rpki: delete roa validation stream API

better to be implemented outside GoBGP. Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
author: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp> 2016-04-21 13:29:59 +0900
committer: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp> 2016-04-21 13:29:59 +0900
commit: 35efcd570d65a55cf059653ba153fdb360b71672 (patch)
tree: 9f7083e24b4074404afbac23d55ae37244f04b1d /server
parent: 7e1b1868193bb2a6bbf49d17f2af7dc1f6a962bf (diff)
4 files changed, 18 insertions, 163 deletions
diff --git a/server/grpc_server.go b/server/grpc_server.go
index cf0a883d..31afc6e8 100644
--- a/server/grpc_server.go
+++ b/server/grpc_server.go
@@ -50,7 +50,6 @@ const (
 	REQ_MONITOR_GLOBAL_BEST_CHANGED
 	REQ_MONITOR_INCOMING
 	REQ_MONITOR_NEIGHBOR_PEER_STATE
-	REQ_MONITOR_ROA_VALIDATION_RESULT
 	REQ_MRT_GLOBAL_RIB
 	REQ_MRT_LOCAL_RIB
 	REQ_MOD_MRT
@@ -204,15 +203,6 @@ func (s *Server) MonitorPeerState(arg *api.Arguments, stream api.GobgpApi_Monito
 	})
 }
 
-func (s *Server) MonitorROAValidation(arg *api.Arguments, stream api.GobgpApi_MonitorROAValidationServer) error {
-	req := NewGrpcRequest(REQ_MONITOR_ROA_VALIDATION_RESULT, "", bgp.RouteFamily(arg.Family), nil)
-	s.bgpServerCh <- req
-
-	return handleMultipleResponses(req, func(res *GrpcResponse) error {
-		return stream.Send(res.Data.(*api.ROAResult))
-	})
-}
-
 func (s *Server) neighbor(reqType int, arg *api.Arguments) (*api.Error, error) {
 	none := &api.Error{}
 	req := NewGrpcRequest(reqType, arg.Name, bgp.RouteFamily(arg.Family), nil)
diff --git a/server/rpki.go b/server/rpki.go
index 5b2218ff..5b4903e1 100644
--- a/server/rpki.go
+++ b/server/rpki.go
@@ -530,84 +530,53 @@ func (c *roaManager) handleGRPC(grpcReq *GrpcRequest) {
 	}
 }
 
-func validatePath(ownAs uint32, tree *radix.Tree, cidr string, asPath *bgp.PathAttributeAsPath) (config.RpkiValidationResultType, []*ROA) {
+func validatePath(ownAs uint32, tree *radix.Tree, cidr string, asPath *bgp.PathAttributeAsPath) config.RpkiValidationResultType {
 	var as uint32
 	if asPath == nil || len(asPath.Value) == 0 {
-		return config.RPKI_VALIDATION_RESULT_TYPE_NOT_FOUND, []*ROA{}
+		return config.RPKI_VALIDATION_RESULT_TYPE_NOT_FOUND
 	}
 	asParam := asPath.Value[len(asPath.Value)-1].(*bgp.As4PathParam)
 	switch asParam.Type {
 	case bgp.BGP_ASPATH_ATTR_TYPE_SEQ:
 		if len(asParam.AS) == 0 {
-			return config.RPKI_VALIDATION_RESULT_TYPE_NOT_FOUND, []*ROA{}
+			return config.RPKI_VALIDATION_RESULT_TYPE_NOT_FOUND
 		}
 		as = asParam.AS[len(asParam.AS)-1]
 	case bgp.BGP_ASPATH_ATTR_TYPE_CONFED_SET, bgp.BGP_ASPATH_ATTR_TYPE_CONFED_SEQ:
 		as = ownAs
 	default:
-		return config.RPKI_VALIDATION_RESULT_TYPE_NOT_FOUND, []*ROA{}
+		return config.RPKI_VALIDATION_RESULT_TYPE_NOT_FOUND
 	}
 	_, n, _ := net.ParseCIDR(cidr)
 	ones, _ := n.Mask.Size()
 	prefixLen := uint8(ones)
 	_, b, _ := tree.LongestPrefix(table.IpToRadixkey(n.IP, prefixLen))
 	if b == nil {
-		return config.RPKI_VALIDATION_RESULT_TYPE_NOT_FOUND, []*ROA{}
+		return config.RPKI_VALIDATION_RESULT_TYPE_NOT_FOUND
 	}
 
