On Mon, Jul 09, 2018 at 05:50:07PM +0200, Denis Fondras wrote:
> I am late for a comment because it has already been commited but...
>
> > @@ -1373,6 +1339,14 @@ rde_update_update(struct rde_peer *peer,
> > if (path_update(&ribs[RIB_ADJ_IN].rib, peer, asp, prefix, prefixlen, 0))
> >
raw_usrreq() is no longer used so remove it from the tree.
The only thing form the headerfile that was still used was RAWSNDQ and
RAWRCVQ. I replaced them with per protocol defines.
OK?
--
:wq Claudio
Index: conf/files
===
RCS file:
On Mon, Jul 09, 2018 at 11:45:41PM +0200, Sebastian Benoit wrote:
> Actually free the right thing in rib_free()
> Found by and with claudio.
>
> (benno_claudio_rde_rib_rib_free.diff)
OK claudio@
> Index: rde_rib.c
> ===
> RCS file:
On Mon, Jul 09, 2018 at 11:58:05PM +0200, Sebastian Benoit wrote:
>
> compare the right things here: we want to know if the flag has changed.
> Found with claudios help and patience.
>
> ok?
This is fucked up. :)
> (benno_claudio_rde_reconf_F_RIB_HASNOFIB.diff)
>
> Index: rde.c
>
On Tue, Jul 10, 2018 at 12:07:04AM +0200, Sebastian Benoit wrote:
> Sebastian Benoit(be...@openbsd.org) on 2018.07.10 00:06:06 +0200:
> > Claudio Jeker(cje...@diehard.n-r-g.com) on 2018.07.10 00:05:08 +0200:
> > > On Mon, Jul 09, 2018 at 11:58:05PM +0200, Seba
On Tue, Jul 10, 2018 at 11:15:51AM +0200, Sebastian Benoit wrote:
> we only support up to RT_TABLEID_MAX rtables.
>
> ok?
OK
> (benno_bgpd_rtable_max.diff)
>
> Index: parse.y
> ===
> RCS file: /cvs/src/usr.sbin/bgpd/parse.y,v
> re
On Tue, Jul 10, 2018 at 12:18:15PM +0200, Florian Riehm wrote:
> Hi,
>
> since we use multiple cloning routes (mpath) if more than one ip address
> exists in the same network, the routes are distinguished by their gateway
> address, which is the associated interface address.
> The ospfd has to tra
On Tue, Jul 10, 2018 at 01:56:37PM +0200, Florian Riehm wrote:
> Hi,
>
> If intra area prefixes move from one router to another router, cloning routes
> may become gateway routes and contrary. The kernel does not allow to change
> the
> flags RTF_GATEWAY / RTF_CLONING in RTM_CHANGE messages, but
Again lots of minuses that can be replaced with very few plus lines.
This moves the prefixlen check into rde_update_get_prefix*() functions
since those can already return an error that is actually the same.
OK?
--
:wq Claudio
Index: rde.c
=
This uses struct filterstate in rde_update_dispatch() and passes the
struct to a few functions down (rde_update_update, path_update and some
more friends). After that it should become easier to move nexthop and
later maybe the peer out of struct rde_aspath into struct prefix.
--
:wq Claudio
Ind
On Wed, Jul 11, 2018 at 12:43:41AM +0200, Sebastian Benoit wrote:
> hi,
>
> allows you to announce prefixes from the kernel routing table selected by
> priority.
>
> lightly tested, as in, the config part works.
>
> network inet priority 32
>
> ok?
This is fairly esotheric as a feature. It w
On busy servers I seen multiple RTM_LOSING message per second being
generated. This is not helpful (especially since nothing is doing
something with it). This diff removes the part where RTM_LOSING is
generated but at the same time adds some RTM_ADD / RTM_DELETE messages for
the dynamic routes adde
On Wed, Jul 11, 2018 at 10:10:50AM +0200, Martin Pieuchot wrote:
> On 11/07/18(Wed) 09:55, Claudio Jeker wrote:
> > On busy servers I seen multiple RTM_LOSING message per second being
> > generated. This is not helpful (especially since nothing is doing
> > something with i
Especially the rde_aspath hash function is horrible.
Fix this by adding more bits to the SipHash which results in a better
spread. Also switch the stored hases to 64bit and save the one for
rde_aspath as well since it the compare a lot quicker.
