rtr_server_SOURCES += json_parser.c json_parser.h
rtr_server_SOURCES += line_file.c line_file.h
rtr_server_SOURCES += notify.c notify.h
+rtr_server_SOURCES += slurm_db.c slurm_db.h
rtr_server_SOURCES += slurm_loader.c slurm_loader.h
rtr_server_SOURCES += slurm_parser.c slurm_parser.h
rtr_server_SOURCES += updates_daemon.c updates_daemon.h
return error ? error_ul2i(error) : 0;
}
+/*
+ * Decode a base64 encoded string (@str_encoded), the decoded value is
+ * allocated at @result with a length of @result_len.
+ *
+ * Return 0 on success, or the error code if something went wrong. Don't forget
+ * to free @result after a successful decoding.
+ */
int
base64url_decode(char const *str_encoded, unsigned char **result,
size_t *result_len)
--- /dev/null
+#include "slurm_db.h"
+
+#include <stdbool.h>
+#include "array_list.h"
+
+ARRAY_LIST(al_filter_prefix, struct slurm_prefix)
+ARRAY_LIST(al_assertion_prefix, struct slurm_prefix)
+ARRAY_LIST(al_filter_bgpsec, struct slurm_bgpsec)
+ARRAY_LIST(al_assertion_bgpsec, struct slurm_bgpsec)
+
+struct arraylist_db {
+ struct al_filter_prefix filter_pfx_al;
+ struct al_assertion_prefix assertion_pfx_al;
+ struct al_filter_bgpsec filter_bgps_al;
+ struct al_assertion_bgpsec assertion_bgps_al;
+} array_lists_db;
+
+int
+slurm_db_init(void)
+{
+ al_filter_prefix_init(&array_lists_db.filter_pfx_al);
+ al_assertion_prefix_init(&array_lists_db.assertion_pfx_al);
+ al_filter_bgpsec_init(&array_lists_db.filter_bgps_al);
+ al_assertion_bgpsec_init(&array_lists_db.assertion_bgps_al);
+
+ return 0;
+}
+
+int
+slurm_db_add_prefix_filter(struct slurm_prefix *prefix)
+{
+ /* TODO check for exact duplicates and overwritten rules */
+ return al_filter_prefix_add(&array_lists_db.filter_pfx_al, prefix);
+}
+
+int
+slurm_db_add_prefix_assertion(struct slurm_prefix *prefix)
+{
+ /* TODO check for exact duplicates and overwritten rules */
+ return al_assertion_prefix_add(&array_lists_db.assertion_pfx_al,
+ prefix);
+}
+
+int
+slurm_db_add_bgpsec_filter(struct slurm_bgpsec *bgpsec)
+{
+ /* TODO check for exact duplicates and overwritten rules */
+ return al_filter_bgpsec_add(&array_lists_db.filter_bgps_al, bgpsec);
+}
+
+int
+slurm_db_add_bgpsec_assertion(struct slurm_bgpsec *bgpsec)
+{
+ /* TODO check for exact duplicates and overwritten rules */
+ return al_assertion_bgpsec_add(&array_lists_db.assertion_bgps_al,
+ bgpsec);
+}
+
+static void
+clean_slurm_prefix(struct slurm_prefix *prefix)
+{
+ if ((prefix->data_flag & SLURM_COM_FLAG_COMMENT) > 0)
+ free((void *)prefix->comment);
+}
+
+static void
+clean_slurm_bgpsec(struct slurm_bgpsec *bgpsec)
+{
+ if ((bgpsec->data_flag & SLURM_BGPS_FLAG_SKI) > 0)
+ free(bgpsec->ski);
+ if ((bgpsec->data_flag & SLURM_BGPS_FLAG_ROUTER_KEY) > 0)
+ free(bgpsec->router_public_key);
+ if ((bgpsec->data_flag & SLURM_COM_FLAG_COMMENT) > 0)
+ free((void *)bgpsec->comment);
+}
+
+void
+slurm_db_cleanup(void)
+{
+ /* TODO TEST DEBUG */
+ struct slurm_prefix *p;
+ struct slurm_bgpsec *b;
+ ARRAYLIST_FOREACH(&array_lists_db.filter_pfx_al, p) {
+ warnx("SLURM Prefix Filter:");
+ if ((p->data_flag & SLURM_COM_FLAG_ASN) > 0)
+ warnx("-->ASN: %u", p->asn);
+ if ((p->data_flag & SLURM_COM_FLAG_COMMENT) > 0)
+ warnx("-->Comment: %s", p->comment);
+ if ((p->data_flag & SLURM_PFX_FLAG_PREFIX) > 0) {
+ warnx("-->Addr fam: %u", p->addr_fam);
+ warnx("-->Prefix len: %u", p->prefix_length);
+ }
+ }
+
+ ARRAYLIST_FOREACH(&array_lists_db.filter_bgps_al, b) {
+ warnx("SLURM BGPsec Filter:");
+ if ((b->data_flag & SLURM_COM_FLAG_ASN) > 0)
+ warnx("-->ASN: %u", b->asn);
