RTRlib
|
The aspa_table is an abstract data structure to organize the validated Autonomous System Provider Authorization data received from an RPKI-RTR cache server. More...
Data Structures | |
struct | aspa_record |
ASPA Record Customer (Customer Autonomous Systen, CAS) authorizes a set of provider AS numbers. More... | |
struct | aspa_table |
ASPA Table. More... | |
struct | aspa_store_node |
A linked list storing the bond between a rtr_socket and an aspa_array . More... | |
struct | aspa_update_operation |
A struct describing a specific type of operation that should be performed using the attached ASPA record. More... | |
struct | aspa_update |
Computed ASPA update. More... | |
Macros | |
#define | ASPA_NOTIFY_NO_OPS 0 |
#define | ASPA_DBG1(a) lrtr_dbg("ASPA: " a) |
Typedefs | |
typedef void(* | aspa_update_fp) (struct aspa_table *aspa_table, const struct aspa_record record, const struct rtr_socket *rtr_socket, const enum aspa_operation_type operation_type) |
A function pointer that is called if an record was added to the aspa_table or was removed from the aspa_table . | |
Enumerations | |
enum | aspa_status { ASPA_SUCCESS = 0 , ASPA_ERROR = -1 , ASPA_DUPLICATE_RECORD = -2 , ASPA_RECORD_NOT_FOUND = -3 } |
Possible return values for aspa_* functions. More... | |
enum | aspa_direction { ASPA_UPSTREAM , ASPA_DOWNSTREAM } |
enum | aspa_verification_result { ASPA_AS_PATH_UNKNOWN , ASPA_AS_PATH_INVALID , ASPA_AS_PATH_VALID } |
AS_PATH verification result. More... | |
enum | aspa_hop_result { ASPA_NO_ATTESTATION , ASPA_NOT_PROVIDER_PLUS , ASPA_PROVIDER_PLUS } |
Functions | |
enum | __attribute__ ((__packed__)) aspa_operation_type |
An enum describing the type of operation the ASPA table should perform using any given ASPA record. | |
void | aspa_table_init (struct aspa_table *aspa_table, aspa_update_fp update_fp) |
Initializes the aspa_table struct. | |
void | aspa_table_free (struct aspa_table *aspa_table, bool notify) |
Frees the memory associated with the aspa_table . | |
enum aspa_status | aspa_table_src_remove (struct aspa_table *aspa_table, struct rtr_socket *rtr_socket, bool notify) |
Removes all records in the aspa_table that originated from the socket. | |
enum aspa_verification_result | aspa_verify_as_path (struct aspa_table *aspa_table, uint32_t as_path[], size_t len, enum aspa_direction direction) |
Verifies an AS_PATH . | |
size_t | aspa_collapse_as_path (uint32_t as_path[], size_t len) |
Collapses an AS_PATH in-place, replacing in-series repetitions with single occurences. | |
enum aspa_hop_result | aspa_check_hop (struct aspa_table *aspa_table, uint32_t customer_asn, uint32_t provider_asn) |
Checks a hop in the given AS_PATH . | |
enum aspa_status | aspa_table_src_replace (struct aspa_table *dst, struct aspa_table *src, struct rtr_socket *rtr_socket, bool notify_dst, bool notify_src) |
Replaces all ASPA records associated with the given socket with the records in the src table. | |
enum aspa_status | aspa_table_update_swap_in_compute (struct aspa_table *aspa_table, struct rtr_socket *rtr_socket, struct aspa_update_operation *operations, size_t count, struct aspa_update **update) |
Computes an update structure that can later be applied to the given ASPA table. | |
void | aspa_table_update_swap_in_apply (struct aspa_update **update) |
Applies the given update, as previously computed by aspa_table_update_swap_in_compute , releases memory allocated while computing the update and unlocks update lock. | |
void | aspa_table_update_swap_in_discard (struct aspa_update **update) |
Discards the given update, releases memory allocated while computing the update and unlocks update lock. | |
enum aspa_status | aspa_table_update_in_place (struct aspa_table *aspa_table, struct rtr_socket *rtr_socket, struct aspa_update_operation *operations, size_t count, struct aspa_update_operation **failed_operation) |
Updates the given ASPA table. | |
enum aspa_status | aspa_table_update_in_place_undo (struct aspa_table *aspa_table, struct rtr_socket *rtr_socket, struct aspa_update_operation *operations, size_t count, struct aspa_update_operation *failed_operation) |
Tries to undo operations up to failed_operation and then releases all operations. | |
void | aspa_table_update_in_place_cleanup (struct aspa_update_operation **operations, size_t count) |
Releases operations and unused provider arrays. | |
The aspa_table is an abstract data structure to organize the validated Autonomous System Provider Authorization data received from an RPKI-RTR cache server.
