Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add IPAddrBlock and ASIdentifiers extensions (RFC 3779) #4443

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

arckoor
Copy link

@arckoor arckoor commented Nov 25, 2024

This PR implements two extensions required for working with secure routing. These extensions contain IP Addresses or AS numbers, as specified by RFC 3779.

Both encoding and decoding of AS numbers, single addresses, address prefixes and min-max ranges have been tested.

@coveralls
Copy link

coveralls commented Nov 25, 2024

Coverage Status

coverage: 91.294% (+0.04%) from 91.258%
when pulling 81ac46d on arckoor:master
into 09a7a98 on randombit:master.

@randombit
Copy link
Owner

@arckoor There are some CI failures which are relevant. Stylistically for calls to min,max where the compiler can’t deduce T we prefer std::min<T> vs use of casts.

@randombit
Copy link
Owner

@arckoor Remaining CI issues look related to the visibility annotations (eg BOTAN_PUBLIC_API) probably something is not being exported as a symbol.

@arckoor
Copy link
Author

arckoor commented Nov 27, 2024

@randombit We're currently chipping away at the fuzzers, but the visibility is also an issue. Previously linux/clang was failing, which I resolved by moving the definition of set_from_bytes to the .h file, the other errors could probably be solved by moving the rest there too, but that does not sound like a good solution to me. All of these errors are most likely related to the use of templates, though I don't know what the cleanest / recommended way to resolve them is.

@randombit
Copy link
Owner

@arckoor ok thanks. I’ll try to have a look over the weekend

@arckoor
Copy link
Author

arckoor commented Dec 10, 2024

@randombit Have you had the chance to take a look yet, and can I still contribute something to make your life easier?

@randombit
Copy link
Owner

@arckoor The main issue here is CI failing. In general this is a change that's appropriate to the library and the code from a quick look seems fine. But we certainly can't merge if it will break the build. Unfortunately I don't know the exact issue; I guess symbol visibility behaves differently on macOS/Windows vs Linux. My only suggestion would be to try adding BOTAN_PUBLIC_API macros to the various subclasses until the build succeeds.

@arckoor
Copy link
Author

arckoor commented Jan 7, 2025

@randombit The clang build should now succeed. After much debugging we realized the compiler was optimizing away the IPAddress class completely. We tried various things like including a dummy function that instantiates all variations at compile time, nothing helped. We worked around this issue by defining a new macro that forces compilation, the windows and macos builds are probably still going to fail, as there the compilers seems to optimize away even more. A potential workaround would be to add the forced compilation macro everywhere, or move the entire thing to x509_ext.h.

@arckoor arckoor force-pushed the master branch 4 times, most recently from cec640d to 4986bf0 Compare January 9, 2025 16:53
@butteronarchbtw
Copy link

@randombit we've now resolved the symbol issues by instantiating the template classes in x509_ext.cpp and also did some small tweaks to fix the other checks. Does this seem like a viable solution to you?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants