routing

package
v0.7.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 12, 2022 License: Apache-2.0 Imports: 13 Imported by: 0

Documentation

Overview

Package routing defines implementations around the routing decisions for the gateway.

This package defines the file format for the routing policies. A routing policy consists of a list of rules. Each rule consists of an action and three matchers. Optionally, a rule can have a comment that is persisted across deserialization and serialization.

Policies are defined in plain text. Each line represents a rule. Each rule consists of four whitespace separated columns. The optional comment is appended at the end of the line and needs to start with a '#'. 

accept       1-ff00:0:110     1-ff00:0:112    10.0.1.0/24,10.0.2.0/24    # Accept from AS 110.
accept       2-0              1-ff00:0:112    10.0.3.0/24                # Accept from ISD 2.
reject       !1-ff00:0:110    1-ff00:0:112    10.0.0.0/8                 # Reject unless AS 110.
advertise    1-ff00:0:112     1-ff00:0:110    10.0.9.0/8                 # Advertise to AS 112.

The first column represents the action. Currently, we support: 

accept    <a> <b> <prefixes>: <b> accepts the IP prefixes <prefixes> from <a>.
reject    <a> <b> <prefixes>: <b> rejects the IP prefixes <prefixes> from <a>.
advertise <a> <b> <prefixes>: <a> advertists the IP prefixes <prefixes> to <b>.

The remaining three columns define the matchers of a rule. The second and third column are ISD-AS matchers, the forth column is a prefix matcher.

The second column matches the 'from' ISD-AS. The third column the 'to' ISD-AS. ISD-AS matchers support wildcards and negation: 

1-ff00:0:110   Matches for 1-ff00:0:110 only.
0-ff00:0:110   Matches for all ASes with AS number ff00:0:110.
1-0            Matches for all ASes in ISD 1.
0-0            Matches for all ASes.

!0-ff00:0:110  Matches for all ASes except the ones with AS number 'ff00:0:110'.
!1-ff00:0:110  Matches for all ASes except 1-ff00:0:110.
!1-0           Matches for all ASes not in ISD 1.

Network prefix matcher consist of a list of IP prefixes to match. The list is comma-separated. A prefix matches, if it is in the subset of the union of the IP prefixes in the list. The network prefix matcher can also be negated. The negation applies to the entire list. A prefix matches in the negated case, if it is not a subset of the union of the prefix list. 

10.0.1.0/24,10.0.2.0/24    Matches all IP prefixes that are a subset of 10.0.1.0/24 or
                           10.0.2.0/24. It also matches 10.0.1.0/24 and 10.0.2.0/24.
!10.0.1.0/24,10.0.2.0/24   Matches all IP prefixes that are not a subset of 10.0.1.0/24 and
                           not a subset of 10.0.2.0/24.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AdvertiseList 

func AdvertiseList(pol *Policy, from, to addr.IA) ([]netaddr.IPPrefix, error)

AdvertiseList returns the list of prefixes to advertise for the given policy and ISD-ASes.

func NewPolicyHandler 

func NewPolicyHandler(policyPublisher PolicyPublisher,
	path string) func(http.ResponseWriter, *http.Request)

NewPolicyHandler creates a HTTP handler for the reloadable policy. If the path is not empty, a PUT request will write a valid received policy to this path.

func StaticAdvertised added in v0.7.0 

func StaticAdvertised(pol *Policy) []*net.IPNet

StaticAdvertised returns the list of all prefixes that can be advertised. Used for reporting purposes.

