usr.sbin/bgpd/rde_trie.c

*3a50f0a9Sjmc/*	$OpenBSD: rde_trie.c,v 1.17 2022/12/28 21:30:16 jmc Exp $ */
a02daaddSclaudio
a02daaddSclaudio/*
a02daaddSclaudio * Copyright (c) 2018 Claudio Jeker <claudio@openbsd.org>
a02daaddSclaudio *
a02daaddSclaudio * Permission to use, copy, modify, and distribute this software for any
a02daaddSclaudio * purpose with or without fee is hereby granted, provided that the above
a02daaddSclaudio * copyright notice and this permission notice appear in all copies.
a02daaddSclaudio *
a02daaddSclaudio * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
a02daaddSclaudio * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
a02daaddSclaudio * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
a02daaddSclaudio * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
a02daaddSclaudio * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
a02daaddSclaudio * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
a02daaddSclaudio * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
a02daaddSclaudio */
a02daaddSclaudio#include <sys/types.h>
a02daaddSclaudio#include <sys/queue.h>
a02daaddSclaudio
a02daaddSclaudio#include <netinet/in.h>
a02daaddSclaudio
a02daaddSclaudio#include <stdlib.h>
a02daaddSclaudio#include <stdio.h>
a02daaddSclaudio#include <string.h>
a02daaddSclaudio
a02daaddSclaudio#include "bgpd.h"
a02daaddSclaudio#include "rde.h"
a02daaddSclaudio
a02daaddSclaudio/*
a02daaddSclaudio * Bitwise compressed trie for prefix-sets.
a02daaddSclaudio * Since the trie is path compressed the traversing function needs to check
a02daaddSclaudio * that the lookup is still on path before taking a branch.
a02daaddSclaudio * There are two types of nodes in the trie. Internal branch nodes and real
a02daaddSclaudio * nodes. Internal nodes are added when needed because off path nodes are being
a02daaddSclaudio * inserted and are just used for branching.
a02daaddSclaudio * During lookup every node defines which bit is checked for branching. This
*3a50f0a9Sjmc * offset is strictly increasing. For IPv4 the maximum is therefore 32 levels.
a02daaddSclaudio * Every node checks the bit at position plen to decide which branch to take.
a02daaddSclaudio * The real nodes also include a prefixlen mask which represents the prefixlen
a02daaddSclaudio * range that was defined. The prefixlen mask for IPv4 only has 32 bits but
a02daaddSclaudio * the prefixlen range is from 0 - 32 which needs 33bits. Now prefixlen 0 is
a02daaddSclaudio * special and only one element -- the default route -- can have prefixlen 0.
a02daaddSclaudio * So this default route is added as a flag to the trie_head and needs to be
a02daaddSclaudio * checked independent of the trie when doing a lookup.
a02daaddSclaudio * On insertion a prefix is added with its prefixlen plen and a min & max
a02daaddSclaudio * for the prefixlen range. The following precondition needs to hold
a02daaddSclaudio *     plen <= min <= max
a02daaddSclaudio * To only match the prefix itself min and max are set to plen.
a02daaddSclaudio * If a same prefix (addr/plen) is added to the trie but with different
a02daaddSclaudio * min & max values then the masks of both nodes are merged with a binary OR.
a02daaddSclaudio * The match function returns true the moment the first node is found which
a02daaddSclaudio * covers the looked up prefix and where the prefixlen mask matches for the
451e36b1Sdenis * looked up prefixlen. The moment the plen of a node is bigger than the
451e36b1Sdenis * prefixlen of the looked up prefix the search can be stopped since
451e36b1Sdenis * there will be no match.
a02daaddSclaudio */
a02daaddSclaudiostruct tentry_v4 {
a02daaddSclaudio	struct tentry_v4	*trie[2];
59e404fbSclaudio	struct set_table	*set;	/* for roa source-as set */
a02daaddSclaudio	struct in_addr		 addr;
a02daaddSclaudio	struct in_addr		 plenmask;
39386878Sclaudio	uint8_t			 plen;
39386878Sclaudio	uint8_t			 node;
a02daaddSclaudio};
a02daaddSclaudio
a02daaddSclaudiostruct tentry_v6 {
a02daaddSclaudio	struct tentry_v6	*trie[2];
59e404fbSclaudio	struct set_table	*set;	/* for roa source-as set */
a02daaddSclaudio	struct in6_addr		 addr;
a02daaddSclaudio	struct in6_addr		 plenmask;
39386878Sclaudio	uint8_t			 plen;
39386878Sclaudio	uint8_t			 node;
a02daaddSclaudio};
a02daaddSclaudio
a02daaddSclaudio/*
a02daaddSclaudio * Find first different bit between a & b starting from the MSB,
a02daaddSclaudio * a & b have to be different.
a02daaddSclaudio */
a02daaddSclaudiostatic int
a02daaddSclaudioinet4findmsb(struct in_addr *a, struct in_addr *b)
a02daaddSclaudio{
a02daaddSclaudio	int r = 0;
39386878Sclaudio	uint32_t v;
a02daaddSclaudio
a02daaddSclaudio	v = ntohl(a->s_addr ^ b->s_addr);
a02daaddSclaudio	if (v > 0xffff) { r += 16; v >>= 16; }
a02daaddSclaudio	if (v > 0x00ff) { r += 8; v >>= 8; }
a02daaddSclaudio	if (v > 0x000f) { r += 4; v >>= 4; }
a02daaddSclaudio	if (v > 0x0003) { r += 2; v >>= 2; }
a02daaddSclaudio	if (v > 0x0001) { r += 1; }
a02daaddSclaudio
a02daaddSclaudio	return 31 - r;
a02daaddSclaudio}
a02daaddSclaudio
a02daaddSclaudio/*
a02daaddSclaudio * Find first different bit between a & b starting from the MSB,
a02daaddSclaudio * a & b have to be different.
