improved rpki validation perfromance + refactoring

src/inputs/input.js

@@ -63,16 +63,16 @@ export default class Input {
                     process.exit();
                 });
         }, 200);
-
     };
 
     _isAlreadyContained = (prefix, lessSpecifics) => {
-        const p1b = ipUtils.getNetmask(prefix);
         const p1af = ipUtils.getAddressFamily(prefix);
+        const p1b = ipUtils.getNetmask(prefix, p1af);
 
         for (let p2 of lessSpecifics) {
-            if (p1af === ipUtils.getAddressFamily(p2.prefix) &&
-                ipUtils.isSubnetBinary(ipUtils.getNetmask(p2.prefix), p1b)) {
+            const p2af = ipUtils.getAddressFamily(p2.prefix);
+            if (p1af === p2af &&
+                ipUtils.isSubnetBinary(ipUtils.getNetmask(p2.prefix, p2af), p1b)) {
                 return true;
             }
 
@@ -127,13 +127,13 @@ export default class Input {
 
                 if (!this.cache.af[p.prefix] || !this.cache.binaries[p.prefix]) {
                     this.cache.af[p.prefix] = ipUtils.getAddressFamily(p.prefix);
-                    this.cache.binaries[p.prefix] = ipUtils.getNetmask(p.prefix);
+                    this.cache.binaries[p.prefix] = ipUtils.getNetmask(p.prefix, this.cache.af[p.prefix]);
                 }
                 const prefixAf = ipUtils.getAddressFamily(prefix);
 
                 if (prefixAf === this.cache.af[p.prefix]) {
 
-                    const prefixBinary = ipUtils.getNetmask(prefix);
+                    const prefixBinary = ipUtils.getNetmask(prefix, prefixAf);
                     if (ipUtils.isSubnetBinary(this.cache.binaries[p.prefix], prefixBinary)) {
                         if (includeIgnoredMorespecifics || !p.ignoreMorespecifics) {
                             return p;

src/monitors/monitorHijack.js

@@ -66,6 +66,21 @@ export default class MonitorHijack extends Monitor {
         return false;
     };
 
+    validate = (message, matchedRule) => {
+        this.rpki.addToValidationQueue(message, matchedRule, this._validate);
+    };
+
+    _validate = (result, message, matchedRule) => {
+        if (!result.valid) {
+            this.publishAlert(message.originAS.getId() + "-" + message.prefix,
+                matchedRule.asn.getId(),
+                matchedRule,
+                message,
+                {});
+        }
+    }
+
+
     monitor = (message) =>
         new Promise((resolve, reject) => {
 
@@ -73,20 +88,8 @@ export default class MonitorHijack extends Monitor {
             const matchedRule = this.getMoreSpecificMatch(messagePrefix, false);
 
             if (matchedRule && !matchedRule.ignore && !matchedRule.asn.includes(message.originAS)) {
-
-                this.rpki.validate(messagePrefix, message.originAS)
-                    .then(result => {
-
-                        if (!result.valid) {
-                            this.publishAlert(message.originAS.getId() + "-" + message.prefix,
-                                matchedRule.asn.getId(),
-                                matchedRule,
-                                message,
-                                {});
-                        }
-
-                        resolve(true);
-                    });
+                this.validate(message, matchedRule);
+                resolve(true);
             }
         });
 

src/monitors/monitorRPKI.js

@@ -71,8 +71,6 @@ export default class MonitorRPKI extends Monitor {
             });
 
         this.queue = [];
-
-        setInterval(this._validateBatch, 500); // Periodically validate prefixes-origin pairs
     };
 
     updateMonitoredResources = () => {
@@ -176,45 +174,8 @@ export default class MonitorRPKI extends Monitor {
         }
     };
 
-    _validateBatch = () => {
-        const batch = {};
-
-        for (let { message, matchedRule } of this.queue) {
-
-            const key = message.originAS.getId() + "-" + message.prefix;
-            batch[key] = batch[key] || [];
-            batch[key].push({ message, matchedRule });
-        }
-        this.queue = [];
-
-        this.rpki
-            .validateBatch(Object
-                .values(batch)
-                .map((elements) => {
-                    const { message } = elements[0];
-                    return {
-                        prefix: message.prefix,
-                        origin: message.originAS
-                    };
-                }))
-            .then(results => {
-                for (let result of results) {
-                    const key = result.origin.getId() + "-" + result.prefix;
-                    for (let { message, matchedRule } of batch[key]) {
-                        this._validate(result, message, matchedRule);
-                    }
-                }
-            })
-            .catch(error => {
-                this.logger.log({
-                    level: 'error',
-                    message: error
-                });
-            });
-    }
-
-    validate = ({ message, matchedRule }) => {
-        this.queue.push({ message, matchedRule });
+    validate = (message, matchedRule) => {
+        this.rpki.addToValidationQueue(message, matchedRule, this._validate);
     };
 
     monitor = (message) => {
@@ -224,11 +185,11 @@ export default class MonitorRPKI extends Monitor {
         const matchedPrefixRule = this.getMoreSpecificMatch(prefix, false);
 
         if (matchedPrefixRule && !matchedPrefixRule.ignore) {
-            this.validate({ message, matchedRule: matchedPrefixRule });
+            this.validate(message, matchedPrefixRule);
         } else {
             const matchedASRule = this.getMonitoredAsMatch(messageOrigin);
             if (matchedASRule) {
-                this.validate({ message, matchedRule: matchedASRule });
+                this.validate(message, matchedASRule);
             }
         }
 

src/utils/rpkiUtils.js

@@ -53,6 +53,9 @@ export default class RpkiUtils {
         if (this.params.markDataAsStaleAfterMinutes > 0) {
             setInterval(this._markAsStale, this.params.markDataAsStaleAfterMinutes * 60 * 1000);
         }
+
+        this.queue = [];
+        setInterval(this._validateQueue, 500); // Periodically validate prefixes-origin pairs
     };
 
     _loadRpkiValidatorFromVrpProvider = () => {
@@ -188,6 +191,45 @@ export default class RpkiUtils {
         }
     };
 
+    _validateQueue = () => {
+        const batch = {};
+
+        for (let { message, matchedRule, callback } of this.queue) {
+            const key = message.originAS.getId() + "-" + message.prefix;
+            batch[key] = batch[key] || [];
+            batch[key].push({ message, matchedRule, callback });
+        }
+        this.queue = [];
+
+        this.validateBatch(Object
+                .values(batch)
+                .map((elements) => {
+                    const { message } = elements[0];
+                    return {
+                        prefix: message.prefix,
+                        origin: message.originAS
+                    };
+                }))
+            .then(results => {
+                for (let result of results) {
+                    const key = result.origin.getId() + "-" + result.prefix;
+                    for (let { message, matchedRule, callback } of batch[key]) {
+                        callback(result, message, matchedRule);
+                    }
+                }
+            })
+            .catch(error => {
+                this.logger.log({
+                    level: 'error',
+                    message: error
+                });
+            });
+    };
+
+    addToValidationQueue = (message, matchedRule, callback) => {
+        this.queue.push({ message, matchedRule, callback });
+    };
+
     validate = (prefix, origin) => {
         return this.validateBatch([{ prefix, origin }])
             .then(results => results[0]);