]> git.ipfire.org Git - thirdparty/FORT-validator.git/log
thirdparty/FORT-validator.git
6 years agoRandom TODO patching
Alberto Leiva Popper [Tue, 23 Apr 2019 21:57:04 +0000 (16:57 -0500)] 
Random TODO patching

6 years agoOptimize the ROA code
Alberto Leiva Popper [Wed, 10 Apr 2019 21:58:11 +0000 (16:58 -0500)] 
Optimize the ROA code

Changed a bunch of arraylists into a tree. Helps with substantially
reducing comparisons needed to compute deltas.

6 years agoPurge nonstandard data types `u_intXX_t`
Alberto Leiva Popper [Mon, 8 Apr 2019 19:49:38 +0000 (14:49 -0500)] 
Purge nonstandard data types `u_intXX_t`

6 years agoMerge remote-tracking branch 'rtrserver/master'
Alberto Leiva Popper [Thu, 4 Apr 2019 18:45:23 +0000 (12:45 -0600)] 
Merge remote-tracking branch 'rtrserver/master'

Checkpoint: console validation is stable, server is not.

6 years agoHandle SIGINT signal to terminate client threads
pcarana [Tue, 2 Apr 2019 20:55:32 +0000 (14:55 -0600)] 
Handle SIGINT signal to terminate client threads

6 years agoAdd compilation warnings, and rename VRP struct property
pcarana [Tue, 2 Apr 2019 20:54:17 +0000 (14:54 -0600)] 
Add compilation warnings, and rename VRP struct property

6 years agoDon't consider AS 0 as a valid ASN
pcarana [Mon, 1 Apr 2019 23:47:12 +0000 (17:47 -0600)] 
Don't consider AS 0 as a valid ASN

6 years agoAdd RTR server configuration docs
pcarana [Mon, 1 Apr 2019 22:27:38 +0000 (16:27 -0600)] 
Add RTR server configuration docs

6 years agoUpdate README
pcarana [Mon, 1 Apr 2019 22:26:48 +0000 (16:26 -0600)] 
Update README

6 years agoAdd some fixes (errors, mem leak, error report PDU)
pcarana [Fri, 29 Mar 2019 21:38:36 +0000 (15:38 -0600)] 
Add some fixes (errors, mem leak, error report PDU)

-Return errors as negative
-Fix mem leak at clients.c
-Send received PDU header at error PDU when client session ID doesn't match server's session ID

6 years agoRemove clients on communication errors
pcarana [Fri, 29 Mar 2019 19:51:06 +0000 (13:51 -0600)] 
Remove clients on communication errors

6 years agoAdd read/write semaphores at deltas DB
pcarana [Fri, 29 Mar 2019 18:34:39 +0000 (12:34 -0600)] 
Add read/write semaphores at deltas DB

6 years agoUse semaphores at clients DB, create common read lock funcs
pcarana [Thu, 28 Mar 2019 23:31:25 +0000 (17:31 -0600)] 
Use semaphores at clients DB, create common read lock funcs

6 years agoUpdate baseurl to 'FORT-validator'
pcarana [Thu, 28 Mar 2019 16:16:03 +0000 (10:16 -0600)] 
Update baseurl to 'FORT-validator'

6 years agoFix bug: the summary was sending wrong data due to bad mem copy
pcarana [Wed, 27 Mar 2019 23:37:54 +0000 (17:37 -0600)] 
Fix bug: the summary was sending wrong data due to bad mem copy

6 years agoDon't rely on in6_addr.s6_addr32, serialize IPv6 byte by byte
pcarana [Wed, 27 Mar 2019 21:34:03 +0000 (15:34 -0600)] 
Don't rely on in6_addr.s6_addr32, serialize IPv6 byte by byte

6 years agoRemove some memleaks reported by Valgrind
pcarana [Wed, 27 Mar 2019 17:41:34 +0000 (11:41 -0600)] 
Remove some memleaks reported by Valgrind

-Make threads joinable and implement a destroy function used by the main thread (here all the threads are joined).
-Start the updates_daemon until the server socket is correctly binded.
-Valgrind reports some leaks on abnormal termination, so these will be handled later.

