![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / usr.sbin / rpki-client
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.33 / (download) - annotate - [select for diffs], Thu Feb 22 12:49:42 2024 UTC (3 months, 1 week ago) by job
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
HEAD
Changes since 1.32: +4 -4 lines
Diff to previous 1.32 (colored)
Add support for RPKI Signed Prefix Lists Signed Prefix List are a CMS protected content type for use with the RPKI to carry the complete list of prefixes which an Autonomous System may originate to all or any of its routing peers. The validation of a Signed Prefix List confirms that the holder of the listed ASN produced the object, and that this list is a current, accurate and complete description of address prefixes that may be announced into the routing system originated by this AS. https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-rpki-prefixlist with and OK claudio@ tb@
Revision 1.32 / (download) - annotate - [select for diffs], Sat Feb 3 14:30:47 2024 UTC (3 months, 4 weeks ago) by job
Branch: MAIN
Changes since 1.31: +2 -3 lines
Diff to previous 1.31 (colored)
Refactor handling of stale manifests No need to hoist a staleness indicator through the whole process and count it explicitly. OK tb@
Revision 1.31 / (download) - annotate - [select for diffs], Wed Apr 26 16:32:41 2023 UTC (13 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_7_4_BASE,
OPENBSD_7_4
Changes since 1.30: +9 -9 lines
Diff to previous 1.30 (colored)
Improve accounting by tracking things by repo and tal. This fixes some wrong accounting for repositories that are referenced from more than one TAL. It changes the ometric lable output a little bit since there are repository metrics that no longer include the 'name' label. OK tb@
Revision 1.30 / (download) - annotate - [select for diffs], Wed Apr 19 12:58:16 2023 UTC (13 months, 1 week ago) by jsg
Branch: MAIN
Changes since 1.29: +1 -2 lines
Diff to previous 1.29 (colored)
remove duplicate includes
Revision 1.29 / (download) - annotate - [select for diffs], Thu Dec 15 12:02:29 2022 UTC (17 months, 2 weeks ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE,
OPENBSD_7_3
Changes since 1.28: +19 -16 lines
Diff to previous 1.28 (colored)
Rework statistic collection to be per repository and add metric output option Many statistic values are now accounted by repository via repo_stat_inc() At end of the run sum_stats() accumulates these stats per TAL and globally. The new output file metrics is written when the -m output flag is specified. The metrics file is written in OpenMetrics format (with a few tweaks to allow node_exporter to parse the file as well). The ometric code is a copy from bgpctl(8) and should be kept in sync. OK tb@
Revision 1.28 / (download) - annotate - [select for diffs], Fri Nov 4 13:01:19 2022 UTC (18 months, 3 weeks ago) by tb
Branch: MAIN
Changes since 1.27: +2 -2 lines
Diff to previous 1.27 (colored)
Add missing field initializer. ok claudio
Revision 1.27 / (download) - annotate - [select for diffs], Tue Aug 30 18:56:49 2022 UTC (21 months ago) by job
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2
Changes since 1.26: +5 -4 lines
Diff to previous 1.26 (colored)
Add support for ASPA objects (draft-ietf-sidrops-aspa-profile-10) ASPA objects are published in the RPKI and can be used to detect and mitigate BGP route leaks. Validated ASPA Payloads are visible through filemode (-f) and the JSON output format (-j). With feedback from tb@ OK claudio@ tb@
Revision 1.26 / (download) - annotate - [select for diffs], Wed Apr 20 15:29:24 2022 UTC (2 years, 1 month ago) by tb
Branch: MAIN
Changes since 1.25: +3 -4 lines
Diff to previous 1.25 (colored)
Print UTC time with gmtime() This replaces a strange hack that sets TZ=UTC and calls localtime(). Tweak format string to keep printing UTC. ok claudio
Revision 1.25 / (download) - annotate - [select for diffs], Tue Apr 19 13:52:24 2022 UTC (2 years, 1 month ago) by claudio
Branch: MAIN
Changes since 1.24: +2 -2 lines
Diff to previous 1.24 (colored)
Change type of talsz and dependent code from size_t to int. Tal ids are already stored as int and and talsz is the limit for these ids. OK tb@
Revision 1.21.2.1 / (download) - annotate - [select for diffs], Tue Nov 9 13:41:19 2021 UTC (2 years, 6 months ago) by benno
Branch: OPENBSD_6_9
Changes since 1.21: +25 -12 lines
Diff to previous 1.21 (colored) next main 1.22 (colored)
rpki-client(8) should handle CA misbehaviours as soft-errors. This is a merge of usr.sbin/rpki-client and usr.bin/rsync from current and includes all commits in rpki-client 7.5 up to Tue Nov 9 11:03:40 2021 and to openrsync up to Wed Nov 3 14:42:13 2021, including: * Make rpki-client more resilient regarding untrusted input: - fail repository synchronisation after 15min runtime - limit the number of publication points per TAL - don't allow DOCTYPE definitions in RRDP XML files - fix detection of HTTP redirect loops. * limit the number of concurrent rsync processes. * fix CRLF in tal files. This is patches/6.9/common/021_rpki.patch.sig
