The only certificate that can invalidate the tree is the root one.
This is because other certificates are considered subtrees, and
therefore isolated problems.
RFC 7730 seems to agree:
> If the connection to the preferred URI fails, or the retrieved CA
> certificate public key does not match the TAL public key, the RP
> SHOULD retrieve the CA certificate from the next URI
(Neither of those reasons can be caused by a subtree.)
By the time the first ROA is handled, the root certificate is
already validated. This means that Fort will never find itself
needing to invalidate previously handled ROAs. Hence, there's no
need to "reset" a ROA table nor "merge" it with a global one after
success.
Not having to track both a global and a temporal table also reduces
RAM usage.
{
struct validation_handler handler;
- handler.reset = NULL;
handler.handle_roa_v4 = print_v4_roa;
handler.handle_roa_v6 = print_v6_roa;
handler.arg = NULL;
if (error)
return ENSURE_NEGATIVE(error);
- error = vhandler_reset(arg);
- if (error)
- return ENSURE_NEGATIVE(error);
-
pr_debug_add("TAL URI '%s' {", uri_get_printable(uri));
if (!uri_is_certificate(uri)) {
* From now on, the tree should be considered valid, even if subsequent
* certificates fail.
* (the root validated successfully; subtrees are isolated problems.)
+ * Only critical errors should trigger negative result codes.
*/
/* Handle every other certificate. */
error = 1;
goto end;
}
- if (error)
+ if (error) /* All other errors are critical, currently */
goto fail;
/*
return table;
}
-static void
-roa_table_cleanup(struct roa_table *table)
+void
+roa_table_destroy(struct roa_table *table)
{
struct hashable_roa *node;
struct hashable_roa *tmp;
HASH_DEL(table->roas, node);
free(node);
}
-}
-void
-roa_table_destroy(struct roa_table *table)
-{
- roa_table_cleanup(table);
free(table);
}
return 0;
}
-int
-rtrhandler_reset(struct roa_table *table)
-{
- roa_table_cleanup(table);
- return 0;
-}
-
static struct hashable_roa *
create_roa(uint32_t asn, uint8_t max_length)
{
return error;
}
-int
-rtrhandler_merge(struct roa_table *dst, struct roa_table *src)
-{
- return roa_table_merge(dst, src);
-}
-
void
roa_table_remove_roa(struct roa_table *table, struct vrp const *del)
{
int roa_table_foreach_roa(struct roa_table *, vrp_foreach_cb, void *);
void roa_table_remove_roa(struct roa_table *, struct vrp const *);
-int rtrhandler_reset(struct roa_table *);
int rtrhandler_handle_roa_v4(struct roa_table *, uint32_t,
struct ipv4_prefix const *, uint8_t);
int rtrhandler_handle_roa_v6(struct roa_table *, uint32_t,
struct ipv6_prefix const *, uint8_t);
-int rtrhandler_merge(struct roa_table *, struct roa_table *);
int compute_deltas(struct roa_table *, struct roa_table *, struct deltas **);
pthread_rwlock_destroy(&lock); /* Nothing to do with error code */
}
-static int
-__reset(void *arg)
-{
- return rtrhandler_reset(arg);
-}
-
int
__handle_roa_v4(uint32_t as, struct ipv4_prefix const *prefix,
uint8_t max_length, void *arg)
static int
__perform_standalone_validation(struct roa_table **result)
{
- struct roa_table *roas, *global_roas;
+ struct roa_table *roas;
struct validation_handler validation_handler;
int error;
if (roas == NULL)
return pr_enomem();
- global_roas = roa_table_create();
- if (global_roas == NULL) {
- roa_table_destroy(roas);
- return pr_enomem();
- }
-
- validation_handler.reset = __reset;
validation_handler.handle_roa_v4 = __handle_roa_v4;
validation_handler.handle_roa_v6 = __handle_roa_v6;
validation_handler.arg = roas;
error = perform_standalone_validation(&validation_handler);
- roa_table_destroy(roas);
if (error) {
- roa_table_destroy(global_roas);
+ roa_table_destroy(roas);
return error;
}
- *result = global_roas;
+ *result = roas;
return 0;
}
#include "log.h"
#include "thread_var.h"
-int
-vhandler_reset(struct validation_handler *handler)
-{
- return (handler->reset != NULL) ? handler->reset(handler->arg) : 0;
-}
-
static int
get_current_threads_handler(struct validation_handler const **result)
{
* All of these functions can be NULL.
*/
struct validation_handler {
- /**
- * Reinitializator; called every time Fort needs to invalidate a tree
- * that was presumed to be correct thus far.
- * (Implementor should invalidate all ROAs collected by handle_roa_v4()
- * and handle_roa_v6().)
- */
- int (*reset)(void *);
/** Called every time Fort has successfully validated an IPv4 ROA. */
int (*handle_roa_v4)(uint32_t, struct ipv4_prefix const *, uint8_t,
void *);
void *arg;
};
-int vhandler_reset(struct validation_handler *);
int vhandler_handle_roa_v4(uint32_t, struct ipv4_prefix const *, uint8_t);
int vhandler_handle_roa_v6(uint32_t, struct ipv6_prefix const *, uint8_t);
projects / thirdparty / FORT-validator.git / commitdiff
