Re: pf: drop tcp packet when syn AND fin flags are set
On Mon, Mar 14, 2022 at 01:27:14AM +0100, Alexander Bluhm wrote:
> On Sun, Mar 13, 2022 at 11:24:33PM +0100, Remi Locherer wrote:
> > Hi,
> >
> > When pf processes a TCP packet with SYN and FIN flags set, it removes
> > the FIN flag and continuous processing it. I propose we change that and
> > let pf drop such a packet. I don't see any legit use for combining these
> > two flags in the same packet.
> >
> > Henning added this comment 7 years ago:
> > XXX why clear instead of drop?
> >
> > Damjan Dimitrov approached me with this. He got a request that his firewall
> > should drop TCP packets with SYN and FIN flags set. But with pf this can
> > currently not be done because the FIN flag is cleared before rule
> > processing.
> >
> > I tested the behaviour with scapy:
> > send(IP(dst="172.24.217.34")/TCP(dport=23,flags="SF"))
> >
> > Opinions? OKs?
>
> RFC 1644 TCP Extensions for Transactions (T/TCP) allows it
> RFC 6247 declares T/TCP historic due to security issues
> RFC 7413 TCP Fast Open (TFO) might reintroduce it
>
> The intension of the clear FIN in pf might be to convert T/TCP into
> regular TCP. But then the data should also be scrubbed. Our stack
> ignores SYN+data and SYN+FIN. I think it puts such a connection
> attempt into the syn-cache. Of course without data and FIN to avoid
> DoS.
This is how OpenBSD responds with pf disabled:
192.168.201.21.20 > 192.168.201.29.22: SF 0:0(0) win 8192
192.168.201.29.22 > 192.168.201.21.20: S 2641340782:2641340782(0) ack 1 win
16384 (DF)
So pf behaves kind of similar to that.
But even with T/TCP or TFO, I don't a legit use of a TCP packet with
SYN and FIN set together.
If we want to handle TFO then pf should probably inspect the TFO
option header and coocky.
> What about SYN+ACK+data+FIN ? When we ack this, the 3-way handhake
> is complete. I don't see why we should not allow it. Could you
> disable pf and see if our TCP stack can handle this?
With pf disabled:
192.168.201.21.20 > 192.168.201.29.22: SF [tcp sum ok] 0:1000(1000) ack 0 win
8192 (ttl 64, id 1, len 1040)
192.168.201.29.22 > 192.168.201.21.20: R [tcp sum ok] 0:0(0) win 0 (DF) (ttl
64, id 55619, len 40)
The same but without initial ACK and FIN:
192.168.201.21.20 > 192.168.201.29.22: S [tcp sum ok] 0:1000(1000) win 8192
(ttl 64, id 1, len 1040)
192.168.201.29.22 > 192.168.201.21.20: S [tcp sum ok] 689392523:689392523(0)
ack 1 win 16384 (DF) (ttl 64, id 10777, len 44)
>
> Maybe it should be
>
> /* No transactional TCP */
> if ((flags & (TH_ACK|TH_FIN)) == TH_FIN)
> goto tcp_drop;
>
Did T/TCP specify the combination of SYN and FIN flags?
With TFO a client can send a cookie and data together with the SYN.
But a FIN flag? I did not find a hint for that in the RFC.
> Or should we strip data and FIN from both SYN packets to disable
> TFO?
In the TCP stack or pf? An OpenBSD router with activated pf might be used to
protect hosts with support for TFO. So pf should probably not strip data and
the TFO cookie from SYN packets. But this does not imply that the TCP stack
has to support TFO IMHO.
> > Index: pf_norm.c
> > ===
> > RCS file: /cvs/src/sys/net/pf_norm.c,v
> > retrieving revision 1.223
> > diff -u -p -r1.223 pf_norm.c
> > --- pf_norm.c 10 Mar 2021 10:21:48 - 1.223
> > +++ pf_norm.c 13 Mar 2022 15:39:42 -
> > @@ -1117,8 +1117,9 @@ pf_normalize_tcp(struct pf_pdesc *pd)
> > if (flags & TH_RST)
> > goto tcp_drop;
> >
> > - if (flags & TH_FIN) /* XXX why clear instead of drop? */
> > - flags &= ~TH_FIN;
> > + /* Illegal packet */
> > + if (flags & TH_FIN)
> > + goto tcp_drop;
> > } else {
> > /* Illegal packet */
> > if (!(flags & (TH_ACK|TH_RST)))
> >
>
pf: drop tcp packet when syn AND fin flags are set
Hi,
When pf processes a TCP packet with SYN and FIN flags set, it removes
the FIN flag and continuous processing it. I propose we change that and
let pf drop such a packet. I don't see any legit use for combining these
two flags in the same packet.
Henning added this comment 7 years ago:
XXX why clear instead of drop?
Damjan Dimitrov approached me with this. He got a request that his firewall
should drop TCP packets with SYN and FIN flags set. But with pf this can
currently not be done because the FIN flag is cleared before rule processing.
I tested the behaviour with scapy:
send(IP(dst="172.24.217.34")/TCP(dport=23,flags="SF"))
Opinions? OKs?
Remi
Index: pf_norm.c
===
RCS file: /cvs/src/sys/net/pf_norm.c,v
retrieving revision 1.223
diff -u -p -r1.223 pf_norm.c
--- pf_norm.c 10 Mar 2021 10:21:48 - 1.223
+++ pf_norm.c 13 Mar 2022 15:39:42 -
@@ -1117,8 +1117,9 @@ pf_normalize_tcp(struct pf_pdesc *pd)
if (flags & TH_RST)
goto tcp_drop;
- if (flags & TH_FIN) /* XXX why clear instead of drop? */
- flags &= ~TH_FIN;
+ /* Illegal packet */
+ if (flags & TH_FIN)
+ goto tcp_drop;
} else {
/* Illegal packet */
if (!(flags & (TH_ACK|TH_RST)))
Re: ospfd/ospf6d, interfaces in log messages
On Tue, Nov 02, 2021 at 05:27:11PM +, Stuart Henderson wrote:
> I've recently started seeing a number of flaps with ospfd/ospf6d
> with invalid seq nums / "seq num mismatch, bad flags" logged.
> Not quite sure what's going yet as they must be occurring on
> various local switched segments on one nic and also on ethernet
> wan circuits direct to router on a separate pcie nic, anyway
> it's made it clear that very few of the log messages relating
> to neighbours identify which interface is involved.
>
> I don't know if it makes sense to commit or not, but there's a
> diff below adding the interface wherever the neighbour ID is logged
> if anyone's interested (same changes to both ospfd and ospf6d).
>
>
> Nov 2 11:29:30 ospfd[78532]: recv_db_description: neighbor ID xx.2:
> invalid seq num, mine 20d22487 his 20d22485
> Nov 2 11:29:30 ospf6d[89545]: recv_db_description: neighbor ID
> xx.2: invalid seq num, mine 4cabc5c1 his 4cabc5c0
> Nov 2 11:29:34 ospf6d[89545]: recv_db_description: neighbor ID
> xx.1: invalid seq num, mine 98360a5 his 98360a4
> Nov 2 11:29:34 ospfd[78532]: recv_db_description: neighbor ID xx.1:
> invalid seq num, mine f708c646 his f708c645
> Nov 2 11:29:38 ospfd[78532]: recv_db_description: neighbor ID
> xx.11: invalid seq num, mine e4068bcc his e4068bcb
> Nov 2 11:30:06 ospf6d[89545]: recv_db_description: neighbor ID
> xx.3: seq num mismatch, bad flags
> Nov 2 11:30:14 ospf6d[89545]: recv_db_description: neighbor ID
> xx.1: invalid seq num, mine 98360ae his 98360ad
> Nov 2 11:30:14 ospfd[78532]: recv_db_description: neighbor ID xx.1:
> invalid seq num, mine f708c64f his f708c64e
> Nov 2 11:30:22 ospfd[78532]: recv_db_description: neighbor ID xx.2:
> invalid seq num, mine 20d22493 his 20d22490
> Nov 2 11:30:22 ospfd[78532]: recv_db_description: neighbor ID xx.2:
> invalid seq num, mine 20d22493 his 20d22492
> Nov 2 11:30:39 ospfd[78532]: recv_db_description: neighbor ID xx.2:
> invalid seq num, mine 20d2249c his 20d2249b
> Nov 2 11:30:59 ospf6d[89545]: recv_db_description: neighbor ID
> xx.11: seq num mismatch, bad flags
> Nov 2 11:30:59 ospfd[78532]: recv_db_description: neighbor ID
> xx.11: seq num mismatch, bad flags
> Nov 2 11:31:09 ospfd[78532]: recv_db_description: neighbor ID xx.1:
> invalid seq num, mine f708c65c his f708c65b
>
I think this addition makes sense. Over which link a neighbor is connected
can only be looked up via ospfctl. It's valuable having this info in the
logs when analysing past events.
Diff reads fine, applies and compiles.
OK remi
>
> Index: ospf6d/database.c
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/database.c,v
> retrieving revision 1.20
> diff -u -p -r1.20 database.c
> --- ospf6d/database.c 15 Jul 2020 14:47:41 - 1.20
> +++ ospf6d/database.c 2 Nov 2021 17:11:38 -
> @@ -60,9 +60,9 @@ send_db_description(struct nbr *nbr)
> case NBR_STA_INIT:
> case NBR_STA_2_WAY:
> case NBR_STA_SNAP:
> - log_debug("send_db_description: neighbor ID %s: "
> + log_debug("send_db_description: neighbor ID %s (%s): "
> "cannot send packet in state %s", inet_ntoa(nbr->id),
> - nbr_state_name(nbr->state));
> + nbr->iface->name, nbr_state_name(nbr->state));
> goto fail;
> case NBR_STA_XSTRT:
> bits |= OSPF_DBD_MS | OSPF_DBD_M | OSPF_DBD_I;
> @@ -160,8 +160,8 @@ recv_db_description(struct nbr *nbr, cha
> int dupe = 0;
>
> if (len < sizeof(dd_hdr)) {
> - log_warnx("recv_db_description: neighbor ID %s: "
> - "bad packet size", inet_ntoa(nbr->id));
> + log_warnx("recv_db_description: neighbor ID %s (%s): "
> + "bad packet size", inet_ntoa(nbr->id), nbr->iface->name);
> return;
> }
> memcpy(&dd_hdr, buf, sizeof(dd_hdr));
> @@ -170,9 +170,10 @@ recv_db_description(struct nbr *nbr, cha
>
> /* db description packet sanity checks */
> if (ntohs(dd_hdr.iface_mtu) > nbr->iface->mtu) {
> - log_warnx("recv_db_description: neighbor ID %s: "
> + log_warnx("recv_db_description: neighbor ID %s (%s): "
> "invalid MTU %d expected %d", inet_ntoa(nbr->id),
> - ntohs(dd_hdr.iface_mtu), nbr->iface->mtu);
> + nbr->iface->name, ntohs(dd_hdr.iface_mtu),
> + nbr->iface->mtu);
> return;
> }
>
> @@ -180,8 +181,9 @@ recv_db_description(struct nbr *nbr, cha
> nbr->last_rx_bits == dd_hdr.bits &&
> ntohl(dd_hdr.dd_seq_num) == nbr->dd_seq_num - nbr->dd_master ?
> 1 : 0) {
> - log_debug("recv_db_description: dupe from neighbor ID %s",
> - inet_ntoa(nbr->id));
>
Re: wg(4) ipv6 ospf6d
On Wed, Aug 25, 2021 at 10:29:36PM +0100, Stuart Henderson wrote: > On 2021/08/25 13:33, Daniel Jakots wrote: > > On Wed, 25 Aug 2021 18:02:11 +0100, Stuart Henderson > > wrote: > > > > > If I manually configure a link-local the interface is successfully > > > added. > > > > > > Anyone have an idea what the behaviour should be here? For passive > > > would it make sense to accept an interface without link-local? > > > > I discussed about that with remi@ a few months ago when I considered > > using ospf6d, as I had the same cryptic error than you give. I was told: > > > > > ospf6d can not work without a link-local address on the interface. > > > RFC 5340 mandates the use of link-local addresses in section 2.5. > > > > And here's a link to the mentioned section: > > https://datatracker.ietf.org/doc/html/rfc5340#section-2.5 > > > > Cheers, > > Daniel > > Thanks, but in itself that doesn't give a reason to have this > restriction on a "passive" interface, in that case it's only > redistributing the network on the interface, not sending OSPF packets on > the interface itself. > I think with a passive interface OSPFv3 could work without link-local address. Allowing that in ospf6d would need a little bit of code shuffling. The config parser checks the existence of a link-local address on an interface before it looks at the interface block where the passive option would be. Maybe there are more places that would need to be changed. Remi
fix ospf6d.conf example
Hi,
danj@ noticed that our ospf6d.conf example is using multiple areas.
In the man page of ospf6d we state that multi area support is not
available. The daemon accepts such a config but does not do the right
thing if I remember correctly.
OK to change the example to use just one area?
Remi
Index: ospf6d.conf
===
RCS file: /cvs/src/etc/examples/ospf6d.conf,v
retrieving revision 1.1
diff -u -p -r1.1 ospf6d.conf
--- ospf6d.conf 11 Jul 2014 16:36:35 - 1.1
+++ ospf6d.conf 26 Mar 2021 08:30:49 -
@@ -20,14 +20,9 @@
area 0.0.0.5 {
interface em0 {
router-dead-time 20
+ router-priority 5
}
interface em1 {
- }
-}
-
-area 0.0.0.7 {
- interface em2 {
- router-priority 5
}
}
Re: ping graphical display
On February 19, 2021 8:56:31 PM UTC, Stuart Henderson wrote: >Canvassing opinions on having . and ! this way around. I'm using . for >response, ! for no response, which makes more sense to me but it's been >pointed out that it's the opposite of what cisco does so it might >confuse >some people. Also Junos uses "!" for sucessfull pings and "." for no response. https://kb.juniper.net/InfoCenter/index?page=content&id=KB25251 And if I remember it corectly then Brocade did it the same way as Cisco. The "-g" flag is used differently in various ping implementations. From man pages: * FreeBSD: - g is sweepmi size. * NetBSD: -g is used to specify a gateway for loose source routing. * Illumos: same as NetBSD * Linux: no -g I like the feature and think -g is fine. I would prefer if our ping would use "!" in the same way as Cisco. That is probably als consistent with -f where a "." also stands for a echo request. Remi
Re: fix: ospf6d(8): wrong intra area announcement
On Fri, Oct 02, 2020 at 02:01:09AM +0200, Jan Klemkow wrote:
> Hi,
>
> The new intra area db entry has to be saved into the tree before
> orig_intra_area_prefix_lsas() is called. If not, the ospf6d will not
> announce the new intra area db for a newly learned link from another
> ospf router of the broadcast domain.
>
> This bug is triggered, if you add new addresses an ospf interface while
> the ospf6d is already running as a backup designated router. The
> opposite designated ospf6d will get your new link announcement and
> return an old intra area db without the new address.
>
> Beside of the fix, the diff removes redundant code. I made the same
> diff for the ospfd to keep code in sync and remove redundant code there,
> too. ospfd does not have the bug explained above, as far as I know.
>
> Both regression tests passes with this diff.
>
> OK?
The ospfd part looks good to me.
Please also add the tab that denis@ add on top of your ospf6d diff.
OK remi@
>
> Bye,
> Jan
>
> Index: ospf6d/rde_lsdb.c
> ===
> RCS file: /cvs//src/usr.sbin/ospf6d/rde_lsdb.c,v
> retrieving revision 1.45
> diff -u -p -r1.45 rde_lsdb.c
> --- ospf6d/rde_lsdb.c 21 Aug 2020 10:17:35 - 1.45
> +++ ospf6d/rde_lsdb.c 1 Oct 2020 23:09:38 -
> @@ -467,6 +467,7 @@ lsa_add(struct rde_nbr *nbr, struct lsa
> struct lsa_tree *tree;
> struct vertex *new, *old;
> struct timeval tv, now, res;
> + int update = 1;
>
> if (LSA_IS_SCOPE_AS(ntohs(lsa->hdr.type)))
> tree = &asext_tree;
> @@ -495,16 +496,13 @@ lsa_add(struct rde_nbr *nbr, struct lsa
> fatal("lsa_add");
> return (1);
> }
> - if (!lsa_equal(new->lsa, old->lsa)) {
> - if (ntohs(lsa->hdr.type) == LSA_TYPE_LINK)
> - orig_intra_area_prefix_lsas(nbr->area);
> - if (ntohs(lsa->hdr.type) != LSA_TYPE_EXTERNAL)
> - nbr->area->dirty = 1;
> - start_spf_timer();
> - }
> + if (lsa_equal(new->lsa, old->lsa))
> + update = 0;
> vertex_free(old);
> RB_INSERT(lsa_tree, tree, new);
> - } else {
> + }
> +
> + if (update) {
> if (ntohs(lsa->hdr.type) == LSA_TYPE_LINK)
> orig_intra_area_prefix_lsas(nbr->area);
> if (ntohs(lsa->hdr.type) != LSA_TYPE_EXTERNAL)
> Index: ospfd/rde_lsdb.c
> ===
> RCS file: /cvs//src/usr.sbin/ospfd/rde_lsdb.c,v
> retrieving revision 1.50
> diff -u -p -r1.50 rde_lsdb.c
> --- ospfd/rde_lsdb.c 22 Nov 2015 13:09:10 - 1.50
> +++ ospfd/rde_lsdb.c 1 Oct 2020 23:06:57 -
> @@ -383,6 +383,7 @@ lsa_add(struct rde_nbr *nbr, struct lsa
> struct lsa_tree *tree;
> struct vertex *new, *old;
> struct timeval tv, now, res;
> + int update = 1;
>
> if (lsa->hdr.type == LSA_TYPE_EXTERNAL ||
> lsa->hdr.type == LSA_TYPE_AS_OPAQ)
> @@ -410,15 +411,13 @@ lsa_add(struct rde_nbr *nbr, struct lsa
> fatal("lsa_add");
> return (1);
> }
> - if (!lsa_equal(new->lsa, old->lsa)) {
> - if (lsa->hdr.type != LSA_TYPE_EXTERNAL &&
> - lsa->hdr.type != LSA_TYPE_AS_OPAQ)
> - nbr->area->dirty = 1;
> - start_spf_timer();
> - }
> + if (lsa_equal(new->lsa, old->lsa))
> + update = 0;
> vertex_free(old);
> RB_INSERT(lsa_tree, tree, new);
> - } else {
> + }
> +
> + if (update) {
> if (lsa->hdr.type != LSA_TYPE_EXTERNAL &&
> lsa->hdr.type != LSA_TYPE_AS_OPAQ)
> nbr->area->dirty = 1;
>
Re: rdomain.4: on removing rtables
On Tue, Sep 22, 2020 at 10:03:29PM +0200, Klemens Nanni wrote: > We have never been able to remove an rtable; until claudio moved them > explicitly with rtable_l2set() in if_loop.c:loop_clone_destroy(), i.e. > > revision 1.90 > date: 2020/01/08 09:09:10; author: claudio; state: Exp; lines: +6 -2; > In loop_clone_destroy() reset the rdomain with rtable_l2set() after > the if_detach() call. In if_detach() various route messages are > generated > and during that time the rtable_l2() mapping needs to stay. > OK kn@ > > it would still exist but not be assigned to any valid rdomain. Back then this > could be obvserved with `route -T1 ...' still "working" after having > destroyed lo1. > > Reverting claudio's commit on -CURRENT, that is with `netstat -R' now > available, confirms this: > > # sysctl kern.version > kern.version=OpenBSD 6.8-beta (GENERIC) #0: Tue Sep 22 21:24:48 CEST > 2020 > kn@eru:/sys/arch/amd64/compile/GENERIC > # ifconfig lo1 rdomain 1 > # netstat -R > Rdomain 0 > Interfaces: lo0 vio0 > Routing table: 0 > > Rdomain 1 > Interface: lo1 > Routing table: 1 > > # ifconfig lo1 destroy > # netstat -R > Rdomain 0 > Interfaces: lo0 vio0 > Routing table: 0 > > # route -T1 show > Routing tables > # echo $? > 0 > > > This is not documented anywhere and I'd certainly not expect it after > reading rtable(4). The manual says we can delete rdomains and is quiet > about deleting rtables, which can imply that rtables cannot be deleted > but might also imply that rtables are deleted automatically when > rdomains are deleted. > > Either way, explicit is better here, I think. > > Feedback? OK? The comment at the beginning of src/sys/net/rtable.c is the only place I'm aware of that documents that routing tables can not be deleted. I think it makes sense to document this in rtable(4). ok remi@ > > > Index: rdomain.4 > === > RCS file: /cvs/src/share/man/man4/rdomain.4,v > retrieving revision 1.14 > diff -u -p -r1.14 rdomain.4 > --- rdomain.4 30 Jul 2020 21:44:34 - 1.14 > +++ rdomain.4 22 Sep 2020 19:58:57 - > @@ -146,3 +146,5 @@ and IPv6 support first appeared in > .Sh CAVEATS > No tool is available to assign more than one rtable to an rdomain > other than to the default one (0). > +An rtable cannot be deleted. > +Deleting an rdomain will move its rtable into the default rdomain. >
Re: rdomain.4: add netstat -R example
On Tue, Sep 22, 2020 at 08:54:31PM +0200, Klemens Nanni wrote: > It's handy and otherwise easily missed when reading up on routing > domains and tables; wording taken from netstat(1) as is. > > Not listing pgrep(1)'s `-T' because examples don't have to be exhaustive > and ps(1) is already demonstrated; same for top(1) users which more > likely come across its `t' and `T' in the help page anyway (I guess). > > Feedback? OK? > ok remi@ > > Index: rdomain.4 > === > RCS file: /cvs/src/share/man/man4/rdomain.4,v > retrieving revision 1.14 > diff -u -p -r1.14 rdomain.4 > --- rdomain.4 30 Jul 2020 21:44:34 - 1.14 > +++ rdomain.4 22 Sep 2020 18:51:29 - > @@ -98,6 +98,10 @@ Put em0 and lo4 in rdomain 4: > # ifconfig em0 192.0.2.100/24 > .Ed > .Pp > +List all rdomains with associated interfaces and routing tables: > +.Pp > +.Dl # netstat -R > +.Pp > Set a default route and localhost reject route within rtable 4: > .Bd -literal -offset indent > # route -T4 -qn add -net 127 127.0.0.1 -reject > @@ -129,6 +133,7 @@ Delete rdomain 4 again: > # ifconfig lo4 destroy > .Ed > .Sh SEE ALSO > +.Xr netstat 1 , > .Xr ps 1 , > .Xr lo 4 , > .Xr route 4 , >
ospf(6)d: do not unlink the control socket
In 2018 we discussed that it is OK when ripd leaves its control socket
laying around:
https://marc.info/?l=openbsd-tech&m=154101413029926&w=2
When mestre@ adapted ldpd in June this year I was reminded to also adapt
ospfd and ospf6d for consistent.
OK?
Remi
Index: ospfd/control.c
===
RCS file: /cvs/src/usr.sbin/ospfd/control.c,v
retrieving revision 1.45
diff -u -p -r1.45 control.c
--- ospfd/control.c 29 Aug 2018 08:43:16 - 1.45
+++ ospfd/control.c 12 Sep 2020 13:13:54 -
@@ -125,13 +125,10 @@ control_listen(void)
}
void
-control_cleanup(char *path)
+control_cleanup(void)
{
- if (path == NULL)
- return;
event_del(&control_state.ev);
event_del(&control_state.evt);
- unlink(path);
}
/* ARGSUSED */
Index: ospfd/control.h
===
RCS file: /cvs/src/usr.sbin/ospfd/control.h,v
retrieving revision 1.7
diff -u -p -r1.7 control.h
--- ospfd/control.h 29 Aug 2018 08:43:16 - 1.7
+++ ospfd/control.h 12 Sep 2020 13:14:15 -
@@ -40,6 +40,6 @@ int control_listen(void);
void control_accept(int, short, void *);
void control_dispatch_imsg(int, short, void *);
intcontrol_imsg_relay(struct imsg *);
-void control_cleanup(char *);
+void control_cleanup(void);
#endif /* _CONTROL_H_ */
Index: ospfd/ospfd.c
===
RCS file: /cvs/src/usr.sbin/ospfd/ospfd.c,v
retrieving revision 1.113
diff -u -p -r1.113 ospfd.c
--- ospfd/ospfd.c 26 Jun 2020 19:04:38 - 1.113
+++ ospfd/ospfd.c 12 Sep 2020 13:14:42 -
@@ -282,8 +282,6 @@ main(int argc, char *argv[])
if (unveil("/", "r") == -1)
fatal("unveil");
- if (unveil(ospfd_conf->csock, "c") == -1)
- fatal("unveil");
if (unveil(NULL, NULL) == -1)
fatal("unveil");
@@ -318,7 +316,7 @@ ospfd_shutdown(void)
msgbuf_clear(&iev_rde->ibuf.w);
close(iev_rde->ibuf.fd);
- control_cleanup(ospfd_conf->csock);
+ control_cleanup();
while ((r = SIMPLEQ_FIRST(&ospfd_conf->redist_list)) != NULL) {
SIMPLEQ_REMOVE_HEAD(&ospfd_conf->redist_list, entry);
free(r);
Index: ospf6d/control.c
===
RCS file: /cvs/src/usr.sbin/ospf6d/control.c,v
retrieving revision 1.28
diff -u -p -r1.28 control.c
--- ospf6d/control.c1 Jan 2020 10:09:34 - 1.28
+++ ospf6d/control.c12 Sep 2020 13:29:06 -
@@ -124,13 +124,10 @@ control_listen(void)
}
void
-control_cleanup(char *path)
+control_cleanup(void)
{
- if (path == NULL)
- return;
event_del(&control_state.ev);
event_del(&control_state.evt);
- unlink(path);
}
/* ARGSUSED */
Index: ospf6d/control.h
===
RCS file: /cvs/src/usr.sbin/ospf6d/control.h,v
retrieving revision 1.6
diff -u -p -r1.6 control.h
--- ospf6d/control.h1 Sep 2018 19:21:10 - 1.6
+++ ospf6d/control.h12 Sep 2020 13:27:50 -
@@ -40,6 +40,6 @@ int control_listen(void);
void control_accept(int, short, void *);
void control_dispatch_imsg(int, short, void *);
intcontrol_imsg_relay(struct imsg *);
-void control_cleanup(char *);
+void control_cleanup(void);
#endif /* _CONTROL_H_ */
Index: ospf6d/ospf6d.c
===
RCS file: /cvs/src/usr.sbin/ospf6d/ospf6d.c,v
retrieving revision 1.47
diff -u -p -r1.47 ospf6d.c
--- ospf6d/ospf6d.c 26 Jun 2020 19:06:52 - 1.47
+++ ospf6d/ospf6d.c 12 Sep 2020 13:40:11 -
@@ -274,7 +274,8 @@ main(int argc, char *argv[])
fatalx("control socket setup failed");
main_imsg_compose_ospfe_fd(IMSG_CONTROLFD, 0, control_fd);
- if (unveil(ospfd_conf->csock, "c") == -1)
+ /* no filesystem visibility */
+ if (unveil("/", "") == -1)
fatal("unveil");
if (unveil(NULL, NULL) == -1)
fatal("unveil");
@@ -303,7 +304,7 @@ ospfd_shutdown(void)
msgbuf_clear(&iev_rde->ibuf.w);
close(iev_rde->ibuf.fd);
- control_cleanup(ospfd_conf->csock);
+ control_cleanup();
kr_shutdown();
carp_demote_shutdown();
Re: ospf6d: use ROUTE_FLAGFILTER
On Wed, Sep 02, 2020 at 03:23:28PM +1000, Jonathan Matthew wrote:
> Like ospfd, ospf6d can use ROUTE_FLAGFILTER to opt out of receiving messages
> relating to L2 and broadcast routes on its routing socket. We've been running
> this for a week or so with no problems.
>
> ok?
ok remi@
>
> Index: kroute.c
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/kroute.c,v
> retrieving revision 1.64
> diff -u -p -u -p -r1.64 kroute.c
> --- kroute.c 17 May 2020 18:29:25 - 1.64
> +++ kroute.c 18 Aug 2020 11:56:09 -
> @@ -102,6 +102,7 @@ kr_init(int fs, u_int rdomain, int redis
> int opt = 0, rcvbuf, default_rcvbuf;
> socklen_t optlen;
> int filter_prio = fib_prio;
> + int filter_flags = RTF_LLINFO | RTF_BROADCAST;
>
> kr_state.fib_sync = fs;
> kr_state.rdomain = rdomain;
> @@ -127,6 +128,12 @@ kr_init(int fs, u_int rdomain, int redis
> if (setsockopt(kr_state.fd, AF_ROUTE, ROUTE_PRIOFILTER, &filter_prio,
> sizeof(filter_prio)) == -1) {
> log_warn("%s: setsockopt AF_ROUTE ROUTE_PRIOFILTER", __func__);
> + /* not fatal */
> + }
> +
> + if (setsockopt(kr_state.fd, AF_ROUTE, ROUTE_FLAGFILTER, &filter_flags,
> + sizeof(filter_flags)) == -1) {
> + log_warn("%s: setsockopt AF_ROUTE ROUTE_FLAGFILTER", __func__);
> /* not fatal */
> }
>
>
Re: top: toggle routing tables
On Tue, Aug 25, 2020 at 09:34:55AM +0200, Klemens Nanni wrote:
> On Mon, Aug 24, 2020 at 12:52:46AM +0200, Klemens Nanni wrote:
> > Add `t' to swap the WAIT column with RTABLE (and vice versa); WAIT
> > is wide enough to fit RTABLE, somewhat adds additional value to STATE
> > and seems therefore most appropiate to hide in favour of RTABLE.
> >
> > Internally, I renamed the existing CMD_rtable command to filter routing
> > tables into CMD_rtableid in order to use CMD_rtable for showing them as
> > that seems in line with how CMD_threads is named to show threads, etc.
> >
> > format_header() semantics are slightly reworked/improved now that there
> > are two changing fields; instead of conditionally changing, it now
> > always updates it accordingly - i think that makes it clearer overall.
> >
> > format_next_process() now uses strlcpy() instead of snprintf() for plain
> > strings as I had to touch those lines anyway.
> >
> > Filtering rtables with `T' does not toggle the column, just like
> > filtering users with `u' does not toggle between user and thread id.
> >
> > Feedback? OK?
> New diff after feedback from jmc and a little cleanup I just committed
> to avoid churn here.
I like it!
ok remi@
>
> Index: display.c
> ===
> RCS file: /cvs/src/usr.bin/top/display.c,v
> retrieving revision 1.64
> diff -u -p -r1.64 display.c
> --- display.c 23 Aug 2020 21:11:55 - 1.64
> +++ display.c 25 Aug 2020 07:33:14 -
> @@ -826,6 +826,7 @@ show_help(void)
> "s time - change delay between displays to `time' seconds\n"
> "T [-]rtable - show processes associated with routing table
> `rtable'\n"
> " (T+ shows all, T -rtable hides rtable)\n"
> + "t- toggle the display of routing tables\n"
> "u [-]user- show processes for `user' (u+ shows all, u -user
> hides user)\n"
> "\n");
>
> Index: machine.c
> ===
> RCS file: /cvs/src/usr.bin/top/machine.c,v
> retrieving revision 1.109
> diff -u -p -r1.109 machine.c
> --- machine.c 25 Aug 2020 07:27:34 - 1.109
> +++ machine.c 25 Aug 2020 07:33:14 -
> @@ -75,8 +75,9 @@ struct handle {
> static char header[] =
> " PID XPRI NICE SIZE RES STATE WAIT TIMECPU
> COMMAND";
>
> -/* 0123456 -- field to fill in starts at header+6 */
> +/* offsets in the header line to start alternative columns */
> #define UNAME_START 6
> +#define RTABLE_START 46
>
> #define Proc_format \
> "%5d %-8.8s %3d %4d %5s %5s %-9s %-7.7s %6s %5.2f%% %s"
> @@ -226,16 +227,16 @@ machine_init(struct statics *statics)
> }
>
> char *
> -format_header(char *second_field)
> +format_header(char *second_field, char *eighth_field)
> {
> - char *field_name, *thread_field = " TID";
> - char *ptr;
> -
> - field_name = second_field ? second_field : thread_field;
> + char *second_fieldp = second_field, *eighth_fieldp = eighth_field, *ptr;
>
> ptr = header + UNAME_START;
> - while (*field_name != '\0')
> - *ptr++ = *field_name++;
> + while (*second_fieldp != '\0')
> + *ptr++ = *second_fieldp++;
> + ptr = header + RTABLE_START;
> + while (*eighth_fieldp != '\0')
> + *ptr++ = *eighth_fieldp++;
> return (header);
> }
>
> @@ -544,13 +545,12 @@ skip_processes(struct handle *hndl, int
>
> char *
> format_next_process(struct handle *hndl, const char *(*get_userid)(uid_t,
> int),
> -pid_t *pid)
> +int rtable, pid_t *pid)
> {
> - char *p_wait;
> struct kinfo_proc *pp;
> int cputime;
> double pct;
> - char second_buf[16];
> + char second_buf[16], eighth_buf[8];
>
> /* find and remember the next proc structure */
> pp = *(hndl->next_proc++);
> @@ -566,7 +566,11 @@ format_next_process(struct handle *hndl,
> strlcpy(second_buf, (*get_userid)(pp->p_ruid, 0),
> sizeof(second_buf));
>
> - p_wait = pp->p_wmesg[0] ? pp->p_wmesg : "-";
> + if (rtable)
> + snprintf(eighth_buf, sizeof(eighth_buf), "%7d", pp->p_rtableid);
> + else
> + strlcpy(eighth_buf, pp->p_wmesg[0] ? pp->p_wmesg : "-",
> + sizeof(eighth_buf));
>
> /* format this entry */
> snprintf(fmt, sizeof(fmt), Proc_format, pp->p_pid, second_buf,
> @@ -575,7 +579,7 @@ format_next_process(struct handle *hndl,
> format_k(pagetok(pp->p_vm_rssize)),
> (pp->p_stat == SSLEEP && pp->p_slptime > maxslp) ?
> "idle" : state_abbr(pp),
> - p_wait, format_time(cputime), 100.0 * pct,
> + eighth_buf, format_time(cputime), 100.0 * pct,
> printable(format_comm(pp)));
>
> *pid = pp->p_pid;
> Index: machine.h
> ===
> RCS file: /cvs/src/usr.bin
Re: top: filter by routing table
On Sun, Aug 23, 2020 at 10:45:14PM +0200, Klemens Nanni wrote: > On Sun, Aug 23, 2020 at 10:39:21PM +0200, Remi Locherer wrote: > > I like the feature and it works as advertised. > > > > It would be nice to have a column that displays the rtable id of > > each process when T is used. When I type "T-0" I see a list of procs > > not in rtable 0. But I still do not know in which one they are. > That's certainly possible, but we need to pick a column which is not > only suitable to omit but also wide enough to fit "RTABLE" as > description, I'd say. > > Are you OK with the diff as is? We can take care of the rest as a > separate diff. sure! ok remi@
Re: top: filter by routing table
On Sat, Aug 22, 2020 at 05:20:56PM -0600, Todd C. Miller wrote: > This looks good to me but I've refrained from commenting simply > because I don't use rtables at all myself. Can we get some feedback > from people who actually use rtables? > > - todd > I like the feature and it works as advertised. It would be nice to have a column that displays the rtable id of each process when T is used. When I type "T-0" I see a list of procs not in rtable 0. But I still do not know in which one they are. Remi
Re: rdomain.4: route -T takes an rtable, not rdomain
On Thu, Jul 30, 2020 at 04:08:01AM +0200, Klemens Nanni wrote: > Multiple rtables may exist in the default rdomain (0), that is their > corresponding rdomains/lo(4) interfaces do not have to exist. > > This demonstrates it; first, nothing but default, so route(8) fails: > > # netstat -R > Rdomain 0 > Interfaces: lo0 vio0 enc0 > Routing table: 0 > > # route -T1 exec id -R > route: routing table 1: No such file or directory > > Then create an rdomain and with it an rtable: > > # ifconfig lo1 rdomain 1 > # netstat -R > Rdomain 0 > Interfaces: lo0 vio0 enc0 > Routing table: 0 > > Rdomain 1 > Interface: lo1 > Routing table: 1 > > This makes route(8) work, but it keeps working when we remove the > rdomain again since the rtable persits: > > # route -T1 exec id -R > 1 > # ifconfig lo1 destroy > # netstat -R > Rdomain 0 > Interfaces: lo0 vio0 enc0 > Routing tables: 0 1 > > # route -T1 exec id -R > 1 > > > I'm not sure yet, whether this is intentional or in fact a bug. > Either ways, the manual should be fixed - route(8)'s synopsis says the > same, just like ping(8)'s `-V rtable': > > $ man -hs8 route > route [-dnqtv] [-T rtable] command [[modifiers] args] > > Feedback? Objections? OK? > OK remi@ > > Index: share/man/man4/rdomain.4 > === > RCS file: /cvs/src/share/man/man4/rdomain.4,v > retrieving revision 1.13 > diff -u -p -r1.13 rdomain.4 > --- share/man/man4/rdomain.4 1 Feb 2020 15:00:20 - 1.13 > +++ share/man/man4/rdomain.4 30 Jul 2020 01:56:39 - > @@ -98,7 +98,7 @@ Put em0 and lo4 in rdomain 4: > # ifconfig em0 192.0.2.100/24 > .Ed > .Pp > -Set a default route and localhost reject route within rdomain 4: > +Set a default route and localhost reject route within rtable 4: > .Bd -literal -offset indent > # route -T4 -qn add -net 127 127.0.0.1 -reject > # route -T4 -n add default 192.0.2.1 > @@ -106,7 +106,7 @@ Set a default route and localhost reject > .Pp > Start > .Xr sshd 8 > -in rdomain 4: > +in rtable 4: > .Pp > .Dl # route -T4 exec /usr/sbin/sshd > .Pp >
Re: ldpd engine process exits with pledge "cpath"
On Fri, Jun 19, 2020 at 02:43:00PM +0100, Ricardo Mestre wrote:
> mea culpa, but I'd rather just remove the unlink of the socket.
>
> OK?
Diff reads OK to me.
We had the same discussion in 2018 for ripd:
https://marc.info/?l=openbsd-tech&m=154101413029926&w=2
Note to self: ospfd should get the same treatment ...
>
> Index: control.c
> ===
> RCS file: /cvs/src/usr.sbin/ldpd/control.c,v
> retrieving revision 1.29
> diff -u -p -u -r1.29 control.c
> --- control.c 3 Mar 2017 23:30:57 - 1.29
> +++ control.c 19 Jun 2020 13:40:46 -
> @@ -98,11 +98,10 @@ control_listen(void)
> }
>
> void
> -control_cleanup(char *path)
> +control_cleanup(void)
> {
> accept_del(control_fd);
> close(control_fd);
> - unlink(path);
> }
>
> /* ARGSUSED */
> Index: control.h
> ===
> RCS file: /cvs/src/usr.sbin/ldpd/control.h,v
> retrieving revision 1.9
> diff -u -p -u -r1.9 control.h
> --- control.h 3 Mar 2017 23:30:57 - 1.9
> +++ control.h 19 Jun 2020 13:40:46 -
> @@ -32,7 +32,7 @@ extern struct ctl_conns ctl_conns;
>
> int control_init(char *);
> int control_listen(void);
> -void control_cleanup(char *);
> +void control_cleanup(void);
> int control_imsg_relay(struct imsg *);
>
> #endif /* _CONTROL_H_ */
> Index: ldpe.c
> ===
> RCS file: /cvs/src/usr.sbin/ldpd/ldpe.c,v
> retrieving revision 1.76
> diff -u -p -u -r1.76 ldpe.c
> --- ldpe.c10 Aug 2019 01:30:53 - 1.76
> +++ ldpe.c19 Jun 2020 13:40:46 -
> @@ -171,7 +171,7 @@ ldpe_shutdown(void)
> msgbuf_clear(&iev_main->ibuf.w);
> close(iev_main->ibuf.fd);
>
> - control_cleanup(global.csock);
> + control_cleanup();
> config_clear(leconf);
>
> if (sysdep.no_pfkey == 0) {
>
Re: netstat -R: list rdomains with associated ifs and tables
On Wed, Jun 10, 2020 at 11:47:49PM +0200, Sebastian Benoit wrote: > Remi Locherer(remi.loche...@relo.ch) on 2020.06.10 22:16:36 +0200: > > On Tue, Jun 09, 2020 at 10:02:06AM +0200, Remi Locherer wrote: > > > On Tue, Jun 09, 2020 at 09:17:31AM +0200, Claudio Jeker wrote: > > > > On Tue, Jun 09, 2020 at 08:44:42AM +0200, Remi Locherer wrote: > > > > > On Mon, Jun 08, 2020 at 10:10:17PM +0200, Remi Locherer wrote: > > > > > > Hi, > > > > > > > > > > > > to my knowledge there is no easy way to list all active rdomains or > > > > > > routing tables. Other platforms have "show vrf" or similar commands > > > > > > for an overview. > > > > > > > > > > > > Here is my attempt at such a view for OpenBSD: > > > > > > > > > > Updated diff with small changes: > > > > > - Print inet instead of Internet (input deraadt) > > > > > - Removed padding before rdomain id. > > > > > - Changed man page wording. > > > > > > > > > > twister ..in/netstat$ obj/netstat -R > > > > > Rdomain 0 > > > > > Interfaces: lo0 iwm0 re0 enc0 pflog0 mpe0 > > > > > Routing tables: > > > > > 0: inet 8, inet6 45, mpls 1 > > > > > 3: inet 1, inet6 0, mpls 0 > > > > > 7: inet 130309, inet6 1, mpls 0 > > > > > > > > > > Rdomain 77 > > > > > Interfaces: vether77 lo77 > > > > > Routing tables: > > > > > 77: inet 0, inet6 0, mpls 0 > > > > > > > > > > Rdomain 122 > > > > > Interfaces: vether122 lo122 pair122 vether1122 vether1123 > > > > > vether1124 vether1125 vether1126 vether1127 > > > > > Routing tables: > > > > > 122: inet 24, inet6 0, mpls 0 > > > > > > > > > > Rdomain 255 > > > > > Interfaces: vether255 lo255 > > > > > Routing tables: > > > > > 255: inet 3, inet6 0, mpls 0 > > > > > > > > > > twister ..in/netstat$ > > > > > > > > > > OK? > > > > > > > > Why do you think the route counts are needed? You fetch all routing > > > > tables > > > > to count them in userland. The sysctl for doing that is expensive and > > > > especially on systems with full tables will make this command slow. > > > > If this is something we really want then the kernel should track and > > > > provide the count. > > > > > > These counters are of interest for operators. But I agree that counting > > > the routes in userland is unfortunate. But I don't know how bad it is. > > > Is a lock involved in the kernel when dumping the full table? > > > > I did some homework and figured out, that dumping a routing table takes the > > NET_LOCK. So it's not just inefficient counting all routes in userland it > > might have a negative impact on the system. > > > > Below my new proposal without the counters. I still think it would be good > > to have those counters. Maybe I'll try to find a solution for that. > > Maybe sysctl NET_RT_STATS and struct rtstat could be expanded to cover this? I also looked at that. If I understand sysctl_rtable_rstat() correct then it is not per table but for all of them. I guess I can change that. ;-)
Re: netstat -R: list rdomains with associated ifs and tables
On Wed, Jun 10, 2020 at 11:44:17PM +0100, Stuart Henderson wrote:
> It's useful information, I like it. (I preferred it with the route
> count, but I agree, it's hard on the system if there's a full DFZ
> table).
>
> One thing though -
>
> > twister ..in/netstat$ obj/netstat -R
> > Rdomain 0
> > Interfaces: lo0 iwm0 re0 enc0 pflog0
> > Routing tables: 0 6 7 77
>
> When there are multiple tables it's clear that this is a list of
> table numbers, but when there's only one the output text is confusing:
>
> Rdomain 0
> Interfaces: lo0 em1 enc0 tun2 vlan1 pflog0
> Routing tables: 0
>
> "there are zero routing tables?"
>
> Rdomain 100
> Interfaces: vether100 lo100 vether101 [...]
> Routing tables: 100
>
> "there are 100 tables?"
>
> This would be clearer if it used table/tables as appropriate e.g.
>
> Routing table: 0
> Routing table: 100
> Routing tables: 0 6 7 77
>
> the code to handle this gets messy though, maybe someone can think
> of alternative wording that gets around this another way..
>
It's not too messy I think.
twister ..in/netstat$ obj/netstat -R
Rdomain 0
Interfaces: lo0 iwm0 re0 enc0 pflog0
Routing tables: 0 5
Rdomain 255
Interface: lo255
Routing table: 255
twister ..in/netstat$
Index: main.c
===
RCS file: /cvs/src/usr.bin/netstat/main.c,v
retrieving revision 1.116
diff -u -p -r1.116 main.c
--- main.c 28 Apr 2019 17:59:51 - 1.116
+++ main.c 30 May 2020 17:59:33 -
@@ -127,7 +127,7 @@ main(int argc, char *argv[])
tableid = getrtable();
while ((ch = getopt(argc, argv,
- "AaBbc:deFf:ghI:iLlM:mN:np:P:qrsT:tuvW:w:")) != -1)
+ "AaBbc:deFf:ghI:iLlM:mN:np:P:qRrsT:tuvW:w:")) != -1)
switch (ch) {
case 'A':
Aflag = 1;
@@ -225,6 +225,9 @@ main(int argc, char *argv[])
case 'q':
qflag = 1;
break;
+ case 'R':
+ Rflag = 1;
+ break;
case 'r':
rflag = 1;
break;
@@ -318,6 +321,11 @@ main(int argc, char *argv[])
mroutepr();
if (af == AF_INET6 || af == AF_UNSPEC)
mroute6pr();
+ exit(0);
+ }
+
+ if (Rflag) {
+ rdomainpr();
exit(0);
}
Index: netstat.1
===
RCS file: /cvs/src/usr.bin/netstat/netstat.1,v
retrieving revision 1.86
diff -u -p -r1.86 netstat.1
--- netstat.1 17 Apr 2019 20:34:21 - 1.86
+++ netstat.1 8 Jun 2020 20:42:46 -
@@ -74,6 +74,8 @@
.Op Fl i | I Ar interface
.Nm
.Op Fl W Ar interface
+.Nm
+.Op Fl R
.Sh DESCRIPTION
The
.Nm
@@ -267,6 +269,8 @@ Otherwise the states of the matching soc
Only show interfaces that have seen packets (or bytes if
.Fl b
is specified).
+.It Fl R
+List all rdomains with associated interfaces and routing tables.
.It Fl r
Show the routing tables.
The output is explained in more detail below.
Index: netstat.h
===
RCS file: /cvs/src/usr.bin/netstat/netstat.h,v
retrieving revision 1.74
diff -u -p -r1.74 netstat.h
--- netstat.h 28 Apr 2019 17:59:51 - 1.74
+++ netstat.h 10 Jun 2020 20:08:28 -
@@ -57,6 +57,7 @@ int pflag; /* show given protocol */
intPflag; /* show given PCB */
intqflag; /* only display non-zero values for output */
intrflag; /* show routing tables (or routing stats) */
+intRflag; /* show rdomain and rtable summary */
intsflag; /* show protocol statistics */
inttflag; /* show i/f watchdog timers */
intvflag; /* be verbose */
@@ -112,6 +113,8 @@ voidrt_stats(void);
void pr_rthdr(int, int);
void pr_encaphdr(void);
void pr_family(int);
+
+void rdomainpr(void);
void ip6_stats(char *);
void icmp6_stats(char *);
Index: route.c
===
RCS file: /cvs/src/usr.bin/netstat/route.c,v
retrieving revision 1.104
diff -u -p -r1.104 route.c
--- route.c 28 Jun 2019 13:35:02 - 1.104
+++ route.c 11 Jun 2020 19:39:38 -
@@ -51,6 +51,7 @@
#include
#include
#include
+#include
#include "netstat.h"
@@ -346,4 +347,75 @@ rt_stats(void)
rtstat.rts_unreach, plural(rtstat.rts_unreach));
printf("\t%u use%s of a wildcard route\n",
rtstat.rts_wildcard, plural(rtstat.rts_wildcard));
+}
+
+/*
+ * Print rdomain and rtable summary
+ */
+
+void
+rdomainpr(void)
+{
+ struct if_data *ifd;
+ struct ifaddrs *ifap, *ifa;
+ struct rt_tableinfo info;
+
+ int rtt_dom[RT_TABLEID_MAX+1];
+ int rdom_
Re: netstat -R: list rdomains with associated ifs and tables
On Tue, Jun 09, 2020 at 10:02:06AM +0200, Remi Locherer wrote:
> On Tue, Jun 09, 2020 at 09:17:31AM +0200, Claudio Jeker wrote:
> > On Tue, Jun 09, 2020 at 08:44:42AM +0200, Remi Locherer wrote:
> > > On Mon, Jun 08, 2020 at 10:10:17PM +0200, Remi Locherer wrote:
> > > > Hi,
> > > >
> > > > to my knowledge there is no easy way to list all active rdomains or
> > > > routing tables. Other platforms have "show vrf" or similar commands
> > > > for an overview.
> > > >
> > > > Here is my attempt at such a view for OpenBSD:
> > >
> > > Updated diff with small changes:
> > > - Print inet instead of Internet (input deraadt)
> > > - Removed padding before rdomain id.
> > > - Changed man page wording.
> > >
> > > twister ..in/netstat$ obj/netstat -R
> > > Rdomain 0
> > > Interfaces: lo0 iwm0 re0 enc0 pflog0 mpe0
> > > Routing tables:
> > > 0: inet 8, inet6 45, mpls 1
> > > 3: inet 1, inet6 0, mpls 0
> > > 7: inet 130309, inet6 1, mpls 0
> > >
> > > Rdomain 77
> > > Interfaces: vether77 lo77
> > > Routing tables:
> > > 77: inet 0, inet6 0, mpls 0
> > >
> > > Rdomain 122
> > > Interfaces: vether122 lo122 pair122 vether1122 vether1123 vether1124
> > > vether1125 vether1126 vether1127
> > > Routing tables:
> > > 122: inet 24, inet6 0, mpls 0
> > >
> > > Rdomain 255
> > > Interfaces: vether255 lo255
> > > Routing tables:
> > > 255: inet 3, inet6 0, mpls 0
> > >
> > > twister ..in/netstat$
> > >
> > > OK?
> >
> > Why do you think the route counts are needed? You fetch all routing tables
> > to count them in userland. The sysctl for doing that is expensive and
> > especially on systems with full tables will make this command slow.
> > If this is something we really want then the kernel should track and
> > provide the count.
>
> These counters are of interest for operators. But I agree that counting
> the routes in userland is unfortunate. But I don't know how bad it is.
> Is a lock involved in the kernel when dumping the full table?
I did some homework and figured out, that dumping a routing table takes the
NET_LOCK. So it's not just inefficient counting all routes in userland it
might have a negative impact on the system.
Below my new proposal without the counters. I still think it would be good
to have those counters. Maybe I'll try to find a solution for that.
twister ..in/netstat$ obj/netstat -R
Rdomain 0
Interfaces: lo0 iwm0 re0 enc0 pflog0
Routing tables: 0 6 7 77
Rdomain 100
Interfaces: vether100 lo100 vether101 vether102 vether103 vether104 vether105
vether106 vether107 vether108 vether109
Routing tables: 100
Rdomain 255
Interfaces: vether255 lo255
Routing tables: 255
twister ..in/netstat$
Index: main.c
===
RCS file: /cvs/src/usr.bin/netstat/main.c,v
retrieving revision 1.116
diff -u -p -r1.116 main.c
--- main.c 28 Apr 2019 17:59:51 - 1.116
+++ main.c 30 May 2020 17:59:33 -
@@ -127,7 +127,7 @@ main(int argc, char *argv[])
tableid = getrtable();
while ((ch = getopt(argc, argv,
- "AaBbc:deFf:ghI:iLlM:mN:np:P:qrsT:tuvW:w:")) != -1)
+ "AaBbc:deFf:ghI:iLlM:mN:np:P:qRrsT:tuvW:w:")) != -1)
switch (ch) {
case 'A':
Aflag = 1;
@@ -225,6 +225,9 @@ main(int argc, char *argv[])
case 'q':
qflag = 1;
break;
+ case 'R':
+ Rflag = 1;
+ break;
case 'r':
rflag = 1;
break;
@@ -318,6 +321,11 @@ main(int argc, char *argv[])
mroutepr();
if (af == AF_INET6 || af == AF_UNSPEC)
mroute6pr();
+ exit(0);
+ }
+
+ if (Rflag) {
+ rdomainpr();
exit(0);
}
Index: netstat.1
===
RCS file: /cvs/src/usr.bin/netstat/netstat.1,v
retrieving revision 1.86
diff -u -p -r1.86 netstat.1
--- netstat.1 17 Apr 2019 20:34:21 - 1.86
+++ netstat.1 8 Jun 2020 20:42:46 -
@@ -74,6 +74,8 @@
.Op Fl i | I Ar interface
.Nm
.Op Fl W Ar interface
+.Nm
+.Op Fl R
.Sh DESCRIPTION
The
.Nm
@@ -26
Re: netstat -R: list rdomains with associated ifs and tables
On Tue, Jun 09, 2020 at 09:17:31AM +0200, Claudio Jeker wrote:
> On Tue, Jun 09, 2020 at 08:44:42AM +0200, Remi Locherer wrote:
> > On Mon, Jun 08, 2020 at 10:10:17PM +0200, Remi Locherer wrote:
> > > Hi,
> > >
> > > to my knowledge there is no easy way to list all active rdomains or
> > > routing tables. Other platforms have "show vrf" or similar commands
> > > for an overview.
> > >
> > > Here is my attempt at such a view for OpenBSD:
> >
> > Updated diff with small changes:
> > - Print inet instead of Internet (input deraadt)
> > - Removed padding before rdomain id.
> > - Changed man page wording.
> >
> > twister ..in/netstat$ obj/netstat -R
> > Rdomain 0
> > Interfaces: lo0 iwm0 re0 enc0 pflog0 mpe0
> > Routing tables:
> > 0: inet 8, inet6 45, mpls 1
> > 3: inet 1, inet6 0, mpls 0
> > 7: inet 130309, inet6 1, mpls 0
> >
> > Rdomain 77
> > Interfaces: vether77 lo77
> > Routing tables:
> > 77: inet 0, inet6 0, mpls 0
> >
> > Rdomain 122
> > Interfaces: vether122 lo122 pair122 vether1122 vether1123 vether1124
> > vether1125 vether1126 vether1127
> > Routing tables:
> > 122: inet 24, inet6 0, mpls 0
> >
> > Rdomain 255
> > Interfaces: vether255 lo255
> > Routing tables:
> > 255: inet 3, inet6 0, mpls 0
> >
> > twister ..in/netstat$
> >
> > OK?
>
> Why do you think the route counts are needed? You fetch all routing tables
> to count them in userland. The sysctl for doing that is expensive and
> especially on systems with full tables will make this command slow.
> If this is something we really want then the kernel should track and
> provide the count.
These counters are of interest for operators. But I agree that counting
the routes in userland is unfortunate. But I don't know how bad it is.
Is a lock involved in the kernel when dumping the full table?
I see in art.h that struct art_table has a counter. What would be a good
way to export this to userland?
>
> Apart from that I think this is a good addition.
>
> > Index: main.c
> > ===
> > RCS file: /cvs/src/usr.bin/netstat/main.c,v
> > retrieving revision 1.116
> > diff -u -p -r1.116 main.c
> > --- main.c 28 Apr 2019 17:59:51 - 1.116
> > +++ main.c 30 May 2020 17:59:33 -
> > @@ -127,7 +127,7 @@ main(int argc, char *argv[])
> > tableid = getrtable();
> >
> > while ((ch = getopt(argc, argv,
> > - "AaBbc:deFf:ghI:iLlM:mN:np:P:qrsT:tuvW:w:")) != -1)
> > + "AaBbc:deFf:ghI:iLlM:mN:np:P:qRrsT:tuvW:w:")) != -1)
> > switch (ch) {
> > case 'A':
> > Aflag = 1;
> > @@ -225,6 +225,9 @@ main(int argc, char *argv[])
> > case 'q':
> > qflag = 1;
> > break;
> > + case 'R':
> > + Rflag = 1;
> > + break;
> > case 'r':
> > rflag = 1;
> > break;
> > @@ -318,6 +321,11 @@ main(int argc, char *argv[])
> > mroutepr();
> > if (af == AF_INET6 || af == AF_UNSPEC)
> > mroute6pr();
> > + exit(0);
> > + }
> > +
> > + if (Rflag) {
> > + rdomainpr();
> > exit(0);
> > }
> >
> > Index: netstat.1
> > ===
> > RCS file: /cvs/src/usr.bin/netstat/netstat.1,v
> > retrieving revision 1.86
> > diff -u -p -r1.86 netstat.1
> > --- netstat.1 17 Apr 2019 20:34:21 - 1.86
> > +++ netstat.1 8 Jun 2020 20:42:46 -
> > @@ -74,6 +74,8 @@
> > .Op Fl i | I Ar interface
> > .Nm
> > .Op Fl W Ar interface
> > +.Nm
> > +.Op Fl R
> > .Sh DESCRIPTION
> > The
> > .Nm
> > @@ -267,6 +269,8 @@ Otherwise the states of the matching soc
> > Only show interfaces that have seen packets (or bytes if
> > .Fl b
> > is specified).
> > +.It Fl R
> > +List all rdomains with associated interfaces and routing tables.
> > .It Fl r
> > Show the routing tables.
> > The output is explained in more detail below.
> > Index: netstat.h
> > ===
Re: netstat -R: list rdomains with associated ifs and tables
On Mon, Jun 08, 2020 at 10:10:17PM +0200, Remi Locherer wrote:
> Hi,
>
> to my knowledge there is no easy way to list all active rdomains or
> routing tables. Other platforms have "show vrf" or similar commands
> for an overview.
>
> Here is my attempt at such a view for OpenBSD:
Updated diff with small changes:
- Print inet instead of Internet (input deraadt)
- Removed padding before rdomain id.
- Changed man page wording.
twister ..in/netstat$ obj/netstat -R
Rdomain 0
Interfaces: lo0 iwm0 re0 enc0 pflog0 mpe0
Routing tables:
0: inet 8, inet6 45, mpls 1
3: inet 1, inet6 0, mpls 0
7: inet 130309, inet6 1, mpls 0
Rdomain 77
Interfaces: vether77 lo77
Routing tables:
77: inet 0, inet6 0, mpls 0
Rdomain 122
Interfaces: vether122 lo122 pair122 vether1122 vether1123 vether1124
vether1125 vether1126 vether1127
Routing tables:
122: inet 24, inet6 0, mpls 0
Rdomain 255
Interfaces: vether255 lo255
Routing tables:
255: inet 3, inet6 0, mpls 0
twister ..in/netstat$
OK?
Index: main.c
===
RCS file: /cvs/src/usr.bin/netstat/main.c,v
retrieving revision 1.116
diff -u -p -r1.116 main.c
--- main.c 28 Apr 2019 17:59:51 - 1.116
+++ main.c 30 May 2020 17:59:33 -
@@ -127,7 +127,7 @@ main(int argc, char *argv[])
tableid = getrtable();
while ((ch = getopt(argc, argv,
- "AaBbc:deFf:ghI:iLlM:mN:np:P:qrsT:tuvW:w:")) != -1)
+ "AaBbc:deFf:ghI:iLlM:mN:np:P:qRrsT:tuvW:w:")) != -1)
switch (ch) {
case 'A':
Aflag = 1;
@@ -225,6 +225,9 @@ main(int argc, char *argv[])
case 'q':
qflag = 1;
break;
+ case 'R':
+ Rflag = 1;
+ break;
case 'r':
rflag = 1;
break;
@@ -318,6 +321,11 @@ main(int argc, char *argv[])
mroutepr();
if (af == AF_INET6 || af == AF_UNSPEC)
mroute6pr();
+ exit(0);
+ }
+
+ if (Rflag) {
+ rdomainpr();
exit(0);
}
Index: netstat.1
===
RCS file: /cvs/src/usr.bin/netstat/netstat.1,v
retrieving revision 1.86
diff -u -p -r1.86 netstat.1
--- netstat.1 17 Apr 2019 20:34:21 - 1.86
+++ netstat.1 8 Jun 2020 20:42:46 -
@@ -74,6 +74,8 @@
.Op Fl i | I Ar interface
.Nm
.Op Fl W Ar interface
+.Nm
+.Op Fl R
.Sh DESCRIPTION
The
.Nm
@@ -267,6 +269,8 @@ Otherwise the states of the matching soc
Only show interfaces that have seen packets (or bytes if
.Fl b
is specified).
+.It Fl R
+List all rdomains with associated interfaces and routing tables.
.It Fl r
Show the routing tables.
The output is explained in more detail below.
Index: netstat.h
===
RCS file: /cvs/src/usr.bin/netstat/netstat.h,v
retrieving revision 1.74
diff -u -p -r1.74 netstat.h
--- netstat.h 28 Apr 2019 17:59:51 - 1.74
+++ netstat.h 7 Jun 2020 22:03:10 -
@@ -57,6 +57,7 @@ int pflag; /* show given protocol */
intPflag; /* show given PCB */
intqflag; /* only display non-zero values for output */
intrflag; /* show routing tables (or routing stats) */
+intRflag; /* show rdomain and rtable summary */
intsflag; /* show protocol statistics */
inttflag; /* show i/f watchdog timers */
intvflag; /* be verbose */
@@ -112,6 +113,9 @@ voidrt_stats(void);
void pr_rthdr(int, int);
void pr_encaphdr(void);
void pr_family(int);
+
+void rdomainpr(void);
+void rttsummarypr(int);
void ip6_stats(char *);
void icmp6_stats(char *);
Index: route.c
===
RCS file: /cvs/src/usr.bin/netstat/route.c,v
retrieving revision 1.104
diff -u -p -r1.104 route.c
--- route.c 28 Jun 2019 13:35:02 - 1.104
+++ route.c 9 Jun 2020 06:36:29 -
@@ -51,6 +51,7 @@
#include
#include
#include
+#include
#include "netstat.h"
@@ -346,4 +347,117 @@ rt_stats(void)
rtstat.rts_unreach, plural(rtstat.rts_unreach));
printf("\t%u use%s of a wildcard route\n",
rtstat.rts_wildcard, plural(rtstat.rts_wildcard));
+}
+
+/*
+ * Print rdomain and rtable summary
+ */
+
+void
+rdomainpr(void)
+{
+ struct if_data *ifd;
+ struct ifaddrs *ifap, *ifa;
+ struct rt_tableinfo info;
+
+ int rtt_dom[RT_TABLEID_MA
netstat -R: list rdomains with associated ifs and tables
Hi,
to my knowledge there is no easy way to list all active rdomains or
routing tables. Other platforms have "show vrf" or similar commands
for an overview.
Here is my attempt at such a view for OpenBSD:
twister ..in/netstat$ obj/netstat -R
Rdomain 0
Interfaces: lo0 iwm0 re0 enc0 pflog0
Routing tables:
0: Internet 8, Internet6 43, MPLS 0
3: Internet 1, Internet6 0, MPLS 0
7: Internet 130309, Internet6 1, MPLS 0
Rdomain 77
Interfaces: vether77 lo77
Routing tables:
77: Internet 0, Internet6 0, MPLS 0
Rdomain 122
Interfaces: vether122 lo122 pair122 vether1122 vether1123 vether1124
vether1125 vether1126 vether1127
Routing tables:
122: Internet 24, Internet6 0, MPLS 0
Rdomain 255
Interfaces: vether255 lo255
Routing tables:
255: Internet 3, Internet6 0, MPLS 0
twister ..in/netstat$
Comments? OKs?
Remi
Index: main.c
===
RCS file: /cvs/src/usr.bin/netstat/main.c,v
retrieving revision 1.116
diff -u -p -r1.116 main.c
--- main.c 28 Apr 2019 17:59:51 - 1.116
+++ main.c 30 May 2020 17:59:33 -
@@ -127,7 +127,7 @@ main(int argc, char *argv[])
tableid = getrtable();
while ((ch = getopt(argc, argv,
- "AaBbc:deFf:ghI:iLlM:mN:np:P:qrsT:tuvW:w:")) != -1)
+ "AaBbc:deFf:ghI:iLlM:mN:np:P:qRrsT:tuvW:w:")) != -1)
switch (ch) {
case 'A':
Aflag = 1;
@@ -225,6 +225,9 @@ main(int argc, char *argv[])
case 'q':
qflag = 1;
break;
+ case 'R':
+ Rflag = 1;
+ break;
case 'r':
rflag = 1;
break;
@@ -318,6 +321,11 @@ main(int argc, char *argv[])
mroutepr();
if (af == AF_INET6 || af == AF_UNSPEC)
mroute6pr();
+ exit(0);
+ }
+
+ if (Rflag) {
+ rdomainpr();
exit(0);
}
Index: netstat.1
===
RCS file: /cvs/src/usr.bin/netstat/netstat.1,v
retrieving revision 1.86
diff -u -p -r1.86 netstat.1
--- netstat.1 17 Apr 2019 20:34:21 - 1.86
+++ netstat.1 8 Jun 2020 19:21:26 -
@@ -74,6 +74,8 @@
.Op Fl i | I Ar interface
.Nm
.Op Fl W Ar interface
+.Nm
+.Op Fl R
.Sh DESCRIPTION
The
.Nm
@@ -267,6 +269,9 @@ Otherwise the states of the matching soc
Only show interfaces that have seen packets (or bytes if
.Fl b
is specified).
+.It Fl R
+Show all rdomains and list associated interfaces and routing tables
+with number of entries.
.It Fl r
Show the routing tables.
The output is explained in more detail below.
Index: netstat.h
===
RCS file: /cvs/src/usr.bin/netstat/netstat.h,v
retrieving revision 1.74
diff -u -p -r1.74 netstat.h
--- netstat.h 28 Apr 2019 17:59:51 - 1.74
+++ netstat.h 7 Jun 2020 22:03:10 -
@@ -57,6 +57,7 @@ int pflag; /* show given protocol */
intPflag; /* show given PCB */
intqflag; /* only display non-zero values for output */
intrflag; /* show routing tables (or routing stats) */
+intRflag; /* show rdomain and rtable summary */
intsflag; /* show protocol statistics */
inttflag; /* show i/f watchdog timers */
intvflag; /* be verbose */
@@ -112,6 +113,9 @@ voidrt_stats(void);
void pr_rthdr(int, int);
void pr_encaphdr(void);
void pr_family(int);
+
+void rdomainpr(void);
+void rttsummarypr(int);
void ip6_stats(char *);
void icmp6_stats(char *);
Index: route.c
===
RCS file: /cvs/src/usr.bin/netstat/route.c,v
retrieving revision 1.104
diff -u -p -r1.104 route.c
--- route.c 28 Jun 2019 13:35:02 - 1.104
+++ route.c 8 Jun 2020 19:29:58 -
@@ -51,6 +51,7 @@
#include
#include
#include
+#include
#include "netstat.h"
@@ -346,4 +347,117 @@ rt_stats(void)
rtstat.rts_unreach, plural(rtstat.rts_unreach));
printf("\t%u use%s of a wildcard route\n",
rtstat.rts_wildcard, plural(rtstat.rts_wildcard));
+}
+
+/*
+ * Print rdomain and rtable summary
+ */
+
+void
+rdomainpr(void)
+{
+ struct if_data *ifd;
+ struct ifaddrs *ifap, *ifa;
+ struct rt_tableinfo info;
+
+ int rtt_dom[RT_TABLEID_MAX+1];
+ int mib[6], rdom, rtt;
+ size_t len;
+ char*old, *rdom_if[RT_TABLEID_MAX+1] = { };
+
+ getifaddrs(&ifap);
+ for (ifa = ifap; ifa; ifa = ifa->ifa_next) {
+ if (ifa->ifa_addr->sa_family != AF_LINK)
Re: ospf6d: change the way interfaces are handled
On Sat, May 30, 2020 at 04:37:43PM +0200, Denis Fondras wrote:
> This diff updates how ospf6d(8) handles interfaces.
> It is now in line with what ospfd(8) does.
>
> Last step before enabling reload.
>
> Tested against Mikrotik and Zebra implementations.
>
> Warning: it changes the default behaviour. No prefix is announced if no
> "redistribute" statement is present in config file. Is this a showstopper ?
The diff reads good and works. I mostly agree with it.
But we should not change the behaviour. That prefixes configured on an
interface need a redistribute statement is counter intuitive. The "passive"
statement would be useless.
>
> Index: hello.c
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/hello.c,v
> retrieving revision 1.22
> diff -u -p -r1.22 hello.c
> --- hello.c 3 Jan 2020 17:25:48 - 1.22
> +++ hello.c 30 May 2020 14:19:09 -
> @@ -175,12 +175,16 @@ recv_hello(struct iface *iface, struct i
> nbr->priority = LSA_24_GETHI(ntohl(hello.opts));
> /* XXX neighbor address shouldn't be stored on virtual links */
> nbr->addr = *src;
> + ospfe_imsg_compose_rde(IMSG_NEIGHBOR_ADDR, nbr->peerid, 0,
> + src, sizeof(struct in6_addr));
> }
>
> if (!IN6_ARE_ADDR_EQUAL(&nbr->addr, src)) {
> log_warnx("%s: neighbor ID %s changed its address to %s",
> __func__, inet_ntoa(nbr->id), log_in6addr(src));
> nbr->addr = *src;
> + ospfe_imsg_compose_rde(IMSG_NEIGHBOR_ADDR, nbr->peerid, 0,
> + src, sizeof(struct in6_addr));
> }
>
> nbr->options = opts;
> Index: interface.c
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/interface.c,v
> retrieving revision 1.29
> diff -u -p -r1.29 interface.c
> --- interface.c 27 May 2020 09:03:56 - 1.29
> +++ interface.c 30 May 2020 14:19:09 -
> @@ -72,8 +72,6 @@ struct {
> static int vlink_cnt = 0;
> #endif
>
> -TAILQ_HEAD(, iface) iflist;
> -
> const char * const if_event_names[] = {
> "NOTHING",
> "UP",
> @@ -145,10 +143,6 @@ if_fsm(struct iface *iface, enum iface_e
> area_track(iface->area);
> orig_rtr_lsa(iface->area);
> orig_link_lsa(iface);
> -
> - /* state change inform RDE */
> - ospfe_imsg_compose_rde(IMSG_IFINFO, iface->self->peerid, 0,
> - &iface->state, sizeof(iface->state));
> }
>
> if (old_state & (IF_STA_MULTI | IF_STA_POINTTOPOINT) &&
> @@ -166,41 +160,8 @@ if_fsm(struct iface *iface, enum iface_e
> return (ret);
> }
>
> -int
> -if_init(void)
> -{
> - TAILQ_INIT(&iflist);
> -
> - return (fetchifs(0));
> -}
> -
> -/* XXX using a linked list should be OK for now */
> struct iface *
> -if_find(unsigned int ifindex)
> -{
> - struct iface*iface;
> -
> - TAILQ_FOREACH(iface, &iflist, list) {
> - if (ifindex == iface->ifindex)
> - return (iface);
> - }
> - return (NULL);
> -}
> -
> -struct iface *
> -if_findname(char *name)
> -{
> - struct iface*iface;
> -
> - TAILQ_FOREACH(iface, &iflist, list) {
> - if (!strcmp(name, iface->name))
> - return (iface);
> - }
> - return (NULL);
> -}
> -
> -struct iface *
> -if_new(u_short ifindex, char *ifname)
> +if_new(struct kif *kif, struct kif_addr *ka)
> {
> struct iface*iface;
>
> @@ -210,7 +171,6 @@ if_new(u_short ifindex, char *ifname)
> iface->state = IF_STA_DOWN;
>
> LIST_INIT(&iface->nbr_list);
> - TAILQ_INIT(&iface->ifa_list);
> TAILQ_INIT(&iface->ls_ack_list);
> RB_INIT(&iface->lsa_tree);
>
> @@ -225,34 +185,36 @@ if_new(u_short ifindex, char *ifname)
> return (iface);
> }
> #endif
> - strlcpy(iface->name, ifname, sizeof(iface->name));
> - iface->ifindex = ifindex;
> -
> - TAILQ_INSERT_TAIL(&iflist, iface, list);
> -
> - return (iface);
> -}
>
> -void
> -if_update(struct iface *iface, int mtu, int flags, u_int8_t type,
> -u_int8_t state, u_int64_t rate, u_int32_t rdomain)
> -{
> - iface->mtu = mtu;
> - iface->flags = flags;
> - iface->if_type = type;
> - iface->linkstate = state;
> - iface->baudrate = rate;
> - iface->rdomain = rdomain;
> + strlcpy(iface->name, kif->ifname, sizeof(iface->name));
>
> - /* set type */
> - if (flags & IFF_POINTOPOINT)
> + /* get type */
> + if (kif->flags & IFF_POINTOPOINT)
> iface->type = IF_TYPE_POINTOPOINT;
> - if (flags & IFF_BROADCAST && flags & IFF_MULTICAST)
> + if (kif->flags & IFF_BROADCAST && kif->flags & IFF_MULTICAST)
> iface->type = IF_TYPE_BROADCAST;
> - if (flags & IFF_LOOPBACK) {
> + if (kif->flags & IFF_LOOPBACK) {
> iface->ty
Re: iked(8): AES_GCM ciphers for IKE
On Fri, May 15, 2020 at 01:59:35AM +0200, Tobias Heider wrote:
> On Thu, May 14, 2020 at 10:47:52PM +0200, Tobias Heider wrote:
> > On Thu, May 14, 2020 at 10:07:30PM +0200, Tobias Heider wrote:
> > > Hi,
> > >
> > > currently iked(8) supports AES-GCM only for ESP.
> > > The diff below adds the ENCR_AES_GCM_16 and ENCR_AES_GCM_12 variants for
> > > IKE.
> > > (for more information see [1] and [2]).
> > > Both variants support the 128, 196, and 256 bit key lengths.
> > >
> > > The new new ciphers can be configured with:
> > > - aes-128-gcm, aes-196-gcm and aes-256-gcm for ENCR_AES_GCM_16
> > > - aes-128-gcm-12, aes-196-gcm-12 and aes-256-gcm-12 for ENCR_AES_GCM_12
>
> Small typo: it's 192, not 196.
>
> > >
> > > It would be nice if we could get some interop testing with different IKEv2
> > > implementations. I have so far successfully tested strongswan <-> iked
> > > and
> > > of course iked <-> iked.
> > >
> > > Feedback welcome ;)
It works with a Juniper SRX on the other side.
I tested with this iked.conf:
ikev2 "srx1" active esp \
from 192.168.100.0/24 to 192.168.111.0/24 \
local 10.0.0.2 peer 10.0.0.1 \
ikesa enc aes-128-gcm group ecp256 \
childsa enc aes-128-gcm group ecp256 \
srcid 10.0.0.2 dstid 10.0.0.1 \
psk "Secret1"
> > >
> > > [1] https://tools.ietf.org/html/rfc5282
> > > [2]
> > > https://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml#ikev2-parameters-5
> > >
> >
> > whoops, previous diff was broken.
> >
>
> Another update because it seems parse_xf matches substrings instead of the
> full transform type name, which means I had to change the order of ikeencxfs
> members or 'aes-128-gcm' will always match 'aes-128-gcm-12' ...
>
> Index: crypto.c
> ===
> RCS file: /cvs/src/sbin/iked/crypto.c,v
> retrieving revision 1.27
> diff -u -p -r1.27 crypto.c
> --- crypto.c 14 May 2020 15:08:30 - 1.27
> +++ crypto.c 14 May 2020 23:55:13 -
> @@ -92,7 +92,7 @@ hash_new(uint8_t type, uint16_t id)
> struct iked_hash*hash;
> const EVP_MD*md = NULL;
> HMAC_CTX*ctx = NULL;
> - int length = 0, fixedkey = 0, trunc = 0;
> + int length = 0, fixedkey = 0, trunc = 0, isaead =
> 0;
>
> switch (type) {
> case IKEV2_XFORMTYPE_PRF:
> @@ -156,6 +156,14 @@ hash_new(uint8_t type, uint16_t id)
> length = SHA512_DIGEST_LENGTH;
> trunc = 32;
> break;
> + case IKEV2_XFORMAUTH_AES_GCM_12:
> + length = 12;
> + isaead = 1;
> + break;
> + case IKEV2_XFORMAUTH_AES_GCM_16:
> + length = 16;
> + isaead = 1;
> + break;
> case IKEV2_XFORMAUTH_NONE:
> case IKEV2_XFORMAUTH_DES_MAC:
> case IKEV2_XFORMAUTH_KPDK_MD5:
> @@ -177,7 +185,7 @@ hash_new(uint8_t type, uint16_t id)
> print_map(id, ikev2_xformtype_map));
> break;
> }
> - if (md == NULL)
> + if (!isaead && md == NULL)
> return (NULL);
>
> if ((hash = calloc(1, sizeof(*hash))) == NULL) {
> @@ -192,6 +200,10 @@ hash_new(uint8_t type, uint16_t id)
> hash->hash_trunc = trunc;
> hash->hash_length = length;
> hash->hash_fixedkey = fixedkey;
> + hash->hash_isaead = isaead;
> +
> + if (isaead)
> + return (hash);
>
> if ((ctx = calloc(1, sizeof(*ctx))) == NULL) {
> log_debug("%s: alloc hash ctx", __func__);
> @@ -276,6 +288,7 @@ cipher_new(uint8_t type, uint16_t id, ui
> const EVP_CIPHER*cipher = NULL;
> EVP_CIPHER_CTX *ctx = NULL;
> int length = 0, fixedkey = 0, ivlength = 0;
> + int saltlength = 0, authid = 0;
>
> switch (type) {
> case IKEV2_XFORMTYPE_ENCR:
> @@ -309,6 +322,39 @@ cipher_new(uint8_t type, uint16_t id, ui
> ivlength = EVP_CIPHER_iv_length(cipher);
> fixedkey = EVP_CIPHER_key_length(cipher);
> break;
> + case IKEV2_XFORMENCR_AES_GCM_16:
> + case IKEV2_XFORMENCR_AES_GCM_12:
> + switch (id_length) {
> + case 128:
> + cipher = EVP_aes_128_gcm();
> + break;
> + case 192:
> + cipher = EVP_aes_192_gcm();
> + break;
> + case 256:
> + cipher = EVP_aes_256_gcm();
> + break;
> + default:
> + log_debug("%s: invalid key length %d"
> + " f
Re: mcx(4) checksum offload
On Tue, May 19, 2020 at 08:48:17AM +1000, Jonathan Matthew wrote:
> So far I've completely ignored offloads in the ethernet drivers I've
> written, but on having a quick look at the documentation I found that
> mcx(4) checksum offload is extremely easy to use, and some simple testing
> suggests that it helps quite a bit. I've seen tcpbench receive throughput
> increase by around 15%.
>
> The nic supports all the checksum offloads we know about, reports checksum
> status for every packet without being asked to, and can figure out packet
> header lengths etc. for itself, so on the tx side, the driver just sets
> some flags to say "checksum this for me please", and on the rx side, it
> looks at two bits in the completion queue entry.
>
> I'm mostly sending this out to see if anyone can gather any interesting
> performance numbers.
ipv4 forwarding, 64Byte UDP packagesi sent over both mcx, pfctl -d
with patch:
- generating 560 Kpps: 560 Kpps stable
- generating 1 Mpps: first few min 809 Kpps, then drops to 520 Kpps
without patch:
- generating 560 Kpps: first few min 560 Kpps theni drops to 514 Kpps
- generating 1Mpps: first few min 766 Kpps, then drops to 500 Kpps
mcx0 at pci7 dev 0 function 0 "Mellanox ConnectX-4 Lx" rev 0x00: FW 14.17.2032,
msix, address 24:8a:07:b0:23:a0
mcx1 at pci7 dev 0 function 1 "Mellanox ConnectX-4 Lx" rev 0x00: FW 14.17.2032,
msix, address 24:8a:07:b0:23:a1
>
>
> Index: if_mcx.c
> ===
> RCS file: /cvs/src/sys/dev/pci/if_mcx.c,v
> retrieving revision 1.44
> diff -u -p -u -p -r1.44 if_mcx.c
> --- if_mcx.c 24 Apr 2020 07:28:37 - 1.44
> +++ if_mcx.c 18 May 2020 10:22:32 -
> @@ -1255,6 +1292,10 @@ struct mcx_cq_entry {
> uint32_tcq_checksum;
> uint32_t__reserved__;
> uint32_tcq_flags;
> +#define MCX_CQ_ENTRY_FLAGS_L4_OK (1 << 26)
> +#define MCX_CQ_ENTRY_FLAGS_L3_OK (1 << 25)
> +#define MCX_CQ_ENTRY_FLAGS_L2_OK (1 << 24)
> +
> uint32_tcq_lro_srqn;
> uint32_t__reserved__[2];
> uint32_tcq_byte_cnt;
> @@ -2355,7 +2396,9 @@ mcx_attach(struct device *parent, struct
> ifp->if_qstart = mcx_start;
> ifp->if_watchdog = mcx_watchdog;
> ifp->if_hardmtu = sc->sc_hardmtu;
> - ifp->if_capabilities = IFCAP_VLAN_MTU;
> + ifp->if_capabilities = IFCAP_VLAN_MTU | IFCAP_CSUM_IPv4 |
> + IFCAP_CSUM_UDPv4 | IFCAP_CSUM_UDPv6 | IFCAP_CSUM_TCPv4 |
> + IFCAP_CSUM_TCPv6;
> IFQ_SET_MAXLEN(&ifp->if_snd, 1024);
>
> ifmedia_init(&sc->sc_media, IFM_IMASK, mcx_media_change,
> @@ -5662,6 +5966,7 @@ mcx_process_rx(struct mcx_softc *sc, str
> struct mcx_slot *ms;
> struct mbuf *m;
> int slot;
> + uint32_t flags;
>
> slot = betoh16(cqe->cq_wqe_count) % (1 << MCX_LOG_RQ_SIZE);
>
> @@ -5680,6 +5985,13 @@ mcx_process_rx(struct mcx_softc *sc, str
> betoh32(cqe->cq_rx_hash);
> }
>
> + flags = bemtoh32(&cqe->cq_flags);
> + if (flags & MCX_CQ_ENTRY_FLAGS_L3_OK)
> + m->m_pkthdr.csum_flags = M_IPV4_CSUM_IN_OK;
> + if (flags & MCX_CQ_ENTRY_FLAGS_L4_OK)
> + m->m_pkthdr.csum_flags |= M_TCP_CSUM_IN_OK |
> + M_UDP_CSUM_IN_OK;
> +
> if (c->c_tdiff) {
> uint64_t t = bemtoh64(&cqe->cq_timestamp) - c->c_timestamp;
> t *= c->c_udiff;
> @@ -6343,6 +6657,7 @@ mcx_start(struct ifqueue *ifq)
> sqe->sqe_signature = htobe32(MCX_SQE_CE_CQE_ALWAYS);
>
> /* eth segment */
> + sqe->sqe_mss_csum = htobe32(MCX_SQE_L3_CSUM | MCX_SQE_L4_CSUM);
> sqe->sqe_inline_header_size = htobe16(MCX_SQ_INLINE_SIZE);
> m_copydata(m, 0, MCX_SQ_INLINE_SIZE,
> (caddr_t)sqe->sqe_inline_headers);
>
Re: ospf6d: remove F_IFACE_AVAIL
On Sat, May 16, 2020 at 08:17:28PM +0200, Denis Fondras wrote:
> This information is never used/checked.
>
ok remi@
> Index: kroute.c
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/kroute.c,v
> retrieving revision 1.63
> diff -u -p -r1.63 kroute.c
> --- kroute.c 16 May 2020 15:54:12 - 1.63
> +++ kroute.c 16 May 2020 18:11:51 -
> @@ -761,7 +761,6 @@ kif_update(u_short ifindex, int flags, s
> return (NULL);
> if ((iface = if_new(ifindex, ifname)) == NULL)
> return (NULL);
> - iface->cflags |= F_IFACE_AVAIL;
> }
>
> if_update(iface, ifd->ifi_mtu, flags, ifd->ifi_type,
> @@ -1019,7 +1018,6 @@ if_announce(void *msg)
> case IFAN_ARRIVAL:
> if ((iface = if_new(ifan->ifan_index, ifan->ifan_name)) == NULL)
> fatal("if_announce failed");
> - iface->cflags |= F_IFACE_AVAIL;
> break;
> case IFAN_DEPARTURE:
> iface = if_find(ifan->ifan_index);
> Index: ospf6d.h
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/ospf6d.h,v
> retrieving revision 1.48
> diff -u -p -r1.48 ospf6d.h
> --- ospf6d.h 16 May 2020 15:54:12 - 1.48
> +++ ospf6d.h 16 May 2020 18:11:51 -
> @@ -330,7 +330,6 @@ struct iface {
> u_int8_t cflags;
> #define F_IFACE_PASSIVE 0x01
> #define F_IFACE_CONFIGURED 0x02
> -#define F_IFACE_AVAIL0x04
> };
>
> struct ifaddrchange {
>
Re: ospf6d: remove IMSG_IFDELETE
On Thu, May 14, 2020 at 08:10:55PM +0200, Denis Fondras wrote:
> Following https://marc.info/?l=openbsd-tech&m=158946552515632&w=2, when
> IMSG_IFADD is removed, IMSG_IFDELETE becomes useless...
