mirror of
https://gitlab.nic.cz/labs/bird.git
synced 2025-01-23 09:21:53 +00:00
4cf229a0b5
Add the RPKI protocol (RFC 6810) using the RTRLib (http://rpki.realmv6.org/) that is integrated inside the BIRD's code. Implemeted transports are: - unprotected transport over TCP - secure transport over SSHv2 The code should work properly with one cache server per protocol. A compilation has to be hacked with: $ ./configure LIBS='-lssh' ... Example configuration of bird.conf: ... roa table roatable; protocol rpki { roa table roatable; cache "rpki-validator.realmv6.org"; } protocol rpki { roa table roatable; cache "localhost" { port 2222; ssh encryption { bird private key "/home/birdgeek/.ssh/id_rsa"; cache public key "/home/birdgeek/.ssh/known_hosts"; user "birdgeek"; }; }; } ... TODO list: - load libssh2 using dlopen - support more cache servers per protocol
168 lines
3.8 KiB
C
168 lines
3.8 KiB
C
/*
|
|
* BIRD -- The Resource Public Key Infrastructure (RPKI) to Router Protocol
|
|
*
|
|
* (c) 2015 CZ.NIC
|
|
*
|
|
* This file was part of RTRlib: http://rpki.realmv6.org/
|
|
*
|
|
* Can be freely distributed and used under the terms of the GNU GPL.
|
|
*/
|
|
|
|
#include <assert.h>
|
|
#include <errno.h>
|
|
#include <netdb.h>
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
#include <sys/socket.h>
|
|
#include <sys/types.h>
|
|
#include <unistd.h>
|
|
|
|
#include "rpki.h"
|
|
|
|
#include "tcp_transport.h"
|
|
#include "lib/unix.h"
|
|
|
|
|
|
static int tr_tcp_open(void *tr_tcp_sock);
|
|
static void tr_tcp_close(void *tr_tcp_sock);
|
|
static void tr_tcp_free(struct tr_socket *tr_sock);
|
|
static const char *tr_tcp_ident(void *socket);
|
|
|
|
int tr_tcp_open(void *tr_tcp_sock)
|
|
{
|
|
struct tr_tcp_socket *tcp_socket = tr_tcp_sock;
|
|
struct rpki_cache *cache = tcp_socket->cache;
|
|
struct rpki_proto *p = cache->p;
|
|
|
|
sock *sk = cache->sk;
|
|
sk->type = SK_TCP_ACTIVE;
|
|
|
|
if (sk_open(sk) != 0)
|
|
return TR_ERROR;
|
|
|
|
return TR_SUCCESS;
|
|
}
|
|
|
|
void tr_tcp_close(void *tr_tcp_sock)
|
|
{
|
|
struct tr_tcp_socket *tcp_socket = tr_tcp_sock;
|
|
struct rpki_cache *cache = tcp_socket->cache;
|
|
struct rpki_proto *p = cache->p;
|
|
|
|
sock *s = cache->sk;
|
|
if (s && s->fd > 0)
|
|
{
|
|
/* TODO: ??? */
|
|
}
|
|
}
|
|
|
|
void tr_tcp_free(struct tr_socket *tr_sock)
|
|
{
|
|
struct tr_tcp_socket *tcp_sock = tr_sock->socket;
|
|
|
|
if (tcp_sock)
|
|
{
|
|
if (tcp_sock->ident != NULL)
|
|
mb_free(tcp_sock->ident);
|
|
tr_sock->socket = NULL;
|
|
mb_free(tcp_sock);
|
|
}
|
|
}
|
|
|
|
const char *tr_tcp_ident(void *socket)
|
|
{
|
|
assert(socket != NULL);
