summaryrefslogtreecommitdiff
path: root/proto/rpki
diff options
context:
space:
mode:
Diffstat (limited to 'proto/rpki')
-rw-r--r--proto/rpki/Makefile3
-rw-r--r--proto/rpki/packets.c35
-rw-r--r--proto/rpki/rpki.c33
-rw-r--r--proto/rpki/rpki.h2
-rw-r--r--proto/rpki/transport.c1
5 files changed, 58 insertions, 16 deletions
diff --git a/proto/rpki/Makefile b/proto/rpki/Makefile
index eb09b7df..8e3a2761 100644
--- a/proto/rpki/Makefile
+++ b/proto/rpki/Makefile
@@ -2,5 +2,6 @@ src := rpki.c packets.c tcp_transport.c ssh_transport.c transport.c
obj := $(src-o-files)
$(all-daemon)
$(cf-local)
+$(call proto-build,rpki_build)
-tests_objs := $(tests_objs) $(src-o-files) \ No newline at end of file
+tests_objs := $(tests_objs) $(src-o-files)
diff --git a/proto/rpki/packets.c b/proto/rpki/packets.c
index 943485d7..108da61b 100644
--- a/proto/rpki/packets.c
+++ b/proto/rpki/packets.c
@@ -661,9 +661,9 @@ rpki_handle_cache_response_pdu(struct rpki_cache *cache, const struct pdu_cache_
* a refresh cycle.
*/
if (cache->p->roa4_channel)
- rt_refresh_begin(cache->p->roa4_channel->table, &cache->p->roa4_channel->in_req);
+ rt_refresh_begin(&cache->p->roa4_channel->in_req);
if (cache->p->roa6_channel)
- rt_refresh_begin(cache->p->roa6_channel->table, &cache->p->roa6_channel->in_req);
+ rt_refresh_begin(&cache->p->roa6_channel->in_req);
cache->p->refresh_channels = 1;
}
@@ -737,6 +737,33 @@ rpki_handle_prefix_pdu(struct rpki_cache *cache, const struct pdu_header *pdu)
net_addr_union addr = {};
rpki_prefix_pdu_2_net_addr(pdu, &addr);
+ if (type == IPV4_PREFIX)
+ {
+ if ((addr.roa4.pxlen > addr.roa4.max_pxlen) ||
+ (addr.roa4.max_pxlen > IP4_MAX_PREFIX_LENGTH))
+ {
+ RPKI_WARN(cache->p, "Received corrupt packet from RPKI cache server: invalid pxlen or max_pxlen");
+ byte tmp[pdu->len];
+ const struct pdu_header *hton_pdu = rpki_pdu_back_to_network_byte_order((void *) tmp, (const void *) pdu);
+ rpki_send_error_pdu(cache, CORRUPT_DATA, pdu->len, hton_pdu, "Corrupted PDU: invalid pxlen or max_pxlen");
+ rpki_cache_change_state(cache, RPKI_CS_ERROR_FATAL);
+ return RPKI_ERROR;
+ }
+ }
+ else
+ {
+ if ((addr.roa6.pxlen > addr.roa6.max_pxlen) ||
+ (addr.roa6.max_pxlen > IP6_MAX_PREFIX_LENGTH))
+ {
+ RPKI_WARN(cache->p, "Received corrupt packet from RPKI cache server: invalid pxlen or max_pxlen");
+ byte tmp[pdu->len];
+ const struct pdu_header *hton_pdu = rpki_pdu_back_to_network_byte_order((void *) tmp, (const void *) pdu);
+ rpki_send_error_pdu(cache, CORRUPT_DATA, pdu->len, hton_pdu, "Corrupted PDU: invalid pxlen or max_pxlen");
+ rpki_cache_change_state(cache, RPKI_CS_ERROR_FATAL);
+ return RPKI_ERROR;
+ }
+ }
+
if (cf->ignore_max_length)
{
if (type == IPV4_PREFIX)
@@ -819,9 +846,9 @@ rpki_handle_end_of_data_pdu(struct rpki_cache *cache, const struct pdu_end_of_da
{
cache->p->refresh_channels = 0;
if (cache->p->roa4_channel)
- rt_refresh_end(cache->p->roa4_channel->table, &cache->p->roa4_channel->in_req);
