From b3b6ae25bbb676f0cbccba7447bce35dbacc2f23 Mon Sep 17 00:00:00 2001 From: Job Snijders Date: Tue, 27 Jul 2021 19:00:16 +0000 Subject: [PATCH 1/4] Add more test data --- cmd/stayrtr/test.rpki.json | 66 ++++++++++++++++++++++++++------------ 1 file changed, 46 insertions(+), 20 deletions(-) diff --git a/cmd/stayrtr/test.rpki.json b/cmd/stayrtr/test.rpki.json index 5c9109d..1832ad0 100644 --- a/cmd/stayrtr/test.rpki.json +++ b/cmd/stayrtr/test.rpki.json @@ -1,22 +1,48 @@ { - "metadata": { - "counts": 1, - "generated": 1577865600, - "valid": 1577866200, - "serial": 1 - }, - "roas": [ - { - "prefix": "10.0.0.0/25", - "maxLength": 26, - "asn": "AS65000", - "ta": "Test VRP" - }, - { - "prefix": "10.1.0.0/25", - "maxLength": 26, - "asn": "AS65001", - "ta": "Test VRP" - } - ] + "metadata": { + "buildmachine": "ams-vrp-gen1.rpki-client.org", + "buildtime": "2021-07-27T18:56:02Z", + "elapsedtime": "301", + "usertime": "208", + "systemtime": "113", + "roas": 87883, + "failedroas": 0, + "invalidroas": 1, + "certificates": 26001, + "failcertificates": 0, + "invalidcertificates": 0, + "tals": 4, + "talfiles": "/etc/rpki/afrinic.tal /etc/rpki/apnic.tal /etc/rpki/lacnic.tal /etc/rpki/ripe.tal", + "manifests": 26001, + "failedmanifests": 4, + "stalemanifests": 4, + "crls": 25993, + "gbrs": 2, + "repositories": 25824, + "vrps": 272724, + "uniquevrps": 267772, + "cachedir_del_files": 31, + "cachedir_del_dirs": 283 + }, + + "roas": [ + { "asn": 13335, "prefix": "1.0.0.0/24", "maxLength": 24, "ta": "apnic", "expires": 1627568318 }, + { "asn": 38803, "prefix": "1.0.4.0/24", "maxLength": 24, "ta": "apnic", "expires": 1627559320 }, + { "asn": 38803, "prefix": "1.0.4.0/22", "maxLength": 22, "ta": "apnic", "expires": 1627559320 }, + { "asn": 38803, "prefix": "1.0.5.0/24", "maxLength": 24, "ta": "apnic", "expires": 1627559320 }, + { "asn": 9367, "prefix": "2001:200:136::/48", "maxLength": 48, "ta": "apnic", "expires": 1627575699 }, + { "asn": 24047, "prefix": "2001:200:1ba::/48", "maxLength": 48, "ta": "apnic", "expires": 1627575699 }, + { "asn": 7660, "prefix": "2001:200:900::/40", "maxLength": 40, "ta": "apnic", "expires": 1627575699 }, + { "asn": 4690, "prefix": "2001:200:e00::/40", "maxLength": 40, "ta": "apnic", "expires": 1627575699 }, + { "asn": 1103, "prefix": "2001:610::/32", "maxLength": 48, "ta": "ripe", "expires": 1627488503 }, + { "asn": 1103, "prefix": "2001:610::/29", "maxLength": 29, "ta": "ripe", "expires": 1627488503 }, + { "asn": 3333, "prefix": "2001:610:240::/42", "maxLength": 42, "ta": "ripe", "expires": 1627488503 }, + { "asn": 30999, "prefix": "2001:4248::/32", "maxLength": 64, "ta": "afrinic", "expires": 1627520144 }, + { "asn": 6453, "prefix": "2001:42c8::/32", "maxLength": 32, "ta": "afrinic", "expires": 1627520974 }, + { "asn": 33764, "prefix": "2001:42d0::/40", "maxLength": 40, "ta": "afrinic", "expires": 1627518625 }, + { "asn": 33764, "prefix": "2001:42d0:1500::/40", "maxLength": 40, "ta": "afrinic", "expires": 1627518625 }, + { "asn": 27808, "prefix": "2800:38::/32", "maxLength": 128, "ta": "lacnic", "expires": 1627677646 }, + { "asn": 16814, "prefix": "2800:40::/32", "maxLength": 48, "ta": "lacnic", "expires": 1627665407 }, + { "asn": 16814, "prefix": "2800:40::/32", "maxLength": 32, "ta": "lacnic", "expires": 1627665407 } + ] } From a171598d5c87d3ec313a9d624228622c07c84d37 Mon Sep 17 00:00:00 2001 From: Job Snijders Date: Tue, 27 Jul 2021 19:21:45 +0000 Subject: [PATCH 2/4] Convert a number of places from string to int --- README.md | 2 +- cmd/rtrdump/rtrdump.go | 4 ++-- prefixfile/prefixfile.go | 22 ++++++++++------------ prefixfile/slurm.go | 5 +++-- prefixfile/slurm_test.go | 8 ++++---- 5 files changed, 20 insertions(+), 21 deletions(-) diff --git a/README.md b/README.md index c24161c..7a85cd8 100644 --- a/README.md +++ b/README.md @@ -273,7 +273,7 @@ Use your own validator, as long as the JSON source follows the following schema: { "prefix": "10.0.0.0/24", "maxLength": 24, - "asn": "AS65001" + "asn": 65001 }, ... ] diff --git a/cmd/rtrdump/rtrdump.go b/cmd/rtrdump/rtrdump.go index 4b77320..0bc2137 100644 --- a/cmd/rtrdump/rtrdump.go +++ b/cmd/rtrdump/rtrdump.go @@ -79,7 +79,7 @@ func (c *Client) HandlePDU(cs *rtr.ClientSession, pdu rtr.PDU) { case *rtr.PDUIPv4Prefix: rj := prefixfile.VRPJson{ Prefix: pdu.Prefix.String(), - ASN: fmt.Sprintf("AS%v", pdu.ASN), + ASN: uint32(pdu.ASN), Length: pdu.MaxLen, } c.Data.Data = append(c.Data.Data, rj) @@ -91,7 +91,7 @@ func (c *Client) HandlePDU(cs *rtr.ClientSession, pdu rtr.PDU) { case *rtr.PDUIPv6Prefix: rj := prefixfile.VRPJson{ Prefix: pdu.Prefix.String(), - ASN: fmt.Sprintf("AS%v", pdu.ASN), + ASN: uint32(pdu.ASN), Length: pdu.MaxLen, } c.Data.Data = append(c.Data.Data, rj) diff --git a/prefixfile/prefixfile.go b/prefixfile/prefixfile.go index 68078ef..6e5a47d 100644 --- a/prefixfile/prefixfile.go +++ b/prefixfile/prefixfile.go @@ -9,16 +9,16 @@ import ( ) type VRPJson struct { - Prefix string `json:"prefix"` - Length uint8 `json:"maxLength"` - ASN interface{} `json:"asn"` - TA string `json:"ta,omitempty"` - Expires int `json:"expires"` + Prefix string `json:"prefix"` + Length uint8 `json:"maxLength"` + ASN interface{} `json:"asn"` + TA string `json:"ta,omitempty"` + Expires int `json:"expires,omitempty"` } type MetaData struct { Counts int `json:"vrps"` - Buildtime string `json:"buildtime"` + Buildtime string `json:"buildtime,omitempty"` } type VRPList struct { @@ -32,16 +32,18 @@ func (vrp *VRPJson) GetASN2() (uint32, error) { asnStr := strings.TrimLeft(asnc, "aAsS") asnInt, err := strconv.ParseUint(asnStr, 10, 32) if err != nil { - return 0, errors.New(fmt.Sprintf("Could not decode ASN: %v as part of VRP", vrp.ASN)) + return 0, errors.New(fmt.Sprintf("Could not decode ASN string: %v", vrp.ASN)) } asn := uint32(asnInt) return asn, nil + case uint32: + return asnc, nil case float64: return uint32(asnc), nil case int: return uint32(asnc), nil default: - return 0, errors.New(fmt.Sprintf("Could not decode ASN: %v as part of VRP", vrp.ASN)) + return 0, errors.New(fmt.Sprintf("Could not decode ASN: %v", vrp.ASN)) } } @@ -50,10 +52,6 @@ func (vrp *VRPJson) GetASN() uint32 { return asn } -func (vrp *VRPJson) SetASN(asn uint32) { - vrp.ASN = fmt.Sprintf("AS%v", asn) -} - func (vrp *VRPJson) GetPrefix2() (*net.IPNet, error) { _, prefix, err := net.ParseCIDR(vrp.Prefix) if err != nil { diff --git a/prefixfile/slurm.go b/prefixfile/slurm.go index fc2d41a..168526f 100644 --- a/prefixfile/slurm.go +++ b/prefixfile/slurm.go @@ -2,7 +2,6 @@ package prefixfile import ( "encoding/json" - "fmt" "io" "net" ) @@ -21,6 +20,8 @@ func (pf *SlurmPrefixFilter) GetASN() (uint32, bool) { case json.Number: c, _ := asn.Int64() return uint32(c), false + case int: + return uint32(asn), false case uint32: return asn, false default: @@ -144,7 +145,7 @@ func (s *SlurmLocallyAddedAssertions) AssertVRPs() []VRPJson { maxLength = size } vrps = append(vrps, VRPJson{ - ASN: fmt.Sprintf("AS%v", assertion.ASN), + ASN: uint32(assertion.ASN), Prefix: assertion.Prefix, Length: uint8(maxLength), TA: assertion.Comment, diff --git a/prefixfile/slurm_test.go