From: Julian Reschke Date: Fri, 19 Feb 2021 09:36:57 +0000 (+0100) Subject: Merge branch 'master' into master X-Git-Tag: v1.5.1~31^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F47%2Fhead;p=thirdparty%2FFORT-validator.git Merge branch 'master' into master --- 618c114369b173debe84a29d05824c66d6f5099e diff --cc docs/usage.md index 852eefb3,5da82f5a..c3573a9c --- a/docs/usage.md +++ b/docs/usage.md @@@ -13,61 -13,65 +13,66 @@@ description: Guide to use arguments of 1. [`--help`](#--help) 2. [`--usage`](#--usage) 3. [`--version`](#--version) - 4. [`--tal`](#--tal) - 5. [`--local-repository`](#--local-repository) - 6. [`--work-offline`](#--work-offline) - 7. [`--shuffle-uris`](#--shuffle-uris) - 8. [`--maximum-certificate-depth`](#--maximum-certificate-depth) - 9. [`--mode`](#--mode) - 10. [`--server.address`](#--serveraddress) - 11. [`--server.port`](#--serverport) - 12. [`--server.backlog`](#--serverbacklog) - 13. [`--server.interval.validation`](#--serverintervalvalidation) - 14. [`--server.interval.refresh`](#--serverintervalrefresh) - 15. [`--server.interval.retry`](#--serverintervalretry) - 16. [`--server.interval.expire`](#--serverintervalexpire) - 17. [`--slurm`](#--slurm) - 18. [`--log.enabled`](#--logenabled) - 19. [`--log.level`](#--loglevel) - 20. [`--log.output`](#--logoutput) - 21. [`--log.color-output`](#--logcolor-output) - 22. [`--log.file-name-format`](#--logfile-name-format) - 23. [`--log.facility`](#--logfacility) - 24. [`--log.tag`](#--logtag) - 25. [`--validation-log.enabled`](#--validation-logenabled) - 26. [`--validation-log.level`](#--validation-loglevel) - 27. [`--validation-log.output`](#--validation-logoutput) - 28. [`--validation-log.color-output`](#--validation-logcolor-output) - 29. [`--validation-log.file-name-format`](#--validation-logfile-name-format) - 30. [`--validation-log.facility`](#--validation-logfacility) - 31. [`--validation-log.tag`](#--validation-logtag) - 32. [`--http.enabled`](#--httpenabled) - 33. [`--http.priority`](#--httppriority) - 34. [`--http.retry.count`](#--httpretrycount) - 35. [`--http.retry.interval`](#--httpretryinterval) - 36. [`--http.user-agent`](#--httpuser-agent) - 37. [`--http.connect-timeout`](#--httpconnect-timeout) - 38. [`--http.transfer-timeout`](#--httptransfer-timeout) - 39. [`--http.idle-timeout`](#--httpidle-timeout) - 40. [`--http.ca-path`](#--httpca-path) - 41. [`--output.roa`](#--outputroa) - 42. [`--output.bgpsec`](#--outputbgpsec) - 43. [`--output.format`](#--outputformat) - 44. [`--asn1-decode-max-stack`](#--asn1-decode-max-stack) - 45. [`--stale-repository-period`](#--stale-repository-period) - 46. [`--configuration-file`](#--configuration-file) - 47. [`--rsync.enabled`](#--rsyncenabled) - 48. [`--rsync.priority`](#--rsyncpriority) - 49. [`--rsync.strategy`](#--rsyncstrategy) + 4. [`--init-tals`](#--init-tals) + 5. [`--tal`](#--tal) + 6. [`--local-repository`](#--local-repository) + 7. [`--work-offline`](#--work-offline) + 8. [`--daemon`](#--daemon) + 9. [`--shuffle-uris`](#--shuffle-uris) + 10. [`--maximum-certificate-depth`](#--maximum-certificate-depth) + 11. [`--mode`](#--mode) + 12. [`--server.address`](#--serveraddress) + 13. [`--server.port`](#--serverport) + 14. [`--server.backlog`](#--serverbacklog) + 15. [`--server.interval.validation`](#--serverintervalvalidation) + 16. [`--server.interval.refresh`](#--serverintervalrefresh) + 17. [`--server.interval.retry`](#--serverintervalretry) + 18. [`--server.interval.expire`](#--serverintervalexpire) + 19. [`--slurm`](#--slurm) + 20. [`--log.enabled`](#--logenabled) + 21. [`--log.level`](#--loglevel) + 22. [`--log.output`](#--logoutput) + 23. [`--log.color-output`](#--logcolor-output) + 24. [`--log.file-name-format`](#--logfile-name-format) + 25. [`--log.facility`](#--logfacility) + 26. [`--log.tag`](#--logtag) + 27. [`--validation-log.enabled`](#--validation-logenabled) + 28. [`--validation-log.level`](#--validation-loglevel) + 29. [`--validation-log.output`](#--validation-logoutput) + 