]> git.ipfire.org Git - thirdparty/bird.git/blame - proto/rpki/packets.c
projects / thirdparty / bird.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Minor cleanups
[thirdparty/bird.git] / proto / rpki / packets.c
CommitLineData
65d2a88d
PT		 1/*
2 * BIRD -- The Resource Public Key Infrastructure (RPKI) to Router Protocol
3 *
4 * (c) 2015 CZ.NIC
5 * (c) 2015 Pavel Tvrdik <pawel.tvrdik@gmail.com>
6 *
7 * This file was a part of RTRlib: http://rpki.realmv6.org/
8 *
9 * Can be freely distributed and used under the terms of the GNU GPL.
10 */
11
12#include <stdlib.h>
13#include <string.h>
14#include <stdio.h>
15
16#undef LOCAL_DEBUG
17
18#include "rpki.h"
19#include "transport.h"
20#include "packets.h"
21
22#define RPKI_ADD_FLAG 0b00000001
23
24enum rpki_transmit_type {
25 RPKI_RECV = 0,
26 RPKI_SEND = 1,
27};
28
29enum pdu_error_type {
30 CORRUPT_DATA = 0,
31 INTERNAL_ERROR = 1,
32 NO_DATA_AVAIL = 2,
33 INVALID_REQUEST = 3,
34 UNSUPPORTED_PROTOCOL_VER = 4,
35 UNSUPPORTED_PDU_TYPE = 5,
36 WITHDRAWAL_OF_UNKNOWN_RECORD = 6,
37 DUPLICATE_ANNOUNCEMENT = 7,
38 PDU_TOO_BIG = 32
39};
40
41static const char *str_pdu_error_type[] = {
42 [CORRUPT_DATA] = "Corrupt-Data",
43 [INTERNAL_ERROR] = "Internal-Error",
44 [NO_DATA_AVAIL] = "No-Data-Available",
45 [INVALID_REQUEST] = "Invalid-Request",
46 [UNSUPPORTED_PROTOCOL_VER] = "Unsupported-Protocol-Version",
47 [UNSUPPORTED_PDU_TYPE] = "Unsupported-PDU-Type",
48 [WITHDRAWAL_OF_UNKNOWN_RECORD]= "Withdrawal-Of-Unknown-Record",
49 [DUPLICATE_ANNOUNCEMENT] = "Duplicate-Announcement",
50 [PDU_TOO_BIG] = "PDU-Too-Big",
51};
52
53enum pdu_type {
54 SERIAL_NOTIFY = 0,
55 SERIAL_QUERY = 1,
56 RESET_QUERY = 2,
57 CACHE_RESPONSE = 3,
58 IPV4_PREFIX = 4,
59 RESERVED = 5,
60 IPV6_PREFIX = 6,
61 END_OF_DATA = 7,
62 CACHE_RESET = 8,
63 ROUTER_KEY = 9,
64 ERROR = 10,
65 PDU_TYPE_MAX
66};
67
68static const char *str_pdu_type_[] = {
69 [SERIAL_NOTIFY] = "Serial Notify",
70 [SERIAL_QUERY] = "Serial Query",
71 [RESET_QUERY] = "Reset Query",
72 [CACHE_RESPONSE] = "Cache Response",
73 [IPV4_PREFIX] = "IPv4 Prefix",
74 [RESERVED] = "Reserved",
75 [IPV6_PREFIX] = "IPv6 Prefix",
76 [END_OF_DATA] = "End of Data",
77 [CACHE_RESET] = "Cache Reset",
78 [ROUTER_KEY] = "Router Key",
79 [ERROR] = "Error"
80};
81
b94e5e58 82static const char *str_pdu_type(uint type) {
65d2a88d
PT		 83 if (type < PDU_TYPE_MAX)
84 return str_pdu_type_[type];
85 else
86 return "Undefined packet type";
87}
88
89/*
90 * 0 8 16 24 31
91 * .-------------------------------------------.
92 * | Protocol | PDU | |
93 * | Version | Type | reserved = zero |
94 * | 0 or 1 | 0 - 10 | |
95 * +-------------------------------------------+
96 * | |
97 * | Length >= 8 |
98 * | |
99 * `-------------------------------------------' */
100struct pdu_header {
101 u8 ver;
102 u8 type;
103 u16 reserved;
104 u32 len;
105} PACKED;
106
107struct pdu_cache_response {
108 u8 ver;
109 u8 type;
110 u16 session_id;
111 u32 len;
112} PACKED;
113
114struct pdu_serial_notify {
115 u8 ver;
116 u8 type;
117 u16 session_id;
118 u32 len;
119 u32 serial_num;
120} PACKED;
121
122struct pdu_serial_query {
123 u8 ver;
124 u8 type;
125 u16 session_id;
126 u32 len;
127 u32 serial_num;
128} PACKED;
129
130struct pdu_ipv4 {
131 u8 ver;
132 u8 type;
133 u16 reserved;
134 u32 len;
135 u8 flags;
136 u8 prefix_len;
137 u8 max_prefix_len;
138 u8 zero;
139 ip4_addr prefix;
140 u32 asn;
141} PACKED;
142
143struct pdu_ipv6 {
144 u8 ver;
145 u8 type;
146 u16 reserved;
147 u32 len;
148 u8 flags;
149 u8 prefix_len;
150 u8 max_prefix_len;
151 u8 zero;
152 ip6_addr prefix;
153 u32 asn;
154} PACKED;
155
156/*
157 * 0 8 16 24 31
158 * .-------------------------------------------.