The aspa_table
is an abstract data structure to organize the validated Autonomous System Provider Authorization data received from an RPKI-RTR cache server.
ASPA tables implement aggregated updating using an array of 'add record' and 'remove record' operations – reducing iterations and memory allocations. E.g., these operations can be derived from a RTR cache response. Currently, two distinct update mechanisms are supported: Swap-In and In-Place updates. Use the macro ASPA_UPDATE_MECHANISM
in rtr/packets.c to configure which implementation is used during syncing. The array of operations is effectively a diff to the table's previous state. This diff can be conveniently used to notify callers about changes once the update is applied.
The ASPA table's Swap-In update mechanism avoids blocking callers who want to verify an AS_PATH
(and therefore need read access to the table) while an update is in progress and removes the need for an undo mechanism in case the update to the ASPA table itself or some other action performed inbetween fails.
Performing an update using this mechanism involves these steps:
aspa_table_update_swap_in_compute
. This will create a new ASPA array, appending both existing records and new records. Everything needed to update the table is stored in an update structure.aspa_table_update_swap_in_apply
or discard it by calling aspa_table_update_swap_in_discard
. This will either swap in the newly created ASPA array and notify clients about changes or discard and release data that's now unused.The implementation guarantess no changes are made to the ASPA table between calling aspa_table_update_swap_in_compute
and aspa_table_update_swap_in_apply
or aspa_table_update_swap_in_discard
.
The ASPA table's In-Place update mechanism involves in-place modifications to the array of records and an undo function that undoes changes made previously.
Performing an update using this mechanism involves these steps:
aspa_table_update_in_place
. This will modify the ASPA array. If the update fails, failed_operation
will be set to the operation where the error occurring.aspa_table_update_in_place_undo
. This will undo all operations up to failed_operation
or all operations.aspa_table_update_in_place_cleanup
. This will deallocate provider arrays and other data created during the update that's now unused.There're various cases that need to be handled appropriately by both implementations.
ASPA_DUPLICATE_RECORD
).ASPA_DUPLICATE_RECORD
).ASPA_RECORD_NOT_FOUND
).ASPA_RECORD_NOT_FOUND
).ASPA_NOTIFY_NO_OPS
(1
or 0
) determines if clients are notified about these no-ops.Both update mechanism implementations tackle the beforementioned cases by first sorting the array of 'add' and 'remove' operations by their customer ASN stably. That is, 'add' and 'remove' operations dealing with matching customer ASNs will remain in the same order as they arrived. This makes checking for cases 2 - Duplicate Announcement and 4 - Duplicate Removal easy as possible duplicates are neighbors in the operations array. Ordering the operations also enables skipping annihilating operations as described in case 5 - Complementary Announcement/Withdrawal. Both implementations are comprised of a loop iterating over operations and a nested loop that handles records from the existing ASPA array with an ASN smaller than the current operation's ASN.
#define ASPA_DBG1 | ( | a | ) | lrtr_dbg("ASPA: " a) |
#include <rtrlib/aspa/aspa_private.h>
#define ASPA_NOTIFY_NO_OPS 0 |
#include <rtrlib/aspa/aspa_private.h>
typedef void(* aspa_update_fp) (struct aspa_table *aspa_table, const struct aspa_record record, const struct rtr_socket *rtr_socket, const enum aspa_operation_type operation_type) |
#include <rtrlib/aspa/aspa.h>
A function pointer that is called if an record was added to the aspa_table
or was removed from the aspa_table
.
aspa_table | ASPA table which was updated. |
record | ASPA record that was modified. |
rtr_socket | The socket the record originated from |
operation_type | The type of this operation. |
enum aspa_direction |
#include <rtrlib/aspa/aspa.h>
Enumerator | |
---|---|
ASPA_UPSTREAM | |
ASPA_DOWNSTREAM |
enum aspa_hop_result |
#include <rtrlib/aspa/aspa_private.h>
Enumerator | |
---|---|
ASPA_NO_ATTESTATION | |
ASPA_NOT_PROVIDER_PLUS | |
ASPA_PROVIDER_PLUS |
enum aspa_status |
#include <rtrlib/aspa/aspa.h>
Possible return values for aspa_*
functions.
