From: pcarana Date: Tue, 23 Jul 2019 15:51:10 +0000 (-0500) Subject: Rename *bgpsec to *router_key, change SK data types, fix ERROR_PDU bug X-Git-Tag: v1.1.0~1^2~14 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4b46623b258076cc31b8ee36d79fd996e9ecc85e;p=thirdparty%2FFORT-validator.git Rename *bgpsec to *router_key, change SK data types, fix ERROR_PDU bug -Use 'router_key' naming instead of bgpsec once the certificates had been validated and are stored at base or deltas. -Use char arrays instead of pointers at SK (subject key) info, the DB hash table was detecting every validation run as an update for BGPsec certificates (pointers to sk_info's were always distinct). -Remove structure 'sk_info' and its related functions, now its data is set at 'router_key' struct. -Allow to receive larger error pdu messages. The maximum allowed length for PDUs received is 512 bytes, but the error messages couldn't be larger than 40 bytes (aprox). -Add Router Key PDU constant length. -Avoid needless comparisons at SLURM filters. --- diff --git a/src/object/bgpsec.c b/src/object/bgpsec.c index f3dd84c2..a2e8b16d 100644 --- a/src/object/bgpsec.c +++ b/src/object/bgpsec.c @@ -18,7 +18,7 @@ asn_cb(unsigned long asn, void *arg) return pr_err("BGPsec certificate is not allowed for ASN %lu.", asn); - return vhandler_handle_bgpsec(params->ski, asn, params->spk); + return vhandler_handle_router_key(params->ski, asn, params->spk); } int diff --git a/src/object/router_key.c b/src/object/router_key.c index 1664e50b..bc714c09 100644 --- a/src/object/router_key.c +++ b/src/object/router_key.c @@ -1,95 +1,12 @@ #include "object/router_key.h" #include -#include "log.h" -struct sk_info { - unsigned char *ski; - /* Lengths are constant (see RK_SKI_LEN, RK_SPKI_LEN) */ - unsigned char *spk; - unsigned int references; -}; - -static int -uchar_create(unsigned char **result, size_t size) -{ - unsigned char *tmp; - - tmp = malloc(size + 1); - if (tmp == NULL) - return pr_enomem(); - - *result = tmp; - return 0; -} - -int +void router_key_init(struct router_key *key, unsigned char const *ski, uint32_t as, unsigned char const *spk) { - struct sk_info *sk; - int error; - - sk = malloc(sizeof(struct sk_info)); - if (sk == NULL) - return pr_enomem(); - - error = uchar_create(&sk->ski, RK_SKI_LEN); - if (error) { - free(sk); - return pr_enomem(); - } - - error = uchar_create(&sk->spk, RK_SPKI_LEN); - if (error) { - free(sk->ski); - free(sk); - return pr_enomem(); - } - - memcpy(sk->ski, ski, RK_SKI_LEN); - sk->ski[RK_SKI_LEN] = '\0'; - memcpy(sk->spk, spk, RK_SPKI_LEN); - sk->spk[RK_SPKI_LEN] = '\0'; - sk->references = 1; - + memcpy(key->ski, ski, RK_SKI_LEN); + memcpy(key->spk, spk, RK_SPKI_LEN); key->as = as; - key->sk = sk; - - return 0; -} - -void -router_key_cleanup(struct router_key *key) -{ - sk_info_refput(key->sk); -} - -void -sk_info_refget(struct sk_info *sk) -{ - sk->references++; -} - -void -sk_info_refput(struct sk_info *sk) -{ - sk->references--; - if (sk->references == 0) { - free(sk->ski); - free(sk->spk); - free(sk); - } -} - -unsigned char * -sk_info_get_ski(struct sk_info *sk) -{ - return sk->ski; -} - -unsigned char * -sk_info_get_spk(struct sk_info *sk) -{ - return sk->spk; } diff --git a/src/object/router_key.h b/src/object/router_key.h index e070f142..26278a6c 100644 --- a/src/object/router_key.h +++ b/src/object/router_key.h @@ -20,27 +20,17 @@ */ #define RK_SPKI_LEN 91 -/* - * Subject key info with