From 425e0f4037b4543fe8044ac96ca71d6d02d7d8c5 Mon Sep 17 00:00:00 2001 From: Alberto Leiva Popper Date: Tue, 19 Oct 2021 14:47:01 -0500 Subject: [PATCH] Protocolary updates for release 1.5.2 --- docs/_config.yml | 2 +- docs/intro-fort.md | 2 +- docs/usage.md | 28 +--------------------------- man/fort.8 | 12 +++++++++++- src/object/certificate.c | 1 + 5 files changed, 15 insertions(+), 30 deletions(-) diff --git a/docs/_config.yml b/docs/_config.yml index 0730e67c..7803c0ed 100644 --- a/docs/_config.yml +++ b/docs/_config.yml @@ -8,7 +8,7 @@ defaults: layout: "default" image: "/img/logo_validador_og.png" -fort-latest-version: 1.5.1 +fort-latest-version: 1.5.2 plugins: - jekyll-seo-tag - jekyll-sitemap diff --git a/docs/intro-fort.md b/docs/intro-fort.md index aed6a3e5..ccc4735b 100644 --- a/docs/intro-fort.md +++ b/docs/intro-fort.md @@ -32,7 +32,7 @@ Further information can be found in the subsections below. | [7318](https://tools.ietf.org/html/rfc7318) (Policy Qualifiers) | 100% | | [7935](https://tools.ietf.org/html/rfc7935) (RPKI algorithms) | 100% | | [8182](https://tools.ietf.org/html/rfc8182) (RRDP) | 100% | -| [8209](https://tools.ietf.org/html/rfc8209) (BGPSec Certificates) | 100% | +| [8209](https://tools.ietf.org/html/rfc8209) (BGPSec Certificates) | 0% (This code was [disabled](https://github.com/NICMx/FORT-validator/issues/58#issuecomment-941977925) in version 1.5.2) | | [8210](https://tools.ietf.org/html/rfc8210) (RTR Version 1) | 100% | | [8360](https://tools.ietf.org/html/rfc8360) (Validation Reconsidered) | 100% | | [8416](https://tools.ietf.org/html/rfc8416) (SLURM) | 100% | diff --git a/docs/usage.md b/docs/usage.md index 6db5e276..74c5a2ce 100644 --- a/docs/usage.md +++ b/docs/usage.md @@ -762,18 +762,6 @@ The value specified is utilized in libcurl's option [CURLOPT_CAPATH](https://cur - **Type:** String (Path to file) - **Availability:** `argv` and JSON -> Note: The paragraphs below apply to [Fort 1.5.0](https://github.com/NICMx/FORT-validator/releases/tag/v1.5.0). - -File where the ROAs (found during each validation run) will be stored (in CSV format). - -If the file already exists, it will be overwritten. If it doesn't exist, it will be created. To print to standard output, use a hyphen (`-`). If the RTR server is [enabled](#--mode), then the ROAs will be printed every [`--server.interval.validation`](#--serverintervalvalidation) seconds. - -Each line of the result is printed in the following order: _AS, Prefix, Max prefix length_. The first line contains the column names. - -If `--output.roa` is omitted, the ROAs are not printed. - -> Note: The paragraphs below apply to [Fort master](https://github.com/NICMx/FORT-validator). - File where the ROAs (found during each validation run) will be stored. See [`--output.format`](#--outputformat). If the file already exists, it will be overwritten. If it doesn't exist, it will be created. To print to standard output, use a hyphen (`-`). If the RTR server is [enabled](#--mode), then the ROAs will be printed every [`--server.interval.validation`](#--serverintervalvalidation) secs. @@ -806,19 +794,7 @@ If `--output.roa` is omitted, the ROAs are not printed. - **Type:** String (Path to file) - **Availability:** `argv` and JSON -> Note: The paragraphs below apply to [Fort 1.5.0](https://github.com/NICMx/FORT-validator/releases/tag/v1.5.0). - -File where the BGPsec Router Keys (found during each validation run) will be stored (in CSV format). - -Since most of the data (Subject Key Identifier and Subject Public Key Info) is binary, it is base64url-encoded, without trailing pads. - -If the file already exists, it will be overwritten. If it doesn't exist, it will be created. To print to standard output console, use a hyphen (`-`). If the RTR server is [enabled](#--mode), the BGPsec Router Keys will be printed every [`--server.interval.validation`](#--serverintervalvalidation) seconds. - -Each line of the result is printed in the following order: _AS, Subject Key Identifier, Subject Public Key Info_. The first line contains the column names. - -If `--output.bgpsec` is ommited, then the BGPsec Router Keys are not printed. - -> Note: The paragraphs below apply to [Fort master](https://github.com/NICMx/FORT-validator). +> ![Warning!](img/warn.svg) BGPsec certificate validation has been disabled in version 1.5.2 because of [this bug](https://github.com/NICMx/FORT-validator/issues/58). It will be restored in version 1.5.3. File where the BGPsec Router Keys (found during each validation run) will be stored. See [`--output.format`](#--outputformat). @@ -855,8 +831,6 @@ If `--output.bgpsec` is ommited, then the BGPsec Router Keys are not printed. - **Availability:** `argv` and JSON - **Default:** `csv` -> Note: This flag only exists in [Fort master](https://github.com/NICMx/FORT-validator). - Output format for [`--output.roa`](#--outputroa) and [`--output.bgpsec`](#--outputbgpsec). ### `--asn1-decode-max-stack` diff --git a/man/fort.8 b/man/fort.8 index aa2636dc..b14e792f 100644 --- a/man/fort.8 +++ b/man/fort.8 @@ -1,4 +1,4 @@ -.TH fort 8 "2021-08-05" "v1.5.1" "FORT validator" +.TH fort 8 "2021-10-19" "v1.5.2" "FORT validator" .SH NAME fort \- RPKI validator and RTR server @@ -488,6 +488,16 @@ maximum allowed value \fI172800\fR. It must be larger than .RE .P +.B \-\-server.deltas.lifetime=\fIUNSIGNED_INTEGER\fR +.RS 4 +When routers first connect to Fort, they request a snapshot of the validation results. (ROAs and Router Keys.) Because they need to keep their validated objects updated, and snapshots tend to be relatively large amounts of information, they request deltas afterwards over configurable intervals. ("Deltas" being the differences between snapshots.) +.P +During each validation cycle, Fort generates a new snapshot, as well as the deltas needed to build the new snapshot from the previous one. These are all stored in RAM. \fI--server.deltas.lifetime\fR is the number of iterations a set of deltas will be kept before being deallocated. (Recall that every iteration lasts \fI--server.interval.validation\fR seconds, plus however long the validation takes.) +.P +If a router lags behind, to the point Fort has already deleted the deltas it needs to update the router’s snapshot, Fort will have to fall back to fetch the entire latest snapshot instead. +.RE +.P + .B \-\-log.enabled=\fItrue\fR|\fIfalse\fR .RS 4 Enables the operation logs. diff --git a/src/object/certificate.c b/src/object/certificate.c index ca52f7a5..57d3022a 100644 --- a/src/object/certificate.c +++ b/src/object/certificate.c @@ -1853,6 +1853,7 @@ get_certificate_type(X509 *cert, bool is_ta, enum cert_type *result) return 0; } + *result = EE; /* Shuts up nonsense gcc 8.3 warning */ return pr_val_err("Certificate is not TA, CA nor BGPsec. Ignoring..."); } -- 2.47.3