Route Origin Authorization basics.

 - ROA tables, which are used as a basic part for RPKI.
 - Commands for examining and modifying ROA tables.
 - Filter operators based on ROA tables consistent with RFC 6483.

1 files changed, 27 insertions, 1 deletions

diff --git a/filter/test.conf b/filter/test.conf
index dbb05de8..64e6d91b 100644
--- a/filter/test.conf
+++ b/filter/test.conf
@@ -52,6 +52,32 @@ function fifteen()
 	return 15;
 }
 
+roa table rl
+{
+	roa 10.110.0.0/16 max 16 as 1000;
+	roa 10.120.0.0/16 max 24 as 1000;
+	roa 10.130.0.0/16 max 24 as 2000;
+	roa 10.130.128.0/18 max 24 as 3000;
+}
+
+function test_roa()
+{
+	# cannot be tested in __startup(), sorry
+	print "Testing ROA";
+	print "Should be true: ", roa_check(rl, 10.10.0.0/16, 1000) = ROA_UNKNOWN,
+	      " ", roa_check(rl, 10.0.0.0/8, 1000) = ROA_UNKNOWN,
+	      " ", roa_check(rl, 10.110.0.0/16, 1000) = ROA_VALID,
+	      " ", roa_check(rl, 10.110.0.0/16, 2000) = ROA_INVALID,
+	      " ", roa_check(rl, 10.110.32.0/20, 1000) = ROA_INVALID,
+	      " ", roa_check(rl, 10.120.32.0/20, 1000) = ROA_VALID;
+	print "Should be true: ", roa_check(rl, 10.120.32.0/20, 2000) = ROA_INVALID,
+	      " ", roa_check(rl, 10.120.32.32/28, 1000) = ROA_INVALID,
+	      " ", roa_check(rl, 10.130.130.0/24, 1000) = ROA_INVALID,
+	      " ", roa_check(rl, 10.130.130.0/24, 2000) = ROA_VALID,
+	      " ", roa_check(rl, 10.130.30.0/24, 3000) = ROA_INVALID,
+	      " ", roa_check(rl, 10.130.130.0/24, 3000) = ROA_VALID;
+}
+
 function paths()
 bgpmask pm1;
 bgpmask pm2;
@@ -163,7 +189,7 @@ eclist el2;
 	print "eclist A isect B: ", filter( el, el2 );
 	print "eclist A \  B: ", delete( el, el2 );
 
-
+#	test_roa();
 }
 
 function bla()