59. [`incidences`](#incidences)
3. [Deprecated arguments](#deprecated-arguments)
1. [`--sync-strategy`](#--sync-strategy)
- 2. [`--rrdp.enabled`](#--rrdpenabled)
- 3. [`--rrdp.priority`](#--rrdppriority)
- 4. [`--rrdp.retry.count`](#--rrdpretrycount)
- 5. [`--rrdp.retry.interval`](#--rrdpretryinterval)
- 60. [`init-locations`](#init-locations)
41. [`--http.idle-timeout`](#--httpidle-timeout)
## Syntax
- `root`: will be the same as `--rsync.strategy=root`, see [`root`](#root).
- `root-except-ta`: will be the same as `--rsync.strategy=root-except-ta`, see [`root-except-ta`](#root-except-ta).
-### `--rrdp.enabled`
-
-- **Type:** Boolean (`true`, `false`)
-- **Availability:** `argv` and JSON
-- **Default:** `true`
-
->  This argument **is DEPRECATED**. Use [`--http.enabled`](#--httpenabled) instead.
-
-### `--rrdp.priority`
-
-- **Type:** Integer
-- **Availability:** `argv` and JSON
-- **Default:** 60
-- **Range:** 0--100
-
->  This argument **is DEPRECATED**. Use [`--http.priority`](#--httppriority) instead.
-
-### `--rrdp.retry.count`
-
-- **Type:** Integer
-- **Availability:** `argv` and JSON
-- **Default:** 2
-- **Range:** 0--[`UINT_MAX`](http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/limits.h.html)
-
->  This argument **is DEPRECATED**. Use [`--http.retry.count`](#--httpretrycount) instead.
-
-### `--rrdp.retry.interval`
-
-- **Type:** Integer
-- **Availability:** `argv` and JSON
-- **Default:** 5
-- **Range:** 0--[`UINT_MAX`](http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/limits.h.html)
-
->  This argument **is DEPRECATED**. Use [`--http.retry.interval`](#--httpretryinterval) instead.
-
-### `init-locations`
-
-- **Type:** JSON Object array
-- **Availability:** JSON only
-
->  This argument is deprecated. I don't know why it exists; just do normal wgets or curls instead. As of Fort 1.5.1, it does nothing. The documentation below applies to 1.5.0 and below.
-
-List of URLs from where the TALs will be fetched when [`--init-tals`](#--init-tals) is utilized. Each URL can have an optional `accept-message` that will be displayed at the terminal. When this message is displayed, the word **"yes"** is expected by FORT to download the corresponding TAL file; this way an explicit acceptance is obtained to comply with the printed message.
-
-By default it has 4 URLs from each TAL that doesn't require and explicit politics acceptance by the user, and 1 URL that does have an acceptance message so that FORT can proceed with its download.
-
-This is a JSON array of objects, where each object has a mandatory `url` member, and an optional `accept-message` member. The default value is:
-
-```
-"init-locations": [
- {
- "url": "https://www.arin.net/resources/manage/rpki/arin.tal",
- "accept-message": "Please download and read ARIN Relying Party Agreement (RPA) from https://www.arin.net/resources/manage/rpki/rpa.pdf. Once you've read it and if you agree ARIN RPA, type 'yes' to proceed with ARIN's TAL download:"
- },
- {
- "url": "https://raw.githubusercontent.com/NICMx/FORT-validator/master/examples/tal/lacnic.tal"
- },
- {
- "url": "https://raw.githubusercontent.com/NICMx/FORT-validator/master/examples/tal/ripe.tal"
- },
- {
- "url": "https://raw.githubusercontent.com/NICMx/FORT-validator/master/examples/tal/afrinic.tal"
- },
- {
- "url": "https://raw.githubusercontent.com/NICMx/FORT-validator/master/examples/tal/apnic.tal"
- }
-]
-```
-
### `--http.idle-timeout`
- **Type:** Integer
fort_SOURCES += config/mode.c config/mode.h
fort_SOURCES += config/incidences.h config/incidences.c
fort_SOURCES += config/output_format.h config/output_format.c
-fort_SOURCES += config/init_tals.h config/init_tals.c
-fort_SOURCES += config/rrdp_conf.h config/rrdp_conf.c
fort_SOURCES += config/rsync_strategy.h config/rsync_strategy.c
fort_SOURCES += config/str.c config/str.h
fort_SOURCES += config/string_array.h config/string_array.c
fort_SOURCES += config/types.h
fort_SOURCES += config/uint.c config/uint.h
-fort_SOURCES += config/uint32.c config/uint32.h
-fort_SOURCES += config/work_offline.c config/work_offline.h
fort_SOURCES += crypto/base64.h crypto/base64.c
fort_SOURCES += crypto/hash.h crypto/hash.c
#include "log.h"
#include "config/boolean.h"
#include "config/incidences.h"
-#include "config/init_tals.h"
-#include "config/rrdp_conf.h"
#include "config/str.h"
#include "config/uint.h"
-#include "config/uint32.h"
-#include "config/work_offline.h"
/**
* To add a member to this structure,
*
* 1. Add it.
