Annotation of embedaddon/bird/nest/rt-roa.c, revision 1.1
1.1 ! misho 1: /*
! 2: * BIRD -- Route Origin Authorization
! 3: *
! 4: *
! 5: * Can be freely distributed and used under the terms of the GNU GPL.
! 6: */
! 7:
! 8: #undef LOCAL_DEBUG
! 9:
! 10: #include "nest/bird.h"
! 11: #include "nest/route.h"
! 12: #include "nest/cli.h"
! 13: #include "lib/lists.h"
! 14: #include "lib/resource.h"
! 15: #include "lib/event.h"
! 16: #include "lib/string.h"
! 17: #include "conf/conf.h"
! 18:
! 19:
! 20: pool *roa_pool;
! 21: static slab *roa_slab; /* Slab of struct roa_item */
! 22: static list roa_table_list; /* List of struct roa_table */
! 23: struct roa_table *roa_table_default; /* The first ROA table in the config */
! 24:
! 25: static inline int
! 26: src_match(struct roa_item *it, byte src)
! 27: { return !src || it->src == src; }
! 28:
! 29: /**
! 30: * roa_add_item - add a ROA entry
! 31: * @t: ROA table
! 32: * @prefix: prefix of the ROA entry
! 33: * @pxlen: prefix length of the ROA entry
! 34: * @maxlen: max length field of the ROA entry
! 35: * @asn: AS number field of the ROA entry
! 36: * @src: source of the ROA entry (ROA_SRC_*)
! 37: *
! 38: * The function adds a new ROA entry to the ROA table. If the same ROA
! 39: * is already in the table, nothing is added. @src field is used to
! 40: * distinguish different sources of ROAs.
! 41: */
! 42: void
! 43: roa_add_item(struct roa_table *t, ip_addr prefix, byte pxlen, byte maxlen, u32 asn, byte src)
! 44: {
! 45: struct roa_node *n = fib_get(&t->fib, &prefix, pxlen);
! 46:
! 47: // if ((n->items == NULL) && (n->n.x0 != ROA_INVALID))
! 48: // t->cached_items--;
! 49:
! 50: struct roa_item *it;
! 51: for (it = n->items; it; it = it->next)
! 52: if ((it->maxlen == maxlen) && (it->asn == asn) && src_match(it, src))
! 53: return;
! 54:
! 55: it = sl_alloc(roa_slab);
! 56: it->asn = asn;
! 57: it->maxlen = maxlen;
! 58: it->src = src;
! 59: it->next = n->items;
! 60: n->items = it;
! 61: }
! 62:
! 63: /**
! 64: * roa_delete_item - delete a ROA entry
! 65: * @t: ROA table
! 66: * @prefix: prefix of the ROA entry
! 67: * @pxlen: prefix length of the ROA entry
! 68: * @maxlen: max length field of the ROA entry
! 69: * @asn: AS number field of the ROA entry
! 70: * @src: source of the ROA entry (ROA_SRC_*)
! 71: *
! 72: * The function removes a specified ROA entry from the ROA table and
! 73: * frees it. If @src field is not ROA_SRC_ANY, only entries from
! 74: * that source are considered.
! 75: */
! 76: void
! 77: roa_delete_item(struct roa_table *t, ip_addr prefix, byte pxlen, byte maxlen, u32 asn, byte src)
! 78: {
! 79: struct roa_node *n = fib_find(&t->fib, &prefix, pxlen);
! 80:
! 81: if (!n)
! 82: return;
! 83:
! 84: struct roa_item *it, **itp;
! 85: for (itp = &n->items; it = *itp; itp = &it->next)
! 86: if ((it->maxlen == maxlen) && (it->asn == asn) && src_match(it, src))
! 87: break;
! 88:
! 89: if (!it)
! 90: return;
! 91:
! 92: *itp = it->next;
! 93: sl_free(roa_slab, it);
! 94:
! 95: // if ((n->items == NULL) && (n->n.x0 != ROA_INVALID))
! 96: // t->cached_items++;
! 97: }
! 98:
! 99:
! 100: /**
! 101: * roa_flush - flush a ROA table
! 102: * @t: ROA table
! 103: * @src: source of ROA entries (ROA_SRC_*)
! 104: *
! 105: * The function removes and frees ROA entries from the ROA table. If
! 106: * @src is ROA_SRC_ANY, all entries in the table are removed,
! 107: * otherwise only all entries from that source are removed.