--
:wq Claudio
Index: rde.h
===
On Wed, Jul 11, 2018 at 10:18:59PM +0200, Sebastian Benoit wrote:
>
> ok?
OK claudio@
> (benno_check_rdomain.diff)
>
> diff --git usr.sbin/bgpd/config.c usr.sbin/bgpd/config.c
> index 2a2e5dfa314..4f8134e6b68 100644
> --- usr.sbin/bgpd/config.c
> +++ usr.sbin/bgpd/config.c
> @@ -46,6 +46,7 @@
See subject, it is not using it in any sensible way.
--
:wq Claudio
Index: route6d.c
===
RCS file: /cvs/src/usr.sbin/route6d/route6d.c,v
retrieving revision 1.96
diff -u -p -r1.96 route6d.c
--- route6d.c 1 Jul 2018 15:42:37 -
This diff ads enough extra code to parse and display mrt update messages.
Some code in bgpd needs to be moved to be reachable by bgpctl.
bgpctl code gets reshuffled so that mrt printing works without a running
bgpd and also to make the pledge more strict.
This is nice to see stuff like the full not
On Tue, Jul 10, 2018 at 06:37:44PM +0200, Claudio Jeker wrote:
> This uses struct filterstate in rde_update_dispatch() and passes the
> struct to a few functions down (rde_update_update, path_update and some
> more friends). After that it should become easier to move nexthop and
> lat
On Fri, Jul 13, 2018 at 11:55:33AM +0200, Sebastian Benoit wrote:
>
> ok?
>
> (benno_route_monitor.diff)
>
> diff --git sbin/route/route.c sbin/route/route.c
> index f98bdeae0a2..d4467a77d04 100644
> --- sbin/route/route.c
> +++ sbin/route/route.c
> @@ -150,6 +150,7 @@ main(int argc, char **argv
For "dump (all|updates) (in|out)" it totally makes sense to use the
extended timestamp format that includes microseconds as well. This
way it is better visible when updates got processed.
Table dumps are not affected since there the timestamp is not that
useful.
bgpdump shows now the time with mi
This diffs adds timestamps similar to kdump to bgpctl show mrt output
when messages or states are shown.
Currently it looks like this:
1531425344.00 153.5.146.105[23456] -> 62.48.0.253[0]: size 63
0.00 153.5.146.105[23456] -> 62.48.0.253[0]: Connect -> OpenSent
0.00 153.5.146.105[23456
There is no reason why bgpd must be running to do a bgpctl show mrt call.
This diff moves the SHOW_MRT case up to the IRRFILTER one and also makes
the pledge() calls stricter. I see no reason why rpath or wpath are
needed and neither did benno@ remember why.
OK?
--
:wq Claudio
Index: bgpctl.c
==
This is the next small bit of rde rebuilding.
Move nexthop into struct filterstate (including nexthop flags) and use
them whereever possible. In some places (path_update, softreconfig_out
handler) the nexthop state are folded back into the rde_aspath.
This also fixes a possible crash when it comes
On Fri, Nov 26, 2021 at 11:37:37PM +0100, Alexandr Nedvedicky wrote:
> Hello,
>
> On Fri, Nov 26, 2021 at 01:01:40PM +0100, Claudio Jeker wrote:
> >
> > One more thing to consider, I think the following test in pfi_set_flags():
> >
> > > + if
Currently ta, rrdp and rsync repositories use different functions to build
their base path. This diff changes this so that all can use the same
function.
This is a first step to introduce a common validated repository.
--
:wq Claudio
Index: repo.c
On Sun, Dec 12, 2021 at 03:22:37PM +0100, Denis Fondras wrote:
> Le Sun, Dec 12, 2021 at 01:43:06PM +, Stuart Henderson a écrit :
> > On 2021/12/12 14:13, Denis Fondras wrote:
> > > Number of received prefixes appear in `bgpctl sh` but not in `bgpctl -j
> > > sh`.
> > >
> > > Here is a diff t
On Mon, Dec 13, 2021 at 11:27:20AM +0100, Florian Obser wrote:
> Treat xid as a uint32_t in network byte order on the wire.
>
> Internally this doesn't matter since we only care about equality.
> This makes logging output comparable to tcpdump(8).
>
> Pointed out by joel@
>
> OK?
OK claudio@
On Mon, Dec 13, 2021 at 11:25:02AM +0100, Florian Obser wrote:
> Replace struct member assignment with struct assignment to make the code
> more compact. No binary change (on amd64).
