don't expose client source port

Author: yuyuyureka

frontend/src/resultsView.js

@@ -91,7 +91,7 @@ const processResults = (results) => {
 	// stage 1, combine seen and accepted routes
 	// start out with Accepted
 	const seenAndAccepted = {};
-	const seenAndAcceptedKey = route => `${route.session_id.from_client}:${route.session_id.peer_address}:${route.net}`;
+	const seenAndAcceptedKey = route => `${route.session_id.from_client}:${route.session_id.listener}:${route.session_id.peer_address}:${route.net}`;
 	for (let route of routeResults) {
 		if (route.state === "Accepted") {
 			seenAndAccepted[seenAndAcceptedKey(route)] = route;

src/api.rs

@@ -340,7 +340,14 @@ async fn tables<T: Store>(State(AppState { store, .. }): State<AppState<T>>) ->
     serde_json::to_string(&store.get_tables()).unwrap()
 }
 async fn routers<T: Store>(State(AppState { store, .. }): State<AppState<T>>) -> impl IntoResponse {
-    serde_json::to_string(&store.get_routers()).unwrap()
+    serde_json::to_string(
+        &store
+            .get_routers()
+            .into_iter()
+            .map(|(k, v)| (format!("{},{}", k.0, k.1), v))
+            .collect::<HashMap<_, _>>(),
+    )
+    .unwrap()
 }
 
 async fn routing_instances<T: Store>(
@@ -349,7 +356,12 @@ async fn routing_instances<T: Store>(
     let instances = store
         .get_routing_instances()
         .into_iter()
-        .map(|(k, v)| (k, v.into_iter().map(|v| (v, v)).collect::<Vec<_>>()))
+        .map(|(k, v)| {
+            (
+                format!("{},{}", k.0, k.1),
+                v.into_iter().map(|v| (v, v)).collect::<Vec<_>>(),
+            )
+        })
         .collect::<HashMap<_, _>>();
 
     serde_json::to_string(&instances).unwrap()

src/bgp_collector.rs

@@ -21,6 +21,7 @@ pub async fn run_peer(
     store: impl Store,
     stream: TcpStream,
     client_addr: SocketAddr,
+    listener_name: String,
 ) -> anyhow::Result<BgpNotificationMessage> {
     let mut caps = vec![
         BgpCapability::SafiIPv4u,
@@ -61,7 +62,8 @@ pub async fn run_peer(
         .unwrap_or(client_addr.ip().to_string());
     store
         .client_up(
-            client_addr,
+            client_addr.ip(),
+            listener_name.clone(),
             cfg.route_state,
             Client {
                 client_name,
@@ -80,7 +82,8 @@ pub async fn run_peer(
             .insert_bgp_update(
                 TableSelector {
                     session_id: SessionId {
-                        from_client: client_addr,
+                        from_client: client_addr.ip(),
+                        listener: listener_name.clone(),
                         peer_address: client_addr.ip(),
                     },
                     route_state: cfg.route_state,
@@ -111,6 +114,7 @@ pub struct BgpCollectorConfig {
 }
 
 pub async fn run(
+    name: String,
     cfg: BgpCollectorConfig,
     store: impl Store,
     mut shutdown: tokio::sync::watch::Receiver<bool>,
@@ -125,10 +129,11 @@ pub async fn run(
 
                 if let Some(peer_cfg) = cfg.peers.get(&client_addr.ip()).or(cfg.default_peer_config.as_ref()).cloned() {
                     let store = store.clone();
+                    let name = name.clone();
                     let mut shutdown = shutdown.clone();
                     running_tasks.push(tokio::spawn(async move {
                         tokio::select! {
-                            res = run_peer(peer_cfg, store.clone(), io, client_addr) => {
+                            res = run_peer(peer_cfg, store.clone(), io, client_addr, name.clone()) => {
                                 match res {
                                     Err(e) => warn!("disconnected {} {}", client_addr, e),
                                     Ok(notification) => info!("disconnected {} {:?}", client_addr, notification),
@@ -137,7 +142,7 @@ pub async fn run(
                             _ = shutdown.changed() => {
                             }
                         };
-                        store.client_down(client_addr).await;
+                        store.client_down(client_addr.ip(), name.clone()).await;
                     }));
                 } else {
                     info!("unexpected connection from {}", client_addr);

src/bmp_collector.rs

@@ -18,6 +18,7 @@ use zettabgp::bmp::BmpMessage;
 