OK remi@
>
> Index: kroute.c
> ===
> RCS file: /home/denis/dev/cvs/src/usr.sbin/ospf6d/kroute.c,v
> retrieving revision 1.62
> diff -u -p -r1.62 kroute.c
> --- kroute.c 16 Dec 2019 08:28:33 - 1.62
> +++ kroute.c 14 May 2020 18:06:16 -
> @@ -1023,12 +1023,6 @@ if_announce(void *msg)
> break;
> case IFAN_DEPARTURE:
> iface = if_find(ifan->ifan_index);
> - if (iface->cflags & F_IFACE_CONFIGURED) {
> - main_imsg_compose_rde(IMSG_IFDELETE, 0,
> - &iface->ifindex, sizeof(iface->ifindex));
> - main_imsg_compose_ospfe(IMSG_IFDELETE, 0,
> - &iface->ifindex, sizeof(iface->ifindex));
> - }
> if_del(iface);
> break;
> }
> Index: ospf6d.h
> ===
> RCS file: /home/denis/dev/cvs/src/usr.sbin/ospf6d/ospf6d.h,v
> retrieving revision 1.47
> diff -u -p -r1.47 ospf6d.h
> --- ospf6d.h 14 May 2020 18:05:50 - 1.47
> +++ ospf6d.h 14 May 2020 18:06:30 -
> @@ -103,7 +103,6 @@ enum imsg_type {
> IMSG_KROUTE_CHANGE,
> IMSG_KROUTE_DELETE,
> IMSG_IFINFO,
> - IMSG_IFDELETE,
> IMSG_IFADDRNEW,
> IMSG_IFADDRDEL,
> IMSG_NEIGHBOR_UP,
> Index: ospfe.c
> ===
> RCS file: /home/denis/dev/cvs/src/usr.sbin/ospf6d/ospfe.c,v
> retrieving revision 1.62
> diff -u -p -r1.62 ospfe.c
> --- ospfe.c 14 May 2020 18:05:50 - 1.62
> +++ ospfe.c 14 May 2020 18:07:26 -
> @@ -257,7 +257,6 @@ ospfe_dispatch_main(int fd, short event,
> struct imsgev *iev = bula;
> struct imsgbuf *ibuf = &iev->ibuf;
> int n, stub_changed, shut = 0, isvalid, wasvalid;
> - unsigned int ifindex;
>
> if (event & EV_READ) {
> if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN)
> @@ -326,19 +325,6 @@ ospfe_dispatch_main(int fd, short event,
> if_fsm(iface, IF_EVT_DOWN);
> log_warnx("interface %s down", iface->name);
> }
> - break;
> - case IMSG_IFDELETE:
> - if (imsg.hdr.len != IMSG_HEADER_SIZE +
> - sizeof(ifindex))
> - fatalx("IFDELETE imsg with wrong len");
> -
> - memcpy(&ifindex, imsg.data, sizeof(ifindex));
> - iface = if_find(ifindex);
> - if (iface == NULL)
> - fatalx("interface lost in ospfe");
> -
> - LIST_REMOVE(iface, entry);
> - if_del(iface);
> break;
> case IMSG_IFADDRNEW:
> if (imsg.hdr.len != IMSG_HEADER_SIZE +
> Index: rde.c
> ===
> RCS file: /home/denis/dev/cvs/src/usr.sbin/ospf6d/rde.c,v
> retrieving revision 1.87
> diff -u -p -r1.87 rde.c
> --- rde.c 14 May 2020 18:05:50 - 1.87
> +++ rde.c 14 May 2020 18:07:18 -
> @@ -651,7 +651,6 @@ rde_dispatch_parent(int fd, short event,
> struct imsgbuf *ibuf = &iev->ibuf;
> ssize_t n;
> int shut = 0, link_ok, prev_link_ok, orig_lsa;
> - unsigned int ifindex;
>
> if (event & EV_READ) {
> if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN)
> @@ -733,19 +732,6 @@ rde_dispatch_parent(int fd, short event,
>
> orig_intra_area_prefix_lsas(iface->area);
>
> - break;
> - case IMSG_IFDELETE:
> - if (imsg.hdr.len != IMSG_HEADER_SIZE +
> - sizeof(ifindex))
> - fatalx("IFDELETE imsg with wrong len");
> -
> - memcpy(&ifindex, imsg.data, sizeof(ifindex));
> - iface = if_find(ifindex);
> - if (iface == NULL)
> - fatalx("interface lost in rde");
> -
> - LIST_REMOVE(iface, entry);
> - if_del(iface);
> break;
> case IMSG_IFADDRNEW:
> if (imsg.hdr.len != IMSG_HEADER_SIZE +
>
Re: ospf6d: remove IMSG_IFADD
On Thu, May 14, 2020 at 04:10:42PM +0200, Denis Fondras wrote:
> IMSG_IFADD is never used, wipe it.
In ospfd we have IMSG_RECONF_IFACE for this. Once we start adding
reload functionality we can bring that over to ospf6d.
OK remi@
>
> Index: ospf6d.h
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/ospf6d.h,v
> retrieving revision 1.46
> diff -u -p -r1.46 ospf6d.h
> --- ospf6d.h 5 Apr 2020 18:19:04 - 1.46
> +++ ospf6d.h 14 May 2020 13:52:08 -
> @@ -103,7 +103,6 @@ enum imsg_type {
> IMSG_KROUTE_CHANGE,
> IMSG_KROUTE_DELETE,
> IMSG_IFINFO,
> - IMSG_IFADD,
> IMSG_IFDELETE,
> IMSG_IFADDRNEW,
> IMSG_IFADDRDEL,
> Index: ospfe.c
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/ospfe.c,v
> retrieving revision 1.61
> diff -u -p -r1.61 ospfe.c
> --- ospfe.c 2 Jan 2020 10:16:46 - 1.61
> +++ ospfe.c 14 May 2020 13:52:08 -
> @@ -327,18 +327,6 @@ ospfe_dispatch_main(int fd, short event,
> log_warnx("interface %s down", iface->name);
> }
> break;
> - case IMSG_IFADD:
> - if ((iface = malloc(sizeof(struct iface))) == NULL)
> - fatal(NULL);
> - memcpy(iface, imsg.data, sizeof(struct iface));
> -
> - LIST_INIT(&iface->nbr_list);
> - TAILQ_INIT(&iface->ls_ack_list);
> - RB_INIT(&iface->lsa_tree);
> -
> - LIST_INSERT_HEAD(&iface->area->iface_list, iface,
> - entry);
> - break;
> case IMSG_IFDELETE:
> if (imsg.hdr.len != IMSG_HEADER_SIZE +
> sizeof(ifindex))
> Index: rde.c
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/rde.c,v
> retrieving revision 1.86
> diff -u -p -r1.86 rde.c
> --- rde.c 5 Apr 2020 18:19:04 - 1.86
> +++ rde.c 14 May 2020 13:52:09 -
> @@ -734,17 +734,6 @@ rde_dispatch_parent(int fd, short event,
> orig_intra_area_prefix_lsas(iface->area);
>
> break;
> - case IMSG_IFADD:
> - if ((iface = malloc(sizeof(struct iface))) == NULL)
> - fatal(NULL);
> - memcpy(iface, imsg.data, sizeof(struct iface));
> -
> - LIST_INIT(&iface->nbr_list);
> - TAILQ_INIT(&iface->ls_ack_list);
> - RB_INIT(&iface->lsa_tree);
> -
> - LIST_INSERT_HEAD(&iface->area->iface_list, iface,
> entry);
> - break;
> case IMSG_IFDELETE:
> if (imsg.hdr.len != IMSG_HEADER_SIZE +
> sizeof(ifindex))
>
Re: tcpdump: print nhrp packets
On Tue, Apr 14, 2020 at 01:49:32PM +1000, David Gwynne wrote: > > > > On 13 Apr 2020, at 19:03, Remi Locherer wrote: > > > > Hi, > > > > I recently looked into NHRP (RFC 2332) and noticed that our tcpdump does > > not have a printer for it. So I added support for NHRP to tcpdump. > > > > Initially I was surprised: I expected a simpler protocol! But it is from > > the 90's with all the protocols from then in mind (frame relay, ATM, ...). > > > > I tested with public available pcap files and compared the output with > > wirshark. > > https://packetlife.net/captures/protocol/nhrp/ > > https://www.networkingwithfish.com/fun-in-the-lab-sniffer-tracing-a-dmvpn-tunnel-startup/ > > > > The output looks like this: > > > > 08:34:45.647483 172.16.25.2 > 172.16.15.2: gre NHRP: reg request, id 7 [tos > > 0xc0] > > 08:34:45.671422 172.16.15.2 > 172.16.25.2: gre NHRP: reg reply, id 7 [tos > > 0xc0] > > > > 08:47:16.138679 172.16.15.2 > 172.16.25.2: gre NHRP: res request, id 6 [tos > > 0xc0] > > 08:47:16.148863 172.16.25.2 > 172.16.15.2: gre NHRP: res reply, id 6 [tos > > 0xc0] > > > > With -v set: > > > > 08:34:45.647483 172.16.25.2 > 172.16.15.2: gre [] 2001 NHRP: reg request, > > id 7, hopcnt 255, src nbma 172.16.25.2, 192.168.0.2 -> 192.168.0.1 (code 0, > > pl 255, mtu 1514, htime 7200, pref 0) [tos 0xc0] (ttl 254, id 22, len 116) > > 08:34:45.671422 172.16.15.2 > 172.16.25.2: gre [] 2001 NHRP: reg reply, id > > 7, hopcnt 255, src nbma 172.16.25.2, 192.168.0.2 -> 192.168.0.1 (code 0, pl > > 255, mtu 1514, htime 7200, pref 0) [tos 0xc0] (ttl 255, id 7, len 136) > > > > 08:47:16.138679 172.16.15.2 > 172.16.25.2: gre [] 2001 NHRP: res request, > > id 6, hopcnt 254, src nbma 172.16.45.2, 192.168.0.4 -> 192.168.0.2 (code 0, > > pl 0, mtu 1514, htime 7200, pref 0) [tos 0xc0] (ttl 254, id 20, len 116) > > 08:47:16.148863 172.16.25.2 > 172.16.15.2: gre [] 2001 NHRP: res reply, id > > 6, hopcnt 255, src nbma 172.16.45.2, 192.168.0.4 -> 192.168.0.2 (code 0, pl > > 32, mtu 1514, htime 7199, pref 0, nbma 172.16.25.2, proto 192.168.0.2) [tos > > 0xc0] (ttl 255, id 31, len 144) > > > > Extensions are not parsed and printed. > > > > It would be nice to get pcaps with expamles that use address or protocol > > combinations other than GRE and IPv4. > > > > Comments, OKs? > > Can you print the addresses when -v is not set too? > > Otherwise I'm keen. > Like this? tcpdump -n: 08:47:16.068855 172.16.25.2 > 172.16.15.2: gre NHRP: res request, id 8, src nbma 172.16.25.2, 192.168.0.2 -> 192.168.0.4 (code 0) [tos 0xc0] 08:47:16.150679 172.16.15.2 > 172.16.25.2: gre NHRP: res reply, id 8, src nbma 172.16.25.2, 192.168.0.2 -> 192.168.0.4 (code 0, nbma 172.16.45.2, proto 192.168.0.4) [tos 0xc0] tcpdump -nv: 08:47:16.068855 172.16.25.2 > 172.16.15.2: gre [] 2001 NHRP: res request, id 8, hopcnt 255, src nbma 172.16.25.2, 192.168.0.2 -> 192.168.0.4 (code 0, pl 0, mtu 1514, htime 7200, pref 0) [tos 0xc0] (ttl 255, id 29, len 96) 08:47:16.150679 172.16.15.2 > 172.16.25.2: gre [] 2001 NHRP: res reply, id 8, hopcnt 254, src nbma 172.16.25.2, 192.168.0.2 -> 192.168.0.4 (code 0, pl 32, mtu 1514, htime 7199, pref 0, nbma 172.16.45.2, proto 192.168.0.4) [tos 0xc0] (ttl 254, id 21, len 164) Index: Makefile === RCS file: /cvs/src/usr.sbin/tcpdump/Makefile,v retrieving revision 1.64 diff -u -p -r1.64 Makefile --- Makefile3 Dec 2019 01:43:33 - 1.64 +++ Makefile28 Mar 2020 17:07:22 - @@ -48,7 +48,7 @@ SRCS= tcpdump.c addrtoname.c privsep.c p print-bgp.c print-ospf6.c print-ripng.c print-rt6.c print-stp.c \ print-etherip.c print-lwres.c print-lldp.c print-cdp.c print-pflog.c \ print-pfsync.c pf_print_state.c print-ofp.c ofp_map.c \ - print-udpencap.c print-carp.c \ + print-udpencap.c print-carp.c print-nhrp.c \ print-802_11.c print-iapp.c print-mpls.c print-slow.c print-usbpcap.c \ gmt2local.c savestr.c setsignal.c in_cksum.c Index: interface.h === RCS file: /cvs/src/usr.sbin/tcpdump/interface.h,v retrieving revision 1.83 diff -u -p -r1.83 interface.h --- interface.h 3 Dec 2019 01:43:33 - 1.83 +++ interface.h 28 Mar 2020 17:07:22 - @@ -217,6 +217,7 @@ extern void ppp_ether_if_print(u_char *, extern void gre_print(const u_char *, u_int); extern void vxlan_print(const u_char *, u_int); extern void nsh_print(const u_char *, u_int); +extern void nhrp_print(const u_char *, u_int); extern void icmp_print(const u_ch
tcpdump: print nhrp packets
--- /dev/null 1 Jan 1970 00:00:00 -
+++ print-nhrp.c13 Apr 2020 08:38:01 -
@@ -0,0 +1,286 @@
+/* $OpenBSD:$ */
+
+/*
+ * Copyright (c) 2020 Remi Locherer
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * RFC 2332 NBMA Next Hop Resolution Protocol (NHRP)
+ */
+
+#include
+#include
+#include
+
+#include
+#include
+#include
+
+#include
+
+#include
+#include
+#include
+
+#include "addrtoname.h"
+#include "afnum.h"
+#include "interface.h"
+#include "extract.h"
+
+#define NHRP_VER_RFC2332 1
+
+#define NHRP_PKG_RESOLUTION_REQUEST1
+#define NHRP_PKG_RESOLUTION_REPLY 2
+#define NHRP_PKG_REGISTRATION_REQUEST 3
+#define NHRP_PKG_REGISTRATION_REPLY4
+#define NHRP_PKG_PURGE_REQUEST 5
+#define NHRP_PKG_PURGE_REPLY 6
+#define NHRP_PKG_ERROR_INDICATION 7
+
+
+struct nhrp_header {
+ /* fixed header part */
+ u_int16_t afn;/* link layer address */
+ u_int16_t pro_type; /* protocol type (short form) */
+ u_int8_tpro_snap[5];/* protocol type (long form) */
+ u_int8_thopcnt; /* hop count */
+ u_int16_t pktsz; /* length of the NHRP packet (octets) */
+ u_int16_t chksum; /* IP checksum over the entier packet */
+ u_int16_t extoff; /* extension offset */
+ u_int8_top_version; /* version of address mapping and
+ management protocol */
+ u_int8_top_type;/* NHRP packet type */
+ u_int8_tshtl; /* type and length of src NBMA addr */
+ u_int8_tsstl; /* type and length of src NBMA
+ subaddress */
+ /* mandatory header part */
+ u_int8_tspl;/* src proto len */
+ u_int8_tdpl;/* dst proto len */
+ u_int16_t flags; /* flags */
+union {
+ u_int32_t id; /* request id */
+ struct {/* error code */
+ u_int16_t code;
+ u_int16_t offset;
+ } err;
+ } u;
+};
+
+struct nhrp_cie {
+ /* client information entrie */
+ u_int8_tcode;
+ u_int8_tplen;
+ u_int16_t unused;
+ u_int16_t mtu;
+ u_int16_t htime;
+ u_int8_tcli_addr_tl;
+ u_int8_tcli_saddr_tl;
+ u_int8_tcli_proto_tl;
+ u_int8_tpref;
+};
+
+static const u_char * nhrp_print_cie(const u_char *, u_int16_t, u_int16_t);
+
+
+void
+nhrp_print(const u_char *p, u_int length)
+{
+ struct nhrp_header *hdr;
+ const u_char*nhrpext, *nhrpend;
+
+ printf("NHRP: ");
+
+ if ((snapend - p) < sizeof(*hdr))
+ goto trunc;
+
+ hdr = (struct nhrp_header *)p;
+
+ if (hdr->op_version != NHRP_VER_RFC2332) {
+ printf("unknown-version-%02x", hdr->op_version);
+ return;
+
+ }
+
+ nhrpext = p + EXTRACT_16BITS(&hdr->extoff);
+ nhrpend = p + EXTRACT_16BITS(&hdr->pktsz);
+
+ switch (hdr->op_type) {
+ case NHRP_PKG_RESOLUTION_REQUEST:
+ printf("res request, ");
+ break;
+ case NHRP_PKG_RESOLUTION_REPLY:
+ printf("res reply, ");
+ break;
+ case NHRP_PKG_REGISTRATION_REQUEST:
+ printf("reg request, ");
+ break;
+ case NHRP_PKG_REGISTRATION_REPLY:
+ printf("reg reply, ");
+ break;
+ case NHRP_PKG_PURGE_REQUEST:
+ printf("purge request, ");
+ break;
+ case NHRP_PKG_PURGE_REPLY:
+ printf("purge reply, ");
+ break;
+ case NHRP_PKG_ERROR_INDICATION:
+ printf("error %u", hdr->u.err.code);
+ return;
+ default:
+ printf("unknown-op-type-%04x, ", hdr->op_type);
+
Re: ospf6d: update to connected routes
On Wed, Apr 01, 2020 at 08:50:45PM +0200, Denis Fondras wrote:
> Handle connected routes as ospfd(8) does.
>
> (diff to ospf6d and ospf6ctl)
OK remi@
>
> Index: ospf6ctl/ospf6ctl.c
> ===
> RCS file: /cvs/src/usr.sbin/ospf6ctl/ospf6ctl.c,v
> retrieving revision 1.50
> diff -u -p -r1.50 ospf6ctl.c
> --- ospf6ctl/ospf6ctl.c 26 May 2019 09:27:09 - 1.50
> +++ ospf6ctl/ospf6ctl.c 1 Apr 2020 18:16:12 -
> @@ -1103,10 +1103,10 @@ show_rib_msg(struct imsg *imsg)
> errx(1, "Invalid route type");
> }
>
> - printf("%-20s %-17s %-12s %-9s %-7d %s\n", dstnet,
> + printf("%-20s %-16s%s %-12s %-9s %-7d %s\n", dstnet,
> log_in6addr_scope(&rt->nexthop, rt->ifindex),
> - path_type_name(rt->p_type), dst_type_name(rt->d_type),
> - rt->cost,
> + rt->connected ? "C" : " ", path_type_name(rt->p_type),
> + dst_type_name(rt->d_type), rt->cost,
> rt->uptime == 0 ? "-" : fmt_timeframe_core(rt->uptime));
> free(dstnet);
> break;
> Index: ospf6d/ospf6d.h
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/ospf6d.h,v
> retrieving revision 1.45
> diff -u -p -r1.45 ospf6d.h
> --- ospf6d/ospf6d.h 21 Jan 2020 20:38:52 - 1.45
> +++ ospf6d/ospf6d.h 1 Apr 2020 18:16:12 -
> @@ -483,6 +483,7 @@ struct ctl_rt {
> enum dst_typed_type;
> u_int8_t flags;
> u_int8_t prefixlen;
> + u_int8_t connected;
> };
>
> struct ctl_sum {
> Index: ospf6d/rde.c
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/rde.c,v
> retrieving revision 1.85
> diff -u -p -r1.85 rde.c
> --- ospf6d/rde.c 29 Mar 2020 11:59:11 - 1.85
> +++ ospf6d/rde.c 1 Apr 2020 18:16:12 -
> @@ -886,6 +886,9 @@ rde_send_change_kroute(struct rt_node *r
> TAILQ_FOREACH(rn, &r->nexthop, entry) {
> if (rn->invalid)
> continue;
> + if (rn->connected)
> + /* skip self-originated routes */
> + continue;
> krcount++;
>
> bzero(&kr, sizeof(kr));
> @@ -899,8 +902,12 @@ rde_send_change_kroute(struct rt_node *r
> kr.ext_tag = r->ext_tag;
> imsg_add(wbuf, &kr, sizeof(kr));
> }
> - if (krcount == 0)
> - fatalx("rde_send_change_kroute: no valid nexthop found");
> + if (krcount == 0) {
> + /* no valid nexthop or self originated, so remove */
> + ibuf_free(wbuf);
> + rde_send_delete_kroute(r);
> + return;
> + }
>
> imsg_close(&iev_main->ibuf, wbuf);
> imsg_event_add(iev_main);
> Index: ospf6d/rde_spf.c
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/rde_spf.c,v
> retrieving revision 1.27
> diff -u -p -r1.27 rde_spf.c
> --- ospf6d/rde_spf.c 29 Mar 2020 11:59:11 - 1.27
> +++ ospf6d/rde_spf.c 1 Apr 2020 18:16:12 -
> @@ -897,7 +897,9 @@ rt_nexthop_add(struct rt_node *r, struct
> rn->ifindex = vn->ifindex;
> rn->adv_rtr.s_addr = adv_rtr.s_addr;
> rn->uptime = now.tv_sec;
> - rn->connected = vn->prev == spf_root;
> + rn->connected = (type == LSA_TYPE_NETWORK &&
> + vn->prev == spf_root) ||
> + (IN6_IS_ADDR_UNSPECIFIED(&vn->nexthop));
> rn->invalid = 0;
>
> r->invalid = 0;
> @@ -952,21 +954,24 @@ rt_dump(struct in_addr area, pid_t pid,
> fatalx("rt_dump: invalid RIB type");
> }
>
> + memset(&rtctl, 0, sizeof(rtctl));
> + rtctl.prefix = r->prefix;
> + rtctl.area.s_addr = r->area.s_addr;
> + rtctl.cost = r->cost;
> + rtctl.cost2 = r->cost2;
> + rtctl.p_type = r->p_type;
> + rtctl.d_type = r->d_type;
> + rtctl.flags = r->flags;
> + rtctl.prefixlen = r->prefixlen;
> +
> TAILQ_FOREACH(rn, &r->nexthop, entry) {
> if (rn->invalid)
> continue;
>
> - rtctl.prefix = r->prefix;
> + rtctl.connected = rn->connected;
> rtctl.nexthop = rn->nexthop;
> rtctl.ifindex = rn->ifindex;
> - rtctl.area.s_addr = r->area.s_addr;
> rtctl.adv_rtr.s_addr = rn->adv_rtr.s_addr;
> - rtctl.cost = r->cost;
> - rtctl.cost2 = r->cost2;
> - rtctl.p_type = r->p_type;
> - rtctl.d_type = r->d_type;
>
Re: ospf6d: bring ospf6d closer to ospfd
On Sat, Mar 21, 2020 at 05:25:45PM +0100, Denis Fondras wrote:
> Biggest chunk is rework of rde_asext_get()/rde_asext_put().
> Also change get_net_link() and get_rtr_link() to work like ospfd couterpart.
Reads good to me and I didn't spot any issues running tests with it.
One question: why "if 0" the "Dump SPF tree to log"?
>
> Index: rde.c
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/rde.c,v
> retrieving revision 1.84
> diff -u -p -r1.84 rde.c
> --- rde.c 17 Feb 2020 08:12:22 - 1.84
> +++ rde.c 21 Mar 2020 16:04:47 -
> @@ -59,8 +59,9 @@ int rde_req_list_exists(struct rde_nbr
> void rde_req_list_del(struct rde_nbr *, struct lsa_hdr *);
> void rde_req_list_free(struct rde_nbr *);
>
> -struct lsa *rde_asext_get(struct kroute *);
> -struct lsa *rde_asext_put(struct kroute *);
> +struct iface *rde_asext_lookup(struct in6_addr, int);
> +void rde_asext_get(struct kroute *);
> +void rde_asext_put(struct kroute *);
>
> int comp_asext(struct lsa *, struct lsa *);
> struct lsa *orig_asext_lsa(struct kroute *, u_int16_t);
> @@ -217,6 +218,7 @@ __dead void
> rde_shutdown(void)
> {
> struct area *a;
> + struct vertex *v, *nv;
>
> /* close pipes */
> msgbuf_clear(&iev_ospfe->ibuf.w);
> @@ -232,6 +234,10 @@ rde_shutdown(void)
> LIST_REMOVE(a, entry);
> area_del(a);
> }
> + for (v = RB_MIN(lsa_tree, &asext_tree); v != NULL; v = nv) {
> + nv = RB_NEXT(lsa_tree, &asext_tree, v);
> + vertex_free(v);
> + }
> rde_nbr_free();
>
> free(iev_ospfe);
> @@ -643,8 +649,6 @@ rde_dispatch_parent(int fd, short event,
> struct kroutekr;
> struct imsgev *iev = bula;
> struct imsgbuf *ibuf = &iev->ibuf;
> - struct lsa *lsa;
> - struct vertex *v;
> ssize_t n;
> int shut = 0, link_ok, prev_link_ok, orig_lsa;
> unsigned int ifindex;
> @@ -676,13 +680,7 @@ rde_dispatch_parent(int fd, short event,
> break;
> }
> memcpy(&kr, imsg.data, sizeof(kr));
> -
> - if ((lsa = rde_asext_get(&kr)) != NULL) {
> - v = lsa_find(NULL, lsa->hdr.type,
> - lsa->hdr.ls_id, lsa->hdr.adv_rtr);
> -
> - lsa_merge(nbrself, lsa, v);
> - }
> + rde_asext_get(&kr);
> break;
> case IMSG_NETWORK_DEL:
> if (imsg.hdr.len != IMSG_HEADER_SIZE + sizeof(kr)) {
> @@ -691,20 +689,7 @@ rde_dispatch_parent(int fd, short event,
> break;
> }
> memcpy(&kr, imsg.data, sizeof(kr));
> -
> - if ((lsa = rde_asext_put(&kr)) != NULL) {
> - v = lsa_find(NULL, lsa->hdr.type,
> - lsa->hdr.ls_id, lsa->hdr.adv_rtr);
> -
> - /*
> - * if v == NULL no LSA is in the table and
> - * nothing has to be done.
> - */
> - if (v)
> - lsa_merge(nbrself, lsa, v);
> - else
> - free(lsa);
> - }
> + rde_asext_put(&kr);
> break;
> case IMSG_IFINFO:
> if (imsg.hdr.len != IMSG_HEADER_SIZE +
> @@ -1202,48 +1187,77 @@ rde_req_list_free(struct rde_nbr *nbr)
> /*
> * as-external LSA handling
> */
> -struct lsa *
> -rde_asext_get(struct kroute *kr)
> +struct iface *
> +rde_asext_lookup(struct in6_addr prefix, int plen)
> {
> +
> struct area *area;
> struct iface*iface;
> struct iface_addr *ia;
> - struct in6_addr addr;
> -
> - LIST_FOREACH(area, &rdeconf->area_list, entry)
> - LIST_FOREACH(iface, &area->iface_list, entry)
> + struct in6_addr ina, inb;
> +
> + LIST_FOREACH(area, &rdeconf->area_list, entry) {
> + LIST_FOREACH(iface, &area->iface_list, entry) {
> TAILQ_FOREACH(ia, &iface->ifa_list, entry) {
> if (IN6_IS_ADDR_LINKLOCAL(&ia->addr))
> continue;
>
> - inet6applymask(&addr, &ia->addr,
> - kr->prefixlen);
> - if (!memcmp(&addr, &kr->prefix,
> - sizeof(addr)) && kr->prefixlen ==
> - ia->prefixl
syslog regress and libressl
I noticed that some regress test fail since February 7:
- run-args-server-tls-reconnect.pl
- run-args-server-tls-tcp.pl
- run-args-tls-cipher-null.pl
(http://bluhm.genua.de/regress/results/regress-ot6.html)
It is related to changes in LibreSSL. Is this intended? Should the regress
tests be adapted?
Below diff makes two of the tests succeed.
Remi
Index: args-server-tls-tcp.pl
===
RCS file: /cvs/src/regress/usr.sbin/syslogd/args-server-tls-tcp.pl,v
retrieving revision 1.10
diff -u -p -r1.10 args-server-tls-tcp.pl
--- args-server-tls-tcp.pl 22 May 2018 15:01:16 - 1.10
+++ args-server-tls-tcp.pl 2 Mar 2020 21:30:01 -
@@ -41,7 +41,7 @@ our %args = (
loggrep => {
qr/syslogd\[\d+\]: loghost .* connection error: /.
qr/handshake failed: error:.*:SSL routines:/.
- qr/CONNECT_CR_SRVR_HELLO:wrong version number/ => 1,
+ qr/\(UNKNOWN\)SSL_internal:unknown failure occurred/ => 1,
},
},
);
Index: args-tls-cipher-null.pl
===
RCS file: /cvs/src/regress/usr.sbin/syslogd/args-tls-cipher-null.pl,v
retrieving revision 1.8
diff -u -p -r1.8 args-tls-cipher-null.pl
--- args-tls-cipher-null.pl 5 Apr 2017 22:32:14 - 1.8
+++ args-tls-cipher-null.pl 2 Mar 2020 22:22:32 -
@@ -16,7 +16,7 @@ our %args = (
qr/Logging to FORWTLS \@tls:\/\/localhost:\d+/ => '>=4',
qr/syslogd\[\d+\]: loghost .* connection error: /.
qr/handshake failed: error:.*:SSL routines:/.
- qr/CONNECT_CR_SRVR_HELLO:sslv3 alert handshake failure/ => 1,
+ qr/ST_CONNECT:sslv3 alert handshake failure/ => 1,
get_testgrep() => 1,
},
cacrt => "ca.crt",
Re: openssl.1: Tag command names
On Mon, Feb 17, 2020 at 05:19:27PM +0100, Klemens Nanni wrote: > > I'd like to commit this soon, it allows me to jump to the command I'm > looking for, e.g. ":tx509" shows me the synopsis right away. > > FWIW, some Linux distributions ship with separate manuals, e.g. x509(1SSL). > > Patch was done with a VIM macro by adding a new line after each `.Sh' > line with the respective name but lowercased, so no typos in the added > strings. > > Specifying it is required since the markup following the `.Tg' markup > always starts with "openssl"; the tag must not include it (`.Tg' > accepts at most one word anyway). > I like the idea! To me it would be more logical to put .Tg above .Sh, but that is a minor thing. > > Index: openssl.1 > === > RCS file: /cvs/src/usr.bin/openssl/openssl.1,v > retrieving revision 1.119 > diff -u -p -U1 -r1.119 openssl.1 > --- openssl.1 16 Feb 2020 16:39:01 - 1.119 > +++ openssl.1 17 Feb 2020 16:11:22 - > @@ -203,2 +203,3 @@ itself. > .Sh ASN1PARSE > +.Tg asn1parse > .Bl -hang -width "openssl asn1parse" > @@ -299,2 +300,3 @@ into a nested structure. > .Sh CA > +.Tg ca > .Bl -hang -width "openssl ca" > @@ -848,2 +850,3 @@ The same as > .Sh CIPHERS > +.Tg ciphers > .Nm openssl ciphers > @@ -880,2 +883,3 @@ but without cipher suite codes. > .Sh CMS > +.Tg cms > .Bl -hang -width "openssl cms" > @@ -1396,2 +1400,3 @@ is specified. > .Sh CRL > +.Tg crl > .Bl -hang -width "openssl crl" > @@ -1472,2 +1477,3 @@ Verify the signature on the CRL. > .Sh CRL2PKCS7 > +.Tg crl2pkcs7 > .Bl -hang -width "openssl crl2pkcs7" > @@ -1517,2 +1523,3 @@ The output format. > .Sh DGST > +.Tg dgst > .Bl -hang -width "openssl dgst" > @@ -1631,2 +1638,3 @@ If no files are specified then standard > .Sh DHPARAM > +.Tg dhparam > .Bl -hang -width "openssl dhparam" > @@ -1707,2 +1715,3 @@ parameters are generated instead. > .Sh DSA > +.Tg dsa > .Bl -hang -width "openssl dsa" > @@ -1795,2 +1804,3 @@ Print the public/private key in plain te > .Sh DSAPARAM > +.Tg dsaparam > .Bl -hang -width "openssl dsaparam" > @@ -1847,2 +1857,3 @@ If this option is included, the input fi > .Sh EC > +.Tg ec > .Bl -hang -width "openssl ec" > @@ -1959,2 +1970,3 @@ Print the public/private key in plain te > .Sh ECPARAM > +.Tg ecparam > .Bl -hang -width "openssl ecparam" > @@ -2054,2 +2066,3 @@ Print the EC parameters in plain text. > .Sh ENC > +.Tg enc > .Bl -hang -width "openssl enc" > @@ -2217,2 +2230,3 @@ Print extra details about the processing > .Sh ERRSTR > +.Tg errstr > .Nm openssl errstr > @@ -2247,2 +2261,3 @@ Print debugging statistics about various > .Sh GENDSA > +.Tg gendsa > .Bl -hang -width "openssl gendsa" > @@ -2293,2 +2308,3 @@ The parameters in this file determine th > .Sh GENPKEY > +.Tg genpkey > .Bl -hang -width "openssl genpkey" > @@ -2397,2 +2413,3 @@ Print the private/public key in plain te > .Sh GENRSA > +.Tg genrsa > .Bl -hang -width "openssl genrsa" > @@ -2454,2 +2471,3 @@ The default is 2048. > .Sh NSEQ > +.Tg nseq > .Nm openssl nseq > @@ -2484,2 +2502,3 @@ a Netscape certificate sequence is creat > .Sh OCSP > +.Tg ocsp > .Bl -hang -width "openssl ocsp" > @@ -2836,2 +2855,3 @@ option. > .Sh PASSWD > +.Tg passwd > .Bl -hang -width "openssl passwd" > @@ -2899,2 +2919,3 @@ to each password hash. > .Sh PKCS7 > +.Tg pkcs7 > .Bl -hang -width "openssl pkcs7" > @@ -2944,2 +2965,3 @@ Print certificate details in full rather > .Sh PKCS8 > +.Tg pkcs8 > .Bl -hang -width "openssl pkcs8" > @@ -3027,2 +3049,3 @@ It is recommended that des3 is used. > .Sh PKCS12 > +.Tg pkcs12 > .Bl -hang -width "openssl pkcs12" > @@ -3244,2 +3267,3 @@ is equivalent to > .Sh PKEY > +.Tg pkey > .Bl -hang -width "openssl pkey" > @@ -3307,2 +3331,3 @@ even if a private key is being processed > .Sh PKEYPARAM > +.Tg pkeyparam > .Cm openssl pkeyparam > @@ -3332,2 +3357,3 @@ Print the parameters in plain text. > .Sh PKEYUTL > +.Tg pkeyutl > .Bl -hang -width "openssl pkeyutl" > @@ -3484,2 +3510,3 @@ Verify the input data and output the rec > .Sh PRIME > +.Tg prime > .Cm openssl prime > @@ -3528,2 +3555,3 @@ is prime. > .Sh RAND > +.Tg rand > .Bl -hang -width "openssl rand" > @@ -3555,2 +3583,3 @@ or standard output if not specified. > .Sh REQ > +.Tg req > .Bl -hang -width "openssl req" > @@ -4004,2 +4033,3 @@ Any additional fields will be treated as > .Sh RSA > +.Tg rsa > .Bl -hang -width "openssl rsa" > @@ -4101,2 +4131,3 @@ Print the public/private key components > .Sh RSAUTL > +.Tg rsautl > .Bl -hang -width "openssl rsautl" > @@ -4175,2 +4206,3 @@ Verify the input data and output the rec > .Sh S_CLIENT > +.Tg s_client > .Bl -hang -width "openssl s_client" > @@ -4473,2 +4505,3 @@ will be used. > .Sh S_SERVER > +.Tg s_server > .Bl -hang -width "openssl s_server" > @@ -4778,2 +4811,3 @@ a certificate is requested but the clien > .Sh S_TIME > +.Tg s_time > .Bl -hang -width "openssl s_time" > @@ -4888,2 +
Re: ospf6d: rework rde_lsdb.c
On Sat, Feb 15, 2020 at 11:37:12AM +0100, Denis Fondras wrote:
> 3 changes in rde_lsdb.c
> - lsa_find_lsid() has redondant parameters
> - call to lsa_self() can be simplified (== ospfd)
> - update debug messages to be more suitable
>
ok remi@
> Index: rde.c
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/rde.c,v
> retrieving revision 1.83
> diff -u -p -r1.83 rde.c
> --- rde.c 21 Jan 2020 15:17:12 - 1.83
> +++ rde.c 27 Jan 2020 17:11:52 -
> @@ -455,17 +455,10 @@ rde_dispatch_imsg(int fd, short event, v
>
> rde_req_list_del(nbr, &lsa->hdr);
>
> - self = lsa_self(lsa);
> - if (self) {
> - if (v == NULL)
> - /* LSA is no longer announced,
> - * remove by premature aging. */
> - lsa_flush(nbr, lsa);
> - else
> - lsa_reflood(v, lsa);
> - } else if (lsa_add(nbr, lsa))
> - /* delayed lsa, don't flood yet */
> - break;
> + if (!(self = lsa_self(nbr, lsa, v)))
> + if (lsa_add(nbr, lsa))
> + /* delayed lsa */
> + break;
>
> /* flood and perhaps ack LSA */
> imsg_compose_event(iev_ospfe, IMSG_LS_FLOOD,
> @@ -1683,8 +1676,7 @@ orig_asext_lsa(struct kroute *kr, u_int1
> memcpy((char *)lsa + sizeof(struct lsa_hdr) + sizeof(struct lsa_asext),
> &kr->prefix, LSA_PREFIXSIZE(kr->prefixlen));
>
> - lsa->hdr.ls_id = lsa_find_lsid(&asext_tree, lsa->hdr.type,
> - lsa->hdr.adv_rtr, comp_asext, lsa);
> + lsa->hdr.ls_id = lsa_find_lsid(&asext_tree, comp_asext, lsa);
>
> if (age == MAX_AGE) {
> /* inherit metric and ext_tag from the current LSA,
> Index: rde.h
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/rde.h,v
> retrieving revision 1.24
> diff -u -p -r1.24 rde.h
> --- rde.h 21 Jan 2020 15:17:12 - 1.24
> +++ rde.h 27 Jan 2020 17:11:52 -
> @@ -145,9 +145,7 @@ void vertex_nexthop_add(struct vertex
> const struct in6_addr *, u_int32_t);
> int lsa_newer(struct lsa_hdr *, struct lsa_hdr *);
> int lsa_check(struct rde_nbr *, struct lsa *, u_int16_t);
> -int lsa_self(struct lsa *);
> -void lsa_flush(struct rde_nbr *, struct lsa *);
> -void lsa_reflood(struct vertex *, struct lsa*);
> +int lsa_self(struct rde_nbr *, struct lsa *, struct vertex *);
> int lsa_add(struct rde_nbr *, struct lsa *);
> void lsa_del(struct rde_nbr *, struct lsa_hdr *);
> void lsa_age(struct vertex *);
> @@ -156,7 +154,7 @@ struct vertex *lsa_find_rtr(struct area
> struct vertex*lsa_find_rtr_frag(struct area *, u_int32_t, unsigned
> int);
> struct vertex*lsa_find_tree(struct lsa_tree *, u_int16_t, u_int32_t,
> u_int32_t);
> -u_int32_t lsa_find_lsid(struct lsa_tree *, u_int16_t, u_int32_t,
> +u_int32_t lsa_find_lsid(struct lsa_tree *,
> int (*)(struct lsa *, struct lsa *), struct lsa *);
> u_int16_t lsa_num_links(struct vertex *);
> void lsa_snap(struct rde_nbr *);
> Index: rde_lsdb.c
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/rde_lsdb.c,v
> retrieving revision 1.42
> diff -u -p -r1.42 rde_lsdb.c
> --- rde_lsdb.c21 Jan 2020 15:17:13 - 1.42
> +++ rde_lsdb.c27 Jan 2020 17:11:52 -
> @@ -192,7 +192,7 @@ lsa_check(struct rde_nbr *nbr, struct ls
> return (0);
> }
> if (ntohs(lsa->hdr.len) != len) {
> - log_warnx("lsa_check: bad packet size");
> + log_warnx("lsa_check: bad packet length");
> return (0);
> }
>
> @@ -244,7 +244,7 @@ lsa_check(struct rde_nbr *nbr, struct ls
> }
> metric = ntohl(lsa->data.pref_sum.metric);
> if (metric & ~LSA_METRIC_MASK) {
> - log_warnx("lsa_check: bad LSA summary metric");
> + log_warnx("lsa_check: bad LSA prefix summary metric");
> return (0);
> }
> if (lsa_get_prefix(((char *)lsa) + sizeof(lsa->hdr) +
> @@ -263,7 +263,7 @@ lsa_check(struct rde_nbr *nbr, struct ls
> }
> metric = ntohl(lsa->data.rtr_sum.metric);
> if (metric & ~LSA_METRIC_MASK) {
>
Re: ospf6d: simplify lsa_snap()
On Wed, Jan 22, 2020 at 12:56:00AM +0100, Claudio Jeker wrote:
> On Tue, Jan 21, 2020 at 03:58:58PM +0100, Remi Locherer wrote:
> > On Tue, Jan 21, 2020 at 01:09:30PM +0100, Denis Fondras wrote:
> > > On Tue, Jan 21, 2020 at 09:35:06AM +0100, Remi Locherer wrote:
> > > > > @@ -235,6 +233,7 @@ lsa_check(struct rde_nbr *nbr, struct ls
> > > > > case LSA_TYPE_NETWORK:
> > > > > if ((len % sizeof(u_int32_t)) ||
> > > > > len < sizeof(lsa->hdr) + sizeof(u_int32_t)) {
> > > > > + log_warnx("lsa_check: bad LSA network packet");
> > > >
> > > > please use __func__
> > > >
> > >
> > > None use __func__ currently.
> > >
> >
> > Right, it's not often used in ospf6d.
> >
> > I think we should use it more in such cases.
> >
> > But you have my OK with or without that.
> >
>
> I think the log_warnx should use __func__ less and instead use better
> messages that an operator can understand without having to check the code.
> As a developer 'lsa_check: bad LSA network packet' sounds great since I
> can find the code but as an operator 'dropped LSA network packet with bad
> size from neighbor XY' would be more effective. I'm probably the source of
> most of those messages that's why I think they could be better :)
> But changing those can happen some other time.
I agree with that point. But when the function name is used in a message
I prefer if __func__ is used.
Re: ospf6d: simplify lsa_snap()
On Tue, Jan 21, 2020 at 01:09:30PM +0100, Denis Fondras wrote:
> On Tue, Jan 21, 2020 at 09:35:06AM +0100, Remi Locherer wrote:
> > > @@ -235,6 +233,7 @@ lsa_check(struct rde_nbr *nbr, struct ls
> > > case LSA_TYPE_NETWORK:
> > > if ((len % sizeof(u_int32_t)) ||
> > > len < sizeof(lsa->hdr) + sizeof(u_int32_t)) {
> > > + log_warnx("lsa_check: bad LSA network packet");
> >
> > please use __func__
> >
>
> None use __func__ currently.
>
Right, it's not often used in ospf6d.
I think we should use it more in such cases.
But you have my OK with or without that.
Remi
Re: ospf(6)d: allow "type p2p" globally or per area
On Mon, Jan 20, 2020 at 05:08:26PM +0100, Denis Fondras wrote:
> On Sun, Jan 19, 2020 at 11:04:16PM +0100, Remi Locherer wrote:
> > This makes the interface setting "type p2p" configurable globally or
> > per area. ospf(6)d allows this for almost all interface related settings.
> >
> > As a side-effect of this diff ospf(6)d -nv prints "type p2p" also for
> > point-to-point interfaces like gif or gre. I think this is an advantage
> > but I can also change that by re-introducing the iface->p2p variable.
> >
> > OK?
> >
>
> diff looks good. Is it really useful to set p2p globally ?
Yes, if the router only connects to other routers.
And the diff makes "type p2p" works the same as the other interface
settings do. And as the manual tells the user.