>
> OK? Or is there a reason not to do this?
Looks good to me and I also see no reason why this should not be done
In LDAP there is two ways to remove an attribute.
One can remove an attribute by just naming the attribute but it is also
possible to remove a specific attribute: value combo.
In ldapd the latter is broken if the last attribute is removed because
the result of ldap_del_values() is an invalid encod
The limiter for repository count under a TA only makes sense for
repositories referenced from certs but less so for the actual TA. So
remove the logic from ta_lookup() and friends and make the code simpler.
There is no risk in doing so since there is only one TA and one
ta_lookup() done per TAL and
For some reasons various ids were stored as size_t (probably because once
they used to be the index in an array). This is just silly and annoyed me
for long enough. I think this fixes all of them.
While there also stop using size_t for maxlength of a prefix. Everywhere
else the code uses just a un
In the roa parser the handling of maxlen is overly complex.
Just set maxlen to addr.prefixlen before parsing the maxlength option.
If present it will override maxlen with the new value and with that the
ternary confusion at the end can be removed.
--
:wq Claudio
Index: roa.c
On Tue, Dec 21, 2021 at 03:49:47PM -0500, jwinnie@tilde.institute wrote:
>
> Hello OpenBSD developers,
>
> I am interested in contributing to improve the uhidpp(4)
> (Logitech Unifying Reciever) support in OpenBSD.
>
> Currently, the uhidpp(4) driver only handles detecting certain
> sensors, but
On Tue, Dec 21, 2021 at 06:24:44PM +, Job Snijders wrote:
> On Tue, Dec 21, 2021 at 07:00:03PM +0100, Claudio Jeker wrote:
> > For some reasons various ids were stored as size_t (probably because once
> > they used to be the index in an array). This is just silly and annoyed
I added support for vmctl -cL -B net -b bsd.rd -d disk.img to run the
autoinstall by emulating a PXE boot. In the commit
https://github.com/openbsd/src/commit/a13de4d12a4c9ba0edc05aab2ad635f782449229
the feature got removed over eagerly.
This diff adds this back because I find this super practical
On Sat, Dec 04, 2021 at 07:01:23PM +0100, Alexandr Nedvedicky wrote:
> Hello,
>
>
> On Fri, Dec 03, 2021 at 03:42:09PM +0100, Claudio Jeker wrote:
> >
> > See comments below.
> >
> >
> > > +void
> > > +pfi_group_delmember(const char *gro
On Wed, Dec 22, 2021 at 10:14:40AM -0500, Dave Voutila wrote:
>
> Claudio Jeker writes:
>
> > I added support for vmctl -cL -B net -b bsd.rd -d disk.img to run the
> > autoinstall by emulating a PXE boot. In the commit
> > https://gi
On Thu, Dec 23, 2021 at 07:50:24AM +, Raf Czlonka wrote:
> On Wed, Dec 22, 2021 at 08:32:16AM GMT, Claudio Jeker wrote:
> > On Tue, Dec 21, 2021 at 03:49:47PM -0500, jwinnie@tilde.institute wrote:
> > >
> > > Hello OpenBSD developers,
> > >
> > &g
Create a common repo_done() function which does the entiyq_flush and in
the case of RRDP the fallback to rsync. This simplifies the code and will
help to add the repo info to the parser process.
One difference between this and the original version is the case when a
RRDP repository merge fails. Be
On Sat, Dec 25, 2021 at 11:36:50AM +0100, Theo Buehler wrote:
> These extensions MUST be marked critical by the sections of the spec
> mentioned in the cryptowarnx(). That's determined by the ASN1_BOOLEAN
> that is extracted and ignored after the FIXME a few lines below each of
> the two hunks. Rat
This re-shuffles struct entity a bit and removes the unneeded has_data
indicator. Both data and datasz are not null when data is present and null
when there is no data. With this in mind the code becomes simpler.
--
:wq Claudio
Index: extern.h
On Mon, Dec 27, 2021 at 12:23:32PM +0100, Theo Buehler wrote:
> On Sat, Dec 25, 2021 at 05:48:53PM +0100, Claudio Jeker wrote:
> [...]
> > I would love to get rid of X509_V_FLAG_IGNORE_CRITICAL and use a callback
> > to ensure the right extensions are critical but I never managed
On Wed, Dec 29, 2021 at 01:06:30AM +0100, Theo Buehler wrote:
> On Tue, Dec 28, 2021 at 05:08:46PM +0100, Claudio Jeker wrote:
> > On Mon, Dec 27, 2021 at 12:23:32PM +0100, Theo Buehler wrote:
> > > On Sat, Dec 25, 2021 at 05:48:53PM +0100, Claudio Jeker wrote:
> > > [.
