From fdeb5a813510bcabaf17850f4fdb7a5328c54810 Mon Sep 17 00:00:00 2001 From: Donald Sharp Date: Mon, 8 Mar 2021 15:56:12 -0500 Subject: [PATCH 1/7] bgpd: Convert RPKI states to an enum and use them Convert the rpki states to an enum and use them in the code Signed-off-by: Donald Sharp --- bgpd/bgp_route.c | 20 ++++++++++++-------- bgpd/bgp_rpki.c | 6 ++---- bgpd/bgp_rpki.h | 33 +++++++++++++++++++++++++++++++++ bgpd/subdir.am | 1 + 4 files changed, 48 insertions(+), 12 deletions(-) create mode 100644 bgpd/bgp_rpki.h diff --git a/bgpd/bgp_route.c b/bgpd/bgp_route.c index b73c83f190..b19af69067 100644 --- a/bgpd/bgp_route.c +++ b/bgpd/bgp_route.c @@ -71,6 +71,7 @@ #include "bgpd/bgp_mac.h" #include "bgpd/bgp_network.h" #include "bgpd/bgp_trace.h" +#include "bgpd/bgp_rpki.h" #ifdef ENABLE_BGP_VNC #include "bgpd/rfapi/rfapi_backend.h" @@ -7551,18 +7552,20 @@ static const char *bgp_origin2str(uint8_t origin) return "n/a"; } -static const char *bgp_rpki_validation2str(int v_state) +static const char *bgp_rpki_validation2str(enum rpki_states v_state) { switch (v_state) { - case 1: + case RPKI_NOT_BEING_USED: + return "not used"; + case RPKI_VALID: return "valid"; - case 2: + case RPKI_NOTFOUND: return "not found"; - case 3: + case RPKI_INVALID: return "invalid"; - default: - break; } + + assert(!"We should never get here this is a dev escape"); return "ERROR"; } @@ -9582,7 +9585,7 @@ void route_vty_out_detail(struct vty *vty, struct bgp *bgp, int i; char *nexthop_hostname = bgp_nexthop_hostname(path->peer, path->nexthop); - int rpki_validation_state = 0; + enum rpki_states rpki_validation_state = RPKI_NOT_BEING_USED; if (json_paths) { json_path = json_object_new_object(); @@ -10190,10 +10193,11 @@ void route_vty_out_detail(struct vty *vty, struct bgp *bgp, } const struct prefix *p = bgp_dest_get_prefix(bn); + if (p->family == AF_INET || p->family == AF_INET6) rpki_validation_state = hook_call(bgp_rpki_prefix_status, path->peer, path->attr, p); - if (rpki_validation_state) { + if (rpki_validation_state != RPKI_NOT_BEING_USED) { if (json_paths) json_object_string_add( json_path, "rpkiValidationState", diff --git a/bgpd/bgp_rpki.c b/bgpd/bgp_rpki.c index 9344384956..3ef0137ba6 100644 --- a/bgpd/bgp_rpki.c +++ b/bgpd/bgp_rpki.c @@ -47,6 +47,8 @@ #include "bgpd/bgp_attr.h" #include "bgpd/bgp_aspath.h" #include "bgpd/bgp_route.h" +#include "bgpd/bgp_rpki.h" + #include "lib/network.h" #include "lib/thread.h" #ifndef VTYSH_EXTRACT_PL @@ -63,10 +65,6 @@ DEFINE_MTYPE_STATIC(BGPD, BGP_RPKI_CACHE, "BGP RPKI Cache server"); DEFINE_MTYPE_STATIC(BGPD, BGP_RPKI_CACHE_GROUP, "BGP RPKI Cache server group"); -#define RPKI_VALID 1 -#define RPKI_NOTFOUND 2 -#define RPKI_INVALID 3 - #define POLLING_PERIOD_DEFAULT 3600 #define EXPIRE_INTERVAL_DEFAULT 7200 #define RETRY_INTERVAL_DEFAULT 600 diff --git a/bgpd/bgp_rpki.h b/bgpd/bgp_rpki.h new file mode 100644 index 0000000000..4dd4b4a2b2 --- /dev/null +++ b/bgpd/bgp_rpki.h @@ -0,0 +1,33 @@ +/* + * bgp_rpki code + * Copyright (C) 2021 NVIDIA Corporation and Mellanox Technologies, LTD + * All Rights Reserved + * Donald Sharp + * + * This file is part of FRR. + * + * FRR is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2, or (at your option) any + * later version. + * + * FRR is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; see the file COPYING; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + */ +#ifndef __BGP_RPKI_H__ +#define __BGP_RPKI_H__ + +enum rpki_states { + RPKI_NOT_BEING_USED, + RPKI_VALID, + RPKI_NOTFOUND, + RPKI_INVALID +}; + +#endif diff --git a/bgpd/subdir.am b/bgpd/subdir.am index 3991f7d1ed..0ca43fd308 100644 --- a/bgpd/subdir.am +++ b/bgpd/subdir.am @@ -176,6 +176,7 @@ noinst_HEADERS += \ bgpd/bgp_pbr.h \ bgpd/bgp_rd.h \ bgpd/bgp_regex.h \ + bgpd/bgp_rpki.h \ bgpd/bgp_route.h \ bgpd/bgp_script.h \ bgpd/bgp_table.h \ From 1d327209bec8ade356f0e2368052247d3e606f29 Mon Sep 17 00:00:00 2001 From: Donald Sharp Date: Mon, 8 Mar 2021 15:57:18 -0500 Subject: [PATCH 2/7] bgpd: Convert string output to rpki validation-state: When displaying data about the rpki state, use the string `rpki validation-state` instead of `validation-state:` to avoid confusion with `(valid)` Signed-off-by: Donald Sharp --- bgpd/bgp_route.