Comments

worxli · Apr 17, 2018 · 3d1c3a7 · 3d1c3a7
1 parent 2e22737
commit 3d1c3a7
Show file tree

Hide file tree

Showing 38 changed files with 462 additions and 430 deletions.
diff --git a/go/border/ifstate/ifstate.go b/go/border/ifstate/ifstate.go
@@ -68,17 +68,17 @@ type state struct {
 type Info struct {
 	IfID         common.IFIDType
 	Active       bool
-	RevInfo      *path_mgmt.SignedRevInfo
+	SRevInfo     *path_mgmt.SignedRevInfo
 	RawRev       common.RawBytes
 	ActiveMetric prometheus.Gauge
 }
 
-func NewInfo(ifID common.IFIDType, active bool, rev *path_mgmt.SignedRevInfo,
+func NewInfo(ifID common.IFIDType, active bool, srev *path_mgmt.SignedRevInfo,
 	rawRev common.RawBytes) *Info {
 	i := &Info{
 		IfID:         ifID,
 		Active:       active,
-		RevInfo:      rev,
+		SRevInfo:     srev,
 		RawRev:       rawRev,
 		ActiveMetric: metrics.IFState.WithLabelValues(fmt.Sprintf("intf:%d", ifID)),
 	}
@@ -96,15 +96,15 @@ func Process(ifStates *path_mgmt.IFStateInfos) {
 	for _, info := range ifStates.Infos {
 		var rawRev common.RawBytes
 		ifid := common.IFIDType(info.IfID)
-		if info.RevInfo != nil {
+		if info.SRevInfo != nil {
 			var err error
-			rawRev, err = proto.PackRoot(info.RevInfo)
+			rawRev, err = proto.PackRoot(info.SRevInfo)
 			if err != nil {
-				log.Error("Unable to pack RevInfo", "err", err)
+				log.Error("Unable to pack SRevInfo", "err", err)
 				return
 			}
 		}
-		stateInfo := NewInfo(ifid, info.Active, info.RevInfo, rawRev)
+		stateInfo := NewInfo(ifid, info.Active, info.SRevInfo, rawRev)
 		s, ok := states.Load(ifid)
 		if !ok {
 			log.Info("IFState: intf added", "ifid", ifid, "active", info.Active)

diff --git a/go/border/revinfo.go b/go/border/revinfo.go
@@ -27,9 +27,9 @@ import (
 	"github.com/scionproto/scion/go/lib/log"
 )
 
-// RevTokenCallback is called to enqueue RevInfos for handling by the
+// RawRevCallback is called to enqueue RevInfos for handling by the
 // RevInfoFwd goroutine.
-func (r *Router) RevTokenCallback(args rpkt.RevTokenCallbackArgs) {
+func (r *Router) RawRevCallback(args rpkt.RawRevCallbackArgs) {
 	select {
 	case r.revInfoQ <- args:
 	default:

diff --git a/go/border/router.go b/go/border/router.go
@@ -54,7 +54,7 @@ type Router struct {
 	// freePkts is a ring-buffer of unused packets.
 	freePkts *ringbuf.Ring
 	// revInfoQ is a channel for handling RevInfo payloads.
-	revInfoQ chan rpkt.RevTokenCallbackArgs
+	revInfoQ chan rpkt.RawRevCallbackArgs
 	// pktErrorQ is a channel for handling packet errors
 	pktErrorQ chan pktErrorArgs
 }

diff --git a/go/border/rpkt/path.go b/go/border/rpkt/path.go
@@ -101,18 +101,22 @@ func (rp *RtrPkt) validateLocalIF(ifid *common.IFIDType) error {
 		return nil
 	}
 	// Interface is revoked.
-	signedRevInfo := state.RevInfo
-	revInfo, err := signedRevInfo.RevInfo()
+	revInfo, err := state.SRevInfo.RevInfo()
 	if err != nil {
-		rp.Warn("Could not parse RevInfo for revoked interface", "ifid", *ifid)
+		rp.Warn("Could not parse RevInfo for interface", "ifid", ifid)
 		return nil
 	}
 	if revInfo == nil {
 		rp.Warn("No RevInfo for revoked interface", "ifid", *ifid)
 		return nil
 	}
 	// Check that the revocation timestamp is within the TTL.
-	if !revInfo.Valid() {
+	err = revInfo.Active()
+	if err != nil {
+		if !common.IsTimeoutErr(err) {
+			rp.Error("Error checking revocation", "err", err)
+			return nil
+		}
 		// If the BR does not have a revocation for the current epoch, it considers
 		// the interface as active until it receives a new revocation.
 		newState := ifstate.NewInfo(*ifid, true, nil, nil)

diff --git a/go/border/rpkt/payload_scmp.go b/go/border/rpkt/payload_scmp.go
@@ -23,7 +23,7 @@ import (
 	"github.com/scionproto/scion/go/lib/scmp"
 )
 
-type RevTokenCallbackArgs struct {
+type RawRevCallbackArgs struct {
 	SignedRevInfo *path_mgmt.SignedRevInfo
 	Addrs         []addr.HostSVC
 }

diff --git a/go/border/rpkt/process.go b/go/border/rpkt/process.go
@@ -321,7 +321,7 @@ func (rp *RtrPkt) processSCMPRecordPath() error {
 // 3. The revocation's destination is the local AS. The revocation notification is forked to the
 //    local PS, to ensure that it stops providing segments with revoked interfaces to clients.
 func (rp *RtrPkt) processSCMPRevocation() error {
-	var args RevTokenCallbackArgs
+	var args RawRevCallbackArgs
 	var err error
 	pld, ok := rp.pld.(*scmp.Payload)
 	if !ok {
@@ -333,8 +333,8 @@ func (rp *RtrPkt) processSCMPRevocation() error {
 		return common.NewBasicError("Invalid SCMP Info type in SCMP packet", nil,
 			"expected", "*scmp.InfoRevocation", "actual", common.TypeOf(pld.Info))
 	}
-	if args.SignedRevInfo, err = path_mgmt.NewSignedRevInfoFromRaw(infoRev.RevToken); err != nil {
-		return common.NewBasicError("Unable to decode revToken", err)
+	if args.SignedRevInfo, err = path_mgmt.NewSignedRevInfoFromRaw(infoRev.RawRev); err != nil {
+		return common.NewBasicError("Unable to decode rawRev", err)
 	}
 
 	intf := rp.Ctx.Conf.Net.IFs[*rp.ifCurr]
@@ -351,7 +351,7 @@ func (rp *RtrPkt) processSCMPRevocation() error {
 		args.Addrs = append(args.Addrs, addr.SvcPS)
 	}
 	if len(args.Addrs) > 0 {
-		callbacks.revTokenF(args)
+		callbacks.rawRevF(args)
 	}
 	return nil
 }

diff --git a/go/border/rpkt/rpkt.go b/go/border/rpkt/rpkt.go
@@ -45,13 +45,13 @@ const pktBufSize = 9 * 1024
 // callbacks is an anonymous struct used for functions supplied by the router
 // for various processing tasks.
 var callbacks struct {
-	revTokenF func(RevTokenCallbackArgs)
+	rawRevF func(RawRevCallbackArgs)
 }
 
 // Init takes callback functions provided by the router and stores them for use
 // by the rpkt package.
-func Init(revTokenF func(RevTokenCallbackArgs)) {
-	callbacks.revTokenF = revTokenF
+func Init(rawRevF func(RawRevCallbackArgs)) {
+	callbacks.rawRevF = rawRevF
 }
 
 // Router representation of SCION packet, including metadata.  The comments for the members have

diff --git a/go/border/setup.go b/go/border/setup.go
@@ -61,11 +61,11 @@ func (r *Router) setup() error {
 	r.freePkts = ringbuf.New(1024, func() interface{} {
 		return rpkt.NewRtrPkt()
 	}, "free", prometheus.Labels{"ringId": "freePkts"})
-	r.revInfoQ = make(chan rpkt.RevTokenCallbackArgs, 16)
+	r.revInfoQ = make(chan rpkt.RawRevCallbackArgs, 16)
 	r.pktErrorQ = make(chan pktErrorArgs, 16)
 
 	// Configure the rpkt package with the callbacks it needs.
-	rpkt.Init(r.RevTokenCallback)
+	rpkt.Init(r.RawRevCallback)
 
 	// Add default posix setup hooks. If there are other hooks, they should install
 	// themselves via init(), so they appear before the posix ones.

diff --git a/go/lib/ctrl/path_mgmt/ifstate_infos.go b/go/lib/ctrl/path_mgmt/ifstate_infos.go
@@ -42,15 +42,15 @@ func (i *IFStateInfos) String() string {
 }
 
 type IFStateInfo struct {
-	IfID    uint64
-	Active  bool
-	RevInfo *SignedRevInfo
+	IfID     uint64
+	Active   bool
+	SRevInfo *SignedRevInfo `capnp:"revInfo"`
 }
 