a02daaddSclaudio */
a02daaddSclaudiostatic int
a02daaddSclaudioinet6findmsb(struct in6_addr *a, struct in6_addr *b)
a02daaddSclaudio{
a02daaddSclaudio	int r = 0;
39386878Sclaudio	uint8_t i, x;
a02daaddSclaudio
a02daaddSclaudio	for (i = 0; i < sizeof(*a) && a->s6_addr[i] == b->s6_addr[i]; i++)
a02daaddSclaudio		;
a02daaddSclaudio	/* first different octet */
a02daaddSclaudio	x = a->s6_addr[i] ^ b->s6_addr[i];
a02daaddSclaudio
a02daaddSclaudio	/* first different bit */
a02daaddSclaudio	if (x > 0xf) { r += 4; x >>= 4; }
a02daaddSclaudio	if (x > 0x3) { r += 2; x >>= 2; }
a02daaddSclaudio	if (x > 0x1) { r += 1; }
a02daaddSclaudio
a02daaddSclaudio	return i * 8 + 7 - r;
a02daaddSclaudio}
a02daaddSclaudio
a02daaddSclaudiostatic int
39386878Sclaudioinet4isset(struct in_addr *addr, uint8_t bit)
a02daaddSclaudio{
ee3cba03Sclaudio	return addr->s_addr & htonl(1U << (31 - bit));
a02daaddSclaudio}
a02daaddSclaudio
a02daaddSclaudiostatic int
39386878Sclaudioinet6isset(struct in6_addr *addr, uint8_t bit)
a02daaddSclaudio{
a02daaddSclaudio	return addr->s6_addr[bit / 8] & (0x80 >> (bit % 8));
a02daaddSclaudio}
a02daaddSclaudio
a02daaddSclaudiostatic void
39386878Sclaudioinet4setbit(struct in_addr *addr, uint8_t bit)
a02daaddSclaudio{
a02daaddSclaudio	/* bit 0 sets the MSB and 31 sets the LSB */
ee3cba03Sclaudio	addr->s_addr |= htonl(1U << (31 - bit));
a02daaddSclaudio}
a02daaddSclaudio
a02daaddSclaudiostatic void
39386878Sclaudioinet6setbit(struct in6_addr *addr, uint8_t bit)
a02daaddSclaudio{
a02daaddSclaudio	addr->s6_addr[bit / 8] |= (0x80 >> (bit % 8));
a02daaddSclaudio}
a02daaddSclaudio
4b62fd1aSclaudiostatic struct tentry_v4 *
39386878Sclaudiotrie_add_v4(struct trie_head *th, struct in_addr *prefix, uint8_t plen)
a02daaddSclaudio{
a02daaddSclaudio	struct tentry_v4 *n, *new, *b, **prev;
4b62fd1aSclaudio	struct in_addr p;
a02daaddSclaudio
a02daaddSclaudio	inet4applymask(&p, prefix, plen);
a02daaddSclaudio
a02daaddSclaudio	/* walk tree finding spot to insert */
a02daaddSclaudio	prev = &th->root_v4;
a02daaddSclaudio	n = *prev;
a02daaddSclaudio	while (n) {
a02daaddSclaudio		struct in_addr mp;
39386878Sclaudio		uint8_t minlen;
a02daaddSclaudio
a02daaddSclaudio		minlen = n->plen > plen ? plen : n->plen;
a02daaddSclaudio		inet4applymask(&mp, &p, minlen);
a02daaddSclaudio		if (n->addr.s_addr != mp.s_addr) {
a02daaddSclaudio			/*
a02daaddSclaudio			 * out of path, insert intermediary node between
a02daaddSclaudio			 * np and n, then insert n and new node there
a02daaddSclaudio			 */
a02daaddSclaudio			if ((b = calloc(1, sizeof(*b))) == NULL)
4b62fd1aSclaudio				return NULL;
e5b62a74Sclaudio			rdemem.pset_cnt++;
e5b62a74Sclaudio			rdemem.pset_size += sizeof(*b);
a02daaddSclaudio			b->plen = inet4findmsb(&n->addr, &mp);
a02daaddSclaudio			inet4applymask(&b->addr, &n->addr, b->plen);
a02daaddSclaudio
a02daaddSclaudio			*prev = b;
a02daaddSclaudio			if (inet4isset(&n->addr, b->plen)) {
a02daaddSclaudio				b->trie[1] = n;
a02daaddSclaudio				prev = &b->trie[0];
a02daaddSclaudio			} else {
a02daaddSclaudio				b->trie[0] = n;
a02daaddSclaudio				prev = &b->trie[1];
a02daaddSclaudio			}
a02daaddSclaudio			n = NULL;
a02daaddSclaudio			break;
a02daaddSclaudio		}
a02daaddSclaudio
a02daaddSclaudio		if (n->plen > plen) {
a02daaddSclaudio			/* n is more specific, just insert new in between */
a02daaddSclaudio			break;
a02daaddSclaudio		}
a02daaddSclaudio
a02daaddSclaudio		if (n->plen == plen) {
a02daaddSclaudio			/* matching node, adjust */
7ff9bf35Sclaudio			if (n->node == 0)
7ff9bf35Sclaudio				th->v4_cnt++;
a02daaddSclaudio			n->node = 1;
4b62fd1aSclaudio			return n;
a02daaddSclaudio		}
a02daaddSclaudio
a02daaddSclaudio		/* no need to check for n->plen == 32 because of above if */
a02daaddSclaudio		if (inet4isset(&p, n->plen))
a02daaddSclaudio			prev = &n->trie[1];
a02daaddSclaudio		else
a02daaddSclaudio			prev = &n->trie[0];
a02daaddSclaudio		n = *prev;
