burble.dn42/dn42regsrv
1
0
Fork 0
Code Issues Pull Requests Packages Releases Wiki Activity

Don't emit ROA rules if the prefix length is greater than the MaxLen defined in filter{,6}.txt

Browse Source
This commit is contained in:
Simon Marsh 2019-04-22 21:06:29 +01:00
parent 15b4f49ce7
commit 083f6d03eb
Signed by: burble
GPG Key ID: 7B9FE8780CFB6593
1 changed files with 14 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
roaapi.go
View File

@ -361,6 +361,7 @@ func (roa *ROA) CompileROA(registry *Registry,
continue continue
} }
// don't allow routes that are denied in the filter rules
if filter.Action == "deny" { if filter.Action == "deny" {
log.WithFields(log.Fields{ log.WithFields(log.Fields{
"object": object.Ref, "object": object.Ref,
@ -370,10 +371,21 @@ func (roa *ROA) CompileROA(registry *Registry,
continue continue
} }
// calculate the max-length for this object
mlen := filter.MaxLen mlen := filter.MaxLen
// if the prefix is greater than the filter.MaxLen
// then don't emit an ROA route (making the route invalid)
if ones, _ := pnet.Mask.Size(); ones > int(mlen) {
log.WithFields(log.Fields{
"object": object.Ref,
"prefix": prefix,
"filter": filter.Prefix,
}).Debug("Defined ROA: Prefix > filter MaxLen")
continue
}
// calculate the max-length for this object
// check if the attribute has max-length defined // check if the attribute has max-length defined
mattrib := mlenIX.Objects[object] mattrib := mlenIX.Objects[object]
if mattrib != nil { if mattrib != nil {