| Age | Commit message (Collapse) | Author |
|---|
|
|
|
With this bgpd.h no longer depends on net/route.h
OK tb@
|
|
The generic add-path code up_generate_addpath() reevaluates everything
since this is the simplest way to select the announced paths. For add-path
all this is overkill since there is no dependency between prefixes and so
individual prefixes can be handled more efficently.
Extend rde_generate_updates() to pass the current newbest and oldbest
prefixes (for the selected best path) but now also include newpath and
oldpath (which is the prefix that is added/removed/modified).
If newpath or oldpath is set then a single prefix was altered and
up_generate_addpath_all() can just remove or add this prefix.
If newpath and oldpath are NULL than the full list based on newbest
needs to be inserted and any old path/prefix removed in the process.
This improves update generation performance on big route collectors using
add-path all substantially.
OK tb@
|
|
|
|
the RTP_BGP and similar defines all into kroute.c and export them via
kr_default_prio() and kr_check_prio().
OK tb@
|
|
Use a per peer path_id_tx to assign to paths received from none add-path
enabled peers. This skips two extra walks of the RIB prefix list and is
a big speed-up when there are many regular sessions. If the session uses
add-path recv then the old way of assigning random path_ids needs to be
used.
With input and OK tb@
|
|
ok claudio
|
|
|
|
error types and other events that help analyze errors in larger setups.
The counters can be printed with 'ikectl show stats'.
ok bluhm@ patrick@
from and ok markus@
|
|
|
|
Connected routes have no gateway set but only have ifindex set.
When an interface is deconfigured this makes sure the right route is
removed.
OK tb@
|
|
amd64 install using (G)PT seems busted as reported by tb
|
|
Metrics can be found under mib-2.236 and VM-MIB (RFC7666).
Stress tested by and happy noises from Mischa Peters
OK dv@
|
|
value. The ber NULL case is there for when it was received via a PDU.
The NULL pointer case can happen if application.c runs into a timeout
or when a backend runs into problems.
The NULL pointer case however was overlooked in appl_varbind_valid and
results in an "missing value" error, (needlessly) terminating the
connection to the backend.
Found the hard way by Mischa Peters while stress testing agentx support
for vmd.
OK tb@, sthen@
|
|
while here, sort SYNOPSIS at the behest of ajacoutot;
ok ajacoutot
|
|
|
|
In some cases only a "small" part of the RIB needs to be looked at. Like
bgpctl show rib 10/8 or-longer that only needs to travers nodes under
10/8 all other RIB entries do not matter. By setting the start node to
the RB_NFIND(10/8) the all nodes below this point can be skipped.
Using prefix_compare() while walking the tree with RB_NEXT() the walker
know when it steps outside of the 10/8 subtree and stops.
With this the or-longer commands become a lot faster.
Looks good to tb@
|
|
underscore. This fixes acpidump on arm64. How this ever worked before
is unclear, but part of the puzzle is that we didn't properly check the
return value of the kvm_nlist(3) calls. So fix that too.
ok deraadt@, mglocker@
|
|
|
|
from josiah frentsos, tweaked by schwarze
ok schwarze
|
|
OK miod@
|
|
|
|
installboot(8) runs newfs(8) and fsck(8) via system(3) but only checks
failures of the function itself, always returning zero no matter what the
programs/shell returned.
This is bad for regress tests relying on correct return codes.
create_filesystem() itself must not exit as write_filesystem() calls it and
cleans up temporary files upon failure.
Make it return -1 if the script returned non-zero so write_filesystem()
handles it as error, cleans up and makes installboot exit 1.
Stop ignoring create_filesystem()'s return code in md_prepareboot() and
exit the same way.
Here's the change in behaviour on arm64 (newfs fails because of the
vnd/disklabel race, see "Race in disk_attach_callback?" on tech@):
# installboot -vp vnd0 ; echo $?
newfsing 6694ae5b0d7596ed.i
newfs_msdos: /dev/r6694ae5b0d7596ed.i: No such file or directory
0
# ./obj/installboot -vp vnd0 ; echo $?
newfsing 6694ae5b0d7596ed.i
newfs_msdos: /dev/r6694ae5b0d7596ed.i: No such file or directory
1
Tested on amd64 arm64 macppc octeon powerpc64 sparc64
OK millert
|
|
prefixlen. Even for IPv6 this is much faster than a full table walk.
OK tb@
|
|
|
|
Add an extra state to distinguish in between chunks CRLF handling from
the last chunk which can optionally have some trailer fields included.
rpki-client ignores these trailer header fields (they are also not common
it seems).
Also remove the empty line handling in http_parse_chunked() for explicit
checks in http_read(). Because of the extra state the switch back to
non-chunked mode can now be delayed until the transfer is over.
OK tb@
|
|
In many places the HTTP allows for extra spaces which need to be ignored.
Similar the chunked encoding extensions are separated from the chunk size
by a ':' but the spec also allows for bad whitespaces in all shapes and
forms. Adjust the logic in http_parse_chunked() to stop when the first
space, tab or ':' is seen. There is no need to check for newlines since
those are stripped by http_get_line().
OK tb@
|
|
RFC9112 allows any amount of space/tabs between the ':' and the value.
Until now this code required exactly one space which works most of the
time but is not RFC compliant.