|
|
|
|
struct tr_tcp_socket *sock = socket;
|
|
struct rpki_proto *p = sock->cache->p;
|
|
|
|
if (sock->ident != NULL)
|
|
return sock->ident;
|
|
|
|
size_t colon_and_port_len = 6; /* max ":65535" */
|
|
size_t ident_len;
|
|
if (sock->config.host)
|
|
ident_len = strlen(sock->config.host) + colon_and_port_len + 1;
|
|
else
|
|
ident_len = STD_ADDRESS_P_LENGTH + colon_and_port_len + 1;
|
|
|
|
sock->ident = mb_allocz(p->p.pool, ident_len);
|
|
if (sock->ident == NULL)
|
|
return NULL;
|
|
|
|
if (sock->config.host)
|
|
bsnprintf(sock->ident, ident_len, "%s:%u", sock->config.host, sock->config.port);
|
|
else
|
|
bsnprintf(sock->ident, ident_len, "%I:%u", sock->config.ip, sock->config.port);
|
|
|
|
return sock->ident;
|
|
}
|
|
|
|
/*
|
|
* Fulfill the (ip_addr) tcp_socket->config.ip
|
|
* Return TR_SUCCESS or TR_ERROR
|
|
*/
|
|
static int
|
|
fulfill_ip_addr(struct tr_tcp_socket *tcp_socket)
|
|
{
|
|
struct rpki_proto *p = tcp_socket->cache->p;
|
|
|
|
struct addrinfo hints;
|
|
struct addrinfo *res;
|
|
struct addrinfo *bind_addrinfo = NULL;
|
|
|
|
bzero(&hints, sizeof(hints));
|
|
hints.ai_family = AF_UNSPEC;
|
|
hints.ai_socktype = SOCK_STREAM;
|
|
hints.ai_flags = AI_ADDRCONFIG;
|
|
|
|
char port_buf[6]; /* max is "65535" + '\0' */
|
|
snprintf(port_buf, sizeof(port_buf), "%u", tcp_socket->config.port);
|
|
|
|
if (getaddrinfo(tcp_socket->config.host, port_buf, &hints, &res) != 0)
|
|
{
|
|
RPKI_ERROR(p, "getaddrinfo error, %s", tcp_socket, gai_strerror(errno));
|
|
return TR_ERROR;
|
|
}
|
|
|
|
sockaddr sa = {
|
|
.sa = *res->ai_addr,
|
|
};
|
|
|
|
uint unused;
|
|
sockaddr_read(&sa, res->ai_family, &tcp_socket->config.ip, NULL, &unused);
|
|
|
|
freeaddrinfo(res);
|
|
return TR_SUCCESS;
|
|
}
|
|
|
|
int tr_tcp_init(struct rpki_cache *cache)
|
|
{
|
|
struct rpki_proto *p = cache->p;
|
|
struct rpki_cache_cfg *cache_cfg = cache->cfg;
|
|
struct tr_socket *tr_socket = cache->rtr_socket->tr_socket;
|
|
|
|
tr_socket->close_fp = &tr_tcp_close;
|
|
tr_socket->free_fp = &tr_tcp_free;
|
|
tr_socket->open_fp = &tr_tcp_open;
|
|
tr_socket->ident_fp = &tr_tcp_ident;
|
|
|
|
tr_socket->socket = mb_allocz(p->p.pool, sizeof(struct tr_tcp_socket));
|
|
struct tr_tcp_socket *tcp = tr_socket->socket;
|
|
|
|
tcp->cache = cache;
|
|
tcp->config.host = cache_cfg->hostname;
|
|
tcp->config.ip = cache_cfg->ip;
|
|
tcp->config.port = cache_cfg->port;
|
|
|
|
assert(ipa_nonzero(tcp->config.ip) || tcp->config.host != NULL);
|
|
if (ipa_zero(tcp->config.ip))
|
|
{
|
|
if (fulfill_ip_addr(tcp) == TR_ERROR)
|
|
return TR_ERROR;
|
|
}
|
|
|
|
return TR_SUCCESS;
|
|
}
|