Ensure that RRDP delta hashes don’t changes between updates.#951
Merged
Conversation
DRiKE
approved these changes
Apr 10, 2024
| impl<K: Compose<W>, V: Compose<W>, W: io::Write> Compose<W> for HashMap<K, V> { | ||
| fn compose(&self, target: &mut W) -> Result<(), io::Error> { | ||
| u64::try_from(self.len()) | ||
| .map_err(|_| ParseError::format("excessively large vec"))? |
Contributor
There was a problem hiding this comment.
Suggested change
| .map_err(|_| ParseError::format("excessively large vec"))? | |
| .map_err(|_| ParseError::format("excessively large map"))? |
| { | ||
| fn parse(source: &mut R) -> Result<Self, ParseError> { | ||
| let len = usize::try_from(u64::parse(source)?).map_err(|_| { | ||
| ParseError::format("too many items in vec") |
Contributor
There was a problem hiding this comment.
Suggested change
| ParseError::format("too many items in vec") | |
| ParseError::format("too many items in map") |
partim
added a commit
that referenced
this pull request
Jun 10, 2024
Breaking changes * Keep the content of an RRDP repository in a single file rather than as individual files under a directory. ([#886]) * Changed the `summary` output format to have all lines end in a semicolon. ([#907]) * Changed the options used for `rsync`. The options `-rtO --delete` are now always used. The options set in the `rsync-args` are added or, if that is not used, `-z` and `--no-motd`, as well as `--contimeout=10` if it is supported by the rsync command, and `--max-size` if the `max-object-size` option has not been set to 0. ([#962]) New * The `chain_validity` value in the `jsonext` format now considers the validity of the manifest’s EE certificates. A new `stale` value shows the time when any of the publication points along the way will become stale. ([#945]) * If a collected manifest has a lower manifest number or an older thisUpdate field than a stored manifest for the same CA, the collected manifest is ignored and the stored publication point is used instead. This implements a requirement added in [RFC 9286]. ([#946], [#954]) * The number of delta entries in a RRDP notification file is now limited to 500 by default. If there are more entries, the deltas are ignored and the snapshot is used. The limit can be changed through the new `rrdp-max-delta-list-len` configuration value. ([#961]) * The RRDP collector now falls back to a snapshot update if the hash of a delta listed in the notification file has changed from the previous update. This implements [draft-ietf-sidrops-rrdp-desynchronization-00]. ([#951]) * The RRDP collector now enforces that all URIs referred to or redirected to by an RRDP server have the same origin as the rpkiNotify URI in the CA certificate. ([#953]) * The config file used is now printed for some commands. This should help with avoiding confusion when running Routinator as different users. ([#959]) Bug fixes * Fixed an issue where the refresh time was calculated as zero under certain conditions until the dataset was updated. ([#940]) * Add the current RRDP serial number to the RRDP server metrics when a Not Modified response is received so that Prometheus shows a constant value.
partim
added a commit
that referenced
this pull request
Jun 20, 2024
…970) Breaking changes * Keep the content of an RRDP repository in a single file rather than as individual files under a directory. ([#886]) * Switched to the all-new version 0.4 of the Routinator UI. This also changes the way we import the UI into Routinator by simply including the built assets which means downloads are not necessary during the build process any more. ([#952]) * Changed the `summary` output format to have all lines end in a semicolon. ([#907]) * Changed the options used for `rsync`. The options `-rtO --delete` are now always used. The options set in the `rsync-args` are added or, if that is not used, `-z` and `--no-motd`, as well as `--contimeout=10` if it is supported by the rsync command, and `--max-size` if the `max-object-size` option has not been set to 0. ([#962]) New * The `chain_validity` value in the `jsonext` format now considers the validity of the manifest’s EE certificates. A new `stale` value shows the time when any of the publication points along the way will become stale. ([#945]) * If a collected manifest has a lower manifest number or an older thisUpdate field than a stored manifest for the same CA, the collected manifest is ignored and the stored publication point is used instead. This implements a requirement added in [RFC 9286]. ([#946], [#954]) * The number of delta entries in a RRDP notification file is now limited to 500 by default. If there are more entries, the deltas are ignored and the snapshot is used. The limit can be changed through the new `rrdp-max-delta-list-len` configuration value. ([#961]) * The RRDP collector now falls back to a snapshot update if the hash of a delta listed in the notification file has changed from the previous update. This implements [draft-ietf-sidrops-rrdp-desynchronization-00]. ([#951]) * The RRDP collector now enforces that all URIs referred to or redirected to by an RRDP server have the same origin as the rpkiNotify URI in the CA certificate. ([#953]) * The config file used is now printed for some commands. This should help with avoiding confusion when running Routinator as different users. ([#959]) Bug fixes * Fixed an issue where the refresh time was calculated as zero under certain conditions until the dataset was updated. ([#940]) * Add the current RRDP serial number to the RRDP server metrics when a Not Modified response is received so that Prometheus shows a constant value.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR ensures that the hash of an RRDP delta with a given serial doesn’t change between updates. It stores the list of delta serials and hashes with the RRDP repository state in its archive and checks that hashes for serial numbers present both in the repository state and a new notification are equal. Otherwise falls back to a snapshot update.
This PR implements the draft-ietf-sidrops-rrdp-desynchronization-00. The draft suggests to limit the number of deltas stored. We are not yet doing that. Instead this should be part of limiting the number of deltas taken out of the notification file when parsing in a follow up PR in rpki-rs.
This PR changes the format of the repository state and thus increases its version to 1. Strictly speaking, we never released version 0, but it’s been in main from quite some time, so an increase feels prudent.