From: Alberto Leiva Popper Date: Wed, 29 Nov 2023 23:43:04 +0000 (-0600) Subject: Protocolary updates for release 1.6.0 X-Git-Tag: 1.6.0^0 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=559b4f2e0bf15838554443ad678756d2712d2077;p=thirdparty%2FFORT-validator.git Protocolary updates for release 1.6.0 --- diff --git a/README.md b/README.md index f6d977ea..6350e736 100644 --- a/README.md +++ b/README.md @@ -1,20 +1,14 @@ # FORT Validator -An RPKI Validator and RTR Server, part of the [FORT project](https://www.fortproject.net). +An RPKI Relying Party and RTR Server. ## Documentation -FORT Validator's documentation (installation, usage, etc.) can be found at [https://nicmx.github.io/FORT-validator/](https://nicmx.github.io/FORT-validator/). - -If you wish to generate the docs by yourself, visit the [docs directory](docs/). +- [Home](https://nicmx.github.io/FORT-validator/index.html) +- [Installation](https://nicmx.github.io/FORT-validator/installation.html) +- [Usage](https://nicmx.github.io/FORT-validator/run.html) +- [Arguments](https://nicmx.github.io/FORT-validator/usage.html) ## Docker image -A Dockerfile to build the image is located at the [docker directory](docker/). - -## Quick start - -TL;DR all the docs, probably you just want to read: -- How to install? Visit [Compilation and Installation](https://nicmx.github.io/FORT-validator/installation.html). -- How to execute? Visit [Basic Usage](https://nicmx.github.io/FORT-validator/run.html) and [Program Arguments](https://nicmx.github.io/FORT-validator/usage.html). -- How to configure the router(s)? Visit [Routers](https://nicmx.github.io/FORT-validator/routers.html). +See the [docker/ directory](docker/). diff --git a/docs/usage.md b/docs/usage.md index 7cf753af..f70fdcb6 100644 --- a/docs/usage.md +++ b/docs/usage.md @@ -86,8 +86,6 @@ description: Guide to use arguments of FORT Validator. [--configuration-file=] [--tal=|] [--local-repository=] - [--sync-strategy=off|root|root-except-ta] - [--shuffle-uris=true|false] [--maximum-certificate-depth=] [--slurm=|] [--mode=server|standalone] @@ -102,19 +100,15 @@ description: Guide to use arguments of FORT Validator. [--server.interval.expire=] [--server.deltas.lifetime=] [--rsync.enabled=true|false] - [--rsync.priority=<32-bit unsigned integer>] - [--rsync.strategy=root|root-except-ta] + [--rsync.priority=] [--rsync.retry.count=] [--rsync.retry.interval=] - [--rrdp.enabled=true|false] - [--rrdp.priority=<32-bit unsigned integer>] - [--rrdp.retry.count=] - [--rrdp.retry.interval=] [--http.enabled=true|false] - [--http.priority=<32-bit unsigned integer>] + [--http.priority=] [--http.retry.count=] [--http.retry.interval=] [--http.user-agent=] + [--http.max-redirs=] [--http.connect-timeout=] [--http.transfer-timeout=] [--http.low-speed-limit=] @@ -139,11 +133,9 @@ description: Guide to use arguments of FORT Validator. [--output.bgpsec=] [--output.format=csv|json] [--asn1-decode-max-stack=] - [--stale-repository-period=] [--init-tals=true|false] [--init-as0-tals=true|false] [--thread-pool.server.max=] - [--thread-pool.validation.max=] ``` If an argument is specified more than once, the last one takes precedence: @@ -942,13 +934,13 @@ The configuration options are mostly the same as the ones from the `argv` interf 