+ rt_refresh_end(&cache->p->roa4_channel->in_req);
if (cache->p->roa6_channel)
- rt_refresh_end(cache->p->roa6_channel->table, &cache->p->roa6_channel->in_req);
+ rt_refresh_end(&cache->p->roa6_channel->in_req);
}
cache->last_update = current_time();
diff --git a/proto/rpki/rpki.c b/proto/rpki/rpki.c
index 95066499..56615e36 100644
--- a/proto/rpki/rpki.c
+++ b/proto/rpki/rpki.c
@@ -120,14 +120,11 @@ rpki_table_add_roa(struct rpki_cache *cache, struct channel *channel, const net_
{
struct rpki_proto *p = cache->p;
- rta a0 = {
- .pref = channel->preference,
- .source = RTS_RPKI,
- .scope = SCOPE_UNIVERSE,
- .dest = RTD_NONE,
- };
+ ea_list *ea = NULL;
+ ea_set_attr_u32(&ea, &ea_gen_preference, 0, channel->preference);
+ ea_set_attr_u32(&ea, &ea_gen_source, 0, RTS_RPKI);
- rte e0 = { .attrs = &a0, .src = p->p.main_source, };
+ rte e0 = { .attrs = ea, .src = p->p.main_source, };
rte_update(channel, &pfxr->n, &e0, p->p.main_source);
}
@@ -834,16 +831,27 @@ rpki_show_proto_info(struct proto *P)
if (cache)
{
const char *transport_name = "---";
+ uint default_port = 0;
switch (cf->tr_config.type)
{
#if HAVE_LIBSSH
- case RPKI_TR_SSH: transport_name = "SSHv2"; break;
+ case RPKI_TR_SSH:
+ transport_name = "SSHv2";
+ default_port = RPKI_SSH_PORT;
+ break;
#endif
- case RPKI_TR_TCP: transport_name = "Unprotected over TCP"; break;
+ case RPKI_TR_TCP:
+ transport_name = "Unprotected over TCP";
+ default_port = RPKI_TCP_PORT;
+ break;
};
cli_msg(-1006, " Cache server: %s", cf->hostname);
+
+ if (cf->port != default_port)
+ cli_msg(-1006, " Cache port: %u", cf->port);
+
cli_msg(-1006, " Status: %s", rpki_cache_state_to_str(cache->state));
cli_msg(-1006, " Transport: %s", transport_name);
cli_msg(-1006, " Protocol version: %u", cache->version);
@@ -941,7 +949,6 @@ rpki_copy_config(struct proto_config *dest UNUSED, struct proto_config *src UNUS
struct protocol proto_rpki = {
.name = "RPKI",
.template = "rpki%d",
- .class = PROTOCOL_RPKI,
.preference = DEF_PREF_RPKI,
.proto_size = sizeof(struct rpki_proto),
.config_size = sizeof(struct rpki_config),
@@ -955,3 +962,9 @@ struct protocol proto_rpki = {
.reconfigure = rpki_reconfigure,
.get_status = rpki_get_status,
};
+
+void
+rpki_build(void)
+{
+ proto_build(&proto_rpki);
+}
diff --git a/proto/rpki/rpki.h b/proto/rpki/rpki.h
index 8a5c38fd..26fbb46e 100644
--- a/proto/rpki/rpki.h
+++ b/proto/rpki/rpki.h
@@ -13,7 +13,7 @@
#define _BIRD_RPKI_H_
#include "nest/bird.h"
-#include "nest/route.h"
+#include "nest/rt.h"
#include "nest/protocol.h"
#include "lib/socket.h"
#include "lib/ip.h"
diff --git a/proto/rpki/transport.c b/proto/rpki/transport.c
index a1ac7587..81bd6dd8 100644
--- a/proto/rpki/transport.c
+++ b/proto/rpki/transport.c
@@ -85,6 +85,7 @@ rpki_tr_open(struct rpki_tr_sock *tr)
sk->rbsize = RPKI_RX_BUFFER_SIZE;
sk->tbsize = RPKI_TX_BUFFER_SIZE;
sk->tos = IP_PREC_INTERNET_CONTROL;
+ sk->vrf = cache->p->p.vrf;
if (ipa_zero(sk->daddr) && sk->host)
{