159 * | Protocol | PDU | |
160 * | Version | Type | Error Code |
161 * | 1 | 10 | |
162 * +-------------------------------------------+
163 * | |
164 * | Length |
165 * | |
166 * +-------------------------------------------+
167 * | |
168 * | Length of Encapsulated PDU |
169 * | |
170 * +-------------------------------------------+
171 * | |
172 * ~ Copy of Erroneous PDU ~
173 * | |
174 * +-------------------------------------------+
175 * | |
176 * | Length of Error Text |
177 * | |
178 * +-------------------------------------------+
179 * | |
180 * | Arbitrary Text |
181 * | of |
182 * ~ Error Diagnostic Message ~
183 * | |
184 * `-------------------------------------------' */
185struct pdu_error {
186 u8 ver;
187 u8 type;
188 u16 error_code;
189 u32 len;
190 u32 len_enc_pdu; /* Length of Encapsulated PDU */
191 byte rest[]; /* Copy of Erroneous PDU
192 * Length of Error Text
193 * Error Diagnostic Message */
194} PACKED;
195
196struct pdu_reset_query {
197 u8 ver;
198 u8 type;
199 u16 flags;
200 u32 len;
201} PACKED;
202
203struct pdu_end_of_data_v0 {
204 u8 ver;
205 u8 type;
206 u16 session_id;
207 u32 len;
208 u32 serial_num;
209} PACKED;
210
211struct pdu_end_of_data_v1 {
212 u8 ver;
213 u8 type;
214 u16 session_id;
215 u32 len;
216 u32 serial_num;
217 u32 refresh_interval;
218 u32 retry_interval;
219 u32 expire_interval;
220} PACKED;
221
222static const size_t min_pdu_size[] = {
223 [SERIAL_NOTIFY] = sizeof(struct pdu_serial_notify),
224 [SERIAL_QUERY] = sizeof(struct pdu_serial_query),
225 [RESET_QUERY] = sizeof(struct pdu_reset_query),
226 [CACHE_RESPONSE] = sizeof(struct pdu_cache_response),
227 [IPV4_PREFIX] = sizeof(struct pdu_ipv4),
228 [RESERVED] = sizeof(struct pdu_header),
229 [IPV6_PREFIX] = sizeof(struct pdu_ipv6),
230 [END_OF_DATA] = sizeof(struct pdu_end_of_data_v0),
231 [CACHE_RESET] = sizeof(struct pdu_cache_response),
232 [ROUTER_KEY] = sizeof(struct pdu_header), /* FIXME */
233 [ERROR] = 16,
234};
235
236static int rpki_send_error_pdu(struct rpki_cache *cache, const enum pdu_error_type error_code, const u32 err_pdu_len, const struct pdu_header *erroneous_pdu, const char *fmt, ...);
237
238static void
239rpki_pdu_to_network_byte_order(struct pdu_header *pdu)
240{
241 pdu->reserved = htons(pdu->reserved);
242 pdu->len = htonl(pdu->len);
243
244 switch (pdu->type)
245 {
246 case SERIAL_QUERY:
247 {
248 /* Note that a session_id is converted using converting header->reserved */
249 struct pdu_serial_query *sq_pdu = (void *) pdu;
250 sq_pdu->serial_num = htonl(sq_pdu->serial_num);
251 break;
252 }
253
254 case ERROR:
255 {
256 struct pdu_error *err = (void *) pdu;
257 u32 *err_text_len = (u32 *)(err->rest + err->len_enc_pdu);
258 *err_text_len = htonl(*err_text_len);
259 err->len_enc_pdu = htonl(err->len_enc_pdu);
260 break;
261 }
262
263 case RESET_QUERY:
264 break;
265
266 default:
267 bug("PDU type %s should not be sent by us", str_pdu_type(pdu->type));
268 }
269}
270
271static void
272rpki_pdu_to_host_byte_order(struct pdu_header *pdu)
273{
274 /* The Router Key PDU has two one-byte fields instead of one two-bytes field. */
275 if (pdu->type != ROUTER_KEY)
276 pdu->reserved = ntohs(pdu->reserved);
277
278 pdu->len = ntohl(pdu->len);
279
280 switch (pdu->type)
281 {
282 case SERIAL_NOTIFY:
283 {
284 /* Note that a session_id is converted using converting header->reserved */
285 struct pdu_serial_notify *sn_pdu = (void *) pdu;
286 sn_pdu->serial_num = ntohl(sn_pdu->serial_num);
287 break;
288 }
289
290 case END_OF_DATA:
291 {
292 /* Note that a session_id is converted using converting header->reserved */
293 struct pdu_end_of_data_v0 *eod0 = (void *) pdu;
294 eod0->serial_num = ntohl(eod0->serial_num); /* Same either for version 1 */
295
296 if (pdu->ver == RPKI_VERSION_1)
297 {
298 struct pdu_end_of_data_v1 *eod1 = (void *) pdu;
