On Wed, Nov 03, 2021 at 12:41:52PM -0600, Theo de Raadt wrote:
> + size_t talid; /* covered by which TAL */
>
> You shouldn't use size_t
>
> It is 32bit on ILP32 systems, and 64bit on I32LP64 machines, because the
> underlying definition is:
>
> _types.h:typedefunsigned
Fix CRLF handling by properly setting nl to the right NUL byte.
In the CRLF case both \r\n are replaced by \0 and so the code
needs to adjust the nl pointer else valid_url() and the check for .cer
endings fail.
This diff fixes the test.tal I added to regress.
--
:wq Claudio
Index: tal.c
When RRDP support was added a repo was added for every caRepository URI
that was different from the others. Now the big RIR repos have many
caRepoistory URIs that are just subdirs and are covered by the same rsync
or RRDP source.
This diff changes this back to not create a new repo for every
This diff changes the io read functions to work on ibufs.
With this the poll loops will consume data with io_buf_read() until a full
message is received and then that message is processed. Thanks to this
the processes no longer block while waiting for more data in the io read
functions.
With this
The sys___thrsigdivert code can be simplified a bit. It is possible to
set the error before the loop and then have the loop exit after polling
for pending signals. IMO the results looks nicer than what we have now.
OK?
--
:wq Claudio
Index: kern/kern_sig.c
Refactor this code and instead of passing various things around just use
globals.
--
:wq Claudio
Index: parser.c
===
RCS file: /cvs/src/usr.sbin/rpki-client/parser.c,v
retrieving revision 1.16
diff -u -p -r1.16 parser.c
---
On Sun, Dec 12, 2021 at 03:22:37PM +0100, Denis Fondras wrote:
> Le Sun, Dec 12, 2021 at 01:43:06PM +, Stuart Henderson a écrit :
> > On 2021/12/12 14:13, Denis Fondras wrote:
> > > Number of received prefixes appear in `bgpctl sh` but not in `bgpctl -j
> > > sh`.
> > >
> > > Here is a diff
On Mon, Dec 13, 2021 at 11:25:02AM +0100, Florian Obser wrote:
> Replace struct member assignment with struct assignment to make the code
> more compact. No binary change (on amd64).
>
> OK? Or is there a reason not to do this?
Looks good to me and I also see no reason why this should not be
On Mon, Dec 13, 2021 at 11:27:20AM +0100, Florian Obser wrote:
> Treat xid as a uint32_t in network byte order on the wire.
>
> Internally this doesn't matter since we only care about equality.
> This makes logging output comparable to tcpdump(8).
>
> Pointed out by joel@
>
> OK?
OK claudio@
Currently ta, rrdp and rsync repositories use different functions to build
their base path. This diff changes this so that all can use the same
function.
This is a first step to introduce a common validated repository.
--
:wq Claudio
Index: repo.c
On Fri, Nov 26, 2021 at 11:37:37PM +0100, Alexandr Nedvedicky wrote:
> Hello,
>
> On Fri, Nov 26, 2021 at 01:01:40PM +0100, Claudio Jeker wrote:
> >
> > One more thing to consider, I think the following test in pfi_set_flags():
> >
> > > + if
This adds support for RFC9072: Extended Optional Parameters Length for BGP
OPEN Message. I did not add any knobs to force the new format. Seems to
work for me (tested both formats with bgpd). The other ususal suspects
have no support yet so lets see.
--
:wq Claudio
Index: bgpd.8
On Fri, Jul 23, 2021 at 05:28:33PM +0200, Sebastian Benoit wrote:
> Job Snijders(j...@openbsd.org) on 2021.07.23 15:23:49 +:
> > Hi all,
> >
> > Based on suggestions from Julian Reschke.
> >
> > * "Connection: keep-alive" isn't needed, as the HTTP 1.1 default is to
> > use persistent
On Tue, Jan 04, 2022 at 02:48:17PM +0100, Theo Buehler wrote:
> As discussed in the previous thread, we can simplify the verify callback
> by getting rid of the extremely noisy warnx at the end. Fail directly on
> encountering an unknown critical extension and succeed otherwise.
OK claudio@ (and
On Wed, Dec 29, 2021 at 01:12:25PM +0100, Claudio Jeker wrote:
> On Wed, Dec 29, 2021 at 01:06:30AM +0100, Theo Buehler wrote:
> > On Tue, Dec 28, 2021 at 05:08:46PM +0100, Claudio Jeker wrote:
> > > On Mon, Dec 27, 2021 at 12:23:32PM +0100, Theo Buehler wrote:
> > > &
Currently running rpki-client -n with an up to date repo results in the
loss of around 25% of ROAs. The reason is that most of apnic fails since
they decided it is a glorious idea to put two rsync repos into one rrdp
repo.
When changing the repo state for the noop case from REPO_DONE to
This is another diff on the way to having a validated repo.
Pass the filename of the entity which was parsed back to the parent.
With this we can move the filepath_add() call from entity_write_req()
to entity_process(). As a side-effect the "Already visited" check is moved
after parsing so a file
On Tue, Jan 04, 2022 at 10:58:41AM +0100, Claudio Jeker wrote:
> This are obvious and easy to fix unused but set variables.
> There are more in vioscsi.c but those are actually used if compiled with
> DEBUG set.
The changes in loadfile_elf.c, vioqcow2.c and vmd.c are trivial and can be
On Tue, Jan 04, 2022 at 08:42:29AM -0500, Dave Voutila wrote:
>
> Claudio Jeker writes:
>
> > This are obvious and easy to fix unused but set variables.
> > There are more in vioscsi.c but those are actually used if compiled with
> > DEBUG set.
>
> ok dv@, but
This introduces a function remove_contents() which is implementing a basic
rm -r and uses it to clean the RRDP repository when downloading a
snapshot (especially after a delta failure). It also cleans out the temp
directory after a failure to fetch.
With the introduction of a validated cache this
Right now a file can only exist in one place in the rpki-client cache.
This will change when we split valid data to its own repo.
One step to get closer to that is to alter valid_filehash() to take an
open filedescriptor instead of using open(2) itself. This allows the
callers to decide which
On Thu, Jan 13, 2022 at 02:24:59PM +0100, Theo Buehler wrote:
> On Thu, Jan 13, 2022 at 02:16:02PM +0100, Claudio Jeker wrote:
> > Right now a file can only exist in one place in the rpki-client cache.
> > This will change when we split valid data to its own repo.
> >
>
This diff just shuffles some functions around to reduce the size of the
validate cache diff.
--
:wq Claudio
Index: repo.c
===
RCS file: /cvs/src/usr.sbin/rpki-client/repo.c,v
retrieving revision 1.23
diff -u -p -r1.23 repo.c
---
This diff adds a new cache subdir called "valid". This is the place where
all verified and good files are stored after a run. It makes -n work a lot
better since -n will now only look at what's inside "valid" and ignore
"rsync" and "rrdp".
The trust anchors are still stored in "ta" even if valid.
Noticed the other day, a stale manifest tries to check the fileandhash
data. But when running with -n none of this data will be around since it
was most probably removed on the previous run. The result is a lot of
warnings on top of the warning about the mft being stale. It is better to
skip
On Thu, Jan 13, 2022 at 10:51:33PM +0100, Theo Buehler wrote:
> On Thu, Jan 13, 2022 at 05:05:57PM +0100, Claudio Jeker wrote:
> > This diff adds a new cache subdir called "valid". This is the place where
> > all verified and good files are stored after a run. It makes
On Tue, Jan 11, 2022 at 08:15:13AM +, Klemens Nanni wrote:
> On Mon, Jan 10, 2022 at 12:06:44PM +, Klemens Nanni wrote:
> > On Fri, Dec 31, 2021 at 07:54:53PM +0300, Vitaliy Makkoveev wrote:
> > > The uvm_wxabort path within uvm_wxcheck() looks not MP-safe.