- * 2. Add its metadata somewhere in @groups.
- * 3. Add default value to set_default_values().
- * 4. Create the getter.
+ * 2. Add default value to set_default_values().
+ * 3. Create the getter.
*
* Assuming you don't need to create a data type, that should be all.
*/
char *program;
struct {
struct string_array flat;
- /*
- * Not actually --recursive.
- * It's used to fetch RPPs, so it uses --dirs.
- */
struct string_array recursive;
} args;
} rsync;
- struct {
- /* Enables the protocol */
- bool enabled;
- /*
- * Priority, this will override the order set at the CAs in
- * their accessMethod extension.
- */
- unsigned int priority;
- /* Retry conf, utilized on errors */
- struct {
- /* Maximum number of retries on error */
- unsigned int count;
- /* Interval (in seconds) between each retry */
- unsigned int interval;
- } retry;
- } rrdp;
-
struct {
/* Enables the protocol */
bool enabled;
/* Download AS0 TALs into --tal? */
bool init_tal0s;
- /* Deprecated; currently does nothing. */
- unsigned int init_tal_locations;
-
/* Thread pools for specific tasks */
struct {
/* Threads related to RTR server */
}, {
.id = 1005,
.name = "work-offline",
- .type = >_work_offline,
+ .type = >_bool,
.offset = offsetof(struct rpki_config, work_offline),
- .doc = "Disable all outgoing requests (rsync, http (implies RRDP)) and work only with local repository files.",
+ .doc = "Disable all outgoing requests (rsync, HTTP) and work only with local repository files.",
}, {
.id = 1006,
.name = "daemon",
}, {
.id = 3001,
.name = "rsync.priority",
- .type = >_uint32,
+ .type = >_uint,
.offset = offsetof(struct rpki_config, rsync.priority),
.doc = "Priority of execution to fetch repositories files, a higher value means higher priority",
.min = 0,
.max = 0,
},
- /* RRDP fields */
- {
- .id = 10000,
- .name = "rrdp.enabled",
- .type = >_rrdp_enabled,
- .offset = offsetof(struct rpki_config, rrdp.enabled),
- .doc = "Enables RRDP execution. Deprecated; use 'http.enabled' instead.",
- }, {
- .id = 10001,
- .name = "rrdp.priority",
- .type = >_rrdp_priority,
- .offset = offsetof(struct rpki_config, rrdp.priority),
- .doc = "Priority of execution to fetch repositories files, a higher value means higher priority. Deprecated; use 'http.priority' instead.",
- .min = 0,
- .max = 100,
- }, {
- .id = 10002,
- .name = "rrdp.retry.count",
- .type = >_rrdp_retry_count,
- .offset = offsetof(struct rpki_config, rrdp.retry.count),
- .doc = "Maximum amount of retries whenever there's an error fetching RRDP files. Deprecated; use 'http.retry.count' instead.",
- .min = 0,
- .max = UINT_MAX,
- }, {
- .id = 10003,
- .name = "rrdp.retry.interval",
- .type = >_rrdp_retry_interval,
- .offset = offsetof(struct rpki_config, rrdp.retry.interval),
- .doc = "Period (in seconds) to wait between retries after an error ocurred fetching RRDP files. Deprecated; use 'http.retry.interval' instead.",
- .min = 0,
- .max = UINT_MAX,
- },
-
/* HTTP requests parameters */
{
.id = 9000,
.name = "http.enabled",
- .type = >_rrdp_enabled,
+ .type = >_bool,
.offset = offsetof(struct rpki_config, http.enabled),
.doc = "Enables outgoing HTTP requests",
}, {
.id = 9001,
.name = "http.priority",
- .type = >_rrdp_priority,
+ .type = >_uint,
.offset = offsetof(struct rpki_config, http.priority),
