Don't emit ROA rules if the prefix length is greater than the MaxLen defined in filter{,6}.txt
This commit is contained in:
parent
15b4f49ce7
commit
083f6d03eb
16
roaapi.go
16
roaapi.go
@ -361,6 +361,7 @@ func (roa *ROA) CompileROA(registry *Registry,
|
||||
continue
|
||||
}
|
||||
|
||||
// don't allow routes that are denied in the filter rules
|
||||
if filter.Action == "deny" {
|
||||
log.WithFields(log.Fields{
|
||||
"object": object.Ref,
|
||||
@ -370,10 +371,21 @@ func (roa *ROA) CompileROA(registry *Registry,
|
||||
continue
|
||||
}
|
||||
|
||||
// calculate the max-length for this object
|
||||
|
||||
mlen := filter.MaxLen
|
||||
|
||||
// if the prefix is greater than the filter.MaxLen
|
||||
// then don't emit an ROA route (making the route invalid)
|
||||
if ones, _ := pnet.Mask.Size(); ones > int(mlen) {
|
||||
log.WithFields(log.Fields{
|
||||
"object": object.Ref,
|
||||
"prefix": prefix,
|
||||
"filter": filter.Prefix,
|
||||
}).Debug("Defined ROA: Prefix > filter MaxLen")
|
||||
continue
|
||||
}
|
||||
|
||||
// calculate the max-length for this object
|
||||
|
||||
// check if the attribute has max-length defined
|
||||
mattrib := mlenIX.Objects[object]
|
||||
if mattrib != nil {
|
||||
|
Loading…
x
Reference in New Issue
Block a user