diff --git a/bgpd/bgp_evpn_vty.c b/bgpd/bgp_evpn_vty.c index 0ae3eb33e1..5a0258f3bf 100644 --- a/bgpd/bgp_evpn_vty.c +++ b/bgpd/bgp_evpn_vty.c @@ -741,9 +741,9 @@ static void bgp_evpn_show_routes_mac_ip_es(struct vty *vty, esi_t *esi, json_path = json_object_new_array(); if (detail) - route_vty_out_detail(vty, bgp, rn, pi, - AFI_L2VPN, SAFI_EVPN, - json_path); + route_vty_out_detail( + vty, bgp, rn, pi, AFI_L2VPN, SAFI_EVPN, + RPKI_NOT_BEING_USED, json_path); else route_vty_out(vty, &rn->p, pi, 0, SAFI_EVPN, json_path, false); @@ -842,6 +842,7 @@ static void show_vni_routes(struct bgp *bgp, struct bgpevpn *vpn, int type, if (detail) route_vty_out_detail(vty, bgp, dest, pi, AFI_L2VPN, SAFI_EVPN, + RPKI_NOT_BEING_USED, json_path); else route_vty_out(vty, p, pi, 0, SAFI_EVPN, @@ -2386,7 +2387,8 @@ static void evpn_show_route_vni_multicast(struct vty *vty, struct bgp *bgp, if (json) json_path = json_object_new_array(); - route_vty_out_detail(vty, bgp, dest, pi, afi, safi, json_path); + route_vty_out_detail(vty, bgp, dest, pi, afi, safi, + RPKI_NOT_BEING_USED, json_path); if (json) json_object_array_add(json_paths, json_path); @@ -2455,7 +2457,8 @@ static void evpn_show_route_vni_macip(struct vty *vty, struct bgp *bgp, if (json) json_path = json_object_new_array(); - route_vty_out_detail(vty, bgp, dest, pi, afi, safi, json_path); + route_vty_out_detail(vty, bgp, dest, pi, afi, safi, + RPKI_NOT_BEING_USED, json_path); if (json) json_object_array_add(json_paths, json_path); @@ -2560,7 +2563,8 @@ static void evpn_show_route_rd_macip(struct vty *vty, struct bgp *bgp, if (json) json_path = json_object_new_array(); - route_vty_out_detail(vty, bgp, dest, pi, afi, safi, json_path); + route_vty_out_detail(vty, bgp, dest, pi, afi, safi, + RPKI_NOT_BEING_USED, json_path); if (json) json_object_array_add(json_paths, json_path); @@ -2670,7 +2674,7 @@ static void evpn_show_route_rd(struct vty *vty, struct bgp *bgp, json_path = json_object_new_array(); route_vty_out_detail(vty, bgp, dest, pi, afi, safi, - json_path); + RPKI_NOT_BEING_USED, json_path); if (json) json_object_array_add(json_paths, json_path); @@ -2839,7 +2843,8 @@ static void evpn_show_all_routes(struct vty *vty, struct bgp *bgp, int type, if (detail) { route_vty_out_detail( vty, bgp, dest, pi, AFI_L2VPN, - SAFI_EVPN, json_path); + SAFI_EVPN, RPKI_NOT_BEING_USED, + json_path); } else route_vty_out(vty, p, pi, 0, SAFI_EVPN, json_path, false); diff --git a/bgpd/bgp_route.c b/bgpd/bgp_route.c index b73c83f190..a6bfb519d8 100644 --- a/bgpd/bgp_route.c +++ b/bgpd/bgp_route.c @@ -71,6 +71,7 @@ #include "bgpd/bgp_mac.h" #include "bgpd/bgp_network.h" #include "bgpd/bgp_trace.h" +#include "bgpd/bgp_rpki.h" #ifdef ENABLE_BGP_VNC #include "bgpd/rfapi/rfapi_backend.h" @@ -7551,18 +7552,20 @@ static const char *bgp_origin2str(uint8_t origin) return "n/a"; } -static const char *bgp_rpki_validation2str(int v_state) +static const char *bgp_rpki_validation2str(enum rpki_states v_state) { switch (v_state) { - case 1: + case RPKI_NOT_BEING_USED: + return "not used"; + case RPKI_VALID: return "valid"; - case 2: + case RPKI_NOTFOUND: return "not found"; - case 3: + case RPKI_INVALID: return "invalid"; - default: - break; } + + assert(!"We should never get here this is a dev escape"); return "ERROR"; } @@ -9549,9 +9552,10 @@ static void route_vty_out_detail_es_info(struct vty *vty, } } -void route_vty_out_detail(struct vty *vty, struct bgp *bgp, - struct bgp_dest *bn, struct bgp_path_info *path, - afi_t afi, safi_t safi, json_object *json_paths) +void route_vty_out_detail(struct vty *vty, struct bgp *bgp, struct bgp_dest *bn, + struct bgp_path_info *path, afi_t afi, safi_t safi, + enum rpki_states rpki_curr_state, + json_object *json_paths) { char buf[INET6_ADDRSTRLEN]; char buf1[BUFSIZ]; @@ -9582,7 +9586,6 @@ void route_vty_out_detail(struct vty *vty, struct bgp *bgp, int i; char *nexthop_hostname = bgp_nexthop_hostname(path->peer, path->nexthop); - int rpki_validation_state = 0; if (json_paths) { json_path = json_object_new_object(); @@ -10189,18 +10192,14 @@ void route_vty_out_detail(struct vty *vty, struct bgp *bgp, } } - const struct prefix *p = bgp_dest_get_prefix(bn); - if (p->family == AF_INET || p->family == AF_INET6) - rpki_validation_state = hook_call(bgp_rpki_prefix_status, - path->peer, path->attr, p); - if (rpki_validation_state) { + if (rpki_curr_state != RPKI_NOT_BEING_USED) { if (json_paths) json_object_string_add( json_path, "rpkiValidationState", - bgp_rpki_validation2str(rpki_validation_state)); + bgp_rpki_validation2str(rpki_curr_state)); else - vty_out(vty, ", validation-state: %s", - bgp_rpki_validation2str(rpki_validation_state)); + vty_out(vty, ", rpki validation-state: %s", + bgp_rpki_validation2str(rpki_curr_state)); } if (json_bestpath) @@ -10520,7 +10519,8 @@ static int bgp_show_table(struct vty *vty, struct bgp *bgp, safi_t safi, struct bgp_table *table, enum bgp_show_type type, void *output_arg, char *rd, int is_last, unsigned long *output_cum, unsigned long *total_cum, - unsigned long *json_header_depth, uint8_t show_flags) + unsigned long *json_header_depth, uint8_t show_flags, + enum rpki_states rpki_target_state) { struct bgp_path_info *pi; struct bgp_dest *dest; @@ -10569,6 +10569,7 @@ static int bgp_show_table(struct vty *vty, struct bgp *bgp, safi_t safi, /* Start processing of routes. */ for (dest = bgp_table_top(table); dest; dest = bgp_route_next(dest)) { const struct prefix *dest_p = bgp_dest_get_prefix(dest); + enum rpki_states rpki_curr_state = RPKI_NOT_BEING_USED; pi = bgp_dest_get_bgp_path_info(dest); if (pi == NULL) @@ -10582,6 +10583,18 @@ static int bgp_show_table(struct vty *vty, struct bgp *bgp, safi_t safi, for (; pi; pi = pi->next) { total_count++; + + if (type == bgp_show_type_rpki) { + if (dest_p->family == AF_INET + || dest_p->family == AF_INET6) + rpki_curr_state = hook_call( + bgp_rpki_prefix_status, + pi->peer, pi->attr, dest_p); + if (rpki_target_state != RPKI_NOT_BEING_USED + && rpki_curr_state != rpki_target_state) + continue; + } + if (type == bgp_show_type_flap_statistics || type == bgp_show_type_flap_neighbor || type == bgp_show_type_dampend_paths @@ -10891,7 +10904,7 @@ int bgp_show_table_rd(struct vty *vty, struct bgp *bgp, safi_t safi, bgp_show_table(vty, bgp, safi, itable, type, output_arg, rd, next == NULL, &output_cum, &total_cum, &json_header_depth, - show_flags); + show_flags, RPKI_NOT_BEING_USED); if (next == NULL) show_msg = false; } @@ -10909,7 +10922,7 @@ int bgp_show_table_rd(struct vty *vty, struct bgp *bgp, safi_t safi, } static int bgp_show(struct vty *vty, struct bgp *bgp, afi_t afi, safi_t safi, enum bgp_show_type type, void *output_arg, - uint8_t show_flags) + uint8_t show_flags, enum rpki_states rpki_target_state) { struct bgp_table *table; unsigned long json_header_depth = 0; @@ -10944,7 +10957,8 @@ static int bgp_show(struct vty *vty, struct bgp *bgp, afi_t afi, safi_t safi, safi = SAFI_UNICAST; return bgp_show_table(vty, bgp, safi, table, type, output_arg, NULL, 1, - NULL, NULL, &json_header_depth, show_flags); + NULL, NULL, &json_header_depth, show_flags, + rpki_target_state); } static void bgp_show_all_instances_routes_vty(struct vty *vty, afi_t afi, @@ -10978,7 +10992,7 @@ static void bgp_show_all_instances_routes_vty(struct vty *vty, afi_t afi, : bgp->name); } bgp_show(vty, bgp, afi, safi, bgp_show_type_normal, NULL, - show_flags); + show_flags, RPKI_NOT_BEING_USED); } if (use_json) @@ -11197,15 +11211,25 @@ static void bgp_show_path_info(struct prefix_rd *pfx_rd, struct bgp_dest *bgp_node, struct vty *vty, struct bgp *bgp, afi_t afi, safi_t safi, json_object *json, enum bgp_path_type pathtype, - int *display) + int *display, enum rpki_states rpki_target_state) { struct bgp_path_info *pi; int header = 1; char rdbuf[RD_ADDRSTRLEN]; json_object *json_header = NULL; json_object *json_paths = NULL; + const struct prefix *p = bgp_dest_get_prefix(bgp_node); for (pi = bgp_dest_get_bgp_path_info(bgp_node); pi; pi = pi->next) { + enum rpki_states rpki_curr_state = RPKI_NOT_BEING_USED; + + if (p->family == AF_INET || p->family == AF_INET6) + rpki_curr_state = hook_call(bgp_rpki_prefix_status, + pi->peer, pi->attr, p); + + if (rpki_target_state != RPKI_NOT_BEING_USED + && rpki_curr_state != rpki_target_state) + continue; if (json && !json_paths) { /* Instantiate json_paths only if path is valid */ @@ -11231,9 +11255,8 @@ static void bgp_show_path_info(struct prefix_rd *pfx_rd, || (pathtype == BGP_PATH_SHOW_MULTIPATH && (CHECK_FLAG(pi->flags, BGP_PATH_MULTIPATH) || CHECK_FLAG(pi->flags, BGP_PATH_SELECTED)))) - route_vty_out_detail(vty, bgp, bgp_node, - pi, AFI_IP, safi, - json_paths); + route_vty_out_detail(vty, bgp, bgp_node, pi, AFI_IP, + safi, rpki_curr_state, json_paths); } if (json && json_paths) { @@ -11248,6 +11271,7 @@ static void bgp_show_path_info(struct prefix_rd *pfx_rd, static int bgp_show_route_in_table(struct vty *vty, struct bgp *bgp, struct bgp_table *rib, const char *ip_str, afi_t afi, safi_t safi, + enum rpki_states rpki_target_state, struct prefix_rd *prd, int prefix_check, enum