Re: bgpd: check max prefix just once

2018-07-09 Thread Claudio Jeker
On Mon, Jul 09, 2018 at 05:50:07PM +0200, Denis Fondras wrote: > I am late for a comment because it has already been commited but... > > > @@ -1373,6 +1339,14 @@ rde_update_update(struct rde_peer *peer, > > if (path_update(&ribs[RIB_ADJ_IN].rib, peer, asp, prefix, prefixlen, 0)) > >

kill raw_cb.h and raw_usrreq.c

2018-07-09 Thread Claudio Jeker
raw_usrreq() is no longer used so remove it from the tree. The only thing form the headerfile that was still used was RAWSNDQ and RAWRCVQ. I replaced them with per protocol defines. OK? -- :wq Claudio Index: conf/files === RCS file:

Re: bgpd: free the right thing in rib_free

2018-07-09 Thread Claudio Jeker
On Mon, Jul 09, 2018 at 11:45:41PM +0200, Sebastian Benoit wrote: > Actually free the right thing in rib_free() > Found by and with claudio. > > (benno_claudio_rde_rib_rib_free.diff) OK claudio@ > Index: rde_rib.c > === > RCS file:

Re: bgpd: replacing the rib is needed when the flag changes

2018-07-09 Thread Claudio Jeker
On Mon, Jul 09, 2018 at 11:58:05PM +0200, Sebastian Benoit wrote: > > compare the right things here: we want to know if the flag has changed. > Found with claudios help and patience. > > ok? This is fucked up. :) > (benno_claudio_rde_reconf_F_RIB_HASNOFIB.diff) > > Index: rde.c >

Re: bgpd: replacing the rib is needed when the flag changes

2018-07-09 Thread Claudio Jeker
On Tue, Jul 10, 2018 at 12:07:04AM +0200, Sebastian Benoit wrote: > Sebastian Benoit(be...@openbsd.org) on 2018.07.10 00:06:06 +0200: > > Claudio Jeker(cje...@diehard.n-r-g.com) on 2018.07.10 00:05:08 +0200: > > > On Mon, Jul 09, 2018 at 11:58:05PM +0200, Seba

Re: bgpd parse.y: dont let rtable number overflow

2018-07-10 Thread Claudio Jeker
On Tue, Jul 10, 2018 at 11:15:51AM +0200, Sebastian Benoit wrote: > we only support up to RT_TABLEID_MAX rtables. > > ok? OK > (benno_bgpd_rtable_max.diff) > > Index: parse.y > === > RCS file: /cvs/src/usr.sbin/bgpd/parse.y,v > re

Re: ospfd: track gateway addresses of cloning routes

2018-07-10 Thread Claudio Jeker
On Tue, Jul 10, 2018 at 12:18:15PM +0200, Florian Riehm wrote: > Hi, > > since we use multiple cloning routes (mpath) if more than one ip address > exists in the same network, the routes are distinguished by their gateway > address, which is the associated interface address. > The ospfd has to tra

Re: ospf6d: Do not try to change cloning routes into gateway routes

2018-07-10 Thread Claudio Jeker
On Tue, Jul 10, 2018 at 01:56:37PM +0200, Florian Riehm wrote: > Hi, > > If intra area prefixes move from one router to another router, cloning routes > may become gateway routes and contrary. The kernel does not allow to change > the > flags RTF_GATEWAY / RTF_CLONING in RTM_CHANGE messages, but

yet another bgpd cleanup diff

2018-07-10 Thread Claudio Jeker
Again lots of minuses that can be replaced with very few plus lines. This moves the prefixlen check into rde_update_get_prefix*() functions since those can already return an error that is actually the same. OK? -- :wq Claudio Index: rde.c =

bgpd use struct filterstate in more places

2018-07-10 Thread Claudio Jeker
This uses struct filterstate in rde_update_dispatch() and passes the struct to a few functions down (rde_update_update, path_update and some more friends). After that it should become easier to move nexthop and later maybe the peer out of struct rde_aspath into struct prefix. -- :wq Claudio Ind

Re: bgpd: announce prefixes with priority n

2018-07-11 Thread Claudio Jeker
On Wed, Jul 11, 2018 at 12:43:41AM +0200, Sebastian Benoit wrote: > hi, > > allows you to announce prefixes from the kernel routing table selected by > priority. > > lightly tested, as in, the config part works. > > network inet priority 32 > > ok? This is fairly esotheric as a feature. It w

Time to retire RTM_LOSING

2018-07-11 Thread Claudio Jeker
On busy servers I seen multiple RTM_LOSING message per second being generated. This is not helpful (especially since nothing is doing something with it). This diff removes the part where RTM_LOSING is generated but at the same time adds some RTM_ADD / RTM_DELETE messages for the dynamic routes adde