6 years agoReturn success when the VRPs location doesn't exists (useful for cron)
pcarana [Mon, 25 Mar 2019 23:10:06 +0000 (17:10 -0600)] 
Return success when the VRPs location doesn't exists (useful for cron)

6 years agoUpdate the READMEs
Alberto Leiva Popper [Mon, 25 Mar 2019 22:58:10 +0000 (16:58 -0600)] 
Update the READMEs

6 years agoAdd instructions to run
Alberto Leiva Popper [Mon, 25 Mar 2019 21:08:12 +0000 (15:08 -0600)] 
Add instructions to run

6 years agoAdd documentation draft
Alberto Leiva Popper [Mon, 25 Mar 2019 07:55:44 +0000 (01:55 -0600)] 
Add documentation draft

6 years agoPatch TOML parsing quirks found while documenting
Alberto Leiva Popper [Sun, 24 Mar 2019 23:34:04 +0000 (17:34 -0600)] 
Patch TOML parsing quirks found while documenting

- Was complaining about missing optional fields
- Was freeing fields using the wrong function

6 years agoPatch Valgrind's "still reachable" memory leak
Alberto Leiva Popper [Sat, 23 Mar 2019 01:26:33 +0000 (19:26 -0600)] 
Patch Valgrind's "still reachable" memory leak

The thread variable destructor is not being called on normal
program termination. Not sure why. Maybe it's only meant for
thread interruption.

It was easily fixed with a normal destructor.

6 years agoAvoid some memory leaks
pcarana [Fri, 22 Mar 2019 23:27:00 +0000 (17:27 -0600)] 
Avoid some memory leaks

6 years agoRedo #4.
Alberto Leiva Popper [Fri, 22 Mar 2019 19:59:16 +0000 (13:59 -0600)] 
Redo #4.

After discussing it further still, we decided to add another
synchronization strategy, which behaves as requested in the issue.

The new strategy is `root-except-ta`. As its name implies, it
behaves as `root` mode, except for the root certificate, which is
synchronized in `strict` mode.

This way we get the best of both worlds: If the root certificate
is known to reside in the same repository as everything else, the
user can choose `root` and synchronize as fast as possible.
On the other hand, if the user does not want to download the entire
repository until the root certificate has been validated, they can
choose `root-except-ta`.

6 years agoUse warn(x) to log, don't start server without conf file
pcarana [Fri, 22 Mar 2019 18:07:04 +0000 (12:07 -0600)] 
Use warn(x) to log, don't start server without conf file

6 years agoSeparate recursive from non-recursive RSYNCs
Alberto Leiva Popper [Fri, 22 Mar 2019 17:50:36 +0000 (11:50 -0600)] 
Separate recursive from non-recursive RSYNCs

Wraps up #4 properly.

6 years agoRemove some TODOs and add some fixes.
pcarana [Fri, 22 Mar 2019 16:08:42 +0000 (10:08 -0600)] 
Remove some TODOs and add some fixes.

-Deltas creation is responsibility of vrps.c, so remove it from csv.c
-Remove unnecessary storage from heap (vrp structs, base DB an delta DB) and avoid some mem leaks.
-Change 'delta_resume' to 'delta_summary'.
-Handle error codes that were ignored.

6 years agoImplement callback for clients DB cleanup
pcarana [Fri, 22 Mar 2019 15:50:24 +0000 (09:50 -0600)] 
Implement callback for clients DB cleanup

6 years agoChange the default sync strategy to root
Alberto Leiva Popper [Fri, 22 Mar 2019 01:23:33 +0000 (19:23 -0600)] 
Change the default sync strategy to root

Fixes #6.

6 years agoRedo RFC 7935
Alberto Leiva Popper [Fri, 22 Mar 2019 01:19:20 +0000 (19:19 -0600)] 
Redo RFC 7935

It's a little faster, and also adds some missing validations.

6 years agoPatch memory leak
Alberto Leiva Popper [Thu, 21 Mar 2019 21:49:04 +0000 (15:49 -0600)] 
Patch memory leak

Probably fixes #5.