{
 	"tal": "/tmp/fort/tal/",
-	"local-repository": "/tmp/fort/repository/",
+	"local-repository": "/tmp/fort/repository",
 	"work-offline": false,
-	"shuffle-uris": true,
 	"maximum-certificate-depth": 32,
 	"mode": "server",
 	"daemon": false,
 	"slurm": "/tmp/fort/test.slurm",
+	"asn1-decode-max-stack": 4096,
 
 	"server": {
 		"address": [
@@ -956,7 +948,7 @@ The configuration options are mostly the same as the ones from the `argv` interf
 			"2001:db8::1"
 		],
 		"port": "8323",
-		"backlog": 16,
+		"backlog": 4096,
 		"interval": {
 			"validation": 3600,
 			"refresh": 3600,
@@ -964,69 +956,69 @@ The configuration options are mostly the same as the ones from the `argv` interf
 			"expire": 7200
 		},
 		"deltas": {
-			"lifetime": 4
+			"lifetime": 2
 		}
 	},
 
 	"log": {
 		"enabled": true,
-		"level": "warning",
 		"output": "console",
-		"color-output": true,
-		"file-name-format": "file-name",
+		"level": "info",
+		"tag": "Operation",
 		"facility": "daemon",
-		"tag": "Operation"
+		"file-name-format": "global-url",
+		"color-output": false
 	},
 
 	"validation-log": {
 		"enabled": false,
-		"level": "warning",
 		"output": "console",
-		"color-output": true,
-		"file-name-format": "global-url",
+		"level": "warning",
+		"tag": "Validation",
 		"facility": "daemon",
-		"tag": "Validation"
+		"file-name-format": "global-url",
+		"color-output": false
 	},
 
 	"http": {
 		"enabled": true,
 		"priority": 60,
 		"retry": {
-			"count": 2,
-			"interval": 5
+			"count": 1,
+			"interval": 4
 		},
 		"user-agent": "{{ page.command }}/{{ site.fort-latest-version }}",
+		"max-redirs": 10,
 		"connect-timeout": 30,
 		"transfer-timeout": 0,
-		"low-speed-limit": 30,
+		"low-speed-limit": 100000,
 		"low-speed-time": 10,
-		"max-file-size": 10000000,
+		"max-file-size": 1000000000,
 		"ca-path": "/usr/local/ssl/certs"
 	},
 
 	"rsync": {
 		"enabled": true,
 		"priority": 50,
-		"strategy": "root-except-ta",
 		"retry": {
-			"count": 2,
-			"interval": 5
+			"count": 1,
+			"interval": 4
 		},
 		"program": "rsync",
 		"arguments-recursive": [
-			"--recursive",
+			"-rtz",
 			"--delete",
-			"--times",
+			"--omit-dir-times",
 			"--contimeout=20",
+			"--max-size=20MB",
 			"--timeout=15",
-			"$REMOTE",
-			"$LOCAL"
-		],
-		"arguments-flat": [
-			"--times",
-			"--contimeout=20",
-			"--timeout=15",
-			"--dirs",
+			"--include=*/",
+			"--include=*.cer",
+			"--include=*.crl",
+			"--include=*.gbr",
+			"--include=*.mft",
+			"--include=*.roa",
+			"--exclude=*",
 			"$REMOTE",
 			"$LOCAL"
 		]
@@ -1068,14 +1060,8 @@ The configuration options are mostly the same as the ones from the `argv` interf
 	"thread-pool": {
 		"server": {
 			"max": 20
-		},
-		"validation": {
-			"max": 5
 		}
-	},
-
-	"asn1-decode-max-stack": 4096,
-	"stale-repository-period": 43200
+	}
 }