>
> > Remi
> >
> >
> >
> > Index: ospf6d/ospf6d.h
> > ===
> > RCS file: /cvs/src/usr.sbin/ospf6d/ospf6d.h,v
> > retrieving revision 1.44
> > diff -u -p -r1.44 ospf6d.h
> > --- ospf6d/ospf6d.h 3 Jan 2020 17:45:02 - 1.44
> > +++ ospf6d/ospf6d.h 12 Jan 2020 21:44:41 -
> > @@ -329,7 +329,6 @@ struct iface {
> > u_int8_t if_type;
> > u_int8_t linkstate;
> > u_int8_t priority;
> > - u_int8_t p2p;
> > u_int8_t cflags;
> > #define F_IFACE_PASSIVE0x01
> > #define F_IFACE_CONFIGURED 0x02
> > Index: ospf6d/parse.y
> > ===
> > RCS file: /cvs/src/usr.sbin/ospf6d/parse.y,v
> > retrieving revision 1.48
> > diff -u -p -r1.48 parse.y
> > --- ospf6d/parse.y 26 Dec 2019 10:24:18 - 1.48
> > +++ ospf6d/parse.y 19 Jan 2020 21:51:56 -
> > @@ -102,6 +102,7 @@ struct config_defaults {
> > u_int16_t rxmt_interval;
> > u_int16_t metric;
> > u_int8_tpriority;
> > + u_int8_tp2p;
> > };
> >
> > struct config_defaults globaldefs;
> > @@ -449,6 +450,9 @@ defaults: METRIC NUMBER {
> > }
> > defs->rxmt_interval = $2;
> > }
> > + | TYPE P2P {
> > + defs->p2p = 1;
> > + }
> > ;
> >
> > optnl : '\n' optnl
> > @@ -550,6 +554,8 @@ interface : INTERFACE STRING {
> > iface->metric = defs->metric;
> > iface->priority = defs->priority;
> > iface->cflags |= F_IFACE_CONFIGURED;
> > + if (defs->p2p == 1)
> > + iface->type = IF_TYPE_POINTOPOINT;
> > iface = NULL;
> > /* interface is always part of an area */
> > defs = &areadefs;
> > @@ -566,10 +572,6 @@ interfaceopts_l: interfaceopts_l interf
> > ;
> >
> > interfaceoptsl : PASSIVE { iface->cflags |=
> > F_IFACE_PASSIVE; }
> > - | TYPE P2P {
> > - iface->p2p = 1;
> > - iface->type = IF_TYPE_POINTOPOINT;
> > - }
> > | DEMOTE STRING {
> > if (strlcpy(iface->demote_group, $2,
> > sizeof(iface->demote_group)) >=
> > @@ -1034,6 +1036,7 @@ parse_config(char *filename, int opts)
> > defs->rxmt_interval = DEFAULT_RXMT_INTERVAL;
> > defs->metric = DEFAULT_METRIC;
> > defs->priority = DEFAULT_PRIORITY;
> > + defs->p2p = 0;
> >
> > conf->spf_delay = DEFAULT_SPF_DELAY;
> > conf->spf_hold_time = DEFAULT_SPF_HOLDTIME;
> > Index: ospf6d/printconf.c
> > ===
> > RCS file: /cvs/src/usr.sbin/ospf6d/printconf.c,v
> > retrieving revision 1.9
> > diff -u -p -r1.9 printconf.c
> > --- ospf6d/printconf.c 26 Dec 2019 10:24:18 - 1.9
> > +++ ospf6d/printconf.c 12 Jan 2020 21:43:06 -
> > @@ -1,4 +1,5 @@
> > -/* $OpenBSD: printconf.c,v 1.9 2019/12/26 10:24:18 remi Exp $ */
> > +/* $OpenBSD: printconf.c,v 1.9 2019/12/26 10:24:18 remi Exp $
> > +*/
> >
> > /*
> > * Copyright (c) 2004, 2005 Esben Norby
> > @@ -135,7 +136,7 @@ print_iface(struct iface *iface)
> > prin
Re: ospf6d: simplify lsa_snap()
On Mon, Jan 20, 2020 at 05:03:34PM +0100, Denis Fondras wrote:
> No need to pass peerid to lsa_snap()
>
> While at it, remove unused variable.
ok iremi@ with a small comment below.
>
> Index: rde.c
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/rde.c,v
> retrieving revision 1.82
> diff -u -p -r1.82 rde.c
> --- rde.c 2 Jan 2020 10:16:46 - 1.82
> +++ rde.c 20 Jan 2020 09:23:01 -
> @@ -345,7 +345,7 @@ rde_dispatch_imsg(int fd, short event, v
> if (nbr == NULL)
> break;
>
> - lsa_snap(nbr, imsg.hdr.peerid);
> + lsa_snap(nbr);
>
> imsg_compose_event(iev_ospfe, IMSG_DB_END,
> imsg.hdr.peerid,
> 0, -1, NULL, 0);
> Index: rde.h
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/rde.h,v
> retrieving revision 1.23
> diff -u -p -r1.23 rde.h
> --- rde.h 22 Dec 2019 11:19:06 - 1.23
> +++ rde.h 20 Jan 2020 09:23:01 -
> @@ -159,7 +159,7 @@ struct vertex *lsa_find_tree(struct lsa_
> u_int32_t lsa_find_lsid(struct lsa_tree *, u_int16_t, u_int32_t,
> int (*)(struct lsa *, struct lsa *), struct lsa *);
> u_int16_t lsa_num_links(struct vertex *);
> -void lsa_snap(struct rde_nbr *, u_int32_t);
> +void lsa_snap(struct rde_nbr *);
> void lsa_dump(struct lsa_tree *, int, pid_t);
> void lsa_merge(struct rde_nbr *, struct lsa *, struct vertex *);
> void lsa_remove_invalid_sums(struct area *);
> Index: rde_lsdb.c
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/rde_lsdb.c,v
> retrieving revision 1.41
> diff -u -p -r1.41 rde_lsdb.c
> --- rde_lsdb.c2 Jan 2020 10:16:46 - 1.41
> +++ rde_lsdb.c20 Jan 2020 09:23:01 -
> @@ -39,8 +39,6 @@ int lsa_get_prefix(void *, u_int16_t,
>
> RB_GENERATE(lsa_tree, vertex, entry, lsa_compare)
>
> -extern struct ospfd_conf *rdeconf;
> -
> void
> lsa_init(struct lsa_tree *t)
> {
> @@ -235,6 +233,7 @@ lsa_check(struct rde_nbr *nbr, struct ls
> case LSA_TYPE_NETWORK:
> if ((len % sizeof(u_int32_t)) ||
> len < sizeof(lsa->hdr) + sizeof(u_int32_t)) {
> + log_warnx("lsa_check: bad LSA network packet");
please use __func__
> return (0);
> }
> break;
> @@ -716,7 +715,7 @@ lsa_num_links(struct vertex *v)
> }
>
> void
> -lsa_snap(struct rde_nbr *nbr, u_int32_t peerid)
> +lsa_snap(struct rde_nbr *nbr)
> {
> struct lsa_tree *tree = &nbr->area->lsa_tree;
> struct vertex *v;
> @@ -727,11 +726,13 @@ lsa_snap(struct rde_nbr *nbr, u_int32_t
> continue;
> lsa_age(v);
> if (ntohs(v->lsa->hdr.age) >= MAX_AGE) {
> - rde_imsg_compose_ospfe(IMSG_LS_SNAP, peerid,
> - 0, &v->lsa->hdr, ntohs(v->lsa->hdr.len));
> + rde_imsg_compose_ospfe(IMSG_LS_SNAP,
> + nbr->peerid, 0, &v->lsa->hdr,
> + ntohs(v->lsa->hdr.len));
> } else {
> - rde_imsg_compose_ospfe(IMSG_DB_SNAPSHOT, peerid,
> - 0, &v->lsa->hdr, sizeof(struct lsa_hdr));
> + rde_imsg_compose_ospfe(IMSG_DB_SNAPSHOT,
> + nbr->peerid, 0, &v->lsa->hdr,
> + sizeof(struct lsa_hdr));
> }
> }
> if (tree == &asext_tree)
>
ospf(6)d: allow "type p2p" globally or per area
This makes the interface setting "type p2p" configurable globally or
per area. ospf(6)d allows this for almost all interface related settings.
As a side-effect of this diff ospf(6)d -nv prints "type p2p" also for
point-to-point interfaces like gif or gre. I think this is an advantage
but I can also change that by re-introducing the iface->p2p variable.
OK?
Remi
Index: ospf6d/ospf6d.h
===
RCS file: /cvs/src/usr.sbin/ospf6d/ospf6d.h,v
retrieving revision 1.44
diff -u -p -r1.44 ospf6d.h
--- ospf6d/ospf6d.h 3 Jan 2020 17:45:02 - 1.44
+++ ospf6d/ospf6d.h 12 Jan 2020 21:44:41 -
@@ -329,7 +329,6 @@ struct iface {
u_int8_t if_type;
u_int8_t linkstate;
u_int8_t priority;
- u_int8_t p2p;
u_int8_t cflags;
#define F_IFACE_PASSIVE0x01
#define F_IFACE_CONFIGURED 0x02
Index: ospf6d/parse.y
===
RCS file: /cvs/src/usr.sbin/ospf6d/parse.y,v
retrieving revision 1.48
diff -u -p -r1.48 parse.y
--- ospf6d/parse.y 26 Dec 2019 10:24:18 - 1.48
+++ ospf6d/parse.y 19 Jan 2020 21:51:56 -
@@ -102,6 +102,7 @@ struct config_defaults {
u_int16_t rxmt_interval;
u_int16_t metric;
u_int8_tpriority;
+ u_int8_tp2p;
};
struct config_defaults globaldefs;
@@ -449,6 +450,9 @@ defaults: METRIC NUMBER {
}
defs->rxmt_interval = $2;
}
+ | TYPE P2P {
+ defs->p2p = 1;
+ }
;
optnl : '\n' optnl
@@ -550,6 +554,8 @@ interface : INTERFACE STRING {
iface->metric = defs->metric;
iface->priority = defs->priority;
iface->cflags |= F_IFACE_CONFIGURED;
+ if (defs->p2p == 1)
+ iface->type = IF_TYPE_POINTOPOINT;
iface = NULL;
/* interface is always part of an area */
defs = &areadefs;
@@ -566,10 +572,6 @@ interfaceopts_l: interfaceopts_l interf
;
interfaceoptsl : PASSIVE { iface->cflags |= F_IFACE_PASSIVE; }
- | TYPE P2P {
- iface->p2p = 1;
- iface->type = IF_TYPE_POINTOPOINT;
- }
| DEMOTE STRING {
if (strlcpy(iface->demote_group, $2,
sizeof(iface->demote_group)) >=
@@ -1034,6 +1036,7 @@ parse_config(char *filename, int opts)
defs->rxmt_interval = DEFAULT_RXMT_INTERVAL;
defs->metric = DEFAULT_METRIC;
defs->priority = DEFAULT_PRIORITY;
+ defs->p2p = 0;
conf->spf_delay = DEFAULT_SPF_DELAY;
conf->spf_hold_time = DEFAULT_SPF_HOLDTIME;
Index: ospf6d/printconf.c
===
RCS file: /cvs/src/usr.sbin/ospf6d/printconf.c,v
retrieving revision 1.9
diff -u -p -r1.9 printconf.c
--- ospf6d/printconf.c 26 Dec 2019 10:24:18 - 1.9
+++ ospf6d/printconf.c 12 Jan 2020 21:43:06 -
@@ -1,4 +1,5 @@
-/* $OpenBSD: printconf.c,v 1.9 2019/12/26 10:24:18 remi Exp $ */
+/* $OpenBSD: printconf.c,v 1.9 2019/12/26 10:24:18 remi Exp $
+*/
/*
* Copyright (c) 2004, 2005 Esben Norby
@@ -135,7 +136,7 @@ print_iface(struct iface *iface)
printf("\t\trouter-priority %d\n", iface->priority);
printf("\t\ttransmit-delay %d\n", iface->transmit_delay);
- if (iface->p2p)
+ if (iface->type == IF_TYPE_POINTOPOINT)
printf("\t\ttype p2p\n");
printf("\t}\n");
Index: ospfd/ospfd.c
===
RCS file: /cvs/src/usr.sbin/ospfd/ospfd.c,v
retrieving revision 1.110
diff -u -p -r1.110 ospfd.c
--- ospfd/ospfd.c 23 Nov 2019 15:05:21 - 1.110
+++ ospfd/ospfd.c 18 Jan 2020 14:02:04 -
@@ -893,7 +893,6 @@ merge_interfaces(struct area *a, struct
if (i->self)
i->self->priority = i->priority;
i->flags = xi->flags; /* needed? */
- i->type = xi->type; /* needed? */
i->if_type = xi->if_type; /* needed? */
i->linkstate = xi->linkstate; /* needed? */
@@ -915,11 +914,11 @@ merge_interfaces(struct area *a, struct
if_fsm(i, IF_EVT_UP);
}
- if (i->p2p != xi->p2p) {
+ if (i->type != xi->type) {
/* restart interface to enable or disable DR election */
if (ospfd_process == PROC_OSPF_ENGINE)
i
Re: ospf(6)d.conf: define interface parameters per area or globally
On Sun, Jan 12, 2020 at 04:18:26PM +0100, Claudio Jeker wrote:
> On Sun, Jan 12, 2020 at 03:46:15PM +0100, Remi Locherer wrote:
> > On Wed, Jan 08, 2020 at 01:13:45PM +0100, Denis Fondras wrote:
> > > On Wed, Jan 08, 2020 at 09:14:48AM +0100, Remi Locherer wrote:
> > > > > I have a diff to allow parameters after interface or area definition.
> > > > > Not sure if we want to do that though.
> > > >
> > > > I would appreciate that! ;-)
> > > >
> > >
> > > The ospfd diff needs some more work. Crypt authentication handling is not
> > > perfect.
> >
> > This works fine for me and the diff reads good. I tested ospfd and ospf6d.
> > Also the crypt options for ospfd worked fine.
> >
> > ok remi@
>
> Currently all daemons behave the same way and inherit at the moment of
> creation. Having this behave different between daemons is confusing.
> At least ospfd and bgpd should behave the same. Not saying that the
> current behaviour is great.
> I think in the case of ospfd the way auth-md is handled by this diff is
> not comparable with the behaviour of the other settings.
I agree. But that should not stop us improving one program before the
other ones.
>
> area 0.0.0.0 {
> hello-interval 10
> auth-md 1 foo
>
> interface em0
>
> hello-interval 20
> auth-md 1 bar
> auth-md 2 foofoo
>
> interface em1 {
> auth-md 3 barbar
> }
>
> hello-interval 30
> auth-md 1 bay
> auth-md 2 foobar
> }
>
> What values for hello-interval and auth-md should be set on em0 and em1?
>
To me it looks natural if the latest value per level is used. With your
example that would be:
em0:
- auth-md 1 "bay"
- auth-md 2 "foobar"
- hello-interval 30
em1:
- auth-md 1 "bay"
- auth-md 2 "foobar"
- auth-md 3 "barbar"
- hello-interval 30
In my testing this is the result of the diff from Denis. (I modified
printconf.c to print the keys to see the results).
Another option would be to make it an error specifying the same option
more than once at the same level.
While looking closer I noticed, that the default value for auth-md-keyid
is set to 0 while the manual says it is 1. But that is not a change
introduced by this diff.
> > >
> > > Index: ospf6d/ospf6d.h
> > > ===
> > > RCS file: /cvs/src/usr.sbin/ospf6d/ospf6d.h,v
> > > retrieving revision 1.44
> > > diff -u -p -r1.44 ospf6d.h
> > > --- ospf6d/ospf6d.h 3 Jan 2020 17:45:02 - 1.44
> > > +++ ospf6d/ospf6d.h 8 Jan 2020 12:11:20 -
> > > @@ -328,7 +328,7 @@ struct iface {
> > > enum iface_type type;
> > > u_int8_t if_type;
> > > u_int8_t linkstate;
> > > - u_int8_t priority;
> > > + int16_t priority;
> > > u_int8_t p2p;
> > > u_int8_t cflags;
> > > #define F_IFACE_PASSIVE 0x01
> > > Index: ospf6d/parse.y
> > > ===
> > > RCS file: /cvs/src/usr.sbin/ospf6d/parse.y,v
> > > retrieving revision 1.48
> > > diff -u -p -r1.48 parse.y
> > > --- ospf6d/parse.y26 Dec 2019 10:24:18 - 1.48
> > > +++ ospf6d/parse.y8 Jan 2020 12:11:20 -
> > > @@ -101,7 +101,7 @@ struct config_defaults {
> > > u_int16_t hello_interval;
> > > u_int16_t rxmt_interval;
> > > u_int16_t metric;
> > > - u_int8_tpriority;
> > > + int16_t priority;
> > > };
> > >
> > > struct config_defaultsglobaldefs;
> > > @@ -111,6 +111,7 @@ struct config_defaults*defs;
> > >
> > > struct area *conf_get_area(struct in_addr);
> > > int conf_check_rdomain(u_int);
> > > +void iface_settings(struct iface *, struct config_defaults
> > > *);
> > >
> > > typedef struct {
> > > union {
> > > @@ -465,9 +466,14 @@ comma: ','
> > > area : AREA areaid {
> > > area = conf_get_area($2);
> > >
> > > - memcpy(&areadefs, defs, sizeof(areadefs));
> > > + memset(&areadefs, 0, sizeof(areadefs));
> > > + areadefs.priority = -1;
> > >
Re: ospf(6)d.conf: define interface parameters per area or globally
On Wed, Jan 08, 2020 at 01:13:45PM +0100, Denis Fondras wrote:
> On Wed, Jan 08, 2020 at 09:14:48AM +0100, Remi Locherer wrote:
> > > I have a diff to allow parameters after interface or area definition.
> > > Not sure if we want to do that though.
> >
> > I would appreciate that! ;-)
> >
>
> The ospfd diff needs some more work. Crypt authentication handling is not
> perfect.
This works fine for me and the diff reads good. I tested ospfd and ospf6d.
Also the crypt options for ospfd worked fine.
ok remi@
>
> Index: ospf6d/ospf6d.h
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/ospf6d.h,v
> retrieving revision 1.44
> diff -u -p -r1.44 ospf6d.h
> --- ospf6d/ospf6d.h 3 Jan 2020 17:45:02 - 1.44
> +++ ospf6d/ospf6d.h 8 Jan 2020 12:11:20 -
> @@ -328,7 +328,7 @@ struct iface {
> enum iface_type type;
> u_int8_t if_type;
> u_int8_t linkstate;
> - u_int8_t priority;
> + int16_t priority;
> u_int8_t p2p;
> u_int8_t cflags;
> #define F_IFACE_PASSIVE 0x01
> Index: ospf6d/parse.y
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/parse.y,v
> retrieving revision 1.48
> diff -u -p -r1.48 parse.y
> --- ospf6d/parse.y26 Dec 2019 10:24:18 - 1.48
> +++ ospf6d/parse.y8 Jan 2020 12:11:20 -
> @@ -101,7 +101,7 @@ struct config_defaults {
> u_int16_t hello_interval;
> u_int16_t rxmt_interval;
> u_int16_t metric;
> - u_int8_tpriority;
> + int16_t priority;
> };
>
> struct config_defaultsglobaldefs;
> @@ -111,6 +111,7 @@ struct config_defaults*defs;
>
> struct area *conf_get_area(struct in_addr);
> int conf_check_rdomain(u_int);
> +void iface_settings(struct iface *, struct config_defaults *);
>
> typedef struct {
> union {
> @@ -465,9 +466,14 @@ comma: ','
> area : AREA areaid {
> area = conf_get_area($2);
>
> - memcpy(&areadefs, defs, sizeof(areadefs));
> + memset(&areadefs, 0, sizeof(areadefs));
> + areadefs.priority = -1;
> defs = &areadefs;
> } '{' optnl areaopts_l '}' {
> + struct iface*i;
> + LIST_FOREACH(i, &area->iface_list, entry) {
> + iface_settings(i, &areadefs);
> + }
> area = NULL;
> defs = &globaldefs;
> }
> @@ -540,15 +546,12 @@ interface : INTERFACE STRING {
> iface->area = area;
> LIST_INSERT_HEAD(&area->iface_list, iface, entry);
>
> - memcpy(&ifacedefs, defs, sizeof(ifacedefs));
> + memset(&ifacedefs, 0, sizeof(ifacedefs));
> + ifacedefs.priority = -1;
> defs = &ifacedefs;
> } interface_block {
> - iface->dead_interval = defs->dead_interval;
> - iface->transmit_delay = defs->transmit_delay;
> - iface->hello_interval = defs->hello_interval;
> - iface->rxmt_interval = defs->rxmt_interval;
> - iface->metric = defs->metric;
> - iface->priority = defs->priority;
> + iface->priority = -1;
> + iface_settings(iface, defs);
> iface->cflags |= F_IFACE_CONFIGURED;
> iface = NULL;
> /* interface is always part of an area */
> @@ -1018,6 +1021,8 @@ popfile(void)
> struct ospfd_conf *
> parse_config(char *filename, int opts)
> {
> + struct area *a;
> + struct iface*i;
> struct sym *sym, *next;
>
> if ((conf = calloc(1, sizeof(struct ospfd_conf))) == NULL)
> @@ -1068,6 +1073,10 @@ parse_config(char *filename, int opts)
> }
> }
>
> + LIST_FOREACH(a, &conf->area_list, entry)
> + LIST_FOREACH(i, &a->iface_list, entry)
> + iface_settings(i, defs);
> +
> /* check that all interfaces belong to the configured rdomain */
> errors += conf_check_rdomain(conf->rdomain);
>
Re: ospf(6)d.conf: define interface parameters per area or globally
On Sat, Jan 04, 2020 at 11:34:45PM +0100, Denis Fondras wrote:
> On Sat, Jan 04, 2020 at 11:11:36PM +0100, Remi Locherer wrote:
> > Hi,
> >
> > interface-specific parameters can be defined globally or per area.
> > But they are applied to the interfaces only if the interfaces are
> > declared afterwards.
> >
>
> I have a diff to allow parameters after interface or area definition.
> Not sure if we want to do that though.
I would appreciate that! ;-)
> > Or is the GLOBAL CONFIURATION section the better place for this?
> > I opted for the AREA section because I consider it unlikely a user adds
> > global parameters at the end of the config file. But who knows. ;-)
> >
>
> In the MACRO section I would change the last sentence too (or even remove it
> as
> it is close to the GLOBAL first paragraph).
True, it does not add a lot of value. But I don't have a strong opinion.
>
> Anyway OK denis@
>
> > Remi
> >
> > Index: ospfd/ospfd.conf.5
> > ===
> > RCS file: /cvs/src/usr.sbin/ospfd/ospfd.conf.5,v
> > retrieving revision 1.58
> > diff -u -p -r1.58 ospfd.conf.5
> > --- ospfd/ospfd.conf.5 19 Nov 2019 09:55:55 - 1.58
> > +++ ospfd/ospfd.conf.5 4 Jan 2020 21:48:00 -
> > @@ -256,11 +256,13 @@ is set to a value other than 1 or if the
> > Areas are used for grouping interfaces.
> > All interface-specific parameters can
> > be configured per area, overruling the global settings.
> > +These interface-specific parameters need to be defined before the
> > interfaces.
> > .Bl -tag -width Ds
> > .It Ic area Ar id | address
> > Specify an area section, grouping one or more interfaces.
> > .Bd -literal -offset indent
> > area 0.0.0.0 {
> > + hello-interval 3
> > interface em0
> > interface em1 {
> > metric 10
> > Index: ospf6d/ospf6d.conf.5
> > ===
> > RCS file: /cvs/src/usr.sbin/ospf6d/ospf6d.conf.5,v
> > retrieving revision 1.20
> > diff -u -p -r1.20 ospf6d.conf.5
> > --- ospf6d/ospf6d.conf.526 Dec 2019 10:24:18 - 1.20
> > +++ ospf6d/ospf6d.conf.54 Jan 2020 21:48:30 -
> > @@ -236,11 +236,13 @@ is set to a value different to 1 or if t
> > Areas are used for grouping interfaces.
> > All interface-specific parameters can
> > be configured per area, overruling the global settings.
> > +These interface-specific parameters need to be defined before the
> > interfaces.
> > .Bl -tag -width Ds
> > .It Ic area Ar address Ns | Ns Ar id
> > Specify an area section, grouping one or more interfaces.
> > .Bd -literal -offset indent
> > area 0.0.0.0 {
> > + hello-interval 3
> > interface em0
> > interface em1 {
> > metric 10
> >
>
ospf(6)d.conf: define interface parameters per area or globally
Hi,
interface-specific parameters can be defined globally or per area.
But they are applied to the interfaces only if the interfaces are
declared afterwards.
Or is the GLOBAL CONFIURATION section the better place for this?
I opted for the AREA section because I consider it unlikely a user adds
global parameters at the end of the config file. But who knows. ;-)
Remi
Index: ospfd/ospfd.conf.5
===
RCS file: /cvs/src/usr.sbin/ospfd/ospfd.conf.5,v
retrieving revision 1.58
diff -u -p -r1.58 ospfd.conf.5
--- ospfd/ospfd.conf.5 19 Nov 2019 09:55:55 - 1.58
+++ ospfd/ospfd.conf.5 4 Jan 2020 21:48:00 -
@@ -256,11 +256,13 @@ is set to a value other than 1 or if the
Areas are used for grouping interfaces.
All interface-specific parameters can
be configured per area, overruling the global settings.
+These interface-specific parameters need to be defined before the interfaces.
.Bl -tag -width Ds
.It Ic area Ar id | address
Specify an area section, grouping one or more interfaces.
.Bd -literal -offset indent
area 0.0.0.0 {
+ hello-interval 3
interface em0
interface em1 {
metric 10
Index: ospf6d/ospf6d.conf.5
===
RCS file: /cvs/src/usr.sbin/ospf6d/ospf6d.conf.5,v
retrieving revision 1.20
diff -u -p -r1.20 ospf6d.conf.5
--- ospf6d/ospf6d.conf.526 Dec 2019 10:24:18 - 1.20
+++ ospf6d/ospf6d.conf.54 Jan 2020 21:48:30 -
@@ -236,11 +236,13 @@ is set to a value different to 1 or if t
Areas are used for grouping interfaces.
All interface-specific parameters can
be configured per area, overruling the global settings.
+These interface-specific parameters need to be defined before the interfaces.
.Bl -tag -width Ds
.It Ic area Ar address Ns | Ns Ar id
Specify an area section, grouping one or more interfaces.
.Bd -literal -offset indent
area 0.0.0.0 {
+ hello-interval 3
interface em0
interface em1 {
metric 10
Re: ospf6d: sync hello.c with ospfd
On Thu, Jan 02, 2020 at 05:17:02PM +0100, Denis Fondras wrote:
> Sync with ospfd's hello.c
ok remi@
>
> Index: hello.c
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/hello.c,v
> retrieving revision 1.21
> diff -u -p -r1.21 hello.c
> --- hello.c 23 Dec 2019 11:25:41 - 1.21
> +++ hello.c 2 Jan 2020 16:11:19 -
> @@ -41,8 +41,6 @@ send_hello(struct iface *iface)
> struct hello_hdr hello;
> struct nbr *nbr;
> struct ibuf *buf;
> - int ret;
> - u_int32_topts;
>
> switch (iface->type) {
> case IF_TYPE_POINTOPOINT:
> @@ -72,10 +70,8 @@ send_hello(struct iface *iface)
> /* hello header */
> hello.iface_id = htonl(iface->ifindex);
> LSA_24_SETHI(hello.opts, iface->priority);
> - opts = area_ospf_options(iface->area);
> - LSA_24_SETLO(hello.opts, opts);
> + LSA_24_SETLO(hello.opts, area_ospf_options(iface->area));
> hello.opts = htonl(hello.opts);
> -
> hello.hello_interval = htons(iface->hello_interval);
> hello.rtr_dead_interval = htons(iface->dead_interval);
>
> @@ -104,10 +100,11 @@ send_hello(struct iface *iface)
> if (upd_ospf_hdr(buf, iface))
> goto fail;
>
> - ret = send_packet(iface, buf, &dst);
> + if (send_packet(iface, buf, &dst) == -1)
> + goto fail;
>
> ibuf_free(buf);
> - return (ret);
> + return (0);
> fail:
> log_warn("send_hello");
> ibuf_free(buf);
> @@ -120,7 +117,6 @@ recv_hello(struct iface *iface, struct i
> {
> struct hello_hdr hello;
> struct nbr *nbr = NULL, *dr;
> - struct area *area;
> u_int32_tnbr_id, opts;
> int nbr_change = 0;
>
> @@ -148,12 +144,9 @@ recv_hello(struct iface *iface, struct i
> return;
> }
>
> - if ((area = iface->area) == NULL)
> - fatalx("interface lost area");
> -
> opts = LSA_24_GETLO(ntohl(hello.opts));
> - if ((opts & OSPF_OPTION_E && area->stub) ||
> - ((opts & OSPF_OPTION_E) == 0 && !area->stub)) {
> + if ((opts & OSPF_OPTION_E && iface->area->stub) ||
> + ((opts & OSPF_OPTION_E) == 0 && !iface->area->stub)) {
> log_warnx("recv_hello: ExternalRoutingCapability mismatch, "
> "interface %s", iface->name);
> return;
> @@ -161,8 +154,15 @@ recv_hello(struct iface *iface, struct i
>
> /* match router-id */
> LIST_FOREACH(nbr, &iface->nbr_list, entry) {
> - if (nbr == iface->self)
> + if (nbr == iface->self) {
> + if (nbr->id.s_addr == rtr_id) {
> + log_warnx("recv_hello: Router-ID collision on "
> + "interface %s neighbor IP %s", iface->name,
> + log_in6addr(src));
> + return;
> + }
> continue;
> + }
> if (nbr->id.s_addr == rtr_id)
> break;
> }
>
Re: ospf6d: sync database.c with ospfd(8)
On Thu, Jan 02, 2020 at 04:05:45PM +0100, Denis Fondras wrote:
> This is mostly log messages sync.
ok remi@
>
> Index: database.c
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/database.c,v
> retrieving revision 1.18
> diff -u -p -r1.18 database.c
> --- database.c23 Dec 2019 07:33:49 - 1.18
> +++ database.c2 Jan 2020 14:31:46 -
> @@ -43,7 +43,6 @@ send_db_description(struct nbr *nbr)
> struct db_dscrp_hdr dd_hdr;
> struct lsa_entry*le, *nle;
> struct ibuf *buf;
> - int ret = 0;
> u_int8_t bits = 0;
>
> if ((buf = ibuf_open(nbr->iface->mtu - sizeof(struct ip6_hdr))) == NULL)
> @@ -63,11 +62,10 @@ send_db_description(struct nbr *nbr)
> case NBR_STA_INIT:
> case NBR_STA_2_WAY:
> case NBR_STA_SNAP:
> - log_debug("send_db_description: cannot send packet in state %s,"
> - " neighbor ID %s", nbr_state_name(nbr->state),
> - inet_ntoa(nbr->id));
> - ret = -1;
> - goto done;
> + log_debug("send_db_description: neighbor ID %s: "
> + "cannot send packet in state %s", inet_ntoa(nbr->id),
> + nbr_state_name(nbr->state));
> + goto fail;
> case NBR_STA_XSTRT:
> bits |= OSPF_DBD_MS | OSPF_DBD_M | OSPF_DBD_I;
> nbr->dd_more = 1;
> @@ -90,7 +88,7 @@ send_db_description(struct nbr *nbr)
>
> /* build LSA list */
> for (le = TAILQ_FIRST(&nbr->db_sum_list); le != NULL &&
> - buf->wpos + sizeof(struct lsa_hdr) < buf->max; le = nle) {
> + ibuf_left(buf) >= sizeof(struct lsa_hdr); le = nle) {
> nbr->dd_end = nle = TAILQ_NEXT(le, entry);
> if (ibuf_add(buf, le->le_lsa, sizeof(struct lsa_hdr)))
> goto fail;
> @@ -146,10 +144,11 @@ send_db_description(struct nbr *nbr)
> goto fail;
>
> /* transmit packet */
> - ret = send_packet(nbr->iface, buf, &dst);
> -done:
> + if (send_packet(nbr->iface, buf, &dst) == -1)
> + goto fail;
> +
> ibuf_free(buf);
> - return (ret);
> + return (0);
> fail:
> log_warn("send_db_description");
> ibuf_free(buf);
> @@ -163,8 +162,8 @@ recv_db_description(struct nbr *nbr, cha
> int dupe = 0;
>
> if (len < sizeof(dd_hdr)) {
> - log_warnx("recv_db_description: "
> - "bad packet size, neighbor ID %s", inet_ntoa(nbr->id));
> + log_warnx("recv_db_description: neighbor ID %s: "
> + "bad packet size", inet_ntoa(nbr->id));
> return;
> }
> memcpy(&dd_hdr, buf, sizeof(dd_hdr));
> @@ -173,9 +172,9 @@ recv_db_description(struct nbr *nbr, cha
>
> /* db description packet sanity checks */
> if (ntohs(dd_hdr.iface_mtu) > nbr->iface->mtu) {
> - log_warnx("recv_db_description: invalid MTU %d sent by "
> - "neighbor ID %s, expected %d", ntohs(dd_hdr.iface_mtu),
> - inet_ntoa(nbr->id), nbr->iface->mtu);
> + log_warnx("recv_db_description: neighbor ID %s: "
> + "invalid MTU %d expected %d", inet_ntoa(nbr->id),
> + ntohs(dd_hdr.iface_mtu), nbr->iface->mtu);
> return;
> }
>
> @@ -183,7 +182,7 @@ recv_db_description(struct nbr *nbr, cha
> nbr->last_rx_bits == dd_hdr.bits &&
> ntohl(dd_hdr.dd_seq_num) == nbr->dd_seq_num - nbr->dd_master ?
> 1 : 0) {
> - log_debug("recv_db_description: dupe from ID %s",
> + log_debug("recv_db_description: dupe from neighbor ID %s",
> inet_ntoa(nbr->id));
> dupe = 1;
> }
> @@ -193,9 +192,9 @@ recv_db_description(struct nbr *nbr, cha
> case NBR_STA_ATTEMPT:
> case NBR_STA_2_WAY:
> case NBR_STA_SNAP:
> - log_debug("recv_db_description: packet ignored in state %s, "
> - "neighbor ID %s", nbr_state_name(nbr->state),
> - inet_ntoa(nbr->id));
> + log_debug("recv_db_description: neighbor ID %s: "
> + "packet ignored in state %s", inet_ntoa(nbr->id),
> + nbr_state_name(nbr->state));
> return;
> case NBR_STA_INIT:
> /* evaluate dr and bdr after issuing a 2-Way event */
> @@ -224,9 +223,11 @@ recv_db_description(struct nbr *nbr, cha
> } else if (!(dd_hdr.bits & (OSPF_DBD_I | OSPF_DBD_MS))) {
> /* M only case: we are master */
> if (ntohl(dd_hdr.dd_seq_num) != nbr->dd_seq_num) {
> - log_warnx("recv_db_description: invalid "
> - "seq num, mine %x his %x",
> -
Re: ospf6d: remove useless orig_rtr_lsa()
On Tue, Dec 31, 2019 at 01:47:08PM +0100, Denis Fondras wrote:
> Rename orig_rtr_lsa_area() to orig_rtr_lsa()
>
> Now that area is part of iface, original orig_rtr_lsa() is useless. Also
> verifying that area != NULL is not needed in some cases (these are leftovers
> of
> the previous diff).
>
OK remi@
>
> Index: interface.c
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/interface.c,v
> retrieving revision 1.27
> diff -u -p -r1.27 interface.c
> --- interface.c 23 Dec 2019 07:33:49 - 1.27
> +++ interface.c 31 Dec 2019 12:44:15 -
> @@ -144,7 +144,7 @@ if_fsm(struct iface *iface, enum iface_e
>
> if (iface->state != old_state) {
> area_track(iface->area);
> - orig_rtr_lsa(iface);
> + orig_rtr_lsa(iface->area);
> orig_link_lsa(iface);
>
> /* state change inform RDE */
> @@ -395,7 +395,7 @@ if_act_start(struct iface *iface)
>
> if (iface->cflags & F_IFACE_PASSIVE) {
> /* for an update of stub network entries */
> - orig_rtr_lsa(iface);
> + orig_rtr_lsa(iface->area);
> return (0);
> }
>
> @@ -569,7 +569,7 @@ start:
> nbr_fsm(nbr, NBR_EVT_ADJ_OK);
> }
>
> - orig_rtr_lsa(iface);
> + orig_rtr_lsa(iface->area);
> if (iface->state & IF_STA_DR || old_state & IF_STA_DR)
> orig_net_lsa(iface);
> }
> @@ -586,7 +586,7 @@ if_act_reset(struct iface *iface)
>
> if (iface->cflags & F_IFACE_PASSIVE) {
> /* for an update of stub network entries */
> - orig_rtr_lsa(iface);
> + orig_rtr_lsa(iface->area);
> return (0);
> }
>
> Index: neighbor.c
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/neighbor.c,v
> retrieving revision 1.15
> diff -u -p -r1.15 neighbor.c
> --- neighbor.c23 Dec 2019 07:33:49 - 1.15
> +++ neighbor.c31 Dec 2019 12:44:15 -
> @@ -202,7 +202,7 @@ nbr_fsm(struct nbr *nbr, enum nbr_event
>* neighbor changed from/to FULL
>* originate new rtr and net LSA
>*/
> - orig_rtr_lsa(nbr->iface);
> + orig_rtr_lsa(nbr->iface->area);
> if (nbr->iface->state & IF_STA_DR)
> orig_net_lsa(nbr->iface);
>
> @@ -226,7 +226,7 @@ nbr_fsm(struct nbr *nbr, enum nbr_event
> nbr_state_name(nbr->state));
>
> if (nbr->iface->type == IF_TYPE_VIRTUALLINK) {
> - orig_rtr_lsa(nbr->iface);
> + orig_rtr_lsa(nbr->iface->area);
> }
> }
>
> Index: ospf6d.c
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/ospf6d.c,v
> retrieving revision 1.45
> diff -u -p -r1.45 ospf6d.c
> --- ospf6d.c 16 Dec 2019 08:28:33 - 1.45
> +++ ospf6d.c 31 Dec 2019 12:44:15 -
> @@ -741,7 +741,7 @@ merge_config(struct ospfd_conf *conf, st
> }
> if (a->dirty) {
> a->dirty = 0;
> - orig_rtr_lsa(LIST_FIRST(&a->iface_list));
> + orig_rtr_lsa(LIST_FIRST(&a->iface_list)->area);
> }
> }
> }
> Index: ospfe.c
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/ospfe.c,v
> retrieving revision 1.59
> diff -u -p -r1.59 ospfe.c
> --- ospfe.c 28 Dec 2019 09:25:24 - 1.59
> +++ ospfe.c 31 Dec 2019 12:44:15 -
> @@ -45,7 +45,6 @@
> void ospfe_sig_handler(int, short, void *);
> __dead void ospfe_shutdown(void);
> void orig_rtr_lsa_all(struct area *);
> -void orig_rtr_lsa_area(struct area *);
> struct iface *find_vlink(struct abr_rtr *);
>
> struct ospfd_conf*oeconf = NULL, *nconf;
> @@ -301,7 +300,7 @@ ospfe_dispatch_main(int fd, short event,
> i->depend_ok =
> ifstate_is_up(ifp);
> if (ifstate_is_up(i))
> - orig_rtr_lsa(i);
> + orig_rtr_lsa(i->area);
> }
> }
> }
> @@ -600,8 +599,6 @@ ospfe_dispatch_rde(int fd, short event,
>* flood on all area interfaces on
>* area 0.0.0.0 include also virtual links.
>*/
> - if (nbr->iface->area == NULL)
> -
Re: ospf6d: refactor link state ack/req
On Tue, Dec 24, 2019 at 10:02:37PM +0100, Denis Fondras wrote:
> Refactor link state ack/req in ospf6d so it looks closer to ospfd.
ok remi@
> Index: lsack.c
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/lsack.c,v
> retrieving revision 1.7
> diff -u -p -r1.7 lsack.c
> --- lsack.c 11 Dec 2019 21:33:56 - 1.7
> +++ lsack.c 24 Dec 2019 20:51:56 -
> @@ -19,7 +19,7 @@
> #include
> #include
> #include
> -#include
> +#include
> #include
>
> #include
> @@ -30,39 +30,66 @@
> #include "log.h"
> #include "ospfe.h"
>
> -void start_ls_ack_tx_timer_now(struct iface *);
> +int send_ls_ack(struct iface *, struct in6_addr, struct ibuf *);
> +struct ibuf *prepare_ls_ack(struct iface *);
> +void start_ls_ack_tx_timer_now(struct iface *);
>
> /* link state acknowledgement packet handling */
> -int
> -send_ls_ack(struct iface *iface, struct in6_addr addr, void *data, size_t
> len)
> +struct ibuf *
> +prepare_ls_ack(struct iface *iface)
> {
> struct ibuf *buf;
> - int ret;
>
> - /* XXX IBUF_READ_SIZE */
> - if ((buf = ibuf_dynamic(PKG_DEF_SIZE, IBUF_READ_SIZE)) == NULL)
> - fatal("send_ls_ack");
> + if ((buf = ibuf_open(iface->mtu - sizeof(struct ip6_hdr))) == NULL) {
> + log_warn("prepare_ls_ack");
> + return (NULL);
> + }
>
> /* OSPF header */
> - if (gen_ospf_hdr(buf, iface, PACKET_TYPE_LS_ACK))
> - goto fail;
> + if (gen_ospf_hdr(buf, iface, PACKET_TYPE_LS_ACK)) {
> + log_warn("prepare_ls_ack");
> + ibuf_free(buf);
> + return (NULL);
> + }
>
> - /* LS ack(s) */
> - if (ibuf_add(buf, data, len))
> - goto fail;
> + return (buf);
> +}
>
> +int
> +send_ls_ack(struct iface *iface, struct in6_addr addr, struct ibuf *buf)
> +{
> /* calculate checksum */
> - if (upd_ospf_hdr(buf, iface))
> - goto fail;
> + if (upd_ospf_hdr(buf, iface)) {
> + log_warn("send_ls_ack");
> + return (-1);
> + }
>
> - ret = send_packet(iface, buf, &addr);
> + if (send_packet(iface, buf, &addr) == -1) {
> + log_warn("send_ls_ack");
> + return (-1);
> + }
> + return (0);
> +}
>
> +int
> +send_direct_ack(struct iface *iface, struct in6_addr addr, void *d, size_t
> len)
> +{
> + struct ibuf *buf;
> + int ret;
> +
> + if ((buf = prepare_ls_ack(iface)) == NULL)
> + return (-1);
> +
> + /* LS ack(s) */
> + if (ibuf_add(buf, d, len)) {
> + log_warn("send_direct_ack");
> + ibuf_free(buf);
> + return (-1);
> + }
> +
> + ret = send_ls_ack(iface, addr, buf);
> ibuf_free(buf);
> return (ret);
> -fail:
> - log_warn("send_ls_ack");
> - ibuf_free(buf);
> - return (-1);
> }
>
> void
> @@ -207,41 +234,44 @@ ls_ack_tx_timer(int fd, short event, voi
> {
> struct in6_addr addr;
> struct iface*iface = arg;
> - struct lsa_hdr *lsa_hdr;
> struct lsa_entry*le, *nle;
> struct nbr *nbr;
> - char*buf;
> - char*ptr;
> - int cnt = 0;
> -
> - if ((buf = calloc(1, READ_BUF_SIZE)) == NULL)
> - fatal("ls_ack_tx_timer");
> + struct ibuf *buf;
> + int cnt;
>
> while (!ls_ack_list_empty(iface)) {
> - ptr = buf;
> + if ((buf = prepare_ls_ack(iface)) == NULL)
> + fatal("ls_ack_tx_timer");
> cnt = 0;
> - for (le = TAILQ_FIRST(&iface->ls_ack_list); le != NULL &&
> - (ptr - buf < iface->mtu - PACKET_HDR); le = nle) {
> +
> + for (le = TAILQ_FIRST(&iface->ls_ack_list); le != NULL;
> + le = nle) {
> nle = TAILQ_NEXT(le, entry);
> - memcpy(ptr, le->le_lsa, sizeof(struct lsa_hdr));
> - ptr += sizeof(*lsa_hdr);
> + if (ibuf_left(buf) < sizeof(struct lsa_hdr))
> + break;
> + if (ibuf_add(buf, le->le_lsa, sizeof(struct lsa_hdr)))
> + break;
> ls_ack_list_free(iface, le);
> cnt++;
> }
> + if (cnt == 0) {
> + log_warnx("ls_ack_tx_timer: lost in space");
> + ibuf_free(buf);
> + return;
> + }
>
> /* send LS ack(s) but first set correct destination */
> switch (iface->type) {
> case IF_TYPE_POINTOPOINT:
> inet_pton(AF_INET6, AllSPFRouters, &addr);
> - send_ls_ack(iface, addr, buf, ptr - buf);
>
ospf6d: type p2p
Hi,
this brings support for interface "type p2p" to ospf6d (ospfd got it a few
weeks ago).
The configuration looks like this:
area 0.0.0.0 {
interface em0 {
type p2p
}
}
OK?
Remi
Index: ospf6d.conf.5
===
RCS file: /cvs/src/usr.sbin/ospf6d/ospf6d.conf.5,v
retrieving revision 1.19
diff -u -p -r1.19 ospf6d.conf.5
--- ospf6d.conf.5 26 May 2019 09:27:09 - 1.19
+++ ospf6d.conf.5 5 Oct 2019 14:17:29 -
@@ -328,6 +328,9 @@ Router.
.It Ic transmit-delay Ar seconds
Set the transmit delay.
The default value is 1; valid range is 1\-3600 seconds.
+.It Ic type p2p
+Set the interface type to point to point.
+This disables the election of a DR and BDR for the given interface.
.El
.Sh FILES
.Bl -tag -width "/etc/ospf6d.conf" -compact
Index: ospf6d.h
===
RCS file: /cvs/src/usr.sbin/ospf6d/ospf6d.h,v
retrieving revision 1.42
diff -u -p -r1.42 ospf6d.h
--- ospf6d.h23 Dec 2019 07:33:49 - 1.42
+++ ospf6d.h23 Dec 2019 09:08:23 -
@@ -329,6 +329,7 @@ struct iface {
u_int8_t if_type;
u_int8_t linkstate;
u_int8_t priority;
+ u_int8_t p2p;
u_int8_t cflags;
#define F_IFACE_PASSIVE0x01
#define F_IFACE_CONFIGURED 0x02
Index: parse.y
===
RCS file: /cvs/src/usr.sbin/ospf6d/parse.y,v
retrieving revision 1.47
diff -u -p -r1.47 parse.y
--- parse.y 23 Dec 2019 07:33:49 - 1.47
+++ parse.y 23 Dec 2019 10:40:28 -
@@ -126,7 +126,7 @@ typedef struct {
%token AREA INTERFACE ROUTERID FIBPRIORITY FIBUPDATE REDISTRIBUTE RTLABEL
%token RDOMAIN STUB ROUTER SPFDELAY SPFHOLDTIME EXTTAG
-%token METRIC PASSIVE
+%token METRIC P2P PASSIVE
%token HELLOINTERVAL TRANSMITDELAY
%token RETRANSMITINTERVAL ROUTERDEADTIME ROUTERPRIORITY
%token SET TYPE
@@ -566,6 +566,10 @@ interfaceopts_l: interfaceopts_l interf
;
interfaceoptsl : PASSIVE { iface->cflags |= F_IFACE_PASSIVE; }
+ | TYPE P2P {
+ iface->p2p = 1;
+ iface->type = IF_TYPE_POINTOPOINT;
+ }
| DEMOTE STRING {
if (strlcpy(iface->demote_group, $2,
sizeof(iface->demote_group)) >=
@@ -645,6 +649,7 @@ lookup(char *s)
{"metric", METRIC},
{"no", NO},
{"on", ON},
+ {"p2p", P2P},
{"passive", PASSIVE},
{"rdomain", RDOMAIN},
{"redistribute",REDISTRIBUTE},
Index: printconf.c
===
RCS file: /cvs/src/usr.sbin/ospf6d/printconf.c,v
retrieving revision 1.8
diff -u -p -r1.8 printconf.c
--- printconf.c 29 Dec 2018 16:04:31 - 1.8
+++ printconf.c 5 Oct 2019 14:14:19 -
@@ -135,6 +135,9 @@ print_iface(struct iface *iface)
printf("\t\trouter-priority %d\n", iface->priority);
printf("\t\ttransmit-delay %d\n", iface->transmit_delay);
+ if (iface->p2p)
+ printf("\t\ttype p2p\n");
+
printf("\t}\n");
}
Re: ospf6d: add basic regress tests
On Sun, Dec 22, 2019 at 08:36:41PM +0100, Denis Fondras wrote:
> Add basic regress test to ospf6d.
Works for me. OK remi@
The tests also succeed when I reduce the sleep from 120 to 60.
A few lines end with a space. I marked them below.
Remi
>
> Index: ospf6d/Makefile
> ===
> RCS file: ospf6d/Makefile
> diff -N ospf6d/Makefile
> --- /dev/null 1 Jan 1970 00:00:00 -
> +++ ospf6d/Makefile 22 Dec 2019 19:27:27 -
> @@ -0,0 +1,10 @@
> +# $OpenBSD$
> +
> +REGRESS_TARGETS = network_statement
> +
> +OSPF6D ?=/usr/sbin/ospf6d
> +
> +network_statement:
> + ${SUDO} ksh ${.CURDIR}/$@.sh ${OSPF6D} ${.CURDIR} 11 12 pair11 pair12
> +
> +.include
> Index: ospf6d/network_statement.sh
> ===
> RCS file: ospf6d/network_statement.sh
> diff -N ospf6d/network_statement.sh
> --- /dev/null 1 Jan 1970 00:00:00 -
> +++ ospf6d/network_statement.sh 22 Dec 2019 19:27:27 -
> @@ -0,0 +1,107 @@
> +#!/bin/ksh
> +#$OpenBSD$
> +set -e
> +
> +OSPF6D=$1
> +OSPF6DCONFIGDIR=$2
> +RDOMAIN1=$3
> +RDOMAIN2=$4
> +PAIR1=$5
> +PAIR2=$6
> +
> +RDOMAINS="${RDOMAIN1} ${RDOMAIN2}"
> +PAIRS="${PAIR1} ${PAIR2}"
> +PAIR1IP=2001:db8::${RDOMAIN1}
> +PAIR2IP=2001:db8::${RDOMAIN2}
> +PAIR1PREFIX=2001:db8:${RDOMAIN1}::
> +PAIR2PREFIX=2001:db8:${RDOMAIN2}::
> +PAIR2PREFIX2=2001:db8:${RDOMAIN2}:${RDOMAIN2}::
> +
> +error_notify() {
> + echo cleanup
> + pkill -T ${RDOMAIN1} ospf6d || true
> + pkill -T ${RDOMAIN2} ospf6d || true
> + sleep 1
> + ifconfig ${PAIR2} destroy || true
> + ifconfig ${PAIR1} destroy || true
> + ifconfig vether${RDOMAIN1} destroy || true
> + ifconfig vether${RDOMAIN2} destroy || true
> + route -qn -T ${RDOMAIN1} flush || true
> + route -qn -T ${RDOMAIN2} flush || true
> + ifconfig lo${RDOMAIN1} destroy || true
> + ifconfig lo${RDOMAIN2} destroy || true
> + rm ospf6d.1.conf ospf6d.2.conf
> + if [ $1 -ne 0 ]; then
> + echo FAILED
> + exit 1
> + else
> + echo SUCCESS
> + fi
> +}
> +
> +if [ "$(id -u)" -ne 0 ]; then
^
> + echo need root privileges >&2
> + exit 1
> +fi
> +
> +trap 'error_notify $?' EXIT
> +
> +echo check if rdomains are busy
> +for n in ${RDOMAINS}; do
> + if /sbin/ifconfig | grep -v "^lo${n}:" | grep " rdomain ${n} "; then
> + echo routing domain ${n} is already used >&2
> + exit 1
> + fi
> +done
> +
> +echo check if interfaces are busy
> +for n in ${PAIRS}; do
> + /sbin/ifconfig "${n}" >/dev/null 2>&1 && \
> + ( echo interface ${n} is already used >&2; exit 1 )
> +done
> +
> +set -x
> +
> +echo setup
> +ifconfig ${PAIR1} inet6 rdomain ${RDOMAIN1} ${PAIR1IP}/64 up
> +ifconfig ${PAIR2} inet6 rdomain ${RDOMAIN2} ${PAIR2IP}/64 up
> +ifconfig ${PAIR1} patch ${PAIR2}
> +ifconfig lo${RDOMAIN1} inet 127.0.0.1/8
> +ifconfig lo${RDOMAIN2} inet 127.0.0.1/8
> +ifconfig vether${RDOMAIN1} inet6 rdomain ${RDOMAIN1} ${PAIR1PREFIX}/64 up
> +ifconfig vether${RDOMAIN2} inet6 rdomain ${RDOMAIN2} ${PAIR2PREFIX}/64 up
> +ifconfig vether${RDOMAIN2} inet6 rdomain ${RDOMAIN2} ${PAIR2PREFIX2}/64 up
> +sed "s/{RDOMAIN1}/${RDOMAIN1}/g;s/{PAIR1}/${PAIR1}/g" \
> +ospf6d.network_statement.rdomain1.conf > ospf6d.1.conf
> +chmod 0600 ospf6d.1.conf
> +sed "s/{RDOMAIN2}/${RDOMAIN2}/g;s/{PAIR2}/${PAIR2}/g" \
> +ospf6d.network_statement.rdomain2.conf > ospf6d.2.conf
> +chmod 0600 ospf6d.2.conf
^
> +
> +echo add routes
> +route -T ${RDOMAIN2} add -inet6 default ${PAIR2PREFIX}1
> +route -T ${RDOMAIN2} add 2001:db8:::/126 ${PAIR2PREFIX}2
> +route -T ${RDOMAIN2} add 2001:db8:fffe::/64 ${PAIR2PREFIX}3 -label toOSPF
> +
> +echo start ospf6d
> +route -T ${RDOMAIN1} exec ${OSPF6D} \
> +-v -f ${OSPF6DCONFIGDIR}/ospf6d.1.conf
> +route -T ${RDOMAIN2} exec ${OSPF6D} \
> +-v -f ${OSPF6DCONFIGDIR}/ospf6d.2.conf
> +
> +sleep 120
> +
> +echo tests
> +route -T ${RDOMAIN1} exec ospf6ctl sh fib
> +route -T ${RDOMAIN1} exec ospf6ctl sh rib | \
> +grep ${PAIR2PREFIX}/64
> +route -T ${RDOMAIN1} exec ospf6ctl sh rib | \
> +grep ${PAIR2PREFIX2}/64
> +route -T ${RDOMAIN1} exec ospf6ctl sh rib | \
> +grep "2001:db8:::/126"
> +route -T ${RDOMAIN1} exec ospf6ctl sh rib | \
> +grep "::/0"
> +route -T ${RDOMAIN1} exec ospf6ctl sh rib | \
> +grep "2001:db8:fffe::/64"
> +
> +exit 0
> Index: ospf6d/ospf6d.network_statement.rdomain1.conf
> ===
> RCS file: ospf6d/ospf6d.network_statement.rdomain1.conf
> diff -N ospf6d/ospf6d.network_statement.rdomain1.conf
> --- /dev/null 1 Jan 1970 00:00:00 -
> +++ ospf6d/ospf6d.network_statement.rdomain1.conf 22 Dec 2019 19:27:27
> -
> @@ -0,0 +1,10 @@
> +router-id 1.1.1.1
> +rdomain {RDOMAIN1}
> +
> +fib-priority 62
> +
> +area 10.0.0.1 {
> +
Re: ospf6d: warn when a neighbor changes its source address
On Sun, Dec 22, 2019 at 10:32:12PM +0100, Denis Fondras wrote:
> On Sun, Dec 22, 2019 at 10:06:40PM +0100, Remi Locherer wrote:
> > this is similar to ospfd's hello.c rev 1.23.
> >
> > OK?
> >
> > Remi
> >
> >
> > Index: hello.c
> > ===
> > RCS file: /cvs/src/usr.sbin/ospf6d/hello.c,v
> > retrieving revision 1.19
> > diff -u -p -r1.19 hello.c
> > --- hello.c 11 Dec 2019 21:33:56 - 1.19
> > +++ hello.c 22 Dec 2019 20:46:01 -
> > @@ -173,10 +173,16 @@ recv_hello(struct iface *iface, struct i
> > nbr->dr.s_addr = hello.d_rtr;
> > nbr->bdr.s_addr = hello.bd_rtr;
> > nbr->priority = LSA_24_GETHI(ntohl(hello.opts));
> > + /* XXX neighbor address shouldn't be stored on virtual links */
> > + nbr->addr = *src;
> > + }
> > +
> > + if (memcmp(&nbr->addr, src, sizeof(struct in6_addr)) != 0) {
>
> Can you use IN6_ARE_ADDR_EQUAL() macro instead of memcmp() to be consistent
> with
> other address comparison ?
Yes, that makes sense. Thank you!
> Otherwise OK denis@
>
> > + log_warnx("%s: neighbor ID %s changed its address to %s",
> > + __func__, inet_ntoa(nbr->id), log_in6addr(src));
> > + nbr->addr = *src;
> > }
> >
> > - /* actually the neighbor address shouldn't be stored on virtual links */
> > - nbr->addr = *src;
> > nbr->options = opts;
> >
> > nbr_fsm(nbr, NBR_EVT_HELLO_RCVD);
> >
>
Re: ospf6d: add reference to area in struct iface
On Sun, Dec 22, 2019 at 06:35:47PM +0100, Denis Fondras wrote:
> area is now part of struct iface
>
> Code looks cleaner and more like ospfd.
ok remi@
>
> Index: area.c
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/area.c,v
> retrieving revision 1.4
> diff -u -p -r1.4 area.c
> --- area.c28 Dec 2008 20:08:31 - 1.4
> +++ area.c22 Dec 2019 17:18:49 -
> @@ -88,19 +88,24 @@ area_find(struct ospfd_conf *conf, struc
> }
>
> void
> -area_track(struct area *area, int state)
> +area_track(struct area *area)
> {
> - int old = area->active;
> + int old = area->active;
> + struct iface*iface;
>
> - if (state & NBR_STA_FULL)
> - area->active++;
> - else if (area->active == 0)
> - fatalx("area_track: area already inactive");
> - else
> - area->active--;
> -
> - if (area->active == 0 || old == 0)
> + area->active = 0;
> + LIST_FOREACH(iface, &area->iface_list, entry) {
> + if (iface->state & IF_STA_DOWN)
> + continue;
> + area->active = 1;
> + break;
> + }
> +
> + if (area->active != old) {
> + ospfe_imsg_compose_rde(IMSG_AREA_CHANGE, area->id.s_addr, 0,
> + &area->active, sizeof(area->active));
> ospfe_demote_area(area, old == 0);
> + }
> }
>
> int
> @@ -110,7 +115,7 @@ area_border_router(struct ospfd_conf *co
> int active = 0;
>
> LIST_FOREACH(area, &conf->area_list, entry)
> - if (area->active > 0)
> + if (area->active)
> active++;
>
> return (active > 1);
> @@ -124,5 +129,5 @@ area_ospf_options(struct area *area)
> if (area && !area->stub)
> opt |= OSPF_OPTION_E;
>
> - return opt;
> + return (opt);
> }
> Index: database.c
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/database.c,v
> retrieving revision 1.17
> diff -u -p -r1.17 database.c
> --- database.c11 Dec 2019 21:33:56 - 1.17
> +++ database.c22 Dec 2019 17:18:49 -
> @@ -134,8 +134,7 @@ send_db_description(struct nbr *nbr)
> fatalx("send_db_description: unknown interface type");
> }
>
> - dd_hdr.opts = htonl(area_ospf_options(area_find(oeconf,
> - nbr->iface->area_id)));
> + dd_hdr.opts = htonl(area_ospf_options(nbr->iface->area));
> dd_hdr.bits = bits;
> dd_hdr.dd_seq_num = htonl(nbr->dd_seq_num);
>
> Index: hello.c
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/hello.c,v
> retrieving revision 1.19
> diff -u -p -r1.19 hello.c
> --- hello.c 11 Dec 2019 21:33:56 - 1.19
> +++ hello.c 22 Dec 2019 17:18:49 -
> @@ -72,7 +72,7 @@ send_hello(struct iface *iface)
> /* hello header */
> hello.iface_id = htonl(iface->ifindex);
> LSA_24_SETHI(hello.opts, iface->priority);
> - opts = area_ospf_options(area_find(oeconf, iface->area_id));
> + opts = area_ospf_options(iface->area);
> LSA_24_SETLO(hello.opts, opts);
> hello.opts = htonl(hello.opts);
>
> @@ -148,7 +148,7 @@ recv_hello(struct iface *iface, struct i
> return;
> }
>
> - if ((area = area_find(oeconf, iface->area_id)) == NULL)
> + if ((area = iface->area) == NULL)
> fatalx("interface lost area");
>
> opts = LSA_24_GETLO(ntohl(hello.opts));
> Index: interface.c
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/interface.c,v
> retrieving revision 1.26
> diff -u -p -r1.26 interface.c
> --- interface.c 22 Dec 2019 15:34:52 - 1.26
> +++ interface.c 22 Dec 2019 17:18:49 -
> @@ -143,6 +143,7 @@ if_fsm(struct iface *iface, enum iface_e
> iface->state = new_state;
>
> if (iface->state != old_state) {
> + area_track(iface->area);
> orig_rtr_lsa(iface);
> orig_link_lsa(iface);
>
> @@ -649,7 +650,7 @@ if_to_ctl(struct iface *iface)
> memcpy(ictl.name, iface->name, sizeof(ictl.name));
> memcpy(&ictl.addr, &iface->addr, sizeof(ictl.addr));
> ictl.rtr_id.s_addr = ospfe_router_id();
> - memcpy(&ictl.area, &iface->area_id, sizeof(ictl.area));
> + memcpy(&ictl.area, &iface->area->id, sizeof(ictl.area));
> if (iface->dr) {
> memcpy(&ictl.dr_id, &iface->dr->id, sizeof(ictl.dr_id));
> memcpy(&ictl.dr_addr, &iface->dr->addr, sizeof(ictl.dr_addr));
> Index: neighbor.c
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/neighbor.c,v
> retrieving revision 1.14
> diff -u -p -r1.14 neighbor.c
> --- neighbor.c9 Feb 2018 03:53:37 - 1.14
> +++ neighbor.c22 De
ospf6d: warn when a neighbor changes its source address
this is similar to ospfd's hello.c rev 1.23.
OK?
Remi
Index: hello.c
===
RCS file: /cvs/src/usr.sbin/ospf6d/hello.c,v
retrieving revision 1.19
diff -u -p -r1.19 hello.c
--- hello.c 11 Dec 2019 21:33:56 - 1.19
+++ hello.c 22 Dec 2019 20:46:01 -
@@ -173,10 +173,16 @@ recv_hello(struct iface *iface, struct i
nbr->dr.s_addr = hello.d_rtr;
nbr->bdr.s_addr = hello.bd_rtr;
nbr->priority = LSA_24_GETHI(ntohl(hello.opts));
+ /* XXX neighbor address shouldn't be stored on virtual links */
+ nbr->addr = *src;
+ }
+
+ if (memcmp(&nbr->addr, src, sizeof(struct in6_addr)) != 0) {
+ log_warnx("%s: neighbor ID %s changed its address to %s",
+ __func__, inet_ntoa(nbr->id), log_in6addr(src));
+ nbr->addr = *src;
}
- /* actually the neighbor address shouldn't be stored on virtual links */
- nbr->addr = *src;
nbr->options = opts;
nbr_fsm(nbr, NBR_EVT_HELLO_RCVD);
Re: ospf6d: scale send buffer
On Sun, Dec 22, 2019 at 03:27:05PM +0100, Denis Fondras wrote:
> Trivial diff to scale send buffer on socket.
ok remi@
>
> Index: interface.c
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/interface.c,v
> retrieving revision 1.25
> diff -u -p -r1.25 interface.c
> --- interface.c 28 Jun 2019 13:32:49 - 1.25
> +++ interface.c 22 Dec 2019 14:09:20 -
> @@ -708,7 +708,7 @@ if_to_ctl(struct iface *iface)
>
> /* misc */
> void
> -if_set_recvbuf(int fd)
> +if_set_sockbuf(int fd)
> {
> int bsize;
>
> @@ -718,7 +718,15 @@ if_set_recvbuf(int fd)
> bsize /= 2;
>
> if (bsize != 256 * 1024)
> - log_warnx("if_set_recvbuf: recvbuf size only %d", bsize);
> + log_warnx("if_set_sockbuf: recvbuf size only %d", bsize);
> +
> + bsize = 64 * 1024;
> + while (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &bsize,
> + sizeof(bsize)) == -1)
> + bsize /= 2;
> +
> + if (bsize != 64 * 1024)
> + log_warnx("if_set_sockbuf: sendbuf size only %d", bsize);
> }
>
> int
> Index: ospfe.c
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/ospfe.c,v
> retrieving revision 1.56
> diff -u -p -r1.56 ospfe.c
> --- ospfe.c 11 Jun 2019 05:00:09 - 1.56
> +++ ospfe.c 22 Dec 2019 14:09:20 -
> @@ -99,7 +99,7 @@ ospfe(struct ospfd_conf *xconf, int pipe
> fatal("if_set_ipv6_checksum");
> if (if_set_ipv6_pktinfo(xconf->ospf_socket, 1) == -1)
> fatal("if_set_ipv6_pktinfo");
> - if_set_recvbuf(xconf->ospf_socket);
> + if_set_sockbuf(xconf->ospf_socket);
>
> oeconf = xconf;
> if (oeconf->flags & OSPFD_FLAG_NO_FIB_UPDATE)
> Index: ospfe.h
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/ospfe.h,v
> retrieving revision 1.20
> diff -u -p -r1.20 ospfe.h
> --- ospfe.h 11 Dec 2019 21:33:56 - 1.20
> +++ ospfe.h 22 Dec 2019 14:09:20 -
> @@ -142,7 +142,7 @@ struct ctl_iface *if_to_ctl(struct iface
> int if_join_group(struct iface *, struct in6_addr *);
> int if_leave_group(struct iface *, struct in6_addr *);
> int if_set_mcast(struct iface *);
> -void if_set_recvbuf(int);
> +void if_set_sockbuf(int);
> int if_set_mcast_loop(int);
> int if_set_ipv6_pktinfo(int, int);
> int if_set_ipv6_checksum(int);
>
Re: ospf6d: rework priority handling
reads good to me (but I did not test).
On Sun, Dec 15, 2019 at 09:56:15AM +0100, Denis Fondras wrote:
>
> Index: kroute.c
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/kroute.c,v
> retrieving revision 1.61
> diff -u -p -r1.61 kroute.c
> --- kroute.c 12 Dec 2019 08:21:34 - 1.61
> +++ kroute.c 15 Dec 2019 08:42:10 -
> @@ -97,10 +97,11 @@ RB_PROTOTYPE(kroute_tree, kroute_node, e
> RB_GENERATE(kroute_tree, kroute_node, entry, kroute_compare)
>
> int
> -kr_init(int fs, u_int rdomain, u_int8_t fib_prio)
> +kr_init(int fs, u_int rdomain, int redis_label_or_prefix, u_int8_t fib_prio)
> {
> int opt = 0, rcvbuf, default_rcvbuf;
> socklen_t optlen;
> + int filter_prio = fib_prio;
>
> kr_state.fib_sync = fs;
> kr_state.rdomain = rdomain;
> @@ -117,6 +118,18 @@ kr_init(int fs, u_int rdomain, u_int8_t
> &opt, sizeof(opt)) == -1)
> log_warn("kr_init: setsockopt");/* not fatal */
>
> + if (redis_label_or_prefix) {
> + filter_prio = 0;
> + log_info("%s: priority filter disabled", __func__);
> + } else
> + log_debug("%s: priority filter enabled", __func__);
> +
> + if (setsockopt(kr_state.fd, AF_ROUTE, ROUTE_PRIOFILTER, &filter_prio,
> + sizeof(filter_prio)) == -1) {
> + log_warn("%s: setsockopt AF_ROUTE ROUTE_PRIOFILTER", __func__);
> + /* not fatal */
> + }
> +
> /* grow receive buffer, don't wanna miss messages */
> optlen = sizeof(default_rcvbuf);
> if (getsockopt(kr_state.fd, SOL_SOCKET, SO_RCVBUF,
> @@ -353,6 +366,21 @@ kr_fib_decouple(void)
> log_info("kernel routing table decoupled");
> }
>
> +void
> +kr_fib_update_prio(u_int8_t fib_prio)
> +{
> + struct kroute_node *kr;
> +
> + RB_FOREACH(kr, kroute_tree, &krt)
> + if ((kr->r.flags & F_OSPFD_INSERTED))
> + kr->r.priority = fib_prio;
> +
> + log_info("fib priority changed from %hhu to %hhu", kr_state.fib_prio,
> + fib_prio);
> +
> + kr_state.fib_prio = fib_prio;
> +}
> +
> /* ARGSUSED */
> void
> kr_dispatch_msg(int fd, short event, void *bula)
> @@ -522,11 +550,25 @@ kr_redistribute(struct kroute_node *kh)
> }
>
> void
> -kr_reload(void)
> +kr_reload(int redis_label_or_prefix)
> {
> struct kroute_node *kr, *kn;
> u_int32_tdummy;
> int r;
> + int filter_prio = kr_state.fib_prio;
> +
> + /* update the priority filter */
> + if (redis_label_or_prefix) {
> + filter_prio = 0;
> + log_info("%s: priority filter disabled", __func__);
> + } else
> + log_debug("%s: priority filter enabled", __func__);
> +
> + if (setsockopt(kr_state.fd, AF_ROUTE, ROUTE_PRIOFILTER, &filter_prio,
> + sizeof(filter_prio)) == -1) {
> + log_warn("%s: setsockopt AF_ROUTE ROUTE_PRIOFILTER", __func__);
> + /* not fatal */
> + }
>
> RB_FOREACH(kr, kroute_tree, &krt) {
> for (kn = kr; kn; kn = kn->next) {
> Index: ospf6d.c
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/ospf6d.c,v
> retrieving revision 1.44
> diff -u -p -r1.44 ospf6d.c
> --- ospf6d.c 25 Mar 2019 20:53:33 - 1.44
> +++ ospf6d.c 15 Dec 2019 08:42:10 -
> @@ -280,7 +280,8 @@ main(int argc, char *argv[])
> fatal("unveil");
>
> if (kr_init(!(ospfd_conf->flags & OSPFD_FLAG_NO_FIB_UPDATE),
> - ospfd_conf->rdomain, ospfd_conf->fib_priority) == -1)
> + ospfd_conf->rdomain, ospfd_conf->redist_label_or_prefix,
> + ospfd_conf->fib_priority) == -1)
> fatalx("kr_init failed");
>
> event_dispatch();
> @@ -631,7 +632,7 @@ ospf_reload(void)
>
> merge_config(ospfd_conf, xconf);
> /* update redistribute lists */
> - kr_reload();
> + kr_reload(ospfd_conf->redist_label_or_prefix);
> return (0);
> #else
> return (-1);
> @@ -654,12 +655,16 @@ merge_config(struct ospfd_conf *conf, st
> struct area *a, *xa, *na;
> struct iface*iface;
> struct redistribute *r;
> + int rchange = 0;
>
> /* change of rtr_id needs a restart */
> conf->flags = xconf->flags;
> conf->spf_delay = xconf->spf_delay;
> conf->spf_hold_time = xconf->spf_hold_time;
> - conf->redistribute = xconf->redistribute;
> + if (SIMPLEQ_EMPTY(&conf->redist_list) !=
> + SIMPLEQ_EMPTY(&xconf->redist_list))
> + rchange = 1;
> + conf->redist_label_or_prefix = xconf->redist_label_or_prefix;
>
> if (ospfd_process == PROC_MAIN) {
> /* main process does neither use areas nor interfaces */
> @@ -671,6 +676,15 @@ merge_config(struct ospfd_conf *conf
Re: ospf6d: rework redist_list and area
On Sat, Dec 14, 2019 at 12:05:57PM +0100, Denis Fondras wrote: > Still working towards bringing ospf6d and ospfd closer. > > area is now part of struct iface. Makes sense to me. > redist_list is part of struct area. In ospfd the redist_list per area is only used to redistribute a default route into a stub area. ospf6d does not have proper support for multiple areas yet. I think we should only add support for stub areas once we implement multi area support. Maybe you can split your diff into smaller parts? E.g. the priority filter in kr_init() could be a diff on it's own. Remi
Re: ospf6d: refactor kernel route message handling
On Wed, Dec 11, 2019 at 04:38:38PM +0100, Denis Fondras wrote:
> On Tue, Dec 10, 2019 at 09:51:12PM +0100, Remi Locherer wrote:
> > Unfortunately redistribute does not work anymore.
> >
>
> Indeed, simple tests are too simple...
>
> Here is an updated diff.
ok remi@
>
> Index: kroute.c
> ===
> RCS file: /cvs/src/usr.sbin/ospf6d/kroute.c,v
> retrieving revision 1.60
> diff -u -p -r1.60 kroute.c
> --- kroute.c 2 Jan 2019 21:32:55 - 1.60
> +++ kroute.c 11 Dec 2019 14:51:25 -
> @@ -80,7 +80,7 @@ struct kroute_node *kroute_match(struct
>
> int protect_lo(void);
> void get_rtaddrs(int, struct sockaddr *, struct sockaddr **);
> -void if_change(u_short, int, struct if_data *);
> +void if_change(u_short, int, struct if_data *, struct sockaddr_dl *);
> void if_newaddr(u_short, struct sockaddr_in6 *,
> struct sockaddr_in6 *, struct sockaddr_in6 *);
> void if_deladdr(u_short, struct sockaddr_in6 *,
> @@ -90,6 +90,7 @@ voidif_announce(void *);
> int send_rtmsg(int, int, struct kroute *);
> int dispatch_rtmsg(void);
> int fetchtable(void);
> +int rtmsg_process(char *, size_t);
>
> RB_HEAD(kroute_tree, kroute_node)krt;
> RB_PROTOTYPE(kroute_tree, kroute_node, entry, kroute_compare)
> @@ -801,7 +802,8 @@ get_rtaddrs(int addrs, struct sockaddr *
> }
>
> void
> -if_change(u_short ifindex, int flags, struct if_data *ifd)
> +if_change(u_short ifindex, int flags, struct if_data *ifd,
> +struct sockaddr_dl *sdl)
> {
> struct kroute_node *kr, *tkr;
> struct iface*iface;
> @@ -809,7 +811,7 @@ if_change(u_short ifindex, int flags, st
>
> wasvalid = kif_validate(ifindex);
>
> - if ((iface = kif_update(ifindex, flags, ifd, NULL)) == NULL) {
> + if ((iface = kif_update(ifindex, flags, ifd, sdl)) == NULL) {
> log_warn("if_change: kif_update(%u)", ifindex);
> return;
> }
> @@ -1135,12 +1137,8 @@ fetchtable(void)
> {
> size_t len;
> int mib[7];
> - char*buf, *next, *lim;
> - struct rt_msghdr*rtm;
> - struct sockaddr *sa, *rti_info[RTAX_MAX];
> - struct sockaddr_in6 *sa_in6;
> - struct sockaddr_rtlabel *label;
> - struct kroute_node *kr;
> + char*buf;
> + int rv;
>
> mib[0] = CTL_NET;
> mib[1] = PF_ROUTE;
> @@ -1164,102 +1162,10 @@ fetchtable(void)
> return (-1);
> }
>
> - lim = buf + len;
> - for (next = buf; next < lim; next += rtm->rtm_msglen) {
> - rtm = (struct rt_msghdr *)next;
> - if (rtm->rtm_version != RTM_VERSION)
> - continue;
> - sa = (struct sockaddr *)(next + rtm->rtm_hdrlen);
> - get_rtaddrs(rtm->rtm_addrs, sa, rti_info);
> -
> - if ((sa = rti_info[RTAX_DST]) == NULL)
> - continue;
> -
> - /* Skip ARP/ND cache and broadcast routes. */
> - if (rtm->rtm_flags & (RTF_LLINFO|RTF_BROADCAST))
> - continue;
> -
> - if ((kr = calloc(1, sizeof(struct kroute_node))) == NULL) {
> - log_warn("fetchtable");
> - free(buf);
> - return (-1);
> - }
> -
> - kr->r.flags = F_KERNEL;
> - kr->r.priority = rtm->rtm_priority;
> -
> - switch (sa->sa_family) {
> - case AF_INET6:
> - kr->r.prefix =
> - ((struct sockaddr_in6 *)sa)->sin6_addr;
> - sa_in6 = (struct sockaddr_in6 *)rti_info[RTAX_NETMASK];
> - if (rtm->rtm_flags & RTF_STATIC)
> - kr->r.flags |= F_STATIC;
> - if (rtm->rtm_flags & RTF_BLACKHOLE)
> - kr->r.flags |= F_BLACKHOLE;
> - if (rtm->rtm_flags & RTF_REJECT)
> - kr->r.flags |= F_REJECT;
> - if (rtm->rtm_flags & RTF_DYNAMIC)
> - kr->r.flags |= F_DYNAMIC;
> - if (sa_in6 != NULL) {
> - if (sa_in6->sin6_len == 0)
> - break;
> - kr->r.prefixlen =
&g
Re: ripd: memory leak and double free/use-after-free
On Wed, Dec 11, 2019 at 10:11:58AM +0100, Sebastian Benoit wrote:
> Remi Locherer(remi.loche...@relo.ch) on 2019.12.10 22:39:32 +0100:
> > On Tue, Dec 10, 2019 at 07:05:27PM +0100, Hiltjo Posthuma wrote:
> > > Hi,
> > >
> > > While looking at the code of ripd:
> > >
> > > I think there are (also) 2 small memleaks in a debug/error path
> > > (IMSG_REQUEST_ADD and IMSG_RESPONSE_ADD). It breaks out before adding the
> > > struct rip_route as an entry by the add_entry function (which adds it and
> > > adds
> > > a reference count) in the log_debug block.
> > >
> > > clang-analyzer also pointed at a double-free and use of free'd data: the
> > > function kroute_insert frees kr and returns -1 when struct kroute is
> > > duplicate.
> > >
> > > Patch below (untested):
> > >
> >
> > OK remi@
>
> go ahead and commit it, ok benno@
Thank you for the patch! I just committed it.
Remi
>
> >
> > >
> > > diff --git a/usr.sbin/ripd/kroute.c b/usr.sbin/ripd/kroute.c
> > > index 6e7449e0909..71758a75e44 100644
> > > --- a/usr.sbin/ripd/kroute.c
> > > +++ b/usr.sbin/ripd/kroute.c
> > > @@ -183,8 +183,7 @@ kr_change_fib(struct kroute_node *kr, struct kroute
> > > *kroute, int action)
> > >
> > > if (kroute_insert(kr) == -1) {
> > > log_debug("kr_update_fib: cannot insert %s",
> > > - inet_ntoa(kr->r.nexthop));
> > > - free(kr);
> > > + inet_ntoa(kroute->nexthop));
> > > }
> > > } else
> > > kr->r.nexthop.s_addr = kroute->nexthop.s_addr;
> > > diff --git a/usr.sbin/ripd/ripe.c b/usr.sbin/ripd/ripe.c
> > > index d83901e245f..1f6f9b6583f 100644
> > > --- a/usr.sbin/ripd/ripe.c
> > > +++ b/usr.sbin/ripd/ripe.c
> > > @@ -351,6 +351,7 @@ ripe_dispatch_rde(int fd, short event, void *bula)
> > > NULL) {
> > > log_debug("unknown neighbor id %u",
> > > imsg.hdr.peerid);
> > > + free(rr);
> > > break;
> > > }
> > > add_entry(&nbr->rq_list, rr);
> > > @@ -396,6 +397,7 @@ ripe_dispatch_rde(int fd, short event, void *bula)
> > > if ((nbr = nbr_find_peerid(imsg.hdr.peerid)) == NULL) {
> > > log_debug("unknown neighbor id %u",
> > > imsg.hdr.peerid);
> > > + free(rr);
> > > break;
> > > }
> > > iface = nbr->iface;
> > >
> > > --
> > > Kind regards,
> > > Hiltjo
> > >
> >
>
Re: ripd: memory leak and double free/use-after-free
On Tue, Dec 10, 2019 at 07:05:27PM +0100, Hiltjo Posthuma wrote:
> Hi,
>
> While looking at the code of ripd:
>
> I think there are (also) 2 small memleaks in a debug/error path
> (IMSG_REQUEST_ADD and IMSG_RESPONSE_ADD). It breaks out before adding the
> struct rip_route as an entry by the add_entry function (which adds it and adds
> a reference count) in the log_debug block.
>
> clang-analyzer also pointed at a double-free and use of free'd data: the
> function kroute_insert frees kr and returns -1 when struct kroute is
> duplicate.
>
> Patch below (untested):
>
OK remi@
>
> diff --git a/usr.sbin/ripd/kroute.c b/usr.sbin/ripd/kroute.c
> index 6e7449e0909..71758a75e44 100644
> --- a/usr.sbin/ripd/kroute.c
> +++ b/usr.sbin/ripd/kroute.c
> @@ -183,8 +183,7 @@ kr_change_fib(struct kroute_node *kr, struct kroute
> *kroute, int action)
>
> if (kroute_insert(kr) == -1) {
> log_debug("kr_update_fib: cannot insert %s",
> - inet_ntoa(kr->r.nexthop));
> - free(kr);
> + inet_ntoa(kroute->nexthop));
> }
> } else
> kr->r.nexthop.s_addr = kroute->nexthop.s_addr;
> diff --git a/usr.sbin/ripd/ripe.c b/usr.sbin/ripd/ripe.c
> index d83901e245f..1f6f9b6583f 100644
> --- a/usr.sbin/ripd/ripe.c
> +++ b/usr.sbin/ripd/ripe.c
> @@ -351,6 +351,7 @@ ripe_dispatch_rde(int fd, short event, void *bula)
> NULL) {
> log_debug("unknown neighbor id %u",
> imsg.hdr.peerid);
> + free(rr);
> break;
> }
> add_entry(&nbr->rq_list, rr);
> @@ -396,6 +397,7 @@ ripe_dispatch_rde(int fd, short event, void *bula)
> if ((nbr = nbr_find_peerid(imsg.hdr.peerid)) == NULL) {
> log_debug("unknown neighbor id %u",
> imsg.hdr.peerid);
> + free(rr);
> break;
> }
> iface = nbr->iface;
>
> --
> Kind regards,
> Hiltjo
>
Re: ospf6d: refactor kernel route message handling
On Mon, Dec 09, 2019 at 07:31:11PM +0100, Denis Fondras wrote:
> Give some love to ospf6d.
>
> The goal is to have ospf6d looks like ospfd, this could be useful to have
> changes made in one daemon from one go inside the other.
>
> I will do it step by step until I get to the point where "ospf6ctl reload"
> works.
I like this a lot!
> First step is to refactor kernel route message handling, no functionnal
> change.
I tested your diff with the following configuration:
--
router-id 192.168.250.7
fib-priority 38
redistribute default
redistribute rtlabel toOSPF depend on carp0
area 0 {
interface vether0 {
metric 55
depend on carp0
}
interface iwm0 { passive }
}
--
Unfortunately redistribute does not work anymore.
Remi
ripd: fix split-horizon simple
Hi, when "split-horizon simple" is used, ripd might send out messges with 0 routes in it. This is because nentries is counted up even if the route was not added to buf. Moving nentries++ up is fixing this. Below log message is an indicator for this bug: recv_response: bad packet size, interface vether0 OK? Remi Index: message.c === RCS file: /cvs/src/usr.sbin/ripd/message.c,v retrieving revision 1.12 diff -u -p -r1.12 message.c --- message.c 25 Oct 2014 03:23:49 - 1.12 +++ message.c 8 Dec 2019 22:02:38 - @@ -292,11 +292,11 @@ send_response(struct packet_head *r_list ibuf_add(buf, &netmask, sizeof(netmask)); ibuf_add(buf, &nexthop, sizeof(nexthop)); ibuf_add(buf, &metric, sizeof(metric)); + nentries++; free: TAILQ_REMOVE(r_list, entry, entry); delete_entry(entry->rr); free(entry); - nentries++; } if (iface->auth_type == AUTH_CRYPT)
ripd: fix error message
Hi,
this fixes an error message to reflect the correct function name.
OK?
Remi
Index: message.c
===
RCS file: /cvs/src/usr.sbin/ripd/message.c,v
retrieving revision 1.12
diff -u -p -r1.12 message.c
--- message.c 25 Oct 2014 03:23:49 - 1.12
+++ message.c 8 Dec 2019 22:02:38 -
@@ -70,7 +70,7 @@ add_entry(struct packet_head *r_list, st
fatalx("add_entry: no route report");
if ((re = calloc(1, sizeof(*re))) == NULL)
- fatal("add_response");
+ fatal("add_entry");
TAILQ_INSERT_TAIL(r_list, re, entry);
re->rr = rr;
ripd: remove unused line
Hi, iface is not used afterwards. I think it should have been removed in revision 1.8. OK? Remi Index: ripe.c === RCS file: /cvs/src/usr.sbin/ripd/ripe.c,v retrieving revision 1.23 diff -u -p -r1.23 ripe.c --- ripe.c 4 Nov 2018 07:52:55 - 1.23 +++ ripe.c 8 Dec 2019 13:28:29 - @@ -398,7 +398,6 @@ ripe_dispatch_rde(int fd, short event, v imsg.hdr.peerid); break; } - iface = nbr->iface; add_entry(&nbr->rp_list, rr); break;
Re: ospfd: type p2p
On Sat, Nov 16, 2019 at 06:58:35AM +0100, Claudio Jeker wrote:
> On Fri, Nov 15, 2019 at 06:06:42PM +0100, Remi Locherer wrote:
> > On Mon, Nov 04, 2019 at 02:01:57PM +0200, Kapetanakis Giannis wrote:
> > > On 25/10/2019 13:57, Remi Locherer wrote:
> > > > Hi tech@,
> > > >
> > > > earlier this year I sent a diff that allowed to change an interface
> > > > from broadcast to point-to-point.
> > > >
> > > > https://marc.info/?l=openbsd-tech&m=156132923203704&w=2
> > > >
> > > > It turned out that this was not sufficient. It made the adjacency
> > > > come up in p2p mode (no selection of DR or BDR) but didn't set a valid
> > > > next hop for routes learned over this p2p link. Actually the next hop
> > > > was
> > > > 0.0.0.0 which was never installed into the routing table.
> > > >
> > > > This is because for P2P interfaces the neighbor address is not taken
> > > > from
> > > > the received hello but from the "destination" parameter configured on
> > > > the
> > > > interface. Since this is not set on a broadcast interface the address is
> > > > 0.0.0.0.
> > > >
> > > > My new diff changes this. Now also for P2P links the IP address of the
> > > > neighbor is taken from the hello packets (src address). This on it's own
> > > > would make it simpler to interfere with the routing from remote. One
> > > > could
> > > > send unicast ospf hello messages and potentially disrupt the routing
> > > > setup.
> > > > I believe I mitigated this with an additional check I committed in
> > > > August:
> > > > only hello messages sent to the multicast address are now processed.
