From cb54b6207599a49a47621469cbd9d21cfcd2d871 Mon Sep 17 00:00:00 2001 From: Job Snijders Date: Fri, 6 Sep 2024 11:02:31 +0000 Subject: [PATCH] Remove ASPA / rfc8210bis support Spring cleaning. This code is not compatible with other implementations nor the rfc8210bis specification. --- README.md | 2 +- cmd/rtrdump/rtrdump.go | 15 ------- cmd/stayrtr/stayrtr.go | 72 ++++++++----------------------- cmd/stayrtr/stayrtr_test.go | 2 +- lib/client_test.go | 27 ------------ lib/server.go | 85 ++----------------------------------- lib/structs.go | 81 ----------------------------------- prefixfile/prefixfile.go | 8 ---- prefixfile/slurm.go | 76 +++------------------------------ prefixfile/slurm.json | 15 ------- prefixfile/slurm_test.go | 45 +------------------- 11 files changed, 29 insertions(+), 399 deletions(-) diff --git a/README.md b/README.md index e8f86f1..e5a97f5 100644 --- a/README.md +++ b/README.md @@ -21,7 +21,7 @@ Special thanks for support to the Route Server Support Foundation [RSSF](https:/ ## Features of the server -* Dissemination of validated ROA, BGPsec, and ASPA payloads +* Dissemination of validated ROA and BGPsec payloads * Refreshes a JSON list of prefixes * Automatic expiration of outdated information (when using JSON produced by [rpki-client](https://www.rpki-client.org)) * Prometheus metrics diff --git a/cmd/rtrdump/rtrdump.go b/cmd/rtrdump/rtrdump.go index 73ffef9..69ead19 100644 --- a/cmd/rtrdump/rtrdump.go +++ b/cmd/rtrdump/rtrdump.go @@ -109,21 +109,6 @@ func (c *Client) HandlePDU(cs *rtr.ClientSession, pdu rtr.PDU) { } c.Data.BgpSecKeys = append(c.Data.BgpSecKeys, rj) - if *LogDataPDU { - log.Debugf("Received: %v", pdu) - } - - case *rtr.PDUASPA: - if c.Data.ASPA == nil { - c.Data.ASPA = make([]prefixfile.VAPJson, 0) - } - aj := prefixfile.VAPJson{ - CustomerAsid: pdu.CustomerASNumber, - Providers: pdu.ProviderASNumbers, - } - - c.Data.ASPA = append(c.Data.ASPA, aj) - if *LogDataPDU { log.Debugf("Received: %v", pdu) } diff --git a/cmd/stayrtr/stayrtr.go b/cmd/stayrtr/stayrtr.go index 9e8a507..7534e34 100644 --- a/cmd/stayrtr/stayrtr.go +++ b/cmd/stayrtr/stayrtr.go @@ -58,7 +58,6 @@ var ( SendNotifs = flag.Bool("notifications", true, "Send notifications to clients (disable with -notifications=false)") EnforceVersion = flag.Bool("enforce.version", false, "Disable version negotiation") DisableBGPSec = flag.Bool("disable.bgpsec", false, "Disable sending out BGPSEC Router Keys") - DisableASPA = flag.Bool("disable.aspa", false, "Disable sending out ASPA objects") EnableNODELAY = flag.Bool("enable.nodelay", false, "Force enable TCP NODELAY (Likely increases CPU)") @@ -207,10 +206,9 @@ func isValidPrefixLength(prefix netip.Prefix, maxLength uint8) bool { // 1 - The prefix is a valid prefix // 2 - The ASN is a valid ASN // 3 - The MaxLength is valid -// Will return a deduped slice, as well as total VRPs, IPv4 VRPs, IPv6 VRPs, BGPsec Keys and ASPA records +// Will return a deduped slice, as well as total VRPs, IPv4 VRPs, IPv6 VRPs and BGPsec Keys func processData(vrplistjson []prefixfile.VRPJson, - brklistjson []prefixfile.BgpSecKeyJson, - aspajson []prefixfile.VAPJson) /*Export*/ ([]rtr.VRP, []rtr.BgpsecKey, []rtr.VAP, int, int) { + brklistjson []prefixfile.BgpSecKeyJson) /*Export*/ ([]rtr.VRP, []rtr.BgpsecKey, int, int) { filterDuplicates := make(map[string]struct{}) // It may be tempting to change this to a simple time.Since() but that will @@ -221,7 +219,6 @@ func processData(vrplistjson []prefixfile.VRPJson, var vrplist []rtr.VRP var brklist = make([]rtr.BgpsecKey, 0) - var aspalist = make([]rtr.VAP, 0) var countv4 int var countv6 int @@ -322,26 +319,7 @@ func processData(vrplistjson []prefixfile.VRPJson, }) } - for _, v := range aspajson { - if v.Expires != nil { - if NowUnix > *v.Expires { - continue - } - } - - // Ensure that these are sorted, otherwise they - // don't hash right. - sort.Slice(v.Providers, func(i, j int) bool { - return v.Providers[i] < v.Providers[j] - }) - - aspalist = append(aspalist, rtr.VAP{ - CustomerASN: v.CustomerAsid, - Providers: v.Providers, - }) - } - - return vrplist, brklist, aspalist, countv4, countv6 + return vrplist, brklist, countv4, countv6 } type IdenticalFile struct { @@ -364,10 +342,6 @@ func (s *state) updateFromNewState() error { if bgpsecjson == nil { bgpsecjson = make([]prefixfile.BgpSecKeyJson, 0) } - aspajson := s.lastdata.ASPA - if aspajson == nil { - aspajson = make([]prefixfile.VAPJson, 0) - } buildtime, err := time.Parse(time.RFC3339, s.lastdata.Metadata.Buildtime) if s.lastdata.Metadata.GeneratedUnix != nil { @@ -385,14 +359,14 @@ func (s *state) updateFromNewState() error { } if s.slurm != nil { - vrpsjson, aspajson, bgpsecjson = s.slurm.FilterAssert(vrpsjson, aspajson, bgpsecjson, log.StandardLogger()) + vrpsjson, bgpsecjson = s.slurm.FilterAssert(vrpsjson, bgpsecjson, log.StandardLogger()) } - vrps, brks, vaps, countv4, countv6 := processData(vrpsjson, bgpsecjson, aspajson) - count := len(vrps) + len(brks) + len(vaps) + vrps, brks, countv4, countv6 := processData(vrpsjson, bgpsecjson) + count := len(vrps) + len(brks) - log.Infof("New update (%v uniques, %v total prefixes, %v vaps, %v router keys).", len(vrps), count, len(vaps), len(brks)) - return s.applyUpdateFromNewState(vrps, brks, vaps, vrpsjson, bgpsecjson, aspajson, countv4, countv6) + log.Infof("New update (%v uniques, %v total prefixes, %v router keys).", len(vrps), count, len(brks)) + return s.applyUpdateFromNewState(vrps, brks, vrpsjson, bgpsecjson, countv4, countv6) } // Update the state based on the currently loaded files @@ -405,10 +379,6 @@ func (s *state) reloadFromCurrentState() error { if bgpsecjson == nil { bgpsecjson = make([]prefixfile.BgpSecKeyJson, 0) } - aspajson := s.lastdata.ASPA - if aspajson == nil { - aspajson = make([]prefixfile.VAPJson, 0) - } buildtime, err := time.Parse(time.RFC3339, s.lastdata.Metadata.Buildtime) if s.lastdata.Metadata.GeneratedUnix != nil { @@ -426,32 +396,29 @@ func (s *state) reloadFromCurrentState() error { } if s.slurm != nil { - vrpsjson, aspajson, bgpsecjson = s.slurm.FilterAssert(vrpsjson, aspajson, bgpsecjson, log.StandardLogger()) + vrpsjson, bgpsecjson = s.slurm.FilterAssert(vrpsjson, bgpsecjson, log.StandardLogger()) } - vrps, brks, vaps, countv4, countv6 := processData(vrpsjson, bgpsecjson, aspajson) - count := len(vrps) + len(brks) + len(vaps) + vrps, brks, countv4, countv6 := processData(vrpsjson, bgpsecjson) + count := len(vrps) + len(brks) if s.server.CountSDs() != count { log.Infof("New update to old state (%v uniques, %v total prefixes). (old %v - new %v)", len(vrps), count, s.server.CountSDs(), count) - return s.applyUpdateFromNewState(vrps, brks, vaps, vrpsjson, bgpsecjson, aspajson, countv4, countv6) + return s.applyUpdateFromNewState(vrps, brks, vrpsjson, bgpsecjson, countv4, countv6) } return nil } -func (s *state) applyUpdateFromNewState(vrps []rtr.VRP, brks []rtr.BgpsecKey, vaps []rtr.VAP, - vrpsjson []prefixfile.VRPJson, brksjson []prefixfile.BgpSecKeyJson, aspajson []prefixfile.VAPJson, +func (s *state) applyUpdateFromNewState(vrps []rtr.VRP, brks []rtr.BgpsecKey, + vrpsjson []prefixfile.VRPJson, brksjson []prefixfile.BgpSecKeyJson, countv4 int, countv6 int) error { - SDs := make([]rtr.SendableData, 0, len(vrps)+len(brks)+len(vaps)) + SDs := make([]rtr.SendableData, 0, len(vrps) + len(brks)) for _, v := range vrps { SDs = append(SDs, v.Copy()) } for _, v := range brks { SDs = append(SDs, v.Copy()) } - for _, v := range vaps { - SDs = append(SDs, v.Copy()) - } if !s.server.AddData(SDs) { log.Info("No difference to current cache") return nil @@ -473,7 +440,6 @@ func (s *state) applyUpdateFromNewState(vrps []rtr.VRP, brks []rtr.BgpsecKey, va }, ROA: vrpsjson, BgpSecKeys: brksjson, - ASPA: aspajson, } s.lockJson.Unlock() @@ -487,7 +453,7 @@ func (s *state) applyUpdateFromNewState(vrps []rtr.VRP, brks []rtr.BgpsecKey, va countv6_dup++ } } - s.metricsEvent.UpdateMetrics(countv4, countv6, countv4_dup, countv6_dup, s.lastchange, s.lastts, *CacheBin, len(brks), len(vaps)) + s.metricsEvent.UpdateMetrics(countv4, countv6, countv4_dup, countv6_dup, s.lastchange, s.lastts, *CacheBin, len(brks)) } return nil @@ -707,8 +673,7 @@ func (m *metricsEvent) HandlePDU(c *rtr.Client, pdu rtr.PDU) { "_", -1))).Inc() } -func (m *metricsEvent) UpdateMetrics(numIPv4 int, numIPv6 int, numIPv4filtered int, numIPv6filtered int, changed time.Time, refreshed time.Time, file string, brkCount int, aspaCount int) { - NumberOfObjects.WithLabelValues("vaps").Set(float64(aspaCount)) +func (m *metricsEvent) UpdateMetrics(numIPv4 int, numIPv6 int, numIPv4filtered int, numIPv6filtered int, changed time.Time, refreshed time.Time, file string, brkCount int) { NumberOfObjects.WithLabelValues("bgpsec_pubkeys").Set(float64(brkCount)) NumberOfObjects.WithLabelValues("vrps").Set(float64(numIPv4 + numIPv6)) NumberOfObjects.WithLabelValues("effective_vrps").Set(float64(numIPv4filtered + numIPv6filtered)) @@ -763,8 +728,7 @@ func run() error { EnforceVersion: *EnforceVersion, DisableBGPSec: *DisableBGPSec, - DisableASPA: *DisableASPA, - EnableNODELAY: *EnableNODELAY, + EnableNODELAY: *EnableNODELAY, } var me *metricsEvent diff --git a/cmd/stayrtr/stayrtr_test.go b/cmd/stayrtr/stayrtr_test.go index e0bea88..e6f4a33 100644 --- a/cmd/stayrtr/stayrtr_test.go +++ b/cmd/stayrtr/stayrtr_test.go @@ -100,7 +100,7 @@ func TestProcessData(t *testing.T) { Expires: &ExpiredTime, }, ) - got, _, _, v4count, v6count := processData(stuff, nil, nil) + got, _, v4count, v6count := processData(stuff, nil) want := []rtr.VRP{ { Prefix: netip.MustParsePrefix("2001:db8::/32"), diff --git a/lib/client_test.go b/lib/client_test.go index