0
0
mirror of https://gitlab.nic.cz/labs/bird.git synced 2025-01-03 07:31:54 +00:00

Merge commit 'ef814fb2d6415206fce280c37466ea889291b043' into HEAD

This commit is contained in:
Maria Matejka 2023-12-08 12:13:58 +01:00
commit 25906bc5e9

View File

@ -348,129 +348,14 @@ net_route(struct rtable_private *tab, const net_addr *n)
default: default:
return NULL; return NULL;
} }
#undef TW
#undef FW
#undef FVR_IP
#undef FVR_VPN
} }
static int
net_roa_check_ip4_trie(struct rtable_private *tab, const net_addr_ip4 *px, u32 asn)
{
int anything = 0;
TRIE_WALK_TO_ROOT_IP4(tab->trie, px, px0)
{
net_addr_roa4 roa0 = NET_ADDR_ROA4(px0.prefix, px0.pxlen, 0, 0);
struct fib_node *fn;
for (fn = fib_get_chain(&tab->fib, (net_addr *) &roa0); fn; fn = fn->next)
{
net_addr_roa4 *roa = (void *) fn->addr;
net *r = fib_node_to_user(&tab->fib, fn);
if (net_equal_prefix_roa4(roa, &roa0) && r->routes && rte_is_valid(&r->routes->rte))
{
anything = 1;
if (asn && (roa->asn == asn) && (roa->max_pxlen >= px->pxlen))
return ROA_VALID;
}
}
}
TRIE_WALK_TO_ROOT_END;
return anything ? ROA_INVALID : ROA_UNKNOWN;
}
static int
net_roa_check_ip4_fib(struct rtable_private *tab, const net_addr_ip4 *px, u32 asn)
{
struct net_addr_roa4 n = NET_ADDR_ROA4(px->prefix, px->pxlen, 0, 0);
struct fib_node *fn;
int anything = 0;
while (1)
{
for (fn = fib_get_chain(&tab->fib, (net_addr *) &n); fn; fn = fn->next)
{
net_addr_roa4 *roa = (void *) fn->addr;
net *r = fib_node_to_user(&tab->fib, fn);
if (net_equal_prefix_roa4(roa, &n) && r->routes && rte_is_valid(&r->routes->rte))
{
anything = 1;
if (asn && (roa->asn == asn) && (roa->max_pxlen >= px->pxlen))
return ROA_VALID;
}
}
if (n.pxlen == 0)
break;
n.pxlen--;
ip4_clrbit(&n.prefix, n.pxlen);
}
return anything ? ROA_INVALID : ROA_UNKNOWN;
}
static int
net_roa_check_ip6_trie(struct rtable_private *tab, const net_addr_ip6 *px, u32 asn)
{
int anything = 0;
TRIE_WALK_TO_ROOT_IP6(tab->trie, px, px0)
{
net_addr_roa6 roa0 = NET_ADDR_ROA6(px0.prefix, px0.pxlen, 0, 0);
struct fib_node *fn;
for (fn = fib_get_chain(&tab->fib, (net_addr *) &roa0); fn; fn = fn->next)
{
net_addr_roa6 *roa = (void *) fn->addr;
net *r = fib_node_to_user(&tab->fib, fn);
if (net_equal_prefix_roa6(roa, &roa0) && r->routes && rte_is_valid(&r->routes->rte))
{
anything = 1;
if (asn && (roa->asn == asn) && (roa->max_pxlen >= px->pxlen))
return ROA_VALID;
}
}
}
TRIE_WALK_TO_ROOT_END;
return anything ? ROA_INVALID : ROA_UNKNOWN;
}
static int
net_roa_check_ip6_fib(struct rtable_private *tab, const net_addr_ip6 *px, u32 asn)
{
struct net_addr_roa6 n = NET_ADDR_ROA6(px->prefix, px->pxlen, 0, 0);
struct fib_node *fn;
int anything = 0;
while (1)
{
for (fn = fib_get_chain(&tab->fib, (net_addr *) &n); fn; fn = fn->next)