ref counter, use getters to fetch its data - */ -struct sk_info; - /* * Router Key representation */ struct router_key { + /* Lengths are constant (see RK_SKI_LEN, RK_SPKI_LEN) */ + unsigned char ski[RK_SKI_LEN]; uint32_t as; - struct sk_info *sk; + unsigned char spk[RK_SPKI_LEN]; }; -int router_key_init(struct router_key *, unsigned char const *, uint32_t, +void router_key_init(struct router_key *, unsigned char const *, uint32_t, unsigned char const *); -void router_key_cleanup(struct router_key *); - -void sk_info_refget(struct sk_info *); -void sk_info_refput(struct sk_info *); - -unsigned char *sk_info_get_ski(struct sk_info *); -unsigned char *sk_info_get_spk(struct sk_info *); #endif /* SRC_OBJECT_ROUTER_KEY_H_ */ diff --git a/src/output_printer.c b/src/output_printer.c index aa460dbb..a73319d5 100644 --- a/src/output_printer.c +++ b/src/output_printer.c @@ -75,7 +75,7 @@ print_roa(struct vrp const *vrp, void *arg) } static int -print_to_hex(unsigned char *data, size_t len, char **out) +print_to_hex(unsigned char const *data, size_t len, char **out) { char *tmp; char *init; @@ -108,10 +108,10 @@ print_router_key(struct router_key const *key, void *arg) char *buf2; int error; - error = print_to_hex(sk_info_get_ski(key->sk), RK_SKI_LEN, &buf1); + error = print_to_hex(key->ski, RK_SKI_LEN, &buf1); if (error) return error; - error = print_to_hex(sk_info_get_spk(key->sk),RK_SPKI_LEN, &buf2); + error = print_to_hex(key->spk, RK_SPKI_LEN, &buf2); if (error) return error; fprintf(out, "AS%u,%s,%s\n", key->as, buf1, buf2); diff --git a/src/rtr/db/db_table.c b/src/rtr/db/db_table.c index 4d688222..556edaad 100644 --- a/src/rtr/db/db_table.c +++ b/src/rtr/db/db_table.c @@ -48,7 +48,6 @@ db_table_destroy(struct db_table *table) HASH_ITER(hh, table->router_keys, node_key, tmp_key) { HASH_DEL(table->router_keys, node_key); - router_key_cleanup(&node_key->data); free(node_key); } @@ -127,10 +126,8 @@ add_router_key(struct db_table *table, struct hashable_key *new) HASH_REPLACE(hh, table->router_keys, data, sizeof(new->data), new, old); if (errno) return -pr_errno(errno, "Router Key couldn't be added to hash table"); - if (old != NULL) { - router_key_cleanup(&old->data); + if (old != NULL) free(old); - } return 0; } @@ -162,10 +159,8 @@ duplicate_roa(struct db_table *dst, struct hashable_roa *new) static int duplicate_key(struct db_table *dst, struct hashable_key *new) { - struct sk_info *sk = new->data.sk; - - return rtrhandler_handle_router_key(dst, sk_info_get_ski(sk), - new->data.as, sk_info_get_spk(sk)); + return rtrhandler_handle_router_key(dst, new->data.ski, new->data.as, + new->data.spk); } #define MERGE_ITER(table_prop, name, err_var) \ @@ -229,7 +224,6 @@ db_table_remove_router_key(struct db_table *table, HASH_FIND(hh, table->router_keys, del, sizeof(*del), ptr); if (ptr != NULL) { HASH_DELETE(hh, table->router_keys, ptr); - router_key_cleanup(&ptr->data); free(ptr); } } @@ -287,17 +281,12 @@ rtrhandler_handle_router_key(struct db_table *table, /* Needed by uthash */ memset(key, 0, sizeof(struct hashable_key)); - error = router_key_init(&key->data, ski, as, spk); - if (error) { - free(key); - return error; - } + router_key_init(&key->data, ski, as, spk); error = add_router_key(table, key); - if (error) { - router_key_cleanup(&key->data); + if (error) free(key); - } + return error; } @@ -353,7 +342,7 @@ add_roa_deltas(struct hashable_roa *roas1, struct hashable_roa *roas2, static