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bgpd/bgp_route.c b/bgpd/bgp_route.c index b19af69067..793a231417 100644 --- a/bgpd/bgp_route.c +++ b/bgpd/bgp_route.c @@ -10203,7 +10203,7 @@ void route_vty_out_detail(struct vty *vty, struct bgp *bgp, json_path, "rpkiValidationState", bgp_rpki_validation2str(rpki_validation_state)); else - vty_out(vty, ", validation-state: %s", + vty_out(vty, ", rpki validation-state: %s", bgp_rpki_validation2str(rpki_validation_state)); } From 4933eaafab9bcd99314e3e73caf24fd64592a3e6 Mon Sep 17 00:00:00 2001 From: Donald Sharp Date: Mon, 8 Mar 2021 16:16:43 -0500 Subject: [PATCH 3/7] bgpd: Figure out rpki validation state earlier Figure out the rpki validation state earlier and also check to see if we care about this state or not. Signed-off-by: Donald Sharp --- bgpd/bgp_evpn_vty.c | 21 +++++++++++++-------- bgpd/bgp_route.c | 42 +++++++++++++++++++++++------------------- bgpd/bgp_route.h | 4 +++- 3 files changed, 39 insertions(+), 28 deletions(-) diff --git a/bgpd/bgp_evpn_vty.c b/bgpd/bgp_evpn_vty.c index 0ae3eb33e1..5a0258f3bf 100644 --- a/bgpd/bgp_evpn_vty.c +++ b/bgpd/bgp_evpn_vty.c @@ -741,9 +741,9 @@ static void bgp_evpn_show_routes_mac_ip_es(struct vty *vty, esi_t *esi, json_path = json_object_new_array(); if (detail) - route_vty_out_detail(vty, bgp, rn, pi, - AFI_L2VPN, SAFI_EVPN, - json_path); + route_vty_out_detail( + vty, bgp, rn, pi, AFI_L2VPN, SAFI_EVPN, + RPKI_NOT_BEING_USED, json_path); else route_vty_out(vty, &rn->p, pi, 0, SAFI_EVPN, json_path, false); @@ -842,6 +842,7 @@ static void show_vni_routes(struct bgp *bgp, struct bgpevpn *vpn, int type, if (detail) route_vty_out_detail(vty, bgp, dest, pi, AFI_L2VPN, SAFI_EVPN, + RPKI_NOT_BEING_USED, json_path); else route_vty_out(vty, p, pi, 0, SAFI_EVPN, @@ -2386,7 +2387,8 @@ static void evpn_show_route_vni_multicast(struct vty *vty, struct bgp *bgp, if (json) json_path = json_object_new_array(); - route_vty_out_detail(vty, bgp, dest, pi, afi, safi, json_path); + route_vty_out_detail(vty, bgp, dest, pi, afi, safi, + RPKI_NOT_BEING_USED, json_path); if (json) json_object_array_add(json_paths, json_path); @@ -2455,7 +2457,8 @@ static void evpn_show_route_vni_macip(struct vty *vty, struct bgp *bgp, if (json) json_path = json_object_new_array(); - route_vty_out_detail(vty, bgp, dest, pi, afi, safi, json_path); + route_vty_out_detail(vty, bgp, dest, pi, afi, safi, + RPKI_NOT_BEING_USED, json_path); if (json) json_object_array_add(json_paths, json_path); @@ -2560,7 +2563,8 @@ static void evpn_show_route_rd_macip(struct vty *vty, struct bgp *bgp, if (json) json_path = json_object_new_array(); - route_vty_out_detail(vty, bgp, dest, pi, afi, safi, json_path); + route_vty_out_detail(vty, bgp, dest, pi, afi, safi, + RPKI_NOT_BEING_USED, json_path); if (json) json_object_array_add(json_paths, json_path); @@ -2670,7 +2674,7 @@ static void evpn_show_route_rd(struct vty *vty, struct bgp *bgp, json_path = json_object_new_array(); route_vty_out_detail(vty, bgp, dest, pi, afi, safi, - json_path); + RPKI_NOT_BEING_USED, json_path); if (json) json_object_array_add(json_paths, json_path); @@ -2839,7 +2843,8 @@ static void evpn_show_all_routes(struct vty *vty, struct bgp *bgp, int type, if (detail) { route_vty_out_detail( vty, bgp, dest, pi, AFI_L2VPN, - SAFI_EVPN, json_path); + SAFI_EVPN, RPKI_NOT_BEING_USED, + json_path); } else route_vty_out(vty, p, pi, 0, SAFI_EVPN, json_path, false); diff --git a/bgpd/bgp_route.c b/bgpd/bgp_route.c index 793a231417..cf7a4d6296 100644 --- a/bgpd/bgp_route.c +++ b/bgpd/bgp_route.c @@ -9552,9 +9552,9 @@ static void route_vty_out_detail_es_info(struct vty *vty, } } -void route_vty_out_detail(struct vty *vty, struct bgp *bgp, - struct bgp_dest *bn, struct bgp_path_info *path, - afi_t afi, safi_t safi, json_object *json_paths) +void route_vty_out_detail(struct vty *vty, struct bgp *bgp, struct bgp_dest *bn, + struct bgp_path_info *path, afi_t afi, safi_t safi, + enum rpki_states curr_state, json_object *json_paths) { char buf[INET6_ADDRSTRLEN]; char buf1[BUFSIZ]; @@ -9585,7 +9585,6 @@ void route_vty_out_detail(struct vty *vty, struct bgp *bgp, int i; char *nexthop_hostname = bgp_nexthop_hostname(path->peer, path->nexthop); - enum rpki_states rpki_validation_state = RPKI_NOT_BEING_USED; if (json_paths) { json_path = json_object_new_object(); @@ -10192,19 +10191,14 @@ void route_vty_out_detail(struct vty *vty, struct bgp *bgp, } } - const struct prefix *p = bgp_dest_get_prefix(bn); - - if (p->family == AF_INET || p->family == AF_INET6) - rpki_validation_state = hook_call(bgp_rpki_prefix_status, - path->peer, path->attr, p); - if (rpki_validation_state != RPKI_NOT_BEING_USED) { + if (curr_state != RPKI_NOT_BEING_USED) { if (json_paths) json_object_string_add( json_path, "rpkiValidationState", - bgp_rpki_validation2str(rpki_validation_state)); + bgp_rpki_validation2str(curr_state)); else vty_out(vty, ", rpki validation-state: %s", - bgp_rpki_validation2str(rpki_validation_state)); + bgp_rpki_validation2str(curr_state)); } if (json_bestpath) @@ -11201,15 +11195,25 @@ static void bgp_show_path_info(struct prefix_rd *pfx_rd, struct bgp_dest *bgp_node, struct vty *vty, struct bgp *bgp, afi_t afi, safi_t safi, json_object *json, enum bgp_path_type pathtype, - int *display) + int *display, enum rpki_states target_state) { struct bgp_path_info *pi; int header = 1; char rdbuf[RD_ADDRSTRLEN]; json_object *json_header = NULL; json_object *json_paths = NULL; + const struct prefix *p = bgp_dest_get_prefix(bgp_node); for (pi = bgp_dest_get_bgp_path_info(bgp_node); pi; pi = pi->next) { + enum rpki_states curr_state = RPKI_NOT_BEING_USED; + + if (p->family == AF_INET || p->family == AF_INET6) + curr_state = hook_call(bgp_rpki_prefix_status, pi->peer, + pi->attr, p); + + if (target_state != RPKI_NOT_BEING_USED + && curr_state != target_state) + continue; if (json && !json_paths) { /* Instantiate json_paths only if path is valid */ @@ -11235,9 +11239,8 @@ static void bgp_show_path_info(struct prefix_rd *pfx_rd, || (pathtype == BGP_PATH_SHOW_MULTIPATH && (CHECK_FLAG(pi->flags, BGP_PATH_MULTIPATH) || CHECK_FLAG(pi->flags, BGP_PATH_SELECTED)))) - route_vty_out_detail(vty, bgp, bgp_node, - pi, AFI_IP, safi, - json_paths); + route_vty_out_detail(vty, bgp, bgp_node, pi, AFI_IP, + safi, curr_state, json_paths); } if (json && json_paths) { @@ -11299,7 +11302,7 @@ static int bgp_show_route_in_table(struct vty *vty, struct bgp *bgp, bgp_show_path_info((struct prefix_rd *)dest_p, rm, vty, bgp, afi, safi, json, pathtype, - &display); + &display, RPKI_NOT_BEING_USED); bgp_dest_unlock_node(rm); } @@ -11358,7 +11361,7 @@ static int bgp_show_route_in_table(struct vty *vty, struct bgp *bgp, bgp_show_path_info((struct prefix_rd *)dest_p, rm, vty, bgp, afi, safi, json, pathtype, - &display); + &display, RPKI_NOT_BEING_USED); bgp_dest_unlock_node(rm); } @@ -11385,7 +11388,8 @@ static int bgp_show_route_in_table(struct vty *vty, struct bgp *bgp, || dest_p->prefixlen == match.prefixlen) { bgp_show_path_info(NULL, dest, vty, bgp, afi, safi, json, pathtype, - &display); + &display, + RPKI_NOT_BEING_USED); } bgp_dest_unlock_node(dest); diff --git a/bgpd/bgp_route.h b/bgpd/bgp_route.h index b6aa53070b..f6294a4527 100644 --- a/bgpd/bgp_route.h +++ b/bgpd/bgp_route.h @@ -28,6 +28,7 @@ #include "nexthop.h" #include "bgp_table.h" #include "bgp_addpath_types.h" +#include "bgp_rpki.h" struct bgp_nexthop_cache; struct bgp_route_evpn; @@ -763,7 +764,8 @@ extern void route_vty_out_detail_header(struct vty *vty, struct bgp *bgp, extern void route_vty_out_detail(struct vty *vty, struct bgp *bgp, struct bgp_dest *bn, struct bgp_path_info *path, afi_t afi, - safi_t safi, json_object *json_paths); + safi_t safi, enum rpki_states, + json_object *json_paths); extern int bgp_show_table_rd(struct vty *vty, struct bgp *bgp, safi_t safi, struct bgp_table *table, struct prefix_rd *prd, enum bgp_show_type type, void *output_arg, From 8aa22bbb72407465a710ce813081e4732021a40c Mon Sep 17 00:00:00 2001 From: Donald Sharp Date: Mon, 8 Mar 2021 17:01:57 -0500 Subject: [PATCH 4/7] bgpd: Add `show bgp A.B.C.D [rpki ]` Add the ability for the end operator to query the state of valid or invalid or no information rpki prefix information. Signed-off-by: Donald Sharp --- bgpd/bgp_route.c | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/bgpd/bgp_route.c b/bgpd/bgp_route.c index cf7a4d6296..e340c608eb 100644 --- a/bgpd/bgp_route.c +++ b/bgpd/bgp_route.c @@ -11255,6 +11255,7 @@ static void bgp_show_path_info(struct prefix_rd *pfx_rd, static int bgp_show_route_in_table(struct vty *vty, struct bgp *bgp, struct bgp_table *rib, const char *ip_str, afi_t