.doc = "Priority of execution to fetch repositories files, a higher value means higher priority",
.min = 0,
}, {
.id = 9002,
.name = "http.retry.count",
- .type = >_rrdp_retry_count,
+ .type = >_uint,
.offset = offsetof(struct rpki_config, http.retry.count),
.doc = "Maximum amount of retries whenever there's an error requesting HTTP URIs",
.min = 0,
}, {
.id = 9003,
.name = "http.retry.interval",
- .type = >_rrdp_retry_interval,
+ .type = >_uint,
.offset = offsetof(struct rpki_config, http.retry.interval),
.doc = "Period (in seconds) to wait between retries after an error ocurred doing HTTP requests",
.min = 0,
.offset = offsetof(struct rpki_config, init_tal0s),
.doc = "Fetch the currently-known AS0 TAL files into --tal",
.availability = AVAILABILITY_GETOPT,
- }, {
- .id = 11001,
- .name = "init-locations",
- .type = >_init_tals_locations,
- .offset = offsetof(struct rpki_config, init_tal_locations),
- .doc = "Deprecated. Does nothing as of Fort 1.5.1.",
- .availability = AVAILABILITY_JSON,
},
{
set_default_values(void)
{
static char const *recursive_rsync_args[] = {
- "--dirs",
+ "--recursive",
"--delete",
"--times",
"--contimeout=20",
rpki_config.http.max_file_size = 1000000000;
rpki_config.http.ca_path = NULL; /* Use system default */
- /*
- * TODO (later) Same values as http.*, delete when rrdp.* is fully
- * deprecated
- */
- rpki_config.rrdp.enabled = rpki_config.http.enabled;
- rpki_config.rrdp.priority = rpki_config.http.priority;
- rpki_config.rrdp.retry.count = rpki_config.http.retry.count;
- rpki_config.rrdp.retry.interval = rpki_config.http.retry.interval;
-
rpki_config.log.color = false;
rpki_config.log.filename_format = FNF_GLOBAL;
rpki_config.log.level = LOG_WARNING;
rpki_config.stale_repository_period = 43200; /* 12 hours */
rpki_config.init_tals = false;
- rpki_config.init_tal_locations = 0;
/* Common scenario is to connect 1 router or a couple of them */
rpki_config.thread_pool.server.max = 20;
return rpki_config.thread_pool.validation.max;
}
-void
-config_set_rsync_enabled(bool value)
-{
- rpki_config.rsync.enabled = value;
-}
-
-void
-config_set_http_enabled(bool value)
-{
- rpki_config.http.enabled = value;
-}
-
void
free_rpki_config(void)
{
if (is_rpki_config_field(option) && option->type->free != NULL)
option->type->free(get_rpki_config_field(option));
}
-
-/*
- * "To be deprecated" section
- */
-void
-config_set_rrdp_enabled(bool value)
-{
- rpki_config.rrdp.enabled = value;
-}
-
-void
-config_set_rrdp_priority(unsigned int value)
-{
- rpki_config.rrdp.priority = value;
-}
-
-void
-config_set_http_priority(unsigned int value)
-{
- rpki_config.http.priority = value;
-}
-
-void
-config_set_rrdp_retry_count(unsigned int value)
-{
- rpki_config.rrdp.retry.count = value;
-}
-
-void
-config_set_http_retry_count(unsigned int value)
-{
- rpki_config.http.retry.count = value;
-}
-
-void
-config_set_rrdp_retry_interval(unsigned int value)
-{
- rpki_config.rrdp.retry.interval = value;
-}
-
-void
-config_set_http_retry_interval(unsigned int value)
-{
- rpki_config.http.retry.interval = value;
-}
enum log_output config_get_val_log_output(void);
uint32_t config_get_val_log_facility(void);
-/*
- * Public, so that work-offline can set them, or (to be deprecated)
- * sync-strategy when set to 'off'.