! 108: */
! 109: void
! 110: roa_flush(struct roa_table *t, byte src)
! 111: {
! 112: struct roa_item *it, **itp;
! 113: struct roa_node *n;
! 114:
! 115: FIB_WALK(&t->fib, fn)
! 116: {
! 117: n = (struct roa_node *) fn;
! 118:
! 119: itp = &n->items;
! 120: while (it = *itp)
! 121: if (src_match(it, src))
! 122: {
! 123: *itp = it->next;
! 124: sl_free(roa_slab, it);
! 125: }
! 126: else
! 127: itp = &it->next;
! 128: }
! 129: FIB_WALK_END;
! 130:
! 131: // TODO add cleanup of roa_nodes
! 132: }
! 133:
! 134:
! 135:
! 136: /*
! 137: byte
! 138: roa_check(struct roa_table *t, ip_addr prefix, byte pxlen, u32 asn)
! 139: {
! 140: struct roa_node *n = fib_find(&t->fib, &prefix, pxlen);
! 141:
! 142: if (n && n->n.x0 == ROA_UNKNOWN)
! 143: return ROA_UNKNOWN;
! 144:
! 145: if (n && n->n.x0 == ROA_VALID && asn == n->cached_asn)
! 146: return ROA_VALID;
! 147:
! 148: byte rv = roa_match(t, n, prefix, pxlen, asn);
! 149:
! 150: if (rv != ROA_INVALID)
! 151: {
! 152: if (!n)
! 153: {
! 154: if (t->cached_items >= t->cached_items_max)
! 155: n = fib_get(&t->fib, &prefix, pxlen);
! 156: t->cached_items++;
! 157: }
! 158:
! 159: n->cached_asn = asn;
! 160: n->n.x0 = rv;
! 161: }
! 162:
! 163: return rv;
! 164: }
! 165: */
! 166:
! 167: /**
! 168: * roa_check - check validity of route origination in a ROA table
! 169: * @t: ROA table
! 170: * @prefix: network prefix to check
! 171: * @pxlen: length of network prefix
! 172: * @asn: AS number of network prefix
! 173: *
! 174: * Implements RFC 6483 route validation for the given network
! 175: * prefix. The procedure is to find all candidate ROAs - ROAs whose
! 176: * prefixes cover the give network prefix. If there is no candidate
! 177: * ROA, return ROA_UNKNOWN. If there is a candidate ROA with matching
! 178: * ASN and maxlen field greater than or equal to the given prefix
! 179: * length, return ROA_VALID. Otherwise return ROA_INVALID. If caller
! 180: * cannot determine origin AS, 0 could be used (in that case ROA_VALID
! 181: * cannot happen).