Revision 1.21.6.1 / (download) - annotate - [select for diffs], Tue Nov 9 13:40:32 2021 UTC (2 years, 6 months ago) by benno
Branch: OPENBSD_7_0
Changes since 1.21: +25 -12 lines
Diff to previous 1.21 (colored) next main 1.22 (colored)
rpki-client(8) should handle CA misbehaviours as soft-errors. This is a merge of usr.sbin/rpki-client and usr.bin/rsync from current and includes all commits in rpki-client 7.5 up to Tue Nov 9 11:03:40 2021 and to openrsync up to Wed Nov 3 14:42:13 2021, including: * Make rpki-client more resilient regarding untrusted input: - fail repository synchronisation after 15min runtime - limit the number of publication points per TAL - don't allow DOCTYPE definitions in RRDP XML files - fix detection of HTTP redirect loops. * limit the number of concurrent rsync processes. * fix CRLF in tal files. This is patches/7.0/common/004_rpki.patch.sig
Revision 1.24 / (download) - annotate - [select for diffs], Thu Nov 4 11:32:55 2021 UTC (2 years, 6 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.23: +20 -9 lines
Diff to previous 1.23 (colored)
Instead of passing tal descriptions around just pass a tal id and use a small lookup table to print the description in the output path. OK tb@
Revision 1.23 / (download) - annotate - [select for diffs], Mon Nov 1 17:00:34 2021 UTC (2 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.22: +4 -5 lines
Diff to previous 1.22 (colored)
Further simplify cert and auth handling. Move common code into auth_insert and skip this distinction between invalid and failed certificates. The difference between the to is getting more and more blurry. OK tb@
Revision 1.22 / (download) - annotate - [select for diffs], Mon Oct 11 16:50:03 2021 UTC (2 years, 7 months ago) by job
Branch: MAIN
Changes since 1.21: +7 -4 lines
Diff to previous 1.21 (colored)
Add support for BGPsec Router Certificates (RFC 8209) BGPsec router keys are extracted from RPKI certificates and emitted via the JSON output in base64 encoded form. OK tb@ claudio@
Revision 1.21 / (download) - annotate - [select for diffs], Tue Mar 2 09:08:59 2021 UTC (3 years, 3 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_6_9_BASE
Branch point for: OPENBSD_7_0,
OPENBSD_6_9
Changes since 1.20: +3 -5 lines
Diff to previous 1.20 (colored)
Open both the cachedir and outputdir early and use fchdir(2) to switch between the two. OK deraadt@ job@
Revision 1.20 / (download) - annotate - [select for diffs], Thu Feb 18 10:10:20 2021 UTC (3 years, 3 months ago) by claudio
Branch: MAIN
Changes since 1.19: +28 -1 lines
Diff to previous 1.19 (colored)
All the code for output handling was moved to output.c some time ago. Also move the license that came along with it to output.c.
Revision 1.19 / (download) - annotate - [select for diffs], Wed Dec 9 11:29:04 2020 UTC (3 years, 5 months ago) by claudio
Branch: MAIN
Changes since 1.18: +3 -1 lines
Diff to previous 1.18 (colored)
Validate ghostbuster records (RFC 6493) but for now do nothing with the provided vcard payload. This change verifies the certificate of the .gbr file and makes sure it is valid (like we do for e.g. .roa files). OK job@
Revision 1.18 / (download) - annotate - [select for diffs], Fri Nov 6 05:42:43 2020 UTC (3 years, 6 months ago) by tb
Branch: MAIN
Changes since 1.17: +3 -3 lines
Diff to previous 1.17 (colored)
8 spaces -> tab
Revision 1.17 / (download) - annotate - [select for diffs], Sat Sep 12 15:46:48 2020 UTC (3 years, 8 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8
Changes since 1.16: +1 -3 lines
Diff to previous 1.16 (colored)
Include openssl/x509.h in extern.h since it uses a few of the typedefs from there in structs and prototypes. Remove the openssl/ssl.h and other strange openssl includes in the .c files that don't use openssl specific functions. OK beck@ and tb@
Revision 1.16 / (download) - annotate - [select for diffs], Thu May 14 20:49:04 2020 UTC (4 years ago) by job
Branch: MAIN
Changes since 1.15: +2 -2 lines
Diff to previous 1.15 (colored)
be little bit more verbose what went wrong in mkostemp
Revision 1.15 / (download) - annotate - [select for diffs], Sun May 3 20:24:02 2020 UTC (4 years ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.14: +6 -4 lines
Diff to previous 1.14 (colored)
Use strftime() rather than ctime() to generate timestamps nicer. ok job, input claudio benno
Revision 1.14 / (download) - annotate - [select for diffs], Sun May 3 19:41:54 2020 UTC (4 years ago) by deraadt
Branch: MAIN
Changes since 1.13: +2 -2 lines
Diff to previous 1.13 (colored)
Make it clear the date is in UTC. ok job
Revision 1.13 / (download) - annotate - [select for diffs], Thu Apr 30 13:46:39 2020 UTC (4 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.12: +4 -2 lines
Diff to previous 1.12 (colored)
Place elapsed, user, and system time for processing in the comment headers. ok job benno claudio
Revision 1.12 / (download) - annotate - [select for diffs], Tue Apr 28 15:04:05 2020 UTC (4 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.11: +17 -20 lines
Diff to previous 1.11 (colored)
re-organize statistics printing code, to make it less verbose and more readable.