- */
-void config_set_rsync_enabled(bool);
-void config_set_http_enabled(bool);
-/* TODO (later) Deprecated */
-void config_set_rrdp_enabled(bool);
-
-/* TODO (later) Remove once rrdp.* is fully deprecated */
-void config_set_rrdp_priority(unsigned int);
-void config_set_http_priority(unsigned int);
-void config_set_rrdp_retry_count(unsigned int);
-void config_set_http_retry_count(unsigned int);
-void config_set_rrdp_retry_interval(unsigned int);
-void config_set_http_retry_interval(unsigned int);
-
/* Needed public by the JSON module */
void *get_rpki_config_field(struct option_field const *);
struct option_field const *get_option_metadatas(void);
+++ /dev/null
-#include "config/init_tals.h"
-
-static int
-init_tals_parse_json(struct option_field const *opt, json_t *json, void *result)
-{
- /* This is deprecated. Please delete it in the future. */
- return 0;
-}
-
-const struct global_type gt_init_tals_locations = {
- .print = NULL,
- .parse.json = init_tals_parse_json,
-};
+++ /dev/null
-#ifndef SRC_CONFIG_INIT_TALS_H_
-#define SRC_CONFIG_INIT_TALS_H_
-
-#include "config/types.h"
-
-extern const struct global_type gt_init_tals_locations;
-
-#endif /* SRC_CONFIG_INIT_TALS_H_ */
+++ /dev/null
-#include "config/rrdp_conf.h"
-
-#include <getopt.h>
-#include <stdbool.h>
-#include <string.h>
-#include "config.h"
-#include "log.h"
-#include "config/boolean.h"
-#include "config/uint.h"
-#include "config/uint32.h"
-
-/*
- * Note that this is just a wrapper to set rrdp.* arguments and its equivalent
- * http.* args.
- *
- * TODO (later) This wrapper will live until all rrdp.* args are fully
- * deprecated.
- */
-
-#define DEREFERENCE_BOOL(void_value) (*((bool *) void_value))
-#define DEREFERENCE_UINT32(void_value) (*((uint32_t *) void_value))
-#define DEREFERENCE_UINT(void_value) (*((unsigned int *) void_value))
-
-static int
-set_rrdp_enabled(char const *name, bool value)
-{
- /* Warn about future deprecation */
- if (strcmp(name, "rrdp.enabled") == 0)
- pr_op_warn("'rrdp.enabled' is deprecated; use 'http.enabled' instead.");
-
- config_set_rrdp_enabled(value);
- config_set_http_enabled(value);
- return 0;
-}
-
-static int
-set_priority(char const *name, uint32_t value)
-{
- /* Warn about future deprecation */
- if (strcmp(name, "rrdp.priority") == 0)
- pr_op_warn("'rrdp.priority' is deprecated; use 'http.priority' instead.");
-
- config_set_rrdp_priority(value);
- config_set_http_priority(value);
- return 0;
-}
-
-static int
-set_retry_count(char const *name, unsigned int value)
-{
- /* Warn about future deprecation */
- if (strcmp(name, "rrdp.retry.count") == 0)
- pr_op_warn("'rrdp.retry.count' is deprecated; use 'http.retry.count' instead.");
-
- config_set_rrdp_retry_count(value);
- config_set_http_retry_count(value);
- return 0;
-}
-
-static int
-set_retry_interval(char const *name, unsigned int value)
-{
- /* Warn about future deprecation */
- if (strcmp(name, "rrdp.retry.interval") == 0)
- pr_op_warn("'rrdp.retry.interval' is deprecated; use 'http.retry.interval' instead.");
-
- config_set_rrdp_retry_interval(value);
- config_set_http_retry_interval(value);
- return 0;
-}
-
-int
-parse_argv_enabled(struct option_field const *field, char const *str,
