RPKI: Add 'local address' configuration option

Allow to explicitly configure the source IP address for RPKI-To-Router sessions. Predictable source addresses are useful for minimizing the holes to be poked in ACLs. Changed from 'source address' to 'local address' by committer.

RPKI: Add 'local address' configuration option
Allow to explicitly configure the source IP address for RPKI-To-Router sessions. Predictable source addresses are useful for minimizing the holes to be poked in ACLs. Changed from 'source address' to 'local address' by committer.
e2728c80 · Job Snijders · Ondřej Zajíček · 2d0652dd · e2728c80 · e2728c80
Commit e2728c80 authored 1 year ago by Job Snijders Committed by Ondřej Zajíček 1 year ago
--- a/doc/bird.sgml
+++ b/doc/bird.sgml
@@ -5697,6 +5697,7 @@ protocol rpki [&lt;name&gt;] {
        roa6 { table &lt;tab&gt;; };
        remote &lt;ip&gt; | "&lt;domain&gt;" [port &lt;num&gt;];
        port &lt;num&gt;;
+        local address &lt;ip&gt;;
        refresh [keep] &lt;num&gt;;
        retry [keep] &lt;num&gt;;
        expire [keep] &lt;num&gt;;
@@ -5726,6 +5727,9 @@ specify both channels.
        number is 323 for transport without any encryption and 22 for transport
        with SSH encryption.

+        <tag>local address <m/ip/</tag>
+        Define local address we should use as a source address for the RTR session.
+
        <tag>refresh [keep] <m/num/</tag> Time period in seconds. Tells how
        long to wait before next attempting to poll the cache using a Serial
        Query or a Reset Query packet. Must be lower than 86400 seconds (one

--- a/proto/rpki/config.Y
+++ b/proto/rpki/config.Y
@@ -32,7 +32,7 @@ rpki_check_unused_transport(void)
 CF_DECLS

 CF_KEYWORDS(RPKI, REMOTE, BIRD, PRIVATE, PUBLIC, KEY, TCP, SSH, TRANSPORT, USER,
-	    RETRY, REFRESH, EXPIRE, KEEP, IGNORE, MAX, LENGTH)
+	    RETRY, REFRESH, EXPIRE, KEEP, IGNORE, MAX, LENGTH, LOCAL, ADDRESS)

 %type <i> rpki_keep_interval

@@ -60,6 +60,7 @@ rpki_proto_item:
 | REMOTE rpki_cache_addr
 | REMOTE rpki_cache_addr rpki_proto_item_port
 | rpki_proto_item_port
+ | LOCAL ADDRESS ipa { RPKI_CFG->local_ip = $3; }
 | TRANSPORT rpki_transport
 | REFRESH rpki_keep_interval expr {
     if (rpki_check_refresh_interval($3))

--- a/proto/rpki/rpki.h
+++ b/proto/rpki/rpki.h
@@ -116,6 +116,7 @@ struct rpki_proto {
 struct rpki_config {
  struct proto_config c;
  const char *hostname;			/* Full domain name or stringified IP address of cache server */
+  ip_addr local_ip;			/* Source address to use */
  ip_addr ip;				/* IP address of cache server or IPA_NONE */
  u16 port;				/* Port number of cache server */
  struct rpki_tr_config tr_config;	/* Specific transport configuration structure */

--- a/proto/rpki/transport.c
+++ b/proto/rpki/transport.c
@@ -82,6 +82,7 @@ rpki_tr_open(struct rpki_tr_sock *tr)
  sk->daddr = cf->ip;
  sk->dport = cf->port;
  sk->host = cf->hostname;
+  sk->saddr = cf->local_ip;
  sk->rbsize = RPKI_RX_BUFFER_SIZE;
  sk->tbsize = RPKI_TX_BUFFER_SIZE;
  sk->tos = IP_PREC_INTERNET_CONTROL;