int add_router_key_delta(struct deltas *deltas, struct hashable_key *key, int op) { - return deltas_add_bgpsec(deltas, &key->data, op); + return deltas_add_router_key(deltas, &key->data, op); } /* diff --git a/src/rtr/db/delta.c b/src/rtr/db/delta.c index 2cb318b8..45a31cf2 100644 --- a/src/rtr/db/delta.c +++ b/src/rtr/db/delta.c @@ -17,14 +17,15 @@ struct delta_v6 { uint8_t max_length; }; -struct delta_bsec { - uint32_t as; - struct sk_info *sk; +struct delta_rk { + unsigned char ski[RK_SKI_LEN]; + uint32_t as; + unsigned char spk[RK_SPKI_LEN]; }; ARRAY_LIST(deltas_v6, struct delta_v6) ARRAY_LIST(deltas_v4, struct delta_v4) -ARRAY_LIST(deltas_bgpsec, struct delta_bsec) +ARRAY_LIST(deltas_rk, struct delta_rk) struct deltas { struct { @@ -36,19 +37,13 @@ struct deltas { struct deltas_v6 removes; } v6; struct { - struct deltas_bgpsec adds; - struct deltas_bgpsec removes; - } bgpsec; + struct deltas_rk adds; + struct deltas_rk removes; + } rk; atomic_uint references; }; -static void -delta_bsec_cleanup(struct delta_bsec *bsec) -{ - sk_info_refput(bsec->sk); -} - int deltas_create(struct deltas **_result) { @@ -62,8 +57,8 @@ deltas_create(struct deltas **_result) deltas_v4_init(&result->v4.removes); deltas_v6_init(&result->v6.adds); deltas_v6_init(&result->v6.removes); - deltas_bgpsec_init(&result->bgpsec.adds); - deltas_bgpsec_init(&result->bgpsec.removes); + deltas_rk_init(&result->rk.adds); + deltas_rk_init(&result->rk.removes); atomic_init(&result->references, 1); *_result = result; @@ -88,9 +83,8 @@ deltas_refput(struct deltas *deltas) deltas_v4_cleanup(&deltas->v4.removes, NULL); deltas_v6_cleanup(&deltas->v6.adds, NULL); deltas_v6_cleanup(&deltas->v6.removes, NULL); - deltas_bgpsec_cleanup(&deltas->bgpsec.adds, delta_bsec_cleanup); - deltas_bgpsec_cleanup(&deltas->bgpsec.removes, - delta_bsec_cleanup); + deltas_rk_cleanup(&deltas->rk.adds, NULL); + deltas_rk_cleanup(&deltas->rk.removes, NULL); free(deltas); } } @@ -136,19 +130,19 @@ deltas_add_roa_v6(struct deltas *deltas, uint32_t as, struct v6_address *addr, } int -deltas_add_bgpsec(struct deltas *deltas, struct router_key *key, int op) +deltas_add_router_key(struct deltas *deltas, struct router_key *key, int op) { - struct delta_bsec delta = { + struct delta_rk delta = { .as = key->as, - .sk = key->sk, }; - sk_info_refget(key->sk); + memcpy(delta.ski, key->ski, RK_SKI_LEN); + memcpy(delta.spk, key->spk, RK_SPKI_LEN); switch (op) { case FLAG_ANNOUNCEMENT: - return deltas_bgpsec_add(&deltas->bgpsec.adds, &delta); + return deltas_rk_add(&deltas->rk.adds, &delta); case FLAG_WITHDRAWAL: - return deltas_bgpsec_add(&deltas->bgpsec.removes, &delta); + return deltas_rk_add(&deltas->rk.removes, &delta); } pr_crit("Unknown delta operation: %d", op); @@ -161,8 +155,8 @@ deltas_is_empty(struct deltas *deltas) && (deltas->v4.removes.len == 0) && (deltas->v6.adds.len == 0) && (deltas->v6.removes.len == 0) - && (deltas->bgpsec.adds.len == 0) - && (deltas->bgpsec.removes.len == 0); + && (deltas->rk.adds.len == 0) + && (deltas->rk.removes.len == 0); } static int @@ -218,11 +212,11 @@ __foreach_v6(struct deltas_v6 *array, delta_vrp_foreach_cb cb, void *arg, } static int -__foreach_bgpsec(struct deltas_bgpsec *array, delta_bgpsec_foreach_cb cb, +__foreach_rk(struct deltas_rk *array, delta_router_key_foreach_cb cb, void *arg, serial_t serial, uint8_t flags) { - struct delta_bgpsec delta; - struct delta_bsec *d; + struct delta_router_key delta; + struct