pcarana [Wed, 27 Mar 2019 17:41:34 +0000 (11:41 -0600)]
Remove some memleaks reported by Valgrind
-Make threads joinable and implement a destroy function used by the main thread (here all the threads are joined).
-Start the updates_daemon until the server socket is correctly binded.
-Valgrind reports some leaks on abnormal termination, so these will be handled later.
After discussing it further still, we decided to add another
synchronization strategy, which behaves as requested in the issue.
The new strategy is `root-except-ta`. As its name implies, it
behaves as `root` mode, except for the root certificate, which is
synchronized in `strict` mode.
This way we get the best of both worlds: If the root certificate
is known to reside in the same repository as everything else, the
user can choose `root` and synchronize as fast as possible.
On the other hand, if the user does not want to download the entire
repository until the root certificate has been validated, they can
choose `root-except-ta`.
pcarana [Fri, 22 Mar 2019 16:08:42 +0000 (10:08 -0600)]
Remove some TODOs and add some fixes.
-Deltas creation is responsibility of vrps.c, so remove it from csv.c
-Remove unnecessary storage from heap (vrp structs, base DB an delta DB) and avoid some mem leaks.
-Change 'delta_resume' to 'delta_summary'.
-Handle error codes that were ignored.
pcarana [Thu, 21 Mar 2019 00:46:46 +0000 (18:46 -0600)]
Format line width (80) and 4 spaces indentation when needed, remove some TODOs
-Align definition of constants.
-csv.h and .c: add void param to 'csv_parse_vrps_file'.
-line_file.h: add missing param of 'lfile_close'.
-main.c: comment 'TODO This will be overriden [..]' was for developer, isn't valid since the conf will be loaded from the JSON file.
-notify.h and .c: add void param to 'notify_clients'.
-vrps.c: explain VRP meaning, how session ID is the existent solution to avoid serial desynchronization, and remove bad comment style.
pcarana [Fri, 15 Mar 2019 15:41:08 +0000 (09:41 -0600)]
Calculate and get changes between serials.
Use a base serial, the base will always be the last DB update.
Calculate the difference between the latest version and the past, and store it as delta.
Save pointers to deltas, increment last serial number when the update ops are complete.
Avoid to send duplicate announcements/withdrawals.
- They need the Check framework, which should not be a dependency
for everyone.
- Check itself is the only dependency managed by pkg-config, so we
don't want to force everyone to install that either.
No idea if any of this is good practice. But it's much easier to
explain in the documentation, so there you go.
pcarana [Mon, 11 Mar 2019 17:52:36 +0000 (11:52 -0600)]
Use Error PDUs handling methods and prepare to send other error PDUs
Send Unexpected Protocol Version when needed.
Simplify 'send_error_report_pdu' call.
Remove error codes definitions from 'pdu.h'.
Send Unsupported PDU error when such PDUs arrive to the server.
Try to close socket when a fatal Error PDU is received.
Log errno when there's an error sending a response.
pcarana [Thu, 7 Mar 2019 01:03:45 +0000 (19:03 -0600)]
Remember connected clients
Use sockaddr_storage to fetch both IPv4 & 6 socket info.
Fetch the RTR version when the PDU is loaded.
Expose client data for later use (Serial Notify PDU).
Implement thisUpdate, nextUpdate and --roa-output-file
- Implement manifest thisUpdate and nextUpdate validation
- Print dates during manifest date errors
- ROA file output target is now configurable
(Used to be dumped into stdout, which was annoying because it was
mixed with the INFO logging)
1. Was ignoring name.serialNumber on some validations
2. Was not erroring on unknown name attributes
3. If the name is not unique, also print the file where the collision
was found
4. Downgrade uniqueness violation to warning. Otherwise some offending
certificates are traversed, and others aren't
Number 3 also applied to serial numbers. Patched that as well.
Also, print the full global URI of each file name on error. I don't like
being tied to these awkward long names though; might upload a program
argument to tweak this manually tomorrow.
- The TOML reader now expects correct TOML syntax, according to toml99
- The RSYNC command and its arguments are now configurable
- Instead of an enable-disable RSYNC switch, we now have a
"synchronization strategy". (Needed to optimize RSYNC operations
according to user needs.)
- The RSYNC command is now executed via execvp(3) instead of system(3),
to increase security.
This happens on self-signed certificates. The code was comparing
the extension data, when the AKI data needed to be further decoded
to validate proper ASN syntax.
pcarana [Wed, 20 Feb 2019 23:54:55 +0000 (17:54 -0600)]
Fix a couple of bugs, implement Reset Query PDU handler.
Bugs fixed: add stdio.h, send VERDICT_SUCCESS if client_fd >= 0, use correct
pointer when handling PDUs (all at rtr.c).
Handle Reset Query PDU sending Cache Response and End of Data PDUs.
Add RTR version constants (0 and 1) and some PDU types for responses.
"This EE certificate MUST describe its Internet Number Resources
using the "inherit" attribute, rather than explicit description of
a resource set; see [RFC3779]."
- Integrate the string data type to the configuration framework properly
(They are no longer being handled as an exception)
- Integrate the print and free operations to the the framework
(The rpki_config object is no longer printed and freed manually)
- Add short option support (eg. `-t` instead of `--tal`)
- Add --help, --version and --usage handlers
- Add a bunch of in-code documentation to most configuration fields
projects / thirdparty / FORT-validator.git / log