{
net_addr_roa6 *roa = (void *) fn->addr;
net *r = fib_node_to_user(&tab->fib, fn);
if (net_equal_prefix_roa6(roa, &n) && r->routes && rte_is_valid(&r->routes->rte))
{
anything = 1;
if (asn && (roa->asn == asn) && (roa->max_pxlen >= px->pxlen))
return ROA_VALID;
}
}
if (n.pxlen == 0)
break;
n.pxlen--;
ip6_clrbit(&n.prefix, n.pxlen);
}
return anything ? ROA_INVALID : ROA_UNKNOWN;
}
/** /**
* roa_check - check validity of route origination in a ROA table * roa_check - check validity of route origination in a ROA table
* @tab: ROA table * @tab: ROA table
@ -489,28 +374,59 @@ net_roa_check_ip6_fib(struct rtable_private *tab, const net_addr_ip6 *px, u32 as
int int
net_roa_check(rtable *tp, const net_addr *n, u32 asn) net_roa_check(rtable *tp, const net_addr *n, u32 asn)
{ {
int out = ROA_UNKNOWN; net_addr_union *nu = SKIP_BACK(net_addr_union, n, n);
int anything = 0;
struct fib_node *fn;
#define TW(ipv) do { \
TRIE_WALK_TO_ROOT_IP##ipv(tab->trie, &(nu->ip##ipv), var) { \
net_addr_roa##ipv roa0 = NET_ADDR_ROA##ipv(var.prefix, var.pxlen, 0, 0); \
ROA_PARTIAL_CHECK(ipv); \
} TRIE_WALK_TO_ROOT_END; \
return anything ? ROA_INVALID : ROA_UNKNOWN; \
} while (0)
#define FW(ipv) do { \
net_addr_roa##ipv roa0 = NET_ADDR_ROA##ipv(nu->ip##ipv.prefix, nu->ip##ipv.pxlen, 0, 0);\
while (1) { \
ROA_PARTIAL_CHECK(ipv); \
if (roa0.pxlen == 0) break; \
roa0.pxlen--; ip##ipv##_clrbit(&roa0.prefix, roa0.pxlen); \
} \
} while (0)
#define ROA_PARTIAL_CHECK(ipv) do { \
for (fn = fib_get_chain(&tab->fib, (net_addr *) &roa0); fn; fn = fn->next) \
{ \
net_addr_roa##ipv *roa = (void *) fn->addr; \
net *r = fib_node_to_user(&tab->fib, fn); \
if (net_equal_prefix_roa##ipv(roa, &roa0) && rte_is_valid(r->routes)) \
{ \
anything = 1; \
if (asn && (roa->asn == asn) && (roa->max_pxlen >= nu->ip##ipv.pxlen)) \
return ROA_VALID; \
} \
} \
} while (0)
RT_LOCKED(tp, tab) RT_LOCKED(tp, tab)
{ {
if ((tab->addr_type == NET_ROA4) && (n->type == NET_IP4)) if ((tab->addr_type == NET_ROA4) && (n->type == NET_IP4))
{ {
if (tab->trie) if (tab->trie) TW(4);
out = net_roa_check_ip4_trie(tab, (const net_addr_ip4 *) n, asn); else FW(4);
else
out = net_roa_check_ip4_fib (tab, (const net_addr_ip4 *) n, asn);
} }
else if ((tab->addr_type == NET_ROA6) && (n->type == NET_IP6)) else if ((tab->addr_type == NET_ROA6) && (n->type == NET_IP6))
{ {
if (tab->trie) if (tab->trie) TW(6);
out = net_roa_check_ip6_trie(tab, (const net_addr_ip6 *) n, asn); else FW(6);
else
out = net_roa_check_ip6_fib (tab, (const net_addr_ip6 *) n, asn);
} }
else
out = ROA_UNKNOWN; /* Should not happen */
} }
return out;
return anything ? ROA_INVALID : ROA_UNKNOWN;
#undef ROA_PARTIAL_CHECK
#undef TW
#undef FW
} }
/** /**