diff --git a/man/fort.8 b/man/fort.8 index 1b237436..83311bee 100644 --- a/man/fort.8 +++ b/man/fort.8 @@ -1,4 +1,4 @@ -.TH fort 8 "2023-11-16" "v1.6.0" "FORT validator" +.TH fort 8 "2023-11-30" "v1.6.0" "FORT validator" .SH NAME fort \- RPKI validator and RTR server @@ -1187,23 +1187,23 @@ validating every 30 minutes, and printing the ROAs CSV in a file. This is an example of a valid JSON configuration file with all its members set to a specific value: .nf - { "tal": "/tmp/fort/tal/", - "local-repository": "/tmp/fort/repository/", + "local-repository": "/tmp/fort/repository", "work-offline": false, - "shuffle-uris": true, "maximum-certificate-depth": 32, "mode": "server", "daemon": false, "slurm": "/tmp/fort/test.slurm", + "asn1-decode-max-stack": 4096, + "server": { "address": [ "192.0.2.1", "2001:db8::1" ], "port": "8323", - "backlog": 64, + "backlog": 4096, "interval": { "validation": 3600, "refresh": 3600, @@ -1211,67 +1211,74 @@ to a specific value: "expire": 7200 }, "deltas": { - "lifetime": 4 + "lifetime": 2 } }, + "log": { "enabled": true, - "level": "warning", "output": "console", - "color-output": true, - "file-name-format": "local-path", + "level": "info", + "tag": "Operation", "facility": "daemon", - "tag": "Operation" + "file-name-format": "global-url", + "color-output": false }, + "validation-log": { "enabled": false, - "level": "warning", "output": "console", - "color-output": true, - "file-name-format": "local-path", + "level": "warning", + "tag": "Validation", "facility": "daemon", - "tag": "Validation" + "file-name-format": "global-url", + "color-output": false }, + "http": { "enabled": true, "priority": 60, "retry": { - "count": 2, - "interval": 5 + "count": 1, + "interval": 4 }, - "user-agent": "fort/1.5.1", + "user-agent": "fort/1.6.0", + "max-redirs": 10, "connect-timeout": 30, "transfer-timeout": 0, - "idle-timeout": 15, + "low-speed-limit": 100000, + "low-speed-time": 10, + "max-file-size": 1000000000, "ca-path": "/usr/local/ssl/certs" }, + "rsync": { "enabled": true, "priority": 50, - "strategy": "root-except-ta", "retry": { - "count": 2, - "interval": 5 + "count": 1, + "interval": 4 }, "program": "rsync", "arguments-recursive": [ - "--recursive", + "-rtz", "--delete", - "--times", - "--contimeout=20", - "--timeout=15", - "$REMOTE", - "$LOCAL" - ], - "arguments-flat": [ - "--times", + "--omit-dir-times", "--contimeout=20", + "--max-size=20MB", "--timeout=15", - "--dirs", + "--include=*/", + "--include=*.cer", + "--include=*.crl", + "--include=*.gbr", + "--include=*.mft", + "--include=*.roa", + "--exclude=*", "$REMOTE", "$LOCAL" ] }, + "incidences": [ { "name": "incid-hashalg-has-params", @@ -1298,20 +1305,18 @@ to a specific value: "action": "error" } ], + "output": { "roa": "/tmp/fort/roas.csv", "bgpsec": "/tmp/fort/bgpsec.csv", "format": "csv" }, + "thread-pool": { "server": { "max": 20 - }, - "validation": { - "max": 5 } - }, - "asn1-decode-max-stack": 4096 + } } .fi .RE diff --git a/test/Makefile.am b/test/Makefile.am index f3725581..6b528020 100644 --- a/test/Makefile.am +++ b/test/Makefile.am @@ -92,7 +92,7 @@ vrps_test_LDADD = ${MY_LDADD} ${JANSSON_LIBS} xml_test_SOURCES = xml_test.c xml_test_LDADD = ${MY_LDADD} ${XML2_LIBS} -EXTRA_DIST = mock.c +EXTRA_DIST = mock.c mock.h EXTRA_DIST += line_file/core.txt EXTRA_DIST += line_file/empty.txt EXTRA_DIST += line_file/error.txt diff --git a/test/cache/local_cache_test.c b/test/cache/local_cache_test.c index 2ba8fe5d..00751c63 100644 --- a/test/cache/local_cache_test.c +++ b/test/cache/local_cache_test.c @@ -17,7 +17,7 @@ #define TAL_FILE "test.tal" -struct rpki_cache *cache; +static struct rpki_cache *cache; static bool dl_error; /* Download should