! 182: */
! 183: byte
! 184: roa_check(struct roa_table *t, ip_addr prefix, byte pxlen, u32 asn)
! 185: {
! 186: struct roa_node *n;
! 187: ip_addr px;
! 188: byte anything = 0;
! 189:
! 190: int len;
! 191: for (len = pxlen; len >= 0; len--)
! 192: {
! 193: px = ipa_and(prefix, ipa_mkmask(len));
! 194: n = fib_find(&t->fib, &px, len);
! 195:
! 196: if (!n)
! 197: continue;
! 198:
! 199: struct roa_item *it;
! 200: for (it = n->items; it; it = it->next)
! 201: {
! 202: anything = 1;
! 203: if ((it->maxlen >= pxlen) && (it->asn == asn) && asn)
! 204: return ROA_VALID;
! 205: }
! 206: }
! 207:
! 208: return anything ? ROA_INVALID : ROA_UNKNOWN;
! 209: }
! 210:
! 211: static void
! 212: roa_node_init(struct fib_node *fn)
! 213: {
! 214: struct roa_node *n = (struct roa_node *) fn;
! 215: n->items = NULL;
! 216: }
! 217:
! 218: static inline void
! 219: roa_populate(struct roa_table *t)
! 220: {
! 221: struct roa_item_config *ric;
! 222: for (ric = t->cf->roa_items; ric; ric = ric->next)
! 223: roa_add_item(t, ric->prefix, ric->pxlen, ric->maxlen, ric->asn, ROA_SRC_CONFIG);
! 224: }
! 225:
! 226: static void
! 227: roa_new_table(struct roa_table_config *cf)
! 228: {
! 229: struct roa_table *t;
! 230:
! 231: t = mb_allocz(roa_pool, sizeof(struct roa_table));
! 232: fib_init(&t->fib, roa_pool, sizeof(struct roa_node), 0, roa_node_init);
! 233: t->name = cf->name;
! 234: t->cf = cf;
! 235:
! 236: cf->table = t;
! 237: add_tail(&roa_table_list, &t->n);
! 238:
! 239: roa_populate(t);
! 240: }
! 241:
! 242: struct roa_table_config *
! 243: roa_new_table_config(struct symbol *s)
! 244: {
! 245: struct roa_table_config *rtc = cfg_allocz(sizeof(struct roa_table_config));
! 246:
! 247: cf_define_symbol(s, SYM_ROA, rtc);
! 248: rtc->name = s->name;
! 249: add_tail(&new_config->roa_tables, &rtc->n);
! 250: return rtc;
! 251: }
! 252:
! 253: /**
! 254: * roa_add_item_config - add a static ROA entry to a ROA table configuration
! 255: *
! 256: * Arguments are self-explanatory. The first is the ROA table config, rest
! 257: * are specifying the ROA entry.
! 258: */
! 259: void
! 260: roa_add_item_config(struct roa_table_config *rtc, ip_addr prefix, byte pxlen, byte maxlen, u32 asn)
! 261: {
! 262: struct roa_item_config *ric = cfg_allocz(sizeof(struct roa_item_config));
! 263:
! 264: ric->prefix = prefix;
! 265: ric->pxlen = pxlen;
! 266: ric->maxlen = maxlen;
! 267: ric->asn = asn;
! 268: ric->next = rtc->roa_items;
! 269: rtc->roa_items = ric;
! 270: }
! 271:
! 272: /**
! 273: * roa_init - initialize ROA tables
! 274: *
! 275: * This function is called during BIRD startup. It initializes
! 276: * the ROA table module.
! 277: */
! 278: void
! 279: roa_init(void)
! 280: {
! 281: roa_pool = rp_new(&root_pool, "ROA tables");
! 282: roa_slab = sl_new(roa_pool, sizeof(struct roa_item));
! 283: init_list(&roa_table_list);
! 284: }
! 285:
! 286: void
! 287: roa_preconfig(struct config *c)
! 288: {
! 289: init_list(&c->roa_tables);
! 290: }
! 291:
! 292:
! 293: /**
! 294: * roa_commit - commit new ROA table configuration
! 295: * @new: new configuration
! 296: * @old: original configuration or %NULL if it's boot time config
! 297: *
! 298: * Scan differences between @old and @new configuration and modify the
! 299: * ROA tables according to these changes. If @new defines a previously
! 300: * unknown table, create it, if it omits a table existing in @old,
! 301: * delete it (there are no references, only indirect through struct
! 302: * roa_table_config). If it exists in both configurations, update the
! 303: * configured ROA entries.