> > > >
> > > > The config looks like this:
> > > >
> > > > area 0.0.0.0 {
> > > > interface em0 {
> > > > type p2p
> > > > }
> > > > }
> > > >
> > > > It would be nice to get test reports for this new feature (check the fib
> > > > and routing table!) and also test reports with real p2p2 interfaces (gif
> > > > or gre).
> > > >
> > > > Of course OKs are also welcome. ;-)
> > > >
> > > > Remi
> > >
> > >
> > > Hi,
> > >
> > > From first test seems to work :)
> > >
> > > looking forward test it for IPv6 as well
> > >
> > > thanks
> > >
> > > Giannis
> >
> >
> > Anyone willing to OK this?
>
> See inline.
>
[...]
>
> Another option is to just add this ospfe_imsg_compose_rde() to the two
> places where the addr is updated.
Right, that is actually simpler.
>
> > +
> > + return (0);
> > }
> >
> > struct nbr *
> > Index: ospfd.c
> > ===
> > RCS file: /cvs/src/usr.sbin/ospfd/ospfd.c,v
> > retrieving revision 1.108
> > diff -u -p -r1.108 ospfd.c
> > --- ospfd.c 16 May 2019 05:49:22 - 1.108
> > +++ ospfd.c 23 Jun 2019 21:06:44 -
> > @@ -911,6 +911,22 @@ merge_interfaces(struct area *a, struct
> > if_fsm(i, IF_EVT_UP);
> > }
> >
> > + if (i->p2p != xi->p2p) {
> > + /* re-add interface to enable or disable DR election */
> > + if (ospfd_process == PROC_OSPF_ENGINE)
> > + if_fsm(i, IF_EVT_DOWN);
> > + else if (ospfd_process == PROC_RDE_ENGINE)
> > + rde_nbr_iface_del(i);
> > + LIST_REMOVE(i, entry);
> > + if_del(i);
> > + LIST_REMOVE(xi, entry);
> > + LIST_INSERT_HEAD(&a->iface_list, xi, entry);
> > + xi->area = a;
> > + if (ospfd_process == PROC_OSPF_ENGINE)
> > + xi->state = IF_STA_NEW;
> > + continue;
> > + }
>
> This is one big hammer. Would be nice to be a bit softer, also should this
> code be before
> log_debug("merge_interfaces: proc %d area %s merging "
> "interface %s", ospfd_process, inet_ntoa(a->id), i->name);
>
> Since it re-adds an interface. If so it should also have its own
> log_debu
Re: ospfd: type p2p
On Mon, Nov 04, 2019 at 02:01:57PM +0200, Kapetanakis Giannis wrote:
> On 25/10/2019 13:57, Remi Locherer wrote:
> > Hi tech@,
> >
> > earlier this year I sent a diff that allowed to change an interface
> > from broadcast to point-to-point.
> >
> > https://marc.info/?l=openbsd-tech&m=156132923203704&w=2
> >
> > It turned out that this was not sufficient. It made the adjacency
> > come up in p2p mode (no selection of DR or BDR) but didn't set a valid
> > next hop for routes learned over this p2p link. Actually the next hop was
> > 0.0.0.0 which was never installed into the routing table.
> >
> > This is because for P2P interfaces the neighbor address is not taken from
> > the received hello but from the "destination" parameter configured on the
> > interface. Since this is not set on a broadcast interface the address is
> > 0.0.0.0.
> >
> > My new diff changes this. Now also for P2P links the IP address of the
> > neighbor is taken from the hello packets (src address). This on it's own
> > would make it simpler to interfere with the routing from remote. One could
> > send unicast ospf hello messages and potentially disrupt the routing setup.
> > I believe I mitigated this with an additional check I committed in August:
> > only hello messages sent to the multicast address are now processed.
> >
> > The config looks like this:
> >
> > area 0.0.0.0 {
> > interface em0 {
> > type p2p
> > }
> > }
> >
> > It would be nice to get test reports for this new feature (check the fib
> > and routing table!) and also test reports with real p2p2 interfaces (gif
> > or gre).
> >
> > Of course OKs are also welcome. ;-)
> >
> > Remi
>
>
> Hi,
>
> From first test seems to work :)
>
> looking forward test it for IPv6 as well
>
> thanks
>
> Giannis
Anyone willing to OK this?
Index: hello.c
===
RCS file: /cvs/src/usr.sbin/ospfd/hello.c,v
retrieving revision 1.24
diff -u -p -r1.24 hello.c
--- hello.c 12 Aug 2019 20:21:58 - 1.24
+++ hello.c 21 Sep 2019 22:06:17 -
@@ -189,14 +189,13 @@ recv_hello(struct iface *iface, struct i
nbr->dr.s_addr = hello.d_rtr;
nbr->bdr.s_addr = hello.bd_rtr;
nbr->priority = hello.rtr_priority;
- /* XXX neighbor address shouldn't be stored on virtual links */
- nbr->addr.s_addr = src.s_addr;
+ nbr_update_addr(nbr->peerid, src);
}
if (nbr->addr.s_addr != src.s_addr) {
log_warnx("%s: neighbor ID %s changed its IP address",
__func__, inet_ntoa(nbr->id));
- nbr->addr.s_addr = src.s_addr;
+ nbr_update_addr(nbr->peerid, src);
}
nbr->options = hello.opts;
Index: lsupdate.c
===
RCS file: /cvs/src/usr.sbin/ospfd/lsupdate.c,v
retrieving revision 1.46
diff -u -p -r1.46 lsupdate.c
--- lsupdate.c 15 Jul 2019 18:26:39 - 1.46
+++ lsupdate.c 15 Aug 2019 21:10:13 -
@@ -470,7 +470,7 @@ ls_retrans_timer(int fd, short event, vo
/* ls_retrans_list_free retriggers the timer */
return;
} else if (nbr->iface->type == IF_TYPE_POINTOPOINT)
- memcpy(&addr, &nbr->iface->dst, sizeof(addr));
+ memcpy(&addr, &nbr->addr, sizeof(addr));
else
inet_aton(AllDRouters, &addr);
} else
Index: neighbor.c
===
RCS file: /cvs/src/usr.sbin/ospfd/neighbor.c,v
retrieving revision 1.48
diff -u -p -r1.48 neighbor.c
--- neighbor.c 9 Feb 2018 02:14:03 - 1.48
+++ neighbor.c 21 Sep 2019 15:28:43 -
@@ -312,6 +312,7 @@ nbr_new(u_int32_t nbr_id, struct iface *
bzero(&rn, sizeof(rn));
rn.id.s_addr = nbr->id.s_addr;
rn.area_id.s_addr = nbr->iface->area->id.s_addr;
+ rn.addr.s_addr = nbr->addr.s_addr;
rn.ifindex = nbr->iface->ifindex;
rn.state = nbr->state;
rn.self = self;
@@ -347,6 +348,23 @@ nbr_del(struct nbr *nbr)
LIST_REMOVE(nbr, hash);
free(nbr);
+}
+
+int
+nbr_update_addr(u_int32_t peerid, struct in_addr addr) {
+
+ struct nbr *nbr = NULL;
+
+ nbr = nbr_find_peerid(peerid);
+ if (nbr == NULL)
+ return (1);
+
+ /* XXX neighbor address shouldn't be stored on virtual links */
+ nbr->addr.s_addr = addr.s_addr;
Re: ospfd: type p2p
On Mon, Nov 04, 2019 at 02:01:57PM +0200, Kapetanakis Giannis wrote:
> On 25/10/2019 13:57, Remi Locherer wrote:
> > Hi tech@,
> >
> > earlier this year I sent a diff that allowed to change an interface
> > from broadcast to point-to-point.
> >
> > https://marc.info/?l=openbsd-tech&m=156132923203704&w=2
> >
> > It turned out that this was not sufficient. It made the adjacency
> > come up in p2p mode (no selection of DR or BDR) but didn't set a valid
> > next hop for routes learned over this p2p link. Actually the next hop was
> > 0.0.0.0 which was never installed into the routing table.
> >
> > This is because for P2P interfaces the neighbor address is not taken from
> > the received hello but from the "destination" parameter configured on the
> > interface. Since this is not set on a broadcast interface the address is
> > 0.0.0.0.
> >
> > My new diff changes this. Now also for P2P links the IP address of the
> > neighbor is taken from the hello packets (src address). This on it's own
> > would make it simpler to interfere with the routing from remote. One could
> > send unicast ospf hello messages and potentially disrupt the routing setup.
> > I believe I mitigated this with an additional check I committed in August:
> > only hello messages sent to the multicast address are now processed.
> >
> > The config looks like this:
> >
> > area 0.0.0.0 {
> > interface em0 {
> > type p2p
> > }
> > }
> >
> > It would be nice to get test reports for this new feature (check the fib
> > and routing table!) and also test reports with real p2p2 interfaces (gif
> > or gre).
> >
> > Of course OKs are also welcome. ;-)
> >
> > Remi
>
>
> Hi,
>
> From first test seems to work :)
Thank you for testing!
>
> looking forward test it for IPv6 as well
Sure, I plan to also do this this for ospf6d.
Re: Opportunistic DoT for unwind(8)
On Sat, Nov 02, 2019 at 08:20:08AM +0100, Otto Moerbeek wrote:
> On Fri, Nov 01, 2019 at 10:43:27PM +0100, Remi Locherer wrote:
>
> > On Fri, Nov 01, 2019 at 09:53:28PM +0100, Florian Obser wrote:
> > > On Fri, Nov 01, 2019 at 09:45:37PM +0100, Florian Obser wrote:
> > > > On Fri, Nov 01, 2019 at 09:35:07PM +0100, Remi Locherer wrote:
> > > > > On Thu, Oct 31, 2019 at 08:14:04PM +0100, Otto Moerbeek wrote:
> > > > > > Hi,
> > > > > >
> > > > > > So here's a new diff that incorporates the bug fix mentioned plus
> > > > > > debug printf line changes suggested by Stuart.
> > > > > >
> > > > > > Please note that this is a diff on top of very recent current, i.e.
> > > > > > florian's work he committed today. That means that you need to be
> > > > > > up-to-date (including a recent libc update that was committed a few
> > > > > > days ago) to be able to test this version.
> > > > >
> > > > > I upgraded to a snapshot from today, updated the source and applied
> > > > > your diff. Then I did the same test as last time using pf to block
> > > > > port 53
> > > > > (block return out log inet proto {tcp udp} to !9.9.9.9 port 53).
> > > > >
> > > > > Result: the non functional type asr is selected instead of the
> > > > > forwarder.
> > > > >
> > > > > $ doas unwindctl status
> > > > > captive portal is unknown
> > > > >
> > > > > selected type status
> > > > > recursor dead
> > > > > forwarder validating (OppDoT)
> > > > > dhcp unknown (OppDoT)
> > > > >* asr dead
> > > > > $
> > > > > $ getent hosts undeadly.org
> > > > > $ echo $?
> > > > > 2
> > > > > $ dig +short undeadly.org @9.9.9.9
> > > > > 94.142.241.173
> > > > > $
> > > > >
> > > > > Without your patch unwind behaves similar regarding the type
> > > > > selection:
> > > > >
> > > > > $ doas unwindctl status
> > > > > captive portal is unknown
> > > >
> > > > ^ you are creating a not supported configuration.
> > > >
> > > > When we are behind a captive portal or don't know yet if we are behind
> > > > a captive portal resolving is forced to asr.
> > > >
> > > > That might not be very wise if asr is dead but I currently don't see
> > > > how this can happen in practice except with a well aimed foot-gun.
> > >
> > > Actually, I have an idea how this can happen in practice, please try this:
> > >
> > > diff --git resolver.c resolver.c
> > > index f59860a5e98..5bbc63f60fa 100644
> > > --- resolver.c
> > > +++ resolver.c
> > > @@ -1282,7 +1282,8 @@ best_resolver(void)
> > >
> > > if (captive_portal_state == PORTAL_UNKNOWN || captive_portal_state ==
> > > BEHIND) {
> > > - if (resolvers[UW_RES_ASR] != NULL) {
> > > + if (resolvers[UW_RES_ASR] != NULL && resolvers[UW_RES_ASR]->
> > > +state != DEAD) {
> > > res = resolvers[UW_RES_ASR];
> > > goto out;
> > > }
> > >
> > >
> >
> > Yes, this makes unwind cope with this situation:
> >
> > $ unwindctl status
> > not behind captive portal
> >
> > selected type status
> > recursor dead
> >*forwarder validating
> > dhcp dead
> > asr dead
> > $
> >
> > OK remi@
> >
>
> And with my diff on top of that?
Yes, now it works as expected.
OK remi@
Re: Opportunistic DoT for unwind(8)
On Fri, Nov 01, 2019 at 09:53:28PM +0100, Florian Obser wrote:
> On Fri, Nov 01, 2019 at 09:45:37PM +0100, Florian Obser wrote:
> > On Fri, Nov 01, 2019 at 09:35:07PM +0100, Remi Locherer wrote:
> > > On Thu, Oct 31, 2019 at 08:14:04PM +0100, Otto Moerbeek wrote:
> > > > Hi,
> > > >
> > > > So here's a new diff that incorporates the bug fix mentioned plus
> > > > debug printf line changes suggested by Stuart.
> > > >
> > > > Please note that this is a diff on top of very recent current, i.e.
> > > > florian's work he committed today. That means that you need to be
> > > > up-to-date (including a recent libc update that was committed a few
> > > > days ago) to be able to test this version.
> > >
> > > I upgraded to a snapshot from today, updated the source and applied
> > > your diff. Then I did the same test as last time using pf to block port 53
> > > (block return out log inet proto {tcp udp} to !9.9.9.9 port 53).
> > >
> > > Result: the non functional type asr is selected instead of the forwarder.
> > >
> > > $ doas unwindctl status
> > > captive portal is unknown
> > >
> > > selected type status
> > > recursor dead
> > > forwarder validating (OppDoT)
> > > dhcp unknown (OppDoT)
> > >* asr dead
> > > $
> > > $ getent hosts undeadly.org
> > > $ echo $?
> > > 2
> > > $ dig +short undeadly.org @9.9.9.9
> > > 94.142.241.173
> > > $
> > >
> > > Without your patch unwind behaves similar regarding the type selection:
> > >
> > > $ doas unwindctl status
> > > captive portal is unknown
> >
> > ^ you are creating a not supported configuration.
> >
> > When we are behind a captive portal or don't know yet if we are behind
> > a captive portal resolving is forced to asr.
> >
> > That might not be very wise if asr is dead but I currently don't see
> > how this can happen in practice except with a well aimed foot-gun.
>
> Actually, I have an idea how this can happen in practice, please try this:
>
> diff --git resolver.c resolver.c
> index f59860a5e98..5bbc63f60fa 100644
> --- resolver.c
> +++ resolver.c
> @@ -1282,7 +1282,8 @@ best_resolver(void)
>
> if (captive_portal_state == PORTAL_UNKNOWN || captive_portal_state ==
> BEHIND) {
> - if (resolvers[UW_RES_ASR] != NULL) {
> + if (resolvers[UW_RES_ASR] != NULL && resolvers[UW_RES_ASR]->
> +state != DEAD) {
> res = resolvers[UW_RES_ASR];
> goto out;
> }
>
>
Yes, this makes unwind cope with this situation:
$ unwindctl status
not behind captive portal
selected type status
recursor dead
*forwarder validating
dhcp dead
asr dead
$
OK remi@
Re: Opportunistic DoT for unwind(8)
On Thu, Oct 31, 2019 at 08:14:04PM +0100, Otto Moerbeek wrote:
> Hi,
>
> So here's a new diff that incorporates the bug fix mentioned plus
> debug printf line changes suggested by Stuart.
>
> Please note that this is a diff on top of very recent current, i.e.
> florian's work he committed today. That means that you need to be
> up-to-date (including a recent libc update that was committed a few
> days ago) to be able to test this version.
I upgraded to a snapshot from today, updated the source and applied
your diff. Then I did the same test as last time using pf to block port 53
(block return out log inet proto {tcp udp} to !9.9.9.9 port 53).
Result: the non functional type asr is selected instead of the forwarder.
$ doas unwindctl status
captive portal is unknown
selected type status
recursor dead
forwarder validating (OppDoT)
dhcp unknown (OppDoT)
* asr dead
$
$ getent hosts undeadly.org
$ echo $?
2
$ dig +short undeadly.org @9.9.9.9
94.142.241.173
$
Without your patch unwind behaves similar regarding the type selection:
$ doas unwindctl status
captive portal is unknown
selected type status
recursor dead
forwarder validating
dhcp dead
* asr dead
$
Re: Opportunistic DoT for unwind(8)
Hi Otto,
On Wed, Oct 30, 2019 at 03:57:15PM +0100, Otto Moerbeek wrote:
> Hi,
>
> I got *very* little feedback on this request for testing.
>
> If not enough enough testing is done, I'll either abandon the diff or
> commit it as-is, introducing bugs that could have been prevented. Both
> are not good. So get going!
>
> -Otto
>
I applied your diff and tried with the following config:
$ unwind -nv
preference { recursor DoT forwarder dhcp }
forwarder {
9.9.9.9
}
captive portal {
url "http://captive.apple.com/";
expected status 200
expected response
"SuccessSuccess"
auto yes
}
block list "/etc/unwind_blocklist.txt"
$
To force unwind to use 9.9.9.9 I tested with this pf rules:
$ doas pfctl -sr
doas (r...@typhoon.relo.ch) password:
block return log all
pass log all flags S/SA
pass out log on egress inet from (vether0:network) to any flags S/SA nat-to
(egress:0) round-robin
block return in on ! lo0 proto tcp from any to any port 6000:6010
block return out log inet proto tcp from any to ! 9.9.9.9 port = 53
block return out log inet proto udp from any to ! 9.9.9.9 port = 53
block return out log inet6 proto tcp from any to any port = 53
block return out log inet6 proto udp from any to any port = 53
block return out log proto tcp all user = 55
block return out log proto udp all user = 55
$
As expected I can now query 9.9.9.9 but 8.8.8.8 fails:
$ dig +short undeadly.org @9.9.9.9
94.142.241.173
typhoon ..c/examples$ dig +short undeadly.org @8.8.8.8
;; connection timed out; no servers could be reached
$
I expected that unwind would choose 9.9.9.9 with OppDoT. But unwind
selects dhcp which is correctly displayed as dead:
$ unwindctl status
captive portal is unknown
selected type status
recursor dead
forwarder validating
* dhcp dead
$
Port 853 on 9.9.9.9 is not blocked:
$ nc -zv 9.9.9.9 853
Connection to 9.9.9.9 853 port [tcp/domain-s] succeeded!
$ nc -zv -u 9.9.9.9 853
Connection to 9.9.9.9 853 port [udp/domain-s] succeeded!
$
Did I do something wrong in unwind.conf?
Remi
ospfd: type p2p
Hi tech@,
earlier this year I sent a diff that allowed to change an interface
from broadcast to point-to-point.
https://marc.info/?l=openbsd-tech&m=156132923203704&w=2
It turned out that this was not sufficient. It made the adjacency
come up in p2p mode (no selection of DR or BDR) but didn't set a valid
next hop for routes learned over this p2p link. Actually the next hop was
0.0.0.0 which was never installed into the routing table.
This is because for P2P interfaces the neighbor address is not taken from
the received hello but from the "destination" parameter configured on the
interface. Since this is not set on a broadcast interface the address is
0.0.0.0.
My new diff changes this. Now also for P2P links the IP address of the
neighbor is taken from the hello packets (src address). This on it's own
would make it simpler to interfere with the routing from remote. One could
send unicast ospf hello messages and potentially disrupt the routing setup.
I believe I mitigated this with an additional check I committed in August:
only hello messages sent to the multicast address are now processed.
The config looks like this:
area 0.0.0.0 {
interface em0 {
type p2p
}
}
It would be nice to get test reports for this new feature (check the fib
and routing table!) and also test reports with real p2p2 interfaces (gif
or gre).
Of course OKs are also welcome. ;-)
Remi
Index: hello.c
===
RCS file: /cvs/src/usr.sbin/ospfd/hello.c,v
retrieving revision 1.24
diff -u -p -r1.24 hello.c
--- hello.c 12 Aug 2019 20:21:58 - 1.24
+++ hello.c 21 Sep 2019 22:06:17 -
@@ -189,14 +189,13 @@ recv_hello(struct iface *iface, struct i
nbr->dr.s_addr = hello.d_rtr;
nbr->bdr.s_addr = hello.bd_rtr;
nbr->priority = hello.rtr_priority;
- /* XXX neighbor address shouldn't be stored on virtual links */
- nbr->addr.s_addr = src.s_addr;
+ nbr_update_addr(nbr->peerid, src);
}
if (nbr->addr.s_addr != src.s_addr) {
log_warnx("%s: neighbor ID %s changed its IP address",
__func__, inet_ntoa(nbr->id));
- nbr->addr.s_addr = src.s_addr;
+ nbr_update_addr(nbr->peerid, src);
}
nbr->options = hello.opts;
Index: lsupdate.c
===
RCS file: /cvs/src/usr.sbin/ospfd/lsupdate.c,v
retrieving revision 1.46
diff -u -p -r1.46 lsupdate.c
--- lsupdate.c 15 Jul 2019 18:26:39 - 1.46
+++ lsupdate.c 15 Aug 2019 21:10:13 -
@@ -470,7 +470,7 @@ ls_retrans_timer(int fd, short event, vo
/* ls_retrans_list_free retriggers the timer */
return;
} else if (nbr->iface->type == IF_TYPE_POINTOPOINT)
- memcpy(&addr, &nbr->iface->dst, sizeof(addr));
+ memcpy(&addr, &nbr->addr, sizeof(addr));
else
inet_aton(AllDRouters, &addr);
} else
Index: neighbor.c
===
RCS file: /cvs/src/usr.sbin/ospfd/neighbor.c,v
retrieving revision 1.48
diff -u -p -r1.48 neighbor.c
--- neighbor.c 9 Feb 2018 02:14:03 - 1.48
+++ neighbor.c 21 Sep 2019 15:28:43 -
@@ -312,6 +312,7 @@ nbr_new(u_int32_t nbr_id, struct iface *
bzero(&rn, sizeof(rn));
rn.id.s_addr = nbr->id.s_addr;
rn.area_id.s_addr = nbr->iface->area->id.s_addr;
+ rn.addr.s_addr = nbr->addr.s_addr;
rn.ifindex = nbr->iface->ifindex;
rn.state = nbr->state;
rn.self = self;
@@ -347,6 +348,23 @@ nbr_del(struct nbr *nbr)
LIST_REMOVE(nbr, hash);
free(nbr);
+}
+
+int
+nbr_update_addr(u_int32_t peerid, struct in_addr addr) {
+
+ struct nbr *nbr = NULL;
+
+ nbr = nbr_find_peerid(peerid);
+ if (nbr == NULL)
+ return (1);
+
+ /* XXX neighbor address shouldn't be stored on virtual links */
+ nbr->addr.s_addr = addr.s_addr;
+ ospfe_imsg_compose_rde(IMSG_NEIGHBOR_ADDR, peerid, 0, &addr,
+ sizeof(addr));
+
+ return (0);
}
struct nbr *
Index: ospfd.c
===
RCS file: /cvs/src/usr.sbin/ospfd/ospfd.c,v
retrieving revision 1.108
diff -u -p -r1.108 ospfd.c
--- ospfd.c 16 May 2019 05:49:22 - 1.108
+++ ospfd.c 23 Jun 2019 21:06:44 -
@@ -911,6 +911,22 @@ merge_interfaces(struct area *a, struct
if_fsm(i, IF_EVT_UP);
}
+ if (i->p2p != xi->p2p) {
+ /* re-add interface to enable or disable DR election */
+ if (ospfd_process == PROC_OSPF_ENGINE)
+ if_fsm(i, IF_EVT_DOWN);
+ els
Re: Attach Hyper-V guest services to VMBus 4.0
On Sat, Oct 05, 2019 at 03:19:08PM +0200, Mike Belopuhov wrote: > > Remi Locherer writes: > > > On Tue, Oct 01, 2019 at 12:25:35AM +0200, Mike Belopuhov wrote: > >> > >> > >> Hi, > >> > >> I've got a verbal report that Hyper-V guest services aren't attached > >> on modern Windows 10 systems so I believe we should get this one-liner > >> in before 6.6. > >> > >> FreeBSD revision 349856 adds another define for VMBus 5.0 but AFAICT > >> it doesn't attempt to use it in version negotiations. > >> > >> Unfortunately, I can't test this myself at the moment. > >> > >> I've got another two fixes for Hyper-V but can't test them either, so > >> if somebody is willing to test, please take a look at http://ix.io/1X2V > > > > With the diff from this link I'm getting the following dmesg. The VM > > seems to work fine. > > > > Hi Remi, > > Thanks for testing. > > Does it work with a plain OpenBSD-current w/o any diffs? Yes, that also works: OpenBSD 6.6 (GENERIC.MP) #352: Sat Oct 5 01:49:16 MDT 2019 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 1056899072 (1007MB) avail mem = 1012224000 (965MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xf93d0 (338 entries) bios0: vendor American Megatrends Inc. version "090008" date 12/07/2018 bios0: Microsoft Corporation Virtual Machine acpi0 at bios0: ACPI 2.0 acpi0: sleep states S0 S5 acpi0: tables DSDT FACP WAET SLIC OEM0 SRAT APIC OEMB acpi0: wakeup devices acpitimer0 at acpi0: 3579545 Hz, 32 bits acpihve0 at acpi0 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat ioapic0 at mainbus0: apid 0 pa 0xfec0, version 11, 24 pins, remapped cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i7-8550U CPU @ 1.80GHz, 1779.45 MHz, 06-8e-0a cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SS,SSE3,PCLMUL,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,IBRS,IBPB,STIBP,L1DF,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN cpu0: 256KB 64b/line 8-way L2 cache tsc_timecounter_init: TSC skew=0 observed drift=0 cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 153MHz acpiprt0 at acpi0: bus 0 (PCI0) acpicpu0 at acpi0: C1(@1 halt!) acpipci0 at acpi0 PCI0: _OSC failed acpicmos0 at acpi0 "VMBus" at acpi0 not configured "Hyper_V_Gen_Counter_V1" at acpi0 not configured cpu0: using Skylake AVX MDS workaround pvbus0 at mainbus0: Hyper-V 10.0 hyperv0 at pvbus0: protocol 3.0, features 0x2e7f hyperv0: heartbeat, kvp, shutdown, timesync hvs0 at hyperv0 channel 2: ide, protocol 6.2 scsibus1 at hvs0: 2 targets sd0 at scsibus1 targ 0 lun 0: naa.60022480c6c46e45fe9338343c3f1c08 sd0: 20480MB, 512 bytes/sector, 41943040 sectors, thin hvs1 at hyperv0 channel 16: scsi, protocol 6.2 scsibus2 at hvs1: 2 targets hvn0 at hyperv0 channel 15: NVS 5.0 NDIS 6.30, address 00:15:5d:b6:9f:19 pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel 82443BX" rev 0x03 pcib0 at pci0 dev 7 function 0 "Intel 82371AB PIIX4 ISA" rev 0x01 pciide0 at pci0 dev 7 function 1 "Intel 82371AB IDE" rev 0x01: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility pciide0: channel 0 disabled (no drives) atapiscsi0 at pciide0 channel 1 drive 0 scsibus3 at atapiscsi0: 2 targets cd0 at scsibus3 targ 0 lun 0: removable cd0(pciide0:1:0): using PIO mode 4, DMA mode 2 piixpm0 at pci0 dev 7 function 3 "Intel 82371AB Power" rev 0x02: SMBus disabled vga1 at pci0 dev 8 function 0 "Microsoft VGA" rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) isa0 at pcib0 isadma0 at isa0 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 irq 1 irq 12 pckbd0 at pckbc0 (kbd slot) wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) wsmouse0 at pms0 mux 0 pcppi0 at isa0 port 0x61 spkr0 at pcppi0 vscsi0 at root scsibus4 at vscsi0: 256 targets softraid0 at root scsibus5 at softraid0: 256 targets root on sd0a (d3de7339e9421b70.a) swap on sd0b dump on sd0b fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec fd1 at fdc0 drive 1: density unknown hw.machine=amd64 hw.model=Intel(R) Core(TM) i7-8550U CPU @ 1.80GHz hw.ncpu=1 hw.byteorder=1234 hw.pagesize=4096 hw.disknames=sd0:d3de7339e9421b70,cd0:,fd0:,fd1: hw.diskcount=4 hw.sensors.hyperv0.timedelta0=-0.06
Re: Attach Hyper-V guest services to VMBus 4.0
On Tue, Oct 01, 2019 at 12:25:35AM +0200, Mike Belopuhov wrote: > > > Hi, > > I've got a verbal report that Hyper-V guest services aren't attached > on modern Windows 10 systems so I believe we should get this one-liner > in before 6.6. > > FreeBSD revision 349856 adds another define for VMBus 5.0 but AFAICT > it doesn't attempt to use it in version negotiations. > > Unfortunately, I can't test this myself at the moment. > > I've got another two fixes for Hyper-V but can't test them either, so > if somebody is willing to test, please take a look at http://ix.io/1X2V With the diff from this link I'm getting the following dmesg. The VM seems to work fine. Cheers, Remi OpenBSD 6.6 (GENERIC.MP) #17: Sat Oct 5 11:52:48 CEST 2019 r...@typhoon.relo.ch:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 1056899072 (1007MB) avail mem = 1012211712 (965MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xf93d0 (338 entries) bios0: vendor American Megatrends Inc. version "090008" date 12/07/2018 bios0: Microsoft Corporation Virtual Machine acpi0 at bios0: ACPI 2.0 acpi0: sleep states S0 S5 acpi0: tables DSDT FACP WAET SLIC OEM0 SRAT APIC OEMB acpi0: wakeup devices acpitimer0 at acpi0: 3579545 Hz, 32 bits acpihve0 at acpi0 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat ioapic0 at mainbus0: apid 0 pa 0xfec0, version 11, 24 pins, remapped cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i7-8550U CPU @ 1.80GHz, 1399.64 MHz, 06-8e-0a cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SS,SSE3,PCLMUL,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,IBRS,IBPB,STIBP,L1DF,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN cpu0: 256KB 64b/line 8-way L2 cache tsc_timecounter_init: TSC skew=0 observed drift=0 cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 159MHz acpiprt0 at acpi0: bus 0 (PCI0) acpicpu0 at acpi0: C1(@1 halt!) acpipci0 at acpi0 PCI0: _OSC failed acpicmos0 at acpi0 "VMBus" at acpi0 not configured "Hyper_V_Gen_Counter_V1" at acpi0 not configured cpu0: using Skylake AVX MDS workaround pvbus0 at mainbus0: Hyper-V 10.0 hyperv0 at pvbus0: protocol 5.0, features 0x2e7f hyperv0: heartbeat, kvp, shutdown, timesync hvs0 at hyperv0 channel 2: ide, protocol 6.2 scsibus1 at hvs0: 2 targets sd0 at scsibus1 targ 0 lun 0: naa.60022480c6c46e45fe9338343c3f1c08 sd0: 20480MB, 512 bytes/sector, 41943040 sectors, thin hvs1 at hyperv0 channel 15: scsi, protocol 6.2 scsibus2 at hvs1: 2 targets hvn0 at hyperv0 channel 14: NVS 5.0 NDIS 6.30, address 00:15:5d:b6:9f:19 pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel 82443BX" rev 0x03 pcib0 at pci0 dev 7 function 0 "Intel 82371AB PIIX4 ISA" rev 0x01 pciide0 at pci0 dev 7 function 1 "Intel 82371AB IDE" rev 0x01: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility pciide0: channel 0 disabled (no drives) atapiscsi0 at pciide0 channel 1 drive 0 scsibus3 at atapiscsi0: 2 targets cd0 at scsibus3 targ 0 lun 0: removable cd0(pciide0:1:0): using PIO mode 4, DMA mode 2 piixpm0 at pci0 dev 7 function 3 "Intel 82371AB Power" rev 0x02: SMBus disabled vga1 at pci0 dev 8 function 0 "Microsoft VGA" rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) isa0 at pcib0 isadma0 at isa0 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 irq 1 irq 12 pckbd0 at pckbc0 (kbd slot) wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) wsmouse0 at pms0 mux 0 pcppi0 at isa0 port 0x61 spkr0 at pcppi0 vscsi0 at root scsibus4 at vscsi0: 256 targets softraid0 at root scsibus5 at softraid0: 256 targets root on sd0a (d3de7339e9421b70.a) swap on sd0b dump on sd0b fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec fd1 at fdc0 drive 1: density unknown hw.machine=amd64 hw.model=Intel(R) Core(TM) i7-8550U CPU @ 1.80GHz hw.ncpu=1 hw.byteorder=1234 hw.pagesize=4096 hw.disknames=sd0:d3de7339e9421b70,cd0:,fd0:,fd1: hw.diskcount=4 hw.sensors.hyperv0.timedelta0=-0.314675 secs, OK, Sat Oct 5 11:59:54.672 hw.cpuspeed=1399 hw.vendor=Microsoft Corporation hw.product=Virtual Machine hw.version=7.0 hw.serialno=1463-5556-3314-8948-4600-5664-99 hw.uuid=1fc03ccc-e6d5-374f-b6a2-3dc4b4689c0c hw.physmem=1056899072 hw.usermem=1056886784 hw.ncpufound=1 hw.allowpowerdown=1 hw.smt=0 hw.ncpuonline=1
Re: Attach Hyper-V guest services to VMBus 4.0
Hi Mike,
On Tue, Oct 01, 2019 at 12:25:35AM +0200, Mike Belopuhov wrote:
>
>
> Hi,
>
> I've got a verbal report that Hyper-V guest services aren't attached
> on modern Windows 10 systems so I believe we should get this one-liner
> in before 6.6.
>
> FreeBSD revision 349856 adds another define for VMBus 5.0 but AFAICT
> it doesn't attempt to use it in version negotiations.
>
> Unfortunately, I can't test this myself at the moment.
>
> I've got another two fixes for Hyper-V but can't test them either, so
> if somebody is willing to test, please take a look at http://ix.io/1X2V
>
>
> Cheers,
> Mike
>
>
> diff --git sys/dev/pv/hyperv.c sys/dev/pv/hyperv.c
> index a75276335d6..3ab2ae22831 100644
> --- sys/dev/pv/hyperv.c
> +++ sys/dev/pv/hyperv.c
> @@ -803,10 +803,11 @@ hv_channel_delivered(struct hv_softc *sc, struct
> vmbus_chanmsg_hdr *hdr)
>
> int
> hv_vmbus_connect(struct hv_softc *sc)
> {
> const uint32_t versions[] = {
> + VMBUS_VERSION_WIN10,
> VMBUS_VERSION_WIN8_1, VMBUS_VERSION_WIN8,
> VMBUS_VERSION_WIN7, VMBUS_VERSION_WS2008
> };
> struct vmbus_chanmsg_connect cmd;
> struct vmbus_chanmsg_connect_resp rsp;
>
with this diff I get below dmesg on Windows 10 1903. Disk and network seem
to work fine. Even startx works! ;-)
Cheers,
Remi
OpenBSD 6.6 (GENERIC.MP) #16: Sat Oct 5 09:49:07 CEST 2019
r...@typhoon.relo.ch:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 1056899072 (1007MB)
avail mem = 1012215808 (965MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xf93d0 (338 entries)
bios0: vendor American Megatrends Inc. version "090008" date 12/07/2018
bios0: Microsoft Corporation Virtual Machine
acpi0 at bios0: ACPI 2.0
acpi0: sleep states S0 S5
acpi0: tables DSDT FACP WAET SLIC OEM0 SRAT APIC OEMB
acpi0: wakeup devices
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpihve0 at acpi0
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
ioapic0 at mainbus0: apid 0 pa 0xfec0, version 11, 24 pins, remapped
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i7-8550U CPU @ 1.80GHz, 1213.35 MHz, 06-8e-0a
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SS,SSE3,PCLMUL,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,IBRS,IBPB,STIBP,L1DF,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
cpu0: 256KB 64b/line 8-way L2 cache
tsc_timecounter_init: TSC skew=0 observed drift=0
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 168MHz
acpiprt0 at acpi0: bus 0 (PCI0)
acpicpu0 at acpi0: C1(@1 halt!)
acpipci0 at acpi0 PCI0: _OSC failed
acpicmos0 at acpi0
"VMBus" at acpi0 not configured
"Hyper_V_Gen_Counter_V1" at acpi0 not configured
cpu0: using Skylake AVX MDS workaround
pvbus0 at mainbus0: Hyper-V 10.0
hyperv0 at pvbus0: protocol 4.0, features 0x2e7f
hyperv0: heartbeat, kvp, shutdown, timesync
hvs0 at hyperv0 channel 2: ide, protocol 6.2
scsibus1 at hvs0: 2 targets
sd0 at scsibus1 targ 0 lun 0:
naa.60022480c6c46e45fe9338343c3f1c08
sd0: 20480MB, 512 bytes/sector, 41943040 sectors, thin
hvs1 at hyperv0 channel 15: scsi, protocol 6.2
scsibus2 at hvs1: 2 targets
hvn0 at hyperv0 channel 14: NVS 5.0 NDIS 6.30, address 00:15:5d:b6:9f:19
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel 82443BX" rev 0x03
pcib0 at pci0 dev 7 function 0 "Intel 82371AB PIIX4 ISA" rev 0x01
pciide0 at pci0 dev 7 function 1 "Intel 82371AB IDE" rev 0x01: DMA, channel 0
wired to compatibility, channel 1 wired to compatibility
pciide0: channel 0 disabled (no drives)
atapiscsi0 at pciide0 channel 1 drive 0
scsibus3 at atapiscsi0: 2 targets
cd0 at scsibus3 targ 0 lun 0: removable
cd0(pciide0:1:0): using PIO mode 4, DMA mode 2
piixpm0 at pci0 dev 7 function 3 "Intel 82371AB Power" rev 0x02: SMBus disabled
vga1 at pci0 dev 8 function 0 "Microsoft VGA" rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
isa0 at pcib0
isadma0 at isa0
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot)
wsmouse0 at pms0 mux 0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
vscsi0 at root
scsibus4 at vscsi0: 256 targets
softraid0 at root
scsibus5 at softraid0: 256 targets
root on sd0a (d3de7339e9421b70.a) swap on sd0b dump on sd0b
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
fd1 at fdc0 drive 1: density unknown
hw.machine=amd64
hw.model=Intel(R) Core(TM) i7-8550U CPU @ 1.80GHz
hw.ncpu=1
hw.byteorder=1234
hw.pagesize=4096
hw.disknames=sd0:d3de7339e
ospfd: warn when a neighbor changes its ip address
I'd like to get a notification when a neighbor changes the src IP address
for hello packets. Either it is a planned change or something bad happens
in the network.
OK?
Remi
Index: hello.c
===
RCS file: /cvs/src/usr.sbin/ospfd/hello.c,v
retrieving revision 1.23
diff -u -p -r1.23 hello.c
--- hello.c 15 Jul 2019 18:26:39 - 1.23
+++ hello.c 11 Aug 2019 09:36:13 -
@@ -189,10 +189,16 @@ recv_hello(struct iface *iface, struct i
nbr->dr.s_addr = hello.d_rtr;
nbr->bdr.s_addr = hello.bd_rtr;
nbr->priority = hello.rtr_priority;
+ /* XXX neighbor address shouldn't be stored on virtual links */
+ nbr->addr.s_addr = src.s_addr;
+ }
+
+ if (nbr->addr.s_addr != src.s_addr) {
+ log_warnx("%s: neighbor ID %s changed its IP address",
+ __func__, inet_ntoa(nbr->id));
+ nbr->addr.s_addr = src.s_addr;
}
- /* actually the neighbor address shouldn't be stored on virtual links */
- nbr->addr.s_addr = src.s_addr;
nbr->options = hello.opts;
nbr_fsm(nbr, NBR_EVT_HELLO_RCVD);
ospfd: check dst addr for hello packets
When ospfd receives a hello packet it takes the src IP address and updates
the address in its neighbor struct for the given router id unconditionally.
In the case of broadcast interfaces this is not a problem:
find_iface() checks that the src address is from the same subnet as
the receiving interface is. It is best practice to only enable ospf in a
subnet where you control all routers.
But in the case of point-to-point interfaces no sanity checks happen on the
src or dst IP address.
RFC 2328 says in "9.5. Sending Hello packets":
On broadcast networks and physical point-to-point networks,
Hello packets are sent every HelloInterval seconds to the IP
multicast address AllSPFRouters.
I verified that ospfd does it like that. Also FastIron and Junos follow
this.
I propose that we add a check and only accept hellos on point-to-point and
broadcast interfaces when the destination is 224.0.0.5 (AllSPFRouters).
The check for AllDRouters is not needed in addition to the proposed check.
OK?
Remi
Index: packet.c
===
RCS file: /cvs/src/usr.sbin/ospfd/packet.c,v
retrieving revision 1.32
diff -u -p -r1.32 packet.c
--- packet.c15 Jul 2019 18:26:39 - 1.32
+++ packet.c11 Aug 2019 09:17:51 -
@@ -219,12 +219,16 @@ recv_packet(int fd, short event, void *b
/* switch OSPF packet type */
switch (ospf_hdr->type) {
case PACKET_TYPE_HELLO:
- inet_aton(AllDRouters, &addr);
- if (ip_hdr.ip_dst.s_addr == addr.s_addr) {
- log_debug("recv_packet: invalid destination IP "
-"address");
- break;
- }
+ inet_aton(AllSPFRouters, &addr);
+ if (iface->type == IF_TYPE_BROADCAST ||
+ iface->type == IF_TYPE_POINTOPOINT)
+ if (ip_hdr.ip_dst.s_addr != addr.s_addr) {
+ log_warnx("%s: hello ignored on interface %s, "
+ "invalid destination IP address %s",
+ __func__, iface->name,
+ inet_ntoa(ip_hdr.ip_dst));
+ break;
+ }
recv_hello(iface, ip_hdr.ip_src, ospf_hdr->rtr_id, buf, len);
break;
Re: tpmr(4): 802.1Q Two-Port MAC Relay
On Tue, Jul 30, 2019 at 01:36:59PM +1000, David Gwynne wrote: > a Two-Port MAC Relay is basically a cut down bridge(4). it only supports > two ports, and unconditionally relays packets between those ports > instead of doing learning or anything like that. > > i've been trying to get a redundant pair of bridges set up between two > datacenters here to help me while i migrate between them. so far all my > efforts to make it redundant have mostly worked, until they introduced > loops in the layer 2 topology, which generates a broadcast storm, which > basically takes the net down for a few minutes at a time. it's feels > very betraying. > > my frustration is that switches plugged together have mechanisms to > prevent loops like that, more specifically they use spanning tree or > lacp to make appropriate use of redundant links. i got to a point where > i just wanted the switches to talk to each other and do their own thing > to negotiate use of the redundant links. > > unfortunately the only way to get ethernet packets off a physical > wire and onto a tunnel over an ip network is bridge(4), and bridge(4) > tries to be a compliant switch from a standards point of view. this > means it intercepts packets that are meant to be processed by bridges, > because it is a bridge. these types of packets include spanning tree and > lacp, which means i couldnt get the physical switches at each site to > talk to each other. sadface. > > so to solve my problem i hacked up a small driver that did less than > bridge(4). however, it turns out that what i hacked up is an actual > thing that already exists as something done in the real world. IEEE > 802.1Q describes TPMR, which is defined as intercepting far less > than a real bridge does. one of the appendices specifically describes > lacp going through one, which is exactly what i wanted. cisco does > something like this with their layer 2 cross-connects (search for cisco > xconnect for examples), juniper has l2circuits, and so on. > > the way i'm using this is like below. i have a pair of bridges in each > datacenter, so 4 boxes in total. they peer directly with the ip network > that sits between the datacenter. each box has a 4 physical network > ports. 2 of those ports are configured with aggr(4) and talk IP into the > core network. the other two ports are connected to the switches at > each site for use with tpmr. there's 2 etherip interfaces configured on > each physical box, each of which is connected to the tpmr. > > all that together looks a bit like the following: > > +-+ +--+ +---+ +-+ > |d|-|ix2 <-> tpmr0 <-> etherip0|--|etherip0 <-> tpmr0 <-> ixl0|-|d| > |c| | | | | |c| > |0|-|ix3 <-> tpmr1 <-> etherip1|--|etherip1 <-> tpmr1 <-> ixl1|-|1| > ||| +--+ \ / +---+ ||| > |s| dc0-bridge0 \/ dc1-bridge0 |s| > |w| /\|w| > |i| +--+ / \ +---+ |i| > |t|-|ix2 <-> tpmr0 <-> etherip0|--|etherip0 <-> tpmr0 <-> ixl0|-|t| > |c| | | | | |c| > |h|-|ix3 <-> tpmr1 <-> etherip1|--|etherip1 <-> tpmr1 <-> ixl1|-|h| > +-+ +--+ +---+ +-+ > dc0-bridge1 dc1-bridge1 > > each switch has a 4 port port-channel (lacp aggregation) set up. because > each physical interface on the bridges are tied to a single tunnel, the > packets effectively traverse a point-to-point link, ie, a really > complicated wire. because lacp makes it from each point to the other > point, the switches make sure only active lacp ports are used, which > avoids layer 2 loops. lacp also means i get to use all the links when > theyre available. > > with the topology above i can lose a bridge at each site and should > still have a working link to the other side, so i get my redundancy. the > use of the extra links with lacp is a bonus. at this point i would have > been happy for spanning tree to shut links down. > > anyway, here's the code. > > it was originally called xcon(4) since it provides a software > cross-connect, but i changed my mind after looking at 802.1Q. it might > be unfair to refer to 802.1Q because tpmr(4) does none of the filtering > that the spec says it should. i just needed it to work though. > > the guts of it is tpmr_input(). it basically gets the rxed packet from > one port and enqueues it for tranmission immediately on the other port. > it does run bpf though, and supports filtering on bpf, which has been > handy for us when we needed to test taking bpdus off the wire for a bit. > > because it does such a small amount of work, it is relatively fast. > hrvoje popovski has given it a quick spin and seen the following > results o
ospfd: improve logging when sendig packets fail
Hi,
I'd like to improve ospfd's logging when sending a packet fails.
