Checkpoint

svn path=/trunk/; revision=5568
author: Rob Austein <sra@hactrn.net> 2013-10-22 16:11:52 +0000
committer: Rob Austein <sra@hactrn.net> 2013-10-22 16:11:52 +0000
commit: c048d080d16b7a47b9fb4992b3f598be06e82607 (patch)
tree: 926fe01f251f917a081c3034d9b697cc721f553d /scripts
parent: cdf3880e81a5e292b32e898bbec3e09ec781a20b (diff)
2 files changed, 96 insertions, 40 deletions
diff --git a/scripts/rcynic-lta b/scripts/rcynic-lta
index 683da4cd..6422528e 100755
--- a/scripts/rcynic-lta
+++ b/scripts/rcynic-lta
@@ -150,7 +150,7 @@ class main(object):
     self.rcynic_input  = y["rcynic-input"]
     self.rcynic_output = y["rcynic-output"]
     self.keyfile       = y["keyfile"]
-    self.constraints = [Constraint(yy) for yy in y["constraints"]]
+    self.constraints = [Constraint(c) for c in y["constraints"]]
 
 
   def parse_tals(self):
@@ -307,32 +307,62 @@ class Serial(object):
 
 
 
-class Constraint(object):
+class ConstrainedROA(object):
 
-  roa_asn             = None
-  roa_maxlen          = None
-  router_cert_key     = None
-  router_cert_subject = None
+  def __init__(self, constraint, y):
+    self.constraint = constraint
+    self.asn = long(y["asn"])
+    self.maxlen = long(y["maxlen"]) if "maxlen" in y else None
 
-  def __init__(self, y):
-    self.prefixes    = rpki.resource_set.resource_bag.from_str(str(y.get("prefix", "")))
-    self.asns        = rpki.resource_set.resource_bag.from_str(str(y.get("asn", "")))
-    self.ghostbuster = y.get("ghostbuster")
+  def add(self):
+    raise NotImplementedError
+
+class ConstrainedGBR(object):
+
+  def __init__(self, constraint, y):
+    self.constraint = constraint
+    self.vcard = y
+
+  def add(self):
+    raise NotImplementedError
 
-    # Mostly for debugging, although maybe we'd be better off just
-    # having properties that pulled stuff out of YAML on the fly.
-    # Dunno yet.
+class ConstrainedRTR(object):
 
-    self.y = y 
+  def __init__(self, constraint, y):
+    self.constraint = constraint
+    self.key = y["key"]
+    self.subject = y["subject"]
 
-    if "roa" in y:
-      self.roa_asn    = long(y["roa"]["asn"])
-      if "maxlen" in y["roa"]:
-        self.roa_maxlen = long(y["roa"]["maxlen"])
+  def add(self):
+    raise NotImplementedError
 
-    if "router-cert" in y:
-      self.router_cert_key     = y["router-cert"]["key"]
-      self.router_cert_subject = y["router-cert"]["subject"]
+class Constraint(object):
+
+  dispatch = dict(roa = ConstrainedROA,
+                  gbr = ConstrainedGBR,
+                  rtr = ConstrainedRTR)
+
+  def __init__(self, y):
+    self.y = y          # Mostly for debugging.  I think.
+    self.prefixes = rpki.resource_set.resource_bag.from_str(str(y.get("prefix", "")))
+    self.asns     = rpki.resource_set.resource_bag.from_str(str(y.get("asn", "")))
+    drop = y.get("drop", ())
+    self.drop_roas = "all" in drop or "roas" in drop
+    self.drop_gbrs = "all" in drop or "gbrs" in drop
+    self.drop_rtrs = "all" in drop or "rtrs" in drop
+    self.adds = []
+    for a in y.get("add", ()):
+      if not isinstance(a, dict) or len(a) != 1:
+        raise ValueError("Expected single-entry mapping, got " + repr(a))
+      k, v = a.items()[0]
+      self.adds.append(self.dispatch[k](self, v))
+
+  def drop(self):
+    raise NotImplementedError
+
+  def add(self):
+    for a in self.adds:
+      a.add()
 