+ if ((b->data_flag & SLURM_COM_FLAG_COMMENT) > 0)
+ warnx("-->Comment: %s", b->comment);
+ if ((b->data_flag & SLURM_BGPS_FLAG_SKI) > 0) {
+ warnx("-->SKI:");
+ int i = 0;
+ for (; i < b->ski_len; i++)
+ warnx("---->[%d] = %02X", i, b->ski[i]);
+ }
+ if ((b->data_flag & SLURM_BGPS_FLAG_ROUTER_KEY) > 0) {
+ warnx("-->SPKI:");
+ int i = 0;
+ for (; i < b->router_public_key_len; i++)
+ warnx("---->[%d] = %02X", i,
+ b->router_public_key[i]);
+ }
+ }
+
+ ARRAYLIST_FOREACH(&array_lists_db.assertion_pfx_al, p) {
+ warnx("SLURM Prefix Assertion:");
+ if ((p->data_flag & SLURM_COM_FLAG_ASN) > 0)
+ warnx("-->ASN: %u", p->asn);
+ if ((p->data_flag & SLURM_COM_FLAG_COMMENT) > 0)
+ warnx("-->Comment: %s", p->comment);
+ if ((p->data_flag & SLURM_PFX_FLAG_PREFIX) > 0) {
+ warnx("-->Addr fam: %u", p->addr_fam);
+ warnx("-->Prefix len: %u", p->prefix_length);
+ }
+ }
+
+ ARRAYLIST_FOREACH(&array_lists_db.assertion_bgps_al, b) {
+ warnx("SLURM BGPsec Assertion:");
+ if ((b->data_flag & SLURM_COM_FLAG_ASN) > 0)
+ warnx("-->ASN: %u", b->asn);
+ if ((b->data_flag & SLURM_COM_FLAG_COMMENT) > 0)
+ warnx("-->Comment: %s", b->comment);
+ if ((b->data_flag & SLURM_BGPS_FLAG_SKI) > 0) {
+ warnx("-->SKI:");
+ int i = 0;
+ for (; i < b->ski_len; i++)
+ warnx("---->[%d] = %02X", i, b->ski[i]);
+ }
+ if ((b->data_flag & SLURM_BGPS_FLAG_ROUTER_KEY) > 0) {
+ warnx("-->SPKI:");
+ int i = 0;
+ for (; i < b->router_public_key_len; i++)
+ warnx("---->[%d] = %02X", i,
+ b->router_public_key[i]);
+ }
+ }
+ warnx("**Deleting SLURM DB now**");
+
+ al_filter_prefix_cleanup(&array_lists_db.filter_pfx_al,
+ clean_slurm_prefix);
+ al_filter_bgpsec_cleanup(&array_lists_db.filter_bgps_al,
+ clean_slurm_bgpsec);
+ al_assertion_prefix_cleanup(&array_lists_db.assertion_pfx_al,
+ clean_slurm_prefix);
+ al_assertion_bgpsec_cleanup(&array_lists_db.assertion_bgps_al,
+ clean_slurm_bgpsec);
+}
--- /dev/null
+#ifndef SRC_SLURM_DB_H_
+#define SRC_SLURM_DB_H_
+
+#include "slurm_parser.h"
+
+struct slurm_prefix_list {
+ struct slurm_prefix *list;
+ unsigned int len;
+};
+
+struct slurm_bgpsec_list {
+ struct slurm_bgpsec *list;
+ unsigned int len;
+};
+
+struct slurm_db {
+ struct slurm_prefix_list prefix_filters;
+ struct slurm_bgpsec_list bgpsec_filters;
+ struct slurm_prefix_list prefix_assertions;
+ struct slurm_bgpsec_list bgpsec_assertions;
+};
+
+int slurm_db_init(void);
+
+int slurm_db_add_prefix_filter(struct slurm_prefix *);
+int slurm_db_add_prefix_assertion(struct slurm_prefix *);
+int slurm_db_add_bgpsec_filter(struct slurm_bgpsec *);
+int slurm_db_add_bgpsec_assertion(struct slurm_bgpsec *);
+
+void slurm_db_cleanup(void);
+
+#endif /* SRC_SLURM_DB_H_ */
#include <string.h>
#include "configuration.h"
+#include "slurm_db.h"
#include "slurm_parser.h"
#define SLURM_FILE_EXTENSION ".slurm"
if (slurm_dir == NULL)
return 0;
+ error = slurm_db_init();
+ if (error)
+ return error;
+
dir_loc = opendir(slurm_dir);
if (dir_loc == NULL) {
warn("Couldn't open dir %s", slurm_dir);
return -errno;
}
- error = 0;
errno = 0;
while ((dir_ent = readdir(dir_loc)) != NULL) {
error = single_slurm_load(slurm_dir, dir_ent->d_name);
void
slurm_cleanup(void)
{
- /* TODO Nothing for now */
+ /* Only if the SLURM was configured */
+ if (config_get_slurm_location() != NULL)
+ slurm_db_cleanup();
}
#include <string.h>
#include <openssl/evp.h>
-#include "address.h"
#include "crypto/base64.h"
+#include "address.h"
#include "json_parser.h"
+#include "slurm_db.h"
/* JSON members */
#define SLURM_VERSION "slurmVersion"
return -EINVAL; \
}