afi, safi_t safi, + enum rpki_states target_state, struct prefix_rd *prd, int prefix_check, enum bgp_path_type pathtype, bool use_json) { @@ -11302,7 +11303,7 @@ static int bgp_show_route_in_table(struct vty *vty, struct bgp *bgp, bgp_show_path_info((struct prefix_rd *)dest_p, rm, vty, bgp, afi, safi, json, pathtype, - &display, RPKI_NOT_BEING_USED); + &display, target_state); bgp_dest_unlock_node(rm); } @@ -11361,7 +11362,7 @@ static int bgp_show_route_in_table(struct vty *vty, struct bgp *bgp, bgp_show_path_info((struct prefix_rd *)dest_p, rm, vty, bgp, afi, safi, json, pathtype, - &display, RPKI_NOT_BEING_USED); + &display, target_state); bgp_dest_unlock_node(rm); } @@ -11388,8 +11389,7 @@ static int bgp_show_route_in_table(struct vty *vty, struct bgp *bgp, || dest_p->prefixlen == match.prefixlen) { bgp_show_path_info(NULL, dest, vty, bgp, afi, safi, json, pathtype, - &display, - RPKI_NOT_BEING_USED); + &display, target_state); } bgp_dest_unlock_node(dest); @@ -11415,7 +11415,7 @@ static int bgp_show_route_in_table(struct vty *vty, struct bgp *bgp, static int bgp_show_route(struct vty *vty, struct bgp *bgp, const char *ip_str, afi_t afi, safi_t safi, struct prefix_rd *prd, int prefix_check, enum bgp_path_type pathtype, - bool use_json) + enum rpki_states target_state, bool use_json) { if (!bgp) { bgp = bgp_get_default(); @@ -11433,8 +11433,8 @@ static int bgp_show_route(struct vty *vty, struct bgp *bgp, const char *ip_str, safi = SAFI_UNICAST; return bgp_show_route_in_table(vty, bgp, bgp->rib[afi][safi], ip_str, - afi, safi, prd, prefix_check, pathtype, - use_json); + afi, safi, target_state, prd, + prefix_check, pathtype, use_json); } static int bgp_show_lcommunity(struct vty *vty, struct bgp *bgp, int argc, @@ -12023,7 +12023,7 @@ DEFPY (show_ip_bgp_json, DEFUN (show_ip_bgp_route, show_ip_bgp_route_cmd, - "show [ip] bgp [ VIEWVRFNAME] ["BGP_AFI_CMD_STR" ["BGP_SAFI_WITH_LABEL_CMD_STR"]] [] [json]", + "show [ip] bgp [ VIEWVRFNAME] ["BGP_AFI_CMD_STR" ["BGP_SAFI_WITH_LABEL_CMD_STR"]] [] [rpki ] [json]", SHOW_STR IP_STR BGP_STR @@ -12036,6 +12036,10 @@ DEFUN (show_ip_bgp_route, "IPv6 prefix\n" "Display only the bestpath\n" "Display only multipaths\n" + "Display only paths that match the specified rpki state\n" + "A valid path as determined by rpki\n" + "A invalid path as determined by rpki\n" + "A path that has no rpki data\n" JSON_STR) { int prefix_check = 0; @@ -12092,7 +12096,7 @@ DEFUN (show_ip_bgp_route, path_type = BGP_PATH_SHOW_ALL; return bgp_show_route(vty, bgp, prefix, afi, safi, NULL, prefix_check, - path_type, uj); + path_type, RPKI_NOT_BEING_USED, uj); } DEFUN (show_ip_bgp_regexp, @@ -13021,7 +13025,7 @@ DEFUN (show_bgp_l2vpn_evpn_route_prefix, } return bgp_show_route(vty, NULL, network, AFI_L2VPN, SAFI_EVPN, NULL, prefix_check, BGP_PATH_SHOW_ALL, - use_json(argc, argv)); + RPKI_NOT_BEING_USED, use_json(argc, argv)); } static void show_adj_route_header(struct vty *vty, struct bgp *bgp, @@ -13870,7 +13874,8 @@ DEFUN (show_bgp_afi_vpn_rd_route, } return bgp_show_route(vty, NULL, argv[6]->arg, afi, SAFI_MPLS_VPN, &prd, - 0, BGP_PATH_SHOW_ALL, use_json(argc, argv)); + 0, BGP_PATH_SHOW_ALL, RPKI_NOT_BEING_USED, + use_json(argc, argv)); } static struct bgp_distance *bgp_distance_new(void) From 1e2ce4f12fcc69c5333c27d26cad78646c5cae1b Mon Sep 17 00:00:00 2001 From: Donald Sharp Date: Wed, 17 Mar 2021 16:19:02 -0400 Subject: [PATCH 5/7] bgpd: Add rpki filter to some more show commands Add a `show bgp ipv4 uni rpki ...` command. Signed-off-by: Donald Sharp --- bgpd/bgp_route.c | 83 ++++++++++++++++++++++++++++++++++-------------- bgpd/bgp_route.h | 1 + 2 files changed, 61 insertions(+), 23 deletions(-) diff --git a/bgpd/bgp_route.c b/bgpd/bgp_route.c index e340c608eb..f77fa82acf 100644 --- a/bgpd/bgp_route.c +++ b/bgpd/bgp_route.c @@ -10518,7 +10518,8 @@ static int bgp_show_table(struct vty *vty, struct bgp *bgp, safi_t safi, struct bgp_table *table, enum bgp_show_type type, void *output_arg, char *rd, int is_last, unsigned long *output_cum, unsigned long *total_cum, - unsigned long *json_header_depth, uint8_t show_flags) + unsigned long *json_header_depth, uint8_t show_flags, + enum rpki_states target_state) { struct bgp_path_info *pi; struct bgp_dest *dest; @@ -10567,6 +10568,7 @@ static int bgp_show_table(struct