6 years agoGet the last bits of time shifting its value
pcarana [Thu, 21 Mar 2019 17:13:33 +0000 (11:13 -0600)] 
Get the last bits of time shifting its value

6 years agoRemove unnecessary indexing at some pointers
pcarana [Thu, 21 Mar 2019 15:09:44 +0000 (09:09 -0600)] 
Remove unnecessary indexing at some pointers

6 years agoFix several TODOs of review
pcarana [Thu, 21 Mar 2019 01:37:50 +0000 (19:37 -0600)] 
Fix several TODOs of review

6 years agoFormat line width (80) and 4 spaces indentation when needed, remove some TODOs
pcarana [Thu, 21 Mar 2019 00:46:46 +0000 (18:46 -0600)] 
Format line width (80) and 4 spaces indentation when needed, remove some TODOs

-Align definition of constants.
-csv.h and .c: add void param to 'csv_parse_vrps_file'.
-line_file.h: add missing param of 'lfile_close'.
-main.c: comment 'TODO This will be overriden [..]' was for developer, isn't valid since the conf will be loaded from the JSON file.
-notify.h and .c: add void param to 'notify_clients'.
-vrps.c: explain VRP meaning, how session ID is the existent solution to avoid serial desynchronization, and remove bad comment style.

6 years agoPatch two memory leaks and bad rsync
Alberto Leiva Popper [Wed, 20 Mar 2019 23:25:31 +0000 (17:25 -0600)] 
Patch two memory leaks and bad rsync

The 'root' download strategy should not apply to the certificate
pointed by the TAL, because we don't trust that URL at that point
yet.

Fixes #4.

6 years agoAdd NULL check after strdup
pcarana [Wed, 20 Mar 2019 23:22:24 +0000 (17:22 -0600)] 
Add NULL check after strdup

6 years agoStore Clients DB at stack, also fix incorrect line width
pcarana [Wed, 20 Mar 2019 22:59:51 +0000 (16:59 -0600)] 
Store Clients DB at stack, also fix incorrect line width

6 years agoMake listen queue configurable
pcarana [Wed, 20 Mar 2019 18:52:31 +0000 (12:52 -0600)] 
Make listen queue configurable

6 years agoReview, part one
Alberto Leiva Popper [Wed, 20 Mar 2019 02:06:11 +0000 (20:06 -0600)] 
Review, part one

6 years agoRemove some TODOs
pcarana [Tue, 19 Mar 2019 16:07:47 +0000 (10:07 -0600)] 
Remove some TODOs

6 years agoAssign correctly the VRPs when sending a serial notify
pcarana [Tue, 19 Mar 2019 16:07:04 +0000 (10:07 -0600)] 
Assign correctly the VRPs when sending a serial notify

6 years agoPatch small bugs found while documenting
Alberto Leiva Popper [Sat, 16 Mar 2019 03:01:53 +0000 (21:01 -0600)] 
Patch small bugs found while documenting

6 years agoCalculate and get changes between serials.
pcarana [Fri, 15 Mar 2019 15:41:08 +0000 (09:41 -0600)] 
Calculate and get changes between serials.

Use a base serial, the base will always be the last DB update.
Calculate the difference between the latest version and the past, and store it as delta.
Save pointers to deltas, increment last serial number when the update ops are complete.
Avoid to send duplicate announcements/withdrawals.

6 years agoPatch infinite loop introduced in the last commit
Alberto Leiva Popper [Fri, 15 Mar 2019 00:28:18 +0000 (18:28 -0600)] 
Patch infinite loop introduced in the last commit

6 years agoHandle ranges properly during IP comparisons
Alberto Leiva Popper [Fri, 15 Mar 2019 00:23:58 +0000 (18:23 -0600)] 
Handle ranges properly during IP comparisons

Hadn't implemented ranges when I implemented comparisons.
Then I forgot to update the code when I added ranges.

Fixes #3.

6 years agoLeave unit tests out of the build by default
Alberto Leiva Popper [Thu, 14 Mar 2019 16:44:08 +0000 (10:44 -0600)] 
Leave unit tests out of the build by default

For two reasons:

- They need the Check framework, which should not be a dependency
  for everyone.
- Check itself is the only dependency managed by pkg-config, so we
  don't want to force everyone to install that either.

No idea if any of this is good practice. But it's much easier to
explain in the documentation, so there you go.