 func (i *IFStateInfo) String() string {
 	desc := fmt.Sprintf("IfID: %v, Active: %v", i.IfID, i.Active)
-	if i.RevInfo != nil {
-		desc += fmt.Sprintf(", RevInfo: %v", i.RevInfo)
+	if i.SRevInfo != nil {
+		desc += fmt.Sprintf(", SRevInfo: %v", i.SRevInfo)
 	}
 	return desc
 }
diff --git a/go/lib/ctrl/path_mgmt/path_mgmt.go b/go/lib/ctrl/path_mgmt/path_mgmt.go
@@ -31,9 +31,9 @@ type union struct {
 	SegReply     *SegReply
 	SegReg       *SegReg
 	SegSync      *SegSync
-	RevInfo      *SignedRevInfo
-	IFStateReq   *IFStateReq   `capnp:"ifStateReq"`
-	IFStateInfos *IFStateInfos `capnp:"ifStateInfos"`
+	SRevInfo     *SignedRevInfo `capnp:"revInfo"`
+	IFStateReq   *IFStateReq    `capnp:"ifStateReq"`
+	IFStateInfos *IFStateInfos  `capnp:"ifStateInfos"`
 }
 
 func (u *union) set(c proto.Cerealizable) error {
@@ -52,7 +52,7 @@ func (u *union) set(c proto.Cerealizable) error {
 		u.SegSync = p
 	case *SignedRevInfo:
 		u.Which = proto.PathMgmt_Which_revInfo
-		u.RevInfo = p
+		u.SRevInfo = p
 	case *IFStateReq:
 		u.Which = proto.PathMgmt_Which_ifStateReq
 		u.IFStateReq = p
@@ -77,7 +77,7 @@ func (u *union) get() (proto.Cerealizable, error) {
 	case proto.PathMgmt_Which_segSync:
 		return u.SegSync, nil
 	case proto.PathMgmt_Which_revInfo:
-		return u.RevInfo, nil
+		return u.SRevInfo, nil
 	case proto.PathMgmt_Which_ifStateReq:
 		return u.IFStateReq, nil
 	case proto.PathMgmt_Which_ifStateInfos:

diff --git a/go/lib/ctrl/path_mgmt/rev_info.go b/go/lib/ctrl/path_mgmt/rev_info.go
@@ -23,50 +23,42 @@ import (
 	//log "github.com/inconshreveable/log15"
 
 	"github.com/scionproto/scion/go/lib/addr"
-	"github.com/scionproto/scion/go/lib/assert"
 	"github.com/scionproto/scion/go/lib/common"
 	"github.com/scionproto/scion/go/lib/util"
 	"github.com/scionproto/scion/go/proto"
 )
 
-const MinRevTTL = 10 * time.Second // Revocation MinRevTTL
+const MinRevTTL = 10 * time.Second // MinRevTTL is the minimum lifetime of a revocation
 
-var _ proto.Cerealizable = (*RevInfo)(nil)
-var _ proto.Cerealizable = (*SignedRevInfo)(nil)
+var _ common.Timeout = (*RevTimeError)(nil)
 
-type SignedRevInfo struct {
-	Blob    common.RawBytes
-	Sign    *proto.SignS
-	revInfo *RevInfo `capnp:"-"`
+type RevTimeError struct {
+	Msg string
 }
 
-func NewSignedRevInfoFromRaw(b common.RawBytes) (*SignedRevInfo, error) {
-	sr := &SignedRevInfo{}
-	return sr, proto.ParseFromRaw(sr, sr.ProtoId(), b)
+func NewRevTimeError(ts uint64, ttl uint32) RevTimeError {
+	return RevTimeError{Msg: fmt.Sprintf(
+		"Revocation is not valid in window, timestamp: %d, TTL %ds.", ts, ttl)}
 }
 
-func (sr *SignedRevInfo) ProtoId() proto.ProtoIdType {
-	return proto.SignedBlob_TypeID
+func (ee RevTimeError) Timeout() bool {
+	return true
 }
 
-func (sr *SignedRevInfo) RevInfo() (*RevInfo, error) {
-	var err error
-	if sr.revInfo == nil {
-		sr.revInfo, err = NewRevInfoFromRaw(sr.Blob)
-	}
-	return sr.revInfo, err
+func (ee RevTimeError) Error() string {
+	return ee.Msg
 }
 