vty *vty, struct bgp *bgp, safi_t safi, /* Start processing of routes. */ for (dest = bgp_table_top(table); dest; dest = bgp_route_next(dest)) { const struct prefix *dest_p = bgp_dest_get_prefix(dest); + enum rpki_states curr_state = RPKI_NOT_BEING_USED; pi = bgp_dest_get_bgp_path_info(dest); if (pi == NULL) @@ -10580,6 +10582,18 @@ static int bgp_show_table(struct vty *vty, struct bgp *bgp, safi_t safi, for (; pi; pi = pi->next) { total_count++; + + if (type == bgp_show_type_rpki) { + if (dest_p->family == AF_INET + || dest_p->family == AF_INET6) + curr_state = hook_call( + bgp_rpki_prefix_status, + pi->peer, pi->attr, dest_p); + if (target_state != RPKI_NOT_BEING_USED + && curr_state != target_state) + continue; + } + if (type == bgp_show_type_flap_statistics || type == bgp_show_type_flap_neighbor || type == bgp_show_type_dampend_paths @@ -10889,7 +10903,7 @@ int bgp_show_table_rd(struct vty *vty, struct bgp *bgp, safi_t safi, bgp_show_table(vty, bgp, safi, itable, type, output_arg, rd, next == NULL, &output_cum, &total_cum, &json_header_depth, - show_flags); + show_flags, RPKI_NOT_BEING_USED); if (next == NULL) show_msg = false; } @@ -10907,7 +10921,7 @@ int bgp_show_table_rd(struct vty *vty, struct bgp *bgp, safi_t safi, } static int bgp_show(struct vty *vty, struct bgp *bgp, afi_t afi, safi_t safi, enum bgp_show_type type, void *output_arg, - uint8_t show_flags) + uint8_t show_flags, enum rpki_states target_state) { struct bgp_table *table; unsigned long json_header_depth = 0; @@ -10942,7 +10956,8 @@ static int bgp_show(struct vty *vty, struct bgp *bgp, afi_t afi, safi_t safi, safi = SAFI_UNICAST; return bgp_show_table(vty, bgp, safi, table, type, output_arg, NULL, 1, - NULL, NULL, &json_header_depth, show_flags); + NULL, NULL, &json_header_depth, show_flags, + target_state); } static void bgp_show_all_instances_routes_vty(struct vty *vty, afi_t afi, @@ -10976,7 +10991,7 @@ static void bgp_show_all_instances_routes_vty(struct vty *vty, afi_t afi, : bgp->name); } bgp_show(vty, bgp, afi, safi, bgp_show_type_normal, NULL, - show_flags); + show_flags, RPKI_NOT_BEING_USED); } if (use_json) @@ -11476,9 +11491,9 @@ static int bgp_show_lcommunity(struct vty *vty, struct bgp *bgp, int argc, } ret = bgp_show(vty, bgp, afi, safi, - (exact ? bgp_show_type_lcommunity_exact - : bgp_show_type_lcommunity), - lcom, show_flags); + (exact ? bgp_show_type_lcommunity_exact + : bgp_show_type_lcommunity), + lcom, show_flags, RPKI_NOT_BEING_USED); lcommunity_free(&lcom); return ret; @@ -11506,7 +11521,7 @@ static int bgp_show_lcommunity_list(struct vty *vty, struct bgp *bgp, return bgp_show(vty, bgp, afi, safi, (exact ? bgp_show_type_lcommunity_list_exact : bgp_show_type_lcommunity_list), - list, show_flags); + list, show_flags, RPKI_NOT_BEING_USED); } DEFUN (show_ip_bgp_large_community_list, @@ -11588,7 +11603,8 @@ DEFUN (show_ip_bgp_large_community, exact_match, afi, safi, uj); } else return bgp_show(vty, bgp, afi, safi, - bgp_show_type_lcommunity_all, NULL, show_flags); + bgp_show_type_lcommunity_all, NULL, show_flags, + RPKI_NOT_BEING_USED); } static int bgp_table_stats_single(struct vty *vty, struct bgp *bgp, afi_t afi, @@ -11836,6 +11852,7 @@ DEFPY (show_ip_bgp_json, |accept-own|accept-own-nexthop|route-filter-v6\ |route-filter-v4|route-filter-translated-v6\ |route-filter-translated-v4] [exact-match]\ + |rpki \ ] [json$uj | wide$wide]", SHOW_STR IP_STR @@ -11865,6 +11882,10 @@ DEFPY (show_ip_bgp_json, "RT translated VPNv6 route filtering (well-known community)\n" "RT translated VPNv4 route filtering (well-known community)\n" "Exact match of the communities\n" + "RPKI route types\n" + "A valid path as determined by rpki\n" + "A invalid path as determined by rpki\n" + "A path that has no rpki data\n" JSON_STR "Increase table width for longer prefixes\n") { @@ -11877,7 +11898,7 @@ DEFPY (show_ip_bgp_json, char *community = NULL; bool first = true; uint8_t show_flags = 0; - + enum rpki_states target_state = RPKI_NOT_BEING_USED; if (uj) { argc--; @@ -11934,6 +11955,14 @@ DEFPY (show_ip_bgp_json, sh_type = bgp_show_type_community_all; } + if (argv_find(argv, argc, "rpki", &idx)) { + sh_type = bgp_show_type_rpki; + if (argv_find(argv, argc, "valid", &idx)) + target_state = RPKI_VALID; + else if (argv_find(argv, argc, "invalid", &idx)) + target_state = RPKI_INVALID; + } + if (!all) { /* show bgp: AFI_IP6, show ip bgp: AFI_IP */ if (community) @@ -11942,7 +11971,7 @@ DEFPY (show_ip_bgp_json, show_flags); else return bgp_show(vty, bgp, afi, safi, sh_type, NULL, - show_flags); + show_flags, target_state); } else { /* show bgp ipv4 all: AFI_IP, show bgp ipv6 all: * AFI_IP6 */ @@ -11979,7 +12008,8 @@ DEFPY (show_ip_bgp_json, safi, show_flags); else bgp_show(vty, bgp, afi, safi, sh_type, - NULL, show_flags); + NULL, show_flags, + target_state); if (uj) vty_out(vty, "}\n"); } @@ -12010,7 +12040,8 @@ DEFPY (show_ip_bgp_json, safi, show_flags); else bgp_show(vty, bgp, afi, safi, sh_type, - NULL, show_flags); + NULL, show_flags, + target_state); if (uj) vty_out(vty, "}\n"); } @@ -12191,7 +12222,8 @@ static int bgp_show_regexp(struct vty *vty, struct bgp *bgp, const char *regstr, return CMD_WARNING; } - rc = bgp_show(vty, bgp, afi, safi, type, regex, show_flags); + rc = bgp_show(vty, bgp, afi, safi, type, regex, show_flags, + RPKI_NOT_BEING_USED); bgp_regex_free(regex); return rc; } @@ -12210,7 +12242,8 @@ static int bgp_show_prefix_list(struct vty *vty, struct bgp *bgp, return CMD_WARNING; } - return bgp_show(vty, bgp, afi, safi, type, plist, show_flags); + return bgp_show(vty, bgp, afi, safi, type, plist, show_flags, + RPKI_NOT_BEING_USED); } static int bgp_show_filter_list(struct vty *vty, struct bgp *bgp, @@ -12227,7 +12260,8 @@ static int bgp_show_filter_list(struct vty *vty, struct bgp *bgp, return CMD_WARNING; } - return bgp_show(vty, bgp, afi, safi, type, as_list, show_flags); + return bgp_show(vty, bgp, afi, safi, type, as_list, show_flags, + RPKI_NOT_BEING_USED); } static int bgp_show_route_map(struct vty *vty, struct bgp *bgp, @@ -12243,7 +12277,8 @@ static int bgp_show_route_map(struct vty *vty, struct bgp *bgp, return CMD_WARNING; } - return bgp_show(vty, bgp, afi, safi, type, rmap, show_flags); + return bgp_show(vty, bgp, afi, safi, type, rmap, show_flags, + RPKI_NOT_BEING_USED); } static int bgp_show_community(struct vty *vty, struct bgp *bgp, @@ -12262,7 +12297,7 @@ static int bgp_show_community(struct vty *vty, struct bgp *bgp, ret = bgp_show(vty, bgp, afi, safi, (exact ? bgp_show_type_community_exact : bgp_show_type_community), - com, show_flags); + com, show_flags, RPKI_NOT_BEING_USED); community_free(&com); return ret; @@ -12284,7 +12319,7 @@ static int bgp_show_community_list(struct vty *vty, struct bgp *bgp, return bgp_show(vty, bgp, afi, safi, (exact ? bgp_show_type_community_list_exact : bgp_show_type_community_list), - list, show_flags); + list, show_flags, RPKI_NOT_BEING_USED); } static int bgp_show_prefix_longer(struct vty *vty, struct bgp *bgp, @@ -12303,7 +12338,8 @@ static int bgp_show_prefix_longer(struct vty *vty, struct bgp *bgp, return CMD_WARNING; } - ret = bgp_show(vty, bgp, afi, safi, type, p, show_flags); + ret = bgp_show(vty, bgp, afi, safi, type, p, show_flags, + RPKI_NOT_BEING_USED); prefix_free(&p); return ret; } @@ -13745,7 +13781,8 @@ static int bgp_show_neighbor_route(struct vty *vty, struct peer *peer, if (safi == SAFI_LABELED_UNICAST) safi = SAFI_UNICAST; - return bgp_show(vty, peer->bgp, afi, safi, type, &peer->su, show_flags); + return bgp_show(vty, peer->bgp, afi, safi, type, &peer->su, show_flags, + RPKI_NOT_BEING_USED); } DEFUN (show_ip_bgp_flowspec_routes_detailed, @@ -13778,7 +13815,7 @@ DEFUN (show_ip_bgp_flowspec_routes_detailed, return CMD_WARNING; return bgp_show(vty, bgp, afi, safi, bgp_show_type_detail, NULL, - show_flags); + show_flags, RPKI_NOT_BEING_USED); } DEFUN (show_ip_bgp_neighbor_routes, diff --git a/bgpd/bgp_route.h b/bgpd/bgp_route.h index f6294a4527..0a4fd026e4 100644 --- a/bgpd/bgp_route.h +++ b/bgpd/bgp_route.h @@ -57,6 +57,7 @@ enum bgp_show_type { bgp_show_type_dampend_paths, bgp_show_type_damp_neighbor, bgp_show_type_detail, + bgp_show_type_rpki, }; enum bgp_show_adj_route_type { From 08f782417a3a1e5af1d2eede5ee7501fbf979ee1 Mon Sep 17 00:00:00 2001 From: Donald Sharp Date: Wed, 17 Mar 2021 16:26:49 -0400 Subject: [PATCH 6/7] doc: Add doc for new rpki commands `show bgp [afi] [safi] A.B.C.D rpki ` `show bgp [afi] [safi] rpki ` commands need to be documented Signed-off-by: Donald Sharp --- doc/user/rpki.rst | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/doc/user/rpki.rst