Re: [patch] add 'source address' configuration option to RPKI protocols

2024-02-22 Thread Job Snijders via Bird-users 
On Thu, Feb 22, 2024 at 03:17:52PM +0100, Ondrej Zajicek wrote:
> On Wed, Feb 21, 2024 at 07:14:18PM +0100, Job Snijders via Bird-users wrote:
> > I'd like to be able to explicitly configure the source IP address
> > for RPKI-To-Router sessions. Predictable source addresses are useful
> > for minimizing the holes to be poked in ACLs. The below changeset
> > adds a 'source address' configuration option to RPKI protocols.
> 
> Thanks, merged:
> 
> https://gitlab.nic.cz/labs/bird/-/commit/e2728c8078161d9811d6c24a11e4c95efd1c9313
> 
> I just changed the name from 'source address' to 'local address'.

Thank you!

And kudos to the project, it was nice to observe how the pre-existing
infrastructure (like bird sockets) made this is a trivial excercise. :)

Kind regards,

Job

Re: [patch] add 'source address' configuration option to RPKI protocols

2024-02-22 Thread Ondrej Zajicek 
On Wed, Feb 21, 2024 at 07:14:18PM +0100, Job Snijders via Bird-users wrote:
> Dear BIRD team,
> 
> Greetings from Amsterdam!
> 
> I'd like to be able to explicitly configure the source IP address for
> RPKI-To-Router sessions. Predictable source addresses are useful for
> minimizing the holes to be poked in ACLs. The below changeset adds a
> 'source address' configuration option to RPKI protocols.

Thanks, merged:

https://gitlab.nic.cz/labs/bird/-/commit/e2728c8078161d9811d6c24a11e4c95efd1c9313

I just changed the name from 'source address' to 'local address'.

-- 
Elen sila lumenn' omentielvo

Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org)
"To err is human -- to blame it on a computer is even more so."

[patch] add 'source address' configuration option to RPKI protocols

2024-02-21 Thread Job Snijders via Bird-users 
Dear BIRD team,

Greetings from Amsterdam!

I'd like to be able to explicitly configure the source IP address for
RPKI-To-Router sessions. Predictable source addresses are useful for
minimizing the holes to be poked in ACLs. The below changeset adds a
'source address' configuration option to RPKI protocols.

Kind regards,

Job

diff --git doc/bird.sgml doc/bird.sgml
index 76ca7f75..a271d47e 100644
--- doc/bird.sgml
+++ doc/bird.sgml
@@ -5700,6 +5700,7 @@ protocol rpki [name] {
 refresh [keep] num;
 retry [keep] num;
 expire [keep] num;
+source address ip;
 transport tcp;
 transport ssh {
 bird private key "/path/to/id_rsa";
@@ -5753,6 +5754,9 @@ specify both channels.
instead. This may be useful for implementing loose RPKI check for
blackholes. Default: disabled.
 
+source address 
+Define local address we should use as a source address for the RTR 
session.
+
 transport tcp Unprotected transport over TCP. It's a default
 transport. Should be used only on secure private networks.
 Default: tcp
diff --git proto/rpki/config.Y proto/rpki/config.Y
index c28cab7a..31656057 100644
--- proto/rpki/config.Y
+++ proto/rpki/config.Y
@@ -32,7 +32,7 @@ rpki_check_unused_transport(void)
 CF_DECLS
 
 CF_KEYWORDS(RPKI, REMOTE, BIRD, PRIVATE, PUBLIC, KEY, TCP, SSH, TRANSPORT, 
USER,
-   RETRY, REFRESH, EXPIRE, KEEP, IGNORE, MAX, LENGTH)
+   RETRY, REFRESH, EXPIRE, KEEP, IGNORE, MAX, LENGTH, SOURCE, ADDRESS)
 
 %type  rpki_keep_interval
 
@@ -60,6 +60,7 @@ rpki_proto_item:
  | REMOTE rpki_cache_addr
  | REMOTE rpki_cache_addr rpki_proto_item_port
  | rpki_proto_item_port
+ | SOURCE ADDRESS ipa { RPKI_CFG->local_ip = $3; }
  | TRANSPORT rpki_transport
  | REFRESH rpki_keep_interval expr {
  if (rpki_check_refresh_interval($3))
diff --git proto/rpki/rpki.h proto/rpki/rpki.h
index 8a5c38fd..e67eb0e3 100644
--- proto/rpki/rpki.h
+++ proto/rpki/rpki.h
@@ -116,6 +116,7 @@ struct rpki_proto {
 struct rpki_config {
   struct proto_config c;
   const char *hostname;/* Full domain name or 
stringified IP address of cache server */
+  ip_addr local_ip;/* Source address to use */
   ip_addr ip;  /* IP address of cache server or 
IPA_NONE */
   u16 port;/* Port number of cache server */
   struct rpki_tr_config tr_config; /* Specific transport configuration 
structure */
diff --git proto/rpki/transport.c proto/rpki/transport.c
index 81bd6dd8..26571977 100644
--- proto/rpki/transport.c
+++ proto/rpki/transport.c
@@ -82,6 +82,7 @@ rpki_tr_open(struct rpki_tr_sock *tr)
   sk->daddr = cf->ip;
   sk->dport = cf->port;
   sk->host = cf->hostname;
+  sk->saddr = cf->local_ip;
   sk->rbsize = RPKI_RX_BUFFER_SIZE;
   sk->tbsize = RPKI_TX_BUFFER_SIZE;
   sk->tos = IP_PREC_INTERNET_CONTROL;