From 2c102e97cae9e7514507f23a30aaf8b18ecebd7b Mon Sep 17 00:00:00 2001 From: pcarana Date: Mon, 1 Jul 2019 16:46:23 -0500 Subject: [PATCH] Add ROA eContent to debug, and parse asID just once --- src/object/roa.c | 117 ++++++++++++++++++++++++++++++++++------------- 1 file changed, 85 insertions(+), 32 deletions(-) diff --git a/src/object/roa.c b/src/object/roa.c index bc386265..e971f5fb 100644 --- a/src/object/roa.c +++ b/src/object/roa.c @@ -31,22 +31,29 @@ ____handle_roa_v4(struct resources *parent, unsigned long asn, if (error) return error; + pr_debug_add("ROAIPAddress {"); + pr_debug("address: %s/%u", v4addr2str(&prefix.addr), prefix.len); + if (roa_addr->maxLength != NULL) { error = asn_INTEGER2ulong(roa_addr->maxLength, &max_length); if (error) { if (errno) pr_errno(errno, "Error casting ROA's IPv4 maxLength"); - return pr_err("The ROA's IPv4 maxLength isn't a valid unsigned long"); + error = pr_err("The ROA's IPv4 maxLength isn't a valid unsigned long"); + goto end_error; } + pr_debug("maxLength: %lu", max_length); if (max_length > 32) { - return pr_err("maxLength (%lu) is out of bounds (0-32).", + error = pr_err("maxLength (%lu) is out of bounds (0-32).", max_length); + goto end_error; } if (prefix.len > max_length) { - return pr_err("Prefix length (%u) > maxLength (%lu)", + error = pr_err("Prefix length (%u) > maxLength (%lu)", prefix.len, max_length); + goto end_error; } } else { @@ -54,11 +61,16 @@ ____handle_roa_v4(struct resources *parent, unsigned long asn, } if (!resources_contains_ipv4(parent, &prefix)) { - return pr_err("ROA is not allowed to advertise %s/%u.", + error = pr_err("ROA is not allowed to advertise %s/%u.", v4addr2str(&prefix.addr), prefix.len); + goto end_error; } + pr_debug_rm("}"); return vhandler_handle_roa_v4(asn, &prefix, max_length); +end_error: + pr_debug_rm("}"); + return error; } static int @@ -73,22 +85,29 @@ ____handle_roa_v6(struct resources *parent, unsigned long asn, if (error) return error; + pr_debug_add("ROAIPAddress {"); + pr_debug("address: %s/%u", v6addr2str(&prefix.addr), prefix.len); + if (roa_addr->maxLength != NULL) { error = asn_INTEGER2ulong(roa_addr->maxLength, &max_length); if (error) { if (errno) pr_errno(errno, "Error casting ROA's IPv6 maxLength"); - return pr_err("The ROA's IPv6 maxLength isn't a valid unsigned long"); + error = pr_err("The ROA's IPv6 maxLength isn't a valid unsigned long"); + goto end_error; } + pr_debug("maxLength: %lu", max_length); if (max_length > 128) { - return pr_err("maxLength (%lu) is out of bounds (0-128).", + error = pr_err("maxLength (%lu) is out of bounds (0-128).", max_length); + goto end_error; } if (prefix.len > max_length) { - return pr_err("Prefix length (%u) > maxLength (%lu)", + error = pr_err("Prefix length (%u) > maxLength (%lu)", prefix.len, max_length); + goto end_error; } } else { @@ -96,28 +115,22 @@ ____handle_roa_v6(struct resources *parent, unsigned long asn, } if (!resources_contains_ipv6(parent, &prefix)) { - return pr_err("ROA is not allowed to advertise %s/%u.", + error = pr_err("ROA is not allowed to advertise %s/%u.", v6addr2str(&prefix.addr), prefix.len); + goto end_error; } + pr_debug_rm("}"); return vhandler_handle_roa_v6(asn, &prefix, max_length); +end_error: + pr_debug_rm("}"); + return