Age | Commit message (Collapse) | Author |
|
- Use sizeof(buf) instead of BUFSIZ.
- Only overwrite '\n'.
From Charles Longeau.
OK millert@ and moritz@.
|
|
From Charles Longeau.
OK millert@.
|
|
route: 198.73.251.0
no prefixlen...
overhaul error handling in prefixset_addmember(). for prefixes without
prefixlen or ones where inet_net_pton reports an invalid format, complain
and ignore the prefix, but don't err out completely.
|
|
route: 203.94.216.0/21,
origin: AS17813
so we need to cut trailing ',' away
|
|
|
|
everything we run into as members that is hierarchical (contains :) has to
be an as-set. RPSL requires one component to have the AS- prefix; we check
that.
now the huge AS-TELIANET correctly resolves - into 15128 unique ASes, takes
12m47.11s real 0m8.62s user 0m1.07s system
|
|
as _ng_sl_add() now returns a value. The only consumer of that
interface is netgroup_mkdb(8). Adapted from NetBSD.
OK deraadt@
|
|
do the same in asset_expand() for the head as-set or aut-num reference from
the policy.
fixes duplicate ASes with mixed case seen after set resolution and saves
some str(n)casecmp on the way (or rather allows a whole bunch of strcmp to
stay)
|
|
|
|
|
|
|
|
spot 'em
|
|
|
|
any more. since aggregated entries might be further aggregatable...
shaves of another 1200 lines (of ~16900) from the generated ruleset for my AS
|
|
|
|
|
|
they can be expressed as one with shorter prefixlen. if so, adjust the
first prefix accordingly and return 1 so the second gets removed.
shrinks the ruleset for my AS from 19533 to 16892 rules.
|
|
|
|
that the resulting rule allows more specifics. i. e.
10.0.0.0/16, 10.0.1/24, 10.0.128/17 -> prefix 10.0.0.0/16 prefixlen <= 24
implementation: sort prefixes per AS by address family, prefix, prefixlen.
for every entry, check wether the prefix with the previous entry's mask
applied matches the previous entry's prefix & mask. Only move the previous
pointer forward if not so. Fill the holes we create in the process on the
fly; shrink the array afterwards.
shrinks the generated filters for our AS from over 100k to under 20k lines.
|
|
hanging connection for a specific query (which works find against radb,
investigating with ripe pplz), and ripe doesn't mirror some important RRs
like ALTDB.
|
|
since we have a tristate in relay_handle_http(), use nicer return
codes defined to make it better readble (no function change).
|
|
multiple route objects (i. e. is the result of maksing out longer prefixes
or aggregation we'll do later).
if maxlen is > prefixlen, generate rules accordingly (prefixlen <= maxlen)
|
|
|
|
|
|
|
|
discussed with pyr
|
|
|
|
|
|
members
|
|
stolen from hostapd.conf.5
|
|
|
|
"" instead of defaulting to NULL, which is a pain to handle afterwards.
in the output function, treat empty string address like NULL address
problem noticed by rivo nurges <rix@estpak.ee>
|
|
to us trying to add an empty-string AS, which asset_get later complains
about.
in parse_asset, check that we're no dealing with a empty string token
before calling asset_addmember
|
|
|
|
RPSL spec and enforced by the IRR databases.
teach asset_get this fact. only send queries for the as-set members for
as-sets.
since we now always fake an as-set for aut-nums, we don't need to
escape the recursive as-set resolution process when we run into aut-num
members.
complain about and then ignore unresolvable as-set members.
|
|
for object found with n matched attributes. this way we can distinguish
between no object found and object without relevant attributes
|
|
|
|
|
|
|
|
|
|
generates bgpd filter rules from the Internet Routing Registry aka IRR aka
the aut-num, as-set and route objects in the RIPE, ARIN, APNIC ... databases
accessed via whois, using the Routing Policy Specificaion Language RPSL.
implement the whois query interface, an RPSL parser (of course only the
parts we need), recursive as-set resolver, prefixes per AS lookup,
and an ouput module to make up the rules.
work in progress, not ready for general consumption yet.
import agreed by theo & claudio
|
|
|
|
the code here is slightly different, but also has the overfow in both cases
|
|
input buffer, we call the new callback to handle the remaining data.
this change makes sure that we only do this after the read callback
was actually changed (read header -> read content, read content ->
read header, read chunks...) to avoid a possible loop which could
happen in some rare cases.
|
|
OK millert@.
|
|
routines.
OK millert@.
|
|
|
|
after release we should revisit this issue, we can probably safely shrink
the max imsg size.
Valentin Kozamernik in PR5401
|
|
if a sensor is always bad, but sometimes goes OK for only a few seconds,
we want to ignore that bogus change as well
also fix setting if last_val.
from Constantine, ok mickey
|
|
|