| Age | Commit message (Collapse) | Author |
|---|
|
Suggested by martijn@, ok claudio@
|
|
Feedback by Olivier Cherrier, Hiltjo Posthuma, Mischa
OK benno@
|
|
Revision 1.21 removed the volatile from the cgi_inflight global but
accept_reserve() was not updated to match. OK florian@
|
|
|
|
queue element around once it is sent to the parser process. Instead just
keep a count of pending entities and make the parser send back the entity
type instead of the id (since this is the only field needed to figure out
what to do).
OK job@
|
|
data between processes. This completely decouples the write side.
rpki-client can't really use the imsg framework but it can use the ibuf
bits wich imsg is built on.
OK benno@ job@
|
|
VMs with addition package daemons were not given enough time to shutdown
gracefully.
|
|
synatx element with its optional / empty element. While this is needed for
redistribute statements it causes the conflicts in the interface sections
since there the statement can not be empty (this conflicts with empty new
lines handled in optnl). Add a dependonopt for redistribute statements
and make depend on no longer optional.
Also sync the curly bracket blocks (interface, area, ...) to be like
set blocks and the blocks in bgpd. This should result in more flexible
newline handling.
Tested by sthen@, benno@, Kapetanakis Giannis
OK benno@
|
|
pointed out by jsg@
|
|
|
|
ok florian@
|
|
|
|
Two things of note:
1) traphandler_v1translate now translates v1 traps to v2 traps in line with
RFC3584 section 3.1 before handing them over to the "command". This can
cause compatibility issues if you still receive v1 traps.
2) sysUpTime and snmpTrapOID are now always taken from the varbindlist,
which means that if you run snmpd with -N the names will now show up
numerical in the script, instead of by their full symbolic name.
lots of feedback and OK rob@
|
|
|
|
addr2sa needs to return NULL. Without this connection establishment fails
because bind is called with a bad sockaddr.
|
|
of the VPN address into a sockaddr but it allows to use log_sockaddr for
all cases of log_addr now.
OK florian@
|
|
Also change the startup code to use enum bgpd_process to select which
process needs to be run. Makes the code in my opinion easier to understand.
OK denis@
|
|
the system. While at use memcmp in prefixset_cmp() as well for address
checks.
OK florian@
|
|
IPv6 scoped addresses will print correctly.
OK tb@ florian@
|
|
used anywhere.
OK jan@
|
|
certificate file.
These files are not terribly big and they might become helpful if one
re-creates a certificate with additional or removed domains and
whishes to revoke the old cert (this part needs a bit of work to make
it convenient to do).
OK sthen
|
|
compared to the existing certificate on disk, automatically request a
new certificate without requiring -F.
(Previously the code using -F only coped with added SANs; if one was
removed in config then the certificate needed manual removal vefore
acme-client would work).
Name checks for -r (revocation) are kept as-is for now.
|
|
be in the right spot once tls_close() is handled by libevent.
suggested by jsing
|
|
In order to end a TLS connection regularly, an implementation MUST send a
close_notify alert. libtls does this in tls_close() via SSL_shutdown(),
so the socket had better still be open.
The incorrect order in server_close() caused a leak on each tls connection
due to a bug in libssl (fixed in tls_record_layer.c r1.56).
As pointed out by claudio, tls_close() should really be handled from the
main event loop. This will be addressed in a later commit.
ok claudio florian jsing
|
|
|
|
and were kept only for backward compatibility reasons.
ok mpi@ yasuoka@
|
|
While there, use the length calculated by vasprintf() instead of using
strlen needlessly.
ok claudio florian
|
|
ok florian
|
|
From gilles@
OK millert@ giovanni@
|
|
ok mvs@ kn@
|
|
before accessing anything in ifa_addr.
ok claudio@
|
|
before accessing anything in ifa_addr.
ok claudio@
|
|
before accessing anything in ifa_addr.
ok claudio@
|
|
and prefix-sets loaded into bgpd.
OK benno@
|
|
prefix-sets loaded into the RDE. For now only the number of prefixes or
asnumbers are shown plus the time since the last change was done to the table.
OK benno@
|
|
Bad IMSg name noticed by proctor@
|
|
Noticed by procter@
|
|
before accessing anything in ifa_addr.
ok claudio@
|
|
before accessing anything in ifa_addr. florian@ mentioned this might
be a problem in slaacd(8) and rad(8) after claudio@ fixed it in bgpd,
so i went looking...
ok claudio@
|
|
before accessing anything in ifa_addr.
ok claudio@
|
|
in the parent to a simple RB tree based on struct roa. With this overlapping
ROAs (same prefix & source-as but different maxlen) are now merged in the RDE
when the lookup trie is constructed.
OK benno@
|
|
OK claudio@
|
|
undocumented, at least for now;
|
|
before accessing anything in ifa_addr.
OK florian@
|
|
For network rtlabel and priority skip this check since there the operator
may actually want to distribute this network explicitly (even though it is
probably a reject or blackhole route).
Requested by dlg@ OK benno@
|
|
For http-01 this doesn't matter but I think this will be nicer for
dns-01 because there are propagation delays to consider and it will be
better to just put everything in DNS and then wait then wait after
each challenge.
Testing & OK sthen
|
|
leading to a crash. From gilles@
|
|
the sockaddr it contains, as expected by freeaddrinfo().
Move the allocation to a helper function for clarity.
comments from martijn@ millert@
ok millert@
|
|
The problem is that this timer only looks at the receive side of the TCP
session. If for some reason the send side stalls the system fully depends
on the remote BGP peer to reset the session. As seen in an ever growing
OutQ and as a result important changes can get stalled and cause routing
troubles.
This change introduces a SEND HOLD timer. The timer is reset whenever the
session engine was able to write data to the TCP socket. If the send hold
timer expires bgpd was not able to send any data to that neighbor for at
least 90 seconds and therefor the session is forcefully closed with a hold
timer expired notification.
The send hold timer acts as a last resort to detect faulty peers. On an
idle session it can take a long time until this timer triggers but the
main goal here is to reset a stuck session at some point which did not
happen before.
With and OK job@
|
|
From gilles@
|