Re: Time to retire RTM_LOSING

2018-07-11 Thread Claudio Jeker
On Wed, Jul 11, 2018 at 10:10:50AM +0200, Martin Pieuchot wrote: > On 11/07/18(Wed) 09:55, Claudio Jeker wrote: > > On busy servers I seen multiple RTM_LOSING message per second being > > generated. This is not helpful (especially since nothing is doing > > something with i

bgpd: better hash functions

2018-07-11 Thread Claudio Jeker
Especially the rde_aspath hash function is horrible. Fix this by adding more bits to the SipHash which results in a better spread. Also switch the stored hases to 64bit and save the one for rde_aspath as well since it the compare a lot quicker. -- :wq Claudio Index: rde.h ===

Re: bgpd: check if we are running in an rtable or a rdomain

2018-07-11 Thread Claudio Jeker
On Wed, Jul 11, 2018 at 10:18:59PM +0200, Sebastian Benoit wrote: > > ok? OK claudio@ > (benno_check_rdomain.diff) > > diff --git usr.sbin/bgpd/config.c usr.sbin/bgpd/config.c > index 2a2e5dfa314..4f8134e6b68 100644 > --- usr.sbin/bgpd/config.c > +++ usr.sbin/bgpd/config.c > @@ -46,6 +46,7 @@

kill RTM_Losing in route6d

2018-07-11 Thread Claudio Jeker
See subject, it is not using it in any sensible way. -- :wq Claudio Index: route6d.c === RCS file: /cvs/src/usr.sbin/route6d/route6d.c,v retrieving revision 1.96 diff -u -p -r1.96 route6d.c --- route6d.c 1 Jul 2018 15:42:37 -

bgpctl show mrt file

2018-07-12 Thread Claudio Jeker
This diff ads enough extra code to parse and display mrt update messages. Some code in bgpd needs to be moved to be reachable by bgpctl. bgpctl code gets reshuffled so that mrt printing works without a running bgpd and also to make the pledge more strict. This is nice to see stuff like the full not

Re: bgpd use struct filterstate in more places

2018-07-13 Thread Claudio Jeker
On Tue, Jul 10, 2018 at 06:37:44PM +0200, Claudio Jeker wrote: > This uses struct filterstate in rde_update_dispatch() and passes the > struct to a few functions down (rde_update_update, path_update and some > more friends). After that it should become easier to move nexthop and > lat

Re: make sbin/route monitor work on all rdomains

2018-07-13 Thread Claudio Jeker
On Fri, Jul 13, 2018 at 11:55:33AM +0200, Sebastian Benoit wrote: > > ok? > > (benno_route_monitor.diff) > > diff --git sbin/route/route.c sbin/route/route.c > index f98bdeae0a2..d4467a77d04 100644 > --- sbin/route/route.c > +++ sbin/route/route.c > @@ -150,6 +150,7 @@ main(int argc, char **argv

bgpd switch mrt format to extended timestamp

2018-07-16 Thread Claudio Jeker
For "dump (all|updates) (in|out)" it totally makes sense to use the extended timestamp format that includes microseconds as well. This way it is better visible when updates got processed. Table dumps are not affected since there the timestamp is not that useful. bgpdump shows now the time with mi

teach bgpctl show mrt to handle timestamps

2018-07-17 Thread Claudio Jeker
This diffs adds timestamps similar to kdump to bgpctl show mrt output when messages or states are shown. Currently it looks like this: 1531425344.00 153.5.146.105[23456] -> 62.48.0.253[0]: size 63 0.00 153.5.146.105[23456] -> 62.48.0.253[0]: Connect -> OpenSent 0.00 153.5.146.105[23456

bgpctl show mrt without bgpd running

2018-07-17 Thread Claudio Jeker
There is no reason why bgpd must be running to do a bgpctl show mrt call. This diff moves the SHOW_MRT case up to the IRRFILTER one and also makes the pledge() calls stricter. I see no reason why rpath or wpath are needed and neither did benno@ remember why. OK? -- :wq Claudio Index: bgpctl.c ==

bgpd move nexthop into filterstate

2018-07-18 Thread Claudio Jeker
This is the next small bit of rde rebuilding. Move nexthop into struct filterstate (including nexthop flags) and use them whereever possible. In some places (path_update, softreconfig_out handler) the nexthop state are folded back into the rde_aspath. This also fixes a possible crash when it comes

Re: [External] : Re: make 'set skip on ...' dynamic

2021-12-03 Thread Claudio Jeker
On Fri, Nov 26, 2021 at 11:37:37PM +0100, Alexandr Nedvedicky wrote: > Hello, > > On Fri, Nov 26, 2021 at 01:01:40PM +0100, Claudio Jeker wrote: > > > > One more thing to consider, I think the following test in pfi_set_flags(): > > > > > + if

rpki-client: use single function to build basedir

2021-12-03 Thread Claudio Jeker
Currently ta, rrdp and rsync repositories use different functions to build their base path. This diff changes this so that all can use the same function. This is a first step to introduce a common validated repository. -- :wq Claudio Index: repo.c

