need a static route in order to
> | > reach a mirror for example.
> | >
> | > diff --git install.sub install.sub
> | > index bce1fa50358..31dbafdc95d 100644
> | > --- install.sub
> | > +++ install.sub
> | > @@ -2319,8 +2319,11 @@ parse_hn_line() {
> | > _cmds[${#_cmds[*]}]="ifconfig $_if ${_c[@]} up;dhclient
> | > $_if"
> | > V4_DHCPCONF=true
> | > ;;
> | > - '!'*|bridge)
> | > - # Skip shell commands and bridge in the installer.
> | > + '!'*) _cmd=$(print -- "${_c[@]}" | sed 's/\$if/'$_if'/g')
> | > + _cmds[${#_cmds[*]}]="${_cmd#!}"
> | > + ;;
> | > + bridge)
> | > + # Skip bridge in the installer.
> | > return
> | > ;;
> | > *) _cmds[${#_cmds[*]}]="ifconfig $_if ${_c[@]}"
> | >
> | >
> | > Cheers
> | >
>
Re: [PATCH] parse ! on hostname.if for autoinstall
diff --git distrib/miniroot/install.sub distrib/miniroot/install.sub
index bce1fa50358..31dbafdc95d 100644
--- distrib/miniroot/install.sub
+++ distrib/miniroot/install.sub
@@ -2319,8 +2319,11 @@ parse_hn_line() {
_cmds[${#_cmds[*]}]="ifconfig $_if ${_c[@]} up;dhclient
$_if"
V4_DHCPCONF=true
;;
- '!'*|bridge)
- # Skip shell commands and bridge in the installer.
+ '!'*) _cmd=$(print -- "${_c[@]}" | sed 's/\$if/'$_if'/g')
+ _cmds[${#_cmds[*]}]="${_cmd#!}"
+ ;;
+ bridge)
+ # Skip bridge in the installer.
return
;;
*) _cmds[${#_cmds[*]}]="ifconfig $_if ${_c[@]}"
Le 09/11/2018 à 17:21, Gilles Chehade a écrit :
> On Fri, Nov 09, 2018 at 05:10:00PM +0100, Julien Dhaille wrote:
>> Hi.
>>
>> During auto upgrade via the auto_upgrade.conf file (no DHCP server),
>> shell commands are skipped.
>> This small diff is coming from parse_hn_line() in /etc/netstart, thus,
>> it keeps the behavior similar.
>> I think it's handy, especially if you need a static route in order to
>> reach a mirror for example.
>>
>
> diff is barely readable :-p
>
>
>> diff --git install.sub install.sub
>> index bce1fa50358..31dbafdc95d 100644
>> --- install.sub
>> +++ install.sub
>> @@ -2319,8 +2319,11 @@ parse_hn_line() {
>> ?? _cmds[${#_cmds[*]}]="ifconfig $_if ${_c[@]}
>> up;dhclient
>> $_if"
>> ?? V4_DHCPCONF=true
>> ?? ;;
>> - '!'*|bridge)
>> - # Skip shell commands and bridge in the
>> installer.
>> + '!'*) _cmd=$(print -- "${_c[@]}" | sed 's/\$if/'$_if'/g')
>> + _cmds[${#_cmds[*]}]="${_cmd#!}"
>> + ;;
>> + bridge)
>> + # Skip bridge in the installer.
>> ?? return
>> ?? ;;
>> ?? *)?? _cmds[${#_cmds[*]}]="ifconfig $_if ${_c[@]}"
>>
>>
>> Cheers
>>
>
[PATCH] parse ! on hostname.if for autoinstall
Hi.
During auto upgrade via the auto_upgrade.conf file (no DHCP server),
shell commands are skipped.
This small diff is coming from parse_hn_line() in /etc/netstart, thus,
it keeps the behavior similar.
I think it's handy, especially if you need a static route in order to
reach a mirror for example.
diff --git install.sub install.sub
index bce1fa50358..31dbafdc95d 100644
--- install.sub
+++ install.sub
@@ -2319,8 +2319,11 @@ parse_hn_line() {
_cmds[${#_cmds[*]}]="ifconfig $_if ${_c[@]} up;dhclient
$_if"
V4_DHCPCONF=true
;;
- '!'*|bridge)
- # Skip shell commands and bridge in the installer.
