From: Alberto Leiva Popper Date: Tue, 9 Nov 2021 02:10:05 +0000 (-0600) Subject: Protocolary updates for release 1.5.3 X-Git-Tag: 1.5.3^0 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8f333929d55117db8ab85c08ed705a76119d4498;p=thirdparty%2FFORT-validator.git Protocolary updates for release 1.5.3 --- diff --git a/configure.ac b/configure.ac index a19747f7..a813f8ff 100644 --- a/configure.ac +++ b/configure.ac @@ -2,8 +2,7 @@ # Process this file with autoconf to produce a configure script. AC_PREREQ([2.69]) -AC_INIT([fort], [m4_esyscmd_s([git describe --dirty --always --tags])], - [fort-validator@nic.mx]) +AC_INIT([fort], [1.5.3], [fort-validator@nic.mx]) AC_CONFIG_SRCDIR([src/main.c]) AM_INIT_AUTOMAKE([subdir-objects]) diff --git a/docs/_config.yml b/docs/_config.yml index 7803c0ed..5ad8d195 100644 --- a/docs/_config.yml +++ b/docs/_config.yml @@ -8,7 +8,7 @@ defaults: layout: "default" image: "/img/logo_validador_og.png" -fort-latest-version: 1.5.2 +fort-latest-version: 1.5.3 plugins: - jekyll-seo-tag - jekyll-sitemap diff --git a/docs/usage.md b/docs/usage.md index 3f8c1c2c..967444e2 100644 --- a/docs/usage.md +++ b/docs/usage.md @@ -763,7 +763,7 @@ The value Fort employs as [CURLOPT_LOW_SPEED_TIME](https://curl.haxx.se/libcurl/ It is the number of seconds that the transfer speed should be below `--http.low-speed-limit` for the Fort to consider it too slow. (Slow connections are dropped.) -See [`--http.low-speed-limit`](#--httplow-speed-limit). +See [`--http.low-speed-limit`](#--httplow-speed-limit) for an example. ### `--http.max-file-size` @@ -776,7 +776,13 @@ The maximum amount of bytes files are allowed to length during HTTP transfers. F This is intended to prevent malicious RPKI repositories from stagnating Fort. -As of 2021-10-05, the largest legitimate file in the repositories is an RRDP snapshot that weights ~150 megabytes. +As of 2021-10-05, the largest legitimate file in the repositories is an RRDP snapshot that weights ~150 megabytes. (But will double in size during key rollover.) + +This configuration value is _transient_. It is expected that the IETF will eventually standardize a more versatile means to prevent unbounded file transfers. In particular, because RRDP snapshots tend to grow over time, `--http.max-file-size`'s default value will likely eventually be exceeded by legitimate files. + +Watch out for the following warning in the operation logs: + + File size exceeds 50% of the configured limit ### `--http.ca-path` @@ -831,7 +837,7 @@ If `--output.roa` is omitted, the ROAs are not printed. - **Type:** String (Path to file) - **Availability:** `argv` and JSON -> ![Warning!](img/warn.svg) BGPsec certificate validation has been disabled in version 1.5.2 because of [this bug](https://github.com/NICMx/FORT-validator/issues/58). It will be restored in version 1.5.3. +> ![Warning!](img/warn.svg) BGPsec certificate validation has been disabled in version 1.5.2 because of [this bug](https://github.com/NICMx/FORT-validator/issues/58). It will be restored in version 1.5.4. File where the BGPsec Router Keys (found during each validation run) will be stored. See [`--output.format`](#--outputformat). diff --git a/man/fort.8 b/man/fort.8 index b14e792f..1dfd4ddc 100644 --- a/man/fort.8 +++ b/man/fort.8 @@ -1,4 +1,4 @@ -.TH fort 8 "2021-10-19" "v1.5.2" "FORT validator" +.TH fort 8 "2021-11-09" "v1.5.3" "FORT validator" .SH NAME fort \- RPKI validator and RTR server @@ -845,20 +845,35 @@ By default, it has a value of \fI0\fR. .RE .P -.B \-\-http.idle\-timeout=\fIUNSIGNED_INTEGER\fR +.B \-\-low\-speed\-limit=\fIUNSIGNED_INTEGER\fR .RS 4 -Maximum time in seconds (once the connection is established) that the request -can be idle. +The value Fort employs as CURLOPT_LOW_SPEED_LIMIT during every HTTP transfer. .P -Once the connection is established with the server, and if the request stops -receiving data for at least \fBhttp.idle-timeout\fR seconds, the connection -will be dropped. A value of \fI0\fR disables idle time verification (use with -caution). +"Abort connection if slower than LIMIT bytes/sec during TIME seconds." .P -The value specified (either by the argument or the default value) is utilized -in libcurl’s option \fICURLOPT_LOW_SPEED_TIME\fR. +(See \-\-low\-speed\-time.) +.P +Default: \fI100000\fR (100 KB/s) +.RE +.P + +.B \-\-low\-speed\-time=\fIUNSIGNED_INTEGER\fR +.RS 4 +The value Fort employs as CURLOPT_LOW_SPEED_TIME during every HTTP transfer. +.P +"Abort connection if slower than LIMIT bytes/sec during TIME seconds." +.P +(See \-\-low\-speed\-limit.) +.P +Default: \fI10\fR +.RE +.P + +.B \-\-http\.max\-file\-size=\fIUNSIGNED_INTEGER\fR +.RS 4 +Maximum amount of bytes files are allowed to length during HTTP transfers. .P -By default, it has a value of \fI15\fR. +Default: \fI1000000000\fR (1 GB) .RE .P @@ -1460,7 +1475,7 @@ well as some dummy Router Keys (BGPsec) info: .\".SH COPYRIGHT .\" FORT-validator 2021 -.\" Licensed under the blah blah... +.\" MIT License .SH SEE ALSO .B Regular man pages diff --git a/src/Makefile.am b/src/Makefile.am index 7d227a19..f323d665 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -113,7 +113,6 @@ fort_SOURCES += rtr/rtr.c rtr/rtr.h fort_SOURCES += rtr/db/db_table.c rtr/db/db_table.h fort_SOURCES += rtr/db/delta.c rtr/db/delta.h fort_SOURCES += rtr/db/deltas_array.c rtr/db/deltas_array.h -fort_SOURCES += rtr/db/roa.h fort_SOURCES += rtr/db/vrps.c rtr/db/vrps.h fort_SOURCES += slurm/db_slurm.c slurm/db_slurm.h