Skip to content

Commit

Permalink
Allow overlapping AS0 ROAs, suggest to remove redundant AS0 ROAs. (#342)
Browse files Browse the repository at this point in the history
  • Loading branch information
Tim Bruijnzeels committed Nov 4, 2020
1 parent d10f655 commit 3c85407
Show file tree
Hide file tree
Showing 6 changed files with 43 additions and 116 deletions.
2 changes: 1 addition & 1 deletion lagosta/css/app.css
View file

Large diffs are not rendered by default.

74 changes: 37 additions & 37 deletions lagosta/js/app.js
View file

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion lagosta/js/app.js.map
View file

Large diffs are not rendered by default.

26 changes: 0 additions & 26 deletions src/commons/error.rs
View file
Expand Up @@ -32,8 +32,6 @@ pub struct RoaDeltaError {
unknowns: Vec<RoaDefinition>,
invalid_length: Vec<RoaDefinition>,
covering: Vec<CoveringRoa>,
as0_exists: Vec<ExistingAs0Roa>,
as0_overlaps: Vec<OverlappingAs0Roa>,
}

impl Default for RoaDeltaError {
Expand All @@ -45,8 +43,6 @@ impl Default for RoaDeltaError {
unknowns: vec![],
invalid_length: vec![],
covering: vec![],
as0_exists: vec![],
as0_overlaps: vec![],
}
}
}
Expand Down Expand Up @@ -76,23 +72,13 @@ impl RoaDeltaError {
self.covering.push(CoveringRoa { addition, covering })
}

pub fn add_as0_exists(&mut self, addition: RoaDefinition, existing_as0: RoaDefinition) {
self.as0_exists.push(ExistingAs0Roa { addition, existing_as0 });
}

pub fn add_as0_overlaps(&mut self, addition: RoaDefinition, existing: Vec<RoaDefinition>) {
self.as0_overlaps.push(OverlappingAs0Roa { addition, existing });
}

pub fn combine(&mut self, mut other: Self) {
self.duplicates.append(&mut other.duplicates);
self.covered.append(&mut other.covered);
self.notheld.append(&mut other.notheld);
self.unknowns.append(&mut other.unknowns);
self.invalid_length.append(&mut other.invalid_length);
self.covering.append(&mut other.covering);
self.as0_exists.append(&mut other.as0_exists);
self.as0_overlaps.append(&mut other.as0_overlaps);
}

pub fn is_empty(&self) -> bool {
Expand All @@ -102,8 +88,6 @@ impl RoaDeltaError {
&& self.unknowns.is_empty()
&& self.invalid_length.is_empty()
&& self.covering.is_empty()
&& self.as0_exists.is_empty()
&& self.as0_overlaps.is_empty()
}
}

Expand Down Expand Up @@ -1076,13 +1060,6 @@ mod tests {

let unknown = definition("192.168.0.0/16 => 1");

let existing_as0 = definition("10.1.0.0/24 => 0");
let existing_as0_addition = definition("10.1.0.0/24 => 1");

let existing_for_as0_1 = definition("10.2.0.0/24 => 1");
let existing_for_as0_2 = definition("10.2.1.0/24 => 1");
let as0_for_existing = definition("10.2.0.0/16 => 0");

error.add_covered(small, middle);
error.add_covering(big, vec![middle, neighbour]);
error.add_duplicate(middle);
Expand All @@ -1091,9 +1068,6 @@ mod tests {
error.add_invalid_length(invalid_length);
error.add_unknown(unknown);

error.add_as0_exists(existing_as0_addition, existing_as0);
error.add_as0_overlaps(as0_for_existing, vec![existing_for_as0_1, existing_for_as0_2]);

// println!(
// "{}",
// serde_json::to_string_pretty(&Error::RoaDeltaError(error).to_error_response()).unwrap()
Expand Down
24 changes: 4 additions & 20 deletions src/daemon/ca/certauth.rs
View file
Expand Up @@ -14,10 +14,10 @@ use rpki::x509::{Serial, Time, Validity};

use crate::commons::api::rrdp::PublishElement;
use crate::commons::api::{
self, AsNumber, CertAuthInfo, ChildHandle, EntitlementClass, Entitlements, Handle, IdCertPem, IssuanceRequest,
IssuedCert, ObjectsDelta, ParentCaContact, ParentHandle, RcvdCert, RepositoryContact, RequestResourceLimit,
ResourceClassName, ResourceSet, Revocation, RevocationRequest, RevocationResponse, RoaDefinition, RtaList, RtaName,
RtaPrepResponse, SigningCert, StorableCaCommand, TaCertDetails, TrustAnchorLocator,
self, CertAuthInfo, ChildHandle, EntitlementClass, Entitlements, Handle, IdCertPem, IssuanceRequest, IssuedCert,
ObjectsDelta, ParentCaContact, ParentHandle, RcvdCert, RepositoryContact, RequestResourceLimit, ResourceClassName,
ResourceSet, Revocation, RevocationRequest, RevocationResponse, RoaDefinition, RtaList, RtaName, RtaPrepResponse,
SigningCert, StorableCaCommand, TaCertDetails, TrustAnchorLocator,
};
use crate::commons::crypto::{CsrInfo, IdCert, IdCertBuilder, KrillSigner, ProtocolCms, ProtocolCmsBuilder};
use crate::commons::error::{Error, RoaDeltaError};
Expand Down Expand Up @@ -1385,8 +1385,6 @@ impl CertAuth {
let roa_def: RoaDefinition = (*addition).into();
let authorizations: Vec<&RouteAuthorization> = desired_routes.authorizations().collect();

let as0 = AsNumber::zero();

if !addition.max_length_valid() {
// The (max) length is invalid for thie prefix
delta_errors.add_invalid_length(roa_def);
Expand All @@ -1407,20 +1405,6 @@ impl CertAuth {
.map(|covered| (**covered).into())
.collect();
delta_errors.add_covering(roa_def, covered)
} else if let Some(existing_as0) = authorizations
.iter()
.find(|existing| existing.asn() == as0 && existing.overlaps(&roa_def))
{
// There is an existing AS0 ROA overlapping this prefix
delta_errors.add_as0_exists(roa_def, (**existing_as0).into())
} else if roa_def.asn() == as0 && authorizations.iter().any(|existing| existing.overlaps(&roa_def)) {
// There is at least one existing ROA overlapping the new AS0 ROA prefix
let existing = authorizations
.iter()
.filter(|existing| existing.overlaps(&roa_def))
.map(|covered| (**covered).into())
.collect();
delta_errors.add_as0_overlaps(roa_def, existing)
} else {
// Ok, this seems okay now
desired_routes.add(*addition);
Expand Down
31 changes: 0 additions & 31 deletions test-resources/api/regressions/errors/ca-roa-delta-error.json
View file
Expand Up @@ -60,36 +60,5 @@
}
]
}
],
"as0_exists": [
{
"addition": {
"asn": 1,
"prefix": "10.1.0.0/24"
},
"existing_as0": {
"asn": 0,
"prefix": "10.1.0.0/24"
}
}
],
"as0_overlaps": [
{
"addition": {
"asn": 0,
"prefix": "10.2.0.0/16"
},
"existing": [
{
"asn": 1,
"prefix": "10.2.0.0/24"
},
{
"asn": 1,
"prefix": "10.2.1.0/24"
}
]
}
]
}
}

0 comments on commit 3c85407

Please sign in to comment.