Enumerator | |
---|---|
ASPA_SUCCESS | Operation was successful. |
ASPA_ERROR | Error occurred. |
ASPA_DUPLICATE_RECORD | The supplied aspa_record already exists in the aspa_table. |
ASPA_RECORD_NOT_FOUND | aspa_record wasn't found in the aspa_table. |
#include <rtrlib/aspa/aspa.h>
AS_PATH verification result.
Enumerator | |
---|---|
ASPA_AS_PATH_UNKNOWN | |
ASPA_AS_PATH_INVALID | |
ASPA_AS_PATH_VALID |
enum __attribute__ | ( | (__packed__) | ) |
#include <rtrlib/aspa/aspa.h>
An enum describing the type of operation the ASPA table should perform using any given ASPA record.
The existing record, identified by its customer ASN, shall be withdrawn from the ASPA table.
The new record, identified by its customer ASN, shall be added to the ASPA table.
enum aspa_hop_result aspa_check_hop | ( | struct aspa_table * | aspa_table, |
uint32_t | customer_asn, | ||
uint32_t | provider_asn | ||
) |
size_t aspa_collapse_as_path | ( | uint32_t | as_path[], |
size_t | len | ||
) |
#include <rtrlib/aspa/aspa.h>
Collapses an AS_PATH
in-place, replacing in-series repetitions with single occurences.
void aspa_table_free | ( | struct aspa_table * | aspa_table, |
bool | notify | ||
) |
#include <rtrlib/aspa/aspa.h>
Frees the memory associated with the aspa_table
.
[in] | aspa_table | aspa_table that will be initialized. |
notify | A boolean value determining whether to notify clients about records being removed from the table. |
void aspa_table_init | ( | struct aspa_table * | aspa_table, |
aspa_update_fp | update_fp | ||
) |
#include <rtrlib/aspa/aspa.h>
Initializes the aspa_table
struct.
[in] | aspa_table | aspa_table that will be initialized. |
[in] | update_fp | Pointer to update function |
enum aspa_status aspa_table_src_remove | ( | struct aspa_table * | aspa_table, |
struct rtr_socket * | rtr_socket, | ||
bool | notify | ||
) |
#include <rtrlib/aspa/aspa.h>
Removes all records in the aspa_table
that originated from the socket.
aspa_table | ASPA table to use. |
rtr_socket | Record's origin socket. |
notify | A boolean value determining whether clients should be notified about the records' removal. |
SPKI_SUCCESS
On success. SPKI_ERROR
On error. enum aspa_status aspa_table_src_replace | ( | struct aspa_table * | dst, |
struct aspa_table * | src, | ||
struct rtr_socket * | rtr_socket, | ||
bool | notify_dst, | ||
bool | notify_src | ||
) |
#include <rtrlib/aspa/aspa_private.h>
Replaces all ASPA records associated with the given socket with the records in the src table.
[in,out] | dst | The destination table. Existing records associated with the socket are replaced. |
[in,out] | src | The source table. |
[in] | rtr_socket | The socket the records are associated with. |
notify_dst | A boolean value determining whether to notify the destination table's clients. | |
notify_src | A boolean value determining whether to notify the source table's clients. |
ASPA_SUCCESS
if the operation succeeds, ASPA_ERROR
if it fails. enum aspa_status aspa_table_update_in_place | ( | struct aspa_table * | aspa_table, |
struct rtr_socket * | rtr_socket, | ||
struct aspa_update_operation * | operations, | ||
size_t | count, | ||
struct aspa_update_operation ** | failed_operation | ||
) |
#include <rtrlib/aspa/aspa_private.h>
Updates the given ASPA table.
provider_count
set to 0
and provider_array
set to NULL
.[in] | aspa_table | ASPA table to store new ASPA data in. |
[in] | rtr_socket | The socket the updates originate from. |
[in] | operations | Add and remove operations to perform. |
[in] | count | Number of operations. |
[out] | failed_operation | Failed operation, filled in if update fails. |
ASPA_SUCCESS
On success. ASPA_RECORD_NOT_FOUND
If a records is supposed to be removed but cannot be found. ASPA_DUPLICATE_RECORD
If a records is supposed to be added but its corresponding customer ASN already exists. ASPA_ERROR
On other failures. void aspa_table_update_in_place_cleanup | ( | struct aspa_update_operation ** | operations, |
size_t | count | ||
) |
#include <rtrlib/aspa/aspa_private.h>
Releases operations and unused provider arrays.