299 eod1->expire_interval = ntohl(eod1->expire_interval);
300 eod1->refresh_interval = ntohl(eod1->refresh_interval);
301 eod1->retry_interval = ntohl(eod1->retry_interval);
302 }
303 break;
304 }
305
306 case IPV4_PREFIX:
307 {
308 struct pdu_ipv4 *ipv4 = (void *) pdu;
309 ipv4->prefix = ip4_ntoh(ipv4->prefix);
310 ipv4->asn = ntohl(ipv4->asn);
311 break;
312 }
313
314 case IPV6_PREFIX:
315 {
316 struct pdu_ipv6 *ipv6 = (void *) pdu;
317 ipv6->prefix = ip6_ntoh(ipv6->prefix);
318 ipv6->asn = ntohl(ipv6->asn);
319 break;
320 }
321
322 case ERROR:
323 {
324 /* Note that a error_code is converted using converting header->reserved */
325 struct pdu_error *err = (void *) pdu;
326 err->len_enc_pdu = ntohl(err->len_enc_pdu);
327 u32 *err_text_len = (u32 *)(err->rest + err->len_enc_pdu);
328 *err_text_len = htonl(*err_text_len);
329 break;
330 }
331
332 case ROUTER_KEY:
333 /* Router Key PDU is not supported yet */
334
335 case SERIAL_QUERY:
336 case RESET_QUERY:
337 /* Serial/Reset Query are sent only in direction router to cache.
338 * We don't care here. */
339
340 case CACHE_RESPONSE:
341 case CACHE_RESET:
342 /* Converted with pdu->reserved */
343 break;
344 }
345}
346
347/**
348 * rpki_convert_pdu_back_to_network_byte_order - convert host-byte order PDU back to network-byte order
349 * @out: allocated memory for writing a converted PDU of size @in->len
350 * @in: host-byte order PDU
351 *
352 * Assumed: |A == ntoh(ntoh(A))|
353 */
354static struct pdu_header *
355rpki_pdu_back_to_network_byte_order(struct pdu_header *out, const struct pdu_header *in)
356{
357 memcpy(out, in, in->len);
358 rpki_pdu_to_host_byte_order(out);
359 return out;
360}
361
362static void
363rpki_log_packet(struct rpki_cache *cache, const struct pdu_header *pdu, const enum rpki_transmit_type action)
364{
365 if (!(cache->p->p.debug & D_PACKETS))
366 return;
367
368 const char *str_type = str_pdu_type(pdu->type);
369 char detail[256];
370
371#define SAVE(fn) \
372 do { \
373 if (fn < 0) \
374 { \
375 bsnprintf(detail + sizeof(detail) - 16, 16, "... <too long>)"); \
376 goto detail_finished; \
377 } \
378 } while(0) \
379
380 switch (pdu->type)
381 {
382 case SERIAL_NOTIFY:
383 case SERIAL_QUERY:
384 SAVE(bsnprintf(detail, sizeof(detail), "(session id: %u, serial number: %u)", pdu->reserved, ((struct pdu_serial_notify *) pdu)->serial_num));
385 break;
386
387 case END_OF_DATA:
388 {
389 const struct pdu_end_of_data_v1 *eod = (void *) pdu;
390 if (eod->ver == RPKI_VERSION_1)
391 SAVE(bsnprintf(detail, sizeof(detail), "(session id: %u, serial number: %u, refresh: %us, retry: %us, expire: %us)", eod->session_id, eod->serial_num, eod->refresh_interval, eod->retry_interval, eod->expire_interval));
392 else
393 SAVE(bsnprintf(detail, sizeof(detail), "(session id: %u, serial number: %u)", eod->session_id, eod->serial_num));
394 break;
395 }
396
397 case CACHE_RESPONSE:
398 SAVE(bsnprintf(detail, sizeof(detail), "(session id: %u)", pdu->reserved));
399 break;
400
401 case IPV4_PREFIX:
402 {
403 const struct pdu_ipv4 *ipv4 = (void *) pdu;
404 SAVE(bsnprintf(detail, sizeof(detail), "(%I4/%u-%u AS%u)", ipv4->prefix, ipv4->prefix_len, ipv4->max_prefix_len, ipv4->asn));
405 break;
406 }
407
408 case IPV6_PREFIX:
409 {
410 const struct pdu_ipv6 *ipv6 = (void *) pdu;
411 SAVE(bsnprintf(detail, sizeof(detail), "(%I6/%u-%u AS%u)", ipv6->prefix, ipv6->prefix_len, ipv6->max_prefix_len, ipv6->asn));
412 break;
413 }
414
415 case ROUTER_KEY:
416 /* We don't support saving Router Key PDUs yet */
417 SAVE(bsnprintf(detail, sizeof(detail), "(ignored)"));
418 break;
419
420 case ERROR:
421 {
422 const struct pdu_error *err = (void *) pdu;
423 SAVE(bsnprintf(detail, sizeof(detail), "(%s", str_pdu_error_type[err->error_code]));
424
425 /* Optional description of error */