Revision 1.11 / (download) - annotate - [select for diffs], Tue Apr 28 13:41:35 2020 UTC (4 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.10: +43 -4 lines
Diff to previous 1.10 (colored)
Print statistics as comments at the top of the files which can take comments. ok claudio job
Revision 1.10 / (download) - annotate - [select for diffs], Sat Apr 11 15:23:23 2020 UTC (4 years, 1 month ago) by benno
Branch: MAIN
Changes since 1.9: +2 -2 lines
Diff to previous 1.9 (colored)
remove a __unused attribute, it's obvious and complicates things. ok claudio@
Revision 1.9 / (download) - annotate - [select for diffs], Tue Mar 10 14:22:26 2020 UTC (4 years, 2 months ago) by jca
Branch: MAIN
Changes since 1.8: +15 -12 lines
Diff to previous 1.8 (colored)
Narrow the visibility of some functions and variables local to output.c Also make the outputs table const. Based on a suggestion from claudio@, ok deraadt@ claudio@
Revision 1.8 / (download) - annotate - [select for diffs], Mon Mar 9 23:50:01 2020 UTC (4 years, 2 months ago) by jca
Branch: MAIN
Changes since 1.7: +12 -6 lines
Diff to previous 1.7 (colored)
Ensure that we properly flush, close and rename temporary output files Makes sure we don't feed an incomplete/garbage file to consumers. Input and ok claudio@ deraadt@
Revision 1.7 / (download) - annotate - [select for diffs], Mon Mar 9 23:44:32 2020 UTC (4 years, 2 months ago) by jca
Branch: MAIN
Changes since 1.6: +3 -3 lines
Diff to previous 1.6 (colored)
logx->warn, we want to know why operations on output files failed ok claudio@ deraadt@
Revision 1.6 / (download) - annotate - [select for diffs], Fri Mar 6 17:36:42 2020 UTC (4 years, 2 months ago) by benno
Branch: MAIN
Changes since 1.5: +4 -2 lines
Diff to previous 1.5 (colored)
generate 3 different outputs for BIRD: - bird v1 with IPv4 routes - bird v1 with IPv6 routes - bird v2 when using command line option -B. BIRD v2 output from Robert Scheck, robert AT fedoraproject DOT org time_t cast hint from jca@, and tested by job@ ok deraadt@ claudio@
Revision 1.5 / (download) - annotate - [select for diffs], Thu Dec 19 16:32:44 2019 UTC (4 years, 5 months ago) by claudio
Branch: MAIN
Changes since 1.4: +17 -14 lines
Diff to previous 1.4 (colored)
Fix output loop to not stop when the first unused output format is encountered. Fixes rpki-client -j which did not produce any output before. Found by and OK job@
Revision 1.4 / (download) - annotate - [select for diffs], Fri Dec 6 09:27:12 2019 UTC (4 years, 5 months ago) by claudio
Branch: MAIN
Changes since 1.3: +2 -3 lines
Diff to previous 1.3 (colored)
Don't hardcode the cache directory for rpki-client. If started as root rpki-client will use the defaults for cache and output directory. If not started as root users need to provide both directories as arguments. While there switch from absolute path names to relative ones. For this the parser and rsync process do a chdir(2) to the cache directory on startup. OK benno@
Revision 1.3 / (download) - annotate - [select for diffs], Wed Dec 4 23:03:05 2019 UTC (4 years, 5 months ago) by benno
Branch: MAIN
Changes since 1.2: +3 -3 lines
Diff to previous 1.2 (colored)
use return x; instead of return (x);, like all other files here. ok deraadt@
Revision 1.2 / (download) - annotate - [select for diffs], Wed Dec 4 23:01:54 2019 UTC (4 years, 5 months ago) by benno
Branch: MAIN
Changes since 1.1: +5 -21 lines
Diff to previous 1.1 (colored)
reduce includes to the required minimum. ok deraadt@
Revision 1.1 / (download) - annotate - [select for diffs], Wed Dec 4 12:40:17 2019 UTC (4 years, 5 months ago) by deraadt
Branch: MAIN
split output management code into seperate file. iterate over output methods using a table. detect output truncation (for instance filesystem full) and don't overwrite previous output ok claudio