a02daaddSclaudio	}
a02daaddSclaudio
a02daaddSclaudio	/* create new node */
a02daaddSclaudio	if ((new = calloc(1, sizeof(*new))) == NULL)
4b62fd1aSclaudio		return NULL;
7ff9bf35Sclaudio	th->v4_cnt++;
e5b62a74Sclaudio	rdemem.pset_cnt++;
e5b62a74Sclaudio	rdemem.pset_size += sizeof(*new);
a02daaddSclaudio	new->addr = p;
a02daaddSclaudio	new->plen = plen;
a02daaddSclaudio	new->node = 1;
a02daaddSclaudio
a02daaddSclaudio	/* link node */
a02daaddSclaudio	*prev = new;
a02daaddSclaudio	if (n) {
a02daaddSclaudio		if (inet4isset(&n->addr, new->plen))
a02daaddSclaudio			new->trie[1] = n;
a02daaddSclaudio		else
a02daaddSclaudio			new->trie[0] = n;
a02daaddSclaudio	}
4b62fd1aSclaudio	return new;
a02daaddSclaudio}
a02daaddSclaudio
4b62fd1aSclaudiostatic struct tentry_v6 *
39386878Sclaudiotrie_add_v6(struct trie_head *th, struct in6_addr *prefix, uint8_t plen)
a02daaddSclaudio{
a02daaddSclaudio	struct tentry_v6 *n, *new, *b, **prev;
4b62fd1aSclaudio	struct in6_addr p;
a02daaddSclaudio
a02daaddSclaudio	inet6applymask(&p, prefix, plen);
a02daaddSclaudio
a02daaddSclaudio	/* walk tree finding spot to insert */
a02daaddSclaudio	prev = &th->root_v6;
a02daaddSclaudio	n = *prev;
a02daaddSclaudio	while (n) {
a02daaddSclaudio		struct in6_addr mp;
39386878Sclaudio		uint8_t minlen;
a02daaddSclaudio
a02daaddSclaudio		minlen = n->plen > plen ? plen : n->plen;
a02daaddSclaudio		inet6applymask(&mp, &p, minlen);
a02daaddSclaudio		if (memcmp(&n->addr, &mp, sizeof(mp)) != 0) {
a02daaddSclaudio			/*
a02daaddSclaudio			 * out of path, insert intermediary node between
a02daaddSclaudio			 * np and n, then insert n and new node there
a02daaddSclaudio			 */
a02daaddSclaudio			if ((b = calloc(1, sizeof(*b))) == NULL)
4b62fd1aSclaudio				return NULL;
e5b62a74Sclaudio			rdemem.pset_cnt++;
e5b62a74Sclaudio			rdemem.pset_size += sizeof(*b);
a02daaddSclaudio			b->plen = inet6findmsb(&n->addr, &mp);
a02daaddSclaudio			inet6applymask(&b->addr, &n->addr, b->plen);
a02daaddSclaudio
a02daaddSclaudio			*prev = b;
a02daaddSclaudio			if (inet6isset(&n->addr, b->plen)) {
a02daaddSclaudio				b->trie[1] = n;
a02daaddSclaudio				prev = &b->trie[0];
a02daaddSclaudio			} else {
a02daaddSclaudio				b->trie[0] = n;
a02daaddSclaudio				prev = &b->trie[1];
a02daaddSclaudio			}
a02daaddSclaudio			n = NULL;
a02daaddSclaudio			break;
a02daaddSclaudio		}
a02daaddSclaudio
a02daaddSclaudio		if (n->plen > plen) {
a02daaddSclaudio			/* n is more specific, just insert new in between */
a02daaddSclaudio			break;
a02daaddSclaudio		}
a02daaddSclaudio
a02daaddSclaudio		if (n->plen == plen) {
a02daaddSclaudio			/* matching node, adjust */
7ff9bf35Sclaudio			if (n->node == 0)
7ff9bf35Sclaudio				th->v6_cnt++;
a02daaddSclaudio			n->node = 1;
4b62fd1aSclaudio			return n;
a02daaddSclaudio		}
a02daaddSclaudio
451e36b1Sdenis		/* no need to check for n->plen == 128 because of above if */
a02daaddSclaudio		if (inet6isset(&p, n->plen))
a02daaddSclaudio			prev = &n->trie[1];
a02daaddSclaudio		else
a02daaddSclaudio			prev = &n->trie[0];
a02daaddSclaudio		n = *prev;
a02daaddSclaudio	}
a02daaddSclaudio
a02daaddSclaudio	/* create new node */
a02daaddSclaudio	if ((new = calloc(1, sizeof(*new))) == NULL)
4b62fd1aSclaudio		return NULL;
7ff9bf35Sclaudio	th->v6_cnt++;
e5b62a74Sclaudio	rdemem.pset_cnt++;
e5b62a74Sclaudio	rdemem.pset_size += sizeof(*new);
a02daaddSclaudio	new->addr = p;
a02daaddSclaudio	new->plen = plen;
a02daaddSclaudio	new->node = 1;
a02daaddSclaudio
a02daaddSclaudio	/* link node */
a02daaddSclaudio	*prev = new;
a02daaddSclaudio	if (n) {
a02daaddSclaudio		if (inet6isset(&n->addr, new->plen))
a02daaddSclaudio			new->trie[1] = n;
a02daaddSclaudio		else
a02daaddSclaudio			new->trie[0] = n;
a02daaddSclaudio	}
4b62fd1aSclaudio	return new;
a02daaddSclaudio}
a02daaddSclaudio
4b62fd1aSclaudio/*
4b62fd1aSclaudio * Insert prefix/plen into the trie with a prefixlen mask covering min - max.