b/doc/user/rpki.rst index 01705f607c..d496d437d3 100644 --- a/doc/user/rpki.rst +++ b/doc/user/rpki.rst @@ -206,6 +206,14 @@ Displaying RPKI Display all configured cache servers, whether active or not. +.. clicmd:: show bgp [afi] [safi] rpki + + Display for the specified prefix or address the bgp paths that match the given rpki state. + +.. clicmd:: show bgp [afi] [safi] rpki + + Display all prefixes that match the given rpki state. + RPKI Configuration Example -------------------------- From 4027d19b0814c5b576fb35ca73158e215b2149b8 Mon Sep 17 00:00:00 2001 From: Donald Sharp Date: Thu, 25 Mar 2021 09:28:30 -0400 Subject: [PATCH 7/7] bgpd: Use rpki_curr_state instead of curr_state During Review it was suggested that appending rpki_ to curr_state and target_state would be better variable names. Instead of going and fixing 3 or so commits up. Just do this one. Signed-off-by: Donald Sharp --- bgpd/bgp_route.c | 61 ++++++++++++++++++++++++------------------------ 1 file changed, 31 insertions(+), 30 deletions(-) diff --git a/bgpd/bgp_route.c b/bgpd/bgp_route.c index f77fa82acf..a6bfb519d8 100644 --- a/bgpd/bgp_route.c +++ b/bgpd/bgp_route.c @@ -9554,7 +9554,8 @@ static void route_vty_out_detail_es_info(struct vty *vty, void route_vty_out_detail(struct vty *vty, struct bgp *bgp, struct bgp_dest *bn, struct bgp_path_info *path, afi_t afi, safi_t safi, - enum rpki_states curr_state, json_object *json_paths) + enum rpki_states rpki_curr_state, + json_object *json_paths) { char buf[INET6_ADDRSTRLEN]; char buf1[BUFSIZ]; @@ -10191,14 +10192,14 @@ void route_vty_out_detail(struct vty *vty, struct bgp *bgp, struct bgp_dest *bn, } } - if (curr_state != RPKI_NOT_BEING_USED) { + if (rpki_curr_state != RPKI_NOT_BEING_USED) { if (json_paths) json_object_string_add( json_path, "rpkiValidationState", - bgp_rpki_validation2str(curr_state)); + bgp_rpki_validation2str(rpki_curr_state)); else vty_out(vty, ", rpki validation-state: %s", - bgp_rpki_validation2str(curr_state)); + bgp_rpki_validation2str(rpki_curr_state)); } if (json_bestpath) @@ -10519,7 +10520,7 @@ static int bgp_show_table(struct vty *vty, struct bgp *bgp, safi_t safi, void *output_arg, char *rd, int is_last, unsigned long *output_cum, unsigned long *total_cum, unsigned long *json_header_depth, uint8_t show_flags, - enum rpki_states target_state) + enum rpki_states rpki_target_state) { struct bgp_path_info *pi; struct bgp_dest *dest; @@ -10568,7 +10569,7 @@ static int bgp_show_table(struct vty *vty, struct bgp *bgp, safi_t safi, /* Start processing of routes. */ for (dest = bgp_table_top(table); dest; dest = bgp_route_next(dest)) { const struct prefix *dest_p = bgp_dest_get_prefix(dest); - enum rpki_states curr_state = RPKI_NOT_BEING_USED; + enum rpki_states rpki_curr_state = RPKI_NOT_BEING_USED; pi = bgp_dest_get_bgp_path_info(dest); if (pi == NULL) @@ -10586,11 +10587,11 @@ static int bgp_show_table(struct vty *vty, struct bgp *bgp, safi_t safi, if (type == bgp_show_type_rpki) { if (dest_p->family == AF_INET || dest_p->family == AF_INET6) - curr_state = hook_call( + rpki_curr_state = hook_call( bgp_rpki_prefix_status, pi->peer, pi->attr, dest_p); - if (target_state != RPKI_NOT_BEING_USED - && curr_state != target_state) + if (rpki_target_state != RPKI_NOT_BEING_USED + && rpki_curr_state != rpki_target_state) continue; } @@ -10921,7 +10922,7 @@ int bgp_show_table_rd(struct vty *vty, struct bgp *bgp, safi_t safi, } static int bgp_show(struct vty *vty, struct bgp *bgp, afi_t afi, safi_t safi, enum bgp_show_type type, void *output_arg, - uint8_t show_flags, enum rpki_states target_state) + uint8_t show_flags, enum rpki_states rpki_target_state) { struct bgp_table *table; unsigned long json_header_depth = 0; @@ -10957,7 +10958,7 @@ static int bgp_show(struct vty *vty, struct bgp *bgp, afi_t afi, safi_t safi, return bgp_show_table(vty, bgp, safi, table, type, output_arg, NULL, 1, NULL, NULL, &json_header_depth, show_flags, - target_state); + rpki_target_state); } static void bgp_show_all_instances_routes_vty(struct vty *vty, afi_t afi, @@ -11210,7 +11211,7 @@ static void bgp_show_path_info(struct prefix_rd *pfx_rd, struct bgp_dest *bgp_node, struct vty *vty, struct bgp *bgp, afi_t afi, safi_t safi, json_object *json, enum bgp_path_type pathtype, - int *display, enum rpki_states