+ '!'*) _cmd=$(print -- "${_c[@]}" | sed 's/\$if/'$_if'/g')
+ _cmds[${#_cmds[*]}]="${_cmd#!}"
+ ;;
+ bridge)
+ # Skip bridge in the installer.
return
;;
*) _cmds[${#_cmds[*]}]="ifconfig $_if ${_c[@]}"
Cheers
[patch] adds include statement in dhcpd.conf
Hi,
this diff implements the “include” statement, like other daemons.
Also the config file can be split between different files (in my case, a big
list of client is generated from a script, and I don’t want to modify
dhcpd.conf).
Although, I am not even sure if this diff is decent and if it’s a good idea.
Have a good day :)
Index: conflex.c
===
RCS file: /cvs/src/usr.sbin/dhcpd/conflex.c,v
retrieving revision 1.19
diff -u -p -u -p -r1.19 conflex.c
--- conflex.c 24 Apr 2017 14:58:36 - 1.19
+++ conflex.c 10 May 2018 23:30:56 -
@@ -321,6 +321,7 @@ static const struct keywords {
{ "hardware", TOK_HARDWARE },
{ "host", TOK_HOST },
{ "hostname", TOK_HOSTNAME },
+ { "include",TOK_INCLUDE },
{ "ipsec-tunnel", TOK_IPSEC_TUNNEL },
{ "lease", TOK_LEASE },
{ "max-lease-time", TOK_MAX_LEASE_TIME },
Index: confpars.c
===
RCS file: /cvs/src/usr.sbin/dhcpd/confpars.c,v
retrieving revision 1.33
diff -u -p -u -p -r1.33 confpars.c
--- confpars.c 24 Apr 2017 14:58:36 - 1.33
+++ confpars.c 10 May 2018 23:30:56 -
@@ -329,6 +329,23 @@ parse_statement(FILE *cfile, struct grou
parse_warn("use-host-decl-names not allowed here.");
group->use_host_decl_names = parse_boolean(cfile);
break;
+
+ case TOK_INCLUDE:
+ group->include = parse_string(cfile);
+ if ((cfile = fopen(group->include, "r")) == NULL)
+ fatal("Can't open %s", group->include);
+ do {
+ token = peek_token(&val, cfile);
+ if (token == EOF)
+ break;
+ declaration = parse_statement(cfile, &root_group,
+ ROOT_GROUP,
+ NULL,
+ declaration);
+ } while (1);
+ token = next_token(&val, cfile); /* Clear the peek buffer */
+ fclose(cfile);
+ break;
case TOK_USE_LEASE_ADDR_FOR_DEFAULT_ROUTE:
group->use_lease_addr_for_default_route =
Index: dhcpd.conf.5
===
RCS file: /cvs/src/usr.sbin/dhcpd/dhcpd.conf.5,v
retrieving revision 1.23
diff -u -p -u -p -r1.23 dhcpd.conf.5
--- dhcpd.conf.51 Mar 2018 20:48:11 - 1.23
+++ dhcpd.conf.510 May 2018 23:30:56 -
@@ -873,6 +873,25 @@ into its response (DHCP ACK or NAK) per
In other words if the client sends the option it will receive it back.
By default, this flag is on
and client identifiers will be echoed back to the client.
+.Pp
+The
+.Ic include
+statement allows additional configuration files to be included:
+.Pp
+.D1 Ic include Qq Ar filename ;
+.Pp
+For example:
+.Bd -literal -offset indent
+include "/etc/dhcpd.conf.hosts";
+include "/etc/dhcpd.conf.office1";
+include "/etc/dhcpd.conf.office2";
+.Ed
+.Pp
+You can split the client declarations into different files.
+It could be use in order to keep
+.Nm
+small and easy to read, and if you want to generate clients declaration
+from an external script.
.Sh REFERENCE: OPTION STATEMENTS
DHCP option statements are documented in the
.Xr dhcp-options 5
Index: dhcpd.h
===
RCS file: /cvs/src/usr.sbin/dhcpd/dhcpd.h,v
retrieving revision 1.66
diff -u -p -u -p -r1.66 dhcpd.h
--- dhcpd.h 4 Aug 2017 02:01:46 - 1.66
+++ dhcpd.h 10 May 2018 23:30:56 -
@@ -196,6 +196,7 @@ struct group {
int allow_booting;
int get_lease_hostnames;
int use_host_decl_names;
+ char *include;
int use_lease_addr_for_default_route;
int authoritative;
int always_reply_rfc1048;
Index: dhctoken.h
===
RCS file: /cvs/src/usr.sbin/dhcpd/dhctoken.h,v
retrieving revision 1.8
diff -u -p -u -p -r1.8 dhctoken.h
--- dhctoken.h 24 Apr 2017 14:58:36 - 1.8
+++ dhctoken.h 10 May 2018 23:30:56 -
@@ -92,6 +92,7 @@
#define TOK_ALWAYS_REPLY_RFC1048 335
#define TOK_IPSEC_TUNNEL 336
#define TOK_ECHO_CLIENT_ID 337
+#define TOK_INCLUDE338
#define is_identifier(x) ((x) >= TOK_FIRST_TOKEN && \
(x) != TOK_STRING && \
/etc/netstart permissions
Hello guys.