Re: add number of prefixed received to bgpctl -j sh

2021-12-12 Thread Claudio Jeker
On Sun, Dec 12, 2021 at 03:22:37PM +0100, Denis Fondras wrote: > Le Sun, Dec 12, 2021 at 01:43:06PM +, Stuart Henderson a écrit : > > On 2021/12/12 14:13, Denis Fondras wrote: > > > Number of received prefixes appear in `bgpctl sh` but not in `bgpctl -j > > > sh`. > > > > > > Here is a diff t

Re: dhcpleased(8): network byte order for xid

2021-12-13 Thread Claudio Jeker
On Mon, Dec 13, 2021 at 11:27:20AM +0100, Florian Obser wrote: > Treat xid as a uint32_t in network byte order on the wire. > > Internally this doesn't matter since we only care about equality. > This makes logging output comparable to tcpdump(8). > > Pointed out by joel@ > > OK? OK claudio@

Re: dhcpleased(8): use struct assignment

2021-12-13 Thread Claudio Jeker
On Mon, Dec 13, 2021 at 11:25:02AM +0100, Florian Obser wrote: > Replace struct member assignment with struct assignment to make the code > more compact. No binary change (on amd64). > > OK? Or is there a reason not to do this? Looks good to me and I also see no reason why this should not be done

fix ldapd bug when removing last attribute

2021-12-19 Thread Claudio Jeker
In LDAP there is two ways to remove an attribute. One can remove an attribute by just naming the attribute but it is also possible to remove a specific attribute: value combo. In ldapd the latter is broken if the last attribute is removed because the result of ldap_del_values() is an invalid encod

rpki-client simplify code a bit

2021-12-21 Thread Claudio Jeker
The limiter for repository count under a TA only makes sense for repositories referenced from certs but less so for the actual TA. So remove the logic from ta_lookup() and friends and make the code simpler. There is no risk in doing so since there is only one TA and one ta_lookup() done per TAL and

rpki-client, stop using size_t for ids

2021-12-21 Thread Claudio Jeker
For some reasons various ids were stored as size_t (probably because once they used to be the index in an array). This is just silly and annoyed me for long enough. I think this fixes all of them. While there also stop using size_t for maxlength of a prefix. Everywhere else the code uses just a un

more rpki-client cleanup

2021-12-21 Thread Claudio Jeker
In the roa parser the handling of maxlen is overly complex. Just set maxlen to addr.prefixlen before parsing the maxlength option. If present it will override maxlen with the new value and with that the ternary confusion at the end can be removed. -- :wq Claudio Index: roa.c

Re: uhidppctl(8)

2021-12-22 Thread Claudio Jeker
On Tue, Dec 21, 2021 at 03:49:47PM -0500, jwinnie@tilde.institute wrote: > > Hello OpenBSD developers, > > I am interested in contributing to improve the uhidpp(4) > (Logitech Unifying Reciever) support in OpenBSD. > > Currently, the uhidpp(4) driver only handles detecting certain > sensors, but

Re: rpki-client, stop using size_t for ids

2021-12-22 Thread Claudio Jeker
On Tue, Dec 21, 2021 at 06:24:44PM +, Job Snijders wrote: > On Tue, Dec 21, 2021 at 07:00:03PM +0100, Claudio Jeker wrote: > > For some reasons various ids were stored as size_t (probably because once > > they used to be the index in an array). This is just silly and annoyed

fix vmctl -B net -b bsd.rd to autoinstall

2021-12-22 Thread Claudio Jeker
I added support for vmctl -cL -B net -b bsd.rd -d disk.img to run the autoinstall by emulating a PXE boot. In the commit https://github.com/openbsd/src/commit/a13de4d12a4c9ba0edc05aab2ad635f782449229 the feature got removed over eagerly. This diff adds this back because I find this super practical

Re: [External] : Re: make 'set skip on ...' dynamic

2021-12-22 Thread Claudio Jeker
On Sat, Dec 04, 2021 at 07:01:23PM +0100, Alexandr Nedvedicky wrote: > Hello, > > > On Fri, Dec 03, 2021 at 03:42:09PM +0100, Claudio Jeker wrote: > > > > See comments below. > > > > > > > +void > > > +pfi_group_delmember(const char *gro

Re: fix vmctl -B net -b bsd.rd to autoinstall

2021-12-22 Thread Claudio Jeker
On Wed, Dec 22, 2021 at 10:14:40AM -0500, Dave Voutila wrote: > > Claudio Jeker writes: > > > I added support for vmctl -cL -B net -b bsd.rd -d disk.img to run the > > autoinstall by emulating a PXE boot. In the commit > > https://gi

Re: uhidppctl(8)

