rtrlib: extra checks for when user didn't initialize some tables- added null ptr checks in pfx_validate, aspa_verify and spki_validate
- added warnings if the user tries to validate objects where there is no
table
rtrlib: reworking user interface adding rtr_mgr_setup_sockets function- adjusted tests and tools
- added function rtr_mgr_setup_sockets with functionality that
previously resided in rtr_mgr_init
tools: update rtrclient to support aspa- update main cmake file
Co-authored-by: mrzslz <moritz.schulz@proton.me>
Co-authored-by: carl <115627588+carl-tud@users.noreply.github.com>
tests: add aspa tests- add tests for AS_PATH verification
- add tests for `aspa_array`
- add tests for aspa pdu parsing and `aspa_table` updating
- add tests for live interaction with rtr cache servers
Co-authored-by: mrzslz <moritz.schulz@proton.me>
Co-authored-by: carl <115627588+carl-tud@users.noreply.github.com>
rtrlib: add aspa to central management data structure- add aspa_table to rtr_mgr functions
- fix typos and format
Co-authored-by: mrzslz <moritz.schulz@proton.me>
Co-authored-by: carl <115627588+carl-tud@users.noreply.github.com>
rtr: add support for aspa pdus- add support for rtrv2 including aspa pdus
- move rtr pdus to separate header
- refactor undo-update logic
- add aspa in-place and swap-in update mechanism
Co-authored-by: mrzslz <moritz.schulz@proton.me>
Co-authored-by: carl <115627588+carl-tud@users.noreply.github.com>
[FIX] Bit selection error for trie buildingMotivation:
- test cases for arm7 Ubuntu18.04 and ppc64le Ubuntu18.04 failed
- pipeline results in fail after commit
- minor improvements for uniform build up live_tests
How:
- trie building is based on address (binary-trie)
- getting a single bit for IPv6 addresses has been error prone for
bit_postion > 95
- unsure why other distributions did not fail
=> may be due to different en...
Updates public rpki-cache and fixes pipline issuesMotivation
- get pipeline checks running
How:
- insert valid rpki-cache which runs also rtr
- edit url in live_tests, README
- modify changelog date in librtr.spec file
=> no changelog results in error, because all changes older
than 2years are dismissed
- add more output on failure for tests
Updates the used public rpki-caches for testing environmentMotivation
- get pipeline checks running
How:
- find valid rpki-cache which runs also rtr
- edit url in live_tests
rtr_mgr: replace mutex with rwlockrtr_mgr could enter a deadlocked state with multiple socket groups when
a group with at least one group of lower preference comes back online.
This happens because the thread of the group coming back online blocks
on trying to shut down all threads with lower preference while holding
the rtr_mgrs mutex, but a thread that tries to acquire that same mutex
cannot be shut down while doing so.
Sinc...
redhat: Fix RPM file to work on Fedora 33+ and RedHat 9+- Newer Fedora/RedHat changes cmake rpm build to build out of tree
and requires the use of macros for correct locations
See https://fedoraproject.org/wiki/Changes/CMake_to_do_out-of-source_builds
- On newer Fedora, the SOURCES subdirectory isn't created
automatically and needs to be created in the prep phase before
the tar is created
Signed-off-by: Martin Winter <mwinter@opensourcerout...
rtrlib/rtr_mgr: properly cleanup rtr_sockets on stop (#268)Previously rtr_sockets could not be restarted because their state
remained on SHUTDOWN, which they can, by design, not recover from
themselves.
tests: Add integration and unit tests for BGPsec.The integration tests cover:
- originating a BGPsec path
- signing a BGPsec path
- validating a BGPsec path
- getting BGPsec version and algorithm suite values
The unit tests cover:
- allocator and initializer functions
- utility functions
rtrlib/bgpsec: Add BGPsec validation features.- The BGPsec API allows to validate and sign BGPsec paths.
- Currently supported BGPsec version is 0.
- For cryptographic operations, OpenSSL is used. Both version 1.0 and 1.1 are supported.
- The router keys necessary for validation are fetched from the SPKI.
rtrlib/transport/ssh: check for all relevant return values of ssh_channel_selectssh_channel_select can return SSH_EINTR, SSH_ERROR and SSH_OK.
Handle SSH_EINTR and SSH_ERROR accordingly and continue for SSH_OK.
rtrlib/transport/ssh: fix constant spinning on recvThe timeout in the tr_ssh_recv implementation was hard coded to 1 second,
instead of using the provided timeout.
rtrlib/transport/ssh: fix deprication warninglibssh has deprecated ssh_is_known_server, ssh_session_is_known_server
should be used instead. It is available since version 0.8.0, we will use
it if available.
rtrlib/transport/ssh: ensure private key or password is setIt does not make much sense to set both in non interactive
authentication, but one of them has to be set.
cmake: use FindPkgConfig to search for libssh availabilityPreviously a homegrown find script was used. That made assumptions
about location of some header files that do not hold true anymore for
recent libssh versions. The canonical why of finding libraries is
pkg-config and cmake has excellent support for that. So we simply use
it.
rtrlib/transport/{tcp,ssh}: fix tr_{tcp,ssh}_open blocking socket stopSince the move from pthread_kill to pthread_cancel a rtr_socket could
not be stopped immediately if it was in the tr_open call.
cancelability could not be enabled for that function because it holds
local resources.
This enables cancalability locally for the only blocking call in
tr_tcp_open and tr_ssh_open respectively.
rtrlib/transport/tcp: add extended errno outputtr_tcp_open outputs the error with strerror instead of gai_strerror
in case an EAI_SYSTEM error code is received.
tools: fix covery issue related to tr_[tcp,ssh]_config initialisationthe structures tr_tcp_config and tr_ssh_config were not set to 0 at
startup, when init_sockets() call is done. handle this by initialising
those structures.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
rtrlib: ability to pass configured socket in tcp/ssh attributeThanks to previous commit, it becomes possible by the caller to add
an an optional opaque pointer, as well as a callback function that
will be in charge of providing a file descriptor that will be used to
create the tcp/ssh connection to the server. If the information is
provided, and if the socket returned is invalid (<=0), then a fallback
mechanism is done, that is to say that the socket is c...
*: add two attributes to [tcp/ssh]_config structurethose two attributes will be further used to store an opaque pointer, as
well as a callback function. it will be up to the user of the API to use
those fields to provide a socket that will be used for rpki
transportation for communication with servers.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
tanneberger
Nils Bars
Zopolis4
