Don't emit ROA rules if the prefix length is greater than the MaxLen defined in filter{,6}.txt

2019-04-22 21:06:29 +01:00 · 2019-04-22 21:06:29 +01:00 · 083f6d03eb
commit 083f6d03eb
parent 15b4f49ce7
1 changed files with 14 additions and 2 deletions
--- a/roaapi.go
+++ b/roaapi.go
@ -361,6 +361,7 @@ func (roa *ROA) CompileROA(registry *Registry,
 			continue
 		}

+		// don't allow routes that are denied in the filter rules
 		if filter.Action == "deny" {
 			log.WithFields(log.Fields{
 				"object": object.Ref,
@ -370,10 +371,21 @@ func (roa *ROA) CompileROA(registry *Registry,
 			continue
 		}

-		// calculate the max-length for this object
-
 		mlen := filter.MaxLen

+		// if the prefix is greater than the filter.MaxLen
+		// then don't emit an ROA route (making the route invalid)
+		if ones, _ := pnet.Mask.Size(); ones > int(mlen) {
+			log.WithFields(log.Fields{
+				"object": object.Ref,
+				"prefix": prefix,
+				"filter": filter.Prefix,
+			}).Debug("Defined ROA: Prefix > filter MaxLen")
+			continue
+		}
+
+		// calculate the max-length for this object
+
 		// check if the attribute has max-length defined
 		mattrib := mlenIX.Objects[object]
 		if mattrib != nil {