return error? */ @@ -30,8 +30,8 @@ struct downloaded_path { /* Paths downloaded during the test */ static SLIST_HEAD(downloaded_paths, downloaded_path) downloaded; -unsigned int rsync_counter; /* Times the rsync function was called */ -unsigned int https_counter; /* Times the https function was called */ +static unsigned int rsync_counter; /* Times the rsync function was called */ +static unsigned int https_counter; /* Times the https function was called */ int file_exists(char const *file) @@ -294,7 +294,7 @@ new_iteration(bool outdate) node->attempt.ts = epoch; } -void +static void cache_reset(struct rpki_cache *cache) { struct cache_node *node, *tmp; @@ -903,7 +903,7 @@ END_TEST /* Boilerplate */ -Suite *thread_pool_suite(void) +static Suite *thread_pool_suite(void) { Suite *suite; TCase *rsync , *https, *dot, *meta, *recover; diff --git a/test/data_structure/path_builder_test.c b/test/data_structure/path_builder_test.c index a8017d6b..f6a822f1 100644 --- a/test/data_structure/path_builder_test.c +++ b/test/data_structure/path_builder_test.c @@ -299,7 +299,7 @@ START_TEST(test_reverse) } END_TEST -Suite * +static Suite * pdu_suite(void) { Suite *suite; diff --git a/test/data_structure/uthash_test.c b/test/data_structure/uthash_test.c index 90ee0bad..98eec082 100644 --- a/test/data_structure/uthash_test.c +++ b/test/data_structure/uthash_test.c @@ -190,7 +190,7 @@ START_TEST(test_uri) } END_TEST -Suite *pdu_suite(void) +static Suite *pdu_suite(void) { Suite *suite; TCase *core, *uri; diff --git a/test/line_file_test.c b/test/line_file_test.c index 9a374da9..21a8f047 100644 --- a/test/line_file_test.c +++ b/test/line_file_test.c @@ -86,7 +86,7 @@ START_TEST(file_line_null_chara) } END_TEST -Suite *ghostbusters_suite(void) +static Suite *ghostbusters_suite(void) { Suite *suite; TCase *core, *limits, *errors; diff --git a/test/mock.c b/test/mock.c index aafba65f..195ebaab 100644 --- a/test/mock.c +++ b/test/mock.c @@ -2,7 +2,9 @@ #include #include +#include "config.h" #include "state.h" +#include "thread_var.h" #include "config/filename_format.h" #include "config/mode.h" #include "incidence/incidence.h" @@ -113,6 +115,5 @@ MOCK_TRUE(config_get_http_enabled, void) MOCK_UINT(config_get_http_priority, 60, void) MOCK_NULL(config_get_output_roa, char const *, void) MOCK_NULL(config_get_output_bgpsec, char const *, void) -MOCK_UINT(config_get_thread_pool_validation_max, 10, void) MOCK(config_get_op_log_filename_format, enum filename_format, FNF_NAME, void) MOCK(config_get_val_log_filename_format, enum filename_format, FNF_NAME, void) diff --git a/test/rrdp_test.c b/test/rrdp_test.c index 787e5cdb..40b7f79a 100644 --- a/test/rrdp_test.c +++ b/test/rrdp_test.c @@ -140,7 +140,7 @@ START_TEST(test_sort_deltas) } END_TEST -Suite *xml_load_suite(void) +static Suite *xml_load_suite(void) { Suite *suite; TCase *validate; diff --git a/test/rtr/db/db_table_test.c b/test/rtr/db/db_table_test.c index 16fa0b3a..fefb4ccb 100644 --- a/test/rtr/db/db_table_test.c +++ b/test/rtr/db/db_table_test.c @@ -164,7 +164,7 @@ START_TEST(test_basic) } END_TEST -Suite *pdu_suite(void) +static Suite *pdu_suite(void) { Suite *suite; TCase *core; diff --git a/test/rtr/db/deltas_array_test.c b/test/rtr/db/deltas_array_test.c index 50bafe25..562df338 