4b62fd1aSclaudio * If plen == min == max then only the prefix/plen will match and no longer
4b62fd1aSclaudio * match is possible. Else all prefixes under prefix/plen with a prefixlen
4b62fd1aSclaudio * between min and max will match.
4b62fd1aSclaudio */
a02daaddSclaudioint
39386878Sclaudiotrie_add(struct trie_head *th, struct bgpd_addr *prefix, uint8_t plen,
39386878Sclaudio    uint8_t min, uint8_t max)
a02daaddSclaudio{
4b62fd1aSclaudio	struct tentry_v4 *n4;
4b62fd1aSclaudio	struct tentry_v6 *n6;
39386878Sclaudio	uint8_t i;
4b62fd1aSclaudio
a02daaddSclaudio	/* precondition plen <= min <= max */
a02daaddSclaudio	if (plen > min || min > max)
a02daaddSclaudio		return -1;
4b62fd1aSclaudio	if (prefix->aid != AID_INET && prefix->aid != AID_INET6)
4b62fd1aSclaudio		return -1;
4b62fd1aSclaudio
4b62fd1aSclaudio	/*
4b62fd1aSclaudio	 * Check for default route, this is special cased since prefixlen 0
4b62fd1aSclaudio	 * can't be checked in the prefixlen mask plenmask.  Also there is
4b62fd1aSclaudio	 * only one default route so using a flag for this works.
4b62fd1aSclaudio	 */
4b62fd1aSclaudio	if (min == 0) {
4b62fd1aSclaudio		if (prefix->aid == AID_INET)
4b62fd1aSclaudio			th->match_default_v4 = 1;
4b62fd1aSclaudio		else
4b62fd1aSclaudio			th->match_default_v6 = 1;
4b62fd1aSclaudio
4b62fd1aSclaudio		if (max == 0)	/* just the default route */
4b62fd1aSclaudio			return 0;
4b62fd1aSclaudio		min = 1;
4b62fd1aSclaudio	}
a02daaddSclaudio
a02daaddSclaudio	switch (prefix->aid) {
a02daaddSclaudio	case AID_INET:
a02daaddSclaudio		if (max > 32)
a02daaddSclaudio			return -1;
4b62fd1aSclaudio
4b62fd1aSclaudio		n4 = trie_add_v4(th, &prefix->v4, plen);
4b62fd1aSclaudio		if (n4 == NULL)
4b62fd1aSclaudio			return -1;
4b62fd1aSclaudio		/*
4b62fd1aSclaudio		 * The prefixlen min - max goes from 1 to 32 but the bitmask
4b62fd1aSclaudio		 * starts at 0 and so all bits are set with an offset of -1.
4b62fd1aSclaudio		 * The default /0 route is handled specially above.
4b62fd1aSclaudio		 */
4b62fd1aSclaudio		for (i = min; i <= max; i++)
4b62fd1aSclaudio			inet4setbit(&n4->plenmask, i - 1);
4b62fd1aSclaudio		break;
a02daaddSclaudio	case AID_INET6:
a02daaddSclaudio		if (max > 128)
a02daaddSclaudio			return -1;
4b62fd1aSclaudio
4b62fd1aSclaudio		n6 = trie_add_v6(th, &prefix->v6, plen);
4b62fd1aSclaudio		if (n6 == NULL)
4b62fd1aSclaudio			return -1;
4b62fd1aSclaudio
4b62fd1aSclaudio		/* See above for the - 1 reason. */
4b62fd1aSclaudio		for (i = min; i <= max; i++)
4b62fd1aSclaudio			inet6setbit(&n6->plenmask, i - 1);
4b62fd1aSclaudio		break;
4b62fd1aSclaudio	}
4b62fd1aSclaudio	return 0;
4b62fd1aSclaudio}
4b62fd1aSclaudio
4b62fd1aSclaudio/*
59e404fbSclaudio * Insert a ROA entry for prefix/plen. The prefix will insert a set with
4b62fd1aSclaudio * source_as and the maxlen as data. This makes it possible to validate if a
4b62fd1aSclaudio * prefix is matching this ROA record. It is possible to insert prefixes with
4b62fd1aSclaudio * source_as = 0. These entries will never return ROA_VALID on check and can
4b62fd1aSclaudio * be used to cover a large prefix as ROA_INVALID unless a more specific route
4b62fd1aSclaudio * is a match.