[in] | operations | Add and remove operations. |
[in] | count | Number of operations. |
enum aspa_status aspa_table_update_in_place_undo | ( | struct aspa_table * | aspa_table, |
struct rtr_socket * | rtr_socket, | ||
struct aspa_update_operation * | operations, | ||
size_t | count, | ||
struct aspa_update_operation * | failed_operation | ||
) |
#include <rtrlib/aspa/aspa_private.h>
Tries to undo operations
up to failed_operation
and then releases all operations.
[in] | aspa_table | ASPA table to store new ASPA data in. |
[in] | rtr_socket | The socket the updates originate from. |
[in] | operations | Add and remove operations to perform. |
[in] | count | Number of operations. |
[in] | failed_operation | Failed operation. |
ASPA_SUCCESS
On success. ASPA_RECORD_NOT_FOUND
If a records is supposed to be removed but cannot be found. ASPA_DUPLICATE_RECORD
If a records is supposed to be added but its corresponding customer ASN already exists. ASPA_ERROR
On other failures. void aspa_table_update_swap_in_apply | ( | struct aspa_update ** | update | ) |
#include <rtrlib/aspa/aspa_private.h>
Applies the given update, as previously computed by aspa_table_update_swap_in_compute
, releases memory allocated while computing the update and unlocks update lock.
The update is consumed.
update | The update that will be applied. |
enum aspa_status aspa_table_update_swap_in_compute | ( | struct aspa_table * | aspa_table, |
struct rtr_socket * | rtr_socket, | ||
struct aspa_update_operation * | operations, | ||
size_t | count, | ||
struct aspa_update ** | update | ||
) |
#include <rtrlib/aspa/aspa_private.h>
Computes an update structure that can later be applied to the given ASPA table.
provider_count
set to 0 and provider_array
set to NULL
. aspa_table_update_swap_in_apply
or aspa_table_update_swap_in_discard
to either apply or discard the update.[in] | aspa_table | ASPA table to store new ASPA data in. |
[in] | rtr_socket | The socket the updates originate from. |
[in] | operations | Add and remove operations to perform. |
[in] | count | Number of operations. |
update | The computed update. The update pointer must be non-NULL, but may point to a NULL value initially. Points to an update struct after this function returns. |
ASPA_SUCCESS
On success. ASPA_RECORD_NOT_FOUND
If a records is supposed to be removed but cannot be found. ASPA_DUPLICATE_RECORD
If a records is supposed to be added but its corresponding customer ASN already exists. ASPA_ERROR
On other failures. void aspa_table_update_swap_in_discard | ( | struct aspa_update ** | update | ) |
#include <rtrlib/aspa/aspa_private.h>
Discards the given update, releases memory allocated while computing the update and unlocks update lock.
The update is consumed.
update | The update to discard. |
enum aspa_verification_result aspa_verify_as_path | ( | struct aspa_table * | aspa_table, |
uint32_t | as_path[], | ||
size_t | len, | ||
enum aspa_direction | direction | ||
) |
#include <rtrlib/aspa/aspa.h>
Verifies an AS_PATH .
Implements an optimized version of the ASPA verification algorithm described in section 6 of https://datatracker.ietf.org/doc/draft-ietf-sidrops-aspa-verification/16/ .
[in] | aspa_table | ASPA table to use. |
[in] | direction | AS_PATH direction, as explained in the draft |
[in] | as_path | AS_PATH array to be validated: concatenated of BGP UPDATEs' AS_PATH s |
[in] | len | the length of as_path array |
ASPA_AS_PATH_UNKNOWN
if the AS_PATH
cannot be fully verified ASPA_AS_PATH_INVALID
if AS_PATH
is invalid ASPA_AS_PATH_VALID
if AS_PATH
is valid