summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--conf/conf.c2
-rw-r--r--conf/conf.h1
-rw-r--r--conf/confbase.Y2
-rw-r--r--nest/cmds.c1
-rw-r--r--nest/route.h80
-rw-r--r--nest/rt-roa.c440
6 files changed, 4 insertions, 522 deletions
diff --git a/conf/conf.c b/conf/conf.c
index 9eea5664..f66e3561 100644
--- a/conf/conf.c
+++ b/conf/conf.c
@@ -135,7 +135,6 @@ config_parse(struct config *c)
sysdep_preconfig(c);
protos_preconfig(c);
rt_preconfig(c);
-/* roa_preconfig(c); */
cf_parse();
protos_postconfig(c);
if (EMPTY_LIST(c->protos))
@@ -266,7 +265,6 @@ config_do_commit(struct config *c, int type)
force_restart |= global_commit(c, old_config);
DBG("rt_commit\n");
rt_commit(c, old_config);
-/* roa_commit(c, old_config); */
DBG("protos_commit\n");
protos_commit(c, old_config, force_restart, type);
diff --git a/conf/conf.h b/conf/conf.h
index d442cdb5..1e142bab 100644
--- a/conf/conf.h
+++ b/conf/conf.h
@@ -20,7 +20,6 @@ struct config {
linpool *mem; /* Linear pool containing configuration data */
list protos; /* Configured protocol instances (struct proto_config) */
list tables; /* Configured routing tables (struct rtable_config) */
- list roa_tables; /* Configured ROA tables (struct roa_table_config) */
list logfiles; /* Configured log fils (sysdep) */
int mrtdump_file; /* Configured MRTDump file (sysdep, fd in unix) */
diff --git a/conf/confbase.Y b/conf/confbase.Y
index b25cf2d0..3e8b84b0 100644
--- a/conf/confbase.Y
+++ b/conf/confbase.Y
@@ -54,11 +54,9 @@ CF_DECLS
struct f_path_mask *h;
struct password_item *p;
struct rt_show_data *ra;
- struct roa_show_data *ro;
struct sym_show_data *sd;
struct lsadb_show_data *ld;
struct iface *iface;
- struct roa_table *rot;
void *g;
bird_clock_t time;
struct f_prefix px;
diff --git a/nest/cmds.c b/nest/cmds.c
index ff0f4ea2..82fdca66 100644
--- a/nest/cmds.c
+++ b/nest/cmds.c
@@ -88,7 +88,6 @@ cmd_show_memory(void)
cli_msg(-1018, "BIRD memory usage");
print_size("Routing tables:", rmemsize(rt_table_pool));
print_size("Route attributes:", rmemsize(rta_pool));
-// print_size("ROA tables:", rmemsize(roa_pool));
print_size("Protocols:", rmemsize(proto_pool));
print_size("Total:", rmemsize(&root_pool));
cli_msg(0, "");
diff --git a/nest/route.h b/nest/route.h
index 1cce3c01..eba3d9b0 100644
--- a/nest/route.h
+++ b/nest/route.h
@@ -276,7 +276,6 @@ void rt_unlock_table(rtable *);
void rt_setup(pool *, rtable *, char *, struct rtable_config *);
static inline net *net_find(rtable *tab, const net_addr *addr) { return (net *) fib_find(&tab->fib, addr); }
static inline net *net_get(rtable *tab, const net_addr *addr) { return (net *) fib_get(&tab->fib, addr); }
-byte net_roa_check(rtable *tab, const net_addr *n, u32 asn);
rte *rte_find(net *net, struct rte_src *src);
rte *rte_get_temp(struct rta *);
@@ -565,85 +564,14 @@ extern struct protocol *attr_class_to_protocol[EAP_MAX];
#define DEF_PREF_PIPE 70 /* Routes piped from other tables */
#define DEF_PREF_INHERITED 10 /* Routes inherited from other routing daemons */
-#define ROA_UNKNOWN 0
-#define ROA_VALID 1
-#define ROA_INVALID 2
-
-#if 0
-
/*
* Route Origin Authorization
*/
-struct roa_item {
- u32 asn;
- byte maxlen;
- byte src;
- struct roa_item *next;
-};
-
-struct roa_node {
- struct fib_node n;
