| Age | Commit message (Collapse) | Author |
|---|
|
OK tb@
|
|
struct kroute and kroute6.
Rename knexthop_node to knexthop as well. Mostly mechanical but fix
at least one log format string to have the correct order of arguments.
OK tb@
|
|
OK tb@
|
|
simpler.
OK tb@
|
|
OK tb@
|
|
ok claudio
|
|
struct kroute_full is address family independent and so more portable.
Also struct kroute and struct kroute6 will be kroute.c internal soon.
OK tb@
|
|
|
|
Noticed by anton@
|
|
struct bgpd_addr.
OK tb@
|
|
Use this function in kroute so that kroute_find and kroute6_find can switch
to use struct bgpd_addr as argument.
OK tb@
|
|
Also fix the function by moving the memcpy() after the embedded scope
has been removed.
OK tb@
|
|
VIS_NOSLASH option to avoid additional backslashes. Although this
option prevents to decode binaries, it makes automatic post processing
easier. Formats like JSON use backslash escaping themself, additional
escaping from syslogd would break SIEM systems. vis protection was
introduced to avoid evil characters in log files and not to make
binary logging possible.
from Matthias Pitzl; OK deraadt@
|
|
Warn if the serial number decreases between syncs.
On top of this only allow a small window of up to 2 deltas from the
current one to consider our cache to be in sync.
The number 2 is probably to conservative and should be adjusted once
some data points got collected.
It seems to happen that CAs restore RRDP snapshots instead of building
a fresh snapshot with a new session-id. Which results in rpki-client to
ignore the repo until the serial number is bigger again.
OK tb@
|
|
Noticed by tb@
|
|
Neccessary after similar change in bgpd.
OK tb@
|
|
Using inet4applymask() makes the code similar to the IPv6 version.
Also switch kroute{,6}_match() to use a struct bgpd_addr * as argument.
OK tb@
|
|
Do not set any errno. So if a non empty string is used in name2id
conversion and the return value is 0 then that would be an error.
Callers in most cases do not care and accept that a label may be
lost because of conversion failure.
Noticed by and OK tb@
|
|
to the warning. The messages are clear enough and unique.
OK tb@
|
|
When pfkey_reply() detects an error in a message it needs to flush that
message out of the buffer because pfkey_read() only did a peak read.
OK tb@
|
|
or which are not marked RTF_DONE. Possible fix for bgpd exiting for
no obvious reason. Found with help from florian@
OK florian@
|
|
Instead define our own algorithm enums for the IPsec code.
OK tb@ sthen@
|
|
|
|
indicates that the route was successfully added to the FIB.
Filter out dynamic routes, like it is already done for ARP and ND routes) and
kill F_DYNAMIC.
Also remove the protect_lo() bits. Adding dummy kroute entries does no longer
prevent bad routes to hit the FIB. Also loopback IPs are checked in a few
other places to prevent bad routes to be installed into the FIB.
OK tb@
|
|
|
|
|
|
into a struct kroute_full and then two functions to add/change or delete
that route from the kroute tree.
Cleanup some additional things and use the same parse funtion in fetchtable.
OK tb@
|
|
|
|
Since the ASN.1 template conversions, we have three copies of mostly dead
code that validates that the econtent version is at its default value 0.
Until a new standard bumps this version and we decide to support that,
we're better off with only one copy of this code.
ok claudio
|
|
ERROR to yylex() to make the parser fail nicely.
OK tb@
|
|
It is the same value but using the kif seems better.
|
|
kr_nexthop_add() and kr_nexthop_delete() only operate on the main table
so just pass in the right rdomain id.
kr_shutdown() and kr_dispatch_msg() don't really need the rdomain passed.
The was done for kif_remove(), since that function needs to remove connected
routes from the rdomain table. Connected routes can only exists in the
interfaces rdomain so just use kif->k.rdomain. If such routes exist that
table exists as well. If the table does not exists there are also no
connected routes to track.
OK tb@
|
|
Found by Stefan Butz.
ok dlg@
|
|
an update.
|
|
okay sthen@
|
|
download the installation files to. This is helpful if the default
base-directory /home isn't available for writing, i.e. when using auto
mounted home directories.
Discussed with and input received from
florian@, jmc@, sthen@, schwarze@, and ajacoutot@.
OK florian@, jmc@, sthen@
|
|
By moving the rtlabel_unref into kroute_remove the unref is more reliable.
There are still places where handling is not quite right but it is a step
in the right direction.
OK tb@
|
|
|
|
Also cleanup some redundant if statements.
OK tb@
|
|
|
|
|
|
If a certificate along the chain does not have an AS numbers extension,
this is a failure condition according to RFC 3779, section 3.3.
ok job
|
|
errors several times (for instance, if a file doesn't exist, its checksum
is not going to match, obviously)
|
|
don't do it again (would skew the file system usage a bit).
Also: we don't need to check for firmware if we're not actively deleting.
normal updates won't touch them.
|
|
the code that calls delete_handle already
|
|
several hundred copies of the same file (even thousands! I'm looking at you
sdcc), so matching through a list is O(n^2).
So hash the hashes on the actual file name so that we match directly if
the same name file didn't change, and use the first entry otherwise, since
the name won't match.
speeds up updating of texlive somewhat, and makes a huge difference for sdcc.
|
|
|
|
|
|
|
|
Instead of passing it around all the time put the fib_priority into the
kroute state. It is only needed in send_rtmsg() in the end.
Additionally insert F_BGP_INSERTED routes with a special RTP_MINE priority.
This makes changing the fib_priority at runtime simpler because there
is no need to alter the kroute table anymore.
OK tb@ deraadt@
|
