summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJob Snijders <job@fastly.com>2024-02-22 14:58:29 +0100
committerOndrej Zajicek <santiago@crfreenet.org>2024-02-22 14:58:29 +0100
commite2728c8078161d9811d6c24a11e4c95efd1c9313 (patch)
treedec57ce2fd056566cc4d3ca4e7e1977358e4ea96
parent2d0652dd1088395c50df8fe1a99f1111b44688c6 (diff)
RPKI: Add 'local address' configuration option
Allow to explicitly configure the source IP address for RPKI-To-Router sessions. Predictable source addresses are useful for minimizing the holes to be poked in ACLs. Changed from 'source address' to 'local address' by committer.
Diffstat
-rw-r--r--doc/bird.sgml4
-rw-r--r--proto/rpki/config.Y3
-rw-r--r--proto/rpki/rpki.h1
-rw-r--r--proto/rpki/transport.c1
4 files changed, 8 insertions, 1 deletions
diff --git a/doc/bird.sgml b/doc/bird.sgml
index 76ca7f75..aeecb1dc 100644
--- a/doc/bird.sgml
+++ b/doc/bird.sgml
@@ -5697,6 +5697,7 @@ protocol rpki [&lt;name&gt;] {
roa6 { table &lt;tab&gt;; };
remote &lt;ip&gt; | "&lt;domain&gt;" [port &lt;num&gt;];
port &lt;num&gt;;
+ local address &lt;ip&gt;;
refresh [keep] &lt;num&gt;;
retry [keep] &lt;num&gt;;
expire [keep] &lt;num&gt;;
@@ -5726,6 +5727,9 @@ specify both channels.
number is 323 for transport without any encryption and 22 for transport
with SSH encryption.
+ <tag>local address <m/ip/</tag>
+ Define local address we should use as a source address for the RTR session.
+
<tag>refresh [keep] <m/num/</tag> Time period in seconds. Tells how
long to wait before next attempting to poll the cache using a Serial
Query or a Reset Query packet. Must be lower than 86400 seconds (one
diff --git a/proto/rpki/config.Y b/proto/rpki/config.Y
index c28cab7a..769ebb2c 100644
--- a/proto/rpki/config.Y
+++ b/proto/rpki/config.Y
@@ -32,7 +32,7 @@ rpki_check_unused_transport(void)
CF_DECLS
CF_KEYWORDS(RPKI, REMOTE, BIRD, PRIVATE, PUBLIC, KEY, TCP, SSH, TRANSPORT, USER,
- RETRY, REFRESH, EXPIRE, KEEP, IGNORE, MAX, LENGTH)
+ RETRY, REFRESH, EXPIRE, KEEP, IGNORE, MAX, LENGTH, LOCAL, ADDRESS)
%type <i> rpki_keep_interval
@@ -60,6 +60,7 @@ rpki_proto_item:
| REMOTE rpki_cache_addr
| REMOTE rpki_cache_addr rpki_proto_item_port
| rpki_proto_item_port
+ | LOCAL ADDRESS ipa { RPKI_CFG->local_ip = $3; }
| TRANSPORT rpki_transport
| REFRESH rpki_keep_interval expr {
if (rpki_check_refresh_interval($3))
diff --git a/proto/rpki/rpki.h b/proto/rpki/rpki.h
index 8a5c38fd..e67eb0e3 100644
--- a/proto/rpki/rpki.h
+++ b/proto/rpki/rpki.h
@@ -116,6 +116,7 @@ struct rpki_proto {
struct rpki_config {
struct proto_config c;
const char *hostname; /* Full domain name or stringified IP address of cache server */
+ ip_addr local_ip; /* Source address to use */
ip_addr ip; /* IP address of cache server or IPA_NONE */
u16 port; /* Port number of cache server */
struct rpki_tr_config tr_config; /* Specific transport configuration structure */
diff --git a/proto/rpki/transport.c b/proto/rpki/transport.c
index 81bd6dd8..26571977 100644
--- a/proto/rpki/transport.c
+++ b/proto/rpki/transport.c
@@ -82,6 +82,7 @@ rpki_tr_open(struct rpki_tr_sock *tr)
sk->daddr = cf->ip;
sk->dport = cf->port;
sk->host = cf->hostname;
+ sk->saddr = cf->local_ip;
sk->rbsize = RPKI_RX_BUFFER_SIZE;
sk->tbsize = RPKI_TX_BUFFER_SIZE;
sk->tos = IP_PREC_INTERNET_CONTROL;
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-23 05:49:48 +0000