diff options
Diffstat (limited to 'server/rpki.go')
| -rw-r--r-- | server/rpki.go | 27 |
1 files changed, 24 insertions, 3 deletions
diff --git a/server/rpki.go b/server/rpki.go index 1e743af9..a26f155f 100644 --- a/server/rpki.go +++ b/server/rpki.go @@ -41,6 +41,7 @@ type roa struct { } type roaClient struct { + AS uint32 roas map[bgp.RouteFamily]*radix.Tree outgoing chan []byte config config.RpkiServers @@ -175,7 +176,23 @@ func (c *roaClient) handleGRPC(grpcReq *GrpcRequest) { } } -func validateOne(tree *radix.Tree, cidr string, as uint32) config.RpkiValidationResultType { +func validatePath(ownAs uint32, tree *radix.Tree, cidr string, asPath *bgp.PathAttributeAsPath) config.RpkiValidationResultType { + var as uint32 + if asPath == nil || len(asPath.Value) == 0 { + return config.RPKI_VALIDATION_RESULT_TYPE_NOT_FOUND + } + asParam := asPath.Value[len(asPath.Value)-1].(*bgp.As4PathParam) + switch asParam.Type { + case bgp.BGP_ASPATH_ATTR_TYPE_SEQ: + if len(asParam.AS) == 0 { + return config.RPKI_VALIDATION_RESULT_TYPE_NOT_FOUND + } + as = asParam.AS[len(asParam.AS)-1] + case bgp.BGP_ASPATH_ATTR_TYPE_CONFED_SET, bgp.BGP_ASPATH_ATTR_TYPE_CONFED_SEQ: + as = ownAs + default: + return config.RPKI_VALIDATION_RESULT_TYPE_NOT_FOUND + } _, n, _ := net.ParseCIDR(cidr) ones, _ := n.Mask.Size() prefixLen := uint8(ones) @@ -209,17 +226,21 @@ func validateOne(tree *radix.Tree, cidr string, as uint32) config.RpkiValidation } func (c *roaClient) validate(pathList []*table.Path) { + if c.roas[bgp.RF_IPv4_UC].Len() == 0 && c.roas[bgp.RF_IPv6_UC].Len() == 0 { + return + } for _, path := range pathList { if tree, ok := c.roas[path.GetRouteFamily()]; ok { - path.Validation = validateOne(tree, path.GetNlri().String(), path.GetSourceAs()) + path.Validation = validatePath(c.AS, tree, path.GetNlri().String(), path.GetAsPath()) } } } -func newROAClient(conf config.RpkiServers) (*roaClient, error) { +func newROAClient(as uint32, conf config.RpkiServers) (*roaClient, error) { var url string c := &roaClient{ + AS: as, roas: make(map[bgp.RouteFamily]*radix.Tree), config: conf, } |