I got a debug output from a ospfd user which contains "send packet: error ...".
I guess ospfd failed to send an ls ack. With below diff applied it would be
clear which packet could not be sent and to which neighbor.
OK?
Remi
Index: database.c
===
RCS file: /cvs/src/usr.sbin/ospfd/database.c,v
retrieving revision 1.33
diff -u -p -r1.33 database.c
--- database.c 18 Feb 2016 15:33:24 - 1.33
+++ database.c 13 Jul 2019 14:08:10 -
@@ -43,7 +43,6 @@ send_db_description(struct nbr *nbr)
struct db_dscrp_hdr dd_hdr;
struct lsa_entry*le, *nle;
struct ibuf *buf;
- int ret = 0;
u_int8_t bits = 0;
if ((buf = ibuf_open(nbr->iface->mtu - sizeof(struct ip))) == NULL)
@@ -66,8 +65,7 @@ send_db_description(struct nbr *nbr)
log_debug("send_db_description: neighbor ID %s: "
"cannot send packet in state %s", inet_ntoa(nbr->id),
nbr_state_name(nbr->state));
- ret = -1;
- goto done;
+ goto fail;
case NBR_STA_XSTRT:
bits |= OSPF_DBD_MS | OSPF_DBD_M | OSPF_DBD_I;
nbr->dd_more = 1;
@@ -150,12 +148,13 @@ send_db_description(struct nbr *nbr)
goto fail;
/* transmit packet */
- ret = send_packet(nbr->iface, buf, &dst);
-done:
+ if (send_packet(nbr->iface, buf, &dst) == -1)
+ goto fail;
+
ibuf_free(buf);
- return (ret);
+ return (0);
fail:
- log_warn("send_db_description");
+ log_warn("%s", __func__);
ibuf_free(buf);
return (-1);
}
Index: hello.c
===
RCS file: /cvs/src/usr.sbin/ospfd/hello.c,v
retrieving revision 1.22
diff -u -p -r1.22 hello.c
--- hello.c 22 Feb 2018 07:42:38 - 1.22
+++ hello.c 13 Jul 2019 14:03:27 -
@@ -41,7 +41,6 @@ send_hello(struct iface *iface)
struct hello_hdr hello;
struct nbr *nbr;
struct ibuf *buf;
- int ret;
dst.sin_family = AF_INET;
dst.sin_len = sizeof(struct sockaddr_in);
@@ -103,11 +102,13 @@ send_hello(struct iface *iface)
if (auth_gen(buf, iface))
goto fail;
- ret = send_packet(iface, buf, &dst);
+ if (send_packet(iface, buf, &dst) == -1)
+ goto fail;
+
ibuf_free(buf);
- return (ret);
+ return (0);
fail:
- log_warn("send_hello");
+ log_warn("%s", __func__);
ibuf_free(buf);
return (-1);
}
Index: lsack.c
===
RCS file: /cvs/src/usr.sbin/ospfd/lsack.c,v
retrieving revision 1.21
diff -u -p -r1.21 lsack.c
--- lsack.c 25 Oct 2014 03:23:49 - 1.21
+++ lsack.c 13 Jul 2019 14:04:59 -
@@ -59,7 +59,6 @@ int
send_ls_ack(struct iface *iface, struct in_addr addr, struct ibuf *buf)
{
struct sockaddr_in dst;
- int ret;
/* update authentication and calculate checksum */
if (auth_gen(buf, iface)) {
@@ -71,8 +70,11 @@ send_ls_ack(struct iface *iface, struct
dst.sin_len = sizeof(struct sockaddr_in);
dst.sin_addr.s_addr = addr.s_addr;
- ret = send_packet(iface, buf, &dst);
- return (ret);
+ if (send_packet(iface, buf, &dst) == -1) {
+ log_warn("%s", __func__);
+ return (-1);
+ }
+ return (0);
}
int
Index: lsreq.c
===
RCS file: /cvs/src/usr.sbin/ospfd/lsreq.c,v
retrieving revision 1.20
diff -u -p -r1.20 lsreq.c
--- lsreq.c 17 Jan 2013 09:02:22 - 1.20
+++ lsreq.c 13 Jul 2019 14:04:00 -
@@ -37,7 +37,6 @@ send_ls_req(struct nbr *nbr)
struct ls_req_hdrls_req_hdr;
struct lsa_entry*le, *nle;
struct ibuf *buf;
- int ret;
if ((buf = ibuf_open(nbr->iface->mtu - sizeof(struct ip))) == NULL)
fatal("send_ls_req");
@@ -80,12 +79,13 @@ send_ls_req(struct nbr *nbr)
if (auth_gen(buf, nbr->iface))
goto fail;
- ret = send_packet(nbr->iface, buf, &dst);
+ if (send_packet(nbr->iface, buf, &dst) == -1)
+ goto fail;
ibuf_free(buf);
- return (ret);
+ return (0);
fail:
- log_warn("send_ls_req");
+ log_warn("%s", __func__);
ibuf_free(buf);
return (-1);
}
Index: lsupdate.c
===
RCS file: /cvs/src/usr.sbin/ospfd/lsupdate.c,v
retrieving revision 1.45
diff -u -p -r1.45 lsupdate.c
--- lsupdate.c 26 Dec 2016 17
Re: ospfd: point-to-point on ethernet interfaces
On Thu, Jul 04, 2019 at 09:20:59AM +0300, Kapetanakis Giannis wrote:
> Hi,
>
> This does not work for me with IOS.
>
> neighbor is full,
> rib is ok
> fib does not list the routes to IOS and
> routing table is not updated on BSD
>
> On IOS I do have the loopback route the BSD is announcing.
Thank you for testing!
Can you send me your ospfd.conf, the output from ospfd -dv and the output
from tcpdump showing the ospf traffic?
> On 24/06/2019 01:33, Remi Locherer wrote:
> > Diff below adds to ospfd point to point support for Ethernet interfaces.
> > I successfully tested this against Junos and FastIron.
> >
> > I first made the key word in the config "point-to-point". But then I
> > changed to "type p2p". The later would allow for "type nbma" or "type p2mp"
> > should we implement these types.
> >
> > On Junos it looks like this:
> >
> > area 0.0.0.0 {
> > interface ge-0/0/1.0 {
> > interface-type p2p;
> > }
> > }
> >
> > On FastIron it's similar to IOS:
> >
> > interface ethernet 1/2/1
> > ip address 10.10.10.5 255.255.255.0
> > ip ospf area 0
> > ip ospf network point-to-point
> >
> > Comments, test reports and OKs are welcome.
> >
> > Remi
> >
> >
> > Index: interface.c
> > ===
> > RCS file: /cvs/src/usr.sbin/ospfd/interface.c,v
> > retrieving revision 1.82
> > diff -u -p -r1.82 interface.c
> > --- interface.c 11 Mar 2018 13:16:49 - 1.82
> > +++ interface.c 23 Jun 2019 11:27:57 -
> > @@ -190,6 +190,8 @@ if_new(struct kif *kif, struct kif_addr
> > if (kif->flags & IFF_BROADCAST &&
> > kif->flags & IFF_MULTICAST)
> > iface->type = IF_TYPE_BROADCAST;
> > + if (iface->p2p)
> > + iface->type = IF_TYPE_POINTOPOINT;
> > if (kif->flags & IFF_LOOPBACK) {
> > iface->type = IF_TYPE_POINTOPOINT;
> > iface->passive = 1;
> > @@ -351,6 +353,9 @@ if_act_start(struct iface *iface)
> > orig_rtr_lsa(iface->area);
> > return (0);
> > }
> > +
> > + if (iface->p2p)
> > + iface->type = IF_TYPE_POINTOPOINT;
> >
> > switch (iface->type) {
> > case IF_TYPE_POINTOPOINT:
> > Index: ospfd.c
> > ===
> > RCS file: /cvs/src/usr.sbin/ospfd/ospfd.c,v
> > retrieving revision 1.108
> > diff -u -p -r1.108 ospfd.c
> > --- ospfd.c 16 May 2019 05:49:22 - 1.108
> > +++ ospfd.c 23 Jun 2019 21:06:44 -
> > @@ -911,6 +911,22 @@ merge_interfaces(struct area *a, struct
> > if_fsm(i, IF_EVT_UP);
> > }
> >
> > + if (i->p2p != xi->p2p) {
> > + /* re-add interface to enable or disable DR election */
> > + if (ospfd_process == PROC_OSPF_ENGINE)
> > + if_fsm(i, IF_EVT_DOWN);
> > + else if (ospfd_process == PROC_RDE_ENGINE)
> > + rde_nbr_iface_del(i);
> > + LIST_REMOVE(i, entry);
> > + if_del(i);
> > + LIST_REMOVE(xi, entry);
> > + LIST_INSERT_HEAD(&a->iface_list, xi, entry);
> > + xi->area = a;
> > + if (ospfd_process == PROC_OSPF_ENGINE)
> > + xi->state = IF_STA_NEW;
> > + continue;
> > + }
> > +
> > strlcpy(i->dependon, xi->dependon,
> > sizeof(i->dependon));
> > i->depend_ok = xi->depend_ok;
> > Index: ospfd.conf.5
> > ===
> > RCS file: /cvs/src/usr.sbin/ospfd/ospfd.conf.5,v
> > retrieving revision 1.57
> > diff -u -p -r1.57 ospfd.conf.5
> > --- ospfd.conf.510 Jun 2019 06:07:15 - 1.57
> > +++ ospfd.conf.523 Jun 2019 22:10:32 -
> > @@ -419,6 +419,9 @@ Router.
> > .It Ic transmit-delay Ar seconds
> > Set the transmit delay.
> > The default value is 1; valid range is 1\-3600 seconds.
> > +.It Ic type p2p
> > +Set the interface type to point to point.
> > +This disables the election of a DR and BDR for the given interface.
> > .El
> > .Sh FILES
> > .Bl -tag
Re: ospfd: point-to-point on ethernet interfaces
ping
On Mon, Jun 24, 2019 at 12:33:16AM +0200, Remi Locherer wrote:
> Diff below adds to ospfd point to point support for Ethernet interfaces.
> I successfully tested this against Junos and FastIron.
>
> I first made the key word in the config "point-to-point". But then I
> changed to "type p2p". The later would allow for "type nbma" or "type p2mp"
> should we implement these types.
>
> On Junos it looks like this:
>
> area 0.0.0.0 {
> interface ge-0/0/1.0 {
> interface-type p2p;
> }
> }
>
> On FastIron it's similar to IOS:
>
> interface ethernet 1/2/1
> ip address 10.10.10.5 255.255.255.0
> ip ospf area 0
> ip ospf network point-to-point
>
> Comments, test reports and OKs are welcome.
>
> Remi
>
>
> Index: interface.c
> ===
> RCS file: /cvs/src/usr.sbin/ospfd/interface.c,v
> retrieving revision 1.82
> diff -u -p -r1.82 interface.c
> --- interface.c 11 Mar 2018 13:16:49 - 1.82
> +++ interface.c 23 Jun 2019 11:27:57 -
> @@ -190,6 +190,8 @@ if_new(struct kif *kif, struct kif_addr
> if (kif->flags & IFF_BROADCAST &&
> kif->flags & IFF_MULTICAST)
> iface->type = IF_TYPE_BROADCAST;
> + if (iface->p2p)
> + iface->type = IF_TYPE_POINTOPOINT;
> if (kif->flags & IFF_LOOPBACK) {
> iface->type = IF_TYPE_POINTOPOINT;
> iface->passive = 1;
> @@ -351,6 +353,9 @@ if_act_start(struct iface *iface)
> orig_rtr_lsa(iface->area);
> return (0);
> }
> +
> + if (iface->p2p)
> + iface->type = IF_TYPE_POINTOPOINT;
>
> switch (iface->type) {
> case IF_TYPE_POINTOPOINT:
> Index: ospfd.c
> ===
> RCS file: /cvs/src/usr.sbin/ospfd/ospfd.c,v
> retrieving revision 1.108
> diff -u -p -r1.108 ospfd.c
> --- ospfd.c 16 May 2019 05:49:22 - 1.108
> +++ ospfd.c 23 Jun 2019 21:06:44 -
> @@ -911,6 +911,22 @@ merge_interfaces(struct area *a, struct
> if_fsm(i, IF_EVT_UP);
> }
>
> + if (i->p2p != xi->p2p) {
> + /* re-add interface to enable or disable DR election */
> + if (ospfd_process == PROC_OSPF_ENGINE)
> + if_fsm(i, IF_EVT_DOWN);
> + else if (ospfd_process == PROC_RDE_ENGINE)
> + rde_nbr_iface_del(i);
> + LIST_REMOVE(i, entry);
> + if_del(i);
> + LIST_REMOVE(xi, entry);
> + LIST_INSERT_HEAD(&a->iface_list, xi, entry);
> + xi->area = a;
> + if (ospfd_process == PROC_OSPF_ENGINE)
> + xi->state = IF_STA_NEW;
> + continue;
> + }
> +
> strlcpy(i->dependon, xi->dependon,
> sizeof(i->dependon));
> i->depend_ok = xi->depend_ok;
> Index: ospfd.conf.5
> ===
> RCS file: /cvs/src/usr.sbin/ospfd/ospfd.conf.5,v
> retrieving revision 1.57
> diff -u -p -r1.57 ospfd.conf.5
> --- ospfd.conf.5 10 Jun 2019 06:07:15 - 1.57
> +++ ospfd.conf.5 23 Jun 2019 22:10:32 -
> @@ -419,6 +419,9 @@ Router.
> .It Ic transmit-delay Ar seconds
> Set the transmit delay.
> The default value is 1; valid range is 1\-3600 seconds.
> +.It Ic type p2p
> +Set the interface type to point to point.
> +This disables the election of a DR and BDR for the given interface.
> .El
> .Sh FILES
> .Bl -tag -width "/etc/ospfd.conf" -compact
> Index: ospfd.h
> ===
> RCS file: /cvs/src/usr.sbin/ospfd/ospfd.h,v
> retrieving revision 1.104
> diff -u -p -r1.104 ospfd.h
> --- ospfd.h 16 May 2019 05:49:22 - 1.104
> +++ ospfd.h 23 Jun 2019 11:28:24 -
> @@ -363,6 +363,7 @@ struct iface {
> u_int8_t linkstate;
> u_int8_t priority;
> u_int8_t passive;
> + u_int8_t p2p;
> };
>
> struct ifaddrchange {
> Index: parse.y
> ===
> RCS file: /cvs/src/usr.sbin/ospfd/parse.y,v
> retrieving revision 1.98
> diff -u -p -r1.98 parse.y
> --- parse.y 7 Ju
ospfd: point-to-point on ethernet interfaces
Diff below adds to ospfd point to point support for Ethernet interfaces.
I successfully tested this against Junos and FastIron.
I first made the key word in the config "point-to-point". But then I
changed to "type p2p". The later would allow for "type nbma" or "type p2mp"
should we implement these types.
On Junos it looks like this:
area 0.0.0.0 {
interface ge-0/0/1.0 {
interface-type p2p;
}
}
On FastIron it's similar to IOS:
interface ethernet 1/2/1
ip address 10.10.10.5 255.255.255.0
ip ospf area 0
ip ospf network point-to-point
Comments, test reports and OKs are welcome.
Remi
Index: interface.c
===
RCS file: /cvs/src/usr.sbin/ospfd/interface.c,v
retrieving revision 1.82
diff -u -p -r1.82 interface.c
--- interface.c 11 Mar 2018 13:16:49 - 1.82
+++ interface.c 23 Jun 2019 11:27:57 -
@@ -190,6 +190,8 @@ if_new(struct kif *kif, struct kif_addr
if (kif->flags & IFF_BROADCAST &&
kif->flags & IFF_MULTICAST)
iface->type = IF_TYPE_BROADCAST;
+ if (iface->p2p)
+ iface->type = IF_TYPE_POINTOPOINT;
if (kif->flags & IFF_LOOPBACK) {
iface->type = IF_TYPE_POINTOPOINT;
iface->passive = 1;
@@ -351,6 +353,9 @@ if_act_start(struct iface *iface)
orig_rtr_lsa(iface->area);
return (0);
}
+
+ if (iface->p2p)
+ iface->type = IF_TYPE_POINTOPOINT;
switch (iface->type) {
case IF_TYPE_POINTOPOINT:
Index: ospfd.c
===
RCS file: /cvs/src/usr.sbin/ospfd/ospfd.c,v
retrieving revision 1.108
diff -u -p -r1.108 ospfd.c
--- ospfd.c 16 May 2019 05:49:22 - 1.108
+++ ospfd.c 23 Jun 2019 21:06:44 -
@@ -911,6 +911,22 @@ merge_interfaces(struct area *a, struct
if_fsm(i, IF_EVT_UP);
}
+ if (i->p2p != xi->p2p) {
+ /* re-add interface to enable or disable DR election */
+ if (ospfd_process == PROC_OSPF_ENGINE)
+ if_fsm(i, IF_EVT_DOWN);
+ else if (ospfd_process == PROC_RDE_ENGINE)
+ rde_nbr_iface_del(i);
+ LIST_REMOVE(i, entry);
+ if_del(i);
+ LIST_REMOVE(xi, entry);
+ LIST_INSERT_HEAD(&a->iface_list, xi, entry);
+ xi->area = a;
+ if (ospfd_process == PROC_OSPF_ENGINE)
+ xi->state = IF_STA_NEW;
+ continue;
+ }
+
strlcpy(i->dependon, xi->dependon,
sizeof(i->dependon));
i->depend_ok = xi->depend_ok;
Index: ospfd.conf.5
===
RCS file: /cvs/src/usr.sbin/ospfd/ospfd.conf.5,v
retrieving revision 1.57
diff -u -p -r1.57 ospfd.conf.5
--- ospfd.conf.510 Jun 2019 06:07:15 - 1.57
+++ ospfd.conf.523 Jun 2019 22:10:32 -
@@ -419,6 +419,9 @@ Router.
.It Ic transmit-delay Ar seconds
Set the transmit delay.
The default value is 1; valid range is 1\-3600 seconds.
+.It Ic type p2p
+Set the interface type to point to point.
+This disables the election of a DR and BDR for the given interface.
.El
.Sh FILES
.Bl -tag -width "/etc/ospfd.conf" -compact
Index: ospfd.h
===
RCS file: /cvs/src/usr.sbin/ospfd/ospfd.h,v
retrieving revision 1.104
diff -u -p -r1.104 ospfd.h
--- ospfd.h 16 May 2019 05:49:22 - 1.104
+++ ospfd.h 23 Jun 2019 11:28:24 -
@@ -363,6 +363,7 @@ struct iface {
u_int8_t linkstate;
u_int8_t priority;
u_int8_t passive;
+ u_int8_t p2p;
};
struct ifaddrchange {
Index: parse.y
===
RCS file: /cvs/src/usr.sbin/ospfd/parse.y,v
retrieving revision 1.98
diff -u -p -r1.98 parse.y
--- parse.y 7 Jun 2019 04:57:45 - 1.98
+++ parse.y 23 Jun 2019 22:04:22 -
@@ -129,7 +129,7 @@ typedef struct {
%token AREA INTERFACE ROUTERID FIBPRIORITY FIBUPDATE REDISTRIBUTE RTLABEL
%token RDOMAIN RFC1583COMPAT STUB ROUTER SPFDELAY SPFHOLDTIME EXTTAG
%token AUTHKEY AUTHTYPE AUTHMD AUTHMDKEYID
-%token METRIC PASSIVE
+%token METRIC P2P PASSIVE
%token HELLOINTERVAL FASTHELLOINTERVAL TRANSMITDELAY
%token RETRANSMITINTERVAL ROUTERDEADTIME ROUTERPRIORITY
%token SET TYPE
@@ -743,6 +743,7 @@ interfaceopts_l : interfaceopts_l interf
;
interfaceoptsl : PASSIVE { iface->passive = 1; }
+ | TYPE P2P { iface->p2p = 1; }
| DEMOTE STRING {
ospf6d: conf_clear_redist_list
Clear unused redist_list the same way as in ospfd.
OK?
Remi
Index: ospf6d.h
===
RCS file: /cvs/src/usr.sbin/ospf6d/ospf6d.h,v
retrieving revision 1.39
diff -u -p -r1.39 ospf6d.h
--- ospf6d.h29 Dec 2018 16:04:31 - 1.39
+++ ospf6d.h8 Jun 2019 13:43:26 -
@@ -364,13 +364,14 @@ struct redistribute {
u_int8_tprefixlen;
chardependon[IFNAMSIZ];
};
+SIMPLEQ_HEAD(redist_list, redistribute);
struct ospfd_conf {
struct eventev;
struct in_addr rtr_id;
LIST_HEAD(, area) area_list;
LIST_HEAD(, vertex) cand_list;
- SIMPLEQ_HEAD(, redistribute) redist_list;
+ struct redist_list redist_list;
u_int32_t opts;
#define OSPFD_OPT_VERBOSE 0x0001
@@ -522,6 +523,7 @@ int carp_demote_set(char *, int);
/* parse.y */
struct ospfd_conf *parse_config(char *, int);
int cmdline_symset(char *);
+voidconf_clear_redist_list(struct redist_list *);
/* interface.c */
int if_init(void);
Index: ospfe.c
===
RCS file: /cvs/src/usr.sbin/ospf6d/ospfe.c,v
retrieving revision 1.55
diff -u -p -r1.55 ospfe.c
--- ospfe.c 1 Sep 2018 19:21:10 - 1.55
+++ ospfe.c 8 Jun 2019 13:56:31 -
@@ -74,7 +74,6 @@ ospfe(struct ospfd_conf *xconf, int pipe
{
struct area *area;
struct iface*iface;
- struct redistribute *r;
struct passwd *pw;
struct event ev_sigint, ev_sigterm;
pid_tpid;
@@ -174,10 +173,7 @@ ospfe(struct ospfd_conf *xconf, int pipe
event_add(&oeconf->ev, NULL);
/* remove unneeded config stuff */
- while ((r = SIMPLEQ_FIRST(&oeconf->redist_list)) != NULL) {
- SIMPLEQ_REMOVE_HEAD(&oeconf->redist_list, entry);
- free(r);
- }
+ conf_clear_redist_list(&oeconf->redist_list);
/* listen on ospfd control socket */
TAILQ_INIT(&ctl_conns);
Index: parse.y
===
RCS file: /cvs/src/usr.sbin/ospf6d/parse.y,v
retrieving revision 1.44
diff -u -p -r1.44 parse.y
--- parse.y 26 May 2019 09:27:09 - 1.44
+++ parse.y 8 Jun 2019 16:36:49 -
@@ -1203,6 +1203,16 @@ conf_check_rdomain(u_int rdomain)
}
void
+conf_clear_redist_list(struct redist_list *rl)
+{
+ struct redistribute *r;
+ while ((r = SIMPLEQ_FIRST(rl)) != NULL) {
+ SIMPLEQ_REMOVE_HEAD(rl, entry);
+ free(r);
+ }
+}
+
+void
clear_config(struct ospfd_conf *xconf)
{
struct area *a;
@@ -1211,6 +1221,8 @@ clear_config(struct ospfd_conf *xconf)
LIST_REMOVE(a, entry);
area_del(a);
}
+
+ conf_clear_redist_list(&xconf->redist_list);
free(xconf);
}
Index: rde.c
===
RCS file: /cvs/src/usr.sbin/ospf6d/rde.c,v
retrieving revision 1.79
diff -u -p -r1.79 rde.c
--- rde.c 12 Jul 2018 13:45:03 - 1.79
+++ rde.c 8 Jun 2019 13:56:14 -
@@ -118,7 +118,6 @@ rde(struct ospfd_conf *xconf, int pipe_p
struct event ev_sigint, ev_sigterm;
struct timeval now;
struct passwd *pw;
- struct redistribute *r;
pid_tpid;
switch (pid = fork()) {
@@ -200,10 +199,8 @@ rde(struct ospfd_conf *xconf, int pipe_p
cand_list_init();
rt_init();
- while ((r = SIMPLEQ_FIRST(&rdeconf->redist_list)) != NULL) {
- SIMPLEQ_REMOVE_HEAD(&rdeconf->redist_list, entry);
- free(r);
- }
+ /* remove unneeded stuff from config */
+ conf_clear_redist_list(&rdeconf->redist_list);
gettimeofday(&now, NULL);
rdeconf->uptime = now.tv_sec;
Re: ospfd: allow specifying area by number as well as id
Hi David,
are you going to commit this?
Remi
On Thu, May 16, 2019 at 11:14:55PM +0200, Remi Locherer wrote:
> On Thu, May 16, 2019 at 09:39:37AM +0200, Sebastian Benoit wrote:
> >
> >
> >
> > Remi Locherer(remi.loche...@relo.ch) on 2019.05.15 23:15:03 +0200:
> > > On Tue, Apr 30, 2019 at 11:10:37PM +0200, Remi Locherer wrote:
> > > > On Mon, Apr 29, 2019 at 11:10:31AM +0100, Stuart Henderson wrote:
> > > > > On 2019/04/29 11:58, Sebastian Benoit wrote:
> > > > > > David Gwynne(da...@gwynne.id.au) on 2019.04.29 19:36:51 +1000:
> > > > > > >
> > > > > > >
> > > > > > > > On 29 Apr 2019, at 4:59 pm, Remi Locherer
> > > > > > > > wrote:
> > > > > > > >
> > > > > > > > Hi David
> > > > > > > >
> > > > > > > > On Mon, Apr 29, 2019 at 11:53:27AM +1000, David Gwynne wrote:
> > > > > > > >> it's always bothered me that i config areas on a crisco using
> > > > > > > >> a number,
> > > > > > > >> but then have to think hard to convert that number to an
> > > > > > > >> address for use
> > > > > > > >> in openbsd. eg, i was given area 700 in one place, which is
> > > > > > > >> 0.0.2.188
> > > > > > > >> as an address. super annoying.
> > > > > > > >>
> > > > > > > >> so this changes the ospfd parser so it accepts both a number
> > > > > > > >> or address.
> > > > > > > >> i also changed it so it prints the number by default, which
> > > > > > > >> may be
> > > > > > > >> contentious. the manpage is slightly tweaked too.
> > > > > > > >>
> > > > > > > >> thoughts?
> > > > > > > >
> > > > > > > > I like it to be able to use a number instead of an address!
> > > > > > > >
> > > > > > > > It worked fine in my short test I performed.
> > > > > > > >
> > > > > > > > The output with the comment looks a bit strange to me.
> > > > > > >
> > > > > > > Are you sure it doesn't look... awesome?
> > > > > >
> > > > > > I like it!
> > > > >
> > > > > I don't really, but if we change this it needs to be displayed somehow
> > > > > and I don't have an idea to make it look nicer than this (cisco's
> > > > > method
> > > > > seems pretty horrible and wouldn't work for us anyway - looks like
> > > > > they
> > > > > remember which format was used to configure an area and use that as
> > > > > the output format...)
> > > > >
> > > >
> > > > Maybe it's better when we just allow both input formats but don't change
> > > > any output.
> > >
> > > Any opinions or comments on this? I think this would be a valuable
> > > addition
> > > to ospfd.
> >
> > Yes, and diff is ok benno@
> >
>
> David: ok remi@ for your diff without the printconf part.
>
> > What about ospf6d?
>
> I'll handle that.
>
> >
> > > >
> > > > Below diff changes ospfctl to accept the address and number format for
> > > > "ospfct show database area XXX".
> > > >
> > > >
> > > > Index: parser.c
> > > > ===
> > > > RCS file: /cvs/src/usr.sbin/ospfctl/parser.c,v
> > > > retrieving revision 1.20
> > > > diff -u -p -r1.20 parser.c
> > > > --- parser.c9 May 2011 12:25:35 - 1.20
> > > > +++ parser.c30 Apr 2019 20:28:18 -
> > > > @@ -39,7 +39,8 @@ enum token_type {
> > > > ADDRESS,
> > > > FLAG,
> > > > PREFIX,
> > > > - IFNAME
> > > > + IFNAME,
> > > > + AREA
> > > > };
> > > >
> > > > struct token {
> > > > @@ -107,7 +108,7 @@ static const struct token t_show_db[] =
> > > > };
> > > >
> > >
ospf6d: allow specifying area by number as well as id
Hi tech@,
David sent a diff for ospfd which allows specifying an area by number
as well as id.
--> https://marc.info/?l=openbsd-tech&m=155650284619263&w=2
This diff does the same for ospf6d and ospf6ctl without modifying any
outputs.
OK?
Remi
Index: ospf6d/ospf6d.conf.5
===
RCS file: /cvs/src/usr.sbin/ospf6d/ospf6d.conf.5,v
retrieving revision 1.18
diff -u -p -r1.18 ospf6d.conf.5
--- ospf6d/ospf6d.conf.529 Dec 2018 16:04:31 - 1.18
+++ ospf6d/ospf6d.conf.522 May 2019 21:04:58 -
@@ -237,7 +237,7 @@ Areas are used for grouping interfaces.
All interface-specific parameters can
be configured per area, overruling the global settings.
.Bl -tag -width Ds
-.It Ic area Ar address
+.It Ic area Ar address Ns | Ns Ar id
Specify an area section, grouping one or more interfaces.
.Bd -literal -offset indent
area 0.0.0.0 {
Index: ospf6d/parse.y
===
RCS file: /cvs/src/usr.sbin/ospf6d/parse.y,v
retrieving revision 1.43
diff -u -p -r1.43 parse.y
--- ospf6d/parse.y 29 Apr 2019 05:14:38 - 1.43
+++ ospf6d/parse.y 22 May 2019 20:58:26 -
@@ -117,6 +117,7 @@ typedef struct {
int64_t number;
char*string;
struct redistribute *redist;
+ struct in_addr id;
} v;
int lineno;
} YYSTYPE;
@@ -139,6 +140,7 @@ typedef struct {
%typeyesno no optlist, optlist_l option demotecount
%typestring dependon
%typeredistribute
+%typeareaid
%%
@@ -456,15 +458,8 @@ comma : ','
| /*empty*/
;
-area : AREA STRING {
- struct in_addr id;
- if (inet_aton($2, &id) == 0) {
- yyerror("error parsing area");
- free($2);
- YYERROR;
- }
- free($2);
- area = conf_get_area(id);
+area : AREA areaid {
+ area = conf_get_area($2);
memcpy(&areadefs, defs, sizeof(areadefs));
defs = &areadefs;
@@ -476,6 +471,23 @@ area : AREA STRING {
demotecount: NUMBER{ $$ = $1; }
| /*empty*/ { $$ = 1; }
+ ;
+
+areaid : NUMBER {
+ if ($1 < 0 || $1 > 0x) {
+ yyerror("invalid area id");
+ YYERROR;
+ }
+ $$.s_addr = htonl($1);
+ }
+ | STRING {
+ if (inet_aton($1, &$$) == 0) {
+ yyerror("error parsing area");
+ free($1);
+ YYERROR;
+ }
+ free($1);
+ }
;
areaopts_l : areaopts_l areaoptsl nl
Index: ospf6ctl/ospf6ctl.c
===
RCS file: /cvs/src/usr.sbin/ospf6ctl/ospf6ctl.c,v
retrieving revision 1.49
diff -u -p -r1.49 ospf6ctl.c
--- ospf6ctl/ospf6ctl.c 12 Jul 2018 13:45:03 - 1.49
+++ ospf6ctl/ospf6ctl.c 22 May 2019 20:18:45 -
@@ -170,7 +170,7 @@ main(int argc, char *argv[])
break;
case SHOW_DBBYAREA:
imsg_compose(ibuf, IMSG_CTL_SHOW_DATABASE, 0, 0, -1,
- &res->addr, sizeof(res->addr));
+ &res->area, sizeof(res->area));
break;
case SHOW_DBEXT:
imsg_compose(ibuf, IMSG_CTL_SHOW_DB_EXT, 0, 0, -1, NULL, 0);
Index: ospf6ctl/parser.c
===
RCS file: /cvs/src/usr.sbin/ospf6ctl/parser.c,v
retrieving revision 1.13
diff -u -p -r1.13 parser.c
--- ospf6ctl/parser.c 17 Nov 2014 21:53:55 - 1.13
+++ ospf6ctl/parser.c 22 May 2019 20:20:17 -
@@ -40,7 +40,8 @@ enum token_type {
ADDRESS,
FLAG,
PREFIX,
- IFNAME
+ IFNAME,
+ AREA
};
struct token {
@@ -108,7 +109,7 @@ static const struct token t_show_db[] =
};
static const struct token t_show_area[] = {
- {ADDRESS, "", NONE, NULL},
+ {AREA, "", NONE, NULL},
{ENDTOKEN, "", NONE, NULL}
};
@@ -218,6 +219,14 @@ match_token(const char *word, const stru
res->action = t->value;
}
break;
+ case AREA:
+ if (parse_area(word, &res->area)) {
+ match++;
+ t = &table[i];
+
Re: ospfd: allow specifying area by number as well as id
On Thu, May 16, 2019 at 09:39:37AM +0200, Sebastian Benoit wrote:
>
>
>
> Remi Locherer(remi.loche...@relo.ch) on 2019.05.15 23:15:03 +0200:
> > On Tue, Apr 30, 2019 at 11:10:37PM +0200, Remi Locherer wrote:
> > > On Mon, Apr 29, 2019 at 11:10:31AM +0100, Stuart Henderson wrote:
> > > > On 2019/04/29 11:58, Sebastian Benoit wrote:
> > > > > David Gwynne(da...@gwynne.id.au) on 2019.04.29 19:36:51 +1000:
> > > > > >
> > > > > >
> > > > > > > On 29 Apr 2019, at 4:59 pm, Remi Locherer
> > > > > > > wrote:
> > > > > > >
> > > > > > > Hi David
> > > > > > >
> > > > > > > On Mon, Apr 29, 2019 at 11:53:27AM +1000, David Gwynne wrote:
> > > > > > >> it's always bothered me that i config areas on a crisco using a
> > > > > > >> number,
> > > > > > >> but then have to think hard to convert that number to an address
> > > > > > >> for use
> > > > > > >> in openbsd. eg, i was given area 700 in one place, which is
> > > > > > >> 0.0.2.188
> > > > > > >> as an address. super annoying.
> > > > > > >>
> > > > > > >> so this changes the ospfd parser so it accepts both a number or
> > > > > > >> address.
> > > > > > >> i also changed it so it prints the number by default, which may
> > > > > > >> be
> > > > > > >> contentious. the manpage is slightly tweaked too.
> > > > > > >>
> > > > > > >> thoughts?
> > > > > > >
> > > > > > > I like it to be able to use a number instead of an address!
> > > > > > >
> > > > > > > It worked fine in my short test I performed.
> > > > > > >
> > > > > > > The output with the comment looks a bit strange to me.
> > > > > >
> > > > > > Are you sure it doesn't look... awesome?
> > > > >
> > > > > I like it!
> > > >
> > > > I don't really, but if we change this it needs to be displayed somehow
> > > > and I don't have an idea to make it look nicer than this (cisco's method
> > > > seems pretty horrible and wouldn't work for us anyway - looks like they
> > > > remember which format was used to configure an area and use that as
> > > > the output format...)
> > > >
> > >
> > > Maybe it's better when we just allow both input formats but don't change
> > > any output.
> >
> > Any opinions or comments on this? I think this would be a valuable addition
> > to ospfd.
>
> Yes, and diff is ok benno@
>
David: ok remi@ for your diff without the printconf part.
> What about ospf6d?
I'll handle that.
>
> > >
> > > Below diff changes ospfctl to accept the address and number format for
> > > "ospfct show database area XXX".
> > >
> > >
> > > Index: parser.c
> > > ===
> > > RCS file: /cvs/src/usr.sbin/ospfctl/parser.c,v
> > > retrieving revision 1.20
> > > diff -u -p -r1.20 parser.c
> > > --- parser.c 9 May 2011 12:25:35 - 1.20
> > > +++ parser.c 30 Apr 2019 20:28:18 -
> > > @@ -39,7 +39,8 @@ enum token_type {
> > > ADDRESS,
> > > FLAG,
> > > PREFIX,
> > > - IFNAME
> > > + IFNAME,
> > > + AREA
> > > };
> > >
> > > struct token {
> > > @@ -107,7 +108,7 @@ static const struct token t_show_db[] =
> > > };
> > >
> > > static const struct token t_show_area[] = {
> > > - {ADDRESS, "", NONE, NULL},
> > > + {AREA, "", NONE, NULL},
> > > {ENDTOKEN, "", NONE, NULL}
> > > };
> > >
> > > @@ -218,6 +219,14 @@ match_token(const char *word, const stru
> > > res->action = t->value;
> > > }
> > > break;
> > > + case AREA:
> > > + if (parse_area(word, &res->addr)) {
> > > +
Re: ospfd: allow specifying area by number as well as id
On Tue, Apr 30, 2019 at 11:10:37PM +0200, Remi Locherer wrote:
> On Mon, Apr 29, 2019 at 11:10:31AM +0100, Stuart Henderson wrote:
> > On 2019/04/29 11:58, Sebastian Benoit wrote:
> > > David Gwynne(da...@gwynne.id.au) on 2019.04.29 19:36:51 +1000:
> > > >
> > > >
> > > > > On 29 Apr 2019, at 4:59 pm, Remi Locherer
> > > > > wrote:
> > > > >
> > > > > Hi David
> > > > >
> > > > > On Mon, Apr 29, 2019 at 11:53:27AM +1000, David Gwynne wrote:
> > > > >> it's always bothered me that i config areas on a crisco using a
> > > > >> number,
> > > > >> but then have to think hard to convert that number to an address for
> > > > >> use
> > > > >> in openbsd. eg, i was given area 700 in one place, which is 0.0.2.188
> > > > >> as an address. super annoying.
> > > > >>
> > > > >> so this changes the ospfd parser so it accepts both a number or
> > > > >> address.
> > > > >> i also changed it so it prints the number by default, which may be
> > > > >> contentious. the manpage is slightly tweaked too.
> > > > >>
> > > > >> thoughts?
> > > > >
> > > > > I like it to be able to use a number instead of an address!
> > > > >
> > > > > It worked fine in my short test I performed.
> > > > >
> > > > > The output with the comment looks a bit strange to me.
> > > >
> > > > Are you sure it doesn't look... awesome?
> > >
> > > I like it!
> >
> > I don't really, but if we change this it needs to be displayed somehow
> > and I don't have an idea to make it look nicer than this (cisco's method
> > seems pretty horrible and wouldn't work for us anyway - looks like they
> > remember which format was used to configure an area and use that as
> > the output format...)
> >
>
> Maybe it's better when we just allow both input formats but don't change
> any output.
Any opinions or comments on this? I think this would be a valuable addition
to ospfd.
>
> Below diff changes ospfctl to accept the address and number format for
> "ospfct show database area XXX".
>
>
> Index: parser.c
> ===
> RCS file: /cvs/src/usr.sbin/ospfctl/parser.c,v
> retrieving revision 1.20
> diff -u -p -r1.20 parser.c
> --- parser.c 9 May 2011 12:25:35 - 1.20
> +++ parser.c 30 Apr 2019 20:28:18 -
> @@ -39,7 +39,8 @@ enum token_type {
> ADDRESS,
> FLAG,
> PREFIX,
> - IFNAME
> + IFNAME,
> + AREA
> };
>
> struct token {
> @@ -107,7 +108,7 @@ static const struct token t_show_db[] =
> };
>
> static const struct token t_show_area[] = {
> - {ADDRESS, "", NONE, NULL},
> + {AREA, "", NONE, NULL},
> {ENDTOKEN, "", NONE, NULL}
> };
>
> @@ -218,6 +219,14 @@ match_token(const char *word, const stru
> res->action = t->value;
> }
> break;
> + case AREA:
> + if (parse_area(word, &res->addr)) {
> + match++;
> + t = &table[i];
> + if (t->value)
> + res->action = t->value;
> + }
> + break;
> case PREFIX:
> if (parse_prefix(word, &res->addr, &res->prefixlen)) {
> match++;
> @@ -274,6 +283,9 @@ show_valid_args(const struct token *tabl
> case ADDRESS:
> fprintf(stderr, " \n");
> break;
> + case AREA:
> + fprintf(stderr, " \n");
> + break;
> case PREFIX:
> fprintf(stderr, " [/]\n");
> break;
> @@ -298,6 +310,32 @@ parse_addr(const char *word, struct in_a
> bzero(&ina, sizeof(ina));
>
> if (inet_pton(AF_INET, word, &ina)) {
> + addr->s_addr = ina.s_addr;
> + return (1);
> + }
> +
> + return (0);
> +}
> +
&
Re: ospfd: do not change router-id on reload if unspecified
On Wed, May 15, 2019 at 03:52:57PM +0200, Denis Fondras wrote:
> When router-id is unspecified, ospfd will choose the lowest IP address of the
> host. I added an area and an IP lower than the existing ones and on reload
> ospfd asked me to restart and did not activate the new area.
>
> Why would it update the router-id in such a case ?
>
> This diff changes this behaviour. When router-id is not explicitely changed,
> keep the existing setting.
makes sense to me.