-func (sp *SignedRevInfo) String() string {
-	return fmt.Sprintf("SignedRevInfo: %s %s", sp.Blob, sp.Sign)
-}
+var _ proto.Cerealizable = (*RevInfo)(nil)
 
 type RevInfo struct {
-	IfID      uint64
-	RawIsdas  addr.IAInt     `capnp:"isdas"`
-	LinkType  proto.LinkType // Link type of revocation
-	Timestamp uint32         // Time in seconds since unix epoch
-	RevTTL    uint32         // Validity period of the revocation in seconds
+	IfID     uint64
+	RawIsdas addr.IAInt `capnp:"isdas"`
+	// LinkType of revocation
+	LinkType  proto.LinkType
+	Timestamp uint64
+	// TTL validity period of the revocation in seconds
+	TTL uint32 `capnp:"ttl"`
 }
 
 func NewRevInfoFromRaw(b common.RawBytes) (*RevInfo, error) {
@@ -78,21 +70,53 @@ func (r *RevInfo) IA() addr.IA {
 	return r.RawIsdas.IA()
 }
 
-func (r *RevInfo) Valid() bool {
-	assert.Must(r.RevTTL >= uint32(MinRevTTL.Seconds()), "RevTTL must not be smaller than MinRevTTL")
-	now := uint32(time.Now().Unix())
-	// Revocation is not valid if its timestamp is not within the MinRevTTL
-	if r.Timestamp > now || r.Timestamp < now-r.RevTTL {
-		return false
+func (r *RevInfo) Active() error {
+	if r.TTL < uint32(MinRevTTL.Seconds()) {
+		return common.NewBasicError("Revocation TTL smaller than MinRevTTL.", nil,
+			"TTL", r.TTL, "MinRevTTL", MinRevTTL.Seconds())
 	}
-	return true
+	now := uint64(time.Now().Unix())
+	// Revocation is not valid if timestamp is not within the TTL window
+	if r.Timestamp > now+1 || r.Timestamp+uint64(r.TTL) < now {
+		return NewRevTimeError(r.Timestamp, r.TTL)
+	}
+	return nil
 }
 
 func (r *RevInfo) ProtoId() proto.ProtoIdType {
 	return proto.RevInfo_TypeID
 }
 
 func (r *RevInfo) String() string {
-	return fmt.Sprintf("IA: %s IfID: %d Link type: %s Timestamp: %s TTL: %d",
-		r.IA(), r.IfID, r.LinkType, util.USecsToTime(uint64(r.Timestamp)), r.RevTTL)
+	return fmt.Sprintf("IA: %s IfID: %d Link type: %s Timestamp: %s TTL: %ds", r.IA(), r.IfID,
+		r.LinkType, util.TimeToString(util.USecsToTime(uint64(r.Timestamp))), r.TTL)
+}
+
+var _ proto.Cerealizable = (*SignedRevInfo)(nil)
+
+type SignedRevInfo struct {
+	Blob    common.RawBytes
+	Sign    *proto.SignS
+	revInfo *RevInfo `capnp:"-"`
+}
+
+func NewSignedRevInfoFromRaw(b common.RawBytes) (*SignedRevInfo, error) {
+	sr := &SignedRevInfo{}
+	return sr, proto.ParseFromRaw(sr, sr.ProtoId(), b)
+}
+
+func (sr *SignedRevInfo) ProtoId() proto.ProtoIdType {
+	return proto.SignedBlob_TypeID
+}
+
+func (sr *SignedRevInfo) RevInfo() (*RevInfo, error) {
+	var err error
+	if sr.revInfo == nil {
+		sr.revInfo, err = NewRevInfoFromRaw(sr.Blob)
+	}
+	return sr.revInfo, err
+}
+
+func (sp *SignedRevInfo) String() string {
+	return fmt.Sprintf("SignedRevInfo: %s %s", sp.Blob, sp.Sign)
 }
diff --git a/go/lib/pathmgr/pathmgr.go b/go/lib/pathmgr/pathmgr.go
@@ -243,12 +243,6 @@ func (r *PR) revoke(revInfo common.RawBytes) {
 			"revInfo", revInfo, "err", err)
 		return
 	}
-	parsedRev, err := parsedSignedRev.RevInfo()
-	if err != nil {
-		log.Error("Revocation failed, unable to parse revocation info",
-			"revInfo", revInfo, "err", err)
-		return
-	}
 	conn, err := r.sciondService.Connect()
 	if err != nil {
 		log.Error("Revocation failed, unable to connect to SCIOND", "err", err)
@@ -264,6 +258,12 @@ func (r *PR) revoke(revInfo common.RawBytes) {
 		log.Error("Revocation error, unable to close SCIOND connection", "err", err)
 		// Continue with revocation
 	}
+	parsedRev, err := parsedSignedRev.RevInfo()
+	if err != nil {
+		log.Error("Revocation failed, unable to parse revocation info",
+			"revInfo", revInfo, "err", err)
+		return
+	}
 	switch reply.Result {
 	case sciond.RevUnknown, sciond.RevValid:
 		uifid := uifidFromValues(parsedRev.IA(), common.IFIDType(parsedRev.IfID))