- struct roa_item *items;
- // u32 cached_asn;
-};
-
-struct roa_table {
- node n; /* Node in roa_table_list */
- struct fib fib;
- char *name; /* Name of this ROA table */
- struct roa_table_config *cf; /* Configuration of this ROA table */
-};
-
-struct roa_item_config {
- ip_addr prefix;
- byte pxlen, maxlen;
- u32 asn;
- struct roa_item_config *next;
-};
-
-struct roa_table_config {
- node n; /* Node in config->rpa_tables */
- char *name; /* Name of this ROA table */
- struct roa_table *table;
-
- struct roa_item_config *roa_items; /* Preconfigured ROA items */
-
- // char *filename;
- // int gc_max_ops; /* Maximum number of operations before GC is run */
- // int gc_min_time; /* Minimum time between two consecutive GC runs */
-};
-
-struct roa_show_data {
- struct fib_iterator fit;
- struct roa_table *table;
- ip_addr prefix;
- byte pxlen;
- byte mode; /* ROA_SHOW_* values */
- u32 asn; /* Filter ASN, 0 -> all */
-};
-
-#define ROA_SRC_ANY 0
-#define ROA_SRC_CONFIG 1
-#define ROA_SRC_DYNAMIC 2
-
-#define ROA_SHOW_ALL 0
-#define ROA_SHOW_PX 1
-#define ROA_SHOW_IN 2
-#define ROA_SHOW_FOR 3
-
-extern struct roa_table *roa_table_default;
+#define ROA_UNKNOWN 0
+#define ROA_VALID 1
+#define ROA_INVALID 2
-void roa_add_item(struct roa_table *t, ip_addr prefix, byte pxlen, byte maxlen, u32 asn, byte src);
-void roa_delete_item(struct roa_table *t, ip_addr prefix, byte pxlen, byte maxlen, u32 asn, byte src);
-void roa_flush(struct roa_table *t, byte src);
-byte roa_check(struct roa_table *t, ip_addr prefix, byte pxlen, u32 asn);
-struct roa_table_config * roa_new_table_config(struct symbol *s);
-void roa_add_item_config(struct roa_table_config *rtc, ip_addr prefix, byte pxlen, byte maxlen, u32 asn);
-void roa_init(void);
-void roa_preconfig(struct config *c);
-void roa_commit(struct config *new, struct config *old);
-void roa_show(struct roa_show_data *d);
+byte net_roa_check(rtable *tab, const net_addr *n, u32 asn);
#endif
-#endif
diff --git a/nest/rt-roa.c b/nest/rt-roa.c
deleted file mode 100644
index 0fd89667..00000000
--- a/nest/rt-roa.c
+++ /dev/null
@@ -1,440 +0,0 @@
-/*
- * BIRD -- Route Origin Authorization
- *
- *
- * Can be freely distributed and used under the terms of the GNU GPL.
- */
-
-#undef LOCAL_DEBUG
-
-#include "nest/bird.h"
-#include "nest/route.h"
-#include "nest/cli.h"
-#include "lib/lists.h"
-#include "lib/resource.h"
-#include "lib/event.h"
-#include "lib/string.h"
-#include "conf/conf.h"
-
-
-pool *roa_pool;
-static slab *roa_slab; /* Slab of struct roa_item */
-static list roa_table_list; /* List of struct roa_table */
-struct roa_table *roa_table_default; /* The first ROA table in the config */
-
-static inline int
-src_match(struct roa_item *it, byte src)
-{ return !src || it->src == src; }
-
-/**
- * roa_add_item - add a ROA entry
- * @t: ROA table
- * @prefix: prefix of the ROA entry
- * @pxlen: prefix length of the ROA entry
- * @maxlen: max length field of the ROA entry
- * @asn: AS number field of the ROA entry
- * @src: source of the ROA entry (ROA_SRC_*)
- *
- * The function adds a new ROA entry to the ROA table. If the same ROA
- * is already in the table, nothing is added. @src field is used to
- * distinguish different sources of ROAs.