-	roaList := make([]*ROA, 0)
-
-	result := config.RPKI_VALIDATION_RESULT_TYPE_INVALID
 	bucket, _ := b.(*roaBucket)
 	for _, r := range bucket.entries {
 		if prefixLen > r.MaxLen {
 			continue
 		}
 		if r.AS == as {
-			result = config.RPKI_VALIDATION_RESULT_TYPE_VALID
+			return config.RPKI_VALIDATION_RESULT_TYPE_VALID
 		}
-		roaList = append(roaList, r)
 	}
-	return result, roaList
+	return config.RPKI_VALIDATION_RESULT_TYPE_INVALID
 }
 
-func (c *roaManager) validate(pathList []*table.Path, isMonitor bool) []*api.ROAResult {
-	results := make([]*api.ROAResult, 0)
-	if len(c.clientMap) == 0 {
-		return results
-	}
+func (c *roaManager) validate(pathList []*table.Path) {
 	for _, path := range pathList {
-		if path.IsWithdraw {
+		if path.IsWithdraw || path.IsEOR() {
 			continue
 		}
 		if tree, ok := c.Roas[path.GetRouteFamily()]; ok {
-			r, roaList := validatePath(c.AS, tree, path.GetNlri().String(), path.GetAsPath())
-			if isMonitor && path.Validation() != config.RpkiValidationResultType(r) {
-				apiRoaList := func() []*api.ROA {
-					apiRoaList := make([]*api.ROA, 0)
-					for _, r := range roaList {
-						apiRoaList = append(apiRoaList, r.toApiStruct())
-					}
-					return apiRoaList
-				}()
-				rr := &api.ROAResult{
-					Address:   path.GetSource().Address.String(),
-					Timestamp: path.GetTimestamp().Unix(),
-					OriginAs:  path.GetSourceAs(),
-					Prefix:    path.GetNlri().String(),
-					OldResult: api.ROAResult_ValidationResult(path.Validation().ToInt()),
-					NewResult: api.ROAResult_ValidationResult(r.ToInt()),
-					Roas:      apiRoaList,
-				}
-				if b := path.GetAsPath(); b != nil {
-					rr.AspathAttr, _ = b.Serialize()
-				}
-				results = append(results, rr)
-			}
+			r := validatePath(c.AS, tree, path.GetNlri().String(), path.GetAsPath())
 			path.SetValidation(config.RpkiValidationResultType(r))
 		}
 	}
-	return results
 }
 
 type roaClient struct {
diff --git a/server/rpki_test.go b/server/rpki_test.go
index c58ef32b..ee4689af 100644
--- a/server/rpki_test.go
+++ b/server/rpki_test.go
@@ -54,8 +54,7 @@ func strToASParam(str string) *bgp.PathAttributeAsPath {
 }
 
 func validateOne(tree *radix.Tree, cidr, aspathStr string) config.RpkiValidationResultType {
-	r, _ := validatePath(65500, tree, cidr, strToASParam(aspathStr))
-	return r
+	return validatePath(65500, tree, cidr, strToASParam(aspathStr))
 }
 
 func TestValidate0(t *testing.T) {
diff --git a/server/server.go b/server/server.go
index 5f6068a5..61e52a45 100644
--- a/server/server.go
+++ b/server/server.go
@@ -499,8 +499,7 @@ func (server *BgpServer) dropPeerAllRoutes(peer *Peer, families []bgp.RouteFamil
 		ids = append(ids, table.GLOBAL_RIB_NAME)
 	}
 	for _, rf := range families {
-		best, withdrawn := server.globalRib.DeletePathsByPeer(ids, peer.fsm.peerInfo, rf)
-		server.validatePaths(nil, withdrawn, true)
+		best, _ := server.globalRib.DeletePathsByPeer(ids, peer.fsm.peerInfo, rf)
 
 		if !peer.isRouteServerClient() && !server.bgpConfig.Global.Collector.Enabled {
 			server.broadcastBests(best[table.GLOBAL_RIB_NAME])
@@ -518,33 +517,6 @@ func (server *BgpServer) dropPeerAllRoutes(peer *Peer, families []bgp.RouteFamil
 	return msgs
 }
 