OK remi@
>
> Index: ospfd.c
> ===
> RCS file: /cvs/src/usr.sbin/ospfd/ospfd.c,v
> retrieving revision 1.107
> diff -u -p -r1.107 ospfd.c
> --- ospfd.c 26 Mar 2019 20:39:33 - 1.107
> +++ ospfd.c 15 May 2019 13:19:52 -
> @@ -185,6 +185,8 @@ main(int argc, char *argv[])
> kif_clear();
> exit(1);
> }
> +if (ospfd_conf->rtr_id.s_addr == 0)
> +ospfd_conf->rtr_id.s_addr = get_rtr_id();
>
> if (sockname == NULL) {
> if (asprintf(&sockname, "%s.%d", OSPFD_SOCKET,
> @@ -641,6 +643,10 @@ ospf_reload(void)
>
> if ((xconf = parse_config(conffile, ospfd_conf->opts)) == NULL)
> return (-1);
> +
> + /* No router-id was specified, keep existing value */
> +if (xconf->rtr_id.s_addr == 0)
> +xconf->rtr_id.s_addr = ospfd_conf->rtr_id.s_addr;
>
> /* Abort the reload if rtr_id changed */
> if (ospfd_conf->rtr_id.s_addr != xconf->rtr_id.s_addr) {
> Index: ospfd.h
> ===
> RCS file: /cvs/src/usr.sbin/ospfd/ospfd.h,v
> retrieving revision 1.103
> diff -u -p -r1.103 ospfd.h
> --- ospfd.h 28 Dec 2018 19:25:10 - 1.103
> +++ ospfd.h 15 May 2019 13:19:52 -
> @@ -561,6 +561,7 @@ intcarp_demote_set(char *, int);
>
> /* parse.y */
> struct ospfd_conf*parse_config(char *, int);
> +u_int32_t get_rtr_id(void);
> int cmdline_symset(char *);
> void conf_clear_redist_list(struct redist_list *);
>
> Index: parse.y
> ===
> RCS file: /cvs/src/usr.sbin/ospfd/parse.y,v
> retrieving revision 1.96
> diff -u -p -r1.96 parse.y
> --- parse.y 29 Apr 2019 05:14:38 - 1.96
> +++ parse.y 15 May 2019 13:19:52 -
> @@ -83,7 +83,6 @@ int symset(const char *, const char *,
> char *symget(const char *);
>
> void clear_config(struct ospfd_conf *xconf);
> -u_int32_t get_rtr_id(void);
> int host(const char *, struct in_addr *, struct in_addr *);
>
> static struct ospfd_conf *conf;
> @@ -1253,9 +1252,6 @@ parse_config(char *filename, int opts)
> clear_config(conf);
> return (NULL);
> }
> -
> - if (conf->rtr_id.s_addr == 0)
> - conf->rtr_id.s_addr = get_rtr_id();
>
> return (conf);
> }
>
Re: ospfd: allow specifying area by number as well as id
On Mon, Apr 29, 2019 at 11:10:31AM +0100, Stuart Henderson wrote:
> On 2019/04/29 11:58, Sebastian Benoit wrote:
> > David Gwynne(da...@gwynne.id.au) on 2019.04.29 19:36:51 +1000:
> > >
> > >
> > > > On 29 Apr 2019, at 4:59 pm, Remi Locherer wrote:
> > > >
> > > > Hi David
> > > >
> > > > On Mon, Apr 29, 2019 at 11:53:27AM +1000, David Gwynne wrote:
> > > >> it's always bothered me that i config areas on a crisco using a number,
> > > >> but then have to think hard to convert that number to an address for
> > > >> use
> > > >> in openbsd. eg, i was given area 700 in one place, which is 0.0.2.188
> > > >> as an address. super annoying.
> > > >>
> > > >> so this changes the ospfd parser so it accepts both a number or
> > > >> address.
> > > >> i also changed it so it prints the number by default, which may be
> > > >> contentious. the manpage is slightly tweaked too.
> > > >>
> > > >> thoughts?
> > > >
> > > > I like it to be able to use a number instead of an address!
> > > >
> > > > It worked fine in my short test I performed.
> > > >
> > > > The output with the comment looks a bit strange to me.
> > >
> > > Are you sure it doesn't look... awesome?
> >
> > I like it!
>
> I don't really, but if we change this it needs to be displayed somehow
> and I don't have an idea to make it look nicer than this (cisco's method
> seems pretty horrible and wouldn't work for us anyway - looks like they
> remember which format was used to configure an area and use that as
> the output format...)
>
Maybe it's better when we just allow both input formats but don't change
any output.
Below diff changes ospfctl to accept the address and number format for
"ospfct show database area XXX".
Index: parser.c
===
RCS file: /cvs/src/usr.sbin/ospfctl/parser.c,v
retrieving revision 1.20
diff -u -p -r1.20 parser.c
--- parser.c9 May 2011 12:25:35 - 1.20
+++ parser.c30 Apr 2019 20:28:18 -
@@ -39,7 +39,8 @@ enum token_type {
ADDRESS,
FLAG,
PREFIX,
- IFNAME
+ IFNAME,
+ AREA
};
struct token {
@@ -107,7 +108,7 @@ static const struct token t_show_db[] =
};
static const struct token t_show_area[] = {
- {ADDRESS, "", NONE, NULL},
+ {AREA, "", NONE, NULL},
{ENDTOKEN, "", NONE, NULL}
};
@@ -218,6 +219,14 @@ match_token(const char *word, const stru
res->action = t->value;
}
break;
+ case AREA:
+ if (parse_area(word, &res->addr)) {
+ match++;
+ t = &table[i];
+ if (t->value)
+ res->action = t->value;
+ }
+ break;
case PREFIX:
if (parse_prefix(word, &res->addr, &res->prefixlen)) {
match++;
@@ -274,6 +283,9 @@ show_valid_args(const struct token *tabl
case ADDRESS:
fprintf(stderr, " \n");
break;
+ case AREA:
+ fprintf(stderr, " \n");
+ break;
case PREFIX:
fprintf(stderr, " [/]\n");
break;
@@ -298,6 +310,32 @@ parse_addr(const char *word, struct in_a
bzero(&ina, sizeof(ina));
if (inet_pton(AF_INET, word, &ina)) {
+ addr->s_addr = ina.s_addr;
+ return (1);
+ }
+
+ return (0);
+}
+
+int
+parse_area(const char *word, struct in_addr *addr)
+{
+ struct in_addr ina;
+ const char *errstr;
+
+ if (word == NULL)
+ return (0);
+
+ bzero(addr, sizeof(struct in_addr));
+ bzero(&ina, sizeof(ina));
+
+ if (inet_pton(AF_INET, word, &ina)) {
+ addr->s_addr = ina.s_addr;
+ return (1);
+ }
+
+ ina.s_addr = htonl(strtonum(word, 0, 0x, &errstr));
+ if (errstr == NULL) {
addr->s_addr = ina.s_addr;
return (1);
}
Index: parser.h
===
RCS file: /cvs/src/usr.sbin/ospfctl/parser.h,v
retrieving revision 1.13
diff -u -p -r1.13 parser.h
--- parser.h9 May 2011 12:25:35 - 1.13
+++ parser.h30 Apr 2019 20:28:52 -
@@ -64,6 +64,7 @@ struct parse_result {
struct parse_result*parse(int, char *[]);
int parse_addr(const char *, struct in_addr *);
+int parse_area(const char *, struct in_addr *);
int parse_prefix(const char *, struct in_addr *,
u_int8_t *);
Re: ospfd: allow specifying area by number as well as id
Hi David
On Mon, Apr 29, 2019 at 11:53:27AM +1000, David Gwynne wrote:
> it's always bothered me that i config areas on a crisco using a number,
> but then have to think hard to convert that number to an address for use
> in openbsd. eg, i was given area 700 in one place, which is 0.0.2.188
> as an address. super annoying.
>
> so this changes the ospfd parser so it accepts both a number or address.
> i also changed it so it prints the number by default, which may be
> contentious. the manpage is slightly tweaked too.
>
> thoughts?
I like it to be able to use a number instead of an address!
It worked fine in my short test I performed.
The output with the comment looks a bit strange to me.
typhoon ..sbin/ospfd$ doas obj/ospfd -nv
router-id 0.0.0.7
fib-update yes
fib-priority 32
rfc1583compat no
spf-delay msec 1000
spf-holdtime msec 5000
area 7 { # 0.0.0.7
^
interface pair7:10.77.77.1 {
metric 10
retransmit-interval 5
router-dead-time 40
I'd prefer if we settle for one output format and then use only that. The
number format is more common but that would be a change for the users. I'm
fine with either format for outputs.
There is also "ospfctl show database area 0.0.0.0" and ospf6d. ;-)
Regards,
Remi
>
> with this diff, i can do the following and things keep
> working:
>
> --- /etc/ospfd.conf Mon Apr 29 11:29:56 2019
> +++ /etc/ospfd.conf.new Mon Apr 29 11:39:45 2019
> @@ -7,5 +7,5 @@
> redistribute rtlabel "backup" set metric 65535
>
> -area 0.0.2.188 {
> +area 700 {
> router-dead-time minimal
> fast-hello-interval msec 300
>
> Index: ospfd.conf.5
> ===
> RCS file: /cvs/src/usr.sbin/ospfd/ospfd.conf.5,v
> retrieving revision 1.55
> diff -u -p -r1.55 ospfd.conf.5
> --- ospfd.conf.5 28 Dec 2018 19:25:10 - 1.55
> +++ ospfd.conf.5 29 Apr 2019 01:45:40 -
> @@ -68,7 +68,7 @@ Macros are not expanded inside quotes.
> For example:
> .Bd -literal -offset indent
> hi="5"
> -area 0.0.0.0 {
> +area 0 {
> interface em0 {
> hello-interval $hi
> }
> @@ -257,10 +257,10 @@ Areas are used for grouping interfaces.
> All interface-specific parameters can
> be configured per area, overruling the global settings.
> .Bl -tag -width Ds
> -.It Ic area Ar address
> +.It Ic area Ar id Ns | Ns Ar address
> Specify an area section, grouping one or more interfaces.
> .Bd -literal -offset indent
> -area 0.0.0.0 {
> +area 0 {
> interface em0
> interface em1 {
> metric 10
> Index: parse.y
> ===
> RCS file: /cvs/src/usr.sbin/ospfd/parse.y,v
> retrieving revision 1.95
> diff -u -p -r1.95 parse.y
> --- parse.y 13 Feb 2019 22:57:08 - 1.95
> +++ parse.y 29 Apr 2019 01:45:40 -
> @@ -120,6 +120,7 @@ typedef struct {
> int64_t number;
> char*string;
> struct redistribute *redist;
> + struct in_addr id;
> } v;
> int lineno;
> } YYSTYPE;
> @@ -145,6 +146,7 @@ typedef struct {
> %type deadtime
> %type string dependon
> %type redistribute
> +%type areaid
>
> %%
>
> @@ -588,15 +590,8 @@ comma: ','
> | /*empty*/
> ;
>
> -area : AREA STRING {
> - struct in_addr id;
> - if (inet_aton($2, &id) == 0) {
> - yyerror("error parsing area");
> - free($2);
> - YYERROR;
> - }
> - free($2);
> - area = conf_get_area(id);
> +area : AREA areaid {
> + area = conf_get_area($2);
>
> memcpy(&areadefs, defs, sizeof(areadefs));
> md_list_copy(&areadefs.md_list, &defs->md_list);
> @@ -610,6 +605,23 @@ area : AREA STRING {
>
> demotecount : NUMBER{ $$ = $1; }
> | /*empty*/ { $$ = 1; }
> + ;
> +
> +areaid : NUMBER {
> + if ($1 < 0 || $1 > 0x) {
> + yyerror("invalid area id");
> + YYERROR;
> + }
> + $$.s_addr = htonl($1);
> + }
> + | STRING {
> + if (inet_aton($1, &$$) == 0) {
> + yyerror("error parsing area");
> + free($1);
> + YYERROR;
> + }
> + free($1);
> + }
> ;
>
> areaopts_l : areaopts_l areaoptsl nl
> Index: printconf.c
> ===
> RCS file
ospf(6)d: check rdomain for depend on interfaces
Hi,
the parser in ospf(6)d accepts depend on interfaces that are in a
different rdomain. This works on startup of the daemon. But since it
filters route messages based on it's rdomain it will not get notified
if the depend on interface changes link state.
Below diff extends the existing conf_check_rdomain to also check the
depend on interfaces.
OK?
Remi
Index: ospfd/parse.y
===
RCS file: /cvs/src/usr.sbin/ospfd/parse.y,v
retrieving revision 1.95
diff -u -p -r1.95 parse.y
--- ospfd/parse.y 13 Feb 2019 22:57:08 - 1.95
+++ ospfd/parse.y 28 Apr 2019 09:29:00 -
@@ -1371,18 +1371,45 @@ conf_get_if(struct kif *kif, struct kif_
int
conf_check_rdomain(unsigned int rdomain)
{
- struct area *a;
- struct iface*i;
- int errs = 0;
+ struct area *a;
+ struct iface*i;
+ struct in_addr addr;
+ struct kif *kif;
+ struct redistribute *r;
+ int errs = 0;
+
+ SIMPLEQ_FOREACH(r, &conf->redist_list, entry)
+ if (r->dependon[0] != '\0') {
+ bzero(&addr, sizeof(addr));
+ kif = kif_findname(r->dependon, addr, NULL);
+ if (kif->rdomain != rdomain) {
+ logit(LOG_CRIT,
+ "depend on %s: interface not in rdomain %u",
+ kif->ifname, rdomain);
+ errs++;
+ }
+ }
LIST_FOREACH(a, &conf->area_list, entry)
- LIST_FOREACH(i, &a->iface_list, entry)
+ LIST_FOREACH(i, &a->iface_list, entry) {
if (i->rdomain != rdomain) {
logit(LOG_CRIT,
"interface %s not in rdomain %u",
i->name, rdomain);
errs++;
}
+ if (i->dependon[0] != '\0') {
+ bzero(&addr, sizeof(addr));
+ kif = kif_findname(i->dependon, addr, NULL);
+ if (kif->rdomain != rdomain) {
+ logit(LOG_CRIT,
+ "depend on %s: interface not in "
+ "rdomain %u",
+ kif->ifname, rdomain);
+ errs++;
+ }
+ }
+ }
return (errs);
}
Index: ospf6d/parse.y
===
RCS file: /cvs/src/usr.sbin/ospf6d/parse.y,v
retrieving revision 1.42
diff -u -p -r1.42 parse.y
--- ospf6d/parse.y 13 Feb 2019 22:57:08 - 1.42
+++ ospf6d/parse.y 28 Apr 2019 09:28:33 -
@@ -1151,18 +1151,41 @@ conf_get_area(struct in_addr id)
int
conf_check_rdomain(u_int rdomain)
{
- struct area *a;
- struct iface*i;
- int errs = 0;
+ struct area *a;
+ struct iface*i, *idep;
+ struct redistribute *r;
+ int errs = 0;
+
+ SIMPLEQ_FOREACH(r, &conf->redist_list, entry)
+ if (r->dependon[0] != '\0') {
+ idep = if_findname(r->dependon);
+ if (idep->rdomain != rdomain) {
+ logit(LOG_CRIT,
+ "depend on %s: interface not in rdomain %u",
+ idep->name, rdomain);
+ errs++;
+ }
+ }
LIST_FOREACH(a, &conf->area_list, entry)
- LIST_FOREACH(i, &a->iface_list, entry)
+ LIST_FOREACH(i, &a->iface_list, entry) {
if (i->rdomain != rdomain) {
logit(LOG_CRIT,
"interface %s not in rdomain %u",
i->name, rdomain);
errs++;
}
+ if (i->dependon[0] != '\0') {
+ idep = if_findname(i->dependon);
+ if (idep->rdomain != rdomain) {
+ logit(LOG_CRIT,
+ "depend on %s: interface not in "
+ "rdomain %u",
+ idep->name, rdomain);
+ errs++;
+ }
+ }
+ }
return (errs);
}
Re: uslcom: new product id
On Wed, Apr 24, 2019 at 10:19:13PM +0100, Jason McIntyre wrote: > On Wed, Apr 24, 2019 at 11:16:18PM +0200, Remi Locherer wrote: > > On Wed, Apr 24, 2019 at 08:54:08AM +0100, Jason McIntyre wrote: > > > On Wed, Apr 24, 2019 at 08:11:42AM +0100, Stuart Henderson wrote: > > > > On 2019/04/23 23:53, Remi Locherer wrote: > > > > > Hi, > > > > > > > > > > with below diff the usb serial adapter built into the SRX 300 attaches > > > > > to uslcom and can be used. > > > > > > > > > > uslcom0 at uhub1 port 1 configuration 1 interface 0 "Silicon Labs > > > > > Juniper Networks BX Series System Console" rev 1.10/1.01 addr 10 > > > > > > > > > > OK? > > > > > > > > > product SILABS KYOCERA_GPS 0x8411 Kyocera GPS > > > > > product SILABS IRZ_SG10 0x8418 IRZ SG-10 GSM/GPRS Modem > > > > > product SILABS BEI_VCP 0x846e BEI USB Sensor (VCP) > > > > > +product SILABS JUNIPER_BX_CONS 0x8470 Juniper BX Series > > > > > System Console > > > > > product SILABS BALLUFF_RFID 0x8477 Balluff RFID reader > > > > > product SILABS AC_SERV_IBUS 0x85ea AC-Services IBUS > > > > > product SILABS AC_SERV_CIS 0x85eb AC-Services CIS-IBUS > > > > > > > > The string could be a little shorter, just "Juniper BX Console" > > > > is clear enough and saves a few bytes in the kernel. Otherwise OK. > > > > Reminder, first commit just usbdevs, then run "make" and commit > > > > usbdevs.h/usbdevs_data.h, then the c file. > > > > > > > > > > ...and then update uslcom.4 ;) > > > > I'm not sure this makes sense. This is not an adapter I buy because I > > need serial and only have usb. It's a network device that has this built > > in so I can connect to serial with just an usb (mini) cable.r > > > > And what product should we add to the manual? It works with Juniper SRX 300. > > I have no clue if Juniper uses this in other devices. The usb-c connector > > from my ICX Switch also attaches to uslcom. Should this also be listet? > > > > Remi > > > > hi. > > no, it's my mistake - sorry! i just presumed it should be listed. > jmc > Theo suggested that it makes sense and that there are similar examples. Should we list devices like this? Not all SRX models have such an USB console port. I took the model numbers from here: https://kb.juniper.net/InfoCenter/index?page=content&id=KB31671 Index: uslcom.4 === RCS file: /cvs/src/share/man/man4/uslcom.4,v retrieving revision 1.14 diff -u -p -r1.14 uslcom.4 --- uslcom.420 May 2017 14:24:46 - 1.14 +++ uslcom.425 Apr 2019 20:16:06 - @@ -53,11 +53,13 @@ Enfora EDG1228 Gemalto Prox-PU/CU Smartcard Readers IRZ MC35pu GSM Terminal Jablotron PC-60B +Juniper SRX 300/320/340/345/550M/1500 USB console Lipowsky Baby-JTAG Lipowsky Baby-LIN Lipowsky HARP-1 MobiData GPRS Modem Pololu USB to Serial +Ruckus ICX 7150 USB console SPORTident BSM7-D-USB Tracient RFID Track Systems Traqmate
Re: uslcom: new product id
On Wed, Apr 24, 2019 at 08:54:08AM +0100, Jason McIntyre wrote: > On Wed, Apr 24, 2019 at 08:11:42AM +0100, Stuart Henderson wrote: > > On 2019/04/23 23:53, Remi Locherer wrote: > > > Hi, > > > > > > with below diff the usb serial adapter built into the SRX 300 attaches > > > to uslcom and can be used. > > > > > > uslcom0 at uhub1 port 1 configuration 1 interface 0 "Silicon Labs Juniper > > > Networks BX Series System Console" rev 1.10/1.01 addr 10 > > > > > > OK? > > > > > product SILABS KYOCERA_GPS 0x8411 Kyocera GPS > > > product SILABS IRZ_SG10 0x8418 IRZ SG-10 GSM/GPRS Modem > > > product SILABS BEI_VCP 0x846e BEI USB Sensor (VCP) > > > +product SILABS JUNIPER_BX_CONS 0x8470 Juniper BX Series System Console > > > product SILABS BALLUFF_RFID 0x8477 Balluff RFID reader > > > product SILABS AC_SERV_IBUS 0x85ea AC-Services IBUS > > > product SILABS AC_SERV_CIS 0x85eb AC-Services CIS-IBUS > > > > The string could be a little shorter, just "Juniper BX Console" > > is clear enough and saves a few bytes in the kernel. Otherwise OK. > > Reminder, first commit just usbdevs, then run "make" and commit > > usbdevs.h/usbdevs_data.h, then the c file. > > > > ...and then update uslcom.4 ;) I'm not sure this makes sense. This is not an adapter I buy because I need serial and only have usb. It's a network device that has this built in so I can connect to serial with just an usb (mini) cable.r And what product should we add to the manual? It works with Juniper SRX 300. I have no clue if Juniper uses this in other devices. The usb-c connector from my ICX Switch also attaches to uslcom. Should this also be listet? Remi
uslcom: new product id
Hi,
with below diff the usb serial adapter built into the SRX 300 attaches
to uslcom and can be used.
uslcom0 at uhub1 port 1 configuration 1 interface 0 "Silicon Labs Juniper
Networks BX Series System Console" rev 1.10/1.01 addr 10
OK?
Remi
Index: usbdevs
===
RCS file: /cvs/src/sys/dev/usb/usbdevs,v
retrieving revision 1.697
diff -u -p -r1.697 usbdevs
--- usbdevs 27 Mar 2019 22:04:20 - 1.697
+++ usbdevs 23 Apr 2019 21:31:46 -
@@ -3943,6 +3943,7 @@ product SILABS DEKTEK_DTAPLUS 0x83d8 Dek
product SILABS KYOCERA_GPS 0x8411 Kyocera GPS
product SILABS IRZ_SG100x8418 IRZ SG-10 GSM/GPRS Modem
product SILABS BEI_VCP 0x846e BEI USB Sensor (VCP)
+product SILABS JUNIPER_BX_CONS 0x8470 Juniper BX Series System Console
product SILABS BALLUFF_RFID0x8477 Balluff RFID reader
product SILABS AC_SERV_IBUS0x85ea AC-Services IBUS
product SILABS AC_SERV_CIS 0x85eb AC-Services CIS-IBUS
Index: usbdevs.h
===
RCS file: /cvs/src/sys/dev/usb/usbdevs.h,v
retrieving revision 1.709
diff -u -p -r1.709 usbdevs.h
--- usbdevs.h 27 Mar 2019 22:05:06 - 1.709
+++ usbdevs.h 23 Apr 2019 21:32:22 -
@@ -1,4 +1,4 @@
-/* $OpenBSD: usbdevs.h,v 1.709 2019/03/27 22:05:06 kettenis Exp $ */
+/* $OpenBSD$ */
/*
* THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT.
@@ -3950,6 +3950,7 @@
#defineUSB_PRODUCT_SILABS_KYOCERA_GPS 0x8411 /* Kyocera GPS
*/
#defineUSB_PRODUCT_SILABS_IRZ_SG10 0x8418 /* IRZ SG-10
GSM/GPRS Modem */
#defineUSB_PRODUCT_SILABS_BEI_VCP 0x846e /* BEI USB
Sensor (VCP) */
+#defineUSB_PRODUCT_SILABS_JUNIPER_BX_CONS 0x8470 /*
Juniper BX Series System Console */
#defineUSB_PRODUCT_SILABS_BALLUFF_RFID 0x8477 /* Balluff RFID
reader */
#defineUSB_PRODUCT_SILABS_AC_SERV_IBUS 0x85ea /* AC-Services
IBUS */
#defineUSB_PRODUCT_SILABS_AC_SERV_CIS 0x85eb /* AC-Services
CIS-IBUS */
Index: usbdevs_data.h
===
RCS file: /cvs/src/sys/dev/usb/usbdevs_data.h,v
retrieving revision 1.703
diff -u -p -r1.703 usbdevs_data.h
--- usbdevs_data.h 27 Mar 2019 22:05:06 - 1.703
+++ usbdevs_data.h 23 Apr 2019 21:32:22 -
@@ -1,4 +1,4 @@
-/* $OpenBSD: usbdevs_data.h,v 1.703 2019/03/27 22:05:06 kettenis Exp $
*/
+/* $OpenBSD$ */
/*
* THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT.
@@ -10036,6 +10036,10 @@ const struct usb_known_product usb_known
{
USB_VENDOR_SILABS, USB_PRODUCT_SILABS_BEI_VCP,
"BEI USB Sensor (VCP)",
+ },
+ {
+ USB_VENDOR_SILABS, USB_PRODUCT_SILABS_JUNIPER_BX_CONS,
+ "Juniper BX Series System Console",
},
{
USB_VENDOR_SILABS, USB_PRODUCT_SILABS_BALLUFF_RFID,
Index: uslcom.c
===
RCS file: /cvs/src/sys/dev/usb/uslcom.c,v
retrieving revision 1.40
diff -u -p -r1.40 uslcom.c
--- uslcom.c20 May 2017 10:13:42 - 1.40
+++ uslcom.c23 Apr 2019 21:32:18 -
@@ -208,6 +208,7 @@ static const struct usb_devno uslcom_dev
{ USB_VENDOR_SILABS,USB_PRODUCT_SILABS_INSYS_MODEM },
{ USB_VENDOR_SILABS,USB_PRODUCT_SILABS_IPLINK1220 },
{ USB_VENDOR_SILABS,USB_PRODUCT_SILABS_IRZ_SG10 },
+ { USB_VENDOR_SILABS,USB_PRODUCT_SILABS_JUNIPER_BX_CONS },
{ USB_VENDOR_SILABS,USB_PRODUCT_SILABS_KCF_PRN },
{ USB_VENDOR_SILABS,USB_PRODUCT_SILABS_KETRA_N1 },
{ USB_VENDOR_SILABS,USB_PRODUCT_SILABS_KYOCERA_GPS },
fix link id for p2p interfaces router lsa type 3 link
Hi,
when ospfd originates LSAs for p2p interfaces it puts the interface
address into the link id field where it should use the network address.
The issue was reported by Mitchell Krome on tech@ and one part of the
problem was fixed in rde_spf.c revision 1.77.
--> https://marc.info/?t=15539264081&r=1&w=2
This diff fixes the LSAs ospfd sends out.
OK?
Remi
Index: ospfe.c
===
RCS file: /cvs/src/usr.sbin/ospfd/ospfe.c,v
retrieving revision 1.103
diff -u -p -r1.103 ospfe.c
--- ospfe.c 27 Sep 2018 12:34:06 - 1.103
+++ ospfe.c 22 Apr 2019 08:47:36 -
@@ -908,7 +908,8 @@ orig_rtr_lsa(struct area *area)
rtr_link.id = nbr->addr.s_addr;
rtr_link.data = 0x;
} else {
- rtr_link.id = iface->addr.s_addr;
+ rtr_link.id = iface->addr.s_addr &
+ iface->mask.s_addr;
rtr_link.data = iface->mask.s_addr;
}
rtr_link.type = LINK_TYPE_STUB_NET;
Re: ospfd: Apply netmask to stub prefixes before adding the route to the route table
On Tue, Apr 02, 2019 at 07:27:07PM +1000, Mitchell Krome wrote: > On 2/04/2019 3:30 pm, Remi Locherer wrote: > > Hi Mitchell > > > > On Sat, Mar 30, 2019 at 04:10:09PM +1000, Mitchell Krome wrote: > >> I kept finding I had a lingering /30 route when I turned off one of my > >> test boxes. I tracked it down to ospfd sending RTM_ADD for a stub > >> network with the non-masked prefix. The RTM_ADD path applies the mask > >> inside the kernel, so the route got added as expected, but the > >> RTM_DELETE enforces an exact match, so it could never remove the route. > >> > >> The advertised stub network was as follows: > >> > >> Link connected to: Stub Network > >>Link ID (Network ID): 10.10.20.2 > >> Link Data (Network Mask): 255.255.255.252 > >>Metric: 10 > > > > Please send the details of your setup so it is easy to reproduce the issue. > > - OpenBSD version > > - ospfd.conf > > - interface configs > > - routing table > > I am running a kernel I compiled myself with source from ~2 weeks ago. > See the bottom for other info. > > > > >> ospfd sends the interface address rather than network address as the > >> link ID. The RFC says "set the Link ID of the Type 3 link to the > >> subnet's IP address" which to me means we probably should also apply the > >> mask before we add the stub to the LSA to avoid getting into this place > >> to start with? > > > > This only applies to Type 3 LSAs. Below table is from RFC 2328 > > chapter 12.1.4: > > > > LS Type Link State ID > > ___ > > 1 The originating router's Router ID. > > 2 The IP interface address of the > > network's Designated Router. > > 3 The destination network's IP address. > > 4 The Router ID of the described AS > > boundary router. > > 5 The destination network's IP address. > > > >> > >> The patch below just masks the stub network before it gets added to the > >> route table, so that we can properly delete it. I can send a patch to > >> mask it before sending the LSA too if the consensus is that is how it > >> should be. > > > > With your patch you change the case "LSA_TYPE_ROUTER" (LS Type 1) and not > > LS type 3. > > Inside the LSA type 1 there is a type 3 link which is a "stub network". > That is what I was changing. Under 12.4.1.1 second dotpoint it says for > a point to point network add a type 3 link. Maybe I got the terminology > wrong, but this was definitely the thing I intended to change > >Link type Description Link ID >__ >1 Point-to-pointNeighbor Router ID >link >2 Link to transit Interface address of >network Designated Router >3 Link to stub IP network number >network >4 Virtual link Neighbor Router ID > > >Table 18: Link descriptions in the > router-LSA. > > Thank you Mitchell for your analysis and great explanation! I think your proposed fix is correct. I never noticed this warning bevor because I always used a /32 mask on point-to-point interfaces. Below again the diff from Mitchell. I tested this and it is OK remi@. Index: rde_spf.c === RCS file: /cvs/src/usr.sbin/ospfd/rde_spf.c,v retrieving revision 1.76 diff -u -p -r1.76 rde_spf.c --- rde_spf.c 22 Nov 2015 13:09:10 - 1.76 +++ rde_spf.c 2 Apr 2019 20:13:40 - @@ -195,7 +195,7 @@ rt_calc(struct vertex *v, struct area *a if (rtr_link->type != LINK_TYPE_STUB_NET) continue; - addr.s_addr = rtr_link->id; + addr.s_addr = rtr_link->id & rtr_link->data; adv_rtr.s_addr = htonl(v->adv_rtr); rt_update(addr, mask2prefixlen(rtr_link->data),
Re: ospfd: Apply netmask to stub prefixes before adding the route to the route table
Hi Mitchell On Sat, Mar 30, 2019 at 04:10:09PM +1000, Mitchell Krome wrote: > I kept finding I had a lingering /30 route when I turned off one of my > test boxes. I tracked it down to ospfd sending RTM_ADD for a stub > network with the non-masked prefix. The RTM_ADD path applies the mask > inside the kernel, so the route got added as expected, but the > RTM_DELETE enforces an exact match, so it could never remove the route. > > The advertised stub network was as follows: > > Link connected to: Stub Network > Link ID (Network ID): 10.10.20.2 > Link Data (Network Mask): 255.255.255.252 > Metric: 10 Please send the details of your setup so it is easy to reproduce the issue. - OpenBSD version - ospfd.conf - interface configs - routing table > ospfd sends the interface address rather than network address as the > link ID. The RFC says "set the Link ID of the Type 3 link to the > subnet's IP address" which to me means we probably should also apply the > mask before we add the stub to the LSA to avoid getting into this place > to start with? This only applies to Type 3 LSAs. Below table is from RFC 2328 chapter 12.1.4: LS Type Link State ID ___ 1 The originating router's Router ID. 2 The IP interface address of the network's Designated Router. 3 The destination network's IP address. 4 The Router ID of the described AS boundary router. 5 The destination network's IP address. > > The patch below just masks the stub network before it gets added to the > route table, so that we can properly delete it. I can send a patch to > mask it before sending the LSA too if the consensus is that is how it > should be. With your patch you change the case "LSA_TYPE_ROUTER" (LS Type 1) and not LS type 3. Remi > > Mitchell > > diff --git usr.sbin/ospfd/rde_spf.c usr.sbin/ospfd/rde_spf.c > index 736f2e575..d842a2c20 100644 > --- usr.sbin/ospfd/rde_spf.c > +++ usr.sbin/ospfd/rde_spf.c > @@ -195,7 +195,7 @@ rt_calc(struct vertex *v, struct area *area, struct > ospfd_conf *conf) > if (rtr_link->type != LINK_TYPE_STUB_NET) > continue; > > - addr.s_addr = rtr_link->id; > + addr.s_addr = rtr_link->id & rtr_link->data; > adv_rtr.s_addr = htonl(v->adv_rtr); > > rt_update(addr, mask2prefixlen(rtr_link->data), >
Re: ospfd: Warn when the router ID changes during config reload
On Mon, Mar 25, 2019 at 02:43:26PM +0100, Jeremie Courreges-Anglas wrote:
> On Sun, Mar 24 2019, Mitchell Krome wrote:
> > On 24/03/2019 7:23 am, Theo de Raadt wrote:
> >> Sebastian Benoit wrote:
> >>
> >>> Mitchell Krome(mitchellkr...@gmail.com) on 2019.03.23 20:27:17 +1000:
> Was messing around with ospf and got myself into a situation where the
> router ID's were the same on two boxes because I only did a reload on
> one of them when I changed the loopback IP's.
> >>>
> >>> Thats sub optimal i believe...
> >>>
> This adds a warning when reloading if the router ID changes (there was
> already a comment saying as much). Same patch can probably be applied to
> ospf6d if people think it's useful.
>
> ospf6d currently doesn't support config reloads at all. It might be
> worth adding an XXX comment there.
>
> >>> I think it would be better to abort the reload if the router-id is
> >>> changed,
> >>> i.e. not load the new config at all.
> >>
> >> That's the right approach in all our other daemons:
> >>
> >> if the configuration change cannot be installed correctly, consider
> >> it invalid and abort. Someone would need to write code to make it
> >> valid..
> >>
> >
> > That makes sense. I checked the manuals for the routers I use at work
> > and they also required the ospf process to be restarted for the config
> > to take effect after changing the router id.
> >
> > I moved the check up into ospf_reload because it doesn't make sense
> > sending the config to all the children if we know we're going to abort.
>
> Your patch was mangled (long line wrapped) but the changes looked good.
> Here's an updated version which tweaks punctuation and case (to match
> the router-id keyword). Works for me in my simple test setup.
>
> Comments/oks?
This works and it makes sense to me.
The log message is a bit lengthy compared to other log messages produced
by ospfd. Maybe something like this: "router-id changed: restart required"
But the patch is also OK remi@ as it is now.
>
>
> Index: ospfd.c
> ===
> RCS file: /cvs/src/usr.sbin/ospfd/ospfd.c,v
> retrieving revision 1.105
> diff -u -p -r1.105 ospfd.c
> --- ospfd.c 15 Jan 2019 22:18:10 - 1.105
> +++ ospfd.c 25 Mar 2019 13:33:43 -
> @@ -642,6 +642,13 @@ ospf_reload(void)
> if ((xconf = parse_config(conffile, ospfd_conf->opts)) == NULL)
> return (-1);
>
> + /* Abort the reload if rtr_id changed */
> + if (ospfd_conf->rtr_id.s_addr != xconf->rtr_id.s_addr) {
> + log_warnx("router-id changed in new configuration, "
> + "this requires ospfd to be restarted.");
> + return (-1);
> + }
> +
> /* send config to childs */
> if (ospf_sendboth(IMSG_RECONF_CONF, xconf, sizeof(*xconf)) == -1)
> return (-1);
> @@ -693,7 +700,6 @@ merge_config(struct ospfd_conf *conf, st
> struct redistribute *r;
> int rchange = 0;
>
> - /* change of rtr_id needs a restart */
> conf->flags = xconf->flags;
> conf->spf_delay = xconf->spf_delay;
> conf->spf_hold_time = xconf->spf_hold_time;
>
>
> --
> jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
>
ospf(6)d: fix "redistribute X set type 2 depend on if"
Hi tech,
in OSPFs external LSAs the type is encoded in the metric field. ospfd and
ospf6d overwrite the type information when "depend on" is used and the
specified interface is down (or in backup state). Below diff fixes this.
The problem was reported on misc by Ior Podlesny:
https://marc.info/?l=openbsd-misc&m=154704895731641&w=2
OK?
Remi
Index: ospfd/ospfd.c
===
RCS file: /cvs/src/usr.sbin/ospfd/ospfd.c,v
retrieving revision 1.103
diff -u -p -r1.103 ospfd.c
--- ospfd/ospfd.c 2 Jan 2019 18:47:59 - 1.103
+++ ospfd/ospfd.c 10 Jan 2019 21:08:23 -
@@ -564,7 +564,8 @@ ospf_redistribute(struct kroute *kr, u_i
switch (r->type & ~REDIST_NO) {
case REDIST_LABEL:
if (kr->rtlabel == r->label) {
- *metric = depend_ok ? r->metric : MAX_METRIC;
+ *metric = depend_ok ? r->metric :
+ r->metric | MAX_METRIC;
return (r->type & REDIST_NO ? 0 : 1);
}
break;
@@ -579,7 +580,8 @@ ospf_redistribute(struct kroute *kr, u_i
if (kr->flags & F_DYNAMIC)
continue;
if (kr->flags & F_STATIC) {
- *metric = depend_ok ? r->metric : MAX_METRIC;
+ *metric = depend_ok ? r->metric :
+ r->metric | MAX_METRIC;
return (r->type & REDIST_NO ? 0 : 1);
}
break;
@@ -589,7 +591,8 @@ ospf_redistribute(struct kroute *kr, u_i
if (kr->flags & F_DYNAMIC)
continue;
if (kr->flags & F_CONNECTED) {
- *metric = depend_ok ? r->metric : MAX_METRIC;
+ *metric = depend_ok ? r->metric :
+ r->metric | MAX_METRIC;
return (r->type & REDIST_NO ? 0 : 1);
}
break;
@@ -601,7 +604,7 @@ ospf_redistribute(struct kroute *kr, u_i
r->mask.s_addr == INADDR_ANY) {
if (is_default) {
*metric = depend_ok ? r->metric :
- MAX_METRIC;
+ r->metric | MAX_METRIC;
return (r->type & REDIST_NO ? 0 : 1);
} else
return (0);
@@ -610,13 +613,15 @@ ospf_redistribute(struct kroute *kr, u_i
if ((kr->prefix.s_addr & r->mask.s_addr) ==
(r->addr.s_addr & r->mask.s_addr) &&
kr->prefixlen >= mask2prefixlen(r->mask.s_addr)) {
- *metric = depend_ok ? r->metric : MAX_METRIC;
+ *metric = depend_ok ? r->metric :
+ r->metric | MAX_METRIC;
return (r->type & REDIST_NO ? 0 : 1);
}
break;
case REDIST_DEFAULT:
if (is_default) {
- *metric = depend_ok ? r->metric : MAX_METRIC;
+ *metric = depend_ok ? r->metric :
+ r->metric | MAX_METRIC;
return (r->type & REDIST_NO ? 0 : 1);
}
break;
Index: ospf6d/ospf6d.c
===
RCS file: /cvs/src/usr.sbin/ospf6d/ospf6d.c,v
retrieving revision 1.41
diff -u -p -r1.41 ospf6d.c
--- ospf6d/ospf6d.c 29 Dec 2018 16:04:31 - 1.41
+++ ospf6d/ospf6d.c 10 Jan 2019 21:53:10 -
@@ -534,7 +534,8 @@ ospf_redistribute(struct kroute *kr, u_i
switch (r->type & ~REDIST_NO) {
case REDIST_LABEL:
if (kr->rtlabel == r->label) {
- *metric = depend_ok ? r->metric : MAX_METRIC;
+ *metric = depend_ok ? r->metric :
+ r->metric | MAX_METRIC;
return (r->type & REDIST_NO ? 0 : 1);
}
break;
@@ -549,7 +550,8 @@ ospf_redistribute(struct kroute *kr, u_i
if (kr->flags & F_DYNAMIC)
continue;
if (kr->flags & F_STATIC) {
- *metric = depend_ok ? r->metric : MAX_METRIC;
+ *metric = depend_ok ? r->metric :
+
ospf6d: detect and remove alien routes
Hi tech,
ospfd detects and removes routes in the kernel routing table with priority
RTP_OSPF (or the configured fib-priority) that have been inserted by another
program.
Below diff adds the same behaviour to ospf6d.
OK?
Remi
Index: kroute.c
===
RCS file: /cvs/src/usr.sbin/ospf6d/kroute.c,v
retrieving revision 1.59
diff -u -p -r1.59 kroute.c
--- kroute.c29 Dec 2018 16:04:31 - 1.59
+++ kroute.c2 Jan 2019 12:37:25 -
@@ -1347,6 +1347,7 @@ dispatch_rtmsg(void)
int flags, mpath;
unsigned int scope;
u_short ifindex = 0;
+ int rv;
if ((n = read(kr_state.fd, &buf, sizeof(buf))) == -1) {
if (errno == EAGAIN || errno == EINTR)
@@ -1512,15 +1513,27 @@ add:
kr->r.ifindex = ifindex;
kr->r.priority = prio;
- if ((label = (struct sockaddr_rtlabel *)
- rti_info[RTAX_LABEL]) != NULL) {
- kr->r.rtlabel =
- rtlabel_name2id(label->sr_label);
- kr->r.ext_tag =
- rtlabel_id2tag(kr->r.rtlabel);
- }
+ if (rtm->rtm_priority == kr_state.fib_prio) {
+ log_warnx("alien OSPF route %s/%d",
+ log_in6addr(&prefix), prefixlen);
+ rv = send_rtmsg(kr_state.fd,
+ RTM_DELETE, &kr->r);
+ free(kr);
+ if (rv == -1)
+ return (-1);
+ } else {
+ if ((label = (struct sockaddr_rtlabel *)
+ rti_info[RTAX_LABEL]) != NULL) {
+ kr->r.rtlabel =
+ rtlabel_name2id(
+ label->sr_label);
+ kr->r.ext_tag =
+ rtlabel_id2tag(
+ kr->r.rtlabel);
+ }
- kroute_insert(kr);
+ kroute_insert(kr);
+ }
}
break;
case RTM_DELETE:
ospfd: send router lsa when removing an interface
Hi tech,
when removing an interface from ospdf.conf and doing a reload other
OSPF routers should get a router LSA update. Then they can remove the
affected route. But currently this does not happen. The affected route
might be used by other routers a long time after removing it from the
config (until the LSA ages out).
Below diff fixes this.
OK?
Remi
Index: ospfd.c
===
RCS file: /cvs/src/usr.sbin/ospfd/ospfd.c,v
retrieving revision 1.102
diff -u -p -r1.102 ospfd.c
--- ospfd.c 28 Dec 2018 19:25:10 - 1.102
+++ ospfd.c 1 Jan 2019 21:23:38 -
@@ -827,7 +827,7 @@ merge_interfaces(struct area *a, struct
/* problems:
* - new interfaces (easy)
-* - deleted interfaces (needs to be done via fsm?)
+* - deleted interfaces
* - changing passive (painful?)
*/
for (i = LIST_FIRST(&a->iface_list); i != NULL; i = ni) {
@@ -842,6 +842,7 @@ merge_interfaces(struct area *a, struct
rde_nbr_iface_del(i);
LIST_REMOVE(i, entry);
if_del(i);
+ dirty = 1; /* force rtr LSA update */
}
}
