Add length checks

bgp · Jul 28, 2021 · 2d8fda6 · ties · Jul 28, 2021 · job
1 parent f82e338
commit 2d8fda6
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 2 deletions.
diff --git a/cmd/stayrtr/stayrtr.go b/cmd/stayrtr/stayrtr.go
@@ -10,6 +10,7 @@ import (
 	"flag"
 	"fmt"
 	"io/ioutil"
+	"net"
 	"net/http"
 	"os"
 	"os/signal"
@@ -180,6 +181,16 @@ func decodeJSON(data []byte) (*prefixfile.VRPList, error) {
 	return &vrplistjson, err
 }
 
+func checkPrefixLengths(prefix *net.IPNet, maxLength uint8) (bool) {
+	plen, max := net.IPMask.Size(prefix.Mask)
+
+	if (uint8(plen) > maxLength || maxLength > uint8(max)) {
+		log.Errorf("%s Maxlength wrong: %d - %d", prefix, plen, maxLength)
+		return false
+	}
+	return true
+}
+
 func processData(vrplistjson []prefixfile.VRPJson) ([]rtr.VRP, int, int, int) {
 	filterDuplicates := make(map[string]bool)
 
@@ -200,12 +211,16 @@ func processData(vrplistjson []prefixfile.VRPJson) ([]rtr.VRP, int, int, int) {
 			continue
 		}
 
-		count++
+		if !checkPrefixLengths(prefix, v.Length) {
+			continue
+		}
+
 		if prefix.IP.To4() != nil {
 			countv4++
 		} else if prefix.IP.To16() != nil {
 			countv6++
 		}
+		count++
 
 		key := fmt.Sprintf("%s,%d,%d", prefix, asn, v.Length)
 		_, exists := filterDuplicates[key]

diff --git a/prefixfile/slurm_test.go b/prefixfile/slurm_test.go
@@ -97,6 +97,11 @@ func TestFilterOnVRPs(t *testing.T) {
 			Prefix: "10.0.0.0/24",
 			Length: 24,
 		},
+		VRPJson{
+			ASN:    uint32(65005),
+			Prefix: "10.1.0.0/24",
+			Length: 16, // this VRP is broken, maxlength can't be smaller than plen
+		},
 	}
 
 	slurm := SlurmValidationOutputFilters{
@@ -115,8 +120,9 @@ func TestFilterOnVRPs(t *testing.T) {
 	}
 	added, removed := slurm.FilterOnVRPs(vrps)
 	assert.Len(t, added, 1)
-	assert.Len(t, removed, 3)
+	assert.Len(t, removed, 4)
 	assert.Equal(t, uint32(65001), removed[0].GetASN())
+	assert.Equal(t, uint32(65005), removed[3].GetASN())
 }
 
 func TestAssertVRPs(t *testing.T) {