RPKI: Add 'local address' configuration option

Allow to explicitly configure the source IP address for RPKI-To-Router
sessions. Predictable source addresses are useful for minimizing the
holes to be poked in ACLs.

Changed from 'source address' to 'local address' by committer.

diff --git a/doc/bird.sgml b/doc/bird.sgml
index 76ca7f75a6dded87b0ed346860e9896fc24bbfc2..aeecb1dcc7bd87d46a0f1b1469b1794d2278c73e 100644 (file)
--- a/doc/bird.sgml
+++ b/doc/bird.sgml
@@ -5697,6 +5697,7 @@ protocol rpki [<name>] {
         roa6 { table <tab>; };
         remote <ip> | "<domain>" [port <num>];
         port <num>;
+        local address <ip>;
         refresh [keep] <num>;
         retry [keep] <num>;
         expire [keep] <num>;
@@ -5726,6 +5727,9 @@ specify both channels.
         number is 323 for transport without any encryption and 22 for transport
         with SSH encryption.
 
+        <tag>local address <m/ip/</tag>
+        Define local address we should use as a source address for the RTR session.
+
         <tag>refresh [keep] <m/num/</tag> Time period in seconds. Tells how
         long to wait before next attempting to poll the cache using a Serial
         Query or a Reset Query packet. Must be lower than 86400 seconds (one

diff --git a/proto/rpki/config.Y b/proto/rpki/config.Y
index c28cab7a661c92fb111e3cd44661c261ad434406..769ebb2c8284bfa07b197f0c89661afe10e8d849 100644 (file)
--- a/proto/rpki/config.Y
+++ b/proto/rpki/config.Y
@@ -32,7 +32,7 @@ rpki_check_unused_transport(void)
 CF_DECLS
 
 CF_KEYWORDS(RPKI, REMOTE, BIRD, PRIVATE, PUBLIC, KEY, TCP, SSH, TRANSPORT, USER,
-           RETRY, REFRESH, EXPIRE, KEEP, IGNORE, MAX, LENGTH)
+           RETRY, REFRESH, EXPIRE, KEEP, IGNORE, MAX, LENGTH, LOCAL, ADDRESS)
 
 %type <i> rpki_keep_interval
 
@@ -60,6 +60,7 @@ rpki_proto_item:
  | REMOTE rpki_cache_addr
  | REMOTE rpki_cache_addr rpki_proto_item_port
  | rpki_proto_item_port
+ | LOCAL ADDRESS ipa { RPKI_CFG->local_ip = $3; }
  | TRANSPORT rpki_transport
  | REFRESH rpki_keep_interval expr {
      if (rpki_check_refresh_interval($3))

diff --git a/proto/rpki/rpki.h b/proto/rpki/rpki.h
index 8a5c38fda4e1652dda2a5e502fc7574eb1be29c2..e67eb0e3b0646bfa95140ffb9195f91a4db1a5c8 100644 (file)
--- a/proto/rpki/rpki.h
+++ b/proto/rpki/rpki.h
@@ -116,6 +116,7 @@ struct rpki_proto {
 struct rpki_config {
   struct proto_config c;
   const char *hostname;                        /* Full domain name or stringified IP address of cache server */
+  ip_addr local_ip;                    /* Source address to use */
   ip_addr ip;                          /* IP address of cache server or IPA_NONE */
   u16 port;                            /* Port number of cache server */
   struct rpki_tr_config tr_config;     /* Specific transport configuration structure */

diff --git a/proto/rpki/transport.c b/proto/rpki/transport.c
index 81bd6dd8d3c747a137e26883ae721d2685c0ffd4..265719770bfe5f9b29abedc69bdfdb89c2d471a5 100644 (file)
--- a/proto/rpki/transport.c
+++ b/proto/rpki/transport.c
@@ -82,6 +82,7 @@ rpki_tr_open(struct rpki_tr_sock *tr)
   sk->daddr = cf->ip;
   sk->dport = cf->port;
   sk->host = cf->hostname;
+  sk->saddr = cf->local_ip;
   sk->rbsize = RPKI_RX_BUFFER_SIZE;
   sk->tbsize = RPKI_TX_BUFFER_SIZE;
   sk->tos = IP_PREC_INTERNET_CONTROL;