From: Alberto Leiva Popper Date: Mon, 4 Mar 2024 01:49:59 +0000 (-0600) Subject: Add delta threshold configuration option X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=92dc4a0df8225c3b3baa852caf82f3480ec009b8;p=thirdparty%2FFORT-validator.git Add delta threshold configuration option This was in the tweakables wishlist. Previously hardcoded as 64. It had to skip the line because it's needed by the upcoming session desync commit. --- diff --git a/man/fort.8 b/man/fort.8 index bac02f98..0eed73e3 100644 --- a/man/fort.8 +++ b/man/fort.8 @@ -862,6 +862,15 @@ By default, the path has a NULL value. .RE .P +.B \-\-rrdp.delta-threshold=\fIUNSIGNED_INTEGER\fR +.RS 4 +Maximum deltas to explode per RRDP session, per iteration. +.P +(If the RRDP notification lists more than this amount of unprocessed deltas, +Fort will reset the session, exploding the snapshot instead.) +.RE +.P + .B \-\-rsync.enabled=\fItrue\fR|\fIfalse\fR .RS 4 Enables RSYNC requests. diff --git a/src/config.c b/src/config.c index de54d908..f2203c97 100644 --- a/src/config.c +++ b/src/config.c @@ -127,6 +127,17 @@ struct rpki_config { char *ca_path; } http; + struct { + /* + * Maximum deltas to explode per RRDP session, per iteration. + * + * (If the RRDP notification lists more than this amount of + * unprocessed deltas, Fort will reset the session, exploding + * the snapshot instead.) + */ + unsigned int delta_threshold; + } rrdp; + struct { /** Enables operation logs **/ bool enabled; @@ -582,6 +593,18 @@ static const struct option_field options[] = { .json_null_allowed = false, }, + /* RRDP */ + { + .id = 10000, + .name = "rrdp.delta-threshold", + .type = >_uint, + .offset = offsetof(struct rpki_config, rrdp.delta_threshold), + .doc = "Maximum deltas to explode per RRDP session, per iteration. " + "(Fall back to snapshot if threshold exceeded.)", + .min = 1, + .max = 128, + }, + /* Logging fields */ { .id = 4000, @@ -950,6 +973,9 @@ set_default_values(void) rpki_config.http.max_file_size = 1000000000; rpki_config.http.ca_path = NULL; /* Use system default */ + /* TODO (fine) 64 may be too much; optimize it. */ + rpki_config.rrdp.delta_threshold = 64; + rpki_config.log.enabled = true; rpki_config.log.tag = NULL; rpki_config.log.color = false; @@ -1423,6 +1449,12 @@ config_get_http_ca_path(void) return rpki_config.http.ca_path; } +unsigned int +config_get_rrdp_delta_threshold(void) +{ + return rpki_config.rrdp.delta_threshold; +} + char const * config_get_output_roa(void) { diff --git a/src/config.h b/src/config.h index 8f973814..09e68f5f 100644 --- a/src/config.h +++ b/src/config.h @@ -40,6 +40,7 @@ long config_get_http_low_speed_limit(void); long config_get_http_low_speed_time(void); long config_get_http_max_file_size(void); char const *config_get_http_ca_path(void); +unsigned int config_get_rrdp_delta_threshold(void); bool config_get_rsync_enabled(void); unsigned int config_get_rsync_priority(void); unsigned int config_get_rsync_retry_count(void); diff --git a/src/rrdp.c b/src/rrdp.c index 6f60a9ed..d0a306af 100644 --- a/src/rrdp.c +++ b/src/rrdp.c @@ -6,6 +6,7 @@ #include "alloc.h" #include "common.h" +#include "config.h" #include "file.h" #include "log.h" #include "thread_var.h" @@ -893,8 +894,7 @@ handle_deltas(struct update_notification *notif, struct rrdp_serial *serial) } diff = BN_get_word(diff_bn); BN_free(diff_bn); - /* TODO (fine) 64 may be too much; optimize it. */ - if (diff > 64ul || diff > notif->deltas.len) + if (diff > config_get_rrdp_delta_threshold() || diff > notif->deltas.len) return pr_val_err("Cached RPP is too old. (Cached serial: %s; current serial: %s)", serial->str, notif->session.serial.str); diff --git a/test/rrdp_test.c b/test/rrdp_test.c index cf67f788..ba6385ec 100644 --- a/test/rrdp_test.c +++ b/test/rrdp_test.c @@ -39,6 +39,7 @@ MOCK_ABORT_PTR(validation_cache, rpki_cache, struct validation *state) MOCK(state_retrieve, struct validation *, NULL, void) MOCK(validation_tal, struct tal *, NULL, struct validation *state) MOCK(tal_get_file_name, char const *, "", struct tal *tal) +MOCK_UINT(config_get_rrdp_delta_threshold, 64, void) /* Mocks end */