6 years agoUpdate the README
Alberto Leiva Popper [Thu, 14 Mar 2019 04:49:35 +0000 (22:49 -0600)] 
Update the README

6 years agoSimplify some code
pcarana [Wed, 13 Mar 2019 18:57:45 +0000 (12:57 -0600)] 
Simplify some code

6 years agoShow error code when an error report PDU is received/sent
pcarana [Wed, 13 Mar 2019 18:16:01 +0000 (12:16 -0600)] 
Show error code when an error report PDU is received/sent

6 years agoRename some getters (current session ID and last serial number)
pcarana [Wed, 13 Mar 2019 17:51:41 +0000 (11:51 -0600)] 
Rename some getters (current session ID and last serial number)

6 years agoSupport only RTR v0 (for now)
pcarana [Wed, 13 Mar 2019 17:45:27 +0000 (11:45 -0600)] 
Support only RTR v0 (for now)

6 years agoFix URL shortening during the root strategy
Alberto Leiva Popper [Wed, 13 Mar 2019 00:46:03 +0000 (18:46 -0600)] 
Fix URL shortening during the root strategy

Was completely messing up the RSYNCs.

6 years agoValidate signed object signature
Alberto Leiva Popper [Wed, 13 Mar 2019 00:07:53 +0000 (18:07 -0600)] 
Validate signed object signature

Looks like the chain validation is complete.
It's only missing some profile checks.

6 years agoRemove segfault
pcarana [Mon, 11 Mar 2019 19:12:13 +0000 (13:12 -0600)] 
Remove segfault

6 years agoPrevent integer underflow on sarray_contains()
Alberto Leiva Popper [Mon, 11 Mar 2019 18:35:28 +0000 (12:35 -0600)] 
Prevent integer underflow on sarray_contains()

Was triggering a segfault during testing.

6 years agoUse Error PDUs handling methods and prepare to send other error PDUs
pcarana [Mon, 11 Mar 2019 17:52:36 +0000 (11:52 -0600)] 
Use Error PDUs handling methods and prepare to send other error PDUs

Send Unexpected Protocol Version when needed.
Simplify 'send_error_report_pdu' call.
Remove error codes definitions from 'pdu.h'.
Send Unsupported PDU error when such PDUs arrive to the server.
Try to close socket when a fatal Error PDU is received.
Log errno when there's an error sending a response.

6 years agoCreate custom handling methods for Error PDUs
pcarana [Mon, 11 Mar 2019 17:38:23 +0000 (11:38 -0600)] 
Create custom handling methods for Error PDUs

6 years agoSend only header of erroneous PDU at Error Report PDU
pcarana [Fri, 8 Mar 2019 16:25:11 +0000 (10:25 -0600)] 
Send only header of erroneous PDU at Error Report PDU

6 years agoSet VRPs check interval min value to 60 secs
pcarana [Fri, 8 Mar 2019 15:32:54 +0000 (09:32 -0600)] 
Set VRPs check interval min value to 60 secs

6 years agoRemove unused ttl, the client is related to the socket file descriptor
pcarana [Fri, 8 Mar 2019 15:28:57 +0000 (09:28 -0600)] 
Remove unused ttl, the client is related to the socket file descriptor

6 years agoNotify clients when CSV data is updated
pcarana [Thu, 7 Mar 2019 23:24:57 +0000 (17:24 -0600)] 
Notify clients when CSV data is updated

6 years agoAdd file descriptor to client, and create function to fetch all clients
pcarana [Thu, 7 Mar 2019 23:20:35 +0000 (17:20 -0600)] 
Add file descriptor to client, and create function to fetch all clients

6 years agoReplace unnecessary header
pcarana [Thu, 7 Mar 2019 18:26:52 +0000 (12:26 -0600)] 
Replace unnecessary header

6 years agoRemember connected clients
pcarana [Thu, 7 Mar 2019 01:03:45 +0000 (19:03 -0600)] 
Remember connected clients

Use sockaddr_storage to fetch both IPv4 & 6 socket info.
Fetch the RTR version when the PDU is loaded.
Expose client data for later use (Serial Notify PDU).

6 years agoUse NULL instead of start_serial (is the same thing)
pcarana [Thu, 7 Mar 2019 00:54:41 +0000 (18:54 -0600)] 
Use NULL instead of start_serial (is the same thing)

6 years agoCreate 'state' struct to store instance values/db
pcarana [Thu, 7 Mar 2019 00:52:46 +0000 (18:52 -0600)] 
Create 'state' struct to store instance values/db

6 years agoRefactor configuration types to their own modules
Alberto Leiva Popper [Thu, 7 Mar 2019 00:13:57 +0000 (18:13 -0600)] 
Refactor configuration types to their own modules

Scales a little better, removes clutter from config.c.