-func (server *BgpServer) broadcastValidationResults(results []*api.ROAResult) {
-	for _, result := range results {
-		remainReqs := make([]*GrpcRequest, 0, len(server.broadcastReqs))
-		for _, req := range server.broadcastReqs {
-			select {
-			case <-req.EndCh:
-				continue
-			default:
-			}
-			if req.RequestType != REQ_MONITOR_ROA_VALIDATION_RESULT {
-				remainReqs = append(remainReqs, req)
-				continue
-			}
-			m := &broadcastGrpcMsg{
-				req: req,
-				result: &GrpcResponse{
-					Data: result,
-				},
-			}
-			server.broadcastMsgs = append(server.broadcastMsgs, m)
-
-			remainReqs = append(remainReqs, req)
-		}
-		server.broadcastReqs = remainReqs
-	}
-}
-
 func (server *BgpServer) broadcastBests(bests []*table.Path) {
 	for _, path := range bests {
 		if path == nil {
@@ -668,71 +640,9 @@ func (server *BgpServer) RSimportPaths(peer *Peer, pathList []*table.Path) []*ta
 	return moded
 }
 
-func (server *BgpServer) isRpkiMonitored() bool {
-	if len(server.broadcastReqs) > 0 {
-		for _, req := range server.broadcastReqs {
-			if req.RequestType == REQ_MONITOR_ROA_VALIDATION_RESULT {
-				return true
-			}
-		}
-	}
-	return false
-}
-
-func (server *BgpServer) validatePaths(newly, withdrawn []*table.Path, peerDown bool) {
-	isMonitor := server.isRpkiMonitored()
-	if isMonitor {
-		rrList := make([]*api.ROAResult, 0, len(withdrawn))
-		for _, path := range withdrawn {
-			if path.Validation() == config.RPKI_VALIDATION_RESULT_TYPE_INVALID {
-				reason := api.ROAResult_WITHDRAW
-				if peerDown {
-					reason = api.ROAResult_PEER_DOWN
-				}
-				rr := &api.ROAResult{
-					Reason:    reason,
-					Address:   path.GetSource().Address.String(),
-					Timestamp: path.GetTimestamp().Unix(),
-					OriginAs:  path.GetSourceAs(),
-					Prefix:    path.GetNlri().String(),
-					OldResult: api.ROAResult_ValidationResult(path.Validation().ToInt()),
-					NewResult: api.ROAResult_ValidationResult(path.Validation().ToInt()),
-				}
-				if b := path.GetAsPath(); b != nil {
-					rr.AspathAttr, _ = b.Serialize()
-				}
-				rrList = append(rrList, rr)
-			}
-		}
-		server.broadcastValidationResults(rrList)
-	}
-
-	if vResults := server.roaManager.validate(newly, isMonitor); isMonitor {
-		for i, path := range newly {
-			old := func() config.RpkiValidationResultType {
-				for _, withdrawn := range withdrawn {
-					if path.GetSource().Equal(withdrawn.GetSource()) {
-						return withdrawn.Validation()
-					}
-				}
-				return config.RPKI_VALIDATION_RESULT_TYPE_NONE
-			}()
-			vResults[i].OldResult = api.ROAResult_ValidationResult(old.ToInt())
-		}
-		rrList := make([]*api.ROAResult, 0, len(vResults))
-		for _, rr := range vResults {
-			invalid := api.ROAResult_ValidationResult(config.RPKI_VALIDATION_RESULT_TYPE_INVALID.ToInt())
-			if rr.NewResult == invalid || rr.OldResult == invalid {
-				rrList = append(rrList, rr)
-			}
-		}
-		server.broadcastValidationResults(rrList)
-	}
-}
-
 func (server *BgpServer) propagateUpdate(peer *Peer, pathList []*table.Path) ([]*SenderMsg, []*table.Path) {
 	rib := server.globalRib
-	var alteredPathList, newly, withdrawn []*table.Path
+	var alteredPathList, withdrawn []*table.Path
 	var best map[string][]*table.Path
 	msgs := make([]*SenderMsg, 0, len(server.neighborMap))
 