On Wed, Dec 22, 2021 at 12:34:34PM -0500, Dave Voutila wrote:
>
> Claudio Jeker writes:
>
> > On Wed, Dec 22, 2021 at 10:14:40AM -0500, Dave Voutila wrote:
> >>
> >> Claudio Jeker writes:
> >>
> >> > I added support for vmctl -cL -B net
This are obvious and easy to fix unused but set variables.
There are more in vioscsi.c but those are actually used if compiled with
DEBUG set.
--
:wq Claudio
Index: loadfile_elf.c
===
RCS file: /cvs/src/usr.sbin/vmd/loadfile_elf.c,v
On Wed, Dec 29, 2021 at 01:12:25PM +0100, Claudio Jeker wrote:
> On Wed, Dec 29, 2021 at 01:06:30AM +0100, Theo Buehler wrote:
> > On Tue, Dec 28, 2021 at 05:08:46PM +0100, Claudio Jeker wrote:
> > > On Mon, Dec 27, 2021 at 12:23:32PM +0100, Theo Buehler wrote:
> > > &
On Tue, Jan 04, 2022 at 10:58:41AM +0100, Claudio Jeker wrote:
> This are obvious and easy to fix unused but set variables.
> There are more in vioscsi.c but those are actually used if compiled with
> DEBUG set.
The changes in loadfile_elf.c, vioqcow2.c and vmd.c are trivial and can be
On Tue, Jan 04, 2022 at 08:42:29AM -0500, Dave Voutila wrote:
>
> Claudio Jeker writes:
>
> > This are obvious and easy to fix unused but set variables.
> > There are more in vioscsi.c but those are actually used if compiled with
> > DEBUG set.
>
> ok dv@, but
On Tue, Jan 04, 2022 at 02:48:17PM +0100, Theo Buehler wrote:
> As discussed in the previous thread, we can simplify the verify callback
> by getting rid of the extremely noisy warnx at the end. Fail directly on
> encountering an unknown critical extension and succeed otherwise.
OK claudio@ (and t
Currently running rpki-client -n with an up to date repo results in the
loss of around 25% of ROAs. The reason is that most of apnic fails since
they decided it is a glorious idea to put two rsync repos into one rrdp
repo.
When changing the repo state for the noop case from REPO_DONE to
REPO_FAIL
This is another diff on the way to having a validated repo.
Pass the filename of the entity which was parsed back to the parent.
With this we can move the filepath_add() call from entity_write_req()
to entity_process(). As a side-effect the "Already visited" check is moved
after parsing so a file m
On Tue, Jan 04, 2022 at 04:57:23PM +0100, Theo Buehler wrote:
> On Tue, Jan 04, 2022 at 04:15:56PM +0100, Claudio Jeker wrote:
> > This is another diff on the way to having a validated repo.
> > Pass the filename of the entity which was parsed back to the parent.
> > With
This changes the last proc_parser function over to not pass the entity to
the function. In this case apart from file we also need to pass the public
key of the TA and the tal identifier.
Change is mechanical and makes all callers work the same way.
--
:wq Claudio
Index: parser.c
Ran into this the other day and could not help myself to adjust the code.
If the mft is stale just bump the stale counter and be done. If not stale
queue all files from the mft for the next round.
In mft_parse I switched to a switch statement which is more obvious in my
opinion.
--
:wq Claudio
I
On Thu, Jan 06, 2022 at 01:48:01PM +0100, Theo Buehler wrote:
> On Thu, Jan 06, 2022 at 01:21:03PM +0100, Claudio Jeker wrote:
> > Ran into this the other day and could not help myself to adjust the code.
> > If the mft is stale just bump the stale counter and be done. If not stal
This diff changes the way the parser figures out which file to work on.
Until now the parent process sent a full path to the parser but that does
not work well with the idea of splitting the repo up into validated, rsync
and rrdp parts.
So this diff changes the way the parser opens a file. There a
On Tue, Jan 11, 2022 at 08:15:13AM +, Klemens Nanni wrote:
> On Mon, Jan 10, 2022 at 12:06:44PM +, Klemens Nanni wrote:
> > On Fri, Dec 31, 2021 at 07:54:53PM +0300, Vitaliy Makkoveev wrote:
> > > The uvm_wxabort path within uvm_wxcheck() looks not MP-safe.
