dn42-roagen/rfc8416.php
netravnen 88ae0edd07 BUG: fix roagenerator to be compliant with RFC 6483 section 4.
Changed maxlength to be either 32 (v4) or 128 (v6) when AS0 is set as origin ASN.

"""
4.  Disavowal of Routing Origination

   A ROA is a positive attestation that a prefix holder has authorized
   an AS to originate a route for this prefix into the inter-domain
   routing system.  It is possible for a prefix holder to construct an
   authorization where no valid AS has been granted any such authority
   to originate a route for an address prefix.  This is achieved by
   using a ROA where the ROA's subject AS is one that must not be used
   in any routing context.  Specifically, AS 0 is reserved by the IANA
   such that it may be used to identify non-routed networks [IANA-AS].

   A ROA with a subject of AS 0 (AS 0 ROA) is an attestation by the
   holder of a prefix that the prefix described in the ROA, and any more
   specific prefix, should not be used in a routing context.

   The route validation procedure, described in Section 2, will provide
   a "valid" outcome if any ROA matches the address prefix and origin
   AS, even if other valid ROAs would provide an "invalid" validation
   outcome if used in isolation.  Consequently, an AS 0 ROA has a lower
   relative preference than any other ROA that has a routable AS as its
   subject.  This allows a prefix holder to use an AS 0 ROA to declare a
   default condition that any route that is equal to or more specific
   than the prefix to be considered "invalid", while also allowing other
   concurrently issued ROAs to describe valid origination authorizations
   for more specific prefixes.

   By convention, an AS 0 ROA should have a maxLength value of 32 for
   IPv4 addresses and a maxlength value of 128 for IPv6 addresses;
   although, in terms of route validation, the same outcome would be
   achieved with any valid maxLength value, or even if the maxLength
   element were to be omitted from the ROA.

   Also by convention, an AS 0 ROA should be the only ROA issued for a
   given address prefix; although again, this is not a strict
   requirement.  An AS 0 ROA may coexist with ROAs that have different
   subject AS values; although in such cases, the presence or lack of
   presence of the AS 0 ROA does not alter the route's validity state in
   any way.
"""
2019-01-05 22:38:59 +00:00