Problem reported by Ties de Kock (tdekock (at) ripe.net)
OK tb@
|
|
Every platform ought to set `stages', `stage1' and optionally `stage2'
in md_init(), otherwise passing explicit files results won't work as
`stages' is zero-initialised and no default path is set:
# installboot -v sd0 /root/BOOTAA64.EFI
usage: installboot [-npv] [-r root] disk [stage1]
This is correct synopsis and ought to work, but efi_installboot.c has an
empty md_init(). Set stage bits to fix this:
# ./obj/installboot -nv sd0 /root/BOOTAA64.EFI
Using / as root
would install bootstrap on /dev/rsd0c
using first-stage /root/BOOTAA64.EFI
would copy /root/BOOTAA64.EFI to /tmp/installboot.2bGhLGT1eF/efi/boot/bootaa64.efi
would write /tmp/installboot.2bGhLGT1eF/efi/boot/startup.nsh
This makes regress/usr.sbin/installboot pass on armv7, arm64 and riscv64
(while being lucky or carrying miod's fix for the kernel disklabel race
manifesting on vnd).
|
|
OK tb@
|
|
|
|
If a providerAS sets an afiLimit, subsequent providerAS that don't set it
would erroneously inherit that limit. Zero out the provider at the top of
the loop to avoid this problem.
ok job
|
|
ok job
|
|
Running installboot(8) on softraid(4) volumes means installing stages on
every softraid chunk.
The overall idea is the same, but MD implementations differ.
sparc64_softraid.c's sr_install_bootblk() reuses sparc64_installboot.c's
md_installboot() for this.
For sparc64, md_installboot() does the copy of stage 2, usually
/usr/mdec/ofwboot to /ofwboot, so when `-r root' is passed, it prefixes the
file path with "root".
For single-disk installations (plain-disk and single-chunk softraid) this is
fine, but as soon as multiple chunks are used, md_installboot() currently
prefixes the path each time, obviously resulting in invalid paths starting
with the second run.
Other architectures do reuse md_installboot() as well but either don't do
such a copy or implement the prefixing differently -- plus they must support
softraid in the firt place to be able to hit this type of bug.
With this fixed, regress/usr.sbin/installboot finally passes on sparc64 and
installboot no longer fails at the end of a fresh installation onto softraid
with multiple chunks.
"looks correct" miod
|
|
OK claudio@
|
|
children to just before. That way the parent disasociates from its
controling terminal and shell, but not from its children.
Remove the dup2() bits that were copied from daemon() to solve the
problem that the children still had the stdio fds open. This is now
done in the parent earlier.
Remove the setsid() and setpgid(). It is unclear what their intent
was, but they dont seem to make sense, as daemon() covers this as well
and there seems to be no reason the cildren procs need to do that.
ok claudio@ bluhm@
|
|
Every platform ought to set `stages', `stage1' and optionally `stage2'
in md_init(), otherwise passing explicit files results won't work as
`stages' is zero-initialised and no default path is set:
# installboot -nv wd0 ./ofwboot
usage: installboot [-nv] [-r root] disk [stage1]
installboot [-nv] -p disk
This is correct synopsis and ought to work, but macppc_installboot.c
(others, too) has an empty md_init(). Set stage bits to fix this:
# ./obj/installboot -nv wd0 ./ofwboot
Using / as root
would install bootstrap on /dev/rwd0c
using first-stage ./ofwboot
would copy ./ofwboot to /tmp/installboot.Ymmm6QU8OJ/ofwboot
Using `stage1' leads to a bit more cleanup since early MI installboot.c
handles `-r', i.e. write_filesystem() no longer has needs to do the
fileprefix() dance itself.
This makes regress/usr.sbin/installboot pass on macppc (while being lucky
or carrying miod's fix for the kernel disklabel race manifesting on vnd).
OK gkoehler
|
|
|
|
elements
The RSC ASN.1 templates make it impossible to pass an RFC3779-style inherit option
because of the use of ConstrainedIPAddressFamily and ConstrainedASIdentifiers.
OK tb@
|
|
Unify conformance checking of Trust Anchors, ROAs, ASPAs, RSCs - none of which
may have any 'inherit' elements in the RFC 3779 IP/AS Resources extension of
the X509 certificate.
OK tb@
|
|
to track the parent repository id of a publication point.
Nomenclature is confusing but not much we can do here.
OK tb@ job@
|
|
While currently everyone only uses a single location, the spec allows for
multiple locations ordered by preference. While rpki-client does not
support more than one location this should not be a fatal error. Instead,
pick the first location and warn if there are more than one.
ok job
|
|
ok claudio job (as part of a larger diff)
|
|
|
|
OK tb@
|
|
With this rpki-client has a chance to still finish and produce an output
even when a CA is excessivly slow and holds back progress.
With and OK benno@ tb@ and job@
|
|
The intent of the i8254 read-back command is (most likely) to permit
simultaneously latching two or three counters at once along with their
statuses.
To simulate this, we should compute olatch from one timestamp per
read-back command, not one timestamp per counter.
Improved with a tweak by dv@.
Link: https://marc.info/?l=openbsd-tech&m=166213670605453&w=2
ok dv@ mlarkin@
|
|
OK tb@ job@
|
|
then just failing the repo fetch but leaving the backends running.
OK tb@
|
|
The abort is done in a way that waits for any inflight files or http
requests to finish before removing the rrdp state and before sending
the rrdp done message indicating failure.
OK tb@ and benno@
|
