mgmt: use a separate validator for prefix announcements
This commit also configures the default prefix_announcement_validation
section in nfd.conf.sample to accept any prefix announcement.
refs: #5031
Change-Id: I82e34ce783dfe77c170dd02e78a4bc86faa0147a
diff --git a/daemon/mgmt/rib-manager.cpp b/daemon/mgmt/rib-manager.cpp
index 81196dd..bf3b194 100644
--- a/daemon/mgmt/rib-manager.cpp
+++ b/daemon/mgmt/rib-manager.cpp
@@ -58,6 +58,7 @@
, m_faceMonitor(face)
, m_localhostValidator(face)
, m_localhopValidator(make_unique<ndn::security::v2::CertificateFetcherDirectFetch>(face))
+ , m_paValidator(make_unique<ndn::security::v2::CertificateFetcherDirectFetch>(face))
, m_isLocalhopEnabled(false)
{
registerCommandHandler<ndn::nfd::RibRegisterCommand>("register",
@@ -88,6 +89,12 @@
}
void
+RibManager::applyPaConfig(const ConfigSection& section, const std::string& filename)
+{
+ m_paValidator.load(section, filename);
+}
+
+void
RibManager::registerWithNfd()
{
registerTopPrefix(LOCALHOST_TOP_PREFIX);
@@ -356,14 +363,7 @@
{
BOOST_ASSERT(pa.getData());
- if (!m_isLocalhopEnabled) {
- NFD_LOG_INFO("slAnnounce " << pa.getAnnouncedName() << " " << faceId <<
- ": localhop_security unconfigured");
- cb(SlAnnounceResult::VALIDATION_FAILURE);
- return;
- }
-
- m_localhopValidator.validate(*pa.getData(),
+ m_paValidator.validate(*pa.getData(),
[=] (const Data&) {
Route route(pa, faceId);
route.expires = std::min(route.annExpires, time::steady_clock::now() + maxLifetime);
diff --git a/daemon/mgmt/rib-manager.hpp b/daemon/mgmt/rib-manager.hpp
index 1be0b81..51f9dfc 100644
--- a/daemon/mgmt/rib-manager.hpp
+++ b/daemon/mgmt/rib-manager.hpp
@@ -72,6 +72,12 @@
disableLocalhop();
/**
+ * @brief Apply prefix_announcement_validation configuration.
+ */
+ void
+ applyPaConfig(const ConfigSection& section, const std::string& filename);
+
+ /**
* @brief Start accepting commands and dataset requests.
*/
void
@@ -245,6 +251,7 @@
ndn::nfd::FaceMonitor m_faceMonitor;
ndn::ValidatorConfig m_localhostValidator;
ndn::ValidatorConfig m_localhopValidator;
+ ndn::ValidatorConfig m_paValidator;
bool m_isLocalhopEnabled;
scheduler::ScopedEventId m_activeFaceFetchEvent;
diff --git a/daemon/rib/service.cpp b/daemon/rib/service.cpp
index 72045bf..f7b4719 100644
--- a/daemon/rib/service.cpp
+++ b/daemon/rib/service.cpp
@@ -48,6 +48,7 @@
const std::string CFG_SECTION = "rib";
const std::string CFG_LOCALHOST_SECURITY = "localhost_security";
const std::string CFG_LOCALHOP_SECURITY = "localhop_security";
+const std::string CFG_PA_VALIDATION = "prefix_announcement_validation";
const std::string CFG_PREFIX_PROPAGATE = "auto_prefix_propagate";
const std::string CFG_READVERTISE_NLSR = "readvertise_nlsr";
const Name READVERTISE_NLSR_PREFIX = "/localhost/nlsr";
@@ -166,7 +167,7 @@
for (const auto& item : section) {
const std::string& key = item.first;
const ConfigSection& value = item.second;
- if (key == CFG_LOCALHOST_SECURITY || key == CFG_LOCALHOP_SECURITY) {
+ if (key == CFG_LOCALHOST_SECURITY || key == CFG_LOCALHOP_SECURITY || key == CFG_PA_VALIDATION) {
hasLocalhop = key == CFG_LOCALHOP_SECURITY;
ndn::ValidatorConfig testValidator(m_face);
testValidator.load(value, filename);
@@ -204,6 +205,9 @@
else if (key == CFG_LOCALHOP_SECURITY) {
m_ribManager.enableLocalhop(value, filename);
}
+ else if (key == CFG_PA_VALIDATION) {
+ m_ribManager.applyPaConfig(value, filename);
+ }
else if (key == CFG_PREFIX_PROPAGATE) {
wantPrefixPropagate = true;