-struct slurm_prefix {
- u_int8_t data_flag;
- u_int32_t asn;
- union {
- struct in_addr ipv4_prefix;
- struct in6_addr ipv6_prefix;
- };
- u_int8_t prefix_length;
- u_int8_t max_prefix_length;
- u_int8_t addr_fam;
- char const *comment;
-};
-
-struct slurm_bgpsec {
- u_int8_t data_flag;
- u_int32_t asn;
- unsigned char *ski;
- size_t ski_len;
- unsigned char *routerPublicKey;
- size_t routerPublicKey_len;
- char const *comment;
-};
-
static int handle_json(json_t *);
int
static int
set_comment(json_t *object, char const **comment, u_int8_t *flag)
{
+ char const *tmp;
int error;
- error = json_get_string(object, COMMENT, comment);
+ error = json_get_string(object, COMMENT, &tmp);
if (error)
return error;
- if (*comment != NULL)
- *flag = *flag | SLURM_COM_FLAG_COMMENT;
+ if (tmp == NULL)
+ return 0;
+
+ *comment = strdup(tmp);
+ *flag = *flag | SLURM_COM_FLAG_COMMENT;
return 0;
}
if (error)
return error;
- /* TODO persist, free later */
- free(result->ski);
-
/* Validate that's at least 20 octects long */
if (result->ski_len != 20) {
warnx("The decoded SKI must be 20 octets long");
+ free(result->ski);
return -EINVAL;
}
return error;
/* TODO The public key may contain NULL chars as part of the string */
- error = base64url_decode(str_encoded, &result->routerPublicKey,
- &result->routerPublicKey_len);
+ error = base64url_decode(str_encoded, &result->router_public_key,
+ &result->router_public_key_len);
if (error)
return error;
* #include <libcmscodec/SubjectPublicKeyInfo.h>
* #include "asn1/decode.h"
* struct SubjectPublicKeyInfo *router_pki;
- * error = asn1_decode(result->routerPublicKey, result->routerPublicKey_len,
- * &asn_DEF_SubjectPublicKeyInfo, (void **) &router_pki);
+ * error = asn1_decode(result->router_public_key,
+ * result->router_public_key_len, &asn_DEF_SubjectPublicKeyInfo,
+ * (void **) &router_pki);
*/
- /* TODO persist, free later */
- free(result->routerPublicKey);
-
result->data_flag = result->data_flag | SLURM_BGPS_FLAG_ROUTER_KEY;
return 0;
}
return -EINVAL;
}
- /* TODO Loaded! Now persist it... */
+ /* Loaded! Now persist it */
+ if (is_assertion)
+ slurm_db_add_prefix_assertion(&result);
+ else
+ slurm_db_add_prefix_filter(&result);
+
return 0;
}
error = set_router_pub_key(object, is_assertion, &result);
if (error)
- return error;
+ goto release_ski;
error = set_comment(object, &result.comment, &result.data_flag);
if (error)
- return error;
+ goto release_router_key;
+
+ /* Loaded! Now persist it */
+ if (is_assertion)
+ error = slurm_db_add_bgpsec_assertion(&result);
+ else
+ error = slurm_db_add_bgpsec_filter(&result);
+ if (error)
+ goto release_router_key;
return 0;
+
+release_router_key:
+ free(result.router_public_key);
+release_ski:
+ free(result.ski);
+ return error;
}
static int
#ifndef SRC_SLURM_PARSER_H_
#define SRC_SLURM_PARSER_H_
+#include <netinet/in.h>
+
/* Flags to get data from structs */
#define SLURM_COM_FLAG_NONE 0x00
#define SLURM_COM_FLAG_ASN 0x01
#define SLURM_BGPS_FLAG_SKI 0x04
#define SLURM_BGPS_FLAG_ROUTER_KEY 0x08
+struct slurm_prefix {
+ u_int8_t data_flag;
+ u_int32_t asn;
+ union {
+ struct in_addr ipv4_prefix;
+ struct in6_addr ipv6_prefix;
+ };
+ u_int8_t prefix_length;
+ u_int8_t max_prefix_length;
+ u_int8_t addr_fam;
+ char const *comment;
+};
+
+struct slurm_bgpsec {
+ u_int8_t data_flag;
+ u_int32_t asn;
+ unsigned char *ski;
+ size_t ski_len;
+ unsigned char *router_public_key;
+ size_t router_public_key_len;
+ char const *comment;
+};
+
int slurm_parse(char const *);
projects / thirdparty / FORT-validator.git / commitdiff
