Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Schedule ROA load each 15 minutes #1444

Merged
merged 58 commits into from
Apr 18, 2024
Merged

Schedule ROA load each 15 minutes #1444

Show file tree
Hide file tree
Changes from 57 commits
Commits
Show all changes
58 commits
Select commit Hold shift + click to select a range
111a76c
feat: create new warning for roas check and test for legacy
MiguelAHM Mar 27, 2024
2a78606
feat: add test for REST API calls and little refactor to specify rest…
MiguelAHM Mar 27, 2024
88a4b53
feat: fix ITs
MiguelAHM Mar 28, 2024
bafe2de
feat: add more tests
MiguelAHM Mar 28, 2024
e5493f1
feat: create the validator
MiguelAHM Mar 28, 2024
39b5818
feat: fix compile error due to previous code
MiguelAHM Mar 28, 2024
0b0fb2a
feat: renaming and deleting white spaces
MiguelAHM Mar 28, 2024
61db61e
feat: fix tests according to last changes
MiguelAHM Mar 28, 2024
c44316d
feat: fix conflicts
MiguelAHM Apr 3, 2024
c27dd40
feat: remove already migrated classes
MiguelAHM Apr 3, 2024
2db7bc5
feat: change generator by validator
MiguelAHM Apr 3, 2024
607a329
Merge branch 'master' into DB-5291-flag-route-roa-validator
MiguelAHM Apr 3, 2024
ea8abb6
feat: fix compilation errors
MiguelAHM Apr 3, 2024
095701f
feat: increase testperformance to 3s
MiguelAHM Apr 4, 2024
f386982
feat: put timeout back to 2s and fix compilation issue in whoisFixture
MiguelAHM Apr 4, 2024
24cbc26
feat: fix compilation issues
MiguelAHM Apr 4, 2024
14b95be
feat: fix ITs
MiguelAHM Apr 4, 2024
f45fc79
feat: refactor messages and PR comments
MiguelAHM Apr 4, 2024
e844ec2
feat: fix ITs
MiguelAHM Apr 5, 2024
169397b
feat: refactor
MiguelAHM Apr 5, 2024
ad5c241
Merge branch 'master' into DB-5291-flag-route-roa-validator
MiguelAHM Apr 5, 2024
72e3c34
feat: rename
MiguelAHM Apr 5, 2024
43b4b86
Merge branch 'master' into DB-5291-flag-route-roa-validator
MiguelAHM Apr 5, 2024
4f24215
feat: rename
MiguelAHM Apr 5, 2024
da65fed
Merge branch 'master' into DB-5291-flag-route-roa-validator
MiguelAHM Apr 8, 2024
4059fd4
Return 404 on invalid NRTMv4 notification file path (#1422)
maggarwal13 Apr 8, 2024
c40ee90
Merge branch 'master' into DB-5291-flag-route-roa-validator
MiguelAHM Apr 8, 2024
d58fe00
feat: fix logger issue (#1427)
MiguelAHM Apr 9, 2024
04c8bc3
Merge branch 'master' into DB-5291-flag-route-roa-validator
MiguelAHM Apr 9, 2024
ce0a9ee
remove_unused_code (#1429)
maggarwal13 Apr 9, 2024
11d66b2
Revert changes to thread configuration in tests (#1415)
eshryane Apr 9, 2024
af967b6
Handle Multiple Delivery Status Notification Failure Responses for th…
MiguelAHM Apr 10, 2024
83f0ab3
Merge branch 'master' into DB-5291-flag-route-roa-validator
MiguelAHM Apr 10, 2024
76d9535
Fix tests (#1433)
maggarwal13 Apr 10, 2024
56dbc2e
reduce mariadb innodb memory usage to 1GB (#1439)
eshryane Apr 11, 2024
a610dcb
Set memory limit for test elasticsearch instance (#1436)
fmurodov Apr 11, 2024
a4ca185
Merge branch 'master' into DB-5291-flag-route-roa-validator
MiguelAHM Apr 11, 2024
6bcf6f4
feat: renaming, revert ErrorMessages changes, change the query flag, …
MiguelAHM Apr 11, 2024
5590d8f
Merge branch 'master' into DB-5291-flag-route-roa-validator
MiguelAHM Apr 11, 2024
2aa2f02
feat: use a queryParameter instead of queryFlag
MiguelAHM Apr 11, 2024
ce6770c
feat: add stopwatch to monitor the performance of RPKI service
MiguelAHM Apr 12, 2024
f7b54de
feat: add missing return
MiguelAHM Apr 12, 2024
3d54e92
feat: rpki service should be a @Service and RpkiRoaChecker a componen…
MiguelAHM Apr 12, 2024
03361ed
Merge branch 'DB-5291-flag-route-roa-validator' into DB-5352-schedule…
MiguelAHM Apr 12, 2024
6362f65
feat: schedule roas
MiguelAHM Apr 12, 2024
cc05a1a
feat: merge master
MiguelAHM Apr 17, 2024
50cf9dd
feat: remove blank lines
MiguelAHM Apr 17, 2024
5c6c871
Merge branch 'master' into DB-5352-schedule_roa_load
MiguelAHM Apr 17, 2024
17aa594
use SynchonizedIntervalMap to avoid concurrent problems
MiguelAHM Apr 17, 2024
3663ec9
feat: remove unused import
MiguelAHM Apr 17, 2024
cfabfb7
feat: fix cron expresion
MiguelAHM Apr 17, 2024
a6fbe8a
feat: intantiate new interval instead using clean
MiguelAHM Apr 17, 2024
457f1ba
feat: fix each seconds issue
MiguelAHM Apr 17, 2024
c8d0120
feat: use nestedIntervalMap instead async map
MiguelAHM Apr 17, 2024
92e6fbb
feat: remove initial inizialisation
MiguelAHM Apr 17, 2024
7098bf5
feat: change message error and refactor
MiguelAHM Apr 18, 2024
8d9235a
feat: rename
MiguelAHM Apr 18, 2024
b8b33be
feat: avoid returning a pair
MiguelAHM Apr 18, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions whois-api/src/main/java/net/ripe/db/whois/api/rest/search/RpkiRoaMessageGenerator.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,8 +55,8 @@ private RpslMessage validateRoa(final RpslObject rpslObject){
}