delta_rk *d; array_index i; int error; @@ -231,10 +225,9 @@ __foreach_bgpsec(struct deltas_bgpsec *array, delta_bgpsec_foreach_cb cb, ARRAYLIST_FOREACH(array, d, i) { delta.router_key.as = d->as; - delta.router_key.sk = d->sk; - sk_info_refget(d->sk); + memcpy(delta.router_key.ski, d->ski, RK_SKI_LEN); + memcpy(delta.router_key.spk, d->spk, RK_SPKI_LEN); error = cb(&delta, arg); - sk_info_refput(d->sk); if (error) return error; } @@ -244,7 +237,7 @@ __foreach_bgpsec(struct deltas_bgpsec *array, delta_bgpsec_foreach_cb cb, int deltas_foreach(serial_t serial, struct deltas *deltas, - delta_vrp_foreach_cb cb_vrp, delta_bgpsec_foreach_cb cb_bgpsec, void *arg) + delta_vrp_foreach_cb cb_vrp, delta_router_key_foreach_cb cb_rk, void *arg) { int error; @@ -268,11 +261,11 @@ deltas_foreach(serial_t serial, struct deltas *deltas, if (error) return error; - error = __foreach_bgpsec(&deltas->bgpsec.adds, cb_bgpsec, arg, serial, + error = __foreach_rk(&deltas->rk.adds, cb_rk, arg, serial, FLAG_ANNOUNCEMENT); if (error) return error; - return __foreach_bgpsec(&deltas->bgpsec.removes, cb_bgpsec, arg, serial, + return __foreach_rk(&deltas->rk.removes, cb_rk, arg, serial, FLAG_WITHDRAWAL); } diff --git a/src/rtr/db/delta.h b/src/rtr/db/delta.h index 7b70d6fd..cdd44a03 100644 --- a/src/rtr/db/delta.h +++ b/src/rtr/db/delta.h @@ -13,10 +13,10 @@ void deltas_refput(struct deltas *); int deltas_add_roa_v4(struct deltas *, uint32_t, struct v4_address *, int); int deltas_add_roa_v6(struct deltas *, uint32_t, struct v6_address *, int); -int deltas_add_bgpsec(struct deltas *, struct router_key *, int); +int deltas_add_router_key(struct deltas *, struct router_key *, int); bool deltas_is_empty(struct deltas *); int deltas_foreach(serial_t, struct deltas *, delta_vrp_foreach_cb, - delta_bgpsec_foreach_cb, void *); + delta_router_key_foreach_cb, void *); #endif /* SRC_DELTA_H_ */ diff --git a/src/rtr/db/vrp.h b/src/rtr/db/vrp.h index 5b1f0c4e..68edf761 100644 --- a/src/rtr/db/vrp.h +++ b/src/rtr/db/vrp.h @@ -51,7 +51,7 @@ struct delta_vrp { uint8_t flags; }; -struct delta_bgpsec { +struct delta_router_key { serial_t serial; struct router_key router_key; uint8_t flags; @@ -61,6 +61,7 @@ typedef int (*vrp_foreach_cb)(struct vrp const *, void *); typedef int (*router_key_foreach_cb)(struct router_key const *, void *); typedef int (*delta_vrp_foreach_cb)(struct delta_vrp const *, void *); -typedef int (*delta_bgpsec_foreach_cb)(struct delta_bgpsec const *, void *); +typedef int (*delta_router_key_foreach_cb)(struct delta_router_key const *, + void *); #endif /* SRC_RTR_DB_VRP_H_ */ diff --git a/src/rtr/db/vrps.c b/src/rtr/db/vrps.c index 14c62de2..b6a1bb01 100644 --- a/src/rtr/db/vrps.c +++ b/src/rtr/db/vrps.c @@ -28,18 +28,18 @@ struct vrp_node { SLIST_ENTRY(vrp_node) next; }; -struct bgpsec_node { - struct delta_bgpsec delta; - SLIST_ENTRY(bgpsec_node) next; +struct rk_node { + struct delta_router_key delta; + SLIST_ENTRY(rk_node) next; }; /** Sorted list to filter deltas */ SLIST_HEAD(vrp_slist, vrp_node); -SLIST_HEAD(bgpsec_slist, bgpsec_node); +SLIST_HEAD(rk_slist, rk_node); struct sorted_lists { struct vrp_slist prefixes; - struct bgpsec_slist bgpsec; + struct rk_slist router_keys; }; struct state { @@ -125,8 +125,8 @@ __handle_roa_v6(uint32_t as, struct ipv6_prefix const * prefix, } int -__handle_bgpsec(unsigned char const *ski, uint32_t as, unsigned char const *spk, - void *arg) +__handle_router_key(unsigned