> >
> > Right, I did not pay eno
On Tue, Jan 11, 2022 at 11:36:19AM +, Job Snijders wrote:
> On Mon, Jan 10, 2022 at 03:30:23PM +0100, Claudio Jeker wrote:
> > + if (RB_INSERT(repo_tree, &repos, rp) != NULL)
> > + errx(1, "repository already added to repo tree %d, %s", id,
> &g
Since we push repository information over to the parser -n mode was broken
because in that case the TA repositories did not get sent.
This little diff fixes the problem.
--
:wq Claudio
Index: repo.c
===
RCS file: /cvs/src/usr.sbin/r
This diff adds the code to pass --compare-dest to rsync. This will be
used once there is a valid cache and then the rsync repo will just act as
a delta on top.
Now --compare-dest is a bit strange as in the directory passed is relative
to the destination directory (last argument of rsync command).
This introduces a function remove_contents() which is implementing a basic
rm -r and uses it to clean the RRDP repository when downloading a
snapshot (especially after a delta failure). It also cleans out the temp
directory after a failure to fetch.
With the introduction of a validated cache this
Right now a file can only exist in one place in the rpki-client cache.
This will change when we split valid data to its own repo.
One step to get closer to that is to alter valid_filehash() to take an
open filedescriptor instead of using open(2) itself. This allows the
callers to decide which file
On Thu, Jan 13, 2022 at 02:24:59PM +0100, Theo Buehler wrote:
> On Thu, Jan 13, 2022 at 02:16:02PM +0100, Claudio Jeker wrote:
> > Right now a file can only exist in one place in the rpki-client cache.
> > This will change when we split valid data to its own repo.
> >
>
Noticed the other day, a stale manifest tries to check the fileandhash
data. But when running with -n none of this data will be around since it
was most probably removed on the previous run. The result is a lot of
warnings on top of the warning about the mft being stale. It is better to
skip mft_ch
This diff just shuffles some functions around to reduce the size of the
validate cache diff.
--
:wq Claudio
Index: repo.c
===
RCS file: /cvs/src/usr.sbin/rpki-client/repo.c,v
retrieving revision 1.23
diff -u -p -r1.23 repo.c
--- rep
This diff adds a new cache subdir called "valid". This is the place where
all verified and good files are stored after a run. It makes -n work a lot
better since -n will now only look at what's inside "valid" and ignore
"rsync" and "rrdp".
The trust anchors are still stored in "ta" even if valid.
On Thu, Jan 13, 2022 at 10:51:33PM +0100, Theo Buehler wrote:
> On Thu, Jan 13, 2022 at 05:05:57PM +0100, Claudio Jeker wrote:
> > This diff adds a new cache subdir called "valid". This is the place where
> > all verified and good files are stored after a run. It makes
On Fri, Jan 14, 2022 at 01:45:19PM +, Job Snijders wrote:
> Thanks Claudio,
>
> A question about stats below
>
> On Fri, Jan 14, 2022 at 10:29:20AM +0100, Claudio Jeker wrote:
> > @@ -1246,8 +1249,8 @@ main(int argc, char *argv[])
> > logx("Certificate re
On Fri, Jan 14, 2022 at 04:44:49PM +, Stuart Henderson wrote:
> On 2022/01/14 16:52, Rafael Sadowski wrote:
> > On Fri Jan 14, 2022 at 03:17:21PM +0100, Tobias Heider wrote:
> > > Hi,
> > >
> > > clang ships with a pretty useful static analyzer to find all kinds of bugs
> > > in C and C++ code
Use a common x509_init_oid() function to initalize all OID (convert them
to NIDs). I prefer this over having them spread out all over the place.
OK?
--
:wq Claudio
Index: cert.c
===
RCS file: /cvs/src/usr.sbin/rpki-client/cert.c,v
r
How X509_verify_cert() is called in rpki-client is mostly the same in all
places so move all this X509 boilerplate into valid_x509().
This simplifies the x509 validation in the parser a fair but and will also
make it easier for -f to validate certs.
OK?
--
:wq Claudio
Index: parser.c
==
UNIX does not let you get the path from an open file descriptor. It is not
possible to give this information reliably so you can't provide an API.
While a inode may exist a path to that inode may not. This is the case for
a file that is replaced or deleted while open.