Some deployment or configuration management tools can sometimes create or alter
/etc/mygate.
/etc/netstart fix the permissions for hostname.* so I thought maybe it could be
useful to also check and fix the permissions of /etc/mygate
greetings
Index: etc/netstart
===
RCS file: /cvs/src/etc/netstart,v
retrieving revision 1.197
diff -u -p -u -p -r1.197 netstart
--- etc/netstart4 Mar 2018 10:12:26 - 1.197
+++ etc/netstart25 Mar 2018 17:41:31 -
@@ -19,6 +19,17 @@ stripcom() {
done <$_file
}
+# Check the current permissions on hostname.if files and /etc/mygate
+set_permissions() {
+ local _inter=$1
+ set -A _stat -- $(ls -nL $_inter)
+ if [[ "${_stat[0]}${_stat[2]}${_stat[3]}" != *---00 ]]; then
+ print -u2 "WARNING: $_inter is insecure, fixing permissions."
+ chmod -LR o-rwx $_inter
+ chown -LR root:wheel $_inter
+ fi
+}
+
# Parse and "unpack" a hostname.if(5) line given as positional parameters.
# Fill the _cmds array with the resulting interface configuration commands.
parse_hn_line() {
@@ -100,7 +111,7 @@ vifscreate() {
# Start a single interface.
# Usage: ifstart if1
ifstart() {
- local _if=$1 _hn=/etc/hostname.$1 _cmds _i=0 _line _stat
+ local _if=$1 _hn=/etc/hostname.$1 _cmds _i=0 _line
set -A _cmds
# Interface names must be alphanumeric only. We check to avoid
@@ -113,12 +124,7 @@ ifstart() {
fi
# Not using stat(1), we can't rely on having /usr yet.
- set -A _stat -- $(ls -nL $_hn)
- if [[ "${_stat[0]}${_stat[2]}${_stat[3]}" != *---00 ]]; then
- print -u2 "WARNING: $_hn is insecure, fixing permissions."
- chmod -LR o-rwx $_hn
- chown -LR root:wheel $_hn
- fi
+ set_permissions $_hn
# Check for ifconfig'able interface, except if -n option is specified.
if ! $PRINT_ONLY; then
@@ -193,6 +199,8 @@ defaultroute() {
$_cmd && break
fi
done
+
+ set_permissions /etc/mygate
}
# Get network related vars from rc.conf using the parsing routine from rc.subr.
route warning
Hi,
when a default gateway is not set :
# route get 4.4.4.4
route: writing to routing socket: No such process
this small patch uses oerrno translation :
# route get 4.4.4.4
get host 4.4.4.4: not in table
Index: route.c
===
RCS file: /cvs/src/sbin/route/route.c,v
retrieving revision 1.203
diff -u -p -r1.203 route.c
--- route.c 6 Sep 2017 20:21:22 - 1.203
+++ route.c 11 Oct 2017 22:05:22 -
@@ -676,8 +676,7 @@ newroute(int argc, char **argv)
}
if (*cmd == 'g') {
if (ret != 0 && qflag == 0)
- warn("writing to routing socket");
- exit(0);
+ oerrno = ESRCH;
}
oerrno = errno;
if (!qflag) {
[PATCH] bgpctl.8
Hi, this is just a simple patch to fix the width. Index: src/usr.sbin/bgpctl/bgpctl.8 === RCS file: /cvs/src/usr.sbin/bgpctl/bgpctl.8,v retrieving revision 1.70 diff -u -p -u -r1.70 bgpctl.8 --- src/usr.sbin/bgpctl/bgpctl.814 Oct 2016 16:05:35 - 1.70 +++ src/usr.sbin/bgpctl/bgpctl.826 Oct 2016 16:20:05 - @@ -333,7 +333,7 @@ Additionally, the following .Ar options are defined: .Pp -.Bl -tag -width "detail" -compact +.Bl -tag -width "selected" -compact .It Cm best Alias for .Ic selected . --- Julien Dhaille
[patch] bgpctl add details for summary
