summaryrefslogtreecommitdiff
path: root/proto/rpki
diff options
context:
space:
mode:
authorOndrej Zajicek (work) <santiago@crfreenet.org>2020-10-11 00:53:19 +0200
committerOndrej Zajicek (work) <santiago@crfreenet.org>2020-10-11 01:00:54 +0200
commitfc1e3211b109400c0e96f889829c9f5145ac7226 (patch)
tree3419096c119b0f8146f165e91d4b399eb854b920 /proto/rpki
parent6c11dbcf28faa145cfb7310310a2a261fd4dd1f2 (diff)
RPKI: Add 'ignore max length' option
Add 'ignore max length' option to RPKI protocol, which ignores received max length in ROA records and instead uses max value (32 or 128). This may be useful for implementing loose RPKI check for blackholes.
Diffstat (limited to 'proto/rpki')
-rw-r--r--proto/rpki/config.Y3
-rw-r--r--proto/rpki/packets.c10
-rw-r--r--proto/rpki/rpki.c42
-rw-r--r--proto/rpki/rpki.h1
4 files changed, 41 insertions, 15 deletions
diff --git a/proto/rpki/config.Y b/proto/rpki/config.Y
index 924066f8..d6d326b8 100644
--- a/proto/rpki/config.Y
+++ b/proto/rpki/config.Y
@@ -32,7 +32,7 @@ rpki_check_unused_transport(void)
CF_DECLS
CF_KEYWORDS(RPKI, REMOTE, BIRD, PRIVATE, PUBLIC, KEY, TCP, SSH, TRANSPORT, USER,
- RETRY, REFRESH, EXPIRE, KEEP)
+ RETRY, REFRESH, EXPIRE, KEEP, IGNORE, MAX, LENGTH)
%type <i> rpki_keep_interval
@@ -79,6 +79,7 @@ rpki_proto_item:
RPKI_CFG->expire_interval = $3;
RPKI_CFG->keep_expire_interval = $2;
}
+ | IGNORE MAX LENGTH bool { RPKI_CFG->ignore_max_length = $4; }
;
rpki_keep_interval:
diff --git a/proto/rpki/packets.c b/proto/rpki/packets.c
index e9d24fb8..dd11f997 100644
--- a/proto/rpki/packets.c
+++ b/proto/rpki/packets.c
@@ -729,12 +729,22 @@ rpki_prefix_pdu_2_net_addr(const struct pdu_header *pdu, net_addr_union *n)
static int
rpki_handle_prefix_pdu(struct rpki_cache *cache, const struct pdu_header *pdu)
{
+ const struct rpki_config *cf = (void *) cache->p->p.cf;
+
const enum pdu_type type = pdu->type;
ASSERT(type == IPV4_PREFIX || type == IPV6_PREFIX);
net_addr_union addr = {};
rpki_prefix_pdu_2_net_addr(pdu, &addr);
+ if (cf->ignore_max_length)
+ {
+ if (type == IPV4_PREFIX)
+ addr.roa4.max_pxlen = IP4_MAX_PREFIX_LENGTH;
+ else
+ addr.roa6.max_pxlen = IP6_MAX_PREFIX_LENGTH;
+ }
+
struct channel *channel = NULL;
if (type == IPV4_PREFIX)
diff --git a/proto/rpki/rpki.c b/proto/rpki/rpki.c
index 3e46b6d1..3ee46ae2 100644
--- a/proto/rpki/rpki.c
+++ b/proto/rpki/rpki.c
@@ -639,18 +639,6 @@ rpki_shutdown(struct proto *P)
* RPKI Reconfiguration
*/
-static int
-rpki_try_fast_reconnect(struct rpki_cache *cache)
-{
- if (cache->state == RPKI_CS_ESTABLISHED)
- {
- rpki_cache_change_state(cache, RPKI_CS_FAST_RECONNECT);
- return SUCCESSFUL_RECONF;
- }
-
- return NEED_RESTART;
-}
-
/**
* rpki_reconfigure_cache - a cache reconfiguration
* @p: RPKI protocol instance
@@ -666,6 +654,7 @@ rpki_try_fast_reconnect(struct rpki_cache *cache)
static int
rpki_reconfigure_cache(struct rpki_proto *p UNUSED, struct rpki_cache *cache, struct rpki_config *new, struct rpki_config *old)
{
+ u8 try_reset = 0;
u8 try_fast_reconnect = 0;
if (strcmp(old->hostname, new->hostname) != 0)
@@ -685,6 +674,13 @@ rpki_reconfigure_cache(struct rpki_proto *p UNUSED, struct rpki_cache *cache, st
CACHE_TRACE(D_EVENTS, cache, "Transport type changed");
return NEED_RESTART;
}
+
+ if (old->ignore_max_length != new->ignore_max_length)
+ {
+ CACHE_TRACE(D_EVENTS, cache, "Ignore max length changed");
+ try_reset = 1;
+ }
+
#if HAVE_LIBSSH
else if (new->tr_config.type == RPKI_TR_SSH)
{
@@ -713,8 +709,26 @@ rpki_reconfigure_cache(struct rpki_proto *p UNUSED, struct rpki_cache *cache, st
TEST_INTERVAL(expire, Expire);
#undef TEST_INTERVAL
- if (try_fast_reconnect)
- return rpki_try_fast_reconnect(cache);
+ if (try_reset || try_fast_reconnect)
+ {
+ if (cache->state != RPKI_CS_ESTABLISHED)
+ return NEED_RESTART;
+
+ if (try_reset && !try_fast_reconnect)
+ rpki_cache_change_state(cache, RPKI_CS_RESET);
+
+ if (try_fast_reconnect)
+ {
+ if (try_reset)
+ {
+ /* Force reset during reconnect */
+ cache->request_session_id = 1;
+ cache->serial_num = 0;
+ }
+
+ rpki_cache_change_state(cache, RPKI_CS_FAST_RECONNECT);
+ }
+ }
return SUCCESSFUL_RECONF;
}
diff --git a/proto/rpki/rpki.h b/proto/rpki/rpki.h
index 8972b33a..8a5c38fd 100644
--- a/proto/rpki/rpki.h
+++ b/proto/rpki/rpki.h
@@ -125,6 +125,7 @@ struct rpki_config {
u8 keep_refresh_interval:1; /* Do not overwrite refresh interval by cache server update */
u8 keep_retry_interval:1; /* Do not overwrite retry interval by cache server update */
u8 keep_expire_interval:1; /* Do not overwrite expire interval by cache server update */
+ u8 ignore_max_length:1; /* Ignore received max length and use MAX_PREFIX_LENGTH instead */
};
void rpki_check_config(struct rpki_config *cf);