On Tue, Nov 9, 2021 at 3:05 PM Sebastian Benoit <be...@openbsd.org> wrote: > An errata patch for rpki-client has been released for OpenBSD 6.9 [...]
It turns out that the 6.9 version of the patch (021_rpki) causes rpki-client to provide OpenBGPd output that bgpd does not accept. Specifically: bgpd on 6.9 does not accept the 'expires' property in the ROA, in line with what bgpd.conf(5) states. # bgpd -n /var/db/rpki-client/openbgpd:13: syntax error # head -n 13 /var/db/rpki-client/openbgpd | tail -n2 roa-set { 1.0.0.0/24 source-as 13335 expires 1638843500 Noticed this by accident on an older host that I was about to upgrade. Following diff changes the rpki-client output to restore bgpd's former happiness. Of course, it only makes sense to apply this on 6.9-stable (r1.20.2.1). Index: output-bgpd.c =================================================================== RCS file: /cvs/src/usr.sbin/rpki-client/output-bgpd.c,v retrieving revision 1.20.2.1 diff -u -p -u -r1.20.2.1 output-bgpd.c --- output-bgpd.c 9 Nov 2021 13:41:19 -0000 1.20.2.1 +++ output-bgpd.c 5 Dec 2021 13:06:27 -0000 @@ -42,8 +42,8 @@ output_bgpd(FILE *out, struct vrp_tree * return -1; } else maxlenbuf[0] = '\0'; - if (fprintf(out, "\t%s %ssource-as %u expires %lld\n", - ipbuf, maxlenbuf, v->asid, (long long)v->expires) < 0) + if (fprintf(out, "\t%s %ssource-as %u\n", + ipbuf, maxlenbuf, v->asid) < 0) return -1; } Best regards, Rogier