| Age | Commit message (Collapse) | Author |
|---|
|
OK martijn@
|
|
Finally! We can remove kernel headers from vmctl.
ok mlarkin@
|
|
The object sent to vmm(4) contained file paths and details the
kernel does not need for cpu virtualization as device emulation is
in userland. Effectively, "pull up" the struct members from the
vm_create_params struct to the parent vmop_create_params struct.
This allows us to clean up some of vmd(8) and simplify things for
switching to having vmctl(8) open the "kernel" file (SeaBIOS, bsd.rd,
etc.) to allow users to boot recovery ramdisk kernels.
ok mlarkin@
|
|
media.
No functional change to existing behaviour.
|
|
first (DIR_VALID) but perfer the 2nd (DIR_TEMP) since this allows
rpki-client to move the equal files from .rrdp back into the valid
repo tree and so there are less unaccounted files for.
Problem noticed by and OK job@
|
|
/var/log/{messages,daemon} logs ENOENT as error on default configless vmd.
Only complain on explicitly passed files and print a debug hint under `-vv'
in case someone forgot to populate their /etc/vm.conf.
OK dv mlarkin
|
|
|
|
filesystem in the specified kernel.
No behaviour change to existing uses of rdsetroot.
Improved option handling & ok kn@
|
|
other
OK claudio@
|
|
Use execvp(2) to launch vm children with new address spaces.
Consequently, introduces use of unveil(2) into the vmm and vm
processes.
This imposes the requirement of launching vmd with absolute paths,
similar to sshd(8).
ok mlarkin@
|
|
from the very similar 'network show'.
|
|
OK tb@
|
|
prefix/rib dump functions.
OK tb@
|
|
OK tb@ jmc@
|
|
|
|
Moving some of the virtio devices to zero-copy approaches required
tracking the host-side virtual address for the gpa of virtqueues.
Upon a send/receive they are invalid as the restoring system will
most likely use a different address space layout.
Recompute the hva's on receive and NULL them on send.
ok mlarkin@
|
|
introduced with flowspec.
OK tb@
|
|
|
|
OK tb@
|
|
OK tb@
|
|
ASPA provider AS sets can include optional limitations to inet/inet6 these
limits are represented in the TAS_AID bit masks (2bits per AS).
Introduce a TAS_AID_SIZE() makro that returns the size in bytes of this
bit mask (rounded to the next uint32_t).
Without this change aspa objects with AID specific elements trigger a
fatal error condition when the config is loaded.
OK tb@ job@
|
|
|
|
other AFI
OK claudio@
|
|
This uses the flowspec.c file from bgpd and implements the output
for flowspec only for the text printer for now. That code uses a lot
of code from printconf.c
OK tb@
|
|
IMSG_FLOWSPEC_ADD and IMSG_FLOWSPEC_REMOVE received from bgpctl via SE.
OK tb@
|
|
Input and OK jmc@ tb@
|
|
|
|
the user has a restrictive mask, various items (new directories, @sample'd
files, /var/db/pkg entries, mandoc databases) end up not readable.
feedback/ok espie@
|
|
order.
|
|
|
|
and Loc-RIB. Flowspec objects are collected in a single flowrib RIB
and then directly distributed into the various Adj-RIB-Outs.
For this to work add a bypass in the filter logic (flowspec AFI/SAFI
are currently accepted without any rule). The filter language lacks
a way to allow prefixes based on AFI/SAFI which is the minimum needed.
OK tb@
|
|
|
|
In flowspec_cmp() make sure a deterministic sort is possible. Most error
cases are unreachable if flowspec NLRI are validated first (flowspec_valid).
In flowspec_valid() replace the assert like check with an error return.
OK tb@
|
|
In general people should use table-v2 which handles flowspec just fine.
OK tb@
|
|
Flowspec has no nexthop so adjust up_prep_adjout() to handle a NULL nexthop.
Add the MP_REACH encoding in up_generate_mp_reach for flowspec.
OK tb@
|
|
process tracks which prefixes are added / removed and issues the
corresponding imsg calls.
Right now the RDE does nothing with the received information.
OK tb@
|
|
Introduce pt_get_flow() and pt_add_flow() to lookup and insert flowspec
objects. Add pt_getflowspec() which works somewhat similar to pt_getaddr()
to extract the flowspec NLRI from a pt_entry.
Make pt_getaddr() to return the destination prefix of the flowspec rule and
handle flowspec in pt_write().
OK tb@
|
|
|
|
with the parser but that is for a later time to fix.
OK tb@
|
|
This fixes a few KNF issues and ugly line wrapping by using a local
version of nitems(); fix two bsearch() on top.
ok claudio
|
|
pfctl, in bgpd flowspec rules are written like pf rules (with a few
exceptions / extensions). As a result not all flowspec features are
available but that is OK.
OK tb@
|
|
|
|
RB trees. Mainly RB_FOREACH() walks form RB_MIN to RB_MAX so the most
preferred entry should be at RB_MIN.
OK tb@
|
|
like it was done for communities. Again a fair amount of token tables
disappear.
OK tb@
|
|
successful. Do not clear it all the time since that breaks the ANYTOKEN
fallback since it resets the just set address on the next argument.
OK tb@
|
|
Instead pass argc and argv as value and return the consumed number of
arguments in argsused (normally 1).
OK tb@
|
|
available inside match_token() and peek and consume argv[1] and for
ext-communities also argv[2].
OK tb@
|
|
Flowspec is excessivly flexible and large so there is no way to convert
the flowspec data into a struct bgpd_addr and it is better to keep it in
wireformat and add a few functions to validate and extract information
from the NLRI encoding.
OK tb@
|
|
the install media would grow too much, so use the same strategy as we
for stack protector and other things: disable them, just on the install
media
ok kettenis
|
|
ok jsg@
|