return switch (invalidRpkiRoa.getValue()) {
case INVALID_ORIGIN -> new RpslMessage(QueryMessages.roaRouteOriginConflicts(rpslObject.getType().getName(), invalidRpkiRoa.getKey().getAsn()));
case INVALID_PREFIX_LENGTH -> new RpslMessage(QueryMessages.roaRoutePrefixLengthConflicts(rpslObject.getType().getName(), invalidRpkiRoa.getKey().getMaxLength()));
case INVALID_ORIGIN -> new RpslMessage(QueryMessages.roaRouteOriginConflicts(rpslObject.getType().getName(), invalidRpkiRoa.getKey().getMaxLength(), invalidRpkiRoa.getKey().getAsn()));
case INVALID_PREFIX_LENGTH -> new RpslMessage(QueryMessages.roaRoutePrefixLengthConflicts(rpslObject.getType().getName(), invalidRpkiRoa.getKey().getMaxLength(), invalidRpkiRoa.getKey().getAsn()));
default -> new RpslMessage(QueryMessages.roaRouteConflicts(rpslObject.getType().getName(), invalidRpkiRoa.getKey().getMaxLength(), invalidRpkiRoa.getKey().getAsn()));
};
}
Expand Down
17 changes: 10 additions & 7 deletions whois-api/src/test/java/net/ripe/db/whois/api/rest/WhoisSearchServiceTestIntegration.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1860,7 +1860,7 @@ public void search_less_specific_route_existing_roa_validation_enabled_as_json()
assertThat(whoisResources.getWhoisObjects(), hasSize(1));

assertThat(whoisResources.getWhoisObjects().get(0).getObjectMessages().getMessages().get(0).getText(), is("" +
"Warning: this %s object conflicts with an overlapping RPKI ROA with a less specific prefix %s.\n" +
"Warning: this %s object conflicts with an overlapping RPKI ROA with a less specific prefix %s but same origin AS%s.\n" +
"As a result an announcement for this prefix may be rejected by many autonomous systems. You should " +
"either remove this route: object or update or delete the ROA.\n"));
}
Expand Down Expand Up @@ -1906,7 +1906,7 @@ public void search_route6_roa_origin_mismatch_validation_enabled_as_json() {

assertThat(whoisResources.getWhoisObjects().get(0).getObjectMessages().getMessages(), hasSize(1));
assertThat(whoisResources.getWhoisObjects().get(0).getObjectMessages().getMessages().get(0).getText(), is("" +
"Warning: this %s object conflicts with an overlapping RPKI ROA with a different origin AS%s.\n" +
"Warning: this %s object conflicts with an overlapping RPKI ROA with prefix %s but different origin AS%s.\n" +
"As a result an announcement for this prefix may be rejected by many autonomous systems. You should " +
"either remove this route: object or update or delete the ROA.\n"));
}
Expand All @@ -1931,7 +1931,7 @@ public void search_route_roa_origin_mismatch_validation_enabled_as_json() {