426 const u32 len_err_txt = *((u32 *) (err->rest + err->len_enc_pdu));
427 if (len_err_txt > 0)
428 {
429 size_t expected_len = err->len_enc_pdu + len_err_txt + 16;
430 if (expected_len == err->len)
431 {
432 char txt[len_err_txt + 1];
433 char *pdu_txt = (char *) err->rest + err->len_enc_pdu + 4;
434 bsnprintf(txt, sizeof(txt), "%s", pdu_txt); /* it's ensured that txt is ended with a null byte */
435 SAVE(bsnprintf(detail + strlen(detail), sizeof(detail) - strlen(detail), ": '%s'", txt));
436 }
437 else
438 {
439 SAVE(bsnprintf(detail + strlen(detail), sizeof(detail) - strlen(detail), ", malformed size"));
440 }
441 }
442
443 /* Optional encapsulated erroneous packet */
444 if (err->len_enc_pdu)
445 {
446 SAVE(bsnprintf(detail + strlen(detail), sizeof(detail) - strlen(detail), ", %s packet:", str_pdu_type(((struct pdu_header *) err->rest)->type)));
447 if (err->rest + err->len_enc_pdu <= (byte *)err + err->len)
448 {
449 for (const byte *c = err->rest; c != err->rest + err->len_enc_pdu; c++)
450 SAVE(bsnprintf(detail + strlen(detail), sizeof(detail) - strlen(detail), " %02X", *c));
451 }
452 }
453
454 SAVE(bsnprintf(detail + strlen(detail), sizeof(detail) - strlen(detail), ")"));
455 break;
456 }
457
458 default:
459 *detail = '\0';
460 }
461#undef SAVE
462
463 detail_finished:
464
465 if (action == RPKI_RECV)
466 {
467 CACHE_TRACE(D_PACKETS, cache, "Received %s packet %s", str_type, detail);
468 }
469 else
470 {
471 CACHE_TRACE(D_PACKETS, cache, "Sending %s packet %s", str_type, detail);
472 }
473
474#if defined(LOCAL_DEBUG) || defined(GLOBAL_DEBUG)
475 int seq = 0;
476 for(const byte *c = pdu; c != pdu + pdu->len; c++)
477 {
478 if ((seq % 4) == 0)
479 DBG("%2d: ", seq);
480
481 DBG(" 0x%02X %-3u", *c, *c);
482
483 if ((++seq % 4) == 0)
484 DBG("\n");
485 }
486 if ((seq % 4) != 0)
487 DBG("\n");
488#endif
489}
490
491static int
492rpki_send_pdu(struct rpki_cache *cache, const void *pdu, const uint len)
493{
494 struct rpki_proto *p = cache->p;
495 sock *sk = cache->tr_sock->sk;
496
497 rpki_log_packet(cache, pdu, RPKI_SEND);
498
499 if (sk->tbuf != sk->tpos)
500 {
501 RPKI_WARN(p, "Old packet overwritten in TX buffer");
502 }
503
504 if (len > sk->tbsize)
505 {
506 RPKI_WARN(p, "%u bytes is too much for send", len);
507 ASSERT(0);
508 return RPKI_ERROR;
509 }
510
511 memcpy(sk->tbuf, pdu, len);
512 rpki_pdu_to_network_byte_order((void *) sk->tbuf);
513
514 if (!sk_send(sk, len))
515 {
516 DBG("Cannot send just the whole data. It will be sent using a call of tx_hook()");
517 }
518
519 return RPKI_SUCCESS;
520}
521
522/**
523 * rpki_check_receive_packet - make a basic validation of received RPKI PDU header
524 * @cache: cache connection instance
525 * @pdu: RPKI PDU in network byte order
526 *
527 * This function checks protocol version, PDU type, version and size. If all is all right then
528 * function returns |RPKI_SUCCESS| otherwise sends Error PDU and returns
529 * |RPKI_ERROR|.
530 */
531static int
532rpki_check_receive_packet(struct rpki_cache *cache, const struct pdu_header *pdu)
533{
65d2a88d
PT		 534 u32 pdu_len = ntohl(pdu->len);
535
536 /*
537 * Minimal and maximal allowed PDU size is treated in rpki_rx_hook() function.
538 * @header.len corresponds to number of bytes of @pdu and
539 * it is in range from RPKI_PDU_HEADER_LEN to RPKI_PDU_MAX_LEN bytes.
540 */
541
542 /* Do not handle error PDUs here, leave this task to rpki_handle_error_pdu() */
543 if (pdu->ver != cache->version && pdu->type != ERROR)
544 {
545 /* If this is the first PDU we have received */
546 if (cache->request_session_id)
547 {
548 if (pdu->type == SERIAL_NOTIFY)
549 {
550 /*
551 * The router MUST ignore any Serial Notify PDUs it might receive from
552 * the cache during this initial start-up period, regardless of the
553 * Protocol Version field in the Serial Notify PDU.