2021-12-23 Thread Claudio Jeker
On Thu, Dec 23, 2021 at 07:50:24AM +, Raf Czlonka wrote: > On Wed, Dec 22, 2021 at 08:32:16AM GMT, Claudio Jeker wrote: > > On Tue, Dec 21, 2021 at 03:49:47PM -0500, jwinnie@tilde.institute wrote: > > > > > > Hello OpenBSD developers, > > > > > &g

rpki-client refactor common repo code

2021-12-23 Thread Claudio Jeker
Create a common repo_done() function which does the entiyq_flush and in the case of RRDP the fallback to rsync. This simplifies the code and will help to add the repo info to the parser process. One difference between this and the original version is the case when a RRDP repository merge fails. Be

Re: rpki-client: check ipAddrBlock and autonomousSysNum for criticality

2021-12-25 Thread Claudio Jeker
On Sat, Dec 25, 2021 at 11:36:50AM +0100, Theo Buehler wrote: > These extensions MUST be marked critical by the sections of the spec > mentioned in the cryptowarnx(). That's determined by the ASN1_BOOLEAN > that is extracted and ignored after the FIXME a few lines below each of > the two hunks. Rat

simplify rpki-client entity marshal

2021-12-28 Thread Claudio Jeker
This re-shuffles struct entity a bit and removes the unneeded has_data indicator. Both data and datasz are not null when data is present and null when there is no data. With this in mind the code becomes simpler. -- :wq Claudio Index: extern.h

Re: rpki-client: check ipAddrBlock and autonomousSysNum for criticality

2021-12-28 Thread Claudio Jeker
On Mon, Dec 27, 2021 at 12:23:32PM +0100, Theo Buehler wrote: > On Sat, Dec 25, 2021 at 05:48:53PM +0100, Claudio Jeker wrote: > [...] > > I would love to get rid of X509_V_FLAG_IGNORE_CRITICAL and use a callback > > to ensure the right extensions are critical but I never managed

Re: rpki-client: check ipAddrBlock and autonomousSysNum for criticality

2021-12-29 Thread Claudio Jeker
On Wed, Dec 29, 2021 at 01:06:30AM +0100, Theo Buehler wrote: > On Tue, Dec 28, 2021 at 05:08:46PM +0100, Claudio Jeker wrote: > > On Mon, Dec 27, 2021 at 12:23:32PM +0100, Theo Buehler wrote: > > > On Sat, Dec 25, 2021 at 05:48:53PM +0100, Claudio Jeker wrote: > > > [.

Re: fix vmctl -B net -b bsd.rd to autoinstall

2021-12-29 Thread Claudio Jeker
On Wed, Dec 22, 2021 at 12:34:34PM -0500, Dave Voutila wrote: > > Claudio Jeker writes: > > > On Wed, Dec 22, 2021 at 10:14:40AM -0500, Dave Voutila wrote: > >> > >> Claudio Jeker writes: > >> > >> > I added support for vmctl -cL -B net

fix some -Wunused-but-set-variable warnings in vmd

2022-01-04 Thread Claudio Jeker
This are obvious and easy to fix unused but set variables. There are more in vioscsi.c but those are actually used if compiled with DEBUG set. -- :wq Claudio Index: loadfile_elf.c === RCS file: /cvs/src/usr.sbin/vmd/loadfile_elf.c,v

Re: rpki-client: check ipAddrBlock and autonomousSysNum for criticality

2022-01-04 Thread Claudio Jeker
On Wed, Dec 29, 2021 at 01:12:25PM +0100, Claudio Jeker wrote: > On Wed, Dec 29, 2021 at 01:06:30AM +0100, Theo Buehler wrote: > > On Tue, Dec 28, 2021 at 05:08:46PM +0100, Claudio Jeker wrote: > > > On Mon, Dec 27, 2021 at 12:23:32PM +0100, Theo Buehler wrote: > > > &

Re: fix some -Wunused-but-set-variable warnings in vmd

2022-01-04 Thread Claudio Jeker
On Tue, Jan 04, 2022 at 10:58:41AM +0100, Claudio Jeker wrote: > This are obvious and easy to fix unused but set variables. > There are more in vioscsi.c but those are actually used if compiled with > DEBUG set. The changes in loadfile_elf.c, vioqcow2.c and vmd.c are trivial and can be

Re: fix some -Wunused-but-set-variable warnings in vmd

2022-01-04 Thread Claudio Jeker
On Tue, Jan 04, 2022 at 08:42:29AM -0500, Dave Voutila wrote: > > Claudio Jeker writes: > > > This are obvious and easy to fix unused but set variables. > > There are more in vioscsi.c but those are actually used if compiled with > > DEBUG set. > > ok dv@, but

