artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6230b67) | patch
Improve detection of RRDP session desynchronization
authorclaudio <claudio@openbsd.org>
Fri, 23 Jun 2023 11:36:24 +0000 (11:36 +0000)
committerclaudio <claudio@openbsd.org>
Fri, 23 Jun 2023 11:36:24 +0000 (11:36 +0000)
commitb268327a38d43bac86a5f83c3530103e100b0ac4
tree6e2dd4e572bb51c2ab3f9716f30647e766d93b27tree | snapshot
parent6230b67351c594aa6954e0662a54c8f99adfdc38commit | diff
Improve detection of RRDP session desynchronization

According to RFC 8182, a given session_id and serial number represent an
immutable record of the state of the Repository Server at a certain
point in time.

Add a check to the RRDP notification file processing to compare whether
the delta hashes associated to previously seen serials are different in
newly fetched notification files. Fall back to a snapshot if a difference
is detected, because such a mutation is a strong desynchronization
indicator.

Idea from Ties de Kock (RIPE NCC).
Based on a diff by job@
With and OK job@ tb@
usr.sbin/rpki-client/extern.h diff | blob | history
usr.sbin/rpki-client/main.c diff | blob | history
usr.sbin/rpki-client/repo.c diff | blob | history
usr.sbin/rpki-client/rrdp.c diff | blob | history
usr.sbin/rpki-client/rrdp_notification.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim