1
0
mirror of https://github.com/openbsd/src.git synced 2025-01-09 22:38:01 -08:00

Fix capping of VAPs

The previous approach introduced a cap, but it might not always be hit as
intended (I missed this on review). Fix this to check the cap after merging
an ASPA into an already existing VAP. Also free the list of providers since
nothing should be looking at it anymore.

Count VAPs that hit the limit with a new overflowed counter. There are
still a few aspects of the accounting that probably aren't entirely right.
This will be fixed at another point. It's just statistics after all.

with/ok claudio, ok job
This commit is contained in:
tb 2024-04-08 14:02:13 +00:00
parent 28fef5effa
commit 7e284d508f
7 changed files with 33 additions and 21 deletions

View File

@ -1,4 +1,4 @@
/* $OpenBSD: aspa.c,v 1.29 2024/04/05 16:05:15 job Exp $ */
/* $OpenBSD: aspa.c,v 1.30 2024/04/08 14:02:13 tb Exp $ */
/*
* Copyright (c) 2022 Job Snijders <job@fastly.com>
* Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
@ -339,7 +339,7 @@ aspa_insert_vaps(char *fn, struct vap_tree *tree, struct aspa *aspa,
v->expires = aspa->expires;
if ((found = RB_INSERT(vap_tree, tree, v)) != NULL) {
if (found->invalid) {
if (found->overflowed) {
free(v);
return;
}
@ -357,14 +357,6 @@ aspa_insert_vaps(char *fn, struct vap_tree *tree, struct aspa *aspa,
} else
repo_stat_inc(rp, v->talid, RTYPE_ASPA, STYPE_UNIQUE);
if (v->providersz >= MAX_ASPA_PROVIDERS) {
v->invalid = 1;
repo_stat_inc(rp, v->talid, RTYPE_ASPA, STYPE_INVALID);
warnx("%s: too many providers for ASPA Customer ASID "
"(more than %d)", fn, MAX_ASPA_PROVIDERS);
return;
}
repo_stat_inc(rp, aspa->talid, RTYPE_ASPA, STYPE_TOTAL);
v->providers = reallocarray(v->providers,
@ -391,6 +383,17 @@ aspa_insert_vaps(char *fn, struct vap_tree *tree, struct aspa *aspa,
if (j < v->providersz)
j++;
}
if (v->providersz >= MAX_ASPA_PROVIDERS) {
v->overflowed = 1;
free(v->providers);
v->providers = NULL;
v->providersz = 0;
repo_stat_inc(rp, v->talid, RTYPE_ASPA, STYPE_OVERFLOW);
warnx("%s: too many providers for ASPA Customer ASID %u "
"(more than %d)", fn, v->custasid, MAX_ASPA_PROVIDERS);
return;
}
}
static inline int

View File

@ -1,4 +1,4 @@
/* $OpenBSD: extern.h,v 1.214 2024/04/05 16:05:15 job Exp $ */
/* $OpenBSD: extern.h,v 1.215 2024/04/08 14:02:13 tb Exp $ */
/*
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
*
@ -403,7 +403,7 @@ struct vap {
time_t expires;
int talid;
unsigned int repoid;
int invalid;
int overflowed;
};
/*
@ -573,6 +573,7 @@ enum stype {
STYPE_UNIQUE,
STYPE_DEC_UNIQUE,
STYPE_PROVIDERS,
STYPE_OVERFLOW,
};
struct repo;
@ -601,6 +602,7 @@ struct repotalstats {
uint32_t vaps; /* total number of Validated ASPA Payloads */
uint32_t vaps_uniqs; /* total number of unique VAPs */
uint32_t vaps_pas; /* total number of providers */
uint32_t vaps_overflowed; /* VAPs with too many providers */
uint32_t vrps; /* total number of Validated ROA Payloads */
uint32_t vrps_uniqs; /* number of unique vrps */
uint32_t spls; /* signed prefix list */

View File

@ -1,4 +1,4 @@
/* $OpenBSD: main.c,v 1.256 2024/04/05 16:05:15 job Exp $ */
/* $OpenBSD: main.c,v 1.257 2024/04/08 14:02:13 tb Exp $ */
/*
* Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org>
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@ -773,6 +773,7 @@ sum_stats(const struct repo *rp, const struct repotalstats *in, void *arg)
out->vaps += in->vaps;
out->vaps_uniqs += in->vaps_uniqs;
out->vaps_pas += in->vaps_pas;
out->vaps_overflowed += in->vaps_overflowed;
out->spls += in->spls;
out->spls_fail += in->spls_fail;
out->spls_invalid += in->spls_invalid;
@ -1502,8 +1503,9 @@ main(int argc, char *argv[])
stats.repo_stats.extra_files, stats.repo_stats.del_extra_files);
printf("VRP Entries: %u (%u unique)\n", stats.repo_tal_stats.vrps,
stats.repo_tal_stats.vrps_uniqs);
printf("VAP Entries: %u (%u unique)\n", stats.repo_tal_stats.vaps,
stats.repo_tal_stats.vaps_uniqs);
printf("VAP Entries: %u (%u unique, %u overflowed)\n",
stats.repo_tal_stats.vaps, stats.repo_tal_stats.vaps_uniqs,
stats.repo_tal_stats.vaps_overflowed);
printf("VSP Entries: %u (%u unique)\n", stats.repo_tal_stats.vsps,
stats.repo_tal_stats.vsps_uniqs);

View File

@ -1,4 +1,4 @@
/* $OpenBSD: output-bgpd.c,v 1.30 2024/04/05 16:05:15 job Exp $ */
/* $OpenBSD: output-bgpd.c,v 1.31 2024/04/08 14:02:13 tb Exp $ */
/*
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
*
@ -58,7 +58,7 @@ output_bgpd(FILE *out, struct vrp_tree *vrps, struct brk_tree *brks,
if (fprintf(out, "\naspa-set {\n") < 0)
return -1;
RB_FOREACH(vap, vap_tree, vaps) {
if (vap->invalid)
if (vap->overflowed)
continue;
if (fprintf(out, "\tcustomer-as %d expires %lld "
"provider-as { ", vap->custasid,

View File

@ -1,4 +1,4 @@
/* $OpenBSD: output-json.c,v 1.47 2024/04/05 16:05:15 job Exp $ */
/* $OpenBSD: output-json.c,v 1.48 2024/04/08 14:02:13 tb Exp $ */
/*
* Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org>
*
@ -93,7 +93,7 @@ print_vap(struct vap *v)
{
size_t i;
if (v->invalid)
if (v->overflowed)
return;
json_do_object("aspa", 1);

View File

@ -1,4 +1,4 @@
/* $OpenBSD: output-ometric.c,v 1.9 2024/02/26 15:40:33 job Exp $ */
/* $OpenBSD: output-ometric.c,v 1.10 2024/04/08 14:02:13 tb Exp $ */
/*
* Copyright (c) 2022 Claudio Jeker <claudio@openbsd.org>
*
@ -82,6 +82,8 @@ set_common_stats(const struct repotalstats *in, struct ometric *metric,
OKV("type", "state"), OKV("vap", "unique"), ol);
ometric_set_int_with_labels(metric, in->vaps_pas,
OKV("type", "state"), OKV("vap providers", "total"), ol);
ometric_set_int_with_labels(metric, in->vaps_overflowed,
OKV("type", "state"), OKV("vap overflowed"), ol);
ometric_set_int_with_labels(metric, in->spls,
OKV("type", "state"), OKV("spl", "valid"), ol);

View File

@ -1,4 +1,4 @@
/* $OpenBSD: repo.c,v 1.55 2024/03/22 03:38:12 job Exp $ */
/* $OpenBSD: repo.c,v 1.56 2024/04/08 14:02:13 tb Exp $ */
/*
* Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org>
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@ -1490,6 +1490,9 @@ repo_stat_inc(struct repo *rp, int talid, enum rtype type, enum stype subtype)
case STYPE_PROVIDERS:
rp->stats[talid].vaps_pas++;
break;
case STYPE_OVERFLOW:
rp->stats[talid].vaps_overflowed++;
break;
default:
break;
}