554 * (https://tools.ietf.org/html/draft-ietf-sidr-rpki-rtr-rfc6810-bis-07#section-7)
555 */
556 }
557 else if (cache->last_update == 0
65d2a88d
PT		 558 && pdu->ver <= RPKI_MAX_VERSION
559 && pdu->ver < cache->version)
560 {
561 CACHE_TRACE(D_EVENTS, cache, "Downgrade session to %s from %u to %u version", rpki_get_cache_ident(cache), cache->version, pdu->ver);
562 cache->version = pdu->ver;
563 }
564 else
565 {
566 /* If this is not the first PDU we have received, something is wrong with
567 * the server implementation -> Error */
568 rpki_send_error_pdu(cache, UNSUPPORTED_PROTOCOL_VER, pdu_len, pdu, "PDU with unsupported Protocol version received");
569 return RPKI_ERROR;
570 }
571 }
572 }
573
574 if ((pdu->type >= PDU_TYPE_MAX) || (pdu->ver == RPKI_VERSION_0 && pdu->type == ROUTER_KEY))
575 {
576 rpki_send_error_pdu(cache, UNSUPPORTED_PDU_TYPE, pdu_len, pdu, "Unsupported PDU type %u received", pdu->type);
577 return RPKI_ERROR;
578 }
579
580 if (pdu_len < min_pdu_size[pdu->type])
581 {
582 rpki_send_error_pdu(cache, CORRUPT_DATA, pdu_len, pdu, "Received %s packet with %d bytes, but expected at least %d bytes", str_pdu_type(pdu->type), pdu_len, min_pdu_size[pdu->type]);
583 return RPKI_ERROR;
584 }
585
586 return RPKI_SUCCESS;
587}
588
589static int
590rpki_handle_error_pdu(struct rpki_cache *cache, const struct pdu_error *pdu)
591{
592 switch (pdu->error_code)
593 {
594 case CORRUPT_DATA:
595 case INTERNAL_ERROR:
596 case INVALID_REQUEST:
597 case UNSUPPORTED_PDU_TYPE:
598 rpki_cache_change_state(cache, RPKI_CS_ERROR_FATAL);
599 break;
600
601 case NO_DATA_AVAIL:
602 rpki_cache_change_state(cache, RPKI_CS_ERROR_NO_DATA_AVAIL);
603 break;
604
605 case UNSUPPORTED_PROTOCOL_VER:
606 CACHE_TRACE(D_PACKETS, cache, "Client uses unsupported protocol version");
607 if (pdu->ver <= RPKI_MAX_VERSION &&
65d2a88d
PT		 608 pdu->ver < cache->version)
609 {
610 CACHE_TRACE(D_EVENTS, cache, "Downgrading from protocol version %d to version %d", cache->version, pdu->ver);
611 cache->version = pdu->ver;
612 rpki_cache_change_state(cache, RPKI_CS_FAST_RECONNECT);
613 }
614 else
615 {
616 CACHE_TRACE(D_PACKETS, cache, "Got UNSUPPORTED_PROTOCOL_VER error PDU with invalid values, " \
617 "current version: %d, PDU version: %d", cache->version, pdu->ver);
618 rpki_cache_change_state(cache, RPKI_CS_ERROR_FATAL);
619 }
620 break;
621
622 default:
623 CACHE_TRACE(D_PACKETS, cache, "Error unknown, server sent unsupported error code %u", pdu->error_code);
624 rpki_cache_change_state(cache, RPKI_CS_ERROR_FATAL);
625 break;
626 }
627
628 return RPKI_SUCCESS;
629}
630
631static void
632rpki_handle_serial_notify_pdu(struct rpki_cache *cache, const struct pdu_serial_notify *pdu)
633{
634 /* The router MUST ignore any Serial Notify PDUs it might receive from
635 * the cache during this initial start-up period, regardless of the
636 * Protocol Version field in the Serial Notify PDU.
637 * (https://tools.ietf.org/html/draft-ietf-sidr-rpki-rtr-rfc6810-bis-07#section-7)
638 */
639 if (cache->request_session_id)
640 {
641 CACHE_TRACE(D_PACKETS, cache, "Ignore a Serial Notify packet during initial start-up period");
642 return;
643 }
644
645 /* XXX Serial number should be compared using method RFC 1982 (3.2) */
646 if (cache->serial_num != pdu->serial_num)
647 rpki_cache_change_state(cache, RPKI_CS_SYNC_START);
648}
649
650static int
651rpki_handle_cache_response_pdu(struct rpki_cache *cache, const struct pdu_cache_response *pdu)
652{
653 if (cache->request_session_id)
654 {
655 if (cache->last_update != 0)
656 {
657 /*
658 * This isn't the first sync and we already received records. This point
659 * is after Reset Query and before importing new records from cache
660 * server. We need to load new ones and kick out missing ones. So start
661 * a refresh cycle.