   def __repr__(self):
     return "<%s:%s %r>" % (self.__class__.__module__, self.__class__.__name__, self.y)
diff --git a/scripts/rcynic-lta.yaml b/scripts/rcynic-lta.yaml
index c80224d2..076f0e5d 100644
--- a/scripts/rcynic-lta.yaml
+++ b/scripts/rcynic-lta.yaml
@@ -13,27 +13,53 @@ tal-directory:
 keyfile:
   /u/sra/rpki/subvert-rpki.hactrn.net/trunk/scripts/rcynic-lta.key
 
-shared-strings:
-
-  - &GB1 |
-    BEGIN:VCARD
-    VERSION:4.0
-    FN:R0
-    ORG:Organizational Entity
-    ADR;TYPE=WORK:;;42 Twisty Passage;Deep Cavern;WA;98666;U.S.A.
-    TEL;TYPE=VOICE,TEXT,WORK;VALUE=uri:tel:+1-666-555-1212
-    TEL;TYPE=FAX,WORK;VALUE=uri:tel:+1-666-555-1213
-    EMAIL:human@example.com
-    END:VCARD
+common:
+
+  - &VCARD-1 |
+      BEGIN:VCARD
+      VERSION:4.0
+      FN:R0
+      ORG:Organizational Entity
+      ADR;TYPE=WORK:;;42 Twisty Passage;Deep Cavern;WA;98666;U.S.A.
+      TEL;TYPE=VOICE,TEXT,WORK;VALUE=uri:tel:+1-666-555-1212
+      TEL;TYPE=FAX,WORK;VALUE=uri:tel:+1-666-555-1213
+      EMAIL:human@example.com
+      END:VCARD
+  -  &GBR-1 { gbr: *VCARD-1 }
+
+  - &VCARD-2 |
+      BEGIN:VCARD
+      VERSION:4.0
+      ORG:Epilogue Technology Corporation
+      EMAIL:sra@epilogue.com
+      END:VCARD
+  - &GBR-2 { gbr: *VCARD-2 }
+
+  - &ROA-666 { roa: { asn: 666 } }
 
 constraints:
 
-  - prefix:             10.0.0.0/8
-    roa:                { asn: 666, maxlen: 16 }
-    ghostbuster:        *GB1
+  - prefix: 10.0.0.0/8
+    add:    [ { roa: { asn: 666, maxlen: 16 }},  *GBR-1 ]
+
+  - prefix: 192.168.0.0/16
+    drop:   all
+
+  - asn:    666
+    add:    [ *GBR-1 ]
+
+  - prefix: 128.224.0.0/16
+    drop:   all
+    add:    [ *GBR-2 ]
+
+  - prefix: 128.224.1.0/24
+    add:    [ *GBR-2, *ROA-666 ]
+
+  - prefix: 128.224.2.0/24
+    add:    [ *GBR-2, *ROA-666 ]
 
-  - prefix:             192.168.0.0/16
+  - prefix: 149.20.0.0/16
+    add:    [ *ROA-666 ]
 
-  - asn:                666
-    ghostbuster:        *GB1
-    #router-cert:       { ski: "B8:14:5D:13:53:7D:AE:6E:E2:E3:95:84:A8:99:EB:7D:1A:7D:E5:DF" }
+  - prefix: 2001:4f8:3:d::/64
+    add:    [ *ROA-666 ]
author	Rob Austein <sra@hactrn.net>	2013-10-22 16:11:52 +0000
committer	Rob Austein <sra@hactrn.net>	2013-10-22 16:11:52 +0000
commit	c048d080d16b7a47b9fb4992b3f598be06e82607 (patch)
tree	926fe01f251f917a081c3034d9b697cc721f553d /scripts
parent	cdf3880e81a5e292b32e898bbec3e09ec781a20b (diff)