assertThat(whoisResources.getWhoisObjects().get(0).getObjectMessages().getMessages(), hasSize(1));
assertThat(whoisResources.getWhoisObjects().get(0).getObjectMessages().getMessages().get(0).getText(), is("" +
"Warning: this %s object conflicts with an overlapping RPKI ROA with a different origin AS%s.\n" +
"Warning: this %s object conflicts with an overlapping RPKI ROA with prefix %s but different origin AS%s.\n" +
"As a result an announcement for this prefix may be rejected by many autonomous systems. You should " +
"either remove this route: object or update or delete the ROA.\n"));
}
Expand Down Expand Up @@ -1977,7 +1977,7 @@ public void search_route_roa_origin_mismatch_validation_enabled_as_xml() {

assertThat(whoisResources.getWhoisObjects().get(0).getObjectMessages().getMessages(), hasSize(1));
assertThat(whoisResources.getWhoisObjects().get(0).getObjectMessages().getMessages().get(0).getText(), is("" +
"Warning: this %s object conflicts with an overlapping RPKI ROA with a different origin AS%s.\n" +
"Warning: this %s object conflicts with an overlapping RPKI ROA with prefix %s but different origin AS%s.\n" +
"As a result an announcement for this prefix may be rejected by many autonomous systems. You should " +
"either remove this route: object or update or delete the ROA.\n"));
}
Expand Down Expand Up @@ -2063,10 +2063,11 @@ public void search_route6_roa_mismatch_less_specific_as_xml_strings() {
" </attributes>\n" +
" <objectmessages>\n" +
" <objectmessage severity=\"Warning\" text=\"Warning: this %s object conflicts with an " +
"overlapping RPKI ROA with a less specific prefix %s.&#xA;As a result an announcement for this prefix may be" +
"overlapping RPKI ROA with a less specific prefix %s but same origin AS%s.&#xA;As a result an announcement for this prefix may be" +
" rejected by many autonomous systems. You should either remove this route: object or update or delete the ROA.&#xA;\">\n" +
" <args value=\"route6\"/>\n" +
" <args value=\"32\"/>\n" +
" <args value=\"52511\"/>\n" +
" </objectmessage>\n" +
" </objectmessages>\n" +
"</object>\n" +
Expand Down Expand Up @@ -2271,9 +2272,10 @@ public void search_route6_roa_mismatch_origin_as_xml_strings() {
" </attributes>\n" +
" <objectmessages>\n" +
" <objectmessage severity=\"Warning\" text=\"Warning: this %s object conflicts with an " +
"overlapping RPKI ROA with a different origin AS%s.&#xA;As a result an announcement for this prefix " +
"overlapping RPKI ROA with prefix %s but different origin AS%s.&#xA;As a result an announcement for this prefix " +
"may be rejected by many autonomous systems. You should either remove this route: object or update or delete the ROA.&#xA;\">\n" +
" <args value=\"route6\"/>\n" +
" <args value=\"32\"/>\n" +
" <args value=\"52511\"/>\n" +
" </objectmessage>\n" +
" </objectmessages>\n" +
Expand Down Expand Up @@ -2343,9 +2345,10 @@ public void search_route_roa_mismatch_validation_enabled_as_xml_strings() {
" </attributes>\n" +
" <objectmessages>\n" +
" <objectmessage severity=\"Warning\" text=\"Warning: this %s object conflicts with an " +
"overlapping RPKI ROA with a different origin AS%s.&#xA;As a result an announcement for this prefix " +
"overlapping RPKI ROA with prefix %s but different origin AS%s.&#xA;As a result an announcement for this prefix " +
"may be rejected by many autonomous systems. You should either remove this route: object or update or delete the ROA.&#xA;\">\n" +
" <args value=\"route\"/>\n" +
" <args value=\"16\"/>\n" +
" <args value=\"6505\"/>\n" +
" </objectmessage>\n" +
" </objectmessages>\n" +
Expand Down
12 changes: 6 additions & 6 deletions whois-client/src/main/java/net/ripe/db/whois/query/QueryMessages.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,20 +60,20 @@ public static Message unvalidatedAbuseCShown(final CharSequence key, final CharS
"\nAbuse-mailbox validation failed. Please refer to %s for further information.", key, value, orgId);
}

