diff options
author | Eiichrio Watanabe <a16tochjp@gmail.com> | 2017-01-12 00:12:22 +0900 |
---|---|---|
committer | FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp> | 2017-01-15 06:35:53 -0800 |
commit | 232eb9cb650b1e8b372004ac4046d88d202e85f1 (patch) | |
tree | 213165d17048a574d3ff8402003824a61197b434 | |
parent | 26536fdcea869e6f842ef3b19b04cc16f79f2b0c (diff) |
Fix incorrect validation logic (thanks @ishidawataru)
-rw-r--r-- | server/rpki.go | 24 |
1 files changed, 14 insertions, 10 deletions
diff --git a/server/rpki.go b/server/rpki.go index 3d54b8c0..ae5e900a 100644 --- a/server/rpki.go +++ b/server/rpki.go @@ -513,21 +513,25 @@ func validatePath(ownAs uint32, tree *radix.Tree, cidr string, asPath *bgp.PathA _, n, _ := net.ParseCIDR(cidr) ones, _ := n.Mask.Size() prefixLen := uint8(ones) - _, b, _ := tree.LongestPrefix(table.IpToRadixkey(n.IP, prefixLen)) + key := table.IpToRadixkey(n.IP, prefixLen) + _, b, _ := tree.LongestPrefix(key) if b == nil { return config.RPKI_VALIDATION_RESULT_TYPE_NOT_FOUND } - bucket, _ := b.(*roaBucket) - for _, r := range bucket.entries { - if prefixLen > r.MaxLen { - continue - } - if r.AS == as { - return config.RPKI_VALIDATION_RESULT_TYPE_VALID + result := config.RPKI_VALIDATION_RESULT_TYPE_INVALID + fn := radix.WalkFn(func(k string, v interface{}) bool { + bucket, _ := v.(*roaBucket) + for _, r := range bucket.entries { + if prefixLen <= r.MaxLen && r.AS != 0 && r.AS == as { + result = config.RPKI_VALIDATION_RESULT_TYPE_VALID + return true + } } - } - return config.RPKI_VALIDATION_RESULT_TYPE_INVALID + return false + }) + tree.WalkPath(key, fn) + return result } func (c *roaManager) validate(pathList []*table.Path) { |