This does a bunch of work (and it's not fully done, since VRP needs
to be converted into *VRP across the codebase to ensure that SetFlag()
works) to let what was the VRPManager diffing/dispatch system support
things that are not VRPs. We need to do this since we are looking
to support BGPsec Router Keys and ASPA objects soon. And a previous
attempt to write such support resulted in a unaccptable amount of
duplicate code.
Doing it this way will also make it a lot easier to extend StayRTR
to support whatever is after ASPA.
Previously StayRTR would copy the client's Session ID back into the Cache
Response send to the router, even though the cache's internal Session ID
was something different.
The purpose of the Session ID is to help both router and cache understand
whether they are synchronized or not. There are two opportunities to fix
desyncs: if the cache recognises the router is desynced, the cache informs
the router (through an Error Report) to reconnect and send a Reset Query.
If the router recognises it is out of sync with the cache, the router can
send a Reset Query.
According to RFC 8210 section 5.1 the cache should send "Corrupt Data" when
a router sends a Serial Query with an unknown Session ID:
```
Session ID: A 16-bit unsigned integer. When a cache server is
started, it generates a Session ID to identify the instance of the
cache and to bind it to the sequence of Serial Numbers that cache
instance will generate. This allows the router to restart a
failed session knowing that the Serial Number it is using is
commensurate with that of the cache. If, at any time after the
protocol version has been negotiated (Section 7), either the
router or the cache finds that the value of the Session ID is not
the same as the other's, the party which detects the mismatch MUST
immediately terminate the session with an Error Report PDU with
code 0 ("Corrupt Data"), and the router MUST flush all data
learned from that cache.
```
Reformat with gofmt from Ties
First, VRPs that have expiry times are now checked, and they are
filtered out at import time.
Second, If a VRP JSON file is too old, and the "current state"
(in the case of a update) is too old, the state will empty to avoid
routing on old data.
Third, Every time a refresh cycle now happens, the file is reprocessed
to check for expiry, if the resulting VRPs from that procesing changes
then a new update+serial is pushed
Tag: https://github.com/bgp/stayrtr/issues/15
vrplock needs to be unlocked before AddVRPsDiff() because AddVRPsDiff needs a full lock.
I added some debug logging found this deadlock
INFO[0000] new cache file: Updating sha256 hash -> da753c7804d6f386bf303fed6931853eaaca0771ba160ef7fdbebb17e899d78b
INFO[0001] New update (306189 uniques, 306189 total prefixes).
INFO[0001] RLocking vrplock in AddVRPs
INFO[0002] RLocking vrplock in AddVRPsDiff
INFO[0002] RUnlocked vrplock in AddVRPsDiff
INFO[0002] Locking vrplock in AddVRPsDiff
...
Validators (such as rpki-client) ingest ROAs and emit Validated ROA Payloads (VRPs).
RTR servers exclusively deal with ingesting VRPs and emitting VRPs via RTR.
In rtrlib.Decode():
* Now check the message length is not greater than a hardcoded limit
(2048) to prevent unbounded memory allocations
* Fix a few unchecked slice accesses that could result in crashes with the
right payload in the PDU_ID_ERROR_REPORT case.
* Raised in #65, if the server does not have enough sockets, Accept returns error
* Due to a bug, it was causing `invalid memory address or nil pointer dereference` if no other limit was specified
* Issue was triggered around 1024 concurrent sessions on out of box Linux (check `ulimit -a | grep "open files"`)
* Set three modes of operating serial:
* Default: serials will start at 0 and increment at every change
* Beginning: serial will be set to the value found in the JSON then increment at every change
* Full: serial will be set based on the value found in the JSON at each refresh
* Also fixes a session ID bug where the variable was never random
* Introduces the following flags: `rtr.sessionid`. `rtr.refresh`, `rtr.retry` and `rtr.expire`
Resolves issue #52
* Add SSH support in library.
* GoRTR and RTRdump to use SSH with user/password or without auth
* Updated README with simple compatilibty matrix,
SSH configuration, Cisco configuration.
