1 /* 2 * BIRD -- The Resource Public Key Infrastructure (RPKI) to Router Protocol 3 * 4 * (c) 2015 CZ.NIC 5 * (c) 2015 Pavel Tvrdik <pawel.tvrdik@gmail.com> 6 * 7 * Using RTRlib: http://rpki.realmv6.org/ 8 * 9 * Can be freely distributed and used under the terms of the GNU GPL. 10 */ 11 12 #ifndef _BIRD_RPKI_H_ 13 #define _BIRD_RPKI_H_ 14 15 #include "nest/bird.h" 16 #include "nest/route.h" 17 #include "nest/protocol.h" 18 #include "lib/socket.h" 19 #include "lib/ip.h" 20 21 #include "transport.h" 22 #include "packets.h" 23 24 #define RPKI_TCP_PORT 323 25 #define RPKI_SSH_PORT 22 26 #define RPKI_RETRY_INTERVAL 600 27 #define RPKI_REFRESH_INTERVAL 3600 28 #define RPKI_EXPIRE_INTERVAL 7200 29 30 #define RPKI_VERSION_0 0 31 #define RPKI_VERSION_1 1 32 #define RPKI_MAX_VERSION RPKI_VERSION_1 33 34 35 /* 36 * RPKI Cache 37 */ 38 39 enum rpki_cache_state { 40 RPKI_CS_CONNECTING, /* Socket is establishing the transport connection. */ 41 RPKI_CS_ESTABLISHED, /* Connection is established, socket is waiting for a Serial Notify or expiration of the refresh_interval timer */ 42 RPKI_CS_RESET, /* Resetting RTR connection. */ 43 RPKI_CS_SYNC_START, /* Sending a Serial/Reset Query PDU and expecting a Cache Response PDU */ 44 RPKI_CS_SYNC_RUNNING, /* Receiving validation records from the RTR server. A state between Cache Response PDU and End of Data PDU */ 45 RPKI_CS_FAST_RECONNECT, /* Reconnect without any waiting period */ 46 RPKI_CS_NO_INCR_UPDATE_AVAIL, /* Server is unable to answer the last Serial Query and sent Cache Reset. */ 47 RPKI_CS_ERROR_NO_DATA_AVAIL, /* Server is unable to answer either a Serial Query or a Reset Query because it has no useful data available at this time. */ 48 RPKI_CS_ERROR_FATAL, /* Fatal protocol error occurred. */ 49 RPKI_CS_ERROR_TRANSPORT, /* Error on the transport socket occurred. */ 50 RPKI_CS_SHUTDOWN, /* RTR Socket is stopped. */ 51 }; 52 53 struct rpki_cache { 54 pool *pool; /* Pool containing cache objects */ 55 struct rpki_proto *p; 56 57 struct rpki_tr_sock *tr_sock; /* Transport specific socket */ 58 enum rpki_cache_state state; /* RPKI_CS_* */ 59 u32 session_id; 60 u8 request_session_id; /* 1: have to request new session id; 0: we have already received session id */ 61 u32 serial_num; /* Serial number denotes the logical version of data from cache server */ 62 u8 version; /* Protocol version */ 63 btime last_update; /* Last successful synchronization with cache server */ 64 btime last_rx_prefix; /* Last received prefix PDU */ 65 66 /* Intervals can be changed by cache server on the fly */ 67 u32 refresh_interval; /* Actual refresh interval (in seconds) */ 68 u32 retry_interval; 69 u32 expire_interval; 70 timer *retry_timer; /* Retry timer event */ 71 timer *refresh_timer; /* Refresh timer event */ 72 timer *expire_timer; /* Expire timer event */ 73 }; 74 75 const char *rpki_get_cache_ident(struct rpki_cache *cache); 76 const char *rpki_cache_state_to_str(enum rpki_cache_state state); 77 78 79 /* 80 * Routes handling 81 */ 82 83 void rpki_table_add_roa(struct rpki_cache *cache, struct channel *channel, const net_addr_union *pfxr); 84 void rpki_table_remove_roa(struct rpki_cache *cache, struct channel *channel, const net_addr_union *pfxr); 85 86 87 /* 88 * RPKI Protocol Logic 89 */ 90 91 void rpki_cache_change_state(struct rpki_cache *cache, const enum rpki_cache_state new_state); 92 93 94 /* 95 * RPKI Timer Events 96 */ 97 98 const char *rpki_check_refresh_interval(uint seconds); 99 const char *rpki_check_retry_interval(uint seconds); 100 const char *rpki_check_expire_interval(uint seconds); 101 102 103 /* 104 * RPKI Protocol Configuration 105 */ 106 107 struct rpki_proto { 108 struct proto p; 109 struct rpki_cache *cache; 110 111 struct channel *roa4_channel; 112 struct channel *roa6_channel; 113 u8 refresh_channels; /* For non-incremental updates using rt_refresh_begin(), rt_refresh_end() */ 114 }; 115 116 struct rpki_config { 117 struct proto_config c; 118 const char *hostname; /* Full domain name or stringified IP address of cache server */ 119 ip_addr ip; /* IP address of cache server or IPA_NONE */ 120 u16 port; /* Port number of cache server */ 121 struct rpki_tr_config tr_config; /* Specific transport configuration structure */ 122 u32 refresh_interval; /* Time interval (in seconds) for periodical downloading data from cache server */ 123 u32 retry_interval; /* Time interval (in seconds) for an unreachable server */ 124 u32 expire_interval; /* Maximal lifetime (in seconds) of ROAs without any successful refreshment */ 125 u8 keep_refresh_interval:1; /* Do not overwrite refresh interval by cache server update */ 126 u8 keep_retry_interval:1; /* Do not overwrite retry interval by cache server update */ 127 u8 keep_expire_interval:1; /* Do not overwrite expire interval by cache server update */ 128 u8 ignore_max_length:1; /* Ignore received max length and use MAX_PREFIX_LENGTH instead */ 129 }; 130 131 void rpki_check_config(struct rpki_config *cf); 132 133 134 /* 135 * Logger 136 */ 137 138 #define RPKI_LOG(log_level, rpki, msg, args...) \ 139 do { \ 140 log(log_level "%s: " msg, (rpki)->p.name , ## args); \ 141 } while(0) 142 143 #if defined(LOCAL_DEBUG) || defined(GLOBAL_DEBUG) 144 #define CACHE_DBG(cache,msg,args...) \ 145 do { \ 146 RPKI_LOG(L_DEBUG, (cache)->p, "%s [%s] %s " msg, rpki_get_cache_ident(cache), rpki_cache_state_to_str((cache)->state), __func__, ## args); \ 147 } while(0) 148 #else 149 #define CACHE_DBG(cache,msg,args...) do { } while(0) 150 #endif 151 152 #define RPKI_TRACE(level,rpki,msg,args...) \ 153 do { \ 154 if ((rpki)->p.debug & level) \ 155 RPKI_LOG(L_TRACE, rpki, msg, ## args); \ 156 } while(0) 157 158 #define CACHE_TRACE(level,cache,msg,args...) \ 159 do { \ 160 if ((cache)->p->p.debug & level) \ 161 RPKI_LOG(L_TRACE, (cache)->p, msg, ## args); \ 162 } while(0) 163 164 #define RPKI_WARN(p, msg, args...) RPKI_LOG(L_WARN, p, msg, ## args); 165 166 #endif /* _BIRD_RPKI_H_ */ 167