summaryrefslogtreecommitdiff
path: root/usr.sbin
AgeCommit message (Collapse)Author
2007-03-05in prefix_aggregate(), when we look at two neighbor prefixes, see wetherHenning Brauer
they can be expressed as one with shorter prefixlen. if so, adjust the first prefix accordingly and return 1 so the second gets removed. shrinks the ruleset for my AS from 19533 to 16892 rules.
2007-03-05do the prefix masking in network byte orderHenning Brauer
2007-03-05sort out more specifics and mark the less specific covering them in a wayHenning Brauer
that the resulting rule allows more specifics. i. e. 10.0.0.0/16, 10.0.1/24, 10.0.128/17 -> prefix 10.0.0.0/16 prefixlen <= 24 implementation: sort prefixes per AS by address family, prefix, prefixlen. for every entry, check wether the prefix with the previous entry's mask applied matches the previous entry's prefix & mask. Only move the previous pointer forward if not so. Fill the holes we create in the process on the fly; shrink the array afterwards. shrinks the generated filters for our AS from over 100k to under 20k lines.
2007-03-05switch to whois.radb.net. The RIPE whois server shows problems, indefinatelyHenning Brauer
hanging connection for a specific query (which works find against radb, investigating with ripe pplz), and ripe doesn't mirror some important RRs like ALTDB.
2007-03-05do not strip the header for expect, hash, and log actions.Reyk Floeter
since we have a tristate in relay_handle_http(), use nicer return codes defined to make it better readble (no function change).
2007-03-05store a maxlen with each prefix. if that is set, this prefix coversHenning Brauer
multiple route objects (i. e. is the result of maksing out longer prefixes or aggregation we'll do later). if maxlen is > prefixlen, generate rules accordingly (prefixlen <= maxlen)
2007-03-05prevent re-use of shit in pbuf from previous rulesHenning Brauer
2007-03-04correct include orderTheo de Raadt
2007-03-04rename struct prefix -> irr_prefixHenning Brauer
2007-03-04store prefixes in binary format. we'll need that for aggregation.Henning Brauer
discussed with pyr
2007-03-04for import rules, filter by source-as tooHenning Brauer
2007-03-04store peer AS numericallyHenning Brauer
2007-03-04pass pointer to struct policy_item down to print_rule() instead of 3 of itsHenning Brauer
members
2007-03-04document include, and commentsHenning Brauer
stolen from hostapd.conf.5
2007-03-04fix output format. spent too much time with RPSL...Henning Brauer
2007-03-04fix cass where the specification does not give the router address by usingHenning Brauer
"" instead of defaulting to NULL, which is a pain to handle afterwards. in the output function, treat empty string address like NULL address problem noticed by rivo nurges <rix@estpak.ee>
2007-03-04ran into an asset which has dangling , at eol in the member spec, leadingHenning Brauer
to us trying to add an empty-string AS, which asset_get later complains about. in parse_asset, check that we're no dealing with a empty string token before calling asset_addmember
2007-03-03sort; ok henningJason McIntyre
2007-03-03as-sets always begin with AS-, and aut-nums with AS[0-9], mandated by theHenning Brauer
RPSL spec and enforced by the IRR databases. teach asset_get this fact. only send queries for the as-set members for as-sets. since we now always fake an as-set for aut-nums, we don't need to escape the recursive as-set resolution process when we run into aut-num members. complain about and then ignore unresolvable as-set members.
2007-03-03make parse_response (and thus whois) return 0 for no object found, and n+1Henning Brauer
for object found with n matched attributes. this way we can distinguish between no object found and object without relevant attributes
2007-03-03start documenting irrfilter modeHenning Brauer
2007-03-03save macl/mach as well as fp registers, done with miod's helpTheo de Raadt
2007-03-03allow the directory for generated filter files to be set. defaults to cwdHenning Brauer
2007-03-03write output to files instead of stdoutHenning Brauer
2007-03-03add irrfilter mode.Henning Brauer
generates bgpd filter rules from the Internet Routing Registry aka IRR aka the aut-num, as-set and route objects in the RIPE, ARIN, APNIC ... databases accessed via whois, using the Routing Policy Specificaion Language RPSL. implement the whois query interface, an RPSL parser (of course only the parts we need), recursive as-set resolver, prefixes per AS lookup, and an ouput module to make up the rules. work in progress, not ready for general consumption yet. import agreed by theo & claudio
2007-03-02spaces and comment to sync to dhclient dhcp.h; no binary changeKevin Steves
2007-03-02pull in spaces array overflow fixes from dhclientHenning Brauer
the code here is slightly different, but also has the overfow in both cases
2007-03-02when the http read callback changes and some data is still left in theReyk Floeter
input buffer, we call the new callback to handle the remaining data. this change makes sure that we only do this after the read callback was actually changed (read header -> read content, read content -> read header, read chunks...) to avoid a possible loop which could happen in some rare cases.
2007-03-02Check if group exists before checking if group is local.Ray Lai
OK millert@.
2007-03-02Replace regex(3) routines with simple string searching and comparisonRay Lai
routines. OK millert@.
2007-03-01spell address correctly; ok jmc@ henning@David Krause
2007-03-01read buffer size must be >= max imsg size.Henning Brauer
after release we should revisit this issue, we can probably safely shrink the max imsg size. Valentin Kozamernik in PR5401
2007-02-28do status dampening for OK status as well, i. e.Henning Brauer
if a sensor is always bad, but sometimes goes OK for only a few seconds, we want to ignore that bogus change as well also fix setting if last_val. from Constantine, ok mickey
2007-02-28regenJakob Schlyter
2007-02-28remove bogus warning regarding OpenSSLJakob Schlyter
2007-02-28double word: a aDavid Krause
2007-02-28spelling: Multicast not MutlicastDavid Krause
2007-02-27replys -> replies;Jason McIntyre
2007-02-27open the db read-only if we're only looking. ok millert@ beck@Otto Moerbeek
deraadt@
2007-02-27in addition to actions on request headers, allow to define relayReyk Floeter
actions on response headers (the reply sent by backend HTTP servers). the default and slightly faster relay streaming mode will be used if no actions are defined. for example: response change "Server" to "OpenBSD-hoststated/4.1" ok pyr@
2007-02-27manpage clarification for the "change" and "append" relay actions.Reyk Floeter
from Tamas TEVESZ
2007-02-27tweaks;Jason McIntyre
2007-02-26Error out if the -t or -T options are specified without -a or -d.Todd C. Miller
OK beck@
2007-02-26kill the ``use ssl'' directive for consistency across parser directives.Pierre-Yves Ritschard
another heads up for testers: you need to change configuration files. ok reyk@
2007-02-26remove HTTP and HTTPS tokens, makes for cleaner parser.Pierre-Yves Ritschard
reorder other rules as well. ok reyk@
2007-02-26re-enable the -W flags except -Werror which behaves differently withReyk Floeter
different gcc versions (it previously broke the tree on sparc with gcc 2.95 when compiling sys/hash.h). -Werror removal suggested by deraadt@
2007-02-26sync the documentation with the latest change to require a 'header'Reyk Floeter
keyword for default relay actions. ok pyr@
2007-02-26solve some conflicts in the configuration parser.Pierre-Yves Ritschard
configuration will need to be updated as some directives have changed. manpage and examples bits coming up. ok reyk@
2007-02-26handle strlcpy return values, make lint happyReyk Floeter
2007-02-26better error handling for buffer I/O, fix the log actionReyk Floeter
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-04 09:56:31 +0000