From d48fbc79f4426092875dd1438a630b7ef764a0c1 Mon Sep 17 00:00:00 2001 From: Claudio Jeker Date: Mon, 18 Dec 2023 17:02:00 +0100 Subject: [PATCH 1/2] Remove the AFI dependency for ASPA The AFI was removed from the ASPA profile so don't expect it anymore. Now RTR is still using an old idea of ASPA profile so there just duplicate the object once for IPv4 and once for IPv6. At some points SIDROPS may finally fix this but for now this allows to export ASPA objects that follow the rpki-client JSON (which no longer has the AFI in the ASPA table). --- cmd/rtrdump/rtrdump.go | 12 ++---------- cmd/stayrtr/stayrtr.go | 26 ++++++++------------------ lib/server.go | 21 ++++++++++++++------- prefixfile/prefixfile.go | 7 +------ prefixfile/slurm.go | 33 +++++++++++++-------------------- prefixfile/slurm_test.go | 6 +++--- 6 files changed, 41 insertions(+), 64 deletions(-) diff --git a/cmd/rtrdump/rtrdump.go b/cmd/rtrdump/rtrdump.go index 9a93a9b..64c49f8 100644 --- a/cmd/rtrdump/rtrdump.go +++ b/cmd/rtrdump/rtrdump.go @@ -117,22 +117,14 @@ func (c *Client) HandlePDU(cs *rtr.ClientSession, pdu rtr.PDU) { case *rtr.PDUASPA: if c.Data.ASPA == nil { - c.Data.ASPA = &prefixfile.ProviderAuthorizationsJson{ - IPv4: make([]prefixfile.ASPAJson, 0), - IPv6: make([]prefixfile.ASPAJson, 0), - } + c.Data.ASPA = make([]prefixfile.ASPAJson, 0) } aj := prefixfile.ASPAJson{ CustomerAsid: pdu.CustomerASNumber, Providers: pdu.ProviderASNumbers, } - switch pdu.AFIFlags { - case rtr.AFI_IPv4: - c.Data.ASPA.IPv4 = append(c.Data.ASPA.IPv4, aj) - case rtr.AFI_IPv6: - c.Data.ASPA.IPv6 = append(c.Data.ASPA.IPv6, aj) - } + c.Data.ASPA = append(c.Data.ASPA, aj) if *LogDataPDU { log.Debugf("Received: %v", pdu) diff --git a/cmd/stayrtr/stayrtr.go b/cmd/stayrtr/stayrtr.go index d8f2299..c6947b8 100644 --- a/cmd/stayrtr/stayrtr.go +++ b/cmd/stayrtr/stayrtr.go @@ -201,7 +201,7 @@ func isValidPrefixLength(prefix netip.Prefix, maxLength uint8) bool { // Will return a deduped slice, as well as total VRPs, IPv4 VRPs, IPv6 VRPs, BGPsec Keys and ASPA records func processData(vrplistjson []prefixfile.VRPJson, brklistjson []prefixfile.BgpSecKeyJson, - aspajson *prefixfile.ProviderAuthorizationsJson) /*Export*/ ([]rtr.VRP, []rtr.BgpsecKey, []rtr.VAP, int, int, int) { + aspajson []prefixfile.ASPAJson) /*Export*/ ([]rtr.VRP, []rtr.BgpsecKey, []rtr.VAP, int, int, int) { filterDuplicates := make(map[string]struct{}) // It may be tempting to change this to a simple time.Since() but that will @@ -313,15 +313,12 @@ func processData(vrplistjson []prefixfile.VRPJson, }) } - if aspajson != nil { - aspalist = handleASPAList(aspajson.IPv4, NowUnix, aspalist, rtr.AFI_IPv4) - aspalist = handleASPAList(aspajson.IPv6, NowUnix, aspalist, rtr.AFI_IPv6) - } + aspalist = handleASPAList(aspajson, NowUnix, aspalist) return vrplist, brklist, aspalist, countv4 + countv6, countv4, countv6 } -func handleASPAList(list []prefixfile.ASPAJson, NowUnix int64, aspalist []rtr.VAP, AFI uint8) []rtr.VAP { +func handleASPAList(list []prefixfile.ASPAJson, NowUnix int64, aspalist []rtr.VAP) []rtr.VAP { for _, v := range list { if v.Expires != nil { if NowUnix > *v.Expires { @@ -336,7 +333,6 @@ func handleASPAList(list []prefixfile.ASPAJson, NowUnix