662 */
663 if (cache->p->roa4_channel)
664 rt_refresh_begin(cache->p->roa4_channel->table, cache->p->roa4_channel);
665 if (cache->p->roa6_channel)
666 rt_refresh_begin(cache->p->roa6_channel->table, cache->p->roa6_channel);
667
668 cache->p->refresh_channels = 1;
669 }
670 cache->session_id = pdu->session_id;
671 cache->request_session_id = 0;
672 }
673 else
674 {
675 if (cache->session_id != pdu->session_id)
676 {
677 byte tmp[pdu->len];
678 const struct pdu_header *hton_pdu = rpki_pdu_back_to_network_byte_order((void *) tmp, (const void *) pdu);
679 rpki_send_error_pdu(cache, CORRUPT_DATA, pdu->len, hton_pdu, "Wrong session_id %u in Cache Response PDU", pdu->session_id);
680 rpki_cache_change_state(cache, RPKI_CS_ERROR_FATAL);
681 return RPKI_ERROR;
682 }
683 }
684
685 rpki_cache_change_state(cache, RPKI_CS_SYNC_RUNNING);
686 return RPKI_SUCCESS;
687}
688
689/**
690 * rpki_prefix_pdu_2_net_addr - convert IPv4/IPv6 Prefix PDU into net_addr_union
691 * @pdu: host byte order IPv4/IPv6 Prefix PDU
692 * @n: allocated net_addr_union for save ROA
693 *
694 * This function reads ROA data from IPv4/IPv6 Prefix PDU and
695 * write them into net_addr_roa4 or net_addr_roa6 data structure.
696 */
697static net_addr_union *
698rpki_prefix_pdu_2_net_addr(const struct pdu_header *pdu, net_addr_union *n)
699{
700 /*
701 * Note that sizeof(net_addr_roa6) > sizeof(net_addr)
702 * and thence we must use net_addr_union and not only net_addr
703 */
704
705 if (pdu->type == IPV4_PREFIX)
706 {
707 const struct pdu_ipv4 *ipv4 = (void *) pdu;
708 n->roa4.type = NET_ROA4;
709 n->roa4.length = sizeof(net_addr_roa4);
710 n->roa4.prefix = ipv4->prefix;
711 n->roa4.asn = ipv4->asn;
712 n->roa4.pxlen = ipv4->prefix_len;
713 n->roa4.max_pxlen = ipv4->max_prefix_len;
714 }
715 else
716 {
717 const struct pdu_ipv6 *ipv6 = (void *) pdu;
718 n->roa6.type = NET_ROA6;
719 n->roa6.length = sizeof(net_addr_roa6);
720 n->roa6.prefix = ipv6->prefix;
721 n->roa6.asn = ipv6->asn;
722 n->roa6.pxlen = ipv6->prefix_len;
723 n->roa6.max_pxlen = ipv6->max_prefix_len;
724 }
725
726 return n;
727}
728
729static int
730rpki_handle_prefix_pdu(struct rpki_cache *cache, const struct pdu_header *pdu)
731{
732 const enum pdu_type type = pdu->type;
733 ASSERT(type == IPV4_PREFIX || type == IPV6_PREFIX);
734
735 net_addr_union addr = {};
736 rpki_prefix_pdu_2_net_addr(pdu, &addr);
737
738 struct channel *channel = NULL;
739
740 if (type == IPV4_PREFIX)
741 channel = cache->p->roa4_channel;
742 if (type == IPV6_PREFIX)
743 channel = cache->p->roa6_channel;
744
745 if (!channel)
746 {
747 CACHE_TRACE(D_ROUTES, cache, "Skip %N, missing %s channel", &addr, (type == IPV4_PREFIX ? "roa4" : "roa6"), addr);
748 return RPKI_ERROR;
749 }
750
751 cache->last_rx_prefix = now;
752
753 /* A place for 'flags' is same for both data structures pdu_ipv4 or pdu_ipv6 */
754 struct pdu_ipv4 *pfx = (void *) pdu;
755 if (pfx->flags & RPKI_ADD_FLAG)
756 rpki_table_add_roa(cache, channel, &addr);
757 else
758 rpki_table_remove_roa(cache, channel, &addr);
759
760 return RPKI_SUCCESS;
761}
762
763static uint
764rpki_check_interval(struct rpki_cache *cache, const char *(check_fn)(uint), uint interval)
765{
766 if (check_fn(interval))
767 {
768 RPKI_WARN(cache->p, "%s, received %u seconds", check_fn(interval), interval);
769 return 0;
770 }
771 return 1;
772}
773
774static void
775rpki_handle_end_of_data_pdu(struct rpki_cache *cache, const struct pdu_end_of_data_v1 *pdu)
776{
777 const struct rpki_config *cf = (void *) cache->p->p.cf;
778
779 if (pdu->session_id != cache->session_id)
780 {
781 byte tmp[pdu->len];
782 const struct pdu_header *hton_pdu = rpki_pdu_back_to_network_byte_order((void *) tmp, (const void *) pdu);
783 rpki_send_error_pdu(cache, CORRUPT_DATA, pdu->len, hton_pdu, "Received Session ID %u, but expected %u", pdu->session_id, cache->session_id);
784 rpki_cache_change_state(cache, RPKI_CS_ERROR_FATAL);
785 return;
786 }
787
788 if (pdu->ver == RPKI_VERSION_1)