6 years agoImplement thisUpdate, nextUpdate and --roa-output-file
Alberto Leiva Popper [Wed, 6 Mar 2019 21:56:41 +0000 (15:56 -0600)] 
Implement thisUpdate, nextUpdate and --roa-output-file

- Implement manifest thisUpdate and nextUpdate validation
- Print dates during manifest date errors
- ROA file output target is now configurable
  (Used to be dumped into stdout, which was annoying because it was
  mixed with the INFO logging)

6 years agoForce cache reset on db update, use millisecs at last update of db file
pcarana [Tue, 5 Mar 2019 21:31:22 +0000 (15:31 -0600)] 
Force cache reset on db update, use millisecs at last update of db file

6 years agoSend correct 'last serial number', remove uninitialized var warning
pcarana [Tue, 5 Mar 2019 21:28:27 +0000 (15:28 -0600)] 
Send correct 'last serial number', remove uninitialized var warning

6 years agoAdd '--output-file-name-format' option
Alberto Leiva Popper [Tue, 5 Mar 2019 16:51:46 +0000 (10:51 -0600)] 
Add '--output-file-name-format' option

Decides which version of the file name should be printed during
most debug and error messages.

Also found myself starting the manpage.

6 years agoReview on issuer/subject names
Alberto Leiva Popper [Tue, 5 Mar 2019 01:12:02 +0000 (19:12 -0600)] 
Review on issuer/subject names

1. Was ignoring name.serialNumber on some validations
2. Was not erroring on unknown name attributes
3. If the name is not unique, also print the file where the collision
   was found
4. Downgrade uniqueness violation to warning. Otherwise some offending
   certificates are traversed, and others aren't

Number 3 also applied to serial numbers. Patched that as well.

Also, print the full global URI of each file name on error. I don't like
being tied to these awkward long names though; might upload a program
argument to tweak this manually tomorrow.

6 years agoCreate daemon and conf to look for VRPs file updates
pcarana [Tue, 5 Mar 2019 00:33:24 +0000 (18:33 -0600)] 
Create daemon and conf to look for VRPs file updates

6 years agoBig fat review of the RSYNC module
Alberto Leiva Popper [Thu, 28 Feb 2019 23:19:48 +0000 (17:19 -0600)] 
Big fat review of the RSYNC module

- The TOML reader now expects correct TOML syntax, according to toml99
- The RSYNC command and its arguments are now configurable
- Instead of an enable-disable RSYNC switch, we now have a
  "synchronization strategy". (Needed to optimize RSYNC operations
  according to user needs.)
- The RSYNC command is now executed via execvp(3) instead of system(3),
  to increase security.

6 years agoSimplify some code
pcarana [Thu, 28 Feb 2019 21:56:02 +0000 (15:56 -0600)] 
Simplify some code

6 years agoImplement Serial Notify PDU (isn't sent yet)
pcarana [Thu, 28 Feb 2019 21:30:55 +0000 (15:30 -0600)] 
Implement Serial Notify PDU (isn't sent yet)

6 years agoAdd session ID per protocol version
pcarana [Thu, 28 Feb 2019 21:06:57 +0000 (15:06 -0600)] 
Add session ID per protocol version

6 years agoUse timestamp as session ID
pcarana [Thu, 28 Feb 2019 19:55:08 +0000 (13:55 -0600)] 
Use timestamp as session ID

6 years agoAdd intervals validation
pcarana [Thu, 28 Feb 2019 15:34:59 +0000 (09:34 -0600)] 
Add intervals validation

6 years agoAvoid possible buffer overflow
pcarana [Thu, 28 Feb 2019 14:42:40 +0000 (08:42 -0600)] 
Avoid possible buffer overflow

6 years agoImplement error report PDU and send when no data is available
pcarana [Thu, 28 Feb 2019 14:33:33 +0000 (08:33 -0600)] 
Implement error report PDU and send when no data is available

6 years agoRelease allocated line-copy
pcarana [Wed, 27 Feb 2019 22:23:04 +0000 (16:23 -0600)] 
Release allocated line-copy

6 years agoEase compilation on OpenBSD
Alberto Leiva Popper [Wed, 27 Feb 2019 17:18:44 +0000 (11:18 -0600)] 
Ease compilation on OpenBSD

Looks like OpenBSD's compiler is about a decade old. GNU11 is not
supported.