char const *ski, uint32_t as, + unsigned char const *spk, void *arg) { return rtrhandler_handle_router_key(arg, ski, as, spk); } @@ -144,7 +144,7 @@ __perform_standalone_validation(struct db_table **result) validation_handler.handle_roa_v4 = __handle_roa_v4; validation_handler.handle_roa_v6 = __handle_roa_v6; - validation_handler.handle_bgpsec = __handle_bgpsec; + validation_handler.handle_router_key = __handle_router_key; validation_handler.arg = db; error = perform_standalone_validation(&validation_handler); @@ -395,34 +395,32 @@ vrp_ovrd_remove(struct delta_vrp const *delta, void *arg) } static int -bgpsec_ovrd_remove(struct delta_bgpsec const *delta, void *arg) +router_key_ovrd_remove(struct delta_router_key const *delta, void *arg) { struct sorted_lists *lists = arg; - struct bgpsec_node *ptr; - struct bgpsec_slist *filtered_bgpsec; + struct rk_node *ptr; + struct rk_slist *filtered_keys; struct router_key const *key; - filtered_bgpsec = &lists->bgpsec; - SLIST_FOREACH(ptr, filtered_bgpsec, next) { + filtered_keys = &lists->router_keys; + SLIST_FOREACH(ptr, filtered_keys, next) { key = &delta->router_key; if (key->as == ptr->delta.router_key.as && - memcmp(sk_info_get_ski(key->sk), - sk_info_get_ski(ptr->delta.router_key.sk), RK_SKI_LEN) && - memcmp(sk_info_get_spk(key->sk), - sk_info_get_spk(ptr->delta.router_key.sk), RK_SPKI_LEN) && + memcmp(key->ski, ptr->delta.router_key.ski, RK_SKI_LEN) && + memcmp(key->spk, ptr->delta.router_key.spk, RK_SPKI_LEN) && delta->flags != ptr->delta.flags) { - SLIST_REMOVE(filtered_bgpsec, ptr, bgpsec_node, next); + SLIST_REMOVE(filtered_keys, ptr, rk_node, next); free(ptr); return 0; } } - ptr = malloc(sizeof(struct bgpsec_node)); + ptr = malloc(sizeof(struct rk_node)); if (ptr == NULL) return pr_enomem(); ptr->delta = *delta; - SLIST_INSERT_HEAD(filtered_bgpsec, ptr, next); + SLIST_INSERT_HEAD(filtered_keys, ptr, next); return 0; } @@ -432,13 +430,13 @@ bgpsec_ovrd_remove(struct delta_bgpsec const *delta, void *arg) */ int vrps_foreach_filtered_delta(struct deltas_db *deltas, - delta_vrp_foreach_cb cb_prefix, delta_bgpsec_foreach_cb cb_bgpsec, + delta_vrp_foreach_cb cb_prefix, delta_router_key_foreach_cb cb_rk, void *arg) { struct sorted_lists filtered_lists; struct delta_group *group; struct vrp_node *vnode; - struct bgpsec_node *bnode; + struct rk_node *rnode; array_index i; int error = 0; @@ -448,10 +446,10 @@ vrps_foreach_filtered_delta(struct deltas_db *deltas, * are immutable.) */ SLIST_INIT(&filtered_lists.prefixes); - SLIST_INIT(&filtered_lists.bgpsec); + SLIST_INIT(&filtered_lists.router_keys); ARRAYLIST_FOREACH(deltas, group, i) { error = deltas_foreach(group->serial, group->deltas, - vrp_ovrd_remove, bgpsec_ovrd_remove, &filtered_lists); + vrp_ovrd_remove, router_key_ovrd_remove, &filtered_lists); if (error) goto release_list; } @@ -462,8 +460,8 @@ vrps_foreach_filtered_delta(struct deltas_db *deltas, if (error) break; } - SLIST_FOREACH(bnode, &filtered_lists.bgpsec, next) { - error = cb_bgpsec(&bnode->delta, arg); + SLIST_FOREACH(rnode, &filtered_lists.router_keys, next) { + error = cb_rk(&rnode->delta, arg); if (error) break; } @@ -474,10 +472,10 @@ release_list: SLIST_REMOVE_HEAD(&filtered_lists.prefixes, next); free(vnode); } - while (!SLIST_EMPTY(&filtered_lists.bgpsec)) { - bnode = filtered_lists.bgpsec.slh_first; - SLIST_REMOVE_HEAD(&filtered_lists.bgpsec, next); - free(bnode); + while (!SLIST_EMPTY(&filtered_lists.router_keys)) { + rnode = filtered_lists.router_keys.slh_first; + SLIST_REMOVE_HEAD(&filtered_lists.router_keys, next); + free(rnode); } return error; diff --git a/src/rtr/db/vrps.h b/src/rtr/db/vrps.h index 48a3abaa..6d6bc771 100644 --- a/src/rtr/db/vrps.h +++ b/src/rtr/db/vrps.h @@ -34,7 +34,7 @@ int vrps_get_deltas_from(serial_t, serial_t *, struct deltas_db *); int get_last_serial_number(serial_t *); int vrps_foreach_filtered_delta(struct deltas_db *, delta_vrp_foreach_cb, - delta_bgpsec_foreach_cb, void *); + delta_router_key_foreach_cb, void *); uint16_t get_current_session_id(uint8_t); diff --git a/src/rtr/pdu.h b/src/rtr/pdu.h index b2ff6356..db752c17 100644 --- a/src/rtr/pdu.h +++ b/src/rtr/pdu.h @@ -5,6 +5,7 @@ #include #include "common.h" +#include "object/router_key.h" #include "rtr/primitive_reader.h" #define RTR_V0 0 @@ -51,9 +52,11 @@ enum pdu_type { #define RTRPDU_END_OF_DATA_V0_LEN 12 #define RTRPDU_END_OF_DATA_V1_LEN 24 #define RTRPDU_CACHE_RESET_LEN 8 +#define RTRPDU_ROUTER_KEY_LEN 123 /* Ignores Error Report PDUs, which is fine. */ #define RTRPDU_MAX_LEN RTRPDU_IPV6_PREFIX_LEN +#define RTRPDU_ERR_MAX_LEN 256 struct pdu_header { uint8_t protocol_version; @@ -118,17 +121,17 @@ struct cache_reset_pdu { struct router_key_pdu { struct pdu_header header; - unsigned char *ski; + unsigned char ski[RK_SKI_LEN]; size_t ski_len; uint32_t asn; - unsigned char *spki; + unsigned char spki[RK_SPKI_LEN]; size_t spki_len; }; struct error_report_pdu { struct pdu_header header; uint32_t error_pdu_length; - unsigned char erroneous_pdu[RTRPDU_MAX_LEN]; + unsigned char erroneous_pdu[RTRPDU_ERR_MAX_LEN]; uint32_t error_message_length; rtr_char *error_message; }; diff --git a/src/rtr/pdu_sender.c b/src/rtr/pdu_sender.c index 977dfe8c..b1b5bfdd 100644 --- a/src/rtr/pdu_sender.c +++ b/src/rtr/pdu_sender.c @@ -161,10 +161,9 @@ send_router_key_pdu(int fd, uint8_t version, struct router_key const *router_key, uint8_t flags) { struct router_key_pdu pdu; - unsigned char *data; + unsigned char data[RTRPDU_ROUTER_KEY_LEN]; size_t len; uint16_t reserved; - int error; /* Sanity check: this can't be sent on RTRv0 */ if (version == RTR_V0) @@ -174,38 +173,20 @@ send_router_key_pdu(int fd, uint8_t version, /* Set the flags at the first 8 bits of reserved field */ reserved += (flags << 8); set_header_values(&pdu.header, version, PDU_TYPE_ROUTER_KEY, reserved); + pdu.header.length = RTRPDU_ROUTER_KEY_LEN; - pdu.ski = sk_info_get_ski(router_key->sk); + memcpy(pdu.ski, router_key->ski, RK_SKI_LEN); pdu.ski_len = RK_SKI_LEN; pdu.asn = router_key->as; - pdu.spki = sk_info_get_spk(router_key->sk); + memcpy(pdu.spki, router_key->spk, RK_SPKI_LEN); pdu.spki_len = RK_SPKI_LEN; - pdu.header.length = RTRPDU_HDR_LEN - + RK_SKI_LEN - + sizeof(router_key->as) - + RK_SPKI_LEN; - sk_info_refget(router_key->sk); - - data = malloc(pdu.header.length); - if (data == NULL) { - error = pr_enomem(); - goto release_sk; - } len = serialize_router_key_pdu(&pdu, data); - if (len != pdu.header.length) { - sk_info_refput(router_key->sk); - free(data); + if (len != RTRPDU_ROUTER_KEY_LEN) pr_crit("Serialized Router Key PDU is %zu bytes, not the expected %u.", len, pdu.header.length); - } - - error = send_response(fd, data, len); - free(data); -release_sk: - sk_info_refput(router_key->sk); - return error; + return send_response(fd, data, len); } struct simple_param { @@ -223,7 +204,7 @@ vrp_simply_send(struct delta_vrp const *delta, void *arg) } static int -router_key_simply_send(struct delta_bgpsec const *delta, void *arg) +router_key_simply_send(struct delta_router_key const *delta, void *arg) { struct simple_param *param = arg; diff --git a/src/slurm/slurm_db.c b/src/slurm/slurm_db.c index 90bb2195..55410d6f 100644 --- a/src/slurm/slurm_db.c +++ b/src/slurm/slurm_db.c @@ -69,10 +69,10 @@ prefix_equal(struct slurm_prefix *left, struct slurm_prefix *right, if ((left->data_flag & SLURM_COM_FLAG_ASN) > 0) equal = equal && VRP_ASN_EQ(left_vrp, right_vrp); - if ((left->data_flag & SLURM_PFX_FLAG_PREFIX) > 0) + if (equal && (left->data_flag & SLURM_PFX_FLAG_PREFIX) > 0) equal = equal && VRP_PREFIX_EQ(left_vrp, right_vrp); - if ((left->data_flag & SLURM_PFX_FLAG_MAX_LENGTH) > 0) + if (equal && (left->data_flag & SLURM_PFX_FLAG_MAX_LENGTH) > 0) equal = equal && ((left->data_flag & SLURM_PFX_FLAG_MAX_LENGTH) > 0) && VRP_MAX_PREFIX_LEN_EQ(left_vrp, right_vrp); @@ -112,11 +112,11 @@ bgpsec_equal(struct slurm_bgpsec *left, struct slurm_bgpsec *right, if ((left->data_flag & SLURM_COM_FLAG_ASN) > 0) equal = equal && left->asn == right->asn; - if ((left->data_flag & SLURM_BGPS_FLAG_SKI) > 0) + if (equal && (left->data_flag & SLURM_BGPS_FLAG_SKI) > 0) equal = equal && memcmp(left->ski, right->ski, RK_SKI_LEN) == 0; - if ((left->data_flag & SLURM_BGPS_FLAG_ROUTER_KEY) > 0) + if (equal && (left->data_flag & SLURM_BGPS_FLAG_ROUTER_KEY) > 0) equal = equal && memcmp(left->router_public_key, right->router_public_key, RK_SPKI_LEN) == 0; @@ -193,16 +193,24 @@ bool slurm_db_bgpsec_is_filtered(struct router_key const *key) { struct slurm_bgpsec slurm_bgpsec; + unsigned char *tmp; + bool result; - sk_info_refget(key->sk); - slurm_bgpsec.data_flag = SLURM_COM_FLAG_ASN | SLURM_BGPS_FLAG_SKI - | SLURM_BGPS_FLAG_ROUTER_KEY; - slurm_bgpsec.ski = sk_info_get_ski(key->sk); - slurm_bgpsec.router_public_key = sk_info_get_spk(key->sk); + tmp = malloc(RK_SKI_LEN); + if (tmp == NULL) { + pr_enomem(); + return false; + } + slurm_bgpsec.data_flag = SLURM_COM_FLAG_ASN | SLURM_BGPS_FLAG_SKI; + memcpy(tmp, key->ski, RK_SKI_LEN); + slurm_bgpsec.ski = tmp; + /* Router public key isn't used at filters */ + slurm_bgpsec.router_public_key = NULL; slurm_bgpsec.comment = NULL; - sk_info_refput(key->sk); - return bgpsec_filter_exists(&slurm_bgpsec); + result = bgpsec_filter_exists(&slurm_bgpsec); + free(tmp); + return result; } int diff --git a/src/slurm/slurm_parser.c b/src/slurm/slurm_parser.c index ff21753a..ab19bb65 100644 --- a/src/slurm/slurm_parser.c +++ b/src/slurm/slurm_parser.c @@ -553,21 +553,21 @@ load_bgpsec_array(json_t *array, bool is_assertion) json_array_foreach(array, index, element) { error = load_single_bgpsec(element, is_assertion); - if (error) { - if (error == -EEXIST) - pr_err( - "The bgpsec %s element #%d, is duplicated or covered by another %s; SLURM loading will be stopped", - (is_assertion ? "assertion" : "filter"), - index + 1, - (is_assertion ? "assertion" : "filter")); - else - pr_err( - "Error at bgpsec %s, element #%d, SLURM loading will be stopped", - (is_assertion ? "assertions" : "filters"), - index + 1); + if (!error) + break; + if (error == -EEXIST) + pr_err( + "The bgpsec %s element #%d, is duplicated or covered by another %s; SLURM loading will be stopped", + (is_assertion ? "assertion" : "filter"), + index + 1, + (is_assertion ? "assertion" : "filter")); + else + pr_err( + "Error at bgpsec %s, element #%d, SLURM loading will