Re: rpki-client: simplify verify callback

2022-01-04 Thread Claudio Jeker
On Tue, Jan 04, 2022 at 02:48:17PM +0100, Theo Buehler wrote: > As discussed in the previous thread, we can simplify the verify callback > by getting rid of the extremely noisy warnx at the end. Fail directly on > encountering an unknown critical extension and succeed otherwise. OK claudio@ (and t

unbreak rpki-client -n mode

2022-01-04 Thread Claudio Jeker
Currently running rpki-client -n with an up to date repo results in the loss of around 25% of ROAs. The reason is that most of apnic fails since they decided it is a glorious idea to put two rsync repos into one rrdp repo. When changing the repo state for the noop case from REPO_DONE to REPO_FAIL

rpki-client pass real filename from parser back to parent

2022-01-04 Thread Claudio Jeker
This is another diff on the way to having a validated repo. Pass the filename of the entity which was parsed back to the parent. With this we can move the filepath_add() call from entity_write_req() to entity_process(). As a side-effect the "Already visited" check is moved after parsing so a file m

Re: rpki-client pass real filename from parser back to parent

2022-01-04 Thread Claudio Jeker
On Tue, Jan 04, 2022 at 04:57:23PM +0100, Theo Buehler wrote: > On Tue, Jan 04, 2022 at 04:15:56PM +0100, Claudio Jeker wrote: > > This is another diff on the way to having a validated repo. > > Pass the filename of the entity which was parsed back to the parent. > > With

rpki-client parser refactor

2022-01-05 Thread Claudio Jeker
This changes the last proc_parser function over to not pass the entity to the function. In this case apart from file we also need to pass the public key of the TA and the tal identifier. Change is mechanical and makes all callers work the same way. -- :wq Claudio Index: parser.c

rpki-client fix for a FIXME

2022-01-06 Thread Claudio Jeker
Ran into this the other day and could not help myself to adjust the code. If the mft is stale just bump the stale counter and be done. If not stale queue all files from the mft for the next round. In mft_parse I switched to a switch statement which is more obvious in my opinion. -- :wq Claudio I

Re: rpki-client fix for a FIXME

2022-01-06 Thread Claudio Jeker
On Thu, Jan 06, 2022 at 01:48:01PM +0100, Theo Buehler wrote: > On Thu, Jan 06, 2022 at 01:21:03PM +0100, Claudio Jeker wrote: > > Ran into this the other day and could not help myself to adjust the code. > > If the mft is stale just bump the stale counter and be done. If not stal

rpki-client pass repo info to parser process

2022-01-10 Thread Claudio Jeker
This diff changes the way the parser figures out which file to work on. Until now the parent process sent a full path to the parser but that does not work well with the idea of splitting the repo up into validated, rsync and rrdp parts. So this diff changes the way the parser opens a file. There a

Re: unlock mmap(2) for anonymous mappings

2022-01-11 Thread Claudio Jeker
On Tue, Jan 11, 2022 at 08:15:13AM +, Klemens Nanni wrote: > On Mon, Jan 10, 2022 at 12:06:44PM +, Klemens Nanni wrote: > > On Fri, Dec 31, 2021 at 07:54:53PM +0300, Vitaliy Makkoveev wrote: > > > The uvm_wxabort path within uvm_wxcheck() looks not MP-safe. > > > > Right, I did not pay eno

Re: rpki-client pass repo info to parser process

2022-01-11 Thread Claudio Jeker
On Tue, Jan 11, 2022 at 11:36:19AM +, Job Snijders wrote: > On Mon, Jan 10, 2022 at 03:30:23PM +0100, Claudio Jeker wrote: > > + if (RB_INSERT(repo_tree, &repos, rp) != NULL) > > + errx(1, "repository already added to repo tree %d, %s", id, > &g

rpki-client fix -n mode

2022-01-13 Thread Claudio Jeker
Since we push repository information over to the parser -n mode was broken because in that case the TA repositories did not get sent. This little diff fixes the problem. -- :wq Claudio Index: repo.c === RCS file: /cvs/src/usr.sbin/r

rpki-client prepare to use rsync --compare-dest

2022-01-13 Thread Claudio Jeker
This diff adds the code to pass --compare-dest to rsync. This will be used once there is a valid cache and then the rsync repo will just act as a delta on top. Now --compare-dest is a bit strange as in the directory passed is relative to the destination directory (last argument of rsync command).

rpki-client real cleanup before snapshot

2022-01-13 Thread Claudio Jeker
This introduces a function remove_contents() which is implementing a basic rm -r and uses it to clean the RRDP repository when downloading a snapshot (especially after a delta failure). It also cleans out the temp directory after a failure to fetch. With the introduction of a validated cache this

rpki-client, adjust valid_filehash and callers for repo split

2022-01-13 Thread Claudio Jeker
Right now a file can only exist in one place in the rpki-client cache. This will change when we split valid data to its own repo. One step to get closer to that is to alter valid_filehash() to take an open filedescriptor instead of using open(2) itself. This allows the callers to decide which file