target_state) + int *display, enum rpki_states rpki_target_state) { struct bgp_path_info *pi; int header = 1; @@ -11220,14 +11221,14 @@ static void bgp_show_path_info(struct prefix_rd *pfx_rd, const struct prefix *p = bgp_dest_get_prefix(bgp_node); for (pi = bgp_dest_get_bgp_path_info(bgp_node); pi; pi = pi->next) { - enum rpki_states curr_state = RPKI_NOT_BEING_USED; + enum rpki_states rpki_curr_state = RPKI_NOT_BEING_USED; if (p->family == AF_INET || p->family == AF_INET6) - curr_state = hook_call(bgp_rpki_prefix_status, pi->peer, - pi->attr, p); + rpki_curr_state = hook_call(bgp_rpki_prefix_status, + pi->peer, pi->attr, p); - if (target_state != RPKI_NOT_BEING_USED - && curr_state != target_state) + if (rpki_target_state != RPKI_NOT_BEING_USED + && rpki_curr_state != rpki_target_state) continue; if (json && !json_paths) { @@ -11255,7 +11256,7 @@ static void bgp_show_path_info(struct prefix_rd *pfx_rd, && (CHECK_FLAG(pi->flags, BGP_PATH_MULTIPATH) || CHECK_FLAG(pi->flags, BGP_PATH_SELECTED)))) route_vty_out_detail(vty, bgp, bgp_node, pi, AFI_IP, - safi, curr_state, json_paths); + safi, rpki_curr_state, json_paths); } if (json && json_paths) { @@ -11270,7 +11271,7 @@ static void bgp_show_path_info(struct prefix_rd *pfx_rd, static int bgp_show_route_in_table(struct vty *vty, struct bgp *bgp, struct bgp_table *rib, const char *ip_str, afi_t afi, safi_t safi, - enum rpki_states target_state, + enum rpki_states rpki_target_state, struct prefix_rd *prd, int prefix_check, enum bgp_path_type pathtype, bool use_json) { @@ -11318,7 +11319,7 @@ static int bgp_show_route_in_table(struct vty *vty, struct bgp *bgp, bgp_show_path_info((struct prefix_rd *)dest_p, rm, vty, bgp, afi, safi, json, pathtype, - &display, target_state); + &display, rpki_target_state); bgp_dest_unlock_node(rm); } @@ -11377,7 +11378,7 @@ static int bgp_show_route_in_table(struct vty *vty, struct bgp *bgp, bgp_show_path_info((struct prefix_rd *)dest_p, rm, vty, bgp, afi, safi, json, pathtype, - &display, target_state); + &display, rpki_target_state); bgp_dest_unlock_node(rm); } @@ -11404,7 +11405,7 @@ static int bgp_show_route_in_table(struct vty *vty, struct bgp *bgp, || dest_p->prefixlen == match.prefixlen) { bgp_show_path_info(NULL, dest, vty, bgp, afi, safi, json, pathtype, - &display, target_state); + &display, rpki_target_state); } bgp_dest_unlock_node(dest); @@ -11430,7 +11431,7 @@ static int bgp_show_route_in_table(struct vty *vty, struct bgp *bgp, static int bgp_show_route(struct vty *vty, struct bgp *bgp, const char *ip_str, afi_t afi, safi_t safi, struct prefix_rd *prd, int prefix_check, enum bgp_path_type pathtype, - enum rpki_states target_state, bool use_json) + enum rpki_states rpki_target_state, bool use_json) { if (!bgp) { bgp = bgp_get_default(); @@ -11448,7 +11449,7 @@ static int bgp_show_route(struct vty *vty, struct bgp *bgp, const char *ip_str, safi = SAFI_UNICAST; return bgp_show_route_in_table(vty, bgp, bgp->rib[afi][safi], ip_str, - afi, safi, target_state, prd, + afi, safi, rpki_target_state, prd, prefix_check, pathtype, use_json); } @@ -11898,7 +11899,7 @@ DEFPY (show_ip_bgp_json, char *community = NULL; bool first = true; uint8_t show_flags = 0; - enum rpki_states target_state = RPKI_NOT_BEING_USED; + enum rpki_states rpki_target_state = RPKI_NOT_BEING_USED; if (uj) { argc--; @@ -11958,9 +11959,9 @@ DEFPY (show_ip_bgp_json, if (argv_find(argv, argc, "rpki", &idx)) { sh_type = bgp_show_type_rpki; if (argv_find(argv, argc, "valid", &idx)) - target_state = RPKI_VALID; + rpki_target_state = RPKI_VALID; else if (argv_find(argv, argc, "invalid", &idx)) - target_state = RPKI_INVALID; + rpki_target_state = RPKI_INVALID; } if (!all) { @@ -11971,7 +11972,7 @@ DEFPY (show_ip_bgp_json, show_flags); else return bgp_show(vty, bgp, afi, safi, sh_type, NULL, - show_flags, target_state); + show_flags, rpki_target_state); } else { /* show bgp ipv4 all: AFI_IP, show bgp ipv6 all: * AFI_IP6 */ @@ -12009,7 +12010,7 @@ DEFPY (show_ip_bgp_json, else bgp_show(vty, bgp, afi, safi, sh_type, NULL, show_flags, - target_state); + rpki_target_state); if (uj) vty_out(vty, "}\n"); } @@ -12041,7 +12042,7 @@ DEFPY (show_ip_bgp_json, else bgp_show(vty, bgp, afi, safi, sh_type, NULL, show_flags, - target_state); + rpki_target_state); if (uj) vty_out(vty, "}\n"); }