- void *result)
-{
- int error;
-
- error = parse_argv_bool(field, str, result);
- if (error)
- return error;
-
- return set_rrdp_enabled(field->name, DEREFERENCE_BOOL(result));
-}
-
-int
-parse_json_enabled(struct option_field const *opt, struct json_t *json,
- void *result)
-{
- int error;
-
- error = parse_json_bool(opt, json, result);
- if (error)
- return error;
-
- return set_rrdp_enabled(opt->name, DEREFERENCE_BOOL(result));
-}
-
-int
-parse_argv_priority(struct option_field const *field, char const *str,
- void *result)
-{
- int error;
-
- error = parse_argv_uint32(field, str, result);
- if (error)
- return error;
-
- return set_priority(field->name, DEREFERENCE_UINT32(result));
-}
-
-int
-parse_json_priority(struct option_field const *opt, json_t *json, void *result)
-{
- int error;
-
- error = parse_json_uint32(opt, json, result);
- if (error)
- return error;
-
- return set_priority(opt->name, DEREFERENCE_UINT32(result));
-}
-
-int
-parse_argv_retry_count(struct option_field const *field, char const *str,
- void *result)
-{
- int error;
-
- error = parse_argv_uint(field, str, result);
- if (error)
- return error;
-
- return set_retry_count(field->name, DEREFERENCE_UINT(result));
-}
-
-int
-parse_json_retry_count(struct option_field const *opt, json_t *json,
- void *result)
-{
- int error;
-
- error = parse_json_uint(opt, json, result);
- if (error)
- return error;
-
- return set_retry_count(opt->name, DEREFERENCE_UINT(result));
-}
-
-int
-parse_argv_retry_interval(struct option_field const *field, char const *str,
- void *result)
-{
- int error;
-
- error = parse_argv_uint(field, str, result);
- if (error)
- return error;
-
- return set_retry_interval(field->name, DEREFERENCE_UINT(result));
-}
-
-int
-parse_json_retry_interval(struct option_field const *opt, json_t *json,
- void *result)
-{
- int error;
-
- error = parse_json_uint(opt, json, result);
- if (error)
- return error;
-
- return set_retry_interval(opt->name, DEREFERENCE_UINT(result));
-}
-
-const struct global_type gt_rrdp_enabled = {
- .has_arg = optional_argument,
- .size = sizeof(bool),
- .print = print_bool,
- .parse.argv = parse_argv_enabled,
- .parse.json = parse_json_enabled,
- .arg_doc = "true|false",
-};
-
-const struct global_type gt_rrdp_priority = {
- .has_arg = required_argument,
- .size = sizeof(uint32_t),
- .print = print_uint32,
- .parse.argv = parse_argv_priority,
- .parse.json = parse_json_priority,
- .arg_doc = "<32-bit unsigned integer>",
-};
-
-const struct global_type gt_rrdp_retry_count = {
- .has_arg = required_argument,
- .size = sizeof(unsigned int),
- .print = print_uint,
- .parse.argv = parse_argv_retry_count,
- .parse.json = parse_json_retry_count,
- .arg_doc = "<unsigned integer>",
-};
-
-const struct global_type gt_rrdp_retry_interval = {
- .has_arg = required_argument,
- .size = sizeof(unsigned int),
- .print = print_uint,
- .parse.argv = parse_argv_retry_interval,
- .parse.json = parse_json_retry_interval,
- .arg_doc = "<unsigned integer>",
-};
+++ /dev/null
-#ifndef SRC_CONFIG_RRDP_CONF_H_
-#define SRC_CONFIG_RRDP_CONF_H_
-
-#include "config/types.h"
-