affe119..6988ece 100644 --- a/lib/client_test.go +++ b/lib/client_test.go @@ -126,30 +126,3 @@ func TestRouterKeyEncodeDecode(t *testing.T) { t.FailNow() } } - -func TestASPAEncodeDecode(t *testing.T) { - p := &PDUASPA{ - Version: 1, - Flags: 1, - AFIFlags: 1, - ProviderASCount: 2, - CustomerASNumber: 64497, - ProviderASNumbers: []uint32{64498, 64499}, - } - - buf := bytes.NewBuffer(nil) - p.Write(buf) - - outputPdu, err := Decode(buf) - - if err != nil { - t.FailNow() - } - - orig := fmt.Sprintf("%#v", p) - decode := fmt.Sprintf("%#v", outputPdu) - if orig != decode { - t.Fatalf("%s\n is not\n%s", orig, decode) - t.FailNow() - } -} diff --git a/lib/server.go b/lib/server.go index d8740c3..62ec600 100644 --- a/lib/server.go +++ b/lib/server.go @@ -29,7 +29,7 @@ type RTREventHandler interface { RequestNewVersion(*Client, uint16, uint32) } -// This is a general interface for things like a VRP, BGPsec Router key or ASPA object +// This is a general interface for things like a VRP or BGPsec Router key // Be sure to have all of these as pointers, or SetFlag() cannot work! type SendableData interface { Copy() SendableData @@ -41,7 +41,7 @@ type SendableData interface { GetFlag() uint8 } -// This handles things like ROAs, BGPsec Router keys, ASPA info etc +// This handles things like ROAs, BGPsec Router keys info etc type SendableDataManager interface { GetCurrentSerial() (uint32, bool) GetSessionId(uint8) uint16 @@ -134,7 +134,6 @@ type Server struct { simpleHandler RTREventHandler enforceVersion bool disableBGPSec bool - disableASPA bool enableNODELAY bool sdlock *sync.RWMutex @@ -160,7 +159,6 @@ type ServerConfiguration struct { SessId int DisableBGPSec bool - DisableASPA bool EnableNODELAY bool RefreshInterval uint32 @@ -205,7 +203,6 @@ func NewServer(configuration ServerConfiguration, handler RTRServerEventHandler, enforceVersion: configuration.EnforceVersion, disableBGPSec: configuration.DisableBGPSec, - disableASPA: configuration.DisableASPA, pduRefreshInterval: refreshInterval, pduRetryInterval: retryInterval, @@ -506,9 +503,6 @@ func (s *Server) acceptClientTCP(tcpconn net.Conn) error { if s.disableBGPSec { client.DisableBGPsec() } - if s.disableASPA { - client.DisableASPA() - } go client.Start() return nil } @@ -683,7 +677,6 @@ type Client struct { expireInterval uint32 dontSendBGPsecKeys bool - dontSendASPA bool log Logger } @@ -708,10 +701,6 @@ func (c *Client) DisableBGPsec() { c.dontSendBGPsecKeys = true } -func (c *Client) DisableASPA() { - c.dontSendASPA = true -} - func (c *Client) SetIntervals(refreshInterval uint32, retryInterval uint32, expireInterval uint32) { c.refreshInterval = refreshInterval c.retryInterval = retryInterval @@ -925,51 +914,6 @@ func (brk *BgpsecKey) GetFlag() uint8 { return brk.Flags } -type VAP struct { - Flags uint8 - CustomerASN uint32 - Providers []uint32 -} - -func (vap *VAP) Type() string { - return "ASPA" -} - -func (vap *VAP) String() string { - return fmt.Sprintf("ASPA AS%v -> Providers: %v", vap.CustomerASN, vap.Providers) -} - -func (vap *VAP) HashKey() string { - return fmt.Sprintf("%v-%v", vap.CustomerASN, vap.Providers) -} - -func (r1 *VAP) Equals(r2 SendableData) bool { - if r1.Type() != r2.Type() { - return false - } - - r2True := r2.