4b62fd1aSclaudio */
4b62fd1aSclaudioint
6aa533f4Sclaudiotrie_roa_add(struct trie_head *th, struct roa *roa)
4b62fd1aSclaudio{
4b62fd1aSclaudio	struct tentry_v4 *n4;
4b62fd1aSclaudio	struct tentry_v6 *n6;
59e404fbSclaudio	struct set_table **stp;
6aa533f4Sclaudio	struct roa_set rs, *rsp;
4b62fd1aSclaudio
4b62fd1aSclaudio	/* ignore possible default route since it does not make sense */
4b62fd1aSclaudio
6aa533f4Sclaudio	switch (roa->aid) {
4b62fd1aSclaudio	case AID_INET:
6aa533f4Sclaudio		if (roa->prefixlen > 32)
4b62fd1aSclaudio			return -1;
4b62fd1aSclaudio
6aa533f4Sclaudio		n4 = trie_add_v4(th, &roa->prefix.inet, roa->prefixlen);
4b62fd1aSclaudio		if (n4 == NULL)
4b62fd1aSclaudio			return -1;
59e404fbSclaudio		stp = &n4->set;
4b62fd1aSclaudio		break;
4b62fd1aSclaudio	case AID_INET6:
6aa533f4Sclaudio		if (roa->prefixlen > 128)
4b62fd1aSclaudio			return -1;
4b62fd1aSclaudio
6aa533f4Sclaudio		n6 = trie_add_v6(th, &roa->prefix.inet6, roa->prefixlen);
4b62fd1aSclaudio		if (n6 == NULL)
4b62fd1aSclaudio			return -1;
59e404fbSclaudio		stp = &n6->set;
4b62fd1aSclaudio		break;
a02daaddSclaudio	default:
a02daaddSclaudio		/* anything else fails */
a02daaddSclaudio		return -1;
a02daaddSclaudio	}
4b62fd1aSclaudio
6aa533f4Sclaudio	if (*stp == NULL)
6aa533f4Sclaudio		if ((*stp = set_new(1, sizeof(rs))) == NULL)
4b62fd1aSclaudio			return -1;
6aa533f4Sclaudio
6aa533f4Sclaudio	/* merge sets with same key, longer maxlen wins */
6aa533f4Sclaudio	if ((rsp = set_match(*stp, roa->asnum)) != NULL) {
6aa533f4Sclaudio		if (rsp->maxlen < roa->maxlen)
6aa533f4Sclaudio			rsp->maxlen = roa->maxlen;
6aa533f4Sclaudio	} else {
6aa533f4Sclaudio		rs.as = roa->asnum;
6aa533f4Sclaudio		rs.maxlen = roa->maxlen;
6aa533f4Sclaudio		if (set_add(*stp, &rs, 1) != 0)
6aa533f4Sclaudio			return -1;
6aa533f4Sclaudio		/* prep data so that set_match works */
6aa533f4Sclaudio		set_prep(*stp);
6aa533f4Sclaudio	}
4b62fd1aSclaudio
4b62fd1aSclaudio	return 0;
a02daaddSclaudio}
a02daaddSclaudio
a02daaddSclaudiostatic void
a02daaddSclaudiotrie_free_v4(struct tentry_v4 *n)
a02daaddSclaudio{
a02daaddSclaudio	if (n == NULL)
a02daaddSclaudio		return;
a02daaddSclaudio	trie_free_v4(n->trie[0]);
a02daaddSclaudio	trie_free_v4(n->trie[1]);
59e404fbSclaudio	set_free(n->set);
a02daaddSclaudio	free(n);
e5b62a74Sclaudio	rdemem.pset_cnt--;
e5b62a74Sclaudio	rdemem.pset_size -= sizeof(*n);
a02daaddSclaudio}
a02daaddSclaudio
a02daaddSclaudiostatic void
a02daaddSclaudiotrie_free_v6(struct tentry_v6 *n)
a02daaddSclaudio{
a02daaddSclaudio	if (n == NULL)
a02daaddSclaudio		return;
a02daaddSclaudio	trie_free_v6(n->trie[0]);
a02daaddSclaudio	trie_free_v6(n->trie[1]);
59e404fbSclaudio	set_free(n->set);
a02daaddSclaudio	free(n);
e5b62a74Sclaudio	rdemem.pset_cnt--;
e5b62a74Sclaudio	rdemem.pset_size -= sizeof(*n);
a02daaddSclaudio}
a02daaddSclaudio
a02daaddSclaudiovoid
a02daaddSclaudiotrie_free(struct trie_head *th)
a02daaddSclaudio{
a02daaddSclaudio	trie_free_v4(th->root_v4);
a02daaddSclaudio	trie_free_v6(th->root_v6);
6f8eff73Sclaudio	memset(th, 0, sizeof(*th));
a02daaddSclaudio}
a02daaddSclaudio
a02daaddSclaudiostatic int
39386878Sclaudiotrie_match_v4(struct trie_head *th, struct in_addr *prefix, uint8_t plen,
9ed42aa2Sbenno    int orlonger)
a02daaddSclaudio{
a02daaddSclaudio	struct tentry_v4 *n;
a02daaddSclaudio
a02daaddSclaudio	if (plen == 0) {
a02daaddSclaudio		/* special handling for default route */
a02daaddSclaudio		return th->match_default_v4;
a02daaddSclaudio	}
a02daaddSclaudio
a02daaddSclaudio	n = th->root_v4;
a02daaddSclaudio	while (n) {
a02daaddSclaudio		struct in_addr mp;
a02daaddSclaudio
a02daaddSclaudio		if (n->plen > plen)
a02daaddSclaudio			break;	/* too specific, no match possible */
a02daaddSclaudio
a02daaddSclaudio		inet4applymask(&mp, prefix, n->plen);
a02daaddSclaudio		if (n->addr.s_addr != mp.s_addr)
a02daaddSclaudio			break;	/* off path, no match possible */