Hi. maybe it’s not revelant, but this patch provides more explanations about the output of “show summary”. Index: bgpctl.8 === RCS file: /cvs/src/usr.sbin/bgpctl/bgpctl.8,v retrieving revision 1.67 diff -u -p -u -r1.67 bgpctl.8 --- bgpctl.825 Oct 2015 13:08:29 - 1.67 +++ bgpctl.822 May 2016 16:05:13 - @@ -364,7 +364,24 @@ Multiple options can be used at the same filter can be combined with other filters. .It Cm show summary Show a list of all neighbors, including information about the session state -and message counters. +and message counters: +.Pp +.Bl -tag -width xx -compact +.It Neighbor +Description of the neighbor. +.It AS +Autonomous system number. +.It MsgRcvd +Number of messages received from the neighbor since the session was established. +.It MsgSent +Number of messages sent to the neighbor since the session was established. +.It OutQ +Number of outgoing messages queued. +.It Up/Down +Number of days and hours that the session has been up. +.It State/PrfRcvd +State of the session / Number of routes received. The session is up if there is no information for the State column (Established is not displayed). +.El .It Cm show summary terse Show a list of all neighbors, including information about the session state, in a terse format. -- Julien Dhaille
tcpdump yacc reference
Hi.
Not sure if yacc is needed here.
Index: src/usr.sbin/tcpdump/tcpdump.c
===
RCS file: /cvs/src/usr.sbin/tcpdump/tcpdump.c,v
retrieving revision 1.78
diff -u -p -u -r1.78 tcpdump.c
--- src/usr.sbin/tcpdump/tcpdump.c 22 Dec 2015 21:01:07 - 1.78
+++ src/usr.sbin/tcpdump/tcpdump.c 2 May 2016 22:12:18 -
@@ -224,7 +224,7 @@ main(int argc, char **argv)
opterr = 0;
while ((op = getopt(argc, argv,
- "Aac:D:deE:fF:i:IlLnNOopqr:s:StT:vw:xXy:Y")) != -1)
+ "Aac:D:deE:fF:i:IlLnNOopqr:s:StT:vw:xXy:")) != -1)
switch (op) {
case 'A':
@@ -357,15 +357,6 @@ main(int argc, char **argv)
case 'w':
WFileName = optarg;
break;
-#ifdef YYDEBUG
- case 'Y':
- {
- /* Undocumented flag */
- extern int yydebug;
- yydebug = 1;
- }
- break;
-#endif
case 'y':
i = pcap_datalink_name_to_val(optarg);
if (i < 0)
ifconfig man improvements
Hi, this is a simple annotation for carpdemote and -carpdemote. I find it helpful to know the maximum value acceptable for the argument 'number', and the maximum value allowed for the demote count. advskew and advbase provide these informations. Regards Index: ifconfig.8 === RCS file: /cvs/src/sbin/ifconfig/ifconfig.8,v retrieving revision 1.253 diff -u -p -u -r1.253 ifconfig.8 --- ifconfig.8 12 Mar 2015 18:28:34 - 1.253 +++ ifconfig.8 25 Jul 2015 21:58:34 - @@ -1188,17 +1188,17 @@ Increase .Xr carp 4 demote count for given interface group by .Ar number . -If +Acceptable values are 0 to 128. If .Ar number -is omitted, it is increased by 1. +is omitted, it is increased by 1. Demote count can be set up to 255. .It Fl carpdemote Op Ar number Decrease .Xr carp 4 demote count for given interface group by .Ar number . -If +Acceptable values are 0 to 128. If .Ar number -is omitted, it is decreased by 1. +is omitted, it is decreased by 1. .El .\" MPE .Sh MPE -- Julien Dhaille
[patch] faq pf/carp
Hi tech,
few links on the bottom of http://www.openbsd.org/faq/pf/carp.html looks
broken ("Bad request, You specified an invalid manpath").