227 lines
7.4 KiB
PHP
Executable file

<?php
// Load lib files.
require ("lib/define.php");
require ("lib/functions.php");
// Define array() we are going to populate with data.
$roas["slurmVersion"] = 1;
$roas["_comments"]["modified"]["commit"] = shell_exec ("/usr/bin/git -C ../registry/ log -n 1 --merges --pretty='format:%H'");
$roas["_comments"]["modified"]["merge"] = shell_exec ("/usr/bin/git -C ../registry/ log -n 1 --merges --pretty='format:%p'");
$roas["_comments"]["modified"]["author"] = shell_exec ("/usr/bin/git -C ../registry/ log -n 1 --merges --pretty='format:%an <%ae>'");
$roas["_comments"]["modified"]["date"] = shell_exec ("/usr/bin/git -C ../registry/ log -n 1 --merges --pretty='format:%aD'");
$roas["_comments"]["modified"]["subject"] = shell_exec ("/usr/bin/git -C ../registry/ log -n 1 --merges --pretty='format:%s'");
$roas["_comments"]["modified"]["url"] = "https://git.dn42.us/dn42/registry/commit/";
$roas["_comments"]["modified"]["url"] .= $roas["_comments"]["modified"]["commit"];
$roas["validationOutputFilters"]["prefixFilters"] = array();
$roas["validationOutputFilters"]["bgpsecFilters"] = array();
$roas["locallyAddedAssertions"]["bgpsecAssertions"] = array();
/*
*
* IPv6
*
*/
$i = 0; // Counter used with tmp $raw_array.
$raw_array = array(); // tmp array() used for storing data to be processed
foreach ($files6 as $file)
{
$j = 0;
/*
* route6 with maxLength value set:
* - fd42:5d71:219::/48
*
* $ cat ../registry/data/route6/fd42:5d71:219::_48
* route6: fd42:5d71:219::/48
* origin: AS4242420119
* max-length: 48
* mnt-by: JRB0001-MNT
* source: DN42
*/
$data = file("../registry/data/route6/$file");
foreach ($data as $str)
{
$str = trim_special_chars ($str);
if (startsWith ($str, "max", 3)) $raw_array[$i]["max"] = $str;
elseif (startsWith ($str, "source", 6)) $raw_array[$i]["source"] = $str;
elseif (startsWith ($str, "route6", 6)) $raw_array[$i]["route"] = $str;
elseif (startsWith ($str, "origin", 6)) $raw_array[$i]["asn"][$j++] = $str;
elseif (startsWith ($str, "mnt", 3)) $raw_array[$i]["mnt"] = $str;
// Catch max-length not set in route object.
if (empty ($raw_array[$i]["max"])) $raw_array[$i]["max"] = -1;
}
$i++;
}
$k = 0;
foreach ($raw_array as $sub_array)
{
// Extract prefix and subnet size
// Match prefix sizes 29-64, 80.
$prefix = array();
preg_match ("/([a-f0-9\:]{0,128})\/(29|[3-5][0-9]|6[0-4]|80)/",
explode ("6: ", $sub_array["route"])[1],
$prefix);
// Extract ta information
$source = array();
preg_match ("/([A-Z0-4]+)/",
explode (":", $sub_array["source"])[1],
$source);
// Try to extract max-length information
$maxlength = array();
if (($sub_array["max"]) != -1)
preg_match ("/([0-9]+)/",
explode (":", $sub_array["max"])[1],
$maxlength);
// Extract mnt-by information
$mnt = array();
preg_match ("/([A-Z0-9\-]+)/",
explode (":", $sub_array["mnt"])[1],
$mnt);
// Store extracted values
$_prefix = $prefix[0];
$_ta = (isset ($source[0]) ? $source[0] : "");
// We need to do conditional setting of maxLength to avoid errornous output.
if (($sub_array["max"]) != -1)
$_maxlength = (isset ($maxlength[0]) ? $maxlength[0] : "");
else
// Do fallback to default prefix size if max-length was not set.
$_maxlength = ($prefix[2] < MAX_LEN_IPV6 ? MAX_LEN_IPV6 : $prefix[2]);
$_mnt = $mnt[0];
// Loop through each asn in single route6 object and assign
// other values accordingly.
foreach ($sub_array["asn"] as $asn)
{
// Extract ASxxxxx from string.
preg_match ("/AS[0-9]+/", explode (":", $asn)[1], $_asn);
$roas["locallyAddedAssertions"]["prefixAssertions"][$k]["asn"] = trim ($_asn[0], "AS");
$roas["locallyAddedAssertions"]["prefixAssertions"][$k]["prefix"] = $_prefix;
$roas["locallyAddedAssertions"]["prefixAssertions"][$k]["maxPrefixLength"] = ($_asn[0] != "AS0" ? $_maxlength : 128);
$roas["locallyAddedAssertions"]["prefixAssertions"][$k]["comment"] = "$web_registry_url/data/inet6num/$prefix[1]_$prefix[2]";
$roas["locallyAddedAssertions"]["prefixAssertions"][$k]["source"] = "$_ta";
$roas["locallyAddedAssertions"]["prefixAssertions"][$k]["mnt-by"] = "$_mnt";
$k++;
}
}
/*
*
* IPv4
*
*/
$i = 0; // Counter used with tmp $raw_array.
$raw_array = array(); // tmp array() used for storing data to be processed
foreach ($files4 as $file)
{
$j = 0;
/*
* route with maxLength value set:
* - 172.20.1.0/24
*
* $ cat ../registry/data/route/172.20.1.0_24
* route: 172.20.1.0/24
* origin: AS4242420119
* max-length: 24
* mnt-by: JRB0001-MNT
* source: DN42
*/
$data = file("../registry/data/route/$file");
foreach ($data as $str)
{
$str = trim_special_chars ($str);
if (startsWith ($str, "max", 3)) $raw_array[$i]["max"] = $str;
elseif (startsWith ($str, "source", 6)) $raw_array[$i]["source"] = $str;
elseif (startsWith ($str, "route", 5)) $raw_array[$i]["route"] = $str;
elseif (startsWith ($str, "origin", 6)) $raw_array[$i]["asn"][$j++] = $str;
elseif (startsWith ($str, "mnt", 3)) $raw_array[$i]["mnt"] = $str;
// Catch max-length not set in route object.
if (empty ($raw_array[$i]["max"])) $raw_array[$i]["max"] = -1;
}
$i++;
}
foreach ($raw_array as $sub_array)
{
// Extract prefix and subnet size
// Match prefix sizes 8-32.
$prefix = array();
preg_match ("/([0-9\.]{7,15})\/([8-9]|[1-2][0-9]|3[0-2])/",
explode (":", $sub_array["route"])[1],
$prefix);
// Extract ta information
$source = array();
preg_match ("/([A-Z0-4]+)/",
explode (":", $sub_array["source"])[1],
$source);
// Try to extract max-length information
$maxlength = array();
if (($sub_array["max"]) != -1)
preg_match ("/([0-9]+)/",
explode (":", $sub_array["max"])[1],
$maxlength);
// Extract mnt-by information
$mnt = array();
preg_match ("/([A-Z0-9\-]+)/",
explode (":", $sub_array["mnt"])[1],
$mnt);
// Store extracted values
$_prefix = $prefix[0];
$_ta = (isset ($source[0]) ? $source[0] : "");
// We need to do conditional setting of maxLength to avoid errornous output.
if (($sub_array["max"]) != -1)
$_maxlength = (isset ($maxlength[0]) ? $maxlength[0] : "");
else
// Do fallback to default prefix size if max-length was not set.
$_maxlength = ($prefix[2] < MAX_LEN_IPV4 ? MAX_LEN_IPV4 : $prefix[2]);
$_mnt = $mnt[0];
// Loop through each asn in single route6 object and assign
// other values accordingly.
foreach ($sub_array["asn"] as $asn)
{
// Extract ASxxxxx from string.
preg_match ("/AS[0-9]+/", explode (":", $asn)[1], $_asn);
$roas["locallyAddedAssertions"]["prefixAssertions"][$k]["asn"] = trim ($_asn[0], "AS");
$roas["locallyAddedAssertions"]["prefixAssertions"][$k]["prefix"] = $_prefix;
$roas["locallyAddedAssertions"]["prefixAssertions"][$k]["maxPrefixLength"] = ($_asn[0] != "AS0" ? $_maxlength : 32);
$roas["locallyAddedAssertions"]["prefixAssertions"][$k]["comment"] = "$web_registry_url/data/inetnum/$prefix[1]_$prefix[2]";
$roas["locallyAddedAssertions"]["prefixAssertions"][$k]["source"] = "$_ta";
$roas["locallyAddedAssertions"]["prefixAssertions"][$k]["mnt-by"] = "$_mnt";
$k++;
}
}
writeRoutinatorExceptionFile($roas);
?>