summaryrefslogtreecommitdiff
path: root/proto/rpki
diff options
context:
space:
mode:
Diffstat (limited to 'proto/rpki')
-rw-r--r--proto/rpki/Makefile2
-rw-r--r--proto/rpki/packets.c27
-rw-r--r--proto/rpki/rpki.c33
-rw-r--r--proto/rpki/rpki.h2
-rw-r--r--proto/rpki/transport.c1
5 files changed, 53 insertions, 12 deletions
diff --git a/proto/rpki/Makefile b/proto/rpki/Makefile
index eb09b7df..0f60b2a0 100644
--- a/proto/rpki/Makefile
+++ b/proto/rpki/Makefile
@@ -3,4 +3,4 @@ obj := $(src-o-files)
$(all-daemon)
$(cf-local)
-tests_objs := $(tests_objs) $(src-o-files) \ No newline at end of file
+tests_objs := $(tests_objs) $(src-o-files)
diff --git a/proto/rpki/packets.c b/proto/rpki/packets.c
index abe6abfc..d7895a22 100644
--- a/proto/rpki/packets.c
+++ b/proto/rpki/packets.c
@@ -729,6 +729,33 @@ rpki_handle_prefix_pdu(struct rpki_cache *cache, const struct pdu_header *pdu)
net_addr_union addr = {};
rpki_prefix_pdu_2_net_addr(pdu, &addr);
+ if (type == IPV4_PREFIX)
+ {
+ if ((addr.roa4.pxlen > addr.roa4.max_pxlen) ||
+ (addr.roa4.max_pxlen > IP4_MAX_PREFIX_LENGTH))
+ {
+ RPKI_WARN(cache->p, "Received corrupt packet from RPKI cache server: invalid pxlen or max_pxlen");
+ byte tmp[pdu->len];
+ const struct pdu_header *hton_pdu = rpki_pdu_back_to_network_byte_order((void *) tmp, (const void *) pdu);
+ rpki_send_error_pdu(cache, CORRUPT_DATA, pdu->len, hton_pdu, "Corrupted PDU: invalid pxlen or max_pxlen");
+ rpki_cache_change_state(cache, RPKI_CS_ERROR_FATAL);
+ return RPKI_ERROR;
+ }
+ }
+ else
+ {
+ if ((addr.roa6.pxlen > addr.roa6.max_pxlen) ||
+ (addr.roa6.max_pxlen > IP6_MAX_PREFIX_LENGTH))
+ {
+ RPKI_WARN(cache->p, "Received corrupt packet from RPKI cache server: invalid pxlen or max_pxlen");
+ byte tmp[pdu->len];
+ const struct pdu_header *hton_pdu = rpki_pdu_back_to_network_byte_order((void *) tmp, (const void *) pdu);
+ rpki_send_error_pdu(cache, CORRUPT_DATA, pdu->len, hton_pdu, "Corrupted PDU: invalid pxlen or max_pxlen");
+ rpki_cache_change_state(cache, RPKI_CS_ERROR_FATAL);
+ return RPKI_ERROR;
+ }
+ }
+
if (cf->ignore_max_length)
{
if (type == IPV4_PREFIX)
diff --git a/proto/rpki/rpki.c b/proto/rpki/rpki.c
index cc86ab6a..7ec8d72f 100644
--- a/proto/rpki/rpki.c
+++ b/proto/rpki/rpki.c
@@ -121,14 +121,11 @@ rpki_table_add_roa(struct rpki_cache *cache, struct channel *channel, const net_
{
struct rpki_proto *p = cache->p;
- rta a0 = {
- .pref = channel->preference,
- .source = RTS_RPKI,
- .scope = SCOPE_UNIVERSE,
- .dest = RTD_NONE,
- };
+ ea_list *ea = NULL;
+ ea_set_attr_u32(&ea, &ea_gen_preference, 0, channel->preference);
+ ea_set_attr_u32(&ea, &ea_gen_source, 0, RTS_RPKI);
- rte e0 = { .attrs = &a0, .src = p->p.main_source, };
+ rte e0 = { .attrs = ea, .src = p->p.main_source, };
rte_update(channel, &pfxr->n, &e0, p->p.main_source);
}
@@ -870,16 +867,27 @@ rpki_show_proto_info(struct proto *P)
if (cache)
{
const char *transport_name = "---";
+ uint default_port = 0;
switch (cf->tr_config.type)
{
#if HAVE_LIBSSH
- case RPKI_TR_SSH: transport_name = "SSHv2"; break;
+ case RPKI_TR_SSH:
+ transport_name = "SSHv2";
+ default_port = RPKI_SSH_PORT;
+ break;
#endif
- case RPKI_TR_TCP: transport_name = "Unprotected over TCP"; break;
+ case RPKI_TR_TCP:
+ transport_name = "Unprotected over TCP";
+ default_port = RPKI_TCP_PORT;
+ break;
};
cli_msg(-1006, " Cache server: %s", cf->hostname);
+
+ if (cf->port != default_port)
+ cli_msg(-1006, " Cache port: %u", cf->port);
+
cli_msg(-1006, " Status: %s", rpki_cache_state_to_str(cache->state));
cli_msg(-1006, " Transport: %s", transport_name);
cli_msg(-1006, " Protocol version: %u", cache->version);
@@ -977,7 +985,6 @@ rpki_copy_config(struct proto_config *dest UNUSED, struct proto_config *src UNUS
struct protocol proto_rpki = {
.name = "RPKI",
.template = "rpki%d",
- .class = PROTOCOL_RPKI,
.preference = DEF_PREF_RPKI,
.proto_size = sizeof(struct rpki_proto),
.config_size = sizeof(struct rpki_config),
@@ -991,3 +998,9 @@ struct protocol proto_rpki = {
.reconfigure = rpki_reconfigure,
.get_status = rpki_get_status,
};
+
+void
+rpki_build(void)
+{
+ proto_build(&proto_rpki);
+}
diff --git a/proto/rpki/rpki.h b/proto/rpki/rpki.h
index a70a2027..20253844 100644
--- a/proto/rpki/rpki.h
+++ b/proto/rpki/rpki.h
@@ -13,7 +13,7 @@
#define _BIRD_RPKI_H_
#include "nest/bird.h"
-#include "nest/route.h"
+#include "nest/rt.h"
#include "nest/protocol.h"
#include "lib/socket.h"
#include "lib/ip.h"
diff --git a/proto/rpki/transport.c b/proto/rpki/transport.c
index b52495dc..4026fca4 100644
--- a/proto/rpki/transport.c
+++ b/proto/rpki/transport.c
@@ -86,6 +86,7 @@ rpki_tr_open(struct rpki_tr_sock *tr)
sk->tbsize = RPKI_TX_BUFFER_SIZE;
sk->tos = IP_PREC_INTERNET_CONTROL;
sk->flags |= SKF_THREAD;
+ sk->vrf = cache->p->p.vrf;
if (ipa_zero(sk->daddr) && sk->host)
{