CVSROOT: /cvs
Module name: src
Changes by: clau...@cvs.openbsd.org 2022/06/16 10:09:56
Modified files:
usr.sbin/rpki-client: rrdp_notification.c
Log message:
RRDP serial numbers should only increase.
Warn if the serial number decreases between syncs.
On top of this only allow a small window of up to 2 deltas from the
current one to consider our cache to be in sync.
The number 2 is probably to conservative and should be adjusted once
some data points got collected.
It seems to happen that CAs restore RRDP snapshots instead of building
a fresh snapshot with a new session-id. Which results in rpki-client to
ignore the repo until the serial number is bigger again.
OK tb@
