Protocolary updates for release 1.5.3

NICMx · Nov 9, 2021 · 8f33392 · 8f33392
1 parent b986be7
commit 8f33392
Show file tree

Hide file tree

Showing 5 changed files with 38 additions and 19 deletions.
diff --git a/configure.ac b/configure.ac
@@ -2,8 +2,7 @@
 # Process this file with autoconf to produce a configure script.
 
 AC_PREREQ([2.69])
-AC_INIT([fort], [m4_esyscmd_s([git describe --dirty --always --tags])],
-	[fort-validator@nic.mx])
+AC_INIT([fort], [1.5.3], [fort-validator@nic.mx])
 AC_CONFIG_SRCDIR([src/main.c])
 AM_INIT_AUTOMAKE([subdir-objects])
 

diff --git a/docs/_config.yml b/docs/_config.yml
@@ -8,7 +8,7 @@ defaults:
       layout: "default"
       image: "/img/logo_validador_og.png"
 
-fort-latest-version: 1.5.2
+fort-latest-version: 1.5.3
 plugins:
   - jekyll-seo-tag
   - jekyll-sitemap

diff --git a/docs/usage.md b/docs/usage.md
@@ -763,7 +763,7 @@ The value Fort employs as [CURLOPT_LOW_SPEED_TIME](https://curl.haxx.se/libcurl/
 
 It is the number of seconds that the transfer speed should be below `--http.low-speed-limit` for the Fort to consider it too slow. (Slow connections are dropped.)
 
-See [`--http.low-speed-limit`](#--httplow-speed-limit).
+See [`--http.low-speed-limit`](#--httplow-speed-limit) for an example.
 
 ### `--http.max-file-size`
 
@@ -776,7 +776,13 @@ The maximum amount of bytes files are allowed to length during HTTP transfers. F
 
 This is intended to prevent malicious RPKI repositories from stagnating Fort.
 
-As of 2021-10-05, the largest legitimate file in the repositories is an RRDP snapshot that weights ~150 megabytes.
+As of 2021-10-05, the largest legitimate file in the repositories is an RRDP snapshot that weights ~150 megabytes. (But will double in size during key rollover.)
+
+This configuration value is _transient_. It is expected that the IETF will eventually standardize a more versatile means to prevent unbounded file transfers. In particular, because RRDP snapshots tend to grow over time, `--http.max-file-size`'s default value will likely eventually be exceeded by legitimate files.
+
+Watch out for the following warning in the operation logs:
+
+	File size exceeds 50% of the configured limit
 
 ### `--http.ca-path`
 
@@ -831,7 +837,7 @@ If `--output.roa` is omitted, the ROAs are not printed.
 - **Type:** String (Path to file)
 - **Availability:** `argv` and JSON
 
-> ![Warning!](img/warn.svg) BGPsec certificate validation has been disabled in version 1.5.2 because of [this bug](https://github.com/NICMx/FORT-validator/issues/58). It will be restored in version 1.5.3.
+> ![Warning!](img/warn.svg) BGPsec certificate validation has been disabled in version 1.5.2 because of [this bug](https://github.com/NICMx/FORT-validator/issues/58). It will be restored in version 1.5.4.
 
 File where the BGPsec Router Keys (found during each validation run) will be stored. See [`--output.format`](#--outputformat).
 

diff --git a/man/fort.8 b/man/fort.8
@@ -1,4 +1,4 @@
-.TH fort 8 "2021-10-19" "v1.5.2" "FORT validator"
+.TH fort 8 "2021-11-09" "v1.5.3" "FORT validator"
 
 .SH NAME
 fort \- RPKI validator and RTR server
@@ -845,20 +845,35 @@ By default, it has a value of \fI0\fR.
 .RE
 .P
 
-.B \-\-http.idle\-timeout=\fIUNSIGNED_INTEGER\fR
+.B \-\-low\-speed\-limit=\fIUNSIGNED_INTEGER\fR
 .RS 4
-Maximum time in seconds (once the connection is established) that the request
-can be idle.
+The value Fort employs as CURLOPT_LOW_SPEED_LIMIT during every HTTP transfer.
 .P
-Once the connection is established with the server, and if the request stops
-receiving data for at least \fBhttp.idle-timeout\fR seconds, the connection
-will be dropped. A value of \fI0\fR disables idle time verification (use with
-caution).
+"Abort connection if slower than LIMIT bytes/sec during TIME seconds."
 .P
-The value specified (either by the argument or the default value) is utilized
-in libcurl’s option \fICURLOPT_LOW_SPEED_TIME\fR.
+(See \-\-low\-speed\-time.)
+.P
+Default: \fI100000\fR (100 KB/s)
+.RE
+.P
+
+.B \-\-low\-speed\-time=\fIUNSIGNED_INTEGER\fR
+.RS 4
+The value Fort employs as CURLOPT_LOW_SPEED_TIME during every HTTP transfer.
+.P
+"Abort connection if slower than LIMIT bytes/sec during TIME seconds."
+.P
+(See \-\-low\-speed\-limit.)
+.P
+Default: \fI10\fR
+.RE
+.P
+
+.B \-\-http\.max\-file\-size=\fIUNSIGNED_INTEGER\fR
+.RS 4
+Maximum amount of bytes files are allowed to length during HTTP transfers.
 .P
-By default, it has a value of \fI15\fR.
+Default: \fI1000000000\fR (1 GB)
 .RE
 .P
 
@@ -1460,7 +1475,7 @@ well as some dummy Router Keys (BGPsec) info:
 
 .\".SH COPYRIGHT
 .\" FORT-validator 2021
-.\" Licensed under the blah blah...
+.\" MIT License
 
 .SH SEE ALSO
 .B Regular man pages

diff --git a/src/Makefile.am b/src/Makefile.am
@@ -113,7 +113,6 @@ fort_SOURCES += rtr/rtr.c rtr/rtr.h
 fort_SOURCES += rtr/db/db_table.c rtr/db/db_table.h
 fort_SOURCES += rtr/db/delta.c rtr/db/delta.h
 fort_SOURCES += rtr/db/deltas_array.c rtr/db/deltas_array.h
-fort_SOURCES += rtr/db/roa.h
 fort_SOURCES += rtr/db/vrps.c rtr/db/vrps.h
 
 fort_SOURCES += slurm/db_slurm.c slurm/db_slurm.h