b/prefixfile/slurm_test.go index 9afd1ac..3b8daf4 100644 --- a/prefixfile/slurm_test.go +++ b/prefixfile/slurm_test.go @@ -78,22 +78,22 @@ func TestDecodeJSON(t *testing.T) { func TestFilterOnVRPs(t *testing.T) { vrps := []VRPJson{ VRPJson{ - ASN: "AS65001", + ASN: uint32(65001), Prefix: "192.168.0.0/25", Length: 25, }, VRPJson{ - ASN: "AS65002", + ASN: uint32(65002), Prefix: "192.168.1.0/24", Length: 24, }, VRPJson{ - ASN: "AS65003", + ASN: uint32(65003), Prefix: "192.168.2.0/24", Length: 24, }, VRPJson{ - ASN: "AS65004", + ASN: uint32(65004), Prefix: "10.0.0.0/24", Length: 24, }, From f82e338a863055f44522ce411ab2e03c88631cbb Mon Sep 17 00:00:00 2001 From: Job Snijders Date: Tue, 27 Jul 2021 19:48:04 +0000 Subject: [PATCH 3/4] Shorten error message --- prefixfile/prefixfile.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/prefixfile/prefixfile.go b/prefixfile/prefixfile.go index 6e5a47d..a4bc3b1 100644 --- a/prefixfile/prefixfile.go +++ b/prefixfile/prefixfile.go @@ -55,7 +55,7 @@ func (vrp *VRPJson) GetASN() uint32 { func (vrp *VRPJson) GetPrefix2() (*net.IPNet, error) { _, prefix, err := net.ParseCIDR(vrp.Prefix) if err != nil { - return nil, errors.New(fmt.Sprintf("Could not decode prefix: %v as part of VRP", vrp.Prefix)) + return nil, errors.New(fmt.Sprintf("Could not decode prefix: %v", vrp.Prefix)) } return prefix, nil } From 2d8fda62f6458ce8f8ba56150cf872c636227396 Mon Sep 17 00:00:00 2001 From: Job Snijders Date: Tue, 27 Jul 2021 20:40:38 +0000 Subject: [PATCH 4/4] Add length checks --- cmd/stayrtr/stayrtr.go | 17 ++++++++++++++++- prefixfile/slurm_test.go | 8 +++++++- 2 files changed, 23 insertions(+), 2 deletions(-) diff --git a/cmd/stayrtr/stayrtr.go b/cmd/stayrtr/stayrtr.go index d6ea8e2..f63b87b 100644 --- a/cmd/stayrtr/stayrtr.go +++ b/cmd/stayrtr/stayrtr.go @@ -10,6 +10,7 @@ import ( "flag" "fmt" "io/ioutil" + "net" "net/http" "os" "os/signal" @@ -180,6 +181,16 @@ func decodeJSON(data []byte) (*prefixfile.VRPList, error) { return &vrplistjson, err } +func checkPrefixLengths(prefix *net.IPNet, maxLength uint8) (bool) { + plen, max := net.IPMask.Size(prefix.Mask) + + if (uint8(plen) > maxLength || maxLength > uint8(max)) { + log.Errorf("%s Maxlength wrong: %d - %d", prefix, plen, maxLength) + return false + } + return true +} + func processData(vrplistjson []prefixfile.VRPJson) ([]rtr.VRP, int, int, int) { filterDuplicates := make(map[string]bool) @@ -200,12 +211,16 @@ func processData(vrplistjson []prefixfile.VRPJson) ([]rtr.VRP, int, int, int) { continue } - count++ + if !checkPrefixLengths(prefix, v.Length) { + continue + } + if prefix.IP.To4() != nil { countv4++ } else if prefix.IP.To16() != nil { countv6++ } + count++ key := fmt.Sprintf("%s,%d,%d", prefix, asn, v.Length) _, exists := filterDuplicates[key] diff --git a/prefixfile/slurm_test.go b/prefixfile/slurm_test.go index 3b8daf4..e1ec356 100644 --- a/prefixfile/slurm_test.go +++ b/prefixfile/slurm_test.go @@ -97,6 +97,11 @@ func TestFilterOnVRPs(t *testing.T) { Prefix: "10.0.0.0/24", Length: 24, }, + VRPJson{ + ASN: uint32(65005), + Prefix: "10.1.0.0/24", + Length: 16, // this VRP is broken, maxlength can't be smaller than plen + }, } slurm := SlurmValidationOutputFilters{ @@ -115,8 +120,9 @@ func TestFilterOnVRPs(t *testing.T) { } added, removed := slurm.FilterOnVRPs(vrps) assert.Len(t, added, 1) - assert.Len(t, removed, 3) + assert.Len(t, removed, 4) assert.Equal(t, uint32(65001), removed[0].GetASN()) + assert.Equal(t, uint32(65005), removed[3].GetASN()) } func TestAssertVRPs(t *testing.T) {