- */
-void
-roa_add_item(struct roa_table *t, ip_addr prefix, byte pxlen, byte maxlen, u32 asn, byte src)
-{
- struct roa_node *n = fib_get(&t->fib, &prefix, pxlen);
-
- // if ((n->items == NULL) && (n->n.x0 != ROA_INVALID))
- // t->cached_items--;
-
- struct roa_item *it;
- for (it = n->items; it; it = it->next)
- if ((it->maxlen == maxlen) && (it->asn == asn) && src_match(it, src))
- return;
-
- it = sl_alloc(roa_slab);
- it->asn = asn;
- it->maxlen = maxlen;
- it->src = src;
- it->next = n->items;
- n->items = it;
-}
-
-/**
- * roa_delete_item - delete a ROA entry
- * @t: ROA table
- * @prefix: prefix of the ROA entry
- * @pxlen: prefix length of the ROA entry
- * @maxlen: max length field of the ROA entry
- * @asn: AS number field of the ROA entry
- * @src: source of the ROA entry (ROA_SRC_*)
- *
- * The function removes a specified ROA entry from the ROA table and
- * frees it. If @src field is not ROA_SRC_ANY, only entries from
- * that source are considered.
- */
-void
-roa_delete_item(struct roa_table *t, ip_addr prefix, byte pxlen, byte maxlen, u32 asn, byte src)
-{
- struct roa_node *n = fib_find(&t->fib, &prefix, pxlen);
-
- if (!n)
- return;
-
- struct roa_item *it, **itp;
- for (itp = &n->items; it = *itp; itp = &it->next)
- if ((it->maxlen == maxlen) && (it->asn == asn) && src_match(it, src))
- break;
-
- if (!it)
- return;
-
- *itp = it->next;
- sl_free(roa_slab, it);
-
- // if ((n->items == NULL) && (n->n.x0 != ROA_INVALID))
- // t->cached_items++;
-}
-
-
-/**
- * roa_flush - flush a ROA table
- * @t: ROA table
- * @src: source of ROA entries (ROA_SRC_*)
- *
- * The function removes and frees ROA entries from the ROA table. If
- * @src is ROA_SRC_ANY, all entries in the table are removed,
- * otherwise only all entries from that source are removed.
- */
-void
-roa_flush(struct roa_table *t, byte src)
-{
- struct roa_item *it, **itp;
- struct roa_node *n;
-
- FIB_WALK(&t->fib, fn)
- {
- n = (struct roa_node *) fn;
-
- itp = &n->items;
- while (it = *itp)
- if (src_match(it, src))
- {
- *itp = it->next;
- sl_free(roa_slab, it);
- }
- else
- itp = &it->next;
- }
- FIB_WALK_END;
-
- // TODO add cleanup of roa_nodes
-}
-
-
-
-/*
-byte
-roa_check(struct roa_table *t, ip_addr prefix, byte pxlen, u32 asn)
-{
- struct roa_node *n = fib_find(&t->fib, &prefix, pxlen);
-
- if (n && n->n.x0 == ROA_UNKNOWN)
- return ROA_UNKNOWN;
-
- if (n && n->n.x0 == ROA_VALID && asn == n->cached_asn)
- return ROA_VALID;
-
- byte rv = roa_match(t, n, prefix, pxlen, asn);
-
- if (rv != ROA_INVALID)
- {
- if (!n)
- {
- if (t->cached_items >= t->cached_items_max)
- n = fib_get(&t->fib, &prefix, pxlen);
- t->cached_items++;
- }
-
- n->cached_asn = asn;
- n->n.x0 = rv;
- }
-
- return rv;
-}
-*/
-
-/**
- * roa_check - check validity of route origination in a ROA table
- * @t: ROA table
- * @prefix: network prefix to check
- * @pxlen: length of network prefix
- * @asn: AS number of network prefix
- *
- * Implements RFC 6483 route validation for the given network
- * prefix. The procedure is to find all candidate ROAs - ROAs whose
- * prefixes cover the give network prefix. If there is no candidate
- * ROA, return ROA_UNKNOWN. If there is a candidate ROA with matching
- * ASN and maxlen field greater than or equal to the given prefix
- * length, return ROA_VALID. Otherwise return ROA_INVALID. If caller
- * cannot determine origin AS, 0 could be used (in that case ROA_VALID
- * cannot happen).