100644 --- a/test/rtr/db/deltas_array_test.c +++ b/test/rtr/db/deltas_array_test.c @@ -11,7 +11,7 @@ #include "rtr/db/deltas_array.c" #define TOTAL_CREATED 15 -struct deltas *created[TOTAL_CREATED]; +static struct deltas *created[TOTAL_CREATED]; unsigned int config_get_deltas_lifetime(void) @@ -82,7 +82,7 @@ START_TEST(add_only) } END_TEST -Suite *address_load_suite(void) +static Suite *address_load_suite(void) { Suite *suite; TCase *core; diff --git a/test/rtr/db/rtr_db_mock.c b/test/rtr/db/rtr_db_mock.c index 700bbbc3..491f5956 100644 --- a/test/rtr/db/rtr_db_mock.c +++ b/test/rtr/db/rtr_db_mock.c @@ -49,21 +49,21 @@ add_rk(struct validation_handler *handler, uint32_t as) db_imp_spk, handler->arg)); } -int +static int __handle_roa_v4(uint32_t as, struct ipv4_prefix const *prefix, uint8_t max_length, void *arg) { return rtrhandler_handle_roa_v4(arg, as, prefix, max_length); } -int +static int __handle_roa_v6(uint32_t as, struct ipv6_prefix const *prefix, uint8_t max_length, void *arg) { return rtrhandler_handle_roa_v6(arg, as, prefix, max_length); } -int +static int __handle_router_key(unsigned char const *ski, struct asn_range const *range, unsigned char const *spk, void *arg) { diff --git a/test/rtr/db/vrps_test.c b/test/rtr/db/vrps_test.c index 74509208..ef8b727f 100644 --- a/test/rtr/db/vrps_test.c +++ b/test/rtr/db/vrps_test.c @@ -66,7 +66,7 @@ static const bool deltas_4to4[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, }; /* Mocks */ -unsigned int deltas_lifetime = 5; +static unsigned int deltas_lifetime = 5; MOCK_UINT(config_get_deltas_lifetime, deltas_lifetime, void) MOCK_ABORT_ENUM(config_get_output_format, output_format, void) @@ -416,7 +416,7 @@ START_TEST(test_delta_ovrd) } END_TEST -Suite *pdu_suite(void) +static Suite *pdu_suite(void) { Suite *suite; TCase *core; diff --git a/test/rtr/pdu_handler_test.c b/test/rtr/pdu_handler_test.c index 3f68c510..20e277f6 100644 --- a/test/rtr/pdu_handler_test.c +++ b/test/rtr/pdu_handler_test.c @@ -21,23 +21,6 @@ /* Mocks */ -struct rtr_buffer const * -pdustream_last_pdu_raw(struct pdu_stream *s) -{ - static unsigned char bytes[] = { - /* header */ - 1, 1, 7, 8, 0, 0, 0, 12, - /* serial number */ - 14, 15, 16, 17, - }; - static struct rtr_buffer buf = { - .bytes = bytes, - .bytes_len = sizeof(bytes), - }; - - return &buf; -} - MOCK_INT(slurm_apply, 0, struct db_table *base, struct db_slurm **slurm) MOCK_ABORT_VOID(db_slurm_destroy, struct db_slurm *db) @@ -136,14 +119,6 @@ init_serial_query(struct rtr_request *request, uint32_t serial) MOCK_UINT(config_get_deltas_lifetime, 5, void) -int -clients_get_rtr_version_set(int fd, bool *is_set, uint8_t *rtr_version) -{ - (*is_set) = true; - (*rtr_version) = RTR_V1; - return 0; -} - int send_cache_reset_pdu(int fd, uint8_t version) { @@ -413,7 +388,7 @@ START_TEST(test_bad_session_id) } END_TEST -Suite *pdu_suite(void) +static Suite *pdu_suite(void) { Suite *suite; TCase *core, *error; diff --git a/test/rtr/pdu_stream_test.c b/test/rtr/pdu_stream_test.c index 073479f1..9c763193 100644 --- a/test/rtr/pdu_stream_test.c +++ b/test/rtr/pdu_stream_test.c @@ -381,7 +381,7 @@ START_TEST(read_string_unicode_mix) } END_TEST -Suite *pdu_suite(void) +static Suite *pdu_suite(void) { Suite *suite; TCase *core, *errors, *string; diff --git a/test/tal_test.c b/test/tal_test.c index 635eefb3..b461ac42 100644 --- a/test/tal_test.c +++ b/test/tal_test.c @@ -43,8 +43,6 @@ MOCK_ABORT_INT(rrdp_update, struct rpki_uri *uri) MOCK(state_retrieve, struct validation *, NULL, void) MOCK_ABORT_PTR(validation_certstack, cert_stack, struct validation *state) MOCK_ABORT_VOID(validation_destroy, struct validation *state) -MOCK_ABORT_PTR(validation_get_notification_uri, rpki_uri, - struct validation *state) MOCK_ABORT_INT(validation_prepare, struct validation **out, struct tal *tal, struct validation_handler *validation_handler) MOCK_ABORT_ENUM(validation_pubkey_state, pubkey_state, struct validation *state) @@ -103,7 +101,7 @@ START_TEST(tal_load_normal) } END_TEST -Suite *tal_load_suite(void) +static Suite *tal_load_suite(void) { Suite *suite; TCase *core; diff --git a/test/thread_pool_test.c b/test/thread_pool_test.c index 12ce0222..071d08cc 100644 --- a/test/thread_pool_test.c +++ b/test/thread_pool_test.c @@ -61,7 +61,7 @@ START_TEST(tpool_multiple_work) } END_TEST -Suite *thread_pool_suite(void) +static Suite *thread_pool_suite(void) { Suite *suite; TCase *single, *multiple; diff --git a/test/types/address_test.c b/test/types/address_test.c index 8f1cfbfc..dfc6adae 100644 --- a/test/types/address_test.c +++ b/test/types/address_test.c @@ -161,7 +161,7 @@ START_TEST(check_encoding6_test) } END_TEST -Suite *address_load_suite(void) +static Suite *address_load_suite(void) { Suite *suite; TCase *core; diff --git a/test/types/serial_test.c b/test/types/serial_test.c index 494e8db9..c4ea20c7 100644 --- a/test/types/serial_test.c +++ b/test/types/serial_test.c @@ -120,7 +120,7 @@ START_TEST(rfc1982_section_5_2) } END_TEST -Suite *serial_suite(void) +static Suite *serial_suite(void) { Suite *suite; TCase *core; diff --git a/test/types/uri_test.c b/test/types/uri_test.c index 6ad5a001..73858667 100644 --- a/test/types/uri_test.c +++ b/test/types/uri_test.c @@ -10,18 +10,13 @@ /* Mocks */ -struct rpki_uri *notif; +static struct rpki_uri *notif; MOCK(state_retrieve, struct validation *, NULL, void) MOCK(validation_tal, struct tal *, NULL, struct validation *state) MOCK(tal_get_file_name, char const *, "test.tal", struct tal *tal) -MOCK(validation_get_notification_uri, struct rpki_uri *, notif, - struct validation *state) -MOCK_ABORT_INT(cache_download, struct rpki_uri *uri, bool *changed) MOCK_ABORT_INT(rrdp_update, struct rpki_uri *uri) -MOCK_ABORT_PTR(cache_recover, rpki_uri, struct uri_list *uris, - bool use_rrdp) /* Tests */ @@ -166,7 +161,7 @@ START_TEST(check_caged) } END_TEST -Suite *address_load_suite(void) +static Suite *address_load_suite(void) { Suite *suite; TCase *core; diff --git a/test/vcard_test.c b/test/vcard_test.c index e4086e76..1f079edc 100644 --- a/test/vcard_test.c +++ b/test/vcard_test.c @@ -99,7 +99,7 @@ START_TEST(vcard_normal) } END_TEST -Suite *ghostbusters_suite(void) +static Suite *ghostbusters_suite(void) { Suite *suite; TCase *hgv; diff --git a/test/xml_test.c b/test/xml_test.c index c5de4f6c..9e570575 100644 --- a/test/xml_test.c +++ b/test/xml_test.c @@ -73,7 +73,7 @@ START_TEST(relax_ng_valid) } END_TEST -Suite *xml_load_suite(void) +static Suite *xml_load_suite(void) { Suite *suite; TCase *validate;