int64, aspalist []rtr.VA }) aspalist = append(aspalist, rtr.VAP{ - AFI: AFI, CustomerASN: v.CustomerAsid, Providers: v.Providers, }) @@ -368,10 +364,7 @@ func (s *state) updateFromNewState() error { } aspajson := s.lastdata.ASPA if aspajson == nil { - aspajson = &prefixfile.ProviderAuthorizationsJson{ - IPv4: make([]prefixfile.ASPAJson, 0), - IPv6: make([]prefixfile.ASPAJson, 0), - } + aspajson = make([]prefixfile.ASPAJson, 0) } buildtime, err := time.Parse(time.RFC3339, s.lastdata.Metadata.Buildtime) @@ -390,7 +383,7 @@ func (s *state) updateFromNewState() error { } if s.slurm != nil { - vrpsjson, aspajson.IPv4, aspajson.IPv6, bgpsecjson = s.slurm.FilterAssert(vrpsjson, aspajson.IPv4, aspajson.IPv6, bgpsecjson, log.StandardLogger()) + vrpsjson, aspajson, bgpsecjson = s.slurm.FilterAssert(vrpsjson, aspajson, bgpsecjson, log.StandardLogger()) } vrps, brks, vaps, count, countv4, countv6 := processData(vrpsjson, bgpsecjson, aspajson) @@ -413,10 +406,7 @@ func (s *state) reloadFromCurrentState() error { } aspajson := s.lastdata.ASPA if aspajson == nil { - aspajson = &prefixfile.ProviderAuthorizationsJson{ - IPv4: make([]prefixfile.ASPAJson, 0), - IPv6: make([]prefixfile.ASPAJson, 0), - } + aspajson = make([]prefixfile.ASPAJson, 0) } buildtime, err := time.Parse(time.RFC3339, s.lastdata.Metadata.Buildtime) @@ -435,7 +425,7 @@ func (s *state) reloadFromCurrentState() error { } if s.slurm != nil { - vrpsjson, aspajson.IPv4, aspajson.IPv6, bgpsecjson = s.slurm.FilterAssert(vrpsjson, aspajson.IPv4, aspajson.IPv6, bgpsecjson, log.StandardLogger()) + vrpsjson, aspajson, bgpsecjson = s.slurm.FilterAssert(vrpsjson, aspajson, bgpsecjson, log.StandardLogger()) } vrps, brks, vaps, count, countv4, countv6 := processData(vrpsjson, bgpsecjson, aspajson) @@ -448,7 +438,7 @@ func (s *state) reloadFromCurrentState() error { func (s *state) applyUpdateFromNewState(vrps []rtr.VRP, brks []rtr.BgpsecKey, vaps []rtr.VAP, sessid uint16, - vrpsjson []prefixfile.VRPJson, brksjson []prefixfile.BgpSecKeyJson, aspajson *prefixfile.ProviderAuthorizationsJson, + vrpsjson []prefixfile.VRPJson, brksjson []prefixfile.BgpSecKeyJson, aspajson []prefixfile.ASPAJson, countv4 int, countv6 int) error { SDs := make([]rtr.SendableData, 0, len(vrps)+len(brks)+len(vaps)) diff --git a/lib/server.go b/lib/server.go index 86b1be5..8e6362c 100644 --- a/lib/server.go +++ b/lib/server.go @@ -979,7 +979,6 @@ func (brk *BgpsecKey) GetFlag() uint8 { type VAP struct { Flags uint8 - AFI uint8 CustomerASN uint32 Providers []uint32 } @@ -989,11 +988,11 @@ func (vap *VAP) Type() string { } func (vap *VAP) String() string { - return fmt.Sprintf("ASPA AS%v -> AFI %d, Providers: %v", vap.CustomerASN, vap.AFI, vap.Providers) + return fmt.Sprintf("ASPA AS%v -> Providers: %v", vap.CustomerASN, vap.Providers) } func (vap *VAP) HashKey() string { - return fmt.Sprintf("%v-%x-%v", vap.CustomerASN, vap.AFI, vap.Providers) + return fmt.Sprintf("%v-%v", vap.CustomerASN, vap.Providers) } func (r1 *VAP) Equals(r2 SendableData) bool { @@ -1008,7 +1007,6 @@ func (r1 *VAP) Equals(r2 SendableData) bool { func (vap *VAP) Copy() SendableData { cop := VAP{ CustomerASN: vap.CustomerASN, - AFI: vap.AFI, Flags: vap.Flags, Providers: make([]uint32, 0), } @@ -1120,15 +1118,24 @@ func (c *Client) SendData(sd SendableData) { return } - pdu := &PDUASPA{ + pdu4 := &PDUASPA{ Version: c.version, Flags: t.Flags, - AFIFlags: t.AFI, + AFIFlags: AFI_IPv4, ProviderASCount: uint16(len(t.Providers)), CustomerASNumber: t.CustomerASN, ProviderASNumbers: t.Providers, } - c.SendPDU(pdu) + pdu6 := &PDUASPA{ + Version: c.version, + Flags: t.Flags, + AFIFlags: AFI_IPv6, + ProviderASCount: uint16(len(t.Providers)), + CustomerASNumber: t.CustomerASN, + ProviderASNumbers: t.Providers, + } + c.SendPDU(pdu4) + c.SendPDU(pdu6) } } diff --git a/prefixfile/prefixfile.go b/prefixfile/prefixfile.go index c6e8433..cf0572c 100644 --- a/prefixfile/prefixfile.go +++ b/prefixfile/prefixfile.go @@ -36,7 +36,7 @@ type VRPList struct { Metadata MetaData `json:"metadata,omitempty"` Data []VRPJson `json:"roas"` // for historical reasons this is called 'roas', but should've been called vrps BgpSecKeys []BgpSecKeyJson `json:"bgpsec_keys,omitempty"` - ASPA *ProviderAuthorizationsJson `json:"provider_authorizations,omitempty"` + ASPA []ASPAJson `json:"aspas,omitempty"` } type BgpSecKeyJson struct { @@ -53,11 +53,6 @@ type BgpSecKeyJson struct { } // ASPA -type ProviderAuthorizationsJson struct { - IPv4 []ASPAJson `json:"ipv4"` - IPv6 []ASPAJson `json:"ipv6"` -} - type ASPAJson struct { CustomerAsid uint32 `json:"customer_asid"` Expires *int64 `json:"expires,omitempty"` diff --git a/prefixfile/slurm.go b/prefixfile/slurm.go index f7da931..dd0feaf 100644 --- a/prefixfile/slurm.go +++ b/prefixfile/slurm.go @@ -267,24 +267,20 @@ func (s *SlurmLocallyAddedAssertions) AssertVRPs() []VRPJson { return vrps } -func (s *SlurmLocallyAddedAssertions) AssertVAPs() (v4, v6 []ASPAJson) { - vapsv4, vapsv6 := make([]ASPAJson, 0), make([]ASPAJson, 0) +func (s *SlurmLocallyAddedAssertions) AssertVAPs() []ASPAJson { + vaps := make([]ASPAJson, 0) if s.AspaAssertions == nil || len(s.AspaAssertions) == 0 { - return vapsv4, vapsv6 + return vaps } for _, assertion := range s.AspaAssertions { vap := ASPAJson{ CustomerAsid: assertion.CustomerASNid, Providers: assertion.ProviderSet, } - if strings.Contains(assertion.Afi, "6") { - vapsv6 = append(vapsv6, vap) - } else { - vapsv4 = append(vapsv4, vap) - } + vaps = append(vaps, vap) } - return vapsv4, vapsv6 + return vaps } func (s *SlurmLocallyAddedAssertions) AssertBRKs() []BgpSecKeyJson { @@ -305,26 +301,24 @@ func (s *SlurmLocallyAddedAssertions) AssertBRKs() []BgpSecKeyJson { return brks } -func (s *SlurmConfig) GetAssertions() (vrps []VRPJson, VAPv4, VAPv6 []ASPAJson, BRKs []BgpSecKeyJson) { +func (s *SlurmConfig) GetAssertions() (vrps []VRPJson, vaps []ASPAJson, BRKs []BgpSecKeyJson) { vrps = s.LocallyAddedAssertions.AssertVRPs() - VAPv4, VAPv6 = s.LocallyAddedAssertions.AssertVAPs() + vaps = s.LocallyAddedAssertions.AssertVAPs() BRKs = s.LocallyAddedAssertions.AssertBRKs() return } -func (s *SlurmConfig) FilterAssert(vrps []VRPJson, VAPv4, VAPv6 []ASPAJson, BRKs []BgpSecKeyJson, log Logger) ( - ovrps []VRPJson, oVAPv4, oVAPv6 []ASPAJson, oBRKs []BgpSecKeyJson) { +func (s *SlurmConfig) FilterAssert(vrps []VRPJson, vaps []ASPAJson, BRKs []BgpSecKeyJson, log Logger) ( + ovrps []VRPJson, ovaps []ASPAJson, oBRKs []BgpSecKeyJson) { // filteredVRPs, removedVRPs := s.ValidationOutputFilters.FilterOnVRPs(vrps) - filteredVAP4s, removedVAP4s := s.ValidationOutputFilters.FilterOnVAPs(VAPv4, false) - filteredVAP6s, removedVAP6s := s.ValidationOutputFilters.FilterOnVAPs(VAPv6, true) + filteredVAPs, removedVAPs := s.ValidationOutputFilters.FilterOnVAPs(vaps, false) filteredBRKs, removedBRKs := s.ValidationOutputFilters.FilterOnBRKs(BRKs) - assertVRPs, assertVAP4, assertVAP6, assertBRKs := s.GetAssertions() + assertVRPs, assertVAPs, assertBRKs := s.GetAssertions() ovrps = append(filteredVRPs, assertVRPs...) - oVAPv4 = append(filteredVAP4s, assertVAP4...) - oVAPv6 = append(filteredVAP6s, assertVAP6...) + ovaps = append(filteredVAPs, assertVAPs...) oBRKs = append(filteredBRKs, assertBRKs...) if log != nil { @@ -337,8 +331,7 @@ func (s *SlurmConfig) FilterAssert(vrps []VRPJson, VAPv4, VAPv6 []ASPAJson, BRKs } if len(s.ValidationOutputFilters.AspaFilters) != 0 { - log.Infof("Slurm ASPA v4 filtering: %v kept, %v removed, %v asserted", len(filteredVAP4s), len(removedVAP4s), len(oVAPv4)) - log.Infof("Slurm ASPA v6 filtering: %v kept, %v removed, %v asserted", len(filteredVAP6s), len(removedVAP6s), len(oVAPv6)) + log.Infof("Slurm ASPA filtering: %v kept, %v removed, %v asserted", len(filteredVAPs), len(removedVAPs), len(ovaps)) } } return diff --git a/prefixfile/slurm_test.go b/prefixfile/slurm_test.go index 80aaad3..7e281cc 100644 --- a/prefixfile/slurm_test.go +++ b/prefixfile/slurm_test.go @@ -241,8 +241,8 @@ func TestSlurmEndToEnd(t *testing.T) { panic(err) } - finalVRP, _, finalASPA6, finalBgpsec := - config.FilterAssert(vrplist.Data, vrplist.ASPA.IPv4, vrplist.ASPA.IPv6, vrplist.BgpSecKeys, nil) + finalVRP, finalASPA, finalBgpsec := + config.FilterAssert(vrplist.Data, vrplist.ASPA, vrplist.BgpSecKeys, nil) foundAssertVRP := false for _, vrps := range finalVRP { @@ -259,7 +259,7 @@ func TestSlurmEndToEnd(t *testing.T) { } foundAssertVAP := false - for _, vaps := range finalASPA6 { + for _, vaps := range finalASPA { if vaps.CustomerAsid == 64499 { foundAssertVAP = true } From e7fd4221b534f780106e78a908a7cd82916ebf7d Mon Sep 17 00:00:00 2001 From: Claudio Jeker Date: Wed, 20 Dec 2023 11:40:49 +0100 Subject: [PATCH 2/2] Refactor some code that has no need to be this complicated --- cmd/stayrtr/stayrtr.go | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/cmd/stayrtr/stayrtr.go b/cmd/stayrtr/stayrtr.go index c6947b8..f312972 100644 --- a/cmd/stayrtr/stayrtr.go +++ b/cmd/stayrtr/stayrtr.go @@ -313,13 +313,7 @@ func processData(vrplistjson []prefixfile.VRPJson, }) } - aspalist = handleASPAList(aspajson, NowUnix, aspalist) - - return vrplist, brklist, aspalist, countv4 + countv6, countv4, countv6 -} - -func handleASPAList(list []prefixfile.ASPAJson, NowUnix int64, aspalist []rtr.VAP) []rtr.VAP { - for _, v := range list { + for _, v := range aspajson { if v.Expires != nil { if NowUnix > *v.Expires { continue @@ -337,7 +331,8 @@ func handleASPAList(list []prefixfile.ASPAJson, NowUnix int64, aspalist []rtr.VA Providers: v.Providers, }) } - return aspalist + + return vrplist, brklist, aspalist, countv4 + countv6, countv4, countv6 } type IdenticalFile struct {