Re: rpki-client, adjust valid_filehash and callers for repo split

2022-01-13 Thread Claudio Jeker
On Thu, Jan 13, 2022 at 02:24:59PM +0100, Theo Buehler wrote: > On Thu, Jan 13, 2022 at 02:16:02PM +0100, Claudio Jeker wrote: > > Right now a file can only exist in one place in the rpki-client cache. > > This will change when we split valid data to its own repo. > > >

rpki-client stop checking stale manifests

2022-01-13 Thread Claudio Jeker
Noticed the other day, a stale manifest tries to check the fileandhash data. But when running with -n none of this data will be around since it was most probably removed on the previous run. The result is a lot of warnings on top of the warning about the mft being stale. It is better to skip mft_ch

rpki-client reshuffle deck chairs

2022-01-13 Thread Claudio Jeker
This diff just shuffles some functions around to reduce the size of the validate cache diff. -- :wq Claudio Index: repo.c === RCS file: /cvs/src/usr.sbin/rpki-client/repo.c,v retrieving revision 1.23 diff -u -p -r1.23 repo.c --- rep

rpki-client introduce validated cache

2022-01-13 Thread Claudio Jeker
This diff adds a new cache subdir called "valid". This is the place where all verified and good files are stored after a run. It makes -n work a lot better since -n will now only look at what's inside "valid" and ignore "rsync" and "rrdp". The trust anchors are still stored in "ta" even if valid.

Re: rpki-client introduce validated cache

2022-01-14 Thread Claudio Jeker
On Thu, Jan 13, 2022 at 10:51:33PM +0100, Theo Buehler wrote: > On Thu, Jan 13, 2022 at 05:05:57PM +0100, Claudio Jeker wrote: > > This diff adds a new cache subdir called "valid". This is the place where > > all verified and good files are stored after a run. It makes

Re: rpki-client introduce validated cache

2022-01-14 Thread Claudio Jeker
On Fri, Jan 14, 2022 at 01:45:19PM +, Job Snijders wrote: > Thanks Claudio, > > A question about stats below > > On Fri, Jan 14, 2022 at 10:29:20AM +0100, Claudio Jeker wrote: > > @@ -1246,8 +1249,8 @@ main(int argc, char *argv[]) > > logx("Certificate re

Re: clang: compile static analyzer

2022-01-14 Thread Claudio Jeker
On Fri, Jan 14, 2022 at 04:44:49PM +, Stuart Henderson wrote: > On 2022/01/14 16:52, Rafael Sadowski wrote: > > On Fri Jan 14, 2022 at 03:17:21PM +0100, Tobias Heider wrote: > > > Hi, > > > > > > clang ships with a pretty useful static analyzer to find all kinds of bugs > > > in C and C++ code

rpki-client init all oids in one place

2022-01-18 Thread Claudio Jeker
Use a common x509_init_oid() function to initalize all OID (convert them to NIDs). I prefer this over having them spread out all over the place. OK? -- :wq Claudio Index: cert.c === RCS file: /cvs/src/usr.sbin/rpki-client/cert.c,v r

rpki-client x509 verification in common function

2022-01-18 Thread Claudio Jeker
How X509_verify_cert() is called in rpki-client is mostly the same in all places so move all this X509 boilerplate into valid_x509(). This simplifies the x509 validation in the parser a fair but and will also make it easier for -f to validate certs. OK? -- :wq Claudio Index: parser.c ==

Re: C API Suggestion: Get Hard Link Path and Filename From File Descriptor

2022-01-18 Thread Claudio Jeker
UNIX does not let you get the path from an open file descriptor. It is not possible to give this information reliably so you can't provide an API. While a inode may exist a path to that inode may not. This is the case for a file that is replaced or deleted while open. Some systems give people a be

Re: rpki-client x509 verification in common function

2022-01-18 Thread Claudio Jeker
On Tue, Jan 18, 2022 at 02:09:08PM +0100, Theo Buehler wrote: > On Tue, Jan 18, 2022 at 12:16:44PM +0100, Claudio Jeker wrote: > > How X509_verify_cert() is called in rpki-client is mostly the same in all > > places so move all this X509 boilerplate into valid_x509(). > > &g

rpki-client refactor cert.c

2022-01-18 Thread Claudio Jeker
This diff cleans up cert.c a bit. It removes the X509 handle from cert_parse() and ta_parse(). Callers should instead use cert->x509. No need to double the work on us here. While there switch auth_insert() to a void function. This function can not fail. Again the result is simpler code in parser.