bgp_path_type pathtype, bool use_json) { @@ -11295,7 +11319,7 @@ static int bgp_show_route_in_table(struct vty *vty, struct bgp *bgp, bgp_show_path_info((struct prefix_rd *)dest_p, rm, vty, bgp, afi, safi, json, pathtype, - &display); + &display, rpki_target_state); bgp_dest_unlock_node(rm); } @@ -11354,7 +11378,7 @@ static int bgp_show_route_in_table(struct vty *vty, struct bgp *bgp, bgp_show_path_info((struct prefix_rd *)dest_p, rm, vty, bgp, afi, safi, json, pathtype, - &display); + &display, rpki_target_state); bgp_dest_unlock_node(rm); } @@ -11381,7 +11405,7 @@ static int bgp_show_route_in_table(struct vty *vty, struct bgp *bgp, || dest_p->prefixlen == match.prefixlen) { bgp_show_path_info(NULL, dest, vty, bgp, afi, safi, json, pathtype, - &display); + &display, rpki_target_state); } bgp_dest_unlock_node(dest); @@ -11407,7 +11431,7 @@ static int bgp_show_route_in_table(struct vty *vty, struct bgp *bgp, static int bgp_show_route(struct vty *vty, struct bgp *bgp, const char *ip_str, afi_t afi, safi_t safi, struct prefix_rd *prd, int prefix_check, enum bgp_path_type pathtype, - bool use_json) + enum rpki_states rpki_target_state, bool use_json) { if (!bgp) { bgp = bgp_get_default(); @@ -11425,8 +11449,8 @@ static int bgp_show_route(struct vty *vty, struct bgp *bgp, const char *ip_str, safi = SAFI_UNICAST; return bgp_show_route_in_table(vty, bgp, bgp->rib[afi][safi], ip_str, - afi, safi, prd, prefix_check, pathtype, - use_json); + afi, safi, rpki_target_state, prd, + prefix_check, pathtype, use_json); } static int bgp_show_lcommunity(struct vty *vty, struct bgp *bgp, int argc, @@ -11468,9 +11492,9 @@ static int bgp_show_lcommunity(struct vty *vty, struct bgp *bgp, int argc, } ret = bgp_show(vty, bgp, afi, safi, - (exact ? bgp_show_type_lcommunity_exact - : bgp_show_type_lcommunity), - lcom, show_flags); + (exact ? bgp_show_type_lcommunity_exact + : bgp_show_type_lcommunity), + lcom, show_flags, RPKI_NOT_BEING_USED); lcommunity_free(&lcom); return ret; @@ -11498,7 +11522,7 @@ static int bgp_show_lcommunity_list(struct vty *vty, struct bgp *bgp, return bgp_show(vty, bgp, afi, safi, (exact ? bgp_show_type_lcommunity_list_exact : bgp_show_type_lcommunity_list), - list, show_flags); + list, show_flags, RPKI_NOT_BEING_USED); } DEFUN (show_ip_bgp_large_community_list, @@ -11580,7 +11604,8 @@ DEFUN (show_ip_bgp_large_community, exact_match, afi, safi, uj); } else return bgp_show(vty, bgp, afi, safi, - bgp_show_type_lcommunity_all, NULL, show_flags); + bgp_show_type_lcommunity_all, NULL, show_flags, + RPKI_NOT_BEING_USED); } static int bgp_table_stats_single(struct vty *vty, struct bgp *bgp, afi_t afi, @@ -11828,6 +11853,7 @@ DEFPY (show_ip_bgp_json, |accept-own|accept-own-nexthop|route-filter-v6\ |route-filter-v4|route-filter-translated-v6\ |route-filter-translated-v4] [exact-match]\ + |rpki \ ] [json$uj | wide$wide]", SHOW_STR IP_STR @@ -11857,6 +11883,10 @@ DEFPY (show_ip_bgp_json, "RT translated VPNv6 route filtering (well-known community)\n" "RT translated VPNv4 route