> >
> > Right, I did not pay
On Tue, Jan 11, 2022 at 11:36:19AM +, Job Snijders wrote:
> On Mon, Jan 10, 2022 at 03:30:23PM +0100, Claudio Jeker wrote:
> > + if (RB_INSERT(repo_tree, , rp) != NULL)
> > + errx(1, "repository already added to repo tree %d, %s", id,
> > path);
This diff changes the way the parser figures out which file to work on.
Until now the parent process sent a full path to the parser but that does
not work well with the idea of splitting the repo up into validated, rsync
and rrdp parts.
So this diff changes the way the parser opens a file. There
On Tue, Feb 15, 2022 at 04:49:10PM +1000, David Gwynne wrote:
> On Fri, Feb 11, 2022 at 03:13:25PM +1000, David Gwynne wrote:
> > On Fri, Mar 05, 2021 at 05:09:29PM +1000, David Gwynne wrote:
> > > On Thu, Mar 04, 2021 at 03:36:19PM +1000, David Gwynne wrote:
> > > > as the subject says, this is a
On Thu, Feb 10, 2022 at 08:44:08AM +0100, Theo Buehler wrote:
> On Thu, Feb 10, 2022 at 07:51:45AM +0100, Theo Buehler wrote:
> > At this point conn->last_modified may or may not be allocated.
> > If it is, overriting it will leak 30 bytes.
>
> rrdp_input_handler() has a leak of the same kind.
>
On Thu, Feb 10, 2022 at 11:45:06AM +0100, Theo Buehler wrote:
> > > Index: rrdp.c
> > > ===
> > > RCS file: /cvs/src/usr.sbin/rpki-client/rrdp.c,v
> > > retrieving revision 1.21
> > > diff -u -p -r1.21 rrdp.c
> > > --- rrdp.c
On Thu, Feb 10, 2022 at 09:13:25AM +0100, Theo Buehler wrote:
> This is purely cosmetic. I did some testing on fedora which ships with
> btrfs by default. btrfs is special in that df -i and other tools always
> report 0 inodes. As a consequence, each rpki-client run prints the disk
> space
This adds the needed bits to print CRL files.
Using ASN1_INTEGER_get() is probably bad at least I think there is the
possibility the serial number wont fit in the long. I hope tb@ has a
better solution :)
I created x509_get_time() to streamline the ASN1_TIME to time_t
conversion and replaced a
bgpd's parse.y uses a lot of STRING that is then further bisected in the
actual rule. One good example are all communities. Now if someone wants to
use macros in such arguments they do not work in all cases. e.g.
large-community $someas:1:2 works but large-community 1:$someas:2 does
not.
Right
On Tue, Mar 08, 2022 at 01:33:01PM +0100, Theo Buehler wrote:
> If the length checks trigger, roa is leaked. It makes more sense to me
> to copy the data into ip4 and ip6, check lengths and then calloc rather
> than the current order, so I moved the calloc down a bit. Alternatively,
> we could
On Thu, Mar 17, 2022 at 12:47:15AM +0100, Alexander Bluhm wrote:
> Hi,
>
> My previous atempt to add a mutex to in_pcb.h was reverted as it
> broke userland build.
>
> Is the correct fix to include sys/mutex.h in every .c file that
> includes netinet/in_pcb.h ? I made a release with it.
> Or
On Thu, Mar 17, 2022 at 02:09:39PM +0100, Mark Kettenis wrote:
> > Date: Thu, 17 Mar 2022 13:24:24 +0100
> > From: Alexander Bluhm
> >
> > On Thu, Mar 17, 2022 at 08:24:10AM +0100, Claudio Jeker wrote:
> > > On Thu, Mar 17, 2022 at 12:47:15AM +0100,
This diff just refactors the code by moving the alloc part up.
It makes the code a bit easier to read and more similar with other
prefix_adjout functions. Also I plan to pass the struct prefix in
as an argument and do the prefix_adjout_get() in the callee.