a02daaddSclaudio
9ed42aa2Sbenno		/* the match covers all larger prefixlens */
9ed42aa2Sbenno		if (n->node && orlonger)
9ed42aa2Sbenno			return 1;
9ed42aa2Sbenno
a02daaddSclaudio		/* plen is from 1 - 32 but the bitmask starts with 0 */
a02daaddSclaudio		if (n->node && inet4isset(&n->plenmask, plen - 1))
a02daaddSclaudio			return 1;	/* prefixlen allowed, match */
a02daaddSclaudio
a02daaddSclaudio		if (n->plen == 32)
a02daaddSclaudio			break;	/* can't go deeper */
a02daaddSclaudio		if (inet4isset(prefix, n->plen))
a02daaddSclaudio			n = n->trie[1];
a02daaddSclaudio		else
a02daaddSclaudio			n = n->trie[0];
a02daaddSclaudio	}
a02daaddSclaudio
a02daaddSclaudio	return 0;
a02daaddSclaudio}
a02daaddSclaudio
a02daaddSclaudiostatic int
39386878Sclaudiotrie_match_v6(struct trie_head *th, struct in6_addr *prefix, uint8_t plen,
9ed42aa2Sbenno    int orlonger)
a02daaddSclaudio{
a02daaddSclaudio	struct tentry_v6 *n;
a02daaddSclaudio
a02daaddSclaudio	if (plen == 0) {
a02daaddSclaudio		/* special handling for default route */
a02daaddSclaudio		return th->match_default_v6;
a02daaddSclaudio	}
a02daaddSclaudio
a02daaddSclaudio	n = th->root_v6;
a02daaddSclaudio	while (n) {
a02daaddSclaudio		struct in6_addr mp;
a02daaddSclaudio
a02daaddSclaudio		if (n->plen > plen)
a02daaddSclaudio			break;	/* too specific, no match possible */
a02daaddSclaudio
a02daaddSclaudio		inet6applymask(&mp, prefix, n->plen);
a02daaddSclaudio		if (memcmp(&n->addr, &mp, sizeof(mp)) != 0)
a02daaddSclaudio			break;	/* off path, no match possible */
a02daaddSclaudio
9ed42aa2Sbenno		/* the match covers all larger prefixlens */
9ed42aa2Sbenno		if (n->node && orlonger)
9ed42aa2Sbenno			return 1;
9ed42aa2Sbenno
a02daaddSclaudio		/* plen is from 1 - 128 but the bitmask starts with 0 */
a02daaddSclaudio		if (n->node && inet6isset(&n->plenmask, plen - 1))
a02daaddSclaudio			return 1;	/* prefixlen allowed, match */
a02daaddSclaudio
a02daaddSclaudio		if (n->plen == 128)
a02daaddSclaudio			break;	/* can't go deeper */
a02daaddSclaudio		if (inet6isset(prefix, n->plen))
a02daaddSclaudio			n = n->trie[1];
a02daaddSclaudio		else
a02daaddSclaudio			n = n->trie[0];
a02daaddSclaudio	}
a02daaddSclaudio	return 0;
a02daaddSclaudio}
a02daaddSclaudio
a02daaddSclaudio/* find first matching element in the trie for prefix "prefix/plen" */
a02daaddSclaudioint
39386878Sclaudiotrie_match(struct trie_head *th, struct bgpd_addr *prefix, uint8_t plen,
9ed42aa2Sbenno    int orlonger)
a02daaddSclaudio{
a02daaddSclaudio	switch (prefix->aid) {
a02daaddSclaudio	case AID_INET:
9ed42aa2Sbenno		return trie_match_v4(th, &prefix->v4, plen, orlonger);
a02daaddSclaudio	case AID_INET6:
9ed42aa2Sbenno		return trie_match_v6(th, &prefix->v6, plen, orlonger);
a02daaddSclaudio	default:
a02daaddSclaudio		/* anything else is no match */
a02daaddSclaudio		return 0;
a02daaddSclaudio	}
a02daaddSclaudio}
a02daaddSclaudio
a02daaddSclaudiostatic int
39386878Sclaudiotrie_roa_check_v4(struct trie_head *th, struct in_addr *prefix, uint8_t plen,
39386878Sclaudio    uint32_t as)
4b62fd1aSclaudio{
4b62fd1aSclaudio	struct tentry_v4 *n;
4b62fd1aSclaudio	struct roa_set *rs;
6f1dba6eSclaudio	int validity = ROA_NOTFOUND;
4b62fd1aSclaudio
4b62fd1aSclaudio	/* ignore possible default route since it does not make sense */
4b62fd1aSclaudio
4b62fd1aSclaudio	n = th->root_v4;
4b62fd1aSclaudio	while (n) {
4b62fd1aSclaudio		struct in_addr mp;
4b62fd1aSclaudio
4b62fd1aSclaudio		if (n->plen > plen)
4b62fd1aSclaudio			break;	/* too specific, no match possible */
4b62fd1aSclaudio
4b62fd1aSclaudio		inet4applymask(&mp, prefix, n->plen);
4b62fd1aSclaudio		if (n->addr.s_addr != mp.s_addr)
4b62fd1aSclaudio			break;	/* off path, no other match possible */
4b62fd1aSclaudio
4b62fd1aSclaudio		if (n->node) {
4b62fd1aSclaudio			/*
4b62fd1aSclaudio			 * The prefix is covered by this roa node
*3a50f0a9Sjmc			 * therefore invalid unless roa_set matches.