 fn table_selector_for_peer(
     client_addr: SocketAddr,
+    listener_name: String,
     peer: &BmpMessagePeerHeader,
 ) -> Option<TableSelector> {
     let route_state = match (peer.peertype, peer.flags.view_bits::<Msb0>()[1]) {
@@ -37,7 +38,8 @@ fn table_selector_for_peer(
         route_distinguisher,
         route_state,
         session_id: SessionId {
-            from_client: client_addr,
+            from_client: client_addr.ip(),
+            listener: listener_name,
             peer_address: peer.peeraddress,
         },
     })
@@ -46,9 +48,10 @@ fn table_selector_for_peer(
 async fn process_route_monitoring(
     store: &impl Store,
     client_addr: SocketAddr,
+    listener_name: String,
     rm: BmpMessageRouteMonitoring,
 ) {
-    let session = match table_selector_for_peer(client_addr, &rm.peer) {
+    let session = match table_selector_for_peer(client_addr, listener_name, &rm.peer) {
         Some(session) => session,
         None => {
             trace!(
@@ -65,6 +68,7 @@ async fn process_route_monitoring(
 
 pub fn run_peer(
     client_addr: SocketAddr,
+    listener_name: String,
     peer: BmpMessagePeerHeader,
     store: &impl Store,
 ) -> mpsc::Sender<Result<BmpMessageRouteMonitoring, BmpMessagePeerDown>> {
@@ -73,7 +77,7 @@ pub fn run_peer(
 
     tokio::task::spawn(async move {
         trace!("{} {:?}", client_addr, peer);
-        if let Some(session_id) = table_selector_for_peer(client_addr, &peer)
+        if let Some(session_id) = table_selector_for_peer(client_addr, listener_name.clone(), &peer)
             .and_then(|store| store.session_id().cloned())
         {
             store.session_up(session_id, Session {}).await;
@@ -82,7 +86,7 @@ pub fn run_peer(
         loop {
             match rx.recv().await {
                 Some(Ok(rm)) => {
-                    process_route_monitoring(&store, client_addr, rm).await;
+                    process_route_monitoring(&store, client_addr, listener_name.clone(), rm).await;
                 }
                 Some(Err(down_msg)) => {
                     trace!("{} {:?}", client_addr, down_msg);
@@ -94,7 +98,7 @@ pub fn run_peer(
                 }
             }
         }
-        if let Some(session_id) = table_selector_for_peer(client_addr, &peer)
+        if let Some(session_id) = table_selector_for_peer(client_addr, listener_name.clone(), &peer)
             .and_then(|store| store.session_id().cloned())
         {
             store.session_down(session_id, None).await;
@@ -107,6 +111,7 @@ pub async fn run_client(
     cfg: PeerConfig,
     io: TcpStream,
     client_addr: SocketAddr,
+    listener_name: String,
     store: &impl Store,
 ) -> anyhow::Result<BmpMessageTermination> {
     let read = LengthDelimitedCodec::builder()
@@ -151,15 +156,21 @@ pub async fn run_client(
     > = HashMap::new();
     channels.insert(
         first_peer_up.peer.peeraddress,
-        run_peer(client_addr, first_peer_up.peer, store),
+        run_peer(
+            client_addr,
+            listener_name.clone(),
+            first_peer_up.peer,
+            store,
+        ),
     );
     let client_name = cfg
         .name_override
         .or(init_msg.sys_name)
         .unwrap_or(client_addr.ip().to_string());
     store
         .client_up(
-            client_addr,
+            client_addr.ip(),
+            listener_name.clone(),
             RouteState::Selected,
             Client {
                 client_name,
@@ -178,12 +189,15 @@ pub async fn run_client(
             BmpMessage::RouteMonitoring(rm) => {
                 let channel = channels.entry(rm.peer.peeraddress).or_insert_with(|| {
                     warn!("the bmp device {} sent a message for a nonexisting peer, we'll initialize the table now: {:?}", &client_addr, &rm);
-                    run_peer(client_addr, rm.peer.clone(), store)
+                    run_peer(client_addr, listener_name.clone(), rm.peer.clone(), store)
                 });
                 channel.send(Ok(rm)).await.unwrap();
             }
             BmpMessage::PeerUpNotification(n) => {
-                channels.insert(n.peer.peeraddress, run_peer(client_addr, n.peer, store));
+                channels.insert(
+                    n.peer.peeraddress,
+                    run_peer(client_addr, listener_name.clone(), n.peer, store),
+                );
             }
             BmpMessage::PeerDownNotification(n) => match channels.remove(&n.peer.peeraddress) {
                 Some(channel) => channel.send(Err(n)).await.unwrap(),
@@ -209,6 +223,7 @@ pub struct BmpCollectorConfig {
 }
 
 pub async fn run(
+    name: String,
     cfg: BmpCollectorConfig,
     store: impl Store,
     mut shutdown: tokio::sync::watch::Receiver<bool>,
@@ -222,11 +237,12 @@ pub async fn run(
                 info!("connected {:?}", client_addr);
 