--
:wq Claudio
Index: rde_rib.c
Currently EoR markers use a full byte in struct prefix what can be done in
a bit. Use the last flags field so that that 1 byte is available again.
I already have a need for that byte this is why I came up with this
change.
--
:wq Claudio
? obj
Index: rde.h
On Tue, Mar 08, 2022 at 07:17:33PM +0100, Stefan Sperling wrote:
> On Tue, Mar 08, 2022 at 03:55:48PM +0100, Stefan Sperling wrote:
> > On Mon, Mar 07, 2022 at 03:04:06PM -0700, Theo de Raadt wrote:
> > > > For now, the structs are identical so the code copying data out is
> > > > kept simple.
> >
On Thu, Mar 10, 2022 at 05:33:28PM +0100, Martin Vahlensieck wrote:
> Hi
>
> This pulls up and adjusts the check if i exceeds the bounds of pfds.
> Before it was technically wrong, as i > NPFDS means that the last
> write (i == NPFDS) was already out of bounds.
I see no reason to pull up the
On Thu, Mar 10, 2022 at 05:54:21PM +0100, Theo Buehler wrote:
> On Thu, Mar 10, 2022 at 05:51:46PM +0100, Claudio Jeker wrote:
> > On Thu, Mar 10, 2022 at 05:33:28PM +0100, Martin Vahlensieck wrote:
> > > Hi
> > >
> > > This pulls up and adjusts the c
This is one small step closer to support add-path send side.
We store the path_id_tx on the prefix and we can adjust a few places to
make use of that field. Now it is always 0 so nothing changes in the end
apart from removing some XXX comments.
--
:wq Claudio
Index: rde.c
On Thu, Feb 24, 2022 at 08:56:59PM +1000, David Gwynne wrote:
> On Thu, Feb 24, 2022 at 11:13:48AM +0100, Claudio Jeker wrote:
> > On Thu, Feb 24, 2022 at 07:39:54PM +1000, David Gwynne wrote:
> > >
> > > here's the diff.
&
On Thu, Feb 24, 2022 at 07:39:54PM +1000, David Gwynne wrote:
> On Mon, Feb 21, 2022 at 03:00:01PM +1000, David Gwynne wrote:
> > On Sun, Feb 20, 2022 at 10:30:22AM +1000, David Gwynne wrote:
> > >
> > >
> > > > On 20 Feb 2022, at 09:46, David Gwynne wrote:
> > > >
> > > > On Sat, Feb 19, 2022
For add-path send the Adj-RIB-Out needs to handle multiple paths per
prefix. The Adj-RIB-Out stores the prefixes on RB trees and so extend
the lookup function to include the path_id (which will be path_id_tx).
For now the path_id_tx in the Adj-RIB-Out is forced to 0 since
up_generate_updates() is
On Mon, Feb 28, 2022 at 02:32:07PM +0100, Theo Buehler wrote:
> On Mon, Feb 28, 2022 at 12:35:09PM +0100, Claudio Jeker wrote:
> > From the start bgpd had prefix_link and prefix_unlink to link all the
> > various data objects together to build an actual prefix. Now prefix_m
>From the start bgpd had prefix_link and prefix_unlink to link all the
various data objects together to build an actual prefix. Now prefix_move()
tries to be smart and reimplemented prefix_link and prefix_unlink as
inline versions (with minimal differences). Later the prefix_adjout_*
functions
rde_dump_adjout_upcall() and rde_dump_adjout_prefix_upcall() work only
on prefixes that belong to the Adj-RIB-Out so check for the
PREFIX_FLAG_ADJOUT to make sure it is set.
Other code has the same 'assert' in rde_rib.c and I think it makes most
sense to put it here as well.
--
:wq Claudio
On Tue, Feb 22, 2022 at 03:46:05PM +1000, David Gwynne wrote:
> this lets ifconfig show the MTU on interfaces like nvgre, vxlan, etc.
> they currently don't show it because they also implement a bridge ioctl,
> so ifconfig thinks they're a bridge.
>
> why ifconfig hides the mtu on bridges looks
On Tue, Feb 22, 2022 at 02:01:26PM +0100, Theo Buehler wrote:
> EVP_PKEY_set1_EC_KEY() bumps eckey's refcount (that's what "set1" means),
> so eckey isn't freed when pkey is freed at the end of keyproc() or
> acctproc() (which means that secret data isn't wiped). Moving the
> freeing of eckey to
On Wed, Mar 02, 2022 at 10:15:07AM +0100, Florian Obser wrote:
> On 2022-03-01 10:22 -08, j...@bitminer.ca wrote:
> > Looking at the gz option, I noticed some kv structs allocated on
> > stack but not fully initialized.
>
> Nice catch.
>
> >
> > This patches initializes the kv struct to avoid
This diff changes prefix_adjout_withdraw() to take a prefix pointer
as argument. So instead of doing the lookup in the withdraw function the
caller may need to do it.
With this one call to up_generate_updates() can be replaced with a direct
call to prefix_adjout_withdraw(). rde_up_flush_upcall()
On Wed, Mar 02, 2022 at 01:03:04PM +0100, Claudio Jeker wrote:
> This diff changes prefix_adjout_withdraw() to take a prefix pointer
> as argument. So instead of doing the lookup in the withdraw function the
> caller may need to do it.
>
> With this one call to up_generat
On Wed, Mar 02, 2022 at 01:25:42PM +0100, Theo Buehler wrote:
> On Wed, Mar 02, 2022 at 01:07:09PM +0100, Claudio Jeker wrote:
> > On Wed, Mar 02, 2022 at 01:03:04PM +0100, Claudio Jeker wrote:
> > > This diff changes prefix_adjout_withdraw() to take a prefix pointer
> > &
This moves the count adjustments into prefix_adjout_update() in a similar
way that was just done for prefix_adjout_withdraw().
Having the counts closer to the actual places where things are
added/removed makes the code a bit easier to grasp. The if cascade in
the prefix_adjout_get != NULL case can
struct kroute_full is the external representation of kroutes.
It includes the routing label as a string. For some reason there was also
a labelid field but that one is not used and needed, the labelid is an
internal id that has no value for any other process.
Just remove the field and the two
Another day another cleanup.
This diff moves rde_send_kroute() out of rde_generate_update() and back
into prefix_evaluate(). rde_generate_update() should only track the RIBs.
rde_generate_update() is mainly called from prefix_evaluate().
The only other caller is in rde_softreconfig_sync_reeval()
On Fri, Feb 25, 2022 at 11:55:08AM +0100, Theo Buehler wrote:
> On Fri, Feb 25, 2022 at 11:15:49AM +0100, Claudio Jeker wrote:
> > For add-path send the Adj-RIB-Out needs to handle multiple paths per
> > prefix. The Adj-RIB-Out stores the prefixes on RB trees and so extend
> >
In the big conversion I forgot to include parse.y in the files.
This diff fixes that.
--
:wq Claudio
Index: parse.y
===
RCS file: /cvs/src/usr.sbin/bgpd/parse.y,v
retrieving revision 1.420
diff -u -p -r1.420 parse.y
--- parse.y
Sometimes (mainly for tests) it can be useful to run bgpd on something
different than port 179. The following diff does mostly that. It allows
to define a port with 'listen on' and makes it possible to set the port
on a neighbor like it is done for rtr sessions.
The only thing not working are
On Tue, Mar 22, 2022 at 06:35:47PM +0100, Alexander Bluhm wrote:
> On Tue, Mar 22, 2022 at 04:42:45PM +0100, Claudio Jeker wrote:
> > No but you push this layer into a specifc direction and by that make it
> > harder to fix the PCB tables in a different way. I just see peop
In struct rib_entry bgpd keeps the 'best' or active prefix cached.