789 {
790 if (!cf->keep_refresh_interval && rpki_check_interval(cache, rpki_check_refresh_interval, pdu->refresh_interval))
791 cache->refresh_interval = pdu->refresh_interval;
792
793 if (!cf->keep_retry_interval && rpki_check_interval(cache, rpki_check_retry_interval, pdu->retry_interval))
794 cache->retry_interval = pdu->retry_interval;
795
796 if (!cf->keep_expire_interval && rpki_check_interval(cache, rpki_check_expire_interval, pdu->expire_interval))
797 cache->expire_interval = pdu->expire_interval;
798
799 CACHE_TRACE(D_EVENTS, cache, "New interval values: "
800 "refresh: %s%us, "
801 "retry: %s%us, "
802 "expire: %s%us",
803 (cf->keep_refresh_interval ? "keeps " : ""), cache->refresh_interval,
804 (cf->keep_retry_interval ? "keeps " : ""), cache->retry_interval,
805 (cf->keep_expire_interval ? "keeps " : ""), cache->expire_interval);
806 }
807
808 if (cache->p->refresh_channels)
809 {
810 cache->p->refresh_channels = 0;
811 if (cache->p->roa4_channel)
812 rt_refresh_end(cache->p->roa4_channel->table, cache->p->roa4_channel);
813 if (cache->p->roa6_channel)
814 rt_refresh_end(cache->p->roa6_channel->table, cache->p->roa6_channel);
815 }
816
817 cache->last_update = now;
818 cache->serial_num = pdu->serial_num;
819 rpki_cache_change_state(cache, RPKI_CS_ESTABLISHED);
820}
821
822/**
823 * rpki_rx_packet - process a received RPKI PDU
824 * @cache: RPKI connection instance
825 * @pdu: a RPKI PDU in network byte order
826 */
827static void
828rpki_rx_packet(struct rpki_cache *cache, struct pdu_header *pdu)
829{
830 struct rpki_proto *p = cache->p;
831
832 if (rpki_check_receive_packet(cache, pdu) == RPKI_ERROR)
833 {
834 rpki_cache_change_state(cache, RPKI_CS_ERROR_FATAL);
835 return;
836 }
837
838 rpki_pdu_to_host_byte_order(pdu);
839 rpki_log_packet(cache, pdu, RPKI_RECV);
840
841 switch (pdu->type)
842 {
843 case RESET_QUERY:
844 case SERIAL_QUERY:
845 RPKI_WARN(p, "Received a %s packet that is destined for cache server", str_pdu_type(pdu->type));
846 break;
847
848 case SERIAL_NOTIFY:
849 /* This is a signal to synchronize with the cache server just now */
850 rpki_handle_serial_notify_pdu(cache, (void *) pdu);
851 break;
852
853 case CACHE_RESPONSE:
854 rpki_handle_cache_response_pdu(cache, (void *) pdu);
855 break;
856
857 case IPV4_PREFIX:
858 case IPV6_PREFIX:
859 rpki_handle_prefix_pdu(cache, pdu);
860 break;
861
862 case END_OF_DATA:
863 rpki_handle_end_of_data_pdu(cache, (void *) pdu);
864 break;
865
866 case CACHE_RESET:
867 /* Cache cannot provide an incremental update. */
868 rpki_cache_change_state(cache, RPKI_CS_NO_INCR_UPDATE_AVAIL);
869 break;
870
871 case ERROR:
872 rpki_handle_error_pdu(cache, (void *) pdu);
873 break;
874
875 case ROUTER_KEY:
876 /* TODO: Implement Router Key PDU handling */
877 break;
878
879 default:
880 CACHE_TRACE(D_PACKETS, cache, "Received unsupported type (%u)", pdu->type);
881 };
882}
883
884int
b94e5e58 885rpki_rx_hook(struct birdsock *sk, uint size)
65d2a88d
PT		 886{
887 struct rpki_cache *cache = sk->data;
888 struct rpki_proto *p = cache->p;
889
890 byte *pkt_start = sk->rbuf;
891 byte *end = pkt_start + size;
892
b94e5e58 893 DBG("rx hook got %u bytes \n", size);
65d2a88d
PT		 894
895 while (end >= pkt_start + RPKI_PDU_HEADER_LEN)
896 {
897 struct pdu_header *pdu = (void *) pkt_start;
898 u32 pdu_size = ntohl(pdu->len);
899
900 if (pdu_size < RPKI_PDU_HEADER_LEN || pdu_size > RPKI_PDU_MAX_LEN)
901 {
902 RPKI_WARN(p, "Received invalid packet length %u, purge the whole receiving buffer", pdu_size);
903 return 1; /* Purge recv buffer */
904 }
905
906 if (end < pkt_start + pdu_size)
907 break;
908
909 rpki_rx_packet(cache, pdu);
910
911 /* It is possible that bird socket was freed/closed */
912 if (p->p.proto_state == PS_DOWN || sk != cache->tr_sock->sk)
913 return 0;
914
915 pkt_start += pdu_size;
916 }
917
918 if (pkt_start != sk->rbuf)
919 {
920 CACHE_DBG(cache, "Move %u bytes of a memory at the start of buffer", end - pkt_start);