error; } static int -____handle_roa(struct resources *parent, ASID_t *as_id, uint8_t family, +____handle_roa(struct resources *parent, unsigned long asn, uint8_t family, struct ROAIPAddress *roa_addr) { - unsigned long asn; - - if (asn_INTEGER2ulong(as_id, &asn) != 0) { - if (errno) - pr_errno(errno, "Error casting ROA's AS ID value"); - return pr_err("ROA's AS ID couldn't be parsed as unsigned long"); - } - - if (asn > UINT32_MAX) - return pr_err("AS value (%lu) is out of range.", asn); - switch (family) { case 1: /* IPv4 */ return ____handle_roa_v4(parent, asn, roa_addr); @@ -133,31 +146,55 @@ __handle_roa(struct RouteOriginAttestation *roa, struct resources *parent) { struct ROAIPAddressFamily *block; unsigned long version; + unsigned long asn; int b; int a; int error; + + pr_debug_add("eContent {"); if (roa->version != NULL) { error = asn_INTEGER2ulong(roa->version, &version); if (error) { if (errno) pr_errno(errno, "Error casting ROA's version"); - return pr_err("The ROA's version isn't a valid long"); + error = pr_err("The ROA's version isn't a valid long"); + goto end_error; } /* rfc6482#section-3.1 */ - if (version != 0) - return pr_err("ROA's version (%lu) is nonzero.", version); + if (version != 0) { + error = pr_err("ROA's version (%lu) is nonzero.", + version); + goto end_error; + } + } + + /* rfc6482#section-3.2 */ + if (asn_INTEGER2ulong(&roa->asID, &asn) != 0) { + if (errno) + pr_errno(errno, "Error casting ROA's AS ID value"); + error = pr_err("ROA's AS ID couldn't be parsed as unsigned long"); + goto end_error; } + if (asn > UINT32_MAX) { + error = pr_err("AS value (%lu) is out of range.", asn); + goto end_error; + } + pr_debug("asID: %lu", asn); + /* rfc6482#section-3.3 */ if (roa->ipAddrBlocks.list.array == NULL) pr_crit("ipAddrBlocks array is NULL."); + pr_debug_add("ipAddrBlocks {"); for (b = 0; b < roa->ipAddrBlocks.list.count; b++) { block = roa->ipAddrBlocks.list.array[b]; - if (block == NULL) - return pr_err("Address block array element is NULL."); + if (block == NULL) { + error = pr_err("Address block array element is NULL."); + goto ip_error; + } if (block->addressFamily.size != 2) goto family_error; @@ -166,22 +203,38 @@ __handle_roa(struct RouteOriginAttestation *roa, struct resources *parent) if (block->addressFamily.buf[1] != 1 && block->addressFamily.buf[1] != 2) goto family_error; + pr_debug_add("%s {", + block->addressFamily.buf[1] == 1 ? "v4" : "v6"); + + if (block->addresses.list.array == NULL) { + error = pr_err("ROA's address list array is NULL."); + pr_debug_rm("}"); + goto ip_error; + } - if (block->addresses.list.array == NULL) - return pr_err("ROA's address list array is NULL."); for (a = 0; a < block->addresses.list.count; a++) { - error = ____handle_roa(parent, &roa->asID, + error = ____handle_roa(parent, asn, block->addressFamily.buf[1], block->addresses.list.array[a]); - if (error) - return error; + if (error) { + pr_debug_rm("}"); + goto ip_error; + } } + pr_debug_rm("}"); } - return 0; + /* Error 0 it's ok */ + error = 0; + goto ip_error; family_error: - return pr_err("ROA's IP family is not v4 or v6."); + error = pr_err("ROA's IP family is not v4 or v6."); +ip_error: + pr_debug_rm("}"); +end_error: + pr_debug_rm("}"); + return error; } int -- 2.47.3