4b62fd1aSclaudio			 */
4b62fd1aSclaudio			validity = ROA_INVALID;
4b62fd1aSclaudio
6f1dba6eSclaudio			/* AS_NONE can never match, so don't try */
6f1dba6eSclaudio			if (as != AS_NONE) {
d0605468Sclaudio				if ((rs = set_match(n->set, as)) != NULL) {
d0605468Sclaudio				    if (plen == n->plen || plen <= rs->maxlen)
4b62fd1aSclaudio					return ROA_VALID;
4b62fd1aSclaudio				}
4b62fd1aSclaudio			}
d0605468Sclaudio		}
4b62fd1aSclaudio
4b62fd1aSclaudio		if (n->plen == 32)
4b62fd1aSclaudio			break;	/* can't go deeper */
4b62fd1aSclaudio		if (inet4isset(prefix, n->plen))
4b62fd1aSclaudio			n = n->trie[1];
4b62fd1aSclaudio		else
4b62fd1aSclaudio			n = n->trie[0];
4b62fd1aSclaudio	}
4b62fd1aSclaudio
4b62fd1aSclaudio	return validity;
4b62fd1aSclaudio}
4b62fd1aSclaudio
4b62fd1aSclaudiostatic int
39386878Sclaudiotrie_roa_check_v6(struct trie_head *th, struct in6_addr *prefix, uint8_t plen,
39386878Sclaudio    uint32_t as)
4b62fd1aSclaudio{
4b62fd1aSclaudio	struct tentry_v6 *n;
4b62fd1aSclaudio	struct roa_set *rs;
6f1dba6eSclaudio	int validity = ROA_NOTFOUND;
4b62fd1aSclaudio
4b62fd1aSclaudio	/* ignore possible default route since it does not make sense */
4b62fd1aSclaudio
4b62fd1aSclaudio	n = th->root_v6;
4b62fd1aSclaudio	while (n) {
4b62fd1aSclaudio		struct in6_addr mp;
4b62fd1aSclaudio
4b62fd1aSclaudio		if (n->plen > plen)
4b62fd1aSclaudio			break;	/* too specific, no match possible */
4b62fd1aSclaudio
4b62fd1aSclaudio		inet6applymask(&mp, prefix, n->plen);
4b62fd1aSclaudio		if (memcmp(&n->addr, &mp, sizeof(mp)) != 0)
4b62fd1aSclaudio			break;	/* off path, no other match possible */
4b62fd1aSclaudio
4b62fd1aSclaudio		if (n->node) {
4b62fd1aSclaudio			/*
4b62fd1aSclaudio			 * This prefix is covered by this roa node.
*3a50f0a9Sjmc			 * Therefore invalid unless proven otherwise.
4b62fd1aSclaudio			 */
4b62fd1aSclaudio			validity = ROA_INVALID;
4b62fd1aSclaudio
6f1dba6eSclaudio			/* AS_NONE can never match, so don't try */
6f1dba6eSclaudio			if (as != AS_NONE) {
59e404fbSclaudio				if ((rs = set_match(n->set, as)) != NULL)
4b62fd1aSclaudio				    if (plen == n->plen || plen <= rs->maxlen)
4b62fd1aSclaudio					return ROA_VALID;
4b62fd1aSclaudio			}
4b62fd1aSclaudio		}
4b62fd1aSclaudio
4b62fd1aSclaudio		if (n->plen == 128)
4b62fd1aSclaudio			break;	/* can't go deeper */
4b62fd1aSclaudio		if (inet6isset(prefix, n->plen))
4b62fd1aSclaudio			n = n->trie[1];
4b62fd1aSclaudio		else
4b62fd1aSclaudio			n = n->trie[0];
4b62fd1aSclaudio	}
4b62fd1aSclaudio
4b62fd1aSclaudio	return validity;
4b62fd1aSclaudio}
4b62fd1aSclaudio
4b62fd1aSclaudio/*
4b62fd1aSclaudio * Do a ROA (Route Origin Validation) check.  Look for elements in the trie
4b62fd1aSclaudio * which cover prefix "prefix/plen" and match the source-as as.
6f1dba6eSclaudio * AS_NONE can be used when the source-as is unknown (e.g. AS_SET).
6f1dba6eSclaudio * The check will then only return ROA_NOTFOUND or ROA_INVALID depending if
6f1dba6eSclaudio * the prefix is covered by the ROA.
4b62fd1aSclaudio */
4b62fd1aSclaudioint
39386878Sclaudiotrie_roa_check(struct trie_head *th, struct bgpd_addr *prefix, uint8_t plen,
39386878Sclaudio    uint32_t as)
4b62fd1aSclaudio{
4b62fd1aSclaudio	/* valid, invalid, unknown */
4b62fd1aSclaudio	switch (prefix->aid) {
4b62fd1aSclaudio	case AID_INET:
4b62fd1aSclaudio		return trie_roa_check_v4(th, &prefix->v4, plen, as);
4b62fd1aSclaudio	case AID_INET6:
4b62fd1aSclaudio		return trie_roa_check_v6(th, &prefix->v6, plen, as);
4b62fd1aSclaudio	default:
6f1dba6eSclaudio		/* anything else is not-found */
6f1dba6eSclaudio		return ROA_NOTFOUND;
4b62fd1aSclaudio	}
4b62fd1aSclaudio}
4b62fd1aSclaudio
4b62fd1aSclaudiostatic int
a02daaddSclaudiotrie_equal_v4(struct tentry_v4 *a, struct tentry_v4 *b)
a02daaddSclaudio{
a02daaddSclaudio	if (a == NULL && b == NULL)
a02daaddSclaudio		return 1;
a02daaddSclaudio	if (a == NULL || b == NULL)
a02daaddSclaudio		return 0;
a02daaddSclaudio
a02daaddSclaudio	if (a->addr.s_addr != b->addr.s_addr ||