Re: rpki-client refactor cert.c

2022-01-18 Thread Claudio Jeker
On Tue, Jan 18, 2022 at 05:20:45PM +0100, Theo Buehler wrote: > On Tue, Jan 18, 2022 at 04:16:17PM +0100, Claudio Jeker wrote: > > This diff cleans up cert.c a bit. > > > > It removes the X509 handle from cert_parse() and ta_parse(). Callers > > should instead use ce

rpki-client valid_x509() followup

2022-01-18 Thread Claudio Jeker
This is a follow up to the valid_x509() commit form earlier today. tb@ suggested that the crl check should be grouped together. After some thought I decided to do this all different. First of all introduce a checkcrl flag which turns on X509_V_FLAG_CRL_CHECK. This prevents code that expects a CRL t

Re: rpki-client valid_x509() followup

2022-01-18 Thread Claudio Jeker
On Tue, Jan 18, 2022 at 06:46:35PM +0100, Theo Buehler wrote: > On Tue, Jan 18, 2022 at 06:38:46PM +0100, Claudio Jeker wrote: > > This is a follow up to the valid_x509() commit form earlier today. > > tb@ suggested that the crl check should be grouped together. > > After some

Re: rpki-client valid_x509() followup

2022-01-18 Thread Claudio Jeker
On Tue, Jan 18, 2022 at 07:15:54PM +0100, Theo Buehler wrote: > > I will commit this version in a bit (once rpki-client finished its run). > > I like this approach a lot better. ok > > One small comment below. > > > -- > > :wq Claudio > > > > Index: parser.c > > ===

Re: rpki-client: plug leak in queue_add_from_tal()

2022-01-19 Thread Claudio Jeker
On Wed, Jan 19, 2022 at 09:35:34AM +0100, Theo Buehler wrote: > This is the straightforward way to fix the leak of nfile in case the > repo isn't found. The other option would be to defer the strdup until > after successful lookup, but that felt clunky. Yes, that's OK claudio@. I agree that this

Implement rpki-client -f file

2022-01-19 Thread Claudio Jeker
The idea is that rpki-client -f file will show a human readable output for file. It will also verify that file is valid (or show an error if not). This implements this as a first version. Especially the output needs improvement but parsing and validation works. For validation rpki-client needs to

Re: rpki-client x509 verification in common function

2022-01-19 Thread Claudio Jeker
On Tue, Jan 18, 2022 at 02:41:38PM +0100, Claudio Jeker wrote: > On Tue, Jan 18, 2022 at 02:09:08PM +0100, Theo Buehler wrote: > > On Tue, Jan 18, 2022 at 12:16:44PM +0100, Claudio Jeker wrote: > > > How X509_verify_cert() is called in rpki-client is mostly the same in all > &

Re: usr.sbin/ospf6d: fix -Wunused-but-set-variable warnings

2022-01-19 Thread Claudio Jeker
On Mon, Jan 17, 2022 at 02:54:32PM +0100, Christian Weisgerber wrote: > usr.sbin/ospf6d: fix -Wunused-but-set-variable warnings > > merge_config() sets "rchange", but doesn't use it. Comparing the > code to osfpd/ospfd.c makes me think that's an omission. Either > way it seems odd that the two c

Re: Implement rpki-client -f file

2022-01-19 Thread Claudio Jeker
On Wed, Jan 19, 2022 at 12:56:21PM +0100, Theo Buehler wrote: > On Wed, Jan 19, 2022 at 11:06:06AM +0100, Claudio Jeker wrote: > > The idea is that rpki-client -f file will show a human readable output for > > file. It will also verify that file is valid (or show an error if not)

rpki-client move X509 checks for TA to cert.c

2022-01-20 Thread Claudio Jeker
Lets move the time validity checks for TA to cert.c. ta_parse already checks the pubkey so why not do all validity checks. While doing that remove the code to extract the subject. All errors print the filename and the subject itself is just extra information that is less helpful in the use case of

Re: rpki-client: factor filename extension parsing into a function

2022-01-21 Thread Claudio Jeker
On Wed, Jan 19, 2022 at 06:01:38PM +0100, Theo Buehler wrote: > Not sure if it is that much of a win, but it saves some repetition and > makes sure we don't forget checking the file name to be longer than 4 > another time (missed on review in main() and proc_parser_file()). I like the diff. It is

rpki-client -f and multiple files

2022-01-21 Thread Claudio Jeker
I would like to change -f into a real mode and with that support to show more then one file at a time. This is doing most of that. The output may need some extra fixing but the logic itself works. Yay or nay? -- :wq Claudio Index: main.c =

Re: rpki-client: factor filename extension parsing into a function

2022-01-21 Thread Claudio Jeker
On Fri, Jan 21, 2022 at 04:49:47PM +0100, Theo Buehler wrote: > On Fri, Jan 21, 2022 at 02:58:57PM +0100, Claudio Jeker wrote: > > On Wed, Jan 19, 2022 at 06:01:38PM +0100, Theo Buehler wrote: > > > Not sure if it is that much of a win, but it saves some repetition and > &g

Re: rpki-client: factor filename extension parsing into a function

2022-01-22 Thread Claudio Jeker
On Fri, Jan 21, 2022 at 01:36:30PM -0700, Bob Beck wrote: > > I like that.. LGTM > > ok beck@ Ditto > > On Fri, Jan 21, 2022 at 08:37:27PM +0100, Theo Buehler wrote: > > > Lets start with that and optimize this in tree. I think we can rename the > > > function to something like rtype_from_mft