(*VAP) - return r1.CustomerASN == r2True.CustomerASN && fmt.Sprint(r1.Providers) == fmt.Sprint(r2True.Providers) /*This could be made faster*/ -} - -func (vap *VAP) Copy() SendableData { - cop := VAP{ - CustomerASN: vap.CustomerASN, - Flags: vap.Flags, - Providers: make([]uint32, 0), - } - cop.Providers = append(cop.Providers, vap.Providers...) - return &cop -} - -func (vap *VAP) SetFlag(f uint8) { - vap.Flags = f -} - -func (vap *VAP) GetFlag() uint8 { - return vap.Flags -} - func (c *Client) SendSDs(sessionId uint16, serialNumber uint32, data []SendableData) { pduBegin := &PDUCacheResponse{ SessionId: sessionId, @@ -1054,36 +998,13 @@ func (c *Client) SendData(sd SendableData) { } pdu := &PDURouterKey{ - Version: c.version, // The RouterKey PDU is unchanged from rfc8210 to draft-ietf-sidrops-8210bis-10 + Version: c.version, Flags: t.Flags, SubjectKeyIdentifier: t.Ski, ASN: t.ASN, SubjectPublicKeyInfo: t.Pubkey, } c.SendPDU(pdu) - case *VAP: - if c.version < 2 || c.dontSendASPA { - return - } - - pdu4 := &PDUASPA{ - Version: c.version, - Flags: t.Flags, - AFIFlags: AFI_IPv4, - ProviderASCount: uint16(len(t.Providers)), - CustomerASNumber: t.CustomerASN, - ProviderASNumbers: t.Providers, - } - pdu6 := &PDUASPA{ - Version: c.version, - Flags: t.Flags, - AFIFlags: AFI_IPv6, - ProviderASCount: uint16(len(t.Providers)), - CustomerASNumber: t.CustomerASN, - ProviderASNumbers: t.Providers, - } - c.SendPDU(pdu4) - c.SendPDU(pdu6) } } diff --git a/lib/structs.go b/lib/structs.go index 6d8bf8e..78ad6f8 100644 --- a/lib/structs.go +++ b/lib/structs.go @@ -26,10 +26,6 @@ const ( // We ignore the theoretically unbounded length of SKIs for router keys. // RPs should validate that this has the correct length. // - // maximum size of ASPA PDU payload: - // * 2^16 providers * 32bit = 262144 bytes - // * length is inclusive of header: 8 bytes - // * flags/afi flags/provider as/customer AS: 16 bytes messageMaxSize = 262168 PROTOCOL_VERSION_0 = 0 @@ -46,7 +42,6 @@ const ( PDU_ID_CACHE_RESET = 8 PDU_ID_ROUTER_KEY = 9 PDU_ID_ERROR_REPORT = 10 - PDU_ID_ASPA = 11 FLAG_ADDED = 1 FLAG_REMOVED = 0 @@ -100,8 +95,6 @@ func TypeToString(t uint8) string { return "Router Key" case PDU_ID_ERROR_REPORT: return "Error Report" - case PDU_ID_ASPA: - return "ASPA PDU" default: return fmt.Sprintf("Unknown type %d", t) } @@ -523,51 +516,6 @@ func (pdu *PDUErrorReport) Write(wr io.Writer) { } } -type PDUASPA struct { - Version uint8 - Flags uint8 - AFIFlags uint8 - ProviderASCount uint16 - CustomerASNumber uint32 - ProviderASNumbers []uint32 -} - -func (pdu *PDUASPA) String() string { - return fmt.Sprintf("PDU ASPA v%d TODO", pdu.Version) // TODO -} - -func (pdu *PDUASPA) Bytes() []byte { - b := bytes.NewBuffer([]byte{}) - pdu.Write(b) - return b.Bytes() -} - -func (pdu *PDUASPA) SetVersion(version uint8) { - pdu.Version = version -} - -func (pdu *PDUASPA) GetVersion() uint8 { - return pdu.Version -} - -func (pdu *PDUASPA) GetType() uint8 { - return PDU_ID_ASPA -} - -func (pdu *PDUASPA) Write(wr io.Writer) { - binary.Write(wr, binary.BigEndian, uint8(pdu.Version)) - binary.Write(wr, binary.BigEndian, uint8(PDU_ID_ASPA)) - binary.Write(wr, binary.BigEndian, uint16(0)) - binary.Write(wr, binary.BigEndian, uint32(16+(len(pdu.ProviderASNumbers)*4))) - binary.Write(wr, binary.BigEndian, uint8(pdu.Flags)) - binary.Write(wr, binary.BigEndian, uint8(pdu.AFIFlags)) - binary.Write(wr, binary.BigEndian, uint16(pdu.ProviderASCount)) - binary.Write(wr, binary.BigEndian, uint32(pdu.CustomerASNumber)) - for _, pasn := range pdu.ProviderASNumbers { - binary.Write(wr, binary.BigEndian, uint32(pasn)) - } -} - func DecodeBytes(b []byte) (PDU, error) { buf := bytes.NewBuffer(b) return Decode(buf) @@ -753,35 +701,6 @@ func Decode(rdr io.Reader) (PDU, error) { PDUCopy: errPdu, ErrorMsg: errMsg, }, nil - case PDU_ID_ASPA: - if len(toread) < 8 { - return nil, fmt.Errorf("wrong length for ASPA PDU: %d < 16", len(toread)) - } - - aspaFlag := uint8(toread[0]) - aspaAFIFlag := uint8(toread[1]) - PASCount := binary.BigEndian.Uint16(toread[2:4]) - CASN := binary.BigEndian.Uint32(toread[4:8]) - - PASNs := make([]uint32, 0) - rbuf := bytes.NewReader(toread[8:]) - for i := 0; i < int(PASCount); i++ { - var asn uint32 - err := binary.Read(rbuf, binary.BigEndian, &asn) - if err != nil { - return nil, err - } - PASNs = append(PASNs, asn) - } - - return &PDUASPA{ - Version: pver, - Flags: aspaFlag, - AFIFlags: aspaAFIFlag, - ProviderASCount: PASCount, - CustomerASNumber: CASN, - ProviderASNumbers: PASNs, - }, nil default: return nil, errors.New("could not decode packet") } diff --git a/prefixfile/prefixfile.go b/prefixfile/prefixfile.go index 4dcb3b6..f2721ee 100644 --- a/prefixfile/prefixfile.go +++ b/prefixfile/prefixfile.go @@ -12,12 +12,10 @@ type RPKIList struct { Metadata MetaData `json:"metadata,omitempty"` ROA []VRPJson `json:"roas"` // for historical reasons this is called 'roas', but should've been called vrps BgpSecKeys []BgpSecKeyJson `json:"bgpsec_keys,omitempty"` - ASPA []VAPJson `json:"aspas,omitempty"` } type MetaData struct { Counts int `json:"vrps"` - CountASPAs int `json:"aspas"` CountBgpSecKeys int `json:"bgpsec_pubkeys"` Buildtime string `json:"buildtime,omitempty"` GeneratedUnix *int64 `json:"generated,omitempty"` @@ -44,12 +42,6 @@ type BgpSecKeyJson struct { Ski string `json:"ski"` } -type VAPJson struct { - CustomerAsid uint32 `json:"customer_asid"` - Expires *int64 `json:"expires,omitempty"` - Providers []uint32 `json:"providers"` -} - func (md MetaData) GetBuildTime() time.Time { bt, err := time.Parse(time.RFC3339, md.Buildtime) if err != nil { diff --git a/prefixfile/slurm.go b/prefixfile/slurm.go index 2192467..8d85700 100644 --- a/prefixfile/slurm.go +++ b/prefixfile/slurm.go @@ -1,4 +1,4 @@ -// rfc8416 and draft-sidrops-aspa-slurm +// rfc8416 package prefixfile @@ -9,7 +9,6 @@ import ( "io" "net" "net/netip" - "strings" ) type SlurmPrefixFilter struct { @@ -24,12 +23,6 @@ type SlurmBGPsecFilter struct { Comment string `json:"comment"` } -type SlurmASPAFilter struct { - Afi string `json:"afi"` - Comment string `json:"comment"` - CustomerASid uint32 `json:"customer_asid"` -} - func (pf *SlurmPrefixFilter) GetASN() (uint32, bool) { if pf.ASN == nil { return 0, true @@ -46,7 +39,6 @@ func (pf *SlurmPrefixFilter) GetPrefix() netip.Prefix { type SlurmValidationOutputFilters struct { PrefixFilters []SlurmPrefixFilter BgpsecFilters []SlurmBGPsecFilter - AspaFilters []SlurmASPAFilter } type SlurmPrefixAssertion struct { @@ -63,13 +55,6 @@ type SlurmBGPsecAssertion struct { RouterPublicKey []byte `json:"routerPublicKey"` } -type SlurmASPAAssertion struct { - Afi string `json:"afi"` - Comment string `json:"comment"` - CustomerASNid uint32 `json:"customer_asid"` - ProviderSet []uint32 `json:"provider_set"` -} - func (pa *SlurmPrefixAssertion) GetASN() uint32 { return pa.ASN } @@ -86,7 +71,6 @@ func (pa *SlurmPrefixAssertion) GetMaxLen() int { type SlurmLocallyAddedAssertions struct { PrefixAssertions []SlurmPrefixAssertion BgpsecAssertions []SlurmBGPsecAssertion - AspaAssertions []SlurmASPAAssertion } type SlurmConfig struct { @@ -207,33 +191,6 @@ func (s *SlurmValidationOutputFilters) FilterOnBRKs(brks []BgpSecKeyJson) (added return added, removed } -func (s *SlurmValidationOutputFilters) FilterOnVAPs(vaps []VAPJson, ipv6 bool) (added, removed []VAPJson) { - added = make([]VAPJson, 0) - removed = make([]VAPJson, 0) - if s.AspaFilters == nil || len(s.AspaFilters) == 0 { - return vaps, removed - } - for _, vap := range vaps { - var wasRemoved bool - for _, filter := range s.AspaFilters { - if strings.Contains(filter.Afi, "6") && !ipv6 { - continue - } - - if vap.CustomerAsid == filter.CustomerASid { - removed = append(removed, vap) - wasRemoved = true - break - } - } - - if !wasRemoved { - added = append(added, vap) - } - } - return added, removed -} - func (s *SlurmLocallyAddedAssertions) AssertVRPs() []VRPJson { vrps := make([]VRPJson, 0) if s.PrefixAssertions == nil || len(s.PrefixAssertions) == 0 { @@ -259,22 +216,6 @@ func (s *SlurmLocallyAddedAssertions) AssertVRPs() []VRPJson { return vrps } -func (s *SlurmLocallyAddedAssertions) AssertVAPs() []VAPJson { - vaps := make([]VAPJson, 0) - - if s.AspaAssertions == nil || len(s.AspaAssertions) == 0 { - return vaps - } - for _, assertion := range s.AspaAssertions { - vap := VAPJson{ - CustomerAsid: assertion.CustomerASNid, - Providers: assertion.ProviderSet, - } - vaps = append(vaps, vap) - } - return vaps -} - func (s *SlurmLocallyAddedAssertions) AssertBRKs() []BgpSecKeyJson { brks := make([]BgpSecKeyJson, 0) @@ -293,24 +234,21 @@ func (s *SlurmLocallyAddedAssertions) AssertBRKs() []BgpSecKeyJson { return brks } -func (s *SlurmConfig) GetAssertions() (vrps []VRPJson, vaps []VAPJson, BRKs []BgpSecKeyJson) { +func (s *SlurmConfig) GetAssertions() (vrps []VRPJson, BRKs []BgpSecKeyJson) { vrps = s.LocallyAddedAssertions.AssertVRPs() - vaps = s.LocallyAddedAssertions.AssertVAPs() BRKs = s.LocallyAddedAssertions.AssertBRKs() return } -func (s *SlurmConfig) FilterAssert(vrps []VRPJson, vaps []VAPJson, BRKs []BgpSecKeyJson, log Logger) ( - ovrps []VRPJson, ovaps []VAPJson, oBRKs []BgpSecKeyJson) { +func (s *SlurmConfig) FilterAssert(vrps []VRPJson, BRKs []BgpSecKeyJson, log Logger) ( + ovrps []VRPJson, oBRKs []BgpSecKeyJson) { // filteredVRPs, removedVRPs := s.ValidationOutputFilters.FilterOnVRPs(vrps) - filteredVAPs, removedVAPs := s.ValidationOutputFilters.FilterOnVAPs(vaps, false) filteredBRKs, removedBRKs := s.ValidationOutputFilters.FilterOnBRKs(BRKs) - assertVRPs, assertVAPs, assertBRKs := s.GetAssertions() + assertVRPs, assertBRKs := s.GetAssertions() ovrps = append(filteredVRPs, assertVRPs...) - ovaps = append(filteredVAPs, assertVAPs...) oBRKs = append(filteredBRKs, assertBRKs...) if log != nil { @@ -321,10 +259,6 @@ func (s *SlurmConfig) FilterAssert(vrps []VRPJson, vaps []VAPJson, BRKs []BgpSec if len(s.ValidationOutputFilters.BgpsecFilters) != 0 { log.Infof("Slurm Router Key filtering: %v kept, %v removed, %v asserted", len(filteredBRKs), len(removedBRKs), len(oBRKs)) } - - if len(s.ValidationOutputFilters.AspaFilters) != 0 { - log.Infof("Slurm ASPA filtering: %v kept, %v removed, %v asserted", len(filteredVAPs), len(removedVAPs), len(ovaps)) - } } return } diff --git a/prefixfile/slurm.json b/prefixfile/slurm.json index 1c3b837..d18d5da 100644 --- a/prefixfile/slurm.json +++ b/prefixfile/slurm.json @@ -30,13 +30,6 @@ "SKI": "XC7RBWu3661vfYmhXZwtUw==", "comment": "Key for ASN 64497 matching Router SKI" } - ], - "aspaFilters": [ - { - "customer_asid": 64496, - "afi": "ipv6", - "comment": "ASPAs matching Customer ASID" - } ] }, "locallyAddedAssertions": { @@ -60,14 +53,6 @@ "SKI": "NQYXZ0PgL2fdRscxGdVDa+fhAQY=", "routerPublicKey": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEhv5HEBGixUjKJTlenvcD1Axyi07rFdVY1KhN4vMPYy5y0Mx6zfaiEqJN27jK/l61xC36Vsaezd7eXAsZ1AEEsQ==" } - ], - "aspaAssertions": [ - { - "customer_asid": 64499, - "afi": "ipv6", - "provider_set": [64497, 64498], - "comment": "Pretend 64497 and 64498 are upstream for 64496 in the IPv6 AFI" - } ] } } diff --git a/prefixfile/slurm_test.go b/prefixfile/slurm_test.go index 7d5eeeb..ad6fa3a 100644 --- a/prefixfile/slurm_test.go +++ b/prefixfile/slurm_test.go @@ -188,35 +188,6 @@ func TestFilterOnBSKs(t *testing.T) { assert.Equal(t, "111b485d29a29db7b515f9c471e1ed3cb7bb7dee", removed[2].Ski) assert.Equal(t, uint32(65005), removed[2].Asn) } -func TestFilterOnVAPs(t *testing.T) { - vrps := []VAPJson{ - { - CustomerAsid: 65001, - Providers: []uint32{65002, 65003}, - }, - { - CustomerAsid: 65002, - Providers: []uint32{65001, 65003}, - }, - } - - slurm := SlurmValidationOutputFilters{ - AspaFilters: []SlurmASPAFilter{ - { - Afi: "IPv4", - CustomerASid: 65001, - }, - { - Afi: "IPv6", - CustomerASid: 65002, - }, - }, - } - added, removed := slurm.FilterOnVAPs(vrps, false) - assert.Len(t, added, 1) - assert.Len(t, removed, 1) - assert.Equal(t, uint32(65001), removed[0].CustomerAsid) -} func TestSlurmEndToEnd(t *testing.T) { slurmfd, err := os.Open("slurm.json") @@ -241,8 +212,7 @@ func TestSlurmEndToEnd(t *testing.T) { panic(err) } - finalVRP, finalASPA, finalBgpsec := - config.FilterAssert(vrplist.ROA, vrplist.ASPA, vrplist.BgpSecKeys, nil) + finalVRP, finalBgpsec := config.FilterAssert(vrplist.ROA, vrplist.BgpSecKeys, nil) foundAssertVRP := false for _, vrps := range finalVRP { @@ -258,19 +228,6 @@ func TestSlurmEndToEnd(t *testing.T) { t.Fatalf("Did not find asserted VRP") } - foundAssertVAP := false - for _, vaps := range finalASPA { - if vaps.CustomerAsid == 64499 { - foundAssertVAP = true - } - if vaps.CustomerAsid == 64496 { - t.Fatalf("Found filtered ASPA") - } - } - if !foundAssertVAP { - t.Fatalf("Did not find asserted VAP") - } - foundAssertBRK := false for _, brks := range finalBgpsec { if brks.Ski == "510f485d29a29db7b515f9c478f8ed3cb7aa7d23" {