@@ -758,8 +668,7 @@ func (server *BgpServer) propagateUpdate(peer *Peer, pathList []*table.Path) ([]
 				ids = append(ids, targetPeer.TableID())
 			}
 		}
-		best, newly, withdrawn = rib.ProcessPaths(ids, append(pathList, moded...))
-		server.validatePaths(newly, withdrawn, false)
+		best, _, withdrawn = rib.ProcessPaths(ids, append(pathList, moded...))
 	} else {
 		for idx, path := range pathList {
 			path = server.policy.ApplyPolicy(table.GLOBAL_RIB_NAME, table.POLICY_DIRECTION_IMPORT, path, nil)
@@ -806,8 +715,7 @@ func (server *BgpServer) propagateUpdate(peer *Peer, pathList []*table.Path) ([]
 			}
 		}
 		alteredPathList = pathList
-		best, newly, withdrawn = rib.ProcessPaths([]string{table.GLOBAL_RIB_NAME}, pathList)
-		server.validatePaths(newly, withdrawn, false)
+		best, _, withdrawn = rib.ProcessPaths([]string{table.GLOBAL_RIB_NAME}, pathList)
 		if len(best[table.GLOBAL_RIB_NAME]) == 0 {
 			return nil, alteredPathList
 		}
@@ -948,6 +856,7 @@ func (server *BgpServer) handleFSMMessage(peer *Peer, e *FsmMsg) []*SenderMsg {
 		case *bgp.MessageError:
 			return []*SenderMsg{newSenderMsg(peer, nil, bgp.NewBGPNotificationMessage(m.TypeCode, m.SubTypeCode, m.Data), false)}
 		case *bgp.BGPMessage:
+			server.roaManager.validate(e.PathList)
 			pathList, eor, notification := peer.handleUpdate(e)
 			if notification != nil {
 				return []*SenderMsg{newSenderMsg(peer, nil, notification, true)}
@@ -2335,7 +2244,7 @@ func (server *BgpServer) handleGrpc(grpcReq *GrpcRequest) []*SenderMsg {
 			ResponseErr: err,
 		}
 		close(grpcReq.ResponseCh)
-	case REQ_MONITOR_GLOBAL_BEST_CHANGED, REQ_MONITOR_NEIGHBOR_PEER_STATE, REQ_MONITOR_ROA_VALIDATION_RESULT:
+	case REQ_MONITOR_GLOBAL_BEST_CHANGED, REQ_MONITOR_NEIGHBOR_PEER_STATE:
 		server.broadcastReqs = append(server.broadcastReqs, grpcReq)
 	case REQ_MONITOR_INCOMING:
 		if grpcReq.Name != "" {
@@ -2989,7 +2898,6 @@ func (server *BgpServer) handleModRpki(grpcReq *GrpcRequest) {
 		grpcDone(grpcReq, server.roaManager.operate(arg.Operation, arg.Address))
 		return
 	case api.Operation_REPLACE:
-		isMonitored := server.isRpkiMonitored()
 		for _, rf := range server.globalRib.GetRFlist() {
 			if t, ok := server.globalRib.Tables[rf]; ok {
 				dsts := t.GetDestinations()
@@ -3000,18 +2908,7 @@ func (server *BgpServer) handleModRpki(grpcReq *GrpcRequest) {
 					}
 				}
 				for _, dst := range dsts {
-					if rr := server.roaManager.validate(dst.GetAllKnownPathList(), isMonitored); isMonitored {
-						send := make([]*api.ROAResult, 0, len(rr))
-						for _, r := range rr {
-							invalid := api.ROAResult_ValidationResult(config.RPKI_VALIDATION_RESULT_TYPE_INVALID.ToInt())
-
-							if r.OldResult != r.NewResult && (r.OldResult == invalid || r.NewResult == invalid) {
-								r.Reason = api.ROAResult_REVALIDATE
-								send = append(send, r)
-							}
-						}
-						server.broadcastValidationResults(send)
-					}
+					server.roaManager.validate(dst.GetAllKnownPathList())
 				}
 			}
 		}
author	FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>	2016-04-21 13:29:59 +0900
committer	FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>	2016-04-21 13:29:59 +0900
commit	35efcd570d65a55cf059653ba153fdb360b71672 (patch)
tree	9f7083e24b4074404afbac23d55ae37244f04b1d /server
parent	7e1b1868193bb2a6bbf49d17f2af7dc1f6a962bf (diff)