Now to support more than one one prefix per path (for ECMP and add-path)
I need the ability to access the previous element. The currently used
LIST macros do not support that. So I want to switch that to TAILQ but
the TAILQ head is
On Mon, Mar 21, 2022 at 01:19:53PM +0100, Theo Buehler wrote:
> On Mon, Mar 21, 2022 at 12:24:33PM +0100, Claudio Jeker wrote:
> > During config reload the RIB may need to be resynced when the
> > 'no evaluate' setting changes.
> >
> > This changes the code to act
Change the code to use less goto and instead use a while loop.
I think the result is easier to understand.
OK?
--
:wq Claudio
Index: rde_update.c
===
RCS file: /cvs/src/usr.sbin/bgpd/rde_update.c,v
retrieving revision 1.138
diff -u
On Wed, Mar 30, 2022 at 03:10:58PM +0200, Theo Buehler wrote:
> On Wed, Mar 30, 2022 at 02:38:54PM +0200, Claudio Jeker wrote:
> > Change the code to use less goto and instead use a while loop.
> > I think the result is easier to understand.
>
> Yes this is clearer and preser
I would like to get rid of the ta flag on cert_parse_inner() and only do
the basic cert parse bits there. Then cert_parse() and ta_parse() do the
other bits.
This moves the easy checks to the right place.
--
:wq Claudio
Index: cert.c
On Fri, Apr 01, 2022 at 06:31:43PM +0200, Theo Buehler wrote:
> On Fri, Apr 01, 2022 at 05:01:00PM +0200, Claudio Jeker wrote:
> > cert_parse_inner() now only uses the ta flag to change behaviour of
> > loading the various x509 extensions (AKI, SKI, AIA und CRL DP).
> >
On Fri, Apr 01, 2022 at 06:52:48PM +0200, Claudio Jeker wrote:
> On Fri, Apr 01, 2022 at 06:31:43PM +0200, Theo Buehler wrote:
> > On Fri, Apr 01, 2022 at 05:01:00PM +0200, Claudio Jeker wrote:
> > > cert_parse_inner() now only uses the ta flag to change behaviour of
> > &g
cert_parse_inner() now only uses the ta flag to change behaviour of
loading the various x509 extensions (AKI, SKI, AIA und CRL DP).
This diff changes these functions to work always. Make AKI, AIA and CRL DP
optional and have the code calling those functions check if they must have
the extension.
Kill a FIXME and simplify the logic around the process list by using a
static ids array on the stack.
Tested with and without -R.
--
:wq Claudio
Index: rsync.c
===
RCS file: /cvs/src/usr.sbin/rpki-client/rsync.c,v
retrieving
This was fixed in January. Now RRDP issues an RRDP_CLEAR to the parent
which in turns removes all files from the .rrdp cache dir.
--
:wq Claudio
Index: rrdp.c
===
RCS file: /cvs/src/usr.sbin/rpki-client/rrdp.c,v
retrieving revision
On Mon, Apr 04, 2022 at 01:33:18PM +0200, Theo Buehler wrote:
> We fixed this back in January when we added rtype_from_mftfile().
>
> Index: main.c
> ===
> RCS file: /cvs/src/usr.sbin/rpki-client/main.c,v
> retrieving revision 1.190
This diff alters the way rpki-client cleans up the cache directory.
While with rsync any file can be removed and on the next run it will be
fetched again RRDP has no such logic. It is a very fragile protocol and
only works if files are not removed by something else.
Until now files are just
On Mon, Apr 04, 2022 at 08:44:43PM +0200, Theo Buehler wrote:
> p->res->mft and p->res->repo are populated in sbgp_sia_resouce_entry().
> Nothing guarantees that the resources are present. With our current
> strstr() implementation we would let a cert with a missing mft through
> while we would
On Mon, Mar 21, 2022 at 05:51:36PM +0100, Theo Buehler wrote:
> On Mon, Mar 21, 2022 at 05:16:53PM +0100, Claudio Jeker wrote:
> > In struct rib_entry bgpd keeps the 'best' or active prefix cached.
> > Now to support more than one one prefix per path (for ECMP and add-path)
> &g
On Tue, Mar 22, 2022 at 02:24:25PM +1000, David Gwynne wrote:
> i couldnt find any good examples of what to do when you wanted to
> receive multiple control messages from a single recvmsg call. the most
> interesting bit is how much space the buffer needs to be.
>
> if i struggled maybe someone
As mentioned I need a TAILQ for the list of prefixes that belong to a rib
entry. Mainly because I need TAILQ_PREV. This diff does this replacement.
I did not change the nexhtop LIST of prefixes to a TAILQ. Maybe something
to consider but there is no real need for that.
This is mostly a mechanical
On Tue, Mar 22, 2022 at 11:40:12AM +0100, Theo Buehler wrote:
> On Tue, Mar 22, 2022 at 10:55:48AM +0100, Claudio Jeker wrote:
> > As mentioned I need a TAILQ for the list of prefixes that belong to a rib
> > entry. Mainly because I need TAILQ_PREV. This diff does this replace
On Tue, Mar 22, 2022 at 02:09:51PM +0100, Alexander Bluhm wrote:
> Hi,
>
> syzkaller and witness found the same bug I introduced in UDP also
> for Raw IP. Fix it the same was for rip and rip6.
>
> https://syzkaller.appspot.com/bug?extid=9bac6356a881dc644265
>
On Tue, Mar 22, 2022 at 02:56:43PM +0100, Alexander Bluhm wrote:
> On Tue, Mar 22, 2022 at 02:25:08PM +0100, Claudio Jeker wrote:
> > On Tue, Mar 22, 2022 at 02:09:51PM +0100, Alexander Bluhm wrote:
> > > Hi,
> > >
> > > syzkaller and witness found t
This diff just renames F_CTL_ACTIVE and F_PREF_ACTIVE to the more correct
F_CTL_BEST and F_PREF_BEST. The flags are used to mark the one best path.
ACTIVE is not the right term here since with ECMP and add-path more than
one route can be active. I will probably add more flags to mark ECMP
On Mon, Mar 21, 2022 at 02:17:21PM +1000, David Gwynne wrote:
> in_pcbselsrc has this:
>
> ifp = if_get(mopts->imo_ifidx);
> if (ifp != NULL) {
> if (ifp->if_rdomain == rtable_l2(rtableid))
> IFP_TO_IA(ifp, ia);
>
During config reload the RIB may need to be resynced when the
'no evaluate' setting changes.
This changes the code to actually flush the Adj-RIB-Out of affected peers
and then adjust the RIB in a 2nd step. That way there is no need to use
rde_generate_updates() to remove the prefixes one by one
On Mon, Mar 28, 2022 at 04:38:33PM -0400, Demi Marie Obenour wrote:
> On 3/28/22 10:39, Mark Kettenis wrote:
> >> Date: Mon, 28 Mar 2022 09:51:22 -0400
> >> From: Demi Marie Obenour
> >>
> >> On 3/27/22 21:45, Damien Miller wrote:
> >>> On Fri, 25 Mar 2022, Demi Marie Obenour wrote:
> >>>
>
On Fri, Feb 04, 2022 at 07:20:21PM +0100, Theo Buehler wrote:
> On Fri, Feb 04, 2022 at 03:59:34PM +0100, Claudio Jeker wrote:
> > This is something I wanted to do for a while. Switch from u_intXY_t to
> > uintXY_t from stdint.h. The diff is mostly mechanical and was done wit
On Fri, Feb 04, 2022 at 03:56:18PM +0100, Theo Buehler wrote:
> On Fri, Feb 04, 2022 at 12:03:41PM +0100, Claudio Jeker wrote:
> > On Fri, Feb 04, 2022 at 10:41:03AM +0100, Theo Buehler wrote:
> > > It was pointed out to Claudio that rpki-client does not enforce
> >
On illumos sun is defined by some header so better not use sun as a
variable name. Rename variable to sa_un to reduce hacks in -portable.
--
:wq Claudio
Index: bgpctl/bgpctl.c
===
RCS file: /cvs/src/usr.sbin/bgpctl/bgpctl.c,v
On Fri, Feb 04, 2022 at 10:41:03AM +0100, Theo Buehler wrote:
> It was pointed out to Claudio that rpki-client does not enforce
> certificate policies.
>
> The diff below does that. It has two parts.
>
> In cert.c we check that the certificate policy extension matches the
> specification in RFC
I think I introduced a bit of an error when skipping cleanup of RRDP
directories when RRDP is off. When RRDP is off the cache is updated via
rsync but when RRDP is turned back on later on the cache does not match
with the RRDP state file and so deltas will often fail to apply.
It is better to
On Fri, Jan 28, 2022 at 09:31:26AM +0100, Theo Buehler wrote:
> On Thu, Jan 27, 2022 at 09:38:54AM +0100, Claudio Jeker wrote:
> > On Thu, Jan 27, 2022 at 07:46:32AM +0100, Theo Buehler wrote:
> > > On Wed, Jan 26, 2022 at 04:42:04PM +0100, Claudio Jeker wrote:
> > > >
On Thu, Jan 27, 2022 at 07:46:32AM +0100, Theo Buehler wrote:
> On Wed, Jan 26, 2022 at 04:42:04PM +0100, Claudio Jeker wrote:
> > So the RFC is not very clear but in general the idea is that if multiple
> > MFTs are available the newest one (highest manifest number) sho
On Sat, Feb 05, 2022 at 12:28:08PM +0100, Mark Kettenis wrote:
> > Date: Sat, 5 Feb 2022 09:29:42 +0100
> > From: Anton Lindqvist
> >
> > Hi,
> > I recently got a USB headset with physical volume buttons, handled by
> > ucc(4). However, after enabling the device in sndiod the volume buttons
> >
On Wed, Feb 09, 2022 at 02:59:41PM +0100, Theo Buehler wrote:
> We should not use CRLs if now isn't between thisUpdate and nextUpdate.
> This also ensures that thisUpdate <= nextUpdate. While the verifier will
> catch all this, doing this early will often remove one of the two
> possible choices
On Thu, Feb 10, 2022 at 04:09:40PM +0100, Theo Buehler wrote:
> On Thu, Feb 10, 2022 at 03:02:15PM +0100, Claudio Jeker wrote:
> > This adds the needed bits to print CRL files.
> > Using ASN1_INTEGER_get() is probably bad at least I think there is the
> > possibility the s
On Fri, Jan 14, 2022 at 04:44:49PM +, Stuart Henderson wrote:
> On 2022/01/14 16:52, Rafael Sadowski wrote:
> > On Fri Jan 14, 2022 at 03:17:21PM +0100, Tobias Heider wrote:
> > > Hi,
> > >
> > > clang ships with a pretty useful static analyzer to find all kinds of bugs
> > > in C and C++
How X509_verify_cert() is called in rpki-client is mostly the same in all
places so move all this X509 boilerplate into valid_x509().
This simplifies the x509 validation in the parser a fair but and will also
make it easier for -f to validate certs.
OK?
--
:wq Claudio
Index: parser.c
On Tue, Jan 18, 2022 at 02:09:08PM +0100, Theo Buehler wrote:
> On Tue, Jan 18, 2022 at 12:16:44PM +0100, Claudio Jeker wrote:
> > How X509_verify_cert() is called in rpki-client is mostly the same in all
> > places so move all this X509 boilerplate into valid_x509().
> >
UNIX does not let you get the path from an open file descriptor. It is not
possible to give this information reliably so you can't provide an API.
While a inode may exist a path to that inode may not. This is the case for
a file that is replaced or deleted while open.
Some systems give people a
1501 - 1600 of 2249 matches
Mail list logo