Some systems give people a be
On Tue, Jan 18, 2022 at 02:09:08PM +0100, Theo Buehler wrote:
> On Tue, Jan 18, 2022 at 12:16:44PM +0100, Claudio Jeker wrote:
> > How X509_verify_cert() is called in rpki-client is mostly the same in all
> > places so move all this X509 boilerplate into valid_x509().
> >
&g
This diff cleans up cert.c a bit.
It removes the X509 handle from cert_parse() and ta_parse(). Callers
should instead use cert->x509. No need to double the work on us here.
While there switch auth_insert() to a void function. This function can
not fail. Again the result is simpler code in parser.
On Tue, Jan 18, 2022 at 05:20:45PM +0100, Theo Buehler wrote:
> On Tue, Jan 18, 2022 at 04:16:17PM +0100, Claudio Jeker wrote:
> > This diff cleans up cert.c a bit.
> >
> > It removes the X509 handle from cert_parse() and ta_parse(). Callers
> > should instead use ce
This is a follow up to the valid_x509() commit form earlier today.
tb@ suggested that the crl check should be grouped together.
After some thought I decided to do this all different.
First of all introduce a checkcrl flag which turns on
X509_V_FLAG_CRL_CHECK. This prevents code that expects a CRL t
On Tue, Jan 18, 2022 at 06:46:35PM +0100, Theo Buehler wrote:
> On Tue, Jan 18, 2022 at 06:38:46PM +0100, Claudio Jeker wrote:
> > This is a follow up to the valid_x509() commit form earlier today.
> > tb@ suggested that the crl check should be grouped together.
> > After some
On Tue, Jan 18, 2022 at 07:15:54PM +0100, Theo Buehler wrote:
> > I will commit this version in a bit (once rpki-client finished its run).
>
> I like this approach a lot better. ok
>
> One small comment below.
>
> > --
> > :wq Claudio
> >
> > Index: parser.c
> > ===
On Wed, Jan 19, 2022 at 09:35:34AM +0100, Theo Buehler wrote:
> This is the straightforward way to fix the leak of nfile in case the
> repo isn't found. The other option would be to defer the strdup until
> after successful lookup, but that felt clunky.
Yes, that's OK claudio@. I agree that this
The idea is that rpki-client -f file will show a human readable output for
file. It will also verify that file is valid (or show an error if not).
This implements this as a first version. Especially the output needs
improvement but parsing and validation works.
For validation rpki-client needs to
On Tue, Jan 18, 2022 at 02:41:38PM +0100, Claudio Jeker wrote:
> On Tue, Jan 18, 2022 at 02:09:08PM +0100, Theo Buehler wrote:
> > On Tue, Jan 18, 2022 at 12:16:44PM +0100, Claudio Jeker wrote:
> > > How X509_verify_cert() is called in rpki-client is mostly the same in all
> &
On Mon, Jan 17, 2022 at 02:54:32PM +0100, Christian Weisgerber wrote:
> usr.sbin/ospf6d: fix -Wunused-but-set-variable warnings
>
> merge_config() sets "rchange", but doesn't use it. Comparing the
> code to osfpd/ospfd.c makes me think that's an omission. Either
> way it seems odd that the two c
On Wed, Jan 19, 2022 at 12:56:21PM +0100, Theo Buehler wrote:
> On Wed, Jan 19, 2022 at 11:06:06AM +0100, Claudio Jeker wrote:
> > The idea is that rpki-client -f file will show a human readable output for
> > file. It will also verify that file is valid (or show an error if not)
Lets move the time validity checks for TA to cert.c. ta_parse already
checks the pubkey so why not do all validity checks.
While doing that remove the code to extract the subject. All errors print
the filename and the subject itself is just extra information that is less
helpful in the use case of
On Wed, Jan 19, 2022 at 06:01:38PM +0100, Theo Buehler wrote:
> Not sure if it is that much of a win, but it saves some repetition and
> makes sure we don't forget checking the file name to be longer than 4
> another time (missed on review in main() and proc_parser_file()).
I like the diff. It is
I would like to change -f into a real mode and with that support to
show more then one file at a time.
This is doing most of that. The output may need some extra fixing but the
logic itself works.
Yay or nay?
