Returns false and aborts the data addition if there is no change in the delta.
Use this to shortcut applyUpdateFromNewState() which prevents sending out
notifications for empty deltas.
The AFI was removed from the ASPA profile so don't expect it anymore.
Now RTR is still using an old idea of ASPA profile so there just
duplicate the object once for IPv4 and once for IPv6. At some points
SIDROPS may finally fix this but for now this allows to export ASPA
objects that follow the rpki-client JSON (which no longer has the
AFI in the ASPA table).
This in an attempt quell CPU usage, since PCCW is having issues when
their {N} number of routers all start RTR sessions at the same time.
A `perf` of the system suggests all of the CPU is going to sending
TCP traffic, and since golang enables NO_DELAY (infamously?) by
default, this is a good smoking gun, since this would imply that
stayrtr is sending 1 TCP packet per RTR PDU, something that would
indeed cause a lot of CPU usage in aggergate!
This was intro'd in 6e4c533e8a
Since I did not expect the sending PDU channel to be _slightly_
slower than just yeeting the socket closed instantly.
Regardless, TCP disconnection now happens when the sendloop is dead,
that should allow for Error PDUs etc to be sent out before
Tag: https://github.com/bgp/stayrtr/issues/90
This imports and exports BGPsec router key data, and exports router
key data out over RTR to supporting clients (any version higher than 1)
Since it's obvious that at some point there will be clients that will
have issues seeing a RouterKey PDU for the first time ever, I've
included a -disable.bgpsec flag to prevent them from being sent.
That way if someone is caught off guard during an upgrade, they can
disable it and keep upgrading.
Tag: https://github.com/bgp/stayrtr/issues/57
This allows the previous commit to be fully effecitve.
Since some tests showed potential for a nasty set of pointer
edge cases to appear, I will be running rtrmon between this and
a known "okay" version for a few hours to confirm I have not broken
anything.
This does a bunch of work (and it's not fully done, since VRP needs
to be converted into *VRP across the codebase to ensure that SetFlag()
works) to let what was the VRPManager diffing/dispatch system support
things that are not VRPs. We need to do this since we are looking
to support BGPsec Router Keys and ASPA objects soon. And a previous
attempt to write such support resulted in a unaccptable amount of
duplicate code.
Doing it this way will also make it a lot easier to extend StayRTR
to support whatever is after ASPA.
Previously StayRTR would copy the client's Session ID back into the Cache
Response send to the router, even though the cache's internal Session ID
was something different.
The purpose of the Session ID is to help both router and cache understand
whether they are synchronized or not. There are two opportunities to fix
desyncs: if the cache recognises the router is desynced, the cache informs
the router (through an Error Report) to reconnect and send a Reset Query.
If the router recognises it is out of sync with the cache, the router can
send a Reset Query.
According to RFC 8210 section 5.1 the cache should send "Corrupt Data" when
a router sends a Serial Query with an unknown Session ID:
```
Session ID: A 16-bit unsigned integer. When a cache server is
started, it generates a Session ID to identify the instance of the
cache and to bind it to the sequence of Serial Numbers that cache
instance will generate. This allows the router to restart a
failed session knowing that the Serial Number it is using is
commensurate with that of the cache. If, at any time after the
protocol version has been negotiated (Section 7), either the
router or the cache finds that the value of the Session ID is not
the same as the other's, the party which detects the mismatch MUST
immediately terminate the session with an Error Report PDU with
code 0 ("Corrupt Data"), and the router MUST flush all data
learned from that cache.
```
Reformat with gofmt from Ties
First, VRPs that have expiry times are now checked, and they are
filtered out at import time.
Second, If a VRP JSON file is too old, and the "current state"
(in the case of a update) is too old, the state will empty to avoid
routing on old data.
Third, Every time a refresh cycle now happens, the file is reprocessed
to check for expiry, if the resulting VRPs from that procesing changes
then a new update+serial is pushed
Tag: https://github.com/bgp/stayrtr/issues/15
vrplock needs to be unlocked before AddVRPsDiff() because AddVRPsDiff needs a full lock.
I added some debug logging found this deadlock
INFO[0000] new cache file: Updating sha256 hash -> da753c7804d6f386bf303fed6931853eaaca0771ba160ef7fdbebb17e899d78b
INFO[0001] New update (306189 uniques, 306189 total prefixes).
INFO[0001] RLocking vrplock in AddVRPs
INFO[0002] RLocking vrplock in AddVRPsDiff
INFO[0002] RUnlocked vrplock in AddVRPsDiff
INFO[0002] Locking vrplock in AddVRPsDiff
...
Validators (such as rpki-client) ingest ROAs and emit Validated ROA Payloads (VRPs).
RTR servers exclusively deal with ingesting VRPs and emitting VRPs via RTR.
In rtrlib.Decode():
* Now check the message length is not greater than a hardcoded limit
(2048) to prevent unbounded memory allocations
* Fix a few unchecked slice accesses that could result in crashes with the
right payload in the PDU_ID_ERROR_REPORT case.
* Raised in #65, if the server does not have enough sockets, Accept returns error
* Due to a bug, it was causing `invalid memory address or nil pointer dereference` if no other limit was specified
* Issue was triggered around 1024 concurrent sessions on out of box Linux (check `ulimit -a | grep "open files"`)
Ties de Kock
Claudio Jeker
Job Snijders
Jeremiah Millay
Ben Cartwright-Cox
Ben Castricum
Darren O'Connor
Job Snijders
Mathilde Gilles
John Bampton
Louis
lspgn