Also fix warning on debug disabled.

6 years agoFix comparison between the AKI and SKI extensions
Alberto Leiva Popper [Wed, 27 Feb 2019 16:58:07 +0000 (10:58 -0600)] 
Fix comparison between the AKI and SKI extensions

This happens on self-signed certificates. The code was comparing
the extension data, when the AKI data needed to be further decoded
to validate proper ASN syntax.

6 years agoRename error variable and add warn log on error PDU
pcarana [Tue, 26 Feb 2019 22:46:40 +0000 (16:46 -0600)] 
Rename error variable and add warn log on error PDU

6 years agoImplement serial logic, prepare to calculate diff between serials
pcarana [Tue, 26 Feb 2019 22:45:18 +0000 (16:45 -0600)] 
Implement serial logic, prepare to calculate diff between serials

6 years agoRemove use of s6_addr32
Alberto Leiva Popper [Tue, 26 Feb 2019 21:48:31 +0000 (15:48 -0600)] 
Remove use of s6_addr32

It wasn't portable.

6 years agoAdding execinfo lib validation in configure.ac file for openBSD compatibility
TheRedTrainer [Tue, 26 Feb 2019 15:34:03 +0000 (09:34 -0600)] 
Adding execinfo lib validation in configure.ac file for openBSD compatibility
Adding sys/socket header reference for openBSD compatibility

6 years agoImplement Cache Reset PDU (it has some TODOs to complete PDU exchange)
pcarana [Fri, 22 Feb 2019 15:51:34 +0000 (09:51 -0600)] 
Implement Cache Reset PDU (it has some TODOs to complete PDU exchange)

6 years agoAdd VRP flags to use at IPvx prefix PDU, and update PDU header length
pcarana [Fri, 22 Feb 2019 15:20:18 +0000 (09:20 -0600)] 
Add VRP flags to use at IPvx prefix PDU, and update PDU header length

6 years agoSend VRPs payloads, data buffer is now used from one place
pcarana [Fri, 22 Feb 2019 01:12:39 +0000 (19:12 -0600)] 
Send VRPs payloads, data buffer is now used from one place

6 years agoAdd missing stdlib header
pcarana [Fri, 22 Feb 2019 01:05:49 +0000 (19:05 -0600)] 
Add missing stdlib header

6 years agoAdd IPvx prefix PDU types and serialization, create buffer struct
pcarana [Fri, 22 Feb 2019 01:02:38 +0000 (19:02 -0600)] 
Add IPvx prefix PDU types and serialization, create buffer struct

6 years agoFix IP address serialization, and quick format to header decls
pcarana [Fri, 22 Feb 2019 01:00:05 +0000 (19:00 -0600)] 
Fix IP address serialization, and quick format to header decls

6 years agoMove all the send functions to new 'pdu_sender'
pcarana [Thu, 21 Feb 2019 17:31:47 +0000 (11:31 -0600)] 
Move all the send functions to new 'pdu_sender'

6 years agoFix a couple of bugs, implement Reset Query PDU handler.
pcarana [Wed, 20 Feb 2019 23:54:55 +0000 (17:54 -0600)] 
Fix a couple of bugs, implement Reset Query PDU handler.

Bugs fixed: add stdio.h, send VERDICT_SUCCESS if client_fd >= 0, use correct
pointer when handling PDUs (all at rtr.c).
Handle Reset Query PDU sending Cache Response and End of Data PDUs.
Add RTR version constants (0 and 1) and some PDU types for responses.

6 years agoAdd PDUs serializer and a common buffer writer
pcarana [Wed, 20 Feb 2019 23:33:34 +0000 (17:33 -0600)] 
Add PDUs serializer and a common buffer writer

6 years agoAdd intervals conf for RTRv1 End of Data PDU
pcarana [Wed, 20 Feb 2019 23:14:19 +0000 (17:14 -0600)] 
Add intervals conf for RTRv1 End of Data PDU