be stopped", + (is_assertion ? "assertions" : "filters"), + index + 1); - return error; - } + return error; } return 0; diff --git a/src/validation_handler.c b/src/validation_handler.c index 2c8410b4..fd58b72e 100644 --- a/src/validation_handler.c +++ b/src/validation_handler.c @@ -54,7 +54,7 @@ vhandler_handle_roa_v6(uint32_t as, struct ipv6_prefix const *prefix, } int -vhandler_handle_bgpsec(unsigned char const *ski, uint32_t as, +vhandler_handle_router_key(unsigned char const *ski, uint32_t as, unsigned char const *spk) { struct validation_handler const *handler; @@ -64,7 +64,7 @@ vhandler_handle_bgpsec(unsigned char const *ski, uint32_t as, if (error) return error; - return (handler->handle_bgpsec != NULL) - ? handler->handle_bgpsec(ski, as, spk, handler->arg) + return (handler->handle_router_key != NULL) + ? handler->handle_router_key(ski, as, spk, handler->arg) : 0; } diff --git a/src/validation_handler.h b/src/validation_handler.h index 3feac996..cb3a2a51 100644 --- a/src/validation_handler.h +++ b/src/validation_handler.h @@ -30,7 +30,7 @@ struct validation_handler { int (*handle_roa_v6)(uint32_t, struct ipv6_prefix const *, uint8_t, void *); /** Called every time Fort has successfully validated a BGPsec cert */ - int (*handle_bgpsec)(unsigned char const *, uint32_t, + int (*handle_router_key)(unsigned char const *, uint32_t, unsigned char const *, void *); /** Generic user-defined argument for the functions above. */ void *arg; @@ -38,7 +38,7 @@ struct validation_handler { int vhandler_handle_roa_v4(uint32_t, struct ipv4_prefix const *, uint8_t); int vhandler_handle_roa_v6(uint32_t, struct ipv6_prefix const *, uint8_t); -int vhandler_handle_bgpsec(unsigned char const *, uint32_t, +int vhandler_handle_router_key(unsigned char const *, uint32_t, unsigned char const *); #endif /* SRC_VALIDATION_HANDLER_H_ */ diff --git a/test/rtr/db/vrps_test.c b/test/rtr/db/vrps_test.c index b21c820c..39a17766 100644 --- a/test/rtr/db/vrps_test.c +++ b/test/rtr/db/vrps_test.c @@ -178,7 +178,7 @@ delta_check(struct delta_vrp const *delta, void *arg) } static int -delta_rk_check(struct delta_bgpsec const *delta, void *arg) +delta_rk_check(struct delta_router_key const *delta, void *arg) { /* FIXME (now) add index with Router key examples */ return 0; @@ -237,13 +237,13 @@ vrp_add(struct delta_vrp const *delta, void *arg) } static int -rk_add(struct delta_bgpsec const *delta, void *arg) +rk_add(struct delta_router_key const *delta, void *arg) { struct deltas *deltas = arg; struct router_key key; key = delta->router_key; - deltas_add_bgpsec(deltas, &key, delta->flags); + deltas_add_router_key(deltas, &key, delta->flags); return 0; } diff --git a/test/rtr/pdu_handler_test.c b/test/rtr/pdu_handler_test.c index 7e67c816..d1424bc9 100644 --- a/test/rtr/pdu_handler_test.c +++ b/test/rtr/pdu_handler_test.c @@ -185,7 +185,7 @@ handle_delta(struct delta_vrp const *delta, void *arg) } static int -handle_delta_bgpsec(struct delta_bgpsec const *delta, void *arg) +handle_delta_router_key(struct delta_router_key const *delta, void *arg) { int *fd = arg; ck_assert_int_eq(0, send_router_key_pdu(*fd, RTR_V0, &delta->router_key, @@ -201,7 +201,7 @@ send_delta_pdus(int fd, uint8_t version, struct deltas_db *deltas) ARRAYLIST_FOREACH(deltas, group, i) ck_assert_int_eq(0, deltas_foreach(group->serial, group->deltas, - handle_delta, handle_delta_bgpsec, &fd)); + handle_delta, handle_delta_router_key, &fd)); return 0; }