- */
-byte
-roa_check(struct roa_table *t, ip_addr prefix, byte pxlen, u32 asn)
-{
- struct roa_node *n;
- ip_addr px;
- byte anything = 0;
-
- int len;
- for (len = pxlen; len >= 0; len--)
- {
- px = ipa_and(prefix, ipa_mkmask(len));
- n = fib_find(&t->fib, &px, len);
-
- if (!n)
- continue;
-
- struct roa_item *it;
- for (it = n->items; it; it = it->next)
- {
- anything = 1;
- if ((it->maxlen >= pxlen) && (it->asn == asn) && asn)
- return ROA_VALID;
- }
- }
-
- return anything ? ROA_INVALID : ROA_UNKNOWN;
-}
-
-static void
-roa_node_init(struct fib_node *fn)
-{
- struct roa_node *n = (struct roa_node *) fn;
- n->items = NULL;
-}
-
-static inline void
-roa_populate(struct roa_table *t)
-{
- struct roa_item_config *ric;
- for (ric = t->cf->roa_items; ric; ric = ric->next)
- roa_add_item(t, ric->prefix, ric->pxlen, ric->maxlen, ric->asn, ROA_SRC_CONFIG);
-}
-
-static void
-roa_new_table(struct roa_table_config *cf)
-{
- struct roa_table *t;
-
- t = mb_allocz(roa_pool, sizeof(struct roa_table));
- fib_init(&t->fib, roa_pool, sizeof(struct roa_node), 0, roa_node_init);
- t->name = cf->name;
- t->cf = cf;
-
- cf->table = t;
- add_tail(&roa_table_list, &t->n);
-
- roa_populate(t);
-}
-
-struct roa_table_config *
-roa_new_table_config(struct symbol *s)
-{
- struct roa_table_config *rtc = cfg_allocz(sizeof(struct roa_table_config));
-
- cf_define_symbol(s, SYM_ROA, rtc);
- rtc->name = s->name;
- add_tail(&new_config->roa_tables, &rtc->n);
- return rtc;
-}
-
-/**
- * roa_add_item_config - add a static ROA entry to a ROA table configuration
- *
- * Arguments are self-explanatory. The first is the ROA table config, rest
- * are specifying the ROA entry.
- */
-void
-roa_add_item_config(struct roa_table_config *rtc, ip_addr prefix, byte pxlen, byte maxlen, u32 asn)
-{
- struct roa_item_config *ric = cfg_allocz(sizeof(struct roa_item_config));
-
- ric->prefix = prefix;
- ric->pxlen = pxlen;
- ric->maxlen = maxlen;
- ric->asn = asn;
- ric->next = rtc->roa_items;
- rtc->roa_items = ric;
-}
-
-/**
- * roa_init - initialize ROA tables
- *
- * This function is called during BIRD startup. It initializes
- * the ROA table module.
- */
-void
-roa_init(void)
-{
- roa_pool = rp_new(&root_pool, "ROA tables");
- roa_slab = sl_new(roa_pool, sizeof(struct roa_item));
- init_list(&roa_table_list);
-}
-
-void
-roa_preconfig(struct config *c)
-{
- init_list(&c->roa_tables);
-}
-
-
-/**
- * roa_commit - commit new ROA table configuration
- * @new: new configuration
- * @old: original configuration or %NULL if it's boot time config
- *
- * Scan differences between @old and @new configuration and modify the
- * ROA tables according to these changes. If @new defines a previously
- * unknown table, create it, if it omits a table existing in @old,
- * delete it (there are no references, only indirect through struct
- * roa_table_config). If it exists in both configurations, update the
- * configured ROA entries.
