diff options
| author | FUJITA Tomonori <fujita.tomonori@gmail.com> | 2019-09-08 22:43:08 +0900 |
|---|---|---|
| committer | FUJITA Tomonori <fujita.tomonori@gmail.com> | 2019-09-08 22:43:08 +0900 |
| commit | 25438b289c9c37a6f6a067b087836b979025e611 (patch) | |
| tree | 100b23a5f12b34f25b40e58b22f79588c97e2e0e /pkg | |
| parent | 07e70de118842609a8e1e4740fdb82179f4bdaca (diff) | |
execute rpki validation for policy only when it's necessary
currently, validate is executed even if the result is not necessary.
Signed-off-by: FUJITA Tomonori <fujita.tomonori@gmail.com>
Diffstat (limited to 'pkg')
| -rw-r--r-- | pkg/server/server.go | 19 |
1 files changed, 10 insertions, 9 deletions
diff --git a/pkg/server/server.go b/pkg/server/server.go index e92155b8..d1257cda 100644 --- a/pkg/server/server.go +++ b/pkg/server/server.go @@ -640,10 +640,6 @@ func (s *BgpServer) prePolicyFilterpath(peer *peer, path, old *table.Path) (*tab OldNextHop: path.GetNexthop(), } path = table.UpdatePathAttrs(peer.fsm.gConf, peer.fsm.pConf, peer.fsm.peerInfo, path) - - if v := s.roaManager.validate(path); v != nil { - options.ValidationResult = v - } peer.fsm.lock.RUnlock() return path, options, false @@ -678,6 +674,7 @@ func (s *BgpServer) filterpath(peer *peer, path, old *table.Path) *table.Path { if stop { return path } + options.Validate = s.roaManager.validate path = peer.policy.ApplyPolicy(peer.TableID(), table.POLICY_DIRECTION_EXPORT, path, options) // When 'path' is filtered (path == nil), check 'old' has been sent to this peer. // If it has, send withdrawal to the peer. @@ -984,6 +981,7 @@ func (s *BgpServer) sendSecondaryRoutes(peer *peer, newPath *table.Path, dsts [] if stop { return nil } + options.Validate = s.roaManager.validate path = peer.policy.ApplyPolicy(peer.TableID(), table.POLICY_DIRECTION_EXPORT, path, options) if path != nil { return s.postFilterpath(peer, path) @@ -1097,16 +1095,15 @@ func (s *BgpServer) propagateUpdate(peer *peer, pathList []*table.Path) { } } - policyOptions := &table.PolicyOptions{} + policyOptions := &table.PolicyOptions{ + Validate: s.roaManager.validate, + } if !rs && peer != nil { peer.fsm.lock.RLock() policyOptions.Info = peer.fsm.peerInfo peer.fsm.lock.RUnlock() } - if v := s.roaManager.validate(path); v != nil { - policyOptions.ValidationResult = v - } if p := s.policy.ApplyPolicy(tableId, table.POLICY_DIRECTION_IMPORT, path, policyOptions); p != nil { path = p @@ -2452,7 +2449,10 @@ func (s *BgpServer) getAdjRib(addr string, family bgp.RouteFamily, in bool, enab adjRib = peer.adjRibIn if enableFiltered { for _, path := range peer.adjRibIn.PathList([]bgp.RouteFamily{family}, true) { - if s.policy.ApplyPolicy(peer.TableID(), table.POLICY_DIRECTION_IMPORT, path, &table.PolicyOptions{}) == nil { + options := &table.PolicyOptions{ + Validate: s.roaManager.validate, + } + if s.policy.ApplyPolicy(peer.TableID(), table.POLICY_DIRECTION_IMPORT, path, options) == nil { filtered[path.GetNlri().String()] = path } } @@ -2465,6 +2465,7 @@ func (s *BgpServer) getAdjRib(addr string, family bgp.RouteFamily, in bool, enab if stop { continue } + options.Validate = s.roaManager.validate p := peer.policy.ApplyPolicy(peer.TableID(), table.POLICY_DIRECTION_EXPORT, path, options) if p == nil { filtered[path.GetNlri().String()] = path |