filtering (well-known community)\n" "Exact match of the communities\n" + "RPKI route types\n" + "A valid path as determined by rpki\n" + "A invalid path as determined by rpki\n" + "A path that has no rpki data\n" JSON_STR "Increase table width for longer prefixes\n") { @@ -11869,7 +11899,7 @@ DEFPY (show_ip_bgp_json, char *community = NULL; bool first = true; uint8_t show_flags = 0; - + enum rpki_states rpki_target_state = RPKI_NOT_BEING_USED; if (uj) { argc--; @@ -11926,6 +11956,14 @@ DEFPY (show_ip_bgp_json, sh_type = bgp_show_type_community_all; } + if (argv_find(argv, argc, "rpki", &idx)) { + sh_type = bgp_show_type_rpki; + if (argv_find(argv, argc, "valid", &idx)) + rpki_target_state = RPKI_VALID; + else if (argv_find(argv, argc, "invalid", &idx)) + rpki_target_state = RPKI_INVALID; + } + if (!all) { /* show bgp: AFI_IP6, show ip bgp: AFI_IP */ if (community) @@ -11934,7 +11972,7 @@ DEFPY (show_ip_bgp_json, show_flags); else return bgp_show(vty, bgp, afi, safi, sh_type, NULL, - show_flags); + show_flags, rpki_target_state); } else { /* show bgp ipv4 all: AFI_IP, show bgp ipv6 all: * AFI_IP6 */ @@ -11971,7 +12009,8 @@ DEFPY (show_ip_bgp_json, safi, show_flags); else bgp_show(vty, bgp, afi, safi, sh_type, - NULL, show_flags); + NULL, show_flags, + rpki_target_state); if (uj) vty_out(vty, "}\n"); } @@ -12002,7 +12041,8 @@ DEFPY (show_ip_bgp_json, safi, show_flags); else bgp_show(vty, bgp, afi, safi, sh_type, - NULL, show_flags); + NULL, show_flags, + rpki_target_state); if (uj) vty_out(vty, "}\n"); } @@ -12015,7 +12055,7 @@ DEFPY (show_ip_bgp_json, DEFUN (show_ip_bgp_route, show_ip_bgp_route_cmd, - "show [ip] bgp [ VIEWVRFNAME] ["BGP_AFI_CMD_STR" ["BGP_SAFI_WITH_LABEL_CMD_STR"]] [] [json]", + "show [ip] bgp [ VIEWVRFNAME] ["BGP_AFI_CMD_STR" ["BGP_SAFI_WITH_LABEL_CMD_STR"]] [] [rpki ] [json]", SHOW_STR IP_STR BGP_STR @@ -12028,6 +12068,10 @@ DEFUN (show_ip_bgp_route, "IPv6 prefix\n" "Display only the bestpath\n" "Display only multipaths\n" + "Display only paths that match the specified rpki state\n" + "A valid path as determined by rpki\n" + "A invalid path as determined by rpki\n" + "A path that has no rpki data\n" JSON_STR) { int prefix_check = 0; @@ -12084,7 +12128,7 @@ DEFUN (show_ip_bgp_route, path_type = BGP_PATH_SHOW_ALL; return bgp_show_route(vty, bgp, prefix, afi, safi, NULL, prefix_check, - path_type, uj); + path_type, RPKI_NOT_BEING_USED, uj); } DEFUN (show_ip_bgp_regexp, @@ -12179,7 +12223,8 @@ static int bgp_show_regexp(struct vty *vty, struct bgp *bgp, const char *regstr, return CMD_WARNING; } - rc = bgp_show(vty, bgp, afi, safi, type, regex, show_flags); + rc = bgp_show(vty, bgp, afi, safi, type, regex, show_flags, + RPKI_NOT_BEING_USED); bgp_regex_free(regex); return rc; } @@ -12198,7 +12243,8 @@ static int bgp_show_prefix_list(struct vty *vty, struct bgp *bgp, return CMD_WARNING; } - return bgp_show(vty, bgp, afi, safi, type, plist, show_flags); + return bgp_show(vty, bgp, afi, safi, type, plist, show_flags, + RPKI_NOT_BEING_USED); } static int