- */
-void
-roa_commit(struct config *new, struct config *old)
-{
- struct roa_table_config *cf;
- struct roa_table *t;
-
- if (old)
- WALK_LIST(t, roa_table_list)
- {
- struct symbol *sym = cf_find_symbol(new, t->name);
- if (sym && sym->class == SYM_ROA)
- {
- /* Found old table in new config */
- cf = sym->def;
- cf->table = t;
- t->name = cf->name;
- t->cf = cf;
-
- /* Reconfigure it */
- roa_flush(t, ROA_SRC_CONFIG);
- roa_populate(t);
- }
- else
- {
- t->cf->table = NULL;
-
- /* Free it now */
- roa_flush(t, ROA_SRC_ANY);
- rem_node(&t->n);
- fib_free(&t->fib);
- mb_free(t);
- }
- }
-
- /* Add new tables */
- WALK_LIST(cf, new->roa_tables)
- if (! cf->table)
- roa_new_table(cf);
-
- roa_table_default = EMPTY_LIST(new->roa_tables) ? NULL :
- ((struct roa_table_config *) HEAD(new->roa_tables))->table;
-}
-
-
-
-static void
-roa_show_node(struct cli *c, struct roa_node *rn, int len, u32 asn)
-{
- struct roa_item *ri;
-
- for (ri = rn->items; ri; ri = ri->next)
- if ((ri->maxlen >= len) && (!asn || (ri->asn == asn)))
- cli_printf(c, -1019, "%I/%d max %d as %u", rn->n.prefix, rn->n.pxlen, ri->maxlen, ri->asn);
-}
-
-static void
-roa_show_cont(struct cli *c)
-{
- struct roa_show_data *d = c->rover;
- struct fib *fib = &d->table->fib;
- struct fib_iterator *it = &d->fit;
- struct roa_node *rn;
- unsigned max = 32;
-
- FIB_ITERATE_START(fib, it, f)
- {
- rn = (struct roa_node *) f;
-
- if (!max--)
- {
- FIB_ITERATE_PUT(it, f);
- return;
- }
-
- if ((d->mode == ROA_SHOW_ALL) ||
- net_in_net(rn->n.prefix, rn->n.pxlen, d->prefix, d->pxlen))
- roa_show_node(c, rn, 0, d->asn);
- }
- FIB_ITERATE_END(f);
-
- cli_printf(c, 0, "");
- c->cont = c->cleanup = NULL;
-}
-
-static void
-roa_show_cleanup(struct cli *c)
-{
- struct roa_show_data *d = c->rover;
-
- /* Unlink the iterator */
- fit_get(&d->table->fib, &d->fit);
-}
-
-void
-roa_show(struct roa_show_data *d)
-{
- struct roa_node *rn;
- ip_addr px;
- int len;
-
- switch (d->mode)
- {
- case ROA_SHOW_ALL:
- case ROA_SHOW_IN:
- FIB_ITERATE_INIT(&d->fit, &d->table->fib);
- this_cli->cont = roa_show_cont;
- this_cli->cleanup = roa_show_cleanup;
- this_cli->rover = d;
- break;
-
- case ROA_SHOW_PX:
- rn = fib_find(&d->table->fib, &d->prefix, d->pxlen);
- if (rn)
- {
- roa_show_node(this_cli, rn, 0, d->asn);
- cli_msg(0, "");
- }
- else
- cli_msg(-8001, "Network not in table");
- break;
-
- case ROA_SHOW_FOR:
- for (len = d->pxlen; len >= 0; len--)
- {
- px = ipa_and(d->prefix, ipa_mkmask(len));
- rn = fib_find(&d->table->fib, &px, len);
-
- if (!rn)
- continue;
-
- roa_show_node(this_cli, rn, 0, d->asn);
- }
- cli_msg(0, "");
- break;
- }
-}