diff options
| -rw-r--r-- | gobgp/cmd/rpki.go | 11 | ||||
| -rw-r--r-- | server/server.go | 42 | ||||
| -rw-r--r-- | table/destination.go | 4 |
3 files changed, 46 insertions, 11 deletions
diff --git a/gobgp/cmd/rpki.go b/gobgp/cmd/rpki.go index b306f8a2..f174c7c1 100644 --- a/gobgp/cmd/rpki.go +++ b/gobgp/cmd/rpki.go @@ -132,6 +132,8 @@ func NewRPKICmd() *cobra.Command { } var op api.Operation switch args[1] { + case "add": + op = api.Operation_ADD case "reset": op = api.Operation_RESET case "softreset": @@ -148,7 +150,6 @@ func NewRPKICmd() *cobra.Command { } }, } - rpkiCmd.AddCommand(serverCmd) tableCmd := &cobra.Command{ @@ -159,6 +160,14 @@ func NewRPKICmd() *cobra.Command { } tableCmd.PersistentFlags().StringVarP(&subOpts.AddressFamily, "address-family", "a", "", "address family") + validateCmd := &cobra.Command{ + Use: "validate", + Run: func(cmd *cobra.Command, args []string) { + modRPKI(api.Operation_REPLACE, "") + }, + } + rpkiCmd.AddCommand(validateCmd) + rpkiCmd.AddCommand(tableCmd) return rpkiCmd } diff --git a/server/server.go b/server/server.go index 75f23ac8..2853dc1e 100644 --- a/server/server.go +++ b/server/server.go @@ -762,18 +762,19 @@ func (server *BgpServer) RSimportPaths(peer *Peer, pathList []*table.Path) []*ta return moded } -func (server *BgpServer) validatePaths(dsts []*table.Destination) { - isMonitor := func() bool { - if len(server.broadcastReqs) > 0 { - for _, req := range server.broadcastReqs { - if req.RequestType == REQ_MONITOR_ROA_VALIDATION_RESULT { - return true - } +func (server *BgpServer) isRpkiMonitored() bool { + if len(server.broadcastReqs) > 0 { + for _, req := range server.broadcastReqs { + if req.RequestType == REQ_MONITOR_ROA_VALIDATION_RESULT { + return true } - return false } - return false - }() + } + return false +} + +func (server *BgpServer) validatePaths(dsts []*table.Destination) { + isMonitor := server.isRpkiMonitored() for _, dst := range dsts { if isMonitor { rrList := make([]*api.ROAResult, 0, len(dst.WithdrawnList)) @@ -2632,6 +2633,27 @@ func (server *BgpServer) handleModRpki(grpcReq *GrpcRequest) { case api.Operation_ENABLE, api.Operation_DISABLE, api.Operation_RESET, api.Operation_SOFTRESET: grpcDone(grpcReq, server.roaManager.operate(arg.Operation, arg.Address)) return + case api.Operation_REPLACE: + isMonitored := server.isRpkiMonitored() + for _, rf := range server.globalRib.GetRFlist() { + if t, ok := server.globalRib.Tables[rf]; ok { + for _, dst := range t.GetDestinations() { + if rr := server.roaManager.validate(dst.GetAllKnownPathList(), isMonitored); isMonitored { + send := make([]*api.ROAResult, 0, len(rr)) + for _, r := range rr { + invalid := api.ROAResult_ValidationResult(config.RPKI_VALIDATION_RESULT_TYPE_INVALID.ToInt()) + + if r.OldResult != r.NewResult && (r.OldResult == invalid || r.NewResult == invalid) { + send = append(send, r) + } + } + server.broadcastValidationResults(send) + } + } + } + } + grpcDone(grpcReq, nil) + return } grpcDone(grpcReq, fmt.Errorf("not supported yet")) } diff --git a/table/destination.go b/table/destination.go index b7a79788..afac8e06 100644 --- a/table/destination.go +++ b/table/destination.go @@ -181,6 +181,10 @@ func (dd *Destination) setNlri(nlri bgp.AddrPrefixInterface) { dd.nlri = nlri } +func (dd *Destination) GetAllKnownPathList() []*Path { + return dd.knownPathList +} + func (dd *Destination) GetKnownPathList(id string) []*Path { list := make([]*Path, 0, len(dd.knownPathList)) for _, p := range dd.knownPathList { |