cheers
Index: www/faq/pf/carp.html
===
RCS file: /cvs/www/faq/pf/carp.html,v
retrieving revision 1.41
diff -u -p -u -r1.41 carp.html
--- www/faq/pf/carp.html11 May 2015 11:18:30 - 1.41
+++ www/faq/pf/carp.html15 Jun 2015 12:43:14 -
@@ -690,10 +690,10 @@ Please see these other sources for more
-http://www.openbsd.org/cgi-bin/man.cgi?query=carp&sektion=4&manpath=OpenBSD+5.7
"
+http://www.openbsd.org/cgi-bin/man.cgi?query=carp&sektion=4";
>carp(4)
-http://www.openbsd.org/cgi-bin/man.cgi?query=pfsync&sektion=4&manpath=OpenBSD+5.7
"
+http://www.openbsd.org/cgi-bin/man.cgi?query=pfsync&sektion=4";
>pfsync(4)
http://www.openbsd.org/cgi-bin/man.cgi?query=ifconfig&sektion=8";
@@ -702,7 +702,7 @@ Please see these other sources for more
http://www.openbsd.org/cgi-bin/man.cgi?query=hostname.if&sektion=5";
>hostname.if(5)
-http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5&manpath=OpenBSD+5.7
"
+http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5
"
>pf.conf(5)
http://www.openbsd.org/cgi-bin/man.cgi?query=ifstated&sektion=8";
--
Julien Dhaille
Re: PATCH: relayd is not working under a non INET6 kernel
Just tried with a GENERIC kernel, however it's still working. So, if i follow you, this usage of INET6 define is definitely ugly ? 2013/1/29 Stuart Henderson > On 2013/01/29 05:40, Brad Smith wrote: > > - Original message - > > > Hi. > > > With a non INET6 kernel, relayd is not working : > > > fatal: icmp_init: socket: Protocol not supported. > > > > > > Cheers > > > > I could be wrong but I don't believe there is a INET6 define in userland > so this would just break relayd for people using v6. > > I think you are correct, there are various CFLAGS+=-DINET6 in various > userland Makefiles. > -- Julien Dhaille
PATCH: relayd is not working under a non INET6 kernel
Hi.
With a non INET6 kernel, relayd is not working :
fatal: icmp_init: socket: Protocol not supported.
Cheers
Index: check_icmp.c
===
RCS file: /cvs/src/usr.sbin/relayd/check_icmp.c,v
retrieving revision 1.34
diff -u -r1.34 check_icmp.c
--- check_icmp.c 17 Jan 2013 20:34:18 - 1.34
+++ check_icmp.c 28 Jan 2013 13:36:19 -
@@ -69,8 +69,11 @@
{
icmp_setup(env, &env->sc_icmp_send, AF_INET);
icmp_setup(env, &env->sc_icmp_recv, AF_INET);
+#ifdef INET6
icmp_setup(env, &env->sc_icmp6_send, AF_INET6);
icmp_setup(env, &env->sc_icmp6_recv, AF_INET6);
+#endif
+
env->sc_id = getpid() & 0x;
}
--
Julien Dhaille
Re: [PATCH] pfctl configuration file parser
Oops. This one is better, only display on : # pfctl -nf /etc/pf.conf Cheers Index: pfctl.c === RCS file: /cvs/src/sbin/pfctl/pfctl.c,v retrieving revision 1.314 diff -u -r1.314 pfctl.c --- pfctl.c 19 Sep 2012 15:52:17 - 1.314 +++ pfctl.c 24 Jan 2013 07:30:15 - @@ -2123,6 +2123,7 @@ opts &= ~ (PF_OPT_DISABLE | PF_OPT_ENABLE); clearopt = showopt = debugopt = NULL; altqsupport = 1; + fprintf(stderr, "configuration OK\n"); } if (opts & PF_OPT_DISABLE) -- Julien Dhaille
[PATCH] pfctl configuration file parser
Hi,
Most of daemons like bgpd, ospfd, smtpd, relayd, ... use to return
"configuration OK" when the parsing of configuration file is correct.
This patch probably seems useless, it's just a thought to stay coherent
with an uniform behavior.
Index: pfctl.c
===
RCS file: /cvs/src/sbin/pfctl/pfctl.c,v
retrieving revision 1.314
diff -u -r1.314 pfctl.c
--- pfctl.c 19 Sep 2012 15:52:17 - 1.314
+++ pfctl.c 23 Jan 2013 23:46:48 -
@@ -1342,6 +1342,8 @@
"pf rules not loaded");
else
goto _error;
+ } else {
+ fprintf(stderr, "configuration OK\n");
}
if (pfctl_load_ruleset(&pf, path, rs, 0)) {
Cheers
--
Julien Dhaille