a02daaddSclaudio	    a->plen != b->plen ||
a02daaddSclaudio	    a->node != b->node ||
a02daaddSclaudio	    a->plenmask.s_addr != b->plenmask.s_addr)
a02daaddSclaudio		return 0;
a02daaddSclaudio
59e404fbSclaudio	if (set_equal(a->set, b->set) == 0)
59e404fbSclaudio		return 0;
59e404fbSclaudio
a02daaddSclaudio	if (trie_equal_v4(a->trie[0], b->trie[0]) == 0 ||
a02daaddSclaudio	    trie_equal_v4(a->trie[1], b->trie[1]) == 0)
a02daaddSclaudio		return 0;
a02daaddSclaudio
a02daaddSclaudio	return 1;
a02daaddSclaudio}
a02daaddSclaudio
a02daaddSclaudiostatic int
a02daaddSclaudiotrie_equal_v6(struct tentry_v6 *a, struct tentry_v6 *b)
a02daaddSclaudio{
a02daaddSclaudio	if (a == NULL && b == NULL)
a02daaddSclaudio		return 1;
a02daaddSclaudio	if (a == NULL || b == NULL)
a02daaddSclaudio		return 0;
a02daaddSclaudio
a02daaddSclaudio	if (memcmp(&a->addr, &b->addr, sizeof(a->addr)) != 0 ||
a02daaddSclaudio	    a->plen != b->plen ||
a02daaddSclaudio	    a->node != b->node ||
a02daaddSclaudio	    memcmp(&a->plenmask, &b->plenmask, sizeof(a->plenmask)) != 0)
a02daaddSclaudio		return 0;
a02daaddSclaudio
59e404fbSclaudio	if (set_equal(a->set, b->set) == 0)
59e404fbSclaudio		return 0;
59e404fbSclaudio
a02daaddSclaudio	if (trie_equal_v6(a->trie[0], b->trie[0]) == 0 ||
a02daaddSclaudio	    trie_equal_v6(a->trie[1], b->trie[1]) == 0)
a02daaddSclaudio		return 0;
a02daaddSclaudio
a02daaddSclaudio	return 1;
a02daaddSclaudio}
a02daaddSclaudio
451e36b1Sdenis/* Compare two tries and return 1 if they are the same else 0. */
a02daaddSclaudioint
a02daaddSclaudiotrie_equal(struct trie_head *a, struct trie_head *b)
a02daaddSclaudio{
a02daaddSclaudio	if (a->match_default_v4 != b->match_default_v4 ||
a02daaddSclaudio	    a->match_default_v6 != b->match_default_v6)
a02daaddSclaudio		return 0;
a02daaddSclaudio	if (trie_equal_v4(a->root_v4, b->root_v4) == 0)
a02daaddSclaudio		return 0;
a02daaddSclaudio	if (trie_equal_v6(a->root_v6, b->root_v6) == 0)
a02daaddSclaudio		return 0;
a02daaddSclaudio	return 1;
a02daaddSclaudio}
a02daaddSclaudio
a02daaddSclaudio/* debugging functions for printing the trie */
a02daaddSclaudiostatic void
a02daaddSclaudiotrie_dump_v4(struct tentry_v4 *n)
a02daaddSclaudio{
a02daaddSclaudio	if (n == NULL)
a02daaddSclaudio		return;
a02daaddSclaudio	if (n->node)
d1ecd085Sclaudio		fprintf(stderr, "%s/%u plenmask %08x\n", inet_ntoa(n->addr),
d1ecd085Sclaudio		    n->plen, n->plenmask.s_addr);
a02daaddSclaudio	else
d1ecd085Sclaudio		fprintf(stderr, "   %s/%u\n", inet_ntoa(n->addr), n->plen);
a02daaddSclaudio
a02daaddSclaudio	trie_dump_v4(n->trie[0]);
a02daaddSclaudio	trie_dump_v4(n->trie[1]);
a02daaddSclaudio}
a02daaddSclaudio
a02daaddSclaudiostatic void
a02daaddSclaudiotrie_dump_v6(struct tentry_v6 *n)
a02daaddSclaudio{
a02daaddSclaudio	char buf[48];
a02daaddSclaudio	unsigned int i;
a02daaddSclaudio
a02daaddSclaudio	if (n == NULL)
a02daaddSclaudio		return;
a02daaddSclaudio	if (n->node) {
d1ecd085Sclaudio		fprintf(stderr, "%s/%u plenmask ",
a02daaddSclaudio		    inet_ntop(AF_INET6, &n->addr, buf, sizeof(buf)), n->plen);
a02daaddSclaudio		for (i = 0; i < sizeof(n->plenmask); i++)
d1ecd085Sclaudio			fprintf(stderr, "%02x", n->plenmask.s6_addr[i]);
d1ecd085Sclaudio		fprintf(stderr, "\n");
a02daaddSclaudio	} else
d1ecd085Sclaudio		fprintf(stderr, "   %s/%u\n",
a02daaddSclaudio		    inet_ntop(AF_INET6, &n->addr, buf, sizeof(buf)), n->plen);
a02daaddSclaudio
a02daaddSclaudio	trie_dump_v6(n->trie[0]);
a02daaddSclaudio	trie_dump_v6(n->trie[1]);
a02daaddSclaudio}
a02daaddSclaudio
a02daaddSclaudiovoid
a02daaddSclaudiotrie_dump(struct trie_head *th)
a02daaddSclaudio{
a02daaddSclaudio	if (th->match_default_v4)
451e36b1Sdenis		fprintf(stderr, "0.0.0.0/0 plenmask 0\n");
a02daaddSclaudio	trie_dump_v4(th->root_v4);
a02daaddSclaudio	if (th->match_default_v6)
d1ecd085Sclaudio		fprintf(stderr, "::/0 plenmask 0\n");
a02daaddSclaudio	trie_dump_v6(th->root_v6);
a02daaddSclaudio}