diff options
| author | FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp> | 2016-01-17 07:46:35 -0800 |
|---|---|---|
| committer | FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp> | 2016-01-17 07:46:35 -0800 |
| commit | 7a5cf6a2b9c0b9f2f2227b35dce2855b157fda91 (patch) | |
| tree | 1939476b588ce1d3b79715a7de044e2f0170c849 /server | |
| parent | f4c409941848b72ba5b162405dc5022d76fcc59f (diff) | |
rpki: add rpki validate API
$ gobgp rpki validate
validates all the paths in the table with the current ROAs.
Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Diffstat (limited to 'server')
| -rw-r--r-- | server/server.go | 42 |
1 files changed, 32 insertions, 10 deletions
diff --git a/server/server.go b/server/server.go index 75f23ac8..2853dc1e 100644 --- a/server/server.go +++ b/server/server.go @@ -762,18 +762,19 @@ func (server *BgpServer) RSimportPaths(peer *Peer, pathList []*table.Path) []*ta return moded } -func (server *BgpServer) validatePaths(dsts []*table.Destination) { - isMonitor := func() bool { - if len(server.broadcastReqs) > 0 { - for _, req := range server.broadcastReqs { - if req.RequestType == REQ_MONITOR_ROA_VALIDATION_RESULT { - return true - } +func (server *BgpServer) isRpkiMonitored() bool { + if len(server.broadcastReqs) > 0 { + for _, req := range server.broadcastReqs { + if req.RequestType == REQ_MONITOR_ROA_VALIDATION_RESULT { + return true } - return false } - return false - }() + } + return false +} + +func (server *BgpServer) validatePaths(dsts []*table.Destination) { + isMonitor := server.isRpkiMonitored() for _, dst := range dsts { if isMonitor { rrList := make([]*api.ROAResult, 0, len(dst.WithdrawnList)) @@ -2632,6 +2633,27 @@ func (server *BgpServer) handleModRpki(grpcReq *GrpcRequest) { case api.Operation_ENABLE, api.Operation_DISABLE, api.Operation_RESET, api.Operation_SOFTRESET: grpcDone(grpcReq, server.roaManager.operate(arg.Operation, arg.Address)) return + case api.Operation_REPLACE: + isMonitored := server.isRpkiMonitored() + for _, rf := range server.globalRib.GetRFlist() { + if t, ok := server.globalRib.Tables[rf]; ok { + for _, dst := range t.GetDestinations() { + if rr := server.roaManager.validate(dst.GetAllKnownPathList(), isMonitored); isMonitored { + send := make([]*api.ROAResult, 0, len(rr)) + for _, r := range rr { + invalid := api.ROAResult_ValidationResult(config.RPKI_VALIDATION_RESULT_TYPE_INVALID.ToInt()) + + if r.OldResult != r.NewResult && (r.OldResult == invalid || r.NewResult == invalid) { + send = append(send, r) + } + } + server.broadcastValidationResults(send) + } + } + } + } + grpcDone(grpcReq, nil) + return } grpcDone(grpcReq, fmt.Errorf("not supported yet")) } |