921 memmove(sk->rbuf, pkt_start, end - pkt_start);
922 sk->rpos = sk->rbuf + (end - pkt_start);
923 }
924
925 return 0; /* Not purge sk->rbuf */
926}
927
928void
929rpki_err_hook(struct birdsock *sk, int error_num)
930{
931 struct rpki_cache *cache = sk->data;
932
933 if (error_num)
934 {
935 /* sk->err may contains a SSH error description */
936 if (sk->err)
937 CACHE_TRACE(D_EVENTS, cache, "Lost connection: %s", sk->err);
938 else
939 CACHE_TRACE(D_EVENTS, cache, "Lost connection: %M", error_num);
940 }
941 else
942 {
943 CACHE_TRACE(D_EVENTS, cache, "The other side closed a connection");
944 }
945
946
947 rpki_cache_change_state(cache, RPKI_CS_ERROR_TRANSPORT);
948}
949
950static int
951rpki_fire_tx(struct rpki_cache *cache)
952{
953 sock *sk = cache->tr_sock->sk;
954
955 uint bytes_to_send = sk->tpos - sk->tbuf;
956 DBG("Sending %u bytes", bytes_to_send);
957 return sk_send(sk, bytes_to_send);
958}
959
960void
961rpki_tx_hook(sock *sk)
962{
963 struct rpki_cache *cache = sk->data;
964
965 while (rpki_fire_tx(cache) > 0)
966 ;
967}
968
969void
970rpki_connected_hook(sock *sk)
971{
972 struct rpki_cache *cache = sk->data;
973
974 CACHE_TRACE(D_EVENTS, cache, "Connected");
975 proto_notify_state(&cache->p->p, PS_UP);
976
977 sk->rx_hook = rpki_rx_hook;
978 sk->tx_hook = rpki_tx_hook;
979
980 rpki_cache_change_state(cache, RPKI_CS_SYNC_START);
981}
982
983/**
984 * rpki_send_error_pdu - send RPKI Error PDU
985 * @cache: RPKI connection instance
986 * @error_code: PDU Error type
987 * @err_pdu_len: length of @erroneous_pdu
988 * @erroneous_pdu: optional network byte-order PDU that invokes Error by us or NULL
989 * @fmt: optional description text of error or NULL
990 * @args: optional arguments for @fmt
991 *
992 * This function prepares Error PDU and sends it to a cache server.
993 */
994static int
995rpki_send_error_pdu(struct rpki_cache *cache, const enum pdu_error_type error_code, const u32 err_pdu_len, const struct pdu_header *erroneous_pdu, const char *fmt, ...)
996{
997 va_list args;
998 char msg[128];
999
1000 /* Size including the terminating null byte ('\0') */
1001 int msg_len = 0;
1002
1003 /* Don't send errors for erroneous error PDUs */
1004 if (err_pdu_len >= 2)
1005 {
1006 if (erroneous_pdu->type == ERROR)
1007 return RPKI_SUCCESS;
1008 }
1009
1010 if (fmt)
1011 {
1012 va_start(args, fmt);
1013 msg_len = bvsnprintf(msg, sizeof(msg), fmt, args) + 1;
1014 }
1015
1016 u32 pdu_size = 16 + err_pdu_len + msg_len;
1017 byte pdu[pdu_size];
af62c0f9 1018 memset(pdu, 0, sizeof(pdu));
65d2a88d
PT		 1019
1020 struct pdu_error *e = (void *) pdu;
1021 e->ver = cache->version;
1022 e->type = ERROR;
1023 e->error_code = error_code;
1024 e->len = pdu_size;
1025
1026 e->len_enc_pdu = err_pdu_len;
1027 if (err_pdu_len > 0)
1028 memcpy(e->rest, erroneous_pdu, err_pdu_len);
1029
1030 *((u32 *)(e->rest + err_pdu_len)) = msg_len;
1031 if (msg_len > 0)
1032 memcpy(e->rest + err_pdu_len + 4, msg, msg_len);
1033
1034 return rpki_send_pdu(cache, pdu, pdu_size);
1035}
1036
1037int
1038rpki_send_serial_query(struct rpki_cache *cache)
1039{
1040 struct pdu_serial_query pdu = {
1041 .ver = cache->version,
1042 .type = SERIAL_QUERY,
1043 .session_id = cache->session_id,
1044 .len = sizeof(pdu),
1045 .serial_num = cache->serial_num
1046 };
1047
1048 if (rpki_send_pdu(cache, &pdu, sizeof(pdu)) != RPKI_SUCCESS)
1049 {
1050 rpki_cache_change_state(cache, RPKI_CS_ERROR_TRANSPORT);
1051 return RPKI_ERROR;
1052 }
1053
1054 return RPKI_SUCCESS;
1055}
1056
1057int
1058rpki_send_reset_query(struct rpki_cache *cache)
1059{
1060 struct pdu_reset_query pdu = {
1061 .ver = cache->version,
1062 .type = RESET_QUERY,
1063 .len = sizeof(pdu),
1064 };
1065
1066 if (rpki_send_pdu(cache, &pdu, sizeof(pdu)) != RPKI_SUCCESS)
1067 {
1068 rpki_cache_change_state(cache, RPKI_CS_ERROR_TRANSPORT);
1069 return RPKI_ERROR;
1070 }
1071
1072 return RPKI_SUCCESS;
1073}
Mirror of https://gitlab.labs.nic.cz/labs/bird.git