public static Message roaRouteOriginConflicts(final String objectType, final long asn){
public static Message roaRouteOriginConflicts(final String objectType, final int prefix, final long asn){
return new QueryMessage(Type.WARNING, ""
+ "Warning: this %s object conflicts with an overlapping RPKI ROA with a different origin AS%s."
+ "Warning: this %s object conflicts with an overlapping RPKI ROA with prefix %s but different origin AS%s."
+ "\n"
+ "As a result an announcement for this prefix may be rejected by many autonomous systems. You should" +
" either remove this route: object or update or delete the ROA.", objectType, asn);
" either remove this route: object or update or delete the ROA.", objectType, prefix, asn);
}

public static Message roaRoutePrefixLengthConflicts(final String objectType, final int prefix){
public static Message roaRoutePrefixLengthConflicts(final String objectType, final int prefix, final long asn){
return new QueryMessage(Type.WARNING, ""
+ "Warning: this %s object conflicts with an overlapping RPKI ROA with a less specific prefix %s."
+ "Warning: this %s object conflicts with an overlapping RPKI ROA with a less specific prefix %s but same origin AS%s."
+ "\n"
+ "As a result an announcement for this prefix may be rejected by many autonomous systems. You should" +
" either remove this route: object or update or delete the ROA.", objectType, prefix);
" either remove this route: object or update or delete the ROA.", objectType, prefix, asn);
}

public static Message roaRouteConflicts(final String objectType, final int prefix, final long asn){
Expand Down
27 changes: 20 additions & 7 deletions whois-commons/src/main/java/net/ripe/db/whois/common/rpki/RpkiService.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,9 @@
import net.ripe.db.whois.common.ip.Ipv6Resource;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.scheduling.annotation.Scheduled;
import org.springframework.stereotype.Service;

import org.apache.commons.lang3.tuple.Pair;
import java.util.Collection;
import java.util.List;
import java.util.Set;
Expand All @@ -20,31 +21,43 @@ public class RpkiService {

private static final Logger LOGGER = LoggerFactory.getLogger(RpkiService.class);

private final NestedIntervalMap<Ipv4Resource, Set<Roa>> ipv4Tree = new NestedIntervalMap<>();
private final NestedIntervalMap<Ipv6Resource, Set<Roa>> ipv6Tree = new NestedIntervalMap<>();
private NestedIntervalMap<Ipv4Resource, Set<Roa>> ipv4Tree;
private NestedIntervalMap<Ipv6Resource, Set<Roa>> ipv6Tree;

private final RpkiDataProvider rpkiDataProvider;

public RpkiService(final RpkiDataProvider rpkiDataProvider) {
this.rpkiDataProvider = rpkiDataProvider;
loadRoas();
}

@Scheduled(cron = "0 */15 * * * *")
private void loadRoas() {
final List<Roa> loadedRoas = rpkiDataProvider.loadRoas();
if (loadedRoas != null && !loadedRoas.isEmpty()){
final List<Roa> roas = loadedRoas.stream()
.filter(roa -> roa.getTrustAnchor() != TrustAnchor.UNSUPPORTED)
.collect(Collectors.toList());

LOGGER.info("downloaded {} roas from rpki", roas.size());
buildTrees(roas, ipv4Tree, ipv6Tree);

final Pair<NestedIntervalMap<Ipv4Resource, Set<Roa>>, NestedIntervalMap<Ipv6Resource, Set<Roa>>> trees = buildTree(roas);
MiguelAHM marked this conversation as resolved.
Show resolved Hide resolved
ipv4Tree = trees.getKey();
ipv6Tree = trees.getValue();
}
}

private void buildTrees(final List<Roa> roas,
final NestedIntervalMap<Ipv4Resource, Set<Roa>> ipv4Tree,
final NestedIntervalMap<Ipv6Resource, Set<Roa>> ipv6Tree) {
private Pair<NestedIntervalMap<Ipv4Resource, Set<Roa>>, NestedIntervalMap<Ipv6Resource, Set<Roa>>> buildTree(final List<Roa> roas) {
final NestedIntervalMap<Ipv4Resource, Set<Roa>> ipv4Tree = new NestedIntervalMap<>();
final NestedIntervalMap<Ipv6Resource, Set<Roa>> ipv6Tree = new NestedIntervalMap<>();
for (Roa roa : roas) {
if (isIpv4(roa.getPrefix())) {
addRoaToTree(ipv4Tree, Ipv4Resource.parse(roa.getPrefix()), roa);
} else {
addRoaToTree(ipv6Tree, Ipv6Resource.parse(roa.getPrefix()), roa);
}
}
return Pair.of(ipv4Tree, ipv6Tree);
}

private <T extends IpInterval<T>> void addRoaToTree(final NestedIntervalMap<T, Set<Roa>> tree,
Expand Down