-extern const struct global_type gt_rrdp_enabled;
-extern const struct global_type gt_rrdp_priority;
-extern const struct global_type gt_rrdp_retry_count;
-extern const struct global_type gt_rrdp_retry_interval;
-
-#endif /* SRC_CONFIG_RRDP_CONF_H_ */
+++ /dev/null
-#include "config/uint32.h"
-
-#include <getopt.h>
-#include <errno.h>
-#include <stdlib.h>
-
-#include "log.h"
-#include "config/uint.h"
-
-void
-print_uint32(struct option_field const *field, void *value)
-{
- pr_op_info("%s: %u", field->name, *((uint32_t *) value));
-}
-
-int
-parse_argv_uint32(struct option_field const *field, char const *str,
- void *result)
-{
- unsigned int tmp;
- int error;
-
- error = parse_argv_uint(field, str, &tmp);
- if (error)
- return error;
-
- /* Range already validated (from field->min and field->max). */
- *((uint32_t *) result) = tmp;
- return 0;
-}
-
-int
-parse_json_uint32(struct option_field const *opt, json_t *json, void *result)
-{
- unsigned int tmp;
- int error;
-
- error = parse_json_uint(opt, json, &tmp);
- if (error)
- return error;
-
- /* Range already validated (from opt->min and opt->max). */
- *((uint32_t *) result) = tmp;
- return 0;
-}
-
-const struct global_type gt_uint32 = {
- .has_arg = required_argument,
- .size = sizeof(uint32_t),
- .print = print_uint32,
- .parse.argv = parse_argv_uint32,
- .parse.json = parse_json_uint32,
- .arg_doc = "<32-bit unsigned integer>",
-};
+++ /dev/null
-#ifndef SRC_CONFIG_UINT32_H_
-#define SRC_CONFIG_UINT32_H_
-
-#include "config/types.h"
-
-extern const struct global_type gt_uint32;
-
-void print_uint32(struct option_field const *, void *);
-int parse_argv_uint32(struct option_field const *, char const *, void *);
-int parse_json_uint32(struct option_field const *, json_t *, void *);
-
-#endif /* SRC_CONFIG_UINT32_H_ */
+++ /dev/null
-#include "config/work_offline.h"
-
-#include <getopt.h>
-#include <stdbool.h>
-
-#include "config.h"
-#include "config/boolean.h"
-
-#define DEREFERENCE(void_value) (*((bool *) void_value))
-
-static int
-parse_argv_offline(struct option_field const *field, char const *str, void *result)
-{
- int error;
-
- error = parse_argv_bool(field, str, result);
- if (error)
- return error;
-
- config_set_rsync_enabled(!DEREFERENCE(result));
- config_set_rrdp_enabled(!DEREFERENCE(result));
- config_set_http_enabled(!DEREFERENCE(result));
-
- return 0;
-}
-
-static int
-parse_json_offline(struct option_field const *opt, struct json_t *json,
- void *result)
-{
- int error;
-
- error = parse_json_bool(opt, json, result);
- if (error)
- return error;
-
- config_set_rsync_enabled(!DEREFERENCE(result));
- config_set_rrdp_enabled(!DEREFERENCE(result));
- config_set_http_enabled(!DEREFERENCE(result));
-
- return 0;
-}
-
-const struct global_type gt_work_offline = {
- .has_arg = optional_argument,
- .size = sizeof(bool),
- .print = print_bool,
- .parse.argv = parse_argv_offline,
- .parse.json = parse_json_offline,
- .arg_doc = "true|false",
-};
+++ /dev/null
-#ifndef SRC_CONFIG_WORK_OFFLINE_H_
-#define SRC_CONFIG_WORK_OFFLINE_H_
-
-extern const struct global_type gt_work_offline;
-
-#endif /* SRC_CONFIG_WORK_OFFLINE_H_ */
projects / thirdparty / FORT-validator.git / commitdiff
