summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorEiichrio Watanabe <a16tochjp@gmail.com>2017-01-12 00:12:22 +0900
committerFUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>2017-01-15 06:35:53 -0800
commit232eb9cb650b1e8b372004ac4046d88d202e85f1 (patch)
tree213165d17048a574d3ff8402003824a61197b434
parent26536fdcea869e6f842ef3b19b04cc16f79f2b0c (diff)
Fix incorrect validation logic (thanks @ishidawataru)
-rw-r--r--server/rpki.go24
1 files changed, 14 insertions, 10 deletions
diff --git a/server/rpki.go b/server/rpki.go
index 3d54b8c0..ae5e900a 100644
--- a/server/rpki.go
+++ b/server/rpki.go
@@ -513,21 +513,25 @@ func validatePath(ownAs uint32, tree *radix.Tree, cidr string, asPath *bgp.PathA
_, n, _ := net.ParseCIDR(cidr)
ones, _ := n.Mask.Size()
prefixLen := uint8(ones)
- _, b, _ := tree.LongestPrefix(table.IpToRadixkey(n.IP, prefixLen))
+ key := table.IpToRadixkey(n.IP, prefixLen)
+ _, b, _ := tree.LongestPrefix(key)
if b == nil {
return config.RPKI_VALIDATION_RESULT_TYPE_NOT_FOUND
}
- bucket, _ := b.(*roaBucket)
- for _, r := range bucket.entries {
- if prefixLen > r.MaxLen {
- continue
- }
- if r.AS == as {
- return config.RPKI_VALIDATION_RESULT_TYPE_VALID
+ result := config.RPKI_VALIDATION_RESULT_TYPE_INVALID
+ fn := radix.WalkFn(func(k string, v interface{}) bool {
+ bucket, _ := v.(*roaBucket)
+ for _, r := range bucket.entries {
+ if prefixLen <= r.MaxLen && r.AS != 0 && r.AS == as {
+ result = config.RPKI_VALIDATION_RESULT_TYPE_VALID
+ return true
+ }
}
- }
- return config.RPKI_VALIDATION_RESULT_TYPE_INVALID
+ return false
+ })
+ tree.WalkPath(key, fn)
+ return result
}
func (c *roaManager) validate(pathList []*table.Path) {