Types

type Action 

type Action int

Action represents the rule decision. 

const (
	UnknownAction Action = iota
	Accept
	Reject
	RedistributeBGP
)

List of available actions.

func (Action) String 

func (a Action) String() string

type IAMatcher 

type IAMatcher interface {
	Match(addr.IA) bool
}

IAMatcher matches ISD-AS.

type IPSet added in v0.7.0 

type IPSet struct {
	netaddr.IPSet
}

IPSet is the same as netaddr.IPSet except that it can be converted to/from string.

func MustParseIPSet added in v0.7.0 

func MustParseIPSet(s string) IPSet

func ParseIPSet added in v0.7.0 

func ParseIPSet(s string) (IPSet, error)

func (*IPSet) String added in v0.7.0 

func (s *IPSet) String() string

type NegatedIAMatcher added in v0.7.0 

type NegatedIAMatcher struct {
	IAMatcher
}

negatedIAMatcher negates the result of the enclosed matcher.

func (NegatedIAMatcher) Match added in v0.7.0 

func (m NegatedIAMatcher) Match(ia addr.IA) bool

Match negates the result of the enclosed matcher.

func (NegatedIAMatcher) String added in v0.7.0 

func (m NegatedIAMatcher) String() string

type NetworkMatcher 

type NetworkMatcher struct {
	Allowed []netaddr.IPPrefix
	Negated bool
}

NetworkMatcher matches IP networks.

func (NetworkMatcher) IPSet added in v0.7.0 

func (m NetworkMatcher) IPSet() (*netaddr.IPSet, error)

IPSet returns a set containing all IPs allowed by the matcher.

func (NetworkMatcher) String added in v0.7.0 

func (m NetworkMatcher) String() string

type Policy 

type Policy struct {
	// Rules is a list of rules that the policy iterates during matching.
	Rules []Rule
	// DefaultAction is used as the action in the default rule. If not set, this
	// defaults to UnknownAction.
	DefaultAction Action
}

Policy represents a set of rules. The rules of the policy are traversed in order during matching. The first rule that matches is returned. In case no rule matches, a default rule is returned.

The default rule only has the action field set, everything else is the zero value. By default, the action is UnknownAction. It can be configured to the desired value by setting the DefaultAction field to the appropriate value.

func LoadPolicy 

func LoadPolicy(path string) (Policy, error)

LoadPolicy loads the policy file from the path.

func (Policy) Copy 

func (p Policy) Copy() *Policy

Copy returns a deep-copied routing policy object. The method uses marshal/unmarshal to create a deep copy, if either marshaling or unmarshaling fails, this method panics.

func (Policy) Digest added in v0.7.0 

func (p Policy) Digest() []byte

Digest resturns the sha256 digest of the policy.

func (Policy) MarshalText 

func (p Policy) MarshalText() ([]byte, error)

MarshalText marshals the policy.

func (Policy) Match 

func (p Policy) Match(from, to addr.IA, ipPrefix netaddr.IPPrefix) (IPSet, error)

Match matches an IP range to the policy and returns the subranges that satisfy it.

func (*Policy) UnmarshalText 

func (p *Policy) UnmarshalText(b []byte) error

UnmarshalText unmarshals a policy.

type PolicyPublisher 

type PolicyPublisher interface {
	PublishRoutingPolicy(*Policy)
	RoutingPolicy() *Policy
}

PolicyPublisher is used to publish policies.

type Rule 

type Rule struct {
	Action  Action
	From    IAMatcher
	To      IAMatcher
	Network NetworkMatcher
	NextHop net.IP
	Comment string
}

Rule represents a routing policy rule.

type SingleIAMatcher added in v0.7.0 

type SingleIAMatcher struct {
	IA addr.IA
}

singleIAMatcher matches other ISD-AS numbers based on a single ISD-AS.

func (SingleIAMatcher) Match added in v0.7.0 

func (m SingleIAMatcher) Match(ia addr.IA) bool

Match matches the input ISD-AS if both the ISD and the AS number are the same as the one of the matcher. Zero values of ISD and AS in the matchers ISD-AS are treated as wildcards and match everything.

func (SingleIAMatcher) String added in v0.7.0 

func (m SingleIAMatcher) String() string

Source Files

View all Source files

Directories

Path Synopsis
internal
fuzz
Package mock_routing is a generated GoMock package.
 Package mock_routing is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.