30. [`--validation-log.color-output`](#--validation-logcolor-output) + 31. [`--validation-log.file-name-format`](#--validation-logfile-name-format) + 32. [`--validation-log.facility`](#--validation-logfacility) + 33. [`--validation-log.tag`](#--validation-logtag) + 34. [`--http.enabled`](#--httpenabled) + 35. [`--http.priority`](#--httppriority) + 36. [`--http.retry.count`](#--httpretrycount) + 37. [`--http.retry.interval`](#--httpretryinterval) + 38. [`--http.user-agent`](#--httpuser-agent) + 39. [`--http.connect-timeout`](#--httpconnect-timeout) + 40. [`--http.transfer-timeout`](#--httptransfer-timeout) + 41. [`--http.idle-timeout`](#--httpidle-timeout) + 42. [`--http.ca-path`](#--httpca-path) + 43. [`--output.roa`](#--outputroa) + 44. [`--output.bgpsec`](#--outputbgpsec) - 45. [`--asn1-decode-max-stack`](#--asn1-decode-max-stack) - 46. [`--stale-repository-period`](#--stale-repository-period) - 47. [`--thread-pool.server.max`](#--thread-poolservermax) - 48. [`--thread-pool.validation.max`](#--thread-poolvalidationmax) - 49. [`--rsync.enabled`](#--rsyncenabled) - 50. [`--rsync.priority`](#--rsyncpriority) - 51. [`--rsync.strategy`](#--rsyncstrategy) ++ 45. [`--output.format`](#--outputformat) ++ 46. [`--asn1-decode-max-stack`](#--asn1-decode-max-stack) ++ 47. [`--stale-repository-period`](#--stale-repository-period) ++ 48. [`--thread-pool.server.max`](#--thread-poolservermax) ++ 49. [`--thread-pool.validation.max`](#--thread-poolvalidationmax) ++ 50. [`--rsync.enabled`](#--rsyncenabled) ++ 51. [`--rsync.priority`](#--rsyncpriority) ++ 52. [`--rsync.strategy`](#--rsyncstrategy) 1. [`strict`](#strict) 2. [`root`](#root) 3. [`root-except-ta`](#root-except-ta) - 50. [`--rsync.retry.count`](#--rsyncretrycount) - 51. [`--rsync.retry.interval`](#--rsyncretryinterval) - 52. [`rsync.program`](#rsyncprogram) - 53. [`rsync.arguments-recursive`](#rsyncarguments-recursive) - 54. [`rsync.arguments-flat`](#rsyncarguments-flat) - 55. [`incidences`](#incidences) - 52. [`--rsync.retry.count`](#--rsyncretrycount) - 53. [`--rsync.retry.interval`](#--rsyncretryinterval) - 54. [`--configuration-file`](#--configuration-file) - 55. [`rsync.program`](#rsyncprogram) - 56. [`rsync.arguments-recursive`](#rsyncarguments-recursive) - 57. [`rsync.arguments-flat`](#rsyncarguments-flat) - 58. [`incidences`](#incidences) - 59. [`init-locations`](#init-locations) ++ 53. [`--rsync.retry.count`](#--rsyncretrycount) ++ 54. [`--rsync.retry.interval`](#--rsyncretryinterval) ++ 55. [`--configuration-file`](#--configuration-file) ++ 56. [`rsync.program`](#rsyncprogram) ++ 57. [`rsync.arguments-recursive`](#rsyncarguments-recursive) ++ 58. [`rsync.arguments-flat`](#rsyncarguments-flat) ++ 59. [`incidences`](#incidences) ++ 60. [`init-locations`](#init-locations) 3. [Deprecated arguments](#deprecated-arguments) 1. [`--sync-strategy`](#--sync-strategy) 2. [`--rrdp.enabled`](#--rrdpenabled) @@@ -134,7 -140,8 +141,9 @@@ [--http.ca-path=] [--output.roa=] [--output.bgpsec=] + [--output.format=csv|json] + [--thread-pool.server.max=] + [--thread-pool.validation.max=] ``` If an argument is declared more than once, the last one takes precedence: @@@ -906,10 -1022,18 +1066,19 @@@ The configuration options are mostly th "output": { "roa": "/tmp/fort/roas.csv", - "bgpsec": "/tmp/fort/bgpsec.csv" + "bgpsec": "/tmp/fort/bgpsec.csv", + "format": "csv" }, + "thread-pool": { + "server": { + "max": 20 + }, + "validation": { + "max": 5 + } + }, + "asn1-decode-max-stack": 4096, "stale-repository-period": 43200 } diff --cc examples/config.json index a3276bbe,9c6cc432..6c10c322 --- a/examples/config.json +++ b/examples/config.json @@@ -102,9 -105,16 +105,17 @@@ ], "output": { "roa": "/tmp/fort/roas.csv", - "bgpsec": "/tmp/fort/bgpsec.csv" + "bgpsec": "/tmp/fort/bgpsec.csv", + "format": "csv" }, + "thread-pool": { + "server": { + "max": 20 + }, + "validation": { + "max": 5 + } + }, "asn1-decode-max-stack": 4096, "stale-repository-period": 43200 } diff --cc man/fort.8 index b7841bd8,d4cef942..84490139 --- a/man/fort.8 +++ b/man/fort.8 @@@ -1072,19 -1118,46 +1163,57 @@@ array of "router-keys"; ie In order to print the Router Keys at console, use a hyphen as the \fIFILE\fR value, eg. .B \-\-output.bgpsec=- +.P +By default, it has no value set. .RE +.P + +.B \-\-output.format=\fIcsv\fR|\fIjson\fR +.RS 4 +Output format for \fI--output.roa\fR and \fI--output.bgpsec\fR. +.P +By default, it has a value of \fIcsv\fR. +.RE +.P + .B \-\-thread-pool.server.max=\fIUNSIGNED_INTEGER\fR + .RS 4 + Maximum number of threads that will be spawned at an internal thread pool to + attend incoming RTR clients (i.e. routers). + .P + The thread pool assigns one thread per RTR client, so a maximum of + \fI--thread-pool.server.max\fR clients will be attended simultaneously. If the + max limit is reached, any incoming client will be rejected: an RTR error PDU + will be sent to the client and the connection will be closed by the server. + .P + Once the client or the server terminates the session, the corresponding thread + will be returned to the pool so that it can be used again by any other incoming + client. + .P + By default, it has a value of \fI20\fR. Minimum allowed value: \fI1\fR, + maximum allowed value \fI500\fR. + .RE + + .B \-\-thread-pool.validation.max=\fIUNSIGNED_INTEGER\fR + .RS 4 + Maximum number of threads that will be spawned at an internal thread pool in + order to run validation cycles. + .P + When a validation cycle begins, one thread per configured TAL is utilized; once + the whole RPKI tree of the TAL is validated, the thread is returned to the pool. + .P + If there are more TALs at \fI--tal\fR than \fI--thread-pool.validation.max\fR + threads at the pool, is very likely that the validation cycles take a bit more + of time to complete since only \fI--thread-pool.validation.max\fR threads will + be working at the same time. E.g. if \fI--thread-pool.validation.max=2\fR and + the location at \fI--tal\fR has 4 TAL files, only 2 TALs will be validated + simultaneously while the rest waits in a queue until there's an available thread + at the pool to attend them. + .P + By default, it has a value of \fI5\fR. Minimum allowed value: \fI1\fR, + maximum allowed value \fI100\fR. + .RE + .B \-\-asn1-decode-max-stack=\fIUNSIGNED_INTEGER\fR .RS 4 ASN1 decoder max allowed stack size in bytes, utilized to avoid a stack @@@ -1277,9 -1360,16 +1416,17 @@@ to a specific value ], "output": { "roa": "/tmp/fort/roas.csv", - "bgpsec": "/tmp/fort/bgpsec.csv" + "bgpsec": "/tmp/fort/bgpsec.csv", + "format": "csv" }, + "thread-pool": { + "server": { + "max": 20 + }, + "validation": { + "max": 5 + } + }, "asn1-decode-max-stack": 4096, "stale-repository-period": 43200 } diff --cc src/Makefile.am index 86a8a15a,e0416931..73b980b1 --- a/src/Makefile.am +++ b/src/Makefile.am @@@ -47,7 -50,7 +50,8 @@@ fort_SOURCES += config/filename_format. fort_SOURCES += config/log_conf.h config/log_conf.c fort_SOURCES += config/mode.c config/mode.h fort_SOURCES += config/incidences.h config/incidences.c +fort_SOURCES += config/output_format.h config/output_format.c + fort_SOURCES += config/init_tals.h config/init_tals.c fort_SOURCES += config/rrdp_conf.h config/rrdp_conf.c fort_SOURCES += config/rsync_strategy.h config/rsync_strategy.c fort_SOURCES += config/str.c config/str.h diff --cc src/config.h index 680109c9,ab8b3742..0994515e --- a/src/config.h +++ b/src/config.h @@@ -50,9 -49,10 +50,11 @@@ unsigned int config_get_http_retry_coun unsigned int config_get_http_retry_interval(void); char const *config_get_output_roa(void); char const *config_get_output_bgpsec(void); +enum output_format config_get_output_format(void); unsigned int config_get_asn1_decode_max_stack(void); unsigned int config_get_stale_repository_period(void); + unsigned int config_get_thread_pool_server_max(void); + unsigned int config_get_thread_pool_validation_max(void); /* Logging getters */ bool config_get_op_log_enabled(void);