                 let store = store.clone();
+                let name = name.clone();
                 let mut shutdown = shutdown.clone();
                 if let Some(peer_cfg) = cfg.peers.get(&client_addr.ip()).or(cfg.default_peer_config.as_ref()).cloned() {
                     running_tasks.push(tokio::spawn(async move {
                         tokio::select! {
-                            res = run_client(peer_cfg, io, client_addr, &store) => {
+                            res = run_client(peer_cfg, io, client_addr, name.clone(), &store) => {
                                 match res {
                                     Err(e) => warn!("disconnected {} {}", client_addr, e),
                                     Ok(notification) => info!("disconnected {} {:?}", client_addr, notification),
@@ -235,7 +251,7 @@ pub async fn run(
                             _ = shutdown.changed() => {
                             }
                         };
-                        store.client_down(client_addr).await;
+                        store.client_down(client_addr.ip(), name.clone()).await;
                     }));
                 } else {
                     info!("unexpected connection from {}", client_addr);

src/main.rs

@@ -44,14 +44,20 @@ async fn main() -> anyhow::Result<()> {
 
     futures.extend(
         cfg.collectors
-            .into_values()
-            .map(|collector| match collector {
-                CollectorConfig::Bmp(cfg) => {
-                    tokio::task::spawn(bmp_collector::run(cfg, store.clone(), shutdown_rx.clone()))
-                }
-                CollectorConfig::Bgp(cfg) => {
-                    tokio::task::spawn(bgp_collector::run(cfg, store.clone(), shutdown_rx.clone()))
-                }
+            .into_iter()
+            .map(|(name, collector)| match collector {
+                CollectorConfig::Bmp(cfg) => tokio::task::spawn(bmp_collector::run(
+                    name,
+                    cfg,
+                    store.clone(),
+                    shutdown_rx.clone(),
+                )),
+                CollectorConfig::Bgp(cfg) => tokio::task::spawn(bgp_collector::run(
+                    name,
+                    cfg,
+                    store.clone(),
+                    shutdown_rx.clone(),
+                )),
             }),
     );
 

src/store.rs

@@ -3,7 +3,7 @@ use ipnet::{IpNet, Ipv4Net, Ipv6Net};
 use log::*;
 use serde::{Deserialize, Serialize};
 use std::collections::{HashMap, HashSet};
-use std::net::{IpAddr, Ipv4Addr, SocketAddr};
+use std::net::{IpAddr, Ipv4Addr};
 use std::pin::Pin;
 use zettabgp::prelude::{BgpAddrV4, BgpAddrV6};
 
@@ -33,7 +33,8 @@ pub struct RouteAttrs {
 #[derive(Debug, PartialEq, Eq, Hash, Clone, Serialize, Deserialize)]
 #[serde(deny_unknown_fields)]
 pub struct SessionId {
-    pub from_client: SocketAddr,
+    pub from_client: IpAddr,
+    pub listener: String,
     pub peer_address: IpAddr,
 }
 
@@ -61,8 +62,11 @@ pub struct TableSelector {
 }
 
 impl TableSelector {
-    pub fn client_addr(&self) -> &SocketAddr {
-        &self.session_id.from_client
+    pub fn client_id(&self) -> (IpAddr, String) {
+        (
+            self.session_id.from_client,
+            self.session_id.listener.clone(),
+        )
     }
     pub fn session_id(&self) -> Option<&SessionId> {
         match self.route_state {
@@ -76,7 +80,7 @@ impl TableSelector {
 pub enum TableQuery {
     Table(TableSelector),
     Session(SessionId),
-    Client(SocketAddr),
+    Client(IpAddr, String),
     Router(RouterId),
 }
 
@@ -164,20 +168,22 @@ pub trait Store: Clone + Send + Sync + 'static {
 
     fn get_tables(&self) -> Vec<TableSelector>;
 
-    fn get_routers(&self) -> HashMap<SocketAddr, Client>;
+    fn get_routers(&self) -> HashMap<(IpAddr, String), Client>;
 
-    fn get_routing_instances(&self) -> HashMap<SocketAddr, HashSet<RouteDistinguisher>>;
+    fn get_routing_instances(&self) -> HashMap<(IpAddr, String), HashSet<RouteDistinguisher>>;
 
     fn client_up(
         &self,
-        client_addr: SocketAddr,
+        client_ip: IpAddr,
+        listener: String,
         route_state: RouteState,
         client_data: Client,
     ) -> impl std::future::Future<Output = ()> + std::marker::Send;
 
     fn client_down(
         &self,
-        client_addr: SocketAddr,
+        client_ip: IpAddr,
+        listener: String,
     ) -> impl std::future::Future<Output = ()> + std::marker::Send;
 
     fn session_up(