--
:wq Claudio
Index: main.c
=
On Fri, Jan 21, 2022 at 04:49:47PM +0100, Theo Buehler wrote:
> On Fri, Jan 21, 2022 at 02:58:57PM +0100, Claudio Jeker wrote:
> > On Wed, Jan 19, 2022 at 06:01:38PM +0100, Theo Buehler wrote:
> > > Not sure if it is that much of a win, but it saves some repetition and
> &g
On Fri, Jan 21, 2022 at 01:36:30PM -0700, Bob Beck wrote:
>
> I like that.. LGTM
>
> ok beck@
Ditto
>
> On Fri, Jan 21, 2022 at 08:37:27PM +0100, Theo Buehler wrote:
> > > Lets start with that and optimize this in tree. I think we can rename the
> > > function to something like rtype_from_mft
On Fri, Jan 21, 2022 at 03:22:51PM +0100, Claudio Jeker wrote:
> I would like to change -f into a real mode and with that support to
> show more then one file at a time.
>
> This is doing most of that. The output may need some extra fixing but the
> logic itself works.
>
>
On Sat, Jan 22, 2022 at 10:22:02AM +0100, Theo Buehler wrote:
> On Sat, Jan 22, 2022 at 10:11:36AM +0100, Claudio Jeker wrote:
> > On Fri, Jan 21, 2022 at 03:22:51PM +0100, Claudio Jeker wrote:
> > > I would like to change -f into a real mode and with that support to
> > &
The valid_cert() and valid_roa() functions both redo the valid_aki_ski()
call that the callee already did. Adjust the functions and skip this
redundant call. Also move the place where we set the talid for roa to a
better place.
With RFC3779 support in LibreSSL these functions no longer trigger sin
On Sat, Jan 22, 2022 at 11:50:34AM +0100, Theo Buehler wrote:
> On Sat, Jan 22, 2022 at 11:07:36AM +0100, Claudio Jeker wrote:
> > On Sat, Jan 22, 2022 at 10:22:02AM +0100, Theo Buehler wrote:
> > > On Sat, Jan 22, 2022 at 10:11:36AM +0100, Claudio Jeker wrote:
> > > &
On Sat, Jan 22, 2022 at 02:21:23PM +0100, Theo Buehler wrote:
> On Sat, Jan 22, 2022 at 12:42:30PM +0100, Theo Buehler wrote:
> > On Sat, Jan 22, 2022 at 11:47:17AM +0100, Claudio Jeker wrote:
> > > The valid_cert() and valid_roa() functions both redo the valid_aki_ski()
> >
Make all poll loops handle EINTR in the same way. Now since the loop is
restarted not poll related functions need to be called in that part of the
code. In rpki-client this only matters for the repo timeout. By merging
repo_next_timeout() and repo_check_timeout() together this function can be
moved
This diff does a few things regarding MFT file and hash sequences:
- it validates the filename early on so that if considered valid it can
be printed by printf(%s) without problems.
- it assigns the file type (based on the file extension) early on and no
longer uses this information when compa
On Mon, Jan 24, 2022 at 05:20:49PM +, Job Snijders wrote:
> On Mon, Jan 24, 2022 at 04:33:10PM +0100, Claudio Jeker wrote:
> > This diff does a few things regarding MFT file and hash sequences:
> >
> > - it validates the filename early on so that if considered valid it ca
This diff removes the valid/ subdir in favor of a more direct directory
layout for all valid CA repository files.
It moves rrdp and rsync to .rsync and .rrdp but keeps ta/ because trust
anchors are special.
The biggest change is probably in the FTS code to cleanup the repo since
the traversing now
On Wed, Jan 26, 2022 at 01:29:42AM +0100, Alexander Bluhm wrote:
> Hi,
>
> There were some problems with ix(4) and ixl(4) hardware checksumming
> for the output path on strict alignment architectures.
>
> I have merged jan@'s diffs and added some sanity checks and
> workarounds.
>
> - If the fir
On Wed, Jan 26, 2022 at 11:43:25AM +0100, Theo Buehler wrote:
> On Wed, Jan 26, 2022 at 10:06:37AM +0100, Claudio Jeker wrote:
> > This diff removes the valid/ subdir in favor of a more direct directory
> > layout for all valid CA repository files.
> > It moves rrdp and rsyn
rpki-client -f is a great tool to figure out what is going in the repo.
I noticed that supporting rsync:// URI (like the one from Authority info
access or Manifest) is easy and it makes it so much easier to follow
the breadcrumbs up and down.
While doing that I noticed that instead of using valid_
1001 - 1100 of 1504 matches
Mail list logo