Re: rpki-client -f and multiple files

2022-01-22 Thread Claudio Jeker
On Fri, Jan 21, 2022 at 03:22:51PM +0100, Claudio Jeker wrote: > I would like to change -f into a real mode and with that support to > show more then one file at a time. > > This is doing most of that. The output may need some extra fixing but the > logic itself works. > >

Re: rpki-client -f and multiple files

2022-01-22 Thread Claudio Jeker
On Sat, Jan 22, 2022 at 10:22:02AM +0100, Theo Buehler wrote: > On Sat, Jan 22, 2022 at 10:11:36AM +0100, Claudio Jeker wrote: > > On Fri, Jan 21, 2022 at 03:22:51PM +0100, Claudio Jeker wrote: > > > I would like to change -f into a real mode and with that support to > > &

rpki-client cleanup valid_cert and valid_roa

2022-01-22 Thread Claudio Jeker
The valid_cert() and valid_roa() functions both redo the valid_aki_ski() call that the callee already did. Adjust the functions and skip this redundant call. Also move the place where we set the talid for roa to a better place. With RFC3779 support in LibreSSL these functions no longer trigger sin

Re: rpki-client -f and multiple files

2022-01-22 Thread Claudio Jeker
On Sat, Jan 22, 2022 at 11:50:34AM +0100, Theo Buehler wrote: > On Sat, Jan 22, 2022 at 11:07:36AM +0100, Claudio Jeker wrote: > > On Sat, Jan 22, 2022 at 10:22:02AM +0100, Theo Buehler wrote: > > > On Sat, Jan 22, 2022 at 10:11:36AM +0100, Claudio Jeker wrote: > > > &

Re: rpki-client cleanup valid_cert and valid_roa

2022-01-22 Thread Claudio Jeker
On Sat, Jan 22, 2022 at 02:21:23PM +0100, Theo Buehler wrote: > On Sat, Jan 22, 2022 at 12:42:30PM +0100, Theo Buehler wrote: > > On Sat, Jan 22, 2022 at 11:47:17AM +0100, Claudio Jeker wrote: > > > The valid_cert() and valid_roa() functions both redo the valid_aki_ski() > >

rpki-client unify poll loop

2022-01-23 Thread Claudio Jeker
Make all poll loops handle EINTR in the same way. Now since the loop is restarted not poll related functions need to be called in that part of the code. In rpki-client this only matters for the repo timeout. By merging repo_next_timeout() and repo_check_timeout() together this function can be moved

rpki-client MFT file and hash check change

2022-01-24 Thread Claudio Jeker
This diff does a few things regarding MFT file and hash sequences: - it validates the filename early on so that if considered valid it can be printed by printf(%s) without problems. - it assigns the file type (based on the file extension) early on and no longer uses this information when compa

Re: rpki-client MFT file and hash check change

2022-01-24 Thread Claudio Jeker
On Mon, Jan 24, 2022 at 05:20:49PM +, Job Snijders wrote: > On Mon, Jan 24, 2022 at 04:33:10PM +0100, Claudio Jeker wrote: > > This diff does a few things regarding MFT file and hash sequences: > > > > - it validates the filename early on so that if considered valid it ca

rpki-client repo layout change

2022-01-26 Thread Claudio Jeker
This diff removes the valid/ subdir in favor of a more direct directory layout for all valid CA repository files. It moves rrdp and rsync to .rsync and .rrdp but keeps ta/ because trust anchors are special. The biggest change is probably in the FTS code to cleanup the repo since the traversing now

Re: hardware checksum ix and ixl

2022-01-26 Thread Claudio Jeker
On Wed, Jan 26, 2022 at 01:29:42AM +0100, Alexander Bluhm wrote: > Hi, > > There were some problems with ix(4) and ixl(4) hardware checksumming > for the output path on strict alignment architectures. > > I have merged jan@'s diffs and added some sanity checks and > workarounds. > > - If the fir

Re: rpki-client repo layout change

2022-01-26 Thread Claudio Jeker
On Wed, Jan 26, 2022 at 11:43:25AM +0100, Theo Buehler wrote: > On Wed, Jan 26, 2022 at 10:06:37AM +0100, Claudio Jeker wrote: > > This diff removes the valid/ subdir in favor of a more direct directory > > layout for all valid CA repository files. > > It moves rrdp and rsyn

Allow rsync:// URI as rpki-client -f file

2022-01-26 Thread Claudio Jeker
rpki-client -f is a great tool to figure out what is going in the repo. I noticed that supporting rsync:// URI (like the one from Authority info access or Manifest) is easy and it makes it so much easier to follow the breadcrumbs up and down. While doing that I noticed that instead of using valid_

<    6   7   8   9   10   11   12   13   14   15   >