! 304: */
! 305: void
! 306: roa_commit(struct config *new, struct config *old)
! 307: {
! 308: struct roa_table_config *cf;
! 309: struct roa_table *t;
! 310:
! 311: if (old)
! 312: WALK_LIST(t, roa_table_list)
! 313: {
! 314: struct symbol *sym = cf_find_symbol(new, t->name);
! 315: if (sym && sym->class == SYM_ROA)
! 316: {
! 317: /* Found old table in new config */
! 318: cf = sym->def;
! 319: cf->table = t;
! 320: t->name = cf->name;
! 321: t->cf = cf;
! 322:
! 323: /* Reconfigure it */
! 324: roa_flush(t, ROA_SRC_CONFIG);
! 325: roa_populate(t);
! 326: }
! 327: else
! 328: {
! 329: t->cf->table = NULL;
! 330:
! 331: /* Free it now */
! 332: roa_flush(t, ROA_SRC_ANY);
! 333: rem_node(&t->n);
! 334: fib_free(&t->fib);
! 335: mb_free(t);
! 336: }
! 337: }
! 338:
! 339: /* Add new tables */
! 340: WALK_LIST(cf, new->roa_tables)
! 341: if (! cf->table)
! 342: roa_new_table(cf);
! 343:
! 344: roa_table_default = EMPTY_LIST(new->roa_tables) ? NULL :
! 345: ((struct roa_table_config *) HEAD(new->roa_tables))->table;
! 346: }
! 347:
! 348:
! 349:
! 350: static void
! 351: roa_show_node(struct cli *c, struct roa_node *rn, int len, u32 asn)
! 352: {
! 353: struct roa_item *ri;
! 354:
! 355: for (ri = rn->items; ri; ri = ri->next)
! 356: if ((ri->maxlen >= len) && (!asn || (ri->asn == asn)))
! 357: cli_printf(c, -1019, "%I/%d max %d as %u", rn->n.prefix, rn->n.pxlen, ri->maxlen, ri->asn);
! 358: }
! 359:
! 360: static void
! 361: roa_show_cont(struct cli *c)
! 362: {
! 363: struct roa_show_data *d = c->rover;
! 364: struct fib *fib = &d->table->fib;
! 365: struct fib_iterator *it = &d->fit;
! 366: struct roa_node *rn;
! 367: unsigned max = 32;
! 368:
! 369: FIB_ITERATE_START(fib, it, f)
! 370: {
! 371: rn = (struct roa_node *) f;
! 372:
! 373: if (!max--)
! 374: {
! 375: FIB_ITERATE_PUT(it, f);
! 376: return;
! 377: }
! 378:
! 379: if ((d->mode == ROA_SHOW_ALL) ||
! 380: net_in_net(rn->n.prefix, rn->n.pxlen, d->prefix, d->pxlen))
! 381: roa_show_node(c, rn, 0, d->asn);
! 382: }
! 383: FIB_ITERATE_END(f);
! 384:
! 385: cli_printf(c, 0, "");
! 386: c->cont = c->cleanup = NULL;
! 387: }
! 388:
! 389: static void
! 390: roa_show_cleanup(struct cli *c)
! 391: {
! 392: struct roa_show_data *d = c->rover;
! 393:
! 394: /* Unlink the iterator */
! 395: fit_get(&d->table->fib, &d->fit);
! 396: }
! 397:
! 398: void
! 399: roa_show(struct roa_show_data *d)
! 400: {
! 401: struct roa_node *rn;
! 402: ip_addr px;
! 403: int len;
! 404:
! 405: switch (d->mode)
! 406: {
! 407: case ROA_SHOW_ALL:
! 408: case ROA_SHOW_IN:
! 409: FIB_ITERATE_INIT(&d->fit, &d->table->fib);
! 410: this_cli->cont = roa_show_cont;
! 411: this_cli->cleanup = roa_show_cleanup;
! 412: this_cli->rover = d;
! 413: break;
! 414:
! 415: case ROA_SHOW_PX:
! 416: rn = fib_find(&d->table->fib, &d->prefix, d->pxlen);
! 417: if (rn)
! 418: {
! 419: roa_show_node(this_cli, rn, 0, d->asn);
! 420: cli_msg(0, "");
! 421: }
! 422: else
! 423: cli_msg(-8001, "Network not in table");
! 424: break;
! 425:
! 426: case ROA_SHOW_FOR:
! 427: for (len = d->pxlen; len >= 0; len--)
! 428: {
! 429: px = ipa_and(d->prefix, ipa_mkmask(len));
! 430: rn = fib_find(&d->table->fib, &px, len);
! 431:
! 432: if (!rn)
! 433: continue;
! 434:
! 435: roa_show_node(this_cli, rn, 0, d->asn);
! 436: }
! 437: cli_msg(0, "");
! 438: break;
! 439: }
! 440: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to rt-roa.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / bird / nest