bgp_show_filter_list(struct vty *vty, struct bgp *bgp, @@ -12215,7 +12261,8 @@ static int bgp_show_filter_list(struct vty *vty, struct bgp *bgp, return CMD_WARNING; } - return bgp_show(vty, bgp, afi, safi, type, as_list, show_flags); + return bgp_show(vty, bgp, afi, safi, type, as_list, show_flags, + RPKI_NOT_BEING_USED); } static int bgp_show_route_map(struct vty *vty, struct bgp *bgp, @@ -12231,7 +12278,8 @@ static int bgp_show_route_map(struct vty *vty, struct bgp *bgp, return CMD_WARNING; } - return bgp_show(vty, bgp, afi, safi, type, rmap, show_flags); + return bgp_show(vty, bgp, afi, safi, type, rmap, show_flags, + RPKI_NOT_BEING_USED); } static int bgp_show_community(struct vty *vty, struct bgp *bgp, @@ -12250,7 +12298,7 @@ static int bgp_show_community(struct vty *vty, struct bgp *bgp, ret = bgp_show(vty, bgp, afi, safi, (exact ? bgp_show_type_community_exact : bgp_show_type_community), - com, show_flags); + com, show_flags, RPKI_NOT_BEING_USED); community_free(&com); return ret; @@ -12272,7 +12320,7 @@ static int bgp_show_community_list(struct vty *vty, struct bgp *bgp, return bgp_show(vty, bgp, afi, safi, (exact ? bgp_show_type_community_list_exact : bgp_show_type_community_list), - list, show_flags); + list, show_flags, RPKI_NOT_BEING_USED); } static int bgp_show_prefix_longer(struct vty *vty, struct bgp *bgp, @@ -12291,7 +12339,8 @@ static int bgp_show_prefix_longer(struct vty *vty, struct bgp *bgp, return CMD_WARNING; } - ret = bgp_show(vty, bgp, afi, safi, type, p, show_flags); + ret = bgp_show(vty, bgp, afi, safi, type, p, show_flags, + RPKI_NOT_BEING_USED); prefix_free(&p); return ret; } @@ -13013,7 +13062,7 @@ DEFUN (show_bgp_l2vpn_evpn_route_prefix, } return bgp_show_route(vty, NULL, network, AFI_L2VPN, SAFI_EVPN, NULL, prefix_check, BGP_PATH_SHOW_ALL, - use_json(argc, argv)); + RPKI_NOT_BEING_USED, use_json(argc, argv)); } static void show_adj_route_header(struct vty *vty, struct bgp *bgp, @@ -13733,7 +13782,8 @@ static int bgp_show_neighbor_route(struct vty *vty, struct peer *peer, if (safi == SAFI_LABELED_UNICAST) safi = SAFI_UNICAST; - return bgp_show(vty, peer->bgp, afi, safi, type, &peer->su, show_flags); + return bgp_show(vty, peer->bgp, afi, safi, type, &peer->su, show_flags, + RPKI_NOT_BEING_USED); } DEFUN (show_ip_bgp_flowspec_routes_detailed, @@ -13766,7 +13816,7 @@ DEFUN (show_ip_bgp_flowspec_routes_detailed, return CMD_WARNING; return bgp_show(vty, bgp, afi, safi, bgp_show_type_detail, NULL, - show_flags); + show_flags, RPKI_NOT_BEING_USED); } DEFUN (show_ip_bgp_neighbor_routes, @@ -13862,7 +13912,8 @@ DEFUN (show_bgp_afi_vpn_rd_route, } return bgp_show_route(vty, NULL, argv[6]->arg, afi, SAFI_MPLS_VPN, &prd, - 0, BGP_PATH_SHOW_ALL, use_json(argc, argv)); + 0, BGP_PATH_SHOW_ALL, RPKI_NOT_BEING_USED, + use_json(argc, argv)); } static struct bgp_distance *bgp_distance_new(void) diff --git a/bgpd/bgp_route.h b/bgpd/bgp_route.h index b6aa53070b..0a4fd026e4 100644 --- a/bgpd/bgp_route.h +++ b/bgpd/bgp_route.h @@ -28,6 +28,7 @@ #include "nexthop.h" #include "bgp_table.h" #include "bgp_addpath_types.h" +#include "bgp_rpki.h" struct bgp_nexthop_cache; struct bgp_route_evpn; @@ -56,6 +57,7 @@ enum bgp_show_type { bgp_show_type_dampend_paths, bgp_show_type_damp_neighbor, bgp_show_type_detail, + bgp_show_type_rpki, }; enum bgp_show_adj_route_type { @@ -763,7 +765,8 @@ extern void route_vty_out_detail_header(struct vty *vty, struct bgp *bgp, extern void route_vty_out_detail(struct vty *vty, struct bgp *bgp, struct bgp_dest *bn, struct bgp_path_info *path, afi_t afi, - safi_t safi, json_object *json_paths); + safi_t safi, enum rpki_states, + json_object *json_paths); extern int bgp_show_table_rd(struct vty *vty, struct bgp *bgp, safi_t safi, struct bgp_table *table, struct prefix_rd *prd, enum bgp_show_type type, void *output_arg, diff --git a/bgpd/bgp_rpki.c b/bgpd/bgp_rpki.c index 9344384956..3ef0137ba6 100644 --- a/bgpd/bgp_rpki.c +++ b/bgpd/bgp_rpki.c @@ -47,6 +47,8 @@ #include "bgpd/bgp_attr.h" #include "bgpd/bgp_aspath.h" #include "bgpd/bgp_route.h" +#include "bgpd/bgp_rpki.h" + #include "lib/network.h" #include "lib/thread.h" #ifndef VTYSH_EXTRACT_PL @@ -63,10 +65,6 @@ DEFINE_MTYPE_STATIC(BGPD, BGP_RPKI_CACHE, "BGP RPKI Cache server"); DEFINE_MTYPE_STATIC(BGPD, BGP_RPKI_CACHE_GROUP, "BGP RPKI Cache server group"); -#define RPKI_VALID 1 -#define RPKI_NOTFOUND 2 -#define RPKI_INVALID 3 - #define POLLING_PERIOD_DEFAULT 3600 #define EXPIRE_INTERVAL_DEFAULT 7200 #define RETRY_INTERVAL_DEFAULT 600 diff --git a/bgpd/bgp_rpki.h b/bgpd/bgp_rpki.h new file mode 100644 index 0000000000..4dd4b4a2b2 --- /dev/null +++ b/bgpd/bgp_rpki.h @@ -0,0 +1,33 @@ +/* + * bgp_rpki code + * Copyright (C) 2021 NVIDIA Corporation and Mellanox Technologies, LTD + * All Rights Reserved + * Donald Sharp + * + * This file is part of FRR. + * + * FRR is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2, or (at your option) any + * later version. + * + * FRR is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; see the file COPYING; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + */ +#ifndef __BGP_RPKI_H__ +#define __BGP_RPKI_H__ + +enum rpki_states { + RPKI_NOT_BEING_USED, + RPKI_VALID, + RPKI_NOTFOUND, + RPKI_INVALID +}; + +#endif diff --git a/bgpd/subdir.am b/bgpd/subdir.am index 3991f7d1ed..0ca43fd308 100644 --- a/bgpd/subdir.am +++ b/bgpd/subdir.am @@ -176,6 +176,7 @@ noinst_HEADERS += \ bgpd/bgp_pbr.h \ bgpd/bgp_rd.h \ bgpd/bgp_regex.h \ + bgpd/bgp_rpki.h \ bgpd/bgp_route.h \ bgpd/bgp_script.h \ bgpd/bgp_table.h \ diff --git a/doc/user/rpki.rst b/doc/user/rpki.rst index 01705f607c..d496d437d3 100644 --- a/doc/user/rpki.rst +++ b/doc/user/rpki.rst @@ -206,6 +206,14 @@ Displaying RPKI Display all configured cache servers, whether active or not. +.. clicmd:: show bgp [afi] [safi] rpki + + Display for the specified prefix or address the bgp paths that match the given rpki state. + +.. clicmd:: show bgp [afi] [safi] rpki + + Display all prefixes that match the given rpki state. + RPKI Configuration Example --------------------------